Changeset 411 for branches/samba-3.3.x/docs/manpages/ntlm_auth.1

Timestamp:

Mar 1, 2010, 3:05:48 PM (15 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.3.x to 3.3.11

File:

• branches/samba-3.3.x/docs/manpages/ntlm_auth.1 (modified) (22 diffs)

branches/samba-3.3.x/docs/manpages/ntlm_auth.1

@@ -1 @@
-'\" t
 .\"     Title: ntlm_auth
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 01/14/2010
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\"      Date: 02/22/2010
 .\"    Manual: User Commands
 .\"    Source: Samba 3.3
 .\"  Language: English
 .\"
-.TH "NTLM_AUTH" "1" "01/14/2010" "Samba 3\&.3" "User Commands"
+.TH "NTLM_AUTH" "1" "02/22/2010" "Samba 3\&.3" "User Commands"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
 .\" -----------------------------------------------------------------
 .\" * set default formatting
@@ -19 +167 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
-.SH "NAME"
+.SH "Name"
 ntlm_auth \- tool to allow external access to Winbind\'s NTLM authentication function
-.SH "SYNOPSIS"
+.SH "Synopsis"
+.fam C
 .HP \w'\ 'u
-ntlm_auth [\-d\ debuglevel] [\-l\ logdir] [\-s\ <smb\ config\ file>]
+\FCntlm_auth\F[] [\-d\ debuglevel] [\-l\ logdir] [\-s\ <smb\ config\ file>]
+.fam
 .SH "DESCRIPTION"
 .PP
@@ -30 +180 @@
 suite\&.
 .PP
-ntlm_auth
-is a helper utility that authenticates users using NT/LM authentication\&. It returns 0 if the users is authenticated successfully and 1 if access was denied\&. ntlm_auth uses winbind to access the user and authentication data for a domain\&. This utility is only indended to be used by other programs (currently
+\FCntlm_auth\F[]
+is a helper utility that authenticates users using NT/LM authentication\&. It returns 0 if the users is authenticated successfully and 1 if access was denied\&. ntlm_auth uses winbind to access the user and authentication data for a domain\&. This utility is only intended to be used by other programs (currently
 Squid
 and
@@ -42 +192 @@
 .PP
 Some of these commands also require access to the directory
-winbindd_privileged
+\FCwinbindd_privileged\F[]
 in
-$LOCKDIR\&. This should be done either by running this command as root or providing group access to the
-winbindd_privileged
+\FC$LOCKDIR\F[]\&. This should be done either by running this command as root or providing group access to the
+\FCwinbindd_privileged\F[]
 directory\&. For security reasons, this directory should not be world\-accessable\&.
 .SH "OPTIONS"
@@ -68 +218 @@
 .sp
 Requires access to the directory
-winbindd_privileged
+\FCwinbindd_privileged\F[]
 in
-$LOCKDIR\&. The protocol used is described here:
+\FC$LOCKDIR\F[]\&. The protocol used is described here:
 http://devel\&.squid\-cache\&.org/ntlm/squid_helper_protocol\&.html\&. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the
-YR
+\FCYR\F[]
 command\&. (Thus avoiding loss of information in the protocol exchange)\&.
 .RE
@@ -81 +231 @@
 .sp
 This helper is a client, and as such may be run by any user\&. The protocol used is effectively the reverse of the previous protocol\&. A
-YR
+\FCYR\F[]
 command (without any arguments) starts the authentication exchange\&.
 .RE
@@ -88 +238 @@
 .RS 4
 Server\-side helper that implements GSS\-SPNEGO\&. This uses a protocol that is almost the same as
-squid\-2\&.5\-ntlmssp, but has some subtle differences that are undocumented outside the source at this stage\&.
+\FCsquid\-2\&.5\-ntlmssp\F[], but has some subtle differences that are undocumented outside the source at this stage\&.
 .sp
 Requires access to the directory
-winbindd_privileged
+\FCwinbindd_privileged\F[]
 in
-$LOCKDIR\&.
+\FC$LOCKDIR\F[]\&.
 .RE
 .PP
@@ -106 +256 @@
 .sp
 This protocol consists of lines in the form:
-Parameter: value
+\FCParameter: value\F[]
 and
-Parameter:: Base64\-encode value\&. The presence of a single period
-\&.
+\FCParameter:: Base64\-encode value\F[]\&. The presence of a single period
+\FC\&.\F[]
 indicates that one side has finished supplying data to the other\&. (Which in turn could cause the helper to authenticate the user)\&.
 .sp
@@ -143 +293 @@
 .RS 4
 The 8 byte
-LANMAN Challenge
+\FCLANMAN Challenge\F[]
 value, generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client\&.
 .PP \fBExample\ \&7.\ \&\fR LANMAN\-Challege: 0102030405060708
@@ -151 +301 @@
 .RS 4
 The 24 byte
-LANMAN Response
+\FCLANMAN Response\F[]
 value, calculated from the user\'s password and the supplied
-LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&.
+\FCLANMAN Challenge\F[]\&. Typically, this is provided over the network by a client wishing to authenticate\&.
 .PP \fBExample\ \&8.\ \&\fR LANMAN\-Response: 0102030405060708090A0B0C0D0E0F101112131415161718
 .RE
@@ -160 +310 @@
 .RS 4
 The >= 24 byte
-NT Response
+\FCNT Response\F[]
 calculated from the user\'s password and the supplied
-LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&.
+\FCLANMAN Challenge\F[]\&. Typically, this is provided over the network by a client wishing to authenticate\&.
 .PP \fBExample\ \&9.\ \&\fR NT\-Response: 0102030405060708090A0B0C0D0E0F101112131415161718
 .RE
@@ -188 +338 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -200 +351 @@
                 a newline\&.  They may also need to decode strings from
                 the helper, which likewise may have been base64 encoded\&..sp .5v
+.EM yellow
 .RE
 .RE
@@ -256 +408 @@
 .RS 4
 Perform Diagnostics on the authentication chain\&. Uses the password from
-\-\-password
+\FC\-\-password\F[]
 or prompts for one\&.
 .RE
@@ -277 +429 @@
 \m[blue]\fB\%smb.conf.5.html#\fR\m[]
 parameter in the
-smb\&.conf
+\FCsmb\&.conf\F[]
 file\&.
 .RE
@@ -289 +441 @@
 .RS 4
 The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
-smb\&.conf
+\FCsmb\&.conf\F[]
 for more information\&. The default configuration file name is determined at compile time\&.
 .RE
@@ -307 +459 @@
 .PP
 To setup ntlm_auth for use by squid 2\&.5, with both basic and NTLMSSP authentication, the following should be placed in the
-squid\&.conf
+\FCsquid\&.conf\F[]
 file\&.
 .sp
@@ -313 +465 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp
 auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic
@@ -319 +479 @@
 auth_param basic realm Squid proxy\-caching web server
 auth_param basic credentialsttl 2 hours
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -327 +493 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -337 +504 @@
 .PP
 This example assumes that ntlm_auth has been installed into your path, and that the group permissions on
-winbindd_privileged
+\FCwinbindd_privileged\F[]
 are as described above\&.
 .sp .5v
+.EM yellow
 .RE
 .PP
 To setup ntlm_auth for use by squid 2\&.5 with group limitation in addition to the above example, the following should be added to the
-squid\&.conf
+\FCsquid\&.conf\F[]
 file\&.
 .sp
@@ -349 +517 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\'WORKGROUP\eDomain Users\'
 auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\'WORKGROUP\eDomain Users\'
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE