[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Sep 3 19:06:03 MDT 2012
The branch, master has been updated
via 68f68d0 docs: Move Samba4 HOWTO link into README
via 8be652a docs: Update Roadmap
via 3f42619 docs: Remove merged-branches.txt
via 0010828 docs: Remove docs for removed parameter 'display charset'
via 339fb7e remove extra tab from Makefile
via f9e8f08 docs: Fix undocumented target to find smb.conf directives in the right place
via 28499b0 docs: Remove references to security=share and security=server from the smb.conf docs
via 4a52a3f docs: Remove docs for removed parameter 'parinoid server security'
from 75484f4 docs: Rename manpages-3 -> manpages.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 68f68d01529e159d965cefa1da497f3472a36972
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 4 09:31:27 2012 +1000
docs: Move Samba4 HOWTO link into README
This allows us to make clear that it applies to the AD DC deployment.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 4 03:05:02 CEST 2012 on sn-devel-104
commit 8be652a675efb5f25f0e2c573b9c8d6c0f3a9b5f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 4 09:24:52 2012 +1000
docs: Update Roadmap
commit 3f42619e802b9dc13dc4dd770d419a0e4e9fce9d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 4 09:20:19 2012 +1000
docs: Remove merged-branches.txt
We are now well past simply having two projects in once tree, and each
continued reference to 'samba3' and 'samba4' causes user confusion.
Andrew Bartlett
commit 00108282d046c2d4948c7c5977c98b412e08fb0a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 4 09:12:17 2012 +1000
docs: Remove docs for removed parameter 'display charset'
commit 339fb7ef61e675c1db7743e039f2c1e6c45c08a0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 4 09:10:59 2012 +1000
remove extra tab from Makefile
commit f9e8f08197651f053bf6a23584bf04814440fec0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 4 09:09:38 2012 +1000
docs: Fix undocumented target to find smb.conf directives in the right place
The manpages target needs to be reworked to know about waf.
Andrew Bartlett
commit 28499b04769ee0d310e48576b868e11c0d2b1422
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 4 08:46:06 2012 +1000
docs: Remove references to security=share and security=server from the smb.conf docs
commit 4a52a3f48de60c79113018ca20a420dab536f46d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 4 08:27:23 2012 +1000
docs: Remove docs for removed parameter 'parinoid server security'
-----------------------------------------------------------------------
Summary of changes:
README | 11 +++-
Roadmap | 8 ++--
docs-xml/Makefile | 6 +-
docs-xml/Makefile.settings.in | 2 +-
docs-xml/scripts/find_missing_doc.pl | 2 +-
docs-xml/smbdotconf/base/displaycharset.xml | 17 ------
docs-xml/smbdotconf/logon/adduserscript.xml | 8 ---
docs-xml/smbdotconf/security/adminusers.xml | 3 -
docs-xml/smbdotconf/security/encryptpasswords.xml | 2 +-
docs-xml/smbdotconf/security/maptoguest.xml | 18 +------
docs-xml/smbdotconf/security/passwordserver.xml | 55 ++------------------
docs-xml/smbdotconf/security/readlist.xml | 4 --
docs-xml/smbdotconf/security/security.xml | 2 +-
docs-xml/smbdotconf/security/usernamemap.xml | 6 +-
docs-xml/smbdotconf/security/writelist.xml | 5 --
.../smbdotconf/tuning/paranoidserversecurity.xml | 19 -------
howto4.txt | 7 ---
merged-branches.txt | 6 --
18 files changed, 29 insertions(+), 152 deletions(-)
delete mode 100644 docs-xml/smbdotconf/base/displaycharset.xml
delete mode 100644 docs-xml/smbdotconf/tuning/paranoidserversecurity.xml
delete mode 100644 howto4.txt
delete mode 100644 merged-branches.txt
Changeset truncated at 500 lines:
diff --git a/README b/README
index 6c842c3..6fc98e6 100644
--- a/README
+++ b/README
@@ -1,13 +1,18 @@
This is the release version of Samba, the free SMB and CIFS client and
-server for UNIX and other operating systems. Samba is maintained by
-the Samba Team, who support the original author, Andrew Tridgell.
+server and Domain Controller for UNIX and other operating
+systems. Samba is maintained by the Samba Team, who support the
+original author, Andrew Tridgell.
>>>> Please read THE WHOLE of this file as it gives important information
>>>> about the configuration and use of Samba.
-NOTE: Installation instructions may be found in
+NOTE: Installation instructions may be found
+ for the file/print server and domain member in:
docs/htmldocs/Samba3-HOWTO/install.html
+ For the AD DC implementation a full HOWTO is provided at:
+ http://wiki.samba.org/index.php/Samba4/HOWTO
+
This software is freely distributable under the GNU public license, a
copy of which you should have received with this software (in a file
called COPYING).
diff --git a/Roadmap b/Roadmap
index 975ca7b..8f664ec 100644
--- a/Roadmap
+++ b/Roadmap
@@ -9,15 +9,15 @@ information.
The following development objectives for future releases
are in progress:
----------------------------------------------------------------------------
-Samba-3.0.x This release turned into maintenance mode since we
- released 3.2.
+Samba-3.5.x This release turned into maintenance mode since we
+ released 3.6.
Samba-3.6.x This is the current stable Samba 3 release intended
for all Samba production server.
Samba-4.0 Our next release including the AD domain controller
- feature, and the file server and other functionality
- from Samba 3.6.
+ feature, the file server and other functionality
+ from Samba 3.6 as well as the new SMB3 protocol.
Note that it is a given that the Samba-Team will continue to track
diff --git a/docs-xml/Makefile b/docs-xml/Makefile
index 25725ef..3070376 100644
--- a/docs-xml/Makefile
+++ b/docs-xml/Makefile
@@ -107,7 +107,7 @@ $(DOCBOOKDIR)/manpages/index.xml: $(MANPAGES) xslt/manpage-summary.xsl
$(HTMLDIR)/index.html: htmldocs.html
@mkdir -p $(@D)
cp $< $@
-
+
$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl %-images-html-chunks
@mkdir -p $(@D)
$(XSLTPROC) --stringparam base.dir "$(HTMLDIR)/$*/" xslt/html-chunk.xsl $<
@@ -241,7 +241,7 @@ $(OUTPUTDIR)/%: $(DOCBOOKDIR)/%.xml xslt/man.xsl
# Individual smb.conf parameters
smb.conf-chunks: $(patsubst $(SMBDOTCONFDOC)/%.xml,$(HTMLDIR)/smb.conf/%.html,$(wildcard $(SMBDOTCONFDOC)/*/*.xml))
-
+
$(HTMLDIR)/smb.conf/%.html: $(SMBDOTCONFDOC)/%.xml
@mkdir -p $(@D)
$(XSLTPROC) --output $@ xslt/smb.conf-html.xsl $<
@@ -262,7 +262,7 @@ $(PEARSONDIR)/%.report.html: $(PEARSONDIR)/%.xml
# Find undocumented parameters
undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc.pl scripts/find_missing_manpages.pl
$(PERL) scripts/find_missing_doc.pl $(SRCDIR)
- $(PERL) scripts/find_missing_manpages.pl $(SRCDIR)
+ $(PERL) scripts/find_missing_manpages.pl $(SRCDIR)/source3
samples: $(DOCBOOKDIR)/Samba3-HOWTO.xml xslt/extract-examples.xsl scripts/indent-smb.conf.pl
@mkdir -p examples
diff --git a/docs-xml/Makefile.settings.in b/docs-xml/Makefile.settings.in
index e5d58a4..2bf96d7 100644
--- a/docs-xml/Makefile.settings.in
+++ b/docs-xml/Makefile.settings.in
@@ -16,7 +16,7 @@ PERL = @PERL@
OUTPUTDIR = output
ARCHIVEDIR = archive
TEXINFODIR = $(OUTPUTDIR)/texi
-SRCDIR = ../source3
+SRCDIR = ../
MANPAGEDIR = manpages
SMBDOTCONFDOC = smbdotconf
DOCBOOKDIR = tmp
diff --git a/docs-xml/scripts/find_missing_doc.pl b/docs-xml/scripts/find_missing_doc.pl
index 3d0c345..6ce547b 100755
--- a/docs-xml/scripts/find_missing_doc.pl
+++ b/docs-xml/scripts/find_missing_doc.pl
@@ -29,7 +29,7 @@ chdir($curdir);
# Reading entries from source code
-open(SOURCE,"$topdir/param/loadparm.c") or die("Can't open $topdir/param/loadparm.c: $!");
+open(SOURCE,"$topdir/lib/param/param_table.c") or die("Can't open $topdir/lib/param/param_table.c: $!");
while ($ln = <SOURCE>) {
last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/;
diff --git a/docs-xml/smbdotconf/base/displaycharset.xml b/docs-xml/smbdotconf/base/displaycharset.xml
deleted file mode 100644
index 5bace5b..0000000
--- a/docs-xml/smbdotconf/base/displaycharset.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<samba:parameter name="display charset"
- type="string"
- context="G"
- advanced="1" developer="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>
- Specifies the charset that samba will use to print messages to stdout and stderr.
- The default value is "LOCALE", which means automatically set, depending on the
- current locale. The value should generally be the same as the value of the parameter
- <smbconfoption name="unix charset"/>.
- </para>
-</description>
-
-<value type="default">"LOCALE" or "ASCII" (depending on the system)</value>
-<value type="example">UTF8</value>
-</samba:parameter>
diff --git a/docs-xml/smbdotconf/logon/adduserscript.xml b/docs-xml/smbdotconf/logon/adduserscript.xml
index 7128cb7..d8abcda 100644
--- a/docs-xml/smbdotconf/logon/adduserscript.xml
+++ b/docs-xml/smbdotconf/logon/adduserscript.xml
@@ -19,14 +19,6 @@
</para>
<para>
- In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to
- <smbconfoption name="security">share</smbconfoption> and <smbconfoption name="add user script"/>
- must be set to a full pathname for a script that will create a UNIX user given one argument of
- <parameter moreinfo="none">%u</parameter>, which expands into the UNIX user name to create.
- </para>
-
- <para>
When the Windows user attempts to access the Samba server, at login (session setup in
the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> contacts the <smbconfoption name="password server"/>
diff --git a/docs-xml/smbdotconf/security/adminusers.xml b/docs-xml/smbdotconf/security/adminusers.xml
index d8f14b6..30adea9 100644
--- a/docs-xml/smbdotconf/security/adminusers.xml
+++ b/docs-xml/smbdotconf/security/adminusers.xml
@@ -11,9 +11,6 @@
this list will be able to do anything they like on the share,
irrespective of file permissions.</para>
- <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in
- Samba 3.0. This is by design.</para>
-
</description>
<value type="default"/>
diff --git a/docs-xml/smbdotconf/security/encryptpasswords.xml b/docs-xml/smbdotconf/security/encryptpasswords.xml
index 1a631fd..fdf0cfd 100644
--- a/docs-xml/smbdotconf/security/encryptpasswords.xml
+++ b/docs-xml/smbdotconf/security/encryptpasswords.xml
@@ -32,7 +32,7 @@
have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> program for information on how to set up
- and maintain this file), or set the <smbconfoption name="security">[server|domain|ads]</smbconfoption> parameter which
+ and maintain this file), or set the <smbconfoption name="security">[domain|ads]</smbconfoption> parameter which
causes <command moreinfo="none">smbd</command> to authenticate against another
server.</para>
</description>
diff --git a/docs-xml/smbdotconf/security/maptoguest.xml b/docs-xml/smbdotconf/security/maptoguest.xml
index 0f680ae..09017bc 100644
--- a/docs-xml/smbdotconf/security/maptoguest.xml
+++ b/docs-xml/smbdotconf/security/maptoguest.xml
@@ -4,11 +4,6 @@
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only useful in <smbconfoption name="SECURITY">
- security</smbconfoption> modes other than <parameter moreinfo="none">security = share</parameter>
- and <parameter moreinfo="none">security = server</parameter>
- - i.e. <constant>user</constant>, and <constant>domain</constant>.</para>
-
<para>This parameter can take four different values, which tell
<citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> what to do with user
@@ -55,20 +50,11 @@
</itemizedlist>
<para>Note that this parameter is needed to set up "Guest"
- share services when using <parameter moreinfo="none">security</parameter> modes other than
- share and server. This is because in these modes the name of the resource being
+ share services. This is because in these modes the name of the resource being
requested is <emphasis>not</emphasis> sent to the server until after
the server has successfully authenticated the client so the server
cannot make authentication decisions at the correct time (connection
- to the share) for "Guest" shares. This parameter is not useful with
- <parameter moreinfo="none">security = server</parameter> as in this security mode
- no information is returned about whether a user logon failed due to
- a bad username or bad password, the same error is returned from a modern server
- in both cases.</para>
-
- <para>For people familiar with the older Samba releases, this
- parameter maps to the old compile-time setting of the <constant>
- GUEST_SESSSETUP</constant> value in local.h.</para>
+ to the share) for "Guest" shares. </para>
</description>
<value type="default">Never</value>
diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml
index ad242c4..18baa9b 100644
--- a/docs-xml/smbdotconf/security/passwordserver.xml
+++ b/docs-xml/smbdotconf/security/passwordserver.xml
@@ -4,17 +4,16 @@
advanced="1" wizard="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>By specifying the name of another SMB server
- or Active Directory domain controller with this option,
- and using <command moreinfo="none">security = [ads|domain|server]</command>
+ <para>By specifying the name of a domain controller with this option,
+ and using <command moreinfo="none">security = [ads|domain]</command>
it is possible to get Samba
to do all its username/password validation using a specific remote server.</para>
- <para>If the <parameter moreinfo="none">security</parameter> parameter is set to
- <constant>domain</constant> or <constant>ads</constant>, then this option
+ <para>Ideally, this option
<emphasis>should not</emphasis> be used, as the default '*' indicates to Samba
to determine the best DC to contact dynamically, just as all other hosts in an
- AD domain do. This allows the domain to be maintained without modification to
+ AD domain do. This allows the domain to be maintained (addition
+ and removal of domain controllers) without modification to
the smb.conf file. The cryptographic protection on the authenticated RPC calls
used to verify passwords ensures that this default is safe.</para>
@@ -39,50 +38,6 @@
parameter <smbconfoption name="name resolve order"/> and so may resolved
by any method and order described in that parameter.</para>
- <para>If the <parameter moreinfo="none">security</parameter> parameter is
- set to <constant>server</constant>, these additional restrictions apply:</para>
-
- <itemizedlist>
- <listitem>
- <para>You may list several password servers in
- the <parameter moreinfo="none">password server</parameter> parameter, however if an
- <command moreinfo="none">smbd</command> makes a connection to a password server,
- and then the password server fails, no more users will be able
- to be authenticated from this <command moreinfo="none">smbd</command>. This is a
- restriction of the SMB/CIFS protocol when in <command moreinfo="none">security = server
- </command> mode and cannot be fixed in Samba.</para>
- </listitem>
-
- <listitem>
- <para>You will have to ensure that your users
- are able to login from the Samba server, as when in <command moreinfo="none">
- security = server</command> mode the network logon will appear to
- come from the Samba server rather than from the users workstation.</para>
- </listitem>
-
- <listitem>
- <para>The client must not select NTLMv2 authentication.</para>
- </listitem>
-
- <listitem>
- <para>The password server must be a machine capable of using
- the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
- user level security mode.</para>
- </listitem>
-
- <listitem>
- <para>Using a password server means your UNIX box (running
- Samba) is only as secure as (a host masquerading as) your password server. <emphasis>DO NOT
- CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</emphasis>.
- </para>
- </listitem>
-
- <listitem>
- <para>Never point a Samba server at itself for password serving.
- This will cause a loop and could lock up your Samba server!</para>
- </listitem>
-
- </itemizedlist>
</description>
<related>security</related>
diff --git a/docs-xml/smbdotconf/security/readlist.xml b/docs-xml/smbdotconf/security/readlist.xml
index df6b4f1..c874fef 100644
--- a/docs-xml/smbdotconf/security/readlist.xml
+++ b/docs-xml/smbdotconf/security/readlist.xml
@@ -9,11 +9,7 @@
to. The list can include group names using the syntax described in the <smbconfoption name="invalid users"/>
parameter.
</para>
-
- <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in
- Samba 3.0. This is by design.</para>
</description>
-
<related>write list</related>
<related>invalid users</related>
diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml
index 453de94..406089f 100644
--- a/docs-xml/smbdotconf/security/security.xml
+++ b/docs-xml/smbdotconf/security/security.xml
@@ -16,7 +16,7 @@
<para>The alternatives are
<command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain
- </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = server</command>, which is deprecated.</para>
+ </command>, which support joining Samba to a Windows domain</para>
<para>You should use <command moreinfo="none">security = user</command> and
<smbconfoption name="map to guest"/> if you
diff --git a/docs-xml/smbdotconf/security/usernamemap.xml b/docs-xml/smbdotconf/security/usernamemap.xml
index fec7375..21098fa 100644
--- a/docs-xml/smbdotconf/security/usernamemap.xml
+++ b/docs-xml/smbdotconf/security/usernamemap.xml
@@ -12,7 +12,7 @@
</para>
<para>
- Please note that for user or share mode security, the username map is applied prior to validating the user
+ Please note that for user mode security, the username map is applied prior to validating the user
credentials. Domain member servers (domain or ads) apply the username map after the user has been
successfully authenticated by the domain controller and require fully qualified entries in the map table (e.g.
biddle = <literal>DOMAIN\foo</literal>).
@@ -84,8 +84,8 @@ guest = *
Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and
<constant>fred</constant> is remapped to <constant>mary</constant> then you will actually be connecting to
\\server\mary and will need to supply a password suitable for <constant>mary</constant> not
- <constant>fred</constant>. The only exception to this is the username passed to the <smbconfoption
- name="password server"/> (if you have one). The password server will receive whatever username the client
+ <constant>fred</constant>. The only exception to this is the
+ username passed to a Domain Controller (if you have one). The DC will receive whatever username the client
supplies without modification.
</para>
diff --git a/docs-xml/smbdotconf/security/writelist.xml b/docs-xml/smbdotconf/security/writelist.xml
index 60db3f1..c17db81 100644
--- a/docs-xml/smbdotconf/security/writelist.xml
+++ b/docs-xml/smbdotconf/security/writelist.xml
@@ -15,11 +15,6 @@
given write access.
</para>
- <para>
- By design, this parameter will not work with the
- <smbconfoption name="security">share</smbconfoption> in Samba 3.0.
- </para>
-
</description>
<related>read list</related>
diff --git a/docs-xml/smbdotconf/tuning/paranoidserversecurity.xml b/docs-xml/smbdotconf/tuning/paranoidserversecurity.xml
deleted file mode 100644
index e553583..0000000
--- a/docs-xml/smbdotconf/tuning/paranoidserversecurity.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<samba:parameter name="paranoid server security"
- context="G"
- type="boolean"
- developer="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>Some version of NT 4.x allow non-guest
- users with a bad password. When this option is enabled, samba will not
- use a broken NT 4.x server as password server, but instead complain
- to the logs and exit.
- </para>
-
- <para>Disabling this option prevents Samba from making
- this check, which involves deliberately attempting a
- bad logon to the remote server.</para>
-</description>
-
-<value type="default">yes</value>
-</samba:parameter>
diff --git a/howto4.txt b/howto4.txt
deleted file mode 100644
index 6a40d61..0000000
--- a/howto4.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Samba4 howto
-============
-
-For current versions of the Samba4 HOWTO, please see our wiki:
-
- http://wiki.samba.org/index.php/Samba4/HOWTO
-
diff --git a/merged-branches.txt b/merged-branches.txt
deleted file mode 100644
index 064203f..0000000
--- a/merged-branches.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-This branch contains sources for both Samba 3 and Samba 4. The Samba 3
-source/ folder is now called source3, the samba4 source/ folder is called
-source4.
-
-The aim is to move shared code to a common location
-and hopefully combine Samba3 and Samba 4 step by step.
--
Samba Shared Repository
More information about the samba-cvs
mailing list