[SCM] Samba Shared Repository - branch v4-21-stable updated
Stefan Metzmacher
metze at samba.org
Tue Aug 13 17:03:02 UTC 2024
The branch, v4-21-stable has been updated
via 8e440c0a96a VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc2 release.
via ac02a513c8f WHATSNEW: Add release notes for Samba 4.21.0rc2.
via 2552df221d4 WHATSNEW: update the "Automatic keytab update after machine password change" section
via 8c0820a9199 docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
via 5129858389d docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
via 4643ddbb7c7 docs:smbdotconf: Improve documentation for 'sync machine password script'
via ed391186250 s3:script: Install winbind_ctdb_updatekeytab.sh
via 5730327bef6 s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
via 80db72bdb3f docs: Add examples to net.8 that use 'sync machine password to keytab'
via 4b6e24cba7b Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""
via 7477658193e docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
via ab1db57e9a7 vfs_ceph_new: use 'ceph_new' for config-param prefix
via 0edfc053743 vfs_ceph_new: handle errno properly for 'readdir'
via 7872fbd907b vfs_ceph{_new}: do not set errno upon successful call to libcephfs
via 0d03161324c vfs_ceph_new: Unconditionally use ceph_select_filesystem
via ff2ecedd6f9 docs-xml/manpages: add entry for vfs_ceph_new
via fe3471eb5b2 vfs_ceph_new: common prefix to debug-log messages
via 9de33d3442c vfs_ceph_new: debug-log upon libcephfs low-level calls
via ec119531a4f vfs_ceph_new: use low-level APIs for xattr ops
via e0d2953a847 vfs_ceph_new: use low-level APIs for mknodat
via 9109ed18720 vfs_ceph_new: use low-level APIs for renameat
via 6af3cb81a00 vfs_ceph_new: use low-level APIs for linkat
via 2b1c65948c3 vfs_ceph_new: use low-level APIs for ftruncate/fallocate
via dc207c281cd vfs_ceph_new: use low-level APIs for fsync
via f429baca5cf vfs_ceph_new: use low-level APIs for lseek
via ddb5fcb2faf vfs_ceph_new: use low-level APIs for read/write
via 69b671dcbfe vfs_ceph_new: use low-level APIs for symlink/readlink
via 9278e661146 vfs_ceph_new: use low-level APIs for unlinkat
via 2b660aaf9ed vfs_ceph_new: use low-level APIs for fntimes
via 7780114ab02 vfs_ceph_new: use low-level APIs for fchown/fchmod
via 26851f16fc2 vfs_ceph_new: proper error handling to readdir
via 9fd6c5b41f4 vfs_ceph_new: use low-level APIs for readdir ops
via 5eaa8749468 vfs_ceph_new: use low-level APIs for mkdirat
via 34c848251cd vfs_ceph_new: use low-level APIs for fdopendir
via 655e7a1508c vfs_ceph_new: use low-level APIs for fstatat
via 6fdf1922a99 vfs_ceph_new: use low-level APIs for fstat
via 62a43faa114 vfs_ceph_new: use low-level APIs for open/close
via f3e5d7237be vfs_ceph_new: ref cephmount_cached entry in handle->data
via 7bb3f5f251a vfs_ceph_new: use low-level APIs for lchown
via be427077ce8 vfs_ceph_new: use low-level APIs for statfs
via 8e28065f560 vfs_ceph_new: use low-level APIs for lstat
via 9f68daaccc5 vfs_ceph_new: use low-level APIs for stat
via 5a7f6e4610e vfs_ceph_new: use low-level APIs for disk_free
via 74524c438b7 vfs_ceph_new: next iteration of samba-to-cephfs bridge
via b375043d62c script/autobuild.py: do some basic testing using --without-winbind
via ba14164f729 s3:lib: add winbind_lookup_name_ex() fallback for --without-winbind
via 0ca6cd90b66 tdb: version 1.4.12
via 0cf9c6efd7e autobuild: Add ABI checks for libtalloc, libtevent and libtdb
via 725907587b8 WHATSNEW: update the "Automatic keytab update after machine password change" section
via 6f9a9394cfd docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
via ba6c2f68ec2 docs-xml: Fix trailing whitespace in net.8.xml
via ff9d9677bba docs:smbdotconf: Improve formatting of 'sync machine password to keytab'
via de85c86c486 ldb: Fix ldb public library header files being unusable
via 6d69562e27c wafsamba: Fix ABI symbol name generation
via 5ba371e09ab WHATSNEW: update the Per-user and group "veto files" and "hide files" section
via bffa9349d42 docs: Document parametric form of hide and veto files
via d5be00ab537 lib: Remove "token" parameter from set_namearray
via 13dbaf5556c lib: Remove per-user support from append_to_namearray
via 244ade4f12c tests: Test parametric per-user syntax for hide/veto files
via fd73c865eed smbd: Respect per-user hide and veto files with parametric options
via af0085aced4 lib: Factor out append_namearray from set_namearray
via 0b9371aa0c2 loadparm: Add lp_wi_scan_share_parametrics
via 5148ff97061 loadparm: Factor out lp_wi_scan_parametrics
via 13fc70f5e04 VERSION: Bump version up to Samba 4.21.0rc2...
from 729078d20cf VERSION: Disable GIT_SNAPSHOT for the Samba 4.21.0rc1 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 88 +-
buildtools/wafsamba/samba_abi.py | 6 +-
docs-xml/manpages/net.8.xml | 185 +-
.../{vfs_ceph.8.xml => vfs_ceph_new.8.xml} | 60 +-
docs-xml/smbdotconf/filename/hidefiles.xml | 29 +-
docs-xml/smbdotconf/filename/vetofiles.xml | 29 +-
docs-xml/smbdotconf/security/kerberosmethod.xml | 6 +
.../security/syncmachinepasswordscript.xml | 13 +-
.../security/syncmachinepasswordtokeytab.xml | 86 +-
docs-xml/wscript_build | 1 +
lib/ldb/wscript | 2 +-
lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.12.sigs} | 0
lib/tdb/wscript | 2 +-
script/autobuild.py | 62 +
selftest/target/Samba3.pm | 6 +-
source3/include/proto.h | 4 +-
source3/lib/util_namearray.c | 119 +-
source3/lib/winbind_util.c | 11 +
source3/modules/vfs_ceph.c | 2 -
source3/modules/vfs_ceph_new.c | 3100 ++++++++++++++++++++
source3/modules/vfs_virusfilter.c | 2 -
source3/modules/wscript_build | 10 +
source3/param/loadparm.c | 50 +-
source3/param/loadparm.h | 7 +
...pdatekeytab.sh => winbind_ctdb_updatekeytab.sh} | 0
source3/script/wscript_build | 1 +
source3/smbd/smb2_service.c | 2 -
source3/smbd/uid.c | 132 +-
source3/torture/test_matching.c | 2 +-
source3/wscript | 1 +
31 files changed, 3785 insertions(+), 235 deletions(-)
copy docs-xml/manpages/{vfs_ceph.8.xml => vfs_ceph_new.8.xml} (66%)
copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.12.sigs} (100%)
create mode 100644 source3/modules/vfs_ceph_new.c
rename source3/script/{updatekeytab.sh => winbind_ctdb_updatekeytab.sh} (100%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 57dceb79676..ba580667949 100644
--- a/VERSION
+++ b/VERSION
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=1
+SAMBA_VERSION_RC_RELEASE=2
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 99f9f0aa7a6..c42c8cdb142 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the first release candidate of Samba 4.21. This is *not*
+This is the second release candidate of Samba 4.21. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -180,8 +180,10 @@ Per-user and group "veto files" and "hide files"
"veto files" and "hide files" can optionally be restricted to certain users and
groups. To apply a veto or hide directive to a filename for a specific user or
-group, prefix the filename with "../USERNAME/" or "../GROUPNAME/". For details
-consult the updated smb.conf manpage.
+group, a parametric option like this can be used:
+ hide files : USERNAME = /somefile.txt/
+ veto files : GROUPNAME = /otherfile.txt/
+For details consult the updated smb.conf manpage.
Automatic keytab update after machine password change
-----------------------------------------------------
@@ -191,9 +193,51 @@ updates or manually (e.g. net ads changetrustpw), now winbind will also support
update of keytab entries in case you use newly added option
'sync machine password to keytab'.
The new parameter allows you to describe what keytabs and how should be updated.
+From smb.conf(5) manpage - each keytab can have exactly one of these four forms:
+
+ account_name
+ sync_spns
+ spn_prefixes=value1[,value2[...]]
+ spns=value1[,value2[...]]
+
+The functionaity provided by the removed commands "net ads keytab
+add/delete/add_update_ads" can be achieved via the 'sync machine password to
+keytab' as in these examples:
+
+"net ads keytab add wurst/brot at REALM"
+
+- this command is not adding <principal> to AD, so the best fit can be specifier
+ "spns"
+- add to smb.conf:
+ sync machine password to keytab = /path/to/keytab1:spns=wurst/brot at REALM:machine_password
+- run:
+ "net ads keytab create"
+
+"net ads keytab delete wurst/brot at REALM"
+
+- remove the principal (or the whole keytab line if there was just one)
+- run:
+ "net ads keytab create"
+
+"net ads keytab add_update_ads wurst/brot at REALM"
+
+- this command was adding the principal to AD, so for this case use a keytab
+ with specifier sync_spns
+- add to smb.conf:
+ sync machine password to keytab = /path/to/keytab2:sync_spns:machine_password
+- run:
+ "net ads setspn add wurst/brot at REALM" # this adds the principal to AD
+ "net ads keytab create" # this sync it from AD to local keytab
+
+
A new parameter 'sync machine password script' allows to specify external script
-that will be triggered after the automatic keytab update. For detailed
-information check the smb.conf manpage.
+that will be triggered after the automatic keytab update. If keytabs should be
+generated in clustered environments it is recommended to update them on all
+nodes. Check in smb.conf(5) the scripts winbind_ctdb_updatekeytab.sh and
+46.update-keytabs.script in section 'sync machine password script' for details.
+
+For detailed information check the smb.conf(5) and net(8) manpages.
+
REMOVED FEATURES
================
@@ -226,6 +270,40 @@ smb.conf changes
sync machine password script script
+CHANGES SINCE 4.21.0rc1
+=======================
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+o Anoop C S <anoopcs at samba.org>
+ * BUG 15686: Add new vfs_ceph module (based on low level API)
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+o Jo Sutton <josutton at catalyst.net.nz>
+ * BUG 15690: ldb_version.h is missing from ldb public library
+
+o Pavel Filipenský <pfilipensky at samba.org>
+ * BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
+
+o Shachar Sharon <ssharon at redhat.com>
+ * BUG 15686: Add new vfs_ceph module (based on low level API)
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+ * BUG 15687: undefined reference to winbind_lookup_name_ex
+ * BUG 15688: per user veto and hide file syntax is to complex
+ * BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15688: per user veto and hide file syntax is to complex
+
+
KNOWN ISSUES
============
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index c82ba3424f9..e6deb839c0c 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -286,7 +286,7 @@ def abi_build_vscript(task):
f.close()
def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript):
- version = re.sub(r'\W', '_', version).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(private_vscript,
rule=abi_build_vscript,
source=orig_vscript,
@@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p
libname = os.path.basename(libname)
version = os.path.basename(version)
- libname = re.sub(r'\W', '_', libname).upper()
- version = re.sub(r'\W', '_', version).upper()
+ libname = re.sub(r'[^.\w]', '_', libname).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(vscript,
rule=abi_build_vscript,
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index c284cc25b49..e633c8c7c6a 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -80,12 +80,12 @@
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
- <para>The Samba net utility is meant to work just like the net utility
- available for windows and DOS. The first argument should be used
- to specify the protocol to use when executing a certain command.
- ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3)
- clients and RPC can be used for NT4 and Windows 2000. If this
- argument is omitted, net will try to determine it automatically.
+ <para>The Samba net utility is meant to work just like the net utility
+ available for windows and DOS. The first argument should be used
+ to specify the protocol to use when executing a certain command.
+ ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3)
+ clients and RPC can be used for NT4 and Windows 2000. If this
+ argument is omitted, net will try to determine it automatically.
Not all commands are available on all protocols.
</para>
@@ -98,7 +98,7 @@
<varlistentry>
<term>-w|--target-workgroup target-workgroup</term>
<listitem><para>
- Sets target workgroup or domain. You have to specify
+ Sets target workgroup or domain. You have to specify
either this option or the IP address or the name of a server.
</para></listitem>
</varlistentry>
@@ -115,7 +115,7 @@
<varlistentry>
<term>-p|--port port</term>
<listitem><para>
- Port on the target server to connect to (usually 139 or 445).
+ Port on the target server to connect to (usually 139 or 445).
Defaults to trying 445 first, then 139.
</para></listitem>
</varlistentry>
@@ -123,7 +123,7 @@
<varlistentry>
<term>-S|--server server</term>
<listitem><para>
- Name of target server. You should specify either
+ Name of target server. You should specify either
this option or a target workgroup or a target IP address.
</para></listitem>
</varlistentry>
@@ -524,7 +524,7 @@ YOU HAVE BEEN WARNED.
<refsect3>
<title>TIME</title>
-<para>Without any options, the <command>NET TIME</command> command
+<para>Without any options, the <command>NET TIME</command> command
displays the time on the remote server. The remote server must be
specified with the -S option.
</para>
@@ -542,7 +542,7 @@ The remote server must be specified with the -S option.
<refsect3>
<title>TIME SET</title>
-<para>Tries to set the date and time of the local server to that on
+<para>Tries to set the date and time of the local server to that on
the remote server using <command>/bin/date</command>.
The remote server must be specified with the -S option.
</para>
@@ -565,8 +565,8 @@ The remote server must be specified with the -S option.
[osName=string osVer=string] [options]</title>
<para>
-Join a domain. If the account already exists on the server, and
-[TYPE] is MEMBER, the machine will attempt to join automatically.
+Join a domain. If the account already exists on the server, and
+[TYPE] is MEMBER, the machine will attempt to join automatically.
(Assuming that the machine has been created in server manager)
Otherwise, a password will be prompted for, and a new account may
be created.</para>
@@ -590,7 +590,7 @@ format is host/netbiosname at REALM.
[OU] (ADS only) Precreate the computer account in a specific OU. The
OU string reads from top to bottom without RDNs, and is delimited by
a '/'. Please note that '\' is used for escape by both the shell
-and ldap, so it may need to be doubled or quadrupled to pass through,
+and ldap, so it may need to be doubled or quadrupled to pass through,
and it is not used as a delimiter.
</para>
<para>
@@ -607,8 +607,8 @@ must be specified for either to take effect.
<refsect2>
<title>[RPC] OLDJOIN [options]</title>
-<para>Join a domain. Use the OLDJOIN option to join the domain
-using the old style of domain joining - you need to create a trust
+<para>Join a domain. Use the OLDJOIN option to join the domain
+using the old style of domain joining - you need to create a trust
account in server manager first.</para>
</refsect2>
@@ -692,8 +692,8 @@ account in server manager first.</para>
<refsect3>
<title>[RAP|RPC] SHARE ADD <replaceable>name=serverpath</replaceable> [-C comment] [-M maxusers] [targets]</title>
-<para>Adds a share from a server (makes the export active). Maxusers
-specifies the number of users that can be connected to the
+<para>Adds a share from a server (makes the export active). Maxusers
+specifies the number of users that can be connected to the
share simultaneously.</para>
</refsect3>
@@ -718,7 +718,7 @@ share simultaneously.</para>
<refsect3>
<title>[RPC|RAP] FILE CLOSE <replaceable>fileid</replaceable></title>
-<para>Close file with specified <replaceable>fileid</replaceable> on
+<para>Close file with specified <replaceable>fileid</replaceable> on
remote server.</para>
</refsect3>
@@ -727,7 +727,7 @@ remote server.</para>
<title>[RPC|RAP] FILE INFO <replaceable>fileid</replaceable></title>
<para>
-Print information on specified <replaceable>fileid</replaceable>.
+Print information on specified <replaceable>fileid</replaceable>.
Currently listed are: file-id, username, locks, path, permissions.
</para>
@@ -739,7 +739,7 @@ Currently listed are: file-id, username, locks, path, permissions.
<para>
List files opened by specified <replaceable>user</replaceable>.
Please note that <command>net rap file user</command> does not work
-against Samba servers.
+against Samba servers.
</para>
</refsect3>
@@ -752,7 +752,7 @@ against Samba servers.
<refsect3>
<title>RAP SESSION</title>
-<para>Without any other options, SESSION enumerates all active SMB/CIFS
+<para>Without any other options, SESSION enumerates all active SMB/CIFS
sessions on the target server.</para>
</refsect3>
@@ -784,7 +784,7 @@ to local domain.</para>
<refsect2>
<title>RAP DOMAIN</title>
-<para>Lists all domains and workgroups visible on the
+<para>Lists all domains and workgroups visible on the
current network.</para>
</refsect2>
@@ -796,7 +796,7 @@ current network.</para>
<title>RAP PRINTQ INFO <replaceable>QUEUE_NAME</replaceable></title>
<para>Lists the specified print queue and print jobs on the server.
-If the <replaceable>QUEUE_NAME</replaceable> is omitted, all
+If the <replaceable>QUEUE_NAME</replaceable> is omitted, all
queues are listed.</para>
</refsect3>
@@ -814,9 +814,9 @@ queues are listed.</para>
<title>RAP VALIDATE <replaceable>user</replaceable> [<replaceable>password</replaceable>]</title>
<para>
-Validate whether the specified user can log in to the
-remote server. If the password is not specified on the commandline, it
-will be prompted.
+Validate whether the specified user can log in to the
+remote server. If the password is not specified on the commandline, it
+will be prompted.
</para>
¬.implemented;
@@ -852,7 +852,7 @@ will be prompted.
<refsect2>
<title>RAP ADMIN <replaceable>command</replaceable></title>
-<para>Execute the specified <replaceable>command</replaceable> on
+<para>Execute the specified <replaceable>command</replaceable> on
the remote server. Only works with OS/2 servers.
</para>
@@ -899,7 +899,7 @@ Change password of <replaceable>USER</replaceable> from <replaceable>OLDPASS</re
<title>LOOKUP HOST <replaceable>HOSTNAME</replaceable> [<replaceable>TYPE</replaceable>]</title>
<para>
-Lookup the IP address of the given host with the specified type (netbios suffix).
+Lookup the IP address of the given host with the specified type (netbios suffix).
The type defaults to 0x20 (workstation).
</para>
@@ -965,7 +965,7 @@ or workgroup. Defaults to local domain.</para>
<refsect2>
<title>CACHE</title>
-<para>Samba uses a general caching interface called 'gencache'. It
+<para>Samba uses a general caching interface called 'gencache'. It
can be controlled using 'NET CACHE'.</para>
<para>All the timeout parameters support the suffixes:
@@ -1044,7 +1044,7 @@ omitted, the SID of the local server.</para>
<refsect2>
<title>GETDOMAINSID</title>
-<para>Prints the local machine SID and the SID of the current
+<para>Prints the local machine SID and the SID of the current
domain.</para>
</refsect2>
@@ -1158,15 +1158,15 @@ such as domain name, domain sid and number of users and groups.
<refsect3>
<title>RPC TRUSTDOM ADD <replaceable>DOMAIN</replaceable></title>
-<para>Add a interdomain trust account for <replaceable>DOMAIN</replaceable>.
-This is in fact a Samba account named <replaceable>DOMAIN$</replaceable>
-with the account flag <constant>'I'</constant> (interdomain trust account).
+<para>Add a interdomain trust account for <replaceable>DOMAIN</replaceable>.
+This is in fact a Samba account named <replaceable>DOMAIN$</replaceable>
+with the account flag <constant>'I'</constant> (interdomain trust account).
This is required for incoming trusts to work. It makes Samba be a
trusted domain of the foreign (trusting) domain.
Users of the Samba domain will be made available in the foreign domain.
-If the command is used against localhost it has the same effect as
+If the command is used against localhost it has the same effect as
<command>smbpasswd -a -i DOMAIN</command>. Please note that both commands
-expect a appropriate UNIX account.
+expect a appropriate UNIX account.
</para>
</refsect3>
@@ -1174,9 +1174,9 @@ expect a appropriate UNIX account.
<refsect3>
<title>RPC TRUSTDOM DEL <replaceable>DOMAIN</replaceable></title>
-<para>Remove interdomain trust account for
-<replaceable>DOMAIN</replaceable>. If it is used against localhost
-it has the same effect as <command>smbpasswd -x DOMAIN$</command>.
+<para>Remove interdomain trust account for
+<replaceable>DOMAIN</replaceable>. If it is used against localhost
+it has the same effect as <command>smbpasswd -x DOMAIN$</command>.
</para>
</refsect3>
@@ -1185,7 +1185,7 @@ it has the same effect as <command>smbpasswd -x DOMAIN$</command>.
<title>RPC TRUSTDOM ESTABLISH <replaceable>DOMAIN</replaceable></title>
<para>
-Establish a trust relationship to a trusted domain.
+Establish a trust relationship to a trusted domain.
Interdomain account must already be created on the remote PDC.
This is required for outgoing trusts to work. It makes Samba be a
trusting domain of a foreign (trusted) domain.
@@ -1326,9 +1326,9 @@ net rpc trust delete \
<refsect3>
<title>RPC RIGHTS</title>
-<para>This subcommand is used to view and manage Samba's rights assignments (also
-referred to as privileges). There are three options currently available:
-<parameter>list</parameter>, <parameter>grant</parameter>, and
+<para>This subcommand is used to view and manage Samba's rights assignments (also
+referred to as privileges). There are three options currently available:
+<parameter>list</parameter>, <parameter>grant</parameter>, and
<parameter>revoke</parameter>. More details on Samba's privilege model and its use
can be found in the Samba-HOWTO-Collection.</para>
@@ -1367,14 +1367,14 @@ Force shutting down all applications.
<varlistentry>
<term>-t timeout</term>
<listitem><para>
-Timeout before system will be shut down. An interactive
+Timeout before system will be shut down. An interactive
user of the system can use this time to cancel the shutdown.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-C message</term>
-<listitem><para>Display the specified message on the screen to
+<listitem><para>Display the specified message on the screen to
announce the shutdown.</para></listitem>
</varlistentry>
</variablelist>
@@ -1391,8 +1391,8 @@ to run this against the PDC, from a Samba machine joined as a BDC. </para>
<refsect2>
<title>RPC VAMPIRE</title>
-<para>Export users, aliases and groups from remote server to
-local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
+<para>Export users, aliases and groups from remote server to
+local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
This vampire command cannot be used against an Active Directory, only
against an NT4 Domain Controller.
</para>
@@ -1486,7 +1486,7 @@ against an NT4 Domain Controller.
<title>ADS STATUS</title>
<para>Print out status of machine account of the local machine in ADS.
-Prints out quite some debug info. Aimed at developers, regular
+Prints out quite some debug info. Aimed at developers, regular
users should use <command>NET ADS TESTJOIN</command>.</para>
</refsect2>
@@ -1498,7 +1498,7 @@ users should use <command>NET ADS TESTJOIN</command>.</para>
<title>ADS PRINTER INFO [<replaceable>PRINTER</replaceable>] [<replaceable>SERVER</replaceable>]</title>
<para>
-Lookup info for <replaceable>PRINTER</replaceable> on <replaceable>SERVER</replaceable>. The printer name defaults to "*", the
+Lookup info for <replaceable>PRINTER</replaceable> on <replaceable>SERVER</replaceable>. The printer name defaults to "*", the
server name defaults to the local host.</para>
</refsect3>
@@ -1522,8 +1522,8 @@ server name defaults to the local host.</para>
<refsect2>
<title>ADS SEARCH <replaceable>EXPRESSION</replaceable> <replaceable>ATTRIBUTES...</replaceable></title>
-<para>Perform a raw LDAP search on a ADS server and dump the results. The
-expression is a standard LDAP search expression, and the
+<para>Perform a raw LDAP search on a ADS server and dump the results. The
+expression is a standard LDAP search expression, and the
attributes are a list of LDAP fields to show in the results.</para>
<para>Example: <userinput>net ads search '(objectCategory=group)' sAMAccountName</userinput>
@@ -1535,9 +1535,9 @@ attributes are a list of LDAP fields to show in the results.</para>
<title>ADS DN <replaceable>DN</replaceable> <replaceable>(attributes)</replaceable></title>
<para>
-Perform a raw LDAP search on a ADS server and dump the results. The
-DN standard LDAP DN, and the attributes are a list of LDAP fields
-to show in the result.
+Perform a raw LDAP search on a ADS server and dump the results. The
+DN standard LDAP DN, and the attributes are a list of LDAP fields
+to show in the result.
</para>
<para>Example: <userinput>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</userinput></para>
@@ -1558,8 +1558,28 @@ are made to the computer AD account.
</refsect2>
--
Samba Shared Repository
More information about the samba-cvs
mailing list