Package: samba-common
Version: 2:3.2.5-4
Severity: minor
File: /usr/share/man/man5/smb.conf.5.gz
Index:
s/refersh/refresh/
/it's case insensitive nature/s/'//
/builting/ s/g//
add comma, s/a/an/
add commas
use "its" instead of "of this"
samba-common: s/able //
/atabase/s//d&/
add comma
samba-common: /inproved/s/n/m/
s/to to/.../
s/no/&,/
/guestparameter/s/p/ &/
add comma
add comma
/smbd(8)/s//& /
add comma
s/refersh/refresh/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.24748 2009-02-12 16:30:27.000000000 -0700
@@ -636,7 +636,7 @@
This boolean parameter controls what
\fBsmbd\fR(8)does on receiving a protocol request of "open for delete" from a
Windows client\. If a Windows client doesn\'t have permissions to delete a file
then they expect this to be denied at open time\. POSIX systems normally only
detect restrictions on delete by actually attempting to delete the file or
directory\. As Windows clients can (and do) "back out" a delete request by
unsetting the "delete on close" bit Samba cannot delete the file immediately on
"open for delete" request as we cannot restore such a deleted file\. With this
parameter set to true (the default) then smbd checks the file system
permissions directly on "open for delete" and denies the request without
actually deleting the file if the file system permissions would seem to deny
it\. This is not perfect, as it\'s possible a user could have deleted a file
without Samba being able to check the permissions correctly, but it is close
enough to Windows semantics for mostly correct behaviour\. Samba will correctly
check POSIX ACL semantics in this case\.
.sp
-If this parameter is set to "false" Samba doesn\'t check permissions on "open
for delete" and allows the open\. If the user doesn\'t have permission to
delete the file this will only be discovered at close time, which is too late
for the Windows user tools to display an error message to the user\. The
symptom of this is files that appear to have been deleted "magically"
re\-appearing on a Windows explorer refersh\. This is an extremely advanced
protocol option which should not need to be changed\. This parameter was
introduced in its final form in 3\.0\.21, an earlier version with slightly
different semantics was introduced in 3\.0\.20\. That older version is not
documented here\.
+If this parameter is set to "false" Samba doesn\'t check permissions on "open
for delete" and allows the open\. If the user doesn\'t have permission to
delete the file this will only be discovered at close time, which is too late
for the Windows user tools to display an error message to the user\. The
symptom of this is files that appear to have been deleted "magically"
re\-appearing on a Windows explorer refresh\. This is an extremely advanced
protocol option which should not need to be changed\. This parameter was
introduced in its final form in 3\.0\.21, an earlier version with slightly
different semantics was introduced in 3\.0\.20\. That older version is not
documented here\.
.sp
Default:
\fI\fIacl check permissions\fR\fR\fI =3D \fR\fITrue\fR\fI \fR
/it's case insensitive nature/s/'//
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.26157 2009-02-12 16:48:28.000000000 -0700
@@ -5,7 +5,7 @@
.\" Manual: File Formats and Conventions
.\" Source: Samba 3.2
.\"
-.TH "SMB\.CONF" "5" "11/20/2008" "Samba 3\.2" "File Formats and Conventions"
+.TH "SMB\.CONF" "5" "02/12/2009" "Samba 3\.2" "File Formats and Conventions"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1560,7 +1560,7 @@
\fBsmbclient\fR(8)
and other samba client tools will attempt to authenticate itself to servers
using the weaker LANMAN password hash\. If disabled, only server which support
NT password hashes (e\.g\. Windows NT/2000, Samba, etc\.\.\. but not Windows
95/98) will be able to be connected from the Samba client\.
.sp
-The LANMAN encrypted response is easily broken, due to it\'s case\-insensitive
nature, and the choice of algorithm\. Clients without Windows 95/98 servers are
advised to disable this option\.
+The LANMAN encrypted response is easily broken, due to its case\-insensitive
nature, and the choice of algorithm\. Clients without Windows 95/98 servers are
advised to disable this option\.
.sp
Disabling this option will also disable the
client plaintext auth
/builting/ s/g//
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.28783 2009-02-12 17:19:02.000000000 -0700
@@ -2586,7 +2586,7 @@
enable asu support (G)
.PP
.RS 4
-Hosts running the "Advanced Server for Unix (ASU)" product require some
special accomodations such as creating a builting [ADMIN$] share that only
supports IPC connections\. The has been the default behavior in smbd for many
years\. However, certain Microsoft applications such as the Print Migrator tool
require that the remote server support an [ADMIN$} file share\. Disabling this
parameter allows for creating an [ADMIN$] file share in smb\.conf\.
+Hosts running the "Advanced Server for Unix (ASU)" product require some
special accomodations such as creating a builtin [ADMIN$] share that only
supports IPC connections\. The has been the default behavior in smbd for many
years\. However, certain Microsoft applications such as the Print Migrator tool
require that the remote server support an [ADMIN$] file share\. Disabling this
parameter allows for creating an [ADMIN$] file share in smb\.conf\.
.sp
Default:
\fI\fIenable asu support\fR\fR\fI = \fR\fIno\fR\fI \fR
add comma, s/a/an/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.29255 2009-02-12 17:22:27.000000000 -0700
@@ -2639,7 +2639,9 @@
.sp
The first enhancement to browse propagation consists of a regular wildcard
query to a Samba WINS server for all Domain Master Browsers, followed by a
browse synchronization with each of the returned DMBs\. The second enhancement
consists of a regular randomised browse synchronization with all currently
known DMBs\.
.sp
-You may wish to disable this option if you have a problem with empty
workgroups not disappearing from browse lists\. Due to the restrictions of the
browse protocols these enhancements can cause a empty workgroup to stay around
forever which can be annoying\.
+You may wish to disable this option if you have a problem with empty
+workgroups not disappearing from browse lists\. Due to the
+restrictions of the browse protocols, these enhancements can cause an empty
workgroup to stay around forever which can be annoying\.
.sp
In general you should leave this option enabled as it makes cross\-subnet
browse propagation much more reliable\.
.sp
add commas
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.5731 2009-02-13 13:15:06.000000000 -0700
@@ -8802,7 +8802,10 @@
usershare prefix allow list (G)
.PP
.RS 4
-This parameter specifies a list of absolute pathnames the root of which are
allowed to be exported by user defined share definitions\. If the pathname
exported doesn\'t start with one of the strings in this list the user defined
share will not be allowed\. This allows the Samba administrator to restrict the
directories on the system that can be exported by user defined shares\.
+This parameter specifies a list of absolute pathnames the root of
+which are allowed to be exported by user defined share definitions\.
+If the pathname to be exported doesn\'t start with one of the strings
+in this list, the user defined share will not be allowed\. This allows the
Samba administrator to restrict the directories on the system that can be
exported by user defined shares\.
.sp
If there is a "usershare prefix deny list" and also a "usershare prefix allow
list" the deny list is processed first, followed by the allow list, thus
leading to the most restrictive interpretation\.
.sp
@@ -8830,7 +8833,8 @@
usershare template share (G)
.PP
.RS 4
-User defined shares only have limited possible parameters such as path, guest
ok etc\. This parameter allows usershares to "cloned" from an existing share\.
If "usershare template share" is set to the name of an existing share, then all
usershares created have their defaults set from the parameters set on this
share\.
+User defined shares only have limited possible parameters such as
+path, guest ok, etc\. This parameter allows usershares to "cloned" from an
existing share\. If "usershare template share" is set to the name of an
existing share, then all usershares created have their defaults set from the
parameters set on this share\.
.sp
The target share may be set to be invalid for real file sharing by setting the
parameter "\-valid = False" on the template share definition\. This causes it
not to be seen as a real exported share but to be able to be used as a template
for usershares\.
.sp
use "its" instead of "of this"
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.5822 2009-02-13 13:18:06.000000000 -0700
@@ -8751,7 +8751,7 @@
.RS 4
This parameter controls whether user defined shares are allowed to be accessed
by non\-authenticated users or not\. It is the equivalent of allowing people
who can create a share the option of setting
\fIguest ok = yes\fR
-in a share definition\. Due to the security sensitive nature of this the
default is set to off\.
+in a share definition\. Due to its security sensitive nature, the default is
off\.
.sp
Default:
\fI\fIusershare allow guests\fR\fR\fI = \fR\fIno\fR\fI \fR
samba-common: s/able //
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.16839 2009-02-13 15:30:46.000000000 -0700
@@ -8516,7 +8516,7 @@
The differentiating factor is that under normal circumstances, the NT/2000
client will attempt to open the network printer using MS\-RPC\. The problem is
that because the client considers the printer to be local, it will attempt to
issue the OpenPrinterEx() call requesting access rights associated with the
logged on user\. If the user possesses local administator rights but not root
privilege on the Samba host (often the case), the OpenPrinterEx() call will
fail\. The result is that the client will now display an "Access Denied; Unable
to connect" message in the printer queue window (even though jobs may
successfully be printed)\.
.sp
If this parameter is enabled for a printer, then any attempt to open the
printer with the PRINTER_ACCESS_ADMINISTER right is mapped to
PRINTER_ACCESS_USE instead\. Thus allowing the OpenPrinterEx() call to succeed\.
-\fIThis parameter MUST not be able enabled on a print share which has valid
print driver installed on the Samba server\.\fR
+\fIThis parameter MUST not be enabled on a print share which has valid print
driver installed on the Samba server\.\fR
.sp
Default:
\fI\fIuse client driver\fR\fR\fI = \fR\fIno\fR\fI \fR
/atabase/s//d&/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.16928 2009-02-13 15:31:37.000000000 -0700
@@ -8486,7 +8486,7 @@
update encrypted (G)
.PP
.RS 4
-This boolean parameter allows a user logging on with a plaintext password to
have their encrypted (hashed) password in the smbpasswd file to be updated
automatically as they log on\. This option allows a site to migrate from
plaintext password authentication (users authenticate with plaintext password
over the wire, and are checked against a UNIX account atabase) to encrypted
password authentication (the SMB challenge/response authentication mechanism)
without forcing all users to re\-enter their passwords via smbpasswd at the
time the change is made\. This is a convenience option to allow the change over
to encrypted passwords to be made over a longer period\. Once all users have
encrypted representations of their passwords in the smbpasswd file this
parameter should be set to
+This boolean parameter allows a user logging on with a plaintext password to
have their encrypted (hashed) password in the smbpasswd file to be updated
automatically as they log on\. This option allows a site to migrate from
plaintext password authentication (users authenticate with plaintext password
over the wire, and are checked against a UNIX account database) to encrypted
password authentication (the SMB challenge/response authentication mechanism)
without forcing all users to re\-enter their passwords via smbpasswd at the
time the change is made\. This is a convenience option to allow the change over
to encrypted passwords to be made over a longer period\. Once all users have
encrypted representations of their passwords in the smbpasswd file this
parameter should be set to
\fBno\fR\.
.sp
In order for this parameter to be operative the
add comma
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.17003 2009-02-13 15:32:54.000000000 -0700
@@ -8499,7 +8499,7 @@
\fIupdate encrypted\fR
to work\.
.sp
-Note that even when this parameter is set a user authenticating to
+Note that even when this parameter is set, a user authenticating to
smbd
must still enter a valid password in order to connect correctly, and to update
their hashed (smbpasswd) passwords\.
.sp
samba-common: /inproved/s/n/m/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.18511 2009-02-13 15:45:37.000000000 -0700
@@ -8305,7 +8305,7 @@
This is an enumerated type that controls the handling of file locking in the
server\. When this is set to
\fByes\fR, the server will check every read and write access for file locks,
and deny access if locks exist\. This can be slow on some systems\.
.sp
-When strict locking is set to Auto (the default), the server performs file
lock checks only on non\-oplocked files\. As most Windows redirectors perform
file locking checks locally on oplocked files this is a good trade off for
inproved performance\.
+When strict locking is set to Auto (the default), the server performs file
lock checks only on non\-oplocked files\. As most Windows redirectors perform
file locking checks locally on oplocked files this is a good trade off for
improved performance\.
.sp
When strict locking is disabled, the server performs file lock checks only
when the client explicitly asks for them\.
.sp
s/to to/.../
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.18985 2009-02-13 15:50:47.000000000 -0700
@@ -1664,7 +1664,8 @@
client signing (G)
.PP
.RS 4
-This controls whether the client offers or requires the server it talks to to
use SMB signing\. Possible values are
+This controls whether the client offers or requires that the server it
+talks to uses SMB signing\. Possible values are
\fIauto\fR,
\fImandatory\fR
and
@@ -6433,7 +6434,7 @@
.RS 4
By specifying the name of another SMB server or Active Directory domain
controller with this option, and using
security = [ads|domain|server]
-it is possible to get Samba to to do all its username/password validation
using a specific remote server\.
+it is possible to get Samba to do all its username/password validation using a
specific remote server\.
.sp
This option sets the name or IP address of the password server to use\. New
syntax has been added to support defining the port to use when connecting to
the server the case of an ADS realm\. To define a port other than the default
LDAP port of 389, add the port number using a colon after the name or IP
address (e\.g\. 192\.168\.1\.100:389)\. If you do not specify a port, Samba
will use the standard LDAP port of tcp/389\. Note that port numbers have no
effect on password servers for Windows NT 4\.0 domains or netbios connections\.
.sp
@@ -7656,7 +7657,8 @@
server signing (G)
.PP
.RS 4
-This controls whether the server offers or requires the client it talks to to
use SMB signing\. Possible values are
+This controls whether the server offers or requires that the client it
+talks to uses SMB signing\. Possible values are
\fIauto\fR,
\fImandatory\fR
and
@@ -8038,7 +8040,8 @@
.RS 4
This is a new feature introduced with Samba 3\.2 and above\. It is an
extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions\.
SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt and sign
every request/response in a SMB protocol stream\. When enabled it provides a
secure method of SMB/CIFS communication, similar to an ssh protected session,
but using SMB/CIFS authentication to negotiate encryption and signing keys\.
Currently this is only supported by Samba 3\.2 smbclient, and hopefully soon
Linux CIFSFS and MacOS/X clients\. Windows clients do not support this feature\.
.sp
-This controls whether the server offers or requires the client it talks to to
use SMB encryption\. Possible values are
+This controls whether the server offers or requires that the client it
+talks to uses SMB encryption\. Possible values are
\fIauto\fR,
\fImandatory\fR
and
s/no/&,/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.19454 2009-02-13 15:58:01.000000000 -0700
@@ -7640,8 +7640,7 @@
\fIserver schannel = yes\fR
denies access if the client is not able to speak netlogon schannel\. This is
only the case for Windows NT4 before SP4\.
.sp
-Please note that with this set to
-no
+Please note that with this set to no,
you will have to apply the WindowsXP
\fIWinXP_SignOrSeal\.reg\fR
registry patch found in the docs/registry subdirectory of the Samba
distribution tarball\.
/guestparameter/s/p/ &/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.20083 2009-02-13 16:02:54.000000000 -0700
@@ -7389,7 +7389,7 @@
security = share
if you want to mainly setup shares without a password (guest shares)\. This is
commonly used for a shared printer server\. It is more difficult to setup guest
shares with
security = user, see the
-\fImap to guest\fRparameter for details\.
+\fImap to guest\fR parameter for details.
.sp
It is possible to use
smbd
add comma
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.20158 2009-02-13 16:04:01.000000000 -0700
@@ -7402,7 +7402,7 @@
.sp
\fISECURITY = SHARE\fR
.sp
-When clients connect to a share level security server they need not log onto
the server with a valid username and password before attempting to connect to a
shared resource (although modern clients such as Windows 95/98 and Windows NT
will send a logon request with a username but no password when talking to a
+When clients connect to a share level security server, they need not log onto
the server with a valid username and password before attempting to connect to a
shared resource (although modern clients such as Windows 95/98 and Windows NT
will send a logon request with a username but no password when talking to a
security = share
server)\. Instead, the clients send authentication information (passwords) on
a per\-share basis, at the time they attempt to connect to that share\.
.sp
add comma
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.21053 2009-02-13 16:11:27.000000000 -0700
@@ -7546,7 +7546,7 @@
that a valid UNIX user must still exist as well as the account on the Domain
Controller to allow Samba to have a valid UNIX account to map file access to\.
.sp
\fINote\fR
-that from the client\'s point of view
+that from the client\'s point of view,
security = domain
is the same as
security = user\. It only affects how the server deals with the
authentication, it does not in any way affect what the client sees\.
/smbd(8)/s//& /
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.22940 2009-02-13 16:32:05.000000000 -0700
@@ -7141,7 +7141,7 @@
.PP
.RS 4
This option allows you to setup
-\fBnmbd\fR(8)to periodically announce itself to arbitrary IP addresses with an
arbitrary workgroup name\.
+\fBnmbd\fR(8) to periodically announce itself to arbitrary IP addresses with
an arbitrary workgroup name\.
.sp
This is useful if you want your Samba server to appear in a remote workgroup
for which the normal browse propagation rules don\'t work\. The remote
workgroup can be anywhere that you can send IP packets to\.
.sp
add comma
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.23031 2009-02-13 16:33:18.000000000 -0700
@@ -7155,9 +7155,10 @@
.sp
the above line would cause
nmbd
-to announce itself to the two given IP addresses using the given workgroup
names\. If you leave out the workgroup name then the one given in the
+to announce itself to the two given IP addresses using the given
+workgroup names\. If you leave out the workgroup name, then the one given in
the
\fIworkgroup\fR
-parameter is used instead\.
+parameter is used instead.
.sp
The IP addresses you choose would normally be the broadcast addresses of the
remote networks, but can also be the IP addresses of known browse masters if
your network config is that stable\.
.sp
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
