summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/manpages/lmhosts.593
-rw-r--r--docs/manpages/smbpasswd.5210
2 files changed, 303 insertions, 0 deletions
diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5
new file mode 100644
index 00000000000..cbdb4e55d28
--- /dev/null
+++ b/docs/manpages/lmhosts.5
@@ -0,0 +1,93 @@
+.TH "lmhosts" "5" "23 Oct 1998" "Samba" "SAMBA"
+.PP
+.SH "NAME"
+lmhosts \- The Samba NetBIOS hosts file
+.PP
+.SH "SYNOPSIS"
+.PP
+lmhosts is the \fBSamba\fP NetBIOS name to IP address mapping file\&.
+.PP
+.SH "DESCRIPTION"
+.PP
+This file is part of the \fBSamba\fP suite\&.
+.PP
+lmhosts is the \fBSamba\fP NetBIOS name to IP address mapping file\&. It
+is very similar to the \fB/etc/hosts\fP file format, except that the
+hostname component must correspond to the NetBIOS naming format\&.
+.PP
+.SH "FILE FORMAT"
+.PP
+It is an ASCII file containing one line for NetBIOS name\&. The two
+fields on each line are separated from each other by white space\&. Any
+entry beginning with # is ignored\&. Each line in the lmhosts file
+contains the following information :
+.PP
+.IP
+.IP o
+\fBIP Address\fP - in dotted decimal format\&.
+.IP
+.IP o
+\fBNetBIOS Name\fP - This name format is a maximum fifteen
+character host name, with an optional trailing \f(CW\'#\'\fP character
+followed by the NetBIOS name type as two hexadecimal digits\&.
+.IP
+If the trailing \f(CW\'#\'\fP is omitted then the given IP address will be
+returned for all names that match the given name, whatever the NetBIOS
+name type in the lookup\&.
+.IP
+.PP
+An example follows :
+.PP
+
+.DS
+
+
+
+#
+# Sample Samba lmhosts file\&.
+#
+192\&.9\&.200\&.1 TESTPC
+192\&.9\&.200\&.20 NTSERVER#20
+192\&.9\&.200\&.21 SAMBASERVER
+
+.DE
+
+
+.PP
+Contains three IP to NetBIOS name mappings\&. The first and third will
+be returned for any queries for the names \f(CW"TESTPC"\fP and
+\f(CW"SAMBASERVER"\fP respectively, whatever the type component of the
+NetBIOS name requested\&.
+.PP
+The second mapping will be returned only when the \f(CW"0x20"\fP name type
+for a name \f(CW"NTSERVER"\fP is queried\&. Any other name type will not be
+resolved\&.
+.PP
+The default location of the \fBlmhosts\fP file is in the same directory
+as the \fBsmb\&.conf\fP file\&.
+.PP
+.SH "VERSION"
+.PP
+This man page is correct for version 2\&.0 of the Samba suite\&.
+.PP
+.SH "SEE ALSO"
+.PP
+\fBsmb\&.conf (5)\fP,
+\fBsmbclient (1)\fP,
+\fBsmbpasswd (8)\fP, \fBsamba (7)\fP\&.
+.PP
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities were created by
+Andrew Tridgell (samba-bugs@samba\&.anu\&.edu\&.au)\&. Samba is now developed
+by the Samba Team as an Open Source project similar to the way the
+Linux kernel is developed\&.
+.PP
+The original Samba man pages were written by Karl Auer\&. The man page
+sources were converted to YODL format (another excellent piece of Open
+Source software) and updated for the Samba2\&.0 release by Jeremy
+Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&.
+.PP
+See \fBsamba (7)\fP to find out how to get a full
+list of contributors and details on how to submit bug reports,
+comments etc\&.
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
new file mode 100644
index 00000000000..88e37457119
--- /dev/null
+++ b/docs/manpages/smbpasswd.5
@@ -0,0 +1,210 @@
+.TH "smbpasswd" "5" "23 Oct 1998" "Samba" "SAMBA"
+.PP
+.SH "NAME"
+smbpasswd \- The Samba encrypted password file
+.PP
+.SH "SYNOPSIS"
+.PP
+smbpasswd is the \fBSamba\fP encrypted password file\&.
+.PP
+.SH "DESCRIPTION"
+.PP
+This file is part of the \fBSamba\fP suite\&.
+.PP
+smbpasswd is the \fBSamba\fP encrypted password file\&. It contains
+the username, unix user id and the SMB hashed passwords of the
+user, as well as account flag information and the time the password
+was last changed\&. This file format has been evolving with Samba
+and has had several different formats in the past\&.
+.PP
+.SH "FILE FORMAT"
+.PP
+The format of the smbpasswd file used by Samba 2\&.0 is very similar to
+the familiar unix \fBpasswd (5)\fP file\&. It is an ASCII file containing
+one line for each user\&. Each field within each line is separated from
+the next by a colon\&. Any entry beginning with # is ignored\&. The
+smbpasswd file contains the following information for each user:
+.PP
+.IP
+.IP "\fBname\fP"
+.br
+.br
+.IP
+This is the user name\&. It must be a name that already exists
+in the standard UNIX passwd file\&.
+.IP
+.IP "\fBuid\fP"
+.br
+.br
+.IP
+This is the UNIX uid\&. It must match the uid field for the same
+user entry in the standard UNIX passwd file\&.
+.IP
+.IP "\fBLanman Password Hash\fP"
+.br
+.br
+.IP
+This is the \fILANMAN\fP hash of the users password, encoded as 32 hex
+digits\&. The \fILANMAN\fP hash is created by DES encrypting a well known
+string with the users password as the DES key\&. This is the same
+password used by Windows 95/98 machines\&. Note that this password hash
+is regarded as weak as it is vulnerable to dictionary attacks and if
+two users choose the same password this entry will be identical (ie\&.
+the password is not \fI"salted"\fP as the UNIX password is)\&. If the
+user has a null password this field will contain the characters
+\f(CW"NO PASSWORD"\fP as the start of the hex string\&. If the hex string
+is equal to 32 \f(CW\'X\'\fP characters then the users account is marked as
+\fIdisabled\fP and the user will not be able to log onto the Samba
+server\&.
+.IP
+\fIWARNING !!\fP\&. Note that, due to the challenge-response nature of the
+SMB/CIFS authentication protocol, anyone with a knowledge of this
+password hash will be able to impersonate the user of the network\&.
+For this reason these hashes are known as \fI"plain text equivalent"\fP
+and must \fINOT\fP be made available to anyone but the root user\&. To
+protect these passwords the \fBsmbpasswd\fP file is placed in a
+directory with read and traverse access only to the root user and the
+\fBsmbpasswd\fP file itself must be set to be read/write only by root,
+with no other access\&.
+.IP
+.IP "\fBNT Password Hash\fP"
+.br
+.br
+.IP
+This is the \fIWindows NT\fP hash of the users password, encoded as 32
+hex digits\&. The \fIWindows NT\fP hash is created by taking the users
+password as represented in 16-bit, little-endian UNICODE and then
+applying the \fIMD4\fP (internet rfc1321) hashing algorithm to it\&.
+.IP
+This password hash is considered more secure than the \fBLanman
+Password Hash\fP as it preserves the case of the
+password and uses a much higher quality hashing algorithm\&. However, it
+is still the case that if two users choose the same password this
+entry will be identical (ie\&. the password is not \fI"salted"\fP as the
+UNIX password is)\&.
+.IP
+\fIWARNING !!\fP\&. Note that, due to the challenge-response nature of the
+SMB/CIFS authentication protocol, anyone with a knowledge of this
+password hash will be able to impersonate the user of the network\&.
+For this reason these hashes are known as \fI"plain text equivalent"\fP
+and must \fINOT\fP be made available to anyone but the root user\&. To
+protect these passwords the \fBsmbpasswd\fP file is placed in a
+directory with read and traverse access only to the root user and the
+\fBsmbpasswd\fP file itself must be set to be read/write only by root,
+with no other access\&.
+.IP
+.IP "\fBAccount Flags\fP"
+.br
+.br
+.IP
+This section contains flags that describe the attributes of the users
+account\&. In the \fBSamba2\&.0\fP release this field is bracketed by \f(CW\'[\'\fP
+and \f(CW\']\'\fP characters and is always 13 characters in length (including
+the \f(CW\'[\'\fP and \f(CW\']\'\fP characters)\&. The contents of this field may be
+any of the characters\&.
+.IP
+.IP
+.IP o
+\fB\'U\'\fP This means this is a \fI"User"\fP account, ie\&. an ordinary
+user\&. Only \fBUser\fP and \fBWorskstation Trust\fP accounts are
+currently supported in the \fBsmbpasswd\fP file\&.
+.IP
+.IP o
+\fB\'N\'\fP This means the account has \fIno\fP password (the passwords
+in the fields \fBLanman Password Hash\fP and
+\fBNT Password Hash\fP are ignored)\&. Note that this
+will only allow users to log on with no password if the
+\fBnull passwords\fP parameter is set
+in the \fBsmb\&.conf (5)\fP config file\&.
+.IP
+.IP o
+\fB\'D\'\fP This means the account is diabled and no SMB/CIFS logins
+will be allowed for this user\&.
+.IP
+.IP o
+\fB\'W\'\fP This means this account is a \fI"Workstation Trust"\fP account\&.
+This kind of account is used in the Samba PDC code stream to allow Windows
+NT Workstations and Servers to join a Domain hosted by a Samba PDC\&.
+.IP
+.IP
+Other flags may be added as the code is extended in future\&. The rest of
+this field space is filled in with spaces\&.
+.IP
+.IP "\fBLast Change Time\fP"
+.br
+.br
+.IP
+This field consists of the time the account was last modified\&. It consists of
+the characters \f(CWLCT-\fP (standing for \fI"Last Change Time"\fP) followed by a numeric
+encoding of the UNIX time in seconds since the epoch (1970) that the last change
+was made\&.
+.IP
+.IP "\fBFollowing fields\fP"
+.br
+.br
+.IP
+All other colon separated fields are ignored at this time\&.
+.IP
+.PP
+.SH "NOTES"
+.PP
+In previous versions of Samba (notably the 1\&.9\&.18 series) this file
+did not contain the \fBAccount Flags\fP or
+\fBLast Change Time\fP fields\&. The Samba 2\&.0
+code will read and write these older password files but will not be able to
+modify the old entries to add the new fields\&. New entries added with
+\fBsmbpasswd (8)\fP will contain the new fields
+in the added accounts however\&. Thus an older \fBsmbpasswd\fP file used
+with Samba 2\&.0 may end up with some accounts containing the new fields
+and some not\&.
+.PP
+In order to convert from an old-style \fBsmbpasswd\fP file to a new
+style, run the script \fBconvert_smbpasswd\fP, installed in the
+Samba \f(CWbin/\fP directory (the same place that the \fBsmbd\fP
+and \fBnmbd\fP binaries are installed) as follows:
+.PP
+
+.DS
+
+
+
+ cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file
+
+
+.DE
+
+
+.PP
+The \fBconvert_smbpasswd\fP script reads from stdin and writes to stdout
+so as not to overwrite any files by accident\&.
+.PP
+Once this script has been run, check the contents of the new smbpasswd
+file to ensure that it has not been damaged by the conversion script
+(which uses \fBawk\fP), and then replace the \f(CW<old smbpasswd file>\fP
+with the \f(CW<new smbpasswd file>\fP\&.
+.PP
+.SH "VERSION"
+.PP
+This man page is correct for version 2\&.0 of the Samba suite\&.
+.PP
+.SH "SEE ALSO"
+.PP
+\fBsmbpasswd (8)\fP, \fBsamba
+(7)\fP, and the Internet RFC1321 for details on the MD4
+algorithm\&.
+.PP
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities were created by
+Andrew Tridgell (samba-bugs@samba\&.anu\&.edu\&.au)\&. Samba is now developed
+by the Samba Team as an Open Source project similar to the way the
+Linux kernel is developed\&.
+.PP
+The original Samba man pages were written by Karl Auer\&. The man page
+sources were converted to YODL format (another excellent piece of Open
+Source software) and updated for the Samba2\&.0 release by Jeremy
+Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&.
+.PP
+See \fBsamba (7)\fP to find out how to get a full
+list of contributors and details on how to submit bug reports,
+comments etc\&.