diff options
Diffstat (limited to 'docs-xml')
| -rw-r--r-- | docs-xml/smbdotconf/security/hostsallow.xml | 7 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/security/invalidusers.xml | 15 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/security/usernamemap.xml | 5 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/security/validusers.xml | 7 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/winbind/winbindseparator.xml | 4 |
5 files changed, 31 insertions, 7 deletions
diff --git a/docs-xml/smbdotconf/security/hostsallow.xml b/docs-xml/smbdotconf/security/hostsallow.xml index a052e7f79cd..8b4b62268a3 100644 --- a/docs-xml/smbdotconf/security/hostsallow.xml +++ b/docs-xml/smbdotconf/security/hostsallow.xml @@ -41,6 +41,13 @@ <para><command moreinfo="none">hosts allow = lapland, arvidsjaur</command></para> + <para>Example 4: allow only hosts in NIS netgroup "foonet", but + deny access from one particular host</para> + + <para><command moreinfo="none">hosts allow = @foonet</command></para> + + <para><command moreinfo="none">hosts deny = pirate</command></para> + <note><para>Note that access still requires suitable user-level passwords.</para></note> <para>See <citerefentry><refentrytitle>testparm</refentrytitle> diff --git a/docs-xml/smbdotconf/security/invalidusers.xml b/docs-xml/smbdotconf/security/invalidusers.xml index 268cdfad560..b2fb2b9d293 100644 --- a/docs-xml/smbdotconf/security/invalidusers.xml +++ b/docs-xml/smbdotconf/security/invalidusers.xml @@ -7,8 +7,21 @@ to login to this service. This is really a <emphasis>paranoid</emphasis> check to absolutely ensure an improper setting does not breach your security.</para> + + <para>A name starting with a '@' is interpreted as an NIS + netgroup first (if your system supports NIS), and then as a UNIX + group if the name was not found in the NIS netgroup database.</para> - <para>A name starting with a '@' is interpreted UNIX group.</para> + <para>A name starting with '+' is interpreted only + by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with + '&' is interpreted only by looking in the NIS netgroup database + (this requires NIS to be working on your system). The characters + '+' and '&' may be used at the start of the name in either order + so the value <parameter moreinfo="none">+&group</parameter> means check the + UNIX group database, followed by the NIS netgroup database, and + the value <parameter moreinfo="none">&+group</parameter> means check the NIS + netgroup database, followed by the UNIX group database (the + same as the '@' prefix).</para> <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. This is useful in the [homes] section.</para> diff --git a/docs-xml/smbdotconf/security/usernamemap.xml b/docs-xml/smbdotconf/security/usernamemap.xml index eab72bb8672..809a54c1e2f 100644 --- a/docs-xml/smbdotconf/security/usernamemap.xml +++ b/docs-xml/smbdotconf/security/usernamemap.xml @@ -59,6 +59,11 @@ <para> + If your system supports the NIS NETGROUP option then the netgroup database is checked before the <filename + moreinfo="none">/etc/group </filename> database for matching groups. + </para> + + <para> You can map Windows usernames that have spaces in them by using double quotes around the name. For example: <programlisting> <command moreinfo="none">tridge = "Andrew Tridgell"</command> diff --git a/docs-xml/smbdotconf/security/validusers.xml b/docs-xml/smbdotconf/security/validusers.xml index 6b0bacfd78a..0b681a1fef5 100644 --- a/docs-xml/smbdotconf/security/validusers.xml +++ b/docs-xml/smbdotconf/security/validusers.xml @@ -4,10 +4,9 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - This is a list of users that should be allowed to login to this service. - Names starting with an '@' are interpreted using the same rules as - described in the - <parameter moreinfo="none">invalid users</parameter> parameter. + This is a list of users that should be allowed to login to this service. Names starting with + '@', '+' and '&' are interpreted using the same rules as described in the + <parameter moreinfo="none">invalid users</parameter> parameter. </para> <para> diff --git a/docs-xml/smbdotconf/winbind/winbindseparator.xml b/docs-xml/smbdotconf/winbind/winbindseparator.xml index 9be46109cd6..eda14f4e03a 100644 --- a/docs-xml/smbdotconf/winbind/winbindseparator.xml +++ b/docs-xml/smbdotconf/winbind/winbindseparator.xml @@ -10,9 +10,9 @@ and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services. </para> - <para>Please note that setting this parameter to + can cause problems + <para>Please note that setting this parameter to + causes problems with group membership at least on glibc systems, as the character + - was used as a special character for NIS in /etc/group.</para> + is used as a special character for NIS in /etc/group.</para> </description> <value type="default">\</value> |