[Pkg-samba-maint] Bug#516047: samba-common: minor small fixes, smb.conf

Thu Feb 19 00:21:09 UTC 2009

Package: samba-common
Version: 2:3.2.5-4
Severity: minor
File: /usr/share/man/man5/smb.conf.5.gz
Index:
	s/refersh/refresh/
	/it's case insensitive nature/s/'//
	/builting/ s/g//
	add comma, s/a/an/
	add commas
	use "its" instead of "of this"
	samba-common: s/able //
	/atabase/s//d&/
	add comma
	samba-common: /inproved/s/n/m/
	s/to to/.../
	s/no/&,/
	/guestparameter/s/p/ &/
	add comma
	add comma
	/smbd(8)/s//& /
	add comma

s/refersh/refresh/

--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.24748	2009-02-12 16:30:27.000000000 -0700
@@ -636,7 +636,7 @@
 This boolean parameter controls what
 \fBsmbd\fR(8)does on receiving a protocol request of "open for delete" from a Windows client\. If a Windows client doesn\'t have permissions to delete a file then they expect this to be denied at open time\. POSIX systems normally only detect restrictions on delete by actually attempting to delete the file or directory\. As Windows clients can (and do) "back out" a delete request by unsetting the "delete on close" bit Samba cannot delete the file immediately on "open for delete" request as we cannot restore such a deleted file\. With this parameter set to true (the default) then smbd checks the file system permissions directly on "open for delete" and denies the request without actually deleting the file if the file system permissions would seem to deny it\. This is not perfect, as it\'s possible a user could have deleted a file without Samba being able to check the permissions correctly, but it is close enough to Windows semantics for mostly correct behaviour\. Samba will correctly check POSIX ACL semantics in this case\.
 .sp
-If this parameter is set to "false" Samba doesn\'t check permissions on "open for delete" and allows the open\. If the user doesn\'t have permission to delete the file this will only be discovered at close time, which is too late for the Windows user tools to display an error message to the user\.  The symptom of this is files that appear to have been deleted "magically" re\-appearing on a Windows explorer refersh\. This is an extremely advanced protocol option which should not need to be changed\. This parameter was introduced in its final form in 3\.0\.21, an earlier version with slightly different semantics was introduced in 3\.0\.20\. That older version is not documented here\.
+If this parameter is set to "false" Samba doesn\'t check permissions on "open for delete" and allows the open\. If the user doesn\'t have permission to delete the file this will only be discovered at close time, which is too late for the Windows user tools to display an error message to the user\.  The symptom of this is files that appear to have been deleted "magically" re\-appearing on a Windows explorer refresh\. This is an extremely advanced protocol option which should not need to be changed\. This parameter was introduced in its final form in 3\.0\.21, an earlier version with slightly different semantics was introduced in 3\.0\.20\. That older version is not documented here\.
 .sp
 Default:
 \fI\fIacl check permissions\fR\fR\fI =3D \fR\fITrue\fR\fI \fR

/it's case insensitive nature/s/'//
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.26157	2009-02-12 16:48:28.000000000 -0700
@@ -5,7 +5,7 @@
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.2
 .\"
-.TH "SMB\.CONF" "5" "11/20/2008" "Samba 3\.2" "File Formats and Conventions"
+.TH "SMB\.CONF" "5" "02/12/2009" "Samba 3\.2" "File Formats and Conventions"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -1560,7 +1560,7 @@
 \fBsmbclient\fR(8)
 and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash\. If disabled, only server which support NT password hashes (e\.g\. Windows NT/2000, Samba, etc\.\.\. but not Windows 95/98) will be able to be connected from the Samba client\.
 .sp
-The LANMAN encrypted response is easily broken, due to it\'s case\-insensitive nature, and the choice of algorithm\. Clients without Windows 95/98 servers are advised to disable this option\.
+The LANMAN encrypted response is easily broken, due to its case\-insensitive nature, and the choice of algorithm\. Clients without Windows 95/98 servers are advised to disable this option\.
 .sp
 Disabling this option will also disable the
 client plaintext auth

/builting/ s/g//
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.28783	2009-02-12 17:19:02.000000000 -0700
@@ -2586,7 +2586,7 @@
 enable asu support (G)
 .PP
 .RS 4
-Hosts running the "Advanced Server for Unix (ASU)" product require some special accomodations such as creating a builting [ADMIN$] share that only supports IPC connections\. The has been the default behavior in smbd for many years\. However, certain Microsoft applications such as the Print Migrator tool require that the remote server support an [ADMIN$} file share\. Disabling this parameter allows for creating an [ADMIN$] file share in smb\.conf\.
+Hosts running the "Advanced Server for Unix (ASU)" product require some special accomodations such as creating a builtin [ADMIN$] share that only supports IPC connections\. The has been the default behavior in smbd for many years\. However, certain Microsoft applications such as the Print Migrator tool require that the remote server support an [ADMIN$] file share\. Disabling this parameter allows for creating an [ADMIN$] file share in smb\.conf\.
 .sp
 Default:
 \fI\fIenable asu support\fR\fR\fI = \fR\fIno\fR\fI \fR


add comma, s/a/an/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.29255	2009-02-12 17:22:27.000000000 -0700
@@ -2639,7 +2639,9 @@
 .sp
 The first enhancement to browse propagation consists of a regular wildcard query to a Samba WINS server for all Domain Master Browsers, followed by a browse synchronization with each of the returned DMBs\. The second enhancement consists of a regular randomised browse synchronization with all currently known DMBs\.
 .sp
-You may wish to disable this option if you have a problem with empty workgroups not disappearing from browse lists\. Due to the restrictions of the browse protocols these enhancements can cause a empty workgroup to stay around forever which can be annoying\.
+You may wish to disable this option if you have a problem with empty
+workgroups not disappearing from browse lists\. Due to the
+restrictions of the browse protocols, these enhancements can cause an empty workgroup to stay around forever which can be annoying\.
 .sp
 In general you should leave this option enabled as it makes cross\-subnet browse propagation much more reliable\.
 .sp

add commas
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.5731	2009-02-13 13:15:06.000000000 -0700
@@ -8802,7 +8802,10 @@
 usershare prefix allow list (G)
 .PP
 .RS 4
-This parameter specifies a list of absolute pathnames the root of which are allowed to be exported by user defined share definitions\. If the pathname exported doesn\'t start with one of the strings in this list the user defined share will not be allowed\. This allows the Samba administrator to restrict the directories on the system that can be exported by user defined shares\.
+This parameter specifies a list of absolute pathnames the root of
+which are allowed to be exported by user defined share definitions\.
+If the pathname to be exported doesn\'t start with one of the strings
+in this list, the user defined share will not be allowed\. This allows the Samba administrator to restrict the directories on the system that can be exported by user defined shares\.
 .sp
 If there is a "usershare prefix deny list" and also a "usershare prefix allow list" the deny list is processed first, followed by the allow list, thus leading to the most restrictive interpretation\.
 .sp
@@ -8830,7 +8833,8 @@
 usershare template share (G)
 .PP
 .RS 4
-User defined shares only have limited possible parameters such as path, guest ok etc\. This parameter allows usershares to "cloned" from an existing share\. If "usershare template share" is set to the name of an existing share, then all usershares created have their defaults set from the parameters set on this share\.
+User defined shares only have limited possible parameters such as
+path, guest ok, etc\. This parameter allows usershares to "cloned" from an existing share\. If "usershare template share" is set to the name of an existing share, then all usershares created have their defaults set from the parameters set on this share\.
 .sp
 The target share may be set to be invalid for real file sharing by setting the parameter "\-valid = False" on the template share definition\. This causes it not to be seen as a real exported share but to be able to be used as a template for usershares\.
 .sp

use "its" instead of "of this"
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.5822	2009-02-13 13:18:06.000000000 -0700
@@ -8751,7 +8751,7 @@
 .RS 4
 This parameter controls whether user defined shares are allowed to be accessed by non\-authenticated users or not\. It is the equivalent of allowing people who can create a share the option of setting
 \fIguest ok = yes\fR
-in a share definition\. Due to the security sensitive nature of this the default is set to off\.
+in a share definition\. Due to its security sensitive nature, the default is off\.
 .sp
 Default:
 \fI\fIusershare allow guests\fR\fR\fI = \fR\fIno\fR\fI \fR


samba-common: s/able //
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.16839	2009-02-13 15:30:46.000000000 -0700
@@ -8516,7 +8516,7 @@
 The differentiating factor is that under normal circumstances, the NT/2000 client will attempt to open the network printer using MS\-RPC\. The problem is that because the client considers the printer to be local, it will attempt to issue the OpenPrinterEx() call requesting access rights associated with the logged on user\. If the user possesses local administator rights but not root privilege on the Samba host (often the case), the OpenPrinterEx() call will fail\. The result is that the client will now display an "Access Denied; Unable to connect" message in the printer queue window (even though jobs may successfully be printed)\.
 .sp
 If this parameter is enabled for a printer, then any attempt to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped to PRINTER_ACCESS_USE instead\. Thus allowing the OpenPrinterEx() call to succeed\.
-\fIThis parameter MUST not be able enabled on a print share which has valid print driver installed on the Samba server\.\fR
+\fIThis parameter MUST not be enabled on a print share which has valid print driver installed on the Samba server\.\fR
 .sp
 Default:
 \fI\fIuse client driver\fR\fR\fI = \fR\fIno\fR\fI \fR

/atabase/s//d&/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.16928	2009-02-13 15:31:37.000000000 -0700
@@ -8486,7 +8486,7 @@
 update encrypted (G)
 .PP
 .RS 4
-This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as they log on\. This option allows a site to migrate from plaintext password authentication (users authenticate with plaintext password over the wire, and are checked against a UNIX account atabase) to encrypted password authentication (the SMB challenge/response authentication mechanism) without forcing all users to re\-enter their passwords via smbpasswd at the time the change is made\. This is a convenience option to allow the change over to encrypted passwords to be made over a longer period\. Once all users have encrypted representations of their passwords in the smbpasswd file this parameter should be set to
+This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as they log on\. This option allows a site to migrate from plaintext password authentication (users authenticate with plaintext password over the wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB challenge/response authentication mechanism) without forcing all users to re\-enter their passwords via smbpasswd at the time the change is made\. This is a convenience option to allow the change over to encrypted passwords to be made over a longer period\. Once all users have encrypted representations of their passwords in the smbpasswd file this parameter should be set to
 \fBno\fR\.
 .sp
 In order for this parameter to be operative the

add comma
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.17003	2009-02-13 15:32:54.000000000 -0700
@@ -8499,7 +8499,7 @@
 \fIupdate encrypted\fR
 to work\.
 .sp
-Note that even when this parameter is set a user authenticating to
+Note that even when this parameter is set, a user authenticating to
 smbd
 must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) passwords\.
 .sp

samba-common: /inproved/s/n/m/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.18511	2009-02-13 15:45:37.000000000 -0700
@@ -8305,7 +8305,7 @@
 This is an enumerated type that controls the handling of file locking in the server\. When this is set to
 \fByes\fR, the server will check every read and write access for file locks, and deny access if locks exist\. This can be slow on some systems\.
 .sp
-When strict locking is set to Auto (the default), the server performs file lock checks only on non\-oplocked files\. As most Windows redirectors perform file locking checks locally on oplocked files this is a good trade off for inproved performance\.
+When strict locking is set to Auto (the default), the server performs file lock checks only on non\-oplocked files\. As most Windows redirectors perform file locking checks locally on oplocked files this is a good trade off for improved performance\.
 .sp
 When strict locking is disabled, the server performs file lock checks only when the client explicitly asks for them\.
 .sp

s/to to/.../
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.18985	2009-02-13 15:50:47.000000000 -0700
@@ -1664,7 +1664,8 @@
 client signing (G)
 .PP
 .RS 4
-This controls whether the client offers or requires the server it talks to to use SMB signing\. Possible values are
+This controls whether the client offers or requires that the server it
+talks to uses SMB signing\. Possible values are
 \fIauto\fR,
 \fImandatory\fR
 and
@@ -6433,7 +6434,7 @@
 .RS 4
 By specifying the name of another SMB server or Active Directory domain controller with this option, and using
 security = [ads|domain|server]
-it is possible to get Samba to to do all its username/password validation using a specific remote server\.
+it is possible to get Samba to do all its username/password validation using a specific remote server\.
 .sp
 This option sets the name or IP address of the password server to use\. New syntax has been added to support defining the port to use when connecting to the server the case of an ADS realm\. To define a port other than the default LDAP port of 389, add the port number using a colon after the name or IP address (e\.g\. 192\.168\.1\.100:389)\. If you do not specify a port, Samba will use the standard LDAP port of tcp/389\. Note that port numbers have no effect on password servers for Windows NT 4\.0 domains or netbios connections\.
 .sp
@@ -7656,7 +7657,8 @@
 server signing (G)
 .PP
 .RS 4
-This controls whether the server offers or requires the client it talks to to use SMB signing\. Possible values are
+This controls whether the server offers or requires that the client it
+talks to uses SMB signing\. Possible values are
 \fIauto\fR,
 \fImandatory\fR
 and
@@ -8038,7 +8040,8 @@
 .RS 4
 This is a new feature introduced with Samba 3\.2 and above\. It is an extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions\. SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt and sign every request/response in a SMB protocol stream\. When enabled it provides a secure method of SMB/CIFS communication, similar to an ssh protected session, but using SMB/CIFS authentication to negotiate encryption and signing keys\. Currently this is only supported by Samba 3\.2 smbclient, and hopefully soon Linux CIFSFS and MacOS/X clients\. Windows clients do not support this feature\.
 .sp
-This controls whether the server offers or requires the client it talks to to use SMB encryption\. Possible values are
+This controls whether the server offers or requires that the client it
+talks to uses SMB encryption\. Possible values are
 \fIauto\fR,
 \fImandatory\fR
 and

s/no/&,/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.19454	2009-02-13 15:58:01.000000000 -0700
@@ -7640,8 +7640,7 @@
 \fIserver schannel = yes\fR
 denies access if the client is not able to speak netlogon schannel\. This is only the case for Windows NT4 before SP4\.
 .sp
-Please note that with this set to
-no
+Please note that with this set to no,
 you will have to apply the WindowsXP
 \fIWinXP_SignOrSeal\.reg\fR
 registry patch found in the docs/registry subdirectory of the Samba distribution tarball\.

/guestparameter/s/p/ &/
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.20083	2009-02-13 16:02:54.000000000 -0700
@@ -7389,7 +7389,7 @@
 security = share
 if you want to mainly setup shares without a password (guest shares)\. This is commonly used for a shared printer server\. It is more difficult to setup guest shares with
 security = user, see the
-\fImap to guest\fRparameter for details\.
+\fImap to guest\fR parameter for details.
 .sp
 It is possible to use
 smbd

add comma
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.20158	2009-02-13 16:04:01.000000000 -0700
@@ -7402,7 +7402,7 @@
 .sp
 \fISECURITY = SHARE\fR
 .sp
-When clients connect to a share level security server they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a
+When clients connect to a share level security server, they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a
 security = share
 server)\. Instead, the clients send authentication information (passwords) on a per\-share basis, at the time they attempt to connect to that share\.
 .sp

add comma
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.21053	2009-02-13 16:11:27.000000000 -0700
@@ -7546,7 +7546,7 @@
 that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to\.
 .sp
 \fINote\fR
-that from the client\'s point of view
+that from the client\'s point of view,
 security = domain
 is the same as
 security = user\. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\.

/smbd(8)/s//& /
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.22940	2009-02-13 16:32:05.000000000 -0700
@@ -7141,7 +7141,7 @@
 .PP
 .RS 4
 This option allows you to setup
-\fBnmbd\fR(8)to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name\.
+\fBnmbd\fR(8) to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name\.
 .sp
 This is useful if you want your Samba server to appear in a remote workgroup for which the normal browse propagation rules don\'t work\. The remote workgroup can be anywhere that you can send IP packets to\.
 .sp

add comma
--- /usr/share/man/man5/smb.conf.5.gz
+++ /tmp/smbconf.5.gz.23031	2009-02-13 16:33:18.000000000 -0700
@@ -7155,9 +7155,10 @@
 .sp
 the above line would cause
 nmbd
-to announce itself to the two given IP addresses using the given workgroup names\. If you leave out the workgroup name then the one given in the
+to announce itself to the two given IP addresses using the given
+workgroup names\. If you leave out the workgroup name, then the one given in the
 \fIworkgroup\fR
-parameter is used instead\.
+parameter is used instead.
 .sp
 The IP addresses you choose would normally be the broadcast addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable\.
 .sp



