diff options
Diffstat (limited to 'docs-xml/smbdotconf/domain')
| -rw-r--r-- | docs-xml/smbdotconf/domain/allowdnsupdates.xml | 19 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/dnsforwarder.xml | 21 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/dnsupdatecommand.xml | 14 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/dnszonescavenging.xml | 23 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/dnszonetransferclientsallow.xml | 26 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/dnszonetransferclientsdeny.xml | 26 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/gpoupdatecommand.xml | 17 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/machinepasswordtimeout.xml | 25 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/nsupdatecommand.xml | 12 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/domain/spnupdatecommand.xml | 13 |
10 files changed, 196 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/domain/allowdnsupdates.xml b/docs-xml/smbdotconf/domain/allowdnsupdates.xml new file mode 100644 index 0000000..6c0a0d0 --- /dev/null +++ b/docs-xml/smbdotconf/domain/allowdnsupdates.xml @@ -0,0 +1,19 @@ +<samba:parameter name="allow dns updates" + context="G" + type="enum" + enumlist="enum_dns_update_settings" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option determines what kind of updates to the DNS are allowed. + </para> + + <para>DNS updates can either be disallowed completely by setting it to + <constant>disabled</constant>, enabled over secure connections only by + setting it to <constant>secure only</constant> or allowed in all cases + by setting it to <constant>nonsecure</constant>. + </para> +</description> + +<value type="default">secure only</value> +<value type="example">disabled</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/dnsforwarder.xml b/docs-xml/smbdotconf/domain/dnsforwarder.xml new file mode 100644 index 0000000..cf8875e --- /dev/null +++ b/docs-xml/smbdotconf/domain/dnsforwarder.xml @@ -0,0 +1,21 @@ +<samba:parameter name="dns forwarder" + context="G" + type="cmdlist" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option specifies the list of DNS servers that DNS requests will be + forwarded to if they can not be handled by Samba itself. + </para> + + <para>The DNS forwarder is only used if the internal DNS server + in Samba is used. Port numbers can be appended by separating them from + the address by using a colon (':'). When specifying a port, IPv6 + addresses must be enclosed in square brackets ('[' and ']'). IPv6 + forwarder addresses with no port specified, don't need the square + brackets, and default to port 53. + </para> +</description> + +<value type="default"></value> +<value type="example">192.168.0.1 192.168.0.2 ::1 [2001:db8::1] [2001:db8:1:2::1]:54 </value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/dnsupdatecommand.xml b/docs-xml/smbdotconf/domain/dnsupdatecommand.xml new file mode 100644 index 0000000..40cbc5b --- /dev/null +++ b/docs-xml/smbdotconf/domain/dnsupdatecommand.xml @@ -0,0 +1,14 @@ +<samba:parameter name="dns update command" + context="G" + type="cmdlist" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option sets the command that is called when there are + DNS updates. It should update the local machines DNS names using + TSIG-GSS. + </para> +</description> + +<value type="default">&pathconfig.SCRIPTSBINDIR;/samba_dnsupdate</value> +<value type="example">/usr/local/sbin/dnsupdate</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/dnszonescavenging.xml b/docs-xml/smbdotconf/domain/dnszonescavenging.xml new file mode 100644 index 0000000..80ec144 --- /dev/null +++ b/docs-xml/smbdotconf/domain/dnszonescavenging.xml @@ -0,0 +1,23 @@ +<samba:parameter name="dns zone scavenging" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + When enabled (the default is disabled) unused dynamic dns records are + periodically removed. + </para> + <warning><para> + This option should not be enabled for installations created with + versions of samba before 4.9. Doing this will result in the loss of + static DNS entries. This is due to a bug in previous versions + of samba (BUG 12451) which marked dynamic DNS records as static and + static records as dynamic. + </para></warning> + <note><para> + If one record for a DNS name is static (non-aging) then no other record + for that DNS name will be scavenged. + </para></note> +</description> +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/dnszonetransferclientsallow.xml b/docs-xml/smbdotconf/domain/dnszonetransferclientsallow.xml new file mode 100644 index 0000000..cf01742 --- /dev/null +++ b/docs-xml/smbdotconf/domain/dnszonetransferclientsallow.xml @@ -0,0 +1,26 @@ +<samba:parameter name="dns zone transfer clients allow" + context="G" + type="cmdlist" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option specifies the list of IPs authorized to ask for dns zone + transfer from bind DLZ module. + </para> + + <para>The IP list is comma and space separated and specified in the same + syntax as used in <smbconfoption name="hosts allow"/>, specifically + including IP address, IP prefixes and IP address masks. + </para> + + <para>As this is a DNS server option, hostnames are naturally not permitted. + </para> + + <para>The default behaviour is to deny any request. + A request will be authorized only if the emitting client is identified + in this list, and not in <smbconfoption name="dns zone transfer clients deny"/> + </para> +</description> + +<value type="default"></value> +<value type="example">192.168.0.1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/dnszonetransferclientsdeny.xml b/docs-xml/smbdotconf/domain/dnszonetransferclientsdeny.xml new file mode 100644 index 0000000..8ff8531 --- /dev/null +++ b/docs-xml/smbdotconf/domain/dnszonetransferclientsdeny.xml @@ -0,0 +1,26 @@ +<samba:parameter name="dns zone transfer clients deny" + context="G" + type="cmdlist" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option specifies the list of IPs denied to ask for dns zone + transfer from bind DLZ module. + </para> + + <para>The IP list is comma and space separated and specified in the same + syntax as used in <smbconfoption name="hosts allow"/>, specifically + including IP address, IP prefixes and IP address masks. + </para> + + <para>As this is a DNS server option, hostnames are naturally not permitted. + </para> + + <para>If a client identified in this list sends a zone transfer request, it will always + be denied, even if they are in <smbconfoption name="dns zone transfer clients allow"/>. + This allows the definition of specific denied clients within an authorized subnet. + </para> +</description> + +<value type="default"></value> +<value type="example">192.168.0.1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/gpoupdatecommand.xml b/docs-xml/smbdotconf/domain/gpoupdatecommand.xml new file mode 100644 index 0000000..fd0e7bf --- /dev/null +++ b/docs-xml/smbdotconf/domain/gpoupdatecommand.xml @@ -0,0 +1,17 @@ +<samba:parameter name="gpo update command" + context="G" + type="list" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option sets the command that is called to apply GPO policies. + The samba-gpupdate script applies System Access and Kerberos Policies + to the KDC. System Access policies set minPwdAge, maxPwdAge, + minPwdLength, and pwdProperties in the samdb. Kerberos Policies set + kdc:service ticket lifetime, kdc:user ticket lifetime, and kdc:renewal + lifetime in smb.conf. + </para> +</description> + +<value type="default">&pathconfig.SCRIPTSBINDIR;/samba-gpupdate</value> +<value type="example">/usr/local/sbin/gpoupdate</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/machinepasswordtimeout.xml b/docs-xml/smbdotconf/domain/machinepasswordtimeout.xml new file mode 100644 index 0000000..be4e0e9 --- /dev/null +++ b/docs-xml/smbdotconf/domain/machinepasswordtimeout.xml @@ -0,0 +1,25 @@ +<samba:parameter name="machine password timeout" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + + <para> + If a Samba server is a member of a Windows NT or Active Directory Domain (see the <smbconfoption + name="security">domain</smbconfoption> and + <smbconfoption name="security">ads</smbconfoption> parameters), + then periodically a running winbindd process will try and change + the MACHINE ACCOUNT PASSWORD stored in the TDB called <filename moreinfo="none">secrets.tdb + </filename>. This parameter specifies how often this password will be changed, in seconds. The default is one + week (expressed in seconds), the same as a Windows NT Domain member server. + </para> + + <para> + See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>, + and the <smbconfoption name="security">domain</smbconfoption> + and <smbconfoption name="security">ads</smbconfoption> parameters. + </para> + +</description> +<value type="default">604800</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/nsupdatecommand.xml b/docs-xml/smbdotconf/domain/nsupdatecommand.xml new file mode 100644 index 0000000..8978ade --- /dev/null +++ b/docs-xml/smbdotconf/domain/nsupdatecommand.xml @@ -0,0 +1,12 @@ +<samba:parameter name="nsupdate command" + context="G" + type="cmdlist" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option sets the path to the <filename>nsupdate</filename> + command which is used for GSS-TSIG dynamic DNS updates. + </para> +</description> + +<value type="default">/usr/bin/nsupdate -g</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/spnupdatecommand.xml b/docs-xml/smbdotconf/domain/spnupdatecommand.xml new file mode 100644 index 0000000..9dcce13 --- /dev/null +++ b/docs-xml/smbdotconf/domain/spnupdatecommand.xml @@ -0,0 +1,13 @@ +<samba:parameter name="spn update command" + context="G" + type="cmdlist" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option sets the command that for updating + servicePrincipalName names from <filename>spn_update_list</filename>. + </para> +</description> + +<value type="default">&pathconfig.SCRIPTSBINDIR;/samba_spnupdate</value> +<value type="example">/usr/local/sbin/spnupdate</value> +</samba:parameter> |