From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 19:20:00 +0200
Subject: Adding upstream version 2:4.20.0+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 docs-xml/smbdotconf/security/maptoguest.xml | 62 +++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 docs-xml/smbdotconf/security/maptoguest.xml

(limited to 'docs-xml/smbdotconf/security/maptoguest.xml')

diff --git a/docs-xml/smbdotconf/security/maptoguest.xml b/docs-xml/smbdotconf/security/maptoguest.xml
new file mode 100644
index 0000000..c98086a
--- /dev/null
+++ b/docs-xml/smbdotconf/security/maptoguest.xml
@@ -0,0 +1,62 @@
+<samba:parameter name="map to guest"
+                 type="enum"
+                 context="G"
+                 enumlist="enum_map_to_guest"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>This parameter can take four different values, which tell
+    <citerefentry><refentrytitle>smbd</refentrytitle>
+    <manvolnum>8</manvolnum></citerefentry> what to do with user 
+    login requests that don't match a valid UNIX user in some way.</para>
+
+    <para>The four settings are :</para>
+
+    <itemizedlist>
+	<listitem>
+	    <para><constant>Never</constant> - Means user login 
+	    requests with an invalid password are rejected. This is the 
+	    default.</para>
+	</listitem>
+			
+	<listitem>
+	    <para><constant>Bad User</constant> - Means user
+	    logins with an invalid password are rejected, unless the username 
+	    does not exist, in which case it is treated as a guest login and 
+	    mapped into the <smbconfoption name="guest account"/>.</para>
+	</listitem>
+
+	<listitem>
+	    <para><constant>Bad Password</constant> - Means user logins 
+	    with an invalid password are treated as a guest login and mapped 
+	    into the <smbconfoption name="guest account"/>. Note that 
+	    this can cause problems as it means that any user incorrectly typing 
+	    their password will be silently logged on as &quot;guest&quot; - and 
+	    will not know the reason they cannot access files they think
+	    they should - there will have been no message given to them
+	    that they got their password wrong. Helpdesk services will
+	    <emphasis>hate</emphasis> you if you set the <parameter moreinfo="none">map to 
+	    guest</parameter> parameter this way :-).</para>
+	</listitem>
+	<listitem>
+	    <para><constant>Bad Uid</constant> - Is only applicable when Samba is configured
+	    in some type of domain mode security (security = {domain|ads}) and means that
+	    user logins which are successfully authenticated but which have no valid Unix
+	    user account (and smbd is unable to create one) should be mapped to the defined
+	    guest account. This was the default behavior of Samba 2.x releases.  Note that 
+	    if a member server is running winbindd,  this option should never be required
+	    because the nss_winbind library will export the Windows domain users and groups
+	    to the underlying OS via the Name Service Switch interface.</para>
+	</listitem>
+    </itemizedlist>
+
+    <para>Note that this parameter is needed to set up &quot;Guest&quot; 
+    share services. This is because in these modes the name of the resource being
+    requested is <emphasis>not</emphasis> sent to the server until after 
+    the server has successfully authenticated the client so the server 
+    cannot make authentication decisions at the correct time (connection 
+    to the share) for &quot;Guest&quot; shares. </para>
+</description>
+
+<value type="default">Never</value>
+<value type="example">Bad User</value>
+</samba:parameter>
-- 
cgit v1.2.3