SRN: dmlinux
STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
DAT:
- </programlisting>
+</programlisting>
<para>Set up an eventlog source, specifying a message file DLL:</para>
<programlisting>
eventlogadm -o addsource Application MyApplication | \\
%SystemRoot%/system32/MyApplication.dll
- </programlisting>
+</programlisting>
<para>Filter messages from the system log into an event log:</para>
<programlisting>
tail -f /var/log/messages | \\
my_program_to_parse_into_eventlog_records | \\
eventlogadm SystemLogEvents
- </programlisting>
+</programlisting>
</refsect1>
idmap config CORP : backend = ad
idmap config CORP : range = 1000-999999
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
The Unix ID for a RID is calculated this way:
<programlisting>
ID = REDUCED RID + IDMAP RANGE LOW VALUE + RANGE NUMBER * RANGE SIZE
- </programlisting>
+</programlisting>
where REDUCED RID = RID % RANGE_SIZE
and a DOMAIN RANGE INDEX = RID / RANGE_SIZE is used together with the
domain sid to determine the RANGE NUMBER (stored in the database).
given Unix ID is this:
<programlisting>
RID = (ID - LOW ID) % RANGE SIZE + DOMAIN RANGE INDEX * RANGE SIZE
- </programlisting>
+</programlisting>
Where the DOMAIN RANGE INDEX is retrieved from the database along with the
domain sid by the RANGE NUMBER = (ID - LOW ID) / RANGE SIZE .
</para>
idmap config * : backend = autorid
idmap config * : range = 1000000-1999999
- </programlisting>
+</programlisting>
<para>
This example shows how to configure idmap_autorid as default
idmap config TRUSTED : backend = ad
idmap config TRUSTED : range = 50000 - 99999
idmap config TRUSTED : schema_mode = sfu
- </programlisting>
+</programlisting>
</refsect1>
winbind nss info = hash
winbind normalize names = yes
idmap_hash:name_map = /etc/samba/name_map.cfg
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
idmap config * : ldap_url = ldap://localhost/
idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
- </programlisting>
+</programlisting>
<para>
This example shows how ldap can be used as a readonly backend while
idmap config DOM1 : ldap_url = ldap://server/
idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
- </programlisting>
+</programlisting>
</refsect1>
<refsynopsisdiv>
idmap config SAMBA : backend = nss
idmap config SAMBA : range = 1000-999999
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
idmap config DOMAIN : ldap_user_dn = cn=ldapmanager,dc=example,dc=com
idmap config DOMAIN : bind_path_user = ou=People,dc=example,dc=com
idmap config DOMAIN : bind_path_group = ou=Group,dc=example,dc=com
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
The Unix ID for a RID is calculated this way:
<programlisting>
ID = RID - BASE_RID + LOW_RANGE_ID.
- </programlisting>
+</programlisting>
</para>
<para>
Correspondingly, the formula for calculating the RID for a
given Unix ID is this:
<programlisting>
RID = ID + BASE_RID - LOW_RANGE_ID.
- </programlisting>
+</programlisting>
</para>
</refsect1>
idmap config TRUSTED : backend = rid
idmap config TRUSTED : range = 50000 - 99999
idmap config TRUSTED : base_rid = 500000
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
IDTOSID UID xxxx
IDTOSID GID xxxx
IDTOSID XID xxxx
- </programlisting>
+</programlisting>
<para>
And it should return one of the following responses as a single line of
XID:yyyy
SID:ssss
ERR:yyyy
- </programlisting>
+</programlisting>
<para>
XID indicates that the ID returned should be both a UID and a GID.
idmap config * : backend = script
idmap config * : range = 1000000-2000000
idmap config * : script = /usr/local/samba/bin/idmap_script.sh
- </programlisting>
+</programlisting>
<para>
This shows a simple script to partially perform the task:
echo "ERR: No idea what to do"
exit 1
fi
- </programlisting>
+</programlisting>
<para>
Clearly, this script is not enough, as it should probably use wbinfo
# "backend = tdb" is redundant here since it is the default
idmap config * : backend = tdb
idmap config * : range = 1000000-2000000
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
SIDTOID S-1-xxxx
IDTOSID UID xxxx
IDTOSID GID xxxx
- </programlisting>
+</programlisting>
<para>
And it should return one of the following responses as a single line of
GID:yyyy
SID:yyyy
ERR:yyyy
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
[global]
idmap config * : backend = tdb2
idmap config * : range = 1000000-2000000
- </programlisting>
+</programlisting>
<para>
This example shows how tdb2 is used as the default idmap backend
idmap config * : backend = tdb2
idmap config * : range = 1000000-2000000
idmap config * : script = /usr/local/samba/bin/idmap_script.sh
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
<para><programlisting>
<prompt>$</prompt> log2pcap < /var/log/* > trace.pcap
- </programlisting></para>
+</programlisting></para>
<para>Convert to pcap using text2pcap:</para>
<para><programlisting>
<prompt>$</prompt> log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap
- </programlisting></para>
+</programlisting></para>
</refsect1>
<refsect1>
<para>Search all indexed metadata attributes, exact match:</para>
<programlisting>
'*=="Samba"'
- </programlisting>
+</programlisting>
<para>Search all indexed metadata attributes, prefix match:</para>
<programlisting>
'*=="Samba*"'
- </programlisting>
+</programlisting>
<para>Search by filename:</para>
<programlisting>
'kMDItemFSName=="Samba*"'
- </programlisting>
+</programlisting>
<para>Search by date:</para>
<programlisting>
'kMDItemFSContentChangeDate<$time.iso(2018-10-01T10:00:00Z)'
- </programlisting>
+</programlisting>
<para>Search files's content:</para>
<programlisting>
'kMDItemTextContent=="Samba*"'
- </programlisting>
+</programlisting>
<para>Expressions:</para>
<programlisting>
kMDItemFSName=="Samba*"||kMDItemTextContent=="Tango*"'
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
session required pam_unix2.so
+++ session required pam_winbind.so
...
- </programlisting>
+</programlisting>
Make sure that pam_winbind is one of the first modules in the session part. It may retrieve
kerberos tickets which are needed by other modules.
</para>
<programlisting>
# samba-log-parser --traceid 1234 --flow /var/log/samba/log.winbind
- </programlisting>
+</programlisting>
<para>Show the full traces for winbind client with PID
<parameter>999999</parameter>
<programlisting>
# samba-log-parser --pid 999999 --merge-by-timestamp /var/log/samba
- </programlisting>
+</programlisting>
<para>Break down the traces into separate files according to traceid sorted
using the timestamp for log files found in the samba log directory:
<programlisting>
# samba-log-parser --breakdown --merge-by-timestamp /var/log/samba
- </programlisting>
+</programlisting>
<para>Sort traces using the timestamp for log files found in the samba log
directory. Traces do not need to contain the traceid header field.
<programlisting>
# samba-log-parser --merge-by-timestamp /var/log/samba
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
OWNER:<sid or name>
GROUP:<sid or name>
ACL:<sid or name>:<type>/<flags>/<mask>
- </programlisting></para>
+</programlisting></para>
<para>The revision of the ACL specifies the internal Windows
NT ACL revision for the security descriptor.
<programlisting>
host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
- </programlisting>
+</programlisting>
<para>List all ACEs for <parameter>share</parameter>:
</para>
GROUP:
ACL:S-1-1-0:ALLOWED/0x0/FULL
ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0x0/FULL
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
idmap config TRUSTED : backend = rid
idmap config TRUSTED : range = 6000000-6999999
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
}
}
}
- </programlisting> </para>
+</programlisting> </para>
<para>If oplocks are used:
<programlisting>
"LEASE": false,
"text": "LEVEL_II"
}
- </programlisting> </para>
+</programlisting> </para>
<para>If leases are used:
"HANDLE": false,
"text": "RW"
}
- </programlisting> </para>
+</programlisting> </para>
<para>With byte-range locks (-B, --byterange):
<programlisting>
}
]
}
- </programlisting> </para>
+</programlisting> </para>
<para> With notifies (-N, --notify):
<programlisting>
"creation_time": "1970-01-01T01:00:14.326582+01:00"
}
}
- </programlisting> </para>
+</programlisting> </para>
<para> For profiling (-P, --profile):
<programlisting>
...
}
}
- </programlisting> </para>
+</programlisting> </para>
</listitem>
</varlistentry>
"-": 1
}, <lineannotation>[...]</lineannotation>
}
- </programlisting>
+</programlisting>
<para> This counts the observed continuations after an ldap
packet with opcode 0 (a bind) followed by a dcerpc packet with
opcode 11 (also a bind). The most common next packet is
<smbconfsection name="[share]"/>
<smbconfoption name="vfs objects">btrfs</smbconfoption>
<smbconfoption name="btrfs: manipulate snapshots">no</smbconfoption>
- </programlisting>
+</programlisting>
<para>
To use the experimental snapshot manipulation functionality
provided by this module, it must be explicitly enabled, and
<smbconfsection name="[share]"/>
<smbconfoption name="vfs objects">btrfs shadow_copy</smbconfoption>
<smbconfoption name="btrfs: manipulate snapshots">yes</smbconfoption>
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
<programlisting>
<command>client acl type = posix_acl</command>
<command>fuse default permissions = false</command>
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
<smbconfoption name="vfs objects">ceph</smbconfoption>
<smbconfoption name="path">/non-mounted/cephfs/path</smbconfoption>
<smbconfoption name="kernel share modes">no</smbconfoption>
- </programlisting>
+</programlisting>
<para>
Since <command>vfs_ceph</command> does not require a filesystem
<programlisting>
<command>client acl type = posix_acl</command>
<command>fuse default permissions = false</command>
- </programlisting>
+</programlisting>
<para>
<emphasis role="strong">NOTE</emphasis>:
<smbconfoption name="vfs objects">ceph_new</smbconfoption>
<smbconfoption name="path">/non-mounted/cephfs/path</smbconfoption>
<smbconfoption name="kernel share modes">no</smbconfoption>
- </programlisting>
+</programlisting>
<para>
Since <command>vfs_ceph_new</command> does not require a
<smbconfoption name="vfs objects">ceph_snapshots ceph</smbconfoption>
<smbconfoption name="path">/non-mounted/cephfs/path</smbconfoption>
<smbconfoption name="kernel share modes">no</smbconfoption>
- </programlisting>
+</programlisting>
<para>
<command>vfs_ceph_snapshots</command> can also be used atop a
<smbconfsection name="[share]"/>
<smbconfoption name="vfs objects">ceph_snapshots</smbconfoption>
<smbconfoption name="path">/mnt/cephfs/</smbconfoption>
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
192.168.234 local.samba.org
192.168 remote.samba.org
default.samba.org
- </programlisting>
+</programlisting>
<para>With this, clients from network 192.168.234/24 are
redirected to host local.samba.org, clients from 192.168/16
format is: </para>
<programlisting>
smbd_audit: PREFIX|OPERATION|RESULT|FILE
- </programlisting>
+</programlisting>
<para>The record fields are:</para>
<smbconfoption name="path">/relative/base/path</smbconfoption>
<smbconfoption name="glusterfs:volume">gv0</smbconfoption>
<smbconfoption name="kernel share modes">no</smbconfoption>
- </programlisting>
+</programlisting>
<para>
Note that since <command>vfs_glusterfs</command> does not
The write-behind translator can easily be disabled via calling
<programlisting>
gluster volume set <volumename> performance.write-behind off
- </programlisting> on the commandline.
+</programlisting> on the commandline.
</para>
<para>
With GlusterFS versions >= 9, we silently bypass write-behind
<smbconfsection name="[share]"/>
<smbconfoption name="vfs objects">glusterfs_fuse</smbconfoption>
<smbconfoption name="path">/absolute/path_of_fusemount</smbconfoption>
- </programlisting>
+</programlisting>
<para>
Note that <command>vfs_glusterfs_fuse</command> requires a Gluster mount. For accessing glusterfs directly
<smbconfsection name="[samba_gpfs_share]"/>
<smbconfoption name="vfs objects">nfs4acl_xattr</smbconfoption>
<smbconfoption name="path">/foo/bar</smbconfoption>
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
<manvolnum>1</manvolnum></citerefentry> command:
<programlisting>
TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S
- </programlisting></para>
+</programlisting></para>
</refsect1>
<manvolnum>1</manvolnum></citerefentry> command:
<programlisting>
TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S
- </programlisting></para>
+</programlisting></para>
</refsect1>
snap_create.sh</smbconfoption>
<smbconfoption name="shell_snap:delete command">
snap_delete.sh</smbconfoption>
- </programlisting>
+</programlisting>
<para>
Samba's FSRVP server must be configured in the [global] section:
<smbconfsection name="[global]"/>
<smbconfoption name="registry shares">yes</smbconfoption>
<smbconfoption name="include">registry</smbconfoption>
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
<programlisting>
<smbconfsection name="[share]"/>
<smbconfoption name="vfs objects">snapper</smbconfoption>
- </programlisting>
+</programlisting>
<para>
For remote snapshot creation and deletion, Samba's FSRVP
<smbconfsection name="[global]"/>
<smbconfoption name="registry shares">yes</smbconfoption>
<smbconfoption name="include">registry</smbconfoption>
- </programlisting>
+</programlisting>
</refsect1>
<refsect1>
module = winbind:/usr/lib64/samba/krb5/winbind_krb5_localauth.so
enable_only = winbind
}
- </programlisting>
+</programlisting>
</para>
</refsect1>
<para>Search using a basic phrase:</para>
<programlisting>
'wspsearch -Usomeuser%password //server/share --phrase="cats"'
- </programlisting>
+</programlisting>
<para>Search using an AQS like query for a picture whose name starts with p403 or p404:</para>
<programlisting>
'wspsearch -Usomeuser%password //server/share --query="ALL:$<p403 OR ALL:$<p404 AND System.Kind:picture"'
- </programlisting>
+</programlisting>
</refsect1>
projects / thirdparty / samba.git / commitdiff
