diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2005-06-12 16:38:23 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:46:45 -0500 |
commit | 112fced252d5d398765fdbf3052f62c25bd6d67a (patch) | |
tree | 9bc7c9193e62217e59eeb0121a1f1cbeaca658b9 | |
parent | dc448bdfbb479a245028c6f2b30b32d3cc7f0b50 (diff) | |
download | samba-112fced252d5d398765fdbf3052f62c25bd6d67a.tar.gz samba-112fced252d5d398765fdbf3052f62c25bd6d67a.tar.bz2 samba-112fced252d5d398765fdbf3052f62c25bd6d67a.zip |
Remove obsolete elements.
(This used to be commit 7f26b262a0d34183d93b271f64d3ef4ff90c14ee)
-rw-r--r-- | docs/Samba3-ByExample/SBE-2000UserNetwork.xml | 42 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-500UserNetwork.xml | 18 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-AddingUNIXClients.xml | 458 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-Appendix1.xml | 56 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-Appendix2.xml | 42 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-DomainAppsSupport.xml | 4 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-HighAvailability.xml | 26 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-KerberosFastStart.xml | 22 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-MakingHappyUsers.xml | 24 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-MigrateNT4Samba3.xml | 18 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-MigrateNW4Samba3.xml | 14 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-SecureOfficeServer.xml | 18 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml | 18 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-TheSmallOffice.xml | 6 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-UpgradingSamba.xml | 12 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-foreword.xml | 32 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-inside-cover.xml | 49 |
17 files changed, 454 insertions, 405 deletions
diff --git a/docs/Samba3-ByExample/SBE-2000UserNetwork.xml b/docs/Samba3-ByExample/SBE-2000UserNetwork.xml index 2023e43f92..f55fc34f28 100644 --- a/docs/Samba3-ByExample/SBE-2000UserNetwork.xml +++ b/docs/Samba3-ByExample/SBE-2000UserNetwork.xml @@ -628,15 +628,15 @@ productivity.</para> inconsistent directory information can be exceedingly difficult. </para> - <image id="chap7net"> - <imagedescription>Network Topology &smbmdash; 2000 User Complex Design A</imagedescription> + <figure id="chap7net"> + <title>Network Topology &smbmdash; 2000 User Complex Design A</title> <imagefile scale="70">chap7-net-Ar</imagefile> - </image> + </figure> - <image id="chap7net2"> - <imagedescription>Network Topology &smbmdash; 2000 User Complex Design B</imagedescription> + <figure id="chap7net2"> + <title>Network Topology &smbmdash; 2000 User Complex Design B</title> <imagefile scale="70">chap7-net2-Br</imagefile> - </image> + </figure> </sect3> @@ -676,10 +676,10 @@ productivity.</para> using the specific systems shown. </para> - <image id="chap7idres"> - <imagedescription>Samba and Authentication Backend Search Pathways</imagedescription> + <figure id="chap7idres"> + <title>Samba and Authentication Backend Search Pathways</title> <imagefile scale="55">chap7-idresol</imagefile> - </image> + </figure> <para> <indexterm><primary>smbpasswd</primary></indexterm> @@ -709,10 +709,10 @@ passdb backend = ldapsam:ldap://master.abmas.biz ... </screen> This configuration tells Samba to use a single LDAP server, as shown in <link linkend="ch7singleLDAP"/>. - <image id="ch7singleLDAP"> - <imagedescription>Samba Configuration to Use a Single LDAP Server</imagedescription> + <figure id="ch7singleLDAP"> + <title>Samba Configuration to Use a Single LDAP Server</title> <imagefile scale="65">ch7-singleLDAP</imagefile> - </image> + </figure> <indexterm><primary>LDAP</primary><secondary>fail-over</secondary></indexterm> <indexterm><primary>fail-over</primary></indexterm> The addition of a failover LDAP server can simply be done by adding a @@ -726,10 +726,10 @@ passdb backend = ldapsam:"ldap://master.abmas.biz \ </screen> This configuration tells Samba to use a master LDAP server, with failover to a slave server if necessary, as shown in <link linkend="ch7dualLDAP"/>. - <image id="ch7dualLDAP"> - <imagedescription>Samba Configuration to Use a Dual (Fail-over) LDAP Server</imagedescription> + <figure id="ch7dualLDAP"> + <title>Samba Configuration to Use a Dual (Fail-over) LDAP Server</title> <imagefile scale="65">ch7-fail-overLDAP</imagefile> - </image> + </figure> </para> <para> @@ -749,10 +749,10 @@ passdb backend = ldapsam:ldap://master.abmas.biz \ configuration is shown in <link linkend="ch7dualadd"/> </para> - <image id="ch7dualadd"> - <imagedescription>Samba Configuration to Use Dual LDAP Databases - Broken - Do Not Use!</imagedescription> + <figure id="ch7dualadd"> + <title>Samba Configuration to Use Dual LDAP Databases - Broken - Do Not Use!</title> <imagefile scale="55">ch7-dual-additive-LDAP</imagefile> - </image> + </figure> <para> If, however, each LDAP database contains unique information, this may @@ -761,10 +761,10 @@ passdb backend = ldapsam:ldap://master.abmas.biz \ An example of this configuration is shown in <link linkend="ch7dualok"/>. </para> - <image id="ch7dualok"> - <imagedescription>Samba Configuration to Use Two LDAP Databases - The result is additive.</imagedescription> + <figure id="ch7dualok"> + <title>Samba Configuration to Use Two LDAP Databases - The result is additive.</title> <imagefile scale="55">ch7-dual-additive-LDAP-Ok</imagefile> - </image> + </figure> <note><para> When the use of ldapsam is specified twice, as shown here, it is imperative diff --git a/docs/Samba3-ByExample/SBE-500UserNetwork.xml b/docs/Samba3-ByExample/SBE-500UserNetwork.xml index 11bd09ac04..1f4e9f7093 100644 --- a/docs/Samba3-ByExample/SBE-500UserNetwork.xml +++ b/docs/Samba3-ByExample/SBE-500UserNetwork.xml @@ -309,10 +309,10 @@ selected hardware that is appropriate to the task. </para> - <image id="chap05net"> - <imagedescription>Network Topology &smbmdash; 500 User Network Using tdbsam passdb backend.</imagedescription> + <figure id="chap05net"> + <title>Network Topology &smbmdash; 500 User Network Using tdbsam passdb backend.</title> <imagefile scale="50">chap5-net</imagefile> - </image> + </figure> <sect2 id="ch5-dnshcp-setup"> <title>Installation of DHCP, DNS, and Samba Control Files</title> @@ -642,10 +642,10 @@ root = Administrator <indexterm><primary>/etc/mime.convs</primary></indexterm> <indexterm><primary>application/octet-stream</primary></indexterm> This step, as well as the next one, may be omitted where CUPS version 1.1.18 - or later is in use. Although it does no harm to follow it anyway, and may - help to avoid time spent later trying to figure out why print jobs may be - disappearing without a trace. Look at these two steps as <emphasis>insurance</emphasis> - against lost time. Edit file <filename>/etc/cups/mime.convs</filename> to + or later is in use. Although it does no harm to follow it anyhow, and may + help to avoid later time spent trying to figure out why print jobs may be + disappearing without trace. Look at these two steps as <emphasis>insurance</emphasis> + against lost time. Edit file <filename>/etc/cups/mime.convs</filename> to uncomment the line: <screen> application/octet-stream application/vnd.cups-raw 0 - @@ -694,7 +694,7 @@ application/octet-stream <para> There are some steps that apply to particular server functionality only. Each step is critical to correct server operation. The following step-by-step installation guidance will assist you - in working through the process of configuring the PDC and then both BDC's. + to work through the process of configuring the PDC and then both BDC's. </para> <sect3> @@ -893,7 +893,7 @@ Added user <parameter>username</parameter>. <title>Configuration Specific to Domain Member Servers: <constant>BLDG1, BLDG2</constant></title> <para> - The following steps will guide you through the nuances of implementing BDCs for the broadcast + The following steps will guide you trough the nuances of imlplementing BDC's for the broadcast isolated network segments. Remember that if the target installation platform is not Linux, it may be necessary to adapt some commands to the equivalent on the target platform. </para> diff --git a/docs/Samba3-ByExample/SBE-AddingUNIXClients.xml b/docs/Samba3-ByExample/SBE-AddingUNIXClients.xml index fa698cee31..57487916b2 100644 --- a/docs/Samba3-ByExample/SBE-AddingUNIXClients.xml +++ b/docs/Samba3-ByExample/SBE-AddingUNIXClients.xml @@ -16,10 +16,10 @@ <link linkend="ch09openmag"/>. </para> - <image id="ch09openmag"> - <imagedescription>Open Magazine Samba Survey</imagedescription> + <figure id="ch09openmag"> + <title>Open Magazine Samba Survey</title> <imagefile scale="60">openmag</imagefile> - </image> + </figure> <para> While domain control is an exciting subject, basic file and print sharing remains the staple bread-and-butter @@ -113,7 +113,7 @@ <indexterm><primary>accounts</primary><secondary>authoritative</secondary></indexterm> <indexterm><primary>PDC</primary></indexterm> <indexterm><primary>BDC</primary></indexterm> - A domain controller (PDC or BDC) is always authoritative for all accounts in its domain. + A domain controller (PDC or BDC) is always authoritative for all accounts in its Domain. This means that a BDC must (of necessity) be able to resolve all account UIDs and GIDs to the same values that the PDC resolved them to. </para></listitem> @@ -190,32 +190,41 @@ casual user. </para></listitem> - <listitem><para> - <indexterm><primary>winbind trusted domains only</primary></indexterm> - <indexterm><primary>domain member</primary><secondary>servers</secondary></indexterm> - <indexterm><primary>domain controllers</primary></indexterm> + <listitem><para><indexterm> + <primary>winbind enable local accounts</primary> + </indexterm><indexterm> + <primary>Domain Member</primary> + <secondary>servers</secondary> + </indexterm><indexterm> + <primary>Domain Controllers</primary> + </indexterm> If you wish to make use of accounts (users and/or groups) that are local to (i.e., capable - of being resolved using) the NSS facility, it is possible to use the - <smbconfoption name="winbind trusted domains only">Yes</smbconfoption> - in the &smb.conf; file. This parameter specifically applies to domain controllers, - and to domain member servers. + of being resolved using) the NSS facility, it is imperative to use the + <smbconfoption name="winbind enable local accounts">Yes</smbconfoption> + in the &smb.conf; file. This parameter specifically applies only to domain controllers, + not to domain member servers. </para></listitem> - </itemizedlist> - <para> - <indexterm><primary>Posix accounts</primary></indexterm> - <indexterm><primary>Samba accounts</primary></indexterm> - <indexterm><primary>LDAP</primary></indexterm> + <para><indexterm> + <primary>Posix accounts</primary> + </indexterm><indexterm> + <primary>Samba accounts</primary> + </indexterm><indexterm> + <primary>LDAP</primary> + </indexterm> For many administrators, it should be plain that the use of an LDAP-based repository for all network accounts (both for POSIX accounts and for Samba accounts) provides the most elegant and controllable facility. You eventually appreciate the decision to use LDAP. </para> - <para> - <indexterm><primary>nss_ldap</primary></indexterm> - <indexterm><primary>identifiers</primary></indexterm> - <indexterm><primary>resolve</primary></indexterm> + <para><indexterm> + <primary>nss_ldap</primary> + </indexterm><indexterm> + <primary>identifiers</primary> + </indexterm><indexterm> + <primary>resolve</primary> + </indexterm> If your network account information resides in an LDAP repository, you should use it ahead of any alternative method. This means that if it is humanly possible to use the <command>nss_ldap</command> tools to resolve UNIX account UIDs/GIDs via LDAP, this is the preferred solution, because it provides @@ -223,13 +232,20 @@ throughout the network. </para> - <para> - <indexterm><primary>Domain Member</primary><secondary>server</secondary></indexterm> - <indexterm><primary>winbind trusted domains only</primary></indexterm> - <indexterm><primary>getpwnam</primary></indexterm> - <indexterm><primary>smbd</primary></indexterm> - <indexterm><primary>Trusted Domains</primary></indexterm> - <indexterm><primary>External Domains</primary></indexterm> + <para><indexterm> + <primary>Domain Member</primary> + <secondary>server</secondary> + </indexterm><indexterm> + <primary>winbind trusted domains only</primary> + </indexterm><indexterm> + <primary>getpwnam</primary> + </indexterm><indexterm> + <primary>smbd</primary> + </indexterm><indexterm> + <primary>Trusted Domains</primary> + </indexterm><indexterm> + <primary>External Domains</primary> + </indexterm> In the situation where UNIX accounts are held on the domain member server itself, the only effective way to use them involves the &smb.conf; entry <smbconfoption name="winbind trusted domains only">Yes</smbconfoption>. This forces @@ -238,12 +254,17 @@ disables the use of Samba with trusted domains (i.e., external domains). </para> - <para> - <indexterm><primary>appliance mode</primary></indexterm> - <indexterm><primary>Domain Member</primary><secondary>server</secondary></indexterm> - <indexterm><primary>winbindd</primary></indexterm> - <indexterm><primary>automatically allocate</primary></indexterm> - Winbind can be used to create an appliance mode domain member server. In this capacity, <command>winbindd</command> + <para><indexterm> + <primary>appliance mode</primary> + </indexterm><indexterm> + <primary>Domain Member</primary> + <secondary>server</secondary> + </indexterm><indexterm> + <primary>winbindd</primary> + </indexterm><indexterm> + <primary>automatically allocate</primary> + </indexterm> + Winbind can be used to create an appliance mode domain member server. In this capacity, <command>winbindd</command> is configured to automatically allocate UIDs/GIDs from numeric ranges set in the &smb.conf; file. The allocation is made for all accounts that connect to that domain member server, whether within its own domain or from trusted domains. If not stored in an LDAP backend, each domain member maintains its own unique mapping database. @@ -252,8 +273,9 @@ is stored in the <filename>winbindd_idmap.tdb</filename> and <filename>winbindd_cache.tdb</filename> files. </para> - <para> - <indexterm><primary>mapping</primary></indexterm> + <para><indexterm> + <primary>mapping</primary> + </indexterm> The use of an LDAP backend for the Winbind IDMAP facility permits Windows domain SIDs mappings to UIDs/GIDs to be stored centrally. The result is a consistent mapping across all domain member servers so configured. This solves one of the major headaches for network administrators who need to copy @@ -265,11 +287,16 @@ <sect2> <title>Political Issues</title> - <para> - <indexterm><primary>OpenLDAP</primary></indexterm> - <indexterm><primary>NIS</primary></indexterm> - <indexterm><primary>yellow pages</primary><see>NIS</see></indexterm> - <indexterm><primary>identity management</primary></indexterm> + <para><indexterm> + <primary>OpenLDAP</primary> + </indexterm><indexterm> + <primary>NIS</primary> + </indexterm><indexterm> + <primary>yellow pages</primary> + <see>NIS</see> + </indexterm><indexterm> + <primary>identity management</primary> + </indexterm> One of the most fierce conflicts recently being waged is resistance to the adoption of LDAP, in particular OpenLDAP, as a replacement for UNIX NIS (previously called Yellow Pages). Let's face it, LDAP is different and requires a new approach to the need for a better identity management solution. The more @@ -284,9 +311,11 @@ commercial integration products. But it's not what Active Directory was designed for. </para> - <para> - <indexterm><primary>directory</primary></indexterm> - <indexterm><primary>management</primary></indexterm> + <para><indexterm> + <primary>directory</primary> + </indexterm><indexterm> + <primary>management</primary> + </indexterm> A number of long-term UNIX devotees have recently commented in various communications that the Samba Team is the first application group to almost force network administrators to use LDAP. It should be pointed out that we resisted this for as long as we could. It is not out of laziness or malice that LDAP has @@ -301,18 +330,25 @@ <sect1> <title>Implementation</title> - <para> - <indexterm><primary>Domain Member</primary><secondary>server</secondary></indexterm> - <indexterm><primary>Domain Member</primary><secondary>client</secondary></indexterm> - <indexterm><primary>Domain Controller</primary></indexterm> - The domain member server and the domain member client are at the center of focus in this chapter. + <para><indexterm> + <primary>Domain Member</primary> + <secondary>server</secondary> + </indexterm><indexterm> + <primary>Domain Member</primary> + <secondary>client</secondary> + </indexterm><indexterm> + <primary>Domain Controller</primary> + </indexterm> + The domain Member server and the domain member client are at the center of focus in this chapter. Configuration of Samba-3 domain controller is covered in earlier chapters, so if your interest is in domain controller configuration, you will not find that here. You will find good oil that helps you to add domain member servers and clients. </para> - <para> - <indexterm><primary>Domain Member</primary><secondary>workstations</secondary></indexterm> + <para><indexterm> + <primary>Domain Member</primary> + <secondary>workstations</secondary> + </indexterm> In practice, domain member servers and domain member workstations are very different entities, but in terms of technology they share similar core infrastructure. A technologist would argue that servers and workstations are identical. Many users would argue otherwise, given that in a well-disciplined @@ -321,18 +357,22 @@ but a server is viewed as a core component of the business. </para> - <para> - <indexterm><primary>workstation</primary></indexterm> + <para><indexterm> + <primary>workstation</primary> + </indexterm> We can look at this another way. If a workstation breaks down, one user is affected, but if a server breaks down, hundreds of users may not be able to work. The services that a workstation must provide are document- and file-production oriented; a server provides information storage and is distribution oriented. </para> - <para> - <indexterm><primary>authentication process</primary></indexterm> - <indexterm><primary>logon process</primary></indexterm> - <indexterm><primary>user identities</primary></indexterm> + <para><indexterm> + <primary>authentication process</primary> + </indexterm><indexterm> + <primary>logon process</primary> + </indexterm><indexterm> + <primary>user identities</primary> + </indexterm> <emphasis>Why is this important?</emphasis> For starters, we must identify what components of the operating system and its environment must be configured. Also, it is necessary to recognize where the interdependencies between the various services to be used are. @@ -348,52 +388,52 @@ </para> <sect2 id="sdcsdmldap"> - <title>Samba Domain with Samba Domain Member Server &smbmdash; Using NSS LDAP</title> + <title>Samba Domain with Samba Domain Member Server &smbmdash; Using LDAP</title> - <para> - <indexterm><primary>ldapsam</primary></indexterm> - <indexterm><primary>ldapsam backend</primary></indexterm> - <indexterm><primary>IDMAP</primary></indexterm> - <indexterm><primary>mapping</primary><secondary>consistent</secondary></indexterm> - <indexterm><primary>winbindd</primary></indexterm> - <indexterm><primary>foreign SID</primary></indexterm> + <para><indexterm> + <primary>ldapsam</primary> + </indexterm><indexterm> + <primary>ldapsam backend</primary> + </indexterm><indexterm> + <primary>IDMAP</primary> + </indexterm><indexterm> + <primary>mapping</primary> + <secondary>consistent</secondary> + </indexterm><indexterm> + <primary>winbindd</primary> + </indexterm><indexterm> + <primary>foreign SID</primary> + </indexterm> In this example, it is assumed that you have Samba PDC/BDC servers. This means you are using an LDAP ldapsam backend. We are adding to the LDAP backend database (directory) containers for use by the IDMAP facility. This makes it possible to have globally consistent - mapping of SIDs to and from UIDs and GIDs. This means that it is necessary to run - <command>winbindd</command> as part of your configuration. The primary purpose of running - <command>winbindd</command> (within this operational context) is to permit mapping of foreign - SIDs (those not originating from the the local Samba server). Foreign SIDs can come from any - domain member client or server, or from Windows clients that do not belong to a domain. Another - way to explain the necessity to run <command>winbindd</command> is that Samba can locally - resolve only accounts that belong to the security context of its own machine SID. Winbind - handles all non-local SIDs and maps them to a local UID/GID value. The UID and GID are allocated - from the parameter values set in the &smb.conf; file for the <parameter>idmap uid</parameter> and - <parameter>idmap gid</parameter> ranges. Where LDAP is used, the mappings can be stored in LDAP - so that all domain member servers can use a consistent mapping. - </para> - - <para> - <indexterm><primary>winbindd</primary></indexterm> - <indexterm><primary>getpwnam</primary></indexterm> - <indexterm><primary>NSS</primary></indexterm> - If your installation is accessed only from clients that are members of your own domain, and all - user accounts are present in a local passdb backend then it is not necessary to run - <command>winbindd</command>. The local passdb backend can be in smbpasswd, tdbsam, or in ldapsam. + mapping of SIDs to and from UIDs and GIDs. This means that you are running <command>winbindd</command> + as part of your configuration. The primary purpose of running <command>winbindd</command> (within + this operational context) is to permit mapping of foreign SIDs (those not originating from our + own domain). Foreign SIDs can come from any external domain or from Windows clients that do not + belong to a domain. </para> - <para> - It is possible to use a local passdb backend with any convenient means of resolving the POSIX - user and group account information. The POSIX information is usually obtained using the - <command>getpwnam()</command> system call. On NSS-enabled systems, the actual POSIX account - source can be provided from + <para><indexterm> + <primary>winbindd</primary> + </indexterm><indexterm> + <primary>getpwnam</primary> + </indexterm><indexterm> + <primary>NSS</primary> + </indexterm> + If your installation is accessed only from clients that are members of your own domain, then + it is not necessary to run <command>winbindd</command> as long as all users can be resolved + locally via the <command>getpwnam()</command> system call. On NSS-enabled systems, this condition + is met by having </para> <itemizedlist> - <listitem><para> - <indexterm><primary>/etc/passwd</primary></indexterm> - <indexterm><primary>/etc/group</primary></indexterm> - Accounts in <filename>/etc/passwd</filename> or in <filename>/etc/group</filename>. + <listitem><para><indexterm> + <primary>/etc/passwd</primary> + </indexterm><indexterm> + <primary>/etc/group</primary> + </indexterm> + All accounts in <filename>/etc/passwd</filename> or in <filename>/etc/group</filename>. </para></listitem> <listitem><para> @@ -415,12 +455,6 @@ </para></listitem> </itemizedlist> - <note><para> - To advoid confusion the use of the term <literal>local passdb backend</literal> means that - the user account backend is not shared by any other Samba server &smbmdash; instead, it is - used only locally on the Samba domain member server under discussion. - </para></note> - <para> <indexterm><primary>Identity resolution</primary></indexterm> The diagram in <link linkend="ch9-sambadc"/> demonstrates the relationship of Samba and system @@ -428,14 +462,16 @@ member server within a Samba domain control network. </para> -<image id="ch9-sambadc"> - <imagedescription>Samba Domain: Samba Member Server</imagedescription> +<figure id="ch9-sambadc"> + <title>Samba Domain: Samba Member Server</title> <imagefile scale="60">chap9-SambaDC</imagefile> -</image> +</figure> - <para> - <indexterm><primary>IDMAP</primary></indexterm> - <indexterm><primary>foreign</primary></indexterm> + <para><indexterm> + <primary>IDMAP</primary> + </indexterm><indexterm> + <primary>foreign</primary> + </indexterm> In this example configuration, Samba will directly search the LDAP-based passwd backend ldapsam to obtain authentication and user identity information. The IDMAP information is stored in the LDAP backend so that it can be shared by all domain member servers so that every user will have a @@ -451,30 +487,25 @@ </para> <procedure> - <title>Configuration of NSS_LDAP-Based Identity Resolution</title> + <title>Configuration of LDAP-Based Identity Resolution</title> <step><para> Create the &smb.conf; file as shown in <link linkend="ch9-sdmsdc"/>. Locate this file in the directory <filename>/etc/samba</filename>. </para></step> - <step><para> - <indexterm><primary>ldap.conf</primary></indexterm> + <step><para><indexterm> + <primary>ldap.conf</primary> + </indexterm> Configure the file that will be used by <constant>nss_ldap</constant> to locate and communicate with the LDAP server. This file is called <filename>ldap.conf</filename>. If your implementation of <constant>nss_ldap</constant> is consistent with the defaults suggested by PADL (the authors), it will be located in the <filename>/etc</filename> directory. On some systems, the default location is - the <filename>/etc/openldap</filename> directory, however this file is intended - for use by the OpenLDAP utilities and should not really be used by the nss_ldap - utility since its content and structure serves the specific purpose of enabling - the resolution of user and group IDs via NSS. - </para> - - <para> - Change the parameters inside the file that is located on your OS so it matches - <link linkend="ch9-sdmlcnf"/>. To find the correct location of this file, you - can obtain this from the library that will be used by executing the following: + the <filename>/etc/openldap</filename> directory. Change the parameters inside + the file that is located on your OS so it matches <link linkend="ch9-sdmlcnf"/>. + To find the correct location of this file, you can obtain this from the + library that will be used by executing the following: <screen> &rootprompt; strings /lib/libnss_ldap* | grep ldap.conf /etc/ldap.conf @@ -482,13 +513,15 @@ </para></step> <step><para> - Configure the NSS control file so it matches the one shown in - <link linkend="ch9-sdmnss"/>. + Configure the NSS control file so it matches the one shown + in <link linkend="ch9-sdmnss"/>. </para></step> - <step><para> - <indexterm><primary>Identity resolution</primary></indexterm> - <indexterm><primary>getent</primary></indexterm> + <step><para><indexterm> + <primary>Identity resolution</primary> + </indexterm><indexterm> + <primary>getent</primary> + </indexterm> Before proceeding to configure Samba, validate the operation of the NSS identity resolution via LDAP by executing: <screen> @@ -523,21 +556,24 @@ Finances:x:1001: PIOps:x:1002: sammy:x:4321: </screen> - <indexterm><primary>secondary group</primary></indexterm> - <indexterm><primary>primary group</primary></indexterm> - <indexterm><primary>group membership</primary></indexterm> + <indexterm> + <primary>secondary group</primary> + </indexterm><indexterm> + <primary>primary group</primary> + </indexterm><indexterm> + <primary>group membership</primary> + </indexterm> This shows that all is working as it should be. Notice that in the LDAP database the users' primary and secondary group memberships are identical. It is not necessary to add secondary group memberships (in the group database) if the user is already a member via primary group membership in the password database. When using winbind, it is in fact undesirable to do this because it results in - doubling up of group memberships and may cause problems with winbind under certain - conditions. It is intended that these limitations with winbind will be resolved soon - after Samba-3.0.20 has been released. + doubling up of group memberships and may break winbind under certain conditions. </para></step> - <step><para> - <indexterm><primary>slapcat</primary></indexterm> + <step><para><indexterm> + <primary>slapcat</primary> + </indexterm> The LDAP directory must have a container object for IDMAP data. There are several ways you can check that your LDAP database is able to receive IDMAP information. One of the simplest is to execute: @@ -546,28 +582,25 @@ sammy:x:4321: dn: ou=Idmap,dc=abmas,dc=biz ou: idmap </screen> - <indexterm><primary>ldapadd</primary></indexterm> - If the execution of this command does not return IDMAP entries, you need to create an LDIF - template file (see <link linkend="ch9-ldifadd"/>). You can add the required entries using - the following command: + <indexterm> + <primary>ldapadd</primary> + </indexterm> + If the execution of this command does not return IDMAP entries, you need to create an LDIF + template file (see <link linkend="ch9-ldifadd"/>). You can add the required entries using the following command: <screen> &rootprompt; ldapadd -x -D "cn=Manager,dc=abmas,dc=biz" \ -w not24get < /etc/openldap/idmap.LDIF </screen> + Samba automatically populates this LDAP directory container when it needs to. </para></step> - <step><para> - Samba automatically populates the LDAP directory container when it needs to. To permit Samba - write access to the LDAP directory it is necessary to set the LDAP administrative password - in the <filename>secrets.tdb</filename> file as shown here: -<screen> -&rootprompt; smbpasswd -w not24get -</screen> - </para></step> - - <step><para> - <indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>join</tertiary></indexterm> - <indexterm><primary>Domain join</primary></indexterm> + <step><para><indexterm> + <primary>net</primary> + <secondary>rpc</secondary> + <tertiary>join</tertiary> + </indexterm><indexterm> + <primary>Domain join</primary> + </indexterm> The system is ready to join the domain. Execute the following: <screen> &rootprompt; net rpc join -U root%not24get @@ -599,9 +632,9 @@ Joined domain MEGANET2. <indexterm><primary>failed join</primary></indexterm> <indexterm><primary>rejected</primary></indexterm> <indexterm><primary>restrict anonymous</primary></indexterm> - Note: Use "root" for UNIX/Linux and Samba, use "Administrator" for Windows NT4/200X. If the cause of + Note: Use "root" for UNIX/Linux and Samba, use "Administrator"for Windows NT4/200X. If the cause of the failure appears to be related to a rejected or failed NT_SESSION_SETUP* or an error message that - says NT_STATUS_ACCESS_DENIED immediately check the Windows registry setting that controls the + says NT_STATUS_ACCESS_DENIED immediately check the Windows registry setting that controls the <constant>restrict anonymous</constant> setting. Set this to the value 0 so that an anonymous connection can be sustained, then try again. </para> @@ -632,12 +665,12 @@ Join to 'MEGANET2' failed. <step><para> <indexterm><primary>wbinfo</primary></indexterm> Just joining the domain is not quite enough; you must now provide a privileged set - of credentials through which <command>winbindd</command> can interact with the + of credentials through which <command>winbindd</command> can interact with the ADS domain servers. Execute the following to implant the necessary credentials: <screen> &rootprompt; wbinfo --set-auth-user=Administrator%not24get </screen> - The configuration is now ready to obtain the Samba domain user and group information. + The configuration is now ready to obtain ADS domain user and group information. </para></step> <step><para> @@ -751,7 +784,7 @@ aliases: files </sect2> <sect2 id="wdcsdm"> - <title>NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</title> + <title>NT4/Samba Domain with Samba Domain Member Server: Using Winbind</title> <para> You need to use this method for creating a Samba domain member server if any of the following conditions @@ -768,27 +801,32 @@ aliases: files </para></listitem> <listitem><para> - The Samba domain member server must be part of a Windows NT4 Domain, or a Samba Domain. + The Samba domain member server must be part of a Windows NT4 Domain. </para></listitem> </itemizedlist> - <para> - <indexterm><primary>Windows ADS Domain</primary></indexterm> - <indexterm><primary>Samba Domain</primary></indexterm> - <indexterm><primary>LDAP</primary></indexterm> + <para><indexterm> + <primary>Windows ADS Domain</primary> + </indexterm><indexterm> + <primary>Samba Domain</primary> + </indexterm><indexterm> + <primary>LDAP</primary> + </indexterm> Later in the chapter, you can see how to configure a Samba domain member server for a Windows ADS domain. Right now your objective is to configure a Samba server that can be a member of a Windows NT4-style domain and/or does not use LDAP. </para> - <note><para> - <indexterm><primary>duplicate accounts</primary></indexterm> + <note><para><indexterm> + <primary>duplicate accounts</primary> + </indexterm> If you use <command>winbind</command> for identity resolution, make sure that there are no duplicate accounts. </para> - <para> - <indexterm><primary>/etc/passwd</primary></indexterm> + <para><indexterm> + <primary>/etc/passwd</primary> + </indexterm> For example, do not have more than one account that has UID=0 in the password database. If there is an account called <constant>root</constant> in the <filename>/etc/passwd</filename> database, it is okay to have an account called <constant>root</constant> in the LDAP ldapsam or in the @@ -797,20 +835,29 @@ aliases: files <constant>root</constant>. </para> - <para> - <indexterm><primary>/etc/passwd</primary></indexterm> - <indexterm><primary>ldapsam</primary></indexterm> - <indexterm><primary>tdbsam</primary></indexterm> + <para><indexterm> + <primary>/etc/passwd</primary> + </indexterm><indexterm> + <primary>ldapsam</primary> + </indexterm><indexterm> + <primary>tdbsam</primary> + </indexterm> Winbind will break if there is an account in <filename>/etc/passwd</filename> that has the same UID as an account that is in LDAP ldapsam (or in tdbsam) but that differs in name only. </para></note> - <para> - <indexterm><primary>credentials</primary></indexterm> - <indexterm><primary>traverse</primary></indexterm> - <indexterm><primary>wide-area</primary></indexterm> - <indexterm><primary>network</primary><secondary>wide-area</secondary></indexterm> - <indexterm><primary>tdbdump</primary></indexterm> + <para><indexterm> + <primary>credentials</primary> + </indexterm><indexterm> + <primary>traverse</primary> + </indexterm><indexterm> + <primary>wide-area</primary> + </indexterm><indexterm> + <primary>network</primary> + <secondary>wide-area</secondary> + </indexterm><indexterm> + <primary>tdbdump</primary> + </indexterm> The following configuration uses CIFS/SMB protocols alone to obtain user and group credentials. The winbind information is locally cached in the <filename>winbindd_cache.tdb winbindd_idmap.tdb</filename> files. This provides considerable performance benefits compared with the LDAP solution, particularly @@ -827,26 +874,32 @@ aliases: files shown in <link linkend="ch0-NT4DSDM"/>. </para></step> - <step><para> - <indexterm><primary>/etc/nsswitch.conf</primary></indexterm> + <step><para><indexterm> + <primary>/etc/nsswitch.conf</primary> + </indexterm> Edit the <filename>/etc/nsswitch.conf</filename> so it has the entries shown in <link linkend="ch9-sdmnss"/>. </para></step> - <step><para> - <indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>join</tertiary></indexterm> + <step><para><indexterm> + <primary>net</primary> + <secondary>rpc</secondary> + <tertiary>join</tertiary> + </indexterm> The system is ready to join the domain. Execute the following: <screen> net rpc join -U root%not2g4et Joined domain MEGANET2. </screen> - This indicates that the domain join succeed. + This indicates that the domain join succeed. </para></step> - <step><para> - <indexterm><primary>winbind</primary></indexterm> - <indexterm><primary>wbinfo</primary></indexterm> + <step><para><indexterm> + <primary>winbind</primary> + </indexterm><indexterm> + <primary>wbinfo</primary> + </indexterm> Validate operation of <command>winbind</command> using the <command>wbinfo</command> tool as follows: <screen> @@ -874,10 +927,13 @@ MEGANET2+PIOps This shows that domain groups have been correctly obtained also. </para></step> - <step><para> - <indexterm><primary>NSS</primary></indexterm> - <indexterm><primary>getent</primary></indexterm> - <indexterm><primary>winbind</primary></indexterm> + <step><para><indexterm> + <primary>NSS</primary> + </indexterm><indexterm> + <primary>getent</primary> + </indexterm><indexterm> + <primary>winbind</primary> + </indexterm> The next step verifies that NSS is able to obtain this information correctly from <command>winbind</command> also. <screen> @@ -921,7 +977,6 @@ MEGANET2+PIOps:x:10005: <step><para> The Samba member server of a Windows NT4 domain is ready for use. </para></step> - </procedure> <smbconfexample id="ch0-NT4DSDM"> @@ -1004,7 +1059,7 @@ MEGANET2+PIOps:x:10005: net rpc join -U root%not24get Joined domain MEGANET2. </screen> - This indicates that the domain join succeed. + This indicates that the domain join succeed. </para></step> <step><para> @@ -1111,16 +1166,17 @@ Joined domain MEGANET2. domain name is <constant>LONDON</constant> and the server name is <constant>W2K3S</constant>. </para> - <image id="ch9-adsdc"> - <imagedescription>Active Directory Domain: Samba Member Server</imagedescription> + <figure id="ch9-adsdc"> + <title>Active Directory Domain: Samba Member Server</title> <imagefile scale="60">chap9-ADSDC</imagefile> - </image> + </figure> <procedure> <title>Joining a Samba Server as an ADS Domain Member</title> - <step><para> - <indexterm><primary>smbd</primary></indexterm> + <step><para><indexterm> + <primary>smbd</primary> + </indexterm> Before you try to use Samba-3, you want to know for certain that your executables have support for Kerberos and for LDAP. Execute the following to identify whether or not this build is perhaps suitable for use: @@ -1436,8 +1492,11 @@ Server time offset: 2 In any case, the output we obtained confirms that all systems are operational. </para></step> - <step><para> - <indexterm><primary>net</primary><secondary>ads</secondary><tertiary>status</tertiary></indexterm> + <step><para><indexterm> + <primary>net</primary> + <secondary>ads</secondary> + <tertiary>status</tertiary> + </indexterm> There is one more action you elect to take, just because you are paranoid and disbelieving, so you execute the following command: <programlisting> @@ -1518,7 +1577,6 @@ Permissions: called <constant>FRAN</constant> is able to communicate fully with the ADS domain controllers. </para></step> - </procedure> @@ -1953,7 +2011,7 @@ ssl no </para></step> <step><para> - Configure an LDAP server and initialize the directory with the top-level entries needed by IDMAP + Configure an LDAP server and initialize the directory with the top level entries needed by IDMAP as shown in the following LDIF file: <screen> dn: dc=snowshow,dc=com @@ -2165,8 +2223,8 @@ hosts: files wins </itemizedlist> <para> - The following guidelines are pertinent to the deployment of winbind-based authentication - and identity resolution with the express purpose of allowing users to log on to UNIX/Linux desktops + The following guidelines are pertinent the deployment of winbind-based authentication + and identity resolution with the express purpose of allowing users to log onto UNIX/Linux desktops using Windows network domain user credentials (username and password). </para> @@ -2189,7 +2247,7 @@ hosts: files wins <indexterm><primary>PAM</primary></indexterm> <indexterm><primary>Identity resolution</primary></indexterm> <indexterm><primary>NSS</primary></indexterm> - To permit users to log on to a Linux system using Windows network credentials, you need to + To permit users to log onto a Linux system using Windows network credentials, you need to configure identity resolution (NSS) and PAM. This means that the basic steps include those outlined above with the addition of PAM configuration. Given that most workstations (desktop/client) usually do not need to provide file and print services to a group of users, the configuration @@ -2371,7 +2429,7 @@ session sufficient /lib/security/$ISA/pam_winbind.so use_first_pass The addition of UNIX/Linux Samba servers and clients is a common requirement. In this chapter, you learned how to integrate such servers so that the UID/GID mappings they use can be consistent across all domain member servers. You also discovered how to implement the ability to use Samba - or Windows domain account credentials to log on to a UNIX/Linux client. + or Windows domain account credentials to log onto a UNIX/Linux client. </para> <para> @@ -2552,7 +2610,7 @@ session sufficient /lib/security/$ISA/pam_winbind.so use_first_pass <question> <para> - Are you suggesting that users should not log on to a domain member server? If so, why? + Are you suggesting that users should not log onto a domain member server? If so, why? </para> </question> diff --git a/docs/Samba3-ByExample/SBE-Appendix1.xml b/docs/Samba3-ByExample/SBE-Appendix1.xml index 9d0e816e42..5e9fd1f07b 100644 --- a/docs/Samba3-ByExample/SBE-Appendix1.xml +++ b/docs/Samba3-ByExample/SBE-Appendix1.xml @@ -39,7 +39,7 @@ <step><para> The opening panel is the same one that can be reached by clicking <guimenu>System</guimenu> on the Control Panel. See <link linkend="swxpp001"></link>. - <image id="swxpp001"><imagefile>wxpp001</imagefile><imagedescription>The General Panel.</imagedescription></image> + <figure id="swxpp001"><imagefile>wxpp001</imagefile><title>The General Panel.</title></figure> </para></step> <step><para> @@ -52,13 +52,13 @@ Clicking the <guimenu>Network ID</guimenu> button launches the configuration wizard. Do not use this with Samba-3. If you wish to change the computer name, or join or leave the domain, click the <guimenu>Change</guimenu> button. See <link linkend="swxpp004"></link>. - <image id="swxpp004"><imagefile>wxpp004</imagefile><imagedescription>The Computer Name Panel.</imagedescription></image> + <figure id="swxpp004"><imagefile>wxpp004</imagefile><title>The Computer Name Panel.</title></figure> </para></step> <step><para> Click on <guimenu>Change</guimenu>. This panel shows that our example machine (TEMPTATION) is in a workgroup called WORKGROUP. We join the domain called MIDEARTH. See <link linkend="swxpp006"></link>. - <image id="swxpp006"><imagefile>wxpp006</imagefile><imagedescription>The Computer Name Changes Panel</imagedescription></image> + <figure id="swxpp006"><imagefile>wxpp006</imagefile><title>The Computer Name Changes Panel</title></figure> </para></step> <step><para> @@ -67,7 +67,7 @@ <para> This panel shows that our example machine (TEMPTATION) is set to join the domain called MIDEARTH. See <link linkend="swxpp007"></link>. - <image id="swxpp007"><imagefile>wxpp007</imagefile><imagedescription>The Computer Name Changes Panel &smbmdash; Domain MIDEARTH</imagedescription></image> + <figure id="swxpp007"><imagefile>wxpp007</imagefile><title>The Computer Name Changes Panel &smbmdash; Domain MIDEARTH</title></figure> </para></step> <step><para> @@ -77,7 +77,7 @@ <para> Enter the name <quote>root</quote> and the root password from your Samba-3 server. See <link linkend="swxpp008"></link>. - <image id="swxpp008"><imagefile>wxpp008</imagefile><imagedescription>Computer Name Changes &smbmdash; User name and Password Panel</imagedescription></image> + <figure id="swxpp008"><imagefile>wxpp008</imagefile><title>Computer Name Changes &smbmdash; User name and Password Panel</title></figure> </para></step> <step><para> @@ -1139,10 +1139,10 @@ to LAM using only SSL. An example of the LAM login screen is provided in <link linkend="lam-login"/>. </para> - <image id="lam-login"> - <imagedescription>The LDAP Account Manager Login Screen</imagedescription> + <figure id="lam-login"> + <title>The LDAP Account Manager Login Screen</title> <imagefile scale="50">lam-login</imagefile> - </image> + </figure> <para> <indexterm><primary>LAM</primary><secondary>configuration editor</secondary></indexterm> @@ -1156,10 +1156,10 @@ to LAM using only SSL. using LAM to add additional users and groups. </para> - <image id="lam-config"> - <imagedescription>The LDAP Account Manager Configuration Screen</imagedescription> + <figure id="lam-config"> + <title>The LDAP Account Manager Configuration Screen</title> <imagefile scale="50">lam-config</imagefile> - </image> + </figure> <para> <indexterm><primary>PDF</primary></indexterm> @@ -1180,10 +1180,10 @@ to LAM using only SSL. finished editing simply press the <guimenu>Final</guimenu> button. </para> - <image id="lam-user"> - <imagedescription>The LDAP Account Manager User Edit Screen</imagedescription> + <figure id="lam-user"> + <title>The LDAP Account Manager User Edit Screen</title> <imagefile scale="50">lam-users</imagefile> - </image> + </figure> <para> The edit screen for groups is shown in <link linkend="lam-group"/>. As with the edit screen @@ -1192,15 +1192,15 @@ to LAM using only SSL. memberships. </para> - <image id="lam-group"> - <imagedescription>The LDAP Account Manager Group Edit Screen</imagedescription> + <figure id="lam-group"> + <title>The LDAP Account Manager Group Edit Screen</title> <imagefile scale="50">lam-groups</imagefile> - </image> + </figure> - <image id="lam-group-mem"> - <imagedescription>The LDAP Account Manager Group Membership Edit Screen</imagedescription> + <figure id="lam-group-mem"> + <title>The LDAP Account Manager Group Membership Edit Screen</title> <imagefile scale="50">lam-group-members</imagefile> - </image> + </figure> <para> <indexterm><primary>smbldap-tools</primary></indexterm><indexterm><primary>scripts</primary></indexterm> @@ -1209,10 +1209,10 @@ to LAM using only SSL. will, in most cases, not be used. </para> - <image id="lam-host"> - <imagedescription>The LDAP Account Manager Host Edit Screen</imagedescription> + <figure id="lam-host"> + <title>The LDAP Account Manager Host Edit Screen</title> <imagefile scale="50">lam-hosts</imagefile> - </image> + </figure> <para> One aspect of LAM that may annoy some users is the way it forces certain conventions on @@ -1224,10 +1224,10 @@ to LAM using only SSL. </para> <para> - The next major release, LAM 0.5, will have fewer restrictions and support the latest Samba features - (e.g., logon hours). The new plugin-based architecture also allows management of much more different - account types like plain UNIX accounts. The upload can now handle groups and hosts, too. Another - important point is the tree view which allows browsing and editing LDAP objects directly. + The next major release, LAM 0.5, will have less restrictions and support the latest Samba features + (e.g. logon hours). The new plugin based architecture also allows to manage much more different + account types like plain Unix accounts. The upload can now handle groups and hosts, too. Another + important point is the tree view which allows to browse and edit LDAP objects directly. </para> <example id="lamcfg"> @@ -1419,7 +1419,7 @@ drw-rw-r-- 2 bobj Domain Users 12346 Dec 18 18:11 maryvfile.txt <title>Microsoft Access</title> <para> - The best advice that can be given is to carefully read the Microsoft knowledgebase articles that + The best advice that can be given is to carefully read the Microsoft knowledge base articles that cover this area. Examples of relevant documents include: </para> diff --git a/docs/Samba3-ByExample/SBE-Appendix2.xml b/docs/Samba3-ByExample/SBE-Appendix2.xml index c2e8f29de0..0a73100d3a 100644 --- a/docs/Samba3-ByExample/SBE-Appendix2.xml +++ b/docs/Samba3-ByExample/SBE-Appendix2.xml @@ -276,15 +276,15 @@ A screenshot of a later stage of the same capture is shown in <link linkend="pktcap02"/>. </para> - <image id="pktcap01"> - <imagedescription>Windows Me &smbmdash; Broadcasts &smbmdash; The First 10 Minutes</imagedescription> + <figure id="pktcap01"> + <title>Windows Me &smbmdash; Broadcasts &smbmdash; The First 10 Minutes</title> <imagefile scale="40">WINREPRESSME-Capture</imagefile> - </image> + </figure> - <image id="pktcap02"> - <imagedescription>Windows Me &smbmdash; Later Broadcast Sample</imagedescription> + <figure id="pktcap02"> + <title>Windows Me &smbmdash; Later Broadcast Sample</title> <imagefile scale="42">WINREPRESSME-Capture2</imagefile> - </image> + </figure> <para><indexterm> <primary>Local Master Browser</primary> @@ -589,10 +589,10 @@ </para> - <image id="hostannounce"> - <imagedescription>Typical Windows 9x/Me Host Announcement</imagedescription> + <figure id="hostannounce"> + <title>Typical Windows 9x/Me Host Announcement</title> <imagefile scale="41">HostAnnouncment</imagefile> - </image> + </figure> </sect3> </sect2> @@ -716,11 +716,11 @@ <link linkend="nullconnect"/>. </para> - <image id="nullconnect"> - <imagedescription>Typical Windows 9x/Me NULL SessionSetUp AndX Request</imagedescription> + <figure id="nullconnect"> + <title>Typical Windows 9x/Me NULL SessionSetUp AndX Request</title> <imagefile scale="41">NullConnect</imagefile> - </image> + </figure> <para> <indexterm><primary>nobody</primary></indexterm> @@ -734,10 +734,10 @@ is shown in <link linkend="userconnect"/>. </para> - <image id="userconnect"> - <imagedescription>Typical Windows 9x/Me User SessionSetUp AndX Request</imagedescription> + <figure id="userconnect"> + <title>Typical Windows 9x/Me User SessionSetUp AndX Request</title> <imagefile scale="41">UserConnect</imagefile> - </image> + </figure> <para> <indexterm><primary>encrypted</primary></indexterm> @@ -890,15 +890,15 @@ </procedure> - <image id="XPCap01"> - <imagedescription>Typical Windows XP NULL Session Setup AndX Request</imagedescription> + <figure id="XPCap01"> + <title>Typical Windows XP NULL Session Setup AndX Request</title> <imagefile scale="50">WindowsXP-NullConnection</imagefile> - </image> + </figure> - <image id="XPCap02"> - <imagedescription>Typical Windows XP User Session Setup AndX Request</imagedescription> + <figure id="XPCap02"> + <title>Typical Windows XP User Session Setup AndX Request</title> <imagefile scale="50">WindowsXP-UserConnection</imagefile> - </image> + </figure> <sect3> <title>Discussion</title> diff --git a/docs/Samba3-ByExample/SBE-DomainAppsSupport.xml b/docs/Samba3-ByExample/SBE-DomainAppsSupport.xml index eefc9c9fb2..49dafda9fa 100644 --- a/docs/Samba3-ByExample/SBE-DomainAppsSupport.xml +++ b/docs/Samba3-ByExample/SBE-DomainAppsSupport.xml @@ -36,7 +36,7 @@ With this acquisition comes new challenges for you and your team. Abmas Snack Foods is a well-developed business with a huge and heterogeneous network. It already has Windows, NetWare, and Proprietary UNIX, but as yet no Samba or Linux. - The network is mature and well-established, and there is no question of its chosen + The network is mature and well established, and there is no question of its chosen user authentication scheme being changed for now. You need to take a wise new approach. </para> @@ -790,7 +790,7 @@ group: files winbind </para></blockquote> <para> - You would be well-advised to recognize that all cache-intensive proxying solutions demand a lot of memory. + You would be well advised to recognize that all cache-intensive proxying solutions demand a lot of memory. Make certain that your Squid proxy server is equipped with sufficient memory to permit all proxy operations to run out of memory without invoking the overheads involved in the use of memory that has to be swapped to disk. </para> diff --git a/docs/Samba3-ByExample/SBE-HighAvailability.xml b/docs/Samba3-ByExample/SBE-HighAvailability.xml index db94af4d2f..a309f3aea8 100644 --- a/docs/Samba3-ByExample/SBE-HighAvailability.xml +++ b/docs/Samba3-ByExample/SBE-HighAvailability.xml @@ -253,10 +253,10 @@ <indexterm><primary>DNS</primary><secondary>name lookup</secondary></indexterm> <indexterm><primary>resolve</primary></indexterm> A Samba server called <constant>FRED</constant> in a NetBIOS domain called <constant>COLLISION</constant> - in a network environment that is part of the fully-qualified Internet domain namespace known - as <constant>parrots.com</constant>, results in DNS name lookups for <constant>fred.parrots.com</constant> + in a network environment that is part of the fully qualified Internet domain namespace known + as <constant>parrots.com</constant> results in DNS name lookups for <constant>fred.parrots.com</constant> and <constant>collision.parrots.com</constant>. It is therefore a mistake to name the domain - (workgroup) <constant>collision.parrots.com</constant>, since this results in DNS lookup + (workgroup) <constant>collision.parrots.com,</constant> since this results in DNS lookup attempts to resolve <constant>fred.parrots.com.parrots.com</constant>, which most likely fails given that you probably do not have this in your DNS namespace. </para> @@ -375,7 +375,7 @@ </para> <para> - As the size of the &smb.conf; file grows, the risk of introducing parsing errors also increases. + As the size of the &smb.conf; file grows, the risk of introduction of parsing errors increases also. It is recommended to keep a fully documented &smb.conf; file on hand, and then to operate Samba only with an optimized file. </para> @@ -479,7 +479,7 @@ cannot be set in the smb.conf file. nmbd will abort with this setting. <indexterm><primary>Domain Controller</primary></indexterm> As a general guide, instead of adding domain member servers to a network, you would be better advised to add BDCs until there are fewer than 30 Windows clients per BDC. Beyond that ratio, you should add - domain member servers. This practice ensures that there are always sufficient domain controllers + domain member servers. This practice ensures that there is always sufficient domain controllers to handle logon requests and authentication traffic. </para> @@ -617,33 +617,33 @@ cannot be set in the smb.conf file. nmbd will abort with this setting. <para> There exist applications that create or manage directories containing many thousands of files. Such - applications typically generate many small files (less than 100 KB). At the best of times, under UNIX, - listing of the files in a directory that contains many files is slow. By default, Windows NT, 200x, + applications typically generate many small files (less than 100 KB). At the best of times under UNIX + listing of the files in a directory that contains many files is slow. By default Windows NT, 200x, and XP Pro cause network file system directory lookups on a Samba server to be performed for both the case preserving file name as well as for the mangled (8.3) file name. This incurs a huge overhead on the Samba server that may slow down the system dramatically. </para> <para> - In an extreme case, the performance impact was dramatic. File transfer from the Samba server to a Windows + In an extreme case the performance impact was dramatic. File transfer from the Samba server to a Windows XP Professional workstation over 1 Gigabit Ethernet for 250-500 KB files was measured at approximately - 30 MB/sec. But when tranferring a directory containing 120,000 files, all from 50KB to 60KB in size, the + 30 MB/sec. But when tranfering a directory containng 120,000 files, all from 50KB to 60KB in size, the transfer rate to the same workstation was measured at approximately 1.5 KB/sec. The net transfer was - on the order of a factor of 20-fold slower. + of the order of a factor of 20-fold slower. </para> <para> The symptoms that will be observed on the Samba server when a large directory is accessed will be that - aggregate I/O (typically blocks read) will be relatively low, yet the wait I/O times will be incredibly + aggregate I/O (typically blocks read) will be relatively low, yet the wait I/O times will be incredably long while at the same time the read queue is large. Close observation will show that the hard drive that the file system is on will be thrashing wildly. </para> <para> - Samba-3.0.12 and later, includes new code that radically improves Samba perfomance. The secret to this is + Samba-3.0.12, and later, includes new code that radically improves Samba perfomance. The secret to this is really in the <smbconfoption name="case sensitive">True</smbconfoption> line. This tells smbd never to scan for case-insensitive versions of names. So if an application asks for a file called <filename>FOO</filename>, - and it can not be found by a simple stat call, then smbd will return "file not found" immediately without + and it can not be found by a simple stat call, then smbd will return file not found immediately without scanning the containing directory for a version of a different case. </para> diff --git a/docs/Samba3-ByExample/SBE-KerberosFastStart.xml b/docs/Samba3-ByExample/SBE-KerberosFastStart.xml index 58ac2b6931..42546c1256 100644 --- a/docs/Samba3-ByExample/SBE-KerberosFastStart.xml +++ b/docs/Samba3-ByExample/SBE-KerberosFastStart.xml @@ -292,7 +292,7 @@ <para> You agreed with Stan's recommendations and hired a consultant to help defuse the powder keg. The consultant's task is to provide a tractable answer to each of the issues raised. The consultant must be able - to support his or her claims, keep emotions to the side, and answer technically. + to support his or her claims, keep emotions to a side, and answer technically. </para> </sect2> @@ -464,7 +464,7 @@ </indexterm> Windows network administrators may be dismayed to find that <command>winbind</command> exposes all domain users so that they may use their domain account credentials to - log on to a UNIX/Linux system. The fact that all users in the domain can see the + log onto a UNIX/Linux system. The fact that all users in the domain can see the UNIX/Linux server in their Network Neighborhood and can browse the shares on the server seems to excite them further. </para> @@ -676,9 +676,9 @@ </indexterm> The release of Samba-4 is expected around late 2004 to early 2005 and involves a near complete rewrite to permit extensive modularization and to prepare Samba for new - functionality planned for addition during the next-generation series. The Samba Team + functionality planned for addition during the next-generation series. The Samba Team is responsible and can be depended upon; the history to date suggests a high - degree of dependability and on charter development consistent with published + degree of dependability as well on charter development consistent with published roadmap projections. </para> @@ -877,7 +877,7 @@ </indexterm> Kerberos is a network authentication protocol that provides secure authentication for client-server applications by using secret-key cryptography. Firewalls are an insufficient - barrier mechanism in today's networking world; at best they only restrict incoming network + barrier mechanism in todays networking world; at best they only restrict incoming network traffic but cannot prevent network traffic that comes from authorized locations from performing unauthorized activities. </para> @@ -924,7 +924,7 @@ </indexterm> Kerberos was, until recently, a technology that was restricted from being exported from the United States. For many years that hindered global adoption of more secure networking technologies both within the United States - and abroad. A free and unencumbered implementation of MIT Kerberos has been produced in Europe + and abroad. A free an unencumbered implementation of MIT Kerberos has been produced in Europe and is available from the University of Paderborn, Sweden. It is known as the Heimdal Kerberos project. In recent times the U.S. government has removed sanctions affecting the global distribution of MIT Kerberos. It is likely that there will be a significant surge forward in the development of Kerberos-enabled applications @@ -966,7 +966,7 @@ </indexterm> It so happens that Microsoft Windows clients depend on and expect the contents of the <emphasis>unspecified fields</emphasis> in the Kerberos 5 communications data stream for their Windows interoperability, - particularly when Samba is expected to emulate a Windows Server 200x domain controller. But the interoperability + particularly when Samba is being expected to emulate a Windows Server 200x domain controller. But the interoperability issue goes far deeper than this. In the domain control protocols that are used by MS Windows XP Professional, there is a tight interdependency between the Kerberos protocols and the Microsoft distributed computing environment (DCE) RPCs that themselves are an integral part of the SMB/CIFS protocols as used by @@ -1027,7 +1027,7 @@ </indexterm><indexterm> <primary>account</primary> </indexterm> - From a Windows 200x/XP Professional workstation, log on to the domain using the Domain Administrator + From a Windows 200x/XP Professional workstation, log onto the domain using the Domain Administrator account (on Samba domains, this is usually the account called <constant>root</constant>). </para></step> @@ -1142,7 +1142,7 @@ </indexterm><indexterm> <primary>hierarchy of control</primary> </indexterm> - It must be emphasized that the controls discussed here can act as a filter or give rights of passage + It must be emphasized that the controls here discussed can act as a filter or give rights of passage that act as a superstructure over normal directory and file access controls. However, share-level ACLs act at a higher level than do share definition controls because the user must filter through the share-level controls to get to the share-definition controls. The proper hierarchy of controls implemented @@ -1525,7 +1525,7 @@ <procedure> <step><para> - From a Windows 200x/XP Professional workstation, log on to the domain using the Domain Administrator + From a Windows 200x/XP Professional workstation, log onto the domain using the Domain Administrator account (on Samba domains, this is usually the account called <constant>root</constant>). </para></step> @@ -1728,7 +1728,7 @@ other::r-x </indexterm><indexterm> <primary>inheritance</primary> </indexterm> - It is highly recommended that you read the online manual page for the <command>setfacl</command> + It is highly recommend that you read the online manual page for the <command>setfacl</command> and <command>getfacl</command> commands. This provides information regarding how to set/read the default ACLs and how that may be propagated through the directory tree. In Windows ACLs terms, this is the equivalent of setting <constant>inheritance</constant> properties. diff --git a/docs/Samba3-ByExample/SBE-MakingHappyUsers.xml b/docs/Samba3-ByExample/SBE-MakingHappyUsers.xml index f5cf133a60..024cfd6643 100644 --- a/docs/Samba3-ByExample/SBE-MakingHappyUsers.xml +++ b/docs/Samba3-ByExample/SBE-MakingHappyUsers.xml @@ -542,10 +542,10 @@ clients is conservative and if followed will minimize problems &smbmdash; but it of the UNIX username to the UID. The relationships are demonstrated in <link linkend="sbehap-LDAPdiag"/>. </para> - <image id="sbehap-LDAPdiag"> - <imagedescription>The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</imagedescription> + <figure id="sbehap-LDAPdiag"> + <title>The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</title> <imagefile scale="50">UNIX-Samba-and-LDAP</imagefile> - </image> + </figure> <para> <indexterm><primary>security</primary></indexterm> @@ -1293,10 +1293,10 @@ slapd[12164]: conn=1 fd=10 closed that you will install additional file servers and possibly additional BDCs. </para> - <image id="chap6net"> - <imagedescription>Network Topology &smbmdash; 500 User Network Using ldapsam passdb backend</imagedescription> + <figure id="chap6net"> + <title>Network Topology &smbmdash; 500 User Network Using ldapsam passdb backend</title> <imagefile scale="50">chap6-net</imagefile> - </image> + </figure> <para> <indexterm><primary>SUSE Linux</primary></indexterm> @@ -2131,7 +2131,7 @@ Let's start configuring the smbldap-tools scripts ... . workgroup name: name of the domain Samba act as a PDC workgroup name [MEGANET2] > -. netbios name: netbios name of the samba controller +. netbios name: netbios name of the samba controler netbios name [MASSIVE] > . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:' @@ -3730,8 +3730,8 @@ HKEY_LOCAL_MACHINE\Default\Software\Microsoft\Windows\ </procedure> <para> - Before punching out new desktop images for the client workstations, it is perhaps a good idea that - desktop behavior should be returned to the original Microsoft settings. The following steps achieve + Before puching out new desktop images for the client workstations, it is perhaps a good idea that + desktop behavior should be returned to the original Microsoft settings. The followin steps achieve that ojective: </para> @@ -3753,10 +3753,10 @@ HKEY_LOCAL_MACHINE\Default\Software\Microsoft\Windows\ </procedure> - <image id="XP-screen001"> - <imagedescription>Windows XP Professional &smbmdash; User Shared Folders</imagedescription> + <figure id="XP-screen001"> + <title>Windows XP Professional &smbmdash; User Shared Folders</title> <imagefile scale="65">XP-screen001</imagefile> - </image> + </figure> <table id="proffold"> <title>Default Profile Redirections</title> diff --git a/docs/Samba3-ByExample/SBE-MigrateNT4Samba3.xml b/docs/Samba3-ByExample/SBE-MigrateNT4Samba3.xml index ffeba2254e..476d55a0ec 100644 --- a/docs/Samba3-ByExample/SBE-MigrateNT4Samba3.xml +++ b/docs/Samba3-ByExample/SBE-MigrateNT4Samba3.xml @@ -120,7 +120,7 @@ Do not forget to validate the security descriptors in the profiles share as well as network logon scripts. Feedback from sites that are migrating to Samba-3 suggests that many are using this as a good time to update desktop systems also. In all, the extra effort should constitute no - real disruption to users, but rather, with due diligence and care, should make their network experience + real disruption to users, but rather, with due diligence and care should make their network experience a much happier one. </para> @@ -138,10 +138,10 @@ from a Windows NT4 domain to a Samba domain. </para> - <image id="ch8-migration"> - <imagedescription>Schematic Explaining the <command>net rpc vampire</command> Process</imagedescription> + <figure id="ch8-migration"> + <title>Schematic Explaining the <command>net rpc vampire</command> Process</title> <imagefile scale="55">ch8-migration</imagefile> - </image> + </figure> <para> <indexterm><primary>merge</primary></indexterm> @@ -198,10 +198,10 @@ an LDAP backend. </para> - <image id="NT4DUM"> - <imagedescription>View of Accounts in NT4 Domain User Manager</imagedescription> + <figure id="NT4DUM"> + <title>View of Accounts in NT4 Domain User Manager</title> <imagefile scale="50">UserMgrNT4</imagefile> - </image> + </figure> </sect2> @@ -683,7 +683,7 @@ Storing SID S-1-5-21-1385457007-882775198-1210191635 \ Install the Idealx <command>smbldap-tools</command> software package, following the instructions given in <link linkend="sbeidealx"/>. The resulting perl scripts should be located in the <filename>/opt/IDEALX/sbin</filename> directory. - Change into that location, or wherever the scripts have been installed. Execute the + Change into that location, or whereever the scripts have been installed. Execute the <filename>configure.pl</filename> script to configure the Idealx package for use. Note: Use the domain SID obtained from the step above. The following is an example configuration session: @@ -1525,7 +1525,7 @@ Users Ordinary users <para> When migrating a <filename>smbpasswd</filename> file to an LDAP backend, the UID of each account is taken together with the account information in the - <filename>/etc/passwd</filename>, and both sets of data are used to create the account + <filename>/etc/passwd,</filename> and both sets of data are used to create the account entry in the LDAP database. </para> diff --git a/docs/Samba3-ByExample/SBE-MigrateNW4Samba3.xml b/docs/Samba3-ByExample/SBE-MigrateNW4Samba3.xml index fcdf69abbd..43dee10a32 100644 --- a/docs/Samba3-ByExample/SBE-MigrateNW4Samba3.xml +++ b/docs/Samba3-ByExample/SBE-MigrateNW4Samba3.xml @@ -29,7 +29,7 @@ <indexterm><primary>migration</primary></indexterm> Contributions to this chapter were made by Misty Stanley-Jones, a UNIX administrator of many years who surfaced on the Samba mailing list with a barrage of questions and who - regularly helps other administrators to solve thorny Samba migration questions. + regularly now helps other administrators to solve thorny Samba migration questions. </para> <para> @@ -52,7 +52,7 @@ <para> The priority that Misty faced was one of migration of the data files off the NetWare 4.11 - server and onto a Samba-based Windows file and print server. This chapter does not pretend + server and onto a Samba-ased Windows file and print server. This chapter does not pretend to document all the different methods that could be used to migrate user and group accounts off a NetWare server. Its focus is on migration of data files. </para> @@ -232,7 +232,7 @@ entering everything from the printed company directory. This used only the inetOrgPerson object class from the OpenLDAP schemas. The next step was to write a shell script that would look at the <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> - files on our mail server and create an LDIF file from which the information could be + files on our mail server and create a LDIF file from which the information could be imported into LDAP. This would allow use of LDAP for Linux authentication, IMAP, POP3, and SMTP. </para> @@ -965,7 +965,7 @@ The Idealx smbldap-tools package can be configured using a script called <command>configure.pl</command> that is provided as part of the tool. See <link linkend="happy"/> for an example of its use. Many administrators, like Misty, choose to do this manually so as to maintain greater awareness of how the tool-chain works and possibly to avoid -undesirable actions from occurring unnoticed. +undesirable actions from occurring un-noticed. </para></note> <para> @@ -1197,7 +1197,7 @@ masterPw="verysecret" The next step was to run the <command>smbldap-populate</command> command, which populates the LDAP tree with the appropriate default users, groups, and UID and GID pools. It creates a user called Administrator with UID=0 and GID=0 matching the - Domain Admins group. This is fine because you can still log on as root to a Windows system, + Domain Admins group. This is fine because you can still log on a root to a Windows system, but it will break cached credentials if you need to log on as the administrator to a system that is not on the network. </para> @@ -1378,7 +1378,7 @@ sambaAcctFlags: [W ] <para> <indexterm><primary>netlogon</primary></indexterm> - So now I could log on with a test user from the machine w2kengrspare. It was all well and + So now I could log on with a test user from the machine w2kengrspare. It was all fine and good, but that user was in no groups yet and so had pretty boring access. I fixed that by writing the login script! To write the login script, I used <ulink url="http://www.kixtart.org">Kixtart</ulink> because it will work @@ -1613,7 +1613,7 @@ ENDIF One option is to check the OS as part of the Kixtart script, and if it is Win9x and is the first login, copy a premade <filename>autoexec.bat</filename> to the <filename>C:</filename> drive. I - have only three such machines, and one is going away in the very near future, + have onlythree such machines, and one is going away in the very near future, so it was easier to do it by hand. </para> diff --git a/docs/Samba3-ByExample/SBE-SecureOfficeServer.xml b/docs/Samba3-ByExample/SBE-SecureOfficeServer.xml index cc67cd4c39..6e8a5c85a1 100644 --- a/docs/Samba3-ByExample/SBE-SecureOfficeServer.xml +++ b/docs/Samba3-ByExample/SBE-SecureOfficeServer.xml @@ -144,10 +144,10 @@ </tgroup> </table> - <image id="ch04net"> - <imagedescription>Abmas Network Topology &smbmdash; 130 Users</imagedescription> + <figure id="ch04net"> + <title>Abmas Network Topology &smbmdash; 130 Users</title> <imagefile scale="65">chap4-net</imagefile> - </image> + </figure> <para> Christine recommended that desktop systems should be installed from a single cloned @@ -1511,9 +1511,9 @@ hosts: files dns wins <title>Printer Configuration</title> <para> - Network administrators who are new to CUPS based-printing typically experience some difficulty mastering + Network administrators who are new to CUPS based printing typically experience some difficulty mastering its powerful features. The steps outlined in this section are designed to navigate around the distractions - of learning CUPS. Instead of implementing smart features and capabilities, our approach is to use it as a + of learning CUPS. Instead of implementing smart features and capabilties our approach is to use it as a transparent print queue that performs no filtering, and only minimal handling of each print job that is submitted to it. In other words, our configuration turns CUPS into a raw-mode print queue. This means that the correct printer driver must be installed on all clients. @@ -1604,7 +1604,7 @@ application/octet-stream <para> Note: If the parameter <parameter>cups options = Raw</parameter> is specified in the &smb.conf; file, - the last two steps can be omitted with CUPS version 1.1.18, or later. + the last two steps can be omitted where CUPS version 1.1.18, or later. </para> <para> @@ -1821,7 +1821,7 @@ hosts: files dns wins <screen> &rootprompt; testparm -s Load smb config files from smb.conf -Processing section "[homes]" +rocessing section "[homes]" Processing section "[printers]" Processing section "[netlogon]" Processing section "[profiles]" @@ -2293,14 +2293,14 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds </para></step> <step><para> - Log on to the machine as the local Administrator (the only option), and join the machine to + Log onto the machine as the local Administrator (the only option), and join the machine to the Domain, following the procedure set out in Appendix A, <link linkend="domjoin"/>. The system is now ready for the user to log on, provided you have created a network logon account for that user, of course. </para></step> <step><para> - Instruct all users to log on to the workstation using their assigned username and password. + Instruct all users to log onto the workstation using their assigned username and password. </para></step> </procedure> diff --git a/docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml b/docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml index 036953b584..1213caf2d1 100644 --- a/docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml +++ b/docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml @@ -10,7 +10,7 @@ is the end of the road because their needs will have been adequately met. For others, this chapter is the beginning of a journey that will take them well past the contents of this book. This book provides example configurations of, for the greater part, complete networking solutions. The intent of this book - is to help you to get your Samba installation working with the least amount of pain and aggravation. + is to help you to get your Samba installation working with least amount of pain and aggravation. </para> <sect1> @@ -475,10 +475,10 @@ The office network is built as shown in <link linkend="charitynet"/>. </para> - <image id="charitynet"> - <imagedescription>Charity Administration Office Network</imagedescription> + <figure id="charitynet"> + <title>Charity Administration Office Network</title> <imagefile scale="80">Charity-Network</imagefile> - </image> + </figure> <?latex \newpage ?> @@ -568,12 +568,12 @@ Password changed <step><para> Install the &smb.conf; file shown in <link linkend="charity-smbconfnew"/> in the <filename>/etc/samba</filename> directory. This newer &smb.conf; file uses user-mode security - and is more suited to the mode of operation of Samba-3 than the older share-mode security + and is more suited to the mode of operation of Samba-3 that the older share-mode security configuration that was shown in the first edition of this book. </para> <para> - Note: If you want to use the older-style configuration that uses share-mode security, you + Note: If you want to use the older style configuration that uses share-mode security, you can install the file shown in <link linkend="charity-smbconf"/> in the <filename>/etc/samba</filename> directory. </para></step> @@ -997,10 +997,10 @@ C:\WINDOWS: regedit ME-dpwc.reg start of Samba configuration. The following prescriptive steps may now commence. </para> - <image id="acctingnet2"> - <imagedescription>Accounting Office Network Topology</imagedescription> + <figure id="acctingnet2"> + <title>Accounting Office Network Topology</title> <imagefile scale="85">AccountingNetwork</imagefile> - </image> + </figure> <table id="acctingnet"> <title>Accounting Office Network Information</title> diff --git a/docs/Samba3-ByExample/SBE-TheSmallOffice.xml b/docs/Samba3-ByExample/SBE-TheSmallOffice.xml index 8cb71820ed..7b6f9f7600 100644 --- a/docs/Samba3-ByExample/SBE-TheSmallOffice.xml +++ b/docs/Samba3-ByExample/SBE-TheSmallOffice.xml @@ -288,10 +288,10 @@ by setting the sticky bit (set UID/GID) on the top-level directories. </para> - <image id="acct2net"> - <imagedescription>Abmas Accounting &smbmdash; 52-User Network Topology</imagedescription> + <figure id="acct2net"> + <title>Abmas Accounting &smbmdash; 52-User Network Topology</title> <imagefile scale="100">acct2net</imagefile> - </image> + </figure> <procedure> <title>Server Installation Steps</title> diff --git a/docs/Samba3-ByExample/SBE-UpgradingSamba.xml b/docs/Samba3-ByExample/SBE-UpgradingSamba.xml index 1bc1f1f7ed..ded03bcba5 100644 --- a/docs/Samba3-ByExample/SBE-UpgradingSamba.xml +++ b/docs/Samba3-ByExample/SBE-UpgradingSamba.xml @@ -83,7 +83,7 @@ to perform a major upgrade. Many administrators have experienced the consequence of failure to take adequate precautions. So what is adequate? That is simple! If data is lost during an upgrade or update and it can not be restored, the precautions taken were inadequate. If a backup was not needed, but was available, -caution was on the side of the victor. +precaution was on the side of the victor. </para> <sect2> @@ -127,7 +127,7 @@ caution was on the side of the victor. There is an old axiom that says, <quote>The greater the volume of the documentation, the greater the risk that noone will read it, but where there is no documentation, noone can read it!</quote> While true, some documentation is an evil necessity. - It is hoped that this update to the documentation will avoid both extremes. + It is to be hoped that this update to the documentation will avoid both extremes. </para> <sect3> @@ -965,7 +965,7 @@ that are compatible with the original OS vendor's practices. <para> <indexterm><primary>binary package</primary></indexterm> <indexterm><primary>binary files</primary></indexterm> -If you are not sure whether a binary package complies with the OS +If you are not sure whether or a binary package complies with the OS vendor's practices, it is better to ask the package maintainer via email than to waste much time dealing with the nuances. Alternately, just diagnose the paths specified by the binary files following @@ -1116,8 +1116,8 @@ back to searching the 'ldap suffix' in some cases. is stored in the <constant>smbpasswd</constant> or in the <constant>tdbsam</constant> format, the user and group account information for UNIX accounts that match the Samba accounts will reside in the system - <filename>/etc/passwd</filename>, <filename>/etc/shadow</filename>, and - <filename>/etc/group</filename> files. In this case, be sure to copy these + <filename>/etc/passwd, /etc/shadow</filename>, and + <filename>/etc/group</filename> files. In this case be sure to copy these account entries to the new target server. </para> @@ -1152,7 +1152,7 @@ back to searching the 'ldap suffix' in some cases. <itemizedlist> <listitem><para> Where UNIX (POSIX) user and group accounts are stored in the system - <filename>/etc/passwd</filename>, <filename>/etc/shadow</filename>, and + <filename>/etc/passwd, /etc/shadow</filename>, and <filename>/etc/group</filename> files, be sure to add the same accounts with identical UID and GID values for each user. </para> diff --git a/docs/Samba3-ByExample/SBE-foreword.xml b/docs/Samba3-ByExample/SBE-foreword.xml index d90aead066..e8fa80ce31 100644 --- a/docs/Samba3-ByExample/SBE-foreword.xml +++ b/docs/Samba3-ByExample/SBE-foreword.xml @@ -19,14 +19,14 @@ of open-source software solutions globally, and in particular within the United <para> The OSSI has global affiliations with like-minded organizations. Our affiliate in the United Kingdom is the Open Source Consortium. Both the OSSI and the OSC share a common objective to expand the use of open-source -software in federal, state, and municipal government agencies; and in academic institutions. We represent +software in federal, state and municipal government agencies and in academic institutions. We represent businesses that provide professional support services that answer the needs of our target organizational -information technology consumers in an effective and cost-efficient manner. +information technology consumers in an effective and cost efficient manner. </para> <para> Open source software has matured greatly over the past 5 years with the result that an increasing number of -people who hold key decision-making positions want to know how the business model works. They +people who hold key influential decision-making positions want to know how the business model works. They want to understand how problems get resolved, how questions get answered, and how the development model is sustained. Information and Communications Technology directors in defense organizations, and in other government agencies that deal with sensitive information, want to become familiar with development road-maps @@ -36,38 +36,38 @@ and, in particular, seek to evaluate the track record of the main-stream open-so <para> Wherever the OSSI gains entrance to new opportunities we find that Microsoft Windows technologies are the benchmark against which open-source software solutions are measured. Two open-source software projects -are key to our ability to present a structured and convincing proposition that there are alternatives -to the incumbent proprietary means of meeting information technology needs. They are the Apache Web Server +are key to our ability to present a structured, and convincing, proposition that there are alternatives +to the incumbent proprietary means of meeting information technology needs. They are the Apache Web server and Samba. </para> <para> -Just as the Apache Web Server is the standard in web serving technology, Samba is the definitive standard -for providing interoperability with UNIX systems and other non-Microsoft operating system platforms. Both +Just as the Apache web server is the standard in web serving technology, Samba is the definitive standard +for providing inter-operability with UNIX systems and other non-Microsoft operating system platforms. Both open-source applications have a truly remarkable track record that extends well over a decade. Both have -demonstrated the unique capacity to innovate and maintain a level of development that has not only kept -pace with demands, but, in many areas, each project has also proven to be an industry leader. +demonstrated unique capacity to innovate and to maintain a level of development that has not only kept +pace with demands, but in many areas each project has also proven to be an industry leader. </para> <para> One of the areas in which the Samba project has demonstrated key leadership is in documentation. The OSSI -was delighted when we saw the Samba Team, and John H. Terpstra in particular, release two amazingly -well-written books to help Samba software users deploy, maintain, and troubleshoot Windows networking +was delighted when we saw the Samba Team, and John H. Terpstra in particular, release two amazingly well +written books to help Samba software users to deploy, maintain and trouble-shoot Windows networking installations. We were concerned that, given the large volume of documentation, the challenge to maintain it and keep it current might prove difficult. </para> <para> -This second edition of the book, <quote>Samba-3 by Example</quote>, barely one year following the release -of the first edition, has removed all concerns and is proof that open-source solutions are a compelling choice. +This second edition of the book, <quote>Samba-3 by Example</quote> barely one year following the release +of the first edition has removed all concerns and is proof that open-source solutions are a compelling choice. The first edition was released shortly following the release of Samba version 3.0 itself, and has become the authoritative instrument for training and for guiding deployment. </para> <para> -I am personally aware of how much effort has gone into this second edition. John Terpstra has worked with +I am personally aware how much effort has gone into this second edition. John Terpstra has worked with government bodies and with large organizations that have deployed Samba-3 since it was released. He also -worked to ensure that this book gained community following. He asked those who have worked at the coalface +worked to ensure that this book gained community following. He asked those who have worked at the coal-face of large and small organizations alike, to contribute their experiences. He has captured that in this book and has succeeded yet again. His recipe is persistence, intuition, and a high level of respect for the people who use Samba. @@ -77,7 +77,7 @@ who use Samba. This book is the first source you should turn to before you deploy Samba and as you are mastering its deployment. I am proud and excited to be associated in a small way with such a useful tool. This book has reached maturity that is demonstrated by reiteration that every step in deployment must be validated. -This book makes it easy to succeed, and difficult to fail, to gain a stable network environment. +This book makes it easy to succeed, and difficulty to fail to gain a stable network environment. </para> <para> diff --git a/docs/Samba3-ByExample/SBE-inside-cover.xml b/docs/Samba3-ByExample/SBE-inside-cover.xml index 492a581cf5..b55a333f9e 100644 --- a/docs/Samba3-ByExample/SBE-inside-cover.xml +++ b/docs/Samba3-ByExample/SBE-inside-cover.xml @@ -4,41 +4,32 @@ <title>About the Cover Artwork</title> <para> - The cover artwork of this book continues the freedom theme of the first - edition of <quote>Samba-3 by Example</quote>. The history of civilization - demonstrates the fragile nature of freedom. It can be lost in a moment, - and once lost, the cost of recovering liberty can be incredible. The last - edition cover featured Alfred the Great who liberated England from the - constant assault of Vikings and Norsemen. Events in England that - that finally liberated the common people came about in small steps, but - the result should not be under-estimated. Today, as always, freedom and - liberty are seldom appreciated until they are lost. If we can not quantify - what is the value of freedom, we shall be little motivated to protect it. + The cover artwork of this book continues a theme chosen for the book, + <emphasis>The Official Samba-3 HOWTO and Reference Guide,</emphasis> + the cover of which features a Confederate scene. Samba has had a major + impact on the network deployment of Microsoft Windows desktop systems. + The cover artwork of the two official Samba books tells of events that + likewise had a major impact on the future. </para> <para> - <emphasis>Samba-3 by Example Cover Artwork:</emphasis> The British houses - of parliament are a symbol of the Westminster system of government. This form - of government permits the people to govern themselves at the lowest level, yet - it provides for courts of appeal that are designed to protect freedom and to - hold back all forces of tyranny. The clock is a pertinent symbol of the - importance of time and place. + <emphasis>Samba-3 by Example Cover Artwork:</emphasis> King Alfred the Great + (born 849, ruled 871-899) was one of the most amazing kings ever to + rule England. He defended Anglo-Saxon England from Viking raids, formulated + a code of laws, and fostered a rebirth of religious and scholarly activity. + His reign exhibits military skill and innovation, sound governance and the + ability to inspire men to plan for the future. Alfred liberated England + at a time when all resistence seemed futile. </para> <para> - The information technology industry is being challenged by the imposition of - new laws, hostile litigation, and the imposition of significant constraint - of practice that threatens to remove the freedom to develop and deploy open - source software solutions. Samba is a software solution that epitomizes freedom - of choice in network interoperability for Microsoft Windows clients. - </para> - - <para> - I hope you will take the time needed to deploy it well, and that you may realize - the greatest benefits may be obtained. You are free to use it in ways never - considered, but in doing so there may be some obstacles. Every obstacle that is - overcome adds to the freedom you can enjoy. Use Samba well, and it will serve - you well. + Samba is a network interoperability solution that provides real choice for network + administrators. It is an adjunct to Microsoft Windows networks that provides + interoperability of UNIX systems with Microsoft Windows desktop and server systems. + You may use Samba to realize the freedom it provides for your network environment + thanks to a dedicated team who work behind the scenes to give you a better choice. + The efforts of these few dedicated developers continues to shape the future of + the Windows interoperability landscape. Enjoy! </para> </preface> |