diff options
| author | John Terpstra <jht@samba.org> | 2005-07-08 06:30:54 +0000 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:03 -0500 |
| commit | 67f04891277c7a7d40e15ee7e942a514ffa71719 (patch) | |
| tree | a558873ab2ebed3b3736a6c41deb1fd24bfb8011 | |
| parent | e6e86156cbc4e953b93541edf48144fd75a9590d (diff) | |
| download | samba-67f04891277c7a7d40e15ee7e942a514ffa71719.tar.gz samba-67f04891277c7a7d40e15ee7e942a514ffa71719.tar.bz2 samba-67f04891277c7a7d40e15ee7e942a514ffa71719.zip | |
Last PHPTR edits.
(This used to be commit 67668e23766dec799f95a64a94f553ad31db50e6)
26 files changed, 203 insertions, 202 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml index a4d32705e3..34ab448d37 100644 --- a/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml +++ b/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml @@ -234,7 +234,7 @@ at how Samba helps to bridge the differences. <para> So what should Samba do if all three are present? That which is lexically first will be accessible to MS Windows users; the others are invisible and unaccessible &smbmdash; any - other solution would be suicidal. The Windows client will ask for a case insensitive file + other solution would be suicidal. The Windows client will ask for a case-insensitive file lookup, and that is the reason for which Samba must offer a consistent selection in the event that the UNIX directory contains multiple files that would match a case insensitive file listing. @@ -508,7 +508,7 @@ CAP_LINUX_IMMUTABLE capability can set or clear this attribute. </para> <procedure> - <title>Test for file Immutibility Support</title> + <title>Test for File Immutibility Support</title> <step><para> Create a file called <filename>filename</filename>. @@ -763,7 +763,7 @@ mystic:/home/hannibal > rm filename <para> The parameter documented in <link linkend="mcoc">Other Controls</link> are often used by administrators - in ways that creat inadvertent barriers to file access. Such are the consequences of not understanding the + in ways that create inadvertent barriers to file access. Such are the consequences of not understanding the full implications of &smb.conf; file settings. </para> @@ -1558,7 +1558,7 @@ are examples recently taken from the mailing list. and there's a public share on which everyone needs to have permission to create/modify files, but only root can change the file, no one else can. We need to constantly go to the server to <userinput>chgrp -R users *</userinput> and <userinput>chown -R nobody *</userinput> to allow - others users to change the file. + other users to change the file. </quote> </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-CUPS-printing.xml b/docs/Samba3-HOWTO/TOSHARG-CUPS-printing.xml index bd3e7177cf..081fd597ba 100644 --- a/docs/Samba3-HOWTO/TOSHARG-CUPS-printing.xml +++ b/docs/Samba3-HOWTO/TOSHARG-CUPS-printing.xml @@ -40,7 +40,7 @@ system. To many, it is still a mystical tool. Mostly, it just works. People tend to regard it as a <quote>black box</quote> that they do not want to look into as long as it works. But once there is a little problem, they have trouble finding out where to start debugging it. Refer to - <link linkend="classicalprinting">Classical Printing</link>, which contains a much information + <link linkend="classicalprinting">Classical Printing</link>, which contains much information that is also relevant to CUPS. </para> @@ -80,7 +80,7 @@ <indexterm><primary>smart printers</primary></indexterm> CUPS allows creation of <emphasis>raw</emphasis> printers (i.e., no print file format translation) as well as <emphasis>smart</emphasis> printers (i.e., CUPS does file format conversion as required for the - printer). In many ways this gives CUPS capabilities similar to the MS Windows print monitoring system. Of + printer). In many ways, this gives CUPS capabilities similar to the MS Windows print monitoring system. Of course, if you are a CUPS advocate, you would argue that CUPS is better! In any case, let us now explore how to configure CUPS for interfacing with MS Windows print clients via Samba. </para> @@ -151,7 +151,7 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) <tip><para> Should it be necessary, for any reason, to set your own print commands, you can do this by setting <smbconfoption name="printing">sysv</smbconfoption>. However, you will lose all the benefits - of tight CUPS-Samba integration. When you do this you must manually configure the printing system commands + of tight CUPS-Samba integration. When you do this, you must manually configure the printing system commands (most important: <smbconfoption name="print command"/>; other commands are <smbconfoption name="lppause command"/>, @@ -169,7 +169,7 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) <para> To summarize, <link linkend="cups-exam-simple">the Simplest Printing-Related - &smb.conf; file</link> shows simplest printing-related setup for &smb.conf; to + &smb.conf; file</link> shows the simplest printing-related setup for &smb.conf; to enable basic CUPS support: </para> @@ -205,7 +205,7 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) to the spooler. They nearly exclusively print from GUI applications with a <quote>printer driver</quote> hooked between the application's native format and the print data stream. If the backend printer is not a PostScript device, the print data stream is <quote>binary,</quote> sensible only for the target printer. Read - on to learn which problem this may cause and how to avoid it. + on to learn what problem this may cause and how to avoid it. </para> </sect2> @@ -458,9 +458,9 @@ application/octet-stream application/vnd.cups-raw 0 - send deliberate (possibly binary) data to printing devices. This could be easily abused to launch a <quote>Denial of Service</quote> attack on your printer(s), causing at least the loss of a lot of paper and ink. <quote>Unknown</quote> data are tagged by CUPS as <parameter>MIME type: application/octet-stream</parameter> - and not allowed to go to the printer. By default, you can only send other (known) MIME types <quote>raw</quote>. + and not allowed to go to the printer. By default, you can only send other (known) MIME types <quote>raw.</quote> Sending data <quote>raw</quote> means that CUPS does not try to convert them and passes them to the printer - untouched (see <link linkend="CUPS-printing">the CUPS Printing Chapter</link> for more background explanations). + untouched. </para> </formalpara> @@ -488,7 +488,7 @@ application/octet-stream application/vnd.cups-raw 0 - drivers onto the Samba server first (<smbconfsection name="[print$]"/> share). For a discussion on how to deposit printer drivers on the Samba host (so the Windows clients can download and use them via - <quote>Point'n'Print</quote>), please refer to the <link linkend="classicalprinting">Classic Printing + <quote>Point'n'Print</quote>), please refer to the <link linkend="classicalprinting">Classical Printing chapter</link> of this book. There you will find a description or reference to three methods of preparing the client drivers on the Samba server: </para> @@ -511,8 +511,8 @@ application/octet-stream application/vnd.cups-raw 0 - <para> <indexterm><primary>cupsaddsmb</primary></indexterm> - These three methods apply to CUPS all the same. The <command>cupsaddsmb</command> utility is new and more - convenient way to load the Windows drivers into Samba is provided if you use CUPS. + These three methods apply to CUPS all the same. The <command>cupsaddsmb</command> utility is a new and more + convenient way to load the Windows drivers into Samba and is provided if you use CUPS. </para> <para> @@ -698,9 +698,9 @@ application/octet-stream application/vnd.cups-raw 0 - <indexterm><primary>PostScript</primary><secondary>RIP</secondary></indexterm> <indexterm><primary>PostScript interpreter</primary></indexterm> <indexterm><primary>raster image processor</primary><see>RIP</see></indexterm> - So, UNIX is lacking a common ground for printing on paper and displaying on screen. Despite this unfavorable + So UNIX is lacking a common ground for printing on paper and displaying on screen. Despite this unfavorable legacy for UNIX, basic printing is fairly easy if you have PostScript printers at your disposal. The reason is - these devices have a built-in PostScript language <quote>interpreter,</quote> also called a raster image + that these devices have a built-in PostScript language <quote>interpreter,</quote> also called a raster image processor (RIP), (which makes them more expensive than other types of printers; throw PostScript toward them, and they will spit out your printed pages. The RIP does all the hard work of converting the PostScript drawing commands into a bitmap picture as you see it on paper, in a resolution as done by your printer. This is no @@ -1263,7 +1263,7 @@ text/plain application/postscript 33 texttops and its specification is, of course, completely open. It is designed to make it quite easy and inexpensive for manufacturers to develop Linux and UNIX raster drivers for their printer models should they choose to do so. CUPS always takes care of the first stage of rasterization so these vendors do not need to care about - Ghostscript complications (in fact, there is currently more than one vendor financing the development of CUPS + Ghostscript complications (in fact, there are currently more than one vendor financing the development of CUPS raster drivers). This is illustrated in <link linkend="cups-raster2">the CUPS-Raster Production Using Ghostscript illustration</link>. </para> @@ -1280,12 +1280,12 @@ text/plain application/postscript 33 texttops <indexterm><primary>standalone filter</primary></indexterm> CUPS versions before version 1.1.15 shipped a binary (or source code) standalone filter, named <parameter>pstoraster</parameter>. <parameter>pstoraster</parameter>, which was derived from GNU Ghostscript - 5.50 and could be installed besides and in addition to any GNU or AFPL Ghostscript package without + 5.50 and could be installed instead of and in addition to any GNU or AFPL Ghostscript package without conflicting. </para> <para> - From version 1.1.15, this feature has changed. The functions for this filter have been integrated back + Since version 1.1.15, this feature has changed. The functions for this filter have been integrated back into Ghostscript (now based on GNU Ghostscript version 7.05). The <parameter>pstoraster</parameter> filter is now a simple shell script calling <command>gs</command> with the <command>-sDEVICE=cups</command> parameter. If your Ghostscript fails when this command is executed: <command>gs -h |grep cups</command>, you might not @@ -1329,7 +1329,7 @@ text/plain application/postscript 33 texttops <indexterm><primary>rastertoprinter</primary></indexterm> <indexterm><primary>rastertoprinter</primary></indexterm> <indexterm><primary>Gimp-Print</primary></indexterm> - CUPS ships with quite a variety of raster drivers for processing CUPS raster. On my system I find in + CUPS ships with quite a variety of raster drivers for processing CUPS raster. On my system, I find in /usr/lib/cups/filter/ the following: <parameter>rastertoalps</parameter>, <parameter>rastertobj</parameter>, <parameter>rastertoepson</parameter>, <parameter>rastertoescp</parameter>, <parameter>rastertopcl</parameter>, <parameter>rastertoturboprint</parameter>, <parameter>rastertoapdk</parameter>, @@ -1693,7 +1693,7 @@ application/octet-stream application/vnd.cups-raw 0 - of a lot of paper and ink.) <quote>Unknown</quote> data are regarded by CUPS as <emphasis>MIME type</emphasis> <emphasis>application/octet-stream</emphasis>. While you <emphasis>can</emphasis> send data <quote>raw</quote>, the MIME type for these must - be one that is known to CUPS and an allowed one. The file + be one that is known to CUPS and allowed by it. The file <filename>/etc/cups/mime.types</filename> defines the <quote>rules</quote> of how CUPS recognizes MIME types. The file <filename>/etc/cups/mime.convs</filename> decides which file conversion filter(s) may be applied to which MIME types. @@ -1924,7 +1924,7 @@ application/octet-stream application/vnd.cups-raw 0 - <indexterm><primary>USB</primary></indexterm> <indexterm><primary>Epson Stylus</primary></indexterm> <indexterm><primary>stphoto2.ppd</primary></indexterm> - Assume you want to print the same filter to an USB-connected Epson Stylus Photo printer installed with the CUPS + Assume you want to print the same filter to an USB-connected Epson Stylus Photo Printer installed with the CUPS <filename>stphoto2.ppd</filename>. The first few filtering stages are nearly the same: </para> @@ -1979,7 +1979,7 @@ application/octet-stream application/vnd.cups-raw 0 - <para> The resulting filter chain therefore is as shown in <link linkend="pdftoepsonusb">the PDF to USB Chain - illutration</link>. + illustration</link>. </para> <figure id="pdftoepsonusb"> @@ -2118,11 +2118,11 @@ Print Driver Execution on the Client</link>, and <title>Driver Execution on the Client</title> <para> -In the first case the print server must spool the file as raw, meaning it shouldn't touch the job file and try +In the first case, the print server must spool the file as raw, meaning it shouldn't touch the job file and try to convert it in any way. This is what a traditional UNIX-based print server can do too, and at a better performance and more reliably than an NT print server. This is what most Samba administrators probably are familiar with. One advantage of this setup is that this <quote>spooling-only</quote> print server may be used -even if no driver(s) for UNIX are available. It is sufficient to have the Windows client drivers available and +even if no driver(s) for UNIX is available. It is sufficient to have the Windows client drivers available and installed on the clients. This is illustrated in <link linkend="small11">the Print Driver Execution on the Client diagram</link>. </para> @@ -2346,16 +2346,16 @@ Problems</title> <para> Windows NT printer drivers, which run in <quote>kernel mode</quote>, introduce a high risk for the stability -of the system if the driver is not really stable and well tested. And there are a lot of bad drivers out +of the system if the driver is not really stable and well-tested. And there are a lot of bad drivers out there! Especially notorious is the example of the PCL printer driver that had an additional sound module running to notify users via soundcard of their finished jobs. Do I need to say that this one was also reliably causing <quote>blue screens of death</quote> on a regular basis? </para> <para> -PostScript drivers are generally well tested. They are not known to cause any problems, even though they also +PostScript drivers are generally well-tested. They are not known to cause any problems, even though they also run in kernel mode. This might be because until now there have been only two different PostScript drivers: the -one from Adobe and the one from Microsoft. Both are well tested and are as stable as you can imagine on +one from Adobe and the one from Microsoft. Both are well-tested and are as stable as you can imagine on Windows. The CUPS driver is derived from the Microsoft one. </para> </sect2> @@ -2610,7 +2610,7 @@ different platforms. <note><para> <indexterm><primary>Adobe driver files</primary></indexterm> -If both the Adobe driver files and the CUPS driver files for the support of Windows NT/200x/XP are present +If both the Adobe driver files and the CUPS driver files for the support of Windows NT/200x/XP are presently installed on the server, the Adobe files will be ignored and the CUPS files will be used. If you prefer &smbmdash; for whatever reason &smbmdash; to use Adobe-only drivers, move away the three CUPS driver files. The Windows 9x/Me clients use the Adobe drivers in any case. @@ -2636,7 +2636,7 @@ name="[print$]"/> share holds the Adobe files, which you can get with smbclient <para> <indexterm><primary>ESP</primary><secondary>Print Pro</secondary></indexterm> Users of the ESP Print Pro software are able to install the ESP print drivers package as an alternative to the -Adobe postscript drivers. To do so, retrieve the driver files from the normal download area of the ESP Print +Adobe PostScript drivers. To do so, retrieve the driver files from the normal download area of the ESP Print Pro software at <ulink noescape="1" url="http://www.easysw.com/software.html">Easy Software</ulink> web site. You need to locate the link labeled <quote>SAMBA</quote> among the <guilabel>Download Printer Drivers for ESP Print Pro 4.x</guilabel> area and download the package. Once installed, you can prepare any driver by simply @@ -2721,7 +2721,7 @@ subcommand. <title>Windows CUPS PostScript Driver Versus Adobe Driver</title> <para> -Are you interested in a comparison between the CUPS and the Adobe PostScript drivers? For our purposes these +Are you interested in a comparison between the CUPS and the Adobe PostScript drivers? For our purposes, these are the most important items that weigh in favor of CUPS: </para> @@ -2773,7 +2773,7 @@ are the most important items that weigh in favor of CUPS: <listitem><para>The CUPS PostScript driver supports the inclusion of the new <parameter>*cupsJobTicket</parameter> comments at the beginning of the PostScript file (which could be used in the future - for all sort of beneficial extensions on the CUPS side, but which will + for all sorts of beneficial extensions on the CUPS side, but which will not disturb any other applications because they will regard it as a comment and simply ignore it).</para></listitem> @@ -2984,13 +2984,13 @@ SetPrinter call failed! result was WERR_ACCESS_DENIED </screen> it means that you might have set <smbconfoption name="use client driver">yes</smbconfoption> for this printer. -Setting it to <quote>no</quote> will solve the problem. Refer to the &smb.conf; man page for explanantion of +Setting it to <quote>no</quote> will solve the problem. Refer to the &smb.conf; man page for explanation of the <parameter>use client driver</parameter>. </para> <note><para> It is impossible to see any diagnostic output if you do not run <command>cupsaddsmb</command> in verbose mode. -Therefore, we strongly recommend to not use the default quiet mode. It will hide any problems from you that +Therefore, we strongly recommend against use of the default quiet mode. It will hide any problems from you that might occur. </para></note> </sect2> diff --git a/docs/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs/Samba3-HOWTO/TOSHARG-Compiling.xml index f70e844fa4..d9f5328017 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Compiling.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Compiling.xml @@ -533,13 +533,13 @@ netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd <screen> /bin/ls: /usr/sbin/winbind: No such file or directory </screen> - In this case it should be installed if you intend to use <command>winbindd</command>. Search + In this case, it should be installed if you intend to use <command>winbindd</command>. Search the CDROM installation media for the samba-winbind RPM and install it following Red Hat guidelines. </para> <para> - The process for starting Samba will now be outlined. Be sure to configure Sambas' &smb.conf; + The process for starting Samba will now be outlined. Be sure to configure Samba's &smb.conf; file before starting Samba. When configured, start Samba by executing: <screen> &rootprompt; service smb start diff --git a/docs/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs/Samba3-HOWTO/TOSHARG-DomainMember.xml index a82b5c269f..699cf9b5f0 100644 --- a/docs/Samba3-HOWTO/TOSHARG-DomainMember.xml +++ b/docs/Samba3-HOWTO/TOSHARG-DomainMember.xml @@ -234,7 +234,7 @@ There are three ways to create Machine Trust Accounts: <indexterm><primary>enforcing</primary></indexterm> <indexterm><primary>machine trust account</primary><secondary>creation</secondary></indexterm> Neither MS Windows NT4/200x/XP Professional, nor Samba, provide any method for enforcing the method of machine -trust account creation. This is a matter for the administrator's choice. +trust account creation. This is a matter of the administrator's choice. </para> <sect2> @@ -642,7 +642,7 @@ of your &smb.conf; to read: <smbconfblock> <smbconfoption name="security">domain</smbconfoption> </smbconfblock> -Note that if the parameter <parameter>security = user</parameter> is used this machine would function as a +Note that if the parameter <parameter>security = user</parameter> is used, this machine would function as a standalone server and not as a domain member server. Domain security mode causes Samba to work within the domain security context. </para> @@ -687,7 +687,7 @@ among Domain Controllers. <indexterm><primary>mechanism</primary></indexterm> <indexterm><primary>broadcast-based name resolution</primary></indexterm> <indexterm><primary>DNS name resolution</primary></indexterm> -Alternately, if you want smbd to determine automatically the list of domain controllers to use for +Alternatively, if you want smbd to determine automatically the list of domain controllers to use for authentication, you may set this line to be: <smbconfblock> <smbconfoption name="password server">*</smbconfoption> @@ -737,7 +737,7 @@ Where the older NT4-style domain architecture is used: <indexterm><primary>net</primary><secondary>ads</secondary><tertiary>join</tertiary></indexterm> <indexterm><primary>ADS</primary></indexterm> <indexterm><primary>join the ADS domain</primary></indexterm> -Where Active Directory is used the command used to join the ADS domain is: +Where Active Directory is used, the command used to join the ADS domain is: <screen> &rootprompt; net ads join -U<replaceable>Administrator%password</replaceable> </screen> @@ -801,7 +801,7 @@ but in most cases the following will suffice: <indexterm><primary>UNIX users</primary></indexterm> <indexterm><primary>authentication</primary></indexterm> Currently, domain security in Samba does not free you from having to create local UNIX users to represent the -users attaching to your server. This means that if domain user <constant>DOM\fred </constant> attaches to your +users attaching to your server. This means that if domain user <constant>DOM\fred</constant> attaches to your domain security Samba server, there needs to be a local UNIX user fred to represent that user in the UNIX file system. This is similar to the older Samba security mode <smbconfoption name="security">server</smbconfoption>, where Samba would pass through the authentication request to a Windows @@ -901,7 +901,7 @@ In case samba cannot correctly identify the appropriate ADS server using the rea </smbconfblock> The most common reason for which Samba may not be able to locate the ADS domain controller is a consequence of sites maintaining some DNS servers on UNIX systems without regard for the DNS requirements of the ADS -infrastructure. There is no harm in specifying a preferred ADS DC using the <parameter>password +infrastructure. There is no harm in specifying a preferred ADS domain controller using the <parameter>password server</parameter>. </para> @@ -949,7 +949,7 @@ active directory infrastructure. <indexterm><primary>Windows 2000</primary></indexterm> UNIX systems can use kinit and the DES-CBC-MD5 or DES-CBC-CRC encryption types to authenticate to the Windows 2000 KDC. For further information regarding Windows 2000 ADS kerberos interoperability please refer to the -Microsoft Windows 2000 kerberos <ulink +Microsoft Windows 2000 Kerberos <ulink url="http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp">Interoperability</ulink> guide. Another very useful document that may be referred to for general information regarding Kerberos interoperability is <ulink url="http://www.ietf.org/rfc/rfc1510.txt?number=1510">RFC1510</ulink>. This RFC @@ -1407,7 +1407,7 @@ account to which the Samba backend database account can be mapped. Set <smbconfoption name="client use spnego">yes</smbconfoption> when communicating with a Windows 2003 server. This will not interfere with other Windows clients that do not support the more advanced security features of Windows 2003 because the client will simply - negotiate a protocol tha both it and the server suppport. This is a well-know fall-back facility + negotiate a protocol tha both it and the server suppport. This is a well-known fall-back facility that is built into the SMB/CIFS protocols. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-FastStart.xml b/docs/Samba3-HOWTO/TOSHARG-FastStart.xml index 19f9e85bc6..8c008eb89c 100644 --- a/docs/Samba3-HOWTO/TOSHARG-FastStart.xml +++ b/docs/Samba3-HOWTO/TOSHARG-FastStart.xml @@ -197,7 +197,7 @@ of the packages that are provided by the operating system vendor or through othe <screen> &rootprompt;<userinput>testparm</userinput> </screen> - Alternately, where you are operating from a master configuration file called + Alternatively, where you are operating from a master configuration file called <filename>smb.conf.master</filename>, the following sequence of commands might prove more appropriate: <screen> @@ -232,8 +232,8 @@ Press enter to see a dump of your service definitions <step><para> Start Samba using the method applicable to your operating system platform. The method that - should be used is platform dependant. Refer to <link linkend="startingSamba">Starting Samba</link> - for further information regarding starting of Samba. + should be used is platform dependent. Refer to <link linkend="startingSamba">Starting Samba</link> + for further information regarding the starting of Samba. </para></step> <step><para> @@ -360,7 +360,7 @@ Added user jackb. The above configuration is not ideal. It uses no smart features, and it deliberately presents a less than elegant solution. But it is basic, and it does print. Samba makes use of the direct printing application program interface that is provided by CUPS. - When Samba has been compiled and linked with the CUPS libraries the default printing + When Samba has been compiled and linked with the CUPS libraries, the default printing system will be CUPS. By specifying that the printcap name is CUPS, Samba will use the CUPS library API to communicate directly with CUPS for all printer functions. It is possible to force the use of external printing commands by setting the value @@ -689,7 +689,7 @@ smb: \> <userinput>q</userinput> </para></step> <example id="fast-member-server"> -<title>Member server smb.conf (globals)</title> +<title>Member Server smb.conf (Globals)</title> <smbconfblock> <smbconfcomment>Global parameters</smbconfcomment> <smbconfsection name="[global]"/> @@ -707,7 +707,7 @@ smb: \> <userinput>q</userinput> </example> <example id="fast-memberserver-shares"> -<title>Member server smb.conf (shares and services)</title> +<title>Member Server smb.conf (Shares and Services)</title> <smbconfblock> <smbconfsection name="[homes]"/> <smbconfoption name="comment">Home Directories</smbconfoption> @@ -1091,7 +1091,7 @@ net groupmap add ntgroup="QA Team" unixgroup=qateam type=d Set up the LDAP server. This example is suitable for OpenLDAP 2.1.x. The <filename>/etc/openldap/slapd.conf</filename> file. <indexterm><primary>/etc/openldap/slapd.conf</primary></indexterm> -<title>Example slapd.conf file</title> +<title>Example slapd.conf File</title> <screen> # Note commented out lines have been removed include /etc/openldap/schema/core.schema diff --git a/docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml b/docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml index e97b4d7606..984a17e53e 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml @@ -215,7 +215,7 @@ <screen> &rootprompt;<userinput>net groupmap add rid=1000 ntgroup="Accounting" unixgroup=acct</userinput> </screen> - The <literal>ntgroup</literal> value must be quotes if it contains space characters to prevent + The <literal>ntgroup</literal> value must be in quotes if it contains space characters to prevent the space from being interpreted as a command delimiter. </para> @@ -462,8 +462,8 @@ <indexterm><primary>manage share-level ACL</primary></indexterm> <indexterm><primary>share-level ACLs</primary></indexterm> There is no safe way to provide access on a UNIX/Linux system without providing - <constant>root</constant>-level privilege. Provision of <constant>root</constant> privileges can be done - either by logging onto the Domain as the user <constant>root</constant> or by permitting particular users to + <constant>root</constant>-level privileges. Provision of <constant>root</constant> privileges can be done + either by logging on to the Domain as the user <constant>root</constant> or by permitting particular users to use a UNIX account that has a UID=0 in the <filename>/etc/passwd</filename> database. Users of such accounts can use tools like the NT4 Domain User Manager and the NT4 Domain Server Manager to manage user and group accounts as well as domain member server and client accounts. This level of privilege is also needed to manage diff --git a/docs/Samba3-HOWTO/TOSHARG-IDMAP.xml b/docs/Samba3-HOWTO/TOSHARG-IDMAP.xml index 82dda47f6b..a14c8b0b84 100644 --- a/docs/Samba3-HOWTO/TOSHARG-IDMAP.xml +++ b/docs/Samba3-HOWTO/TOSHARG-IDMAP.xml @@ -749,7 +749,7 @@ hosts: files wins </para> <para> - The following procedure can be uses the idmap_rid facility: + The following procedure can use the idmap_rid facility: </para> <procedure> diff --git a/docs/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml b/docs/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml index 89b24a98e2..a956be9f5a 100644 --- a/docs/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml +++ b/docs/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml @@ -56,7 +56,7 @@ These are specified respectively using: The range of values specified must not overlap values used by the host operating system and must not overlap values used in the passdb backend for POSIX user accounts. The maximum value is limited by the upper-most value permitted by the host operating system. This is a UNIX kernel -limited parameter. Linux kernel 2.6 based systems support a maximum value of 4294967295 +limited parameter. Linux kernel 2.6-based systems support a maximum value of 4294967295 (32-bit unsigned variable). </para> @@ -85,7 +85,7 @@ trust relationships. This imparts to Samba scalability similar to that with MS W <indexterm><primary>interdomain trusts</primary></indexterm> <indexterm><primary>ADS</primary></indexterm> Given that Samba-3 can function with a scalable backend authentication database such as LDAP, and given its -ability to run in primary as well as backup domain control modes, the administrator would be well advised to +ability to run in primary as well as backup domain control modes, the administrator would be well-advised to consider alternatives to the use of interdomain trusts simply because, by the very nature of how trusts function, this system is fragile. That was, after all, a key reason for the development and adoption of Microsoft Active Directory. @@ -410,7 +410,7 @@ Open <application>User Manager for Domains</application> and from the <guimenu>P click the <guimenu>Add...</guimenu> button. You will be prompted for the trusted domain name and the relationship password. Type in SAMBA, as this is the name of the remote domain and the password used at the time of account creation. Click on <guibutton>OK</guibutton> and, if everything went without incident, you -will see the <computeroutput> Trusted domain relationship successfully established </computeroutput> message. +will see the <computeroutput>Trusted domain relationship successfully established</computeroutput> message. </para> </sect2> @@ -508,7 +508,7 @@ our Samba domain and choose <guimenuitem>Properties</guimenuitem>, then click on <guilabel>Domains trusted by this domain:</guilabel> and an <guilabel>Add...</guilabel> button next to it. Press this button and, just as with NT4, you will be prompted for the trusted domain name and the relationship password. Press <emphasis>OK</emphasis> and after a moment, Active Directory will respond with -<computeroutput> The trusted domain has been added and the trust has been verified.</computeroutput> Your +<computeroutput>The trusted domain has been added and the trust has been verified.</computeroutput> Your Samba users can now be granted access to resources in the AD domain. </para> </sect1> diff --git a/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml b/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml index 315abdc16b..bf5a0899f1 100644 --- a/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml +++ b/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml @@ -464,11 +464,11 @@ being contemplated. <colspec align="justify" colwidth="1*"/> <colspec align="justify" colwidth="1*"/> <thead> - <row><entry>Simple Install</entry><entry>Upgrad Decisions</entry><entry>Redesign Decisions</entry></row> + <row><entry>Simple Install</entry><entry>Upgrade Decisions</entry><entry>Redesign Decisions</entry></row> </thead> <tbody> <row> - <entry><para>Make use of minimal OS specific features</para></entry> + <entry><para>Make use of minimal OS-specific features</para></entry> <entry><para>Translate NT4 features to new host OS features</para></entry> <entry><para>Improve on NT4 functionality, enhance management capabilities</para></entry> </row> @@ -597,7 +597,7 @@ being contemplated. </itemizedlist></listitem> </varlistentry> - <varlistentry><term>OS Specific Scripts/Programs May be Needed</term><listitem> + <varlistentry><term>OS-Specific Scripts/Programs May be Needed</term><listitem> <para> Every operating system has its peculiarities. These are the result of engineering decisions that were based on the experience of the designer and may have side effects that were not diff --git a/docs/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml b/docs/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml index 3c8321723c..17a91acfef 100644 --- a/docs/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml +++ b/docs/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml @@ -308,8 +308,8 @@ configured to use DNS to resolve names on other subnets in order to resolve the they can see on other subnets. This setup is not recommended but is mentioned as a practical consideration (i.e., an <quote>if all else fails</quote> scenario). NetBIOS over TCP/IP is an ugly and difficult to manage protocol. Its replacement, NetBIOSless SMB over TCP/IP is not without its own manageability concerns. NetBIOS -based networking is a life of compromise and trade-offs. WINS stores information that can not be stored in -DNS; consequently, DNS is a poor substitute for WINS given that when NetBIOS over TCP/IP is used Windows +based networking is a life of compromise and trade-offs. WINS stores information that cannot be stored in +DNS; consequently, DNS is a poor substitute for WINS given that when NetBIOS over TCP/IP is used, Windows clients are designed to use WINS. </para> @@ -360,11 +360,11 @@ When an MS Windows 200x/XP system attempts to resolve a host name to an IP addre <indexterm><primary>name lookups</primary></indexterm> <indexterm><primary>DNS</primary></indexterm> Given the nature of how the NetBIOS over TCP/IP protocol is implemented, only WINS is capable of resolving -with any reliability name lookups for service oriented names such as TEMPTATION<1C> &smbmdash; a NetBIOS -name query that seeks to find network logon servers. DNS has not concept of service oriented names such as -this. In fact, the Microsoft ADS implementation specifically manages a whole range of extended service -oriented DNS entries. This type of facility is not implemented and is not supported for the NetBIOS over -TCP/IP protocol name space. +with any reliability name lookups for service-oriented names such as TEMPTATION<1C> &smbmdash; a NetBIOS +name query that seeks to find network logon servers. DNS has no concept of service-oriented names such as +this. In fact, the Microsoft ADS implementation specifically manages a whole range of extended +service-oriented DNS entries. This type of facility is not implemented and is not supported for the NetBIOS +over TCP/IP protocol namespace. </para> </sect2> @@ -412,7 +412,7 @@ Use of raw SMB over TCP/IP (No NetBIOS layer) can be done only with Active Direc Active Directory domain controller: ergo, it is not possible to run Samba as a domain controller and at the same time <emphasis>not</emphasis> use NetBIOS. Where Samba is used as an Active Directory domain member server (DMS) it is possible to configure Samba to not use NetBIOS over TCP/IP. A Samba DMS can integrate fully into -an Active Directory domain, however, if NetBIOS over TCP/IP is disabled it is necessary manually to create +an Active Directory domain, however, if NetBIOS over TCP/IP is disabled, it is necessary to manually create appropriate DNS entries for the Samba DMS because they will not be automatically generated either by Samba, or by the ADS environment. </para> @@ -442,7 +442,7 @@ Active Directory requires: <indexterm><primary>BIND9</primary></indexterm> The use of DDNS is highly recommended with Active Directory, in which case the use of BIND9 is preferred for its ability to adequately support the SRV (service) records that are needed for Active Directory. Of course, -when running ADS it makes sense to use Microsoft's own DDNS server because of the natural affinity between ADS +when running ADS, it makes sense to use Microsoft's own DDNS server because of the natural affinity between ADS and MS DNS. </para> @@ -678,7 +678,7 @@ criteria, will win the election as DMB. <indexterm><primary>browse list maintainers</primary></indexterm> <indexterm><primary>LMB</primary></indexterm> Where a WINS server is used, the DMB registers its IP address with the WINS server using the name of the -domain and the NetBIOS name type 1B. e.g., DOMAIN<1B>. All LMBs register their IP address with the WINS +domain and the NetBIOS name type 1B (e.g., DOMAIN<1B>). All LMBs register their IP addresses with the WINS server, also with the name of the domain and the NetBIOS name type of 1D. The 1B name is unique to one server within the domain security context, and only one 1D name is registered for each network segment. Machines that have registered the 1D name will be authoritive browse list maintainers for the network segment @@ -1036,9 +1036,9 @@ If, however, both Samba and your clients are using a WINS server, then: <listitem> <para> - When a client receives a domain-wide browse list and a user attempts to access a host in that list, it will contact the WINS server to - resolve the NetBIOS name of that host. As long as that host has registered its NetBIOS name with the same WINS server, the user will - be able to see that host. + When a client receives a domain-wide browse list and a user attempts to access a host in that list, it will + contact the WINS server to resolve the NetBIOS name of that host. As long as that host has registered its + NetBIOS name with the same WINS server, the user will be able to see that host.. </para> </listitem> </orderedlist> @@ -1062,9 +1062,10 @@ does not seem to support a zeros broadcast, and you will probably find that brow <indexterm><primary>multiple network interfaces</primary></indexterm> Samba supports machines with multiple network interfaces. If you have multiple interfaces, you will need to use the <smbconfoption name="interfaces"/> option in &smb.conf; to configure them. For example, the -machine you are working with has 4 network interfaces; <literal>eth0, eth1, eth2, eth3</literal> and only -interfaces <literal>eth1</literal> and <literal>eth4</literal> should be used by Samba. In this case the -following &smb.conf; file entries would permit that intent: +machine you are working with has 4 network interfaces; <literal>eth0</literal>, <literal>eth1</literal>, +<literal>eth2</literal>, <literal>eth3</literal> and only interfaces <literal>eth1</literal> and +<literal>eth4</literal> should be used by Samba. In this case, the following &smb.conf; file entries would +permit that intent: <smbconfblock> <smbconfoption name="interfaces">eth1, eth4</smbconfoption> <smbconfoption name="bind interfaces only">Yes</smbconfoption> @@ -1079,7 +1080,7 @@ following &smb.conf; file entries would permit that intent: The <smbconfoption name="bind interfaces only">Yes</smbconfoption> is necessary to exclude TCP/IP session services (ports 135, 139, and 445) over the interfaces that are not specified. Please be aware that <command>nmbd</command> will listen for incoming UDP port 137 packets on the unlisted interfaces, but it will -not answer them. It will however send its broadcast packets over the unlisted interfaces. Total isolation of +not answer them. It will, however, send its broadcast packets over the unlisted interfaces. Total isolation of ethernet interface requires the use of a firewall to block ports 137 and 138 (UDP), and ports 135, 139, and 445 (TCP) on all network interfaces that must not be able to access the Samba server. </para> @@ -1285,9 +1286,9 @@ server on a network. To configure Windows NT/200x Server as a WINS server, install and configure the WINS service. See the Windows NT/200x documentation for details. Windows NT/200x WINS servers can replicate to each other, allowing more than one to be set up in a complex subnet environment. Because Microsoft refuses to document the replication -protocols, Samba cannot currently participate in these replications. It is possible in the future that a -Samba-to-Samba WINS replication protocol may be defined, in which case more than one Samba machine could be -set up as a WINS server. Currently only one Samba server should have the <smbconfoption name="wins +protocols, Samba cannot currently participate in these replications. It is possible that a Samba-to-Samba WINS +replication protocol may be defined in the future, in which case more than one Samba machine could be set up +as a WINS server. Currently only one Samba server should have the <smbconfoption name="wins support">yes</smbconfoption> parameter set. </para> @@ -1388,7 +1389,7 @@ To make a NetBIOS name static (permanent), simply set the TTL to 0, like this: <indexterm><primary>nameserv.h</primary></indexterm> The NetBIOS flags may be interpreted as additive hexadecimal values: 00 - Broadcast node registration, 20 - Peer node registration, 40 - Meta node registration, 60 - Hybrid node registration, 02 - Permanent name, 04 - -Active name, 80 - Group name. The 'R' indications this is a registration record. Thus 66R means: Hyrbid node +Active name, 80 - Group name. The 'R' indicates this is a registration record. Thus 66R means: Hybrid node active and permanent NetBIOS name. These values may be found in the <filename>nameserv.h</filename> header file from the Samba source code repository. These are the values for the NB flags. </para> @@ -1509,9 +1510,9 @@ The default is: <smbconfoption name="name resolve order">host lmhost wins bcast</smbconfoption>, </smbconfblock> <indexterm><primary>gethostbyname() function call</primary></indexterm> -where <quote>host</quote> refers to the native methods used by the UNIX system -to implement the gethostbyname() function call. This is normally -controlled by <filename>/etc/host.conf</filename>, <filename>/etc/nsswitch.conf</filename> and <filename>/etc/resolv.conf</filename>. +where <quote>host</quote> refers to the native methods used by the UNIX system to implement the +gethostbyname() function call. This is normally controlled by <filename>/etc/host.conf</filename>, +<filename>/etc/nsswitch.conf</filename> and <filename>/etc/resolv.conf</filename>. </para> </sect2> </sect1> @@ -1651,7 +1652,7 @@ The <literal>IPC$</literal> share is used by all SMB/CIFS clients to obtain the that is available on the server. This is the source of the list of shares and printers when browsing an SMB/CIFS server (also Windows machines) using the Windows Explorer to browse resources through the Windows Network Neighborhood (also called My Network Places) through to a Windows server. At -this point the client has opened a connection to the <literal>\\server\IPC4</literal> resource. +this point, the client has opened a connection to the <literal>\\server\IPC4</literal> resource. Clicking on a share will then open up a connection to the <literal>\\server\share</literal>. </para></note> @@ -1700,7 +1701,7 @@ done via a directed UDP packet on port 137 to the WINS server machine. The WINS default NetBIOS name-to-IP address translation, which is done using UDP broadcasts from the querying machine. This means that machines on one subnet will not be able to resolve the names of machines on another subnet without using a WINS server. The Samba hacks, <parameter>remote browse sync</parameter>, and <parameter>remote -announce</parameter> are designed to get around the natural limitations that provent UDP broadcast +announce</parameter> are designed to get around the natural limitations that prevent UDP broadcast propagation. The hacks are not a universal solution and they should not be used in place of WINS, they are considered last resort methods. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-PAM.xml b/docs/Samba3-HOWTO/TOSHARG-PAM.xml index dd9197d96a..072e88a5ba 100644 --- a/docs/Samba3-HOWTO/TOSHARG-PAM.xml +++ b/docs/Samba3-HOWTO/TOSHARG-PAM.xml @@ -790,9 +790,9 @@ Options recognized by this module are shown in <link linkend="smbpassoptions">ne <entry>Like try_first_pass, but *fail* if the new PAM_AUTHTOK has not been previously set (intended for stacking password modules only).</entry></row> <row><entry>not_set_pass</entry><entry>Do not make passwords used by this module available to other modules.</entry></row> <row><entry>nodelay</entry><entry>dDo not insert ~1-second delays on authentication failure.</entry></row> - <row><entry>nullok</entry><entry>nNull passwords are allowed.</entry></row> + <row><entry>nullok</entry><entry>Null passwords are allowed.</entry></row> <row><entry>nonull</entry><entry>Null passwords are not allowed. Used to override the Samba configuration.</entry></row> - <row><entry>migrate</entry><entry>oOnly meaningful in an <quote>auth</quote> context; used to update smbpasswd file with a password used for successful authentication.</entry></row> + <row><entry>migrate</entry><entry>Only meaningful in an <quote>auth</quote> context; used to update smbpasswd file with a password used for successful authentication.</entry></row> <row><entry>smbconf=<replaceable>file</replaceable></entry><entry>Specify an alternate path to the &smb.conf; file.</entry></row> </tbody> </tgroup> diff --git a/docs/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs/Samba3-HOWTO/TOSHARG-Passdb.xml index a7d6672f64..1b4916d92f 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Passdb.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Passdb.xml @@ -38,7 +38,7 @@ This chapter describes the new functionality and how to get the most out of it. <indexterm><primary>LDAP</primary></indexterm> <indexterm><primary>single repository</primary></indexterm> The three passdb backends that are fully maintained (actively supported) by the Samba Team are: -<literal>smbpasswd</literal> (being obsoleted), <literal>tdbsam</literal> (a tdb based binary file format), +<literal>smbpasswd</literal> (being obsoleted), <literal>tdbsam</literal> (a tdb-based binary file format), and <literal>ldapsam</literal> (LDAP directory). Of these, only the <literal>ldapsam</literal> backend stores both POSIX (UNIX) and Samba user and group account information in a single repository. The <literal>smbpasswd</literal> and <literal>tdbsam</literal> backends store only Samba user accounts. @@ -46,8 +46,8 @@ stores both POSIX (UNIX) and Samba user and group account information in a singl <para> In a strict sense, there are three supported account storage and access systems. One of these is considered -obsolete (smbpasswd). It is recommended to use <literal>tdbsam</literal> method for all simple systems. Use -the <literal>ldapsam</literal> for larger and more complex networks. +obsolete (smbpasswd). It is recommended to use the <literal>tdbsam</literal> method for all simple systems. Use +<literal>ldapsam</literal> for larger and more complex networks. </para> <para> @@ -304,7 +304,7 @@ Samba-3 introduces a number of new password backend capabilities. <para> <indexterm><primary>UNIX-style encrypted passwords</primary></indexterm> <indexterm><primary>converted</primary></indexterm> - Many people ask why Samba can not simply use the UNIX password database. Windows requires + Many people ask why Samba cannot simply use the UNIX password database. Windows requires passwords that are encrypted in its own format. The UNIX passwords can't be converted to UNIX-style encrypted passwords. Because of that, you can't use the standard UNIX user database, and you have to store the LanMan and NT hashes somewhere else. @@ -512,7 +512,7 @@ Samba-3 introduces a number of new password backend capabilities. <indexterm><primary>Telnet</primary></indexterm> <indexterm><primary>FTP</primary></indexterm> Use of other services (such as Telnet and FTP) that send plaintext passwords over - the network makes sending them for SMB is not such a big deal. + the network makes sending them for SMB not such a big deal. </para></listitem> </itemizedlist> </sect3> @@ -664,7 +664,7 @@ Samba-3 introduces a number of new password backend capabilities. <indexterm><primary>SSO</primary></indexterm> There is much excitement and interest in LDAP directories in the information technology world today. The LDAP architecture was designed to be highly scalable. It was also designed for - use across a huge number of potential areas of application encompasing a wide range of operating + use across a huge number of potential areas of application encompassing a wide range of operating systems and platforms. LDAP technologies are at the heart of the current generations of Federated Identity Management (FIM) solutions that can underlie a corporate Single Sign-On (SSO) environment. </para> @@ -715,7 +715,7 @@ Samba-3 introduces a number of new password backend capabilities. for Samba. Others are faced with the need to adapt an existing LDAP directory to new uses such as for the Samba SAM backend. Whatever your particular need and attraction to Samba may be, decisions made in respect of the design of the LDAP directory structure and its implementation - are of a durable nature for the site. These have far-reaching implications that affect long term + are of a durable nature for the site. These have far-reaching implications that affect long-term information systems management costs. </para> @@ -726,7 +726,7 @@ Samba-3 introduces a number of new password backend capabilities. Information Tree (DIT) may impact current and future site needs, as well as the ability to meet them. The way that Samba SAM information should be stored within the DIT varies from site to site and with each implementation new experience is gained. It is well understood by LDAP veterans that - first implementation create awakening, second implementations of LDAP create fear, and + first implementations create awakening, second implementations of LDAP create fear, and third-generation deployments bring peace and tranquility. </para> @@ -753,7 +753,7 @@ Samba-3 introduces a number of new password backend capabilities. <indexterm><primary>LDAP</primary></indexterm> The example deployment guidelines in this book, as well as other books and HOWTO documents available from the internet may not fit with established directory designs and implementations. - The existing DIT may not be able to accomodate the simple information layout proposed in common + The existing DIT may not be able to accommodate the simple information layout proposed in common sources. Additionally, you may find that the common scripts and tools that are used to provision the LDAP directory for use with Samba may not suit your needs. </para> @@ -761,9 +761,9 @@ Samba-3 introduces a number of new password backend capabilities. <para> <indexterm><primary>existing LDAP DIT</primary></indexterm> It is not uncommon, for sites that have existing LDAP DITs to find necessity to generate a - set of site specific scripts and utilities to make it possible to deploy Samba within the + set of site-specific scripts and utilities to make it possible to deploy Samba within the scope of site operations. The way that user and group accounts are distributed throughout - the DIT may make this a challenging matter. The solution will of course be rewarding, but + the DIT may make this a challenging matter. The solution will, of course, be rewarding, but the journey to it may be challenging. Take time to understand site needs and do not rush into deployment. </para> @@ -913,7 +913,7 @@ is being added to the <command>net</command> toolset (see <link linkend="NetComm <indexterm><primary>storage methods</primary></indexterm> The <command>smbpasswd</command> utility is similar to the <command>passwd</command> and <command>yppasswd</command> programs. It maintains the two 32 byte password - fields in the passdb backend. This utility operates independantly of the actual + fields in the passdb backend. This utility operates independently of the actual account and password storage methods used (as specified by the <parameter>passdb backend</parameter> in the &smb.conf; file. </para> @@ -1563,7 +1563,7 @@ backends of the same type. For example, to use two different <literal>tdbsam</li <smbconfoption name="passdb backend">tdbsam:/etc/samba/passdb.tdb tdbsam:/etc/samba/old-passdb.tdb</smbconfoption> </smbconfblock> -What is possible, is not always sensible. Be careful to avoid complexity to the point that it +What is possible is not always sensible. Be careful to avoid complexity to the point that it may be said that the solution is <quote>too clever by half!</quote> </para> @@ -1610,7 +1610,7 @@ may be said that the solution is <quote>too clever by half!</quote> there are approximately two lookups per domain logon (one during intial logon validation and one for a session connection setup, such as when mapping a network drive or printer), this is a performance bottleneck for large sites. What is needed is an indexed approach - such as used in databases. + such as that used in databases. </para></listitem> <listitem><para> @@ -1799,7 +1799,7 @@ may be said that the solution is <quote>too clever by half!</quote> </para> <para> - Samba is capable of working with any standards compliant LDAP server. + Samba is capable of working with any standards-compliant LDAP server. </para> </sect3> @@ -1809,7 +1809,7 @@ may be said that the solution is <quote>too clever by half!</quote> <para> - Samba-3.0 includes the necessary schema file for OpenLDAP 2.x in + Samba-3.0 includes the necessary schema file for OpenLDAP 2.x in the <filename>examples/LDAP/samba.schema</filename> directory of the source code distribution tarball. The schema entry for the sambaSamAccount ObjectClass is shown here: <programlisting> @@ -2313,7 +2313,7 @@ access to attrs=SambaLMPassword,SambaNTPassword expire completely on an exact date.</entry></row> <row><entry><constant>sambaPwdCanChange</constant></entry><entry>Specifies the time (UNIX time format) - after which the user is allowed to change his password. If attribute is not set, the user will be free + after which the user is allowed to change his password. If this attribute is not set, the user will be free to change his password whenever he wants.</entry></row> <row><entry><constant>sambaPwdMustChange</constant></entry><entry>Specifies the time (UNIX time format) when the user is @@ -2523,8 +2523,8 @@ sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7 <para> <indexterm><primary>SAM backend</primary><secondary>mysqlsam</secondary></indexterm> <indexterm><primary>SQL backend</primary></indexterm> - Every so often someone comes along with what seems to them like a great new idea. Storing user accounts - in a SQL backend is one of them. Those who want to do this are in the best position to know what the + Every so often someone comes along with what seems (to them) like a great new idea. Storing user accounts + in an SQL backend is one of them. Those who want to do this are in the best position to know what the specific benefits are to them. This may sound like a cop-out, but in truth we cannot document every little detail of why certain things of marginal utility to the bulk of Samba users might make sense to the rest. In any case, the following instructions should help the determined SQL user to implement a diff --git a/docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml b/docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml index a5d8824bb9..0e8b1ef229 100644 --- a/docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml +++ b/docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml @@ -201,7 +201,7 @@ here is incomplete &smbmdash; you are warned. <indexterm><primary>Zero Administration Kit</primary></indexterm> The Windows NT Policy Editor is also included with the Service Pack 3 (and later) for Windows NT 4.0. Extract the files using <command>servicepackname /x</command> - &smbmdash; that's <command>Nt4sp6ai.exe /x</command> for service pack 6a. The Policy Editor, + &smbmdash; that's <command>Nt4sp6ai.exe /x</command> for Service Pack 6a. The Policy Editor, <command>poledit.exe</command>, and the associated template files (*.adm) should be extracted as well. It is also possible to download the policy template files for Office97 and get a copy of the Policy Editor. Another possible @@ -353,17 +353,17 @@ here is incomplete &smbmdash; you are warned. <title>Custom System Policy Templates</title> <para> - Over the past year there has been a bit of talk regarding the creation of customized + Over the past year, there has been a bit of talk regarding the creation of customized templates for the Windows Sytem Policy Editor. A recent announcement on the Samba mailing list is worthy of mention. </para> <para> Mike Petersen has announced the availability of a template file he has created. This custom System Policy - Editor Template will allow you to successfully control Microsoft Windows Workstations from an SMB Server, such + Editor Template will allow you to successfully control Microsoft Windows workstations from an SMB server, such as Samba. This template has been tested on a few networks, although if you find any problems with any of these policies, or have any ideas for additional policies, let me know at mailto:mgpeter@pcc-services.com. This - Template includes many policies for Windows XP to allow it to behave better in a professional enviornment. + Template includes many policies for Windows XP to allow it to behave better in a professional environment. </para> <para> diff --git a/docs/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml b/docs/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml index 3bbdd5f073..571ca323ce 100644 --- a/docs/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml +++ b/docs/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml @@ -1285,7 +1285,7 @@ a good idea to add a logon script to preset printer and drive connections. There for automatically synchronizing the workstation time clock with that of the logon server (another good thing to do). </para> -<note><para> To invoke autodeletion of roaming profile from the local workstation cache (disk storage), use +<note><para> To invoke autodeletion of roaming profiles from the local workstation cache (disk storage), use the <application>Group Policy Editor</application> to create a file called <filename>NTConfig.POL</filename> with the appropriate entries. This file needs to be located in the <smbconfsection name="netlogon"/> share root directory.</para></note> diff --git a/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml b/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml index 203524408b..828e3104bd 100644 --- a/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml +++ b/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml @@ -57,11 +57,11 @@ is designed to block man-in-the-middle attempts to violate network integrity. <indexterm><primary>secure authentication</primary></indexterm> Machine (computer) accounts are used in the Windows NT OS family to store security credentials for domain member servers and workstations. When the domain member -starts up it goes through a validation process that includes an exchange of +starts up, it goes through a validation process that includes an exchange of credentials with a domain controller. If the domain member fails to authenticate -using the credentials known for it by domain controllers the machine will be refused +using the credentials known for it by domain controllers, the machine will be refused all access by domain users. The computer account is essential to the way that MS -Windows does secure authentication. +Windows secures authentication. </para></note> <para> @@ -260,7 +260,7 @@ to an account. This capability is inherent to the Domain Admins group and is no <indexterm><primary></primary></indexterm> By default, no privileges are initially assigned to any account because certain actions will be performed as root once smbd determines that a user has the necessary rights. For example, when joining a client to a -Windows domain, the <parameter>add machine script</parameter> must be executed with superuser rights in most +Windows domain, <parameter>add machine script</parameter> must be executed with superuser rights in most cases. For this reason, you should be very careful about handing out privileges to accounts. </para> @@ -282,7 +282,7 @@ Access as the root user (UID=0) bypasses all privilege checks. <indexterm><primary>house-keeping</primary></indexterm> The privileges that have been implemented in Samba-3.0.11 are shown below. It is possible, and likely, that additional privileges may be implemented in later releases of Samba. It is also likely that any privileges -currently implemented but not used may be removed from future releases as a house-keeping matter, so it is +currently implemented but not used may be removed from future releases as a housekeeping matter, so it is important that the successful as well as unsuccessful use of these facilities should be reported on the Samba mailing lists. </para> @@ -482,8 +482,8 @@ SeIncreaseBasePriorityPrivilege Increase scheduling priority SeCreateGlobalPrivilege Create global objects </screen> <indexterm><primary>equivalence</primary></indexterm> - The Samba Team are implementing only those privileges that are logical and useful in the UNIX/Linux - envronment. Many of the Windows 200X/XP privileges have no direct equivalence in UNIX. + The Samba Team is implementing only those privileges that are logical and useful in the UNIX/Linux + environment. Many of the Windows 200X/XP privileges have no direct equivalence in UNIX. </para> </sect2> @@ -499,7 +499,7 @@ SeIncreaseBasePriorityPrivilege Increase scheduling priority <indexterm><primary>passdb backend</primary></indexterm> <indexterm><primary>SID</primary></indexterm> <indexterm><primary>net getlocalsid</primary></indexterm> -Please note that every Windows NT4 and later server requires a domain Administrator account. Samba version +Please note that every Windows NT4 and later server requires a domain Administrator account. Samba versions commencing with 3.0.11 permit Administrative duties to be performed via assigned rights and privileges (see <link linkend="rights">User Rights and Privileges</link>). An account in the server's passdb backend can be set to the well-known RID of the default administrator account. To obtain the domain SID on a Samba domain @@ -533,7 +533,7 @@ or domain. Under UNIX/Linux the equivalent is UID=0 (the root account). <indexterm><primary>Windows group account</primary></indexterm> <indexterm><primary>3.0.11</primary></indexterm> Releases of Samba version 3.0.11 and later make it possible to operate without an Administrator account -providing equivalent rights and privileges have been established for a Windows user or a Windows +provided equivalent rights and privileges have been established for a Windows user or a Windows group account. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml b/docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml index 311817a810..ba8bc45c74 100644 --- a/docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml +++ b/docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml @@ -9,7 +9,7 @@ <para> <indexterm><primary>Transport Layer Seccurity, TLS</primary><secondary>Introduction</secondary></indexterm> <indexterm><primary>ACL</primary></indexterm> - Up until now, we have discussed the straight forward configuration of <trademark>OpenLDAP</trademark>, + Up until now, we have discussed the straightforward configuration of <trademark>OpenLDAP</trademark>, with some advanced features such as ACLs. This does not however, deal with the fact that the network transmissions are still in plain text. This is where <firstterm>Transport Layer Security (TLS)</firstterm> comes in. @@ -18,7 +18,7 @@ <para> <indexterm><primary>RFC 2830</primary></indexterm> <trademark>OpenLDAP</trademark> clients and servers are capable of using the Transport Layer Security (TLS) - framework to provide integrity and confidentiality protections in accordance with - <ulink + framework to provide integrity and confidentiality protections in accordance with <ulink url="http://rfc.net/rfc2830.html">RFC 2830</ulink>; <emphasis>Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security.</emphasis> </para> @@ -68,21 +68,21 @@ <para> <indexterm><primary>OpenSSL</primary></indexterm> We will be using the <ulink url="http://www.openssl.org">OpenSSL</ulink> <footnote><para>The downside to - making our own CA, is that the certificate is not automatically recognised by clients, like the commercial + making our own CA, is that the certificate is not automatically recognized by clients, like the commercial ones are.</para></footnote> software for this, which is included with every great <trademark class="registered">Linux</trademark> distribution. </para> <para> TLS is used for many types of servers, but the instructions<footnote><para>For information straight from the - horses mouth, please visit - <ulink + horse's mouth, please visit <ulink url="http://www.openssl.org/docs/HOWTO/">http://www.openssl.org/docs/HOWTO/</ulink>; the main OpenSSL site.</para></footnote> presented here, are tailored for &OL;. </para> <note><para> - The <emphasis>Common Name (CN)</emphasis>, if the following example, <emphasis>MUST</emphasis> be - the fully qualified domain name (fqdn) of your ldap server. + The <emphasis>Common Name (CN)</emphasis>, in the following example, <emphasis>MUST</emphasis> be + the fully qualified domain name (FQDN) of your ldap server. </para></note> <para> @@ -99,7 +99,7 @@ </computeroutput> </screen> Now generate the CA:<footnote><para>Your <filename>CA.pl</filename> or <filename>CA.sh</filename> might not be - in the same location as mine is, you can find it by using the <command>locate</command> command, i.e. + in the same location as mine is, you can find it by using the <command>locate</command> command, i.e., <command>locate CA.pl</command>. If the command complains about the database being too old, run <command>updatedb</command> as <emphasis>root</emphasis> to update it.</para></footnote> <screen width="90"> @@ -134,7 +134,7 @@ Email Address []:support@abmas.biz </para> <para> - Now, there are some things to note here. + There are some things to note here. </para> <orderedlist> @@ -148,7 +148,7 @@ Email Address []:support@abmas.biz <listitem> <para> The <emphasis>Common Name (CN)</emphasis>, <emphasis>MUST</emphasis> be the - fully qualified domain name (fqdn) of your ldap server. + fully qualified domain name (FQDN) of your ldap server. </para> </listitem> </orderedlist> @@ -205,13 +205,13 @@ An optional company name []: <listitem> <para> The <emphasis>Common Name (CN)</emphasis>, <emphasis>MUST</emphasis> be - the fully qualified domain name (fqdn) of your ldap server. + the fully qualified domain name (FQDN) of your ldap server. </para> </listitem> </orderedlist> <para> - Now, we sign the certificate with the new CA: + Now we sign the certificate with the new CA: <screen width="90"> <computeroutput> &rootprompt; /usr/share/ssl/misc/CA.pl -sign @@ -268,7 +268,7 @@ Signed certificate is in newcert.pem <para> Now we need to copy the certificates to the right configuration directories, - rename them at the same time for convenience, change the ownership and + rename them at the same time (for convenience), change the ownership and finally the permissions: <screen width="90"> <computeroutput> @@ -316,7 +316,7 @@ TLS_CACERT /etc/openldap/cacert.pem <title>Testing</title> <para> -<indexterm><primary>Transport Layer Seccurity, TLS</primary><secondary>Testing</secondary></indexterm> +<indexterm><primary>Transport Layer Security, TLS</primary><secondary>Testing</secondary></indexterm> This is the easy part. Restart the server: <screen width="90"> <computeroutput> @@ -379,10 +379,10 @@ sambaNextGroupRid: 67109863 <title>Troubleshooting</title> <para> -<indexterm><primary>Transport Layer Seccurity, TLS</primary><secondary>Troubleshooting</secondary></indexterm> +<indexterm><primary>Transport Layer Security, TLS</primary><secondary>Troubleshooting</secondary></indexterm> The most common error when configuring TLS, as I have already mentioned numerous times, is that the <emphasis>Common Name (CN)</emphasis> you entered in <xref linkend="s1-config-ldap-tls-server"></xref> is -<emphasis>NOT</emphasis> the Full Qualified Domain Name (FQDN) of your ldap server. +<emphasis>NOT</emphasis> the Fully Qualified Domain Name (FQDN) of your ldap server. </para> <para> diff --git a/docs/Samba3-HOWTO/TOSHARG-Securing.xml b/docs/Samba3-HOWTO/TOSHARG-Securing.xml index 00ac4591fc..21218ea9da 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Securing.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Securing.xml @@ -21,12 +21,12 @@ <indexterm><primary>barriers</primary></indexterm> <indexterm><primary>deterents</primary></indexterm> <indexterm><primary>secured networks</primary></indexterm> -The information contained in this chapter applies in general to all Samba installations. Security us +The information contained in this chapter applies in general to all Samba installations. Security is everyone's concern in the information technology world. A surprising number of Samba servers are being -installed on machines that have direct internet access, thus security is made more critical than had the +installed on machines that have direct internet access, thus security is made more critical than it would have been had the server been located behind a firewall and on a private network. Paranoia regarding server security is causing -some network administrators to insist on the installation of robust firewalls even on server that are located -inside secured networks. This chapter provides brief information to assist the administrator who understands +some network administrators to insist on the installation of robust firewalls even on servers that are located +inside secured networks. This chapter provides information to assist the administrator who understands how to create the needed barriers and deterents against <quote>the enemy</quote>, no matter where [s]he may come from. </para> @@ -72,7 +72,7 @@ the latest protocols to permit more secure MS Windows file and print operations. Samba can be secured from connections that originate from outside the local network. This can be done using <emphasis>host-based protection</emphasis>, using Samba's implementation of a technology known as <quote>tcpwrappers,</quote> or it may be done be using <emphasis>interface-based exclusion</emphasis> so -&smbd; will bind only to specifically permitted interfaces. It is also possible to set specific share or +&smbd; will bind only to specifically permitted interfaces. It is also possible to set specific share- or resource-based exclusions, for example, on the <smbconfsection name="[IPC$]"/> autoshare. The <smbconfsection name="[IPC$]"/> share is used for browsing purposes as well as to establish TCP/IP connections. </para> @@ -184,7 +184,7 @@ before someone will find yet another vulnerability. <indexterm><primary>Ethernet adapters</primary></indexterm> <indexterm><primary>listen for connections</primary></indexterm> This tells Samba to listen for connections only on interfaces with a name starting with - <constant>eth</constant> such as <constant>eth0 or eth1</constant>, plus on the loopback interface called + <constant>eth</constant> such as <constant>eth0</constant> or <constant>eth1</constant>, plus on the loopback interface called <constant>lo</constant>. The name you will need to use depends on what OS you are using. In the above, I used the common name for Ethernet adapters on Linux. </para> @@ -195,7 +195,7 @@ before someone will find yet another vulnerability. <indexterm><primary>cracker</primary></indexterm> <indexterm><primary>confirm address</primary></indexterm> If you use the above and someone tries to make an SMB connection to your host over a PPP interface called - <constant>ppp0,</constant> then [s]he will get a TCP connection refused reply. In that case, no Samba code + <constant>ppp0</constant>, then [s]he will get a TCP connection refused reply. In that case, no Samba code is run at all, because the operating system has been told not to pass connections from that interface to any Samba process. However, the refusal helps a would-be cracker by confirming that the IP address provides valid active services. @@ -207,7 +207,7 @@ before someone will find yet another vulnerability. <indexterm><primary>exploitation</primary></indexterm> <indexterm><primary>denial of service</primary></indexterm> <indexterm><primary>firewall</primary></indexterm> - A better response would be to ignore the connection (from, e.g., ppp0) altogether. The + A better response would be to ignore the connection (from, for example, ppp0) altogether. The advantage of ignoring the connection attempt, as compared with refusing it, is that it foils those who probe an interface with the sole intention of finding valid IP addresses for later use in exploitation or denial of service attacks. This method of dealing with potential malicious activity demands the @@ -379,13 +379,13 @@ problem request are totally convinced that the problem is with Samba. <para> The solution is either to remove the firewall (stop it) or modify the firewall script to allow SMB networking traffic through. See <link linkend="firewallports">the Using a - firewall</link> section. + Firewall</link> section. </para> </sect2> <sect2> - <title>Why Can Users Access Other Users Home Directories?</title> + <title>Why Can Users Access Other Users' Home Directories?</title> <para> <quote> @@ -393,7 +393,7 @@ problem request are totally convinced that the problem is with Samba. <indexterm><primary>own home directory</primary></indexterm> We are unable to keep individual users from mapping to any other user's home directory once they have supplied a valid password! They only need to enter their own password. I have not found any method to - configure Samba so that users may map only their own home directory. + configure Samba so that users may map only their own home directory. </quote> </para> @@ -405,7 +405,7 @@ problem request are totally convinced that the problem is with Samba. <indexterm><primary>security flaw</primary></indexterm> <indexterm><primary>defined shares</primary></indexterm> This is not a security flaw, it is by design. Samba allows users to have exactly the same access to the UNIX - file system as when they were logged onto the UNIX box, except that it only allows such views onto the file + file system as when they were logged on to the UNIX box, except that it only allows such views onto the file system as are allowed by the defined shares. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-ServerType.xml b/docs/Samba3-HOWTO/TOSHARG-ServerType.xml index 0331437e0d..4fdc06d251 100644 --- a/docs/Samba3-HOWTO/TOSHARG-ServerType.xml +++ b/docs/Samba3-HOWTO/TOSHARG-ServerType.xml @@ -20,7 +20,7 @@ itself. </para> <para> -The chapter provides an overview of the security modes of which Samba is capable and how they relate to MS +This chapter provides an overview of the security modes of which Samba is capable and how they relate to MS Windows servers and clients. </para> @@ -90,7 +90,7 @@ So, what are the benefits of the features mentioned in this chapter? <indexterm><primary>encrypted</primary></indexterm> Samba-3 permits use of multiple concurrent account database backends. (Encrypted passwords that are stored in the account database are in - formats that is unique to Windows networking). + formats that are unique to Windows networking). </para></listitem> <listitem><para> @@ -111,7 +111,7 @@ So, what are the benefits of the features mentioned in this chapter? <para> <indexterm><primary>Server Type</primary></indexterm> -Administrators of Microsoft networks often refer to three different type of servers: +Administrators of Microsoft networks often refer to three different types of servers: </para> <itemizedlist> @@ -146,9 +146,9 @@ they lay the foundation for deployment of Samba domain security. <para> <indexterm><primary>standalone</primary></indexterm> -A Standalone server has is autonomous in respect of the source of its account backend. +A Standalone server is autonomous in respect of the source of its account backend. Refer to <link linkend="StandAloneServer">Standalone Servers</link> to gain a wider appreciation -of what is mean by a server being configured as a <emphasis>standalone</emphasis> server. +of what is meant by a server being configured as a <emphasis>standalone</emphasis> server. </para> </sect1> @@ -160,7 +160,7 @@ of what is mean by a server being configured as a <emphasis>standalone</emphasis <para> <indexterm><primary>Security Mode</primary></indexterm> <indexterm><primary>security</primary></indexterm> -In this section the function and purpose of Samba's security modes are described. An accurate understanding of +In this section, the function and purpose of Samba's security modes are described. An accurate understanding of how Samba implements each security mode as well as how to configure MS Windows clients for each mode will significantly reduce user complaints and administrator heartache. </para> @@ -245,7 +245,7 @@ authentication contexts in this way (WinDD is an example of an application that Windows networking user account names are case-insensitive, meaning that upper-case and lower-case characters in the account name are considered equivalent. They are said to be case-preserving, but not case significant. Windows and LanManager systems previous to Windows NT version 3.10 have case-insensitive passwords that were -not necessarilty case-preserving. All Windows NT family systems treat passwords are case-preserving and +not necessarilty case-preserving. All Windows NT family systems treat passwords as case-preserving and case-sensitive. </para> @@ -300,10 +300,10 @@ authenticated as that user. <indexterm><primary>name service switch</primary><see>NSS</see></indexterm> <indexterm><primary>/etc/passwd</primary></indexterm> <indexterm><primary>nsswitch.conf</primary></indexterm> -Where the list of possible user names is not provided, Samba checks makes a UNIX system call to find the user +Where the list of possible user names is not provided, Samba makes a UNIX system call to find the user account that has a password that matches the one provided from the standard account database. On a system that -has no name service switch (NSS) facility such lookups will be from the <filename>/etc/passwd</filename> -database. On NSS enabled systems the lookup will go to the libraries that have been specified in the +has no name service switch (NSS) facility, such lookups will be from the <filename>/etc/passwd</filename> +database. On NSS enabled systems, the lookup will go to the libraries that have been specified in the <filename>nsswitch.conf</filename> file. The entries in that file in which the libraries are specified are: <screen> passwd: files nis ldap @@ -369,12 +369,12 @@ have a machine account in the security database. <indexterm><primary>machine</primary><secondary>account</secondary></indexterm> <indexterm><primary>NetBIOS</primary><secondary>name</secondary></indexterm> <indexterm><primary>NetBIOS</primary></indexterm> -Within the domain security environment the underlying security architecture uses User-level security. Even +Within the domain security environment, the underlying security architecture uses user-level security. Even machines that are domain members must authenticate on startup. The machine account consists of an account entry in the accounts database, the name of which is the NetBIOS name of the machine and of which the password is randomly generated and known to both the domain controllers and the member machine. If the machine account -can not be validated during startup, users will not be able to log onto the domain using this machine because -it can not be trusted. The machine account is referred to as a machine trust account. +cannot be validated during startup, users will not be able to log on to the domain using this machine because +it cannot be trusted. The machine account is referred to as a machine trust account. </para> <para> @@ -489,7 +489,7 @@ domain members. This is contrary to popular belief. <para> If you are using Active Directory, starting with Samba-3 you can join as a native AD member. Why would you want to do that? Your security policy might prohibit the use of NT-compatible authentication protocols. All -your machines are running Windows 2000 and above and all use Kerberos. In this case Samba, as an NT4-style +your machines are running Windows 2000 and above and all use Kerberos. In this case, Samba, as an NT4-style domain, would still require NT-compatible authentication data. Samba in AD-member mode can accept Kerberos tickets. </para> @@ -749,7 +749,7 @@ to use another SMB server as its source for user authentication alone. <para> Samba is a server regardless of which security mode is chosen. When Samba is used outside of a domain security -context, it is best to leave the security mode at the default setting. By default Samba-3 uses User-mode +context, it is best to leave the security mode at the default setting. By default Samba-3 uses user-mode security. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-Speed.xml b/docs/Samba3-HOWTO/TOSHARG-Speed.xml index 4ad59eacdc..18a15ae092 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Speed.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Speed.xml @@ -222,8 +222,8 @@ A user wrote the following to the mailing list: <para> <indexterm><primary>Gentoo</primary></indexterm> <indexterm><primary>slow network</primary></indexterm> -I am running Gentoo on my server and Samba 2.2.8a. Recently I changed kernel version from -<filename>linux-2.4.19-gentoo-r10</filename> to <filename>linux-2.4.20-wolk4.0s</filename>. And now I have a +I am running Gentoo on my server and Samba 2.2.8a. Recently I changed kernel versions from +<filename>linux-2.4.19-gentoo-r10</filename> to <filename>linux-2.4.20-wolk4.0s</filename>. Now I have a performance issue with Samba. Many of you will probably say, <quote>Move to vanilla sources!</quote> Well, I tried that and it didn't work. I have a 100MB LAN and two computers (Linux and Windows 2000). The Linux server shares directories with DivX files, the client (Windows 2000) plays them via LAN. Before, when I was running diff --git a/docs/Samba3-HOWTO/TOSHARG-StandAloneServer.xml b/docs/Samba3-HOWTO/TOSHARG-StandAloneServer.xml index fa7fdf72b9..895544ed22 100644 --- a/docs/Samba3-HOWTO/TOSHARG-StandAloneServer.xml +++ b/docs/Samba3-HOWTO/TOSHARG-StandAloneServer.xml @@ -126,7 +126,7 @@ attempt a high level of creativity and to introduce too much complexity in serve <indexterm><primary>reference documents</primary></indexterm> <indexterm><primary>/export</primary></indexterm> <indexterm><primary>/etc/passwd</primary></indexterm> -Configuration of a read-only data server that everyone can access is very simple. By default all shares are +Configuration of a read-only data server that everyone can access is very simple. By default, all shares are read-only, unless set otherwise in the &smb.conf; file. <link linkend="simplynice">The example - Reference Documentation Server</link> is the &smb.conf; file that will do this. Assume that all the reference documents are stored in the directory <filename>/export</filename>, and the documents are owned by a user other than @@ -171,7 +171,7 @@ of course make use of it. </para> <para> -A USAF Colonel was renowned for saying: <quote>Better is the enemy of good enough!</quote> There are often +A US Air Force Colonel was renowned for saying: <quote>Better is the enemy of good enough!</quote> There are often sound reasons for avoiding complexity as well as for avoiding a technically perfect solution. Unfortunately, many network administrators still need to learn the art of doing just enough to keep out of trouble. </para> @@ -243,7 +243,7 @@ the anonymous (guest) user, two things will be required to enable anonymous prin <indexterm><primary>passwd</primary></indexterm> It is a good idea either to set a password on this account, or else to lock it from UNIX use. Assuming that the guest account is called <literal>pcguest</literal>, - it can be locked by excuting: + it can be locked by executing: <screen> &rootprompt; passwd -l pcguest </screen> diff --git a/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml b/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml index 376a894611..63dbf7bfce 100644 --- a/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml +++ b/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml @@ -186,7 +186,7 @@ the infliction of self-induced pain, agony, and desperation. Be warned: this is </para> <para> - In order to make available to the Windows environment Samba has a facility by which UNIX groups can + In order to make available to the Windows environment, Samba has a facility by which UNIX groups can be mapped to a logical entity, called a Windows (or domain) group. Samba supports two types of Windows groups, local and global. Global groups can contain as members, global users. This membership is affected in the normal UNIX manner, but adding UNIX users to UNIX groups. Windows user accounts consist @@ -370,7 +370,7 @@ SupportEngrs (S-1-5-21-72630-4128915-11681869-3007) -> SupportEngrs <screen> &rootprompt; net groupmap add ntgroup=Pixies unixgroup=pixies type=l </screen> - Supported mapping types are 'd' (domain global) and 'l' (domain local), a domain local group is Samba is + Supported mapping types are 'd' (domain global) and 'l' (domain local), a domain local group in Samba is treated as local to the individual Samba server. Local groups can be used with Samba to enable multiple nested group support. </para> @@ -653,7 +653,7 @@ exit 0 </procedure> <para> - This script will be executed every time a user logs onto the network. Therefore every user will + This script will be executed every time a user logs on to the network. Therefore every user will have local Windows workstation management rights. This could of course be assigned using a group, in which case there is little justification for the use of this procedure. The key justification for the use of this method is that it will guarantee that all users have appropriate rights on @@ -971,7 +971,7 @@ SeDiskOperatorPrivilege <para> The net command looks in the &smb.conf; file to obtain its own configuration settings. Thus, the following - command 'know' which domain to join from the &smb.conf; file. + command 'knows' which domain to join from the &smb.conf; file. </para> <para> diff --git a/docs/Samba3-HOWTO/TOSHARG-VFS.xml b/docs/Samba3-HOWTO/TOSHARG-VFS.xml index 1ed9cddd83..41b9562c40 100644 --- a/docs/Samba3-HOWTO/TOSHARG-VFS.xml +++ b/docs/Samba3-HOWTO/TOSHARG-VFS.xml @@ -19,8 +19,8 @@ <indexterm><primary>Virtual File System</primary><see>VFS</see></indexterm> <indexterm><primary>modules</primary></indexterm> <indexterm><primary>loaded modules</primary></indexterm> -Stackable VFS (Virtual File System) modules support was new to Samba-3 and has proven quite popular. Samba -passes each request to access the UNIX file system through the loaded VFS modules. This chapter covers the +Stackable VFS (Virtual File System) modules support was new to Samba-3 and has proven quite popular. Samba +passes each request to access the UNIX file system through the loaded VFS modules. This chapter covers the modules that come with the Samba source and provides references to some external modules. </para> @@ -33,7 +33,7 @@ modules that come with the Samba source and provides references to some external <para> <indexterm><primary>IRIX</primary></indexterm> <indexterm><primary>GNU/Linux</primary></indexterm> -If not supplied with your platform distribution binary Samba package you may have problems compiling these +If not supplied with your platform distribution binary Samba package, you may have problems compiling these modules, as shared libraries are compiled and linked in different ways on different systems. They currently have been tested against GNU/Linux and IRIX. </para> @@ -66,7 +66,7 @@ modules example</link>: <indexterm><primary>recycle bin</primary></indexterm> The modules are used in the order in which they are specified. Let's say that you want to both have a virus scanner module and a recycle bin module. It is wise to put the virus scanner module as the first one so that -it is the first that get run an may detect a virus immediately, before any action is performed on that file. +it is the first to get run and may detect a virus immediately, before any action is performed on that file. <smbconfoption name="vfs objects">vscan-clamav recycle</smbconfoption> </para> @@ -344,7 +344,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <para> The shadow_copy module allows you to setup functionality that is similar to MS shadow copy services. When - setup properly, this module allows Microsoft shadow copy clients to browse "shadow copies" on samba shares. + setup properly, this module allows Microsoft shadow copy clients to browse "shadow copies" on Samba shares. You will need to install the shadow copy client. You can get the MS shadow copy client <ulink noescape="1" url="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx">here.</ulink>. Note the additional requirements for pre-Windows XP clients. I did not test this functionality with any pre-Windows XP @@ -386,7 +386,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <para> See <ulink url="http://www-106.ibm.com/developerworks/linux/library/l-lvm/">Learning Linux LVM, Part 1</ulink> and <ulink url="http://www-106.ibm.com/developerworks/library/l-lvm2.html">Learning - Linux LWM, Part 2</ulink> for Daniel Robbins' well written a two part tutorial on Linux and LVM using LVM + Linux LWM, Part 2</ulink> for Daniel Robbins' well-written, two part tutorial on Linux and LVM using LVM source code and reiserfs.</para> </listitem> </itemizedlist> @@ -398,7 +398,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <indexterm><primary>Debian Sarge</primary></indexterm> At the time of this writing, not much testing has been done. I tested the shadow copy VFS module with a specific scenario which was not deployed in a production environment, but more as a proof of concept. The - scenario involved a Samba 3 file server on Debian Sarge with an XFS file system and LVM1. I do NOT recommend + scenario involved a Samba-3 file server on Debian Sarge with an XFS file system and LVM1. I do NOT recommend you use this as a solution without doing your own due diligence with regard to all the components presented here. That said, following is an basic outline of how I got things going. </para> @@ -408,7 +408,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <formalpara><title>Installed Operating System </title> <para> In my tests, I used <ulink url="http://www.debian.org/devel/debian-installer/">Debian - Sarge</ulink> (i.e. testing) on an XFS file system. Setting up the OS is a bit beyond the scope of this + Sarge</ulink> (i.e., testing) on an XFS file system. Setting up the OS is a bit beyond the scope of this document. It is assumed that you have a working OS capable of running Samba. </para></formalpara> </listitem> @@ -418,7 +418,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <para> See the <link linkend="introduction">installation section</link> of this HOWTO for more detail on this. It doesn't matter if it is a Domain Controller or Member File Server, but it is assumed that you have a - working Samba 3.0.3 or newer server running. + working Samba 3.0.3 or later server running. </para></formalpara> </listitem> @@ -457,7 +457,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <indexterm><primary>cfdisk</primary></indexterm> <indexterm><primary>Linux LVM</primary></indexterm> Now you need to create a volume. You will need to create a partition (or partitions) to add to your volume. - Use your favorite partitioning tool (e.g. Linux fdisk, cfdisk, etc.). The partition type should be set to + Use your favorite partitioning tool (e.g., Linux fdisk, cfdisk, etc.). The partition type should be set to 0x8e for "Linux LVM." In this example, we will use /dev/hdb1. </para> @@ -466,8 +466,8 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <indexterm><primary>LVM volume</primary></indexterm> <indexterm><primary>modprobe</primary></indexterm> Once you have the Linux LVM partition (type 0x8e), you can run a series of commands to create the LVM volume. - You can use several disks and or partitions, but we will use only one in this example. You may also need to - load the kernel module with something like <command>modprobe lvm-mod </command> and set your system up to load + You can use several disks and/or partitions, but we will use only one in this example. You may also need to + load the kernel module with something like <command>modprobe lvm-mod</command> and set your system up to load it on reboot by adding it to (<filename>/etc/modules</filename>). </para></listitem> @@ -479,7 +479,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <listitem><para> <indexterm><primary>vgcreate</primary></indexterm> <indexterm><primary>volume group</primary></indexterm> - Create the volume group with and add /dev/hda1 to it with <command>vgcreate shadowvol /dev/hdb1</command> + Create the volume group and add /dev/hda1 to it with <command>vgcreate shadowvol /dev/hdb1</command> </para> <para> @@ -494,7 +494,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <para> <indexterm><primary>/dev/shadowvol</primary></indexterm> - This creates the logical volume of 400MB's named "sh_test" in the volume group we created called shadowvol. + This creates the logical volume of 400 MBs named "sh_test" in the volume group we created called shadowvol. If everything is working so far, you should see them in <filename>/dev/shadowvol</filename>. </para></listitem> @@ -511,7 +511,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <indexterm><primary>resizing</primary></indexterm> <indexterm><primary>growing</primary></indexterm> You can format the logical volume with any file system you choose, but make sure to use one that allows you to - take advantage of the additional features of LVM such as freezing, resizing and growing your file systems. + take advantage of the additional features of LVM such as freezing, resizing, and growing your file systems. </para> <para> @@ -529,7 +529,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin <screen> &rootprompt; mkdir -p /data/shadow_share </screen> - or whatever you want to name your shadow copy enabled Samba share. Make sure you set the permissions such that + or whatever you want to name your shadow copy-enabled Samba share. Make sure you set the permissions so that you can use it. If in doubt, use <command>chmod 777 /data/shadow_share</command> and tighten the permissions once you get things working. </para></listitem> @@ -578,7 +578,7 @@ shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</lin Before you can browse the shadow copies, you must create them and mount them. This will most likely be done with a script that runs as a cron job. With this particular solution, the shadow_copy VFS module is used to browse LVM snapshots. Those snapshots are not created by the module. They are not made available by the - module either. This module allows the shadow copy enabled client to browse the snapshots you take and make + module either. This module allows the shadow copy-enabled client to browse the snapshots you take and make available. </para></formalpara> @@ -605,7 +605,7 @@ mount /dev/shadowvol/$SNAPNAME \ url="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx">Microsoft web site.</ulink> I only tested this with an XP client so your results may vary with other pre-XP clients. Once installed, with your XP client you can right-click on specific files or in the empty space of the shadow_share and view the - "properties". If anything has changed, then you will see it on the "Previous Versions" tab of the properties + "properties." If anything has changed, then you will see it on the "Previous Versions" tab of the properties window. </para></formalpara> </listitem> @@ -643,15 +643,15 @@ Taylors University DatabaeFS</ulink> <para> I have created a VFS module that implements a fairly complete read-only filesystem. It presents information -from a database as a filesystem in a modular and generic way to allow different databases to be used -(originally designed for organizing MP3s under directories such as <quote>Artists,</quote> <quote>Song +from a database as a filesystem in a modular and generic way to allow different databases to be used. +(Originally designed for organizing MP3s under directories such as <quote>Artists,</quote> <quote>Song Keywords,</quote> and so on. I have since easily applied it to a student roster database.) The directory structure is stored in the database itself and the module makes no assumptions about the database structure beyond the table it requires to run. </para> <para> -Any feedback would be appreciated: comments, suggestions, patches, and so on. If nothing else, hopefully it +Any feedback would be appreciated: comments, suggestions, patches, and so on. If nothing else, it might prove useful for someone else who wishes to create a virtual filesystem. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-Winbind.xml b/docs/Samba3-HOWTO/TOSHARG-Winbind.xml index 6637a32715..7fcf516b4a 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Winbind.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Winbind.xml @@ -113,7 +113,7 @@ <indexterm><primary>NSS</primary></indexterm> If <command>winbindd</command> is not running, smbd (which calls <command>winbindd</command>) will fall back to using purely local information from <filename>/etc/passwd</filename> and <filename>/etc/group</filename> and no dynamic - mapping will be used. On an operating system that has beeb enabled with the NSS, + mapping will be used. On an operating system that has been enabled with the NSS, the resolution of user and group information will be accomplished via NSS. </para></note> @@ -272,7 +272,7 @@ <para> <indexterm><primary>PDC</primary></indexterm> Response: <quote>Why? I've used Samba with workstations that are not part of my domains - lots of times without using winbind. I though winbind was for using Samba as a member server + lots of times without using winbind. I thought winbind was for using Samba as a member server in a domain controlled by another Samba/Windows PDC.</quote> </para> @@ -634,7 +634,7 @@ instructions on downloading the source code. To allow domain users the ability to access Samba shares and files, as well as potentially other services provided by your Samba machine, PAM must be set up properly on your machine. In order to compile the Winbind modules, you should have at least the PAM development libraries installed -on your system. Please refer the PAM Web site <ulink url="http://www.kernel.org/pub/linux/libs/pam/"/>. +on your system. Please refer to the PAM Web site <ulink url="http://www.kernel.org/pub/linux/libs/pam/"/>. </para> </sect2> @@ -756,7 +756,7 @@ Configuration file [version 4]: /var/ld/ld.config Command line: crle -c /var/ld/ld.config -l /lib:/usr/lib:/usr/local/lib </screen> -From this it is apparent that the <filename>/usr/local/lib</filename> directory is be included +From this it is apparent that the <filename>/usr/local/lib</filename> directory is included in the search dynamic link libraries in order to satisfy object module dependencies. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml b/docs/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml index df030d77dd..50ee1c63e0 100644 --- a/docs/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml +++ b/docs/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml @@ -465,7 +465,7 @@ that are in common use today. These are: <indexterm><primary>root</primary></indexterm> Enter the name <quote>root</quote> and the root password from your Samba-3 server. See <link linkend="wxpp008"></link>. <figure id="wxpp008"> - <title>Computer Name Changes &smbmdash; Username and PasswordPanel.</title><imagefile>wxpp008</imagefile> + <title>Computer Name Changes &smbmdash; Username and Password Panel.</title><imagefile>wxpp008</imagefile> </figure> </para></step> diff --git a/docs/Samba3-HOWTO/TOSHARG-glossary.xml b/docs/Samba3-HOWTO/TOSHARG-glossary.xml index 34b15ee21b..6410e3e0f7 100644 --- a/docs/Samba3-HOWTO/TOSHARG-glossary.xml +++ b/docs/Samba3-HOWTO/TOSHARG-glossary.xml @@ -208,7 +208,7 @@ <glossdef><para> RPCs are a means for executing network operations. The RPC protocol is independent of transport protocols. RPC does not try to implement any kind of reliability and the application that uses RPCs must be aware of the type - of transport protocol underneath RPC. An RPC is like a programatic a jump subroutine over a network. RPCs used + of transport protocol underneath RPC. An RPC is like a programmatic jump subroutine over a network. RPCs used in the UNIX environment are specified in RFC 1050. RPC is a powerful technique for constructing distributed, client-server based applications. It is based on extending the notion of conventional, or local procedure calling, so that the called procedure need not exist in the same address space as the calling procedure. The diff --git a/docs/Samba3-HOWTO/TOSHARG-locking.xml b/docs/Samba3-HOWTO/TOSHARG-locking.xml index 4a433fb6c3..ee48f8c90d 100644 --- a/docs/Samba3-HOWTO/TOSHARG-locking.xml +++ b/docs/Samba3-HOWTO/TOSHARG-locking.xml @@ -1108,7 +1108,7 @@ tdb(/usr/local/samba_2.2.7/var/locks/locking.tdb): rec_read bad magic <para> You may want to check for an updated documentation regarding file and record locking issues on the Microsoft -<ulink url="http://support.microsoft.com/">Support</ulink> web site. Additionally, a search for the work +<ulink url="http://support.microsoft.com/">Support</ulink> web site. Additionally, search for the word <literal>locking</literal> on the Samba <ulink url="http://www.samba.org/">web</ulink> site. </para> |