summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2002-10-21 18:01:02 +0000
committerJelmer Vernooij <jelmer@samba.org>2002-10-21 18:01:02 +0000
commit6c82e994d9d796a6ffd6061eb2b5a368edfa8969 (patch)
tree69855a3910903b7064cf3816c77ddc193f2a6a33
parentd24b7bb1022df7062c9e5f8e7eb8a4ed4e4e26dd (diff)
downloadsamba-6c82e994d9d796a6ffd6061eb2b5a368edfa8969.tar.gz
samba-6c82e994d9d796a6ffd6061eb2b5a368edfa8969.tar.bz2
samba-6c82e994d9d796a6ffd6061eb2b5a368edfa8969.zip
Add faq chapter about the samba features
(This used to be commit b55fe96c1f073e81ce564d16d70cae49e1862cf5)
-rw-r--r--docs/docbook/faq/features.sgml376
1 files changed, 376 insertions, 0 deletions
diff --git a/docs/docbook/faq/features.sgml b/docs/docbook/faq/features.sgml
new file mode 100644
index 0000000000..d464885f9e
--- /dev/null
+++ b/docs/docbook/faq/features.sgml
@@ -0,0 +1,376 @@
+<chapter id="features">
+
+<title>Features</title>
+
+<sect1>
+<title>How can I prevent my samba server from being used to distribute the Nimda worm?</title>
+
+<para>Author: HASEGAWA Yosuke (translated by <ulink url="monyo@samba.gr.jp">TAKAHASHI Motonobu</ulink>)</para>
+
+<para>
+Nimba Worm is infected through shared disks on a network, as well as through
+Microsoft IIS, Internet Explorer and mailer of Outlook series.
+</para>
+
+<para>
+At this time, the worm copies itself by the name *.nws and *.eml on
+the shared disk, moreover, by the name of Riched20.dll in the folder
+where *.doc file is included.
+</para>
+
+<para>
+To prevent infection through the shared disk offered by Samba, set
+up as follows:
+</para>
+
+<para>
+<programlisting>
+[global]
+ ...
+ # This can break Administration installations of Office2k.
+ # in that case, don't veto the riched20.dll
+ veto files = /*.eml/*.nws/riched20.dll/
+</programlisting>
+</para>
+
+<para>
+By setting the "veto files" parameter, matched files on the Samba
+server are completely hidden from the clients and making it impossible
+to access them at all.
+</para>
+
+<para>
+In addition to it, the following setting is also pointed out by the
+samba-jp:09448 thread: when the
+"readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on
+a Samba server, it is visible only as "readme.txt" and dangerous
+code may be executed if this file is double-clicked.
+</para>
+
+<para>
+Setting the following,
+<programlisting>
+ veto files = /*.{*}/
+</programlisting>
+any files having CLSID in its file extension will be inaccessible from any
+clients.
+</para>
+
+<para>
+This technical article is created based on the discussion of
+samba-jp:09448 and samba-jp:10900 threads.
+</para>
+</sect1>
+
+<sect1>
+<title>How can I use samba as a fax server?</title>
+
+<para>Contributor: <ulink url="mailto:zuber@berlin.snafu.de">Gerhard Zuber</ulink></para>
+
+<para>Requirements:
+<simplelist>
+<member>UNIX box (Linux preferred) with SAMBA and a faxmodem</member>
+<member>ghostscript package</member>
+<member>mgetty+sendfax package</member>
+<member>pbm package (portable bitmap tools)</member>
+</simplelist>
+</para>
+
+<para>First, install and configure the required packages. Be sure to read the mgetty+sendfax
+manual carefully.</para>
+
+<sect2>
+<title>Tools for printing faxes</title>
+
+<para>Your incomed faxes are in:
+<filename>/var/spool/fax/incoming</filename>
+
+<para>print it with:</para>
+
+<para><programlisting>
+for i in *
+do
+g3cat $i | g3tolj | lpr -P hp
+done
+</programlisting>
+</para>
+
+<para>
+g3cat is in the tools-section, g3tolj is in the contrib-section
+for printing to HP lasers.
+</para>
+
+<para>
+If you want to produce files for displaying and printing with Windows, use
+some tools from the pbm-package like the following command: <command>g3cat $i | g3topbm - | ppmtopcx - >$i.pcx</command>
+and view it with your favourite Windows tool (maybe paintbrush)
+</para>
+
+</sect2>
+
+<sect2>
+<title>Making the fax-server</title>
+
+<para>fetch the file <filename>mgetty+sendfax/frontends/winword/faxfilter</filename> and place it in <filename>/usr/local/etc/mgetty+sendfax/</filename>(replace /usr/local/ with whatever place you installed mgetty+sendfax)</para>
+
+<para>prepare your faxspool file as mentioned in this file
+edit fax/faxspool.in and reinstall or change the final
+/usr/local/bin/faxspool too.
+</para>
+
+<para><programlisting>
+if [ "$user" = "root" -o "$user" = "fax" -o \
+ "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ]
+</programlisting></para>
+
+<para>find the first line and change it to the second.</para>
+
+<para>
+make sure you have pbmtext (from the pbm-package). This is
+needed for creating the small header line on each page.
+</para>
+
+<para>Prepare your faxheader <filename>/usr/local/etc/mgetty+sendfax/faxheader</filename></para>
+
+<para>
+Edit your /etc/printcap file:
+<programlisting>
+# FAX
+lp3|fax:\
+ :lp=/dev/null:\
+ :sd=/usr/spool/lp3:\
+ :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\
+ :lf=/usr/spool/lp3/fax-log:
+</programlisting>
+
+<para>Now, edit your <filename>smb.conf</filename> so you have a smb based printer named "fax"</para>
+
+</sect2>
+
+<sect2>
+<title>Installing the client drivers</title>
+
+<para>
+Now you have a printer called "fax" which can be used via
+TCP/IP-printing (lpd-system) or via SAMBA (windows printing).
+</para>
+
+<para>
+On every system you are able to produce postscript-files you
+are ready to fax.
+</para>
+
+<para>
+On Windows 3.1 95 and NT:
+</para>
+
+<para>
+Install a printer wich produces postscript output,
+ e.g. apple laserwriter
+</para>
+
+<para>Connect the "fax" to your printer.</para>
+
+<para>
+Now write your first fax. Use your favourite wordprocessor,
+write, winword, notepad or whatever you want, and start
+with the headerpage.
+</para>
+
+<para>
+Usually each fax has a header page. It carries your name,
+your address, your phone/fax-number.
+</para>
+
+<para>
+It carries also the recipient, his address and his *** fax
+number ***. Now here is the trick:
+</para>
+
+<para>
+Use the text:
+<programlisting>
+Fax-Nr: 123456789
+</programlisting>
+as the recipients fax-number. Make sure this text does not
+occur in regular text ! Make sure this text is not broken
+by formatting information, e.g. format it as a single entity.
+(Windows Write and Win95 Wordpad are functional, maybe newer
+ versions of Winword are breaking formatting information).
+</para>
+
+<para>
+The trick is that postscript output is human readable and
+the faxfilter program scans the text for this pattern and
+uses the found number as the fax-destination-number.
+</para>
+
+<para>
+Now print your fax through the fax-printer and it will be
+queued for later transmission. Use faxrunq for sending the
+queue out.
+</para>
+
+</sect2>
+
+<sect2>
+<title>Example smb.conf</title>
+
+<para><programlisting>
+[global]
+ printcap name = /etc/printcap
+ print command = /usr/bin/lpr -r -P %p %s
+ lpq command = /usr/bin/lpq -P %p
+ lprm command = /usr/bin/lprm -P %p %j
+
+[fax]
+ comment = FAX (mgetty+sendfax)
+ path = /tmp
+ printable = yes
+ public = yes
+ writable = no
+ create mode = 0700
+ browseable = yes
+ guest ok = no
+</programlisting></para>
+
+</sect2>
+</sect1>
+
+<sect1>
+<title>Samba doesn't work well together with DHCP!</title>
+
+<para>
+We wish to help those folks who wish to use the ISC DHCP Server and provide
+sample configuration settings. Most operating systems today come ship with
+the ISC DHCP Server. ISC DHCP is available from:
+<ulink url="ftp://ftp.isc.org/isc/dhcp">ftp://ftp.isc.org/isc/dhcp</ulink>
+</para>
+
+<para>
+Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows
+NT/2000) will lead to problems with browsing and with general network
+operation. Windows 9X/ME users often report problems where the TCP/IP and related
+network settings will inadvertantly become reset at machine start-up resulting
+in loss of configuration settings. This results in increased maintenance
+overheads as well as serious user frustration.
+</para>
+
+<para>
+In recent times users on one mailing list incorrectly attributed the cause of
+network operating problems to incorrect configuration of Samba.
+</para>
+
+<para>
+One user insisted that the only way to provent Windows95 from periodically
+performing a full system reset and hardware detection process on start-up was
+to install the NetBEUI protocol in addition to TCP/IP. This assertion is not
+correct.
+</para>
+
+<para>
+In the first place, there is NO need for NetBEUI. All Microsoft Windows clients
+natively run NetBIOS over TCP/IP, and that is the only protocol that is
+recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will
+cause problems with browse list operation on most networks. Even Windows NT
+networks experience these problems when incorrectly configured Windows95
+systems share the same name space. It is important that only those protocols
+that are strictly needed for site specific reasons should EVER be installed.
+</para>
+
+<para>
+Secondly, and totally against common opinion, DHCP is NOT an evil design but is
+an extension of the BOOTP protocol that has been in use in Unix environments
+for many years without any of the melt-down problems that some sensationalists
+would have us believe can be experienced with DHCP. In fact, DHCP in covered by
+rfc1541 and is a very safe method of keeping an MS Windows desktop environment
+under control and for ensuring stable network operation.
+</para>
+
+<para>
+Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95
+store all network configuration settings a registry. There are a few reports
+from MS Windows network administrators that warrant mention here. It would appear
+that when one sets certain MS TCP/IP protocol settings (either directly or via
+DHCP) that these do get written to the registry. Even though a subsequent
+change of setting may occur the old value may persist in the registry. This
+has been known to create serious networking problems.
+</para>
+
+<para>
+An example of this occurs when a manual TCP/IP environment is configured to
+include a NetBIOS Scope. In this event, when the administrator then changes the
+configuration of the MS TCP/IP protocol stack, without first deleting the
+current settings, by simply checking the box to configure the MS TCP/IP stack
+via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be
+applied to the resulting DHCP offered settings UNLESS the DHCP server also sets
+a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS
+Scope from your DHCP server. The can be done in the dhcpd.conf file with the
+parameter:
+<command>option netbios-scope "";</command>
+</para>
+
+<para>
+While it is true that the Microsoft DHCP server that comes with Windows NT
+Server provides only a sub-set of rfc1533 functionality this is hardly an issue
+in those sites that already have a large investment and commitment to Unix
+systems and technologies. The current state of the art of the DHCP Server
+specification in covered in rfc2132.
+</para>
+
+</sect1>
+
+<sect1>
+<title>How can I assign NetBIOS names to clients with DHCP?</title>
+
+<para>
+SMB network clients need to be configured so that all standard TCP/IP name to
+address resolution works correctly. Once this has been achieved the SMB
+environment provides additional tools and services that act as helper agents in
+the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One
+such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it
+in their Windows NT Server implementation WINS (Windows Internet Name Server).
+</para>
+
+<para>
+A client needs to be configured so that it has a unique Machine (Computer)
+Name.
+</para>
+
+<para>
+This can be done, but needs a few NT registry hacks and you need to be able to
+speak UNICODE, which is of course no problem for a True Wizzard(tm) :)
+Instructions on how to do this (including a small util for less capable
+Wizzards) can be found at
+</para>
+
+<para><ulink url="http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html">http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html</ulink></para>
+
+</sect1>
+
+<sect1>
+<title>How do I convert between unix and dos text formats?</title>
+
+<para>
+Jim barry has written an <ulink url="ftp://samba.org/pub/samba/contributed/fixcrlf.zip">
+excellent drag-and-drop cr/lf converter for
+windows</ulink>. Just drag your file onto the icon and it converts the file.
+</para>
+
+<para>
+The utilities unix2dos and dos2unix(in the mtools package) should do
+the job under unix.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Does samba have wins replication support?</title>
+
+<para>
+At the time of writing there is currently being worked on a wins replication implementation(wrepld).
+</para>
+
+</sect1>
+
+</chapter>