diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2002-10-21 18:01:02 +0000 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2002-10-21 18:01:02 +0000 |
commit | 6c82e994d9d796a6ffd6061eb2b5a368edfa8969 (patch) | |
tree | 69855a3910903b7064cf3816c77ddc193f2a6a33 | |
parent | d24b7bb1022df7062c9e5f8e7eb8a4ed4e4e26dd (diff) | |
download | samba-6c82e994d9d796a6ffd6061eb2b5a368edfa8969.tar.gz samba-6c82e994d9d796a6ffd6061eb2b5a368edfa8969.tar.bz2 samba-6c82e994d9d796a6ffd6061eb2b5a368edfa8969.zip |
Add faq chapter about the samba features
(This used to be commit b55fe96c1f073e81ce564d16d70cae49e1862cf5)
-rw-r--r-- | docs/docbook/faq/features.sgml | 376 |
1 files changed, 376 insertions, 0 deletions
diff --git a/docs/docbook/faq/features.sgml b/docs/docbook/faq/features.sgml new file mode 100644 index 0000000000..d464885f9e --- /dev/null +++ b/docs/docbook/faq/features.sgml @@ -0,0 +1,376 @@ +<chapter id="features"> + +<title>Features</title> + +<sect1> +<title>How can I prevent my samba server from being used to distribute the Nimda worm?</title> + +<para>Author: HASEGAWA Yosuke (translated by <ulink url="monyo@samba.gr.jp">TAKAHASHI Motonobu</ulink>)</para> + +<para> +Nimba Worm is infected through shared disks on a network, as well as through +Microsoft IIS, Internet Explorer and mailer of Outlook series. +</para> + +<para> +At this time, the worm copies itself by the name *.nws and *.eml on +the shared disk, moreover, by the name of Riched20.dll in the folder +where *.doc file is included. +</para> + +<para> +To prevent infection through the shared disk offered by Samba, set +up as follows: +</para> + +<para> +<programlisting> +[global] + ... + # This can break Administration installations of Office2k. + # in that case, don't veto the riched20.dll + veto files = /*.eml/*.nws/riched20.dll/ +</programlisting> +</para> + +<para> +By setting the "veto files" parameter, matched files on the Samba +server are completely hidden from the clients and making it impossible +to access them at all. +</para> + +<para> +In addition to it, the following setting is also pointed out by the +samba-jp:09448 thread: when the +"readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on +a Samba server, it is visible only as "readme.txt" and dangerous +code may be executed if this file is double-clicked. +</para> + +<para> +Setting the following, +<programlisting> + veto files = /*.{*}/ +</programlisting> +any files having CLSID in its file extension will be inaccessible from any +clients. +</para> + +<para> +This technical article is created based on the discussion of +samba-jp:09448 and samba-jp:10900 threads. +</para> +</sect1> + +<sect1> +<title>How can I use samba as a fax server?</title> + +<para>Contributor: <ulink url="mailto:zuber@berlin.snafu.de">Gerhard Zuber</ulink></para> + +<para>Requirements: +<simplelist> +<member>UNIX box (Linux preferred) with SAMBA and a faxmodem</member> +<member>ghostscript package</member> +<member>mgetty+sendfax package</member> +<member>pbm package (portable bitmap tools)</member> +</simplelist> +</para> + +<para>First, install and configure the required packages. Be sure to read the mgetty+sendfax +manual carefully.</para> + +<sect2> +<title>Tools for printing faxes</title> + +<para>Your incomed faxes are in: +<filename>/var/spool/fax/incoming</filename> + +<para>print it with:</para> + +<para><programlisting> +for i in * +do +g3cat $i | g3tolj | lpr -P hp +done +</programlisting> +</para> + +<para> +g3cat is in the tools-section, g3tolj is in the contrib-section +for printing to HP lasers. +</para> + +<para> +If you want to produce files for displaying and printing with Windows, use +some tools from the pbm-package like the following command: <command>g3cat $i | g3topbm - | ppmtopcx - >$i.pcx</command> +and view it with your favourite Windows tool (maybe paintbrush) +</para> + +</sect2> + +<sect2> +<title>Making the fax-server</title> + +<para>fetch the file <filename>mgetty+sendfax/frontends/winword/faxfilter</filename> and place it in <filename>/usr/local/etc/mgetty+sendfax/</filename>(replace /usr/local/ with whatever place you installed mgetty+sendfax)</para> + +<para>prepare your faxspool file as mentioned in this file +edit fax/faxspool.in and reinstall or change the final +/usr/local/bin/faxspool too. +</para> + +<para><programlisting> +if [ "$user" = "root" -o "$user" = "fax" -o \ + "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ] +</programlisting></para> + +<para>find the first line and change it to the second.</para> + +<para> +make sure you have pbmtext (from the pbm-package). This is +needed for creating the small header line on each page. +</para> + +<para>Prepare your faxheader <filename>/usr/local/etc/mgetty+sendfax/faxheader</filename></para> + +<para> +Edit your /etc/printcap file: +<programlisting> +# FAX +lp3|fax:\ + :lp=/dev/null:\ + :sd=/usr/spool/lp3:\ + :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\ + :lf=/usr/spool/lp3/fax-log: +</programlisting> + +<para>Now, edit your <filename>smb.conf</filename> so you have a smb based printer named "fax"</para> + +</sect2> + +<sect2> +<title>Installing the client drivers</title> + +<para> +Now you have a printer called "fax" which can be used via +TCP/IP-printing (lpd-system) or via SAMBA (windows printing). +</para> + +<para> +On every system you are able to produce postscript-files you +are ready to fax. +</para> + +<para> +On Windows 3.1 95 and NT: +</para> + +<para> +Install a printer wich produces postscript output, + e.g. apple laserwriter +</para> + +<para>Connect the "fax" to your printer.</para> + +<para> +Now write your first fax. Use your favourite wordprocessor, +write, winword, notepad or whatever you want, and start +with the headerpage. +</para> + +<para> +Usually each fax has a header page. It carries your name, +your address, your phone/fax-number. +</para> + +<para> +It carries also the recipient, his address and his *** fax +number ***. Now here is the trick: +</para> + +<para> +Use the text: +<programlisting> +Fax-Nr: 123456789 +</programlisting> +as the recipients fax-number. Make sure this text does not +occur in regular text ! Make sure this text is not broken +by formatting information, e.g. format it as a single entity. +(Windows Write and Win95 Wordpad are functional, maybe newer + versions of Winword are breaking formatting information). +</para> + +<para> +The trick is that postscript output is human readable and +the faxfilter program scans the text for this pattern and +uses the found number as the fax-destination-number. +</para> + +<para> +Now print your fax through the fax-printer and it will be +queued for later transmission. Use faxrunq for sending the +queue out. +</para> + +</sect2> + +<sect2> +<title>Example smb.conf</title> + +<para><programlisting> +[global] + printcap name = /etc/printcap + print command = /usr/bin/lpr -r -P %p %s + lpq command = /usr/bin/lpq -P %p + lprm command = /usr/bin/lprm -P %p %j + +[fax] + comment = FAX (mgetty+sendfax) + path = /tmp + printable = yes + public = yes + writable = no + create mode = 0700 + browseable = yes + guest ok = no +</programlisting></para> + +</sect2> +</sect1> + +<sect1> +<title>Samba doesn't work well together with DHCP!</title> + +<para> +We wish to help those folks who wish to use the ISC DHCP Server and provide +sample configuration settings. Most operating systems today come ship with +the ISC DHCP Server. ISC DHCP is available from: +<ulink url="ftp://ftp.isc.org/isc/dhcp">ftp://ftp.isc.org/isc/dhcp</ulink> +</para> + +<para> +Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows +NT/2000) will lead to problems with browsing and with general network +operation. Windows 9X/ME users often report problems where the TCP/IP and related +network settings will inadvertantly become reset at machine start-up resulting +in loss of configuration settings. This results in increased maintenance +overheads as well as serious user frustration. +</para> + +<para> +In recent times users on one mailing list incorrectly attributed the cause of +network operating problems to incorrect configuration of Samba. +</para> + +<para> +One user insisted that the only way to provent Windows95 from periodically +performing a full system reset and hardware detection process on start-up was +to install the NetBEUI protocol in addition to TCP/IP. This assertion is not +correct. +</para> + +<para> +In the first place, there is NO need for NetBEUI. All Microsoft Windows clients +natively run NetBIOS over TCP/IP, and that is the only protocol that is +recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will +cause problems with browse list operation on most networks. Even Windows NT +networks experience these problems when incorrectly configured Windows95 +systems share the same name space. It is important that only those protocols +that are strictly needed for site specific reasons should EVER be installed. +</para> + +<para> +Secondly, and totally against common opinion, DHCP is NOT an evil design but is +an extension of the BOOTP protocol that has been in use in Unix environments +for many years without any of the melt-down problems that some sensationalists +would have us believe can be experienced with DHCP. In fact, DHCP in covered by +rfc1541 and is a very safe method of keeping an MS Windows desktop environment +under control and for ensuring stable network operation. +</para> + +<para> +Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95 +store all network configuration settings a registry. There are a few reports +from MS Windows network administrators that warrant mention here. It would appear +that when one sets certain MS TCP/IP protocol settings (either directly or via +DHCP) that these do get written to the registry. Even though a subsequent +change of setting may occur the old value may persist in the registry. This +has been known to create serious networking problems. +</para> + +<para> +An example of this occurs when a manual TCP/IP environment is configured to +include a NetBIOS Scope. In this event, when the administrator then changes the +configuration of the MS TCP/IP protocol stack, without first deleting the +current settings, by simply checking the box to configure the MS TCP/IP stack +via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be +applied to the resulting DHCP offered settings UNLESS the DHCP server also sets +a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS +Scope from your DHCP server. The can be done in the dhcpd.conf file with the +parameter: +<command>option netbios-scope "";</command> +</para> + +<para> +While it is true that the Microsoft DHCP server that comes with Windows NT +Server provides only a sub-set of rfc1533 functionality this is hardly an issue +in those sites that already have a large investment and commitment to Unix +systems and technologies. The current state of the art of the DHCP Server +specification in covered in rfc2132. +</para> + +</sect1> + +<sect1> +<title>How can I assign NetBIOS names to clients with DHCP?</title> + +<para> +SMB network clients need to be configured so that all standard TCP/IP name to +address resolution works correctly. Once this has been achieved the SMB +environment provides additional tools and services that act as helper agents in +the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One +such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it +in their Windows NT Server implementation WINS (Windows Internet Name Server). +</para> + +<para> +A client needs to be configured so that it has a unique Machine (Computer) +Name. +</para> + +<para> +This can be done, but needs a few NT registry hacks and you need to be able to +speak UNICODE, which is of course no problem for a True Wizzard(tm) :) +Instructions on how to do this (including a small util for less capable +Wizzards) can be found at +</para> + +<para><ulink url="http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html">http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html</ulink></para> + +</sect1> + +<sect1> +<title>How do I convert between unix and dos text formats?</title> + +<para> +Jim barry has written an <ulink url="ftp://samba.org/pub/samba/contributed/fixcrlf.zip"> +excellent drag-and-drop cr/lf converter for +windows</ulink>. Just drag your file onto the icon and it converts the file. +</para> + +<para> +The utilities unix2dos and dos2unix(in the mtools package) should do +the job under unix. +</para> + +</sect1> + +<sect1> +<title>Does samba have wins replication support?</title> + +<para> +At the time of writing there is currently being worked on a wins replication implementation(wrepld). +</para> + +</sect1> + +</chapter> |