diff options
author | cvs2svn Import User <samba-bugs@samba.org> | 2002-10-04 19:11:37 +0000 |
---|---|---|
committer | cvs2svn Import User <samba-bugs@samba.org> | 2002-10-04 19:11:37 +0000 |
commit | 326a429d4665130980e1f77cc2c6e65835fdb235 (patch) | |
tree | cbde7e96bdd0139c7b05c91bbeff4f567f5312b4 | |
parent | 36ef82a52953384acedbd51f54ded9357fa8ca3e (diff) | |
parent | d2ea6d5ae759bd2c842b5836d778b5a52b8af477 (diff) | |
download | samba-326a429d4665130980e1f77cc2c6e65835fdb235.tar.gz samba-326a429d4665130980e1f77cc2c6e65835fdb235.tar.bz2 samba-326a429d4665130980e1f77cc2c6e65835fdb235.zip |
This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to be commit 7950dfc795568798e8ede784b4e8b927be0add49)
-rw-r--r-- | docs/docbook/devdoc/sam.sgml | 357 | ||||
-rw-r--r-- | docs/docbook/faq/clientapp.sgml | 101 | ||||
-rw-r--r-- | docs/docbook/faq/general.sgml | 168 | ||||
-rw-r--r-- | docs/docbook/faq/install.sgml | 330 | ||||
-rw-r--r-- | docs/docbook/projdoc/ADS-HOWTO.sgml | 195 | ||||
-rw-r--r-- | docs/faq/clientapp.html | 257 | ||||
-rw-r--r-- | docs/faq/errors.html | 307 | ||||
-rw-r--r-- | docs/faq/general.html | 450 | ||||
-rw-r--r-- | docs/faq/install.html | 525 | ||||
-rw-r--r-- | docs/faq/samba-faq.html | 328 | ||||
-rw-r--r-- | docs/htmldocs/Samba-HOWTO.html | 1440 | ||||
-rw-r--r-- | source3/include/rpc_ds.h | 91 | ||||
-rw-r--r-- | source3/rpc_client/cli_ds.c | 63 | ||||
-rw-r--r-- | source3/rpc_parse/parse_ds.c | 113 | ||||
-rw-r--r-- | source3/rpcclient/cmd_ds.c | 59 |
15 files changed, 4784 insertions, 0 deletions
diff --git a/docs/docbook/devdoc/sam.sgml b/docs/docbook/devdoc/sam.sgml new file mode 100644 index 0000000000..654bd5fe9c --- /dev/null +++ b/docs/docbook/devdoc/sam.sgml @@ -0,0 +1,357 @@ +<chapter id="sam"> + +<chapterinfo> + <author> + <firstname>Andrew</firstname><surname>Bartlett</surname> + </author> + <pubdate>1 October 2002</pubdate> +</chapterinfo> + +<title>The Upcoming SAM System</title> + +<sect1> +<title>Security in the 'new SAM'</title> + +<para>One of the biggest problems with passdb is it's implementation of +'security'. Access control is on a 'are you root at the moment' basis, +and it has no concept of NT ACLs. Things like ldapsam had to add +'magic' 'are you root' checks.</para> + +<para>We took this very seriously when we started work, and the new structure +is designed with this in mind, from the ground up. Each call to the SAM +has a NT_TOKEN and (if relevant) an 'access desired'. This is either +provided as a parameter, or implicitly supplied by the object being +accessed.</para> + +<para> +For example, when you call +</para> + +<programlisting>< +NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const +NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, +const char *name, SAM_ACCOUNT_HANDLE **account) +</programlisting> + +<para> +The context can be NULL (and is used to allow import/export by setting +up 2 contexts, and allowing calls on both simultaneously) +</para> + +<para> +The access token *must* be specified. Normally the user's token out of +current_user, this can also be a global 'system' context. +</para> + +<para> +The access desired is as per the ACL, for passing to the seaccess stuff. +</para> + +<para> +The domain/username are standard. Even if we only have one domain, +keeping this ensures that we don't get 'unqualified' usernames (same +problem as we had with unqualified SIDs). +</para> + +<para> +We return a 'handle'. This is opaque to the rest of Samba, but is +operated on by get/set routines, all of which return NTSTATUS. +</para> + +<para> +The access checking is done by the SAM module. The reason it is not +done 'above' the interface is to ensure a 'choke point'. I put a lot of +effort into the auth subsystem to ensure we never 'accidentally' forgot +to check for null passwords, missed a restriction etc. I intend the SAM +to be written with the same caution. +</para> + +<para> +The reason the access checking is not handled by the interface itself is +due to the different implementations it make take on. For example, on +ADS, you cannot set a password over a non-SSL connection. Other +backends may have similar requirements - we need to leave this policy up +to the modules. They will naturally have access to 'helper' procedures +and good examples to avoid mishaps. +</para> + +<para> +(Furthermore, some backends my actually chose to push the whole ACL +issue to the remote server, and - assuming ldap for this example - bind +as the user directly) +</para> + +<para> +Each returned handle has an internal 'access permitted', which allows +the 'get' and 'set' routines to return 'ACCESS_DENIED' for things that +were not able to be retrieved from the backend. This removes the need +to specify the NT_TOKEN on every operation, and allows for 'object not +present' to be easily distinguished from 'access denied'. +</para> + +<para> +When you 'set' an object (calling sam_update_account) the internal +details are again used. Each change that has been made to the object +has been flagged, so as to avoid race conditions (on unmodified +components) and to avoid violating any extra ACL requirements on the +actual data store (like the LDAP server). +</para> + +<para> +Finally, we have generic get_sec_desc() and set_sec_desc() routines to +allow external ACL manipulation. These do lookups based on SID. +</para> + +</sect1> + +<sect1> +<title>Standalone from UNIX</title> + +<para> +One of the primary tenants of the 'new SAM' is that it would not attempt +to deal with 'what unix id for that'. This would be left to the 'SMS' +(Sid Mapping System') or SID farm, and probably administered via +winbind. We have had constructive discussion on how 'basic' unix +accounts like 'root' would be handled, and we think this can work. +Accounts not preexisting in unix would be served up via winbind. +</para> + +<para> +This is an *optional* part, and my preferred end-game. We have a fare +way to go before things like winbind up to it however. +</para> + +</sect1> + +<sect1> +<title>Handles and Races in the new SAM</title> + +<para> +One of the things that the 'new SAM' work has tried to face is both +compatibility with existing code, and a closer alignment to the SAMR +interface. I consider SAMR to be a 'primary customer' to the this work, +because if we get alignment with that wrong, things get more, rather +than less complex. Also, most other parts of Samba are much more +flexible with what they can allow. +</para> + +<para> +In any case, that was a decision taken as to how the general design +would progress. BTW, my understanding of SAMR may be completely flawed. +</para> + +<para> +One of the most race-prone areas of the new code is the conflicting +update problem. We have taken two approaches: +</para> + +<itemizedlist> +<listitem> +<para>'Not conflicting' conflicts. Due to the way usrmgr operates, it will +open a user, display all the properties and *save* them all, even if you +don't change any. +</para> + +<para> +For this, see what I've done in rpc_server/srv_samr_util.c. I intend +to take this one step further, and operate on the 'handle' that the +values were read from. This should mean that we only update things that +have *really* changed. +</para> +</listitem> + +<listitem> +<para> +'conflicting' updates: Currently we don't deal with this (in passdb +or the new sam stuff), but the design is sufficiently flexible to 'deny' +a second update. I don't foresee locking records however. +</para> +</listitem> +</itemizedlist> + +</sect1> + +<sect1> +<title>Layers</title> + +<sect2> +<title>Application</title> + +<para> +This is where smbd, samtest and whatever end-user replacement we have +for pdbedit sits. They use only the SAM interface, and do not get +'special knowledge' of what is below them. +</para> + +<sect2> +<title>SAM Interface</title> + +<para> +This level 'owns' the various handle structures, the get/set routines on +those structures and provides the public interface. The application +layer may initialize a 'context' to be passed to all interface routines, +else a default, self-initialising context will be supplied. This layser +finds the appropriate backend module for the task, and tries very hard +not to need to much 'knowledge'. It should just provide the required +abstraction to the modules below, and arrange for their initial loading. +</para> + +<para> +We could possibly add ACL checking at this layer, to avoid discrepancies +in implementation modules. +</para> + +</sect2> + +<sect2> +<title>SAM Modules</title> + +<para> +These do not communicate with the application directly, only by setting +values in the handles, and receiving requests from the interface. These +modules are responsible for translating values from the handle's +.private into (say) an LDAP modification list. The module is expected +to 'know' things like it's own domain SID, domain name, and any other +state attached to the SAM. Simpler modules may call back to some helper +routine. +</para> + +</sect2> +</sect1> + +<sect1> +<title>SAM Modules</title> + +<sect2> +<title>Special Module: sam_passdb</title> + +<para> +In order for there to be a smooth transition, kai is writing a module +that reads existing passdb backends, and translates them into SAM +replies. (Also pulling data from the account policy DB etc). We also +intend to write a module that does the reverse - gives the SAM a passdb +interface. +</para> +</sect2> + +<sect2> +<title>sam_ads</title> +<para> +This is the first of the SAM modules to be committed to the tree - +mainly because I needed to coordinate work with metze (who authored most +of it). This module aims to use Samba's libads code to provide an +Active Directory LDAP client, suitable for use on a mixed-mode DC. +While it is currently being tested against Win2k servers (with a +password in the smb.conf file) it is expected to eventually use a +(possibly modified) OpenLDAP server. We hope that this will assist in +the construction of an Samba AD DC. +</para> + +<para> +We also intend to construct a Samba 2.2/3.0 compatible ldap module, +again using libads code. +</para> +</sect2> +</sect1> + +<sect1> +<title>Memory Management</title> + +<para> +The 'new SAM' development effort also concerned itself with getting a +sane implementation of memory management. It was decided that we would +be (as much as possible) talloc based, using an 'internal talloc +context' on many objects. That is, the creation of an object would +initiate it's own internal talloc context, and this would be used for +all operations on that object. Much of this is already implemented in +passdb. Also, like passdb, it will be possible to specify that some +object actually be created on a specified context. +</para> + +<para> +Memory management is important here because the APIs in the 'new SAM' do +not use 'pdb_init()' or an equivalent. They always allocate new +objects. Enumeration's are slightly different, and occur on a supplied +context that 'owns' the entire list, rather than per-element. (the +enumeration functions return an array of all elements - not full handles +just basic (and public) info) Likewise for things that fill in a char +**. +</para> + +<para>For example:</para> + +<para><programlisting> +NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN +*access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, +uint32 *type) +</programlisting></para> + +<para>Takes a context to allocate the 'name' on, while:</para> + +<para><programlisting> +NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const +NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID +*accountsid, SAM_ACCOUNT_HANDLE **account) +</programlisting></para> + +<para>Allocates a handle and stores the allocation context on that handle.</para> + +<para>I think that the following:</para> + +<para><programlisting> +NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const +NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, +int32 *account_count, SAM_ACCOUNT_ENUM **accounts) +</programlisting></para> + +</sect1> + +<sect1> +<title>Testing</title> + +<para> +Testing is vital in any piece of software, and Samba is certainly no +exception. In designing this new subsystem, we have taken care to ensure +it is easily tested, independent of outside protocols. +</para> + +<para> +To this end, Jelmer has constructed 'samtest'. +</para> + +<para> +This utility (see torture/samtest.c) is structured like rpcclient, but +instead operates on the SAM subsystem. It creates a 'custom' SAM +context, that may be distinct from the default values used by the rest +of the system, and can load a separate configuration file. +</para> + +<para> +A small number of commands are currently implemented, but these have +already proved vital in testing. I expect SAM module authors will find +it particularly valuable. +</para> + +<para>Example useage:</para> + +<para><prompt>$</prompt> <command>bin/samtest</command></para> + +<para><programlisting> +> context ads:ldap://192.168.1.96 +</programlisting> +(this loads a new context, using the new ADS module. The parameter is +the 'location' of the ldap server) +</para> + +<para><programlisting> +> lookup_name DOMAIN abartlet +</programlisting> +(returns a sid). +</para> + +<para> +Because the 'new SAM' is NT ACL based, there will be a command to +specify an arbitrary NT ACL, but for now it uses 'system' by default. +</para> +</sect1> +</chapter> diff --git a/docs/docbook/faq/clientapp.sgml b/docs/docbook/faq/clientapp.sgml new file mode 100644 index 0000000000..6d687bf772 --- /dev/null +++ b/docs/docbook/faq/clientapp.sgml @@ -0,0 +1,101 @@ +<chapter id="ClientApp"> +<title>Specific client application problems</title> + +<sect1> +<title>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</title> +<para> +When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation. +</para> + +<para> +To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing. +</para> + +<para> +Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner. +</para> + +</sect1> + +<sect1> +<title>How to use a Samba share as an administrative share for MS Office, etc.</title> + +<para> +Microsoft Office products can be installed as an administrative installation +from which the application can either be run off the administratively installed +product that resides on a shared resource, or from which that product can be +installed onto workstation clients. +</para> + +<para> +The general mechanism for implementing an adminstrative installation involves +running <command>X:\setup /A</command>, where X is the drive letter of either CDROM or floppy. +</para> + +<para> +This installation process will NOT install the product for use per se, but +rather results in unpacking of the compressed distribution files into a target +shared folder. For this process you need write privilidge to the share and it +is desirable to enable file locking and share mode operation during this +process. +</para> + +<para> +Subsequent installation of MS Office from this share will FAIL unless certain +precautions are taken. This failure will be caused by share mode operation +which will prevent the MS Office installation process from re-opening various +dynamic link library files and will cause sporadic file not found problems. +</para> + +<itemizedlist> +<listitem><para> +As soon as the administrative installation (unpacking) has completed +set the following parameters on the share containing it: +</para> + +<para><programlisting> + [MSOP95] + path = /where_you_put_it + comment = Your comment + volume = "The_CD_ROM_Label" + read only = yes + available = yes + share modes = no + locking = no + browseable = yes + public = yes +</programlisting></para> + +</listitem> + +<listitem> +<para>Now you are ready to run the setup program from the Microsoft Windows +workstation as follows: <command>\\"Server_Name"\MSOP95\msoffice\setup</command> +</para> +</listitem> +</itemizedlist> + +</sect1> + +<sect1> +<title>Microsoft Access database opening errors</title> + +<para> +Here are some notes on running MS-Access on a Samba drive from <ulink url="stefank@esi.com.au">Stefan Kjellberg</ulink> +</para> + +<para><simplelist> +<member>Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.</member> +<member>Make sure that you open the database as 'shared' and to 'lock modified records'</member> +<member>Of course locking must be enabled for the particular share (smb.conf)</member> +</simplelist> +</para> + +</sect1> +</chapter> diff --git a/docs/docbook/faq/general.sgml b/docs/docbook/faq/general.sgml new file mode 100644 index 0000000000..5111e69bec --- /dev/null +++ b/docs/docbook/faq/general.sgml @@ -0,0 +1,168 @@ +<chapter id="general"> +<title>General Information</title> + +<sect1> +<title>Where can I get it?</title> +<para> +The Samba suite is available at the <ulink url="http://samba.org/">samba website</ulink>. +</sect1> + +<sect1> +<title>What do the version numbers mean?</title> +<para> +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases. +</para> + +<para> +How the scheme works: +<simplelist> +<member>When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.)</member> + +<member>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install.</member> + +<member>When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16.</member> + +<member>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2.</member> +</simplelist> + +<para> +So the progression goes: + +<programlisting> +1.9.15p7 (production) +1.9.15p8 (production) +1.9.16alpha1 (test sites only) +: +1.9.16alpha20 (test sites only) +1.9.16 (production) +1.9.16p1 (production) +</programlisting> +</para> + +<para> +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version. +</para> + +</sect1> + +<sect1> +<title>What platforms are supported?</title> +<para> +Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS.</para> + +<para> +At time of writing, there is support (or has been support for in earlier +versions): +</para> + +<simplelist> +<member>A/UX 3.0</member> +<member>AIX</member> +<member>Altos Series 386/1000</member> +<member>Amiga</member> +<member>Apollo Domain/OS sr10.3</member> +<member>BSDI </member> +<member>B.O.S. (Bull Operating System)</member> +<member>Cray, Unicos 8.0</member> +<member>Convex</member> +<member>DGUX. </member> +<member>DNIX.</member> +<member>FreeBSD</member> +<member>HP-UX</member> +<member>Intergraph. </member> +<member>Linux with/without shadow passwords and quota</member> +<member>LYNX 2.3.0</member> +<member>MachTen (a unix like system for Macintoshes)</member> +<member>Motorola 88xxx/9xx range of machines</member> +<member>NetBSD</member> +<member>NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</member> +<member>OS/2 using EMX 0.9b</member> +<member>OSF1</member> +<member>QNX 4.22</member> +<member>RiscIX. </member> +<member>RISCOs 5.0B</member> +<member>SEQUENT. </member> +<member>SCO (including: 3.2v2, European dist., OpenServer 5)</member> +<member>SGI.</member> +<member>SMP_DC.OSx v1.1-94c079 on Pyramid S series</member> +<member>SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</member> +<member>SUNOS 4</member> +<member>SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</member> +<member>Sunsoft ISC SVR3V4</member> +<member>SVR4</member> +<member>System V with some berkely extensions (Motorola 88k R32V3.2).</member> +<member>ULTRIX.</member> +<member>UNIXWARE</member> +<member>UXP/DS</member> +</simplelist> + +</sect1> + +<sect1> +<title>How do I subscribe to the Samba Mailing Lists?</title> +<para> +Look at <ulink url="http://samba.org/samba/archives.html">the samba mailing list page</ulink> +</para> +</sect1> + +<sect1> +<title>Pizza supply details</title> +<para> +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done. +<?para> + +<para> +Method 1: Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US. +</para> + +<para> +Method 2: Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this. +</para> + +<para> +Method 3: Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-) +</para> + +<para> +Method 4: Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture. +</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/faq/install.sgml b/docs/docbook/faq/install.sgml new file mode 100644 index 0000000000..288e3a5f32 --- /dev/null +++ b/docs/docbook/faq/install.sgml @@ -0,0 +1,330 @@ +<chapter id="Install"> +<title>Compiling and installing Samba on a Unix host</title> + +<sect1> +<title>I can't see the Samba server in any browse lists!</title> +<para> +See Browsing.html in the docs directory of the samba source +for more information on browsing. +</para> + +<para> +If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<programlisting> + net use M: \\mary\fred +</programlisting> +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation. +</para> + +<sect1> +<title>Some files that I KNOW are on the server doesn't show up when I view the files from my client! +<para>See the next question.</para> +</sect1> + +<sect1> +<title>Some files on the server show up with really wierd filenames when I view the files from my client!</title> +<para> +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason). +</para> + +<para> +The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes". +</para> +</sect1> + +<sect1> +<title>My client reports "cannot locate specified computer" or similar</title> +<para> +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved. +</para> + +<para> +After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution. +</para> + +<para> +If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Lan Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document. +</para> + +<para> +If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas. +</para> + +<para> +By the way, remember to REMOVE the hardcoded mapping before further +tests :-) +</para> + +</sect1> + +<sect1> +<title>My client reports "cannot locate specified share name" or similar</title> +<para> +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave. +</para> + +<para> +The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's docs on how +to specify a service name correctly), read on: +</para> + +<simplelist> +<member>Many clients cannot accept or use service names longer than eight characters.</member> +<member>Many clients cannot accept or use service names containing spaces.</member> +<member>Some servers (not Samba though) are case sensitive with service names.</member> +<member>Some clients force service names into upper case.</member> +</simplelist> +</sect1> + +<sect1> +<title>Printing doesn't work</title> +<para> +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr"). +</para> + +<para> +Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody". +</para> + +<para> +Make sure that the user specified in the service is permitted to use +the printer. +</para> + +<para> +Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol. +</para> + +<para> +If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug. +</para> + +<para> +If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism. +</para> + +<sect1> +<title>My client reports "This server is not configured to list shared resources"</title> +<para> +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. +</para> + +<para>See also 'guest account' in smb.conf man page.</para> + +</sect1> + +<sect1> +<title>Log message "you appear to have a trapdoor uid system" </title> +<para> +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. +</para> + +<para>It might also mean that your OS has a trapdoor uid/gid system :-)</para> + +<para> +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. +</para> + +<para> +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. +</para> + +<para> +Complain to your OS vendor and ask them to fix their system. +</para> + +<para> +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! +</para> + +</sect1> + +<sect1> +<title>Why are my file's timestamps off by an hour, or by a few hours?</title> +<para> +This is from Paul Eggert eggert@twinsun.com. +</para> + +<para> +Most likely it's a problem with your time zone settings. +</para> + +<para> +Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds. +</para> + +<para> +On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. +<simplelist> +<member>The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this.</member> +<member>The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.</member> +</simplelist> +</para> + +<para>TZ must have the correct value.</para> + +<para> +If possible, use geographical time zone settings +(e.g. TZ='America/Los_Angeles' or perhaps + TZ=':US/Pacific'). These are supported by most +popular Unix OSes, are easier to get right, and are +more accurate for historical timestamps. If your +operating system has out-of-date tables, you should be +able to update them from the public domain time zone +tables at <ulink url="ftp://elsie.nci.nih.gov/pub/">ftp://elsie.nci.nih.gov/pub/</ulink>. +</para> + +<para>If your system does not support geographical timezone +settings, you must use a Posix-style TZ strings, e.g. +TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. +Posix TZ strings can take the following form (with optional + items in brackets): +<programlisting> + StdOffset[Dst[Offset],Date/Time,Date/Time] +</programlisting> + where: +</para> + +<para><simplelist> +<member>`Std' is the standard time designation (e.g. `PST').</member> +<member>`Offset' is the number of hours behind UTC (e.g. `8'). +Prepend a `-' if you are ahead of UTC, and +append `:30' if you are at a half-hour offset. +Omit all the remaining items if you do not use +daylight-saving time.</member> + +<member>`Dst' is the daylight-saving time designation +(e.g. `PDT').</member> + +<member>The optional second `Offset' is the number of +hours that daylight-saving time is behind UTC. +The default is 1 hour ahead of standard time. +</member> + +<member>`Date/Time,Date/Time' specify when daylight-saving +time starts and ends. The format for a date is +`Mm.n.d', which specifies the dth day (0 is Sunday) +of the nth week of the mth month, where week 5 means +the last such day in the month. The format for a +time is [h]h[:mm[:ss]], using a 24-hour clock. +</member> + +</simplelist> +</para> + +<para> +Other Posix string formats are allowed but you don't want +to know about them.</para> + +<para> +On the client side, you must make sure that your client's clock and +time zone is also set appropriately. [[I don't know how to do this.]] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones. +</para> + +<sect1> +<title>How do I set the printer driver name correctly?</title> +<para>Question:<para> +<quote> On NT, I opened "Printer Manager" and "Connect to Printer". + Enter ["\\ptdi270\ps1"] in the box of printer. I got the + following error message + </quote> + <para> + <programlisting> + You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. + </programlisting> + </para> + + <para>Answer:</para> + + <para>In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example:</para> +<para><programlisting> + printer driver = HP LaserJet 4L +</programlisting></para> +<para>With this, NT knows to use the right driver. You have to get this string +exactly right.</para> + +<para>To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box.</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml new file mode 100644 index 0000000000..0d2fda5f78 --- /dev/null +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -0,0 +1,195 @@ +<chapter id="ADS"> + +<chapterinfo> + <author> + <firstname>Andrew</firstname><surname>Tridgell</surname> + </author> + <pubdate>2002</pubdate> +</chapterinfo> + +<title>Using samba 3.0 with ActiveDirectory support</title> + +<para> +This is a VERY ROUGH guide to setting up the current (November 2001) +pre-alpha version of Samba 3.0 with kerberos authentication against a +Windows2000 KDC. The procedures listed here are likely to change as +the code develops. +</para> + +<para>Pieces you need before you begin: +<simplelist> +<member>a Windows 2000 server.</member> +<member>samba 3.0 or higher.</member> +<member>the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</member> +<member>the OpenLDAP development libraries.</member> +</simplelist> +</para> + +<sect1> +<title>Installing the required packages for Debian</title> + +<para>On Debian you need to install the following packages: +<simplelist> +<member>libkrb5-dev</member> +<member>krb5-user</member> +</simplelist> +</para> +</sect1> + +<sect1> +<title>Installing the required packages for RedHat</title> + +<para>On RedHat this means you should have at least: +<simplelist> +<member>krb5-workstation (for kinit)</member> +<member>krb5-libs (for linking with)</member> +<member>krb5-devel (because you are compiling from source)</member> +</simplelist> +</para> + +<para>in addition to the standard development environment.</para> + +<para>Note that these are not standard on a RedHat install, and you may need +to get them off CD2.</para> + +</sect1> + +<sect1> +<title>Compile Samba</title> +<para>If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR.</para> + +<para>After you run configure make sure that include/config.h contains + lines like this:</para> + +<para><programlisting> +#define HAVE_KRB5 1 +#define HAVE_LDAP 1 +</programlisting></para> + +<para>If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it.</para> + +<para>Then compile and install Samba as usual. You must use at least the + following 3 options in smb.conf:</para> + +<para><programlisting> + realm = YOUR.KERBEROS.REALM + ads server = your.kerberos.server + security = ADS + encrypt passwords = yes +</programlisting></para> + +<para>Strictly speaking, you can omit the realm name and you can use an IP + address for the ads server. In that case Samba will auto-detect these.</para> + +<para>You do *not* need a smbpasswd file, although it won't do any harm + and if you have one then Samba will be able to fall back to normal + password security for older clients. I expect that the above + required options will change soon when we get better active + directory integration.</para> +</sect1> + +<sect1> +<title>Setup your /etc/krb5.conf</title> + +<para>The minimal configuration for krb5.conf is:</para> + +<para><programlisting> + [realms] + YOUR.KERBEROS.REALM = { + kdc = your.kerberos.server + } +</programlisting></para> + +<para>Test your config by doing a "kinit USERNAME@REALM" and making sure that + your password is accepted by the Win2000 KDC. </para> + +<para>NOTE: The realm must be uppercase. </para> + +<para> +You also must ensure that you can do a reverse DNS lookup on the IP +address of your KDC. Also, the name that this reverse lookup maps to +must either be the netbios name of the KDC (ie. the hostname with no +domain attached) or it can alternatively be the netbios name +followed by the realm. +</para> + +<para> +The easiest way to ensure you get this right is to add a /etc/hosts +entry mapping the IP address of your KDC to its netbios name. If you +don't get this right then you will get a "local error" when you try +to join the realm. +</para> + +<para> +If all you want is kerberos support in smbclient then you can skip +straight to step 5 now. Step 3 is only needed if you want kerberos +support in smbd. +</para> + +</sect1> + +<sect1> +<title>Create the computer account</title> + +<para> +Do a "kinit" as a user that has authority to change arbitrary +passwords on the KDC ("Administrator" is a good choice). Then as a +user that has write permission on the Samba private directory +(usually root) run: +<command>net ads join</command> +</para> + +<sect2> +<title>Possible errors</title> + +<para> +<variablelist> +<varlistentry><term>"bash: kinit: command not found"</term> +<listitem><para>kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)</para></listitem></varlistentry> +<varlistentry><term>"ADS support not compiled in"</term> +<listitem><para>Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed.</para></listitem></varlistentry> +</variablelist> +</para> + +</sect2> + +</sect1> + +<sect1> +<title>Test your server setup</title> + +<para> +On a Windows 2000 client try <command>net use * \\server\share</command>. You should +be logged in with kerberos without needing to know a password. If +this fails then run <command>klist tickets</command>. Did you get a ticket for the +server? Does it have an encoding type of DES-CBC-MD5 ? +</para> + +</sect1> + +<sect1> +<title>Testing with smbclient</title> + +<para> +On your Samba server try to login to a Win2000 server or your Samba +server using smbclient and kerberos. Use smbclient as usual, but +specify the -k option to choose kerberos authentication. +</para> + +</sect1> + +<sect1> +<title>Notes</title> + +<para>You must change administrator password at least once after DC install, + to create the right encoding types</para> + +<para>w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in + their defaults DNS setup. Maybe fixed in service packs?</para> + +</sect1> + +</chapter> diff --git a/docs/faq/clientapp.html b/docs/faq/clientapp.html new file mode 100644 index 0000000000..3196fd285e --- /dev/null +++ b/docs/faq/clientapp.html @@ -0,0 +1,257 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Specific client application problems</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="Samba FAQ" +HREF="samba-faq.html"><LINK +REL="PREVIOUS" +TITLE="Compiling and installing Samba on a Unix host" +HREF="install.html"><LINK +REL="NEXT" +TITLE="Common errors" +HREF="errors.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>Samba FAQ</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="install.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="errors.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="CLIENTAPP" +></A +>Chapter 3. Specific client application problems</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN170" +></A +>3.1. MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</H1 +><P +>When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation.</P +><P +>To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing.</P +><P +>Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN175" +></A +>3.2. How to use a Samba share as an administrative share for MS Office, etc.</H1 +><P +>Microsoft Office products can be installed as an administrative installation +from which the application can either be run off the administratively installed +product that resides on a shared resource, or from which that product can be +installed onto workstation clients.</P +><P +>The general mechanism for implementing an adminstrative installation involves +running <B +CLASS="COMMAND" +>X:\setup /A</B +>, where X is the drive letter of either CDROM or floppy.</P +><P +>This installation process will NOT install the product for use per se, but +rather results in unpacking of the compressed distribution files into a target +shared folder. For this process you need write privilidge to the share and it +is desirable to enable file locking and share mode operation during this +process.</P +><P +>Subsequent installation of MS Office from this share will FAIL unless certain +precautions are taken. This failure will be caused by share mode operation +which will prevent the MS Office installation process from re-opening various +dynamic link library files and will cause sporadic file not found problems.</P +><P +></P +><UL +><LI +><P +>As soon as the administrative installation (unpacking) has completed +set the following parameters on the share containing it:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> [MSOP95] + path = /where_you_put_it + comment = Your comment + volume = "The_CD_ROM_Label" + read only = yes + available = yes + share modes = no + locking = no + browseable = yes + public = yes</PRE +></P +></LI +><LI +><P +>Now you are ready to run the setup program from the Microsoft Windows +workstation as follows: <B +CLASS="COMMAND" +>\\"Server_Name"\MSOP95\msoffice\setup</B +></P +></LI +></UL +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN190" +></A +>3.3. Microsoft Access database opening errors</H1 +><P +>Here are some notes on running MS-Access on a Samba drive from <A +HREF="stefank@esi.com.au" +TARGET="_top" +>Stefan Kjellberg</A +></P +><P +><P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.</TD +></TR +><TR +><TD +>Make sure that you open the database as 'shared' and to 'lock modified records'</TD +></TR +><TR +><TD +>Of course locking must be enabled for the particular share (smb.conf)</TD +></TR +></TBODY +></TABLE +><P +></P +></P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="install.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-faq.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="errors.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Compiling and installing Samba on a Unix host</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Common errors</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/faq/errors.html b/docs/faq/errors.html new file mode 100644 index 0000000000..b36251ec13 --- /dev/null +++ b/docs/faq/errors.html @@ -0,0 +1,307 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Common errors</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="Samba FAQ" +HREF="samba-faq.html"><LINK +REL="PREVIOUS" +TITLE="Specific client application problems" +HREF="clientapp.html"><LINK +REL="NEXT" +TITLE="Features" +HREF="features.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>Samba FAQ</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="clientapp.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="features.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="ERRORS" +></A +>Chapter 4. Common errors</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN201" +></A +>4.1. Not listening for calling name</H1 +><P +><PRE +CLASS="PROGRAMLISTING" +>Session request failed (131,129) with myname=HOBBES destname=CALVIN +Not listening for calling name</PRE +></P +><P +>If you get this when talking to a Samba box then it means that your +global "hosts allow" or "hosts deny" settings are causing the Samba +server to refuse the connection. </P +><P +>Look carefully at your "hosts allow" and "hosts deny" lines in the +global section of smb.conf. </P +><P +>It can also be a problem with reverse DNS lookups not functioning +correctly, leading to the remote host identity not being able to +be confirmed, but that is less likely.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN208" +></A +>4.2. System Error 1240</H1 +><P +>System error 1240 means that the client is refusing to talk +to a non-encrypting server. Microsoft changed WinNT in service +pack 3 to refuse to connect to servers that do not support +SMB password encryption.</P +><P +>There are two main solutions: +<P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>enable SMB password encryption in Samba. See the encryption part of +the samba HOWTO Collection</TD +></TR +><TR +><TD +>disable this new behaviour in NT. See the section about +Windows NT in the chapter "Portability" of the samba HOWTO collection</TD +></TR +></TBODY +></TABLE +><P +></P +> </P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN215" +></A +>4.3. smbclient ignores -N !</H1 +><P +><SPAN +CLASS="QUOTE" +>"When getting the list of shares available on a host using the command +<B +CLASS="COMMAND" +>smbclient -N -L</B +> +the program always prompts for the password if the server is a Samba server. +It also ignores the "-N" argument when querying some (but not all) of our +NT servers."</SPAN +> </P +><P +>No, it does not ignore -N, it is just that your server rejected the +null password in the connection, so smbclient prompts for a password +to try again.</P +><P +>To get the behaviour that you probably want use <B +CLASS="COMMAND" +>smbclient -L host -U%</B +></P +><P +>This will set both the username and password to null, which is +an anonymous login for SMB. Using -N would only set the password +to null, and this is not accepted as an anonymous login for most +SMB servers.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN224" +></A +>4.4. The data on the CD-Drive I've shared seems to be corrupted!</H1 +><P +>Some OSes (notably Linux) default to auto detection of file type on +cdroms and do cr/lf translation. This is a very bad idea when use with +Samba. It causes all sorts of stuff ups.</P +><P +>To overcome this problem use conv=binary when mounting the cdrom +before exporting it with Samba.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN228" +></A +>4.5. Why can users access home directories of other users?</H1 +><P +><SPAN +CLASS="QUOTE" +>"We are unable to keep individual users from mapping to any other user's +home directory once they have supplied a valid password! They only need +to enter their own password. I have not found *any* method that I can +use to configure samba to enforce that only a user may map their own +home directory."</SPAN +></P +><P +><SPAN +CLASS="QUOTE" +>"User xyzzy can map his home directory. Once mapped user xyzzy can also map +*anyone* elses home directory!"</SPAN +></P +><P +>This is not a security flaw, it is by design. Samba allows +users to have *exactly* the same access to the UNIX filesystem +as they would if they were logged onto the UNIX box, except +that it only allows such views onto the file system as are +allowed by the defined shares.</P +><P +>This means that if your UNIX home directories are set up +such that one user can happily cd into another users +directory and do an ls, the UNIX security solution is to +change the UNIX file permissions on the users home directories +such that the cd and ls would be denied.</P +><P +>Samba tries very hard not to second guess the UNIX administrators +security policies, and trusts the UNIX admin to set +the policies and permissions he or she desires.</P +><P +>Samba does allow the setup you require when you have set the +"only user = yes" option on the share, is that you have not set the +valid users list for the share.</P +><P +>Note that only user works in conjunction with the users= list, +so to get the behavior you require, add the line : +<PRE +CLASS="PROGRAMLISTING" +>users = %S</PRE +> +this is equivalent to: +<PRE +CLASS="PROGRAMLISTING" +>valid users = %S</PRE +> +to the definition of the [homes] share, as recommended in +the smb.conf man page.</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="clientapp.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-faq.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="features.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Specific client application problems</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Features</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/faq/general.html b/docs/faq/general.html new file mode 100644 index 0000000000..5a42678cb6 --- /dev/null +++ b/docs/faq/general.html @@ -0,0 +1,450 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>General Information</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="Samba FAQ" +HREF="samba-faq.html"><LINK +REL="PREVIOUS" +TITLE="Samba FAQ" +HREF="samba-faq.html"><LINK +REL="NEXT" +TITLE="Compiling and installing Samba on a Unix host" +HREF="install.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>Samba FAQ</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="samba-faq.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="install.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="GENERAL" +></A +>Chapter 1. General Information</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN12" +></A +>1.1. Where can I get it?</H1 +><P +>The Samba suite is available at the <A +HREF="http://samba.org/" +TARGET="_top" +>samba website</A +>.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN16" +></A +>1.2. What do the version numbers mean?</H1 +><P +>It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases.</P +><P +>How the scheme works: +<P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.)</TD +></TR +><TR +><TD +>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install.</TD +></TR +><TR +><TD +>When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16.</TD +></TR +><TR +><TD +>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2.</TD +></TR +></TBODY +></TABLE +><P +></P +> </P +><P +>So the progression goes: + +<PRE +CLASS="PROGRAMLISTING" +>1.9.15p7 (production) +1.9.15p8 (production) +1.9.16alpha1 (test sites only) +: +1.9.16alpha20 (test sites only) +1.9.16 (production) +1.9.16p1 (production)</PRE +></P +><P +>The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN28" +></A +>1.3. What platforms are supported?</H1 +><P +>Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS.</P +><P +>At time of writing, there is support (or has been support for in earlier +versions):</P +><P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>A/UX 3.0</TD +></TR +><TR +><TD +>AIX</TD +></TR +><TR +><TD +>Altos Series 386/1000</TD +></TR +><TR +><TD +>Amiga</TD +></TR +><TR +><TD +>Apollo Domain/OS sr10.3</TD +></TR +><TR +><TD +>BSDI </TD +></TR +><TR +><TD +>B.O.S. (Bull Operating System)</TD +></TR +><TR +><TD +>Cray, Unicos 8.0</TD +></TR +><TR +><TD +>Convex</TD +></TR +><TR +><TD +>DGUX. </TD +></TR +><TR +><TD +>DNIX.</TD +></TR +><TR +><TD +>FreeBSD</TD +></TR +><TR +><TD +>HP-UX</TD +></TR +><TR +><TD +>Intergraph. </TD +></TR +><TR +><TD +>Linux with/without shadow passwords and quota</TD +></TR +><TR +><TD +>LYNX 2.3.0</TD +></TR +><TR +><TD +>MachTen (a unix like system for Macintoshes)</TD +></TR +><TR +><TD +>Motorola 88xxx/9xx range of machines</TD +></TR +><TR +><TD +>NetBSD</TD +></TR +><TR +><TD +>NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</TD +></TR +><TR +><TD +>OS/2 using EMX 0.9b</TD +></TR +><TR +><TD +>OSF1</TD +></TR +><TR +><TD +>QNX 4.22</TD +></TR +><TR +><TD +>RiscIX. </TD +></TR +><TR +><TD +>RISCOs 5.0B</TD +></TR +><TR +><TD +>SEQUENT. </TD +></TR +><TR +><TD +>SCO (including: 3.2v2, European dist., OpenServer 5)</TD +></TR +><TR +><TD +>SGI.</TD +></TR +><TR +><TD +>SMP_DC.OSx v1.1-94c079 on Pyramid S series</TD +></TR +><TR +><TD +>SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</TD +></TR +><TR +><TD +>SUNOS 4</TD +></TR +><TR +><TD +>SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</TD +></TR +><TR +><TD +>Sunsoft ISC SVR3V4</TD +></TR +><TR +><TD +>SVR4</TD +></TR +><TR +><TD +>System V with some berkely extensions (Motorola 88k R32V3.2).</TD +></TR +><TR +><TD +>ULTRIX.</TD +></TR +><TR +><TD +>UNIXWARE</TD +></TR +><TR +><TD +>UXP/DS</TD +></TR +></TBODY +></TABLE +><P +></P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN71" +></A +>1.4. How do I subscribe to the Samba Mailing Lists?</H1 +><P +>Look at <A +HREF="http://samba.org/samba/archives.html" +TARGET="_top" +>the samba mailing list page</A +></P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN75" +></A +>1.5. Pizza supply details</H1 +><P +>Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done. </P +><P +>Method 1: Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US.</P +><P +>Method 2: Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this.</P +><P +>Method 3: Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-)</P +><P +>Method 4: Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture.</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="samba-faq.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-faq.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="install.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Samba FAQ</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Compiling and installing Samba on a Unix host</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/faq/install.html b/docs/faq/install.html new file mode 100644 index 0000000000..f9ecac1384 --- /dev/null +++ b/docs/faq/install.html @@ -0,0 +1,525 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Compiling and installing Samba on a Unix host</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="Samba FAQ" +HREF="samba-faq.html"><LINK +REL="PREVIOUS" +TITLE="General Information" +HREF="general.html"><LINK +REL="NEXT" +TITLE="Specific client application problems" +HREF="clientapp.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>Samba FAQ</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="general.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="clientapp.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="INSTALL" +></A +>Chapter 2. Compiling and installing Samba on a Unix host</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN84" +></A +>2.1. I can't see the Samba server in any browse lists!</H1 +><P +>See Browsing.html in the docs directory of the samba source +for more information on browsing.</P +><P +>If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<PRE +CLASS="PROGRAMLISTING" +> net use M: \\mary\fred</PRE +> +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN89" +></A +>2.2. Some files that I KNOW are on the server doesn't show up when I view the files from my client!</H1 +><P +>See the next question.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN92" +></A +>2.3. Some files on the server show up with really wierd filenames when I view the files from my client!</H1 +><P +>If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason).</P +><P +>The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes".</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN96" +></A +>2.4. My client reports "cannot locate specified computer" or similar</H1 +><P +>This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved.</P +><P +>After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution.</P +><P +>If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Lan Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document.</P +><P +>If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas.</P +><P +>By the way, remember to REMOVE the hardcoded mapping before further +tests :-)</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN103" +></A +>2.5. My client reports "cannot locate specified share name" or similar</H1 +><P +>This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave.</P +><P +>The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's docs on how +to specify a service name correctly), read on:</P +><P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>Many clients cannot accept or use service names longer than eight characters.</TD +></TR +><TR +><TD +>Many clients cannot accept or use service names containing spaces.</TD +></TR +><TR +><TD +>Some servers (not Samba though) are case sensitive with service names.</TD +></TR +><TR +><TD +>Some clients force service names into upper case.</TD +></TR +></TBODY +></TABLE +><P +></P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN112" +></A +>2.6. Printing doesn't work</H1 +><P +>Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr").</P +><P +>Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody".</P +><P +>Make sure that the user specified in the service is permitted to use +the printer.</P +><P +>Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol.</P +><P +>If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug.</P +><P +>If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN120" +></A +>2.7. My client reports "This server is not configured to list shared resources"</H1 +><P +>Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid.</P +><P +>See also 'guest account' in smb.conf man page.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN124" +></A +>2.8. Log message "you appear to have a trapdoor uid system"</H1 +><P +>This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535.</P +><P +>It might also mean that your OS has a trapdoor uid/gid system :-)</P +><P +>This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems.</P +><P +>The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user.</P +><P +>Complain to your OS vendor and ask them to fix their system.</P +><P +>Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good!</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN132" +></A +>2.9. Why are my file's timestamps off by an hour, or by a few hours?</H1 +><P +>This is from Paul Eggert eggert@twinsun.com.</P +><P +>Most likely it's a problem with your time zone settings.</P +><P +>Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds.</P +><P +>On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. +<P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this.</TD +></TR +><TR +><TD +>The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.</TD +></TR +></TBODY +></TABLE +><P +></P +></P +><P +>TZ must have the correct value.</P +><P +>If possible, use geographical time zone settings +(e.g. TZ='America/Los_Angeles' or perhaps + TZ=':US/Pacific'). These are supported by most +popular Unix OSes, are easier to get right, and are +more accurate for historical timestamps. If your +operating system has out-of-date tables, you should be +able to update them from the public domain time zone +tables at <A +HREF="ftp://elsie.nci.nih.gov/pub/" +TARGET="_top" +>ftp://elsie.nci.nih.gov/pub/</A +>.</P +><P +>If your system does not support geographical timezone +settings, you must use a Posix-style TZ strings, e.g. +TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. +Posix TZ strings can take the following form (with optional + items in brackets): +<PRE +CLASS="PROGRAMLISTING" +> StdOffset[Dst[Offset],Date/Time,Date/Time]</PRE +> + where:</P +><P +><P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>`Std' is the standard time designation (e.g. `PST').</TD +></TR +><TR +><TD +>`Offset' is the number of hours behind UTC (e.g. `8'). +Prepend a `-' if you are ahead of UTC, and +append `:30' if you are at a half-hour offset. +Omit all the remaining items if you do not use +daylight-saving time.</TD +></TR +><TR +><TD +>`Dst' is the daylight-saving time designation +(e.g. `PDT').</TD +></TR +><TR +><TD +>The optional second `Offset' is the number of +hours that daylight-saving time is behind UTC. +The default is 1 hour ahead of standard time.</TD +></TR +><TR +><TD +>`Date/Time,Date/Time' specify when daylight-saving +time starts and ends. The format for a date is +`Mm.n.d', which specifies the dth day (0 is Sunday) +of the nth week of the mth month, where week 5 means +the last such day in the month. The format for a +time is [h]h[:mm[:ss]], using a 24-hour clock.</TD +></TR +></TBODY +></TABLE +><P +></P +></P +><P +>Other Posix string formats are allowed but you don't want +to know about them.</P +><P +>On the client side, you must make sure that your client's clock and +time zone is also set appropriately. [[I don't know how to do this.]] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones. </P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN155" +></A +>2.10. How do I set the printer driver name correctly?</H1 +><P +>Question:</P +><P +><SPAN +CLASS="QUOTE" +>" On NT, I opened "Printer Manager" and "Connect to Printer". + Enter ["\\ptdi270\ps1"] in the box of printer. I got the + following error message + "</SPAN +> + </P +><P +> <PRE +CLASS="PROGRAMLISTING" +> You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. + </PRE +> + </P +><P +>Answer:</P +><P +>In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> printer driver = HP LaserJet 4L</PRE +></P +><P +>With this, NT knows to use the right driver. You have to get this string +exactly right.</P +><P +>To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box.</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="general.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-faq.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="clientapp.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>General Information</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Specific client application problems</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/faq/samba-faq.html b/docs/faq/samba-faq.html new file mode 100644 index 0000000000..ed74a3be31 --- /dev/null +++ b/docs/faq/samba-faq.html @@ -0,0 +1,328 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Samba FAQ</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="NEXT" +TITLE="General Information" +HREF="general.html"></HEAD +><BODY +CLASS="BOOK" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="BOOK" +><A +NAME="SAMBA-FAQ" +></A +><DIV +CLASS="TITLEPAGE" +><H1 +CLASS="TITLE" +><A +NAME="SAMBA-FAQ" +></A +>Samba FAQ</H1 +><H3 +CLASS="AUTHOR" +><A +NAME="AEN4" +></A +>Samba Team</H3 +><HR></DIV +><H1 +><A +NAME="AEN7" +></A +>Dedication</H1 +><P +>This is the Frequently Asked Questions (FAQ) document for +Samba, the free and very popular SMB server product. An SMB server +allows file and printer connections from clients such as Windows, +OS/2, Linux and others. Current to version 3.0. Please send any +corrections to the samba documentation mailinglist at +<A +HREF="mailto:samba-doc@samba.org" +TARGET="_top" +>samba-doc@samba.org</A +>. +This FAQ was based on the old Samba FAQ by Dan Shearer and Paul Blackman, +and the old samba text documents which were mostly written by John Terpstra.</P +><DIV +CLASS="TOC" +><DL +><DT +><B +>Table of Contents</B +></DT +><DT +>1. <A +HREF="general.html" +>General Information</A +></DT +><DD +><DL +><DT +>1.1. <A +HREF="general.html#AEN12" +>Where can I get it?</A +></DT +><DT +>1.2. <A +HREF="general.html#AEN16" +>What do the version numbers mean?</A +></DT +><DT +>1.3. <A +HREF="general.html#AEN28" +>What platforms are supported?</A +></DT +><DT +>1.4. <A +HREF="general.html#AEN71" +>How do I subscribe to the Samba Mailing Lists?</A +></DT +><DT +>1.5. <A +HREF="general.html#AEN75" +>Pizza supply details</A +></DT +></DL +></DD +><DT +>2. <A +HREF="install.html" +>Compiling and installing Samba on a Unix host</A +></DT +><DD +><DL +><DT +>2.1. <A +HREF="install.html#AEN84" +>I can't see the Samba server in any browse lists!</A +></DT +><DT +>2.2. <A +HREF="install.html#AEN89" +>Some files that I KNOW are on the server doesn't show up when I view the files from my client!</A +></DT +><DT +>2.3. <A +HREF="install.html#AEN92" +>Some files on the server show up with really wierd filenames when I view the files from my client!</A +></DT +><DT +>2.4. <A +HREF="install.html#AEN96" +>My client reports "cannot locate specified computer" or similar</A +></DT +><DT +>2.5. <A +HREF="install.html#AEN103" +>My client reports "cannot locate specified share name" or similar</A +></DT +><DT +>2.6. <A +HREF="install.html#AEN112" +>Printing doesn't work</A +></DT +><DT +>2.7. <A +HREF="install.html#AEN120" +>My client reports "This server is not configured to list shared resources"</A +></DT +><DT +>2.8. <A +HREF="install.html#AEN124" +>Log message "you appear to have a trapdoor uid system"</A +></DT +><DT +>2.9. <A +HREF="install.html#AEN132" +>Why are my file's timestamps off by an hour, or by a few hours?</A +></DT +><DT +>2.10. <A +HREF="install.html#AEN155" +>How do I set the printer driver name correctly?</A +></DT +></DL +></DD +><DT +>3. <A +HREF="clientapp.html" +>Specific client application problems</A +></DT +><DD +><DL +><DT +>3.1. <A +HREF="clientapp.html#AEN170" +>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A +></DT +><DT +>3.2. <A +HREF="clientapp.html#AEN175" +>How to use a Samba share as an administrative share for MS Office, etc.</A +></DT +><DT +>3.3. <A +HREF="clientapp.html#AEN190" +>Microsoft Access database opening errors</A +></DT +></DL +></DD +><DT +>4. <A +HREF="errors.html" +>Common errors</A +></DT +><DD +><DL +><DT +>4.1. <A +HREF="errors.html#AEN201" +>Not listening for calling name</A +></DT +><DT +>4.2. <A +HREF="errors.html#AEN208" +>System Error 1240</A +></DT +><DT +>4.3. <A +HREF="errors.html#AEN215" +>smbclient ignores -N !</A +></DT +><DT +>4.4. <A +HREF="errors.html#AEN224" +>The data on the CD-Drive I've shared seems to be corrupted!</A +></DT +><DT +>4.5. <A +HREF="errors.html#AEN228" +>Why can users access home directories of other users?</A +></DT +></DL +></DD +><DT +>5. <A +HREF="features.html" +>Features</A +></DT +><DD +><DL +><DT +>5.1. <A +HREF="features.html#AEN243" +>How can I prevent my samba server from being used to distribute the Nimda worm?</A +></DT +><DT +>5.2. <A +HREF="features.html#AEN257" +>How can I use samba as a fax server?</A +></DT +><DD +><DL +><DT +>5.2.1. <A +HREF="features.html#AEN268" +>Tools for printing faxes</A +></DT +><DT +>5.2.2. <A +HREF="features.html#AEN278" +>Making the fax-server</A +></DT +><DT +>5.2.3. <A +HREF="features.html#AEN294" +>Installing the client drivers</A +></DT +><DT +>5.2.4. <A +HREF="features.html#AEN308" +>Example smb.conf</A +></DT +></DL +></DD +><DT +>5.3. <A +HREF="features.html#AEN312" +>Samba doesn't work well together with DHCP!</A +></DT +><DT +>5.4. <A +HREF="features.html#AEN325" +>How can I assign NetBIOS names to clients with DHCP?</A +></DT +><DT +>5.5. <A +HREF="features.html#AEN332" +>How do I convert between unix and dos text formats?</A +></DT +></DL +></DD +></DL +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +> </TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="general.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +> </TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>General Information</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/Samba-HOWTO.html b/docs/htmldocs/Samba-HOWTO.html new file mode 100644 index 0000000000..da69705bc3 --- /dev/null +++ b/docs/htmldocs/Samba-HOWTO.html @@ -0,0 +1,1440 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>SAMBA Project Documentation</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ +"><LINK +REL="NEXT" +TITLE="How to Install and Test SAMBA" +HREF="install.html"></HEAD +><BODY +CLASS="BOOK" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="BOOK" +><A +NAME="SAMBA-PROJECT-DOCUMENTATION"><DIV +CLASS="TITLEPAGE" +><H1 +CLASS="TITLE" +><A +NAME="SAMBA-PROJECT-DOCUMENTATION">SAMBA Project Documentation</H1 +><H3 +CLASS="AUTHOR" +><A +NAME="AEN4">SAMBA Team</H3 +><HR></DIV +><H1 +><A +NAME="AEN8">Abstract</H1 +><P +><SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Last Update</I +></SPAN +> : Thu Aug 15 12:48:45 CDT 2002</P +><P +>This book is a collection of HOWTOs added to Samba documentation over the years. +I try to ensure that all are current, but sometimes the is a larger job +than one person can maintain. The most recent version of this document +can be found at <A +HREF="http://www.samba.org/" +TARGET="_top" +>http://www.samba.org/</A +> +on the "Documentation" page. Please send updates to <A +HREF="mailto:jerry@samba.org" +TARGET="_top" +>jerry@samba.org</A +>.</P +><P +>This documentation is distributed under the GNU General Public License (GPL) +version 2. A copy of the license is included with the Samba source +distribution. A copy can be found on-line at <A +HREF="http://www.fsf.org/licenses/gpl.txt" +TARGET="_top" +>http://www.fsf.org/licenses/gpl.txt</A +></P +><P +>Cheers, jerry</P +><DIV +CLASS="TOC" +><DL +><DT +><B +>Table of Contents</B +></DT +><DT +>1. <A +HREF="install.html" +>How to Install and Test SAMBA</A +></DT +><DD +><DL +><DT +>1.1. <A +HREF="install.html#AEN20" +>Step 0: Read the man pages</A +></DT +><DT +>1.2. <A +HREF="install.html#AEN28" +>Step 1: Building the Binaries</A +></DT +><DT +>1.3. <A +HREF="install.html#AEN56" +>Step 2: The all important step</A +></DT +><DT +>1.4. <A +HREF="install.html#AEN60" +>Step 3: Create the smb configuration file.</A +></DT +><DT +>1.5. <A +HREF="install.html#AEN74" +>Step 4: Test your config file with + <B +CLASS="COMMAND" +>testparm</B +></A +></DT +><DT +>1.6. <A +HREF="install.html#AEN80" +>Step 5: Starting the smbd and nmbd</A +></DT +><DD +><DL +><DT +>1.6.1. <A +HREF="install.html#AEN90" +>Step 5a: Starting from inetd.conf</A +></DT +><DT +>1.6.2. <A +HREF="install.html#AEN119" +>Step 5b. Alternative: starting it as a daemon</A +></DT +></DL +></DD +><DT +>1.7. <A +HREF="install.html#AEN135" +>Step 6: Try listing the shares available on your + server</A +></DT +><DT +>1.8. <A +HREF="install.html#AEN144" +>Step 7: Try connecting with the unix client</A +></DT +><DT +>1.9. <A +HREF="install.html#AEN160" +>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client</A +></DT +><DT +>1.10. <A +HREF="install.html#AEN174" +>What If Things Don't Work?</A +></DT +><DD +><DL +><DT +>1.10.1. <A +HREF="install.html#AEN179" +>Diagnosing Problems</A +></DT +><DT +>1.10.2. <A +HREF="install.html#AEN183" +>Scope IDs</A +></DT +><DT +>1.10.3. <A +HREF="install.html#AEN186" +>Choosing the Protocol Level</A +></DT +><DT +>1.10.4. <A +HREF="install.html#AEN195" +>Printing from UNIX to a Client PC</A +></DT +><DT +>1.10.5. <A +HREF="install.html#AEN200" +>Locking</A +></DT +><DT +>1.10.6. <A +HREF="install.html#AEN209" +>Mapping Usernames</A +></DT +></DL +></DD +></DL +></DD +><DT +>2. <A +HREF="diagnosis.html" +>Diagnosing your samba server</A +></DT +><DD +><DL +><DT +>2.1. <A +HREF="diagnosis.html#AEN223" +>Introduction</A +></DT +><DT +>2.2. <A +HREF="diagnosis.html#AEN228" +>Assumptions</A +></DT +><DT +>2.3. <A +HREF="diagnosis.html#AEN238" +>Tests</A +></DT +><DD +><DL +><DT +>2.3.1. <A +HREF="diagnosis.html#AEN240" +>Test 1</A +></DT +><DT +>2.3.2. <A +HREF="diagnosis.html#AEN246" +>Test 2</A +></DT +><DT +>2.3.3. <A +HREF="diagnosis.html#AEN252" +>Test 3</A +></DT +><DT +>2.3.4. <A +HREF="diagnosis.html#AEN267" +>Test 4</A +></DT +><DT +>2.3.5. <A +HREF="diagnosis.html#AEN272" +>Test 5</A +></DT +><DT +>2.3.6. <A +HREF="diagnosis.html#AEN278" +>Test 6</A +></DT +><DT +>2.3.7. <A +HREF="diagnosis.html#AEN286" +>Test 7</A +></DT +><DT +>2.3.8. <A +HREF="diagnosis.html#AEN312" +>Test 8</A +></DT +><DT +>2.3.9. <A +HREF="diagnosis.html#AEN329" +>Test 9</A +></DT +><DT +>2.3.10. <A +HREF="diagnosis.html#AEN334" +>Test 10</A +></DT +><DT +>2.3.11. <A +HREF="diagnosis.html#AEN340" +>Test 11</A +></DT +></DL +></DD +><DT +>2.4. <A +HREF="diagnosis.html#AEN345" +>Still having troubles?</A +></DT +></DL +></DD +><DT +>3. <A +HREF="integrate-ms-networks.html" +>Integrating MS Windows networks with Samba</A +></DT +><DD +><DL +><DT +>3.1. <A +HREF="integrate-ms-networks.html#AEN362" +>Agenda</A +></DT +><DT +>3.2. <A +HREF="integrate-ms-networks.html#AEN384" +>Name Resolution in a pure Unix/Linux world</A +></DT +><DD +><DL +><DT +>3.2.1. <A +HREF="integrate-ms-networks.html#AEN400" +><TT +CLASS="FILENAME" +>/etc/hosts</TT +></A +></DT +><DT +>3.2.2. <A +HREF="integrate-ms-networks.html#AEN416" +><TT +CLASS="FILENAME" +>/etc/resolv.conf</TT +></A +></DT +><DT +>3.2.3. <A +HREF="integrate-ms-networks.html#AEN427" +><TT +CLASS="FILENAME" +>/etc/host.conf</TT +></A +></DT +><DT +>3.2.4. <A +HREF="integrate-ms-networks.html#AEN435" +><TT +CLASS="FILENAME" +>/etc/nsswitch.conf</TT +></A +></DT +></DL +></DD +><DT +>3.3. <A +HREF="integrate-ms-networks.html#AEN447" +>Name resolution as used within MS Windows networking</A +></DT +><DD +><DL +><DT +>3.3.1. <A +HREF="integrate-ms-networks.html#AEN459" +>The NetBIOS Name Cache</A +></DT +><DT +>3.3.2. <A +HREF="integrate-ms-networks.html#AEN464" +>The LMHOSTS file</A +></DT +><DT +>3.3.3. <A +HREF="integrate-ms-networks.html#AEN472" +>HOSTS file</A +></DT +><DT +>3.3.4. <A +HREF="integrate-ms-networks.html#AEN477" +>DNS Lookup</A +></DT +><DT +>3.3.5. <A +HREF="integrate-ms-networks.html#AEN480" +>WINS Lookup</A +></DT +></DL +></DD +><DT +>3.4. <A +HREF="integrate-ms-networks.html#AEN492" +>How browsing functions and how to deploy stable and +dependable browsing using Samba</A +></DT +><DT +>3.5. <A +HREF="integrate-ms-networks.html#AEN502" +>MS Windows security options and how to configure +Samba for seemless integration</A +></DT +><DD +><DL +><DT +>3.5.1. <A +HREF="integrate-ms-networks.html#AEN530" +>Use MS Windows NT as an authentication server</A +></DT +><DT +>3.5.2. <A +HREF="integrate-ms-networks.html#AEN538" +>Make Samba a member of an MS Windows NT security domain</A +></DT +><DT +>3.5.3. <A +HREF="integrate-ms-networks.html#AEN555" +>Configure Samba as an authentication server</A +></DT +></DL +></DD +><DT +>3.6. <A +HREF="integrate-ms-networks.html#AEN572" +>Conclusions</A +></DT +></DL +></DD +><DT +>4. <A +HREF="pam.html" +>Configuring PAM for distributed but centrally +managed authentication</A +></DT +><DD +><DL +><DT +>4.1. <A +HREF="pam.html#AEN593" +>Samba and PAM</A +></DT +><DT +>4.2. <A +HREF="pam.html#AEN637" +>Distributed Authentication</A +></DT +><DT +>4.3. <A +HREF="pam.html#AEN644" +>PAM Configuration in smb.conf</A +></DT +></DL +></DD +><DT +>5. <A +HREF="msdfs.html" +>Hosting a Microsoft Distributed File System tree on Samba</A +></DT +><DD +><DL +><DT +>5.1. <A +HREF="msdfs.html#AEN664" +>Instructions</A +></DT +><DD +><DL +><DT +>5.1.1. <A +HREF="msdfs.html#AEN699" +>Notes</A +></DT +></DL +></DD +></DL +></DD +><DT +>6. <A +HREF="unix-permissions.html" +>UNIX Permission Bits and Windows NT Access Control Lists</A +></DT +><DD +><DL +><DT +>6.1. <A +HREF="unix-permissions.html#AEN719" +>Viewing and changing UNIX permissions using the NT + security dialogs</A +></DT +><DT +>6.2. <A +HREF="unix-permissions.html#AEN728" +>How to view file security on a Samba share</A +></DT +><DT +>6.3. <A +HREF="unix-permissions.html#AEN739" +>Viewing file ownership</A +></DT +><DT +>6.4. <A +HREF="unix-permissions.html#AEN759" +>Viewing file or directory permissions</A +></DT +><DD +><DL +><DT +>6.4.1. <A +HREF="unix-permissions.html#AEN774" +>File Permissions</A +></DT +><DT +>6.4.2. <A +HREF="unix-permissions.html#AEN788" +>Directory Permissions</A +></DT +></DL +></DD +><DT +>6.5. <A +HREF="unix-permissions.html#AEN795" +>Modifying file or directory permissions</A +></DT +><DT +>6.6. <A +HREF="unix-permissions.html#AEN817" +>Interaction with the standard Samba create mask + parameters</A +></DT +><DT +>6.7. <A +HREF="unix-permissions.html#AEN881" +>Interaction with the standard Samba file attribute + mapping</A +></DT +></DL +></DD +><DT +>7. <A +HREF="printing.html" +>Printing Support in Samba 2.2.x</A +></DT +><DD +><DL +><DT +>7.1. <A +HREF="printing.html#AEN902" +>Introduction</A +></DT +><DT +>7.2. <A +HREF="printing.html#AEN924" +>Configuration</A +></DT +><DD +><DL +><DT +>7.2.1. <A +HREF="printing.html#AEN935" +>Creating [print$]</A +></DT +><DT +>7.2.2. <A +HREF="printing.html#AEN970" +>Setting Drivers for Existing Printers</A +></DT +><DT +>7.2.3. <A +HREF="printing.html#AEN987" +>Support a large number of printers</A +></DT +><DT +>7.2.4. <A +HREF="printing.html#AEN998" +>Adding New Printers via the Windows NT APW</A +></DT +><DT +>7.2.5. <A +HREF="printing.html#AEN1028" +>Samba and Printer Ports</A +></DT +></DL +></DD +><DT +>7.3. <A +HREF="printing.html#AEN1036" +>The Imprints Toolset</A +></DT +><DD +><DL +><DT +>7.3.1. <A +HREF="printing.html#AEN1040" +>What is Imprints?</A +></DT +><DT +>7.3.2. <A +HREF="printing.html#AEN1050" +>Creating Printer Driver Packages</A +></DT +><DT +>7.3.3. <A +HREF="printing.html#AEN1053" +>The Imprints server</A +></DT +><DT +>7.3.4. <A +HREF="printing.html#AEN1057" +>The Installation Client</A +></DT +></DL +></DD +><DT +>7.4. <A +HREF="printing.html#AEN1079" +><A +NAME="MIGRATION" +></A +>Migration to from Samba 2.0.x to 2.2.x</A +></DT +></DL +></DD +><DT +>8. <A +HREF="printingdebug.html" +>Debugging Printing Problems</A +></DT +><DD +><DL +><DT +>8.1. <A +HREF="printingdebug.html#AEN1125" +>Introduction</A +></DT +><DT +>8.2. <A +HREF="printingdebug.html#AEN1141" +>Debugging printer problems</A +></DT +><DT +>8.3. <A +HREF="printingdebug.html#AEN1150" +>What printers do I have?</A +></DT +><DT +>8.4. <A +HREF="printingdebug.html#AEN1158" +>Setting up printcap and print servers</A +></DT +><DT +>8.5. <A +HREF="printingdebug.html#AEN1186" +>Job sent, no output</A +></DT +><DT +>8.6. <A +HREF="printingdebug.html#AEN1197" +>Job sent, strange output</A +></DT +><DT +>8.7. <A +HREF="printingdebug.html#AEN1209" +>Raw PostScript printed</A +></DT +><DT +>8.8. <A +HREF="printingdebug.html#AEN1212" +>Advanced Printing</A +></DT +><DT +>8.9. <A +HREF="printingdebug.html#AEN1215" +>Real debugging</A +></DT +></DL +></DD +><DT +>9. <A +HREF="securitylevels.html" +>Security levels</A +></DT +><DD +><DL +><DT +>9.1. <A +HREF="securitylevels.html#AEN1228" +>Introduction</A +></DT +><DT +>9.2. <A +HREF="securitylevels.html#AEN1239" +>More complete description of security levels</A +></DT +></DL +></DD +><DT +>10. <A +HREF="domain-security.html" +>security = domain in Samba 2.x</A +></DT +><DD +><DL +><DT +>10.1. <A +HREF="domain-security.html#AEN1272" +>Joining an NT Domain with Samba 2.2</A +></DT +><DT +>10.2. <A +HREF="domain-security.html#AEN1336" +>Samba and Windows 2000 Domains</A +></DT +><DT +>10.3. <A +HREF="domain-security.html#AEN1341" +>Why is this better than security = server?</A +></DT +></DL +></DD +><DT +>11. <A +HREF="winbind.html" +>Unified Logons between Windows NT and UNIX using Winbind</A +></DT +><DD +><DL +><DT +>11.1. <A +HREF="winbind.html#AEN1394" +>Abstract</A +></DT +><DT +>11.2. <A +HREF="winbind.html#AEN1398" +>Introduction</A +></DT +><DT +>11.3. <A +HREF="winbind.html#AEN1411" +>What Winbind Provides</A +></DT +><DD +><DL +><DT +>11.3.1. <A +HREF="winbind.html#AEN1418" +>Target Uses</A +></DT +></DL +></DD +><DT +>11.4. <A +HREF="winbind.html#AEN1422" +>How Winbind Works</A +></DT +><DD +><DL +><DT +>11.4.1. <A +HREF="winbind.html#AEN1427" +>Microsoft Remote Procedure Calls</A +></DT +><DT +>11.4.2. <A +HREF="winbind.html#AEN1431" +>Name Service Switch</A +></DT +><DT +>11.4.3. <A +HREF="winbind.html#AEN1447" +>Pluggable Authentication Modules</A +></DT +><DT +>11.4.4. <A +HREF="winbind.html#AEN1455" +>User and Group ID Allocation</A +></DT +><DT +>11.4.5. <A +HREF="winbind.html#AEN1459" +>Result Caching</A +></DT +></DL +></DD +><DT +>11.5. <A +HREF="winbind.html#AEN1462" +>Installation and Configuration</A +></DT +><DD +><DL +><DT +>11.5.1. <A +HREF="winbind.html#AEN1469" +>Introduction</A +></DT +><DT +>11.5.2. <A +HREF="winbind.html#AEN1482" +>Requirements</A +></DT +><DT +>11.5.3. <A +HREF="winbind.html#AEN1496" +>Testing Things Out</A +></DT +></DL +></DD +><DT +>11.6. <A +HREF="winbind.html#AEN1711" +>Limitations</A +></DT +><DT +>11.7. <A +HREF="winbind.html#AEN1721" +>Conclusion</A +></DT +></DL +></DD +><DT +>12. <A +HREF="samba-pdc.html" +>How to Configure Samba 2.2 as a Primary Domain Controller</A +></DT +><DD +><DL +><DT +>12.1. <A +HREF="samba-pdc.html#AEN1741" +>Prerequisite Reading</A +></DT +><DT +>12.2. <A +HREF="samba-pdc.html#AEN1747" +>Background</A +></DT +><DT +>12.3. <A +HREF="samba-pdc.html#AEN1786" +>Configuring the Samba Domain Controller</A +></DT +><DT +>12.4. <A +HREF="samba-pdc.html#AEN1829" +>Creating Machine Trust Accounts and Joining Clients to the +Domain</A +></DT +><DD +><DL +><DT +>12.4.1. <A +HREF="samba-pdc.html#AEN1848" +>Manual Creation of Machine Trust Accounts</A +></DT +><DT +>12.4.2. <A +HREF="samba-pdc.html#AEN1883" +>"On-the-Fly" Creation of Machine Trust Accounts</A +></DT +><DT +>12.4.3. <A +HREF="samba-pdc.html#AEN1892" +>Joining the Client to the Domain</A +></DT +></DL +></DD +><DT +>12.5. <A +HREF="samba-pdc.html#AEN1907" +>Common Problems and Errors</A +></DT +><DT +>12.6. <A +HREF="samba-pdc.html#AEN1955" +>System Policies and Profiles</A +></DT +><DT +>12.7. <A +HREF="samba-pdc.html#AEN1999" +>What other help can I get?</A +></DT +><DT +>12.8. <A +HREF="samba-pdc.html#AEN2113" +>Domain Control for Windows 9x/ME</A +></DT +><DD +><DL +><DT +>12.8.1. <A +HREF="samba-pdc.html#AEN2139" +>Configuration Instructions: Network Logons</A +></DT +><DT +>12.8.2. <A +HREF="samba-pdc.html#AEN2158" +>Configuration Instructions: Setting up Roaming User Profiles</A +></DT +></DL +></DD +><DT +>12.9. <A +HREF="samba-pdc.html#AEN2251" +>DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A +></DT +></DL +></DD +><DT +>13. <A +HREF="samba-bdc.html" +>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A +></DT +><DD +><DL +><DT +>13.1. <A +HREF="samba-bdc.html#AEN2287" +>Prerequisite Reading</A +></DT +><DT +>13.2. <A +HREF="samba-bdc.html#AEN2291" +>Background</A +></DT +><DT +>13.3. <A +HREF="samba-bdc.html#AEN2299" +>What qualifies a Domain Controller on the network?</A +></DT +><DD +><DL +><DT +>13.3.1. <A +HREF="samba-bdc.html#AEN2302" +>How does a Workstation find its domain controller?</A +></DT +><DT +>13.3.2. <A +HREF="samba-bdc.html#AEN2305" +>When is the PDC needed?</A +></DT +></DL +></DD +><DT +>13.4. <A +HREF="samba-bdc.html#AEN2308" +>Can Samba be a Backup Domain Controller?</A +></DT +><DT +>13.5. <A +HREF="samba-bdc.html#AEN2312" +>How do I set up a Samba BDC?</A +></DT +><DD +><DL +><DT +>13.5.1. <A +HREF="samba-bdc.html#AEN2329" +>How do I replicate the smbpasswd file?</A +></DT +></DL +></DD +></DL +></DD +><DT +>14. <A +HREF="samba-ldap-howto.html" +>Storing Samba's User/Machine Account information in an LDAP Directory</A +></DT +><DD +><DL +><DT +>14.1. <A +HREF="samba-ldap-howto.html#AEN2350" +>Purpose</A +></DT +><DT +>14.2. <A +HREF="samba-ldap-howto.html#AEN2370" +>Introduction</A +></DT +><DT +>14.3. <A +HREF="samba-ldap-howto.html#AEN2399" +>Supported LDAP Servers</A +></DT +><DT +>14.4. <A +HREF="samba-ldap-howto.html#AEN2404" +>Schema and Relationship to the RFC 2307 posixAccount</A +></DT +><DT +>14.5. <A +HREF="samba-ldap-howto.html#AEN2416" +>Configuring Samba with LDAP</A +></DT +><DD +><DL +><DT +>14.5.1. <A +HREF="samba-ldap-howto.html#AEN2418" +>OpenLDAP configuration</A +></DT +><DT +>14.5.2. <A +HREF="samba-ldap-howto.html#AEN2435" +>Configuring Samba</A +></DT +></DL +></DD +><DT +>14.6. <A +HREF="samba-ldap-howto.html#AEN2463" +>Accounts and Groups management</A +></DT +><DT +>14.7. <A +HREF="samba-ldap-howto.html#AEN2468" +>Security and sambaAccount</A +></DT +><DT +>14.8. <A +HREF="samba-ldap-howto.html#AEN2488" +>LDAP specials attributes for sambaAccounts</A +></DT +><DT +>14.9. <A +HREF="samba-ldap-howto.html#AEN2558" +>Example LDIF Entries for a sambaAccount</A +></DT +><DT +>14.10. <A +HREF="samba-ldap-howto.html#AEN2566" +>Comments</A +></DT +></DL +></DD +><DT +>15. <A +HREF="improved-browsing.html" +>Improved browsing in samba</A +></DT +><DD +><DL +><DT +>15.1. <A +HREF="improved-browsing.html#AEN2577" +>Overview of browsing</A +></DT +><DT +>15.2. <A +HREF="improved-browsing.html#AEN2581" +>Browsing support in samba</A +></DT +><DT +>15.3. <A +HREF="improved-browsing.html#AEN2590" +>Problem resolution</A +></DT +><DT +>15.4. <A +HREF="improved-browsing.html#AEN2597" +>Browsing across subnets</A +></DT +><DD +><DL +><DT +>15.4.1. <A +HREF="improved-browsing.html#AEN2602" +>How does cross subnet browsing work ?</A +></DT +></DL +></DD +><DT +>15.5. <A +HREF="improved-browsing.html#AEN2637" +>Setting up a WINS server</A +></DT +><DT +>15.6. <A +HREF="improved-browsing.html#AEN2656" +>Setting up Browsing in a WORKGROUP</A +></DT +><DT +>15.7. <A +HREF="improved-browsing.html#AEN2674" +>Setting up Browsing in a DOMAIN</A +></DT +><DT +>15.8. <A +HREF="improved-browsing.html#AEN2684" +>Forcing samba to be the master</A +></DT +><DT +>15.9. <A +HREF="improved-browsing.html#AEN2693" +>Making samba the domain master</A +></DT +><DT +>15.10. <A +HREF="improved-browsing.html#AEN2711" +>Note about broadcast addresses</A +></DT +><DT +>15.11. <A +HREF="improved-browsing.html#AEN2714" +>Multiple interfaces</A +></DT +></DL +></DD +><DT +>16. <A +HREF="speed.html" +>Samba performance issues</A +></DT +><DD +><DL +><DT +>16.1. <A +HREF="speed.html#AEN2732" +>Comparisons</A +></DT +><DT +>16.2. <A +HREF="speed.html#AEN2738" +>Oplocks</A +></DT +><DD +><DL +><DT +>16.2.1. <A +HREF="speed.html#AEN2740" +>Overview</A +></DT +><DT +>16.2.2. <A +HREF="speed.html#AEN2748" +>Level2 Oplocks</A +></DT +><DT +>16.2.3. <A +HREF="speed.html#AEN2754" +>Old 'fake oplocks' option - deprecated</A +></DT +></DL +></DD +><DT +>16.3. <A +HREF="speed.html#AEN2758" +>Socket options</A +></DT +><DT +>16.4. <A +HREF="speed.html#AEN2765" +>Read size</A +></DT +><DT +>16.5. <A +HREF="speed.html#AEN2770" +>Max xmit</A +></DT +><DT +>16.6. <A +HREF="speed.html#AEN2775" +>Locking</A +></DT +><DT +>16.7. <A +HREF="speed.html#AEN2779" +>Share modes</A +></DT +><DT +>16.8. <A +HREF="speed.html#AEN2784" +>Log level</A +></DT +><DT +>16.9. <A +HREF="speed.html#AEN2787" +>Wide lines</A +></DT +><DT +>16.10. <A +HREF="speed.html#AEN2790" +>Read raw</A +></DT +><DT +>16.11. <A +HREF="speed.html#AEN2795" +>Write raw</A +></DT +><DT +>16.12. <A +HREF="speed.html#AEN2799" +>Read prediction</A +></DT +><DT +>16.13. <A +HREF="speed.html#AEN2806" +>Memory mapping</A +></DT +><DT +>16.14. <A +HREF="speed.html#AEN2811" +>Slow Clients</A +></DT +><DT +>16.15. <A +HREF="speed.html#AEN2815" +>Slow Logins</A +></DT +><DT +>16.16. <A +HREF="speed.html#AEN2818" +>Client tuning</A +></DT +><DT +>16.17. <A +HREF="speed.html#AEN2850" +>My Results</A +></DT +></DL +></DD +><DT +>17. <A +HREF="other-clients.html" +>Samba and other CIFS clients</A +></DT +><DD +><DL +><DT +>17.1. <A +HREF="other-clients.html#AEN2871" +>Macintosh clients?</A +></DT +><DT +>17.2. <A +HREF="other-clients.html#AEN2880" +>OS2 Client</A +></DT +><DD +><DL +><DT +>17.2.1. <A +HREF="other-clients.html#AEN2882" +>How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?</A +></DT +><DT +>17.2.2. <A +HREF="other-clients.html#AEN2897" +>How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?</A +></DT +><DT +>17.2.3. <A +HREF="other-clients.html#AEN2906" +>Are there any other issues when OS/2 (any version) + is used as a client?</A +></DT +><DT +>17.2.4. <A +HREF="other-clients.html#AEN2910" +>How do I get printer driver download working + for OS/2 clients?</A +></DT +></DL +></DD +><DT +>17.3. <A +HREF="other-clients.html#AEN2920" +>Windows for Workgroups</A +></DT +><DD +><DL +><DT +>17.3.1. <A +HREF="other-clients.html#AEN2922" +>Use latest TCP/IP stack from Microsoft</A +></DT +><DT +>17.3.2. <A +HREF="other-clients.html#AEN2927" +>Delete .pwl files after password change</A +></DT +><DT +>17.3.3. <A +HREF="other-clients.html#AEN2932" +>Configure WfW password handling</A +></DT +><DT +>17.3.4. <A +HREF="other-clients.html#AEN2936" +>Case handling of passwords</A +></DT +></DL +></DD +><DT +>17.4. <A +HREF="other-clients.html#AEN2941" +>Windows '95/'98</A +></DT +><DT +>17.5. <A +HREF="other-clients.html#AEN2957" +>Windows 2000 Service Pack 2</A +></DT +></DL +></DD +><DT +>18. <A +HREF="cvs-access.html" +>HOWTO Access Samba source code via CVS</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="cvs-access.html#AEN2981" +>Introduction</A +></DT +><DT +>18.2. <A +HREF="cvs-access.html#AEN2986" +>CVS Access to samba.org</A +></DT +><DD +><DL +><DT +>18.2.1. <A +HREF="cvs-access.html#AEN2989" +>Access via CVSweb</A +></DT +><DT +>18.2.2. <A +HREF="cvs-access.html#AEN2994" +>Access via cvs</A +></DT +></DL +></DD +></DL +></DD +><DT +>19. <A +HREF="bugreport.html" +>Reporting Bugs</A +></DT +><DD +><DL +><DT +>19.1. <A +HREF="bugreport.html#AEN3029" +>Introduction</A +></DT +><DT +>19.2. <A +HREF="bugreport.html#AEN3036" +>General info</A +></DT +><DT +>19.3. <A +HREF="bugreport.html#AEN3042" +>Debug levels</A +></DT +><DT +>19.4. <A +HREF="bugreport.html#AEN3059" +>Internal errors</A +></DT +><DT +>19.5. <A +HREF="bugreport.html#AEN3069" +>Attaching to a running process</A +></DT +><DT +>19.6. <A +HREF="bugreport.html#AEN3072" +>Patches</A +></DT +></DL +></DD +><DT +>20. <A +HREF="groupmapping.html" +>Group mapping HOWTO</A +></DT +><DT +>21. <A +HREF="portability.html" +>Portability</A +></DT +><DD +><DL +><DT +>21.1. <A +HREF="portability.html#AEN3119" +>HPUX</A +></DT +><DT +>21.2. <A +HREF="portability.html#AEN3124" +>SCO Unix</A +></DT +><DT +>21.3. <A +HREF="portability.html#AEN3128" +>DNIX</A +></DT +></DL +></DD +></DL +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +> </TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="install.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +> </TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>How to Install and Test SAMBA</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h new file mode 100644 index 0000000000..c01d10554e --- /dev/null +++ b/source3/include/rpc_ds.h @@ -0,0 +1,91 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Gerald Carter 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_DS_H /* _RPC_LSA_H */ +#define _RPC_DS_H + +#include "rpc_misc.h" + + +/* Opcodes available on PIPE_LSARPC_DS */ + +#define DS_GETPRIMDOMINFO 0x00 + + +/* macros for RPC's */ + +#define DSROLE_PRIMARY_DS_RUNNING 0x00000001 +#define DSROLE_PRIMARY_DS_MIXED_MODE 0x00000002 +#define DSROLE_UPGRADE_IN_PROGRESS 0x00000004 +#define DSROLE_PRIMARY_DOMAIN_GUID_PRESENT 0x01000000 + +typedef struct +{ + uint16 machine_role; + uint16 unknown; /* 0x6173 -- maybe just alignment? */ + + uint32 flags; + + uint32 netbios_ptr; + uint32 dnsname_ptr; + uint32 forestname_ptr; + + GUID domain_guid; + + UNISTR2 netbios_domain; + /* these 2 might be reversed in order. I can't tell from + my tests as both values are the same --jerry */ + UNISTR2 dns_domain; + UNISTR2 forest_domain; +} DSROLE_PRIMARY_DOMAIN_INFO_BASIC; + +typedef struct +{ + DSROLE_PRIMARY_DOMAIN_INFO_BASIC *basic; +} DS_DOMINFO_CTR; + +/* info levels for ds_getprimdominfo() */ + +#define DsRolePrimaryDomainInfoBasic 1 + + +/* DS_Q_GETPRIMDOMINFO - DsGetPrimaryDomainInformation() request */ +typedef struct +{ + uint16 level; +} DS_Q_GETPRIMDOMINFO; + +/* DS_R_GETPRIMDOMINFO - DsGetPrimaryDomainInformation() response */ +typedef struct +{ + uint32 ptr; + + uint16 level; + uint16 unknown0; /* 0x455c -- maybe just alignment? */ + + DS_DOMINFO_CTR info; + + NTSTATUS status; +} DS_R_GETPRIMDOMINFO; + + + + +#endif /* _RPC_DS_H */ diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c new file mode 100644 index 0000000000..d6985bf876 --- /dev/null +++ b/source3/rpc_client/cli_ds.c @@ -0,0 +1,63 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + Copyright (C) Gerald Carter 2002, + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* implementations of client side DsXXX() functions */ + +NTSTATUS cli_ds_getprimarydominfo( struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint16 level, DS_DOMINFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + DS_Q_GETPRIMDOMINFO q; + DS_R_GETPRIMDOMINFO r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + q.level = level; + + if (!ds_io_q_getprimdominfo("", &q, &qbuf, 0) + || !rpc_api_pipe_req(cli, DS_GETPRIMDOMINFO, &qbuf, &rbuf)) + { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!ds_io_r_getprimdominfo("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + memcpy( ctr, &r.info, sizeof(DS_DOMINFO_CTR) ); + result = r.status; + +done: + return result; +} + diff --git a/source3/rpc_parse/parse_ds.c b/source3/rpc_parse/parse_ds.c new file mode 100644 index 0000000000..ec5ea45cc8 --- /dev/null +++ b/source3/rpc_parse/parse_ds.c @@ -0,0 +1,113 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Gerald Carter 2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +static BOOL ds_io_dominfobasic( char *desc, prs_struct *ps, int depth, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **basic) +{ + DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic; + + if ( UNMARSHALLING(ps) ) + p = *basic = (DSROLE_PRIMARY_DOMAIN_INFO_BASIC *)prs_alloc_mem(ps, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC)); + + if ( !p ) + return False; + + if ( !prs_uint16("machine_role", ps, depth, &p->machine_role) ) + return False; + if ( !prs_uint16("unknown", ps, depth, &p->unknown) ) + return False; + + if ( !prs_uint32("flags", ps, depth, &p->flags) ) + return False; + + if ( !prs_uint32("netbios_ptr", ps, depth, &p->netbios_ptr) ) + return False; + if ( !prs_uint32("dnsname_ptr", ps, depth, &p->dnsname_ptr) ) + return False; + if ( !prs_uint32("forestname_ptr", ps, depth, &p->forestname_ptr) ) + return False; + + if ( !prs_uint8s(False, "domain_guid", ps, depth, p->domain_guid.info, GUID_SIZE) ) + return False; + + if ( !smb_io_unistr2( "netbios_domain", &p->netbios_domain, p->netbios_ptr, ps, depth) ) + return False; + if ( !smb_io_unistr2( "dns_domain", &p->dns_domain, p->dnsname_ptr, ps, depth) ) + return False; + if ( !smb_io_unistr2( "forest_domain", &p->forest_domain, p->forestname_ptr, ps, depth) ) + return False; + + return True; + +} + +BOOL ds_io_q_getprimdominfo( char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "ds_io_q_getprimdominfo"); + depth++; + + if(!prs_align(ps)) + return False; + + if ( !prs_uint16( "level", ps, depth, &q_u->level ) ) + return False; + + return True; +} + +BOOL ds_io_r_getprimdominfo( char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_struct *ps, int depth) +{ + prs_debug(ps, depth, desc, "ds_io_r_getprimdominfo"); + depth++; + + if(!prs_align(ps)) + return False; + + if ( !prs_uint32( "ptr", ps, depth, &r_u->ptr ) ) + return False; + + if ( r_u->ptr ) + { + if ( !prs_uint16( "level", ps, depth, &r_u->level ) ) + return False; + + if ( !prs_uint16( "unknown0", ps, depth, &r_u->unknown0 ) ) + return False; + + switch ( r_u->level ) + { + case DsRolePrimaryDomainInfoBasic: + if ( !ds_io_dominfobasic( "dominfobasic", ps, depth, &r_u->info.basic ) ) + return False; + break; + default: + return False; + } + } + + if ( !prs_align(ps) ) + return False; + + if ( !prs_ntstatus("status", ps, depth, &r_u->status ) ) + return False; + + return True; +} diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_ds.c new file mode 100644 index 0000000000..9a2114e07e --- /dev/null +++ b/source3/rpcclient/cmd_ds.c @@ -0,0 +1,59 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + + Copyright (C) Gerald Carter 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "rpcclient.h" + +/* Look up domain related information on a remote host */ + +static NTSTATUS cmd_ds_dsrole_getprimarydominfo(struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, + char **argv) +{ + NTSTATUS result; + DS_DOMINFO_CTR ctr; + + result = cli_ds_getprimarydominfo( cli, mem_ctx, DsRolePrimaryDomainInfoBasic, &ctr ); + if ( NT_STATUS_IS_OK(result) ) + { + printf ("Machine Role = [%d]\n", ctr.basic->machine_role); + + if ( ctr.basic->flags & DSROLE_PRIMARY_DS_RUNNING ) { + printf( "Directory Service is running.\n"); + printf( "Domain is in %s mode.\n", (ctr.basic->flags & DSROLE_PRIMARY_DS_MIXED_MODE) ? "mized" : "native" ); + } + else + printf( "Directory Service not running on server\n"); + } + + return result; +} + +/* List of commands exported by this module */ + +struct cmd_set ds_commands[] = { + + { "LSARPC-DS" }, + + { "dsroledominfo", cmd_ds_dsrole_getprimarydominfo, PI_LSARPC_DS, "Get Primary Domain Information", "" }, + + { NULL } +}; |