summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcvs2svn Import User <samba-bugs@samba.org>2002-10-04 19:11:37 +0000
committercvs2svn Import User <samba-bugs@samba.org>2002-10-04 19:11:37 +0000
commit326a429d4665130980e1f77cc2c6e65835fdb235 (patch)
treecbde7e96bdd0139c7b05c91bbeff4f567f5312b4
parent36ef82a52953384acedbd51f54ded9357fa8ca3e (diff)
parentd2ea6d5ae759bd2c842b5836d778b5a52b8af477 (diff)
downloadsamba-326a429d4665130980e1f77cc2c6e65835fdb235.tar.gz
samba-326a429d4665130980e1f77cc2c6e65835fdb235.tar.bz2
samba-326a429d4665130980e1f77cc2c6e65835fdb235.zip
This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to be commit 7950dfc795568798e8ede784b4e8b927be0add49)
-rw-r--r--docs/docbook/devdoc/sam.sgml357
-rw-r--r--docs/docbook/faq/clientapp.sgml101
-rw-r--r--docs/docbook/faq/general.sgml168
-rw-r--r--docs/docbook/faq/install.sgml330
-rw-r--r--docs/docbook/projdoc/ADS-HOWTO.sgml195
-rw-r--r--docs/faq/clientapp.html257
-rw-r--r--docs/faq/errors.html307
-rw-r--r--docs/faq/general.html450
-rw-r--r--docs/faq/install.html525
-rw-r--r--docs/faq/samba-faq.html328
-rw-r--r--docs/htmldocs/Samba-HOWTO.html1440
-rw-r--r--source3/include/rpc_ds.h91
-rw-r--r--source3/rpc_client/cli_ds.c63
-rw-r--r--source3/rpc_parse/parse_ds.c113
-rw-r--r--source3/rpcclient/cmd_ds.c59
15 files changed, 4784 insertions, 0 deletions
diff --git a/docs/docbook/devdoc/sam.sgml b/docs/docbook/devdoc/sam.sgml
new file mode 100644
index 0000000000..654bd5fe9c
--- /dev/null
+++ b/docs/docbook/devdoc/sam.sgml
@@ -0,0 +1,357 @@
+<chapter id="sam">
+
+<chapterinfo>
+ <author>
+ <firstname>Andrew</firstname><surname>Bartlett</surname>
+ </author>
+ <pubdate>1 October 2002</pubdate>
+</chapterinfo>
+
+<title>The Upcoming SAM System</title>
+
+<sect1>
+<title>Security in the 'new SAM'</title>
+
+<para>One of the biggest problems with passdb is it's implementation of
+'security'. Access control is on a 'are you root at the moment' basis,
+and it has no concept of NT ACLs. Things like ldapsam had to add
+'magic' 'are you root' checks.</para>
+
+<para>We took this very seriously when we started work, and the new structure
+is designed with this in mind, from the ground up. Each call to the SAM
+has a NT_TOKEN and (if relevant) an 'access desired'. This is either
+provided as a parameter, or implicitly supplied by the object being
+accessed.</para>
+
+<para>
+For example, when you call
+</para>
+
+<programlisting><
+NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const
+NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain,
+const char *name, SAM_ACCOUNT_HANDLE **account)
+</programlisting>
+
+<para>
+The context can be NULL (and is used to allow import/export by setting
+up 2 contexts, and allowing calls on both simultaneously)
+</para>
+
+<para>
+The access token *must* be specified. Normally the user's token out of
+current_user, this can also be a global 'system' context.
+</para>
+
+<para>
+The access desired is as per the ACL, for passing to the seaccess stuff.
+</para>
+
+<para>
+The domain/username are standard. Even if we only have one domain,
+keeping this ensures that we don't get 'unqualified' usernames (same
+problem as we had with unqualified SIDs).
+</para>
+
+<para>
+We return a 'handle'. This is opaque to the rest of Samba, but is
+operated on by get/set routines, all of which return NTSTATUS.
+</para>
+
+<para>
+The access checking is done by the SAM module. The reason it is not
+done 'above' the interface is to ensure a 'choke point'. I put a lot of
+effort into the auth subsystem to ensure we never 'accidentally' forgot
+to check for null passwords, missed a restriction etc. I intend the SAM
+to be written with the same caution.
+</para>
+
+<para>
+The reason the access checking is not handled by the interface itself is
+due to the different implementations it make take on. For example, on
+ADS, you cannot set a password over a non-SSL connection. Other
+backends may have similar requirements - we need to leave this policy up
+to the modules. They will naturally have access to 'helper' procedures
+and good examples to avoid mishaps.
+</para>
+
+<para>
+(Furthermore, some backends my actually chose to push the whole ACL
+issue to the remote server, and - assuming ldap for this example - bind
+as the user directly)
+</para>
+
+<para>
+Each returned handle has an internal 'access permitted', which allows
+the 'get' and 'set' routines to return 'ACCESS_DENIED' for things that
+were not able to be retrieved from the backend. This removes the need
+to specify the NT_TOKEN on every operation, and allows for 'object not
+present' to be easily distinguished from 'access denied'.
+</para>
+
+<para>
+When you 'set' an object (calling sam_update_account) the internal
+details are again used. Each change that has been made to the object
+has been flagged, so as to avoid race conditions (on unmodified
+components) and to avoid violating any extra ACL requirements on the
+actual data store (like the LDAP server).
+</para>
+
+<para>
+Finally, we have generic get_sec_desc() and set_sec_desc() routines to
+allow external ACL manipulation. These do lookups based on SID.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Standalone from UNIX</title>
+
+<para>
+One of the primary tenants of the 'new SAM' is that it would not attempt
+to deal with 'what unix id for that'. This would be left to the 'SMS'
+(Sid Mapping System') or SID farm, and probably administered via
+winbind. We have had constructive discussion on how 'basic' unix
+accounts like 'root' would be handled, and we think this can work.
+Accounts not preexisting in unix would be served up via winbind.
+</para>
+
+<para>
+This is an *optional* part, and my preferred end-game. We have a fare
+way to go before things like winbind up to it however.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Handles and Races in the new SAM</title>
+
+<para>
+One of the things that the 'new SAM' work has tried to face is both
+compatibility with existing code, and a closer alignment to the SAMR
+interface. I consider SAMR to be a 'primary customer' to the this work,
+because if we get alignment with that wrong, things get more, rather
+than less complex. Also, most other parts of Samba are much more
+flexible with what they can allow.
+</para>
+
+<para>
+In any case, that was a decision taken as to how the general design
+would progress. BTW, my understanding of SAMR may be completely flawed.
+</para>
+
+<para>
+One of the most race-prone areas of the new code is the conflicting
+update problem. We have taken two approaches:
+</para>
+
+<itemizedlist>
+<listitem>
+<para>'Not conflicting' conflicts. Due to the way usrmgr operates, it will
+open a user, display all the properties and *save* them all, even if you
+don't change any.
+</para>
+
+<para>
+For this, see what I've done in rpc_server/srv_samr_util.c. I intend
+to take this one step further, and operate on the 'handle' that the
+values were read from. This should mean that we only update things that
+have *really* changed.
+</para>
+</listitem>
+
+<listitem>
+<para>
+'conflicting' updates: Currently we don't deal with this (in passdb
+or the new sam stuff), but the design is sufficiently flexible to 'deny'
+a second update. I don't foresee locking records however.
+</para>
+</listitem>
+</itemizedlist>
+
+</sect1>
+
+<sect1>
+<title>Layers</title>
+
+<sect2>
+<title>Application</title>
+
+<para>
+This is where smbd, samtest and whatever end-user replacement we have
+for pdbedit sits. They use only the SAM interface, and do not get
+'special knowledge' of what is below them.
+</para>
+
+<sect2>
+<title>SAM Interface</title>
+
+<para>
+This level 'owns' the various handle structures, the get/set routines on
+those structures and provides the public interface. The application
+layer may initialize a 'context' to be passed to all interface routines,
+else a default, self-initialising context will be supplied. This layser
+finds the appropriate backend module for the task, and tries very hard
+not to need to much 'knowledge'. It should just provide the required
+abstraction to the modules below, and arrange for their initial loading.
+</para>
+
+<para>
+We could possibly add ACL checking at this layer, to avoid discrepancies
+in implementation modules.
+</para>
+
+</sect2>
+
+<sect2>
+<title>SAM Modules</title>
+
+<para>
+These do not communicate with the application directly, only by setting
+values in the handles, and receiving requests from the interface. These
+modules are responsible for translating values from the handle's
+.private into (say) an LDAP modification list. The module is expected
+to 'know' things like it's own domain SID, domain name, and any other
+state attached to the SAM. Simpler modules may call back to some helper
+routine.
+</para>
+
+</sect2>
+</sect1>
+
+<sect1>
+<title>SAM Modules</title>
+
+<sect2>
+<title>Special Module: sam_passdb</title>
+
+<para>
+In order for there to be a smooth transition, kai is writing a module
+that reads existing passdb backends, and translates them into SAM
+replies. (Also pulling data from the account policy DB etc). We also
+intend to write a module that does the reverse - gives the SAM a passdb
+interface.
+</para>
+</sect2>
+
+<sect2>
+<title>sam_ads</title>
+<para>
+This is the first of the SAM modules to be committed to the tree -
+mainly because I needed to coordinate work with metze (who authored most
+of it). This module aims to use Samba's libads code to provide an
+Active Directory LDAP client, suitable for use on a mixed-mode DC.
+While it is currently being tested against Win2k servers (with a
+password in the smb.conf file) it is expected to eventually use a
+(possibly modified) OpenLDAP server. We hope that this will assist in
+the construction of an Samba AD DC.
+</para>
+
+<para>
+We also intend to construct a Samba 2.2/3.0 compatible ldap module,
+again using libads code.
+</para>
+</sect2>
+</sect1>
+
+<sect1>
+<title>Memory Management</title>
+
+<para>
+The 'new SAM' development effort also concerned itself with getting a
+sane implementation of memory management. It was decided that we would
+be (as much as possible) talloc based, using an 'internal talloc
+context' on many objects. That is, the creation of an object would
+initiate it's own internal talloc context, and this would be used for
+all operations on that object. Much of this is already implemented in
+passdb. Also, like passdb, it will be possible to specify that some
+object actually be created on a specified context.
+</para>
+
+<para>
+Memory management is important here because the APIs in the 'new SAM' do
+not use 'pdb_init()' or an equivalent. They always allocate new
+objects. Enumeration's are slightly different, and occur on a supplied
+context that 'owns' the entire list, rather than per-element. (the
+enumeration functions return an array of all elements - not full handles
+just basic (and public) info) Likewise for things that fill in a char
+**.
+</para>
+
+<para>For example:</para>
+
+<para><programlisting>
+NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN
+*access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name,
+uint32 *type)
+</programlisting></para>
+
+<para>Takes a context to allocate the 'name' on, while:</para>
+
+<para><programlisting>
+NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const
+NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID
+*accountsid, SAM_ACCOUNT_HANDLE **account)
+</programlisting></para>
+
+<para>Allocates a handle and stores the allocation context on that handle.</para>
+
+<para>I think that the following:</para>
+
+<para><programlisting>
+NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const
+NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl,
+int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
+</programlisting></para>
+
+</sect1>
+
+<sect1>
+<title>Testing</title>
+
+<para>
+Testing is vital in any piece of software, and Samba is certainly no
+exception. In designing this new subsystem, we have taken care to ensure
+it is easily tested, independent of outside protocols.
+</para>
+
+<para>
+To this end, Jelmer has constructed 'samtest'.
+</para>
+
+<para>
+This utility (see torture/samtest.c) is structured like rpcclient, but
+instead operates on the SAM subsystem. It creates a 'custom' SAM
+context, that may be distinct from the default values used by the rest
+of the system, and can load a separate configuration file.
+</para>
+
+<para>
+A small number of commands are currently implemented, but these have
+already proved vital in testing. I expect SAM module authors will find
+it particularly valuable.
+</para>
+
+<para>Example useage:</para>
+
+<para><prompt>$</prompt> <command>bin/samtest</command></para>
+
+<para><programlisting>
+> context ads:ldap://192.168.1.96
+</programlisting>
+(this loads a new context, using the new ADS module. The parameter is
+the 'location' of the ldap server)
+</para>
+
+<para><programlisting>
+> lookup_name DOMAIN abartlet
+</programlisting>
+(returns a sid).
+</para>
+
+<para>
+Because the 'new SAM' is NT ACL based, there will be a command to
+specify an arbitrary NT ACL, but for now it uses 'system' by default.
+</para>
+</sect1>
+</chapter>
diff --git a/docs/docbook/faq/clientapp.sgml b/docs/docbook/faq/clientapp.sgml
new file mode 100644
index 0000000000..6d687bf772
--- /dev/null
+++ b/docs/docbook/faq/clientapp.sgml
@@ -0,0 +1,101 @@
+<chapter id="ClientApp">
+<title>Specific client application problems</title>
+
+<sect1>
+<title>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</title>
+<para>
+When installing MS Office on a Samba drive for which you have admin
+user permissions, ie. admin users = username, you will find the
+setup program unable to complete the installation.
+</para>
+
+<para>
+To get around this problem, do the installation without admin user
+permissions The problem is that MS Office Setup checks that a file is
+rdonly by trying to open it for writing.
+</para>
+
+<para>
+Admin users can always open a file for writing, as they run as root.
+You just have to install as a non-admin user and then use "chown -R"
+to fix the owner.
+</para>
+
+</sect1>
+
+<sect1>
+<title>How to use a Samba share as an administrative share for MS Office, etc.</title>
+
+<para>
+Microsoft Office products can be installed as an administrative installation
+from which the application can either be run off the administratively installed
+product that resides on a shared resource, or from which that product can be
+installed onto workstation clients.
+</para>
+
+<para>
+The general mechanism for implementing an adminstrative installation involves
+running <command>X:\setup /A</command>, where X is the drive letter of either CDROM or floppy.
+</para>
+
+<para>
+This installation process will NOT install the product for use per se, but
+rather results in unpacking of the compressed distribution files into a target
+shared folder. For this process you need write privilidge to the share and it
+is desirable to enable file locking and share mode operation during this
+process.
+</para>
+
+<para>
+Subsequent installation of MS Office from this share will FAIL unless certain
+precautions are taken. This failure will be caused by share mode operation
+which will prevent the MS Office installation process from re-opening various
+dynamic link library files and will cause sporadic file not found problems.
+</para>
+
+<itemizedlist>
+<listitem><para>
+As soon as the administrative installation (unpacking) has completed
+set the following parameters on the share containing it:
+</para>
+
+<para><programlisting>
+ [MSOP95]
+ path = /where_you_put_it
+ comment = Your comment
+ volume = "The_CD_ROM_Label"
+ read only = yes
+ available = yes
+ share modes = no
+ locking = no
+ browseable = yes
+ public = yes
+</programlisting></para>
+
+</listitem>
+
+<listitem>
+<para>Now you are ready to run the setup program from the Microsoft Windows
+workstation as follows: <command>\\"Server_Name"\MSOP95\msoffice\setup</command>
+</para>
+</listitem>
+</itemizedlist>
+
+</sect1>
+
+<sect1>
+<title>Microsoft Access database opening errors</title>
+
+<para>
+Here are some notes on running MS-Access on a Samba drive from <ulink url="stefank@esi.com.au">Stefan Kjellberg</ulink>
+</para>
+
+<para><simplelist>
+<member>Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.</member>
+<member>Make sure that you open the database as 'shared' and to 'lock modified records'</member>
+<member>Of course locking must be enabled for the particular share (smb.conf)</member>
+</simplelist>
+</para>
+
+</sect1>
+</chapter>
diff --git a/docs/docbook/faq/general.sgml b/docs/docbook/faq/general.sgml
new file mode 100644
index 0000000000..5111e69bec
--- /dev/null
+++ b/docs/docbook/faq/general.sgml
@@ -0,0 +1,168 @@
+<chapter id="general">
+<title>General Information</title>
+
+<sect1>
+<title>Where can I get it?</title>
+<para>
+The Samba suite is available at the <ulink url="http://samba.org/">samba website</ulink>.
+</sect1>
+
+<sect1>
+<title>What do the version numbers mean?</title>
+<para>
+It is not recommended that you run a version of Samba with the word
+"alpha" in its name unless you know what you are doing and are willing
+to do some debugging. Many, many people just get the latest
+recommended stable release version and are happy. If you are brave, by
+all means take the plunge and help with the testing and development -
+but don't install it on your departmental server. Samba is typically
+very stable and safe, and this is mostly due to the policy of many
+public releases.
+</para>
+
+<para>
+How the scheme works:
+<simplelist>
+<member>When major changes are made the version number is increased. For
+example, the transition from 1.9.15 to 1.9.16. However, this version
+number will not appear immediately and people should continue to use
+1.9.15 for production systems (see next point.)</member>
+
+<member>Just after major changes are made the software is considered
+unstable, and a series of alpha releases are distributed, for example
+1.9.16alpha1. These are for testing by those who know what they are
+doing. The "alpha" in the filename will hopefully scare off those who
+are just looking for the latest version to install.</member>
+
+<member>When Andrew thinks that the alphas have stabilised to the point
+where he would recommend new users install it, he renames it to the
+same version number without the alpha, for example 1.9.16.</member>
+
+<member>Inevitably bugs are found in the "stable" releases and minor patch
+levels are released which give us the pXX series, for example 1.9.16p2.</member>
+</simplelist>
+
+<para>
+So the progression goes:
+
+<programlisting>
+1.9.15p7 (production)
+1.9.15p8 (production)
+1.9.16alpha1 (test sites only)
+:
+1.9.16alpha20 (test sites only)
+1.9.16 (production)
+1.9.16p1 (production)
+</programlisting>
+</para>
+
+<para>
+The above system means that whenever someone looks at the samba ftp
+site they will be able to grab the highest numbered release without an
+alpha in the name and be sure of getting the current recommended
+version.
+</para>
+
+</sect1>
+
+<sect1>
+<title>What platforms are supported?</title>
+<para>
+Many different platforms have run Samba successfully. The platforms
+most widely used and thus best tested are Linux and SunOS.</para>
+
+<para>
+At time of writing, there is support (or has been support for in earlier
+versions):
+</para>
+
+<simplelist>
+<member>A/UX 3.0</member>
+<member>AIX</member>
+<member>Altos Series 386/1000</member>
+<member>Amiga</member>
+<member>Apollo Domain/OS sr10.3</member>
+<member>BSDI </member>
+<member>B.O.S. (Bull Operating System)</member>
+<member>Cray, Unicos 8.0</member>
+<member>Convex</member>
+<member>DGUX. </member>
+<member>DNIX.</member>
+<member>FreeBSD</member>
+<member>HP-UX</member>
+<member>Intergraph. </member>
+<member>Linux with/without shadow passwords and quota</member>
+<member>LYNX 2.3.0</member>
+<member>MachTen (a unix like system for Macintoshes)</member>
+<member>Motorola 88xxx/9xx range of machines</member>
+<member>NetBSD</member>
+<member>NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</member>
+<member>OS/2 using EMX 0.9b</member>
+<member>OSF1</member>
+<member>QNX 4.22</member>
+<member>RiscIX. </member>
+<member>RISCOs 5.0B</member>
+<member>SEQUENT. </member>
+<member>SCO (including: 3.2v2, European dist., OpenServer 5)</member>
+<member>SGI.</member>
+<member>SMP_DC.OSx v1.1-94c079 on Pyramid S series</member>
+<member>SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</member>
+<member>SUNOS 4</member>
+<member>SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</member>
+<member>Sunsoft ISC SVR3V4</member>
+<member>SVR4</member>
+<member>System V with some berkely extensions (Motorola 88k R32V3.2).</member>
+<member>ULTRIX.</member>
+<member>UNIXWARE</member>
+<member>UXP/DS</member>
+</simplelist>
+
+</sect1>
+
+<sect1>
+<title>How do I subscribe to the Samba Mailing Lists?</title>
+<para>
+Look at <ulink url="http://samba.org/samba/archives.html">the samba mailing list page</ulink>
+</para>
+</sect1>
+
+<sect1>
+<title>Pizza supply details</title>
+<para>
+Those who have registered in the Samba survey as "Pizza Factory" will
+already know this, but the rest may need some help. Andrew doesn't ask
+for payment, but he does appreciate it when people give him
+pizza. This calls for a little organisation when the pizza donor is
+twenty thousand kilometres away, but it has been done.
+<?para>
+
+<para>
+Method 1: Ring up your local branch of an international pizza chain
+and see if they honour their vouchers internationally. Pizza Hut do,
+which is how the entire Canberra Linux Users Group got to eat pizza
+one night, courtesy of someone in the US.
+</para>
+
+<para>
+Method 2: Ring up a local pizza shop in Canberra and quote a credit
+card number for a certain amount, and tell them that Andrew will be
+collecting it (don't forget to tell him.) One kind soul from Germany
+did this.
+</para>
+
+<para>
+Method 3: Purchase a pizza voucher from your local pizza shop that has
+no international affiliations and send it to Andrew. It is completely
+useless but he can hang it on the wall next to the one he already has
+from Germany :-)
+</para>
+
+<para>
+Method 4: Air freight him a pizza with your favourite regional
+flavours. It will probably get stuck in customs or torn apart by
+hungry sniffer dogs but it will have been a noble gesture.
+</para>
+
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/faq/install.sgml b/docs/docbook/faq/install.sgml
new file mode 100644
index 0000000000..288e3a5f32
--- /dev/null
+++ b/docs/docbook/faq/install.sgml
@@ -0,0 +1,330 @@
+<chapter id="Install">
+<title>Compiling and installing Samba on a Unix host</title>
+
+<sect1>
+<title>I can't see the Samba server in any browse lists!</title>
+<para>
+See Browsing.html in the docs directory of the samba source
+for more information on browsing.
+</para>
+
+<para>
+If your GUI client does not permit you to select non-browsable
+servers, you may need to do so on the command line. For example, under
+Lan Manager you might connect to the above service as disk drive M:
+thusly:
+<programlisting>
+ net use M: \\mary\fred
+</programlisting>
+The details of how to do this and the specific syntax varies from
+client to client - check your client's documentation.
+</para>
+
+<sect1>
+<title>Some files that I KNOW are on the server doesn't show up when I view the files from my client!
+<para>See the next question.</para>
+</sect1>
+
+<sect1>
+<title>Some files on the server show up with really wierd filenames when I view the files from my client!</title>
+<para>
+If you check what files are not showing up, you will note that they
+are files which contain upper case letters or which are otherwise not
+DOS-compatible (ie, they are not legal DOS filenames for some reason).
+</para>
+
+<para>
+The Samba server can be configured either to ignore such files
+completely, or to present them to the client in "mangled" form. If you
+are not seeing the files at all, the Samba server has most likely been
+configured to ignore them. Consult the man page smb.conf(5) for
+details of how to change this - the parameter you need to set is
+"mangled names = yes".
+</para>
+</sect1>
+
+<sect1>
+<title>My client reports "cannot locate specified computer" or similar</title>
+<para>
+This indicates one of three things: You supplied an incorrect server
+name, the underlying TCP/IP layer is not working correctly, or the
+name you specified cannot be resolved.
+</para>
+
+<para>
+After carefully checking that the name you typed is the name you
+should have typed, try doing things like pinging a host or telnetting
+to somewhere on your network to see if TCP/IP is functioning OK. If it
+is, the problem is most likely name resolution.
+</para>
+
+<para>
+If your client has a facility to do so, hardcode a mapping between the
+hosts IP and the name you want to use. For example, with Lan Manager
+or Windows for Workgroups you would put a suitable entry in the file
+LMHOSTS. If this works, the problem is in the communication between
+your client and the netbios name server. If it does not work, then
+there is something fundamental wrong with your naming and the solution
+is beyond the scope of this document.
+</para>
+
+<para>
+If you do not have any server on your subnet supplying netbios name
+resolution, hardcoded mappings are your only option. If you DO have a
+netbios name server running (such as the Samba suite's nmbd program),
+the problem probably lies in the way it is set up. Refer to Section
+Two of this FAQ for more ideas.
+</para>
+
+<para>
+By the way, remember to REMOVE the hardcoded mapping before further
+tests :-)
+</para>
+
+</sect1>
+
+<sect1>
+<title>My client reports "cannot locate specified share name" or similar</title>
+<para>
+This message indicates that your client CAN locate the specified
+server, which is a good start, but that it cannot find a service of
+the name you gave.
+</para>
+
+<para>
+The first step is to check the exact name of the service you are
+trying to connect to (consult your system administrator). Assuming it
+exists and you specified it correctly (read your client's docs on how
+to specify a service name correctly), read on:
+</para>
+
+<simplelist>
+<member>Many clients cannot accept or use service names longer than eight characters.</member>
+<member>Many clients cannot accept or use service names containing spaces.</member>
+<member>Some servers (not Samba though) are case sensitive with service names.</member>
+<member>Some clients force service names into upper case.</member>
+</simplelist>
+</sect1>
+
+<sect1>
+<title>Printing doesn't work</title>
+<para>
+Make sure that the specified print command for the service you are
+connecting to is correct and that it has a fully-qualified path (eg.,
+use "/usr/bin/lpr" rather than just "lpr").
+</para>
+
+<para>
+Make sure that the spool directory specified for the service is
+writable by the user connected to the service. In particular the user
+"nobody" often has problems with printing, even if it worked with an
+earlier version of Samba. Try creating another guest user other than
+"nobody".
+</para>
+
+<para>
+Make sure that the user specified in the service is permitted to use
+the printer.
+</para>
+
+<para>
+Check the debug log produced by smbd. Search for the printer name and
+see if the log turns up any clues. Note that error messages to do with
+a service ipc$ are meaningless - they relate to the way the client
+attempts to retrieve status information when using the LANMAN1
+protocol.
+</para>
+
+<para>
+If using WfWg then you need to set the default protocol to TCP/IP, not
+Netbeui. This is a WfWg bug.
+</para>
+
+<para>
+If using the Lanman1 protocol (the default) then try switching to
+coreplus. Also not that print status error messages don't mean
+printing won't work. The print status is received by a different
+mechanism.
+</para>
+
+<sect1>
+<title>My client reports "This server is not configured to list shared resources"</title>
+<para>
+Your guest account is probably invalid for some reason. Samba uses the
+guest account for browsing in smbd. Check that your guest account is
+valid.
+</para>
+
+<para>See also 'guest account' in smb.conf man page.</para>
+
+</sect1>
+
+<sect1>
+<title>Log message "you appear to have a trapdoor uid system" </title>
+<para>
+This can have several causes. It might be because you are using a uid
+or gid of 65535 or -1. This is a VERY bad idea, and is a big security
+hole. Check carefully in your /etc/passwd file and make sure that no
+user has uid 65535 or -1. Especially check the "nobody" user, as many
+broken systems are shipped with nobody setup with a uid of 65535.
+</para>
+
+<para>It might also mean that your OS has a trapdoor uid/gid system :-)</para>
+
+<para>
+This means that once a process changes effective uid from root to
+another user it can't go back to root. Unfortunately Samba relies on
+being able to change effective uid from root to non-root and back
+again to implement its security policy. If your OS has a trapdoor uid
+system this won't work, and several things in Samba may break. Less
+things will break if you use user or server level security instead of
+the default share level security, but you may still strike
+problems.
+</para>
+
+<para>
+The problems don't give rise to any security holes, so don't panic,
+but it does mean some of Samba's capabilities will be unavailable.
+In particular you will not be able to connect to the Samba server as
+two different uids at once. This may happen if you try to print as a
+"guest" while accessing a share as a normal user. It may also affect
+your ability to list the available shares as this is normally done as
+the guest user.
+</para>
+
+<para>
+Complain to your OS vendor and ask them to fix their system.
+</para>
+
+<para>
+Note: the reason why 65535 is a VERY bad choice of uid and gid is that
+it casts to -1 as a uid, and the setreuid() system call ignores (with
+no error) uid changes to -1. This means any daemon attempting to run
+as uid 65535 will actually run as root. This is not good!
+</para>
+
+</sect1>
+
+<sect1>
+<title>Why are my file's timestamps off by an hour, or by a few hours?</title>
+<para>
+This is from Paul Eggert eggert@twinsun.com.
+</para>
+
+<para>
+Most likely it's a problem with your time zone settings.
+</para>
+
+<para>
+Internally, Samba maintains time in traditional Unix format,
+namely, the number of seconds since 1970-01-01 00:00:00 Universal Time
+(or ``GMT''), not counting leap seconds.
+</para>
+
+<para>
+On the server side, Samba uses the Unix TZ variable to convert
+internal timestamps to and from local time. So on the server side, there are
+two things to get right.
+<simplelist>
+<member>The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this.</member>
+<member>The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.</member>
+</simplelist>
+</para>
+
+<para>TZ must have the correct value.</para>
+
+<para>
+If possible, use geographical time zone settings
+(e.g. TZ='America/Los_Angeles' or perhaps
+ TZ=':US/Pacific'). These are supported by most
+popular Unix OSes, are easier to get right, and are
+more accurate for historical timestamps. If your
+operating system has out-of-date tables, you should be
+able to update them from the public domain time zone
+tables at <ulink url="ftp://elsie.nci.nih.gov/pub/">ftp://elsie.nci.nih.gov/pub/</ulink>.
+</para>
+
+<para>If your system does not support geographical timezone
+settings, you must use a Posix-style TZ strings, e.g.
+TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time.
+Posix TZ strings can take the following form (with optional
+ items in brackets):
+<programlisting>
+ StdOffset[Dst[Offset],Date/Time,Date/Time]
+</programlisting>
+ where:
+</para>
+
+<para><simplelist>
+<member>`Std' is the standard time designation (e.g. `PST').</member>
+<member>`Offset' is the number of hours behind UTC (e.g. `8').
+Prepend a `-' if you are ahead of UTC, and
+append `:30' if you are at a half-hour offset.
+Omit all the remaining items if you do not use
+daylight-saving time.</member>
+
+<member>`Dst' is the daylight-saving time designation
+(e.g. `PDT').</member>
+
+<member>The optional second `Offset' is the number of
+hours that daylight-saving time is behind UTC.
+The default is 1 hour ahead of standard time.
+</member>
+
+<member>`Date/Time,Date/Time' specify when daylight-saving
+time starts and ends. The format for a date is
+`Mm.n.d', which specifies the dth day (0 is Sunday)
+of the nth week of the mth month, where week 5 means
+the last such day in the month. The format for a
+time is [h]h[:mm[:ss]], using a 24-hour clock.
+</member>
+
+</simplelist>
+</para>
+
+<para>
+Other Posix string formats are allowed but you don't want
+to know about them.</para>
+
+<para>
+On the client side, you must make sure that your client's clock and
+time zone is also set appropriately. [[I don't know how to do this.]]
+Samba traditionally has had many problems dealing with time zones, due
+to the bizarre ways that Microsoft network protocols handle time
+zones.
+</para>
+
+<sect1>
+<title>How do I set the printer driver name correctly?</title>
+<para>Question:<para>
+<quote> On NT, I opened "Printer Manager" and "Connect to Printer".
+ Enter ["\\ptdi270\ps1"] in the box of printer. I got the
+ following error message
+ </quote>
+ <para>
+ <programlisting>
+ You do not have sufficient access to your machine
+ to connect to the selected printer, since a driver
+ needs to be installed locally.
+ </programlisting>
+ </para>
+
+ <para>Answer:</para>
+
+ <para>In the more recent versions of Samba you can now set the "printer
+driver" in smb.conf. This tells the client what driver to use. For
+example:</para>
+<para><programlisting>
+ printer driver = HP LaserJet 4L
+</programlisting></para>
+<para>With this, NT knows to use the right driver. You have to get this string
+exactly right.</para>
+
+<para>To find the exact string to use, you need to get to the dialog box in
+your client where you select which printer driver to install. The
+correct strings for all the different printers are shown in a listbox
+in that dialog box.</para>
+
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml
new file mode 100644
index 0000000000..0d2fda5f78
--- /dev/null
+++ b/docs/docbook/projdoc/ADS-HOWTO.sgml
@@ -0,0 +1,195 @@
+<chapter id="ADS">
+
+<chapterinfo>
+ <author>
+ <firstname>Andrew</firstname><surname>Tridgell</surname>
+ </author>
+ <pubdate>2002</pubdate>
+</chapterinfo>
+
+<title>Using samba 3.0 with ActiveDirectory support</title>
+
+<para>
+This is a VERY ROUGH guide to setting up the current (November 2001)
+pre-alpha version of Samba 3.0 with kerberos authentication against a
+Windows2000 KDC. The procedures listed here are likely to change as
+the code develops.
+</para>
+
+<para>Pieces you need before you begin:
+<simplelist>
+<member>a Windows 2000 server.</member>
+<member>samba 3.0 or higher.</member>
+<member>the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</member>
+<member>the OpenLDAP development libraries.</member>
+</simplelist>
+</para>
+
+<sect1>
+<title>Installing the required packages for Debian</title>
+
+<para>On Debian you need to install the following packages:
+<simplelist>
+<member>libkrb5-dev</member>
+<member>krb5-user</member>
+</simplelist>
+</para>
+</sect1>
+
+<sect1>
+<title>Installing the required packages for RedHat</title>
+
+<para>On RedHat this means you should have at least:
+<simplelist>
+<member>krb5-workstation (for kinit)</member>
+<member>krb5-libs (for linking with)</member>
+<member>krb5-devel (because you are compiling from source)</member>
+</simplelist>
+</para>
+
+<para>in addition to the standard development environment.</para>
+
+<para>Note that these are not standard on a RedHat install, and you may need
+to get them off CD2.</para>
+
+</sect1>
+
+<sect1>
+<title>Compile Samba</title>
+<para>If your kerberos libraries are in a non-standard location then
+ remember to add the configure option --with-krb5=DIR.</para>
+
+<para>After you run configure make sure that include/config.h contains
+ lines like this:</para>
+
+<para><programlisting>
+#define HAVE_KRB5 1
+#define HAVE_LDAP 1
+</programlisting></para>
+
+<para>If it doesn't then configure did not find your krb5 libraries or
+ your ldap libraries. Look in config.log to figure out why and fix
+ it.</para>
+
+<para>Then compile and install Samba as usual. You must use at least the
+ following 3 options in smb.conf:</para>
+
+<para><programlisting>
+ realm = YOUR.KERBEROS.REALM
+ ads server = your.kerberos.server
+ security = ADS
+ encrypt passwords = yes
+</programlisting></para>
+
+<para>Strictly speaking, you can omit the realm name and you can use an IP
+ address for the ads server. In that case Samba will auto-detect these.</para>
+
+<para>You do *not* need a smbpasswd file, although it won't do any harm
+ and if you have one then Samba will be able to fall back to normal
+ password security for older clients. I expect that the above
+ required options will change soon when we get better active
+ directory integration.</para>
+</sect1>
+
+<sect1>
+<title>Setup your /etc/krb5.conf</title>
+
+<para>The minimal configuration for krb5.conf is:</para>
+
+<para><programlisting>
+ [realms]
+ YOUR.KERBEROS.REALM = {
+ kdc = your.kerberos.server
+ }
+</programlisting></para>
+
+<para>Test your config by doing a "kinit USERNAME@REALM" and making sure that
+ your password is accepted by the Win2000 KDC. </para>
+
+<para>NOTE: The realm must be uppercase. </para>
+
+<para>
+You also must ensure that you can do a reverse DNS lookup on the IP
+address of your KDC. Also, the name that this reverse lookup maps to
+must either be the netbios name of the KDC (ie. the hostname with no
+domain attached) or it can alternatively be the netbios name
+followed by the realm.
+</para>
+
+<para>
+The easiest way to ensure you get this right is to add a /etc/hosts
+entry mapping the IP address of your KDC to its netbios name. If you
+don't get this right then you will get a "local error" when you try
+to join the realm.
+</para>
+
+<para>
+If all you want is kerberos support in smbclient then you can skip
+straight to step 5 now. Step 3 is only needed if you want kerberos
+support in smbd.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Create the computer account</title>
+
+<para>
+Do a "kinit" as a user that has authority to change arbitrary
+passwords on the KDC ("Administrator" is a good choice). Then as a
+user that has write permission on the Samba private directory
+(usually root) run:
+<command>net ads join</command>
+</para>
+
+<sect2>
+<title>Possible errors</title>
+
+<para>
+<variablelist>
+<varlistentry><term>"bash: kinit: command not found"</term>
+<listitem><para>kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)</para></listitem></varlistentry>
+<varlistentry><term>"ADS support not compiled in"</term>
+<listitem><para>Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed.</para></listitem></varlistentry>
+</variablelist>
+</para>
+
+</sect2>
+
+</sect1>
+
+<sect1>
+<title>Test your server setup</title>
+
+<para>
+On a Windows 2000 client try <command>net use * \\server\share</command>. You should
+be logged in with kerberos without needing to know a password. If
+this fails then run <command>klist tickets</command>. Did you get a ticket for the
+server? Does it have an encoding type of DES-CBC-MD5 ?
+</para>
+
+</sect1>
+
+<sect1>
+<title>Testing with smbclient</title>
+
+<para>
+On your Samba server try to login to a Win2000 server or your Samba
+server using smbclient and kerberos. Use smbclient as usual, but
+specify the -k option to choose kerberos authentication.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Notes</title>
+
+<para>You must change administrator password at least once after DC install,
+ to create the right encoding types</para>
+
+<para>w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in
+ their defaults DNS setup. Maybe fixed in service packs?</para>
+
+</sect1>
+
+</chapter>
diff --git a/docs/faq/clientapp.html b/docs/faq/clientapp.html
new file mode 100644
index 0000000000..3196fd285e
--- /dev/null
+++ b/docs/faq/clientapp.html
@@ -0,0 +1,257 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Specific client application problems</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="HOME"
+TITLE="Samba FAQ"
+HREF="samba-faq.html"><LINK
+REL="PREVIOUS"
+TITLE="Compiling and installing Samba on a Unix host"
+HREF="install.html"><LINK
+REL="NEXT"
+TITLE="Common errors"
+HREF="errors.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>Samba FAQ</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="install.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="errors.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="CLIENTAPP"
+></A
+>Chapter 3. Specific client application problems</H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN170"
+></A
+>3.1. MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</H1
+><P
+>When installing MS Office on a Samba drive for which you have admin
+user permissions, ie. admin users = username, you will find the
+setup program unable to complete the installation.</P
+><P
+>To get around this problem, do the installation without admin user
+permissions The problem is that MS Office Setup checks that a file is
+rdonly by trying to open it for writing.</P
+><P
+>Admin users can always open a file for writing, as they run as root.
+You just have to install as a non-admin user and then use "chown -R"
+to fix the owner.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN175"
+></A
+>3.2. How to use a Samba share as an administrative share for MS Office, etc.</H1
+><P
+>Microsoft Office products can be installed as an administrative installation
+from which the application can either be run off the administratively installed
+product that resides on a shared resource, or from which that product can be
+installed onto workstation clients.</P
+><P
+>The general mechanism for implementing an adminstrative installation involves
+running <B
+CLASS="COMMAND"
+>X:\setup /A</B
+>, where X is the drive letter of either CDROM or floppy.</P
+><P
+>This installation process will NOT install the product for use per se, but
+rather results in unpacking of the compressed distribution files into a target
+shared folder. For this process you need write privilidge to the share and it
+is desirable to enable file locking and share mode operation during this
+process.</P
+><P
+>Subsequent installation of MS Office from this share will FAIL unless certain
+precautions are taken. This failure will be caused by share mode operation
+which will prevent the MS Office installation process from re-opening various
+dynamic link library files and will cause sporadic file not found problems.</P
+><P
+></P
+><UL
+><LI
+><P
+>As soon as the administrative installation (unpacking) has completed
+set the following parameters on the share containing it:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> [MSOP95]
+ path = /where_you_put_it
+ comment = Your comment
+ volume = "The_CD_ROM_Label"
+ read only = yes
+ available = yes
+ share modes = no
+ locking = no
+ browseable = yes
+ public = yes</PRE
+></P
+></LI
+><LI
+><P
+>Now you are ready to run the setup program from the Microsoft Windows
+workstation as follows: <B
+CLASS="COMMAND"
+>\\"Server_Name"\MSOP95\msoffice\setup</B
+></P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN190"
+></A
+>3.3. Microsoft Access database opening errors</H1
+><P
+>Here are some notes on running MS-Access on a Samba drive from <A
+HREF="stefank@esi.com.au"
+TARGET="_top"
+>Stefan Kjellberg</A
+></P
+><P
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.</TD
+></TR
+><TR
+><TD
+>Make sure that you open the database as 'shared' and to 'lock modified records'</TD
+></TR
+><TR
+><TD
+>Of course locking must be enabled for the particular share (smb.conf)</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></P
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="install.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-faq.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="errors.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Compiling and installing Samba on a Unix host</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Common errors</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/docs/faq/errors.html b/docs/faq/errors.html
new file mode 100644
index 0000000000..b36251ec13
--- /dev/null
+++ b/docs/faq/errors.html
@@ -0,0 +1,307 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Common errors</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="HOME"
+TITLE="Samba FAQ"
+HREF="samba-faq.html"><LINK
+REL="PREVIOUS"
+TITLE="Specific client application problems"
+HREF="clientapp.html"><LINK
+REL="NEXT"
+TITLE="Features"
+HREF="features.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>Samba FAQ</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="clientapp.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="features.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="ERRORS"
+></A
+>Chapter 4. Common errors</H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN201"
+></A
+>4.1. Not listening for calling name</H1
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>Session request failed (131,129) with myname=HOBBES destname=CALVIN
+Not listening for calling name</PRE
+></P
+><P
+>If you get this when talking to a Samba box then it means that your
+global "hosts allow" or "hosts deny" settings are causing the Samba
+server to refuse the connection. </P
+><P
+>Look carefully at your "hosts allow" and "hosts deny" lines in the
+global section of smb.conf. </P
+><P
+>It can also be a problem with reverse DNS lookups not functioning
+correctly, leading to the remote host identity not being able to
+be confirmed, but that is less likely.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN208"
+></A
+>4.2. System Error 1240</H1
+><P
+>System error 1240 means that the client is refusing to talk
+to a non-encrypting server. Microsoft changed WinNT in service
+pack 3 to refuse to connect to servers that do not support
+SMB password encryption.</P
+><P
+>There are two main solutions:
+<P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>enable SMB password encryption in Samba. See the encryption part of
+the samba HOWTO Collection</TD
+></TR
+><TR
+><TD
+>disable this new behaviour in NT. See the section about
+Windows NT in the chapter "Portability" of the samba HOWTO collection</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+>&#13;</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN215"
+></A
+>4.3. smbclient ignores -N !</H1
+><P
+><SPAN
+CLASS="QUOTE"
+>"When getting the list of shares available on a host using the command
+<B
+CLASS="COMMAND"
+>smbclient -N -L</B
+>
+the program always prompts for the password if the server is a Samba server.
+It also ignores the "-N" argument when querying some (but not all) of our
+NT servers."</SPAN
+>&#13;</P
+><P
+>No, it does not ignore -N, it is just that your server rejected the
+null password in the connection, so smbclient prompts for a password
+to try again.</P
+><P
+>To get the behaviour that you probably want use <B
+CLASS="COMMAND"
+>smbclient -L host -U%</B
+></P
+><P
+>This will set both the username and password to null, which is
+an anonymous login for SMB. Using -N would only set the password
+to null, and this is not accepted as an anonymous login for most
+SMB servers.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN224"
+></A
+>4.4. The data on the CD-Drive I've shared seems to be corrupted!</H1
+><P
+>Some OSes (notably Linux) default to auto detection of file type on
+cdroms and do cr/lf translation. This is a very bad idea when use with
+Samba. It causes all sorts of stuff ups.</P
+><P
+>To overcome this problem use conv=binary when mounting the cdrom
+before exporting it with Samba.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN228"
+></A
+>4.5. Why can users access home directories of other users?</H1
+><P
+><SPAN
+CLASS="QUOTE"
+>"We are unable to keep individual users from mapping to any other user's
+home directory once they have supplied a valid password! They only need
+to enter their own password. I have not found *any* method that I can
+use to configure samba to enforce that only a user may map their own
+home directory."</SPAN
+></P
+><P
+><SPAN
+CLASS="QUOTE"
+>"User xyzzy can map his home directory. Once mapped user xyzzy can also map
+*anyone* elses home directory!"</SPAN
+></P
+><P
+>This is not a security flaw, it is by design. Samba allows
+users to have *exactly* the same access to the UNIX filesystem
+as they would if they were logged onto the UNIX box, except
+that it only allows such views onto the file system as are
+allowed by the defined shares.</P
+><P
+>This means that if your UNIX home directories are set up
+such that one user can happily cd into another users
+directory and do an ls, the UNIX security solution is to
+change the UNIX file permissions on the users home directories
+such that the cd and ls would be denied.</P
+><P
+>Samba tries very hard not to second guess the UNIX administrators
+security policies, and trusts the UNIX admin to set
+the policies and permissions he or she desires.</P
+><P
+>Samba does allow the setup you require when you have set the
+"only user = yes" option on the share, is that you have not set the
+valid users list for the share.</P
+><P
+>Note that only user works in conjunction with the users= list,
+so to get the behavior you require, add the line :
+<PRE
+CLASS="PROGRAMLISTING"
+>users = %S</PRE
+>
+this is equivalent to:
+<PRE
+CLASS="PROGRAMLISTING"
+>valid users = %S</PRE
+>
+to the definition of the [homes] share, as recommended in
+the smb.conf man page.</P
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="clientapp.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-faq.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="features.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Specific client application problems</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Features</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/docs/faq/general.html b/docs/faq/general.html
new file mode 100644
index 0000000000..5a42678cb6
--- /dev/null
+++ b/docs/faq/general.html
@@ -0,0 +1,450 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>General Information</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="HOME"
+TITLE="Samba FAQ"
+HREF="samba-faq.html"><LINK
+REL="PREVIOUS"
+TITLE="Samba FAQ"
+HREF="samba-faq.html"><LINK
+REL="NEXT"
+TITLE="Compiling and installing Samba on a Unix host"
+HREF="install.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>Samba FAQ</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="samba-faq.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="install.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="GENERAL"
+></A
+>Chapter 1. General Information</H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN12"
+></A
+>1.1. Where can I get it?</H1
+><P
+>The Samba suite is available at the <A
+HREF="http://samba.org/"
+TARGET="_top"
+>samba website</A
+>.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN16"
+></A
+>1.2. What do the version numbers mean?</H1
+><P
+>It is not recommended that you run a version of Samba with the word
+"alpha" in its name unless you know what you are doing and are willing
+to do some debugging. Many, many people just get the latest
+recommended stable release version and are happy. If you are brave, by
+all means take the plunge and help with the testing and development -
+but don't install it on your departmental server. Samba is typically
+very stable and safe, and this is mostly due to the policy of many
+public releases.</P
+><P
+>How the scheme works:
+<P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>When major changes are made the version number is increased. For
+example, the transition from 1.9.15 to 1.9.16. However, this version
+number will not appear immediately and people should continue to use
+1.9.15 for production systems (see next point.)</TD
+></TR
+><TR
+><TD
+>Just after major changes are made the software is considered
+unstable, and a series of alpha releases are distributed, for example
+1.9.16alpha1. These are for testing by those who know what they are
+doing. The "alpha" in the filename will hopefully scare off those who
+are just looking for the latest version to install.</TD
+></TR
+><TR
+><TD
+>When Andrew thinks that the alphas have stabilised to the point
+where he would recommend new users install it, he renames it to the
+same version number without the alpha, for example 1.9.16.</TD
+></TR
+><TR
+><TD
+>Inevitably bugs are found in the "stable" releases and minor patch
+levels are released which give us the pXX series, for example 1.9.16p2.</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+>&#13;</P
+><P
+>So the progression goes:
+
+<PRE
+CLASS="PROGRAMLISTING"
+>1.9.15p7 (production)
+1.9.15p8 (production)
+1.9.16alpha1 (test sites only)
+:
+1.9.16alpha20 (test sites only)
+1.9.16 (production)
+1.9.16p1 (production)</PRE
+></P
+><P
+>The above system means that whenever someone looks at the samba ftp
+site they will be able to grab the highest numbered release without an
+alpha in the name and be sure of getting the current recommended
+version.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN28"
+></A
+>1.3. What platforms are supported?</H1
+><P
+>Many different platforms have run Samba successfully. The platforms
+most widely used and thus best tested are Linux and SunOS.</P
+><P
+>At time of writing, there is support (or has been support for in earlier
+versions):</P
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>A/UX 3.0</TD
+></TR
+><TR
+><TD
+>AIX</TD
+></TR
+><TR
+><TD
+>Altos Series 386/1000</TD
+></TR
+><TR
+><TD
+>Amiga</TD
+></TR
+><TR
+><TD
+>Apollo Domain/OS sr10.3</TD
+></TR
+><TR
+><TD
+>BSDI </TD
+></TR
+><TR
+><TD
+>B.O.S. (Bull Operating System)</TD
+></TR
+><TR
+><TD
+>Cray, Unicos 8.0</TD
+></TR
+><TR
+><TD
+>Convex</TD
+></TR
+><TR
+><TD
+>DGUX. </TD
+></TR
+><TR
+><TD
+>DNIX.</TD
+></TR
+><TR
+><TD
+>FreeBSD</TD
+></TR
+><TR
+><TD
+>HP-UX</TD
+></TR
+><TR
+><TD
+>Intergraph. </TD
+></TR
+><TR
+><TD
+>Linux with/without shadow passwords and quota</TD
+></TR
+><TR
+><TD
+>LYNX 2.3.0</TD
+></TR
+><TR
+><TD
+>MachTen (a unix like system for Macintoshes)</TD
+></TR
+><TR
+><TD
+>Motorola 88xxx/9xx range of machines</TD
+></TR
+><TR
+><TD
+>NetBSD</TD
+></TR
+><TR
+><TD
+>NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</TD
+></TR
+><TR
+><TD
+>OS/2 using EMX 0.9b</TD
+></TR
+><TR
+><TD
+>OSF1</TD
+></TR
+><TR
+><TD
+>QNX 4.22</TD
+></TR
+><TR
+><TD
+>RiscIX. </TD
+></TR
+><TR
+><TD
+>RISCOs 5.0B</TD
+></TR
+><TR
+><TD
+>SEQUENT. </TD
+></TR
+><TR
+><TD
+>SCO (including: 3.2v2, European dist., OpenServer 5)</TD
+></TR
+><TR
+><TD
+>SGI.</TD
+></TR
+><TR
+><TD
+>SMP_DC.OSx v1.1-94c079 on Pyramid S series</TD
+></TR
+><TR
+><TD
+>SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</TD
+></TR
+><TR
+><TD
+>SUNOS 4</TD
+></TR
+><TR
+><TD
+>SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</TD
+></TR
+><TR
+><TD
+>Sunsoft ISC SVR3V4</TD
+></TR
+><TR
+><TD
+>SVR4</TD
+></TR
+><TR
+><TD
+>System V with some berkely extensions (Motorola 88k R32V3.2).</TD
+></TR
+><TR
+><TD
+>ULTRIX.</TD
+></TR
+><TR
+><TD
+>UNIXWARE</TD
+></TR
+><TR
+><TD
+>UXP/DS</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN71"
+></A
+>1.4. How do I subscribe to the Samba Mailing Lists?</H1
+><P
+>Look at <A
+HREF="http://samba.org/samba/archives.html"
+TARGET="_top"
+>the samba mailing list page</A
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN75"
+></A
+>1.5. Pizza supply details</H1
+><P
+>Those who have registered in the Samba survey as "Pizza Factory" will
+already know this, but the rest may need some help. Andrew doesn't ask
+for payment, but he does appreciate it when people give him
+pizza. This calls for a little organisation when the pizza donor is
+twenty thousand kilometres away, but it has been done.&#13;</P
+><P
+>Method 1: Ring up your local branch of an international pizza chain
+and see if they honour their vouchers internationally. Pizza Hut do,
+which is how the entire Canberra Linux Users Group got to eat pizza
+one night, courtesy of someone in the US.</P
+><P
+>Method 2: Ring up a local pizza shop in Canberra and quote a credit
+card number for a certain amount, and tell them that Andrew will be
+collecting it (don't forget to tell him.) One kind soul from Germany
+did this.</P
+><P
+>Method 3: Purchase a pizza voucher from your local pizza shop that has
+no international affiliations and send it to Andrew. It is completely
+useless but he can hang it on the wall next to the one he already has
+from Germany :-)</P
+><P
+>Method 4: Air freight him a pizza with your favourite regional
+flavours. It will probably get stuck in customs or torn apart by
+hungry sniffer dogs but it will have been a noble gesture.</P
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="samba-faq.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-faq.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="install.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Samba FAQ</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Compiling and installing Samba on a Unix host</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/docs/faq/install.html b/docs/faq/install.html
new file mode 100644
index 0000000000..f9ecac1384
--- /dev/null
+++ b/docs/faq/install.html
@@ -0,0 +1,525 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Compiling and installing Samba on a Unix host</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="HOME"
+TITLE="Samba FAQ"
+HREF="samba-faq.html"><LINK
+REL="PREVIOUS"
+TITLE="General Information"
+HREF="general.html"><LINK
+REL="NEXT"
+TITLE="Specific client application problems"
+HREF="clientapp.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>Samba FAQ</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="general.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="clientapp.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="INSTALL"
+></A
+>Chapter 2. Compiling and installing Samba on a Unix host</H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN84"
+></A
+>2.1. I can't see the Samba server in any browse lists!</H1
+><P
+>See Browsing.html in the docs directory of the samba source
+for more information on browsing.</P
+><P
+>If your GUI client does not permit you to select non-browsable
+servers, you may need to do so on the command line. For example, under
+Lan Manager you might connect to the above service as disk drive M:
+thusly:
+<PRE
+CLASS="PROGRAMLISTING"
+> net use M: \\mary\fred</PRE
+>
+The details of how to do this and the specific syntax varies from
+client to client - check your client's documentation.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN89"
+></A
+>2.2. Some files that I KNOW are on the server doesn't show up when I view the files from my client!</H1
+><P
+>See the next question.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN92"
+></A
+>2.3. Some files on the server show up with really wierd filenames when I view the files from my client!</H1
+><P
+>If you check what files are not showing up, you will note that they
+are files which contain upper case letters or which are otherwise not
+DOS-compatible (ie, they are not legal DOS filenames for some reason).</P
+><P
+>The Samba server can be configured either to ignore such files
+completely, or to present them to the client in "mangled" form. If you
+are not seeing the files at all, the Samba server has most likely been
+configured to ignore them. Consult the man page smb.conf(5) for
+details of how to change this - the parameter you need to set is
+"mangled names = yes".</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN96"
+></A
+>2.4. My client reports "cannot locate specified computer" or similar</H1
+><P
+>This indicates one of three things: You supplied an incorrect server
+name, the underlying TCP/IP layer is not working correctly, or the
+name you specified cannot be resolved.</P
+><P
+>After carefully checking that the name you typed is the name you
+should have typed, try doing things like pinging a host or telnetting
+to somewhere on your network to see if TCP/IP is functioning OK. If it
+is, the problem is most likely name resolution.</P
+><P
+>If your client has a facility to do so, hardcode a mapping between the
+hosts IP and the name you want to use. For example, with Lan Manager
+or Windows for Workgroups you would put a suitable entry in the file
+LMHOSTS. If this works, the problem is in the communication between
+your client and the netbios name server. If it does not work, then
+there is something fundamental wrong with your naming and the solution
+is beyond the scope of this document.</P
+><P
+>If you do not have any server on your subnet supplying netbios name
+resolution, hardcoded mappings are your only option. If you DO have a
+netbios name server running (such as the Samba suite's nmbd program),
+the problem probably lies in the way it is set up. Refer to Section
+Two of this FAQ for more ideas.</P
+><P
+>By the way, remember to REMOVE the hardcoded mapping before further
+tests :-)</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN103"
+></A
+>2.5. My client reports "cannot locate specified share name" or similar</H1
+><P
+>This message indicates that your client CAN locate the specified
+server, which is a good start, but that it cannot find a service of
+the name you gave.</P
+><P
+>The first step is to check the exact name of the service you are
+trying to connect to (consult your system administrator). Assuming it
+exists and you specified it correctly (read your client's docs on how
+to specify a service name correctly), read on:</P
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>Many clients cannot accept or use service names longer than eight characters.</TD
+></TR
+><TR
+><TD
+>Many clients cannot accept or use service names containing spaces.</TD
+></TR
+><TR
+><TD
+>Some servers (not Samba though) are case sensitive with service names.</TD
+></TR
+><TR
+><TD
+>Some clients force service names into upper case.</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN112"
+></A
+>2.6. Printing doesn't work</H1
+><P
+>Make sure that the specified print command for the service you are
+connecting to is correct and that it has a fully-qualified path (eg.,
+use "/usr/bin/lpr" rather than just "lpr").</P
+><P
+>Make sure that the spool directory specified for the service is
+writable by the user connected to the service. In particular the user
+"nobody" often has problems with printing, even if it worked with an
+earlier version of Samba. Try creating another guest user other than
+"nobody".</P
+><P
+>Make sure that the user specified in the service is permitted to use
+the printer.</P
+><P
+>Check the debug log produced by smbd. Search for the printer name and
+see if the log turns up any clues. Note that error messages to do with
+a service ipc$ are meaningless - they relate to the way the client
+attempts to retrieve status information when using the LANMAN1
+protocol.</P
+><P
+>If using WfWg then you need to set the default protocol to TCP/IP, not
+Netbeui. This is a WfWg bug.</P
+><P
+>If using the Lanman1 protocol (the default) then try switching to
+coreplus. Also not that print status error messages don't mean
+printing won't work. The print status is received by a different
+mechanism.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN120"
+></A
+>2.7. My client reports "This server is not configured to list shared resources"</H1
+><P
+>Your guest account is probably invalid for some reason. Samba uses the
+guest account for browsing in smbd. Check that your guest account is
+valid.</P
+><P
+>See also 'guest account' in smb.conf man page.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN124"
+></A
+>2.8. Log message "you appear to have a trapdoor uid system"</H1
+><P
+>This can have several causes. It might be because you are using a uid
+or gid of 65535 or -1. This is a VERY bad idea, and is a big security
+hole. Check carefully in your /etc/passwd file and make sure that no
+user has uid 65535 or -1. Especially check the "nobody" user, as many
+broken systems are shipped with nobody setup with a uid of 65535.</P
+><P
+>It might also mean that your OS has a trapdoor uid/gid system :-)</P
+><P
+>This means that once a process changes effective uid from root to
+another user it can't go back to root. Unfortunately Samba relies on
+being able to change effective uid from root to non-root and back
+again to implement its security policy. If your OS has a trapdoor uid
+system this won't work, and several things in Samba may break. Less
+things will break if you use user or server level security instead of
+the default share level security, but you may still strike
+problems.</P
+><P
+>The problems don't give rise to any security holes, so don't panic,
+but it does mean some of Samba's capabilities will be unavailable.
+In particular you will not be able to connect to the Samba server as
+two different uids at once. This may happen if you try to print as a
+"guest" while accessing a share as a normal user. It may also affect
+your ability to list the available shares as this is normally done as
+the guest user.</P
+><P
+>Complain to your OS vendor and ask them to fix their system.</P
+><P
+>Note: the reason why 65535 is a VERY bad choice of uid and gid is that
+it casts to -1 as a uid, and the setreuid() system call ignores (with
+no error) uid changes to -1. This means any daemon attempting to run
+as uid 65535 will actually run as root. This is not good!</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN132"
+></A
+>2.9. Why are my file's timestamps off by an hour, or by a few hours?</H1
+><P
+>This is from Paul Eggert eggert@twinsun.com.</P
+><P
+>Most likely it's a problem with your time zone settings.</P
+><P
+>Internally, Samba maintains time in traditional Unix format,
+namely, the number of seconds since 1970-01-01 00:00:00 Universal Time
+(or ``GMT''), not counting leap seconds.</P
+><P
+>On the server side, Samba uses the Unix TZ variable to convert
+internal timestamps to and from local time. So on the server side, there are
+two things to get right.
+<P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this.</TD
+></TR
+><TR
+><TD
+>The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></P
+><P
+>TZ must have the correct value.</P
+><P
+>If possible, use geographical time zone settings
+(e.g. TZ='America/Los_Angeles' or perhaps
+ TZ=':US/Pacific'). These are supported by most
+popular Unix OSes, are easier to get right, and are
+more accurate for historical timestamps. If your
+operating system has out-of-date tables, you should be
+able to update them from the public domain time zone
+tables at <A
+HREF="ftp://elsie.nci.nih.gov/pub/"
+TARGET="_top"
+>ftp://elsie.nci.nih.gov/pub/</A
+>.</P
+><P
+>If your system does not support geographical timezone
+settings, you must use a Posix-style TZ strings, e.g.
+TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time.
+Posix TZ strings can take the following form (with optional
+ items in brackets):
+<PRE
+CLASS="PROGRAMLISTING"
+> StdOffset[Dst[Offset],Date/Time,Date/Time]</PRE
+>
+ where:</P
+><P
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>`Std' is the standard time designation (e.g. `PST').</TD
+></TR
+><TR
+><TD
+>`Offset' is the number of hours behind UTC (e.g. `8').
+Prepend a `-' if you are ahead of UTC, and
+append `:30' if you are at a half-hour offset.
+Omit all the remaining items if you do not use
+daylight-saving time.</TD
+></TR
+><TR
+><TD
+>`Dst' is the daylight-saving time designation
+(e.g. `PDT').</TD
+></TR
+><TR
+><TD
+>The optional second `Offset' is the number of
+hours that daylight-saving time is behind UTC.
+The default is 1 hour ahead of standard time.</TD
+></TR
+><TR
+><TD
+>`Date/Time,Date/Time' specify when daylight-saving
+time starts and ends. The format for a date is
+`Mm.n.d', which specifies the dth day (0 is Sunday)
+of the nth week of the mth month, where week 5 means
+the last such day in the month. The format for a
+time is [h]h[:mm[:ss]], using a 24-hour clock.</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></P
+><P
+>Other Posix string formats are allowed but you don't want
+to know about them.</P
+><P
+>On the client side, you must make sure that your client's clock and
+time zone is also set appropriately. [[I don't know how to do this.]]
+Samba traditionally has had many problems dealing with time zones, due
+to the bizarre ways that Microsoft network protocols handle time
+zones. </P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN155"
+></A
+>2.10. How do I set the printer driver name correctly?</H1
+><P
+>Question:</P
+><P
+><SPAN
+CLASS="QUOTE"
+>" On NT, I opened "Printer Manager" and "Connect to Printer".
+ Enter ["\\ptdi270\ps1"] in the box of printer. I got the
+ following error message
+ "</SPAN
+>
+ </P
+><P
+> <PRE
+CLASS="PROGRAMLISTING"
+> You do not have sufficient access to your machine
+ to connect to the selected printer, since a driver
+ needs to be installed locally.
+ </PRE
+>
+ </P
+><P
+>Answer:</P
+><P
+>In the more recent versions of Samba you can now set the "printer
+driver" in smb.conf. This tells the client what driver to use. For
+example:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> printer driver = HP LaserJet 4L</PRE
+></P
+><P
+>With this, NT knows to use the right driver. You have to get this string
+exactly right.</P
+><P
+>To find the exact string to use, you need to get to the dialog box in
+your client where you select which printer driver to install. The
+correct strings for all the different printers are shown in a listbox
+in that dialog box.</P
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="general.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-faq.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="clientapp.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>General Information</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Specific client application problems</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/docs/faq/samba-faq.html b/docs/faq/samba-faq.html
new file mode 100644
index 0000000000..ed74a3be31
--- /dev/null
+++ b/docs/faq/samba-faq.html
@@ -0,0 +1,328 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Samba FAQ</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="NEXT"
+TITLE="General Information"
+HREF="general.html"></HEAD
+><BODY
+CLASS="BOOK"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="BOOK"
+><A
+NAME="SAMBA-FAQ"
+></A
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="SAMBA-FAQ"
+></A
+>Samba FAQ</H1
+><H3
+CLASS="AUTHOR"
+><A
+NAME="AEN4"
+></A
+>Samba Team</H3
+><HR></DIV
+><H1
+><A
+NAME="AEN7"
+></A
+>Dedication</H1
+><P
+>This is the Frequently Asked Questions (FAQ) document for
+Samba, the free and very popular SMB server product. An SMB server
+allows file and printer connections from clients such as Windows,
+OS/2, Linux and others. Current to version 3.0. Please send any
+corrections to the samba documentation mailinglist at
+<A
+HREF="mailto:samba-doc@samba.org"
+TARGET="_top"
+>samba-doc@samba.org</A
+>.
+This FAQ was based on the old Samba FAQ by Dan Shearer and Paul Blackman,
+and the old samba text documents which were mostly written by John Terpstra.</P
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>1. <A
+HREF="general.html"
+>General Information</A
+></DT
+><DD
+><DL
+><DT
+>1.1. <A
+HREF="general.html#AEN12"
+>Where can I get it?</A
+></DT
+><DT
+>1.2. <A
+HREF="general.html#AEN16"
+>What do the version numbers mean?</A
+></DT
+><DT
+>1.3. <A
+HREF="general.html#AEN28"
+>What platforms are supported?</A
+></DT
+><DT
+>1.4. <A
+HREF="general.html#AEN71"
+>How do I subscribe to the Samba Mailing Lists?</A
+></DT
+><DT
+>1.5. <A
+HREF="general.html#AEN75"
+>Pizza supply details</A
+></DT
+></DL
+></DD
+><DT
+>2. <A
+HREF="install.html"
+>Compiling and installing Samba on a Unix host</A
+></DT
+><DD
+><DL
+><DT
+>2.1. <A
+HREF="install.html#AEN84"
+>I can't see the Samba server in any browse lists!</A
+></DT
+><DT
+>2.2. <A
+HREF="install.html#AEN89"
+>Some files that I KNOW are on the server doesn't show up when I view the files from my client!</A
+></DT
+><DT
+>2.3. <A
+HREF="install.html#AEN92"
+>Some files on the server show up with really wierd filenames when I view the files from my client!</A
+></DT
+><DT
+>2.4. <A
+HREF="install.html#AEN96"
+>My client reports "cannot locate specified computer" or similar</A
+></DT
+><DT
+>2.5. <A
+HREF="install.html#AEN103"
+>My client reports "cannot locate specified share name" or similar</A
+></DT
+><DT
+>2.6. <A
+HREF="install.html#AEN112"
+>Printing doesn't work</A
+></DT
+><DT
+>2.7. <A
+HREF="install.html#AEN120"
+>My client reports "This server is not configured to list shared resources"</A
+></DT
+><DT
+>2.8. <A
+HREF="install.html#AEN124"
+>Log message "you appear to have a trapdoor uid system"</A
+></DT
+><DT
+>2.9. <A
+HREF="install.html#AEN132"
+>Why are my file's timestamps off by an hour, or by a few hours?</A
+></DT
+><DT
+>2.10. <A
+HREF="install.html#AEN155"
+>How do I set the printer driver name correctly?</A
+></DT
+></DL
+></DD
+><DT
+>3. <A
+HREF="clientapp.html"
+>Specific client application problems</A
+></DT
+><DD
+><DL
+><DT
+>3.1. <A
+HREF="clientapp.html#AEN170"
+>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A
+></DT
+><DT
+>3.2. <A
+HREF="clientapp.html#AEN175"
+>How to use a Samba share as an administrative share for MS Office, etc.</A
+></DT
+><DT
+>3.3. <A
+HREF="clientapp.html#AEN190"
+>Microsoft Access database opening errors</A
+></DT
+></DL
+></DD
+><DT
+>4. <A
+HREF="errors.html"
+>Common errors</A
+></DT
+><DD
+><DL
+><DT
+>4.1. <A
+HREF="errors.html#AEN201"
+>Not listening for calling name</A
+></DT
+><DT
+>4.2. <A
+HREF="errors.html#AEN208"
+>System Error 1240</A
+></DT
+><DT
+>4.3. <A
+HREF="errors.html#AEN215"
+>smbclient ignores -N !</A
+></DT
+><DT
+>4.4. <A
+HREF="errors.html#AEN224"
+>The data on the CD-Drive I've shared seems to be corrupted!</A
+></DT
+><DT
+>4.5. <A
+HREF="errors.html#AEN228"
+>Why can users access home directories of other users?</A
+></DT
+></DL
+></DD
+><DT
+>5. <A
+HREF="features.html"
+>Features</A
+></DT
+><DD
+><DL
+><DT
+>5.1. <A
+HREF="features.html#AEN243"
+>How can I prevent my samba server from being used to distribute the Nimda worm?</A
+></DT
+><DT
+>5.2. <A
+HREF="features.html#AEN257"
+>How can I use samba as a fax server?</A
+></DT
+><DD
+><DL
+><DT
+>5.2.1. <A
+HREF="features.html#AEN268"
+>Tools for printing faxes</A
+></DT
+><DT
+>5.2.2. <A
+HREF="features.html#AEN278"
+>Making the fax-server</A
+></DT
+><DT
+>5.2.3. <A
+HREF="features.html#AEN294"
+>Installing the client drivers</A
+></DT
+><DT
+>5.2.4. <A
+HREF="features.html#AEN308"
+>Example smb.conf</A
+></DT
+></DL
+></DD
+><DT
+>5.3. <A
+HREF="features.html#AEN312"
+>Samba doesn't work well together with DHCP!</A
+></DT
+><DT
+>5.4. <A
+HREF="features.html#AEN325"
+>How can I assign NetBIOS names to clients with DHCP?</A
+></DT
+><DT
+>5.5. <A
+HREF="features.html#AEN332"
+>How do I convert between unix and dos text formats?</A
+></DT
+></DL
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="general.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>General Information</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/docs/htmldocs/Samba-HOWTO.html b/docs/htmldocs/Samba-HOWTO.html
new file mode 100644
index 0000000000..da69705bc3
--- /dev/null
+++ b/docs/htmldocs/Samba-HOWTO.html
@@ -0,0 +1,1440 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>SAMBA Project Documentation</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+"><LINK
+REL="NEXT"
+TITLE="How to Install and Test SAMBA"
+HREF="install.html"></HEAD
+><BODY
+CLASS="BOOK"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="BOOK"
+><A
+NAME="SAMBA-PROJECT-DOCUMENTATION"><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="SAMBA-PROJECT-DOCUMENTATION">SAMBA Project Documentation</H1
+><H3
+CLASS="AUTHOR"
+><A
+NAME="AEN4">SAMBA Team</H3
+><HR></DIV
+><H1
+><A
+NAME="AEN8">Abstract</H1
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Last Update</I
+></SPAN
+> : Thu Aug 15 12:48:45 CDT 2002</P
+><P
+>This book is a collection of HOWTOs added to Samba documentation over the years.
+I try to ensure that all are current, but sometimes the is a larger job
+than one person can maintain. The most recent version of this document
+can be found at <A
+HREF="http://www.samba.org/"
+TARGET="_top"
+>http://www.samba.org/</A
+>
+on the "Documentation" page. Please send updates to <A
+HREF="mailto:jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.</P
+><P
+>This documentation is distributed under the GNU General Public License (GPL)
+version 2. A copy of the license is included with the Samba source
+distribution. A copy can be found on-line at <A
+HREF="http://www.fsf.org/licenses/gpl.txt"
+TARGET="_top"
+>http://www.fsf.org/licenses/gpl.txt</A
+></P
+><P
+>Cheers, jerry</P
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>1. <A
+HREF="install.html"
+>How to Install and Test SAMBA</A
+></DT
+><DD
+><DL
+><DT
+>1.1. <A
+HREF="install.html#AEN20"
+>Step 0: Read the man pages</A
+></DT
+><DT
+>1.2. <A
+HREF="install.html#AEN28"
+>Step 1: Building the Binaries</A
+></DT
+><DT
+>1.3. <A
+HREF="install.html#AEN56"
+>Step 2: The all important step</A
+></DT
+><DT
+>1.4. <A
+HREF="install.html#AEN60"
+>Step 3: Create the smb configuration file.</A
+></DT
+><DT
+>1.5. <A
+HREF="install.html#AEN74"
+>Step 4: Test your config file with
+ <B
+CLASS="COMMAND"
+>testparm</B
+></A
+></DT
+><DT
+>1.6. <A
+HREF="install.html#AEN80"
+>Step 5: Starting the smbd and nmbd</A
+></DT
+><DD
+><DL
+><DT
+>1.6.1. <A
+HREF="install.html#AEN90"
+>Step 5a: Starting from inetd.conf</A
+></DT
+><DT
+>1.6.2. <A
+HREF="install.html#AEN119"
+>Step 5b. Alternative: starting it as a daemon</A
+></DT
+></DL
+></DD
+><DT
+>1.7. <A
+HREF="install.html#AEN135"
+>Step 6: Try listing the shares available on your
+ server</A
+></DT
+><DT
+>1.8. <A
+HREF="install.html#AEN144"
+>Step 7: Try connecting with the unix client</A
+></DT
+><DT
+>1.9. <A
+HREF="install.html#AEN160"
+>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT,
+ Win2k, OS/2, etc... client</A
+></DT
+><DT
+>1.10. <A
+HREF="install.html#AEN174"
+>What If Things Don't Work?</A
+></DT
+><DD
+><DL
+><DT
+>1.10.1. <A
+HREF="install.html#AEN179"
+>Diagnosing Problems</A
+></DT
+><DT
+>1.10.2. <A
+HREF="install.html#AEN183"
+>Scope IDs</A
+></DT
+><DT
+>1.10.3. <A
+HREF="install.html#AEN186"
+>Choosing the Protocol Level</A
+></DT
+><DT
+>1.10.4. <A
+HREF="install.html#AEN195"
+>Printing from UNIX to a Client PC</A
+></DT
+><DT
+>1.10.5. <A
+HREF="install.html#AEN200"
+>Locking</A
+></DT
+><DT
+>1.10.6. <A
+HREF="install.html#AEN209"
+>Mapping Usernames</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>2. <A
+HREF="diagnosis.html"
+>Diagnosing your samba server</A
+></DT
+><DD
+><DL
+><DT
+>2.1. <A
+HREF="diagnosis.html#AEN223"
+>Introduction</A
+></DT
+><DT
+>2.2. <A
+HREF="diagnosis.html#AEN228"
+>Assumptions</A
+></DT
+><DT
+>2.3. <A
+HREF="diagnosis.html#AEN238"
+>Tests</A
+></DT
+><DD
+><DL
+><DT
+>2.3.1. <A
+HREF="diagnosis.html#AEN240"
+>Test 1</A
+></DT
+><DT
+>2.3.2. <A
+HREF="diagnosis.html#AEN246"
+>Test 2</A
+></DT
+><DT
+>2.3.3. <A
+HREF="diagnosis.html#AEN252"
+>Test 3</A
+></DT
+><DT
+>2.3.4. <A
+HREF="diagnosis.html#AEN267"
+>Test 4</A
+></DT
+><DT
+>2.3.5. <A
+HREF="diagnosis.html#AEN272"
+>Test 5</A
+></DT
+><DT
+>2.3.6. <A
+HREF="diagnosis.html#AEN278"
+>Test 6</A
+></DT
+><DT
+>2.3.7. <A
+HREF="diagnosis.html#AEN286"
+>Test 7</A
+></DT
+><DT
+>2.3.8. <A
+HREF="diagnosis.html#AEN312"
+>Test 8</A
+></DT
+><DT
+>2.3.9. <A
+HREF="diagnosis.html#AEN329"
+>Test 9</A
+></DT
+><DT
+>2.3.10. <A
+HREF="diagnosis.html#AEN334"
+>Test 10</A
+></DT
+><DT
+>2.3.11. <A
+HREF="diagnosis.html#AEN340"
+>Test 11</A
+></DT
+></DL
+></DD
+><DT
+>2.4. <A
+HREF="diagnosis.html#AEN345"
+>Still having troubles?</A
+></DT
+></DL
+></DD
+><DT
+>3. <A
+HREF="integrate-ms-networks.html"
+>Integrating MS Windows networks with Samba</A
+></DT
+><DD
+><DL
+><DT
+>3.1. <A
+HREF="integrate-ms-networks.html#AEN362"
+>Agenda</A
+></DT
+><DT
+>3.2. <A
+HREF="integrate-ms-networks.html#AEN384"
+>Name Resolution in a pure Unix/Linux world</A
+></DT
+><DD
+><DL
+><DT
+>3.2.1. <A
+HREF="integrate-ms-networks.html#AEN400"
+><TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></A
+></DT
+><DT
+>3.2.2. <A
+HREF="integrate-ms-networks.html#AEN416"
+><TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></A
+></DT
+><DT
+>3.2.3. <A
+HREF="integrate-ms-networks.html#AEN427"
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></A
+></DT
+><DT
+>3.2.4. <A
+HREF="integrate-ms-networks.html#AEN435"
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></A
+></DT
+></DL
+></DD
+><DT
+>3.3. <A
+HREF="integrate-ms-networks.html#AEN447"
+>Name resolution as used within MS Windows networking</A
+></DT
+><DD
+><DL
+><DT
+>3.3.1. <A
+HREF="integrate-ms-networks.html#AEN459"
+>The NetBIOS Name Cache</A
+></DT
+><DT
+>3.3.2. <A
+HREF="integrate-ms-networks.html#AEN464"
+>The LMHOSTS file</A
+></DT
+><DT
+>3.3.3. <A
+HREF="integrate-ms-networks.html#AEN472"
+>HOSTS file</A
+></DT
+><DT
+>3.3.4. <A
+HREF="integrate-ms-networks.html#AEN477"
+>DNS Lookup</A
+></DT
+><DT
+>3.3.5. <A
+HREF="integrate-ms-networks.html#AEN480"
+>WINS Lookup</A
+></DT
+></DL
+></DD
+><DT
+>3.4. <A
+HREF="integrate-ms-networks.html#AEN492"
+>How browsing functions and how to deploy stable and
+dependable browsing using Samba</A
+></DT
+><DT
+>3.5. <A
+HREF="integrate-ms-networks.html#AEN502"
+>MS Windows security options and how to configure
+Samba for seemless integration</A
+></DT
+><DD
+><DL
+><DT
+>3.5.1. <A
+HREF="integrate-ms-networks.html#AEN530"
+>Use MS Windows NT as an authentication server</A
+></DT
+><DT
+>3.5.2. <A
+HREF="integrate-ms-networks.html#AEN538"
+>Make Samba a member of an MS Windows NT security domain</A
+></DT
+><DT
+>3.5.3. <A
+HREF="integrate-ms-networks.html#AEN555"
+>Configure Samba as an authentication server</A
+></DT
+></DL
+></DD
+><DT
+>3.6. <A
+HREF="integrate-ms-networks.html#AEN572"
+>Conclusions</A
+></DT
+></DL
+></DD
+><DT
+>4. <A
+HREF="pam.html"
+>Configuring PAM for distributed but centrally
+managed authentication</A
+></DT
+><DD
+><DL
+><DT
+>4.1. <A
+HREF="pam.html#AEN593"
+>Samba and PAM</A
+></DT
+><DT
+>4.2. <A
+HREF="pam.html#AEN637"
+>Distributed Authentication</A
+></DT
+><DT
+>4.3. <A
+HREF="pam.html#AEN644"
+>PAM Configuration in smb.conf</A
+></DT
+></DL
+></DD
+><DT
+>5. <A
+HREF="msdfs.html"
+>Hosting a Microsoft Distributed File System tree on Samba</A
+></DT
+><DD
+><DL
+><DT
+>5.1. <A
+HREF="msdfs.html#AEN664"
+>Instructions</A
+></DT
+><DD
+><DL
+><DT
+>5.1.1. <A
+HREF="msdfs.html#AEN699"
+>Notes</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>6. <A
+HREF="unix-permissions.html"
+>UNIX Permission Bits and Windows NT Access Control Lists</A
+></DT
+><DD
+><DL
+><DT
+>6.1. <A
+HREF="unix-permissions.html#AEN719"
+>Viewing and changing UNIX permissions using the NT
+ security dialogs</A
+></DT
+><DT
+>6.2. <A
+HREF="unix-permissions.html#AEN728"
+>How to view file security on a Samba share</A
+></DT
+><DT
+>6.3. <A
+HREF="unix-permissions.html#AEN739"
+>Viewing file ownership</A
+></DT
+><DT
+>6.4. <A
+HREF="unix-permissions.html#AEN759"
+>Viewing file or directory permissions</A
+></DT
+><DD
+><DL
+><DT
+>6.4.1. <A
+HREF="unix-permissions.html#AEN774"
+>File Permissions</A
+></DT
+><DT
+>6.4.2. <A
+HREF="unix-permissions.html#AEN788"
+>Directory Permissions</A
+></DT
+></DL
+></DD
+><DT
+>6.5. <A
+HREF="unix-permissions.html#AEN795"
+>Modifying file or directory permissions</A
+></DT
+><DT
+>6.6. <A
+HREF="unix-permissions.html#AEN817"
+>Interaction with the standard Samba create mask
+ parameters</A
+></DT
+><DT
+>6.7. <A
+HREF="unix-permissions.html#AEN881"
+>Interaction with the standard Samba file attribute
+ mapping</A
+></DT
+></DL
+></DD
+><DT
+>7. <A
+HREF="printing.html"
+>Printing Support in Samba 2.2.x</A
+></DT
+><DD
+><DL
+><DT
+>7.1. <A
+HREF="printing.html#AEN902"
+>Introduction</A
+></DT
+><DT
+>7.2. <A
+HREF="printing.html#AEN924"
+>Configuration</A
+></DT
+><DD
+><DL
+><DT
+>7.2.1. <A
+HREF="printing.html#AEN935"
+>Creating [print$]</A
+></DT
+><DT
+>7.2.2. <A
+HREF="printing.html#AEN970"
+>Setting Drivers for Existing Printers</A
+></DT
+><DT
+>7.2.3. <A
+HREF="printing.html#AEN987"
+>Support a large number of printers</A
+></DT
+><DT
+>7.2.4. <A
+HREF="printing.html#AEN998"
+>Adding New Printers via the Windows NT APW</A
+></DT
+><DT
+>7.2.5. <A
+HREF="printing.html#AEN1028"
+>Samba and Printer Ports</A
+></DT
+></DL
+></DD
+><DT
+>7.3. <A
+HREF="printing.html#AEN1036"
+>The Imprints Toolset</A
+></DT
+><DD
+><DL
+><DT
+>7.3.1. <A
+HREF="printing.html#AEN1040"
+>What is Imprints?</A
+></DT
+><DT
+>7.3.2. <A
+HREF="printing.html#AEN1050"
+>Creating Printer Driver Packages</A
+></DT
+><DT
+>7.3.3. <A
+HREF="printing.html#AEN1053"
+>The Imprints server</A
+></DT
+><DT
+>7.3.4. <A
+HREF="printing.html#AEN1057"
+>The Installation Client</A
+></DT
+></DL
+></DD
+><DT
+>7.4. <A
+HREF="printing.html#AEN1079"
+><A
+NAME="MIGRATION"
+></A
+>Migration to from Samba 2.0.x to 2.2.x</A
+></DT
+></DL
+></DD
+><DT
+>8. <A
+HREF="printingdebug.html"
+>Debugging Printing Problems</A
+></DT
+><DD
+><DL
+><DT
+>8.1. <A
+HREF="printingdebug.html#AEN1125"
+>Introduction</A
+></DT
+><DT
+>8.2. <A
+HREF="printingdebug.html#AEN1141"
+>Debugging printer problems</A
+></DT
+><DT
+>8.3. <A
+HREF="printingdebug.html#AEN1150"
+>What printers do I have?</A
+></DT
+><DT
+>8.4. <A
+HREF="printingdebug.html#AEN1158"
+>Setting up printcap and print servers</A
+></DT
+><DT
+>8.5. <A
+HREF="printingdebug.html#AEN1186"
+>Job sent, no output</A
+></DT
+><DT
+>8.6. <A
+HREF="printingdebug.html#AEN1197"
+>Job sent, strange output</A
+></DT
+><DT
+>8.7. <A
+HREF="printingdebug.html#AEN1209"
+>Raw PostScript printed</A
+></DT
+><DT
+>8.8. <A
+HREF="printingdebug.html#AEN1212"
+>Advanced Printing</A
+></DT
+><DT
+>8.9. <A
+HREF="printingdebug.html#AEN1215"
+>Real debugging</A
+></DT
+></DL
+></DD
+><DT
+>9. <A
+HREF="securitylevels.html"
+>Security levels</A
+></DT
+><DD
+><DL
+><DT
+>9.1. <A
+HREF="securitylevels.html#AEN1228"
+>Introduction</A
+></DT
+><DT
+>9.2. <A
+HREF="securitylevels.html#AEN1239"
+>More complete description of security levels</A
+></DT
+></DL
+></DD
+><DT
+>10. <A
+HREF="domain-security.html"
+>security = domain in Samba 2.x</A
+></DT
+><DD
+><DL
+><DT
+>10.1. <A
+HREF="domain-security.html#AEN1272"
+>Joining an NT Domain with Samba 2.2</A
+></DT
+><DT
+>10.2. <A
+HREF="domain-security.html#AEN1336"
+>Samba and Windows 2000 Domains</A
+></DT
+><DT
+>10.3. <A
+HREF="domain-security.html#AEN1341"
+>Why is this better than security = server?</A
+></DT
+></DL
+></DD
+><DT
+>11. <A
+HREF="winbind.html"
+>Unified Logons between Windows NT and UNIX using Winbind</A
+></DT
+><DD
+><DL
+><DT
+>11.1. <A
+HREF="winbind.html#AEN1394"
+>Abstract</A
+></DT
+><DT
+>11.2. <A
+HREF="winbind.html#AEN1398"
+>Introduction</A
+></DT
+><DT
+>11.3. <A
+HREF="winbind.html#AEN1411"
+>What Winbind Provides</A
+></DT
+><DD
+><DL
+><DT
+>11.3.1. <A
+HREF="winbind.html#AEN1418"
+>Target Uses</A
+></DT
+></DL
+></DD
+><DT
+>11.4. <A
+HREF="winbind.html#AEN1422"
+>How Winbind Works</A
+></DT
+><DD
+><DL
+><DT
+>11.4.1. <A
+HREF="winbind.html#AEN1427"
+>Microsoft Remote Procedure Calls</A
+></DT
+><DT
+>11.4.2. <A
+HREF="winbind.html#AEN1431"
+>Name Service Switch</A
+></DT
+><DT
+>11.4.3. <A
+HREF="winbind.html#AEN1447"
+>Pluggable Authentication Modules</A
+></DT
+><DT
+>11.4.4. <A
+HREF="winbind.html#AEN1455"
+>User and Group ID Allocation</A
+></DT
+><DT
+>11.4.5. <A
+HREF="winbind.html#AEN1459"
+>Result Caching</A
+></DT
+></DL
+></DD
+><DT
+>11.5. <A
+HREF="winbind.html#AEN1462"
+>Installation and Configuration</A
+></DT
+><DD
+><DL
+><DT
+>11.5.1. <A
+HREF="winbind.html#AEN1469"
+>Introduction</A
+></DT
+><DT
+>11.5.2. <A
+HREF="winbind.html#AEN1482"
+>Requirements</A
+></DT
+><DT
+>11.5.3. <A
+HREF="winbind.html#AEN1496"
+>Testing Things Out</A
+></DT
+></DL
+></DD
+><DT
+>11.6. <A
+HREF="winbind.html#AEN1711"
+>Limitations</A
+></DT
+><DT
+>11.7. <A
+HREF="winbind.html#AEN1721"
+>Conclusion</A
+></DT
+></DL
+></DD
+><DT
+>12. <A
+HREF="samba-pdc.html"
+>How to Configure Samba 2.2 as a Primary Domain Controller</A
+></DT
+><DD
+><DL
+><DT
+>12.1. <A
+HREF="samba-pdc.html#AEN1741"
+>Prerequisite Reading</A
+></DT
+><DT
+>12.2. <A
+HREF="samba-pdc.html#AEN1747"
+>Background</A
+></DT
+><DT
+>12.3. <A
+HREF="samba-pdc.html#AEN1786"
+>Configuring the Samba Domain Controller</A
+></DT
+><DT
+>12.4. <A
+HREF="samba-pdc.html#AEN1829"
+>Creating Machine Trust Accounts and Joining Clients to the
+Domain</A
+></DT
+><DD
+><DL
+><DT
+>12.4.1. <A
+HREF="samba-pdc.html#AEN1848"
+>Manual Creation of Machine Trust Accounts</A
+></DT
+><DT
+>12.4.2. <A
+HREF="samba-pdc.html#AEN1883"
+>"On-the-Fly" Creation of Machine Trust Accounts</A
+></DT
+><DT
+>12.4.3. <A
+HREF="samba-pdc.html#AEN1892"
+>Joining the Client to the Domain</A
+></DT
+></DL
+></DD
+><DT
+>12.5. <A
+HREF="samba-pdc.html#AEN1907"
+>Common Problems and Errors</A
+></DT
+><DT
+>12.6. <A
+HREF="samba-pdc.html#AEN1955"
+>System Policies and Profiles</A
+></DT
+><DT
+>12.7. <A
+HREF="samba-pdc.html#AEN1999"
+>What other help can I get?</A
+></DT
+><DT
+>12.8. <A
+HREF="samba-pdc.html#AEN2113"
+>Domain Control for Windows 9x/ME</A
+></DT
+><DD
+><DL
+><DT
+>12.8.1. <A
+HREF="samba-pdc.html#AEN2139"
+>Configuration Instructions: Network Logons</A
+></DT
+><DT
+>12.8.2. <A
+HREF="samba-pdc.html#AEN2158"
+>Configuration Instructions: Setting up Roaming User Profiles</A
+></DT
+></DL
+></DD
+><DT
+>12.9. <A
+HREF="samba-pdc.html#AEN2251"
+>DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+></DT
+></DL
+></DD
+><DT
+>13. <A
+HREF="samba-bdc.html"
+>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
+></DT
+><DD
+><DL
+><DT
+>13.1. <A
+HREF="samba-bdc.html#AEN2287"
+>Prerequisite Reading</A
+></DT
+><DT
+>13.2. <A
+HREF="samba-bdc.html#AEN2291"
+>Background</A
+></DT
+><DT
+>13.3. <A
+HREF="samba-bdc.html#AEN2299"
+>What qualifies a Domain Controller on the network?</A
+></DT
+><DD
+><DL
+><DT
+>13.3.1. <A
+HREF="samba-bdc.html#AEN2302"
+>How does a Workstation find its domain controller?</A
+></DT
+><DT
+>13.3.2. <A
+HREF="samba-bdc.html#AEN2305"
+>When is the PDC needed?</A
+></DT
+></DL
+></DD
+><DT
+>13.4. <A
+HREF="samba-bdc.html#AEN2308"
+>Can Samba be a Backup Domain Controller?</A
+></DT
+><DT
+>13.5. <A
+HREF="samba-bdc.html#AEN2312"
+>How do I set up a Samba BDC?</A
+></DT
+><DD
+><DL
+><DT
+>13.5.1. <A
+HREF="samba-bdc.html#AEN2329"
+>How do I replicate the smbpasswd file?</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>14. <A
+HREF="samba-ldap-howto.html"
+>Storing Samba's User/Machine Account information in an LDAP Directory</A
+></DT
+><DD
+><DL
+><DT
+>14.1. <A
+HREF="samba-ldap-howto.html#AEN2350"
+>Purpose</A
+></DT
+><DT
+>14.2. <A
+HREF="samba-ldap-howto.html#AEN2370"
+>Introduction</A
+></DT
+><DT
+>14.3. <A
+HREF="samba-ldap-howto.html#AEN2399"
+>Supported LDAP Servers</A
+></DT
+><DT
+>14.4. <A
+HREF="samba-ldap-howto.html#AEN2404"
+>Schema and Relationship to the RFC 2307 posixAccount</A
+></DT
+><DT
+>14.5. <A
+HREF="samba-ldap-howto.html#AEN2416"
+>Configuring Samba with LDAP</A
+></DT
+><DD
+><DL
+><DT
+>14.5.1. <A
+HREF="samba-ldap-howto.html#AEN2418"
+>OpenLDAP configuration</A
+></DT
+><DT
+>14.5.2. <A
+HREF="samba-ldap-howto.html#AEN2435"
+>Configuring Samba</A
+></DT
+></DL
+></DD
+><DT
+>14.6. <A
+HREF="samba-ldap-howto.html#AEN2463"
+>Accounts and Groups management</A
+></DT
+><DT
+>14.7. <A
+HREF="samba-ldap-howto.html#AEN2468"
+>Security and sambaAccount</A
+></DT
+><DT
+>14.8. <A
+HREF="samba-ldap-howto.html#AEN2488"
+>LDAP specials attributes for sambaAccounts</A
+></DT
+><DT
+>14.9. <A
+HREF="samba-ldap-howto.html#AEN2558"
+>Example LDIF Entries for a sambaAccount</A
+></DT
+><DT
+>14.10. <A
+HREF="samba-ldap-howto.html#AEN2566"
+>Comments</A
+></DT
+></DL
+></DD
+><DT
+>15. <A
+HREF="improved-browsing.html"
+>Improved browsing in samba</A
+></DT
+><DD
+><DL
+><DT
+>15.1. <A
+HREF="improved-browsing.html#AEN2577"
+>Overview of browsing</A
+></DT
+><DT
+>15.2. <A
+HREF="improved-browsing.html#AEN2581"
+>Browsing support in samba</A
+></DT
+><DT
+>15.3. <A
+HREF="improved-browsing.html#AEN2590"
+>Problem resolution</A
+></DT
+><DT
+>15.4. <A
+HREF="improved-browsing.html#AEN2597"
+>Browsing across subnets</A
+></DT
+><DD
+><DL
+><DT
+>15.4.1. <A
+HREF="improved-browsing.html#AEN2602"
+>How does cross subnet browsing work ?</A
+></DT
+></DL
+></DD
+><DT
+>15.5. <A
+HREF="improved-browsing.html#AEN2637"
+>Setting up a WINS server</A
+></DT
+><DT
+>15.6. <A
+HREF="improved-browsing.html#AEN2656"
+>Setting up Browsing in a WORKGROUP</A
+></DT
+><DT
+>15.7. <A
+HREF="improved-browsing.html#AEN2674"
+>Setting up Browsing in a DOMAIN</A
+></DT
+><DT
+>15.8. <A
+HREF="improved-browsing.html#AEN2684"
+>Forcing samba to be the master</A
+></DT
+><DT
+>15.9. <A
+HREF="improved-browsing.html#AEN2693"
+>Making samba the domain master</A
+></DT
+><DT
+>15.10. <A
+HREF="improved-browsing.html#AEN2711"
+>Note about broadcast addresses</A
+></DT
+><DT
+>15.11. <A
+HREF="improved-browsing.html#AEN2714"
+>Multiple interfaces</A
+></DT
+></DL
+></DD
+><DT
+>16. <A
+HREF="speed.html"
+>Samba performance issues</A
+></DT
+><DD
+><DL
+><DT
+>16.1. <A
+HREF="speed.html#AEN2732"
+>Comparisons</A
+></DT
+><DT
+>16.2. <A
+HREF="speed.html#AEN2738"
+>Oplocks</A
+></DT
+><DD
+><DL
+><DT
+>16.2.1. <A
+HREF="speed.html#AEN2740"
+>Overview</A
+></DT
+><DT
+>16.2.2. <A
+HREF="speed.html#AEN2748"
+>Level2 Oplocks</A
+></DT
+><DT
+>16.2.3. <A
+HREF="speed.html#AEN2754"
+>Old 'fake oplocks' option - deprecated</A
+></DT
+></DL
+></DD
+><DT
+>16.3. <A
+HREF="speed.html#AEN2758"
+>Socket options</A
+></DT
+><DT
+>16.4. <A
+HREF="speed.html#AEN2765"
+>Read size</A
+></DT
+><DT
+>16.5. <A
+HREF="speed.html#AEN2770"
+>Max xmit</A
+></DT
+><DT
+>16.6. <A
+HREF="speed.html#AEN2775"
+>Locking</A
+></DT
+><DT
+>16.7. <A
+HREF="speed.html#AEN2779"
+>Share modes</A
+></DT
+><DT
+>16.8. <A
+HREF="speed.html#AEN2784"
+>Log level</A
+></DT
+><DT
+>16.9. <A
+HREF="speed.html#AEN2787"
+>Wide lines</A
+></DT
+><DT
+>16.10. <A
+HREF="speed.html#AEN2790"
+>Read raw</A
+></DT
+><DT
+>16.11. <A
+HREF="speed.html#AEN2795"
+>Write raw</A
+></DT
+><DT
+>16.12. <A
+HREF="speed.html#AEN2799"
+>Read prediction</A
+></DT
+><DT
+>16.13. <A
+HREF="speed.html#AEN2806"
+>Memory mapping</A
+></DT
+><DT
+>16.14. <A
+HREF="speed.html#AEN2811"
+>Slow Clients</A
+></DT
+><DT
+>16.15. <A
+HREF="speed.html#AEN2815"
+>Slow Logins</A
+></DT
+><DT
+>16.16. <A
+HREF="speed.html#AEN2818"
+>Client tuning</A
+></DT
+><DT
+>16.17. <A
+HREF="speed.html#AEN2850"
+>My Results</A
+></DT
+></DL
+></DD
+><DT
+>17. <A
+HREF="other-clients.html"
+>Samba and other CIFS clients</A
+></DT
+><DD
+><DL
+><DT
+>17.1. <A
+HREF="other-clients.html#AEN2871"
+>Macintosh clients?</A
+></DT
+><DT
+>17.2. <A
+HREF="other-clients.html#AEN2880"
+>OS2 Client</A
+></DT
+><DD
+><DL
+><DT
+>17.2.1. <A
+HREF="other-clients.html#AEN2882"
+>How can I configure OS/2 Warp Connect or
+ OS/2 Warp 4 as a client for Samba?</A
+></DT
+><DT
+>17.2.2. <A
+HREF="other-clients.html#AEN2897"
+>How can I configure OS/2 Warp 3 (not Connect),
+ OS/2 1.2, 1.3 or 2.x for Samba?</A
+></DT
+><DT
+>17.2.3. <A
+HREF="other-clients.html#AEN2906"
+>Are there any other issues when OS/2 (any version)
+ is used as a client?</A
+></DT
+><DT
+>17.2.4. <A
+HREF="other-clients.html#AEN2910"
+>How do I get printer driver download working
+ for OS/2 clients?</A
+></DT
+></DL
+></DD
+><DT
+>17.3. <A
+HREF="other-clients.html#AEN2920"
+>Windows for Workgroups</A
+></DT
+><DD
+><DL
+><DT
+>17.3.1. <A
+HREF="other-clients.html#AEN2922"
+>Use latest TCP/IP stack from Microsoft</A
+></DT
+><DT
+>17.3.2. <A
+HREF="other-clients.html#AEN2927"
+>Delete .pwl files after password change</A
+></DT
+><DT
+>17.3.3. <A
+HREF="other-clients.html#AEN2932"
+>Configure WfW password handling</A
+></DT
+><DT
+>17.3.4. <A
+HREF="other-clients.html#AEN2936"
+>Case handling of passwords</A
+></DT
+></DL
+></DD
+><DT
+>17.4. <A
+HREF="other-clients.html#AEN2941"
+>Windows '95/'98</A
+></DT
+><DT
+>17.5. <A
+HREF="other-clients.html#AEN2957"
+>Windows 2000 Service Pack 2</A
+></DT
+></DL
+></DD
+><DT
+>18. <A
+HREF="cvs-access.html"
+>HOWTO Access Samba source code via CVS</A
+></DT
+><DD
+><DL
+><DT
+>18.1. <A
+HREF="cvs-access.html#AEN2981"
+>Introduction</A
+></DT
+><DT
+>18.2. <A
+HREF="cvs-access.html#AEN2986"
+>CVS Access to samba.org</A
+></DT
+><DD
+><DL
+><DT
+>18.2.1. <A
+HREF="cvs-access.html#AEN2989"
+>Access via CVSweb</A
+></DT
+><DT
+>18.2.2. <A
+HREF="cvs-access.html#AEN2994"
+>Access via cvs</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>19. <A
+HREF="bugreport.html"
+>Reporting Bugs</A
+></DT
+><DD
+><DL
+><DT
+>19.1. <A
+HREF="bugreport.html#AEN3029"
+>Introduction</A
+></DT
+><DT
+>19.2. <A
+HREF="bugreport.html#AEN3036"
+>General info</A
+></DT
+><DT
+>19.3. <A
+HREF="bugreport.html#AEN3042"
+>Debug levels</A
+></DT
+><DT
+>19.4. <A
+HREF="bugreport.html#AEN3059"
+>Internal errors</A
+></DT
+><DT
+>19.5. <A
+HREF="bugreport.html#AEN3069"
+>Attaching to a running process</A
+></DT
+><DT
+>19.6. <A
+HREF="bugreport.html#AEN3072"
+>Patches</A
+></DT
+></DL
+></DD
+><DT
+>20. <A
+HREF="groupmapping.html"
+>Group mapping HOWTO</A
+></DT
+><DT
+>21. <A
+HREF="portability.html"
+>Portability</A
+></DT
+><DD
+><DL
+><DT
+>21.1. <A
+HREF="portability.html#AEN3119"
+>HPUX</A
+></DT
+><DT
+>21.2. <A
+HREF="portability.html#AEN3124"
+>SCO Unix</A
+></DT
+><DT
+>21.3. <A
+HREF="portability.html#AEN3128"
+>DNIX</A
+></DT
+></DL
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="install.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>How to Install and Test SAMBA</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h
new file mode 100644
index 0000000000..c01d10554e
--- /dev/null
+++ b/source3/include/rpc_ds.h
@@ -0,0 +1,91 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB parameters and setup
+ Copyright (C) Gerald Carter 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_DS_H /* _RPC_LSA_H */
+#define _RPC_DS_H
+
+#include "rpc_misc.h"
+
+
+/* Opcodes available on PIPE_LSARPC_DS */
+
+#define DS_GETPRIMDOMINFO 0x00
+
+
+/* macros for RPC's */
+
+#define DSROLE_PRIMARY_DS_RUNNING 0x00000001
+#define DSROLE_PRIMARY_DS_MIXED_MODE 0x00000002
+#define DSROLE_UPGRADE_IN_PROGRESS 0x00000004
+#define DSROLE_PRIMARY_DOMAIN_GUID_PRESENT 0x01000000
+
+typedef struct
+{
+ uint16 machine_role;
+ uint16 unknown; /* 0x6173 -- maybe just alignment? */
+
+ uint32 flags;
+
+ uint32 netbios_ptr;
+ uint32 dnsname_ptr;
+ uint32 forestname_ptr;
+
+ GUID domain_guid;
+
+ UNISTR2 netbios_domain;
+ /* these 2 might be reversed in order. I can't tell from
+ my tests as both values are the same --jerry */
+ UNISTR2 dns_domain;
+ UNISTR2 forest_domain;
+} DSROLE_PRIMARY_DOMAIN_INFO_BASIC;
+
+typedef struct
+{
+ DSROLE_PRIMARY_DOMAIN_INFO_BASIC *basic;
+} DS_DOMINFO_CTR;
+
+/* info levels for ds_getprimdominfo() */
+
+#define DsRolePrimaryDomainInfoBasic 1
+
+
+/* DS_Q_GETPRIMDOMINFO - DsGetPrimaryDomainInformation() request */
+typedef struct
+{
+ uint16 level;
+} DS_Q_GETPRIMDOMINFO;
+
+/* DS_R_GETPRIMDOMINFO - DsGetPrimaryDomainInformation() response */
+typedef struct
+{
+ uint32 ptr;
+
+ uint16 level;
+ uint16 unknown0; /* 0x455c -- maybe just alignment? */
+
+ DS_DOMINFO_CTR info;
+
+ NTSTATUS status;
+} DS_R_GETPRIMDOMINFO;
+
+
+
+
+#endif /* _RPC_DS_H */
diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c
new file mode 100644
index 0000000000..d6985bf876
--- /dev/null
+++ b/source3/rpc_client/cli_ds.c
@@ -0,0 +1,63 @@
+/*
+ Unix SMB/CIFS implementation.
+ RPC pipe client
+ Copyright (C) Gerald Carter 2002,
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* implementations of client side DsXXX() functions */
+
+NTSTATUS cli_ds_getprimarydominfo( struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ uint16 level, DS_DOMINFO_CTR *ctr)
+{
+ prs_struct qbuf, rbuf;
+ DS_Q_GETPRIMDOMINFO q;
+ DS_R_GETPRIMDOMINFO r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ q.level = level;
+
+ if (!ds_io_q_getprimdominfo("", &q, &qbuf, 0)
+ || !rpc_api_pipe_req(cli, DS_GETPRIMDOMINFO, &qbuf, &rbuf))
+ {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* Unmarshall response */
+
+ if (!ds_io_r_getprimdominfo("", &r, &rbuf, 0)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ memcpy( ctr, &r.info, sizeof(DS_DOMINFO_CTR) );
+ result = r.status;
+
+done:
+ return result;
+}
+
diff --git a/source3/rpc_parse/parse_ds.c b/source3/rpc_parse/parse_ds.c
new file mode 100644
index 0000000000..ec5ea45cc8
--- /dev/null
+++ b/source3/rpc_parse/parse_ds.c
@@ -0,0 +1,113 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * RPC Pipe client / server routines
+ * Copyright (C) Gerald Carter 2002
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+static BOOL ds_io_dominfobasic( char *desc, prs_struct *ps, int depth, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **basic)
+{
+ DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic;
+
+ if ( UNMARSHALLING(ps) )
+ p = *basic = (DSROLE_PRIMARY_DOMAIN_INFO_BASIC *)prs_alloc_mem(ps, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
+
+ if ( !p )
+ return False;
+
+ if ( !prs_uint16("machine_role", ps, depth, &p->machine_role) )
+ return False;
+ if ( !prs_uint16("unknown", ps, depth, &p->unknown) )
+ return False;
+
+ if ( !prs_uint32("flags", ps, depth, &p->flags) )
+ return False;
+
+ if ( !prs_uint32("netbios_ptr", ps, depth, &p->netbios_ptr) )
+ return False;
+ if ( !prs_uint32("dnsname_ptr", ps, depth, &p->dnsname_ptr) )
+ return False;
+ if ( !prs_uint32("forestname_ptr", ps, depth, &p->forestname_ptr) )
+ return False;
+
+ if ( !prs_uint8s(False, "domain_guid", ps, depth, p->domain_guid.info, GUID_SIZE) )
+ return False;
+
+ if ( !smb_io_unistr2( "netbios_domain", &p->netbios_domain, p->netbios_ptr, ps, depth) )
+ return False;
+ if ( !smb_io_unistr2( "dns_domain", &p->dns_domain, p->dnsname_ptr, ps, depth) )
+ return False;
+ if ( !smb_io_unistr2( "forest_domain", &p->forest_domain, p->forestname_ptr, ps, depth) )
+ return False;
+
+ return True;
+
+}
+
+BOOL ds_io_q_getprimdominfo( char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "ds_io_q_getprimdominfo");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if ( !prs_uint16( "level", ps, depth, &q_u->level ) )
+ return False;
+
+ return True;
+}
+
+BOOL ds_io_r_getprimdominfo( char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "ds_io_r_getprimdominfo");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if ( !prs_uint32( "ptr", ps, depth, &r_u->ptr ) )
+ return False;
+
+ if ( r_u->ptr )
+ {
+ if ( !prs_uint16( "level", ps, depth, &r_u->level ) )
+ return False;
+
+ if ( !prs_uint16( "unknown0", ps, depth, &r_u->unknown0 ) )
+ return False;
+
+ switch ( r_u->level )
+ {
+ case DsRolePrimaryDomainInfoBasic:
+ if ( !ds_io_dominfobasic( "dominfobasic", ps, depth, &r_u->info.basic ) )
+ return False;
+ break;
+ default:
+ return False;
+ }
+ }
+
+ if ( !prs_align(ps) )
+ return False;
+
+ if ( !prs_ntstatus("status", ps, depth, &r_u->status ) )
+ return False;
+
+ return True;
+}
diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_ds.c
new file mode 100644
index 0000000000..9a2114e07e
--- /dev/null
+++ b/source3/rpcclient/cmd_ds.c
@@ -0,0 +1,59 @@
+/*
+ Unix SMB/CIFS implementation.
+ RPC pipe client
+
+ Copyright (C) Gerald Carter 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+/* Look up domain related information on a remote host */
+
+static NTSTATUS cmd_ds_dsrole_getprimarydominfo(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ char **argv)
+{
+ NTSTATUS result;
+ DS_DOMINFO_CTR ctr;
+
+ result = cli_ds_getprimarydominfo( cli, mem_ctx, DsRolePrimaryDomainInfoBasic, &ctr );
+ if ( NT_STATUS_IS_OK(result) )
+ {
+ printf ("Machine Role = [%d]\n", ctr.basic->machine_role);
+
+ if ( ctr.basic->flags & DSROLE_PRIMARY_DS_RUNNING ) {
+ printf( "Directory Service is running.\n");
+ printf( "Domain is in %s mode.\n", (ctr.basic->flags & DSROLE_PRIMARY_DS_MIXED_MODE) ? "mized" : "native" );
+ }
+ else
+ printf( "Directory Service not running on server\n");
+ }
+
+ return result;
+}
+
+/* List of commands exported by this module */
+
+struct cmd_set ds_commands[] = {
+
+ { "LSARPC-DS" },
+
+ { "dsroledominfo", cmd_ds_dsrole_getprimarydominfo, PI_LSARPC_DS, "Get Primary Domain Information", "" },
+
+ { NULL }
+};