diff options
author | John Terpstra <jht@samba.org> | 2005-06-16 02:10:11 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:46:49 -0500 |
commit | 66561b0fdadbff6f2b6bb496064d558d6fa0770e (patch) | |
tree | a6b03abd362179db7e741d497bcdc12a8f096fa5 /docs/Samba3-HOWTO | |
parent | fa96398866a4bcdcc13b42ab4f8d3f516cd9238a (diff) | |
download | samba-66561b0fdadbff6f2b6bb496064d558d6fa0770e.tar.gz samba-66561b0fdadbff6f2b6bb496064d558d6fa0770e.tar.bz2 samba-66561b0fdadbff6f2b6bb496064d558d6fa0770e.zip |
PHPTR Edit 2. More to come.
(This used to be commit bc4d2f60cefa126415b06440280761d19e8c0d21)
Diffstat (limited to 'docs/Samba3-HOWTO')
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-Bugs.xml | 44 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-Compiling.xml | 48 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-DNS-DHCP-Configuration.xml | 38 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-Diagnosis.xml | 136 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-HighAvailability.xml | 87 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-LargeFile.xml | 34 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml | 227 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-Other-Clients.xml | 56 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-Portability.xml | 47 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-Problems.xml | 141 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-SWAT.xml | 130 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-Speed.xml | 52 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-glossary.xml | 54 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml | 75 |
14 files changed, 577 insertions, 592 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-Bugs.xml b/docs/Samba3-HOWTO/TOSHARG-Bugs.xml index 5af66fc05a..1395d8893b 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Bugs.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Bugs.xml @@ -24,15 +24,15 @@ may be changing the bug reporting mechanism at some point. <para> Please do as much as you can yourself to help track down the bug. Samba is maintained by a dedicated group of people who volunteer -their time, skills and efforts. We receive far more mail than +their time, skills, and efforts. We receive far more mail than we can possibly answer, so you have a much higher chance of a response -and a fix if you send us a <quote>developer friendly</quote> bug report that lets +and a fix if you send us a <quote>developer-friendly</quote> bug report that lets us fix it fast. </para> <para> -Do not assume that if you post the bug to the comp.protocols.smb -newsgroup or the mailing list that we will read it. If you suspect that your +If you post the bug to the comp.protocols.smb +newsgroup or the mailing list, do not assume that we will read it. If you suspect that your problem is not a bug but a configuration problem, it is better to send it to the Samba mailing list, as there are thousands of other users on that list who may be able to help you. @@ -52,7 +52,7 @@ at <ulink noescape="1" url="http://samba.org/samba/">http://samba.org/samba/</ul <para> Before submitting a bug report, check your config for silly errors. Look in your log files for obvious messages that tell -you've mis-configured something. Run testparm to check your config +you've misconfigured something. Run testparm to check your config file for correct syntax. </para> @@ -76,7 +76,7 @@ If the bug has anything to do with Samba behaving incorrectly as a server (like refusing to open a file), then the log files will probably be quite useful. Depending on the problem, a log level of between 3 and 10 showing the problem may be appropriate. A higher level gives more -detail, but may use too much disk space. +detail but may use too much disk space. </para> <para> @@ -95,9 +95,9 @@ To do this, add the following lines to your main &smb.conf; file: <para> and create a file <filename>/usr/local/samba/lib/smb.conf.<replaceable>machine</replaceable></filename> where <replaceable>machine</replaceable> is the name of the client you wish to debug. In that file -put any &smb.conf; commands you want, for example +put any &smb.conf; commands you want; for example, <smbconfoption name="log level"/> may be useful. This also allows you to -experiment with different security systems, protocol levels and so on, on just +experiment with different security systems, protocol levels, and so on, on just one machine. </para> @@ -118,12 +118,12 @@ prepared for a large volume of log data. </para> <sect2> - <title>Debugging Specific Operations</title> + <title>Debugging-Specific Operations</title> <para> Samba-3.x permits debugging (logging) of specific functional components without unnecessarily cluttering the log files with detailed logs for all operations. An example configuration to - achive this is shown in: + achieve this is shown in: </para> <para> @@ -136,10 +136,10 @@ prepared for a large volume of log data. <para> This will cause the level of detail to be expanded to the debug class (log level) passed to - each funtional area per the value shown above. The first value passed to the <parameter>log level</parameter> + each functional area per the value shown above. The first value passed to the <parameter>log level</parameter> of <constant>0</constant> means turn off all unnecessary debugging except the debug classes set for - the functional areas as specified. The table shown in <link linkend="dbgclass">Debugable Functions</link> - may be used to affect very precise analysis of each SMB operation Samba is conducting. + the functional areas as specified. The table shown in <link linkend="dbgclass">Debuggable Functions</link> + may be used to attain very precise analysis of each SMB operation Samba is conducting. </para> <table frame="all" id="dbgclass"> @@ -178,7 +178,7 @@ you have faulty hardware or system software). <para> If the message came from smbd, it will probably be accompanied by a message that details the last SMB message received by smbd. This -information is often useful in tracking down the problem so please +information is often useful in tracking down the problem, so please include it in your bug report. </para> @@ -212,7 +212,7 @@ problem occurred. Include this in your report. <para> If you know any assembly language, do a <command>disass</command> of the routine -where the problem occurred (if its in a library routine, then +where the problem occurred (if it's in a library routine, then disassemble the routine that called it) and try to work out exactly where the problem is by looking at the surrounding code. Even if you do not know assembly, including this information in the bug report can be @@ -225,10 +225,10 @@ useful. <para> Unfortunately, some UNIXes (in particular some recent Linux kernels) -refuse to dump a core file if the task has changed uid (which smbd +refuse to dump a core file if the task has changed UID (which smbd does often). To debug with this sort of system, you could try to attach to the running process using -<userinput>gdb smbd <replaceable>PID</replaceable></userinput> where you get +<userinput>gdb smbd <replaceable>PID</replaceable></userinput>, where you get <replaceable>PID</replaceable> from <application>smbstatus</application>. Then use <command>c</command> to continue and try to cause the core dump using the client. The debugger should catch the fault and tell you @@ -236,7 +236,7 @@ where it occurred. </para> <para> -Sometimes it is necessary to build a Samba binary files that have debugging +Sometimes it is necessary to build Samba binary files that have debugging symbols so as to make it possible to capture enough information from a crashed operation to permit the Samba Team to fix the problem. </para> @@ -247,13 +247,13 @@ Add the following line to the &smb.conf; file global section: <screen> panic action = "/bin/sleep 90000" </screen> -to catch any panics. If <command>smbd</command> seems to be frozen look for any sleep -processes. If it is not, and appears to be spinning, find the process id +to catch any panics. If <command>smbd</command> seems to be frozen, look for any sleep +processes. If it is not, and appears to be spinning, find the PID of the spinning process and type: <screen> gdb /usr/local/samba/sbin/smbd </screen> -then <quote>attach 'pid'</quote> (of the spinning process), then type <quote>bt</quote> to +then <quote>attach `pid'</quote> (of the spinning process), then type <quote>bt</quote> to get a backtrace to see where the smbd is in the call path. </para> @@ -268,7 +268,7 @@ get a backtrace to see where the smbd is in the call path. <indexterm><primary>patch</primary></indexterm> The best sort of bug report is one that includes a fix! If you send us patches, please use <userinput>diff -u</userinput> format if your version of -diff supports it, otherwise use <userinput>diff -c4</userinput>. Make sure +diff supports it; otherwise, use <userinput>diff -c4</userinput>. Make sure you do the diff against a clean version of the source and let me know exactly what version you used. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs/Samba3-HOWTO/TOSHARG-Compiling.xml index ac4c55ddb0..80c9d9d1d6 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Compiling.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Compiling.xml @@ -14,7 +14,7 @@ <para> You can obtain the Samba source file from the -<ulink url="http://samba.org/">Samba Website.</ulink> To obtain a development version, +<ulink url="http://samba.org/">Samba Web site</ulink>. To obtain a development version, you can download Samba from Subversion or using <command>rsync</command>. </para> @@ -36,7 +36,7 @@ detailed in this chapter. <para> This chapter is a modified version of the instructions found at the -<ulink noescape="1" url="http://samba.org/samba/subversion.html">Samba</ulink> web site. +<ulink noescape="1" url="http://samba.org/samba/subversion.html">Samba</ulink> Web site. </para> </sect2> @@ -48,7 +48,7 @@ This chapter is a modified version of the instructions found at the The machine samba.org runs a publicly accessible Subversion repository for access to the source code of several packages, including Samba, rsync, distcc, ccache, and jitterbug. There are two main ways -of accessing the Subversion server on this host: +of accessing the Subversion server on this host. </para> <sect3> @@ -64,8 +64,8 @@ listing between any two versions on the repository. </para> <para> -Use the URL: -<ulink noescape="1" url="http://svnweb.samba.org/">http://svnweb.samba.org/</ulink> +Use the URL +<ulink noescape="1" url="http://svnweb.samba.org/">http://svnweb.samba.org/</ulink>. </para> </sect3> @@ -75,8 +75,8 @@ Use the URL: <para> You can also access the source code via a normal Subversion client. This gives you much more control over what you can -do with the repository and allows you to checkout whole source trees -and keep them up-to-date via normal Subversion commands. This is the +do with the repository and allows you to check out whole source trees +and keep them up to date via normal Subversion commands. This is the preferred method of access if you are a developer and not just a casual browser. </para> @@ -157,12 +157,12 @@ To gain access via anonymous Subversion, use the following steps. location and also via anonymous rsync at the Samba <ulink noescape="1" url="rsync://pserver.samba.org/ftp/unpacked/">rsync</ulink> server location. I recommend using rsync rather than ftp. - See <ulink noescape="1" url="http://rsync.samba.org/">the rsync home-page</ulink> for more info on rsync. + See <ulink noescape="1" url="http://rsync.samba.org/">the rsync home page</ulink> for more info on rsync. </para> <para> The disadvantage of the unpacked trees is that they do not support automatic - merging of local changes like Subversion does. <command>rsync</command> access is most convenient + merging of local changes as Subversion does. <command>rsync</command> access is most convenient for an initial install. </para> </sect1> @@ -174,7 +174,7 @@ To gain access via anonymous Subversion, use the following steps. <indexterm><primary>GPG</primary></indexterm> It is strongly recommended that you verify the PGP signature for any source file before installing it. Even if you're not downloading from a mirror site, verifying PGP signatures -should be a standard reflex. Many people today use the GNU GPG tool-set in place of PGP. +should be a standard reflex. Many people today use the GNU GPG tool set in place of PGP. GPG can substitute for PGP. </para> @@ -209,7 +209,7 @@ and verify the Samba source code integrity with: </screen> <para> -If you receive a message like, <quote>Good signature from Samba Distribution Verification Key...</quote> +If you receive a message like, <quote>Good signature from Samba Distribution Verification Key...,</quote> then all is well. The warnings about trust relationships can be ignored. An example of what you would not want to see would be: </para> @@ -227,7 +227,7 @@ example of what you would not want to see would be: <indexterm><primary>autogen.sh</primary></indexterm> After the source tarball has been unpacked, the next step involves configuration to match Samba to your operating system platform. - If your source directory does not contain the <command>configure</command> script + If your source directory does not contain the <command>configure</command> script, it is necessary to build it before you can continue. Building of the configure script requires the correct version of the autoconf tool kit. Where the necessary version of autoconf is present, @@ -244,7 +244,7 @@ example of what you would not want to see would be: To build the binaries, run the program <userinput>./configure </userinput> in the source directory. This should automatically configure Samba for your operating system. If you have unusual - needs, then you may wish to run: + needs, then you may wish to first run: <screen> &rootprompt;<userinput>./configure --help</userinput> </screen> @@ -264,7 +264,7 @@ example of what you would not want to see would be: <screen> &rootprompt; <userinput>make</userinput> </screen> - Once it is successfully compiled you can execute the command shown here to + Once it is successfully compiled, you can execute the command shown here to install the binaries and manual pages: <screen> &rootprompt; <userinput>make install</userinput> @@ -317,13 +317,13 @@ example of what you would not want to see would be: </itemizedlist> <para> - If your Kerberos libraries are in a non-standard location, then + If your Kerberos libraries are in a nonstandard location, then remember to add the configure option <option>--with-krb5=<replaceable>DIR</replaceable></option>. </para> <para> - After you run configure, make sure that + After you run configure, make sure that the <filename>include/config.h</filename> it generates contain lines like this: <programlisting> #define HAVE_KRB5 1 @@ -381,8 +381,8 @@ example of what you would not want to see would be: <para> SuSE Linux Samba RPMs support Kerberos. Please refer to the documentation for your SuSE Linux system for information regarding SuSE Linux specific configuration. - Additionally, SuSE are very active in the maintenance of Samba packages that provide - the maximum capabilities that are available. You should consider using SuSE provided + Additionally, SuSE is very active in the maintenance of Samba packages that provide + the maximum capabilities that are available. You should consider using SuSE-provided packages where they are available. </para> @@ -402,7 +402,7 @@ example of what you would not want to see would be: <application>inetd</application>. Don't try to do both! Either you can put them in <filename> inetd.conf</filename> and have them started on demand by <application>inetd</application> or <application>xinetd</application>, or you - can start them as daemons either from the command line or in + can start them as daemons either from the command-line or in <filename>/etc/rc.local</filename>. See the man pages for details on the command line options. Take particular care to read the bit about what user you need to have to start Samba. In many cases, you must be root. @@ -420,7 +420,7 @@ example of what you would not want to see would be: <note> <para>The following will be different if - you use NIS, NIS+ or LDAP to distribute services maps.</para> + you use NIS, NIS+, or LDAP to distribute services maps.</para> </note> <para>Look at your <filename>/etc/services</filename>. @@ -466,11 +466,11 @@ netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd the IP address and netmask of your interfaces. Run <application>ifconfig</application> as root if you do not know what the broadcast is for your net. &nmbd; tries - to determine it at run time, but fails on some UNIXes. + to determine it at runtime, but fails on some UNIXes. </para></note> <warning><para> - Many UNIXes only accept about five parameters on the command + Many UNIXes only accept around five parameters on the command line in <filename>inetd.conf</filename>. This means you shouldn't use spaces between the options and arguments, or you should use a script and start the script from <command>inetd</command>. @@ -503,7 +503,7 @@ netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd </programlisting></para> <para> - Make it executable with <command>chmod +x startsmb</command> + Make it executable with <command>chmod +x startsmb</command>. </para> <para> @@ -516,7 +516,7 @@ netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd </para> <note><para> - If you use the SVR4 style init system, you may like to look at the + If you use the SVR4-style init system, you may like to look at the <filename>examples/svr4-startup</filename> script to make Samba fit into that system. </para></note> diff --git a/docs/Samba3-HOWTO/TOSHARG-DNS-DHCP-Configuration.xml b/docs/Samba3-HOWTO/TOSHARG-DNS-DHCP-Configuration.xml index 6a1318bb5e..72564f5201 100644 --- a/docs/Samba3-HOWTO/TOSHARG-DNS-DHCP-Configuration.xml +++ b/docs/Samba3-HOWTO/TOSHARG-DNS-DHCP-Configuration.xml @@ -27,7 +27,7 @@ notebook computer into a network port and have things <quote>just work.</quote> UNIX administrators have a point. Many of the normative practices in the Microsoft Windows world at best border on bad practice from a security perspective. Microsoft Windows networking protocols allow workstations to arbitrarily register -themselves on a network. Windows 2000 Active Directory registers entries in the DNS name space +themselves on a network. Windows 2000 Active Directory registers entries in the DNS namespace that are equally perplexing to UNIX administrators. Welcome to the new world! </para> @@ -41,7 +41,7 @@ compatible with their equivalents in the Microsoft Windows 2000 Server products. </para> <para> -The purpose of this chapter is to provide no more than a working example of +This chapter provides no more than a working example of configuration files for both DNS and DHCP servers. The examples used match configuration examples used elsewhere in this document. </para> @@ -50,9 +50,9 @@ configuration examples used elsewhere in this document. This chapter explicitly does not provide a tutorial, nor does it pretend to be a reference guide on DNS and DHCP, as this is well beyond the scope and intent of this document as a whole. Anyone who wants more detailed reference materials -on DNS or DHCP should visit the ISC Web sites at <ulink noescape="1" url="http://www.isc.org"> +on DNS or DHCP should visit the ISC Web site at <ulink noescape="1" url="http://www.isc.org"> http://www.isc.org</ulink>. Those wanting a written text might also be interested -in the O'Reilly publications on these two subjects. +in the O'Reilly publications on these two subjects (John, more specific info on O'Reilly publications???????). </para> </sect1> @@ -61,19 +61,19 @@ in the O'Reilly publications on these two subjects. <title>Example Configuration</title> <para> -The domain name system is to the Internet what water is to life. By it nearly all -information resources (host names) are resolved to their Internet protocol (IP) address. +The DNS is to the Internet what water is to life. Nearly all +information resources (host names) are resolved to their Internet protocol (IP) addresses through DNS. Windows networking tried hard to avoid the complexities of DNS, but alas, DNS won. <indexterm><primary>WINS</primary></indexterm> -The alternative to DNS, the Windows Internet Name Service (WINS) an artifact of -NetBIOS networking over the TCP/IP protocols, has demonstrated scalability problems as -well as a flat non-hierarchical name space that became unmanageable as the size and +The alternative to DNS, the Windows Internet Name Service (WINS) &smbmdash; an artifact of +NetBIOS networking over the TCP/IP protocols &smbmdash; has demonstrated scalability problems as +well as a flat, nonhierarchical namespace that became unmanageable as the size and complexity of information technology networks grew. </para> <para> WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS). -It allows NetBIOS clients (like Microsoft Windows Machines) to register an arbitrary +It allows NetBIOS clients (like Microsoft Windows machines) to register an arbitrary machine name that the administrator or user has chosen together with the IP address that the machine has been given. Through the use of WINS, network client machines could resolve machine names to their IP address. @@ -88,14 +88,14 @@ Both WINS and Microsoft DNS rely on dynamic name registration. <para> Microsoft Windows clients can perform dynamic name registration to the DNS server -on start-up. Alternately, where DHCP is used to assign workstation IP addresses, -it is possible to register host names and their IP address by the DHCP server as -soon as a client acknowledges an IP address lease. Lastly, Microsoft DNS can resolve +on startup. Alternatively, where DHCP is used to assign workstation IP addresses, +it is possible to register hostnames and their IP address by the DHCP server as +soon as a client acknowledges an IP address lease. Finally, Microsoft DNS can resolve hostnames via Microsoft WINS. </para> <para> -The following configurations demonstrate a simple insecure Dynamic DNS server and +The following configurations demonstrate a simple, insecure dynamic DNS server and a simple DHCP server that matches the DNS configuration. </para> @@ -114,13 +114,13 @@ a simple DHCP server that matches the DNS configuration. <indexterm><primary>BIND</primary></indexterm> It is assumed that this network will be situated behind a secure firewall. The files that follow work with ISC BIND version 9. BIND is the Berkeley - Internet Name Daemon. The following configuration files are offered: + Internet Name Daemon. </para> <para> The master configuration file <filename>/etc/named.conf</filename> determines the location of all further configuration files used. - The location and name of this file is specified in the start-up script + The location and name of this file is specified in the startup script that is part of the operating system. <programlisting> # Quenya.Org configuration file @@ -274,7 +274,7 @@ $ORIGIN 1.168.192.in-addr.arpa. </para> <para> - The above were copied from a fully working system. All dynamically registered + The configuration files shown here were copied from a fully working system. All dynamically registered entries have been removed. In addition to these files, BIND version 9 will create for each of the dynamic registration files a file that has a <filename>.jnl</filename> extension. Do not edit or tamper with the configuration @@ -317,8 +317,8 @@ subnet 192.168.1.0 netmask 255.255.255.0 { </para> <para> - In the above example, IP addresses between 192.168.1.1 and 192.168.1.59 are - reserved for fixed address (commonly called <constant>hard-wired</constant>) IP addresses. The + In this example, IP addresses between 192.168.1.1 and 192.168.1.59 are + reserved for fixed-address (commonly called <constant>hard-wired</constant>) IP addresses. The addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-Diagnosis.xml b/docs/Samba3-HOWTO/TOSHARG-Diagnosis.xml index 6b844dc17e..b1408f3b60 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Diagnosis.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Diagnosis.xml @@ -21,15 +21,15 @@ then it is probably working fine. </para> <para> -You should do all the tests, in the order shown. We have tried to +You should do all the tests in the order shown. We have tried to carefully choose them so later tests only use capabilities verified in -the earlier tests. However, do not stop at the first error as there +the earlier tests. However, do not stop at the first error: there have been some instances when continuing with the tests has helped to solve a problem. </para> <para> -If you send one of the Samba mailing lists an email saying, <quote>it does not work</quote> +If you send one of the Samba mailing lists an email saying, <quote>It does not work,</quote> and you have not followed this test procedure, you should not be surprised if your email is ignored. </para> @@ -41,7 +41,7 @@ if your email is ignored. <para> In all of the tests, it is assumed you have a Samba server called -BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP. +BIGSERVER and a PC called ACLIENT, both in workgroup TESTGROUP. </para> <para> @@ -50,14 +50,14 @@ The procedure is similar for other types of clients. <para> It is also assumed you know the name of an available share in your -&smb.conf;. I will assume this share is called <smbconfsection name="tmp"/>. +&smb.conf;. I for our examples this share is called <smbconfsection name="tmp"/>. You can add a <smbconfsection name="tmp"/> share like this by adding the lines shown in <link linkend="tmpshare">the next example</link>. </para> <example id="tmpshare"> - <title>smb.conf with [tmp] share</title> - <smbconfblock> +<title>smb.conf with [tmp] Share</title> +<smbconfblock> <smbconfsection name="[tmp]"/> <smbconfoption name="comment">temporary files </smbconfoption> <smbconfoption name="path">/tmp</smbconfoption> @@ -105,7 +105,7 @@ remember to restart &smbd; and &nmbd;. <sect1> <title>The Tests</title> <procedure> -<title>Diagnosing your Samba server</title> +<title>Diagnosing Your Samba Server</title> <step performance="required"> @@ -117,7 +117,7 @@ configuration file is faulty. </para> <note><para> -Your &smb.conf; file may be located in: <filename>/etc/samba</filename> +Your &smb.conf; file may be located in <filename>/etc/samba</filename> or in <filename>/usr/local/samba/lib</filename>. </para></note> </step> @@ -130,12 +130,12 @@ then your TCP/IP software is not correctly installed. </para> <para> -You will need to start a <quote>dos prompt</quote> window on the PC to run ping. +You will need to start a <quote>DOS prompt</quote> window on the PC to run ping. </para> <para> -If you get a message saying <quote><errorname>host not found</errorname></quote> or similar, then your DNS -software or <filename>/etc/hosts</filename> file is not correctly setup. +If you get a message saying <quote><errorname>host not found</errorname></quote> or a similar message, then your DNS +software or <filename>/etc/hosts</filename> file is not correctly set up. It is possible to run Samba without DNS entries for the server and client, but it is assumed you do have correct entries for the remainder of these tests. </para> @@ -157,13 +157,13 @@ This is a common problem that is often overlooked. <para> If you wish to check what firewall rules may be present in a system under test, simply run -<command>iptables -L -v</command> or if <parameter>ipchains</parameter>-based firewall rules are in use, +<command>iptables -L -v</command>, or if <parameter>ipchains</parameter>-based firewall rules are in use, <command>ipchains -L -v</command>. </para> <para> -Here is a sample listing from a system that has an external ethernet interface (eth1) on which Samba -is not active, and an internal (private network) interface (eth0) on which Samba is active: +Here is a sample listing from a system that has an external Ethernet interface (eth1) on which Samba +is not active and an internal (private network) interface (eth0) on which Samba is active: <screen> frodo:~ # iptables -L -v Chain INPUT (policy DROP 98496 packets, 12M bytes) @@ -193,24 +193,24 @@ Chain reject_func (0 references) <step performance="required"> <para> -Run the command: <command>smbclient -L BIGSERVER</command> +Run the command <command>smbclient -L BIGSERVER</command> on the UNIX box. You should get back a list of available shares. </para> <para> -If you get an error message containing the string <quote>Bad password</quote>, then +If you get an error message containing the string <quote>bad password</quote>, then you probably have either an incorrect <parameter>hosts allow</parameter>, -<parameter>hosts deny</parameter> or <parameter>valid users</parameter> line in your +<parameter>hosts deny</parameter>, or <parameter>valid users</parameter> line in your &smb.conf;, or your guest account is not valid. Check what your guest account is using &testparm; and temporarily remove any <parameter>hosts allow</parameter>, <parameter>hosts deny</parameter>, -<parameter>valid users</parameter> or <parameter>invalid users</parameter> lines. +<parameter>valid users</parameter>, or <parameter>invalid users</parameter> lines. </para> <para> If you get a message <quote><errorname>connection refused</errorname></quote> response, then the <command>smbd</command> server may not be running. If you installed it in <filename>inetd.conf</filename>, then you probably edited that file incorrectly. If you installed it as a daemon, then check that -it is running, and check that the netbios-ssn port is in a LISTEN +it is running and check that the netbios-ssn port is in a LISTEN state using <command>netstat -a</command>. </para> @@ -224,8 +224,8 @@ the network super daemon. </para></note> <para> -If you get a message saying <quote><errorname>session request failed</errorname></quote>, the server refused the -connection. If it says <quote>Your server software is being unfriendly</quote>, then +If you get a message saying <quote><errorname>session request failed,</errorname></quote> the server refused the +connection. If it says <quote>Your server software is being unfriendly,</quote> then it's probably because you have invalid command line parameters to &smbd;, or a similar fatal problem with the initial startup of &smbd;. Also check your config file (&smb.conf;) for syntax errors with &testparm; @@ -241,8 +241,8 @@ the &smb.conf; file entries as shown in <link linkend="modif1">the next example< <example id="modif1"> - <title>Configuration for only allowing connections from a certain subnet</title> - <smbconfblock> +<title>Configuration for Allowing Connections Only from a Certain Subnet</title> +<smbconfblock> <smbconfsection name="[globals]"/> <smbconfoption name="hosts deny">ALL</smbconfoption> <smbconfoption name="hosts allow">xxx.xxx.xxx.xxx/yy</smbconfoption> @@ -252,14 +252,15 @@ the &smb.conf; file entries as shown in <link linkend="modif1">the next example< </example> <para> -In the above, no allowance has been made for any session requests that -will automatically translate to the loopback adapter address 127.0.0.1. -To solve this problem, change these lines as shown in <link linkend="modif2">the following example</link>. +In <link linkend="modif1">Configuration for Allowing Connections Only from a Certain Subnet</link>, no +allowance has been made for any session requests that will automatically translate to the loopback adapter +address 127.0.0.1. To solve this problem, change these lines as shown in <link linkend="modif2">the following +example</link>. </para> <example id="modif2"> - <title>Configuration for allowing connections from a certain subnet and localhost</title> - <smbconfblock> +<title>Configuration for Allowing Connections from a Certain Subnet and localhost</title> +<smbconfblock> <smbconfsection name="[globals]"/> <smbconfoption name="hosts deny">ALL</smbconfoption> <smbconfoption name="hosts allow">xxx.xxx.xxx.xxx/yy 127.</smbconfoption> @@ -269,18 +270,17 @@ To solve this problem, change these lines as shown in <link linkend="modif2">the <para> <indexterm><primary>inetd</primary></indexterm> -Another common cause of these two errors is having something already running <indexterm><primary>smbclient</primary></indexterm> -on port <constant>139</constant>, such as Samba (&smbd; is running from <application>inetd</application> already) or -something like Digital's Pathworks. Check your <filename>inetd.conf</filename> file before trying -to start &smbd; as a daemon &smbmdash; it can avoid a lot of frustration! +Another common cause of these two errors is having something already running on port <constant>139</constant>, +such as Samba (&smbd; is running from <application>inetd</application> already) or Digital's Pathworks. Check +your <filename>inetd.conf</filename> file before trying to start &smbd; as a daemon &smbmdash; it can avoid a +lot of frustration! </para> <para> -And yet another possible cause for failure of this test is when the subnet mask -and/or broadcast address settings are incorrect. Please check that the -network interface IP Address/Broadcast Address/Subnet Mask settings are -correct and that Samba has correctly noted these in the <filename>log.nmbd</filename> file. +And yet another possible cause for failure of this test is when the subnet mask and/or broadcast address +settings are incorrect. Please check that the network interface IP address/broadcast address/subnet mask +settings are correct and that Samba has correctly noted these in the <filename>log.nmbd</filename> file. </para> </step> @@ -288,13 +288,13 @@ correct and that Samba has correctly noted these in the <filename>log.nmbd</file <step performance="required"> <para> -Run the command: <command>nmblookup -B BIGSERVER __SAMBA__</command>. +Run the command <command>nmblookup -B BIGSERVER __SAMBA__</command>. You should get back the IP address of your Samba server. </para> <para> If you do not, then nmbd is incorrectly installed. Check your <filename>inetd.conf</filename> -if you run it from there, or that the daemon is running and listening to udp port 137. +if you run it from there, or that the daemon is running and listening to UDP port 137. </para> <para> @@ -309,17 +309,17 @@ inetd. <step performance="required"> <para> -Run the command: <command>nmblookup -B ACLIENT `*'</command> +Run the command <command>nmblookup -B ACLIENT `*'</command>. </para> <para> -You should get the PC's IP address back. If you do not then the client +You should get the PC's IP address back. If you do not, then the client software on the PC isn't installed correctly, or isn't started, or you got the name of the PC wrong. </para> <para> -If ACLIENT does not resolve via DNS then use the IP address of the +If ACLIENT does not resolve via DNS, then use the IP address of the client in the above test. </para> @@ -328,7 +328,7 @@ client in the above test. <step performance="required"> <para> -Run the command: <command>nmblookup -d 2 '*'</command> +Run the command <command>nmblookup -d 2 `*'</command>. </para> <para> @@ -341,21 +341,21 @@ messages from several hosts. </para> <para> -If this does not give a similar result to the previous test, then +If this does not give a result similar to the previous test, then nmblookup isn't correctly getting your broadcast address through its automatic mechanism. In this case you should experiment with the <smbconfoption name="interfaces"/> option in &smb.conf; to manually configure your IP -address, broadcast and netmask. +address, broadcast, and netmask. </para> <para> If your PC and server aren't on the same subnet, then you will need to use the -<option>-B</option> option to set the broadcast address to that of the PCs subnet. +<option>-B</option> option to set the broadcast address to that of the PC's subnet. </para> <para> This test will probably fail if your subnet mask and broadcast address are -not correct. (Refer to TEST 3 notes above). +not correct. (Refer to test 3 notes above). </para> </step> @@ -365,11 +365,11 @@ not correct. (Refer to TEST 3 notes above). <para> <indexterm><primary>smbclient</primary></indexterm> -Run the command: <command>smbclient //BIGSERVER/TMP</command>. You should +Run the command <command>smbclient //BIGSERVER/TMP</command>. You should then be prompted for a password. You should use the password of the account with which you are logged into the UNIX box. If you want to test with another account, then add the <option>-U accountname</option> option to the end of -the command line. For example, <command>smbclient //bigserver/tmp -Ujohndoe</command>. +the command line &smbmdash; for example, <command>smbclient //bigserver/tmp -Ujohndoe</command>. </para> <note><para> @@ -380,11 +380,11 @@ It is possible to specify the password along with the username as follows: <para> Once you enter the password, you should get the <prompt>smb></prompt> prompt. If you do not, then look at the error message. If it says <quote><errorname>invalid network -name</errorname></quote>, then the service <smbconfsection name="tmp"/> is not correctly setup in your &smb.conf;. +name,</errorname></quote> then the service <smbconfsection name="tmp"/> is not correctly set up in your &smb.conf;. </para> <para> -If it says <quote><errorname>bad password</errorname></quote>, then the likely causes are: +If it says <quote><errorname>bad password,</errorname></quote> then the likely causes are: </para> <orderedlist> @@ -403,7 +403,7 @@ If it says <quote><errorname>bad password</errorname></quote>, then the likely c <listitem> <para> - You have a mixed case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level. + You have a mixed-case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level. </para> </listitem> @@ -415,7 +415,7 @@ If it says <quote><errorname>bad password</errorname></quote>, then the likely c <listitem> <para> - You enabled password encryption but didn't map UNIX to Samba users. Run: + You enabled password encryption but didn't map UNIX to Samba users. Run <command>smbpasswd -a username</command> </para> </listitem> @@ -423,7 +423,7 @@ If it says <quote><errorname>bad password</errorname></quote>, then the likely c <para> Once connected, you should be able to use the commands <command>dir</command>, <command>get</command>, -<command>put</command> and so on. Type <command>help command</command> for instructions. You should +<command>put</command>, and so on. Type <command>help command</command> for instructions. You should especially check that the amount of free disk space shown is correct when you type <command>dir</command>. </para> @@ -433,19 +433,19 @@ especially check that the amount of free disk space shown is correct when you ty <para> On the PC, type the command <command>net view \\BIGSERVER</command>. You will -need to do this from within a dos prompt window. You should get back a +need to do this from within a DOS prompt window. You should get back a list of shares available on the server. </para> <para> -If you get a message <quote><errorname>network name not found</errorname></quote> or similar error, then netbios +If you get a message <quote><errorname>network name not found</errorname></quote> or similar error, then NetBIOS name resolution is not working. This is usually caused by a problem in <command>nmbd</command>. To overcome it, you could do one of the following (you only need to choose one of them): </para> <orderedlist> <listitem><para> - Fixup the &nmbd; installation. + Fix the &nmbd; installation. </para></listitem> <listitem><para> @@ -464,8 +464,8 @@ To overcome it, you could do one of the following (you only need to choose one o <para> If you get a message <quote><errorname>invalid network name</errorname></quote> or -<quote><errorname>bad password error</errorname></quote>, then apply the -same fixes as for the <command>smbclient -L</command> test above. In +<quote><errorname>bad password error,</errorname></quote> then apply the +same fixes as for the <command>smbclient -L</command> test. In particular, make sure your <command>hosts allow</command> line is correct (see the man pages). </para> @@ -478,9 +478,9 @@ name and password. </para> <para> -If you get a message <quote><errorname>specified computer is not receiving requests</errorname></quote> or similar, -it probably means that the host is not contact-able via TCP services. -Check to see if the host is running TCP wrappers, and if so add an entry in +If you get a message <quote><errorname>specified computer is not receiving requests</errorname></quote> or similar error, +it probably means that the host is not contactable via TCP services. +Check to see if the host is running TCP wrappers, and if so, add an entry in the <filename>hosts.allow</filename> file for your client (or subnet, and so on.) </para> @@ -497,7 +497,7 @@ and other config lines in &smb.conf; are correct. </para> <para> -It's also possible that the server can't work out what user name to connect you as. +It's also possible that the server can't work out what username to connect you as. To see if this is the problem, add the line <smbconfoption name="user">username</smbconfoption> to the <smbconfsection name="[tmp]"/> section of @@ -509,7 +509,7 @@ fixes things, you may need the username mapping option. <para> It might also be the case that your client only sends encrypted passwords and you have <smbconfoption name="encrypt passwords">no</smbconfoption> in &smb.conf;. -Change this to "yes" to fix this. +Change this setting to `yes' to fix this. </para> </step> @@ -538,14 +538,14 @@ an election is held at startup. <para> From file manager, try to browse the server. Your Samba server should appear in the browse list of your local workgroup (or the one you -specified in &smb.conf;). You should be able to double click on the name -of the server and get a list of shares. If you get the error message <quote>invalid password</quote>, +specified in &smb.conf;). You should be able to double-click on the name +of the server and get a list of shares. If you get the error message <quote>invalid password,</quote> you are probably running Windows NT and it is refusing to browse a server that has no encrypted password -capability and is in User Level Security mode. In this case, either set +capability and is in user-level security mode. In this case, either set <smbconfoption name="security">server</smbconfoption> and <smbconfoption name="password server">Windows_NT_Machine</smbconfoption> in your -&smb.conf; file, or make sure <smbconfoption name="encrypt passwords"/> is +&smb.conf; file or make sure <smbconfoption name="encrypt passwords"/> is set to <quote>yes</quote>. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-HighAvailability.xml b/docs/Samba3-HOWTO/TOSHARG-HighAvailability.xml index 385646d91f..3d91f2c356 100644 --- a/docs/Samba3-HOWTO/TOSHARG-HighAvailability.xml +++ b/docs/Samba3-HOWTO/TOSHARG-HighAvailability.xml @@ -80,7 +80,7 @@ from other sources, but it was Jeremy who inspired the structure that follows. <itemizedlist> <listitem><para>All clients can connect transparently to any server.</para></listitem> <listitem><para>A server can fail and clients are transparently reconnected to another server.</para></listitem> - <listitem><para>All servers server out the same set of files.</para></listitem> + <listitem><para>All servers serve out the same set of files.</para></listitem> <listitem><para>All file changes are immediately seen on all servers.</para> <itemizedlist><listitem><para>Requires a distributed file system.</para></listitem></itemizedlist></listitem> <listitem><para>Infinite ability to scale by adding more servers or disks.</para></listitem> @@ -103,7 +103,7 @@ from other sources, but it was Jeremy who inspired the structure that follows. <para> The TCP connection involves a packet sequence number. This sequence number would need to be dynamically updated on all - machines in the cluster to effect seamless TCP fail-over. + machines in the cluster to effect seamless TCP failover. </para> </listitem> <listitem> @@ -111,13 +111,13 @@ from other sources, but it was Jeremy who inspired the structure that follows. CIFS/SMB (the Windows networking protocols) uses TCP connections. </para> <para> - This means that from a basic design perspective, fail-over is not + This means that from a basic design perspective, failover is not seriously considered. <itemizedlist> <listitem><para> - All current SMB clusters are fail-over solutions + All current SMB clusters are failover solutions &smbmdash; they rely on the clients to reconnect. They provide server - fail-over, but clients can lose information due to a server failure. + failover, but clients can lose information due to a server failure. </para></listitem> </itemizedlist> </para> @@ -127,7 +127,7 @@ from other sources, but it was Jeremy who inspired the structure that follows. Servers keep state information about client connections. <itemizedlist> <listitem><para>CIFS/SMB involves a lot of state.</para></listitem> - <listitem><para>Every file open must be compared with other file opens + <listitem><para>Every file open must be compared with other open files to check share modes.</para></listitem> </itemizedlist> </para> @@ -140,13 +140,13 @@ from other sources, but it was Jeremy who inspired the structure that follows. <para> To make it possible for a cluster of file servers to appear as a single server that has one name and one IP address, the incoming TCP data streams from clients must be processed by the - front end virtual server. This server must de-multiplex the incoming packets at the SMB protocol + front-end virtual server. This server must de-multiplex the incoming packets at the SMB protocol layer level and then feed the SMB packet to different servers in the cluster. </para> <para> - One could split all IPC$ connections and RPC calls to one server to handle printing and user - lookup requirements. RPC Printing handles are shared between different IPC4 sessions &smbmdash; it is + One could split all IPC4 connections and RPC calls to one server to handle printing and user + lookup requirements. RPC printing handles are shared between different IPC4 sessions &smbmdash; it is hard to split this across clustered servers! </para> @@ -158,7 +158,7 @@ from other sources, but it was Jeremy who inspired the structure that follows. </sect3> <sect3> - <title>De-multiplexing SMB Requests</title> + <title>Demultiplexing SMB Requests</title> <para> De-multiplexing of SMB requests requires knowledge of SMB state information, @@ -174,7 +174,7 @@ from other sources, but it was Jeremy who inspired the structure that follows. <para> SMB requests are sent by vuid to their associated server. No code exists today to - affect this solution. This problem is conceptually similar to the problem of + effect this solution. This problem is conceptually similar to the problem of correctly handling requests from multiple requests from Windows 2000 Terminal Server in Samba. </para> @@ -196,7 +196,7 @@ from other sources, but it was Jeremy who inspired the structure that follows. <para> Many could be adopted to backend our cluster, so long as awareness of SMB - semantics is kept in mind (share modes, locking and oplock issues in particular). + semantics is kept in mind (share modes, locking, and oplock issues in particular). Common free distributed file systems include: <indexterm><primary>NFS</primary></indexterm> <indexterm><primary>AFS</primary></indexterm> @@ -229,9 +229,9 @@ from other sources, but it was Jeremy who inspired the structure that follows. <para> On the other hand, where the server pool also provides NFS or other file services, - it will be essential that the implementation be oplock aware so it can + it will be essential that the implementation be oplock-aware so it can interoperate with SMB services. This is a significant challenge today. A failure - to provide this will result in a significant loss of performance that will be + to provide this interoperability will result in a significant loss of performance that will be sorely noted by users of Microsoft Windows clients. </para> @@ -253,7 +253,7 @@ from other sources, but it was Jeremy who inspired the structure that follows. <para> All <command>smbd</command> processes in the server pool must of necessity communicate very quickly. For this, the current <parameter>tdb</parameter> file structure that Samba - uses is not suitable for use across a network. Clustered <command>smbd</command>'s must use something else. + uses is not suitable for use across a network. Clustered <command>smbd</command>s must use something else. </para> </sect3> @@ -262,22 +262,22 @@ from other sources, but it was Jeremy who inspired the structure that follows. <title>Server Pool Communications Demands</title> <para> - High speed inter-server communications in the server pool is a design prerequisite + High-speed interserver communications in the server pool is a design prerequisite for a fully functional system. Possibilities for this include: </para> <itemizedlist> <listitem><para> - Proprietary shared memory bus (example: Myrinet or SCI [Scalable Coherent Interface]). - These are high cost items. + Proprietary shared memory bus (example: Myrinet or SCI [scalable coherent interface]). + These are high-cost items. </para></listitem> <listitem><para> - Gigabit ethernet (now quite affordable). + Gigabit Ethernet (now quite affordable). </para></listitem> <listitem><para> - Raw ethernet framing (to bypass TCP and UDP overheads). + Raw Ethernet framing (to bypass TCP and UDP overheads). </para></listitem> </itemizedlist> @@ -292,8 +292,8 @@ from other sources, but it was Jeremy who inspired the structure that follows. <title>Required Modifications to Samba</title> <para> - Samba needs to be significantly modified to work with a high-speed server inter-connect - system to permit transparent fail-over clustering. + Samba needs to be significantly modified to work with a high-speed server interconnect + system to permit transparent failover clustering. </para> <para> @@ -309,8 +309,8 @@ from other sources, but it was Jeremy who inspired the structure that follows. <listitem><para> Failure semantics need to be defined. Samba behaves the same way as Windows. When oplock messages fail, a file open request is allowed, but this is - potentially dangerous in a clustered environment. So how should inter-server - pool failure semantics function and how should this be implemented? + potentially dangerous in a clustered environment. So how should interserver + pool failure semantics function, and how should such functionality be implemented? </para></listitem> <listitem><para> @@ -327,13 +327,13 @@ from other sources, but it was Jeremy who inspired the structure that follows. <title>A Simple Solution</title> <para> - Allowing fail-over servers to handle different functions within the exported file system + Allowing failover servers to handle different functions within the exported file system removes the problem of requiring a distributed locking protocol. </para> <para> - If only one server is active in a pair, the need for high speed server interconnect is avoided. - This allows the use of existing high availability solutions, instead of inventing a new one. + If only one server is active in a pair, the need for high-speed server interconnect is avoided. + This allows the use of existing high-availability solutions, instead of inventing a new one. This simpler solution comes at a price &smbmdash; the cost of which is the need to manage a more complex file name space. Since there is now not a single file system, administrators must remember where all services are located &smbmdash; a complexity not easily dealt with. @@ -347,32 +347,32 @@ from other sources, but it was Jeremy who inspired the structure that follows. </sect2> <sect2> - <title>High Availability Server Products</title> + <title>High-Availability Server Products</title> <para> - Fail-over servers must communicate in order to handle resource fail-over. This is essential - for high availability services. The use of a dedicated heartbeat is a common technique to - introduce some intelligence into the fail-over process. This is often done over a dedicated + Failover servers must communicate in order to handle resource failover. This is essential + for high-availability services. The use of a dedicated heartbeat is a common technique to + introduce some intelligence into the failover process. This is often done over a dedicated link (LAN or serial). </para> <para> <indexterm><primary>SCSI</primary></indexterm> - Many fail-over solutions (like Red Hat Cluster Manager, as well as Microsoft Wolfpack) - can use a shared SCSI of Fiber Channel disk storage array for fail-over communication. - Information regarding Red Hat high availability solutions for Samba may be obtained from: - <ulink url="http://www.redhat.com/docs/manuals/enterprise/RHEL-AS-2.1-Manual/cluster-manager/s1-service-samba.html">www.redhat.com.</ulink> + Many failover solutions (like Red Hat Cluster Manager and Microsoft Wolfpack) + can use a shared SCSI of Fiber Channel disk storage array for failover communication. + Information regarding Red Hat high availability solutions for Samba may be obtained from + <ulink url="http://www.redhat.com/docs/manuals/enterprise/RHEL-AS-2.1-Manual/cluster-manager/s1-service-samba.html">www.redhat.com</ulink>. </para> <para> The Linux High Availability project is a resource worthy of consultation if your desire is to build a highly available Samba file server solution. Please consult the home page at - <ulink url="http://www.linux-ha.org/">www.linux-ha.org/.</ulink> + <ulink url="http://www.linux-ha.org/">www.linux-ha.org/</ulink>. </para> <para> - Front-end server complexity remains a challenge for high availability as it needs to deal - gracefully with backend failures, while at the same time it needs to provide continuity of service + Front-end server complexity remains a challenge for high availability because it must deal + gracefully with backend failures, while at the same time providing continuity of service to all network clients. </para> @@ -386,12 +386,12 @@ from other sources, but it was Jeremy who inspired the structure that follows. <indexterm><primary>DFS</primary><see>MS-DFS, Distributed File Systems</see></indexterm> MS-DFS links can be used to redirect clients to disparate backend servers. This pushes complexity back to the network client, something already included by Microsoft. - MS-DFS creates the illusion of a simple, continuous file system name space, that even - works at the file level. + MS-DFS creates the illusion of a simple, continuous file system name space that works even + at the file level. </para> <para> - Above all, at the cost of complexity of management, a distributed (pseudo-cluster) can + Above all, at the cost of complexity of management, a distributed system (pseudo-cluster) can be created using existing Samba functionality. </para> @@ -402,9 +402,8 @@ from other sources, but it was Jeremy who inspired the structure that follows. <itemizedlist> <listitem><para>Transparent SMB clustering is hard to do!</para></listitem> - <listitem><para>Client fail-over is the best we can do today.</para></listitem> - <listitem><para>Much more work is needed before a practical and manageable high - availability transparent cluster solution will be possible.</para></listitem> + <listitem><para>Client failover is the best we can do today.</para></listitem> + <listitem><para>Much more work is needed before a practical and manageable high-availability transparent cluster solution will be possible.</para></listitem> <listitem><para>MS-DFS can be used to create the illusion of a single transparent cluster.</para></listitem> </itemizedlist> diff --git a/docs/Samba3-HOWTO/TOSHARG-LargeFile.xml b/docs/Samba3-HOWTO/TOSHARG-LargeFile.xml index 44f054236e..d227638cbd 100644 --- a/docs/Samba3-HOWTO/TOSHARG-LargeFile.xml +++ b/docs/Samba3-HOWTO/TOSHARG-LargeFile.xml @@ -9,25 +9,25 @@ <title>Handling Large Directories</title> <para> -Samba-3.0.12 implements a solution for sites that have experienced performance degradation do to the +Samba-3.0.12 implements a solution for sites that have experienced performance degradation due to the problem of using Samba-3 with applications that need large numbers of files (100,000 or more) per directory. </para> <para> The key was fixing the directory handling to read only the current list requested instead of the old -(up to samba-3.0.11) behaviour of reading the entire directory into memory before doling out names. -Normally this would have broken OS/2 applications which have very strange delete semantics, but by -stealing logic from Samba4 (thanks tridge) the current code in 3.0.12 handles this correctly. +(up to samba-3.0.11) behavior of reading the entire directory into memory before doling out names. +Normally this would have broken OS/2 applications, which have very strange delete semantics, but by +stealing logic from Samba4 (thanks, Tridge), the current code in 3.0.12 handles this correctly. </para> <para> -To set up an application that needs large number of files per directory in a way that does not -damage performance unduly follow these steps: +To set up an application that needs large numbers of files per directory in a way that does not +damage performance unduly, follow these steps: </para> <para> -Firstly, you need to canonicalize all the files in the directory to have one case, upper or lower - take your -pick (I chose upper as all my files were already upper case names). Then set up a new custom share for the +First, you need to canonicalize all the files in the directory to have one case, upper or lower &smbmdash; take your +pick (I chose upper because all my files were already uppercase names). Then set up a new custom share for the application as follows: <screen> [bigshare] @@ -42,29 +42,29 @@ application as follows: <para> Of course, use your own path and settings, but set the case options to match the case of all the files in your -directory. The path should point at the large directory needed for the application - any new files created in -there and in any paths under it will be forced by smbd into upper case - but smbd will no longer have to scan -the directory for names - it knows that if a file does not exist in upper case then it doesn't exist at all. +directory. The path should point at the large directory needed for the application &smbmdash; any new files created in +there and in any paths under it will be forced by smbd into uppercase, but smbd will no longer have to scan +the directory for names: it knows that if a file does not exist in uppercase, then it doesn't exist at all. </para> <para> The secret to this is really in the <smbconfoption name="case sensitive">True</smbconfoption> line. This tells smbd never to scan for case-insensitive versions of names. So if an application asks for a file -called <filename>FOO</filename>, and it can not be found by a simple stat call, then smbd will return file not +called <filename>FOO</filename>, and it cannot be found by a simple stat call, then smbd will return file not found immediately without scanning the containing directory for a version of a different case. The other <filename>xxx case xxx</filename> lines make this work by forcing a consistent case on all files created by smbd. </para> <para> -Remember, all files and directories under the <parameter>path</parameter> directory must be in upper case -with this &smb.conf; stanza as smbd will not be able to find lower case filenames with these settings. Also -note this is done on a per-share basis, allowing this to be set only for a share servicing an application with -this problematic behaviour (using large numbers of entries in a directory) - the rest of your smbd shares +Remember, all files and directories under the <parameter>path</parameter> directory must be in uppercase +with this &smb.conf; stanza because smbd will not be able to find lowercase filenames with these settings. Also +note that this is done on a per-share basis, allowing this parameter to be set only for a share servicing an application with +this problematic behavior (using large numbers of entries in a directory) &smbmdash; the rest of your smbd shares don't need to be affected. </para> <para> -This makes smbd much faster when dealing with large directories. My test case has over 100,000 files and +This makes smbd much faster when dealing with large directories. My test case has over 100,000 files, and smbd now deals with this very efficiently. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml b/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml index e6c68bb5ff..8209fce16f 100644 --- a/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml +++ b/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml @@ -9,8 +9,8 @@ <title>Migration from NT4 PDC to Samba-3 PDC</title> <para> -This is a rough guide to assist those wishing to migrate from NT4 Domain Control to -Samba-3-based Domain Control. +This is a rough guide to assist those wishing to migrate from NT4 domain control to +Samba-3-based domain control. </para> <sect1> @@ -23,31 +23,31 @@ and planned for. Then again, good planning will anticipate most show-stopper-typ </para> <para> -Those wishing to migrate from MS Windows NT4 Domain Control to a Samba-3 Domain Control +Those wishing to migrate from MS Windows NT4 domain control to a Samba-3 domain control environment would do well to develop a detailed migration plan. So here are a few pointers to -help migration get under way. +help migration get underway. </para> <sect2> <title>Objectives</title> <para> -The key objective for most organizations will be to make the migration from MS Windows NT4 -to Samba-3 Domain Control as painless as possible. One of the challenges you may experience -in your migration process may well be one of convincing management that the new environment +The key objective for most organizations is to make the migration from MS Windows NT4 +to Samba-3 domain control as painless as possible. One of the challenges you may experience +in your migration process may well be convincing management that the new environment should remain in place. Many who have introduced open source technologies have experienced pressure to return to a Microsoft-based platform solution at the first sign of trouble. </para> <para> -Before attempting a migration to a Samba-3 controlled network, make every possible effort to +Before attempting a migration to a Samba-3-controlled network, make every possible effort to gain all-round commitment to the change. Know precisely <emphasis>why</emphasis> the change is important for the organization. Possible motivations to make a change include: </para> <itemizedlist> <listitem><para>Improve network manageability.</para></listitem> - <listitem><para>Obtain better user level functionality.</para></listitem> + <listitem><para>Obtain better user-level functionality.</para></listitem> <listitem><para>Reduce network operating costs.</para></listitem> <listitem><para>Reduce exposure caused by Microsoft withdrawal of NT4 support.</para></listitem> <listitem><para>Avoid MS License 6 implications.</para></listitem> @@ -82,31 +82,31 @@ include: <itemizedlist> <listitem><para>Lower cost of ownership.</para></listitem> <listitem><para>Global availability of support with no strings attached.</para></listitem> - <listitem><para>Dynamic SMB Servers (can run more than one SMB/CIFS server per UNIX/Linux system).</para></listitem> + <listitem><para>Dynamic SMB servers (can run more than one SMB/CIFS server per UNIX/Linux system).</para></listitem> <listitem><para>Creation of on-the-fly logon scripts.</para></listitem> - <listitem><para>Creation of on-the-fly Policy Files.</para></listitem> - <listitem><para>Greater stability, reliability, performance and availability.</para></listitem> - <listitem><para>Manageability via an ssh connection.</para></listitem> - <listitem><para>Flexible choices of back-end authentication technologies (tdbsam, ldapsam, mysqlsam).</para></listitem> + <listitem><para>Creation of on-the-fly policy files.</para></listitem> + <listitem><para>Greater stability, reliability, performance, and availability.</para></listitem> + <listitem><para>Manageability via an SSH connection.</para></listitem> + <listitem><para>Flexible choices of backend authentication technologies (tdbsam, ldapsam, mysqlsam).</para></listitem> <listitem><para>Ability to implement a full single-sign-on architecture.</para></listitem> - <listitem><para>Ability to distribute authentication systems for absolute minimum wide area network bandwidth demand.</para></listitem> + <listitem><para>Ability to distribute authentication systems for absolute minimum wide-area network bandwidth demand.</para></listitem> </itemizedlist> <para> Before migrating a network from MS Windows NT4 to Samba-3, consider all necessary factors. Users should be educated about changes they may experience so the change will be a welcome one -and not become an obstacle to the work they need to do. The following are factors that will -help ensure a successful migration: +and not become an obstacle to the work they need to do. The following sections explain factors that will +help ensure a successful migration. </para> <sect3> <title>Domain Layout</title> <para> -Samba-3 can be configured as a Domain Controller, a back-up Domain Controller (probably best called -a secondary controller), a Domain Member, or as a stand-alone Server. The Windows network security +Samba-3 can be configured as a domain controller, a backup domain controller (probably best called +a secondary controller), a domain member, or a standalone server. The Windows network security domain context should be sized and scoped before implementation. Particular attention needs to be -paid to the location of the primary Domain Controller (PDC) as well as backup controllers (BDCs). +paid to the location of the Primary Domain Controller (PDC) as well as backup controllers (BDCs). One way in which Samba-3 differs from Microsoft technology is that if one chooses to use an LDAP authentication backend, then the same database can be used by several different domains. In a complex organization, there can be a single LDAP database, which itself can be distributed (have @@ -121,11 +121,11 @@ domain should be scaled taking into consideration server capacity and network ba <para> A physical network segment may house several domains. Each may span multiple network segments. Where domains span routed network segments, consider and test the performance implications of -the design and layout of a network. A centrally located Domain Controller that is designed to +the design and layout of a network. A centrally located domain controller that is designed to serve multiple routed network segments may result in severe performance problems. Check the response time (ping timing) between the remote segment and the PDC. If it's long (more than 100 ms), -locate a backup controller (BDC) on the remote segment to serve as the local authentication and +locate a BDC on the remote segment to serve as the local authentication and access control server. </para> </sect3> @@ -142,16 +142,16 @@ of keeping systems secure and functional. <para> Keep in mind the nature of how data must be shared. Physical disk space layout should be considered -carefully. Some data must be backed up. The simpler the disk layout the easier it will be to +carefully. Some data must be backed up. The simpler the disk layout, the easier it will be to keep track of backup needs. Identify what backup media will meet your needs; consider backup to tape, -CD-ROM or (DVD-ROM), or other offline storage medium. Plan and implement for minimum +CD-ROM or DVD-ROM, or other offline storage medium. Plan and implement for minimum maintenance. Leave nothing to chance in your design; above all, do not leave backups to chance: -Backup, test, and validate every backup, create a disaster recovery plan and prove that it works. +backup, test, and validate every backup; create a disaster recovery plan and prove that it works. </para> <para> Users should be grouped according to data access control needs. File and directory access -is best controlled via group permissions and the use of the <quote>sticky bit</quote> on group controlled +is best controlled via group permissions, and the use of the <quote>sticky bit</quote> on group-controlled directories may substantially avoid file access complaints from Samba share users. </para> @@ -162,7 +162,7 @@ Keep your design and implementation simple and document your design extensively. audit your documentation. Do not create a complex mess that your successor will not understand. Remember, job security through complex design and implementation may cause loss of operations and downtime to users as the new administrator learns to untangle your knots. Keep access -controls simple and effective and make sure that users will never be interrupted by obtuse +controls simple and effective, and make sure that users will never be interrupted by obtuse complexity. </para> </sect3> @@ -175,8 +175,8 @@ Logon scripts can help to ensure that all users gain the share and printer conne </para> <para> -Logon scripts can be created on-the-fly so all commands executed are specific to the -rights and privileges granted to the user. The preferred controls should be affected through +Logon scripts can be created on the fly so all commands executed are specific to the +rights and privileges granted to the user. The preferred controls should be effected through group membership so group information can be used to create a custom logon script using the <smbconfoption name="root preexec"/> parameters to the <smbconfsection name="NETLOGON"/> share. </para> @@ -193,16 +193,16 @@ deals with how to add printers without user intervention via the logon script pr <title>Profile Migration/Creation</title> <para> -User and Group Profiles may be migrated using the tools described in the section titled Desktop Profile +User and group profiles may be migrated using the tools described in the section titled Desktop Profile Management. </para> <para> <indexterm><primary>SID</primary></indexterm> -Profiles may also be managed using the Samba-3 tool <command>profiles</command>. This tool allows -the MS Windows NT-style security identifiers (SIDs) that are stored inside the profile <filename>NTuser.DAT</filename> file -to be changed to the SID of the Samba-3 domain. +Profiles may also be managed using the Samba-3 tool <command>profiles</command>. This tool allows the MS +Windows NT-style security identifiers (SIDs) that are stored inside the profile +<filename>NTuser.DAT</filename> file to be changed to the SID of the Samba-3 domain. </para> </sect3> @@ -211,7 +211,7 @@ to be changed to the SID of the Samba-3 domain. <para> It is possible to migrate all account settings from an MS Windows NT4 domain to Samba-3. Before -attempting to migrate user and group accounts, it is STRONGLY advised to create in Samba-3 the +attempting to migrate user and group accounts, you are STRONGLY advised to create in Samba-3 the groups that are present on the MS Windows NT4 domain <emphasis>AND</emphasis> to map them to suitable UNIX/Linux groups. By following this simple advice, all user and group attributes should migrate painlessly. @@ -228,37 +228,43 @@ The approximate migration process is described below. </para> <itemizedlist> -<listitem><para> -You have an NT4 PDC that has the users, groups, policies and profiles to be migrated. -</para></listitem> - -<listitem><para> -Samba-3 set up as a DC with netlogon share, profile share, and so on. Configure the &smb.conf; file -to function as a BDC, i.e., <parameter>domain master = No</parameter>. -</para></listitem> + <listitem><para> + You have an NT4 PDC that has the users, groups, policies, and profiles to be migrated. + </para></listitem> + + <listitem><para> + Samba-3 is set up as a domain controller with netlogon share, profile share, and so on. Configure the &smb.conf; file + to function as a BDC: <parameter>domain master = No</parameter>. + </para></listitem> </itemizedlist> -<procedure><title>The Account Migration Process</title> - <step><para> -<indexterm><primary>pdbedit</primary></indexterm> - Create a BDC account in the old NT4 domain for the Samba server using NT Server Manager.</para> - <substeps><step><para>Samba must not be running.</para></step></substeps></step> +<procedure> +<title>The Account Migration Process</title> + <step><para> + <indexterm><primary>pdbedit</primary></indexterm> + Create a BDC account in the old NT4 domain for the Samba server using NT Server Manager. + <emphasis>Samba must not be running.</emphasis> + </para></step> <step><para> -<indexterm><primary>net</primary><secondary>rpc</secondary></indexterm> - <userinput>net rpc join -S <replaceable>NT4PDC</replaceable> -w <replaceable>DOMNAME</replaceable> -U Administrator%<replaceable>passwd</replaceable></userinput></para></step> + <indexterm><primary>net</primary><secondary>rpc</secondary></indexterm> + <userinput>net rpc join -S <replaceable>NT4PDC</replaceable> -w <replaceable>DOMNAME</replaceable> -U + Administrator%<replaceable>passwd</replaceable></userinput> + </para></step> - <step><para><userinput>net rpc vampire -S <replaceable>NT4PDC</replaceable> -U administrator%<replaceable>passwd</replaceable></userinput></para></step> + <step><para> + <userinput>net rpc vampire -S <replaceable>NT4PDC</replaceable> -U + administrator%<replaceable>passwd</replaceable></userinput> + </para></step> <step><para><userinput>pdbedit -L</userinput></para> - <substeps><step><para>Note &smbmdash; did the users migrate?</para></step></substeps> + <para>Note: Did the users migrate?</para> </step> - <step><para> -<indexterm><primary>net</primary><secondary>groupmap</secondary></indexterm> -<indexterm><primary>initGroups.sh</primary></indexterm> + <indexterm><primary>net</primary><secondary>groupmap</secondary></indexterm> + <indexterm><primary>initGroups.sh</primary></indexterm> Now assign each of the UNIX groups to NT groups: (It may be useful to copy this text to a script called <filename>initGroups.sh</filename>) <programlisting> @@ -278,8 +284,8 @@ net groupmap add ntgroup="QA Team" unixgroup=qateam type=d rid=3220 </para></step> <step><para><userinput>net groupmap list</userinput></para> - <substeps><step><para>Check that all groups are recognized.</para></step></substeps> - </step> + <para>Check that all groups are recognized. + </para></step> </procedure> <para> @@ -293,7 +299,7 @@ Migrate all the profiles, then migrate all policy files. <title>Migration Options</title> <para> -Sites that wish to migrate from MS Windows NT4 Domain Control to a Samba-based solution +Sites that wish to migrate from MS Windows NT4 domain control to a Samba-based solution generally fit into three basic categories. <link linkend="majtypes">Following table</link> shows the possibilities. </para> @@ -306,8 +312,9 @@ generally fit into three basic categories. <link linkend="majtypes">Following ta </thead> <tbody> <row><entry>< 50</entry><entry><para>Want simple conversion with no pain.</para></entry></row> - <row><entry>50 - 250</entry><entry><para>Want new features, can manage some in-house complexity.</para></entry></row> - <row><entry>> 250</entry><entry><para>Solution/Implementation must scale well, complex needs. Cross-departmental decision process. Local expertise in most areas.</para></entry></row> + <row><entry>50 - 250</entry><entry><para>Want new features; can manage some inhouse complexity.</para></entry></row> + <row><entry>> 250</entry><entry><para>Solution/implementation must scale well; complex needs. + Cross-departmental decision process. Local expertise in most areas.</para></entry></row> </tbody> </tgroup> </table> @@ -335,7 +342,7 @@ to Samba-3: </itemizedlist> <para> -Minimize down-stream problems by: +Minimize downstream problems by: </para> <itemizedlist> @@ -344,7 +351,7 @@ Minimize down-stream problems by: </para></listitem> <listitem><para> - Avoiding Panic. + Avoiding panic. </para></listitem> <listitem><para> @@ -370,9 +377,9 @@ being contemplated. </thead> <tbody> <row> - <entry><para>Make use of minimal OS specific features.</para></entry> - <entry><para>Translate NT4 features to new host OS features.</para></entry> - <entry><para>Decide:</para></entry> + <entry><para>Make use of minimal OS specific features</para></entry> + <entry><para>Translate NT4 features to new host OS features</para></entry> + <entry><para>Decide: (John, decide what???????)</para></entry> </row> <row> <entry><para>Move all accounts from NT4 into Samba-3</para></entry> @@ -395,7 +402,7 @@ being contemplated. <entry><para>Identify Needs for: <emphasis>Manageability, Scalability, Security, Availability</emphasis></para></entry> </row> <row> - <entry><para>Integrate Samba-3 then migrate while users are active, then change of control (swap out)</para></entry> + <entry><para>Integrate Samba-3, then migrate while users are active, then change of control (swap out)</para></entry> <entry><para>Take advantage of lower maintenance opportunity</para></entry> <entry><para></para></entry> </row> @@ -408,7 +415,7 @@ being contemplated. <title>Samba-3 Implementation Choices</title> <variablelist> - <varlistentry><term>Authentication Database/Backend</term><listitem> + <varlistentry><term>Authentication Database/Backend</term><listitem> <para> Samba-3 can use an external authentication backend: </para> @@ -416,43 +423,42 @@ being contemplated. <para> <itemizedlist> <listitem><para>Winbind (external Samba or NT4/200x server).</para></listitem> - <listitem><para>External server could use Active Directory or NT4 Domain.</para></listitem> - <listitem><para>Can use pam_mkhomedir.so to auto-create home dirs.</para></listitem> - <listitem><para> - Samba-3 can use a local authentication backend: <parameter>smbpasswd, tdbsam, ldapsam, mysqlsam</parameter></para></listitem> - </itemizedlist> - </para> - </listitem></varlistentry> + <listitem><para>External server could use Active Directory or NT4 domain.</para></listitem> + <listitem><para>Can use pam_mkhomedir.so to autocreate home directories.</para></listitem> + <listitem><para> Samba-3 can use a local authentication backend: <parameter>smbpasswd</parameter>, + <parameter>tdbsam</parameter>, <parameter>ldapsam</parameter>, <parameter>mysqlsam</parameter> + </para></listitem> + </itemizedlist></para></listitem> + </varlistentry> <varlistentry><term>Access Control Points</term><listitem> <para> - Samba permits Access Control Points to be set: + Samba permits Access Control points to be set: </para> <itemizedlist> - <listitem><para>On the share itself &smbmdash; using Share ACLs.</para></listitem> - <listitem><para>On the file system &smbmdash; using UNIX permissions on files and directories.</para> - <para>Note: Can enable Posix ACLs in file system also.</para></listitem> - <listitem><para>Through Samba share parameters &smbmdash; not recommended except as last resort.</para></listitem> - </itemizedlist> - </listitem> + <listitem><para>On the share itself &smbmdash; using share ACLs.</para></listitem> + <listitem><para>On the file system &smbmdash; using UNIX permissions on files and directories.</para> + <para>Note: Can enable Posix ACLs in file system also.</para></listitem> + <listitem><para>Through Samba share parameters &smbmdash; not recommended except as last resort.</para></listitem> + </itemizedlist></listitem> </varlistentry> <varlistentry><term>Policies (migrate or create new ones)</term><listitem> <para> - Exercise great caution when affecting registry changes, use the right tool and be aware + Exercise great caution when making registry changes; use the right tool and be aware that changes made through NT4-style <filename>NTConfig.POL</filename> files can leave permanent changes. </para> <itemizedlist> <listitem><para>Using Group Policy Editor (NT4).</para></listitem> - <listitem><para>Watch out for Tattoo effect.</para></listitem> + <listitem><para>Watch out for tattoo effect.</para></listitem> </itemizedlist> </listitem> </varlistentry> <varlistentry><term>User and Group Profiles</term><listitem> <para> - Platform-specific so use platform tool to change from a Local to a Roaming profile. + Platform-specific, so use platform tool to change from a local to a roaming profile. Can use new profiles tool to change SIDs (<filename>NTUser.DAT</filename>). </para> </listitem> @@ -468,53 +474,50 @@ being contemplated. <varlistentry><term>User and Group Mapping to UNIX/Linux</term><listitem> <para> -<indexterm><primary>pdbedit</primary></indexterm> - User and Group mapping code is new. Many problems have been experienced as network administrators + <indexterm><primary>pdbedit</primary></indexterm> + User and group mapping code is new. Many problems have been experienced as network administrators who are familiar with Samba-2.2.x migrate to Samba-3. Carefully study the chapters that document the new password backend behavior and the new group mapping functionality. </para> - <itemizedlist> - <listitem><para>The <parameter>username map</parameter> facility may be needed.</para></listitem> - <listitem><para>Use <command>net groupmap</command> to connect NT4 groups to UNIX groups.</para></listitem> - <listitem><para>Use <command>pdbedit</command> to set/change user configuration.</para> - - <para> - When migrating to LDAP backend, it may be easier to dump the initial - LDAP database to LDIF, edit, then reload into LDAP. - </para> - </listitem> - </itemizedlist> - </listitem> + <itemizedlist> + <listitem><para>The <parameter>username map</parameter> facility may be needed.</para></listitem> + <listitem><para>Use <command>net groupmap</command> to connect NT4 groups to UNIX groups.</para></listitem> + <listitem><para> + Use <command>pdbedit</command> to set/change user configuration. + </para> + + <para> + When migrating to LDAP backend, it may be easier to dump the initial + LDAP database to LDIF, edit, then reload into LDAP. + </para></listitem> + </itemizedlist></listitem> </varlistentry> - <varlistentry><term>OS Specific Scripts/Programs may be Needed</term><listitem> + <varlistentry><term>OS Specific Scripts/Programs May be Needed</term><listitem> <para> Every operating system has its peculiarities. These are the result of engineering decisions - that were based on the experience of the designer, and may have side-effects that were not + that were based on the experience of the designer and may have side effects that were not anticipated. Limitations that may bite the Windows network administrator include: </para> <itemizedlist> <listitem><para>Add/Delete Users: Note OS limits on size of name - (Linux 8 chars) NT4 up to 254 chars.</para></listitem> - <listitem><para>Add/Delete Machines: Applied only to Domain Members + (Linux 8 chars, NT4 up to 254 chars).</para></listitem> + <listitem><para>Add/Delete Machines: Applied only to domain members (Note: machine names may be limited to 16 characters).</para></listitem> <listitem><para>Use <command>net groupmap</command> to connect NT4 groups to UNIX groups.</para></listitem> <listitem><para>Add/Delete Groups: Note OS limits on size and nature. - Linux limit is 16 char, no spaces and no upper case chars (<command>groupadd</command>).</para></listitem> - </itemizedlist> - </listitem> + Linux limit is 16 char, no spaces, and no uppercase chars (<command>groupadd</command>).</para></listitem> + </itemizedlist></listitem> </varlistentry> <varlistentry><term>Migration Tools</term><listitem> <para> -<indexterm><primary>pdbedit</primary></indexterm> - Domain Control (NT4 Style) Profiles, Policies, Access Controls, Security - <itemizedlist> - <listitem><para>Samba: <command>net, rpcclient, smbpasswd, pdbedit, profiles.</command></para></listitem> - <listitem><para>Windows: <command>NT4 Domain User Manager, Server Manager (NEXUS)</command></para></listitem> - </itemizedlist> - </para> - </listitem> + <indexterm><primary>pdbedit</primary></indexterm> + Domain Control (NT4-Style) Profiles, Policies, Access Controls, Security + <itemizedlist> + <listitem><para>Samba: <command>net, rpcclient, smbpasswd, pdbedit, profiles</command></para></listitem> + <listitem><para>Windows: <command>NT4 Domain User Manager, Server Manager (NEXUS)</command></para></listitem> + </itemizedlist></para></listitem> </varlistentry> </variablelist> diff --git a/docs/Samba3-HOWTO/TOSHARG-Other-Clients.xml b/docs/Samba3-HOWTO/TOSHARG-Other-Clients.xml index 61f100f7c6..686b194203 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Other-Clients.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Other-Clients.xml @@ -17,21 +17,21 @@ <title>Macintosh Clients</title> <para> -Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> has a CIFS Client/Server called <ulink url="http://www.thursby.com/products/dave.html">DAVE.</ulink> -They test it against Windows 95, Windows NT /200x/XP and Samba for +Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> has a CIFS client/server called <ulink url="http://www.thursby.com/products/dave.html">DAVE</ulink>. +They test it against Windows 95, Windows NT/200x/XP, and Samba for compatibility issues. At the time of this writing, DAVE was at version 4.1. Please refer to Thursby's Web site for more information regarding this product. </para> <para> -Alternatives &smbmdash; There are two free implementations of AppleTalk for +Alternatives include two free implementations of AppleTalk for several kinds of UNIX machines and several more commercial ones. These products allow you to run file services and print services natively to Macintosh users, with no additional support required on the Macintosh. The two free implementations are -<ulink url="http://www.umich.edu/~rsug/netatalk/">Netatalk,</ulink> and -<ulink url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP.</ulink> +<ulink url="http://www.umich.edu/~rsug/netatalk/">Netatalk</ulink> and +<ulink url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP</ulink>. What Samba offers MS Windows users, these packages offer to Macs. For more info on these packages, Samba, and Linux (and other UNIX-based systems), see <ulink noescape="1" url="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html.</ulink> @@ -50,7 +50,7 @@ For more info on these packages, Samba, and Linux (and other UNIX-based systems) <para>Basically, you need three components:</para> <itemizedlist> - <listitem><para>The File and Print Client (IBM Peer)</para></listitem> + <listitem><para>The File and Print Client (IBM peer)</para></listitem> <listitem><para>TCP/IP (Internet support) </para></listitem> <listitem><para>The <quote>NetBIOS over TCP/IP</quote> driver (TCPBEUI)</para></listitem> </itemizedlist> @@ -63,18 +63,18 @@ For more info on these packages, Samba, and Linux (and other UNIX-based systems) <para>Adding the <quote>NetBIOS over TCP/IP</quote> driver is not described in the manual and just barely in the online documentation. Start - <command>MPTS.EXE</command>, click on <guiicon>OK</guiicon>, click on <guimenu>Configure LAPS</guimenu> and click + <command>MPTS.EXE</command>, click on <guiicon>OK</guiicon>, click on <guimenu>Configure LAPS</guimenu>, and click on <guimenu>IBM OS/2 NETBIOS OVER TCP/IP</guimenu> in <guilabel>Protocols</guilabel>. This line is then moved to <guilabel>Current Configuration</guilabel>. Select that line, - click on <guimenuitem>Change number</guimenuitem> and increase it from 0 to 1. Save this + click on <guimenuitem>Change number</guimenuitem>, and increase it from 0 to 1. Save this configuration.</para> <para>If the Samba server is not on your local subnet, you can optionally add IP names and addresses of these servers - to the <guimenu>Names List</guimenu>, or specify a WINS server (NetBIOS + to the <guimenu>Names List</guimenu> or specify a WINS server (NetBIOS Nameserver in IBM and RFC terminology). For Warp Connect, you may need to download an update for <constant>IBM Peer</constant> to bring it on - the same level as Warp 4. See the Web page mentioned above.</para> + the same level as Warp 4. See the Web page (John, which page do you mean???????).</para> </sect2> <sect2> @@ -113,7 +113,7 @@ For more info on these packages, Samba, and Linux (and other UNIX-based systems) Next, in the file specified by <replaceable>filename</replaceable>, map the name of the NT driver name to the OS/2 driver name as follows:</para> - <para><parameter><replaceable>nt driver name</replaceable> = <replaceable>os2 driver name</replaceable>.<replaceable>device name</replaceable></parameter>, e.g.</para> + <para><parameter><replaceable>nt driver name</replaceable> = <replaceable>os2 driver name</replaceable>.<replaceable>device name</replaceable></parameter>, e.g.,</para> <para><parameter> HP LaserJet 5L = LASERJET.HP LaserJet 5L</parameter></para> @@ -140,8 +140,8 @@ For more info on these packages, Samba, and Linux (and other UNIX-based systems) for Workgroups. The early TCP/IP stacks had lots of bugs.</para> <para> -Microsoft has released an incremental upgrade to their TCP/IP 32-bit -VxD drivers. The latest release can be found on their ftp site at +Microsoft has released an incremental upgrade to its TCP/IP 32-bit +VxD drivers. The latest release can be found at ftp.microsoft.com, located in <filename>/Softlib/MSLFILES/TCP32B.EXE</filename>. There is an update.txt file there that describes the problems that were fixed. New files include <filename>WINSOCK.DLL</filename>, @@ -154,7 +154,7 @@ fixed. New files include <filename>WINSOCK.DLL</filename>, <filename>NBTSTAT.EXE</filename>. </para> -<para>More information about this patch is available in <ulink url="http://support.microsoft.com/kb/q99891/">Knowledge base article 99891</ulink>.</para> +<para>More information about this patch is available in <ulink url="http://support.microsoft.com/kb/q99891/">Knowledge Base article 99891</ulink>.</para> </sect2> @@ -163,7 +163,7 @@ fixed. New files include <filename>WINSOCK.DLL</filename>, <para> Windows for Workgroups does a lousy job with passwords. When you change passwords on either -the UNIX box or the PC, the safest thing to do is to delete the .pwl files in the Windows +the UNIX box or the PC, the safest thing to do is delete the .pwl files in the Windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password. </para> @@ -186,9 +186,9 @@ Often Windows for Workgroups will totally ignore a password you give it in a dia There is a program call <filename>admincfg.exe</filename> on the last disk (disk 8) of the WFW 3.11 disk set. To install it, type <userinput>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</userinput>. -Then add an icon for it via the <application>Program Manager</application> <guimenu>New</guimenu> Menu. -This program allows you to control how WFW handles passwords, i.e., -Disable Password Caching and so on. +Then add an icon for it via the <application>Program Manager</application> <guimenu>New</guimenu> menu. +This program allows you to control how WFW handles passwords, +Disable Password Caching and so on, for use with <smbconfoption name="security">user</smbconfoption>. </para> @@ -240,12 +240,12 @@ person even reported a speed drop of a factor of 30 when he went from <para> When using Windows 95 OEM SR2, the following updates are recommended where Samba -is being used. Please note that the above change will effect you once these +is being used. Please note that the above change (John, specify the change???????) will affect you once these updates have been installed. </para> <para> -There are more updates than the ones mentioned here. You are referred to the +There are more updates than the ones mentioned here. Refer to the Microsoft Web site for all currently available updates to your specific version of Windows 95. </para> @@ -262,7 +262,7 @@ of Windows 95. Also, if using <application>MS Outlook,</application> it is desirable to install the <command>OLEUPD.EXE</command> fix. This fix may stop your machine from hanging for an extended period when exiting -Outlook and you may notice a significant speedup when accessing network +Outlook, and you may notice a significant speedup when accessing network neighborhood services. </para> @@ -283,7 +283,7 @@ Internet. There are various other utilities of this type freely available. <title>Windows 2000 Service Pack 2</title> <para> -There are several annoyances with Windows 2000 SP2. One of which +There are several annoyances with Windows 2000 SP2, one of which only appears when using a Samba server to host user profiles to Windows 2000 SP2 clients in a Windows domain. This assumes that Samba is a member of the domain, but the problem will @@ -294,7 +294,7 @@ most likely occur if it is not. In order to serve profiles successfully to Windows 2000 SP2 clients (when not operating as a PDC), Samba must have <smbconfoption name="nt acl support">no</smbconfoption> -added to the file share which houses the roaming profiles. +added to the file share that houses the roaming profiles. If this is not done, then the Windows 2000 SP2 client will complain about not being able to access the profile (Access Denied) and create multiple copies of it on disk (DOMAIN.user.001, @@ -309,7 +309,7 @@ releases prior to Samba 2.2.2. </para> <example id="minimalprofile"> -<title>Minimal profile share</title> +<title>Minimal Profile Share</title> <smbconfblock> <smbconfsection name="[profile]"/> <smbconfoption name="path">/export/profile</smbconfoption> @@ -325,12 +325,12 @@ The reason for this bug is that the Windows 200x SP2 client copies the security descriptor for the profile that contains the Samba server's SID, and not the domain SID. The client compares the SID for SAMBA\user and realizes it is -different from the one assigned to DOMAIN\user. Hence, the reason -for the <errorname>access denied</errorname> message. +different from the one assigned to DOMAIN\user; hence, +<errorname>access denied</errorname> message. </para> <para> -By disabling the <smbconfoption name="nt acl support"/> parameter, Samba will send +When the <smbconfoption name="nt acl support"/> parameter is disabled, Samba will send the Windows 200x client a response to the QuerySecurityDescriptor trans2 call, which causes the client to set a default ACL for the profile. This default ACL includes: </para> @@ -346,7 +346,7 @@ create accounts on the Samba host for Domain users.</para></note> <title>Windows NT 3.1</title> <para>If you have problems communicating across routers with Windows -NT 3.1 workstations, read <ulink url="http://support.microsoft.com/default.aspx?scid=kb;Q103765">this Microsoft Knowledge Base article.</ulink> +NT 3.1 workstations, read <ulink url="http://support.microsoft.com/default.aspx?scid=kb;Q103765">this Microsoft Knowledge Base article:</ulink>. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-Portability.xml b/docs/Samba3-HOWTO/TOSHARG-Portability.xml index a5455a6c67..28f32702e0 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Portability.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Portability.xml @@ -9,7 +9,7 @@ <title>Portability</title> -<para>Samba works on a wide range of platforms but the interface all the +<para>Samba works on a wide range of platforms, but the interface all the platforms provide is not always compatible. This chapter contains platform-specific information about compiling and using Samba.</para> @@ -17,14 +17,14 @@ platform-specific information about compiling and using Samba.</para> <title>HPUX</title> <para> -HP's implementation of supplementary groups is non-standard (for +Hewlett-Packard's implementation of supplementary groups is nonstandard (for historical reasons). There are two group files, <filename>/etc/group</filename> and <filename>/etc/logingroup</filename>; the system maps UIDs to numbers using the former, but -initgroups() reads the latter. Most system Admins who know the ropes +initgroups() reads the latter. Most system admins who know the ropes symlink <filename>/etc/group</filename> to <filename>/etc/logingroup</filename> -(hard link does not work for reasons too obtuse to go into here). initgroups() will complain if one of the -groups you're in in <filename>/etc/logingroup</filename> has what it considers to be an invalid -ID, which means outside the range <constant>[0..UID_MAX]</constant>, where <constant>UID_MAX</constant> is (I think) +(hard-link does not work for reasons too obtuse to go into here). initgroups() will complain if one of the +groups you're in, in <filename>/etc/logingroup</filename>, has what it considers to be an invalid +ID, which means outside the range <constant>[0..UID_MAX]</constant>, where <constant>UID_MAX</constant> is 60000 currently on HP-UX. This precludes -2 and 65534, the usual <constant>nobody</constant> GIDs. </para> @@ -56,14 +56,14 @@ encounter corrupt data transfers using Samba. <para> The patch you need is UOD385 Connection Drivers SLS. It is available from -SCO (<ulink noescape="1" url="ftp://ftp.sco.com/">ftp.sco.com</ulink>, directory SLS, +SCO <ulink noescape="1" url="ftp://ftp.sco.com/">ftp.sco.com</ulink>, directory SLS, files uod385a.Z and uod385a.ltr.Z). </para> <para> The information provided here refers to an old version of SCO UNIX. If you require binaries for more recent SCO UNIX products, please contact SCO to obtain packages that are -ready to install. You should also verify with SCO that your platform is up-to-date for the +ready to install. You should also verify with SCO that your platform is up to date for the binary packages you will install. This is important if you wish to avoid data corruption problems with your installation. To build Samba for SCO UNIX products may require significant patching of Samba source code. It is much easier to obtain binary @@ -128,7 +128,7 @@ _seteuid: </programlisting></para> <para> -After creating the above files, you then assemble them using +After creating the files, you then assemble them using </para> <screen> @@ -137,13 +137,13 @@ After creating the above files, you then assemble them using </screen> <para> -that should produce the files <filename>seteuid.o</filename> and -<filename>setegid.o</filename> +which should produce the files <filename>seteuid.o</filename> and +<filename>setegid.o</filename>. </para> <para> -Then you need to add these to the LIBSM line in the DNIX section of -the Samba Makefile. Your LIBSM line will then look something like this: +Next you need to add these to the LIBSM line in the DNIX section of +the Samba Makefile. Your LIBSM line will look something like this: </para> <para><programlisting> @@ -181,21 +181,18 @@ is the master browse list holder and who is the master browser. </para> <para> -Corrective Action: Delete the entry after the word "loopback" +Corrective action: Delete the entry after the word "loopback" in the line starting 127.0.0.1. </para> </sect1> <sect1> -<title>AIX</title> -<sect2> -<title>Sequential Read Ahead</title> +<title>AIX: Sequential Read Ahead</title> <!-- From an email by William Jojo <jojowil@hvcc.edu> --> <para> -Disabling Sequential Read Ahead using <userinput>vmtune -r 0</userinput> improves +Disabling sequential read ahead using <userinput>vmtune -r 0</userinput> improves Samba performance significantly. </para> -</sect2> </sect1> <sect1> @@ -205,13 +202,13 @@ Samba performance significantly. <title>Locking Improvements</title> <para>Some people have been experiencing problems with F_SETLKW64/fcntl -when running Samba on Solaris. The built-in file locking mechanism was +when running Samba on Solaris. The built-in file-locking mechanism was not scalable. Performance would degrade to the point where processes would get into loops of trying to lock a file. It would try a lock, then fail, then try again. The lock attempt was failing before the grant was -occurring. So the visible manifestation of this would be a handful of -processes stealing all of the CPU, and when they were truss-ed they would -be stuck if F_SETLKW64 loops. +occurring. The visible manifestation of this was a handful of +processes stealing all of the CPU, and when they were trussed, they would +be stuck in F_SETLKW64 loops. </para> <para> @@ -220,11 +217,11 @@ has not been released yet. </para> <para> -The patch revision for 2.6 is 105181-34, for 8 is 108528-19 and for 9 is 112233-04. +The patch revision for 2.6 is 105181-34, for 8 is 108528-19, and for 9 is 112233-04. </para> <para> -After the install of these patches, it is recommended to reconfigure +After the installation of these patches, it is recommended to reconfigure and rebuild Samba. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-Problems.xml b/docs/Samba3-HOWTO/TOSHARG-Problems.xml index 2c840021f8..6b5e232af0 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Problems.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Problems.xml @@ -14,45 +14,40 @@ <para> There are many sources of information available in the form -of mailing lists, RFCs and documentation. The documentation that comes +of mailing lists, RFCs, and documentation. The documentation that comes with the Samba distribution contains good explanations of general SMB topics such as browsing.</para> <sect1> <title>Diagnostics Tools</title> -<para>With SMB networking, it is often not immediately clear what -the cause is of a certain problem. Samba itself provides rather -useful information, but in some cases you might have to fall back -to using a <emphasis>sniffer</emphasis>. A sniffer is a program that -listens on your LAN, analyzes the data sent on it and displays it -on the screen.</para> +<para> +With SMB networking, it is often not immediately clear what the cause is of a certain problem. Samba itself +provides rather useful information, but in some cases you might have to fall back to using a +<emphasis>sniffer</emphasis>. A sniffer is a program that listens on your LAN, analyzes the data sent on it, +and displays it on the screen. +</para> <sect2> <title>Debugging with Samba Itself</title> <para> -One of the best diagnostic tools for debugging problems is Samba itself. -You can use the <option>-d option</option> for both &smbd; and &nmbd; to specify the -<smbconfoption name="debug level"/> at which to run. -See the man pages for <command>smbd, nmbd</command> and -&smb.conf; for more information regarding debugging options. The debug -level can range from 1 (the default) to 10 (100 for debugging passwords). +One of the best diagnostic tools for debugging problems is Samba itself. You can use the <option>-d +option</option> for both &smbd; and &nmbd; to specify the <smbconfoption name="debug level"/> at which to run. +See the man pages for <command>smbd, nmbd</command>, and &smb.conf; for more information regarding debugging +options. The debug level can range from 1 (the default) to 10 (100 for debugging passwords). </para> <para> -Another helpful method of debugging is to compile Samba using the -<command>gcc -g </command> flag. This will include debug information in the binaries and -allow you to attach gdb to the running <command>smbd/nmbd</command> process. -To attach <command>gdb</command> to an <command>smbd</command> -process for an NT workstation, first get the workstation to make the -connection. Pressing ctrl-alt-delete and going down to the domain box -is sufficient (at least, the first time you join the domain) to -generate a <parameter>LsaEnumTrustedDomains</parameter>. Thereafter, the workstation -maintains an open connection and there will be an smbd -process running (assuming that you haven't set a really short smbd -idle timeout). So, in between pressing <command>ctrl-alt-delete</command> and actually -typing in your password, you can attach <command>gdb</command> and continue. +Another helpful method of debugging is to compile Samba using the <command>gcc -g </command> flag. This will +include debug information in the binaries and allow you to attach gdb to the running +<command>smbd/nmbd</command> process. To attach <command>gdb</command> to an <command>smbd</command> process +for an NT workstation, first get the workstation to make the connection. Pressing ctrl-alt-delete and going +down to the domain box is sufficient (at least, the first time you join the domain) to generate a +<parameter>LsaEnumTrustedDomains</parameter>. Thereafter, the workstation maintains an open connection and +there will be an smbd process running (assuming that you haven't set a really short smbd idle timeout). So, in +between pressing <command>ctrl-alt-delete</command> and actually typing in your password, you can attach +<command>gdb</command> and continue. </para> <para> @@ -82,24 +77,23 @@ and <command>tethereal</command>. <title>Ethereal</title> <para> -<ulink url="http://www.ethereal.com/">Ethereal</ulink> is a graphical -sniffer, available for both UNIX (Gtk) and Windows. Ethereal's -SMB support is quite good.</para> - -<para>For details on the use of <command>ethereal</command>, read the well-written -Ethereal User Guide.</para> +<ulink url="http://www.ethereal.com/">Ethereal</ulink> is a graphical sniffer, available for both UNIX (Gtk) +and Windows. Ethereal's SMB support is quite good. For details on the use of <command>ethereal</command>, read +the well-written Ethereal User Guide. +</para> -<figure id="ethereal1"><title>Starting a capture.</title><imagefile>ethereal1</imagefile></figure> +<figure id="ethereal1"><title>Starting a Capture.</title><imagefile>ethereal1</imagefile></figure> <para> Listen for data on ports 137, 138, 139, and 445. For example, use the filter <userinput>port 137, port 138, -port 139, or port 445</userinput> as seen in <link linkend="ethereal1">Starting a capture</link> snapshot. +port 139, or port 445</userinput> as seen in <link linkend="ethereal1">Starting a Capture</link> snapshot. </para> -<para>A console version of ethereal is available as well and is called -<command>tethereal</command>.</para> +<para> +A console version of ethereal is available as well and is called <command>tethereal</command>. +</para> -<figure id="ethereal2"><title>Main ethereal data window.</title><imagefile>ethereal2</imagefile></figure> +<figure id="ethereal2"><title>Main Ethereal Data Window.</title><imagefile>ethereal2</imagefile></figure> </sect2> @@ -107,27 +101,22 @@ port 139, or port 445</userinput> as seen in <link linkend="ethereal1">Starting <title>The Windows Network Monitor</title> <para> -For tracing things on Microsoft Windows NT, Network Monitor -(aka Netmon) is available on Microsoft Developer Network CDs, -the Windows NT Server install CD and the SMS CDs. The version of -Netmon that ships with SMS allows for dumping packets between any two -computers (i.e., placing the network interface in promiscuous mode). -The version on the NT Server install CD will only allow monitoring -of network traffic directed to the local NT box and broadcasts on the -local subnet. Be aware that Ethereal can read and write Netmon -formatted files. +For tracing things on Microsoft Windows NT, Network Monitor (aka Netmon) is available on Microsoft Developer +Network CDs, the Windows NT Server install CD, and the SMS CDs. The version of Netmon that ships with SMS +allows for dumping packets between any two computers (i.e., placing the network interface in promiscuous +mode). The version on the NT Server install CD will only allow monitoring of network traffic directed to the +local NT box and broadcasts on the local subnet. Be aware that Ethereal can read and write Netmon formatted +files. </para> <sect3> <title>Installing Network Monitor on an NT Workstation</title> <para> -Installing Netmon on an NT workstation requires a couple -of steps. The following are instructions for installing Netmon V4.00.349, which comes -with Microsoft Windows NT Server 4.0, on Microsoft Windows NT -Workstation 4.0. The process should be similar for other versions of -Windows NT version of Netmon. You will need both the Microsoft Windows -NT Server 4.0 Install CD and the Workstation 4.0 Install CD. +Installing Netmon on an NT workstation requires a couple of steps. The following are instructions for +installing Netmon V4.00.349, which comes with Microsoft Windows NT Server 4.0, on Microsoft Windows NT +Workstation 4.0. The process should be similar for other versions of Windows NT version of Netmon. You will +need both the Microsoft Windows NT Server 4.0 Install CD and the Workstation 4.0 Install CD. </para> <para> @@ -148,7 +137,7 @@ on the NT Server to do this: <para> At this point, the Netmon files should exist in <filename>%SYSTEMROOT%\System32\netmon\*.*</filename>. -Two subdirectories exist as well, <filename>parsers\</filename> which contains the necessary DLLs +Two subdirectories exist as well: <filename>parsers\</filename>, which contains the necessary DLLs for parsing the Netmon packet dump, and <filename>captures\</filename>. </para> @@ -158,10 +147,12 @@ Network Monitor Agent from the Workstation install CD. </para> <itemizedlist> - <listitem><para>Go to <guibutton>Start</guibutton> -> <guibutton>Settings</guibutton> -> <guibutton>Control Panel</guibutton> -> - <guibutton>Network</guibutton> -> <guibutton>Services</guibutton> -> <guibutton>Add</guibutton>.</para></listitem> + <listitem><para>Go to <guibutton>Start</guibutton> -> <guibutton>Settings</guibutton> -> + <guibutton>Control Panel</guibutton> -> <guibutton>Network</guibutton> -> + <guibutton>Services</guibutton> -> <guibutton>Add</guibutton>.</para></listitem> - <listitem><para>Select the <guilabel>Network Monitor Agent</guilabel>, click on <guibutton>OK</guibutton>.</para></listitem> + <listitem><para>Select the <guilabel>Network Monitor Agent</guilabel>, click on + <guibutton>OK</guibutton>.</para></listitem> <listitem><para>Click on <guibutton>OK</guibutton> in the Network Control Panel. </para></listitem> @@ -171,7 +162,7 @@ Network Monitor Agent from the Workstation install CD. <para> Now copy the files from the NT Server in <filename>%SYSTEMROOT%\System32\netmon</filename> -to <filename>%SYSTEMROOT%\System32\netmon</filename> on the Workstation and set permissions +to <filename>%SYSTEMROOT%\System32\netmon</filename> on the workstation and set permissions as you deem appropriate for your site. You will need administrative rights on the NT box to run Netmon. </para> @@ -181,7 +172,7 @@ as you deem appropriate for your site. You will need administrative rights on th <para> To install Netmon on Windows 9x/Me, install the Network Monitor Agent from the Windows 9x/Me CD (<filename>\admin\nettools\netmon</filename>). -There is a readme file located with the Netmon driver files on the CD if you need +There is a readme file included with the Netmon driver files on the CD if you need information on how to do this. Copy the files from a working Netmon installation. </para> </sect3> @@ -196,9 +187,9 @@ information on how to do this. Copy the files from a working Netmon installation <ulink noescape="1" url="http://www.skippy.net/linux/smb-howto.html"> http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem> -<listitem><para>FTP site for older SMB specs: +<listitem><para>FTP site for older SMB specs, <ulink noescape="1" url="ftp://ftp.microsoft.com/developr/drg/CIFS/"> - ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem> + ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem>. </itemizedlist> @@ -209,26 +200,26 @@ information on how to do this. Copy the files from a working Netmon installation <para> There are a number of Samba-related mailing lists. Go to <ulink -noescape="1" url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror -and then click on <command>Support</command> and next click on <command> +noescape="1" url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror, +and then click on <command>Support</command>. Next, click on <command> Samba-related mailing lists</command>. </para> <para> For questions relating to Samba TNG, go to -<ulink noescape="1" url="http://www.samba-tng.org/">http://www.samba-tng.org/.</ulink> +<ulink noescape="1" url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink>. It has been requested that you do not post questions about Samba-TNG to the -main-stream Samba lists.</para> +mainstream Samba lists.</para> <para> -If you do post a message to one of the lists, please observe the following guidelines : +If you do post a message to one of the lists, please observe the following guidelines: </para> <itemizedlist> - <listitem><para>Always remember that the developers are volunteers, they are + <listitem><para>Always remember that the developers are volunteers; they are not paid and they never guarantee to produce a particular feature at - a particular time. Any timelines are <quote>best guess</quote> and nothing more. + a particular time. Any timelines are <quote>best guess,</quote> and nothing more. </para></listitem> <listitem><para>Always mention what version of Samba you are using and what @@ -240,14 +231,14 @@ If you do post a message to one of the lists, please observe the following guide <listitem><para>In addition to the version, if you obtained Samba via CVS, mention the date when you last checked it out.</para></listitem> - <listitem><para> Try and make your questions clear and brief. Lots of long, + <listitem><para> Try to make your questions clear and brief. Lots of long, convoluted questions get deleted before they are completely read! - Do not post HTML encoded messages. Most people on mailing lists simply delete + Do not post HTML-encoded messages. Most people on mailing lists simply delete them. </para></listitem> - <listitem><para> If you run one of those nifty <quote>I'm on holidays</quote> things when - you are away, make sure its configured to not answer mailing list traffic. Auto-responses + <listitem><para> If you run one of those nifty <quote>I'm on holiday</quote> things when + you are away, make sure its configured to not answer mailing list traffic. Autoresponses to mailing lists really irritate the thousands of people who end up having to deal with such bad netiquet bahavior. </para></listitem> @@ -256,8 +247,8 @@ If you do post a message to one of the lists, please observe the following guide and see what happens. Do not post to both samba-ntdom and samba-technical. Many people active on the lists subscribe to more than one list and get annoyed to see the same message two or more times. - Often someone will see a message and thinking it would be better dealt - with on another list, will forward it on for you.</para></listitem> + Often someone who thinks a message would be better dealt + with on another list will forward it on for you.</para></listitem> <listitem><para>You might include <emphasis>partial</emphasis> log files written at a debug level set to as much as 20. @@ -281,9 +272,9 @@ If you do post a message to one of the lists, please observe the following guide <para>To have your name removed from a Samba mailing list, go to the same place where you went to -subscribe to it. Go to <ulink noescape="1" url="http://lists.samba.org/">http://lists.samba.org</ulink>, -click on your nearest mirror, click on <command>Support</command> and -then click on<command> Samba related mailing lists</command>. +subscribe to it, go to <ulink noescape="1" url="http://lists.samba.org/">http://lists.samba.org</ulink>, +click on your nearest mirror, click on <command>Support</command>, and +then click on <command>Samba-related mailing lists</command>. </para> <para> diff --git a/docs/Samba3-HOWTO/TOSHARG-SWAT.xml b/docs/Samba3-HOWTO/TOSHARG-SWAT.xml index 1995778d33..1f05a3f25d 100644 --- a/docs/Samba3-HOWTO/TOSHARG-SWAT.xml +++ b/docs/Samba3-HOWTO/TOSHARG-SWAT.xml @@ -6,15 +6,15 @@ <pubdate>April 21, 2003</pubdate> </chapterinfo> -<title>SWAT &smbmdash; The Samba Web Administration Tool</title> +<title>SWAT: The Samba Web Administration Tool</title> <para> There are many and varied opinions regarding the usefulness of SWAT. No matter how hard one tries to produce the perfect configuration tool, it remains -an object of personal taste. SWAT is a tool that will allow Web-based configuration +an object of personal taste. SWAT is a tool that allows Web-based configuration of Samba. It has a wizard that may help to get Samba configured quickly, it has context-sensitive help on each &smb.conf; parameter, it provides for monitoring of current state -of connection information, and it allows network-wide MS Windows network password +of connection information, and it allows networkwide MS Windows network password management. </para> @@ -23,22 +23,22 @@ management. <para> SWAT is a facility that is part of the Samba suite. The main executable is called -<command>swat</command> and is invoked by the inter-networking super daemon. +<command>swat</command> and is invoked by the internetworking super daemon. See <link linkend="xinetd">appropriate section</link> for details. </para> <para> -SWAT uses integral samba components to locate parameters supported by the particular +SWAT uses integral Samba components to locate parameters supported by the particular version of Samba. Unlike tools and utilities that are external to Samba, SWAT is always up to date as known Samba parameters change. SWAT provides context-sensitive help for each configuration parameter, directly from <command>man</command> page entries. </para> <para> -There are network administrators who believe that it is a good idea to write systems +Some network administrators believe that it is a good idea to write systems documentation inside configuration files, and for them SWAT will always be a nasty tool. SWAT -does not store the configuration file in any intermediate form, rather, it stores only the -parameter settings, so when SWAT writes the &smb.conf; file to disk, it will write only +does not store the configuration file in any intermediate form; rather, it stores only the +parameter settings, so when SWAT writes the &smb.conf; file to disk, it writes only those parameters that are at other than the default settings. The result is that all comments, as well as parameters that are no longer supported, will be lost from the &smb.conf; file. Additionally, the parameters will be written back in internal ordering. @@ -46,8 +46,8 @@ Additionally, the parameters will be written back in internal ordering. <note><para> Before using SWAT, please be warned &smbmdash; SWAT will completely replace your &smb.conf; with -a fully-optimized file that has been stripped of all comments you might have placed there -and only non-default settings will be written to the file. +a fully optimized file that has been stripped of all comments you might have placed there +and only nondefault settings will be written to the file. </para></note> </sect1> @@ -57,7 +57,7 @@ and only non-default settings will be written to the file. <para> This section aims to unlock the dark secrets behind how SWAT may be made to work, -may be made more secure, and how to solve Internationalization support problems. +how it can be made more secure, and how to solve internationalization support problems. </para> <sect2> @@ -66,13 +66,13 @@ may be made more secure, and how to solve Internationalization support problems. <para> The very first step that should be taken before attempting to configure a host system for SWAT operation is to check that it is installed. This may seem a trivial -point to some, however several Linux distributions do not install SWAT by default, -even though they do ship an install-able binary support package containing SWAT +point to some, but several Linux distributions do not install SWAT by default, +even though they do ship an installable binary support package containing SWAT on the distribution media. </para> <para> -When you have confirmed that SWAT is installed it is necessary to validate +When you have confirmed that SWAT is installed, it is necessary to validate that the installation includes the binary <command>swat</command> file as well as all the supporting text and Web files. A number of operating system distributions in the past have failed to include the necessary support files, even though the @@ -80,36 +80,36 @@ in the past have failed to include the necessary support files, even though the </para> <para> -Finally, when you are sure that SWAT has been fully installed, please check the SWAT -has been enabled in the control file for the inter-networking super-daemon (inetd or xinetd) +Finally, when you are sure that SWAT has been fully installed, please check that SWAT +is enabled in the control file for the internetworking super-daemon (inetd or xinetd) that is used on your operating system platform. </para> <sect3> -<title>Locating the <command>swat</command> File</title> +<title>Locating the <command>SWAT</command> File</title> <para> To validate that SWAT is installed, first locate the <command>swat</command> binary -file on the system. It may be found under the following directories: -<simplelist> - <member><filename>/usr/local/samba/bin</filename> &smbmdash; the default Samba location.</member> - <member><filename>/usr/sbin</filename> &smbmdash; the default location on most Linux systems.</member> +file on the system. It may be found under the following directories:</para> +<para><simplelist> + <member><filename>/usr/local/samba/bin</filename> &smbmdash; the default Samba location</member> + <member><filename>/usr/sbin</filename> &smbmdash; the default location on most Linux systems</member> <member><filename>/opt/samba/bin</filename></member> </simplelist> </para> <para> -The actual location is much dependant on the choice of the operating system vendor, or as determined +The actual location is much dependent on the choice of the operating system vendor or as determined by the administrator who compiled and installed Samba. </para> <para> -There are a number methods that may be used to locate the <command>swat</command> binary file. -The following methods may be helpful: +There are a number of methods that may be used to locate the <command>swat</command> binary file. +The following methods may be helpful. </para> <para> -If <command>swat</command> is in your current operating system search path it will be easy to +If <command>swat</command> is in your current operating system search path, it will be easy to find it. You can ask what are the command-line options for <command>swat</command> as shown here: <screen> frodo:~ # swat -? @@ -212,7 +212,7 @@ jht@frodo:/> </para> <para> -If the files needed are not available it will be necessary to obtain and install them +If the files needed are not available, it is necessary to obtain and install them before SWAT can be used. </para> @@ -232,7 +232,7 @@ your UNIX/Linux system has, you will have either an <command>inetd</command>- or The nature and location of the network super-daemon varies with the operating system implementation. The control file (or files) can be located in the file <filename>/etc/inetd.conf</filename> or in the directory <filename>/etc/[x]inet[d].d</filename> -or similar. +or in a similar location. </para> <para> @@ -274,7 +274,7 @@ as shown. </para> <para> -Both of the above examples assume that the <command>swat</command> binary has been +Both of the previous examples assume that the <command>swat</command> binary has been located in the <filename>/usr/sbin</filename> directory. In addition to the above, SWAT will use a directory access point from which it will load its Help files as well as other control information. The default location for this on most Linux @@ -286,16 +286,16 @@ location using Samba defaults will be <filename>/usr/local/samba/swat</filename> Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user, the only permission allowed is to view certain aspects of configuration as well as access to the password change facility. The buttons that will be exposed to the non-root -user are: <guibutton>HOME</guibutton>, <guibutton>STATUS</guibutton>, <guibutton>VIEW</guibutton>, +user are <guibutton>HOME</guibutton>, <guibutton>STATUS</guibutton>, <guibutton>VIEW</guibutton>, and <guibutton>PASSWORD</guibutton>. The only page that allows change capability in this case is <guibutton>PASSWORD</guibutton>. </para> <para> As long as you log onto SWAT as the user <emphasis>root</emphasis>, you should obtain -full change and commit ability. The buttons that will be exposed include: +full change and commit ability. The buttons that will be exposed include <guibutton>HOME</guibutton>, <guibutton>GLOBALS</guibutton>, <guibutton>SHARES</guibutton>, <guibutton>PRINTERS</guibutton>, -<guibutton>WIZARD</guibutton>, <guibutton>STATUS</guibutton>, <guibutton>VIEW</guibutton>, <guibutton>PASSWORD</guibutton>. +<guibutton>WIZARD</guibutton>, <guibutton>STATUS</guibutton>, <guibutton>VIEW</guibutton>, and <guibutton>PASSWORD</guibutton>. </para> </sect2> @@ -306,7 +306,7 @@ full change and commit ability. The buttons that will be exposed include: <para> <indexterm><primary>swat</primary><secondary>security</secondary></indexterm> -Many people have asked about how to setup SWAT with SSL to allow for secure remote +Many people have asked about how to set up SWAT with SSL to allow for secure remote administration of Samba. Here is a method that works, courtesy of Markus Krieger. </para> @@ -329,7 +329,7 @@ Modifications to the SWAT setup are as follows: </screen></para></step> <step><para> - Remove swat-entry from [x]inetd. + Remove SWAT entry from [x]inetd. </para></step> <step><para> @@ -342,7 +342,7 @@ Modifications to the SWAT setup are as follows: </procedure> <para> -Afterward, simply connect to swat by using the URL <ulink noescape="1" url="https://myhost:901">https://myhost:901</ulink>, accept the certificate +Afterward, simply connect to SWAT by using the URL <ulink noescape="1" url="https://myhost:901">https://myhost:901</ulink>, accept the certificate, and the SSL connection is up. </para> @@ -373,8 +373,8 @@ To enable this feature: </itemizedlist> <para> -The name of msg file is same as the language ID sent by the browser. For -example en means "English", ja means "Japanese", fr means "French. +The name of the <command>msg</command> file is the same as the language ID sent by the browser. For +example, <emphasis>en</emphasis> means English, <emphasis>ja</emphasis> means Japanese, <emphasis>fr</emphasis> means French. </para> <para> @@ -388,12 +388,12 @@ msgid "Set Default" msgstr "Imposta Default" </screen> and so on. If you find a mistake or create a new <command>msg</command> file, please email it -to us so we will include this in the next release of Samba. The <command>msg</command> file should be encoded in UTF-8. +to us so we will consider it in the next release of Samba. The <command>msg</command> file should be encoded in UTF-8. </para> <para> Note that if you enable this feature and the <smbconfoption name="display charset"/> is not -matched to your browsers setting, the SWAT display may be corrupted. In a future version of +matched to your browser's setting, the SWAT display may be corrupted. In a future version of Samba, SWAT will always display messages with UTF-8 encoding. You will then not need to set this &smb.conf; file parameter. </para> @@ -406,8 +406,8 @@ this &smb.conf; file parameter. <title>Overview and Quick Tour</title> <para> -SWAT is a tools that many be used to configure Samba, or just to obtain useful links -to important reference materials such as the contents of this book, as well as other +SWAT is a tool that may be used to configure Samba or just to obtain useful links +to important reference materials such as the contents of this book as well as other documents that have been found useful for solving Windows networking problems. </para> @@ -423,15 +423,15 @@ document) as well as the O'Reilly book <quote>Using Samba.</quote> <para> Administrators who wish to validate their Samba configuration may obtain useful information from the man pages for the diagnostic utilities. These are available from the SWAT home page -also. One diagnostic tool that is not mentioned on this page, but that is particularly -useful is <ulink url="http://www.ethereal.com/"><command>ethereal</command>.</ulink> +also. One diagnostic tool that is not mentioned on this page but that is particularly +useful is <ulink url="http://www.ethereal.com/"><command>ethereal</command></ulink>. </para> <warning><para> SWAT can be configured to run in <emphasis>demo</emphasis> mode. This is not recommended -as it runs SWAT without authentication and with full administrative ability. Allows +because it runs SWAT without authentication and with full administrative ability. It allows changes to &smb.conf; as well as general operation with root privileges. The option that -creates this ability is the <option>-a</option> flag to swat. <emphasis>Do not use this in a +creates this ability is the <option>-a</option> flag to SWAT. <emphasis>Do not use this in a production environment.</emphasis> </para></warning> @@ -441,7 +441,7 @@ production environment.</emphasis> <title>Global Settings</title> <para> -The <guibutton>GLOBALS</guibutton> button will expose a page that allows configuration of the global parameters +The <guibutton>GLOBALS</guibutton> button exposes a page that allows configuration of the global parameters in &smb.conf;. There are two levels of exposure of the parameters: </para> @@ -464,7 +464,7 @@ You may also do this by clicking on the radio button, then click on the <guibutt <para> After making any changes to configuration parameters, make sure that you click on the -<guibutton>Commit Changes</guibutton> button before moving to another area, otherwise +<guibutton>Commit Changes</guibutton> button before moving to another area; otherwise, your changes will be lost. </para> @@ -480,16 +480,16 @@ for, simply click on the <title>Share Settings</title> <para> -To effect a currently configured share, simply click on the pull down button between the -<guibutton>Choose Share</guibutton> and the <guibutton>Delete Share</guibutton> buttons, -select the share you wish to operate on, then to edit the settings +To affect a currently configured share, simply click on the pull-down button between the +<guibutton>Choose Share</guibutton> and the <guibutton>Delete Share</guibutton> buttons and +select the share you wish to operate on. To edit the settings, click on the <guibutton>Choose Share</guibutton> button. To delete the share, simply press the <guibutton>Delete Share</guibutton> button. </para> <para> -To create a new share, next to the button labeled <guibutton>Create Share</guibutton> enter +To create a new share, next to the button labeled <guibutton>Create Share</guibutton>, enter into the text field the name of the share to be created, then click on the <guibutton>Create Share</guibutton> button. </para> @@ -500,16 +500,16 @@ into the text field the name of the share to be created, then click on the <title>Printers Settings</title> <para> -To affect a currently configured printer, simply click on the pull down button between the -<guibutton>Choose Printer</guibutton> and the <guibutton>Delete Printer</guibutton> buttons, -select the printer you wish to operate on, then to edit the settings +To affect a currently configured printer, simply click on the pull-down button between the +<guibutton>Choose Printer</guibutton> and the <guibutton>Delete Printer</guibutton> buttons and +select the printer you wish to operate on. To edit the settings, click on the <guibutton>Choose Printer</guibutton> button. To delete the share, simply press the <guibutton>Delete Printer</guibutton> button. </para> <para> -To create a new printer, next to the button labeled <guibutton>Create Printer</guibutton> enter +To create a new printer, next to the button labeled <guibutton>Create Printer</guibutton>, enter into the text field the name of the share to be created, then click on the <guibutton>Create Printer</guibutton> button. </para> @@ -520,14 +520,14 @@ into the text field the name of the share to be created, then click on the <title>The SWAT Wizard</title> <para> -The purpose if the SWAT Wizard is to help the Microsoft-knowledgeable network administrator +The purpose of the SWAT Wizard is to help the Microsoft-knowledgeable network administrator to configure Samba with a minimum of effort. </para> <para> The Wizard page provides a tool for rewriting the &smb.conf; file in fully optimized format. This will also happen if you press the <guibutton>Commit</guibutton> button. The two differ -since the <guibutton>Rewrite</guibutton> button ignores any changes that may have been made, +because the <guibutton>Rewrite</guibutton> button ignores any changes that may have been made, while the <guibutton>Commit</guibutton> button causes all changes to be affected. </para> @@ -537,7 +537,7 @@ options that may be necessary to create a working Samba server. </para> <para> -Finally, there are a limited set of options that will determine what type of server Samba +Finally, there are a limited set of options that determine what type of server Samba will be configured for, whether it will be a WINS server, participate as a WINS client, or operate with no WINS support. By clicking one button, you can elect to expose (or not) user home directories. @@ -550,18 +550,18 @@ home directories. <para> The status page serves a limited purpose. First, it allows control of the Samba daemons. -The key daemons that create the Samba server environment are: &smbd;, &nmbd;, &winbindd;. +The key daemons that create the Samba server environment are &smbd;, &nmbd;, and &winbindd;. </para> <para> The daemons may be controlled individually or as a total group. Additionally, you may set an automatic screen refresh timing. As MS Windows clients interact with Samba, new smbd processes -will be continually spawned. The auto-refresh facility will allow you to track the changing +are continually spawned. The auto-refresh facility allows you to track the changing conditions with minimal effort. </para> <para> -Lastly, the Status page may be used to terminate specific smbd client connections in order to +Finally, the status page may be used to terminate specific smbd client connections in order to free files that may be locked. </para> @@ -571,8 +571,8 @@ free files that may be locked. <title>The View Page</title> <para> -This page allows the administrator to view the optimized &smb.conf; file and, if you are -particularly masochistic, will permit you also to see all possible global configuration +The view page allows you to view the optimized &smb.conf; file and, if you are +particularly masochistic, permits you also to see all possible global configuration parameters and their settings. </para> @@ -582,13 +582,13 @@ parameters and their settings. <title>The Password Change Page</title> <para> -The Password Change page is a popular tool that allows the creation, deletion, deactivation, -and reactivation of MS Windows networking users on the local machine. Alternately, you can use +The password change page is a popular tool that allows the creation, deletion, deactivation, +and reactivation of MS Windows networking users on the local machine. You can also use this tool to change a local password for a user account. </para> <para> -When logged in as a non-root account, the user will have to provide the old password as well as +When logged in as a non-root account, the user must provide the old password as well as the new password (twice). When logged in as <emphasis>root</emphasis>, only the new password is required. </para> diff --git a/docs/Samba3-HOWTO/TOSHARG-Speed.xml b/docs/Samba3-HOWTO/TOSHARG-Speed.xml index 1e74a22396..c9707552e8 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Speed.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Speed.xml @@ -20,7 +20,7 @@ <title>Comparisons</title> <para> -The Samba server uses TCP to talk to the client. Thus if you are +The Samba server uses TCP to talk to the client, so if you are trying to see if it performs well, you should really compare it to programs that use the same protocol. The most readily available programs for file transfer that use TCP are ftp or another TCP-based @@ -41,7 +41,7 @@ although this depends on your system. </para> <para> -Several people have done comparisons between Samba and Novell, NFS or +Several people have done comparisons between Samba and Novell, NFS, or Windows NT. In some cases Samba performed the best, in others the worst. I suspect the biggest factor is not Samba versus some other system, but the hardware and drivers used on the various systems. Given similar @@ -61,7 +61,7 @@ performance of a TCP-based server like Samba. <para> The socket options that Samba uses are settable both on the command -line with the <option>-O</option> option, or in the &smb.conf; file. +line with the <option>-O</option> option and in the &smb.conf; file. </para> <para> @@ -86,7 +86,7 @@ this is that the Microsoft TCP/IP stack is slow in sending TCP ACKs. <para> There have been reports that setting <parameter>socket options = SO_RCVBUF=8192</parameter> in smb.conf can seriously degrade Samba performance on the loopback adaptor (IP Address 127.0.0.1). It is strongly -recommended that before specifying any settings for <parameter>socket options</parameter> the effect +recommended that before specifying any settings for <parameter>socket options</parameter>, the effect first be quantitatively measured on the server being configured. </para> @@ -98,7 +98,7 @@ first be quantitatively measured on the server being configured. <para> The option <smbconfoption name="read size"/> affects the overlap of disk reads/writes with network reads/writes. If the amount of data being -transferred in several of the SMB commands (currently SMBwrite, SMBwriteX and +transferred in several of the SMB commands (currently SMBwrite, SMBwriteX, and SMBreadbraw) is larger than this value, then the server begins writing the data before it has received the whole packet from the network, or in the case of SMBreadbraw, it begins writing to the network before @@ -129,7 +129,7 @@ which limits the size of nearly all SMB commands. You can set the maximum size that Samba will negotiate using the <smbconfoption name="max xmit"/> option in &smb.conf;. Note that this is the maximum size of SMB requests that Samba will accept, but not the maximum size that the client will accept. -The client maximum receive size is sent to Samba by the client and Samba +The client maximum receive size is sent to Samba by the client, and Samba honors this limit. </para> @@ -146,7 +146,7 @@ In most cases the default is the best option. <title>Log Level</title> <para> -If you set the log level (also known as <smbconfoption name="debug level"/>) higher than 2 +If you set the log level (also known as <smbconfoption name="debug level"/>) higher than 2, then you may suffer a large drop in performance. This is because the server flushes the log file after each operation, which can be quite expensive. @@ -166,12 +166,8 @@ being enabled by default. <para> In some cases clients do not handle <smbconfoption name="read raw"/> very well and actually get lower performance using it than they get using the conventional -read operations. -</para> - -<para> -So you might like to try <smbconfoption name="read raw">no</smbconfoption> and see what happens on your -network. It might lower, raise or not effect your performance. Only +read operations, so you might like to try <smbconfoption name="read raw">no</smbconfoption> and see what happens on your +network. It might lower, raise, or not affect your performance. Only testing can really tell. </para> @@ -227,11 +223,11 @@ I am running Gentoo on my server and Samba 2.2.8a. Recently I changed kernel version from <filename>linux-2.4.19-gentoo-r10</filename> to <filename>linux-2.4.20-wolk4.0s</filename>. And now I have a performance issue with Samba. Many of you will probably say, <quote>Move to vanilla sources!</quote> -Well, I tried that and it didn't work. I have a 100mb LAN and two computers (Linux and +Well, I tried that and it didn't work. I have a 100MB LAN and two computers (Linux and Windows 2000). The Linux server shares directories with DivX files, the client -(Windows 2000) plays them via LAN. Before when I was running the 2.4.19 kernel +(Windows 2000) plays them via LAN. Before, when I was running the 2.4.19 kernel, everything was fine, but now movies freeze and stop. I tried moving -files between the server and Windows and it is terribly slow. +files between the server and Windows, and it is terribly slow. (John, should this be set off as an extract???????) </para> <para> @@ -242,7 +238,7 @@ The answer he was given is: Grab the mii-tool and check the duplex settings on the NIC. My guess is that it is a link layer issue, not an application layer problem. Also run ifconfig and verify that the framing -error, collisions, and so on, look normal for ethernet. +error, collisions, and so on, look normal for ethernet. (John, should this be set off as an extract???????) </para> </sect1> @@ -253,14 +249,14 @@ error, collisions, and so on, look normal for ethernet. <para> Our Samba PDC server has been hosting three TB of data to our 500+ users [Windows NT/XP] for the last three years using Samba without a problem. -Today all shares went very slow. Also the main smbd kept -spawning new processes so we had 1600+ running smbd's (normally we avg. 250). +Today all shares went very slow. Also, the main smbd kept +spawning new processes, so we had 1600+ running SMDB's (normally we average 250). It crashed the SUN E3500 cluster twice. After a lot of searching, I decided to <command>rm /var/locks/*.tdb</command>. Happy again. </para> <para> -<emphasis>Question:</emphasis> Is there any method of keeping the *.tdb files in top condition or +<emphasis>Question:</emphasis> Is there any method of keeping the *.tdb files in top condition, or how can I detect early corruption? </para> @@ -284,12 +280,12 @@ a lot lower than before the locks cleanup. Any ideas on keeping it top notch? <para> A site reported experiencing very baffling symptoms with MYOB Premier opening and -accessing it's data-files. Some operations on the file would take between 40 and +accessing its data files. Some operations on the file would take between 40 and 45 seconds. </para> <para> -It turned out that the printer monitor program running on the windows +It turned out that the printer monitor program running on the Windows clients was causing the problems. From the logs, we saw activity coming through with pauses of about 1 second. </para> @@ -297,19 +293,19 @@ through with pauses of about 1 second. <para> Stopping the monitor software resulted in the networks access at normal (quick) speed. Restarting the program caused the speed to slow down -again. The printer was a cannon lbp810 and the relevant task was +again. The printer was a Canon LBP-810 and the relevant task was something like CAPON (not sure on spelling). The monitor software -displayed a printing now dialog on the client during printing. +displayed a "printing now" dialog on the client during printing. </para> <para> -We discovered this by starting with a clean install of windows and -trying the app at every step of the installation of other software -process (had to do this many times). +We discovered this by starting with a clean install of Windows and +trying the application at every step of the installation of other software +process (we had to do this many times). </para> <para> -Moral of the story, check everything (other software included)! +Moral of the story: Check everything (other software included)! </para> </sect1> diff --git a/docs/Samba3-HOWTO/TOSHARG-glossary.xml b/docs/Samba3-HOWTO/TOSHARG-glossary.xml index 3a36e2c553..da61267e4e 100644 --- a/docs/Samba3-HOWTO/TOSHARG-glossary.xml +++ b/docs/Samba3-HOWTO/TOSHARG-glossary.xml @@ -17,7 +17,7 @@ <acronym>ADS</acronym> <glossdef><para> A service unique to Microsoft Windows 200x servers that provides a centrally managed - directory for management of user identities, and computer objects, as well as the permissions + directory for management of user identities and computer objects, as well as the permissions each user or computer may be granted to access distributed network resources. ADS uses Kerberos-based authentication and LDAP over Kerberos for directory access. @@ -42,8 +42,8 @@ <acronym>CUPS</acronym> <glossdef><para> A recent implementation of a high capability printing system for UNIX developed by - <ulink url="http://www.easysw.com/">.</ulink> The design objective of CUPS was to provide - a rich print processing system that has built-in intelligence that is capable of correctly rendering (processing) + <ulink url="http://www.easysw.com/"></ulink>. The design objective of CUPS was to provide + a rich print processing system that has built-in intelligence capable of correctly rendering (processing) a file that is submitted for printing even if it was formatted for an entirely different printer. </para> </glossdef> @@ -52,7 +52,7 @@ <glossentry> <glossterm>Domain Master Browser</glossterm> <acronym>DMB</acronym> - <glossdef><para>The Domain Master Browser maintains a list of all the servers that + <glossdef><para>The domain master browser maintains a list of all the servers that have announced their services within a given workgroup or NT domain. See <link linkend="DMB"/> for details. </para></glossdef> </glossentry> @@ -61,9 +61,9 @@ <glossterm>Domain Name Service</glossterm> <acronym>DNS</acronym> <glossdef><para> - A protocol by which computer host names may be resolved to the matching IP address/es. DNS is implemented + A protocol by which computer hostnames may be resolved to the matching IP address/es. DNS is implemented by the Berkeley Internet Name Daemon. There exists a recent version of DNS that allows dynamic name registration - by network clients or by a DHCP server. This recent protocol is known as Dynamic DNS (DDNS). + by network clients or by a DHCP server. This recent protocol is known as dynamic DNS (DDNS). </para></glossdef> </glossentry> @@ -74,7 +74,7 @@ A protocol that was based on the BOOTP protocol that may be used to dynamically assign an IP address, from a reserved pool of addresses, to a network client or device. Additionally, DHCP may assign all network configuration settings and may be used to register a computer name and its address with a - Dynamic DNS server. + dynamic DNS server. </para></glossdef> </glossentry> <glossentry> @@ -92,7 +92,7 @@ <glossterm>Graphical Device Interface</glossterm> <acronym>GDI</acronym> <glossdef><para> - Device Independent format for printing used by Microsoft Windows. + Device-independent format for printing used by Microsoft Windows. It is quite similar to what PostScript is for UNIX. Printing jobs are first generated in GDI and then converted to a device-specific format. See <link linkend="gdipost"/> for details. </para></glossdef> @@ -102,8 +102,8 @@ <glossterm>Group IDentifier</glossterm> <acronym>GID</acronym> <glossdef><para> - The UNIX system Group Identifier; on older systems a 32-bit unsigned integer and on newer systems - an unsigned 64-bit integer. The GID is used in UNIX-like operating systems for all group level access + The UNIX system group identifier; on older systems, a 32-bit unsigned integer, and on newer systems + an unsigned 64-bit integer. The GID is used in UNIX-like operating systems for all group-level access control. </para></glossdef> </glossentry> @@ -128,7 +128,7 @@ <acronym>NetBEUI</acronym> <glossdef><para> Very simple network protocol invented by IBM and Microsoft. It is used - to do NetBIOS over ethernet with low overhead. NetBEUI is a non-routable + to do NetBIOS over Ethernet with low overhead. NetBEUI is a nonroutable protocol. </para></glossdef> </glossentry> @@ -137,11 +137,11 @@ <glossterm>Network Basic Input/Output System</glossterm> <acronym>NetBIOS</acronym> <glossdef><para> - NetBIOS is a simple application programming interface (API) invented in the eighties + NetBIOS is a simple application programming interface (API) invented in the 1980s that allows programs to send data to certain network names. NetBIOS is always run over another network protocol such as IPX/SPX, TCP/IP, or Logical Link Control (LLC). NetBIOS run over LLC - is best known as NetBEUI (The NetBIOS Extended User Interface &smbmdash; a complete misnomer!). + is best known as NetBEUI (NetBIOS Extended User Interface &smbmdash; a complete misnomer!). </para></glossdef> </glossentry> @@ -149,7 +149,7 @@ <glossentry> <glossterm>NetBT</glossterm> <acronym>NBT</acronym> - <glossdef><para>Protocol for transporting NetBIOS frames over TCP/IP. Uses ports 137, 138 and 139. + <glossdef><para>Protocol for transporting NetBIOS frames over TCP/IP. Uses ports 137, 138, and 139. NetBT is a fully routable protocol. </para></glossdef> </glossentry> @@ -159,9 +159,9 @@ <glossentry> <glossterm>Local Master Browser</glossterm> <acronym>LMB</acronym> - <glossdef><para>The Local Master Browser maintains a list + <glossdef><para>The local master browser maintains a list of all servers that have announced themselves within a given workgroup or NT domain on a particular - broadcast isolated subnet. See <link linkend="DMB"/> for details. + broadcast-isolated subnet. See <link linkend="DMB"/> for details. </para></glossdef> </glossentry> @@ -169,7 +169,7 @@ <glossterm>Printer Command Language</glossterm> <acronym>PCL</acronym> <glossdef><para> - A printer page description language that was developed by Hewlett Packard + A printer page description language that was developed by Hewlett-Packard and is in common use today. </para></glossdef> </glossentry> @@ -179,9 +179,9 @@ <acronym>PDF</acronym> <glossdef> <para> - A highly compressed document format, based on postscript, used as a document distribution format - that is supported by Web browsers as well as many applications. Adobe also distribute an application - called <quote>acrobat</quote> which is a PDF reader. + A highly compressed document format, based on PostScript, used as a document distribution format + that is supported by Web browsers as well as many applications. Adobe also distributes an application + called <quote>Acrobat,</quote> which is a PDF reader. </para> </glossdef> </glossentry> @@ -198,9 +198,9 @@ <glossterm>PostScript Printer Description</glossterm> <acronym>PPD</acronym> <glossdef><para> - PPD's specify and control options supported by postscript printers, such as duplexing, stapling, - DPI, ... See also <link linkend="post-and-ghost"/>. PPD files can be read by printing applications - to enable correct postscript page layout for a particular postscript printer. + PPDs specify and control options supported by PostScript printers, such as duplexing, stapling, + and DPI. See also <link linkend="post-and-ghost"/>. PPD files can be read by printing applications + to enable correct PostScript page layout for a particular PostScript printer. </para></glossdef> </glossentry> @@ -209,10 +209,10 @@ <acronym>SMB</acronym> <glossdef><para> SMB was the original name of the protocol `spoken' by - Samba. It was invented in the eighties by IBM and adopted + Samba. It was invented in the 1980s by IBM and adopted and extended further by Microsoft. Microsoft renamed the protocol to CIFS during the Internet hype in the - nineties. + 1990s. </para></glossdef> </glossentry> @@ -220,8 +220,8 @@ <glossterm>User IDentifier</glossterm> <acronym>UID</acronym> <glossdef><para> - The UNIX system User Identifier; on older systems a 32-bit unsigned integer and on newer systems - an unsigned 64-bit integer. The UID is used in UNIX-like operating systems for all user level access + The UNIX system user identifier; on older systems a 32-bit unsigned integer, and on newer systems, + an unsigned 64-bit integer. The UID is used in UNIX-like operating systems for all user-level access control. </para></glossdef> </glossentry> diff --git a/docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml b/docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml index 6f3853fd6f..65b91dfa87 100644 --- a/docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml +++ b/docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml @@ -23,12 +23,12 @@ the move from 2.2.x to 3.0.20. Samba-3.0.20 default behavior should be approximately the same as Samba-2.2.x. The default behavior when the new parameter <smbconfoption name="passdb backend"/> is not defined in the &smb.conf; file provides the same default behavior as Samba-2.2.x -with <smbconfoption name="encrypt passwords">Yes</smbconfoption>, and +with <smbconfoption name="encrypt passwords">Yes</smbconfoption> and will use the <filename>smbpasswd</filename> database. </para> <para> -So why say that <emphasis>behavior should be approximately the same as Samba-2.2.x?</emphasis> Because +So why say that <emphasis>behavior should be approximately the same as Samba-2.2.x</emphasis>? Because Samba-3.0.20 can negotiate new protocols, such as support for native Unicode, that may result in differing protocol code paths being taken. The new behavior under such circumstances is not exactly the same as the old one. The good news is that the domain and machine SIDs will be @@ -36,10 +36,10 @@ preserved across the upgrade. </para> <para> -If the Samba-2.2.x system was using an LDAP backend, and there is no time to update the LDAP +If the Samba-2.2.x system is using an LDAP backend, and there is no time to update the LDAP database, then make sure that <smbconfoption name="passdb backend">ldapsam_compat</smbconfoption> is specified in the &smb.conf; file. For the rest, behavior should remain more or less the same. -At a later date, when there is time to implement a new Samba-3 compatible LDAP backend, it is possible +At a later date, when there is time to implement a new Samba-3-compatible LDAP backend, it is possible to migrate the old LDAP database to the new one through use of the <command>pdbedit</command>. See <link linkend="pdbeditthing">The <emphasis>pdbedit</emphasis> Command</link>. </para> @@ -60,8 +60,8 @@ The major new features are: </para></listitem> <listitem><para> - Unicode support. Samba will now negotiate Unicode on the wire and - internally there is a much better infrastructure for multi-byte + Unicode support. Samba will now negotiate Unicode on the wire, and + internally there is a much better infrastructure for multibyte and Unicode character sets. </para></listitem> @@ -90,7 +90,7 @@ The major new features are: </para></listitem> <listitem><para> - Better Windows 200x/XP printing support including publishing + Better Windows 200x/XP printing support, including publishing printer attributes in Active Directory. </para></listitem> @@ -104,12 +104,12 @@ The major new features are: <listitem><para> Support for migrating from a Windows NT 4.0 domain to a Samba - domain and maintaining user, group and domain SIDs. + domain and maintaining user, group, and domain SIDs. </para></listitem> <listitem><para> Support for establishing trust relationships with Windows NT 4.0 - Domain Controllers. + domain controllers. </para></listitem> <listitem><para> @@ -145,7 +145,7 @@ complete descriptions of new or modified parameters. <sect2> <title>Removed Parameters</title> -<para>(Ordered Alphabetically):</para> +<para>In alphabetical order, these are the parameters eliminated for Samba 3.0.20.</para> <itemizedlist> <listitem><para>admin log </para></listitem> @@ -175,7 +175,7 @@ complete descriptions of new or modified parameters. <sect2> <title>New Parameters</title> -<para>(New parameters have been grouped by function):</para> +<para>New parameters in Samba 3.0.20 are grouped by function):</para> <para>Remote Management</para> @@ -184,7 +184,7 @@ complete descriptions of new or modified parameters. <listitem><para>shutdown script </para></listitem> </itemizedlist> -<para>User and Group Account Management:</para> +<para>User and Group Account Management</para> <itemizedlist> <listitem><para>add group script </para></listitem> @@ -197,14 +197,14 @@ complete descriptions of new or modified parameters. <listitem><para>set primary group script </para></listitem> </itemizedlist> -<para>Authentication:</para> +<para>Authentication</para> <itemizedlist> <listitem><para>auth methods </para></listitem> <listitem><para>realm </para></listitem> </itemizedlist> -<para>Protocol Options:</para> +<para>Protocol Options</para> <itemizedlist> <listitem><para>client lanman auth </para></listitem> @@ -221,7 +221,7 @@ complete descriptions of new or modified parameters. <listitem><para>use spnego </para></listitem> </itemizedlist> -<para>File Service:</para> +<para>File Service</para> <itemizedlist> <listitem><para>get quota command </para></listitem> @@ -237,14 +237,14 @@ complete descriptions of new or modified parameters. <listitem><para>vfs objects </para></listitem> </itemizedlist> -<para>Printing:</para> +<para>Printing</para> <itemizedlist> <listitem><para>max reported print jobs </para></listitem> </itemizedlist> -<para>Unicode and Character Sets:</para> +<para>Unicode and Character Sets</para> <itemizedlist> <listitem><para>display charset </para></listitem> @@ -253,7 +253,7 @@ complete descriptions of new or modified parameters. <listitem><para>UNIX charset </para></listitem> </itemizedlist> -<para>SID to UID/GID Mappings:</para> +<para>SID to UID/GID Mappings</para> <itemizedlist> <listitem><para>idmap backend </para></listitem> @@ -265,7 +265,7 @@ complete descriptions of new or modified parameters. <listitem><para>enable rid algorithm </para></listitem> </itemizedlist> -<para>LDAP:</para> +<para>LDAP</para> <itemizedlist> <listitem><para>ldap delete dn </para></listitem> @@ -276,7 +276,7 @@ complete descriptions of new or modified parameters. <listitem><para>ldap user suffix </para></listitem> </itemizedlist> -<para>General Configuration:</para> +<para>General Configuration</para> <itemizedlist> <listitem><para>preload modules </para></listitem> @@ -286,7 +286,7 @@ complete descriptions of new or modified parameters. </sect2> <sect2> -<title>Modified Parameters (Changes in Behavior):</title> +<title>Modified Parameters (Changes in Behavior)</title> <itemizedlist> <listitem><para>encrypt passwords (enabled by default) </para></listitem> @@ -314,7 +314,7 @@ complete descriptions of new or modified parameters. <para> This section contains brief descriptions of any new databases - introduced in Samba-3. Please remember to backup your existing + introduced in Samba-3. Please remember to back up your existing ${lock directory}/*tdb before upgrading to Samba-3. Samba will upgrade databases as they are opened (if necessary), but downgrading from 3.0 to 2.2 is an unsupported path. @@ -355,7 +355,7 @@ complete descriptions of new or modified parameters. </row> <row> <entry>idmap</entry> - <entry><para>new ID map table from SIDS to UNIX UIDs/GIDs</para></entry> + <entry><para>New ID map table from SIDS to UNIX UIDs/GIDs</para></entry> <entry>yes</entry> </row> <row> @@ -371,15 +371,14 @@ complete descriptions of new or modified parameters. </row> <row> <entry>printing/*.tdb</entry> - <entry><para>Cached output from `lpq command' created on a per print - service basis</para></entry> + <entry><para>Cached output from lpq command created on a per-print-service basis</para></entry> <entry>no</entry> </row> <row> <entry>registry</entry> <entry><para>Read-only Samba registry skeleton that provides support for - exporting various db tables via the winreg RPCs</para></entry> + exporting various database tables via the winreg RPCs</para></entry> <entry>no</entry> </row> </tbody> @@ -400,15 +399,15 @@ complete descriptions of new or modified parameters. <listitem><para> When operating as a member of a Windows domain, Samba-2.2 would map any users authenticated by the remote DC to the <quote>guest account</quote> - if a uid could not be obtained via the getpwnam() call. Samba-3 + if a UID could not be obtained via the getpwnam() call. Samba-3 rejects the connection as <?latex \linebreak ?>NT_STATUS_LOGON_FAILURE. There is no - current work around to re-establish the Samba-2.2 behavior. + current workaround to re-establish the Samba-2.2 behavior. </para></listitem> <listitem><para> When adding machines to a Samba-2.2 controlled domain, the <quote>add user script</quote> was used to create the UNIX identity of the - Machine Trust Account. Samba-3 introduces a new <quote>add machine + machine trust account. Samba-3 introduces a new <quote>add machine script</quote> that must be specified for this purpose. Samba-3 will not fall back to using the <quote>add user script</quote> in the absence of an <quote>add machine script</quote>. @@ -447,7 +446,7 @@ complete descriptions of new or modified parameters. storage backends (<smbconfoption name="passdb backend"/>). Please refer to the &smb.conf; - man page and <link linkend="passdb">Account Information Databases</link>, for details. While both parameters assume sane default + man page and Chapter 10, <link linkend="passdb">Account Information Databases</link>, for details. While both parameters assume sane default values, it is likely that you will need to understand what the values actually mean in order to ensure Samba operates correctly. </para> @@ -455,7 +454,7 @@ complete descriptions of new or modified parameters. <para> <indexterm><primary>pdbedit</primary></indexterm> Certain functions of the <command>smbpasswd</command> tool have been split between the - new <command>smbpasswd</command> utility, the <command>net</command> tool and the new <command>pdbedit</command> + new <command>smbpasswd</command> utility, the <command>net</command> tool, and the new <command>pdbedit</command> utility. See the respective man pages for details. </para> @@ -473,7 +472,7 @@ complete descriptions of new or modified parameters. <para> A new object class (sambaSamAccount) has been introduced to replace - the old sambaAccount. This change aids us in the renaming of attributes + the old sambaAccount. This change aids in the renaming of attributes to prevent clashes with attributes from other vendors. There is a conversion script (examples/LDAP/convertSambaAccount) to modify an LDIF file to the new schema. @@ -496,7 +495,7 @@ complete descriptions of new or modified parameters. </para> <para> - Under Samba-2.x the Domain SID can be obtained by executing: + Under Samba-2.x the domain SID can be obtained by executing: <screen> &prompt;<userinput>smbpasswd -S <DOMAINNAME></userinput> </screen> @@ -558,21 +557,21 @@ complete descriptions of new or modified parameters. <itemizedlist> <listitem><para>ldap suffix &smbmdash; used to search for user and computer accounts.</para></listitem> <listitem><para>ldap user suffix &smbmdash; used to store user accounts.</para></listitem> - <listitem><para>ldap machine suffix &smbmdash; used to store Machine Trust Accounts.</para></listitem> + <listitem><para>ldap machine suffix &smbmdash; used to store machine trust accounts.</para></listitem> <listitem><para>ldap group suffix &smbmdash; location of posixGroup/sambaGroupMapping entries.</para></listitem> <listitem><para>ldap idmap suffix &smbmdash; location of sambaIdmapEntry objects.</para></listitem> </itemizedlist> <para> If an <parameter>ldap suffix</parameter> is defined, it will be appended to all of the - remaining sub-suffix parameters. In this case, the order of the suffix + remaining subsuffix parameters. In this case, the order of the suffix listings in smb.conf is important. Always place the <parameter>ldap suffix</parameter> first in the list. </para> <para> Due to a limitation in Samba's &smb.conf; parsing, you should not surround - the DNs with quotation marks. + the domain names with quotation marks. </para> </sect3> @@ -581,9 +580,9 @@ complete descriptions of new or modified parameters. <title>IdMap LDAP Support</title> <para> - Samba-3 supports an ldap backend for the idmap subsystem. The + Samba-3 supports an LDAP backend for the idmap subsystem. The following options inform Samba that the idmap table should be - stored on the directory server onterose in the "ou=idmap,dc=quenya,dc=org" partition. + stored on the directory server <emphasis>onterose</emphasis> in the ou=idmap,dc=quenya,dc=org partition. </para> <smbconfblock> |