summaryrefslogtreecommitdiff
path: root/docs/Samba3-HOWTO
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2005-06-29 07:52:24 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:46:57 -0500
commit6713e84bba2c49ab2a199e23b85a63dc7bf477c6 (patch)
tree9d540949483a186198da92a1a4945e08f80eae37 /docs/Samba3-HOWTO
parentc5ae3a64863842960f42589a5ddc07755b4f6316 (diff)
downloadsamba-6713e84bba2c49ab2a199e23b85a63dc7bf477c6.tar.gz
samba-6713e84bba2c49ab2a199e23b85a63dc7bf477c6.tar.bz2
samba-6713e84bba2c49ab2a199e23b85a63dc7bf477c6.zip
Updates.
(This used to be commit 06167ba9122d52bcd07b2ceb0e73e013c28ad309)
Diffstat (limited to 'docs/Samba3-HOWTO')
-rw-r--r--docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml25
-rw-r--r--docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml13
-rw-r--r--docs/Samba3-HOWTO/TOSHARG-Support.xml135
-rw-r--r--docs/Samba3-HOWTO/index.xml2
4 files changed, 173 insertions, 2 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml b/docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml
index 99c6d53c66..a5d8824bb9 100644
--- a/docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml
+++ b/docs/Samba3-HOWTO/TOSHARG-PolicyMgmt.xml
@@ -348,6 +348,31 @@ here is incomplete &smbmdash; you are warned.
</note>
</sect3>
+
+ <sect3>
+ <title>Custom System Policy Templates</title>
+
+ <para>
+ Over the past year there has been a bit of talk regarding the creation of customized
+ templates for the Windows Sytem Policy Editor. A recent announcement on the Samba mailing
+ list is worthy of mention.
+ </para>
+
+ <para>
+ Mike Petersen has announced the availability of a template file he has created. This custom System Policy
+ Editor Template will allow you to successfully control Microsoft Windows Workstations from an SMB Server, such
+ as Samba. This template has been tested on a few networks, although if you find any problems with any of these
+ policies, or have any ideas for additional policies, let me know at mailto:mgpeter@pcc-services.com. This
+ Template includes many policies for Windows XP to allow it to behave better in a professional enviornment.
+ </para>
+
+ <para>
+ For further information please see the <ulink
+ url="http://www.pcc-services.com/custom_poledit.html">Petersen</ulink> Computer Consulting web site. There is
+ a download link for the template file.
+ </para>
+
+ </sect3>
</sect2>
</sect1>
diff --git a/docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml b/docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml
index a288167ea2..6a3aa33bba 100644
--- a/docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml
+++ b/docs/Samba3-HOWTO/TOSHARG-SecureLDAP.xml
@@ -8,6 +8,7 @@
<para>
<indexterm><primary>Transport Layer Seccurity, TLS</primary><secondary>Introduction</secondary></indexterm>
+<indexterm><primary>ACL</primary></indexterm>
Up until now, we have discussed the straight forward configuration of <trademark>OpenLDAP</trademark>,
with some advanced features such as ACLs. This does not however, deal with the fact that the network
transmissions are still in plain text. This is where <firstterm>Transport Layer Security (TLS)</firstterm>
@@ -15,18 +16,23 @@
</para>
<para>
+<indexterm><primary>RFC 2830</primary></indexterm>
<trademark>OpenLDAP</trademark> clients and servers are capable of using the Transport Layer Security (TLS)
framework to provide integrity and confidentiality protections in accordance with - <ulink
- url="http://rfc.net/rfc2830.html">RFC2830</ulink>; <emphasis>Lightweight Directory Access Protocol (v3):
+ url="http://rfc.net/rfc2830.html">RFC 2830</ulink>; <emphasis>Lightweight Directory Access Protocol (v3):
Extension for Transport Layer Security.</emphasis>
</para>
<para>
+<indexterm><primary>X.509 certificates</primary></indexterm>
TLS uses X.509 certificates. All servers are required to have valid certificates, whereas client certificates
are optional. We will only be discussing server certificates.
</para>
<tip><para>
+<indexterm><primary>DN</primary></indexterm>
+<indexterm><primary>CN</primary></indexterm>
+<indexterm><primary>FQDN</primary></indexterm>
The DN of a server certificate must use the CN attribute to name the server, and the CN must carry the
server's fully qualified domain name (FQDN). Additional alias names and wildcards may be present in the
<option>subjectAltName</option> certificate extension. More details on server certificate names are in <ulink
@@ -51,6 +57,7 @@
<title>Generating the Certificate Authority</title>
<para>
+<indexterm><primary>Certificate Authority</primary><see>CA</see></indexterm>
In order to create the relevant certificates, we need to become our own Certificate Authority (CA).
<footnote><para>We could however, get our generated server certificate signed by proper CAs, like <ulink
url="http://www.thawte.com/">Thawte</ulink> and <ulink url="http://www.verisign.com/">VeriSign</ulink>, which
@@ -59,6 +66,7 @@
</para>
<para>
+<indexterm><primary>OpenSSL</primary></indexterm>
We will be using the <ulink url="http://www.openssl.org">OpenSSL</ulink> <footnote><para>The downside to
making our own CA, is that the certificate is not automatically recognised by clients, like the commercial
ones are.</para></footnote> software for this, which is included with every great <trademark
@@ -233,7 +241,8 @@ X509v3 extensions:
F7:84:87:25:C4:E8:46:6D:0F:47:27:91:F0:16:E0:86:6A:EE:A3:CE
X509v3 Authority Key Identifier:
keyid:27:44:63:3A:CB:09:DC:B1:FF:32:CC:93:23:A4:F1:B4:D5:F0:7E:CC
- DirName:/C=AU/ST=NSW/L=Sydney/O=Abmas/OU=IT/CN=ldap.abmas.biz/emailAddress=support@abmas.biz
+ DirName:/C=AU/ST=NSW/L=Sydney/O=Abmas/OU=IT/
+ CN=ldap.abmas.biz/emailAddress=support@abmas.biz
serial:00
Certificate is to be certified until Mar 6 18:22:26 2006 EDT (365 days)
diff --git a/docs/Samba3-HOWTO/TOSHARG-Support.xml b/docs/Samba3-HOWTO/TOSHARG-Support.xml
new file mode 100644
index 0000000000..6028d198c5
--- /dev/null
+++ b/docs/Samba3-HOWTO/TOSHARG-Support.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+
+<chapter lang="en-US">
+<title>Samba Support</title>
+
+<para>
+<indexterm><primary>support</primary></indexterm>
+One of the most difficult to answer questions in the information technology industry is, <quote>What is
+support?</quote>. That question often irritates some folks, as much as common answers may annoy others.
+</para>
+
+<para>
+The most aggravating situation pertaining to support is typified when, as a Linux user, a call is made to
+an Internet service provider who, instead of listening to the problem to find a solution, blandly replies:
+<quote>Oh, Linux? We do not support Linux!</quote>. It has happened to me, and similar situations happen
+through-out the IT industry. Answers like that are designed to inform us that there are some customers
+that a business just does not want to deal with, and well may we feel the anguish of the rejection that
+is dished out.
+</para>
+
+<para>
+<indexterm><primary>support definition</primary></indexterm>
+One way to consider support is to view it as consisting of the right answer, in the right place,
+at the right time, no matter the situation. Support is all that it takes to take away pain, disruption,
+inconvenience, loss of productivity, disorientation, uncertainty, and real or perceived risk.
+</para>
+
+<para>
+One of the forces that has become a driving force for the adoption of open source software is the fact that
+many IT businesses have provided services that have perhaps failed to deliver what the customer expected, or
+that have been found wanting for other reasons.
+</para>
+
+<para>
+In recognition of the need for needs satisfaction as the primary experience an information technology user or
+consumer expects, the information provided in this chapter may help someone to avoid an unpleasant experience
+in respect of problem resolution.
+</para>
+
+<para>
+In the open source software arena there are two support options: free support and paid-for, or commercial,
+support.
+</para>
+
+ <sect1>
+ <title>Free Support</title>
+
+ <para>
+ Free support may be obtained from friends, colleagues, user groups, mailing lists, and interactive help
+ facilities such as chat rooms such as the Internet relay chat (IRC) channels that provide user
+ supported mutual assistance.
+ </para>
+
+ <para>
+ The Samba project maintains a mailing list that is commonly used to discuss solutions to Samba
+ deployments. Information regarding subscription to the Samba mailing list can be found on the
+ Samba <ulink url="https://lists.samba.org/mailman/">web</ulink> site. The public mailing list
+ that can be used to obtain free, user contributed, support is called the <literal>samba</literal>
+ list. The email address for this list is at <literal>mail:samba@samba.org</literal>.
+ </para>
+
+ <para>
+ Information regarding the Samba IRC channels may be found on the Samba <ulink
+ url="http://www.samba.org/samba.irc.html">IRC</ulink> web page.
+ </para>
+
+ <para>
+ As a general rule, it is considered poor net behavior to contact a Samba Team member directly
+ for free support. Most active members of the Samba Team work exceptionally long hours to assist
+ users who have demonstrated a qualified problem. Some team members may respond to direct email
+ or telephone contact, with requests for assistance, by requesting payment. A few of the Samba
+ Team members actually provide professional paid-for Samba support and it is therefore wise
+ to show appropriate discretion and reservation in all direct contact.
+ </para>
+
+ <para>
+ When you stumble across a Samba bug, often the quickest way to get it resolved is by posting
+ a bug <ulink url="https://bugzilla.samba.org/">report</ulink>. All such reports are mailed to
+ the responsible code maintainer for action. The better the report, and the more serious it is,
+ the sooner it will be dealt with. On the other hand, if the responsible person can not duplicate
+ the reported bug it is likely to be rejected. It is up to you to provide sufficient information
+ that will permit the problem to be reproduced.
+ </para>
+
+ <para>
+ We all recognize that sometimes free support does not provide the answer that is sought within
+ the time-frame required. At other times the problem is elusive and you may lack the experience
+ necessary to isolate the problem and thus to resolve it. This is a situation where is may be
+ prudent to purchase paid-for support.
+ </para>
+
+ </sect1>
+
+ <sect1>
+ <title>Commercial Support</title>
+
+ <para>
+ There are six basic support oriented services that are most commonly sought by Samba sites:
+ </para>
+
+ <itemizedlist>
+ <listitem><para>Assistance with network design</para></listitem>
+ <listitem><para>Staff Training</para></listitem>
+ <listitem><para>Assistance with Samba network deployment and installation</para></listitem>
+ <listitem><para>Priority telephone or email Samba configuration assistance</para></listitem>
+ <listitem><para>Trouble-shooting and diagnostic assistance</para></listitem>
+ <listitem><para>Provision of quality assured ready-to-install Samba binary packages</para></listitem>
+ </itemizedlist>
+
+ <para>
+ Information regarding companies that provide professional Samba support can be obtained by performing
+ a Google search, as well as by reference to the Samba
+ <ulink url="http://www.samba.org/samba/support.html">Support</ulink> web page. Companies who notify
+ the Samba Team that they provide commercial support are given a free listing that is sorted by the country
+ of origin. Multiple listings are permitted, however no guarantee is offered. It is left to you to qualify a
+ support provider and to satisfy yourself that both the company and its staff are able to deliver what is
+ required of them. </para>
+
+ <para>
+ In deference to the policy within the Samba Team to treat all commercial support providers equally
+ and to show no preference, Samba Team members who provide commercial support are lumped in with
+ everyone else. You are encouraged to obtain the services needed from a company in your local area.
+ The open source movement is pro-community, so do what you can to help a local business to prosper.
+ </para>
+
+ <para>
+ Open source software support can be found in any quality, at any price and in any place you can
+ to obtain it. Over 180 companies around the world provide Samba support, there is no excuse for
+ suffering in the mistaken belief that Samba is unsupported software &smbmdash; it is supported.
+ </para>
+
+ </sect1>
+
+</chapter>
diff --git a/docs/Samba3-HOWTO/index.xml b/docs/Samba3-HOWTO/index.xml
index 3976afb2ae..5404639325 100644
--- a/docs/Samba3-HOWTO/index.xml
+++ b/docs/Samba3-HOWTO/index.xml
@@ -157,6 +157,8 @@ The chapters in this part each cover specific Samba features.
<xi:include href="TOSHARG-Portability.xml"/>
<xi:include href="TOSHARG-Other-Clients.xml"/>
<xi:include href="TOSHARG-Speed.xml"/>
+ <xi:include href="TOSHARG-SecureLDAP.xml"/>
+ <xi:include href="TOSHARG-Support.xml"/>
<xi:include href="TOSHARG-DNS-DHCP-Configuration.xml"/>
<!-- Comment out the following line to include the manpages.