diff options
author | cvs2svn Import User <samba-bugs@samba.org> | 2003-05-01 11:47:49 +0000 |
---|---|---|
committer | cvs2svn Import User <samba-bugs@samba.org> | 2003-05-01 11:47:49 +0000 |
commit | 67ce764d69b13203d9bd73e055e22f71dfebdba6 (patch) | |
tree | 6d54dcff5cb7ebd51c63b2dde77ea52a090afe5f /docs/docbook/faq | |
parent | bac83636a5993dbcd1c0beefd628044771603523 (diff) | |
parent | 75cace04fdcb672cc6c3c3ec8403206f2b222c50 (diff) | |
download | samba-67ce764d69b13203d9bd73e055e22f71dfebdba6.tar.gz samba-67ce764d69b13203d9bd73e055e22f71dfebdba6.tar.bz2 samba-67ce764d69b13203d9bd73e055e22f71dfebdba6.zip |
This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to be commit a1ffe2a29c0e6be54af09d6647b7f54369d75a1e)
Diffstat (limited to 'docs/docbook/faq')
-rw-r--r-- | docs/docbook/faq/clientapp.xml | 101 | ||||
-rw-r--r-- | docs/docbook/faq/config.xml | 37 | ||||
-rw-r--r-- | docs/docbook/faq/errors.xml | 176 | ||||
-rw-r--r-- | docs/docbook/faq/features.xml | 374 | ||||
-rw-r--r-- | docs/docbook/faq/general.xml | 131 | ||||
-rw-r--r-- | docs/docbook/faq/install.xml | 333 | ||||
-rw-r--r-- | docs/docbook/faq/printing.xml | 38 | ||||
-rw-r--r-- | docs/docbook/faq/sambafaq.xml | 42 |
8 files changed, 1232 insertions, 0 deletions
diff --git a/docs/docbook/faq/clientapp.xml b/docs/docbook/faq/clientapp.xml new file mode 100644 index 0000000000..3d44dd44c0 --- /dev/null +++ b/docs/docbook/faq/clientapp.xml @@ -0,0 +1,101 @@ +<chapter id="FAQ-ClientApp"> +<title>Specific client application problems</title> + +<sect1> +<title>MS Office Setup reports "Cannot change properties of '\\MSOFFICE\\SETUP.INI'"</title> +<para> +When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation. +</para> + +<para> +To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing. +</para> + +<para> +Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner. +</para> + +</sect1> + +<sect1> +<title>How to use a Samba share as an administrative share for MS Office, etc.</title> + +<para> +Microsoft Office products can be installed as an administrative installation +from which the application can either be run off the administratively installed +product that resides on a shared resource, or from which that product can be +installed onto workstation clients. +</para> + +<para> +The general mechanism for implementing an adminstrative installation involves +running <command>X:\setup /A</command>, where X is the drive letter of either CDROM or floppy. +</para> + +<para> +This installation process will NOT install the product for use per se, but +rather results in unpacking of the compressed distribution files into a target +shared folder. For this process you need write privilidge to the share and it +is desirable to enable file locking and share mode operation during this +process. +</para> + +<para> +Subsequent installation of MS Office from this share will FAIL unless certain +precautions are taken. This failure will be caused by share mode operation +which will prevent the MS Office installation process from re-opening various +dynamic link library files and will cause sporadic file not found problems. +</para> + +<itemizedlist> +<listitem><para> +As soon as the administrative installation (unpacking) has completed +set the following parameters on the share containing it: +</para> + +<para><programlisting> +[MSOP95] + path = /where_you_put_it + comment = Your comment + volume = "The_CD_ROM_Label" + read only = yes + available = yes + share modes = no + locking = no + browseable = yes + public = yes +</programlisting></para> + +</listitem> + +<listitem> +<para>Now you are ready to run the setup program from the Microsoft Windows +workstation as follows: <command>\\"Server_Name"\MSOP95\msoffice\setup</command> +</para> +</listitem> +</itemizedlist> + +</sect1> + +<sect1> +<title>Microsoft Access database opening errors</title> + +<para> +Here are some notes on running MS-Access on a Samba drive from <ulink url="stefank@esi.com.au">Stefan Kjellberg</ulink> +</para> + +<para><simplelist> +<member>Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.</member> +<member>Make sure that you open the database as 'shared' and to 'lock modified records'</member> +<member>Of course locking must be enabled for the particular share (smb.conf)</member> +</simplelist> +</para> + +</sect1> +</chapter> diff --git a/docs/docbook/faq/config.xml b/docs/docbook/faq/config.xml new file mode 100644 index 0000000000..2c17c86c4e --- /dev/null +++ b/docs/docbook/faq/config.xml @@ -0,0 +1,37 @@ +<chapter id="FAQ-Config"> +<title>Configuration problems</title> + +<sect1> +<title>I have set 'force user' and samba still makes 'root' the owner of all the files I touch!</title> +<para> +When you have a user in 'admin users', samba will always do file operations for +this user as 'root', even if 'force user' has been set. +</para> +</sect1> + +<sect1> +<title>I have just installed samba and I'm trying to log in from Windows, but samba refuses all logins!</title> + +<para> +Newer windows clients(NT4, 2000, XP) send encrypted passwords. Samba can't compare these +passwords to the unix password database, so it needs it's own user database. You can +add users to this database using "smbpasswd -a user-name". +</para> + +<para> +See also the "User database" chapter of the samba HOWTO Collection. +</para> +</sect1> + +<sect1> +<title>How can I make samba use netbios scope ID's</title> + +<para>By default Samba uses a blank scope ID. This means +all your windows boxes must also have a blank scope ID. +If you really want to use a non-blank scope ID then you will +need to use the 'netbios scope' smb.conf option. +All your PCs will need to have the same setting for +this to work. Scope ID's are not recommended.</para> +</sect1> + +</chapter> diff --git a/docs/docbook/faq/errors.xml b/docs/docbook/faq/errors.xml new file mode 100644 index 0000000000..97619ce704 --- /dev/null +++ b/docs/docbook/faq/errors.xml @@ -0,0 +1,176 @@ +<chapter id="FAQ-errors"> + +<title>Common errors</title> + +<sect1> +<title>Not listening for calling name</title> + +<para> +<programlisting> +Session request failed (131,129) with myname=HOBBES destname=CALVIN +Not listening for calling name +</programlisting> +</para> + +<para> +If you get this when talking to a Samba box then it means that your +global "hosts allow" or "hosts deny" settings are causing the Samba +server to refuse the connection. +</para> + +<para> +Look carefully at your "hosts allow" and "hosts deny" lines in the +global section of smb.conf. +</para> + +<para> +It can also be a problem with reverse DNS lookups not functioning +correctly, leading to the remote host identity not being able to +be confirmed, but that is less likely. +</para> +</sect1> + +<sect1> +<title>System Error 1240</title> + +<para> +System error 1240 means that the client is refusing to talk +to a non-encrypting server. Microsoft changed WinNT in service +pack 3 to refuse to connect to servers that do not support +SMB password encryption. +</para> + +<para>There are two main solutions: +<simplelist> +<member>enable SMB password encryption in Samba. See the encryption part of +the samba HOWTO Collection</member> + +<member>disable this new behaviour in NT. See the section about +Windows NT in the chapter "Portability" of the samba HOWTO collection +</member> +</simplelist> +</para> +</sect1> + +<sect1> +<title>smbclient ignores -N !</title> + +<para> +<quote>When getting the list of shares available on a host using the command +<command>smbclient -N -L</command> +the program always prompts for the password if the server is a Samba server. +It also ignores the "-N" argument when querying some (but not all) of our +NT servers. +</quote> +</para> +<para> +No, it does not ignore -N, it is just that your server rejected the +null password in the connection, so smbclient prompts for a password +to try again. +</para> + +<para> +To get the behaviour that you probably want use <command>smbclient -L host -U%</command> +</para> + +<para> +This will set both the username and password to null, which is +an anonymous login for SMB. Using -N would only set the password +to null, and this is not accepted as an anonymous login for most +SMB servers. +</para> + +</sect1> + +<sect1> +<title>The data on the CD-Drive I've shared seems to be corrupted!</title> + +<para> +Some OSes (notably Linux) default to auto detection of file type on +cdroms and do cr/lf translation. This is a very bad idea when use with +Samba. It causes all sorts of stuff ups. +</para> + +<para> +To overcome this problem use conv=binary when mounting the cdrom +before exporting it with Samba. +</para> + +</sect1> + +<sect1> +<title>Why can users access home directories of other users?</title> + +<para> +<quote> +We are unable to keep individual users from mapping to any other user's +home directory once they have supplied a valid password! They only need +to enter their own password. I have not found *any* method that I can +use to configure samba to enforce that only a user may map their own +home directory. +</quote> +</para> + +<para><quote> +User xyzzy can map his home directory. Once mapped user xyzzy can also map +*anyone* elses home directory! +</quote></para> + +<para> +This is not a security flaw, it is by design. Samba allows +users to have *exactly* the same access to the UNIX filesystem +as they would if they were logged onto the UNIX box, except +that it only allows such views onto the file system as are +allowed by the defined shares. +</para> + +<para> +This means that if your UNIX home directories are set up +such that one user can happily cd into another users +directory and do an ls, the UNIX security solution is to +change the UNIX file permissions on the users home directories +such that the cd and ls would be denied. +</para> + +<para> +Samba tries very hard not to second guess the UNIX administrators +security policies, and trusts the UNIX admin to set +the policies and permissions he or she desires. +</para> + +<para> +Samba does allow the setup you require when you have set the +"only user = yes" option on the share, is that you have not set the +valid users list for the share. +</para> + +<para> +Note that only user works in conjunction with the users= list, +so to get the behavior you require, add the line : +<programlisting> +users = %S +</programlisting> +this is equivalent to: +<programlisting> +valid users = %S +</programlisting> +to the definition of the [homes] share, as recommended in +the smb.conf man page. +</para> + +</sect1> + +<sect1> +<title>Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</title> +<para> +A domain controller has to announce on the network who it is. This usually takes a while. +</para> +</sect1> + +<sect1> +<title>I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</title> +<para>Your loopback device isn't working correctly. Make sure it's running. +</para> +</sect1> + +</chapter> diff --git a/docs/docbook/faq/features.xml b/docs/docbook/faq/features.xml new file mode 100644 index 0000000000..66b05379cc --- /dev/null +++ b/docs/docbook/faq/features.xml @@ -0,0 +1,374 @@ +<chapter id="FAQ-features"> + +<title>Features</title> + +<sect1> +<title>How can I prevent my samba server from being used to distribute the Nimda worm?</title> + +<para>Author: HASEGAWA Yosuke (translated by <ulink url="monyo@samba.gr.jp">TAKAHASHI Motonobu</ulink>)</para> + +<para> +Nimba Worm is infected through shared disks on a network, as well as through +Microsoft IIS, Internet Explorer and mailer of Outlook series. +</para> + +<para> +At this time, the worm copies itself by the name *.nws and *.eml on +the shared disk, moreover, by the name of Riched20.dll in the folder +where *.doc file is included. +</para> + +<para> +To prevent infection through the shared disk offered by Samba, set +up as follows: +</para> + +<para> +<programlisting> +[global] + ... + # This can break Administration installations of Office2k. + # in that case, don't veto the riched20.dll + veto files = /*.eml/*.nws/riched20.dll/ +</programlisting> +</para> + +<para> +By setting the "veto files" parameter, matched files on the Samba +server are completely hidden from the clients and making it impossible +to access them at all. +</para> + +<para> +In addition to it, the following setting is also pointed out by the +samba-jp:09448 thread: when the +"readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on +a Samba server, it is visible only as "readme.txt" and dangerous +code may be executed if this file is double-clicked. +</para> + +<para> +Setting the following, +<programlisting> + veto files = /*.{*}/ +</programlisting> +any files having CLSID in its file extension will be inaccessible from any +clients. +</para> + +<para> +This technical article is created based on the discussion of +samba-jp:09448 and samba-jp:10900 threads. +</para> +</sect1> + +<sect1> +<title>How can I use samba as a fax server?</title> + +<para>Contributor: <ulink url="mailto:zuber@berlin.snafu.de">Gerhard Zuber</ulink></para> + +<para>Requirements: +<simplelist> +<member>UNIX box (Linux preferred) with SAMBA and a faxmodem</member> +<member>ghostscript package</member> +<member>mgetty+sendfax package</member> +<member>pbm package (portable bitmap tools)</member> +</simplelist> +</para> + +<para>First, install and configure the required packages. Be sure to read the mgetty+sendfax +manual carefully.</para> + +<sect2> +<title>Tools for printing faxes</title> + +<para>Your incomed faxes are in: +<filename>/var/spool/fax/incoming</filename>. Print it with:</para> + +<para><programlisting> +for i in * +do +g3cat $i | g3tolj | lpr -P hp +done +</programlisting> +</para> + +<para> +g3cat is in the tools-section, g3tolj is in the contrib-section +for printing to HP lasers. +</para> + +<para> +If you want to produce files for displaying and printing with Windows, use +some tools from the pbm-package like the following command: <command>g3cat $i | g3topbm - | ppmtopcx - >$i.pcx</command> +and view it with your favourite Windows tool (maybe paintbrush) +</para> + +</sect2> + +<sect2> +<title>Making the fax-server</title> + +<para>fetch the file <filename>mgetty+sendfax/frontends/winword/faxfilter</filename> and place it in <filename>/usr/local/etc/mgetty+sendfax/</filename>(replace /usr/local/ with whatever place you installed mgetty+sendfax)</para> + +<para>prepare your faxspool file as mentioned in this file +edit fax/faxspool.in and reinstall or change the final +/usr/local/bin/faxspool too. +</para> + +<para><programlisting> +if [ "$user" = "root" -o "$user" = "fax" -o \ + "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ] +</programlisting></para> + +<para>find the first line and change it to the second.</para> + +<para> +make sure you have pbmtext (from the pbm-package). This is +needed for creating the small header line on each page. +</para> + +<para>Prepare your faxheader <filename>/usr/local/etc/mgetty+sendfax/faxheader</filename></para> + +<para> +Edit your /etc/printcap file: +<programlisting> +# FAX +lp3|fax:\ + :lp=/dev/null:\ + :sd=/usr/spool/lp3:\ + :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\ + :lf=/usr/spool/lp3/fax-log: +</programlisting></para> + +<para>Now, edit your <filename>smb.conf</filename> so you have a smb based printer named "fax"</para> + +</sect2> + +<sect2> +<title>Installing the client drivers</title> + +<para> +Now you have a printer called "fax" which can be used via +TCP/IP-printing (lpd-system) or via SAMBA (windows printing). +</para> + +<para> +On every system you are able to produce postscript-files you +are ready to fax. +</para> + +<para> +On Windows 3.1 95 and NT: +</para> + +<para> +Install a printer wich produces postscript output, + e.g. apple laserwriter +</para> + +<para>Connect the "fax" to your printer.</para> + +<para> +Now write your first fax. Use your favourite wordprocessor, +write, winword, notepad or whatever you want, and start +with the headerpage. +</para> + +<para> +Usually each fax has a header page. It carries your name, +your address, your phone/fax-number. +</para> + +<para> +It carries also the recipient, his address and his *** fax +number ***. Now here is the trick: +</para> + +<para> +Use the text: +<programlisting> +Fax-Nr: 123456789 +</programlisting> +as the recipients fax-number. Make sure this text does not +occur in regular text ! Make sure this text is not broken +by formatting information, e.g. format it as a single entity. +(Windows Write and Win95 Wordpad are functional, maybe newer + versions of Winword are breaking formatting information). +</para> + +<para> +The trick is that postscript output is human readable and +the faxfilter program scans the text for this pattern and +uses the found number as the fax-destination-number. +</para> + +<para> +Now print your fax through the fax-printer and it will be +queued for later transmission. Use faxrunq for sending the +queue out. +</para> + +</sect2> + +<sect2> +<title>Example smb.conf</title> + +<para><programlisting> +[global] + printcap name = /etc/printcap + print command = /usr/bin/lpr -r -P %p %s + lpq command = /usr/bin/lpq -P %p + lprm command = /usr/bin/lprm -P %p %j + +[fax] + comment = FAX (mgetty+sendfax) + path = /tmp + printable = yes + public = yes + writable = no + create mode = 0700 + browseable = yes + guest ok = no +</programlisting></para> + +</sect2> +</sect1> + +<sect1> +<title>Samba doesn't work well together with DHCP!</title> + +<para> +We wish to help those folks who wish to use the ISC DHCP Server and provide +sample configuration settings. Most operating systems today come ship with +the ISC DHCP Server. ISC DHCP is available from: +<ulink url="ftp://ftp.isc.org/isc/dhcp">ftp://ftp.isc.org/isc/dhcp</ulink> +</para> + +<para> +Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows +NT/2000) will lead to problems with browsing and with general network +operation. Windows 9X/ME users often report problems where the TCP/IP and related +network settings will inadvertantly become reset at machine start-up resulting +in loss of configuration settings. This results in increased maintenance +overheads as well as serious user frustration. +</para> + +<para> +In recent times users on one mailing list incorrectly attributed the cause of +network operating problems to incorrect configuration of Samba. +</para> + +<para> +One user insisted that the only way to provent Windows95 from periodically +performing a full system reset and hardware detection process on start-up was +to install the NetBEUI protocol in addition to TCP/IP. This assertion is not +correct. +</para> + +<para> +In the first place, there is NO need for NetBEUI. All Microsoft Windows clients +natively run NetBIOS over TCP/IP, and that is the only protocol that is +recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will +cause problems with browse list operation on most networks. Even Windows NT +networks experience these problems when incorrectly configured Windows95 +systems share the same name space. It is important that only those protocols +that are strictly needed for site specific reasons should EVER be installed. +</para> + +<para> +Secondly, and totally against common opinion, DHCP is NOT an evil design but is +an extension of the BOOTP protocol that has been in use in Unix environments +for many years without any of the melt-down problems that some sensationalists +would have us believe can be experienced with DHCP. In fact, DHCP in covered by +rfc1541 and is a very safe method of keeping an MS Windows desktop environment +under control and for ensuring stable network operation. +</para> + +<para> +Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95 +store all network configuration settings a registry. There are a few reports +from MS Windows network administrators that warrant mention here. It would appear +that when one sets certain MS TCP/IP protocol settings (either directly or via +DHCP) that these do get written to the registry. Even though a subsequent +change of setting may occur the old value may persist in the registry. This +has been known to create serious networking problems. +</para> + +<para> +An example of this occurs when a manual TCP/IP environment is configured to +include a NetBIOS Scope. In this event, when the administrator then changes the +configuration of the MS TCP/IP protocol stack, without first deleting the +current settings, by simply checking the box to configure the MS TCP/IP stack +via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be +applied to the resulting DHCP offered settings UNLESS the DHCP server also sets +a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS +Scope from your DHCP server. The can be done in the dhcpd.conf file with the +parameter: +<command>option netbios-scope "";</command> +</para> + +<para> +While it is true that the Microsoft DHCP server that comes with Windows NT +Server provides only a sub-set of rfc1533 functionality this is hardly an issue +in those sites that already have a large investment and commitment to Unix +systems and technologies. The current state of the art of the DHCP Server +specification in covered in rfc2132. +</para> + +</sect1> + +<sect1> +<title>How can I assign NetBIOS names to clients with DHCP?</title> + +<para> +SMB network clients need to be configured so that all standard TCP/IP name to +address resolution works correctly. Once this has been achieved the SMB +environment provides additional tools and services that act as helper agents in +the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One +such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it +in their Windows NT Server implementation WINS (Windows Internet Name Server). +</para> + +<para> +A client needs to be configured so that it has a unique Machine (Computer) +Name. +</para> + +<para> +This can be done, but needs a few NT registry hacks and you need to be able to +speak UNICODE, which is of course no problem for a True Wizzard(tm) :) +Instructions on how to do this (including a small util for less capable +Wizzards) can be found at +</para> + +<para><ulink url="http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html">http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html</ulink></para> + +</sect1> + +<sect1> +<title>How do I convert between unix and dos text formats?</title> + +<para> +Jim barry has written an <ulink url="ftp://samba.org/pub/samba/contributed/fixcrlf.zip"> +excellent drag-and-drop cr/lf converter for +windows</ulink>. Just drag your file onto the icon and it converts the file. +</para> + +<para> +The utilities unix2dos and dos2unix(in the mtools package) should do +the job under unix. +</para> + +</sect1> + +<sect1> +<title>Does samba have wins replication support?</title> + +<para> +At the time of writing there is currently being worked on a wins replication implementation(wrepld). +</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/faq/general.xml b/docs/docbook/faq/general.xml new file mode 100644 index 0000000000..54c620b382 --- /dev/null +++ b/docs/docbook/faq/general.xml @@ -0,0 +1,131 @@ +<chapter id="FAQ-general"> +<title>General Information</title> + +<sect1> +<title>Where can I get it?</title> +<para> +The Samba suite is available at the <ulink url="http://samba.org/">samba website</ulink>. +</para> +</sect1> + +<sect1> +<title>What do the version numbers mean?</title> +<para> +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases. +</para> + +<para> +How the scheme works: +<simplelist> +<member>When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.)</member> + +<member>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install.</member> + +<member>When the release manager, currently Jerry, thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16.</member> + +<member>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2.</member> +</simplelist> +</para> + +<para> +So the progression goes: + +<programlisting> +1.9.15p7 (production) +1.9.15p8 (production) +1.9.16alpha1 (test sites only) +: +1.9.16alpha20 (test sites only) +1.9.16 (production) +1.9.16p1 (production) +</programlisting> +</para> + +<para> +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version. +</para> + +</sect1> + +<sect1> +<title>What platforms are supported?</title> +<para> +Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS.</para> + +<para> +At time of writing, there is support (or has been support for in earlier +versions): +</para> + +<simplelist> +<member>A/UX 3.0</member> +<member>AIX</member> +<member>Altos Series 386/1000</member> +<member>Amiga</member> +<member>Apollo Domain/OS sr10.3</member> +<member>BSDI </member> +<member>B.O.S. (Bull Operating System)</member> +<member>Cray, Unicos 8.0</member> +<member>Convex</member> +<member>DGUX. </member> +<member>DNIX.</member> +<member>FreeBSD</member> +<member>HP-UX</member> +<member>Intergraph. </member> +<member>Linux with/without shadow passwords and quota</member> +<member>LYNX 2.3.0</member> +<member>MachTen (a unix like system for Macintoshes)</member> +<member>Motorola 88xxx/9xx range of machines</member> +<member>NetBSD</member> +<member>NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</member> +<member>OS/2 using EMX 0.9b</member> +<member>OSF1</member> +<member>QNX 4.22</member> +<member>RiscIX. </member> +<member>RISCOs 5.0B</member> +<member>SEQUENT. </member> +<member>SCO (including: 3.2v2, European dist., OpenServer 5)</member> +<member>SGI.</member> +<member>SMP_DC.OSx v1.1-94c079 on Pyramid S series</member> +<member>SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</member> +<member>SUNOS 4</member> +<member>SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</member> +<member>Sunsoft ISC SVR3V4</member> +<member>SVR4</member> +<member>System V with some berkely extensions (Motorola 88k R32V3.2).</member> +<member>ULTRIX.</member> +<member>UNIXWARE</member> +<member>UXP/DS</member> +</simplelist> + +</sect1> + +<sect1> +<title>How do I subscribe to the Samba Mailing Lists?</title> +<para> +Look at <ulink url="http://samba.org/samba/archives.html">the samba mailing list page</ulink> +</para> +</sect1> + +</chapter> diff --git a/docs/docbook/faq/install.xml b/docs/docbook/faq/install.xml new file mode 100644 index 0000000000..f8341dc65a --- /dev/null +++ b/docs/docbook/faq/install.xml @@ -0,0 +1,333 @@ +<chapter id="FAQ-Install"> +<title>Compiling and installing Samba on a Unix host</title> + +<sect1> +<title>I can't see the Samba server in any browse lists!</title> +<para> +See Browsing.html in the docs directory of the samba source +for more information on browsing. +</para> + +<para> +If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<programlisting> + net use M: \\mary\fred +</programlisting> +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation. +</para> +</sect1> + +<sect1> +<title>Some files that I KNOW are on the server don't show up when I view the files from my client!</title> +<para>See the next question.</para> +</sect1> + +<sect1> +<title>Some files on the server show up with really wierd filenames when I view the files from my client!</title> +<para> +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason). +</para> + +<para> +The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes". +</para> +</sect1> + +<sect1> +<title>My client reports "cannot locate specified computer" or similar</title> +<para> +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved. +</para> + +<para> +After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution. +</para> + +<para> +If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Lan Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document. +</para> + +<para> +If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas. +</para> + +<para> +By the way, remember to REMOVE the hardcoded mapping before further +tests :-) +</para> + +</sect1> + +<sect1> +<title>My client reports "cannot locate specified share name" or similar</title> +<para> +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave. +</para> + +<para> +The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's docs on how +to specify a service name correctly), read on: +</para> + +<simplelist> +<member>Many clients cannot accept or use service names longer than eight characters.</member> +<member>Many clients cannot accept or use service names containing spaces.</member> +<member>Some servers (not Samba though) are case sensitive with service names.</member> +<member>Some clients force service names into upper case.</member> +</simplelist> +</sect1> + +<sect1> +<title>Printing doesn't work</title> +<para> +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr"). +</para> + +<para> +Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody". +</para> + +<para> +Make sure that the user specified in the service is permitted to use +the printer. +</para> + +<para> +Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol. +</para> + +<para> +If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug. +</para> + +<para> +If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism. +</para> +</sect1> + +<sect1> +<title>My client reports "This server is not configured to list shared resources"</title> +<para> +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. +</para> + +<para>See also 'guest account' in smb.conf man page.</para> + +</sect1> + +<sect1> +<title>Log message "you appear to have a trapdoor uid system" </title> +<para> +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. +</para> + +<para>It might also mean that your OS has a trapdoor uid/gid system :-)</para> + +<para> +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. +</para> + +<para> +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. +</para> + +<para> +Complain to your OS vendor and ask them to fix their system. +</para> + +<para> +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! +</para> + +</sect1> + +<sect1> +<title>Why are my file's timestamps off by an hour, or by a few hours?</title> +<para> +This is from Paul Eggert eggert@twinsun.com. +</para> + +<para> +Most likely it's a problem with your time zone settings. +</para> + +<para> +Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds. +</para> + +<para> +On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. +<simplelist> +<member>The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this.</member> +<member>The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.</member> +</simplelist> +</para> + +<para>TZ must have the correct value.</para> + +<para> +If possible, use geographical time zone settings +(e.g. TZ='America/Los_Angeles' or perhaps + TZ=':US/Pacific'). These are supported by most +popular Unix OSes, are easier to get right, and are +more accurate for historical timestamps. If your +operating system has out-of-date tables, you should be +able to update them from the public domain time zone +tables at <ulink url="ftp://elsie.nci.nih.gov/pub/">ftp://elsie.nci.nih.gov/pub/</ulink>. +</para> + +<para>If your system does not support geographical timezone +settings, you must use a Posix-style TZ strings, e.g. +TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. +Posix TZ strings can take the following form (with optional + items in brackets): +<programlisting> + StdOffset[Dst[Offset],Date/Time,Date/Time] +</programlisting> + where: +</para> + +<para><simplelist> +<member>`Std' is the standard time designation (e.g. `PST').</member> +<member>`Offset' is the number of hours behind UTC (e.g. `8'). +Prepend a `-' if you are ahead of UTC, and +append `:30' if you are at a half-hour offset. +Omit all the remaining items if you do not use +daylight-saving time.</member> + +<member>`Dst' is the daylight-saving time designation +(e.g. `PDT').</member> + +<member>The optional second `Offset' is the number of +hours that daylight-saving time is behind UTC. +The default is 1 hour ahead of standard time. +</member> + +<member>`Date/Time,Date/Time' specify when daylight-saving +time starts and ends. The format for a date is +`Mm.n.d', which specifies the dth day (0 is Sunday) +of the nth week of the mth month, where week 5 means +the last such day in the month. The format for a +time is [h]h[:mm[:ss]], using a 24-hour clock. +</member> + +</simplelist> +</para> + +<para> +Other Posix string formats are allowed but you don't want +to know about them.</para> + +<para> +On the client side, you must make sure that your client's clock and +time zone is also set appropriately. [[I don't know how to do this.]] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones. +</para> +</sect1> + +<sect1> +<title>How do I set the printer driver name correctly?</title> +<para>Question: +<quote> On NT, I opened "Printer Manager" and "Connect to Printer". + Enter ["\\ptdi270\ps1"] in the box of printer. I got the + following error message + </quote></para> + <para> + <programlisting> + You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. + </programlisting> + </para> + + <para>Answer:</para> + + <para>In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example:</para> +<para><programlisting> + printer driver = HP LaserJet 4L +</programlisting></para> +<para>With this, NT knows to use the right driver. You have to get this string +exactly right.</para> + +<para>To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box.</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/faq/printing.xml b/docs/docbook/faq/printing.xml new file mode 100644 index 0000000000..be2acbd905 --- /dev/null +++ b/docs/docbook/faq/printing.xml @@ -0,0 +1,38 @@ +<chapter id="FAQ-Printing"> +<!-- Kurt Pfeifle's HOWTO chapter on printing should make this obsolete --> +<chapterinfo> +<author> + <firstname>Ronan</firstname><surname>Waide</surname> +</author> +</chapterinfo> + +<title>Printing problems</title> + +<sect1> +<title>setdriver or cupsaddsmb failes</title> +<para> +setdriver expects the following setup: + +<simplelist> +<member>you are a printer admin, or root. this is the smb.conf printer admin group, not the Printer Operators group in NT. I've not tried the latter, but I don't believe it will work based on the current code.</member> +<member>printer admins has to be defined in [global]</member> +<member>upload the driver files to \\server\print$\w32x86 and win40 as appropriate. DON'T put them in the 0 or 2 subdirectories.</member> +<member>Make sure that the user you're connecting as is able to write to the print$ directories</member> +<member>Use adddriver (with appropriate parameters) to create the driver. note, this will not just update samba's notion of drivers, it will also move the files from the w32x86 and win40 directories to an appropriate subdirectory (based on driver version, I think, but not important enough for me to find out)</member> +<member>Use setdriver to associate the driver with a printer</member> +</simplelist> +</para> + +<para> +The setdriver call will fail if the printer doesn't already exist in +samba's view of the world. Either create the printer in cups and +restart samba, or create an add printer command (see smb.conf doco) +and use RPC calls to create a printer. NB the add printer command MUST +return a single line of text indicating which port the printer was +added on. If it doesn't, Samba won't reload the printer +definitions. Although samba doesn't really support the notion of +ports, suitable add printer command and enumport command settings can +allow you pretty good remote control of the samba printer setup. +</para> +</sect1> +</chapter> diff --git a/docs/docbook/faq/sambafaq.xml b/docs/docbook/faq/sambafaq.xml new file mode 100644 index 0000000000..d5dc3ae40f --- /dev/null +++ b/docs/docbook/faq/sambafaq.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE book SYSTEM "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ +<!ENTITY general SYSTEM "general.xml"> +<!ENTITY install SYSTEM "install.xml"> +<!ENTITY errors SYSTEM "errors.xml"> +<!ENTITY clientapp SYSTEM "clientapp.xml"> +<!ENTITY features SYSTEM "features.xml"> +<!ENTITY config SYSTEM "config.xml"> +<!ENTITY printing SYSTEM "printing.xml"> +]> + +<book id="Samba-FAQ"> +<title>Samba FAQ</title> + +<bookinfo> + <author><surname>Samba Team</surname></author> + <pubdate>October 2002</pubdate> +</bookinfo> + +<dedication> +<para> +This is the Frequently Asked Questions (FAQ) document for +Samba, the free and very popular SMB server product. An SMB server +allows file and printer connections from clients such as Windows, +OS/2, Linux and others. Current to version 3.0. Please send any +corrections to the samba documentation mailinglist at +<ulink url="mailto:samba-doc@samba.org">samba-doc@samba.org</ulink>. +This FAQ was based on the old Samba FAQ by Dan Shearer and Paul Blackman, +and the old samba text documents which were mostly written by John Terpstra. +</para> +</dedication> + +<toc/> + +&general; +&install; +&config; +&clientapp; +&errors; +&features; +&printing; +</book> |