More docs updates. Much more under way.

(This used to be commit ed6fd02ff806c7cda9fb05fe3b2bf96be164c1ec)

1 files changed, 125 insertions, 5 deletions

diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml
index 18fda67123..3c230a9110 100644
--- a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml
+++ b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml
@@ -12,23 +12,137 @@
         <pubdate>April 3 2003</pubdate>
 </chapterinfo>
 
-<title>Advanced Network Manangement Information</title>
+<title>Advanced Network Manangement</title>
+
+<para>
+This section attempts to document peripheral issues that are of great importance to network
+administrators who want to improve network resource access control, to automate the user
+environment, and to make their lives a little easier.
+</para>
 
 <sect1>
-<title>Remote Server Administration</title>
+<title>Configuring Samba Share Access Controls</title>
+
+<para>
+This section deals with how to configure Samba per share access control restrictions.
+By default samba sets no restrictions on the share itself. Restrictions on the share itself
+can be set on MS Windows NT4/200x/XP shares. This can be a very effective way to limit who can
+connect to a share. In the absence of specific restrictions the default setting is to allow
+the global user <emphasis>Everyone</emphasis> Full Control (ie: Full control, Change and Read).
+</para>
+
+<para>
+At this time Samba does NOT provide a tool for configuring access control setting on the Share
+itself. Samba does have the capacity to store and act on access control settings, but  the only
+way to create those settings is to use either the NT4 Server Manager or the Windows 200x MMC for
+Computer Management.
+</para>
+
+<para>
+Samba stores the per share access control settings in a file called <filename>share_info.tdb</filename>.
+The location of this file on your system will depend on how samba was compiled. The default location
+for samba's tdb files is under <filename>/usr/local/samba/var</filename>. If the <filename>tdbdump</filename>
+utility has been compiled and installed on your system then you can examine the contents of this file
+by: <filename>tdbdump share_info.tdb</filename>.
+</para>
+
+<sect2>
+<title>Share Permissions Management</title>
+
+<para>
+The best tool for the task is platform dependant. Choose the best tool for your environmemt.
+</para>
 
+<sect3>
+<title>Windows NT4 Workstation/Server</title>
+<para>
+The tool you need to use to manage share permissions on a Samba server is the NT Server Manager.
+Server Manager is shipped with Windows NT4 Server products but not with Windows NT4 Workstation.
+You can obtain the NT Server Manager for MS Windows NT4 Workstation from Microsoft - see details below.
+</para>
 
 <para>
-<emphasis>How do I get 'User Manager' and 'Server Manager'</emphasis>
+Instructions:
 </para>
 
+	<para>
+	Launch the NT4 Server Manager, click on the Samba server you want to administer, then from the menu
+	select Computer, then click on the Shared Directories entry.
+	</para>
+
+	<para>
+	Now click on the share that you wish to manage, then click on the Properties tab, next click on
+	the Permissions tab. Now you can Add or change access control settings as you wish.
+	</para>
+
+</sect3>
+
+<sect3>
+<title>Windows 200x/XP</title>
+
 <para>
-Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains',
+On MS Windows NT4/200x/XP system access control lists on the share itself are set using native
+tools, usually from filemanager. For example, in Windows 200x: right click on the shared folder,
+then select 'Sharing', then click on 'Permissions'. The default Windows NT4/200x permission allows
+<emphasis>Everyone</emphasis> Full Control on the Share.
+</para>
+
+<para>
+MS Windows 200x and later all comes with a tool called the 'Computer Management' snap-in for the
+Microsoft Management Console (MMC). This tool is located by clicking on <filename>Control Panel ->
+Administrative Tools -> Computer Management</filename>.
+</para>
+
+<para>
+Instructions:
+</para>
+	<para>
+	After launching the MMC with the Computer Management snap-in, click on the menu item 'Action',
+	select 'Connect to another computer'. If you are not logged onto a domain you will be prompted
+	to enter a domain login user identifier and a password. This will authenticate you to the domain.
+	If you where already logged in with administrative privilidge this step is not offered.
+	</para>
+
+	<para>
+	If the Samba server is not shown in the Select Computer box, then type in the name of the target
+	Samba server in the field 'Name:'. Now click on the [+] next to 'System Tools', then on the [+]
+	next to 'Shared Folders' in the left panel.
+	</para>
+
+	<para>
+	Now in the right panel, double-click on the share you wish to set access control permissions on.
+	Then click on the tab 'Share Permissions'. It is now possible to add access control entities
+	to the shared folder. Do NOT forget to set what type of access (full control, change, read) you
+	wish to assign for each entry.
+	</para>
+
+	<note>
+	<para>
+	Be careful. If you take away all permissions from the Everyone user without removing this user
+	then effectively no user will be able to access the share. This is a result of what is known as
+	ACL precidence. ie: Everyone with NO ACCESS means that MaryK who is part of the group Everyone
+	will have no access even if this user is given explicit full control access.
+	</para>
+	</note>
+
+</sect3>
+</sect2>
+</sect1>
+
+<sect1>
+<title>Remote Server Administration</title>
+
+<para>
+<emphasis>How do I get 'User Manager' and 'Server Manager'?</emphasis>
+</para>
+
+<para>
+Since I don't need to buy an NT4 Server, how do I get the 'User Manager for Domains',
 the 'Server Manager'?
 </para>
 
 <para>
-Microsoft distributes a version of these tools called nexus for installation on Windows 95
+Microsoft distributes a version of these tools called nexus for installation on Windows 9x / Me
 systems.  The tools set includes:
 </para>
 
@@ -52,6 +166,12 @@ from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ft
 </para>
 
 </sect1>
+<sect1>
+<title>Network Logon Script Magic</title>
+
+<para>
+Lots of blah blah here.
+</para>
 
 </chapter>