summaryrefslogtreecommitdiff
path: root/docs/faq/Samba-meta-FAQ.txt
diff options
context:
space:
mode:
authorSamba Release Account <samba-bugs@samba.org>1997-08-26 01:43:28 +0000
committerSamba Release Account <samba-bugs@samba.org>1997-08-26 01:43:28 +0000
commit1cc8103fd6508e0b710ef8e119bf71d7de65f9d9 (patch)
treec0809353d4f8a1d2a2cdfd754d17999edfcf9e58 /docs/faq/Samba-meta-FAQ.txt
parentbede27be4e8e16859de1d7e878e9d674571237c0 (diff)
downloadsamba-1cc8103fd6508e0b710ef8e119bf71d7de65f9d9.tar.gz
samba-1cc8103fd6508e0b710ef8e119bf71d7de65f9d9.tar.bz2
samba-1cc8103fd6508e0b710ef8e119bf71d7de65f9d9.zip
Added draft cversions of the new Samba doco. Dan.
(This used to be commit b5983092a6e63118564c6d1460b522ea8ef02c3a)
Diffstat (limited to 'docs/faq/Samba-meta-FAQ.txt')
-rw-r--r--docs/faq/Samba-meta-FAQ.txt719
1 files changed, 719 insertions, 0 deletions
diff --git a/docs/faq/Samba-meta-FAQ.txt b/docs/faq/Samba-meta-FAQ.txt
new file mode 100644
index 0000000000..967dceac8d
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ.txt
@@ -0,0 +1,719 @@
+ Samba meta FAQ
+ Dan Shearer & Paul Blackman, ictinus@lake.canberra.edu.au
+ v 0.1, 23 Aug '97
+
+ This is the meta-Frequently Asked Questions (FAQ) document for Samba,
+ the free and very popular SMB and CIFS server product. It contains
+ overview information for the Samba suite of programs, a quick-start
+ guide, and pointers to all other Samba documentation. Other FAQs exist
+ for specific client and server issues, and HOWTO documents for more
+ extended topics to do with Samba software. Current to version Samba
+ 1.9.17. Please send any corrections to the author.
+ ______________________________________________________________________
+
+ Table of Contents:
+
+ 1. Quick Reference Guides to Samba Documentation
+
+ 1.1. Samba for the Impatient
+
+ 1.2. All Samba Documentation
+
+ 2. General Information
+
+ 2.1. What is Samba?
+
+ 2.2. What is the current version of Samba?
+
+ 2.3. Where can I get it?
+
+ 2.4. What do the version numbers mean?
+
+ 2.5. Where can I go for further information?
+
+ 2.6. How do I subscribe to the Samba Mailing Lists?
+
+ 2.7. Something's gone wrong - what should I do?
+
+ 2.8. How do I submit patches or bug reports?
+
+ 2.9. What if I have an URGENT message for the developers?
+
+ 2.10. What if I need paid-for support?
+
+ 2.11. Pizza supply details
+
+ 3. About CIFS and SMB
+
+ 3.1. What is the Server Message Block (SMB) Protocol?
+
+ 3.2. What is the Common Internet Filesystem (CIFS)?
+
+ 3.3. What is Browsing?
+
+ 4. Designing A SMB and CIFS Network
+
+ 4.1. Workgroups, Browsing Domains and Authentication Domains
+
+ 4.1.1. Defining the Terms
+
+ 4.1.2. Sharelevel (Workgroup) Security Services
+
+ 4.1.3. Authentication Domain Mode Services
+
+ 4.2. Authentication Schemes
+
+ 4.2.1. Workgroup Mode Services
+
+ 4.2.2. Windows NT-Style Domain
+
+ 4.2.3. NIS
+
+ 4.2.4. Kerberos
+
+ 4.2.5. FTP
+
+ 4.2.6. Default Server Method
+
+ 4.2.7. Client-side Database Only
+
+ 4.3. Post-Authentication: Netlogon, Logon Scripts, Profiles
+
+ 5. Cross-Protocol File Sharing
+
+ 6. Miscellaneous
+
+ 6.1. Is Samba Year 2000 compliant?
+ ______________________________________________________________________
+
+ 11.. QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn
+
+ We are endeavouring to provide links here to every major class of
+ information about Samba or things related to Samba. We cannot list
+ every document, but we are aiming for all documents to be at most two
+ referrals from those listed here. This needs constant maintaining, so
+ please send the author your feedback.
+
+ 11..11.. SSaammbbaa ffoorr tthhee IImmppaattiieenntt
+
+ You know you should read the documentation but can't wait to start?
+ What you need to do then is follow the instructions in the following
+ documents, in order. This should be enough to get a _s_i_m_p_l_e site going
+ quickly. If you have any problems at all, refer back to this section
+ and do some more reading.
+
+ 1. Getting Samba: ``Download Instructions''
+
+ 2. Installing Samba: making sure the binaries are in place and work.
+ At the moment there are two kinds of Samba server installs: Unix or
+ close relative <INSTALL.txt> and Others <Samba-Server-
+ FAQ.html#PortInfo>. Do not forget to
+
+ 3. Debug sequence: If you think you have completed the previous step
+ and things aren't working properly work through the diagnosis
+ recipe. <DIAGNOSIS.txt>
+
+ 4. Exporting files to SMB clients: You should read the manual pages
+ for smb.conf, but here is a quick answer guide. <Samba-Server-
+ FAQ.html#Exporting>
+
+ 5. Controlling user access: the quickest and dirtiest way of sharing
+ resources is to use ``share level security.'' If you want to spend
+ more time and have a proper username and password database you must
+ read the paragraph on ``domain mode security.'' If you want
+ encryption (eg you are using Windows NT clients) follow the SMB
+ encryption instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps>
+ 6. Browsing: if you are happy to type in "\samba-serverrename" at the
+ client end then do not read any further. Otherwise you need to
+ understand the ``browsing terminoligy'' and read <BROWSING.txt>.
+
+ 7. Printing: See the printing quick answer guide. <Samba-Server-
+ FAQ.html#Printing>
+
+ If you have got everything working to this point, you can expect Samba
+ to be stable and secure: these are its greatest strengths. However
+ Samba has a great deal to offer and to go further you must do some
+ more reading. Speed and security optimisations, printer accounting,
+ network logons, roving profiles, browsing across multiple subnets and
+ so on are all covered either in this document or in those it refers
+ to.
+
+ 11..22.. AAllll SSaammbbaa DDooccuummeennttaattiioonn
+
+ +o Meta-FAQ. This is the mother of all documents, and is the one you
+ are reading now. The latest version is always at
+ <http://samba.anu.edu.au/[.....]> but there is probably a much
+ nearer mirror site <../MIRRORS> which you should use instead.
+
+ +o <Samba-Server-FAQ.html> is the best starting point for information
+ about server-side issues. Includes configuration tips and pointers
+ for Samba on particular operating systems (with 40 to choose
+ from...)
+
+ +o <Samba-Client-FAQ.html> is the best starting point for information
+ about client-side issues, includes a list of all clients that work
+ with Samba.
+
+ +o <samba-man-index.html> contains descriptions of and links to all
+ the Samba manual pages, in Unix man and postscript format.
+
+ +o <samba-txt-index.html> has descriptions of and links to a large
+ number of text files have been contributed to samba covering many
+ topics. These are gradually being absorbed into the FAQs and HOWTOS
+ but in the meantime you might find helpful answers here.
+
+ +o
+
+ 22.. GGeenneerraall IInnffoorrmmaattiioonn
+
+ All about Samba - what it is, how to get it, related sources of
+ information, how to understand the version numbering scheme, pizza
+ details
+
+ 22..11.. WWhhaatt iiss SSaammbbaa??
+
+ Samba is a suite of programs which work together to allow clients to
+ access to a server's filespace and printers via the SMB (Server
+ Message Block) and CIFS (Common Internet Filesystem) protocols.
+ Initially written for Unix, Samba now also runs on Netware, OS/2, VMS,
+ StratOS and Amigas. Ports to BeOS and other operating systems are
+ underway. Samba gives the capability for these operating systems to
+ behave much like a LAN Server, Windows NT Server or Pathworks machine,
+ only with added functionality and flexibility designed to make life
+ easier for administrators.
+ This means that using Samba you can share a server's disks and
+ printers to many sorts of network clients, including Lan Manager,
+ Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is
+ also a generic client program supplied as part of the Samba suite
+ which gives a user on the server an ftp-like interface to access
+ filespace and printers on any other SMB/CIFS servers.
+
+ Many users report that compared to other SMB implementations Samba is
+ more stable, faster, and compatible with more clients. Administrators
+ of some large installations say that Samba is the only SMB server
+ available which will scale to many tens of thousands of users without
+ crashing. The easy way to test these claims is to download it and try
+ it for yourself!
+
+ The suite is supplied with full source code under the GNU Public
+ License <../COPYING>. The GPL means that you can use Samba for
+ whatever purpose you wish (including changing the source or selling it
+ for money) but under all circumstances the source code must be made
+ freely available. A copy of the GPL must always be included in any
+ copy of the package.
+
+ The primary creator of the Samba suite is Andrew Tridgell. Later
+ versions incorporate much effort by many net.helpers. The man pages
+ and this FAQ were originally written by Karl Auer.
+
+ 22..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa??
+
+ At time of writing, the current version was 1.9.17. If you want to be
+ sure check the bottom of the change-log file.
+ <ftp://samba.anu.edu.au/pub/samba/alpha/change-log>
+
+ For more information see ``What do the version numbers mean?''
+
+ 22..33.. WWhheerree ccaann II ggeett iitt??
+
+ The Samba suite is available via anonymous ftp from samba.anu.edu.au
+ and many mirror <../MIRRORS> sites. You will get much faster
+ performance if you use a mirror site. The latest and greatest versions
+ of the suite are in the directory:
+
+ /pub/samba/
+
+ Development (read "alpha") versions, which are NOT necessarily stable
+ and which do NOT necessarily have accurate documentation, are
+ available in the directory:
+
+ /pub/samba/alpha
+
+ Note that binaries are NOT included in any of the above. Samba is
+ distributed ONLY in source form, though binaries may be available from
+ other sites. Most Linux distributions, for example, do contain Samba
+ binaries for that platform. The VMS, OS/2, Netware and Amiga and other
+ ports typically have binaries made available.
+
+ 22..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann??
+
+ It is not recommended that you run a version of Samba with the word
+ "alpha" in its name unless you know what you are doing and are willing
+ to do some debugging. Many, many people just get the latest
+ recommended stable release version and are happy. If you are brave, by
+ all means take the plunge and help with the testing and development -
+ but don't install it on your departmental server. Samba is typically
+ very stable and safe, and this is mostly due to the policy of many
+ public releases.
+
+ How the scheme works:
+
+ 1. When major changes are made the version number is increased. For
+ example, the transition from 1.9.16 to 1.9.17. However, this
+ version number will not appear immediately and people should
+ continue to use 1.9.15 for production systems (see next point.)
+
+ 2. Just after major changes are made the software is considered
+ unstable, and a series of alpha releases are distributed, for
+ example 1.9.16alpha1. These are for testing by those who know what
+ they are doing. The "alpha" in the filename will hopefully scare
+ off those who are just looking for the latest version to install.
+
+ 3. When Andrew thinks that the alphas have stabilised to the point
+ where he would recommend new users install it, he renames it to the
+ same version number without the alpha, for example 1.9.17.
+
+ 4. Inevitably bugs are found in the "stable" releases and minor patch
+ levels are released which give us the pXX series, for example
+ 1.9.17p2.
+
+ So the progression goes:
+
+ 1.9.16p10 (production)
+ 1.9.16p11 (production)
+ 1.9.17alpha1 (test sites only)
+ :
+ 1.9.17alpha20 (test sites only)
+ 1.9.17 (production)
+ 1.9.17p1 (production)
+
+ The above system means that whenever someone looks at the samba ftp
+ site they will be able to grab the highest numbered release without an
+ alpha in the name and be sure of getting the current recommended
+ version.
+
+ 22..55.. WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn??
+
+ There are a number of places to look for more information on Samba,
+ including:
+
+ +o Two mailing lists devoted to discussion of Samba-related matters.
+ See below for subscription information.
+
+ +o The newsgroup comp.protocols.smb, which has a great deal of
+ discussion about Samba.
+
+ +o The WWW site 'SAMBA Web Pages' at
+ <http://samba.canberra.edu.au/pub/samba/samba.html> includes:
+
+ +o Links to man pages and documentation, including this FAQ
+
+ +o A comprehensive survey of Samba users
+
+ +o A searchable hypertext archive of the Samba mailing list
+
+ +o Links to Samba source code, binaries, and mirrors of both
+
+ +o This FAQ and the rest in its family
+
+ 22..66.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss??
+
+ Send email to listproc@samba.anu.edu.au. Make sure the subject line is
+ blank, and include the following two lines in the body of the message:
+
+ subscribe samba Firstname Lastname
+ subscribe samba-announce Firstname Lastname
+
+ Obviously you should substitute YOUR first name for "Firstname" and
+ YOUR last name for "Lastname"! Try not to send any signature, it
+ sometimes confuses the list processor.
+
+ The samba list is a digest list - every eight hours or so it sends a
+ single message containing all the messages that have been received by
+ the list since the last time and sends a copy of this message to all
+ subscribers. There are thousands of people on this list.
+
+ If you stop being interested in Samba, please send another email to
+ listproc@samba.anu.edu.au. Make sure the subject line is blank, and
+ include the following two lines in the body of the message:
+
+ unsubscribe samba
+ unsubscribe samba-announce
+
+ The FFrroomm:: line in your message _M_U_S_T be the same address you used when
+ you subscribed.
+
+ 22..77.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo??
+
+ ## ****** IIMMPPOORRTTAANNTT!! ****** ##
+
+ DO NOT post messages on mailing lists or in newsgroups until you have
+ carried out the first three steps given here!
+
+ 1. See if there are any likely looking entries in this FAQ! If you
+ have just installed Samba, have you run through the checklist in
+ DIAGNOSIS.txt <ftp://samba.anu.edu.au/pub/samba/DIAGNOSIS.txt>? It
+ can save you a lot of time and effort. DIAGNOSIS.txt can also be
+ found in the docs directory of the Samba distribution.
+
+ 2. Read the man pages for smbd, nmbd and smb.conf, looking for topics
+ that relate to what you are trying to do.
+
+ 3. If there is no obvious solution to hand, try to get a look at the
+ log files for smbd and/or nmbd for the period during which you were
+ having problems. You may need to reconfigure the servers to provide
+ more extensive debugging information - usually level 2 or level 3
+ provide ample debugging info. Inspect these logs closely, looking
+ particularly for the string "Error:".
+
+ 4. If you need urgent help and are willing to pay for it see ``Paid
+ Support''.
+
+ If you still haven't got anywhere, ask the mailing list or newsgroup.
+ In general nobody minds answering questions provided you have followed
+ the preceding steps. It might be a good idea to scan the archives of
+ the mailing list, which are available through the Samba web site
+ described in the previous section. When you post be sure to include a
+ good description of your environment and your problem.
+
+ If you successfully solve a problem, please mail the FAQ maintainer a
+ succinct description of the symptom, the problem and the solution, so
+ that an explanation can be incorporated into the next version.
+
+ 22..88.. HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss??
+
+ If you make changes to the source code, _p_l_e_a_s_e submit these patches so
+ that everyone else gets the benefit of your work. This is one of the
+ most important aspects to the maintainence of Samba. Send all patches
+ to samba-bugs@samba.anu.edu.au. Do not send patches to Andrew Tridgell
+ or any other individual, they may be lost if you do.
+
+ Patch format ------------
+
+ If you are sending a patch to fix a problem then please don't just use
+ standard diff format. As an example, samba-bugs received this patch
+ from someone:
+
+ 382a #endif 381a #if !defined(NEWS61)
+
+ How are we supposed to work out what this does and where it goes?
+ These sort of patches only work if we both have identical files in the
+ first place. The Samba sources are constantly changing at the hands of
+ multiple developers, so it doesn't work.
+
+ Please use either context diffs or (even better) unified diffs. You
+ get these using "diff -c4" or "diff -u". If you don't have a diff that
+ can generate these then please send manualy commented patches to I
+ know what is being changed and where. Most patches are applied by hand
+ so the info must be clear.
+
+ This is a basic guideline that will assist us with assessing your
+ problem more efficiently :
+
+ Machine Arch: Machine OS: OS Version: Kernel:
+
+ Compiler: Libc Version:
+
+ Samba Version:
+
+ Network Layout (description):
+
+ What else is on machine (services, etc):
+
+ Some extras :
+
+ +o what you did and what happened
+
+ +o relevant parts of a debugging output file with debuglevel higher.
+ If you can't find the relevant parts, please ask before mailing
+ huge files.
+
+ +o anything else you think is useful to trace down the bug
+
+ 22..99.. WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss??
+
+ If you have spotted something very serious and believe that it is
+ important to contact the developers quickly send a message to samba-
+ urgent@samba.anu.edu.au. This will be processed more quickly than mail
+ to samba-bugs. Please think carefully before using this address. An
+ example of its use might be to report a security hole.
+
+ Examples of things _n_o_t to send to samba-urgent include problems
+ getting Samba to work at all and bugs that cannot potentially cause
+ damage.
+
+ 22..1100.. WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt??
+
+ Samba has a large network of consultants who provide Samba support on
+ a commercial basis. The list is included in the package in
+ Support.txt, and the latest version will always be on the main samba
+ ftp site. Any company in the world can request that the samba team
+ include their details in Support.txt so we can give no guarantee of
+ their services.
+
+ 22..1111.. PPiizzzzaa ssuuppppllyy ddeettaaiillss
+
+ Those who have registered in the Samba survey as "Pizza Factory" will
+ already know this, but the rest may need some help. Andrew doesn't ask
+ for payment, but he does appreciate it when people give him pizza.
+ This calls for a little organisation when the pizza donor is twenty
+ thousand kilometres away, but it has been done.
+
+ 1. Ring up your local branch of an international pizza chain and see
+ if they honour their vouchers internationally. Pizza Hut do, which
+ is how the entire Canberra Linux Users Group got to eat pizza one
+ night, courtesy of someone in the US.
+
+ 2. Ring up a local pizza shop in Canberra and quote a credit card
+ number for a certain amount, and tell them that Andrew will be
+ collecting it (don't forget to tell him.) One kind soul from
+ Germany did this.
+
+ 3. Purchase a pizza voucher from your local pizza shop that has no
+ international affiliations and send it to Andrew. It is completely
+ useless but he can hang it on the wall next to the one he already
+ has from Germany :-)
+
+ 4. Air freight him a pizza with your favourite regional flavours. It
+ will probably get stuck in customs or torn apart by hungry sniffer
+ dogs but it will have been a noble gesture.
+
+ 33.. AAbboouutt CCIIFFSS aanndd SSMMBB
+
+ 33..11.. WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll??
+
+ SMB is a filesharing protocol that has had several maintainers and
+ contributors over the years including Xerox, 3Com and most recently
+ Microsoft. Names for this protocol include LAN Manager and Microsoft
+ Networking. Parts of the specification has been made public at several
+ versions including in an X/Open document, as listed at
+ <ftp://ftp.microsoft.com/developr/drg/CIFS/>. No specification
+ releases were made between 1992 and 1996, and during that period
+ Microsoft became the SMB implementor with the largest market share.
+ Microsoft developed the specification further for its products but for
+ various reasons connected with developer's workload rather than market
+ strategy did not make the changes public. This culminated with the
+ "Windows NT 0.12" version released with NT 3.5 in 1995 which had
+ significant improvements and bugs. Because Microsoft client systems
+ are so popular, it is fair to say that what Microsoft with Windows
+ affects all suppliers of SMB server products.
+
+ From 1994 Andrew Tridgell began doing some serious work on his
+ Smbserver (now Samba) product and with some helpers started to
+ implement more and more of these protocols. Samba began to take a
+ significant share of the SMB server market.
+
+ 33..22.. WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))??
+
+ The initial pressure for Microsoft to document their current SMB
+ implementation came from the Samba team, who kept coming across things
+ on the wire that Microsoft either didn't know about or hadn't
+ documented anywhere (even in the sourcecode to Windows NT.) Then Sun
+ Microsystems came out with their WebNFS initiative, designed to
+ replace FTP for file transfers on the Internet. There are many
+ drawbacks to WebNFS (including its scope - it aims to replace HTTP as
+ well!) but the concept was attractive. FTP is not very clever, and why
+ should it be harder to get files from across the world than across the
+ room?
+
+ Some hasty revisions were made and an Internet Draft for the Common
+ Internet Filesystem (CIFS) was released. Note that CIFS is not an
+ Internet standard and is a very long way from becoming one, BUT the
+ protocol specification is in the public domain and ongoing discussions
+ concerning the spec take place on a public mailing list according to
+ the rules of the Internet Engineering Task Force. For more information
+ and pointers see <http://samba.anu.edu.au/cifs/>
+
+ The following is taken from <http://www.microsoft.com/intdev/cifs/>
+
+ CIFS defines a standard remote file system access protocol for use
+ over the Internet, enabling groups of users to work together and
+ share documents across the Internet or within their corporate
+ intranets. CIFS is an open, cross-platform technology based on the
+ native file-sharing protocols built into Microsoft Windows and
+ other popular PC operating systems, and supported on dozens of
+ other platforms, including UNIX. With CIFS, millions of computer
+ users can open and share remote files on the Internet without having
+ to install new software or change the way they work."
+
+ If you consider CIFS as a backwardsly-compatible refinement of SMB
+ that will work reasonably efficiently over the Internet you won't be
+ too far wrong.
+
+ The net effect is that Microsoft is now documenting large parts of
+ their Windows NT fileserver protocols. The security concepts embodied
+ in Windows NT are part of the specification, which is why Samba
+ documentation often talks in terms of Windows NT. However there is no
+ reason why a site shouldn't conduct all its file and printer sharing
+ with CIFS and yet have no Microsoft products at all.
+
+ 33..33.. WWhhaatt iiss BBrroowwssiinngg??
+
+ The term "Browsing" causes a lot of confusion. It is the part of the
+ SMB/CIFS protocol which allows for resource discovery. For example, in
+ the Windows NT Explorer it is possible to see a "Network
+ Neighbourhood" of computers in the same SMB workgroup. Clicking on the
+ name of one of these machines brings up a list of file and printer
+ resources for connecting to. In this way you can cruise the network,
+ seeing what things are available. How this scales to the Internet is a
+ subject for debate. Look at the CIFS list archives to see what the
+ experts think.
+
+ 44.. DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk
+
+ The big issues for installing any network of LAN or WAN file and print
+ servers are
+
+ +o How and where usernames, passwords and other security information
+ is stored
+
+ +o What method can be used for locating the resources that users have
+ permission to use
+
+ +o What protocols the clients can converse with
+
+ If you buy Netware, Windows NT or just about any other LAN fileserver
+ product you are expected to lock yourself into the product's preferred
+ answers to these questions. This tendancy is restrictive and often
+ very expensive for a site where there is only one kind of client or
+ server, and for sites with a mixture of operating systems it often
+ makes it impossible to share resources between some sets of users.
+
+ The Samba philosophy is to make things as easy as possible for
+ administators, which means allowing as many combinations of clients,
+ servers, operating systems and protocols as possible.
+
+ 44..11.. WWoorrkkggrroouuppss,, BBrroowwssiinngg DDoommaaiinnss aanndd AAuutthheennttiiccaattiioonn DDoommaaiinnss
+
+ The concepts of a Workgroup and a Domain are fundamental to SMB
+ networking. Although Microsoft integrates Workgroups and Domains
+ tightly with their authentication procedures there is no reason why
+ this has to be so in an SMB network. Groups of SMB machines can work
+ together just as well with Unix or OS/2 Samba servers as they can with
+ Windows NT servers, even though the password storage and access
+ methods are totally different.
+
+ 44..11..11.. DDeeffiinniinngg tthhee TTeerrmmss
+
+ A Workgroup (or Browsing Domain) is collection of machines that
+ maintain a common database contianing information about their shared
+ resources. They do not necessarily have any security information in
+ common. The database is dynamic, modified as servers come and go on
+ the network and as resources are added or deleted. The term "browsing"
+ refers to a user accessing the database via whatever interface the
+ client provides. SMB servers agree between themselves as to which ones
+ will maintain the browsing database. Workgroups can be anywhere on a
+ connected TCP/IP network, including on different subnets or anywhere
+ on the Interet. This is a very tricky part of SMB to implement.
+
+ Due to the convoluted history of SMB there is now conflicting
+ terminology describing Domains and Workgroups. "Domain" is used in the
+ browsing specifications to define that group of servers and clients
+ who share a common name and a common browsing database. The following
+ are used exclusively in the context of Workgroup browsing:
+
+ +o Domain Master Browser
+
+ +o Local Master Browser
+
+ Alternative terms include confusing variations such as "Browse
+ Master", and "Master Browser" which we are trying to eliminate from
+ the Samba documentation. We are moving to the use of "Browsing Domain"
+ wherever the word "Domain" occurs in a workgroup context. Ideally
+ "Workgroup" would also be replaced by Browsing Domain but it is very
+ widely used terminology.
+
+ Unfortunately the group of machines which use the the Microsoft method
+ of sharing authentication information (but not any of the many other
+ methods) is also called a Domain. As explained elsewhere Microsoft are
+ not making this protocol public and The following are used exclusively
+ in the context of Microsoft Authentication domains:
+
+ +o Primary Domain Controller
+
+ +o Backup Domain Controller
+
+ +o Domain Logon
+
+ These terms can be very confusing, and so in the Samba documentation
+ we are moving to the term "Authentication Domain" wherever Domain is
+ used in this sense. As a final touch of irony, all Authentication
+ Domains are also Browsing Domains.
+
+ 44..11..22.. SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess
+
+ With the Samba setting "security = SHARE", all shared resources
+ information about what password is associated with them but only hints
+ as to what usernames might be valid (the hint can be 'all users', in
+ which case any username will work. This is usually a bad idea, but
+ reflects both the initial implementations of SMB in the mid-80s and
+ its reincarnation with Windows for Workgroups in 1992. The idea behind
+ workgroup security was that small independant groups of people could
+ share information on an ad-hoc basis without there being an
+ authentication infrastructure present or requiring them to do more
+ than fill in a dialogue box.
+
+ 44..11..33.. AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess
+
+ With the Samba settings "security = USER" or "security = SERVER"
+ accesses to all resources are checked for username/password pair
+ matches in a more rigorous manner. This has the effect of emulating a
+ Microsoft Authentication Domain. Whether or not an Authentication
+ Domain is involved depends on how the network has been designed.
+
+ 44..22.. AAuutthheennttiiccaattiioonn SScchheemmeess
+
+ In the simple case authentication information is stored on a single
+ server and the user types a password on connecting for the first time.
+ However client operating systems often require a password before they
+ can be used at all, and in addition users usually want access to more
+ than one server. Asking users to remember many different passwords in
+ different contexts just does not work. Some kind of distributed
+ authentication database is needed. It must cope with password changes
+ and provide for assigning groups of users the same level of access
+ permissions.
+
+ Authentication decisions are some of the biggest in designing a
+ network. Are you going to use a scheme native to the client operating
+ system, native to the server operating system, or newly installed on
+ both? A list of options relevant to Samba (ie that make sense in the
+ context of the SMB protocol) follows. Any experiences with other
+ setups would be appreciated. refer to server FAQ for "passwd chat"
+ passwd program password server etc etc...
+
+ 44..22..11.. WWoorrkkggrroouupp MMooddee SSeerrvviicceess
+
+ etc etc
+
+ 44..22..22.. WWiinnddoowwss NNTT--SSttyyllee DDoommaaiinn
+
+ Samba compiled with libdes - enabling encrypted passwords security =
+ server
+
+ 44..22..33.. NNIISS
+
+ 44..22..44.. KKeerrbbeerrooss
+
+ 44..22..55.. FFTTPP
+
+ 44..22..66.. DDeeffaauulltt SSeerrvveerr MMeetthhoodd
+
+ 44..22..77.. CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy
+
+ 44..33.. PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess
+
+ 55.. CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg
+
+ Samba is an important tool for...
+
+ It is possible to...
+
+ File protocol gateways...
+
+ "Setting up a Linux File Server"
+ http://vetrec.mit.edu/people/narf/linux.html
+
+ Two free implementations of Appletalk for Unix are Netatalk,
+ <http://www.umich.edu/~rsug/netatalk/>, and CAP,
+ <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS
+ Windows users, these packages offer to Macs. For more info on these
+ packages, Samba, and Linux (and other UNIX-based systems) see
+ <http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework
+
+ 66.. MMiisscceellllaanneeoouuss
+
+ 66..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt??
+
+ The CIFS protocol that Samba implements negotiates times in various
+ formats, all of which are able to cope with dates beyond 2000.
+
generated by cgit (git 2.34.1) at 2024-07-10 10:52:55 +0000