diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2003-04-07 14:01:19 +0000 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2003-04-07 14:01:19 +0000 |
commit | 4ea9be5467b6274ec2074af8c6438d42415d8fb6 (patch) | |
tree | c9ac9c841062609eeb2bebfb91adb877a94af65d /docs/htmldocs/Samba-HOWTO-Collection.html | |
parent | 705db2effac38df9aaefa9cc6baa9614207b26af (diff) | |
download | samba-4ea9be5467b6274ec2074af8c6438d42415d8fb6.tar.gz samba-4ea9be5467b6274ec2074af8c6438d42415d8fb6.tar.bz2 samba-4ea9be5467b6274ec2074af8c6438d42415d8fb6.zip |
Regenerate docs
(This used to be commit 3d61303ea9783e01796a90e74efb3457ef76497f)
Diffstat (limited to 'docs/htmldocs/Samba-HOWTO-Collection.html')
-rw-r--r-- | docs/htmldocs/Samba-HOWTO-Collection.html | 3411 |
1 files changed, 2141 insertions, 1270 deletions
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index 9b79518cec..8c470203e7 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -69,8 +69,8 @@ NAME="AEN32" ></A ><P >This book is a collection of HOWTOs added to Samba documentation over the years. -I try to ensure that all are current, but sometimes the is a larger job -than one person can maintain. The most recent version of this document +Samba is always under development, and so is it's documentation. +The most recent version of this document can be found at <A HREF="http://www.samba.org/" TARGET="_top" @@ -137,29 +137,29 @@ HREF="#AEN65" ></DT ><DT >1.2. <A -HREF="#AEN70" +HREF="#AEN71" >Configuring samba</A ></DT ><DT >1.3. <A -HREF="#AEN103" +HREF="#AEN107" >Try listing the shares available on your server</A ></DT ><DT >1.4. <A -HREF="#AEN112" +HREF="#AEN116" >Try connecting with the unix client</A ></DT ><DT >1.5. <A -HREF="#AEN128" +HREF="#AEN137" >Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client</A ></DT ><DT >1.6. <A -HREF="#AEN142" +HREF="#AEN150" >What If Things Don't Work?</A ></DT ></DL @@ -173,18 +173,18 @@ HREF="#BROWSING-QUICK" ><DL ><DT >2.1. <A -HREF="#AEN174" +HREF="#AEN183" >Discussion</A ></DT ><DT >2.2. <A -HREF="#AEN193" +HREF="#AEN204" >How browsing functions and how to deploy stable and dependable browsing using Samba</A ></DT ><DT >2.3. <A -HREF="#AEN207" +HREF="#AEN218" >Use of the <B CLASS="COMMAND" >Remote Announce</B @@ -192,7 +192,7 @@ CLASS="COMMAND" ></DT ><DT >2.4. <A -HREF="#AEN230" +HREF="#AEN241" >Use of the <B CLASS="COMMAND" >Remote Browse Sync</B @@ -200,17 +200,17 @@ CLASS="COMMAND" ></DT ><DT >2.5. <A -HREF="#AEN241" +HREF="#AEN252" >Use of WINS</A ></DT ><DT >2.6. <A -HREF="#AEN255" +HREF="#AEN269" >Do NOT use more than one (1) protocol on MS Windows machines</A ></DT ><DT >2.7. <A -HREF="#AEN263" +HREF="#AEN277" >Name Resolution Order</A ></DT ></DL @@ -224,42 +224,42 @@ HREF="#PASSDB" ><DL ><DT >3.1. <A -HREF="#AEN321" +HREF="#AEN335" >Introduction</A ></DT ><DT >3.2. <A -HREF="#AEN328" +HREF="#AEN342" >Important Notes About Security</A ></DT ><DT >3.3. <A -HREF="#AEN366" +HREF="#AEN380" >The smbpasswd Command</A ></DT ><DT >3.4. <A -HREF="#AEN397" +HREF="#AEN411" >Plain text</A ></DT ><DT >3.5. <A -HREF="#AEN402" +HREF="#AEN416" >TDB</A ></DT ><DT >3.6. <A -HREF="#AEN405" +HREF="#AEN419" >LDAP</A ></DT ><DT >3.7. <A -HREF="#AEN623" +HREF="#AEN637" >MySQL</A ></DT ><DT >3.8. <A -HREF="#AEN665" +HREF="#AEN679" >XML</A ></DT ></DL @@ -282,17 +282,17 @@ HREF="#SERVERTYPE" ><DL ><DT >4.1. <A -HREF="#AEN703" +HREF="#AEN717" >Stand Alone Server</A ></DT ><DT >4.2. <A -HREF="#AEN710" +HREF="#AEN724" >Domain Member Server</A ></DT ><DT >4.3. <A -HREF="#AEN716" +HREF="#AEN730" >Domain Controller</A ></DT ></DL @@ -306,7 +306,7 @@ HREF="#SECURITYLEVELS" ><DL ><DT >5.1. <A -HREF="#AEN752" +HREF="#AEN766" >User and Share security level</A ></DT ></DL @@ -320,37 +320,37 @@ HREF="#SAMBA-PDC" ><DL ><DT >6.1. <A -HREF="#AEN859" +HREF="#AEN878" >Prerequisite Reading</A ></DT ><DT >6.2. <A -HREF="#AEN864" +HREF="#AEN883" >Background</A ></DT ><DT >6.3. <A -HREF="#AEN904" +HREF="#AEN923" >Configuring the Samba Domain Controller</A ></DT ><DT >6.4. <A -HREF="#AEN946" +HREF="#AEN965" >Creating Machine Trust Accounts and Joining Clients to the Domain</A ></DT ><DT >6.5. <A -HREF="#AEN1054" +HREF="#AEN1073" >Common Problems and Errors</A ></DT ><DT >6.6. <A -HREF="#AEN1100" +HREF="#AEN1119" >What other help can I get?</A ></DT ><DT >6.7. <A -HREF="#AEN1214" +HREF="#AEN1233" >Domain Control for Windows 9x/ME</A ></DT ></DL @@ -364,27 +364,27 @@ HREF="#SAMBA-BDC" ><DL ><DT >7.1. <A -HREF="#AEN1267" +HREF="#AEN1286" >Prerequisite Reading</A ></DT ><DT >7.2. <A -HREF="#AEN1271" +HREF="#AEN1290" >Background</A ></DT ><DT >7.3. <A -HREF="#AEN1279" +HREF="#AEN1298" >What qualifies a Domain Controller on the network?</A ></DT ><DT >7.4. <A -HREF="#AEN1288" +HREF="#AEN1307" >Can Samba be a Backup Domain Controller to an NT PDC?</A ></DT ><DT >7.5. <A -HREF="#AEN1293" +HREF="#AEN1312" >How do I set up a Samba BDC?</A ></DT ></DL @@ -398,7 +398,7 @@ HREF="#ADS" ><DL ><DT >8.1. <A -HREF="#AEN1336" +HREF="#AEN1355" >Setup your <TT CLASS="FILENAME" >smb.conf</TT @@ -406,7 +406,7 @@ CLASS="FILENAME" ></DT ><DT >8.2. <A -HREF="#AEN1349" +HREF="#AEN1368" >Setup your <TT CLASS="FILENAME" >/etc/krb5.conf</TT @@ -425,11 +425,14 @@ HREF="#ADS-TEST-SERVER" ><DT >8.5. <A HREF="#ADS-TEST-SMBCLIENT" ->Testing with smbclient</A +>Testing with <SPAN +CLASS="APPLICATION" +>smbclient</SPAN +></A ></DT ><DT >8.6. <A -HREF="#AEN1390" +HREF="#AEN1416" >Notes</A ></DT ></DL @@ -443,12 +446,12 @@ HREF="#DOMAIN-SECURITY" ><DL ><DT >9.1. <A -HREF="#AEN1413" +HREF="#AEN1439" >Joining an NT Domain with Samba 3.0</A ></DT ><DT >9.2. <A -HREF="#AEN1467" +HREF="#AEN1493" >Why is this better than security = server?</A ></DT ></DL @@ -471,39 +474,39 @@ HREF="#UNIX-PERMISSIONS" ><DL ><DT >10.1. <A -HREF="#AEN1499" +HREF="#AEN1525" >Viewing and changing UNIX permissions using the NT security dialogs</A ></DT ><DT >10.2. <A -HREF="#AEN1505" +HREF="#AEN1531" >How to view file security on a Samba share</A ></DT ><DT >10.3. <A -HREF="#AEN1516" +HREF="#AEN1542" >Viewing file ownership</A ></DT ><DT >10.4. <A -HREF="#AEN1536" +HREF="#AEN1562" >Viewing file or directory permissions</A ></DT ><DT >10.5. <A -HREF="#AEN1572" +HREF="#AEN1598" >Modifying file or directory permissions</A ></DT ><DT >10.6. <A -HREF="#AEN1594" +HREF="#AEN1620" >Interaction with the standard Samba create mask parameters</A ></DT ><DT >10.7. <A -HREF="#AEN1648" +HREF="#AEN1673" >Interaction with the standard Samba file attribute mapping</A ></DT @@ -523,22 +526,22 @@ HREF="#PRINTING" ><DL ><DT >12.1. <A -HREF="#AEN1711" +HREF="#AEN1736" >Introduction</A ></DT ><DT >12.2. <A -HREF="#AEN1733" +HREF="#AEN1758" >Configuration</A ></DT ><DT >12.3. <A -HREF="#AEN1845" +HREF="#AEN1870" >The Imprints Toolset</A ></DT ><DT >12.4. <A -HREF="#AEN1888" +HREF="#AEN1913" >Diagnosis</A ></DT ></DL @@ -552,12 +555,12 @@ HREF="#CUPS-PRINTING" ><DL ><DT >13.1. <A -HREF="#AEN2000" +HREF="#AEN2025" >Introduction</A ></DT ><DT >13.2. <A -HREF="#AEN2007" +HREF="#AEN2032" >Configuring <TT CLASS="FILENAME" >smb.conf</TT @@ -565,53 +568,53 @@ CLASS="FILENAME" ></DT ><DT >13.3. <A -HREF="#AEN2026" +HREF="#AEN2052" >CUPS - RAW Print Through Mode</A ></DT ><DT >13.4. <A -HREF="#AEN2083" +HREF="#AEN2111" >CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe PostScript driver with CUPS-PPDs downloaded to clients</A ></DT ><DT >13.5. <A -HREF="#AEN2104" +HREF="#AEN2132" >Windows Terminal Servers (WTS) as CUPS clients</A ></DT ><DT >13.6. <A -HREF="#AEN2108" +HREF="#AEN2136" >Setting up CUPS for driver download</A ></DT ><DT >13.7. <A -HREF="#AEN2120" +HREF="#AEN2149" >Sources of CUPS drivers / PPDs</A ></DT ><DT >13.8. <A -HREF="#AEN2176" +HREF="#AEN2205" >The CUPS Filter Chains</A ></DT ><DT >13.9. <A -HREF="#AEN2215" +HREF="#AEN2244" >CUPS Print Drivers and Devices</A ></DT ><DT >13.10. <A -HREF="#AEN2292" +HREF="#AEN2321" >Limiting the number of pages users can print</A ></DT ><DT >13.11. <A -HREF="#AEN2388" +HREF="#AEN2417" >Advanced Postscript Printing from MS Windows</A ></DT ><DT >13.12. <A -HREF="#AEN2403" +HREF="#AEN2432" >Auto-Deletion of CUPS spool files</A ></DT ></DL @@ -625,37 +628,37 @@ HREF="#WINBIND" ><DL ><DT >14.1. <A -HREF="#AEN2469" +HREF="#AEN2506" >Abstract</A ></DT ><DT >14.2. <A -HREF="#AEN2473" +HREF="#AEN2510" >Introduction</A ></DT ><DT >14.3. <A -HREF="#AEN2486" +HREF="#AEN2523" >What Winbind Provides</A ></DT ><DT >14.4. <A -HREF="#AEN2497" +HREF="#AEN2534" >How Winbind Works</A ></DT ><DT >14.5. <A -HREF="#AEN2540" +HREF="#AEN2577" >Installation and Configuration</A ></DT ><DT >14.6. <A -HREF="#AEN2797" +HREF="#AEN2834" >Limitations</A ></DT ><DT >14.7. <A -HREF="#AEN2807" +HREF="#AEN2844" >Conclusion</A ></DT ></DL @@ -669,17 +672,17 @@ HREF="#ADVANCEDNETWORKMANAGEMENT" ><DL ><DT >15.1. <A -HREF="#AEN2822" +HREF="#AEN2859" >Configuring Samba Share Access Controls</A ></DT ><DT >15.2. <A -HREF="#AEN2860" +HREF="#AEN2897" >Remote Server Administration</A ></DT ><DT >15.3. <A -HREF="#AEN2877" +HREF="#AEN2914" >Network Logon Script Magic</A ></DT ></DL @@ -693,12 +696,12 @@ HREF="#POLICYMGMT" ><DL ><DT >16.1. <A -HREF="#AEN2892" +HREF="#AEN2929" >Creating and Managing System Policies</A ></DT ><DT >16.2. <A -HREF="#AEN2965" +HREF="#AEN3002" >Managing Account/User Policies</A ></DT ></DL @@ -712,225 +715,249 @@ HREF="#PROFILEMGMT" ><DL ><DT >17.1. <A -HREF="#AEN2998" +HREF="#AEN3035" >Roaming Profiles</A ></DT ><DT >17.2. <A -HREF="#AEN3196" +HREF="#AEN3242" >Mandatory profiles</A ></DT ><DT >17.3. <A -HREF="#AEN3203" +HREF="#AEN3249" >Creating/Managing Group Profiles</A ></DT ><DT >17.4. <A -HREF="#AEN3209" +HREF="#AEN3255" >Default Profile for Windows Users</A ></DT ></DL ></DD ><DT >18. <A +HREF="#INTERDOMAINTRUSTS" +>Interdomain Trust Relationships</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="#AEN3386" +>Trust Relationship Background</A +></DT +><DT +>18.2. <A +HREF="#AEN3395" +>MS Windows NT4 Trust Configuration</A +></DT +><DT +>18.3. <A +HREF="#AEN3405" +>Configuring Samba Domain Trusts</A +></DT +></DL +></DD +><DT +>19. <A HREF="#PAM" >PAM Configuration for Centrally Managed Authentication</A ></DT ><DD ><DL ><DT ->18.1. <A -HREF="#AEN3332" +>19.1. <A +HREF="#AEN3440" >Samba and PAM</A ></DT ><DT ->18.2. <A -HREF="#AEN3383" +>19.2. <A +HREF="#AEN3491" >Distributed Authentication</A ></DT ><DT ->18.3. <A -HREF="#AEN3388" +>19.3. <A +HREF="#AEN3496" >PAM Configuration in smb.conf</A ></DT ></DL ></DD ><DT ->19. <A +>20. <A HREF="#VFS" >Stackable VFS modules</A ></DT ><DD ><DL ><DT ->19.1. <A -HREF="#AEN3423" +>20.1. <A +HREF="#AEN3531" >Introduction and configuration</A ></DT ><DT ->19.2. <A -HREF="#AEN3432" +>20.2. <A +HREF="#AEN3540" >Included modules</A ></DT ><DT ->19.3. <A -HREF="#AEN3490" +>20.3. <A +HREF="#AEN3598" >VFS modules available elsewhere</A ></DT ></DL ></DD ><DT ->20. <A +>21. <A HREF="#MSDFS" >Hosting a Microsoft Distributed File System tree on Samba</A ></DT ><DD ><DL ><DT ->20.1. <A -HREF="#AEN3518" +>21.1. <A +HREF="#AEN3626" >Instructions</A ></DT ></DL ></DD ><DT ->21. <A +>22. <A HREF="#INTEGRATE-MS-NETWORKS" >Integrating MS Windows networks with Samba</A ></DT ><DD ><DL ><DT ->21.1. <A -HREF="#AEN3580" +>22.1. <A +HREF="#AEN3688" >Name Resolution in a pure Unix/Linux world</A ></DT ><DT ->21.2. <A -HREF="#AEN3643" +>22.2. <A +HREF="#AEN3751" >Name resolution as used within MS Windows networking</A ></DT ></DL ></DD ><DT ->22. <A +>23. <A HREF="#IMPROVED-BROWSING" >Improved browsing in samba</A ></DT ><DD ><DL ><DT ->22.1. <A -HREF="#AEN3695" +>23.1. <A +HREF="#AEN3804" >Overview of browsing</A ></DT ><DT ->22.2. <A -HREF="#AEN3701" +>23.2. <A +HREF="#AEN3810" >Browsing support in samba</A ></DT ><DT ->22.3. <A -HREF="#AEN3714" +>23.3. <A +HREF="#AEN3825" >Problem resolution</A ></DT ><DT ->22.4. <A -HREF="#AEN3725" +>23.4. <A +HREF="#AEN3837" >Browsing across subnets</A ></DT ><DT ->22.5. <A -HREF="#AEN3765" +>23.5. <A +HREF="#AEN3878" >Setting up a WINS server</A ></DT ><DT ->22.6. <A -HREF="#AEN3785" +>23.6. <A +HREF="#AEN3901" >Setting up Browsing in a WORKGROUP</A ></DT ><DT ->22.7. <A -HREF="#AEN3808" +>23.7. <A +HREF="#AEN3927" >Setting up Browsing in a DOMAIN</A ></DT ><DT ->22.8. <A +>23.8. <A HREF="#BROWSE-FORCE-MASTER" >Forcing samba to be the master</A ></DT ><DT ->22.9. <A -HREF="#AEN3843" +>23.9. <A +HREF="#AEN3962" >Making samba the domain master</A ></DT ><DT ->22.10. <A -HREF="#AEN3865" +>23.10. <A +HREF="#AEN3984" >Note about broadcast addresses</A ></DT ><DT ->22.11. <A -HREF="#AEN3868" +>23.11. <A +HREF="#AEN3987" >Multiple interfaces</A ></DT ></DL ></DD ><DT ->23. <A +>24. <A HREF="#SECURING-SAMBA" >Securing Samba</A ></DT ><DD ><DL ><DT ->23.1. <A -HREF="#AEN3884" +>24.1. <A +HREF="#AEN4003" >Introduction</A ></DT ><DT ->23.2. <A -HREF="#AEN3887" +>24.2. <A +HREF="#AEN4006" >Using host based protection</A ></DT ><DT ->23.3. <A -HREF="#AEN3894" +>24.3. <A +HREF="#AEN4016" >Using interface protection</A ></DT ><DT ->23.4. <A -HREF="#AEN3903" +>24.4. <A +HREF="#AEN4025" >Using a firewall</A ></DT ><DT ->23.5. <A -HREF="#AEN3910" +>24.5. <A +HREF="#AEN4032" >Using a IPC$ share deny</A ></DT ><DT ->23.6. <A -HREF="#AEN3919" +>24.6. <A +HREF="#AEN4041" >Upgrading Samba</A ></DT ></DL ></DD ><DT ->24. <A +>25. <A HREF="#UNICODE" >Unicode/Charsets</A ></DT ><DD ><DL ><DT ->24.1. <A -HREF="#AEN3933" +>25.1. <A +HREF="#AEN4056" >What are charsets and unicode?</A ></DT ><DT ->24.2. <A -HREF="#AEN3942" +>25.2. <A +HREF="#AEN4065" >Samba and charsets</A ></DT ></DL @@ -945,263 +972,263 @@ HREF="#APPENDIXES" ><DD ><DL ><DT ->25. <A +>26. <A HREF="#SWAT" >SWAT - The Samba Web Admininistration Tool</A ></DT ><DD ><DL ><DT ->25.1. <A -HREF="#AEN3976" +>26.1. <A +HREF="#AEN4098" >SWAT Features and Benefits</A ></DT ></DL ></DD ><DT ->26. <A +>27. <A HREF="#NT4MIGRATION" >Migration from NT4 PDC to Samba-3 PDC</A ></DT ><DD ><DL ><DT ->26.1. <A -HREF="#AEN4012" +>27.1. <A +HREF="#AEN4134" >Planning and Getting Started</A ></DT ><DT ->26.2. <A -HREF="#AEN4021" +>27.2. <A +HREF="#AEN4143" >Managing Samba-3 Domain Control</A ></DT ></DL ></DD ><DT ->27. <A +>28. <A HREF="#SPEED" >Samba performance issues</A ></DT ><DD ><DL ><DT ->27.1. <A -HREF="#AEN4041" +>28.1. <A +HREF="#AEN4163" >Comparisons</A ></DT ><DT ->27.2. <A -HREF="#AEN4047" +>28.2. <A +HREF="#AEN4169" >Socket options</A ></DT ><DT ->27.3. <A -HREF="#AEN4054" +>28.3. <A +HREF="#AEN4176" >Read size</A ></DT ><DT ->27.4. <A -HREF="#AEN4059" +>28.4. <A +HREF="#AEN4181" >Max xmit</A ></DT ><DT ->27.5. <A -HREF="#AEN4064" +>28.5. <A +HREF="#AEN4186" >Log level</A ></DT ><DT ->27.6. <A -HREF="#AEN4067" +>28.6. <A +HREF="#AEN4189" >Read raw</A ></DT ><DT ->27.7. <A -HREF="#AEN4072" +>28.7. <A +HREF="#AEN4194" >Write raw</A ></DT ><DT ->27.8. <A -HREF="#AEN4076" +>28.8. <A +HREF="#AEN4198" >Slow Clients</A ></DT ><DT ->27.9. <A -HREF="#AEN4080" +>28.9. <A +HREF="#AEN4202" >Slow Logins</A ></DT ><DT ->27.10. <A -HREF="#AEN4083" +>28.10. <A +HREF="#AEN4205" >Client tuning</A ></DT ></DL ></DD ><DT ->28. <A +>29. <A HREF="#PORTABILITY" >Portability</A ></DT ><DD ><DL ><DT ->28.1. <A -HREF="#AEN4127" +>29.1. <A +HREF="#AEN4249" >HPUX</A ></DT ><DT ->28.2. <A -HREF="#AEN4133" +>29.2. <A +HREF="#AEN4255" >SCO Unix</A ></DT ><DT ->28.3. <A -HREF="#AEN4137" +>29.3. <A +HREF="#AEN4259" >DNIX</A ></DT ><DT ->28.4. <A -HREF="#AEN4166" +>29.4. <A +HREF="#AEN4288" >RedHat Linux Rembrandt-II</A ></DT ><DT ->28.5. <A -HREF="#AEN4172" +>29.5. <A +HREF="#AEN4294" >AIX</A ></DT ></DL ></DD ><DT ->29. <A +>30. <A HREF="#OTHER-CLIENTS" >Samba and other CIFS clients</A ></DT ><DD ><DL ><DT ->29.1. <A -HREF="#AEN4196" +>30.1. <A +HREF="#AEN4319" >Macintosh clients?</A ></DT ><DT ->29.2. <A -HREF="#AEN4205" +>30.2. <A +HREF="#AEN4328" >OS2 Client</A ></DT ><DT ->29.3. <A -HREF="#AEN4245" +>30.3. <A +HREF="#AEN4368" >Windows for Workgroups</A ></DT ><DT ->29.4. <A -HREF="#AEN4269" +>30.4. <A +HREF="#AEN4392" >Windows '95/'98</A ></DT ><DT ->29.5. <A -HREF="#AEN4285" +>30.5. <A +HREF="#AEN4408" >Windows 2000 Service Pack 2</A ></DT ><DT ->29.6. <A -HREF="#AEN4302" +>30.6. <A +HREF="#AEN4425" >Windows NT 3.1</A ></DT ></DL ></DD ><DT ->30. <A +>31. <A HREF="#COMPILING" >How to compile SAMBA</A ></DT ><DD ><DL ><DT ->30.1. <A -HREF="#AEN4323" +>31.1. <A +HREF="#AEN4446" >Access Samba source code via CVS</A ></DT ><DT ->30.2. <A -HREF="#AEN4366" +>31.2. <A +HREF="#AEN4489" >Accessing the samba sources via rsync and ftp</A ></DT ><DT ->30.3. <A -HREF="#AEN4372" +>31.3. <A +HREF="#AEN4495" >Building the Binaries</A ></DT ><DT ->30.4. <A -HREF="#AEN4429" +>31.4. <A +HREF="#AEN4552" >Starting the smbd and nmbd</A ></DT ></DL ></DD ><DT ->31. <A +>32. <A HREF="#BUGREPORT" >Reporting Bugs</A ></DT ><DD ><DL ><DT ->31.1. <A -HREF="#AEN4500" +>32.1. <A +HREF="#AEN4627" >Introduction</A ></DT ><DT ->31.2. <A -HREF="#AEN4510" +>32.2. <A +HREF="#AEN4637" >General info</A ></DT ><DT ->31.3. <A -HREF="#AEN4516" +>32.3. <A +HREF="#AEN4643" >Debug levels</A ></DT ><DT ->31.4. <A -HREF="#AEN4536" +>32.4. <A +HREF="#AEN4664" >Internal errors</A ></DT ><DT ->31.5. <A -HREF="#AEN4550" +>32.5. <A +HREF="#AEN4678" >Attaching to a running process</A ></DT ><DT ->31.6. <A -HREF="#AEN4558" +>32.6. <A +HREF="#AEN4686" >Patches</A ></DT ></DL ></DD ><DT ->32. <A +>33. <A HREF="#DIAGNOSIS" >The samba checklist</A ></DT ><DD ><DL ><DT ->32.1. <A -HREF="#AEN4581" +>33.1. <A +HREF="#AEN4709" >Introduction</A ></DT ><DT ->32.2. <A -HREF="#AEN4586" +>33.2. <A +HREF="#AEN4714" >Assumptions</A ></DT ><DT ->32.3. <A -HREF="#AEN4596" +>33.3. <A +HREF="#AEN4733" >The tests</A ></DT ><DT ->32.4. <A -HREF="#AEN4697" +>33.4. <A +HREF="#AEN4900" >Still having troubles?</A ></DT ></DL @@ -1253,55 +1280,58 @@ HREF="#AEN65" ></DT ><DT >1.2. <A -HREF="#AEN70" +HREF="#AEN71" >Configuring samba</A ></DT ><DD ><DL ><DT >1.2.1. <A -HREF="#AEN75" ->Editing the smb.conf file</A +HREF="#AEN76" +>Editing the <TT +CLASS="FILENAME" +>smb.conf</TT +> file</A ></DT ><DT >1.2.2. <A -HREF="#AEN97" +HREF="#AEN101" >SWAT</A ></DT ></DL ></DD ><DT >1.3. <A -HREF="#AEN103" +HREF="#AEN107" >Try listing the shares available on your server</A ></DT ><DT >1.4. <A -HREF="#AEN112" +HREF="#AEN116" >Try connecting with the unix client</A ></DT ><DT >1.5. <A -HREF="#AEN128" +HREF="#AEN137" >Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client</A ></DT ><DT >1.6. <A -HREF="#AEN142" +HREF="#AEN150" >What If Things Don't Work?</A ></DT ><DD ><DL ><DT >1.6.1. <A -HREF="#AEN147" +HREF="#AEN156" >Scope IDs</A ></DT ><DT >1.6.2. <A -HREF="#AEN150" +HREF="#AEN159" >Locking</A ></DT ></DL @@ -1317,18 +1347,18 @@ HREF="#BROWSING-QUICK" ><DL ><DT >2.1. <A -HREF="#AEN174" +HREF="#AEN183" >Discussion</A ></DT ><DT >2.2. <A -HREF="#AEN193" +HREF="#AEN204" >How browsing functions and how to deploy stable and dependable browsing using Samba</A ></DT ><DT >2.3. <A -HREF="#AEN207" +HREF="#AEN218" >Use of the <B CLASS="COMMAND" >Remote Announce</B @@ -1336,7 +1366,7 @@ CLASS="COMMAND" ></DT ><DT >2.4. <A -HREF="#AEN230" +HREF="#AEN241" >Use of the <B CLASS="COMMAND" >Remote Browse Sync</B @@ -1344,17 +1374,17 @@ CLASS="COMMAND" ></DT ><DT >2.5. <A -HREF="#AEN241" +HREF="#AEN252" >Use of WINS</A ></DT ><DT >2.6. <A -HREF="#AEN255" +HREF="#AEN269" >Do NOT use more than one (1) protocol on MS Windows machines</A ></DT ><DT >2.7. <A -HREF="#AEN263" +HREF="#AEN277" >Name Resolution Order</A ></DT ></DL @@ -1368,129 +1398,129 @@ HREF="#PASSDB" ><DL ><DT >3.1. <A -HREF="#AEN321" +HREF="#AEN335" >Introduction</A ></DT ><DT >3.2. <A -HREF="#AEN328" +HREF="#AEN342" >Important Notes About Security</A ></DT ><DD ><DL ><DT >3.2.1. <A -HREF="#AEN354" +HREF="#AEN368" >Advantages of SMB Encryption</A ></DT ><DT >3.2.2. <A -HREF="#AEN360" +HREF="#AEN374" >Advantages of non-encrypted passwords</A ></DT ></DL ></DD ><DT >3.3. <A -HREF="#AEN366" +HREF="#AEN380" >The smbpasswd Command</A ></DT ><DT >3.4. <A -HREF="#AEN397" +HREF="#AEN411" >Plain text</A ></DT ><DT >3.5. <A -HREF="#AEN402" +HREF="#AEN416" >TDB</A ></DT ><DT >3.6. <A -HREF="#AEN405" +HREF="#AEN419" >LDAP</A ></DT ><DD ><DL ><DT >3.6.1. <A -HREF="#AEN407" +HREF="#AEN421" >Introduction</A ></DT ><DT >3.6.2. <A -HREF="#AEN427" +HREF="#AEN441" >Introduction</A ></DT ><DT >3.6.3. <A -HREF="#AEN456" +HREF="#AEN470" >Supported LDAP Servers</A ></DT ><DT >3.6.4. <A -HREF="#AEN461" +HREF="#AEN475" >Schema and Relationship to the RFC 2307 posixAccount</A ></DT ><DT >3.6.5. <A -HREF="#AEN473" +HREF="#AEN487" >Configuring Samba with LDAP</A ></DT ><DT >3.6.6. <A -HREF="#AEN520" +HREF="#AEN534" >Accounts and Groups management</A ></DT ><DT >3.6.7. <A -HREF="#AEN525" +HREF="#AEN539" >Security and sambaAccount</A ></DT ><DT >3.6.8. <A -HREF="#AEN545" +HREF="#AEN559" >LDAP specials attributes for sambaAccounts</A ></DT ><DT >3.6.9. <A -HREF="#AEN615" +HREF="#AEN629" >Example LDIF Entries for a sambaAccount</A ></DT ></DL ></DD ><DT >3.7. <A -HREF="#AEN623" +HREF="#AEN637" >MySQL</A ></DT ><DD ><DL ><DT >3.7.1. <A -HREF="#AEN625" +HREF="#AEN639" >Creating the database</A ></DT ><DT >3.7.2. <A -HREF="#AEN635" +HREF="#AEN649" >Configuring</A ></DT ><DT >3.7.3. <A -HREF="#AEN652" +HREF="#AEN666" >Using plaintext passwords or encrypted password</A ></DT ><DT >3.7.4. <A -HREF="#AEN657" +HREF="#AEN671" >Getting non-column data from the table</A ></DT ></DL ></DD ><DT >3.8. <A -HREF="#AEN665" +HREF="#AEN679" >XML</A ></DT ></DL @@ -1520,18 +1550,21 @@ NAME="AEN65" HREF="http://samba.org/" TARGET="_top" >the samba homepage</A -> +>. </P ><P >If you need to compile samba from source, check the - appropriate appendix chapter.</P + <A +HREF="#COMPILING" +>appropriate appendix chapter</A +>.</P ></DIV ><DIV CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN70" +NAME="AEN71" >1.2. Configuring samba</A ></H2 ><P @@ -1552,8 +1585,11 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN75" ->1.2.1. Editing the smb.conf file</A +NAME="AEN76" +>1.2.1. Editing the <TT +CLASS="FILENAME" +>smb.conf</TT +> file</A ></H3 ><P >There are sample configuration files in the examples @@ -1566,31 +1602,27 @@ NAME="AEN75" ><P ><PRE CLASS="PROGRAMLISTING" -> [global] - workgroup = MYGROUP +>[global] + workgroup = MYGROUP - [homes] - guest ok = no - read only = no +[homes] + guest ok = no + read only = no </PRE ></P ><P >which would allow connections by anyone with an account on the server, using either their login name or - "homes" as the service name. (Note that I also set the + "<B +CLASS="COMMAND" +>homes</B +>" as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details)</P ><P ->Note that <B -CLASS="COMMAND" ->make install</B -> will not install - a <TT +>Make sure you put the <TT CLASS="FILENAME" >smb.conf</TT -> file. You need to create it - yourself. </P -><P ->Make sure you put the smb.conf file in the same place +> file in the same place you specified in the<TT CLASS="FILENAME" >Makefile</TT @@ -1601,13 +1633,20 @@ CLASS="FILENAME" >).</P ><P >For more information about security settings for the - [homes] share please refer to the document UNIX_SECURITY.txt.</P + <B +CLASS="COMMAND" +>[homes]</B +> share please refer to the chapter + <A +HREF="#SECURING-SAMBA" +>Securing Samba</A +>.</P ><DIV CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN89" +NAME="AEN92" >1.2.1.1. Test your config file with <B CLASS="COMMAND" @@ -1619,7 +1658,10 @@ CLASS="COMMAND" <TT CLASS="FILENAME" >smb.conf</TT -> file using the testparm program. +> file using the <SPAN +CLASS="APPLICATION" +>testparm</SPAN +> program. If testparm runs OK then it will list the loaded services. If not it will give an error message.</P ><P @@ -1638,7 +1680,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN97" +NAME="AEN101" >1.2.2. SWAT</A ></H3 ><P @@ -1666,7 +1708,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN103" +NAME="AEN107" >1.3. Try listing the shares available on your server</A ></H2 @@ -1703,7 +1745,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN112" +NAME="AEN116" >1.4. Try connecting with the unix client</A ></H2 ><P @@ -1722,32 +1764,49 @@ CLASS="REPLACEABLE" CLASS="REPLACEABLE" >yourhostname</VAR > - would be the name of the host where you installed <B -CLASS="COMMAND" -> smbd</B ->. The <VAR + would be the name of the host where you installed <SPAN +CLASS="APPLICATION" +>smbd</SPAN +>. + The <VAR CLASS="REPLACEABLE" >aservice</VAR > is any service you have defined in the <TT CLASS="FILENAME" >smb.conf</TT -> - file. Try your user name if you just have a [homes] section +> + file. Try your user name if you just have a <B +CLASS="COMMAND" +>[homes]</B +> + section in <TT CLASS="FILENAME" >smb.conf</TT >.</P ><P ->For example if your unix host is bambi and your login - name is fred you would type:</P +>For example if your unix host is <VAR +CLASS="REPLACEABLE" +>bambi</VAR +> + and your login name is <VAR +CLASS="REPLACEABLE" +>fred</VAR +> you would type:</P ><P ><SAMP CLASS="PROMPT" >$ </SAMP ><KBD CLASS="USERINPUT" ->smbclient //bambi/fred +>smbclient //<VAR +CLASS="REPLACEABLE" +>bambi</VAR +>/<VAR +CLASS="REPLACEABLE" +>fred</VAR +> </KBD ></P ></DIV @@ -1756,7 +1815,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN128" +NAME="AEN137" >1.5. Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client</A ></H2 @@ -1791,19 +1850,21 @@ CLASS="USERINPUT" >print filename </KBD ></P -><P ->Celebrate, or send me a bug report!</P ></DIV ><DIV CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN142" +NAME="AEN150" >1.6. What If Things Don't Work?</A ></H2 ><P ->Then you might read the file HOWTO chapter Diagnosis and the +>Then you might read the file chapter + <A +HREF="#DIAGNOSIS" +>Diagnosis</A +> and the FAQ. If you are still stuck then try the mailing list or newsgroup (look in the README for details). Samba has been successfully installed at thousands of sites worldwide, so maybe @@ -1825,7 +1886,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN147" +NAME="AEN156" >1.6.1. Scope IDs</A ></H3 ><P @@ -1841,7 +1902,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN150" +NAME="AEN159" >1.6.2. Locking</A ></H3 ><P @@ -1943,7 +2004,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN174" +NAME="AEN183" >2.1. Discussion</A ></H2 ><P @@ -1971,7 +2032,10 @@ CLASS="FILENAME" implements browse list collation using unicast UDP.</P ><P >Secondly, in those networks where Samba is the only SMB server technology -wherever possible nmbd should be configured on one (1) machine as the WINS +wherever possible <SPAN +CLASS="APPLICATION" +>nmbd</SPAN +> should be configured on one (1) machine as the WINS server. This makes it easy to manage the browsing environment. If each network segment is configured with it's own Samba WINS server, then the only way to get cross segment browsing to work is by using the @@ -2001,7 +2065,10 @@ CLASS="COMMAND" been committed, but it still needs maturation.</P ><P >Right now samba WINS does not support MS-WINS replication. This means that -when setting up Samba as a WINS server there must only be one nmbd configured +when setting up Samba as a WINS server there must only be one <SPAN +CLASS="APPLICATION" +>nmbd</SPAN +> configured as a WINS server on the network. Some sites have used multiple Samba WINS servers for redundancy (one server per subnet) and then used <B @@ -2028,7 +2095,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN193" +NAME="AEN204" >2.2. How browsing functions and how to deploy stable and dependable browsing using Samba</A ></H2 @@ -2108,7 +2175,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN207" +NAME="AEN218" >2.3. Use of the <B CLASS="COMMAND" >Remote Announce</B @@ -2195,7 +2262,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN230" +NAME="AEN241" >2.4. Use of the <B CLASS="COMMAND" >Remote Browse Sync</B @@ -2237,7 +2304,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN241" +NAME="AEN252" >2.5. Use of WINS</A ></H2 ><P @@ -2295,23 +2362,51 @@ file [globals] section.</P ><P >To configure Samba to register with a WINS server just add "wins server = a.b.c.d" to your smb.conf file [globals] section.</P +><DIV +CLASS="IMPORTANT" ><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->DO NOT EVER</I -></SPAN -> use both "wins support = yes" together -with "wins server = a.b.c.d" particularly not using it's own IP address. -Specifying both will cause nmbd to refuse to start!</P +></P +><TABLE +CLASS="IMPORTANT" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/important.gif" +HSPACE="5" +ALT="Important"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Never use both <B +CLASS="COMMAND" +>wins support = yes</B +> together +with <B +CLASS="COMMAND" +>wins server = a.b.c.d</B +> +particularly not using it's own IP address. +Specifying both will cause <SPAN +CLASS="APPLICATION" +>nmbd</SPAN +> to refuse to start!</P +></TD +></TR +></TABLE +></DIV ></DIV ><DIV CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN255" +NAME="AEN269" >2.6. Do NOT use more than one (1) protocol on MS Windows machines</A ></H2 ><P @@ -2354,7 +2449,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN263" +NAME="AEN277" >2.7. Name Resolution Order</A ></H2 ><P @@ -2445,7 +2540,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN321" +NAME="AEN335" >3.1. Introduction</A ></H2 ><P @@ -2486,7 +2581,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN328" +NAME="AEN342" >3.2. Important Notes About Security</A ></H2 ><P @@ -2649,7 +2744,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN354" +NAME="AEN368" >3.2.1. Advantages of SMB Encryption</A ></H3 ><P @@ -2688,7 +2783,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN360" +NAME="AEN374" >3.2.2. Advantages of non-encrypted passwords</A ></H3 ><P @@ -2723,7 +2818,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN366" +NAME="AEN380" >3.3. The smbpasswd Command</A ></H2 ><P @@ -2826,7 +2921,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN397" +NAME="AEN411" >3.4. Plain text</A ></H2 ><P @@ -2846,7 +2941,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN402" +NAME="AEN416" >3.5. TDB</A ></H2 ><P @@ -2859,7 +2954,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN405" +NAME="AEN419" >3.6. LDAP</A ></H2 ><DIV @@ -2867,7 +2962,7 @@ CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN407" +NAME="AEN421" >3.6.1. Introduction</A ></H3 ><P @@ -2935,7 +3030,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN427" +NAME="AEN441" >3.6.2. Introduction</A ></H3 ><P @@ -3044,7 +3139,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN456" +NAME="AEN470" >3.6.3. Supported LDAP Servers</A ></H3 ><P @@ -3070,7 +3165,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN461" +NAME="AEN475" >3.6.4. Schema and Relationship to the RFC 2307 posixAccount</A ></H3 ><P @@ -3127,7 +3222,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN473" +NAME="AEN487" >3.6.5. Configuring Samba with LDAP</A ></H3 ><DIV @@ -3135,7 +3230,7 @@ CLASS="SECT3" ><H4 CLASS="SECT3" ><A -NAME="AEN475" +NAME="AEN489" >3.6.5.1. OpenLDAP configuration</A ></H4 ><P @@ -3217,7 +3312,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN492" +NAME="AEN506" >3.6.5.2. Configuring Samba</A ></H4 ><P @@ -3333,7 +3428,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN520" +NAME="AEN534" >3.6.6. Accounts and Groups management</A ></H3 ><P @@ -3358,7 +3453,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN525" +NAME="AEN539" >3.6.7. Security and sambaAccount</A ></H3 ><P @@ -3437,7 +3532,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN545" +NAME="AEN559" >3.6.8. LDAP specials attributes for sambaAccounts</A ></H3 ><P @@ -3644,7 +3739,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN615" +NAME="AEN629" >3.6.9. Example LDIF Entries for a sambaAccount</A ></H3 ><P @@ -3703,7 +3798,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN623" +NAME="AEN637" >3.7. MySQL</A ></H2 ><DIV @@ -3711,7 +3806,7 @@ CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN625" +NAME="AEN639" >3.7.1. Creating the database</A ></H3 ><P @@ -3747,7 +3842,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN635" +NAME="AEN649" >3.7.2. Configuring</A ></H3 ><P @@ -3858,7 +3953,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN652" +NAME="AEN666" >3.7.3. Using plaintext passwords or encrypted password</A ></H3 ><P @@ -3873,7 +3968,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN657" +NAME="AEN671" >3.7.4. Getting non-column data from the table</A ></H3 ><P @@ -3899,7 +3994,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN665" +NAME="AEN679" >3.8. XML</A ></H2 ><P @@ -3937,7 +4032,7 @@ CLASS="TITLE" ><DIV CLASS="PARTINTRO" ><A -NAME="AEN674" +NAME="AEN688" ></A ><H1 >Introduction</H1 @@ -3961,24 +4056,24 @@ HREF="#SERVERTYPE" ><DL ><DT >4.1. <A -HREF="#AEN703" +HREF="#AEN717" >Stand Alone Server</A ></DT ><DT >4.2. <A -HREF="#AEN710" +HREF="#AEN724" >Domain Member Server</A ></DT ><DT >4.3. <A -HREF="#AEN716" +HREF="#AEN730" >Domain Controller</A ></DT ><DD ><DL ><DT >4.3.1. <A -HREF="#AEN719" +HREF="#AEN733" >Domain Controller Types</A ></DT ></DL @@ -3994,34 +4089,34 @@ HREF="#SECURITYLEVELS" ><DL ><DT >5.1. <A -HREF="#AEN752" +HREF="#AEN766" >User and Share security level</A ></DT ><DD ><DL ><DT >5.1.1. <A -HREF="#AEN755" +HREF="#AEN769" >User Level Security</A ></DT ><DT >5.1.2. <A -HREF="#AEN765" +HREF="#AEN779" >Share Level Security</A ></DT ><DT >5.1.3. <A -HREF="#AEN769" +HREF="#AEN785" >Server Level Security</A ></DT ><DT >5.1.4. <A -HREF="#AEN808" +HREF="#AEN825" >Domain Level Security</A ></DT ><DT >5.1.5. <A -HREF="#AEN829" +HREF="#AEN848" >ADS Level Security</A ></DT ></DL @@ -4037,63 +4132,63 @@ HREF="#SAMBA-PDC" ><DL ><DT >6.1. <A -HREF="#AEN859" +HREF="#AEN878" >Prerequisite Reading</A ></DT ><DT >6.2. <A -HREF="#AEN864" +HREF="#AEN883" >Background</A ></DT ><DT >6.3. <A -HREF="#AEN904" +HREF="#AEN923" >Configuring the Samba Domain Controller</A ></DT ><DT >6.4. <A -HREF="#AEN946" +HREF="#AEN965" >Creating Machine Trust Accounts and Joining Clients to the Domain</A ></DT ><DD ><DL ><DT >6.4.1. <A -HREF="#AEN989" +HREF="#AEN1008" >Manual Creation of Machine Trust Accounts</A ></DT ><DT >6.4.2. <A -HREF="#AEN1030" +HREF="#AEN1049" >"On-the-Fly" Creation of Machine Trust Accounts</A ></DT ><DT >6.4.3. <A -HREF="#AEN1039" +HREF="#AEN1058" >Joining the Client to the Domain</A ></DT ></DL ></DD ><DT >6.5. <A -HREF="#AEN1054" +HREF="#AEN1073" >Common Problems and Errors</A ></DT ><DT >6.6. <A -HREF="#AEN1100" +HREF="#AEN1119" >What other help can I get?</A ></DT ><DT >6.7. <A -HREF="#AEN1214" +HREF="#AEN1233" >Domain Control for Windows 9x/ME</A ></DT ><DD ><DL ><DT >6.7.1. <A -HREF="#AEN1237" +HREF="#AEN1256" >Configuration Instructions: Network Logons</A ></DT ></DL @@ -4109,53 +4204,53 @@ HREF="#SAMBA-BDC" ><DL ><DT >7.1. <A -HREF="#AEN1267" +HREF="#AEN1286" >Prerequisite Reading</A ></DT ><DT >7.2. <A -HREF="#AEN1271" +HREF="#AEN1290" >Background</A ></DT ><DT >7.3. <A -HREF="#AEN1279" +HREF="#AEN1298" >What qualifies a Domain Controller on the network?</A ></DT ><DD ><DL ><DT >7.3.1. <A -HREF="#AEN1282" +HREF="#AEN1301" >How does a Workstation find its domain controller?</A ></DT ><DT >7.3.2. <A -HREF="#AEN1285" +HREF="#AEN1304" >When is the PDC needed?</A ></DT ></DL ></DD ><DT >7.4. <A -HREF="#AEN1288" +HREF="#AEN1307" >Can Samba be a Backup Domain Controller to an NT PDC?</A ></DT ><DT >7.5. <A -HREF="#AEN1293" +HREF="#AEN1312" >How do I set up a Samba BDC?</A ></DT ><DD ><DL ><DT >7.5.1. <A -HREF="#AEN1310" +HREF="#AEN1329" >How do I replicate the smbpasswd file?</A ></DT ><DT >7.5.2. <A -HREF="#AEN1314" +HREF="#AEN1333" >Can I do this all with LDAP?</A ></DT ></DL @@ -4171,7 +4266,7 @@ HREF="#ADS" ><DL ><DT >8.1. <A -HREF="#AEN1336" +HREF="#AEN1355" >Setup your <TT CLASS="FILENAME" >smb.conf</TT @@ -4179,7 +4274,7 @@ CLASS="FILENAME" ></DT ><DT >8.2. <A -HREF="#AEN1349" +HREF="#AEN1368" >Setup your <TT CLASS="FILENAME" >/etc/krb5.conf</TT @@ -4194,7 +4289,7 @@ HREF="#ADS-CREATE-MACHINE-ACCOUNT" ><DL ><DT >8.3.1. <A -HREF="#AEN1373" +HREF="#AEN1396" >Possible errors</A ></DT ></DL @@ -4207,11 +4302,14 @@ HREF="#ADS-TEST-SERVER" ><DT >8.5. <A HREF="#ADS-TEST-SMBCLIENT" ->Testing with smbclient</A +>Testing with <SPAN +CLASS="APPLICATION" +>smbclient</SPAN +></A ></DT ><DT >8.6. <A -HREF="#AEN1390" +HREF="#AEN1416" >Notes</A ></DT ></DL @@ -4225,12 +4323,12 @@ HREF="#DOMAIN-SECURITY" ><DL ><DT >9.1. <A -HREF="#AEN1413" +HREF="#AEN1439" >Joining an NT Domain with Samba 3.0</A ></DT ><DT >9.2. <A -HREF="#AEN1467" +HREF="#AEN1493" >Why is this better than security = server?</A ></DT ></DL @@ -4289,7 +4387,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN703" +NAME="AEN717" >4.1. Stand Alone Server</A ></H2 ><P @@ -4332,7 +4430,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN710" +NAME="AEN724" >4.2. Domain Member Server</A ></H2 ><P @@ -4362,7 +4460,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN716" +NAME="AEN730" >4.3. Domain Controller</A ></H2 ><P @@ -4374,7 +4472,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN719" +NAME="AEN733" >4.3.1. Domain Controller Types</A ></H3 ><P @@ -4468,7 +4566,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN752" +NAME="AEN766" >5.1. User and Share security level</A ></H2 ><P @@ -4486,7 +4584,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN755" +NAME="AEN769" >5.1.1. User Level Security</A ></H3 ><P @@ -4527,7 +4625,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN765" +NAME="AEN779" >5.1.2. Share Level Security</A ></H3 ><P @@ -4548,7 +4646,13 @@ level security. They normally send a valid username but no password. Samba records this username in a list of "possible usernames". When the client then does a "tree connection" it also adds to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the "user =" smb.conf +home directories) and any users listed in the <B +CLASS="COMMAND" +>user =</B +> <TT +CLASS="FILENAME" +>smb.conf</TT +> line. The password is then checked in turn against these "possible usernames". If a match is found then the client is authenticated as that user.</P @@ -4558,7 +4662,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN769" +NAME="AEN785" >5.1.3. Server Level Security</A ></H3 ><P @@ -4594,7 +4698,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN774" +NAME="AEN790" >5.1.3.1. Configuring Samba for Seemless Windows Network Integration</A ></H4 ><P @@ -4706,11 +4810,14 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN800" +NAME="AEN816" >5.1.3.2. Use MS Windows NT as an authentication server</A ></H4 ><P ->This method involves the additions of the following parameters in the smb.conf file:</P +>This method involves the additions of the following parameters in the <TT +CLASS="FILENAME" +>smb.conf</TT +> file:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -4742,7 +4849,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN808" +NAME="AEN825" >5.1.4. Domain Level Security</A ></H3 ><P @@ -4760,11 +4867,14 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN812" +NAME="AEN829" >5.1.4.1. Samba as a member of an MS Windows NT security domain</A ></H4 ><P ->This method involves additon of the following paramters in the smb.conf file:</P +>This method involves additon of the following paramters in the <TT +CLASS="FILENAME" +>smb.conf</TT +> file:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -4774,7 +4884,10 @@ CLASS="PROGRAMLISTING" password server = *</PRE ></P ><P ->The use of the "*" argument to "password server" will cause samba to locate the +>The use of the "*" argument to <B +CLASS="COMMAND" +>password server</B +> will cause samba to locate the domain controller in a way analogous to the way this is done within MS Windows NT. This is the default behaviour.</P ><P @@ -4823,7 +4936,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN829" +NAME="AEN848" >5.1.5. ADS Level Security</A ></H3 ><P @@ -4850,7 +4963,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN859" +NAME="AEN878" >6.1. Prerequisite Reading</A ></H2 ><P @@ -4873,7 +4986,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN864" +NAME="AEN883" >6.2. Background</A ></H2 ><P @@ -5020,7 +5133,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN904" +NAME="AEN923" >6.3. Configuring the Samba Domain Controller</A ></H2 ><P @@ -5216,7 +5329,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN946" +NAME="AEN965" >6.4. Creating Machine Trust Accounts and Joining Clients to the Domain</A ></H2 ><P @@ -5402,7 +5515,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN989" +NAME="AEN1008" >6.4.1. Manual Creation of Machine Trust Accounts</A ></H3 ><P @@ -5572,7 +5685,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1030" +NAME="AEN1049" >6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A ></H3 ><P @@ -5609,7 +5722,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1039" +NAME="AEN1058" >6.4.3. Joining the Client to the Domain</A ></H3 ><P @@ -5677,7 +5790,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1054" +NAME="AEN1073" >6.5. Common Problems and Errors</A ></H2 ><P @@ -5876,7 +5989,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1100" +NAME="AEN1119" >6.6. What other help can I get?</A ></H2 ><P @@ -6296,7 +6409,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1214" +NAME="AEN1233" >6.7. Domain Control for Windows 9x/ME</A ></H2 ><P @@ -6395,7 +6508,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1237" +NAME="AEN1256" >6.7.1. Configuration Instructions: Network Logons</A ></H3 ><P @@ -6510,7 +6623,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1267" +NAME="AEN1286" >7.1. Prerequisite Reading</A ></H2 ><P @@ -6527,7 +6640,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1271" +NAME="AEN1290" >7.2. Background</A ></H2 ><P @@ -6572,7 +6685,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1279" +NAME="AEN1298" >7.3. What qualifies a Domain Controller on the network?</A ></H2 ><P @@ -6589,7 +6702,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1282" +NAME="AEN1301" >7.3.1. How does a Workstation find its domain controller?</A ></H3 ><P @@ -6608,7 +6721,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1285" +NAME="AEN1304" >7.3.2. When is the PDC needed?</A ></H3 ><P @@ -6624,7 +6737,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1288" +NAME="AEN1307" >7.4. Can Samba be a Backup Domain Controller to an NT PDC?</A ></H2 ><P @@ -6647,7 +6760,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1293" +NAME="AEN1312" >7.5. How do I set up a Samba BDC?</A ></H2 ><P @@ -6714,7 +6827,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1310" +NAME="AEN1329" >7.5.1. How do I replicate the smbpasswd file?</A ></H3 ><P @@ -6735,7 +6848,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1314" +NAME="AEN1333" >7.5.2. Can I do this all with LDAP?</A ></H3 ><P @@ -6762,7 +6875,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1336" +NAME="AEN1355" >8.1. Setup your <TT CLASS="FILENAME" >smb.conf</TT @@ -6830,7 +6943,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1349" +NAME="AEN1368" >8.2. Setup your <TT CLASS="FILENAME" >/etc/krb5.conf</TT @@ -6902,10 +7015,16 @@ CLASS="FILENAME" its netbios name. If you don't get this right then you will get a "local error" when you try to join the realm.</P ><P ->If all you want is kerberos support in smbclient then you can skip +>If all you want is kerberos support in <SPAN +CLASS="APPLICATION" +>smbclient</SPAN +> then you can skip straight to <A HREF="#ADS-TEST-SMBCLIENT" ->Test with smbclient</A +>Test with <SPAN +CLASS="APPLICATION" +>smbclient</SPAN +></A > now. <A HREF="#ADS-CREATE-MACHINE-ACCOUNT" @@ -6916,7 +7035,13 @@ HREF="#ADS-TEST-SERVER" >testing your servers</A > is only needed if you want kerberos -support for smbd and winbindd.</P +support for <SPAN +CLASS="APPLICATION" +>smbd</SPAN +> and <SPAN +CLASS="APPLICATION" +>winbindd</SPAN +>.</P ></DIV ><DIV CLASS="SECT1" @@ -6938,7 +7063,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1373" +NAME="AEN1396" >8.3.1. Possible errors</A ></H3 ><P @@ -6984,11 +7109,20 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="ADS-TEST-SMBCLIENT" ->8.5. Testing with smbclient</A +>8.5. Testing with <SPAN +CLASS="APPLICATION" +>smbclient</SPAN +></A ></H2 ><P >On your Samba server try to login to a Win2000 server or your Samba -server using smbclient and kerberos. Use smbclient as usual, but +server using <SPAN +CLASS="APPLICATION" +>smbclient</SPAN +> and kerberos. Use <SPAN +CLASS="APPLICATION" +>smbclient</SPAN +> as usual, but specify the <VAR CLASS="PARAMETER" >-k</VAR @@ -6999,7 +7133,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1390" +NAME="AEN1416" >8.6. Notes</A ></H2 ><P @@ -7022,7 +7156,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1413" +NAME="AEN1439" >9.1. Joining an NT Domain with Samba 3.0</A ></H2 ><P @@ -7048,15 +7182,11 @@ CLASS="CONSTANT" </CODE >.</P ><P ->Firstly, you must edit your <A -HREF="smb.conf.5.html" -TARGET="_top" -><TT +>Firstly, you must edit your <TT CLASS="FILENAME" ->smb.conf(5)</TT -> - </A -> file to tell Samba it should now use domain security.</P +>smb.conf</TT +> file to tell Samba it should + now use domain security.</P ><P >Change (or add) your <A HREF="smb.conf.5.html#SECURITY" @@ -7066,7 +7196,10 @@ CLASS="PARAMETER" >security =</VAR ></A > line in the [global] section - of your smb.conf to read:</P + of your <TT +CLASS="FILENAME" +>smb.conf</TT +> to read:</P ><P ><B CLASS="COMMAND" @@ -7205,7 +7338,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1467" +NAME="AEN1493" >9.2. Why is this better than security = server?</A ></H2 ><P @@ -7317,13 +7450,12 @@ CLASS="TITLE" ><DIV CLASS="PARTINTRO" ><A -NAME="AEN1485" +NAME="AEN1511" ></A ><H1 >Introduction</H1 ><P ->Samba has several features that you might want or might not want to use. The chapters in this -part each cover one specific feature.</P +>Samba has several features that you might want or might not want to use. The chapters in this part each cover one specific feature.</P ></DIV ><DIV CLASS="TOC" @@ -7341,53 +7473,53 @@ HREF="#UNIX-PERMISSIONS" ><DL ><DT >10.1. <A -HREF="#AEN1499" +HREF="#AEN1525" >Viewing and changing UNIX permissions using the NT security dialogs</A ></DT ><DT >10.2. <A -HREF="#AEN1505" +HREF="#AEN1531" >How to view file security on a Samba share</A ></DT ><DT >10.3. <A -HREF="#AEN1516" +HREF="#AEN1542" >Viewing file ownership</A ></DT ><DT >10.4. <A -HREF="#AEN1536" +HREF="#AEN1562" >Viewing file or directory permissions</A ></DT ><DD ><DL ><DT >10.4.1. <A -HREF="#AEN1551" +HREF="#AEN1577" >File Permissions</A ></DT ><DT >10.4.2. <A -HREF="#AEN1565" +HREF="#AEN1591" >Directory Permissions</A ></DT ></DL ></DD ><DT >10.5. <A -HREF="#AEN1572" +HREF="#AEN1598" >Modifying file or directory permissions</A ></DT ><DT >10.6. <A -HREF="#AEN1594" +HREF="#AEN1620" >Interaction with the standard Samba create mask parameters</A ></DT ><DT >10.7. <A -HREF="#AEN1648" +HREF="#AEN1673" >Interaction with the standard Samba file attribute mapping</A ></DT @@ -7407,122 +7539,122 @@ HREF="#PRINTING" ><DL ><DT >12.1. <A -HREF="#AEN1711" +HREF="#AEN1736" >Introduction</A ></DT ><DT >12.2. <A -HREF="#AEN1733" +HREF="#AEN1758" >Configuration</A ></DT ><DD ><DL ><DT >12.2.1. <A -HREF="#AEN1741" +HREF="#AEN1766" >Creating [print$]</A ></DT ><DT >12.2.2. <A -HREF="#AEN1776" +HREF="#AEN1801" >Setting Drivers for Existing Printers</A ></DT ><DT >12.2.3. <A -HREF="#AEN1792" +HREF="#AEN1817" >Support a large number of printers</A ></DT ><DT >12.2.4. <A -HREF="#AEN1807" +HREF="#AEN1832" >Adding New Printers via the Windows NT APW</A ></DT ><DT >12.2.5. <A -HREF="#AEN1837" +HREF="#AEN1862" >Samba and Printer Ports</A ></DT ></DL ></DD ><DT >12.3. <A -HREF="#AEN1845" +HREF="#AEN1870" >The Imprints Toolset</A ></DT ><DD ><DL ><DT >12.3.1. <A -HREF="#AEN1849" +HREF="#AEN1874" >What is Imprints?</A ></DT ><DT >12.3.2. <A -HREF="#AEN1859" +HREF="#AEN1884" >Creating Printer Driver Packages</A ></DT ><DT >12.3.3. <A -HREF="#AEN1862" +HREF="#AEN1887" >The Imprints server</A ></DT ><DT >12.3.4. <A -HREF="#AEN1866" +HREF="#AEN1891" >The Installation Client</A ></DT ></DL ></DD ><DT >12.4. <A -HREF="#AEN1888" +HREF="#AEN1913" >Diagnosis</A ></DT ><DD ><DL ><DT >12.4.1. <A -HREF="#AEN1890" +HREF="#AEN1915" >Introduction</A ></DT ><DT >12.4.2. <A -HREF="#AEN1906" +HREF="#AEN1931" >Debugging printer problems</A ></DT ><DT >12.4.3. <A -HREF="#AEN1915" +HREF="#AEN1940" >What printers do I have?</A ></DT ><DT >12.4.4. <A -HREF="#AEN1923" +HREF="#AEN1948" >Setting up printcap and print servers</A ></DT ><DT >12.4.5. <A -HREF="#AEN1951" +HREF="#AEN1976" >Job sent, no output</A ></DT ><DT >12.4.6. <A -HREF="#AEN1962" +HREF="#AEN1987" >Job sent, strange output</A ></DT ><DT >12.4.7. <A -HREF="#AEN1974" +HREF="#AEN1999" >Raw PostScript printed</A ></DT ><DT >12.4.8. <A -HREF="#AEN1977" +HREF="#AEN2002" >Advanced Printing</A ></DT ><DT >12.4.9. <A -HREF="#AEN1980" +HREF="#AEN2005" >Real debugging</A ></DT ></DL @@ -7538,12 +7670,12 @@ HREF="#CUPS-PRINTING" ><DL ><DT >13.1. <A -HREF="#AEN2000" +HREF="#AEN2025" >Introduction</A ></DT ><DT >13.2. <A -HREF="#AEN2007" +HREF="#AEN2032" >Configuring <TT CLASS="FILENAME" >smb.conf</TT @@ -7551,35 +7683,35 @@ CLASS="FILENAME" ></DT ><DT >13.3. <A -HREF="#AEN2026" +HREF="#AEN2052" >CUPS - RAW Print Through Mode</A ></DT ><DT >13.4. <A -HREF="#AEN2083" +HREF="#AEN2111" >CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe PostScript driver with CUPS-PPDs downloaded to clients</A ></DT ><DT >13.5. <A -HREF="#AEN2104" +HREF="#AEN2132" >Windows Terminal Servers (WTS) as CUPS clients</A ></DT ><DT >13.6. <A -HREF="#AEN2108" +HREF="#AEN2136" >Setting up CUPS for driver download</A ></DT ><DT >13.7. <A -HREF="#AEN2120" +HREF="#AEN2149" >Sources of CUPS drivers / PPDs</A ></DT ><DD ><DL ><DT >13.7.1. <A -HREF="#AEN2147" +HREF="#AEN2176" ><B CLASS="COMMAND" >cupsaddsmb</B @@ -7589,36 +7721,36 @@ CLASS="COMMAND" ></DD ><DT >13.8. <A -HREF="#AEN2176" +HREF="#AEN2205" >The CUPS Filter Chains</A ></DT ><DT >13.9. <A -HREF="#AEN2215" +HREF="#AEN2244" >CUPS Print Drivers and Devices</A ></DT ><DD ><DL ><DT >13.9.1. <A -HREF="#AEN2222" +HREF="#AEN2251" >Further printing steps</A ></DT ></DL ></DD ><DT >13.10. <A -HREF="#AEN2292" +HREF="#AEN2321" >Limiting the number of pages users can print</A ></DT ><DT >13.11. <A -HREF="#AEN2388" +HREF="#AEN2417" >Advanced Postscript Printing from MS Windows</A ></DT ><DT >13.12. <A -HREF="#AEN2403" +HREF="#AEN2432" >Auto-Deletion of CUPS spool files</A ></DT ></DL @@ -7632,99 +7764,99 @@ HREF="#WINBIND" ><DL ><DT >14.1. <A -HREF="#AEN2469" +HREF="#AEN2506" >Abstract</A ></DT ><DT >14.2. <A -HREF="#AEN2473" +HREF="#AEN2510" >Introduction</A ></DT ><DT >14.3. <A -HREF="#AEN2486" +HREF="#AEN2523" >What Winbind Provides</A ></DT ><DD ><DL ><DT >14.3.1. <A -HREF="#AEN2493" +HREF="#AEN2530" >Target Uses</A ></DT ></DL ></DD ><DT >14.4. <A -HREF="#AEN2497" +HREF="#AEN2534" >How Winbind Works</A ></DT ><DD ><DL ><DT >14.4.1. <A -HREF="#AEN2502" +HREF="#AEN2539" >Microsoft Remote Procedure Calls</A ></DT ><DT >14.4.2. <A -HREF="#AEN2506" +HREF="#AEN2543" >Microsoft Active Directory Services</A ></DT ><DT >14.4.3. <A -HREF="#AEN2509" +HREF="#AEN2546" >Name Service Switch</A ></DT ><DT >14.4.4. <A -HREF="#AEN2525" +HREF="#AEN2562" >Pluggable Authentication Modules</A ></DT ><DT >14.4.5. <A -HREF="#AEN2533" +HREF="#AEN2570" >User and Group ID Allocation</A ></DT ><DT >14.4.6. <A -HREF="#AEN2537" +HREF="#AEN2574" >Result Caching</A ></DT ></DL ></DD ><DT >14.5. <A -HREF="#AEN2540" +HREF="#AEN2577" >Installation and Configuration</A ></DT ><DD ><DL ><DT >14.5.1. <A -HREF="#AEN2545" +HREF="#AEN2582" >Introduction</A ></DT ><DT >14.5.2. <A -HREF="#AEN2558" +HREF="#AEN2595" >Requirements</A ></DT ><DT >14.5.3. <A -HREF="#AEN2572" +HREF="#AEN2609" >Testing Things Out</A ></DT ></DL ></DD ><DT >14.6. <A -HREF="#AEN2797" +HREF="#AEN2834" >Limitations</A ></DT ><DT >14.7. <A -HREF="#AEN2807" +HREF="#AEN2844" >Conclusion</A ></DT ></DL @@ -7738,26 +7870,26 @@ HREF="#ADVANCEDNETWORKMANAGEMENT" ><DL ><DT >15.1. <A -HREF="#AEN2822" +HREF="#AEN2859" >Configuring Samba Share Access Controls</A ></DT ><DD ><DL ><DT >15.1.1. <A -HREF="#AEN2832" +HREF="#AEN2869" >Share Permissions Management</A ></DT ></DL ></DD ><DT >15.2. <A -HREF="#AEN2860" +HREF="#AEN2897" >Remote Server Administration</A ></DT ><DT >15.3. <A -HREF="#AEN2877" +HREF="#AEN2914" >Network Logon Script Magic</A ></DT ></DL @@ -7771,43 +7903,43 @@ HREF="#POLICYMGMT" ><DL ><DT >16.1. <A -HREF="#AEN2892" +HREF="#AEN2929" >Creating and Managing System Policies</A ></DT ><DD ><DL ><DT >16.1.1. <A -HREF="#AEN2906" +HREF="#AEN2943" >Windows 9x/Me Policies</A ></DT ><DT >16.1.2. <A -HREF="#AEN2918" +HREF="#AEN2955" >Windows NT4 Style Policy Files</A ></DT ><DT >16.1.3. <A -HREF="#AEN2936" +HREF="#AEN2973" >MS Windows 200x / XP Professional Policies</A ></DT ></DL ></DD ><DT >16.2. <A -HREF="#AEN2965" +HREF="#AEN3002" >Managing Account/User Policies</A ></DT ><DD ><DL ><DT >16.2.1. <A -HREF="#AEN2980" +HREF="#AEN3017" >With Windows NT4/200x</A ></DT ><DT >16.2.2. <A -HREF="#AEN2983" +HREF="#AEN3020" >With a Samba PDC</A ></DT ></DL @@ -7823,63 +7955,63 @@ HREF="#PROFILEMGMT" ><DL ><DT >17.1. <A -HREF="#AEN2998" +HREF="#AEN3035" >Roaming Profiles</A ></DT ><DD ><DL ><DT >17.1.1. <A -HREF="#AEN3006" +HREF="#AEN3042" >Samba Configuration for Profile Handling</A ></DT ><DT >17.1.2. <A -HREF="#AEN3031" +HREF="#AEN3077" >Windows Client Profile Configuration Information</A ></DT ><DT >17.1.3. <A -HREF="#AEN3151" +HREF="#AEN3197" >Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A ></DT ><DT >17.1.4. <A -HREF="#AEN3158" +HREF="#AEN3204" >Profile Migration from Windows NT4/200x Server to Samba</A ></DT ></DL ></DD ><DT >17.2. <A -HREF="#AEN3196" +HREF="#AEN3242" >Mandatory profiles</A ></DT ><DT >17.3. <A -HREF="#AEN3203" +HREF="#AEN3249" >Creating/Managing Group Profiles</A ></DT ><DT >17.4. <A -HREF="#AEN3209" +HREF="#AEN3255" >Default Profile for Windows Users</A ></DT ><DD ><DL ><DT >17.4.1. <A -HREF="#AEN3213" +HREF="#AEN3259" >MS Windows 9x/Me</A ></DT ><DT >17.4.2. <A -HREF="#AEN3225" +HREF="#AEN3271" >MS Windows NT4 Workstation</A ></DT ><DT >17.4.3. <A -HREF="#AEN3279" +HREF="#AEN3325" >MS Windows 200x/XP</A ></DT ></DL @@ -7888,84 +8020,136 @@ HREF="#AEN3279" ></DD ><DT >18. <A +HREF="#INTERDOMAINTRUSTS" +>Interdomain Trust Relationships</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="#AEN3386" +>Trust Relationship Background</A +></DT +><DT +>18.2. <A +HREF="#AEN3395" +>MS Windows NT4 Trust Configuration</A +></DT +><DD +><DL +><DT +>18.2.1. <A +HREF="#AEN3398" +>NT4 as the Trusting Domain</A +></DT +><DT +>18.2.2. <A +HREF="#AEN3401" +>NT4 as the Trusted Domain</A +></DT +></DL +></DD +><DT +>18.3. <A +HREF="#AEN3405" +>Configuring Samba Domain Trusts</A +></DT +><DD +><DL +><DT +>18.3.1. <A +HREF="#AEN3409" +>Samba3 as the Trusting Domain</A +></DT +><DT +>18.3.2. <A +HREF="#AEN3416" +>Samba3 as the Trusted Domain</A +></DT +></DL +></DD +></DL +></DD +><DT +>19. <A HREF="#PAM" >PAM Configuration for Centrally Managed Authentication</A ></DT ><DD ><DL ><DT ->18.1. <A -HREF="#AEN3332" +>19.1. <A +HREF="#AEN3440" >Samba and PAM</A ></DT ><DT ->18.2. <A -HREF="#AEN3383" +>19.2. <A +HREF="#AEN3491" >Distributed Authentication</A ></DT ><DT ->18.3. <A -HREF="#AEN3388" +>19.3. <A +HREF="#AEN3496" >PAM Configuration in smb.conf</A ></DT ></DL ></DD ><DT ->19. <A +>20. <A HREF="#VFS" >Stackable VFS modules</A ></DT ><DD ><DL ><DT ->19.1. <A -HREF="#AEN3423" +>20.1. <A +HREF="#AEN3531" >Introduction and configuration</A ></DT ><DT ->19.2. <A -HREF="#AEN3432" +>20.2. <A +HREF="#AEN3540" >Included modules</A ></DT ><DD ><DL ><DT ->19.2.1. <A -HREF="#AEN3434" +>20.2.1. <A +HREF="#AEN3542" >audit</A ></DT ><DT ->19.2.2. <A -HREF="#AEN3442" +>20.2.2. <A +HREF="#AEN3550" >extd_audit</A ></DT ><DT ->19.2.3. <A -HREF="#AEN3446" +>20.2.3. <A +HREF="#AEN3554" >recycle</A ></DT ><DT ->19.2.4. <A -HREF="#AEN3483" +>20.2.4. <A +HREF="#AEN3591" >netatalk</A ></DT ></DL ></DD ><DT ->19.3. <A -HREF="#AEN3490" +>20.3. <A +HREF="#AEN3598" >VFS modules available elsewhere</A ></DT ><DD ><DL ><DT ->19.3.1. <A -HREF="#AEN3494" +>20.3.1. <A +HREF="#AEN3602" >DatabaseFS</A ></DT ><DT ->19.3.2. <A -HREF="#AEN3502" +>20.3.2. <A +HREF="#AEN3610" >vscan</A ></DT ></DL @@ -7973,22 +8157,22 @@ HREF="#AEN3502" ></DL ></DD ><DT ->20. <A +>21. <A HREF="#MSDFS" >Hosting a Microsoft Distributed File System tree on Samba</A ></DT ><DD ><DL ><DT ->20.1. <A -HREF="#AEN3518" +>21.1. <A +HREF="#AEN3626" >Instructions</A ></DT ><DD ><DL ><DT ->20.1.1. <A -HREF="#AEN3553" +>21.1.1. <A +HREF="#AEN3661" >Notes</A ></DT ></DL @@ -7996,46 +8180,46 @@ HREF="#AEN3553" ></DL ></DD ><DT ->21. <A +>22. <A HREF="#INTEGRATE-MS-NETWORKS" >Integrating MS Windows networks with Samba</A ></DT ><DD ><DL ><DT ->21.1. <A -HREF="#AEN3580" +>22.1. <A +HREF="#AEN3688" >Name Resolution in a pure Unix/Linux world</A ></DT ><DD ><DL ><DT ->21.1.1. <A -HREF="#AEN3596" +>22.1.1. <A +HREF="#AEN3704" ><TT CLASS="FILENAME" >/etc/hosts</TT ></A ></DT ><DT ->21.1.2. <A -HREF="#AEN3612" +>22.1.2. <A +HREF="#AEN3720" ><TT CLASS="FILENAME" >/etc/resolv.conf</TT ></A ></DT ><DT ->21.1.3. <A -HREF="#AEN3623" +>22.1.3. <A +HREF="#AEN3731" ><TT CLASS="FILENAME" >/etc/host.conf</TT ></A ></DT ><DT ->21.1.4. <A -HREF="#AEN3631" +>22.1.4. <A +HREF="#AEN3739" ><TT CLASS="FILENAME" >/etc/nsswitch.conf</TT @@ -8044,35 +8228,35 @@ CLASS="FILENAME" ></DL ></DD ><DT ->21.2. <A -HREF="#AEN3643" +>22.2. <A +HREF="#AEN3751" >Name resolution as used within MS Windows networking</A ></DT ><DD ><DL ><DT ->21.2.1. <A -HREF="#AEN3655" +>22.2.1. <A +HREF="#AEN3763" >The NetBIOS Name Cache</A ></DT ><DT ->21.2.2. <A -HREF="#AEN3660" +>22.2.2. <A +HREF="#AEN3768" >The LMHOSTS file</A ></DT ><DT ->21.2.3. <A -HREF="#AEN3668" +>22.2.3. <A +HREF="#AEN3776" >HOSTS file</A ></DT ><DT ->21.2.4. <A -HREF="#AEN3673" +>22.2.4. <A +HREF="#AEN3781" >DNS Lookup</A ></DT ><DT ->21.2.5. <A -HREF="#AEN3676" +>22.2.5. <A +HREF="#AEN3784" >WINS Lookup</A ></DT ></DL @@ -8080,132 +8264,132 @@ HREF="#AEN3676" ></DL ></DD ><DT ->22. <A +>23. <A HREF="#IMPROVED-BROWSING" >Improved browsing in samba</A ></DT ><DD ><DL ><DT ->22.1. <A -HREF="#AEN3695" +>23.1. <A +HREF="#AEN3804" >Overview of browsing</A ></DT ><DT ->22.2. <A -HREF="#AEN3701" +>23.2. <A +HREF="#AEN3810" >Browsing support in samba</A ></DT ><DT ->22.3. <A -HREF="#AEN3714" +>23.3. <A +HREF="#AEN3825" >Problem resolution</A ></DT ><DT ->22.4. <A -HREF="#AEN3725" +>23.4. <A +HREF="#AEN3837" >Browsing across subnets</A ></DT ><DD ><DL ><DT ->22.4.1. <A -HREF="#AEN3730" +>23.4.1. <A +HREF="#AEN3843" >How does cross subnet browsing work ?</A ></DT ></DL ></DD ><DT ->22.5. <A -HREF="#AEN3765" +>23.5. <A +HREF="#AEN3878" >Setting up a WINS server</A ></DT ><DT ->22.6. <A -HREF="#AEN3785" +>23.6. <A +HREF="#AEN3901" >Setting up Browsing in a WORKGROUP</A ></DT ><DT ->22.7. <A -HREF="#AEN3808" +>23.7. <A +HREF="#AEN3927" >Setting up Browsing in a DOMAIN</A ></DT ><DT ->22.8. <A +>23.8. <A HREF="#BROWSE-FORCE-MASTER" >Forcing samba to be the master</A ></DT ><DT ->22.9. <A -HREF="#AEN3843" +>23.9. <A +HREF="#AEN3962" >Making samba the domain master</A ></DT ><DT ->22.10. <A -HREF="#AEN3865" +>23.10. <A +HREF="#AEN3984" >Note about broadcast addresses</A ></DT ><DT ->22.11. <A -HREF="#AEN3868" +>23.11. <A +HREF="#AEN3987" >Multiple interfaces</A ></DT ></DL ></DD ><DT ->23. <A +>24. <A HREF="#SECURING-SAMBA" >Securing Samba</A ></DT ><DD ><DL ><DT ->23.1. <A -HREF="#AEN3884" +>24.1. <A +HREF="#AEN4003" >Introduction</A ></DT ><DT ->23.2. <A -HREF="#AEN3887" +>24.2. <A +HREF="#AEN4006" >Using host based protection</A ></DT ><DT ->23.3. <A -HREF="#AEN3894" +>24.3. <A +HREF="#AEN4016" >Using interface protection</A ></DT ><DT ->23.4. <A -HREF="#AEN3903" +>24.4. <A +HREF="#AEN4025" >Using a firewall</A ></DT ><DT ->23.5. <A -HREF="#AEN3910" +>24.5. <A +HREF="#AEN4032" >Using a IPC$ share deny</A ></DT ><DT ->23.6. <A -HREF="#AEN3919" +>24.6. <A +HREF="#AEN4041" >Upgrading Samba</A ></DT ></DL ></DD ><DT ->24. <A +>25. <A HREF="#UNICODE" >Unicode/Charsets</A ></DT ><DD ><DL ><DT ->24.1. <A -HREF="#AEN3933" +>25.1. <A +HREF="#AEN4056" >What are charsets and unicode?</A ></DT ><DT ->24.2. <A -HREF="#AEN3942" +>25.2. <A +HREF="#AEN4065" >Samba and charsets</A ></DT ></DL @@ -8225,7 +8409,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1499" +NAME="AEN1525" >10.1. Viewing and changing UNIX permissions using the NT security dialogs</A ></H2 @@ -8275,7 +8459,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1505" +NAME="AEN1531" >10.2. How to view file security on a Samba share</A ></H2 ><P @@ -8344,7 +8528,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1516" +NAME="AEN1542" >10.3. Viewing file ownership</A ></H2 ><P @@ -8430,7 +8614,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1536" +NAME="AEN1562" >10.4. Viewing file or directory permissions</A ></H2 ><P @@ -8484,7 +8668,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1551" +NAME="AEN1577" >10.4.1. File Permissions</A ></H3 ><P @@ -8546,7 +8730,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1565" +NAME="AEN1591" >10.4.2. Directory Permissions</A ></H3 ><P @@ -8578,7 +8762,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1572" +NAME="AEN1598" >10.5. Modifying file or directory permissions</A ></H2 ><P @@ -8674,7 +8858,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1594" +NAME="AEN1620" >10.6. Interaction with the standard Samba create mask parameters</A ></H2 @@ -8833,14 +9017,9 @@ CLASS="PARAMETER" >If you want to set up a share that allows users full control in modifying the permission bits on their files and directories and doesn't force any particular bits to be set 'on', then set the following - parameters in the <A -HREF="smb.conf.5.html" -TARGET="_top" -><TT + parameters in the <TT CLASS="FILENAME" ->smb.conf(5) - </TT -></A +>smb.conf</TT > file in that share specific section :</P ><P ><VAR @@ -8868,7 +9047,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1648" +NAME="AEN1673" >10.7. Interaction with the standard Samba file attribute mapping</A ></H2 @@ -8922,9 +9101,9 @@ NAME="GROUPMAPPING" > Starting with Samba 3.0 alpha 2, a new group mapping function is available. The current method (likely to change) to manage the groups is a new command called -<B -CLASS="COMMAND" ->smbgroupedit</B +<SPAN +CLASS="APPLICATION" +>smbgroupedit</SPAN >.</P ><P >The first immediate reason to use the group mapping on a PDC, is that @@ -9000,9 +9179,9 @@ member machine (an NT/W2K or a samba server running winbind), you would like to give access to a certain directory to some users who are member of a group on your samba PDC. Flag that group as a domain group by running:</P ><P -><B -CLASS="COMMAND" ->smbgroupedit -a unixgroup -td</B +><KBD +CLASS="USERINPUT" +>smbgroupedit -a unixgroup -td</KBD ></P ><P >You can list the various groups in the mapping database like this</P @@ -9024,7 +9203,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1711" +NAME="AEN1736" >12.1. Introduction</A ></H2 ><P @@ -9107,7 +9286,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1733" +NAME="AEN1758" >12.2. Configuration</A ></H2 ><DIV @@ -9169,7 +9348,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1741" +NAME="AEN1766" >12.2.1. Creating [print$]</A ></H3 ><P @@ -9386,7 +9565,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1776" +NAME="AEN1801" >12.2.2. Setting Drivers for Existing Printers</A ></H3 ><P @@ -9458,7 +9637,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1792" +NAME="AEN1817" >12.2.3. Support a large number of printers</A ></H3 ><P @@ -9534,7 +9713,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1807" +NAME="AEN1832" >12.2.4. Adding New Printers via the Windows NT APW</A ></H3 ><P @@ -9689,7 +9868,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1837" +NAME="AEN1862" >12.2.5. Samba and Printer Ports</A ></H3 ><P @@ -9724,7 +9903,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1845" +NAME="AEN1870" >12.3. The Imprints Toolset</A ></H2 ><P @@ -9742,7 +9921,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1849" +NAME="AEN1874" >12.3.1. What is Imprints?</A ></H3 ><P @@ -9774,7 +9953,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1859" +NAME="AEN1884" >12.3.2. Creating Printer Driver Packages</A ></H3 ><P @@ -9790,7 +9969,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1862" +NAME="AEN1887" >12.3.3. The Imprints server</A ></H3 ><P @@ -9814,7 +9993,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1866" +NAME="AEN1891" >12.3.4. The Installation Client</A ></H3 ><P @@ -9908,7 +10087,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1888" +NAME="AEN1913" >12.4. Diagnosis</A ></H2 ><DIV @@ -9916,7 +10095,7 @@ CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN1890" +NAME="AEN1915" >12.4.1. Introduction</A ></H3 ><P @@ -9991,7 +10170,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1906" +NAME="AEN1931" >12.4.2. Debugging printer problems</A ></H3 ><P @@ -10048,7 +10227,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1915" +NAME="AEN1940" >12.4.3. What printers do I have?</A ></H3 ><P @@ -10077,7 +10256,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1923" +NAME="AEN1948" >12.4.4. Setting up printcap and print servers</A ></H3 ><P @@ -10161,7 +10340,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1951" +NAME="AEN1976" >12.4.5. Job sent, no output</A ></H3 ><P @@ -10206,7 +10385,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1962" +NAME="AEN1987" >12.4.6. Job sent, strange output</A ></H3 ><P @@ -10252,7 +10431,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1974" +NAME="AEN1999" >12.4.7. Raw PostScript printed</A ></H3 ><P @@ -10267,7 +10446,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1977" +NAME="AEN2002" >12.4.8. Advanced Printing</A ></H3 ><P @@ -10283,7 +10462,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1980" +NAME="AEN2005" >12.4.9. Real debugging</A ></H3 ><P @@ -10304,7 +10483,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN2000" +NAME="AEN2025" >13.1. Introduction</A ></H2 ><P @@ -10340,7 +10519,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2007" +NAME="AEN2032" >13.2. Configuring <TT CLASS="FILENAME" >smb.conf</TT @@ -10411,14 +10590,17 @@ Samba. If this is the case, and <B CLASS="COMMAND" >printing = cups</B > is set, then any -otherwise manually set print command in smb.conf is ignored.</P +otherwise manually set print command in <TT +CLASS="FILENAME" +>smb.conf</TT +> is ignored.</P ></DIV ><DIV CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2026" +NAME="AEN2052" >13.3. CUPS - RAW Print Through Mode</A ></H2 ><DIV @@ -10490,7 +10672,10 @@ CLASS="EMPHASIS" operation.</P ><P >Firstly, to enable CUPS based printing from Samba the following options must be -enabled in your smb.conf file [globals] section: +enabled in your <TT +CLASS="FILENAME" +>smb.conf</TT +> file [globals] section: <P ></P @@ -10506,7 +10691,10 @@ enabled in your smb.conf file [globals] section: ></UL > -When these parameters are specified the print directives in smb.conf (as well as in +When these parameters are specified the print directives in <TT +CLASS="FILENAME" +>smb.conf</TT +> (as well as in samba itself) will be ignored because samba will directly interface with CUPS through it's application program interface (API) - so long as Samba has been compiled with CUPS library (libcups) support. If samba has NOT been compiled with CUPS support then @@ -10731,7 +10919,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2083" +NAME="AEN2111" >13.4. CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe PostScript driver with CUPS-PPDs downloaded to clients</A ></H2 @@ -10827,7 +11015,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2104" +NAME="AEN2132" >13.5. Windows Terminal Servers (WTS) as CUPS clients</A ></H2 ><P @@ -10858,7 +11046,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2108" +NAME="AEN2136" >13.6. Setting up CUPS for driver download</A ></H2 ><P @@ -10867,7 +11055,10 @@ CLASS="COMMAND" >cupsadsmb</B > utility (shipped with all current CUPS versions) makes the sharing of any (or all) installed CUPS printers very -easy. Prior to using it, you need the following settings in smb.conf:</P +easy. Prior to using it, you need the following settings in <TT +CLASS="FILENAME" +>smb.conf</TT +>:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -10930,7 +11121,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2120" +NAME="AEN2149" >13.7. Sources of CUPS drivers / PPDs</A ></H2 ><P @@ -11050,7 +11241,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2147" +NAME="AEN2176" >13.7.1. <B CLASS="COMMAND" >cupsaddsmb</B @@ -11229,7 +11420,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2176" +NAME="AEN2205" >13.8. The CUPS Filter Chains</A ></H2 ><P @@ -11677,7 +11868,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2215" +NAME="AEN2244" >13.9. CUPS Print Drivers and Devices</A ></H2 ><P @@ -11707,7 +11898,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2222" +NAME="AEN2251" >13.9.1. Further printing steps</A ></H3 ><P @@ -12032,7 +12223,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2292" +NAME="AEN2321" >13.10. Limiting the number of pages users can print</A ></H2 ><P @@ -12595,7 +12786,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2388" +NAME="AEN2417" >13.11. Advanced Postscript Printing from MS Windows</A ></H2 ><P @@ -12686,13 +12877,19 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2403" +NAME="AEN2432" >13.12. Auto-Deletion of CUPS spool files</A ></H2 ><P >Samba print files pass thru two "spool" directories. One the incoming directory -managed by Samba, (set eg: in the "path = /var/spool/samba" directive in the [printers] -section of "smb.conf"). Second is the spool directory of your UNIX print subsystem. +managed by Samba, (set eg: in the <B +CLASS="COMMAND" +>path = /var/spool/samba</B +> directive in the [printers] +section of <TT +CLASS="FILENAME" +>smb.conf</TT +>). Second is the spool directory of your UNIX print subsystem. For CUPS it is normally "/var/spool/cups/", as set by the cupsd.conf directive "RequestRoot /var/spool/cups".</P ><P @@ -12755,17 +12952,35 @@ BORDER="0" ><TBODY ><TR ><TD -> a Samba-smbd which is compiled against "libcups" (Check on Linux by running "ldd `which smbd`") +> a Samba-<SPAN +CLASS="APPLICATION" +>smbd</SPAN +> which is compiled against "libcups" (Check on Linux by running <KBD +CLASS="USERINPUT" +>ldd `which smbd`</KBD +>) </TD ></TR ><TR ><TD -> a Samba-smb.conf setting of "printing = cups" +> a Samba-<TT +CLASS="FILENAME" +>smb.conf</TT +> setting of <B +CLASS="COMMAND" +>printing = cups</B +> </TD ></TR ><TR ><TD -> another Samba-smb.conf setting of "printcap = cups" +> another Samba-<TT +CLASS="FILENAME" +>smb.conf</TT +> setting of <B +CLASS="COMMAND" +>printcap = cups</B +> </TD ></TR ></TBODY @@ -12838,7 +13053,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN2469" +NAME="AEN2506" >14.1. Abstract</A ></H2 ><P @@ -12865,7 +13080,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2473" +NAME="AEN2510" >14.2. Introduction</A ></H2 ><P @@ -12919,7 +13134,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2486" +NAME="AEN2523" >14.3. What Winbind Provides</A ></H2 ><P @@ -12961,7 +13176,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2493" +NAME="AEN2530" >14.3.1. Target Uses</A ></H3 ><P @@ -12985,7 +13200,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2497" +NAME="AEN2534" >14.4. How Winbind Works</A ></H2 ><P @@ -13005,7 +13220,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2502" +NAME="AEN2539" >14.4.1. Microsoft Remote Procedure Calls</A ></H3 ><P @@ -13031,7 +13246,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2506" +NAME="AEN2543" >14.4.2. Microsoft Active Directory Services</A ></H3 ><P @@ -13050,7 +13265,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2509" +NAME="AEN2546" >14.4.3. Name Service Switch</A ></H3 ><P @@ -13130,7 +13345,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2525" +NAME="AEN2562" >14.4.4. Pluggable Authentication Modules</A ></H3 ><P @@ -13179,7 +13394,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2533" +NAME="AEN2570" >14.4.5. User and Group ID Allocation</A ></H3 ><P @@ -13205,7 +13420,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2537" +NAME="AEN2574" >14.4.6. Result Caching</A ></H3 ><P @@ -13228,7 +13443,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2540" +NAME="AEN2577" >14.5. Installation and Configuration</A ></H2 ><P @@ -13247,7 +13462,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2545" +NAME="AEN2582" >14.5.1. Introduction</A ></H3 ><P @@ -13306,7 +13521,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2558" +NAME="AEN2595" >14.5.2. Requirements</A ></H3 ><P @@ -13376,7 +13591,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2572" +NAME="AEN2609" >14.5.3. Testing Things Out</A ></H3 ><P @@ -13421,7 +13636,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2583" +NAME="AEN2620" >14.5.3.1. Configure and compile SAMBA</A ></H4 ><P @@ -13487,7 +13702,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2602" +NAME="AEN2639" >14.5.3.2. Configure <TT CLASS="FILENAME" >nsswitch.conf</TT @@ -13592,7 +13807,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2635" +NAME="AEN2672" >14.5.3.3. Configure smb.conf</A ></H4 ><P @@ -13667,7 +13882,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2651" +NAME="AEN2688" >14.5.3.4. Join the SAMBA server to the PDC domain</A ></H4 ><P @@ -13705,7 +13920,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2662" +NAME="AEN2699" >14.5.3.5. Start up the winbindd daemon and test it!</A ></H4 ><P @@ -13841,7 +14056,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2702" +NAME="AEN2739" >14.5.3.6. Fix the init.d startup scripts</A ></H4 ><DIV @@ -13849,7 +14064,7 @@ CLASS="SECT4" ><H5 CLASS="SECT4" ><A -NAME="AEN2704" +NAME="AEN2741" >14.5.3.6.1. Linux</A ></H5 ><P @@ -13959,7 +14174,7 @@ CLASS="SECT4" ><HR><H5 CLASS="SECT4" ><A -NAME="AEN2724" +NAME="AEN2761" >14.5.3.6.2. Solaris</A ></H5 ><P @@ -14043,7 +14258,7 @@ CLASS="SECT4" ><HR><H5 CLASS="SECT4" ><A -NAME="AEN2734" +NAME="AEN2771" >14.5.3.6.3. Restarting</A ></H5 ><P @@ -14067,7 +14282,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2740" +NAME="AEN2777" >14.5.3.7. Configure Winbind and PAM</A ></H4 ><P @@ -14125,7 +14340,7 @@ CLASS="SECT4" ><HR><H5 CLASS="SECT4" ><A -NAME="AEN2757" +NAME="AEN2794" >14.5.3.7.1. Linux/FreeBSD-specific PAM configuration</A ></H5 ><P @@ -14254,7 +14469,7 @@ CLASS="SECT4" ><HR><H5 CLASS="SECT4" ><A -NAME="AEN2790" +NAME="AEN2827" >14.5.3.7.2. Solaris-specific configuration</A ></H5 ><P @@ -14341,7 +14556,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2797" +NAME="AEN2834" >14.6. Limitations</A ></H2 ><P @@ -14383,7 +14598,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2807" +NAME="AEN2844" >14.7. Conclusion</A ></H2 ><P @@ -14411,7 +14626,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2822" +NAME="AEN2859" >15.1. Configuring Samba Share Access Controls</A ></H2 ><P @@ -14454,7 +14669,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2832" +NAME="AEN2869" >15.1.1. Share Permissions Management</A ></H3 ><P @@ -14464,7 +14679,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2835" +NAME="AEN2872" >15.1.1.1. Windows NT4 Workstation/Server</A ></H4 ><P @@ -14497,7 +14712,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2844" +NAME="AEN2881" >15.1.1.2. Windows 200x/XP</A ></H4 ><P @@ -14585,7 +14800,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2860" +NAME="AEN2897" >15.2. Remote Server Administration</A ></H2 ><P @@ -14638,7 +14853,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2877" +NAME="AEN2914" >15.3. Network Logon Script Magic</A ></H2 ><P @@ -14662,7 +14877,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN2892" +NAME="AEN2929" >16.1. Creating and Managing System Policies</A ></H2 ><P @@ -14726,7 +14941,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2906" +NAME="AEN2943" >16.1.1. Windows 9x/Me Policies</A ></H3 ><P @@ -14776,7 +14991,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2918" +NAME="AEN2955" >16.1.2. Windows NT4 Style Policy Files</A ></H3 ><P @@ -14841,7 +15056,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2933" +NAME="AEN2970" >16.1.2.1. Registry Tattoos</A ></H4 ><P @@ -14859,7 +15074,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2936" +NAME="AEN2973" >16.1.3. MS Windows 200x / XP Professional Policies</A ></H3 ><P @@ -14919,7 +15134,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2947" +NAME="AEN2984" >16.1.3.1. Administration of Win2K / XP Policies</A ></H4 ><DIV @@ -15004,7 +15219,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2965" +NAME="AEN3002" >16.2. Managing Account/User Policies</A ></H2 ><P @@ -15074,7 +15289,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2980" +NAME="AEN3017" >16.2.1. With Windows NT4/200x</A ></H3 ><P @@ -15088,7 +15303,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2983" +NAME="AEN3020" >16.2.2. With a Samba PDC</A ></H3 ><P @@ -15113,7 +15328,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN2998" +NAME="AEN3035" >17.1. Roaming Profiles</A ></H2 ><DIV @@ -15137,14 +15352,7 @@ ALT="Warning"></TD ALIGN="LEFT" VALIGN="TOP" ><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->NOTE!</I -></SPAN -> Roaming profiles support is different for Win9x / Me -and Windows NT4/200x.</P +>Roaming profiles support is different for Win9x / Me and Windows NT4/200x.</P ></TD ></TR ></TABLE @@ -15165,7 +15373,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3006" +NAME="AEN3042" >17.1.1. Samba Configuration for Profile Handling</A ></H3 ><P @@ -15175,7 +15383,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3009" +NAME="AEN3045" >17.1.1.1. NT4/200x User Profiles</A ></H4 ><P @@ -15184,16 +15392,16 @@ following (for example):</P ><P ><PRE CLASS="PROGRAMLISTING" -> logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath +> logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE +> This is typically implemented like: - logon path = \\%L\Profiles\%u - - where: - %L translates to the name of the Samba server - %u translates to the user name</PRE -></P +<PRE +CLASS="PROGRAMLISTING" +> logon path = \\%L\Profiles\%u</PRE +> +where %L translates to the name of the Samba server and %u translates to the user name</P ><P >The default for this option is \\%N\%U\profile, namely \\sambaserver\username\profile. The \\N%\%U service is created automatically by the [homes] service. If you are using @@ -15222,12 +15430,9 @@ ALIGN="LEFT" VALIGN="TOP" ><P >MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->homes</I -></SPAN +between logons. It is recommended to NOT use the <B +CLASS="COMMAND" +>homes</B > meta-service name as part of the profile share path.</P ></TD @@ -15240,17 +15445,29 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3018" +NAME="AEN3055" >17.1.1.2. Windows 9x / Me User Profiles</A ></H4 ><P >To support Windows 9x / Me clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter.</P +now been fixed so that <KBD +CLASS="USERINPUT" +>net use /home</KBD +> now works as well, and it, too, relies +on the <B +CLASS="COMMAND" +>logon home</B +>< parameter.</P ><P >By using the logon home parameter, you are restricted to putting Win9x / Me profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your smb.conf file:</P +can use. If you set the following in the <B +CLASS="COMMAND" +>[global]</B +> section of your <TT +CLASS="FILENAME" +>smb.conf</TT +> file:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -15258,24 +15475,39 @@ CLASS="PROGRAMLISTING" ></P ><P >then your Windows 9x / Me clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden).</P +of your home directory called <TT +CLASS="FILENAME" +>.profiles</TT +> (thus making them hidden).</P ><P ->Not only that, but 'net use/home' will also work, because of a feature in +>Not only that, but <KBD +CLASS="USERINPUT" +>net use/home</KBD +> will also work, because of a feature in Windows 9x / Me. It removes any directory stuff off the end of the home directory area and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home".</P +specified \\%L\%U for <B +CLASS="COMMAND" +>logon home</B +>.</P ></DIV ><DIV CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3026" +NAME="AEN3070" >17.1.1.3. Mixed Windows 9x / Me and Windows NT4/200x User Profiles</A ></H4 ><P >You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example:</P +<B +CLASS="COMMAND" +>logon home</B +> and <B +CLASS="COMMAND" +>logon path</B +> parameters. For example:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -15289,7 +15521,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3031" +NAME="AEN3077" >17.1.2. Windows Client Profile Configuration Information</A ></H3 ><DIV @@ -15297,7 +15529,7 @@ CLASS="SECT3" ><H4 CLASS="SECT3" ><A -NAME="AEN3033" +NAME="AEN3079" >17.1.2.1. Windows 9x / Me Profile Setup</A ></H4 ><P @@ -15460,7 +15692,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3069" +NAME="AEN3115" >17.1.2.2. Windows NT4 Workstation</A ></H4 ><P @@ -15501,7 +15733,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3078" +NAME="AEN3124" >17.1.2.3. Windows 2000/XP Professional</A ></H4 ><P @@ -15751,7 +15983,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3151" +NAME="AEN3197" >17.1.3. Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A ></H3 ><P @@ -15789,7 +16021,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3158" +NAME="AEN3204" >17.1.4. Profile Migration from Windows NT4/200x Server to Samba</A ></H3 ><P @@ -15802,7 +16034,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3161" +NAME="AEN3207" >17.1.4.1. Windows NT4 Profile Management Tools</A ></H4 ><P @@ -15885,7 +16117,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3184" +NAME="AEN3230" >17.1.4.2. Side bar Notes</A ></H4 ><P @@ -15901,7 +16133,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3188" +NAME="AEN3234" >17.1.4.3. moveuser.exe</A ></H4 ><P @@ -15914,7 +16146,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3191" +NAME="AEN3237" >17.1.4.4. Get SID</A ></H4 ><P @@ -15938,7 +16170,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3196" +NAME="AEN3242" >17.2. Mandatory profiles</A ></H2 ><P @@ -15987,7 +16219,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3203" +NAME="AEN3249" >17.3. Creating/Managing Group Profiles</A ></H2 ><P @@ -16036,7 +16268,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3209" +NAME="AEN3255" >17.4. Default Profile for Windows Users</A ></H2 ><P @@ -16053,7 +16285,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3213" +NAME="AEN3259" >17.4.1. MS Windows 9x/Me</A ></H3 ><P @@ -16075,7 +16307,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3219" +NAME="AEN3265" >17.4.1.1. How User Profiles Are Handled in Windows 9x / Me?</A ></H4 ><P @@ -16104,7 +16336,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3225" +NAME="AEN3271" >17.4.2. MS Windows NT4 Workstation</A ></H3 ><P @@ -16338,7 +16570,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3279" +NAME="AEN3325" >17.4.3. MS Windows 200x/XP</A ></H3 ><DIV @@ -16574,16 +16806,261 @@ In which case, the local cache copy will be deleted on logout.</P CLASS="CHAPTER" ><HR><H1 ><A +NAME="INTERDOMAINTRUSTS" +></A +>Chapter 18. Interdomain Trust Relationships</H1 +><P +>Samba-3 supports NT4 style domain trust relationships. This is feature that many sites +will want to use if they migrate to Samba-3 from and NT4 style domain and do NOT want to +adopt Active Directory or an LDAP based authentication back end. This section explains +some background information regarding trust relationships and how to create them. It is now +possible for Samba3 to NT4 trust (and vica versa), as well as Samba3 to Samba3 trusts.</P +><DIV +CLASS="SECT1" +><HR><H2 +CLASS="SECT1" +><A +NAME="AEN3386" +>18.1. Trust Relationship Background</A +></H2 +><P +>MS Windows NT3.x/4.0 type security domains employ a non-hierchical security structure. +The limitations of this architecture as it affects the scalability of MS Windows networking +in large organisations is well known. Additionally, the flat-name space that results from +this design significantly impacts the delegation of administrative responsibilities in +large and diverse organisations.</P +><P +>Microsoft developed Active Directory Service (ADS), based on Kerberos and LDAP, as a means +of circumventing the limitations of the older technologies. Not every organisation is ready +or willing to embrace ADS. For small companies the older NT4 style domain security paradigm +is quite adequate, there thus remains an entrenched user base for whom there is no direct +desire to go through a disruptive change to adopt ADS.</P +><P +>Microsoft introduced with MS Windows NT the ability to allow differing security domains +to affect a mechanism so that users from one domain may be given access rights and privilidges +in another domain. The language that describes this capability is couched in terms of +<SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Trusts</I +></SPAN +>. Specifically, one domain will <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>trust</I +></SPAN +> the users +from another domain. The domain from which users are available to another security domain is +said to be a trusted domain. The domain in which those users have assigned rights and privilidges +is the trusting domain. With NT3.x/4.0 all trust relationships are always in one direction only, +thus if users in both domains are to have privilidges and rights in each others' domain, then it is +necessary to establish two (2) relationships, one in each direction.</P +><P +>In an NT4 style MS security domain, all trusts are non-transitive. This means that if there +are three (3) domains (let's call them RED, WHITE, and BLUE) where RED and WHITE have a trust +relationship, and WHITE and BLUE have a trust relationship, then it holds that there is no +implied trust between the RED and BLUE domains. ie: Relationships are explicit and not +transitive.</P +><P +>New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way +by default. Also, all inter-ADS domain trusts are transitive. In the case of the RED, WHITE and BLUE +domains above, with Windows 2000 and ADS the RED and BLUE domains CAN trust each other. This is +an inherent feature of ADS domains.</P +></DIV +><DIV +CLASS="SECT1" +><HR><H2 +CLASS="SECT1" +><A +NAME="AEN3395" +>18.2. MS Windows NT4 Trust Configuration</A +></H2 +><P +>There are two steps to creating an inter-domain trust relationship. </P +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN3398" +>18.2.1. NT4 as the Trusting Domain</A +></H3 +><P +>For MS Windows NT4, all domain trust relationships are configured using the Domain User Manager. +To affect a two way trust relationship it is necessary for each domain administrator to make +available (for use by an external domain) it's security resources. This is done from the Domain +User Manager Policies entry on the menu bar. From the Policy menu, select Trust Relationships, then +next to the lower box that is labelled "Permitted to Trust this Domain" are two buttons, "Add" and +"Remove". The "Add" button will open a panel in which needs to be entered the remote domain that +will be able to assign user rights to your domain. In addition it is necessary to enter a password +that is specific to this trust relationship. The password is added twice.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN3401" +>18.2.2. NT4 as the Trusted Domain</A +></H3 +><P +>A trust relationship will work only when the other (trusting) domain makes the appropriate connections +with the trusted domain. To consumate the trust relationship the administrator will launch the +Domain User Manager, from the menu select Policies, then select Trust Relationships, then click on the +"Add" button that is next to the box that is labelled "Trusted Domains". A panel will open in +which must be entered the name of the remote domain as well as the password assigned to that trust.</P +><P +></P +></DIV +></DIV +><DIV +CLASS="SECT1" +><HR><H2 +CLASS="SECT1" +><A +NAME="AEN3405" +>18.3. Configuring Samba Domain Trusts</A +></H2 +><P +>This descitpion is meant to be a fairly short introduction about how to set up a Samba server so +that it could participate in interdomain trust relationships. Trust relationship support in Samba +is in its early stage, so lot of things don't work yet. Paricularly, the contents of this document +applies to NT4-style trusts.</P +><P +>Each of the procedures described below is treated as they were performed with Windows NT4 Server on +one end. The other end could just as well be another Samba3 domain. It can be clearly seen, after +reading this document, that combining Samba-specific parts of what's written below leads to trust +between domains in purely Samba environment.</P +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN3409" +>18.3.1. Samba3 as the Trusting Domain</A +></H3 +><P +>In order to set Samba PDC to be trusted party of the relationship first you need +to create special account for domain that will be the trusting party. To do that, +you can use 'smbpasswd' utility. Creating the trusted domain account is very +similiar to creating the connection to the trusting machine's account. Suppose, +your domain is called SAMBA, and the remote domain is called RUMBA. Your first +step will be to issue this command from your favourite shell:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> deity# smbpasswd -a -i rumba + New SMB password: XXXXXXXX + Retype SMB password: XXXXXXXX + Added user rumba$ + + where: + -a means to add a new account into the passdb database + -i means create this account with the Inter-Domain trust flag + + The account name will be 'rumba$' (the name ofthe remote domain)</PRE +></P +><P +>fter issuing this command you'll be asked for typing account's +password. You can use any password you want, but be aware that Windows NT will +not change this password until 7 days have passed since account creating. +After command returns successfully, you can look at your new account's entry +(in the way depending on your configuration) and see that account's name is +really RUMBA$ and it has 'I' flag in the flags field. Now you're ready to confirm +the trust by establishing it from Windows NT Server.</P +><P +>Open 'User Manager for Domains' and from menu 'Policies' select 'Trust Relationships...'. +Right beside 'Trusted domains' list press 'Add...' button. You'll be prompted for +trusted domain name and the relationship's password. Type in SAMBA, as this is +your domain name and the password you've just used during account creation. +Press OK and if everything went fine, you will see 'Trusted domain relationship +successfully established' message. Well done.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN3416" +>18.3.2. Samba3 as the Trusted Domain</A +></H3 +><P +>This time activities are somewhat reversed. Again, we'll assume that your domain +controlled by Samba PDC is called SAMBA and NT-controlled domain is called RUMBA.</P +><P +>The very first thing is to add account for SAMBA domain on RUMBA's PDC.</P +><P +>Launch the Domain User Manager, then from the menu select 'Policies', 'Trust Relationships'. +Now, next to 'Trusted Domains' box press the 'Add' button, and type in the name of the trusted +domein (SAMBA) and password securing the relationship.</P +><P +>Password can be arbitrarily chosen the more, because it's easy to change it +from Samba server whenever you want. After confirming password your account is +ready and waiting. Now it's Samba's turn.</P +><P +>Using your favourite shell while being logged on as root, issue this command:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> deity# net rpc trustdom establish rumba</PRE +></P +><P +>You'll be prompted for password you've just typed on your Windows NT4 Server box. +Don't worry if you will see the error message with returned code of +<TT +CLASS="FILENAME" +>NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT</TT +>. It means the +password you gave is correct and the NT4 Server says the account is ready for trusting your domain +and not for ordinary connection. After that, be patient it can take a while (especially +in large networks), you should see 'Success' message. Contgratulations! Your trust +relationship has just been established.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Note that you have to run this command as root, since you need write access to +your secrets.tdb file.</P +></TD +></TR +></TABLE +></DIV +></DIV +></DIV +></DIV +><DIV +CLASS="CHAPTER" +><HR><H1 +><A NAME="PAM" ></A ->Chapter 18. PAM Configuration for Centrally Managed Authentication</H1 +>Chapter 19. PAM Configuration for Centrally Managed Authentication</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3332" ->18.1. Samba and PAM</A +NAME="AEN3440" +>19.1. Samba and PAM</A ></H2 ><P >A number of Unix systems (eg: Sun Solaris), as well as the @@ -16865,8 +17342,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3383" ->18.2. Distributed Authentication</A +NAME="AEN3491" +>19.2. Distributed Authentication</A ></H2 ><P >The astute administrator will realize from this that the @@ -16891,8 +17368,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3388" ->18.3. PAM Configuration in smb.conf</A +NAME="AEN3496" +>19.3. PAM Configuration in smb.conf</A ></H2 ><P >There is an option in smb.conf called <A @@ -16933,14 +17410,14 @@ CLASS="CHAPTER" ><A NAME="VFS" ></A ->Chapter 19. Stackable VFS modules</H1 +>Chapter 20. Stackable VFS modules</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3423" ->19.1. Introduction and configuration</A +NAME="AEN3531" +>20.1. Introduction and configuration</A ></H2 ><P >Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -16980,16 +17457,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3432" ->19.2. Included modules</A +NAME="AEN3540" +>20.2. Included modules</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN3434" ->19.2.1. audit</A +NAME="AEN3542" +>20.2.1. audit</A ></H3 ><P >A simple module to audit file access to the syslog @@ -17026,8 +17503,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3442" ->19.2.2. extd_audit</A +NAME="AEN3550" +>20.2.2. extd_audit</A ></H3 ><P >This module is identical with the <SPAN @@ -17048,8 +17525,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3446" ->19.2.3. recycle</A +NAME="AEN3554" +>20.2.3. recycle</A ></H3 ><P >A recycle-bin like modules. When used any unlink call @@ -17119,8 +17596,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3483" ->19.2.4. netatalk</A +NAME="AEN3591" +>20.2.4. netatalk</A ></H3 ><P >A netatalk module, that will ease co-existence of samba and @@ -17152,8 +17629,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3490" ->19.3. VFS modules available elsewhere</A +NAME="AEN3598" +>20.3. VFS modules available elsewhere</A ></H2 ><P >This section contains a listing of various other VFS modules that @@ -17168,8 +17645,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3494" ->19.3.1. DatabaseFS</A +NAME="AEN3602" +>20.3.1. DatabaseFS</A ></H3 ><P >URL: <A @@ -17202,8 +17679,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3502" ->19.3.2. vscan</A +NAME="AEN3610" +>20.3.2. vscan</A ></H3 ><P >URL: <A @@ -17226,14 +17703,14 @@ CLASS="CHAPTER" ><A NAME="MSDFS" ></A ->Chapter 20. Hosting a Microsoft Distributed File System tree on Samba</H1 +>Chapter 21. Hosting a Microsoft Distributed File System tree on Samba</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3518" ->20.1. Instructions</A +NAME="AEN3626" +>21.1. Instructions</A ></H2 ><P >The Distributed File System (or Dfs) provides a means of @@ -17364,8 +17841,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3553" ->20.1.1. Notes</A +NAME="AEN3661" +>21.1.1. Notes</A ></H3 ><P ></P @@ -17399,7 +17876,7 @@ CLASS="CHAPTER" ><A NAME="INTEGRATE-MS-NETWORKS" ></A ->Chapter 21. Integrating MS Windows networks with Samba</H1 +>Chapter 22. Integrating MS Windows networks with Samba</H1 ><P >This section deals with NetBIOS over TCP/IP name to IP address resolution. If you your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this @@ -17480,8 +17957,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3580" ->21.1. Name Resolution in a pure Unix/Linux world</A +NAME="AEN3688" +>22.1. Name Resolution in a pure Unix/Linux world</A ></H2 ><P >The key configuration files covered in this section are:</P @@ -17522,8 +17999,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3596" ->21.1.1. <TT +NAME="AEN3704" +>22.1.1. <TT CLASS="FILENAME" >/etc/hosts</TT ></A @@ -17603,8 +18080,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3612" ->21.1.2. <TT +NAME="AEN3720" +>22.1.2. <TT CLASS="FILENAME" >/etc/resolv.conf</TT ></A @@ -17641,8 +18118,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3623" ->21.1.3. <TT +NAME="AEN3731" +>22.1.3. <TT CLASS="FILENAME" >/etc/host.conf</TT ></A @@ -17670,8 +18147,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3631" ->21.1.4. <TT +NAME="AEN3739" +>22.1.4. <TT CLASS="FILENAME" >/etc/nsswitch.conf</TT ></A @@ -17739,8 +18216,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3643" ->21.2. Name resolution as used within MS Windows networking</A +NAME="AEN3751" +>22.2. Name resolution as used within MS Windows networking</A ></H2 ><P >MS Windows networking is predicated about the name each machine @@ -17824,8 +18301,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3655" ->21.2.1. The NetBIOS Name Cache</A +NAME="AEN3763" +>22.2.1. The NetBIOS Name Cache</A ></H3 ><P >All MS Windows machines employ an in memory buffer in which is @@ -17851,8 +18328,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3660" ->21.2.2. The LMHOSTS file</A +NAME="AEN3768" +>22.2.2. The LMHOSTS file</A ></H3 ><P >This file is usually located in MS Windows NT 4.0 or @@ -17954,8 +18431,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3668" ->21.2.3. HOSTS file</A +NAME="AEN3776" +>22.2.3. HOSTS file</A ></H3 ><P >This file is usually located in MS Windows NT 4.0 or 2000 in @@ -17976,8 +18453,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3673" ->21.2.4. DNS Lookup</A +NAME="AEN3781" +>22.2.4. DNS Lookup</A ></H3 ><P >This capability is configured in the TCP/IP setup area in the network @@ -17996,8 +18473,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3676" ->21.2.5. WINS Lookup</A +NAME="AEN3784" +>22.2.5. WINS Lookup</A ></H3 ><P >A WINS (Windows Internet Name Server) service is the equivaent of the @@ -18017,7 +18494,10 @@ CLASS="PROGRAMLISTING" ></P ><P >To configure Samba to use a WINS server the following parameters are -needed in the smb.conf file:</P +needed in the <TT +CLASS="FILENAME" +>smb.conf</TT +> file:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -18039,14 +18519,14 @@ CLASS="CHAPTER" ><A NAME="IMPROVED-BROWSING" ></A ->Chapter 22. Improved browsing in samba</H1 +>Chapter 23. Improved browsing in samba</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3695" ->22.1. Overview of browsing</A +NAME="AEN3804" +>23.1. Overview of browsing</A ></H2 ><P >SMB networking provides a mechanism by which clients can access a list @@ -18077,12 +18557,18 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3701" ->22.2. Browsing support in samba</A +NAME="AEN3810" +>23.2. Browsing support in samba</A ></H2 ><P ->Samba facilitates browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)). +>Samba facilitates browsing. The browsing is supported by <SPAN +CLASS="APPLICATION" +>nmbd</SPAN +> +and is also controlled by options in the <TT +CLASS="FILENAME" +>smb.conf</TT +> file. Samba can act as a local browse master for a workgroup and the ability for samba to support domain logons and scripts is now available.</P ><P @@ -18157,8 +18643,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3714" ->22.3. Problem resolution</A +NAME="AEN3825" +>23.3. Problem resolution</A ></H2 ><P >If something doesn't work then hopefully the log.nmb file will help @@ -18199,15 +18685,18 @@ server resources.</I ><P >The other big problem people have is that their broadcast address, netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf)</P +in <TT +CLASS="FILENAME" +>smb.conf</TT +>)</P ></DIV ><DIV CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3725" ->22.4. Browsing across subnets</A +NAME="AEN3837" +>23.4. Browsing across subnets</A ></H2 ><P >Since the release of Samba 1.9.17(alpha1) Samba has been @@ -18231,14 +18720,17 @@ another subnet without using a WINS server.</P be they Windows 95, Windows NT, or Samba servers must have the IP address of a WINS server given to them by a DHCP server, or by manual configuration (for Win95 and WinNT, this is in the TCP/IP Properties, under Network -settings) for Samba this is in the smb.conf file.</P +settings) for Samba this is in the <TT +CLASS="FILENAME" +>smb.conf</TT +> file.</P ><DIV CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3730" ->22.4.1. How does cross subnet browsing work ?</A +NAME="AEN3843" +>23.4.1. How does cross subnet browsing work ?</A ></H3 ><P >Cross subnet browsing is a complicated dance, containing multiple @@ -18448,13 +18940,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3765" ->22.5. Setting up a WINS server</A +NAME="AEN3878" +>23.5. Setting up a WINS server</A ></H2 ><P >Either a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : +add the following option to the <TT +CLASS="FILENAME" +>smb.conf</TT +> file on the selected machine : in the [globals] section add the line </P ><P ><B @@ -18501,7 +18996,10 @@ the Samba machine IP address in the "Primary WINS Server" field of the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs in Windows 95 or Windows NT. To tell a Samba server the IP address of the WINS server add the following line to the [global] section of -all smb.conf files :</P +all <TT +CLASS="FILENAME" +>smb.conf</TT +> files :</P ><P ><B CLASS="COMMAND" @@ -18511,7 +19009,10 @@ CLASS="COMMAND" >where >name or IP address< is either the DNS name of the WINS server machine or its IP address.</P ><P ->Note that this line MUST NOT BE SET in the smb.conf file of the Samba +>Note that this line MUST NOT BE SET in the <TT +CLASS="FILENAME" +>smb.conf</TT +> file of the Samba server acting as the WINS server itself. If you set both the <B CLASS="COMMAND" @@ -18534,8 +19035,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3785" ->22.6. Setting up Browsing in a WORKGROUP</A +NAME="AEN3901" +>23.6. Setting up Browsing in a WORKGROUP</A ></H2 ><P >To set up cross subnet browsing on a network containing machines @@ -18553,7 +19054,10 @@ cross subnet browsing possible for a workgroup.</P >In an WORKGROUP environment the domain master browser must be a Samba server, and there must only be one domain master browser per workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file :</P +set the following option in the [global] section of the <TT +CLASS="FILENAME" +>smb.conf</TT +> file :</P ><P ><B CLASS="COMMAND" @@ -18562,7 +19066,10 @@ CLASS="COMMAND" ><P >The domain master browser should also preferrably be the local master browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file :</P +options in the [global] section of the <TT +CLASS="FILENAME" +>smb.conf</TT +> file :</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -18582,7 +19089,10 @@ able to do this, as will Windows 9x machines (although these tend to get rebooted more often, so it's not such a good idea to use these). To make a Samba server a local master browser set the following options in the [global] section of the -smb.conf file :</P +<TT +CLASS="FILENAME" +>smb.conf</TT +> file :</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -18635,8 +19145,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3808" ->22.7. Setting up Browsing in a DOMAIN</A +NAME="AEN3927" +>23.7. Setting up Browsing in a DOMAIN</A ></H2 ><P >If you are adding Samba servers to a Windows NT Domain then @@ -18710,7 +19220,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="BROWSE-FORCE-MASTER" ->22.8. Forcing samba to be the master</A +>23.8. Forcing samba to be the master</A ></H2 ><P >Who becomes the <B @@ -18784,8 +19294,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3843" ->22.9. Making samba the domain master</A +NAME="AEN3962" +>23.9. Making samba the domain master</A ></H2 ><P >The domain master is responsible for collating the browse lists of @@ -18869,8 +19379,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3865" ->22.10. Note about broadcast addresses</A +NAME="AEN3984" +>23.10. Note about broadcast addresses</A ></H2 ><P >If your network uses a "0" based broadcast address (for example if it @@ -18883,8 +19393,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3868" ->22.11. Multiple interfaces</A +NAME="AEN3987" +>23.11. Multiple interfaces</A ></H2 ><P >Samba now supports machines with multiple network interfaces. If you @@ -18892,10 +19402,10 @@ have multiple interfaces then you will need to use the <B CLASS="COMMAND" >interfaces</B > -option in smb.conf to configure them. See <TT +option in <TT CLASS="FILENAME" ->smb.conf(5)</TT -> for details.</P +>smb.conf</TT +> to configure them. </P ></DIV ></DIV ><DIV @@ -18904,14 +19414,14 @@ CLASS="CHAPTER" ><A NAME="SECURING-SAMBA" ></A ->Chapter 23. Securing Samba</H1 +>Chapter 24. Securing Samba</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3884" ->23.1. Introduction</A +NAME="AEN4003" +>24.1. Introduction</A ></H2 ><P >This note was attached to the Samba 2.2.8 release notes as it contained an @@ -18923,8 +19433,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3887" ->23.2. Using host based protection</A +NAME="AEN4006" +>24.2. Using host based protection</A ></H2 ><P >In many installations of Samba the greatest threat comes for outside @@ -18933,8 +19443,17 @@ any host, which means that if you run an insecure version of Samba on a host that is directly connected to the Internet you can be especially vulnerable.</P ><P ->One of the simplest fixes in this case is to use the 'hosts allow' and -'hosts deny' options in the Samba smb.conf configuration file to only +>One of the simplest fixes in this case is to use the <B +CLASS="COMMAND" +>hosts allow</B +> and +<B +CLASS="COMMAND" +>hosts deny</B +> options in the Samba <TT +CLASS="FILENAME" +>smb.conf</TT +> configuration file to only allow access to your server from a specific range of hosts. An example might be:</P ><P @@ -18955,8 +19474,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3894" ->23.3. Using interface protection</A +NAME="AEN4016" +>24.3. Using interface protection</A ></H2 ><P >By default Samba will accept connections on any network interface that @@ -18991,8 +19510,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3903" ->23.4. Using a firewall</A +NAME="AEN4025" +>24.4. Using a firewall</A ></H2 ><P >Many people use a firewall to deny access to services that they don't @@ -19021,8 +19540,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3910" ->23.5. Using a IPC$ share deny</A +NAME="AEN4032" +>24.5. Using a IPC$ share deny</A ></H2 ><P >If the above methods are not suitable, then you could also place a @@ -19060,11 +19579,15 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3919" ->23.6. Upgrading Samba</A +NAME="AEN4041" +>24.6. Upgrading Samba</A ></H2 ><P ->Please check regularly on http://www.samba.org/ for updates and +>Please check regularly on <A +HREF="http://www.samba.org/" +TARGET="_top" +>http://www.samba.org/</A +> for updates and important announcements. Occasionally security releases are made and it is highly recommended to upgrade Samba when a security vulnerability is discovered.</P @@ -19076,14 +19599,14 @@ CLASS="CHAPTER" ><A NAME="UNICODE" ></A ->Chapter 24. Unicode/Charsets</H1 +>Chapter 25. Unicode/Charsets</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3933" ->24.1. What are charsets and unicode?</A +NAME="AEN4056" +>25.1. What are charsets and unicode?</A ></H2 ><P >Computers communicate in numbers. In texts, each number will be @@ -19132,8 +19655,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3942" ->24.2. Samba and charsets</A +NAME="AEN4065" +>25.2. Samba and charsets</A ></H2 ><P >As of samba 3.0, samba can (and will) talk unicode over the wire. Internally, @@ -19185,8 +19708,6 @@ CLASS="COMMAND" ></DD ></DL ></DIV -><P -></P ></DIV ></DIV ></DIV @@ -19208,52 +19729,52 @@ CLASS="TOC" >Table of Contents</B ></DT ><DT ->25. <A +>26. <A HREF="#SWAT" >SWAT - The Samba Web Admininistration Tool</A ></DT ><DD ><DL ><DT ->25.1. <A -HREF="#AEN3976" +>26.1. <A +HREF="#AEN4098" >SWAT Features and Benefits</A ></DT ><DD ><DL ><DT ->25.1.1. <A -HREF="#AEN3979" +>26.1.1. <A +HREF="#AEN4101" >The SWAT Home Page</A ></DT ><DT ->25.1.2. <A -HREF="#AEN3982" +>26.1.2. <A +HREF="#AEN4104" >Global Settings</A ></DT ><DT ->25.1.3. <A -HREF="#AEN3985" +>26.1.3. <A +HREF="#AEN4107" >The SWAT Wizard</A ></DT ><DT ->25.1.4. <A -HREF="#AEN3988" +>26.1.4. <A +HREF="#AEN4110" >Share Settings</A ></DT ><DT ->25.1.5. <A -HREF="#AEN3991" +>26.1.5. <A +HREF="#AEN4113" >Printing Settings</A ></DT ><DT ->25.1.6. <A -HREF="#AEN3994" +>26.1.6. <A +HREF="#AEN4116" >The Status Page</A ></DT ><DT ->25.1.7. <A -HREF="#AEN3997" +>26.1.7. <A +HREF="#AEN4119" >The Password Change Page</A ></DT ></DL @@ -19261,134 +19782,134 @@ HREF="#AEN3997" ></DL ></DD ><DT ->26. <A +>27. <A HREF="#NT4MIGRATION" >Migration from NT4 PDC to Samba-3 PDC</A ></DT ><DD ><DL ><DT ->26.1. <A -HREF="#AEN4012" +>27.1. <A +HREF="#AEN4134" >Planning and Getting Started</A ></DT ><DD ><DL ><DT ->26.1.1. <A -HREF="#AEN4015" +>27.1.1. <A +HREF="#AEN4137" >Objectives</A ></DT ><DT ->26.1.2. <A -HREF="#AEN4018" +>27.1.2. <A +HREF="#AEN4140" >Steps In Migration Process</A ></DT ></DL ></DD ><DT ->26.2. <A -HREF="#AEN4021" +>27.2. <A +HREF="#AEN4143" >Managing Samba-3 Domain Control</A ></DT ></DL ></DD ><DT ->27. <A +>28. <A HREF="#SPEED" >Samba performance issues</A ></DT ><DD ><DL ><DT ->27.1. <A -HREF="#AEN4041" +>28.1. <A +HREF="#AEN4163" >Comparisons</A ></DT ><DT ->27.2. <A -HREF="#AEN4047" +>28.2. <A +HREF="#AEN4169" >Socket options</A ></DT ><DT ->27.3. <A -HREF="#AEN4054" +>28.3. <A +HREF="#AEN4176" >Read size</A ></DT ><DT ->27.4. <A -HREF="#AEN4059" +>28.4. <A +HREF="#AEN4181" >Max xmit</A ></DT ><DT ->27.5. <A -HREF="#AEN4064" +>28.5. <A +HREF="#AEN4186" >Log level</A ></DT ><DT ->27.6. <A -HREF="#AEN4067" +>28.6. <A +HREF="#AEN4189" >Read raw</A ></DT ><DT ->27.7. <A -HREF="#AEN4072" +>28.7. <A +HREF="#AEN4194" >Write raw</A ></DT ><DT ->27.8. <A -HREF="#AEN4076" +>28.8. <A +HREF="#AEN4198" >Slow Clients</A ></DT ><DT ->27.9. <A -HREF="#AEN4080" +>28.9. <A +HREF="#AEN4202" >Slow Logins</A ></DT ><DT ->27.10. <A -HREF="#AEN4083" +>28.10. <A +HREF="#AEN4205" >Client tuning</A ></DT ></DL ></DD ><DT ->28. <A +>29. <A HREF="#PORTABILITY" >Portability</A ></DT ><DD ><DL ><DT ->28.1. <A -HREF="#AEN4127" +>29.1. <A +HREF="#AEN4249" >HPUX</A ></DT ><DT ->28.2. <A -HREF="#AEN4133" +>29.2. <A +HREF="#AEN4255" >SCO Unix</A ></DT ><DT ->28.3. <A -HREF="#AEN4137" +>29.3. <A +HREF="#AEN4259" >DNIX</A ></DT ><DT ->28.4. <A -HREF="#AEN4166" +>29.4. <A +HREF="#AEN4288" >RedHat Linux Rembrandt-II</A ></DT ><DT ->28.5. <A -HREF="#AEN4172" +>29.5. <A +HREF="#AEN4294" >AIX</A ></DT ><DD ><DL ><DT ->28.5.1. <A -HREF="#AEN4174" +>29.5.1. <A +HREF="#AEN4296" >Sequential Read Ahead</A ></DT ></DL @@ -19396,161 +19917,161 @@ HREF="#AEN4174" ></DL ></DD ><DT ->29. <A +>30. <A HREF="#OTHER-CLIENTS" >Samba and other CIFS clients</A ></DT ><DD ><DL ><DT ->29.1. <A -HREF="#AEN4196" +>30.1. <A +HREF="#AEN4319" >Macintosh clients?</A ></DT ><DT ->29.2. <A -HREF="#AEN4205" +>30.2. <A +HREF="#AEN4328" >OS2 Client</A ></DT ><DD ><DL ><DT ->29.2.1. <A -HREF="#AEN4207" +>30.2.1. <A +HREF="#AEN4330" >How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></DT ><DT ->29.2.2. <A -HREF="#AEN4222" +>30.2.2. <A +HREF="#AEN4345" >How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></DT ><DT ->29.2.3. <A -HREF="#AEN4231" +>30.2.3. <A +HREF="#AEN4354" >Are there any other issues when OS/2 (any version) is used as a client?</A ></DT ><DT ->29.2.4. <A -HREF="#AEN4235" +>30.2.4. <A +HREF="#AEN4358" >How do I get printer driver download working for OS/2 clients?</A ></DT ></DL ></DD ><DT ->29.3. <A -HREF="#AEN4245" +>30.3. <A +HREF="#AEN4368" >Windows for Workgroups</A ></DT ><DD ><DL ><DT ->29.3.1. <A -HREF="#AEN4247" +>30.3.1. <A +HREF="#AEN4370" >Use latest TCP/IP stack from Microsoft</A ></DT ><DT ->29.3.2. <A -HREF="#AEN4252" +>30.3.2. <A +HREF="#AEN4375" >Delete .pwl files after password change</A ></DT ><DT ->29.3.3. <A -HREF="#AEN4257" +>30.3.3. <A +HREF="#AEN4380" >Configure WfW password handling</A ></DT ><DT ->29.3.4. <A -HREF="#AEN4261" +>30.3.4. <A +HREF="#AEN4384" >Case handling of passwords</A ></DT ><DT ->29.3.5. <A -HREF="#AEN4266" +>30.3.5. <A +HREF="#AEN4389" >Use TCP/IP as default protocol</A ></DT ></DL ></DD ><DT ->29.4. <A -HREF="#AEN4269" +>30.4. <A +HREF="#AEN4392" >Windows '95/'98</A ></DT ><DT ->29.5. <A -HREF="#AEN4285" +>30.5. <A +HREF="#AEN4408" >Windows 2000 Service Pack 2</A ></DT ><DT ->29.6. <A -HREF="#AEN4302" +>30.6. <A +HREF="#AEN4425" >Windows NT 3.1</A ></DT ></DL ></DD ><DT ->30. <A +>31. <A HREF="#COMPILING" >How to compile SAMBA</A ></DT ><DD ><DL ><DT ->30.1. <A -HREF="#AEN4323" +>31.1. <A +HREF="#AEN4446" >Access Samba source code via CVS</A ></DT ><DD ><DL ><DT ->30.1.1. <A -HREF="#AEN4325" +>31.1.1. <A +HREF="#AEN4448" >Introduction</A ></DT ><DT ->30.1.2. <A -HREF="#AEN4330" +>31.1.2. <A +HREF="#AEN4453" >CVS Access to samba.org</A ></DT ></DL ></DD ><DT ->30.2. <A -HREF="#AEN4366" +>31.2. <A +HREF="#AEN4489" >Accessing the samba sources via rsync and ftp</A ></DT ><DT ->30.3. <A -HREF="#AEN4372" +>31.3. <A +HREF="#AEN4495" >Building the Binaries</A ></DT ><DD ><DL ><DT ->30.3.1. <A -HREF="#AEN4400" +>31.3.1. <A +HREF="#AEN4523" >Compiling samba with Active Directory support</A ></DT ></DL ></DD ><DT ->30.4. <A -HREF="#AEN4429" +>31.4. <A +HREF="#AEN4552" >Starting the smbd and nmbd</A ></DT ><DD ><DL ><DT ->30.4.1. <A -HREF="#AEN4439" +>31.4.1. <A +HREF="#AEN4562" >Starting from inetd.conf</A ></DT ><DT ->30.4.2. <A -HREF="#AEN4469" +>31.4.2. <A +HREF="#AEN4596" >Alternative: starting it as a daemon</A ></DT ></DL @@ -19558,69 +20079,69 @@ HREF="#AEN4469" ></DL ></DD ><DT ->31. <A +>32. <A HREF="#BUGREPORT" >Reporting Bugs</A ></DT ><DD ><DL ><DT ->31.1. <A -HREF="#AEN4500" +>32.1. <A +HREF="#AEN4627" >Introduction</A ></DT ><DT ->31.2. <A -HREF="#AEN4510" +>32.2. <A +HREF="#AEN4637" >General info</A ></DT ><DT ->31.3. <A -HREF="#AEN4516" +>32.3. <A +HREF="#AEN4643" >Debug levels</A ></DT ><DT ->31.4. <A -HREF="#AEN4536" +>32.4. <A +HREF="#AEN4664" >Internal errors</A ></DT ><DT ->31.5. <A -HREF="#AEN4550" +>32.5. <A +HREF="#AEN4678" >Attaching to a running process</A ></DT ><DT ->31.6. <A -HREF="#AEN4558" +>32.6. <A +HREF="#AEN4686" >Patches</A ></DT ></DL ></DD ><DT ->32. <A +>33. <A HREF="#DIAGNOSIS" >The samba checklist</A ></DT ><DD ><DL ><DT ->32.1. <A -HREF="#AEN4581" +>33.1. <A +HREF="#AEN4709" >Introduction</A ></DT ><DT ->32.2. <A -HREF="#AEN4586" +>33.2. <A +HREF="#AEN4714" >Assumptions</A ></DT ><DT ->32.3. <A -HREF="#AEN4596" +>33.3. <A +HREF="#AEN4733" >The tests</A ></DT ><DT ->32.4. <A -HREF="#AEN4697" +>33.4. <A +HREF="#AEN4900" >Still having troubles?</A ></DT ></DL @@ -19634,7 +20155,7 @@ CLASS="CHAPTER" ><A NAME="SWAT" ></A ->Chapter 25. SWAT - The Samba Web Admininistration Tool</H1 +>Chapter 26. SWAT - The Samba Web Admininistration Tool</H1 ><P >This is a rough guide to SWAT.</P ><DIV @@ -19642,8 +20163,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3976" ->25.1. SWAT Features and Benefits</A +NAME="AEN4098" +>26.1. SWAT Features and Benefits</A ></H2 ><P >You must use at least the following ...</P @@ -19652,8 +20173,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3979" ->25.1.1. The SWAT Home Page</A +NAME="AEN4101" +>26.1.1. The SWAT Home Page</A ></H3 ><P >Blah blah here.</P @@ -19663,8 +20184,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3982" ->25.1.2. Global Settings</A +NAME="AEN4104" +>26.1.2. Global Settings</A ></H3 ><P >Document steps right here!</P @@ -19674,8 +20195,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3985" ->25.1.3. The SWAT Wizard</A +NAME="AEN4107" +>26.1.3. The SWAT Wizard</A ></H3 ><P >Lots of blah blah here.</P @@ -19685,8 +20206,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3988" ->25.1.4. Share Settings</A +NAME="AEN4110" +>26.1.4. Share Settings</A ></H3 ><P >Document steps right here!</P @@ -19696,8 +20217,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3991" ->25.1.5. Printing Settings</A +NAME="AEN4113" +>26.1.5. Printing Settings</A ></H3 ><P >Document steps right here!</P @@ -19707,8 +20228,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3994" ->25.1.6. The Status Page</A +NAME="AEN4116" +>26.1.6. The Status Page</A ></H3 ><P >Document steps right here!</P @@ -19718,8 +20239,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3997" ->25.1.7. The Password Change Page</A +NAME="AEN4119" +>26.1.7. The Password Change Page</A ></H3 ><P >Document steps right here!</P @@ -19732,7 +20253,7 @@ CLASS="CHAPTER" ><A NAME="NT4MIGRATION" ></A ->Chapter 26. Migration from NT4 PDC to Samba-3 PDC</H1 +>Chapter 27. Migration from NT4 PDC to Samba-3 PDC</H1 ><P >This is a rough guide to assist those wishing to migrate from NT4 domain control to Samba-3 based domain control.</P @@ -19741,8 +20262,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4012" ->26.1. Planning and Getting Started</A +NAME="AEN4134" +>27.1. Planning and Getting Started</A ></H2 ><P >You must use at least the following ...</P @@ -19751,8 +20272,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4015" ->26.1.1. Objectives</A +NAME="AEN4137" +>27.1.1. Objectives</A ></H3 ><P >Blah blah objectives here.</P @@ -19762,8 +20283,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4018" ->26.1.2. Steps In Migration Process</A +NAME="AEN4140" +>27.1.2. Steps In Migration Process</A ></H3 ><P >Document steps right here!</P @@ -19774,8 +20295,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4021" ->26.2. Managing Samba-3 Domain Control</A +NAME="AEN4143" +>27.2. Managing Samba-3 Domain Control</A ></H2 ><P >Lots of blah blah here.</P @@ -19787,14 +20308,14 @@ CLASS="CHAPTER" ><A NAME="SPEED" ></A ->Chapter 27. Samba performance issues</H1 +>Chapter 28. Samba performance issues</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN4041" ->27.1. Comparisons</A +NAME="AEN4163" +>28.1. Comparisons</A ></H2 ><P >The Samba server uses TCP to talk to the client. Thus if you are @@ -19824,8 +20345,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4047" ->27.2. Socket options</A +NAME="AEN4169" +>28.2. Socket options</A ></H2 ><P >There are a number of socket options that can greatly affect the @@ -19852,8 +20373,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4054" ->27.3. Read size</A +NAME="AEN4176" +>28.3. Read size</A ></H2 ><P >The option "read size" affects the overlap of disk reads/writes with @@ -19878,8 +20399,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4059" ->27.4. Max xmit</A +NAME="AEN4181" +>28.4. Max xmit</A ></H2 ><P >At startup the client and server negotiate a "maximum transmit" size, @@ -19901,8 +20422,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4064" ->27.5. Log level</A +NAME="AEN4186" +>28.5. Log level</A ></H2 ><P >If you set the log level (also known as "debug level") higher than 2 @@ -19915,8 +20436,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4067" ->27.6. Read raw</A +NAME="AEN4189" +>28.6. Read raw</A ></H2 ><P >The "read raw" operation is designed to be an optimised, low-latency @@ -19937,8 +20458,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4072" ->27.7. Write raw</A +NAME="AEN4194" +>28.7. Write raw</A ></H2 ><P >The "write raw" operation is designed to be an optimised, low-latency @@ -19954,8 +20475,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4076" ->27.8. Slow Clients</A +NAME="AEN4198" +>28.8. Slow Clients</A ></H2 ><P >One person has reported that setting the protocol to COREPLUS rather @@ -19971,8 +20492,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4080" ->27.9. Slow Logins</A +NAME="AEN4202" +>28.9. Slow Logins</A ></H2 ><P >Slow logins are almost always due to the password checking time. Using @@ -19984,8 +20505,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4083" ->27.10. Client tuning</A +NAME="AEN4205" +>28.10. Client tuning</A ></H2 ><P >Often a speed problem can be traced to the client. The client (for @@ -20092,7 +20613,7 @@ CLASS="CHAPTER" ><A NAME="PORTABILITY" ></A ->Chapter 28. Portability</H1 +>Chapter 29. Portability</H1 ><P >Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -20102,8 +20623,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4127" ->28.1. HPUX</A +NAME="AEN4249" +>29.1. HPUX</A ></H2 ><P >HP's implementation of supplementary groups is, er, non-standard (for @@ -20132,8 +20653,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4133" ->28.2. SCO Unix</A +NAME="AEN4255" +>29.2. SCO Unix</A ></H2 ><P > @@ -20149,8 +20670,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4137" ->28.3. DNIX</A +NAME="AEN4259" +>29.3. DNIX</A ></H2 ><P >DNIX has a problem with seteuid() and setegid(). These routines are @@ -20256,8 +20777,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4166" ->28.4. RedHat Linux Rembrandt-II</A +NAME="AEN4288" +>29.4. RedHat Linux Rembrandt-II</A ></H2 ><P >By default RedHat Rembrandt-II during installation adds an @@ -20280,19 +20801,22 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4172" ->28.5. AIX</A +NAME="AEN4294" +>29.5. AIX</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN4174" ->28.5.1. Sequential Read Ahead</A +NAME="AEN4296" +>29.5.1. Sequential Read Ahead</A ></H3 ><P ->Disabling Sequential Read Ahead using "vmtune -r 0" improves +>Disabling Sequential Read Ahead using <KBD +CLASS="USERINPUT" +>vmtune -r 0</KBD +> improves samba performance significally.</P ></DIV ></DIV @@ -20303,7 +20827,7 @@ CLASS="CHAPTER" ><A NAME="OTHER-CLIENTS" ></A ->Chapter 29. Samba and other CIFS clients</H1 +>Chapter 30. Samba and other CIFS clients</H1 ><P >This chapter contains client-specific information.</P ><DIV @@ -20311,8 +20835,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4196" ->29.1. Macintosh clients?</A +NAME="AEN4319" +>30.1. Macintosh clients?</A ></H2 ><P >Yes. <A @@ -20357,16 +20881,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4205" ->29.2. OS2 Client</A +NAME="AEN4328" +>30.2. OS2 Client</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN4207" ->29.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN4330" +>30.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></H3 ><P @@ -20424,8 +20948,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4222" ->29.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN4345" +>30.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></H3 ><P @@ -20468,8 +20992,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4231" ->29.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN4354" +>30.2.3. Are there any other issues when OS/2 (any version) is used as a client?</A ></H3 ><P @@ -20490,8 +21014,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4235" ->29.2.4. How do I get printer driver download working +NAME="AEN4358" +>30.2.4. How do I get printer driver download working for OS/2 clients?</A ></H3 ><P @@ -20537,16 +21061,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4245" ->29.3. Windows for Workgroups</A +NAME="AEN4368" +>30.3. Windows for Workgroups</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN4247" ->29.3.1. Use latest TCP/IP stack from Microsoft</A +NAME="AEN4370" +>30.3.1. Use latest TCP/IP stack from Microsoft</A ></H3 ><P >Use the latest TCP/IP stack from microsoft if you use Windows @@ -20567,8 +21091,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4252" ->29.3.2. Delete .pwl files after password change</A +NAME="AEN4375" +>30.3.2. Delete .pwl files after password change</A ></H3 ><P >WfWg does a lousy job with passwords. I find that if I change my @@ -20587,8 +21111,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4257" ->29.3.3. Configure WfW password handling</A +NAME="AEN4380" +>30.3.3. Configure WfW password handling</A ></H3 ><P >There is a program call admincfg.exe @@ -20606,8 +21130,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4261" ->29.3.4. Case handling of passwords</A +NAME="AEN4384" +>30.3.4. Case handling of passwords</A ></H3 ><P >Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A @@ -20624,8 +21148,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4266" ->29.3.5. Use TCP/IP as default protocol</A +NAME="AEN4389" +>30.3.5. Use TCP/IP as default protocol</A ></H3 ><P >To support print queue reporting you may find @@ -20640,8 +21164,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4269" ->29.4. Windows '95/'98</A +NAME="AEN4392" +>30.4. Windows '95/'98</A ></H2 ><P >When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -20688,8 +21212,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4285" ->29.5. Windows 2000 Service Pack 2</A +NAME="AEN4408" +>30.5. Windows 2000 Service Pack 2</A ></H2 ><P > @@ -20788,8 +21312,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4302" ->29.6. Windows NT 3.1</A +NAME="AEN4425" +>30.6. Windows NT 3.1</A ></H2 ><P >If you have problems communicating across routers with Windows @@ -20806,7 +21330,7 @@ CLASS="CHAPTER" ><A NAME="COMPILING" ></A ->Chapter 30. How to compile SAMBA</H1 +>Chapter 31. How to compile SAMBA</H1 ><P >You can obtain the samba source from the <A HREF="http://samba.org/" @@ -20819,16 +21343,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4323" ->30.1. Access Samba source code via CVS</A +NAME="AEN4446" +>31.1. Access Samba source code via CVS</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN4325" ->30.1.1. Introduction</A +NAME="AEN4448" +>31.1.1. Introduction</A ></H3 ><P >Samba is developed in an open environment. Developers use CVS @@ -20849,8 +21373,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4330" ->30.1.2. CVS Access to samba.org</A +NAME="AEN4453" +>31.1.2. CVS Access to samba.org</A ></H3 ><P >The machine samba.org runs a publicly accessible CVS @@ -20862,8 +21386,8 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN4333" ->30.1.2.1. Access via CVSweb</A +NAME="AEN4456" +>31.1.2.1. Access via CVSweb</A ></H4 ><P >You can access the source code via your @@ -20883,8 +21407,8 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN4338" ->30.1.2.2. Access via cvs</A +NAME="AEN4461" +>31.1.2.2. Access via cvs</A ></H4 ><P >You can also access the source code via a @@ -20988,8 +21512,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4366" ->30.2. Accessing the samba sources via rsync and ftp</A +NAME="AEN4489" +>31.2. Accessing the samba sources via rsync and ftp</A ></H2 ><P > pserver.samba.org also exports unpacked copies of most parts of the CVS tree at <A @@ -21016,8 +21540,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4372" ->30.3. Building the Binaries</A +NAME="AEN4495" +>31.3. Building the Binaries</A ></H2 ><P >To do this, first run the program <KBD @@ -21102,8 +21626,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4400" ->30.3.1. Compiling samba with Active Directory support</A +NAME="AEN4523" +>31.3.1. Compiling samba with Active Directory support</A ></H3 ><P >In order to compile samba with ADS support, you need to have installed @@ -21152,8 +21676,8 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN4412" ->30.3.1.1. Installing the required packages for Debian</A +NAME="AEN4535" +>31.3.1.1. Installing the required packages for Debian</A ></H4 ><P >On Debian you need to install the following packages:</P @@ -21183,8 +21707,8 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN4419" ->30.3.1.2. Installing the required packages for RedHat</A +NAME="AEN4542" +>31.3.1.2. Installing the required packages for RedHat</A ></H4 ><P >On RedHat this means you should have at least: </P @@ -21225,8 +21749,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4429" ->30.4. Starting the smbd and nmbd</A +NAME="AEN4552" +>31.4. Starting the smbd and nmbd</A ></H2 ><P >You must choose to start smbd and nmbd either @@ -21265,8 +21789,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4439" ->30.4.1. Starting from inetd.conf</A +NAME="AEN4562" +>31.4.1. Starting from inetd.conf</A ></H3 ><P >NOTE; The following will be different if @@ -21310,8 +21834,28 @@ CLASS="FILENAME" > varies between unixes. Look at the other entries in inetd.conf for a guide.</P +><DIV +CLASS="NOTE" ><P ->NOTE: Some unixes already have entries like netbios_ns +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Some unixes already have entries like netbios_ns (note the underscore) in <TT CLASS="FILENAME" >/etc/services</TT @@ -21324,9 +21868,39 @@ CLASS="FILENAME" CLASS="FILENAME" >/etc/inetd.conf</TT > to make them consistent.</P +></TD +></TR +></TABLE +></DIV +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P ->NOTE: On many systems you may need to use the - "interfaces" option in smb.conf to specify the IP address +>On many systems you may need to use the + <B +CLASS="COMMAND" +>interfaces</B +> option in <TT +CLASS="FILENAME" +>smb.conf</TT +> to specify the IP address and netmask of your interfaces. Run <SPAN CLASS="APPLICATION" >ifconfig</SPAN @@ -21338,6 +21912,10 @@ CLASS="APPLICATION" > tries to determine it at run time, but fails on some unixes. </P +></TD +></TR +></TABLE +></DIV ><DIV CLASS="WARNING" ><P @@ -21389,8 +21967,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4469" ->30.4.2. Alternative: starting it as a daemon</A +NAME="AEN4596" +>31.4.2. Alternative: starting it as a daemon</A ></H3 ><P >To start the server as a daemon you should create @@ -21472,14 +22050,14 @@ CLASS="CHAPTER" ><A NAME="BUGREPORT" ></A ->Chapter 31. Reporting Bugs</H1 +>Chapter 32. Reporting Bugs</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN4500" ->31.1. Introduction</A +NAME="AEN4627" +>32.1. Introduction</A ></H2 ><P >The email address for bug reports for stable releases is <A @@ -21523,8 +22101,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4510" ->31.2. General info</A +NAME="AEN4637" +>32.2. General info</A ></H2 ><P >Before submitting a bug report check your config for silly @@ -21547,8 +22125,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4516" ->31.3. Debug levels</A +NAME="AEN4643" +>32.3. Debug levels</A ></H2 ><P >If the bug has anything to do with Samba behaving incorrectly as a @@ -21587,7 +22165,10 @@ CLASS="REPLACEABLE" CLASS="REPLACEABLE" >machine</VAR > is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example +put any <TT +CLASS="FILENAME" +>smb.conf</TT +> commands you want, for example <B CLASS="COMMAND" >log level=</B @@ -21626,8 +22207,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4536" ->31.4. Internal errors</A +NAME="AEN4664" +>32.4. Internal errors</A ></H2 ><P >If you get a "INTERNAL ERROR" message in your log files it means that @@ -21682,8 +22263,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4550" ->31.5. Attaching to a running process</A +NAME="AEN4678" +>32.5. Attaching to a running process</A ></H2 ><P >Unfortunately some unixes (in particular some recent linux kernels) @@ -21714,8 +22295,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4558" ->31.6. Patches</A +NAME="AEN4686" +>32.6. Patches</A ></H2 ><P >The best sort of bug report is one that includes a fix! If you send us @@ -21737,14 +22318,14 @@ CLASS="CHAPTER" ><A NAME="DIAGNOSIS" ></A ->Chapter 32. The samba checklist</H1 +>Chapter 33. The samba checklist</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN4581" ->32.1. Introduction</A +NAME="AEN4709" +>33.1. Introduction</A ></H2 ><P >This file contains a list of tests you can perform to validate your @@ -21765,8 +22346,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4586" ->32.2. Assumptions</A +NAME="AEN4714" +>33.2. Assumptions</A ></H2 ><P >In all of the tests it is assumed you have a Samba server called @@ -21775,8 +22356,21 @@ BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.</P >The procedure is similar for other types of clients.</P ><P >It is also assumed you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf:</P +<TT +CLASS="FILENAME" +>smb.conf</TT +>. I will assume this share is called <VAR +CLASS="REPLACEABLE" +>tmp</VAR +>. +You can add a <VAR +CLASS="REPLACEABLE" +>tmp</VAR +> share like by adding the +following to <TT +CLASS="FILENAME" +>smb.conf</TT +>:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -21785,26 +22379,61 @@ CLASS="PROGRAMLISTING" path = /tmp read only = yes </PRE ></P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P ->THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P +>These tests assume version 3.0 or later of the samba suite. Some commands shown did not exist in earlier versions. </P +></TD +></TR +></TABLE +></DIV ><P >Please pay attention to the error messages you receive. If any error message reports that your server is being unfriendly you should first check that you -IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +IP name resolution is correctly set up. eg: Make sure your <TT +CLASS="FILENAME" +>/etc/resolv.conf</TT +> file points to name servers that really do exist.</P ><P >Also, if you do not have DNS server access for name resolution please check -that the settings for your smb.conf file results in "dns proxy = no". The -best way to check this is with "testparm smb.conf"</P +that the settings for your <TT +CLASS="FILENAME" +>smb.conf</TT +> file results in <B +CLASS="COMMAND" +>dns proxy = no</B +>. The +best way to check this is with <KBD +CLASS="USERINPUT" +>testparm smb.conf</KBD +>.</P ></DIV ><DIV CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4596" ->32.3. The tests</A +NAME="AEN4733" +>33.3. The tests</A ></H2 ><DIV CLASS="PROCEDURE" @@ -21816,22 +22445,65 @@ CLASS="PROCEDURE" TYPE="1" ><LI ><P ->In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf +>In the directory in which you store your <TT +CLASS="FILENAME" +>smb.conf</TT +> file, run the command +<KBD +CLASS="USERINPUT" +>testparm smb.conf</KBD +>. If it reports any errors then your <TT +CLASS="FILENAME" +>smb.conf</TT +> configuration file is faulty.</P +><DIV +CLASS="NOTE" ><P ->Note: Your smb.conf file may be located in: <TT +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Your <TT +CLASS="FILENAME" +>smb.conf</TT +> file may be located in: <TT CLASS="FILENAME" >/etc/samba</TT > - Or in: <TT +Or in: <TT CLASS="FILENAME" >/usr/local/samba/lib</TT ></P +></TD +></TR +></TABLE +></DIV ></LI ><LI ><P ->Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from +>Run the command <KBD +CLASS="USERINPUT" +>ping BIGSERVER</KBD +> from the PC and +<KBD +CLASS="USERINPUT" +>ping ACLIENT</KBD +> from the unix box. If you don't get a valid response then your TCP/IP software is not correctly installed. </P ><P @@ -21839,44 +22511,99 @@ software is not correctly installed. </P run ping.</P ><P >If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to +software or <TT +CLASS="FILENAME" +>/etc/hosts</TT +> file is not correctly setup. +It is possible to run samba without DNS entries for the server and client, but I assume you do have correct entries for the remainder of these tests. </P ><P >Another reason why ping might fail is if your host is running firewall software. You will need to relax the rules to let in the workstation in question, perhaps by allowing access from another subnet (on Linux -this is done via the ipfwadm program.)</P +this is done via the <SPAN +CLASS="APPLICATION" +>ipfwadm</SPAN +> program.)</P ></LI ><LI ><P ->Run the command "smbclient -L BIGSERVER" on the unix box. You +>Run the command <KBD +CLASS="USERINPUT" +>smbclient -L BIGSERVER</KBD +> on the unix box. You should get a list of available shares back. </P ><P >If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines.</P +you probably have either an incorrect <B +CLASS="COMMAND" +>hosts allow</B +>, +<B +CLASS="COMMAND" +>hosts deny</B +> or <B +CLASS="COMMAND" +>valid users</B +> line in your +<TT +CLASS="FILENAME" +>smb.conf</TT +>, or your guest account is not +valid. Check what your guest account is using <SPAN +CLASS="APPLICATION" +>testparm</SPAN +> and +temporarily remove any <B +CLASS="COMMAND" +>hosts allow</B +>, <B +CLASS="COMMAND" +>hosts deny</B +>, <B +CLASS="COMMAND" +>valid users</B +> or <B +CLASS="COMMAND" +>invalid users</B +> lines.</P ><P >If you get a "connection refused" response then the smbd server may not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a".</P +state using <KBD +CLASS="USERINPUT" +>netstat -a</KBD +>.</P ><P >If you get a "session request failed" then the server refused the connection. If it says "Your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" +its probably because you have invalid command line parameters to <SPAN +CLASS="APPLICATION" +>smbd</SPAN +>, +or a similar fatal problem with the initial startup of <SPAN +CLASS="APPLICATION" +>smbd</SPAN +>. Also +check your config file (<TT +CLASS="FILENAME" +>smb.conf</TT +>) for syntax errors with <SPAN +CLASS="APPLICATION" +>testparm</SPAN +> and that the various directories where samba keeps its log and lock files exist.</P ><P >There are a number of reasons for which smbd may refuse or decline a session request. The most common of these involve one or more of -the following smb.conf file entries:</P +the following <TT +CLASS="FILENAME" +>smb.conf</TT +> file entries:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -21895,29 +22622,57 @@ CLASS="PROGRAMLISTING" hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE ></P ><P ->Do NOT use the "bind interfaces only" parameter where you may wish to -use the samba password change facility, or where smbclient may need to +>Do NOT use the <B +CLASS="COMMAND" +>bind interfaces only</B +> parameter where you +may wish to +use the samba password change facility, or where <SPAN +CLASS="APPLICATION" +>smbclient</SPAN +> may need to access local service for name resolution or for local resource -connections. (Note: the "bind interfaces only" parameter deficiency +connections. (Note: the <B +CLASS="COMMAND" +>bind interfaces only</B +> parameter deficiency where it will not allow connections to the loopback address will be fixed soon).</P ><P >Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration!</P +on port 139, such as Samba (ie: smbd is running from <SPAN +CLASS="APPLICATION" +>inetd</SPAN +> already) or +something like Digital's Pathworks. Check your <TT +CLASS="FILENAME" +>inetd.conf</TT +> file before trying +to start <SPAN +CLASS="APPLICATION" +>smbd</SPAN +> as a daemon, it can avoid a lot of frustration!</P ><P ->And yet another possible cause for failure of TEST 3 is when the subnet mask +>And yet another possible cause for failure of this test is when the subnet mask and / or broadcast address settings are incorrect. Please check that the network interface IP Address / Broadcast Address / Subnet Mask settings are -correct and that Samba has correctly noted these in the log.nmb file.</P +correct and that Samba has correctly noted these in the <TT +CLASS="FILENAME" +>log.nmb</TT +> file.</P ></LI ><LI ><P ->Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the +>Run the command <KBD +CLASS="USERINPUT" +>nmblookup -B BIGSERVER __SAMBA__</KBD +>. You should get the IP address of your Samba server back.</P ><P ->If you don't then nmbd is incorrectly installed. Check your inetd.conf +>If you don't then nmbd is incorrectly installed. Check your <TT +CLASS="FILENAME" +>inetd.conf</TT +> if you run it from there, or that the daemon is running and listening to udp port 137.</P ><P @@ -21928,9 +22683,9 @@ inetd.</P ></LI ><LI ><P ->run the command <B -CLASS="COMMAND" ->nmblookup -B ACLIENT '*'</B +>run the command <KBD +CLASS="USERINPUT" +>nmblookup -B ACLIENT '*'</KBD ></P ><P >You should get the PCs IP address back. If you don't then the client @@ -21942,9 +22697,9 @@ client in the above test.</P ></LI ><LI ><P ->Run the command <B -CLASS="COMMAND" ->nmblookup -d 2 '*'</B +>Run the command <KBD +CLASS="USERINPUT" +>nmblookup -d 2 '*'</KBD ></P ><P >This time we are trying the same as the previous test but are trying @@ -21957,11 +22712,20 @@ hosts.</P >If this doesn't give a similar result to the previous test then nmblookup isn't correctly getting your broadcast address through its automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP +<B +CLASS="COMMAND" +>interfaces</B +> option in <TT +CLASS="FILENAME" +>smb.conf</TT +> to manually configure your IP address, broadcast and netmask. </P ><P >If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs +use the <VAR +CLASS="PARAMETER" +>-B</VAR +> option to set the broadcast address to the that of the PCs subnet.</P ><P >This test will probably fail if your subnet mask and broadcast address are @@ -21969,29 +22733,65 @@ not correct. (Refer to TEST 3 notes above).</P ></LI ><LI ><P ->Run the command <B -CLASS="COMMAND" ->smbclient //BIGSERVER/TMP</B +>Run the command <KBD +CLASS="USERINPUT" +>smbclient //BIGSERVER/TMP</KBD >. You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with -another account then add the -U >accountname< option to the end of +another account then add the <VAR +CLASS="PARAMETER" +>-U <VAR +CLASS="REPLACEABLE" +>accountname</VAR +></VAR +> option to the end of the command line. eg: -<B -CLASS="COMMAND" ->smbclient //bigserver/tmp -Ujohndoe</B +<KBD +CLASS="USERINPUT" +>smbclient //bigserver/tmp -Ujohndoe</KBD ></P +><DIV +CLASS="NOTE" ><P ->Note: It is possible to specify the password along with the username +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>It is possible to specify the password along with the username as follows: -<B -CLASS="COMMAND" ->smbclient //bigserver/tmp -Ujohndoe%secret</B +<KBD +CLASS="USERINPUT" +>smbclient //bigserver/tmp -Ujohndoe%secret</KBD ></P +></TD +></TR +></TABLE +></DIV ><P ->Once you enter the password you should get the "smb>" prompt. If you +>Once you enter the password you should get the <SAMP +CLASS="PROMPT" +>smb></SAMP +> prompt. If you don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf.</P +name" then the service "tmp" is not correctly setup in your <TT +CLASS="FILENAME" +>smb.conf</TT +>.</P ><P >If it says "bad password" then the likely causes are:</P ><P @@ -22001,23 +22801,41 @@ TYPE="1" ><LI ><P > you have shadow passords (or some other password system) but didn't - compile in support for them in smbd + compile in support for them in <SPAN +CLASS="APPLICATION" +>smbd</SPAN +> </P ></LI ><LI ><P -> your "valid users" configuration is incorrect +> your <B +CLASS="COMMAND" +>valid users</B +> configuration is incorrect </P ></LI ><LI ><P -> you have a mixed case password and you haven't enabled the "password - level" option at a high enough level +> you have a mixed case password and you haven't enabled the <B +CLASS="COMMAND" +>password + level</B +> option at a high enough level </P ></LI ><LI ><P -> the "path =" line in smb.conf is incorrect. Check it with testparm +> the <B +CLASS="COMMAND" +>path =</B +> line in <TT +CLASS="FILENAME" +>smb.conf</TT +> is incorrect. Check it with <SPAN +CLASS="APPLICATION" +>testparm</SPAN +> </P ></LI ><LI @@ -22041,7 +22859,10 @@ CLASS="COMMAND" > etc. Type <B CLASS="COMMAND" ->help >command<</B +>help <VAR +CLASS="REPLACEABLE" +>command</VAR +></B > for instructions. You should especially check that the amount of free disk space shown is correct when you type <B @@ -22051,9 +22872,9 @@ CLASS="COMMAND" ></LI ><LI ><P ->On the PC type the command <B -CLASS="COMMAND" ->net view \\BIGSERVER</B +>On the PC type the command <KBD +CLASS="USERINPUT" +>net view \\BIGSERVER</KBD >. You will need to do this from within a "dos prompt" window. You should get back a list of available shares on the server.</P @@ -22068,11 +22889,17 @@ to choose one of them):</P TYPE="1" ><LI ><P -> fixup the nmbd installation</P +> fixup the <SPAN +CLASS="APPLICATION" +>nmbd</SPAN +> installation</P ></LI ><LI ><P -> add the IP address of BIGSERVER to the "wins server" box in the +> add the IP address of BIGSERVER to the <B +CLASS="COMMAND" +>wins server</B +> box in the advanced tcp/ip setup on the PC.</P ></LI ><LI @@ -22087,8 +22914,14 @@ TYPE="1" ></OL ><P >If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man +same fixes apply as they did for the <KBD +CLASS="USERINPUT" +>smbclient -L</KBD +> test above. In +particular, make sure your <B +CLASS="COMMAND" +>hosts allow</B +> line is correct (see the man pages)</P ><P >Also, do not overlook that fact that when the workstation requests the @@ -22100,22 +22933,47 @@ name and password.</P >If you get "specified computer is not receiving requests" or similar it probably means that the host is not contactable via tcp services. Check to see if the host is running tcp wrappers, and if so add an entry in -the hosts.allow file for your client (or subnet, etc.)</P +the <TT +CLASS="FILENAME" +>hosts.allow</TT +> file for your client (or subnet, etc.)</P ></LI ><LI ><P ->Run the command <B -CLASS="COMMAND" ->net use x: \\BIGSERVER\TMP</B +>Run the command <KBD +CLASS="USERINPUT" +>net use x: \\BIGSERVER\TMP</KBD >. You should be prompted for a password then you should get a "command completed successfully" message. If not then your PC software is incorrectly -installed or your smb.conf is incorrect. make sure your "hosts allow" -and other config lines in smb.conf are correct.</P +installed or your smb.conf is incorrect. make sure your <B +CLASS="COMMAND" +>hosts allow</B +> +and other config lines in <TT +CLASS="FILENAME" +>smb.conf</TT +> are correct.</P ><P >It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the +connect you as. To see if this is the problem add the line <B +CLASS="COMMAND" +>user = +<VAR +CLASS="REPLACEABLE" +>username</VAR +></B +> to the <B +CLASS="COMMAND" +>[tmp]</B +> section of +<TT +CLASS="FILENAME" +>smb.conf</TT +> where <VAR +CLASS="REPLACEABLE" +>username</VAR +> is the username corresponding to the password you typed. If you find this fixes things you may need the username mapping option. </P ><P @@ -22126,22 +22984,31 @@ CLASS="COMMAND" > in <TT CLASS="FILENAME" >smb.conf</TT ->. +> Turn it back on to fix.</P ></LI ><LI ><P ->Run the command <B -CLASS="COMMAND" ->nmblookup -M TESTGROUP</B +>Run the command <KBD +CLASS="USERINPUT" +>nmblookup -M <VAR +CLASS="REPLACEABLE" +>testgroup</VAR +></KBD > where -TESTGROUP is the name of the workgroup that your Samba server and +<VAR +CLASS="REPLACEABLE" +>testgroup</VAR +> is the name of the workgroup that your Samba server and Windows PCs belong to. You should get back the IP address of the master browser for that workgroup.</P ><P >If you don't then the election process has failed. Wait a minute to see if it is just being slow then try again. If it still fails after -that then look at the browsing options you have set in smb.conf. Make +that then look at the browsing options you have set in <TT +CLASS="FILENAME" +>smb.conf</TT +>. Make sure you have <B CLASS="COMMAND" >preferred master = yes</B @@ -22165,8 +23032,14 @@ CLASS="COMMAND" CLASS="COMMAND" >password server = Windows_NT_Machine</B > in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile).</P +<TT +CLASS="FILENAME" +>smb.conf</TT +> file, or make sure <B +CLASS="COMMAND" +>encrypted passwords</B +> is +set to "yes".</P ></LI ></OL ></DIV @@ -22176,8 +23049,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4697" ->32.4. Still having troubles?</A +NAME="AEN4900" +>33.4. Still having troubles?</A ></H2 ><P >Try the mailing list or newsgroup, or use the ethereal utility to @@ -22194,8 +23067,6 @@ HREF="http://samba.org/samba" TARGET="_top" >http://samba.org/samba/</A ></P -><P ->Also look at the other docs in the Samba package!</P ></DIV ></DIV ></DIV |