diff options
author | John Terpstra <jht@samba.org> | 2003-04-07 15:19:34 +0000 |
---|---|---|
committer | John Terpstra <jht@samba.org> | 2003-04-07 15:19:34 +0000 |
commit | 6b8a18109364fa53287ce5e7425ad4c185e678cf (patch) | |
tree | b2f8ab9115f4c9ffa7eeaaade6e342f1eadb5485 /docs | |
parent | bd6a7f756bbf0824b62480c572cff0e43ac7daef (diff) | |
download | samba-6b8a18109364fa53287ce5e7425ad4c185e678cf.tar.gz samba-6b8a18109364fa53287ce5e7425ad4c185e678cf.tar.bz2 samba-6b8a18109364fa53287ce5e7425ad4c185e678cf.zip |
Docs merge from HEAD.
(This used to be commit e9b7b72ab613dbd88c846e3cf1ffa7e6dc9118e4)
Diffstat (limited to 'docs')
23 files changed, 274 insertions, 232 deletions
diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent index c71166b4d7..cfcd44e50a 100644 --- a/docs/docbook/global.ent +++ b/docs/docbook/global.ent @@ -74,6 +74,14 @@ </affiliation> </author>'> +<!ENTITY author.mimir ' +<author> + <firstname>Rafal</firstname><surname>Szczesniak</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>mimir@samba.org</email></address> + </affiliation> +</author>'> <!-- URL's --> <!ENTITY url.samba.cvsinfo 'http://pserver.samba.org/samba/cvs.html'> @@ -98,7 +106,6 @@ <!-- Misc --> <!ENTITY samba.pub.cvshost 'pserver.samba.org'> -<!ENTITY percnt '%'> <!ENTITY stdarg.debug ' <varlistentry> @@ -359,3 +366,15 @@ an Active Directory environment. &stdarg.authfile; &stdarg.username; '> + +<!-- Entities for the various programs --> +<!ENTITY smbd '<application>smbd</application>'> +<!ENTITY nmbd '<application>nmbd</application>'> +<!ENTITY testparm '<application>testparm</application>'> +<!ENTITY smb.conf '<filename>smb.conf</filename>'> +<!ENTITY smbclient '<application>smbclient</application>'> +<!ENTITY winbindd '<application>winbindd</application>'> +<!ENTITY smbgroupedit '<application>smbgroupedit</application>'> + +<!-- We only need this for SGML, and not for XML... --> +<!ENTITY percnt '%'> diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index 8146df0781..d08833b7fd 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -74,12 +74,12 @@ its netbios name. If you don't get this right then you will get a </para> <para> -If all you want is kerberos support in smbclient then you can skip -straight to <link linkend="ads-test-smbclient">Test with smbclient</link> now. +If all you want is kerberos support in &smbclient; then you can skip +straight to <link linkend="ads-test-smbclient">Test with &smbclient;</link> now. <link linkend="ads-create-machine-account">Creating a computer account</link> and <link linkend="ads-test-server">testing your servers</link> is only needed if you want kerberos -support for smbd and winbindd. +support for &smbd; and &winbindd;. </para> </sect1> @@ -120,11 +120,11 @@ server? Does it have an encoding type of DES-CBC-MD5 ? </sect1> <sect1 id="ads-test-smbclient"> -<title>Testing with smbclient</title> +<title>Testing with &smbclient;</title> <para> On your Samba server try to login to a Win2000 server or your Samba -server using smbclient and kerberos. Use smbclient as usual, but +server using &smbclient; and kerberos. Use &smbclient; as usual, but specify the <parameter>-k</parameter> option to choose kerberos authentication. </para> diff --git a/docs/docbook/projdoc/Browsing-Quickguide.sgml b/docs/docbook/projdoc/Browsing-Quickguide.sgml index a2b67983f8..ed5b9a61af 100644 --- a/docs/docbook/projdoc/Browsing-Quickguide.sgml +++ b/docs/docbook/projdoc/Browsing-Quickguide.sgml @@ -44,7 +44,7 @@ implements browse list collation using unicast UDP. <para> Secondly, in those networks where Samba is the only SMB server technology -wherever possible nmbd should be configured on one (1) machine as the WINS +wherever possible &nmbd; should be configured on one (1) machine as the WINS server. This makes it easy to manage the browsing environment. If each network segment is configured with it's own Samba WINS server, then the only way to get cross segment browsing to work is by using the @@ -65,7 +65,7 @@ been committed, but it still needs maturation. <para> Right now samba WINS does not support MS-WINS replication. This means that -when setting up Samba as a WINS server there must only be one nmbd configured +when setting up Samba as a WINS server there must only be one &nmbd; configured as a WINS server on the network. Some sites have used multiple Samba WINS servers for redundancy (one server per subnet) and then used <command>remote browse sync</command> and <command>remote announce</command> @@ -294,11 +294,12 @@ To configure Samba to register with a WINS server just add "wins server = a.b.c.d" to your smb.conf file [globals] section. </para> -<para> -<emphasis>DO NOT EVER</emphasis> use both "wins support = yes" together -with "wins server = a.b.c.d" particularly not using it's own IP address. -Specifying both will cause nmbd to refuse to start! -</para> +<important><para> +Never use both <command>wins support = yes</command> together +with <command>wins server = a.b.c.d</command> +particularly not using it's own IP address. +Specifying both will cause &nmbd; to refuse to start! +</para></important> </sect1> diff --git a/docs/docbook/projdoc/Browsing.sgml b/docs/docbook/projdoc/Browsing.sgml index 43cc498618..ca2f6dc57b 100644 --- a/docs/docbook/projdoc/Browsing.sgml +++ b/docs/docbook/projdoc/Browsing.sgml @@ -46,8 +46,8 @@ that can NOT be provided by any other means of name resolution. <title>Browsing support in samba</title> <para> -Samba facilitates browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)). +Samba facilitates browsing. The browsing is supported by &nmbd; +and is also controlled by options in the &smb.conf; file. Samba can act as a local browse master for a workgroup and the ability for samba to support domain logons and scripts is now available. </para> @@ -80,7 +80,7 @@ recommended that you use one and only one Samba server as your WINS server. <para> To get browsing to work you need to run nmbd as usual, but will need -to use the <command>workgroup</command> option in <filename>smb.conf</filename> +to use the <command>workgroup</command> option in &smb.conf; to control what workgroup Samba becomes a part of. </para> @@ -89,7 +89,7 @@ Samba also has a useful option for a Samba server to offer itself for browsing on another subnet. It is recommended that this option is only used for 'unusual' purposes: announcements over the internet, for example. See <command>remote announce</command> in the -<filename>smb.conf</filename> man page. +&smb.conf; man page. </para> </sect1> @@ -128,7 +128,7 @@ server resources. <para> The other big problem people have is that their broadcast address, netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf) +in &smb.conf;) </para> </sect1> @@ -160,7 +160,7 @@ Remember, for browsing across subnets to work correctly, all machines, be they Windows 95, Windows NT, or Samba servers must have the IP address of a WINS server given to them by a DHCP server, or by manual configuration (for Win95 and WinNT, this is in the TCP/IP Properties, under Network -settings) for Samba this is in the smb.conf file. +settings) for Samba this is in the &smb.conf; file. </para> <sect2> @@ -412,7 +412,7 @@ If either router R1 or R2 fails the following will occur: <para> Either a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : +add the following option to the &smb.conf; file on the selected machine : in the [globals] section add the line </para> @@ -459,7 +459,7 @@ the Samba machine IP address in the "Primary WINS Server" field of the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs in Windows 95 or Windows NT. To tell a Samba server the IP address of the WINS server add the following line to the [global] section of -all smb.conf files : +all &smb.conf; files : </para> <para> @@ -472,7 +472,7 @@ machine or its IP address. </para> <para> -Note that this line MUST NOT BE SET in the smb.conf file of the Samba +Note that this line MUST NOT BE SET in the &smb.conf; file of the Samba server acting as the WINS server itself. If you set both the <command>wins support = yes</command> option and the <command>wins server = <name></command> option then @@ -510,7 +510,7 @@ cross subnet browsing possible for a workgroup. In an WORKGROUP environment the domain master browser must be a Samba server, and there must only be one domain master browser per workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file : +set the following option in the [global] section of the &smb.conf; file : </para> <para> @@ -520,7 +520,7 @@ set the following option in the [global] section of the smb.conf file : <para> The domain master browser should also preferrably be the local master browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file : +options in the [global] section of the &smb.conf; file : </para> <para> @@ -545,7 +545,7 @@ able to do this, as will Windows 9x machines (although these tend to get rebooted more often, so it's not such a good idea to use these). To make a Samba server a local master browser set the following options in the [global] section of the -smb.conf file : +&smb.conf; file : </para> <para> @@ -575,7 +575,7 @@ If you have an NT machine on the subnet that you wish to be the local master browser then you can disable Samba from becoming a local master browser by setting the following options in the <command>[global]</command> section of the -<filename>smb.conf</filename> file : +&smb.conf; file : </para> <para> @@ -607,7 +607,7 @@ For subnets other than the one containing the Windows NT PDC you may set up Samba servers as local master browsers as described. To make a Samba server a local master browser set the following options in the <command>[global]</command> section -of the <filename>smb.conf</filename> file : +of the &smb.conf; file : </para> <para> @@ -634,7 +634,7 @@ If you have Windows NT machines that are members of the domain on all subnets, and you are sure they will always be running then you can disable Samba from taking part in browser elections and ever becoming a local master browser by setting following options -in the <command>[global]</command> section of the <filename>smb.conf</filename> +in the <command>[global]</command> section of the &smb.conf; file : </para> @@ -662,7 +662,7 @@ elections to just about anyone else. <para> If you want Samba to win elections then just set the <command>os level</command> global -option in <filename>smb.conf</filename> to a higher number. It defaults to 0. Using 34 +option in &smb.conf; to a higher number. It defaults to 0. Using 34 would make it win all elections over every other system (except other samba systems!) </para> @@ -676,7 +676,7 @@ NT/2K Server. A MS Windows NT/2K Server domain controller uses level 32. <para> If you want samba to force an election on startup, then set the -<command>preferred master</command> global option in <filename>smb.conf</filename> to "yes". Samba will +<command>preferred master</command> global option in &smb.conf; to "yes". Samba will then have a slight advantage over other potential master browsers that are not preferred master browsers. Use this parameter with care, as if you have two hosts (whether they are windows 95 or NT or @@ -712,7 +712,7 @@ the current domain master browser fail. The domain master is responsible for collating the browse lists of multiple subnets so that browsing can occur between subnets. You can make samba act as the domain master by setting <command>domain master = yes</command> -in <filename>smb.conf</filename>. By default it will not be a domain master. +in &smb.conf;. By default it will not be a domain master. </para> <para> @@ -801,7 +801,7 @@ that browsing and name lookups won't work. <para> Samba now supports machines with multiple network interfaces. If you have multiple interfaces then you will need to use the <command>interfaces</command> -option in smb.conf to configure them. See <filename>smb.conf(5)</filename> for details. +option in &smb.conf; to configure them. </para> </sect1> </chapter> diff --git a/docs/docbook/projdoc/Bugs.sgml b/docs/docbook/projdoc/Bugs.sgml index 9c6be75c8d..d3525f5f95 100644 --- a/docs/docbook/projdoc/Bugs.sgml +++ b/docs/docbook/projdoc/Bugs.sgml @@ -87,7 +87,7 @@ detail, but may use too much disk space. <para> To set the debug level use <command>log level =</command> in your -<filename>smb.conf</filename>. You may also find it useful to set the log +&smb.conf;. You may also find it useful to set the log level higher for just one machine and keep separate logs for each machine. To do this use: </para> @@ -102,17 +102,17 @@ include = /usr/local/samba/lib/smb.conf.%m then create a file <filename>/usr/local/samba/lib/smb.conf.<replaceable>machine</replaceable></filename> where <replaceable>machine</replaceable> is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example +put any &smb.conf; commands you want, for example <command>log level=</command> may be useful. This also allows you to experiment with different security systems, protocol levels etc on just one machine. </para> <para> -The <filename>smb.conf</filename> entry <command>log level =</command> +The &smb.conf; entry <command>log level =</command> is synonymous with the entry <command>debuglevel =</command> that has been used in older versions of Samba and is being retained for backwards -compatibility of <filename>smb.conf</filename> files. +compatibility of &smb.conf; files. </para> <para> diff --git a/docs/docbook/projdoc/CUPS-printing.sgml b/docs/docbook/projdoc/CUPS-printing.sgml index eb59695b04..fd954cc1c5 100644 --- a/docs/docbook/projdoc/CUPS-printing.sgml +++ b/docs/docbook/projdoc/CUPS-printing.sgml @@ -50,10 +50,10 @@ new features, which make it different from other, more traditional printing syst </sect1> <sect1> -<title>Configuring <filename>smb.conf</filename> for CUPS</title> +<title>Configuring &smb.conf; for CUPS</title> <para> -Printing with CUPS in the most basic <filename>smb.conf</filename> +Printing with CUPS in the most basic &smb.conf; setup in Samba-3 only needs two settings: <command>printing = cups</command> and <command>printcap = cups</command>. While CUPS itself doesn't need a printcap anymore, the <filename>cupsd.conf</filename> configuration file knows two directives @@ -87,7 +87,7 @@ present on other OS platforms, or its function may be embodied by a different co The line "libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000)" shows there is CUPS support compiled into this version of Samba. If this is the case, and <command>printing = cups</command> is set, then any -otherwise manually set print command in smb.conf is ignored. +otherwise manually set print command in &smb.conf; is ignored. </para> </sect1> @@ -122,7 +122,7 @@ operation. <para> Firstly, to enable CUPS based printing from Samba the following options must be -enabled in your smb.conf file [globals] section: +enabled in your &smb.conf; file [globals] section: <itemizedlist> <listitem><para>printing = CUPS</para></listitem> @@ -130,7 +130,7 @@ enabled in your smb.conf file [globals] section: <listitem><para>printcap = CUPS</para></listitem> </itemizedlist> -When these parameters are specified the print directives in smb.conf (as well as in +When these parameters are specified the print directives in &smb.conf; (as well as in samba itself) will be ignored because samba will directly interface with CUPS through it's application program interface (API) - so long as Samba has been compiled with CUPS library (libcups) support. If samba has NOT been compiled with CUPS support then @@ -402,7 +402,7 @@ promising... <para> The <command>cupsadsmb</command> utility (shipped with all current CUPS versions) makes the sharing of any (or all) installed CUPS printers very -easy. Prior to using it, you need the following settings in smb.conf: +easy. Prior to using it, you need the following settings in &smb.conf;: </para> <para><programlisting>[global] @@ -1661,8 +1661,8 @@ on the avarage and peak printing load the server should be able to handle. <para> Samba print files pass thru two "spool" directories. One the incoming directory -managed by Samba, (set eg: in the "path = /var/spool/samba" directive in the [printers] -section of "smb.conf"). Second is the spool directory of your UNIX print subsystem. +managed by Samba, (set eg: in the <command>path = /var/spool/samba</command> directive in the [printers] +section of &smb.conf;). Second is the spool directory of your UNIX print subsystem. For CUPS it is normally "/var/spool/cups/", as set by the cupsd.conf directive "RequestRoot /var/spool/cups". </para> @@ -1724,15 +1724,15 @@ For everything to work as announced, you need to have three things: <simplelist> <member> - a Samba-smbd which is compiled against "libcups" (Check on Linux by running "ldd `which smbd`") + a Samba-&smbd; which is compiled against "libcups" (Check on Linux by running <userinput>ldd `which smbd`</userinput>) </member> <member> - a Samba-smb.conf setting of "printing = cups" + a Samba-&smb.conf; setting of <command>printing = cups</command> </member> <member> - another Samba-smb.conf setting of "printcap = cups" + another Samba-&smb.conf; setting of <command>printcap = cups</command> </member> </simplelist> diff --git a/docs/docbook/projdoc/Compiling.sgml b/docs/docbook/projdoc/Compiling.sgml index 1578522139..868ed52b74 100644 --- a/docs/docbook/projdoc/Compiling.sgml +++ b/docs/docbook/projdoc/Compiling.sgml @@ -325,18 +325,18 @@ on this system just substitute the correct package name varies between unixes. Look at the other entries in inetd.conf for a guide.</para> - <para>NOTE: Some unixes already have entries like netbios_ns + <note><para>Some unixes already have entries like netbios_ns (note the underscore) in <filename>/etc/services</filename>. You must either edit <filename>/etc/services</filename> or - <filename>/etc/inetd.conf</filename> to make them consistent.</para> + <filename>/etc/inetd.conf</filename> to make them consistent.</para></note> - <para>NOTE: On many systems you may need to use the - "interfaces" option in smb.conf to specify the IP address + <note><para>On many systems you may need to use the + <command>interfaces</command> option in &smb.conf; to specify the IP address and netmask of your interfaces. Run <application>ifconfig</application> as root if you don't know what the broadcast is for your - net. <application>nmbd</application> tries to determine it at run + net. &nmbd; tries to determine it at run time, but fails on some unixes. - </para> + </para></note> <warning><para>Many unixes only accept around 5 parameters on the command line in <filename>inetd.conf</filename>. diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index 1a97e6f5a8..dc5b7d6e8c 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -20,12 +20,12 @@ with NetBIOS names <constant>DOMBDC1</constant> and <constant>DOMBDC2 </constant>.</para> - <para>Firstly, you must edit your <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> - </ulink> file to tell Samba it should now use domain security.</para> + <para>Firstly, you must edit your &smb.conf; file to tell Samba it should + now use domain security.</para> <para>Change (or add) your <ulink url="smb.conf.5.html#SECURITY"> <parameter>security =</parameter></ulink> line in the [global] section - of your smb.conf to read:</para> + of your &smb.conf; to read:</para> <para><command>security = domain</command></para> diff --git a/docs/docbook/projdoc/Diagnosis.sgml b/docs/docbook/projdoc/Diagnosis.sgml index 2a771c23d1..d175eb15ba 100644 --- a/docs/docbook/projdoc/Diagnosis.sgml +++ b/docs/docbook/projdoc/Diagnosis.sgml @@ -45,8 +45,9 @@ The procedure is similar for other types of clients. <para> It is also assumed you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf: +&smb.conf;. I will assume this share is called <replaceable>tmp</replaceable>. +You can add a <replaceable>tmp</replaceable> share like by adding the +following to &smb.conf;: </para> <para><programlisting> @@ -59,22 +60,21 @@ smb.conf. I will assume this share is called "tmp". You can add a </programlisting> </para> -<para> -THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS -</para> +<note><para> +These tests assume version 3.0 or later of the samba suite. Some commands shown did not exist in earlier versions. +</para></note> <para> Please pay attention to the error messages you receive. If any error message reports that your server is being unfriendly you should first check that you -IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +IP name resolution is correctly set up. eg: Make sure your <filename>/etc/resolv.conf</filename> file points to name servers that really do exist. </para> <para> Also, if you do not have DNS server access for name resolution please check -that the settings for your smb.conf file results in "dns proxy = no". The -best way to check this is with "testparm smb.conf" +that the settings for your &smb.conf; file results in <command>dns proxy = no</command>. The +best way to check this is with <userinput>testparm smb.conf</userinput>. </para> </sect1> @@ -86,20 +86,21 @@ best way to check this is with "testparm smb.conf" <step performance="required"> <para> -In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf +In the directory in which you store your &smb.conf; file, run the command +<userinput>testparm smb.conf</userinput>. If it reports any errors then your &smb.conf; configuration file is faulty. </para> -<para> -Note: Your smb.conf file may be located in: <filename>/etc/samba</filename> - Or in: <filename>/usr/local/samba/lib</filename> -</para> +<note><para> +Your &smb.conf; file may be located in: <filename>/etc/samba</filename> +Or in: <filename>/usr/local/samba/lib</filename> +</para></note> </step> <step performance="required"> <para> -Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from +Run the command <userinput>ping BIGSERVER</userinput> from the PC and +<userinput>ping ACLIENT</userinput> from the unix box. If you don't get a valid response then your TCP/IP software is not correctly installed. </para> @@ -111,7 +112,8 @@ run ping. <para> If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to +software or <filename>/etc/hosts</filename> file is not correctly setup. +It is possible to run samba without DNS entries for the server and client, but I assume you do have correct entries for the remainder of these tests. </para> @@ -120,23 +122,23 @@ you do have correct entries for the remainder of these tests. Another reason why ping might fail is if your host is running firewall software. You will need to relax the rules to let in the workstation in question, perhaps by allowing access from another subnet (on Linux -this is done via the ipfwadm program.) +this is done via the <application>ipfwadm</application> program.) </para> </step> <step performance="required"> <para> -Run the command "smbclient -L BIGSERVER" on the unix box. You +Run the command <userinput>smbclient -L BIGSERVER</userinput> on the unix box. You should get a list of available shares back. </para> <para> If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines. +you probably have either an incorrect <command>hosts allow</command>, +<command>hosts deny</command> or <command>valid users</command> line in your +&smb.conf;, or your guest account is not +valid. Check what your guest account is using &testparm; and +temporarily remove any <command>hosts allow</command>, <command>hosts deny</command>, <command>valid users</command> or <command>invalid users</command> lines. </para> <para> @@ -144,15 +146,15 @@ If you get a "connection refused" response then the smbd server may not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a". +state using <userinput>netstat -a</userinput>. </para> <para> If you get a "session request failed" then the server refused the connection. If it says "Your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" +its probably because you have invalid command line parameters to &smbd;, +or a similar fatal problem with the initial startup of &smbd;. Also +check your config file (&smb.conf;) for syntax errors with &testparm; and that the various directories where samba keeps its log and lock files exist. </para> @@ -160,7 +162,7 @@ files exist. <para> There are a number of reasons for which smbd may refuse or decline a session request. The most common of these involve one or more of -the following smb.conf file entries: +the following &smb.conf; file entries: </para> <para><programlisting> @@ -181,26 +183,27 @@ To solve this problem change these lines to: </programlisting></para> <para> -Do NOT use the "bind interfaces only" parameter where you may wish to -use the samba password change facility, or where smbclient may need to +Do NOT use the <command>bind interfaces only</command> parameter where you +may wish to +use the samba password change facility, or where &smbclient; may need to access local service for name resolution or for local resource -connections. (Note: the "bind interfaces only" parameter deficiency +connections. (Note: the <command>bind interfaces only</command> parameter deficiency where it will not allow connections to the loopback address will be fixed soon). </para> <para> Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration! +on port 139, such as Samba (ie: smbd is running from <application>inetd</application> already) or +something like Digital's Pathworks. Check your <filename>inetd.conf</filename> file before trying +to start &smbd; as a daemon, it can avoid a lot of frustration! </para> <para> -And yet another possible cause for failure of TEST 3 is when the subnet mask +And yet another possible cause for failure of this test is when the subnet mask and / or broadcast address settings are incorrect. Please check that the network interface IP Address / Broadcast Address / Subnet Mask settings are -correct and that Samba has correctly noted these in the log.nmb file. +correct and that Samba has correctly noted these in the <filename>log.nmb</filename> file. </para> </step> @@ -208,12 +211,12 @@ correct and that Samba has correctly noted these in the log.nmb file. <step performance="required"> <para> -Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the +Run the command <userinput>nmblookup -B BIGSERVER __SAMBA__</userinput>. You should get the IP address of your Samba server back. </para> <para> -If you don't then nmbd is incorrectly installed. Check your inetd.conf +If you don't then nmbd is incorrectly installed. Check your <filename>inetd.conf</filename> if you run it from there, or that the daemon is running and listening to udp port 137. </para> @@ -229,7 +232,7 @@ inetd. <step performance="required"> -<para>run the command <command>nmblookup -B ACLIENT '*'</command></para> +<para>run the command <userinput>nmblookup -B ACLIENT '*'</userinput></para> <para> You should get the PCs IP address back. If you don't then the client @@ -247,7 +250,7 @@ client in the above test. <step performance="required"> <para> -Run the command <command>nmblookup -d 2 '*'</command> +Run the command <userinput>nmblookup -d 2 '*'</userinput> </para> <para> @@ -263,13 +266,13 @@ hosts. If this doesn't give a similar result to the previous test then nmblookup isn't correctly getting your broadcast address through its automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP +<command>interfaces</command> option in &smb.conf; to manually configure your IP address, broadcast and netmask. </para> <para> If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs +use the <parameter>-B</parameter> option to set the broadcast address to the that of the PCs subnet. </para> @@ -283,24 +286,24 @@ not correct. (Refer to TEST 3 notes above). <step performance="required"> <para> -Run the command <command>smbclient //BIGSERVER/TMP</command>. You should +Run the command <userinput>smbclient //BIGSERVER/TMP</userinput>. You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with -another account then add the -U >accountname< option to the end of +another account then add the <parameter>-U <replaceable>accountname</replaceable></parameter> option to the end of the command line. eg: -<command>smbclient //bigserver/tmp -Ujohndoe</command> +<userinput>smbclient //bigserver/tmp -Ujohndoe</userinput> </para> -<para> -Note: It is possible to specify the password along with the username +<note><para> +It is possible to specify the password along with the username as follows: -<command>smbclient //bigserver/tmp -Ujohndoe%secret</command> -</para> +<userinput>smbclient //bigserver/tmp -Ujohndoe%secret</userinput> +</para></note> <para> -Once you enter the password you should get the "smb>" prompt. If you +Once you enter the password you should get the <prompt>smb></prompt> prompt. If you don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf. +name" then the service "tmp" is not correctly setup in your &smb.conf;. </para> <para> @@ -311,26 +314,26 @@ If it says "bad password" then the likely causes are: <listitem> <para> you have shadow passords (or some other password system) but didn't - compile in support for them in smbd + compile in support for them in &smbd; </para> </listitem> <listitem> <para> - your "valid users" configuration is incorrect + your <command>valid users</command> configuration is incorrect </para> </listitem> <listitem> <para> - you have a mixed case password and you haven't enabled the "password - level" option at a high enough level + you have a mixed case password and you haven't enabled the <command>password + level</command> option at a high enough level </para> </listitem> <listitem> <para> - the "path =" line in smb.conf is incorrect. Check it with testparm + the <command>path =</command> line in &smb.conf; is incorrect. Check it with &testparm; </para> </listitem> @@ -345,7 +348,7 @@ If it says "bad password" then the likely causes are: <para> Once connected you should be able to use the commands <command>dir</command> <command>get</command> <command>put</command> etc. -Type <command>help >command<</command> for instructions. You should +Type <command>help <replaceable>command</replaceable></command> for instructions. You should especially check that the amount of free disk space shown is correct when you type <command>dir</command>. </para> @@ -355,7 +358,7 @@ when you type <command>dir</command>. <step performance="required"> <para> -On the PC type the command <command>net view \\BIGSERVER</command>. You will +On the PC type the command <userinput>net view \\BIGSERVER</userinput>. You will need to do this from within a "dos prompt" window. You should get back a list of available shares on the server. </para> @@ -369,11 +372,11 @@ to choose one of them): <orderedlist> <listitem><para> - fixup the nmbd installation + fixup the &nmbd; installation </para></listitem> <listitem><para> - add the IP address of BIGSERVER to the "wins server" box in the + add the IP address of BIGSERVER to the <command>wins server</command> box in the advanced tcp/ip setup on the PC. </para></listitem> @@ -389,8 +392,8 @@ to choose one of them): <para> If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man +same fixes apply as they did for the <userinput>smbclient -L</userinput> test above. In +particular, make sure your <command>hosts allow</command> line is correct (see the man pages) </para> @@ -406,7 +409,7 @@ name and password. If you get "specified computer is not receiving requests" or similar it probably means that the host is not contactable via tcp services. Check to see if the host is running tcp wrappers, and if so add an entry in -the hosts.allow file for your client (or subnet, etc.) +the <filename>hosts.allow</filename> file for your client (or subnet, etc.) </para> </step> @@ -414,24 +417,25 @@ the hosts.allow file for your client (or subnet, etc.) <step performance="required"> <para> -Run the command <command>net use x: \\BIGSERVER\TMP</command>. You should +Run the command <userinput>net use x: \\BIGSERVER\TMP</userinput>. You should be prompted for a password then you should get a "command completed successfully" message. If not then your PC software is incorrectly -installed or your smb.conf is incorrect. make sure your "hosts allow" -and other config lines in smb.conf are correct. +installed or your smb.conf is incorrect. make sure your <command>hosts allow</command> +and other config lines in &smb.conf; are correct. </para> <para> It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the +connect you as. To see if this is the problem add the line <command>user = +<replaceable>username</replaceable></command> to the <command>[tmp]</command> section of +&smb.conf; where <replaceable>username</replaceable> is the username corresponding to the password you typed. If you find this fixes things you may need the username mapping option. </para> <para> It might also be the case that your client only sends encrypted passwords -and you have <command>encrypt passwords = no</command> in <filename>smb.conf</filename>. +and you have <command>encrypt passwords = no</command> in &smb.conf; Turn it back on to fix. </para> @@ -440,8 +444,8 @@ Turn it back on to fix. <step performance="required"> <para> -Run the command <command>nmblookup -M TESTGROUP</command> where -TESTGROUP is the name of the workgroup that your Samba server and +Run the command <userinput>nmblookup -M <replaceable>testgroup</replaceable></userinput> where +<replaceable>testgroup</replaceable> is the name of the workgroup that your Samba server and Windows PCs belong to. You should get back the IP address of the master browser for that workgroup. </para> @@ -449,7 +453,7 @@ master browser for that workgroup. <para> If you don't then the election process has failed. Wait a minute to see if it is just being slow then try again. If it still fails after -that then look at the browsing options you have set in smb.conf. Make +that then look at the browsing options you have set in &smb.conf;. Make sure you have <command>preferred master = yes</command> to ensure that an election is held at startup. </para> @@ -468,8 +472,8 @@ is refusing to browse a server that has no encrypted password capability and is in user level security mode. In this case either set <command>security = server</command> AND <command>password server = Windows_NT_Machine</command> in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile). +&smb.conf; file, or make sure <command>encrypted passwords</command> is +set to "yes". </para> </step> @@ -488,10 +492,6 @@ out the samba web page at <ulink url="http://samba.org/samba">http://samba.org/samba/</ulink> </para> -<para> -Also look at the other docs in the Samba package! -</para> - </sect1> </chapter> diff --git a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml index 8aea87fe24..e037da4aeb 100644 --- a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml +++ b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml @@ -11,12 +11,12 @@ <para> Starting with Samba 3.0 alpha 2, a new group mapping function is available. The current method (likely to change) to manage the groups is a new command called -<command>smbgroupedit</command>. +&smbgroupedit;. </para> <para> The first immediate reason to use the group mapping on a PDC, is that -the <command>domain admin group</command> of <filename>smb.conf</filename> is +the <command>domain admin group</command> of &smb.conf; is now gone. This parameter was used to give the listed users local admin rights on their workstations. It was some magic stuff that simply worked but didn't scale very well for complex setups. @@ -71,7 +71,7 @@ give access to a certain directory to some users who are member of a group on your samba PDC. Flag that group as a domain group by running: </para> -<para><command>smbgroupedit -a unixgroup -td</command></para> +<para><userinput>smbgroupedit -a unixgroup -td</userinput></para> <para>You can list the various groups in the mapping database like this</para> <para><userinput>smbgroupedit -v</userinput></para> diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml index b48fc3b305..f6ac0be5a4 100644 --- a/docs/docbook/projdoc/Integrating-with-Windows.sgml +++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml @@ -517,7 +517,7 @@ if the TCP/IP setup has been given at least one WINS Server IP Address. <para> To configure Samba to be a WINS server the following parameter needs -to be added to the <filename>smb.conf</filename> file: +to be added to the &smb.conf; file: </para> <para><programlisting> @@ -526,7 +526,7 @@ to be added to the <filename>smb.conf</filename> file: <para> To configure Samba to use a WINS server the following parameters are -needed in the smb.conf file: +needed in the &smb.conf; file: </para> <para><programlisting> diff --git a/docs/docbook/projdoc/InterdomainTrusts.sgml b/docs/docbook/projdoc/InterdomainTrusts.sgml index 20422f9b45..0fc634c544 100644 --- a/docs/docbook/projdoc/InterdomainTrusts.sgml +++ b/docs/docbook/projdoc/InterdomainTrusts.sgml @@ -129,18 +129,18 @@ step will be to issue this command from your favourite shell: </para> <para> -<programlisting> - deity# smbpasswd -a -i rumba +<screen> +<prompt>deity#</prompt> <userinput>smbpasswd -a -i rumba</userinput> New SMB password: XXXXXXXX Retype SMB password: XXXXXXXX Added user rumba$ +</screen> - where: - -a means to add a new account into the passdb database - -i means create this account with the Inter-Domain trust flag +where <parameter>-a</parameter> means to add a new account into the passdb database and <parameter>-i</parameter> means create this account with the Inter-Domain trust flag. +</para> - The account name will be 'rumba$' (the name ofthe remote domain) -</programlisting> +<para> +The account name will be 'rumba$' (the name of the remote domain) </para> <para> @@ -192,15 +192,13 @@ Using your favourite shell while being logged on as root, issue this command: </para> <para> -<programlisting> - deity# net rpc trustdom establish rumba -</programlisting> +<prompt>deity# </prompt><userinput>net rpc trustdom establish rumba</userinput> </para> <para> You'll be prompted for password you've just typed on your Windows NT4 Server box. Don't worry if you will see the error message with returned code of -<filename>NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT</filename>. It means the +<errorname>NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT</errorname>. It means the password you gave is correct and the NT4 Server says the account is ready for trusting your domain and not for ordinary connection. After that, be patient it can take a while (especially in large networks), you should see 'Success' message. Contgratulations! Your trust @@ -209,7 +207,7 @@ relationship has just been established. <note><para> Note that you have to run this command as root, since you need write access to -your secrets.tdb file. +your <filename>secrets.tdb</filename> file. </para></note> </sect2> diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml index 65072ef4ff..9bff25337c 100644 --- a/docs/docbook/projdoc/NT_Security.sgml +++ b/docs/docbook/projdoc/NT_Security.sgml @@ -297,8 +297,7 @@ <para>If you want to set up a share that allows users full control in modifying the permission bits on their files and directories and doesn't force any particular bits to be set 'on', then set the following - parameters in the <ulink url="smb.conf.5.html"><filename>smb.conf(5) - </filename></ulink> file in that share specific section :</para> + parameters in the &smb.conf; file in that share specific section :</para> <para><parameter>security mask = 0777</parameter></para> <para><parameter>force security mode = 0</parameter></para> diff --git a/docs/docbook/projdoc/Portability.sgml b/docs/docbook/projdoc/Portability.sgml index 61a694e130..39ed37585f 100644 --- a/docs/docbook/projdoc/Portability.sgml +++ b/docs/docbook/projdoc/Portability.sgml @@ -180,9 +180,42 @@ Corrective Action: Delete the entry after the word loopback <title>Sequential Read Ahead</title> <!-- From an email by William Jojo <jojowil@hvcc.edu> --> <para> -Disabling Sequential Read Ahead using "vmtune -r 0" improves +Disabling Sequential Read Ahead using <userinput>vmtune -r 0</userinput> improves samba performance significally. </para> </sect2> </sect1> + +<sect1> +<title>Solaris</title> + +<para>Some people have been experiencing problems with F_SETLKW64/fcntl +when running samba on solaris. The built in file locking mechanism was +not scalable. Performance would degrade to the point where processes would +get into loops of trying to lock a file. It woul try a lock, then fail, +then try again. The lock attempt was failing before the grant was +occurring. So the visible manifestation of this would be a handful of +processes stealing all of the CPU, and when they were trussed they would +be stuck if F_SETLKW64 loops. +</para> + +<para> +Sun released patches for Solaris 2.6, 8, and 9. The patch for Solaris 7 +has not been released yet. +</para> + +<para> +The patch revision for 2.6 is 105181-34 +for 8 is 108528-19 +and for 9 is 112233-04 +</para> + +<para> +After the install of these patches it is recommended to reconfigure +and rebuild samba. +</para> + +<para>Thanks to Joe Meslovich for reporting</para> +</sect1> + </chapter> diff --git a/docs/docbook/projdoc/ProfileMgmt.sgml b/docs/docbook/projdoc/ProfileMgmt.sgml index 94bc60b464..13ec698384 100644 --- a/docs/docbook/projdoc/ProfileMgmt.sgml +++ b/docs/docbook/projdoc/ProfileMgmt.sgml @@ -11,8 +11,7 @@ <warning> <para> -<emphasis>NOTE!</emphasis> Roaming profiles support is different for Win9x / Me -and Windows NT4/200x. +Roaming profiles support is different for Win9x / Me and Windows NT4/200x. </para> </warning> @@ -52,15 +51,14 @@ following (for example): <para> <programlisting> logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath +</programlisting> This is typically implemented like: +<programlisting> logon path = \\%L\Profiles\%u - - where: - %L translates to the name of the Samba server - %u translates to the user name </programlisting> +where %L translates to the name of the Samba server and %u translates to the user name </para> <para> @@ -74,7 +72,7 @@ symantics of %L and %N, as well as %U and %u. <note> <para> MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the <emphasis>homes</emphasis> +between logons. It is recommended to NOT use the <command>homes</command> meta-service name as part of the profile share path. </para> </note> @@ -85,14 +83,14 @@ meta-service name as part of the profile share path. <para> To support Windows 9x / Me clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter. +now been fixed so that <userinput>net use /home</userinput> now works as well, and it, too, relies +on the <command>logon home</command< parameter. </para> <para> By using the logon home parameter, you are restricted to putting Win9x / Me profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your smb.conf file: +can use. If you set the following in the <command>[global]</command> section of your &smb.conf; file: </para> <para><programlisting> logon home = \\%L\%U\.profiles @@ -100,14 +98,14 @@ can use. If you set the following in the [global] section of your smb.conf file: <para> then your Windows 9x / Me clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden). +of your home directory called <filename>.profiles</filename> (thus making them hidden). </para> <para> -Not only that, but 'net use/home' will also work, because of a feature in +Not only that, but <userinput>net use/home</userinput> will also work, because of a feature in Windows 9x / Me. It removes any directory stuff off the end of the home directory area and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home". +specified \\%L\%U for <command>logon home</command>. </para> </sect3> @@ -116,7 +114,7 @@ specified \\%L\%U for "logon home". <para> You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example: +<command>logon home</command> and <command>logon path</command> parameters. For example: </para> <para><programlisting> diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml index 451ab02762..a0927ec888 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml @@ -315,7 +315,7 @@ for this including: file allows the creation of arbitrary user and machine accounts without requiring that account to be added to the system (/etc/passwd) file. It too requires the specification of the "non unix account range" option - in the [globals] section of the smb.conf file. + in the [globals] section of the &smb.conf; file. </para></listitem> <listitem><para> @@ -329,6 +329,9 @@ for this including: </para></listitem> </itemizedlist> +<para>Read the chapter about the <link linkend="passdb">User Database</link> +for details.</para> + <para> A Samba PDC, however, stores each machine trust account in two parts, as follows: @@ -418,7 +421,7 @@ as shown here: </para> <para> -<prompt>root# </prompt><command>smbpasswd -a -m <replaceable>machine_name</replaceable></command> +<prompt>root# </prompt><userinput>smbpasswd -a -m <replaceable>machine_name</replaceable></userinput> </para> <para> diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml index df038510af..6deb0c915e 100644 --- a/docs/docbook/projdoc/UNIX_INSTALL.sgml +++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml @@ -14,11 +14,11 @@ <para>Binary packages of samba are included in almost any Linux or Unix distribution. There are also some packages available at - <ulink url="http://samba.org/">the samba homepage</ulink> + <ulink url="http://samba.org/">the samba homepage</ulink>. </para> <para>If you need to compile samba from source, check the - appropriate appendix chapter.</para> + <link linkend="compiling">appropriate appendix chapter</link>.</para> </sect1> <sect1> @@ -32,7 +32,7 @@ is included with samba.</para> <sect2> - <title>Editing the smb.conf file</title> + <title>Editing the <filename>smb.conf</filename> file</title> <para>There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them @@ -43,36 +43,33 @@ something like this:</para> <para><programlisting> - [global] - workgroup = MYGROUP +[global] + workgroup = MYGROUP - [homes] - guest ok = no - read only = no +[homes] + guest ok = no + read only = no </programlisting></para> <para>which would allow connections by anyone with an account on the server, using either their login name or - "homes" as the service name. (Note that I also set the + "<command>homes</command>" as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details)</para> - <para>Note that <command>make install</command> will not install - a <filename>smb.conf</filename> file. You need to create it - yourself. </para> - - <para>Make sure you put the smb.conf file in the same place + <para>Make sure you put the <filename>smb.conf</filename> file in the same place you specified in the<filename>Makefile</filename> (the default is to look for it in <filename>/usr/local/samba/lib/</filename>).</para> <para>For more information about security settings for the - [homes] share please refer to the document UNIX_SECURITY.txt.</para> + <command>[homes]</command> share please refer to the chapter + <link linkend="securing-samba">Securing Samba</link>.</para> <sect3> <title>Test your config file with <command>testparm</command></title> <para>It's important that you test the validity of your - <filename>smb.conf</filename> file using the testparm program. + <filename>smb.conf</filename> file using the <application>testparm</application> program. If testparm runs OK then it will list the loaded services. If not it will give an error message.</para> @@ -133,16 +130,17 @@ //yourhostname/aservice</replaceable></userinput></para> <para>Typically the <replaceable>yourhostname</replaceable> - would be the name of the host where you installed <command> - smbd</command>. The <replaceable>aservice</replaceable> is - any service you have defined in the <filename>smb.conf</filename> - file. Try your user name if you just have a [homes] section - in <filename>smb.conf</filename>.</para> + would be the name of the host where you installed &smbd;. + The <replaceable>aservice</replaceable> is + any service you have defined in the &smb.conf; + file. Try your user name if you just have a <command>[homes]</command> + section + in &smb.conf;.</para> - <para>For example if your unix host is bambi and your login - name is fred you would type:</para> + <para>For example if your unix host is <replaceable>bambi</replaceable> + and your login name is <replaceable>fred</replaceable> you would type:</para> - <para><prompt>$ </prompt><userinput>smbclient //bambi/fred + <para><prompt>$ </prompt><userinput>smbclient //<replaceable>bambi</replaceable>/<replaceable>fred</replaceable> </userinput></para> </sect1> @@ -157,21 +155,18 @@ <para>Try printing. eg:</para> - - <para><prompt>C:\WINDOWS\> </prompt><userinput>net use lpt1: \\servername\spoolservice</userinput></para> <para><prompt>C:\WINDOWS\> </prompt><userinput>print filename </userinput></para> - - <para>Celebrate, or send me a bug report!</para> </sect1> <sect1> <title>What If Things Don't Work?</title> - <para>Then you might read the file HOWTO chapter Diagnosis and the + <para>Then you might read the file chapter + <link linkend="diagnosis">Diagnosis</link> and the FAQ. If you are still stuck then try the mailing list or newsgroup (look in the README for details). Samba has been successfully installed at thousands of sites worldwide, so maybe diff --git a/docs/docbook/projdoc/passdb.sgml b/docs/docbook/projdoc/passdb.sgml index 362cf97064..d7b54a38e8 100644 --- a/docs/docbook/projdoc/passdb.sgml +++ b/docs/docbook/projdoc/passdb.sgml @@ -114,23 +114,22 @@ <member>Windows 200x Server/Advanced Server</member> <member>Windows XP Professional</member> </simplelist> - - <para><emphasis>Note :</emphasis>All current release of - Microsoft SMB/CIFS clients support authentication via the - SMB Challenge/Response mechanism described here. Enabling - clear text authentication does not disable the ability - of the client to participate in encrypted authentication.</para> - - - <para>MS Windows clients will cache the encrypted password alone. - Even when plain text passwords are re-enabled, through the appropriate - registry change, the plain text password is NEVER cached. This means that - in the event that a network connections should become disconnected (broken) - only the cached (encrypted) password will be sent to the resource server - to affect a auto-reconnect. If the resource server does not support encrypted - passwords the auto-reconnect will fail. <emphasis>USE OF ENCRYPTED PASSWORDS - IS STRONGLY ADVISED.</emphasis></para> </warning> + + <note><para>All current release of + Microsoft SMB/CIFS clients support authentication via the + SMB Challenge/Response mechanism described here. Enabling + clear text authentication does not disable the ability + of the client to participate in encrypted authentication.</para></note> + + <para>MS Windows clients will cache the encrypted password alone. + Even when plain text passwords are re-enabled, through the appropriate + registry change, the plain text password is NEVER cached. This means that + in the event that a network connections should become disconnected (broken) + only the cached (encrypted) password will be sent to the resource server + to affect a auto-reconnect. If the resource server does not support encrypted + passwords the auto-reconnect will fail. <emphasis>USE OF ENCRYPTED PASSWORDS + IS STRONGLY ADVISED.</emphasis></para> <sect2> <title>Advantages of SMB Encryption</title> diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index dc339db4aa..6ed6e1a717 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -47,13 +47,13 @@ <editor>&person.jelmer;</editor> <editor>&person.jerry;</editor> - <pubdate>Friday 4 April</pubdate> + <pubdate>Sunday 6 April</pubdate> <abstract> <para> This book is a collection of HOWTOs added to Samba documentation over the years. -I try to ensure that all are current, but sometimes the is a larger job -than one person can maintain. The most recent version of this document +Samba is always under development, and so is it's documentation. +The most recent version of this document can be found at <ulink url="http://www.samba.org/">http://www.samba.org/</ulink> on the "Documentation" page. Please send updates to <ulink url="mailto:jerry@samba.org">jerry@samba.org</ulink> or @@ -107,8 +107,7 @@ for various environments. <title>Advanced Configuration</title> <partintro> <title>Introduction</title> -<para>Samba has several features that you might want or might not want to use. The chapters in this -part each cover one specific feature.</para> +<para>Samba has several features that you might want or might not want to use. The chapters in this part each cover one specific feature.</para> </partintro> &NT-Security; &GROUP-MAPPING-HOWTO; diff --git a/docs/docbook/projdoc/securing-samba.sgml b/docs/docbook/projdoc/securing-samba.sgml index 03d0c3d9e7..88e216ac58 100644 --- a/docs/docbook/projdoc/securing-samba.sgml +++ b/docs/docbook/projdoc/securing-samba.sgml @@ -29,8 +29,8 @@ especially vulnerable. </para> <para> -One of the simplest fixes in this case is to use the 'hosts allow' and -'hosts deny' options in the Samba smb.conf configuration file to only +One of the simplest fixes in this case is to use the <command>hosts allow</command> and +<command>hosts deny</command> options in the Samba &smb.conf; configuration file to only allow access to your server from a specific range of hosts. An example might be: </para> @@ -167,7 +167,7 @@ methods listed above for some reason. <title>Upgrading Samba</title> <para> -Please check regularly on http://www.samba.org/ for updates and +Please check regularly on <ulink url="http://www.samba.org/">http://www.samba.org/</ulink> for updates and important announcements. Occasionally security releases are made and it is highly recommended to upgrade Samba when a security vulnerability is discovered. diff --git a/docs/docbook/projdoc/security_level.sgml b/docs/docbook/projdoc/security_level.sgml index 1c4c3f61ca..99f21aec5d 100644 --- a/docs/docbook/projdoc/security_level.sgml +++ b/docs/docbook/projdoc/security_level.sgml @@ -83,7 +83,7 @@ level security. They normally send a valid username but no password. Samba records this username in a list of "possible usernames". When the client then does a "tree connection" it also adds to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the "user =" smb.conf +home directories) and any users listed in the <command>user =</command> &smb.conf; line. The password is then checked in turn against these "possible usernames". If a match is found then the client is authenticated as that user. @@ -221,7 +221,7 @@ for support of encrypted passwords: <title>Use MS Windows NT as an authentication server</title> <para> -This method involves the additions of the following parameters in the smb.conf file: +This method involves the additions of the following parameters in the &smb.conf; file: </para> <para><programlisting> @@ -270,7 +270,7 @@ all authentication requests to be passed through to the domain controllers. <title>Samba as a member of an MS Windows NT security domain</title> <para> -This method involves additon of the following paramters in the smb.conf file: +This method involves additon of the following paramters in the &smb.conf; file: </para> <para><programlisting> @@ -281,7 +281,7 @@ This method involves additon of the following paramters in the smb.conf file: </programlisting></para> <para> -The use of the "*" argument to "password server" will cause samba to locate the +The use of the "*" argument to <command>password server</command> will cause samba to locate the domain controller in a way analogous to the way this is done within MS Windows NT. This is the default behaviour. </para> diff --git a/docs/docbook/projdoc/unicode.sgml b/docs/docbook/projdoc/unicode.sgml index 705a389e41..d44e8ea291 100644 --- a/docs/docbook/projdoc/unicode.sgml +++ b/docs/docbook/projdoc/unicode.sgml @@ -58,7 +58,7 @@ samba knows of three kinds of character sets: <term>unix charset</term> <listitem><para> This is the charset used internally by your operating system. - The default is <emphasis>ASCII</emphasis>, which is fine for most + The default is <constant>ASCII</constant>, which is fine for most systems. </para></listitem> </varlistentry> @@ -81,7 +81,5 @@ samba knows of three kinds of character sets: </varlistentry> </variablelist> -<para> - </sect1> </chapter> diff --git a/docs/docbook/projdoc/upgrading-to-3.0.sgml b/docs/docbook/projdoc/upgrading-to-3.0.sgml index ec4b29386a..3dc4816664 100644 --- a/docs/docbook/projdoc/upgrading-to-3.0.sgml +++ b/docs/docbook/projdoc/upgrading-to-3.0.sgml @@ -12,7 +12,7 @@ <para>You might experience problems with special characters when communicating with old DOS clients. Codepage support has changed in samba 3.0. Read the chapter -Unicode support for details. +<link linkend="unicode">Unicode support</link> for details. </para> </sect1> |