summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2002-08-28 08:49:02 +0000
committerJelmer Vernooij <jelmer@samba.org>2002-08-28 08:49:02 +0000
commit826f72a7c0c6ff3f530b819f1100f5f8d20910fa (patch)
treecd2c25a53950babbad677cc22bff6ec44ecb13b4 /docs
parent9785c61c899f4180290fd6feb41a764cc773fcaa (diff)
downloadsamba-826f72a7c0c6ff3f530b819f1100f5f8d20910fa.tar.gz
samba-826f72a7c0c6ff3f530b819f1100f5f8d20910fa.tar.bz2
samba-826f72a7c0c6ff3f530b819f1100f5f8d20910fa.zip
Remove obsolete text docs
(This used to be commit 844d7254686b4a0429f30b4d4711387429172224)
Diffstat (limited to 'docs')
-rw-r--r--docs/textdocs/BROWSING.txt559
-rw-r--r--docs/textdocs/BUGS.txt135
-rw-r--r--docs/textdocs/DIAGNOSIS.txt321
-rw-r--r--docs/textdocs/DNIX.txt69
-rw-r--r--docs/textdocs/GROUP-MAPPING-HOWTO.txt60
-rw-r--r--docs/textdocs/INSTALL.sambatar33
-rw-r--r--docs/textdocs/Imprints.txt47
-rw-r--r--docs/textdocs/Macintosh_Clients.txt23
-rw-r--r--docs/textdocs/NetBIOS.txt152
-rw-r--r--docs/textdocs/Printing.txt255
-rw-r--r--docs/textdocs/README.sambatar23
-rw-r--r--docs/textdocs/SCO.txt19
-rw-r--r--docs/textdocs/SMBTAR.notes46
-rw-r--r--docs/textdocs/Solaris-Winbind-HOWTO.txt361
-rw-r--r--docs/textdocs/Speed.txt338
-rw-r--r--docs/textdocs/Speed2.txt57
-rw-r--r--docs/textdocs/Win95.txt74
-rw-r--r--docs/textdocs/WinNT.txt104
-rw-r--r--docs/textdocs/security_level.txt100
19 files changed, 0 insertions, 2776 deletions
diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt
deleted file mode 100644
index 2ca41e5624..0000000000
--- a/docs/textdocs/BROWSING.txt
+++ /dev/null
@@ -1,559 +0,0 @@
-Author/s: Many (Thanks to Luke, Jeremy, Andrew, etc.)
-Updated: July 5, 1998
-Status: Current - For VERY Advanced Users ONLY
-
-Summary: This describes how to configure Samba for improved browsing.
-=====================================================================
-
-OVERVIEW:
-=========
-
-SMB networking provides a mechanism by which clients can access a list
-of machines in a network, a so-called "browse list". This list
-contains machines that are ready to offer file and/or print services
-to other machines within the network. Thus it does not include
-machines which aren't currently able to do server tasks. The browse
-list is heavily used by all SMB clients. Configuration of SMB
-browsing has been problematic for some Samba users, hence this
-document.
-
-Browsing will NOT work if name resolution from NetBIOS names to IP
-addresses does not function correctly. Use of a WINS server is highly
-recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
-WINS allows remote segment clients to obtain NetBIOS name_type information
-that can NOT be provided by any other means of name resolution.
-
-=====================================================================
-
-BROWSING
-========
-Samba now fully supports browsing. The browsing is supported by nmbd
-and is also controlled by options in the smb.conf file (see smb.conf(5)).
-
-Samba can act as a local browse master for a workgroup and the ability
-for samba to support domain logons and scripts is now available. See
-DOMAIN.txt for more information on domain logons.
-
-Samba can also act as a domain master browser for a workgroup. This
-means that it will collate lists from local browse masters into a
-wide area network server list. In order for browse clients to
-resolve the names they may find in this list, it is recommended that
-both samba and your clients use a WINS server.
-
-Note that you should NOT set Samba to be the domain master for a
-workgroup that has the same name as an NT Domain: on each wide area
-network, you must only ever have one domain master browser per workgroup,
-regardless of whether it is NT, Samba or any other type of domain master
-that is providing this service.
-
-[Note that nmbd can be configured as a WINS server, but it is not
-necessary to specifically use samba as your WINS server. NTAS can
-be configured as your WINS server. In a mixed NT server and
-samba environment on a Wide Area Network, it is recommended that
-you use the NT server's WINS server capabilities. In a samba-only
-environment, it is recommended that you use one and only one nmbd
-as your WINS server].
-
-To get browsing to work you need to run nmbd as usual, but will need
-to use the "workgroup" option in smb.conf to control what workgroup
-Samba becomes a part of.
-
-Samba also has a useful option for a Samba server to offer itself for
-browsing on another subnet. It is recommended that this option is only
-used for 'unusual' purposes: announcements over the internet, for
-example. See "remote announce" in the smb.conf man page.
-
-If something doesn't work then hopefully the log.nmb file will help
-you track down the problem. Try a debug level of 2 or 3 for finding
-problems. Also note that the current browse list usually gets stored
-in text form in a file called browse.dat.
-
-Note that if it doesn't work for you, then you should still be able to
-type the server name as \\SERVER in filemanager then hit enter and
-filemanager should display the list of available shares.
-
-Some people find browsing fails because they don't have the global
-"guest account" set to a valid account. Remember that the IPC$
-connection that lists the shares is done as guest, and thus you must
-have a valid guest account.
-
-Also, a lot of people are getting bitten by the problem of too many
-parameters on the command line of nmbd in inetd.conf. This trick is to
-not use spaces between the option and the parameter (eg: -d2 instead
-of -d 2), and to not use the -B and -N options. New versions of nmbd
-are now far more likely to correctly find your broadcast and network
-address, so in most cases these aren't needed.
-
-The other big problem people have is that their broadcast address,
-netmask or IP address is wrong (specified with the "interfaces" option
-in smb.conf)
-
-
-BROWSING ACROSS SUBNETS
-=======================
-
-With the release of Samba 1.9.17(alpha1 and above) Samba has been
-updated to enable it to support the replication of browse lists
-across subnet boundaries. New code and options have been added to
-achieve this. This section describes how to set this feature up
-in different settings.
-
-To see browse lists that span TCP/IP subnets (ie. networks separated
-by routers that don't pass broadcast traffic) you must set up at least
-one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing
-NetBIOS name to IP address translation to be done by doing a direct
-query of the WINS server. This is done via a directed UDP packet on
-port 137 to the WINS server machine. The reason for a WINS server is
-that by default, all NetBIOS name to IP address translation is done
-by broadcasts from the querying machine. This means that machines
-on one subnet will not be able to resolve the names of machines on
-another subnet without using a WINS server.
-
-Remember, for browsing across subnets to work correctly, all machines,
-be they Windows 95, Windows NT, or Samba servers must have the IP address
-of a WINS server given to them by a DHCP server, or by manual configuration
-(for Win95 and WinNT, this is in the TCP/IP Properties, under Network
-settings) for Samba this is in the smb.conf file.
-
-How does cross subnet browsing work ?
-=====================================
-
-Cross subnet browsing is a complicated dance, containing multiple
-moving parts. It has taken Microsoft several years to get the code
-that achieves this correct, and Samba lags behind in some areas.
-However, with the 1.9.17 release, Samba is capable of cross subnet
-browsing when configured correctly.
-
-Consider a network set up as follows :
-
- (DMB)
- N1_A N1_B N1_C N1_D N1_E
- | | | | |
- -------------------------------------------------------
- | subnet 1 |
- +---+ +---+
- |R1 | Router 1 Router 2 |R2 |
- +---+ +---+
- | |
- | subnet 2 subnet 3 |
- -------------------------- ------------------------------------
- | | | | | | | |
- N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D
- (WINS)
-
-Consisting of 3 subnets (1, 2, 3) conneted by two routers
-(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines
-on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume
-for the moment that all these machines are configured to be in the
-same workgroup (for simplicities sake). Machine N1_C on subnet 1
-is configured as Domain Master Browser (ie. it will collate the
-browse lists for the workgroup). Machine N2_D is configured as
-WINS server and all the other machines are configured to register
-their NetBIOS names with it.
-
-As all these machines are booted up, elections for master browsers
-will take place on each of the three subnets. Assume that machine
-N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
-subnet 3 - these machines are known as local master browsers for
-their particular subnet. N1_C has an advantage in winning as the
-local master browser on subnet 1 as it is set up as Domain Master
-Browser.
-
-On each of the three networks, machines that are configured to
-offer sharing services will broadcast that they are offering
-these services. The local master browser on each subnet will
-receive these broadcasts and keep a record of the fact that
-the machine is offering a service. This list of records is
-the basis of the browse list. For this case, assume that
-all the machines are configured to offer services so all machines
-will be on the browse list.
-
-For each network, the local master browser on that network is
-considered 'authoritative' for all the names it receives via
-local broadcast. This is because a machine seen by the local
-master browser via a local broadcast must be on the same
-network as the local master browser and thus is a 'trusted'
-and 'verifiable' resource. Machines on other networks that
-the local master browsers learn about when collating their
-browse lists have not been directly seen - these records are
-called 'non-authoritative'.
-
-At this point the browse lists look as follows (these are
-the machines you would see in your network neighborhood if
-you looked in it on a particular network right now).
-
-Subnet Browse Master List
------- ------------- ----
-Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E
-
-Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
-
-Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
-
-Note that at this point all the subnets are separate, no
-machine is seen across any of the subnets.
-
-Now examine subnet 2. As soon as N2_B has become the local
-master browser it looks for a Domain master browser to synchronize
-its browse list with. It does this by querying the WINS server
-(N2_D) for the IP address associated with the NetBIOS name
-WORKGROUP<1B>. This name was registerd by the Domain master
-browser (N1_C) with the WINS server as soon as it was booted.
-
-Once N2_B knows the address of the Domain master browser it
-tells it that is the local master browser for subnet 2 by
-sending a MasterAnnouncement packet as a UDP port 138 packet.
-It then synchronizes with it by doing a NetServerEnum2 call. This
-tells the Domain Master Browser to send it all the server
-names it knows about. Once the domain master browser receives
-the MasterAnnouncement packet it schedules a synchronization
-request to the sender of that packet. After both synchronizations
-are done the browse lists look like :
-
-Subnet Browse Master List
------- ------------- ----
-Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
- N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
- N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
-
-Servers with a (*) after them are non-authoritative names.
-
-At this point users looking in their network neighborhood on
-subnets 1 or 2 will see all the servers on both, users on
-subnet 3 will still only see the servers on their own subnet.
-
-The same sequence of events that occured for N2_B now occurs
-for the local master browser on subnet 3 (N3_D). When it
-synchronizes browse lists with the domain master browser (N1_A)
-it gets both the server entries on subnet 1, and those on
-subnet 2. After N3_D has synchronized with N1_C and vica-versa
-the browse lists look like.
-
-Subnet Browse Master List
------- ------------- ----
-Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
- N2_A(*), N2_B(*), N2_C(*), N2_D(*),
- N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
- N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
- N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
- N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Servers with a (*) after them are non-authoritative names.
-
-At this point users looking in their network neighborhood on
-subnets 1 or 3 will see all the servers on all sunbets, users on
-subnet 2 will still only see the servers on subnets 1 and 2, but not 3.
-
-Finally, the local master browser for subnet 2 (N2_B) will sync again
-with the domain master browser (N1_C) and will recieve the missing
-server entries. Finally - and as a steady state (if no machines
-are removed or shut off) the browse lists will look like :
-
-Subnet Browse Master List
------- ------------- ----
-Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
- N2_A(*), N2_B(*), N2_C(*), N2_D(*),
- N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
- N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
- N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
- N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
- N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Servers with a (*) after them are non-authoritative names.
-
-Synchronizations between the domain master browser and local
-master browsers will continue to occur, but this should be a
-steady state situation.
-
-If either router R1 or R2 fails the following will occur:
-
-1) Names of computers on each side of the inaccessible network fragments
-will be maintained for as long as 36 minutes, in the network neighbourhood
-lists.
-
-2) Attempts to connect to these inaccessible computers will fail, but the
-names will not be removed from the network neighbourhood lists.
-
-3) If one of the fragments is cut off from the WINS server, it will only
-be able to access servers on its local subnet, by using subnet-isolated
-broadcast NetBIOS name resolution. The effects are similar to that of
-losing access to a DNS server.
-
-Setting up a WINS server
-========================
-
-Either a Samba machine or a Windows NT Server machine may be set up
-as a WINS server. To set a Samba machine to be a WINS server you must
-add the following option to the smb.conf file on the selected machine :
-in the [globals] section add the line
-
- wins support = yes
-
-Versions of Samba previous to 1.9.17 had this parameter default to
-yes. If you have any older versions of Samba on your network it is
-strongly suggested you upgrade to 1.9.17 or above, or at the very
-least set the parameter to 'no' on all these machines.
-
-Machines with "wins support = yes" will keep a list of all NetBIOS
-names registered with them, acting as a DNS for NetBIOS names.
-
-You should set up only ONE wins server. Do NOT set the
-"wins support = yes" option on more than one Samba server.
-
-To set up a Windows NT Server as a WINS server you need to set up
-the WINS service - see your NT documentation for details. Note that
-Windows NT WINS Servers can replicate to each other, allowing more
-than one to be set up in a complex subnet environment. As Microsoft
-refuse to document these replication protocols Samba cannot currently
-participate in these replications. It is possible in the future that
-a Samba->Samba WINS replication protocol may be defined, in which
-case more than one Samba machine could be set up as a WINS server
-but currently only one Samba server should have the "wins support = yes"
-parameter set.
-
-After the WINS server has been configured you must ensure that all
-machines participating on the network are configured with the address
-of this WINS server. If your WINS server is a Samba machine, fill in
-the Samba machine IP address in the "Primary WINS Server" field of
-the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs
-in Windows 95 or Windows NT. To tell a Samba server the IP address
-of the WINS server add the following line to the [global] section of
-all smb.conf files :
-
- wins server = <name or IP address>
-
-where <name or IP address> is either the DNS name of the WINS server
-machine or its IP address.
-
-Note that this line MUST NOT BE SET in the smb.conf file of the Samba
-server acting as the WINS server itself. If you set both the
-"wins support = yes" option and the "wins server = <name>" option then
-nmbd will fail to start.
-
-There are two possible scenarios for setting up cross subnet browsing.
-The first details setting up cross subnet browsing on a network containing
-Windows 95, Samba and Windows NT machines that are not configured as
-part of a Windows NT Domain. The second details setting up cross subnet
-browsing on networks that contain NT Domains.
-
-Setting up Browsing in a WORKGROUP
-==================================
-
-To set up cross subnet browsing on a network containing machines
-in up to be in a WORKGROUP, not an NT Domain you need to set up one
-Samba server to be the Domain Master Browser (note that this is *NOT*
-the same as a Primary Domain Controller, although in an NT Domain the
-same machine plays both roles). The role of a Domain master browser is
-to collate the browse lists from local master browsers on all the
-subnets that have a machine participating in the workgroup. Without
-one machine configured as a domain master browser each subnet would
-be an isolated workgroup, unable to see any machines on any other
-subnet. It is the presense of a domain master browser that makes
-cross subnet browsing possible for a workgroup.
-
-In an WORKGROUP environment the domain master browser must be a
-Samba server, and there must only be one domain master browser per
-workgroup name. To set up a Samba server as a domain master browser,
-set the following option in the [global] section of the smb.conf file :
-
- domain master = yes
-
-The domain master browser should also preferrably be the local master
-browser for its own subnet. In order to achieve this set the following
-options in the [global] section of the smb.conf file :
-
- domain master = yes
- local master = yes
- preferred master = yes
- os level = 65
-
-The domain master browser may be the same machine as the WINS
-server, if you require.
-
-Next, you should ensure that each of the subnets contains a
-machine that can act as a local master browser for the
-workgroup. Any NT machine should be able to do this, as will
-Windows 95 machines (although these tend to get rebooted more
-often, so it's not such a good idea to use these). To make a
-Samba server a local master browser set the following
-options in the [global] section of the smb.conf file :
-
- domain master = no
- local master = yes
- preferred master = yes
- os level = 65
-
-Do not do this for more than one Samba server on each subnet,
-or they will war with each other over which is to be the local
-master browser.
-
-The "local master" parameter allows Samba to act as a local master
-browser. The "preferred master" causes nmbd to force a browser
-election on startup and the "os level" parameter sets Samba high
-enough so that it should win any browser elections.
-
-If you have an NT machine on the subnet that you wish to
-be the local master browser then you can disable Samba from
-becoming a local master browser by setting the following
-options in the [global] section of the smb.conf file :
-
- domain master = no
- local master = no
- preferred master = no
- os level = 0
-
-Setting up Browsing in a DOMAIN
-===============================
-
-If you are adding Samba servers to a Windows NT Domain then
-you must not set up a Samba server as a domain master browser.
-By default, a Windows NT Primary Domain Controller for a Domain
-name is also the Domain master browser for that name, and many
-things will break if a Samba server registers the Domain master
-browser NetBIOS name (DOMAIN<1B>) with WINS instead of the PDC.
-
-For subnets other than the one containing the Windows NT PDC
-you may set up Samba servers as local master browsers as
-described. To make a Samba server a local master browser set
-the following options in the [global] section of the smb.conf
-file :
-
- domain master = no
- local master = yes
- preferred master = yes
- os level = 65
-
-If you wish to have a Samba server fight the election with machines
-on the same subnet you may set the "os level" parameter to lower
-levels. By doing this you can tune the order of machines that
-will become local master browsers if they are running. For
-more details on this see the section "FORCING SAMBA TO BE THE MASTER"
-below.
-
-If you have Windows NT machines that are members of the domain
-on all subnets, and you are sure they will always be running then
-you can disable Samba from taking part in browser elections and
-ever becoming a local master browser by setting following options
-in the [global] section of the smb.conf file :
-
- domain master = no
- local master = no
- preferred master = no
- os level = 0
-
-FORCING SAMBA TO BE THE MASTER
-==============================
-
-Who becomes the "master browser" is determined by an election process
-using broadcasts. Each election packet contains a number of parameters
-which determine what precedence (bias) a host should have in the
-election. By default Samba uses a very low precedence and thus loses
-elections to just about anyone else.
-
-If you want Samba to win elections then just set the "os level" global
-option in smb.conf to a higher number. It defaults to 0. Using 34
-would make it win all elections over every other system (except other
-samba systems!)
-
-A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A
-NTAS domain controller uses level 32.
-
-The maximum os level is 255
-
-If you want samba to force an election on startup, then set the
-"preferred master" global option in smb.conf to "yes". Samba will
-then have a slight advantage over other potential master browsers
-that are not preferred master browsers. Use this parameter with
-care, as if you have two hosts (whether they are windows 95 or NT or
-samba) on the same local subnet both set with "preferred master" to
-"yes", then periodically and continually they will force an election
-in order to become the local master browser.
-
-If you want samba to be a "domain master browser", then it is
-recommended that you also set "preferred master" to "yes", because
-samba will not become a domain master browser for the whole of your
-LAN or WAN if it is not also a local master browser on its own
-broadcast isolated subnet.
-
-It is possible to configure two samba servers to attempt to become
-the domain master browser for a domain. The first server that comes
-up will be the domain master browser. All other samba servers will
-attempt to become the domain master browser every 5 minutes. They
-will find that another samba server is already the domain master
-browser and will fail. This provides automatic redundancy, should
-the current domain master browser fail.
-
-
-MAKING SAMBA THE DOMAIN MASTER
-==============================
-
-The domain master is responsible for collating the browse lists of
-multiple subnets so that browsing can occur between subnets. You can
-make samba act as the domain master by setting "domain master = yes"
-in smb.conf. By default it will not be a domain master.
-
-Note that you should NOT set Samba to be the domain master for a
-workgroup that has the same name as an NT Domain.
-
-When samba is the domain master and the master browser it will listen
-for master announcements (made roughly every twelve minutes) from local
-master browsers on other subnets and then contact them to synchronise
-browse lists.
-
-If you want samba to be the domain master then I suggest you also set
-the "os level" high enough to make sure it wins elections, and set
-"preferred master" to "yes", to get samba to force an election on
-startup.
-
-Note that all your servers (including samba) and clients should be
-using a WINS server to resolve NetBIOS names. If your clients are only
-using broadcasting to resolve NetBIOS names, then two things will occur:
-
-a) your local master browsers will be unable to find a domain master
- browser, as it will only be looking on the local subnet.
-
-b) if a client happens to get hold of a domain-wide browse list, and
- a user attempts to access a host in that list, it will be unable to
- resolve the NetBIOS name of that host.
-
-If, however, both samba and your clients are using a WINS server, then:
-
-a) your local master browsers will contact the WINS server and, as long as
- samba has registered that it is a domain master browser with the WINS
- server, your local master browser will receive samba's ip address
- as its domain master browser.
-
-b) when a client receives a domain-wide browse list, and a user attempts
- to access a host in that list, it will contact the WINS server to
- resolve the NetBIOS name of that host. as long as that host has
- registered its NetBIOS name with the same WINS server, the user will
- be able to see that host.
-
-NOTE ABOUT BROADCAST ADDRESSES
-==============================
-
-If your network uses a "0" based broadcast address (for example if it
-ends in a 0) then you will strike problems. Windows for Workgroups
-does not seem to support a 0's broadcast and you will probably find
-that browsing and name lookups won't work.
-
-
-MULTIPLE INTERFACES
-===================
-
-Samba now supports machines with multiple network interfaces. If you
-have multiple interfaces then you will need to use the "interfaces"
-option in smb.conf to configure them. See smb.conf(5) for details.
-
diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt
deleted file mode 100644
index 247998c6c7..0000000000
--- a/docs/textdocs/BUGS.txt
+++ /dev/null
@@ -1,135 +0,0 @@
-Contributor: Samba Team
-Updated: June 27, 1997
-
-Subject: This file describes how to report Samba bugs.
-============================================================================
-
->> The email address for bug reports is samba@samba.org <<
-
-Please take the time to read this file before you submit a bug
-report. Also, please see if it has changed between releases, as we
-may be changing the bug reporting mechanism at some time.
-
-Please also do as much as you can yourself to help track down the
-bug. Samba is maintained by a dedicated group of people who volunteer
-their time, skills and efforts. We receive far more mail about it than
-we can possibly answer, so you have a much higher chance of an answer
-and a fix if you send us a "developer friendly" bug report that lets
-us fix it fast.
-
-Do not assume that if you post the bug to the comp.protocols.smb
-newsgroup or the mailing list that we will read it. If you suspect that your
-problem is not a bug but a configuration problem then it is better to send
-it to the Samba mailing list, as there are (at last count) 5000 other users on
-that list that may be able to help you.
-
-You may also like to look though the recent mailing list archives,
-which are conveniently accessible on the Samba web pages
-at http://samba.org/samba/
-
-
-GENERAL INFO
-------------
-
-Before submitting a bug report check your config for silly
-errors. Look in your log files for obvious messages that tell you that
-you've misconfigured something and run testparm to test your config
-file for correct syntax.
-
-Have you run through DIAGNOSIS.txt? This is very important.
-
-If you include part of a log file with your bug report then be sure to
-annotate it with exactly what you were doing on the client at the
-time, and exactly what the results were.
-
-
-DEBUG LEVELS
-------------
-
-If the bug has anything to do with Samba behaving incorrectly as a
-server (like refusing to open a file) then the log files will probably
-be very useful. Depending on the problem a log level of between 3 and
-10 showing the problem may be appropriate. A higher level givesmore
-detail, but may use too much disk space.
-
-To set the debug level use "log level =" in your smb.conf. You may
-also find it useful to set the log level higher for just one machine
-and keep separate logs for each machine. To do this use:
-
-log level = 10
-log file = /usr/local/samba/lib/log.%m
-include = /usr/local/samba/lib/smb.conf.%m
-
-then create a file "/usr/local/samba/lib/smb.conf.machine" where
-"machine" is the name of the client you wish to debug. In that file
-put any smb.conf commands you want, for example "log level=" may be
-useful. This also allows you to experiment with different security
-systems, protocol levels etc on just one machine.
-
-The smb.conf entry "log level =" is synonymous with the entry
-"debuglevel =" that has been used in older versions of Samba and
-is being retained for backwards compatibility of smb.conf files.
-
-As the "log level =" value is increased you will record a significantly
-increasing level of debugging information. For most debugging operations
-you may not need a setting higher than 3. Nearly all bugs can be tracked
-at a setting of 10, but be prepared for a VERY large volume of log data.
-
-
-INTERNAL ERRORs
----------------
-
-If you get a "INTERNAL ERROR" message in your log files it means that
-Samba got an unexpected signal while running. It is probably a
-segmentation fault and almost certainly means a bug in Samba (unless
-you have faulty hardware or system software)
-
-If the message came from smbd then it will probably be accompanied by
-a message which details the last SMB message received by smbd. This
-info is often very useful in tracking down the problem so please
-include it in your bug report.
-
-You should also detail how to reproduce the problem, if
-possible. Please make this reasonably detailed.
-
-You may also find that a core file appeared in a "corefiles"
-subdirectory of the directory where you keep your samba log
-files. This file is the most useful tool for tracking down the bug. To
-use it you do this:
-
-gdb smbd core
-
-adding appropriate paths to smbd and core so gdb can find them. If you
-don't have gdb then try "dbx". Then within the debugger use the
-command "where" to give a stack trace of where the problem
-occurred. Include this in your mail.
-
-If you known any assembly language then do a "disass" of the routine
-where the problem occurred (if its in a library routine then
-disassemble the routine that called it) and try to work out exactly
-where the problem is by looking at the surrounding code. Even if you
-don't know assembly then incuding this info in the bug report can be
-useful.
-
-
-ATTACHING TO A RUNNING PROCESS
-------------------------------
-
-Unfortunately some unixes (in particular some recent linux kernels)
-refuse to dump a core file if the task has changed uid (which smbd
-does often). To debug with this sort of system you could try to attach
-to the running process using "gdb smbd PID" where you get PID from
-smbstatus. Then use "c" to continue and try to cause the core dump
-using the client. The debugger should catch the fault and tell you
-where it occurred.
-
-
-PATCHES
--------
-
-The best sort of bug report is one that includes a fix! If you send us
-patches please use "diff -u" format if your version of diff supports
-it, otherwise use "diff -c4". Make sure your do the diff against a
-clean version of the source and let me know exactly what version you
-used.
-
diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt
deleted file mode 100644
index 2816610a9c..0000000000
--- a/docs/textdocs/DIAGNOSIS.txt
+++ /dev/null
@@ -1,321 +0,0 @@
-Contributor: Andrew Tridgell
-Updated: November 1, 1999
-
-Subject: DIAGNOSING YOUR SAMBA SERVER
-===========================================================================
-
-This file contains a list of tests you can perform to validate your
-Samba server. It also tells you what the likely cause of the problem
-is if it fails any one of these steps. If it passes all these tests
-then it is probably working fine.
-
-You should do ALL the tests, in the order shown. I have tried to
-carefully choose them so later tests only use capabilities verified in
-the earlier tests.
-
-If you send me an email saying "it doesn't work" and you have not
-followed this test procedure then you should not be surprised if I
-ignore your email.
-
-
-ASSUMPTIONS
------------
-
-In all of the tests I assume you have a Samba server called BIGSERVER
-and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
-PC is running windows for workgroups with a recent copy of the
-microsoft tcp/ip stack. Alternatively, your PC may be running Windows
-95 or Windows NT (Workstation or Server).
-
-The procedure is similar for other types of clients.
-
-I also assume you know the name of an available share in your
-smb.conf. I will assume this share is called "tmp". You can add a
-"tmp" share like by adding the following to smb.conf:
-
-[tmp]
- comment = temporary files
- path = /tmp
- read only = yes
-
-
-THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME
-COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS
-
-Please pay attention to the error messages you receive. If any error message
-reports that your server is being unfriendly you should first check that you
-IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
-file points to name servers that really do exist.
-
-Also, if you do not have DNS server access for name resolution please check
-that the settings for your smb.conf file results in "dns proxy = no". The
-best way to check this is with "testparm smb.conf"
-
-
-TEST 1:
--------
-
-In the directory in which you store your smb.conf file, run the command
-"testparm smb.conf". If it reports any errors then your smb.conf
-configuration file is faulty.
-
-Note: Your smb.conf file may be located in: /etc
- Or in: /usr/local/samba/lib
-
-
-TEST 2:
--------
-
-run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
-the unix box. If you don't get a valid response then your TCP/IP
-software is not correctly installed.
-
-Note that you will need to start a "dos prompt" window on the PC to
-run ping.
-
-If you get a message saying "host not found" or similar then your DNS
-software or /etc/hosts file is not correctly setup. It is possible to
-run samba without DNS entries for the server and client, but I assume
-you do have correct entries for the remainder of these tests.
-
-Another reason why ping might fail is if your host is running firewall
-software. You will need to relax the rules to let in the workstation
-in question, perhaps by allowing access from another subnet (on Linux
-this is done via the ipfwadm program.)
-
-
-TEST 3:
--------
-
-Run the command "smbclient -L BIGSERVER" on the unix box. You
-should get a list of available shares back.
-
-If you get a error message containing the string "Bad password" then
-you probably have either an incorrect "hosts allow", "hosts deny" or
-"valid users" line in your smb.conf, or your guest account is not
-valid. Check what your guest account is using "testparm" and
-temporarily remove any "hosts allow", "hosts deny", "valid users" or
-"invalid users" lines.
-
-If you get a "connection refused" response then the smbd server may
-not be running. If you installed it in inetd.conf then you probably edited
-that file incorrectly. If you installed it as a daemon then check that
-it is running, and check that the netbios-ssn port is in a LISTEN
-state using "netstat -a".
-
-If you get a "session request failed" then the server refused the
-connection. If it says "Your server software is being unfriendly" then
-its probably because you have invalid command line parameters to smbd,
-or a similar fatal problem with the initial startup of smbd. Also
-check your config file (smb.conf) for syntax errors with "testparm"
-and that the various directories where samba keeps its log and lock
-files exist.
-
-There are a number of reasons for which smbd may refuse or decline
-a session request. The most common of these involve one or more of
-the following smb.conf file entries:
- hosts deny = ALL
- hosts allow = xxx.xxx.xxx.xxx/yy
- bind interfaces only = Yes
-
-In the above, no allowance has been made for any session requests that
-will automatically translate to the loopback adaptor address 127.0.0.1.
-To solve this problem change these lines to:
- hosts deny = ALL
- hosts allow = xxx.xxx.xxx.xxx/yy 127.
-Do NOT use the "bind interfaces only" parameter where you may wish to
-use the samba password change facility, or where smbclient may need to
-access local service for name resolution or for local resource
-connections. (Note: the "bind interfaces only" parameter deficiency
-where it will not allow connections to the loopback address will be
-fixed soon).
-
-Another common cause of these two errors is having something already running
-on port 139, such as Samba (ie: smbd is running from inetd already) or
-something like Digital's Pathworks. Check your inetd.conf file before trying
-to start smbd as a daemon, it can avoid a lot of frustration!
-
-And yet another possible cause for failure of TEST 3 is when the subnet mask
-and / or broadcast address settings are incorrect. Please check that the
-network interface IP Address / Broadcast Address / Subnet Mask settings are
-correct and that Samba has correctly noted these in the log.nmb file.
-
-TEST 4:
--------
-
-Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
-IP address of your Samba server back.
-
-If you don't then nmbd is incorrectly installed. Check your inetd.conf
-if you run it from there, or that the daemon is running and listening
-to udp port 137.
-
-One common problem is that many inetd implementations can't take many
-parameters on the command line. If this is the case then create a
-one-line script that contains the right parameters and run that from
-inetd.
-
-
-TEST 5:
--------
-
-run the command "nmblookup -B ACLIENT '*'"
-
-You should get the PCs IP address back. If you don't then the client
-software on the PC isn't installed correctly, or isn't started, or you
-got the name of the PC wrong.
-
-If ACLIENT doesn't resolve via DNS then use the IP address of the
-client in the above test.
-
-
-TEST 6:
--------
-
-Run the command "nmblookup -d 2 '*'"
-
-This time we are trying the same as the previous test but are trying
-it via a broadcast to the default broadcast address. A number of
-Netbios/TCPIP hosts on the network should respond, although Samba may
-not catch all of the responses in the short time it listens. You
-should see "got a positive name query response" messages from several
-hosts.
-
-If this doesn't give a similar result to the previous test then
-nmblookup isn't correctly getting your broadcast address through its
-automatic mechanism. In this case you should experiment use the
-"interfaces" option in smb.conf to manually configure your IP
-address, broadcast and netmask.
-
-If your PC and server aren't on the same subnet then you will need to
-use the -B option to set the broadcast address to the that of the PCs
-subnet.
-
-This test will probably fail if your subnet mask and broadcast address are
-not correct. (Refer to TEST 3 notes above).
-
-TEST 7:
--------
-
-Run the command "smbclient //BIGSERVER/TMP". You should then be
-prompted for a password. You should use the password of the account
-you are logged into the unix box with. If you want to test with
-another account then add the -U <accountname> option to the end of
-the command line. eg: smbclient //bigserver/tmp -Ujohndoe
-
-Note: It is possible to specify the password along with the username
-as follows:
- smbclient //bigserver/tmp -Ujohndoe%secret
-
-Once you enter the password you should get the "smb>" prompt. If you
-don't then look at the error message. If it says "invalid network
-name" then the service "tmp" is not correctly setup in your smb.conf.
-
-If it says "bad password" then the likely causes are:
-
-- you have shadow passords (or some other password system) but didn't
-compile in support for them in smbd
-- your "valid users" configuration is incorrect
-- you have a mixed case password and you haven't enabled the "password
-level" option at a high enough level
-- the "path =" line in smb.conf is incorrect. Check it with testparm
-- you enabled password encryption but didn't create the SMB encrypted
-password file
-
-Once connected you should be able to use the commands "dir" "get"
-"put" etc. Type "help <command>" for instructions. You should
-especially check that the amount of free disk space shown is correct
-when you type "dir".
-
-
-TEST 8:
--------
-
-On the PC type the command "net view \\BIGSERVER". You will need to do
-this from within a "dos prompt" window. You should get back a list of
-available shares on the server.
-
-If you get a "network name not found" or similar error then netbios
-name resolution is not working. This is usually caused by a problem in
-nmbd. To overcome it you could do one of the following (you only need
-to choose one of them):
-
-- fixup the nmbd installation
-- add the IP address of BIGSERVER to the "wins server" box in the
-advanced tcp/ip setup on the PC.
-- enable windows name resolution via DNS in the advanced section of
-the tcp/ip setup
-- add BIGSERVER to your lmhosts file on the PC.
-
-If you get a "invalid network name" or "bad password error" then the
-same fixes apply as they did for the "smbclient -L" test above. In
-particular, make sure your "hosts allow" line is correct (see the man
-pages)
-
-Also, do not overlook that fact that when the workstation requests the
-connection to the samba server it will attempt to connect using the
-name with which you logged onto your Windows machine. You need to make
-sure that an account exists on your Samba server with that exact same
-name and password.
-
-If you get "specified computer is not receiving requests" or similar
-it probably means that the host is not contactable via tcp services.
-Check to see if the host is running tcp wrappers, and if so add an entry in
-the hosts.allow file for your client (or subnet, etc.)
-
-
-TEST 9:
---------
-
-Run the command "net use x: \\BIGSERVER\TMP". You should be prompted
-for a password then you should get a "command completed successfully"
-message. If not then your PC software is incorrectly installed or your
-smb.conf is incorrect. make sure your "hosts allow" and other config
-lines in smb.conf are correct.
-
-It's also possible that the server can't work out what user name to
-connect you as. To see if this is the problem add the line "user =
-USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
-username corresponding to the password you typed. If you find this
-fixes things you may need the username mapping option.
-
-TEST 10:
---------
-
-Run the command "nmblookup -M TESTGROUP" where TESTGROUP is the name
-of the workgroup that your Samba server and Windows PCs belong to. You
-should get back the IP address of the master browser for that
-workgroup.
-
-If you don't then the election process has failed. Wait a minute to
-see if it is just being slow then try again. If it still fails after
-that then look at the browsing options you have set in smb.conf. Make
-sure you have "preferred master = yes" to ensure that an election is
-held at startup.
-
-TEST 11:
---------
-
-From file manager try to browse the server. Your samba server should
-appear in the browse list of your local workgroup (or the one you
-specified in smb.conf). You should be able to double click on the name
-of the server and get a list of shares. If you get a "invalid
-password" error when you do then you are probably running WinNT and it
-is refusing to browse a server that has no encrypted password
-capability and is in user level security mode. In this case either set
-"security = server" AND "password server = Windows_NT_Machine" in your
-smb.conf file, or enable encrypted passwords AFTER compiling in support
-for encrypted passwords (refer to the Makefile).
-
-
-Still having troubles?
-----------------------
-
-Try the mailing list or newsgroup, or use the tcpdump-smb utility to
-sniff the problem. The official samba mailing list can be reached at
-samba@samba.org. To find out more about samba and how to
-subscribe to the mailing list check out the samba web page at
- http://samba.org/samba
-
-Also look at the other docs in the Samba package!
-
diff --git a/docs/textdocs/DNIX.txt b/docs/textdocs/DNIX.txt
deleted file mode 100644
index 51005e6ec8..0000000000
--- a/docs/textdocs/DNIX.txt
+++ /dev/null
@@ -1,69 +0,0 @@
-DNIX has a problem with seteuid() and setegid(). These routines are
-needed for Samba to work correctly, but they were left out of the DNIX
-C library for some reason.
-
-For this reason Samba by default defines the macro NO_EID in the DNIX
-section of includes.h. This works around the problem in a limited way,
-but it is far from ideal, some things still won't work right.
-
-To fix the problem properly you need to assemble the following two
-functions and then either add them to your C library or link them into
-Samba.
-
-put this in the file setegid.s:
-
- .globl _setegid
-_setegid:
- moveq #47,d0
- movl #100,a0
- moveq #1,d1
- movl 4(sp),a1
- trap #9
- bccs 1$
- jmp cerror
-1$:
- clrl d0
- rts
-
-
-put this in the file seteuid.s:
-
- .globl _seteuid
-_seteuid:
- moveq #47,d0
- movl #100,a0
- moveq #0,d1
- movl 4(sp),a1
- trap #9
- bccs 1$
- jmp cerror
-1$:
- clrl d0
- rts
-
-after creating the above files you then assemble them using
-
-as seteuid.s
-as setegid.s
-
-that should produce the files seteuid.o and setegid.o
-
-then you need to add these to the LIBSM line in the DNIX section of
-the Samba Makefile. Your LIBSM line will then look something like this:
-
-LIBSM = setegid.o seteuid.o -ln
-
-You should then remove the line:
-
-#define NO_EID
-
-from the DNIX section of includes.h
-
-Then recompile and try it out!
-
-Note that this file was derived from an email from Peter Olsson
-<pol@leissner.se>. I don't have DNIX myself, so you're probably better
-off contacting Peter if you have problems.
-
-Andrew
-
diff --git a/docs/textdocs/GROUP-MAPPING-HOWTO.txt b/docs/textdocs/GROUP-MAPPING-HOWTO.txt
deleted file mode 100644
index c266f56548..0000000000
--- a/docs/textdocs/GROUP-MAPPING-HOWTO.txt
+++ /dev/null
@@ -1,60 +0,0 @@
-Samba 3.0 prealpha guide to group mapping
----------------------------------------------------
-
-Jean François Micouleau (jfm@samba.org)
-
-Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
-current method (likely to change) to manage the groups is a new command called
-smbgroupedit.
-
-The first immediate reason to use the group mapping on a PDC, is that
-the 'domain admin group' of smb.conf is now gone. This parameter was
-used to give the listed users local admin rights on their
-workstations. It was some magic stuff that simply worked but didn't
-scale very well for complex setups.
-
-Let me explain how it works on NT/W2K, to have this magic fade away.
-When installing NT/W2K on a computer, the installer program creates some users
-and groups. Notably the 'Administrators' group, and gives to that group some
-privileges like the ability to change the date and time or to kill any process
-(or close too) running on the local machine. The 'Administrator' user is a
-member of the 'Administrators' group, and thus 'inherit' the 'Administrators'
-group privileges. If a 'joe' user is created and become a member of the
-'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.
-
-When a NT/W2K machine is joined to a domain, during that phase, the "Domain
-Administrators' group of the PDC is added to the 'Administrators' group of the
-workstation. Every members of the 'Domain Administrators' group 'inherit' the
-rights of the 'Administrators' group when logging on the workstation.
-
-
-You are now wondering how to make some of your samba PDC users members of the
-'Domain Administrators' ? That's really easy.
-
-1) create a unix group (usually in /etc/group), let's call it domadm
-2) add to this group the users that must be Administrators. For example if you
-want joe,john and mary, your entry in /etc/group will look like:
-
- domadm:x:502:joe,john,mary
-
-3) map this domadm group to the 'domain admins' group by running the command:
-
- smbgroupedit -c "Domain Admins" -u domadm
-
-you're set, joe, john and mary are domain administrators !
-
-
-
-Like the Domain Admins group, you can map any arbitrary Unix group to any NT
-group. You can also make any Unix group a domain group. For example, on a domain
-member machine (an NT/W2K or a samba server running winbind), you would like to
-give access to a certain directory to some users who are member of a group on
-your samba PDC. Flag that group as a domain group by running:
-
- smbgroupedit -a unixgroup -td
-
-
-You can list the various groups in the mapping database like this
-
- smbgroupedit -v
-
diff --git a/docs/textdocs/INSTALL.sambatar b/docs/textdocs/INSTALL.sambatar
deleted file mode 100644
index 413f54d3c6..0000000000
--- a/docs/textdocs/INSTALL.sambatar
+++ /dev/null
@@ -1,33 +0,0 @@
-Contributor: Ricky Poulten <poultenr@logica.co.uk>
-Date: Unknown
-Status: Current
-
-Subject: Using smbtar
-=============================================================================
-
-Please see the readme and the man page for general info.
-
-1) Follow the samba installation instructions.
-
-2) If all goes well, test it out by creating a share on your PC (called
-backup for example) then doing something like,
-
- ./smbtar -s mypc -t /dev/rmt/0ubn -x backup
-
-substituting whatever your tape drive is for the -t option, or set your
-tape environmental variable.
-
-If all does not go well, feel free to mail the author (poultenr@logica.co.uk)
-about bug reports / help / money / pizza / etc.
-
-3) Read the man page and the NOTES file for more information
-
-4) Work smbtar into your usual nightly backup scheme (presuming you
-have one :-}).
-
-
-NOTE:
-
-If you have problems with smbtar then it's probably best to contact the
-author Ricky Poulten (poultenr@logica.co.uk).
-
diff --git a/docs/textdocs/Imprints.txt b/docs/textdocs/Imprints.txt
deleted file mode 100644
index 4ea9782bd3..0000000000
--- a/docs/textdocs/Imprints.txt
+++ /dev/null
@@ -1,47 +0,0 @@
-==================================================================
-
-
-Imprints (Installation Manager of Printer driver
-Retreival and Installation for Samba) is a project to
-implement a UNIX equivalent of the Windows NT APW.
-It has been taken on in part by the Samba Team, VA Linux
-Systems and Hewlett-Packard. The Imprints toolset seeks
-to provide central repository for users and administrators
-to locate, download, and install all variations Window
-95/98/NT printer drivers on Samba print servers.
-
-The server portion of Imprints is composed of a database
-server which contains information and locations of various
-printer driver packages. This server can be queried over
-standard HTTP get requests and should therefore be available
-to most administrators behind firewalls. The server's
-database consists of records containing data about each
-known printer driver package. For example, each driver
-record contains a URL from which the Imprints installation
-client can download the package as well as a public key which
-can be used to verify the package's integrity.
-
-Once downloaded, the installation client will attempt to
-install the printer driver on the defined remote server
-using the username and password provided by the administrator.
-If the username/password pair can be authenticated by the
-remote server (and has the appropriate authorization), then
-the printer driver(s) is (are) installed and the new Printer
-is created.
-
-From Samba's point of view, the process of creating a new
-printer via the Imprints installation client is identical to
-that of using the Windows NT APW. In fact, Imprints utilizes
-Samba's rpcclient and smbclient tools to issue the same MS-RPC
-and file copy operations as an NT client. This means that
-Imprints can also be used to install printers on remote Windows
-NT print servers.
-
-For more information on Imprints, visit the project homepage
-at
-
- http://imprints.sourceforge.net/.
-
-
-
-
diff --git a/docs/textdocs/Macintosh_Clients.txt b/docs/textdocs/Macintosh_Clients.txt
deleted file mode 100644
index dfac97e1aa..0000000000
--- a/docs/textdocs/Macintosh_Clients.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-> Are there any Macintosh clients for Samba?
-
-Yes. Thursby now have a CIFS Client / Server called DAVE - see
-http://www.thursby.com/
-
-They test it against Windows 95, Windows NT and samba for
-compatibility issues. At the time of writing, DAVE was at version
-1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from
-the Thursby web site (the speed of finder copies has been greatly
-enhanced, and there are bug-fixes included).
-
-Alternatives - There are two free implementations of AppleTalk for
-several kinds of UNIX machnes, and several more commercial ones.
-These products allow you to run file services and print services
-natively to Macintosh users, with no additional support required on
-the Macintosh. The two free omplementations are Netatalk,
-http://www.umich.edu/~rsug/netatalk/, and CAP,
-http://www.cs.mu.oz.au/appletalk/atalk.html. What Samba offers MS
-Windows users, these packages offer to Macs. For more info on these
-packages, Samba, and Linux (and other UNIX-based systems) see
-http://www.eats.com/linux_mac_win.html
-
-
diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt
deleted file mode 100644
index ca0dcc84b7..0000000000
--- a/docs/textdocs/NetBIOS.txt
+++ /dev/null
@@ -1,152 +0,0 @@
-Contributor: lkcl - samba@samba.org
- Copyright 1997 Luke Kenneth Casson Leighton
-Date: March 1997
-Status: Current
-Updated: 12jun97
-
-Subject: Definition of NetBIOS Protocol and Name Resolution Modes
-=============================================================================
-
-=======
-NETBIOS
-=======
-
-NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX.
-Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS
-Session Service NetBIOS Datagram Service, and NetBIOS Names, see
-rfc1001.txt and rfc1002.txt.
-
-NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS
-datagrams to be sent out over the 'wire' embedded within LLC frames.
-NetBEUI is not required when using NetBIOS over TCP/IP protocols and it
-is preferable NOT to install NetBEUI if it can be avoided.
-
-IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is
-preferable NOT to install the IPX/SPX transport unless you are using Novell
-servers. At the very least, it is recommended that you do not install
-'NetBIOS over IPX/SPX'.
-
-[When installing Windows 95, you will find that NetBEUI and IPX/SPX are
-installed as the default protocols. This is because they are the simplest
-to manage: no Windows 95 user-configuration is required].
-
-
-NetBIOS applications (such as samba) offer their services (for example,
-SMB file and print sharing) on a NetBIOS name. They must claim this name
-on the network before doing so. The NetBIOS session service will then
-accept connections on the application's behalf (on the NetBIOS name
-claimed by the application). A NetBIOS session between the application
-and the client can then commence.
-
-NetBIOS names consist of 15 characters plus a 'type' character. This is
-similar, in concept, to an IP address and a TCP port number, respectively.
-A NetBIOS-aware application on a host will offer different services under
-different NetBIOS name types, just as a host will offer different TCP/IP
-services on different port numbers.
-
-NetBIOS names must be claimed on a network, and must be defended. The use
-of NetBIOS names is most suitable on a single subnet; a Local Area Network
-or a Wide Area Network.
-
-NetBIOS names are either UNIQUE or GROUP. Only one application can claim a
-UNIQUE NetBIOS name on a network.
-
-There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point.
-
-
-=================
-BROADCAST NetBIOS
-=================
-
-Clients can claim names, and therefore offer services on successfully claimed
-names, on their broadcast-isolated subnet. One way to get NetBIOS services
-(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
-SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make
-your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
-
-This, however, is not recommended. If you have a large LAN or WAN, you will
-find that some of your hosts spend 95 percent of their time dealing with
-broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find
-that this is already happening: a packet analyzer will show, roughly
-every twelve minutes, great swathes of broadcast traffic!].
-
-
-============
-NBNS NetBIOS
-============
-
-rfc1001.txt describes, amongst other things, the implementation and use
-of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service'
-which is fully rfc1001/2 compliant, but has had to take specific action
-with certain NetBIOS names in order to make it useful. (for example, it
-deals with the registration of <1c> <1d> <1e> names all in different ways.
-I recommend the reading of the Microsoft WINS Server Help files for full
-details).
-
-Samba also offers WINS server capabilities. Samba does not interact
-with NT/AS (WINS replication), so if you have a mixed NT server and
-Samba server environment, it is recommended that you use the NT server's
-WINS capabilities, instead of samba's WINS server capabilities.
-
-The use of a WINS server cuts down on broadcast network traffic for
-NetBIOS name resolution. It has the effect of pulling all the broadcast
-isolated subnets together into a single NetBIOS scope, across your LAN
-or WAN, while avoiding the use of TCP/IP broadcast packets.
-
-When you have a WINS server on your LAN, WINS clients will be able to
-contact the WINS server to resolve NetBIOS names. Note that only those
-WINS clients that have registered with the same WINS server will be
-visible. The WINS server _can_ have static NetBIOS entries added to its
-database (usually for security reasons you might want to consider putting
-your domain controllers or other important servers as static entries,
-but you should not rely on this as your sole means of security), but for
-the most part, NetBIOS names are registered dynamically.
-
-[It is important to mention that samba's browsing capabilities (as a WINS
-client) must have access to a WINS server. if you are using samba also
-as a WINS server, then it will have a direct short-cut into the WINS
-database.
-
-This provides some confusion for lots of people, and is worth mentioning
-here: a Browse Server is NOT a WINS Server, even if these services are
-implemented in the same application. A Browse Server _needs_ a WINS server
-because a Browse Server is a WINS client, which is _not_ the same thing].
-
-Clients can claim names, and therefore offer services on successfully claimed
-names, on their broadcast-isolated subnet. One way to get NetBIOS services
-(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
-SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make
-your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
-You will find, however, if you do this on a large LAN or a WAN, that your
-network is completely swamped by NetBIOS and browsing packets, which is why
-WINS was developed to minimise the necessity of broadcast traffic.
-
-WINS Clients therefore claim names from the WINS server. If the WINS
-server allows them to register a name, the client's NetBIOS session service
-can then offer services on this name. Other WINS clients will then
-contact the WINS server to resolve a NetBIOS name.
-
-
-=======================
-Samba WINS Capabilities
-=======================
-
-To configure samba as a WINS server, you must add "wins support = yes" to
-the [global] section of your smb.conf file. This will enable WINS server
-capabilities in nmbd.
-
-To configure samba as a WINS client, you must add "wins server = x.x.x.x"
-to the [global] section of your smb.conf file, where x.x.x.x is the TCP/IP
-address of your WINS server. The browsing capabilities in nmbd will then
-register (and resolve) WAN-wide NetBIOS names with this WINS server.
-
-Note that if samba has "wins support = yes", then the browsing capabilities
-will _not_ use the "wins server" option to resolve NetBIOS names: it will
-go directly to the internal WINS database for NetBIOS name resolution. It
-is therefore invalid to have both "wins support = yes" and
-"wins server = x.x.x.x". Note, in particular, that if you configure the
-"wins server" parameter to be the ip address of your samba server itself
-(as might one intuitively think), that you will run into difficulties.
-Do not use both parameters!
-
-
diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt
deleted file mode 100644
index 2c50e5f4fe..0000000000
--- a/docs/textdocs/Printing.txt
+++ /dev/null
@@ -1,255 +0,0 @@
-Contributor: Unknown <samba@samba.org>
-Revised by: Patrick Powell <papowell@lprng.org>
-Date: August 11, 2000
-Status: Current
-
-Subject: Debugging Printing Problems
-=============================================================================
-
-This is a short description of how to debug printing problems with
-Samba. This describes how to debug problems with printing from a SMB
-client to a Samba server, not the other way around. For the reverse
-see the examples/printing directory.
-
-Please send enhancements to this file to samba@samba.org
-
-Ok, so you want to print to a Samba server from your PC. The first
-thing you need to understand is that Samba does not actually do any
-printing itself, it just acts as a middleman between your PC client
-and your Unix printing subsystem. Samba receives the file from the PC
-then passes the file to a external "print command". What print command
-you use is up to you.
-
-The whole things is controlled using options in smb.conf. The most
-relevant options (which you should look up in the smb.conf man page)
-are:
- [global]
- print command - send a file to a spooler
- lpq command - get spool queue status
- lprm command - remove a job
- [printers]
- path = /var/spool/lpd/samba
-
-The following are nice to know about:
-
- queuepause command - stop a printer or print queue
- queueresume command - start a printer or print queue
-
-Example:
- print command = /usr/bin/lpr -r -P%p %s
- lpq command = /usr/bin/lpq -P%p %s
- lprm command = /usr/bin/lprm -P%p %j
- queuepause command = /usr/sbin/lpc -P%p stop
- queuepause command = /usr/sbin/lpc -P%p start
-
-Samba should set reasonable defaults for these depending on your
-system type, but it isn't clairvoyant. It is not uncommon that you
-have to tweak these for local conditions. The commands should
-always have fully specified pathnames, as the smdb may not have
-the correct PATH values.
-
-When you send a job to Samba to be printed, it will make a temporary
-copy of it in the directory specified in the [printers] section.
-and it should be periodically cleaned out. The lpr -r option
-requests that the temporary copy be removed after printing; If
-printing fails then you might find leftover files in this directory,
-and it should be periodically cleaned out. Samba used the lpq
-command to determine the "job number" assigned to your print job
-by the spooler.
-
-The %<letter> are "macros" that get dynamically replaced with appropriate
-values when they are used. The %s gets replaced with the name of the spool
-file that Samba creates and the %p gets replaced with the name of the
-printer. The %j gets replaced with the "job number" which comes from
-the lpq output.
-
-DEBUGGING PRINTER PROBLEMS
-
-One way to debug printing problems is to start by replacing these
-command with shell scripts that record the arguments and the contents
-of the print file. A simple example of this kind of things might
-be:
-
- print command = /tmp/saveprint %p %s
-
- #!/bin/saveprint
- # we make sure that we are the right user
- /usr/bin/id -p >/tmp/tmp.print
- # we run the command and save the error messages
- # replace the command with the one appropriate for your system
- /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print
-
-Then you print a file and try removing it. You may find that the
-print queue needs to be stopped in order to see the queue status
-and remove the job:
-
-h4: {42} % echo hi >/tmp/hi
-h4: {43} % smbclient //localhost/lw4
-added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0
-Password:
-Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7]
-smb: \> print /tmp/hi
-putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s)
-smb: \> queue
-1049 3 hi-17534
-smb: \> cancel 1049
-Error cancelling job 1049 : code 0
-smb: \> cancel 1049
-Job 1049 cancelled
-smb: \> queue
-smb: \> exit
-
-The 'code 0' indicates that the job was removed. The comment
-by the smbclient is a bit misleading on this.
-You can observe the command output and then and look at the
-/tmp/tmp.print file to see what the results are. You can quickly
-find out if the problem is with your printing system. Often people
-have problems with their /etc/printcap file or permissions on
-various print queues.
-
-WHAT PRINTERS DO I HAVE
-
-You can use the 'testprns' program to check to see if the printer
-name you are using is recognized by Samba. For example, you can
-use:
-
- testprns printer /etc/printcap
-
-Samba can get its printcap information from a file or from a program.
-You can try the following to see the format of the extracted
-information:
-
- testprns -a printer /etc/printcap
-
- testprns -a printer '|/bin/cat printcap'
-
-SETTING UP PRINTCAP AND PRINT SERVERS
-
-You may need to set up some printcaps for your Samba system to use.
-It is strongly recommended that you use the facilities provided by
-the print spooler to set up queues and printcap information.
-
-Samba requires either a printcap or program to deliver printcap
-information. This printcap information has the format:
-
- name|alias1|alias2...:option=value:...
-
-For almost all printing systems, the printer 'name' must be composed
-only of alphanumeric or underscore '_' characters. Some systems also
-allow hyphens ('-') as well. An alias is an alternative name for the
-printer, and an alias with a space in it is used as a 'comment'
-about the printer. The printcap format optionally uses a \ at the end of lines
-to extend the printcap to multiple lines.
-
-
-Here are some examples of printcap files:
-
-pr just printer name
-pr|alias printer name and alias
-pr|My Printer printer name, alias used as comment
-pr:sh:\ Same as pr:sh:cm= testing
- :cm= \
- testing
-pr:sh Same as pr:sh:cm= testing
- :cm= testing
-
-Samba reads the printcap information when first started. If you make
-changes in the printcap information, then you must do the following:
-
-a) make sure that the print spooler is aware of these changes.
- The LPRng system uses the 'lpc reread' command to do this.
-
-b) make sure that the spool queues, etc., exist and have the
- correct permissions. The LPRng system uses the 'checkpc -f'
- command to do this.
-
-c) You now should send a SIGHUP signal to the smbd server to have
- it reread the printcap information.
-
-JOB SENT, NO OUTPUT
-
-This is the most frustrating part of printing. You may have sent the
-job, verified that the job was forwarded, set up a wrapper around
-the command to send the file, but there was no output from the printer.
-
-First, check to make sure that the job REALLY is getting to the
-right print queue. If you are using a BSD or LPRng print spooler,
-you can temporarily stop the printing of jobs. Jobs can still be
-submitted, but they will not be printed. Use:
-
- lpc -Pprinter stop
-
-Now submit a print job and then use 'lpq -Pprinter' to see if the
-job is in the print queue. If it is not in the print queue then
-you will have to find out why it is not being accepted for printing.
-
-Next, you may want to check to see what the format of the job really
-was. With the assistance of the system administrator you can view
-the submitted jobs files. You may be surprised to find that these
-are not in what you would expect to call a printable format.
-You can use the UNIX 'file' utitily to determine what the job
-format actually is:
-
- cd /var/spool/lpd/printer # spool directory of print jobs
- ls # find job files
- file dfA001myhost
-
-You should make sure that your printer supports this format OR that
-your system administrator has installed a 'print filter' that will
-convert the file to a format appropriate for your printer.
-
-JOB SENT, STRANGE OUTPUT
-
-Once you have the job printing, you can then start worrying about
-making it print nicely.
-
-The most common problem is extra pages of output: banner pages
-OR blank pages at the end.
-
-If you are getting banner pages, check and make sure that the
-printcap option or printer option is configured for no banners.
-If you have a printcap, this is the :sh (suppress header or banner
-page) option. You should have the following in your printer.
-
- printer: ... :sh
-
-If you have this option and are still getting banner pages, there
-is a strong chance that your printer is generating them for you
-automatically. You should make sure that banner printing is disabled
-for the printer. This usually requires using the printer setup software
-or procedures supplied by the printer manufacturer.
-
-If you get an extra page of output, this could be due to problems
-with your job format, or if you are generating PostScript jobs,
-incorrect setting on your printer driver on the MicroSoft client.
-For example, under Win95 there is a option:
-
- Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|
-
-that allows you to choose if a Ctrl-D is appended to all jobs.
-This is a very bad thing to do, as most spooling systems will
-automatically add a ^D to the end of the job if it is detected as
-PostScript. The multiple ^D may cause an additional page of output.
-
-RAW POSTSCRIPT PRINTED
-
-This is a problem that is usually caused by either the print spooling
-system putting information at the start of the print job that makes
-the printer think the job is a text file, or your printer simply
-does not support PostScript. You may need to enable 'Automatic
-Format Detection' on your printer.
-
-ADVANCED PRINTING
-
-Note that you can do some pretty magic things by using your
-imagination with the "print command" option and some shell scripts.
-Doing print accounting is easy by passing the %U option to a print
-command shell script. You could even make the print command detect
-the type of output and its size and send it to an appropriate
-printer.
-
-DEBUGGING
-
-If the above debug tips don't help, then maybe you need to bring in
-the bug guns, system tracing. See Tracing.txt in this directory.
------------------------------------------------------------------------------
diff --git a/docs/textdocs/README.sambatar b/docs/textdocs/README.sambatar
deleted file mode 100644
index af7250c2a4..0000000000
--- a/docs/textdocs/README.sambatar
+++ /dev/null
@@ -1,23 +0,0 @@
-Contributor/s: Martin.Kraemer <Martin.Kraemer@mch.sni.de>
- and Ricky Poulten (ricky@logcam.co.uk)
-Date: Unknown - circa 1994
-Status: Obsoleted - smbtar has been a stable part of Samba
- since samba-1.9.13
-
-Subject: Sambatar (now smbtar)
-=============================================================================
-
-This is version 1.4 of my small extension to samba that allows PC shares
-to be backed up directly to a UNIX tape. It only has been tested under
-Solaris 2.3, Linux 1.1.59 and DG/UX 5.4r3.10 with version 1.9.13 of samba.
-
-See the file INSTALL for installation instructions, and
-the man page and NOTES file for some basic usage. Please let me know if you
-have any problems getting it to work under your flavour of Unix.
-
-This is only (yet another) intermediate version of sambatar.
-This version also comes with an extra gift, zen.bas, written in
-microsoft qbasic by a colleague. It is (apparently) based on a 70s
-British sci-fi series known as Blake's 7. If you have any questions
-about this program, or any suggestions (e.g. what about servillan.bas
-?), feel free to mail the author (of zen.bas) greenm@lilhd.logica.com.
diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt
deleted file mode 100644
index 7c01aa57c6..0000000000
--- a/docs/textdocs/SCO.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-Contributor: Geza Makay <makayg@math.u-szeged.hu>
-Date: Unknown
-Status: Obsolete - Dates to SCO Unix v3.2.4 approx.
-
-Subject: TCP/IP Bug in SCO Unix
-============================================================================
-
-There is an annoying TCPIP bug in SCO Unix. This causes corruption when
-transferring files with Samba.
-
-Geza Makay (makayg@math.u-szeged.hu) sends this information:
-
-The patch you need is UOD385 Connection Drivers SLS. It is available from
-SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z).
-
-You do not need anything else but the above patch. It installs in seconds,
-and corrected the Excel problem. We also had some other minor problems (not
-only with Samba) that disappeared by installing this patch.
-
diff --git a/docs/textdocs/SMBTAR.notes b/docs/textdocs/SMBTAR.notes
deleted file mode 100644
index 679d776f56..0000000000
--- a/docs/textdocs/SMBTAR.notes
+++ /dev/null
@@ -1,46 +0,0 @@
-Contributor: Unknown
-Date: 1994
-Status: Mostly Current - refer man page
-
-Subject: Smbtar
-============================================================================
-
-Intro
------
-
-sambatar is just a small extension to the smbclient program distributed with
-samba. A basic front end shell script, smbtar, is provided as an interface
-to the smbclient extensions.
-
-Extensions
-----------
-
-This release adds the following extensions to smbclient,
-
-tar [c|x] filename
- creates or restores from a tar file. The tar file may be a tape
-or a unix tar file. tar's behaviour is modified with the newer and tarmode
-commands.
-
-tarmode [full|inc|reset|noreset]
- With no arguments, tarmode prints the current tar mode (by default full,
-noreset). In full mode, every file is backed up during a tar command.
-In incremental, only files with the dos archive bit set are backed up.
-The archive bit is reset if in reset mode, or left untouched if in noreset.
-In reset mode, the share has to be writable, which makes sambatar even
-less secure. An alternative might be to use tarmode inc noreset which
-would implement an "expanding incremental" backup (which some may prefer
-anyway).
-
-setmode <setmode string> filename
- This is a "freebie" - nothing really to do with sambatar. This
-is a crude attrib like command (only the other way around). Setmode string
-is a combination of +-rhsa. So for example -rh would reset the read only
-bit on filename.
-
-newer filename
- This is in fact part of the 1.9.13 samba distribution, but comes
-into its own with sambatar. This causes tar (or get, mget, etc) to
-only copy files newer than the specified file name. Could be used
-against the previous nights (or whatever) log file to implement incremental
-backups.
diff --git a/docs/textdocs/Solaris-Winbind-HOWTO.txt b/docs/textdocs/Solaris-Winbind-HOWTO.txt
deleted file mode 100644
index a81bacf486..0000000000
--- a/docs/textdocs/Solaris-Winbind-HOWTO.txt
+++ /dev/null
@@ -1,361 +0,0 @@
-!==
-!== Solaris-Winbind-HOWTO.txt
-!==
-Contributors: Naag Mummaneni <getnag@rediffmail.com>
-Updated: May 2, 2002
-Status: Current
-
-Subject: Installing and Configuring Winbind on Solaris
-=============================================================================
-
-Installation and Configuration of Winbind on Solaris.
------------------------------------------------------
-
-This HOWTO describes how to get winbind services up and running to control
-access and authenticate users on your Solaris box using the winbind services
-which come with SAMBA 2.2.x latest CVS Checkout.Make sure you are using the
-latest Samba 2.2.x cvs checkout as other versions come with a lots of bugs
-regarding winbind .And even the Latest Samba Stable Release is also not an
-exception to this.
-
-Introduction
-------------
-
-This HOWTO describes the procedures used to get winbind up and running on a
-Solaris system. Winbind is capable of providing access and authentication
-control for Windows Domain users through an NT or Win2K PDC for 'regular'
-services, such as telnet and ftp, as well for SAMBA services.
-
-Why should I to this?
-
-This allows the SAMBA administrator to rely on the authentication mechanisms
-on the NT/Win2K PDC for the authentication of domain members. NT/Win2K users
-no longer need to have separate accounts on the SAMBA server.
-
-Who should be reading this document?
-
-This HOWTO is designed for system administrators. If you are implementing
-SAMBA on a file server and wish to (fairly easily) integrate existing
-NT/Win2K users from your PDC onto the SAMBA server, this HOWTO is for you.
-
-Requirements
-------------
-
-If you have a samba configuration file that you are currently using... BACK
-IT UP! If your system already uses PAM, back up the /etc/pam.conf file ! If
-you haven't already made a boot disk, MAKEONE NOW! Messing with the pam
-configuration file can make it nearly impossible to log in to yourmachine.
-That's why you want to be able to boot back into your machine in single user
-mode and restore your /etc/pam.conf back to the original state they were in
-if you get frustrated with the way things are going. ;-) Please refer to the
-main SAMBA web page or, better yet, your closest SAMBA mirror site for
-instructions on downloading the source code of Samba 2.2.x from the SAMBA
-CVS repository. To allow Domain users the ability to access SAMBA shares and
-files, as well as potentially other services provided by your SAMBA machine,
-PAM (pluggable authentication modules) must be setup properly on your
-machine. In order to compile the winbind modules, you should have at least
-the pam libraries resident on your system. Solaris 7/8 has its pam modules
-coming with the distribution itself.
-
-Testing Things Out
-------------------
-
-Before starting, it is probably best to kill off all the SAMBA related
-daemons running on your server. Kill off all smbd, nmbd, and winbindd
-processes that may be running.
-
-
-Configure and compile SAMBA
----------------------------
-
-The configuration and compilation of SAMBA is pretty straightforward. The
-first three steps may not be necessary depending upon whether or not you
-have previously built the Samba binaries.
-
-root# autoconf
-root# make clean
-root# rm config.cache
-root# ./configure --with-winbind --with-pam
-root# make
-root# make install
-
-This will, by default, install SAMBA in /usr/local/samba. See the main SAMBA
-documentation if you want to install SAMBA somewhere else. It will also
-build the winbindd executable and libraries.
-
-Configure nsswitch.conf and the winbind libraries
--------------------------------------------------
-
-The libraries needed to run the winbindd daemon through nsswitch need to be
-copied to their proper locations, so
-
-root# cp ../samba/source/nsswitch/libnss_winbind.so /usr/lib
-
-I also found it necessary to make the following symbolic links:
-
-root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1
-root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.2
-root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1
-root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2
-
-Now, as root you need to edit /etc/nsswitch.conf to allow user and group
-entries to be visible from the winbindd daemon. My /etc/nsswitch.conf file
-look like this after editing:
-
- passwd: files winbind
- group: files winbind
-
-
-Configure smb.conf
-------------------
-
-Several parameters are needed in the smb.conf file to control the behavior
-of winbindd. Configure smb.conf These are described in more detail in the
-winbindd(8) man page. My smb.conf file was modified to include the following
-entries in the [global] section:
-
-[global]
- <...>
- # The previous documentation says to
- # as the "winbind seperator " directive also but
- # it is no longer supported.
-
- # use uids from 10000 to 20000 for domain users
- winbind uid = 10000-20000
-
- # use gids from 10000 to 20000 for domain groups
- winbind gid = 10000-20000
-
- # allow enumeration of winbind users and groups
- winbind enum users = yes
- winbind enum groups = yes
-
- # give winbind users a real shell (only needed if
- # they have telnet access)
- template homedir = /home/winnt/%D/%U
- template shell = /bin/bash
-
-
-Join the SAMBA server to the PDC domain
----------------------------------------
-
-Enter the following command to make the SAMBA server join the PDC domain,
-where DOMAIN is the name of your Windows domain and Administrator is a
-domain user who has administrative privileges in the domain.
-
-root# /usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator
-
-The proper response to the command should be: "Joined the domain DOMAIN"
-where DOMAIN is your DOMAIN name.
-
-Start up the winbindd daemon and test it!
-
-Eventually, you will want to modify your smb startup script to automatically
-invoke the winbindd daemon when the other parts of SAMBA start, but it is
-possible to test out just the winbind portion first. To start up winbind
-services, enter the following command as root:
-
-root# /usr/local/samba/bin/winbindd
-
-I'm always paranoid and like to make sure the daemon is really running...
-
-root# ps -ae | grep winbindd
-
-This command should produce output like this, if the daemon is running
-
- 3025 ? 00:00:00 winbindd
-
-Now... for the real test, try to get some information about the users on
-your PDC
-
-root# /usr/local/samba/bin/wbinfo -u
-
-This should echo back a list of users on your Windows users on your PDC. For
-example, I get the following response:
-
-CEO\Administrator
-CEO\burdell
-CEO\Guest
-CEO\jt-ad
-CEO\krbtgt
-CEO\TsInternetUser
-
-root# /usr/local/samba/bin/wbinfo -g
-
-CEO\Domain Admins
-CEO\Domain Users
-CEO\Domain Guests
-CEO\Domain Computers
-CEO\Domain Controllers
-CEO\Cert Publishers
-CEO\Schema Admins
-CEO\Enterprise Admins
-CEO\Group Policy Creator Owners
-
-The function 'getent' can now be used to get unified lists of both local and
-PDC users and groups. Try the following command:
-
-root# getent passwd
-
-You should get a list that looks like your /etc/passwd list followed by the domain users with their new
-uids, gids, home directories and default shells.
-
-The same thing can be done for groups with the command
-
-root# getent group
-
-Fix the /etc/rc.d/init.d/samba.server startup files The winbindd daemon
-needs to start up after the smbd and nmbd daemons are running. To accomplish
-this task, you need to modify the /etc/init.d/samba.server script to add
-commands to invoke this daemon in the proper sequence. My
-/etc/init.d/samba.server file starts up smbd, nmbd, and winbindd from the
-/usr/local/samba/bin directory directly.
-
-##
-## samba.server
-##
-
-if [ ! -d /usr/bin ]
-then # /usr not mounted
- exit
-fi
-
-killproc() { # kill the named process(es)
- pid=`/usr/bin/ps -e |
- /usr/bin/grep -w $1 |
- /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
- [ "$pid" != "" ] && kill $pid
-}
-
-# Start/stop processes required for samba server
-
-case "$1" in
-
-'start')
-#
-# Edit these lines to suit your installation (paths, workgroup, host)
-#
-echo Starting SMBD
- /usr/local/samba/bin/smbd -D -s \
- /usr/local/samba/smb.conf
-
-echo Starting NMBD
- /usr/local/samba/bin/nmbd -D -l \
- /usr/local/samba/var/log -s /usr/local/samba/smb.conf
-
-echo Starting Winbind Daemon
- /usr/local/samba/bin/winbindd
- ;;
-
-'stop')
- killproc nmbd
- killproc smbd
- killproc winbindd
- ;;
-
-*)
- echo "Usage: /etc/init.d/samba.server { start | stop }"
- ;;
-esac
-
-If you restart the smbd, nmbd, and winbindd daemons at this point, you
-should be able to connect to the samba server as a domain member just as if
-you were a local user.
-
-
-Configure Winbind and PAM
--------------------------
-
-If you have made it this far, you know that winbindd and samba are working
-together. If you want to use winbind to provide authentication for other
-services, keep reading. The pam configuration file need to be altered in
-this step. (Did you remember to make backups of your original /etc/pam.conf
-file? If not, do it now.) You will need a pam module to use winbindd with
-these other services. This module will be compiled in the ../source/nsswitch
-directory by default when we used ./configure --with-pam option.
-
-root# make nsswitch/pam_winbind.so
-
-from the ../source directory. The pam_winbind.so file should be copied to
-the location of your other pam security modules. On my Solaris 8, this was
-the /usr/lib/security directory.
-
-root# cp ../samba/source/nsswitch/pam_winbind.so /usr/lib/security
-
-The /etc/pam.conf need to be changed. I changed this file so that my Domain
-users can logon both locally as well as telnet.The following are the changes
-that I made.You can customize the pam.conf file as per your requirements,but
-be sure of those changes because in the worst case it will leave your system
-nearly impossible to boot.
-
-#
-#ident "@(#)pam.conf 1.14 99/09/16 SMI"
-#
-# Copyright (c) 1996-1999, Sun Microsystems, Inc.
-# All Rights Reserved.
-#
-# PAM configuration
-#
-# Authentication management
-#
-login auth required /usr/lib/security/pam_winbind.so
-login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass
-#
-rlogin auth sufficient /usr/lib/security/pam_winbind.so
-rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
-rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-dtlogin auth sufficient /usr/lib/security/pam_winbind.so
-dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
-other auth sufficient /usr/lib/security/pam_winbind.so
-other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-# Account management
-#
-login account sufficient /usr/lib/security/pam_winbind.so
-login account requisite /usr/lib/security/$ISA/pam_roles.so.1
-login account required /usr/lib/security/$ISA/pam_unix.so.1
-#
-dtlogin account sufficient /usr/lib/security/pam_winbind.so
-dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
-dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
-#
-other account sufficient /usr/lib/security/pam_winbind.so
-other account requisite /usr/lib/security/$ISA/pam_roles.so.1
-other account required /usr/lib/security/$ISA/pam_unix.so.1
-#
-# Session management
-#
-other session required /usr/lib/security/$ISA/pam_unix.so.1
-#
-# Password management
-#
-#other password sufficient /usr/lib/security/pam_winbind.so
-other password required /usr/lib/security/$ISA/pam_unix.so.1
-dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
-#
-# Support for Kerberos V5 authentication (uncomment to use Kerberos)
-#
-#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-
-I also added a try_first_pass line after the winbind.so line to get rid of
-annoying double prompts for passwords.
-
-Now restart your Samba & try connecting through your application that you
-configured in the pam.conf.
-
-
-
-!==
-!== end of Solaris-Winbind-HOWTO.txt
-!==
diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt
deleted file mode 100644
index b82db8f8f4..0000000000
--- a/docs/textdocs/Speed.txt
+++ /dev/null
@@ -1,338 +0,0 @@
-
-Subject: Samba performance issues
-============================================================================
-
-This file tries to outline the ways to improve the speed of a Samba server.
-
-COMPARISONS
------------
-
-The Samba server uses TCP to talk to the client. Thus if you are
-trying to see if it performs well you should really compare it to
-programs that use the same protocol. The most readily available
-programs for file transfer that use TCP are ftp or another TCP based
-SMB server.
-
-If you want to test against something like a NT or WfWg server then
-you will have to disable all but TCP on either the client or
-server. Otherwise you may well be using a totally different protocol
-(such as Netbeui) and comparisons may not be valid.
-
-Generally you should find that Samba performs similarly to ftp at raw
-transfer speed. It should perform quite a bit faster than NFS,
-although this very much depends on your system.
-
-Several people have done comparisons between Samba and Novell, NFS or
-WinNT. In some cases Samba performed the best, in others the worst. I
-suspect the biggest factor is not Samba vs some other system but the
-hardware and drivers used on the various systems. Given similar
-hardware Samba should certainly be competitive in speed with other
-systems.
-
-
-OPLOCKS
--------
-
-Oplocks are the way that SMB clients get permission from a server to
-locally cache file operations. If a server grants an oplock
-(opportunistic lock) then the client is free to assume that it is the
-only one accessing the file and it will agressively cache file
-data. With some oplock types the client may even cache file open/close
-operations. This can give enormous performance benefits.
-
-With the release of Samba 1.9.18 we now correctly support opportunistic
-locks. This is turned on by default, and can be turned off on a share-
-by-share basis by setting the parameter :
-
-oplocks = False
-
-We recommend that you leave oplocks on however, as current benchmark
-tests with NetBench seem to give approximately a 30% improvement in
-speed with them on. This is on average however, and the actual
-improvement seen can be orders of magnitude greater, depending on
-what the client redirector is doing.
-
-Previous to Samba 1.9.18 there was a 'fake oplocks' option. This
-option has been left in the code for backwards compatibility reasons
-but it's use is now deprecated. A short summary of what the old
-code did follows.
-
-LEVEL2 OPLOCKS
---------------
-
-With Samba 2.0.5 a new capability - level2 (read only) oplocks is
-supported (although the option is off by default - see the smb.conf
-man page for details). Turning on level2 oplocks (on a share-by-share basis)
-by setting the parameter :
-
-level2 oplocks = true
-
-should speed concurrent access to files that are not commonly written
-to, such as application serving shares (ie. shares that contain common
-.EXE files - such as a Microsoft Office share) as it allows clients to
-read-ahread cache copies of these files.
-
-Old 'fake oplocks' option - deprecated.
----------------------------------------
-
-Samba can also fake oplocks, by granting a oplock whenever a client
-asks for one. This is controlled using the smb.conf option "fake
-oplocks". If you set "fake oplocks = yes" then you are telling the
-client that it may agressively cache the file data for all opens.
-
-Enabling 'fake oplocks' on all read-only shares or shares that you know
-will only be accessed from one client at a time you will see a big
-performance improvement on many operations. If you enable this option
-on shares where multiple clients may be accessing the files read-write
-at the same time you can get data corruption.
-
-SOCKET OPTIONS
---------------
-
-There are a number of socket options that can greatly affect the
-performance of a TCP based server like Samba.
-
-The socket options that Samba uses are settable both on the command
-line with the -O option, or in the smb.conf file.
-
-The "socket options" section of the smb.conf manual page describes how
-to set these and gives recommendations.
-
-Getting the socket options right can make a big difference to your
-performance, but getting them wrong can degrade it by just as
-much. The correct settings are very dependent on your local network.
-
-The socket option TCP_NODELAY is the one that seems to make the
-biggest single difference for most networks. Many people report that
-adding "socket options = TCP_NODELAY" doubles the read performance of
-a Samba drive. The best explanation I have seen for this is that the
-Microsoft TCP/IP stack is slow in sending tcp ACKs.
-
-
-READ SIZE
----------
-
-The option "read size" affects the overlap of disk reads/writes with
-network reads/writes. If the amount of data being transferred in
-several of the SMB commands (currently SMBwrite, SMBwriteX and
-SMBreadbraw) is larger than this value then the server begins writing
-the data before it has received the whole packet from the network, or
-in the case of SMBreadbraw, it begins writing to the network before
-all the data has been read from disk.
-
-This overlapping works best when the speeds of disk and network access
-are similar, having very little effect when the speed of one is much
-greater than the other.
-
-The default value is 16384, but very little experimentation has been
-done yet to determine the optimal value, and it is likely that the best
-value will vary greatly between systems anyway. A value over 65536 is
-pointless and will cause you to allocate memory unnecessarily.
-
-
-MAX XMIT
---------
-
-At startup the client and server negotiate a "maximum transmit" size,
-which limits the size of nearly all SMB commands. You can set the
-maximum size that Samba will negotiate using the "max xmit = " option
-in smb.conf. Note that this is the maximum size of SMB request that
-Samba will accept, but not the maximum size that the *client* will accept.
-The client maximum receive size is sent to Samba by the client and Samba
-honours this limit.
-
-It defaults to 65536 bytes (the maximum), but it is possible that some
-clients may perform better with a smaller transmit unit. Trying values
-of less than 2048 is likely to cause severe problems.
-
-In most cases the default is the best option.
-
-
-LOCKING
--------
-
-By default Samba does not implement strict locking on each read/write
-call (although it did in previous versions). If you enable strict
-locking (using "strict locking = yes") then you may find that you
-suffer a severe performance hit on some systems.
-
-The performance hit will probably be greater on NFS mounted
-filesystems, but could be quite high even on local disks.
-
-
-SHARE MODES
------------
-
-Some people find that opening files is very slow. This is often
-because of the "share modes" code needed to fully implement the dos
-share modes stuff. You can disable this code using "share modes =
-no". This will gain you a lot in opening and closing files but will
-mean that (in some cases) the system won't force a second user of a
-file to open the file read-only if the first has it open
-read-write. For many applications that do their own locking this
-doesn't matter, but for some it may. Most Windows applications
-depend heavily on "share modes" working correctly and it is
-recommended that the Samba share mode support be left at the
-default of "on".
-
-The share mode code in Samba has been re-written in the 1.9.17
-release following tests with the Ziff-Davis NetBench PC Benchmarking
-tool. It is now believed that Samba 1.9.17 implements share modes
-similarly to Windows NT.
-
-NOTE: In the most recent versions of Samba there is an option to use
-shared memory via mmap() to implement the share modes. This makes
-things much faster. See the Makefile for how to enable this.
-
-
-LOG LEVEL
----------
-
-If you set the log level (also known as "debug level") higher than 2
-then you may suffer a large drop in performance. This is because the
-server flushes the log file after each operation, which can be very
-expensive.
-
-
-WIDE LINKS
-----------
-
-The "wide links" option is now enabled by default, but if you disable
-it (for better security) then you may suffer a performance hit in
-resolving filenames. The performance loss is lessened if you have
-"getwd cache = yes", which is now the default.
-
-
-READ RAW
---------
-
-The "read raw" operation is designed to be an optimised, low-latency
-file read operation. A server may choose to not support it,
-however. and Samba makes support for "read raw" optional, with it
-being enabled by default.
-
-In some cases clients don't handle "read raw" very well and actually
-get lower performance using it than they get using the conventional
-read operations.
-
-So you might like to try "read raw = no" and see what happens on your
-network. It might lower, raise or not affect your performance. Only
-testing can really tell.
-
-
-WRITE RAW
----------
-
-The "write raw" operation is designed to be an optimised, low-latency
-file write operation. A server may choose to not support it,
-however. and Samba makes support for "write raw" optional, with it
-being enabled by default.
-
-Some machines may find "write raw" slower than normal write, in which
-case you may wish to change this option.
-
-READ PREDICTION
----------------
-
-Samba can do read prediction on some of the SMB commands. Read
-prediction means that Samba reads some extra data on the last file it
-read while waiting for the next SMB command to arrive. It can then
-respond more quickly when the next read request arrives.
-
-This is disabled by default. You can enable it by using "read
-prediction = yes".
-
-Note that read prediction is only used on files that were opened read
-only.
-
-Read prediction should particularly help for those silly clients (such
-as "Write" under NT) which do lots of very small reads on a file.
-
-Samba will not read ahead more data than the amount specified in the
-"read size" option. It always reads ahead on 1k block boundaries.
-
-
-MEMORY MAPPING
---------------
-
-Samba supports reading files via memory mapping them. One some
-machines this can give a large boost to performance, on others it
-makes not difference at all, and on some it may reduce performance.
-
-To enable you you have to recompile Samba with the -DUSE_MMAP option
-on the FLAGS line of the Makefile.
-
-Note that memory mapping is only used on files opened read only, and
-is not used by the "read raw" operation. Thus you may find memory
-mapping is more effective if you disable "read raw" using "read raw =
-no".
-
-
-SLOW CLIENTS
-------------
-
-One person has reported that setting the protocol to COREPLUS rather
-than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).
-
-I suspect that his PC's (386sx16 based) were asking for more data than
-they could chew. I suspect a similar speed could be had by setting
-"read raw = no" and "max xmit = 2048", instead of changing the
-protocol. Lowering the "read size" might also help.
-
-
-SLOW LOGINS
------------
-
-Slow logins are almost always due to the password checking time. Using
-the lowest practical "password level" will improve things a lot. You
-could also enable the "UFC crypt" option in the Makefile.
-
-CLIENT TUNING
--------------
-
-Often a speed problem can be traced to the client. The client (for
-example Windows for Workgroups) can often be tuned for better TCP
-performance.
-
-See your client docs for details. In particular, I have heard rumours
-that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
-large impact on performance.
-
-Also note that some people have found that setting DefaultRcvWindow in
-the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
-big improvement. I don't know why.
-
-My own experience wth DefaultRcvWindow is that I get much better
-performance with a large value (16384 or larger). Other people have
-reported that anything over 3072 slows things down enourmously. One
-person even reported a speed drop of a factor of 30 when he went from
-3072 to 8192. I don't know why.
-
-It probably depends a lot on your hardware, and the type of unix box
-you have at the other end of the link.
-
-
-MY RESULTS
-----------
-
-Some people want to see real numbers in a document like this, so here
-they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b
-tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC
-Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to
-set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My
-server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC
-Elite-16 card. You can see my server config in the examples/tridge/
-subdirectory of the distribution.
-
-I get 490k/s on reading a 8Mb file with copy.
-I get 441k/s writing the same file to the samba server.
-
-Of course, there's a lot more to benchmarks than 2 raw throughput
-figures, but it gives you a ballpark figure.
-
-I've also tested Win95 and WinNT, and found WinNT gave me the best
-speed as a samba client. The fastest client of all (for me) is
-smbclient running on another linux box. Maybe I'll add those results
-here someday ...
-
-
diff --git a/docs/textdocs/Speed2.txt b/docs/textdocs/Speed2.txt
deleted file mode 100644
index a8c3e7381f..0000000000
--- a/docs/textdocs/Speed2.txt
+++ /dev/null
@@ -1,57 +0,0 @@
-Contributor: Paul Cochrane <paulc@dth.scot.nhs.uk>
-Organization: Dundee Limb Fitting Centre
-Date: Fri, 10 Apr 1998
-Subject: Samba SPEED.TXT comment
-=============================================================================
-
-This might be relevant to Client Tuning. I have been trying various methods
-of getting win95 to talk to Samba quicker. The results I have come up with
-are:
-
-1. Install the W2setup.exe file from www.microsoft.com. This is an
-update for the winsock stack and utilities which improve performance.
-
-2. Configure the win95 TCPIP registry settings to give better
-perfomance. I use a program called MTUSPEED.exe which I got off the
-net. There are various other utilities of this type freely available.
-The setting which give the best performance for me are:
-
-(a) MaxMTU Remove
-(b) RWIN Remove
-(c) MTUAutoDiscover Disable
-(d) MTUBlackHoleDetect Disable
-(e) Time To Live Enabled
-(f) Time To Live - HOPS 32
-(g) NDI Cache Size 0
-
-3. I tried virtually all of the items mentioned in the document and
-the only one which made a difference to me was the socket options. It
-turned out I was better off without any!!!!!
-
-In terms of overall speed of transfer, between various win95 clients
-and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE
-drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.
-
-The figures are: Put Get
-P166 client 3Com card: 420-440kB/s 500-520kB/s
-P100 client 3Com card: 390-410kB/s 490-510kB/s
-DX4-75 client NE2000: 370-380kB/s 330-350kB/s
-
-I based these test on transfer two files a 4.5MB text file and a 15MB
-textfile. The results arn't bad considering the hardware Samba is
-running on. It's a crap machine!!!!
-
-The updates mentioned in 1 and 2 brought up the transfer rates from
-just over 100kB/s in some clients.
-
-A new client is a P333 connected via a 100MB/s card and hub. The
-transfer rates from this were good: 450-500kB/s on put and 600+kB/s
-on get.
-
-Looking at standard FTP throughput, Samba is a bit slower (100kB/s
-upwards). I suppose there is more going on in the samba protocol, but
-if it could get up to the rate of FTP the perfomance would be quite
-staggering.
-
-Paul Cochrane
-
diff --git a/docs/textdocs/Win95.txt b/docs/textdocs/Win95.txt
deleted file mode 100644
index 69330c512d..0000000000
--- a/docs/textdocs/Win95.txt
+++ /dev/null
@@ -1,74 +0,0 @@
-Copyright (C) 1997 - Samba-Team
-Contributed Date: August 20, 1997
-Last Update: August 20, 1997
-
-Subject: Windows 95 and Samba Interoperability
-===============================================================================
-
-Password Handling:
-------------------
-Microsoft periodically release updates to all their operating systems. Some of
-these are welcomed while others cause us to change the way we do things. Few
-people like change, particularly if the change is unexpected. The best advice
-always is to read the documentation provided BEFORE applying an update.
-
-One of the recent Win95 updates (VRDRUPD.EXE) disables plain text (also called
-clear text) password authentication. The effects of this updates are desirable
-where MS Windows NT is providing the password authentication service. This
-update is most undesirable where Samba must provide the authentication service
-unless Samba has been specifically configured to use encrypted passwords _AND_
-has been linked with the libdes library.
-
-If the above conditions have not been complied with, and you are using Samba,
-then Windows 95 clients will NOT be able to authenticate to a Samba server.
-
-To re-enable plain text password capabilities AFTER applying this update
-you must create a new value in the Windows 95 registry.
-
-Either foillow the following procedure or just double click on the
-file Win95_PlainPassword.reg for an easier way to do this.
-
-Procedure:
-1) Launch the Registry Editor as follows:
- Click on: /Start/Run
- Type "regedit" and press enter.
-
-2) Double click on: HKEY_LOCAL_MACHINE
-
-3) Locate the following Key:
- /HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/VxD/VNETSUP
-
-4) From the menu bar select Edit/New/DWORD Value
-
-5) Rename the entry from "New Value #1" to:
- EnablePlainTextPassword
-
-6) Press Enter, then double click on the new entry.
- A dialog box will pop up and enable you to set a value.
- You must set this value to 1.
-
--------------------------------------------------------------------------------
-
-Windows 95 Updates:
--------------------
-When using Windows 95 OEM SR2 the following updates are recommended where Samba
-is being used. Please NOTE that the above change will affect you once these
-updates have been installed.
-
-There are more updates than the ones mentioned here. You are referred to the
-Microsoft Web site for all currently available updates to your specific version
-of Windows 95.
-
-Kernel Update: KRNLUPD.EXE
-Ping Fix: PINGUPD.EXE
-RPC Update: RPCRTUPD.EXE
-TCP/IP Update: VIPUPD.EXE
-Redirector Update: VRDRUPD.EXE
-
-Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This
-fix may stop your machine from hanging for an extended period when exiting
-OutLook and you may also notice a significant speedup when accessing network
-neighborhood services.
-
--------------------------------------------------------------------------------
-The above password information was provided by: Jochen Huppertz <jhu@nrh.de>
diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt
deleted file mode 100644
index 5c72fb08aa..0000000000
--- a/docs/textdocs/WinNT.txt
+++ /dev/null
@@ -1,104 +0,0 @@
-Contributors: Various
- Password Section - Copyright (C) 1997 - John H Terpstra
- Printing Section - Copyright (C) 1997 - Matthew Harrell
- Priting Info - Copyright (C) 1997 - Frank Varnavas
-Updated: October 16, 1997
-Status: Current
-
-Subject: Samba and Windows NT Password Handling
-=============================================================================
-
-There are some particular issues with Samba and Windows NT.
-
-Passwords:
-==========
-One of the most annoying problems with WinNT is that NT refuses to
-connect to a server that is in user level security mode and that
-doesn't support password encryption unless it first prompts the user
-for a password.
-
-This means even if you have the same password on the NT box and the
-Samba server you will get prompted for a password. Entering the
-correct password will get you connected only if Windows NT can
-communicate with Samba using a compatible mode of password security.
-
-All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate
-plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed
-this default behaviour so it now will only handle encrypted passwords.
-The following registry entry change will re-enable clear text password
-handling:
-
-Run regedt32.exe and locate the hive key entry:
-HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\
-
-Add the following value:
- EnablePlainTextPassword:REG_DWORD=1
-
-Alternatively, use the NT4_PlainPassword.reg file in this directory (either
-by double clicking on it, or run regedt32.exe and select "Import Registry
-File" from the "Registry" Menu).
-
-The other major ramification of this feature of NT is that it can't
-browse a user level non-encrypted server unless it already has a
-connection open. This is because there is no spot for a password
-prompt in the browser window. It works fine if you already have a
-drive mounted (for example, one auto mounted on startup).
-=====================================================================
-
-Printing:
-=========
-When you mount a printer using the print manager in NT you may find
-the following info from Matthew Harrell <harrell@leech.nrl.navy.mil>
-useful:
-
-------------
- I noticed in your change-log you noted that some people were
-still unable to use print manager under NT. If this is the same problem
-that I encountered, it's caused by the length of time it takes NT to
-determine if the printer is ready.
-
-The problem occurs when you double-click on a printer to connect it to
-the NT machine. Because it's unable to determine if the printer is ready
-in the short span of time it has, it assumes it isn't and gives some
-strange error about not having enough resources (I forget what the error
-is). A solution to this that seems to work fine for us is to click
-once on the printer, look at the bottom of the window and wait until
-it says it's ready, then clilck on "OK".
-
-By the way, this problem probably occurs in our group because the
-Samba server doesn't actually have the printers - it queues them to
-remote printers either on other machines or using their own network
-cards. Because of this "middle layer", it takes an extra amount of
-time for the NT machine to get verification that the printer queue
-actually exists.
-
-I hope this helped in some way...
-
-=====================================================================
-Printing Info:
---------------
-
-From: Frank Varnavas <varnavas@ny.ubs.com>
-Subject: RE: Samba as a print server
-
-When an NT client attempts to connect to a printer on a non-NT print
-server the attempt is failed with an error, something like:
-
- "You have insufficient access to your computer to perform the
- operation because a driver needs to be installed"
-
-This is because domain users must have 'Power User' status on the
-desktop to connect to printers on a non-NT print server.
-
-This error occurs regardless of whether the driver in question is
-already installed or not. What it really means is that the server is
-a non-NT server and the client does not have permission to create
-printers locally. Apparently when a connection to a non-NT print
-server is made the printer is defined locally. Such an action can be
-performed by either a local administrator or a Power User.
-Unfortunately there is no way to limit the powers of a Power User, nor
-is there any way to grant the Printer Creation right to another group.
-
-This permission policy is documented in PSS database WINNT, ID Q101874
-
-Frank Varnavas (varnavas@ny.ubs.com)
diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt
deleted file mode 100644
index f4e0df7139..0000000000
--- a/docs/textdocs/security_level.txt
+++ /dev/null
@@ -1,100 +0,0 @@
-Contributor: Andrew Tridgell
-Updated: June 27, 1997
-Status: Current
-
-Subject: Description of SMB security levels.
-===========================================================================
-
-Samba supports the following options to the global smb.conf parameter
-"security =":
- share, user, server
-
-Note: Samba-2.0.0 now adds the "domain" security mode. Please refer to
-the smb.conf man page for usage information and to the document
-docs/textdocs/DOMAIN_MEMBER.txt for further background details.
-
-Of the above, "security = server" means that Samba reports to clients that
-it is running in "user mode" but actually passes off all authentication
-requests to another "user mode" server. This requires an additional
-parameter "password server =" that points to the real authentication server.
-That real authentication server can be another Samba server or can be a
-Windows NT server, the later natively capable of encrypted password support.
-
-Below is a more complete description of security levels.
-===========================================================================
-
-A SMB server tells the client at startup what "security level" it is
-running. There are two options "share level" and "user level". Which
-of these two the client receives affects the way the client then tries
-to authenticate itself. It does not directly affect (to any great
-extent) the way the Samba server does security. I know this is
-strange, but it fits in with the client/server approach of SMB. In SMB
-everything is initiated and controlled by the client, and the server
-can only tell the client what is available and whether an action is
-allowed.
-
-I'll describe user level security first, as its simpler. In user level
-security the client will send a "session setup" command directly after
-the protocol negotiation. This contains a username and password. The
-server can either accept or reject that username/password
-combination. Note that at this stage the server has no idea what
-share the client will eventually try to connect to, so it can't base
-the "accept/reject" on anything other than:
-
-- the username/password
-- the machine that the client is coming from
-
-If the server accepts the username/password then the client expects to
-be able to mount any share (using a "tree connection") without
-specifying a password. It expects that all access rights will be as
-the username/password specified in the "session setup".
-
-It is also possible for a client to send multiple "session setup"
-requests. When the server responds it gives the client a "uid" to use
-as an authentication tag for that username/password. The client can
-maintain multiple authentication contexts in this way (WinDD is an
-example of an application that does this)
-
-
-Ok, now for share level security. In share level security the client
-authenticates itself separately for each share. It will send a
-password along with each "tree connection" (share mount). It does not
-explicitly send a username with this operation. The client is
-expecting a password to be associated with each share, independent of
-the user. This means that samba has to work out what username the
-client probably wants to use. It is never explicitly sent the
-username. Some commercial SMB servers such as NT actually associate
-passwords directly with shares in share level security, but samba
-always uses the unix authentication scheme where it is a
-username/password that is authenticated, not a "share/password".
-
-Many clients send a "session setup" even if the server is in share
-level security. They normally send a valid username but no
-password. Samba records this username in a list of "possible
-usernames". When the client then does a "tree connection" it also adds
-to this list the name of the share they try to connect to (useful for
-home directories) and any users listed in the "user =" smb.conf
-line. The password is then checked in turn against these "possible
-usernames". If a match is found then the client is authenticated as
-that user.
-
-Finally "server level" security. In server level security the samba
-server reports to the client that it is in user level security. The
-client then does a "session setup" as described earlier. The samba
-server takes the username/password that the client sends and attempts
-to login to the "password server" by sending exactly the same
-username/password that it got from the client. If that server is in
-user level security and accepts the password then samba accepts the
-clients connection. This allows the samba server to use another SMB
-server as the "password server".
-
-You should also note that at the very start of all this, where the
-server tells the client what security level it is in, it also tells
-the client if it supports encryption. If it does then it supplies the
-client with a random "cryptkey". The client will then send all
-passwords in encrypted form. You have to compile samba with encryption
-enabled to support this feature, and you have to maintain a separate
-smbpasswd file with SMB style encrypted passwords. It is
-cryptographically impossible to translate from unix style encryption
-to SMB style encryption, although there are some fairly simple management
-schemes by which the two could be kept in sync.