diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2003-05-27 13:20:26 +0000 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2003-05-27 13:20:26 +0000 |
| commit | 37a6f03f3550321f96200b1357078b308a45f6cd (patch) | |
| tree | bf57a53ba8d35e63bbe5089a5f36367e124952d6 /docs | |
| parent | 45c1bd560292277db0ca898c479f87f8d3f333a0 (diff) | |
| download | samba-37a6f03f3550321f96200b1357078b308a45f6cd.tar.gz samba-37a6f03f3550321f96200b1357078b308a45f6cd.tar.bz2 samba-37a6f03f3550321f96200b1357078b308a45f6cd.zip | |
Very large number of markup fixes, layout updates, etc.
(This used to be commit 8dfbaafb843d17b865855ba1fef1e62cd38d3964)
Diffstat (limited to 'docs')
23 files changed, 801 insertions, 888 deletions
diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index 523a2e42ad..4d90e2ba27 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -127,17 +127,17 @@ $(PDFDIR)/Samba-Developers-Guide.pdf: dev-doc.tex # DVI files $(DVIDIR)/Samba-HOWTO-Collection.dvi: samba-doc.tex @echo "Building LaTeX sources via $(LATEX)..." - @$(LATEX) $< | grep 'Rerun to get cross-references right' && \ - $(LATEX) $< | grep 'Rerun to get cross-references right' && \ - $(LATEX) $< || echo + @$(LATEX) $< 2>&1 | grep 'Rerun to get cross-references right' && \ + $(LATEX) $< 2>&1 | grep 'Rerun to get cross-references right' && \ + $(LATEX) $< 2>&1 || echo @echo "done" @mv samba-doc.dvi $@ $(DVIDIR)/Samba-Developers-Guide.dvi: dev-doc.tex @echo "Building LaTeX sources via $(LATEX)..." - @$(LATEX) $< | grep 'Rerun to get cross-references right' && \ - $(LATEX) $< | grep 'Rerun to get cross-references right' && \ - $(LATEX) $< || echo + @$(LATEX) $< 2>&1 | grep 'Rerun to get cross-references right' && \ + $(LATEX) $< 2>&1 | grep 'Rerun to get cross-references right' && \ + $(LATEX) $< 2>&1 || echo @echo "done" @mv dev-doc.dvi $@ diff --git a/docs/docbook/projdoc/AccessControls.xml b/docs/docbook/projdoc/AccessControls.xml index 74269616aa..661cc1ca86 100644 --- a/docs/docbook/projdoc/AccessControls.xml +++ b/docs/docbook/projdoc/AccessControls.xml @@ -146,10 +146,11 @@ at how Samba helps to bridge the differences. to depths of control ability should review the &smb.conf; man page. </para> - <itemizedlist> - <title>File System Feature Comparison</title> - <listitem> - <para><emphasis>Name Space</emphasis></para> + <variablelist> + <title>File System Feature Comparison</title> + <varlistentry> + <term>Name Space</term> + <listitem> <para> MS Windows NT4 / 200x/ XP files names may be up to 254 characters long, Unix file names may be 1023 characters long. In MS Windows file extensions indicate particular file types, @@ -158,10 +159,12 @@ at how Samba helps to bridge the differences. <para> What MS Windows calls a Folder, Unix calls a directory, </para> - </listitem> + </listitem> + </varlistentry> - <listitem> - <para><emphasis>Case Sensitivity</emphasis></para> + <varlistentry> + <term>Case Sensitivity</term> + <listitem> <para> MS Windows file names are generally Upper Case if made up of 8.3 (ie: 8 character file name and 3 character extension. If longer than 8.3 file names are Case Preserving, and Case @@ -186,18 +189,22 @@ at how Samba helps to bridge the differences. first will be accessible to MS Windows users, the others are invisible and unaccessible - any other solution would be suicidal. </para> - </listitem> + </listitem> + </varlistentry> - <listitem> - <para><emphasis>Directory Separators</emphasis></para> + <varlistentry> + <term>Directory Separators</term> + <listitem> <para> MS Windows and DOS uses the back-slash '\' as a directory delimiter, Unix uses the forward-slash '/' as it's directory delimiter. This is transparently handled by Samba. </para> - </listitem> + </listitem> + </varlistentry> - <listitem> - <para><emphasis>Drive Identification</emphasis></para> + <varlistentry> + <term>Drive Identification</term> + <listitem> <para> MS Windows products support a notion of drive letters, like <command>C:</command> to represent disk partitions. Unix has NO concept if separate identifiers for file partitions since each @@ -205,20 +212,24 @@ at how Samba helps to bridge the differences. The Unix directory tree begins at '/', just like the root of a DOS drive is specified like <command>C:\</command>. </para> - </listitem> + </listitem> + </varlistentry> - <listitem> - <para><emphasis>File Naming Conventions</emphasis></para> + <varlistentry> + <term>File Naming Conventions</term> + <listitem> <para> MS Windows generally never experiences file names that begin with a '.', while in Unix these are commonly found in a user's home directory. Files that begin with a '.' are typically either start up files for various Unix applications, or they may be files that contain start-up configuration data. </para> - </listitem> - - <listitem> - <para><emphasis>Links and Short-Cuts</emphasis></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Links and Short-Cuts</term> + <listitem> <para> MS Windows make use of "links and Short-Cuts" that are actually special types of files that will redirect an attempt to execute the file to the real location of the file. Unix knows of file and directory @@ -230,8 +241,9 @@ at how Samba helps to bridge the differences. referred to as 'soft links'. A hard link is something that MS Windows is NOT familiar with. It allows one physical file to be known simulataneously by more than one file name. </para> - </listitem> - </itemizedlist> + </listitem> + </varlistentry> + </variablelist> <para> There are many other subtle differences that may cause the MS Windows administrator some temporary discomfort @@ -312,7 +324,7 @@ at how Samba helps to bridge the differences. The permissions field is made up of: <programlisting> - <!-- JRV: Put this into a diagram of some sort --> + <comment> JRV: Put this into a diagram of some sort</comment> [ type ] [ users ] [ group ] [ others ] [File, Directory Permissions] [ d | l ] [ r w x ] [ r w x ] [ r w x ] | | | | | | | | | | | @@ -332,13 +344,16 @@ at how Samba helps to bridge the differences. <para> Any bit flag may be unset. An unset bit flag is the equivalent of 'Can NOT' and is represented as a '-' character. - <!-- FIXME --> - <programlisting> - <title>Example File</title> + + <example> + <title>Example File</title> + <programlisting> -rwxr-x--- Means: The owner (user) can read, write, execute the group can read and execute everyone else can NOT do anything with it - </programlisting> + </programlisting> + </example> + </para> <para> @@ -346,7 +361,7 @@ at how Samba helps to bridge the differences. </para> <para> - The letters `rwxXst' set permissions for the user, group and others as: read (r), write (w), execute (or access for directories) (x),r + The letters `rwxXst' set permissions for the user, group and others as: read (r), write (w), execute (or access for directories) (x),r execute only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s), sticky (t). </para> @@ -365,7 +380,7 @@ at how Samba helps to bridge the differences. </para> <para> - When a directory is set <command>drw-r-----</command> this means that the owner can read and create (write) files in it, but because + When a directory is set <constant>drw-r-----</constant> this means that the owner can read and create (write) files in it, but because the (x) execute flags are not set files can not be listed (seen) in the directory by anyone. The group can read files in the directory but can NOT create new files. NOTE: If files in the directory are set to be readable and writable for the group, then group members will be able to write to (or delete) them. @@ -388,10 +403,10 @@ Before using any of the following options please refer to the man page for &smb. <para> User and group based controls can prove very useful. In some situations it is distinctly desirable to affect all - file system operations as if a single user is doing this, the use of the <emphasis>force user</emphasis> and - <emphasis>force group</emphasis> behaviour will achieve this. In other situations it may be necessary to affect a + file system operations as if a single user is doing this, the use of the <parameter>force user</parameter> and + <parameter>force group</parameter> behaviour will achieve this. In other situations it may be necessary to affect a paranoia level of control to ensure that only particular authorised persons will be able to access a share or - it's contents, here the use of the <emphasis>valid users</emphasis> or the <emphasis>invalid users</emphasis> may + it's contents, here the use of the <parameter>valid users</parameter> or the <parameter>invalid users</parameter> may be most useful. </para> @@ -665,7 +680,7 @@ Before using any of the following options please refer to the man page for &smb. By default samba sets no restrictions on the share itself. Restrictions on the share itself can be set on MS Windows NT4/200x/XP shares. This can be a very effective way to limit who can connect to a share. In the absence of specific restrictions the default setting is to allow - the global user <emphasis>Everyone</emphasis> Full Control (ie: Full control, Change and Read). + the global user <constant>Everyone</constant> Full Control (ie: Full control, Change and Read). </para> <para> @@ -701,13 +716,13 @@ Before using any of the following options please refer to the man page for &smb. <procedure> <title>Instructions</title> <step><para> - Launch the NT4 Server Manager, click on the Samba server you want to administer, then from the menu - select Computer, then click on the Shared Directories entry. + Launch the <application>NT4 Server Manager</application>, click on the Samba server you want to administer, then from the menu + select <guimenu>Computer</guimenu>, then click on the <guimenuitem>Shared Directories</guimenuitem> entry. </para></step> <step><para> - Now click on the share that you wish to manage, then click on the Properties tab, next click on - the Permissions tab. Now you can Add or change access control settings as you wish. + Now click on the share that you wish to manage, then click on the <guilabel>Properties</guilabel> tab, next click on + the <guilabel>Permissions</guilabel> tab. Now you can add or change access control settings as you wish. </para></step> </procedure> @@ -717,14 +732,14 @@ Before using any of the following options please refer to the man page for &smb. <title>Windows 200x/XP</title> <para> - On MS Windows NT4/200x/XP system access control lists on the share itself are set using native + On <application>MS Windows NT4/200x/XP</application> system access control lists on the share itself are set using native tools, usually from filemanager. For example, in Windows 200x: right click on the shared folder, - then select 'Sharing', then click on 'Permissions'. The default Windows NT4/200x permission allows - <emphasis>Everyone</emphasis> Full Control on the Share. + then select <guimenuitem>Sharing</guimenuitem>, then click on <guilabel>Permissions</guilabel>. The default + Windows NT4/200x permission allows <emphasis>Everyone</emphasis> Full Control on the Share. </para> <para> - MS Windows 200x and later all comes with a tool called the 'Computer Management' snap-in for the + MS Windows 200x and later all comes with a tool called the <application>Computer Management</application> snap-in for the Microsoft Management Console (MMC). This tool is located by clicking on <filename>Control Panel -> Administrative Tools -> Computer Management</filename>. </para> @@ -732,21 +747,22 @@ Before using any of the following options please refer to the man page for &smb. <procedure> <title>Instructions</title> <step><para> - After launching the MMC with the Computer Management snap-in, click on the menu item 'Action', - select 'Connect to another computer'. If you are not logged onto a domain you will be prompted + After launching the MMC with the Computer Management snap-in, click on the menu item <guimenuitem>Action</guimenuitem>, + select <guilabel>Connect to another computer</guilabel>. If you are not logged onto a domain you will be prompted to enter a domain login user identifier and a password. This will authenticate you to the domain. If you where already logged in with administrative privilidge this step is not offered. </para></step> <step><para> - If the Samba server is not shown in the Select Computer box, then type in the name of the target - Samba server in the field 'Name:'. Now click on the [+] next to 'System Tools', then on the [+] - next to 'Shared Folders' in the left panel. + If the Samba server is not shown in the <guilabel>Select Computer</guilabel> box, then type in the name of the target + Samba server in the field <guilabel>Name:</guilabel>. Now click on the <guibutton>[+]</guibutton> next to + <guilabel>System Tools</guilabel>, then on the <guibutton>[+]</guibutton> next to <guilabel>Shared Folders</guilabel> in the + left panel. </para></step> <step><para> Now in the right panel, double-click on the share you wish to set access control permissions on. - Then click on the tab 'Share Permissions'. It is now possible to add access control entities + Then click on the tab <guilabel>Share Permissions</guilabel>. It is now possible to add access control entities to the shared folder. Do NOT forget to set what type of access (full control, change, read) you wish to assign for each entry. </para></step> @@ -754,10 +770,10 @@ Before using any of the following options please refer to the man page for &smb. <warning> <para> - Be careful. If you take away all permissions from the Everyone user without removing this user + Be careful. If you take away all permissions from the <constant>Everyone</constant> user without removing this user then effectively no user will be able to access the share. This is a result of what is known as - ACL precidence. ie: Everyone with NO ACCESS means that MaryK who is part of the group Everyone - will have no access even if this user is given explicit full control access. + ACL precidence. ie: Everyone with <strong>no access</strong> means that MaryK who is part of the group + <constant>Everyone</constant> will have no access even if this user is given explicit full control access. </para> </warning> @@ -798,19 +814,19 @@ Before using any of the following options please refer to the man page for &smb. <para>From an NT4/2000/XP client, single-click with the right mouse button on any file or directory in a Samba mounted drive letter or UNC path. When the menu pops-up, click - on the <emphasis>Properties</emphasis> entry at the bottom of + on the <guilabel>Properties</guilabel> entry at the bottom of the menu. This brings up the file properties dialog - box. Click on the tab <emphasis>Security</emphasis> and you - will see three buttons, <emphasis>Permissions</emphasis>, - <emphasis>Auditing</emphasis>, and <emphasis>Ownership</emphasis>. - The <emphasis>Auditing</emphasis> button will cause either + box. Click on the tab <guilabel>Security</guilabel> and you + will see three buttons, <guibutton>Permissions</guibutton>, + <guibutton>Auditing</guibutton>, and <guibutton>Ownership</guibutton>. + The <guibutton>Auditing</guibutton> button will cause either an error message <errorname>A requested privilege is not held by the client</errorname> to appear if the user is not the NT Administrator, or a dialog which is intended to allow an Administrator to add auditing requirements to a file if the user is logged on as the NT Administrator. This dialog is non-functional with a Samba share at this time, as the only - useful button, the <command>Add</command> button will not currently + useful button, the <guibutton>Add</guibutton> button will not currently allow a list of users to be seen.</para> </sect2> @@ -849,8 +865,8 @@ Before using any of the following options please refer to the man page for &smb. and allow a user with Administrator privilege connected to a Samba server as root to change the ownership of files on both a local NTFS filesystem or remote mounted NTFS - or Samba drive. This is available as part of the <emphasis>Seclib - </emphasis> NT security library written by Jeremy Allison of + or Samba drive. This is available as part of the <application>Seclib + </application> NT security library written by Jeremy Allison of the Samba Team, available from the main Samba ftp site.</para> </sect2> @@ -921,7 +937,7 @@ Before using any of the following options please refer to the man page for &smb. <para>Directories on an NT NTFS file system have two different sets of permissions. The first set of permissions is the ACL set on the directory itself, this is usually displayed - in the first set of parentheses in the normal <command>"RW"</command> + in the first set of parentheses in the normal <constant>"RW"</constant> NT style. This first set of permissions is created by Samba in exactly the same way as normal file permissions are, described above, and is displayed in the same way.</para> @@ -995,12 +1011,16 @@ Before using any of the following options please refer to the man page for &smb. <para>There are four parameters to control interaction with the standard Samba create mask parameters. - These are :</para> + These are : + + <simplelist> + <member><parameter>security mask</parameter></member> + <member><parameter>force security mode</parameter></member> + <member><parameter>directory security mask</parameter></member> + <member><parameter>force directory security mode</parameter></member> + </simplelist> - <para><parameter>security mask</parameter></para> - <para><parameter>force security mode</parameter></para> - <para><parameter>directory security mask</parameter></para> - <para><parameter>force directory security mode</parameter></para> + </para> <para>Once a user clicks <guibutton>OK</guibutton> to apply the permissions Samba maps the given permissions into a user/group/world @@ -1061,12 +1081,15 @@ Before using any of the following options please refer to the man page for &smb. <para>If you want to set up a share that allows users full control in modifying the permission bits on their files and directories and doesn't force any particular bits to be set 'on', then set the following - parameters in the &smb.conf; file in that share specific section :</para> + parameters in the &smb.conf; file in that share specific section : + </para> - <para><parameter>security mask = 0777</parameter></para> - <para><parameter>force security mode = 0</parameter></para> - <para><parameter>directory security mask = 0777</parameter></para> - <para><parameter>force directory security mode = 0</parameter></para> + <simplelist> + <member><parameter>security mask = 0777</parameter></member> + <member><parameter>force security mode = 0</parameter></member> + <member><parameter>directory security mask = 0777</parameter></member> + <member><parameter>force directory security mode = 0</parameter></member> + </simplelist> </sect2> <sect2> @@ -1193,7 +1216,7 @@ are examples taken from the mailing list in recent times. </para> <para> - You should see that the file 'Afile' created by Jill will have ownership + You should see that the file <filename>Afile</filename> created by Jill will have ownership and permissions of Jack, as follows: <screen> -rw-r--r-- 1 jack engr 0 2003-02-04 09:57 Afile @@ -1211,7 +1234,7 @@ are examples taken from the mailing list in recent times. </para> <note><para> - The above are only needed IF your users are NOT members of the group + The above are only needed <strong>if</strong> your users are <strong>not</strong> members of the group you have used. ie: Within the OS do not have write permission on the directory. </para> </note> diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.xml b/docs/docbook/projdoc/AdvancedNetworkAdmin.xml index 5f29f32448..15b8836962 100644 --- a/docs/docbook/projdoc/AdvancedNetworkAdmin.xml +++ b/docs/docbook/projdoc/AdvancedNetworkAdmin.xml @@ -326,9 +326,9 @@ Those wishing to use more elaborate or capable logon processing system should ch </para> <simplelist> - <member>http://www.craigelachie.org/rhacer/ntlogon</member> - <member>http://www.kixtart.org</member> - <member>http://support.microsoft.com/default.asp?scid=kb;en-us;189105</member> + <member><ulink url="http://www.craigelachie.org/rhacer/ntlogon">http://www.craigelachie.org/rhacer/ntlogon</ulink></member> + <member><ulink url="http://www.kixtart.org">http://www.kixtart.org</ulink></member> + <member><ulink url="http://support.microsoft.com/default.asp?scid=kb;en-us;189105">http://support.microsoft.com/default.asp?scid=kb;en-us;189105</ulink></member> </simplelist> <sect2> diff --git a/docs/docbook/projdoc/Bugs.xml b/docs/docbook/projdoc/Bugs.xml index 03a60b6ce5..b2ff6d3d96 100644 --- a/docs/docbook/projdoc/Bugs.xml +++ b/docs/docbook/projdoc/Bugs.xml @@ -15,7 +15,8 @@ <sect1> <title>Introduction</title> -<para>Please report bugs using <ulink url="https://bugzilla.samba.org/">bugzilla</ulink>.</para> +<para>Please report bugs using + <ulink url="https://bugzilla.samba.org/">bugzilla</ulink>.</para> <para> Please take the time to read this file before you submit a bug diff --git a/docs/docbook/projdoc/Compiling.xml b/docs/docbook/projdoc/Compiling.xml index fb59dead02..f392efb32b 100644 --- a/docs/docbook/projdoc/Compiling.xml +++ b/docs/docbook/projdoc/Compiling.xml @@ -14,7 +14,8 @@ <title>How to compile SAMBA</title> <para> -You can obtain the samba source from the <ulink url="http://samba.org/">samba website</ulink>. To obtain a development version, +You can obtain the samba source from the +<ulink url="http://samba.org/">samba website</ulink>. To obtain a development version, you can download samba from CVS or using rsync. </para> @@ -243,28 +244,28 @@ example of what you would not want to see would be: configure Samba for your operating system. If you have unusual needs then you may wish to run</para> - <para><prompt>root# </prompt><userinput>./configure --help + <para>&rootprompt;<userinput>./configure --help </userinput></para> <para>first to see what special options you can enable. Then executing</para> - <para><prompt>root# </prompt><userinput>make</userinput></para> + <para>&rootprompt;<userinput>make</userinput></para> <para>will create the binaries. Once it's successfully compiled you can use </para> - <para><prompt>root# </prompt><userinput>make install</userinput></para> + <para>&rootprompt;<userinput>make install</userinput></para> <para>to install the binaries and manual pages. You can separately install the binaries and/or man pages using</para> - <para><prompt>root# </prompt><userinput>make installbin + <para>&rootprompt;<userinput>make installbin </userinput></para> <para>and</para> - <para><prompt>root# </prompt><userinput>make installman + <para>&rootprompt;<userinput>make installman </userinput></para> <para>Note that if you are upgrading for a previous version @@ -272,7 +273,7 @@ example of what you would not want to see would be: the binaries will be renamed with a ".old" extension. You can go back to the previous version with</para> - <para><prompt>root# </prompt><userinput>make revert + <para>&rootprompt;<userinput>make revert </userinput></para> <para>if you find this version a disaster!</para> diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.xml b/docs/docbook/projdoc/DOMAIN_MEMBER.xml index 9ad239634b..3042f704a8 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.xml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.xml @@ -190,11 +190,11 @@ that is normally used to create new Unix accounts. The following is an example </para> <para> -<prompt>root# </prompt><userinput>/usr/sbin/useradd -g 100 -d /dev/null -c <replaceable>"machine nickname"</replaceable> -s /bin/false <replaceable>machine_name</replaceable>$ </userinput> +&rootprompt;<userinput>/usr/sbin/useradd -g 100 -d /dev/null -c <replaceable>"machine nickname"</replaceable> -s /bin/false <replaceable>machine_name</replaceable>$ </userinput> </para> <para> -<prompt>root# </prompt><userinput>passwd -l <replaceable>machine_name</replaceable>$</userinput> +&rootprompt;<userinput>passwd -l <replaceable>machine_name</replaceable>$</userinput> </para> <para> @@ -202,7 +202,7 @@ On *BSD systems, this can be done using the <command>chpass</command> utility: </para> <para> -<prompt>root# </prompt><userinput>chpass -a "<replaceable>machine_name</replaceable>$:*:101:100::0:0:Workstation <replaceable>machine_name</replaceable>:/dev/null:/sbin/nologin"</userinput> +&rootprompt;<userinput>chpass -a "<replaceable>machine_name</replaceable>$:*:101:100::0:0:Workstation <replaceable>machine_name</replaceable>:/dev/null:/sbin/nologin"</userinput> </para> <para> @@ -212,9 +212,9 @@ home directory. For example a machine named 'doppy' would have an <filename>/etc/passwd</filename> entry like this: </para> -<para> +<programlisting> doppy$:x:505:501:<replaceable>machine_nickname</replaceable>:/dev/null:/bin/false -</para> +</programlisting> <para> Above, <replaceable>machine_nickname</replaceable> can be any @@ -234,9 +234,9 @@ as shown here: </para> <para> -<programlisting> -<prompt>root# </prompt><userinput>smbpasswd -a -m <replaceable>machine_name</replaceable></userinput> -</programlisting> +<screen> +&rootprompt;<userinput>smbpasswd -a -m <replaceable>machine_name</replaceable></userinput> +</screen>> </para> <para> @@ -287,7 +287,7 @@ Launch the <command>srvmgr.exe</command> (Server Manager for Domains) and follow <procedure> <title>Server Manager Account Machine Account Management</title> <step><para> - From the menu select <guimenu>Computer</guimenu> + From the menu select <guimenu>Computer</guimenu> </para></step> <step><para> @@ -375,9 +375,9 @@ with the version of Windows: <para> The name of the account that is used to create domain member machine accounts can be - anything the network administrator may choose. If it is other than <command>root</command> + anything the network administrator may choose. If it is other than <emphasis>root</emphasis> then this is easily mapped to root using the file pointed to be the &smb.conf; parameter - <emphasis>username map =</emphasis> <command>/etc/samba/smbusers</command>. + <parameter>username map = /etc/samba/smbusers</parameter>. </para> <para> @@ -394,17 +394,17 @@ with the version of Windows: <para> If the machine trust account was created manually, on the Identification Changes menu enter the domain name, but do not - check the box "Create a Computer Account in the Domain." In this case, - the existing machine trust account is used to join the machine to - the domain. + check the box <guilabel>Create a Computer Account in the Domain</guilabel>. + In this case, the existing machine trust account is used to join the machine + to the domain. </para> <para> If the machine trust account is to be created on-the-fly, on the Identification Changes menu enter the domain - name, and check the box "Create a Computer Account in the Domain." In - this case, joining the domain proceeds as above for Windows 2000 - (i.e., you must supply a Samba administrative account when + name, and check the box <guilabel>Create a Computer Account in the + Domain</guilabel>. In this case, joining the domain proceeds as above + for Windows 2000 (i.e., you must supply a Samba administrative account when prompted). </para> </sect3> @@ -472,7 +472,7 @@ now use domain security. <para> Change (or add) your <ulink url="smb.conf.5.html#SECURITY"> -<parameter>security =</parameter></ulink> line in the [global] section +<parameter>security</parameter></ulink> line in the [global] section of your &smb.conf; to read: </para> @@ -698,7 +698,7 @@ In case samba can't figure out your ads server using your realm name, use the </para> <note><para> -You do ¬ need a smbpasswd file, and older clients will be authenticated as +You do <strong>not</strong> need a smbpasswd file, and older clients will be authenticated as if <parameter>security = domain</parameter>, although it won't do any harm and allows you to have local users not in the domain. It is expected that the above required options will change soon when active directory integration will get @@ -734,8 +734,8 @@ requested realm while getting initial credentials</errorname> error <note><para> Time between the two servers must be synchronized. You will get a -"kinit(v5): Clock skew too great while getting initial credentials" if the time -difference is more than five minutes. +<errorname>kinit(v5): Clock skew too great while getting initial credentials</errorname> +if the time difference is more than five minutes. </para></note> <para> @@ -750,7 +750,7 @@ followed by the realm. The easiest way to ensure you get this right is to add a <filename>/etc/hosts</filename> entry mapping the IP address of your KDC to its netbios name. If you don't get this right then you will get a -"local error" when you try to join the realm. +<errorname>local error</errorname> when you try to join the realm. </para> <para> @@ -779,12 +779,12 @@ As a user that has write permission on the Samba private directory <para> <variablelist> - <varlistentry><term>ADS support not compiled in</term> + <varlistentry><term><errorname>ADS support not compiled in</errorname></term> <listitem><para>Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed. </para></listitem></varlistentry> - <varlistentry><term>net join prompts for user name</term> + <varlistentry><term><errorname>net join prompts for user name</errorname></term> <listitem><para>You need to login to the domain using <userinput>kinit <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput>. <replaceable>USERNAME</replaceable> must be a user who has rights to add a machine @@ -834,7 +834,7 @@ install, to create the right encoding types </para> <para> -w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in +W2k doesn't seem to create the _kerberos._udp and _ldap._tcp in their defaults DNS setup. Maybe fixed in service packs? </para> @@ -877,14 +877,14 @@ the old account and then to add the machine with a new name. <para> Adding a Windows 200x or XP Professional machine to the Samba PDC Domain fails with a -message that, "The machine could not be added at this time, there is a network problem. -Please try again later." Why? +message that, <errorname>The machine could not be added at this time, there is a network problem. +Please try again later.</errorname> Why? </para> <para> -You should check that there is an <emphasis>add machine script</emphasis> in your &smb.conf; +You should check that there is an <parameter>add machine script</parameter> in your &smb.conf; file. If there is not, please add one that is appropriate for your OS platform. If a script -has been defined you will need to debug it's operation. Increase the <emphasis>log level</emphasis> +has been defined you will need to debug it's operation. Increase the <parameter>log level</parameter> in the &smb.conf; file to level 10, then try to rejoin the domain. Check the logs to see which operation is failing. </para> diff --git a/docs/docbook/projdoc/Diagnosis.xml b/docs/docbook/projdoc/Diagnosis.xml index 150f071b78..50c5e1352d 100644 --- a/docs/docbook/projdoc/Diagnosis.xml +++ b/docs/docbook/projdoc/Diagnosis.xml @@ -129,7 +129,7 @@ run ping. </para> <para> -If you get a message saying "host not found" or similar then your DNS +If you get a message saying <errorname>host not found</errorname> or similar then your DNS software or <filename>/etc/hosts</filename> file is not correctly setup. It is possible to run samba without DNS entries for the server and client, but I assume @@ -143,10 +143,12 @@ in question, perhaps by allowing access from another subnet (on Linux this is done via the <application>ipfwadm</application> program.) </para> +<note> <para> -Note: Modern Linux distributions install ipchains/iptables by default. +Modern Linux distributions install ipchains/iptables by default. This is a common problem that is often overlooked. </para> +</note> </step> <step performance="required"> @@ -165,7 +167,7 @@ temporarily remove any <command>hosts allow</command>, <command>hosts deny</comm </para> <para> -If you get a "connection refused" response then the smbd server may +If you get a <errorname>connection refused</errorname> response then the smbd server may not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN @@ -180,7 +182,7 @@ this network super daemon. </para></note> <para> -If you get a "session request failed" then the server refused the +If you get a <errorname>session request failed</errorname> then the server refused the connection. If it says "Your server software is being unfriendly" then its probably because you have invalid command line parameters to &smbd;, or a similar fatal problem with the initial startup of &smbd;. Also @@ -213,7 +215,7 @@ To solve this problem change these lines to: </programlisting></para> <para> -Do NOT use the <command>bind interfaces only</command> parameter where you +Do <strong>not</strong> use the <command>bind interfaces only</command> parameter where you may wish to use the samba password change facility, or where &smbclient; may need to access a local service for name resolution or for local resource @@ -224,7 +226,8 @@ fixed soon). <para> Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from <application>inetd</application> already) or +on port <constant>139</constant>, such as Samba +(ie: &smbd; is running from <application>inetd</application> already) or something like Digital's Pathworks. Check your <filename>inetd.conf</filename> file before trying to start &smbd; as a daemon, it can avoid a lot of frustration! </para> @@ -288,8 +291,8 @@ This time we are trying the same as the previous test but are trying it via a broadcast to the default broadcast address. A number of Netbios/TCPIP hosts on the network should respond, although Samba may not catch all of the responses in the short time it listens. You -should see "got a positive name query response" messages from several -hosts. +should see <errorname>got a positive name query response</errorname> +messages from several hosts. </para> <para> @@ -332,12 +335,12 @@ as follows: <para> Once you enter the password you should get the <prompt>smb></prompt> prompt. If you -don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your &smb.conf;. +don't then look at the error message. If it says <errorname>invalid network +name</errorname> then the service <emphasis>"tmp"</emphasis> is not correctly setup in your &smb.conf;. </para> <para> -If it says "bad password" then the likely causes are: +If it says <errorname>bad password</errorname> then the likely causes are: </para> <orderedlist> @@ -369,8 +372,7 @@ If it says "bad password" then the likely causes are: <listitem> <para> - you enabled password encryption but didn't create the SMB encrypted - password file + you enabled password encryption but didn't map unix to samba users </para> </listitem> </orderedlist> @@ -394,7 +396,7 @@ list of available shares on the server. </para> <para> -If you get a "network name not found" or similar error then netbios +If you get a <errorname>network name not found</errorname> or similar error then netbios name resolution is not working. This is usually caused by a problem in nmbd. To overcome it you could do one of the following (you only need to choose one of them): @@ -421,7 +423,7 @@ to choose one of them): </orderedlist> <para> -If you get a "invalid network name" or "bad password error" then the +If you get a <errorname>invalid network name</errorname> or <errorname>bad password error</errorname> then the same fixes apply as they did for the <userinput>smbclient -L</userinput> test above. In particular, make sure your <command>hosts allow</command> line is correct (see the man pages) @@ -436,7 +438,7 @@ name and password. </para> <para> -If you get "specified computer is not receiving requests" or similar +If you get <errorname>specified computer is not receiving requests</errorname> or similar it probably means that the host is not contactable via tcp services. Check to see if the host is running tcp wrappers, and if so add an entry in the <filename>hosts.allow</filename> file for your client (or subnet, etc.) @@ -448,16 +450,16 @@ the <filename>hosts.allow</filename> file for your client (or subnet, etc.) <para> Run the command <userinput>net use x: \\BIGSERVER\TMP</userinput>. You should -be prompted for a password then you should get a "command completed -successfully" message. If not then your PC software is incorrectly +be prompted for a password then you should get a <computeroutput>command completed +successfully</computeroutput> message. If not then your PC software is incorrectly installed or your smb.conf is incorrect. make sure your <command>hosts allow</command> and other config lines in &smb.conf; are correct. </para> <para> It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line <command>user = -<replaceable>username</replaceable></command> to the <command>[tmp]</command> section of +connect you as. To see if this is the problem add the line <parameter>user = +<replaceable>username</replaceable></parameter> to the <parameter>[tmp]</parameter> section of &smb.conf; where <replaceable>username</replaceable> is the username corresponding to the password you typed. If you find this fixes things you may need the username mapping option. @@ -465,7 +467,7 @@ fixes things you may need the username mapping option. <para> It might also be the case that your client only sends encrypted passwords -and you have <command>encrypt passwords = no</command> in &smb.conf; +and you have <parameter>encrypt passwords = no</parameter> in &smb.conf; Turn it back on to fix. </para> @@ -484,7 +486,7 @@ master browser for that workgroup. If you don't then the election process has failed. Wait a minute to see if it is just being slow then try again. If it still fails after that then look at the browsing options you have set in &smb.conf;. Make -sure you have <command>preferred master = yes</command> to ensure that +sure you have <parameter>preferred master = yes</parameter> to ensure that an election is held at startup. </para> @@ -500,9 +502,9 @@ of the server and get a list of shares. If you get a "invalid password" error when you do then you are probably running WinNT and it is refusing to browse a server that has no encrypted password capability and is in user level security mode. In this case either set -<command>security = server</command> AND -<command>password server = Windows_NT_Machine</command> in your -&smb.conf; file, or make sure <command>encrypted passwords</command> is +<parameter>security = server</parameter> AND +<parameter>password server = Windows_NT_Machine</parameter> in your +&smb.conf; file, or make sure <parameter>encrypted passwords</parameter> is set to "yes". </para> diff --git a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.xml b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.xml index 4f7a0869de..d00d241b53 100644 --- a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.xml +++ b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.xml @@ -20,7 +20,7 @@ The first immediate reason to use the group mapping on a Samba PDC, is that the <parameter>domain admin group</parameter> has been removed and should no longer be specified in &smb.conf;. This parameter was used to give the listed users membership - in the "Domain Admins" Windows group which gave local admin rights on their workstations + in the <constant>Domain Admins</constant> Windows group which gave local admin rights on their workstations (in default configurations). </para> </warning> @@ -40,8 +40,8 @@ <para> Administrators should be aware that where &smb.conf; group interface scripts make - direct calls to the Unix/Linux system tools (eg: the shadow utilities, <command>groupadd, - groupdel, groupmod</command>) then the resulting Unix/Linux group names will be subject + direct calls to the Unix/Linux system tools (eg: the shadow utilities, <command>groupadd</command>, + <command>groupdel</command>, <command>groupmod</command>) then the resulting Unix/Linux group names will be subject to any limits imposed by these tools. If the tool does NOT allow upper case characters or space characters, then the creation of an MS Windows NT4 / 200x style group of <parameter>Engineering Managers</parameter> will attempt to create an identically named @@ -67,10 +67,11 @@ <title>Discussion</title> <para> - When installing MS Windows NT4 / 200x on a computer, the installation program creates default - users and groups. Notably the 'Administrators' group, and gives to that group privileges necessary - privilidges to perform essential system tasks. eg: Ability to change the date and time or to - kill any process (or close too) running on the local machine. + When installing <application>MS Windows NT4 / 200x</application> on a computer, the installation + program creates default users and groups. Notably the <constant>Administrators</constant> group, + and gives to that group privileges necessary privilidges to perform essential system tasks. + eg: Ability to change the date and time or to kill any process (or close too) running on the + local machine. </para> <para> @@ -100,9 +101,9 @@ look like: </para> - <para><screen> + <para><programlisting> domadm:x:502:joe,john,mary - </screen> + </programlisting> </para></listitem> <listitem><para> @@ -155,7 +156,8 @@ </para> <para> - <screen>&rootprompt; net groupmap list + <screen> + &rootprompt; <userinput>net groupmap list</userinput> System Administrators (S-1-5-21-2547222302-1596225915-2414751004-1002) -> sysadmin Domain Admins (S-1-5-21-2547222302-1596225915-2414751004-512) -> domadmin Domain Users (S-1-5-21-2547222302-1596225915-2414751004-513) -> domuser @@ -180,15 +182,16 @@ </para> <sect2> - <title>Sample smb.conf add group script</title> + <title>Sample &smb.conf; add group script</title> <para> A script to great complying group names for use by the samba group interfaces: </para> -<para> -<screen> -Script name: smbgrpadd.sh + <para> +<example> + <title>smbgrpadd.sh</title> +<programlisting> #!/bin/bash @@ -203,14 +206,15 @@ cat /etc/group | sed s/smbtmpgrp00/$1/g > /etc/group # Now return the GID as would normally happen. echo $thegid exit 0 -</screen> +</programlisting> +</example> </para> <para> The &smb.conf; entry for the above script would look like: - <screen> + <programlisting> add group script = /path_to_tool/smbgrpadd.sh %g - </screen> + </programlisting> </para> </sect2> @@ -224,7 +228,7 @@ exit 0 </para> <para> -<screen> +<programlisting> #!/bin/bash net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmin @@ -247,7 +251,7 @@ net groupmap modify ntgroup="Power Users" unixgroup=sys #net groupmap add ntgroup="Engineers" unixgroup=Engineers type=d #net groupmap add ntgroup="Marketoids" unixgroup=Marketoids type=d #net groupmap add ntgroup="Gnomes" unixgroup=Gnomes type=d -</screen> +</programlisting> </para> <para> diff --git a/docs/docbook/projdoc/Integrating-with-Windows.xml b/docs/docbook/projdoc/Integrating-with-Windows.xml index 0ee65a771c..4408595763 100644 --- a/docs/docbook/projdoc/Integrating-with-Windows.xml +++ b/docs/docbook/projdoc/Integrating-with-Windows.xml @@ -108,7 +108,7 @@ Network packets that are sent over the physical network transport layer communicate not via IP addresses but rather using the Media Access Control address, or MAC address. IP Addresses are currently 32 bits in length and are typically presented as four (4) decimal -numbers that are separated by a dot (or period). eg: 168.192.1.1 +numbers that are separated by a dot (or period). eg: 168.192.1.1. </para> <para> @@ -265,8 +265,8 @@ Starting with version 2.2.0 samba has Linux support for extensions to the name service switch infrastructure so that linux clients will be able to obtain resolution of MS Windows NetBIOS names to IP Addresses. To gain this functionality Samba needs to be compiled -with appropriate arguments to the make command (ie: <command>make -nsswitch/libnss_wins.so</command>). The resulting library should +with appropriate arguments to the make command (ie: <userinput>make +nsswitch/libnss_wins.so</userinput>). The resulting library should then be installed in the <filename>/lib</filename> directory and the "wins" parameter needs to be added to the "hosts:" line in the <filename>/etc/nsswitch.conf</filename> file. At this point it @@ -393,7 +393,7 @@ frustrating for users - but it is a characteristic of the protocol. <para> The MS Windows utility that allows examination of the NetBIOS name cache is called "nbtstat". The Samba equivalent of this -is called "nmblookup". +is called <command>nmblookup</command>. </para> </sect2> diff --git a/docs/docbook/projdoc/InterdomainTrusts.xml b/docs/docbook/projdoc/InterdomainTrusts.xml index ae780a4b61..416bceca3f 100644 --- a/docs/docbook/projdoc/InterdomainTrusts.xml +++ b/docs/docbook/projdoc/InterdomainTrusts.xml @@ -95,13 +95,15 @@ There are two steps to creating an interdomain trust relationship. <title>NT4 as the Trusting Domain (ie. creating the trusted account)</title> <para> -For MS Windows NT4, all domain trust relationships are configured using the Domain User Manager. -To affect a two way trust relationship it is necessary for each domain administrator to make -available (for use by an external domain) it's security resources. This is done from the Domain -User Manager Policies entry on the menu bar. From the Policy menu, select Trust Relationships, then -next to the lower box that is labelled "Permitted to Trust this Domain" are two buttons, "Add" and -"Remove". The "Add" button will open a panel in which needs to be entered the remote domain that -will be able to assign user rights to your domain. In addition it is necessary to enter a password +For MS Windows NT4, all domain trust relationships are configured using the +<application>Domain User Manager</application>. To affect a two way trust relationship it is +necessary for each domain administrator to make available (for use by an external domain) it's +security resources. This is done from the Domain User Manager Policies entry on the menu bar. +From the <guimenu>Policy</guimenu> menu, select <guimenuitem>Trust Relationships</guimenuitem>, then +next to the lower box that is labelled <guilabel>Permitted to Trust this Domain</guilabel> are two +buttons, <guibutton>Add</guibutton> and <guibutton>Remove</guibutton>. The <guibutton>Add</guibutton> +button will open a panel in which needs to be entered the remote domain that will be able to assign +user rights to your domain. In addition it is necessary to enter a password that is specific to this trust relationship. The password needs to be typed twice (for standard confirmation). </para> @@ -115,8 +117,9 @@ typed twice (for standard confirmation). A trust relationship will work only when the other (trusting) domain makes the appropriate connections with the trusted domain. To consumate the trust relationship the administrator will launch the Domain User Manager, from the menu select Policies, then select Trust Relationships, then click on the -"Add" button that is next to the box that is labelled "Trusted Domains". A panel will open in -which must be entered the name of the remote domain as well as the password assigned to that trust. +<guibutton>Add</guibutton> button that is next to the box that is labelled +<guilabel>Trusted Domains</guilabel>. A panel will open in which must be entered the name of the remote +domain as well as the password assigned to that trust. </para> </sect2> @@ -152,14 +155,14 @@ will be to issue this command from your favourite shell: <para> <screen> -<prompt>deity#</prompt> <userinput>smbpasswd -a -i rumba</userinput> +&rootprompt; <userinput>smbpasswd -a -i rumba</userinput> New SMB password: XXXXXXXX Retype SMB password: XXXXXXXX Added user rumba$ </screen> -where <parameter>-a</parameter> means to add a new account into the -passdb database and <parameter>-i</parameter> means: ''create this +where <option>-a</option> means to add a new account into the +passdb database and <option>-i</option> means: ''create this account with the InterDomain trust flag'' </para> @@ -178,12 +181,15 @@ the trust by establishing it from Windows NT Server. </para> <para> -Open 'User Manager for Domains' and from menu 'Policies' select 'Trust Relationships...'. -Right beside 'Trusted domains' list box press 'Add...' button. You will be prompted for +Open <application>User Manager for Domains</application> and from menu +<guimenu>Policies</guimenu> select <guimenuitem>Trust Relationships...</guimenuitem>. +Right beside <guilabel>Trusted domains</guilabel> list box press the +<guimenu>Add...</guimenu> button. You will be prompted for the trusted domain name and the relationship password. Type in SAMBA, as this is your domain name, and the password used at the time of account creation. -Press OK and, if everything went without incident, you will see 'Trusted domain relationship -successfully established' message. +Press OK and, if everything went without incident, you will see +<computeroutput>Trusted domain relationship successfully +established</computeroutput> message. </para> </sect2> @@ -200,9 +206,11 @@ The very first thing requirement is to add an account for the SAMBA domain on RU </para> <para> -Launch the Domain User Manager, then from the menu select 'Policies', 'Trust Relationships'. -Now, next to 'Trusted Domains' box press the 'Add' button, and type in the name of the trusted -domain (SAMBA) and password securing the relationship. +Launch the <application>Domain User Manager</application>, then from the menu select +<guimenu>Policies</guimenu>, <guimenuitem>Trust Relationships</guimenuitem>. +Now, next to <guilabel>Trusted Domains</guilabel> box press the <guibutton>Add</guibutton> +button, and type in the name of the trusted domain (SAMBA) and password securing +the relationship. </para> <para> @@ -216,7 +224,7 @@ Using your favourite shell while being logged in as root, issue this command: </para> <para> -<prompt>deity# </prompt><userinput>net rpc trustdom establish rumba</userinput> +&rootprompt;<userinput>net rpc trustdom establish rumba</userinput> </para> <para> @@ -226,8 +234,8 @@ Do not worry if you see an error message that mentions a returned code of password you gave is correct and the NT4 Server says the account is ready for interdomain connection and not for ordinary connection. After that, be patient it can take a while (especially -in large networks), you should see the 'Success' message. Congratulations! Your trust -relationship has just been established. +in large networks), you should see the <computeroutput>Success</computeroutput> message. +Congratulations! Your trust relationship has just been established. </para> <note><para> diff --git a/docs/docbook/projdoc/IntroSMB.xml b/docs/docbook/projdoc/IntroSMB.xml index d5ce43fbdf..730c400ee1 100644 --- a/docs/docbook/projdoc/IntroSMB.xml +++ b/docs/docbook/projdoc/IntroSMB.xml @@ -6,10 +6,10 @@ <title>Introduction to Samba</title> -<para><emphasis> +<para><quote> "If you understand what you're doing, you're not learning anything." -- Anonymous -</emphasis></para> +</quote></para> <para> Samba is a file and print server for Windows-based clients using TCP/IP as the underlying @@ -132,7 +132,7 @@ thinking? </itemizedlist> <para>If you plan on getting help, make sure to subscribe to the Samba Mailing List (available at -http://www.samba.org). Optionally, you could just search mailing.unix.samba at http://groups.google.com +<ulink url="http://www.samba.org/">http://www.samba.org</ulink>). </para> </sect1> @@ -171,8 +171,9 @@ nothing to do with acting as a file and print server for SMB/CIFS clients. </para> <para> -There are other Open Source CIFS client implementations, such as the jCIFS project -(jcifs.samba.org) which provides an SMB client toolkit written in Java. +There are other Open Source CIFS client implementations, such as the +<ulink url="http://jcifs.samba.org/">jCIFS project</ulink> +which provides an SMB client toolkit written in Java. </para> @@ -226,9 +227,9 @@ up a single file. In general, SMB sessions are established in the following orde </itemizedlist> <para> -A good way to examine this process in depth is to try out SecurityFriday's SWB program -at http://www.securityfriday.com/ToolDownload/SWB/swb_doc.html. It allows you to -walk through the establishment of a SMB/CIFS session step by step. +A good way to examine this process in depth is to try out +<ulink url="http://www.securityfriday.com/ToolDownload/SWB/swb_doc.html">SecurityFriday's SWB program</ulink>. +It allows you to walk through the establishment of a SMB/CIFS session step by step. </para> </sect1> @@ -236,8 +237,8 @@ walk through the establishment of a SMB/CIFS session step by step. <sect1> <title>Epilogue</title> -<para><emphasis> -"What's fundamentally wrong is that nobody ever had any taste when they +<para><quote> +What's fundamentally wrong is that nobody ever had any taste when they did it. Microsoft has been very much into making the user interface look good, but internally it's just a complete mess. And even people who program for Microsoft and who have had years of experience, just don't know how it works internally. @@ -246,16 +247,16 @@ mess that fixing one bug might just break a hundred programs that depend on that bug. And Microsoft isn't interested in anyone fixing bugs -- they're interested in making money. They don't have anybody who takes pride in Windows 95 as an operating system. -</emphasis></para> +</quote></para> -<para><emphasis> +<para><quote> People inside Microsoft know it's a bad operating system and they still continue obviously working on it because they want to get the next version out because they want to have all these new features to sell more copies of the system. -</emphasis></para> +</quote></para> -<para><emphasis> +<para><quote> The problem with that is that over time, when you have this kind of approach, and because nobody understands it, because nobody REALLY fixes bugs (other than when they're really obvious), the end result is really messy. You can't trust @@ -265,11 +266,11 @@ fine and then once in a blue moon for some completely unknown reason, it's dead, and nobody knows why. Not Microsoft, not the experienced user and certainly not the completely clueless user who probably sits there shivering thinking "What did I do wrong?" when they didn't do anything wrong at all. -</emphasis></para> +</quote></para> -<para><emphasis> +<para><quote> That's what's really irritating to me." -</emphasis></para> +</quote></para> <para>-- <ulink url="http://hr.uoregon.edu/davidrl/boot.txt">Linus Torvalds, from an interview with BOOT Magazine, Sept 1998</ulink> @@ -280,12 +281,7 @@ That's what's really irritating to me." <sect1> <title>Miscellaneous</title> -<para> -This chapter was lovingly handcrafted on a Dell Latitude C400 laptop running Slackware Linux 9.0, -in case anyone asks. -</para> - -<!-- This really needs to go... --> +<!--FIXME: This really needs to go... --> <para> This chapter is Copyright 2003 David Lechnyr (david at lechnyr dot com). diff --git a/docs/docbook/projdoc/NT4Migration.xml b/docs/docbook/projdoc/NT4Migration.xml index 585cfe6a47..fb136760fa 100644 --- a/docs/docbook/projdoc/NT4Migration.xml +++ b/docs/docbook/projdoc/NT4Migration.xml @@ -44,26 +44,14 @@ should know precisely <emphasis>why</emphasis> the change is important for the o Possible motivations to make a change include: </para> -<itemizedlist> -<listitem> - <para>Improve network manageability</para> -</listitem> -<listitem> - <para>Obtain better user level functionality</para> -</listitem> -<listitem> - <para>Reduce network operating costs</para> -</listitem> -<listitem> - <para>Reduce exposure caused by Microsoft withdrawal of NT4 support</para> -</listitem> -<listitem> - <para>Avoid MS License 6 implications</para> -</listitem> -<listitem> - <para>Reduce organisation's dependency on Microsoft</para> -</listitem> -</itemizedlist> +<simplelist> + <member>Improve network manageability</member> + <member>Obtain better user level functionality</member> + <member>Reduce network operating costs</member> + <member>Reduce exposure caused by Microsoft withdrawal of NT4 support</member> + <member>Avoid MS License 6 implications</member> + <member>Reduce organisation's dependency on Microsoft</member> +</simplelist> <para> It is vital that it be well recognised that Samba-3 is NOT MS Windows NT4. Samba-3 offers @@ -77,61 +65,31 @@ MS Windows 2000 and beyond (with or without Active Directory services). What are the features that Samba-3 can NOT provide? </para> -<itemizedlist> -<listitem> - <para>Active Directory Server</para> -</listitem> -<listitem> - <para>Group Policy Objects (in Active Direcrtory)</para> -</listitem> -<listitem> - <para>Machine Policy objects</para> -</listitem> -<listitem> - <para>Logon Scripts in Active Directorty</para> -</listitem> -<listitem> - <para>Software Application and Access Controls in Active Directory</para> -</listitem> -</itemizedlist> +<simplelist> + <member>Active Directory Server</member> + <member>Group Policy Objects (in Active Direcrtory)</member> + <member>Machine Policy objects</member> + <member>Logon Scripts in Active Directorty</member> + <member>Software Application and Access Controls in Active Directory</member> +</simplelist> <para> The features that Samba-3 DOES provide and that may be of compelling interest to your site includes: </para> -<itemizedlist> -<listitem> - <para>Lower Cost of Ownership</para> -</listitem> -<listitem> - <para>Global availability of support with no strings attached</para> -</listitem> -<listitem> - <para>Dynamic SMB Servers (ie:Can run more than one server per Unix/Linux system)</para> -</listitem> -<listitem> - <para>Creation of on-the-fly logon scripts</para> -</listitem> -<listitem> - <para>Creation of on-the-fly Policy Files</para> -</listitem> -<listitem> - <para>Greater Stability, Reliability, Performance and Availability</para> -</listitem> -<listitem> - <para>Manageability via an ssh connection</para> -</listitem> -<listitem> - <para>Flexible choices of back-end authentication technologies (tdbsam, ldapsam, mysqlsam)</para> -</listitem> -<listitem> - <para>Ability to implement a full single-signon architecture</para> -</listitem> -<listitem> - <para>Ability to distribute authentication systems for absolute minimum wide area network bandwidth demand</para> -</listitem> -</itemizedlist> +<simplelist> + <member>Lower Cost of Ownership</member> + <member>Global availability of support with no strings attached</member> + <member>Dynamic SMB Servers (ie:Can run more than one server per Unix/Linux system)</member> + <member>Creation of on-the-fly logon scripts</member> + <member>Creation of on-the-fly Policy Files</member> + <member>Greater Stability, Reliability, Performance and Availability</member> + <member>Manageability via an ssh connection</member> + <member>Flexible choices of back-end authentication technologies (tdbsam, ldapsam, mysqlsam)</member> + <member>Ability to implement a full single-signon architecture</member> + <member>Ability to distribute authentication systems for absolute minimum wide area network bandwidth demand</member> +</simplelist> <para> Before migrating a network from MS Windows NT4 to Samba-3 it is vital that all necessary factors are @@ -221,11 +179,11 @@ all users gain share and printer connections they need. Logon scripts can be created on-the-fly so that all commands executed are specific to the rights and privilidges granted to the user. The preferred controls should be affected through group membership so that group information can be used to custom create a logong script using -the <filename>root preexec</filename> parameters to the <filename>NETLOGON</filename> share. +the <parameter>root preexec</parameter> parameters to the <filename>NETLOGON</filename> share. </para> <para> -Some sites prefer to use a tool such as <filename>kixstart</filename> to establish a controlled +Some sites prefer to use a tool such as <command>kixstart</command> to establish a controlled user environment. In any case you may wish to do a google search for logon script process controls. In particular, you may wish to explore the use of the Microsoft knowledgebase article KB189105 that deals with how to add printers without user intervention via the logon script process. @@ -241,7 +199,7 @@ Management. </para> <para> -Profiles may also be managed using the Samba-3 tool <filename>profiles</filename>. This tool allows +Profiles may also be managed using the Samba-3 tool <command>profiles</command>. This tool allows the MS Windows NT style security identifiers (SIDs) that are stored inside the profile NTuser.DAT file to be changed to the SID of the Samba-3 domain. </para> @@ -283,39 +241,39 @@ Samba-3 set up as a DC with netlogon share, profile share, etc. <substeps><step><para>Samba must NOT be running</para></step></substeps></step> <step> - <para>rpcclient NT4PDC -U Administrator%passwd</para> + <para><userinput>rpcclient <replaceable>NT4PDC</replaceable> -U Administrator%<replaceable>passwd</replaceable></userinput></para> <substeps><step><para>lsaquery</para></step> <step><para>Note the SID returned</para></step> </substeps> </step> - <step><para>net getsid -S NT4PDC -w DOMNAME -U Administrator%passwd</para> + <step><para><userinput>net getsid -S <replaceable>NT4PDC</replaceable> -w <replaceable>DOMNAME</replaceable> -U Administrator%<replaceable>passwd</replaceable></userinput></para> <substeps><step><para>Note the SID</para></step></substeps> </step> - <step><para>net getlocalsid</para> + <step><para><userinput>net getlocalsid</userinput></para> <substeps> <step><para>Note the SID, now check that all three SIDS reported are the same!</para></step> </substeps> </step> - <step><para>net rpc join -S NT4PDC -w DOMNAME -U Administrator%passwd</para></step> + <step><para><userinput>net rpc join -S <replaceable>NT4PDC</replaceable> -w <replaceable>DOMNAME</replaceable> -U Administrator%<replaceable>passwd</replaceable></userinput></para></step> - <step><para>net rpc vampire -S NT4PDC -U administrator%passwd</para></step> + <step><para><userinput>net rpc vampire -S <replaceable>NT4PDC</replaceable> -U administrator%<replaceable>passwd</replaceable></userinput></para></step> - <step><para>pdbedit -l</para> + <step><para><userinput>pdbedit -L</userinput></para> <substeps><step><para>Note - did the users migrate?</para></step></substeps> </step> - <step><para>initGrps.sh DOMNAME</para></step> + <step><para><userinput>initGrps.sh <replaceable>DOMNAME</replaceable></userinput></para></step> - <step><para>net groupmap list</para> + <step><para><userinput>net groupmap list</userinput></para> <substeps><step><para>Now check that all groups are recognised</para></step></substeps> </step> - <step><para>net rpc campire -S NT4PDC -U administrator%passwd</para></step> + <step><para><userinput>net rpc campire -S <replaceable>NT4PDC</replaceable> -U administrator%<replaceable>passwd</replaceable></userinput></para></step> - <step><para>pdbedit -lv</para> + <step><para><userinput>pdbedit -Lv</userinput></para> <substeps><step> <para>Note - check that all group membership has been migrated</para> </step></substeps> @@ -440,6 +398,7 @@ No matter what choice you make, the following rules will minimise down-stream pr <sect2> <title>Samba Implementation Choices</title> +<!-- FIXME: Either a better layout or more written-out text--> <para><programlisting> Authentication database back end Winbind (external Samba or NT4/200x server) diff --git a/docs/docbook/projdoc/NetworkBrowsing.xml b/docs/docbook/projdoc/NetworkBrowsing.xml index 8648bfa256..c698756ee5 100644 --- a/docs/docbook/projdoc/NetworkBrowsing.xml +++ b/docs/docbook/projdoc/NetworkBrowsing.xml @@ -103,6 +103,7 @@ called <filename>nmbd</filename>. The configuration parameters involved in nmbd' </para> <para><programlisting> + <!--FIXME--> Browsing options: ----------------- * os level @@ -426,7 +427,8 @@ cross subnet browsing possible for a workgroup. In an WORKGROUP environment the domain master browser must be a Samba server, and there must only be one domain master browser per workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the &smb.conf; file : +set the following option in the <parameter>[global]</parameter> section +of the &smb.conf; file : </para> <para> @@ -438,7 +440,7 @@ set the following option in the [global] section of the &smb.conf; file : <para> The domain master browser should also preferrably be the local master browser for its own subnet. In order to achieve this set the following -options in the [global] section of the &smb.conf; file : +options in the <parameter>[global]</parameter> section of the &smb.conf; file : </para> <para> @@ -462,7 +464,7 @@ workgroup. Any MS Windows NT/2K/XP/2003 machine should be able to do this, as will Windows 9x machines (although these tend to get rebooted more often, so it's not such a good idea to use these). To make a Samba server a local master browser -set the following options in the [global] section of the +set the following options in the <parameter>[global]</parameter> section of the &smb.conf; file : </para> @@ -482,9 +484,9 @@ master browser. </para> <para> -The <command>local master</command> parameter allows Samba to act as a -local master browser. The <command>preferred master</command> causes nmbd -to force a browser election on startup and the <command>os level</command> +The <parameter>local master</parameter> parameter allows Samba to act as a +local master browser. The <parameter>preferred master</parameter> causes nmbd +to force a browser election on startup and the <parameter>os level</parameter> parameter sets Samba high enough so that it should win any browser elections. </para> @@ -492,7 +494,7 @@ parameter sets Samba high enough so that it should win any browser elections. If you have an NT machine on the subnet that you wish to be the local master browser then you can disable Samba from becoming a local master browser by setting the following -options in the <command>[global]</command> section of the +options in the <parameter>[global]</parameter> section of the &smb.conf; file : </para> @@ -539,7 +541,7 @@ of the &smb.conf; file : <para> If you wish to have a Samba server fight the election with machines -on the same subnet you may set the <command>os level</command> parameter +on the same subnet you may set the <parameter>os level</parameter> parameter to lower levels. By doing this you can tune the order of machines that will become local master browsers if they are running. For more details on this see the section <link linkend="browse-force-master"> @@ -552,7 +554,7 @@ If you have Windows NT machines that are members of the domain on all subnets, and you are sure they will always be running then you can disable Samba from taking part in browser elections and ever becoming a local master browser by setting following options -in the <command>[global]</command> section of the &smb.conf; +in the <parameter>[global]</parameter> section of the &smb.conf; file : </para> @@ -571,7 +573,7 @@ file : <title>Forcing samba to be the master</title> <para> -Who becomes the <command>master browser</command> is determined by an election +Who becomes the <parameter>master browser</parameter> is determined by an election process using broadcasts. Each election packet contains a number of parameters which determine what precedence (bias) a host should have in the election. By default Samba uses a very low precedence and thus loses @@ -579,14 +581,14 @@ elections to just about anyone else. </para> <para> -If you want Samba to win elections then just set the <command>os level</command> global +If you want Samba to win elections then just set the <parameter>os level</parameter> global option in &smb.conf; to a higher number. It defaults to 0. Using 34 would make it win all elections over every other system (except other samba systems!) </para> <para> -A <command>os level</command> of 2 would make it beat WfWg and Win95, but not MS Windows +A <parameter>os level</parameter> of 2 would make it beat WfWg and Win95, but not MS Windows NT/2K Server. A MS Windows NT/2K Server domain controller uses level 32. </para> @@ -594,18 +596,18 @@ NT/2K Server. A MS Windows NT/2K Server domain controller uses level 32. <para> If you want samba to force an election on startup, then set the -<command>preferred master</command> global option in &smb.conf; to "yes". Samba will +<parameter>preferred master</parameter> global option in &smb.conf; to <constant>yes</constant>. Samba will then have a slight advantage over other potential master browsers that are not preferred master browsers. Use this parameter with care, as if you have two hosts (whether they are windows 95 or NT or -samba) on the same local subnet both set with <command>preferred master</command> to -"yes", then periodically and continually they will force an election +samba) on the same local subnet both set with <parameter>preferred master</parameter> to +<constant>yes</constant>, then periodically and continually they will force an election in order to become the local master browser. </para> <para> -If you want samba to be a <command>domain master browser</command>, then it is -recommended that you also set <command>preferred master</command> to "yes", because + If you want samba to be a <parameter>domain master browser</parameter>, then it is +recommended that you also set <parameter>preferred master</parameter> to <constant>yes</constant>, because samba will not become a domain master browser for the whole of your LAN or WAN if it is not also a local master browser on its own broadcast isolated subnet. @@ -629,12 +631,12 @@ the current domain master browser fail. <para> The domain master is responsible for collating the browse lists of multiple subnets so that browsing can occur between subnets. You can -make samba act as the domain master by setting <command>domain master = yes</command> +make samba act as the domain master by setting <parameter>domain master = yes</parameter> in &smb.conf;. By default it will not be a domain master. </para> <para> -Note that you should NOT set Samba to be the domain master for a +Note that you should <strong>not</strong> set Samba to be the domain master for a workgroup that has the same name as an NT Domain. </para> @@ -647,8 +649,8 @@ browse lists. <para> If you want samba to be the domain master then I suggest you also set -the <command>os level</command> high enough to make sure it wins elections, and set -<command>preferred master</command> to "yes", to get samba to force an election on +the <parameter>os level</parameter> high enough to make sure it wins elections, and set +<parameter>preferred master</parameter> to <constant>yes</constant>, to get samba to force an election on startup. </para> @@ -723,12 +725,12 @@ option in &smb.conf; to configure them. </para> </sect2> <sect2> -<title>Use of the <command>Remote Announce</command> parameter</title> +<title>Use of the Remote Announce parameter</title> <para> -The <command>remote announce</command> parameter of +The <parameter>remote announce</parameter> parameter of <filename>smb.conf</filename> can be used to forcibly ensure that all the NetBIOS names on a network get announced to a remote network. -The syntax of the <command>remote announce</command> parameter is: +The syntax of the <parameter>remote announce</parameter> parameter is: <programlisting> remote announce = a.b.c.d [e.f.g.h] ... </programlisting> @@ -769,10 +771,10 @@ name resolution problems and should be avoided. </sect2> <sect2> -<title>Use of the <command>Remote Browse Sync</command> parameter</title> +<title>Use of the Remote Browse Sync parameter</title> <para> -The <command>remote browse sync</command> parameter of +The <parameter>remote browse sync</parameter> parameter of <filename>smb.conf</filename> is used to announce to another LMB that it must synchronise it's NetBIOS name list with our Samba LMB. It works ONLY if the Samba server that has this option is @@ -780,7 +782,7 @@ simultaneously the LMB on it's network segment. </para> <para> -The syntax of the <command>remote browse sync</command> parameter is: +The syntax of the <parameter>remote browse sync</parameter> parameter is: <programlisting> remote browse sync = <replaceable>a.b.c.d</replaceable> @@ -848,18 +850,18 @@ errors. <para> To configure Samba as a WINS server just add -<command>wins support = yes</command> to the <filename>smb.conf</filename> +<parameter>wins support = yes</parameter> to the <filename>smb.conf</filename> file [globals] section. </para> <para> To configure Samba to register with a WINS server just add -"wins server = a.b.c.d" to your smb.conf file [globals] section. +<parameter>wins server = a.b.c.d</parameter> to your &smb.conf; file <parameter>[globals]</parameter> section. </para> <important><para> -Never use both <command>wins support = yes</command> together -with <command>wins server = a.b.c.d</command> +Never use both <parameter>wins support = yes</parameter> together +with <parameter>wins server = a.b.c.d</parameter> particularly not using it's own IP address. Specifying both will cause &nmbd; to refuse to start! </para></important> @@ -871,7 +873,7 @@ Specifying both will cause &nmbd; to refuse to start! Either a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must add the following option to the &smb.conf; file on the selected machine : -in the [globals] section add the line +in the <parameter>[globals]</parameter> section add the line </para> <para> @@ -888,13 +890,13 @@ least set the parameter to 'no' on all these machines. </para> <para> -Machines with <command>wins support = yes</command> will keep a list of +Machines with <parameter>wins support = yes</parameter> will keep a list of all NetBIOS names registered with them, acting as a DNS for NetBIOS names. </para> <para> You should set up only ONE wins server. Do NOT set the -<command>wins support = yes</command> option on more than one Samba +<parameter>wins support = yes</parameter> option on more than one Samba server. </para> @@ -908,17 +910,17 @@ participate in these replications. It is possible in the future that a Samba->Samba WINS replication protocol may be defined, in which case more than one Samba machine could be set up as a WINS server but currently only one Samba server should have the -<command>wins support = yes</command> parameter set. +<parameter>wins support = yes</parameter> parameter set. </para> <para> After the WINS server has been configured you must ensure that all machines participating on the network are configured with the address of this WINS server. If your WINS server is a Samba machine, fill in -the Samba machine IP address in the "Primary WINS Server" field of -the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs +the Samba machine IP address in the <guilabel>Primary WINS Server</guilabel> field of +the <guilabel>Control Panel->Network->Protocols->TCP->WINS Server</guilabel> dialogs in Windows 95 or Windows NT. To tell a Samba server the IP address -of the WINS server add the following line to the [global] section of +of the WINS server add the following line to the <parameter>[global]</parameter> section of all &smb.conf; files : </para> @@ -936,8 +938,8 @@ machine or its IP address. <para> Note that this line MUST NOT BE SET in the &smb.conf; file of the Samba server acting as the WINS server itself. If you set both the -<command>wins support = yes</command> option and the -<command>wins server = <name></command> option then +<parameter>wins support = yes</parameter> option and the +<parameter>wins server = <name></parameter> option then nmbd will fail to start. </para> @@ -966,7 +968,7 @@ section of the documentation to provide usage and technical details. <title>Static WINS Entries</title> <para> -New to Samba-3 is a tool called <filename>winsedit</filename> that may be used to add +New to Samba-3 is a tool called <command>winsedit</command> that may be used to add static WINS entries to the WINS database. This tool can be used also to modify entries existing in the WINS database. </para> @@ -1051,7 +1053,7 @@ are:</para> <para> Alternative means of name resolution includes:</para> <simplelist> -<member>/etc/hosts: is static, hard to maintain, and lacks name_type info</member> +<member><filename>/etc/hosts</filename>: is static, hard to maintain, and lacks name_type info</member> <member>DNS: is a good choice but lacks essential name_type info.</member> </simplelist> @@ -1082,7 +1084,7 @@ controlled by <filename>/etc/host.conf</filename>, <filename>/etc/nsswitch.conf< <para> SMB networking provides a mechanism by which clients can access a list -of machines in a network, a so-called <command>browse list</command>. This list +of machines in a network, a so-called <parameter>browse list</parameter>. This list contains machines that are ready to offer file and/or print services to other machines within the network. Thus it does not include machines which aren't currently able to do server tasks. The browse @@ -1144,7 +1146,7 @@ recommended that you use one and only one Samba server as your WINS server. <para> To get browsing to work you need to run nmbd as usual, but will need -to use the <command>workgroup</command> option in &smb.conf; +to use the <parameter>workgroup</parameter> option in &smb.conf; to control what workgroup Samba becomes a part of. </para> @@ -1152,7 +1154,7 @@ to control what workgroup Samba becomes a part of. Samba also has a useful option for a Samba server to offer itself for browsing on another subnet. It is recommended that this option is only used for 'unusual' purposes: announcements over the internet, for -example. See <command>remote announce</command> in the +example. See <parameter>remote announce</parameter> in the &smb.conf; man page. </para> </sect2> @@ -1175,7 +1177,7 @@ hit enter and filemanager should display the list of available shares. <para> Some people find browsing fails because they don't have the global -<command>guest account</command> set to a valid account. Remember that the +<parameter>guest account</parameter> set to a valid account. Remember that the IPC$ connection that lists the shares is done as guest, and thus you must have a valid guest account. </para> @@ -1242,6 +1244,7 @@ Consider a network set up as follows : </para> <para> + <!-- FIXME: Convert this to diagram --> <programlisting> (DMB) N1_A N1_B N1_C N1_D N1_E @@ -1312,15 +1315,19 @@ you looked in it on a particular network right now). </para> <para> -<programlisting> -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D +<table> + <tgroup align="left" cols="3"> + <thead> + <row><entry>Subnet</entry><entry>Browse Master</entry><entry>List</entry></row> + </thead> -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D -</programlisting> + <tbody> + <row><entry>Subnet1</entry><entry>N1_C</entry><entry>N1_A, N1_B, N1_C, N1_D, N1_E</entry></row> + <row><entry>Subnet2</entry><entry>N2_B</entry><entry>N2_A, N2_B, N2_C, N2_D</entry></row> + <row><entry>Subnet3</entry><entry>N3_D</entry><entry>N3_A, N3_B, N3_C, N3_D</entry></row> + </tbody> + </tgroup> +</table> </para> <para> @@ -1350,19 +1357,21 @@ are done the browse lists look like : </para> <para> -<programlisting> -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) +<table> + <tgroup align="left" cols="3"> + <thead> + <row><entry>Subnet</entry><entry>Browse Master</entry><entry>List</entry></row> + </thead> -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D + <tbody> + <row><entry>Subnet1</entry><entry>N1_C</entry><entry>N1_A, N1_B, N1_C, N1_D, N1_E, N2_A(*), N2_B(*), N2_C(*), N2_D(*)</entry></row> + <row><entry>Subnet2</entry><entry>N2_B</entry><entry>N2_A, N2_B, N2_C, N2_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)</entry></row> + <row><entry>Subnet3</entry><entry>N3_D</entry><entry>N3_A, N3_B, N3_C, N3_D</entry></row> + </tbody> + </tgroup> +</table> Servers with a (*) after them are non-authoritative names. -</programlisting> </para> <para> @@ -1381,22 +1390,21 @@ the browse lists look like. </para> <para> -<programlisting> -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) +<table> + <tgroup cols="3" align="left"> + <thead> + <row><entry>Subnet</entry><entry>Browse Master</entry><entry>List</entry></row> + </thead> -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) + <tbody> + <row><entry>Subnet1</entry><entry>N1_C</entry><entry>N1_A, N1_B, N1_C, N1_D, N1_E, N2_A(*), N2_B(*), N2_C(*), N2_D(*), N3_A(*), N3_B(*), N3_C(*), N3_D(*)</entry></row> + <row><entry>Subnet2</entry><entry>N2_B</entry><entry>N2_A, N2_B, N2_C, N2_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)</entry></row> + <row><entry>Subnet3</entry><entry>N3_D</entry><entry>N3_A, N3_B, N3_C, N3_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), N2_A(*), N2_B(*), N2_C(*), N2_D(*)</entry></row> + </tbody> + </tgroup> +</table> Servers with a (*) after them are non-authoritative names. -</programlisting> </para> <para> @@ -1413,23 +1421,21 @@ are removed or shut off) the browse lists will look like : </para> <para> -<programlisting> -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) +<table> + <tgroup cols="3" align="left"> + <thead> + <row><entry>Subnet</entry><entry>Browse Master</entry><entry>List</entry></row> + </thead> + + <tbody> + <row><entry>Subnet1</entry><entry>N1_C</entry><entry>N1_A, N1_B, N1_C, N1_D, N1_E, N2_A(*), N2_B(*), N2_C(*), N2_D(*), N3_A(*), N3_B(*), N3_C(*), N3_D(*)</entry></row> + <row><entry>Subnet2</entry><entry>N2_B</entry><entry>N2_A, N2_B, N2_C, N2_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), N3_A(*), N3_B(*), N3_C(*), N3_D(*)</entry></row> + <row><entry>Subnet3</entry><entry>N3_D</entry><entry>N3_A, N3_B, N3_C, N3_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), N2_A(*), N2_B(*), N2_C(*), N2_D(*)</entry></row> + </tbody> + </tgroup> +</table> Servers with a (*) after them are non-authoritative names. -</programlisting> </para> <para> diff --git a/docs/docbook/projdoc/Other-Clients.xml b/docs/docbook/projdoc/Other-Clients.xml index b9f4cf3a93..0cf9af7a87 100644 --- a/docs/docbook/projdoc/Other-Clients.xml +++ b/docs/docbook/projdoc/Other-Clients.xml @@ -54,14 +54,11 @@ packages, Samba, and Linux (and other UNIX-based systems) see <para>Basically, you need three components:</para> - <itemizedlist> - <listitem><para>The File and Print Client ('IBM Peer') - </para></listitem> - <listitem><para>TCP/IP ('Internet support') - </para></listitem> - <listitem><para>The "NetBIOS over TCP/IP" driver ('TCPBEUI') - </para></listitem> - </itemizedlist> + <simplelist> + <member>The File and Print Client ('IBM Peer')</member> + <member>TCP/IP ('Internet support') </member> + <member>The "NetBIOS over TCP/IP" driver ('TCPBEUI')</member> + </simplelist> <para>Installing the first two together with the base operating system on a blank system is explained in the Warp manual. If Warp @@ -114,40 +111,26 @@ packages, Samba, and Linux (and other UNIX-based systems) see </sect2> <sect2> - <title>Are there any other issues when OS/2 (any version) - is used as a client?</title> - - <para>When you do a NET VIEW or use the "File and Print - Client Resource Browser", no Samba servers show up. This can - be fixed by a patch from <ulink - url="http://carol.wins.uva.nl/~leeuw/samba/fix.html"> - http://carol.wins.uva.nl/~leeuw/samba/fix.html</ulink>. - The patch will be included in a later version of Samba. It also - fixes a couple of other problems, such as preserving long - filenames when objects are dragged from the Workplace Shell - to the Samba server. </para> - </sect2> - - <sect2> <title>How do I get printer driver download working for OS/2 clients?</title> - <para>First, create a share called [PRINTDRV] that is + <para>First, create a share called <parameter>[PRINTDRV]</parameter> that is world-readable. Copy your OS/2 driver files there. Note that the .EA_ files must still be separate, so you will need to use the original install files, and not copy an installed driver from an OS/2 system.</para> <para>Install the NT driver first for that printer. Then, - add to your smb.conf a parameter, os2 driver map = - <replaceable>filename</replaceable>". Then, in the file + add to your &smb.conf; a parameter, <parameter>os2 driver map = + <replaceable>filename</replaceable></parameter>. Then, in the file specified by <replaceable>filename</replaceable>, map the name of the NT driver name to the OS/2 driver name as follows:</para> - <para><command>nt driver name = os2 "driver - name"."device name"</command>, e.g.: - HP LaserJet 5L = LASERJET.HP LaserJet 5L</para> + <para><parameter><replaceable>nt driver name</replaceable> = <replaceable>os2 driver name</replaceable>.<replaceable>device name</replaceable></parameter>, e.g.:</para> + + <para><parameter> + HP LaserJet 5L = LASERJET.HP LaserJet 5L</parameter></para> <para>You can have multiple drivers mapped in this file.</para> @@ -176,10 +159,16 @@ for workgroups. <para> Microsoft has released an incremental upgrade to their TCP/IP 32-Bit VxD drivers. The latest release can be found on their ftp site at -ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe. +ftp.microsoft.com, located in <filename>/peropsys/windows/public/tcpip/wfwt32.exe</filename>. There is an update.txt file there that describes the problems that were -fixed. New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386, -WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE. +fixed. New files include <filename>WINSOCK.DLL</filename>, +<filename>TELNET.EXE</filename>, +<filename>WSOCK.386</filename>, +<filename>VNBT.386</filename>, +<filename>WSTCP.386</filename>, +<filename>TRACERT.EXE</filename>, +<filename>NETSTAT.EXE</filename>, and +<filename>NBTSTAT.EXE</filename>. </para> </sect2> @@ -210,10 +199,11 @@ Often WfWg will totally ignore a password you give it in a dialog box. <para> There is a program call admincfg.exe on the last disk (disk 8) of the WFW 3.11 disk set. To install it -type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon -for it via the "Progam Manager" "New" Menu. This program allows you -to control how WFW handles passwords. ie disable Password Caching etc -for use with <command>security = user</command> +type <userinput>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</userinput>. +Then add an icon +for it via the <application>Program Manager</application> <guimenu>New</guimenu> Menu. +This program allows you to control how WFW handles passwords. ie disable Password Caching etc +for use with <parameter>security = user</parameter> </para> </sect2> @@ -221,7 +211,7 @@ for use with <command>security = user</command> <sect2> <title>Case handling of passwords</title> -<para>Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> information on <command>password level</command> to specify what characters samba should try to uppercase when checking.</para> +<para>Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> information on <parameter>password level</parameter> to specify what characters samba should try to uppercase when checking.</para> </sect2> @@ -240,8 +230,9 @@ It is presumably a WfWg bug.</para> <title>Speed improvement</title> <para> -Note that some people have found that setting DefaultRcvWindow in -the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a +Note that some people have found that setting <parameter>DefaultRcvWindow</parameter> in +the <parameter>[MSTCP]</parameter> section of the +<filename>SYSTEM.INI</filename> file under WfWg to 3072 gives a big improvement. I don't know why. </para> @@ -270,16 +261,17 @@ Microsoft Web site for all currently available updates to your specific version of Windows 95. </para> -<orderedlist> -<listitem><para>Kernel Update: KRNLUPD.EXE</para></listitem> -<listitem><para>Ping Fix: PINGUPD.EXE</para></listitem> -<listitem><para>RPC Update: RPCRTUPD.EXE</para></listitem> -<listitem><para>TCP/IP Update: VIPUPD.EXE</para></listitem> -<listitem><para>Redirector Update: VRDRUPD.EXE</para></listitem> -</orderedlist> +<simplelist> +<member>Kernel Update: KRNLUPD.EXE</member> +<member>Ping Fix: PINGUPD.EXE</member> +<member>RPC Update: RPCRTUPD.EXE</member> +<member>TCP/IP Update: VIPUPD.EXE</member> +<member>Redirector Update: VRDRUPD.EXE</member> +</simplelist> <para> -Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This +Also, if using <application>MS OutLook</application> it is desirable to +install the <command>OLEUPD.EXE</command> fix. This fix may stop your machine from hanging for an extended period when exiting OutLook and you may also notice a significant speedup when accessing network neighborhood services. @@ -290,7 +282,7 @@ neighborhood services. <para> Configure the win95 TCPIP registry settings to give better -performance. I use a program called MTUSPEED.exe which I got off the +performance. I use a program called <command>MTUSPEED.exe</command> which I got off the net. There are various other utilities of this type freely available. </para> @@ -312,7 +304,7 @@ likely occur if it is not. <para> In order to serve profiles successfully to Windows 2000 SP2 clients (when not operating as a PDC), Samba must have -<command>nt acl support = no</command> +<parameter>nt acl support = no</parameter> added to the file share which houses the roaming profiles. If this is not done, then the Windows 2000 SP2 client will complain about not being able to access the profile (Access @@ -320,7 +312,7 @@ Denied) and create multiple copies of it on disk (DOMAIN.user.001, DOMAIN.user.002, etc...). See the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> man page for more details on this option. Also note that the -<command>nt acl support</command> parameter was formally a global parameter in +<parameter>nt acl support</parameter> parameter was formally a global parameter in releases prior to Samba 2.2.2. </para> @@ -343,17 +335,17 @@ the security descriptor for the profile which contains the Samba server's SID, and not the domain SID. The client compares the SID for SAMBA\user and realizes it is different that the one assigned to DOMAIN\user. Hence the reason -for the "access denied" message. +for the <errorname>access denied</errorname> message. </para> <para> -By disabling the <command>nt acl support</command> parameter, Samba will send +By disabling the <parameter>nt acl support</parameter> parameter, Samba will send the Win2k client a response to the QuerySecurityDescriptor trans2 call which causes the client to set a default ACL for the profile. This default ACL includes </para> -<para><command>DOMAIN\user "Full Control"</command></para> +<para><emphasis>DOMAIN\user "Full Control"</emphasis>></para> <note><para>This bug does not occur when using winbind to create accounts on the Samba host for Domain users.</para></note> diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml index 4b5179acc7..08df14ea73 100644 --- a/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml +++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.xml @@ -1,5 +1,11 @@ <chapter id="pam"> <chapterinfo> + <author> + <firstname>Stephen</firstname><surname>Langasek</surname> + <affiliation> + <address><email>vorlon@netexpress.net</email></address> + </affiliation> + </author> &author.jht; <pubdate> (Jun 21 2001) </pubdate> </chapterinfo> @@ -102,8 +108,8 @@ hashes. This database is stored in either Samba implementation for your Unix/Linux system. The <filename>pam_smbpass.so</filename> module is provided by Samba version 2.2.1 or later. It can be compiled by specifying the -<command>--with-pam_smbpass</command> options when running Samba's -<filename>configure</filename> script. For more information +<option>--with-pam_smbpass</option> options when running Samba's +<command>configure</command> script. For more information on the <filename>pam_smbpass</filename> module, see the documentation in the <filename>source/pam_smbpass</filename> directory of the Samba source distribution. @@ -176,7 +182,7 @@ The following is from the on-line help for this option in SWAT; <para> When Samba is configured to enable PAM support (i.e. -<constant>--with-pam</constant>), this parameter will +<option>--with-pam</option>), this parameter will control whether or not Samba should obey PAM's account and session management directives. The default behavior is to use PAM for clear text authentication only and to @@ -188,7 +194,7 @@ authentication mechanism needed in the presence of SMB password encryption. </para> -<para>Default: <command>obey pam restrictions = no</command></para> +<para>Default: <parameter>obey pam restrictions = no</parameter></para> </sect2> @@ -204,7 +210,7 @@ generic interface to authentication mechanisms. </para> <para> -For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/ + For more information on PAM, see <ulink url="http://ftp.kernel.org/pub/linux/libs/pam/">The linux PAM homepage</ulink>. </para> <para> @@ -214,52 +220,41 @@ concerned about the presence of suid root binaries on your system, it is recommended that you use pam_winbind instead. </para> -<para><programlisting> +<para> Options recognized by this module are as follows: +<table> + <tgroup cols="2" align="left"> + <tbody> + <row><entry>debug</entry><entry>log more debugging info</entry></row> + <row><entry>audit</entry><entry>like debug, but also logs unknown usernames</entry></row> + <row><entry>use_first_pass</entry><entry>don't prompt the user for passwords; take them from PAM_ items instead</entry></row> + <row><entry>try_first_pass</entry><entry>try to get the password from a previous PAM module, fall back to prompting the user</entry></row> + <row><entry>use_authtok</entry><entry>like try_first_pass, but *fail* if the new PAM_AUTHTOK has not been previously set. (intended for stacking password modules only)</entry></row> + <row><entry>not_set_pass</entry><entry>don't make passwords used by this module available to other modules.</entry></row> + <row><entry>nodelay</entry><entry>don't insert ~1 second delays on authentication failure.</entry></row> + <row><entry>nullok</entry><entry>null passwords are allowed.</entry></row> + <row><entry>nonull</entry><entry>null passwords are not allowed. Used to override the Samba configuration.</entry></row> + <row><entry>migrate</entry><entry>only meaningful in an "auth" context; used to update smbpasswd file with a password used for successful authentication.</entry></row> + <row><entry>smbconf=<replaceable>file</replaceable></entry><entry>specify an alternate path to the &smb.conf; file.</entry></row> + </tbody> +</tgroup> +</table> +</para> - debug - log more debugging info - audit - like debug, but also logs unknown usernames - use_first_pass - don't prompt the user for passwords; - take them from PAM_ items instead - try_first_pass - try to get the password from a previous - PAM module, fall back to prompting the user - use_authtok - like try_first_pass, but *fail* if the new - PAM_AUTHTOK has not been previously set. - (intended for stacking password modules only) - not_set_pass - don't make passwords used by this module - available to other modules. - nodelay - don't insert ~1 second delays on authentication - failure. - nullok - null passwords are allowed. - nonull - null passwords are not allowed. Used to - override the Samba configuration. - migrate - only meaningful in an "auth" context; - used to update smbpasswd file with a - password used for successful authentication. - smbconf=< file > - specify an alternate path to the smb.conf - file. -</programlisting></para> - -<para><programlisting> +<para> Thanks go to the following people: +<simplelist> + <member><ulink url="mailto:morgan@transmeta.com">Andrew Morgan</ulink>, for providing the Linux-PAM + framework, without which none of this would have happened</member> - * Andrew Morgan < morgan@transmeta.com >, for providing the Linux-PAM - framework, without which none of this would have happened - - * Christian Gafton < gafton@redhat.com > and Andrew Morgan again, for the - pam_pwdb module upon which pam_smbpass was originally based + <member><ulink url="gafton@redhat.com">Christian Gafton</ulink> and Andrew Morgan again, for the + pam_pwdb module upon which pam_smbpass was originally based</member> - * Luke Leighton < lkcl@switchboard.net > for being receptive to the idea, + <member><ulink url="lkcl@switchboard.net">Luke Leighton</ulink> for being receptive to the idea, and for the occasional good-natured complaint about the project's status - that keep me working on it :) - - * and of course, all the other members of the Samba team - <http://www.samba.org/samba/team.html>, for creating a great product - and for giving this project a purpose - - --------------------- - Stephen Langasek < vorlon@netexpress.net > -</programlisting></para> + that keep me working on it :)</member> +</simplelist>. +</para> <para> The following are examples of the use of pam_smbpass.so in the format of Linux diff --git a/docs/docbook/projdoc/PolicyMgmt.xml b/docs/docbook/projdoc/PolicyMgmt.xml index 14be370d79..be829af167 100644 --- a/docs/docbook/projdoc/PolicyMgmt.xml +++ b/docs/docbook/projdoc/PolicyMgmt.xml @@ -112,7 +112,7 @@ here is incomplete - you are warned. Use the Group Policy Editor to create a policy file that specifies the location of user profiles and/or the <filename>My Documents</filename> etc. stuff. Then save these settings in a file called <filename>Config.POL</filename> that needs to - be placed in the root of the [NETLOGON] share. If Win98 is configured to log onto + be placed in the root of the <parameter>[NETLOGON]</parameter> share. If Win98 is configured to log onto the Samba Domain, it will automatically read this file and update the Win9x/Me registry of the machine as it logs on. </para> @@ -152,7 +152,7 @@ here is incomplete - you are warned. </para> <para> - You need <filename>poledit.exe, common.adm</filename> and <filename>winnt.adm</filename>. + You need <filename>poledit.exe</filename>, <filename>common.adm</filename> and <filename>winnt.adm</filename>. It is convenient to put the two *.adm files in the <filename>c:\winnt\inf</filename> directory which is where the binary will look for them unless told otherwise. Note also that that directory is normally 'hidden'. @@ -202,7 +202,7 @@ here is incomplete - you are warned. The older NT4 style registry based policies are known as <emphasis>Administrative Templates</emphasis> in MS Windows 2000/XP Group Policy Objects (GPOs). The later includes ability to set various security configurations, enforce Internet Explorer browser settings, change and redirect aspects of the - users' desktop (including: the location of <emphasis>My Documents</emphasis> files (directory), as + users' desktop (including: the location of <filename>My Documents</filename> files (directory), as well as intrinsics of where menu items will appear in the Start menu). An additional new feature is the ability to make available particular software Windows applications to particular users and/or groups. @@ -239,14 +239,14 @@ here is incomplete - you are warned. <title>Administration of Win2K / XP Policies</title> <para> - Instead of using the tool called "The System Policy Editor", commonly called Poledit (from the - executable name poledit.exe), GPOs are created and managed using a Microsoft Management Console - (MMC) snap-in as follows:</para> + Instead of using the tool called <application>The System Policy Editor</application>, commonly called Poledit (from the + executable name <command>poledit.exe</command>), <acronym>GPOs</acronym> are created and managed using a + <application>Microsoft Management Console</application> <acronym>(MMC)</acronym> snap-in as follows:</para> <procedure> <step> <para> - Go to the Windows 200x / XP menu <filename>Start->Programs->Administrative Tools</filename> - and select the MMC snap-in called "Active Directory Users and Computers" + Go to the Windows 200x / XP menu <guimenu>Start->Programs->Administrative Tools</guimenu> + and select the MMC snap-in called <guimenuitem>Active Directory Users and Computers</guimenuitem> </para> </step> @@ -256,12 +256,12 @@ here is incomplete - you are warned. </para></step> <step><para> - Now left click on the Group Policy tab, then left click on the New tab. Type a name + Now left click on the <guilabel>Group Policy</guilabel> tab, then left click on the New tab. Type a name for the new policy you will create. </para></step> <step><para> - Now left click on the Edit tab to commence the steps needed to create the GPO. + Now left click on the <guilabel>Edit</guilabel> tab to commence the steps needed to create the GPO. </para></step> </procedure> @@ -360,7 +360,8 @@ Common restrictions that are frequently used includes: <para> With a Samba Domain Controller, the new tools for managing of user account and policy information includes: - <filename>smbpasswd, pdbedit, net, rpcclient.</filename>. The administrator should read the + <command>smbpasswd</command>, <command>pdbedit</command>, <command>net</command>, <command>rpcclient</command>. + The administrator should read the man pages for these tools and become familiar with their use. </para> diff --git a/docs/docbook/projdoc/Portability.xml b/docs/docbook/projdoc/Portability.xml index 72c3d20547..9f1188e4a2 100644 --- a/docs/docbook/projdoc/Portability.xml +++ b/docs/docbook/projdoc/Portability.xml @@ -1,6 +1,8 @@ <chapter id="Portability"> <chapterinfo> &author.jelmer; + <!-- Some other people as well, but there were no author names in the text files + this file is based on--> </chapterinfo> <title>Portability</title> @@ -14,14 +16,14 @@ platform-specific information about compiling and using samba.</para> <para> HP's implementation of supplementary groups is, er, non-standard (for -hysterical reasons). There are two group files, /etc/group and -/etc/logingroup; the system maps UIDs to numbers using the former, but +hysterical reasons). There are two group files, <filename>/etc/group</filename> and +<filename>/etc/logingroup</filename>; the system maps UIDs to numbers using the former, but initgroups() reads the latter. Most system admins who know the ropes -symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons -too stupid to go into here). initgroups() will complain if one of the -groups you're in in /etc/logingroup has what it considers to be an invalid -ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think) -60000 currently on HP-UX. This precludes -2 and 65534, the usual 'nobody' +symlink <filename>/etc/group</filename> to <filename>/etc/logingroup</filename> +(hard link doesn't work for reasons too stupid to go into here). initgroups() will complain if one of the +groups you're in in <filename>/etc/logingroup</filename> has what it considers to be an invalid +ID, which means outside the range <constant>[0..UID_MAX]</constant>, where <constant>UID_MAX</constant> is (I think) +60000 currently on HP-UX. This precludes -2 and 65534, the usual <constant>nobody</constant> GIDs. </para> @@ -46,14 +48,15 @@ Samba. <title>SCO Unix</title> <para> -If you run an old version of SCO Unix then you may need to get important +If you run an old version of SCO Unix then you may need to get important TCP/IP patches for Samba to work correctly. Without the patch, you may encounter corrupt data transfers using samba. </para> <para> The patch you need is UOD385 Connection Drivers SLS. It is available from -SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z). +SCO (<ulink url="ftp://ftp.sco.com/">ftp.sco.com</ulink>, directory SLS, +files uod385a.Z and uod385a.ltr.Z). </para> </sect1> @@ -121,8 +124,10 @@ _seteuid: after creating the above files you then assemble them using </para> -<para><command>as seteuid.s</command></para> -<para><command>as setegid.s</command></para> +<screen> + <prompt>$ </prompt><userinput>as seteuid.s</userinput> + <prompt>$ </prompt><userinput>as setegid.s</userinput> +</screen> <para> that should produce the files <filename>seteuid.o</filename> and @@ -155,7 +160,7 @@ You should then remove the line: <para> By default RedHat Rembrandt-II during installation adds an -entry to /etc/hosts as follows: +entry to <filename>/etc/hosts</filename> as follows: <programlisting> 127.0.0.1 loopback "hostname"."domainname" </programlisting> @@ -209,8 +214,7 @@ has not been released yet. <para> The patch revision for 2.6 is 105181-34 -for 8 is 108528-19 -and for 9 is 112233-04 +for 8 is 108528-19 and for 9 is 112233-04 </para> <para> diff --git a/docs/docbook/projdoc/Problems.xml b/docs/docbook/projdoc/Problems.xml index eb43b63b63..59cfbe3a13 100644 --- a/docs/docbook/projdoc/Problems.xml +++ b/docs/docbook/projdoc/Problems.xml @@ -26,15 +26,15 @@ general SMB topics such as browsing.</para> <para> One of the best diagnostic tools for debugging problems is Samba itself. -You can use the -d option for both smbd and nmbd to specify what -'debug level' at which to run. See the man pages on smbd, nmbd and +You can use the <option>-d option</option> for both &smbd; and &nmbd; to specify what +<parameter>debug level</parameter> at which to run. See the man pages on smbd, nmbd and smb.conf for more information on debugging options. The debug level can range from 1 (the default) to 10 (100 for debugging passwords). </para> <para> Another helpful method of debugging is to compile samba using the -<command>gcc -g </command> flag. This will include debug +<userinput>gcc -g </userinput> flag. This will include debug information in the binaries and allow you to attach gdb to the running smbd / nmbd process. In order to attach gdb to an smbd process for an NT workstation, first get the workstation to make the @@ -51,10 +51,10 @@ typing in your password, you can attach gdb and continue. Some useful samba commands worth investigating: </para> -<itemizedlist> - <listitem><para>testparam | more</para></listitem> - <listitem><para>smbclient -L //{netbios name of server}</para></listitem> -</itemizedlist> +<screen> + <prompt>$ </prompt><userinput>testparam | more</userinput> + <prompt>$ </prompt><userinput>smbclient -L //{netbios name of server}</userinput> +</screen> <para> An SMB enabled version of tcpdump is available from @@ -91,18 +91,18 @@ NT Server 4.0 Install CD and the Workstation 4.0 Install CD. </para> <para> -Initially you will need to install 'Network Monitor Tools and Agent' +Initially you will need to install <application>Network Monitor Tools and Agent</application> on the NT Server. To do this </para> <itemizedlist> - <listitem><para>Goto Start - Settings - Control Panel - - Network - Services - Add </para></listitem> + <listitem><para>Goto <guibutton>Start</guibutton> - <guibutton>Settings</guibutton> - <guibutton>Control Panel</guibutton> - + <guibutton>Network</guibutton> - <guibutton>Services</guibutton> - <guibutton>Add</guibutton> </para></listitem> - <listitem><para>Select the 'Network Monitor Tools and Agent' and - click on 'OK'.</para></listitem> + <listitem><para>Select the <guilabel>Network Monitor Tools and Agent</guilabel> and + click on <guibutton>OK</guibutton>.</para></listitem> - <listitem><para>Click 'OK' on the Network Control Panel. + <listitem><para>Click <guibutton>OK</guibutton> on the Network Control Panel. </para></listitem> <listitem><para>Insert the Windows NT Server 4.0 install CD @@ -124,13 +124,13 @@ install CD. </para> <itemizedlist> - <listitem><para>Goto Start - Settings - Control Panel - - Network - Services - Add</para></listitem> + <listitem><para>Goto <guibutton>Start</guibutton> - <guibutton>Settings</guibutton> - <guibutton>Control Panel</guibutton> - + <guibutton>Network</guibutton> - <guibutton>Services</guibutton> - <guibutton>Add</guibutton></para></listitem> - <listitem><para>Select the 'Network Monitor Agent' and click - on 'OK'.</para></listitem> + <listitem><para>Select the <guilabel>Network Monitor Agent</guilabel> and click + on <guibutton>OK</guibutton>.</para></listitem> - <listitem><para>Click 'OK' on the Network Control Panel. + <listitem><para>Click <guibutton>OK</guibutton> on the Network Control Panel. </para></listitem> <listitem><para>Insert the Windows NT Workstation 4.0 install @@ -138,15 +138,15 @@ install CD. </itemizedlist> <para> -Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* -to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set -permissions as you deem appropriate for your site. You will need +Now copy the files from the NT Server in <filename>%SYSTEMROOT%\System32\netmon\*.*</filename> +to <filename>%SYSTEMROOT%\System32\netmon\*.*</filename> on the Workstation and set +permissions as you deem appropriate for your site. You will need administrative rights on the NT box to run netmon. </para> <para> To install Netmon on a Windows 9x box install the network monitor agent -from the Windows 9x CD (\admin\nettools\netmon). There is a readme +from the Windows 9x CD (<filename>\admin\nettools\netmon</filename>). There is a readme file located with the netmon driver files on the CD if you need information on how to do this. Copy the files from a working Netmon installation. @@ -158,32 +158,16 @@ Netmon installation. <title>Useful URL's</title> <itemizedlist> -<listitem><para>Home of Samba site <ulink url="http://samba.org"> - http://samba.org</ulink>. We have a mirror near you !</para></listitem> - -<listitem><para> The <emphasis>Development</emphasis> document -on the Samba mirrors might mention your problem. If so, -it might mean that the developers are working on it.</para></listitem> - <listitem><para>See how Scott Merrill simulates a BDC behavior at <ulink url="http://www.skippy.net/linux/smb-howto.html"> http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem> -<listitem><para>Although 2.0.7 has almost had its day as a PDC, David Bannon will - keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba"> - http://bioserve.latrobe.edu.au/samba</ulink> going for a while yet.</para></listitem> - -<listitem><para>Misc links to CIFS information - <ulink url="http://samba.org/cifs/">http://samba.org/cifs/</ulink></para></listitem> - -<listitem><para>NT Domains for Unix <ulink url="http://mailhost.cb1.com/~lkcl/ntdom/"> - http://mailhost.cb1.com/~lkcl/ntdom/</ulink></para></listitem> - <listitem><para>FTP site for older SMB specs: <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/"> ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem> </itemizedlist> +<!-- FIXME: Merge with Further Resources --> </sect1> diff --git a/docs/docbook/projdoc/ProfileMgmt.xml b/docs/docbook/projdoc/ProfileMgmt.xml index 58c6af3b90..680555cd6a 100644 --- a/docs/docbook/projdoc/ProfileMgmt.xml +++ b/docs/docbook/projdoc/ProfileMgmt.xml @@ -86,17 +86,18 @@ where %L translates to the name of the Samba server and %u translates to the use </para> <para> -The default for this option is \\%N\%U\profile, namely \\sambaserver\username\profile. -The \\N%\%U service is created automatically by the [homes] service. If you are using +The default for this option is <filename>\\%N\%U\profile</filename>, +namely <filename>\\sambaserver\username\profile</filename>. +The <filename>\\N%\%U</filename> service is created automatically by the [homes] service. If you are using a samba server for the profiles, you _must_ make the share specified in the logon path -browseable. Please refer to the man page for smb.conf in respect of the different +browseable. Please refer to the man page for &smb.conf; in respect of the different symantics of %L and %N, as well as %U and %u. </para> <note> <para> MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the <command>homes</command> +between logons. It is recommended to NOT use the <parameter>homes</parameter> meta-service name as part of the profile share path. </para> </note> @@ -106,7 +107,7 @@ meta-service name as part of the profile share path. <title>Windows 9x / Me User Profiles</title> <para> -To support Windows 9x / Me clients, you must use the "logon home" parameter. Samba has + To support Windows 9x / Me clients, you must use the <parameter>logon home</parameter> parameter. Samba has now been fixed so that <userinput>net use /home</userinput> now works as well, and it, too, relies on the <command>logon home</command> parameter. </para> @@ -114,7 +115,7 @@ on the <command>logon home</command> parameter. <para> By using the logon home parameter, you are restricted to putting Win9x / Me profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the <command>[global]</command> section of your &smb.conf; file: +can use. If you set the following in the <parameter>[global]</parameter> section of your &smb.conf; file: </para> <para><programlisting> logon home = \\%L\%U\.profiles @@ -129,7 +130,7 @@ of your home directory called <filename>.profiles</filename> (thus making them h Not only that, but <userinput>net use /home</userinput> will also work, because of a feature in Windows 9x / Me. It removes any directory stuff off the end of the home directory area and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for <command>logon home</command>. +specified <filename>\\%L\%U</filename> for <parameter>logon home</parameter>. </para> </sect3> @@ -138,7 +139,7 @@ specified \\%L\%U for <command>logon home</command>. <para> You can support profiles for both Win9X and WinNT clients by setting both the -<command>logon home</command> and <command>logon path</command> parameters. For example: +<parameter>logon home</parameter> and <parameter>logon path</parameter> parameters. For example: </para> <para><programlisting> @@ -151,27 +152,32 @@ You can support profiles for both Win9X and WinNT clients by setting both the <title>Disabling Roaming Profile Support</title> <para> -A question often asked is "How may I enforce use of local profiles?" or -"How do I disable Roaming Profiles?" + A question often asked is <quote>How may I enforce use of local profiles?</quote> or + <quote>How do I disable Roaming Profiles?</quote> </para> <para> There are three ways of doing this: </para> -<itemizedlist> - <listitem><para> - <command>In smb.conf:</command> affect the following settings and ALL clients - will be forced to use a local profile: - <programlisting> - logon home = - logon path = - </programlisting></para></listitem> - - <listitem><para> - <command>MS Windows Registry:</command> by using the Microsoft Management Console - gpedit.msc to instruct your MS Windows XP machine to use only a local profile. This - of course modifies registry settings. The full path to the option is: +<variablelist> + <varlistentry> + <term>In &smb.conf;</term> + <listitem><para> + Affect the following settings and ALL clients + will be forced to use a local profile: + <programlisting> + logon home = + logon path = + </programlisting> + </para></listitem> + </varlistentry> + + <varlistentry> + <term>MS Windows Registry:</term> + <listitem><para> + By using the Microsoft Management Console gpedit.msc to instruct your MS Windows XP machine to use only a local profile. This of course modifies registry settings. The full path to the option is: + <!-- FIXME: Diagram for this ? --> <programlisting> Local Computer Policy\ Computer Configuration\ @@ -182,15 +188,18 @@ There are three ways of doing this: Disable: Only Allow Local User Profiles Disable: Prevent Roaming Profile Change from Propogating to the Server </programlisting> - </para> - </listitem> + </para> </listitem> + </varlistentry> - <listitem><para> - <command>Change of Profile Type:</command> From the start menu right click on the - MY Computer icon, select <emphasis>Properties</emphasis>, click on the "<emphasis>User Profiles</emphasis> - tab, select the profile you wish to change from Roaming type to Local, click <emphasis>Change Type</emphasis>. - </para></listitem> -</itemizedlist> + <varlistentry> + <term>Change of Profile Type:</term> + <listitem><para> + From the start menu right click on the + My Computer icon, select <guimenuitem>Properties</guimenuitem>, click on the <guilabel>User Profiles</guilabel> + tab, select the profile you wish to change from Roaming type to Local, click <guibutton>Change Type</guibutton>. + </para></listitem> + </varlistentry> +</variablelist> <para> Consult the MS Windows registry guide for your particular MS Windows version for more @@ -215,12 +224,13 @@ Microsoft MS Windows Resource Kit for your version of Windows for specific infor <para> When a user first logs in on Windows 9X, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +as are folders <filename>Start Menu</filename>, <filename>Desktop</filename>, +<filename>Programs</filename> and <filename>Nethood</filename>. These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short preserve case = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts +versions stored in <filename>c:\windows\profiles\username</filename> on subsequent logins, +taking the most recent from each. You will need to use the <parameter>[global]</parameter> +options <parameter>preserve case = yes</parameter>, <parameter>short preserve case = yes</parameter> and +<parameter>case sensitive = no</parameter> in order to maintain capital letters in shortcuts in any of the profile folders. </para> @@ -233,19 +243,19 @@ and deny them write access to this file. <orderedlist> <listitem> <para> - On the Windows 9x / Me machine, go to Control Panel -> Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer + On the Windows 9x / Me machine, go to <guimenu>Control Panel</guimenu> -> <guimenuitem>Passwords</guimenuitem> and + select the <guilabel>User Profiles</guilabel> tab. Select the required level of + roaming preferences. Press <guibutton>OK</guibutton>, but do _not_ allow the computer to reboot. </para> </listitem> <listitem> <para> - On the Windows 9x / Me machine, go to Control Panel -> Network -> - Client for Microsoft Networks -> Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer + On the Windows 9x / Me machine, go to <guimenu>Control Panel</guimenu> -> <guimenuitem>Network</guimenuitem> -> + <guimenuitem>Client for Microsoft Networks</guimenuitem> -> <guilabel>Preferences</guilabel>. Select <guilabel>Log on to + NT Domain</guilabel>. Then, ensure that the Primary Logon is <guilabel>Client for + Microsoft Networks</guilabel>. Press <guibutton>OK</guibutton>, and this time allow the computer to reboot. </para> </listitem> @@ -271,15 +281,15 @@ supports it), user name and user's password. <para> Once the user has been successfully validated, the Windows 9x / Me machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. +will inform you that <computeroutput>The user has not logged on before' and asks you + if you wish to save the user's preferences?</computeroutput> Select <guibutton>yes</guibutton>. </para> <para> Once the Windows 9x / Me client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created. +to examine the contents of the directory specified in the <parameter>logon path</parameter> +on the samba server and verify that the <filename>Desktop</filename>, <filename>Start Menu</filename>, +<filename>Programs</filename> and <filename>Nethood</filename> folders have been created. </para> <para> @@ -316,21 +326,20 @@ they will be told that they are logging in "for the first time". <listitem> <para> - run the regedit.exe program, and look in: + run the <command>regedit.exe</command> program, and look in: </para> - <para> - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList + <para> + <filename>HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList</filename> </para> <para> you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), + contents of this key (likely to be <filename>c:\windows\profiles\username</filename>), then delete the key ProfilePath for the required user. + </para> - [Exit the registry editor]. - - </para> + <para>[Exit the registry editor].</para> </listitem> <listitem> diff --git a/docs/docbook/projdoc/locking.xml b/docs/docbook/projdoc/locking.xml index 437f7756d9..5d21270e87 100644 --- a/docs/docbook/projdoc/locking.xml +++ b/docs/docbook/projdoc/locking.xml @@ -82,33 +82,34 @@ All other locks can not be seen by unix anyway. <para> Strictly a SMB server should check for locks before every read and write call on a file. Unfortunately with the way fcntl() works this can be slow and may overstress -the rpc.lockd. It is also almost always unnecessary as clients are supposed to +the <command>rpc.lockd</command>. It is also almost always unnecessary as clients are supposed to independently make locking calls before reads and writes anyway if locking is important to them. By default Samba only makes locking calls when explicitly asked -to by a client, but if you set <emphasis>strict locking = yes</emphasis> then it +to by a client, but if you set <parameter>strict locking = yes</parameter> then it will make lock checking calls on every read and write. </para> <para> -You can also disable by range locking completely using <emphasis>locking = no</emphasis>. +You can also disable by range locking completely using <parameter>locking = no</parameter>. This is useful for those shares that don't support locking or don't need it (such as cdroms). In this case Samba fakes the return codes of locking calls to tell clients that everything is OK. </para> <para> -The second class of locking is the <emphasis>deny modes</emphasis>. These +The second class of locking is the <parameter>deny modes</parameter>. These are set by an application when it opens a file to determine what types of access should be allowed simultaneously with its open. A client may ask for -DENY_NONE, DENY_READ, DENY_WRITE or DENY_ALL. There are also special compatibility -modes called DENY_FCB and DENY_DOS. +<constant>DENY_NONE</constant>, <constant>DENY_READ</constant>, +<constant>DENY_WRITE</constant> or <constant>DENY_ALL</constant>. There are also special compatibility +modes called <constant>DENY_FCB</constant> and <constant>DENY_DOS</constant>. </para> <sect2> <title>Opportunistic Locking Overview</title> <para> -OPPORTUNISTIC LOCKING (Oplocks) is invoked by the Windows file system +Opportunistic locking (Oplocks) is invoked by the Windows file system (as opposed to an API) via registry entries (on the server AND client) for the purpose of enhancing network performance when accessing a file residing on a server. Performance is enhanced by caching the file @@ -129,7 +130,7 @@ locally on the client which allows: </varlistentry> <varlistentry><term>Lock caching:</term> - <listitem><para> + <listitem><para> The client caches application locks locally, eliminating network latency </para></listitem> </varlistentry> @@ -408,7 +409,7 @@ the share. <title>Beware of Force User</title> <para> -Samba includes an smb.conf parameter called "force user" that changes +Samba includes an &smb.conf; parameter called <parameter>force user</parameter> that changes the user accessing a share from the incoming user to whatever user is defined by the smb.conf variable. If opportunistic locking is enabled on a share, the change in user access causes an oplock break to be sent @@ -425,7 +426,7 @@ Avoid the combination of the following: <itemizedlist> <listitem><para> - <emphasis>force user</emphasis> in the &smb.conf; share configuration. + <parameter>force user</parameter> in the &smb.conf; share configuration. </para></listitem> <listitem><para> @@ -447,8 +448,9 @@ Samba provides opportunistic locking parameters that allow the administrator to adjust various properties of the oplock mechanism to account for timing and usage levels. These parameters provide good versatility for implementing oplocks in environments where they would -likely cause problems. The parameters are: <emphasis>oplock break wait time, -oplock contention limit</emphasis>. +likely cause problems. The parameters are: +<parameter>oplock break wait time</parameter>, +<parameter>oplock contention limit</parameter>. </para> <para> @@ -622,7 +624,7 @@ you may want to play it safe and disable oplocks and level2 oplocks. </sect3> <sect3> -<title>Diabling Kernel OpLocks</title> +<title>Disabling Kernel OpLocks</title> <para> Kernel OpLocks is an &smb.conf; parameter that notifies Samba (if @@ -639,12 +641,11 @@ basis in the &smb.conf; file. </para> <para> -<programlisting><title>Example:</title> +<programlisting> [global] - kernel oplocks = yes - -The default is "no". +kernel oplocks = yes </programlisting> +The default is "no". </para> <para> @@ -676,7 +677,7 @@ enabled on a per-share basis, or globally for the entire server, in the interval for Samba to reply to an oplock break request. Samba recommends "DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE." Oplock Break Wait Time can only be -configured globally in the smb.conf file: +configured globally in the &smb.conf; file: </para> <para> @@ -701,7 +702,7 @@ the entire server, in the &smb.conf; file: [global] oplock break contention limit = 2 (default) - [share_name] +[share_name] oplock break contention limit = 2 (default) </programlisting> </para> @@ -722,7 +723,7 @@ operating system known as <emphasis>Opportunistic Locking</emphasis>. When a wor attempts to access shared data files located on another Windows 2000/XP computer, the Windows 2000/XP operating system will attempt to increase performance by locking the files and caching information locally. When this occurs, the application is unable to -properly function, which results in an <emphasis>Access Denied</emphasis> +properly function, which results in an <errorname>Access Denied</errorname> error message being displayed during network operations. </para> diff --git a/docs/docbook/projdoc/msdfs_setup.xml b/docs/docbook/projdoc/msdfs_setup.xml index cd2d41794f..c21c9ec6bf 100644 --- a/docs/docbook/projdoc/msdfs_setup.xml +++ b/docs/docbook/projdoc/msdfs_setup.xml @@ -58,7 +58,7 @@ Here's an example of setting up a DFS tree on a Samba server. </para> - <para><screen> + <para><programlisting> # The smb.conf file: [global] netbios name = SMOKEY @@ -67,13 +67,12 @@ [dfs] path = /export/dfsroot msdfs root = yes - </screen></para> + </programlisting></para> - <para> - In the /export/dfsroot directory we set up our dfs links to other servers on the network. - </para> - <para> + <para>In the /export/dfsroot directory we set up our dfs links to + other servers on the network.</para> + <screen> &rootprompt;<userinput>cd /export/dfsroot</userinput> &rootprompt;<userinput>chown root /export/dfsroot</userinput> @@ -81,7 +80,6 @@ &rootprompt;<userinput>ln -s msdfs:storageA\\shareA linka</userinput> &rootprompt;<userinput>ln -s msdfs:serverB\\share,serverC\\share linkb</userinput> </screen> - </para> <para>You should set up the permissions and ownership of the directory acting as the DFS root such that only designated diff --git a/docs/docbook/projdoc/passdb.xml b/docs/docbook/projdoc/passdb.xml index 4152494d24..5dfc5fb70d 100644 --- a/docs/docbook/projdoc/passdb.xml +++ b/docs/docbook/projdoc/passdb.xml @@ -248,23 +248,12 @@ Samba-3 introduces the following new password backend capabilities: although they may log onto a domain environment: </para> - <itemizedlist> - <listitem><para> - MS DOS Network client 3.0 with the basic network redirector installed - </para></listitem> - - <listitem><para> - Windows 95 with the network redirector update installed - </para></listitem> - - <listitem><para> - Windows 98 [se] - </para></listitem> - - <listitem><para> - Windows Me</para> - </listitem> - </itemizedlist> + <simplelist> + <member>MS DOS Network client 3.0 with the basic network redirector installed</member> + <member>Windows 95 with the network redirector update installed</member> + <member>Windows 98 [se]</member> + <member>Windows Me</member> + </simplelist> <note> <para> @@ -277,13 +266,13 @@ Samba-3 introduces the following new password backend capabilities: The following versions of MS Windows fully support domain security protocols. </para> - <itemizedlist> - <listitem><para>Windows NT 3.5x</para></listitem> - <listitem><para>Windows NT 4.0</para></listitem> - <listitem><para>Windows 2000 Professional</para></listitem> - <listitem><para>Windows 200x Server/Advanced Server</para></listitem> - <listitem><para>Windows XP Professional</para></listitem> - </itemizedlist> + <simplelist> + <member>Windows NT 3.5x</member> + <member>Windows NT 4.0</member> + <member>Windows 2000 Professional</member> + <member>Windows 200x Server/Advanced Server</member> + <member>Windows XP Professional</member> + </simplelist> <para> All current release of Microsoft SMB/CIFS clients support authentication via the @@ -359,7 +348,7 @@ Samba-3 introduces the following new password backend capabilities: <para> Firstly, all Samba SAM (Security Account Management database) accounts require a Unix/Linux UID that the account will map to. As users are added to the account - information database samba-3 will call the <command>add user script</command> + information database samba-3 will call the <parameter>add user script</parameter> interface to add the account to the Samba host OS. In essence all accounts in the local SAM require a local user account. </para> @@ -379,7 +368,7 @@ Samba-3 introduces the following new password backend capabilities: <para> Samba-3 provides two (2) tools for management of User and machine accounts. These tools are -called <filename>smbpasswd</filename> and <filename>pdbedit</filename>. A third tool is under +called <filename>smbpasswd</filename> and <command>pdbedit</command>. A third tool is under development but is NOT expected to ship in time for Samba-3.0.0. The new tool will be a TCL/TK GUI tool that looks much like the MS Windows NT4 Domain User Manager - hopefully this will be announced in time for samba-3.0.1 release timing. @@ -409,47 +398,30 @@ be announced in time for samba-3.0.1 release timing. <command>smbpasswd</command> can be used to: </para> - <itemizedlist> - <listitem><para> - <emphasis>add</emphasis> user or machine accounts - </para></listitem> - - <listitem><para> - <emphasis>delete</emphasis> user or machine accounts - </para></listitem> - - <listitem><para> - <emphasis>enable</emphasis> user or machine accounts - </para></listitem> - - <listitem><para> - <emphasis>disable</emphasis> user or machine accounts - </para></listitem> - - <listitem><para> - <emphasis>set to NULL</emphasis> user passwords - </para></listitem> - - <listitem><para> - <emphasis>manage interdomain trust accounts</emphasis> - </para></listitem> - </itemizedlist> + <simplelist> + <member><emphasis>add</emphasis> user or machine accounts</member> + <member><emphasis>delete</emphasis> user or machine accounts</member> + <member><emphasis>enable</emphasis> user or machine accounts</member> + <member><emphasis>disable</emphasis> user or machine accounts</member> + <member><emphasis>set to NULL</emphasis> user passwords</member> + <member><emphasis>manage interdomain trust accounts</emphasis></member> + </simplelist> <para> To run smbpasswd as a normal user just type: </para> <para> - <programlisting> + <screen> <prompt>$ </prompt><userinput>smbpasswd</userinput> - <prompt>Old SMB password: </prompt><userinput><secret></userinput> - </programlisting> - For <emphasis>secret</emphasis> type old value here - or hit return if + <prompt>Old SMB password: </prompt><userinput><replaceable>secret</replaceable></userinput> + </screen> + For <replaceable>secret</replaceable> type old value here - or hit return if there was no old password - <programlisting> - <prompt>New SMB Password: </prompt><userinput><new secret></userinput> - <prompt>Repeat New SMB Password: </prompt><userinput><new secret></userinput> - </programlisting> + <screen> + <prompt>New SMB Password: </prompt><userinput><replaceable>new secret</replaceable></userinput> + <prompt>Repeat New SMB Password: </prompt><userinput><replaceable>new secret</replaceable></userinput> + </screen> </para> <para> @@ -490,19 +462,11 @@ be announced in time for samba-3.0.1 release timing. manage the passdb backend. <command>pdbedit</command> can be used to: </para> - <itemizedlist> - <listitem><para> - add, remove or modify user accounts - </para></listitem> - - <listitem><para> - listing user accounts - </para></listitem> - - <listitem><para> - migrate user accounts - </para></listitem> - </itemizedlist> + <simplelist> + <member>add, remove or modify user accounts</member> + <member>listing user accounts</member> + <member>migrate user accounts</member> + </simplelist> <para> The <command>pdbedit</command> tool is the only one that can manage the account @@ -521,9 +485,8 @@ be announced in time for samba-3.0.1 release timing. a tdbsam password backend. This listing was produced by running: </para> - <para> - pdbedit -Lv met - <programlisting> + <screen> + <prompt>$ </prompt><userinput>pdbedit -Lv met</userinput> Unix username: met NT username: Account Flags: [UX ] @@ -544,8 +507,9 @@ be announced in time for samba-3.0.1 release timing. Password last set: Sat, 14 Dec 2002 14:37:03 GMT Password can change: Sat, 14 Dec 2002 14:37:03 GMT Password must change: Mon, 18 Jan 2038 20:14:07 GMT - </programlisting> - </para> + </screen> + + <!-- FIXME: Add note about migrating user accounts --> </sect2> </sect1> @@ -566,8 +530,8 @@ backends of the same type. For example, to use two different tdbsam databases: <para> <programlisting> -In smb.conf [globals] - passdb backend = tdbsam:/etc/samba/passdb.tdb, \ +[globals] + passdb backend = tdbsam:/etc/samba/passdb.tdb, \ tdbsam:/etc/samba/old-passdb.tdb, guest </programlisting> </para> @@ -917,7 +881,7 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz <para> <screen> -slapadd -v -l initldap.dif +<prompt>$ </prompt><userinput>slapadd -v -l initldap.dif</userinput> </screen> </para> @@ -931,7 +895,7 @@ slapadd -v -l initldap.dif Before Samba can access the LDAP server you need to stoe the LDAP admin password into the Samba-3 <filename>secrets.tdb</filename> database by: <screen> - &rootprompt; <command>smbpasswd -w secret</command> +&rootprompt; <userinput>smbpasswd -w <replaceable>secret</replaceable></userinput> </screen> </para> </note> @@ -968,7 +932,7 @@ slapadd -v -l initldap.dif </para> <para> -<screen> +<programlisting> ## /usr/local/samba/lib/smb.conf [global] security = user @@ -1010,7 +974,7 @@ slapadd -v -l initldap.dif # generally the default ldap search filter is ok # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))" -</screen> +</programlisting> </para> </sect3> @@ -1088,12 +1052,12 @@ slapadd -v -l initldap.dif </para> <para> -<screen> +<programlisting> ## allow the "ldap admin dn" access, but deny everyone else access to attrs=lmPassword,ntPassword by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write by * none -</screen> +</programlisting> </para> </sect3> @@ -1105,64 +1069,65 @@ access to attrs=lmPassword,ntPassword The sambaAccount objectclass is composed of the following attributes: </para> - <itemizedlist> - <listitem><para><constant>lmPassword</constant>: the LANMAN password 16-byte hash stored as a character - representation of a hexidecimal string.</para></listitem> - - <listitem><para><constant>ntPassword</constant>: the NT password hash 16-byte stored as a character - representation of a hexidecimal string.</para></listitem> - - <listitem><para><constant>pwdLastSet</constant>: The integer time in seconds since 1970 when the + <table> + <tgroup cols="2" align="left"> + <tbody> + <row><entry><constant>lmPassword</constant></entry><entry>the LANMAN password 16-byte hash stored as a character + representation of a hexidecimal string.</entry></row> + <row><entry><constant>ntPassword</constant></entry><entry>the NT password hash 16-byte stored as a character + representation of a hexidecimal string.</entry></row> + <row><entry><constant>pwdLastSet</constant></entry><entry>The integer time in seconds since 1970 when the <constant>lmPassword</constant> and <constant>ntPassword</constant> attributes were last set. - </para></listitem> + </entry></row> - <listitem><para><constant>acctFlags</constant>: string of 11 characters surrounded by square brackets [] + <row><entry><constant>acctFlags</constant></entry><entry>string of 11 characters surrounded by square brackets [] representing account flags such as U (user), W(workstation), X(no password expiration), I(Domain trust account), H(Home dir required), S(Server trust account), - and D(disabled).</para></listitem> + and D(disabled).</entry></row> - <listitem><para><constant>logonTime</constant>: Integer value currently unused</para></listitem> + <row><entry><constant>logonTime</constant></entry><entry>Integer value currently unused</entry></row> - <listitem><para><constant>logoffTime</constant>: Integer value currently unused</para></listitem> + <row><entry><constant>logoffTime</constant></entry><entry>Integer value currently unused</entry></row> - <listitem><para><constant>kickoffTime</constant>: Integer value currently unused</para></listitem> + <row><entry><constant>kickoffTime</constant></entry><entry>Integer value currently unused</entry></row> - <listitem><para><constant>pwdCanChange</constant>: Integer value currently unused</para></listitem> + <row><entry><constant>pwdCanChange</constant></entry><entry>Integer value currently unused</entry></row> - <listitem><para><constant>pwdMustChange</constant>: Integer value currently unused</para></listitem> + <row><entry><constant>pwdMustChange</constant></entry><entry>Integer value currently unused</entry></row> - <listitem><para><constant>homeDrive</constant>: specifies the drive letter to which to map the + <row><entry><constant>homeDrive</constant></entry><entry>specifies the drive letter to which to map the UNC path specified by homeDirectory. The drive letter must be specified in the form "X:" where X is the letter of the drive to map. Refer to the "logon drive" parameter in the - smb.conf(5) man page for more information.</para></listitem> + smb.conf(5) man page for more information.</entry></row> - <listitem><para><constant>scriptPath</constant>: The scriptPath property specifies the path of + <row><entry><constant>scriptPath</constant></entry><entry>The scriptPath property specifies the path of the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path is relative to the netlogon share. Refer to the "logon script" parameter in the - smb.conf(5) man page for more information.</para></listitem> + smb.conf(5) man page for more information.</entry></row> - <listitem><para><constant>profilePath</constant>: specifies a path to the user's profile. + <row><entry><constant>profilePath</constant></entry><entry>specifies a path to the user's profile. This value can be a null string, a local absolute path, or a UNC path. Refer to the - "logon path" parameter in the smb.conf(5) man page for more information.</para></listitem> + "logon path" parameter in the smb.conf(5) man page for more information.</entry></row> - <listitem><para><constant>smbHome</constant>: The homeDirectory property specifies the path of + <row><entry><constant>smbHome</constant></entry><entry>The homeDirectory property specifies the path of the home directory for the user. The string can be null. If homeDrive is set and specifies a drive letter, homeDirectory should be a UNC path. The path must be a network UNC path of the form <filename>\\server\share\directory</filename>. This value can be a null string. Refer to the <command>logon home</command> parameter in the &smb.conf; man page for more information. - </para></listitem> + </entry></row> - <listitem><para><constant>userWorkstation</constant>: character string value currently unused. - </para></listitem> + <row><entry><constant>userWorkstation</constant></entry><entry>character string value currently unused. + </entry></row> - <listitem><para><constant>rid</constant>: the integer representation of the user's relative identifier - (RID).</para></listitem> + <row><entry><constant>rid</constant></entry><entry>the integer representation of the user's relative identifier + (RID).</entry></row> - <listitem><para><constant>primaryGroupID</constant>: the relative identifier (RID) of the primary group - of the user.</para></listitem> + <row><entry><constant>primaryGroupID</constant></entry><entry>the relative identifier (RID) of the primary group + of the user.</entry></row> - <listitem><para><constant>domain</constant>: domain the user is part of.</para></listitem> - </itemizedlist> + <row><entry><constant>domain</constant></entry><entry>domain the user is part of.</entry></row> + </tbody> + </tgroup></table> <para> The majority of these parameters are only used when Samba is acting as a PDC of @@ -1171,18 +1136,18 @@ access to attrs=lmPassword,ntPassword are only stored with the sambaAccount entry if the values are non-default values: </para> - <itemizedlist> - <listitem><para>smbHome</para></listitem> - <listitem><para>scriptPath</para></listitem> - <listitem><para>logonPath</para></listitem> - <listitem><para>homeDrive</para></listitem> - </itemizedlist> + <simplelist> + <member>smbHome</member> + <member>scriptPath</member> + <member>logonPath</member> + <member>homeDrive</member> + </simplelist> <para> These attributes are only stored with the sambaAccount entry if the values are non-default values. For example, assume TASHTEGO has now been - configured as a PDC and that <command>logon home = \\%L\%u</command> was defined in - its <filename>smb.conf</filename> file. When a user named "becky" logons to the domain, + configured as a PDC and that <parameter>logon home = \\%L\%u</parameter> was defined in + its &smb.conf; file. When a user named "becky" logons to the domain, the <parameter>logon home</parameter> string is expanded to \\TASHTEGO\becky. If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", this value is used. However, if this attribute does not exist, then the value @@ -1201,7 +1166,7 @@ access to attrs=lmPassword,ntPassword </para> <para> - <screen> + <programlisting> dn: uid=guest2, ou=people,dc=plainjoe,dc=org ntPassword: 878D8014606CDA29677A44EFA1353FC7 pwdMustChange: 2147483647 @@ -1216,7 +1181,7 @@ access to attrs=lmPassword,ntPassword logoffTime: 2147483647 rid: 19006 pwdCanChange: 0 - </screen> + </programlisting> </para> <para> @@ -1225,7 +1190,7 @@ access to attrs=lmPassword,ntPassword </para> <para> - <screen> + <programlisting> dn: uid=gcarter, ou=people,dc=plainjoe,dc=org logonTime: 0 displayName: Gerald Carter @@ -1248,7 +1213,7 @@ access to attrs=lmPassword,ntPassword pwdCanChange: 0 pwdMustChange: 2147483647 ntPassword: 878D8014606CDA29677A44EFA1353FC7 - </screen> +</programlisting> </para> </sect3> @@ -1261,7 +1226,7 @@ access to attrs=lmPassword,ntPassword using pam_ldap, this allows changing both unix and windows passwords at once. </para> - <para>The <command>ldap passwd sync</command> options can have the following values:</para> + <para>The <parameter>ldap passwd sync</parameter> options can have the following values:</para> <variablelist> <varlistentry> @@ -1322,7 +1287,7 @@ access to attrs=lmPassword,ntPassword contains the correct queries to create the required tables. Use the command : <screen> - <command>mysql -u<replaceable>username</replaceable> -h<replaceable>hostname</replaceable> -p<replaceable>password</replaceable> <replaceable>databasename</replaceable> > <filename>/path/to/samba/examples/pdb/mysql/mysql.dump</filename></command> + <prompt>$ </prompt><userinput>mysql -u<replaceable>username</replaceable> -h<replaceable>hostname</replaceable> -p<replaceable>password</replaceable> <replaceable>databasename</replaceable> > <filename>/path/to/samba/examples/pdb/mysql/mysql.dump</filename></userinput> </screen> </para> </sect3> @@ -1332,10 +1297,10 @@ access to attrs=lmPassword,ntPassword <para>This plugin lacks some good documentation, but here is some short info:</para> - <para>Add a the following to the <command>passdb backend</command> variable in your <filename>smb.conf</filename>: - <screen> + <para>Add a the following to the <parameter>passdb backend</parameter> variable in your &smb.conf;: + <programlisting> passdb backend = [other-plugins] mysql:identifier [other-plugins] - </screen> + </programlisting> </para> <para>The identifier can be any string you like, as long as it doesn't collide with @@ -1345,18 +1310,18 @@ access to attrs=lmPassword,ntPassword </para> <para> - Additional options can be given thru the &smb.conf; file in the <command>[global]</command> section. + Additional options can be given thru the &smb.conf; file in the <parameter>[global]</parameter> section. </para> <para> - <screen> + <programlisting> identifier:mysql host - host name, defaults to 'localhost' identifier:mysql password identifier:mysql user - defaults to 'samba' identifier:mysql database - defaults to 'samba' identifier:mysql port - defaults to 3306 identifier:table - Name of the table containing users - </screen> + : </programlisting> </para> <warning> @@ -1371,7 +1336,7 @@ access to attrs=lmPassword,ntPassword <para>Names of the columns in this table(I've added column types those columns should have first):</para> <para> - <screen> + <programlisting> identifier:logon time column - int(9) identifier:logoff time column - int(9) identifier:kickoff time column - int(9) @@ -1403,7 +1368,7 @@ access to attrs=lmPassword,ntPassword identifier:hours len column - int(9) - ? identifier:unknown 5 column - int(9) - unknown identifier:unknown 6 column - int(9) - unknown - </screen> + </programlisting> </para> <para> @@ -1466,7 +1431,7 @@ access to attrs=lmPassword,ntPassword </para> <para> - <userinput>pdbedit -e xml:filename</userinput> + <prompt>$ </prompt><userinput>pdbedit -e xml:filename</userinput> </para> <para> @@ -1475,22 +1440,7 @@ access to attrs=lmPassword,ntPassword <para> To import data, use: - <userinput>pdbedit -i xml:filename -e current-pdb</userinput> - </para> - - <para> - Where filename is the name to read the data from and current-pdb to put it in. - </para> - - <para> - For example: To migrate (copy) the smbpasswd database into a tdbsam database: - </para> - - <para> - then execute (as root): - <screen> - &rootprompt;<userinput>pdbedit -i smbpasswd -e tdbsam</userinput> - </screen> + <prompt>$ </prompt><userinput>pdbedit -i xml:filename</userinput> </para> </sect2> </sect1> @@ -1517,12 +1467,12 @@ access to attrs=lmPassword,ntPassword </para> <para> - <screen> + <programlisting> [globals] ... passdb backend = smbpasswd, tdbsam, guest ... - </screen> + </programlisting> </para> <para> @@ -1531,12 +1481,12 @@ access to attrs=lmPassword,ntPassword </para> <para> - <screen> + <programlisting> [globals] ... passdb backend = tdbsam, smbpasswd, guest ... - </screen> + </programlisting> </para> </sect2> diff --git a/docs/docbook/projdoc/printer_driver2.xml b/docs/docbook/projdoc/printer_driver2.xml index 76f59c12ea..028c6cc1e6 100644 --- a/docs/docbook/projdoc/printer_driver2.xml +++ b/docs/docbook/projdoc/printer_driver2.xml @@ -60,12 +60,8 @@ spooled files. They are utilized entirely by the clients. <para> The following MS KB article, may be of some help if you are dealing with -Windows 2000 clients: <emphasis>How to Add Printers with No User -Interaction in Windows 2000</emphasis> -</para> - -<para> -<ulink url="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP">http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</ulink> +Windows 2000 clients: +<ulink url="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP">How to Add Printers with No User Interaction in Windows 2000</ulink> </para> </sect1> @@ -141,8 +137,8 @@ level user accounts to have write access in order to update files on the share. See the <ulink url="smb.conf.5.html">smb.conf(5) man page</ulink> for more information on configuring file shares.</para> -<para>The requirement for <ulink url="smb.conf.5.html#GUESTOK"><command>guest -ok = yes</command></ulink> depends upon how your +<para>The requirement for <ulink url="smb.conf.5.html#GUESTOK"><parameter>guest +ok = yes</parameter></ulink> depends upon how your site is configured. If users will be guaranteed to have an account on the Samba host, then this is a non-issue.</para> @@ -158,8 +154,8 @@ is not necessary. Of course, in a workgroup environment where you just want to be able to print without worrying about silly accounts and security, then configure the share for guest access. You'll probably want to add <ulink -url="smb.conf.5.html#MAPTOGUEST"><command>map to guest = Bad User -</command></ulink> in the [global] section as well. Make sure +url="smb.conf.5.html#MAPTOGUEST"><parameter>map to guest = Bad User +</parameter></ulink> in the <parameter>[global]</parameter> section as well. Make sure you understand what this parameter does before using it though. --jerry </para> @@ -210,12 +206,12 @@ that all file shares are set to 'read only' by default. <para> -Once you have created the required [print$] service and +Once you have created the required <parameter>[print$]</parameter> service and associated subdirectories, simply log onto the Samba server using a root (or <parameter>printer admin</parameter>) account -from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or -"My Network Places" and browse for the Samba host. Once you have located -the server, navigate to the "Printers..." folder. +from a Windows NT 4.0/2k client. Open <guilabel>Network Neighbourhood</guilabel> or +<guilabel>My Network Places</guilabel> and browse for the Samba host. Once you have located +the server, navigate to the <guilabel>Printers...</guilabel> folder. You should see an initial listing of printers that matches the printer shares defined on your Samba host. </para> @@ -233,30 +229,30 @@ which has this default driver assigned will result in the error message:</para> <para> -<emphasis>Device settings cannot be displayed. The driver +<errorname>Device settings cannot be displayed. The driver for the specified printer is not installed, only spooler properties will be displayed. Do you want to install the -driver now?</emphasis> +driver now?</errorname> </para> <para> -Click "No" in the error dialog and you will be presented with +Click <guibutton>No</guibutton> in the error dialog and you will be presented with the printer properties window. The way to assign a driver to a printer is to either </para> -<itemizedlist> - <listitem><para>Use the "New Driver..." button to install - a new printer driver, or</para></listitem> +<procedure> + <step><para>Use the <guibutton>New Driver...</guibutton> button to install + a new printer driver, or</para></step> - <listitem><para>Select a driver from the popup list of - installed drivers. Initially this list will be empty.</para> - </listitem> -</itemizedlist> + <step><para>Select a driver from the popup list of + installed drivers. Initially this list will be empty.</para> + </step> +</procedure> <para>If you wish to install printer drivers for client operating systems other than "Windows NT x86", you will need -to use the "Sharing" tab of the printer properties dialog.</para> +to use the <guilabel>Sharing</guilabel> tab of the printer properties dialog.</para> <para>Assuming you have connected with a root account, you will also be able modify other printer properties such as @@ -267,7 +263,7 @@ on a Windows NT print server to have printers listed in the Printers folder which are not shared. Samba does not make this distinction. By definition, the only printers of which Samba is aware are those which are specified as shares in -<filename>smb.conf</filename>.</para> +&smb.conf;.</para> <para>Another interesting side note is that Windows NT clients do not use the SMB printer share, but rather can print directly @@ -287,15 +283,15 @@ permissions to the "Everyone" well-known group. <para>One issue that has arisen during the development phase of Samba 2.2 is the need to support driver downloads for 100's of printers. Using the Windows NT APW is somewhat -awkward to say the list. If more than one printer are using the +awkward to say the least. If more than one printer are using the same driver, the <ulink url="rpcclient.1.html"><command>rpcclient's setdriver command</command></ulink> can be used to set the driver associated with an installed driver. The following is example of how this could be accomplished:</para> <para> -<prompt>$ </prompt><userinput>rpcclient pogo -U root%secret -c "enumdrivers"</userinput> -<programlisting> +<screen> +<prompt>$ </prompt><userinput>rpcclient <replaceable>pogo</replaceable> -U root%<replaceable>secret</replaceable> -c "enumdrivers"</userinput> Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] [Windows NT x86] @@ -307,21 +303,17 @@ Printer Driver Info 1: Printer Driver Info 1: Driver Name: [HP LaserJet 4Si/4SiMX PS] -</programlisting> -<prompt>$ </prompt><userinput>rpcclient pogo -U root%secret -c "enumprinters"</userinput> -<programlisting> +<prompt>$ </prompt><userinput>rpcclient <replaceable>pogo</replaceable> -U root%<replaceable>secret</replaceable> -c "enumprinters"</userinput> Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] flags:[0x800000] name:[\\POGO\hp-print] description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] comment:[] -</programlisting> -<prompt>$ </prompt><userinput>rpcclient pogo -U root%secret -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""</userinput> -<programlisting> +<prompt>$ </prompt><userinput>rpcclient <replaceable>pogo</replaceable> -U root%<replaceable>secret</replaceable> -c "setdriver <replaceable>hp-print</replaceable> <replaceable>\"HP LaserJet 4000 Series PS\"</replaceable></userinput> Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] Successfully set hp-print to driver HP LaserJet 4000 Series PS. -</programlisting></para> +</screen></para> </sect2> @@ -330,9 +322,9 @@ Successfully set hp-print to driver HP LaserJet 4000 Series PS. <title>Adding New Printers via the Windows NT APW</title> <para> -By default, Samba offers all printer shares defined in <filename>smb.conf</filename> -in the "Printers..." folder. Also existing in this folder is the Windows NT -Add Printer Wizard icon. The APW will be show only if +By default, Samba offers all printer shares defined in &smb.conf; +in the <filename>Printers...</filename> folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The <acronym>APW</acronym> will be show only if </para> <itemizedlist> @@ -352,15 +344,15 @@ server, the <ulink url="smb.conf.5.html#ADDPRINTERCOMMAND"><parameter>add printer command</parameter></ulink> must have a defined value. The program hook must successfully add the printer to the system (i.e. <filename>/etc/printcap</filename> or appropriate files) and -<filename>smb.conf</filename> if necessary. +&smb.conf; if necessary. </para> <para> When using the APW from a client, if the named printer share does -not exist, <command>smbd</command> will execute the <parameter>add printer -command</parameter> and reparse to the <filename>smb.conf</filename> +not exist, &smbd; will execute the <parameter>add printer +command</parameter> and reparse to the &smb.conf; to attempt to locate the new printer share. If the share is still not defined, -an error of "Access Denied" is returned to the client. Note that the +an error of <errorname>Access Denied</errorname> is returned to the client. Note that the <parameter>add printer program</parameter> is executed under the context of the connected user, not necessarily a root account. </para> @@ -447,7 +439,7 @@ a form of load balancing or fail over. <para> If you require that multiple ports be defined for some reason, -<filename>smb.conf</filename> possesses a <ulink +&smb.conf; possesses a <ulink url="smb.conf.5.html#ENUMPORTSCOMMAND"><parameter>enumports command</parameter></ulink> which can be used to define an external program that generates a listing of ports on a system. @@ -588,6 +580,7 @@ foreach (supported architecture for a given driver) </sect1> <!-- +FIXME This comment from rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex() needs to be added into a section probably. This is to remind me it needs @@ -760,24 +753,23 @@ print queue needs to be stopped in order to see the queue status and remove the job: </para> -<para><programlisting> - -h4: {42} % echo hi >/tmp/hi -h4: {43} % smbclient //localhost/lw4 +<para><screen> +<prompt>h4: {42} % </prompt><userinput>echo hi >/tmp/hi</userinput> +<prompt>h4: {43} % </prompt><userinput>smbclient //localhost/lw4</userinput> added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0 Password: Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7] -smb: \> print /tmp/hi +<prompt>smb: \> </prompt><userinput>print /tmp/hi</userinput> putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s) -smb: \> queue +<prompt>smb: \> </prompt><userinput>queue</userinput> 1049 3 hi-17534 -smb: \> cancel 1049 +<prompt>smb: \> </prompt><userinput>cancel 1049</userinput> Error cancelling job 1049 : code 0 -smb: \> cancel 1049 +<prompt>smb: \> </prompt><userinput>cancel 1049</userinput> Job 1049 cancelled -smb: \> queue -smb: \> exit -</programlisting></para> +<prompt>smb: \> </prompt><userinput>queue</userinput> +<prompt>smb: \> </prompt><userinput>exit</userinput> +</screen></para> <para> The 'code 0' indicates that the job was removed. The comment @@ -799,9 +791,9 @@ name you are using is recognized by Samba. For example, you can use: </para> -<para><programlisting> - testprns printer /etc/printcap -</programlisting></para> +<para><screen> +<prompt>$ </prompt><userinput>testprns printer /etc/printcap</userinput> +</screen></para> <para> Samba can get its printcap information from a file or from a program. @@ -809,11 +801,10 @@ You can try the following to see the format of the extracted information: </para> -<para><programlisting> - testprns -a printer /etc/printcap - - testprns -a printer '|/bin/cat printcap' -</programlisting></para> +<para><screen> +<prompt>$ </prompt><userinput>testprns -a printer /etc/printcap</userinput> +<prompt>$ </prompt><userinput>testprns -a printer '|/bin/cat printcap'</userinput> +</screen></para> </sect2> @@ -848,28 +839,24 @@ to extend the printcap to multiple lines. Here are some examples of printcap files: </para> -<para> -<orderedlist> -<listitem><para> -pr just printer name -</para></listitem> -<listitem><para> -pr|alias printer name and alias -</para></listitem> -<listitem><para> -pr|My Printer printer name, alias used as comment -</para></listitem> -<listitem><para> -pr:sh:\ Same as pr:sh:cm= testing +<table> + <tgroup cols="2" align="left"> + <tbody> + <row><entry><programlisting>pr</programlisting></entry><entry>just printer name</entry></row> + <row><entry><programlisting>pr|alias</programlisting></entry><entry>printer name and alias</entry></row> + <row><entry><programlisting>pr|My Printer</programlisting></entry><entry>printer name, alias used as comment</entry></row> + <row><entry><programlisting> +pr:sh:\ :cm= \ testing -</para></listitem> -<listitem><para> -pr:sh Same as pr:sh:cm= testing +</programlisting></entry><entry>Same as pr:sh:cm= testing</entry></row> + <row><entry><programlisting> +pr:sh :cm= testing -</para></listitem> -</orderedlist> -</para> +</programlisting></entry><entry>Same as pr:sh:cm= testing</entry></row> +</tbody> +</tgroup> +</table> <para> Samba reads the printcap information when first started. If you make @@ -913,12 +900,12 @@ you can temporarily stop the printing of jobs. Jobs can still be submitted, but they will not be printed. Use: </para> -<para><programlisting> - lpc -Pprinter stop -</programlisting></para> +<para><screen> +<prompt>$ </prompt><userinput>lpc -Pprinter stop</userinput> +</screen></para> <para> -Now submit a print job and then use 'lpq -Pprinter' to see if the +Now submit a print job and then use <userinput>lpq -Pprinter</userinput> to see if the job is in the print queue. If it is not in the print queue then you will have to find out why it is not being accepted for printing. </para> @@ -932,11 +919,11 @@ You can use the UNIX 'file' utitily to determine what the job format actually is: </para> -<para><programlisting> - cd /var/spool/lpd/printer # spool directory of print jobs - ls # find job files - file dfA001myhost -</programlisting></para> +<para><screen> +<prompt>$ </prompt><userinput>cd /var/spool/lpd/printer # spool directory of print jobs</userinput> +<prompt>$ </prompt><userinput>ls # find job files</userinput> +<prompt>$ </prompt><userinput>file dfA001myhost</userinput> +</screen></para> <para> You should make sure that your printer supports this format OR that @@ -1016,7 +1003,7 @@ Format Detection' on your printer. <para> Note that you can do some pretty magic things by using your -imagination with the "print command" option and some shell scripts. +imagination with the <parameter>print command</parameter> option and some shell scripts. Doing print accounting is easy by passing the %U option to a print command shell script. You could even make the print command detect the type of output and its size and send it to an appropriate @@ -1025,14 +1012,6 @@ printer. </sect2> -<sect2> -<title>Real debugging</title> - -<para> -If the above debug tips don't help, then maybe you need to bring in -the bug guns, system tracing. See Tracing.txt in this directory. -</para> -</sect2> </sect1> </chapter> |