diff options
31 files changed, 420 insertions, 155 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index caf61fa42e..dd291c001f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -9,12 +9,13 @@ across subnets correctly. Look in the file docs/BROWSING.txt as it has been largely re-written to explain how to do this. *IMPORTANT* All Samba servers acting as local/domain master -browsers must be running 1.9.17alpha3, as should the nmbd -set up as the WINS server. +browsers must be running 1.9.17alpha3 (or later), in addition +nmbd must be set up as the WINS server. Thanks to Silicon Graphics for allowing us to test the new code on their corporate network. + Improved share mode handling ---------------------------- @@ -42,7 +43,6 @@ the Makefile : Updated smb.conf documentation ------------------------------ - All options are now documented we believe. Many small bugfixes and improvements @@ -52,7 +52,6 @@ thanks to everyone who contributed. Remaining known issues with cross-subnet browsing. -------------------------------------------------- - When nmbd is acting as a WINS server it doesn't handle de-registering of members of a WORKGROUP<1e> name correctly. The first machine to de-register will remove the name. This @@ -79,4 +78,3 @@ samba-bugs@samba.anu.edu.au Regards, The Samba Team. - diff --git a/docs/INSTALL.txt b/docs/INSTALL.txt index 6888755525..a97d5f2679 100644 --- a/docs/INSTALL.txt +++ b/docs/INSTALL.txt @@ -1,5 +1,9 @@ -HOW TO INSTALL AND TEST SAMBA -============================= +Contributor: Andrew Tridgell <samba-bugs@samba.anu.edu.au> +Date: Unknown +Status: Current + +Subject: HOW TO INSTALL AND TEST SAMBA +=============================================================================== STEP 0. Read the man pages. They contain lots of useful info that will diff --git a/docs/OS2.txt b/docs/OS2.txt index 7d678a4bfb..d5703044a6 100644 --- a/docs/OS2.txt +++ b/docs/OS2.txt @@ -1,8 +1,10 @@ -This describes how to use smbclient to connect to an OS/2 server. -Knowing this allows you to use a OS/2 printer from unix. - -Author: riiber@oslonett.no +Author: riiber@oslonett.no +Date: Unknown +Status: Unspecified Currency - feedback welcomed +Subject: This describes how to use smbclient to connect to an OS/2 server. + Knowing this allows you to use a OS/2 printer from unix. +============================================================================== How to login to an OS/2 server ------------------------------- @@ -20,7 +22,7 @@ First, the two servers were started with the commands smbd and nmbd -n KLATREMUS. Command to connect to a the shared printer LASER02 on the OS/2 server: -n + smbclient '\\OBV11\LASER02' xxx -n ARNE -U ARNE -P and to connect to the shared drive 'PCPROGS': diff --git a/docs/README.OS2 b/docs/README.OS2 index a464dd9946..ff98403d72 100644 --- a/docs/README.OS2 +++ b/docs/README.OS2 @@ -1,10 +1,16 @@ -Samba 1.9.15p8 for OS/2 : REQUIRES emx 0.9b. +Contributor: Jason Rumney <jasonr@pec.co.nz>. +Date: 1995 +Status: Needs Updating - Old! + +Subject: IBM OS/2 Support +============================================================================= +Samba 1.9.15p8 for OS/2 : REQUIRES emx 0.9b. + Please read the file README, which contains general information about the configuration and use of Samba. - Notes specific to OS/2 port: ============================ diff --git a/docs/Warp.txt b/docs/Warp.txt index 9b8e6782ba..8818443a48 100644 --- a/docs/Warp.txt +++ b/docs/Warp.txt @@ -1,5 +1,9 @@ -Here is some advice from maxfield@ctelcom.uucp.netcom.com (Wade Maxfie -to use Samba with OS/2 Warp. +Contributor: Wade Maxfie <maxfield@ctelcom.uucp.netcom.com> +Date: Unknown +Status: Old + +Subject: Samba with OS/2 Warp. +============================================================================ Note that you may also find ftp://ftp.cdrom.com/pub/os2/new/os2net.faq useful. diff --git a/docs/announce b/docs/announce index 177286ff8e..18e34b68c2 100644 --- a/docs/announce +++ b/docs/announce @@ -78,11 +78,11 @@ unixes: Linux, SunOS, Solaris, SVR4, Ultrix, OSF1, AIX, BSDI, NetBSD, Sequent, HP-UX, SGI, FreeBSD, NeXT, ISC, A/UX, SCO, Intergraph, -Domain/OS and DGUX. +Silicon Graphics Inc., Domain/OS and DGUX. Some of these have received more testing than others. If it doesn't work with your unix then it should be easy to fix. It has also been ported -to Netware, OS/2 and the Amiga. A VMS port is underway. See the web site +to Netware, OS/2 and the Amiga. A VMS port is available too. See the web site for more details. Who wrote it? diff --git a/docs/history b/docs/history index 83761e23b8..a86160e854 100644 --- a/docs/history +++ b/docs/history @@ -1,8 +1,9 @@ -Note: This file is now quite out of date - but perhaps that's -appropriate? +Contributor: Andrew Tridgell and the Samba Team +Date: June 27, 1997 +Satus: Always out of date! (Would not be the same without it!) - -========= +Subject: A bit of history and a bit of fun +============================================================================ This is a short history of this project. It's not supposed to be comprehensive, just enough so that new users can get a feel for where @@ -10,7 +11,7 @@ this project has come from and maybe where it's going to. The whole thing really started in December 1991. I was (and still am) a PhD student in the Computer Sciences Laboratory at the Australian -Netional University, in Canberra, Australia. We had just got a +National University, in Canberra, Australia. We had just got a beta copy of eXcursion from Digital, and I was testing it on my PC. At this stage I was a MS-DOS user, dabbling in windows. @@ -163,3 +164,33 @@ support and the ability to do domain logons etc. Samba has also been ported to OS/2, the amiga and NetWare. There are now 3000 people on the samba mailing list. --------------------- + + +--------------------- +It's now June 1997 and samba-1.9.17 is due out soon. My how time passes! +Please refer to the WHATSNEW.txt for an update on new features. Just when +you think you understand what is happening the ground rules change - this +is a real world after all. Since the heady days of March 1996 there has +been a concerted effort within the SMB protocol using community to document +and standardize the protocols. The CIFS initiative has helped a long way +towards creating a better understood and more interoperable environment. +The Samba Team has grown in number and have been very active in the standards +formation and documentation process. + +The net effect has been that we have had to do a lot of work to bring Samba +into line with new features and capabilities in the SMB protocols. + +The past year has been a productive one with the following releases: + 1.9.16, 1.9.16p2, 1.9.16p6, 1.9.16p9, 1.9.16p10, 1.9.16p11 + +There are some who believe that 1.9.15p8 was the best release and others +who would not want to be without the latest. Whatever your perception we +hope that 1.9.17 will close the gap and convince you all that the long +wait and the rolling changes really were worth it. Here is functionality +and a level of code maturity that ..., well - you can be the judge! + +Happy SMB networking! +Samba Team + +ps: The bugs are ours, so please report any you find. +--------------------- diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt index ea8f1298c8..caed027893 100644 --- a/docs/textdocs/Application_Serving.txt +++ b/docs/textdocs/Application_Serving.txt @@ -1,7 +1,10 @@ January 7, 1997 -Contributor: John H Terpstra +Updated: June 27, 1997 +Contributor: John H Terpstra <samba-bugs@samba.anu.edu.au> +Status: Current Subject: Using a Samba share as an administrative share for MS Office, etc. +============================================================================== Problem: ======== @@ -21,9 +24,9 @@ is desirable to enable file locking and share mode operation during this process. Subsequent installation of MS Office from this share will FAIL unless certain -procautions are taken. The failure will be caused by share mode operation +precautions are taken. This failure will be caused by share mode operation which will prevent the MS Office installation process from re-opening various -dynamic link library files. Some other files will also NOT be found at times. +dynamic link library files and will cause sporadic file not found problems. Solution: ========= @@ -40,6 +43,7 @@ Solution: browseable = yes public = yes -2. Now you are ready to run the setup program from the workstation as follows:- +2. Now you are ready to run the setup program from the Microsoft Windows +workstation as follows:- \\"Server_Name"\MSOP95\msoffice\setup diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt index 19e7888477..12d3417a29 100644 --- a/docs/textdocs/BROWSING.txt +++ b/docs/textdocs/BROWSING.txt @@ -1,9 +1,24 @@ +Author/s: Many (Thanks to Luke, Jeremy, Andrew, etc.) +Updated: June 29, 1997 +Status: Current - For VERY Advanced Users ONLY + +Summary: This describes how to configure Samba for improved browsing. +===================================================================== + +OVERVIEW: +========= +SMB networking provides a mechanism by which clients can access a list +of machines that are available within the network. This list is called +the browse list and is heavily used by all SMB clients. Configuration +of SMB browsing has been problematic for some Samba users, hence this +document. + +===================================================================== + BROWSING ======== - Samba now fully supports browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see -smb.conf(5)). +and is also controlled by options in the smb.conf file (see smb.conf(5)). Samba can act as a local browse master for a workgroup and the ability for samba to support domain logons and scripts is now available. See @@ -51,7 +66,7 @@ have a valid guest account. Also, a lot of people are getting bitten by the problem of too many parameters on the command line of nmbd in inetd.conf. This trick is to not use spaces between the option and the parameter (eg: -d2 instead -Of -d 2), and to not use the -B and -N options. New versions of nmbd +of -d 2), and to not use the -B and -N options. New versions of nmbd are now far more likely to correctly find your broadcast and network addess, so in most cases these aren't needed. @@ -167,7 +182,7 @@ Now examine subnet 2. As soon as N2_B has become the local master browser it looks for a Domain master browser to synchronize its browse list with. It does this by querying the WINS server (N2_D) for the IP address associated with the NetBIOS name -WORKGROUP<1b>. This name was registerd by the Domain master +WORKGROUP<1B>. This name was registerd by the Domain master browser (N1_C) with the WINS server as soon as it was booted. Once N2_B knows the address of the Domain master browser it @@ -279,6 +294,9 @@ least set the parameter to 'no' on all these machines. Machines with "wins support = yes" will keep a list of all NetBIOS names registered with them, acting as a DNS for NetBIOS names. +You should set up only ONE wins server. Do NOT set the +"wins support = yes" option on more than one Samba server. + To set up a Windows NT Server as a WINS server you need to set up the WINS service - see your NT documentation for details. Note that Windows NT WINS Servers can replicate to each other, allowing more @@ -339,7 +357,7 @@ server as a domain master browser set the following option in the domain master = yes -The domain master browser should also probably be the local master +The domain master browser should also preferrably be the local master browser for it's own subnet. In order to achieve this set the following options in the [global] section of the smb.conf file : @@ -458,7 +476,7 @@ broadcast isolated subnet. It is possible to configure two samba servers to attempt to become the domain master browser for a domain. The first server that comes -up with be the domain master browser. All other samba servers will +up will be the domain master browser. All other samba servers will attempt to become the domain master browser every 5 minutes. They will find that another samba server is already the domain master browser and will fail. This provides automatic redundancy, should diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt index 099791c156..0bd12e8af0 100644 --- a/docs/textdocs/BUGS.txt +++ b/docs/textdocs/BUGS.txt @@ -1,21 +1,26 @@ -This file describes how to report Samba bugs. +Contributor: Samba Team +Updated: June 27, 1997 + +Subject: This file describes how to report Samba bugs. +============================================================================ >> The email address for bug reports is samba-bugs@samba.anu.edu.au << Please take the time to read this file before you submit a bug -report. Also, please see if it has changed between releases, as I -may be changing the bug reporting mechanism sometime soon. +report. Also, please see if it has changed between releases, as we +may be changing the bug reporting mechanism at some time. Please also do as much as you can yourself to help track down the -bug. I only develop Samba in my spare time and I receive far more mail -about it than I can possibly answer, so you have a much higher chance -of an answer and a fix if you send me a "developer friendly" bug -report that lets me fix it fast. +bug. Samba is maintained by a dedicated group of people who volunteer +their time, skills and efforts. We receive far more mail about it than +we can possibly answer, so you have a much higher chance of an answer +and a fix if you send us a "developer friendly" bug report that lets +us fix it fast. Do not assume that if you post the bug to the comp.protocols.smb -newsgroup or the mailing list that I will read it. If you suspect that your +newsgroup or the mailing list that we will read it. If you suspect that your problem is not a bug but a configuration problem then it is better to send -it to the Samba mailing list, as there are (at last count) 1900 other users on +it to the Samba mailing list, as there are (at last count) 5000 other users on that list that may be able to help you. You may also like to look though the recent mailing list archives, @@ -51,6 +56,7 @@ To set the debug level use "log level =" in your smb.conf. You may also find it useful to set the log level higher for just one machine and keep separate logs for each machine. To do this use: +log level = 10 log file = /usr/local/samba/lib/log.%m include = /usr/local/samba/lib/smb.conf.%m @@ -60,6 +66,15 @@ put any smb.conf commands you want, for example "log level=" may be useful. This also allows you to experiment with different security systems, protocol levels etc on just one machine. +The smb.conf entry "log level =" is synonymous with the entry +"debuglevel =" that has been used in older versions of Samba and +is being retained for backwards compatibility of smb.conf files. + +As the "log level =" value is increased you will record a significantly +increasing level of debugging information. For most debugging operations +you may not need a setting higher than 3. Nearly all bugs can be tracked +at a setting of 10, but be prepared for a VERY large volume of log data. + INTERNAL ERRORs --------------- @@ -112,7 +127,7 @@ where it occurred. PATCHES ------- -The best sort of bug report is one that includes a fix! If you send me +The best sort of bug report is one that includes a fix! If you send us patches please use "diff -u" format if your version of diff supports it, otherwise use "diff -c4". Make sure your do the diff against a clean version of the source and let me know exactly what version you diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt index 740f417ed3..5f20f61031 100644 --- a/docs/textdocs/DIAGNOSIS.txt +++ b/docs/textdocs/DIAGNOSIS.txt @@ -1,5 +1,8 @@ -DIAGNOSING YOUR SAMBA SERVER -============================ +Contributor: Andrew Tridgell +Updated: June 27, 1997 + +Subject: DIAGNOSING YOUR SAMBA SERVER +=========================================================================== This file contains a list of tests you can perform to validate your Samba server. It also tells you what the likely cause of the problem @@ -23,10 +26,12 @@ ASSUMPTIONS In all of the tests I assume you have a Samba server called BIGSERVER and a PC called ACLIENT. I also assume the PC is running windows for -workgroups with a recent copy of the microsoft tcp/ip stack. The -procedure is similar for other types of clients. +workgroups with a recent copy of the microsoft tcp/ip stack. Alternatively, +your PC may be running Windows 95 or Windows NT (Workstation or Server). + +The procedure is similar for other types of clients. -I also assume you know the name of a available share in your +I also assume you know the name of an available share in your smb.conf. I will assume this share is called "tmp". You can add a "tmp" share like by adding the following to smb.conf: @@ -43,8 +48,12 @@ COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS TEST 1: ------- -run the command "testparm". If it reports any errors then your -smb.conf configuration file is faulty. +In the directory in which you store your smb.conf file, run the command +"testparm smb.conf". If it reports any errors then your smb.conf +configuration file is faulty. + +Note: Your smb.conf file may be located in: /etc + or in: /usr/local/samba/lib TEST 2: @@ -66,7 +75,7 @@ you do have correct entries for the remainder of these tests. TEST 3: ------- -run the command "smbclient -L BIGSERVER" on the unix box. You +Run the command "smbclient -L BIGSERVER" on the unix box. You should get a list of available shares back. If you get a error message containing the string "Bad password" then @@ -77,7 +86,7 @@ temporarily remove any "hosts allow", "hosts deny", "valid users" or "invalid users" lines. If you get a "connection refused" response then the smbd server could -not be run. If you installed it in inetd.conf then you probably edited +not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN state using "netstat -a". @@ -86,19 +95,20 @@ If you get a "session request failed" then the server refused the connection. If it says "your server software is being unfriendly" then its probably because you have invalid command line parameters to smbd, or a similar fatal problem with the initial startup of smbd. Also -check your config file for syntax errors with "testparm" and that the -various directories where samba keeps its log and lock files exist. +check your config file (smb.conf) for syntax errors with "testparm" +and that the various directories where samba keeps its log and lock +files exist. Another common cause of these two errors is having something already running -on port 139, such as Samba (ie smbd is running from inetd already) or something -like Digital's Pathworks. Check your inetd.conf file before trying to start -smbd as a daemon, it can avoid a lot of frustration! +on port 139, such as Samba (ie: smbd is running from inetd already) or +something like Digital's Pathworks. Check your inetd.conf file before trying +to start smbd as a daemon, it can avoid a lot of frustration! TEST 4: ------- -run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the +Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the IP address of your Samba server back. If you don't then nmbd is incorrectly installed. Check your inetd.conf @@ -110,6 +120,7 @@ parameters on the command line. If this is the case then create a one-line script that contains the right parameters and run that from inetd. + TEST 5: ------- @@ -119,10 +130,11 @@ You should get the PCs IP address back. If you don't then the client software on the PC isn't installed correctly, or isn't started, or you got the name of the PC wrong. + TEST 6: ------- -run the command "nmblookup -d 2 '*'" +Run the command "nmblookup -d 2 '*'" This time we are trying the same as the previous test but are trying it via a broadcast to the default broadcast address. A number of @@ -141,10 +153,11 @@ If your PC and server aren't on the same subnet then you will need to use the -B option to set the broadcast address to the that of the PCs subnet. + TEST 7: ------- -run the command "smbclient '\\BIGSERVER\TMP'". You should then be +Run the command "smbclient '\\BIGSERVER\TMP'". You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with another account then add the -U <accountname> option to the command @@ -196,10 +209,11 @@ particular, make sure your "hosts allow" line is correct (see the man pages) + TEST 9: -------- -run the command "net use x: \\BIGSERVER\TMP". You should be prompted +Run the command "net use x: \\BIGSERVER\TMP". You should be prompted for a password then you should get a "command completed successfully" message. If not then your PC software is incorrectly installed or your smb.conf is incorrect. make sure your "hosts allow" and other config @@ -221,7 +235,10 @@ specified in smb.conf). You should be able to double click on the name of the server and get a list of shares. If you get a "invalid password" error when you do then you are probably running WinNT and it is refusing to browse a server that has no encrypted password -capability and is in user level security mode. +capability and is in user level security mode. In this case either set +"security = server" AND "password server = Windows_NT_Machine" in your +smb.conf file, or enable encrypted passwords AFTER compiling in support +for encrypted passwords (refer to the Makefile). Still having troubles? diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt index ba420e6111..b2d8a3f34d 100644 --- a/docs/textdocs/DOMAIN.txt +++ b/docs/textdocs/DOMAIN.txt @@ -1,20 +1,27 @@ -Samba now supports domain logons, network logon scripts and user profiles. +Contributor: Samba Team +Updated: June 27, 1997 + +Subject: Network Logons and Roving Profiles +=========================================================================== + +Samba supports domain logons, network logon scripts and user profiles. The support is still experimental, but it seems to work. The support is also not complete. Samba does not yet support the -sharing of the SAM database with other systems yet, or remote -administration. Support for these kind of things should be added -sometime in the future. +sharing of the SAM database with other systems, or remote administration. +Support for these kind of things should be added sometime in the future. -The domain support only works for WfWg and Win95 clients. Support for -NT and OS/2 clients is still being worked on and currently does not -work. +The domain support works for WfWg and Win95 clients. Support for Windows +NT and OS/2 clients is still being worked on and is still experimental. Using these features you can make your clients verify their logon via the Samba server, make clients run a batch file when they logon to the network and download their preferences, desktop and start menu. +Configuration Instructions: Network Logons +============================================== + To use domain logons and profiles you need to do the following: 1) Setup nmbd and smbd and configure the smb.conf so that Samba is @@ -74,7 +81,9 @@ domain logons to work correctly. Share level security won't work correctly. -User Profiles + +Configuration Instructions: Setting up Roaming User Profiles +================================================================ 1) in the [global] section of smb.conf set the following: diff --git a/docs/textdocs/DOMAIN_CONTROL.txt b/docs/textdocs/DOMAIN_CONTROL.txt index 5804d15129..19d702040c 100644 --- a/docs/textdocs/DOMAIN_CONTROL.txt +++ b/docs/textdocs/DOMAIN_CONTROL.txt @@ -1,15 +1,28 @@ -August 22, 1996 -=============== - -Contributor: John H Terpstra +Initial Release: August 22, 1996 +Contributor: John H Terpstra <samba-bugs@samba.anu.edu.au> +Updated: June 27, 1997 +Status: Current - New Content Subject: Windows NT Domain Control & Samba - ================================= +============================================================================ + +****NOTE:**** +============= +Microsoft Windows NT Domain Control is an extremely complex protocol. +We have received countless requests to implement Domain Control in Samba +and have seriously investigated the potential to support this. The Samba +Team have now concluded that since Domain Control is a completely +undocumented protocol we ought NOT to implement our best guess of this +technology. It is a Microsoft business policy NOT to release the information +necessary to enable this to be implemented in a dependable manner. +============================================================================ Windows NT Server can be installed as either a plain file and print server -or as a server that participates in Domain Control. The same is true for -OS/2 Warp Server, Digital Pathworks and other similar products, all of which -can participate in Domain Control along with Windows NT. +(WORKGROUP workstaion or server) or as a server that participates in Domain +Control (DOMAIN member, Primary Domain controller or Backup Domain controller). + +The same is true for OS/2 Warp Server, Digital Pathworks and other similar +products, all of which can participate in Domain Control along with Windows NT. To many people these terms can be confusing, so let's try to clear the air. @@ -21,6 +34,20 @@ software where to find dynamically loadable libraries that they depend upon. In fact, the registry contains entries that describes everything that anything may need to know to interact with the rest of the system. +The registry files will can be located on any Windows NT machine by opening a +command prompt and typing: + dir %SystemRoot%\System32\config + +The environment variable %SystemRoot% value can be obtained by typing: + echo %SystemRoot% + +The active parts of the registry that you may want to be familiar with are +the files called: default, system, software, sam and security. + +In a domain environment, Microsoft Windows NT domain controllers participate +in replication of the SAM and SECURITY files so that all controllers within +the domain have an exactly identical copy of each. + The Microsoft Windows NT system is structured within a security model that says that all applications and services must authenticate themselves before they can obtain permission from the security manager to do what they set out @@ -32,8 +59,8 @@ memberships, desktop profile, and so on. Every Windows NT system (workstation as well as server) will have it's own registry. Windows NT Servers that participate in Domain Security control -have a database that they share in common - thus they do NOT own a complete -and independant full registry database of their own, as do Workstations and +have a database that they share in common - thus they do NOT own an +independant full registry database of their own, as do Workstations and plain Servers. The User database is called the SAM (Security Access Manager) database and @@ -57,5 +84,7 @@ Windows NT security system for all access authentication. When Samba is configured with the 'security = server' option and the 'password server = Your_Windows_NT_Server_Name' option, then it will -redirect all access authentication to that server. +redirect all access authentication to that server. This way you can +use Windows NT to act as your password server with full support for +Microsoft encrypted passwords. diff --git a/docs/textdocs/ENCRYPTION.txt b/docs/textdocs/ENCRYPTION.txt index 82fe228926..04822eed32 100644 --- a/docs/textdocs/ENCRYPTION.txt +++ b/docs/textdocs/ENCRYPTION.txt @@ -1,5 +1,9 @@ - LanManager / Samba Password Encryption. - --------------------------------------- +Contributor: Jeremy Allison <samba-bugs@samba.anu.edu.au> +Updated: June 27, 1997 +Note: Please refer to WinNT.txt also + +Subject: LanManager / Samba Password Encryption. +============================================================================ With the development of LanManager and Windows NT compatible password encryption for Samba, it is now able to validate user connections in @@ -115,6 +119,13 @@ ftp ftp) which send plain text passwords over the net, so not sending them for SMB isn't such a big deal. +Note that Windows NT 4.0 Service pack 3 changed the default for +permissible authentication so that plaintext passwords are *never* +sent over the wire. The solution to this is either to switch to +encrypted passwords with Samba or edit the Windows NT registry to +re-enable plaintext passwords. See the document WinNT.txt for +details on how to do this. + The smbpasswd file. ------------------- @@ -249,7 +260,7 @@ secure by reporting all problems to me (the author, Jeremy Allison). My email address is :- -jra@cygnus.com +jallison@whistle.com Setting up Samba to support LanManager Encryption. -------------------------------------------------- @@ -335,3 +346,5 @@ Thank you, Jeremy Allison. +============================================================================== +Footnote: Please refer to WinNT.txt also diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt index 132a9f64ce..511640d556 100644 --- a/docs/textdocs/Faxing.txt +++ b/docs/textdocs/Faxing.txt @@ -1,8 +1,11 @@ - F A X I N G with S A M B A +Contributor: Gerhard Zuber <zuber@berlin.snafu.de> +Initial Release: ? + +Subject: F A X I N G with S A M B A +============================================================================= This text describes how to turn your SAMBA-server into a fax-server for any environment, especially for Windows. - Author: Gerhard Zuber <zuber@berlin.snafu.de> Requirements: UNIX box (Linux preferred) with SAMBA diff --git a/docs/textdocs/GOTCHAS.txt b/docs/textdocs/GOTCHAS.txt index 279b3453dc..d4e5f3e842 100644 --- a/docs/textdocs/GOTCHAS.txt +++ b/docs/textdocs/GOTCHAS.txt @@ -1,4 +1,4 @@ -This file lists real Gotchas to watch out for: +This file lists Gotchas to watch out for: ========================================================================= Item Number: 1.0 Description: Problem Detecting Interfaces @@ -6,7 +6,7 @@ Symptom: Workstations do NOT see Samba server in Browse List OS: RedHat - Rembrandt Beta 2 Platform: Intel Date: August 16, 1996 -Submitted By: John H Terpstra <jht@aquasoft.com.au> +Submitted By: John H Terpstra Details: By default RedHat Rembrandt-II during installation adds an entry to /etc/hosts as follows:- @@ -27,7 +27,7 @@ Symptom: Loss of Domain Logon Services and failed Windows NT / 95 OS: All Unix systems with Windows NT Domain Control environments. Platform: All Date: February 1, 1997 -Submitted By: John H Terpstra <jht@aquasoft.com.au> +Submitted By: John H Terpstra Details: Samba is configured for Domain logon control in a network where a Windows NT Domain Primary Controller is running. @@ -57,4 +57,12 @@ Details: Work-around: Stop the Samba nmbd and smbd processes, then on the Windows NT Primary Domain Controller start the Network Logon Service. Now restart the Samba nmbd and smbd services. + + Better still: DO NOT CONFIGURE SAMBA AS THE NETWORK LOGON + SERVER, DO NOT SET SAMBA TO BE THE DOMAIN MASTER, DO NOT + SET SAMBA TO OS LEVEL GREATER THAN 0. + + ie: Let Windows NT Server be the Domain Logon server, the + domain master browser and do NOT interfere with any aspect + of Microsoft Windows NT Domain Control. ========================================================================= diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt index eedd0bf36e..f5781ee423 100644 --- a/docs/textdocs/HINTS.txt +++ b/docs/textdocs/HINTS.txt @@ -1,3 +1,10 @@ +Contributor: Many +Updated: Not for a long time! + +Subject: A collection of hints +Status: May be useful information but NOT current +=============================================================================== + Here are some random hints that you may find useful. These really should be incorporated in the main docs someday. diff --git a/docs/textdocs/INSTALL.sambatar b/docs/textdocs/INSTALL.sambatar index 388e2a3eb6..413f54d3c6 100644 --- a/docs/textdocs/INSTALL.sambatar +++ b/docs/textdocs/INSTALL.sambatar @@ -1,3 +1,9 @@ +Contributor: Ricky Poulten <poultenr@logica.co.uk> +Date: Unknown +Status: Current + +Subject: Using smbtar +============================================================================= Please see the readme and the man page for general info. diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt index f52e9c8662..3ea9e3c479 100644 --- a/docs/textdocs/NetBIOS.txt +++ b/docs/textdocs/NetBIOS.txt @@ -1,5 +1,12 @@ +Contributor: Unknown +Date: Unknown +Status: Current + +Subject: Definition of NetBIOS Protocol and Name Resolution Modes +============================================================================= + ======= -NetBIOS +NETBIOS ======= NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX. @@ -7,6 +14,11 @@ Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS Session Service NetBIOS Datagram Service, and NetBIOS Names, see rfc1001.txt and rfc1002.txt. +NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS +datagrams to be sent out over the 'wire' embedded within LLC frames. +NetBEUI is not required when using NetBIOS over TCP/IP protocols and it +is preferrable NOT to install NetBEUI if it can be avoided. + NetBIOS applications (such as samba) offer their services (for example, SMB file and print sharing) on a NetBIOS name. They must claim this name on the network before doing so. The NetBIOS session service will then diff --git a/docs/textdocs/PROJECTS b/docs/textdocs/PROJECTS index 5fb75aa98e..07f82c74d9 100644 --- a/docs/textdocs/PROJECTS +++ b/docs/textdocs/PROJECTS @@ -22,9 +22,7 @@ Documentation and FAQ Docs and FAQ files for the Samba suite of software. Contact samba-bugs@samba.anu.edu.au with the diffs. These are urgently -required. The man pages were last guaranteed up to date as of version -1.7.07, and although many changes have been made since then there is still -a lot of work to be done. +required. The FAQ is being added to on an ad hoc basis, see the web pages for info. @@ -58,20 +56,9 @@ Contact lendecke@namu01.gwdg.de (Volker Lendecke) This works really well, and is measurably more efficient than commercial client software. It is now part of the Linux kernel. Long filename support -is in alpha. +is in use. -Status last updated 2nd October 1996 -======================================================================== - -======================================================================== -Nmbd - -Aims to produce a complete rfc1001/1002 implementation. The current -nmbd is a partial implementation. - -Contact Fabrice Cetre (cetre@ifhpserv.insa-lyon.fr) - -Status last updated 23rd August 1994 +Status last updated June 1997 ======================================================================== ======================================================================== diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt index e06876feca..3d7acac9dd 100644 --- a/docs/textdocs/Passwords.txt +++ b/docs/textdocs/Passwords.txt @@ -1,5 +1,9 @@ -NOTE ABOUT PASSWORDS -==================== +Contributor: Unknown +Date: Unknown +Status: Current + +Subject: NOTE ABOUT PASSWORDS +============================================================================= Unix systems use a wide variety of methods for checking the validity of a password. This is primarily controlled with the Makefile defines diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt index 9d053af1e7..e8a2d2ad27 100644 --- a/docs/textdocs/Printing.txt +++ b/docs/textdocs/Printing.txt @@ -1,3 +1,10 @@ +Contributor: Unknown <samba-bugs@samba.anu.edu.au> +Date: Unknown +Status: Current + +Subject: Dubugging Printing Problems +============================================================================= + This is a short description of how to debug printing problems with Samba. This describes how to debug problems with printing from a SMB client to a Samba server, not the other way around. For the reverse diff --git a/docs/textdocs/README.DCEDFS b/docs/textdocs/README.DCEDFS index f84b84bb68..da9bb2197d 100644 --- a/docs/textdocs/README.DCEDFS +++ b/docs/textdocs/README.DCEDFS @@ -1,9 +1,8 @@ -============================================================================= - - Basic DCE/DFS Support for SAMBA 1.9.13 - - Jim Doyle <doyle@oec.com> 06-02-95 +Contributor: Jim Doyle <doyle@oec.com> +Date: 06-02-95 +Status: Current but needs updating +Subject: Basic DCE/DFS Support for SAMBA 1.9.13 ============================================================================= Functionality: diff --git a/docs/textdocs/README.sambatar b/docs/textdocs/README.sambatar index 26829952eb..af7250c2a4 100644 --- a/docs/textdocs/README.sambatar +++ b/docs/textdocs/README.sambatar @@ -1,3 +1,11 @@ +Contributor/s: Martin.Kraemer <Martin.Kraemer@mch.sni.de> + and Ricky Poulten (ricky@logcam.co.uk) +Date: Unknown - circa 1994 +Status: Obsoleted - smbtar has been a stable part of Samba + since samba-1.9.13 + +Subject: Sambatar (now smbtar) +============================================================================= This is version 1.4 of my small extension to samba that allows PC shares to be backed up directly to a UNIX tape. It only has been tested under diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt index 1b3801471f..7c01aa57c6 100644 --- a/docs/textdocs/SCO.txt +++ b/docs/textdocs/SCO.txt @@ -1,4 +1,11 @@ -There is an annoying TCPIP bug in SCO Unix. This causes orruption when +Contributor: Geza Makay <makayg@math.u-szeged.hu> +Date: Unknown +Status: Obsolete - Dates to SCO Unix v3.2.4 approx. + +Subject: TCP/IP Bug in SCO Unix +============================================================================ + +There is an annoying TCPIP bug in SCO Unix. This causes corruption when transferring files with Samba. Geza Makay (makayg@math.u-szeged.hu) sends this information: diff --git a/docs/textdocs/SMBTAR.notes b/docs/textdocs/SMBTAR.notes index a23cbf2b32..679d776f56 100644 --- a/docs/textdocs/SMBTAR.notes +++ b/docs/textdocs/SMBTAR.notes @@ -1,3 +1,9 @@ +Contributor: Unknown +Date: 1994 +Status: Mostly Current - refer man page + +Subject: Smbtar +============================================================================ Intro ----- @@ -37,4 +43,4 @@ newer filename into its own with sambatar. This causes tar (or get, mget, etc) to only copy files newer than the specified file name. Could be used against the previous nights (or whatever) log file to implement incremental -backups.
\ No newline at end of file +backups. diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt index b62e408922..b11885fc37 100644 --- a/docs/textdocs/Speed.txt +++ b/docs/textdocs/Speed.txt @@ -1,8 +1,11 @@ -This file tries to outline the ways to improve the speed of a Samba server. +Contributor: Andrew Tridgell +Date: January 1995 +Status: Current -Andrew Tridgell -January 1995 +Subject: Samba performance issues +============================================================================ +This file tries to outline the ways to improve the speed of a Samba server. COMPARISONS ----------- @@ -106,7 +109,10 @@ MAX XMIT At startup the client and server negotiate a "maximum transmit" size, which limits the size of nearly all SMB commands. You can set the maximum size that Samba will negotiate using the "max xmit = " option -in smb.conf. +in smb.conf. Note that this is the maximum size of SMB request that +Samba will accept, but not the maximum size that the *client* will accept. +The client maximum receive size is sent to Samba by the client and Samba +honours this limit. It defaults to 65536 bytes (the maximum), but it is possible that some clients may perform better with a smaller transmit unit. Trying values @@ -137,12 +143,21 @@ no". This will gain you a lot in opening and closing files but will mean that (in some cases) the system won't force a second user of a file to open the file read-only if the first has it open read-write. For many applications that do their own locking this -doesn't matter, but for some it may. +doesn't matter, but for some it may. Most Windows applications +depend heavily on "share modes" working correctly and it is +recommended that the Samba share mode support be left at the +default of "on". + +The share mode code in Samba has been re-written in the 1.9.17 +release following tests with the Ziff-Davis NetBench PC Benchmarking +tool. It is now believed that Samba 1.9.17 implements share modes +similarly to Windows NT. NOTE: In the most recent versions of Samba there is an option to use shared memory via mmap() to implement the share modes. This makes things much faster. See the Makefile for how to enable this. + LOG LEVEL --------- @@ -217,7 +232,7 @@ Samba supports reading files via memory mapping them. One some machines this can give a large boost to performance, on others it makes not difference at all, and on some it may reduce performance. -To enable you you have to recompile Samba with the -DUSE_MMAP=1 option +To enable you you have to recompile Samba with the -DUSE_MMAP option on the FLAGS line of the Makefile. Note that memory mapping is only used on files opened read only, and @@ -269,6 +284,7 @@ person even reported a speed drop of a factor of 30 when he went from It probably depends a lot on your hardware, and the type of unix box you have at the other end of the link. + MY RESULTS ---------- diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt index 6a9ba8b850..d8b3837822 100644 --- a/docs/textdocs/Tracing.txt +++ b/docs/textdocs/Tracing.txt @@ -1,3 +1,10 @@ +Contributor: Andrew Tridgell <samba-bugs@samba.anu.edu.au> +Date: Old +Status: Questionable + +Subject: How to trace samba system calls for debugging purposes +============================================================================= + This file describes how to do a system call trace on Samba to work out what its doing wrong. This is not for the faint of heart, but if you are reading this then you are probably desperate. diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt index 92167a9e84..88a7324dd7 100644 --- a/docs/textdocs/UNIX-SMB.txt +++ b/docs/textdocs/UNIX-SMB.txt @@ -1,3 +1,9 @@ +Contributor: Andrew Tridgell <samba-bugs@samba.anu.edu.au> +Date: April 1995 + +Subject: Discussion of NetBIOS in a Unix World +============================================================================ + This is a short document that describes some of the issues that confront a SMB implementation on unix, and how Samba copes with them. They may help people who are looking at unix<->PC @@ -6,9 +12,6 @@ interoperability. It was written to help out a person who was writing a paper on unix to PC connectivity. -Andrew Tridgell -April 1995 - Usernames ========= @@ -88,16 +91,14 @@ specified number of case changes, or by using the "password server" option which allows Samba to do it's validation via another machine (typically a WinNT server). -Samba also doesn't support the password encryption method used by SMB -clients. This is because the spec isn't sufficiently detailed for an -implementation (although Jeremy Allison is working on it, to try and -work it out). Also, there is a fundamental problem with what we -understand so far in the algorithm, as it seems that the server would -need to store somewhere on disk a reversibly encrypted (effectively -plaintext) copy of the users password in order to use the -algorithm. This goes against the unix policy that "even the super-user -doesn't know your password" which comes from the use of a one-way hash -function. +Samba supports the password encryption method used by SMB +clients. Note that the use of password encryption in Microsoft +networking leads to password hashes that are "plain text equivalent". +This means that it is *VERY* important to ensure that the Samba +smbpasswd file containing these password hashes is only readable +by the root user. See the documentation ENCRYPTION.txt for more +details. + Locking ======= @@ -140,10 +141,12 @@ allowed by anyone else who tries to use the file at the same time. If DENY_READ is placed on the file, for example, then any attempt to open the file for reading should fail. -Unix has no equivalent notion. To implement these Samba uses lock +Unix has no equivalent notion. To implement this Samba uses either lock files based on the files inode and placed in a separate lock -directory. These are clumsy and consume processing and file resources, -so they are optional and off by default. +directory or a shared memory implementation. The lock file method +is clumsy and consumes processing and file resources, +the shared memory implementation is vastly prefered and is turned on +by default for those systems that support it. Trapdoor UIDs ============= @@ -219,5 +222,10 @@ this protocol level much easier. There is also a problem with the SMB specications. SMB is a X/Open spec, but the X/Open book is far from ideal, and fails to cover many -important issues, leaving much to the imagination. +important issues, leaving much to the imagination. Microsoft recently +renamed the SMB protocol CIFS (Common Internet File System) and have +published new specifications. These are far superior to the old +X/Open documents but there are still undocumented calls and features. +This specification is actively being worked on by a CIFS developers +mailing list hosted by Microsft. diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt index b57abb7742..772ef74a4c 100644 --- a/docs/textdocs/WinNT.txt +++ b/docs/textdocs/WinNT.txt @@ -1,6 +1,14 @@ -There are some particular issues with Samba and Windows NT +Contributor: Various +Updated: June 27, 1997 +Status: Current -===================================================================== +Subject: Samba and Windows NT Password Handling +============================================================================= + +There are some particular issues with Samba and Windows NT. + +Passwords: +========== One of the most annoying problems with WinNT is that NT refuses to connect to a server that is in user level security mode and that doesn't support password encryption unless it first prompts the user @@ -8,21 +16,31 @@ for a password. This means even if you have the same password on the NT box and the Samba server you will get prompted for a password. Entering the -correct password will get you connected. +correct password will get you connected only if Windows NT can +communicate with Samba using a compatible mode of password security. + +All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate +plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed +this default behaviour so it now will only handle encrypted passwords. +The following registry entry change will re-enable clear text password +handling: + +Run regedt32.exe and locate the hive key entry: +HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\rdr\parameters\ + +Add the following value: + EnablePlainTextPassword:REG_DWORD=1 + The other major ramification of this feature of NT is that it can't browse a user level non-encrypted server unless it already has a connection open. This is because there is no spot for a password prompt in the browser window. It works fine if you already have a drive mounted (for example, one auto mounted on startup). - -Samba should support encrypted passwords soon, which will solve this -problem. ===================================================================== - - -===================================================================== +Printing: +========= When you mount a printer using the print manager in NT you may find the following info from Matthew Harrell <harrell@leech.nrl.navy.mil> useful: @@ -49,8 +67,3 @@ time for the NT machine to get verification that the printer queue actually exists. I hope this helped in some way... ------------ -===================================================================== - - - diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt index 34d7ce7093..fac446fda8 100644 --- a/docs/textdocs/security_level.txt +++ b/docs/textdocs/security_level.txt @@ -1,6 +1,23 @@ -Description of SMB security levels. ----------------------------------- +Contributor: Andrew Tridgell +Updated: June 27, 1997 +Status: Current +Subject: Description of SMB security levels. +=========================================================================== + +Samba supports the following options to the global smb.conf parameter +"security =": + share, user, server + +Of the above, "security = server" means that Samba reports to clients that +it is running in "user mode" but actually passes off all authentication +requests to another "user mode" server. This requires an additional +parameter "password server =" that points to the real authentication server. +That real authentication server can be another Samba server or can be a +Windows NT server, the later natively capable of encrypted password support. + +Below is a more complete description of security levels. +=========================================================================== A SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which |