diff options
-rw-r--r-- | docs/docbook/faq/config.xml | 37 | ||||
-rw-r--r-- | docs/docbook/faq/errors.xml | 77 | ||||
-rw-r--r-- | docs/docbook/faq/features.xml | 60 | ||||
-rw-r--r-- | docs/docbook/faq/install.xml | 216 | ||||
-rw-r--r-- | docs/docbook/faq/printing.xml | 38 | ||||
-rw-r--r-- | docs/docbook/faq/sambafaq.xml | 4 |
6 files changed, 1 insertions, 431 deletions
diff --git a/docs/docbook/faq/config.xml b/docs/docbook/faq/config.xml deleted file mode 100644 index 2c17c86c4e..0000000000 --- a/docs/docbook/faq/config.xml +++ /dev/null @@ -1,37 +0,0 @@ -<chapter id="FAQ-Config"> -<title>Configuration problems</title> - -<sect1> -<title>I have set 'force user' and samba still makes 'root' the owner of all the files I touch!</title> -<para> -When you have a user in 'admin users', samba will always do file operations for -this user as 'root', even if 'force user' has been set. -</para> -</sect1> - -<sect1> -<title>I have just installed samba and I'm trying to log in from Windows, but samba refuses all logins!</title> - -<para> -Newer windows clients(NT4, 2000, XP) send encrypted passwords. Samba can't compare these -passwords to the unix password database, so it needs it's own user database. You can -add users to this database using "smbpasswd -a user-name". -</para> - -<para> -See also the "User database" chapter of the samba HOWTO Collection. -</para> -</sect1> - -<sect1> -<title>How can I make samba use netbios scope ID's</title> - -<para>By default Samba uses a blank scope ID. This means -all your windows boxes must also have a blank scope ID. -If you really want to use a non-blank scope ID then you will -need to use the 'netbios scope' smb.conf option. -All your PCs will need to have the same setting for -this to work. Scope ID's are not recommended.</para> -</sect1> - -</chapter> diff --git a/docs/docbook/faq/errors.xml b/docs/docbook/faq/errors.xml index 97619ce704..398286e3c9 100644 --- a/docs/docbook/faq/errors.xml +++ b/docs/docbook/faq/errors.xml @@ -45,7 +45,7 @@ SMB password encryption. <member>enable SMB password encryption in Samba. See the encryption part of the samba HOWTO Collection</member> -<member>disable this new behaviour in NT. See the section about +<member>disable this behaviour in NT. See the section about Windows NT in the chapter "Portability" of the samba HOWTO collection </member> </simplelist> @@ -98,79 +98,4 @@ before exporting it with Samba. </sect1> -<sect1> -<title>Why can users access home directories of other users?</title> - -<para> -<quote> -We are unable to keep individual users from mapping to any other user's -home directory once they have supplied a valid password! They only need -to enter their own password. I have not found *any* method that I can -use to configure samba to enforce that only a user may map their own -home directory. -</quote> -</para> - -<para><quote> -User xyzzy can map his home directory. Once mapped user xyzzy can also map -*anyone* elses home directory! -</quote></para> - -<para> -This is not a security flaw, it is by design. Samba allows -users to have *exactly* the same access to the UNIX filesystem -as they would if they were logged onto the UNIX box, except -that it only allows such views onto the file system as are -allowed by the defined shares. -</para> - -<para> -This means that if your UNIX home directories are set up -such that one user can happily cd into another users -directory and do an ls, the UNIX security solution is to -change the UNIX file permissions on the users home directories -such that the cd and ls would be denied. -</para> - -<para> -Samba tries very hard not to second guess the UNIX administrators -security policies, and trusts the UNIX admin to set -the policies and permissions he or she desires. -</para> - -<para> -Samba does allow the setup you require when you have set the -"only user = yes" option on the share, is that you have not set the -valid users list for the share. -</para> - -<para> -Note that only user works in conjunction with the users= list, -so to get the behavior you require, add the line : -<programlisting> -users = %S -</programlisting> -this is equivalent to: -<programlisting> -valid users = %S -</programlisting> -to the definition of the [homes] share, as recommended in -the smb.conf man page. -</para> - -</sect1> - -<sect1> -<title>Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</title> -<para> -A domain controller has to announce on the network who it is. This usually takes a while. -</para> -</sect1> - -<sect1> -<title>I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</title> -<para>Your loopback device isn't working correctly. Make sure it's running. -</para> -</sect1> - </chapter> diff --git a/docs/docbook/faq/features.xml b/docs/docbook/faq/features.xml index 66b05379cc..72a8e9c97f 100644 --- a/docs/docbook/faq/features.xml +++ b/docs/docbook/faq/features.xml @@ -3,66 +3,6 @@ <title>Features</title> <sect1> -<title>How can I prevent my samba server from being used to distribute the Nimda worm?</title> - -<para>Author: HASEGAWA Yosuke (translated by <ulink url="monyo@samba.gr.jp">TAKAHASHI Motonobu</ulink>)</para> - -<para> -Nimba Worm is infected through shared disks on a network, as well as through -Microsoft IIS, Internet Explorer and mailer of Outlook series. -</para> - -<para> -At this time, the worm copies itself by the name *.nws and *.eml on -the shared disk, moreover, by the name of Riched20.dll in the folder -where *.doc file is included. -</para> - -<para> -To prevent infection through the shared disk offered by Samba, set -up as follows: -</para> - -<para> -<programlisting> -[global] - ... - # This can break Administration installations of Office2k. - # in that case, don't veto the riched20.dll - veto files = /*.eml/*.nws/riched20.dll/ -</programlisting> -</para> - -<para> -By setting the "veto files" parameter, matched files on the Samba -server are completely hidden from the clients and making it impossible -to access them at all. -</para> - -<para> -In addition to it, the following setting is also pointed out by the -samba-jp:09448 thread: when the -"readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on -a Samba server, it is visible only as "readme.txt" and dangerous -code may be executed if this file is double-clicked. -</para> - -<para> -Setting the following, -<programlisting> - veto files = /*.{*}/ -</programlisting> -any files having CLSID in its file extension will be inaccessible from any -clients. -</para> - -<para> -This technical article is created based on the discussion of -samba-jp:09448 and samba-jp:10900 threads. -</para> -</sect1> - -<sect1> <title>How can I use samba as a fax server?</title> <para>Contributor: <ulink url="mailto:zuber@berlin.snafu.de">Gerhard Zuber</ulink></para> diff --git a/docs/docbook/faq/install.xml b/docs/docbook/faq/install.xml index f8341dc65a..84b13f14d3 100644 --- a/docs/docbook/faq/install.xml +++ b/docs/docbook/faq/install.xml @@ -2,89 +2,6 @@ <title>Compiling and installing Samba on a Unix host</title> <sect1> -<title>I can't see the Samba server in any browse lists!</title> -<para> -See Browsing.html in the docs directory of the samba source -for more information on browsing. -</para> - -<para> -If your GUI client does not permit you to select non-browsable -servers, you may need to do so on the command line. For example, under -Lan Manager you might connect to the above service as disk drive M: -thusly: -<programlisting> - net use M: \\mary\fred -</programlisting> -The details of how to do this and the specific syntax varies from -client to client - check your client's documentation. -</para> -</sect1> - -<sect1> -<title>Some files that I KNOW are on the server don't show up when I view the files from my client!</title> -<para>See the next question.</para> -</sect1> - -<sect1> -<title>Some files on the server show up with really wierd filenames when I view the files from my client!</title> -<para> -If you check what files are not showing up, you will note that they -are files which contain upper case letters or which are otherwise not -DOS-compatible (ie, they are not legal DOS filenames for some reason). -</para> - -<para> -The Samba server can be configured either to ignore such files -completely, or to present them to the client in "mangled" form. If you -are not seeing the files at all, the Samba server has most likely been -configured to ignore them. Consult the man page smb.conf(5) for -details of how to change this - the parameter you need to set is -"mangled names = yes". -</para> -</sect1> - -<sect1> -<title>My client reports "cannot locate specified computer" or similar</title> -<para> -This indicates one of three things: You supplied an incorrect server -name, the underlying TCP/IP layer is not working correctly, or the -name you specified cannot be resolved. -</para> - -<para> -After carefully checking that the name you typed is the name you -should have typed, try doing things like pinging a host or telnetting -to somewhere on your network to see if TCP/IP is functioning OK. If it -is, the problem is most likely name resolution. -</para> - -<para> -If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Lan Manager -or Windows for Workgroups you would put a suitable entry in the file -LMHOSTS. If this works, the problem is in the communication between -your client and the netbios name server. If it does not work, then -there is something fundamental wrong with your naming and the solution -is beyond the scope of this document. -</para> - -<para> -If you do not have any server on your subnet supplying netbios name -resolution, hardcoded mappings are your only option. If you DO have a -netbios name server running (such as the Samba suite's nmbd program), -the problem probably lies in the way it is set up. Refer to Section -Two of this FAQ for more ideas. -</para> - -<para> -By the way, remember to REMOVE the hardcoded mapping before further -tests :-) -</para> - -</sect1> - -<sect1> <title>My client reports "cannot locate specified share name" or similar</title> <para> This message indicates that your client CAN locate the specified @@ -108,106 +25,6 @@ to specify a service name correctly), read on: </sect1> <sect1> -<title>Printing doesn't work</title> -<para> -Make sure that the specified print command for the service you are -connecting to is correct and that it has a fully-qualified path (eg., -use "/usr/bin/lpr" rather than just "lpr"). -</para> - -<para> -Make sure that the spool directory specified for the service is -writable by the user connected to the service. In particular the user -"nobody" often has problems with printing, even if it worked with an -earlier version of Samba. Try creating another guest user other than -"nobody". -</para> - -<para> -Make sure that the user specified in the service is permitted to use -the printer. -</para> - -<para> -Check the debug log produced by smbd. Search for the printer name and -see if the log turns up any clues. Note that error messages to do with -a service ipc$ are meaningless - they relate to the way the client -attempts to retrieve status information when using the LANMAN1 -protocol. -</para> - -<para> -If using WfWg then you need to set the default protocol to TCP/IP, not -Netbeui. This is a WfWg bug. -</para> - -<para> -If using the Lanman1 protocol (the default) then try switching to -coreplus. Also not that print status error messages don't mean -printing won't work. The print status is received by a different -mechanism. -</para> -</sect1> - -<sect1> -<title>My client reports "This server is not configured to list shared resources"</title> -<para> -Your guest account is probably invalid for some reason. Samba uses the -guest account for browsing in smbd. Check that your guest account is -valid. -</para> - -<para>See also 'guest account' in smb.conf man page.</para> - -</sect1> - -<sect1> -<title>Log message "you appear to have a trapdoor uid system" </title> -<para> -This can have several causes. It might be because you are using a uid -or gid of 65535 or -1. This is a VERY bad idea, and is a big security -hole. Check carefully in your /etc/passwd file and make sure that no -user has uid 65535 or -1. Especially check the "nobody" user, as many -broken systems are shipped with nobody setup with a uid of 65535. -</para> - -<para>It might also mean that your OS has a trapdoor uid/gid system :-)</para> - -<para> -This means that once a process changes effective uid from root to -another user it can't go back to root. Unfortunately Samba relies on -being able to change effective uid from root to non-root and back -again to implement its security policy. If your OS has a trapdoor uid -system this won't work, and several things in Samba may break. Less -things will break if you use user or server level security instead of -the default share level security, but you may still strike -problems. -</para> - -<para> -The problems don't give rise to any security holes, so don't panic, -but it does mean some of Samba's capabilities will be unavailable. -In particular you will not be able to connect to the Samba server as -two different uids at once. This may happen if you try to print as a -"guest" while accessing a share as a normal user. It may also affect -your ability to list the available shares as this is normally done as -the guest user. -</para> - -<para> -Complain to your OS vendor and ask them to fix their system. -</para> - -<para> -Note: the reason why 65535 is a VERY bad choice of uid and gid is that -it casts to -1 as a uid, and the setreuid() system call ignores (with -no error) uid changes to -1. This means any daemon attempting to run -as uid 65535 will actually run as root. This is not good! -</para> - -</sect1> - -<sect1> <title>Why are my file's timestamps off by an hour, or by a few hours?</title> <para> This is from Paul Eggert eggert@twinsun.com. @@ -297,37 +114,4 @@ zones. </para> </sect1> -<sect1> -<title>How do I set the printer driver name correctly?</title> -<para>Question: -<quote> On NT, I opened "Printer Manager" and "Connect to Printer". - Enter ["\\ptdi270\ps1"] in the box of printer. I got the - following error message - </quote></para> - <para> - <programlisting> - You do not have sufficient access to your machine - to connect to the selected printer, since a driver - needs to be installed locally. - </programlisting> - </para> - - <para>Answer:</para> - - <para>In the more recent versions of Samba you can now set the "printer -driver" in smb.conf. This tells the client what driver to use. For -example:</para> -<para><programlisting> - printer driver = HP LaserJet 4L -</programlisting></para> -<para>With this, NT knows to use the right driver. You have to get this string -exactly right.</para> - -<para>To find the exact string to use, you need to get to the dialog box in -your client where you select which printer driver to install. The -correct strings for all the different printers are shown in a listbox -in that dialog box.</para> - -</sect1> - </chapter> diff --git a/docs/docbook/faq/printing.xml b/docs/docbook/faq/printing.xml deleted file mode 100644 index be2acbd905..0000000000 --- a/docs/docbook/faq/printing.xml +++ /dev/null @@ -1,38 +0,0 @@ -<chapter id="FAQ-Printing"> -<!-- Kurt Pfeifle's HOWTO chapter on printing should make this obsolete --> -<chapterinfo> -<author> - <firstname>Ronan</firstname><surname>Waide</surname> -</author> -</chapterinfo> - -<title>Printing problems</title> - -<sect1> -<title>setdriver or cupsaddsmb failes</title> -<para> -setdriver expects the following setup: - -<simplelist> -<member>you are a printer admin, or root. this is the smb.conf printer admin group, not the Printer Operators group in NT. I've not tried the latter, but I don't believe it will work based on the current code.</member> -<member>printer admins has to be defined in [global]</member> -<member>upload the driver files to \\server\print$\w32x86 and win40 as appropriate. DON'T put them in the 0 or 2 subdirectories.</member> -<member>Make sure that the user you're connecting as is able to write to the print$ directories</member> -<member>Use adddriver (with appropriate parameters) to create the driver. note, this will not just update samba's notion of drivers, it will also move the files from the w32x86 and win40 directories to an appropriate subdirectory (based on driver version, I think, but not important enough for me to find out)</member> -<member>Use setdriver to associate the driver with a printer</member> -</simplelist> -</para> - -<para> -The setdriver call will fail if the printer doesn't already exist in -samba's view of the world. Either create the printer in cups and -restart samba, or create an add printer command (see smb.conf doco) -and use RPC calls to create a printer. NB the add printer command MUST -return a single line of text indicating which port the printer was -added on. If it doesn't, Samba won't reload the printer -definitions. Although samba doesn't really support the notion of -ports, suitable add printer command and enumport command settings can -allow you pretty good remote control of the samba printer setup. -</para> -</sect1> -</chapter> diff --git a/docs/docbook/faq/sambafaq.xml b/docs/docbook/faq/sambafaq.xml index d5dc3ae40f..cc3e93414c 100644 --- a/docs/docbook/faq/sambafaq.xml +++ b/docs/docbook/faq/sambafaq.xml @@ -5,8 +5,6 @@ <!ENTITY errors SYSTEM "errors.xml"> <!ENTITY clientapp SYSTEM "clientapp.xml"> <!ENTITY features SYSTEM "features.xml"> -<!ENTITY config SYSTEM "config.xml"> -<!ENTITY printing SYSTEM "printing.xml"> ]> <book id="Samba-FAQ"> @@ -34,9 +32,7 @@ and the old samba text documents which were mostly written by John Terpstra. &general; &install; -&config; &clientapp; &errors; &features; -&printing; </book> |