diff options
-rw-r--r-- | docs/Samba-Guide/SBE-MigrateNT4Samba3.xml | 195 | ||||
-rw-r--r-- | docs/Samba-Guide/SBE-SecureOfficeServer.xml | 181 |
2 files changed, 187 insertions, 189 deletions
diff --git a/docs/Samba-Guide/SBE-MigrateNT4Samba3.xml b/docs/Samba-Guide/SBE-MigrateNT4Samba3.xml index af575d4c48..db518bb550 100644 --- a/docs/Samba-Guide/SBE-MigrateNT4Samba3.xml +++ b/docs/Samba-Guide/SBE-MigrateNT4Samba3.xml @@ -399,108 +399,103 @@ no account information can be deleted. </para></step> -<example id="sbent4smb"> +<smbconfexample id="sbent4smb"> <title>NT4 Migration Samba-3 Server <filename>smb.conf</filename> &smbmdash; Part: A</title> -<screen> -# Global parameters -[global] - workgroup = DAMNATION - netbios name = MERLIN - passdb backend = ldapsam:ldap://localhost - username map = /etc/samba/smbusers - log level = 1 - syslog = 0 - log file = /var/log/samba/%m - max log size = 0 - smb ports = 139 445 - name resolve order = wins bcast hosts - show add printer wizard = Yes - add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u' -# delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u' - add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g' -t domain -# delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g' - add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%u' '%g' -t domain -# delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g' -t domain - set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u' - add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u' - logon script = scripts\logon.cmd - logon path = \\%L\profiles\%U - logon home = \\%L\%U - logon drive = X: - domain logons = Yes - domain master = No -# wins support = Yes - wins server = 192.168.123.124 - ldap admin dn = cn=Manager,dc=terpstra-world,dc=org - ldap group suffix = ou=Groups - ldap idmap suffix = ou=Idmap - ldap machine suffix = ou=People - ldap passwd sync = Yes - ldap suffix = dc=terpstra-world,dc=org - ldap ssl = no - ldap timeout = 20 - ldap user suffix = ou=People - idmap backend = ldap:ldap://localhost - idmap uid = 15000-20000 - idmap gid = 15000-20000 - winbind nested groups = Yes - ea support = Yes - map acl inherit = Yes -</screen> -</example> - -<example id="sbent4smb2"> +<smbconfcomment>Global parameters</smbconfcomment> +<smbconfsection name="[global]"/> + <smbconfoption name="workgroup">DAMNATION</smbconfoption> + <smbconfoption name="netbios name">MERLIN</smbconfoption> + <smbconfoption name="passdb backend">ldapsam:ldap://localhost</smbconfoption> + <smbconfoption name="username map">/etc/samba/smbusers</smbconfoption> + <smbconfoption name="log level">1</smbconfoption> + <smbconfoption name="syslog">0</smbconfoption> + <smbconfoption name="log file">/var/log/samba/%m</smbconfoption> + <smbconfoption name="max log size">0</smbconfoption> + <smbconfoption name="smb ports">139 445</smbconfoption> + <smbconfoption name="name resolve order">wins bcast hosts</smbconfoption> + <smbconfoption name="show add printer wizard">Yes</smbconfoption> + <smbconfoption name="add user script">/opt/IDEALX/sbin/smbldap-useradd -m '%u'</smbconfoption> + <smbconfoption name="#delete user script">/opt/IDEALX/sbin/smbldap-userdel '%u'</smbconfoption> + <smbconfoption name="add group script">/opt/IDEALX/sbin/smbldap-groupadd '%g'</smbconfoption> + <smbconfoption name="#delete group script">/opt/IDEALX/sbin/smbldap-groupdel '%g'</smbconfoption> + <smbconfoption name="add user to group script">/opt/IDEALX/sbin/</smbconfoption> +<member><parameter>smbldap-groupmod -m '%u' '%g'</parameter></member> + <smbconfoption name="#delete user from group script">/opt/IDEALX/</smbconfoption> +<member><parameter>sbin/smbldap-groupmod -x '%u' '%g'</parameter></member> + <smbconfoption name="set primary group script">/opt/IDEALX/</smbconfoption> +<member><parameter>sbin/smbldap-usermod -g '%g' '%u'</parameter></member> + <smbconfoption name="add machine script">/opt/IDEALX/sbin/</smbconfoption> +<member><parameter>smbldap-useradd -w '%u'</parameter></member> + <smbconfoption name="logon script">scripts\logon.cmd</smbconfoption> + <smbconfoption name="logon path">\\%L\profiles\%U</smbconfoption> + <smbconfoption name="logon home">\\%L\%U</smbconfoption> + <smbconfoption name="logon drive">X:</smbconfoption> + <smbconfoption name="domain logons">Yes</smbconfoption> + <smbconfoption name="domain master">No</smbconfoption> + <smbconfoption name="#wins support">Yes</smbconfoption> + <smbconfoption name="wins server">192.168.123.124</smbconfoption> + <smbconfoption name="ldap admin dn">cn=Manager,dc=terpstra-world,dc=org</smbconfoption> + <smbconfoption name="ldap group suffix">ou=Groups</smbconfoption> + <smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption> + <smbconfoption name="ldap machine suffix">ou=People</smbconfoption> + <smbconfoption name="ldap passwd sync">Yes</smbconfoption> + <smbconfoption name="ldap suffix">dc=terpstra-world,dc=org</smbconfoption> + <smbconfoption name="ldap ssl">no</smbconfoption> + <smbconfoption name="ldap timeout">20</smbconfoption> + <smbconfoption name="ldap user suffix">ou=People</smbconfoption> + <smbconfoption name="idmap backend">ldap:ldap://localhost</smbconfoption> + <smbconfoption name="idmap uid">15000-20000</smbconfoption> + <smbconfoption name="idmap gid">15000-20000</smbconfoption> + <smbconfoption name="winbind nested groups">Yes</smbconfoption> + <smbconfoption name="ea support">Yes</smbconfoption> + <smbconfoption name="map acl inherit">Yes</smbconfoption> +</smbconfexample> + +<smbconfexample id="sbent4smb2"> <title>NT4 Migration Samba-3 Server <filename>smb.conf</filename> &smbmdash; Part: B</title> -<screen> -[apps] - comment = Application Data - path = /data/home/apps - read only = No - -[media] - comment = Media Files - path = /data/home2 - read only = No - -[homes] - comment = Home Directories - path = /home/users/%U/Documents - valid users = %S - read only = No - browseable = No - -[printers] - comment = SMB Print Spool - path = /var/spool/samba - guest ok = Yes - printable = Yes - use client driver = No - browseable = No - -[netlogon] - comment = Network Logon Service - path = /var/lib/samba/netlogon - guest ok = Yes - locking = No - -[profiles] - comment = Profile Share - path = /var/lib/samba/profiles - read only = No - profile acls = Yes - -[profdata] - comment = Profile Data Share - path = /var/lib/samba/profdata - read only = No - profile acls = Yes - -[print$] - comment = Printer Drivers - path = /var/lib/samba/drivers - write list = root -</screen> -</example> +<smbconfsection name="[apps]"/> + <smbconfoption name="comment">Application Data</smbconfoption> + <smbconfoption name="path">/data/home/apps</smbconfoption> + <smbconfoption name="read only">No</smbconfoption> + +<smbconfsection name="[homes]"/> + <smbconfoption name="comment">Home Directories</smbconfoption> + <smbconfoption name="path">/home/users/%U/Documents</smbconfoption> + <smbconfoption name="valid users">%S</smbconfoption> + <smbconfoption name="read only">No</smbconfoption> + <smbconfoption name="browseable">No</smbconfoption> + +<smbconfsection name="[printers]"/> + <smbconfoption name="comment">SMB Print Spool</smbconfoption> + <smbconfoption name="path">/var/spool/samba</smbconfoption> + <smbconfoption name="guest ok">Yes</smbconfoption> + <smbconfoption name="printable">Yes</smbconfoption> + <smbconfoption name="use client driver">No</smbconfoption> + <smbconfoption name="browseable">No</smbconfoption> + +<smbconfsection name="[netlogon]"/> + <smbconfoption name="comment">Network Logon Service</smbconfoption> + <smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption> + <smbconfoption name="guest ok">Yes</smbconfoption> + <smbconfoption name="locking">No</smbconfoption> + +<smbconfsection name="[profiles]"/> + <smbconfoption name="comment">Profile Share</smbconfoption> + <smbconfoption name="path">/var/lib/samba/profiles</smbconfoption> + <smbconfoption name="read only">No</smbconfoption> + <smbconfoption name="profile acls">Yes</smbconfoption> + +<smbconfsection name="[profdata]"/> + <smbconfoption name="comment">Profile Data Share</smbconfoption> + <smbconfoption name="path">/var/lib/samba/profdata</smbconfoption> + <smbconfoption name="read only">No</smbconfoption> + <smbconfoption name="profile acls">Yes</smbconfoption> + +<smbconfsection name="[print$]"/> + <smbconfoption name="comment">Printer Drivers</smbconfoption> + <smbconfoption name="path">/var/lib/samba/drivers</smbconfoption> +</smbconfexample> + <step><para> <indexterm><primary>slapd.conf</primary></indexterm> Configure OpenLDAP in preparation for the migration. An example diff --git a/docs/Samba-Guide/SBE-SecureOfficeServer.xml b/docs/Samba-Guide/SBE-SecureOfficeServer.xml index 3dcbba4cd3..fb8562f577 100644 --- a/docs/Samba-Guide/SBE-SecureOfficeServer.xml +++ b/docs/Samba-Guide/SBE-SecureOfficeServer.xml @@ -821,6 +821,7 @@ echo -e "\nNAT firewall done.\n" <smbconfoption name="bind interfaces only">Yes</smbconfoption> <smbconfoption name="passdb backend">tdbsam</smbconfoption> <smbconfoption name="pam password change">Yes</smbconfoption> +<smbconfoption name="passwd program">/usr/bin/passwd %u</smbconfoption> <smbconfoption name="passwd chat"></smbconfoption> <member><parameter>*New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</parameter></member> <smbconfoption name="username map">/etc/samba/smbusers</smbconfoption> @@ -2207,14 +2208,15 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds be done with notebook computers as long as they are identical or sufficiently similar. </para> - <procedure> + <procedure id="sbewinclntprep"> + <title>Windows Client Configuration Procedure</title> + <step><para> - Install MS Windows XP Professional. During installation, configure the client to use DHCP for - TCP/IP protocol configuration. <indexterm><primary>WINS</primary></indexterm> <indexterm><primary>DHCP</primary></indexterm> - DHCP configures all Windows clients to use the WINS Server address that has been defined - for the local subnet. + Install MS Windows XP Professional. During installation, configure the client to use DHCP for + TCP/IP protocol configuration. DHCP configures all Windows clients to use the WINS Server + address that has been defined for the local subnet. </para></step> <step><para> @@ -2229,8 +2231,8 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds <step><para> Verify <constant>DIAMOND</constant> is visible in <guimenu>My Network Places</guimenu>, that it is possible to connect to it and see the shares <guimenuitem>accounts</guimenuitem>, - <guimenuitem>apps</guimenuitem>, and <guimenuitem>finsvcs</guimenuitem>, - and that it is possible to open each share to reveal its contents. + <guimenuitem>apps</guimenuitem>, and <guimenuitem>finsvcs</guimenuitem>, and that it is + possible to open each share to reveal its contents. </para></step> <step><para> @@ -2253,94 +2255,95 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds Now install all four printers onto the staging system. The printers you install include the accounting department HP LaserJet 6 and Minolta QMS Magicolor printers. You will also configure identical printers that are located in the financial services department. - Install printers on each machine using the following steps: - </para> + Install printers on each machine using the steps shown in <link linkend="sbewinclntptrprep"/>. + </para></step> - <procedure> - <step><para> - Click <menuchoice> - <guimenu>Start</guimenu> - <guimenuitem>Settings</guimenuitem> - <guimenuitem>Printers</guimenuitem> - <guiicon>Add Printer</guiicon> - <guibutton>Next</guibutton> - </menuchoice>. Do not click <guimenuitem>Network printer</guimenuitem>. - Ensure that <guimenuitem>Local printer</guimenuitem> is selected. - </para></step> - - <step><para> - Click <guibutton>Next</guibutton>. In the - <guimenuitem>Manufacturer:</guimenuitem> panel, select <constant>HP</constant>. - In the <guimenuitem>Printers:</guimenuitem> panel, select the printer called - <constant>HP LaserJet 6</constant>. Click <guibutton>Next</guibutton>. - </para></step> - - <step><para> - In the <guimenuitem>Available ports:</guimenuitem> panel, select - <constant>FILE:</constant>. Accept the default printer name by clicking - <guibutton>Next</guibutton>. When asked, <quote>Would you like to print a - test page?,</quote> click <guimenuitem>No</guimenuitem>. Click - <guibutton>Finish</guibutton>. - </para></step> - - <step><para> - You may be prompted for the name of a file to print to. If so, close the - dialog panel. Right-click <menuchoice> - <guiicon>HP LaserJet 6</guiicon> - <guimenuitem>Properties</guimenuitem> - <guisubmenu>Details (Tab)</guisubmenu> - <guimenuitem>Add Port</guimenuitem> - </menuchoice>. - </para></step> - - <step><para> - In the <guimenuitem>Network</guimenuitem> panel, enter the name of - the print queue on the Samba server as follows: <constant>\\DIAMOND\hplj6a</constant>. - Click <menuchoice> - <guibutton>OK</guibutton> - <guibutton>OK</guibutton> - </menuchoice> to complete the installation. - </para></step> - - <step><para> - Repeat the printer installation steps above for both HP LaserJet 6 printers - as well as for both QMS Magicolor laser printers. - </para></step> - </procedure> - </step> + <step><para> + <indexterm><primary>defragmentation</primary></indexterm> + When you are satisfied that the staging systems are complete, use the appropriate procedure to + remove the client from the domain. Reboot the system and then log on as the local administrator + and clean out all temporary files stored on the system. Before shutting down, use the disk + defragmentation tool so that the file system is in optimal condition before replication. + </para></step> - <step><para> - <indexterm><primary>defragmentation</primary></indexterm> - When you are satisfied that the staging systems are complete, use the appropriate procedure to - remove the client from the domain. Reboot the system and then log on as the local administrator - and clean out all temporary files stored on the system. Before shutting down, use the disk - defragmentation tool so that the file system is in optimal condition before replication. - </para></step> + <step><para> + Boot the workstation using the Norton (Symantec) Ghosting diskette (or CD-ROM) and image the + machine to a network share on the server. + </para></step> - <step><para> - Boot the workstation using the Norton (Symantec) Ghosting diskette (or CD-ROM) and image the - machine to a network share on the server. - </para></step> + <step><para> + <indexterm><primary>Windows security identifier</primary><see>SID</see></indexterm> + <indexterm><primary>SID</primary></indexterm> + You may now replicate the image to the target machines using the appropriate Norton Ghost + procedure. Make sure to use the procedure that ensures each machine has a unique + Windows security identifier (SID). When the installation of the disk image has completed, boot the PC. + </para></step> - <step><para> - <indexterm><primary>Windows security identifier</primary><see>SID</see></indexterm> - <indexterm><primary>SID</primary></indexterm> - You may now replicate the image to the target machines using the appropriate Norton Ghost - procedure. Make sure to use the procedure that ensures each machine has a unique - Windows security identifier (SID). When the installation of the disk image has completed, boot the PC. - </para></step> + <step><para> + Log onto the machine as the local Administrator (the only option), and join the machine to + the Domain, following the procedure set out in Appendix A, <link linkend="domjoin"/>. The system is now + ready for the user to log on, provided you have created a network logon account for that + user, of course. + </para></step> - <step><para> - Log onto the machine as the local Administrator (the only option), and join the machine to - the Domain, following the procedure set out in Appendix A, <link linkend="domjoin"/>. The system is now - ready for the user to log on, provided you have created a network logon account for that - user, of course. - </para></step> + <step><para> + Instruct all users to log onto the workstation using their assigned username and password. + </para></step> + </procedure> - <step><para> - Instruct all users to log onto the workstation using their assigned username and password. - </para></step> - </procedure> + <procedure id="sbewinclntptrprep"> + <title>Windows Client Printer Preparation Procedure</title> + + <step><para> + Click <menuchoice> + <guimenu>Start</guimenu> + <guimenuitem>Settings</guimenuitem> + <guimenuitem>Printers</guimenuitem> + <guiicon>Add Printer</guiicon> + <guibutton>Next</guibutton> + </menuchoice>. Do not click <guimenuitem>Network printer</guimenuitem>. + Ensure that <guimenuitem>Local printer</guimenuitem> is selected. + </para></step> + + <step><para> + Click <guibutton>Next</guibutton>. In the + <guimenuitem>Manufacturer:</guimenuitem> panel, select <constant>HP</constant>. + In the <guimenuitem>Printers:</guimenuitem> panel, select the printer called + <constant>HP LaserJet 6</constant>. Click <guibutton>Next</guibutton>. + </para></step> + + <step><para> + In the <guimenuitem>Available ports:</guimenuitem> panel, select + <constant>FILE:</constant>. Accept the default printer name by clicking + <guibutton>Next</guibutton>. When asked, <quote>Would you like to print a + test page?,</quote> click <guimenuitem>No</guimenuitem>. Click + <guibutton>Finish</guibutton>. + </para></step> + + <step><para> + You may be prompted for the name of a file to print to. If so, close the + dialog panel. Right-click <menuchoice> + <guiicon>HP LaserJet 6</guiicon> + <guimenuitem>Properties</guimenuitem> + <guisubmenu>Details (Tab)</guisubmenu> + <guimenuitem>Add Port</guimenuitem> + </menuchoice>. + </para></step> + + <step><para> + In the <guimenuitem>Network</guimenuitem> panel, enter the name of + the print queue on the Samba server as follows: <constant>\\DIAMOND\hplj6a</constant>. + Click <menuchoice> + <guibutton>OK</guibutton> + <guibutton>OK</guibutton> + </menuchoice> to complete the installation. + </para></step> + + <step><para> + Repeat the printer installation steps above for both HP LaserJet 6 printers + as well as for both QMS Magicolor laser printers. + </para></step> + </procedure> </sect2> |