diff options
| -rw-r--r-- | docs/Samba-Guide/Chap06-MakingHappyUsers.xml | 119 | ||||
| -rw-r--r-- | docs/Samba-Guide/Chap10b-DomainAppsSupport.xml | 2 | ||||
| -rw-r--r-- | docs/Samba-Guide/preface.xml | 4 |
3 files changed, 111 insertions, 14 deletions
diff --git a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml index a5d2f0207d..2bb1fb8b98 100644 --- a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml +++ b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml @@ -944,6 +944,95 @@ clients is conservative and if followed will minimize problems - but it is not a </sect3> + <sect3> + <title>Avoiding Failures &smbmdash; Solving Problems Before the Happen</title> + + <para> + It has often been said that there are three types of people in the world: Those who + have sharp minds and those that forget things. Please do not ask what the third group + are like! Well, it seems that many of us have company in the second group. There must + be a good explanation why so many network administrators fail to solve apparently + simple problems efficiently and effectively. + </para> + + <para> + Here are some diagnostic guidelines that can be referred to when things go wrong: + </para> + + <sect4> + <title>Preliminary Advice &smbmdash; Dangers Can be Avoided</title> + + <para> + When I was 8 years of age there was an old man who walked with a cane. He told the the + kids of the neighborhood that when he was very yound he broke his leg. His parents could + not afford good medical care and they lived in the country when medical help was not readily + available, he suffered the consequences his whole life. His advice regarding how best + to mend a broken leg was <quote>never break a leg!</quote> + </para> + + <para> + New comers to Samba and LDAP seem to struggle a great deal at first. Many experience the + consequences of their first experience with the same emotions memory as the old Mr. + Williams referred to above. So here is my advice regarding the best way to remedy LDAP + and Samab problems: <quote>Avoid them like the plague!</quote> + </para> + + <para> + If you are now asking yourself how can problems be avoided? The best advice is to start + out your learning experience with an <emphasis>known-to-work</emphasis> solution. After + you have seen a fully working solution, a good way to learn is to make slow and progressive + changes that cause things to break, then observe carefully how and why things ceased to work. + </para> + + <para> + The examples in this chapter (also in the book as a whole) are known to work. That means + that they could serve as the kick-off point for your journey through fields of knowledge. + Use this resource carefully; we hope it serves you well. + </para> + + <para> + Warning: Do not be lulled into thinking that you can easily adopt the examples in this + book and adapt them without first working through the working examples provided. A little + thing over-looked can cause untold pain and may permanently tarnish your experience. + </para> + + </sect4> + + <sect4> + <title>Debugging LDAP</title> + + <para> + ZZ + </para> + + </sect4> + + <sect4> + <title>Debugging NSS_LDAP</title> + + <para> + </para> + + </sect4> + + <sect4> + <title>Debugging Samba</title> + + <para> + </para> + + </sect4> + + <sect4> + <title>Debugging on the Windows Client</title> + + <para> + </para> + + </sect4> + + </sect3> + </sect2> @@ -1776,7 +1865,7 @@ my $smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf"; <step><para> Install the source RPM that has been downloaded as follows: <screen> -&rootprompt; rpm -i smbldap-tools-0.8.7-3.src.rpm +&rootprompt; rpm -i smbldap-tools-0.8.7-5.src.rpm </screen> </para></step> @@ -1813,7 +1902,7 @@ my $smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf"; <step><para> Install the binary package by executing: <screen> -&rootprompt; rpm -Uvh ../RPMS/noarch/smbldap-tools-0.8.7-3.noarch.rpm +&rootprompt; rpm -Uvh ../RPMS/noarch/smbldap-tools-0.8.7-5.noarch.rpm </screen> </para></step> @@ -2143,7 +2232,7 @@ Starting ldap-server done <step><para> Execute the script that will populate the LDAP database as shown here: <screen> -&rootprompt; ./smbldap-populate +&rootprompt; ./smbldap-populate -a root -k 0 </screen> The expected output from this is: <screen> @@ -2361,28 +2450,38 @@ Retype new SMB password: XXXXXXXX following: <screen> &rootprompt; getent passwd +root:x:0:0:root:/root:/bin/bash +bin:x:1:1:bin:/bin:/bin/bash ... -root:x:998:512:Netbios Domain Administrator:/home:/bin/false +root:x:0:512:Netbios Domain Administrator:/home:/bin/false nobody:x:999:514:nobody:/dev/null:/bin/false bobj:x:1000:513:System User:/home/bobj:/bin/bash stans:x:1001:513:System User:/home/stans:/bin/bash chrisr:x:1002:513:System User:/home/chrisr:/bin/bash maryv:x:1003:513:System User:/home/maryv:/bin/bash +</screen> + This demonstates that user account resolution via LDAP is working. + <para></step> + <step><para> + This step will determin +<screen> &rootprompt; id chrisr uid=1002(chrisr) gid=513(Domain Users) groups=513(Domain Users) </screen> - This confirms that the UNIX (Posix) user accounts can be resolved from LDAP. + This confirms that the UNIX (Posix) user account information can be resolved from LDAP + by system tools that make a getentpw() system call. </para></step> <step><para><indexterm> <primary>smbldap-usermod</primary> </indexterm> - In the above listing, you can see that the user <constant>root</constant> - has been given UID=998. This means that operations conducted from a Windows client - using tools such as the Domain User Manager fails under UNIX because the - management of user and group accounts requires that the UID=0. You decide to rectify - this immediately as demonstrated here: + The 'root' account must have UID=0, if not this means that operations conducted from + a Windows client using tools such as the Domain User Manager fails under UNIX because + the management of user and group accounts requires that the UID=0. Additionally, it is + a good idea to make certain that no matter how 'root' account credentials are resolved + that the home directory and shell are valid. You decide to effect this immediately + as demonstrated here: <screen> &rootprompt; cd /opt/IDEALX/sbin &rootprompt; ./smbldap-usermod -u 0 -d /root -s /bin/bash root diff --git a/docs/Samba-Guide/Chap10b-DomainAppsSupport.xml b/docs/Samba-Guide/Chap10b-DomainAppsSupport.xml index b585ee58ef..e2adbe9951 100644 --- a/docs/Samba-Guide/Chap10b-DomainAppsSupport.xml +++ b/docs/Samba-Guide/Chap10b-DomainAppsSupport.xml @@ -143,8 +143,6 @@ <para><indexterm> <primary>browsing</primary> </indexterm><indexterm> - <primary>Squid</primary> - </indexterm><indexterm> <primary>Squid proxy</primary> </indexterm><indexterm> <primary>proxy</primary> diff --git a/docs/Samba-Guide/preface.xml b/docs/Samba-Guide/preface.xml index 124febc298..f63e468dcd 100644 --- a/docs/Samba-Guide/preface.xml +++ b/docs/Samba-Guide/preface.xml @@ -92,7 +92,7 @@ went to print samba-3.0.2 was being released. There have been significant modifications and enhancements between samba-3.0.2 and samba-3.0.11 (the current release) that necessitate this documentation update. This update has the specific intent to - refocus this books so that its guidance can be followed for samba-3.0.12 + refocus this book so that its guidance can be followed for samba-3.0.12 and beyond. Further changes are expected as Samba-3 matures further and will be reflected in future updates. </para> @@ -531,7 +531,7 @@ <para><emphasis>TechInfo</emphasis> &smbmdash; Samba provides the <command>ntlm_auth</command> module that makes it possible for MS Windows Internet Explorer to connect via the Squid Web and FTP proxy server. You will configure Samba-3 as well as Squid to deliver authenticated - access control based using the Active Directory Domain user security credentials. + access control using the Active Directory Domain user security credentials. </para> </listitem> </varlistentry> |