diff options
-rw-r--r-- | docs/Samba-Guide/SBE-SecureOfficeServer.xml | 28 | ||||
-rw-r--r-- | docs/Samba-Guide/SBE-SimpleOfficeServer.xml | 54 | ||||
-rw-r--r-- | docs/Samba-Guide/SBE-TheSmallOffice.xml | 2 |
3 files changed, 62 insertions, 22 deletions
diff --git a/docs/Samba-Guide/SBE-SecureOfficeServer.xml b/docs/Samba-Guide/SBE-SecureOfficeServer.xml index ea60db5a4e..c3dca33052 100644 --- a/docs/Samba-Guide/SBE-SecureOfficeServer.xml +++ b/docs/Samba-Guide/SBE-SecureOfficeServer.xml @@ -560,13 +560,6 @@ Given 500 Users and 2 years: </para></listitem> <listitem><para> - <indexterm><primary>IPC$</primary></indexterm> - Explicit controls are effected to restrict access to the <constant>IPC$</constant> share to - local networks only. The <constant>IPC$</constant> share plays an important role in network - browsing and in establishment of network connections. - </para></listitem> - - <listitem><para> Every user has a private home directory on the UNIX/Linux host. This is mapped to a network drive that is the same for all users. </para></listitem> @@ -822,7 +815,7 @@ echo -e "\nNAT firewall done.\n" <smbconfoption name="passdb backend">tdbsam</smbconfoption> <smbconfoption name="pam password change">Yes</smbconfoption> <smbconfoption name="passwd program">/usr/bin/passwd %u</smbconfoption> -<smbconfoption name="passwd chat"></smbconfoption> +<smbconfoption name="passwd chat"> </smbconfoption> <member><parameter>*New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</parameter></member> <smbconfoption name="username map">/etc/samba/smbusers</smbconfoption> <smbconfoption name="unix password sync">Yes</smbconfoption> @@ -859,11 +852,6 @@ echo -e "\nNAT firewall done.\n" <smbconfexample id="promisnetsvca"> <title>130 User Network with <emphasis>tdbsam</emphasis> &smbmdash; Services Section Part A</title> -<smbconfsection name="[IPC$]"/> -<smbconfoption name="path">/tmp</smbconfoption> -<smbconfoption name="hosts allow">192.168.1.0/24, 192.168.2.0/24, 127.0.0.1</smbconfoption> -<smbconfoption name="hosts deny">0.0.0.0/0</smbconfoption> - <smbconfsection name="[homes]"/> <smbconfoption name="comment">Home Directories</smbconfoption> <smbconfoption name="valid users">%S</smbconfoption> @@ -884,10 +872,7 @@ echo -e "\nNAT firewall done.\n" <smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption> <smbconfoption name="guest ok">Yes</smbconfoption> <smbconfoption name="locking">No</smbconfoption> -</smbconfexample> -<smbconfexample id="promisnetsvcb"> -<title>130 User Network with <emphasis>tdbsam</emphasis> &smbmdash; Services Section Part B</title> <smbconfsection name="[profiles]"/> <smbconfoption name="comment">Profile Share</smbconfoption> <smbconfoption name="path">/var/lib/samba/profiles</smbconfoption> @@ -898,12 +883,20 @@ echo -e "\nNAT firewall done.\n" <smbconfoption name="comment">Accounting Files</smbconfoption> <smbconfoption name="path">/data/accounts</smbconfoption> <smbconfoption name="read only">No</smbconfoption> +</smbconfexample> +<smbconfexample id="promisnetsvcb"> +<title>130 User Network with <emphasis>tdbsam</emphasis> &smbmdash; Services Section Part B</title> <smbconfsection name="[service]"/> <smbconfoption name="comment">Financial Services Files</smbconfoption> <smbconfoption name="path">/data/service</smbconfoption> <smbconfoption name="read only">No</smbconfoption> +<smbconfsection name="[pidata]"/> +<smbconfoption name="comment">Property Insurance Files</smbconfoption> +<smbconfoption name="path">/data/pidata</smbconfoption> +<smbconfoption name="read only">No</smbconfoption> + <smbconfsection name="[apps]"/> <smbconfoption name="comment">Application Files</smbconfoption> <smbconfoption name="path">/apps</smbconfoption> @@ -989,6 +982,7 @@ net groupmap modify ntgroup="Domain Guests" unixgroup=nobody # Add Functional Domain Groups net groupmap add ntgroup="Accounts Dept" unixgroup=acctsdep type=d net groupmap add ntgroup="Financial Services" unixgroup=finsrvcs type=d +net groupmap add ntgroup="Insurance Group" unixgroup=piops type=d # Map Windows NT machine local groups to local UNIX groups # Mapping of local groups is not necessary and not functional @@ -1168,7 +1162,7 @@ option domain-name-servers 192.168.1.1, 192.168.2.1; option netbios-name-servers 192.168.1.1, 192.168.2.1; option netbios-node-type 8; ### Node type = Hybrid ### ddns-updates on; ### Dynamic DNS enabled ### -ddns-update-style ad-hoc; +ddns-update-style interim; subnet 192.168.1.0 netmask 255.255.255.0 { range dynamic-bootp 192.168.1.128 192.168.1.254; diff --git a/docs/Samba-Guide/SBE-SimpleOfficeServer.xml b/docs/Samba-Guide/SBE-SimpleOfficeServer.xml index 2fc10b69ec..7f3c8d068c 100644 --- a/docs/Samba-Guide/SBE-SimpleOfficeServer.xml +++ b/docs/Samba-Guide/SBE-SimpleOfficeServer.xml @@ -566,10 +566,18 @@ Password changed </para></step> <step><para> - Install the &smb.conf; file shown in <link linkend="charity-smbconf"/> in the - <filename>/etc/samba</filename> directory. + Install the &smb.conf; file shown in <link linkend="charity-smbconfnew"/> in the + <filename>/etc/samba</filename> directory. This newer &smb.conf; file uses user-mode security + and is more suited to the mode of operation of Samba-3 that the older share-mode security + configuration that was shown in the first edition of this book. </para></step> + <note><para> + If you want to use the older style configuration that uses share-mode security, you can + install the file shown in <link linkend="charity-smbconf"/> in the + <filename>/etc/samba</filename> directory. + </para></note> + <step><para> <indexterm><primary>smbd</primary></indexterm> We must ensure that the <command>smbd</command> can resolve the name of the Samba @@ -634,6 +642,44 @@ application/octet-stream </procedure> +<smbconfexample id="charity-smbconfnew"> +<title>Charity Administration Office &smb.conf; File</title> +<smbconfcomment>Global Parameters - Newer Configuration`</smbconfcomment> +<smbconfsection name="[global]"/> +<smbconfoption name="workgroup">MIDEARTH</smbconfoption> +<smbconfoption name="printing">CUPS</smbconfoption> +<smbconfoption name="printcap name">CUPS</smbconfoption> +<smbconfoption name="map to guest">Bad User</smbconfoption> +<smbconfoption name="show add printer wizard">No</smbconfoption> +<smbconfoption name="wins support">yes</smbconfoption> + +<smbconfsection name="[FTMFILES]"/> +<smbconfoption name="comment">Funds Tracking & Management Files</smbconfoption> +<smbconfoption name="path">/data/ftmfiles</smbconfoption> +<smbconfoption name="read only">No</smbconfoption> +<smbconfoption name="force user">abmas</smbconfoption> +<smbconfoption name="force group">office</smbconfoption> +<smbconfoption name="guest ok">Yes</smbconfoption> +<smbconfoption name="nt acl support">No</smbconfoption> + +<smbconfsection name="[office]"/> +<smbconfoption name="comment">General Office Files</smbconfoption> +<smbconfoption name="path">/data/officefiles</smbconfoption> +<smbconfoption name="read only">No</smbconfoption> +<smbconfoption name="force user">abmas</smbconfoption> +<smbconfoption name="force group">office</smbconfoption> +<smbconfoption name="guest ok">Yes</smbconfoption> +<smbconfoption name="nt acl support">No</smbconfoption> + +<smbconfsection name="[printers]"/> +<smbconfoption name="comment">Print Temporary Spool Configuration</smbconfoption> +<smbconfoption name="path">/var/spool/samba</smbconfoption> +<smbconfoption name="printable">Yes</smbconfoption> +<smbconfoption name="guest ok">Yes</smbconfoption> +<smbconfoption name="use client driver">Yes</smbconfoption> +<smbconfoption name="browseable">No</smbconfoption> +</smbconfexample> + <smbconfexample id="charity-smbconf"> <title>Charity Administration Office &smb.conf; File</title> <smbconfcomment>Global Parameters</smbconfcomment> @@ -1233,14 +1279,14 @@ application/octet-stream </procedure> <smbconfexample id="acctconf"> -<title>Accounting Office Network &smb.conf; File</title> +<title>Accounting Office Network &smb.conf; Old Style Configuration File</title> <smbconfcomment>Global parameters</smbconfcomment> <smbconfsection name="[global]"/> <smbconfoption name="workgroup">BILLMORE</smbconfoption> -<smbconfoption name="printing">CUPS</smbconfoption> <smbconfoption name="printcap name">CUPS</smbconfoption> <smbconfoption name="disable spoolss">Yes</smbconfoption> <smbconfoption name="show add printer wizard">No</smbconfoption> +<smbconfoption name="printing">cups</smbconfoption> <smbconfsection name="[files]"/> <smbconfoption name="comment">Work area files</smbconfoption> diff --git a/docs/Samba-Guide/SBE-TheSmallOffice.xml b/docs/Samba-Guide/SBE-TheSmallOffice.xml index a871d06b23..cf0079ae4a 100644 --- a/docs/Samba-Guide/SBE-TheSmallOffice.xml +++ b/docs/Samba-Guide/SBE-TheSmallOffice.xml @@ -633,7 +633,7 @@ hosts: files wins <smbconfcomment>Global parameters</smbconfcomment> <smbconfsection name="[global]"/> <smbconfoption name="workgroup">BILLMORE</smbconfoption> -<smbconfoption name="passwd chat"></smbconfoption> +<smbconfoption name="passwd chat"> </smbconfoption> <member><parameter>*New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*</parameter></member> <smbconfoption name="username map">/etc/samba/smbusers</smbconfoption> <smbconfoption name="syslog">0</smbconfoption> |