diff options
94 files changed, 5220 insertions, 10359 deletions
diff --git a/docs/OID/allocated-arcs.txt b/docs/OID/allocated-arcs.txt index 7a7cd8057b..4666be4cd7 100644 --- a/docs/OID/allocated-arcs.txt +++ b/docs/OID/allocated-arcs.txt @@ -14,3 +14,4 @@ ARC Owner Contact Purpose --- ----- ------- ------- .1 Plainjoe.org Jerry Carter <jerry@samba.org> Use for Plainjoe.org domain and examples in O'Reilly LDAP book +.2 Samba 2.2. Release jerry@samba.org schema for representing smbpasswd diff --git a/docs/README.Win2kSP2 b/docs/README.Win2kSP2 new file mode 100644 index 0000000000..49a8fbf4ae --- /dev/null +++ b/docs/README.Win2kSP2 @@ -0,0 +1,56 @@ +!== +!== README.Win2kSP2 +!== + +Author: Gerald (Jerry) Carter <jerry@samba.org> + +================================================================== + +There are several annoyances with Windows 2000 SP2. One of which +only appears when using a Samba server to host user profiles +to Windows 2000 SP2 clients in a Windows domain. This assumes +that Samba is a member of the domain, but the problem will +likely occur if it is not. + +In order to server profiles successfully to Windows 2000 SP2 +clients (when not operating as a PDC), Samba must have + + nt acl support = no + +added to the file share which houses the roaming profiles. +If this is not done, then the Windows 2000 SP2 client will +complain about not being able to access the profile (Access +Denied) and create multiple copies of it on disk (DOMAIN.user.001, +DOMAIN.user.002, etc...). See the smb.conf(5) man page +for more details on this option. Also note that the "nt acl support" +parameter was formally a global parameter in releases prior +to Samba 2.2.2. + +The following is a minimal profile share + + [profile] + path = /export/profile + create mask = 0600 + directory mask = 0700 + nt acl support = no + read only = no + +The reason for this bug is that the Win2k SP2 client copies +the security descriptor for the profile which contains +the Samba server's SID, and not the domain SID. The client +compares the SID for SAMBA\user and realizes it is +different that the one assigned to DOMAIN\user. Hence the reason +for the "access denied" message. + +By disabling the "nt acl support" parameter, Samba will send +the Win2k client a response to the QuerySecurityDescriptor +trans2 call which causes the client to set a default ACL +for the profile. This default ACL includes + + DOMAIN\user "Full Control" + + +NOTE : This bug does not occur when using winbind to +create accounts on the Samba host for Domain users. + + diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses new file mode 100644 index 0000000000..f887486eaa --- /dev/null +++ b/docs/README.Win32-Viruses @@ -0,0 +1,56 @@ +While this article is specific to the recent Nimda worm, +the information can be applied to preventing the spread +of many Win32 viruses. Thanks to the Samba Users Group of Japan +(SUGJ) for this article. +=============================================================================== +Steps againt Nimba Worm for Samba + +Author: HASEGAWA Yosuke +Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp> + +The information in this article applies to + Samba 2.0.x + Samba 2.2.x + Windows 95/98/Me/NT/2000 + +SYMPTOMS + This article has described the measure against Nimba Worm for Samba + server. + +DESCRIPTION + Nimba Worm is infected through the shared disk on a network besides + Microsoft IIS, Internet Explorer and mailer of Outlook series. + + At this time, the worm copies itself by the name *.nws and *.eml on + the shared disk, moreover, by the name of Riched20.dll in the folder + where *.doc file is included. + + To prevent infection through the shared disk offered by Samba, set + up as follows: + +----- +[global] + ... + veto files = /*.eml/*.nws/riched20.dll/ +----- + + Setting up "veto files" parameter, the matched files on the Samba + server are completely hidden from the clients and become impossible + to access them at all. + + In addition to it, the following setting are also pointed out by the + samba-jp:09448 thread: when the + "(Jreadme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}"(B file exists on + a Samba server, it is visible only with "readme.txt" and a dangerous + code may be performed when this file is double-clicked. + + Setting the following, +----- + veto files = /*.{*}/ +----- + no files having CLSID in its file extension can be accessed from any + clients. + +This technical article is created based on the discussion of +samba-jp:09448 and samba-jp:10900 threads. + diff --git a/docs/README.ldap b/docs/README.ldap new file mode 100644 index 0000000000..451e27b8bf --- /dev/null +++ b/docs/README.ldap @@ -0,0 +1 @@ +The schema file is stored in ../examples/LDAP/samba.schema diff --git a/docs/NT4-Locking.reg b/docs/Registry/NT4-Locking.reg index a550d52a72..6175fd5145 100644 --- a/docs/NT4-Locking.reg +++ b/docs/Registry/NT4-Locking.reg @@ -1,7 +1,8 @@ REGEDIT4
;Contributor: John H Terpstra <jht@samba.org>
-;Updated: Feb 15, 1999
+;Corrected: Stefan Kanthak <skanthak@nexgo.de>
+;Updated: Jun 25, 2001
;
;Subject: Registry Entries That Affect Locking and Caching
@@ -15,9 +16,9 @@ REGEDIT4 "UtilizeNtCaching"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem]
-"Win95TruncateExtensions"=dword:00000000
+"Win95TruncatedExtensions"=dword:00000000
+"NTFSDisable8dot3NameCreation"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters]
"EnableOpLockForceClose"=dword:00000001
"EnableOpLocks"=dword:00000000
-
diff --git a/docs/NT4_PlainPassword.reg b/docs/Registry/NT4_PlainPassword.reg index b30db150c2..b30db150c2 100644 --- a/docs/NT4_PlainPassword.reg +++ b/docs/Registry/NT4_PlainPassword.reg diff --git a/docs/Win2000_PlainPassword.reg b/docs/Registry/Win2000_PlainPassword.reg index e0ae280b1c..e0ae280b1c 100644 --- a/docs/Win2000_PlainPassword.reg +++ b/docs/Registry/Win2000_PlainPassword.reg diff --git a/docs/Win95_PlainPassword.reg b/docs/Registry/Win95_PlainPassword.reg index 9dd3103689..9dd3103689 100644 --- a/docs/Win95_PlainPassword.reg +++ b/docs/Registry/Win95_PlainPassword.reg diff --git a/docs/Win98_PlainPassword.reg b/docs/Registry/Win98_PlainPassword.reg index 9dd3103689..9dd3103689 100644 --- a/docs/Win98_PlainPassword.reg +++ b/docs/Registry/Win98_PlainPassword.reg diff --git a/docs/Win9X-CacheHandling.reg b/docs/Registry/Win9X-CacheHandling.reg index 265e335b40..265e335b40 100644 --- a/docs/Win9X-CacheHandling.reg +++ b/docs/Registry/Win9X-CacheHandling.reg diff --git a/docs/WinME_PlainPassword.reg b/docs/Registry/WinME_PlainPassword.reg index 9dd3103689..9dd3103689 100644 --- a/docs/WinME_PlainPassword.reg +++ b/docs/Registry/WinME_PlainPassword.reg diff --git a/docs/Registry/WinXP_SignOrSeal.reg b/docs/Registry/WinXP_SignOrSeal.reg new file mode 100644 index 0000000000..18690ae661 --- /dev/null +++ b/docs/Registry/WinXP_SignOrSeal.reg @@ -0,0 +1,9 @@ +REGEDIT4 + +; +; This registry key (gathered from the Samba-tng lists) is needed +; for a Windows XP client to join and logon to a Samba domain +; + +HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters +"RequireSignOrSeal"=dword:00000000 diff --git a/docs/WindowsTerminalServer.reg b/docs/Registry/WindowsTerminalServer.reg index 73c3b177d2..73c3b177d2 100644 --- a/docs/WindowsTerminalServer.reg +++ b/docs/Registry/WindowsTerminalServer.reg diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf index 483918bc80..511edd4ed1 100644 --- a/docs/Samba-HOWTO-Collection.pdf +++ b/docs/Samba-HOWTO-Collection.pdf @@ -1,6 +1,6 @@ %PDF-1.2 %âãÏÓ -1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20011010172054Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj +1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20011206071218Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj 2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj 3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj 4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Bold/Encoding 2 0 R>>endobj @@ -41,13 +41,13 @@ 31 0 R ]endobj 33 0 obj<</S/URI/URI(http://rsync.samba.org/)>>endobj -34 0 obj<</Subtype/Link/Rect[120.9 102.2 222.3 115.2]/Border[0 0 0]/A 33 0 R>>endobj +34 0 obj<</Subtype/Link/Rect[120.9 89.0 222.3 102.0]/Border[0 0 0]/A 33 0 R>>endobj 35 0 obj[34 0 R ]endobj 36 0 obj<</S/URI/URI(#OBEYPAMRESTRICTIONS)>>endobj -37 0 obj<</Subtype/Link/Rect[238.2 662.6 332.9 675.6]/Border[0 0 0]/A 36 0 R>>endobj +37 0 obj<</Subtype/Link/Rect[238.2 649.4 332.9 662.4]/Border[0 0 0]/A 36 0 R>>endobj 38 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj -39 0 obj<</Subtype/Link/Rect[344.2 583.4 454.9 596.4]/Border[0 0 0]/A 38 0 R>>endobj +39 0 obj<</Subtype/Link/Rect[344.2 570.2 454.9 583.2]/Border[0 0 0]/A 38 0 R>>endobj 40 0 obj[37 0 R 39 0 R ]endobj @@ -94,7 +94,7 @@ 67 0 R 69 0 R ]endobj -71 0 obj<</Subtype/Link/Rect[462.9 705.8 540.9 718.8]/Border[0 0 0]/Dest[625 0 R/XYZ null 768 0]>>endobj +71 0 obj<</Subtype/Link/Rect[462.9 705.8 540.9 718.8]/Border[0 0 0]/Dest[645 0 R/XYZ null 768 0]>>endobj 72 0 obj<</S/URI/URI(#WRITELIST)>>endobj 73 0 obj<</Subtype/Link/Rect[91.9 313.4 157.9 326.4]/Border[0 0 0]/A 72 0 R>>endobj 74 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj @@ -147,33 +147,33 @@ 106 0 obj[105 0 R ]endobj 107 0 obj<</S/URI/URI(smbpasswd.8.html)>>endobj -108 0 obj<</Subtype/Link/Rect[221.4 416.2 287.7 429.2]/Border[0 0 0]/A 107 0 R>>endobj +108 0 obj<</Subtype/Link/Rect[221.4 455.8 287.7 468.8]/Border[0 0 0]/A 107 0 R>>endobj 109 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj -110 0 obj<</Subtype/Link/Rect[353.1 99.4 425.7 112.4]/Border[0 0 0]/A 109 0 R>>endobj +110 0 obj<</Subtype/Link/Rect[353.1 139.0 425.7 152.0]/Border[0 0 0]/A 109 0 R>>endobj 111 0 obj<</S/URI/URI(#SECURITY)>>endobj -112 0 obj<</Subtype/Link/Rect[169.1 59.8 241.7 72.8]/Border[0 0 0]/A 111 0 R>>endobj +112 0 obj<</Subtype/Link/Rect[169.1 99.4 241.7 112.4]/Border[0 0 0]/A 111 0 R>>endobj 113 0 obj[108 0 R 110 0 R 112 0 R ]endobj 114 0 obj<</S/URI/URI(#WORKGROUP)>>endobj -115 0 obj<</Subtype/Link/Rect[146.2 694.6 225.4 707.6]/Border[0 0 0]/A 114 0 R>>endobj +115 0 obj<</Subtype/Link/Rect[146.2 721.0 225.4 734.0]/Border[0 0 0]/A 114 0 R>>endobj 116 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj -117 0 obj<</Subtype/Link/Rect[224.7 615.4 343.5 628.4]/Border[0 0 0]/A 116 0 R>>endobj +117 0 obj<</Subtype/Link/Rect[224.7 641.8 343.5 654.8]/Border[0 0 0]/A 116 0 R>>endobj 118 0 obj<</S/URI/URI(#PASSWORDSERVER)>>endobj -119 0 obj<</Subtype/Link/Rect[188.7 575.8 307.5 588.8]/Border[0 0 0]/A 118 0 R>>endobj +119 0 obj<</Subtype/Link/Rect[188.7 602.2 307.5 615.2]/Border[0 0 0]/A 118 0 R>>endobj 120 0 obj[115 0 R 117 0 R 119 0 R ]endobj 121 0 obj<</S/URI/URI(#SECURITYEQUALSSERVER)>>endobj -122 0 obj<</Subtype/Link/Rect[277.9 651.4 354.1 664.4]/Border[0 0 0]/A 121 0 R>>endobj +122 0 obj<</Subtype/Link/Rect[277.9 721.0 354.1 734.0]/Border[0 0 0]/A 121 0 R>>endobj 123 0 obj<</S/URI/URI(winbind.html)>>endobj -124 0 obj<</Subtype/Link/Rect[153.9 598.6 222.3 611.6]/Border[0 0 0]/A 123 0 R>>endobj +124 0 obj<</Subtype/Link/Rect[153.9 668.2 222.3 681.2]/Border[0 0 0]/A 123 0 R>>endobj 125 0 obj<</S/URI/URI(http://www.linuxworld.com)>>endobj -126 0 obj<</Subtype/Link/Rect[443.5 281.8 500.6 294.8]/Border[0 0 0]/A 125 0 R>>endobj +126 0 obj<</Subtype/Link/Rect[443.5 351.4 500.6 364.4]/Border[0 0 0]/A 125 0 R>>endobj 127 0 obj<</S/URI/URI(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html)>>endobj -128 0 obj<</Subtype/Link/Rect[72.0 268.6 189.3 281.6]/Border[0 0 0]/A 127 0 R>>endobj +128 0 obj<</Subtype/Link/Rect[72.0 338.2 189.3 351.2]/Border[0 0 0]/A 127 0 R>>endobj 129 0 obj[122 0 R 124 0 R 126 0 R @@ -184,55 +184,59 @@ 132 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj 133 0 obj<</Subtype/Link/Rect[334.9 603.4 418.9 616.4]/Border[0 0 0]/A 132 0 R>>endobj 134 0 obj<</S/URI/URI(UNIX_INSTALL.html)>>endobj -135 0 obj<</Subtype/Link/Rect[72.0 426.2 173.7 439.2]/Border[0 0 0]/A 134 0 R>>endobj +135 0 obj<</Subtype/Link/Rect[339.0 439.4 443.5 452.4]/Border[0 0 0]/A 134 0 R>>endobj 136 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj -137 0 obj<</Subtype/Link/Rect[167.0 413.0 268.4 426.0]/Border[0 0 0]/A 136 0 R>>endobj +137 0 obj<</Subtype/Link/Rect[445.9 426.2 544.6 439.2]/Border[0 0 0]/A 136 0 R>>endobj 138 0 obj[131 0 R 133 0 R 135 0 R 137 0 R ]endobj 139 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj -140 0 obj<</Subtype/Link/Rect[468.3 570.2 549.6 583.2]/Border[0 0 0]/A 139 0 R>>endobj +140 0 obj<</Subtype/Link/Rect[468.3 636.2 549.6 649.2]/Border[0 0 0]/A 139 0 R>>endobj 141 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj -142 0 obj<</Subtype/Link/Rect[72.0 557.0 92.8 570.0]/Border[0 0 0]/A 141 0 R>>endobj +142 0 obj<</Subtype/Link/Rect[72.0 623.0 92.8 636.0]/Border[0 0 0]/A 141 0 R>>endobj 143 0 obj<</S/URI/URI(#NETBIOSNAME)>>endobj -144 0 obj<</Subtype/Link/Rect[94.6 483.6 159.4 494.6]/Border[0 0 0]/A 143 0 R>>endobj +144 0 obj<</Subtype/Link/Rect[94.6 549.6 159.4 560.6]/Border[0 0 0]/A 143 0 R>>endobj 145 0 obj<</S/URI/URI(#WORKGROUP)>>endobj -146 0 obj<</Subtype/Link/Rect[94.6 472.8 143.2 483.8]/Border[0 0 0]/A 145 0 R>>endobj +146 0 obj<</Subtype/Link/Rect[94.6 538.8 143.2 549.8]/Border[0 0 0]/A 145 0 R>>endobj 147 0 obj<</S/URI/URI(#OSLEVEL)>>endobj -148 0 obj<</Subtype/Link/Rect[94.6 440.4 137.8 451.4]/Border[0 0 0]/A 147 0 R>>endobj +148 0 obj<</Subtype/Link/Rect[94.6 506.4 137.8 517.4]/Border[0 0 0]/A 147 0 R>>endobj 149 0 obj<</S/URI/URI(#PERFERREDMASTER)>>endobj -150 0 obj<</Subtype/Link/Rect[94.6 429.6 181.0 440.6]/Border[0 0 0]/A 149 0 R>>endobj +150 0 obj<</Subtype/Link/Rect[94.6 495.6 181.0 506.6]/Border[0 0 0]/A 149 0 R>>endobj 151 0 obj<</S/URI/URI(#DOMAINMASTER)>>endobj -152 0 obj<</Subtype/Link/Rect[94.6 418.8 164.8 429.8]/Border[0 0 0]/A 151 0 R>>endobj +152 0 obj<</Subtype/Link/Rect[94.6 484.8 164.8 495.8]/Border[0 0 0]/A 151 0 R>>endobj 153 0 obj<</S/URI/URI(#LOCALMASTER)>>endobj -154 0 obj<</Subtype/Link/Rect[94.6 408.0 159.4 419.0]/Border[0 0 0]/A 153 0 R>>endobj +154 0 obj<</Subtype/Link/Rect[94.6 474.0 159.4 485.0]/Border[0 0 0]/A 153 0 R>>endobj 155 0 obj<</S/URI/URI(#SECURITYEQUALSUSER)>>endobj -156 0 obj<</Subtype/Link/Rect[94.6 375.6 137.8 386.6]/Border[0 0 0]/A 155 0 R>>endobj +156 0 obj<</Subtype/Link/Rect[94.6 441.6 137.8 452.6]/Border[0 0 0]/A 155 0 R>>endobj 157 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj -158 0 obj<</Subtype/Link/Rect[94.6 343.2 186.4 354.2]/Border[0 0 0]/A 157 0 R>>endobj +158 0 obj<</Subtype/Link/Rect[94.6 409.2 186.4 420.2]/Border[0 0 0]/A 157 0 R>>endobj 159 0 obj<</S/URI/URI(#DOMAINLOGONS)>>endobj -160 0 obj<</Subtype/Link/Rect[94.6 310.8 164.8 321.8]/Border[0 0 0]/A 159 0 R>>endobj +160 0 obj<</Subtype/Link/Rect[94.6 376.8 164.8 387.8]/Border[0 0 0]/A 159 0 R>>endobj 161 0 obj<</S/URI/URI(#LOGONPATH)>>endobj -162 0 obj<</Subtype/Link/Rect[94.6 278.4 148.6 289.4]/Border[0 0 0]/A 161 0 R>>endobj +162 0 obj<</Subtype/Link/Rect[94.6 344.4 148.6 355.4]/Border[0 0 0]/A 161 0 R>>endobj 163 0 obj<</S/URI/URI(#LOGONDRIVE)>>endobj -164 0 obj<</Subtype/Link/Rect[94.6 235.2 154.0 246.2]/Border[0 0 0]/A 163 0 R>>endobj +164 0 obj<</Subtype/Link/Rect[94.6 301.2 154.0 312.2]/Border[0 0 0]/A 163 0 R>>endobj 165 0 obj<</S/URI/URI(#LOGONHOME)>>endobj -166 0 obj<</Subtype/Link/Rect[94.6 224.4 148.6 235.4]/Border[0 0 0]/A 165 0 R>>endobj +166 0 obj<</Subtype/Link/Rect[94.6 290.4 148.6 301.4]/Border[0 0 0]/A 165 0 R>>endobj 167 0 obj<</S/URI/URI(#LOGONSCRIPT)>>endobj -168 0 obj<</Subtype/Link/Rect[94.6 181.2 159.4 192.2]/Border[0 0 0]/A 167 0 R>>endobj +168 0 obj<</Subtype/Link/Rect[94.6 247.2 159.4 258.2]/Border[0 0 0]/A 167 0 R>>endobj 169 0 obj<</S/URI/URI(#PATH)>>endobj -170 0 obj<</Subtype/Link/Rect[94.6 138.0 116.2 149.0]/Border[0 0 0]/A 169 0 R>>endobj -171 0 obj<</S/URI/URI(#WRITEABLE)>>endobj -172 0 obj<</Subtype/Link/Rect[94.6 127.2 143.2 138.2]/Border[0 0 0]/A 171 0 R>>endobj +170 0 obj<</Subtype/Link/Rect[94.6 204.0 116.2 215.0]/Border[0 0 0]/A 169 0 R>>endobj +171 0 obj<</S/URI/URI(#READONLY)>>endobj +172 0 obj<</Subtype/Link/Rect[94.6 193.2 143.2 204.2]/Border[0 0 0]/A 171 0 R>>endobj 173 0 obj<</S/URI/URI(#WRITELIST)>>endobj -174 0 obj<</Subtype/Link/Rect[94.6 116.4 148.6 127.4]/Border[0 0 0]/A 173 0 R>>endobj +174 0 obj<</Subtype/Link/Rect[94.6 182.4 148.6 193.4]/Border[0 0 0]/A 173 0 R>>endobj 175 0 obj<</S/URI/URI(#PATH)>>endobj -176 0 obj<</Subtype/Link/Rect[94.6 73.2 116.2 84.2]/Border[0 0 0]/A 175 0 R>>endobj -177 0 obj<</S/URI/URI(#WRITEABLE)>>endobj -178 0 obj<</Subtype/Link/Rect[94.6 62.4 143.2 73.4]/Border[0 0 0]/A 177 0 R>>endobj -179 0 obj[140 0 R +176 0 obj<</Subtype/Link/Rect[94.6 139.2 116.2 150.2]/Border[0 0 0]/A 175 0 R>>endobj +177 0 obj<</S/URI/URI(#READONLY)>>endobj +178 0 obj<</Subtype/Link/Rect[94.6 128.4 143.2 139.4]/Border[0 0 0]/A 177 0 R>>endobj +179 0 obj<</S/URI/URI(#CREATEMASK)>>endobj +180 0 obj<</Subtype/Link/Rect[94.6 117.6 154.0 128.6]/Border[0 0 0]/A 179 0 R>>endobj +181 0 obj<</S/URI/URI(#DIRECTORYMASK)>>endobj +182 0 obj<</Subtype/Link/Rect[94.6 106.8 170.2 117.8]/Border[0 0 0]/A 181 0 R>>endobj +183 0 obj[140 0 R 142 0 R 144 0 R 146 0 R @@ -252,182 +256,186 @@ 174 0 R 176 0 R 178 0 R +180 0 R +182 0 R ]endobj -180 0 obj<</S/URI/URI(#CREATEMASK)>>endobj -181 0 obj<</Subtype/Link/Rect[94.6 722.0 154.0 733.0]/Border[0 0 0]/A 180 0 R>>endobj -182 0 obj<</S/URI/URI(#DIRECTORYMASK)>>endobj -183 0 obj<</Subtype/Link/Rect[94.6 711.2 170.2 722.2]/Border[0 0 0]/A 182 0 R>>endobj 184 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj -185 0 obj<</Subtype/Link/Rect[108.0 645.4 200.6 658.4]/Border[0 0 0]/A 184 0 R>>endobj +185 0 obj<</Subtype/Link/Rect[108.0 707.8 200.6 720.8]/Border[0 0 0]/A 184 0 R>>endobj 186 0 obj<</S/URI/URI(#DOMAINADMINGROUP)>>endobj -187 0 obj<</Subtype/Link/Rect[505.2 553.0 538.2 566.0]/Border[0 0 0]/A 186 0 R>>endobj +187 0 obj<</Subtype/Link/Rect[497.0 615.4 530.0 628.4]/Border[0 0 0]/A 186 0 R>>endobj 188 0 obj<</S/URI/URI(#DOMAINADMINGROUP)>>endobj -189 0 obj<</Subtype/Link/Rect[72.0 539.8 127.9 552.8]/Border[0 0 0]/A 188 0 R>>endobj -190 0 obj[181 0 R -183 0 R -185 0 R +189 0 obj<</Subtype/Link/Rect[72.0 602.2 127.9 615.2]/Border[0 0 0]/A 188 0 R>>endobj +190 0 obj[185 0 R 187 0 R 189 0 R ]endobj -191 0 obj<</S/URI/URI(smbpasswd.6.html)>>endobj -192 0 obj<</Subtype/Link/Rect[72.0 537.4 138.6 550.4]/Border[0 0 0]/A 191 0 R>>endobj +191 0 obj<</S/URI/URI(smbpasswd.8.html)>>endobj +192 0 obj<</Subtype/Link/Rect[72.0 550.6 138.6 563.6]/Border[0 0 0]/A 191 0 R>>endobj 193 0 obj<</S/URI/URI(#ADDUSERSCRIPT)>>endobj -194 0 obj<</Subtype/Link/Rect[427.0 282.2 491.2 295.2]/Border[0 0 0]/A 193 0 R>>endobj +194 0 obj<</Subtype/Link/Rect[422.7 229.4 486.9 242.4]/Border[0 0 0]/A 193 0 R>>endobj 195 0 obj[192 0 R 194 0 R ]endobj 196 0 obj<</S/URI/URI(http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp)>>endobj -197 0 obj<</Subtype/Link/Rect[164.2 441.8 409.3 454.8]/Border[0 0 0]/A 196 0 R>>endobj +197 0 obj<</Subtype/Link/Rect[164.2 636.2 409.3 649.2]/Border[0 0 0]/A 196 0 R>>endobj 198 0 obj[197 0 R ]endobj 199 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE)>>endobj -200 0 obj<</Subtype/Link/Rect[287.9 523.0 540.0 536.0]/Border[0 0 0]/A 199 0 R>>endobj +200 0 obj<</Subtype/Link/Rect[287.9 721.0 540.0 734.0]/Border[0 0 0]/A 199 0 R>>endobj 201 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE)>>endobj -202 0 obj<</Subtype/Link/Rect[236.3 483.4 508.6 496.4]/Border[0 0 0]/A 201 0 R>>endobj +202 0 obj<</Subtype/Link/Rect[236.3 681.4 508.6 694.4]/Border[0 0 0]/A 201 0 R>>endobj 203 0 obj<</S/URI/URI(http://www.tcpdump.org/)>>endobj -204 0 obj<</Subtype/Link/Rect[352.1 68.6 458.1 81.6]/Border[0 0 0]/A 203 0 R>>endobj -205 0 obj[200 0 R +204 0 obj<</Subtype/Link/Rect[352.1 266.6 458.1 279.6]/Border[0 0 0]/A 203 0 R>>endobj +205 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj +206 0 obj<</Subtype/Link/Rect[430.0 253.4 539.4 266.4]/Border[0 0 0]/A 205 0 R>>endobj +207 0 obj[200 0 R 202 0 R 204 0 R +206 0 R ]endobj -206 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj -207 0 obj<</Subtype/Link/Rect[435.5 721.0 544.9 734.0]/Border[0 0 0]/A 206 0 R>>endobj 208 0 obj<</S/URI/URI(http://samba.org)>>endobj -209 0 obj<</Subtype/Link/Rect[236.3 127.0 310.8 140.0]/Border[0 0 0]/A 208 0 R>>endobj +209 0 obj<</Subtype/Link/Rect[236.3 338.2 310.8 351.2]/Border[0 0 0]/A 208 0 R>>endobj 210 0 obj<</S/URI/URI(http://www.skippy.net/linux/smb-howto.html)>>endobj -211 0 obj<</Subtype/Link/Rect[144.0 74.2 346.1 87.2]/Border[0 0 0]/A 210 0 R>>endobj -212 0 obj[207 0 R -209 0 R +211 0 obj<</Subtype/Link/Rect[144.0 285.4 346.1 298.4]/Border[0 0 0]/A 210 0 R>>endobj +212 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj +213 0 obj<</Subtype/Link/Rect[182.5 259.0 345.0 272.0]/Border[0 0 0]/A 212 0 R>>endobj +214 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj +215 0 obj<</Subtype/Link/Rect[284.9 245.8 381.4 258.8]/Border[0 0 0]/A 214 0 R>>endobj +216 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj +217 0 obj<</Subtype/Link/Rect[244.2 232.6 411.2 245.6]/Border[0 0 0]/A 216 0 R>>endobj +218 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj +219 0 obj<</Subtype/Link/Rect[280.3 219.4 471.9 232.4]/Border[0 0 0]/A 218 0 R>>endobj +220 0 obj<</S/URI/URI(http://samba.org)>>endobj +221 0 obj<</Subtype/Link/Rect[361.0 166.6 432.8 179.6]/Border[0 0 0]/A 220 0 R>>endobj +222 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj +223 0 obj<</Subtype/Link/Rect[301.1 127.0 425.6 140.0]/Border[0 0 0]/A 222 0 R>>endobj +224 0 obj[209 0 R 211 0 R +213 0 R +215 0 R +217 0 R +219 0 R +221 0 R +223 0 R ]endobj -213 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj -214 0 obj<</Subtype/Link/Rect[182.5 707.8 345.0 720.8]/Border[0 0 0]/A 213 0 R>>endobj -215 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj -216 0 obj<</Subtype/Link/Rect[284.9 694.6 381.4 707.6]/Border[0 0 0]/A 215 0 R>>endobj -217 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj -218 0 obj<</Subtype/Link/Rect[244.2 681.4 411.2 694.4]/Border[0 0 0]/A 217 0 R>>endobj -219 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj -220 0 obj<</Subtype/Link/Rect[280.3 668.2 471.9 681.2]/Border[0 0 0]/A 219 0 R>>endobj -221 0 obj<</S/URI/URI(http://samba.org)>>endobj -222 0 obj<</Subtype/Link/Rect[361.0 615.4 432.8 628.4]/Border[0 0 0]/A 221 0 R>>endobj -223 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj -224 0 obj<</Subtype/Link/Rect[301.1 575.8 425.6 588.8]/Border[0 0 0]/A 223 0 R>>endobj 225 0 obj<</S/URI/URI(http://lists.samba.org/)>>endobj -226 0 obj<</Subtype/Link/Rect[135.5 140.2 227.8 153.2]/Border[0 0 0]/A 225 0 R>>endobj +226 0 obj<</Subtype/Link/Rect[135.5 351.4 227.8 364.4]/Border[0 0 0]/A 225 0 R>>endobj 227 0 obj<</S/URI/URI(http://lists.samba.org/mailman/roster/samba-ntdom)>>endobj -228 0 obj<</Subtype/Link/Rect[309.0 127.0 330.7 140.0]/Border[0 0 0]/A 227 0 R>>endobj -229 0 obj[214 0 R -216 0 R -218 0 R -220 0 R -222 0 R -224 0 R -226 0 R +228 0 obj<</Subtype/Link/Rect[309.0 338.2 330.7 351.2]/Border[0 0 0]/A 227 0 R>>endobj +229 0 obj[226 0 R 228 0 R ]endobj 230 0 obj<</S/URI/URI(mailto:jtrostel@snapserver.com)>>endobj 231 0 obj<</Subtype/Link/Rect[200.6 255.4 310.1 268.4]/Border[0 0 0]/A 230 0 R>>endobj 232 0 obj[231 0 R ]endobj -233 0 obj<</S/URI/URI(winbindd.8.html)>>endobj -234 0 obj<</Subtype/Link/Rect[311.8 195.0 366.1 208.0]/Border[0 0 0]/A 233 0 R>>endobj +233 0 obj<</S/URI/URI(http://samba.org/)>>endobj +234 0 obj<</Subtype/Link/Rect[196.9 385.4 308.1 398.4]/Border[0 0 0]/A 233 0 R>>endobj 235 0 obj[234 0 R ]endobj -236 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj -237 0 obj<</Subtype/Link/Rect[331.1 607.0 550.0 620.0]/Border[0 0 0]/A 236 0 R>>endobj -238 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj -239 0 obj<</Subtype/Link/Rect[72.0 241.4 319.2 254.4]/Border[0 0 0]/A 238 0 R>>endobj -240 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj -241 0 obj<</Subtype/Link/Rect[346.1 241.4 544.2 254.4]/Border[0 0 0]/A 240 0 R>>endobj -242 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj -243 0 obj<</Subtype/Link/Rect[175.9 117.8 366.2 130.8]/Border[0 0 0]/A 242 0 R>>endobj -244 0 obj[237 0 R +236 0 obj<</S/URI/URI(winbindd.8.html)>>endobj +237 0 obj<</Subtype/Link/Rect[311.8 208.2 366.1 221.2]/Border[0 0 0]/A 236 0 R>>endobj +238 0 obj<</S/URI/URI(#WINBINDSEPARATOR)>>endobj +239 0 obj<</Subtype/Link/Rect[100.0 137.2 191.8 148.2]/Border[0 0 0]/A 238 0 R>>endobj +240 0 obj<</S/URI/URI(#WINBINDUID)>>endobj +241 0 obj<</Subtype/Link/Rect[100.0 115.6 159.4 126.6]/Border[0 0 0]/A 240 0 R>>endobj +242 0 obj<</S/URI/URI(#WINBINDGID)>>endobj +243 0 obj<</Subtype/Link/Rect[100.0 94.0 159.4 105.0]/Border[0 0 0]/A 242 0 R>>endobj +244 0 obj<</S/URI/URI(#WINBINDENUMUSERS)>>endobj +245 0 obj<</Subtype/Link/Rect[100.0 72.4 197.2 83.4]/Border[0 0 0]/A 244 0 R>>endobj +246 0 obj<</S/URI/URI(#WINBINDENUMGROUP)>>endobj +247 0 obj<</Subtype/Link/Rect[100.0 61.6 202.6 72.6]/Border[0 0 0]/A 246 0 R>>endobj +248 0 obj[237 0 R 239 0 R 241 0 R 243 0 R +245 0 R +247 0 R ]endobj -245 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj -246 0 obj<</Subtype/Link/Rect[225.7 661.0 434.8 674.0]/Border[0 0 0]/A 245 0 R>>endobj -247 0 obj[246 0 R +249 0 obj<</S/URI/URI(#TEMPLATEHOMEDIR)>>endobj +250 0 obj<</Subtype/Link/Rect[100.0 711.2 186.4 722.2]/Border[0 0 0]/A 249 0 R>>endobj +251 0 obj<</S/URI/URI(#TEMPLATESHELL)>>endobj +252 0 obj<</Subtype/Link/Rect[100.0 700.4 175.6 711.4]/Border[0 0 0]/A 251 0 R>>endobj +253 0 obj[250 0 R +252 0 R ]endobj -248 0 obj<</S/URI/URI(http://samba.org/samba/cvs.html)>>endobj -249 0 obj<</Subtype/Link/Rect[357.1 577.0 500.7 590.0]/Border[0 0 0]/A 248 0 R>>endobj -250 0 obj<</S/URI/URI(http://samba.org/cgi-bin/cvsweb)>>endobj -251 0 obj<</Subtype/Link/Rect[138.6 354.6 283.2 367.6]/Border[0 0 0]/A 250 0 R>>endobj -252 0 obj<</S/URI/URI(http://www.cyclic.com/)>>endobj -253 0 obj<</Subtype/Link/Rect[394.3 230.2 498.2 243.2]/Border[0 0 0]/A 252 0 R>>endobj -254 0 obj[249 0 R -251 0 R -253 0 R -]endobj -255 0 obj<</S/URI/URI(x1096.htm)>>endobj -256 0 obj<</Subtype/Link/Rect[204.3 408.2 260.8 421.2]/Border[0 0 0]/A 255 0 R>>endobj -257 0 obj[256 0 R -]endobj -258 0 obj<</Subtype/Link/Rect[72.0 684.0 277.3 697.0]/Border[0 0 0]/Dest[523 0 R/XYZ null 798 0]>>endobj -259 0 obj<</Subtype/Link/Rect[108.0 670.8 249.2 683.8]/Border[0 0 0]/Dest[523 0 R/XYZ null 730 0]>>endobj -260 0 obj<</Subtype/Link/Rect[108.0 657.6 255.0 670.6]/Border[0 0 0]/Dest[523 0 R/XYZ null 593 0]>>endobj -261 0 obj<</Subtype/Link/Rect[108.0 644.4 257.7 657.4]/Border[0 0 0]/Dest[523 0 R/XYZ null 178 0]>>endobj -262 0 obj<</Subtype/Link/Rect[108.0 631.2 309.0 644.2]/Border[0 0 0]/Dest[526 0 R/XYZ null 739 0]>>endobj -263 0 obj<</Subtype/Link/Rect[108.0 618.0 316.7 631.0]/Border[0 0 0]/Dest[526 0 R/XYZ null 379 0]>>endobj -264 0 obj<</Subtype/Link/Rect[108.0 604.8 284.9 617.8]/Border[0 0 0]/Dest[526 0 R/XYZ null 268 0]>>endobj -265 0 obj<</Subtype/Link/Rect[108.0 591.6 280.0 604.6]/Border[0 0 0]/Dest[529 0 R/XYZ null 768 0]>>endobj -266 0 obj<</Subtype/Link/Rect[108.0 578.4 328.6 591.4]/Border[0 0 0]/Dest[529 0 R/XYZ null 266 0]>>endobj -267 0 obj<</Subtype/Link/Rect[108.0 565.2 364.9 578.2]/Border[0 0 0]/Dest[532 0 R/XYZ null 686 0]>>endobj -268 0 obj<</Subtype/Link/Rect[108.0 552.0 315.8 565.0]/Border[0 0 0]/Dest[532 0 R/XYZ null 509 0]>>endobj -269 0 obj<</Subtype/Link/Rect[108.0 538.8 514.3 551.8]/Border[0 0 0]/Dest[532 0 R/XYZ null 332 0]>>endobj -270 0 obj<</Subtype/Link/Rect[108.0 525.6 259.4 538.6]/Border[0 0 0]/Dest[535 0 R/XYZ null 768 0]>>endobj -271 0 obj<</Subtype/Link/Rect[108.0 512.4 236.0 525.4]/Border[0 0 0]/Dest[535 0 R/XYZ null 577 0]>>endobj -272 0 obj<</Subtype/Link/Rect[108.0 499.2 186.5 512.2]/Border[0 0 0]/Dest[535 0 R/XYZ null 505 0]>>endobj -273 0 obj<</Subtype/Link/Rect[108.0 486.0 267.2 499.0]/Border[0 0 0]/Dest[535 0 R/XYZ null 394 0]>>endobj -274 0 obj<</Subtype/Link/Rect[108.0 472.8 295.6 485.8]/Border[0 0 0]/Dest[538 0 R/XYZ null 739 0]>>endobj -275 0 obj<</Subtype/Link/Rect[108.0 459.6 177.7 472.6]/Border[0 0 0]/Dest[538 0 R/XYZ null 615 0]>>endobj -276 0 obj<</Subtype/Link/Rect[108.0 446.4 232.3 459.4]/Border[0 0 0]/Dest[541 0 R/XYZ null 768 0]>>endobj -277 0 obj<</Subtype/Link/Rect[108.0 433.2 232.6 446.2]/Border[0 0 0]/Dest[541 0 R/XYZ null 683 0]>>endobj -278 0 obj<</Subtype/Link/Rect[72.0 406.8 348.8 419.8]/Border[0 0 0]/Dest[544 0 R/XYZ null 798 0]>>endobj -279 0 obj<</Subtype/Link/Rect[108.0 393.6 161.5 406.6]/Border[0 0 0]/Dest[544 0 R/XYZ null 706 0]>>endobj -280 0 obj<</Subtype/Link/Rect[108.0 380.4 327.7 393.4]/Border[0 0 0]/Dest[544 0 R/XYZ null 463 0]>>endobj -281 0 obj<</Subtype/Link/Rect[108.0 367.2 177.1 380.2]/Border[0 0 0]/Dest[544 0 R/XYZ null 325 0]>>endobj -282 0 obj<</Subtype/Link/Rect[108.0 354.0 203.6 367.0]/Border[0 0 0]/Dest[547 0 R/XYZ null 435 0]>>endobj -283 0 obj<</Subtype/Link/Rect[108.0 340.8 195.1 353.8]/Border[0 0 0]/Dest[547 0 R/XYZ null 285 0]>>endobj -284 0 obj<</Subtype/Link/Rect[108.0 327.6 215.2 340.6]/Border[0 0 0]/Dest[550 0 R/XYZ null 768 0]>>endobj -285 0 obj<</Subtype/Link/Rect[108.0 314.4 382.4 327.4]/Border[0 0 0]/Dest[550 0 R/XYZ null 268 0]>>endobj -286 0 obj<</Subtype/Link/Rect[108.0 301.2 255.6 314.2]/Border[0 0 0]/Dest[553 0 R/XYZ null 210 0]>>endobj -287 0 obj<</Subtype/Link/Rect[108.0 288.0 224.1 301.0]/Border[0 0 0]/Dest[556 0 R/XYZ null 660 0]>>endobj -288 0 obj<</Subtype/Link/Rect[108.0 274.8 187.8 287.8]/Border[0 0 0]/Dest[559 0 R/XYZ null 371 0]>>endobj -289 0 obj<</Subtype/Link/Rect[108.0 261.6 194.5 274.6]/Border[0 0 0]/Dest[559 0 R/XYZ null 260 0]>>endobj -290 0 obj<</Subtype/Link/Rect[108.0 248.4 200.6 261.4]/Border[0 0 0]/Dest[562 0 R/XYZ null 768 0]>>endobj -291 0 obj<</Subtype/Link/Rect[108.0 235.2 526.0 248.2]/Border[0 0 0]/Dest[562 0 R/XYZ null 529 0]>>endobj -292 0 obj<</Subtype/Link/Rect[108.0 222.0 500.6 235.0]/Border[0 0 0]/Dest[565 0 R/XYZ null 633 0]>>endobj -293 0 obj<</Subtype/Link/Rect[108.0 208.8 353.3 221.8]/Border[0 0 0]/Dest[568 0 R/XYZ null 581 0]>>endobj -294 0 obj<</Subtype/Link/Rect[108.0 195.6 419.0 208.6]/Border[0 0 0]/Dest[568 0 R/XYZ null 304 0]>>endobj -295 0 obj<</Subtype/Link/Rect[108.0 182.4 332.5 195.4]/Border[0 0 0]/Dest[571 0 R/XYZ null 594 0]>>endobj -296 0 obj<</Subtype/Link/Rect[108.0 169.2 181.6 182.2]/Border[0 0 0]/Dest[574 0 R/XYZ null 639 0]>>endobj -297 0 obj<</Subtype/Link/Rect[72.0 142.8 463.4 155.8]/Border[0 0 0]/Dest[577 0 R/XYZ null 798 0]>>endobj -298 0 obj<</Subtype/Link/Rect[108.0 129.6 202.4 142.6]/Border[0 0 0]/Dest[577 0 R/XYZ null 706 0]>>endobj -299 0 obj<</Subtype/Link/Rect[108.0 116.4 244.9 129.4]/Border[0 0 0]/Dest[580 0 R/XYZ null 192 0]>>endobj -300 0 obj<</Subtype/Link/Rect[108.0 103.2 270.3 116.2]/Border[0 0 0]/Dest[583 0 R/XYZ null 739 0]>>endobj -301 0 obj<</Subtype/Link/Rect[72.0 76.8 402.3 89.8]/Border[0 0 0]/Dest[586 0 R/XYZ null 798 0]>>endobj -302 0 obj<</Subtype/Link/Rect[108.0 63.6 179.2 76.6]/Border[0 0 0]/Dest[586 0 R/XYZ null 706 0]>>endobj -303 0 obj[258 0 R +254 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj +255 0 obj<</Subtype/Link/Rect[331.1 607.0 550.0 620.0]/Border[0 0 0]/A 254 0 R>>endobj +256 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj +257 0 obj<</Subtype/Link/Rect[72.0 241.4 319.2 254.4]/Border[0 0 0]/A 256 0 R>>endobj +258 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj +259 0 obj<</Subtype/Link/Rect[346.1 241.4 544.2 254.4]/Border[0 0 0]/A 258 0 R>>endobj +260 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj +261 0 obj<</Subtype/Link/Rect[175.9 117.8 366.2 130.8]/Border[0 0 0]/A 260 0 R>>endobj +262 0 obj[255 0 R +257 0 R 259 0 R -260 0 R 261 0 R -262 0 R -263 0 R -264 0 R -265 0 R -266 0 R -267 0 R -268 0 R +]endobj +263 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj +264 0 obj<</Subtype/Link/Rect[225.7 661.0 434.8 674.0]/Border[0 0 0]/A 263 0 R>>endobj +265 0 obj[264 0 R +]endobj +266 0 obj<</S/URI/URI(http://samba.org/samba/cvs.html)>>endobj +267 0 obj<</Subtype/Link/Rect[357.1 577.0 500.7 590.0]/Border[0 0 0]/A 266 0 R>>endobj +268 0 obj<</S/URI/URI(http://samba.org/cgi-bin/cvsweb)>>endobj +269 0 obj<</Subtype/Link/Rect[138.6 354.6 283.2 367.6]/Border[0 0 0]/A 268 0 R>>endobj +270 0 obj<</S/URI/URI(http://www.cyclic.com/)>>endobj +271 0 obj<</Subtype/Link/Rect[394.3 230.2 498.2 243.2]/Border[0 0 0]/A 270 0 R>>endobj +272 0 obj[267 0 R 269 0 R -270 0 R 271 0 R -272 0 R -273 0 R -274 0 R -275 0 R -276 0 R +]endobj +273 0 obj<</S/URI/URI(x1098.htm)>>endobj +274 0 obj<</Subtype/Link/Rect[201.6 408.2 258.1 421.2]/Border[0 0 0]/A 273 0 R>>endobj +275 0 obj[274 0 R +]endobj +276 0 obj<</Subtype/Link/Rect[72.0 684.0 277.3 697.0]/Border[0 0 0]/Dest[543 0 R/XYZ null 798 0]>>endobj +277 0 obj<</Subtype/Link/Rect[108.0 670.8 249.2 683.8]/Border[0 0 0]/Dest[543 0 R/XYZ null 730 0]>>endobj +278 0 obj<</Subtype/Link/Rect[108.0 657.6 255.0 670.6]/Border[0 0 0]/Dest[543 0 R/XYZ null 593 0]>>endobj +279 0 obj<</Subtype/Link/Rect[108.0 644.4 257.7 657.4]/Border[0 0 0]/Dest[543 0 R/XYZ null 178 0]>>endobj +280 0 obj<</Subtype/Link/Rect[108.0 631.2 309.0 644.2]/Border[0 0 0]/Dest[546 0 R/XYZ null 739 0]>>endobj +281 0 obj<</Subtype/Link/Rect[108.0 618.0 316.7 631.0]/Border[0 0 0]/Dest[546 0 R/XYZ null 379 0]>>endobj +282 0 obj<</Subtype/Link/Rect[108.0 604.8 284.9 617.8]/Border[0 0 0]/Dest[546 0 R/XYZ null 268 0]>>endobj +283 0 obj<</Subtype/Link/Rect[108.0 591.6 280.0 604.6]/Border[0 0 0]/Dest[549 0 R/XYZ null 768 0]>>endobj +284 0 obj<</Subtype/Link/Rect[108.0 578.4 328.6 591.4]/Border[0 0 0]/Dest[549 0 R/XYZ null 266 0]>>endobj +285 0 obj<</Subtype/Link/Rect[108.0 565.2 364.9 578.2]/Border[0 0 0]/Dest[552 0 R/XYZ null 686 0]>>endobj +286 0 obj<</Subtype/Link/Rect[108.0 552.0 315.8 565.0]/Border[0 0 0]/Dest[552 0 R/XYZ null 509 0]>>endobj +287 0 obj<</Subtype/Link/Rect[108.0 538.8 514.3 551.8]/Border[0 0 0]/Dest[552 0 R/XYZ null 332 0]>>endobj +288 0 obj<</Subtype/Link/Rect[108.0 525.6 259.4 538.6]/Border[0 0 0]/Dest[555 0 R/XYZ null 768 0]>>endobj +289 0 obj<</Subtype/Link/Rect[108.0 512.4 236.0 525.4]/Border[0 0 0]/Dest[555 0 R/XYZ null 577 0]>>endobj +290 0 obj<</Subtype/Link/Rect[108.0 499.2 186.5 512.2]/Border[0 0 0]/Dest[555 0 R/XYZ null 505 0]>>endobj +291 0 obj<</Subtype/Link/Rect[108.0 486.0 267.2 499.0]/Border[0 0 0]/Dest[555 0 R/XYZ null 394 0]>>endobj +292 0 obj<</Subtype/Link/Rect[108.0 472.8 295.6 485.8]/Border[0 0 0]/Dest[558 0 R/XYZ null 739 0]>>endobj +293 0 obj<</Subtype/Link/Rect[108.0 459.6 177.7 472.6]/Border[0 0 0]/Dest[558 0 R/XYZ null 615 0]>>endobj +294 0 obj<</Subtype/Link/Rect[108.0 446.4 232.3 459.4]/Border[0 0 0]/Dest[561 0 R/XYZ null 768 0]>>endobj +295 0 obj<</Subtype/Link/Rect[108.0 433.2 232.6 446.2]/Border[0 0 0]/Dest[561 0 R/XYZ null 683 0]>>endobj +296 0 obj<</Subtype/Link/Rect[72.0 406.8 348.8 419.8]/Border[0 0 0]/Dest[564 0 R/XYZ null 798 0]>>endobj +297 0 obj<</Subtype/Link/Rect[108.0 393.6 161.5 406.6]/Border[0 0 0]/Dest[564 0 R/XYZ null 706 0]>>endobj +298 0 obj<</Subtype/Link/Rect[108.0 380.4 327.7 393.4]/Border[0 0 0]/Dest[564 0 R/XYZ null 463 0]>>endobj +299 0 obj<</Subtype/Link/Rect[108.0 367.2 177.1 380.2]/Border[0 0 0]/Dest[564 0 R/XYZ null 325 0]>>endobj +300 0 obj<</Subtype/Link/Rect[108.0 354.0 203.6 367.0]/Border[0 0 0]/Dest[567 0 R/XYZ null 435 0]>>endobj +301 0 obj<</Subtype/Link/Rect[108.0 340.8 195.1 353.8]/Border[0 0 0]/Dest[567 0 R/XYZ null 285 0]>>endobj +302 0 obj<</Subtype/Link/Rect[108.0 327.6 215.2 340.6]/Border[0 0 0]/Dest[570 0 R/XYZ null 768 0]>>endobj +303 0 obj<</Subtype/Link/Rect[108.0 314.4 382.4 327.4]/Border[0 0 0]/Dest[570 0 R/XYZ null 268 0]>>endobj +304 0 obj<</Subtype/Link/Rect[108.0 301.2 255.6 314.2]/Border[0 0 0]/Dest[573 0 R/XYZ null 210 0]>>endobj +305 0 obj<</Subtype/Link/Rect[108.0 288.0 224.1 301.0]/Border[0 0 0]/Dest[576 0 R/XYZ null 660 0]>>endobj +306 0 obj<</Subtype/Link/Rect[108.0 274.8 187.8 287.8]/Border[0 0 0]/Dest[579 0 R/XYZ null 371 0]>>endobj +307 0 obj<</Subtype/Link/Rect[108.0 261.6 194.5 274.6]/Border[0 0 0]/Dest[579 0 R/XYZ null 260 0]>>endobj +308 0 obj<</Subtype/Link/Rect[108.0 248.4 200.6 261.4]/Border[0 0 0]/Dest[582 0 R/XYZ null 768 0]>>endobj +309 0 obj<</Subtype/Link/Rect[108.0 235.2 526.0 248.2]/Border[0 0 0]/Dest[582 0 R/XYZ null 529 0]>>endobj +310 0 obj<</Subtype/Link/Rect[108.0 222.0 500.6 235.0]/Border[0 0 0]/Dest[585 0 R/XYZ null 633 0]>>endobj +311 0 obj<</Subtype/Link/Rect[108.0 208.8 353.3 221.8]/Border[0 0 0]/Dest[588 0 R/XYZ null 581 0]>>endobj +312 0 obj<</Subtype/Link/Rect[108.0 195.6 419.0 208.6]/Border[0 0 0]/Dest[588 0 R/XYZ null 304 0]>>endobj +313 0 obj<</Subtype/Link/Rect[108.0 182.4 332.5 195.4]/Border[0 0 0]/Dest[591 0 R/XYZ null 594 0]>>endobj +314 0 obj<</Subtype/Link/Rect[108.0 169.2 181.6 182.2]/Border[0 0 0]/Dest[594 0 R/XYZ null 639 0]>>endobj +315 0 obj<</Subtype/Link/Rect[72.0 142.8 463.4 155.8]/Border[0 0 0]/Dest[597 0 R/XYZ null 798 0]>>endobj +316 0 obj<</Subtype/Link/Rect[108.0 129.6 202.4 142.6]/Border[0 0 0]/Dest[597 0 R/XYZ null 706 0]>>endobj +317 0 obj<</Subtype/Link/Rect[108.0 116.4 244.9 129.4]/Border[0 0 0]/Dest[600 0 R/XYZ null 179 0]>>endobj +318 0 obj<</Subtype/Link/Rect[108.0 103.2 270.3 116.2]/Border[0 0 0]/Dest[603 0 R/XYZ null 726 0]>>endobj +319 0 obj<</Subtype/Link/Rect[72.0 76.8 402.3 89.8]/Border[0 0 0]/Dest[606 0 R/XYZ null 798 0]>>endobj +320 0 obj<</Subtype/Link/Rect[108.0 63.6 179.2 76.6]/Border[0 0 0]/Dest[606 0 R/XYZ null 706 0]>>endobj +321 0 obj[276 0 R 277 0 R 278 0 R 279 0 R @@ -454,51 +462,8 @@ 300 0 R 301 0 R 302 0 R -]endobj -304 0 obj<</Subtype/Link/Rect[108.0 684.0 161.2 697.0]/Border[0 0 0]/Dest[589 0 R/XYZ null 673 0]>>endobj -305 0 obj<</Subtype/Link/Rect[72.0 657.6 412.7 670.6]/Border[0 0 0]/Dest[592 0 R/XYZ null 798 0]>>endobj -306 0 obj<</Subtype/Link/Rect[108.0 644.4 447.4 657.4]/Border[0 0 0]/Dest[592 0 R/XYZ null 706 0]>>endobj -307 0 obj<</Subtype/Link/Rect[108.0 631.2 319.1 644.2]/Border[0 0 0]/Dest[592 0 R/XYZ null 525 0]>>endobj -308 0 obj<</Subtype/Link/Rect[108.0 618.0 231.1 631.0]/Border[0 0 0]/Dest[592 0 R/XYZ null 348 0]>>endobj -309 0 obj<</Subtype/Link/Rect[108.0 604.8 292.2 617.8]/Border[0 0 0]/Dest[595 0 R/XYZ null 686 0]>>endobj -310 0 obj<</Subtype/Link/Rect[108.0 591.6 208.5 604.6]/Border[0 0 0]/Dest[595 0 R/XYZ null 443 0]>>endobj -311 0 obj<</Subtype/Link/Rect[108.0 578.4 233.6 591.4]/Border[0 0 0]/Dest[595 0 R/XYZ null 187 0]>>endobj -312 0 obj<</Subtype/Link/Rect[108.0 565.2 301.4 578.2]/Border[0 0 0]/Dest[598 0 R/XYZ null 673 0]>>endobj -313 0 obj<</Subtype/Link/Rect[108.0 552.0 394.8 565.0]/Border[0 0 0]/Dest[598 0 R/XYZ null 232 0]>>endobj -314 0 obj<</Subtype/Link/Rect[108.0 538.8 386.9 551.8]/Border[0 0 0]/Dest[604 0 R/XYZ null 594 0]>>endobj -315 0 obj<</Subtype/Link/Rect[72.0 512.4 277.1 525.4]/Border[0 0 0]/Dest[607 0 R/XYZ null 798 0]>>endobj -316 0 obj<</Subtype/Link/Rect[108.0 499.2 181.6 512.2]/Border[0 0 0]/Dest[607 0 R/XYZ null 730 0]>>endobj -317 0 obj<</Subtype/Link/Rect[108.0 486.0 189.0 499.0]/Border[0 0 0]/Dest[607 0 R/XYZ null 302 0]>>endobj -318 0 obj<</Subtype/Link/Rect[108.0 472.8 209.7 485.8]/Border[0 0 0]/Dest[610 0 R/XYZ null 693 0]>>endobj -319 0 obj<</Subtype/Link/Rect[108.0 459.6 294.4 472.6]/Border[0 0 0]/Dest[613 0 R/XYZ null 463 0]>>endobj -320 0 obj<</Subtype/Link/Rect[108.0 446.4 287.3 459.4]/Border[0 0 0]/Dest[616 0 R/XYZ null 686 0]>>endobj -321 0 obj<</Subtype/Link/Rect[108.0 433.2 350.9 446.2]/Border[0 0 0]/Dest[616 0 R/XYZ null 302 0]>>endobj -322 0 obj<</Subtype/Link/Rect[108.0 420.0 242.1 433.0]/Border[0 0 0]/Dest[619 0 R/XYZ null 686 0]>>endobj -323 0 obj<</Subtype/Link/Rect[108.0 406.8 220.1 419.8]/Border[0 0 0]/Dest[619 0 R/XYZ null 496 0]>>endobj -324 0 obj<</Subtype/Link/Rect[108.0 393.6 214.3 406.6]/Border[0 0 0]/Dest[619 0 R/XYZ null 385 0]>>endobj -325 0 obj<</Subtype/Link/Rect[108.0 380.4 281.2 393.4]/Border[0 0 0]/Dest[619 0 R/XYZ null 247 0]>>endobj -326 0 obj<</Subtype/Link/Rect[108.0 367.2 222.3 380.2]/Border[0 0 0]/Dest[619 0 R/XYZ null 149 0]>>endobj -327 0 obj<</Subtype/Link/Rect[108.0 354.0 234.5 367.0]/Border[0 0 0]/Dest[622 0 R/XYZ null 713 0]>>endobj -328 0 obj<</Subtype/Link/Rect[108.0 340.8 300.2 353.8]/Border[0 0 0]/Dest[625 0 R/XYZ null 768 0]>>endobj -329 0 obj<</Subtype/Link/Rect[72.0 314.4 272.9 327.4]/Border[0 0 0]/Dest[628 0 R/XYZ null 798 0]>>endobj -330 0 obj<</Subtype/Link/Rect[108.0 301.2 299.9 314.2]/Border[0 0 0]/Dest[628 0 R/XYZ null 730 0]>>endobj -331 0 obj<</Subtype/Link/Rect[108.0 288.0 288.0 301.0]/Border[0 0 0]/Dest[631 0 R/XYZ null 356 0]>>endobj -332 0 obj<</Subtype/Link/Rect[108.0 274.8 307.9 287.8]/Border[0 0 0]/Dest[634 0 R/XYZ null 768 0]>>endobj -333 0 obj<</Subtype/Link/Rect[72.0 248.4 416.3 261.4]/Border[0 0 0]/Dest[637 0 R/XYZ null 798 0]>>endobj -334 0 obj<</Subtype/Link/Rect[108.0 235.2 219.2 248.2]/Border[0 0 0]/Dest[637 0 R/XYZ null 706 0]>>endobj -335 0 obj<</Subtype/Link/Rect[108.0 222.0 181.0 235.0]/Border[0 0 0]/Dest[637 0 R/XYZ null 608 0]>>endobj -336 0 obj<</Subtype/Link/Rect[108.0 208.8 316.1 221.8]/Border[0 0 0]/Dest[640 0 R/XYZ null 660 0]>>endobj -337 0 obj<</Subtype/Link/Rect[108.0 195.6 432.8 208.6]/Border[0 0 0]/Dest[643 0 R/XYZ null 545 0]>>endobj -338 0 obj<</Subtype/Link/Rect[108.0 182.4 319.4 195.4]/Border[0 0 0]/Dest[643 0 R/XYZ null 209 0]>>endobj -339 0 obj<</Subtype/Link/Rect[108.0 169.2 330.8 182.2]/Border[0 0 0]/Dest[646 0 R/XYZ null 372 0]>>endobj -340 0 obj<</Subtype/Link/Rect[108.0 156.0 261.4 169.0]/Border[0 0 0]/Dest[646 0 R/XYZ null 196 0]>>endobj -341 0 obj<</Subtype/Link/Rect[108.0 142.8 252.8 155.8]/Border[0 0 0]/Dest[652 0 R/XYZ null 545 0]>>endobj -342 0 obj<</Subtype/Link/Rect[108.0 129.6 246.4 142.6]/Border[0 0 0]/Dest[655 0 R/XYZ null 488 0]>>endobj -343 0 obj<</Subtype/Link/Rect[108.0 116.4 292.9 129.4]/Border[0 0 0]/Dest[664 0 R/XYZ null 768 0]>>endobj -344 0 obj<</Subtype/Link/Rect[108.0 103.2 332.0 116.2]/Border[0 0 0]/Dest[667 0 R/XYZ null 435 0]>>endobj -345 0 obj<</Subtype/Link/Rect[108.0 90.0 406.2 103.0]/Border[0 0 0]/Dest[670 0 R/XYZ null 189 0]>>endobj -346 0 obj<</Subtype/Link/Rect[108.0 76.8 431.0 89.8]/Border[0 0 0]/Dest[685 0 R/XYZ null 686 0]>>endobj -347 0 obj[304 0 R +303 0 R +304 0 R 305 0 R 306 0 R 307 0 R @@ -515,8 +480,52 @@ 318 0 R 319 0 R 320 0 R -321 0 R -322 0 R +]endobj +322 0 obj<</Subtype/Link/Rect[108.0 684.0 161.2 697.0]/Border[0 0 0]/Dest[609 0 R/XYZ null 673 0]>>endobj +323 0 obj<</Subtype/Link/Rect[72.0 657.6 412.7 670.6]/Border[0 0 0]/Dest[612 0 R/XYZ null 798 0]>>endobj +324 0 obj<</Subtype/Link/Rect[108.0 644.4 447.4 657.4]/Border[0 0 0]/Dest[612 0 R/XYZ null 706 0]>>endobj +325 0 obj<</Subtype/Link/Rect[108.0 631.2 319.1 644.2]/Border[0 0 0]/Dest[612 0 R/XYZ null 525 0]>>endobj +326 0 obj<</Subtype/Link/Rect[108.0 618.0 231.1 631.0]/Border[0 0 0]/Dest[612 0 R/XYZ null 348 0]>>endobj +327 0 obj<</Subtype/Link/Rect[108.0 604.8 292.2 617.8]/Border[0 0 0]/Dest[615 0 R/XYZ null 686 0]>>endobj +328 0 obj<</Subtype/Link/Rect[108.0 591.6 208.5 604.6]/Border[0 0 0]/Dest[615 0 R/XYZ null 443 0]>>endobj +329 0 obj<</Subtype/Link/Rect[108.0 578.4 233.6 591.4]/Border[0 0 0]/Dest[615 0 R/XYZ null 187 0]>>endobj +330 0 obj<</Subtype/Link/Rect[108.0 565.2 301.4 578.2]/Border[0 0 0]/Dest[618 0 R/XYZ null 673 0]>>endobj +331 0 obj<</Subtype/Link/Rect[108.0 552.0 394.8 565.0]/Border[0 0 0]/Dest[618 0 R/XYZ null 232 0]>>endobj +332 0 obj<</Subtype/Link/Rect[108.0 538.8 386.9 551.8]/Border[0 0 0]/Dest[624 0 R/XYZ null 594 0]>>endobj +333 0 obj<</Subtype/Link/Rect[72.0 512.4 277.1 525.4]/Border[0 0 0]/Dest[627 0 R/XYZ null 798 0]>>endobj +334 0 obj<</Subtype/Link/Rect[108.0 499.2 181.6 512.2]/Border[0 0 0]/Dest[627 0 R/XYZ null 730 0]>>endobj +335 0 obj<</Subtype/Link/Rect[108.0 486.0 189.0 499.0]/Border[0 0 0]/Dest[627 0 R/XYZ null 302 0]>>endobj +336 0 obj<</Subtype/Link/Rect[108.0 472.8 209.7 485.8]/Border[0 0 0]/Dest[630 0 R/XYZ null 693 0]>>endobj +337 0 obj<</Subtype/Link/Rect[108.0 459.6 294.4 472.6]/Border[0 0 0]/Dest[633 0 R/XYZ null 463 0]>>endobj +338 0 obj<</Subtype/Link/Rect[108.0 446.4 287.3 459.4]/Border[0 0 0]/Dest[636 0 R/XYZ null 686 0]>>endobj +339 0 obj<</Subtype/Link/Rect[108.0 433.2 350.9 446.2]/Border[0 0 0]/Dest[636 0 R/XYZ null 302 0]>>endobj +340 0 obj<</Subtype/Link/Rect[108.0 420.0 242.1 433.0]/Border[0 0 0]/Dest[639 0 R/XYZ null 686 0]>>endobj +341 0 obj<</Subtype/Link/Rect[108.0 406.8 220.1 419.8]/Border[0 0 0]/Dest[639 0 R/XYZ null 496 0]>>endobj +342 0 obj<</Subtype/Link/Rect[108.0 393.6 214.3 406.6]/Border[0 0 0]/Dest[639 0 R/XYZ null 385 0]>>endobj +343 0 obj<</Subtype/Link/Rect[108.0 380.4 281.2 393.4]/Border[0 0 0]/Dest[639 0 R/XYZ null 247 0]>>endobj +344 0 obj<</Subtype/Link/Rect[108.0 367.2 222.3 380.2]/Border[0 0 0]/Dest[639 0 R/XYZ null 149 0]>>endobj +345 0 obj<</Subtype/Link/Rect[108.0 354.0 234.5 367.0]/Border[0 0 0]/Dest[642 0 R/XYZ null 713 0]>>endobj +346 0 obj<</Subtype/Link/Rect[108.0 340.8 300.2 353.8]/Border[0 0 0]/Dest[645 0 R/XYZ null 768 0]>>endobj +347 0 obj<</Subtype/Link/Rect[72.0 314.4 272.9 327.4]/Border[0 0 0]/Dest[648 0 R/XYZ null 798 0]>>endobj +348 0 obj<</Subtype/Link/Rect[108.0 301.2 299.9 314.2]/Border[0 0 0]/Dest[648 0 R/XYZ null 730 0]>>endobj +349 0 obj<</Subtype/Link/Rect[108.0 288.0 288.0 301.0]/Border[0 0 0]/Dest[651 0 R/XYZ null 383 0]>>endobj +350 0 obj<</Subtype/Link/Rect[108.0 274.8 307.9 287.8]/Border[0 0 0]/Dest[651 0 R/XYZ null 166 0]>>endobj +351 0 obj<</Subtype/Link/Rect[72.0 248.4 416.3 261.4]/Border[0 0 0]/Dest[657 0 R/XYZ null 798 0]>>endobj +352 0 obj<</Subtype/Link/Rect[108.0 235.2 219.2 248.2]/Border[0 0 0]/Dest[657 0 R/XYZ null 706 0]>>endobj +353 0 obj<</Subtype/Link/Rect[108.0 222.0 181.0 235.0]/Border[0 0 0]/Dest[657 0 R/XYZ null 608 0]>>endobj +354 0 obj<</Subtype/Link/Rect[108.0 208.8 316.1 221.8]/Border[0 0 0]/Dest[660 0 R/XYZ null 726 0]>>endobj +355 0 obj<</Subtype/Link/Rect[108.0 195.6 430.0 208.6]/Border[0 0 0]/Dest[663 0 R/XYZ null 607 0]>>endobj +356 0 obj<</Subtype/Link/Rect[108.0 182.4 333.2 195.4]/Border[0 0 0]/Dest[663 0 R/XYZ null 232 0]>>endobj +357 0 obj<</Subtype/Link/Rect[108.0 169.2 362.5 182.2]/Border[0 0 0]/Dest[666 0 R/XYZ null 359 0]>>endobj +358 0 obj<</Subtype/Link/Rect[108.0 156.0 279.4 169.0]/Border[0 0 0]/Dest[669 0 R/XYZ null 768 0]>>endobj +359 0 obj<</Subtype/Link/Rect[108.0 142.8 261.4 155.8]/Border[0 0 0]/Dest[669 0 R/XYZ null 392 0]>>endobj +360 0 obj<</Subtype/Link/Rect[108.0 129.6 252.8 142.6]/Border[0 0 0]/Dest[675 0 R/XYZ null 739 0]>>endobj +361 0 obj<</Subtype/Link/Rect[108.0 116.4 243.6 129.4]/Border[0 0 0]/Dest[678 0 R/XYZ null 686 0]>>endobj +362 0 obj<</Subtype/Link/Rect[108.0 103.2 292.9 116.2]/Border[0 0 0]/Dest[684 0 R/XYZ null 303 0]>>endobj +363 0 obj<</Subtype/Link/Rect[108.0 90.0 332.0 103.0]/Border[0 0 0]/Dest[687 0 R/XYZ null 277 0]>>endobj +364 0 obj<</Subtype/Link/Rect[108.0 76.8 406.2 89.8]/Border[0 0 0]/Dest[690 0 R/XYZ null 482 0]>>endobj +365 0 obj<</Subtype/Link/Rect[108.0 63.6 431.0 76.6]/Border[0 0 0]/Dest[702 0 R/XYZ null 274 0]>>endobj +366 0 obj[322 0 R 323 0 R 324 0 R 325 0 R @@ -541,37 +550,8 @@ 344 0 R 345 0 R 346 0 R -]endobj -348 0 obj<</Subtype/Link/Rect[72.0 684.0 426.2 697.0]/Border[0 0 0]/Dest[691 0 R/XYZ null 798 0]>>endobj -349 0 obj<</Subtype/Link/Rect[108.0 670.8 164.5 683.8]/Border[0 0 0]/Dest[691 0 R/XYZ null 706 0]>>endobj -350 0 obj<</Subtype/Link/Rect[108.0 657.6 181.6 670.6]/Border[0 0 0]/Dest[691 0 R/XYZ null 569 0]>>endobj -351 0 obj<</Subtype/Link/Rect[108.0 644.4 233.6 657.4]/Border[0 0 0]/Dest[691 0 R/XYZ null 246 0]>>endobj -352 0 obj<</Subtype/Link/Rect[108.0 631.2 188.3 644.2]/Border[0 0 0]/Dest[694 0 R/XYZ null 581 0]>>endobj -353 0 obj<</Subtype/Link/Rect[108.0 618.0 222.0 631.0]/Border[0 0 0]/Dest[694 0 R/XYZ null 417 0]>>endobj -354 0 obj<</Subtype/Link/Rect[108.0 604.8 288.6 617.8]/Border[0 0 0]/Dest[694 0 R/XYZ null 292 0]>>endobj -355 0 obj<</Subtype/Link/Rect[108.0 591.6 230.8 604.6]/Border[0 0 0]/Dest[697 0 R/XYZ null 768 0]>>endobj -356 0 obj<</Subtype/Link/Rect[108.0 578.4 288.9 591.4]/Border[0 0 0]/Dest[697 0 R/XYZ null 313 0]>>endobj -357 0 obj<</Subtype/Link/Rect[108.0 565.2 269.3 578.2]/Border[0 0 0]/Dest[700 0 R/XYZ null 673 0]>>endobj -358 0 obj<</Subtype/Link/Rect[108.0 552.0 203.0 565.0]/Border[0 0 0]/Dest[700 0 R/XYZ null 483 0]>>endobj -359 0 obj<</Subtype/Link/Rect[108.0 538.8 259.9 551.8]/Border[0 0 0]/Dest[700 0 R/XYZ null 332 0]>>endobj -360 0 obj<</Subtype/Link/Rect[108.0 525.6 189.9 538.6]/Border[0 0 0]/Dest[700 0 R/XYZ null 221 0]>>endobj -361 0 obj<</Subtype/Link/Rect[108.0 512.4 196.6 525.4]/Border[0 0 0]/Dest[703 0 R/XYZ null 581 0]>>endobj -362 0 obj<</Subtype/Link/Rect[108.0 499.2 221.1 512.2]/Border[0 0 0]/Dest[703 0 R/XYZ null 298 0]>>endobj -363 0 obj<</Subtype/Link/Rect[108.0 486.0 178.0 499.0]/Border[0 0 0]/Dest[718 0 R/XYZ null 435 0]>>endobj -364 0 obj<</Subtype/Link/Rect[108.0 472.8 177.4 485.8]/Border[0 0 0]/Dest[718 0 R/XYZ null 219 0]>>endobj -365 0 obj<</Subtype/Link/Rect[72.0 446.4 228.8 459.4]/Border[0 0 0]/Dest[721 0 R/XYZ null 798 0]>>endobj -366 0 obj<</Subtype/Link/Rect[108.0 433.2 159.0 446.2]/Border[0 0 0]/Dest[721 0 R/XYZ null 730 0]>>endobj -367 0 obj<</Subtype/Link/Rect[108.0 420.0 499.0 433.0]/Border[0 0 0]/Dest[721 0 R/XYZ null 700 0]>>endobj -368 0 obj<</Subtype/Link/Rect[108.0 406.8 504.2 419.8]/Border[0 0 0]/Dest[721 0 R/XYZ null 348 0]>>endobj -369 0 obj<</Subtype/Link/Rect[108.0 393.6 455.7 406.6]/Border[0 0 0]/Dest[724 0 R/XYZ null 768 0]>>endobj -370 0 obj<</Subtype/Link/Rect[108.0 380.4 425.4 393.4]/Border[0 0 0]/Dest[724 0 R/XYZ null 639 0]>>endobj -371 0 obj<</Subtype/Link/Rect[72.0 354.0 342.4 367.0]/Border[0 0 0]/Dest[727 0 R/XYZ null 798 0]>>endobj -372 0 obj<</Subtype/Link/Rect[108.0 340.8 187.1 353.8]/Border[0 0 0]/Dest[727 0 R/XYZ null 706 0]>>endobj -373 0 obj<</Subtype/Link/Rect[108.0 327.6 247.6 340.6]/Border[0 0 0]/Dest[727 0 R/XYZ null 582 0]>>endobj -374 0 obj<</Subtype/Link/Rect[108.0 314.4 230.8 327.4]/Border[0 0 0]/Dest[727 0 R/XYZ null 484 0]>>endobj -375 0 obj<</Subtype/Link/Rect[108.0 301.2 205.8 314.2]/Border[0 0 0]/Dest[727 0 R/XYZ null 359 0]>>endobj -376 0 obj<</Subtype/Link/Rect[72.0 288.0 97.0 301.0]/Border[0 0 0]/Dest[730 0 R/XYZ null 503 0]>>endobj -377 0 obj[348 0 R +347 0 R +348 0 R 349 0 R 350 0 R 351 0 R @@ -589,8 +569,37 @@ 363 0 R 364 0 R 365 0 R -366 0 R -367 0 R +]endobj +367 0 obj<</Subtype/Link/Rect[72.0 684.0 426.2 697.0]/Border[0 0 0]/Dest[711 0 R/XYZ null 798 0]>>endobj +368 0 obj<</Subtype/Link/Rect[108.0 670.8 164.5 683.8]/Border[0 0 0]/Dest[711 0 R/XYZ null 706 0]>>endobj +369 0 obj<</Subtype/Link/Rect[108.0 657.6 181.6 670.6]/Border[0 0 0]/Dest[711 0 R/XYZ null 569 0]>>endobj +370 0 obj<</Subtype/Link/Rect[108.0 644.4 233.6 657.4]/Border[0 0 0]/Dest[711 0 R/XYZ null 246 0]>>endobj +371 0 obj<</Subtype/Link/Rect[108.0 631.2 188.3 644.2]/Border[0 0 0]/Dest[714 0 R/XYZ null 581 0]>>endobj +372 0 obj<</Subtype/Link/Rect[108.0 618.0 222.0 631.0]/Border[0 0 0]/Dest[714 0 R/XYZ null 417 0]>>endobj +373 0 obj<</Subtype/Link/Rect[108.0 604.8 288.6 617.8]/Border[0 0 0]/Dest[714 0 R/XYZ null 292 0]>>endobj +374 0 obj<</Subtype/Link/Rect[108.0 591.6 230.8 604.6]/Border[0 0 0]/Dest[717 0 R/XYZ null 768 0]>>endobj +375 0 obj<</Subtype/Link/Rect[108.0 578.4 288.9 591.4]/Border[0 0 0]/Dest[717 0 R/XYZ null 313 0]>>endobj +376 0 obj<</Subtype/Link/Rect[108.0 565.2 269.3 578.2]/Border[0 0 0]/Dest[720 0 R/XYZ null 673 0]>>endobj +377 0 obj<</Subtype/Link/Rect[108.0 552.0 203.0 565.0]/Border[0 0 0]/Dest[720 0 R/XYZ null 483 0]>>endobj +378 0 obj<</Subtype/Link/Rect[108.0 538.8 259.9 551.8]/Border[0 0 0]/Dest[720 0 R/XYZ null 332 0]>>endobj +379 0 obj<</Subtype/Link/Rect[108.0 525.6 189.9 538.6]/Border[0 0 0]/Dest[720 0 R/XYZ null 221 0]>>endobj +380 0 obj<</Subtype/Link/Rect[108.0 512.4 196.6 525.4]/Border[0 0 0]/Dest[723 0 R/XYZ null 581 0]>>endobj +381 0 obj<</Subtype/Link/Rect[108.0 499.2 221.1 512.2]/Border[0 0 0]/Dest[723 0 R/XYZ null 298 0]>>endobj +382 0 obj<</Subtype/Link/Rect[108.0 486.0 178.0 499.0]/Border[0 0 0]/Dest[738 0 R/XYZ null 355 0]>>endobj +383 0 obj<</Subtype/Link/Rect[108.0 472.8 177.4 485.8]/Border[0 0 0]/Dest[741 0 R/XYZ null 768 0]>>endobj +384 0 obj<</Subtype/Link/Rect[72.0 446.4 228.8 459.4]/Border[0 0 0]/Dest[744 0 R/XYZ null 798 0]>>endobj +385 0 obj<</Subtype/Link/Rect[108.0 433.2 159.0 446.2]/Border[0 0 0]/Dest[744 0 R/XYZ null 730 0]>>endobj +386 0 obj<</Subtype/Link/Rect[108.0 420.0 499.0 433.0]/Border[0 0 0]/Dest[744 0 R/XYZ null 700 0]>>endobj +387 0 obj<</Subtype/Link/Rect[108.0 406.8 504.2 419.8]/Border[0 0 0]/Dest[744 0 R/XYZ null 348 0]>>endobj +388 0 obj<</Subtype/Link/Rect[108.0 393.6 455.7 406.6]/Border[0 0 0]/Dest[747 0 R/XYZ null 768 0]>>endobj +389 0 obj<</Subtype/Link/Rect[108.0 380.4 425.4 393.4]/Border[0 0 0]/Dest[747 0 R/XYZ null 639 0]>>endobj +390 0 obj<</Subtype/Link/Rect[72.0 354.0 342.4 367.0]/Border[0 0 0]/Dest[750 0 R/XYZ null 798 0]>>endobj +391 0 obj<</Subtype/Link/Rect[108.0 340.8 187.1 353.8]/Border[0 0 0]/Dest[750 0 R/XYZ null 706 0]>>endobj +392 0 obj<</Subtype/Link/Rect[108.0 327.6 247.6 340.6]/Border[0 0 0]/Dest[750 0 R/XYZ null 582 0]>>endobj +393 0 obj<</Subtype/Link/Rect[108.0 314.4 230.8 327.4]/Border[0 0 0]/Dest[750 0 R/XYZ null 484 0]>>endobj +394 0 obj<</Subtype/Link/Rect[108.0 301.2 205.8 314.2]/Border[0 0 0]/Dest[750 0 R/XYZ null 359 0]>>endobj +395 0 obj<</Subtype/Link/Rect[72.0 288.0 97.0 301.0]/Border[0 0 0]/Dest[753 0 R/XYZ null 503 0]>>endobj +396 0 obj[367 0 R 368 0 R 369 0 R 370 0 R @@ -600,252 +609,273 @@ 374 0 R 375 0 R 376 0 R +377 0 R +378 0 R +379 0 R +380 0 R +381 0 R +382 0 R +383 0 R +384 0 R +385 0 R +386 0 R +387 0 R +388 0 R +389 0 R +390 0 R +391 0 R +392 0 R +393 0 R +394 0 R +395 0 R ]endobj -378 0 obj<</Dests 379 0 R>>endobj -379 0 obj<</Kids[380 0 R]>>endobj -380 0 obj<</Limits[(aen1052)(winbind)]/Names[(aen1052)381 0 R(aen1057)382 0 R(aen1090)383 0 R(aen1096)384 0 R(aen1138)385 0 R(aen117)386 0 R(aen1180)387 0 R(aen1194)388 0 R(aen1225)389 0 R(aen1236)390 0 R(aen1284)391 0 R(aen1328)392 0 R(aen133)393 0 R(aen142)394 0 R(aen1442)395 0 R(aen1472)396 0 R(aen1506)397 0 R(aen1514)398 0 R(aen1522)399 0 R(aen1530)400 0 R(aen1537)401 0 R(aen1573)402 0 R(aen158)403 0 R(aen1586)404 0 R(aen1589)405 0 R(aen1599)406 0 R(aen1642)407 0 R(aen1646)408 0 R(aen1659)409 0 R(aen1666)410 0 R(aen1670)411 0 R(aen1675)412 0 R(aen1679)413 0 R(aen1695)414 0 R(aen1703)415 0 R(aen1707)416 0 R(aen1710)417 0 R(aen1715)418 0 R(aen172)419 0 R(aen1728)420 0 R(aen1736)421 0 R(aen1745)422 0 R(aen1757)423 0 R(aen177)424 0 R(aen1776)425 0 R(aen1785)426 0 R(aen1795)427 0 R(aen18)428 0 R(aen181)429 0 R(aen1822)430 0 R(aen1839)431 0 R(aen184)432 0 R(aen1880)433 0 R(aen1890)434 0 R(aen1904)435 0 R(aen1906)436 0 R(aen1921)437 0 R(aen193)438 0 R(aen1930)439 0 R(aen1934)440 0 R(aen1950)441 0 R(aen1955)442 0 R(aen1958)443 0 R(aen1963)444 0 R(aen197)445 0 R(aen1991)446 0 R(aen207)447 0 R(aen210)448 0 R(aen224)449 0 R(aen246)450 0 R(aen26)451 0 R(aen262)452 0 R(aen278)453 0 R(aen289)454 0 R(aen297)455 0 R(aen309)456 0 R(aen321)457 0 R(aen326)458 0 R(aen334)459 0 R(aen339)460 0 R(aen342)461 0 R(aen354)462 0 R(aen364)463 0 R(aen392)464 0 R(aen4)465 0 R(aen400)466 0 R(aen417)467 0 R(aen424)468 0 R(aen429)469 0 R(aen434)470 0 R(aen455)471 0 R(aen497)472 0 R(aen504)473 0 R(aen524)474 0 R(aen54)475 0 R(aen559)476 0 R(aen579)477 0 R(aen58)478 0 R(aen588)479 0 R(aen599)480 0 R(aen619)481 0 R(aen634)482 0 R(aen648)483 0 R(aen655)484 0 R(aen677)485 0 R(aen72)486 0 R(aen741)487 0 R(aen762)488 0 R(aen78)489 0 R(aen784)490 0 R(aen795)491 0 R(aen8)492 0 R(aen830)493 0 R(aen847)494 0 R(aen858)495 0 R(aen88)496 0 R(aen883)497 0 R(aen891)498 0 R(aen895)499 0 R(aen905)500 0 R(aen908)501 0 R(aen912)502 0 R(aen934)503 0 R(aen988)504 0 R(body.html)505 0 R(cvs-access)506 0 R(domain-security)507 0 R(install)508 0 R(integrate-ms-networks)509 0 R(migration)510 0 R(msdfs)511 0 R(os2)512 0 R(pam)513 0 R(printing)514 0 R(samba-pdc)515 0 R(samba-project-documentation)516 0 R(unix-permissions)517 0 R(winbind)518 0 R]>>endobj -381 0 obj<</D[628 0 R/XYZ null 356 null]>>endobj -382 0 obj<</D[631 0 R/XYZ null 768 null]>>endobj -383 0 obj<</D[634 0 R/XYZ null 706 null]>>endobj -384 0 obj<</D[634 0 R/XYZ null 608 null]>>endobj -385 0 obj<</D[637 0 R/XYZ null 660 null]>>endobj -386 0 obj<</D[526 0 R/XYZ null 266 null]>>endobj -387 0 obj<</D[640 0 R/XYZ null 545 null]>>endobj -388 0 obj<</D[640 0 R/XYZ null 209 null]>>endobj -389 0 obj<</D[643 0 R/XYZ null 372 null]>>endobj -390 0 obj<</D[643 0 R/XYZ null 196 null]>>endobj -391 0 obj<</D[649 0 R/XYZ null 545 null]>>endobj -392 0 obj<</D[652 0 R/XYZ null 488 null]>>endobj -393 0 obj<</D[529 0 R/XYZ null 686 null]>>endobj -394 0 obj<</D[529 0 R/XYZ null 509 null]>>endobj -395 0 obj<</D[661 0 R/XYZ null 768 null]>>endobj -396 0 obj<</D[664 0 R/XYZ null 435 null]>>endobj -397 0 obj<</D[667 0 R/XYZ null 189 null]>>endobj -398 0 obj<</D[670 0 R/XYZ null 605 null]>>endobj -399 0 obj<</D[670 0 R/XYZ null 406 null]>>endobj -400 0 obj<</D[670 0 R/XYZ null 168 null]>>endobj -401 0 obj<</D[673 0 R/XYZ null 698 null]>>endobj -402 0 obj<</D[676 0 R/XYZ null 341 null]>>endobj -403 0 obj<</D[529 0 R/XYZ null 332 null]>>endobj -404 0 obj<</D[679 0 R/XYZ null 434 null]>>endobj -405 0 obj<</D[679 0 R/XYZ null 339 null]>>endobj -406 0 obj<</D[682 0 R/XYZ null 686 null]>>endobj -407 0 obj<</D[688 0 R/XYZ null 706 null]>>endobj -408 0 obj<</D[688 0 R/XYZ null 569 null]>>endobj -409 0 obj<</D[688 0 R/XYZ null 246 null]>>endobj -410 0 obj<</D[691 0 R/XYZ null 581 null]>>endobj -411 0 obj<</D[691 0 R/XYZ null 417 null]>>endobj -412 0 obj<</D[691 0 R/XYZ null 292 null]>>endobj -413 0 obj<</D[694 0 R/XYZ null 768 null]>>endobj -414 0 obj<</D[694 0 R/XYZ null 313 null]>>endobj -415 0 obj<</D[697 0 R/XYZ null 673 null]>>endobj -416 0 obj<</D[697 0 R/XYZ null 483 null]>>endobj -417 0 obj<</D[697 0 R/XYZ null 332 null]>>endobj -418 0 obj<</D[697 0 R/XYZ null 221 null]>>endobj -419 0 obj<</D[532 0 R/XYZ null 768 null]>>endobj -420 0 obj<</D[700 0 R/XYZ null 581 null]>>endobj -421 0 obj<</D[700 0 R/XYZ null 298 null]>>endobj -422 0 obj<</D[700 0 R/XYZ null 132 null]>>endobj -423 0 obj<</D[703 0 R/XYZ null 619 null]>>endobj -424 0 obj<</D[532 0 R/XYZ null 577 null]>>endobj -425 0 obj<</D[703 0 R/XYZ null 266 null]>>endobj -426 0 obj<</D[706 0 R/XYZ null 691 null]>>endobj -427 0 obj<</D[706 0 R/XYZ null 530 null]>>endobj -428 0 obj<</D[520 0 R/XYZ null 730 null]>>endobj -429 0 obj<</D[532 0 R/XYZ null 505 null]>>endobj -430 0 obj<</D[709 0 R/XYZ null 521 null]>>endobj -431 0 obj<</D[712 0 R/XYZ null 604 null]>>endobj -432 0 obj<</D[532 0 R/XYZ null 394 null]>>endobj -433 0 obj<</D[715 0 R/XYZ null 435 null]>>endobj -434 0 obj<</D[715 0 R/XYZ null 219 null]>>endobj -435 0 obj<</D[718 0 R/XYZ null 730 null]>>endobj -436 0 obj<</D[718 0 R/XYZ null 700 null]>>endobj -437 0 obj<</D[718 0 R/XYZ null 348 null]>>endobj -438 0 obj<</D[535 0 R/XYZ null 739 null]>>endobj -439 0 obj<</D[721 0 R/XYZ null 768 null]>>endobj -440 0 obj<</D[721 0 R/XYZ null 639 null]>>endobj -441 0 obj<</D[724 0 R/XYZ null 706 null]>>endobj -442 0 obj<</D[724 0 R/XYZ null 582 null]>>endobj -443 0 obj<</D[724 0 R/XYZ null 484 null]>>endobj -444 0 obj<</D[724 0 R/XYZ null 359 null]>>endobj -445 0 obj<</D[535 0 R/XYZ null 615 null]>>endobj -446 0 obj<</D[727 0 R/XYZ null 503 null]>>endobj -447 0 obj<</D[538 0 R/XYZ null 768 null]>>endobj -448 0 obj<</D[538 0 R/XYZ null 683 null]>>endobj -449 0 obj<</D[541 0 R/XYZ null 706 null]>>endobj -450 0 obj<</D[541 0 R/XYZ null 463 null]>>endobj -451 0 obj<</D[520 0 R/XYZ null 593 null]>>endobj -452 0 obj<</D[541 0 R/XYZ null 325 null]>>endobj -453 0 obj<</D[544 0 R/XYZ null 435 null]>>endobj -454 0 obj<</D[544 0 R/XYZ null 285 null]>>endobj -455 0 obj<</D[547 0 R/XYZ null 768 null]>>endobj -456 0 obj<</D[547 0 R/XYZ null 268 null]>>endobj -457 0 obj<</D[550 0 R/XYZ null 210 null]>>endobj -458 0 obj<</D[553 0 R/XYZ null 660 null]>>endobj -459 0 obj<</D[556 0 R/XYZ null 371 null]>>endobj -460 0 obj<</D[556 0 R/XYZ null 260 null]>>endobj -461 0 obj<</D[559 0 R/XYZ null 768 null]>>endobj -462 0 obj<</D[559 0 R/XYZ null 529 null]>>endobj -463 0 obj<</D[562 0 R/XYZ null 633 null]>>endobj -464 0 obj<</D[565 0 R/XYZ null 581 null]>>endobj -465 0 obj<</D[517 0 R/XYZ null 647 null]>>endobj -466 0 obj<</D[565 0 R/XYZ null 304 null]>>endobj -467 0 obj<</D[568 0 R/XYZ null 594 null]>>endobj -468 0 obj<</D[568 0 R/XYZ null 271 null]>>endobj -469 0 obj<</D[571 0 R/XYZ null 753 null]>>endobj -470 0 obj<</D[571 0 R/XYZ null 639 null]>>endobj -471 0 obj<</D[574 0 R/XYZ null 706 null]>>endobj -472 0 obj<</D[577 0 R/XYZ null 192 null]>>endobj -473 0 obj<</D[580 0 R/XYZ null 739 null]>>endobj -474 0 obj<</D[583 0 R/XYZ null 706 null]>>endobj -475 0 obj<</D[520 0 R/XYZ null 178 null]>>endobj -476 0 obj<</D[586 0 R/XYZ null 673 null]>>endobj -477 0 obj<</D[589 0 R/XYZ null 706 null]>>endobj -478 0 obj<</D[523 0 R/XYZ null 739 null]>>endobj -479 0 obj<</D[589 0 R/XYZ null 525 null]>>endobj -480 0 obj<</D[589 0 R/XYZ null 348 null]>>endobj -481 0 obj<</D[592 0 R/XYZ null 686 null]>>endobj -482 0 obj<</D[592 0 R/XYZ null 443 null]>>endobj -483 0 obj<</D[592 0 R/XYZ null 187 null]>>endobj -484 0 obj<</D[595 0 R/XYZ null 673 null]>>endobj -485 0 obj<</D[595 0 R/XYZ null 232 null]>>endobj -486 0 obj<</D[523 0 R/XYZ null 379 null]>>endobj -487 0 obj<</D[601 0 R/XYZ null 594 null]>>endobj -488 0 obj<</D[604 0 R/XYZ null 730 null]>>endobj -489 0 obj<</D[523 0 R/XYZ null 268 null]>>endobj -490 0 obj<</D[604 0 R/XYZ null 302 null]>>endobj -491 0 obj<</D[607 0 R/XYZ null 693 null]>>endobj -492 0 obj<</D[517 0 R/XYZ null 616 null]>>endobj -493 0 obj<</D[610 0 R/XYZ null 463 null]>>endobj -494 0 obj<</D[613 0 R/XYZ null 686 null]>>endobj -495 0 obj<</D[613 0 R/XYZ null 302 null]>>endobj -496 0 obj<</D[526 0 R/XYZ null 768 null]>>endobj -497 0 obj<</D[616 0 R/XYZ null 686 null]>>endobj -498 0 obj<</D[616 0 R/XYZ null 496 null]>>endobj -499 0 obj<</D[616 0 R/XYZ null 385 null]>>endobj -500 0 obj<</D[616 0 R/XYZ null 247 null]>>endobj -501 0 obj<</D[616 0 R/XYZ null 149 null]>>endobj -502 0 obj<</D[619 0 R/XYZ null 713 null]>>endobj -503 0 obj<</D[622 0 R/XYZ null 768 null]>>endobj -504 0 obj<</D[625 0 R/XYZ null 730 null]>>endobj -505 0 obj<</D[523 0 R/XYZ null 698 null]>>endobj -506 0 obj<</D[724 0 R/XYZ null 798 null]>>endobj -507 0 obj<</D[625 0 R/XYZ null 798 null]>>endobj -508 0 obj<</D[520 0 R/XYZ null 798 null]>>endobj -509 0 obj<</D[541 0 R/XYZ null 798 null]>>endobj -510 0 obj<</D[622 0 R/XYZ null 768 null]>>endobj -511 0 obj<</D[583 0 R/XYZ null 798 null]>>endobj -512 0 obj<</D[718 0 R/XYZ null 798 null]>>endobj -513 0 obj<</D[574 0 R/XYZ null 798 null]>>endobj -514 0 obj<</D[604 0 R/XYZ null 798 null]>>endobj -515 0 obj<</D[634 0 R/XYZ null 798 null]>>endobj -516 0 obj<</D[517 0 R/XYZ null 753 null]>>endobj -517 0 obj<</D[589 0 R/XYZ null 798 null]>>endobj -518 0 obj<</D[688 0 R/XYZ null 798 null]>>endobj -519 0 obj<</Type/Pages/MediaBox[0 0 595 792]/Count 74/Kids[520 0 R -733 0 R -736 0 R -739 0 R -523 0 R -526 0 R -529 0 R -532 0 R -535 0 R -538 0 R -541 0 R -544 0 R -547 0 R -550 0 R -553 0 R -556 0 R -559 0 R -562 0 R -565 0 R -568 0 R -571 0 R -574 0 R -577 0 R -580 0 R -583 0 R -586 0 R -589 0 R -592 0 R -595 0 R -598 0 R -601 0 R -604 0 R -607 0 R -610 0 R -613 0 R -616 0 R -619 0 R -622 0 R -625 0 R -628 0 R -631 0 R -634 0 R -637 0 R -640 0 R -643 0 R -646 0 R -649 0 R -652 0 R -655 0 R -658 0 R -661 0 R -664 0 R -667 0 R -670 0 R -673 0 R -676 0 R -679 0 R -682 0 R -685 0 R -688 0 R -691 0 R -694 0 R -697 0 R -700 0 R -703 0 R -706 0 R -709 0 R -712 0 R -715 0 R -718 0 R -721 0 R -724 0 R -727 0 R -730 0 R +397 0 obj<</Dests 398 0 R>>endobj +398 0 obj<</Kids[399 0 R]>>endobj +399 0 obj<</Limits[(aen1054)(winbind)]/Names[(aen1054)400 0 R(aen1059)401 0 R(aen1092)402 0 R(aen1098)403 0 R(aen1137)404 0 R(aen117)405 0 R(aen1180)406 0 R(aen1199)407 0 R(aen1234)408 0 R(aen1243)409 0 R(aen1258)410 0 R(aen1306)411 0 R(aen133)412 0 R(aen1350)413 0 R(aen142)414 0 R(aen1464)415 0 R(aen1490)416 0 R(aen1509)417 0 R(aen1517)418 0 R(aen1525)419 0 R(aen1533)420 0 R(aen1540)421 0 R(aen1576)422 0 R(aen158)423 0 R(aen1589)424 0 R(aen1592)425 0 R(aen1602)426 0 R(aen1652)427 0 R(aen1656)428 0 R(aen1669)429 0 R(aen1676)430 0 R(aen1680)431 0 R(aen1685)432 0 R(aen1689)433 0 R(aen1705)434 0 R(aen1713)435 0 R(aen1717)436 0 R(aen172)437 0 R(aen1720)438 0 R(aen1725)439 0 R(aen1738)440 0 R(aen1752)441 0 R(aen1763)442 0 R(aen177)443 0 R(aen1782)444 0 R(aen18)445 0 R(aen1807)446 0 R(aen181)447 0 R(aen1823)448 0 R(aen1834)449 0 R(aen184)450 0 R(aen1870)451 0 R(aen1892)452 0 R(aen193)453 0 R(aen1939)454 0 R(aen1949)455 0 R(aen1963)456 0 R(aen1965)457 0 R(aen197)458 0 R(aen1980)459 0 R(aen1989)460 0 R(aen1993)461 0 R(aen2009)462 0 R(aen2014)463 0 R(aen2017)464 0 R(aen2022)465 0 R(aen2050)466 0 R(aen207)467 0 R(aen210)468 0 R(aen224)469 0 R(aen246)470 0 R(aen26)471 0 R(aen262)472 0 R(aen278)473 0 R(aen289)474 0 R(aen297)475 0 R(aen309)476 0 R(aen321)477 0 R(aen326)478 0 R(aen334)479 0 R(aen339)480 0 R(aen342)481 0 R(aen354)482 0 R(aen364)483 0 R(aen392)484 0 R(aen4)485 0 R(aen400)486 0 R(aen417)487 0 R(aen424)488 0 R(aen429)489 0 R(aen434)490 0 R(aen455)491 0 R(aen499)492 0 R(aen506)493 0 R(aen526)494 0 R(aen54)495 0 R(aen561)496 0 R(aen58)497 0 R(aen581)498 0 R(aen590)499 0 R(aen601)500 0 R(aen621)501 0 R(aen636)502 0 R(aen650)503 0 R(aen657)504 0 R(aen679)505 0 R(aen72)506 0 R(aen743)507 0 R(aen764)508 0 R(aen78)509 0 R(aen786)510 0 R(aen797)511 0 R(aen8)512 0 R(aen832)513 0 R(aen849)514 0 R(aen860)515 0 R(aen88)516 0 R(aen885)517 0 R(aen893)518 0 R(aen897)519 0 R(aen907)520 0 R(aen910)521 0 R(aen914)522 0 R(aen936)523 0 R(aen990)524 0 R(body.html)525 0 R(cvs-access)526 0 R(domain-security)527 0 R(install)528 0 R(integrate-ms-networks)529 0 R(migration)530 0 R(msdfs)531 0 R(os2)532 0 R(pam)533 0 R(printing)534 0 R(samba-pdc)535 0 R(samba-project-documentation)536 0 R(unix-permissions)537 0 R(winbind)538 0 R]>>endobj +400 0 obj<</D[648 0 R/XYZ null 383 null]>>endobj +401 0 obj<</D[648 0 R/XYZ null 166 null]>>endobj +402 0 obj<</D[654 0 R/XYZ null 706 null]>>endobj +403 0 obj<</D[654 0 R/XYZ null 608 null]>>endobj +404 0 obj<</D[657 0 R/XYZ null 726 null]>>endobj +405 0 obj<</D[546 0 R/XYZ null 266 null]>>endobj +406 0 obj<</D[660 0 R/XYZ null 607 null]>>endobj +407 0 obj<</D[660 0 R/XYZ null 232 null]>>endobj +408 0 obj<</D[663 0 R/XYZ null 359 null]>>endobj +409 0 obj<</D[666 0 R/XYZ null 768 null]>>endobj +410 0 obj<</D[666 0 R/XYZ null 392 null]>>endobj +411 0 obj<</D[672 0 R/XYZ null 739 null]>>endobj +412 0 obj<</D[549 0 R/XYZ null 686 null]>>endobj +413 0 obj<</D[675 0 R/XYZ null 686 null]>>endobj +414 0 obj<</D[549 0 R/XYZ null 509 null]>>endobj +415 0 obj<</D[681 0 R/XYZ null 303 null]>>endobj +416 0 obj<</D[684 0 R/XYZ null 277 null]>>endobj +417 0 obj<</D[687 0 R/XYZ null 482 null]>>endobj +418 0 obj<</D[687 0 R/XYZ null 225 null]>>endobj +419 0 obj<</D[690 0 R/XYZ null 684 null]>>endobj +420 0 obj<</D[690 0 R/XYZ null 446 null]>>endobj +421 0 obj<</D[690 0 R/XYZ null 289 null]>>endobj +422 0 obj<</D[696 0 R/XYZ null 605 null]>>endobj +423 0 obj<</D[549 0 R/XYZ null 332 null]>>endobj +424 0 obj<</D[699 0 R/XYZ null 698 null]>>endobj +425 0 obj<</D[699 0 R/XYZ null 603 null]>>endobj +426 0 obj<</D[699 0 R/XYZ null 274 null]>>endobj +427 0 obj<</D[708 0 R/XYZ null 706 null]>>endobj +428 0 obj<</D[708 0 R/XYZ null 569 null]>>endobj +429 0 obj<</D[708 0 R/XYZ null 246 null]>>endobj +430 0 obj<</D[711 0 R/XYZ null 581 null]>>endobj +431 0 obj<</D[711 0 R/XYZ null 417 null]>>endobj +432 0 obj<</D[711 0 R/XYZ null 292 null]>>endobj +433 0 obj<</D[714 0 R/XYZ null 768 null]>>endobj +434 0 obj<</D[714 0 R/XYZ null 313 null]>>endobj +435 0 obj<</D[717 0 R/XYZ null 673 null]>>endobj +436 0 obj<</D[717 0 R/XYZ null 483 null]>>endobj +437 0 obj<</D[552 0 R/XYZ null 768 null]>>endobj +438 0 obj<</D[717 0 R/XYZ null 332 null]>>endobj +439 0 obj<</D[717 0 R/XYZ null 221 null]>>endobj +440 0 obj<</D[720 0 R/XYZ null 581 null]>>endobj +441 0 obj<</D[720 0 R/XYZ null 298 null]>>endobj +442 0 obj<</D[720 0 R/XYZ null 132 null]>>endobj +443 0 obj<</D[552 0 R/XYZ null 577 null]>>endobj +444 0 obj<</D[723 0 R/XYZ null 619 null]>>endobj +445 0 obj<</D[540 0 R/XYZ null 730 null]>>endobj +446 0 obj<</D[723 0 R/XYZ null 279 null]>>endobj +447 0 obj<</D[552 0 R/XYZ null 505 null]>>endobj +448 0 obj<</D[726 0 R/XYZ null 691 null]>>endobj +449 0 obj<</D[726 0 R/XYZ null 530 null]>>endobj +450 0 obj<</D[552 0 R/XYZ null 394 null]>>endobj +451 0 obj<</D[729 0 R/XYZ null 467 null]>>endobj +452 0 obj<</D[732 0 R/XYZ null 511 null]>>endobj +453 0 obj<</D[555 0 R/XYZ null 739 null]>>endobj +454 0 obj<</D[735 0 R/XYZ null 355 null]>>endobj +455 0 obj<</D[738 0 R/XYZ null 768 null]>>endobj +456 0 obj<</D[741 0 R/XYZ null 730 null]>>endobj +457 0 obj<</D[741 0 R/XYZ null 700 null]>>endobj +458 0 obj<</D[555 0 R/XYZ null 615 null]>>endobj +459 0 obj<</D[741 0 R/XYZ null 348 null]>>endobj +460 0 obj<</D[744 0 R/XYZ null 768 null]>>endobj +461 0 obj<</D[744 0 R/XYZ null 639 null]>>endobj +462 0 obj<</D[747 0 R/XYZ null 706 null]>>endobj +463 0 obj<</D[747 0 R/XYZ null 582 null]>>endobj +464 0 obj<</D[747 0 R/XYZ null 484 null]>>endobj +465 0 obj<</D[747 0 R/XYZ null 359 null]>>endobj +466 0 obj<</D[750 0 R/XYZ null 503 null]>>endobj +467 0 obj<</D[558 0 R/XYZ null 768 null]>>endobj +468 0 obj<</D[558 0 R/XYZ null 683 null]>>endobj +469 0 obj<</D[561 0 R/XYZ null 706 null]>>endobj +470 0 obj<</D[561 0 R/XYZ null 463 null]>>endobj +471 0 obj<</D[540 0 R/XYZ null 593 null]>>endobj +472 0 obj<</D[561 0 R/XYZ null 325 null]>>endobj +473 0 obj<</D[564 0 R/XYZ null 435 null]>>endobj +474 0 obj<</D[564 0 R/XYZ null 285 null]>>endobj +475 0 obj<</D[567 0 R/XYZ null 768 null]>>endobj +476 0 obj<</D[567 0 R/XYZ null 268 null]>>endobj +477 0 obj<</D[570 0 R/XYZ null 210 null]>>endobj +478 0 obj<</D[573 0 R/XYZ null 660 null]>>endobj +479 0 obj<</D[576 0 R/XYZ null 371 null]>>endobj +480 0 obj<</D[576 0 R/XYZ null 260 null]>>endobj +481 0 obj<</D[579 0 R/XYZ null 768 null]>>endobj +482 0 obj<</D[579 0 R/XYZ null 529 null]>>endobj +483 0 obj<</D[582 0 R/XYZ null 633 null]>>endobj +484 0 obj<</D[585 0 R/XYZ null 581 null]>>endobj +485 0 obj<</D[537 0 R/XYZ null 647 null]>>endobj +486 0 obj<</D[585 0 R/XYZ null 304 null]>>endobj +487 0 obj<</D[588 0 R/XYZ null 594 null]>>endobj +488 0 obj<</D[588 0 R/XYZ null 271 null]>>endobj +489 0 obj<</D[591 0 R/XYZ null 753 null]>>endobj +490 0 obj<</D[591 0 R/XYZ null 639 null]>>endobj +491 0 obj<</D[594 0 R/XYZ null 706 null]>>endobj +492 0 obj<</D[597 0 R/XYZ null 179 null]>>endobj +493 0 obj<</D[600 0 R/XYZ null 726 null]>>endobj +494 0 obj<</D[603 0 R/XYZ null 706 null]>>endobj +495 0 obj<</D[540 0 R/XYZ null 178 null]>>endobj +496 0 obj<</D[606 0 R/XYZ null 673 null]>>endobj +497 0 obj<</D[543 0 R/XYZ null 739 null]>>endobj +498 0 obj<</D[609 0 R/XYZ null 706 null]>>endobj +499 0 obj<</D[609 0 R/XYZ null 525 null]>>endobj +500 0 obj<</D[609 0 R/XYZ null 348 null]>>endobj +501 0 obj<</D[612 0 R/XYZ null 686 null]>>endobj +502 0 obj<</D[612 0 R/XYZ null 443 null]>>endobj +503 0 obj<</D[612 0 R/XYZ null 187 null]>>endobj +504 0 obj<</D[615 0 R/XYZ null 673 null]>>endobj +505 0 obj<</D[615 0 R/XYZ null 232 null]>>endobj +506 0 obj<</D[543 0 R/XYZ null 379 null]>>endobj +507 0 obj<</D[621 0 R/XYZ null 594 null]>>endobj +508 0 obj<</D[624 0 R/XYZ null 730 null]>>endobj +509 0 obj<</D[543 0 R/XYZ null 268 null]>>endobj +510 0 obj<</D[624 0 R/XYZ null 302 null]>>endobj +511 0 obj<</D[627 0 R/XYZ null 693 null]>>endobj +512 0 obj<</D[537 0 R/XYZ null 616 null]>>endobj +513 0 obj<</D[630 0 R/XYZ null 463 null]>>endobj +514 0 obj<</D[633 0 R/XYZ null 686 null]>>endobj +515 0 obj<</D[633 0 R/XYZ null 302 null]>>endobj +516 0 obj<</D[546 0 R/XYZ null 768 null]>>endobj +517 0 obj<</D[636 0 R/XYZ null 686 null]>>endobj +518 0 obj<</D[636 0 R/XYZ null 496 null]>>endobj +519 0 obj<</D[636 0 R/XYZ null 385 null]>>endobj +520 0 obj<</D[636 0 R/XYZ null 247 null]>>endobj +521 0 obj<</D[636 0 R/XYZ null 149 null]>>endobj +522 0 obj<</D[639 0 R/XYZ null 713 null]>>endobj +523 0 obj<</D[642 0 R/XYZ null 768 null]>>endobj +524 0 obj<</D[645 0 R/XYZ null 730 null]>>endobj +525 0 obj<</D[543 0 R/XYZ null 698 null]>>endobj +526 0 obj<</D[747 0 R/XYZ null 798 null]>>endobj +527 0 obj<</D[645 0 R/XYZ null 798 null]>>endobj +528 0 obj<</D[540 0 R/XYZ null 798 null]>>endobj +529 0 obj<</D[561 0 R/XYZ null 798 null]>>endobj +530 0 obj<</D[642 0 R/XYZ null 768 null]>>endobj +531 0 obj<</D[603 0 R/XYZ null 798 null]>>endobj +532 0 obj<</D[741 0 R/XYZ null 798 null]>>endobj +533 0 obj<</D[594 0 R/XYZ null 798 null]>>endobj +534 0 obj<</D[624 0 R/XYZ null 798 null]>>endobj +535 0 obj<</D[654 0 R/XYZ null 798 null]>>endobj +536 0 obj<</D[537 0 R/XYZ null 753 null]>>endobj +537 0 obj<</D[609 0 R/XYZ null 798 null]>>endobj +538 0 obj<</D[708 0 R/XYZ null 798 null]>>endobj +539 0 obj<</Type/Pages/MediaBox[0 0 595 792]/Count 75/Kids[540 0 R +756 0 R +759 0 R +762 0 R +543 0 R +546 0 R +549 0 R +552 0 R +555 0 R +558 0 R +561 0 R +564 0 R +567 0 R +570 0 R +573 0 R +576 0 R +579 0 R +582 0 R +585 0 R +588 0 R +591 0 R +594 0 R +597 0 R +600 0 R +603 0 R +606 0 R +609 0 R +612 0 R +615 0 R +618 0 R +621 0 R +624 0 R +627 0 R +630 0 R +633 0 R +636 0 R +639 0 R +642 0 R +645 0 R +648 0 R +651 0 R +654 0 R +657 0 R +660 0 R +663 0 R +666 0 R +669 0 R +672 0 R +675 0 R +678 0 R +681 0 R +684 0 R +687 0 R +690 0 R +693 0 R +696 0 R +699 0 R +702 0 R +705 0 R +708 0 R +711 0 R +714 0 R +717 0 R +720 0 R +723 0 R +726 0 R +729 0 R +732 0 R +735 0 R +738 0 R +741 0 R +744 0 R +747 0 R +750 0 R +753 0 R ]>>endobj -520 0 obj<</Type/Page/Parent 519 0 R/Contents 521 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 17 0 R>>endobj -521 0 obj<</Length 522 0 R/Filter/FlateDecode>>stream +540 0 obj<</Type/Page/Parent 539 0 R/Contents 541 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 17 0 R>>endobj +541 0 obj<</Length 542 0 R/Filter/FlateDecode>>stream xuSÉnÛ0½ë+rrT&%Yv|ª“tE‹¤µŠž)i¼U]’ªá¿ïVêÄE!hÎöޛѯHBð%1Mæ¨Ú趈Æïn+öäi†¢†ˆ…à“j´\|¹]àÑèU÷ºê[êœr[ݽ*v!Ur†O}=ñŒ“‡œ‚TëCÞWÃd"ٛͦüðm«“#ÍãüÒq*»ÉCé3®EiQ•;È!å ~|\×TÃi,U[*ÔÏU‚þMnC8’26ÆG8sôÁÔÙžUpå šfè+Ó~Å®ª7†Õ¾FÙ;XÝ’Û¶dC± endobj -522 0 obj +542 0 obj 501 endobj -523 0 obj<</Type/Page/Parent 519 0 R/Contents 524 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 20 0 R>>endobj -524 0 obj<</Length 525 0 R/Filter/FlateDecode>>stream +543 0 obj<</Type/Page/Parent 539 0 R/Contents 544 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 20 0 R>>endobj +544 0 obj<</Length 545 0 R/Filter/FlateDecode>>stream xV]sÛ6|ׯ¸¦‰:cS¢>,Éov§NóÐfë¥ Š¨H€À(šéïÞ‘´å4êÔeK{»{þ5JiŠŸ”V3šßPVî·£ÉÆfSÚøæfµ¦mNÓd:Å'Ùø§R5Q{JúÅ):zoCTUEÊæ´Õ!Òãݯ÷w?nÿ”:颫s=O“*Ó[£nhzKµÊ)–šje©Q{º}JÓ~ßlÅ»¶çk(7!z³k£ÎéhbÙI™³QKT¹ÈÔ]´[8œ¢"h©«†ïu¤“k ð=*%Dïþ€!Lé:w€sgßF:Xt[v{Fý„˜ñ[ŠþD\ciìž*sз]/`÷©—›täã¨û*í¿[®¹f¨wy²¦¿©v^˺Ÿ·#¦_4 &ê+¡é%.¿§1•16·“ÉñxLïHœßóÚmHCXŽ¿´\ÌñºX¯ð:Ã/N/öYN7¢Æ³a§ÞGé-Ý·¦Ê™wöÒ½±Ê›ËVr”³L¸¢ÂxÖ·Ðïö^Õ½8ËAœdcfßözLfÇ°–ì숄/½Î¢ó§„¶¨O¡tm•“j£cj3Œ \òTM|6ZÇ/d`zröØ„¦Â)D]'½=©TŸ4µ¶
ªˆ¬Öy`VÌ\«\J}u>ûŠ½sñû/mxÞéõµÌIW`hc1ë=ÜQ‡S‚Ötäá Î ¹†]NGk«v•Æxm¤þ¬³–Ûz´ZôE,2ÖÆ2j‘c×; ¡6Ódâ[hÑf°z@tÔ©ào w¢BLøïøØ.k)‘šÿ¬›…ÜIçÁ:ïƒuvË#K|¹›ºq>*‹)ÇÕýoQå’¾‹(ŒÄ^wiÔ"^³’ßú «P‘€EÔ€Äìyʽ±Ù …h궒ìK莂L³çǶ endobj -525 0 obj +545 0 obj 1091 endobj -526 0 obj<</Type/Page/Parent 519 0 R/Contents 527 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -527 0 obj<</Length 528 0 R/Filter/FlateDecode>>stream +546 0 obj<</Type/Page/Parent 539 0 R/Contents 547 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +547 0 obj<</Length 548 0 R/Filter/FlateDecode>>stream xWÛnÛ8}ÏWÌö¥.ÐÈ—ØŽ`Ún[E/Û8Ø
šÅ‚’h™Dº$•Ô¿gH*vÕ¤› Žc
çræÌæÛјFøÓé„NæT4G/WG¯WG£l± ý‹ðLj¦Ëy¶ éâïOù•´†í>î_’í|±Ì¦Évû` çÃ7KOiµFØùl–ÍiU†Ó#Zƒq6ÍèÂË-œÑ++…—ä7’\“SaôZU^MkUËìÙê+Ni<Ž'§p7Xm$ ü8ÑlkùÀQGJÏò{0qD®ÍKeeáÝuOKå¼UyË!3:‡MUIçigZT$JvÑp#:ŸdŽ^ ðºë9¡ÉIIsBš-»sTò¦’pa9m(¼*$€5—ÝàäVT@ÙXu}x<°“9pŽE“S\.òk§ð@ÝtgÚº¤\¢^Ó ¶ÒÕê†ã)wÑ’ñÃù,:§ôõ¥ªM.꺒AŽÝ=Æï;co*kÚ-ýNï¯Þ~þxù)OÆ¡Ù‡Æ_6ÈÁýÂV-dnàO›ÇãÂ24Äh ê–Ýa˜^Fé“ÑŠå™·‘*ÚZ`ÜY†Ðˆ°ŽWr9ÊØÓ—“X}·pAþÆ–Q²"Gâ¦ã‰Ô|ÚõÂP90ƒkLT°ƒÕ±T€sQÞBJø*ɘȕûV1-{@Š÷Ì~fü€¹+Rë¾H㺋*,ÜÖ€®VÕÆã†dþ[«Š›º_ ?•V^‰p…K—öo|丫!Ìs¾RÊxÑ|‰ƒcœ‚e endobj -528 0 obj +548 0 obj 1450 endobj -529 0 obj<</Type/Page/Parent 519 0 R/Contents 530 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -530 0 obj<</Length 531 0 R/Filter/FlateDecode>>stream +549 0 obj<</Type/Page/Parent 539 0 R/Contents 550 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +550 0 obj<</Length 551 0 R/Filter/FlateDecode>>stream x•WaOã8ýί¸×ÕÒ´iK[¸O¬v¹Cºe9èiµÒJ'7qZC÷l‡¶ÿþÞØM[²ôX@ E±Çã÷Þ¼™þ{S¿1zÔRR}˜}šu£ñ˜v3Ã?]÷¢1
Æ#|¢I–â¿áîM¿
ÄÂKÄß>§suNñ€&ŽŽñ!õï»4IZq4Œâˆî\Й¸Àaœ*g”]*¥K£D—Ù»ÉÃQçj@qâ´{#ÄiÝ|™|ú&sd¥ó\/yçRå9M%¥*ˤ‘¥#•uE••ts}OÚðŸ÷ä4YgÔ´r2%+Í“J¤¥B,lÄ'v©ÝâÖ8éOI8Žc(d}6ŽtI§Þý<ÓVDôuŽ}ÊR*3\(å(mÅýóŽK]gTj7çä÷–‘›Ë’DŠ
”c#r“UÜzœ6Ù‹pb¼‡Í&g 7UÚ¶-©>íyz{´ªP¹0ùP¬uªtáa³s]å)ÍÅ“$Q5kŸÌë'—¶Žtðܹr$Sõ?Ð’Aé á…)‚³Y®ý2P_J,.×à‹ @@ -854,11 +884,11 @@ E±Çã÷Þ¼™þ{S¿1zÔRR}˜}šu£ñ˜v3Ã?]÷¢1
Æ#|¢I–â¿áîM¿
ÄÂKÄß>§suNñ€&Ž sWÓ–»0\íR±ŸÍšÃT¯¦¦]æM)œz’ä¡ò2…ºÀ!¥Bº|ž9Ï¡§À0jÖü`övíóÀÀá͈¸áó…m£k Ð=1Ð̘€p|íÞ{ùÓá_ÏókmŒáõ^þËqhÍóù-ùpCoôÂâœÞ²×SºÙ»›XwÝÚK÷ endobj -531 0 obj +551 0 obj 1365 endobj -532 0 obj<</Type/Page/Parent 519 0 R/Contents 533 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -533 0 obj<</Length 534 0 R/Filter/FlateDecode>>stream +552 0 obj<</Type/Page/Parent 539 0 R/Contents 553 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +553 0 obj<</Length 554 0 R/Filter/FlateDecode>>stream xV]OëF}çWL¥V
q’‡J÷SºÒ½Ð6iQÕôaco’%ö®ïîÈ¿¿gvíKH€>´ ÀÁöÌ™3çÌìדõñ= qJç#ÊÊ“·ó“ÞÇ!
4_áÎh2¦yNý¤ßïÓ<ëÌ
mUQòä¤ÎIÄNµ(ÈòI•5™tN::ß"ÜE®Cº\æñmŠ „9xÎ?–ð#}ꦣdD«ëù‡)}ZÑÎÔT;Ïþü}HÎï IJ3Äó²ä[šÂƒ¥ØQ¡¶xÚPaÌ–„ç»1=xhªîΓ”³ÈQV…t=wg‡]ç…õuuX€Ë¬ªÇP)z&Ê¥ Ò+AŽ$Ôða~6it>JF4œŒqâÇJZEò/i€ ùý4™<¡ŒšyYÑhJsËÅ8¯ô:Tï6‚sq'T!–àÀh.ÚZeï¤=ª2åÞv~lØ´]ûY¡¤öÔýÜÜ;oï…€ã¼eC[ÛɽæüÅYÝÆÔENkéi)2PÀ’YáÎ1Ј4MÚ¾æFÿ¤É™Rú
—ªˆÍŒµ2óÅ®‘EÛ0'Ñ „èÊx–Dh/^àwMN™Ð$ @@ -866,11 +896,11 @@ gh)Y39÷ÌII÷ü`ƒŠ€í)‡ ±ôYè/B‹5.#;î õ¢ãêlCÂÑÍêf½8=Tl£ÕlcäŠô– y' Èj«ü.ê”õÌ2])ø"–eå×Z:S%œ»76G+¸ÐÚ=»’ÕÀQÅÊÀʵâö3v‹%E…´
í endobj -534 0 obj +554 0 obj 1189 endobj -535 0 obj<</Type/Page/Parent 519 0 R/Contents 536 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -536 0 obj<</Length 537 0 R/Filter/FlateDecode>>stream +555 0 obj<</Type/Page/Parent 539 0 R/Contents 556 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +556 0 obj<</Length 557 0 R/Filter/FlateDecode>>stream xWÙnã8|ÏW4ò²`+¶ã\ƒ=à\‰'3öÂX /´DÙœP¤G¤âøï·š”r(³‚ŠE²««««é{êãg@§C::¡´Ø»˜ïÞœÓ`DóoNÎðQ?é÷û4O;ƒdÐOh±ž&9Í×ʬ]Y󋧅-ÿ8˜Çþ
qoxŠý¬5ÖójÚb™#a2ÚÙŠœ¥'o‰_>Òþvmi[Z/‰?q´QZ’ÍÉ—Â÷ñ™44!WVÒùpBfqˆÜÐÄJ(CœÍ0úÔ%CÞ<WZ‡M©Ðevk’zåð$áD;sÀÀ µZ{*¥È8(åŒãj2þ<ý2›ÌÿìC üŠnÆ_fƒ·‰R‡q¾J#`_îÂ!…Pš)Ð @@ -882,11 +912,11 @@ i¼ðʲ\À«³U™J ™¤Öäïsî„©ÂÚ•/"GÁG=\+øÁ‡–<ü¸ÄLë“À?…ønKåw/ßÎdbÈêL–·v0¾à³qˆ°háúÑAr[Õ–f$
€eÌ”2™±V…ŠÊ”Y÷¶¥æ Á ÑÂ:®X˜V°m™A‘!=c·ØëÆâ£ÄŠpcŠ:ÛxaÞ›¦œŠ5z׊[J[à ²'´®XÁ»0ÿš"¯@Í,†1a—.àÑèw¶÷E¾X¡ÄÒÉò æ˜NXÀ!áz*kÒ0°Q°F»]FòyNA}£AªŸ†¸„jc‚@Á£ I[vÜ’Œ(ÃVùu#8˜Ã •«O¯–ÖnÄEíÕÓ9êTþ=?æ{Nps?›ÉxŸh:ꡃU€k*Á¤¡ÊŒ¦`ÆêËR;½).—ŸhþÚ³›RÁÚT²ââ³4TrS„ ÿªÉè¶ÑÖç—÷‡“{By¹
›1Õ¿U©¨€ «„n€1 ›Š—G-y†O¥_ÊJµÏåkZbO¸WBf?nM+räv¸$ðκéXÙU!–è7µ¾¬VªÃ›³úv089Mønð³ñÝŘ-ü;<7þ7w(Ž×‹‹{§C|MÈþ×ׄÑY?9ÇW,?æ#p›øº÷7¡‚ñ¡endstream endobj -537 0 obj +557 0 obj 1513 endobj -538 0 obj<</Type/Page/Parent 519 0 R/Contents 539 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -539 0 obj<</Length 540 0 R/Filter/FlateDecode>>stream +558 0 obj<</Type/Page/Parent 539 0 R/Contents 559 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +559 0 obj<</Length 560 0 R/Filter/FlateDecode>>stream x•WßoÓH~ï_1êË©õ%iš–RZtèhË5©mì5Y°½fwÝÿþ¾™]‡`¸“N)µ½óã›ï›™ýz0¦þé|B§3ÊëƒËåÁõò`”hvñ4›Òôâ¿'øï4•üú÷Oi<¥e‰ƒ³³³lFË‚p`4¢e~4ÎÆ£lšÑkgš`šOT:[Ó›Û—S°¤èyetèõó'ËÏ05¥ñ8š:™œÃÐÑÒRç5>lÙ€vÖ*ñ¤•©ÔªÒôhÞûzu²R^D^»G|)žuùFkëmmGSUÔh|÷¹[aÙýˆNƧلÝÂZ#kýäTÑ{œÆ‡Íî´i|P°†‡äsgÚ@tˆƒéaF÷ZÁ^ò‡®Ëƒ±
~s¤ò •ÖQmÝÐw¡Ró¥˜&3àÎP¬50çÔ+ÏÐ-Þ/Þ’[$Ü6…Õžê._SŒLÕœ CŸ#Z$ÞûÏüÖ?fô2 KaÛâ”-û¯“ݾæ+MÔjìk`±Ú27—‰3d*[àïÐéܺ¢·t8 I Ú
ŠB‰0àljN5Ÿ4G²Ú„„Ò+²-T‚t‰/MÁΘ)‡…n¶àD¡ý!€éœ•ounJ£‹ŸüÖkÄØö›û2@šµ‚sYÐÈŽB/[¢Â”%8=Šv~Ì>xgšùfôV;F{B†ƒÀª^)Zi€¬Ñ+&´V(ŽC ,;4gÛ¨`ðœÊ¼ ÕÃÑÓ¨UÐ2èZØÊ_›ºtÍAAŠ¨¥¯ÊÀ÷J‡.ßs‰ÑÄê îåùæ @@ -897,27 +927,27 @@ x•WßoÓH~ï_1êË©õ%iš–RZtèhË5©mì5Y°½fwÝÿþ¾™]‡`¸“N)µ½óã›ï›™ýz0¦þé|B§3Êëƒ ÛüúN·KDŽ/dì#ч#Ï+3¡ÀꞀIMbŽ½1£”:ˆzuè\ƒŽ‚a¼·N0f-ˆô ä¯v4“n!ÐâH9Ýý9Tä²Hó?¯¨¾·´à =4êQ¢*¨Ö˜Ù[h&¶‡…£WÖØ endobj -540 0 obj +560 0 obj 1764 endobj -541 0 obj<</Type/Page/Parent 519 0 R/Contents 542 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -542 0 obj<</Length 543 0 R/Filter/FlateDecode>>stream +561 0 obj<</Type/Page/Parent 539 0 R/Contents 562 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +562 0 obj<</Length 563 0 R/Filter/FlateDecode>>stream x“_OÛ0Åßû)ŽúT¤ÕKš6i‰4¦fo¼ç†˜&vf»|û]'tƒJC(Še+÷ïïœüš¤HøIQ,åPÝ䢜|¾Ú ]¢¬ùK¾æM…D$I‚RÍR‘&"¸‘}¯Í~zrFväÏÊGN\"MÇÄù¢àÄÙug»G#„J×592ûc¬Ah·—ÒT{£ŸÀrñÌrGhÝA†!fz,NöÓØ<Á<ÍÄ"6µ}ÐÖ`K4Dûî^(kj6è塶©[/bö×rÂ3"Ï2^—ë‚׿Ž#O‘¬6›¡Í ”Bà;ßÖᲑNªÀ»-…pé½o©óŒ%"uKRüÖ¡TŠ‘³QÇÂzÀÖánÖjf~#ÇÓ}ÂV
¬;²UXyÐÌà_-üÝÙúšV¶ëˆ¥ˆ²½!~®†D?FÆñ"áFeëí ×I÷·ê
¥â8,‡ÚEEÆ‘@O²ë[òì¾K°îùµ>«lõ}Ö/ÎKóBD;³[_Ùv{~sqŽ[g¹&¾XµçƒŒ6‰Yó1í}“/׉ØðŸÁ>+^œócòp›ûendstream endobj -543 0 obj +563 0 obj 452 endobj -544 0 obj<</Type/Page/Parent 519 0 R/Contents 545 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj -545 0 obj<</Length 546 0 R/Filter/FlateDecode>>stream +564 0 obj<</Type/Page/Parent 539 0 R/Contents 565 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +565 0 obj<</Length 566 0 R/Filter/FlateDecode>>stream x¥V]sê6}çWì#™)66ÞhÚLïL“¹í¥s_ò"ljlɵdÿ¾gå0é¶sÃLléh÷œÝ³úkÑŸˆ1Í攣7£Ÿ7£i°\Òå_µÇ,[̃%%˾Ç1¾V’v¼/ÓÿÃòðéâ)mv@Ÿ/–´Éü{<IÇQ:YQÐ'íä¾Né==¡¯JgæÝ’–îÝTo–Þ•;ÜmþMi' 8]|ßX,µQŒ‘‡OÔþÎM*ræ“úoÿÖ4ËÄþÊÚ£<`>Í—˜Q
ÎVí·æ ùÀ#r©÷ý½¥¿ â8Mw.9/l)Q‹Ø*1Aw¦®èuœ¼ÞaÎ¥ª@æ¤köãE¥Àm ;¶g¨–AŠ×1‚,e¥Lözç‹™|qQ›w%àd.= endobj -546 0 obj +566 0 obj 1213 endobj -547 0 obj<</Type/Page/Parent 519 0 R/Contents 548 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj -548 0 obj<</Length 549 0 R/Filter/FlateDecode>>stream +567 0 obj<</Type/Page/Parent 539 0 R/Contents 568 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +568 0 obj<</Length 569 0 R/Filter/FlateDecode>>stream xWÉrÛ8½û+ºr¥Ê¢Û’œ99[Uª&‰'Qj.¾@$("& ñ$Ihúx÷†D–Yé\BwΙT /3:*_‰ásò…„+•8ÑN’Ñø±/·ß/æ4]\%KŸT>Ü·'Jœ¹
›”£OŸ ‘”Â+£]¡8Ä¥ÔìE¿WÙ¹ÙKeI®NΩ½®¤öndXÀ®°;åb6–2åR+ÙßPš´ðµ•ÑsTä`'œJ©”O²6ºd¥¦ªjÒè+yñ(JN^í”ÞŒrˆ‡ }U+ùnŸˆ˜uäm_š:ü¨%¢CÀ{©¥
w¬„ÒŽrõr„‚§‘Áƒ°^¥u)lƒ+<»qõ"“2[…0œÔNåÖTÈsKJh±—œY:Hë2õêI&#»^_ f „sH¬€q“‚øt`yC=ð2V€ÐGZ>-B°Í›Ô”¤ªC’ˆBÈ,86¦fð•ýzÑ¢E%_°/ @@ -926,11 +956,11 @@ f „sH¬€q“‚øt`yC=ð2V€ÐGZ>-B°Í›Ô”¤ªC’ˆBÈ,86¦fð•ýzÑ¢E%_°/ 8‹) íbY£.Íc’ø?14]^Ý€–ÿMÐå|FísŠ^ýš¢œÞAÛæ4"A;A,jéú|(ãfB«$‚cÉðÏI~¾çÉk\àfxOyŽaRf }S˸{¦V&Æ”0X¦™[b›¡‘ö¾Œ«Šm£—¥2CgnûÓéÊ`¸è¼S~/€v‡úc±¿e%X E7qj¤æ+ÚÑåNé¬=ïo\aí²ª.½B?Œ¸·Ùœò«ø’„¤jÚAËÚvÁê««fº/¥À¨neÎC_(âýqé¸Òá®òÚâh¼ûH4ŽÒ…†Ö0k}Ý¿Qž)ߦQŠÅjðë)‹EO¯w_ßñ˜ò¢\Òš‡‹Ð¶8¼iÜ5Û&VŽ‰À+¯7óä6*Ñ-_ÿ/þ0WÈendstream endobj -549 0 obj +569 0 obj 1684 endobj -550 0 obj<</Type/Page/Parent 519 0 R/Contents 551 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -551 0 obj<</Length 552 0 R/Filter/FlateDecode>>stream +570 0 obj<</Type/Page/Parent 539 0 R/Contents 571 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +571 0 obj<</Length 572 0 R/Filter/FlateDecode>>stream xWÛnã6}ÏW܇zÑD¶¼Þ8»oIÛè^ŠèK€‚’h‹‰TIÊŽÿ¾gHÉV”¸ÛHli8sævføÏEJsü¦´ZÐÛkÊë‹»õÅïë‹yrsC§?v‹/sZ¦i² åÍ Ÿé Ÿ¤
Á[è9þüìã{J—´Þ@ýõ
>áýœÖùt‘,’eBoÖß/fÓNl:“>ŸiçöÊçe’½‰KJÓ¨çj±‚žéºTŽ6ª’!oMåÈ—’Dî[Q‘µ.gªÖ+£É»•Þ%´†L<æÊEU¨.Êî¤%“}—¹'×È\m ÀÇ Ç0æt•¾…Ã0¿1UeöîCD7§÷.¥«Å»„ÝœR÷ó½î«BhŸ‰ö&ÆÏé{s/íNåøBÃ^oÔ¶µ`ð(9w¾{¾H“롽F ÌŇ)4Öðç”Ðmå¥Õ0·“$q%c)¨1¶ Ñ"Úw1#aeˆÎkžÆCGÛÑrp‘F^«B4´W:Sº8È•¢0ûÿ‰~kMÛœdŸ»:ŽKiœwa.²«ÐÇ2x‘£sáam/Êñ?cóÜ~´Ë!0Î/T¢®UAEÖùq×9tZú½±G§8ÄG½gªC"™öx‚‚õpæL>k¼Éц]äŽ6ÎÈÛ&ÄøÇú],ÿ^ýs<³=?\q^ÇýºA€Zëä%I‘—d6LNR-óR @@ -939,11 +969,11 @@ M°/È)3¨~éBGõj8¶ütP¸ý«L²áÐaY‹ëØM¿š¡ûÅl¸†¥/Ö°·I\0ëœiò=ïè ñz^˜òq/ 99îvL/#ÚôÚ—#WÂ\(R,l…0Jñ Ô)âä@E Ì,nYÌî¨ZNzŒ*ÏõÓ&w²"¼À[w+tŒàÈøÐNƒØr‘¡ áìqôÑ8–,Bd%p€ûq ò6Ò<ÜC"Ì‘eø†Ed§˜'ÁA!»qØÍBìx¯‘‘x- l³Ýçˆ3ó="ØÀâ%¢¿ÌÜt¬Ÿ^¯’׶4^Sîo?ßÝÒ7kÂýè7“‡9bÇȯ¢øÕjÛ]Ñßî^¿ü,WKèr霃¿þ¼ø&wÂendstream endobj -552 0 obj +572 0 obj 1574 endobj -553 0 obj<</Type/Page/Parent 519 0 R/Contents 554 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -554 0 obj<</Length 555 0 R/Filter/FlateDecode>>stream +573 0 obj<</Type/Page/Parent 539 0 R/Contents 574 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +574 0 obj<</Length 575 0 R/Filter/FlateDecode>>stream x¥X]S7}çWÜÉéÔÆëP ´3@œÔS›Ix‘we[aWÚHZÿ¾çJ«µ³™iši°¥ûqî¹çÞåËAF#üÏètLoN(¯.“ÅÁhxvF»»Æ/#úåô¯Çg§xÍÆüŽ•´â+øvºœ?ú0¢·´XÁö l-Šðñˆù!µÿîµúÒHº–þbz3§kQI÷ëëÅçƒ
28Ç¥îlº3;¿ücz=¹>ŸMÞF¿Óo4—öIÚðMå’”#ÛhôšŒ¦½ã?bø
þ(µ´*§™È7J#NÄG‡)\_^ÿ€Õq÷Jè™Ð)j‡àÿOÔŸnîþüxwsû.[rÌïM%ÒΓk¶ðÐÆ8Ά'û~´¦©ÿê;7£¯ X¹VìN´|!Q–TÉj)#³¢îæw€êνËò½D.öÖ”%[;b¦”f²Æš»ÿn³`›W&e›°!ÙÆT#S-}dÃt¦û‚•£Ç”eLùAFƒñÉpÌhO=¹iJ€#I”üFø€S¢Ræ¶PâˆT–ÌV1Ï G5*Š÷I,Í“Òbªó—¦'”;añ&ºÍ8¼MÞÐâòöhzK8é<Ê#¼2ÚÑvƒ’ŠßÀ/Á¼{A1+E¥4êj…7–¶ e¥B"y¼.Óáì‘ôùÑÆ8ßÁغǕöÈûë9‹¥p>‘yLˆ¼çL®ƒ²U~C@BEa¥sÃÄÜ“á1cyÏ«ÆKµQÚ3ÃòRXµRyH«õÏ!L6Ãz«søuÔ»²ÒJ•Js‰$qäVæÆŽ õ£Úš'UÈÖ|8•’“#ÿR3D+c«ì!ñÙœ>)] '´’Úî¬%ÜÒ¨S ~z܆¹`É%}àû=¯•x¡À))Yé\“|UpÑ·ìˆoD
7¡äé}ÑVp8» Rf)é9íÇQI;$p{…„¢³j‚×Ö‘!—@a@Ñ öz
P›ÁbÑ€Á<B˜Ÿ” Ñ á¼´F9þðšp•¤n* ®‚ÉÁ«Pêª @@ -954,11 +984,11 @@ tÝã+>En<¤o Ej‚Þ)ÑSáŽåÒ
éÓFù$kÏw›€¶¸he
æ´a€9Ž€T“ÁcêìJ„ÁòM-p"dýjkìãšGÀ+ Êêßp7~i”å<ÀX]Î&6ë•€XxÞòÖ”`ìÏž=ñÞ&0.jl?i8v¥JÛ<& hÆP²åKÏõ5‚ó#ª†b«¿ì1ºl—¸„‰£>(ßäï÷bÁºÏ@-â–Ä?òsXÈ0ºû—&èši¡rüz†–[ì%©0dP#S6a(W’AQ®Â´£y&[\„HF}VeKλv»¶ endobj -555 0 obj +575 0 obj 1999 endobj -556 0 obj<</Type/Page/Parent 519 0 R/Contents 557 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -557 0 obj<</Length 558 0 R/Filter/FlateDecode>>stream +576 0 obj<</Type/Page/Parent 539 0 R/Contents 577 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +577 0 obj<</Length 578 0 R/Filter/FlateDecode>>stream x•WïOã8ýÎ_1*Ž•hi»,¿´:©”rW ºÍÞj¥J'7q[‰ ÷×ß;i§À-H¥$¶gæÍ{3ã{=êâ·G§}úxBq¶wí¢½nç쌶Åÿt©ßÇÇñÙ)~:ïô©´àx‰c6X~t}L½Eœ~rvJQâßw)Š„Nh‘–v%ñ·0¹•¤XÄ+yÈ_5‘Ð$œ“YîÈ’ÏñJè¥$A™´VàÛ“r+¬Ž2ìSšŸ¤)Í%Ùrþ·Œaã‡èï½.µ{ái”8•É¶)%2kÛ!%/hì~±¤E&IYRz×k`п*¤5ié”k©1eÌÙ2Ž¥LiŽS9ˆÚ™XèWƵq@ËæF'ŠV0†5ì/(+„SzISPiea©íÏTŽÝ„ø;Y(ëTLfáå…q&6i§²Õ?és <¹Ò7¥ód Ž§Ê\"Mù™|™Ò0ŠªÓ&Ò]Ž¿L)„ìÓÁÆcì@žZzÅÞKšŠl.^…(”êQ¤R»p$6¿8 ›ìZÞ_O2p£×Ev§˜]5£Ž®Ï©‡h˜?ŸNC`[õ;Èiðäæö÷/ÓhJ•Jvh—xí>xÀ~ÏDDkä1!ç;XM":†Hõ»à´òy<º†D*2oè4¼˜Í¾'“h6›~ŸF£ÛýÙìê~üçè~:›¢áKo@ê„b£PÈ0]Æw4HÐ9ÆË]Jj0ÊAÉ+¨s¡ ˜3¬ÔþP…Çkã>ü\`Xf©Îµ·Âƒ'¢ò$yÎ\4…B*eòš]cP}+æ£h,¥êA^ÔŽœsÒzÔî l¤êgŸ†&_j¹r4;ˆg¨w~~F·*.Œ5‡×E^+Î8u›Í5 @@ -970,11 +1000,11 @@ h Rž–“„6CákÕ3Ž—²ße|7©‘ðsnú„¹¼vH‰Ô¡]-WlÑÏ÷`K£ÿ<û@MO|…xÉK>ýQIt¡ŸgÊÔ'nÍŵÿßzR‰ Í¡»NÙ–õFL‘ HF'mu 屑
]ŸU——ÞÉI§G'ç½Î ÏÖÓÁíå€î ãïËW&.¹Xø;!ïk÷NN±¼}ÚÇ¥=9xãÊu|zŒiݯêõy+îvìýÌ£Åîendstream endobj -558 0 obj +578 0 obj 1741 endobj -559 0 obj<</Type/Page/Parent 519 0 R/Contents 560 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -560 0 obj<</Length 561 0 R/Filter/FlateDecode>>stream +579 0 obj<</Type/Page/Parent 539 0 R/Contents 580 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +580 0 obj<</Length 581 0 R/Filter/FlateDecode>>stream x•W]OÛH}çW\%›• $!å£o@Ân$HYânµ’¥jbÉ´öŒ;cù÷{îØqZïBiilïç¹çžü8Ò ;Í/œ?¾Ð lŸÂVûÇ ¢Õº´”$–©¤ÂÀ’ˆ©XIJ³•q…£Dá+£H:—”iºîS°RŽ¾Ë5á¿RÇÒþ|;ÐÑ‘ÂÃŽá0ÌD´RZ†¡[»Bfa•ÖJ]DFÖ¤Nx$í“‚ý0L…΄ækiÃ0Vd²O4\;„ Œv+a¥kõ©´ßÊGå @@ -988,11 +1018,11 @@ lÈ2*Jn¯ÞÉ÷b™£1~áì šGßcùy¥@+ÊUý\y›5=Õð•ç¹‰Ñúu{›¯
û†Îƒf¦í98P&ñ}ƒ!H´\Z샨£° ²ôyòMÍ‘ðwŸŽ—ªÇ5uWŠÈ3*Òå,]¹ü&#!¨J†yE›ü>óUõ-¤nN¢?÷*ÏŒ+}¼õœïhÆÅaÍ'<‘·w· ·Pã2úÎXGïÐq–¼;…8¯¥³Ø”à•KàýU9xøV•¾ãÙ¨”´² …—a|Ï,yÁÝël—Ooc=ÜÚìzbAcM™ió:ŠÅeÞ¥ß-ì{^óÞðô¬Ï߬ñ¥wçÛïâòîê’îñ]™˜¨dnðXçôª·Žª×z¿dëñÙ3Ìf{Ã~ ᯃ§Ç•Ìendstream endobj -561 0 obj +581 0 obj 1654 endobj -562 0 obj<</Type/Page/Parent 519 0 R/Contents 563 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -563 0 obj<</Length 564 0 R/Filter/FlateDecode>>stream +582 0 obj<</Type/Page/Parent 539 0 R/Contents 583 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +583 0 obj<</Length 584 0 R/Filter/FlateDecode>>stream xWËnÛ8Ýç+.ºrD¶\ÇNt‘ôhÓìA1@6´DGlhR©8þû9—¤YMÁ4¨a‹ä}žs.õë$§ þrZLéÍœŠíÉÕêäÓêd’]\ÐóGs:ÏgÙŒf|ŸN³j$m°+‹9~Æ•|Ša¶°‡~KùŒVø_àKÖ'´*FÓìMvžÑë›%}µö¡_¯~žŒ?Ï(Ï㉳é'F—qÏÝè‡2¥Ý9º6^6Fzº[IKÙ<Êæî59|Q…$åÈW’ä¯V= i<ÙMx@ͦÈ'“|Œ)¹Zj£dI7W7Kv=¡³üM6e—w£é¯®¿/]d”baW²!çm#ë±8¦¤ë[e‰‡¾ž*ÔÈ{å7®÷$(%3p\hÅ“Š!¯>ÜŽaÎIßÖT Gk)
Ý«G|®–Â!=#c…b%ØÿeôŸ%ëÓ9Z‰´V– k6ê¾E@K±]ò69nCJ‹«·±ZÛ2÷T‹©!r2R–œm<R–Hßywì°:7rÛuÆŽâ㮡#Ú(-ßu{ßr“s:›žÇà(ýƒSG®kÛxzOÿHwlæŒÏÌcŸ^N¨uÿ1#ô…y!eB.]ðÿ+ÚËÁ2’@(.ùqV6ïééé)ëýÿs‚» @@ -1005,11 +1035,11 @@ $„*†ˆ1:²ÞZ/ûC²;Û<€B‘©ŒíWi›0ÆBä«çÉq÷zØß¡›Çc'UëôeøÒN¡›,íèˆf·‰æÀòòL¦8
yÆŠd zJë–™éÂM×\ÆbâQ(-ÖJ3ðL›R0HõùaŸ˜¤xñxàë~÷¾1î
d§»ú_šýáîæ J7ˆ5ãáw‘ÆǨíºÐ0§ žª\Kù='Ûð;I!8mĵ«ƒ*(Aø…€öÒs×’eWáæ«€MÉP‡ÞðJ‚—º(ªãÏéœÏYNóyß–—ß®.鶱<Ìè£-Ú-Øòä`Îâö³ÅožåÞ<g‹n¡aC>ãS¸ÿuò/9šë©endstream endobj -564 0 obj +584 0 obj 1693 endobj -565 0 obj<</Type/Page/Parent 519 0 R/Contents 566 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 27 0 R>>endobj -566 0 obj<</Length 567 0 R/Filter/FlateDecode>>stream +585 0 obj<</Type/Page/Parent 539 0 R/Contents 586 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 27 0 R>>endobj +586 0 obj<</Length 587 0 R/Filter/FlateDecode>>stream x¥XÛnãF}÷WæI,Ú”us€}¯g’Æž$V0»À¼´È¦Ô1ÉVºIy”¯Ï©ê&E3Ùd±‚l6ëzΩjÿz‘Ò5~RZÍèfIYuq·¹x·¹¸NÖk:¸~¹Æ!|Ì×+|ÎfÉšœ¦‚_À3Xé?púêýœÒ”6Œ/×+Úäòüš6ÙäIU[E¾=¬k<)*´jZØjöª!U–öÅSa]¦sò§:ÛÛÚxÕ[Ù‚¶Ï5•ÆóË™³Þ“³mƒÓµn^¬{öÔzSï`O³ùå⚦éM2C“7NW¶ÑÔaóoè œªt£™š_"_m“ÌÖ¦Ô möÆS¦Z¯=…ੱ„Êy¡´™*©Rž„ ³cˆC¡»ô–ðòz«’dêFï äÌÖú’¿f¥VŽýÐo0""GÞT‡ÁD‚&ôaH§Ui~Óù(Ó+šôôpG˜Æf–6ð²?ÔÀÁn~ÖIR$<ÿP*ÖCáë®nÀàìÈûDé”õa” •k¼ Š;µL€›|ò…=[ït @@ -1020,21 +1050,21 @@ HÑá·F-S°\³Í"¼ÊÉ?þüñ#óÀaÀiˆê%ä>X+)ëbI[üíþÝ=ëja»Ò“¹zS©Á¬]‹:ª²Åd•’µ%ô ü“9 qâ ΋®™˜^Sejì¶h_?ã¼ ñ&$úÉdõSM£«æ•ëÈOØXž;,Ž¼·Ö#¯ÕTâcÁ<<ºÙ1ª«¯®%'zÙ›,ñÄÅÊÀ`µU[,µ{›9d*ãß3{À>Ô·«ó¸¶’áƒáµË
C qÆnœÑÁx¹äÐ)®7Îuå‚Š[îA粟q£,ûX‚ŽVZa_‘z½°úrœÞat'ÆfÀE¡×ê©®‘ºô†]Fjç endobj -567 0 obj +587 0 obj 2036 endobj -568 0 obj<</Type/Page/Parent 519 0 R/Contents 569 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -569 0 obj<</Length 570 0 R/Filter/FlateDecode>>stream +588 0 obj<</Type/Page/Parent 539 0 R/Contents 589 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +589 0 obj<</Length 590 0 R/Filter/FlateDecode>>stream x½WMoÛ8½çW|r‹F±ÇNÈ¡Ý6ØštÝ´DÙLDQ%©8þ÷û†”äXMŶ-RÙ"çãÍ›7“G)Mð7¥Å”Nç”é£Ë£OË£Ir~Nûv8vzšÌiv¾Àól–ÌÈJ*pŸ¦i2mß„Cá
lá%ô?`èäjJiJË~ççZæáý„–Ù¸qÒVBK*å“,ß,ŽN®fíé1ÕÂâ—–”#+¬,w„sURæ2Oøü„Ž§sD¶Ìǘ-ÞÚw¸çÜÖØœLEwןÿ"·s^jG¦ð¸Å£$xÆGÒêYæ” |Ê6p—Á›Kˆ–¸ÔRTŽüFxRÁ ")Œmݦ§@ Ö—.ÑV®@+kŒU¬h&umÍ|£«`ƒí±óåE/;¶F]¬Éð!j´ ²7¢]ŽPZûSÏe&—¯5¦FuìAô‹ÞÐ8äï€ÿÜsH À ÂSl®hV g0³â” ÚYËùÎ ¯è(öÔǵ5M
Áq¿@¼ôó•[}÷´ÝwIo!(-s$*‹¤ÑÛ†íºÑíz:Efg‚︰®2câ"cãÉì-æhƒî¬áâ ¬s d¸8ÒvÈšóÞ²U îå®—ÃîùübùŽ<Ço<Ca•ñ¦#©Z<ø„àôÁÀ8{~IêŸùÅKˆNŠ.DL„H"×ÎÚóv'Nç‹$¥ùü4ÜÛ÷_>¼§¯Öýûh² endobj -570 0 obj +590 0 obj 1525 endobj -571 0 obj<</Type/Page/Parent 519 0 R/Contents 572 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 32 0 R>>endobj -572 0 obj<</Length 573 0 R/Filter/FlateDecode>>stream +591 0 obj<</Type/Page/Parent 539 0 R/Contents 592 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 32 0 R>>endobj +592 0 obj<</Length 593 0 R/Filter/FlateDecode>>stream xVïoÛ6ýî¿âÐ|ñ€Z²äŸí–I“t»›C7´DÛl%Ñi;þï÷Ž”,ÇHV` àXy¼{÷Þ;~oEÔÅoD£˜zCJòÖõ¼u;ouƒñ˜šr…‡.ûAŸú㾇ø(%-±´KñÉ›¨‡}þbá-8~ Pxק(¢ù’ŽG4OÝ‚.Í“ö´ »–t?£ÏªHõÞÐdN©Î…*(Ñ…-u–É’¶F+rKg²Üá?÷¢+üiJ‚r‘¬U!I$‰Þ––ºäÅ?Í¿¶ºÔ‰zAŒSÛ3‘/ ~Þ%UnŠ¨þGÕû:w~݉‡À&òѾ&ísÿ¨Ší#™ƒ±2'ù(“•o«Ýƒ*z›L¾Øcö)uJútóîŸÉÕý-u¾ÒÍôþêÃÄ=>“@JÛϤӉǨé˜Ðƒ‘¤—(YÊuêÄV%Â*¤šjiÐ¥ï[….â
jZH|ÆŠ"eJ…z<àgôC—)¾X}†*ªR«Q¶*&‰‹~²‡H¼oÒ‘)-®™¥Ìµ•ÇÞß¼ˆæ\DÝÈDØ~vâ"ÓÉ7Aþ›RîP$ez¥œt Ò\¢cç ’La[”Š•!³Mք쌴–Ù…õªØ‰U˜µÌ2.¹âPxÉ8 Ÿ°)”6 }O}ãjª´ '•‡€ÿë¤U+"bYüñ¾Õï
ƒ74ŽÐÂœú£XåŸ2š± »xäþž*å fV–Ú¹s½óÀsên£Qkˆ;f˜Ÿ‚È“>—ù¨xî @@ -1042,18 +1072,18 @@ xVïoÛ6ýî¿âÐ|ñ€Z²äŸí–I“t»›C7´DÛl%Ñi;þï÷Ž”,ÇHV` àXy¼{÷Þ;~oEÔÅoD£˜zCJòÖõ èMŸÓk`:Qà•+é8WSåâ€9 w Akô‡RÜ«Ëf ÞfÔÐ{…ÎyAO,)Äx†ÚMö°Á%ÄÏ©G&2e T¼š¿•c9PxæžË»æã…+†¯~C!æS¸fM”B®"|ŲQé+êäT¯;£6Ã_Ë~°ŽèÓW7^
7|K¿lö¿VAk-4ù\÷ÄRx9´¿=.ãgn¬Ž®|¥çÛbÃŒÙÕýõ}*õW´”nt²…È»
rÞ¿«ã·µÿß ìúÈÍÝR£GEÊ¿·þj¥µendstream endobj -573 0 obj +593 0 obj 1424 endobj -574 0 obj<</Type/Page/Parent 519 0 R/Contents 575 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj -575 0 obj<</Length 576 0 R/Filter/FlateDecode>>stream +594 0 obj<</Type/Page/Parent 539 0 R/Contents 595 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +595 0 obj<</Length 596 0 R/Filter/FlateDecode>>stream x•Tßo›0~Ï_qêöÐIÃByLÛU{é-H}©49Æ$nÁN±IÖÿ~w’(ê4
$ØwßÝ÷Ýç·Qc¼#˜Å0IAÔ£«|ô-Y–ÁñѬñcÓyÆH²¾O&,…FBI¸ˆiÜÞÎ!Š /1{šÍ /ºõ1äâ2fS6a1ƒ»%<)]˜½…ûî¸Ø(-a!„iµ³_ò—Qx›ÒqŠèyq™o¤•À¼‘ojdFWï°ßH
K^¯8(Åÿ܇ÂÔ\i endobj -576 0 obj +596 0 obj 736 endobj -577 0 obj<</Type/Page/Parent 519 0 R/Contents 578 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -578 0 obj<</Length 579 0 R/Filter/FlateDecode>>stream +597 0 obj<</Type/Page/Parent 539 0 R/Contents 598 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +598 0 obj<</Length 599 0 R/Filter/FlateDecode>>stream xW[oÛ6~ϯ8@6ÌùçÒ{h»õi:Ä{Ñmq•H—¤â¸¿~ß!EKV4,› (5ÅsûÎw¿Íi†sº]ÐÕ
åõÙ‡ÕÙ¯«³YvwGÝËnñcF7¼–w·xÏ—ó솬¤
öÎh±¼ÊéÓõ"[ÆOP†¯°p|AÓôÓ[ZÌhµá›Û;Zá;VòÉÇRì¼´t•ÑG£7jÛX¥·ôåýgÚK…rÞªuãeAx¿Yýu6£ËÅ:&¹ÔÞŠª:ÕB‹-¶ˆÆ—XU¹ðÊhÞͶçØζ/¯æð’WÙ<£{Q¯ ]°±¸uIóy»uqËß“nê5Ü3úC«grçeíèa"·ïè¾Ñto*a•{xsAÂÑ^Vÿ…DÏx>ÜÿBQ+xɦ~Sºy¾ möÔxU©ï’·¶aÍRXýR5ÛXW’ÞŸÄCôÙM%Ù<|~xÍ9”øyC;kžT! ˆp¸ °`¬úp žXéLcó¡íÜ ˜fíÒâÌÌCÙ…( @@ -1062,35 +1092,36 @@ xW[oÛ6~ϯ8@6ÌùçÒ{h»õi:Ä{Ñmq•H—¤â¸¿~ß!EKV4,› â|µŽ3ŽPV“i<"ÏåÎæPÜ™ST{¡ïDý¸Ûë̵{ŽôIcR½åSaŽƒç:ÖÉùàåå<›¥`prrýœw8›Û%%´ŽöÏîO©ÅU~syPïiÛB{ÊPzhCààZ^#®Mðè¥ðy87’%J-öÄv<5»—ÜC-õü®…ª^J¾Æå6_ä@mœ¥uq=€
®ç¹i´oÍØœò8–ÃðyUËó'rãA÷èÒÃÚ½|¦g,Uã’ç C_v¬ myzéðùñ<†ÇÌæE[)æ8²èíáç«`éL~…óÔ»Óø’Kä¦bиQyfïÂ@€sØÊ]%òÐJê8Çd(ÃÓˆ> endobj -579 0 obj +599 0 obj 1567 endobj -580 0 obj<</Type/Page/Parent 519 0 R/Contents 581 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 35 0 R>>endobj -581 0 obj<</Length 582 0 R/Filter/FlateDecode>>stream -xÕXmoÛ6þî_qÀ0ÌbÉvœØ)°)²–¢[¼o6Z¢,6’¨’’ï×ï9R²d¹)‚6l‹¼×çîžóçÑŒ¦ø›ÑrN—×å£7ëÑOëÑ4X¨ûg¶ø0¥ùÕu° Åj‰÷Ëë`EFR‚³Sº¼¹ æ_|r5_áàð´àTÿAEø–ÌhÀ¢ëÕ’Ö±{>¥u4.Eþ‡Í7¥°6°úÕúÓ(|»hNiŸª(¥ÚJKU*éAäA‹Jl„•ÍãH•P…?r¯"£N*º¿[,"s(++Øk³†)Mf—pkSaSiZ§ÊvrñÞVÚàš*H*¨6äMkSX[f:YhÙ¬°4j'*6Þ쪞3§zF„²Š!Ï^&mؘS°âx5ˆŸ×L±,e«bKºp‘ô¡Cåe&s‰hV -ç¨<èÚÐï…z -QEýDö`+™s¼ä™-_Oe®ã:“„ЖFïTŒànÔ¤t'…Ê=ó`ÌØñq5½«(m$E:/UºÈ¤çÓ06“É©›À,êÞ¶`ó‡;¤é’}¶$ -QÓYL"³š[¬Óʹ\0D}#QÄ´w§ñ´FÓä‚ვ¡m QPNz”Šb‹®S[®³žŠVÇÿï£(Ûg -ð·Ïƒÿ½®äk×Rj˜i‰èÑQ“¡QÊ%ãDÙ
ÃíØóÔ.í f¤æ~8ê
³A9dzÌ@ 0p¸7l¤J®·ˆÍX/äSÕ>ÃaÆ%Ÿv&ô!“Ì:LÀ›±ŽêÊ4(G z3Â(úÕŠ%ìÎ,Äo…q\ÕÛå™ ¤A}J±Q¦Ø°NœaÎFåæIOÊb§Œ.Ø,”¹Îe3˜XéÑV®ZÀµecÎWŸµ#Çu\€³s>ŽÚ U©¨|ù».0p~Φô[–äص î -¿|ÎY¥:&î™–¡< ³í -8®§¤ôTùø¢9}¤áÐV@X|¶€ñÜò—Û³½¢1öPDüÔÇYaÁɧôÛÏ£Å*¸¡ë%"™Óìj\ú=ðbÝqI0ú%v\G&»hÒDZ•~aêc'Ûñ8ªòu:7¹m¶!ÛÒvïøôÇW>šÇ™Kíi“)›rmsgm1a7ÊE!0h/(î’É’y÷Xv{0¸…só;rG+\MðÎÕ²œs{CßáòãXn_ûþËÄž÷§†& #€'ˆ²ÌÎÑìÙαNµ0†¹€3Þíw©Ø1ãhi5œ(QÆpMÄ;Ôܱn„*Ð.D!¦Gp¾ûà6ª$Ýa½‰°Í—˜†=ø} ¹¹½{€í(aTa&°Æ5îc\@æë*o†‚ -YáW„Çá B)'hÒ
iY5မÑõÍÌoy·÷onéƒÑŸ`Ýõ‡Ëˆ?>YÎñÃH<~A.–ì‰îôÜŽ€î¯£¿|[’“endstream -endobj -582 0 obj -1691 -endobj -583 0 obj<</Type/Page/Parent 519 0 R/Contents 584 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 40 0 R>>endobj -584 0 obj<</Length 585 0 R/Filter/FlateDecode>>stream -xTMsÚ0¼ó+Þd¦VlÚé4MOé¤Å3¹ä"l•‘%W²Cù÷]ù#¸43í0ai÷íÛ}?'…øD´Œi–PVNnÒÉ—t²’ÕšÍi¾ZâwŒ?+hï¯ïÖÍ)Ýãb²X°„Òœp!)ͦ36cô°¹§ÏFï塱¼–F“ÔäÊË°y•>÷€Æ5Šüׯ“(IXLI¼Ä“%EëÍú•¢m‡<§(ê‘ãÕrZP”Ž¸&S]¢RÆ•9õèã×KŠ#_`‡ì±Ækœ&![N¡AËûLÞh ÉÊìĉ*^B>W[™y^Γ8?ÑþÂSF„"ho”2G©¾˜½5%ÕØ5:PR*„ªð/›²}(è ƒhõÒ|z®}û¸I?¶XÄ š‰ÓÇBhÚòrÇÑÔØ#øžøF ª
ÍwJ´
tMU[ÓÓT2ÁZá®ïжS -‚£¬‹ -Ù²_õö±ô‘Ç©ëWG~r¸kÛã9_EȼS2Ž²Ì~°ú ¸‹5bÕ±ð¸ã5N“Õ+Çöt´Æé*FÎwßÂPæe%°VfOU
[8w46wô‰NâY°‚;?>Ю^É xµ»Ÿ5¥É%`e®½‡ç¶b>÷ú ®À -ٰПý-EVp-]IZˆ3¢×±Â
öZ^¸g{C¯u…Á]JÂsÚn;~èÓ³ÒóæT€ÚôfÁLÀè]°Õ›xÕ¿%Kæg7&ïho7÷7z°æ‰ [“5>!—ýë˜þVÐ]ûÏ=_ÎÁÅãLã¨çø}òšAÂáendstream -endobj -585 0 obj -766 -endobj -586 0 obj<</Type/Page/Parent 519 0 R/Contents 587 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 47 0 R>>endobj -587 0 obj<</Length 588 0 R/Filter/FlateDecode>>stream +600 0 obj<</Type/Page/Parent 539 0 R/Contents 601 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 35 0 R>>endobj +601 0 obj<</Length 602 0 R/Filter/FlateDecode>>stream +xÕXÛnÛF}÷WPQ +K£v¢’aãÍÞ©ê9sy*¡gD(«¨òäeÒ†9•+ŽWƒøiÍËR±*¶¤IÊA0T^f2—ˆf¥p.ʃ®
ý^¨ÇðgUÔd¶’9ÇKžÙò|*s×™$„¶4z§bws &¥;i,T왳`ÊŽgˆ« è}E‘(h#)Òy©2/–2RÉcŒø-Ž÷Hà¸gœ?ÑL—쮚dA¦. +å öÊú³mÖ{9èµJ³‘QeÝÁð BÚÉÜÇ´ ÿ©Ø~Åù°]’•Ò¹ë¨îRDÀçSi=#-²Éðßced¨H'N~Sbþ&ÅÊVFmjPЪ¹æJžÒx¶æ\Cß}ÿáæ~<
&|€µ£¿¸ÏJðéòÁjp…Ì9pqºþÌôV¯àŸÙ©È¹Ò1)ê*¥Þ‘_jx·õ<E7¡BÇ2‡¡(ÒuQµwÐì¾AZ#öŸ i›R+åå–t}eÌ™XúnÆU™è,Ó{†0J#üLÚ¢©TTgÂWx,Qg¨:æáz·âmK?6SŽ~¹7çü_ÂŽk¼ß€“8‡™Ú„VFµQÕÁÕJã5Bù¹EÙTÄzO¢F,ž†Ôe;)è´¶^(íë@ïÁë…róxá“Ü6É>ÈÞû ÒáL> +¾=¡»ºÀ`E£FCÍEŒGš‡¸;AÇ×Í[¹ÃA7˜ê*"—Ö6&Í æÊÇdR‘ë!=Ô ÌZ…¨é,&‘¡ì1 œV–Èàâ +`ôÖˆœDÓÞÆÓÚâ +†Tv†¶DA9éQ*Š-ºNmÛ©Ó¨huü¿ðÞ8ú¢ŽùB ý·à}î £§ÒCð§Oƒÿ]É·®¥:Ô0OÑgFæç)F)—ŒesðKP´cÏRctl¸`´ƒæ)AØ0—•CžÊÇÛyÃ¥ªÔèz‹AŒóB>Ví3ÏÜigb@2ÉœÙÈl¶¹qÊ&P/ƒpô¯7#<ý£¯ÅXÂîÌBüVÇ4Ù"ÏÍPÒ n¥Ø¨S\±b7œÊÍ“i‘ÅN]0ÉA™ë\6ƒ‰•™W-*½å’Î}Ÿµ–«yRÅÙ9GmªTT¾ü]8?HgSú-ïs» î +º!Ž{…H)2õè•Ñ9üj#Î çmd£Š†à'ý蔓ž*]ží+ nŸm<¶üåv·éÕŒ±‡"â§>lÍþ
J>¡ß~º˜_×´˜#|9M“àÿ'£þV £’ ô+Z,Œ.–ôqÄ«Ëîvz'‹ý(ªòm:õÛ6Ûðô´»Ç§?¾ö±<\’èM›Lٔ۵ж’²àTLÙËnñÕÀ‹Çª[áA,h›_ï;Ná +‚×Å–àœ[9÷”GrûÖ7X&öàj8ÚH‚(ˬ!ÍWαNµ0†‰€3Þ¦©Ø1Ýh95œ(QÃpMÄ;ܱnw…*p®B æFè‰Ýw7Q¥ é¶ÝÎXoxwÕ,µÓå +{ñòzê÷¯‡›ûw7ôÁèOXå趿 ò½±?>^Íð…K<zAqÌWslpîôÌ-u@Õ¯©®*endstream +endobj +602 0 obj +1701 +endobj +603 0 obj<</Type/Page/Parent 539 0 R/Contents 604 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 40 0 R>>endobj +604 0 obj<</Length 605 0 R/Filter/FlateDecode>>stream +xUÁnã6¼û+Þ°b$Ù–=8ÍîžRlk{É…–(‹[ŠtI*^ÿý)9¼Z1DÓä̼7óôï,£sZTu³ÇrvÿiIYFeƒb³¦²¦”¥iJe5ß û*+A/óíÓî厤&g¨á–¸#²¢î+/&ÓÐIÖ‚¸œ´ð'cÿ!ÞûVh/+ã-oY±»òÛìc9ë‚å´Ü¬ñœãß +jJ”-GJËœáqBjÁŒ¾lŸé£yèípàÖíY…/¯-”…¿?ϲ" +÷U8‹X‹†÷ÊÓ^´üU{ƒ +ÝPÛ»Aj(g¥’ãÅw›
£Õ9ÂâɃ6(×øj¤„Ã?bô§ñ(iË}€F¦òu(øj±ÂgG‹,eëq5Ú;Å2$`§¡S\ø™À]lOà|bØ=8¥â…иS$஫EÀ®±[lÞ8ÆÝÉ»›A¸ž}7™·J`Êž¶p#¨vô;Åd#Ë¡Ñ¡]c%“àÍîaÖt¦î•€•¹º87£
¹×q +endobj +605 0 obj +822 +endobj +606 0 obj<</Type/Page/Parent 539 0 R/Contents 607 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 47 0 R>>endobj +607 0 obj<</Length 608 0 R/Filter/FlateDecode>>stream x¥WÛnÛF}÷WЇ*€D‹º;@ ØIÕä!(Z«ŠªKr%nBrU.)Eß3C.))M‹ à˜ÜÙ¹ž93üë.¤1þ…´œÐtAq~÷´¹ûqs7V+ê•{<Œi2›3š–øûa…?KM;¾C¨é~Aü~ý@“1mvоX®h“È9Þăש:Tº¤Y@o«L±'EïM\Zgw½1®*MTW:¡µÉô‹ÍÇ»1&3(<Ÿ]¥sªJÉô¬òH± ó™(Wqj @@ -1100,19 +1131,19 @@ P½¢çÇ÷O_•ÁÑ4AôÜmî6•ìÜ×ìXýÝcÙ²º‡$sÀW,õÝÙÛéÑ9B¦²½køìFi·³œé„äh0Í°nŒú ¡ÆèšO¤ïœKØæÆ2va]2›hv,v™ÉM³‚JðÑõœ“ª#,þ® u´&Ÿ%H°GÏ °gå‘ÁD–,áÒ½pE ó¦%›Und~Ú²Í7~ùoOjâ7[ÎÀMø¨J“ ¿ÀÖñËÝßgc!uendstream endobj -588 0 obj +608 0 obj 1534 endobj -589 0 obj<</Type/Page/Parent 519 0 R/Contents 590 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj -590 0 obj<</Length 591 0 R/Filter/FlateDecode>>stream +609 0 obj<</Type/Page/Parent 539 0 R/Contents 610 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +610 0 obj<</Length 611 0 R/Filter/FlateDecode>>stream xuTËnÛ0¼û+æVˆUKvý8&MskÑ¢.zñ…&鈉Eª$eAß¡$'¨‘Z0 ˆ\ÎÎcùg’cÎ'ǺÀbYMîw“Kä9vG®¬6kìæÙ|>ÇNN§S‡ #š±Ô]up'#q2ö% :ÔÎؘ^Ò2¬Žó/¥ð: s
Zaã-„UQøˆŸ¢:ˆìf÷<™cV¬²%1§¿‚öÎâáf¢e1äÉh¤°°®ÅÁ»6膛½&+n&ûôgí!"öü…„³ß«cÈp'¥ÁØ'èù"+z"#à|¿xÀ~Ú–F–uÏPÆk7ä4RÚÛß qáúªÅ˜íåvËD¿—mZÙßFùj¥›*Iùv#ý¼ûz‡ïÞ=sñàdSÑM‘¬K\gCÕl(›^ÏÂr½dzsŠEÚÏn~Lþ©pendstream endobj -591 0 obj +611 0 obj 687 endobj -592 0 obj<</Type/Page/Parent 519 0 R/Contents 593 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 50 0 R>>endobj -593 0 obj<</Length 594 0 R/Filter/FlateDecode>>stream +612 0 obj<</Type/Page/Parent 539 0 R/Contents 613 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 50 0 R>>endobj +613 0 obj<</Length 614 0 R/Filter/FlateDecode>>stream x•XMoÛF½ûWrb Ñr®eÿªÅ?ÆÇLy½íJ²÷e®ª½Cç4‰X5r[¹–"®i)Ô|g-Çàì)GëÛçÑ´¦,Émônñ‰Û±5¥¦C§`¡Ô\I„§z»¤òÊX Á«UÍ”åBIZ·'Œ:ÍùÓ×'‹õ,]ÓòêºZÑâjÎû«’î»3\^I˘ýh{o¡«Qµqh™ëêÊ–žUÙé˜>ÕÊ«J3Ð9O„2vUÑÅâ"½9_ãîêj2†uœ‰¢ó»E˜Ó4l²¨SVRÓÕµó|0#¥3Ì ª¡Ö–„+:§-Z̯ßâ‚ø³àl€ßV•ì É*²ÐµVm
.ˆ5§1ÒÁÖÕŒ&ÿp™dx?Rôó»¦)ÝH]¤,ˆ\¬ƒÚ{ׂëF3Å=þ‡ž5§SÓ_cä'É‹GéºË
+ø‹YO&!ÞYí›ÂÔ“‡_–üE?â&ÂNËQž@£X{ U¯êIÓ5xô£Ó
G5Àˆâ[”ˆÅ¿ÐeŽÎ…Ñ`&qœ£n¨ºÖÊ“ à @@ -1122,11 +1153,11 @@ x•XMoÛF½ûWrb zö:|ñâ…]àµtßð 1p6¦=’™6²é²d»Ìá]áÈíl¨ô$ÓJ󹕀 îh?)ÅÈÌGmúE»ZE¿÷ƒóè¦7÷·_ÿ¸ýúø(PzL~cub;o'±^‚LcP›qˆ'ÁÐ4_FãQ·ï?~¾Ëƒ½D;Ÿµr3˜ãx~bLB•\£šË¶&_£hüÖˆÊC ¹³²¹M#?Êú'>sÝdÞÔa¥myFÉWì¨ü™sì+Fp¼ÅðËûzÓ‡ÛckXŠú>…^5ÍÎùœr5ÇæýøöHåcÑbÝ”B8¹ŸÐà¤#ìyèC Tà€AâŽ÷½Ãn–¼ÜÁÆ,†Y¬«ÌÆC\³’×÷ª8Þ$p.èTè× endobj -594 0 obj +614 0 obj 1797 endobj -595 0 obj<</Type/Page/Parent 519 0 R/Contents 596 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -596 0 obj<</Length 597 0 R/Filter/FlateDecode>>stream +615 0 obj<</Type/Page/Parent 539 0 R/Contents 616 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +616 0 obj<</Length 617 0 R/Filter/FlateDecode>>stream x•XÁrÛ6½û+vx3£Ð’lËN/Û±;î$N«I¾@$h¡& €,«_ß· ÚhóŒOnE¢\ ÂöŒDQè
Z[iÂâeVªJYg„Ó†j£^T!Ÿä›ÅßGz;=If¸<NuUÉÔÉŒÈi|?9K&É)᨜&,¯§+Q=IÄ" ±IcWª&å8Û’®h©— B§¢@·aik,I›ÁíF–ÚI*õºâü~ìj¢È³Lh±$ŒÊ‹P…X’#ª…q|3‡Â‡ßÎ\ã™jÙü¶E;fDL×F¹-aݳ¥
~rQoýŽJ”[º, @@ -1141,11 +1172,11 @@ Np#PPF¡sÉ ¨¶o¿\ëºrwòî-÷s¹;9{IìA–»iB·|uG‘úuezì´Í:P\€C»¦8~2z]ƒX ¸[óÌ ¢!–èÔ0ð{6ɯ½À3èøö¢1ªÓùy2ÅŸ ØKáùòpùñê’>ý7ƽ×éš
†pà&‡ò6l{>Ã_²øÿ½OÏOñöô_œñix·þqô©B6¦endstream endobj -597 0 obj +617 0 obj 1783 endobj -598 0 obj<</Type/Page/Parent 519 0 R/Contents 599 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -599 0 obj<</Length 600 0 R/Filter/FlateDecode>>stream +618 0 obj<</Type/Page/Parent 539 0 R/Contents 619 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +619 0 obj<</Length 620 0 R/Filter/FlateDecode>>stream x•WÁrÛ6½û+vtRfÙRlÉéÍ©›i&Ý6ê´_ ”“¦õ÷}»€$ r:ÓñØÖˆÀâí¾·ËïgSºÄÏ”3z7§¬:û°<»øxEÓ)-<™ß,h™Óåäòò’–Ùx¹ÑäufëÿZ²åÆ鬵nKv•ñÞØÚÓFyª-9Jª´ªM½&25µØÿ×ý§Ž÷Ö•9)ÄtºqÚëºõo–ßÎ.éíôÝd SjÊ @@ -1154,20 +1185,20 @@ SjÊ N"“:G–¿]Ìð&›ÿïkÍÕâ ÇÈÖÙœãð?Îþ²ãÓcendstream endobj -600 0 obj +620 0 obj 1613 endobj -601 0 obj<</Type/Page/Parent 519 0 R/Contents 602 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>>>/Annots 63 0 R>>endobj -602 0 obj<</Length 603 0 R/Filter/FlateDecode>>stream +621 0 obj<</Type/Page/Parent 539 0 R/Contents 622 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>>>/Annots 63 0 R>>endobj +622 0 obj<</Length 623 0 R/Filter/FlateDecode>>stream x¥XMÛ6½ï¯ä²°«•ü½zHФŠ4mãc.\™^3+‰Ž$¯×ùõ}3¤$Jv¢E€$’Èá|¼yóèoW Åø“ÐbL“9¥ùÕÛÕÕÝû1% 6ø2_.hµ¦8Šã˜VéhcËTÓÚ”:my¤J§ûÒÔGÊíZ¿^}Åæi»ùv<¦Ø>úT`“¢}¥KJ3“>UäÖÎüÚÑ«O¿½êoQmIívÙ‘ê&Úé27UelQÑg•?(ÊÕ®’oæY½¦àÍl0¦ÛdÙ>þî±´ûÝÝÁ–Ùš¨¼;ܽP]š]¦J}CªX³É‚&Ë(ÝêôIŽH·ªxÔëÞ!È‚¢Áfõ¨LQÕ²öÁÔ[#S°ïVWœ>É!%ü¿¿~½Jæði>aÏrZŽÛ‡Œ>s øÉT¼îRÏYðö‚
9%ñ2š{[Íöþyå#u5õ'•TÕ“d®5"î‹‘¦¶#Ú©RåºÖeDoŠ#IÌõVÕD]jdÎåK^)¼(l-9A]®“k¤©2Ug†xQ¦75}+N¶…S™-€ IYká"*Ù×]iŸc¥[g¼ETjóªÍƒÉ˜»¦ÞzNG1(‹[±ChË;>Û´Q©ß‡ðÁ4¥]ïS½ŽhÎáú6TwRd¤ÙyQ[Ð!¨&[ÀsËË}¿[8¾x±Xø9ó³j>‹!”©ü랺ÊÇL3!™ÿ®_j·0cÓ¦uCgÕõ˜N"¨.ÄAx~NSÁcß›¶Š§8@(dè+¹ÉÓô«0@ÓåRà.ÃÆ=´1O—÷½ˆ›)ÕòE܆ð@n§Ü–Ú²ÔÕÎòÜðLã[å<Í ÏI,gH "S¸SŠ7Ìd2]gW[ðS“UC‚¨j¾oŠzä¾å«*Kë–Y)¢8'r«0 \ãòh÷¾ÏNíw|‰awÀØ-çVþÔÍžo¾–um&—.GîžNN¼@€pΔ¢UÁNÅzP‘ÑFËW—ÕUq]{E§p{DçÔ&Ýgªôw*()‘B"nø endobj -603 0 obj +623 0 obj 1658 endobj -604 0 obj<</Type/Page/Parent 519 0 R/Contents 605 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -605 0 obj<</Length 606 0 R/Filter/FlateDecode>>stream +624 0 obj<</Type/Page/Parent 539 0 R/Contents 625 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +625 0 obj<</Length 626 0 R/Filter/FlateDecode>>stream x•MSÛ0†ïù;œÂqãHÚôc¦Óii3í‹"+X`K©$“É¿ï»ò®n.1’vß}ö]é÷$¥9þRZ-èü’d5¹Î&o>-)M)Ûbår½¢,§y2ŸÏ)“Ó+O¹òÒéÊÏHºÕFÐ"™'K …¢p¢RA9OïN³G[ôÁf‹KìÊò©tJE•ðO¼gNýÊÖ:©¨[·¹çÚ)¬;¼~x°¥=?,¨Ï´WNQíUŽ*|P"'»Wk/kÏ{ ìNXËÇlt±\&Z®Wøâ ±¶
»·”¢Ffw‘2”!½‹d•Ðg:Bm
íu(bR„É…Ë[ž[]*!€s
P(v·Óæ¡úÒÙ‚»3mz€=ž¼TWȇ›ÛAŒžî§¾– O'hANdMy8¹?ƒ`£»oŸÑN¹J{…žƒ b= e…öm?Òs”ԕ؃ƀ†hÝ$Ù–Z|…½R¦áÚ¥¨Å«@ÏZ4å+Y;D¹¥} Ð8vh”ClqãˆX,¡öDç¼£h/øˆöQ°/ìžêáSw•R@ÆRd9 )•÷D°gÌf÷F9Ò
,KêbôX#U0Éåù虾ôÅCÕHèÎ Y¨
¥lõ¶l 5Šð44PáCf¬Ü,µ<G4bòÐ @@ -1176,22 +1207,22 @@ c¹eœ2šz0€?9VO‡ÛËhbðá ÿËZO@눾êD2“C ã4„=í™<9îC´|‹æý‹®QpÚL(u3‰@b‹»†0&¡ÿ5×<a1¯4@{ÈÇŠ?ÂxèÞÖ›[ð`8ê2‡'0vž ÌÌ8Ù{a¤*ÿiª¨”Ç
9îe|{(¢„GIIàßð<ÙgåœÎse†—ùyúÚe¾nm—^®~$ñÃÛ«¯×WôÝÙG¼IôÁʺRB¾ÙYð¬95kŽMÿÇå¿\-“5žÜ¼‹5çÀsôcòY.jµendstream endobj -606 0 obj +626 0 obj 853 endobj -607 0 obj<</Type/Page/Parent 519 0 R/Contents 608 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 70 0 R>>endobj -608 0 obj<</Length 609 0 R/Filter/FlateDecode>>stream +627 0 obj<</Type/Page/Parent 539 0 R/Contents 628 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 70 0 R>>endobj +628 0 obj<</Length 629 0 R/Filter/FlateDecode>>stream x•WËvÚHÝû+j‘9Ç$0†ìœ‡g2c;N '‹qÔ@g$µ¢–ÀÎ×Ï~ð2™™ÛÇ GwÕ[÷V?‹©Ÿ˜.Œ(-Î^ÏÎz×Jú4[àÎèrL³ŒúQ¿+içÍJT¬iÑ}ÊF•Kš¶U¥ë†TISQÌ%Q=¾œ}³+ÅC·RwG Öꌢ8¢÷eSë¬M¥K÷äâØ?™\òs¯åR•%o°QÍŠš•´÷©–¹FžûÝŒÛÞ}¤ZKú¢ÊLoÝͨ q2]‰R™Â*ª\²ldÆ»÷©\tk%ˆn§ÝO÷oè¡£"Ùe§÷>ÜL§TŠBfT©J>¼ŒÈµÒ¡µ¬
R1¤äãÒeþD>8¼s#Ê[Qn£9Ú6yn"1E Ü
K‡š-tM w-IvíðÐ©å» [»ÃUë%uVMS½êõ@8¦¡‰ŒnëTö¥ŒJÎ.û‰ßbr€1ôgHžª.Ãà›ÂÓÚFÂÅ&Ë:p4]‘04mDݼÕé=G*ëszW¶ÅznÏ9É&"pþ¡3•¨ÖõXÆà ø:PL@7šD±ÿ¶ƒn8æRï+Éíôí¨—¶Ü†hZH4ÿba²2*TZk£M”ê¢wû@bbº–h|,Ü؃á€8’ŸuâÕý{ðçøÜŸ?˜D#¦ù~k1IÓTCo4+^N7Ê _@Ó77؆‘-8¤çßdŠ{'¶þ_íÃT×kBh~† ,þ½•$ô§ªÚÜ(jÝ.²¶F²tA líYn2ш9tÖX,M…z¦–ßôœ>ü¿¶›ŒÑPÝ€Ül%Q°¨8—²$£.äѤº\´,±$æºmh³[ šÈB*¤€öB}p]¢Ä@³¦RÓð‹ðŒïªäs:–5;å (9Õ³z7ÅUilHy[/ë+m¬Õé:sඋp[-j]le*H$çŠæíòhgù>`ƒïì#…ž,D¶ïd‡’R :‘ÖR°ºv^h=ÖjÖUÿš]߆rË$tj¸ï”Í0X{»Èш®©·Ø.'¥~Z6 endobj -609 0 obj +629 0 obj 1754 endobj -610 0 obj<</Type/Page/Parent 519 0 R/Contents 611 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 82 0 R>>endobj -611 0 obj<</Length 612 0 R/Filter/FlateDecode>>stream +630 0 obj<</Type/Page/Parent 539 0 R/Contents 631 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 82 0 R>>endobj +631 0 obj<</Length 632 0 R/Filter/FlateDecode>>stream xXÛŽÛF}Ÿ¯¨##Hê#ÀÚÎÎÂv6™Y,™<´È–D›d+Ýä(úû=UݼH#g7<ÓÓ·ªS§ªN󛈦ø?¢eLÉ‚ÒòæÃÓÍߟn¦“ÕŠúìƒ)%Ód² Ùj‰ß£Õl²"«iË[0‹sº°þþaFQDO[Ši±šÓS&óSzJGO{í4”U¥®µuw”WiÑdyµ£·O_oîâ°wt°y…%”Ùü?¶y¡ýŠöôQÎ)سÑ|L¦V§¹ªuFªÊÈíMSdT™š°‚/[«#6ý×Ü$ëédM‹%\§’fÉr²£‚ÙQ8³Œ09t§q¸$¯¨ÒGüpµ* Uç¦r¢c©40+¯¶Æ–òw2ÕûÜQºWÕNßLÓZhõ~Ö+´€;‡vÀªÅª³1XÕ#/Ž FÙñ“óx2ÚÌæ`
x¼ñÔ¹6ÓB0¿Š”¹YÔýLŒÓ[âÝ?¬)š1Ípcv
h¶˜Ä“hB†ÇàÄoB¦7¿³Ù==§4Ž—ìÛ§ŠŒÍ<ø®9Œ%Í¡0J¸i¶tÁG!$øË,Wclñojªm¾k`¤’.S³ß³Î··Ø"+d ÷ôð›ÀlÎpfæiö¨Êºu`£R…#gH,åó ë‘)'ÊKö@U5=û,zÃSÌ*§íKžJ®oNDÿΫÌ}yòÞÊzd)“ò`ÍKžáˆ€8ý @@ -1203,11 +1234,11 @@ tÕ4vP× s
µÂÁÁ·¼nYˆúdHÿ 7®ž\þêô` -oîøb>õj+Öh\ñr…l*i¾žÌà ´Ìaˆ—kɹ3…Ò6ßÁÖ ].Z,‘´y{>¾ÿüá=ýÓš¯ Ÿ0äSˆ„Ù//cþ†0ú«O³%ù’eÉ”÷" ~¹ù/)¹¦endstream endobj -612 0 obj +632 0 obj 2102 endobj -613 0 obj<</Type/Page/Parent 519 0 R/Contents 614 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 85 0 R>>endobj -614 0 obj<</Length 615 0 R/Filter/FlateDecode>>stream +633 0 obj<</Type/Page/Parent 539 0 R/Contents 634 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 85 0 R>>endobj +634 0 obj<</Length 635 0 R/Filter/FlateDecode>>stream xWÛnÛF}÷WL…Q äZdaj;âŠ)/´þhTŠi§Ó[ŠJƒÄêÐßǾ$.-“؇=FcJä×1ep*yTX.â ‹ð+Cå™°dQÝsIY²Å®·’\ÊA,µ&„<Õp€RpYVÂ)üÉQâèÚ€X™¢'Ä"’´¦(&Õ ×¢&Mïi6ŸL—7sºžO>àcüa<¹_ÞÝÐíýœ–o&¶¥ñ‘3#_ŒOÓ£;Ð*!ÙØãoE¼±eoX/húþîŽL @@ -1215,11 +1246,11 @@ xWÛnÛF}÷WL…Q É3‹mÛ,Qî! ÐPT¾‰/\R,¡¶—Z7±Ìµ*Û4Ùmæ9Os5àJÇ@|§Èîx'ölšÿStTô³Òƒ r‹s£#bp…Goû×4ÑÊÃt»v—ËÚߺåË:ƒ¡‡ê!öÍÅøíå-HæB½Ö~ÆY ƒì»“ endobj -615 0 obj +635 0 obj 1803 endobj -616 0 obj<</Type/Page/Parent 519 0 R/Contents 617 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 94 0 R>>endobj -617 0 obj<</Length 618 0 R/Filter/FlateDecode>>stream +636 0 obj<</Type/Page/Parent 539 0 R/Contents 637 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 94 0 R>>endobj +637 0 obj<</Length 638 0 R/Filter/FlateDecode>>stream xµXïoÛ6ýž¿âl˜ÄŠ$;¶ œ5m3´I»í ³gÐÒE!cº{l”=wgÑ"½·à%Þp4ÛçqØðáŽԪ‡´–YÖýZ¨uAV¥Ç6-ipÕ½7pMAŽ_ŸRÐoèà‡Þh‡/ôzMVe©th™Ðh•ß&tã¶õ®Í¬nÈÌê\L³bZ€9`¡S#ŠWð¨],ïe¦ÊL¢K$<ù ü°´ãKA°à³i°ÄÑÑ`޺Ȕˆ÷ã›(MïÿféàPâv>XÂpàZTß|b3FårÍ8I¬¿®…®í‰Gç,5ö_&”+þà„¥Tâ&ÏN¶Û7Á`ètÒ!3s ƒ‘7lFMljbxŠÉv6@$ÙP›‘’98e>²`š‹mŸ @@ -1229,11 +1260,11 @@ xµXïoÛ6ýž¿âl˜ÄŠ$;¶ œ5m3´I»í mž¿€Y.8qžðÍ+ŽKw·su
⼓zÒ³åÐ|Ô]`mú“=n/ºó^³<j–w‡à‘ëŽçá`hçÑg ‹Ã]…}|æ48ݸ¢·†9zŸpg²=ÆìIŸ
Øsxk{ŒFÂG?Кm¹•é£+Ûîm1ÛclÛÙ7ȶÍpqÁ
áÉNBØKFœâ
k×5)^Ò£¬Û¼ÿm1æfjÓ?Z¼vâÎN\G}”ÛÓ!>rêì¿4R;ßNG¶0o_M—h5yÆÝEC9÷bï3½Ûöù˜MÎB˜|;]^°¡Éí`Û¾îžoíÖ>b6ï¢Ë\lÞX̽j’Dö÷Æ{ŸFuS´õù›¾|…WÚRÜ#.Ù¹Ù ™‚׿›ÔB‹*õ•ìbÓ–cFÊ×éÒ¡â¡y4•Ì©N¹:›œ„µ’óXVѱ݉r/ç8EE ë˜GÃI žy9.v_éYQL¶OE[`ÛÉѧ%9õë”3 rD¡nŸ aÖ.õ[ªÛ×25èÄì‹ÚŠêQƒÈõæ¬Ò¶CÞÒ²Sk¤66Y;ìƒHò7ð¸˜B67Ý{ûD…–¥à—t÷ÝP?[-˜Ð.¨Dw¯(SG˜1(oάu,À‹Ê^)ÿ endobj -618 0 obj +638 0 obj 1839 endobj -619 0 obj<</Type/Page/Parent 519 0 R/Contents 620 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 103 0 R>>endobj -620 0 obj<</Length 621 0 R/Filter/FlateDecode>>stream +639 0 obj<</Type/Page/Parent 539 0 R/Contents 640 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 103 0 R>>endobj +640 0 obj<</Length 641 0 R/Filter/FlateDecode>>stream x¥WMsÛ6½ûWìø¤ÌØ´(Ê”•KÇùpë™ÄueÒC. IHHB@Ûʯï[€ h%v;ÓIb‡Âî¾÷öíêûQJcüIi6¡,§¢>zµ8:»šRšÒb…'ùÅŒ%“ñxL‹bdª*j´£R®T#Ë
Ic´!½¢ãË¢ÖÒÙ(Y“²d¤k
^$§Ém$•’Kˆn´“¸#œ¿ýbñ']à‰²¤Q“†é4Í’ rm^Q‡ÄLGJ>È¢uÕ6¥4!šÆ ŽsóÁuÓÈ¿b¥9ñ…àRFU;d4jE¡[$É1Þ.Ž¸z¥ü¿¿¥é,É(ŸæÉ”jJó,9ï®*úȹé‡Ø-6ÒHÎSP¡ëm%k qâË)ãëêÝí"}yâ1Û‹ôõŸïq“®®ß½Å/é @A]îuk!±Êj²íÖ‡í¤YÈW*ß$W†´b€½Úqÿ‰¶r'¤›jw]7{Nù0]Ôè‹ã @@ -1241,321 +1272,325 @@ lâ€)ãvi{gùöY<WÔ” +(¾Ã¾Ñø”I‚Sè‰DïáïýFr©•^«BT¿*€S÷¨uç\5 VhY/~D8!* Ò¢¤¥¨DS âÒK'08—îÕdüæ ½¿Ì(ô7€xˆëÌ/눲íA
û,¥sÞŸ—$/¤ùO’œ$ô:âýçM ö¶£ö ….@<ÎC€({–žà……¼”;
À<¶Ð[É-æxÇî§/£Þ—"Ó‰{ðÎ;€Íï[½Eì=¢Û0ÎàTk^Õ÷"ÿò†qÝÝøuŠ‡Nv 'ß~À øú‡Únyh ƒ5¡‚CõT›0ž°R•´Xž$D„·¯o®¨»Å¢áo
ì=•¿I”lvKl¤€5Jj¨¾¡Íýfð¬åç¿ ûp¬…Íù~{T›ŒF¿;–‰%O’î™ß~¨;žêß[ ·-éNau(–B,·TËb#eklŠôËùºQ>þ‹[“G¤¶Áð endobj -621 0 obj +641 0 obj 1730 endobj -622 0 obj<</Type/Page/Parent 519 0 R/Contents 623 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj -623 0 obj<</Length 624 0 R/Filter/FlateDecode>>stream +642 0 obj<</Type/Page/Parent 539 0 R/Contents 643 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +643 0 obj<</Length 644 0 R/Filter/FlateDecode>>stream xW]s7}÷¯¸“'2
0œ—Žãĉ'qãÖtÒ‡}»/ÒFÒB˜Nÿ{Ï•´|¬=Ó™ÚÖê~œs
¨ïM†t1¦|}önvöavÖïM§tx±K|èÓÅàª7¤Ñt‚÷ƒ>¿·’|§°³Áóç·#h¶€ùñtB³"œ÷i–w”£B-•e¹#§–ZD%裮>Òv¥òåBÓ\Rípè
m¤U‹ù•ðT‰üI,%f«K# ¾›"÷u0éW’Œ–¯gßÏúÔ\ ÐYѱr!ųJÃŒ¤»ue•öˆEx1Nöˆî<â‹ç·ã‡´ññOMJ$ž›õZjöbò+\t2¯ò;ÊW2"Ž¿PNÌKYôØB@xŒ/€`Äqˆw
Šç·W4%̆Œï1jãÞEoÔ£‡®ƒ'¼2šnJ%u+@¤=dÌ;÷Æ•^»ŽO[¹¶PzyŠ:¶˜‹ÓP%'P‹8€þDíÝÍn§ûéë·Ù×^åÚÀ-T°•—5C·U~Q
ÎÔ6—
Å5NfÜ.E'$ß<úRÌ`EºëÖgí‚ h{oC€&OfAÌ Ð•JKz¶$—[UA1è<eÙôPì>Ž'é°‘ŸíA€‚gŸ!SAK+*(Y”ÇK»HB鞸®þ§ëîp ‰ìóbl^‚$ë@ðs Ùkª¬Ù¨8 ZK¡1?jiwÏtÑÔ0³(A6A‚á9*,(+_ñM é²O• 7!qZ›B–¤3#meYòïÆ9cÒT21)‰ rùm=§£ \¢Aâ endobj -624 0 obj +644 0 obj 1527 endobj -625 0 obj<</Type/Page/Parent 519 0 R/Contents 626 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 106 0 R>>endobj -626 0 obj<</Length 627 0 R/Filter/FlateDecode>>stream +645 0 obj<</Type/Page/Parent 539 0 R/Contents 646 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 106 0 R>>endobj +646 0 obj<</Length 647 0 R/Filter/FlateDecode>>stream xWMoÛ8½çWÌÞ –-ÙñGo ºéöÐEwc Z¢-¶’¨%é8ù÷û†mEIEP}‘œyïÍ›ñ¿W)Mñ/¥eF³åõÕÝæjr¿¦tN›=Þ,V¸(hšL§SÚä£E2OèzóýjôUŒpJ7ä4í®éAÔ;AY2MžùY–dÉ3:¹ŸSš†ýÆÙû>«'‰…¥pÔÕ8i¨0xf¨8ÈZ6ŽJa)/EsmG'I¥n%©º5úIÛkR
ñ)„[ÃûhCFVRXi?Pãã¦4NgøGûPECòYY§šYéŽm0åxC{]Uú„ØWTÔ WÚ„þF’ÀŸ+%µÚZµ«$Ù\6G[¬2t9õ#HÇ ãs¿ìéE©ÐÔhG…´ªÛª‘'zTM¡O–þÜP Ë™Œ{¼ñI ÚUYRŽè¤@Rat‹ìO¾dŽ–éì-öBè¼PTÕ0aÎâ) ÈÈêöÑopbHì&&]ƒ“:ÞIÛi]…De5Š¦ˆœ“Ù‰üÇIH,×5„¯vªRî…y à3bb5×#W#gÓÈg‡*þ~)ÆwÅv“AR(‹Ÿ‰m±èj¬$`"ÊY'>jI&‚¡ÌLgF¥¶v¡y@uð³½f)/³žÊTêàk!C/ïÖÈ\²É¡ÐÃyºÒH¨½L>o{á¥#è¨C£70ÕäÕ±ÀwCfýúX(^spUf6úªF£›ü¶Ù:é7¬±¾ï…ÝÏuÒ©å§e~ß/ÁühÛµnª²º:rSˆEyË:ÚPª‘D6ŠÛo\j‘aFOCyÙ3Ø ;>ó‚Ç~ìÔÀ×æFµ(Š!¨¡¼BŽç²@‰ç•B°áùŘÔÁ·¦Íßýç?€x”¾ ”xhÐMX+áß\qóô”R¾úû3úB2¥ù|Ž¨)]fɺ»«è;ð`…9psžÏo|É\šqé\ûq2áŽÈQ$ÂÏ%|I#Ý„Ï¿l寰\µé• ê–ý/dþJgQG=EÓõ,™ÑxáË÷6/ݱ9üö&URÅÿ4OSôÞùj‰ëtKt>Ÿç¥Á`üXÝ â/Ém +?òlï’w‡Uã°,ü¼øõ_ó%[¨/šÙMì_Wÿ ‚Ôendstream endobj -627 0 obj +647 0 obj 1405 endobj -628 0 obj<</Type/Page/Parent 519 0 R/Contents 629 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 113 0 R>>endobj -629 0 obj<</Length 630 0 R/Filter/FlateDecode>>stream -x•WMoÛF½ûWÒX”HÙ’¤ì8.\ÀrÍ¡êaE®LÆ$WÝ%-ëß÷Íî’’(ûPĈMr9oÞ¼þ{Ñÿ"šÆ4žPRž\ÏO†·—h¾Â“Éô‚æ)ÂÑw’àK&ÖµÔ4
ÉȤÑy½¥_)U¥È+ÂÏ£(—‚âðõãü§59CƒqÆ0LÃ(¤?T^åÕ‰Šfsºq¯oò:ëÄÎÀE‘7Oùõ»Š”NÁJiîø F0ú7kE?aÚÛuamUCecjZåÿ‹4¥:“4“õõÝÃ#U¢”¤VöžM€}h]È;ãüGìV•}çÛÍjçó踕xò1ºäLH4ÏrC‰–¢–†ì‹¥H²¼’$’D5U
-¤ÓÒ@+Uÿ⣉ڢšr¹ÆlRü$€HÍ¿ùC0÷¡6°h¯è»ˆ
;:‰°lØÆñ” EÀ§UUl©mGûœK¾¾Ùî”Æ@[zõØ󂦤TÔb)ŒDÝEÒë -®ñcš$¥USXòor h$7²$”Ö@3Þ‡«Cæ“UO™¶G¶„_ç',ÓV«)⿾ÿ~]¢éÆ,¾%ÅÑy8õW(žû– #<ˆàíäRŠ6bR—y% -Гu$„й°-$‡^õÔE».OÙ(í)„ÖÈÚV¥T¨`*k‘¦ÏÉy&ñÊ×ÜÔÜש|‘…Z—²™¨Ñ´Òßâb[I55‹¿N|Þ^zkÍs¡`U½Qc¦
-%˜#3P©Sröjk˜©µDQÁ %Øò‚IJd–‡¢–…1h©E•dèaËØ¢8Îú¾¡'…ƒu¦Uó”DÜÆjû³(AX -üP\ãú¨·TìÕ%Cë*®wµ|åUKõ"w°PW7/߯KÂÇ‘íéóü1{¡,yXa—LÕr]ˆå÷Ãu~sMàëeÍ¡97;aµïqÙÒ>6ØFµ¬MX§ËCHƒÐÝ‹ÇîaŽ¾í>†£Km*^n‰G“½ƒP+ü‰Ej{E…m¬×Øù°ÜÐö6×fÏrË*Ãá¦Ë `•âxà~·Mú½™Û˪«ÙšZ–§Ö£ßåе݂Äpsã–.“ ¨p¯°ì3 †ÖG49ƒì—4>Cðí…×{¬ôçv
Û‰üLmN½¾!Q0I[…å4‡ÛùÞÑ$ÓÜ®žÚa{4 - Þ·ß#¶Ä%¾4(>/€C4·ñ9õ¾mXFê‚OÌq[ëž ¶w \ñÖÞ´Zà"é»Ûû€²‰uÚù¸KÁŸ h[.ÊßO…ZŠâ6`·xÞ?‘<ÖÌB¦¬ïÜ/fÈÀ'þÿ¾åΦŒ$¾Ó`<ñüyò¬P<—endstream -endobj -630 0 obj -1557 -endobj -631 0 obj<</Type/Page/Parent 519 0 R/Contents 632 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 120 0 R>>endobj -632 0 obj<</Length 633 0 R/Filter/FlateDecode>>stream -xW]oÛF|ׯØê¥ja3"/ȃ?ê"@夵Š húp"OÒÅ$¹;ZÖ¿ïì)Q²‘…
H”ÈÝÙÙÙ¹Õ×^LCüÅ4MèbBiÑ»^ôÞÜ)Ži±Â7“Ù”
£ápH‹t`eZåvôŽ2]Uþ´øÒûeÑãü]ó»?~íMGQB“ñe4¡‚âÑ$š5W9=„,£C–É·uóÜËgGéF”kIn#©IÓƒ¨ã‹htõ‡YÓ›»¤É½HE[m×F×½ã4‡þÑBP®JIªô þ^çz)ò¬8¥ñ¡&#EöÖÃ=Ðxî3Ÿ' ]dƒN>ºý0çœoîÚCÚß',²(Køg -JQHÒ+ÿ>pO[IÂHú¢U©Êu´giœDSφÈWP'QÜ\5Üq{0‡Îþ¥k*jëHäVÓF<â+a×IÓï†CðiO‚Ká¨qƒì49É25»ÊQ%¬?™ý~'¬tLx öŠì¤m>jp»%¬´¡®
ÕV°ªùáó -gžmuàwãË®¢ïT)ò|wF"Ëèó -©ÕîóO$Zn»¡Àm2‹.›4¸{o/ÆÌüQÚo1ß`>…µg"6OàèÿÎÀw‡ °¶WwÛé}^žÌ/×·7qóš„þ¶ÍìŒÇb#mÐ?OGeT!ÌŽD™ÑR¤˜æfHR]:£óœ;þ Š¥ Úª<'áœ, 9´˜o©;ŸueÀ¹UˆWOÔó±È!u'香U`Ìbž&:¤Bìh+JØÆð0ò¹Â,¶Oœ -
^Ç&¯rÌw)œz’,Pµòà<0[,3.ña÷<Ð0el;¡Oî¡Â™ný‰àÙl Ç£`‹ï¤„cÀg{:@Wä @|<¿”ô6ˆàp,}CE?‡{_¢ÂË6:;£íF¡E[x¬bydu*3¦;($‰p Á<×ÛV6M-òR L»eO.$TÊøH¸“:á™–6¢×Ô¤'©ð´¡¥AŸRa…A1Q^ðéýýe‰¥ -C`¤½fZ‰:w8k5Ñ#€á°Ž[W•6/FWºë÷<÷‹ßæO±Ÿ€Îl1Õhfe¥»ýdXîÚÞªæòÙ‡ XÁ¾BÇlü~'OªôŽÒô§ðƒæÔÆ -1ŽõôŠ(È:YÙ -8VÖ[È:u§ñŸ@‰Ñƒ’éFUËöi>¿Áò5W©ÑV¯…ŒL4î*Î%ö±*¯alžÖÆÂf—p§×lÖìñdŠ%{šàGRç×ÒÃÕüúŠ>ý àZ˜Cd„ë’k8O‡ÇÿÑñFø51ÃO38ÝŔà -endobj -633 0 obj -1534 +648 0 obj<</Type/Page/Parent 539 0 R/Contents 649 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 113 0 R>>endobj +649 0 obj<</Length 650 0 R/Filter/FlateDecode>>stream +x•WÑnÛF|÷W,P` +
škÜuÊ~£ŸhFWqxªå‹¨6è¢HÔ³ÜÓB}WÜýàýN°õØ[Gø +Ù€¸ý1g ¬xxS$JÕrSŠíï.:Ëë+‚^—l¹ðœëý‚°ÏqÛ²cnpyÓ²1a“%‡”¡=:Àc§×ÉSl-w$ì:µ8Ù¯bû
Öø/ŠÌÎ4~õŽT¯©ÅD„tÛ°1ñ<ÉÝá6•ìRŒéýú믙¼R»šiduj3šÜDã‘$–´3¶A&páÁ rc9
v@|…¸>LfáŽ?=›ÂñݧÎñ¡ØÉÙËß«í):Á‡J!%m-–Kr"ö¾¤Vì—$³¢qàmu¯6Àø¦@ˆ+Ýê18{oì§6pÒà*ûûR9ZŽ˜¬Ázà
ß뙸ÀÍœæ3ì¿Š¢ùÔèi˜ŸÙÞÁ» endobj -634 0 obj<</Type/Page/Parent 519 0 R/Contents 635 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 129 0 R>>endobj -635 0 obj<</Length 636 0 R/Filter/FlateDecode>>stream -xW]oÛ6}ϯ¸oó -XšY7ÒÀpIÆ0¡ót–LÙ¶IX+²ßÄïãú&@NhÃn•RTì¡°¤vH>JÞ%pæ\]¸ýüó°Ñù:"oB:@Î@äj„Ë{íy3îFR%enÂ$»ÊÔä±» -z`y@é -›CY ÖG2ªT…€´3‹tune”:—Ž)ØÞ
K‹Å+KÃg쮧Iáx
½ÙS=F÷½0÷ýyGÎÆDÏŽxúY·ENµ0¬„F·û;ÆgϽ©^T¢ÅFeU&¬Òô÷•êÓˆÚ£ªrýŒ0Þm‚Æ(LjRÒ³8’0ƒ÷.¤›þÔå:Šäâ°%•ë1[,gÉ1K§3påŸú˜-–slcv_Ha$°î8}Ì‚*†7à¾Å$™E÷õÜ9Ù€»€ 6ç·ðŸÀb-›¡vpXUø-= P¬ã°µ¨ÌnQ lµ¯èÓÝÍ_Ô*$ˆ€=/¬vÁqXúØtüƒþk_lB àSˆjmòIŸ±8‘üâI@ÈÛåòIº.¹šlQe¤´® -ïQìå‹•UŽâøÛµ¶Å(*KdÝCìWè2<¿bRòÃ1q¿#Q×…BÛá6’Ë„P~BÄ+…¦ï;½¼œŠ"Ó³sb/\®¹nŠŽzª+jqè{¨y[‘}õU_`±a|âä
qrSæ°æÆ$™©_Y5âu¬QîÑbê¢ÅdY˜L¯¼P+eõ¤]qçEV‹¨s~9f¸GÎö}öâýrð1:î݇ͻ_ø†ÒÙ*Mnì]c”šOטšxP]S¥NÅu–â¯Óù -¿Ã¹ŠnYƒ^îd!¿†zrµnŽÀÐgo
Y·[ópÒˣ܂˜½ø[U~RŽFtžSéUµ/º)|;맱~’íRÀ5ÔÂÑá§}šÎü”8ã¡Î?°gƒG¸}‰Qü´7x,iÍÓõioðˆIÃKùk¡ÇÖMŠœŽÇÄkÍBp)xwóp¤tòtQì/èsÕ«sÃîšæ€{ñ©¶ó±ëèt¹Â8¼šâûuð!ûpuûæŠîýýƒ¡Œ›0Øê¹?uîýŸÏÞùj`lt4[qýyö–®Âmendstream +650 0 obj +1500 endobj -636 0 obj -1671 +651 0 obj<</Type/Page/Parent 539 0 R/Contents 652 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 120 0 R>>endobj +652 0 obj<</Length 653 0 R/Filter/FlateDecode>>stream +xW]oÛF|÷¯Øú%jaÓ"eKr€ ðG]¨´VuNäIbBò˜»£eýûÎÞiŠ6š¢HàYÜ]};ˆiŒ1ÍšL)-.¿,Æѯ󗘿üñëÁì4Jh:ŸFc*)>Fóð[A÷üÐÉÍ)Å1-V7Ïh‘¹çÇ´HGwòÉRºÕZ’ÝHúqñ…“ô£ æÙ$:Ý9@¡×tr“„,Ï~"Ú*ýuUSÓ;NòÀýä´0GT䕤¼rþZj)Š¿ÉÈÔæ +/*ÒRdoØ“›³öØå=N¦ÀºÈF½|týá–sö‰èÞ'²ä†ðŸ ¨D)IÜÏ™*@l% -é‹Ê«¼ZGGgI4£é˜ù.)‰“(¿ÞÁöx†?öùþS5T6Æ’(Œ¢xô´×B#¯•º
Þ‡à³8:ß—Á^â€l˜œd•ê]m©Æ€ŸÌ|¿FZ&ÜÓÍ9vÒ„—ž{¦%¬”¦j45Fj°ªøácê8ž@¬hhÀveóTXP ßwúx}ñÛYƒñüžMgx +Qáe•Ñv“£E[xlÎòÈšTfL·WH£é, +µmej‘O +H`Ú
{r)yMå¦ÄKÂê„sdJšˆ\SHO2ÇÓš–}J…±ºc¢¼àóû»{Ê„KæZ0´Ê¡îWdí¬§Ð»ÐÆ»ÂØa×;CÒÒX¡wF_&$´4È·FCXk;gŸ”9Ü‘ÍY^c°{ZTØ„Îíî¦Áß4™Lp +bŒV~ûŸã(ðÛ?9?ø%̵1Fñ¥s+’1N/4·#ö7'oöѨvTKUÒï1a¾¢¹Z®…Ϋëœe{‡h]ÁoPê2/ +ÝÀü/¥ÝJ鯔4×iS¢ÅU +}±DAÅ·&ǃ‚]–CœËL¾,˜ !÷»øÙþ6 +Δ +ÎBf›Ûtœ¨öÐõÁ"¢‹×¢¿P/£Wæ©’2ã\µt¿œ$ì.éåS°Çn +}`¤½dZ‰¦°ØµÏ5Ñ=€~ Ë«À4uô‹Ñ•öòý‡{ÇÆÝâ·ÛÇØM@o¶˜j4³€²Ò]7†{¶·ª9r!Vp +_¡à1wßÉA•ÎQBJ7hN@m,c_O¯ˆ‚Œ•µñp3§yÑ9[B®,ÏÀNè Ÿ’œòÖÍ'‹²düÒuº’̶'©ï±|JeíNetÝIÑe<¼÷·&W¬¥>¤•V¥ãl 3Q˺lÒËÝ€2Æ|x'ë5dZ…mü (1zP2]©²n°±Ì!ÝÞ^áøºÍSŒZYò™h¼«2ª¸Çꢱ9Zƒ…ñí’|ÇÂpòyÿ|ñÍ¢IDŸ7;À£`L%Ò¨»‚x£¤wÁ~æª^q³«FkÀãÅúÔ= +I»Æ†©ÞXÐ&¥Û¤Ž?6?gw8p`à0³BaÓ§*ê.`æ€ +endobj +653 0 obj +1709 +endobj +654 0 obj<</Type/Page/Parent 539 0 R/Contents 655 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>>>/Annots 129 0 R>>endobj +655 0 obj<</Length 656 0 R/Filter/FlateDecode>>stream +x}WMsÛ6½ûWìQ‘i}KîLNœt<Ó8n¬Œ{è"! 0iÙýõ}@$D7eÁ°oß¾ýà‹)Mð3¥õŒæ+JË‹wÛ‹Û‹I2ÁÿùcÊ_~¿˜M–É56«dB%Í«dV=ò©«šNi»Ç}«Íš¶™»`BÛtô,ëW²ªT…¨©1Ôä’L‘ÉšE¹deÚÖªy¥Òd’~Ù~c±
X\.Ï,Æk<ÝÌ’é9žõN.œcëÿ†¯5 ²ýþ´û†Ó£1Ñ1—µ˜¦-2ª„µp§6í!g·øì¥7t9ñ6‰t£RÑ(£©–?ZiæAГҙ9Z¢ûm°NJ;~¬(%Å+ í»^’©»S×›2u¶äDäfÊ‘›3š’¦³93åV!rˆ×|á ö{(¤°X÷RˆXˆK|î[N’ùà¾sñ€»€`hÎïà?Å꧴Ó+ÏÒó +¡˜WÛÈÒqØ6†Ÿ¤¢(^ lYuÐôõþî/jUî`àÀ_ã‚ã°tLøý·¸Ü·A8…¨V6!ÚæÊRÊÒÄ_ñ, ã]…¦L>ËÂT%ÂK»Zè4—–Œ +ÚñŽg™±#µôœw÷XctNÎVÉ‚µ´Å"{ºÉ§2‡ú²` ½”³ÉèaÿìËh I=€ÌÎDa}yxOi.´†e\*_DÚÀsÞىס:’·Ï›ÌjÏ,•RhëÓj`Õ'¤%mŽI(«J4žz®¦n‘KàΉÃ檲æ¿ÑtIfá"ý=R‰LÆôjZJQdÙÀü©:qUàkÁ7´WKkÚ:•F§°\<#çq²Bñm_›2>|:ýpû>Hs҄Ѥ©i!++¶¡îdÅEe95¹Kø«ËP‡G]Y+[_§GÑ 0{/)²NŸ^®RŽÚŸ¿KYzjêÔÕ0SIT)WÈ”EQúpªiœÃ¸«0øßÉÚö +a$™Ï1øÕœ…ŽËÈà‰sÎ.@ù¤ÒÚX³oÖ» +÷ +¹92cÙq9 +âø¼qD¯Þ!ø®\Ä1CH`p-àG´zq™;/¡:fÍT``º÷@›¼u 8©86¬¼~C'k;ÔÙ
*è^i®¯°à,BÔåyÉ%ÀÅ÷,ÑcÌ|„½p6}ºûÊ`]ZsPÞ‚|æTÀŠ°Ý81é –”t¥›Tƽvê¶qç°mšs‡è7?ÞÝú…*böú §ƒký‰ê½>pZŒI6iB7(ãxŒ€Å¦\uc¨[+¼G±—/ÔŠgàoß6-&ŠPYÖÝ0Ä~….Ã5sR
ÿPf¹ß‘¨ªB¡ípÉdB( +¯qmrØH_µz íÔw:y9
L{ÌnëA"¸\s݃žêŠCŒ}5o'Òï¾êñÆ'NÞ';°…[fc*ÅwV85Ê=|¯ŠO ˪À€Ädzå…Z)õ³ªæ΋¬
¢Îùå˜á6>0ÜõÙ««n„½<uÜûÏÛ¿ò Œ¤óõ4YÒ|Ê͸¤Ål“¬ÂêÍ<Ÿ&<[»¶ÝÏUô‰5èåN
äà¿C=™I[7G`è³È·‚¬Ú„™÷zy’;sÿ(íçä~Nuƒ:Ï©ô‡ÒíË“©ßκi¬›dO)àjáèð3?Í'~JœóPçìY´„ÛטûgѲ¤
ûÛ?‹–˜AF|)ÞÞ¢ŸàôpL¼5,—‚÷wWHʾʾuÎU¯àÎìz<À˜Ð¿Hµ½WÙ„@OWkŒÃë^S¢÷•Ç›Oïnè¡6ßÐï0úȸ ƒ•péO]úc£u2K‚JY“§‘r6Á›Ó›RœÔë$Á†FóMÔŸÿ8û|endstream +endobj +656 0 obj +1490 +endobj +657 0 obj<</Type/Page/Parent 539 0 R/Contents 658 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 138 0 R>>endobj +658 0 obj<</Length 659 0 R/Filter/FlateDecode>>stream +xXMsÓH½çWtqY§*Vüm‡[>ÈB-„@̲‡Tm¥±= iÄHŠ×ÿ~_÷H²¬À!+ÒôÇëׯ{øq2¤þ
i>¢ñŒÂääjyr~{A£-×x3›/hÑ ð—°w½UY¡-zkwTXº¶éÚlJ§éA%+E£`D*'uºüv2 þh‚ó½{gåötceR>S8ÇÚñWìoˆÏØ_<ÄyœXÀîvúGirShú¬UdÒ?1¡á°:1šó÷WzmÃޖºIKMΟ x,¶&§ÐFY¬U®)Qß5å:Þ«B+<…6±BbM;SlÙ¢ä÷´R¹ «ä†cìÚÄ:§\»'âüåÉ*àS¤Òˆ¶)ŠEþ‹Š“šœ‘ÌTžï¬‹ˆtº}V›²A3 Znu›ÅβÓ7Ë®…„†üëóŸ'Ãá Ót¶&”Ðp1 +.ª§˜¸¢<^àe»’…ÍLˆ:I¾OÀ9ò8i’䎸
ß‚'‚y¯Nî±7}<¢Í^'Á´CcQ‹uë»1¢Bi¦6ZP,¶>4@Ð6g“Ù³„g‚œÕñu]¼9€^Ñã8ý:ØÙµgÑÛ_—AaÐ7äb‡ºÐtºf4Ỹa +èJ…ß7ΖiÄöÎo§Úh˾§ø-ôk©Îùí¬®ÅeYlû#'yëÖ°ö@Ð>²a™è´ üVLî•I•ÐŒsºQO&‚÷4µ)̼:tñý͵`Aýšç’ú+©FõÝݲîéÛËO¯@×+‹~©=zzåe¦]®#0lµ÷ÚTl}Én&Ôìý¯€gÎQù(2g¬c‘qÚw,‹ËVEà…Û ‰˜B•©•‰Ma¸G,©°õ¡¯&ì°,i‚BP'ƒ=ööã)2ùÊß Îh"¢¢ª‰3`V¦¡FÀk„ƒT3(A>:ôóbëŽãÈËal7œöÚÙ¤sJ ®S(£ßÃØ –¹(Ô&„NÙ²ˆMÊ M ,YN©†å,»§ã¹h>GÖlBî0üN¨r8\·ê É„ê;‹ ?Â‚Ç +VWÉ$VfÂqTBÇŽfÜ“ÁD$j<BüS#Q“Á´#Qk€Ë<U¨ïžãZ‹DK,©e”ãØî@«C΢e’ò3!èÑ—»wÿüûîîayùþ}°-’øøæã2'xLð׬Aó1Tg|Áó*¡Éx«§&£ñóµ-ºONæ`ãTÏÎ?ƒžÄ{ZùI–…ZóÄCæ—Hw‹3k#4C3 ̵FÛ! é*ãÃã€ÚÏx;A§oyF<CªÎ°›Ä‘ü³Dc†m<µ
ˆU›XŽ,Á
_<fÊQ™)ßÚ2Ž„iœ œ¿fÄÛBÑi›g½v~Ü(|üü6¬³?.Øe¢Þ#HYÉi˜ü®‰2‹UÈñ©¦)/þ«Ú#+AŠõ“FÛë°tàheí宜.œÑOÞ[ŒÅ€5 )±.ð\@C‹@¨ªùÐ[¬AØÎï–G™ÿ~4V"yì9«°§lO}² ¤ßt~ÑZɼ({I¤|¹J(³14öãýF'Æc5@Ži•Ö?ò˜`,á¬&
ã’‡RÕFLójÎ<c\;pL7YbWæÅ‹Â=b×Ãå¸Ë´ŸÅ²h¶ý@/ŸË9(è +Êù5F i«?¶µæ2ƨú€séãŽ"UÅõ‘ŸñØ4Â5àV%*ÜbY"iaìŒ!Ö8´2§ûÍâbâUkò²Bð +˜#ØÚåy4=¤,2ø‰
ýD‘.”‰qE,Ã-sZfG-§g] <#]„A€¹;6Œ;ãpa9V¯f&Þs +endobj +659 0 obj +1781 +endobj +660 0 obj<</Type/Page/Parent 539 0 R/Contents 661 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 183 0 R>>endobj +661 0 obj<</Length 662 0 R/Filter/FlateDecode>>stream +x•XMsÚH½ûWôek‰kI 6•Úr’u’Ã:ÙØ·8‡A D_
&Þ_¿¯{HÄ@bW µ43ýúuOw¾]øäáߧ8 QDI~ñòîâï»o0™Ðþb–<Šñ„ÂIŒÛ0Ž!Mž—XfwÁðáuH¾Ow¬Mbº›Ë{î’^®›–…žSYd43©^àw¥<»ûâôcTº +8 °ãd<™v©ÔRóÔ}xÊ4÷àƒëÒÀÈâA©.ýÇ4©M3ÊÒâ+˜Ø¤v%ƒTb×*Ûù“æºNLZqdK{Ôx Þ2×Uþ®ò*ÓÂæð;OöHok'ÝGd€Ez˜Oˆ·?Ý`æ;·Œ–Oˬœ©ì³K}Ÿ¹rÂßsz©ê4¡Zø?–—¬y$6{ÀKc?Ä5'ìî°¶”îöõÖeÍ„1&tbOÛYZ"Þøb7qÇ8½h,üÞ‡÷oÞw`x#ÀÎ)樋pó'$8<^(ïóoÕ¥)×ÕÏ‚¹¹úxóîŠGï–î>¬t×™Mõª\gsöM³‰hî²ïÿ¬L¹Bú0Hoå¼·a]#£1;ᨑb[¦9Ðœé-Ùã‰ÈÏQØQyâ^ß›röéŒÎˆ-oû·2z¡
§gÚqZu'¶Âp*Nl¯gt]ðî}Ù°û«ŠGlmÔ¡g‡¨PRÕöäYsŸŒ•Z'¨Cöq·éè¾—¯Q[Ö +<lÞ¾ùþYÇg^$>sa"ÂôçÛ6þíúDZ3~û$x¤DóXYx¼Ruý4GâºÂòmÍ¥Ü%)NMmð£8”ºå#¯„ä¤ÓèG1W¸6úFý^ùq3šˆ{ÒŠz]U¥±Ûš•Ë²èÄç(ô÷ñé„3PÑvprý!>÷k?½)OÁÜHIFÑ®-—b‰Ê”‹4Óõ_j±‡9} ?Šh$¸¨Ý.Ip‚W»:Né=þ~»¹¿ßb€´æÑOrìÀsà¿×´*sMsÄHsÐb /ºAMêL¨>,T3îDÖÇœ²³ƒˆûAlfnpÚì ŠÊ™=7éÉõV*ì¶.c.¯
ÙN8£uìªþ>6œVæã4Ù<ÂUè“TוNÒ¥¥.´AYw +\ûávc–‰$Êшt{»‚ŸÄUFgèkÑá\^¾~{y)Á}#7‹Ÿ +meåϨvØõ~ÇŠÏíZ“Xΰâžô…}œ0Hò99ˆ¼çÎZŠíM¥@S×êò[ìÍjäG®R„œµœpÚ ?îVŠÓ{i¸®ÍPŠÉ°æ³È0KgÃ-¿h¨™Xé|ÎàOˆÅYŬŽ³zPŸý›¾&ÆpFi89H(Ô8¹v»ú':¿ÂªyžJW¬ÛzîOÜÊI‘ÛàNZ÷áýi›ª¤ÞƪÆPNPâZÎXç¢3ÎÅõeˆ&~XØCÛ©Ó‘£—{Z¹?ʳ]\~£EÙVˆ)½<gJ¹?p2:h伋D¬ê¯ÇƒÈ‹<¯!Ëû”XîO+EK{PBwµâŒÞØéÝŸ“úÒ$óq‹û>¿s"}J‚öÇrAU™VŽê8¯púg2w,V3sù(
›#ÜðzÒÐ|”_$Ø‘Ðp{õÏË+ú`Ê/¨nø®¬¹’‰ÌHß
ïÇçˆÞ¯~’Ñ:áëO
·ÿ{ñ?DŠ†mendstream +endobj +662 0 obj +1576 +endobj +663 0 obj<</Type/Page/Parent 539 0 R/Contents 664 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 190 0 R>>endobj +664 0 obj<</Length 665 0 R/Filter/FlateDecode>>stream +xWÛnÛF}÷WÜ•‹º[vßd§nSÄIš¨(Šº(VäÊbBî*Ü¥eõë{f/4©(iŠ$ˆx›Ë™3gf?Œhˆ?#širAiyr½<ÜNi4¢åšo]\Îi™Ñ0‡´L{?¨´ÚoÌh+ŒÙé*3TÖÆÒJ’TbUÈ,!ºÕ•º’”I+òÂV´Ñ;"«)Ód7¹9§J®e…;gË'?,OØ…óC#þõîÇ“ÉE2¤‹ù8¹¤’FãËḫ‚Þs _T.àùïwB~}óî÷·Ë—o^'[ìîùK÷_öâƒÛ4äÞŸÃÌh’Œa«w?¾˜‡ç~Ü_$S~¾ÜH2²zD>So·º²Èµ¹¢B?heH¨ŒD0ÐÄ=úCIë^øÓôÈl <*ñå˜ḃ1¡@a†Ja,¢]Uz‡À A¢”ø±Få~ËU†ÛDi‘Ke¹h…N…õBžù8(©=¾¸AéßRÙ×ù|U®k|--(ó‘®Ùm®MZ—ð!lŠä*-êÜÚåvãXBYnl•¯j÷Á¸ü:Z¼Xœ#ÅëƒLcêϘZ€raè½(W‚Ƹ›iiHiKzÍü”êr[HdŸóÿÏÑê5=TºÞR)¶[Nf…ì¤T
~¯—þWy,ŸŽg õìrâ”4]6W‘Ôx8r¬znº_UþMÝ÷¸{+)ŠbOŸê±¹ s.RÆõ’OÛ‚™‡¿<b.šHåýÙ9íuÍ·ê"ëVÉAÛmBnO˜>Ú…fsÀTÒd˜LÂÇÞº,i6K®ZϸYqÉ ·;Sd%t v7]I¦\%©VkÈM%JTÁS4WàBéYƒ:¤ÀÂr N_øŽ[°esJÆîI"Mu¬IÚYÌæ@yz9GFcüC§½ú]ÑM½†.ÎÆhN;âËdšÐMôv'ÒM®$-+VÀEðâúüg+èƵášp÷ùð8Œg•BGXd{0É´Î`›k-Aã-»–ï×Æ×[Ô°®¬# +=æYìKìpà3FÚÁó"ÚXºzj`Cíàå'©RyŽ¢DwÍKÌ4XX
aUR)Ë•<ÔbWÐÇJ¦¹PÎ30èéVÃÙ~¡êðŒÜìsbƒÚ+}PúüA¶Á!4"Vø€t‹&Ÿ·/n XKI4ZSÒP,™\Â;ùÀ#h€¡ açœ×Fäü œ·ïì@4QYT©®ÁLÌÃïݨÇÎÕ¬Ña ¹>‹!:ºÉÌ +endobj +665 0 obj +1878 +endobj +666 0 obj<</Type/Page/Parent 539 0 R/Contents 667 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 195 0 R>>endobj +667 0 obj<</Length 668 0 R/Filter/FlateDecode>>stream +xWkoÛ6ýž_q—vˆÄ²å·Óm@Ó.[‡¥Ýð-Ñ6[‰tE)Ž÷ëw.)Ê$0±-‘¼ÏsϽü|S1{ÔQ’Ÿ\ÎN¾Ÿt£É„vÅ]šö£
&cüìóÏBÒ[»4Âc¯^‰{xáV +‹ß|@Nçj@qL³ÔŽ&cš¥n½K³¤5[Iz1ûxÒ¹‚InO«#ˤ³ÖnR¿N·Hê²ØÒFeeÊ–Tât.’•Ò’´È%a\‘ Óç§$Ök©S™žÓÆè³’VâNbÉI6¿f9ü–Õt©³G³´%HWX±+‰O¡SÒ†he >U…LJSl#º2É{‘¯3ºoDJg©Y¯·gÐ[eiWz¹§î?ýÍÔ' W•½2¦Ì˜Ú½a4`‹¾ç÷Ãîÿq½±Gnc«¶îo’O¦1‹N*ï:ìòEg®tg!2[o ‘o³®‘Ϋ¹¹“çuÒz!i«ç[”MsDJo)•6)ÔºTH‡KÚ¡äL&™B‚ÏIE2:§KaeŽç×&_W¥,"ouиÀFwãÚN¯˜[“áx¶¥¼b`«z'ËË·ïo¼~³ØSO¥áM
0•òoOM.”Žˆfx +ÅéB
jؤ^ÙZëu„ˆ&f¶ùðƒã¥a<Må4áË?dt÷ã$·ßÓ°!¦aÌö©ÉæsÏB·ÉíçlÃjNÖµâ&Ï™-8uvÅήd!›š
Ødª0¦|V×Q°£Õ(¥¶ v^/÷”Ù¨ïA`ÃzŸ,Ð'[.×HS]Ggö <jÔxû†êBÑrö6‰C®–RË‚¡t„‹Earƒß¼÷ûidÖu"FQðžxxÿ„ºôY„JóJ*Ïeª`C¶} +)‚S¶B}¤,²ð‡©üÀŒ{¤z# +tš¯\½zV£~<ù©kÊÀwð€©ß6Àݺ:WSŠÁÿ<bõÆCשwCDD½ˆNßë6ÂԾʶ§ôšSÎÖÂ…ëz„šq›¡W¾±¸íêù…G77±Yô*¤û¶ÅIçÆ…ºãQëömÄö +ÄŽ}ýŒår‰aýY‚*_~!§ n`ð§H4|q×´öZð¥dD#ô{Ã-Áƒ>ÈôGÐ0Ó?+]Ý“ÝbÞÊ +endobj +668 0 obj +1656 +endobj +669 0 obj<</Type/Page/Parent 539 0 R/Contents 670 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +670 0 obj<</Length 671 0 R/Filter/FlateDecode>>stream +x¥WÛnÛF}÷WL +aç|ƾ¯¨?%CŽ§Ü¨’LÀ£æÉäz³#oÑCBtKô Š¥"•(E(½*Í“>¸XôL¢“RͱڵØߨÐqë+éÙi `̵>:€_œSQ…’–šPoíÚ‘ƒä¶šCÀs;“ç´R&'³â¬‘¤±Êï‰!ìømAÆk„o‘™p¤G+7¸ÛWåÇ@Aé +•nŒÕTz®TƒZ" ßk +k@ãÏd{Ò_Á¿®[ˆ4:ü0 ÿ¸ +gÃ2 +b¬ÑQ +m«Hã†&\ÃF…u÷±ªÐ´¬J(›,+$ÝèôQê¹t_ét* AdS½‚&è¶ÖYÝî¤%§D3ŽDNU€ÍÆi˧ ÈUþv–xú9NÖýG:bþèfú ‚øŸ1l¥SCHCîxÿ»6xõÌèHEV;•£³(©¥C[d54äq@Ô4Ƚ«b[Õv›ïŸæQ_íø:ˆ‡§CÝæu¶8èßÏO0.i4&×4¾™àó¿<ðºÓutuƒas<__'̦ô£wË\Ü2zï½óÒ¶/ï†Öxe™¡Æ¦y•aÐÙ«3ü‡
K¸õ´üqÞÒYÛŽ˜^ôÊý‚Þ0¢¶
õ;ý´Ó«8®8ácÐj»Õ6ÓYB÷^ëwwl¹ÎEq(¸'ÜÆ$؇8ý†(vΞ•u;@î2µe{8 +•AÜh˜ìâÚ¯°0äû„\T7™VŒ†Mrå8CvVÃúº™SOf»‹H7ËU¬38m…£2ÌܸžÁZBú9µÛ¸¼]g‹-í²Þ¬Ü<"%I7ðÒÆ×8.…ð¬ùRiú›7£ÙýTÇÚ°³ìŒÖ2¬1¹Oÿfrl¯,”:k/G[d‚/´Nh÷té-kWTù…d‚Æ/
^å¢6MDÐ-æW¹IQ^#eÆòÄb€0YÙÅŽu,3„/>K&ŽÑZíßÒN30^Z#GoÐdñŸ6ÂìÐ ‹¥‚Ó£ë%§´Â)™tlÊ sÞ¬²Ž*¶P]ôt²N`ÒÊ(Ãn©¡ö®(lʺèåÙÇé+\?Úý>ÞMë¥låòÜí ýIÊËCÇ«×7\4²ºdD"‡·fÑbÊôíbñiöáÃ|±ø5òü@}¶'Ôû™.;;ZËÀ}å¡ïÀËr½± ºX‚·èEJÔºö®Úžiìß,~SàÎ$í +_ˆÌëdÌŠ`›W™Eo©22™VÀ’oÊŠÀ@åP5PˈXf $„è• ®ÐØ +endobj +671 0 obj +1534 endobj -637 0 obj<</Type/Page/Parent 519 0 R/Contents 638 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 138 0 R>>endobj -638 0 obj<</Length 639 0 R/Filter/FlateDecode>>stream -xWÛnÛF}÷WÌ[e ¦Dêž7_¢&hã8±ÒôA@±"Wâ6$—Y’Võ÷=³Ë•(Ù)ÒÀ€MšÜ¹œ9sføí"¤~BšF4œPœ_Ü,/ú‹9EZnðd2Ñ2¡A0à?qï6e-
Íz«wTkºÕÅFm#éQäkAQ‘¨H\.ÿ¾ÐU4ÂùÞƒQ¹0{ºÓ¹PŸ©Î2iø-öâ5öw5q'fAЃ‘F~kT¥jIŸ¤HT±u'F†í‰hÊïßÈF{ÝPëªh$w‚à±NUE±þ•™•¤\|•Tqèx.j{Xà.Ö9ŒÕbIÚ©:e‹6G¸§µ¨TÜ&]°•ÉŠ*ižTŒø«òuÀ§H ¥)YX‹ü‘äªP#YŠªÚi“É"6û²Vº`Í€h™Ê -6ëf§o–\[ -ùêÓ¯a8†4žÌ‚å΢`ÞÞeôÈàvŽ‡ÝJÖºT1êdó}ΉÃI’MîÔ‰ÙRžXÌ{>¹Uo¼ºl£Š&G¯9
ÃQ0>‹á`Ñ&`-ú*úÏcD…ŠRl¥E±N]h€ kÎF“g œYŒàÌÇwîâÍô–§éû`{¤7ŽEo?|Y~ -e¯¬Š¨êÌ·0µŠáX7u¦ -†5…$•2V±`sô]õsuq(X~giu<0Rñxªö•á³gÎœ³V²øù«šÌåÁ:m -P•ê&K,³8TÉ*ÞÕx‘lU䬑NÚû¨o{åÐH·zz5…6cÓIz«h2mÅÖË)?;ha™‰˜#‡6ÿÓ6‡Ö€á”É' %qc@àÖÚÿwedm”|rÞ2¬
¬ì --橦µ’!Z™âîA'vbëß/O2ÿùh´dÕ3Z`‹ÙBgl² Ûƒ~Q¯ed;Y¬ö¤œJAV!R?`ÜOÎ0šb ¹Šx-BA½y[þG·«Ñ¦.Etë„’ŸlX–áØ°ðÄíæf{8Ç%ôßnWý…'HDÑð´ýœ^‚§AÈmo·Y^µXWŸ)íRÉÌáBŸD9Žb~Œî"pÒÅ„ËÑ!&„;àU¤«a§U*yfÒ‰ÊÚ±ÆÚªŠ8kxd·’ÁŠØŽaÛsÝÁíƒåÊùAV›¦ª¨^½“öz¼~w%ªî6;ƒ»~P‘g_ÏoÈ -Ÿ±µw¡ÿ<<ט‹,>¼ÐyT,±ŸaâùMšµ4ÚIñyé;Å£G›ýË9O¹§¢£â>¸å¬‘ÈR>¢ƒ"º=iZàÃKæˆÅ’Ox¾pGàƒâí§3Äa·V·«Ø•±S:0Ú¸™‰ÉËXcY€ýúÕ å¥=ËŽbÞ=j‰œ¨Í±)[1½_ŽÎ¸r:[˜X)J°–h[¿øÁLë»móJçü©r·ñò7q;©Þu—ž.ccLIû)2» 0ìè¶!ê!½‰ÛÕ,$ýŬ_°> 6лÿT?nÇ/}ž¦ü½b©0œ·Úóñâ_g¿endstream -endobj -639 0 obj -1735 -endobj -640 0 obj<</Type/Page/Parent 519 0 R/Contents 641 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 179 0 R>>endobj -641 0 obj<</Length 642 0 R/Filter/FlateDecode>>stream -x•XÛrÓH}ÏWôËÖ†±u³e/Em²,qÕ>ÆòØH!É1þû=Ý#Y²ñBa{,Ít÷9§/ò÷—üs)ôÈR”^¼š\ü3¹pz£µ/Ň</Á(ä×Á¸çQ¡iÎ;pÇl_p{ÿ. ץɜŽBšÌä‡&Ñåk“ÍãŪˆ³UKM**úxûšžM¾^\cn›]º=Ycyíú°†¯^ZU¼-UÑ2Î4UŪ¬HE‘YeUI*›ÑWg|K”Äš¿£Êˆ•™IUœíšð¬‰ko@×Þ°°ÉR#.…ÿΔƙ)h¦+'%•«hIª¤U‰Kyaæq¢ËçTnÊJ§”›$ŽbþBWQ¯×#zkÖúIÏÙ…Ò›™Š2é²TEœl8f§
±ÌuÏãˆÝVh`3mã¨8XèDUzÆ·þg3³.é~‚³«µ)¾ &‹t^•pamh' MõžÉ8Å&ÃA&K64-b=Ç;ãÐã[E
],XþY
ûý»1¹€nÚ¡E±%{Ôó{t˜ñ[Ë.V…I]°±V9 -³ÊÕ™û›O÷ïnøîíÑמ‹(íëÌ5ZšU2cn˜Îžº¢s†'&÷©B(PÀP m5A‚XW¦,¥á -endobj -642 0 obj -1633 -endobj -643 0 obj<</Type/Page/Parent 519 0 R/Contents 644 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 190 0 R>>endobj -644 0 obj<</Length 645 0 R/Filter/FlateDecode>>stream -xXÛrÛÈ}×WtySeºJ¼€âM©Êƒ$[Yme$¥RC`HÂÜ@4óõ9Ý3^Bm^R¶%‚ÀôåôéÓ
ÿv‘Ð -uèF×òÀ?ýè CnÍ¥:ؘuÞŠ)Æ|ÊÁ%
!Ä5¢]Øj‹À¹Þ(>,Q§¿æ&Ã×Di‘kSs‰Š*e곧B>Ú€ºÑãÇ;úk¡•Óm)åÈ«²yÕÀ࣮Aºe·¹Y!š´)áC¨…(Ò¢ÉÀ¤m^¯…”家ù¢aêqp'.›Î/ôP]iHÝ1+ ¼qô¤Ê…¢!¾Í*íÈT5ZƒÙÈR¢S}ο÷Ñ¢uV]„®Ül8™²ÓÚPàãÜ?!¥çÈ! -£+æÔ8™Û%&Üšþ*²—Ð ÝùËãÃߢ¡ç· -á/Ĩ(vô[“#4‰1çeÒÈß7ëªÀ#æ¢Û¨T?¸¤]ÕðWM‘WI eå<’ÄŽ'Lˆ·h<¶’®º\pè—%ǽëƒ{,¶¸ÜûÎTY‰ -$ãk¼2üþ*Çxý8]’v -endobj -645 0 obj -1960 -endobj -646 0 obj<</Type/Page/Parent 519 0 R/Contents 647 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 195 0 R>>endobj -647 0 obj<</Length 648 0 R/Filter/FlateDecode>>stream -xWýoÛ6ý=Å-˨eËß 0MÛ¬úµ&Å6 ÀÀHt¬V"]RŠëýõ{ÇÙVÛµŠ‘(Þß½{wüx”ÒÿRšh<£¬:º¸>zz}4LÚý˜;<i4œ'3š,æø;áÇHZâÛ!͆³dñÙ -laÚ\bsJ×Kø-æt»õ!]g=£uý#=¸~4¸œ„¯zkaí&§~Fq¡ÙªPòo%*ÙÙsÂÏCêfÉz×+vG罬³·ÝÙLRÕfK›¢,©,lM5vgÄÎkõŠX¯¥Êeþ6ZÖ´÷Þ.^²
ÿ.D”Ž“G¤¬Ø•Ä¯P9)M´Ò0Ffµ6Û„.µ!ùITë’MÆ -Ÿ³å,ìUW×>T»âC®¤‘måE‘lEì‹êHWêêW_–Ï8»'vüý;{.ÏH|Hâ©¥}š'ÁRÄ*Ì’1ªzáä7](—ݬ,À‰CúSQU2/ÀrûYÚˆ!m“t†¾zÑôpYÛu´´ÅÚÒ~‡y)TÝzŽ2?vÊzȬȪ’õJçñÐ$?6Ž(9v´#û¡¡ÃªŠê¡|ýQ¨\o€×5½yò8PÔ¡q|%ͽ4„Å4Ç`ô¥Ñ•[«tÔãfUd+÷&òŸ)ïK•át¤SQnkÜGò÷H*µ×‚²•PwÒ¿Žeõh«´‰¸oJ%¸EO‚?HmfÙäÒtü²Fe»‡T€ð‘9¾‘r -Ùa=rŠÙ©j$ÍeÈRÝJcÇkçH®ýZÆ•tÑ R˜;(¼3¯–ÀˆãP¥JÔR„CÙ {¤,²ð—n|u·FÉüGq¯)4cR -T\L#AVFxô$mç%(ËàòŒR&<¾.v:‚çd”ÐcÎ+CªìPù,s´@nYn†ñ¹²y°rc…ü+5+M¥!ÜPd<µÐFl8üW‡º§k–’’mø>Á|QcÇÓ)Mæ@¢¢ñ|œÌÃS”Y<.°¸_¦Žµ|¸@X å›åqCz\ž9N_¡²„D¶Q¤
ð =?D¸â9›Ä³ÿ\Ñ$eeñ±Çh[IMü Dž{vù Äñ´Ý»Aƒ¢ñyòà/úl«7.d‰FŒ££Êâ¸dIôVæÏ€;ÏI/ -Õ|"»Eÿœ°»S['ú™5ËC× -M´^"Âm2 -öü~ô/TSÁendstream -endobj -648 0 obj -1747 -endobj -649 0 obj<</Type/Page/Parent 519 0 R/Contents 650 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>>>endobj -650 0 obj<</Length 651 0 R/Filter/FlateDecode>>stream -xWkoÛFüî_±5X)dÊ’];ɇ~Ä©ÄvcFʼn<I“<åîhEÿ¾³{GY¡ó -o»Á¯÷_gÇ\úx-Ôr©kßâ ¶p¡‘ÏÃÑÌÙJªÛ$b‚×åLñ5v®m!9éélžá„.¨pæQO^¢õýB¡“½º=ç=¨s§ª©¢Û‹óŒˆ•0³eiWJn«J¹2eÙ‰ête¹‘eIµÌûo«±þM bém±ãüÍdru}=žL~Ho¨Îç‰~¥Aßµ(opÙ8$ï º™TѶȫ
×íUºšBg@Š:çÎ6Ë=üŠ -Äbg¼ª4ÕüŠ"Û:³*Bæ#£3éMUA¦Ð -XòKF‰"ë™ -yƒûÚ+¡R!°g ÷>9=µ?¹AL.5gõ|_ÜZ¿ö—C|^iç’8ˆ0éƯÏ&/Y‚÷¯Ø«,zߣþ“êöJ„‹0’oòXÌš¾:…Ù©—Ñ,á¬bW‘ µ^áé£vžM
ã#"9s[hJ†²xf¥ è>ínÕø³"ût[jCìˆÁcÓ˜|S†ÅQ«ÓUT €Në’pcª¥ØZ -\mj[~‹Ø‚ÍóÆùè>[Ý]]Çy@‰Dô[Ùô0œÌ#fÈàþæãûwoþ¾Íð}ü¨•FÉL¹0 -Rq
’ÅÒ`þ`hDôˆ){ä/«'9eýÆyõ‘aûí õwgY&¥H¶!9«ý†’©ÿ¬Iì°¥¥ò~UDãÚ^b:ñâJÓvµ€GHG[yÅcòÍòVH„‡GOý -GM0¥ Xú7[q' ”ÅÕ´!d§@øY+‘kήnîâüOë)ÉêÏû¢$i™ -''òƒ·ã¿vþéÅ*ýendstream -endobj -651 0 obj -1867 -endobj -652 0 obj<</Type/Page/Parent 519 0 R/Contents 653 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 198 0 R>>endobj -653 0 obj<</Length 654 0 R/Filter/FlateDecode>>stream -xWÛnÛH}÷WÔË œ…E]‹_Î$Þ12q2¶‚`-²%õ˜dkº›‘ô÷sª›”(:“‹ ªÉºœ:uªøçÕø;¤ÙˆÆSJ‹«·Ë«÷Ë«A<ŸÓùÃlpèæfOh2¸‰4Ås2’ÖüÈ ÀÎé÷÷ï'4ÒrÍv§ó-3À–i$цTIG]²Å*‹s½¹%Ú k³U' -þ§·øö‘¦º*]¦óägú|÷ñ–¾<~xüôõ‘Þ?=}z¢5¬}±ÒÜþ¼üãj@½á8ÁaôS…¢ú×_ŽV’di+$á4¾‰UŽo[IüTíÔÒ^¹·Ð¿¿©3Š1ǷϨ'‰‚vrN:º†%e ÿJm -‘çGÊt)¯;î·Ò£@©‘ÂI%Õžcï´‡lš¸JÒ&“†£ÝkóB -.¤†?tŠÂ*÷Æ’ÈC8\ †n;mò$Ò?6»ÏV¯2‰bZn%x(ðßêBÒªÚ€<!-g|Ðß3ÉV¥:¼¶ˆ0ÃÓ¥”ãÖŠ“™y}É~FÁs¿Ðh#S (¿Ic•ëÖc\Ô@K/š,n -“ùŸ@ó$ýû
ÑkkhËd:ôÍxîþy<éùhèúYç*Ux‚ÈŸfö²Ìܾʫtb‘ &z¾@Q^‰h%UìÐý÷<<éoªÜx8yã–ôÜ°¸…S¦=Ðì - §´Û -‡N¾Ø&n†þ&…ÌP=6ûU•øOKš -¢`—åòmsj~¼ÁADâ›P¹Ÿk£ú¨R£^»˜èù -]Æ"+:°ûv¿5+M´Weé¾soLž -Ô'±bð°TÉ#̓”kýâG -ÊnëÀO.›þD}>×@v1ó}²A‡ôÒîØì\)ûY×*áÄäƒùz¦\§a?c^óK{ÿŸ4šî²B•,1áüô©5RH²WN~çiÛÑ܃b€lPÑLŸWÌ<+J/³>
Þ¹v
ˆ[Ô2GÒ5¹/ -´Á=áÎp+6\”ë7ncèÁáÍé—wh¤ÀÐF‘Z˜&‰Ó:·Ib¤}Q.IJìŒ]’Ôü -6¯ÔÄÚŠ“×k?ÜØçÒÜ«Ùª«í™®ðîÒÃqúrî»&¬(ä¿ñk‹‘Ú4Y{æ°¯
¿€1}*¬ãL rª¨×|+±¿¯kvðfW§Ê—á#¯/¼ð»ªD¿`RøwkÖPe´¿\s–<wŽÞö -‘n~öâ‡éfCWžÖ\ ü©)5¯×©áxˆeu:ú5;z¾ûøöŽ—Ç? ¢ôN§¿hœöŒÞp:Ãí½ÙÈo`ë5g2›4ÛdÂaQÿýê/ç‡;$endstream -endobj -654 0 obj -1963 -endobj -655 0 obj<</Type/Page/Parent 519 0 R/Contents 656 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 205 0 R>>endobj -656 0 obj<</Length 657 0 R/Filter/FlateDecode>>stream -xW]oÛF|÷¯Ø7)€D}Z’ó$©Ü°“6R> -øåH)&ä{w´l´ýï=RE§@Z¶%‘Ú›]þq1¡1~&´œÒlAQqñf{1ºžÓdBÛ„?Z¬–´iŒÇcÚFý›„R£«’JgQ&-ÅZõíµùFZI2²ÔÆY²UšJ‹©t.S)¹¤ªŒ…“1Ñ}ßH¿ô_ÃÅûuT
â<§D›Û¯cNfÁ -š/øý.§Í³~›¯®Îúí-ºìí¤a!¢½Êµ€„À¨0Ñ.{@m’,—[çp“R?qåËуâP÷ ÒÅhäY8ºÛÜ^ßÜ®7£wë/7ÁúËÚ×‰@-q55‡€çÈç\;çíT‹æ ÙïöRA:"ËE˜{EƒÉÉbÌh>_¡_ÁÛl,šw
oÎ|~å»ùäOÞ -vQÔz¤Ÿzùð%â»`&94›©Ð‡ë·=ø,0ÖQU@þ>@@컞ÁS³á‹`@MI¢}æv>¸E(NÃNiDÂÙÐÊ¥ZÇ$Ë–Ë>âን4å½{µ—‚Û*Ú‘°sCƒY -évP/Šuˆ* 8š d/®Õ_±B=3kt}Ùì}J£ˆ†igˆõ)ÉEê³D´}†5¨™”¬êrœñÕ´t˜)ax'ãîňÆ.ñ1 -Î¥°nÀ:šÎ©5R—Á5˜¼¯ˆí1×!k5NÅÇSïÖŠµªŠ©°üćAç×T,¹‰“Æ/jí¤;Gò:ÇÞÈ…C¯Jo–MêŸ!` j=MøëåröúUEšÖVE@á:rb;Õ›;¯d -zÁðØayoBf1¤Ì<芛‡6zÀ³#”n/±lWjƒeùŠÔ€Eä*ŽÈ·-À=•Œ q€ÁÀ/ê¾x®Ù\Y¢Z¹´<52UÉg]¹a[‡}sGÖý†îƒÅèä°ÃðÑ,… -endobj -657 0 obj -1733 -endobj -658 0 obj<</Type/Page/Parent 519 0 R/Contents 659 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>/Annots 212 0 R>>endobj -659 0 obj<</Length 660 0 R/Filter/FlateDecode>>stream -xÕXÛnÛF}÷WL9EëÉÎKaK¹4RêÐËŠ\Y“\f¹²ì¿ï™Ý%%Sê}hÀˆdr®çœ™ñƒ.uð¯K£õ‡g糃·³ƒNÔÁ÷ü£Ë?¾¼?èûÑkž£e4õ¢Óð)¥)¿uün@Ý.Í–lhx2¢Yâ,thÞhP!â[i©ÌÕr)
-µ¡¯W’ȺVy¿G´Ò¥-(9-$%z“§Z$2¡¥Ñ½œ}oFfnèpemñæøx³ÙDÒ®¤‘"b=~Ú%ÃOGÞµ{Ãh€ ß!kD¬ò²+ü,IçøŸ¤K]ê¥åðLIW³#º’v£Í-]ê\Y¼KóCq+"Ê¥Ít>Iª$q'T*©¦\,Ôîö£»ÜžÈ;™êå¨ÌŽ'-TÀùßz¥©4wxHå¥iJ㉫9½œâc«Œˆf+Ùp„wJ…lô’B|0,Ѓ•*JÚ(»rïÃ$gÇIÖYÁ•ðÍ*Ñ»‘2‡»BÞD¨l±¶°‹¼U$£†Ç"*)Ù£«”ÊñüRÄñSNª2^ëuI™Näü¥œêX}ñ¯fO$½QiÚp¨óô\0ç:ÂásÆ•{4w¹T1%ÊÈØLV»ò¦:)ZJ}ïʹ0 -äžix,טFÔç’ÄFékú6`Ï¡ LœÍQÖUÁW8–cXªT¢glúøÝ00§³Eå½þé¢ny«HÀ]‹cOÿ5à\Xî4¡‡¢Æëé='÷«÷/íQtÒ‡óÞpB¨ÈË¿«©qááÆEÆœAí“[ù4òǵìŽuÔsùK+‹€JäÍc;\.ÆY@2¾jTi²£?ž¨?8=¢ÍJÅ+Æ<xÌnù³O¼wÄaî=Óô3£G…Ã{ˆ@h,Ë$Ñë4a!*U:{ÉÒÜæ-XA¬Ž™Æ–¾éuÃ#ƒuDó0â ¸$q?Ù…ì~·ÛÙ“¶ðAô ×(]娔¤ +ši¢“Ðä³™ÛzÙ $—I38¡–¥ƒ¿ÆÌ{
ëS+Œ¥62±-.ñß±ÎÑ)}¹Lñ¹<~ÊÜ)”ßž%I -ó3Û½×Ûž±;4¶ÐÐmç9PÒIVÅ -y¯JËz‚›ý‡ôbúm:{{ùåÓ§Ù‹ù|ú -C -=~=‚8aÖÍJ¼rÝ*êKÊ’^]Z3_½ ºlR7E–´’i±\§ôõËG¿|ø5+Uùmù¦¹ìï¯8Y»ÃAÔ§Óž»O{ýì±îÃÞyŠS÷´ÿè:ý€Õ’7Ö©ÈÂÊylÁ|<R¸5K~2ÒÆ/¯õ±¼sd^KZ @OP¦ŒXs‰’ëýK3g.8\=?tªsá0\€æSÏTt.^ó÷õúæ“óÁàòbF?À
wD·p°f]`w×8A•3ºCóê%L&wE2à’ê€EÛ -0ªp"ù¨vwªj¼Ï{OnsT¦õ§±¶–.¥1¼¼b_§`?óà|2ÆjŽ+¾x\¨@þ.Ñ¡þ)ÎìŒz£AÔõö; -0:î(ßþ±bçï å*Š‡+Á1 ¸¾?.³EqYlæOѧºÿ¬¼OÂÎÔíçp8Œ†|”MÏ.ÏÏè³ÑßyŸ„>:J±Ùvw8ÂãíQÏmÅ'Ñ(¢k¾é=c˜Hî½ H«;ý(D¸øC¶Bý~ðRqÙendstream -endobj -660 0 obj +672 0 obj<</Type/Page/Parent 539 0 R/Contents 673 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>>>endobj +673 0 obj<</Length 674 0 R/Filter/FlateDecode>>stream +xW]OÛJ}çWŒªVM¥à|&—+(Л[¸Š¤jmoÛ›î® ù÷÷Ìî:qÝÒJ7 +Y¢ÒuÅ‘ڦ÷¶€>ƒŽœ!îbTð($‘¡¼ÿã{fõ̉èpòšPÒNŠ´ç¥WP§þûÜ[½áÄ_.äUD÷°½·àøF«rù—ÓH[\ž&¢2S€7ç2+ñÄ|ð¤Ì + +)øêÄ–oÛIðŸ7Šd;r¸ +>†%Õ“ÿ….±S¤Ö˜MêmƒQZ ù +4ÚšÂ1l5W}“1ešÁ‡ îÎ"CJ€Ð8Ž*›å™ÝvÈcûÄ}q\S}D) +éìßÕ´»’ölv}Gîm lóíë·çt¶Æ¬
àï‘—sÃajKøÊ¿&¶À9²Fxv˜m½FXÅ +Ñ{Ò&½ +ŸP5hý½Êxq&ÀZê"³‘qàþëaŽø«ÆûFÀ³ +ÂÀZÍöÿÃÛ8ÆMwö¦ÁÑ àE÷Ø·óîôóÙ)Ýhõ7ós•TØç½™2Eã n?œÝûç4EGýƒ…´žÉü +endobj +674 0 obj +1802 +endobj +675 0 obj<</Type/Page/Parent 539 0 R/Contents 676 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 198 0 R>>endobj +676 0 obj<</Length 677 0 R/Filter/FlateDecode>>stream +xXMsÛ6½ûWìMJÇ¢õ-+—Œ“8§ušÆJ3í𑄘T‚´¬ß· +VÃg¬Ž'Ñ,\
ž±:YœEÅ 0X'ØŠ-Õ°u‘¹kxÁ¹jˆæY×P©>O—£CëÀyƒ>‰'¡2±ÎÀöÂät¯’ÂX³)#>0pÆsT8ô^¢(~¬aú¤©bΊŒRYŠ}Ég®ÞÍk²£ÂÚ£_˜hbmª2ŒËUÌ‘naȯüé¤>=XD×(9¸Çó…Kü©Žxµ½2”€,àˆ,a«Þú¹¢ëë21z£¶ÑÞdÞIS}:‚¼yeKªÀxG7ÐûAO\UŒfÞemuÖX…1vÉgÙ5 +Æ¢¼Ql¼¡ÒIV¥2¥ƒ*w\Gµ£5`ñ6ìúÚ”¼á‹)mé´¡ã…·ÚqBPÒâ<T‚œF›"Ø‹lbÄc+UúÜ9‡!3ªÉ[¯¨Û·a¼« +FqI"+!Ûƒ±¡ßrFè¡ií0BQ×Ì€¨^wî~åºä«T–ñeˆ +wõÜÛϽÐb+‹žËYÏ +ÔüÒë¿O•hn<L®Ss~ª#¼¼×æpI»0,‡ÙYl®°ü$e{n˜èàÔ
ûU7X õAo;f!%–ßýË$Ï=\i”øaJËçÊ:ç(O7ay¡Â633²îÖv…óåY`]·I߆ÂÙþðZÊZÀ1ƒ×SülX¯5UŽ¥öý4LdÖÿ4w‹I§¤ß”<Ô/Wïþ)¢ëz¨ù7ºë™áy¸¹}ÃoX_1kÐ[“Tü6ÞNãƒÑ|ÀÁbìnø¯þ0]L›÷šéŒ9€÷å_/þ“Ë÷endstream +endobj +677 0 obj +1793 +endobj +678 0 obj<</Type/Page/Parent 539 0 R/Contents 679 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 207 0 R>>endobj +679 0 obj<</Length 680 0 R/Filter/FlateDecode>>stream +x•XÛrÛÈ}×Wôé*$Hš’ö%å‹”¸J²“^ïVéeȱ€.f ZµÉ¿çt HHI%å2%âÒ×Ó§Ï苘¦øÓåŒæKJŠ‹÷ë‹›õÅ4šâ:Äüñõ¯³ømtMË«e4¥‚Ë+ü¬¿å´â·&·ŠcZglhyuIëT,Li?ä&y¤.5G©;ØÜ©”ÂN“*“yÒ)e&×ôfý£ï¼ÜÒ0û_&|F…IJç]¢Ä“~ÉÍfr¿º»ýtw³š|¾ùíÛ*ºùíæܤCSϖѱ
×ðýÝXÄâéóšÈçI—Þ8K.“Èß¼.é^YµÅÏÌ•D]¡ŒõR6¥ÁJ—x¥}‘žzR&W›\s +äÐß]Ï÷”(KŸh«Ã_8ú+܆ +·ƒ«‡ÿ…²Ïä]U&Ús+ŒEé¸3Çêâªôˆo?…¾äÆn)7>ø}½ý0ðÒ¥Ô%U¡mIiÏ£»ÆÆ0 ¥‰&ìĸWÅFQ +‹¥ÙT@â` ¾Ñ÷gÚ:—’þ¹Ï¾+á"I«K…îÞ¿Ø÷Æ}•ìHùžßM ì!æ¨.ɲŸ#H¥Œ\Ï‘¥FmóMçr’ra+_•ÞT[ <˜RíK‡RÖÕ8H™ënd@/$4¬h:”4áŒ/Ñ߶T³å¥Ìh×A¾=ž_Ö(å«ÛéÙhN"næ)J9Î-7‘aR +OÆÓJŠm‚×y†6ýîª.7Œê8%·ç"÷"fƒ +v@/&§‹]€qÁž©¸FÅ•ÊpX“Û·
,†´Mo{hR–«d k“ç(I’Wé‹¡°žÕ«é±ª4h +ú' ÿp¤“Û#wCA¥Ã‡ÙÛioRqëHi(U’°Æw4™üiuØçÉ*„Š€ÂÂûWcá?[‡’˜]M£˜fó¡ 9ôbûí58›ÏdqtÊç•Å©-k¨ôL’%û´*ö< øo‚ˆvAdãápˆ¿¼\¹ŠŽú¶Õ;CÐÅ +_Í6mrk÷ó‰ŠoâƒaХߙ=¯$L¿/›Å×°âJÔÍòGr`!Š¼IVb +ôÈÛDZÛ‰"€ +\¨ËL%, xÆ'•«<Æ4Õ¼Ÿ™Y;x×ìŒ}ó2ifÉ^ŠÎ‚å$˜“Žpø<©{4——X‰å053w ¤)üðRaj‚Ui‚ErD +µÕKFˆ2è}«ñ2ÇÚ…íp¹XQ4iáR¯ºH}¤_qFóÅõ¨Q§|ñͤ›Ÿ—#‚÷D¼x¦ïgMg…Ã{
Û3Vg•¦ÀA¶>÷ÖÒñt°Nb˜ð#|XúÝU=²âFóE¤¿Î0ÜÏ÷|o:p:ð§Ý>¤…Î(òLJ›'ÆßÞ +Wïîß¿ƒîr?08¾Ÿœ9Òq2Ç"¼œ 6þ‡£ëâr<½X² ì‡\ü‡,b¯endstream +endobj +680 0 obj +2019 +endobj +681 0 obj<</Type/Page/Parent 539 0 R/Contents 682 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>/Annots 224 0 R>>endobj +682 0 obj<</Length 683 0 R/Filter/FlateDecode>>stream +xÕXMoã6½çWLEÜ"–-ÙñG/E7Û ›ÝíÚÅ¢€/´DÛj$QKRqréoïRòW’nºè¡E€À²¨!gæ½yOþ|R!
#ê
(ÎO.g'ë>…!Í–üÕ`4¤YBÝ ÛíÒ,nÝ©ME–=Ò£ªh“fR&d¥…±¸C§ï¤Ý(}G· +‹•¦™R™!Q$t±’…=%RÙµ¤w3šJ}/u@XD‰Â·©¡ïfœ`ëv4úؼõF!úÔ +m©¬M‹•ÁÇ+UX2ú +™áššy•¾OcÉ«.’ÄEì\ÇuZmd‡d’Ö<:ïÖ÷š”q«ö‚ˆoOe&cëNúåœ8=Š³4¾ãìNßÿr|å¶W.GØÖ©.èAÂ_þ¦0•äúJ‹Dm̮ԺÛ>^Mˆ6kYP©U^Z™ü“ÛÑù®¼[ª´ð;£S9Ê´L3ôȬU•%$Rc±{]6ÀÒ°EßNŸÎ~ºýøþýìÛù|úh¬Ì{Ñ|^¸ óù÷Á÷™n[Œ§â/ÛÝ]?MµHR–*b[¿Ÿ0´‘Yvv¼k)4êdæó£Ð(I¯)öïêXH@ÍýH“·oO
-z~8ïs¶hï4¥ˆï¤%Jª¼<sìð;móŽEi+-ŸÁ÷¡‚ܤt"õ>¿|•ãÊ- +nõ'pLµ©*Îv,F/4ÊLfÓ€ÿ¸ž
¿kV/«Ý´‡&ìÿ:±ëd˜ÎžÍÿK:ïõø€ÓRÿ;œ~§6 Aùè:îy¼Àv®3›_Á^pØñš§jÙÏ•Ûf˜U¥Ôyj0å1äpžH™m#J·R§ÂJÇZˆš&“ZÐïúF"ÉÓJƒ8÷’tºZ[³Ð3Z¨¦Ÿ® +pˆéþ„¥P¸F"ëñÇ”Üáñƒ‹Ñ,aâ!RDsB*X>‰¶unæ7½še6oÍçîÌnNº°˜ßñ|\K- CY–X(Ó˜2£ ¤Ý®÷†%iëzbו˜ÒåѾlÜA²˜ƒ¹›3\§5 +uVKšŠ|!ÎÜ^GéµhmmùC§cxe ôÊ•y{ ÷¯è“¤µ +íðþÍq–¯ô=\TÞ®s=h4x"ïe¦Êøów¿ÔBC㊿ߺ:Ÿœ?ŒÁ¡@âà"Ò¨Õ"“y@7K2êá‚îicóË®…·‰?4™Ûà„!b=0^ãâ^0y
‚¦õ4§±²–n¥ÖìiMšWxÀô¸œ\ÑB¢Æ)Š+ÜQŽa«ÿ‹ +$ûAX_ÕHxÚS ":¥Ý!¢nóf³ Ì]Z–HßH«‡ŽÉmͪ`móìE +›àóW%uG¿á¨ïH×Ñõl£ó#²]Ï>ø¡Ë)¨Œóôö’L)ãZž²¶EK7ˆñ?ÈÓX+£–H )ÔIw½êpO¿"©Ýˆ=xaú ByC+x²æsUÉ,sæG.ã^矕±h4ùÂ^è[?`û«'Uƒ9{ÑQë½Sà™+¨¨òª¶•0-yJ&tpª€ÞàM^½„W*ÛÙîmÚ©Ëš4nüî¿ÔÕ¢ç^ ðÅî)_›óF¦UY*ýD¾Ø1þísµX?›©ßb«…^†x^DcèÁ˜%d;ï¡¢î¢.8Ê<îÐë€ü\!=gXÝ^ÜdÑ«éìÝL°¿)j㜰ghÛbžáP¶è†Ç¼²¡fZºÍùwÈãæîµ™]¢ŠS‹÷whÃî˜b¡*ëØæâ´¨$1 +‚S–"¯ïÀÔqå…úshæ…ß W’ƒ¨Â™$Žå¤2“Âà»…ûn“é[UiÂhGãë +endobj +683 0 obj +1869 +endobj +684 0 obj<</Type/Page/Parent 539 0 R/Contents 685 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 229 0 R>>endobj +685 0 obj<</Length 686 0 R/Filter/FlateDecode>>stream +x¥X]sÛº}÷¯Ø>YéH´$ȹ/wœÏúÁŽo¬ÛL§îH‚bÐA+ê¯ïÙiɬÛÉÌLñÀâìÙ³üãhFSü™ÑbN§TÔGï–G'ŸÎh6£eÅw/.´,išM§SZ£+»U»†‚®uë@q"þÑTê'mýF‡†TÐôämë¢Æå˜ïä&9i£LIÊ•é¶Ã°ðfùýhJ“Ùi6Çb£U«‚âÁ=m‚/ÛB“ÂÀMÑZ¨Ò*¶Xk¿|M3ºr;â_dÓ)žã\7‘Vnšc^nr°ƒÈÖƨöð'ŸŠ† И_dgÛÃü|Ú=îQÂÓÉéÛì‚wðÔÚEãml°á_Q£ê\ÑηGÛðŠ¼º¼GŒžŠ|¯Ù5Q×d"nÃD+uÈ蘩YûÖ–ŒS®r»Ãž±QÎ’dõ€¤FNÃ!`ñ@Mg…wUÆê1ÃhµJÆàøMJÆÑ?W‹ØazQU…yéîÃ{jÚÍƇø'€»v¤ÊÒjÈ:Çßá6&#Q“Ï£B>KºŸŒ"zÿ÷{êÁª¨¦v²Åž†û)ÖºxÄ$&’o_¸§áÿHuÏ„e +êd«B*n¦Ïk?Ÿg—ÿGÎ/DÌY]k³ZGh_aÛRwÂÑõ…‘t$e9ˆ}Ó¡ÊW"¬ p0Øb’ØGÞ‚„Ü'€B5T· þŸOÝË0zé+|h4RÂøskAÂx‘ÌÓη«53lÅIç7PQÿ€¾q¡!µ:ÎQ'¯Áñ“ð0º÷
ºÌúNU½VXU=k9kf^PhÚ#ª8Ëa »q#ã¨äzc6LFù"|x3d
²GI°ºÍÿ5{u'à2f[mÁýÿa³þÉíth÷°LÐUk¡©ÜªU!ž +Iâ3’Õ{~Yâà—Ù7XS ߈¹ H-(‹æR©o–llÒíßJ(Ÿ÷juŸLZºÛ›×‘ÈïË/Çåd¼@p¸,6>m•Ç +‚•º"ÓJå D²?ÃÀÌ"9ì»Zgù‡Xf˜ô‚/*@‡ñ(?î‹k“e4µCû +·ÙE`´j¸ZbîdòXht²“†“ +endobj +686 0 obj +2245 +endobj +687 0 obj<</Type/Page/Parent 539 0 R/Contents 688 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +688 0 obj<</Length 689 0 R/Filter/FlateDecode>>stream +xW]oÓH}ﯸ+m‘Ó¤!iØÕJý (…. }™Øãf¨í13ã–üû=÷Ž¤¦íRMÆž{ï¹çÜoC:ÆϦ#:™PZœ/^^i8¤eŽ“Éé”–'ÇÇÇ´LçÞ7Ú“Ó… +:£`)¬5ySÝzPØ;[Q¥Ã£u÷TÚL¤œ¦Ìø´ñÏ› +ÏO^§ÁØ*!Z¨r¥È7um]ð”ÙR™êÅòëÁ1
†'ÉÖå^´½9Úñ©3uÀתʨñÚQíln +¸—[G×úlªÌ>ÆìÒ³Míåù½ÓÙ——×ozÓÂè +î<®Mº¦GS´Òjn +Ùüiíë£I2f‡?¯u3´¸>§xG®ÚèpŸ_ÃK€#1VΪ,U> +M·‡«&îÝMm²Ûrê4Ìí±Ö {+9„—j¥¼æ«*ȯÁ è‡GûĈ°€&Ñ ß±¾é<g~=h`±Í;8Ç"ýþFBÇ+¥×Å€QŒ¾OMò—1ÞôCÏti=ÁëkûHªÁ}®À"øÖÄš8äpB¹³%1,iaaw#æ3p"¬[~ø¤G§O¯€%zƒÁm(ÇJu¯ùƒk™ær“oãZþ<µ—ÓˆÄñÕŽê®C{É]© +1-ÛB0û©·8õBµƒí<ˆ½æs”ÄA§é%Újy+V’·Îoö4¬²)jËÊc³NŸ¦‚`å½ï¤^¶‚O m0æ–yæMkïœÏ?,¨R¥¦Ë×gó÷Ó¿"5ÄwÊy¡6ÛjÑúœ®-ËB, ð°u étª¡@ëý€²ßRp®ü‘Wì,¤k=Tá¤[üY¼ùøÏ› ±ÕºLï0~…o'³dÂUtqDW±t-…3 fµöŽØ:°®ŒÌ²’¥ð"X¯Qw¾ +€m^{þˆC&'/à +´Ýä’ÐÂTil‡¸? +´3ýÇ„_Ü*«´g°lPÂK.«)Œ»ž›qñ3Óì˶•\Z,Ù“mõÌ„Ù3”Ô
›úÔ¯vè¿%§¿÷–ò;8Ÿã#bjãicHèŒGB‹Dµ²M8ê9ÙuM_ë´m’Ýû¦<WhÉ¢è Ž©`Ðt ¿«².ô‘ԳȇÛÛSÊím²õƒæ9›ì±ÌÚ-Ö<‹z„éqn1|-ú"¤±Ã°cðd‡aë•æ9<“p¹ê$*5À¯X˜¶úïGÀ}5Ö‚‹ï¯æo“›ï¢Rk[`râBþ‹Q°Áö.ÊØ¥¹"Äò\¬]UÆXß,°xÐh4ÅX=>òïøËÈÅ=eFCÌÛ¼§g'Ò4v›Êirš ©\<æ{ƒÃkV:‡$QËt·¿úF¼úHâd;ÅAží4 +ŽÜ\^H8joÆh»a×óþèÂå]Fvº¸éFr]¥nSwó#ËšçH+y>c'20"öò*mW·Á:ÃÊ–ÞŽ&Si·»àøl»]u[ÒþpÄ‹˜Œß<Íó$S*ÈP˜\ƒÝC¥) +ðÿÉè`tŠunžÂ€ˆº„
¥ÝLÙµTá-ŒÀäƒO‘•éñåÕ«6âáä8Áô +endobj +689 0 obj +1909 +endobj +690 0 obj<</Type/Page/Parent 539 0 R/Contents 691 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +691 0 obj<</Length 692 0 R/Filter/FlateDecode>>stream +xWïoÛ6ýž¿â–!˜8Ší8N\`’&i,n»ë†z(h‰²ØH¢+Rqýßï)ɶ’}Û¤¶EÞwïî¾ô©‡ÿût1 ³…ÙÁõìàvvÐ./iû§XâŽõFø;¼¼àÏü)$Å|a¦ùƒã§w8Ò§YL]žÓ,rÏ{4;Ÿ¦·Ç³o§wÃêL' š%’tžnÈÈ°,”ÝP¦#I´NT˜à•¦”kKk]<QTJ²š¬“\…"E$ÂèÜ2äM×î;Ó÷W·-wÞtí(Ø¿Ñ£“þY0@È›W÷“öe‘G/œÜ>þù"©}/¢L‘á·ÒXô, +%¬Ò9ò¦éÃ5•F”Êg™6 ¸ØÑ`9¢«Ð–l£K6AeÀ‘Maª„}«däऑ\ËÈHi8 ]8 §"[Ê8–Ðä³:*§L+ÎzŠE¡×^ŒÛÊW†e¡ËÛE+Y —|IÁÐÍ[Tôs¢Rga1Õ¥B|p·Òƨ£Š¡Îcµ,A&Ñr +‡Ï𠓦 æ#2$›vÉä¢Uä©^2 LÙµ¦H„Z¸ŒTËBæ–â¿ +4sŒŠ +¡:¦zJcPÅeÊg”îZ+¤ZEZäTÙ*…žAÑ‘˜±blÚ«‡·V+‘‘ÈT°°q¥ÞI{ŸÇºžu{WÓ!-¹çÑð<M1TÇîÕjÐ{½ÆæS¸ÒŠÁ¬ ؼ H¯Ö‰x– +²m?RdC›WÀÄœ{ æôêáw^bèñãÛÍnµó˜Æ~†HE¾ñiA„à6Lˈ¨|…ƒKúµI„¸
Â^ Z5©×“-
ëyø4¥dÛà'-ºív@ÜkzòÅäp¯ Ø×ÏǯNŽþvÉd{cd¿]w'=š êTDµE½â‹ôe™ê…Hÿb^Ö!B&[ÜføÍ“5†&ê5#;ïp‚ò‡à^™¿ñŽ{„ãíédpî×s·€Bòl‚eŽÿj´Ü"»ýÊ´k¾ññùüèÓ|ÎB_Ýà÷Ó;a?#ÿb2C¡B¢L±Ð"2·´é•“$Ô…=M¼ÍÊ^×i-6a~fxõ÷Í9ŸsùY‡›x¤;89b#~à‹*t¯!4‘{@”ï–_Åx¿Çº +endobj +692 0 obj 1796 endobj -661 0 obj<</Type/Page/Parent 519 0 R/Contents 662 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>/Annots 229 0 R>>endobj -662 0 obj<</Length 663 0 R/Filter/FlateDecode>>stream -x¥XM“Ûƽï¯èœ–J‘à7¹ë‹k%e•=ÈÞdi§\ÙÀ€-€1Òô!¿=¯{ -"nRiá´B9l)¶·ºnéx¸nTøc6¾ªmÚ$œ0•ª½Iš\Õ”iåÎ"¶ž>ð¦ÐÝ•{â_¼õu2À7 rÍÛòžeö¾°5à7N´ -)¼5ŠèÝÏO`z -õ‚ˆeµËdè&VƵÑYŸr‹ -ðs[®ûD€žóƒÕ¾ûÆIJ1ܽv¬Ñà º4BÉD{`CRú¡£8èÉÆ9é2±)–oUÀÑs¯E1QÐlƒÈ%6‡Ù›A83Î ¼ÿ®…¼àó›×ê øR]R´Â&¥}'•&ó{º~¸.¸2mlnÐ9»k8 -»ÆC²($V?€í8õÑh_X΄6k<ƒêZ‘UºJìEEåÏΓû+#@æÆʼnÊFô/[£ªB´Ñ'2hJAB‘VZÑ/ÖxØ#tpÐ4Éõª*]BM¹‘jpáÔ|C˜‚n¤ßëpÇ0ð:Ù”&QyDôQAó*mARÈö-ä½k‚ä»&vImbÖÔ‹Xò¯‚\)Äp&6wL<µì l;{
Ó¯ÈïP^€°ðŠë`Ê™×%ïqª±ÎšW—ˆ—:V(Þ‹CþÂʇ´Ü‰žÁÒX{ð¥ZåàãÎ -‰èG䎮Q
$1è« -endobj -663 0 obj -2311 -endobj -664 0 obj<</Type/Page/Parent 519 0 R/Contents 665 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -665 0 obj<</Length 666 0 R/Filter/FlateDecode>>stream -xW]O9}çW\õe©SB)ÐòÛí´[¨èÒÊ™qÏ8µ= ù÷{Ží¡éЕV•Ú4±ïǹçž{ýcg"ø3‘“Cyy,u»sq³óâýk™ÉÍ¿ŸâC#ÕÁÁÜÔ»§Õi%o]«L'º.zgeæ¼Üš®që ¯^\¾{~óF^ÉdB#°»x+»W.ê7’=*¿îÞ,4,XëÖ¦›KÐu4®“¶á#HÛ×q3‰8æ¼™›NY‘·Ÿ.Ï?^Uñ!ÊÌX-K¯WÆõÁnhý@ö'/«Cº4]mûF7²6q!תªJä²MV[µ7°j‚LUÀYø_/T”µî¢˜.ºtnêܽ\/u³ô²¿åæ]cöž|
Ì¢ø¹Ûýbê…ò\ã量{žî%@Ž+»{.MSu(Y;?÷®_ŠòZôƒª£Ý$ïAµhÐ#â6–NGÞ‘©úøÉÐÆÌfÚë®ÖÌ*25B¦1!z3í£š@Õà.šZ%ø…¯o«rŽˆª„¼— -‚õÕ:TFT]ë -.7W¤së»çUñwXªÌ’\_^Hm
)…È€Öœ<KP -,`éëp,æ:¤Êi$°BLé$ -°Ì™;aázÛŒr$®K¬%qg,6˜éж >>Wr5b‘Ìú.õ¡²&Âõ¬xb|h¥¤(Ky5Mf‘M'ÁdcQÔü¸øòéöúãÕ6n%£äÈYñÚÐìeªdNÜu è,'>±TÙ‘ãR 1òCèQ(¯m"0.'@€¾Õû™!Cµ®ÑdFkÔ} °ÕPq¤_÷-2›s©‹;þB-“ƒ'ƒéì(ÔÞ,#éIkÈ–£|…ÔI—×*JEÝB™ç·~}ýmä.Ó*Œs¿EG“P[Ìc¬Y›°€ëO1‘*¢šš„öúpCC2•/S$ff<ιªäFñx½DwÎ5®íïnšs^NP85øi aA’„‚Í@Å%Ó¥ÕÐÌ΄6]Îp«¦5ø*ze䑯¬ÕMb -¶t! -ÛÝ.$NR…Ø/Ms÷œ)×^ÃÝèê«Î…ÙÖ?0</ð4®µW;Kêj*]Ñ”‰ê
…C4°x,fÁÔ ¦hRê¸ÒmW -5ì †#§¹Ëf}ä,…X!9¬;³²H”ÃÃ4Ôº¨J 3é‰n
ë+ÓL¬œDjìÛG%Ï
:ä÷Ÿ -“–7ì=C(Ûù?Š«á:èCrù‰<“„‡×¯ö -=ü,þTc™~2¸ÿÂKäÜç$²¨yÀA=Ø@~À2`…ÉuÀº¹â\gÃÎ8R`ˆõË€±|E×ÞŒ¢ÎêÍ¥Ž`q.(¬¤ì”B^6Ø™Ø -»$Š’ìgU†\&i!a /&!÷#Âà`¥Ñs¯Çä¸Ûe)±=S öÄ÷]Gþ=û -›r©:5Ç¿<ò6
ïð¯ -endobj -666 0 obj -1855 -endobj -667 0 obj<</Type/Page/Parent 519 0 R/Contents 668 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -668 0 obj<</Length 669 0 R/Filter/FlateDecode>>stream -xW]oÛF|÷¯Ø‡u‰–dY’¦€íÄ€ø£±Òˆò@‘G“1u§Ü‘Vôï;»GŠ4m E$ˆÉû˜]þ8Ò -]áhyX›ßÑþ1…ql•sdíÊ•V -´‚Ë(%f¾A¸l¯oÑáZÕQ -mä”}R–—|ö·g -ßCÿOú'£`ÖIbÕI«Yzp¿¼ÇùÙ‰
5Ý__ t§Šróü‡:&FÖ=Cu -Õ5×àÖþæ¼R;]d³
ÔTóY;þw`ÏùTD=LšS¡R@Bé -C,‡HÀ4«œµš<p®°p‡¤Êf6 -ìßÚ¬P|@uA•óm†³RƒKp EŽ|«ñ·°`:¥ÕHBD@h¡7¦Pgb+±Â4‘K—æ2è¬íÉÀ›ƒXQ¾ìœh!ÖÄ/ï¼Î"kœI -žõb³ut³ óx飢Ÿc•\Tò[5"ñ$( -Ç;Å|¹Q1=ÚluœéÈ™‚êt3Zj Æä®=$Ô^ךm¦§~ìlùÍ)
ŸÄñâ3éãGW:e]cøy´ÑH -ƒ:+”ø‡Í‰ÞÐQáQlÜQ¨×ïszdû¸žPÉ<î4•ÑgL§Ö©bÿÂ4ò -IUÖ™õãˆÅ·—^隶ê#ÊÒ9>Âĉ;ö ®|ðjŸ®fà¯9 -/ÿÆÉÇ>ê¢Æ3?¾7F±ŸßðAVSe£ƒQ#„çVô†vjÿ Q¥°]È௟‚U(ÃÿÑÕ¬ú‚!M¦üe‡ûîϯ/ÎéΚï -endobj -669 0 obj -1625 -endobj -670 0 obj<</Type/Page/Parent 519 0 R/Contents 671 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -671 0 obj<</Length 672 0 R/Filter/FlateDecode>>stream -xWÛnÛH}÷WÔz¬X´$˶`°°c{ÆÀÆÎØòfè¥E6¥Ž)¶¦»iEûõsªšÔ…ɼM.þTÕ©S§Šõ©‡ß}ºÐ٥ˣëÉÑí䨗ŒF´ûáæXMzt1$CöΓ1áqDNSÎGzI÷l`ÿéÝú}šä|ïÅè’&™lèÑ$íLšÒ…5©&›ÓL…tA¹)4ÂoR[9¯O¨ZQ°´±UB|DÍ웦µŠŒhnð¬NV^;RäõJ9ôÞ}ï'ߎzÔíŸ%Øï(O×¼{¡µ) -š±ªœëŒð’qrY©–0V»TÁ¤ª(6ѾÅG>¨2S.£w´T©³ÿlHÞ¶Ìá~¾.Kè«(U%6¾jqa²G°°–;»äªYfœNƒušmpÜ”s"-aÁ…yÕˆ
ÞõhÌøö©;8GZ`aç¶$Ÿ:³ -ôKýà§Ów/ ,ÆSMZº|î9ĹÔiŽÁÙ÷¨ W•´^èR–k˜ñdÊ„îó½31ƒ™Õ¾üW ýÝøÀ«%•¸f›âFM"`$‘°º M“¯³ø -oºgãä‚=½nìîóL*uL"§T9W§ÎÒÍã32¶·RwZä -0³ %ª
¥ÆŽ+Pᙆ,,+hw¦QÊè`'¨E/ã}%-úƒU+P“@¨(ãɾ²=®J3g -?«åL®Wté†Smœ- -œÄÿ°Ãq¹¼/Ù*ËiìW{
ãT‰‹jvbdKïàBbš ¢HPörmÝ+e€QÑé¢ä^Âì÷¶„øŒG»çß®žn[æbžCÉ_zzóøéêþ¡}˜ËîðH'’¿½QØÔXa×à%Ú}« qŠÞ”3h…üyþt-%K…~ÓÅñmO®ÒPñ¬¸0¦Ü(Q§à2n¢l#[&H³‘Ô4ÙŽy]²+ÐwÙөϱìå¬.;Žræ΂’ÒÄìJcHà:ŽDùˆ„~‘ú©Xé·™Bø0·²>JØÕTËhÔK¾Ò3«§•sQ"þ“X™bÙÈ¢çÒ¨XÖ–2ôJS¦&3“ç(èU^á
0÷Ó÷'5ã™UŠæÖf-û&ÓŠiæ-Âaqò™’Ð…ôrÆH³¼3t7Qx@Òé9ŒÊ -7IfÏ?û3zÐáú-“x®Kîø(›ìî-S´;cÿ† -lþ¨0£`¤F4eM¡6ss•21ÀicÑ æZL›PÞ˜‹ya-¯—ã•ò/²Ú©ãé{âIƒ°å1³èŠâ
‹« -èÿ$ð„Æãw<ñó½Á,eŽ -žm6ÄM®e÷'1œ3óEø÷ô=ïåÒj˜8áN‰i
CkÝÝö©7³ßñ•Û^-i„èD'P•™Æ|d„
Üv}fòàÁ¿ò…°ÐòèV˜Ìäs'zp"ãj-'ªX«ÍUw¹eVªZŸo@X6Y£âIwˆs õ‡#þŠ”)d0æá•›·(}ÌùÍ€2À‚ù¾<½ãí K÷øK`7Œ’Q2H¸×ËûÔ}郫¢~~ gDòÑž¬Zrì/\-Ÿ•©šQØ\ùÊíðu•u¾(Wb?ï¨Ý¿ÄwñÏg¨‹z‚À5lP“ÛD3ÛQbë†Æ8Üûjµ²Nä`×Ipnü?£ñô0Ù‡ól‡æž˜2Óšòâ3äå -endobj -672 0 obj -1961 -endobj -673 0 obj<</Type/Page/Parent 519 0 R/Contents 674 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -674 0 obj<</Length 675 0 R/Filter/FlateDecode>>stream -x¥WïoÛ6ýž¿âV h -8Še;¶S`šnYtY׺؆º(h‰²ÙP¢+Ruóßï©_‘[lØZ °$êx÷øÞ»Ó瓘ÆøÓbBÓ9%ùÉõêäçÕÉ8Z.©ûSnq1¦É,ZÒl¹àŸü,%eXŠ«é,šÕOâ n´OfË9.Ã;Ýl‚×°sû;\ÜÌ(Ži•!¡ùrA«Ô?Ó*9»–™AÌTÙ¤²V[Ú™9C‰)2µð¬4"çûÒdJK;"åHYª¬Ì*Ík”þµ?Tqõ'‰"%üº]Q¢•,œ}²út2¦óxM°÷™Ê÷Zæx@n'-*•ÂaÕë&s”Œu!Z{ ¬ [éÞYYþ"ÝË"3€ãs%-"†EåYòÕVúðœdùض¹“6‰pʽ0‰Å#~q!’Ù›©¥FZ*Œ£øÂ@˜œ -Rë‹a-£IG95K€ìyÏ.®¯¦ó†«+ˆ ÎïvHC+E8¥÷[m6B -$«¼tIŠÛŠšµe¶˜1C¸˜t)¨ví×Góp#B·¿Ò7Þæ¼çñ<€ãóåÆAÌ°è/U:]Ä]ßûŽJ§3t®^à -tEÇù/Åk5bþÐÉׄœý? -§Étz„´KÕÉ2¢·ž<;ÁMá -hèÌEßô±ŽšJÓɯ+G¡Ü{`ö 2â6uçeGLEjuxlsuû–9B‰%uÉúôÉ<}¼(j”Í°uÎÝw6 -endobj -675 0 obj -1500 +693 0 obj<</Type/Page/Parent 539 0 R/Contents 694 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +694 0 obj<</Length 695 0 R/Filter/FlateDecode>>stream +x¥WïO9ýÎ_1é•Â’„R?@9¤ê +åŽTí©©*gãM\víÔö6Ô?þÞØ»ÉfÛJÕY{~¼yófòù O=|÷é|@§#J‹ƒëÉÁ“ƒ^2Óî—]àŸöɘ†ãs¼ðK+)ÃÙõÉ°z‚—½ø¶ð¶¿`èäöŒú}šdìp4>§É<èÑ$=º7^^ҳɧƒ“Ûauìè}þ”æ4‰rq1¢cZKZŠ/’æʥ拴rN‚VÖÌrYÐz‰7èÒs³v”æJj¿BS!”öø!Áö{tÜ?Mð~”eê•Ñä
ù¥¤÷KSH÷ÜRÀ®Ì¤_K©)7¥]B4ùîTQ:O÷¯'lÀÊÌXÉnŽ~f’J‡`9Ž7S¹¤•ðËä
°÷h4¼ØÜ@òäö¢gú{°“q2À÷6ï‹wôÂèL-J+8±}DÓ`„z!÷‰!W®VÆz¾‹kb]Ú˜’BNˆ9€ÒAò€ˆ¡é l+ +é¥MèQ3Š8Òf
¤ +O-}rØ<‰†øÎÚØ'G0°–yÞ%¡‘"¡„Ž¸6€ü'1TÖ뤮7 +y£ÂȾxåGÃtD³ØäæjÂ*š¢ Ó˜hK4,s.£Î£_wR—n‹éž¼YuºÔAŒ-× îÜK¿4fÞ‰ÃjPKæU%lFû°BéÃ/¤]pYjÎqæRÖr‹¾vèdÔ‡¡èéåt +uç§ÓC8AIʲéäçÞª=@lõ +¼0søqfMAR¤Kîjy‘j ¿i¬sævš˜‹`[aö±¡7qæ9m¤c˜Ü’—=Œ¸…ÓNj§¼Âåç-çÚt8]cQö¿ÝºR±R^䔣¡¹l8\¥%ö3üÃJ[égO]á¶àOΖ&†¼Ù¡nOœ-?ƤFf°N%ïlÕÀ]+‡Ê’J™J’»®§yïe1e[)îûŽÛäîê>®.R<‹xµÊÃ~ +÷|Þ†@c8d„õw»†½ŽÆ¶Î€[ºTZvi{†•Ö[“ÓƒÐ2§oøë†Ù<RäXBêo:Uý¯b†ÌÃãVŒ“ß°ÈÌQ•/°ÈQðÌm ‹£×Æù:7ôõ‘ñÆþÆ–RS`€kŽÖÊ™1> ‹ü1–ýzÓîÇ·ðÎÏ}ËSЋ°Ý‡1r§RkœÉ°‚Ç玾q¾Íý94Ø1¡ÃWf¶KC5½1LØCd<XuAÇËAØc9Í« +a7„[èX”ópDßïCb³; £ÆÀ„Wèÿ_D²^z°ë³»“Ûqõ¡ ?$}Îã`z¼º»¾b|b^ܘ´, ÛÏÇ}DÎøØ5?Š’¾?Îé¥Æj\†ÏEîŠs¸\ÑßCö˜ÆÑχð,žõù
lü;†Mendstream +endobj +695 0 obj +1681 +endobj +696 0 obj<</Type/Page/Parent 539 0 R/Contents 697 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R>>>>>>endobj +697 0 obj<</Length 698 0 R/Filter/FlateDecode>>stream +x•W]sÛF|ׯ˜âå*’–d}ú%%Ëv¢:YñÅô¹RA*µäš +ò-´_»™H +~eÛªà¦V‹ +0±&¸'"b,\pìY—8:¨°0Yø‘ßèÜ”¥v’Eö6*¬F\>Ç=”©à ++êG‹hœ¼KÑiöCÈ5*ˆi²ª AÇùZâ|n̳€Aíjã½±Cœ& +‰+ñˆ—y^cžƒñ.†5ï抲ã:Ž
¬ó*_cÁ`”½V“˜×À³ø%ªÑ/P<[S?½º™]rK½Ú7Â¥ücÎ(Ê$èߧtYòÊ5²_?%ž¢eÇûñ²2E‘ߦZ²É^ˆõÌÞÞÎÙC…A‚\÷4‹«mù½“„•—u +O¯Î$™ëÙõæwg›Ò,['Ñ=^»\›óÿv\7ÔõK÷bø™ßxºn“×éó«sD—/Î8Ì»ùÑ¿þÍÂK¢endstream +endobj +698 0 obj +1803 endobj -676 0 obj<</Type/Page/Parent 519 0 R/Contents 677 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -677 0 obj<</Length 678 0 R/Filter/FlateDecode>>stream -xXïoÛ6ýž¿âà/NÛÝüjah×
(¶¦Ùâbæb %Úf#‘IÅ1°?~í)Ý0EÚÆ’xwïÞ½{ò'S:ß)]ÍèÅ%õÉ›ùÉóï.h:¥ùŠ?º¼¾¢yIg“³³3š§7.êWôlþ·w·¾£zÐd]¤b£‹{]Òv£"
ŽÔMÏ7®ÖC*ä,ÝÌq][Tn_ùâ€L €ÛUàÃÏh<}1™!ô©Zº=á¿Ÿ º¼|¿Ï¯¯ð÷?^Ó*åý²K÷¼˜ÉӇį'דÙä|B?[ºm —¿Ðw+SiºÓ±mþ^˜]NÎ9Ÿ9UÅuxZ"!í@Ær)‡ÓF7È„Ïã['o_Ϲ¦Âku9Ba¤8UW•ÚÜEå#½×¶Œz%Þêp]3Ñ -UõÂ> /ã,ú€óp3*,^-ÛØbÑ$¸ÂbÁZUkF ´Ë ÿhq16 -4¿t1á&wmƒ‰Õnˆ†zô†ã×Ê؈DiLTU:Fn>’PEpñ‹²;r+)µƒ'wX({D#´ë@¡ 7 1Ð7ôˆ«eX‡«Xi¯m¡z·¢kѹ€Î9Òvå|¡AHž„>º{¤¥-B‚^‰{RJ성Ÿ¼}j‚7¥F%x®¦7ç8bÜ€ÆüTMØOÆ+iïgà¸cõˆÖxÎÑ7¨Ð»Šn•Õý‰CØäDUTP»rÆG”žçQÕ•ßÉå^Œ“ß@û]yÀ¹ -G"' /d`LV¡m„#ÉÃçF%SìV+Zœv
e™³ÃM*û˜á©ûV•cgd)ÖÃÒ«ñâÙ„½aâÙA[dD:Ž¥j`IZcàÉ;Gk6foÆBÞá™Rï5MªS,åeï¶ïôќ˜h‡zoÁwX‡\Ó´/™ìä‘G¶z«!ʹžC!×̆¯ßÂwI§e¡0ÌRL>蹸¶p„s×Ìc¥ì6^²˜X…k¸Jí½ƒ×ÝïÛíË‹|Ïcv$â¤ù-ôÒ»†¹n U¦ÐiKñÝL¯k¼Of ¡çoT€’BŠö+ˆKëg!ïRôšõtM"dšWà(½‹JœÖšÇôjÖh_›^s8l -endobj -678 0 obj -1896 -endobj -679 0 obj<</Type/Page/Parent 519 0 R/Contents 680 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -680 0 obj<</Length 681 0 R/Filter/FlateDecode>>stream -x•WaOãFýίEª -Rb’ -½$Ó*çb¡q>ba -Êd^‚ñíšw%ïQfbÁ8 šŠhQ.9INÍ)Eú¼ZðÍ¥ŒeyŠ¸ŸN.‚«þd×#÷`‚súuu3!r6þÃÈL¯jžR‰º4è÷žÎ!ÍDÅ14Fvš2—Mxäeôùj´9Z VrÝÑŒÆE --„ïœ -ã±UÙ
AZ)Z‘{’pŸül)xz¾ßZS/B³rLv•;5ú¬¡Kï40¡}¯9ÝA\·+œp:}kç1tqFQªÐ÷ãgG‰ŒœH?ôJåžj¬”ÔA0H”ŸtX¢‘QS¨–ÄT¯œ1°K6¤ÈXL—6-¢Ü_®="Mìà.ÿ"ÌÚHvÕõªGÃ3êÕJ¼ƒ’A¹L-t,Tj» -ŸôfX¬%TwâÈô=ÇÜ„<*–eD´
Êl 1°Ø¢e\fK>e:çyâ/ts„kæv“Æðõ’ýÀÕeõ -˜ÂŠõšìRFj¦ -S†< ŽÒkÌË—É+ÙÄé*QèÐXCfo¹.Þ`•°œåÌßTz`rؤl»¸[…|,þ§ûFåë5z± @Ö4ßÎÛTÍ;ÍŒÎÜ_ö’}u*ïa9Þyà.\ÃÍYëÑÃ3V„XÁñÄ}ÉÃÖøT-s—µ‘ÇFdÇi‡m¢Ë4fa± ÐNrÙiZ™–F
XRøxÕ×Û³è¶*°ò^æž–m+çr]ÇfN:»jÿ©eúmw;XÑèȺ5<oÛåæ
µÀ„'lÕD8ÈŒ‰UUÎë…I€ ‰Ý¢Ðª“ñMÞÒã*˜êŸ¿Á±Róî^Åa.»p5žíLõ¢Ò¥¬„%;ë^…Ey)M¦,dp}Ã3åг£«Jø¸áËsŸ¬–5îçƒécÇÎ\çTíUéS¨Ö<¾¡•ÀS׊/V>Á›Ø^ÚV&òƒvã8j¼ThYÀŸo Kl"Œ'æ0J“¶Ì ›iéái…gÉË9û¥ô‡.´:5x«’Nïï8F/^*À«}q†×ÂãÊ'œC¸hsÐ -endobj -681 0 obj -1861 -endobj -682 0 obj<</Type/Page/Parent 519 0 R/Contents 683 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -683 0 obj<</Length 684 0 R/Filter/FlateDecode>>stream -x…WkoÛ8üž_±0P\Ī‰ú!mÚ» -aíF›ÄâðVÚV%6FÍ“üãäÃÃ×ûÙí_“Ƚ¸ù÷ð0@h¢¾¬QJ%ãw”‘H`c#3‚²Ìd¶»| -*ÙS>ÇŸ=2”Ò2·ÿ„ -j’X ;RÓäÊ—ÊZcßãD«w
yT·ÀšOùN?æ¥uL1øq†ë\K›s×@ñ{kª®æ‰ÉpDð³PÈÇÙ æ,õÇc¼^Œ†xíá?ÏÒ0–Ç»±ÜŒü@ÜæQ„¿Dƒˆ¾¤ -Fäµ=õc€kØÛü¡vÁtäÍ’âÆBÁ‹;7ÙBÆérë½Lm¹[¡d!¿™¥kðìY,¬jŽ:.ÈþV£¶òô5GeS§|O¬Ë,©C…ëùÆ -¡ƒ)‹Ùu<Û¼' -$Ü`z÷¾zÞï2jà{>a¼×hcPÙ²(´1~Bbï^uC:ÑàÒö£ÑѦ2Œhº~ŽÞ‡É¢,·‘RÑ—ñ¥·´†_Dвzru{CÄo÷FaM¸Çð‚v¼hÀc<p½HU=¢ÁRip€w0hÞ/Q¡,{ØäÂËÃïžn½þT -tëòàÄôx
ìQ¯Û?*îÐòlØÍ,øËB?•ÿÒZ‰gÉÓ“™IN/uò!Eâ)äüŒË¬0îuÀ/dÑï¡Ð:,§#ðú(:8…›—¢Ìxyâņ鉡8Ç¿7“ùüóP¯k0AŒª¼p~òÛ*xµ[b4iñmÞÿÚ1ó9ó»‰äu¯EéòP* -Æš¨¤‹äËö âÍ tôϦTa;aÅWóù&UÊþ1 ßÛóÔO »#.CÏ©.¼Ø#._R,VlŸâ1&Æ—mp~¥ûa”V=ñJöU[Þ!‹°£ÅxŠ9 -endobj -684 0 obj -1795 -endobj -685 0 obj<</Type/Page/Parent 519 0 R/Contents 686 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -686 0 obj<</Length 687 0 R/Filter/FlateDecode>>stream -x¥WkoÛFüî_±ÖlÙ’õ°ý¡€_IÝÆZŒ¢*‚y´.&yÌÝÑ -ûë;{GI㢊À±,’·»3³³Ë¯;}:Ä¿>Mt4¦8ß9vިߧ(å¯ÆÇŠ:ìRïÞj'Oé]ô·
›ÛvÿÈžãŒ#Q=LhŸÜBI?Vç’”µ•´ä4iuö"i©Ü‚½,2-U<‘Né6¢ÒèTeÒîñù‡´ß?ê
}ßÏÅ<«ùˆD‡§ÊåA"b8‘—¶G¤h!pxª«"AÂáÌÊJÓ»<‹òEªJ~*!]pžHKmžqžS¸*R‡Ûq¥ÊXG1«ëRáäÄ÷d:µŸoª¡D;mj¤èÊrÈýVu8J8pFpx2Ú£¥¡>'ZÚÏ„«…M‘ÑASÂ.<k8DVÿÙãï¢ðEã£qoLÃã >ð:ÒÀï õ‡Ì/î9ôŽ·>îôèòîæìúöóÅÝmôp÷±ç¾9:¥GU€2ËD]ê\ çÎYgôME>{#žþä¸1N˜Á{mbï*à¿ F‰l“0”•…ÿ>øFãɺ„þ Ä€¦¡†•ø4ö{(§%Ò(“(KY$ê-…%mÔ“*D†DåÚ€¸yM¿èEA?S$Mi/ËГéËÁ×"'-y†â¬Jð”g%Õ†ón‘XjËõ8¼©ˆF>P0¡”Mþã¦ypùdÒáàö.º¢Ó -ñ„ Aã9ë¬×–¬b©&U,“N‘7*6ÚêÔí¯áYŠ’IѹP…šWŽ-Š#±›t #ÈYp–=šJÙtŽïˆÉ›àh8v¡—¡kˆ.…ªäÑXx26’ÿØÀm7Xؼ5ù§DÈÆ™sL¤ÜÕ)(õ¾Gml¦g7Þ8ÀÂ`ì{i÷{ú8Í9gÌ2oIÂÇ*3ö6oϸ*,æ}¶ûx÷ð뇇»O÷[þø]…ûgï¸|.Vx¶ò~¹= žiçsiöèÞ¨\˜z¥Qo¯yœÞ¡â\ÄÏUùý³w=ßtVø!®xºº›èQ˜”s‰{t {,t/ÜÂÏ -ÊÝϬwˆJ¤Ñ¾Q9ÌõW˜Öª -ÖÈôêâÓÃuô{S×ãÁÎÁŒÍÖ¯4ŒA0„U–þ56ŠéÎ[7©$¬Pü\ a¦$!Ó×äþjI@Þ2a˜ ÷&*Á -endobj -687 0 obj -1763 -endobj -688 0 obj<</Type/Page/Parent 519 0 R/Contents 689 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R>>>>>>endobj -689 0 obj<</Length 690 0 R/Filter/FlateDecode>>stream -xmVÛNãH}ÏWÔÓNˆI¸$aÞÂe%¤%a¯F#!Úv%îÁîöt·Éæï÷tÛÎÅŒ€€/]UçÔ©SüLhŒ¯ Í.éjJi9¸‹^ÓdBñO¦óÅ£ñxLq:Üæ‘ËyG–éš2Å?c]N£k¼?Œs¦ïRezkiÓ?–
e‰DX&QXM†ÌØÒVº\*·6Ò:³‹(Î¥¥JdXŸ<¢T+'¤²án°_l›zr]úÔ–ÓÚH·#„WN®%›sÊuÉ”IéÓfwN£ëŠJ.66—•='óîtE•ÑkYð9 • -ÕªîñƒÍîžÝYÇ%½
·Ú¼['œÔŠ°qQøß(GÞÎ -…dWŒåh]F×C’¦WÒx` ÏúxߌØÀhU4{FlŸY/›S@©( -ÎBÃ_Ï`yv‘¦l-=%6߃ÄÐ;…@2ZkÉþÂô°‰œ@$駖…C§OO*Çfä%÷Ž¿
eÄ‘V¶ËëA -d¼»&²eR k·ÖR¸¯ÀÖÇõ¸¼ÿöã%~Z-#÷Ôþ¥Â'^÷ƒïC?dU\X_âEµ
éñÊN׆C¬ÖQS)ÑýúèÞ<ZwÐZ¤
®FP,%0+ -Â[a!ú)ï,6´à1`ÓÕÍ-Vìõ|†¿/ñ›Y7K{Þ.íÉtù…Ž}}´¸ánÖèŸh0(Kk¯ö0‘¾äQsjÔΣۈVÏ‹§å¿÷«eümõW˜å¯{!C¸§àéÃœ\Ï®£9þ{À:¾™úð(þïÁÿD÷Ìendstream -endobj -690 0 obj -1019 -endobj -691 0 obj<</Type/Page/Parent 519 0 R/Contents 692 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj -692 0 obj<</Length 693 0 R/Filter/FlateDecode>>stream +699 0 obj<</Type/Page/Parent 539 0 R/Contents 700 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +700 0 obj<</Length 701 0 R/Filter/FlateDecode>>stream +x¥X]oÛH|÷¯h8œHŒäoûpÞu‚3°ñåÖ:‹Õ‘C‘ÉáÎèß_uÏ’iìÓ%0 ÑätwuUuÓž,hŽÿº>£ó+Jë“Ÿ–'?_ÐbAËœ/]Ý\Ó2£y2ŸÏi™ž¦…N·äM©i¼n¼#“Ë÷Öš¼¬4µÊ´:uZÓ¤2ÓÈ• eÚ¥¶\ëŒHÍ«^}˜’j2\¯´×rDç´Mî—dì‡å÷“9ÍçÉâŸÊo¾Ü?‘„ÈîŸÕj[6R´Vé¶k©ÌÉê?»Òê,!>h†rú“®â¥³Kšß&W|úcNªªHWNS®ÊÊM©lR«¾;U¯ÕßÒ\wBATéWÜIÞÐZûÖ
K!‹y(è#Ò'Û5H¨EBÚ“·*0Öl¬ªG•¹.-HḴͺºågíkÓ$ú‡VÆl‰kVÍž´µ|¼nõ.‰‡]%±½é¨P¯šTšj'iª†ž–l_µ2p
`´Îã’'àeªÀØA'ÕHÈDZˆ&7‚øpN¹‡õ‹Ú"䛂§\‹þÁg‡öòçVr@ÅqÔ×2-v%ˆ3¥3‹v…„…—•y®nP%)‹Ûøq&&·þUUàfh^€_þ´<“éòzŽÆ_Ü\ãó~ðt˜™{@Ž›7Ô¿In’³ä2¡oe“™ã\¿»u^ùø\$sNñ ð·oÌ7]Ó8b\XÆ4Rq¢ôªï +¢
ò(1;=ó›–(9vn„PeÒY +¬55fG®Õi™—€ÛÖt› +,…$mPÊÇÏ—; +z2^߉¸õžþ^mÓŠsÕmn¯iF% çPà™g‚qwÄPô +ÿD[³@ÌÕª0µv«U¬Eú?*(+] +瀮q”Hˆ`Q^ª€°dØ 4XŽ
Ôªl<~ †`\N¥eÈW8ÊìÈl~—Lþ W¯Š +ÍhöÒÿBieh¸½HkÑTDAS"«qTÈûâÿöËQå»5² @ΙOoЕ¾ï”[SËoÞ$û‡°|ßµ”³p‹36=\cF¨W8žZC—l1Œa/įÁÑÝ]oä™-_õD8‡‡]aº*cb± ÐIq7MË KòxÔõð,fŒ#ÆÉ÷® m¤Üè]›{29”ÐûO/0”IP¼ÝKÔ EöÒàj½d +©7vÿ‚Ú=®ð<‰"Â…®àÀ˜X±rªq&´ÍM +Wãa €1 +ö®ÐFK*·5Ìw”t+ò¢ƒ‘ÏzåÎ@ð}øíª×I×TüÆ2q-ýžþ)a£— »oÇzi•s;c3‡›÷ÚM¢Ø5!ù§§ŸýíëòñßO‰ÿá1ñ ˆã +ûøù&¾',ÎÉ9XÈÔéóý—Ÿî £à;ûÖƒI1ͱŽ3$Rÿâê·Ï®Ïð†ì4¼e±ÛEó¶“åÛès|€#þ_]ÿËôD‹ëD—/Ï9^ýþsò?B$“endstream +endobj +701 0 obj +2000 +endobj +702 0 obj<</Type/Page/Parent 539 0 R/Contents 703 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +703 0 obj<</Length 704 0 R/Filter/FlateDecode>>stream +x…W]O#G|çW´.á$¼ØÆŸHyàŽ\Bt‚}º‡8BãÝY<ÇîÌffãŸê™õ¾païzº»ºº«öŸ£µñÛ¡a—Δ–GfGgŸzÔéÐ,ç£!Í2j'ív›féÉ_ÅSZP·/êÇñZT+)5e)µwde*Õ³ÌH,Líi2£Êš\Ò]_âFá$™<¼o®¼Ÿ};jS«sžtèä¡ÞKë +wñ—顬 P8~2«´ÉÕ匌=¥ÜXT + oìzôtsßÍåäï„ý:;B%4œãµ7ⵋ?”ÇÊÇMå¸ç¼2Ú•>JFI7$ôUé̬—7•öYZ>z‡ªé’W3[Jœiã—J?’7伩hmjr•LU¾æ…FÒÂ/Q²ðáb¡žêbØ +“ +¯Œfè¸p÷ó¦D˜BÜ*O°ä ©©‹l*Ï'6à3¤ÈÇRœ.ȉr×PÔ)
‰!uiizóa{A8¤Äi»x"®„ŽG««ÊXCêÔ®+8•pnelæöÒŒ’Áÿ4¤>LF¯¸2Lhº–a¼kȆ²üJJM_Ç}”À|¡¯Æ>9aì%íز~ÓîNwˆøî(¶íÎxÐYkkÁ*È’Ò©±à¸×@RÜ€¸ÀÇEraž0+ñåþ·@·~›ÉéÖã-81}=i¸<|=h×€Vé'~uÌ $CóX»SZ`´–âY2«(“…äô”Oh~r¯R`‘D*9¿ËÚÀ/fn÷¶Y`z”¿?æàNÎE]x´úäôDsü¼›Ìç_Þz¸®’äù-+ÏTONàU¦5ŒæMŽù´@ºVdÌ|ÎüÖ¢”ÉÝÕô˜T¾?* + û£Èóy3_Ç CÔÐmo˽ԊÙp9¥Õf^„ÌÛ\ålë4Eâa¸öÑuÄøiZ ºãÀ EÀH/¬§©k:£+éžxO1E§oãr¼×_`~»½ÛzŽ)JJ§%%ð}‰Î*¬ÌŠÕB¤OÕ° ÚBn‰¥’b +P°—…–>‘/ß¿QCGl*C¶Ö”[S†¢Ó‹ù|¥´ö`àÚ³çÝOƒú +)çj‘–ÎØP?K]‘ñŠ†‚a"š´Ü¡báó…XD&g¦™_UÊ3^ÁP*Ì+žŠë/75P ’¹gÐ(-!Ê€²Y܃æ@‚¶r r,ó€Y®,zé1«<÷=5•Š» î˜Úÿ~SÍŽ,
{8dkoêqz“íà0('kM‚§‡ÌH÷@¸ª]ŽŒÎš¶pí¨ñÊÎt»½·Õ>$g‹7æí¿¿âGÉ8¡«Û›ËëÉÃÇÛÉìþösâ_<]ìû›+S +äü‘s6ýDSv‘Öt†£V°;fÇsgœSÜÁÛnÞ4RÉ_jüW§ßß&ü¦ vºã Æ;6c)U%u¦^°Æ0‘V=*tZÔ[mZ¬é³Ôô;ͤÐdÒ…ö†äñ±(ƒ+ýH‹:÷B°àhRap!ô~„QØäßa¥´Ç¥ì}°5£þà“ÛÙ¯t±Û8ìvoØa¶¤ã×XÒ‡,QL³•p‚RZÉü +9"ñþ<€Œ°:g s)e3&a<öL +Ö »îÝnÑn·Ã"è1äíUﶉK—²~ÁŽsسO£}P|T;™^Þ|¸d+üê•Ik~6Æ—¿Õê„›[Ã.žç²“è¡yÀsõXC]ø1ãZ¡:å÷PÞ©ô*HÓ½%£ìBÁáS{ÃØNì÷øLÊŸGÿVCendstream +endobj +704 0 obj +1723 +endobj +705 0 obj<</Type/Page/Parent 539 0 R/Contents 706 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R>>>>>>endobj +706 0 obj<</Length 707 0 R/Filter/FlateDecode>>stream +xW]OÛH}çWÜ—ª©(+Q +´"°ÄUÊËØ'SlwfœÔûë÷Ü;¸&ZU•hÏǽçžsîõ?3:¿ÓÉ%ÅÁ×è`úí”f3Š2<9»8§(¥£ÉÑÑEÉÈEIn-‰^T™ê¥yD‹«ûɧèÇÁŸMN±aÔ*ÍFJ°1–¤JëDžË”„%©p”!AU.TI™Ê%‰2¥Ê¨Ò‘
—£—‡§¿þ|zx~¤6¯Øï”.I›öÎÙÉä˜ïë—Ÿð„݈ÙQ%ŒS‰ª„“AÐ.øÊk]:£sZŽnî¯îæTÈ"–fLFÂ4ݺ$¬Ëí»{¿Šäµ®Þ¯\~šP¨¬(·%gjI‚{XLéE˜Š>Å1ݨ•,ô(ÜÚçèaЫ +•‹a²•Ñi8;& I:£íZ%kr/Õ=™Š\—+Úù^ ‡å‹4¢l¨’ºBM‡Å_i +ÛÕ€dµUåjLVS.ÝGN°!§)É¥0ž$B™áÉ·àBÓ»™lc,P€_kÛÕ\ûZ¹R–/H…±°2`»û™„‚‚S(¨B¹ê‚¤Ò&F„ÈÈ(§D®þ
lR%*S„Ï\#F• ¥œµï%Éjµ9.`¼ŸKõ“n„,ti¥'™©K,ˆ…
ƒÛ{’åF]8j†ÈæÞ\ +ß +ÑP)á +ÄÌH‚¦Ã<™%{S + +»Vú5‚yuºb·aE ƒK¾;ÐßïõJ´Ço
¨¿'ж +$ô4S²Ý2«ƒf'}1,üúabžÅû‡ˆEG¦–àáȯmÊ^¡lkÖ=ˆÏîŠòâYͬã^£iþ
*ÎQBha¾q›Íj¤ÑEþvIP%\[ +½’ùYãMS~°ÍB;<dŠø‹Û—#5ÁüÙÈÒBí;Ô»‰ex;<œoõ‘ùyÊ`–AEÐÌÖ¨ã/=«Ê1u2uØñ¡Ä +>>#V¾Â)|êéùéäïÀ8ñógþá6:øûà?Q$$¤endstream +endobj +707 0 obj +1722 +endobj +708 0 obj<</Type/Page/Parent 539 0 R/Contents 709 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R>>>>>>endobj +709 0 obj<</Length 710 0 R/Filter/FlateDecode>>stream +xmR»nÛ0Ýõgt³’¬HB7; C“´Q·,ue1¡H•¤äï{i…÷ò<õ'+óW )±©¡¦l×eßn+º'uÛ ë‘‹<ÏÑ©ÕÖL.DÐ;ùOôn’ÚâCƒQ¾îoðèõ$yx½¯œÞCÏ«Çë«ç»ÐSÐ^¾B%CJ5ž#^t¯YŽu±%+XñyÍd~g ;©ÞóyvGžBY‹*!t#@Ú¼˜–,fé£Vz–‘À^<ÍF+µ³pCZÁÓözå‹„àÎÔ~±¨íþ‹èà6ž¥$-Xwt uWnšÙÒq+Ž,CÇÀRö:Dÿ)èM—q¨Ë
›©Ú†ï%O–ÊÚSeE݈T'·uV{Øm¹÷J*rdê01ÛÑfB_/¯Ö˳U+ZQ +puƒÞü’Æe1•’ ßñD1²ßdä—“SºþÜ1SÚPH¨US‰–ÿ!Îþ²>™ø™ý³Á•endstream +endobj +710 0 obj +383 +endobj +711 0 obj<</Type/Page/Parent 539 0 R/Contents 712 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +712 0 obj<</Length 713 0 R/Filter/FlateDecode>>stream x¥WMoÛF½ûWzrP[¶dG²{K‚Ð8n =ä²"—âÖä.Ã%Ũ¿¾ïí’M‚"Ž“»óñæÍ›áד¹\âß\V¹ZJRž¼]Ÿ\ÜÝÊâRÖÞ,W7²Nårvy‰'Éé»\U®åv&Ÿ¬ÉŒNå·uÖËF7ÖV>›ºÎËýúÕúŸ“K9_\鲩|ºÿ·´ÞØ-OmpGènŽ3tw~5Ÿ-xüv6ŸÉ›oj•4ñÔµÌçý©ÅŠgÞÛFokÕgÅeÑ:Ý|0Ií¼ËšQ,Òäµk·¹ˆ’¶¼`à’+ÆŽÀdaR]#%%¿ä®Ø¬›â—>ùUÍàŽn«vÜ,«¶aZÚîLíl©mã%s5,ÏSê™|ÖRÕÚã¥Ä”–}J§Òñ2==Ã}w–wc“kyTåFMbòi´ðD…¸jUzAZJ¼+²l\¸û<uœÝºD`Ñ» 8š×B¡LYá%G„a|âôˆó_ï$QEáÏä¡h·[³ò¦E´¶1I¼ÿÁ¥m¡q‚%b÷ªDȺޙYu¦IrÆ ;®J7qy¿–Ô• %@¤µÇ«J+ ¿ø_Ã×ЙC«\ß¼|<öæíl14E
¤C\´xq7°‰û&ÄÕé¢'ë:#WÍÚ'W;àšš,Cƒ€‹¥Ku)^ëžÔ„…ea–“ºmÑ|’EK”‘D‚§G6äÖ¡+
ŠÁæ90°L
…Ë ¡o¥T©&ÎÌ$mÑ€×D˜*¡CÉšÎI¬&±g‡ Oƒ®ÞìY«ëP @@ -1564,11 +1599,11 @@ x¥WMoÛF½ûWzrP[¶dG²{K‚Ð8n =ä²"—âÖä.Ã%Ũ¿¾ïí’M‚"Ž“»óñæÍ›áד¹\âß\V¹ZJRž¼ LH«Òóˆk€=†ãq`IlC:Â. ²£>íQRc¯6HØ ‚O½Â :}«¨*£#"F&Ðÿ9äÅÇSo~»œ-0õæËx:ÞHogWX`8Á@#î”òÐOáHþ߇ñ7‹õ›!ÑPE•æ<PÛ°Éãù¹.T)–rã¾Ql¢šrY[¨J]n ‘Ý?>†-câ3ä¿ endobj -693 0 obj +713 0 obj 1671 endobj -694 0 obj<</Type/Page/Parent 519 0 R/Contents 695 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -695 0 obj<</Length 696 0 R/Filter/FlateDecode>>stream +714 0 obj<</Type/Page/Parent 539 0 R/Contents 715 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +715 0 obj<</Length 716 0 R/Filter/FlateDecode>>stream x…WMsÔ8½çWtqª3_äãÈn-‡„, ¹È¶Æ±%#Ùãõþú}-Ù¥€ ÜDÎà*Q‡û„•„ÏdJqÇÑSS @@ -1582,11 +1617,11 @@ x…WMsÔ8½çWtqª3_äãÈn-‡„, ¨ò8HY3XÏ~åeý&E“2élÀ³Zd¾µçëÏÉVyhÏö {·©Œ)p$S°Óg9.Ÿ™W€žw*h‡ßÍÀk6c#F#y´ªäïÎoÁ³"ßW5¬3wŒíí7<áw
ÐÏ·ìœ7Äœ¶À²Ý)Y¤`§ ؤXm÷äûÛ¯çƒ?3ÊÞàg‘«ÆV“}.”ÁŽ€˜ø@¾Ÿ¸´d¶HÝ”^ªÃìfx¡o–£ßqƒ2ñ¦‰ýTB¾˜…X˜=6³|DÌ#•wsìŽ
‰ï™ÿ¾®Œè# )ý}öüjÙèendstream endobj -696 0 obj +716 0 obj 1690 endobj -697 0 obj<</Type/Page/Parent 519 0 R/Contents 698 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -698 0 obj<</Length 699 0 R/Filter/FlateDecode>>stream +717 0 obj<</Type/Page/Parent 539 0 R/Contents 718 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +718 0 obj<</Length 719 0 R/Filter/FlateDecode>>stream x…XMsÛ6½ûWìøäÎØ´%»þÈÍqš™ìº•2í‘ Ä$ ºÈ...h™ŸÜeWÙ<£'UkZh÷Zåøw[…|óÓòn^ÑložÍopód¹Ñ?:}JÖÑÓbqJ•'E¥V¡sšÂFþ†Z§½nð¹¡Z5;úúôåO²v*TÍšüÎ]ûŒ¾RÆØg÷t6»Ìæì6 Ü/«qÉ6ä»|CÊÓÆúÐ Û•Jy0š‚:¯Ý›K,4!k^uA¥³5UYj‡ø¦^mçr°>#;ý·ª[£O‘ž°Œm4ÅL¶Ö½àK «V»Þ|ÊëM @@ -1595,11 +1630,11 @@ j…ZšrXj|§èÓÓ‚s}EäT߬‰ÏQ_³ôh~1V#âRmkª<Ö¸uvíT]3vª&hW* yßq)B/AeL…±ö³Ç³.2ù½kP‘Æ[ziìÕõô|ÿ‘€fBžˆº‹|½òÁ)V¿zëùN Á¬«þ‰ ‰‚Î75v
ÒÌP· endobj -699 0 obj +719 0 obj 1819 endobj -700 0 obj<</Type/Page/Parent 519 0 R/Contents 701 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 232 0 R>>endobj -701 0 obj<</Length 702 0 R/Filter/FlateDecode>>stream +720 0 obj<</Type/Page/Parent 539 0 R/Contents 721 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 232 0 R>>endobj +721 0 obj<</Length 722 0 R/Filter/FlateDecode>>stream xWÛrG}ç+úM¸JB° @o‘ØV_bãr\•viwÏì‚øûœîÙ…ÕÊqR*_3}9}útÏ÷Þˆ†øÑ,¡ñ”Ò¢÷rÑ»|=¡Ñˆ+|3Ïh‘Ñp0i‘ös³ôÊ(wî!Pµ¥rcQêlé]N+“k*eºÔ¾0VÓ~£J*\Vå:ð7¹S™œp¸ª‰T…liRUg)Ýèô”ÍÈX¹ûbqßÒÅh<HHßùLû-Ø«±p²R©¦B=ÀºÊ2c×0IVﻆƒö;ƒ£+ç髱K;L´ ‡sRyŽxªÕ:CBˆt©;¾3‡|àWÎqðüýåkÀ'`õ·ªø{M‚‹_6Hökˆ
¤nk´ бp x/ƒN+oÊÃe×£Ân?Þ¼{Šxà¬øt(¯s½S¶¤:qÀã5 –©2ºFÆnÿÿQÔä@Ÿ5ŠY;Ì\Z(T,“ÀX8ÿ"]*“‡óë¢ÚÐ4&4™ÏðÿÅ*²ìšF“Ȳ«ùõ`ú„g׃ ~è¢6¼ñd»»¥„¹ò¤ž0Uû_A'P ⛨õZ.2è^Kꕃ˜™Ûz¿Š˜’À†øƒT=(™#ÚïP÷ŒYº2¸ûÿéîöÛ‹ÈÂìpD!7ëM™(3«•ö¸Çtúòþî/0Ú¤Ú(Tƒ¼²kMnÅÞ–Ú×¼â*qðBÚéA² `iÍ€ @@ -1608,84 +1643,100 @@ xWÛrG}ç+úM¸JB° @o‘ØV_bãr\•viwÏì‚øûœîÙ…ÕÊqR*_3}9}útÏ÷Þˆ†øÑ,¡ñ”Ò¢÷rÑ» ¥j«–x¡oOU®ñÛ-Àå Ô¼¥âKE–ƒ[QæX
;íòi!ÚÝÚÈj›ü.úËëÅ™×ë*Wþ,Š48‡îcC„p¢<Á¾i*·Ø/±jl|1Ö©¹ÔäwZŽÜc \j(ɯì±õE.RVJ“žÉ¶°e*ï°SAÙÍŠ˜Hña"Rª
ƒ+ËŠëÙ-¾Q(V^l?`°Èsœ,™>²€×pPN^Ÿ8´Â"ÊÅƆ¹Ûö@<pã tùz^¿æFS.îtv5˜óBÑøèÝ= Ûöcˆ+p_̼’³þÿ|½LfX—ÓaÝöþZúÑendstream endobj -702 0 obj +722 0 obj 1779 endobj -703 0 obj<</Type/Page/Parent 519 0 R/Contents 704 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj -704 0 obj<</Length 705 0 R/Filter/FlateDecode>>stream -x¥WÉnÛH½û+*§È€D-V$s8‹Ãð2‰_|i’M±c²[ÓMZ£¿ŸWÕ¤Â™Ë ˆm½T½zïUñï£9ÍðoNë¬(«>mŽ¦ç+šÏiSð£Õéš69Í’ÙlF›ltW(”®rº ÆQSšðçñæveÝ®É:9Å¡›|t¿X)¾\v/ùÝd±J–ü~ƒÍ¤ªÊíÒôãìêÓ©¼6Ö„Æ«Æy¾Ãëê@ÎÊR-VÚÆdª1xVë¬TX]‡~Åõfzgìâ’ïÑd~’,ø®Û/Ÿ©àópÏàrå®V†«SíCBÔCmÀ²Ž*g·Ú“Õ:ç¨Jõ¨)èBœš/›¼¸Me™kmóTÌ'=jŸtô(c[È]éztS¼UnìV0F€Y[#ñÿö·›»Í
õ\³µÈ„1 ‡Ðèú5ðŒÁEA×’òšÈÔ»Js -uµV*¤Z§Š2g³m2K…+…ð -ŠÖfÌp\>Hqol -!ç”+];‹Ðn+H—µ -`ˆ= -&´duT*ØM¯LÔ¨µ,`žâbQºY‰.»ÅããøÑôüCßbB›Ëx¸†ì[‹X6ƒÃzëˆûv;â!nyR|ž˜æ]ø¨ûƱcdžˆL@\DÚ»¿ô•Ð8Þ=H‰W•¹øŒ¬Í•ÏEr]ùyŽG#9!²}i²’B»Ãð!éaKø}Gxn»Ñ¦Ô°›F‹åªôšêÔ'n,Å'˜÷jÏþÿä*¥À]¦òJˆð$ -2BØU|ôbùf -m‚VOx"ìºõîÆ[tòøý&Ù1.“¸x²^Ìxõo&ýåzÙM¯æ¼
ûëè_åˆè¯endstream -endobj -705 0 obj -1841 -endobj -706 0 obj<</Type/Page/Parent 519 0 R/Contents 707 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 235 0 R>>endobj -707 0 obj<</Length 708 0 R/Filter/FlateDecode>>stream -x•WMoÛF½ëWCÄ$EÊ–í -4uჶÖ.Š%¹/¹*wiE@|ßì’¢¤8Ž+´HÎÎç›7£&1ÍðÓyBóeõäÃròËr2/.h¼´+ÜÌ(Ip9½8Ç5Žgá)µ’ -ÈÎh>Opë_Íçáb|³À›áÐb¯î¬àLï.0]Íè’–ÜYÀü2w¯g´Ì¦Öö½Y~žLItVgº)ønFaÙ‘Z<HÊ”Í3BmM¬¦Z…™ÈJùŒdyÁ¾Á¦²%.MZ5ù3‡Ø‡ï¼¦ª1V(ÅbÑÕ)’ÊÑ1É"L8¨eYÚTJPº¥\¢Söd8Gwïo>¼ÇEi#¥3¡"#êT„DwR’-%Q- à%suµl¬°•n¨*h«;ڈƎνY«L]ËM)¿TFBûµun‘PFSÚU*wÆú´ä$¿È¬³"U’D““ªÒV´•4¡+¢CØŒÎ.æ¨G
£d€FtuÙç2gó$\†g!¼égW;.Icj’•!WÉ™ã¸{WFÓ‡YräSŸd9JQ#e.¦¶köƒ¢\Èi³e«»U¹3KîH:½®üiøPµ´nõZ¶Ä¥áœ›“£LíÝâŽââï¹5b~ÄÆ”²5…¡/rdt×f2âe|ÿ»<DeøQoqˆöÚ׬ÐêRY8ŸIcD»å\ãpö -”†¢™mjUeHQóðîz« -ŒóâÎ}ý8LŽ¾Õ›†8°\!vVæpÿСi$m¶Kˆ„škÊ‘GAe+tMèFh_ÈÇÊTŒÞ¢ÕuïP<tò㵞õU›¸?6æ!ãÜßH¥8VÈa´ä|-µ±xX)Xf_n¯ï~=ʽB7[¯qƒß”•yú¥ZæQXÍ™CmwÕìY7HÎ|GPÿY´VþÎÝyû@‡ŒôÜ;È›Räzóry—x/Þ§`OÿˆúCF|¢YÁû-ß7*ó&÷$ŒívT[â:ƒÈ€ýPàc*÷ôNn¸Güò'Vµôu3[ce
¶JHfî,7!½…À«–î§\J&×\7¯¹ÇzFqGîßÔ›ƒg-š®éص]9^H‘ÁŠvÞô/ ,×õõEßÍnpsÜ4‡¼qŒañ(*å˜ù€ŽB„2|)Ù ÂÅÈ î•ô,ŸÌãÝnð-–Of3,
ûßóü|ŸçM>ÑÑ{Œy'Ñ6BÑZ´¢–(ðÎóÁ3:¦ W{Ðâ -»Ÿ^Ü¿9”qÒ,ÃPEvW¼Üla´KÏÃH¹Žˆ6ÂðóÀù,Vë¼*ú‰Y5™êr¿µŒóg å¾|®”N…ú$™ñDÝ5Í1‡
‚.”qMtTõC†?=õâÔ2z,ò΀M†9ŠˆúmI¯ß¾>ñŒúñÓÍûëÛ·Ãë§öý2¨°~¤·O ¾b+ÔUy?!â>O´¾8Ù{Äæ\*÷–_Õ`J`Å)ÜéoÛ[½Àž#ég
BËKú©+¬ È0o h²ÓÕ8ŸµÇ*\QÌn¥“®Ð?n…Šñ3¿ ÐCîwß|kõg -endobj -708 0 obj -1379 -endobj -709 0 obj<</Type/Page/Parent 519 0 R/Contents 710 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -710 0 obj<</Length 711 0 R/Filter/FlateDecode>>stream -x¥V]oÛ8|÷¯Øk’¢¶üm'ŠCÚ$EhÓC]ô…’h[Ž$êHÊ>÷ão–¤”Æu—F,RÜÝ™ÙYþÝÒ -Uhi*Uâ)n¸2kUç)Åò’^±& V¦- -K›ÿ0—!vi›¡òe¦ˆÊ§„ã/dWÈàR]¸âÏíÞö;šƒÕ|éaü_Zop 5B¾;-Hä;±GB‹Re©#0ÏÏ`7¦†8ñz†vd ¯ë²„CEÑû‘0zBÒ¿˜²jL‰ÆëïDƒÁ¥ûk—ÿ¤v -ô^é«®KVï9ó&Q…„8°‰µÂÚŒ™@.ÅY¸/½Ì`›/™N訧ì0O–ŠzõA¾‹5@ž 8_,’b¿dúIפó-xmû´ÍòºEÍòA&»tç -åŠÚq"7ÞT«¢0¬{#ö -endobj -711 0 obj -1202 -endobj -712 0 obj<</Type/Page/Parent 519 0 R/Contents 713 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -713 0 obj<</Length 714 0 R/Filter/FlateDecode>>stream -x½VÛnã6}÷WRcãEc)r|IX¹y±hsi#´(š>Ðq#‘IÅ5ºý÷Î’•j#lº½$€‰CΙ3s†óЋ`#˜à` -IÑ;‰{çqo?8<„æ¡ïðeF#|Œgø<šSЖhŠû'³`äV"Eôÿvi:9@K¿i<Æ~½à>t½} ‹pŽçB¼D8St§nyâdpz~õõ)×®ËE.LƵyèíÃ0B”hê,n’ŒŽÓBÈçÖÏ¥åz¥…áÝ6ï´*Wpr‘làTsf•†«µ¬<†ó1DF0M1TtgÈD)+”„Ý;n¹´»0 RaÁ¡4<« - -ÍÌ’àž°”/Y™[DÎóܘ(U†á>›9Ö0G˜ŸTIÌ fÚ³
5„šUÏZÞKIu‡ÑV§(’Ît«’’ J!œmÓ5žL\A7µLÔP -X‚…½"ÍSƶª®Êß2s¿GèpÌB¥bé‹Ê»“æk²a̯6B0‰+KG°4óî"òQa“ûš¬UÌA-¨³Òj…ÌþPr™pıiÃ'¯¥ÏSmˆësϼ׶gèÝs¤uXWâ—Zuti$uœaitèÚUˆJZ°ë§Íf-ÊM%Ï|CéÄêÛuu´M¿ô\BÅÿ“ÆB„oÛYu1GßÍÜ1·ƒÛ×ð{†ê&€êçÛ÷—gown.Nv:x’)JèïÜx¨ôifP?Š„›7еµÇsLSè£ß³«ëøýÕåM‡ûÎã¿{Ûÿ¦càu,ùÐ.ÿ÷Ш´ ~_ÚèÄö“ïJ]üÿG©{* v«¢|ƾ(¬_ ï·Ã?àÈ5dõ‡Ñ'_ª/¿Â«WØÊ$ƒð‘9Í݇¦\˜q=ÿãG¸½í(AU`Q‡…æ¶ÔXýÞ¬eô½7×A{ØA«Õn£áŒaëƦ©57+%SÒŽ4²àÍ‘•oص뙰U—ëI$w¨‰Ïè]þ5¹# 'w꥚¿yŽ->Ù^sòEòw4ýyüáü°ºà£é4¨êÁÍñÅÉ1\kõG&8SIY`šÍ”ða4¡ñp6©;øÉbn[1ML®JK¶ãÙg7Ór¾ïý V¶_\endstream -endobj -714 0 obj -1144 -endobj -715 0 obj<</Type/Page/Parent 519 0 R/Contents 716 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj -716 0 obj<</Length 717 0 R/Filter/FlateDecode>>stream -xÅWmoÛ6þž_q‚"bÉïv -Eº6X°µëZcû°-Q6kItI*ž?ì¿ï9êÅŽwÙ°a `X"wÏÝsÏÑ_NzÔÅ&}Œ)ÊN^ÏOÞÎOºÁtJû³ÄC—ú}|§“`@£A0&#)ÁVØO{A߯à;ojVúƒ~0}re0˜46Ãa0ÜÛûûÓàrº_M¦Uì‡={Gˆß¤ù@ÀáM—®hž -ï… SC[,ìΆ6[|
òé1@FºÂ -Á$ otž¨eU"‘Çôáú»o†Íþ~À‰Û„vº •¸—”‰X’räVÊR"Ì¥_Zçz‹WÂQ]
ÂòV›5ê½Ç2ŒðΩL’Ó¤r'—F84Ìe
z€_½‘Ø¡tN:!+²…ð¡jì4ÔPÇÏW’6"£¨‚V%*•–r)cv¸$R'
žT^†oÜÀúîüŠF˽‘™ÌpëL¬%-D´.6–£ÁnCÚ¨¥ÊEJeæЛ>ûçJ…(ð¤Üçôœ|L¯Íµ»ã9-H^pwQy¯“>×´”®‚Dš"‰±ÎÂ/ÐÖ'ci4Bº¤[Êt¬Å`‘ã…>‘åz]ë2.JŒÎjÃJB:ýQÉQ¸Ë‡‘_ -ÅI¬þÂT-B+£Â(·cÌ¿Y‡4Vך¡)œÌ:|B…±EºÈÝ¿pè>Ç1q=œW¨Eüp*BP;øÿ7#Çãú“ÊÍV¶`-Òeç2°¦+S\厩â%L\b6ÈÜ©¨ìÕê(Ú¢A=sm2‘Ö)¯!Õè7‚ð¹hv«S‰öÕ†¡µ3ߌൻ‹K¼Ls4‘·C“°Ð%nS3½‹ãL\ö¸ÌÅçálD\ï±—X 3±C'‹ÖÔ%Z‰|YFTFAx)›2ûèÂï -!Å¥ÁãhYx!)÷³¶•«M×Þ] -‹¬>5,óÜ -Óýß3ªR>´ßÔ¥mÏzÔä°-HUµfPχvÏ€Æ|Wæìi¹µƒñ¥ýT#\Ÿ0œÒ]9þ¶¸PA ¡y5¤Bæ1¤üÌÄ-HÝ«¸À¤ˆ¡‘Ãà@RÎõ9Ôt†r%‘)âÜ“JPß›p»HÌ^œpP«•Æl=ì@þl“ò„åéa’cšî# -endobj -717 0 obj -1422 -endobj -718 0 obj<</Type/Page/Parent 519 0 R/Contents 719 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj -719 0 obj<</Length 720 0 R/Filter/FlateDecode>>stream -xWYoÛF~÷¯ U‹:lIv>8N
ˆ7VÑ>VäRÚ˜Üeö°¢Ÿo–¤ZŽÛ&¶!K ¹s|ÇŒ>ŸŒhˆßÍÆt6¥´<y3?ù}~2L..h÷b—ø0¤ÉxšœÓùÅïGÃËdLVRŽ›‡4Mð‘/Ñxœ\ÔWp."Âö'
n†tIóQ§ˆ2Ïâå!ÍÓžHS´'üXù9(+3~OƒB-N¦Á*¿T¢üè¼HgÈIû¤Rù›Û8/˾~õËüÓÉú#äÓ{N:§Œæs¾óÐÁÍ9FœzD}4cÌçÏW’8$×U_í
¤O9Í$f©t}¹}¸G¹*$¥BÓÿVB/Q§–Âò8œ(%Å&!ºõ¤Íš -cêQâå~m6ì'@Épý\)~^+–Û)½ß ‹ŽíâBž«TÉÊsÖJ/”Î¾çˆ Õ28ù1WÖù•pîåŒ^+ëßc¯ÌWÕ&Âx¤Ìaÿw§vG¼’Åà<·pm,«çÇúã„t\¦òЩ("{Ÿs-5Ú™B6 ×âŽò€¶œ<¥[Yi±¦jÁLZ…Fì÷ {îÚ»p=¨PKGÂA½¹±ˆ³žDoÃFãrÏj³Ø¢M¬#Áý baž$)JÞP¦œ( -Ø€5ÆÃ`)ŽpÝÆÒ´ôÀú‘Íb?
Ñ™võ¶òj²z^ý˪ÜO’;A"÷M"‡U÷¾ÝA®k)=Y•‘ÉIhm6J/‰2…ìdXYSVÞN-¹]ÒÜÇÌïF=ÅæGèŸ=ßË'5Uí¬MJ8¢¤Òd¡ -ÐDî£íè–¦<x²&Í õ Äf³ma›ŽÚ†ÃÐ5/âI¨B€z‘d·wJ‡/„˜%‚›õ’q -•ù• ËUÆ"oN0£¬öÎN6õs¨}M¥õBqÀÊ`1A¼„nÀjÀ³íyXr´€/Ÿ¡òÆ8bZ×hÞ -}d~yÁLïÝ&Ó¤Íi"JÅ1âSïyËx¨÷'zˆ|3º/Ârq…m€¨4"LtWK¦¨©.¡96ÂßBîW {„øÊëàÿðÐýÕ-Ñ„m:w,éÏ÷·rë’†æi»qÍ@Ð3pŽ9õÏx:ëÈ€/÷'¼yâú=)EU!ødN -endobj -720 0 obj -1578 -endobj -721 0 obj<</Type/Page/Parent 519 0 R/Contents 722 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 244 0 R>>endobj -722 0 obj<</Length 723 0 R/Filter/FlateDecode>>stream +723 0 obj<</Type/Page/Parent 539 0 R/Contents 724 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 235 0 R>>endobj +724 0 obj<</Length 725 0 R/Filter/FlateDecode>>stream +x¥XMsÛ6¼ûW¼žªÌH´DË’==tœ4i3Çn¢Ž/¾€$("æ‡JVõï»”Ìƹt2±%xxûvü÷ÙBæø·u(+‰‹³·›³ó+Y,d“òÑêj-›DæÁ|>—M<yÈb³ªÍù(M%Mfì¯o6ß°+îvÍÖÁŒn’Éc¸Z‹¹ì^òÝ,\K¾ß`³¨<¯ö†´|½¹}{#*)LilS«¦ªyFóƒT¥["ªÅʲ1±jž:ÎV¶_ñysþ`ÊðÏËlq„<ëþ·w’ÒÎÙ*•¤*”¡¹"Òµ
Dz3ÒZ<²’¼*·º–Rë„^eêY‹Õ;?5›œ¦â¸jËfpÊGKϺº”ôYƶ>!YÕg7Òˆ[%¦ÜºÃÁ¸-øÿKöw›;AÖmͶD$̉=ØF/Ï|LåPµ¢j-bŠ]®é +dœÂß¾6ä›Ç7SÁžTç-‘tÖ–1»¯áP}C,!„‚NžË—ßÏá2¸–‹Ë9ä¬Åeˆßþ[._ÙÜs|]8;¶t¢tQ•ˆç>‹åST¢KãÃQ§¦`øz\œ>ý^H¸¸|qìéw¼½X‹“½tŠÞ㨷ÒÇ1v°A¹|:÷:¶·ž~Î,LPð© +l{P£9÷™‰3±í£žó¨\༮”ÇÁÅóœú| +}/v]ëTQ:~!6Õžº8°WຆØrø\†DÓ–OöÑËÖÖç¸OøÇCõ¸üåÊŠ;çžB9:-:É‘…ÓQ\¾¨šµ&'—9E`“y(Bü»ð|‹õ}ˆ¢ñ.xlXôüÞ“ž».öµ4Û™Ë0z‚þ8â⮆’…vè¹ð˜4Åâù»#æsRWÏL¯âÐ{•î~”ÁÃB0Î'Ÿ´\^ætÂÕ?"ùrKR"ó¼KBÇ5¸,_£7«Íeµ +V¸Ç
Ï4‹@Þu—?ðõ™qEy „“évð¼¼DR~¯¿Tã–c#ÀÍÝl³ +Â$«ëÞœ<.ïëꮘü=Û…GÏf~ñlιú•Ùr½ìÿê±ZpJöçÙ¿kE@mendstream +endobj +725 0 obj +1988 +endobj +726 0 obj<</Type/Page/Parent 539 0 R/Contents 727 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 248 0 R>>endobj +727 0 obj<</Length 728 0 R/Filter/FlateDecode>>stream +x¥WÛnÛF}÷W‡(ˆEŠÔÕA[ ië"IÚZouQ¬È•Ä„äª\ÒŽ~|ÏÌrIÊ!PDqwæÌœ33»ÿžE4Á¿ˆ–1M”goÖg¿®Ï&ÁjEýGµÃÄâ³ÕŸQ<
TiÚb턦³9Ý«éћŴߴX`©ìlƒëî.ÂË ]Ðz8¸_§òzBëdTS?{±þx^Fn
Ì΀|ŽTS›Ä”[÷º51–÷ã1ðšSûõIS’kU~«…ª í‚D%{ýf‚ÐYi¢ñø6«÷ø(7Y™~«Eí{öRVÚZå¹³1£(bzÆ`xFãxÄœÛõ>³t›åù9mî(Õ[Õäõ¹ßJW¯ß½y'ò@œ‘QØØ*ÌM¢òЪb£Ž}ŒºÒšê½¦Ba³³’š¤)tY«:3%e[º3
ï›Ð8š:4·ª¬©6÷Ü[SèÛ½Fbunu@okAL*·†6M–§âªMwJú³NšZmrMªL)Ï6•ª2m‰B +dBóÕêr¢g‘{e‡—m¦°f>=òE0€4 ŸE0Lµ<j·ŒJkA}²zM{s#Ã9zFì8}Hè™9zt¿ŠJS`
UM)1»sïÞ§àØÞˆR¥ä[*ÓìöäaŠE¶·A™CæŒcVÑ¡2]±¥AL9ÓgÏÉçíD„5@=(Ø% +§–К¦Jtèa„ ßÿiá •:Žb`ÿ£~kЛՈ"ÑÖªêŽC‘ŽÀiÞš<70¹#{WlLž%HeùéÕ×ÁÎK[óʇ?ñ“Èß›ÛsR–8C¬ÿŽ +{Ÿ}VÚ³^ľ?;‹§ˆ?Z²ê +Š/f <åtŇоh汬œÉ|ï„´Þk‹š@¼©¶I•m¤¨0òK
ùÔÑFÔ8oŽ<·×£Õõ†Ú¯‘o¼†U‹üîphx¤kuÉu™èkLšÕ²üûX"èN(…I³m;'³2É›Ôsúaã[oKà_»ÜlTþ7Yðäìêç~›ó%”{Ýì‡ ~zìÅ3˜eýÔÈ#º|²Ðy”Ðô_ïéùËçç®ëþòáÝë·ï_ú×lªW|%˜ÄBf µòÔ’ÙçÕç>ù×rzJ}Ûkwtè®='?ÒKIl¼¼å3NM–¢EaRÁþXó±|ÙBçm°ãá¯&(Ú‚p»™‘|?…}añð‚â¡Ãµ$ùQЂf,PNÁß}|8Gøçà Å/ßOá_ðÍéaâáù»Ð»ƒ„.qH‡ øŒŽ®Ò¥†3Þ0ŽÀO9ë Q~8…~º’±þ?{éŠñ^uCåÜé#Ï8&3íє闇Sžã弋瞔“®ÃKˆ_¼º .»|—ÅMÊ]r~¯ÌG:ý2¼ìˆ^¢ÅËÇËXî½n`ÐZ[>û âÓÒ‡F&úl9C×”u9KBæœýÉúeendstream +endobj +728 0 obj +1521 +endobj +729 0 obj<</Type/Page/Parent 539 0 R/Contents 730 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 253 0 R>>endobj +730 0 obj<</Length 731 0 R/Filter/FlateDecode>>stream +xVkoÛ6ýž_q×¢ˆ‹Úò[vCÚ$E´éÅ€~¡%ÚV"‰*IÅ3°¿sIÊvÜ$@±5…`‰{ï9çòûQŸzøëÓd@Ø’âèýìèbvÔ‹¦SÚ=ô/=ðM'xö§xhILÅ[/ÞŽÄüs;Ç£hÖ‡QìGËyû@„îeNh¶@61¢ÏR7Ü£YÒ"þ÷š–Ùƒ¤uVγ2¥ÚHmH`C‘“YÉ<§o-Uæ*¥LeJÙ‚ìJnh%°Êʼ”–D’Hc¾½};»óe6Iô9“??
¸®xG*¨ßçäý[N7ŒÍ.c·i¦˜1Áüý„,ª\XI+UÈ4Óo·ÔýÂÒýJ]žÑEQ¥í¾9ï¾¹
©ùDâ1@"=†.vo/&ðGO'âz!
`Ú³Ú!CñxMw̼#t/O +‘•®{9Úî×ø +Z¥åùØ`¡ò\ %%ª(¨Ç.…¸©‡Ûß5Ai¡Më•Dê>Ò Dj_:»úü8|‹2ã6-E!y¨GþÐQÛR¢ª5}…øÔÚ„ü‰ó9Øú,-²23V«ó»]ˆÖï4Œô4 +)ï–±Î+=d¹\JCɃ„ü‘„lÔJÙ×~tÜMÝÚèn®‘w(æ¢Ë´›b^ cÖ)uîÈãBí ìÜÒÕ +ûb‡¶å@mš×œ<wG¥ŒÉæ¹'—kRº«ñƒ¹±0KÛ•/2mlD4S>e t?¸9ûCon`ø¡ñ·6a]Ÿzÿ“ê\žeäê¸ ‘¯ÅU-J•¥ŽÊ<cdƒ™Öâdì¹fŒøDº.K¸VýdV†:BÒ?´Ô²j MŸMs¶BȃC'¦u"™œ +üøŒ1¯ÅF™œ¬Ï2ÐÒ´ó°_ÿ¨×;uÿ¥±§ÚÏjú`ÑÞªÝYÌRo“Õi‰C×à„ƒ"1‰Ê
1gÕ0jáÇ7çpíÿƒY˜ÚBQ§~³àG2ÿÎEr[ÎáÚ¬~·h²úûu›,¤}‰ÒåßǽlÓ•«—ÛZØæiÌq«àpãéØfiëÃÅõ»,—ý·±f|^ë÷f뽑5Àâûí'¡ƒîõÜ.ŸZ03W܇¸3Ý¢5Ùé;ßçOëzþ©Ú°k]ù›;kJŦ1öcTtìßüFÛC¸éA\¸Åž>.߻ړÝ_0ÈD”áT„£LBep`pgW|UÒ[j›Ü×ÞB«‚Ü*ˆíYöϾ¿”à—Ñ´õ亚[ú +§áÄíãÎ;¡øÄ-ô–úE«;™X:WI]Àì\KðªN?žD€v2p³ýMŠf ”B›—KC×µck4An^<äÅ8Æþ8úÌñf×endstream +endobj +731 0 obj +1278 +endobj +732 0 obj<</Type/Page/Parent 539 0 R/Contents 733 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +733 0 obj<</Length 734 0 R/Filter/FlateDecode>>stream +x½VmoÛ6þî_qÈŒÆÅbÉ’;.P©“Å–—-Ú†aÙY¢#6©T<cÝß)ÙŽkeÃÞ@‰tGÞÝsÏsäc'€þ0 a8†¤è¼‹:çQgàœÀæ¡îñe +e¬õ2uƦÀ¥?É +t&«<µÄ6uÌ&6˜¶|ÐøþÀ`%+ÏÃ÷|fßî=·‡ËјÛê u\tå/9â‚5s‚-igbf]yÅS}÷ö™É‚¤\±ÛÅ™C.e‹¸Ê
fÎò\{õúꙎqÉ,|Ø,lT*¶[î`‡&…ÞçåmAôºv/Zi +R•dà?ÅVs¾®æz¥‰eðéÜݵPEP,hñPÌT +ÙïÜvœ~§÷Ͳ{%BËòp£á,ÆÑCS)¦K)RÒÞ>èbƒ'GV<~—vfÂZ]v&‘Ü¡¾eü‰Þeù¯É²r·IíÕ¼qRŸ¾Áxì5·ëÞíéå»S¸Qò#ÞGàL&UeÆt;$ÀúÁx‚ÎýIˆWð´çÎuˆðúL€DtÑp]òMFx
°~ã}À+Ä·? +endobj +734 0 obj +1172 +endobj +735 0 obj<</Type/Page/Parent 539 0 R/Contents 736 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +736 0 obj<</Length 737 0 R/Filter/FlateDecode>>stream +xWkoÛ6ýž_q‘…Ø’íÄŠtmÐ`ëc±aX†–蘵$º¤Ïößw.IɶgºlŠ÷uôדõñ? ÉÎÇ”ä'¯f'of'ýh:¥ÝÃÜãKŸ†ãè‚.¦|ñ0’ØÚ§ÉÇ^¦ÃÆd8Œ¦;“Ñðbg3áÏÎÂÃ!rjˆßôé’fä9F^³Ô½îÓ,éPø[©,[ÍçéÙìËIŸz€ÍÍžOof¿^ÿ|õìå‘÷2Yê#¯~º}ÿúêôý»W§G6°-õ +zvúyY•¥*î)Õ|gK²Ò<¨DÚt̾ɿø¯ü‡ßQÀoª˜«"=–ÄÿVÄÆÇyºçÇùƒžùfQO~?{¢^~³rVþ¤çÏÉäÔ[Pü LœédÛjn·6)žêÛé1@Œ,+ƒ&údZ.þáïñÍ
ÌÍÞ€z!3îvA[]Ѷ¦¤r)Éo…Íš¦;ûN·½§¦ÂÁEÚÞ¸÷ÞfJ…ÌuaIp +ÊÒZ«¢ìºÔìRWYJsIbžI*5%º(d‚šók=÷Y‘Ï…£±4$àìÎ…*(—ùK_*[òºò…o$†YZ 2ªÀþˆý9]NLF˜K¯Š`îã›Ë€ö\ŒÆü2EçÑ$¢u±P÷Ü.;<>^¿;l(ãÄj׋¥x”‹T’ +h,„ñX¬ +½AÍ@©Ò9õ5„Úh³â‰.õ½6&" +ÞˆÂ!†[ˆW'téA!°¨`\”*¥Ò-´!Íî¨Ñ‡.¤\ƒ7"E<„™9k‘ss\ÙÁReÒR!eÊîçíÐ"+Jhk»-å¾î:¯UxÚë\¬$ÍE²ªÖ–´kÒ2ê^èGrï(Þ¡X–IŒ„"7Úû\[pN/—Bƒc©Î-H +ü¦`èüÚ‰Î×H+ á`â£ÄÃD`wÅVW&‘qa-¢$K_w=ÚJ•Álh³¥ù¸>hÏt1rŒä!P{ô3Z—?ø·Íð{ÐëXŒç_.‘u'ÐØ=O£s.¿Ý”&û£I"æØy*l‡¸Ÿ´S‰D¯•§gÀƒí8Ü«†ýï¡Ê¼µ2©Œ*·¡3™|€hlé“Lßbà Υ̻ž§È#õÅ™šÇµ£ã5V·‡Û£HÖĸ±¬µ{ßê=/ÊìÛÆì†Åjçî N5².÷Æ™’¥(îeÑ-yeÍä¢-´…uZ%싺æp9ê
G¸mAóXiøbdä× +ÌMë[ÒA)®NPÉ +¬«%èÊw¤ÇØ;÷3\£D’è +r÷ýNwôÞ?4ÁùÀ‘[&Zú‰,sj-ù\aÁª…ÖKE[dƒD;‘˜\…6¹ÈêÒ‚ +L9´ÛçjÞ5¿KšÑkÌ·³øfœÁx,Ç—ƒhÌ3úùúÝ«kúhô¾u½ÖI•£ÃNV9no0fè{“!~礢n”|™-ñ´ô¡rgì~?áçïØ7_NþÔücendstream +endobj +737 0 obj +1384 +endobj +738 0 obj<</Type/Page/Parent 539 0 R/Contents 739 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj +739 0 obj<</Length 740 0 R/Filter/FlateDecode>>stream +xX]oÛ6}ϯ¸ÈIlg@Òv¬E·xØ´DIl$R%©¸ú÷;—”l×q´‹[q(òÞ{Îý8Ì—“)MðoJ‹Ï)OÞ¬N~[L’å’v[à˄Ηü¼X.ðœN®’YI9^žÐål™,ÃÒ9-æø1¬à0,ÂÂö“Æ·4Ò*‡áùrA«,¬Oh•Žn¥Ü7ä¤}T©tä
mŒ} ÆšFÚª;¥Î´´QUE¢r†´”¿$•/¥%*Å£$¥3õ¨²VT”)+So¬ÂY9Ç[”™Z(M-Œ¸_VŸO&t6=G0«l$*+EÖÁœtR{2šÂöGÚS i)t!ÃoKSã´ÞBG^ÖM%<Ö *¤–vσ.Øp<Ú?°¼IˆV%,S*4%IáTÕ
o•.¢3¼s| +ˆ#W¯“Ôè<þzÀvDEeÖ°0lGqñrسó•c@›þ\fóä‚qWý[³céÓq#ê$ƒ±ƒý”«jED,ƒóÀ¥ªÌüé5H +T‹<;pÌj¡9U«J€,ÁõZô
Dñù@ëýÙ¸µŽzCîTÆ<P¥˜Tå~¡LèŠSt +.#¢õ%Å•_ZÐŽðWj=v2mò#ò©RΑ +YqÍä‚Eíäu&52Þ_ +ôÄP$äšÑFt¨Š;OUÆyí^5±C–Kï»#L¾jŽ¾V_9EQ:ŸreÿÔ·íåO«ærÈâ‡Õ&Ðx©]¾æóÕ¼;âõBc1k¹©½Þ¡¯WH{$ìj:ŘãÏÓNŒ¹è&Eì‡ÇkñN‡¾™ëä)Ý‘È2ÖÛ‰·ša +ƒg-!C`gÝú¨`¶æbÁÖöDÉ–
ž-‡%¸oD¬
«Ê“3S.[kŒG/@Kq„õ¨´ô¬«¸Yì»!ž…]¼Cóï¥ÒÓ蟯Ê}' ¹ïù6êÑ÷ä¸ +ˆ!«229A-˜.Ȣ̴ëJxÍX7>ê¾!¹]P6AáBÏNx´G=;ƒˆ4ëøöŠ¦Ð=¬Pg‹i2ÿF£^%ó„~‡Dñ‚s/´]€,šXÓŽþî5N Òé¶^#b8]ív²èQpÒÁ†‰neɇìMaþøRxÚH*¡~9xæ/eÕ‰yë[{sBT1Pô[7¸£¶æ08ŒÆC< +¨-ÀjHüß•n¿+n„Ù%À)2Å—¦-JjŒ…ßìêa
o0÷!~ ›Jë!»a°1®°—Ë}Hž½ó zsV½X>%Ž¼OþàÖ[€·¶r8rza‘F·Îôn³›°Ò°Ïaמ”÷ñ†A÷åကýXµE€¸Á0!*
Cfš¬ävÀôÐG—@³Uü_KpÃxÕ(qÂÏ5$èÿpÐÇ›÷TðÝcpGà‚þúp÷(×™±.é+0í¥úÙð9Ç9õïl¾è×aÀËg—³(WÀ¤MPë9ôÌlàÀŠþ¼{¶T‡5:C-2ÔcUàŽäË!Wœ€#“
\Â9Üós¼#’M© +r4á®6t¨R÷£âêÇË}$CÀ¤bNð5g“Á¢ž¢íÖ‘N|Mµmãá/20“Î[ÓÉì(öÃè9ìnÞÆ"xœ™}Œ×!{píÃ`ĽÀU!\~‚þJ"\v!)¹±Ð·U€ª·*
ˆ¯…è=¤kF›¯Œ|ßÝË€ÀÌчKÕ6ľ?.—H»cíqÙ'çt¾Høo¸»ï]âïoÞ¿¹¡Ö|ÆÕ›Þ™´QL!&fõ,î:‹ÛFÇÚéÅâ ͧŽæsÞ‡þ8ù_%>Éendstream +endobj +740 0 obj +1577 +endobj +741 0 obj<</Type/Page/Parent 539 0 R/Contents 742 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +742 0 obj<</Length 743 0 R/Filter/FlateDecode>>stream +xmRËnÛ0¼ë+昶*9‚ä4r°áÖ +Ú+C®%¦éòaµß¥e EP‚âÎÎÌe% +~J4+ÜÖcvßfŸŸîPVh|R¯¹P(ò¢(ÐÊ›»¼Éñ`¢×Ö|j߸½BYÎíËUÃí7mO˜´yÕFÁÿñÆBïlìzþ¢'Øã¥Ü‰‘p wÖ’€Ã¤ƒìرëÄë@ØD˜ ¥Ì‡Uq ¿€0*‘X–·ù*‘ŠÓÉÙ“Ó"ð –Îz{ø¶€ÃàÑ‹3+;‘b Œ8kEð$Fëmun&c‰ïs¾³;yìڼʎB›äÉy°D¼ìž\çHËpäã =ŸvŽDà?*Ê‹%Ʀ5j£}HܬÒú–ä¢1ÚtõoúhúÂÄ»`Y0&ë~æIßc›qf¨‹:¯Q®Wü:ÂqŽx}ͬ¬›<ÅÏéþóa³½ß`ïìÉ€/VÆ‘C¸l%M_Ψåûߥ¨š*_óýá\êæ*èköÔW¾/endstream +endobj +743 0 obj +398 +endobj +744 0 obj<</Type/Page/Parent 539 0 R/Contents 745 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 262 0 R>>endobj +745 0 obj<</Length 746 0 R/Filter/FlateDecode>>stream x¥W]oâF}ϯ¸â%‰6ÈJ«*‰’.j¾v¡ÝVâelà=ã‡å¥¿½çŽmHP»«¶‰DbÏ×sÏ=çòõh@}ühÑðœ’âèj~t3?ê“ í?Ì ˜
‚ˆF“1þ‚IK^Al³ûÀôðö‚¢>Í—Øý|<¡yêÇñ&9¹^‹ÒICƒ~@³ˆ®óL*G?ÏOç_Žxí`T¯í
ùÈyz‚Ƀ€n/?ZžÒ§Þ{5¯1ðAo(Š¦”hµÌVB{œ…}¦¤k”LiC¯ÞŽHXÍvƒó€£<Iê`–˜:E,~âqH{ÅßóÓÏGÑÙE0 ³q4 'ø[?å4cTÂÛ
õ=ÎÆÃ7\R¡b¢‹2—N’PvHœ&·Î,}¤u™VþN±$ZêJ¥„>ÜÒ>À}BkçÊwa˜£ó`“)T/"Pyøg.eµ -_&Ü @@ -1695,52 +1746,52 @@ X¢‚2c¹
R¯Wom2·öc±°’t)p<ìÖ:Y0ŹPÏípF~+s‘)d(S~1S¿Ég‹\!T%ò€¦Ëº0hÍ%)Ò-ÅR*¬ 7QÒš’ßØ÷ Ld>¸Å Ï.XP4‹È?5Ö¾ïuZîcÂø …ÍéÑx„Ö¢>‘[„ûOç·ÖÝyÔÓîñüm<ù½–áãÝ{u;“öýM¦0Zx`¦®á$ ok"\0u²PôÐÖBh³k™ç]’)XÎUºä–b± -@4¡J3ëëc_{-÷O<£ÐÞçMùŽ‡ü5ÅYy«`“]WÎÝæ>æ}/¡*›õ|Ü óñè/’Ñïendstream +@4¡J3ëëc_{-÷O<£ÐÞçMùŽ‡ü5ÅYy«`“]WÎÝæ>æ}/¡*›õ|Ò óñè/’Ñðendstream endobj -723 0 obj +746 0 obj 1596 endobj -724 0 obj<</Type/Page/Parent 519 0 R/Contents 725 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 247 0 R>>endobj -725 0 obj<</Length 726 0 R/Filter/FlateDecode>>stream -xVaoÛ6ýî_qÈ'phËql7H3$³¦ÈÒ,ë0Ðe³£DU¤âùË~ûÞQrb;ë·!ˆ![äÝ»wïù½Ñ -Ÿ²ØåGÒÎÕÊÑz¥ -ú<ïék—_>©Êi[|}CXAµS)IGòMü3 ãh,¦ÈÐMŒV…ÿ‰í_(ŠšüÇà ¿}ä˜[SjIÒÝ,¦/7³G²Çc tt
ƒIé¾Ò…'zÒƒr¶®EW•];Uõ¨°4—ùB¾28r+»¦ºœ|w¸ØP1Eüôðs':=Çb@9ˆsóÍÐœ)QèQñ -Å&² Z(Êôߨz±öRúdEYes -ì窖ԥ•÷åY¿ŸÈʱօõ“…éÿc”ª×}Çàûˆ)V>7ûQvŽ"ˆbÐÒ¤[kc‡.S§*
{Àý‰2»º -Șé¹l¥—ºrÀ›X½`·ÂzH -;7†ùå/W—8”-Oyú`“:ÇA/=® -endobj -726 0 obj +747 0 obj<</Type/Page/Parent 539 0 R/Contents 748 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 265 0 R>>endobj +748 0 obj<</Length 749 0 R/Filter/FlateDecode>>stream +xVaoÛ6ýî_qÈ'phËqì$H3$³¦ÈÒ,ë0Ðe³£DU¤âùK{ßQrb;ë·!ˆ![äÝ»wïùÑ +Ÿ²X“åGÒÎÕÊÑj© +ú4ëéK—_>©Êi[|yCXAµS)IGòMüµ3 Ãh,N¡› +ÿÿÚ¿Q5ù‡~ûÈ1׶¦Ô’¤»iLŸo¦d+ŽÇ@èàZ“Ò}¥Oô.¤ål]%Š®*»rª:èQai&ó¹$|epä–vEu)8ù4îp±¡bŠøéá×Nt|$&4ŽÅ€r5æ曡S¢Ð¢â%ŠMdA4W”éQõ|
ì¥ôÉ’²ÊæØÍU-¨KKï˳~?‘•5b¥'ê') +Óÿn”ªW}Çàûˆ)–>7»QvŽ"ˆbÐÒ¤[ic‡.S§*
{Àý‘2»º +ˆ¸2Ê ¾ óFºîgÚ½Ö•ó=J*†ÁŸ[r¥‰4…þyÿps¿øüÊ’žÂLzˆå©±hä;[®Yým¾“êbÍEðc^fQL/ÿMp”×Γó œ*eXè
þ +J)1ÓsÙJ/t!
ä<€7±zÁn…õ +endobj +749 0 obj 1117 endobj -727 0 obj<</Type/Page/Parent 519 0 R/Contents 728 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 254 0 R>>endobj -728 0 obj<</Length 729 0 R/Filter/FlateDecode>>stream -xWQoÛ6~÷¯8ä¥)ÐȶìÄvž¶uK[ h·Æm0 /4EÙ¬%R#)kþ÷ûŽ’ÅéТhmYGÞÝwßwwýg4¥ þLi‘Òì†d9úm=ß(Ð:Ç››Å’ÖM’É¿ÈË×;Qåh:MèíLJõGúUJå=Ý‹r#ÈÛÚIEÒfêåúÛhBWéç/ZÐë/÷üß>Å|ûÕlš¤ü×áÂw&8›Õ2hkZÓ9u¦é‚
[7ÚS¦ª°•ÊH†ðÕ2í¬)• Ñï‰óT{Åþéëåkkdí,è‹rž´ÙÒýÑU~}IÁvqOgmdr§ä^›œ…·´7¶GOt!mYêpcF5ÃÜá<úÂÓA8mk½oœ0¸Î“DÀE"B‡ -=úÞY¢ùlþc´'“ï¡
QwXw Q›ÿAúo[G]´¢x†Ÿ?¢»åâ€O=<<ÐÆÙÙ0 +750 0 obj<</Type/Page/Parent 539 0 R/Contents 751 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 272 0 R>>endobj +751 0 obj<</Length 752 0 R/Filter/FlateDecode>>stream +xWQoÛ6~÷¯8ä¥)P˶ìÄNž¶uK[ h·Æm0 /4EÙ¬%R#)kþ÷ûŽ’ÅéТhmYGÞÝwßwwýg4£)þÌh™Òüšd9úm=šÜÝP:¥uŽ7×Ë3š&Ó)~‘—¯w¢ +ÊÑl–ÐÛëô«”Ê{ºåF·µ“Š¤ÍÔËõ·Ñ”Æéç/ZÐë/÷üß>Ã|ûx>KR~ëpá;œÍj´5éŽ:ÓtɆí)SUØJe¤
CøjH™ƒv֔ʄ„è÷ÎÄyª½bÿôõòµ5²vôE9OÚléþèƒ*¿¾¤`»¸gó6²¹Sr¯ÍΊÂ[ÚÛÀ£'º¶,u¸À1£šaîp}áé œ¶µÞ7N\çI"à"¡C +€çÌ0ÖËþ`í9È°SHÖ×"Ä¡‹‚°(²N—ý±qÕbéhÆß>½¥««dFW‹4™RI‹t•,»§‚î¹öS<ΟT|ÍgVÖŒ*á» Òf:×w‹ Ùüyp¹MF"PÌìi$nK—»ªÛÉÄ3oë¶í·‰<ødÊâY +1Ä']ÍSTg±Zâ;§âå=s{n-nV sï‘» YšÄBtœ
–NîÙßäîßÖÀ¼r§z´%WÆ¡ª7…–ű+¤Þ-ËOe½Ö)·®{
nE”aà<XêDÌ‚èiW ¹[å_J.‹:cÄ`_‘óG#ÁùŒ¾é +=úÞY¢Å|ñc´§Óï¡
QwXw Q›ÿAúo[G]´¢x†Ÿ?¢»åâ€O=<<ÐÆÙÙ0 Cå -Ü˕ߨÐ(48aŽ±¾ðàà<ؾp77É
ͦ+ü[RÊÔïžNBŸ¥¼ -ä3º$çõùÓ{ºýiÝʾÚhÃÊíªû¤õu;›¬’åt›.žUÝxO?"Q³LœÑPsÌ$Ad¬+QsÜE²ÐíĈÚêXÀ*k¹C³ƒ¦˜>ÎdY5ü -üŒG™¥F‡Ý÷¹3de(¶Ôì,FZp -^£ª÷JU|MI5>-e\ç¨ÛÏüÆ0ˆ@=ß© -h)—,]ˆ·¥:ŠK©Dhs¥É-ªåË{$¶Ä£gz‡‘QD¬‚'[îlIÝÔ~ŠsßÒÀ„¸í¡Ö[@×¢àNûWœ×1Ž5·Ü¯ãhª}éã’G©EYÁ«nwï±0s -endobj -729 0 obj -1480 -endobj -730 0 obj<</Type/Page/Parent 519 0 R/Contents 731 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 257 0 R>>endobj -731 0 obj<</Length 732 0 R/Filter/FlateDecode>>stream -xTËnÛ0¼û+9)@¥è[ñ©Î«í¡@ší%@@K”¬D’Šë¿ï’”Ÿí¡0dHâjvgvvßGBúE˜ÄHÆÈÛÑõ|tqŸ"Š0/Í«q6Á¼@„aˆyîýZòµSo -Ñ£+¦ÔZÈz³â8Ÿ¿J4 xù‡ro¶¸^`CBøñ8H ß{ì;è%G.Ú–u…=ö©ÊYx‰¿¸¿é`÷%Ã/0]).?¸œÒógÅÚ„¬¦ô(…Ðûö¸ÿ „ù²VX×Mƒ\r¦9±*jÉs-ä9k^8Âê4«»º«lÍh(ZéáP‰^æ†HÁñìÕlÐ×»ÙÉM £$ˆ
-ͪŠ0
…d]¾|>`«@ÞKÉ;ÝPbAwj%ºBA•! -þÁ±j)ZrJbÀéÜü|`¹‚ m%L
ĤÂC,J¿Ø W[*NxÛ8_ËåÁô¦à¥#Ï@б–Òc†¦&DyÂÒQÛEªm¥è K¸¶ãìvOèŒÜTQ…¥ek»†5_@ÕÚ%2&ÝIÉß{Ój"éäèµ'&Õ%o8S®;T³;}C2p¢ãÇr”¢iÄÚˆ3øòÔˆ‡‚ÿ¿}‰§Ù÷ëÙKüÿË•¦4ãFÊH;jkfº-ÐrIúÔNºÁ|Öoù’uµ»'Š–û_PJÑ’ËõÒ}~"¢{gûén·žMO0£˜\cch£@¿*ÌìÐDúün>¢Ý4É(&Í&tÓ%9J·k®Ñ†)iÒÓ0 -2ÂÙ/›o]ÁïQhUÑBdþ¿Œ¢$$3N-¢,£¯ÝSƒ'>œÒAj§nþ ë–ÑhãV´4 -¸¡©–Ôp.?¹ídÒìÊ -®YþVIã\+Ü.†QÄÅ}¶]QãI!I/-%ÏöR¼ÒB¡ŒyoF—éÚùØl¸?‰íÂÛñN©êÌ-ÁI8ñcôI©éendstream -endobj -732 0 obj -736 -endobj -733 0 obj<</Type/Page/Parent 519 0 R/Contents 734 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 303 0 R>>endobj -734 0 obj<</Length 735 0 R/Filter/FlateDecode>>stream +Ü˕ߨÐ(48aŽ±¾ðàà<ؾp××É5Íg7ø·¤”©ß=„>O§x9ÈgtIÎëó§÷tûÓº•[=ÞhÃÊíªû¤õu;ŸÞ$«è6]>
*ªºðž~D¢f;™8£¡æ˜I‚ÈXW¢æ¸‹d¡Û‰9´Õ°€)TÖr‡fM1}œ-Ȳjø:ø2K»ïsgÈÊ8Pl¨ÙY4Œ.´à¼FUøš’j|ZʸÎQ·!Ÿù `z¾S„ÀISåT®0ë2*UØÙŒ›A§ Ç4¸_ˆÓ,E§
ôö/¤ð¬‹^c쵧i2§ÙÍ8ÅCäŸíÓ‰[³þqÈ5òÀà,¬Èbp’‚Ž~PœWTY1ˆ]ï¶WÛÏ°²išDQO™@†“ÕiôôL¼Lbžlµ?³“Ó‹·¶aä·*Fø:4ûvt +^u»sxýƒ™Y +endobj +752 0 obj +1479 +endobj +753 0 obj<</Type/Page/Parent 539 0 R/Contents 754 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 275 0 R>>endobj +754 0 obj<</Length 755 0 R/Filter/FlateDecode>>stream +xTMo›@½ûW<åD¤B +þÁ¹j)FqJbÁéÜü|êa¹†$ml
ÄD`Á!–¥_lÐé-¯Nºm\¨Žå +`{SðÒ“g +¬¥ô˜¡©IYž°ôÔv‘z[@);Â’¾í8»Ý:#7UTaéغ®aÍеñ‰¬I¤8É£ø{g»@M$<½£ö¤¤ºâ
gÚw‡jvbç²kHŽB +~,G)›F®8½/Ox(øÿ1Txš}¿ž½¤/é¿\y`J;n¤Œr£¶f¶Û-W¤Oí¥ëÍçü–/™¨¨ÝQtÜÿ"€RÉ–\n–þó½Ø;ÛOws¸õlvª€ÅáU4²†¶ +t«ÂÎMdø`ÁïæÚȆŠÉ&cºOéR¥ß5WHhÔ4éYœDÂÙ/›o¢à¿÷(´ªh
!±_IjóÇvœZ$“Q”ôO
ž<ø¨wrL™›º=øƒª[F£}+[šÜÐP+ê7WŸür²YöùT… +endobj +755 0 obj +734 +endobj +756 0 obj<</Type/Page/Parent 539 0 R/Contents 757 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 321 0 R>>endobj +757 0 obj<</Length 758 0 R/Filter/FlateDecode>>stream xÍœ[s¹…ßý+æ-›ª„æp8¼ä%åK6ë*_6+m9¯45²ó¢”7ûïsh u„ËátÎí`2ý¨s•ˆââÉ«§O¤»¬Kzù»Ñü¯UËéfb•]?ZÀ*û^Z?\¨U>þ~ª6ˆ1Cá…1ÃvDVTÄÉŠ˜¤lO¸8·©£¥h]±b&èmOÿ)éI‚>l§þaô¾ü4¬Š Œn<šÚJ$¬‡œo†T
Vá¯Á’ @@ -1777,177 +1828,180 @@ E^ßIJÞjÄ–‡¬L¿ŽOøK<[À)!ZoÅxµúÍ—Dè°0ç„Þ÷Ù²Æñ°p@` (€ŠyF9ô"…žl–Y½ð„Ý°{WR)X( »L§ß]È̼"ù||¤y~XßíñG:ošôÍç!_ô»ü _ÇÿÛ£Ç)endstream endobj -735 0 obj +758 0 obj 5352 endobj -736 0 obj<</Type/Page/Parent 519 0 R/Contents 737 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 347 0 R>>endobj -737 0 obj<</Length 738 0 R/Filter/FlateDecode>>stream -xÍœooÇ‘ÆßëS‚ÃÁy‘õÎÌÎþ9àp%;Q`ÉŠÅœ‡ÃŠ\‘›p¹ÌîÒ’¿}žª®î~ª†v,Y”c6‡ÝϽÝÕÕÕÕ=ûGm3Å¿m³èš~Þœï}qöèó¯VM7mÎÞ4í°š´Í|1kÎ.šéd:ÅoÏ?;[¿¾Þ4û7Í“ýÍiss:þöìo¾<{$´VÓÊOßþþQ?ŸL›ùl…ÿîšy?ìáºy%(—Íç_Íš¶•?ÖÌü9ú»³I‹ûk„Û5ËÕ¤óìT/ö§¶¶›M–øÜgŸMþþéúړͼë&stÛ¬¬ìÁºíó¯ë$tn×£÷Ò“«õíisÈÝDò]3t‘eÅ2”n& º¹Ÿ,|[¬8êÿüâÙ_rH´kÚ~9™y„•GÄËÍa·=·û›b-H°MØ“ö’uL®Q_lOÇ! KØ`€X…Yß\©vM×Íc¯ -$Xü ŽAÊìaÓÊäé3‹!ñ®Y
2w˜”ŠG„ÿÝnÞno.s§öÖÎÄh™’ÊG67‰Ý/0ã¨#ÆùÕúæ’šÂR±ý…X·Å*Œ@<Y&fÛ‹±8H⎠·eBWÃ#5Xó•³?bÝéc±”åh ¬ÂˆrºÚäQbLwÚOúÐ’„1êdd‘X¿úJþ0Va„hŽ›ó»ÃöôCnkAZâ2)ÁG¤‹íúz©+\?…•üì™ä'Ï°šcÖØäI6y°*« -ý”éêr!ó-ë2^§Ì˜ð‡ýÛüÙIƒ9'Ĭ86á´Ïz’¤é¶ô -D'‰€Xµ£d"b]>
i0Å°´B#¬B$¼Zï^ -ëÄu,à:ÜGÉ"åxµ>l¤c;D€?ߪß3´“ -‘¦áâͤ›;çÕ.(ªÐ²†6®có°Ž™ZƾŸåÉàòs‡õù‰“($[X¢9”Ù¾)o·§«’x¬ÜPñ ½+ _Žõ†ô„ã {âõ²0Uh瓺fÙc|DJ*‰Heëèëç‡ÍúTB}–²hŬ¹!¹‚‡ìÖÇ¿ç.ev|˜IaThnׇõnƒAN‹Šxš_²[Å.xY"`} [Ê&É{®E°VÓ›E1 YëñãöšQÉô•é±9÷Xl†$ór±ØQsÆ6› ɲÁ ±?bµ2ór cGÐ}v›)p›Ø!0%ƒ#…=zG2±[IXxˆUˆõétؾ¾£@Z˜/¶Ç˜F®9V!’šÝúö+•“Ó_¾·ë–æl%;[,4 Ñwz0ûåúÉOÙÜ—AÏ,Íw;–Ñ#„<·$ݳ~5C';½£þåa{s¢5œ„ð™;Œ•GÌ«»ÛÛýá”ýÅu/JÓ¬gPÍ‹”íMD|·dÿ\;23"œù²–§‘§8RŠ™¼“!Æ–å¡îÛu+^ÁgsYvl/šŠUQfy6—àýã<f–3©Ej½®\C©#àû‹;]Ð¥M°_æðËgü(?„ŽBpU(3}°O'66ÄΩ{‰ôáMÝêBêäVî8Šx³½¼;¬%Ø‘¾™Oåþ’Åð£tI‚„Žé%ñn™>PÇà€Ì¯«ÈÅ’åèF*‰0ÿ°daþ1ÂÊ#ä‰D,äNX)þDr Ž“+DÐ_oÅ1ýÇÿI#à^ýê]ÜOÝìÄÉnIÌôúù¿+—¾†—úÎHsÏG°âÈxµ9qÏ’N:¶Çu+”§‡í÷㊟%!039Ùs˜LŽœ7´Ý"ËelJÆFÆ—ïpÇÆBR¸kD§¡g2;‚t³àéî‡KÝ–¹Ú·ÎÚV#€4rú@ÖÐÊçðº›Ô<.‰Ð{SÉ<ÏaåW\ -F’1™9%kÎ`ƒoH® ×ëÃeÙ¤°Mö¹“+DÊÍÝîu½NÀB`–²ö#G®‹ØÈ°ÖÔˆ]=¨¡ž'[Ó'Éîô[S¿’d~;=TkêWr%ZSÍC«µd‚Öu+ŽŒÇ4I†¾×M¢ƒXy„¼ £-sEã™y&—A$)@8¢\Uˆ ï·Õ°IÆJ„oŒUˆÞ—‘ -Æ„ulV!2âeR‚3Hv˵hü"Rêé/K -‘“vÅ
’ëR°‡± -ór}þ÷õeº>‹=ê§Ê;„ÕK39ÓPÝ3EïWý_0#è1mÏ+–
3Èÿ‘#€1¬<ò)C@Jp™5Ž“ÑtÜ°GÔhAìúcFã™ô“¿ £ÒÒ
ï^hTä*9ÝâßÃbÓ§þc}“@ˆÉÛ^öŸîï'bÐ?»ARþúZ3EeLH+³KŽHÉàõäz‹ð:"rüôëŒHïn¾öȦ–S›ô@ƒ1÷㇣FŠ -<¥,å°Í‡÷“Þ"ºkÜéƒÙŽÊ8r+6Z¬ÐÔ˜’ø ¬NFô®¯H#(7+ÁÊ}87C±žVL˜›™ž²o¬w·0yÅÀž·3-î•Db:òæ¡GXHF¬ lj>I‚§_ˆ‘á}I=Äïz¹Ckùœô@C_îõP¤Ñ5½.µNŸŠG„ï®Ê5`Òè+”:¥YRñP³xë2KÄx$ã -#HX*‹£º1J쨬>UÒQ³1¸ù°;’ž/Ûtˆò%Õ’¢1}°¦ºX.ÝOÀ{c=c¥XYFeuˆÌ™÷`¬7bÔóûGU“ç5LO6o
h1è°gXyäët^W¥0FM:PfG’sﬓ–•ÍS)r±ÄÜ«Š5óGÊ"c]Ò‹fÖ+¼ºfä -#DnkÐœÏ,ýÉ"Y´Ýº¾ùÀJp°ëŠCGŽvX(ïúÉý;ÿŒ1öÆìuJãàÍøË£õîJ’„ßåJRz(sZì@|@]gŽº;#µxµ®]Ÿ•–“âåasØüãn{ÜÖ뀬†ÕáàŽ”Y¹BlÏ·›µœwŠáÁå}’Õ8oFÿ÷],Û™r™)=X¿ BÃõ¡akî»5«å¦¾mAYÜðr—‡ýÝÍ…tœÖ‡YÉè3}”_„ŽÁÍο´ú@³ˆ>‘µ]cúQ÷~Nh®kFˆì*iÅbœ^v¨\!6‡O’I®-|säV{;jw·¤w+‡À¾V!¶Ã{ÂIÁ»´cäˆ ÞEVäKIÎܽ+é/¹w¥^"=èk<œuĽÎ`¦×7éœÞˆ²r1!³=̺L™Ö+˜çëó«í
ºU(F ×[&“#çìpw,Çq¬“SòžbàHÁ×2`Ò×/«`)@ø¢ xþT¹BÑU``(ºÀèàÁF#2¬½:&Wˆ-Iò §?ùOd"§©!«äe ¹@ä¹BdÐlgèSLnîÙ\!2ÒLµê}ÝòÌÝN“…±œN¦š38÷‘²Ì™º\ëÉH&È& &¦<CXy„<_ßÜáì£lY ƒÇ‘(Œ9¹Bé+0ì‚I -Ðr² -´3”2wÔ…ºY…È9ñd(ªw+Wˆ”µÍ@`ÜØ~0ÿLoZ”«eòn]I$JxX(Æm¨Qhj#¤Ód‡°ò‰”•b -ÒÇÉ"(Ž )Ňʲžc"Ç ëÄ䂲§8Rò–I‚·ÀšÌ=œÙô›ú -¬s’›jžaØÈ Ã*0pÃǵð‘ñæú‡ßˆ9"¥õ iÉ™»äØâ+j «ä”ºh‡õšXZ§M‹rX©XmÅ^ÿd¿ÛÕ^&‘ØŸ|ëC¬0p¡/{|Ù®,/¬Û“SÇÈ|;h¹d
خñòÉ<áËÃaŸ^ƒ%<`Ôu_ö^r} „?{zSIL¯5½ž=¤Ó§!^ýp<mÊ©+ÉÐ})¦æFXylÆËýõö|»©IJ1]N˜£Ñø¨-<¤‘Ôެ¨)‡½¼%—rÂrùÁBèû¿›¹ó|$J`?×ÑD¨äƒb\./«‚Ž–‰qj²lXœ -£œ¯”U :ÝÖ9}*ú=Ü]ý¶Š*J†°rcFÄÕæú6{n±%„T ç”ÐÅW -ü}Ük¼<Gùå†öE -endobj -738 0 obj -5097 -endobj -739 0 obj<</Type/Page/Parent 519 0 R/Contents 740 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 377 0 R>>endobj -740 0 obj<</Length 741 0 R/Filter/FlateDecode>>stream -xÍ›MsÜ6†ïú<ÊU»ãá7yJ)Ê:QUl'Öx½_F#Jfvfè̇”üû}h€ÝM¹¹¶,mª¶ï#°»Ñ +759 0 obj<</Type/Page/Parent 539 0 R/Contents 760 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 366 0 R>>endobj +760 0 obj<</Length 761 0 R/Filter/FlateDecode>>stream +xÍœoo[DZÆßûSE‘¾Ãsÿ¸(;¾u;n¬Þ\à¢(h‰–ØŠ¤JR±óíûÌììî3s”4v,å&@¢£Ýç§åîììììþëQÛŒñoÛÌ»¦Ÿ5çÛG_ž=úâÙ²éÆÍÙÛ¦.Gm3›Oš³‹f<ñÛóÏÎVo®×Íþmód¿;w§ãïÏþñ諳GRAk5üôí?êg£q3›,ñßm3ëGS{¸n^Ë +‚ÃeóųIÓ¶ò§ÑšÙŽþîdÔâßÆþá¶Íb9ê<;ÂËýií&£>÷ÙÅg£ÿGÿt}íÉfÖu£ºmÒŽ–ö`Ýöų©u:·ëQ‹{éÉÕêæ´>än"ù¶™v‘eÅ2-ÝLts?šû¶XqÔÿõåóÿÍ- ѶiûÅhâV¯Ö‡íæxÜìwÄZ`›°'í%ë˜\!¢¾ÜœŽB2@°Á +²Ú]©¶M×Íb¯ +Œ¾+)¯3V!BÞn™b 0íŒÌãFH4–ʤßéº$Wˆ Z8IIJ| ««òiHƒ)†¥ma"áõjû¦PX'®c×á>J®)Ç«Õa-Û!üùVý¡]˜è [“ÉêM‚E\5ú0LÞ}Êjãyý]kFRa¼ZqFŽaTÏpÖG4Œw„õˆý»Ýúp¼ÚÜH_«ùÙäûú?Uc¡Ó'…>ÐXÌǘ[Þ!MÂh˜>õëÓhwŽ‡A¬ë˜’¸Ê#’úIfv +²]ÿ™»”EØña&E„Q=¢¹YVÛ59-*âi~Érl»àE‰€õlu,›$ï¹æÁZMoÅ€dÄÛkF%ÓcT¦ÇæÜa±’ÌËAÄbÍÚl&$ËrƒÆfüˆÕÈÌËŒAwÙm¦Àmb‡À”ŽöèÉÄn%aá!V!BV§Óaóæ–f +F’1™9%kÎ`Sß\!®W‡Ë²Ia(šìs'Wˆ”ÝíöM½NÀB`²ö#G®‹ØÈ°ÖÔN»z„Q#B=O¶¦Éîô[S¿”d~;=Tkê—r%ZSÍC«µd‚Öu+ŽŒÇ4I†¾×M¢ƒXy„¼¤£-syã™y&—A$)@8¢\Uˆ ï7Õ°IÆR„oŒUˆÞ—‘ +Æ„ulV!2âeR‚3•ì–kÐøE¤ÔÓ_– +.|=Ȳ\¢½áaXÐ-GZ½>аLfƒøÑzÉa¦~7BÚ9„•GÈÝ;¤D×"s_ÆMÉèŠþ‹”àÌ2DŽc"'í,Š$!Ö)¤`+c"æÕêüŸ«Ët}{Ô‡Ê;„ÕK39ÓPÝ3EïWý_0#è1mÏ+–
3Èÿ‘#€1¬<ò)C@Jp¦2k'£#è¸>`¨Ñ‚Øõ§Œ†3é'F¥¥Þ½>ШÈUrºÅ-¾/†Å¦OýÇú4&0“·½ì?ÝßOÄ ¾CRþúZ3EeLH+³KŽHÉàõäzƒð:"rüôëŒHïn¾öȦ–S›ô@ƒ1÷㇣FŠ +à¾j‰Õfâë ®¯6•œþ ÞovœÐ©:±)Éì9Šqc;Võ8Ž4 `ŠaàvdhDÔÄ‹Ä ä/0jD<õvIB1*I¼zŒUˆwNO2XR±-V!Bœm²N<¥rº¦ä +‘O)K9lóþý¤·È)Ý5îôÁìGeH¹VhjLI|PV'#
z×W¤”›•Ž`徜›!‰XO+&ÌMÈLOÙ7Ö‚»[˜<Žb`OÛ÷J"1yóÐ#¬‚G$#Ö65’àéçbdx_Rñ»^îÐZ>'=ÐÐ×ûpmNitM¯KÓ§âừr
˜4ú +%†NiÖ€T< +DnkÐœÏ,üÉ"Y´íª¾ùÀJp°ëŠCGŽvX(ïúÉý;ÿŒ1öÆìuJãàÍøË£õîJ’„ßåJRz(sZì@|@]gŽº;#µxµ®]Ÿ•–“âÕa}XÿëvsÜÔ뀬†ÕáàŽ”Y¹BlÏ·ë•œwŠáÁå=Èjœ·ƒÿû.–íL¹Ì”¬_¡áúƒ‹Ð°5÷ÝšÕrÓ߶ ,îÖø¹ÖËÃþvw!]§õqV2øLŸä¡cp³³Ä/>PÇÌã…OdCט¾EÔ½€Ÿšëš"»JÚG±§—„*WˆÍá“dRëcsß¹ÕÞZãÝ-©ÄÝÊ!°o‡UˆíðÞ……pRð.mÀ9b‚w‘ùÞR’wïJúKî]©—Hdúgq¯3˜éõM:§7¢¬\LˆÇ,$DÏ#³‡.S¦5ÃÊ#æÅêüj³£U· +Åäz«Ãdräœnå8Žu²bJÒS)øZLúúe,_4ïÁŸ*Wˆ Ú¡± +E<Ø`„B¦‚u 7CÇä +±%)C^#RbáÄî1tMFGN°X”Þ•ö‹ùe‹3ê +‘’ç¯Ú‡$ÒîÁûÂ+åNš¼”W2— ˆŠjÏ›ŒÄ-ö‹ðŒ°òùÍ7»Ï±p~þìú‡ßäøœÕâ8%©áX¹B„
Œ‰¤ +DÆD"N[1¹ùsejDcb%8˜˜dÌAü"R¼)‘ +$t1ÇÃ*D +›æק3¥‰»ÓØâʽ°ô@>¨ZO
ß’u˜ ìMœ +„°ª +c7ÃÃÊ}+8f# +ëL…]Æz+Ž„'ûí¶.<$“Ñ—¯Ép%æë ¯{|}ݶD$¬¨äsÙGÉb[(ÆbÈñ`tÃFÆW‡Ã>½»‰Wî1X¿c$G~(‘¯(ñ»þ\!›½1×Ë¢eb=®bq*Œò×?OërL_Eè9݃1!•F«ýõæ|³®cXubrŠÁÙ¹
>_UÈèIÎÝÉSñ ‡½¼M™Î$æy˜X‡r’ÏÚõ AOÆl¦?×\Ä›ôx Á ‰ñ¿EÃbÀœ¯V º&ß9}*~^¿Õ¤Š’,Á˜qµ¾¾)£o¢4úŠ#áœÿà +À¹S#àyùûU¿+µ3/OÅQ~¹>išï·=¼éÀˆ&î—þJQ®ÖƒxË/<pbÞzLŒÐßS& «õä>×QE2ú62!•ÆXš£ô•Éø‹#e†Q#Ľ(U4 +d<ÐØ’¯÷—û]rüâ1ïaà&.Ác/ ³´oõç:T¸ªƒ,N?W‰L/Is°>•FÂO—5¤Õ^e’× )?1`JiJèئð’%é0d¸÷‹¥¬_¬8BnË’Aèq3@^©#}"Fý·ûÕ–²Î¤“T–~å +endobj +761 0 obj +5223 +endobj +762 0 obj<</Type/Page/Parent 539 0 R/Contents 763 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 396 0 R>>endobj +763 0 obj<</Length 764 0 R/Filter/FlateDecode>>stream +xÍ›MsÜ6†ïú<ÊU»ãá7yJ)Ê:QUl'Öx½_F#Jfvfè̇”üû}h€ÝM¹¹¶,mª¶ï#°»Ñ 5O0cÇ0ÅóŒ\*I̶„³«ýa·\Ü«Ð(ý*xë¯éj,•‘—ƒ¥\ƒ-EöÉr<”y¤eÆ>¬Oçä¶J¼&ˆ‹ía7\W‡~Ø’‘.²gd$c¼VÍãÂ<)å>mžÜ˜‡õMJÓQê½u&„Ÿ–‡0—„ˆ’dN«‰DøçS„ŸK"…”'Sò“Äp‡ ç—Ýp×_wnÂD©ŸÊIÚ#e[!^6˜‹˜¾1z¤lk<´§´aJ—ÈŠÀ-c±ÜÝvÑ+Bs¦Õ,×–†eï÷ÞŽÙüùd„²‘)³lr·Ópqé®óBÇyP×4]”šyZÿÓpÂS((ÈçˆN¥ççZÏËE`H %íœ$t0”a÷_ÝYƒ©õ„yÚx¢j$!Â]Cx¢¦Ò^ˆEˇ0|R.%Â?Ÿ@^÷«Ý°nb”K)LZTä âÒ»n3ºè!¦¥}Æø’Ϫ»>îF’ÐÒFm: ßaB:_®×ÞËßhîo–4ÒàM×Þ,k<´Þ—Xï-&¸-H) üØ2Þ,7ÑlBDÓ«¡l%üÜ".»Ý]¿Š)¤ Ö &t˜pîûÃêåüê'[Afe«R]‘»EÝ›Ï5„KŠb²¨³qY"X‹&*üÜB~YooÝÑGBÒŒ¥ ,éìxø„sc¿ZÒ*N4ðÓMḃŽÆ^lùâ[¤Aãœ&ˆkoäédAÇÄÅÇ[› MMy_ø±e`5ŽGa!‚æ%¢T!j[€8wI x“M¨ÀÀ¼Å‘ã XË@¡í¦¿=î܈ÈQ8}cGiŸ¨nÅ-oŒ>)Z: YŸ˜#L ¤ñ6QèSÈs>uëÔT
äP¸†°Ž[Ŭŭɋ(Î(—)„·Îò®ûýØïºM¨ÇVsûb:R™‹ŠÊiÁ4®!LSQ½ÊšÆl\¡E!'ñ
&xËL‹nå=¡ƒ}sª) -?·#YPŽŒÕR©%îTSB‹y{te5ìýŸ´bdœRÒJÁ´Â5„SJë’*®X.z¬0§º¥’ós
ø¹ßô—ÉÜ™¶{ŸJÅk^‹OáÂ49"t¼ÖÆ8¬§-T‘(€7Î\¿Z£ íK‹ÏÖ:T (ÒÔå9÷±Å7Ø8òCN*¼®Z<ô)'°p0ƒ˜YL·>¾Qh6 JŠ¹ðcx{™€Ð Ž1ÞFø¹%œ¯{¤Û - -˜šp1êGô}^2zßAëW¼—+3B ¢1!íКóöòeœ¿RD¥òˆF0U#>,wñø*E@à«_¡è€h -è‘ÖŒGC_Æí•”€Jòz -ÂÜ)$ÚWªÀÀÁÓø't°‘!„÷9\ƒ;XD6û#XUªÀ@ÕÔ¾ -c-CeªQ…L…S1r2c-C媇«®&Sa7î*G.ç¸Fpâ -÷Ít.t™JT -ÚñÐçb¥ççvøZ12¤YiÜôRüèðÀ(–Û?ƒÃ¤|@3Ãì8H¤m›èðÇQbvM¬Ñï÷Ç..´R†ÉíîKiv<SÈ=>ß„qH8ï’„=Bû62_J 8φòñTVê@Á¹Â˜$t°”»nGî/âK -æ6×ö¥Ú‡B-é£e¥¬äØI³„v,ÇýxÇPÊ -£pק4ƒ;XÆç]¾cÆJpÜ' -{ôkâmßà—…½œ.‰ÿÅ
í@BÆÁ®Äa™äÊzDÂD(l(ŸÂ¹R!¸RZ H¸•ÞŒ‡Àãlµêö1K 5}¾Pã@‘µ%Ü®(Ch^î;¢&ø†±Ž»ñúŠ”Ѥq»iî` «á:ÖY¤ˆbâî`wý2¼‰Ô€€{JƧÜÁÎÿ}I‡YT"¾t˜ÕõµG´*u+&G”¸S°++ºF[Y³D&7ça|Nç‹’ŒJQKBàI?·Œçüyr¦í”¡–áöàd'ß`;áÆt†UÍìÁqpÒÖ -v˜ÓŸÒ(vIÙ„aÜ!TäTúªŒ`Dr‘*0Þò]¸Ã„غï®\¹ŒÎßÞÞEÆ%(þºïÜθ®!\RÙËÕÎ%b’ªèÉ —Lº„‡Á¶“vÉ3uI`ào‚àÅðžž0Vwîû
¶¦w×ÿp˜ÿ_~C;ú#ÚÙdô‰À7Ø/ÔÔ‡‰‹íu÷‡[¹žð«Ü#MP»ËhxSþK<÷/÷—u
æ¥û›¾“—(ÇŸ^ž½þþ,ÁMåßè3ÆÃêHHâ5#ÿ—Nÿ¬Ý‚~Ú÷=Yé÷ëÉÿ -endobj -741 0 obj -3148 -endobj -742 0 obj<</Count 13/First 743 0 R/Last 860 0 R>>endobj -743 0 obj<</Parent 742 0 R/Title(Table of Contents)/Dest[733 0 R/XYZ null 756 null]/Next 744 0 R>>endobj -744 0 obj<</Parent 742 0 R/Count -19/First 745 0 R/Last 763 0 R/Title(Chapter 1. How to Install and Test SAMBA)/Dest[523 0 R/XYZ null 750 null]/Prev 743 0 R/Next 764 0 R>>endobj -745 0 obj<</Parent 744 0 R/Title(1.1. Step 0: Read the man pages)/Dest[523 0 R/XYZ null 726 null]/Next 746 0 R>>endobj -746 0 obj<</Parent 744 0 R/Title(1.2. Step 1: Building the Binaries)/Dest[523 0 R/XYZ null 589 null]/Prev 745 0 R/Next 747 0 R>>endobj -747 0 obj<</Parent 744 0 R/Title(1.3. Step 2: The all important step)/Dest[523 0 R/XYZ null 174 null]/Prev 746 0 R/Next 748 0 R>>endobj -748 0 obj<</Parent 744 0 R/Title(1.4. Step 3: Create the smb configuration file.)/Dest[526 0 R/XYZ null 735 null]/Prev 747 0 R/Next 749 0 R>>endobj -749 0 obj<</Parent 744 0 R/Title(1.5. Step 4: Test your config file with testparm)/Dest[526 0 R/XYZ null 375 null]/Prev 748 0 R/Next 750 0 R>>endobj -750 0 obj<</Parent 744 0 R/Title(1.6. Step 5: Starting the smbd and nmbd)/Dest[526 0 R/XYZ null 264 null]/Prev 749 0 R/Next 751 0 R>>endobj -751 0 obj<</Parent 744 0 R/Title(1.6.1. Step 5a: Starting from inetd.conf)/Dest[529 0 R/XYZ null 750 null]/Prev 750 0 R/Next 752 0 R>>endobj -752 0 obj<</Parent 744 0 R/Title(1.6.2. Step 5b. Alternative: starting it as a daemon)/Dest[529 0 R/XYZ null 262 null]/Prev 751 0 R/Next 753 0 R>>endobj -753 0 obj<</Parent 744 0 R/Title(1.7. Step 6: Try listing the shares available on your server)/Dest[532 0 R/XYZ null 682 null]/Prev 752 0 R/Next 754 0 R>>endobj -754 0 obj<</Parent 744 0 R/Title(1.8. Step 7: Try connecting with the unix client)/Dest[532 0 R/XYZ null 505 null]/Prev 753 0 R/Next 755 0 R>>endobj -755 0 obj<</Parent 744 0 R/Title(1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client)/Dest[532 0 R/XYZ null 328 null]/Prev 754 0 R/Next 756 0 R>>endobj -756 0 obj<</Parent 744 0 R/Title(1.10. What If Things Don't Work?)/Dest[535 0 R/XYZ null 750 null]/Prev 755 0 R/Next 757 0 R>>endobj -757 0 obj<</Parent 744 0 R/Title(1.10.1. Diagnosing Problems)/Dest[535 0 R/XYZ null 573 null]/Prev 756 0 R/Next 758 0 R>>endobj -758 0 obj<</Parent 744 0 R/Title(1.10.2. Scope IDs)/Dest[535 0 R/XYZ null 501 null]/Prev 757 0 R/Next 759 0 R>>endobj -759 0 obj<</Parent 744 0 R/Title(1.10.3. Choosing the Protocol Level)/Dest[535 0 R/XYZ null 390 null]/Prev 758 0 R/Next 760 0 R>>endobj -760 0 obj<</Parent 744 0 R/Title(1.10.4. Printing from UNIX to a Client PC)/Dest[538 0 R/XYZ null 735 null]/Prev 759 0 R/Next 761 0 R>>endobj -761 0 obj<</Parent 744 0 R/Title(1.10.5. Locking)/Dest[538 0 R/XYZ null 611 null]/Prev 760 0 R/Next 762 0 R>>endobj -762 0 obj<</Parent 744 0 R/Title(1.10.6. Mapping Usernames)/Dest[541 0 R/XYZ null 750 null]/Prev 761 0 R/Next 763 0 R>>endobj -763 0 obj<</Parent 744 0 R/Title(1.10.7. Other Character Sets)/Dest[541 0 R/XYZ null 679 null]/Prev 762 0 R>>endobj -764 0 obj<</Parent 742 0 R/Count -18/First 765 0 R/Last 782 0 R/Title(Chapter 2. Integrating MS Windows networks with Samba)/Dest[544 0 R/XYZ null 750 null]/Prev 744 0 R/Next 783 0 R>>endobj -765 0 obj<</Parent 764 0 R/Title(2.1. Agenda)/Dest[544 0 R/XYZ null 702 null]/Next 766 0 R>>endobj -766 0 obj<</Parent 764 0 R/Title(2.2. Name Resolution in a pure Unix/Linux world)/Dest[544 0 R/XYZ null 459 null]/Prev 765 0 R/Next 767 0 R>>endobj -767 0 obj<</Parent 764 0 R/Title(2.2.1. /etc/hosts)/Dest[544 0 R/XYZ null 321 null]/Prev 766 0 R/Next 768 0 R>>endobj -768 0 obj<</Parent 764 0 R/Title(2.2.2. /etc/resolv.conf)/Dest[547 0 R/XYZ null 431 null]/Prev 767 0 R/Next 769 0 R>>endobj -769 0 obj<</Parent 764 0 R/Title(2.2.3. /etc/host.conf)/Dest[547 0 R/XYZ null 281 null]/Prev 768 0 R/Next 770 0 R>>endobj -770 0 obj<</Parent 764 0 R/Title(2.2.4. /etc/nsswitch.conf)/Dest[550 0 R/XYZ null 750 null]/Prev 769 0 R/Next 771 0 R>>endobj -771 0 obj<</Parent 764 0 R/Title(2.3. Name resolution as used within MS Windows networking)/Dest[550 0 R/XYZ null 264 null]/Prev 770 0 R/Next 772 0 R>>endobj -772 0 obj<</Parent 764 0 R/Title(2.3.1. The NetBIOS Name Cache)/Dest[553 0 R/XYZ null 206 null]/Prev 771 0 R/Next 773 0 R>>endobj -773 0 obj<</Parent 764 0 R/Title(2.3.2. The LMHOSTS file)/Dest[556 0 R/XYZ null 656 null]/Prev 772 0 R/Next 774 0 R>>endobj -774 0 obj<</Parent 764 0 R/Title(2.3.3. HOSTS file)/Dest[559 0 R/XYZ null 367 null]/Prev 773 0 R/Next 775 0 R>>endobj -775 0 obj<</Parent 764 0 R/Title(2.3.4. DNS Lookup)/Dest[559 0 R/XYZ null 256 null]/Prev 774 0 R/Next 776 0 R>>endobj -776 0 obj<</Parent 764 0 R/Title(2.3.5. WINS Lookup)/Dest[562 0 R/XYZ null 750 null]/Prev 775 0 R/Next 777 0 R>>endobj -777 0 obj<</Parent 764 0 R/Title(2.4. How browsing functions and how to deploy stable and dependable browsing using Samba)/Dest[562 0 R/XYZ null 525 null]/Prev 776 0 R/Next 778 0 R>>endobj -778 0 obj<</Parent 764 0 R/Title(2.5. MS Windows security options and how to configure Samba for seemless integration)/Dest[565 0 R/XYZ null 629 null]/Prev 777 0 R/Next 779 0 R>>endobj -779 0 obj<</Parent 764 0 R/Title(2.5.1. Use MS Windows NT as an authentication server)/Dest[568 0 R/XYZ null 577 null]/Prev 778 0 R/Next 780 0 R>>endobj -780 0 obj<</Parent 764 0 R/Title(2.5.2. Make Samba a member of an MS Windows NT security domain)/Dest[568 0 R/XYZ null 300 null]/Prev 779 0 R/Next 781 0 R>>endobj -781 0 obj<</Parent 764 0 R/Title(2.5.3. Configure Samba as an authentication server)/Dest[571 0 R/XYZ null 590 null]/Prev 780 0 R/Next 782 0 R>>endobj -782 0 obj<</Parent 764 0 R/Title(2.6. Conclusions)/Dest[574 0 R/XYZ null 635 null]/Prev 781 0 R>>endobj -783 0 obj<</Parent 742 0 R/Count -3/First 784 0 R/Last 786 0 R/Title(Chapter 3. Configuring PAM for distributed but centrally managed authentication)/Dest[577 0 R/XYZ null 750 null]/Prev 764 0 R/Next 787 0 R>>endobj -784 0 obj<</Parent 783 0 R/Title(3.1. Samba and PAM)/Dest[577 0 R/XYZ null 702 null]/Next 785 0 R>>endobj -785 0 obj<</Parent 783 0 R/Title(3.2. Distributed Authentication)/Dest[580 0 R/XYZ null 188 null]/Prev 784 0 R/Next 786 0 R>>endobj -786 0 obj<</Parent 783 0 R/Title(3.3. PAM Configuration in smb.conf)/Dest[583 0 R/XYZ null 735 null]/Prev 785 0 R>>endobj -787 0 obj<</Parent 742 0 R/Count -2/First 788 0 R/Last 789 0 R/Title(Chapter 4. Hosting a Microsoft Distributed File System tree on Samba)/Dest[586 0 R/XYZ null 750 null]/Prev 783 0 R/Next 790 0 R>>endobj -788 0 obj<</Parent 787 0 R/Title(4.1. Instructions)/Dest[586 0 R/XYZ null 702 null]/Next 789 0 R>>endobj -789 0 obj<</Parent 787 0 R/Title(4.1.1. Notes)/Dest[589 0 R/XYZ null 669 null]/Prev 788 0 R>>endobj -790 0 obj<</Parent 742 0 R/Count -9/First 791 0 R/Last 799 0 R/Title(Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists)/Dest[592 0 R/XYZ null 750 null]/Prev 787 0 R/Next 800 0 R>>endobj -791 0 obj<</Parent 790 0 R/Title(5.1. Viewing and changing UNIX permissions using the NT security dialogs)/Dest[592 0 R/XYZ null 702 null]/Next 792 0 R>>endobj -792 0 obj<</Parent 790 0 R/Title(5.2. How to view file security on a Samba share)/Dest[592 0 R/XYZ null 521 null]/Prev 791 0 R/Next 793 0 R>>endobj -793 0 obj<</Parent 790 0 R/Title(5.3. Viewing file ownership)/Dest[592 0 R/XYZ null 344 null]/Prev 792 0 R/Next 794 0 R>>endobj -794 0 obj<</Parent 790 0 R/Title(5.4. Viewing file or directory permissions)/Dest[595 0 R/XYZ null 682 null]/Prev 793 0 R/Next 795 0 R>>endobj -795 0 obj<</Parent 790 0 R/Title(5.4.1. File Permissions)/Dest[595 0 R/XYZ null 439 null]/Prev 794 0 R/Next 796 0 R>>endobj -796 0 obj<</Parent 790 0 R/Title(5.4.2. Directory Permissions)/Dest[595 0 R/XYZ null 183 null]/Prev 795 0 R/Next 797 0 R>>endobj -797 0 obj<</Parent 790 0 R/Title(5.5. Modifying file or directory permissions)/Dest[598 0 R/XYZ null 669 null]/Prev 796 0 R/Next 798 0 R>>endobj -798 0 obj<</Parent 790 0 R/Title(5.6. Interaction with the standard Samba create mask parameters)/Dest[598 0 R/XYZ null 228 null]/Prev 797 0 R/Next 799 0 R>>endobj -799 0 obj<</Parent 790 0 R/Title(5.7. Interaction with the standard Samba file attribute mapping)/Dest[604 0 R/XYZ null 590 null]/Prev 798 0 R>>endobj -800 0 obj<</Parent 742 0 R/Count -13/First 801 0 R/Last 813 0 R/Title(Chapter 6. Printing Support in Samba 2.2.x)/Dest[607 0 R/XYZ null 750 null]/Prev 790 0 R/Next 814 0 R>>endobj -801 0 obj<</Parent 800 0 R/Title(6.1. Introduction)/Dest[607 0 R/XYZ null 726 null]/Next 802 0 R>>endobj -802 0 obj<</Parent 800 0 R/Title(6.2. Configuration)/Dest[607 0 R/XYZ null 298 null]/Prev 801 0 R/Next 803 0 R>>endobj -803 0 obj<</Parent 800 0 R/Title(6.2.1. Creating [print$])/Dest[610 0 R/XYZ null 689 null]/Prev 802 0 R/Next 804 0 R>>endobj -804 0 obj<</Parent 800 0 R/Title(6.2.2. Setting Drivers for Existing Printers)/Dest[613 0 R/XYZ null 459 null]/Prev 803 0 R/Next 805 0 R>>endobj -805 0 obj<</Parent 800 0 R/Title(6.2.3. Support a large number of printers)/Dest[616 0 R/XYZ null 682 null]/Prev 804 0 R/Next 806 0 R>>endobj -806 0 obj<</Parent 800 0 R/Title(6.2.4. Adding New Printers via the Windows NT APW)/Dest[616 0 R/XYZ null 298 null]/Prev 805 0 R/Next 807 0 R>>endobj -807 0 obj<</Parent 800 0 R/Title(6.2.5. Samba and Printer Ports)/Dest[619 0 R/XYZ null 682 null]/Prev 806 0 R/Next 808 0 R>>endobj -808 0 obj<</Parent 800 0 R/Title(6.3. The Imprints Toolset)/Dest[619 0 R/XYZ null 492 null]/Prev 807 0 R/Next 809 0 R>>endobj -809 0 obj<</Parent 800 0 R/Title(6.3.1. What is Imprints?)/Dest[619 0 R/XYZ null 381 null]/Prev 808 0 R/Next 810 0 R>>endobj -810 0 obj<</Parent 800 0 R/Title(6.3.2. Creating Printer Driver Packages)/Dest[619 0 R/XYZ null 243 null]/Prev 809 0 R/Next 811 0 R>>endobj -811 0 obj<</Parent 800 0 R/Title(6.3.3. The Imprints server)/Dest[619 0 R/XYZ null 145 null]/Prev 810 0 R/Next 812 0 R>>endobj -812 0 obj<</Parent 800 0 R/Title(6.3.4. The Installation Client)/Dest[622 0 R/XYZ null 709 null]/Prev 811 0 R/Next 813 0 R>>endobj -813 0 obj<</Parent 800 0 R/Title(6.4. Migration to from Samba 2.0.x to 2.2.x)/Dest[625 0 R/XYZ null 750 null]/Prev 812 0 R>>endobj -814 0 obj<</Parent 742 0 R/Count -3/First 815 0 R/Last 817 0 R/Title(Chapter 7. security = domain in Samba 2.x)/Dest[628 0 R/XYZ null 750 null]/Prev 800 0 R/Next 818 0 R>>endobj -815 0 obj<</Parent 814 0 R/Title(7.1. Joining an NT Domain with Samba 2.2)/Dest[628 0 R/XYZ null 726 null]/Next 816 0 R>>endobj -816 0 obj<</Parent 814 0 R/Title(7.2. Samba and Windows 2000 Domains)/Dest[631 0 R/XYZ null 352 null]/Prev 815 0 R/Next 817 0 R>>endobj -817 0 obj<</Parent 814 0 R/Title(7.3. Why is this better than security = server?)/Dest[634 0 R/XYZ null 750 null]/Prev 816 0 R>>endobj -818 0 obj<</Parent 742 0 R/Count -13/First 819 0 R/Last 831 0 R/Title(Chapter 8. How to Configure Samba 2.2 as a Primary Domain Controller)/Dest[637 0 R/XYZ null 750 null]/Prev 814 0 R/Next 832 0 R>>endobj -819 0 obj<</Parent 818 0 R/Title(8.1. Prerequisite Reading)/Dest[637 0 R/XYZ null 702 null]/Next 820 0 R>>endobj -820 0 obj<</Parent 818 0 R/Title(8.2. Background)/Dest[637 0 R/XYZ null 604 null]/Prev 819 0 R/Next 821 0 R>>endobj -821 0 obj<</Parent 818 0 R/Title(8.3. Configuring the Samba Domain Controller)/Dest[640 0 R/XYZ null 656 null]/Prev 820 0 R/Next 822 0 R>>endobj -822 0 obj<</Parent 818 0 R/Title(8.4. Creating Machine Trust Accounts and Joining Clients to the Domain)/Dest[643 0 R/XYZ null 541 null]/Prev 821 0 R/Next 823 0 R>>endobj -823 0 obj<</Parent 818 0 R/Title(8.4.1. Manually creating machine trust accounts)/Dest[643 0 R/XYZ null 205 null]/Prev 822 0 R/Next 824 0 R>>endobj -824 0 obj<</Parent 818 0 R/Title(8.4.2. Creating machine trust accounts "on the fly")/Dest[646 0 R/XYZ null 368 null]/Prev 823 0 R/Next 825 0 R>>endobj -825 0 obj<</Parent 818 0 R/Title(8.5. Common Problems and Errors)/Dest[646 0 R/XYZ null 192 null]/Prev 824 0 R/Next 826 0 R>>endobj -826 0 obj<</Parent 818 0 R/Title(8.6. System Policies and Profiles)/Dest[652 0 R/XYZ null 541 null]/Prev 825 0 R/Next 827 0 R>>endobj -827 0 obj<</Parent 818 0 R/Title(8.7. What other help can I get ?)/Dest[655 0 R/XYZ null 484 null]/Prev 826 0 R/Next 828 0 R>>endobj -828 0 obj<</Parent 818 0 R/Title(8.8. Domain Control for Windows 9x/ME)/Dest[664 0 R/XYZ null 750 null]/Prev 827 0 R/Next 829 0 R>>endobj -829 0 obj<</Parent 818 0 R/Title(8.8.1. Configuration Instructions: Network Logons)/Dest[667 0 R/XYZ null 431 null]/Prev 828 0 R/Next 830 0 R>>endobj -830 0 obj<</Parent 818 0 R/Title(8.8.2. Configuration Instructions: Setting up Roaming User Profiles)/Dest[670 0 R/XYZ null 185 null]/Prev 829 0 R/Next 831 0 R>>endobj -831 0 obj<</Parent 818 0 R/Title(8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[685 0 R/XYZ null 682 null]/Prev 830 0 R>>endobj -832 0 obj<</Parent 742 0 R/Count -16/First 833 0 R/Last 848 0 R/Title(Chapter 9. Unified Logons between Windows NT and UNIX using Winbind)/Dest[691 0 R/XYZ null 750 null]/Prev 818 0 R/Next 849 0 R>>endobj -833 0 obj<</Parent 832 0 R/Title(9.1. Abstract)/Dest[691 0 R/XYZ null 702 null]/Next 834 0 R>>endobj -834 0 obj<</Parent 832 0 R/Title(9.2. Introduction)/Dest[691 0 R/XYZ null 565 null]/Prev 833 0 R/Next 835 0 R>>endobj -835 0 obj<</Parent 832 0 R/Title(9.3. What Winbind Provides)/Dest[691 0 R/XYZ null 242 null]/Prev 834 0 R/Next 836 0 R>>endobj -836 0 obj<</Parent 832 0 R/Title(9.3.1. Target Uses)/Dest[694 0 R/XYZ null 577 null]/Prev 835 0 R/Next 837 0 R>>endobj -837 0 obj<</Parent 832 0 R/Title(9.4. How Winbind Works)/Dest[694 0 R/XYZ null 413 null]/Prev 836 0 R/Next 838 0 R>>endobj -838 0 obj<</Parent 832 0 R/Title(9.4.1. Microsoft Remote Procedure Calls)/Dest[694 0 R/XYZ null 288 null]/Prev 837 0 R/Next 839 0 R>>endobj -839 0 obj<</Parent 832 0 R/Title(9.4.2. Name Service Switch)/Dest[697 0 R/XYZ null 750 null]/Prev 838 0 R/Next 840 0 R>>endobj -840 0 obj<</Parent 832 0 R/Title(9.4.3. Pluggable Authentication Modules)/Dest[697 0 R/XYZ null 309 null]/Prev 839 0 R/Next 841 0 R>>endobj -841 0 obj<</Parent 832 0 R/Title(9.4.4. User and Group ID Allocation)/Dest[700 0 R/XYZ null 669 null]/Prev 840 0 R/Next 842 0 R>>endobj -842 0 obj<</Parent 832 0 R/Title(9.4.5. Result Caching)/Dest[700 0 R/XYZ null 479 null]/Prev 841 0 R/Next 843 0 R>>endobj -843 0 obj<</Parent 832 0 R/Title(9.5. Installation and Configuration)/Dest[700 0 R/XYZ null 328 null]/Prev 842 0 R/Next 844 0 R>>endobj -844 0 obj<</Parent 832 0 R/Title(9.5.1. Introduction)/Dest[700 0 R/XYZ null 217 null]/Prev 843 0 R/Next 845 0 R>>endobj -845 0 obj<</Parent 832 0 R/Title(9.5.2. Requirements)/Dest[703 0 R/XYZ null 577 null]/Prev 844 0 R/Next 846 0 R>>endobj -846 0 obj<</Parent 832 0 R/Title(9.5.3. Testing Things Out)/Dest[703 0 R/XYZ null 294 null]/Prev 845 0 R/Next 847 0 R>>endobj -847 0 obj<</Parent 832 0 R/Title(9.6. Limitations)/Dest[718 0 R/XYZ null 431 null]/Prev 846 0 R/Next 848 0 R>>endobj -848 0 obj<</Parent 832 0 R/Title(9.7. Conclusion)/Dest[718 0 R/XYZ null 215 null]/Prev 847 0 R>>endobj -849 0 obj<</Parent 742 0 R/Count -5/First 850 0 R/Last 854 0 R/Title(Chapter 10. OS2 Client HOWTO)/Dest[721 0 R/XYZ null 750 null]/Prev 832 0 R/Next 855 0 R>>endobj -850 0 obj<</Parent 849 0 R/Title(10.1. FAQs)/Dest[721 0 R/XYZ null 726 null]/Next 851 0 R>>endobj -851 0 obj<</Parent 849 0 R/Title(10.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?)/Dest[721 0 R/XYZ null 696 null]/Prev 850 0 R/Next 852 0 R>>endobj -852 0 obj<</Parent 849 0 R/Title(10.1.2. How can I configure OS/2 Warp 3 \(not Connect\), OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[721 0 R/XYZ null 344 null]/Prev 851 0 R/Next 853 0 R>>endobj -853 0 obj<</Parent 849 0 R/Title(10.1.3. Are there any other issues when OS/2 \(any version\) is used as a client?)/Dest[724 0 R/XYZ null 750 null]/Prev 852 0 R/Next 854 0 R>>endobj -854 0 obj<</Parent 849 0 R/Title(10.1.4. How do I get printer driver download working for OS/2 clients?)/Dest[724 0 R/XYZ null 635 null]/Prev 853 0 R>>endobj -855 0 obj<</Parent 742 0 R/Count -4/First 856 0 R/Last 859 0 R/Title(Chapter 11. HOWTO Access Samba source code via CVS)/Dest[727 0 R/XYZ null 750 null]/Prev 849 0 R/Next 860 0 R>>endobj -856 0 obj<</Parent 855 0 R/Title(11.1. Introduction)/Dest[727 0 R/XYZ null 702 null]/Next 857 0 R>>endobj -857 0 obj<</Parent 855 0 R/Title(11.2. CVS Access to samba.org)/Dest[727 0 R/XYZ null 578 null]/Prev 856 0 R/Next 858 0 R>>endobj -858 0 obj<</Parent 855 0 R/Title(11.2.1. Access via CVSweb)/Dest[727 0 R/XYZ null 480 null]/Prev 857 0 R/Next 859 0 R>>endobj -859 0 obj<</Parent 855 0 R/Title(11.2.2. Access via cvs)/Dest[727 0 R/XYZ null 355 null]/Prev 858 0 R>>endobj -860 0 obj<</Parent 742 0 R/Title(Index)/Dest[730 0 R/XYZ null 484 null]/Prev 855 0 R>>endobj -861 0 obj<</Type/Catalog/Pages 519 0 R/Names 378 0 R/PageLayout/SinglePage/Outlines 742 0 R/OpenAction[520 0 R/XYZ null null null]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>4<</S/D>>]>>>>endobj +?·#YPŽŒÕR©%îTSB‹y{te5ìýŸ´bdœRÒJÁ´Â5„SJë’*®X.z¬0§º¥’ós
ø¹ßô—ÉÜ™¶{ŸJÅk^‹OáÂ49"t¼ÖÆ8¬§-T‘(€7Î\¿Z£ íK‹ÏÎ:¡HMŠ"M]žs—-¾ÁÆ‘9ªðºjñÐUN`á`;90³˜n!8|„}£Ðl”s
àÇðö2 +À/b©ÕðíŒ +‹Á)“KÄ«³_}¹ƒöAÏa
‹‹™û‡1TCEX¬htÍ™»Æ˜!òFo„œq„yF
Š¹TW€ªE[DÙQô§ ¥3‘Rós_-·c¼ŽPáCS.Fý¨€¾¢ë%£÷´~Å{Ù±2#”à JÒŽ9o/_Æù+ET: hS5âÃr¯Rný +@ü@«·Ý*f +:hD"C* GZ3
´~·WRB +›kûRíC¡–ôѲRVrì¤YB;–ã~üÆPÊ +veE׈a+k–Èäæ<ŒëÔx¾(ɨµ$ždñsËxÎד3m§µ·';ùÛ _LgXÕÌ'm +v˜ÓŸÒ(vIÙ„aÜ!TäTºUÆN0"¹HHïù.ÜaÂ@lÝwW®\Fgoïï"ãÝ=·3®k—Töãjç1ÉFUt‰dK&Œ]ÂÃ`ÛI»d‚™º$0ð7Ap‰bxOO«;wƒéßÝõ?æÿ—ŸFÇÐΆþƈv6]øû…šú0q±½îþp+×ÞÊ=ÒµûÚoʉçþåþ²®Á¼tÓW`òãcÊñ§—g¯¿?Kð¥òotñð:Ò$ñ3#ÿ—Nÿ¬Ý‚~Ú÷=Yé÷ëÉÿ +endobj +764 0 obj +3150 +endobj +765 0 obj<</Count 13/First 766 0 R/Last 884 0 R>>endobj +766 0 obj<</Parent 765 0 R/Title(Table of Contents)/Dest[756 0 R/XYZ null 756 null]/Next 767 0 R>>endobj +767 0 obj<</Parent 765 0 R/Count -19/First 768 0 R/Last 786 0 R/Title(Chapter 1. How to Install and Test SAMBA)/Dest[543 0 R/XYZ null 750 null]/Prev 766 0 R/Next 787 0 R>>endobj +768 0 obj<</Parent 767 0 R/Title(1.1. Step 0: Read the man pages)/Dest[543 0 R/XYZ null 726 null]/Next 769 0 R>>endobj +769 0 obj<</Parent 767 0 R/Title(1.2. Step 1: Building the Binaries)/Dest[543 0 R/XYZ null 589 null]/Prev 768 0 R/Next 770 0 R>>endobj +770 0 obj<</Parent 767 0 R/Title(1.3. Step 2: The all important step)/Dest[543 0 R/XYZ null 174 null]/Prev 769 0 R/Next 771 0 R>>endobj +771 0 obj<</Parent 767 0 R/Title(1.4. Step 3: Create the smb configuration file.)/Dest[546 0 R/XYZ null 735 null]/Prev 770 0 R/Next 772 0 R>>endobj +772 0 obj<</Parent 767 0 R/Title(1.5. Step 4: Test your config file with testparm)/Dest[546 0 R/XYZ null 375 null]/Prev 771 0 R/Next 773 0 R>>endobj +773 0 obj<</Parent 767 0 R/Title(1.6. Step 5: Starting the smbd and nmbd)/Dest[546 0 R/XYZ null 264 null]/Prev 772 0 R/Next 774 0 R>>endobj +774 0 obj<</Parent 767 0 R/Title(1.6.1. Step 5a: Starting from inetd.conf)/Dest[549 0 R/XYZ null 750 null]/Prev 773 0 R/Next 775 0 R>>endobj +775 0 obj<</Parent 767 0 R/Title(1.6.2. Step 5b. Alternative: starting it as a daemon)/Dest[549 0 R/XYZ null 262 null]/Prev 774 0 R/Next 776 0 R>>endobj +776 0 obj<</Parent 767 0 R/Title(1.7. Step 6: Try listing the shares available on your server)/Dest[552 0 R/XYZ null 682 null]/Prev 775 0 R/Next 777 0 R>>endobj +777 0 obj<</Parent 767 0 R/Title(1.8. Step 7: Try connecting with the unix client)/Dest[552 0 R/XYZ null 505 null]/Prev 776 0 R/Next 778 0 R>>endobj +778 0 obj<</Parent 767 0 R/Title(1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client)/Dest[552 0 R/XYZ null 328 null]/Prev 777 0 R/Next 779 0 R>>endobj +779 0 obj<</Parent 767 0 R/Title(1.10. What If Things Don't Work?)/Dest[555 0 R/XYZ null 750 null]/Prev 778 0 R/Next 780 0 R>>endobj +780 0 obj<</Parent 767 0 R/Title(1.10.1. Diagnosing Problems)/Dest[555 0 R/XYZ null 573 null]/Prev 779 0 R/Next 781 0 R>>endobj +781 0 obj<</Parent 767 0 R/Title(1.10.2. Scope IDs)/Dest[555 0 R/XYZ null 501 null]/Prev 780 0 R/Next 782 0 R>>endobj +782 0 obj<</Parent 767 0 R/Title(1.10.3. Choosing the Protocol Level)/Dest[555 0 R/XYZ null 390 null]/Prev 781 0 R/Next 783 0 R>>endobj +783 0 obj<</Parent 767 0 R/Title(1.10.4. Printing from UNIX to a Client PC)/Dest[558 0 R/XYZ null 735 null]/Prev 782 0 R/Next 784 0 R>>endobj +784 0 obj<</Parent 767 0 R/Title(1.10.5. Locking)/Dest[558 0 R/XYZ null 611 null]/Prev 783 0 R/Next 785 0 R>>endobj +785 0 obj<</Parent 767 0 R/Title(1.10.6. Mapping Usernames)/Dest[561 0 R/XYZ null 750 null]/Prev 784 0 R/Next 786 0 R>>endobj +786 0 obj<</Parent 767 0 R/Title(1.10.7. Other Character Sets)/Dest[561 0 R/XYZ null 679 null]/Prev 785 0 R>>endobj +787 0 obj<</Parent 765 0 R/Count -18/First 788 0 R/Last 805 0 R/Title(Chapter 2. Integrating MS Windows networks with Samba)/Dest[564 0 R/XYZ null 750 null]/Prev 767 0 R/Next 806 0 R>>endobj +788 0 obj<</Parent 787 0 R/Title(2.1. Agenda)/Dest[564 0 R/XYZ null 702 null]/Next 789 0 R>>endobj +789 0 obj<</Parent 787 0 R/Title(2.2. Name Resolution in a pure Unix/Linux world)/Dest[564 0 R/XYZ null 459 null]/Prev 788 0 R/Next 790 0 R>>endobj +790 0 obj<</Parent 787 0 R/Title(2.2.1. /etc/hosts)/Dest[564 0 R/XYZ null 321 null]/Prev 789 0 R/Next 791 0 R>>endobj +791 0 obj<</Parent 787 0 R/Title(2.2.2. /etc/resolv.conf)/Dest[567 0 R/XYZ null 431 null]/Prev 790 0 R/Next 792 0 R>>endobj +792 0 obj<</Parent 787 0 R/Title(2.2.3. /etc/host.conf)/Dest[567 0 R/XYZ null 281 null]/Prev 791 0 R/Next 793 0 R>>endobj +793 0 obj<</Parent 787 0 R/Title(2.2.4. /etc/nsswitch.conf)/Dest[570 0 R/XYZ null 750 null]/Prev 792 0 R/Next 794 0 R>>endobj +794 0 obj<</Parent 787 0 R/Title(2.3. Name resolution as used within MS Windows networking)/Dest[570 0 R/XYZ null 264 null]/Prev 793 0 R/Next 795 0 R>>endobj +795 0 obj<</Parent 787 0 R/Title(2.3.1. The NetBIOS Name Cache)/Dest[573 0 R/XYZ null 206 null]/Prev 794 0 R/Next 796 0 R>>endobj +796 0 obj<</Parent 787 0 R/Title(2.3.2. The LMHOSTS file)/Dest[576 0 R/XYZ null 656 null]/Prev 795 0 R/Next 797 0 R>>endobj +797 0 obj<</Parent 787 0 R/Title(2.3.3. HOSTS file)/Dest[579 0 R/XYZ null 367 null]/Prev 796 0 R/Next 798 0 R>>endobj +798 0 obj<</Parent 787 0 R/Title(2.3.4. DNS Lookup)/Dest[579 0 R/XYZ null 256 null]/Prev 797 0 R/Next 799 0 R>>endobj +799 0 obj<</Parent 787 0 R/Title(2.3.5. WINS Lookup)/Dest[582 0 R/XYZ null 750 null]/Prev 798 0 R/Next 800 0 R>>endobj +800 0 obj<</Parent 787 0 R/Title(2.4. How browsing functions and how to deploy stable and dependable browsing using Samba)/Dest[582 0 R/XYZ null 525 null]/Prev 799 0 R/Next 801 0 R>>endobj +801 0 obj<</Parent 787 0 R/Title(2.5. MS Windows security options and how to configure Samba for seemless integration)/Dest[585 0 R/XYZ null 629 null]/Prev 800 0 R/Next 802 0 R>>endobj +802 0 obj<</Parent 787 0 R/Title(2.5.1. Use MS Windows NT as an authentication server)/Dest[588 0 R/XYZ null 577 null]/Prev 801 0 R/Next 803 0 R>>endobj +803 0 obj<</Parent 787 0 R/Title(2.5.2. Make Samba a member of an MS Windows NT security domain)/Dest[588 0 R/XYZ null 300 null]/Prev 802 0 R/Next 804 0 R>>endobj +804 0 obj<</Parent 787 0 R/Title(2.5.3. Configure Samba as an authentication server)/Dest[591 0 R/XYZ null 590 null]/Prev 803 0 R/Next 805 0 R>>endobj +805 0 obj<</Parent 787 0 R/Title(2.6. Conclusions)/Dest[594 0 R/XYZ null 635 null]/Prev 804 0 R>>endobj +806 0 obj<</Parent 765 0 R/Count -3/First 807 0 R/Last 809 0 R/Title(Chapter 3. Configuring PAM for distributed but centrally managed authentication)/Dest[597 0 R/XYZ null 750 null]/Prev 787 0 R/Next 810 0 R>>endobj +807 0 obj<</Parent 806 0 R/Title(3.1. Samba and PAM)/Dest[597 0 R/XYZ null 702 null]/Next 808 0 R>>endobj +808 0 obj<</Parent 806 0 R/Title(3.2. Distributed Authentication)/Dest[600 0 R/XYZ null 175 null]/Prev 807 0 R/Next 809 0 R>>endobj +809 0 obj<</Parent 806 0 R/Title(3.3. PAM Configuration in smb.conf)/Dest[603 0 R/XYZ null 722 null]/Prev 808 0 R>>endobj +810 0 obj<</Parent 765 0 R/Count -2/First 811 0 R/Last 812 0 R/Title(Chapter 4. Hosting a Microsoft Distributed File System tree on Samba)/Dest[606 0 R/XYZ null 750 null]/Prev 806 0 R/Next 813 0 R>>endobj +811 0 obj<</Parent 810 0 R/Title(4.1. Instructions)/Dest[606 0 R/XYZ null 702 null]/Next 812 0 R>>endobj +812 0 obj<</Parent 810 0 R/Title(4.1.1. Notes)/Dest[609 0 R/XYZ null 669 null]/Prev 811 0 R>>endobj +813 0 obj<</Parent 765 0 R/Count -9/First 814 0 R/Last 822 0 R/Title(Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists)/Dest[612 0 R/XYZ null 750 null]/Prev 810 0 R/Next 823 0 R>>endobj +814 0 obj<</Parent 813 0 R/Title(5.1. Viewing and changing UNIX permissions using the NT security dialogs)/Dest[612 0 R/XYZ null 702 null]/Next 815 0 R>>endobj +815 0 obj<</Parent 813 0 R/Title(5.2. How to view file security on a Samba share)/Dest[612 0 R/XYZ null 521 null]/Prev 814 0 R/Next 816 0 R>>endobj +816 0 obj<</Parent 813 0 R/Title(5.3. Viewing file ownership)/Dest[612 0 R/XYZ null 344 null]/Prev 815 0 R/Next 817 0 R>>endobj +817 0 obj<</Parent 813 0 R/Title(5.4. Viewing file or directory permissions)/Dest[615 0 R/XYZ null 682 null]/Prev 816 0 R/Next 818 0 R>>endobj +818 0 obj<</Parent 813 0 R/Title(5.4.1. File Permissions)/Dest[615 0 R/XYZ null 439 null]/Prev 817 0 R/Next 819 0 R>>endobj +819 0 obj<</Parent 813 0 R/Title(5.4.2. Directory Permissions)/Dest[615 0 R/XYZ null 183 null]/Prev 818 0 R/Next 820 0 R>>endobj +820 0 obj<</Parent 813 0 R/Title(5.5. Modifying file or directory permissions)/Dest[618 0 R/XYZ null 669 null]/Prev 819 0 R/Next 821 0 R>>endobj +821 0 obj<</Parent 813 0 R/Title(5.6. Interaction with the standard Samba create mask parameters)/Dest[618 0 R/XYZ null 228 null]/Prev 820 0 R/Next 822 0 R>>endobj +822 0 obj<</Parent 813 0 R/Title(5.7. Interaction with the standard Samba file attribute mapping)/Dest[624 0 R/XYZ null 590 null]/Prev 821 0 R>>endobj +823 0 obj<</Parent 765 0 R/Count -13/First 824 0 R/Last 836 0 R/Title(Chapter 6. Printing Support in Samba 2.2.x)/Dest[627 0 R/XYZ null 750 null]/Prev 813 0 R/Next 837 0 R>>endobj +824 0 obj<</Parent 823 0 R/Title(6.1. Introduction)/Dest[627 0 R/XYZ null 726 null]/Next 825 0 R>>endobj +825 0 obj<</Parent 823 0 R/Title(6.2. Configuration)/Dest[627 0 R/XYZ null 298 null]/Prev 824 0 R/Next 826 0 R>>endobj +826 0 obj<</Parent 823 0 R/Title(6.2.1. Creating [print$])/Dest[630 0 R/XYZ null 689 null]/Prev 825 0 R/Next 827 0 R>>endobj +827 0 obj<</Parent 823 0 R/Title(6.2.2. Setting Drivers for Existing Printers)/Dest[633 0 R/XYZ null 459 null]/Prev 826 0 R/Next 828 0 R>>endobj +828 0 obj<</Parent 823 0 R/Title(6.2.3. Support a large number of printers)/Dest[636 0 R/XYZ null 682 null]/Prev 827 0 R/Next 829 0 R>>endobj +829 0 obj<</Parent 823 0 R/Title(6.2.4. Adding New Printers via the Windows NT APW)/Dest[636 0 R/XYZ null 298 null]/Prev 828 0 R/Next 830 0 R>>endobj +830 0 obj<</Parent 823 0 R/Title(6.2.5. Samba and Printer Ports)/Dest[639 0 R/XYZ null 682 null]/Prev 829 0 R/Next 831 0 R>>endobj +831 0 obj<</Parent 823 0 R/Title(6.3. The Imprints Toolset)/Dest[639 0 R/XYZ null 492 null]/Prev 830 0 R/Next 832 0 R>>endobj +832 0 obj<</Parent 823 0 R/Title(6.3.1. What is Imprints?)/Dest[639 0 R/XYZ null 381 null]/Prev 831 0 R/Next 833 0 R>>endobj +833 0 obj<</Parent 823 0 R/Title(6.3.2. Creating Printer Driver Packages)/Dest[639 0 R/XYZ null 243 null]/Prev 832 0 R/Next 834 0 R>>endobj +834 0 obj<</Parent 823 0 R/Title(6.3.3. The Imprints server)/Dest[639 0 R/XYZ null 145 null]/Prev 833 0 R/Next 835 0 R>>endobj +835 0 obj<</Parent 823 0 R/Title(6.3.4. The Installation Client)/Dest[642 0 R/XYZ null 709 null]/Prev 834 0 R/Next 836 0 R>>endobj +836 0 obj<</Parent 823 0 R/Title(6.4. Migration to from Samba 2.0.x to 2.2.x)/Dest[645 0 R/XYZ null 750 null]/Prev 835 0 R>>endobj +837 0 obj<</Parent 765 0 R/Count -3/First 838 0 R/Last 840 0 R/Title(Chapter 7. security = domain in Samba 2.x)/Dest[648 0 R/XYZ null 750 null]/Prev 823 0 R/Next 841 0 R>>endobj +838 0 obj<</Parent 837 0 R/Title(7.1. Joining an NT Domain with Samba 2.2)/Dest[648 0 R/XYZ null 726 null]/Next 839 0 R>>endobj +839 0 obj<</Parent 837 0 R/Title(7.2. Samba and Windows 2000 Domains)/Dest[651 0 R/XYZ null 379 null]/Prev 838 0 R/Next 840 0 R>>endobj +840 0 obj<</Parent 837 0 R/Title(7.3. Why is this better than security = server?)/Dest[651 0 R/XYZ null 162 null]/Prev 839 0 R>>endobj +841 0 obj<</Parent 765 0 R/Count -14/First 842 0 R/Last 855 0 R/Title(Chapter 8. How to Configure Samba 2.2 as a Primary Domain Controller)/Dest[657 0 R/XYZ null 750 null]/Prev 837 0 R/Next 856 0 R>>endobj +842 0 obj<</Parent 841 0 R/Title(8.1. Prerequisite Reading)/Dest[657 0 R/XYZ null 702 null]/Next 843 0 R>>endobj +843 0 obj<</Parent 841 0 R/Title(8.2. Background)/Dest[657 0 R/XYZ null 604 null]/Prev 842 0 R/Next 844 0 R>>endobj +844 0 obj<</Parent 841 0 R/Title(8.3. Configuring the Samba Domain Controller)/Dest[660 0 R/XYZ null 722 null]/Prev 843 0 R/Next 845 0 R>>endobj +845 0 obj<</Parent 841 0 R/Title(8.4. Creating Machine Trust Accounts and Joining Clients to the Domain)/Dest[663 0 R/XYZ null 603 null]/Prev 844 0 R/Next 846 0 R>>endobj +846 0 obj<</Parent 841 0 R/Title(8.4.1. Manual Creation of Machine Trust Accounts)/Dest[663 0 R/XYZ null 228 null]/Prev 845 0 R/Next 847 0 R>>endobj +847 0 obj<</Parent 841 0 R/Title(8.4.2. "On-the-Fly" Creation of Machine Trust Accounts)/Dest[666 0 R/XYZ null 355 null]/Prev 846 0 R/Next 848 0 R>>endobj +848 0 obj<</Parent 841 0 R/Title(8.4.3. Joining the Client to the Domain)/Dest[669 0 R/XYZ null 750 null]/Prev 847 0 R/Next 849 0 R>>endobj +849 0 obj<</Parent 841 0 R/Title(8.5. Common Problems and Errors)/Dest[669 0 R/XYZ null 388 null]/Prev 848 0 R/Next 850 0 R>>endobj +850 0 obj<</Parent 841 0 R/Title(8.6. System Policies and Profiles)/Dest[675 0 R/XYZ null 735 null]/Prev 849 0 R/Next 851 0 R>>endobj +851 0 obj<</Parent 841 0 R/Title(8.7. What other help can I get?)/Dest[678 0 R/XYZ null 682 null]/Prev 850 0 R/Next 852 0 R>>endobj +852 0 obj<</Parent 841 0 R/Title(8.8. Domain Control for Windows 9x/ME)/Dest[684 0 R/XYZ null 299 null]/Prev 851 0 R/Next 853 0 R>>endobj +853 0 obj<</Parent 841 0 R/Title(8.8.1. Configuration Instructions: Network Logons)/Dest[687 0 R/XYZ null 273 null]/Prev 852 0 R/Next 854 0 R>>endobj +854 0 obj<</Parent 841 0 R/Title(8.8.2. Configuration Instructions: Setting up Roaming User Profiles)/Dest[690 0 R/XYZ null 478 null]/Prev 853 0 R/Next 855 0 R>>endobj +855 0 obj<</Parent 841 0 R/Title(8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[702 0 R/XYZ null 270 null]/Prev 854 0 R>>endobj +856 0 obj<</Parent 765 0 R/Count -16/First 857 0 R/Last 872 0 R/Title(Chapter 9. Unified Logons between Windows NT and UNIX using Winbind)/Dest[711 0 R/XYZ null 750 null]/Prev 841 0 R/Next 873 0 R>>endobj +857 0 obj<</Parent 856 0 R/Title(9.1. Abstract)/Dest[711 0 R/XYZ null 702 null]/Next 858 0 R>>endobj +858 0 obj<</Parent 856 0 R/Title(9.2. Introduction)/Dest[711 0 R/XYZ null 565 null]/Prev 857 0 R/Next 859 0 R>>endobj +859 0 obj<</Parent 856 0 R/Title(9.3. What Winbind Provides)/Dest[711 0 R/XYZ null 242 null]/Prev 858 0 R/Next 860 0 R>>endobj +860 0 obj<</Parent 856 0 R/Title(9.3.1. Target Uses)/Dest[714 0 R/XYZ null 577 null]/Prev 859 0 R/Next 861 0 R>>endobj +861 0 obj<</Parent 856 0 R/Title(9.4. How Winbind Works)/Dest[714 0 R/XYZ null 413 null]/Prev 860 0 R/Next 862 0 R>>endobj +862 0 obj<</Parent 856 0 R/Title(9.4.1. Microsoft Remote Procedure Calls)/Dest[714 0 R/XYZ null 288 null]/Prev 861 0 R/Next 863 0 R>>endobj +863 0 obj<</Parent 856 0 R/Title(9.4.2. Name Service Switch)/Dest[717 0 R/XYZ null 750 null]/Prev 862 0 R/Next 864 0 R>>endobj +864 0 obj<</Parent 856 0 R/Title(9.4.3. Pluggable Authentication Modules)/Dest[717 0 R/XYZ null 309 null]/Prev 863 0 R/Next 865 0 R>>endobj +865 0 obj<</Parent 856 0 R/Title(9.4.4. User and Group ID Allocation)/Dest[720 0 R/XYZ null 669 null]/Prev 864 0 R/Next 866 0 R>>endobj +866 0 obj<</Parent 856 0 R/Title(9.4.5. Result Caching)/Dest[720 0 R/XYZ null 479 null]/Prev 865 0 R/Next 867 0 R>>endobj +867 0 obj<</Parent 856 0 R/Title(9.5. Installation and Configuration)/Dest[720 0 R/XYZ null 328 null]/Prev 866 0 R/Next 868 0 R>>endobj +868 0 obj<</Parent 856 0 R/Title(9.5.1. Introduction)/Dest[720 0 R/XYZ null 217 null]/Prev 867 0 R/Next 869 0 R>>endobj +869 0 obj<</Parent 856 0 R/Title(9.5.2. Requirements)/Dest[723 0 R/XYZ null 577 null]/Prev 868 0 R/Next 870 0 R>>endobj +870 0 obj<</Parent 856 0 R/Title(9.5.3. Testing Things Out)/Dest[723 0 R/XYZ null 294 null]/Prev 869 0 R/Next 871 0 R>>endobj +871 0 obj<</Parent 856 0 R/Title(9.6. Limitations)/Dest[738 0 R/XYZ null 351 null]/Prev 870 0 R/Next 872 0 R>>endobj +872 0 obj<</Parent 856 0 R/Title(9.7. Conclusion)/Dest[741 0 R/XYZ null 750 null]/Prev 871 0 R>>endobj +873 0 obj<</Parent 765 0 R/Count -5/First 874 0 R/Last 878 0 R/Title(Chapter 10. OS2 Client HOWTO)/Dest[744 0 R/XYZ null 750 null]/Prev 856 0 R/Next 879 0 R>>endobj +874 0 obj<</Parent 873 0 R/Title(10.1. FAQs)/Dest[744 0 R/XYZ null 726 null]/Next 875 0 R>>endobj +875 0 obj<</Parent 873 0 R/Title(10.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?)/Dest[744 0 R/XYZ null 696 null]/Prev 874 0 R/Next 876 0 R>>endobj +876 0 obj<</Parent 873 0 R/Title(10.1.2. How can I configure OS/2 Warp 3 \(not Connect\), OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[744 0 R/XYZ null 344 null]/Prev 875 0 R/Next 877 0 R>>endobj +877 0 obj<</Parent 873 0 R/Title(10.1.3. Are there any other issues when OS/2 \(any version\) is used as a client?)/Dest[747 0 R/XYZ null 750 null]/Prev 876 0 R/Next 878 0 R>>endobj +878 0 obj<</Parent 873 0 R/Title(10.1.4. How do I get printer driver download working for OS/2 clients?)/Dest[747 0 R/XYZ null 635 null]/Prev 877 0 R>>endobj +879 0 obj<</Parent 765 0 R/Count -4/First 880 0 R/Last 883 0 R/Title(Chapter 11. HOWTO Access Samba source code via CVS)/Dest[750 0 R/XYZ null 750 null]/Prev 873 0 R/Next 884 0 R>>endobj +880 0 obj<</Parent 879 0 R/Title(11.1. Introduction)/Dest[750 0 R/XYZ null 702 null]/Next 881 0 R>>endobj +881 0 obj<</Parent 879 0 R/Title(11.2. CVS Access to samba.org)/Dest[750 0 R/XYZ null 578 null]/Prev 880 0 R/Next 882 0 R>>endobj +882 0 obj<</Parent 879 0 R/Title(11.2.1. Access via CVSweb)/Dest[750 0 R/XYZ null 480 null]/Prev 881 0 R/Next 883 0 R>>endobj +883 0 obj<</Parent 879 0 R/Title(11.2.2. Access via cvs)/Dest[750 0 R/XYZ null 355 null]/Prev 882 0 R>>endobj +884 0 obj<</Parent 765 0 R/Title(Index)/Dest[753 0 R/XYZ null 484 null]/Prev 879 0 R>>endobj +885 0 obj<</Type/Catalog/Pages 539 0 R/Names 397 0 R/PageLayout/SinglePage/Outlines 765 0 R/OpenAction[540 0 R/XYZ null null null]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>4<</S/D>>]>>>>endobj xref -0 862 +0 886 0000000000 65535 f 0000000015 00000 n 0000000244 00000 n @@ -1983,835 +2037,859 @@ xref 0000003731 00000 n 0000003762 00000 n 0000003816 00000 n -0000003901 00000 n -0000003925 00000 n -0000003976 00000 n -0000004061 00000 n -0000004109 00000 n -0000004194 00000 n -0000004225 00000 n -0000004343 00000 n -0000004427 00000 n -0000004468 00000 n -0000004553 00000 n -0000004594 00000 n -0000004679 00000 n -0000004717 00000 n -0000004761 00000 n -0000004846 00000 n -0000004870 00000 n -0000004914 00000 n -0000004998 00000 n -0000005040 00000 n -0000005125 00000 n -0000005174 00000 n -0000005259 00000 n -0000005308 00000 n -0000005391 00000 n -0000005438 00000 n -0000005523 00000 n -0000005569 00000 n -0000005653 00000 n -0000005712 00000 n -0000005774 00000 n -0000005859 00000 n -0000005916 00000 n -0000006001 00000 n -0000006094 00000 n -0000006178 00000 n -0000006216 00000 n -0000006321 00000 n -0000006362 00000 n -0000006446 00000 n -0000006492 00000 n -0000006577 00000 n -0000006616 00000 n -0000006701 00000 n -0000006743 00000 n -0000006828 00000 n -0000006870 00000 n -0000006955 00000 n -0000007014 00000 n -0000007058 00000 n -0000007143 00000 n -0000007167 00000 n -0000007214 00000 n -0000007299 00000 n -0000007351 00000 n -0000007436 00000 n -0000007485 00000 n -0000007570 00000 n -0000007619 00000 n -0000007703 00000 n -0000007748 00000 n -0000007800 00000 n -0000007885 00000 n -0000007933 00000 n -0000008018 00000 n -0000008066 00000 n -0000008151 00000 n -0000008215 00000 n -0000008302 00000 n -0000008350 00000 n -0000008414 00000 n -0000008501 00000 n -0000008527 00000 n -0000008575 00000 n -0000008662 00000 n -0000008709 00000 n +0000003900 00000 n +0000003924 00000 n +0000003975 00000 n +0000004060 00000 n +0000004108 00000 n +0000004193 00000 n +0000004224 00000 n +0000004342 00000 n +0000004426 00000 n +0000004467 00000 n +0000004552 00000 n +0000004593 00000 n +0000004678 00000 n +0000004716 00000 n +0000004760 00000 n +0000004845 00000 n +0000004869 00000 n +0000004913 00000 n +0000004997 00000 n +0000005039 00000 n +0000005124 00000 n +0000005173 00000 n +0000005258 00000 n +0000005307 00000 n +0000005390 00000 n +0000005437 00000 n +0000005522 00000 n +0000005568 00000 n +0000005652 00000 n +0000005711 00000 n +0000005773 00000 n +0000005858 00000 n +0000005915 00000 n +0000006000 00000 n +0000006093 00000 n +0000006177 00000 n +0000006215 00000 n +0000006320 00000 n +0000006361 00000 n +0000006445 00000 n +0000006491 00000 n +0000006576 00000 n +0000006615 00000 n +0000006700 00000 n +0000006742 00000 n +0000006827 00000 n +0000006869 00000 n +0000006954 00000 n +0000007013 00000 n +0000007057 00000 n +0000007142 00000 n +0000007166 00000 n +0000007213 00000 n +0000007298 00000 n +0000007350 00000 n +0000007435 00000 n +0000007484 00000 n +0000007569 00000 n +0000007618 00000 n +0000007702 00000 n +0000007747 00000 n +0000007799 00000 n +0000007884 00000 n +0000007932 00000 n +0000008017 00000 n +0000008065 00000 n +0000008150 00000 n +0000008214 00000 n +0000008301 00000 n +0000008349 00000 n +0000008413 00000 n +0000008500 00000 n +0000008526 00000 n +0000008574 00000 n +0000008661 00000 n +0000008708 00000 n 0000008795 00000 n 0000008836 00000 n -0000008921 00000 n -0000008963 00000 n -0000009005 00000 n -0000009092 00000 n -0000009141 00000 n -0000009228 00000 n -0000009275 00000 n -0000009362 00000 n -0000009404 00000 n -0000009457 00000 n -0000009544 00000 n -0000009588 00000 n -0000009675 00000 n -0000009732 00000 n -0000009819 00000 n -0000009915 00000 n -0000010001 00000 n -0000010051 00000 n -0000010098 00000 n -0000010185 00000 n -0000010232 00000 n -0000010319 00000 n -0000010368 00000 n -0000010454 00000 n -0000010501 00000 n -0000010588 00000 n -0000010638 00000 n -0000010685 00000 n -0000010772 00000 n -0000010819 00000 n -0000010904 00000 n -0000010948 00000 n -0000011034 00000 n -0000011076 00000 n -0000011162 00000 n -0000011202 00000 n -0000011288 00000 n -0000011336 00000 n -0000011422 00000 n -0000011467 00000 n -0000011553 00000 n -0000011597 00000 n -0000011683 00000 n -0000011734 00000 n -0000011820 00000 n -0000011869 00000 n -0000011955 00000 n -0000012000 00000 n -0000012086 00000 n -0000012128 00000 n -0000012214 00000 n -0000012257 00000 n -0000012343 00000 n -0000012385 00000 n -0000012471 00000 n -0000012515 00000 n -0000012601 00000 n -0000012638 00000 n -0000012724 00000 n -0000012766 00000 n -0000012852 00000 n -0000012894 00000 n -0000012980 00000 n -0000013017 00000 n -0000013101 00000 n -0000013143 00000 n -0000013227 00000 n -0000013405 00000 n -0000013448 00000 n -0000013534 00000 n -0000013580 00000 n -0000013666 00000 n -0000013713 00000 n -0000013800 00000 n -0000013849 00000 n -0000013936 00000 n -0000013985 00000 n -0000014071 00000 n -0000014129 00000 n -0000014177 00000 n -0000014263 00000 n -0000014309 00000 n -0000014396 00000 n -0000014430 00000 n -0000014545 00000 n -0000014632 00000 n -0000014658 00000 n -0000014740 00000 n -0000014827 00000 n -0000014912 00000 n -0000014999 00000 n -0000015054 00000 n -0000015139 00000 n -0000015181 00000 n -0000015237 00000 n -0000015324 00000 n -0000015372 00000 n -0000015459 00000 n -0000015533 00000 n -0000015618 00000 n -0000015660 00000 n -0000015728 00000 n -0000015815 00000 n -0000015869 00000 n -0000015956 00000 n -0000016024 00000 n -0000016111 00000 n -0000016185 00000 n -0000016272 00000 n -0000016320 00000 n -0000016407 00000 n -0000016464 00000 n -0000016551 00000 n -0000016606 00000 n -0000016693 00000 n -0000016774 00000 n -0000016861 00000 n -0000016943 00000 n -0000017005 00000 n -0000017092 00000 n -0000017118 00000 n -0000017165 00000 n -0000017252 00000 n -0000017278 00000 n -0000017357 00000 n -0000017444 00000 n -0000017526 00000 n -0000017612 00000 n -0000017687 00000 n -0000017774 00000 n -0000017847 00000 n -0000017934 00000 n -0000017984 00000 n -0000018062 00000 n -0000018149 00000 n -0000018175 00000 n -0000018238 00000 n -0000018325 00000 n -0000018388 00000 n -0000018475 00000 n -0000018529 00000 n -0000018616 00000 n -0000018658 00000 n -0000018699 00000 n -0000018786 00000 n -0000018812 00000 n -0000018917 00000 n -0000019023 00000 n -0000019129 00000 n -0000019235 00000 n -0000019341 00000 n -0000019447 00000 n -0000019553 00000 n -0000019659 00000 n -0000019765 00000 n -0000019871 00000 n -0000019977 00000 n -0000020083 00000 n -0000020189 00000 n -0000020295 00000 n -0000020401 00000 n -0000020507 00000 n -0000020613 00000 n -0000020719 00000 n -0000020825 00000 n -0000020931 00000 n -0000021036 00000 n -0000021142 00000 n -0000021248 00000 n -0000021354 00000 n -0000021460 00000 n -0000021566 00000 n -0000021672 00000 n -0000021778 00000 n -0000021884 00000 n -0000021990 00000 n -0000022096 00000 n -0000022202 00000 n -0000022308 00000 n -0000022414 00000 n -0000022520 00000 n -0000022626 00000 n -0000022732 00000 n -0000022838 00000 n -0000022944 00000 n -0000023049 00000 n -0000023155 00000 n -0000023261 00000 n -0000023367 00000 n -0000023470 00000 n -0000023574 00000 n -0000023952 00000 n -0000024058 00000 n -0000024163 00000 n -0000024269 00000 n -0000024375 00000 n -0000024481 00000 n -0000024587 00000 n -0000024693 00000 n -0000024799 00000 n -0000024905 00000 n -0000025011 00000 n -0000025117 00000 n -0000025222 00000 n -0000025328 00000 n -0000025434 00000 n -0000025540 00000 n -0000025646 00000 n -0000025752 00000 n -0000025858 00000 n -0000025964 00000 n -0000026070 00000 n -0000026176 00000 n -0000026282 00000 n -0000026388 00000 n -0000026494 00000 n -0000026600 00000 n -0000026705 00000 n -0000026811 00000 n -0000026917 00000 n -0000027023 00000 n -0000027128 00000 n -0000027234 00000 n -0000027340 00000 n -0000027446 00000 n -0000027552 00000 n -0000027658 00000 n -0000027764 00000 n -0000027870 00000 n -0000027976 00000 n -0000028082 00000 n -0000028188 00000 n -0000028294 00000 n -0000028399 00000 n -0000028503 00000 n -0000028865 00000 n -0000028970 00000 n -0000029076 00000 n -0000029182 00000 n -0000029288 00000 n -0000029394 00000 n -0000029500 00000 n -0000029606 00000 n -0000029712 00000 n -0000029818 00000 n -0000029924 00000 n -0000030030 00000 n -0000030136 00000 n -0000030242 00000 n -0000030348 00000 n -0000030454 00000 n -0000030560 00000 n -0000030666 00000 n -0000030771 00000 n -0000030877 00000 n -0000030983 00000 n -0000031089 00000 n -0000031195 00000 n -0000031301 00000 n -0000031406 00000 n -0000031512 00000 n -0000031618 00000 n -0000031724 00000 n -0000031830 00000 n -0000031934 00000 n -0000032184 00000 n -0000032218 00000 n -0000032252 00000 n -0000034486 00000 n -0000034535 00000 n -0000034584 00000 n -0000034633 00000 n -0000034682 00000 n -0000034731 00000 n -0000034780 00000 n -0000034829 00000 n -0000034878 00000 n -0000034927 00000 n -0000034976 00000 n -0000035025 00000 n -0000035074 00000 n -0000035123 00000 n -0000035172 00000 n -0000035221 00000 n -0000035270 00000 n -0000035319 00000 n -0000035368 00000 n -0000035417 00000 n -0000035466 00000 n -0000035515 00000 n -0000035564 00000 n -0000035613 00000 n -0000035662 00000 n -0000035711 00000 n -0000035760 00000 n -0000035809 00000 n -0000035858 00000 n -0000035907 00000 n -0000035956 00000 n -0000036005 00000 n -0000036054 00000 n -0000036103 00000 n -0000036152 00000 n -0000036201 00000 n -0000036250 00000 n -0000036299 00000 n -0000036348 00000 n -0000036397 00000 n -0000036446 00000 n -0000036495 00000 n -0000036544 00000 n -0000036593 00000 n -0000036642 00000 n -0000036691 00000 n -0000036740 00000 n -0000036789 00000 n -0000036838 00000 n -0000036887 00000 n -0000036936 00000 n -0000036985 00000 n -0000037034 00000 n -0000037083 00000 n -0000037132 00000 n -0000037181 00000 n -0000037230 00000 n -0000037279 00000 n -0000037328 00000 n -0000037377 00000 n -0000037426 00000 n -0000037475 00000 n -0000037524 00000 n -0000037573 00000 n -0000037622 00000 n -0000037671 00000 n -0000037720 00000 n -0000037769 00000 n -0000037818 00000 n -0000037867 00000 n -0000037916 00000 n -0000037965 00000 n -0000038014 00000 n -0000038063 00000 n -0000038112 00000 n -0000038161 00000 n -0000038210 00000 n -0000038259 00000 n -0000038308 00000 n -0000038357 00000 n -0000038406 00000 n -0000038455 00000 n -0000038504 00000 n -0000038553 00000 n -0000038602 00000 n -0000038651 00000 n -0000038700 00000 n -0000038749 00000 n -0000038798 00000 n -0000038847 00000 n -0000038896 00000 n -0000038945 00000 n -0000038994 00000 n -0000039043 00000 n -0000039092 00000 n -0000039141 00000 n -0000039190 00000 n -0000039239 00000 n -0000039288 00000 n -0000039337 00000 n -0000039386 00000 n -0000039435 00000 n -0000039484 00000 n -0000039533 00000 n -0000039582 00000 n -0000039631 00000 n -0000039680 00000 n -0000039729 00000 n -0000039778 00000 n -0000039827 00000 n -0000039876 00000 n -0000039925 00000 n -0000039974 00000 n -0000040023 00000 n -0000040072 00000 n -0000040121 00000 n -0000040170 00000 n -0000040219 00000 n -0000040268 00000 n -0000040317 00000 n -0000040366 00000 n -0000040415 00000 n -0000040464 00000 n -0000040513 00000 n -0000040562 00000 n -0000040611 00000 n -0000040660 00000 n -0000040709 00000 n -0000040758 00000 n -0000040807 00000 n -0000040856 00000 n -0000040905 00000 n -0000040954 00000 n -0000041003 00000 n -0000041052 00000 n -0000041101 00000 n -0000041150 00000 n -0000041199 00000 n -0000041248 00000 n -0000041909 00000 n -0000042065 00000 n -0000042637 00000 n -0000042658 00000 n -0000042832 00000 n -0000043994 00000 n -0000044016 00000 n -0000044167 00000 n -0000045688 00000 n -0000045710 00000 n -0000045870 00000 n -0000047306 00000 n -0000047328 00000 n -0000047506 00000 n -0000048766 00000 n -0000048788 00000 n -0000048930 00000 n -0000050514 00000 n -0000050536 00000 n -0000050669 00000 n -0000052504 00000 n -0000052526 00000 n -0000052659 00000 n -0000053182 00000 n -0000053203 00000 n -0000053364 00000 n -0000054648 00000 n -0000054670 00000 n -0000054831 00000 n -0000056586 00000 n -0000056608 00000 n -0000056768 00000 n -0000058413 00000 n -0000058435 00000 n -0000058577 00000 n -0000060647 00000 n -0000060669 00000 n -0000060811 00000 n -0000062623 00000 n -0000062645 00000 n -0000062787 00000 n -0000064512 00000 n -0000064534 00000 n -0000064685 00000 n -0000066449 00000 n -0000066471 00000 n -0000066646 00000 n -0000068753 00000 n -0000068775 00000 n -0000068935 00000 n -0000070531 00000 n -0000070553 00000 n -0000070728 00000 n -0000072223 00000 n -0000072245 00000 n -0000072397 00000 n -0000073204 00000 n -0000073225 00000 n -0000073376 00000 n -0000075014 00000 n -0000075036 00000 n -0000075201 00000 n -0000076963 00000 n -0000076985 00000 n -0000077150 00000 n -0000077987 00000 n -0000078008 00000 n -0000078182 00000 n -0000079787 00000 n -0000079809 00000 n -0000079952 00000 n -0000080710 00000 n -0000080731 00000 n -0000080914 00000 n -0000082782 00000 n -0000082804 00000 n -0000082973 00000 n -0000084827 00000 n -0000084849 00000 n -0000085009 00000 n -0000086693 00000 n -0000086715 00000 n -0000086888 00000 n -0000088617 00000 n -0000088639 00000 n -0000088790 00000 n -0000089714 00000 n -0000089735 00000 n -0000089919 00000 n -0000091744 00000 n -0000091766 00000 n -0000091940 00000 n -0000094113 00000 n -0000094135 00000 n -0000094328 00000 n -0000096202 00000 n -0000096224 00000 n -0000096408 00000 n -0000098318 00000 n -0000098340 00000 n -0000098516 00000 n -0000100317 00000 n -0000100339 00000 n -0000100509 00000 n -0000102107 00000 n -0000102129 00000 n -0000102314 00000 n -0000103790 00000 n -0000103812 00000 n -0000103996 00000 n -0000105624 00000 n -0000105646 00000 n -0000105821 00000 n -0000107426 00000 n -0000107448 00000 n -0000107623 00000 n -0000109365 00000 n -0000109387 00000 n -0000109572 00000 n -0000111378 00000 n -0000111400 00000 n -0000111566 00000 n -0000113270 00000 n -0000113292 00000 n -0000113477 00000 n -0000115508 00000 n -0000115530 00000 n -0000115724 00000 n -0000117542 00000 n -0000117564 00000 n -0000117733 00000 n -0000119671 00000 n -0000119693 00000 n -0000119887 00000 n -0000121921 00000 n -0000121943 00000 n -0000122119 00000 n -0000123923 00000 n -0000123945 00000 n -0000124111 00000 n -0000125978 00000 n -0000126000 00000 n -0000126166 00000 n -0000128548 00000 n -0000128570 00000 n -0000128712 00000 n -0000130638 00000 n -0000130660 00000 n -0000130802 00000 n -0000132498 00000 n -0000132520 00000 n -0000132680 00000 n -0000134712 00000 n -0000134734 00000 n -0000134885 00000 n -0000136456 00000 n -0000136478 00000 n -0000136620 00000 n -0000138587 00000 n -0000138609 00000 n -0000138760 00000 n -0000140692 00000 n -0000140714 00000 n -0000140856 00000 n -0000142722 00000 n -0000142744 00000 n -0000142904 00000 n -0000144738 00000 n -0000144760 00000 n -0000144883 00000 n -0000145973 00000 n -0000145995 00000 n -0000146147 00000 n -0000147889 00000 n -0000147911 00000 n -0000148053 00000 n -0000149814 00000 n -0000149836 00000 n -0000149987 00000 n -0000151877 00000 n -0000151899 00000 n -0000152056 00000 n -0000153906 00000 n -0000153928 00000 n -0000154098 00000 n -0000156010 00000 n -0000156032 00000 n -0000156198 00000 n -0000157648 00000 n -0000157670 00000 n -0000157821 00000 n -0000159094 00000 n -0000159116 00000 n -0000159267 00000 n -0000160482 00000 n -0000160504 00000 n -0000160655 00000 n -0000162148 00000 n -0000162170 00000 n -0000162331 00000 n -0000163980 00000 n -0000164002 00000 n -0000164169 00000 n -0000165836 00000 n -0000165858 00000 n -0000166015 00000 n -0000167203 00000 n -0000167225 00000 n -0000167382 00000 n -0000168933 00000 n -0000168955 00000 n -0000169139 00000 n -0000169946 00000 n -0000169967 00000 n -0000170124 00000 n -0000175547 00000 n -0000175569 00000 n -0000175726 00000 n -0000180894 00000 n -0000180916 00000 n -0000181073 00000 n -0000184292 00000 n -0000184314 00000 n -0000184370 00000 n -0000184475 00000 n -0000184653 00000 n -0000184772 00000 n -0000184907 00000 n -0000185043 00000 n -0000185191 00000 n -0000185341 00000 n -0000185481 00000 n -0000185622 00000 n -0000185775 00000 n -0000185937 00000 n -0000186086 00000 n -0000186274 00000 n -0000186407 00000 n -0000186535 00000 n -0000186653 00000 n -0000186789 00000 n -0000186931 00000 n -0000187047 00000 n -0000187173 00000 n -0000187289 00000 n -0000187480 00000 n -0000187579 00000 n -0000187727 00000 n -0000187845 00000 n -0000187969 00000 n -0000188091 00000 n -0000188217 00000 n -0000188375 00000 n -0000188505 00000 n -0000188629 00000 n -0000188747 00000 n -0000188865 00000 n -0000188984 00000 n -0000189174 00000 n -0000189360 00000 n -0000189513 00000 n -0000189676 00000 n -0000189827 00000 n -0000189931 00000 n -0000190148 00000 n -0000190254 00000 n -0000190386 00000 n -0000190508 00000 n -0000190713 00000 n -0000190818 00000 n -0000190918 00000 n -0000191122 00000 n -0000191283 00000 n -0000191431 00000 n -0000191559 00000 n -0000191702 00000 n -0000191826 00000 n -0000191955 00000 n -0000192100 00000 n -0000192265 00000 n -0000192417 00000 n +0000008922 00000 n +0000008964 00000 n +0000009006 00000 n +0000009093 00000 n +0000009142 00000 n +0000009229 00000 n +0000009276 00000 n +0000009363 00000 n +0000009405 00000 n +0000009458 00000 n +0000009545 00000 n +0000009589 00000 n +0000009676 00000 n +0000009733 00000 n +0000009820 00000 n +0000009916 00000 n +0000010002 00000 n +0000010052 00000 n +0000010099 00000 n +0000010186 00000 n +0000010233 00000 n +0000010320 00000 n +0000010369 00000 n +0000010456 00000 n +0000010503 00000 n +0000010590 00000 n +0000010640 00000 n +0000010687 00000 n +0000010774 00000 n +0000010821 00000 n +0000010906 00000 n +0000010950 00000 n +0000011036 00000 n +0000011078 00000 n +0000011164 00000 n +0000011204 00000 n +0000011290 00000 n +0000011338 00000 n +0000011424 00000 n +0000011469 00000 n +0000011555 00000 n +0000011599 00000 n +0000011685 00000 n +0000011736 00000 n +0000011822 00000 n +0000011871 00000 n +0000011957 00000 n +0000012002 00000 n +0000012088 00000 n +0000012130 00000 n +0000012216 00000 n +0000012259 00000 n +0000012345 00000 n +0000012387 00000 n +0000012473 00000 n +0000012517 00000 n +0000012603 00000 n +0000012640 00000 n +0000012726 00000 n +0000012767 00000 n +0000012853 00000 n +0000012895 00000 n +0000012981 00000 n +0000013018 00000 n +0000013104 00000 n +0000013145 00000 n +0000013231 00000 n +0000013274 00000 n +0000013360 00000 n +0000013406 00000 n +0000013492 00000 n +0000013686 00000 n +0000013733 00000 n +0000013820 00000 n +0000013869 00000 n +0000013956 00000 n +0000014005 00000 n +0000014091 00000 n +0000014133 00000 n +0000014181 00000 n +0000014267 00000 n +0000014313 00000 n +0000014400 00000 n +0000014434 00000 n +0000014549 00000 n +0000014636 00000 n +0000014662 00000 n +0000014744 00000 n +0000014831 00000 n +0000014916 00000 n +0000015003 00000 n +0000015058 00000 n +0000015145 00000 n +0000015201 00000 n +0000015288 00000 n +0000015338 00000 n +0000015386 00000 n +0000015473 00000 n +0000015547 00000 n +0000015634 00000 n +0000015702 00000 n +0000015789 00000 n +0000015843 00000 n +0000015930 00000 n +0000015998 00000 n +0000016085 00000 n +0000016159 00000 n +0000016246 00000 n +0000016294 00000 n +0000016381 00000 n +0000016438 00000 n +0000016525 00000 n +0000016607 00000 n +0000016662 00000 n +0000016749 00000 n +0000016830 00000 n +0000016917 00000 n +0000016951 00000 n +0000017013 00000 n +0000017100 00000 n +0000017126 00000 n +0000017175 00000 n +0000017262 00000 n +0000017288 00000 n +0000017335 00000 n +0000017422 00000 n +0000017471 00000 n +0000017558 00000 n +0000017601 00000 n +0000017688 00000 n +0000017731 00000 n +0000017817 00000 n +0000017866 00000 n +0000017951 00000 n +0000018000 00000 n +0000018085 00000 n +0000018151 00000 n +0000018199 00000 n +0000018286 00000 n +0000018332 00000 n +0000018419 00000 n +0000018453 00000 n +0000018532 00000 n +0000018619 00000 n +0000018701 00000 n +0000018787 00000 n +0000018862 00000 n +0000018949 00000 n +0000019022 00000 n +0000019109 00000 n +0000019159 00000 n +0000019237 00000 n +0000019324 00000 n +0000019350 00000 n +0000019413 00000 n +0000019500 00000 n +0000019563 00000 n +0000019650 00000 n +0000019704 00000 n +0000019791 00000 n +0000019833 00000 n +0000019874 00000 n +0000019961 00000 n +0000019987 00000 n +0000020092 00000 n +0000020198 00000 n +0000020304 00000 n +0000020410 00000 n +0000020516 00000 n +0000020622 00000 n +0000020728 00000 n +0000020834 00000 n +0000020940 00000 n +0000021046 00000 n +0000021152 00000 n +0000021258 00000 n +0000021364 00000 n +0000021470 00000 n +0000021576 00000 n +0000021682 00000 n +0000021788 00000 n +0000021894 00000 n +0000022000 00000 n +0000022106 00000 n +0000022211 00000 n +0000022317 00000 n +0000022423 00000 n +0000022529 00000 n +0000022635 00000 n +0000022741 00000 n +0000022847 00000 n +0000022953 00000 n +0000023059 00000 n +0000023165 00000 n +0000023271 00000 n +0000023377 00000 n +0000023483 00000 n +0000023589 00000 n +0000023695 00000 n +0000023801 00000 n +0000023907 00000 n +0000024013 00000 n +0000024119 00000 n +0000024224 00000 n +0000024330 00000 n +0000024436 00000 n +0000024542 00000 n +0000024645 00000 n +0000024749 00000 n +0000025127 00000 n +0000025233 00000 n +0000025338 00000 n +0000025444 00000 n +0000025550 00000 n +0000025656 00000 n +0000025762 00000 n +0000025868 00000 n +0000025974 00000 n +0000026080 00000 n +0000026186 00000 n +0000026292 00000 n +0000026397 00000 n +0000026503 00000 n +0000026609 00000 n +0000026715 00000 n +0000026821 00000 n +0000026927 00000 n +0000027033 00000 n +0000027139 00000 n +0000027245 00000 n +0000027351 00000 n +0000027457 00000 n +0000027563 00000 n +0000027669 00000 n +0000027775 00000 n +0000027880 00000 n +0000027986 00000 n +0000028092 00000 n +0000028198 00000 n +0000028303 00000 n +0000028409 00000 n +0000028515 00000 n +0000028621 00000 n +0000028727 00000 n +0000028833 00000 n +0000028939 00000 n +0000029045 00000 n +0000029151 00000 n +0000029257 00000 n +0000029363 00000 n +0000029469 00000 n +0000029574 00000 n +0000029678 00000 n +0000029782 00000 n +0000030152 00000 n +0000030257 00000 n +0000030363 00000 n +0000030469 00000 n +0000030575 00000 n +0000030681 00000 n +0000030787 00000 n +0000030893 00000 n +0000030999 00000 n +0000031105 00000 n +0000031211 00000 n +0000031317 00000 n +0000031423 00000 n +0000031529 00000 n +0000031635 00000 n +0000031741 00000 n +0000031847 00000 n +0000031953 00000 n +0000032058 00000 n +0000032164 00000 n +0000032270 00000 n +0000032376 00000 n +0000032482 00000 n +0000032588 00000 n +0000032693 00000 n +0000032799 00000 n +0000032905 00000 n +0000033011 00000 n +0000033117 00000 n +0000033221 00000 n +0000033471 00000 n +0000033505 00000 n +0000033539 00000 n +0000035789 00000 n +0000035838 00000 n +0000035887 00000 n +0000035936 00000 n +0000035985 00000 n +0000036034 00000 n +0000036083 00000 n +0000036132 00000 n +0000036181 00000 n +0000036230 00000 n +0000036279 00000 n +0000036328 00000 n +0000036377 00000 n +0000036426 00000 n +0000036475 00000 n +0000036524 00000 n +0000036573 00000 n +0000036622 00000 n +0000036671 00000 n +0000036720 00000 n +0000036769 00000 n +0000036818 00000 n +0000036867 00000 n +0000036916 00000 n +0000036965 00000 n +0000037014 00000 n +0000037063 00000 n +0000037112 00000 n +0000037161 00000 n +0000037210 00000 n +0000037259 00000 n +0000037308 00000 n +0000037357 00000 n +0000037406 00000 n +0000037455 00000 n +0000037504 00000 n +0000037553 00000 n +0000037602 00000 n +0000037651 00000 n +0000037700 00000 n +0000037749 00000 n +0000037798 00000 n +0000037847 00000 n +0000037896 00000 n +0000037945 00000 n +0000037994 00000 n +0000038043 00000 n +0000038092 00000 n +0000038141 00000 n +0000038190 00000 n +0000038239 00000 n +0000038288 00000 n +0000038337 00000 n +0000038386 00000 n +0000038435 00000 n +0000038484 00000 n +0000038533 00000 n +0000038582 00000 n +0000038631 00000 n +0000038680 00000 n +0000038729 00000 n +0000038778 00000 n +0000038827 00000 n +0000038876 00000 n +0000038925 00000 n +0000038974 00000 n +0000039023 00000 n +0000039072 00000 n +0000039121 00000 n +0000039170 00000 n +0000039219 00000 n +0000039268 00000 n +0000039317 00000 n +0000039366 00000 n +0000039415 00000 n +0000039464 00000 n +0000039513 00000 n +0000039562 00000 n +0000039611 00000 n +0000039660 00000 n +0000039709 00000 n +0000039758 00000 n +0000039807 00000 n +0000039856 00000 n +0000039905 00000 n +0000039954 00000 n +0000040003 00000 n +0000040052 00000 n +0000040101 00000 n +0000040150 00000 n +0000040199 00000 n +0000040248 00000 n +0000040297 00000 n +0000040346 00000 n +0000040395 00000 n +0000040444 00000 n +0000040493 00000 n +0000040542 00000 n +0000040591 00000 n +0000040640 00000 n +0000040689 00000 n +0000040738 00000 n +0000040787 00000 n +0000040836 00000 n +0000040885 00000 n +0000040934 00000 n +0000040983 00000 n +0000041032 00000 n +0000041081 00000 n +0000041130 00000 n +0000041179 00000 n +0000041228 00000 n +0000041277 00000 n +0000041326 00000 n +0000041375 00000 n +0000041424 00000 n +0000041473 00000 n +0000041522 00000 n +0000041571 00000 n +0000041620 00000 n +0000041669 00000 n +0000041718 00000 n +0000041767 00000 n +0000041816 00000 n +0000041865 00000 n +0000041914 00000 n +0000041963 00000 n +0000042012 00000 n +0000042061 00000 n +0000042110 00000 n +0000042159 00000 n +0000042208 00000 n +0000042257 00000 n +0000042306 00000 n +0000042355 00000 n +0000042404 00000 n +0000042453 00000 n +0000042502 00000 n +0000042551 00000 n +0000042600 00000 n +0000043269 00000 n +0000043425 00000 n +0000043997 00000 n +0000044018 00000 n +0000044192 00000 n +0000045354 00000 n +0000045376 00000 n +0000045527 00000 n +0000047048 00000 n +0000047070 00000 n +0000047230 00000 n +0000048666 00000 n +0000048688 00000 n +0000048866 00000 n +0000050126 00000 n +0000050148 00000 n +0000050290 00000 n +0000051874 00000 n +0000051896 00000 n +0000052029 00000 n +0000053864 00000 n +0000053886 00000 n +0000054019 00000 n +0000054542 00000 n +0000054563 00000 n +0000054724 00000 n +0000056008 00000 n +0000056030 00000 n +0000056191 00000 n +0000057946 00000 n +0000057968 00000 n +0000058128 00000 n +0000059773 00000 n +0000059795 00000 n +0000059937 00000 n +0000062007 00000 n +0000062029 00000 n +0000062171 00000 n +0000063983 00000 n +0000064005 00000 n +0000064147 00000 n +0000065872 00000 n +0000065894 00000 n +0000066045 00000 n +0000067809 00000 n +0000067831 00000 n +0000068006 00000 n +0000070113 00000 n +0000070135 00000 n +0000070295 00000 n +0000071891 00000 n +0000071913 00000 n +0000072088 00000 n +0000073583 00000 n +0000073605 00000 n +0000073757 00000 n +0000074564 00000 n +0000074585 00000 n +0000074736 00000 n +0000076374 00000 n +0000076396 00000 n +0000076561 00000 n +0000078333 00000 n +0000078355 00000 n +0000078520 00000 n +0000079413 00000 n +0000079434 00000 n +0000079608 00000 n +0000081213 00000 n +0000081235 00000 n +0000081378 00000 n +0000082136 00000 n +0000082157 00000 n +0000082340 00000 n +0000084208 00000 n +0000084230 00000 n +0000084399 00000 n +0000086253 00000 n +0000086275 00000 n +0000086435 00000 n +0000088119 00000 n +0000088141 00000 n +0000088314 00000 n +0000090043 00000 n +0000090065 00000 n +0000090216 00000 n +0000091140 00000 n +0000091161 00000 n +0000091345 00000 n +0000093170 00000 n +0000093192 00000 n +0000093366 00000 n +0000095539 00000 n +0000095561 00000 n +0000095754 00000 n +0000097628 00000 n +0000097650 00000 n +0000097834 00000 n +0000099744 00000 n +0000099766 00000 n +0000099942 00000 n +0000101743 00000 n +0000101765 00000 n +0000101935 00000 n +0000103533 00000 n +0000103555 00000 n +0000103740 00000 n +0000105216 00000 n +0000105238 00000 n +0000105431 00000 n +0000107002 00000 n +0000107024 00000 n +0000107199 00000 n +0000108979 00000 n +0000109001 00000 n +0000109157 00000 n +0000110718 00000 n +0000110740 00000 n +0000110925 00000 n +0000112777 00000 n +0000112799 00000 n +0000112965 00000 n +0000114612 00000 n +0000114634 00000 n +0000114819 00000 n +0000116768 00000 n +0000116790 00000 n +0000116974 00000 n +0000118701 00000 n +0000118723 00000 n +0000118893 00000 n +0000120498 00000 n +0000120520 00000 n +0000120689 00000 n +0000122562 00000 n +0000122584 00000 n +0000122769 00000 n +0000124633 00000 n +0000124655 00000 n +0000124831 00000 n +0000126921 00000 n +0000126943 00000 n +0000127118 00000 n +0000129058 00000 n +0000129080 00000 n +0000129256 00000 n +0000131572 00000 n +0000131594 00000 n +0000131746 00000 n +0000133726 00000 n +0000133748 00000 n +0000133908 00000 n +0000135775 00000 n +0000135797 00000 n +0000135948 00000 n +0000137700 00000 n +0000137722 00000 n +0000137854 00000 n +0000139728 00000 n +0000139750 00000 n +0000139892 00000 n +0000141963 00000 n +0000141985 00000 n +0000142136 00000 n +0000143930 00000 n +0000143952 00000 n +0000144084 00000 n +0000145877 00000 n +0000145899 00000 n +0000146022 00000 n +0000146476 00000 n +0000146497 00000 n +0000146649 00000 n +0000148391 00000 n +0000148413 00000 n +0000148555 00000 n +0000150316 00000 n +0000150338 00000 n +0000150489 00000 n +0000152379 00000 n +0000152401 00000 n +0000152558 00000 n +0000154408 00000 n +0000154430 00000 n +0000154624 00000 n +0000156683 00000 n +0000156705 00000 n +0000156880 00000 n +0000158472 00000 n +0000158494 00000 n +0000158678 00000 n +0000160027 00000 n +0000160049 00000 n +0000160209 00000 n +0000161452 00000 n +0000161474 00000 n +0000161625 00000 n +0000163080 00000 n +0000163102 00000 n +0000163263 00000 n +0000164911 00000 n +0000164933 00000 n +0000165066 00000 n +0000165535 00000 n +0000165556 00000 n +0000165723 00000 n +0000167390 00000 n +0000167412 00000 n +0000167569 00000 n +0000168757 00000 n +0000168779 00000 n +0000168936 00000 n +0000170486 00000 n +0000170508 00000 n +0000170692 00000 n +0000171497 00000 n +0000171518 00000 n +0000171675 00000 n +0000177098 00000 n +0000177120 00000 n +0000177277 00000 n +0000182571 00000 n +0000182593 00000 n +0000182750 00000 n +0000185971 00000 n +0000185993 00000 n +0000186049 00000 n +0000186154 00000 n +0000186332 00000 n +0000186451 00000 n +0000186586 00000 n +0000186722 00000 n +0000186870 00000 n +0000187020 00000 n +0000187160 00000 n +0000187301 00000 n +0000187454 00000 n +0000187616 00000 n +0000187765 00000 n +0000187953 00000 n +0000188086 00000 n +0000188214 00000 n +0000188332 00000 n +0000188468 00000 n +0000188610 00000 n +0000188726 00000 n +0000188852 00000 n +0000188968 00000 n +0000189159 00000 n +0000189258 00000 n +0000189406 00000 n +0000189524 00000 n +0000189648 00000 n +0000189770 00000 n +0000189896 00000 n +0000190054 00000 n +0000190184 00000 n +0000190308 00000 n +0000190426 00000 n +0000190544 00000 n +0000190663 00000 n +0000190853 00000 n +0000191039 00000 n +0000191192 00000 n +0000191355 00000 n +0000191506 00000 n +0000191610 00000 n +0000191827 00000 n +0000191933 00000 n +0000192065 00000 n +0000192187 00000 n +0000192392 00000 n +0000192497 00000 n 0000192597 00000 n -0000192702 00000 n -0000192821 00000 n -0000192946 00000 n -0000193091 00000 n -0000193233 00000 n -0000193383 00000 n -0000193514 00000 n -0000193640 00000 n -0000193765 00000 n -0000193905 00000 n -0000194032 00000 n -0000194163 00000 n -0000194294 00000 n -0000194472 00000 n -0000194600 00000 n -0000194736 00000 n -0000194871 00000 n -0000195077 00000 n -0000195190 00000 n -0000195306 00000 n -0000195451 00000 n -0000195623 00000 n -0000195771 00000 n -0000195923 00000 n -0000196055 00000 n -0000196189 00000 n -0000196322 00000 n -0000196460 00000 n -0000196610 00000 n -0000196778 00000 n -0000196925 00000 n +0000192801 00000 n +0000192962 00000 n +0000193110 00000 n +0000193238 00000 n +0000193381 00000 n +0000193505 00000 n +0000193634 00000 n +0000193779 00000 n +0000193944 00000 n +0000194096 00000 n +0000194276 00000 n +0000194381 00000 n +0000194500 00000 n +0000194625 00000 n +0000194770 00000 n +0000194912 00000 n +0000195062 00000 n +0000195193 00000 n +0000195319 00000 n +0000195444 00000 n +0000195584 00000 n +0000195711 00000 n +0000195842 00000 n +0000195973 00000 n +0000196151 00000 n +0000196279 00000 n +0000196415 00000 n +0000196550 00000 n +0000196756 00000 n +0000196869 00000 n +0000196985 00000 n 0000197130 00000 n -0000197231 00000 n -0000197349 00000 n -0000197476 00000 n -0000197595 00000 n -0000197718 00000 n -0000197858 00000 n -0000197985 00000 n -0000198125 00000 n -0000198261 00000 n -0000198383 00000 n -0000198519 00000 n -0000198639 00000 n -0000198759 00000 n -0000198885 00000 n -0000199002 00000 n -0000199105 00000 n -0000199270 00000 n -0000199368 00000 n -0000199553 00000 n -0000199743 00000 n -0000199926 00000 n -0000200085 00000 n -0000200272 00000 n -0000200378 00000 n -0000200508 00000 n -0000200634 00000 n -0000200744 00000 n -0000200837 00000 n +0000197301 00000 n +0000197450 00000 n +0000197605 00000 n +0000197745 00000 n +0000197877 00000 n +0000198011 00000 n +0000198143 00000 n +0000198281 00000 n +0000198431 00000 n +0000198599 00000 n +0000198746 00000 n +0000198951 00000 n +0000199052 00000 n +0000199170 00000 n +0000199297 00000 n +0000199416 00000 n +0000199539 00000 n +0000199679 00000 n +0000199806 00000 n +0000199946 00000 n +0000200082 00000 n +0000200204 00000 n +0000200340 00000 n +0000200460 00000 n +0000200580 00000 n +0000200706 00000 n +0000200823 00000 n +0000200926 00000 n +0000201091 00000 n +0000201189 00000 n +0000201374 00000 n +0000201564 00000 n +0000201747 00000 n +0000201906 00000 n +0000202093 00000 n +0000202199 00000 n +0000202329 00000 n +0000202455 00000 n +0000202565 00000 n +0000202658 00000 n trailer -<</Size 862/Root 861 0 R/Info 1 0 R/ID[<6ce7eb532bb60712e295fc7b7d62fc6f><6ce7eb532bb60712e295fc7b7d62fc6f>]>> +<</Size 886/Root 885 0 R/Info 1 0 R/ID[<063ee28ad25d00a6b7ea666000182d51><063ee28ad25d00a6b7ea666000182d51>]>> startxref -201051 +202872 %%EOF diff --git a/docs/announce b/docs/announce index 856fd00036..f5716556ba 100644 --- a/docs/announce +++ b/docs/announce @@ -1,4 +1,4 @@ - Announcing Samba version 2.0 + Announcing Samba version 2.2 ============================ What is Samba? @@ -14,6 +14,7 @@ Linux smbfs, OS/2, Pathworks and more. The package also includes a SMB client for accessing other SMB servers, and an advanced netbios/WINS nameserver for browsing support. + What can it do for me? ---------------------- @@ -36,6 +37,7 @@ allows you to access a SMB printer (such as one attached to an OS/2 or WfWg server) from Unix, using an entry in /etc/printcap, or by explicitly specifying the command used to print files. + What are its features? ------------------------ @@ -47,21 +49,24 @@ umask support, guest connections, name mangling and hidden and system attribute mapping. Look at the FAQs included with the package for a full list of features. -What's new since 1.9? + +What's new since 2.0? --------------------- Lots of stuff. See the change log and man pages for details. In particular, please check the WHATSNEW.txt file in the root directory of each release. This file has current change/update information. + Where can I get a client for my PC? ----------------------------------- There is a free client for MS-DOS based PCs available from ftp.microsoft.com in the directory bussys/Clients/MSCLIENT/. Please read the licencing information before downloading. The add-on 32-bit -TCP/IP Windows for Workgroups client is also very good. Windows 95, -Windows NT and OS/2 come with suitable clients by default. +TCP/IP Windows for Workgroups client is also very good. Windows 95/98/ME, +Windows NT/2000 and OS/2 come with suitable clients by default. + What network protocols are supported? ------------------------------------- @@ -72,6 +77,7 @@ about ports to other protocols but nothing is yet available. There is a free TCP/IP implementation for Windows for Workgroups available from ftp.microsoft.com (it's small, fast and quite reliable). + How much does it cost? ---------------------- @@ -79,6 +85,7 @@ Samba software is free software. It is available under the GNU Public licence in source code form at no cost. Please read the file COPYING that comes with the package for more information. + What operating systems does it support? --------------------------------------- @@ -96,6 +103,7 @@ work with your unix then it should be easy to fix. It has also been ported to Netware, OS/2 and the Amiga. A VMS port is available too. See the web site for more details. + Who wrote it? ------------- @@ -105,12 +113,14 @@ large parts of the package were contributed by several people from all over the world. Please look at the file `change-log' for information on who did what bits. + Where can I get it? ------------------- The package is available via anonymous ftp from samba.org in the directory pub/samba/. + What about SMBServer? --------------------- @@ -122,17 +132,13 @@ early incarnation of Samba was distributed as nbserver. If you see any copies of nbserver or smbserver on ftp sites please let me or the ftp archive maintainer know, as I want to get them deleted. + Where can I get more info? --------------------------- Please join the mailing list if you want to discuss the development or -use of Samba. To join the mailing list send mail to -listproc@listproc.anu.edu.au with a body of "subscribe samba Your -Name". - -There is also an announcement mailing list for new version -announcements. Subscribe as above but with "subscribe samba-announce -Your Name". +use of Samba. To join the mailing list, please read the instructions +at http://lists.samba.org/ There is also often quite a bit of discussion about Samba on the newsgroup comp.protocols.smb. @@ -140,5 +146,5 @@ newsgroup comp.protocols.smb. A WWW site with lots of Samba info can be found at http://samba.org/samba/ -The Samba Team (Contact: samba-bugs@samba.org) -June 1996 +The Samba Team (Contact: samba@samba.org) +March 2001 diff --git a/docs/docbook/.cvsignore b/docs/docbook/.cvsignore index e3c1273375..04290fcd2e 100644 --- a/docs/docbook/.cvsignore +++ b/docs/docbook/.cvsignore @@ -1,3 +1,4 @@ -confdefs.h +Makefile config.cache config.log +config.status diff --git a/docs/docbook/faq/samba-pdc-faq.sgml b/docs/docbook/faq/samba-pdc-faq.sgml deleted file mode 100644 index 3dae096f04..0000000000 --- a/docs/docbook/faq/samba-pdc-faq.sgml +++ /dev/null @@ -1,1083 +0,0 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<book id="samba-pdc-faq"> - -<title>The Samba 2.2 PDC FAQ</title> - -<bookinfo> - <author> - <firstname>David</firstname><surname>Bannon</surname> - <affiliation><orgname>La Trobe University</orgname></affiliation> - </author> - <address><email>dbannon@samba.org</email></address> - <pubdate>November 2000</pubdate> -</bookinfo> - - -<dedication><title></title> - - <para> - This is the FAQ for Samba 2.2 as an NTDomain controller. - This document is derived from the origional FAQ that was built and - maintained by Gerald Carter from the early days of Samba NTDomain development - up until recently. It is now being updated as significent changes are - made to 2.2.0. - </para> - - <para> - Please note it does not apply to the SAMBA_TNG nor the HEAD branch. - </para> - - <para> - Also available is a Samba 2.2 PDC <ulink url="samba-pdc-howto.html">HOWTO</ulink> - that takes you, step by step, over the process of setting up a very basic Samba - 2.2 Primary Domain Controller - </para> - -</dedication> - -<toc></toc> - -<!-- ================ I N T R O D U C T I O N ==================== --> - - -<chapter> - -<title>Introduction</title> - -<sect1> -<title id=stateofplay>State of Play</title> - - <para>Much of the related code does work. For example, if an NT is removed from the - domain and then rejoins, the <filename>Create a Computer Account in the Domain</> dialog - will let you reset the smbpasswd. That is you don't need to do it from - the unix box. However, at the present, you do need to have root as an - administrator and use the root user name and password.</para> - - <para><command>Policies</command> do work on a W2K machine. MS says that recent - builds of W2K dont observe an NT policy but it appears it does in 'legacy' - mode.</para> - -</sect1> - -<sect1> -<title>Introduction</title> - - <para> - This FAQ was origionally compiled by Jerry Carter (gc) chiefly dealing - with the 'old HEAD' version of Samba and its NTDomain facilities. It is - being rewritten by David Bannon (drb) so that it addresses more - accurately the Samba 2.2.x release. - </para> - - <para> - This document probably still contains some material that does not apply - to Samba 2.2 but most (all?) of the really misleading stuff has been - removed. Some issues are not dealt with or are dealt with badly. Please - send corrections and additions to <ulink - url="mailto:D.Bannon@latrobe.edu.au">David Bannon</ulink>. - </para> - - <para>Hopefully, as we all become familiar with the Samba 2.2 as a - PDC this document will become much more usefull.</para> - -</sect1> - -</chapter> - -<!-- ============== G E N E R A L I N F O R M A T I O N ============== --> - -<chapter><title>General Information</> - - -<sect1><title>What can we do ?</title> - -<sect2> -<title>What can Samba 2.2.x Primary Domain Controller (PDC) do ?</title> - - <para> - If you wish to have Samba act as a PDC for Windows NT 4.0/2000 client, - then you will need to obtain the 2.2.0 version. Release of a stable, - full featured Samba PDC is currently slated for version 3.0. - </para> - - <para> - The following is a list of included features currently in - Samba 2.2: - </para> - - <itemizedlist> - <listitem><para>The ability to act as a limited PDC for - Windows NT and W2000 clients. This includes adding NT and - W2K machines to the domain and authenticating users logging - into the domain.</para></listitem> - - <listitem><para>Domain account can be viewed using the User - Manager for Domains</para></listitem> - - <listitem><para>Viewing/adding/deleting resources on the Samba - PDC via the Server Manager for Domains from the NT client. - </para></listitem> - - <listitem><para>Windows 95/98/ME clients will allow user - level security to be set and browsing of domain accounts. - </para></listitem> - - <listitem><para>Machine account password updates.</para></listitem> - - <listitem><para>Changing of user passwords from an NT client. - </para></listitem> - - <listitem><para>Partial support for Windows NT username mapping. - Group name mapping is slated for a later release.</para></listitem> - </itemizedlist> - - - <para> - These things are note expected to work in the forseeable future: - </para> - - <itemizedlist> - <listitem><para>Trust relationships</para></listitem> - <listitem><para>PDC and BDC integration</para></listitem> - </itemizedlist> -</sect2> - -<sect2> -<title>Can I have a Windows 2000 client logon to a Samba -controlled domain?</title> - - <para> - The 2.2 release branch of Samba supports Windows 2000 domain - clients in legacy mode, ie as if the PDC is a NTServer, not a - W2K server. - </para> -</sect2> - -</sect1> - -<sect1> -<title>CVS</title> - - <para> - CVS is a programme (publically available) that the Samba developers - use to maintain the central source code. Non developers can get - access to the source in a read only capacity. Many flavours of unix - now arrive with cvs installed.</> - -<sect2> -<title>What are the different Samba branches available in CVS ?</title> - - <para>You can find out more about obtaining Samba's via anonymous - CVS from <ulink url="http://pserver.samba.org/samba/cvs.html"> - http://pserver.samba.org/samba/cvs.html</ulink>. - </para> - - <para> - There are basically four branches to watch at the moment : - </para> - - <variablelist> - <varlistentry> - <term>HEAD</term> - <listitem><para>Samba 3.0 ? This code boasts all the main - development work in Samba. Due to its developmental - nature, its not really suitable for production work. - </para></listitem></varlistentry> - - <varlistentry> - <term>SAMBA_2_0</term> - <listitem><para>This branch contains the previous stable - release. At the moment it contains 2.0.8, a version that - will do some limited PDC stuff. If you are really going to - do PDC things, you consider 2.2 instead. - </para></listitem></varlistentry> - - <varlistentry> - <term>SAMBA_2_2</term> - <listitem><para>The 2.2.x release branch which is a subset - of the features of the HEAD branch. This document addresses - only SAMBA_2_2. - </para></listitem></varlistentry> - - <varlistentry> - <term>SAMBA_TNG</term> - <listitem><para>This branch is no longer maintained from the Samba - sites. Please see <ulink url="http://www.samba-tng.org/"> - http://www.samba-tng.org/</ulink>. It has been requested - that questions about TNG are not posted to the regular Samba - mailing lists including samba-ntdom and samba-technical. - </para></listitem></varlistentry> - </variablelist> -</sect2> - -<sect2> -<title>What are the CVS commands ?</title> - - <para> - See <ulink url="http://pserver.samba.org/samba/cvs.html"> - http://pserver.samba.org/samba/cvs.html</ulink> for instructions - on obtaining the SAMBA_2_2 or HEAD cvs code. - </para> -</sect2> -</sect1> -</chapter> - - -<chapter> -<title>Establishing Connections</title> - -<sect1> -<title></title> - -<sect2> -<title>How do I get my NT4 or W2000 Workstation to login to the Samba -controlled Domain?</> - - <para> - There is a comprehensive Samba PDC <ulink - url="samba-pdc-howto.html">HOWTO</ulink> accessable from the samba web - site under 'Documentation'. Read it. - </para> -</sect2> - -<sect2> -<title>What is a 'machine account' ?</title> - - <para> - Every NT, W2K or Samba machine that joins a Samba controlled - domain must be known to the Samba PDC. There are two entries - required, one in (typically) <filename>/etc/passwd</filename> - and the other in (typically) <filename>/usr/local/samba/private/smbpasswd</filename>. - Under some circumstances these entries are made - <link linkend=machineaccounts>manually</link>, the <ulink - url="samba-pdc-howto.html">HOWTO</ulink> - discusses ways of creating them automatically.</para> -</sect2> - - -<sect2> -<title>"The machine account for this computer either does not -exist or is not accessable."</> - - <para> - When I try to join the domain I get the message "The machine account - for this computer either does not exist or is not accessable". Whats - wrong ? - </para> - - <para> - This problem is caused by the PDC not having a suitable machine account. - If you are using the <command>add user script =</> method to create - accounts then this would indicate that it has not worked. Ensure the domain - admin user system is working. - </para> - - <para> - Alternatively if you are creating account entries manually then they - have not been created correctly. Make sure that you have the entry - correct for the machine account in smbpasswd file on the Samba PDC. - If you added the account using an editor rather than using the smbpasswd - utility, make sure that the account name is the machine netbios name - with a '$' appended to it ( ie. computer_name$ ). There must be an entry - in both /etc/passwd and the smbpasswd file. Some people have reported - that inconsistent subnet masks between the Samba server and the NT - client have caused this problem. Make sure that these are consistent - for both client and server. - </para> -</sect2> - -<sect2> -<title id=machineaccounts>How do I create machine accounts manually ?</title> - - <para> - This was the only option until recently, now in version 2.2 better - means are available. You might still need to do it manually for a - couple of reasons. A machine account consists of two entries (assuming - a standard install and /etc/passwd use), one in /etc/passwd and the - other in /usr/local/samba/private/smbpasswd. The /etc/passwd - entry will list the machine name with a $ appended, won't have a - passwd, will have a null shell and no home directory. For example - a machine called 'doppy' would have an /etc/passwd entry like this :</para> - - <para> - <command>doppy$:x:505:501:NTMachine:/dev/null:/bin/false</command> - </para> - - <para> - On a linux system for example, you would typically add it like - this : - </para> - - <para> - <command>adduser -g machines -c NTMachine -d /dev/null -s /bin/false -n - doppy$</command> - </para> - - <para> - Then you need to add that entry to smbpasswd, assuming you have a suitable - path to the <command>smbpasswd</> programme, do this : - </para> - - <para> - <command>smbpasswd -a -m doppy$</command> - </para> - - <para> - The entry will be created with a well known password, so any machine that - says its doppy could join the domain as long as it gets in first. So - don't create the accounts any earlier than you need them. - </para> -</sect2> - -<sect2> -<title>I cannot include a '$' in a machine name.</title> - - <para> - A 'machine name' in (typically) <filename>/etc/passwd</> consists - of the machine name with a '$' appended. FreeBSD (and other BSD - systems ?) won't create a user with a '$' in their name. - </para> - - <para> - The problem is only in the program used to make the entry, once - made, it works perfectly. So create a user without the '$' and - use <command>vipw</> to edit the entry, adding the '$'. Or create - the whole entry with vipw if you like, make sure you use a - unique uid !</para> -</sect2> - -<sect2> -<title id=alreadyhaveconnection>I get told "You already have a connection to the Domain...." -when creating a machine account.</title> - - <para> - This happens if you try to create a machine account from the - machine itself and use a user name that does not work (for whatever - reason) and then try another (possibly valid) user name. - Exit out of the network applet to close the initial connection - and try again. - </para> - - <para> - Further, if the machine is a already a 'member of a workgroup' that - is the same name as the domain you are joining (bad idea) you will - get this message. Change the workgroup name to something else, it - does not matter what, reboot, and try again.</para> -</sect2> - -<sect2> -<title>I get told "Cannot join domain, the credentials supplied -conflict with an existing set.."</title> - - <para> - This is the same basic problem as mentioned above, <link - linkend=alreadyhaveconnection> "You already have a connection..."</link> - </para> -</sect2> - -<sect2> -<title>"The system can not log you on (C000019B)...."</title> - - <para>I joined the domain successfully but after upgrading - to a newer version of the Samba code I get the message, "The system - can not log you on (C000019B), Please try a gain or consult your - system administrator" when attempting to logon. - </para> - - <para> - This occurs when the domain SID stored in private/WORKGROUP.SID is - changed. For example, you remove the file and smbd automatically - creates a new one. Or you are swapping back and forth between - versions 2.0.7, TNG and the HEAD branch code (not recommended). The - only way to correct the problem is to restore the original domain - SID or remove the domain client from the domain and rejoin. - </para> -</sect2> - -</sect1> - -</chapter> - - -<!-- ============ U S E R A C C O U N T M A N A G M E N T ============= --> - -<chapter> -<title>User Account Management</title> - -<sect1> -<title>Domain Admins</title> - -<sect2> -<title>How do I configure an account as a domain administrator?</title> - - <para> - See the NTDom <ulink url="samba-pdc-howto.html">HowTo</ulink>. - </para> -</sect2> -</sect1> - -<sect1> -<title>Profiles</title> - -<sect2> -<title>Why is it bad to set "logon path = \\%N\%U\profile" in -smb.conf?</title> - - <para> - Sometimes Windows clients will maintain a connection to - the \\homes\ ( or [%U] ) share even after the user has logged out. - Consider the following scenario. - </para> - - <itemizedlist> - <listitem><para> user1 logs into the Windows NT machine. - Therefore the [homes] share is set to \\server\user1. - </para></listitem> - - <listitem><para> user1 works for a while and then logs - out. </para></listitem> - - <listitem><para> user2 logs into the same Windows NT - machine.</para></listitem> - </itemizedlist> - - <para> - However, since the NT box has maintained a connection to [homes] - which was previously set to \\server\user1, when the operating system - attempts to get the profile and if it can read users1's profile, will - get it otherwise it will return an error. You get the picture. - </para> - - <para> - A better solution is to use a separate [profiles] share and - set the "logon path = \\%N\profiles\%U" - </para> -</sect2> - - -<sect2> -<title>Why are all the users listed in the "domain admin users" using the -same profile?</title> - - <para> - You are using a very very old development version of Samba. - Upgrade. - </para> -</sect2> - - - -<sect2> -<title>The roaming profiles do not seem to be updating on the -server.</title> - - <para> - There can be several reasons for this. - </para> - - <para> - Make sure that the time on the client and the PDC are synchronized. You - can accomplish this by executing a <command>net time \\server /set /yes</command> - replacing server with the name of your PDC (or another synchronized SMB server). - See <link linkend="SettingTime"> about Setting Time</link> - </para> - - <para> - Make sure that the "logon path" is writeable by the user and make sure - that the connection to the logon path location is by the current user. - Sometimes Windows client do not drop the connection immediately upon - logoff. - </para> - - <para> - Some people have reported that the logon path location should - also be browseable. I (GC) have yet to emperically verify this, - but you can try.</para> -</sect2> -</sect1> - -<sect1><title>Policies</title> - -<sect2> -<title>What are 'Policies' ?.</title> - - <para> - When a user logs onto the domain via a client machine, the PDC - sends the client machine a list of things contained in the - 'policy' (if it exists). This list may do things like suppress - a splach screen, format the dates the way you like them or perhaps - remove locally stored profiles. - </para> - - <para> - On a samba PDC this list is obtained from a file called - <filename>ntconfig.pol</filename> and located in the [netlogon] - share. The file is created with a policy editor and must be readable - by anyone and writeable by only root. See <link linkend=policyeditor> - below</link> for how to get a suitable editor. - </para> -</sect2> - -<sect2> -<title>I can't get system policies to work.</title> - - <para> - There are two possible reasons for system policies not - functioning correctly. Make sure that you have the following - parameters set in smb.conf - </para> - - <para><programlisting> - [netlogon] - .... - locking = no - public = no - browseable = yes - .... - </programlisting></para> - - <para> - A policy file must be in the [netlogon] share and must be - readable by everyone and writeable by only root. The file - must be created by an NTServer <link linkend=policyeditor>Policy - Editor</link>. - </para> - - <para> - Last time I (drb) looked in the source, it was looking for - <filename>ntconfig.pol</filename> first then several other - combinations of upper and lower case. People have reported - success using <filename>NTconfig.pol</filename>, <filename>NTconfig.POL</filename> - and <filename>ntconfig.pol</filename>. These are the case settings that - I (GC) use with the filename <filename>ntconfig.pol</filename>: - </para> - - <para><programlisting> - case sensitive = no - case preserve = yes - short preserve case = no - default case = yes - </programlisting></para> - -</sect2> - -<sect2> -<title id=policyeditor>What about Windows NT Policy Editor ?</title> - - <para> - To create or edit <filename>ntconfig.pol</filename> you must use - the NT Server Policy Editor, <command>poledit.exe</command> which - is included with NT Server but <emphasis>not NT Workstation</emphasis>. - There is a Policy Editor on a NTws - but it is not suitable for creating <emphasis>Domain Policies</emphasis>. - Further, although the Windows 95 - Policy Editor can be installed on an NT Workstation/Server, it will not - work with NT policies because the registry key that are set by the policy templates. - However, the files from the NT Server will run happily enough on an NTws. - You need <filename>poledit.exe, common.adm</> and <filename>winnt.adm</>. It is convenient - to put the two *.adm files in <filename>c:\winnt\inf</> which is where - the binary will look for them unless told otherwise. Note also that that - directory is 'hidden'. - </para> - - <para>The Windows NT policy editor is also included with the - Service Pack 3 (and later) for Windows NT 4.0. Extract the files using - <command>servicepackname /x</command>, ie thats <command>Nt4sp6ai.exe - /x</command> for service pack 6a. The policy editor, <command>poledt.exe</command> and the - associated template files (*.adm) should - be extracted as well. It is also possible to downloaded the policy template - files for Office97 and get a copy of the policy editor. Another possible - location is with the Zero Administration Kit available for download from Microsoft. - </para> -</sect2> - - -<sect2> -<title>Can Win95 do Policies ?</title> - - <para> - Install the group policy handler for Win9x to pick up group - policies. Look on the Win98 CD in <filename>\tools\reskit\netadmin\poledit</filename>. - Install group policies on a Win9x client by double-clicking - <filename>grouppol.inf</filename>. Log off and on again a couple of - times and see if Win98 picks up group policies. Unfortunately this needs - to be done on every Win9x machine that uses group policies.... - </para> - - <para> - If group policies don't work one reports suggests getting the updated - (read: working) grouppol.dll for Windows 9x. The group list is grabbed - from /etc/group. - </para> - -</sect2> - -</sect1> - -<sect1> -<title>Passwords</title> - -<sect2> -<title>What is password sync and should I use it ?</title> - - <para> - NTws users can change their domain password by pressing Ctrl-Alt-Del - and choosing 'Change Password'. By default however, this does not change the unix password - (typically in <filename>/etc/passwd</filename> or <filename>/etc/shadow</filename>). - In lots of situations thats OK, for example : - </para> - - <itemizedlist> - <listitem><para>The server is only accessible to the user via - samba.</para></listitem> - - <listitem><para>Pam_smb or similar is installed so other applications - still refer to the samba password.</para></listitem> - </itemizedlist> - - <para> - But sometimes you really do need to maintain two seperate password - databases and there are good reasons to keep then in sync. Trying - to explain to users that they need to change their passwords in two - seperate places or use two seperate passwords is not fun. - </para> - - <para> - However do understand that setting up password sync is not without - problems either. The chief difficulty is the interface between Samba - and the <command>passwd</command> command, it can be a fiddle to set - up and if the password the user has entered fails, the resulting errors - are ambiguously reported and the user is confused. Further, you need - to take steps to ensure that users only ever change their passwords - via samba (or use <command>smbpasswd</command>), otherwise they will - only be changing the unix password.</para> - - -</sect2> - -<sect2> -<title>How do I get remote password (unix and SMB) changing working ?</title> - - <para> - Have a practice changing a user's password (as root) to see - what discussion takes place and change the text in the 'passwd chat' - line below as necessary. The line as shown works for recent RH Linux - but most other systems seem to like to do something different. The '*' is - a wild card and will match anything (or nothing). - </para> - - <para> - Add these lines to smb.conf under [Global] - </para> - - <para><programlisting> - - unix password sync = true - passwd program = /usr/bin/passwd %u - passwd chat = *password* %n\n *password* %n\n *successful* - </programlisting></para> - - <para> - As mentioned above, the change to the unix password happens as root, - not as the user, as is indicated in ~/smbd/chgpasswd.c If - you are using NIS, the Samba server must be running on the NIS - master machine. - </para> -</sect2> - -</sect1> - -</chapter> - -<!-- =================== M I S C E L L A N E O U S ================= --> - -<chapter> -<title>Miscellaneous</title> - -<sect1> -<title></title> - -<sect2> -<title>What editor can I use in DOS/Windows that won't -mess with my unix EOF</title> - - <para>There are a number of Windows or DOS based editors that will - understand, and leave intact, the unix eof (as opposed to a DOS CL/LF). - List members suggested : - </para> - - <itemizedlist> - <listitem><para>UltraEdit at <ulink url="http://www.ultraedit.com">www.ultraedit.com</ulink></para></listitem> - - <listitem><para>VI for windows at <ulink url="http://home.snafu.de/ramo/WinViEn.htm"> - home.snafu.de/ramo/WinViEn.htm</ulink></para></listitem> - - <listitem><para>The author prefers PFE at <ulink url="http://www.lancs.ac.uk/people/cpaap/pfe/"> - www.lancs.ac.uk/people/cpaap/pfe/</ulink> but its no longer being developed...</para></listitem> - </itemizedlist> -</sect2> - - - - -<sect2> -<title>How do I get 'User Manager' and 'Server Manager'</title> - - <para> - Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager' ? - </para> - - <para> - Microsoft distributes a version of - these tools called nexus for installation on Windows 95 systems. The - tools set includes - </para> - - <itemizedlist> - <listitem><para>Server Manager</para></listitem> - - <listitem><para>User Manager for Domains</para></listitem> - - <listitem><para>Event Viewer</para></listitem> - </itemizedlist> - - <para> - Click here to download the archived file <ulink - url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink> - </para> - - <para> - The Windows NT 4.0 version of the 'User Manager for - Domains' and 'Server Manager' are available from Microsoft via ftp - from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink> - </para> -</sect2> - - -<sect2><title id="SettingTime">The time setting from a Samba server does not work.</title> - <para>If it works OK when you log on as Domain Admin then the problem is that ordinary users - don't have permission to change the time. (The system is running with their permission - at logon time.) This is not a Samba problem, you will have the same problem where ever - you connect. You can give 'everyone' permission to change the time from the User Manager. - </para> - - <para>Anyone know what the registry settings are so this could be done with a Policy ?</para> -</sect2> - -<sect2><title>"trust account xxx should be in DOMAIN_GROUP_RID_USERS"</> - <para>I keep getting the message "trust account xxx should be in DOMAIN_GROUP_RID_USERS." - in the logs. What do I need to do?</para> - - <para>You are using one of the old development versions. Upgrade. - (The message is unimportant, was a reminder to a developer)</para> - -</sect2> - -<sect2><title>How do I get my samba server to become a member ( not PDC ) of an NT domain?</title> - - - <para> - Please refer to the <ulink url="DOMAIN_MEMBER.html">Domain Member - HOWTO</ulink> for more information on this. - </para> - -</sect2> -</sect1> -</chapter> - - -<!-- ======== T R O U B L E S H O O T I N G and B U G R E P O R T I N G ======== --> - - - -<chapter><title>Troubleshooting and Bug Reporting</title> - -<sect1><title>Diagnostic tools</title> - -<sect2><title>What are some diagnostics tools I can use to debug the domain logon process and where can I - find them? </title> - - <para> - One of the best diagnostic tools for debugging problems is Samba itself. - You can use the -d option for both smbd and nmbd to specifiy what - 'debug level' at which to run. See the man pages on smbd, nmbd and - smb.conf for more information on debugging options. The debug - level can range from 1 (the default) to 10 (100 for debugging passwords). - </para> - - <para> - Another helpful method of debugging is to compile samba using the - <command>gcc -g </command> flag. This will include debug - information in the binaries and allow you to attch gdb to the - running smbd / nmbd process. In order to attach gdb to an smbd - process for an NT workstation, first get the workstation to make the - connection. Pressing ctrl-alt-delete and going down to the domain box - is sufficient (at least, on the first time you join the domain) to - generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation - maintains an open connection, and therefore there will be an smbd - process running (assuming that you haven't set a really short smbd - idle timeout) So, in between pressing ctrl alt delete, and actually - typing in your password, you can gdb attach and continue. - </para> - - <para> - Some usefull samba commands worth investigating: - </para> - - <itemizedlist> - <listitem><para>testparam | more</para></listitem> - <listitem><para>smbclient -L //{netbios name of server}</para></listitem> - </itemizedlist> - - <para> - An SMB enabled version of tcpdump is available from - <ulink url="http://www.tcpdump.org/">http://www.tcpdump.org/</ulink>. - Ethereal, another good packet sniffer for UNIX and Win32 - hosts, can be downloaded from <ulink - url="http://www.ethereal.com/">http://www.ethereal.com</ulink>. - </para> - - <para> - For tracing things on the Microsoft Windows NT, Network Monitor - (aka. netmon) is available on the Microsoft Developer Network CD's, - the Windows NT Server install CD and the SMS CD's. The version of - netmon that ships with SMS allows for dumping packets between any two - computers (ie. placing the network interface in promiscuous mode). - The version on the NT Server install CD will only allow monitoring - of network traffic directed to the local NT box and broadcasts on the - local subnet. Be aware that Ethereal can read and write netmon - formatted files. - </para> - -</sect2> - -<sect2> -<title>How do I install 'Network Monitor' on an NT Workstation -or a Windows 9x box?</title> - - <para> - Installing netmon on an NT workstation requires a couple - of steps. The following are for installing Netmon V4.00.349, which comes - with Microsoft Windows NT Server 4.0, on Microsoft Windows NT - Workstation 4.0. The process should be similar for other version of - Windows NT / Netmon. You will need both the Microsoft Windows - NT Server 4.0 Install CD and the Workstation 4.0 Install CD. - </para> - - <para> - Initially you will need to install 'Network Monitor Tools and Agent' - on the NT Server. To do this - </para> - - <itemizedlist> - <listitem><para>Goto Start - Settings - Control Panel - - Network - Services - Add </para></listitem> - - <listitem><para>Select the 'Network Monitor Tools and Agent' and - click on 'OK'.</para></listitem> - - <listitem><para>Click 'OK' on the Network Control Panel. - </para></listitem> - - <listitem><para>Insert the Windows NT Server 4.0 install CD - when prompted.</para></listitem> - </itemizedlist> - - <para> - At this point the Netmon files should exist in - <filename>%SYSTEMROOT%\System32\netmon\*.*</filename>. - Two subdirectories exist as well, <filename>parsers\</filename> - which contains the necessary DLL's for parsing the netmon packet - dump, and <filename>captures\</filename>. - </para> - - <para> - In order to install the Netmon tools on an NT Workstation, you will - first need to install the 'Network Monitor Agent' from the Workstation - install CD. - </para> - - <itemizedlist> - <listitem><para>Goto Start - Settings - Control Panel - - Network - Services - Add</para></listitem> - - <listitem><para>Select the 'Network Monitor Agent' and click - on 'OK'.</para></listitem> - - <listitem><para>Click 'OK' on the Network Control Panel. - </para></listitem> - - <listitem><para>Insert the Windows NT Workstation 4.0 install - CD when prompted.</para></listitem> - </itemizedlist> - - - <para> - Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* - to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set - permissions as you deem appropriate for your site. You will need - administrative rights on the NT box to run netmon. - </para> - - <para> - To install Netmon on a Windows 9x box install the network monitor agent - from the Windows 9x CD (\admin\nettools\netmon). There is a readme - file located with the netmon driver files on the CD if you need - information on how to do this. Copy the files from a working - Netmon installation. - </para> -</sect2> - -</sect1> - -<sect1> -<title>What other help can I get ? </title> - - <para> - There are many sources of information available in the form - of mailing lists, RFC's and documentation. The docs that come - with the samba distribution contain very good explanations of - general SMB topics such as browsing.</para> - -<sect2> -<title id=urls>URLs and similar</title> - - - <itemizedlist> - - <listitem><para>Home of Samba site <ulink url="http://samba.org"> - http://samba.org</ulink>. We have a mirror near you !</para></listitem> - - <listitem><para> The <emphasis role=strong>Development</emphasis> document - on the Samba mirrors might mention your problem. If so, - it might mean that the developers are working on it.</para></listitem> - - <listitem><para> Ignacio Coupeau has a very comprehesive look at LDAP with Samba at - <ulink url="http://www.unav.es/cti/ldap-smb-howto.html"> - http://www.unav.es/cti/ldap-smb-howto.html</ulink> - Be a little carefull however, I suspect that it does not specificly - address samba 2.2.x. The HEAD pre-2.1 may possibly be the best - stream to look at.</para></listitem> - - <listitem><para> Lars Kneschke's site covers <ulink url="http://www.samba-tng.org"> - Samba-TNG</ulink> at - <ulink url="http://www.kneschke.de/projekte/samba_tng"> - http://www.kneschke.de/projekte/samba_tng</ulink>, but again, a - lot of it does not apply to the main stream Samba.</para></listitem> - - <listitem><para>See how Scott Merrill simulates a BDC behaviour at - <ulink url="http://www.skippy.net/linux/smb-howto.html"> - http://www.skippy.net/linux/smb-howto.html</>. </para></listitem> - - <listitem><para>Although 2.0.7 has almost had its day as a PDC, I (drb) will - keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba"> - http://bioserve.latrobe.edu.au/samba</ulink> going for a while yet.</para></listitem> - - <listitem><para>Misc links to CIFS information - <ulink url="http://samba.org/cifs/">http://samba.org/cifs/</ulink></para></listitem> - - <listitem><para>NT Domains for Unix <ulink url="http://mailhost.cb1.com/~lkcl/ntdom/"> - http://mailhost.cb1.com/~lkcl/ntdom/</ulink></para></listitem> - - <listitem><para>FTP site for older SMB specs: - <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/"> - ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem> - - </itemizedlist> - - - <para> - You should also refer to the MS archives at - <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/">ftp://ftp.microsoft.com/developr/drg/CIFS/"</ulink> - </para> - -</sect2> - - -<sect2> -<title>How do I get help from the mailing lists ?</title> - - <para> There are a number of Samba related mailing lists. Go to <ulink url= - "http://samba.org">http://samba.org</ulink>, click on your nearest mirror - and then click on <command>Support</> and then click on <command> - Samba related mailing lists</>.</para> - - <para>For questions relating to Samba TNG go to - <ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink> - It has been requested that you don't post questions about Samba-TNG to the - main stream Samba lists.</para> - -<itemizedlist><title>If you post a message to one of the lists please - observe the following guide lines :</title> - - <listitem><para> Always remember that the developers are volunteers, they are - not paid and they never guarantee to produce a particular feature at - a particular time. Any time lines are 'best guess' and nothing more. - </para></listitem> - - <listitem><para> Always mention what version of samba you are using and what - operating system its running under. You should probably list the - relevant sections of your smb.conf file, at least the options - in [global] that affect PDC support.</para></listitem> - - <listitem><para>In addition to the version, if you obtained Samba via - CVS mention the date when you last checked it out.</para></listitem> - - <listitem><para> Try and make your question clear and brief, lots of long, - convoluted questions get deleted before they are completely read ! - Don't post html encoded messages (if you can select colour or font - size its html).</para></listitem> - - <listitem><para> If you run one of those niffy 'I'm on holidays' things when - you are away, make sure its configured to not answer mailing lists. - </para></listitem> - - <listitem><para> Don't cross post. Work out which is the best list to post to - and see what happens, ie don't post to both samba-ntdom and samba-technical. - Many people active on the lists subscribe to more - than one list and get annoyed to see the same message two or more times. - Often someone will see a message and thinking it would be better dealt - with on another, will forward it on for you.</para></listitem> - - <listitem><para>You might include <emphasis>partial</emphasis> - log files written at a debug level set to as much as 20. - Please don't send the entire log but enough to give the context of the - error messages.</para></listitem> - - <listitem><para>(Possibly) If you have a complete netmon trace ( from the opening of - the pipe to the error ) you can send the *.CAP file as well.</para></listitem> - - <listitem><para>Please think carefully before attaching a document to an email. - Consider pasting the relevant parts into the body of the message. The samba - mailing lists go to a huge number of people, do they all need a copy of your - smb.conf in their attach directory ?</para></listitem> - -</itemizedlist> -</sect2> - - -<sect2> -<title>How do I get off the mailing lists ?</title> - - <para>To have your name removed from a samba mailing list, go to the - same place you went to to get on it. Go to <ulink url= - "http://lists.samba.org/">http://lists.samba.org</ulink>, click - on your nearest mirror and then click on <command>Support</> and - then click on <command> Samba related mailing lists</>. Or perhaps see - <ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink></para> - - <para> - Please don't post messages to the list asking to be removed, you will just - be refered to the above address (unless that process failed in some way...) - </para> -</sect2> - -</sect1> - -</chapter> - - - - -</book> diff --git a/docs/docbook/howto/DOMAIN_MEMBER.sgml b/docs/docbook/howto/DOMAIN_MEMBER.sgml deleted file mode 100644 index 888b801742..0000000000 --- a/docs/docbook/howto/DOMAIN_MEMBER.sgml +++ /dev/null @@ -1,163 +0,0 @@ -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> - -<article> - -<sect1> - - <title>Joining an NT Domain with Samba 2.2</title> - - <para>In order for a Samba-2 server to join an NT domain, - you must first add the NetBIOS name of the Samba server to the - NT domain on the PDC using Server Manager for Domains. This creates - the machine account in the domain (PDC) SAM. Note that you should - add the Samba server as a "Windows NT Workstation or Server", - <emphasis>NOT</emphasis> as a Primary or backup domain controller.</para> - - <para>Assume you have a Samba-2 server with a NetBIOS name of - <constant>SERV1</constant> and are joining an NT domain called - <constant>DOM</constant>, which has a PDC with a NetBIOS name - of <constant>DOMPDC</constant> and two backup domain controllers - with NetBIOS names <constant>DOMBDC1</constant> and <constant>DOMBDC2 - </constant>.</para> - - <para>In order to join the domain, first stop all Samba daemons - and run the command:</para> - - <para><prompt>root# </prompt><userinput>smbpasswd -j DOM -r DOMPDC - </userinput></para> - - <para>as we are joining the domain DOM and the PDC for that domain - (the only machine that has write access to the domain SAM database) - is DOMPDC. If this is successful you will see the message:</para> - - <para><computeroutput>smbpasswd: Joined domain DOM.</computeroutput> - </para> - - <para>in your terminal window. See the <ulink url="smbpasswd.8.html"> - smbpasswd(8)</ulink> man page for more details.</para> - - <para>This command goes through the machine account password - change protocol, then writes the new (random) machine account - password for this Samba server into a file in the same directory - in which an smbpasswd file would be stored - normally :</para> - - <para><filename>/usr/local/samba/private</filename></para> - - <para>In Samba 2.0.x, the filename looks like this:</para> - - <para><filename><replaceable><NT DOMAIN NAME></replaceable>. - <replaceable><Samba Server Name></replaceable>.mac</filename></para> - - <para>The <filename>.mac</filename> suffix stands for machine account - password file. So in our example above, the file would be called:</para> - - <para><filename>DOM.SERV1.mac</filename></para> - - <para>In Samba 2.2, this file has been replaced with a TDB - (Trivial Database) file named <filename>secrets.tdb</filename>. - </para> - - - <para>This file is created and owned by root and is not - readable by any other user. It is the key to the domain-level - security for your system, and should be treated as carefully - as a shadow password file.</para> - - <para>Now, before restarting the Samba daemons you must - edit your <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> - </ulink> file to tell Samba it should now use domain security.</para> - - <para>Change (or add) your <ulink url="smb.conf.5.html#SECURITY"> - <parameter>security =</parameter></ulink> line in the [global] section - of your smb.conf to read:</para> - - <para><command>security = domain</command></para> - - <para>Next change the <ulink url="smb.conf.5.html#WORKGROUP"><parameter> - workgroup =</parameter></ulink> line in the [global] section to read: </para> - - <para><command>workgroup = DOM</command></para> - - <para>as this is the name of the domain we are joining. </para> - - <para>You must also have the parameter <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS"> - <parameter>encrypt passwords</parameter></ulink> set to <constant>yes - </constant> in order for your users to authenticate to the NT PDC.</para> - - <para>Finally, add (or modify) a <ulink url="smb.conf.5.html#PASSWORDSERVER"> - <parameter>password server =</parameter></ulink> line in the [global] - section to read: </para> - - <para><command>password server = DOMPDC DOMBDC1 DOMBDC2</command></para> - - <para>These are the primary and backup domain controllers Samba - will attempt to contact in order to authenticate users. Samba will - try to contact each of these servers in order, so you may want to - rearrange this list in order to spread out the authentication load - among domain controllers.</para> - - <para>Alternatively, if you want smbd to automatically determine - the list of Domain controllers to use for authentication, you may - set this line to be :</para> - - <para><command>password server = *</command></para> - - <para>This method, which was introduced in Samba 2.0.6, - allows Samba to use exactly the same mechanism that NT does. This - method either broadcasts or uses a WINS database in order to - find domain controllers to authenticate against.</para> - - <para>Finally, restart your Samba daemons and get ready for - clients to begin using domain security!</para> -</sect1> - -<sect1> - <title>Why is this better than security = server?</title> - - <para>Currently, domain security in Samba doesn't free you from - having to create local Unix users to represent the users attaching - to your server. This means that if domain user <constant>DOM\fred - </constant> attaches to your domain security Samba server, there needs - to be a local Unix user fred to represent that user in the Unix - filesystem. This is very similar to the older Samba security mode - <ulink url="smb.conf.5.html#SECURITYEQUALSERVER">security = server</ulink>, - where Samba would pass through the authentication request to a Windows - NT server in the same way as a Windows 95 or Windows 98 server would. - </para> - - <para>The advantage to domain-level security is that the - authentication in domain-level security is passed down the authenticated - RPC channel in exactly the same way that an NT server would do it. This - means Samba servers now participate in domain trust relationships in - exactly the same way NT servers do (i.e., you can add Samba servers into - a resource domain and have the authentication passed on from a resource - domain PDC to an account domain PDC.</para> - - <para>In addition, with <command>security = server</command> every Samba - daemon on a server has to keep a connection open to the - authenticating server for as long as that daemon lasts. This can drain - the connection resources on a Microsoft NT server and cause it to run - out of available connections. With <command>security = domain</command>, - however, the Samba daemons connect to the PDC/BDC only for as long - as is necessary to authenticate the user, and then drop the connection, - thus conserving PDC connection resources.</para> - - <para>And finally, acting in the same manner as an NT server - authenticating to a PDC means that as part of the authentication - reply, the Samba server gets the user identification information such - as the user SID, the list of NT groups the user belongs to, etc. All - this information will allow Samba to be extended in the future into - a mode the developers currently call appliance mode. In this mode, - no local Unix users will be necessary, and Samba will generate Unix - uids and gids from the information passed back from the PDC when a - user is authenticated, making a Samba server truly plug and play - in an NT domain environment. Watch for this code soon.</para> - - <para><emphasis>NOTE:</emphasis> Much of the text of this document - was first published in the Web magazine <ulink url="http://www.linuxworld.com"> - LinuxWorld</ulink> as the article <ulink - url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html">Doing - the NIS/NT Samba</ulink>.</para> - -</sect1> -</article> diff --git a/docs/docbook/howto/NT_Security.sgml b/docs/docbook/howto/NT_Security.sgml deleted file mode 100644 index 62550bfaa6..0000000000 --- a/docs/docbook/howto/NT_Security.sgml +++ /dev/null @@ -1,342 +0,0 @@ -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> - -<article> - - -<sect1> - <title>Viewing and changing UNIX permissions using the NT - security dialogs</title> - - - <para>New in the Samba 2.0.4 release is the ability for Windows - NT clients to use their native security settings dialog box to - view and modify the underlying UNIX permissions.</para> - - <para>Note that this ability is careful not to compromise - the security of the UNIX host Samba is running on, and - still obeys all the file permission rules that a Samba - administrator can set.</para> - - <para>In Samba 2.0.4 and above the default value of the - parameter <ulink url="smb.conf.5.html#NTACLSUPPOR"><parameter> - nt acl support</parameter></ulink> has been changed from - <constant>false</constant> to <constant>true</constant>, so - manipulation of permissions is turned on by default.</para> -</sect1> - -<sect1> - <title>How to view file security on a Samba share</title> - - <para>From an NT 4.0 client, single-click with the right - mouse button on any file or directory in a Samba mounted - drive letter or UNC path. When the menu pops-up, click - on the <emphasis>Properties</emphasis> entry at the bottom of - the menu. This brings up the normal file properties dialog - box, but with Samba 2.0.4 this will have a new tab along the top - marked <emphasis>Security</emphasis>. Click on this tab and you - will see three buttons, <emphasis>Permissions</emphasis>, - <emphasis>Auditing</emphasis>, and <emphasis>Ownership</emphasis>. - The <emphasis>Auditing</emphasis> button will cause either - an error message <errorname>A requested privilege is not held - by the client</errorname> to appear if the user is not the - NT Administrator, or a dialog which is intended to allow an - Administrator to add auditing requirements to a file if the - user is logged on as the NT Administrator. This dialog is - non-functional with a Samba share at this time, as the only - useful button, the <command>Add</command> button will not currently - allow a list of users to be seen.</para> - -</sect1> -<sect1> - <title>Viewing file ownership</title> - - <para>Clicking on the <command>"Ownership"</command> button - brings up a dialog box telling you who owns the given file. The - owner name will be of the form :</para> - - <para><command>"SERVER\user (Long name)"</command></para> - - <para>Where <replaceable>SERVER</replaceable> is the NetBIOS name of - the Samba server, <replaceable>user</replaceable> is the user name of - the UNIX user who owns the file, and <replaceable>(Long name)</replaceable> - is the discriptive string identifying the user (normally found in the - GECOS field of the UNIX password database). Click on the <command>Close - </command> button to remove this dialog.</para> - - <para>If the parameter <parameter>nt acl support</parameter> - is set to <constant>false</constant> then the file owner will - be shown as the NT user <command>"Everyone"</command>.</para> - - <para>The <command>Take Ownership</command> button will not allow - you to change the ownership of this file to yourself (clicking on - it will display a dialog box complaining that the user you are - currently logged onto the NT client cannot be found). The reason - for this is that changing the ownership of a file is a privilaged - operation in UNIX, available only to the <emphasis>root</emphasis> - user. As clicking on this button causes NT to attempt to change - the ownership of a file to the current user logged into the NT - client this will not work with Samba at this time.</para> - - <para>There is an NT chown command that will work with Samba - and allow a user with Administrator privillage connected - to a Samba 2.0.4 server as root to change the ownership of - files on both a local NTFS filesystem or remote mounted NTFS - or Samba drive. This is available as part of the <emphasis>Seclib - </emphasis> NT security library written by Jeremy Allison of - the Samba Team, available from the main Samba ftp site.</para> - -</sect1> - -<sect1> - <title>Viewing file or directory permissions</title> - - <para>The third button is the <command>"Permissions"</command> - button. Clicking on this brings up a dialog box that shows both - the permissions and the UNIX owner of the file or directory. - The owner is displayed in the form :</para> - - <para><command>"SERVER\user (Long name)"</command></para> - - <para>Where <replaceable>SERVER</replaceable> is the NetBIOS name of - the Samba server, <replaceable>user</replaceable> is the user name of - the UNIX user who owns the file, and <replaceable>(Long name)</replaceable> - is the discriptive string identifying the user (normally found in the - GECOS field of the UNIX password database).</para> - - <para>If the parameter <parameter>nt acl support</parameter> - is set to <constant>false</constant> then the file owner will - be shown as the NT user <command>"Everyone"</command> and the - permissions will be shown as NT "Full Control".</para> - - - <para>The permissions field is displayed differently for files - and directories, so I'll describe the way file permissions - are displayed first.</para> - - <sect2> - <title>File Permissions</title> - - <para>The standard UNIX user/group/world triple and - the correspinding "read", "write", "execute" permissions - triples are mapped by Samba into a three element NT ACL - with the 'r', 'w', and 'x' bits mapped into the corresponding - NT permissions. The UNIX world permissions are mapped into - the global NT group <command>Everyone</command>, followed - by the list of permissions allowed for UNIX world. The UNIX - owner and group permissions are displayed as an NT - <command>user</command> icon and an NT <command>local - group</command> icon respectively followed by the list - of permissions allowed for the UNIX user and group.</para> - - <para>As many UNIX permission sets don't map into common - NT names such as <command>"read"</command>, <command> - "change"</command> or <command>"full control"</command> then - usually the permissions will be prefixed by the words <command> - "Special Access"</command> in the NT display list.</para> - - <para>But what happens if the file has no permissions allowed - for a particular UNIX user group or world component ? In order - to allow "no permissions" to be seen and modified then Samba - overloads the NT <command>"Take Ownership"</command> ACL attribute - (which has no meaning in UNIX) and reports a component with - no permissions as having the NT <command>"O"</command> bit set. - This was chosen of course to make it look like a zero, meaning - zero permissions. More details on the decision behind this will - be given below.</para> - </sect2> - - <sect2> - <title>Directory Permissions</title> - - <para>Directories on an NT NTFS file system have two - different sets of permissions. The first set of permissions - is the ACL set on the directory itself, this is usually displayed - in the first set of parentheses in the normal <command>"RW"</command> - NT style. This first set of permissions is created by Samba in - exactly the same way as normal file permissions are, described - above, and is displayed in the same way.</para> - - <para>The second set of directory permissions has no real meaning - in the UNIX permissions world and represents the <command> - "inherited"</command> permissions that any file created within - this directory would inherit.</para> - - <para>Samba synthesises these inherited permissions for NT by - returning as an NT ACL the UNIX permission mode that a new file - created by Samba on this share would receive.</para> - </sect2> -</sect1> - -<sect1> - <title>Modifying file or directory permissions</title> - - <para>Modifying file and directory permissions is as simple - as changing the displayed permissions in the dialog box, and - clicking the <command>OK</command> button. However, there are - limitations that a user needs to be aware of, and also interactions - with the standard Samba permission masks and mapping of DOS - attributes that need to also be taken into account.</para> - - <para>If the parameter <parameter>nt acl support</parameter> - is set to <constant>false</constant> then any attempt to set - security permissions will fail with an <command>"Access Denied" - </command> message.</para> - - <para>The first thing to note is that the <command>"Add"</command> - button will not return a list of users in Samba 2.0.4 (it will give - an error message of <command>"The remote proceedure call failed - and did not execute"</command>). This means that you can only - manipulate the current user/group/world permissions listed in - the dialog box. This actually works quite well as these are the - only permissions that UNIX actually has.</para> - - <para>If a permission triple (either user, group, or world) - is removed from the list of permissions in the NT dialog box, - then when the <command>"OK"</command> button is pressed it will - be applied as "no permissions" on the UNIX side. If you then - view the permissions again the "no permissions" entry will appear - as the NT <command>"O"</command> flag, as described above. This - allows you to add permissions back to a file or directory once - you have removed them from a triple component.</para> - - <para>As UNIX supports only the "r", "w" and "x" bits of - an NT ACL then if other NT security attributes such as "Delete - access" are selected then they will be ignored when applied on - the Samba server.</para> - - <para>When setting permissions on a directory the second - set of permissions (in the second set of parentheses) is - by default applied to all files within that directory. If this - is not what you want you must uncheck the <command>"Replace - permissions on existing files"</command> checkbox in the NT - dialog before clicking <command>"OK"</command>.</para> - - <para>If you wish to remove all permissions from a - user/group/world component then you may either highlight the - component and click the <command>"Remove"</command> button, - or set the component to only have the special <command>"Take - Ownership"</command> permission (dsplayed as <command>"O" - </command>) highlighted.</para> -</sect1> - -<sect1> - <title>Interaction with the standard Samba create mask - parameters</title> - - <para>Note that with Samba 2.0.5 there are four new parameters - to control this interaction. These are :</para> - - <para><parameter>security mask</parameter></para> - <para><parameter>force security mode</parameter></para> - <para><parameter>directory security mask</parameter></para> - <para><parameter>force directory security mode</parameter></para> - - <para>Once a user clicks <command>"OK"</command> to apply the - permissions Samba maps the given permissions into a user/group/world - r/w/x triple set, and then will check the changed permissions for a - file against the bits set in the <ulink url="smb.conf.5.html#SECURITYMASK"> - <parameter>security mask</parameter></ulink> parameter. Any bits that - were changed that are not set to '1' in this parameter are left alone - in the file permissions.</para> - - <para>Essentially, zero bits in the <parameter>security mask</parameter> - mask may be treated as a set of bits the user is <emphasis>not</emphasis> - allowed to change, and one bits are those the user is allowed to change. - </para> - - <para>If not set explicitly this parameter is set to the same value as - the <ulink url="smb.conf.5.html#CREATEMASK"><parameter>create mask - </parameter></ulink> parameter to provide compatibility with Samba 2.0.4 - where this permission change facility was introduced. To allow a user to - modify all the user/group/world permissions on a file, set this parameter - to 0777.</para> - - <para>Next Samba checks the changed permissions for a file against - the bits set in the <ulink url="smb.conf.5.html#FORCESECURITYMODE"> - <parameter>force security mode</parameter></ulink> parameter. Any bits - that were changed that correspond to bits set to '1' in this parameter - are forced to be set.</para> - - <para>Essentially, bits set in the <parameter>force security mode - </parameter> parameter may be treated as a set of bits that, when - modifying security on a file, the user has always set to be 'on'.</para> - - <para>If not set explicitly this parameter is set to the same value - as the <ulink url="smb.conf.5.html#FORCECREATEMODE"><parameter>force - create mode</parameter></ulink> parameter to provide compatibility - with Samba 2.0.4 where the permission change facility was introduced. - To allow a user to modify all the user/group/world permissions on a file, - with no restrictions set this parameter to 000.</para> - - <para>The <parameter>security mask</parameter> and <parameter>force - security mode</parameter> parameters are applied to the change - request in that order.</para> - - <para>For a directory Samba will perform the same operations as - described above for a file except using the parameter <parameter> - directory security mask</parameter> instead of <parameter>security - mask</parameter>, and <parameter>force directory security mode - </parameter> parameter instead of <parameter>force security mode - </parameter>.</para> - - <para>The <parameter>directory security mask</parameter> parameter - by default is set to the same value as the <parameter>directory mask - </parameter> parameter and the <parameter>force directory security - mode</parameter> parameter by default is set to the same value as - the <parameter>force directory mode</parameter> parameter to provide - compatibility with Samba 2.0.4 where the permission change facility - was introduced.</para> - - <para>In this way Samba enforces the permission restrictions that - an administrator can set on a Samba share, whilst still allowing users - to modify the permission bits within that restriction.</para> - - <para>If you want to set up a share that allows users full control - in modifying the permission bits on their files and directories and - doesn't force any particular bits to be set 'on', then set the following - parameters in the <ulink url="smb.conf.5.html"><filename>smb.conf(5) - </filename></ulink> file in that share specific section :</para> - - <para><parameter>security mask = 0777</parameter></para> - <para><parameter>force security mode = 0</parameter></para> - <para><parameter>directory security mask = 0777</parameter></para> - <para><parameter>force directory security mode = 0</parameter></para> - - <para>As described, in Samba 2.0.4 the parameters :</para> - - <para><parameter>create mask</parameter></para> - <para><parameter>force create mode</parameter></para> - <para><parameter>directory mask</parameter></para> - <para><parameter>force directory mode</parameter></para> - - <para>were used instead of the parameters discussed here.</para> -</sect1> - -<sect1> - <title>Interaction with the standard Samba file attribute - mapping</title> - - <para>Samba maps some of the DOS attribute bits (such as "read - only") into the UNIX permissions of a file. This means there can - be a conflict between the permission bits set via the security - dialog and the permission bits set by the file attribute mapping. - </para> - - <para>One way this can show up is if a file has no UNIX read access - for the owner it will show up as "read only" in the standard - file attributes tabbed dialog. Unfortunately this dialog is - the same one that contains the security info in another tab.</para> - - <para>What this can mean is that if the owner changes the permissions - to allow themselves read access using the security dialog, clicks - <command>"OK"</command> to get back to the standard attributes tab - dialog, and then clicks <command>"OK"</command> on that dialog, then - NT will set the file permissions back to read-only (as that is what - the attributes still say in the dialog). This means that after setting - permissions and clicking <command>"OK"</command> to get back to the - attributes dialog you should always hit <command>"Cancel"</command> - rather than <command>"OK"</command> to ensure that your changes - are not overridden.</para> -</sect1> - -</article> diff --git a/docs/docbook/howto/samba-pdc-howto.sgml b/docs/docbook/howto/samba-pdc-howto.sgml deleted file mode 100644 index 4b8380dd9e..0000000000 --- a/docs/docbook/howto/samba-pdc-howto.sgml +++ /dev/null @@ -1,778 +0,0 @@ - -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<book id="samba-pdc-howto"> - -<title>The Samba 2.2 PDC HowTo </title> - -<!-- ======================================================== - - To produce html from this file - - jade -E10 -t sgml -d html.dsl ntdom.sgml - - This assumes that html.dsl is present in the current dir, it includes - a couple of defines and then refers to the DSSSL html stylesheet. - - =========================================================== --> - - -<bookinfo> - <author><firstname>David</><surname>Bannon</> - <affiliation><orgname>La Trobe University</orgname></affiliation> - </author> - <pubdate>November 2000</pubdate> -</bookinfo> - -<dedication><title></title> - - <para>Comments, corrections and additions to <email>dbannon@samba.org</email></para> - - <para> - This document explains how to setup Samba as a Primary Domain Controller and - applies to version 2.2.0. - Before - using these functions make sure you understand what the controller can and cannot do. - Please read the sections below in the Introduction. - As 2.2.0 is incrementally updated - this document will change or become out of date very quickly, make sure you are - reading the most current version. - </para> - - <para>Please note this document does not apply to Samba2.2alpha0, Samba2.2alpha1, - Samba 2.0.7, TNG nor HEAD branch.</para> - - <para>It does apply to the current (post November 27th) cvs.</para> - - <para> - Also available is an updated version of Jerry Carter's NTDom <ulink url="samba-pdc-faq.html"> - FAQ</> that will answer lots of - the special 'tuning' questions that are not covered here. Over the next couple of weeks - some of the items here will be moved to the FAQ. - </para> - - -</dedication> - -<toc> </toc> - -<!-- ================ I N T R O D U C T I O N ==================== --> - -<chapter><title>Introduction</title> - -<para> -This document will show you one way of making Version 2.2.0 -of Samba perform some of the tasks of a -NT Primary Domain Controller. The facilities described are built into Samba as a result of -development work done over a number of years by a large number of people. These facilities -are only just beginning to be officially supported and although they do appear to work reliably, -if you use them then you take the risks upon your self. This document does not cover the -developmental versions of Samba, particularly -<ulink url="http://www.samba-tng.org/"><citetitle>Samba-TNG</citetitle></ulink> - - -</para> - - -<para>Note that <ulink url="http://bioserve.latrobe.edu.au/samba">Samba 2.0.7</> - supports significently less of the NT Domain facilities compared with 2.2.0 - </para> - -<para> - This document does not replace the text files DOMAIN_CONTROL.txt, DOMAIN.txt (by - John H Terpstra) or NTDOMAIN.txt (by Luke Kenneth Casson Leighton). Those documents provide - more detail and an insight to the development - cycle and should be considered 'further reading'. - -</para> - - -<sect1><title>What can we do ?</title> -<itemizedlist> - <listitem><para>Permit 'domain logons' for Win95/98, NT4 and W2K workstations from one central - password database. WRT W2K, please see the section about adding machine - accounts and the Intro in the <ulink url="samba-pdc-faq.html">FAQ</>.</para></listitem> - <listitem><para>Grant Administrator privileges to particular domain users on an - NT or W2K workstation.</para></listitem> - <listitem><para>Apply policies from a domain policy file to NT and W2K (?) - workstation.</para></listitem> - <listitem><para>Run the appropriate logon script when a user logs on to the domain - .</para></listitem> - <listitem><para>Maintain a user's local profile on the server.</para></listitem> - <listitem><para>Validate a user using another system via smb (such as smb_pam) and - soon winbind (?).</para></listitem> -</itemizedlist> -</sect1> - - -<sect1><title>What can't we do ?</title> -<itemizedlist> - <listitem><para> Become or work with a Backup Domain Controller (a BDC).</para></listitem> - <listitem><para> Participate in any sort of trust relationship (with either Samba or NT - Servers).</para></listitem> - <listitem><para> Offer a list of domain users to User Manager for Domains - on the Security Tab etc).</para></listitem> - <listitem><para>Be a W2K type of Domain Controller. Samba PDC will behave like - an NT PDC, W2K workstations connect in legacy mode.</para></listitem> -</itemizedlist> -</sect1> - -</chapter> - - -<!-- ================== I N S T A L L I N G ===================== --> - -<chapter><title>Installing</title> - - <para>Installing consists of the usual download, configure, make and make - install process. These steps are well documented elsewhere. - The <ulink url="samba-pdc-faq.html">FAQ</> discusses getting pre-release versions via CVS. - Then you need to configure the server.</para> - -<sect1><title>Start Up Script</title> - <para>Skip this section if you have a working Samba already. - Everyone has their own favourite startup script. Here is mine, offered with no warrantee - at all !</para> - -<programlisting> - - #!/bin/sh - # Script to control Samba server, David Bannon, 14-6-96 - # - # - PATH=/bin:/usr/sbin:/usr/bin - export PATH - case "$1" in - 'start') - if [ -f /usr/local/samba/bin/smbd ] - then - /usr/local/samba/bin/smbd -D - /usr/local/samba/bin/nmbd -D - echo "Starting Samba Server" - fi - ;; - 'conf') - if [ -f /usr/local/samba/lib/smb.conf ] - then - vi /usr/local/samba/lib/smb.conf - fi - ;; - 'pw') - if [ -f /usr/local/samba/private/smbpasswd ] - then - vi /usr/local/samba/private/smbpasswd - fi - ;; - 'who') - /usr/local/samba/bin/smbstatus -b - ;; - 'restart') - psline=`/bin/ps x | grep smbd | grep -v grep` - - if [ "$psline" != "" ] - then - while [ "$psline" != "" ] - do - psline=`/bin/ps x | fgrep smbd | grep -v grep` - if [ "$psline" ] - then - set -- $psline - pid=$1 - /bin/kill -HUP $pid - echo "Stopped $pid line = $psline" - sleep 2 - fi - done - fi - echo "Stopped Samba servers" - ;; - 'stop') - psline=`/bin/ps x | grep smbd | grep -v grep` - - if [ "$psline" != "" ] - then - while [ "$psline" != "" ] - do - psline=`/bin/ps x | fgrep smbd | grep -v grep` - if [ "$psline" ] - then - set -- $psline - pid=$1 - /bin/kill -9 $pid - echo "Stopped $pid line = $psline" - sleep 2 - fi - done - fi - echo "Stopped Samba servers" - psline=`/bin/ps x | grep nmbd | grep -v grep` - if [ "$psline" ] - then - set -- $psline - pid=$1 - /bin/kill -9 $pid - echo "Stopped Name Server " - fi - echo "Stopped Name Servers" - ;; - *) - echo "usage: samba {start | restart |stop | conf | pw | who}" - ;; - esac - -</programlisting> - -<para> Use this script, or some other one, you will need to ensure its used while the machine - is booting. (This typically involves <filename>/etc/rc.d</filename>, we'll be - assuming that there is a script called - samba in <filename>/etc/rc.d/init.d</filename> further down in this document.) -</para> -</sect1> - -<sect1><title>Config File</title> - -<sect2><title id=configfile>A sample conf file</title> - <para>Here is a fairly minimal config file to do PDC. It will also make the server - become the browse master for the - specified domain (not necessary but usually desirable). You will need to change only - two parameters to make this - file work, <filename>wins server</filename> and <filename>workgroup</filename>, plus - you will need to put your own name (not mine!) in the <filename>domain admin users</> fields. - Some of the parameters are discussed further down this document.</para> - - <para>Assuming you have used the default install directories, this file should appear as - <filename>/usr/local/samba/lib/smb.conf</filename>. It should not be - writable by anyone except root.</para> - - <note><para>The 'add user script' parameter is a work-around, watch for changes !</></> - - <programlisting> - - [global] - security = user - status = yes - workgroup = { Your domain name here } - wins server = { ip of a wins server if you have one } - encrypt passwords = yes - domain logons =yes - logon script = scripts\%U.bat - domain admin group = @adm - add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ - guest account = ftp - share modes=no - os level=65 - [homes] - guest ok = no - read only = no - create mask = 0700 - directory mask = 0700 - oplocks = false - locking = no - [netlogon] - path = /usr/local/samba/netlogon - writeable = no - guest ok = no - -</programlisting> - -</sect2> - -<sect2><title>PDC Config Parameters</title> - - -<variablelist><title>There are a huge range of parameters that may appear in a smb.conf file. Some - that may be of interest to a PDC are :</title> - -<varlistentry><term>add user script</term> - <listitem><para>This parameter specifies a script (or program) that will be run - to add a user to the system. Here it is being used to add a machine, not a user. - This is probably not very nice and may change. But it does work !</para> - - <para>For this example, I have a group called 'machines', entries can be added to - <filename>/etc/passwd</> using a programme called <filename>/usr/adduser</> and - the other parameters are chosen as suitable for a machine account. Works for - RH Linux, your system may require changes.</para> - </listitem> -</varlistentry> - - -<varlistentry><term>domain admin group = @adm</term> - <listitem><para>This parameter specifies a unix group whose members will be granted - admin privileges on a NT workstation when - logged onto that workstation. See the section called <link linkend=domainadmin> - Domain Admin</> Accounts.</para> - </listitem> -</varlistentry> - -<varlistentry><term>domain admin users = user1 users2</term> - <listitem><para>It appears that this parameter does not funtion correctly at present. - Use the 'domain admin group' instread. This parameter specifies a unix user who will - be granted admin privileges - on a NT workstation when - logged onto that workstation. See the section called <link linkend=domainadmin> - Domain Admin</> Accounts.</para> - </listitem> -</varlistentry> - -<varlistentry><term>encrypt passwords = yes</term> - <listitem><para>This parameter must be 'yes' to allow any of the recent service pack NTs to logon. There are some reg hacks that - turn off encrypted passwords on the NTws itself but if you are going to use the smbpasswd system (and you - should) you must use encrypted passwords.</para> - </listitem> -</varlistentry> - -<varlistentry><term>logon script = scripts\%U.bat</term> - <listitem><para>This will make samba look for a logon script named after the user - (eg joeblow.bat). - See the section further on called <link linkend=logonscript>Logon Scripts</></para> - <note><para>Note that the slash is like this '\', not like this '/'. - NT is happy with both, win95 is not !</para></note> - </listitem> -</varlistentry> - -<varlistentry><term>logon path</term> - <listitem><para>Lets you specify where you would like users profiles kept. The default, that is in the users - home directory, does encourage a bit of fiddling.</para> - </listitem> -</varlistentry> - - -</variablelist> - - -</sect2> -</sect1> - -<sect1><title>Special directories</title> - <para>You need to create a couple of special files and directories. Its nice - to have some of the binaries handy too, so I create links to them. Assuming - you have used the default samba location and have not - changed the locations mentioned in the sample config file, do the following :</para> - - <programlisting> - - mkdir /usr/local/samba/netlogon - mkdir /usr/local/samba/netlogon/scripts - mkdir /usr/local/samba/private - touch /usr/local/samba/private/smbpasswd - chmod go-rwx /usr/local/samba/private/smbpasswd - cd /usr/local/sbin - ln -s /usr/local/samba/bin/smbpasswd - ln -s /usr/local/samba/bin/smbclient - ln -s /etc/rc.d/init.d/samba -</programlisting> - - <para>Make sure permissions are appropriate !</para> - - <para>OK, if you have used the scripts above and have a path to where the links are do this to start up - the Samba Server :</para> - - <para><command>samba start</command></para> - - <para>Instead, you might like to reboot the machine to make sure that you - got the init stuff right. Any way, a quick look in the logs - <filename>/usr/local/samba/var/log.smbd</filename> and <filename> - /usr/local/samba/var/log/nmbd</filename> - will give you an idea of what's happening. Assuming all is well, lets create - some accounts...</para> -</sect1> -</chapter> - - <!-- ================== U S E R and M A C H I N E A C C O U N T S ================ --> - -<chapter><title>User and Machine Accounts</title> -<sect1><title>Logon Accounts</title> - - <para><emphasis role=bold>This section is very nearly out of date already !</emphasis> It - appears that while you are reading it, Jean Francois Micou is making it - redundant ! Jean Francois is adding facilities to add users - (via User Manager) and machines (when joining the domain) and it looks like these facilities will - make it into the official release of 2.2.</para> - - - <para>Every user and NTws (and other samba servers) that will be on the domain - must have its own passwd entry in both <filename>/etc/passwd</filename> and - <filename>/usr/local/samba/private/smbpasswd</filename> . - The <filename>/etc/passwd</filename> entry is really - only to reserve a user ID. The NT encrypted password is stored in - <filename>/usr/local/samba/private/smbpasswd</filename>. - (Note that win95/98 machines don't need an account as they don't do - any security aware things.)</para> - - <para>Samba 2.2 will now create these entries for us. Carefull set up is required - and there may well be some changes to this system before its released. - </para> -</sect1> - -<sect1 id=machineaccount><title>Machine Accounts</title> - - <note><para>There is an entry in the ntdom <ulink url="samba-pdc-faq.html">FAQ</> explaining how to create - machine entries manually.</para></note> - - -<variablelist><title><emphasis>At present</> to have the machine accounts created when a machine joins - the domain a number of conditions must be met :</title> - -<varlistentry><term>Only root can do it !</term> - <listitem><para>There must be an entry in <filename>/usr/local/samba/private/smbpasswd</filename> - for root and root must be mentioned in <filename>domain admins</filename>. This may - be fixed some time in the future so any 'domain admin' can do it. If you don't - like having root as a windows logon account, make the machine - entries manually (both of them).</para> - </listitem> -</varlistentry> - -<varlistentry><term>Use the <filename>add user script</></term> - <listitem><para>Again, this looks a bit like a 'work around'. Use a suitable - command line to add a machine account <link linkend=configfile>see above</link>, - and pass it %m$, that is %m to get machine name plus the '$'. Now, this - means you cannot use the <filename>add user script</> to really add users .... </para> - </listitem> -</varlistentry> - -<varlistentry><term>Only for W2K</term> - <listitem><para>This automatic creation of machine accounts does not work for - NT4ws at present. Watch this space.</para></listitem></varlistentry> -</variablelist> - -</sect1> - -<sect1><title>Joining the Domain</title> - - <para>You must have either added the machine account entries manually (NT4 ws) - or set up the automatic system (W2K), <link linkend=machineaccount>see Machine Accounts</link> - before proceeding.</para> - -<variablelist> -<varlistentry><term><command>Windows NT</></term><listitem> -<itemizedlist> - <listitem><para> (<emphasis>this step may not be necessary some time in the near future</>). - On the samba server that is the PDC, add a machine account manually - as per the instructions in the <ulink url="samba-pdc-faq.html">FAQ</> - Then give the command <command>smbpasswd -a -m {machine}</> substituting in the - client machine name.</para></listitem> - <listitem><para> Logon to the NTws in question as a local admin, go to the - <command>Control Panel, Network IdentificationTag</command>.</para></listitem> - <listitem><para> Press the <command>Change</> button.</para></listitem> - <listitem><para> Enter the Domain name (from the 'Workgroup' parameter, smb.conf) - in the Domain Field.</para></listitem> -<!-- <listitem><para> Now enter a user name - and password for a Domain Admin <emphasis>(Who must be root - until a pre-release bug is fixed)</emphasis> and press - 'OK'.</para></listitem> --> - <listitem><para> Press OK and after a few seconds you will get a 'Welcome to Whatever Domain'. - Allow to reboot.</para></listitem> -</itemizedlist> -</listitem></varlistentry> - -<varlistentry><term><command>Windows 2000</></term><listitem> -<itemizedlist> - <listitem><para>Logon to the W2k machine as Administrator, go to the Control - Panel and double click on <command>Network and Dialup Connections</>. - </para></listitem> - <listitem><para>Pull down the <command>Advanced</> menu and choose - <command>Network Identification</>. Press <command>Properties - </>. </para></listitem> - <listitem><para>Choose <command>Domain</> and enter the domain name. Press 'OK'.</para></listitem> - <listitem><para>Now enter a user name and password for a Domain Admin - <emphasis>(Who must be root until a pre-release bug is fixed)</emphasis> and press - 'OK'.</para></listitem> - <listitem><para>Wait for the confirmation, reboot when prompted.</para></listitem> -</itemizedlist> - <para>To remove a W2K machine from the domain, follow the first two steps then - choose <command>Workgroup</>, enter a work group name (or just WORKGROUP) and follow - the prompts.</para> -</listitem></varlistentry> - - -</variablelist> - -</sect1> - -<sect1><title id=useraccount>User Accounts</title> - - <para><emphasis>Again, doing it manually (cos' the auto way is not working pre-release). - </emphasis> - In our simple case every domain user should have an account on the PDC. The - account may have a null shell if they are not allowed to log on to the unix - prompt. Again they need an entry in both the <filename>/etc/passwd</filename> and - <filename>/usr/local/samba/private/smbpasswd</filename>. Again a password is - not necessary in <filename>/etc/passwd</filename> but the location - of the home directory is honoured. - To make an entry for a user called Joe Blow you would typically do the following :</para> - - <para><command>adduser -g users -c 'Joe Blow' -s /bin/false -n joeblow</command></para> - - <para><command>smbpasswd -a joeblow</command></para> - - <para>And you will prompted to enter a password for Joe. Ideally he will be - hovering over your shoulder and will, when asked, type in a password of - his choice. There are a number of scripts and systems to ease the migration of users - from somewhere to samba. Better start looking !</para> -</sect1> - -<sect1><title id=domainadmin>Domain Admin Accounts</title> - - <para>Certain operations demand that the logged on user has Administrator - privileges, typically installing software and - doing maintenance tasks. It is very simple to appoint some users as Domain Admins, - most likely yourself. Make - sure you trust the appointee !</para> - - <para>Samba 2.2 recognizes particular users as being - domain admins and tells the NTws when it thinks that it has got one logged on. - In the smb.conf file we declare - that the <filename>Domain Admin group = @adm</filename>. - Any user who is a menber of the unix group 'adm' is treated as a Domain Admin by a NTws when - logged onto the Domain. They will have full Administrator rights - including the rights to change permissions on files and run the system - utilities such as Disk Administrator. Add users to the group by editing <filename> - /etc/group/</>. You do not need to use the 'adm' group, choose any one you like.</para> - - <para>Further, and this is very new, they will be allowed to create a - new machine account when first connecting a new NT or W2K machine to - the domain. <emphasis>However, at present, ie pre-release, only a Domain Admin who - also happens to be root can do so. </emphasis></para> -</sect1> -</chapter> - - -<!-- ======== P R O F I L E S P O L I C I E S and L O G O N S C R I P T S ======= --> - -<chapter><title>Profiles, Policies and Logon Scripts</title> - -<sect1><title>Profiles</title> - - <para>NT Profiles should work if you have followed the setup so far. - A user's profile contains a whole lot of their personal settings, - the contents of their desktop, personal 'My Documents' and so on. - When they log off, all of the profile is copied to their directory - on the server and is downloaded again when they logon on again, possibly - on another client machine.</para> - - <para>Sounds great but can be a bit of a bug bear sometimes. Users let - their profiles get too big and then complain about how long it takes - to log on each time. This sample setup only supports NT profiles, - rumor has it that it is also possible to do the same on Win95, my - users don't know and I'm not telling them.</para> - - <note><para>There is more info about Profiles (including for W95/98) - in the <ulink url="samba-pdc-faq.html">FAQ</>.</para></note> -</sect1> - -<sect1><title>Policies</title> - - <para>Policies are an easy way to make or enforce specific characteristics across your network. You create a ntconfig.pol - file and every time someone logs on with their NTws, the settings you put in ntconfig.pol are applied to the NTws. - Typical setting are things like making the date appear the way you want it (none of these 2 figure years here) or - maybe suppressing one of the splash screens. Perhaps you want to set the NTws so it does not keep users profiles - on the local machine. Cool. The only problem is making the ntconfig.pol file itself. You cannot use the policy editor - that comes with NTws.</para> - - <note><para>See the <ulink url="samba-pdc-faq.html">FAQ</> for pointers on how to get a suitable Policy Editor.</para></note> - - <para>The Policy Editor (and associated files) will create a - <filename>ntconfig.pol</filename> file using the - parameters Microsoft thought of and parameters you specify by making your own - template file.</para> - - <para>In our example configuration here, Samba will expect to find - the <filename>ntconfig.pol</filename> file in - <filename>/usr/local/samba/netlogon</filename>. Needless to say (I hope !), - it is vitally important that ordinary users don't have - write permission to the Policy files.</para> -</sect1> - -<sect1><title id=logonscript>Logon Scripts</title> - - <para>In the sample config file above there is a line - <filename>logon script = scripts\%U.bat</filename></para> - - <note><para>Note that the slash is like this '\' not like this '/'. - NT is happy with both, win95 is not !</para></note> - - <para>This allows you to run a dos batch file every time someone logs on. The batch - file is located on the server, in the sample install mentioned here, - its in <filename>/usr/local/samba/netlogon/scripts</filename> and - is named after the user with <filename>.bat</filename> appended, eg Joe - Blow's script is called <filename>/usr/local/samba/netlogon/scripts/joeblow.bat</filename>.</para> - - <note><para>There is a suggestion that user names longer than 8 characters may cause - problems with some systems being unable to run logon scripts. This is confirmed in earlier - versions when connecting using W95, comments about other combinations ??</para></note> - - <para>You could use a line like this <filename>logon script = default.bat</> and samba - will supply <filename>/usr/local/samba/netlogon/default.bat</> for any client and every - user. Maybe you could use %m and get a client machine dependant logon script. - You get the idea...</para> - - <para>Note that the file is a dos batch file not a Unix script. It runs dos commands on the client - computer with the logon user's permissions. It must be a dos file with each line ending with - the dos cr/lf not a nice clean newline. Generally, - its best to create the initial file on a DOS system and copy it across.</para> - - <para>There is lots of very clever uses of the Samba replaceable variables such - ( %U = user, %G = primary group, %H = client machine, see the 'man 5 smb.conf') to - give you control over which script runs when a particular person logs - on. (Gee, it would be nice to have a default.bat run when nothing else is available.)</para> - - <para>Again, it is vitally important that ordinary users don't have write - permission to other peoples, or even probably their own, logon script files.</para> - - <para>A typical logon script is reproduced below. Note that it runs separate - commands for win95 and NT, that's because NT has slightly different behaviour - when using the <filename>net use ..</filename> command. Its useful for lots of - other situations too. I don't know what syntax to use for win98, I don't use it - here.</para> - -<programlisting> - - rem Default logon script, create links to this file. - - net time \\bioserve /set /yes - @echo off - if %OS%.==Windows_NT. goto WinNT - - :Win95 - net use k: \\trillion\bio_prog - net use p: \\bcfile\homes - goto end - :WinNT - net use k: \\trillion\bio_prog /persistent:no - net use p: \\bcfile\homes /persistent:no - - :end - -</programlisting> -</sect1> -</chapter> - -<chapter><title>Passwords and Authentication</title> - - <para>So far our configuration assumes that ordinary users don't have unix logon access. A change - to the <link linkend=useraccount><filename>adduser</></> line above would allow unix logon - but it would be with passwords that may - be different from the NT logon. Clearly that won't suit everyone. Trying to explain to users - that they need to change their passwords in two seperate places is not fun. - Further, even if they cannot do a unix logon there are other processes that - might require authentication. We have a nice securely encrypted password in - <filename>/usr/local/samba/private/smbpasswd</filename>, why not use it ?</para> - -<sect1><title></> -<sect2><title>Syncing Passwords</title> - - <para>Yes, its possible and seems the easiest way (initially anyway). - The <ulink url="samba-pdc-faq.html">FAQ</> details how to - do so in the sections <emphasis>What is password sync and should I use it ?</> and <emphasis> - How do I get remote password (unix and SMB) changing working ?</></para> - -</sect2> - -<sect2><title>Using PAM</title> - <para>Pam enabled systems have a much better solution available. The Samba - PDC server will offer to authenticate domain users to other processes - (either on this server or on the domain). With a suitable pam stack - such as <ulink url="http://www.csn.ul.ie/~airlied/pam_smb/"> Pam_smb</ulink> - you can get any pam aware application looking to the samba password and - can leave the password field in <filename>/etc/shadow</filename> - or <filename>/etc/passwd</filename> invalid.</para> -</sect2> - -<sect2><title>Authenticating other Samba Servers</title> - <para>In a domain that has a number of servers you only need one password database. - The machines that don't have their own ask the PDC to check for them. - This will work fine for a domain controlled by either a Samba or NT machine.</para> - - <para>To do so the Samba machine must be told to refer to the PDC and where the PDC is. - See the section in the NTDom <ulink url="samba-pdc-faq.html">FAQ</> called <emphasis>How do I get my samba server to - become a member ( not PDC ) of an NT domain?</></para> - - -</sect2> -</sect1> -</chapter> - - -<chapter><title>Background</title> - -<sect1><title></title> -<sect2><title>History</title> - - <para>It might help you understand the limitations of the PDC in Samba if you - read something of its history. Well, the history as I understand it anyway.</para> - - <para>For many years the Samba team have been developing Samba, some time ago - a number of people, possibly lead by Luke Leighton started contributing NT - PDC stuff. This was added to the 'head' stream (that would eventually - become the next version) and later to a seperate stream (NTDom). They did so - much that eventually this development stream was so mutated that it could not - be merged back into the main stream and was abandoned towards the end of 1999. - And that was very sad because many users, myself include had become heavily - dependant on the NTController facilities it offered. Oh well...</para> - - <para>The NTDom team continued on with their new found knowledge however and - built the TNG stream. Intended to be carefully controlled so that it can be - merged back into the main stream and benefiting from what they learnt, it is - a very different product to the origional NTDom product. However, for a - number of reasons, the merge did not take place and now TNG is being developed - at <ulink url="http://www.samba-tng.org">http://www.samba-tng.org</>.</para> - - <para>Now, the NTDom things that the main strean 2.0.x version does is based more - on the old (initial version) abandoned code than on the TNG ideas. It appears - that version 2.2.0 will also include an improved version of the 2.0.7 domain - controller charactistics, not the TNG ways. The developers have indicated - that 2.2.0 will be further developed incrementally and the ideas from TNG - incorporated into it.</para> - - <para>One more little wriggle is worth mentioning. At one stage the NTDom - stream was called Samba 2.1.0-prealpha and similar names. This is most - unfortunate because at least one book published advises people who want to - use NTDom Samba to get version 2.1.0 or later. As main stream Samba will soon - be called 2.2.0 and NOT officially supporting NTDom Controlling functions, - the potential for confusion is certainly there.</para> -</sect2> - -<sect2><title>The Future</title> - - <para>There is a document on the Samba mirrors called <emphasis>'Development' - </emphasis>. It offers the 'best guess' of what is planned for future releases - of Samba.</para> - - <para>The future of Samba as a Primary Domain Controller appears rosie, however - be aware that its the future, not the present. The developers are strongly committed - to building a full featured PDC into Samba but it will take time. If this - version does not meet your requirements then you should consider (in no particular - order) :</para> - - <itemizedlist> - <listitem><para> Wait. No, we don't know how long. Repeated asking won't help.</para></listitem> - <listitem><para>Investigate the development versions, TNG perhaps or HEAD where new code is being added - all the time. Realise that development code is often unstable, poorly documented and subject to change. - You will need to use cvs to download development versions.</para></listitem> - <listitem><para>Join one of the Samba mailing lists so that you can find out - what is happening on the 'bleeding edge'.</para></listitem> - </itemizedlist> -</sect2> - -<sect2><title>Getting further help</title> - - <para>This document cannot possibly answer all your questions. Please understand that its very - likely that someone has been confrounted by the same problem that you have. The - <ulink url="samba-pdc-faq.html">FAQ</> - discusses a number of possible paths to take to get further help :</para> - - - <itemizedlist> - <listitem><para>Documents on the Samba Sites.</para></listitem> - <listitem><para>Other web sites.</para></listitem> - <listitem><para>Mailing list.</para></listitem> - </itemizedlist> - - <para>There is some discussion about guide lines for using the Mailing Lists on the - accompanying <ulink url="samba-pdc-faq.html">FAQ</>, - please read them before posting.</para> - -</sect2> -</sect1> -</chapter> - -</book> diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml index 2d873a1e40..edfa9b4fca 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -24,7 +24,7 @@ <arg choice="opt">-V</arg> <arg choice="opt">-d <debug level></arg> <arg choice="opt">-H <lmhosts file></arg> - <arg choice="opt">-l <log file></arg> + <arg choice="opt">-l <log directory></arg> <arg choice="opt">-n <primary netbios name></arg> <arg choice="opt">-p <port number></arg> <arg choice="opt">-s <configuration file></arg> @@ -162,17 +162,14 @@ </varlistentry> <varlistentry> - <term>-l <log file></term> - <listitem><para>The -l parameter specifies a path - and base filename into which operational data from - the running <command>nmbd</command> server will - be logged. The actual log file name is generated by - appending the extension ".nmb" to the specified base - name. For example, if the name specified was "log" - then the file log.nmb would contain the debugging data.</para> - - <para>The default log file path is compiled into Samba as - part of the build process. Common defaults are <filename> + <term>-l <log directory></term> + <listitem><para>The -l parameter specifies a directory + into which the "log.nmbd" log file will be created + for operational data from the running + <command>nmbd</command> server.</para> + + <para>The default log directory is compiled into Samba + as part of the build process. Common defaults are <filename> /usr/local/samba/var/log.nmb</filename>, <filename> /usr/samba/var/log.nmb</filename> or <filename>/var/log/log.nmb</filename>.</para></listitem> diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index 6093d6dc42..f32e2f9ece 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -135,7 +135,7 @@ <term>-U username[%password]</term> <listitem><para>Sets the SMB username or username and password. </para> - <para>If %password is not specified, The user will be prompted. The + <para>If %password is not specified, the user will be prompted. The client will first check the <envar>USER</envar> environment variable, then the <envar>LOGNAME</envar> variable and if either exists, the string is uppercased. If these environmental variables are not diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index b3be01677b..a7328e7cf6 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -436,8 +436,8 @@ <term>%a</term> <listitem><para>the architecture of the remote machine. Only some are recognized, and those may not be - 100% reliable. It currently recognizes Samba, WfWg, - WinNT and Win95. Anything else will be known as + 100% reliable. It currently recognizes Samba, WfWg, Win95, + WinNT and Win2k. Anything else will be known as "UNKNOWN". If it gets it wrong then sending a level 3 log to <ulink url="mailto:samba@samba.org">samba@samba.org </ulink> should allow it to be fixed.</para></listitem> @@ -636,6 +636,14 @@ <listitem><para><link linkend="KERNELOPLOCKS"><parameter>kernel oplocks</parameter></link></para></listitem> <listitem><para><link linkend="LANMANAUTH"><parameter>lanman auth</parameter></link></para></listitem> <listitem><para><link linkend="LARGEREADWRITE"><parameter>large readwrite</parameter></link></para></listitem> + + <listitem><para><link linkend="LDAPADMINDN"><parameter>ldap admin dn</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPFILTER"><parameter>ldap filter</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPPORT"><parameter>ldap port</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPSERVER"><parameter>ldap server</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPSSL"><parameter>ldap ssl</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem> + <listitem><para><link linkend="LMANNOUNCE"><parameter>lm announce</parameter></link></para></listitem> <listitem><para><link linkend="LMINTERVAL"><parameter>lm interval</parameter></link></para></listitem> <listitem><para><link linkend="LOADPRINTERS"><parameter>load printers</parameter></link></para></listitem> @@ -671,7 +679,6 @@ <listitem><para><link linkend="NETBIOSNAME"><parameter>netbios name</parameter></link></para></listitem> <listitem><para><link linkend="NETBIOSSCOPE"><parameter>netbios scope</parameter></link></para></listitem> <listitem><para><link linkend="NISHOMEDIR"><parameter>nis homedir</parameter></link></para></listitem> - <listitem><para><link linkend="NTACLSUPPORT"><parameter>nt acl support</parameter></link></para></listitem> <listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem> <listitem><para><link linkend="NTSMBSUPPORT"><parameter>nt smb support</parameter></link></para></listitem> <listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem> @@ -710,6 +717,7 @@ <listitem><para><link linkend="SOCKETADDRESS"><parameter>socket address</parameter></link></para></listitem> <listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem> <listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem> + <listitem><para><link linkend="SSL"><parameter>ssl</parameter></link></para></listitem> <listitem><para><link linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter></link></para></listitem> <listitem><para><link linkend="SSLCACERTFILE"><parameter>ssl CA certFile</parameter></link></para></listitem> @@ -717,6 +725,9 @@ <listitem><para><link linkend="SSLCLIENTCERT"><parameter>ssl client cert</parameter></link></para></listitem> <listitem><para><link linkend="SSLCLIENTKEY"><parameter>ssl client key</parameter></link></para></listitem> <listitem><para><link linkend="SSLCOMPATIBILITY"><parameter>ssl compatibility</parameter></link></para></listitem> + <listitem><para><link linkend="SSLEGDSOCKET"><parameter>ssl egd socket</parameter></link></para></listitem> + <listitem><para><link linkend="SSLENTROPYBYTES"><parameter>ssl entropy bytes</parameter></link></para></listitem> + <listitem><para><link linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link></para></listitem> <listitem><para><link linkend="SSLHOSTS"><parameter>ssl hosts</parameter></link></para></listitem> <listitem><para><link linkend="SSLHOSTSRESIGN"><parameter>ssl hosts resign</parameter></link></para></listitem> <listitem><para><link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require clientcert</parameter></link></para></listitem> @@ -724,6 +735,7 @@ <listitem><para><link linkend="SSLSERVERCERT"><parameter>ssl server cert</parameter></link></para></listitem> <listitem><para><link linkend="SSLSERVERKEY"><parameter>ssl server key</parameter></link></para></listitem> <listitem><para><link linkend="SSLVERSION"><parameter>ssl version</parameter></link></para></listitem> + <listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem> <listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem> <listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem> @@ -737,6 +749,7 @@ <listitem><para><link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link></para></listitem> <listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem> <listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem> + <listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem> <listitem><para><link linkend="USERHOSTS"><parameter>use rhosts</parameter></link></para></listitem> <listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem> <listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem> @@ -831,6 +844,7 @@ <listitem><para><link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter></link></para></listitem> <listitem><para><link linkend="MINPRINTSPACE"><parameter>min print space</parameter></link></para></listitem> <listitem><para><link linkend="MSDFSROOT"><parameter>msdfs root</parameter></link></para></listitem> + <listitem><para><link linkend="NTACLSUPPORT"><parameter>nt acl support</parameter></link></para></listitem> <listitem><para><link linkend="ONLYGUEST"><parameter>only guest</parameter></link></para></listitem> <listitem><para><link linkend="ONLYUSER"><parameter>only user</parameter></link></para></listitem> <listitem><para><link linkend="OPLOCKCONTENTIONLIMIT"><parameter>oplock contention limit</parameter></link></para></listitem> @@ -863,6 +877,7 @@ <listitem><para><link linkend="SETDIRECTORY"><parameter>set directory</parameter></link></para></listitem> <listitem><para><link linkend="SHORTPRESERVECASE"><parameter>short preserve case</parameter></link></para></listitem> <listitem><para><link linkend="STATUS"><parameter>status</parameter></link></para></listitem> + <listitem><para><link linkend="STRICTALLOCATE"><parameter>strict allocate</parameter></link></para></listitem> <listitem><para><link linkend="STRICTLOCKING"><parameter>strict locking</parameter></link></para></listitem> <listitem><para><link linkend="STRICTSYNC"><parameter>strict sync</parameter></link></para></listitem> <listitem><para><link linkend="SYNCALWAYS"><parameter>sync always</parameter></link></para></listitem> @@ -2331,8 +2346,8 @@ <parameter>workgroup</parameter></link> it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows NT 4 Domains. For more details on setting up this feature see - the file DOMAINS.txt in the Samba documentation directory <filename>docs/ - </filename> shipped with the source code.</para> + the Samba-PDC-HOWTO included in the <filename>htmldocs/</filename> + directory shipped with the source code.</para> <para>Default: <command>domain logons = no</command></para></listitem> </varlistentry> @@ -2636,12 +2651,6 @@ mode after the mask set in the <parameter>create mask</parameter> parameter is applied.</para> - <para>Note that by default this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - this mask on access control lists also, they need to set the <link - linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with - mask</parameter></link> to <constant>true</constant>.</para> - <para>See also the parameter <link linkend="CREATEMASK"><parameter>create mask</parameter></link> for details on masking mode bits on files.</para> @@ -2670,12 +2679,6 @@ mask in the parameter <parameter>directory mask</parameter> is applied.</para> - <para>Note that by default this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - this mask on access control lists also, they need to set the <link - linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with - mask</parameter></link> to <constant>true</constant>.</para> - <para>See also the parameter <link linkend="DIRECTORYMASK"><parameter> directory mask</parameter></link> for details on masking mode bits on created directories.</para> @@ -3388,6 +3391,150 @@ + <varlistentry> + <term><anchor id="LDAPADMINDN">ldap admin dn (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + The <parameter>ldap admin dn</parameter> defines the Distinguished + Name (DN) name used by Samba to contact the <link linkend="LDAPSERVER">ldap + server</link> when retreiving user account information. The <parameter>ldap + admin dn</parameter> is used in conjunction with the admin dn password + stored in the <filename>private/secrets.tdb</filename> file. See the + <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man + page for more information on how to accmplish this. + </para> + + + <para>Default : <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPFILTER">ldap filter (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This parameter specifies the RFC 2254 compliant LDAP search filter. + The default is to match the login name with the <constant>uid</constant> + attribute for all entries matching the <constant>sambaAccount</constant> + objectclass. Note that this filter should only return one entry. + </para> + + + <para>Default : <command>ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPPORT">ldap port (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This option is used to control the tcp port number used to contact + the <link linkend="LDAPSERVER"><parameter>ldap server</parameter></link>. + The default is to use the stand LDAP port 389. + </para> + + <para>Default : <command>ldap port = 389</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPSERVER">ldap server (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This parameter should contains the FQDN of the ldap directory + server which should be queried to locate user account information. + </para> + + + + <para>Default : <command>ldap server = localhost</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPSSL">ldap ssl (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This option is used to define whether or not Samba should + use SSL when connecting to the <link linkend="LDAPSERVER"><parameter>ldap + server</parameter></link>. This is <emphasis>NOT</emphasis> related to + Samba SSL support which is enabled by specifying the + <command>--with-ssl</command> option to the <filename>configure</filename> + script (see <link linkend="SSL"><parameter>ssl</parameter></link>). + </para> + + <para> + The <parameter>ldap ssl</parameter> can be set to one of three values: + (a) <command>on</command> - Always use SSL when contacting the + <parameter>ldap server</parameter>, (b) <command>off</command> - + Never use SSL when querying the directory, or (c) <command>start + tls</command> - Use the LDAPv3 StartTLS extended operation + (RFC2830) for communicating with the directory server. + </para> + + + <para>Default : <command>ldap ssl = off</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPSUFFIX">ldap suffix (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + + + <para>Default : <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + + + <varlistentry> @@ -4615,7 +4762,7 @@ <term><anchor id="MSDFSROOT">msdfs root (S)</term> <listitem><para>This boolean parameter is only available if Samba is configured and compiled with the <command> - --with-msdfs</command> option. If set to <constant>yes></constant>, + --with-msdfs</command> option. If set to <constant>yes</constant>, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic @@ -4654,7 +4801,7 @@ </filename>, NIS, or DNS lookups. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the <filename>/etc/nsswitch.conf</filename> - file). Note that this method is only used if the NetBIOS name + file. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored.</para></listitem> @@ -4768,10 +4915,12 @@ <varlistentry> - <term><anchor id="NTACLSUPPORT">nt acl support (G)</term> + <term><anchor id="NTACLSUPPORT">nt acl support (S)</term> <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map - UNIX permissions into Windows NT access control lists.</para> + UNIX permissions into Windows NT access control lists. + This parameter was formally a global parameter in releases + prior to 2.2.2.</para> <para>Default: <command>nt acl support = yes</command></para> </listitem> @@ -5080,7 +5229,7 @@ <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link> parameter is set to true, the chat pairs - may be matched in any order, and sucess is determined by the PAM result, + may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions. </para> @@ -5202,7 +5351,7 @@ made - the password as is and the password in all-lower case.</para> <para>Default: <command>password level = 0</command></para> - <para>Example: <command>password level = 4</command</para> + <para>Example: <command>password level = 4</command></para> </listitem> </varlistentry> @@ -5511,8 +5660,9 @@ </parameter> and <parameter>%f</parameter> will be replaced by the appropriate spool file name, and all occurrences of <parameter>%p </parameter> will be replaced by the appropriate printer name. The - spool file name is generated automatically by the server, the printer - name is discussed below.</para> + spool file name is generated automatically by the server. The + <parameter>%J</parameter> macro can be used to access the job + name as transmitted by the client.</para> <para>The print command <emphasis>MUST</emphasis> contain at least one occurrence of <parameter>%s</parameter> or <parameter>%f @@ -5551,7 +5701,7 @@ or PLP :</command></para> <para><command>print command = lpr -r -P%p %s</command></para> - <para>For <command>printing = SYS or HPUX :</command></para> + <para>For <command>printing = SYSV or HPUX :</command></para> <para><command>print command = lp -c -d%p %s; rm %s</command></para> <para>For <command>printing = SOFTQ :</command></para> @@ -5803,7 +5953,7 @@ <parameter>lprm command</parameter> if specified in the [global] section.</para> - <para>Currently eight printing styles are supported. They are + <para>Currently nine printing styles are supported. They are <constant>BSD</constant>, <constant>AIX</constant>, <constant>LPRNG</constant>, <constant>PLP</constant>, <constant>SYSV</constant>, <constant>HPUX</constant>, @@ -6076,34 +6226,6 @@ - <varlistentry> - <term><anchor id="RESTRICTACLWITHMASK">restrict acl with mask (S)</term> - <listitem><para>This is a boolean parameter. If set to <constant>false</constant> (default), then - creation of files with access control lists (ACLS) and modification of ACLs - using the Windows NT/2000 ACL editor will be applied directly to the file - or directory.</para> - - <para>If set to <constant>true</constant>, then all requests to set an ACL on a file will have the - parameters <link linkend="CREATEMASK"><parameter>create mask</parameter></link>, - <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link> - applied before setting the ACL, and all requests to set an ACL on a directory will - have the parameters <link linkend="DIRECTORYMASK"><parameter>directory - mask</parameter></link>, <link linkend="FORCEDIRECTORYMODE"><parameter>force - directory mode</parameter></link> applied before setting the ACL. - </para> - - <para>See also <link linkend="CREATEMASK"><parameter>create mask</parameter></link>, - <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>, - <link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link>, - <link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link> - </para> - - <para>Default: <command>restrict acl with mask = no</command></para> - </listitem> - </varlistentry> - - - <varlistentry> <term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term> @@ -6253,7 +6375,7 @@ <command>security = server</command> or <command>security = domain </command>.</para> - <para>In versions of Samba prior to 2..0, the default was + <para>In versions of Samba prior to 2.0.0, the default was <command>security = share</command> mainly because that was the only option at one stage.</para> @@ -6787,10 +6909,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>This variable enables or disables the entire SSL mode. If it is set to <constant>no</constant>, the SSL-enabled Samba behaves exactly like the non-SSL Samba. If set to <constant>yes</constant>, @@ -6812,10 +6930,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>This variable defines where to look up the Certification Authorities. The given directory should contain one file for each CA that Samba will trust. The file name must be the hash @@ -6838,10 +6952,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>This variable is a second way to define the trusted CAs. The certificates of the trusted CAs are collected in one big file and this variable points to the file. You will probably @@ -6865,10 +6975,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>This variable defines the ciphers that should be offered during SSL negotiation. You should not set this variable unless you know what you are doing.</para> @@ -6883,10 +6989,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>The certificate in this file is used by <ulink url="smbclient.1.html"> <command>smbclient(1)</command></ulink> if it exists. It's needed if the server requires a client certificate.</para> @@ -6905,10 +7007,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>This is the private key for <ulink url="smbclient.1.html"> <command>smbclient(1)</command></ulink>. It's only needed if the client should have a certificate. </para> @@ -6927,18 +7025,77 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - - <para>This variable defines whether SSLeay should be configured + <para>This variable defines whether OpenSSL should be configured for bug compatibility with other SSL implementations. This is probably not desirable because currently no clients with SSL - implementations other than SSLeay exist.</para> + implementations other than OpenSSL exist.</para> <para>Default: <command>ssl compatibility = no</command></para> </listitem> </varlistentry> + + + <varlistentry> + <term><anchor id="SSLEGDSOCKET">ssl egd socket (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This option is used to define the location of the communiation socket of + an EGD or PRNGD daemon, from which entropy can be retrieved. This option + can be used instead of or together with the <link + linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link> + directive. 255 bytes of entropy will be retrieved from the daemon. + </para> + + <para>Default: <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLENTROPYBYTES">ssl entropy bytes (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This parameter is used to define the number of bytes which should + be read from the <link linkend="SSLENTROPYFILE"><parameter>ssl entropy + file</parameter></link> If a -1 is specified, the entire file will + be read. + </para> + + <para>Default: <command>ssl entropy bytes = 255</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLENTROPYFILE">ssl entropy file (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This parameter is used to specify a file from which processes will + read "random bytes" on startup. In order to seed the internal pseudo + random number generator, entropy must be provided. On system with a + <filename>/dev/urandom</filename> device file, the processes + will retrieve its entropy from the kernel. On systems without kernel + entropy support, a file can be supplied that will be read on startup + and that will be used to seed the PRNG. + </para> + + <para>Default: <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + <varlistentry> @@ -6956,10 +7113,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>These two variables define whether Samba will go into SSL mode or not. If none of them is defined, Samba will allow only SSL connections. If the <link linkend="SSLHOSTS"> @@ -6993,10 +7146,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>If this variable is set to <constant>yes</constant>, the server will not tolerate connections from clients that don't have a valid certificate. The directory/file given in <link @@ -7025,10 +7174,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>If this variable is set to <constant>yes</constant>, the <ulink url="smbclient.1.html"><command>smbclient(1)</command> </ulink> will request a certificate from the server. Same as @@ -7047,10 +7192,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>This is the file containing the server's certificate. The server <emphasis>must</emphasis> have a certificate. The file may also contain the server's private key. See later for @@ -7069,10 +7210,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>This file contains the private key of the server. If this variable is not defined, the key is looked up in the certificate file (it may be appended to the certificate). @@ -7093,10 +7230,6 @@ system and the configure option <command>--with-ssl</command> was given at configure time.</para> - <para><emphasis>Note</emphasis> that for export control reasons - this code is <emphasis>NOT</emphasis> enabled by default in any - current binary version of Samba.</para> - <para>This enumeration variable defines the versions of the SSL protocol that will be used. <constant>ssl2or3</constant> allows dynamic negotiation of SSL v2 or v3, <constant>ssl2</constant> results @@ -7150,6 +7283,30 @@ <varlistentry> + <term><anchor id="STRICTALLOCATE">strict allocate (S)</term> + <listitem><para>This is a boolean that controls the handling of + disk space allocation in the server. When this is set to <constant>yes</constant> + the server will change from UNIX behaviour of not committing real + disk storage blocks when a file is extended to the Windows behaviour + of actually forcing the disk system to allocate real storage blocks + when a file is created or extended to be a given size. In UNIX + terminology this means that Samba will stop creating sparse files. + This can be slow on some systems.</para> + + <para>When strict allocate is <constant>no</constant> the server does sparse + disk block allocation when a file is extended.</para> + + <para>Setting this to <constant>yes</constant> can help Samba return + out of quota messages on systems that are restricting the disk quota + of users.</para> + + <para>Default: <command>strict allocate = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> <term><anchor id="STRICTLOCKING">strict locking (S)</term> <listitem><para>This is a boolean that controls the handling of file locking in the server. When this is set to <constant>yes</constant> @@ -7435,6 +7592,24 @@ <varlistentry> + <term><anchor id="USEMMAP">use mmap (G)</term> + <listitem><para>This global parameter determines if the tdb internals of Samba can + depend on mmap working correctly on the running system. Samba requires a coherent + mmap/read-write system memory cache. Currently only HPUX does not have such a + coherent cache, and so this parameter is set to <constant>false</constant> by + default on HPUX. On all other systems this parameter should be left alone. This + parameter is provided to help the Samba developers track down problems with + the tdb internal code. + </para> + + <para>Default: <command>use mmap = yes</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> <term><anchor id="USERHOSTS">use rhosts (G)</term> <listitem><para>If this global parameter is <constant>true</constant>, it specifies that the UNIX user's <filename>.rhosts</filename> file in their home directory @@ -7811,16 +7986,16 @@ <para>Default: <emphasis>No files or directories are vetoed. </emphasis></para> - <para>Examples:<programlisting> - ; Veto any files containing the word Security, - ; any ending in .tmp, and any directory containing the - ; word root. - veto files = /*Security*/*.tmp/*root*/ +<para>Examples:<programlisting> +; Veto any files containing the word Security, +; any ending in .tmp, and any directory containing the +; word root. +veto files = /*Security*/*.tmp/*root*/ - ; Veto the Apple specific files that a NetAtalk server - ; creates. - veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - </programlisting></para> +; Veto the Apple specific files that a NetAtalk server +; creates. +veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ +</programlisting></para> </listitem> </varlistentry> diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml index 7904634ab2..05e05f4a6a 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -70,7 +70,7 @@ <varlistentry> <term>message-type</term> - <listitem><para>One of: <constand>close-share</constant>, + <listitem><para>One of: <constant>close-share</constant>, <constant>debug</constant>, <constant>force-election</constant>, <constant>ping </constant>, <constant>profile</constant>, <constant> diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml index 05958b83de..cdb3d51fa8 100644 --- a/docs/docbook/manpages/smbd.8.sgml +++ b/docs/docbook/manpages/smbd.8.sgml @@ -22,7 +22,7 @@ <arg choice="opt">-h</arg> <arg choice="opt">-V</arg> <arg choice="opt">-d <debug level></arg> - <arg choice="opt">-l <log file></arg> + <arg choice="opt">-l <log directory></arg> <arg choice="opt">-p <port number></arg> <arg choice="opt">-O <socket option></arg> <arg choice="opt">-s <configuration file></arg> @@ -148,16 +148,21 @@ </varlistentry> <varlistentry> - <term>-l <log file></term> - <listitem><para>If specified, <replaceable>log file</replaceable> - specifies a log filename into which informational and debug - messages from the running server will be logged. The log + <term>-l <log directory></term> + <listitem><para>If specified, + <replaceable>log directory</replaceable> + specifies a log directory into which the "log.smbd" log + file will be created for informational and debug + messages from the running server. The log file generated is never removed by the server although its size may be controlled by the <ulink url="smb.conf.5.html#maxlogsize">max log size</ulink> option in the <ulink url="smb.conf.5.html"><filename> - smb.conf(5)</filename></ulink> file. The default log - file name is specified at compile time.</para></listitem> + smb.conf(5)</filename></ulink> file. + </para> + + <para>The default log directory is specified at + compile time.</para></listitem> </varlistentry> <varlistentry> diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml index e757a0c67c..098e874cc8 100644 --- a/docs/docbook/manpages/smbpasswd.8.sgml +++ b/docs/docbook/manpages/smbpasswd.8.sgml @@ -28,6 +28,7 @@ <arg choice="opt">-U username[%password]</arg> <arg choice="opt">-h</arg> <arg choice="opt">-s</arg> + <arg choice="opt">-w pass</arg> <arg choice="opt">username</arg> </cmdsynopsis> </refsynopsisdiv> @@ -342,6 +343,22 @@ </listitem> </varlistentry> + + <varlistentry> + <term>-w password</term> + <listitem><para>This parameter is only available is Samba + has been configured to use the experiemental + <command>--with-ldapsam</command> option. The <parameter>-w</parameter> + switch is used to specify the password to be used with the + <ulink url="smb.conf.5.html#LDAPADMINDN"><parameter>ldap admin + dn</parameter></ulink>. Note that the password is stored in + the <filename>private/secrets.tdb</filename> and is keyed off + of the admin's DN. This means that if the value of <parameter>ldap + admin dn</parameter> ever changes, the password will beed to be + manually updated as well. + </para> + </listitem> + </varlistentry> <varlistentry> diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index 6a1ecd59fd..af851657f3 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -42,6 +42,15 @@ can be used to resolve user and group information from a Windows NT server. The service can also provide authentication services via an associated PAM module. </para> + + <para> + The <filename>pam_winbind</filename> module in the 2.2.2 release only + supports the <parameter>auth</parameter> and <parameter>account</parameter> + module-types. The latter is simply + performs a getpwnam() to verify that the system can obtain a uid for the + user. If the <filename>libnss_winbind</filename> library has been correctly + installed, this should always suceed. + </para> <para>The following nsswitch databases are implemented by the winbindd service: </para> diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index 0b1db84b20..6d0b36eafc 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -31,14 +31,7 @@ <title>Joining an NT Domain with Samba 2.2</title> - <para>In order for a Samba-2 server to join an NT domain, - you must first add the NetBIOS name of the Samba server to the - NT domain on the PDC using Server Manager for Domains. This creates - the machine account in the domain (PDC) SAM. Note that you should - add the Samba server as a "Windows NT Workstation or Server", - <emphasis>NOT</emphasis> as a Primary or backup domain controller.</para> - - <para>Assume you have a Samba-2 server with a NetBIOS name of + <para>Assume you have a Samba 2.x server with a NetBIOS name of <constant>SERV1</constant> and are joining an NT domain called <constant>DOM</constant>, which has a PDC with a NetBIOS name of <constant>DOMPDC</constant> and two backup domain controllers @@ -49,11 +42,14 @@ and run the command:</para> <para><prompt>root# </prompt><userinput>smbpasswd -j DOM -r DOMPDC - </userinput></para> + -U<replaceable>Administrator%password</replaceable></userinput></para> <para>as we are joining the domain DOM and the PDC for that domain (the only machine that has write access to the domain SAM database) - is DOMPDC. If this is successful you will see the message:</para> + is DOMPDC. The <replaceable>Administrator%password</replaceable> is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:</para> <para><computeroutput>smbpasswd: Joined domain DOM.</computeroutput> </para> diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml index 6c866acecd..594516640d 100644 --- a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml +++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml @@ -101,9 +101,12 @@ hashes. This database is stored in either <filename>/etc/samba.d/smbpasswd</filename>, depending on the Samba implementation for your Unix/Linux system. The <filename>pam_smbpass.so</filename> module is provided by -Samba version 2.2.1 or later. It can be compiled only if the -<constant>--with-pam --with-pam_smbpass</constant> options are both -provided to the Samba <command>configure</command> program. +Samba version 2.2.1 or later. It can be compiled by specifying the +<command>--with-pam_smbpass</command> options when running Samba's +<filename>configure</filename> script. For more information +on the <filename>pam_smbpass</filename> module, see the documentation +in the <filename>source/pam_smbpass</filename> directory of the Samba +source distribution. </para> <para><programlisting> diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml index b980b99e22..475b66598c 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml @@ -58,25 +58,26 @@ Background <note> <para> -<emphasis>Author's Note :</emphasis> This document is a combination -of David Bannon's Samba 2.2 PDC HOWTO and the Samba NT Domain FAQ. +<emphasis>Author's Note:</emphasis> This document is a combination +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". Both documents are superseded by this one. </para> </note> <para> -Version of Samba prior to release 2.2 had marginal capabilities to -act as a Windows NT 4.0 Primary DOmain Controller <indexterm><primary>Primary -Domain Controller</primary></indexterm> (PDC). Beginning with -Samba 2.2.0, we are proud to announce official support for Windows NT 4.0 -style domain logons from Windows NT 4.0 (through SP6) and Windows 2000 (through -SP1) clients. This article outlines the steps necessary for configuring Samba -as a PDC. It is necessary to have a working Samba server prior to implementing the -PDC functionality. If you have not followed the steps outlined in -<ulink url="UNIX_INSTALL.html"> UNIX_INSTALL.html</ulink>, please make sure -that your server is configured correctly before proceeding. Another good -resource in the <ulink url="smb.conf.5.html">smb.conf(5) man -page</ulink>. The following functionality should work in 2.2: +Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller +<indexterm><primary>Primary Domain Controller</primary></indexterm> +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in <ulink +url="UNIX_INSTALL.html"> UNIX_INSTALL.html</ulink>, please make sure +that your server is configured correctly before proceeding. Another +good resource in the <ulink url="smb.conf.5.html">smb.conf(5) man +page</ulink>. The following functionality should work in 2.2: </para> <itemizedlist> @@ -98,18 +99,10 @@ page</ulink>. The following functionality should work in 2.2: </para></listitem> <listitem><para> - Windows NT 4.0 style system policies + Windows NT 4.0-style system policies </para></listitem> </itemizedlist> -<warning> - <title>Windows 2000 Service Pack 2 Clients</title> - <para> - Samba 2.2.1 is required for PDC functionality when using Windows 2000 - SP2 clients. - </para> -</warning> - <para> The following pieces of functionality are not included in the 2.2 release: @@ -138,7 +131,7 @@ The following pieces of functionality are not included in the 2.2 release: <para> Please note that Windows 9x clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for -support Windows 9x style domain logons is completely different +support Windows 9x-style domain logons is completely different from NT4 domain logons and has been officially supported for some time. </para> @@ -189,7 +182,7 @@ linked with the actual smb.conf description. </para> <para> -Here is an example smb.conf for acting as a PDC: +Here is an example <filename>smb.conf</filename> for acting as a PDC: </para> <para><programlisting> @@ -228,13 +221,13 @@ Here is an example smb.conf for acting as a PDC: ; necessary share for domain controller [netlogon] <ulink url="smb.conf.5.html#PATH">path</ulink> = /usr/local/samba/lib/netlogon - <ulink url="smb.conf.5.html#WRITEABLE">writeable</ulink> = no + <ulink url="smb.conf.5.html#READONLY">read only</ulink> = yes <ulink url="smb.conf.5.html#WRITELIST">write list</ulink> = <replaceable>ntadmin</replaceable> ; share for storing user profiles [profiles] <ulink url="smb.conf.5.html#PATH">path</ulink> = /export/smb/ntprofile - <ulink url="smb.conf.5.html#WRITEABLE">writeable</ulink> = yes + <ulink url="smb.conf.5.html#READONLY">read only</ulink> = no <ulink url="smb.conf.5.html#CREATEMASK">create mask</ulink> = 0600 <ulink url="smb.conf.5.html#DIRECTORYMASK">directory mask</ulink> = 0700 </programlisting></para> @@ -263,88 +256,96 @@ There are a couple of points to emphasize in the above configuration. </itemizedlist> <para> -As Samba 2.2 does not offer a complete implementation of group mapping between -Windows NT groups and UNIX groups (this is really quite complicated to explain -in a short space), you should refer to the <ulink url="smb.conf.5.html#DOMAINADMINGROUP">domain -admin group</ulink> smb.conf parameter for information of creating "Domain Admins" -style accounts. +As Samba 2.2 does not offer a complete implementation of group mapping +between Windows NT groups and Unix groups (this is really quite +complicated to explain in a short space), you should refer to the +<ulink url="smb.conf.5.html#DOMAINADMINGROUP">domain admin +group</ulink> smb.conf parameter for information of creating "Domain +Admins" style accounts. </para> </sect1> <sect1> -<title>Creating Machine Trust Accounts and Joining Clients -to the Domain</title> +<title>Creating Machine Trust Accounts and Joining Clients to the +Domain</title> <para> -A machine trust account is a samba user account owned by a computer. -The account password acts as the shared secret for secure -communication with the Domain Controller. This is a security feature -to prevent an unauthorized machine with the same NetBIOS name from -joining the domain and gaining access to domain user/group accounts. -Hence a Windows 9x host is never a true member of a domain because it does -not posses a machine trust account, and thus has no shared secret with the DC. -</para> +A machine trust account is a Samba account that is used to +authenticate a client machine (rather than a user) to the Samba +server. In Windows terminology, this is known as a "Computer +Account."</para> <para> -On a Windows NT PDC, these machine trust account passwords are stored -in the registry. A Samba PDC stores these accounts in the same location -as user LanMan and NT password hashes (currently <filename>smbpasswd</filename>). -However, machine trust accounts only possess and use the NT password hash. +The password of a machine trust account acts as the shared secret for +secure communication with the Domain Controller. This is a security +feature to prevent an unauthorized machine with the same NetBIOS name +from joining the domain and gaining access to domain user/group +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller. </para> -<para> -Because Samba requires machine accounts to possess a UNIX uid from -which an Windows NT SID can be generated, all of these accounts -must have an entry in <filename>/etc/passwd</filename> and smbpasswd. -Future releases will alleviate the need to create -<filename>/etc/passwd</filename> entries. +<para>A Windows PDC stores each machine trust account in the Windows +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: + +<itemizedlist> + <listitem><para>A Samba account, stored in the same location as user + LanMan and NT password hashes (currently + <filename>smbpasswd</filename>). The Samba account + possesses and uses only the NT password hash.</para></listitem> + + <listitem><para>A corresponding Unix account, typically stored in + <filename>/etc/passwd</filename>. (Future releases will alleviate the need to + create <filename>/etc/passwd</filename> entries.) </para></listitem> +</itemizedlist> </para> <para> -There are two means of creating machine trust accounts. +There are two ways to create machine trust accounts: </para> <itemizedlist> - <listitem><para> - Manual creation before joining the client to the domain. In this case, - the password is set to a known value -- the lower case of the - machine's NetBIOS name. - </para></listitem> + <listitem><para> Manual creation. Both the Samba and corresponding + Unix account are created by hand.</para></listitem> - <listitem><para> - Creation of the account at the time of joining the domain. In - this case, the session key of the administrative account used to join - the client to the domain acts as an encryption key for setting the - password to a random value (This is the recommended method). - </para></listitem> + <listitem><para> "On-the-fly" creation. The Samba machine trust + account is automatically created by Samba at the time the client + is joined to the domain. (For security, this is the + recommended method.) The corresponding Unix account may be + created automatically or manually. </para> + </listitem> + </itemizedlist> <sect2> -<title>Manually creating machine trust accounts</title> +<title>Manual Creation of Machine Trust Accounts</title> <para> -The first step in creating a machine trust account by hand is to -create an entry for the machine in /etc/passwd. This can be done -using <command>vipw</command> or any 'add userr' command which is normally -used to create new UNIX accounts. The following is an example for a Linux -based Samba server: +The first step in manually creating a machine trust account is to +manually create the corresponding Unix account in +<filename>/etc/passwd</filename>. This can be done using +<command>vipw</command> or other 'add user' command that is normally +used to create new Unix accounts. The following is an example for a +Linux based Samba server: </para> <para> -<prompt>root# </prompt>/usr/sbin/useradd -g 100 -d /dev/null -c <replaceable>"machine -nickname"</replaceable> -s /bin/false <replaceable>machine_name</replaceable>$ + <prompt>root# </prompt><command>/usr/sbin/useradd -g 100 -d /dev/null -c <replaceable>"machine +nickname"</replaceable> -s /bin/false <replaceable>machine_name</replaceable>$ </command> </para> <para> -<prompt>root# </prompt>passwd -l <replaceable>machine_name</replaceable>$ +<prompt>root# </prompt><command>passwd -l <replaceable>machine_name</replaceable>$</command> </para> <para> The <filename>/etc/passwd</filename> entry will list the machine name -with a $ appended, won't have a passwd, will have a null shell and no -home directory. For example a machine called 'doppy' would have an -<filename>/etc/passwd</filename> entry like this : +with a "$" appended, won't have a password, will have a null shell and no +home directory. For example a machine named 'doppy' would have an +<filename>/etc/passwd</filename> entry like this: </para> <para><programlisting> @@ -352,28 +353,31 @@ doppy$:x:505:501:<replaceable>machine_nickname</replaceable>:/dev/null:/bin/fals </programlisting></para> <para> -Above, <replaceable>machine_nickname</replaceable> can be any descriptive name for the -pc i.e. BasementComputer. The <replaceable>machine_name</replaceable> absolutely must be -the NetBIOS name of the pc to be added to the domain. The "$" must append the NetBIOS -name of the pc or samba will not recognize this as a machine account +Above, <replaceable>machine_nickname</replaceable> can be any +descriptive name for the client, i.e., BasementComputer. +<replaceable>machine_name</replaceable> absolutely must be the NetBIOS +name of the client to be joined to the domain. The "$" must be +appended to the NetBIOS name of the client or Samba will not recognize +this as a machine trust account. </para> <para> -Now that the UNIX account has been created, the next step is to create -the smbpasswd entry for the machine containing the well known initial -trust account password. This can be done using the <ulink -url="smbpasswd.6.html"><command>smbpasswd(8)</command></ulink> command +Now that the corresponding Unix account has been created, the next step is to create +the Samba account for the client containing the well-known initial +machine trust account password. This can be done using the <ulink +url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> command as shown here: </para> <para> -<prompt>root# </prompt> smbpasswd -a -m <replaceable>machine_name</replaceable> +<prompt>root# </prompt><command>smbpasswd -a -m <replaceable>machine_name</replaceable></command> </para> <para> where <replaceable>machine_name</replaceable> is the machine's NetBIOS -name. +name. The RID of the new machine account is generated from the UID of +the corresponding Unix account. </para> <warning> @@ -381,9 +385,9 @@ name. <para> Manually creating a machine trust account using this method is the - equivalent of creating a machine account on a Windows NT PDC using + equivalent of creating a machine trust account on a Windows NT PDC using the "Server Manager". From the time at which the account is created - to the time which th client joins the domain and changes the password, + to the time which the client joins the domain and changes the password, your domain is vulnerable to an intruder joining your domain using a a machine with the same NetBIOS name. A PDC inherently trusts members of the domain and will serve out a large degree of user @@ -394,30 +398,80 @@ name. <sect2> -<title>Creating machine trust accounts "on the fly"</title> +<title>"On-the-Fly" Creation of Machine Trust Accounts</title> <para> -The second, and most recommended way of creating machine trust accounts -is to create them as needed at the time the client is joined to -the domain. You will need to include a value for the <ulink -url="smb.conf.5.html#ADDUSERSCRIPT">add user script</ulink> -parameter. Below is an example from a RedHat 6.2 Linux system. +The second (and recommended) way of creating machine trust accounts is +simply to allow the Samba server to create them as needed when the client +is joined to the domain. </para> + +<para>Since each Samba machine trust account requires a corresponding +Unix account, a method for automatically creating the +Unix account is usually supplied; this requires configuration of the +<ulink url="smb.conf.5.html#ADDUSERSCRIPT">add user script</ulink> +option in <filename>smb.conf</filename>. This +method is not required, however; corresponding Unix accounts may also +be created manually. +</para> + + +<para>Below is an example for a RedHat 6.2 Linux system. </para> <para><programlisting> -add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u +[global] + # <...remainder of parameters...> + add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </programlisting></para> +</sect2> + + +<sect2><title>Joining the Client to the Domain</title> + <para> -In Samba 2.2.1, <emphasis>only the root account</emphasis> can be used to create -machine accounts like this. Therefore, it is required to create -an entry in smbpasswd for <emphasis>root</emphasis>. The password -<emphasis>SHOULD</emphasis> be set to a different password that the -associated <filename>/etc/passwd</filename> entry for security reasons. +The procedure for joining a client to the domain varies with the +version of Windows. </para> + +<itemizedlist> +<listitem><para><emphasis>Windows 2000</emphasis></para> + + <para> When the user elects to join the client to a domain, Windows prompts for + an account and password that is privileged to join the domain. A + Samba administrative account (i.e., a Samba account that has root + privileges on the Samba server) must be entered here; the + operation will fail if an ordinary user account is given. + The password for this account should be + set to a different password than the associated + <filename>/etc/passwd</filename> entry, for security + reasons. </para> + + <para>The session key of the Samba administrative account acts as an + encryption key for setting the password of the machine trust + account. The machine trust account will be created on-the-fly, or + updated if it already exists.</para> +</listitem> + +<listitem><para><emphasis>Windows NT</emphasis></para> + + <para> If the machine trust account was created manually, on the + Identification Changes menu enter the domain name, but do not + check the box "Create a Computer Account in the Domain." In this case, + the existing machine trust account is used to join the machine to + the domain.</para> + + <para> If the machine trust account is to be created + on-the-fly, on the Identification Changes menu enter the domain + name, and check the box "Create a Computer Account in the Domain." In + this case, joining the domain proceeds as above for Windows 2000 + (i.e., you must supply a Samba administrative account when + prompted).</para> +</listitem> +</itemizedlist> + </sect2> </sect1> - <!-- ********************************************************** Common Problems @@ -438,7 +492,7 @@ associated <filename>/etc/passwd</filename> entry for security reasons. <para> A 'machine name' in (typically) <filename>/etc/passwd</> of the machine name with a '$' appended. FreeBSD (and other BSD - systems ?) won't create a user with a '$' in their name. + systems?) won't create a user with a '$' in their name. </para> <para> @@ -446,7 +500,7 @@ associated <filename>/etc/passwd</filename> entry for security reasons. made, it works perfectly. So create a user without the '$' and use <command>vipw</> to edit the entry, adding the '$'. Or create the whole entry with vipw if you like, make sure you use a - unique uid ! + unique User ID ! </para> </listitem> @@ -454,11 +508,11 @@ associated <filename>/etc/passwd</filename> entry for security reasons. <para> <emphasis>I get told "You already have a connection to the Domain...." or "Cannot join domain, the credentials supplied conflict with an - existing set.." when creating a machine account.</emphasis> + existing set.." when creating a machine trust account.</emphasis> </para> <para> - This happens if you try to create a machine account from the + This happens if you try to create a machine trust account from the machine itself and already have a connection (e.g. mapped drive) to a share (or IPC$) on the Samba PDC. The following command will remove all network drive connections: @@ -500,18 +554,18 @@ associated <filename>/etc/passwd</filename> entry for security reasons. <listitem> <para> - <emphasis>The machine account for this computer either does not + <emphasis>The machine trust account for this computer either does not exist or is not accessible.</emphasis> </para> <para> When I try to join the domain I get the message "The machine account - for this computer either does not exist or is not accessible". Whats + for this computer either does not exist or is not accessible". What's wrong? </para> <para> - This problem is caused by the PDC not having a suitable machine account. + This problem is caused by the PDC not having a suitable machine trust account. If you are using the <parameter>add user script</parameter> method to create accounts then this would indicate that it has not worked. Ensure the domain admin user system is working. @@ -520,7 +574,7 @@ associated <filename>/etc/passwd</filename> entry for security reasons. <para> Alternatively if you are creating account entries manually then they have not been created correctly. Make sure that you have the entry - correct for the machine account in smbpasswd file on the Samba PDC. + correct for the machine trust account in smbpasswd file on the Samba PDC. If you added the account using an editor rather than using the smbpasswd utility, make sure that the account name is the machine NetBIOS name with a '$' appended to it ( i.e. computer_name$ ). There must be an entry @@ -600,7 +654,7 @@ Here are some additional details: <listitem> <para> - <emphasis>What about Windows NT Policy Editor ?</emphasis> + <emphasis>What about Windows NT Policy Editor?</emphasis> </para> <para> @@ -633,7 +687,7 @@ Here are some additional details: <listitem> <para> - <emphasis>Can Win95 do Policies ?</emphasis> + <emphasis>Can Win95 do Policies?</emphasis> </para> <para> @@ -660,7 +714,7 @@ Here are some additional details: <para> Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager' ? + the 'User Manager for Domains', the 'Server Manager'? </para> <para> @@ -701,7 +755,7 @@ Here are some additional details: <sect1> -<title>What other help can I get ? </title> +<title>What other help can I get? </title> <para> There are many sources of information available in the form @@ -751,7 +805,7 @@ general SMB topics such as browsing.</para> <para> An SMB enabled version of tcpdump is available from <ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>. - Ethereal, another good packet sniffer for UNIX and Win32 + Ethereal, another good packet sniffer for Unix and Win32 hosts, can be downloaded from <ulink url="http://www.ethereal.com/">http://www.ethereal.com</ulink>. </para> @@ -892,7 +946,7 @@ general SMB topics such as browsing.</para> <itemizedlist> <listitem> <para> - <emphasis>How do I get help from the mailing lists ?</emphasis> + <emphasis>How do I get help from the mailing lists?</emphasis> </para> <para> @@ -954,7 +1008,7 @@ general SMB topics such as browsing.</para> <listitem><para>Please think carefully before attaching a document to an email. Consider pasting the relevant parts into the body of the message. The samba mailing lists go to a huge number of people, do they all need a copy of your - smb.conf in their attach directory ?</para></listitem> + smb.conf in their attach directory?</para></listitem> </itemizedlist> </listitem> @@ -962,7 +1016,7 @@ general SMB topics such as browsing.</para> <listitem> <para> - <emphasis>How do I get off the mailing lists ?</emphasis> + <emphasis>How do I get off the mailing lists?</emphasis> </para> <para>To have your name removed from a samba mailing list, go to the @@ -995,8 +1049,8 @@ general SMB topics such as browsing.</para> <para> The following section contains much of the original DOMAIN.txt file previously included with Samba. Much of -the material is based on what went into the book Special -Edition, Using Samba. (Richard Sharpe) +the material is based on what went into the book <emphasis>Special +Edition, Using Samba</emphasis>, by Richard Sharpe. </para> </note> @@ -1014,13 +1068,14 @@ The SMB client logging on to a domain has an expectation that every other server in the domain should accept the same authentication information. Network browsing functionality of domains and workgroups is identical and is explained in BROWSING.txt. It should be noted, that browsing -is total orthogonal to logon support. +is totally orthogonal to logon support. </para> <para> Issues related to the single-logon network model are discussed in this -document. Samba supports domain logons, network logon scripts, and user -profiles for MS Windows for workgroups and MS Windows 9X clients. +section. Samba supports domain logons, network logon scripts, and user +profiles for MS Windows for workgroups and MS Windows 9X/ME clients +which will be the focus of this section. </para> @@ -1035,40 +1090,6 @@ demonstrates how authentication is quite different from but closely involved with domains. </para> -<para> -Another thing commonly associated with single-logon domains is remote -administration over the SMB protocol. Again, there is no reason why this -cannot be implemented with an underlying username database which is -different from the Windows NT SAM. Support for the Remote Administration -Protocol is planned for a future release of Samba. -</para> - -<para> -Network logon support as discussed in this section is aimed at Window for -Workgroups, and Windows 9X clients. -</para> - -<para> -Support for profiles is confirmed as working for Win95, NT 4.0 and NT 3.51. -It is possible to specify: the profile location; script file to be loaded -on login; the user's home directory; and for NT a kick-off time could also -now easily be supported. However, there are some differences between Win9X -profile support and WinNT profile support. These are discussed below. -</para> - -<para> -With NT Workstations, all this does not require the use or intervention of -an NT 4.0 or NT 3.51 server: Samba can now replace the logon services -provided by an NT server, to a limited and experimental degree (for example, -running "User Manager for Domains" will not provide you with access to -a domain created by a Samba Server). -</para> - -<para> -With Win95, the help of an NT server can be enlisted, both for profile storage -and for user authentication. For details on user authentication, see -security_level.txt. For details on profile storage, see below. -</para> <para> Using these features you can make your clients verify their logon via @@ -1077,15 +1098,15 @@ the network and download their preferences, desktop and start menu. </para> <para> -Before launching into the configuration instructions, it is worthwhile looking -at how a Win9X client performs a logon: +Before launching into the configuration instructions, it is +worthwhile lookingat how a Windows 9x/ME client performs a logon: </para> <orderedlist> <listitem> <para> The client broadcasts (to the IP broadcast address of the subnet it is in) - a NetLogon request. This is sent to the NetBIOS address DOMAIN<00> at the + a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the NetBIOS layer. The client chooses the first response it receives, which contains the NetBIOS name of the logon server to use in the format of \\SERVER. @@ -1147,97 +1168,27 @@ at how a Win9X client performs a logon: <title>Configuration Instructions: Network Logons</title> <para> -To use domain logons and profiles you need to do the following: +The main difference between a PDC and a Windows 9x logon +server configuration is that </para> +<itemizedlist> -<orderedlist> -<listitem> - <para> - Create a share called [netlogon] in your smb.conf. This share should - be readable by all users, and probably should not be writeable. This - share will hold your network logon scripts, and the CONFIG.POL file - (Note: for details on the CONFIG.POL file, how to use it, what it is, - refer to the Microsoft Windows NT Administration documentation. - The format of these files is not known, so you will need to use - Microsoft tools). - </para> - - <para> - For example I have used: - </para> - - <para><programlisting> -[netlogon] - path = /data/dos/netlogon - writeable = no - guest ok = no -</programlisting></para> - - <para> - Note that it is important that this share is not writeable by ordinary - users, in a secure environment: ordinary users should not be allowed - to modify or add files that another user's computer would then download - when they log in. - </para> -</listitem> - - - -<listitem> - <para> - in the [global] section of smb.conf set the following: - </para> - - <para><programlisting> -domain logons = yes -logon script = %U.bat - </programlisting></para> - - <para> - The choice of batch file is, of course, up to you. The above would - give each user a separate batch file as the %U will be changed to - their username automatically. The other standard % macros may also be - used. You can make the batch files come from a subdirectory by using - something like: - </para> - - <para><programlisting> -logon script = scripts\%U.bat - </programlisting></para> -</listitem> - -<listitem> - <para> - create the batch files to be run when the user logs in. If the batch - file doesn't exist then no batch file will be run. - </para> +<listitem><para> +Password encryption is not required for a Windows 9x logon server. +</para></listitem> - <para> - In the batch files you need to be careful to use DOS style cr/lf line - endings. If you don't then DOS may get confused. I suggest you use a - DOS editor to remotely edit the files if you don't know how to produce - DOS style files under unix. - </para> -</listitem> +<listitem><para> +Windows 9x/ME clients do not possess machine trust accounts. +</para></listitem> +</itemizedlist> -<listitem> - <para> - Use smbclient with the -U option for some users to make sure that - the \\server\NETLOGON share is available, the batch files are - visible and they are readable by the users. - </para> -</listitem> +<para> +Therefore, a Samba PDC will also act as a Windows 9x logon +server. +</para> -<listitem> - <para> - you will probably find that your clients automatically mount the - \\SERVER\NETLOGON share as drive z: while logging in. You can put - some useful programs there to execute from the batch files. - </para> -</listitem> -</orderedlist> <warning> <title>security mode and master browsers</title> @@ -1253,7 +1204,7 @@ mode security is really just a variation on SMB user level security. </para> <para> -Actually, this issue is also closer tied to the debate on whether +Actually, this issue is also closely tied to the debate on whether or not Samba must be the domain master browser for its workgroup when operating as a DC. While it may technically be possible to configure a server as such (after all, browsing and domain logons @@ -1322,7 +1273,7 @@ This means that support for profiles is different for Win9X and WinNT. <title>Windows NT Configuration</title> <para> -To support WinNT clients, inn the [global] section of smb.conf set the +To support WinNT clients, in the [global] section of smb.conf set the following (for example): </para> @@ -1496,7 +1447,7 @@ the newest folders and short-cuts from each set. If you have made the folders / files read-only on the samba server, then you will get errors from the w95 machine on logon and logout, as it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the unix file +you have any errors reported by the w95 machine, check the Unix file permissions and ownership rights on the profile directory contents, on the samba server. </para> diff --git a/docs/docbook/projdoc/chapter1.sgml b/docs/docbook/projdoc/chapter1.sgml deleted file mode 100644 index 71589b5d60..0000000000 --- a/docs/docbook/projdoc/chapter1.sgml +++ /dev/null @@ -1,446 +0,0 @@ -<chapter> - -<title>How to Install and Test SAMBA</title> - -<sect1> - <title>Step 0: Read the man pages</title> - - <para>The man pages distributed with SAMBA contain - lots of useful info that will help to get you started. - If you don't know how to read man pages then try - something like:</para> - - <para><prompt>$ </prompt><userinput>nroff -man smbd.8 | more - </userinput></para> - - <para>Other sources of information are pointed to - by the Samba web site,<ulink url="http://www.samba.org/"> - http://www.samba.org</ulink></para> -</sect1> - -<sect1> - <title>Building the Binaries</title> - - <para>To do this, first run the program <command>./configure - </command> in the source directory. This should automatically - configure Samba for your operating system. If you have unusual - needs then you may wish to run</para> - - <para><prompt>root# </prompt><userinput>./configure --help - </userinput></para> - - <para>first to see what special options you can enable. - Then exectuting</para> - - <para><prompt>root# </prompt><userinput>make</userinput></para> - - <para>will create the binaries. Once it's successfully - compiled you can use </para> - - <para><prompt>root# </prompt><userinput>make install</userinput></para> - - <para>to install the binaries and manual pages. You can - separately install the binaries and/or man pages using</para> - - <para><prompt>root# </prompt><userinput>make installbin - </userinput></para> - - <para>and</para> - - <para><prompt>root# </prompt><userinput>make installman - </userinput></para> - - <para>Note that if you are upgrading for a previous version - of Samba you might like to know that the old versions of - the binaries will be renamed with a ".old" extension. You - can go back to the previous version with</para> - - <para><prompt>root# </prompt><userinput>make revert - </userinput></para> - - <para>if you find this version a disaster!</para> -</sect1> - -<sect1> - <title>Step 2: The all important step</title> - - <para>At this stage you must fetch yourself a - coffee or other drink you find stimulating. Getting the rest - of the install right can sometimes be tricky, so you will - probably need it.</para> - - <para>If you have installed samba before then you can skip - this step.</para> -</sect1> - -<sect1> - <title>Step 3: Create the smb configuration file. </title> - - <para>There are sample configuration files in the examples - subdirectory in the distribution. I suggest you read them - carefully so you can see how the options go together in - practice. See the man page for all the options.</para> - - <para>The simplest useful configuration file would be - something like this:</para> - - <para><programlisting> - [global] - workgroup = MYGROUP - - [homes] - guest ok = no - read only = no - </programlisting</para> - - <para>which would allow connections by anyone with an - account on the server, using either their login name or - "homes" as the service name. (Note that I also set the - workgroup that Samba is part of. See BROWSING.txt for defails)</para> - - <para>Note that <command>make install</command> will not install - a <filename>smb.conf</filename> file. You need to create it - yourself. </para> - - <para>Make sure you put the smb.conf file in the same place - you specified in the<filename>Makefile</filename> (the default is to - look for it in <filename>/usr/local/samba/lib/</filename>).</para> - - <para>For more information about security settings for the - [homes] share please refer to the document UNIX_SECURITY.txt.</para> -</sect1> - -<sect1> - <title>Step 4: Test your config file with - <command>testparm</command></title> - - <para>It's important that you test the validity of your - <filename>smb.conf</filename> file using the testparm program. - If testparm runs OK then it will list the loaded services. If - not it will give an error message.</para> - - <para>Make sure it runs OK and that the services look - resonable before proceeding. </para> - -</sect1> - -<sect1> - <title>Step 5: Starting the smbd and nmbd</title> - - <para>You must choose to start smbd and nmbd either - as daemons or from <command>inetd</command>. Don't try - to do both! Either you can put them in <filename> - inetd.conf</filename> and have them started on demand - by <command>inetd</command>, or you can start them as - daemons either from the command line or in <filename> - /etc/rc.local</filename>. See the man pages for details - on the command line options. Take particular care to read - the bit about what user you need to be in order to start - Samba. In many cases you must be root.</para> - - <para>The main advantage of starting <command>smbd</command> - and <command>nmbd</command> as a daemon is that they will - respond slightly more quickly to an initial connection - request. This is, however, unlikely to be a problem.</para> - - <sect2> - <title>Step 5a: Starting from inetd.conf</title> - - <para>NOTE; The following will be different if - you use NIS or NIS+ to distributed services maps.</para> - - <para>Look at your <filename>/etc/services</filename>. - What is defined at port 139/tcp. If nothing is defined - then add a line like this:</para> - - <para><userinput>netbios-ssn 139/tcp</userinput></para> - - <para>similarly for 137/udp you should have an entry like:</para> - - <para><userinput>netbios-ns 137/udp</userinput></para> - - <para>Next edit your <filename>/etc/inetd.conf</filename> - and add two lines something like this:</para> - - <para><programlisting> - netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd - netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd - </programlisting></para> - - <para>The exact syntax of <filename>/etc/inetd.conf</filename> - varies between unixes. Look at the other entries in inetd.conf - for a guide.</para> - - <para>NOTE: Some unixes already have entries like netbios_ns - (note the underscore) in <filename>/etc/services</filename>. - You must either edit <filename>/etc/services</filename> or - <filename>/etc/inetd.conf</filename> to make them consistant.</para> - - <para>NOTE: On many systems you may need to use the - "interfaces" option in smb.conf to specify the IP address - and netmask of your interfaces. Run <command>ifconfig</command> - as root if you don't know what the broadcast is for your - net. <command>nmbd</command> tries to determine it at run - time, but fails on somunixes. See the section on "testing nmbd" - for a method of finding if you need to do this.</para> - - <para>!!!WARNING!!! Many unixes only accept around 5 - parameters on the command line in <filename>inetd.conf</filename>. - This means you shouldn't use spaces between the options and - arguments, or you should use a script, and start the script - from <command>inetd</command>.</para> - - <para>Restart <command>inetd</command>, perhaps just send - it a HUP. If you have installed an earlier version of <command> - nmbd</command> then you may need to kill nmbd as well.</para> - </sect2> - - <sect2> - <title>Step 5b. Alternative: starting it as a daemon</title> - - <para>To start the server as a daemon you should create - a script something like this one, perhaps calling - it <filename>startsmb</filename>.</para> - - <para><programlisting> - #!/bin/sh - /usr/local/samba/bin/smbd -D - /usr/local/samba/bin/nmbd -D - </programlisting></para> - - <para>then make it executable with <command>chmod - +x startsmb</command></para> - - <para>You can then run <command>startsmb</command> by - hand or execute it from <filename>/etc/rc.local</filename> - </para> - - <para>To kill it send a kill signal to the processes - <command>nmbd</command> and <command>smbd</command>.</para> - - <para>NOTE: If you use the SVR4 style init system then - you may like to look at the <filename>examples/svr4-startup</filename> - script to make Samba fit into that system.</para> - </sect2> -</sect1> - -<sect1> - <title>Step 6: Try listing the shares available on your - server</title> - - <para><prompt>$ </prompt><userinput>smbclient -L - <replaceable>yourhostname</replaceable></userinput></para> - - <para>Your should get back a list of shares available on - your server. If you don't then something is incorrectly setup. - Note that this method can also be used to see what shares - are available on other LanManager clients (such as WfWg).</para> - - <para>If you choose user level security then you may find - that Samba requests a password before it will list the shares. - See the <command>smbclient</command> man page for details. (you - can force it to list the shares without a password by - adding the option -U% to the command line. This will not work - with non-Samba servers)</para> -</sect1> - -<sect1> - <title>Step 7: Try connecting with the unix client</title> - - <para><prompt>$ </prompt><userinput>smbclient <replaceable> - //yourhostname/aservice</replaceable></userinput></para> - - <para>Typically the <replaceable>yourhostname</replaceable> - would be the name of the host where you installed <command> - smbd</command>. The <replaceable>aservice</replaceable> is - any service you have defined in the <filename>smb.conf</filename> - file. Try your user name if you just have a [homes] section - in <filename>smb.conf</filename>.</para> - - <para>For example if your unix host is bambi and your login - name is fred you would type:</para> - - <para><prompt>$ </prompt><userinput>smbclient //bambi/fred - </userinput></para> -</sect1> - -<sect1> - <title>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, - Win2k, OS/2, etc... client</title> - - <para>Try mounting disks. eg:</para> - - <para><prompt>C:\WINDOWS\> </prompt><userinput>net use d: \\servername\service - </userinput></para> - - <para>Try printing. eg:</para> - - <para><prompt>C:\WINDOWS\> </prompt><userinput>net use lpt1: - \\servername\spoolservice</userinput></para> - - <para><prompt>C:\WINDOWS\> </prompt><userinput>print filename - </userinput></para> - - <para>Celebrate, or send me a bug report!</para> -</sect1> - -<sect1> - <title>What If Things Don't Work?</title> - - <para>If nothing works and you start to think "who wrote - this pile of trash" then I suggest you do step 2 again (and - again) till you calm down.</para> - - <para>Then you might read the file DIAGNOSIS.txt and the - FAQ. If you are still stuck then try the mailing list or - newsgroup (look in the README for details). Samba has been - successfully installed at thousands of sites worldwide, so maybe - someone else has hit your problem and has overcome it. You could - also use the WWW site to scan back issues of the samba-digest.</para> - - <para>When you fix the problem PLEASE send me some updates to the - documentation (or source code) so that the next person will find it - easier. </para> - - <sect2> - <title>DIAGNOSING PROBLEMS</title> - - <para>If you have instalation problems then go to - <filename>DIAGNOSIS.txt</filename> to try to find the - problem.</para> - </sect2> - - <sect2> - <title>SCOPE IDs</title> - - <para>By default Samba uses a blank scope ID. This means - all your windows boxes must also have a blank scope ID. - If you really want to use a non-blank scope ID then you will - need to use the -i <scope> option to nmbd, smbd, and - smbclient. All your PCs will need to have the same setting for - this to work. I do not recommend scope IDs.</para> - </sect2> - - - <sect2> - <title>CHOOSING THE PROTOCOL LEVEL</title> - - <para>The SMB protocol has many dialects. Currently - Samba supports 5, called CORE, COREPLUS, LANMAN1, - LANMAN2 and NT1.</para> - - <para>You can choose what maximum protocol to support - in the <filename>smb.conf</filename> file. The default is - NT1 and that is the best for the vast majority of sites.</para> - - <para>In older versions of Samba you may have found it - necessary to use COREPLUS. The limitations that led to - this have mostly been fixed. It is now less likely that you - will want to use less than LANMAN1. The only remaining advantage - of COREPLUS is that for some obscure reason WfWg preserves - the case of passwords in this protocol, whereas under LANMAN1, - LANMAN2 or NT1 it uppercases all passwords before sending them, - forcing you to use the "password level=" option in some cases.</para> - - <para>The main advantage of LANMAN2 and NT1 is support for - long filenames with some clients (eg: smbclient, Windows NT - or Win95). </para> - - <para>See the smb.conf(5) manual page for more details.</para> - - <para>Note: To support print queue reporting you may find - that you have to use TCP/IP as the default protocol under - WfWg. For some reason if you leave Netbeui as the default - it may break the print queue reporting on some systems. - It is presumably a WfWg bug.</para> - </sect2> - - <sect2> - <title>PRINTING FROM UNIX TO A CLIENT PC</title> - - <para>To use a printer that is available via a smb-based - server from a unix host you will need to compile the - smbclient program. You then need to install the script - "smbprint". Read the instruction in smbprint for more details. - </para> - - <para>There is also a SYSV style script that does much - the same thing called smbprint.sysv. It contains instructions.</para> - </sect2> - - <sect2> - <title>LOCKING</title> - - <para>One area which sometimes causes trouble is locking.</para> - - <para>There are two types of locking which need to be - performed by a SMB server. The first is "record locking" - which allows a client to lock a range of bytes in a open file. - The second is the "deny modes" that are specified when a file - is open.</para> - - <para>Samba supports "record locking" using the fcntl() unix system - call. This is often implemented using rpc calls to a rpc.lockd process - running on the system that owns the filesystem. Unfortunately many - rpc.lockd implementations are very buggy, particularly when made to - talk to versions from other vendors. It is not uncommon for the - rpc.lockd to crash.</para> - - <para>There is also a problem translating the 32 bit lock - requests generated by PC clients to 31 bit requests supported - by most unixes. Unfortunately many PC applications (typically - OLE2 applications) use byte ranges with the top bit set - as semaphore sets. Samba attempts translation to support - these types of applications, and the translation has proved - to be quite successful.</para> - - <para>Strictly a SMB server should check for locks before - every read and write call on a file. Unfortunately with the - way fcntl() works this can be slow and may overstress the - rpc.lockd. It is also almost always unnecessary as clients - are supposed to independently make locking calls before reads - and writes anyway if locking is important to them. By default - Samba only makes locking calls when explicitly asked - to by a client, but if you set "strict locking = yes" then it will - make lock checking calls on every read and write. </para> - - <para>You can also disable by range locking completely - using "locking = no". This is useful for those shares that - don't support locking or don't need it (such as cdroms). In - this case Samba fakes the return codes of locking calls to - tell clients that everything is OK.</para> - - <para>The second class of locking is the "deny modes". These - are set by an application when it opens a file to determine - what types of access should be allowed simultaneously with - its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE - or DENY_ALL. There are also special compatability modes called - DENY_FCB and DENY_DOS.</para> - - <para>You can disable share modes using "share modes = no". - This may be useful on a heavily loaded server as the share - modes code is very slow. See also the FAST_SHARE_MODES - option in the Makefile for a way to do full share modes - very fast using shared memory (if your OS supports it).</para> - </sect2> - - <sect2> - <title>MAPPING USERNAMES</title> - - <para>If you have different usernames on the PCs and - the unix server then take a look at the "username map" option. - See the smb.conf man page for details.</para> - </sect2> - - <sect2> - <title>OTHER CHARACTER SETS</title> - - <para>If you have problems using filenames with accented - characters in them (like the German, French or Scandinavian - character sets) then I recommmend you look at the "valid chars" - option in smb.conf and also take a look at the validchars - package in the examples directory.</para> - </sect2> - -</sect1> -</chapter> diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml index b496f30dd7..8ea419d758 100644 --- a/docs/docbook/projdoc/winbind.sgml +++ b/docs/docbook/projdoc/winbind.sgml @@ -16,6 +16,13 @@ <address><email>tridge@linuxcare.com.au</email></address> </affiliation> </author> + <author> + <firstname>John</firstname><surname>Trostel</surname> + <affiliation> + <orgname>Snapserver</orgname> + <address><email>jtrostel@snapserver.com</email></address> + </affiliation> + </author> <pubdate>16 Oct 2000</pubdate> @@ -372,9 +379,10 @@ somewhat to fit the way your distribution works. <para> If you have a samba configuration file that you are currently -using... BACK IT UP! If your system already uses PAM, BACK UP -THE <filename>/etc/pam.d</filename> directory contents! If you -haven't already made a boot disk, MAKE ON NOW! +using... <emphasis>BACK IT UP!</emphasis> If your system already uses PAM, +<emphasis>back up the <filename>/etc/pam.d</filename> directory +contents!</emphasis> If you haven't already made a boot disk, +<emphasis>MAKE ONE NOW!</emphasis> </para> <para> @@ -386,10 +394,11 @@ you get frustrated with the way things are going. ;-) </para> <para> -The newest version of SAMBA (version 2.2.2), available from -cvs.samba.org, now include a functioning winbindd daemon. Please refer -to the main SAMBA web page or, better yet, your closest SAMBA mirror -site for instructions on downloading the source code. +The latest version of SAMBA (version 2.2.2 as of this writing), now +includes a functioning winbindd daemon. Please refer to the +<ulink url="http://samba.org/">main SAMBA web page</ulink> or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code. </para> <para> @@ -399,8 +408,8 @@ SAMBA machine, PAM (pluggable authentication modules) must be setup properly on your machine. In order to compile the winbind modules, you should have at least the pam libraries resident on your system. For recent RedHat systems (7.1, for instance), that -means 'pam-0.74-22'. For best results, it is helpful to also -install the development packages in 'pam-devel-0.74-22'. +means <filename>pam-0.74-22</filename>. For best results, it is helpful to also +install the development packages in <filename>pam-devel-0.74-22</filename>. </para> </sect2> @@ -419,8 +428,9 @@ directory structure, including the pam modules are used by pam-aware services, several pam libraries, and the <filename>/usr/doc</filename> and <filename>/usr/man</filename> entries for pam. Winbind built better in SAMBA if the pam-devel package was also installed. This package includes -the header files needed to compile pam-aware applications. For instance, my RedHat -system has both 'pam-0.74-22' and 'pam-devel-0.74-22' RPMs installed. +the header files needed to compile pam-aware applications. For instance, +my RedHat system has both <filename>pam-0.74-22</filename> and +<filename>pam-devel-0.74-22</filename> RPMs installed. </para> <sect3> @@ -428,38 +438,39 @@ system has both 'pam-0.74-22' and 'pam-devel-0.74-22' RPMs installed. <para> The configuration and compilation of SAMBA is pretty straightforward. -The first three steps maynot be necessary depending upon +The first three steps may not be necessary depending upon whether or not you have previously built the Samba binaries. </para> <para><programlisting> -<prompt>root# </prompt> autoconf -<prompt>root# </prompt> make clean -<prompt>root# </prompt> rm config.cache -<prompt>root# </prompt> ./configure --with-winbind -<prompt>root# </prompt> make -<prompt>root# </prompt> make install +<prompt>root#</prompt> <command>autoconf</command> +<prompt>root#</prompt> <command>make clean</command> +<prompt>root#</prompt> <command>rm config.cache</command> +<prompt>root#</prompt> <command>./configure --with-winbind</command> +<prompt>root#</prompt> <command>make</command> +<prompt>root#</prompt> <command>make install</command> </programlisting></para> <para> -This will, by default, install SAMBA in /usr/local/samba. See the -main SAMBA documentation if you want to install SAMBA somewhere else. +This will, by default, install SAMBA in <filename>/usr/local/samba</filename>. +See the main SAMBA documentation if you want to install SAMBA somewhere else. It will also build the winbindd executable and libraries. </para> </sect3> <sect3> -<title>Configure nsswitch.conf and the winbind libraries</title> +<title>Configure <filename>nsswitch.conf</filename> and the +winbind libraries</title> <para> -The libraries needed to run the winbind daemon through nsswitch -need to be copied to their proper locations, so +The libraries needed to run the <command>winbindd</command> daemon +through nsswitch need to be copied to their proper locations, so </para> <para> -<prompt>root# </prompt> cp ../samba/source/nsswitch/libnss_winbind.so /lib +<prompt>root#</prompt> <command>cp ../samba/source/nsswitch/libnss_winbind.so /lib</command> </para> <para> @@ -467,30 +478,31 @@ I also found it necessary to make the following symbolic link: </para> <para> -<prompt>root# </prompt> ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 +<prompt>root#</prompt> <command>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</command> </para> <para> Now, as root you need to edit <filename>/etc/nsswitch.conf</filename> to allow user and group entries to be visible from the <command>winbindd</command> -daemon, as well as from your /etc/hosts files and NIS servers. My -<filename>/etc/nsswitch.conf</filename> file look like this after editing: +daemon. My <filename>/etc/nsswitch.conf</filename> file look like +this after editing: </para> <para><programlisting> passwd: files winbind - shadow: files winbind + shadow: files group: files winbind </programlisting></para> <para> The libraries needed by the winbind daemon will be automatically -entered into the ldconfig cache the next time your system reboots, but it +entered into the <command>ldconfig</command> cache the next time +your system reboots, but it is faster (and you don't need to reboot) if you do it manually: </para> <para> -<prompt>root# </prompt> /sbin/ldconfig -v | grep winbind +<prompt>root#</prompt> <command>/sbin/ldconfig -v | grep winbind</command> </para> <para> @@ -517,16 +529,17 @@ include the following entries in the [global] section: [global] <...> # separate domain and username with '+', like DOMAIN+username - winbind separator = + + <ulink url="winbindd.8.html#WINBINDSEPARATOR">winbind separator</ulink> = + # use uids from 10000 to 20000 for domain users - winbind uid = 10000-20000 + <ulink url="winbindd.8.html#WINBINDUID">winbind uid</ulink> = 10000-20000 # use gids from 10000 to 20000 for domain groups - winbind gid = 10000-20000 + <ulink url="winbindd.8.html#WINBINDGID">winbind gid</ulink> = 10000-20000 # allow enumeration of winbind users and groups - winbind enum users = yes - winbind enum groups = yes + <ulink url="winbindd.8.html#WINBINDENUMUSERS">winbind enum users</ulink> = yes + <ulink url="winbindd.8.html#WINBINDENUMGROUP">winbind enum groups</ulink> = yes # give winbind users a real shell (only needed if they have telnet access) - template shell = /bin/bash + <ulink url="winbindd.8.html#TEMPLATEHOMEDIR">template homedir</ulink> = /home/winnt/%D/%U + <ulink url="winbindd.8.html#TEMPLATESHELL">template shell</ulink> = /bin/bash </programlisting></para> </sect3> @@ -544,7 +557,7 @@ a domain user who has administrative privileges in the domain. <para> -<prompt>root# </prompt>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator +<prompt>root#</prompt> <command>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</command> </para> @@ -569,7 +582,7 @@ command as root: </para> <para> -<prompt>root# </prompt>/usr/local/samba/bin/winbindd +<prompt>root#</prompt> <command>/usr/local/samba/bin/winbindd</command> </para> <para> @@ -578,7 +591,12 @@ is really running... </para> <para> -<prompt>root# </prompt> ps -ae | grep winbindd +<prompt>root#</prompt> <command>ps -ae | grep winbindd</command> +</para> +<para> +This command should produce output like this, if the daemon is running +</para> +<para> 3025 ? 00:00:00 winbindd </para> @@ -588,7 +606,7 @@ users on your PDC </para> <para> -<prompt>root# </prompt> # /usr/local/samba/bin/wbinfo -u +<prompt>root#</prompt> <command>/usr/local/samba/bin/wbinfo -u</command> </para> <para> @@ -606,7 +624,8 @@ CEO+TsInternetUser </programlisting></para> <para> -Obviously, I have named my domain 'CEO' and my winbindd separator is '+'. +Obviously, I have named my domain 'CEO' and my <parameter>winbindd +separator</parameter> is '+'. </para> <para> @@ -615,7 +634,7 @@ the PDC: </para> <para><programlisting> -<prompt>root# </prompt>/usr/local/samba/bin/wbinfo -g +<prompt>root#</prompt> <command>/usr/local/samba/bin/wbinfo -g</command> CEO+Domain Admins CEO+Domain Users CEO+Domain Guests @@ -634,7 +653,7 @@ Try the following command: </para> <para> -<prompt>root# </prompt> getent passwd +<prompt>root#</prompt> <command>getent passwd</command> </para> <para> @@ -648,14 +667,14 @@ The same thing can be done for groups with the command </para> <para> -<prompt>root# </prompt> getent group +<prompt>root#</prompt> <command>getent group</command> </para> </sect3> <sect3> -<title>Fix the /etc/rc.d/init.d/smb startup files</title> +<title>Fix the <filename>/etc/rc.d/init.d/smb</filename> startup files</title> <para> The <command>winbindd</command> daemon needs to start up after the @@ -718,6 +737,13 @@ stop() { } </programlisting></para> +<para> +If you restart the <command>smbd</command>, <command>nmbd</command>, +and <command>winbindd</command> daemons at this point, you +should be able to connect to the samba server as a domain member just as +if you were a local user. +</para> + </sect3> @@ -726,32 +752,42 @@ stop() { <title>Configure Winbind and PAM</title> <para> -If you have made it this far, you know that winbindd is working. -Now it is time to integrate it into the operation of samba and other -services. The pam configuration files need to be altered in +If you have made it this far, you know that winbindd and samba are working +together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in this step. (Did you remember to make backups of your original <filename>/etc/pam.d</filename> files? If not, do it now.) </para> <para> -To get samba to allow domain users and groups, I modified the -<filename>/etc/pam.d/samba</filename> file from +You will need a pam module to use winbindd with these other services. This +module will be compiled in the <filename>../source/nsswitch</filename> directory +by invoking the command </para> +<para> +<prompt>root#</prompt> <command>make nsswitch/pam_winbind.so</command> +</para> -<para><programlisting> -auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_stack.so service=system-auth -</programlisting></para> +<para> +from the <filename>../source</filename> directory. The +<filename>pam_winbind.so</filename> file should be copied to the location of +your other pam security modules. On my RedHat system, this was the +<filename>/lib/security</filename> directory. +</para> <para> -to +<prompt>root#</prompt> <command>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</command> </para> +<para> +The <filename>/etc/pam.d/samba</filename> file does not need to be changed. I +just left this fileas it was: +</para> + + <para><programlisting> -auth required /lib/security/pam_winbind.so auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth </programlisting></para> @@ -795,10 +831,11 @@ changed to look like this: </para> <para><programlisting> -auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_shells.so +account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth </programlisting></para> @@ -830,15 +867,6 @@ line after the <command>winbind.so</command> line to get rid of annoying double prompts for passwords. </para> -<para> -Finally, don't forget to copy the winbind pam modules from -the source directory in which you originally compiled the new -SAMBA up to the /lib/security directory so that pam can use it: -</para> - -<para> -<prompt>root# </prompt> cp ../samba/source/nsswitch/pam_winbind.so /lib/security -</para> </sect3> diff --git a/docs/faq/Samba-Server-FAQ-2.html b/docs/faq/Samba-Server-FAQ-2.html index 76baba41b1..37a3983399 100644 --- a/docs/faq/Samba-Server-FAQ-2.html +++ b/docs/faq/Samba-Server-FAQ-2.html @@ -300,7 +300,7 @@ network" doesn't fit well with clients possibly running on multiuser machines (such as users of smbclient under Unix). Having said that, several developers are working hard on building it in to the next major version of Samba. If you can contribute, send a message to -<A HREF="mailto:samba-bugs@anu.edu.au">samba-bugs@anu.edu.au</A> !</P> +<A HREF="mailto:samba@samba.org">samba@samba.org</A> !</P> <P>Seeing this message should not affect your ability to mount redirected disks and printers, which is really what all this is about.</P> <P>For many clients (including Windows for Workgroups and Lan Manager), @@ -348,7 +348,7 @@ as a strictly temporary solution.</P> latest Microsoft products, particularly Excel 5 and Word for Windows 6. These should have all been solved. If not then please let Andrew Tridgell know via email at -<A HREF="mailto:samba-bugs@anu.edu.au">samba-bugs@anu.edu.au</A>.</P> +<A HREF="mailto:sambas@samba.org">samba@samba.org</A>.</P> <H2><A NAME="ss2.15">2.15 My "server string" doesn't seem to be recognised</A></H2> diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml index 6a53fc0680..da6b50f99e 100644 --- a/docs/faq/Samba-Server-FAQ.sgml +++ b/docs/faq/Samba-Server-FAQ.sgml @@ -337,7 +337,7 @@ network" doesn't fit well with clients possibly running on multiuser machines (such as users of smbclient under Unix). Having said that, several developers are working hard on building it in to the next major version of Samba. If you can contribute, send a message to -<htmlurl url="mailto:samba-bugs@anu.edu.au" name="samba-bugs@anu.edu.au"> ! +<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> ! Seeing this message should not affect your ability to mount redirected disks and printers, which is really what all this is about. @@ -383,7 +383,7 @@ as a strictly temporary solution. In earlier Samba versions there were some difficulties with the very latest Microsoft products, particularly Excel 5 and Word for Windows 6. These should have all been solved. If not then please let Andrew -Tridgell know via email at <htmlurl url="mailto:samba-bugs@anu.edu.au" name="samba-bugs@anu.edu.au">. +Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. <sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> OR My client reports the default setting, eg. "Samba 1.9.15p4", instead diff --git a/docs/faq/Samba-meta-FAQ-2.html b/docs/faq/Samba-meta-FAQ-2.html index 87cf815e0b..1e36332d42 100644 --- a/docs/faq/Samba-meta-FAQ-2.html +++ b/docs/faq/Samba-meta-FAQ-2.html @@ -269,12 +269,12 @@ that an explanation can be incorporated into the next version.</P> so that everyone else gets the benefit of your work. This is one of the most important aspects to the maintainence of Samba. Send all patches to -<A HREF="mailto:samba-bugs@samba.org">samba-bugs@samba.org</A>. Do not send patches to Andrew Tridgell or any +<A HREF="mailto:samba@samba.org">samba@samba.org</A>. Do not send patches to Andrew Tridgell or any other individual, they may be lost if you do.</P> <P>Patch format ------------</P> <P>If you are sending a patch to fix a problem then please don't just use -standard diff format. As an example, samba-bugs received this patch from +standard diff format. As an example, samba@samba.org received this patch from someone:</P> <P>382a #endif @@ -322,7 +322,7 @@ huge files. <P>If you have spotted something very serious and believe that it is important to contact the developers quickly send a message to samba-urgent@samba.org. This will be processed more quickly than -mail to samba-bugs. Please think carefully before using this address. An +mail to samba@samba.org. Please think carefully before using this address. An example of its use might be to report a security hole.</P> <P>Examples of things <EM>not</EM> to send to samba-urgent include problems getting Samba to work at all and bugs that cannot potentially cause damage.</P> diff --git a/docs/faq/Samba-meta-FAQ.sgml b/docs/faq/Samba-meta-FAQ.sgml index 79b587a49f..377d81663d 100644 --- a/docs/faq/Samba-meta-FAQ.sgml +++ b/docs/faq/Samba-meta-FAQ.sgml @@ -378,14 +378,14 @@ that an explanation can be incorporated into the next version. If you make changes to the source code, <em>please</em> submit these patches so that everyone else gets the benefit of your work. This is one of the most important aspects to the maintainence of Samba. Send all -patches to <htmlurl url="mailto:samba-bugs@samba.org" name="samba-bugs@samba.org">. Do not send patches to Andrew Tridgell or any +patches to <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. Do not send patches to Andrew Tridgell or any other individual, they may be lost if you do. Patch format ------------ If you are sending a patch to fix a problem then please don't just use -standard diff format. As an example, samba-bugs received this patch from +standard diff format. As an example, samba@samba.org received this patch from someone: 382a @@ -441,7 +441,7 @@ Some extras : If you have spotted something very serious and believe that it is important to contact the developers quickly send a message to samba-urgent@samba.org. This will be processed more quickly than -mail to samba-bugs. Please think carefully before using this address. An +mail to samba@samba.org. Please think carefully before using this address. An example of its use might be to report a security hole. Examples of things <em>not</em> to send to samba-urgent include problems diff --git a/docs/faq/Samba-meta-FAQ.txt b/docs/faq/Samba-meta-FAQ.txt index fb4887e097..01fc8d6ccf 100644 --- a/docs/faq/Samba-meta-FAQ.txt +++ b/docs/faq/Samba-meta-FAQ.txt @@ -466,13 +466,13 @@ If you make changes to the source code, _p_l_e_a_s_e submit these patches so that everyone else gets the benefit of your work. This is one of the most important aspects to the maintainence of Samba. Send all patches - to samba-bugs@samba.org. Do not send patches to Andrew Tridgell + to samba@samba.org. Do not send patches to Andrew Tridgell or any other individual, they may be lost if you do. Patch format ------------ If you are sending a patch to fix a problem then please don't just use - standard diff format. As an example, samba-bugs received this patch + standard diff format. As an example, samba@samba.org received this patch from someone: 382a #endif 381a #if !defined(NEWS61) @@ -519,7 +519,7 @@ If you have spotted something very serious and believe that it is important to contact the developers quickly send a message to samba- urgent@samba.org. This will be processed more quickly than mail - to samba-bugs. Please think carefully before using this address. An + to samba@samba.org. Please think carefully before using this address. An example of its use might be to report a security hole. Examples of things _n_o_t to send to samba-urgent include problems diff --git a/docs/faq/sambafaq-1.html b/docs/faq/sambafaq-1.html index d91ea24f2e..dde0784099 100644 --- a/docs/faq/sambafaq-1.html +++ b/docs/faq/sambafaq-1.html @@ -353,7 +353,7 @@ I can incorporate it in the next version.</P> so that everyone else gets the benefit of your work. This is one of the most important aspects to the maintainence of Samba. Send all patches to -<A HREF="mailto:samba-bugs@samba.org">samba-bugs@samba.org</A>. Do not send patches to Andrew Tridgell or any +<A HREF="mailto:samba@samba.org">samba@samba.org</A>. Do not send patches to Andrew Tridgell or any other individual, they may be lost if you do.</P> diff --git a/docs/faq/sambafaq-2.html b/docs/faq/sambafaq-2.html index d78f5d627c..8978bc331c 100644 --- a/docs/faq/sambafaq-2.html +++ b/docs/faq/sambafaq-2.html @@ -118,7 +118,7 @@ network" doesn't fit well with clients possibly running on multiuser machines (such as users of smbclient under Unix). Having said that, several developers are working hard on building it in to the next major version of Samba. If you can contribute, send a message to -<A HREF="mailto:samba-bugs@samba.org">samba-bugs@samba.org</A> !</P> +<A HREF="mailto:samba@samba.org">samba@samba.org</A> !</P> <P>Seeing this message should not affect your ability to mount redirected disks and printers, which is really what all this is about.</P> <P>For many clients (including Windows for Workgroups and Lan Manager), @@ -168,7 +168,7 @@ as a strictly temporary solution.</P> latest Microsoft products, particularly Excel 5 and Word for Windows 6. These should have all been solved. If not then please let Andrew Tridgell know via email at -<A HREF="mailto:samba-bugs@samba.org">samba-bugs@samba.org</A>.</P> +<A HREF="mailto:samba@samba.org">samba@samba.org</A>.</P> <H2><A NAME="ss2.9">2.9 My "server string" doesn't seem to be recognised</A></H2> diff --git a/docs/faq/sambafaq-3.html b/docs/faq/sambafaq-3.html index 995738bb53..d7e0c7abd2 100644 --- a/docs/faq/sambafaq-3.html +++ b/docs/faq/sambafaq-3.html @@ -292,7 +292,7 @@ in that dialog box.</P> this is effectively what older versions of Samba did, so if that worked for you then give it a go. If this does work then let us know via -<A HREF="mailto:samba-bugs@samba.org">samba-bugs@samba.org</A>, +<A HREF="mailto:samba@samba.org">samba@samba.org</A>, and we'll make it the default. Currently the default is a 0 length string.</P> diff --git a/docs/faq/sambafaq.sgml b/docs/faq/sambafaq.sgml index 4faf10a6a5..333ac55f67 100644 --- a/docs/faq/sambafaq.sgml +++ b/docs/faq/sambafaq.sgml @@ -300,7 +300,7 @@ I can incorporate it in the next version. If you make changes to the source code, _please_ submit these patches so that everyone else gets the benefit of your work. This is one of the most important aspects to the maintainence of Samba. Send all -patches to <htmlurl url="mailto:samba-bugs@samba.org" name="samba-bugs@samba.org">. Do not send patches to Andrew Tridgell or any +patches to <htmlurl url="mailto:samba-patches@samba.org" name="samba-patches@samba.org">. Do not send patches to Andrew Tridgell or any other individual, they may be lost if you do. <sect1> Pizza supply details <p> <label id="pizza"> @@ -412,7 +412,7 @@ network" doesn't fit well with clients possibly running on multiuser machines (such as users of smbclient under Unix). Having said that, several developers are working hard on building it in to the next major version of Samba. If you can contribute, send a message to -<htmlurl url="mailto:samba-bugs@samba.org" name="samba-bugs@samba.org"> ! +<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> ! Seeing this message should not affect your ability to mount redirected disks and printers, which is really what all this is about. @@ -459,7 +459,7 @@ as a strictly temporary solution. In earlier Samba versions there were some difficulties with the very latest Microsoft products, particularly Excel 5 and Word for Windows 6. These should have all been solved. If not then please let Andrew -Tridgell know via email at <htmlurl url="mailto:samba-bugs@samba.org" name="samba-bugs@samba.org">. +Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. <sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> OR My client reports the default setting, eg. "Samba 1.9.15p4", instead @@ -755,7 +755,7 @@ You could also try setting the driver to NULL like this: printer driver = NULL </verb></tscreen> this is effectively what older versions of Samba did, so if that -worked for you then give it a go. If this does work then let us know via <htmlurl url="mailto:samba-bugs@samba.org" name="samba-bugs@samba.org">, +worked for you then give it a go. If this does work then let us know via <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">, and we'll make it the default. Currently the default is a 0 length string. diff --git a/docs/faq/sambafaq.txt b/docs/faq/sambafaq.txt index f16916b29e..e629e8ad87 100644 --- a/docs/faq/sambafaq.txt +++ b/docs/faq/sambafaq.txt @@ -497,7 +497,7 @@ If you make changes to the source code, _please_ submit these patches so that everyone else gets the benefit of your work. This is one of the most important aspects to the maintainence of Samba. Send all - patches to samba-bugs@samba.org. Do not send patches to Andrew + patches to samba@samba.org. Do not send patches to Andrew Tridgell or any other individual, they may be lost if you do. @@ -646,7 +646,7 @@ machines (such as users of smbclient under Unix). Having said that, several developers are working hard on building it in to the next major version of Samba. If you can contribute, send a message to - samba-bugs@samba.org ! + samba@samba.org ! Seeing this message should not affect your ability to mount redirected disks and printers, which is really what all this is about. @@ -703,7 +703,7 @@ In earlier Samba versions there were some difficulties with the very latest Microsoft products, particularly Excel 5 and Word for Windows 6. These should have all been solved. If not then please let Andrew - Tridgell know via email at samba-bugs@samba.org. + Tridgell know via email at samba@samba.org. 22..99.. MMyy ""sseerrvveerr ssttrriinngg"" ddooeessnn''tt sseeeemm ttoo bbee rreeccooggnniisseedd @@ -1050,7 +1050,7 @@ this is effectively what older versions of Samba did, so if that worked for you then give it a go. If this does work then let us know - via samba-bugs@samba.org, and we'll make it the default. Cur- + via samba@samba.org, and we'll make it the default. Cur- rently the default is a 0 length string. diff --git a/docs/htmldocs/DOMAIN_MEMBER.html b/docs/htmldocs/DOMAIN_MEMBER.html index bb29c416eb..b7ef4c9a61 100644 --- a/docs/htmldocs/DOMAIN_MEMBER.html +++ b/docs/htmldocs/DOMAIN_MEMBER.html @@ -32,17 +32,7 @@ NAME="AEN3" >Joining an NT Domain with Samba 2.2</A ></H1 ><P ->In order for a Samba-2 server to join an NT domain, - you must first add the NetBIOS name of the Samba server to the - NT domain on the PDC using Server Manager for Domains. This creates - the machine account in the domain (PDC) SAM. Note that you should - add the Samba server as a "Windows NT Workstation or Server", - <I -CLASS="EMPHASIS" ->NOT</I -> as a Primary or backup domain controller.</P -><P ->Assume you have a Samba-2 server with a NetBIOS name of +>Assume you have a Samba 2.x server with a NetBIOS name of <TT CLASS="CONSTANT" >SERV1</TT @@ -74,13 +64,26 @@ CLASS="PROMPT" CLASS="USERINPUT" ><B >smbpasswd -j DOM -r DOMPDC - </B + -U<TT +CLASS="REPLACEABLE" +><I +>Administrator%password</I +></TT +></B ></TT ></P ><P >as we are joining the domain DOM and the PDC for that domain (the only machine that has write access to the domain SAM database) - is DOMPDC. If this is successful you will see the message:</P + is DOMPDC. The <TT +CLASS="REPLACEABLE" +><I +>Administrator%password</I +></TT +> is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:</P ><P ><TT CLASS="COMPUTEROUTPUT" diff --git a/docs/htmldocs/PAM-Authentication-And-Samba.html b/docs/htmldocs/PAM-Authentication-And-Samba.html index 332a8a7349..6dc815b87b 100644 --- a/docs/htmldocs/PAM-Authentication-And-Samba.html +++ b/docs/htmldocs/PAM-Authentication-And-Samba.html @@ -157,15 +157,24 @@ Samba implementation for your Unix/Linux system. The CLASS="FILENAME" >pam_smbpass.so</TT > module is provided by -Samba version 2.2.1 or later. It can be compiled only if the -<TT -CLASS="CONSTANT" ->--with-pam --with-pam_smbpass</TT -> options are both -provided to the Samba <B +Samba version 2.2.1 or later. It can be compiled by specifying the +<B CLASS="COMMAND" ->configure</B -> program.</P +>--with-pam_smbpass</B +> options when running Samba's +<TT +CLASS="FILENAME" +>configure</TT +> script. For more information +on the <TT +CLASS="FILENAME" +>pam_smbpass</TT +> module, see the documentation +in the <TT +CLASS="FILENAME" +>source/pam_smbpass</TT +> directory of the Samba +source distribution.</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -235,7 +244,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN45" +NAME="AEN47" >Distributed Authentication</A ></H1 ><P @@ -268,7 +277,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN52" +NAME="AEN54" >PAM Configuration in smb.conf</A ></H1 ><P diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index c4e4b2c74b..db3c6598df 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -336,12 +336,12 @@ HREF="#AEN455" ></DT ><DT >3.2. <A -HREF="#AEN497" +HREF="#AEN499" >Distributed Authentication</A ></DT ><DT >3.3. <A -HREF="#AEN504" +HREF="#AEN506" >PAM Configuration in smb.conf</A ></DT ></DL @@ -355,14 +355,14 @@ HREF="#MSDFS" ><DL ><DT >4.1. <A -HREF="#AEN524" +HREF="#AEN526" >Instructions</A ></DT ><DD ><DL ><DT >4.1.1. <A -HREF="#AEN559" +HREF="#AEN561" >Notes</A ></DT ></DL @@ -378,53 +378,53 @@ HREF="#UNIX-PERMISSIONS" ><DL ><DT >5.1. <A -HREF="#AEN579" +HREF="#AEN581" >Viewing and changing UNIX permissions using the NT security dialogs</A ></DT ><DT >5.2. <A -HREF="#AEN588" +HREF="#AEN590" >How to view file security on a Samba share</A ></DT ><DT >5.3. <A -HREF="#AEN599" +HREF="#AEN601" >Viewing file ownership</A ></DT ><DT >5.4. <A -HREF="#AEN619" +HREF="#AEN621" >Viewing file or directory permissions</A ></DT ><DD ><DL ><DT >5.4.1. <A -HREF="#AEN634" +HREF="#AEN636" >File Permissions</A ></DT ><DT >5.4.2. <A -HREF="#AEN648" +HREF="#AEN650" >Directory Permissions</A ></DT ></DL ></DD ><DT >5.5. <A -HREF="#AEN655" +HREF="#AEN657" >Modifying file or directory permissions</A ></DT ><DT >5.6. <A -HREF="#AEN677" +HREF="#AEN679" >Interaction with the standard Samba create mask parameters</A ></DT ><DT >5.7. <A -HREF="#AEN741" +HREF="#AEN743" >Interaction with the standard Samba file attribute mapping</A ></DT @@ -439,75 +439,75 @@ HREF="#PRINTING" ><DL ><DT >6.1. <A -HREF="#AEN762" +HREF="#AEN764" >Introduction</A ></DT ><DT >6.2. <A -HREF="#AEN784" +HREF="#AEN786" >Configuration</A ></DT ><DD ><DL ><DT >6.2.1. <A -HREF="#AEN795" +HREF="#AEN797" >Creating [print$]</A ></DT ><DT >6.2.2. <A -HREF="#AEN830" +HREF="#AEN832" >Setting Drivers for Existing Printers</A ></DT ><DT >6.2.3. <A -HREF="#AEN847" +HREF="#AEN849" >Support a large number of printers</A ></DT ><DT >6.2.4. <A -HREF="#AEN858" +HREF="#AEN860" >Adding New Printers via the Windows NT APW</A ></DT ><DT >6.2.5. <A -HREF="#AEN883" +HREF="#AEN885" >Samba and Printer Ports</A ></DT ></DL ></DD ><DT >6.3. <A -HREF="#AEN891" +HREF="#AEN893" >The Imprints Toolset</A ></DT ><DD ><DL ><DT >6.3.1. <A -HREF="#AEN895" +HREF="#AEN897" >What is Imprints?</A ></DT ><DT >6.3.2. <A -HREF="#AEN905" +HREF="#AEN907" >Creating Printer Driver Packages</A ></DT ><DT >6.3.3. <A -HREF="#AEN908" +HREF="#AEN910" >The Imprints server</A ></DT ><DT >6.3.4. <A -HREF="#AEN912" +HREF="#AEN914" >The Installation Client</A ></DT ></DL ></DD ><DT >6.4. <A -HREF="#AEN934" +HREF="#AEN936" ><A NAME="MIGRATION" ></A @@ -524,17 +524,17 @@ HREF="#DOMAIN-SECURITY" ><DL ><DT >7.1. <A -HREF="#AEN988" +HREF="#AEN990" >Joining an NT Domain with Samba 2.2</A ></DT ><DT >7.2. <A -HREF="#AEN1052" +HREF="#AEN1054" >Samba and Windows 2000 Domains</A ></DT ><DT >7.3. <A -HREF="#AEN1057" +HREF="#AEN1059" >Why is this better than security = server?</A ></DT ></DL @@ -548,106 +548,111 @@ HREF="#SAMBA-PDC" ><DL ><DT >8.1. <A -HREF="#AEN1090" +HREF="#AEN1092" >Prerequisite Reading</A ></DT ><DT >8.2. <A -HREF="#AEN1096" +HREF="#AEN1098" >Background</A ></DT ><DT >8.3. <A -HREF="#AEN1138" +HREF="#AEN1137" >Configuring the Samba Domain Controller</A ></DT ><DT >8.4. <A HREF="#AEN1180" ->Creating Machine Trust Accounts and Joining Clients -to the Domain</A +>Creating Machine Trust Accounts and Joining Clients to the +Domain</A ></DT ><DD ><DL ><DT >8.4.1. <A -HREF="#AEN1194" ->Manually creating machine trust accounts</A +HREF="#AEN1199" +>Manual Creation of Machine Trust Accounts</A ></DT ><DT >8.4.2. <A -HREF="#AEN1225" ->Creating machine trust accounts "on the fly"</A +HREF="#AEN1234" +>"On-the-Fly" Creation of Machine Trust Accounts</A +></DT +><DT +>8.4.3. <A +HREF="#AEN1243" +>Joining the Client to the Domain</A ></DT ></DL ></DD ><DT >8.5. <A -HREF="#AEN1236" +HREF="#AEN1258" >Common Problems and Errors</A ></DT ><DT >8.6. <A -HREF="#AEN1284" +HREF="#AEN1306" >System Policies and Profiles</A ></DT ><DT >8.7. <A -HREF="#AEN1328" ->What other help can I get ?</A +HREF="#AEN1350" +>What other help can I get?</A ></DT ><DT >8.8. <A -HREF="#AEN1442" +HREF="#AEN1464" >Domain Control for Windows 9x/ME</A ></DT ><DD ><DL ><DT >8.8.1. <A -HREF="#AEN1472" +HREF="#AEN1490" >Configuration Instructions: Network Logons</A ></DT ><DT >8.8.2. <A -HREF="#AEN1506" +HREF="#AEN1509" >Configuration Instructions: Setting up Roaming User Profiles</A ></DT ><DD ><DL ><DT >8.8.2.1. <A -HREF="#AEN1514" +HREF="#AEN1517" >Windows NT Configuration</A ></DT ><DT >8.8.2.2. <A -HREF="#AEN1522" +HREF="#AEN1525" >Windows 9X Configuration</A ></DT ><DT >8.8.2.3. <A -HREF="#AEN1530" +HREF="#AEN1533" >Win9X and WinNT Configuration</A ></DT ><DT >8.8.2.4. <A -HREF="#AEN1537" +HREF="#AEN1540" >Windows 9X Profile Setup</A ></DT ><DT >8.8.2.5. <A -HREF="#AEN1573" +HREF="#AEN1576" >Windows NT Workstation 4.0</A ></DT ><DT >8.8.2.6. <A -HREF="#AEN1586" +HREF="#AEN1589" >Windows NT Server</A ></DT ><DT >8.8.2.7. <A -HREF="#AEN1589" +HREF="#AEN1592" >Sharing Profiles between W95 and NT Workstation 4.0</A ></DT ></DL @@ -656,7 +661,7 @@ HREF="#AEN1589" ></DD ><DT >8.9. <A -HREF="#AEN1599" +HREF="#AEN1602" >DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A ></DT ></DL @@ -670,119 +675,126 @@ HREF="#WINBIND" ><DL ><DT >9.1. <A -HREF="#AEN1642" +HREF="#AEN1652" >Abstract</A ></DT ><DT >9.2. <A -HREF="#AEN1646" +HREF="#AEN1656" >Introduction</A ></DT ><DT >9.3. <A -HREF="#AEN1659" +HREF="#AEN1669" >What Winbind Provides</A ></DT ><DD ><DL ><DT >9.3.1. <A -HREF="#AEN1666" +HREF="#AEN1676" >Target Uses</A ></DT ></DL ></DD ><DT >9.4. <A -HREF="#AEN1670" +HREF="#AEN1680" >How Winbind Works</A ></DT ><DD ><DL ><DT >9.4.1. <A -HREF="#AEN1675" +HREF="#AEN1685" >Microsoft Remote Procedure Calls</A ></DT ><DT >9.4.2. <A -HREF="#AEN1679" +HREF="#AEN1689" >Name Service Switch</A ></DT ><DT >9.4.3. <A -HREF="#AEN1695" +HREF="#AEN1705" >Pluggable Authentication Modules</A ></DT ><DT >9.4.4. <A -HREF="#AEN1703" +HREF="#AEN1713" >User and Group ID Allocation</A ></DT ><DT >9.4.5. <A -HREF="#AEN1707" +HREF="#AEN1717" >Result Caching</A ></DT ></DL ></DD ><DT >9.5. <A -HREF="#AEN1710" +HREF="#AEN1720" >Installation and Configuration</A ></DT ><DD ><DL ><DT >9.5.1. <A -HREF="#AEN1715" +HREF="#AEN1725" >Introduction</A ></DT ><DT >9.5.2. <A -HREF="#AEN1728" +HREF="#AEN1738" >Requirements</A ></DT ><DT >9.5.3. <A -HREF="#AEN1736" +HREF="#AEN1752" >Testing Things Out</A ></DT ><DD ><DL ><DT >9.5.3.1. <A -HREF="#AEN1745" +HREF="#AEN1763" >Configure and compile SAMBA</A ></DT ><DT >9.5.3.2. <A -HREF="#AEN1757" ->Configure nsswitch.conf and the winbind libraries</A +HREF="#AEN1782" +>Configure <TT +CLASS="FILENAME" +>nsswitch.conf</TT +> and the +winbind libraries</A ></DT ><DT >9.5.3.3. <A -HREF="#AEN1776" +HREF="#AEN1807" >Configure smb.conf</A ></DT ><DT >9.5.3.4. <A -HREF="#AEN1785" +HREF="#AEN1823" >Join the SAMBA server to the PDC domain</A ></DT ><DT >9.5.3.5. <A -HREF="#AEN1795" +HREF="#AEN1834" >Start up the winbindd daemon and test it!</A ></DT ><DT >9.5.3.6. <A -HREF="#AEN1822" ->Fix the /etc/rc.d/init.d/smb startup files</A +HREF="#AEN1870" +>Fix the <TT +CLASS="FILENAME" +>/etc/rc.d/init.d/smb</TT +> startup files</A ></DT ><DT >9.5.3.7. <A -HREF="#AEN1839" +HREF="#AEN1892" >Configure Winbind and PAM</A ></DT ></DL @@ -791,12 +803,12 @@ HREF="#AEN1839" ></DD ><DT >9.6. <A -HREF="#AEN1880" +HREF="#AEN1939" >Limitations</A ></DT ><DT >9.7. <A -HREF="#AEN1890" +HREF="#AEN1949" >Conclusion</A ></DT ></DL @@ -810,32 +822,32 @@ HREF="#OS2" ><DL ><DT >10.1. <A -HREF="#AEN1904" +HREF="#AEN1963" >FAQs</A ></DT ><DD ><DL ><DT >10.1.1. <A -HREF="#AEN1906" +HREF="#AEN1965" >How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></DT ><DT >10.1.2. <A -HREF="#AEN1921" +HREF="#AEN1980" >How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></DT ><DT >10.1.3. <A -HREF="#AEN1930" +HREF="#AEN1989" >Are there any other issues when OS/2 (any version) is used as a client?</A ></DT ><DT >10.1.4. <A -HREF="#AEN1934" +HREF="#AEN1993" >How do I get printer driver download working for OS/2 clients?</A ></DT @@ -852,24 +864,24 @@ HREF="#CVS-ACCESS" ><DL ><DT >11.1. <A -HREF="#AEN1950" +HREF="#AEN2009" >Introduction</A ></DT ><DT >11.2. <A -HREF="#AEN1955" +HREF="#AEN2014" >CVS Access to samba.org</A ></DT ><DD ><DL ><DT >11.2.1. <A -HREF="#AEN1958" +HREF="#AEN2017" >Access via CVSweb</A ></DT ><DT >11.2.2. <A -HREF="#AEN1963" +HREF="#AEN2022" >Access via cvs</A ></DT ></DL @@ -878,7 +890,7 @@ HREF="#AEN1963" ></DD ><DT ><A -HREF="#AEN1991" +HREF="#AEN2050" >Index</A ></DT ></DL @@ -3034,15 +3046,24 @@ Samba implementation for your Unix/Linux system. The CLASS="FILENAME" >pam_smbpass.so</TT > module is provided by -Samba version 2.2.1 or later. It can be compiled only if the -<TT -CLASS="CONSTANT" ->--with-pam --with-pam_smbpass</TT -> options are both -provided to the Samba <B +Samba version 2.2.1 or later. It can be compiled by specifying the +<B CLASS="COMMAND" ->configure</B -> program.</P +>--with-pam_smbpass</B +> options when running Samba's +<TT +CLASS="FILENAME" +>configure</TT +> script. For more information +on the <TT +CLASS="FILENAME" +>pam_smbpass</TT +> module, see the documentation +in the <TT +CLASS="FILENAME" +>source/pam_smbpass</TT +> directory of the Samba +source distribution.</P ><P ><TABLE BORDER="0" @@ -3139,7 +3160,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN497" +NAME="AEN499" >3.2. Distributed Authentication</A ></H1 ><P @@ -3172,7 +3193,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN504" +NAME="AEN506" >3.3. PAM Configuration in smb.conf</A ></H1 ><P @@ -3220,7 +3241,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN524" +NAME="AEN526" >4.1. Instructions</A ></H1 ><P @@ -3377,7 +3398,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN559" +NAME="AEN561" >4.1.1. Notes</A ></H2 ><P @@ -3418,7 +3439,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN579" +NAME="AEN581" >5.1. Viewing and changing UNIX permissions using the NT security dialogs</A ></H1 @@ -3457,7 +3478,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN588" +NAME="AEN590" >5.2. How to view file security on a Samba share</A ></H1 ><P @@ -3503,7 +3524,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN599" +NAME="AEN601" >5.3. Viewing file ownership</A ></H1 ><P @@ -3589,7 +3610,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN619" +NAME="AEN621" >5.4. Viewing file or directory permissions</A ></H1 ><P @@ -3651,7 +3672,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN634" +NAME="AEN636" >5.4.1. File Permissions</A ></H2 ><P @@ -3713,7 +3734,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN648" +NAME="AEN650" >5.4.2. Directory Permissions</A ></H2 ><P @@ -3745,7 +3766,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN655" +NAME="AEN657" >5.5. Modifying file or directory permissions</A ></H1 ><P @@ -3843,7 +3864,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN677" +NAME="AEN679" >5.6. Interaction with the standard Samba create mask parameters</A ></H1 @@ -4116,7 +4137,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN741" +NAME="AEN743" >5.7. Interaction with the standard Samba file attribute mapping</A ></H1 @@ -4171,7 +4192,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN762" +NAME="AEN764" >6.1. Introduction</A ></H1 ><P @@ -4255,7 +4276,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN784" +NAME="AEN786" >6.2. Configuration</A ></H1 ><DIV @@ -4323,7 +4344,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN795" +NAME="AEN797" >6.2.1. Creating [print$]</A ></H2 ><P @@ -4524,7 +4545,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN830" +NAME="AEN832" >6.2.2. Setting Drivers for Existing Printers</A ></H2 ><P @@ -4596,7 +4617,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN847" +NAME="AEN849" >6.2.3. Support a large number of printers</A ></H2 ><P @@ -4671,7 +4692,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN858" +NAME="AEN860" >6.2.4. Adding New Printers via the Windows NT APW</A ></H2 ><P @@ -4777,7 +4798,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN883" +NAME="AEN885" >6.2.5. Samba and Printer Ports</A ></H2 ><P @@ -4814,7 +4835,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN891" +NAME="AEN893" >6.3. The Imprints Toolset</A ></H1 ><P @@ -4832,7 +4853,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN895" +NAME="AEN897" >6.3.1. What is Imprints?</A ></H2 ><P @@ -4864,7 +4885,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN905" +NAME="AEN907" >6.3.2. Creating Printer Driver Packages</A ></H2 ><P @@ -4880,7 +4901,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN908" +NAME="AEN910" >6.3.3. The Imprints server</A ></H2 ><P @@ -4900,7 +4921,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN912" +NAME="AEN914" >6.3.4. The Installation Client</A ></H2 ><P @@ -5003,7 +5024,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN934" +NAME="AEN936" >6.4. <A NAME="MIGRATION" ></A @@ -5167,20 +5188,11 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN988" +NAME="AEN990" >7.1. Joining an NT Domain with Samba 2.2</A ></H1 ><P ->In order for a Samba-2 server to join an NT domain, - you must first add the NetBIOS name of the Samba server to the - NT domain on the PDC using Server Manager for Domains. This creates - the machine account in the domain (PDC) SAM. Note that you should - add the Samba server as a "Windows NT Workstation or Server", - <EM ->NOT</EM -> as a Primary or backup domain controller.</P -><P ->Assume you have a Samba-2 server with a NetBIOS name of +>Assume you have a Samba 2.x server with a NetBIOS name of <TT CLASS="CONSTANT" >SERV1</TT @@ -5212,13 +5224,26 @@ CLASS="PROMPT" CLASS="USERINPUT" ><B >smbpasswd -j DOM -r DOMPDC - </B + -U<TT +CLASS="REPLACEABLE" +><I +>Administrator%password</I +></TT +></B ></TT ></P ><P >as we are joining the domain DOM and the PDC for that domain (the only machine that has write access to the domain SAM database) - is DOMPDC. If this is successful you will see the message:</P + is DOMPDC. The <TT +CLASS="REPLACEABLE" +><I +>Administrator%password</I +></TT +> is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:</P ><P ><TT CLASS="COMPUTEROUTPUT" @@ -5394,7 +5419,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1052" +NAME="AEN1054" >7.2. Samba and Windows 2000 Domains</A ></H1 ><P @@ -5419,7 +5444,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1057" +NAME="AEN1059" >7.3. Why is this better than security = server?</A ></H1 ><P @@ -5513,7 +5538,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1090" +NAME="AEN1092" >8.1. Prerequisite Reading</A ></H1 ><P @@ -5541,7 +5566,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1096" +NAME="AEN1098" >8.2. Background</A ></H1 ><DIV @@ -5552,32 +5577,33 @@ CLASS="NOTE" ><B >Note: </B ><EM ->Author's Note :</EM +>Author's Note:</EM > This document is a combination -of David Bannon's Samba 2.2 PDC HOWTO and the Samba NT Domain FAQ. +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". Both documents are superseded by this one.</P ></BLOCKQUOTE ></DIV ><P ->Version of Samba prior to release 2.2 had marginal capabilities to -act as a Windows NT 4.0 Primary DOmain Controller (PDC). Beginning with -Samba 2.2.0, we are proud to announce official support for Windows NT 4.0 -style domain logons from Windows NT 4.0 (through SP6) and Windows 2000 (through -SP1) clients. This article outlines the steps necessary for configuring Samba -as a PDC. It is necessary to have a working Samba server prior to implementing the -PDC functionality. If you have not followed the steps outlined in -<A +>Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller + +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in <A HREF="UNIX_INSTALL.html" TARGET="_top" > UNIX_INSTALL.html</A ->, please make sure -that your server is configured correctly before proceeding. Another good -resource in the <A +>, please make sure +that your server is configured correctly before proceeding. Another +good resource in the <A HREF="smb.conf.5.html" TARGET="_top" ->smb.conf(5) man +>smb.conf(5) man page</A ->. The following functionality should work in 2.2:</P +>. The following functionality should work in 2.2:</P ><P ></P ><UL @@ -5604,36 +5630,10 @@ page</A ></LI ><LI ><P -> Windows NT 4.0 style system policies +> Windows NT 4.0-style system policies </P ></LI ></UL -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Windows 2000 Service Pack 2 Clients</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P -> Samba 2.2.1 is required for PDC functionality when using Windows 2000 - SP2 clients. - </P -></TD -></TR -></TABLE -></DIV ><P >The following pieces of functionality are not included in the 2.2 release:</P ><P @@ -5665,7 +5665,7 @@ ALIGN="LEFT" ><P >Please note that Windows 9x clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for -support Windows 9x style domain logons is completely different +support Windows 9x-style domain logons is completely different from NT4 domain logons and has been officially supported for some time.</P ><P @@ -5698,7 +5698,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1138" +NAME="AEN1137" >8.3. Configuring the Samba Domain Controller</A ></H1 ><P @@ -5713,7 +5713,10 @@ man page</A >. For convenience, the parameters have been linked with the actual smb.conf description.</P ><P ->Here is an example smb.conf for acting as a PDC:</P +>Here is an example <TT +CLASS="FILENAME" +>smb.conf</TT +> for acting as a PDC:</P ><P ><TABLE BORDER="0" @@ -5825,10 +5828,10 @@ TARGET="_top" >path</A > = /usr/local/samba/lib/netlogon <A -HREF="smb.conf.5.html#WRITEABLE" +HREF="smb.conf.5.html#READONLY" TARGET="_top" ->writeable</A -> = no +>read only</A +> = yes <A HREF="smb.conf.5.html#WRITELIST" TARGET="_top" @@ -5848,10 +5851,10 @@ TARGET="_top" >path</A > = /export/smb/ntprofile <A -HREF="smb.conf.5.html#WRITEABLE" +HREF="smb.conf.5.html#READONLY" TARGET="_top" ->writeable</A -> = yes +>read only</A +> = no <A HREF="smb.conf.5.html#CREATEMASK" TARGET="_top" @@ -5900,15 +5903,16 @@ CLASS="FILENAME" ></LI ></UL ><P ->As Samba 2.2 does not offer a complete implementation of group mapping between -Windows NT groups and UNIX groups (this is really quite complicated to explain -in a short space), you should refer to the <A +>As Samba 2.2 does not offer a complete implementation of group mapping +between Windows NT groups and Unix groups (this is really quite +complicated to explain in a short space), you should refer to the +<A HREF="smb.conf.5.html#DOMAINADMINGROUP" TARGET="_top" ->domain -admin group</A -> smb.conf parameter for information of creating "Domain Admins" -style accounts.</P +>domain admin +group</A +> smb.conf parameter for information of creating "Domain +Admins" style accounts.</P ></DIV ><DIV CLASS="SECT1" @@ -5916,56 +5920,72 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN1180" ->8.4. Creating Machine Trust Accounts and Joining Clients -to the Domain</A +>8.4. Creating Machine Trust Accounts and Joining Clients to the +Domain</A ></H1 ><P ->A machine trust account is a samba user account owned by a computer. -The account password acts as the shared secret for secure -communication with the Domain Controller. This is a security feature -to prevent an unauthorized machine with the same NetBIOS name from -joining the domain and gaining access to domain user/group accounts. -Hence a Windows 9x host is never a true member of a domain because it does -not posses a machine trust account, and thus has no shared secret with the DC.</P +>A machine trust account is a Samba account that is used to +authenticate a client machine (rather than a user) to the Samba +server. In Windows terminology, this is known as a "Computer +Account."</P +><P +>The password of a machine trust account acts as the shared secret for +secure communication with the Domain Controller. This is a security +feature to prevent an unauthorized machine with the same NetBIOS name +from joining the domain and gaining access to domain user/group +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller.</P +><P +>A Windows PDC stores each machine trust account in the Windows +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: + +<P +></P +><UL +><LI ><P ->On a Windows NT PDC, these machine trust account passwords are stored -in the registry. A Samba PDC stores these accounts in the same location -as user LanMan and NT password hashes (currently <TT +>A Samba account, stored in the same location as user + LanMan and NT password hashes (currently + <TT CLASS="FILENAME" >smbpasswd</TT ->). -However, machine trust accounts only possess and use the NT password hash.</P +>). The Samba account + possesses and uses only the NT password hash.</P +></LI +><LI ><P ->Because Samba requires machine accounts to possess a UNIX uid from -which an Windows NT SID can be generated, all of these accounts -must have an entry in <TT +>A corresponding Unix account, typically stored in + <TT CLASS="FILENAME" >/etc/passwd</TT -> and smbpasswd. -Future releases will alleviate the need to create -<TT +>. (Future releases will alleviate the need to + create <TT CLASS="FILENAME" >/etc/passwd</TT -> entries. </P +> entries.) </P +></LI +></UL +></P ><P ->There are two means of creating machine trust accounts.</P +>There are two ways to create machine trust accounts:</P ><P ></P ><UL ><LI ><P -> Manual creation before joining the client to the domain. In this case, - the password is set to a known value -- the lower case of the - machine's NetBIOS name. - </P +> Manual creation. Both the Samba and corresponding + Unix account are created by hand.</P ></LI ><LI ><P -> Creation of the account at the time of joining the domain. In - this case, the session key of the administrative account used to join - the client to the domain acts as an encryption key for setting the - password to a random value (This is the recommended method). - </P +> "On-the-fly" creation. The Samba machine trust + account is automatically created by Samba at the time the client + is joined to the domain. (For security, this is the + recommended method.) The corresponding Unix account may be + created automatically or manually. </P ></LI ></UL ><DIV @@ -5973,22 +5993,28 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1194" ->8.4.1. Manually creating machine trust accounts</A +NAME="AEN1199" +>8.4.1. Manual Creation of Machine Trust Accounts</A ></H2 ><P ->The first step in creating a machine trust account by hand is to -create an entry for the machine in /etc/passwd. This can be done -using <B +>The first step in manually creating a machine trust account is to +manually create the corresponding Unix account in +<TT +CLASS="FILENAME" +>/etc/passwd</TT +>. This can be done using +<B CLASS="COMMAND" >vipw</B -> or any 'add userr' command which is normally -used to create new UNIX accounts. The following is an example for a Linux -based Samba server:</P +> or other 'add user' command that is normally +used to create new Unix accounts. The following is an example for a +Linux based Samba server:</P ><P -><TT +> <TT CLASS="PROMPT" >root# </TT +><B +CLASS="COMMAND" >/usr/sbin/useradd -g 100 -d /dev/null -c <TT CLASS="REPLACEABLE" ><I @@ -6000,28 +6026,32 @@ CLASS="REPLACEABLE" ><I >machine_name</I ></TT ->$ </P +>$ </B +></P ><P ><TT CLASS="PROMPT" >root# </TT +><B +CLASS="COMMAND" >passwd -l <TT CLASS="REPLACEABLE" ><I >machine_name</I ></TT ->$</P +>$</B +></P ><P >The <TT CLASS="FILENAME" >/etc/passwd</TT > entry will list the machine name -with a $ appended, won't have a passwd, will have a null shell and no -home directory. For example a machine called 'doppy' would have an +with a "$" appended, won't have a password, will have a null shell and no +home directory. For example a machine named 'doppy' would have an <TT CLASS="FILENAME" >/etc/passwd</TT -> entry like this :</P +> entry like this:</P ><P ><TABLE BORDER="0" @@ -6047,20 +6077,22 @@ CLASS="REPLACEABLE" ><I >machine_nickname</I ></TT -> can be any descriptive name for the -pc i.e. BasementComputer. The <TT +> can be any +descriptive name for the client, i.e., BasementComputer. +<TT CLASS="REPLACEABLE" ><I >machine_name</I ></TT -> absolutely must be -the NetBIOS name of the pc to be added to the domain. The "$" must append the NetBIOS -name of the pc or samba will not recognize this as a machine account</P -><P ->Now that the UNIX account has been created, the next step is to create -the smbpasswd entry for the machine containing the well known initial -trust account password. This can be done using the <A -HREF="smbpasswd.6.html" +> absolutely must be the NetBIOS +name of the client to be joined to the domain. The "$" must be +appended to the NetBIOS name of the client or Samba will not recognize +this as a machine trust account.</P +><P +>Now that the corresponding Unix account has been created, the next step is to create +the Samba account for the client containing the well-known initial +machine trust account password. This can be done using the <A +HREF="smbpasswd.8.html" TARGET="_top" ><B CLASS="COMMAND" @@ -6072,11 +6104,14 @@ as shown here:</P ><TT CLASS="PROMPT" >root# </TT -> smbpasswd -a -m <TT +><B +CLASS="COMMAND" +>smbpasswd -a -m <TT CLASS="REPLACEABLE" ><I >machine_name</I ></TT +></B ></P ><P >where <TT @@ -6085,7 +6120,8 @@ CLASS="REPLACEABLE" >machine_name</I ></TT > is the machine's NetBIOS -name. </P +name. The RID of the new machine account is generated from the UID of +the corresponding Unix account.</P ><DIV CLASS="WARNING" ><P @@ -6106,9 +6142,9 @@ ALIGN="CENTER" ALIGN="LEFT" ><P > Manually creating a machine trust account using this method is the - equivalent of creating a machine account on a Windows NT PDC using + equivalent of creating a machine trust account on a Windows NT PDC using the "Server Manager". From the time at which the account is created - to the time which th client joins the domain and changes the password, + to the time which the client joins the domain and changes the password, your domain is vulnerable to an intruder joining your domain using a a machine with the same NetBIOS name. A PDC inherently trusts members of the domain and will serve out a large degree of user @@ -6124,18 +6160,30 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1225" ->8.4.2. Creating machine trust accounts "on the fly"</A +NAME="AEN1234" +>8.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A ></H2 ><P ->The second, and most recommended way of creating machine trust accounts -is to create them as needed at the time the client is joined to -the domain. You will need to include a value for the <A +>The second (and recommended) way of creating machine trust accounts is +simply to allow the Samba server to create them as needed when the client +is joined to the domain. </P +><P +>Since each Samba machine trust account requires a corresponding +Unix account, a method for automatically creating the +Unix account is usually supplied; this requires configuration of the +<A HREF="smb.conf.5.html#ADDUSERSCRIPT" TARGET="_top" >add user script</A -> -parameter. Below is an example from a RedHat 6.2 Linux system.</P +> +option in <TT +CLASS="FILENAME" +>smb.conf</TT +>. This +method is not required, however; corresponding Unix accounts may also +be created manually.</P +><P +>Below is an example for a RedHat 6.2 Linux system.</P ><P ><TABLE BORDER="0" @@ -6145,26 +6193,72 @@ WIDTH="100%" ><TD ><PRE CLASS="PROGRAMLISTING" ->add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE +>[global] + # <...remainder of parameters...> + add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE ></TD ></TR ></TABLE ></P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN1243" +>8.4.3. Joining the Client to the Domain</A +></H2 +><P +>The procedure for joining a client to the domain varies with the +version of Windows.</P +><P +></P +><UL +><LI ><P ->In Samba 2.2.1, <EM ->only the root account</EM -> can be used to create -machine accounts like this. Therefore, it is required to create -an entry in smbpasswd for <EM ->root</EM ->. The password -<EM ->SHOULD</EM -> be set to a different password that the -associated <TT +><EM +>Windows 2000</EM +></P +><P +> When the user elects to join the client to a domain, Windows prompts for + an account and password that is privileged to join the domain. A + Samba administrative account (i.e., a Samba account that has root + privileges on the Samba server) must be entered here; the + operation will fail if an ordinary user account is given. + The password for this account should be + set to a different password than the associated + <TT CLASS="FILENAME" >/etc/passwd</TT -> entry for security reasons.</P +> entry, for security + reasons. </P +><P +>The session key of the Samba administrative account acts as an + encryption key for setting the password of the machine trust + account. The machine trust account will be created on-the-fly, or + updated if it already exists.</P +></LI +><LI +><P +><EM +>Windows NT</EM +></P +><P +> If the machine trust account was created manually, on the + Identification Changes menu enter the domain name, but do not + check the box "Create a Computer Account in the Domain." In this case, + the existing machine trust account is used to join the machine to + the domain.</P +><P +> If the machine trust account is to be created + on-the-fly, on the Identification Changes menu enter the domain + name, and check the box "Create a Computer Account in the Domain." In + this case, joining the domain proceeds as above for Windows 2000 + (i.e., you must supply a Samba administrative account when + prompted).</P +></LI +></UL ></DIV ></DIV ><DIV @@ -6172,7 +6266,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1236" +NAME="AEN1258" >8.5. Common Problems and Errors</A ></H1 ><P @@ -6192,7 +6286,7 @@ CLASS="FILENAME" >/etc/passwd</TT > of the machine name with a '$' appended. FreeBSD (and other BSD - systems ?) won't create a user with a '$' in their name. + systems?) won't create a user with a '$' in their name. </P ><P > The problem is only in the program used to make the entry, once @@ -6202,7 +6296,7 @@ CLASS="COMMAND" >vipw</B > to edit the entry, adding the '$'. Or create the whole entry with vipw if you like, make sure you use a - unique uid ! + unique User ID ! </P ></LI ><LI @@ -6210,11 +6304,11 @@ CLASS="COMMAND" > <EM >I get told "You already have a connection to the Domain...." or "Cannot join domain, the credentials supplied conflict with an - existing set.." when creating a machine account.</EM + existing set.." when creating a machine trust account.</EM > </P ><P -> This happens if you try to create a machine account from the +> This happens if you try to create a machine trust account from the machine itself and already have a connection (e.g. mapped drive) to a share (or IPC$) on the Samba PDC. The following command will remove all network drive connections: @@ -6266,17 +6360,17 @@ CLASS="COMMAND" ><LI ><P > <EM ->The machine account for this computer either does not +>The machine trust account for this computer either does not exist or is not accessible.</EM > </P ><P > When I try to join the domain I get the message "The machine account - for this computer either does not exist or is not accessible". Whats + for this computer either does not exist or is not accessible". What's wrong? </P ><P -> This problem is caused by the PDC not having a suitable machine account. +> This problem is caused by the PDC not having a suitable machine trust account. If you are using the <TT CLASS="PARAMETER" ><I @@ -6289,7 +6383,7 @@ CLASS="PARAMETER" ><P > Alternatively if you are creating account entries manually then they have not been created correctly. Make sure that you have the entry - correct for the machine account in smbpasswd file on the Samba PDC. + correct for the machine trust account in smbpasswd file on the Samba PDC. If you added the account using an editor rather than using the smbpasswd utility, make sure that the account name is the machine NetBIOS name with a '$' appended to it ( i.e. computer_name$ ). There must be an entry @@ -6371,7 +6465,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1284" +NAME="AEN1306" >8.6. System Policies and Profiles</A ></H1 ><P @@ -6392,7 +6486,7 @@ Profiles and Policies in Windows NT 4.0</A ><LI ><P > <EM ->What about Windows NT Policy Editor ?</EM +>What about Windows NT Policy Editor?</EM > </P ><P @@ -6451,7 +6545,7 @@ CLASS="COMMAND" ><LI ><P > <EM ->Can Win95 do Policies ?</EM +>Can Win95 do Policies?</EM > </P ><P @@ -6482,7 +6576,7 @@ CLASS="FILENAME" </P ><P > Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager' ? + the 'User Manager for Domains', the 'Server Manager'? </P ><P > Microsoft distributes a version of these tools called nexus for @@ -6528,8 +6622,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1328" ->8.7. What other help can I get ?</A +NAME="AEN1350" +>8.7. What other help can I get?</A ></H1 ><P >There are many sources of information available in the form @@ -6592,7 +6686,7 @@ HREF="http://www.tcpdump.org/" TARGET="_top" >http://www.tcpdup.org/</A >. - Ethereal, another good packet sniffer for UNIX and Win32 + Ethereal, another good packet sniffer for Unix and Win32 hosts, can be downloaded from <A HREF="http://www.ethereal.com/" TARGET="_top" @@ -6789,7 +6883,7 @@ TARGET="_top" ><LI ><P > <EM ->How do I get help from the mailing lists ?</EM +>How do I get help from the mailing lists?</EM > </P ><P @@ -6881,14 +6975,14 @@ TARGET="_top" >Please think carefully before attaching a document to an email. Consider pasting the relevant parts into the body of the message. The samba mailing lists go to a huge number of people, do they all need a copy of your - smb.conf in their attach directory ?</P + smb.conf in their attach directory?</P ></LI ></UL ></LI ><LI ><P > <EM ->How do I get off the mailing lists ?</EM +>How do I get off the mailing lists?</EM > </P ><P @@ -6924,7 +7018,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1442" +NAME="AEN1464" >8.8. Domain Control for Windows 9x/ME</A ></H1 ><DIV @@ -6936,8 +7030,10 @@ CLASS="NOTE" >Note: </B >The following section contains much of the original DOMAIN.txt file previously included with Samba. Much of -the material is based on what went into the book Special -Edition, Using Samba. (Richard Sharpe)</P +the material is based on what went into the book <EM +>Special +Edition, Using Samba</EM +>, by Richard Sharpe.</P ></BLOCKQUOTE ></DIV ><P @@ -6952,11 +7048,12 @@ other systems based on NT server support this, as does at least Samba TNG now).< server in the domain should accept the same authentication information. Network browsing functionality of domains and workgroups is identical and is explained in BROWSING.txt. It should be noted, that browsing -is total orthogonal to logon support.</P +is totally orthogonal to logon support.</P ><P >Issues related to the single-logon network model are discussed in this -document. Samba supports domain logons, network logon scripts, and user -profiles for MS Windows for workgroups and MS Windows 9X clients.</P +section. Samba supports domain logons, network logon scripts, and user +profiles for MS Windows for workgroups and MS Windows 9X/ME clients +which will be the focus of this section.</P ><P >When an SMB client in a domain wishes to logon it broadcast requests for a logon server. The first one to reply gets the job, and validates its @@ -6967,37 +7064,12 @@ servers advertising themselves as participating in a domain. This demonstrates how authentication is quite different from but closely involved with domains.</P ><P ->Another thing commonly associated with single-logon domains is remote -administration over the SMB protocol. Again, there is no reason why this -cannot be implemented with an underlying username database which is -different from the Windows NT SAM. Support for the Remote Administration -Protocol is planned for a future release of Samba.</P -><P ->Network logon support as discussed in this section is aimed at Window for -Workgroups, and Windows 9X clients. </P -><P ->Support for profiles is confirmed as working for Win95, NT 4.0 and NT 3.51. -It is possible to specify: the profile location; script file to be loaded -on login; the user's home directory; and for NT a kick-off time could also -now easily be supported. However, there are some differences between Win9X -profile support and WinNT profile support. These are discussed below.</P -><P ->With NT Workstations, all this does not require the use or intervention of -an NT 4.0 or NT 3.51 server: Samba can now replace the logon services -provided by an NT server, to a limited and experimental degree (for example, -running "User Manager for Domains" will not provide you with access to -a domain created by a Samba Server).</P -><P ->With Win95, the help of an NT server can be enlisted, both for profile storage -and for user authentication. For details on user authentication, see -security_level.txt. For details on profile storage, see below.</P -><P >Using these features you can make your clients verify their logon via the Samba server; make clients run a batch file when they logon to the network and download their preferences, desktop and start menu.</P ><P ->Before launching into the configuration instructions, it is worthwhile looking -at how a Win9X client performs a logon:</P +>Before launching into the configuration instructions, it is +worthwhile lookingat how a Windows 9x/ME client performs a logon:</P ><P ></P ><OL @@ -7005,7 +7077,7 @@ TYPE="1" ><LI ><P > The client broadcasts (to the IP broadcast address of the subnet it is in) - a NetLogon request. This is sent to the NetBIOS address DOMAIN<00> at the + a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the NetBIOS layer. The client chooses the first response it receives, which contains the NetBIOS name of the logon server to use in the format of \\SERVER. @@ -7060,122 +7132,27 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1472" +NAME="AEN1490" >8.8.1. Configuration Instructions: Network Logons</A ></H2 ><P ->To use domain logons and profiles you need to do the following:</P -><P -></P -><OL -TYPE="1" -><LI -><P -> Create a share called [netlogon] in your smb.conf. This share should - be readable by all users, and probably should not be writeable. This - share will hold your network logon scripts, and the CONFIG.POL file - (Note: for details on the CONFIG.POL file, how to use it, what it is, - refer to the Microsoft Windows NT Administration documentation. - The format of these files is not known, so you will need to use - Microsoft tools). - </P -><P -> For example I have used: - </P -><P -><TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="90%" -><TR -><TD -><PRE -CLASS="PROGRAMLISTING" ->[netlogon] - path = /data/dos/netlogon - writeable = no - guest ok = no</PRE -></TD -></TR -></TABLE -></P -><P -> Note that it is important that this share is not writeable by ordinary - users, in a secure environment: ordinary users should not be allowed - to modify or add files that another user's computer would then download - when they log in. - </P -></LI -><LI -><P -> in the [global] section of smb.conf set the following: - </P -><P -><TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="90%" -><TR -><TD -><PRE -CLASS="PROGRAMLISTING" ->domain logons = yes -logon script = %U.bat - </PRE -></TD -></TR -></TABLE -></P -><P -> The choice of batch file is, of course, up to you. The above would - give each user a separate batch file as the %U will be changed to - their username automatically. The other standard % macros may also be - used. You can make the batch files come from a subdirectory by using - something like: - </P +>The main difference between a PDC and a Windows 9x logon +server configuration is that</P ><P -><TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="90%" -><TR -><TD -><PRE -CLASS="PROGRAMLISTING" ->logon script = scripts\%U.bat - </PRE -></TD -></TR -></TABLE ></P -></LI +><UL ><LI ><P -> create the batch files to be run when the user logs in. If the batch - file doesn't exist then no batch file will be run. - </P -><P -> In the batch files you need to be careful to use DOS style cr/lf line - endings. If you don't then DOS may get confused. I suggest you use a - DOS editor to remotely edit the files if you don't know how to produce - DOS style files under unix. - </P +>Password encryption is not required for a Windows 9x logon server.</P ></LI ><LI ><P -> Use smbclient with the -U option for some users to make sure that - the \\server\NETLOGON share is available, the batch files are - visible and they are readable by the users. - </P +>Windows 9x/ME clients do not possess machine trust accounts.</P ></LI -><LI +></UL ><P -> you will probably find that your clients automatically mount the - \\SERVER\NETLOGON share as drive z: while logging in. You can put - some useful programs there to execute from the batch files. - </P -></LI -></OL +>Therefore, a Samba PDC will also act as a Windows 9x logon +server.</P ><DIV CLASS="WARNING" ><P @@ -7215,7 +7192,7 @@ CLASS="CONSTANT" > mode security is really just a variation on SMB user level security.</P ><P ->Actually, this issue is also closer tied to the debate on whether +>Actually, this issue is also closely tied to the debate on whether or not Samba must be the domain master browser for its workgroup when operating as a DC. While it may technically be possible to configure a server as such (after all, browsing and domain logons @@ -7249,7 +7226,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1506" +NAME="AEN1509" >8.8.2. Configuration Instructions: Setting up Roaming User Profiles</A ></H2 ><DIV @@ -7296,11 +7273,11 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1514" +NAME="AEN1517" >8.8.2.1. Windows NT Configuration</A ></H3 ><P ->To support WinNT clients, inn the [global] section of smb.conf set the +>To support WinNT clients, in the [global] section of smb.conf set the following (for example):</P ><P ><TABLE @@ -7340,7 +7317,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1522" +NAME="AEN1525" >8.8.2.2. Windows 9X Configuration</A ></H3 ><P @@ -7380,7 +7357,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1530" +NAME="AEN1533" >8.8.2.3. Win9X and WinNT Configuration</A ></H3 ><P @@ -7418,7 +7395,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1537" +NAME="AEN1540" >8.8.2.4. Windows 9X Profile Setup</A ></H3 ><P @@ -7490,7 +7467,7 @@ the newest folders and short-cuts from each set.</P >If you have made the folders / files read-only on the samba server, then you will get errors from the w95 machine on logon and logout, as it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the unix file +you have any errors reported by the w95 machine, check the Unix file permissions and ownership rights on the profile directory contents, on the samba server.</P ><P @@ -7574,7 +7551,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1573" +NAME="AEN1576" >8.8.2.5. Windows NT Workstation 4.0</A ></H3 ><P @@ -7656,7 +7633,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1586" +NAME="AEN1589" >8.8.2.6. Windows NT Server</A ></H3 ><P @@ -7670,7 +7647,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1589" +NAME="AEN1592" >8.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</A ></H3 ><DIV @@ -7735,7 +7712,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1599" +NAME="AEN1602" >8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A ></H1 ><DIV @@ -7864,7 +7841,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1642" +NAME="AEN1652" >9.1. Abstract</A ></H1 ><P @@ -7887,7 +7864,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1646" +NAME="AEN1656" >9.2. Introduction</A ></H1 ><P @@ -7941,7 +7918,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1659" +NAME="AEN1669" >9.3. What Winbind Provides</A ></H1 ><P @@ -7983,7 +7960,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1666" +NAME="AEN1676" >9.3.1. Target Uses</A ></H2 ><P @@ -8007,7 +7984,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1670" +NAME="AEN1680" >9.4. How Winbind Works</A ></H1 ><P @@ -8027,7 +8004,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1675" +NAME="AEN1685" >9.4.1. Microsoft Remote Procedure Calls</A ></H2 ><P @@ -8053,7 +8030,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1679" +NAME="AEN1689" >9.4.2. Name Service Switch</A ></H2 ><P @@ -8133,7 +8110,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1695" +NAME="AEN1705" >9.4.3. Pluggable Authentication Modules</A ></H2 ><P @@ -8182,7 +8159,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1703" +NAME="AEN1713" >9.4.4. User and Group ID Allocation</A ></H2 ><P @@ -8208,7 +8185,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1707" +NAME="AEN1717" >9.4.5. Result Caching</A ></H2 ><P @@ -8231,7 +8208,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1710" +NAME="AEN1720" >9.5. Installation and Configuration</A ></H1 ><P @@ -8250,7 +8227,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1715" +NAME="AEN1725" >9.5.1. Introduction</A ></H2 ><P @@ -8301,17 +8278,24 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1728" +NAME="AEN1738" >9.5.2. Requirements</A ></H2 ><P >If you have a samba configuration file that you are currently -using... BACK IT UP! If your system already uses PAM, BACK UP -THE <TT +using... <EM +>BACK IT UP!</EM +> If your system already uses PAM, +<EM +>back up the <TT CLASS="FILENAME" >/etc/pam.d</TT -> directory contents! If you -haven't already made a boot disk, MAKE ON NOW!</P +> directory +contents!</EM +> If you haven't already made a boot disk, +<EM +>MAKE ONE NOW!</EM +></P ><P >Messing with the pam configuration files can make it nearly impossible to log in to yourmachine. That's why you want to be able to boot back @@ -8322,10 +8306,15 @@ CLASS="FILENAME" > back to the original state they were in if you get frustrated with the way things are going. ;-)</P ><P ->The newest version of SAMBA (version 2.2.2), available from -cvs.samba.org, now include a functioning winbindd daemon. Please refer -to the main SAMBA web page or, better yet, your closest SAMBA mirror -site for instructions on downloading the source code.</P +>The latest version of SAMBA (version 2.2.2 as of this writing), now +includes a functioning winbindd daemon. Please refer to the +<A +HREF="http://samba.org/" +TARGET="_top" +>main SAMBA web page</A +> or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code.</P ><P >To allow Domain users the ability to access SAMBA shares and files, as well as potentially other services provided by your @@ -8333,15 +8322,21 @@ SAMBA machine, PAM (pluggable authentication modules) must be setup properly on your machine. In order to compile the winbind modules, you should have at least the pam libraries resident on your system. For recent RedHat systems (7.1, for instance), that -means 'pam-0.74-22'. For best results, it is helpful to also -install the development packages in 'pam-devel-0.74-22'.</P +means <TT +CLASS="FILENAME" +>pam-0.74-22</TT +>. For best results, it is helpful to also +install the development packages in <TT +CLASS="FILENAME" +>pam-devel-0.74-22</TT +>.</P ></DIV ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1736" +NAME="AEN1752" >9.5.3. Testing Things Out</A ></H2 ><P @@ -8372,19 +8367,26 @@ CLASS="FILENAME" >/usr/man</TT > entries for pam. Winbind built better in SAMBA if the pam-devel package was also installed. This package includes -the header files needed to compile pam-aware applications. For instance, my RedHat -system has both 'pam-0.74-22' and 'pam-devel-0.74-22' RPMs installed.</P +the header files needed to compile pam-aware applications. For instance, +my RedHat system has both <TT +CLASS="FILENAME" +>pam-0.74-22</TT +> and +<TT +CLASS="FILENAME" +>pam-devel-0.74-22</TT +> RPMs installed.</P ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1745" +NAME="AEN1763" >9.5.3.1. Configure and compile SAMBA</A ></H3 ><P >The configuration and compilation of SAMBA is pretty straightforward. -The first three steps maynot be necessary depending upon +The first three steps may not be necessary depending upon whether or not you have previously built the Samba binaries.</P ><P ><TABLE @@ -8397,35 +8399,56 @@ WIDTH="100%" CLASS="PROGRAMLISTING" ><TT CLASS="PROMPT" ->root# </TT -> autoconf +>root#</TT +> <B +CLASS="COMMAND" +>autoconf</B +> <TT CLASS="PROMPT" ->root# </TT -> make clean +>root#</TT +> <B +CLASS="COMMAND" +>make clean</B +> <TT CLASS="PROMPT" ->root# </TT -> rm config.cache +>root#</TT +> <B +CLASS="COMMAND" +>rm config.cache</B +> <TT CLASS="PROMPT" ->root# </TT -> ./configure --with-winbind +>root#</TT +> <B +CLASS="COMMAND" +>./configure --with-winbind</B +> <TT CLASS="PROMPT" ->root# </TT -> make +>root#</TT +> <B +CLASS="COMMAND" +>make</B +> <TT CLASS="PROMPT" ->root# </TT -> make install</PRE +>root#</TT +> <B +CLASS="COMMAND" +>make install</B +></PRE ></TD ></TR ></TABLE ></P ><P ->This will, by default, install SAMBA in /usr/local/samba. See the -main SAMBA documentation if you want to install SAMBA somewhere else. +>This will, by default, install SAMBA in <TT +CLASS="FILENAME" +>/usr/local/samba</TT +>. +See the main SAMBA documentation if you want to install SAMBA somewhere else. It will also build the winbindd executable and libraries. </P ></DIV ><DIV @@ -8433,24 +8456,37 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1757" ->9.5.3.2. Configure nsswitch.conf and the winbind libraries</A +NAME="AEN1782" +>9.5.3.2. Configure <TT +CLASS="FILENAME" +>nsswitch.conf</TT +> and the +winbind libraries</A ></H3 ><P ->The libraries needed to run the winbind daemon through nsswitch -need to be copied to their proper locations, so</P +>The libraries needed to run the <B +CLASS="COMMAND" +>winbindd</B +> daemon +through nsswitch need to be copied to their proper locations, so</P ><P ><TT CLASS="PROMPT" ->root# </TT -> cp ../samba/source/nsswitch/libnss_winbind.so /lib</P +>root#</TT +> <B +CLASS="COMMAND" +>cp ../samba/source/nsswitch/libnss_winbind.so /lib</B +></P ><P >I also found it necessary to make the following symbolic link:</P ><P ><TT CLASS="PROMPT" ->root# </TT -> ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</P +>root#</TT +> <B +CLASS="COMMAND" +>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B +></P ><P >Now, as root you need to edit <TT CLASS="FILENAME" @@ -8460,11 +8496,11 @@ allow user and group entries to be visible from the <B CLASS="COMMAND" >winbindd</B > -daemon, as well as from your /etc/hosts files and NIS servers. My -<TT +daemon. My <TT CLASS="FILENAME" >/etc/nsswitch.conf</TT -> file look like this after editing:</P +> file look like +this after editing:</P ><P ><TABLE BORDER="0" @@ -8475,7 +8511,7 @@ WIDTH="100%" ><PRE CLASS="PROGRAMLISTING" > passwd: files winbind - shadow: files winbind + shadow: files group: files winbind</PRE ></TD ></TR @@ -8484,13 +8520,20 @@ CLASS="PROGRAMLISTING" ><P > The libraries needed by the winbind daemon will be automatically -entered into the ldconfig cache the next time your system reboots, but it +entered into the <B +CLASS="COMMAND" +>ldconfig</B +> cache the next time +your system reboots, but it is faster (and you don't need to reboot) if you do it manually:</P ><P ><TT CLASS="PROMPT" ->root# </TT -> /sbin/ldconfig -v | grep winbind</P +>root#</TT +> <B +CLASS="COMMAND" +>/sbin/ldconfig -v | grep winbind</B +></P ><P >This makes <TT CLASS="FILENAME" @@ -8503,7 +8546,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1776" +NAME="AEN1807" >9.5.3.3. Configure smb.conf</A ></H3 ><P @@ -8538,16 +8581,45 @@ CLASS="PROGRAMLISTING" >[global] <...> # separate domain and username with '+', like DOMAIN+username - winbind separator = + + <A +HREF="winbindd.8.html#WINBINDSEPARATOR" +TARGET="_top" +>winbind separator</A +> = + # use uids from 10000 to 20000 for domain users - winbind uid = 10000-20000 + <A +HREF="winbindd.8.html#WINBINDUID" +TARGET="_top" +>winbind uid</A +> = 10000-20000 # use gids from 10000 to 20000 for domain groups - winbind gid = 10000-20000 + <A +HREF="winbindd.8.html#WINBINDGID" +TARGET="_top" +>winbind gid</A +> = 10000-20000 # allow enumeration of winbind users and groups - winbind enum users = yes - winbind enum groups = yes + <A +HREF="winbindd.8.html#WINBINDENUMUSERS" +TARGET="_top" +>winbind enum users</A +> = yes + <A +HREF="winbindd.8.html#WINBINDENUMGROUP" +TARGET="_top" +>winbind enum groups</A +> = yes # give winbind users a real shell (only needed if they have telnet access) - template shell = /bin/bash</PRE + <A +HREF="winbindd.8.html#TEMPLATEHOMEDIR" +TARGET="_top" +>template homedir</A +> = /home/winnt/%D/%U + <A +HREF="winbindd.8.html#TEMPLATESHELL" +TARGET="_top" +>template shell</A +> = /bin/bash</PRE ></TD ></TR ></TABLE @@ -8558,7 +8630,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1785" +NAME="AEN1823" >9.5.3.4. Join the SAMBA server to the PDC domain</A ></H3 ><P @@ -8579,8 +8651,11 @@ a domain user who has administrative privileges in the domain.</P ><P ><TT CLASS="PROMPT" ->root# </TT ->/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</P +>root#</TT +> <B +CLASS="COMMAND" +>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</B +></P ><P >The proper response to the command should be: "Joined the domain <TT @@ -8601,7 +8676,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1795" +NAME="AEN1834" >9.5.3.5. Start up the winbindd daemon and test it!</A ></H3 ><P @@ -8613,25 +8688,37 @@ command as root:</P ><P ><TT CLASS="PROMPT" ->root# </TT ->/usr/local/samba/bin/winbindd</P +>root#</TT +> <B +CLASS="COMMAND" +>/usr/local/samba/bin/winbindd</B +></P ><P >I'm always paranoid and like to make sure the daemon is really running...</P ><P ><TT CLASS="PROMPT" ->root# </TT -> ps -ae | grep winbindd -3025 ? 00:00:00 winbindd</P +>root#</TT +> <B +CLASS="COMMAND" +>ps -ae | grep winbindd</B +></P +><P +>This command should produce output like this, if the daemon is running</P +><P +>3025 ? 00:00:00 winbindd</P ><P >Now... for the real test, try to get some information about the users on your PDC</P ><P ><TT CLASS="PROMPT" ->root# </TT -> # /usr/local/samba/bin/wbinfo -u</P +>root#</TT +> <B +CLASS="COMMAND" +>/usr/local/samba/bin/wbinfo -u</B +></P ><P > This should echo back a list of users on your Windows users on @@ -8656,7 +8743,13 @@ CEO+TsInternetUser</PRE ></TABLE ></P ><P ->Obviously, I have named my domain 'CEO' and my winbindd separator is '+'.</P +>Obviously, I have named my domain 'CEO' and my <TT +CLASS="PARAMETER" +><I +>winbindd +separator</I +></TT +> is '+'.</P ><P >You can do the same sort of thing to get group information from the PDC:</P @@ -8671,8 +8764,11 @@ WIDTH="100%" CLASS="PROGRAMLISTING" ><TT CLASS="PROMPT" ->root# </TT ->/usr/local/samba/bin/wbinfo -g +>root#</TT +> <B +CLASS="COMMAND" +>/usr/local/samba/bin/wbinfo -g</B +> CEO+Domain Admins CEO+Domain Users CEO+Domain Guests @@ -8693,8 +8789,11 @@ Try the following command:</P ><P ><TT CLASS="PROMPT" ->root# </TT -> getent passwd</P +>root#</TT +> <B +CLASS="COMMAND" +>getent passwd</B +></P ><P >You should get a list that looks like your <TT CLASS="FILENAME" @@ -8707,16 +8806,22 @@ directories and default shells.</P ><P ><TT CLASS="PROMPT" ->root# </TT -> getent group</P +>root#</TT +> <B +CLASS="COMMAND" +>getent group</B +></P ></DIV ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1822" ->9.5.3.6. Fix the /etc/rc.d/init.d/smb startup files</A +NAME="AEN1870" +>9.5.3.6. Fix the <TT +CLASS="FILENAME" +>/etc/rc.d/init.d/smb</TT +> startup files</A ></H3 ><P >The <B @@ -8822,47 +8927,81 @@ CLASS="PROGRAMLISTING" ></TR ></TABLE ></P +><P +>If you restart the <B +CLASS="COMMAND" +>smbd</B +>, <B +CLASS="COMMAND" +>nmbd</B +>, +and <B +CLASS="COMMAND" +>winbindd</B +> daemons at this point, you +should be able to connect to the samba server as a domain member just as +if you were a local user.</P ></DIV ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN1839" +NAME="AEN1892" >9.5.3.7. Configure Winbind and PAM</A ></H3 ><P ->If you have made it this far, you know that winbindd is working. -Now it is time to integrate it into the operation of samba and other -services. The pam configuration files need to be altered in +>If you have made it this far, you know that winbindd and samba are working +together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in this step. (Did you remember to make backups of your original <TT CLASS="FILENAME" >/etc/pam.d</TT > files? If not, do it now.)</P ><P ->To get samba to allow domain users and groups, I modified the +>You will need a pam module to use winbindd with these other services. This +module will be compiled in the <TT +CLASS="FILENAME" +>../source/nsswitch</TT +> directory +by invoking the command</P +><P +><TT +CLASS="PROMPT" +>root#</TT +> <B +CLASS="COMMAND" +>make nsswitch/pam_winbind.so</B +></P +><P +>from the <TT +CLASS="FILENAME" +>../source</TT +> directory. The <TT CLASS="FILENAME" ->/etc/pam.d/samba</TT -> file from</P +>pam_winbind.so</TT +> file should be copied to the location of +your other pam security modules. On my RedHat system, this was the +<TT +CLASS="FILENAME" +>/lib/security</TT +> directory.</P ><P -><TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><PRE -CLASS="PROGRAMLISTING" ->auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_stack.so service=system-auth</PRE -></TD -></TR -></TABLE +><TT +CLASS="PROMPT" +>root#</TT +> <B +CLASS="COMMAND" +>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B ></P ><P ->to</P +>The <TT +CLASS="FILENAME" +>/etc/pam.d/samba</TT +> file does not need to be changed. I +just left this fileas it was:</P ><P ><TABLE BORDER="0" @@ -8872,9 +9011,7 @@ WIDTH="100%" ><TD ><PRE CLASS="PROGRAMLISTING" ->auth required /lib/security/pam_winbind.so -auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_winbind.so +>auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth</PRE ></TD ></TR @@ -8965,10 +9102,11 @@ WIDTH="100%" ><TD ><PRE CLASS="PROGRAMLISTING" ->auth sufficient /lib/security/pam_winbind.so -auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +>auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_shells.so +account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth</PRE ></TD @@ -9023,15 +9161,6 @@ CLASS="COMMAND" >winbind.so</B > line to get rid of annoying double prompts for passwords.</P -><P ->Finally, don't forget to copy the winbind pam modules from -the source directory in which you originally compiled the new -SAMBA up to the /lib/security directory so that pam can use it:</P -><P -><TT -CLASS="PROMPT" ->root# </TT -> cp ../samba/source/nsswitch/pam_winbind.so /lib/security</P ></DIV ></DIV ></DIV @@ -9040,7 +9169,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1880" +NAME="AEN1939" >9.6. Limitations</A ></H1 ><P @@ -9081,7 +9210,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1890" +NAME="AEN1949" >9.7. Conclusion</A ></H1 ><P @@ -9105,7 +9234,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1904" +NAME="AEN1963" >10.1. FAQs</A ></H1 ><DIV @@ -9113,7 +9242,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1906" +NAME="AEN1965" >10.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></H2 @@ -9172,7 +9301,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1921" +NAME="AEN1980" >10.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></H2 @@ -9225,7 +9354,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1930" +NAME="AEN1989" >10.1.3. Are there any other issues when OS/2 (any version) is used as a client?</A ></H2 @@ -9247,7 +9376,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1934" +NAME="AEN1993" >10.1.4. How do I get printer driver download working for OS/2 clients?</A ></H2 @@ -9303,7 +9432,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1950" +NAME="AEN2009" >11.1. Introduction</A ></H1 ><P @@ -9325,7 +9454,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1955" +NAME="AEN2014" >11.2. CVS Access to samba.org</A ></H1 ><P @@ -9338,7 +9467,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1958" +NAME="AEN2017" >11.2.1. Access via CVSweb</A ></H2 ><P @@ -9359,7 +9488,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1963" +NAME="AEN2022" >11.2.2. Access via cvs</A ></H2 ><P @@ -9465,14 +9594,14 @@ CLASS="COMMAND" ></DIV ><HR><H1 ><A -NAME="AEN1991" +NAME="AEN2050" >Index</A ></H1 ><DL ><DT ->Primary Domain Controller, +>Primary Domain Controller, <A -HREF="x1096.htm" +HREF="x1098.htm" >Background</A > </DT diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/Samba-PDC-HOWTO.html index f9bde08898..58f3989b4f 100644 --- a/docs/htmldocs/Samba-PDC-HOWTO.html +++ b/docs/htmldocs/Samba-PDC-HOWTO.html @@ -68,32 +68,33 @@ CLASS="NOTE" >Note: </B ><I CLASS="EMPHASIS" ->Author's Note :</I +>Author's Note:</I > This document is a combination -of David Bannon's Samba 2.2 PDC HOWTO and the Samba NT Domain FAQ. +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". Both documents are superseded by this one.</P ></BLOCKQUOTE ></DIV ><P ->Version of Samba prior to release 2.2 had marginal capabilities to -act as a Windows NT 4.0 Primary DOmain Controller (PDC). Beginning with -Samba 2.2.0, we are proud to announce official support for Windows NT 4.0 -style domain logons from Windows NT 4.0 (through SP6) and Windows 2000 (through -SP1) clients. This article outlines the steps necessary for configuring Samba -as a PDC. It is necessary to have a working Samba server prior to implementing the -PDC functionality. If you have not followed the steps outlined in -<A +>Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller + +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in <A HREF="UNIX_INSTALL.html" TARGET="_top" > UNIX_INSTALL.html</A ->, please make sure -that your server is configured correctly before proceeding. Another good -resource in the <A +>, please make sure +that your server is configured correctly before proceeding. Another +good resource in the <A HREF="smb.conf.5.html" TARGET="_top" ->smb.conf(5) man +>smb.conf(5) man page</A ->. The following functionality should work in 2.2:</P +>. The following functionality should work in 2.2:</P ><P ></P ><UL @@ -120,36 +121,10 @@ page</A ></LI ><LI ><P -> Windows NT 4.0 style system policies +> Windows NT 4.0-style system policies </P ></LI ></UL -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Windows 2000 Service Pack 2 Clients</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P -> Samba 2.2.1 is required for PDC functionality when using Windows 2000 - SP2 clients. - </P -></TD -></TR -></TABLE -></DIV ><P >The following pieces of functionality are not included in the 2.2 release:</P ><P @@ -181,7 +156,7 @@ ALIGN="LEFT" ><P >Please note that Windows 9x clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for -support Windows 9x style domain logons is completely different +support Windows 9x-style domain logons is completely different from NT4 domain logons and has been officially supported for some time.</P ><P @@ -214,7 +189,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN51" +NAME="AEN48" >Configuring the Samba Domain Controller</A ></H1 ><P @@ -229,7 +204,10 @@ man page</A >. For convenience, the parameters have been linked with the actual smb.conf description.</P ><P ->Here is an example smb.conf for acting as a PDC:</P +>Here is an example <TT +CLASS="FILENAME" +>smb.conf</TT +> for acting as a PDC:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -335,10 +313,10 @@ TARGET="_top" >path</A > = /usr/local/samba/lib/netlogon <A -HREF="smb.conf.5.html#WRITEABLE" +HREF="smb.conf.5.html#READONLY" TARGET="_top" ->writeable</A -> = no +>read only</A +> = yes <A HREF="smb.conf.5.html#WRITELIST" TARGET="_top" @@ -358,10 +336,10 @@ TARGET="_top" >path</A > = /export/smb/ntprofile <A -HREF="smb.conf.5.html#WRITEABLE" +HREF="smb.conf.5.html#READONLY" TARGET="_top" ->writeable</A -> = yes +>read only</A +> = no <A HREF="smb.conf.5.html#CREATEMASK" TARGET="_top" @@ -407,72 +385,89 @@ CLASS="FILENAME" ></LI ></UL ><P ->As Samba 2.2 does not offer a complete implementation of group mapping between -Windows NT groups and UNIX groups (this is really quite complicated to explain -in a short space), you should refer to the <A +>As Samba 2.2 does not offer a complete implementation of group mapping +between Windows NT groups and Unix groups (this is really quite +complicated to explain in a short space), you should refer to the +<A HREF="smb.conf.5.html#DOMAINADMINGROUP" TARGET="_top" ->domain -admin group</A -> smb.conf parameter for information of creating "Domain Admins" -style accounts.</P +>domain admin +group</A +> smb.conf parameter for information of creating "Domain +Admins" style accounts.</P ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN93" ->Creating Machine Trust Accounts and Joining Clients -to the Domain</A +NAME="AEN91" +>Creating Machine Trust Accounts and Joining Clients to the +Domain</A ></H1 ><P ->A machine trust account is a samba user account owned by a computer. -The account password acts as the shared secret for secure -communication with the Domain Controller. This is a security feature -to prevent an unauthorized machine with the same NetBIOS name from -joining the domain and gaining access to domain user/group accounts. -Hence a Windows 9x host is never a true member of a domain because it does -not posses a machine trust account, and thus has no shared secret with the DC.</P -><P ->On a Windows NT PDC, these machine trust account passwords are stored -in the registry. A Samba PDC stores these accounts in the same location -as user LanMan and NT password hashes (currently <TT +>A machine trust account is a Samba account that is used to +authenticate a client machine (rather than a user) to the Samba +server. In Windows terminology, this is known as a "Computer +Account."</P +><P +>The password of a machine trust account acts as the shared secret for +secure communication with the Domain Controller. This is a security +feature to prevent an unauthorized machine with the same NetBIOS name +from joining the domain and gaining access to domain user/group +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller.</P +><P +>A Windows PDC stores each machine trust account in the Windows +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: + +<P +></P +><UL +><LI +><P +>A Samba account, stored in the same location as user + LanMan and NT password hashes (currently + <TT CLASS="FILENAME" >smbpasswd</TT ->). -However, machine trust accounts only possess and use the NT password hash.</P +>). The Samba account + possesses and uses only the NT password hash.</P +></LI +><LI ><P ->Because Samba requires machine accounts to possess a UNIX uid from -which an Windows NT SID can be generated, all of these accounts -must have an entry in <TT +>A corresponding Unix account, typically stored in + <TT CLASS="FILENAME" >/etc/passwd</TT -> and smbpasswd. -Future releases will alleviate the need to create -<TT +>. (Future releases will alleviate the need to + create <TT CLASS="FILENAME" >/etc/passwd</TT -> entries. </P +> entries.) </P +></LI +></UL +></P ><P ->There are two means of creating machine trust accounts.</P +>There are two ways to create machine trust accounts:</P ><P ></P ><UL ><LI ><P -> Manual creation before joining the client to the domain. In this case, - the password is set to a known value -- the lower case of the - machine's NetBIOS name. - </P +> Manual creation. Both the Samba and corresponding + Unix account are created by hand.</P ></LI ><LI ><P -> Creation of the account at the time of joining the domain. In - this case, the session key of the administrative account used to join - the client to the domain acts as an encryption key for setting the - password to a random value (This is the recommended method). - </P +> "On-the-fly" creation. The Samba machine trust + account is automatically created by Samba at the time the client + is joined to the domain. (For security, this is the + recommended method.) The corresponding Unix account may be + created automatically or manually. </P ></LI ></UL ><DIV @@ -480,22 +475,28 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN107" ->Manually creating machine trust accounts</A +NAME="AEN110" +>Manual Creation of Machine Trust Accounts</A ></H2 ><P ->The first step in creating a machine trust account by hand is to -create an entry for the machine in /etc/passwd. This can be done -using <B +>The first step in manually creating a machine trust account is to +manually create the corresponding Unix account in +<TT +CLASS="FILENAME" +>/etc/passwd</TT +>. This can be done using +<B CLASS="COMMAND" >vipw</B -> or any 'add userr' command which is normally -used to create new UNIX accounts. The following is an example for a Linux -based Samba server:</P +> or other 'add user' command that is normally +used to create new Unix accounts. The following is an example for a +Linux based Samba server:</P ><P -><TT +> <TT CLASS="PROMPT" >root# </TT +><B +CLASS="COMMAND" >/usr/sbin/useradd -g 100 -d /dev/null -c <TT CLASS="REPLACEABLE" ><I @@ -507,28 +508,32 @@ CLASS="REPLACEABLE" ><I >machine_name</I ></TT ->$ </P +>$ </B +></P ><P ><TT CLASS="PROMPT" >root# </TT +><B +CLASS="COMMAND" >passwd -l <TT CLASS="REPLACEABLE" ><I >machine_name</I ></TT ->$</P +>$</B +></P ><P >The <TT CLASS="FILENAME" >/etc/passwd</TT > entry will list the machine name -with a $ appended, won't have a passwd, will have a null shell and no -home directory. For example a machine called 'doppy' would have an +with a "$" appended, won't have a password, will have a null shell and no +home directory. For example a machine named 'doppy' would have an <TT CLASS="FILENAME" >/etc/passwd</TT -> entry like this :</P +> entry like this:</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -545,20 +550,22 @@ CLASS="REPLACEABLE" ><I >machine_nickname</I ></TT -> can be any descriptive name for the -pc i.e. BasementComputer. The <TT +> can be any +descriptive name for the client, i.e., BasementComputer. +<TT CLASS="REPLACEABLE" ><I >machine_name</I ></TT -> absolutely must be -the NetBIOS name of the pc to be added to the domain. The "$" must append the NetBIOS -name of the pc or samba will not recognize this as a machine account</P -><P ->Now that the UNIX account has been created, the next step is to create -the smbpasswd entry for the machine containing the well known initial -trust account password. This can be done using the <A -HREF="smbpasswd.6.html" +> absolutely must be the NetBIOS +name of the client to be joined to the domain. The "$" must be +appended to the NetBIOS name of the client or Samba will not recognize +this as a machine trust account.</P +><P +>Now that the corresponding Unix account has been created, the next step is to create +the Samba account for the client containing the well-known initial +machine trust account password. This can be done using the <A +HREF="smbpasswd.8.html" TARGET="_top" ><B CLASS="COMMAND" @@ -570,11 +577,14 @@ as shown here:</P ><TT CLASS="PROMPT" >root# </TT -> smbpasswd -a -m <TT +><B +CLASS="COMMAND" +>smbpasswd -a -m <TT CLASS="REPLACEABLE" ><I >machine_name</I ></TT +></B ></P ><P >where <TT @@ -583,7 +593,8 @@ CLASS="REPLACEABLE" >machine_name</I ></TT > is the machine's NetBIOS -name. </P +name. The RID of the new machine account is generated from the UID of +the corresponding Unix account.</P ><DIV CLASS="WARNING" ><P @@ -604,9 +615,9 @@ ALIGN="CENTER" ALIGN="LEFT" ><P > Manually creating a machine trust account using this method is the - equivalent of creating a machine account on a Windows NT PDC using + equivalent of creating a machine trust account on a Windows NT PDC using the "Server Manager". From the time at which the account is created - to the time which th client joins the domain and changes the password, + to the time which the client joins the domain and changes the password, your domain is vulnerable to an intruder joining your domain using a a machine with the same NetBIOS name. A PDC inherently trusts members of the domain and will serve out a large degree of user @@ -622,41 +633,98 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN138" ->Creating machine trust accounts "on the fly"</A +NAME="AEN145" +>"On-the-Fly" Creation of Machine Trust Accounts</A ></H2 ><P ->The second, and most recommended way of creating machine trust accounts -is to create them as needed at the time the client is joined to -the domain. You will need to include a value for the <A +>The second (and recommended) way of creating machine trust accounts is +simply to allow the Samba server to create them as needed when the client +is joined to the domain. </P +><P +>Since each Samba machine trust account requires a corresponding +Unix account, a method for automatically creating the +Unix account is usually supplied; this requires configuration of the +<A HREF="smb.conf.5.html#ADDUSERSCRIPT" TARGET="_top" >add user script</A -> -parameter. Below is an example from a RedHat 6.2 Linux system.</P +> +option in <TT +CLASS="FILENAME" +>smb.conf</TT +>. This +method is not required, however; corresponding Unix accounts may also +be created manually.</P +><P +>Below is an example for a RedHat 6.2 Linux system.</P ><P ><PRE CLASS="PROGRAMLISTING" ->add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE +>[global] + # <...remainder of parameters...> + add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE ></P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN154" +>Joining the Client to the Domain</A +></H2 ><P ->In Samba 2.2.1, <I -CLASS="EMPHASIS" ->only the root account</I -> can be used to create -machine accounts like this. Therefore, it is required to create -an entry in smbpasswd for <I -CLASS="EMPHASIS" ->root</I ->. The password -<I +>The procedure for joining a client to the domain varies with the +version of Windows.</P +><P +></P +><UL +><LI +><P +><I CLASS="EMPHASIS" ->SHOULD</I -> be set to a different password that the -associated <TT +>Windows 2000</I +></P +><P +> When the user elects to join the client to a domain, Windows prompts for + an account and password that is privileged to join the domain. A + Samba administrative account (i.e., a Samba account that has root + privileges on the Samba server) must be entered here; the + operation will fail if an ordinary user account is given. + The password for this account should be + set to a different password than the associated + <TT CLASS="FILENAME" >/etc/passwd</TT -> entry for security reasons.</P +> entry, for security + reasons. </P +><P +>The session key of the Samba administrative account acts as an + encryption key for setting the password of the machine trust + account. The machine trust account will be created on-the-fly, or + updated if it already exists.</P +></LI +><LI +><P +><I +CLASS="EMPHASIS" +>Windows NT</I +></P +><P +> If the machine trust account was created manually, on the + Identification Changes menu enter the domain name, but do not + check the box "Create a Computer Account in the Domain." In this case, + the existing machine trust account is used to join the machine to + the domain.</P +><P +> If the machine trust account is to be created + on-the-fly, on the Identification Changes menu enter the domain + name, and check the box "Create a Computer Account in the Domain." In + this case, joining the domain proceeds as above for Windows 2000 + (i.e., you must supply a Samba administrative account when + prompted).</P +></LI +></UL ></DIV ></DIV ><DIV @@ -664,7 +732,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN149" +NAME="AEN169" >Common Problems and Errors</A ></H1 ><P @@ -685,7 +753,7 @@ CLASS="FILENAME" >/etc/passwd</TT > of the machine name with a '$' appended. FreeBSD (and other BSD - systems ?) won't create a user with a '$' in their name. + systems?) won't create a user with a '$' in their name. </P ><P > The problem is only in the program used to make the entry, once @@ -695,7 +763,7 @@ CLASS="COMMAND" >vipw</B > to edit the entry, adding the '$'. Or create the whole entry with vipw if you like, make sure you use a - unique uid ! + unique User ID ! </P ></LI ><LI @@ -704,11 +772,11 @@ CLASS="COMMAND" CLASS="EMPHASIS" >I get told "You already have a connection to the Domain...." or "Cannot join domain, the credentials supplied conflict with an - existing set.." when creating a machine account.</I + existing set.." when creating a machine trust account.</I > </P ><P -> This happens if you try to create a machine account from the +> This happens if you try to create a machine trust account from the machine itself and already have a connection (e.g. mapped drive) to a share (or IPC$) on the Samba PDC. The following command will remove all network drive connections: @@ -762,17 +830,17 @@ CLASS="COMMAND" ><P > <I CLASS="EMPHASIS" ->The machine account for this computer either does not +>The machine trust account for this computer either does not exist or is not accessible.</I > </P ><P > When I try to join the domain I get the message "The machine account - for this computer either does not exist or is not accessible". Whats + for this computer either does not exist or is not accessible". What's wrong? </P ><P -> This problem is caused by the PDC not having a suitable machine account. +> This problem is caused by the PDC not having a suitable machine trust account. If you are using the <TT CLASS="PARAMETER" ><I @@ -785,7 +853,7 @@ CLASS="PARAMETER" ><P > Alternatively if you are creating account entries manually then they have not been created correctly. Make sure that you have the entry - correct for the machine account in smbpasswd file on the Samba PDC. + correct for the machine trust account in smbpasswd file on the Samba PDC. If you added the account using an editor rather than using the smbpasswd utility, make sure that the account name is the machine NetBIOS name with a '$' appended to it ( i.e. computer_name$ ). There must be an entry @@ -859,7 +927,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN197" +NAME="AEN217" >System Policies and Profiles</A ></H1 ><P @@ -881,7 +949,7 @@ Profiles and Policies in Windows NT 4.0</A ><P > <I CLASS="EMPHASIS" ->What about Windows NT Policy Editor ?</I +>What about Windows NT Policy Editor?</I > </P ><P @@ -943,7 +1011,7 @@ CLASS="COMMAND" ><P > <I CLASS="EMPHASIS" ->Can Win95 do Policies ?</I +>Can Win95 do Policies?</I > </P ><P @@ -975,7 +1043,7 @@ CLASS="EMPHASIS" </P ><P > Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager' ? + the 'User Manager for Domains', the 'Server Manager'? </P ><P > Microsoft distributes a version of these tools called nexus for @@ -1021,8 +1089,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN241" ->What other help can I get ?</A +NAME="AEN261" +>What other help can I get?</A ></H1 ><P >There are many sources of information available in the form @@ -1086,7 +1154,7 @@ HREF="http://www.tcpdump.org/" TARGET="_top" >http://www.tcpdup.org/</A >. - Ethereal, another good packet sniffer for UNIX and Win32 + Ethereal, another good packet sniffer for Unix and Win32 hosts, can be downloaded from <A HREF="http://www.ethereal.com/" TARGET="_top" @@ -1286,7 +1354,7 @@ TARGET="_top" ><P > <I CLASS="EMPHASIS" ->How do I get help from the mailing lists ?</I +>How do I get help from the mailing lists?</I > </P ><P @@ -1379,7 +1447,7 @@ CLASS="EMPHASIS" >Please think carefully before attaching a document to an email. Consider pasting the relevant parts into the body of the message. The samba mailing lists go to a huge number of people, do they all need a copy of your - smb.conf in their attach directory ?</P + smb.conf in their attach directory?</P ></LI ></UL ></LI @@ -1387,7 +1455,7 @@ CLASS="EMPHASIS" ><P > <I CLASS="EMPHASIS" ->How do I get off the mailing lists ?</I +>How do I get off the mailing lists?</I > </P ><P @@ -1423,7 +1491,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN355" +NAME="AEN375" >Domain Control for Windows 9x/ME</A ></H1 ><DIV @@ -1435,8 +1503,11 @@ CLASS="NOTE" >Note: </B >The following section contains much of the original DOMAIN.txt file previously included with Samba. Much of -the material is based on what went into the book Special -Edition, Using Samba. (Richard Sharpe)</P +the material is based on what went into the book <I +CLASS="EMPHASIS" +>Special +Edition, Using Samba</I +>, by Richard Sharpe.</P ></BLOCKQUOTE ></DIV ><P @@ -1451,11 +1522,12 @@ other systems based on NT server support this, as does at least Samba TNG now).< server in the domain should accept the same authentication information. Network browsing functionality of domains and workgroups is identical and is explained in BROWSING.txt. It should be noted, that browsing -is total orthogonal to logon support.</P +is totally orthogonal to logon support.</P ><P >Issues related to the single-logon network model are discussed in this -document. Samba supports domain logons, network logon scripts, and user -profiles for MS Windows for workgroups and MS Windows 9X clients.</P +section. Samba supports domain logons, network logon scripts, and user +profiles for MS Windows for workgroups and MS Windows 9X/ME clients +which will be the focus of this section.</P ><P >When an SMB client in a domain wishes to logon it broadcast requests for a logon server. The first one to reply gets the job, and validates its @@ -1466,37 +1538,12 @@ servers advertising themselves as participating in a domain. This demonstrates how authentication is quite different from but closely involved with domains.</P ><P ->Another thing commonly associated with single-logon domains is remote -administration over the SMB protocol. Again, there is no reason why this -cannot be implemented with an underlying username database which is -different from the Windows NT SAM. Support for the Remote Administration -Protocol is planned for a future release of Samba.</P -><P ->Network logon support as discussed in this section is aimed at Window for -Workgroups, and Windows 9X clients. </P -><P ->Support for profiles is confirmed as working for Win95, NT 4.0 and NT 3.51. -It is possible to specify: the profile location; script file to be loaded -on login; the user's home directory; and for NT a kick-off time could also -now easily be supported. However, there are some differences between Win9X -profile support and WinNT profile support. These are discussed below.</P -><P ->With NT Workstations, all this does not require the use or intervention of -an NT 4.0 or NT 3.51 server: Samba can now replace the logon services -provided by an NT server, to a limited and experimental degree (for example, -running "User Manager for Domains" will not provide you with access to -a domain created by a Samba Server).</P -><P ->With Win95, the help of an NT server can be enlisted, both for profile storage -and for user authentication. For details on user authentication, see -security_level.txt. For details on profile storage, see below.</P -><P >Using these features you can make your clients verify their logon via the Samba server; make clients run a batch file when they logon to the network and download their preferences, desktop and start menu.</P ><P ->Before launching into the configuration instructions, it is worthwhile looking -at how a Win9X client performs a logon:</P +>Before launching into the configuration instructions, it is +worthwhile lookingat how a Windows 9x/ME client performs a logon:</P ><P ></P ><OL @@ -1504,7 +1551,7 @@ TYPE="1" ><LI ><P > The client broadcasts (to the IP broadcast address of the subnet it is in) - a NetLogon request. This is sent to the NetBIOS address DOMAIN<00> at the + a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the NetBIOS layer. The client chooses the first response it receives, which contains the NetBIOS name of the logon server to use in the format of \\SERVER. @@ -1559,95 +1606,27 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN385" +NAME="AEN401" >Configuration Instructions: Network Logons</A ></H2 ><P ->To use domain logons and profiles you need to do the following:</P +>The main difference between a PDC and a Windows 9x logon +server configuration is that</P ><P ></P -><OL -TYPE="1" -><LI -><P -> Create a share called [netlogon] in your smb.conf. This share should - be readable by all users, and probably should not be writeable. This - share will hold your network logon scripts, and the CONFIG.POL file - (Note: for details on the CONFIG.POL file, how to use it, what it is, - refer to the Microsoft Windows NT Administration documentation. - The format of these files is not known, so you will need to use - Microsoft tools). - </P -><P -> For example I have used: - </P -><P -><PRE -CLASS="PROGRAMLISTING" ->[netlogon] - path = /data/dos/netlogon - writeable = no - guest ok = no</PRE -></P -><P -> Note that it is important that this share is not writeable by ordinary - users, in a secure environment: ordinary users should not be allowed - to modify or add files that another user's computer would then download - when they log in. - </P -></LI -><LI -><P -> in the [global] section of smb.conf set the following: - </P -><P -><PRE -CLASS="PROGRAMLISTING" ->domain logons = yes -logon script = %U.bat - </PRE -></P -><P -> The choice of batch file is, of course, up to you. The above would - give each user a separate batch file as the %U will be changed to - their username automatically. The other standard % macros may also be - used. You can make the batch files come from a subdirectory by using - something like: - </P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon script = scripts\%U.bat - </PRE -></P -></LI +><UL ><LI ><P -> create the batch files to be run when the user logs in. If the batch - file doesn't exist then no batch file will be run. - </P -><P -> In the batch files you need to be careful to use DOS style cr/lf line - endings. If you don't then DOS may get confused. I suggest you use a - DOS editor to remotely edit the files if you don't know how to produce - DOS style files under unix. - </P +>Password encryption is not required for a Windows 9x logon server.</P ></LI ><LI ><P -> Use smbclient with the -U option for some users to make sure that - the \\server\NETLOGON share is available, the batch files are - visible and they are readable by the users. - </P +>Windows 9x/ME clients do not possess machine trust accounts.</P ></LI -><LI +></UL ><P -> you will probably find that your clients automatically mount the - \\SERVER\NETLOGON share as drive z: while logging in. You can put - some useful programs there to execute from the batch files. - </P -></LI -></OL +>Therefore, a Samba PDC will also act as a Windows 9x logon +server.</P ><DIV CLASS="WARNING" ><P @@ -1687,7 +1666,7 @@ CLASS="CONSTANT" > mode security is really just a variation on SMB user level security.</P ><P ->Actually, this issue is also closer tied to the debate on whether +>Actually, this issue is also closely tied to the debate on whether or not Samba must be the domain master browser for its workgroup when operating as a DC. While it may technically be possible to configure a server as such (after all, browsing and domain logons @@ -1721,7 +1700,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN419" +NAME="AEN420" >Configuration Instructions: Setting up Roaming User Profiles</A ></H2 ><DIV @@ -1769,11 +1748,11 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN427" +NAME="AEN428" >Windows NT Configuration</A ></H3 ><P ->To support WinNT clients, inn the [global] section of smb.conf set the +>To support WinNT clients, in the [global] section of smb.conf set the following (for example):</P ><P ><PRE @@ -1804,7 +1783,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN435" +NAME="AEN436" >Windows 9X Configuration</A ></H3 ><P @@ -1835,7 +1814,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN443" +NAME="AEN444" >Win9X and WinNT Configuration</A ></H3 ><P @@ -1864,7 +1843,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN450" +NAME="AEN451" >Windows 9X Profile Setup</A ></H3 ><P @@ -1936,7 +1915,7 @@ the newest folders and short-cuts from each set.</P >If you have made the folders / files read-only on the samba server, then you will get errors from the w95 machine on logon and logout, as it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the unix file +you have any errors reported by the w95 machine, check the Unix file permissions and ownership rights on the profile directory contents, on the samba server.</P ><P @@ -2021,7 +2000,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN486" +NAME="AEN487" >Windows NT Workstation 4.0</A ></H3 ><P @@ -2103,7 +2082,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN499" +NAME="AEN500" >Windows NT Server</A ></H3 ><P @@ -2117,7 +2096,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN502" +NAME="AEN503" >Sharing Profiles between W95 and NT Workstation 4.0</A ></H3 ><DIV @@ -2182,7 +2161,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN512" +NAME="AEN513" >DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A ></H1 ><DIV diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html index 31afa11cf8..ad8c7c61ab 100644 --- a/docs/htmldocs/nmbd.8.html +++ b/docs/htmldocs/nmbd.8.html @@ -37,7 +37,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >nmbd</B -> [-D] [-a] [-o] [-P] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log file>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]</P +> [-D] [-a] [-o] [-P] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]</P ></DIV ><DIV CLASS="REFSECT1" @@ -275,22 +275,19 @@ CLASS="FILENAME" > file.</P ></DD ><DT ->-l <log file></DT +>-l <log directory></DT ><DD ><P ->The -l parameter specifies a path - and base filename into which operational data from - the running <B +>The -l parameter specifies a directory + into which the "log.nmbd" log file will be created + for operational data from the running + <B CLASS="COMMAND" >nmbd</B -> server will - be logged. The actual log file name is generated by - appending the extension ".nmb" to the specified base - name. For example, if the name specified was "log" - then the file log.nmb would contain the debugging data.</P -><P ->The default log file path is compiled into Samba as - part of the build process. Common defaults are <TT +> server.</P +><P +>The default log directory is compiled into Samba + as part of the build process. Common defaults are <TT CLASS="FILENAME" > /usr/local/samba/var/log.nmb</TT >, <TT diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html index 53a0ea98dd..98a19c6ea2 100644 --- a/docs/htmldocs/rpcclient.1.html +++ b/docs/htmldocs/rpcclient.1.html @@ -197,7 +197,7 @@ CLASS="FILENAME" ><P >Sets the SMB username or username and password. </P ><P ->If %password is not specified, The user will be prompted. The +>If %password is not specified, the user will be prompted. The client will first check the <TT CLASS="ENVAR" >USER</TT diff --git a/docs/htmldocs/samba-pdc-faq.html b/docs/htmldocs/samba-pdc-faq.html deleted file mode 100644 index 058a5d5f51..0000000000 --- a/docs/htmldocs/samba-pdc-faq.html +++ /dev/null @@ -1,1954 +0,0 @@ -<HTML -><HEAD -><TITLE ->The Samba 2.2 PDC FAQ</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="BOOK" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="BOOK" -><A -NAME="SAMBA-PDC-FAQ" -></A -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="SAMBA-PDC-FAQ" ->The Samba 2.2 PDC FAQ</A -></H1 -><H3 -CLASS="AUTHOR" -><A -NAME="AEN4" ->David Bannon</A -></H3 -><DIV -CLASS="AFFILIATION" -><SPAN -CLASS="ORGNAME" ->La Trobe University<BR></SPAN -></DIV -><HR></DIV -><HR><H1 -><A -NAME="AEN12" -></A -></H1 -><P -> This is the FAQ for Samba 2.2 as an NTDomain controller. - This document is derived from the origional FAQ that was built and - maintained by Gerald Carter from the early days of Samba NTDomain development - up until recently. It is now being updated as significent changes are - made to 2.2.0. - </P -><P -> Please note it does not apply to the SAMBA_TNG nor the HEAD branch. - </P -><P -> Also available is a Samba 2.2 PDC <A -HREF="samba-pdc-howto.html" -TARGET="_top" ->HOWTO</A -> - that takes you, step by step, over the process of setting up a very basic Samba - 2.2 Primary Domain Controller - </P -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->1. <A -HREF="#AEN19" ->Introduction</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN21" ->State of Play</A -></DT -><DT -><A -HREF="#AEN27" ->Introduction</A -></DT -></DL -></DD -><DT ->2. <A -HREF="#AEN33" ->General Information</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN35" ->What can we do ?</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN37" ->What can Samba 2.2.x Primary Domain Controller (PDC) do ?</A -></DT -><DT -><A -HREF="#AEN62" ->Can I have a Windows 2000 client logon to a Samba -controlled domain?</A -></DT -></DL -></DD -><DT -><A -HREF="#AEN65" ->CVS</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN68" ->What are the different Samba branches available in CVS ?</A -></DT -><DT -><A -HREF="#AEN91" ->What are the CVS commands ?</A -></DT -></DL -></DD -></DL -></DD -><DT ->3. <A -HREF="#AEN95" ->Establishing Connections</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN97" -></A -></DT -><DD -><DL -><DT -><A -HREF="#AEN99" ->How do I get my NT4 or W2000 Workstation to login to the Samba -controlled Domain?</A -></DT -><DT -><A -HREF="#AEN103" ->What is a 'machine account' ?</A -></DT -><DT -><A -HREF="#AEN110" ->"The machine account for this computer either does not -exist or is not accessable."</A -></DT -><DT -><A -HREF="#AEN116" ->How do I create machine accounts manually ?</A -></DT -><DT -><A -HREF="#AEN129" ->I cannot include a '$' in a machine name.</A -></DT -><DT -><A -HREF="#AEN135" ->I get told "You already have a connection to the Domain...." -when creating a machine account.</A -></DT -><DT -><A -HREF="#AEN139" ->I get told "Cannot join domain, the credentials supplied -conflict with an existing set.."</A -></DT -><DT -><A -HREF="#AEN143" ->"The system can not log you on (C000019B)...."</A -></DT -></DL -></DD -></DL -></DD -><DT ->4. <A -HREF="#AEN147" ->User Account Management</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN149" ->Domain Admins</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN151" ->How do I configure an account as a domain administrator?</A -></DT -></DL -></DD -><DT -><A -HREF="#AEN155" ->Profiles</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN157" ->Why is it bad to set "logon path = \\%N\%U\profile" in -smb.conf?</A -></DT -><DT -><A -HREF="#AEN169" ->Why are all the users listed in the "domain admin users" using the -same profile?</A -></DT -><DT -><A -HREF="#AEN172" ->The roaming profiles do not seem to be updating on the -server.</A -></DT -></DL -></DD -><DT -><A -HREF="#AEN180" ->Policies</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN182" ->What are 'Policies' ?.</A -></DT -><DT -><A -HREF="#AEN188" ->I can't get system policies to work.</A -></DT -><DT -><A -HREF="#AEN203" ->What about Windows NT Policy Editor ?</A -></DT -><DT -><A -HREF="#AEN217" ->Can Win95 do Policies ?</A -></DT -></DL -></DD -><DT -><A -HREF="#AEN223" ->Passwords</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN225" ->What is password sync and should I use it ?</A -></DT -><DT -><A -HREF="#AEN239" ->How do I get remote password (unix and SMB) changing working ?</A -></DT -></DL -></DD -></DL -></DD -><DT ->5. <A -HREF="#AEN246" ->Miscellaneous</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN248" -></A -></DT -><DD -><DL -><DT -><A -HREF="#AEN250" ->What editor can I use in DOS/Windows that won't -mess with my unix EOF</A -></DT -><DT -><A -HREF="#AEN263" ->How do I get 'User Manager' and 'Server Manager'</A -></DT -><DT -><A -HREF="#AEN278" ->The time setting from a Samba server does not work.</A -></DT -><DT -><A -HREF="#AEN282" ->"trust account xxx should be in DOMAIN_GROUP_RID_USERS"</A -></DT -><DT -><A -HREF="#AEN286" ->How do I get my samba server to become a member ( not PDC ) of an NT domain?</A -></DT -></DL -></DD -></DL -></DD -><DT ->6. <A -HREF="#AEN290" ->Troubleshooting and Bug Reporting</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN292" ->Diagnostic tools</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN294" ->What are some diagnostics tools I can use to debug the domain logon process and where can I - find them?</A -></DT -><DT -><A -HREF="#AEN309" ->How do I install 'Network Monitor' on an NT Workstation -or a Windows 9x box?</A -></DT -></DL -></DD -><DT -><A -HREF="#AEN338" ->What other help can I get ?</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN341" ->URLs and similar</A -></DT -><DT -><A -HREF="#AEN374" ->How do I get help from the mailing lists ?</A -></DT -><DT -><A -HREF="#AEN403" ->How do I get off the mailing lists ?</A -></DT -></DL -></DD -></DL -></DD -></DL -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN19" ->Chapter 1. Introduction</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN21" ->State of Play</A -></H1 -><P ->Much of the related code does work. For example, if an NT is removed from the - domain and then rejoins, the <TT -CLASS="FILENAME" ->Create a Computer Account in the Domain</TT -> dialog - will let you reset the smbpasswd. That is you don't need to do it from - the unix box. However, at the present, you do need to have root as an - administrator and use the root user name and password.</P -><P -><B -CLASS="COMMAND" ->Policies</B -> do work on a W2K machine. MS says that recent - builds of W2K dont observe an NT policy but it appears it does in 'legacy' - mode.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN27" ->Introduction</A -></H1 -><P -> This FAQ was origionally compiled by Jerry Carter (gc) chiefly dealing - with the 'old HEAD' version of Samba and its NTDomain facilities. It is - being rewritten by David Bannon (drb) so that it addresses more - accurately the Samba 2.2.x release. - </P -><P -> This document probably still contains some material that does not apply - to Samba 2.2 but most (all?) of the really misleading stuff has been - removed. Some issues are not dealt with or are dealt with badly. Please - send corrections and additions to <A -HREF="mailto:D.Bannon@latrobe.edu.au" -TARGET="_top" ->David Bannon</A ->. - </P -><P ->Hopefully, as we all become familiar with the Samba 2.2 as a - PDC this document will become much more usefull.</P -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN33" ->Chapter 2. General Information</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN35" ->What can we do ?</A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN37" ->What can Samba 2.2.x Primary Domain Controller (PDC) do ?</A -></H2 -><P -> If you wish to have Samba act as a PDC for Windows NT 4.0/2000 client, - then you will need to obtain the 2.2.0 version. Release of a stable, - full featured Samba PDC is currently slated for version 3.0. - </P -><P -> The following is a list of included features currently in - Samba 2.2: - </P -><P -></P -><UL -><LI -><P ->The ability to act as a limited PDC for - Windows NT and W2000 clients. This includes adding NT and - W2K machines to the domain and authenticating users logging - into the domain.</P -></LI -><LI -><P ->Domain account can be viewed using the User - Manager for Domains</P -></LI -><LI -><P ->Viewing/adding/deleting resources on the Samba - PDC via the Server Manager for Domains from the NT client. - </P -></LI -><LI -><P ->Windows 95/98/ME clients will allow user - level security to be set and browsing of domain accounts. - </P -></LI -><LI -><P ->Machine account password updates.</P -></LI -><LI -><P ->Changing of user passwords from an NT client. - </P -></LI -><LI -><P ->Partial support for Windows NT username mapping. - Group name mapping is slated for a later release.</P -></LI -></UL -><P -> These things are note expected to work in the forseeable future: - </P -><P -></P -><UL -><LI -><P ->Trust relationships</P -></LI -><LI -><P ->PDC and BDC integration</P -></LI -></UL -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN62" ->Can I have a Windows 2000 client logon to a Samba -controlled domain?</A -></H2 -><P -> The 2.2 release branch of Samba supports Windows 2000 domain - clients in legacy mode, ie as if the PDC is a NTServer, not a - W2K server. - </P -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN65" ->CVS</A -></H1 -><P -> CVS is a programme (publically available) that the Samba developers - use to maintain the central source code. Non developers can get - access to the source in a read only capacity. Many flavours of unix - now arrive with cvs installed.</P -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN68" ->What are the different Samba branches available in CVS ?</A -></H2 -><P ->You can find out more about obtaining Samba's via anonymous - CVS from <A -HREF="http://pserver.samba.org/samba/cvs.html" -TARGET="_top" -> http://pserver.samba.org/samba/cvs.html</A ->. - </P -><P -> There are basically four branches to watch at the moment : - </P -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT ->HEAD</DT -><DD -><P ->Samba 3.0 ? This code boasts all the main - development work in Samba. Due to its developmental - nature, its not really suitable for production work. - </P -></DD -><DT ->SAMBA_2_0</DT -><DD -><P ->This branch contains the previous stable - release. At the moment it contains 2.0.8, a version that - will do some limited PDC stuff. If you are really going to - do PDC things, you consider 2.2 instead. - </P -></DD -><DT ->SAMBA_2_2</DT -><DD -><P ->The 2.2.x release branch which is a subset - of the features of the HEAD branch. This document addresses - only SAMBA_2_2. - </P -></DD -><DT ->SAMBA_TNG</DT -><DD -><P ->This branch is no longer maintained from the Samba - sites. Please see <A -HREF="http://www.samba-tng.org/" -TARGET="_top" -> http://www.samba-tng.org/</A ->. It has been requested - that questions about TNG are not posted to the regular Samba - mailing lists including samba-ntdom and samba-technical. - </P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN91" ->What are the CVS commands ?</A -></H2 -><P -> See <A -HREF="http://pserver.samba.org/samba/cvs.html" -TARGET="_top" -> http://pserver.samba.org/samba/cvs.html</A -> for instructions - on obtaining the SAMBA_2_2 or HEAD cvs code. - </P -></DIV -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN95" ->Chapter 3. Establishing Connections</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN97" -></A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN99" ->How do I get my NT4 or W2000 Workstation to login to the Samba -controlled Domain?</A -></H2 -><P -> There is a comprehensive Samba PDC <A -HREF="samba-pdc-howto.html" -TARGET="_top" ->HOWTO</A -> accessable from the samba web - site under 'Documentation'. Read it. - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN103" ->What is a 'machine account' ?</A -></H2 -><P -> Every NT, W2K or Samba machine that joins a Samba controlled - domain must be known to the Samba PDC. There are two entries - required, one in (typically) <TT -CLASS="FILENAME" ->/etc/passwd</TT -> - and the other in (typically) <TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT ->. - Under some circumstances these entries are made - <A -HREF="#AEN116" ->manually</A ->, the <A -HREF="samba-pdc-howto.html" -TARGET="_top" ->HOWTO</A -> - discusses ways of creating them automatically.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN110" ->"The machine account for this computer either does not -exist or is not accessable."</A -></H2 -><P -> When I try to join the domain I get the message "The machine account - for this computer either does not exist or is not accessable". Whats - wrong ? - </P -><P -> This problem is caused by the PDC not having a suitable machine account. - If you are using the <B -CLASS="COMMAND" ->add user script =</B -> method to create - accounts then this would indicate that it has not worked. Ensure the domain - admin user system is working. - </P -><P -> Alternatively if you are creating account entries manually then they - have not been created correctly. Make sure that you have the entry - correct for the machine account in smbpasswd file on the Samba PDC. - If you added the account using an editor rather than using the smbpasswd - utility, make sure that the account name is the machine netbios name - with a '$' appended to it ( ie. computer_name$ ). There must be an entry - in both /etc/passwd and the smbpasswd file. Some people have reported - that inconsistent subnet masks between the Samba server and the NT - client have caused this problem. Make sure that these are consistent - for both client and server. - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN116" ->How do I create machine accounts manually ?</A -></H2 -><P -> This was the only option until recently, now in version 2.2 better - means are available. You might still need to do it manually for a - couple of reasons. A machine account consists of two entries (assuming - a standard install and /etc/passwd use), one in /etc/passwd and the - other in /usr/local/samba/private/smbpasswd. The /etc/passwd - entry will list the machine name with a $ appended, won't have a - passwd, will have a null shell and no home directory. For example - a machine called 'doppy' would have an /etc/passwd entry like this :</P -><P -> <B -CLASS="COMMAND" ->doppy$:x:505:501:NTMachine:/dev/null:/bin/false</B -> - </P -><P -> On a linux system for example, you would typically add it like - this : - </P -><P -> <B -CLASS="COMMAND" ->adduser -g machines -c NTMachine -d /dev/null -s /bin/false -n - doppy$</B -> - </P -><P -> Then you need to add that entry to smbpasswd, assuming you have a suitable - path to the <B -CLASS="COMMAND" ->smbpasswd</B -> programme, do this : - </P -><P -> <B -CLASS="COMMAND" ->smbpasswd -a -m doppy$</B -> - </P -><P -> The entry will be created with a well known password, so any machine that - says its doppy could join the domain as long as it gets in first. So - don't create the accounts any earlier than you need them. - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN129" ->I cannot include a '$' in a machine name.</A -></H2 -><P -> A 'machine name' in (typically) <TT -CLASS="FILENAME" ->/etc/passwd</TT -> consists - of the machine name with a '$' appended. FreeBSD (and other BSD - systems ?) won't create a user with a '$' in their name. - </P -><P -> The problem is only in the program used to make the entry, once - made, it works perfectly. So create a user without the '$' and - use <B -CLASS="COMMAND" ->vipw</B -> to edit the entry, adding the '$'. Or create - the whole entry with vipw if you like, make sure you use a - unique uid !</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN135" ->I get told "You already have a connection to the Domain...." -when creating a machine account.</A -></H2 -><P -> This happens if you try to create a machine account from the - machine itself and use a user name that does not work (for whatever - reason) and then try another (possibly valid) user name. - Exit out of the network applet to close the initial connection - and try again. - </P -><P -> Further, if the machine is a already a 'member of a workgroup' that - is the same name as the domain you are joining (bad idea) you will - get this message. Change the workgroup name to something else, it - does not matter what, reboot, and try again.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN139" ->I get told "Cannot join domain, the credentials supplied -conflict with an existing set.."</A -></H2 -><P -> This is the same basic problem as mentioned above, <A -HREF="#AEN135" -> "You already have a connection..."</A -> - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN143" ->"The system can not log you on (C000019B)...."</A -></H2 -><P ->I joined the domain successfully but after upgrading - to a newer version of the Samba code I get the message, "The system - can not log you on (C000019B), Please try a gain or consult your - system administrator" when attempting to logon. - </P -><P -> This occurs when the domain SID stored in private/WORKGROUP.SID is - changed. For example, you remove the file and smbd automatically - creates a new one. Or you are swapping back and forth between - versions 2.0.7, TNG and the HEAD branch code (not recommended). The - only way to correct the problem is to restore the original domain - SID or remove the domain client from the domain and rejoin. - </P -></DIV -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN147" ->Chapter 4. User Account Management</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN149" ->Domain Admins</A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN151" ->How do I configure an account as a domain administrator?</A -></H2 -><P -> See the NTDom <A -HREF="samba-pdc-howto.html" -TARGET="_top" ->HowTo</A ->. - </P -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN155" ->Profiles</A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN157" ->Why is it bad to set "logon path = \\%N\%U\profile" in -smb.conf?</A -></H2 -><P -> Sometimes Windows clients will maintain a connection to - the \\homes\ ( or [%U] ) share even after the user has logged out. - Consider the following scenario. - </P -><P -></P -><UL -><LI -><P -> user1 logs into the Windows NT machine. - Therefore the [homes] share is set to \\server\user1. - </P -></LI -><LI -><P -> user1 works for a while and then logs - out. </P -></LI -><LI -><P -> user2 logs into the same Windows NT - machine.</P -></LI -></UL -><P -> However, since the NT box has maintained a connection to [homes] - which was previously set to \\server\user1, when the operating system - attempts to get the profile and if it can read users1's profile, will - get it otherwise it will return an error. You get the picture. - </P -><P -> A better solution is to use a separate [profiles] share and - set the "logon path = \\%N\profiles\%U" - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN169" ->Why are all the users listed in the "domain admin users" using the -same profile?</A -></H2 -><P -> You are using a very very old development version of Samba. - Upgrade. - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN172" ->The roaming profiles do not seem to be updating on the -server.</A -></H2 -><P -> There can be several reasons for this. - </P -><P -> Make sure that the time on the client and the PDC are synchronized. You - can accomplish this by executing a <B -CLASS="COMMAND" ->net time \\server /set /yes</B -> - replacing server with the name of your PDC (or another synchronized SMB server). - See <A -HREF="#AEN278" -> about Setting Time</A -> - </P -><P -> Make sure that the "logon path" is writeable by the user and make sure - that the connection to the logon path location is by the current user. - Sometimes Windows client do not drop the connection immediately upon - logoff. - </P -><P -> Some people have reported that the logon path location should - also be browseable. I (GC) have yet to emperically verify this, - but you can try.</P -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN180" ->Policies</A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN182" ->What are 'Policies' ?.</A -></H2 -><P -> When a user logs onto the domain via a client machine, the PDC - sends the client machine a list of things contained in the - 'policy' (if it exists). This list may do things like suppress - a splach screen, format the dates the way you like them or perhaps - remove locally stored profiles. - </P -><P -> On a samba PDC this list is obtained from a file called - <TT -CLASS="FILENAME" ->ntconfig.pol</TT -> and located in the [netlogon] - share. The file is created with a policy editor and must be readable - by anyone and writeable by only root. See <A -HREF="#AEN203" -> below</A -> for how to get a suitable editor. - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN188" ->I can't get system policies to work.</A -></H2 -><P -> There are two possible reasons for system policies not - functioning correctly. Make sure that you have the following - parameters set in smb.conf - </P -><P -><PRE -CLASS="PROGRAMLISTING" -> [netlogon] - .... - locking = no - public = no - browseable = yes - .... - </PRE -></P -><P -> A policy file must be in the [netlogon] share and must be - readable by everyone and writeable by only root. The file - must be created by an NTServer <A -HREF="#AEN203" ->Policy - Editor</A ->. - </P -><P -> Last time I (drb) looked in the source, it was looking for - <TT -CLASS="FILENAME" ->ntconfig.pol</TT -> first then several other - combinations of upper and lower case. People have reported - success using <TT -CLASS="FILENAME" ->NTconfig.pol</TT ->, <TT -CLASS="FILENAME" ->NTconfig.POL</TT -> - and <TT -CLASS="FILENAME" ->ntconfig.pol</TT ->. These are the case settings that - I (GC) use with the filename <TT -CLASS="FILENAME" ->ntconfig.pol</TT ->: - </P -><P -><PRE -CLASS="PROGRAMLISTING" -> case sensitive = no - case preserve = yes - short preserve case = no - default case = yes - </PRE -></P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN203" ->What about Windows NT Policy Editor ?</A -></H2 -><P -> To create or edit <TT -CLASS="FILENAME" ->ntconfig.pol</TT -> you must use - the NT Server Policy Editor, <B -CLASS="COMMAND" ->poledit.exe</B -> which - is included with NT Server but <I -CLASS="EMPHASIS" ->not NT Workstation</I ->. - There is a Policy Editor on a NTws - but it is not suitable for creating <I -CLASS="EMPHASIS" ->Domain Policies</I ->. - Further, although the Windows 95 - Policy Editor can be installed on an NT Workstation/Server, it will not - work with NT policies because the registry key that are set by the policy templates. - However, the files from the NT Server will run happily enough on an NTws. - You need <TT -CLASS="FILENAME" ->poledit.exe, common.adm</TT -> and <TT -CLASS="FILENAME" ->winnt.adm</TT ->. It is convenient - to put the two *.adm files in <TT -CLASS="FILENAME" ->c:\winnt\inf</TT -> which is where - the binary will look for them unless told otherwise. Note also that that - directory is 'hidden'. - </P -><P ->The Windows NT policy editor is also included with the - Service Pack 3 (and later) for Windows NT 4.0. Extract the files using - <B -CLASS="COMMAND" ->servicepackname /x</B ->, ie thats <B -CLASS="COMMAND" ->Nt4sp6ai.exe - /x</B -> for service pack 6a. The policy editor, <B -CLASS="COMMAND" ->poledt.exe</B -> and the - associated template files (*.adm) should - be extracted as well. It is also possible to downloaded the policy template - files for Office97 and get a copy of the policy editor. Another possible - location is with the Zero Administration Kit available for download from Microsoft. - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN217" ->Can Win95 do Policies ?</A -></H2 -><P -> Install the group policy handler for Win9x to pick up group - policies. Look on the Win98 CD in <TT -CLASS="FILENAME" ->\tools\reskit\netadmin\poledit</TT ->. - Install group policies on a Win9x client by double-clicking - <TT -CLASS="FILENAME" ->grouppol.inf</TT ->. Log off and on again a couple of - times and see if Win98 picks up group policies. Unfortunately this needs - to be done on every Win9x machine that uses group policies.... - </P -><P -> If group policies don't work one reports suggests getting the updated - (read: working) grouppol.dll for Windows 9x. The group list is grabbed - from /etc/group. - </P -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN223" ->Passwords</A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN225" ->What is password sync and should I use it ?</A -></H2 -><P -> NTws users can change their domain password by pressing Ctrl-Alt-Del - and choosing 'Change Password'. By default however, this does not change the unix password - (typically in <TT -CLASS="FILENAME" ->/etc/passwd</TT -> or <TT -CLASS="FILENAME" ->/etc/shadow</TT ->). - In lots of situations thats OK, for example : - </P -><P -></P -><UL -><LI -><P ->The server is only accessible to the user via - samba.</P -></LI -><LI -><P ->Pam_smb or similar is installed so other applications - still refer to the samba password.</P -></LI -></UL -><P -> But sometimes you really do need to maintain two seperate password - databases and there are good reasons to keep then in sync. Trying - to explain to users that they need to change their passwords in two - seperate places or use two seperate passwords is not fun. - </P -><P -> However do understand that setting up password sync is not without - problems either. The chief difficulty is the interface between Samba - and the <B -CLASS="COMMAND" ->passwd</B -> command, it can be a fiddle to set - up and if the password the user has entered fails, the resulting errors - are ambiguously reported and the user is confused. Further, you need - to take steps to ensure that users only ever change their passwords - via samba (or use <B -CLASS="COMMAND" ->smbpasswd</B ->), otherwise they will - only be changing the unix password.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN239" ->How do I get remote password (unix and SMB) changing working ?</A -></H2 -><P -> Have a practice changing a user's password (as root) to see - what discussion takes place and change the text in the 'passwd chat' - line below as necessary. The line as shown works for recent RH Linux - but most other systems seem to like to do something different. The '*' is - a wild card and will match anything (or nothing). - </P -><P -> Add these lines to smb.conf under [Global] - </P -><P -><PRE -CLASS="PROGRAMLISTING" -> - - unix password sync = true - passwd program = /usr/bin/passwd %u - passwd chat = *password* %n\n *password* %n\n *successful* - </PRE -></P -><P -> As mentioned above, the change to the unix password happens as root, - not as the user, as is indicated in ~/smbd/chgpasswd.c If - you are using NIS, the Samba server must be running on the NIS - master machine. - </P -></DIV -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN246" ->Chapter 5. Miscellaneous</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN248" -></A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN250" ->What editor can I use in DOS/Windows that won't -mess with my unix EOF</A -></H2 -><P ->There are a number of Windows or DOS based editors that will - understand, and leave intact, the unix eof (as opposed to a DOS CL/LF). - List members suggested : - </P -><P -></P -><UL -><LI -><P ->UltraEdit at <A -HREF="http://www.ultraedit.com" -TARGET="_top" ->www.ultraedit.com</A -></P -></LI -><LI -><P ->VI for windows at <A -HREF="http://home.snafu.de/ramo/WinViEn.htm" -TARGET="_top" -> home.snafu.de/ramo/WinViEn.htm</A -></P -></LI -><LI -><P ->The author prefers PFE at <A -HREF="http://www.lancs.ac.uk/people/cpaap/pfe/" -TARGET="_top" -> www.lancs.ac.uk/people/cpaap/pfe/</A -> but its no longer being developed...</P -></LI -></UL -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN263" ->How do I get 'User Manager' and 'Server Manager'</A -></H2 -><P -> Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager' ? - </P -><P -> Microsoft distributes a version of - these tools called nexus for installation on Windows 95 systems. The - tools set includes - </P -><P -></P -><UL -><LI -><P ->Server Manager</P -></LI -><LI -><P ->User Manager for Domains</P -></LI -><LI -><P ->Event Viewer</P -></LI -></UL -><P -> Click here to download the archived file <A -HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE" -TARGET="_top" ->ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A -> - </P -><P -> The Windows NT 4.0 version of the 'User Manager for - Domains' and 'Server Manager' are available from Microsoft via ftp - from <A -HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" -TARGET="_top" ->ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A -> - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN278" ->The time setting from a Samba server does not work.</A -></H2 -><P ->If it works OK when you log on as Domain Admin then the problem is that ordinary users - don't have permission to change the time. (The system is running with their permission - at logon time.) This is not a Samba problem, you will have the same problem where ever - you connect. You can give 'everyone' permission to change the time from the User Manager. - </P -><P ->Anyone know what the registry settings are so this could be done with a Policy ?</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN282" ->"trust account xxx should be in DOMAIN_GROUP_RID_USERS"</A -></H2 -><P ->I keep getting the message "trust account xxx should be in DOMAIN_GROUP_RID_USERS." - in the logs. What do I need to do?</P -><P ->You are using one of the old development versions. Upgrade. - (The message is unimportant, was a reminder to a developer)</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN286" ->How do I get my samba server to become a member ( not PDC ) of an NT domain?</A -></H2 -><P -> Please refer to the <A -HREF="DOMAIN_MEMBER.html" -TARGET="_top" ->Domain Member - HOWTO</A -> for more information on this. - </P -></DIV -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN290" ->Chapter 6. Troubleshooting and Bug Reporting</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN292" ->Diagnostic tools</A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN294" ->What are some diagnostics tools I can use to debug the domain logon process and where can I - find them?</A -></H2 -><P -> One of the best diagnostic tools for debugging problems is Samba itself. - You can use the -d option for both smbd and nmbd to specifiy what - 'debug level' at which to run. See the man pages on smbd, nmbd and - smb.conf for more information on debugging options. The debug - level can range from 1 (the default) to 10 (100 for debugging passwords). - </P -><P -> Another helpful method of debugging is to compile samba using the - <B -CLASS="COMMAND" ->gcc -g </B -> flag. This will include debug - information in the binaries and allow you to attch gdb to the - running smbd / nmbd process. In order to attach gdb to an smbd - process for an NT workstation, first get the workstation to make the - connection. Pressing ctrl-alt-delete and going down to the domain box - is sufficient (at least, on the first time you join the domain) to - generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation - maintains an open connection, and therefore there will be an smbd - process running (assuming that you haven't set a really short smbd - idle timeout) So, in between pressing ctrl alt delete, and actually - typing in your password, you can gdb attach and continue. - </P -><P -> Some usefull samba commands worth investigating: - </P -><P -></P -><UL -><LI -><P ->testparam | more</P -></LI -><LI -><P ->smbclient -L //{netbios name of server}</P -></LI -></UL -><P -> An SMB enabled version of tcpdump is available from - <A -HREF="http://www.tcpdump.org/" -TARGET="_top" ->http://www.tcpdup.org/</A ->. - Ethereal, another good packet sniffer for UNIX and Win32 - hosts, can be downloaded from <A -HREF="http://www.ethereal.com/" -TARGET="_top" ->http://www.ethereal.com</A ->. - </P -><P -> For tracing things on the Microsoft Windows NT, Network Monitor - (aka. netmon) is available on the Microsoft Developer Network CD's, - the Windows NT Server install CD and the SMS CD's. The version of - netmon that ships with SMS allows for dumping packets between any two - computers (ie. placing the network interface in promiscuous mode). - The version on the NT Server install CD will only allow monitoring - of network traffic directed to the local NT box and broadcasts on the - local subnet. Be aware that Ethereal can read and write netmon - formatted files. - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN309" ->How do I install 'Network Monitor' on an NT Workstation -or a Windows 9x box?</A -></H2 -><P -> Installing netmon on an NT workstation requires a couple - of steps. The following are for installing Netmon V4.00.349, which comes - with Microsoft Windows NT Server 4.0, on Microsoft Windows NT - Workstation 4.0. The process should be similar for other version of - Windows NT / Netmon. You will need both the Microsoft Windows - NT Server 4.0 Install CD and the Workstation 4.0 Install CD. - </P -><P -> Initially you will need to install 'Network Monitor Tools and Agent' - on the NT Server. To do this - </P -><P -></P -><UL -><LI -><P ->Goto Start - Settings - Control Panel - - Network - Services - Add </P -></LI -><LI -><P ->Select the 'Network Monitor Tools and Agent' and - click on 'OK'.</P -></LI -><LI -><P ->Click 'OK' on the Network Control Panel. - </P -></LI -><LI -><P ->Insert the Windows NT Server 4.0 install CD - when prompted.</P -></LI -></UL -><P -> At this point the Netmon files should exist in - <TT -CLASS="FILENAME" ->%SYSTEMROOT%\System32\netmon\*.*</TT ->. - Two subdirectories exist as well, <TT -CLASS="FILENAME" ->parsers\</TT -> - which contains the necessary DLL's for parsing the netmon packet - dump, and <TT -CLASS="FILENAME" ->captures\</TT ->. - </P -><P -> In order to install the Netmon tools on an NT Workstation, you will - first need to install the 'Network Monitor Agent' from the Workstation - install CD. - </P -><P -></P -><UL -><LI -><P ->Goto Start - Settings - Control Panel - - Network - Services - Add</P -></LI -><LI -><P ->Select the 'Network Monitor Agent' and click - on 'OK'.</P -></LI -><LI -><P ->Click 'OK' on the Network Control Panel. - </P -></LI -><LI -><P ->Insert the Windows NT Workstation 4.0 install - CD when prompted.</P -></LI -></UL -><P -> Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* - to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set - permissions as you deem appropriate for your site. You will need - administrative rights on the NT box to run netmon. - </P -><P -> To install Netmon on a Windows 9x box install the network monitor agent - from the Windows 9x CD (\admin\nettools\netmon). There is a readme - file located with the netmon driver files on the CD if you need - information on how to do this. Copy the files from a working - Netmon installation. - </P -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN338" ->What other help can I get ?</A -></H1 -><P -> There are many sources of information available in the form - of mailing lists, RFC's and documentation. The docs that come - with the samba distribution contain very good explanations of - general SMB topics such as browsing.</P -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN341" ->URLs and similar</A -></H2 -><P -></P -><UL -><LI -><P ->Home of Samba site <A -HREF="http://samba.org" -TARGET="_top" -> http://samba.org</A ->. We have a mirror near you !</P -></LI -><LI -><P -> The <I -CLASS="EMPHASIS" ->Development</I -> document - on the Samba mirrors might mention your problem. If so, - it might mean that the developers are working on it.</P -></LI -><LI -><P -> Ignacio Coupeau has a very comprehesive look at LDAP with Samba at - <A -HREF="http://www.unav.es/cti/ldap-smb-howto.html" -TARGET="_top" -> http://www.unav.es/cti/ldap-smb-howto.html</A -> - Be a little carefull however, I suspect that it does not specificly - address samba 2.2.x. The HEAD pre-2.1 may possibly be the best - stream to look at.</P -></LI -><LI -><P -> Lars Kneschke's site covers <A -HREF="http://www.samba-tng.org" -TARGET="_top" -> Samba-TNG</A -> at - <A -HREF="http://www.kneschke.de/projekte/samba_tng" -TARGET="_top" -> http://www.kneschke.de/projekte/samba_tng</A ->, but again, a - lot of it does not apply to the main stream Samba.</P -></LI -><LI -><P ->See how Scott Merrill simulates a BDC behaviour at - <A -HREF="http://www.skippy.net/linux/smb-howto.html" -TARGET="_top" -> http://www.skippy.net/linux/smb-howto.html</A ->. </P -></LI -><LI -><P ->Although 2.0.7 has almost had its day as a PDC, I (drb) will - keep the 2.0.7 PDC pages at <A -HREF="http://bioserve.latrobe.edu.au/samba" -TARGET="_top" -> http://bioserve.latrobe.edu.au/samba</A -> going for a while yet.</P -></LI -><LI -><P ->Misc links to CIFS information - <A -HREF="http://samba.org/cifs/" -TARGET="_top" ->http://samba.org/cifs/</A -></P -></LI -><LI -><P ->NT Domains for Unix <A -HREF="http://mailhost.cb1.com/~lkcl/ntdom/" -TARGET="_top" -> http://mailhost.cb1.com/~lkcl/ntdom/</A -></P -></LI -><LI -><P ->FTP site for older SMB specs: - <A -HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/" -TARGET="_top" -> ftp://ftp.microsoft.com/developr/drg/CIFS/</A -></P -></LI -></UL -><P -> You should also refer to the MS archives at - <A -HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/" -TARGET="_top" ->ftp://ftp.microsoft.com/developr/drg/CIFS/"</A -> - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN374" ->How do I get help from the mailing lists ?</A -></H2 -><P -> There are a number of Samba related mailing lists. Go to <A -HREF="http://samba.org" -TARGET="_top" ->http://samba.org</A ->, click on your nearest mirror - and then click on <B -CLASS="COMMAND" ->Support</B -> and then click on <B -CLASS="COMMAND" -> Samba related mailing lists</B ->.</P -><P ->For questions relating to Samba TNG go to - <A -HREF="http://www.samba-tng.org/" -TARGET="_top" ->http://www.samba-tng.org/</A -> - It has been requested that you don't post questions about Samba-TNG to the - main stream Samba lists.</P -><P -></P -><P -><B ->If you post a message to one of the lists please - observe the following guide lines :</B -></P -><UL -><LI -><P -> Always remember that the developers are volunteers, they are - not paid and they never guarantee to produce a particular feature at - a particular time. Any time lines are 'best guess' and nothing more. - </P -></LI -><LI -><P -> Always mention what version of samba you are using and what - operating system its running under. You should probably list the - relevant sections of your smb.conf file, at least the options - in [global] that affect PDC support.</P -></LI -><LI -><P ->In addition to the version, if you obtained Samba via - CVS mention the date when you last checked it out.</P -></LI -><LI -><P -> Try and make your question clear and brief, lots of long, - convoluted questions get deleted before they are completely read ! - Don't post html encoded messages (if you can select colour or font - size its html).</P -></LI -><LI -><P -> If you run one of those niffy 'I'm on holidays' things when - you are away, make sure its configured to not answer mailing lists. - </P -></LI -><LI -><P -> Don't cross post. Work out which is the best list to post to - and see what happens, ie don't post to both samba-ntdom and samba-technical. - Many people active on the lists subscribe to more - than one list and get annoyed to see the same message two or more times. - Often someone will see a message and thinking it would be better dealt - with on another, will forward it on for you.</P -></LI -><LI -><P ->You might include <I -CLASS="EMPHASIS" ->partial</I -> - log files written at a debug level set to as much as 20. - Please don't send the entire log but enough to give the context of the - error messages.</P -></LI -><LI -><P ->(Possibly) If you have a complete netmon trace ( from the opening of - the pipe to the error ) you can send the *.CAP file as well.</P -></LI -><LI -><P ->Please think carefully before attaching a document to an email. - Consider pasting the relevant parts into the body of the message. The samba - mailing lists go to a huge number of people, do they all need a copy of your - smb.conf in their attach directory ?</P -></LI -></UL -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN403" ->How do I get off the mailing lists ?</A -></H2 -><P ->To have your name removed from a samba mailing list, go to the - same place you went to to get on it. Go to <A -HREF="http://lists.samba.org/" -TARGET="_top" ->http://lists.samba.org</A ->, click - on your nearest mirror and then click on <B -CLASS="COMMAND" ->Support</B -> and - then click on <B -CLASS="COMMAND" -> Samba related mailing lists</B ->. Or perhaps see - <A -HREF="http://lists.samba.org/mailman/roster/samba-ntdom" -TARGET="_top" ->here</A -></P -><P -> Please don't post messages to the list asking to be removed, you will just - be refered to the above address (unless that process failed in some way...) - </P -></DIV -></DIV -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/samba-pdc-howto.html b/docs/htmldocs/samba-pdc-howto.html deleted file mode 100644 index a2bca689ef..0000000000 --- a/docs/htmldocs/samba-pdc-howto.html +++ /dev/null @@ -1,1558 +0,0 @@ -<HTML -><HEAD -><TITLE ->The Samba 2.2 PDC HowTo </TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="BOOK" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="BOOK" -><A -NAME="SAMBA-PDC-HOWTO" -></A -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="SAMBA-PDC-HOWTO" ->The Samba 2.2 PDC HowTo</A -></H1 -><H3 -CLASS="AUTHOR" -><A -NAME="AEN4" ->David Bannon</A -></H3 -><DIV -CLASS="AFFILIATION" -><SPAN -CLASS="ORGNAME" ->La Trobe University<BR></SPAN -></DIV -><HR></DIV -><HR><H1 -><A -NAME="AEN10" -></A -></H1 -><P ->Comments, corrections and additions to <TT -CLASS="EMAIL" -><<A -HREF="mailto:dbannon@samba.org" ->dbannon@samba.org</A ->></TT -></P -><P -> This document explains how to setup Samba as a Primary Domain Controller and - applies to version 2.2.0. - Before - using these functions make sure you understand what the controller can and cannot do. - Please read the sections below in the Introduction. - As 2.2.0 is incrementally updated - this document will change or become out of date very quickly, make sure you are - reading the most current version. - </P -><P ->Please note this document does not apply to Samba2.2alpha0, Samba2.2alpha1, - Samba 2.0.7, TNG nor HEAD branch.</P -><P ->It does apply to the current (post November 27th) cvs.</P -><P -> Also available is an updated version of Jerry Carter's NTDom <A -HREF="samba-pdc-faq.html" -TARGET="_top" -> FAQ</A -> that will answer lots of - the special 'tuning' questions that are not covered here. Over the next couple of weeks - some of the items here will be moved to the FAQ. - </P -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->1. <A -HREF="#AEN20" ->Introduction</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN28" ->What can we do ?</A -></DT -><DT -><A -HREF="#AEN44" ->What can't we do ?</A -></DT -></DL -></DD -><DT ->2. <A -HREF="#AEN55" ->Installing</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN59" ->Start Up Script</A -></DT -><DT -><A -HREF="#AEN66" ->Config File</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN68" ->A sample conf file</A -></DT -><DT -><A -HREF="#AEN79" ->PDC Config Parameters</A -></DT -></DL -></DD -><DT -><A -HREF="#AEN115" ->Special directories</A -></DT -></DL -></DD -><DT ->3. <A -HREF="#AEN126" ->User and Machine Accounts</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN128" ->Logon Accounts</A -></DT -><DT -><A -HREF="#MACHINEACCOUNT" ->Machine Accounts</A -></DT -><DT -><A -HREF="#AEN163" ->Joining the Domain</A -></DT -><DT -><A -HREF="#AEN211" ->User Accounts</A -></DT -><DT -><A -HREF="#AEN223" ->Domain Admin Accounts</A -></DT -></DL -></DD -><DT ->4. <A -HREF="#AEN231" ->Profiles, Policies and Logon Scripts</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN233" ->Profiles</A -></DT -><DT -><A -HREF="#AEN240" ->Policies</A -></DT -><DT -><A -HREF="#AEN251" ->Logon Scripts</A -></DT -></DL -></DD -><DT ->5. <A -HREF="#AEN272" ->Passwords and Authentication</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN278" -></A -></DT -><DD -><DL -><DT -><A -HREF="#AEN280" ->Syncing Passwords</A -></DT -><DT -><A -HREF="#AEN286" ->Using PAM</A -></DT -><DT -><A -HREF="#AEN292" ->Authenticating other Samba Servers</A -></DT -></DL -></DD -></DL -></DD -><DT ->6. <A -HREF="#AEN298" ->Background</A -></DT -><DD -><DL -><DT -><A -HREF="#AEN300" -></A -></DT -><DD -><DL -><DT -><A -HREF="#AEN302" ->History</A -></DT -><DT -><A -HREF="#AEN310" ->The Future</A -></DT -><DT -><A -HREF="#AEN322" ->Getting further help</A -></DT -></DL -></DD -></DL -></DD -></DL -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN20" ->Chapter 1. Introduction</A -></H1 -><P ->This document will show you one way of making Version 2.2.0 -of Samba perform some of the tasks of a -NT Primary Domain Controller. The facilities described are built into Samba as a result of -development work done over a number of years by a large number of people. These facilities -are only just beginning to be officially supported and although they do appear to work reliably, -if you use them then you take the risks upon your self. This document does not cover the -developmental versions of Samba, particularly -<A -HREF="http://www.samba-tng.org/" -TARGET="_top" -><I -CLASS="CITETITLE" ->Samba-TNG</I -></A -> - </P -><P ->Note that <A -HREF="http://bioserve.latrobe.edu.au/samba" -TARGET="_top" ->Samba 2.0.7</A -> - supports significently less of the NT Domain facilities compared with 2.2.0 - </P -><P -> This document does not replace the text files DOMAIN_CONTROL.txt, DOMAIN.txt (by - John H Terpstra) or NTDOMAIN.txt (by Luke Kenneth Casson Leighton). Those documents provide - more detail and an insight to the development - cycle and should be considered 'further reading'. </P -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN28" ->What can we do ?</A -></H1 -><P -></P -><UL -><LI -><P ->Permit 'domain logons' for Win95/98, NT4 and W2K workstations from one central - password database. WRT W2K, please see the section about adding machine - accounts and the Intro in the <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A ->.</P -></LI -><LI -><P ->Grant Administrator privileges to particular domain users on an - NT or W2K workstation.</P -></LI -><LI -><P ->Apply policies from a domain policy file to NT and W2K (?) - workstation.</P -></LI -><LI -><P ->Run the appropriate logon script when a user logs on to the domain - .</P -></LI -><LI -><P ->Maintain a user's local profile on the server.</P -></LI -><LI -><P ->Validate a user using another system via smb (such as smb_pam) and - soon winbind (?).</P -></LI -></UL -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN44" ->What can't we do ?</A -></H1 -><P -></P -><UL -><LI -><P -> Become or work with a Backup Domain Controller (a BDC).</P -></LI -><LI -><P -> Participate in any sort of trust relationship (with either Samba or NT - Servers).</P -></LI -><LI -><P -> Offer a list of domain users to User Manager for Domains - on the Security Tab etc).</P -></LI -><LI -><P ->Be a W2K type of Domain Controller. Samba PDC will behave like - an NT PDC, W2K workstations connect in legacy mode.</P -></LI -></UL -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN55" ->Chapter 2. Installing</A -></H1 -><P ->Installing consists of the usual download, configure, make and make - install process. These steps are well documented elsewhere. - The <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A -> discusses getting pre-release versions via CVS. - Then you need to configure the server.</P -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN59" ->Start Up Script</A -></H1 -><P ->Skip this section if you have a working Samba already. - Everyone has their own favourite startup script. Here is mine, offered with no warrantee - at all !</P -><PRE -CLASS="PROGRAMLISTING" -> - - #!/bin/sh - # Script to control Samba server, David Bannon, 14-6-96 - # - # - PATH=/bin:/usr/sbin:/usr/bin - export PATH - case "$1" in - 'start') - if [ -f /usr/local/samba/bin/smbd ] - then - /usr/local/samba/bin/smbd -D - /usr/local/samba/bin/nmbd -D - echo "Starting Samba Server" - fi - ;; - 'conf') - if [ -f /usr/local/samba/lib/smb.conf ] - then - vi /usr/local/samba/lib/smb.conf - fi - ;; - 'pw') - if [ -f /usr/local/samba/private/smbpasswd ] - then - vi /usr/local/samba/private/smbpasswd - fi - ;; - 'who') - /usr/local/samba/bin/smbstatus -b - ;; - 'restart') - psline=`/bin/ps x | grep smbd | grep -v grep` - - if [ "$psline" != "" ] - then - while [ "$psline" != "" ] - do - psline=`/bin/ps x | fgrep smbd | grep -v grep` - if [ "$psline" ] - then - set -- $psline - pid=$1 - /bin/kill -HUP $pid - echo "Stopped $pid line = $psline" - sleep 2 - fi - done - fi - echo "Stopped Samba servers" - ;; - 'stop') - psline=`/bin/ps x | grep smbd | grep -v grep` - - if [ "$psline" != "" ] - then - while [ "$psline" != "" ] - do - psline=`/bin/ps x | fgrep smbd | grep -v grep` - if [ "$psline" ] - then - set -- $psline - pid=$1 - /bin/kill -9 $pid - echo "Stopped $pid line = $psline" - sleep 2 - fi - done - fi - echo "Stopped Samba servers" - psline=`/bin/ps x | grep nmbd | grep -v grep` - if [ "$psline" ] - then - set -- $psline - pid=$1 - /bin/kill -9 $pid - echo "Stopped Name Server " - fi - echo "Stopped Name Servers" - ;; - *) - echo "usage: samba {start | restart |stop | conf | pw | who}" - ;; - esac - </PRE -><P -> Use this script, or some other one, you will need to ensure its used while the machine - is booting. (This typically involves <TT -CLASS="FILENAME" ->/etc/rc.d</TT ->, we'll be - assuming that there is a script called - samba in <TT -CLASS="FILENAME" ->/etc/rc.d/init.d</TT -> further down in this document.)</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN66" ->Config File</A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN68" ->A sample conf file</A -></H2 -><P ->Here is a fairly minimal config file to do PDC. It will also make the server - become the browse master for the - specified domain (not necessary but usually desirable). You will need to change only - two parameters to make this - file work, <TT -CLASS="FILENAME" ->wins server</TT -> and <TT -CLASS="FILENAME" ->workgroup</TT ->, plus - you will need to put your own name (not mine!) in the <TT -CLASS="FILENAME" ->domain admin users</TT -> fields. - Some of the parameters are discussed further down this document.</P -><P ->Assuming you have used the default install directories, this file should appear as - <TT -CLASS="FILENAME" ->/usr/local/samba/lib/smb.conf</TT ->. It should not be - writable by anyone except root.</P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->The 'add user script' parameter is a work-around, watch for changes !</P -></BLOCKQUOTE -></DIV -><PRE -CLASS="PROGRAMLISTING" -> - - [global] - security = user - status = yes - workgroup = { Your domain name here } - wins server = { ip of a wins server if you have one } - encrypt passwords = yes - domain logons =yes - logon script = scripts\%U.bat - domain admin group = @adm - add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ - guest account = ftp - share modes=no - os level=65 - [homes] - guest ok = no - read only = no - create mask = 0700 - directory mask = 0700 - oplocks = false - locking = no - [netlogon] - path = /usr/local/samba/netlogon - writeable = no - guest ok = no - </PRE -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN79" ->PDC Config Parameters</A -></H2 -><P -></P -><DIV -CLASS="VARIABLELIST" -><P -><B ->There are a huge range of parameters that may appear in a smb.conf file. Some - that may be of interest to a PDC are :</B -></P -><DL -><DT ->add user script</DT -><DD -><P ->This parameter specifies a script (or program) that will be run - to add a user to the system. Here it is being used to add a machine, not a user. - This is probably not very nice and may change. But it does work !</P -><P ->For this example, I have a group called 'machines', entries can be added to - <TT -CLASS="FILENAME" ->/etc/passwd</TT -> using a programme called <TT -CLASS="FILENAME" ->/usr/adduser</TT -> and - the other parameters are chosen as suitable for a machine account. Works for - RH Linux, your system may require changes.</P -></DD -><DT ->domain admin group = @adm</DT -><DD -><P ->This parameter specifies a unix group whose members will be granted - admin privileges on a NT workstation when - logged onto that workstation. See the section called <A -HREF="#AEN223" -> Domain Admin</A -> Accounts.</P -></DD -><DT ->domain admin users = user1 users2</DT -><DD -><P ->It appears that this parameter does not funtion correctly at present. - Use the 'domain admin group' instread. This parameter specifies a unix user who will - be granted admin privileges - on a NT workstation when - logged onto that workstation. See the section called <A -HREF="#AEN223" -> Domain Admin</A -> Accounts.</P -></DD -><DT ->encrypt passwords = yes</DT -><DD -><P ->This parameter must be 'yes' to allow any of the recent service pack NTs to logon. There are some reg hacks that - turn off encrypted passwords on the NTws itself but if you are going to use the smbpasswd system (and you - should) you must use encrypted passwords.</P -></DD -><DT ->logon script = scripts\%U.bat</DT -><DD -><P ->This will make samba look for a logon script named after the user - (eg joeblow.bat). - See the section further on called <A -HREF="#AEN251" ->Logon Scripts</A -></P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->Note that the slash is like this '\', not like this '/'. - NT is happy with both, win95 is not !</P -></BLOCKQUOTE -></DIV -></DD -><DT ->logon path</DT -><DD -><P ->Lets you specify where you would like users profiles kept. The default, that is in the users - home directory, does encourage a bit of fiddling.</P -></DD -></DL -></DIV -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN115" ->Special directories</A -></H1 -><P ->You need to create a couple of special files and directories. Its nice - to have some of the binaries handy too, so I create links to them. Assuming - you have used the default samba location and have not - changed the locations mentioned in the sample config file, do the following :</P -><PRE -CLASS="PROGRAMLISTING" -> - - mkdir /usr/local/samba/netlogon - mkdir /usr/local/samba/netlogon/scripts - mkdir /usr/local/samba/private - touch /usr/local/samba/private/smbpasswd - chmod go-rwx /usr/local/samba/private/smbpasswd - cd /usr/local/sbin - ln -s /usr/local/samba/bin/smbpasswd - ln -s /usr/local/samba/bin/smbclient - ln -s /etc/rc.d/init.d/samba</PRE -><P ->Make sure permissions are appropriate !</P -><P ->OK, if you have used the scripts above and have a path to where the links are do this to start up - the Samba Server :</P -><P -><B -CLASS="COMMAND" ->samba start</B -></P -><P ->Instead, you might like to reboot the machine to make sure that you - got the init stuff right. Any way, a quick look in the logs - <TT -CLASS="FILENAME" ->/usr/local/samba/var/log.smbd</TT -> and <TT -CLASS="FILENAME" -> /usr/local/samba/var/log/nmbd</TT -> - will give you an idea of what's happening. Assuming all is well, lets create - some accounts...</P -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN126" ->Chapter 3. User and Machine Accounts</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN128" ->Logon Accounts</A -></H1 -><P -><I -CLASS="EMPHASIS" ->This section is very nearly out of date already !</I -> It - appears that while you are reading it, Jean Francois Micou is making it - redundant ! Jean Francois is adding facilities to add users - (via User Manager) and machines (when joining the domain) and it looks like these facilities will - make it into the official release of 2.2.</P -><P ->Every user and NTws (and other samba servers) that will be on the domain - must have its own passwd entry in both <TT -CLASS="FILENAME" ->/etc/passwd</TT -> and - <TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT -> . - The <TT -CLASS="FILENAME" ->/etc/passwd</TT -> entry is really - only to reserve a user ID. The NT encrypted password is stored in - <TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT ->. - (Note that win95/98 machines don't need an account as they don't do - any security aware things.)</P -><P ->Samba 2.2 will now create these entries for us. Carefull set up is required - and there may well be some changes to this system before its released. - </P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="MACHINEACCOUNT" ->Machine Accounts</A -></H1 -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->There is an entry in the ntdom <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A -> explaining how to create - machine entries manually.</P -></BLOCKQUOTE -></DIV -><P -></P -><DIV -CLASS="VARIABLELIST" -><P -><B -><I -CLASS="EMPHASIS" ->At present</I -> to have the machine accounts created when a machine joins - the domain a number of conditions must be met :</B -></P -><DL -><DT ->Only root can do it !</DT -><DD -><P ->There must be an entry in <TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT -> - for root and root must be mentioned in <TT -CLASS="FILENAME" ->domain admins</TT ->. This may - be fixed some time in the future so any 'domain admin' can do it. If you don't - like having root as a windows logon account, make the machine - entries manually (both of them).</P -></DD -><DT ->Use the <TT -CLASS="FILENAME" ->add user script</TT -></DT -><DD -><P ->Again, this looks a bit like a 'work around'. Use a suitable - command line to add a machine account <A -HREF="#AEN68" ->see above</A ->, - and pass it %m$, that is %m to get machine name plus the '$'. Now, this - means you cannot use the <TT -CLASS="FILENAME" ->add user script</TT -> to really add users .... </P -></DD -><DT ->Only for W2K</DT -><DD -><P ->This automatic creation of machine accounts does not work for - NT4ws at present. Watch this space.</P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN163" ->Joining the Domain</A -></H1 -><P ->You must have either added the machine account entries manually (NT4 ws) - or set up the automatic system (W2K), <A -HREF="#MACHINEACCOUNT" ->see Machine Accounts</A -> - before proceeding.</P -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT -><B -CLASS="COMMAND" ->Windows NT</B -></DT -><DD -><P -></P -><UL -><LI -><P -> (<I -CLASS="EMPHASIS" ->this step may not be necessary some time in the near future</I ->). - On the samba server that is the PDC, add a machine account manually - as per the instructions in the <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A -> - Then give the command <B -CLASS="COMMAND" ->smbpasswd -a -m {machine}</B -> substituting in the - client machine name.</P -></LI -><LI -><P -> Logon to the NTws in question as a local admin, go to the - <B -CLASS="COMMAND" ->Control Panel, Network IdentificationTag</B ->.</P -></LI -><LI -><P -> Press the <B -CLASS="COMMAND" ->Change</B -> button.</P -></LI -><LI -><P -> Enter the Domain name (from the 'Workgroup' parameter, smb.conf) - in the Domain Field.</P -></LI -><LI -><P -> Press OK and after a few seconds you will get a 'Welcome to Whatever Domain'. - Allow to reboot.</P -></LI -></UL -></DD -><DT -><B -CLASS="COMMAND" ->Windows 2000</B -></DT -><DD -><P -></P -><UL -><LI -><P ->Logon to the W2k machine as Administrator, go to the Control - Panel and double click on <B -CLASS="COMMAND" ->Network and Dialup Connections</B ->. - </P -></LI -><LI -><P ->Pull down the <B -CLASS="COMMAND" ->Advanced</B -> menu and choose - <B -CLASS="COMMAND" ->Network Identification</B ->. Press <B -CLASS="COMMAND" ->Properties - </B ->. </P -></LI -><LI -><P ->Choose <B -CLASS="COMMAND" ->Domain</B -> and enter the domain name. Press 'OK'.</P -></LI -><LI -><P ->Now enter a user name and password for a Domain Admin - <I -CLASS="EMPHASIS" ->(Who must be root until a pre-release bug is fixed)</I -> and press - 'OK'.</P -></LI -><LI -><P ->Wait for the confirmation, reboot when prompted.</P -></LI -></UL -><P ->To remove a W2K machine from the domain, follow the first two steps then - choose <B -CLASS="COMMAND" ->Workgroup</B ->, enter a work group name (or just WORKGROUP) and follow - the prompts.</P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN211" ->User Accounts</A -></H1 -><P -><I -CLASS="EMPHASIS" ->Again, doing it manually (cos' the auto way is not working pre-release). - </I -> - In our simple case every domain user should have an account on the PDC. The - account may have a null shell if they are not allowed to log on to the unix - prompt. Again they need an entry in both the <TT -CLASS="FILENAME" ->/etc/passwd</TT -> and - <TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT ->. Again a password is - not necessary in <TT -CLASS="FILENAME" ->/etc/passwd</TT -> but the location - of the home directory is honoured. - To make an entry for a user called Joe Blow you would typically do the following :</P -><P -><B -CLASS="COMMAND" ->adduser -g users -c 'Joe Blow' -s /bin/false -n joeblow</B -></P -><P -><B -CLASS="COMMAND" ->smbpasswd -a joeblow</B -></P -><P ->And you will prompted to enter a password for Joe. Ideally he will be - hovering over your shoulder and will, when asked, type in a password of - his choice. There are a number of scripts and systems to ease the migration of users - from somewhere to samba. Better start looking !</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN223" ->Domain Admin Accounts</A -></H1 -><P ->Certain operations demand that the logged on user has Administrator - privileges, typically installing software and - doing maintenance tasks. It is very simple to appoint some users as Domain Admins, - most likely yourself. Make - sure you trust the appointee !</P -><P ->Samba 2.2 recognizes particular users as being - domain admins and tells the NTws when it thinks that it has got one logged on. - In the smb.conf file we declare - that the <TT -CLASS="FILENAME" ->Domain Admin group = @adm</TT ->. - Any user who is a menber of the unix group 'adm' is treated as a Domain Admin by a NTws when - logged onto the Domain. They will have full Administrator rights - including the rights to change permissions on files and run the system - utilities such as Disk Administrator. Add users to the group by editing <TT -CLASS="FILENAME" -> /etc/group/</TT ->. You do not need to use the 'adm' group, choose any one you like.</P -><P ->Further, and this is very new, they will be allowed to create a - new machine account when first connecting a new NT or W2K machine to - the domain. <I -CLASS="EMPHASIS" ->However, at present, ie pre-release, only a Domain Admin who - also happens to be root can do so. </I -></P -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN231" ->Chapter 4. Profiles, Policies and Logon Scripts</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN233" ->Profiles</A -></H1 -><P ->NT Profiles should work if you have followed the setup so far. - A user's profile contains a whole lot of their personal settings, - the contents of their desktop, personal 'My Documents' and so on. - When they log off, all of the profile is copied to their directory - on the server and is downloaded again when they logon on again, possibly - on another client machine.</P -><P ->Sounds great but can be a bit of a bug bear sometimes. Users let - their profiles get too big and then complain about how long it takes - to log on each time. This sample setup only supports NT profiles, - rumor has it that it is also possible to do the same on Win95, my - users don't know and I'm not telling them.</P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->There is more info about Profiles (including for W95/98) - in the <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A ->.</P -></BLOCKQUOTE -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN240" ->Policies</A -></H1 -><P ->Policies are an easy way to make or enforce specific characteristics across your network. You create a ntconfig.pol - file and every time someone logs on with their NTws, the settings you put in ntconfig.pol are applied to the NTws. - Typical setting are things like making the date appear the way you want it (none of these 2 figure years here) or - maybe suppressing one of the splash screens. Perhaps you want to set the NTws so it does not keep users profiles - on the local machine. Cool. The only problem is making the ntconfig.pol file itself. You cannot use the policy editor - that comes with NTws.</P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->See the <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A -> for pointers on how to get a suitable Policy Editor.</P -></BLOCKQUOTE -></DIV -><P ->The Policy Editor (and associated files) will create a - <TT -CLASS="FILENAME" ->ntconfig.pol</TT -> file using the - parameters Microsoft thought of and parameters you specify by making your own - template file.</P -><P ->In our example configuration here, Samba will expect to find - the <TT -CLASS="FILENAME" ->ntconfig.pol</TT -> file in - <TT -CLASS="FILENAME" ->/usr/local/samba/netlogon</TT ->. Needless to say (I hope !), - it is vitally important that ordinary users don't have - write permission to the Policy files.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN251" ->Logon Scripts</A -></H1 -><P ->In the sample config file above there is a line - <TT -CLASS="FILENAME" ->logon script = scripts\%U.bat</TT -></P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->Note that the slash is like this '\' not like this '/'. - NT is happy with both, win95 is not !</P -></BLOCKQUOTE -></DIV -><P ->This allows you to run a dos batch file every time someone logs on. The batch - file is located on the server, in the sample install mentioned here, - its in <TT -CLASS="FILENAME" ->/usr/local/samba/netlogon/scripts</TT -> and - is named after the user with <TT -CLASS="FILENAME" ->.bat</TT -> appended, eg Joe - Blow's script is called <TT -CLASS="FILENAME" ->/usr/local/samba/netlogon/scripts/joeblow.bat</TT ->.</P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->There is a suggestion that user names longer than 8 characters may cause - problems with some systems being unable to run logon scripts. This is confirmed in earlier - versions when connecting using W95, comments about other combinations ??</P -></BLOCKQUOTE -></DIV -><P ->You could use a line like this <TT -CLASS="FILENAME" ->logon script = default.bat</TT -> and samba - will supply <TT -CLASS="FILENAME" ->/usr/local/samba/netlogon/default.bat</TT -> for any client and every - user. Maybe you could use %m and get a client machine dependant logon script. - You get the idea...</P -><P ->Note that the file is a dos batch file not a Unix script. It runs dos commands on the client - computer with the logon user's permissions. It must be a dos file with each line ending with - the dos cr/lf not a nice clean newline. Generally, - its best to create the initial file on a DOS system and copy it across.</P -><P ->There is lots of very clever uses of the Samba replaceable variables such - ( %U = user, %G = primary group, %H = client machine, see the 'man 5 smb.conf') to - give you control over which script runs when a particular person logs - on. (Gee, it would be nice to have a default.bat run when nothing else is available.)</P -><P ->Again, it is vitally important that ordinary users don't have write - permission to other peoples, or even probably their own, logon script files.</P -><P ->A typical logon script is reproduced below. Note that it runs separate - commands for win95 and NT, that's because NT has slightly different behaviour - when using the <TT -CLASS="FILENAME" ->net use ..</TT -> command. Its useful for lots of - other situations too. I don't know what syntax to use for win98, I don't use it - here.</P -><PRE -CLASS="PROGRAMLISTING" -> - - rem Default logon script, create links to this file. - - net time \\bioserve /set /yes - @echo off - if %OS%.==Windows_NT. goto WinNT - - :Win95 - net use k: \\trillion\bio_prog - net use p: \\bcfile\homes - goto end - :WinNT - net use k: \\trillion\bio_prog /persistent:no - net use p: \\bcfile\homes /persistent:no - - :end - </PRE -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN272" ->Chapter 5. Passwords and Authentication</A -></H1 -><P ->So far our configuration assumes that ordinary users don't have unix logon access. A change - to the <A -HREF="#AEN211" -><TT -CLASS="FILENAME" ->adduser</TT -></A -> line above would allow unix logon - but it would be with passwords that may - be different from the NT logon. Clearly that won't suit everyone. Trying to explain to users - that they need to change their passwords in two seperate places is not fun. - Further, even if they cannot do a unix logon there are other processes that - might require authentication. We have a nice securely encrypted password in - <TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT ->, why not use it ?</P -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN278" -></A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN280" ->Syncing Passwords</A -></H2 -><P ->Yes, its possible and seems the easiest way (initially anyway). - The <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A -> details how to - do so in the sections <I -CLASS="EMPHASIS" ->What is password sync and should I use it ?</I -> and <I -CLASS="EMPHASIS" -> How do I get remote password (unix and SMB) changing working ?</I -></P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN286" ->Using PAM</A -></H2 -><P ->Pam enabled systems have a much better solution available. The Samba - PDC server will offer to authenticate domain users to other processes - (either on this server or on the domain). With a suitable pam stack - such as <A -HREF="http://www.csn.ul.ie/~airlied/pam_smb/" -TARGET="_top" -> Pam_smb</A -> - you can get any pam aware application looking to the samba password and - can leave the password field in <TT -CLASS="FILENAME" ->/etc/shadow</TT -> - or <TT -CLASS="FILENAME" ->/etc/passwd</TT -> invalid.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN292" ->Authenticating other Samba Servers</A -></H2 -><P ->In a domain that has a number of servers you only need one password database. - The machines that don't have their own ask the PDC to check for them. - This will work fine for a domain controlled by either a Samba or NT machine.</P -><P ->To do so the Samba machine must be told to refer to the PDC and where the PDC is. - See the section in the NTDom <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A -> called <I -CLASS="EMPHASIS" ->How do I get my samba server to - become a member ( not PDC ) of an NT domain?</I -></P -></DIV -></DIV -></DIV -><DIV -CLASS="CHAPTER" -><HR><H1 -><A -NAME="AEN298" ->Chapter 6. Background</A -></H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN300" -></A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN302" ->History</A -></H2 -><P ->It might help you understand the limitations of the PDC in Samba if you - read something of its history. Well, the history as I understand it anyway.</P -><P ->For many years the Samba team have been developing Samba, some time ago - a number of people, possibly lead by Luke Leighton started contributing NT - PDC stuff. This was added to the 'head' stream (that would eventually - become the next version) and later to a seperate stream (NTDom). They did so - much that eventually this development stream was so mutated that it could not - be merged back into the main stream and was abandoned towards the end of 1999. - And that was very sad because many users, myself include had become heavily - dependant on the NTController facilities it offered. Oh well...</P -><P ->The NTDom team continued on with their new found knowledge however and - built the TNG stream. Intended to be carefully controlled so that it can be - merged back into the main stream and benefiting from what they learnt, it is - a very different product to the origional NTDom product. However, for a - number of reasons, the merge did not take place and now TNG is being developed - at <A -HREF="http://www.samba-tng.org" -TARGET="_top" ->http://www.samba-tng.org</A ->.</P -><P ->Now, the NTDom things that the main strean 2.0.x version does is based more - on the old (initial version) abandoned code than on the TNG ideas. It appears - that version 2.2.0 will also include an improved version of the 2.0.7 domain - controller charactistics, not the TNG ways. The developers have indicated - that 2.2.0 will be further developed incrementally and the ideas from TNG - incorporated into it.</P -><P ->One more little wriggle is worth mentioning. At one stage the NTDom - stream was called Samba 2.1.0-prealpha and similar names. This is most - unfortunate because at least one book published advises people who want to - use NTDom Samba to get version 2.1.0 or later. As main stream Samba will soon - be called 2.2.0 and NOT officially supporting NTDom Controlling functions, - the potential for confusion is certainly there.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN310" ->The Future</A -></H2 -><P ->There is a document on the Samba mirrors called <I -CLASS="EMPHASIS" ->'Development' - </I ->. It offers the 'best guess' of what is planned for future releases - of Samba.</P -><P ->The future of Samba as a Primary Domain Controller appears rosie, however - be aware that its the future, not the present. The developers are strongly committed - to building a full featured PDC into Samba but it will take time. If this - version does not meet your requirements then you should consider (in no particular - order) :</P -><P -></P -><UL -><LI -><P -> Wait. No, we don't know how long. Repeated asking won't help.</P -></LI -><LI -><P ->Investigate the development versions, TNG perhaps or HEAD where new code is being added - all the time. Realise that development code is often unstable, poorly documented and subject to change. - You will need to use cvs to download development versions.</P -></LI -><LI -><P ->Join one of the Samba mailing lists so that you can find out - what is happening on the 'bleeding edge'.</P -></LI -></UL -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN322" ->Getting further help</A -></H2 -><P ->This document cannot possibly answer all your questions. Please understand that its very - likely that someone has been confrounted by the same problem that you have. The - <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A -> - discusses a number of possible paths to take to get further help :</P -><P -></P -><UL -><LI -><P ->Documents on the Samba Sites.</P -></LI -><LI -><P ->Other web sites.</P -></LI -><LI -><P ->Mailing list.</P -></LI -></UL -><P ->There is some discussion about guide lines for using the Mailing Lists on the - accompanying <A -HREF="samba-pdc-faq.html" -TARGET="_top" ->FAQ</A ->, - please read them before posting.</P -></DIV -></DIV -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html index 5fe4f3cf97..f60cd595cf 100644 --- a/docs/htmldocs/smb.conf.5.html +++ b/docs/htmldocs/smb.conf.5.html @@ -638,8 +638,8 @@ CLASS="VARIABLELIST" ><P >the architecture of the remote machine. Only some are recognized, and those may not be - 100% reliable. It currently recognizes Samba, WfWg, - WinNT and Win95. Anything else will be known as + 100% reliable. It currently recognizes Samba, WfWg, Win95, + WinNT and Win2k. Anything else will be known as "UNKNOWN". If it gets it wrong then sending a level 3 log to <A HREF="mailto:samba@samba.org" @@ -1461,6 +1461,78 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#LDAPADMINDN" +><TT +CLASS="PARAMETER" +><I +>ldap admin dn</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="#LDAPFILTER" +><TT +CLASS="PARAMETER" +><I +>ldap filter</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="#LDAPPORT" +><TT +CLASS="PARAMETER" +><I +>ldap port</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="#LDAPSERVER" +><TT +CLASS="PARAMETER" +><I +>ldap server</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="#LDAPSSL" +><TT +CLASS="PARAMETER" +><I +>ldap ssl</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="#LDAPSUFFIX" +><TT +CLASS="PARAMETER" +><I +>ldap suffix</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#LMANNOUNCE" ><TT CLASS="PARAMETER" @@ -1881,18 +1953,6 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#NTACLSUPPORT" -><TT -CLASS="PARAMETER" -><I ->nt acl support</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#NTPIPESUPPORT" ><TT CLASS="PARAMETER" @@ -2433,6 +2493,42 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#SSLEGDSOCKET" +><TT +CLASS="PARAMETER" +><I +>ssl egd socket</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="#SSLENTROPYBYTES" +><TT +CLASS="PARAMETER" +><I +>ssl entropy bytes</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="#SSLENTROPYFILE" +><TT +CLASS="PARAMETER" +><I +>ssl entropy file</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#SSLHOSTS" ><TT CLASS="PARAMETER" @@ -2673,6 +2769,18 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#USEMMAP" +><TT +CLASS="PARAMETER" +><I +>use mmap</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#USERHOSTS" ><TT CLASS="PARAMETER" @@ -2891,7 +2999,7 @@ CLASS="PARAMETER" ><DIV CLASS="REFSECT1" ><A -NAME="AEN934" +NAME="AEN970" ></A ><H2 >COMPLETE LIST OF SERVICE PARAMETERS</H2 @@ -3684,6 +3792,18 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#NTACLSUPPORT" +><TT +CLASS="PARAMETER" +><I +>nt acl support</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#ONLYGUEST" ><TT CLASS="PARAMETER" @@ -4068,6 +4188,18 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#STRICTALLOCATE" +><TT +CLASS="PARAMETER" +><I +>strict allocate</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#STRICTLOCKING" ><TT CLASS="PARAMETER" @@ -4298,7 +4430,7 @@ CLASS="PARAMETER" ><DIV CLASS="REFSECT1" ><A -NAME="AEN1402" +NAME="AEN1446" ></A ><H2 >EXPLANATION OF EACH PARAMETER</H2 @@ -7500,11 +7632,11 @@ CLASS="PARAMETER" > it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows NT 4 Domains. For more details on setting up this feature see - the file DOMAINS.txt in the Samba documentation directory <TT + the Samba-PDC-HOWTO included in the <TT CLASS="FILENAME" ->docs/ - </TT -> shipped with the source code.</P +>htmldocs/</TT +> + directory shipped with the source code.</P ><P >Default: <B CLASS="COMMAND" @@ -8055,22 +8187,6 @@ CLASS="PARAMETER" > parameter is applied.</P ><P ->Note that by default this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - this mask on access control lists also, they need to set the <A -HREF="#RESTRICTACLWITHMASK" -><TT -CLASS="PARAMETER" -><I ->restrict acl with - mask</I -></TT -></A -> to <TT -CLASS="CONSTANT" ->true</TT ->.</P -><P >See also the parameter <A HREF="#CREATEMASK" ><TT @@ -8130,22 +8246,6 @@ CLASS="PARAMETER" > is applied.</P ><P ->Note that by default this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - this mask on access control lists also, they need to set the <A -HREF="#RESTRICTACLWITHMASK" -><TT -CLASS="PARAMETER" -><I ->restrict acl with - mask</I -></TT -></A -> to <TT -CLASS="CONSTANT" ->true</TT ->.</P -><P >See also the parameter <A HREF="#DIRECTORYMASK" ><TT @@ -9569,6 +9669,250 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="LDAPADMINDN" +></A +>ldap admin dn (G)</DT +><DD +><P +>This parameter is only available if Samba has been + configure to include the <B +CLASS="COMMAND" +>--with-ldapsam</B +> option + at compile time. This option should be considered experimental and + under active development. + </P +><P +> The <TT +CLASS="PARAMETER" +><I +>ldap admin dn</I +></TT +> defines the Distinguished + Name (DN) name used by Samba to contact the <A +HREF="#LDAPSERVER" +>ldap + server</A +> when retreiving user account information. The <TT +CLASS="PARAMETER" +><I +>ldap + admin dn</I +></TT +> is used in conjunction with the admin dn password + stored in the <TT +CLASS="FILENAME" +>private/secrets.tdb</TT +> file. See the + <A +HREF="smbpasswd.8.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbpasswd(8)</B +></A +> man + page for more information on how to accmplish this. + </P +><P +>Default : <EM +>none</EM +></P +></DD +><DT +><A +NAME="LDAPFILTER" +></A +>ldap filter (G)</DT +><DD +><P +>This parameter is only available if Samba has been + configure to include the <B +CLASS="COMMAND" +>--with-ldapsam</B +> option + at compile time. This option should be considered experimental and + under active development. + </P +><P +> This parameter specifies the RFC 2254 compliant LDAP search filter. + The default is to match the login name with the <TT +CLASS="CONSTANT" +>uid</TT +> + attribute for all entries matching the <TT +CLASS="CONSTANT" +>sambaAccount</TT +> + objectclass. Note that this filter should only return one entry. + </P +><P +>Default : <B +CLASS="COMMAND" +>ldap filter = (&(uid=%u)(objectclass=sambaAccount))</B +></P +></DD +><DT +><A +NAME="LDAPPORT" +></A +>ldap port (G)</DT +><DD +><P +>This parameter is only available if Samba has been + configure to include the <B +CLASS="COMMAND" +>--with-ldapsam</B +> option + at compile time. This option should be considered experimental and + under active development. + </P +><P +> This option is used to control the tcp port number used to contact + the <A +HREF="#LDAPSERVER" +><TT +CLASS="PARAMETER" +><I +>ldap server</I +></TT +></A +>. + The default is to use the stand LDAP port 389. + </P +><P +>Default : <B +CLASS="COMMAND" +>ldap port = 389</B +></P +></DD +><DT +><A +NAME="LDAPSERVER" +></A +>ldap server (G)</DT +><DD +><P +>This parameter is only available if Samba has been + configure to include the <B +CLASS="COMMAND" +>--with-ldapsam</B +> option + at compile time. This option should be considered experimental and + under active development. + </P +><P +> This parameter should contains the FQDN of the ldap directory + server which should be queried to locate user account information. + </P +><P +>Default : <B +CLASS="COMMAND" +>ldap server = localhost</B +></P +></DD +><DT +><A +NAME="LDAPSSL" +></A +>ldap ssl (G)</DT +><DD +><P +>This parameter is only available if Samba has been + configure to include the <B +CLASS="COMMAND" +>--with-ldapsam</B +> option + at compile time. This option should be considered experimental and + under active development. + </P +><P +> This option is used to define whether or not Samba should + use SSL when connecting to the <A +HREF="#LDAPSERVER" +><TT +CLASS="PARAMETER" +><I +>ldap + server</I +></TT +></A +>. This is <EM +>NOT</EM +> related to + Samba SSL support which is enabled by specifying the + <B +CLASS="COMMAND" +>--with-ssl</B +> option to the <TT +CLASS="FILENAME" +>configure</TT +> + script (see <A +HREF="#SSL" +><TT +CLASS="PARAMETER" +><I +>ssl</I +></TT +></A +>). + </P +><P +> The <TT +CLASS="PARAMETER" +><I +>ldap ssl</I +></TT +> can be set to one of three values: + (a) <B +CLASS="COMMAND" +>on</B +> - Always use SSL when contacting the + <TT +CLASS="PARAMETER" +><I +>ldap server</I +></TT +>, (b) <B +CLASS="COMMAND" +>off</B +> - + Never use SSL when querying the directory, or (c) <B +CLASS="COMMAND" +>start + tls</B +> - Use the LDAPv3 StartTLS extended operation + (RFC2830) for communicating with the directory server. + </P +><P +>Default : <B +CLASS="COMMAND" +>ldap ssl = off</B +></P +></DD +><DT +><A +NAME="LDAPSUFFIX" +></A +>ldap suffix (G)</DT +><DD +><P +>This parameter is only available if Samba has been + configure to include the <B +CLASS="COMMAND" +>--with-ldapsam</B +> option + at compile time. This option should be considered experimental and + under active development. + </P +><P +>Default : <EM +>none</EM +></P +></DD +><DT +><A NAME="LEVEL2OPLOCKS" ></A >level2 oplocks (S)</DT @@ -11958,7 +12302,7 @@ CLASS="COMMAND" > --with-msdfs</B > option. If set to <TT CLASS="CONSTANT" ->yes></TT +>yes</TT >, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. @@ -12038,7 +12382,7 @@ CLASS="FILENAME" CLASS="FILENAME" >/etc/nsswitch.conf</TT > - file). Note that this method is only used if the NetBIOS name + file. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored.</P ></LI @@ -12228,7 +12572,7 @@ CLASS="COMMAND" ><A NAME="NTACLSUPPORT" ></A ->nt acl support (G)</DT +>nt acl support (S)</DT ><DD ><P >This boolean parameter controls whether @@ -12237,7 +12581,9 @@ HREF="smbd.8.html" TARGET="_top" >smbd(8)</A > will attempt to map - UNIX permissions into Windows NT access control lists.</P + UNIX permissions into Windows NT access control lists. + This parameter was formally a global parameter in releases + prior to 2.2.2.</P ><P >Default: <B CLASS="COMMAND" @@ -12825,7 +13171,7 @@ CLASS="PARAMETER" ></TT ></A > parameter is set to true, the chat pairs - may be matched in any order, and sucess is determined by the PAM result, + may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions. </P ><P @@ -13720,8 +14066,14 @@ CLASS="PARAMETER" </I ></TT > will be replaced by the appropriate printer name. The - spool file name is generated automatically by the server, the printer - name is discussed below.</P + spool file name is generated automatically by the server. The + <TT +CLASS="PARAMETER" +><I +>%J</I +></TT +> macro can be used to access the job + name as transmitted by the client.</P ><P >The print command <EM >MUST</EM @@ -13811,7 +14163,7 @@ CLASS="COMMAND" ><P >For <B CLASS="COMMAND" ->printing = SYS or HPUX :</B +>printing = SYSV or HPUX :</B ></P ><P ><B @@ -14294,7 +14646,7 @@ CLASS="PARAMETER" > if specified in the [global] section.</P ><P ->Currently eight printing styles are supported. They are +>Currently nine printing styles are supported. They are <TT CLASS="CONSTANT" >BSD</TT @@ -14773,108 +15125,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="RESTRICTACLWITHMASK" -></A ->restrict acl with mask (S)</DT -><DD -><P ->This is a boolean parameter. If set to <TT -CLASS="CONSTANT" ->false</TT -> (default), then - creation of files with access control lists (ACLS) and modification of ACLs - using the Windows NT/2000 ACL editor will be applied directly to the file - or directory.</P -><P ->If set to <TT -CLASS="CONSTANT" ->true</TT ->, then all requests to set an ACL on a file will have the - parameters <A -HREF="#CREATEMASK" -><TT -CLASS="PARAMETER" -><I ->create mask</I -></TT -></A ->, - <A -HREF="#FORCECREATEMODE" -><TT -CLASS="PARAMETER" -><I ->force create mode</I -></TT -></A -> - applied before setting the ACL, and all requests to set an ACL on a directory will - have the parameters <A -HREF="#DIRECTORYMASK" -><TT -CLASS="PARAMETER" -><I ->directory - mask</I -></TT -></A ->, <A -HREF="#FORCEDIRECTORYMODE" -><TT -CLASS="PARAMETER" -><I ->force - directory mode</I -></TT -></A -> applied before setting the ACL. - </P -><P ->See also <A -HREF="#CREATEMASK" -><TT -CLASS="PARAMETER" -><I ->create mask</I -></TT -></A ->, - <A -HREF="#FORCECREATEMODE" -><TT -CLASS="PARAMETER" -><I ->force create mode</I -></TT -></A ->, - <A -HREF="#DIRECTORYMASK" -><TT -CLASS="PARAMETER" -><I ->directory mask</I -></TT -></A ->, - <A -HREF="#FORCEDIRECTORYMODE" -><TT -CLASS="PARAMETER" -><I ->force directory mode</I -></TT -></A -> - </P -><P ->Default: <B -CLASS="COMMAND" ->restrict acl with mask = no</B -></P -></DD -><DT -><A NAME="RESTRICTANONYMOUS" ></A >restrict anonymous (G)</DT @@ -15176,7 +15426,7 @@ CLASS="COMMAND" </B >.</P ><P ->In versions of Samba prior to 2..0, the default was +>In versions of Samba prior to 2.0.0, the default was <B CLASS="COMMAND" >security = share</B @@ -16290,14 +16540,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >This variable enables or disables the entire SSL mode. If it is set to <TT CLASS="CONSTANT" @@ -16346,14 +16588,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >This variable defines where to look up the Certification Authorities. The given directory should contain one file for each CA that Samba will trust. The file name must be the hash @@ -16383,14 +16617,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >This variable is a second way to define the trusted CAs. The certificates of the trusted CAs are collected in one big file and this variable points to the file. You will probably @@ -16421,14 +16647,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >This variable defines the ciphers that should be offered during SSL negotiation. You should not set this variable unless you know what you are doing.</P @@ -16448,14 +16666,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >The certificate in this file is used by <A HREF="smbclient.1.html" TARGET="_top" @@ -16487,14 +16697,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >This is the private key for <A HREF="smbclient.1.html" TARGET="_top" @@ -16526,18 +16728,10 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P ->This variable defines whether SSLeay should be configured +>This variable defines whether OpenSSL should be configured for bug compatibility with other SSL implementations. This is probably not desirable because currently no clients with SSL - implementations other than SSLeay exist.</P + implementations other than OpenSSL exist.</P ><P >Default: <B CLASS="COMMAND" @@ -16546,6 +16740,104 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="SSLEGDSOCKET" +></A +>ssl egd socket (G)</DT +><DD +><P +>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <B +CLASS="COMMAND" +>--with-ssl</B +> was + given at configure time.</P +><P +> This option is used to define the location of the communiation socket of + an EGD or PRNGD daemon, from which entropy can be retrieved. This option + can be used instead of or together with the <A +HREF="#SSLENTROPYFILE" +><TT +CLASS="PARAMETER" +><I +>ssl entropy file</I +></TT +></A +> + directive. 255 bytes of entropy will be retrieved from the daemon. + </P +><P +>Default: <EM +>none</EM +></P +></DD +><DT +><A +NAME="SSLENTROPYBYTES" +></A +>ssl entropy bytes (G)</DT +><DD +><P +>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <B +CLASS="COMMAND" +>--with-ssl</B +> was + given at configure time.</P +><P +> This parameter is used to define the number of bytes which should + be read from the <A +HREF="#SSLENTROPYFILE" +><TT +CLASS="PARAMETER" +><I +>ssl entropy + file</I +></TT +></A +> If a -1 is specified, the entire file will + be read. + </P +><P +>Default: <B +CLASS="COMMAND" +>ssl entropy bytes = 255</B +></P +></DD +><DT +><A +NAME="SSLENTROPYFILE" +></A +>ssl entropy file (G)</DT +><DD +><P +>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <B +CLASS="COMMAND" +>--with-ssl</B +> was + given at configure time.</P +><P +> This parameter is used to specify a file from which processes will + read "random bytes" on startup. In order to seed the internal pseudo + random number generator, entropy must be provided. On system with a + <TT +CLASS="FILENAME" +>/dev/urandom</TT +> device file, the processes + will retrieve its entropy from the kernel. On systems without kernel + entropy support, a file can be supplied that will be read on startup + and that will be used to seed the PRNG. + </P +><P +>Default: <EM +>none</EM +></P +></DD +><DT +><A NAME="SSLHOSTS" ></A >ssl hosts (G)</DT @@ -16576,14 +16868,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >These two variables define whether Samba will go into SSL mode or not. If none of them is defined, Samba will allow only SSL connections. If the <A @@ -16658,14 +16942,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >If this variable is set to <TT CLASS="CONSTANT" >yes</TT @@ -16724,14 +17000,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >If this variable is set to <TT CLASS="CONSTANT" >yes</TT @@ -16777,14 +17045,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >This is the file containing the server's certificate. The server <EM >must</EM @@ -16813,14 +17073,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >This file contains the private key of the server. If this variable is not defined, the key is looked up in the certificate file (it may be appended to the certificate). @@ -16853,14 +17105,6 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><EM ->Note</EM -> that for export control reasons - this code is <EM ->NOT</EM -> enabled by default in any - current binary version of Samba.</P -><P >This enumeration variable defines the versions of the SSL protocol that will be used. <TT CLASS="CONSTANT" @@ -16955,6 +17199,43 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="STRICTALLOCATE" +></A +>strict allocate (S)</DT +><DD +><P +>This is a boolean that controls the handling of + disk space allocation in the server. When this is set to <TT +CLASS="CONSTANT" +>yes</TT +> + the server will change from UNIX behaviour of not committing real + disk storage blocks when a file is extended to the Windows behaviour + of actually forcing the disk system to allocate real storage blocks + when a file is created or extended to be a given size. In UNIX + terminology this means that Samba will stop creating sparse files. + This can be slow on some systems.</P +><P +>When strict allocate is <TT +CLASS="CONSTANT" +>no</TT +> the server does sparse + disk block allocation when a file is extended.</P +><P +>Setting this to <TT +CLASS="CONSTANT" +>yes</TT +> can help Samba return + out of quota messages on systems that are restricting the disk quota + of users.</P +><P +>Default: <B +CLASS="COMMAND" +>strict allocate = no</B +></P +></DD +><DT +><A NAME="STRICTLOCKING" ></A >strict locking (S)</DT @@ -17458,6 +17739,30 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="USEMMAP" +></A +>use mmap (G)</DT +><DD +><P +>This global parameter determines if the tdb internals of Samba can + depend on mmap working correctly on the running system. Samba requires a coherent + mmap/read-write system memory cache. Currently only HPUX does not have such a + coherent cache, and so this parameter is set to <TT +CLASS="CONSTANT" +>false</TT +> by + default on HPUX. On all other systems this parameter should be left alone. This + parameter is provided to help the Samba developers track down problems with + the tdb internal code. + </P +><P +>Default: <B +CLASS="COMMAND" +>use mmap = yes</B +></P +></DD +><DT +><A NAME="USERHOSTS" ></A >use rhosts (G)</DT @@ -18152,15 +18457,14 @@ WIDTH="90%" ><TD ><PRE CLASS="PROGRAMLISTING" -> ; Veto any files containing the word Security, - ; any ending in .tmp, and any directory containing the - ; word root. - veto files = /*Security*/*.tmp/*root*/ +>; Veto any files containing the word Security, +; any ending in .tmp, and any directory containing the +; word root. +veto files = /*Security*/*.tmp/*root*/ - ; Veto the Apple specific files that a NetAtalk server - ; creates. - veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - </PRE +; Veto the Apple specific files that a NetAtalk server +; creates. +veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/</PRE ></TD ></TR ></TABLE @@ -18416,7 +18720,7 @@ CLASS="COMMAND" ><P >Default: <B CLASS="COMMAND" ->winbind enum groups = no </B +>winbind enum groups = yes </B > </P ></DD @@ -18883,7 +19187,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN5953" +NAME="AEN6052" ></A ><H2 >WARNINGS</H2 @@ -18913,7 +19217,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN5959" +NAME="AEN6058" ></A ><H2 >VERSION</H2 @@ -18924,7 +19228,7 @@ NAME="AEN5959" ><DIV CLASS="REFSECT1" ><A -NAME="AEN5962" +NAME="AEN6061" ></A ><H2 >SEE ALSO</H2 @@ -19003,7 +19307,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN5982" +NAME="AEN6081" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smbcontrol.1.html b/docs/htmldocs/smbcontrol.1.html index 1f3b020c87..c824a7cd09 100644 --- a/docs/htmldocs/smbcontrol.1.html +++ b/docs/htmldocs/smbcontrol.1.html @@ -140,6 +140,10 @@ CLASS="FILENAME" ><P >One of: <TT CLASS="CONSTANT" +>close-share</TT +>, + <TT +CLASS="CONSTANT" >debug</TT >, <TT @@ -166,6 +170,20 @@ CLASS="CONSTANT" ><P >The <TT CLASS="CONSTANT" +>close-share</TT +> message-type sends a + message to smbd which will then close the client connections to + the named share. Note that this doesn't affect client connections + to any other shares. This message-type takes an argument of the + share name for which client connections will be close, or the + "*" character which will close all currently open shares. + This message can only be sent to <TT +CLASS="CONSTANT" +>smbd</TT +>.</P +><P +>The <TT +CLASS="CONSTANT" >debug</TT > message-type allows the debug level to be set to the value specified by the @@ -252,7 +270,7 @@ CLASS="CONSTANT" ><DIV CLASS="REFSECT1" ><A -NAME="AEN78" +NAME="AEN82" ></A ><H2 >VERSION</H2 @@ -263,7 +281,7 @@ NAME="AEN78" ><DIV CLASS="REFSECT1" ><A -NAME="AEN81" +NAME="AEN85" ></A ><H2 >SEE ALSO</H2 @@ -289,7 +307,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN88" +NAME="AEN92" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html index be82ef6d4e..e093a05f64 100644 --- a/docs/htmldocs/smbd.8.html +++ b/docs/htmldocs/smbd.8.html @@ -36,7 +36,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbd</B -> [-D] [-a] [-o] [-P] [-h] [-V] [-d <debug level>] [-l <log file>] [-p <port number>] [-O <socket option>] [-s <configuration file>]</P +> [-D] [-a] [-o] [-P] [-h] [-V] [-d <debug level>] [-l <log directory>] [-p <port number>] [-O <socket option>] [-s <configuration file>]</P ></DIV ><DIV CLASS="REFSECT1" @@ -228,17 +228,19 @@ CLASS="FILENAME" > file.</P ></DD ><DT ->-l <log file></DT +>-l <log directory></DT ><DD ><P ->If specified, <TT +>If specified, + <TT CLASS="REPLACEABLE" ><I ->log file</I +>log directory</I ></TT > - specifies a log filename into which informational and debug - messages from the running server will be logged. The log + specifies a log directory into which the "log.smbd" log + file will be created for informational and debug + messages from the running server. The log file generated is never removed by the server although its size may be controlled by the <A HREF="smb.conf.5.html#maxlogsize" @@ -252,8 +254,11 @@ TARGET="_top" CLASS="FILENAME" > smb.conf(5)</TT ></A -> file. The default log - file name is specified at compile time.</P +> file. + </P +><P +>The default log directory is specified at + compile time.</P ></DD ><DT >-O <socket options></DT @@ -331,7 +336,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN109" +NAME="AEN110" ></A ><H2 >FILES</H2 @@ -429,7 +434,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN142" +NAME="AEN143" ></A ><H2 >LIMITATIONS</H2 @@ -448,7 +453,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN146" +NAME="AEN147" ></A ><H2 >ENVIRONMENTVARIABLES</H2 @@ -479,7 +484,7 @@ CLASS="CONSTANT" ><DIV CLASS="REFSECT1" ><A -NAME="AEN155" +NAME="AEN156" ></A ><H2 >INSTALLATION</H2 @@ -601,7 +606,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN188" +NAME="AEN189" ></A ><H2 >RUNNING THE SERVER AS A DAEMON</H2 @@ -656,7 +661,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN201" +NAME="AEN202" ></A ><H2 >RUNNING THE SERVER ON REQUEST</H2 @@ -792,7 +797,7 @@ CLASS="COMPUTEROUTPUT" ><DIV CLASS="REFSECT1" ><A -NAME="AEN233" +NAME="AEN234" ></A ><H2 >PAM INTERACTION</H2 @@ -837,7 +842,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN244" +NAME="AEN245" ></A ><H2 >TESTING THE INSTALLATION</H2 @@ -895,7 +900,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN258" +NAME="AEN259" ></A ><H2 >VERSION</H2 @@ -906,7 +911,7 @@ NAME="AEN258" ><DIV CLASS="REFSECT1" ><A -NAME="AEN261" +NAME="AEN262" ></A ><H2 >DIAGNOSTICS</H2 @@ -929,7 +934,7 @@ NAME="AEN261" ><DIV CLASS="REFSECT1" ><A -NAME="AEN266" +NAME="AEN267" ></A ><H2 >SIGNALS</H2 @@ -994,7 +999,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN283" +NAME="AEN284" ></A ><H2 >SEE ALSO</H2 @@ -1060,7 +1065,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN300" +NAME="AEN301" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html index be82bc8809..c8f97c89d1 100644 --- a/docs/htmldocs/smbpasswd.8.html +++ b/docs/htmldocs/smbpasswd.8.html @@ -36,12 +36,12 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbpasswd</B -> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-j DOMAIN] [-U username[%password]] [-h] [-s] [username]</P +> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-j DOMAIN] [-U username[%password]] [-h] [-s] [-w pass] [username]</P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN25" +NAME="AEN26" ></A ><H2 >DESCRIPTION</H2 @@ -110,7 +110,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN41" +NAME="AEN42" ></A ><H2 >OPTIONS</H2 @@ -512,6 +512,47 @@ CLASS="COMMAND" is to aid people writing scripts to drive smbpasswd</P ></DD ><DT +>-w password</DT +><DD +><P +>This parameter is only available is Samba + has been configured to use the experiemental + <B +CLASS="COMMAND" +>--with-ldapsam</B +> option. The <TT +CLASS="PARAMETER" +><I +>-w</I +></TT +> + switch is used to specify the password to be used with the + <A +HREF="smb.conf.5.html#LDAPADMINDN" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>ldap admin + dn</I +></TT +></A +>. Note that the password is stored in + the <TT +CLASS="FILENAME" +>private/secrets.tdb</TT +> and is keyed off + of the admin's DN. This means that if the value of <TT +CLASS="PARAMETER" +><I +>ldap + admin dn</I +></TT +> ever changes, the password will beed to be + manually updated as well. + </P +></DD +><DT >username</DT ><DD ><P @@ -529,7 +570,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN171" +NAME="AEN182" ></A ><H2 >NOTES</H2 @@ -572,7 +613,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN181" +NAME="AEN192" ></A ><H2 >VERSION</H2 @@ -583,7 +624,7 @@ NAME="AEN181" ><DIV CLASS="REFSECT1" ><A -NAME="AEN184" +NAME="AEN195" ></A ><H2 >SEE ALSO</H2 @@ -606,7 +647,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN190" +NAME="AEN201" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/using_samba/licenseinfo.html b/docs/htmldocs/using_samba/licenseinfo.html index 71bc74def8..7e8962a832 100644 --- a/docs/htmldocs/using_samba/licenseinfo.html +++ b/docs/htmldocs/using_samba/licenseinfo.html @@ -38,8 +38,8 @@ should read: O'Reilly & Associates. This material may be distributed only subject to the terms and conditions set forth in the license, which is presently available at - <a href="http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html"> - http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html</a>. + <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html"> + http://www.oreilly.com/catalog/samba/licenseinfo.html</a>. </blockquote> <p> For an excerpt, the reference should read: @@ -50,8 +50,8 @@ For an excerpt, the reference should read: and published by O'Reilly & Associates. This material may be distributed only subject to the terms and conditions set forth in the license, which is presently available at - <a href="http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html"> - http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html</a>. + <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html"> + http://www.oreilly.com/catalog/samba/licenseinfo.html</a>. </blockquote> <p> Translations must contain similar references in the target @@ -64,8 +64,8 @@ the following: published by O'Reilly & Associates. This material may be distributed only subject to the terms and conditions set forth in the license, which is presently available at - <a href="http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html"> - http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html</a>. + <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html"> + http://www.oreilly.com/catalog/samba/licenseinfo.html</a>. </blockquote> <p> Both commercial and noncommercial redistribution of material diff --git a/docs/htmldocs/using_samba/this_edition.html b/docs/htmldocs/using_samba/this_edition.html index 839f65737a..71522ac31e 100644 --- a/docs/htmldocs/using_samba/this_edition.html +++ b/docs/htmldocs/using_samba/this_edition.html @@ -31,8 +31,8 @@ By Robert Eckstein, David Collier-Brown & Peter Kelly O'Reilly & Associates. This material may be distributed only subject to the terms and conditions set forth in the license, which is presently available at - <a href="http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html"> - http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html</a>. + <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html"> + http://www.oreilly.com/catalog/samba/licenseinfo.html</a>. </blockquote> <hr size=1 noshade> diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html index addf74935c..5148b4bc85 100644 --- a/docs/htmldocs/winbind.html +++ b/docs/htmldocs/winbind.html @@ -473,12 +473,22 @@ NAME="AEN89" ></H2 ><P >If you have a samba configuration file that you are currently -using... BACK IT UP! If your system already uses PAM, BACK UP -THE <TT +using... <I +CLASS="EMPHASIS" +>BACK IT UP!</I +> If your system already uses PAM, +<I +CLASS="EMPHASIS" +>back up the <TT CLASS="FILENAME" >/etc/pam.d</TT -> directory contents! If you -haven't already made a boot disk, MAKE ON NOW!</P +> directory +contents!</I +> If you haven't already made a boot disk, +<I +CLASS="EMPHASIS" +>MAKE ONE NOW!</I +></P ><P >Messing with the pam configuration files can make it nearly impossible to log in to yourmachine. That's why you want to be able to boot back @@ -489,10 +499,15 @@ CLASS="FILENAME" > back to the original state they were in if you get frustrated with the way things are going. ;-)</P ><P ->The newest version of SAMBA (version 2.2.2), available from -cvs.samba.org, now include a functioning winbindd daemon. Please refer -to the main SAMBA web page or, better yet, your closest SAMBA mirror -site for instructions on downloading the source code.</P +>The latest version of SAMBA (version 2.2.2 as of this writing), now +includes a functioning winbindd daemon. Please refer to the +<A +HREF="http://samba.org/" +TARGET="_top" +>main SAMBA web page</A +> or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code.</P ><P >To allow Domain users the ability to access SAMBA shares and files, as well as potentially other services provided by your @@ -500,15 +515,21 @@ SAMBA machine, PAM (pluggable authentication modules) must be setup properly on your machine. In order to compile the winbind modules, you should have at least the pam libraries resident on your system. For recent RedHat systems (7.1, for instance), that -means 'pam-0.74-22'. For best results, it is helpful to also -install the development packages in 'pam-devel-0.74-22'.</P +means <TT +CLASS="FILENAME" +>pam-0.74-22</TT +>. For best results, it is helpful to also +install the development packages in <TT +CLASS="FILENAME" +>pam-devel-0.74-22</TT +>.</P ></DIV ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN97" +NAME="AEN103" >Testing Things Out</A ></H2 ><P @@ -539,51 +560,79 @@ CLASS="FILENAME" >/usr/man</TT > entries for pam. Winbind built better in SAMBA if the pam-devel package was also installed. This package includes -the header files needed to compile pam-aware applications. For instance, my RedHat -system has both 'pam-0.74-22' and 'pam-devel-0.74-22' RPMs installed.</P +the header files needed to compile pam-aware applications. For instance, +my RedHat system has both <TT +CLASS="FILENAME" +>pam-0.74-22</TT +> and +<TT +CLASS="FILENAME" +>pam-devel-0.74-22</TT +> RPMs installed.</P ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN106" +NAME="AEN114" >Configure and compile SAMBA</A ></H3 ><P >The configuration and compilation of SAMBA is pretty straightforward. -The first three steps maynot be necessary depending upon +The first three steps may not be necessary depending upon whether or not you have previously built the Samba binaries.</P ><P ><PRE CLASS="PROGRAMLISTING" ><TT CLASS="PROMPT" ->root# </TT -> autoconf +>root#</TT +> <B +CLASS="COMMAND" +>autoconf</B +> <TT CLASS="PROMPT" ->root# </TT -> make clean +>root#</TT +> <B +CLASS="COMMAND" +>make clean</B +> <TT CLASS="PROMPT" ->root# </TT -> rm config.cache +>root#</TT +> <B +CLASS="COMMAND" +>rm config.cache</B +> <TT CLASS="PROMPT" ->root# </TT -> ./configure --with-winbind +>root#</TT +> <B +CLASS="COMMAND" +>./configure --with-winbind</B +> <TT CLASS="PROMPT" ->root# </TT -> make +>root#</TT +> <B +CLASS="COMMAND" +>make</B +> <TT CLASS="PROMPT" ->root# </TT -> make install</PRE +>root#</TT +> <B +CLASS="COMMAND" +>make install</B +></PRE ></P ><P ->This will, by default, install SAMBA in /usr/local/samba. See the -main SAMBA documentation if you want to install SAMBA somewhere else. +>This will, by default, install SAMBA in <TT +CLASS="FILENAME" +>/usr/local/samba</TT +>. +See the main SAMBA documentation if you want to install SAMBA somewhere else. It will also build the winbindd executable and libraries. </P ></DIV ><DIV @@ -591,24 +640,37 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN118" ->Configure nsswitch.conf and the winbind libraries</A +NAME="AEN133" +>Configure <TT +CLASS="FILENAME" +>nsswitch.conf</TT +> and the +winbind libraries</A ></H3 ><P ->The libraries needed to run the winbind daemon through nsswitch -need to be copied to their proper locations, so</P +>The libraries needed to run the <B +CLASS="COMMAND" +>winbindd</B +> daemon +through nsswitch need to be copied to their proper locations, so</P ><P ><TT CLASS="PROMPT" ->root# </TT -> cp ../samba/source/nsswitch/libnss_winbind.so /lib</P +>root#</TT +> <B +CLASS="COMMAND" +>cp ../samba/source/nsswitch/libnss_winbind.so /lib</B +></P ><P >I also found it necessary to make the following symbolic link:</P ><P ><TT CLASS="PROMPT" ->root# </TT -> ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</P +>root#</TT +> <B +CLASS="COMMAND" +>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B +></P ><P >Now, as root you need to edit <TT CLASS="FILENAME" @@ -618,28 +680,35 @@ allow user and group entries to be visible from the <B CLASS="COMMAND" >winbindd</B > -daemon, as well as from your /etc/hosts files and NIS servers. My -<TT +daemon. My <TT CLASS="FILENAME" >/etc/nsswitch.conf</TT -> file look like this after editing:</P +> file look like +this after editing:</P ><P ><PRE CLASS="PROGRAMLISTING" > passwd: files winbind - shadow: files winbind + shadow: files group: files winbind</PRE ></P ><P > The libraries needed by the winbind daemon will be automatically -entered into the ldconfig cache the next time your system reboots, but it +entered into the <B +CLASS="COMMAND" +>ldconfig</B +> cache the next time +your system reboots, but it is faster (and you don't need to reboot) if you do it manually:</P ><P ><TT CLASS="PROMPT" ->root# </TT -> /sbin/ldconfig -v | grep winbind</P +>root#</TT +> <B +CLASS="COMMAND" +>/sbin/ldconfig -v | grep winbind</B +></P ><P >This makes <TT CLASS="FILENAME" @@ -652,7 +721,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN137" +NAME="AEN158" >Configure smb.conf</A ></H3 ><P @@ -681,16 +750,45 @@ CLASS="PROGRAMLISTING" >[global] <...> # separate domain and username with '+', like DOMAIN+username - winbind separator = + + <A +HREF="winbindd.8.html#WINBINDSEPARATOR" +TARGET="_top" +>winbind separator</A +> = + # use uids from 10000 to 20000 for domain users - winbind uid = 10000-20000 + <A +HREF="winbindd.8.html#WINBINDUID" +TARGET="_top" +>winbind uid</A +> = 10000-20000 # use gids from 10000 to 20000 for domain groups - winbind gid = 10000-20000 + <A +HREF="winbindd.8.html#WINBINDGID" +TARGET="_top" +>winbind gid</A +> = 10000-20000 # allow enumeration of winbind users and groups - winbind enum users = yes - winbind enum groups = yes + <A +HREF="winbindd.8.html#WINBINDENUMUSERS" +TARGET="_top" +>winbind enum users</A +> = yes + <A +HREF="winbindd.8.html#WINBINDENUMGROUP" +TARGET="_top" +>winbind enum groups</A +> = yes # give winbind users a real shell (only needed if they have telnet access) - template shell = /bin/bash</PRE + <A +HREF="winbindd.8.html#TEMPLATEHOMEDIR" +TARGET="_top" +>template homedir</A +> = /home/winnt/%D/%U + <A +HREF="winbindd.8.html#TEMPLATESHELL" +TARGET="_top" +>template shell</A +> = /bin/bash</PRE ></P ></DIV ><DIV @@ -698,7 +796,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN146" +NAME="AEN174" >Join the SAMBA server to the PDC domain</A ></H3 ><P @@ -719,8 +817,11 @@ a domain user who has administrative privileges in the domain.</P ><P ><TT CLASS="PROMPT" ->root# </TT ->/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</P +>root#</TT +> <B +CLASS="COMMAND" +>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</B +></P ><P >The proper response to the command should be: "Joined the domain <TT @@ -741,7 +842,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN156" +NAME="AEN185" >Start up the winbindd daemon and test it!</A ></H3 ><P @@ -753,25 +854,37 @@ command as root:</P ><P ><TT CLASS="PROMPT" ->root# </TT ->/usr/local/samba/bin/winbindd</P +>root#</TT +> <B +CLASS="COMMAND" +>/usr/local/samba/bin/winbindd</B +></P ><P >I'm always paranoid and like to make sure the daemon is really running...</P ><P ><TT CLASS="PROMPT" ->root# </TT -> ps -ae | grep winbindd -3025 ? 00:00:00 winbindd</P +>root#</TT +> <B +CLASS="COMMAND" +>ps -ae | grep winbindd</B +></P +><P +>This command should produce output like this, if the daemon is running</P +><P +>3025 ? 00:00:00 winbindd</P ><P >Now... for the real test, try to get some information about the users on your PDC</P ><P ><TT CLASS="PROMPT" ->root# </TT -> # /usr/local/samba/bin/wbinfo -u</P +>root#</TT +> <B +CLASS="COMMAND" +>/usr/local/samba/bin/wbinfo -u</B +></P ><P > This should echo back a list of users on your Windows users on @@ -787,7 +900,13 @@ CEO+krbtgt CEO+TsInternetUser</PRE ></P ><P ->Obviously, I have named my domain 'CEO' and my winbindd separator is '+'.</P +>Obviously, I have named my domain 'CEO' and my <TT +CLASS="PARAMETER" +><I +>winbindd +separator</I +></TT +> is '+'.</P ><P >You can do the same sort of thing to get group information from the PDC:</P @@ -796,8 +915,11 @@ the PDC:</P CLASS="PROGRAMLISTING" ><TT CLASS="PROMPT" ->root# </TT ->/usr/local/samba/bin/wbinfo -g +>root#</TT +> <B +CLASS="COMMAND" +>/usr/local/samba/bin/wbinfo -g</B +> CEO+Domain Admins CEO+Domain Users CEO+Domain Guests @@ -815,8 +937,11 @@ Try the following command:</P ><P ><TT CLASS="PROMPT" ->root# </TT -> getent passwd</P +>root#</TT +> <B +CLASS="COMMAND" +>getent passwd</B +></P ><P >You should get a list that looks like your <TT CLASS="FILENAME" @@ -829,16 +954,22 @@ directories and default shells.</P ><P ><TT CLASS="PROMPT" ->root# </TT -> getent group</P +>root#</TT +> <B +CLASS="COMMAND" +>getent group</B +></P ></DIV ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN183" ->Fix the /etc/rc.d/init.d/smb startup files</A +NAME="AEN221" +>Fix the <TT +CLASS="FILENAME" +>/etc/rc.d/init.d/smb</TT +> startup files</A ></H3 ><P >The <B @@ -926,44 +1057,85 @@ CLASS="PROGRAMLISTING" return $RETVAL }</PRE ></P +><P +>If you restart the <B +CLASS="COMMAND" +>smbd</B +>, <B +CLASS="COMMAND" +>nmbd</B +>, +and <B +CLASS="COMMAND" +>winbindd</B +> daemons at this point, you +should be able to connect to the samba server as a domain member just as +if you were a local user.</P ></DIV ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN200" +NAME="AEN243" >Configure Winbind and PAM</A ></H3 ><P ->If you have made it this far, you know that winbindd is working. -Now it is time to integrate it into the operation of samba and other -services. The pam configuration files need to be altered in +>If you have made it this far, you know that winbindd and samba are working +together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in this step. (Did you remember to make backups of your original <TT CLASS="FILENAME" >/etc/pam.d</TT > files? If not, do it now.)</P ><P ->To get samba to allow domain users and groups, I modified the +>You will need a pam module to use winbindd with these other services. This +module will be compiled in the <TT +CLASS="FILENAME" +>../source/nsswitch</TT +> directory +by invoking the command</P +><P +><TT +CLASS="PROMPT" +>root#</TT +> <B +CLASS="COMMAND" +>make nsswitch/pam_winbind.so</B +></P +><P +>from the <TT +CLASS="FILENAME" +>../source</TT +> directory. The <TT CLASS="FILENAME" ->/etc/pam.d/samba</TT -> file from</P +>pam_winbind.so</TT +> file should be copied to the location of +your other pam security modules. On my RedHat system, this was the +<TT +CLASS="FILENAME" +>/lib/security</TT +> directory.</P ><P -><PRE -CLASS="PROGRAMLISTING" ->auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_stack.so service=system-auth</PRE +><TT +CLASS="PROMPT" +>root#</TT +> <B +CLASS="COMMAND" +>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B ></P ><P ->to</P +>The <TT +CLASS="FILENAME" +>/etc/pam.d/samba</TT +> file does not need to be changed. I +just left this fileas it was:</P ><P ><PRE CLASS="PROGRAMLISTING" ->auth required /lib/security/pam_winbind.so -auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_winbind.so +>auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth</PRE ></P ><P @@ -1027,10 +1199,11 @@ changed to look like this:</P ><P ><PRE CLASS="PROGRAMLISTING" ->auth sufficient /lib/security/pam_winbind.so -auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +>auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_shells.so +account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth</PRE ></P @@ -1073,15 +1246,6 @@ CLASS="COMMAND" >winbind.so</B > line to get rid of annoying double prompts for passwords.</P -><P ->Finally, don't forget to copy the winbind pam modules from -the source directory in which you originally compiled the new -SAMBA up to the /lib/security directory so that pam can use it:</P -><P -><TT -CLASS="PROMPT" ->root# </TT -> cp ../samba/source/nsswitch/pam_winbind.so /lib/security</P ></DIV ></DIV ></DIV @@ -1090,7 +1254,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN241" +NAME="AEN290" >Limitations</A ></H1 ><P @@ -1131,7 +1295,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN251" +NAME="AEN300" >Conclusion</A ></H1 ><P diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html index ad54228a6f..0147861284 100644 --- a/docs/htmldocs/winbindd.8.html +++ b/docs/htmldocs/winbindd.8.html @@ -77,6 +77,30 @@ CLASS="COMMAND" Windows NT server. The service can also provide authentication services via an associated PAM module. </P ><P +> The <TT +CLASS="FILENAME" +>pam_winbind</TT +> module in the 2.2.2 release only + supports the <TT +CLASS="PARAMETER" +><I +>auth</I +></TT +> and <TT +CLASS="PARAMETER" +><I +>account</I +></TT +> + module-types. The latter is simply + performs a getpwnam() to verify that the system can obtain a uid for the + user. If the <TT +CLASS="FILENAME" +>libnss_winbind</TT +> library has been correctly + installed, this should always suceed. + </P +><P >The following nsswitch databases are implemented by the winbindd service: </P ><P @@ -149,7 +173,7 @@ group: files winbind ><DIV CLASS="REFSECT1" ><A -NAME="AEN43" +NAME="AEN48" ></A ><H2 >OPTIONS</H2 @@ -188,7 +212,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN56" +NAME="AEN61" ></A ><H2 >NAME AND ID RESOLUTION</H2 @@ -219,7 +243,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN62" +NAME="AEN67" ></A ><H2 >CONFIGURATION</H2 @@ -484,7 +508,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN144" +NAME="AEN149" ></A ><H2 >EXAMPLE SETUP</H2 @@ -662,7 +686,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN183" +NAME="AEN188" ></A ><H2 >NOTES</H2 @@ -720,7 +744,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN199" +NAME="AEN204" ></A ><H2 >SIGNALS</H2 @@ -771,7 +795,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN216" +NAME="AEN221" ></A ><H2 >FILES</H2 @@ -847,7 +871,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN245" +NAME="AEN250" ></A ><H2 >VERSION</H2 @@ -858,7 +882,7 @@ NAME="AEN245" ><DIV CLASS="REFSECT1" ><A -NAME="AEN248" +NAME="AEN253" ></A ><H2 >SEE ALSO</H2 @@ -886,7 +910,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN255" +NAME="AEN260" ></A ><H2 >AUTHOR</H2 diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1 index 7821fd74cb..23a51a353d 100644 --- a/docs/manpages/findsmb.1 +++ b/docs/manpages/findsmb.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "FINDSMB" "1" "24 April 2001" "" "" +.TH "FINDSMB" "1" "06 December 2001" "" "" .SH NAME findsmb \- list info about machines that respond to SMB name queries on a subnet .SH SYNOPSIS @@ -74,7 +74,8 @@ the Samba suite. .PP \fBnmbd(8)\fR, \fBsmbclient(1) -\fR.SH "AUTHOR" +\fR +.SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5 index ad64897b47..eb55aa3104 100644 --- a/docs/manpages/lmhosts.5 +++ b/docs/manpages/lmhosts.5 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "LMHOSTS" "5" "15 September 2001" "" "" +.TH "LMHOSTS" "5" "06 December 2001" "" "" .SH NAME lmhosts \- The Samba NetBIOS hosts file .SH SYNOPSIS @@ -76,7 +76,8 @@ the Samba suite. .SH "SEE ALSO" .PP \fBsmbclient(1) -\fR.SH "AUTHOR" +\fR +.SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1 index fec52adee5..bb53aeb02d 100644 --- a/docs/manpages/make_smbcodepage.1 +++ b/docs/manpages/make_smbcodepage.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "MAKE_SMBCODEPAGE" "1" "01 June 2001" "" "" +.TH "MAKE_SMBCODEPAGE" "1" "06 December 2001" "" "" .SH NAME make_smbcodepage \- construct a codepage file for Samba .SH SYNOPSIS @@ -124,7 +124,8 @@ the Samba suite. .SH "SEE ALSO" .PP \fBsmbd(8)\fR, -smb.conf(5).SH "AUTHOR" +smb.conf(5) +.SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed diff --git a/docs/manpages/make_unicodemap.1 b/docs/manpages/make_unicodemap.1 index 6987abcae6..93683c2708 100644 --- a/docs/manpages/make_unicodemap.1 +++ b/docs/manpages/make_unicodemap.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "MAKE_UNICODEMAP" "1" "10 October 2001" "" "" +.TH "MAKE_UNICODEMAP" "1" "06 December 2001" "" "" .SH NAME make_unicodemap \- construct a unicode map file for Samba .SH SYNOPSIS diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index 7675459166..e7786549a1 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -3,12 +3,12 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "NMBD" "8" "10 October 2001" "" "" +.TH "NMBD" "8" "06 December 2001" "" "" .SH NAME nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients .SH SYNOPSIS .sp -\fBnmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d <debug level>\fR ] [ \fB-H <lmhosts file>\fR ] [ \fB-l <log file>\fR ] [ \fB-n <primary netbios name>\fR ] [ \fB-p <port number>\fR ] [ \fB-s <configuration file>\fR ] +\fBnmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d <debug level>\fR ] [ \fB-H <lmhosts file>\fR ] [ \fB-l <log directory>\fR ] [ \fB-n <primary netbios name>\fR ] [ \fB-p <port number>\fR ] [ \fB-s <configuration file>\fR ] .SH "DESCRIPTION" .PP This program is part of the Samba suite. @@ -115,17 +115,14 @@ Note that specifying this parameter here will override the log level parameter in the \fI smb.conf\fRfile. .TP -\fB-l <log file>\fR -The -l parameter specifies a path -and base filename into which operational data from -the running \fBnmbd\fR server will -be logged. The actual log file name is generated by -appending the extension ".nmb" to the specified base -name. For example, if the name specified was "log" -then the file log.nmb would contain the debugging data. +\fB-l <log directory>\fR +The -l parameter specifies a directory +into which the "log.nmbd" log file will be created +for operational data from the running +\fBnmbd\fR server. -The default log file path is compiled into Samba as -part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or +The default log directory is compiled into Samba +as part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or \fI/var/log/log.nmb\fR. .TP \fB-n <primary NetBIOS name>\fR diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 index 40c933be69..c607a4a72d 100644 --- a/docs/manpages/nmblookup.1 +++ b/docs/manpages/nmblookup.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "NMBLOOKUP" "1" "10 October 2001" "" "" +.TH "NMBLOOKUP" "1" "06 December 2001" "" "" .SH NAME nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names .SH SYNOPSIS diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index 6233d1636b..a29dbe2844 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "RPCCLIENT" "1" "10 October 2001" "" "" +.TH "RPCCLIENT" "1" "06 December 2001" "" "" .SH NAME rpcclient \- tool for executing client side MS-RPC functions .SH SYNOPSIS @@ -72,7 +72,7 @@ Specifies the location of the all important \fB-U username[%password]\fR Sets the SMB username or username and password. -If %password is not specified, The user will be prompted. The +If %password is not specified, the user will be prompted. The client will first check the \fBUSER\fR environment variable, then the \fBLOGNAME\fR variable and if either exists, the string is uppercased. If these environmental variables are not diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index a36bd90511..ff16ff7c91 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SAMBA" "7" "24 April 2001" "" "" +.TH "SAMBA" "7" "06 December 2001" "" "" .SH NAME SAMBA \- A Windows SMB/CIFS fileserver for UNIX .SH SYNOPSIS diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index b7cc9b98de..9d88615f3f 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMB.CONF" "5" "10 October 2001" "" "" +.TH "SMB.CONF" "5" "06 December 2001" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -387,8 +387,8 @@ process. \fB%a\fR the architecture of the remote machine. Only some are recognized, and those may not be -100% reliable. It currently recognizes Samba, WfWg, -WinNT and Win95. Anything else will be known as +100% reliable. It currently recognizes Samba, WfWg, Win95, +WinNT and Win2k. Anything else will be known as "UNKNOWN". If it gets it wrong then sending a level 3 log to samba@samba.org <URL:mailto:samba@samba.org> should allow it to be fixed. @@ -653,6 +653,24 @@ each parameter for details. Note that some are synonyms. \fIlarge readwrite\fR .TP 0.2i \(bu +\fIldap admin dn\fR +.TP 0.2i +\(bu +\fIldap filter\fR +.TP 0.2i +\(bu +\fIldap port\fR +.TP 0.2i +\(bu +\fIldap server\fR +.TP 0.2i +\(bu +\fIldap ssl\fR +.TP 0.2i +\(bu +\fIldap suffix\fR +.TP 0.2i +\(bu \fIlm announce\fR .TP 0.2i \(bu @@ -758,9 +776,6 @@ each parameter for details. Note that some are synonyms. \fInis homedir\fR .TP 0.2i \(bu -\fInt acl support\fR -.TP 0.2i -\(bu \fInt pipe support\fR .TP 0.2i \(bu @@ -896,6 +911,15 @@ each parameter for details. Note that some are synonyms. \fIssl compatibility\fR .TP 0.2i \(bu +\fIssl egd socket\fR +.TP 0.2i +\(bu +\fIssl entropy bytes\fR +.TP 0.2i +\(bu +\fIssl entropy file\fR +.TP 0.2i +\(bu \fIssl hosts\fR .TP 0.2i \(bu @@ -956,6 +980,9 @@ each parameter for details. Note that some are synonyms. \fIupdate encrypted\fR .TP 0.2i \(bu +\fIuse mmap\fR +.TP 0.2i +\(bu \fIuse rhosts\fR .TP 0.2i \(bu @@ -1209,6 +1236,9 @@ each parameter for details. Note that some are synonyms. \fImsdfs root\fR .TP 0.2i \(bu +\fInt acl support\fR +.TP 0.2i +\(bu \fIonly guest\fR .TP 0.2i \(bu @@ -1305,6 +1335,9 @@ each parameter for details. Note that some are synonyms. \fIstatus\fR .TP 0.2i \(bu +\fIstrict allocate\fR +.TP 0.2i +\(bu \fIstrict locking\fR .TP 0.2i \(bu @@ -2535,8 +2568,8 @@ If set to true, the Samba server will serve Windows 95/98 Domain logons for the \fIworkgroup\fR it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows NT 4 Domains. For more details on setting up this feature see -the file DOMAINS.txt in the Samba documentation directory \fIdocs/ -\fRshipped with the source code. +the Samba-PDC-HOWTO included in the \fIhtmldocs/\fR +directory shipped with the source code. Default: \fBdomain logons = no\fR .TP @@ -2775,11 +2808,6 @@ permissions changed. The default for this parameter is (in octal) mode after the mask set in the \fIcreate mask\fR parameter is applied. -Note that by default this parameter does not apply to permissions -set by Windows NT/2000 ACL editors. If the administrator wishes to enforce -this mask on access control lists also, they need to set the \fIrestrict acl with -mask\fR to true. - See also the parameter \fIcreate mask\fR for details on masking mode bits on files. @@ -2804,11 +2832,6 @@ bits to a created directory. This operation is done after the mode mask in the parameter \fIdirectory mask\fR is applied. -Note that by default this parameter does not apply to permissions -set by Windows NT/2000 ACL editors. If the administrator wishes to enforce -this mask on access control lists also, they need to set the \fIrestrict acl with -mask\fR to true. - See also the parameter \fI directory mask\fR for details on masking mode bits on created directories. @@ -3368,6 +3391,88 @@ code paths. Default : \fBlarge readwrite = no\fR .TP +\fBldap admin dn (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +The \fIldap admin dn\fR defines the Distinguished +Name (DN) name used by Samba to contact the ldap +server when retreiving user account information. The \fIldap +admin dn\fR is used in conjunction with the admin dn password +stored in the \fIprivate/secrets.tdb\fR file. See the +\fBsmbpasswd(8)\fRman +page for more information on how to accmplish this. + +Default : \fBnone\fR +.TP +\fBldap filter (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +This parameter specifies the RFC 2254 compliant LDAP search filter. +The default is to match the login name with the uid +attribute for all entries matching the sambaAccount +objectclass. Note that this filter should only return one entry. + +Default : \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR +.TP +\fBldap port (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +This option is used to control the tcp port number used to contact +the \fIldap server\fR. +The default is to use the stand LDAP port 389. + +Default : \fBldap port = 389\fR +.TP +\fBldap server (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +This parameter should contains the FQDN of the ldap directory +server which should be queried to locate user account information. + +Default : \fBldap server = localhost\fR +.TP +\fBldap ssl (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +This option is used to define whether or not Samba should +use SSL when connecting to the \fIldap +server\fR. This is \fBNOT\fR related to +Samba SSL support which is enabled by specifying the +\fB--with-ssl\fR option to the \fIconfigure\fR +script (see \fIssl\fR). + +The \fIldap ssl\fR can be set to one of three values: +(a) \fBon\fR - Always use SSL when contacting the +\fIldap server\fR, (b) \fBoff\fR - +Never use SSL when querying the directory, or (c) \fBstart +tls\fR - Use the LDAPv3 StartTLS extended operation +(RFC2830) for communicating with the directory server. + +Default : \fBldap ssl = off\fR +.TP +\fBldap suffix (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +Default : \fBnone\fR +.TP \fBlevel2 oplocks (S)\fR This parameter controls whether Samba supports level2 (read-only) oplocks on a share. @@ -4363,7 +4468,7 @@ Default: \fBmin wins ttl = 21600\fR .TP \fBmsdfs root (S)\fR This boolean parameter is only available if -Samba is configured and compiled with the \fB --with-msdfs\fR option. If set to yes>, +Samba is configured and compiled with the \fB --with-msdfs\fR option. If set to yes, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic @@ -4398,7 +4503,7 @@ name to IP address resolution, using the system \fI/etc/hosts \fR, NIS, or DNS lookups. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch.conf\fR -file). Note that this method is only used if the NetBIOS name +file. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored. .TP 0.2i @@ -4489,10 +4594,12 @@ be a logon server. Default: \fBnis homedir = no\fR .TP -\fBnt acl support (G)\fR +\fBnt acl support (S)\fR This boolean parameter controls whether smbd(8)will attempt to map UNIX permissions into Windows NT access control lists. +This parameter was formally a global parameter in releases +prior to 2.2.2. Default: \fBnt acl support = yes\fR .TP @@ -4715,7 +4822,7 @@ if the expect string is a full stop then no string is expected. If the \fIpam password change\fR parameter is set to true, the chat pairs -may be matched in any order, and sucess is determined by the PAM result, +may be matched in any order, and success is determined by the PAM result, not any particular output. The \\n macro is ignored for PAM conversions. See also \fIunix password @@ -5066,8 +5173,9 @@ verbatim, with two exceptions: All occurrences of \fI%s \fRand \fI%f\fR will be replaced by the appropriate spool file name, and all occurrences of \fI%p \fRwill be replaced by the appropriate printer name. The -spool file name is generated automatically by the server, the printer -name is discussed below. +spool file name is generated automatically by the server. The +\fI%J\fR macro can be used to access the job +name as transmitted by the client. The print command \fBMUST\fR contain at least one occurrence of \fI%s\fR or \fI%f @@ -5105,7 +5213,7 @@ or PLP :\fR \fBprint command = lpr -r -P%p %s\fR -For \fBprinting = SYS or HPUX :\fR +For \fBprinting = SYSV or HPUX :\fR \fBprint command = lp -c -d%p %s; rm %s\fR @@ -5289,7 +5397,7 @@ default values for the \fIprint command\fR, \fIlprm command\fR if specified in the [global] section. -Currently eight printing styles are supported. They are +Currently nine printing styles are supported. They are BSD, AIX, LPRNG, PLP, SYSV, HPUX, @@ -5483,27 +5591,6 @@ is in fact the browse master on its segment. Default: \fBremote browse sync = <empty string> \fR.TP -\fBrestrict acl with mask (S)\fR -This is a boolean parameter. If set to false (default), then -creation of files with access control lists (ACLS) and modification of ACLs -using the Windows NT/2000 ACL editor will be applied directly to the file -or directory. - -If set to true, then all requests to set an ACL on a file will have the -parameters \fIcreate mask\fR, -\fIforce create mode\fR -applied before setting the ACL, and all requests to set an ACL on a directory will -have the parameters \fIdirectory -mask\fR, \fIforce -directory mode\fR applied before setting the ACL. - -See also \fIcreate mask\fR, -\fIforce create mode\fR, -\fIdirectory mask\fR, -\fIforce directory mode\fR - -Default: \fBrestrict acl with mask = no\fR -.TP \fBrestrict anonymous (G)\fR This is a boolean parameter. If it is true, then anonymous access to the server will be restricted, namely in the @@ -5609,7 +5696,7 @@ The alternatives are \fBsecurity = share\fR, \fBsecurity = server\fR or \fBsecurity = domain \fR\&. -In versions of Samba prior to 2..0, the default was +In versions of Samba prior to 2.0.0, the default was \fBsecurity = share\fR mainly because that was the only option at one stage. @@ -6118,10 +6205,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - This variable enables or disables the entire SSL mode. If it is set to no, the SSL-enabled Samba behaves exactly like the non-SSL Samba. If set to yes, @@ -6136,10 +6219,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - This variable defines where to look up the Certification Authorities. The given directory should contain one file for each CA that Samba will trust. The file name must be the hash @@ -6156,10 +6235,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - This variable is a second way to define the trusted CAs. The certificates of the trusted CAs are collected in one big file and this variable points to the file. You will probably @@ -6177,10 +6252,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - This variable defines the ciphers that should be offered during SSL negotiation. You should not set this variable unless you know what you are doing. @@ -6191,10 +6262,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - The certificate in this file is used by \fBsmbclient(1)\fRif it exists. It's needed if the server requires a client certificate. @@ -6206,10 +6273,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - This is the private key for \fBsmbclient(1)\fR. It's only needed if the client should have a certificate. @@ -6221,17 +6284,55 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - -This variable defines whether SSLeay should be configured +This variable defines whether OpenSSL should be configured for bug compatibility with other SSL implementations. This is probably not desirable because currently no clients with SSL -implementations other than SSLeay exist. +implementations other than OpenSSL exist. Default: \fBssl compatibility = no\fR .TP +\fBssl egd socket (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This option is used to define the location of the communiation socket of +an EGD or PRNGD daemon, from which entropy can be retrieved. This option +can be used instead of or together with the \fIssl entropy file\fR +directive. 255 bytes of entropy will be retrieved from the daemon. + +Default: \fBnone\fR +.TP +\fBssl entropy bytes (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This parameter is used to define the number of bytes which should +be read from the \fIssl entropy +file\fR If a -1 is specified, the entire file will +be read. + +Default: \fBssl entropy bytes = 255\fR +.TP +\fBssl entropy file (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This parameter is used to specify a file from which processes will +read "random bytes" on startup. In order to seed the internal pseudo +random number generator, entropy must be provided. On system with a +\fI/dev/urandom\fR device file, the processes +will retrieve its entropy from the kernel. On systems without kernel +entropy support, a file can be supplied that will be read on startup +and that will be used to seed the PRNG. + +Default: \fBnone\fR +.TP \fBssl hosts (G)\fR See \fI ssl hosts resign\fR. .TP @@ -6241,10 +6342,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - These two variables define whether Samba will go into SSL mode or not. If none of them is defined, Samba will allow only SSL connections. If the \fIssl hosts\fR variable lists @@ -6270,10 +6367,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - If this variable is set to yes, the server will not tolerate connections from clients that don't have a valid certificate. The directory/file given in \fIssl CA certDir\fR @@ -6296,10 +6389,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - If this variable is set to yes, the \fBsmbclient(1)\fR will request a certificate from the server. Same as @@ -6314,10 +6403,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - This is the file containing the server's certificate. The server \fBmust\fR have a certificate. The file may also contain the server's private key. See later for @@ -6331,10 +6416,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - This file contains the private key of the server. If this variable is not defined, the key is looked up in the certificate file (it may be appended to the certificate). @@ -6350,10 +6431,6 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -\fBNote\fR that for export control reasons -this code is \fBNOT\fR enabled by default in any -current binary version of Samba. - This enumeration variable defines the versions of the SSL protocol that will be used. ssl2or3 allows dynamic negotiation of SSL v2 or v3, ssl2 results @@ -6388,6 +6465,25 @@ change this parameter. Default: \fBstatus = yes\fR .TP +\fBstrict allocate (S)\fR +This is a boolean that controls the handling of +disk space allocation in the server. When this is set to yes +the server will change from UNIX behaviour of not committing real +disk storage blocks when a file is extended to the Windows behaviour +of actually forcing the disk system to allocate real storage blocks +when a file is created or extended to be a given size. In UNIX +terminology this means that Samba will stop creating sparse files. +This can be slow on some systems. + +When strict allocate is no the server does sparse +disk block allocation when a file is extended. + +Setting this to yes can help Samba return +out of quota messages on systems that are restricting the disk quota +of users. + +Default: \fBstrict allocate = no\fR +.TP \fBstrict locking (S)\fR This is a boolean that controls the handling of file locking in the server. When this is set to yes @@ -6594,6 +6690,17 @@ See also disable spoolss Default: \fBuse client driver = no\fR .TP +\fBuse mmap (G)\fR +This global parameter determines if the tdb internals of Samba can +depend on mmap working correctly on the running system. Samba requires a coherent +mmap/read-write system memory cache. Currently only HPUX does not have such a +coherent cache, and so this parameter is set to false by +default on HPUX. On all other systems this parameter should be left alone. This +parameter is provided to help the Samba developers track down problems with +the tdb internal code. + +Default: \fBuse mmap = yes\fR +.TP \fBuse rhosts (G)\fR If this global parameter is true, it specifies that the UNIX user's \fI.rhosts\fR file in their home directory @@ -6913,15 +7020,14 @@ Default: \fBNo files or directories are vetoed. Examples: .sp .nf - ; Veto any files containing the word Security, - ; any ending in .tmp, and any directory containing the - ; word root. - veto files = /*Security*/*.tmp/*root*/ - - ; Veto the Apple specific files that a NetAtalk server - ; creates. - veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - +; Veto any files containing the word Security, +; any ending in .tmp, and any directory containing the +; word root. +veto files = /*Security*/*.tmp/*root*/ + +; Veto the Apple specific files that a NetAtalk server +; creates. +veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ .sp .fi .TP @@ -7024,7 +7130,7 @@ call will not return any data. \fBWarning:\fR Turning off group enumeration may cause some programs to behave oddly. -Default: \fBwinbind enum groups = no \fR +Default: \fBwinbind enum groups = yes \fR .TP \fBwinbind gid\fR The winbind gid parameter specifies the range of group diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1 index 4ee3a9f30e..d2da694a26 100644 --- a/docs/manpages/smbcacls.1 +++ b/docs/manpages/smbcacls.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBCACLS" "1" "10 October 2001" "" "" +.TH "SMBCACLS" "1" "06 December 2001" "" "" .SH NAME smbcacls \- Set or get ACLs on an NT file or directory names .SH SYNOPSIS diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 41102ca822..4c5ef0b3e4 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBCLIENT" "1" "15 September 2001" "" "" +.TH "SMBCLIENT" "1" "06 December 2001" "" "" .SH NAME smbclient \- ftp-like client to access SMB/CIFS resources on servers .SH SYNOPSIS diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index 4dd9b65529..4b27119673 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBCONTROL" "1" "10 October 2001" "" "" +.TH "SMBCONTROL" "1" "06 December 2001" "" "" .SH NAME smbcontrol \- send messages to smbd or nmbd processes .SH SYNOPSIS @@ -42,11 +42,20 @@ If a single process ID is given, the message is sent to only that process. .TP \fBmessage-type\fR -One of: debug, +One of: close-share, +debug, force-election, ping , profile, debuglevel, profilelevel, or printer-notify. +The close-share message-type sends a +message to smbd which will then close the client connections to +the named share. Note that this doesn't affect client connections +to any other shares. This message-type takes an argument of the +share name for which client connections will be close, or the +"*" character which will close all currently open shares. +This message can only be sent to smbd. + The debug message-type allows the debug level to be set to the value specified by the parameter. This can be sent to any of the destinations. diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index a74ec9c175..42157c00b0 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -3,12 +3,12 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBD" "8" "10 October 2001" "" "" +.TH "SMBD" "8" "06 December 2001" "" "" .SH NAME smbd \- server to provide SMB/CIFS services to clients .SH SYNOPSIS .sp -\fBsmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d <debug level>\fR ] [ \fB-l <log file>\fR ] [ \fB-p <port number>\fR ] [ \fB-O <socket option>\fR ] [ \fB-s <configuration file>\fR ] +\fBsmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d <debug level>\fR ] [ \fB-l <log directory>\fR ] [ \fB-p <port number>\fR ] [ \fB-O <socket option>\fR ] [ \fB-s <configuration file>\fR ] .SH "DESCRIPTION" .PP This program is part of the Samba suite. @@ -105,14 +105,18 @@ Note that specifying this parameter here will override the log levelfile. .TP -\fB-l <log file>\fR -If specified, \fIlog file\fR -specifies a log filename into which informational and debug -messages from the running server will be logged. The log +\fB-l <log directory>\fR +If specified, +\fIlog directory\fR +specifies a log directory into which the "log.smbd" log +file will be created for informational and debug +messages from the running server. The log file generated is never removed by the server although its size may be controlled by the max log size -option in the \fI smb.conf(5)\fRfile. The default log -file name is specified at compile time. +option in the \fI smb.conf(5)\fRfile. + +The default log directory is specified at +compile time. .TP \fB-O <socket options>\fR See the socket options diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8 index f383d63509..bab134ef54 100644 --- a/docs/manpages/smbmnt.8 +++ b/docs/manpages/smbmnt.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBMNT" "8" "10 October 2001" "" "" +.TH "SMBMNT" "8" "06 December 2001" "" "" .SH NAME smbmnt \- helper utility for mounting SMB filesystems .SH SYNOPSIS diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 index f5b3141611..70a0911887 100644 --- a/docs/manpages/smbmount.8 +++ b/docs/manpages/smbmount.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBMOUNT" "8" "10 October 2001" "" "" +.TH "SMBMOUNT" "8" "06 December 2001" "" "" .SH NAME smbmount \- mount an smbfs filesystem .SH SYNOPSIS diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5 index f0145c19ca..b1adf080e7 100644 --- a/docs/manpages/smbpasswd.5 +++ b/docs/manpages/smbpasswd.5 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBPASSWD" "5" "10 October 2001" "" "" +.TH "SMBPASSWD" "5" "06 December 2001" "" "" .SH NAME smbpasswd \- The Samba encrypted password file .SH SYNOPSIS diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index f589865e78..8e5be46e31 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -3,12 +3,12 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBPASSWD" "8" "10 October 2001" "" "" +.TH "SMBPASSWD" "8" "06 December 2001" "" "" .SH NAME smbpasswd \- change a user's SMB password .SH SYNOPSIS .sp -\fBsmbpasswd\fR [ \fB-a\fR ] [ \fB-x\fR ] [ \fB-d\fR ] [ \fB-e\fR ] [ \fB-D debuglevel\fR ] [ \fB-n\fR ] [ \fB-r <remote machine>\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-m\fR ] [ \fB-j DOMAIN\fR ] [ \fB-U username[%password]\fR ] [ \fB-h\fR ] [ \fB-s\fR ] [ \fBusername\fR ] +\fBsmbpasswd\fR [ \fB-a\fR ] [ \fB-x\fR ] [ \fB-d\fR ] [ \fB-e\fR ] [ \fB-D debuglevel\fR ] [ \fB-n\fR ] [ \fB-r <remote machine>\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-m\fR ] [ \fB-j DOMAIN\fR ] [ \fB-U username[%password]\fR ] [ \fB-h\fR ] [ \fB-s\fR ] [ \fB-w pass\fR ] [ \fBusername\fR ] .SH "DESCRIPTION" .PP This tool is part of the Sambasuite. @@ -259,6 +259,18 @@ standard input, rather than from \fI/dev/tty\fR (like the \fBpasswd(1)\fR program does). This option is to aid people writing scripts to drive smbpasswd .TP +\fB-w password\fR +This parameter is only available is Samba +has been configured to use the experiemental +\fB--with-ldapsam\fR option. The \fI-w\fR +switch is used to specify the password to be used with the +\fIldap admin +dn\fR. Note that the password is stored in +the \fIprivate/secrets.tdb\fR and is keyed off +of the admin's DN. This means that if the value of \fIldap +admin dn\fR ever changes, the password will beed to be +manually updated as well. +.TP \fBusername\fR This specifies the username for all of the \fBroot only\fR options to operate on. Only root diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index 39cddced8a..349853bbc7 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBSH" "1" "10 October 2001" "" "" +.TH "SMBSH" "1" "06 December 2001" "" "" .SH NAME smbsh \- Allows access to Windows NT filesystem using UNIX commands .SH SYNOPSIS diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8 index 7272bf8206..864ea348f2 100644 --- a/docs/manpages/smbspool.8 +++ b/docs/manpages/smbspool.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBSPOOL" "8" "10 October 2001" "" "" +.TH "SMBSPOOL" "8" "06 December 2001" "" "" .SH NAME smbspool \- send print file to an SMB printer .SH SYNOPSIS diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index d2e3c97e79..17c1df25e5 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBSTATUS" "1" "01 June 2001" "" "" +.TH "SMBSTATUS" "1" "06 December 2001" "" "" .SH NAME smbstatus \- report on current Samba connections .SH SYNOPSIS diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1 index 2b5c7f0620..8e70d75fd8 100644 --- a/docs/manpages/smbtar.1 +++ b/docs/manpages/smbtar.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBTAR" "1" "24 April 2001" "" "" +.TH "SMBTAR" "1" "06 December 2001" "" "" .SH NAME smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives .SH SYNOPSIS @@ -14,7 +14,8 @@ smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape dri This tool is part of the Sambasuite. .PP \fBsmbtar\fR is a very small shell script on top -of \fBsmbclient(1)\fRwhich dumps SMB shares directly to tape. +of \fBsmbclient(1)\fR +which dumps SMB shares directly to tape. .SH "OPTIONS" .TP \fB-s server\fR diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8 index 84da229d4d..d20826950a 100644 --- a/docs/manpages/smbumount.8 +++ b/docs/manpages/smbumount.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBUMOUNT" "8" "10 October 2001" "" "" +.TH "SMBUMOUNT" "8" "06 December 2001" "" "" .SH NAME smbumount \- smbfs umount for normal users .SH SYNOPSIS diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8 index a2ca09fb6f..5e19f8705c 100644 --- a/docs/manpages/swat.8 +++ b/docs/manpages/swat.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SWAT" "8" "10 October 2001" "" "" +.TH "SWAT" "8" "06 December 2001" "" "" .SH NAME swat \- Samba Web Administration Tool .SH SYNOPSIS diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1 index 5468fb1c33..d9515eddf4 100644 --- a/docs/manpages/testparm.1 +++ b/docs/manpages/testparm.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "TESTPARM" "1" "10 October 2001" "" "" +.TH "TESTPARM" "1" "06 December 2001" "" "" .SH NAME testparm \- check an smb.conf configuration file for internal correctness .SH SYNOPSIS diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1 index 97a055f529..fd62ed8386 100644 --- a/docs/manpages/testprns.1 +++ b/docs/manpages/testprns.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "TESTPRNS" "1" "24 April 2001" "" "" +.TH "TESTPRNS" "1" "06 December 2001" "" "" .SH NAME testprns \- check printer name for validity with smbd .SH SYNOPSIS @@ -74,7 +74,8 @@ the Samba suite. .PP \fIprintcap(5)\fR, \fBsmbd(8)\fR, -\fBsmbclient(1)\fR.SH "AUTHOR" +\fBsmbclient(1)\fR +.SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 76e68fb2f8..63795899c8 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "WBINFO" "1" "10 October 2001" "" "" +.TH "WBINFO" "1" "06 December 2001" "" "" .SH NAME wbinfo \- Query information from winbind daemon .SH SYNOPSIS diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index 36874c82dd..cfd4fa2fb2 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "WINBINDD" "8" "10 October 2001" "" "" +.TH "WINBINDD" "8" "06 December 2001" "" "" .SH NAME winbindd \- Name Service Switch daemon for resolving names from NT servers .SH SYNOPSIS @@ -28,6 +28,13 @@ can be used to resolve user and group information from a Windows NT server. The service can also provide authentication services via an associated PAM module. .PP +The \fIpam_winbind\fR module in the 2.2.2 release only +supports the \fIauth\fR and \fIaccount\fR +module-types. The latter is simply +performs a getpwnam() to verify that the system can obtain a uid for the +user. If the \fIlibnss_winbind\fR library has been correctly +installed, this should always suceed. +.PP The following nsswitch databases are implemented by the winbindd service: .TP diff --git a/docs/samba.lsm b/docs/samba.lsm deleted file mode 100644 index fa10333683..0000000000 --- a/docs/samba.lsm +++ /dev/null @@ -1,26 +0,0 @@ -Begin2 -Title = Samba -Version = 1.8.0 -Desc1 = Samba is a SMB based file and print server for unix. It -Desc2 = provides access to unix file and print services from -Desc3 = SMB compatible clients such as WinNT, WfWg, OS/2 -Desc4 = and Pathworks. It also includes a ftp-style unix client -Desc5 = and a netbios nameserver. -Author = Andrew Tridgell -AuthorEmail = samba-bugs@samba.org -Maintainer = Andrew Tridgell -MaintEmail = samba-bugs@samba.org -Site1 = samba.org -Path1 = pub/samba/ -File1 = samba-latest.tar.gz -FileSize1 = 200K -Required1 = Ansi-C compiler and a TCP/IP network. -CopyPolicy1 = GNU Public License -Keywords = LanManager, SMB, Networking -Comment1 = To join the Samba mailing list send mail to -Comment2 = listproc@listproc.anu.edu.au with a body of -Comment3 = "subscribe samba Your Name" -Entered = October 1994 -EnteredBy = Andrew Tridgell -End - diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt index 083dc0c971..6a61a99d7e 100644 --- a/docs/textdocs/Application_Serving.txt +++ b/docs/textdocs/Application_Serving.txt @@ -1,6 +1,6 @@ Contributed: January 7, 1997 Updated: March 24, 1998 -Contributor: John H Terpstra <samba-bugs@samba.org> +Contributor: John H Terpstra <samba@samba.org> Copyright (C) 1997 - John H Terpstra Status: Current diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt index 1a25f6d428..247998c6c7 100644 --- a/docs/textdocs/BUGS.txt +++ b/docs/textdocs/BUGS.txt @@ -4,7 +4,7 @@ Updated: June 27, 1997 Subject: This file describes how to report Samba bugs. ============================================================================ ->> The email address for bug reports is samba-bugs@samba.org << +>> The email address for bug reports is samba@samba.org << Please take the time to read this file before you submit a bug report. Also, please see if it has changed between releases, as we diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt index 415aa34beb..ca0dcc84b7 100644 --- a/docs/textdocs/NetBIOS.txt +++ b/docs/textdocs/NetBIOS.txt @@ -1,4 +1,4 @@ -Contributor: lkcl - samba-bugs@arvidsjaur.anu.edu.au +Contributor: lkcl - samba@samba.org Copyright 1997 Luke Kenneth Casson Leighton Date: March 1997 Status: Current diff --git a/docs/textdocs/PROFILES.txt b/docs/textdocs/PROFILES.txt index 1e8b573695..1b9cf4213e 100644 --- a/docs/textdocs/PROFILES.txt +++ b/docs/textdocs/PROFILES.txt @@ -1,7 +1,7 @@ Contributors: Bruce Cook <BC3-AU@bigfoot.com> Copyright (C) 1998 Bruce Cook - John Terpstra <samba-bugs@samba.org> + John Terpstra <samba@samba.org> Copyright (C) 1998 John H. Terpstra Wolfgang Ratzka <ratzka@hrz.uni-marburg.de> @@ -118,7 +118,7 @@ machine. [lkcl: nt workstations should look in exactly the same places for things on samba or other SMB servers as they do on an NT server, as long as that SMB server looks like NT. if anyone finds that something fails, alert - us on samba-bugs@samba.org and we'll look into it]. + us on samba@samba.org and we'll look into it]. When an NT system find a user without a NTuser.DAT, it copies from a prototype that it stores especially for this purpose, so while unlike '95 diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt index 87032c1e47..b47120eaba 100644 --- a/docs/textdocs/Printing.txt +++ b/docs/textdocs/Printing.txt @@ -1,4 +1,4 @@ -Contributor: Unknown <samba-bugs@samba.org> +Contributor: Unknown <samba@samba.org> Revised by: Patrick Powell <papowell@lprng.org> Date: August 11, 2000 Status: Current @@ -11,7 +11,7 @@ Samba. This describes how to debug problems with printing from a SMB client to a Samba server, not the other way around. For the reverse see the examples/printing directory. -Please send enhancements to this file to samba-bugs@samba.org +Please send enhancements to this file to samba@samba.org Ok, so you want to print to a Samba server from your PC. The first thing you need to understand is that Samba does not actually do any diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt index d11c394e5c..fd65045abd 100644 --- a/docs/textdocs/Tracing.txt +++ b/docs/textdocs/Tracing.txt @@ -1,4 +1,4 @@ -Contributor: Andrew Tridgell <samba-bugs@samba.org> +Contributor: Andrew Tridgell <samba@samba.org> Date: Old Status: Questionable @@ -90,4 +90,4 @@ read-only. Both fail. This means /dev/null has incorrect permissions. Have fun! -(please send updates/fixes to this file to samba-bugs@samba.org) +(please send updates/fixes to this file to samba@samba.org) diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt index 65dbc4874d..c3d7643cbc 100644 --- a/docs/textdocs/UNIX-SMB.txt +++ b/docs/textdocs/UNIX-SMB.txt @@ -1,4 +1,4 @@ -Contributor: Andrew Tridgell <samba-bugs@samba.org> +Contributor: Andrew Tridgell <samba@samba.org> Date: April 1995 Subject: Discussion of NetBIOS in a Unix World diff --git a/docs/yodldocs/README-NOW b/docs/yodldocs/README-NOW index 2a059e5655..592d38c135 100644 --- a/docs/yodldocs/README-NOW +++ b/docs/yodldocs/README-NOW @@ -1,6 +1,14 @@ -These docs are being converted to SGML/DocBook format. -Please **do not** update documentation in this directory. -Rather, please update the SGML/DocBook source in -docs/docbook/ +!== +!== Notice of change of documentation format +!== -Thanks. jerry +Samba is no longer using yodl as the source markup +language for our documentation. As of release 2.2.0, +we are using DocBook V4.1 exclusively (assuming you are not +counting the ASCII files yet to be converted). + +Please see ../docbook/docbook.txt for more information +on this. + +jerry carter +SAMBA Team |