diff options
Diffstat (limited to 'docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml')
| -rw-r--r-- | docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml | 154 |
1 files changed, 117 insertions, 37 deletions
diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml b/docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml index 64694b4706..0f7fb307a4 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml @@ -4,6 +4,7 @@ <chapter id="NetCommand"> <chapterinfo> &author.jht; + &author.gd; <pubdate>May 9, 2005</pubdate> </chapterinfo> @@ -78,14 +79,14 @@ the infliction of self induced pain, agony and desperation. Be warned, this is a <title>Administrative Tasks And Methods</title> <para> - Stuff goes here - this is a work in progress. + Stuff goes here - this is a work in progress.!!!!! </para> <sect2> <title>UNIX and Windows Group Management</title> <para> - More stuff. + More stuff.!!!!!!!!!! </para> <sect3> @@ -257,6 +258,7 @@ SupportEngrs (S-1-5-21-72630-4128915-11681869-3007) -> SupportEngrs <title>Manipulating Group Memberships</title> <para> + Fix me by adding stuff here!!!!!! </para> </sect3> @@ -286,7 +288,23 @@ SupportEngrs (S-1-5-21-72630-4128915-11681869-3007) -> SupportEngrs </screen> </para> - + <para> + The members of a nested group can be listed by executing the following: +<screen> +&rootprompt; net rpc group members demo -Uroot%not24get +DOM\Domain Users +DOM\Engineers +DOM\jamesf +DOM\jht +</screen> + </para> + + <para> + Nest group members can be removed (deleted) as shown here: +<screen> +&rootprompt; net rpc group delmem demo "DOM\jht" -Uroot%not24get +</screen> + </para> </sect3> @@ -296,6 +314,7 @@ SupportEngrs (S-1-5-21-72630-4128915-11681869-3007) -> SupportEngrs <title>UNIX and Windows User Management</title> <para> + Put somethings useful here man!!!!!! </para> </sect2> @@ -382,6 +401,7 @@ SeDiskOperatorPrivilege <title>Managing Trust Relationships</title> <para> + Document how to set up trusts here!!!!!!!!!!! </para> <sect3> @@ -400,6 +420,7 @@ Join to 'MIDEARTH' is OK <title>Inter-Domain Trusts</title> <para> + Document how to set up trusts here!!!!!!!!!!! </para> </sect3> @@ -410,6 +431,7 @@ Join to 'MIDEARTH' is OK <title>Managing Security Identifiers (SIDS)</title> <para> + Document how to set up trusts here!!!!!!!!!!! </para> </sect2> @@ -418,12 +440,64 @@ Join to 'MIDEARTH' is OK <title>Share Management</title> <para> + Document how to set up trusts here!!!!!!!!!!! </para> <sect3> <title>Creating, Editing, and Removing Shares</title> <para> + A share can be added using the <command>net rpc share</command> command capabilities. + The target machine may be local or remote and is specified by the -S option. It must be noted + that the addition and deletion of shares using this tool depends on the availability of a suitable + interface script. The interface scripts Samba's <command>smbd</command> uses are called: + <smbconfoption name="add share script"/> and <smbconfoption name="delete share script"/>. + A set of example scripts are provided in the Samba source code tarball in the directory + <filename>~samba/examples/scripts</filename>. + </para> + + <para> + The following steps demonstrate the use of the share management capabilities of the <command>net</command> + utility. In the first step a share called <constant>Bulge</constant> is added. The share-point within the + file system is the directory <filename>/data</filename>. The command that can be executed to perform the + addition of this share is shown here: +<screen> +&rootprompt; net rpc share add Bulge=/data -S merlin -Uroot%not24get +</screen> + Validation is an important process, and by executing the command <command>net rpc share</command> + with no other operators a listing of available shares is shown here: +<screen> +&rootprompt; net rpc share -S merlin -Uroot%not24get +profdata +archive +Bulge <--- This one was added +print$ +netlogon +profiles +IPC$ +kyocera +ADMIN$ +</screen> + </para> + + <para> + Often times it is desirable also to permit a share to be removed using a command-line tool. + The following step permits the share that was previously added to be removed: +<screen> +&rootprompt; net rpc share delete Bulge -S merlin -Uroot%not24get +</screen> + A simple validation shown here demonstrates that the share has been removed: +<screen> +&rootprompt; net rpc share -S merlin -Uroot%not24get +profdata +archive +print$ +netlogon +profiles +IPC$ +ADMIN$ +kyocera +</screen> </para> </sect3> @@ -437,47 +511,49 @@ Join to 'MIDEARTH' is OK </sect3> <sect3> - <title>Migration of Files Across Servers</title> + <title>Migration of Shares and Files</title> <para> -<screen> -MIGRATING WINDOWS FILE- AND PRINT-SERVERS -========================================= - -In a similar way as account-information like users, groups, group-memberships -and passwords can be migrated using the "net rpc vampire"-facility, "net" also -provides a framework to move files, directories, printers and all -printer-relevant data from a Windows Server to a Samba Server. - -A couple of command-line switches allow "net" to create almost 1:1 clones of -your Windows-Systems. To give an example: When migrating a file-server, -file-ACLs and DOS-Attributes that are existing on your Windows-System can be -included in the migration process and will reappear - in a most identical way - -on your Samba-System once the migration is finished. - -The way the "net rpc printer" and "net rpc share" commands are implemented may -require your local Samba Server to be started before migration. Both commands -use SMB- and MSRPC-Calls to do the migration-work. This allows rather flexible -migration-scenarios: a host named "client" (where the "net"-command is run) can -act as a intermediate host while migrating data from "server1" to "server2". -The default is to migrate to the local machine though, to the machine where -"net" is called. - -Be warned of taking any migration easy. To succeed and to have a real clone of -the system you want to replace with Samba you need a good understanding of how -the migration-process works and of any possible caveats. + Shares and files can be migrated in the same manner as user, machine and group accounts. + It is possible to preserve access control settings (ACLs) as well as security settings + throughout the migration process. The <command>net rpc vampire</command> facility is used + to migrate accounts from a Windows NT4 (or later) domain to a Samba server. This process + preserves passwords and account security settings and is a precursor to the migration + of shares and files. + </para> -In the following, the terms "original", "source" or "originating" always mean a -remote system that you want to migrate to a "destinating", "destination" or -"target" system. The default target is "localhost". + <para> + The <command>net rpc share</command> command may be used to migratio share, directories + files, printers, and all relevant data from a Windows server to a Samba server. + </para> + <para> + A set of command-line switches permit the creation of almost direct clones of Windows file + servers. For example, when migrating a file-server, file ACLs and DOS file attributes from + the Windows server can be included in the migration process and will reappear, almost identicaly + on the Samba server when the migration has been completed. + </para> -Migrating a File-Server -======================= + <para> + The migration process can be completed only with the Samba server already being fully operational. + This means that the user and group accounts must be migrated before attempting to migrate data + share, files, and printers. The migration of files and printer configurations involves the use + of both SMB and MS DCE RPC services. The benefit of the manner in which the migration process has + been implemented, the possibility now exists to use a Samba server as a man-in-middle migration + service that affects a transfer of data from one server to another. For example, if the Samba + server is called <constant>MESSER</constant>, the source Windows NT4 server is called + <constant>PEPPY</constant>, and the target Samba server is called <constant>GONZALES</constant> + MESSER can be used to affect the migration of all data (files and shares) from PEPPY to + GONZALES. If the target machine is not specified, the local server is assumed by default. + </para> -Migrating plain file-shares ------------------------------------------------------------ + <para> + The success of server migration requires a firm understanding of the structure of ther source + server (or domain) as well as the processes on which the migration is critically dependant. + </para> + <para> +<screen> "net" allows to migrate plain share-definitions. These consists of a share-name, a directory-path in the file-system, an optional description and security-settings that allow share-access. If your migration-destination is a @@ -646,6 +722,7 @@ Known Limitations <title>Controlling Open Files</title> <para> + Document how to set up trusts here!!!!!!!!!!! </para> </sect2> @@ -654,6 +731,7 @@ Known Limitations <title>Session and Connection Management</title> <para> + Document how to set up trusts here!!!!!!!!!!! </para> </sect2> @@ -662,6 +740,7 @@ Known Limitations <title>Printers and ADS</title> <para> + Document how to set up trusts here!!!!!!!!!!! </para> </sect2> @@ -670,6 +749,7 @@ Known Limitations <title>Manipulating the Samba Cache</title> <para> + Document how to set up trusts here!!!!!!!!!!! </para> </sect2> |