diff options
Diffstat (limited to 'docs/Samba3-HOWTO/TOSHARG-Install.xml')
| -rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-Install.xml | 275 |
1 files changed, 188 insertions, 87 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-Install.xml b/docs/Samba3-HOWTO/TOSHARG-Install.xml index 7ecc33bdce..344dfaaa90 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Install.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Install.xml @@ -17,15 +17,15 @@ <title>Obtaining and Installing Samba</title> <para> - Binary packages of Samba are included in almost any Linux or - UNIX distribution. There are also some packages available at - <ulink url="http://samba.org/">the Samba home page</ulink>. Refer to - the manual of your operating system for details on installing packages - for your specific operating system. + <indexterm><primary>packages</primary></indexterm> + Binary packages of Samba are included in almost any Linux or UNIX distribution. There are also some + packages available at <ulink url="http://samba.org/">the Samba home page</ulink>. Refer to the manual of your + operating system for details on installing packages for your specific operating system. </para> - <para>If you need to compile Samba from source, check - <link linkend="compiling">How to Compile Samba.</link> + <para> + <indexterm><primary>compile</primary></indexterm> + If you need to compile Samba from source, check <link linkend="compiling">How to Compile Samba</link>. </para> </sect1> @@ -34,32 +34,56 @@ <title>Configuring Samba (smb.conf)</title> <para> - Samba's configuration is stored in the &smb.conf; file, which - usually resides in <filename>/etc/samba/smb.conf</filename> - or <filename>/usr/local/samba/lib/smb.conf</filename>. You can either - edit this file yourself or do it using one of the many graphical - tools that are available, such as the Web-based interface SWAT, that - is included with Samba. + <indexterm><primary>/etc/samba/smb.conf</primary></indexterm> + <indexterm><primary>SWAT</primary></indexterm> + Samba's configuration is stored in the &smb.conf; file, which usually resides in + <filename>/etc/samba/smb.conf</filename> or <filename>/usr/local/samba/lib/smb.conf</filename>. You can either + edit this file yourself or do it using one of the many graphical tools that are available, such as the + Web-based interface SWAT, that is included with Samba. </para> <sect2> <title>Configuration File Syntax</title> - <para>The &smb.conf; file uses the same syntax as the various old - .ini files in Windows 3.1: Each file consists of various sections, - which are started by putting the section name between brackets ([]) - on a new line. Each contains zero or more key/value pairs separated by an - equality sign (=). The file is just a plaintext file, so you can - open and edit it with your favorite editing tool.</para> + <para> + <indexterm><primary>section name</primary></indexterm> + The &smb.conf; file uses the same syntax as the various old <filename>.ini</filename> files in Windows + 3.1: Each file consists of various sections, which are started by putting the section name between brackets + (<literal>[]</literal>) on a new line. Each contains zero or more key/value pairs separated by an equality + sign (<literal>=</literal>). The file is just a plaintext file, so you can open and edit it with your favorite + editing tool. + </para> + + <para> + <indexterm><primary>meta-service</primary></indexterm> + <indexterm><primary>print</primary><secondary>queue</secondary></indexterm> + <indexterm><primary>share</primary></indexterm> + <indexterm><primary>spooler.</primary></indexterm> + <indexterm><primary>print</primary><secondary>spooler</secondary></indexterm> + <indexterm><primary>spool</primary><secondary>directory</secondary></indexterm> + Each section in the &smb.conf; file represents either a share or a meta-service on the Samba server. The + section <literal>[global]</literal> is special, since it contains settings that apply to the whole Samba + server. Samba supports a number of meta-services, each of which serves its own purpose. For example, the + <literal>[homes]</literal> share is a meta-service that causes Samba to provide a personal home share for + each user. The <literal>[printers]</literal> share is a meta-service that establishes print queue support + and that specifies the location of the intermediate spool directory into which print jobs are received + from Windows clients prior to being dispatched to the UNIX/Linux print spooler. + </para> - <para>Each section in the &smb.conf; file represents a share - on the Samba server. The section <quote>global</quote> is special, since it - contains settings that apply to the whole Samba server and not - to one share in particular.</para> + <para> + <indexterm><primary>stanza</primary></indexterm> + Each section of the &smb.conf; file that specifies a share, or a meta-service, is called a stanza. + The <literal>global</literal> stanza specifies settings that affect all the other stanzas in the + &smb.conf; file. Configuration parameters are documented in the &smb.conf; man page. Some parameters + can be used only in the <literal>global</literal> stanza, some only in share or meta-service stanzas, + and some can be used globally or just within a share or meta-service stanza. + </para> -<para><link linkend="smbconfminimal">A minimal smb.conf</link> contains a very minimal &smb.conf;. + <para> + <indexterm><primary>minimal</primary><secondary>configuration</secondary></indexterm> + <link linkend="smbconfminimal">A minimal smb.conf</link> contains a very minimal &smb.conf;. <indexterm><primary>minimal configuration</primary></indexterm> -</para> + </para> <example id="smbconfminimal"> <title>A minimal smb.conf</title> @@ -83,6 +107,7 @@ <title>Starting Samba</title> <para> + <indexterm><primary>daemon</primary></indexterm> Samba essentially consists of two or three daemons. A daemon is a UNIX application that runs in the background and provides services. An example of a service is the Apache Web server for which the daemon is called <command>httpd</command>. In the case of Samba there are three daemons, two of which are needed as a minimum. @@ -125,6 +150,7 @@ </variablelist> <para> + <indexterm><primary>startup</primary><secondary>process</secondary></indexterm> When Samba has been packaged by an operating system vendor, the startup process is typically a custom feature of its integration into the platform as a whole. Please refer to your operating system platform administration manuals for specific information pertaining to correct management of Samba startup. @@ -136,15 +162,19 @@ <title>Example Configuration</title> <para> - There are sample configuration files in the examples subdirectory in the - distribution. It is suggested you read them carefully so you can see how the options - go together in practice. See the man page for all the options. - It might be worthwhile to start out with the smb.conf.default - configuration file and adapt it to your needs. It contains plenty of - comments. + <indexterm><primary>examples</primary></indexterm> + <indexterm><primary>source code</primary></indexterm> + <indexterm><primary>distribution</primary></indexterm> + <indexterm><primary>tarball</primary></indexterm> + <indexterm><primary>pacakge</primary></indexterm> + There are sample configuration files in the examples subdirectory in the source code distribution tarball + pacakge. It is suggested you read them carefully so you can see how the options go together in practice. See + the man page for all the options. It might be worthwhile to start out with the + <filename>smb.conf.default</filename> configuration file and adapt it to your needs. It contains plenty of comments. </para> <para> + <indexterm><primary>simplest</primary><secondary>configuration</secondary></indexterm> The simplest useful configuration file would contain something like that shown in <link linkend="simple-example">Another simple smb.conf File</link>. <indexterm><primary>simple configuration</primary></indexterm> @@ -163,6 +193,10 @@ </example> <para> + <indexterm><primary>connections</primary></indexterm> + <indexterm><primary>account</primary></indexterm> + <indexterm><primary>login name</primary></indexterm> + <indexterm><primary>service name</primary></indexterm> This will allow connections by anyone with an account on the server, using either their login name or <smbconfsection name="homes"/> as the service name. (Note: The workgroup that Samba should appear in must also be set. The default @@ -170,12 +204,18 @@ </para> <para> - Make sure you put the &smb.conf; file in the correct place. + <indexterm><primary>smbd</primary></indexterm> + Make sure you put the &smb.conf; file in the correct place. Note, the correct location of this file + depends on how the binary files were built. You can discover the correct location by executing from + the directory that contains the <command>smbd</command> command file: +<screen> +&rootprompt; smbd -b | grep smb.conf +</screen> </para> <para> - For more information about security settings for the - <smbconfsection name="[homes]"/> share, please refer to + <indexterm><primary>security</primary><secondary>settings</secondary></indexterm> + For more information about security settings for the <smbconfsection name="[homes]"/> share, please refer to <link linkend="securing-samba">Securing Samba</link>. </para> @@ -183,24 +223,42 @@ <title>Test Your Config File with <command>testparm</command></title> <para> + <indexterm><primary>validate</primary></indexterm> + <indexterm><primary>testparm</primary></indexterm> + <indexterm><primary>misconfigurations</primary></indexterm> It's important to validate the contents of the &smb.conf; file using the &testparm; program. If testparm runs correctly, it will list the loaded services. If not, it will give an error message. Make sure it runs correctly and that the services look reasonable before proceeding. Enter the command: - </para> - <screen> &rootprompt; testparm /etc/samba/smb.conf </screen> - - <para>testparm will parse your configuration file and report - any unknown parameters or incorrect syntax. </para> - - + Testparm will parse your configuration file and report any unknown parameters or incorrect syntax. + It also performs a check for common misconfigurations and will issue a warning if one is found. + </para> <para> Always run testparm again whenever the &smb.conf; file is changed! </para> + <para> + <indexterm><primary>smbd</primary></indexterm> + <indexterm><primary>nmbd</primary></indexterm> + <indexterm><primary>winbindd</primary></indexterm> + <indexterm><primary>configuration</primary><secondary>documentation</secondary></indexterm> + The &smb.conf; file is constantly checked by the Samba daemons <command>smbd</command> and every instance of + itself that it spawns, <command>nmbd</command> and <command>winbindd</command>. It is good practice to + keep this file as small as possible. Many administrators prefer to document Samba configuration settings + and thus the need to keep this file small goes against good documentation wisdom. One solution that may + be adopted is to do all documentation and configuration in a file that has another name, such as + <filename>smb.conf.master</filename>. The <command>testparm</command> utility can be used to generate a + fully optimized &smb.conf; file from this master configuration and documtenation file as shown here: +<screen> +&rootprompt; testparm -s smb.conf.master > smb.conf +</screen> + This administrative method makes it possible to maitain detailed configuration change records while at + the same time keeping the working &smb.conf; file size to the minimum necessary. + </para> + </sect3> </sect2> @@ -209,10 +267,10 @@ <para> <indexterm><primary>swat</primary></indexterm> - SWAT is a Web-based interface that can be used to facilitate the configuration of Samba. - SWAT might not be available in the Samba package that shipped with your platform, - but in a separate package. Please read the SWAT man page - on compiling, installing, and configuring SWAT from source. + SWAT is a Web-based interface that can be used to facilitate the configuration of Samba. SWAT might not + be available in the Samba package that shipped with your platform, but in a separate package. If it is + necesaary to built SWAT please read the SWAT man page regarding compilation, installation, and + configuration of SWAT from the source code. </para> <para> @@ -227,7 +285,9 @@ machine leaves your connection open to password sniffing because passwords will be sent over the wire in the clear. </para> - <para>More information about SWAT can be found in <link linkend="SWAT"></link>.</para> + <para> + More information about SWAT can be found in <link linkend="SWAT">The Samba Web Administration Tool</link>. + </para> </sect2> @@ -245,14 +305,18 @@ &prompt;<userinput>smbclient -L <replaceable>yourhostname</replaceable></userinput> </screen></para> - <para>You should see a list of shares available on your server. If you do not, then + <para> + You should see a list of shares available on your server. If you do not, then something is incorrectly configured. This method can also be used to see what shares - are available on other SMB servers, such as Windows 2000.</para> + are available on other SMB servers, such as Windows 2000. + </para> - <para>If you choose user-level security, you may find that Samba requests a password + <para> + If you choose user-level security, you may find that Samba requests a password before it will list the shares. See the <command>smbclient</command> man page for details. You can force it to list the shares without a password by adding the option - <option>-N</option> to the command line. </para> + <option>-N</option> to the command line. + </para> </sect1> <sect1> @@ -279,31 +343,36 @@ <sect1> <title>Connect from a Remote SMB Client</title> - <para>Now that Samba is working correctly locally, you can try to - access it from other clients. Within a few minutes, the Samba host - should be listed in the Network Neighborhood on all Windows - clients of its subnet. Try browsing the server from another client - or "mounting" it.</para> - - <para>Mounting disks from a DOS, Windows, or OS/2 client can be done by running a command such as:</para> - - <para><screen> -&dosprompt;<userinput>net use d: \\servername\service</userinput> -</screen></para> + <para> + Now that Samba is working correctly locally, you can try to access it from other clients. Within a few + minutes, the Samba host should be listed in the Network Neighborhood on all Windows clients of its subnet. + Try browsing the server from another client or "mounting" it. + </para> - <para>Try printing, for example,</para> + <para> + Mounting disks from a DOS, Windows, or OS/2 client can be done by running a command such as: +<screen> +&dosprompt;<userinput>net use m: \\servername\service</userinput> +</screen> + Where the drive letter m: is any available drive letter. It is important to double-check that the + service (share) name that you used does actually exist. + </para> <para> + Try printing, for example, <screen> &dosprompt;<userinput>net use lpt1: \\servername\spoolservice</userinput> -</screen></para> +</screen> + The <literal>spoolservice</literal> is the name of the printer (actually the print queue) on the target + server. This will permit all print jobs that are captured by the lpt1: port on the Windows client to + be sent to the printer that owns the spoolservice that has been specified. + </para> <para> <screen>&dosprompt;<userinput>print filename</userinput> </screen></para> -</sect1> -<sect1> + <sect2> <title>What If Things Don't Work?</title> <para> @@ -314,6 +383,34 @@ problem and has found a way to overcome it. </para> + <para> + If you are new to Samba, and particularly if you are new to Windows networking, or to UNIX/Linux, + the book <quote>Samba-3 by Example</quote> will help you to create a validated network environment. + Simply choose from the first five chapters the network design that most closely matches site needs, + then follow the simple step-by-step procedure to deploy it. Later, when you have a working network + you may well want to refer back to this book for further insight into opportunities for improvement. + </para> + + </sect2> + + <sect2> + <title>Still Stuck?</title> + + <para> + The best advice under the stress of abject frustration is to cool down! That may be challenging + of itself, but while you are angry or annoyed your ability to seek out a solution is somewhat + undermined. A cool head clears the way to finding the answer you are looking for. Just remember, + every problem has a solution &smbmdash; there is a good chance that someone else has found it + even though you can't right now. That will change with time, patience and learning. + </para> + + <para> + Now that you have cooled down a bit, please refer to <link linkend="diagnosis">the Samba Checklist</link> + for a process that can be followed to identify the cause of your problem. + </para> + + </sect2> + </sect1> <sect1> @@ -326,38 +423,42 @@ The following questions and issues are raised repeatedly on the Samba mailing li <sect2> <title>Large Number of smbd Processes</title> -<para> -Samba consists of three core programs: &nmbd;, &smbd;, and &winbindd;. &nmbd; is the name server message daemon, -&smbd; is the server message daemon, and &winbindd; is the daemon that handles communication with domain controllers. -</para> + <para> + Samba consists of three core programs: &nmbd;, &smbd;, and &winbindd;. &nmbd; is the name server message daemon, + &smbd; is the server message daemon, and &winbindd; is the daemon that handles communication with domain controllers. + </para> -<para> -If Samba is <emphasis>not</emphasis> running as a WINS server, then there will be one single instance of - &nmbd; running on your system. If it is running as a WINS server, then there will be -two instances &smbmdash; one to handle the WINS requests. -</para> + <para> + If Samba is <emphasis>not</emphasis> running as a WINS server, then there will be one single instance of + &nmbd; running on your system. If it is running as a WINS server, then there will be + two instances &smbmdash; one to handle the WINS requests. + </para> -<para> -&smbd; handles all connection requests. It spawns a new process for each client -connection made. That is why you may see so many of them, one per client connection. -</para> + <para> + &smbd; handles all connection requests. It spawns a new process for each client + connection made. That is why you may see so many of them, one per client connection. + </para> -<para> -&winbindd; will run as one or two daemons, depending on whether or not it is being -run in <emphasis>split mode</emphasis> (in which case there will be two instances). -</para> + <para> + &winbindd; will run as one or two daemons, depending on whether or not it is being + run in <emphasis>split mode</emphasis> (in which case there will be two instances). + </para> -</sect2> + </sect2> <sect2> <title>Error Message: open_oplock_ipc</title> - <para>An error message is observed in the log files when &smbd; is started: <quote>open_oplock_ipc: Failed to get local UDP socket - for address 100007f. Error was Cannot assign requested.</quote></para> + <para> + An error message is observed in the log files when &smbd; is started: <quote>open_oplock_ipc: Failed to + get local UDP socket for address 100007f. Error was Cannot assign requested.</quote> + </para> - <para>Your loopback device isn't working correctly. Make sure it is configured correctly. The loopback + <para> + Your loopback device isn't working correctly. Make sure it is configured correctly. The loopback device is an internal (virtual) network device with the IP address <emphasis>127.0.0.1</emphasis>. - Read your OS documentation for details on how to configure the loopback on your system.</para> + Read your OS documentation for details on how to configure the loopback on your system. + </para> </sect2> |