summaryrefslogtreecommitdiff
path: root/docs/docbook/projdoc/StandAloneServer.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/projdoc/StandAloneServer.xml')
-rw-r--r--docs/docbook/projdoc/StandAloneServer.xml117
1 files changed, 64 insertions, 53 deletions
diff --git a/docs/docbook/projdoc/StandAloneServer.xml b/docs/docbook/projdoc/StandAloneServer.xml
index ec4f9f2693..b52ad29fe1 100644
--- a/docs/docbook/projdoc/StandAloneServer.xml
+++ b/docs/docbook/projdoc/StandAloneServer.xml
@@ -2,12 +2,12 @@
<chapterinfo>
&author.jht;
</chapterinfo>
-<title>Stand-Alone Servers</title>
+<title>Stand-alone Servers</title>
<para>
-Stand-Alone servers are independent of Domain Controllers on the network.
-They are NOT domain members and function more like workgroup servers. In many
-cases a stand-alone server is configured with a minimum of security control
+Stand-alone Servers are independent of Domain Controllers on the network.
+They are not Domain Members and function more like workgroup servers. In many
+cases a Stand-alone Server is configured with a minimum of security control
with the intent that all data served will be readily accessible to all users.
</para>
@@ -15,25 +15,25 @@ with the intent that all data served will be readily accessible to all users.
<title>Features and Benefits</title>
<para>
-Stand-Alone servers can be as secure or as insecure as needs dictate. They can
+Stand-alone Servers can be as secure or as insecure as needs dictate. They can
have simple or complex configurations. Above all, despite the hoopla about
-Domain security they remain a very common installation.
+Domain Security they remain a common installation.
</para>
<para>
If all that is needed is a server for read-only files, or for
-printers alone, it may not make sense to affect a complex installation.
+printers alone, it may not make sense to effect a complex installation.
For example: A drafting office needs to store old drawings and reference
-standards. No-one can write files to the server as it is legislatively
-important that all documents remain unaltered. A share mode read-only stand-alone
-server is an ideal solution.
+standards. Noone can write files to the server as it is legislatively
+important that all documents remain unaltered. A share mode read-only Stand-alone
+Server is an ideal solution.
</para>
<para>
Another situation that warrants simplicity is an office that has many printers
that are queued off a single central server. Everyone needs to be able to print
-to the printers, there is no need to affect any access controls and no files will
-be served from the print server. Again a share mode stand-alone server makes
+to the printers, there is no need to effect any access controls and no files will
+be served from the print server. Again, a share mode Stand-alone Server makes
a great solution.
</para>
</sect1>
@@ -42,39 +42,38 @@ a great solution.
<title>Background</title>
<para>
-The term <emphasis>stand-alone server</emphasis> means that the server
+The term <emphasis>Stand-alone Server</emphasis> means that it
will provide local authentication and access control for all resources
that are available from it. In general this means that there will be a
-local user database. In more technical terms, it means that resources
+local user database. In more technical terms, it means resources
on the machine will be made available in either SHARE mode or in
USER mode.
</para>
<para>
No special action is needed other than to create user accounts. Stand-alone
-servers do NOT provide network logon services. This means that machines that
-use this server do NOT perform a domain logon to it. Whatever logon facility
-the workstations are subject to is independent of this machine. It is however
-necessary to accommodate any network user so that the logon name they use will
-be translated (mapped) locally on the stand-alone server to a locally known
+servers do not provide network logon services. This means that machines that
+use this server do not perform a domain logon to it. Whatever logon facility
+the workstations are subject to is independent of this machine. It is, however,
+necessary to accommodate any network user so the logon name they use will
+be translated (mapped) locally on the Stand-alone Server to a locally known
user name. There are several ways this can be done.
</para>
<para>
Samba tends to blur the distinction a little in respect of what is
-a stand-alone server. This is because the authentication database may be
-local or on a remote server, even if from the Samba protocol perspective
-the Samba server is NOT a member of a domain security context.
+a Stand-alone Server. This is because the authentication database may be
+local or on a remote server, even if from the SMB protocol perspective
+the Samba server is not a member of a domain security context.
</para>
<para>
-Through the use of PAM (Pluggable Authentication Modules) and nsswitch
-(the name service switcher, which maintains the unix user database) the source of authentication may reside on
+Through the use of Pluggable Authentication Modules (PAM) and the name service switcher (NSSWITCH),
+which maintains the UNIX-user database) the source of authentication may reside on
another server. We would be inclined to call this the authentication server.
This means that the Samba server may use the local UNIX/Linux system password database
(<filename>/etc/passwd</filename> or <filename>/etc/shadow</filename>), may use a
-local smbpasswd file, or may use
-an LDAP back end, or even via PAM and Winbind another CIFS/SMB server
+local smbpasswd file, or may use an LDAP backend, or even via PAM and Winbind another CIFS/SMB server
for authentication.
</para>
@@ -84,23 +83,23 @@ for authentication.
<title>Example Configuration</title>
<para>
-The following examples are designed to inspire simplicity. It is too easy to
-attempt a high level of creativity and to introduce too much complexity in
-server and network design.
+The examples, <link linkend="simplynice"/>, and link linkend="SimplePrintServer"/>,
+are designed to inspire simplicity. It is too easy to attempt a high level of creativity
+and to introduce too much complexity in server and network design.
</para>
<sect2 id="RefDocServer">
<title>Reference Documentation Server</title>
<para>
-Configuration of a read-only data server that EVERYONE can access is very simple.
-Here is the smb.conf file that will do this. Assume that all the reference documents
-are stored in the directory /export, that the documents are owned by a user other than
-nobody. No home directories are shared, that are no users in the <filename>/etc/passwd</filename>
-UNIX system database. This is a very simple system to administer.
+Configuration of a read-only data server that everyone can access is very simple.
+<link linkend="simplynice"/> is the &smb.conf; file that will do this. Assume that all the reference documents
+are stored in the directory <filename>/export</filename>, and the documents are owned by a user other than
+nobody. No home directories are shared, and there are no users in the <filename>/etc/passwd</filename>
+UNIX system database. This is a simple system to administer.
</para>
-<smbconfexample>
+<smbconfexample id="simplynice">
<title>smb.conf for Reference Documentation Server</title>
<smbconfcomment> Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
@@ -116,11 +115,10 @@ UNIX system database. This is a very simple system to administer.
</smbconfexample>
<para>
-In the above example the machine name is set to REFDOCS, the workgroup is set to the name
-of the local workgroup so that the machine will appear in with systems users are familiar
-with. The only password backend required is the "guest" backend so as to allow default
-unprivileged account names to be used. Given that there is a WINS server on this network
-we do use it.
+In <link linkend="simplynice"/> above, the machine name is set to &example.server.samba;, the workgroup is set to the name
+of the local workgroup (&example.workgroup;) so the machine will appear together with systems with
+which users are familiar. The only password backend required is the <quote>guest</quote> backend to allow default
+unprivileged account names to be used. As there is a WINS server on this networki, we of obviously make use of it.
</para>
</sect2>
@@ -129,30 +127,29 @@ we do use it.
<title>Central Print Serving</title>
<para>
-Configuration of a simple print server is very simple if you have all the right tools
+Configuration of a simple print server is easy if you have all the right tools
on your system.
</para>
<orderedlist>
<title> Assumptions:</title>
<listitem><para>
- The print server must require no administration
+ The print server must require no administration.
</para></listitem>
<listitem><para>
The print spooling and processing system on our print server will be CUPS.
- (Please refer to <link linkend="CUPS-printing">the chapter about CUPS</link> for more information).
+ (Please refer to <link linkend="CUPS-printing"></link> for more information).
</para></listitem>
<listitem><para>
- All printers that the print server will service will be network
- printers. They will be correctly configured, by the administrator,
- in the CUPS environment.
+ The print server will service only network printers. The network administrator
+ will correctly configure the CUPS environment to support the printers.
</para></listitem>
<listitem><para>
- All workstations will be installed using postscript drivers. The printer
- of choice is the Apple Color LaserWriter.
+ All workstations will use only postscript drivers. The printer driver
+ of choice is the one shipped with the Windows OS for the Apple Color LaserWriter.
</para></listitem>
</orderedlist>
@@ -168,12 +165,12 @@ the anonymous (guest) user, two things will be required:
<listitem><para>
The UNIX/Linux system must have a <command>guest</command> account.
The default for this is usually the account <command>nobody</command>.
- To find the correct name to use for your version of Samba do the
+ To find the correct name to use for your version of Samba, do the
following:
<screen>
&prompt;<userinput>testparm -s -v | grep "guest account"</userinput>
</screen>
- Then make sure that this account exists in your system password
+ Make sure that this account exists in your system password
database (<filename>/etc/passwd</filename>).
</para></listitem>
@@ -190,15 +187,18 @@ the anonymous (guest) user, two things will be required:
</itemizedlist>
<para>
- <smbconfexample>
- <title>smb.conf for anonymous printing</title>
+The contents of the &smb.conf; file is shown in <link linkend="AnonPtrSvr"/>.
+</para>
+
+<para>
+<smbconfexample id="AnonPtrSvr">
+<title>&smb.conf; for Anonymous Printing</title>
<smbconfcomment> Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>&example.server.samba;</value></smbconfoption>
<smbconfoption><name>security</name><value>SHARE</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>guest</value></smbconfoption>
-<smbconfoption><name>wins server</name><value>&example.server.wins;</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
@@ -213,6 +213,17 @@ the anonymous (guest) user, two things will be required:
</smbconfexample>
</para>
+
+<note><para>
+<indexterm><primary>MIME</primary><secondary>raw</secondary></indexterm>
+<indexterm><primary>raw printing</primary></indexterm>
+On CUPS-enabled systems there is a facility to pass raw data directly to the printer without
+intermediate processing via CUPS print filters. Where use of this mode of operation is desired,
+it is necessary to configure a raw printing device. It is also necessary to enable the raw mime
+handler in the <filename>/etc/mime.conv</filename> and <filename>/etc/mime.types</filename>
+files. Refer to <link linkend="cups-raw"></link>.
+</para></note>
+
</sect2>
</sect1>