diff options
Diffstat (limited to 'docs/docbook/projdoc')
-rw-r--r-- | docs/docbook/projdoc/NetworkBrowsing.xml | 14 | ||||
-rw-r--r-- | docs/docbook/projdoc/Samba-PDC-HOWTO.xml | 8 | ||||
-rw-r--r-- | docs/docbook/projdoc/UNIX_INSTALL.xml | 12 | ||||
-rw-r--r-- | docs/docbook/projdoc/printer_driver2.xml | 1 | ||||
-rw-r--r-- | docs/docbook/projdoc/securing-samba.xml | 61 |
5 files changed, 94 insertions, 2 deletions
diff --git a/docs/docbook/projdoc/NetworkBrowsing.xml b/docs/docbook/projdoc/NetworkBrowsing.xml index 70e4210443..971963579b 100644 --- a/docs/docbook/projdoc/NetworkBrowsing.xml +++ b/docs/docbook/projdoc/NetworkBrowsing.xml @@ -1506,5 +1506,19 @@ This may take a long time on some networks (months). </para> </sect2> + +<sect1> +<title>My client reports "This server is not configured to list shared resources"</title> + +<para> +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. +</para> + +<para>See also <parameter>guest account</parameter> in the &smb.conf; man page.</para> + +</sect2> + </sect1> </chapter> diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.xml b/docs/docbook/projdoc/Samba-PDC-HOWTO.xml index 05d0131f94..af05b32e4a 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.xml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.xml @@ -903,5 +903,13 @@ Enable the user accounts with <userinput>smbpasswd -e <replaceable>username</rep </para> </sect2> + +<sect2> + <title>Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</title> + <para> + A domain controller has to announce on the network who it is. This usually takes a while. + </para> +</sect2> + </sect1> </chapter> diff --git a/docs/docbook/projdoc/UNIX_INSTALL.xml b/docs/docbook/projdoc/UNIX_INSTALL.xml index a169bea558..f305686915 100644 --- a/docs/docbook/projdoc/UNIX_INSTALL.xml +++ b/docs/docbook/projdoc/UNIX_INSTALL.xml @@ -212,15 +212,19 @@ The following questions and issues get raised on the samba mailing list over and <title>Why are so many smbd processes eating memory?</title> <para> +<quote> Site that is running Samba on an AIX box. They are sharing out about 2 terabytes using samba. Samba was installed using smitty and the binaries. We seem to be experiencing a memory problem with this box. When I do a <command>svmon -Pu</command> the monitoring program shows that &smbd; has several processes of smbd running: +</quote> </para> <para> + <quote> Is samba suppose to start this many different smbd processes? Or does it run as one smbd process? Also is it normal for it to be taking up this much memory? +</quote> </para> <para> @@ -256,7 +260,7 @@ Inuse * 4096 = amount of memory being used by this process <para> -<emphasis>ANSWER:</emphasis> Samba consists on three core programs: +Samba consists on three core programs: &nmbd;, &smbd;, &winbindd;. &nmbd; is the name server message daemon, &smbd; is the server message daemon, &winbindd; is the daemon that handles communication with Domain Controllers. @@ -279,6 +283,12 @@ run in "split mode" (in which case there will be two instances). </para> </sect2> + + <sect2> + <title>I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</title> + <para>Your loopback device isn't working correctly. Make sure it's running. </para> + </sect2> + </sect1> </chapter> diff --git a/docs/docbook/projdoc/printer_driver2.xml b/docs/docbook/projdoc/printer_driver2.xml index 1a5f514a33..f730b238bd 100644 --- a/docs/docbook/projdoc/printer_driver2.xml +++ b/docs/docbook/projdoc/printer_driver2.xml @@ -335,7 +335,6 @@ as shown above: </para> <para><screen> - transmeta: # testparm -v | egrep "(lp|print|spool|driver|ports|\[)" Load smb config files from /etc/samba/smb.conf.simpleprinting diff --git a/docs/docbook/projdoc/securing-samba.xml b/docs/docbook/projdoc/securing-samba.xml index 1004260394..b137a05ec9 100644 --- a/docs/docbook/projdoc/securing-samba.xml +++ b/docs/docbook/projdoc/securing-samba.xml @@ -304,5 +304,66 @@ out to be a security problem request are totally convinced that the problem is w </sect2> + <sect2> + <title>Why can users access home directories of other users?</title> + + <para> + <quote> + We are unable to keep individual users from mapping to any other user's + home directory once they have supplied a valid password! They only need + to enter their own password. I have not found *any* method that I can + use to configure samba to enforce that only a user may map their own + home directory. + </quote> + </para> + + <para><quote> + User xyzzy can map his home directory. Once mapped user xyzzy can also map + *anyone* elses home directory! + </quote></para> + + <para> + This is not a security flaw, it is by design. Samba allows + users to have *exactly* the same access to the UNIX filesystem + as they would if they were logged onto the UNIX box, except + that it only allows such views onto the file system as are + allowed by the defined shares. + </para> + + <para> + This means that if your UNIX home directories are set up + such that one user can happily cd into another users + directory and do an ls, the UNIX security solution is to + change the UNIX file permissions on the users home directories + such that the cd and ls would be denied. + </para> + + <para> + Samba tries very hard not to second guess the UNIX administrators + security policies, and trusts the UNIX admin to set + the policies and permissions he or she desires. + </para> + + <para> + Samba does allow the setup you require when you have set the + <parameter>only user = yes</parameter> option on the share, is that you have not set the + valid users list for the share. + </para> + + <para> + Note that only user works in conjunction with the users= list, + so to get the behavior you require, add the line : + <programlisting> + users = %S + </programlisting> + this is equivalent to: + <programlisting> + valid users = %S + </programlisting> + to the definition of the <parameter>[homes]</parameter> share, as recommended in + the &smb.conf; man page. + </para> + </sect2> + </sect1> </chapter> |