diff options
Diffstat (limited to 'docs/faq/Samba-meta-FAQ.txt')
-rw-r--r-- | docs/faq/Samba-meta-FAQ.txt | 924 |
1 files changed, 0 insertions, 924 deletions
diff --git a/docs/faq/Samba-meta-FAQ.txt b/docs/faq/Samba-meta-FAQ.txt deleted file mode 100644 index 01fc8d6ccf..0000000000 --- a/docs/faq/Samba-meta-FAQ.txt +++ /dev/null @@ -1,924 +0,0 @@ - Samba meta FAQ - Dan Shearer & Paul Blackman, ictinus@samba.org - v 0.3, 7 Oct '97 - - This is the meta-Frequently Asked Questions (FAQ) document for Samba, - the free and very popular SMB and CIFS server product. It contains - overview information for the Samba suite of programs, a quick-start - guide, and pointers to all other Samba documentation. Other FAQs exist - for specific client and server issues, and HOWTO documents for more - extended topics to do with Samba software. Current to version Samba - 1.9.17. Please send any corrections to the author. - ______________________________________________________________________ - - Table of Contents: - - 1. Quick Reference Guides to Samba Documentation - - 1.1. Samba for the Impatient - - 1.2. All Samba Documentation - - 2. General Information - - 2.1. What is Samba? - - 2.2. What is the current version of Samba? - - 2.3. Where can I get it? - - 2.4. What do the version numbers mean? - - 2.5. Where can I go for further information? - - 2.6. How do I subscribe to the Samba Mailing Lists? - - 2.7. Something's gone wrong - what should I do? - - 2.8. How do I submit patches or bug reports? - - 2.9. What if I have an URGENT message for the developers? - - 2.10. What if I need paid-for support? - - 2.11. Pizza supply details - - 3. About the CIFS and SMB Protocols - - 3.1. What is the Server Message Block (SMB) Protocol? - - 3.2. What is the Common Internet Filesystem (CIFS)? - - 3.3. What is Browsing? - - 4. Designing A SMB and CIFS Network - - 4.1. Workgroups, Domains, Authentication and Browsing - - 4.1.1. Defining the Terms - - 4.1.2. Sharelevel (Workgroup) Security Services - - 4.1.3. Authentication Domain Mode Services - - 4.2. Authentication Schemes - - - 4.2.1. NIS - - 4.2.2. Kerberos - - 4.2.3. FTP - - 4.2.4. Default Server Method - - 4.2.5. Client-side Database Only - - 4.3. Post-Authentication: Netlogon, Logon Scripts, Profiles - - 5. Cross-Protocol File Sharing - - 6. Miscellaneous - - 6.1. Is Samba Year 2000 compliant? - ______________________________________________________________________ - - 11.. QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn - - - We are endeavouring to provide links here to every major class of - information about Samba or things related to Samba. We cannot list - every document, but we are aiming for all documents to be at most two - referrals from those listed here. This needs constant maintaining, so - please send the author your feedback. - - - 11..11.. SSaammbbaa ffoorr tthhee IImmppaattiieenntt - - - You know you should read the documentation but can't wait to start? - What you need to do then is follow the instructions in the following - documents in the order given. This should be enough to get a fairly - simple site going quickly. If you have any problems, refer back to - this meta-FAQ and follow the links to find more reading material. - - - - GGeettttiinngg SSaammbbaa:: - The fastest way to get Samba going is and install it is to have - an operating system for which the Samba team has put together an - installation package. To see if your OS is included have a look - at the directory /pub/samba/Binary_Packages/"OS_Vendor" on your - nearest mirror site <../MIRRORS>. If it is included follow the - installation instructions in the README file there and then do - some ``basic testing''. If you are not so fortunate, follow the - normal ``download instructions'' and then continue with - ``building and installing Samba''. - - - BBuuiillddiinngg aanndd IInnssttaalllliinngg SSaammbbaa:: - At the moment there are two kinds of Samba server installs - besides the prepackaged binaries mentioned in the previous step. - You need to decide if you have a Unix or close relative - <../UNIX_INSTALL.txt> or other supported operating system - <Samba-Server-FAQ.html#PortInfo>. - - - BBaassiicc TTeessttiinngg:: - Try to connect using the supplied smbclient command-line - program. You need to know the IP hostname of your server. A - service name must be defined in smb.conf, as given in the - examples (under many operating systems if there is a homes - service you can just use a valid username.) Then type smbclient - \hostnamevicename Under most Unixes you will need to put the - parameters within quotation marks. If this works, try connecting - from one of the SMB clients you were planning to use with Samba. - - - DDeebbuugg sseeqquueennccee:: - If you think you have completed the previous step and things - aren't working properly work through the diagnosis recipe. - <../DIAGNOSIS.txt> - - - EExxppoorrttiinngg ffiilleess ttoo SSMMBB cclliieennttss:: - You should read the manual pages for smb.conf, but here is a - quick answer guide. <Samba-Server-FAQ.html#Exporting> - - - CCoonnttrroolllliinngg uusseerr aacccceessss:: - the quickest and dirtiest way of sharing resources is to use - ``share level security.'' If you want to spend more time and - have a proper username and password database you must read the - paragraph on ``domain mode security.'' If you want encryption - (eg you are using Windows NT clients) follow the SMB encryption - instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps> - - - BBrroowwssiinngg:: - if you are happy to type in "\samba-serverrename" at the client - end then do not read any further. Otherwise you need to - understand the ``browsing terminology'' and read <Samba-Server- - FAQ.html#NameBrowsing>. - - - PPrriinnttiinngg:: - See the printing quick answer guide. <Samba-Server- - FAQ.html#Printing> - - - If you have got everything working to this point, you can expect Samba - to be stable and secure: these are its greatest strengths. However - Samba has a great deal to offer and to go further you must do some - more reading. Speed and security optimisations, printer accounting, - network logons, roving profiles, browsing across multiple subnets and - so on are all covered either in this document or in those it refers - to. - - - 11..22.. AAllll SSaammbbaa DDooccuummeennttaattiioonn - - - - +o Meta-FAQ. This is the mother of all documents, and is the one you - are reading now. The latest version is always at - <http://samba.org/[.....]> but there is probably a much - nearer mirror site <../MIRRORS> which you should use instead. - - +o <Samba-Server-FAQ.html> is the best starting point for information - about server-side issues. Includes configuration tips and pointers - for Samba on particular operating systems (with 40 to choose - from...) - - +o <Samba-Client-FAQ.html> is the best starting point for information - about client-side issues, includes a list of all clients that are - known to work with Samba. - - +o manual pages <samba-man-index.html> contains descriptions of and - links to all the Samba manual pages, in Unix man and postscript - format. - - +o <samba-txt-index.html> has descriptions of and links to a large - number of text files have been contributed to samba covering many - topics. These are gradually being absorbed into the FAQs and HOWTOs - but in the meantime you might find helpful answers here. - - +o - - - 22.. GGeenneerraall IInnffoorrmmaattiioonn - - - All about Samba - what it is, how to get it, related sources of - information, how to understand the numbering scheme, pizza details. - - - 22..11.. WWhhaatt iiss SSaammbbaa?? - - - Samba is a suite of programs which work together to allow clients to - access to a server's filespace and printers via the SMB (Server - Message Block) and CIFS (Common Internet Filesystem) protocols. - Initially written for Unix, Samba now also runs on Netware, OS/2, VMS, - StratOS and Amigas. Ports to BeOS and other operating systems are - underway. Samba gives the capability for these operating systems to - behave much like a LAN Server, Windows NT Server or Pathworks machine, - only with added functionality and flexibility designed to make life - easier for administrators. - - This means that using Samba you can share a server's disks and - printers to many sorts of network clients, including Lan Manager, - Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is - also a generic client program supplied as part of the Samba suite - which gives a user on the server an ftp-like interface to access - filespace and printers on any other SMB/CIFS servers. - - SMB has been implemented over many protocols, including XNS, NBT, IPX, - NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to - change although there have been some requests for NetBEUI support. - - Many users report that compared to other SMB implementations Samba is - more stable, faster, and compatible with more clients. Administrators - of some large installations say that Samba is the only SMB server - available which will scale to many tens of thousands of users without - crashing. The easy way to test these claims is to download it and try - it for yourself! - - The suite is supplied with full source code under the GNU Public - License <../COPYING>. The GPL means that you can use Samba for - whatever purpose you wish (including changing the source or selling it - for money) but under all circumstances the source code must be made - freely available. A copy of the GPL must always be included in any - copy of the package. - - The primary creator of the Samba suite is Andrew Tridgell. Later - versions incorporate much effort by many net.helpers. The man pages - and this FAQ were originally written by Karl Auer. - - - 22..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa?? - - - At time of writing, the current version was 1.9.17. If you want to be - sure check the bottom of the change-log file. - <ftp://samba.org/pub/samba/alpha/change-log> - For more information see ``What do the version numbers mean?'' - - - 22..33.. WWhheerree ccaann II ggeett iitt?? - - - The Samba suite is available via anonymous ftp from samba.org - and many mirror <../MIRRORS> sites. You will get much faster - performance if you use a mirror site. The latest and greatest versions - of the suite are in the directory: - - /pub/samba/ - - Development (read "alpha") versions, which are NOT necessarily stable - and which do NOT necessarily have accurate documentation, are - available in the directory: - - /pub/samba/alpha - - Note that binaries are NOT included in any of the above. Samba is - distributed ONLY in source form, though binaries may be available from - other sites. Most Linux distributions, for example, do contain Samba - binaries for that platform. The VMS, OS/2, Netware and Amiga and other - ports typically have binaries made available. - - A special case is vendor-provided binary packages. Samba binaries and - default configuration files are put into packages for a specific - operating system. RedHat Linux and Sun Solaris (Sparc and x86) is - already included, and others such as OS/2 may follow. All packages are - in the directory: - - /pub/samba/Binary_Packages/"OS_Vendor" - - - 22..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann?? - - - It is not recommended that you run a version of Samba with the word - "alpha" in its name unless you know what you are doing and are willing - to do some debugging. Many, many people just get the latest - recommended stable release version and are happy. If you are brave, by - all means take the plunge and help with the testing and development - - but don't install it on your departmental server. Samba is typically - very stable and safe, and this is mostly due to the policy of many - public releases. - - How the scheme works: - - - 1. When major changes are made the version number is increased. For - example, the transition from 1.9.16 to 1.9.17. However, this - version number will not appear immediately and people should - continue to use 1.9.15 for production systems (see next point.) - - 2. Just after major changes are made the software is considered - unstable, and a series of alpha releases are distributed, for - example 1.9.16alpha1. These are for testing by those who know what - they are doing. The "alpha" in the filename will hopefully scare - off those who are just looking for the latest version to install. - - 3. When Andrew thinks that the alphas have stabilised to the point - where he would recommend new users install it, he renames it to the - same version number without the alpha, for example 1.9.17. - - 4. Inevitably bugs are found in the "stable" releases and minor patch - levels are released which give us the pXX series, for example - 1.9.17p2. - - So the progression goes: - - - 1.9.16p10 (production) - 1.9.16p11 (production) - 1.9.17alpha1 (test sites only) - : - 1.9.17alpha20 (test sites only) - 1.9.17 (production) - 1.9.17p1 (production) - - - - The above system means that whenever someone looks at the samba ftp - site they will be able to grab the highest numbered release without an - alpha in the name and be sure of getting the current recommended - version. - - - 22..55.. WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn?? - - - There are a number of places to look for more information on Samba, - including: - - - +o Two mailing lists devoted to discussion of Samba-related matters. - See below for subscription information. - - +o The newsgroup comp.protocols.smb, which has a great deal of - discussion about Samba. - - +o The WWW site 'SAMBA Web Pages' at <http://samba.org/samba/> - includes: - - - +o Links to man pages and documentation, including this FAQ - - +o A comprehensive survey of Samba users - - +o A searchable hypertext archive of the Samba mailing list - - +o Links to Samba source code, binaries, and mirrors of both - - +o This FAQ and the rest in its family - - - - 22..66.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss?? - - - Send email to listproc@samba.org. Make sure the subject line is - blank, and include the following two lines in the body of the message: - - - - subscribe samba Firstname Lastname - subscribe samba-announce Firstname Lastname - - - - - Obviously you should substitute YOUR first name for "Firstname" and - YOUR last name for "Lastname"! Try not to send any signature, it - sometimes confuses the list processor. - - The samba list is a digest list - every eight hours or so it sends a - single message containing all the messages that have been received by - the list since the last time and sends a copy of this message to all - subscribers. There are thousands of people on this list. - - If you stop being interested in Samba, please send another email to - listproc@samba.org. Make sure the subject line is blank, and - include the following two lines in the body of the message: - - - - unsubscribe samba - unsubscribe samba-announce - - - - - The FFrroomm:: line in your message _M_U_S_T be the same address you used when - you subscribed. - - - 22..77.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo?? - - - ## ****** IIMMPPOORRTTAANNTT!! ****** ## - - - DO NOT post messages on mailing lists or in newsgroups until you have - carried out the first three steps given here! - - - 1. See if there are any likely looking entries in this FAQ! If you - have just installed Samba, have you run through the checklist in - DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It - can save you a lot of time and effort. DIAGNOSIS.txt can also be - found in the docs directory of the Samba distribution. - - 2. Read the man pages for smbd, nmbd and smb.conf, looking for topics - that relate to what you are trying to do. - - 3. If there is no obvious solution to hand, try to get a look at the - log files for smbd and/or nmbd for the period during which you were - having problems. You may need to reconfigure the servers to provide - more extensive debugging information - usually level 2 or level 3 - provide ample debugging info. Inspect these logs closely, looking - particularly for the string "Error:". - - 4. If you need urgent help and are willing to pay for it see ``Paid - Support''. - - If you still haven't got anywhere, ask the mailing list or newsgroup. - In general nobody minds answering questions provided you have followed - the preceding steps. It might be a good idea to scan the archives of - the mailing list, which are available through the Samba web site - described in the previous section. When you post be sure to include a - good description of your environment and your problem. - - If you successfully solve a problem, please mail the FAQ maintainer a - succinct description of the symptom, the problem and the solution, so - that an explanation can be incorporated into the next version. - - - - - 22..88.. HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss?? - - - If you make changes to the source code, _p_l_e_a_s_e submit these patches so - that everyone else gets the benefit of your work. This is one of the - most important aspects to the maintainence of Samba. Send all patches - to samba@samba.org. Do not send patches to Andrew Tridgell - or any other individual, they may be lost if you do. - - Patch format ------------ - - If you are sending a patch to fix a problem then please don't just use - standard diff format. As an example, samba@samba.org received this patch - from someone: - - 382a #endif 381a #if !defined(NEWS61) - - How are we supposed to work out what this does and where it goes? - These sort of patches only work if we both have identical files in the - first place. The Samba sources are constantly changing at the hands of - multiple developers, so it doesn't work. - - Please use either context diffs or (even better) unified diffs. You - get these using "diff -c4" or "diff -u". If you don't have a diff that - can generate these then please send manualy commented patches to I - know what is being changed and where. Most patches are applied by hand - so the info must be clear. - - This is a basic guideline that will assist us with assessing your - problem more efficiently : - - Machine Arch: Machine OS: OS Version: Kernel: - - Compiler: Libc Version: - - Samba Version: - - Network Layout (description): - - What else is on machine (services, etc): - - Some extras : - - - +o what you did and what happened - - +o relevant parts of a debugging output file with debuglevel higher. - If you can't find the relevant parts, please ask before mailing - huge files. - - +o anything else you think is useful to trace down the bug - - - 22..99.. WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss?? - - - If you have spotted something very serious and believe that it is - important to contact the developers quickly send a message to samba- - urgent@samba.org. This will be processed more quickly than mail - to samba@samba.org. Please think carefully before using this address. An - example of its use might be to report a security hole. - - Examples of things _n_o_t to send to samba-urgent include problems - getting Samba to work at all and bugs that cannot potentially cause - damage. - - 22..1100.. WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt?? - - - Samba has a large network of consultants who provide Samba support on - a commercial basis. The list is included in the package in - <../Support.txt>, and the latest version will always be on the main - samba ftp site. Any company in the world can request that the samba - team include their details in Support.txt so we can give no guarantee - of their services. - - - 22..1111.. PPiizzzzaa ssuuppppllyy ddeettaaiillss - - - Those who have registered in the Samba survey as "Pizza Factory" will - already know this, but the rest may need some help. Andrew doesn't ask - for payment, but he does appreciate it when people give him pizza. - This calls for a little organisation when the pizza donor is twenty - thousand kilometres away, but it has been done. - - - 1. Ring up your local branch of an international pizza chain and see - if they honour their vouchers internationally. Pizza Hut do, which - is how the entire Canberra Linux Users Group got to eat pizza one - night, courtesy of someone in the US. - - 2. Ring up a local pizza shop in Canberra and quote a credit card - number for a certain amount, and tell them that Andrew will be - collecting it (don't forget to tell him.) One kind soul from - Germany did this. - - 3. Purchase a pizza voucher from your local pizza shop that has no - international affiliations and send it to Andrew. It is completely - useless but he can hang it on the wall next to the one he already - has from Germany :-) - - 4. Air freight him a pizza with your favourite regional flavours. It - will probably get stuck in customs or torn apart by hungry sniffer - dogs but it will have been a noble gesture. - - - 33.. AAbboouutt tthhee CCIIFFSS aanndd SSMMBB PPrroottooccoollss - - - - 33..11.. WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll?? - - SMB is a filesharing protocol that has had several maintainers and - contributors over the years including Xerox, 3Com and most recently - Microsoft. Names for this protocol include LAN Manager and Microsoft - Networking. Parts of the specification has been made public at several - versions including in an X/Open document, as listed at - <ftp://ftp.microsoft.com/developr/drg/CIFS/>. No specification - releases were made between 1992 and 1996, and during that period - Microsoft became the SMB implementor with the largest market share. - Microsoft developed the specification further for its products but for - various reasons connected with developer's workload rather than market - strategy did not make the changes public. This culminated with the - "Windows NT 0.12" version released with NT 3.5 in 1995 which had - significant improvements and bugs. Because Microsoft client systems - are so popular, it is fair to say that what Microsoft with Windows - affects all suppliers of SMB server products. - - From 1994 Andrew Tridgell began doing some serious work on his - Smbserver (now Samba) product and with some helpers started to - implement more and more of these protocols. Samba began to take a - significant share of the SMB server market. - - - 33..22.. WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))?? - - The initial pressure for Microsoft to document their current SMB - implementation came from the Samba team, who kept coming across things - on the wire that Microsoft either didn't know about or hadn't - documented anywhere (even in the sourcecode to Windows NT.) Then Sun - Microsystems came out with their WebNFS initiative, designed to - replace FTP for file transfers on the Internet. There are many - drawbacks to WebNFS (including its scope - it aims to replace HTTP as - well!) but the concept was attractive. FTP is not very clever, and why - should it be harder to get files from across the world than across the - room? - - Some hasty revisions were made and an Internet Draft for the Common - Internet Filesystem (CIFS) was released. Note that CIFS is not an - Internet standard and is a very long way from becoming one, BUT the - protocol specification is in the public domain and ongoing discussions - concerning the spec take place on a public mailing list according to - the rules of the Internet Engineering Task Force. For more information - and pointers see <http://samba.org/cifs/> - - The following is taken from <http://www.microsoft.com/intdev/cifs/> - - - CIFS defines a standard remote file system access protocol for use - over the Internet, enabling groups of users to work together and - share documents across the Internet or within their corporate - intranets. CIFS is an open, cross-platform technology based on the - native file-sharing protocols built into Microsoft Windows and - other popular PC operating systems, and supported on dozens of - other platforms, including UNIX. With CIFS, millions of computer - users can open and share remote files on the Internet without having - to install new software or change the way they work." - - - - If you consider CIFS as a backwardsly-compatible refinement of SMB - that will work reasonably efficiently over the Internet you won't be - too far wrong. - - The net effect is that Microsoft is now documenting large parts of - their Windows NT fileserver protocols. The security concepts embodied - in Windows NT are part of the specification, which is why Samba - documentation often talks in terms of Windows NT. However there is no - reason why a site shouldn't conduct all its file and printer sharing - with CIFS and yet have no Microsoft products at all. - - - 33..33.. WWhhaatt iiss BBrroowwssiinngg?? - - The term "Browsing" causes a lot of confusion. It is the part of the - SMB/CIFS protocol which allows for resource discovery. For example, in - the Windows NT Explorer it is possible to see a "Network - Neighbourhood" of computers in the same SMB workgroup. Clicking on the - name of one of these machines brings up a list of file and printer - resources for connecting to. In this way you can cruise the network, - seeing what things are available. How this scales to the Internet is a - subject for debate. Look at the CIFS list archives to see what the - experts think. - - - - - 44.. DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk - - - The big issues for installing any network of LAN or WAN file and print - servers are - - - +o How and where usernames, passwords and other security information - is stored - - +o What method can be used for locating the resources that users have - permission to use - - +o What protocols the clients can converse with - - - If you buy Netware, Windows NT or just about any other LAN fileserver - product you are expected to lock yourself into the product's preferred - answers to these questions. This tendancy is restrictive and often - very expensive for a site where there is only one kind of client or - server, and for sites with a mixture of operating systems it often - makes it impossible to share resources between some sets of users. - - The Samba philosophy is to make things as easy as possible for - administators, which means allowing as many combinations of clients, - servers, operating systems and protocols as possible. - - - 44..11.. WWoorrkkggrroouuppss,, DDoommaaiinnss,, AAuutthheennttiiccaattiioonn aanndd BBrroowwssiinngg - - - From the point of view of networking implementation, Domains and - Workgroups are _e_x_a_c_t_l_y the same, except for the client logon sequence. - Some kind of distributed authentication database is associated with a - domain (there are quite a few choices) and this adds so much - flexibility that many people think of a domain as a completely - different entity to a workgroup. From Samba's point of view a client - connecting to a service presents an authentication token, and it if it - is valid they have access. Samba does not care what mechanism was used - to generate that token in the first place. - - The SMB client logging on to a domain has an expectation that every - other server in the domain should accept the same authentication - information. However the network browsing functionality of domains - and workgroups is identical and is explained in <../BROWSING.txt>. - - There are some implementation differences: Windows 95 can be a member - of both a workgroup and a domain, but Windows NT cannot. Windows 95 - also has the concept of an "alternative workgroup". Samba can only be - a member of a single workgroup or domain, although this is due to - change with a future version when nmbd will be split into two daemons, - one for WINS and the other for browsing ( <../NetBIOS.txt> explains - what WINS is.) - - - 44..11..11.. DDeeffiinniinngg tthhee TTeerrmmss - - - - - WWoorrkkggrroouupp - means a collection of machines that maintain a common browsing - database containing information about their shared resources. - They do not necessarily have any security information in common - (if they do, it gets called a Domain.) The browsing database is - dynamic, modified as servers come and go on the network and as - resources are added or deleted. The term "browsing" refers to a - user accessing the database via whatever interface the client - provides, eg the OS/2 Workplace Shell or Windows 95 Explorer. - SMB servers agree between themselves as to which ones will - maintain the browsing database. Workgroups can be anywhere on a - connected TCP/IP network, including on different subnets or even - on the Interet. This is a very tricky part of SMB to implement. - - - MMaasstteerr BBrroowwsseerrss - are machines which holds the master browsing database for a - workgroup or domain. There are two kinds of Master Browser: - - - +o Domain Master Browser, which holds the master browsing - information for an entire domain, which may well cross multiple - TCP/IP subnets. - - +o Local Master Browser, which holds the master browsing database - for a particular subnet and communicates with the Domain Master - Browser to get information on other subnets. - - Subnets are differentiated because browsing is based on - broadcasts, and broadcasts do not pass through routers. Subnets - are not routed: while it is possible to have more than one - subnet on a single network segment this is regarded as very bad - practice. - - Master Browsers (both Domain and Local) are elected dynamically - according to an algorithm which is supposed to take into account - the machine's ability to sustain the browsing load. Samba can be - configured to always act as a master browser, ie it always wins - elections under all circumstances, even against systems such as - a Windows NT Primary Domain Controller which themselves expect - to win. - - There are also Backup Browsers which are promoted to Master - Browsers in the event of a Master Browser disappearing from the - network. - - Alternative terms include confusing variations such as "Browse - Master", and "Master Browser" which we are trying to eliminate - from the Samba documentation. - - - DDoommaaiinn CCoonnttrroolllleerr - is a term which comes from the Microsoft and IBM etc - implementation of the LAN Manager protocols. It is tied to - authentication. There are other ways of doing domain - authentication, but the Windows NT method has a large market - share. The general issues are discussed in <../DOMAIN.txt> and - a Windows NT-specific discussion is in <../DOMAIN_CONTROL.txt>. - - - - 44..11..22.. SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess - - - With the Samba setting "security = SHARE", all shared resources - information about what password is associated with them but only hints - as to what usernames might be valid (the hint can be 'all users', in - which case any username will work. This is usually a bad idea, but - reflects both the initial implementations of SMB in the mid-80s and - its reincarnation with Windows for Workgroups in 1992. The idea behind - workgroup security was that small independant groups of people could - share information on an ad-hoc basis without there being an - authentication infrastructure present or requiring them to do more - than fill in a dialogue box. - - - 44..11..33.. AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess - - - With the Samba settings "security = USER" or "security = SERVER" - accesses to all resources are checked for username/password pair - matches in a more rigorous manner. To the client, this has the effect - of emulating a Microsoft Domain. The client is not concerned whether - or not Samba looks up a Windows NT SAM or does it in some other way. - - - 44..22.. AAuutthheennttiiccaattiioonn SScchheemmeess - - - In the simple case authentication information is stored on a single - server and the user types a password on connecting for the first time. - However client operating systems often require a password before they - can be used at all, and in addition users usually want access to more - than one server. Asking users to remember many different passwords in - different contexts just does not work. Some kind of distributed - authentication database is needed. It must cope with password changes - and provide for assigning groups of users the same level of access - permissions. This is why Samba installations often choose to implement - a Domain model straight away. - - Authentication decisions are some of the biggest in designing a - network. Are you going to use a scheme native to the client operating - system, native to the server operating system, or newly installed on - both? A list of options relevant to Samba (ie that make sense in the - context of the SMB protocol) follows. Any experiences with other - setups would be appreciated. refer to server FAQ for "passwd chat" - passwd program password server etc etc... - - - 44..22..11.. NNIISS - - - For Windows 95, Windows for Workgroups and most other clients Samba - can be a domain controller and share the password database via NIS - transparently. Windows NT is different. Free NIS NT client - <http://www.dcs.qmw.ac.uk/~williams> - - - 44..22..22.. KKeerrbbeerrooss - - - Kerberos for US users only: Kerberos overview - <http://www.cygnus.com/product/unifying-security.html> Download - Kerberos <http://www.cygnus.com/product/kerbnet-download.html> - - - 44..22..33.. FFTTPP - - - Other NT w/s logon hack via NT - - - 44..22..44.. DDeeffaauulltt SSeerrvveerr MMeetthhoodd - - - - - - 44..22..55.. CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy - - - - 44..33.. PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess - - - See <../DOMAIN.txt> - - - 55.. CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg - - - Samba is an important tool for... - - It is possible to... - - File protocol gateways... - - "Setting up a Linux File Server" - http://vetrec.mit.edu/people/narf/linux.html - - Two free implementations of Appletalk for Unix are Netatalk, - <http://www.umich.edu/~rsug/netatalk/>, and CAP, - <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS - Windows users, these packages offer to Macs. For more info on these - packages, Samba, and Linux (and other UNIX-based systems) see - <http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework - - - - 66.. MMiisscceellllaanneeoouuss - - - 66..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt?? - - - The CIFS protocol that Samba implements negotiates times in various - formats, all of which are able to cope with dates beyond 2000. - - - - - - - - - - - - - - - - - - - - - - - - - - - |