summaryrefslogtreecommitdiff
path: root/docs/htmldocs/Samba-HOWTO-Collection.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/Samba-HOWTO-Collection.html')
-rw-r--r--docs/htmldocs/Samba-HOWTO-Collection.html4165
1 files changed, 2168 insertions, 1997 deletions
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html
index c902d63bec..73bc3eb60a 100644
--- a/docs/htmldocs/Samba-HOWTO-Collection.html
+++ b/docs/htmldocs/Samba-HOWTO-Collection.html
@@ -219,8 +219,8 @@ HREF="#AEN546"
></DT
><DT
>3.8. <A
-HREF="#AEN594"
->Passdb XML plugin</A
+HREF="#AEN588"
+>XML</A
></DT
></DL
></DD
@@ -242,17 +242,17 @@ HREF="#SERVERTYPE"
><DL
><DT
>4.1. <A
-HREF="#AEN639"
+HREF="#AEN626"
>Stand Alone Server</A
></DT
><DT
>4.2. <A
-HREF="#AEN646"
+HREF="#AEN633"
>Domain Member Server</A
></DT
><DT
>4.3. <A
-HREF="#AEN652"
+HREF="#AEN639"
>Domain Controller</A
></DT
></DL
@@ -266,7 +266,7 @@ HREF="#SECURITYLEVELS"
><DL
><DT
>5.1. <A
-HREF="#AEN681"
+HREF="#AEN668"
>User and Share security level</A
></DT
></DL
@@ -280,37 +280,37 @@ HREF="#SAMBA-PDC"
><DL
><DT
>6.1. <A
-HREF="#AEN785"
+HREF="#AEN772"
>Prerequisite Reading</A
></DT
><DT
>6.2. <A
-HREF="#AEN790"
+HREF="#AEN777"
>Background</A
></DT
><DT
>6.3. <A
-HREF="#AEN830"
+HREF="#AEN817"
>Configuring the Samba Domain Controller</A
></DT
><DT
>6.4. <A
-HREF="#AEN872"
+HREF="#AEN859"
>Creating Machine Trust Accounts and Joining Clients to the Domain</A
></DT
><DT
>6.5. <A
-HREF="#AEN980"
+HREF="#AEN967"
>Common Problems and Errors</A
></DT
><DT
>6.6. <A
-HREF="#AEN1026"
+HREF="#AEN1013"
>What other help can I get?</A
></DT
><DT
>6.7. <A
-HREF="#AEN1140"
+HREF="#AEN1127"
>Domain Control for Windows 9x/ME</A
></DT
></DL
@@ -324,27 +324,27 @@ HREF="#SAMBA-BDC"
><DL
><DT
>7.1. <A
-HREF="#AEN1193"
+HREF="#AEN1180"
>Prerequisite Reading</A
></DT
><DT
>7.2. <A
-HREF="#AEN1197"
+HREF="#AEN1184"
>Background</A
></DT
><DT
>7.3. <A
-HREF="#AEN1205"
+HREF="#AEN1192"
>What qualifies a Domain Controller on the network?</A
></DT
><DT
>7.4. <A
-HREF="#AEN1214"
+HREF="#AEN1201"
>Can Samba be a Backup Domain Controller to an NT PDC?</A
></DT
><DT
>7.5. <A
-HREF="#AEN1219"
+HREF="#AEN1206"
>How do I set up a Samba BDC?</A
></DT
></DL
@@ -358,7 +358,7 @@ HREF="#ADS"
><DL
><DT
>8.1. <A
-HREF="#AEN1251"
+HREF="#AEN1238"
>Setup your <TT
CLASS="FILENAME"
>smb.conf</TT
@@ -366,7 +366,7 @@ CLASS="FILENAME"
></DT
><DT
>8.2. <A
-HREF="#AEN1262"
+HREF="#AEN1249"
>Setup your <TT
CLASS="FILENAME"
>/etc/krb5.conf</TT
@@ -374,22 +374,22 @@ CLASS="FILENAME"
></DT
><DT
>8.3. <A
-HREF="#AEN1273"
+HREF="#AEN1260"
>Create the computer account</A
></DT
><DT
>8.4. <A
-HREF="#AEN1285"
+HREF="#AEN1272"
>Test your server setup</A
></DT
><DT
>8.5. <A
-HREF="#AEN1290"
+HREF="#AEN1277"
>Testing with smbclient</A
></DT
><DT
>8.6. <A
-HREF="#AEN1293"
+HREF="#AEN1280"
>Notes</A
></DT
></DL
@@ -403,12 +403,12 @@ HREF="#DOMAIN-SECURITY"
><DL
><DT
>9.1. <A
-HREF="#AEN1315"
+HREF="#AEN1302"
>Joining an NT Domain with Samba 3.0</A
></DT
><DT
>9.2. <A
-HREF="#AEN1369"
+HREF="#AEN1356"
>Why is this better than security = server?</A
></DT
></DL
@@ -425,19 +425,14 @@ HREF="#OPTIONAL"
><DT
>10. <A
HREF="#ADVANCEDNETWORKMANAGEMENT"
->System Policies</A
+>Advanced Network Manangement Information</A
></DT
><DD
><DL
><DT
>10.1. <A
-HREF="#AEN1401"
->Basic System Policy Info</A
-></DT
-><DT
->10.2. <A
-HREF="#AEN1456"
->Roaming Profiles</A
+HREF="#AEN1388"
+>Remote Server Administration</A
></DT
></DL
></DD
@@ -450,39 +445,39 @@ HREF="#UNIX-PERMISSIONS"
><DL
><DT
>11.1. <A
-HREF="#AEN1663"
+HREF="#AEN1416"
>Viewing and changing UNIX permissions using the NT
security dialogs</A
></DT
><DT
>11.2. <A
-HREF="#AEN1667"
+HREF="#AEN1420"
>How to view file security on a Samba share</A
></DT
><DT
>11.3. <A
-HREF="#AEN1678"
+HREF="#AEN1431"
>Viewing file ownership</A
></DT
><DT
>11.4. <A
-HREF="#AEN1698"
+HREF="#AEN1451"
>Viewing file or directory permissions</A
></DT
><DT
>11.5. <A
-HREF="#AEN1734"
+HREF="#AEN1487"
>Modifying file or directory permissions</A
></DT
><DT
>11.6. <A
-HREF="#AEN1756"
+HREF="#AEN1509"
>Interaction with the standard Samba create mask
parameters</A
></DT
><DT
>11.7. <A
-HREF="#AEN1810"
+HREF="#AEN1563"
>Interaction with the standard Samba file attribute
mapping</A
></DT
@@ -503,17 +498,17 @@ managed authentication</A
><DL
><DT
>13.1. <A
-HREF="#AEN1866"
+HREF="#AEN1619"
>Samba and PAM</A
></DT
><DT
>13.2. <A
-HREF="#AEN1915"
+HREF="#AEN1668"
>Distributed Authentication</A
></DT
><DT
>13.3. <A
-HREF="#AEN1920"
+HREF="#AEN1673"
>PAM Configuration in smb.conf</A
></DT
></DL
@@ -527,22 +522,22 @@ HREF="#PRINTING"
><DL
><DT
>14.1. <A
-HREF="#AEN1946"
+HREF="#AEN1699"
>Introduction</A
></DT
><DT
>14.2. <A
-HREF="#AEN1968"
+HREF="#AEN1721"
>Configuration</A
></DT
><DT
>14.3. <A
-HREF="#AEN2076"
+HREF="#AEN1829"
>The Imprints Toolset</A
></DT
><DT
>14.4. <A
-HREF="#AEN2119"
+HREF="#AEN1872"
>Diagnosis</A
></DT
></DL
@@ -556,37 +551,37 @@ HREF="#CUPS-PRINTING"
><DL
><DT
>15.1. <A
-HREF="#AEN2231"
+HREF="#AEN1984"
>Introduction</A
></DT
><DT
>15.2. <A
-HREF="#AEN2236"
+HREF="#AEN1989"
>CUPS - RAW Print Through Mode</A
></DT
><DT
>15.3. <A
-HREF="#AEN2291"
+HREF="#AEN2044"
>The CUPS Filter Chains</A
></DT
><DT
>15.4. <A
-HREF="#AEN2330"
+HREF="#AEN2083"
>CUPS Print Drivers and Devices</A
></DT
><DT
>15.5. <A
-HREF="#AEN2407"
+HREF="#AEN2160"
>Limiting the number of pages users can print</A
></DT
><DT
>15.6. <A
-HREF="#AEN2496"
+HREF="#AEN2249"
>Advanced Postscript Printing from MS Windows</A
></DT
><DT
>15.7. <A
-HREF="#AEN2511"
+HREF="#AEN2264"
>Auto-Deletion of CUPS spool files</A
></DT
></DL
@@ -600,216 +595,244 @@ HREF="#WINBIND"
><DL
><DT
>16.1. <A
-HREF="#AEN2573"
+HREF="#AEN2326"
>Abstract</A
></DT
><DT
>16.2. <A
-HREF="#AEN2577"
+HREF="#AEN2330"
>Introduction</A
></DT
><DT
>16.3. <A
-HREF="#AEN2590"
+HREF="#AEN2343"
>What Winbind Provides</A
></DT
><DT
>16.4. <A
-HREF="#AEN2601"
+HREF="#AEN2354"
>How Winbind Works</A
></DT
><DT
>16.5. <A
-HREF="#AEN2644"
+HREF="#AEN2397"
>Installation and Configuration</A
></DT
><DT
>16.6. <A
-HREF="#AEN2901"
+HREF="#AEN2654"
>Limitations</A
></DT
><DT
>16.7. <A
-HREF="#AEN2911"
+HREF="#AEN2664"
>Conclusion</A
></DT
></DL
></DD
><DT
>17. <A
+HREF="#POLICYMGMT"
+>Policy Management - Hows and Whys</A
+></DT
+><DD
+><DL
+><DT
+>17.1. <A
+HREF="#AEN2678"
+>System Policies</A
+></DT
+></DL
+></DD
+><DT
+>18. <A
+HREF="#PROFILEMGMT"
+>Profile Management</A
+></DT
+><DD
+><DL
+><DT
+>18.1. <A
+HREF="#AEN2761"
+>Roaming Profiles</A
+></DT
+></DL
+></DD
+><DT
+>19. <A
HREF="#INTEGRATE-MS-NETWORKS"
>Integrating MS Windows networks with Samba</A
></DT
><DD
><DL
><DT
->17.1. <A
-HREF="#AEN2932"
+>19.1. <A
+HREF="#AEN2975"
>Name Resolution in a pure Unix/Linux world</A
></DT
><DT
->17.2. <A
-HREF="#AEN2995"
+>19.2. <A
+HREF="#AEN3038"
>Name resolution as used within MS Windows networking</A
></DT
></DL
></DD
><DT
->18. <A
+>20. <A
HREF="#IMPROVED-BROWSING"
>Improved browsing in samba</A
></DT
><DD
><DL
><DT
->18.1. <A
-HREF="#AEN3047"
+>20.1. <A
+HREF="#AEN3090"
>Overview of browsing</A
></DT
><DT
->18.2. <A
-HREF="#AEN3052"
+>20.2. <A
+HREF="#AEN3095"
>Browsing support in samba</A
></DT
><DT
->18.3. <A
-HREF="#AEN3060"
+>20.3. <A
+HREF="#AEN3103"
>Problem resolution</A
></DT
><DT
->18.4. <A
-HREF="#AEN3069"
+>20.4. <A
+HREF="#AEN3112"
>Browsing across subnets</A
></DT
><DT
->18.5. <A
-HREF="#AEN3109"
+>20.5. <A
+HREF="#AEN3152"
>Setting up a WINS server</A
></DT
><DT
->18.6. <A
-HREF="#AEN3128"
+>20.6. <A
+HREF="#AEN3171"
>Setting up Browsing in a WORKGROUP</A
></DT
><DT
->18.7. <A
-HREF="#AEN3146"
+>20.7. <A
+HREF="#AEN3189"
>Setting up Browsing in a DOMAIN</A
></DT
><DT
->18.8. <A
-HREF="#AEN3156"
+>20.8. <A
+HREF="#AEN3199"
>Forcing samba to be the master</A
></DT
><DT
->18.9. <A
-HREF="#AEN3165"
+>20.9. <A
+HREF="#AEN3208"
>Making samba the domain master</A
></DT
><DT
->18.10. <A
-HREF="#AEN3183"
+>20.10. <A
+HREF="#AEN3226"
>Note about broadcast addresses</A
></DT
><DT
->18.11. <A
-HREF="#AEN3186"
+>20.11. <A
+HREF="#AEN3229"
>Multiple interfaces</A
></DT
></DL
></DD
><DT
->19. <A
+>21. <A
HREF="#MSDFS"
>Hosting a Microsoft Distributed File System tree on Samba</A
></DT
><DD
><DL
><DT
->19.1. <A
-HREF="#AEN3200"
+>21.1. <A
+HREF="#AEN3243"
>Instructions</A
></DT
></DL
></DD
><DT
->20. <A
+>22. <A
HREF="#VFS"
>Stackable VFS modules</A
></DT
><DD
><DL
><DT
->20.1. <A
-HREF="#AEN3259"
+>22.1. <A
+HREF="#AEN3302"
>Introduction and configuration</A
></DT
><DT
->20.2. <A
-HREF="#AEN3268"
+>22.2. <A
+HREF="#AEN3311"
>Included modules</A
></DT
><DT
->20.3. <A
-HREF="#AEN3322"
+>22.3. <A
+HREF="#AEN3365"
>VFS modules available elsewhere</A
></DT
></DL
></DD
><DT
->21. <A
+>23. <A
HREF="#SECURING-SAMBA"
>Securing Samba</A
></DT
><DD
><DL
><DT
->21.1. <A
-HREF="#AEN3348"
+>23.1. <A
+HREF="#AEN3391"
>Introduction</A
></DT
><DT
->21.2. <A
-HREF="#AEN3351"
+>23.2. <A
+HREF="#AEN3394"
>Using host based protection</A
></DT
><DT
->21.3. <A
-HREF="#AEN3358"
+>23.3. <A
+HREF="#AEN3401"
>Using interface protection</A
></DT
><DT
->21.4. <A
-HREF="#AEN3367"
+>23.4. <A
+HREF="#AEN3410"
>Using a firewall</A
></DT
><DT
->21.5. <A
-HREF="#AEN3374"
+>23.5. <A
+HREF="#AEN3417"
>Using a IPC$ share deny</A
></DT
><DT
->21.6. <A
-HREF="#AEN3383"
+>23.6. <A
+HREF="#AEN3426"
>Upgrading Samba</A
></DT
></DL
></DD
><DT
->22. <A
+>24. <A
HREF="#UNICODE"
>Unicode/Charsets</A
></DT
><DD
><DL
><DT
->22.1. <A
-HREF="#AEN3397"
+>24.1. <A
+HREF="#AEN3440"
>What are charsets and unicode?</A
></DT
><DT
->22.2. <A
-HREF="#AEN3406"
+>24.2. <A
+HREF="#AEN3449"
>Samba and charsets</A
></DT
></DL
@@ -824,225 +847,225 @@ HREF="#APPENDIXES"
><DD
><DL
><DT
->23. <A
+>25. <A
HREF="#SPEED"
>Samba performance issues</A
></DT
><DD
><DL
><DT
->23.1. <A
-HREF="#AEN3443"
+>25.1. <A
+HREF="#AEN3486"
>Comparisons</A
></DT
><DT
->23.2. <A
-HREF="#AEN3449"
+>25.2. <A
+HREF="#AEN3492"
>Socket options</A
></DT
><DT
->23.3. <A
-HREF="#AEN3456"
+>25.3. <A
+HREF="#AEN3499"
>Read size</A
></DT
><DT
->23.4. <A
-HREF="#AEN3461"
+>25.4. <A
+HREF="#AEN3504"
>Max xmit</A
></DT
><DT
->23.5. <A
-HREF="#AEN3466"
+>25.5. <A
+HREF="#AEN3509"
>Log level</A
></DT
><DT
->23.6. <A
-HREF="#AEN3469"
+>25.6. <A
+HREF="#AEN3512"
>Read raw</A
></DT
><DT
->23.7. <A
-HREF="#AEN3474"
+>25.7. <A
+HREF="#AEN3517"
>Write raw</A
></DT
><DT
->23.8. <A
-HREF="#AEN3478"
+>25.8. <A
+HREF="#AEN3521"
>Slow Clients</A
></DT
><DT
->23.9. <A
-HREF="#AEN3482"
+>25.9. <A
+HREF="#AEN3525"
>Slow Logins</A
></DT
><DT
->23.10. <A
-HREF="#AEN3485"
+>25.10. <A
+HREF="#AEN3528"
>Client tuning</A
></DT
></DL
></DD
><DT
->24. <A
+>26. <A
HREF="#PORTABILITY"
>Portability</A
></DT
><DD
><DL
><DT
->24.1. <A
-HREF="#AEN3525"
+>26.1. <A
+HREF="#AEN3568"
>HPUX</A
></DT
><DT
->24.2. <A
-HREF="#AEN3531"
+>26.2. <A
+HREF="#AEN3574"
>SCO Unix</A
></DT
><DT
->24.3. <A
-HREF="#AEN3535"
+>26.3. <A
+HREF="#AEN3578"
>DNIX</A
></DT
><DT
->24.4. <A
-HREF="#AEN3564"
+>26.4. <A
+HREF="#AEN3607"
>RedHat Linux Rembrandt-II</A
></DT
><DT
->24.5. <A
-HREF="#AEN3570"
+>26.5. <A
+HREF="#AEN3613"
>AIX</A
></DT
></DL
></DD
><DT
->25. <A
+>27. <A
HREF="#OTHER-CLIENTS"
>Samba and other CIFS clients</A
></DT
><DD
><DL
><DT
->25.1. <A
-HREF="#AEN3590"
+>27.1. <A
+HREF="#AEN3633"
>Macintosh clients?</A
></DT
><DT
->25.2. <A
-HREF="#AEN3599"
+>27.2. <A
+HREF="#AEN3642"
>OS2 Client</A
></DT
><DT
->25.3. <A
-HREF="#AEN3639"
+>27.3. <A
+HREF="#AEN3682"
>Windows for Workgroups</A
></DT
><DT
->25.4. <A
-HREF="#AEN3663"
+>27.4. <A
+HREF="#AEN3706"
>Windows '95/'98</A
></DT
><DT
->25.5. <A
-HREF="#AEN3679"
+>27.5. <A
+HREF="#AEN3722"
>Windows 2000 Service Pack 2</A
></DT
></DL
></DD
><DT
->26. <A
+>28. <A
HREF="#COMPILING"
>How to compile SAMBA</A
></DT
><DD
><DL
><DT
->26.1. <A
-HREF="#AEN3706"
+>28.1. <A
+HREF="#AEN3749"
>Access Samba source code via CVS</A
></DT
><DT
->26.2. <A
-HREF="#AEN3749"
+>28.2. <A
+HREF="#AEN3792"
>Accessing the samba sources via rsync and ftp</A
></DT
><DT
->26.3. <A
-HREF="#AEN3755"
+>28.3. <A
+HREF="#AEN3798"
>Building the Binaries</A
></DT
><DT
->26.4. <A
-HREF="#AEN3812"
+>28.4. <A
+HREF="#AEN3855"
>Starting the smbd and nmbd</A
></DT
></DL
></DD
><DT
->27. <A
+>29. <A
HREF="#BUGREPORT"
>Reporting Bugs</A
></DT
><DD
><DL
><DT
->27.1. <A
-HREF="#AEN3874"
+>29.1. <A
+HREF="#AEN3917"
>Introduction</A
></DT
><DT
->27.2. <A
-HREF="#AEN3884"
+>29.2. <A
+HREF="#AEN3927"
>General info</A
></DT
><DT
->27.3. <A
-HREF="#AEN3890"
+>29.3. <A
+HREF="#AEN3933"
>Debug levels</A
></DT
><DT
->27.4. <A
-HREF="#AEN3907"
+>29.4. <A
+HREF="#AEN3950"
>Internal errors</A
></DT
><DT
->27.5. <A
-HREF="#AEN3917"
+>29.5. <A
+HREF="#AEN3960"
>Attaching to a running process</A
></DT
><DT
->27.6. <A
-HREF="#AEN3920"
+>29.6. <A
+HREF="#AEN3963"
>Patches</A
></DT
></DL
></DD
><DT
->28. <A
+>30. <A
HREF="#DIAGNOSIS"
>The samba checklist</A
></DT
><DD
><DL
><DT
->28.1. <A
-HREF="#AEN3943"
+>30.1. <A
+HREF="#AEN3986"
>Introduction</A
></DT
><DT
->28.2. <A
-HREF="#AEN3948"
+>30.2. <A
+HREF="#AEN3991"
>Assumptions</A
></DT
><DT
->28.3. <A
-HREF="#AEN3958"
+>30.3. <A
+HREF="#AEN4001"
>Tests</A
></DT
><DT
->28.4. <A
-HREF="#AEN4068"
+>30.4. <A
+HREF="#AEN4111"
>Still having troubles?</A
></DT
></DL
@@ -1304,49 +1327,30 @@ HREF="#AEN546"
><DT
>3.7.1. <A
HREF="#AEN548"
->Building</A
-></DT
-><DT
->3.7.2. <A
-HREF="#AEN554"
>Creating the database</A
></DT
><DT
->3.7.3. <A
-HREF="#AEN564"
+>3.7.2. <A
+HREF="#AEN558"
>Configuring</A
></DT
><DT
->3.7.4. <A
-HREF="#AEN581"
+>3.7.3. <A
+HREF="#AEN575"
>Using plaintext passwords or encrypted password</A
></DT
><DT
->3.7.5. <A
-HREF="#AEN586"
+>3.7.4. <A
+HREF="#AEN580"
>Getting non-column data from the table</A
></DT
></DL
></DD
><DT
>3.8. <A
-HREF="#AEN594"
->Passdb XML plugin</A
+HREF="#AEN588"
+>XML</A
></DT
-><DD
-><DL
-><DT
->3.8.1. <A
-HREF="#AEN596"
->Building</A
-></DT
-><DT
->3.8.2. <A
-HREF="#AEN602"
->Usage</A
-></DT
-></DL
-></DD
></DL
></DD
></DL
@@ -3436,28 +3440,7 @@ CLASS="SECT2"
CLASS="SECT2"
><A
NAME="AEN548"
->3.7.1. Building</A
-></H3
-><P
->To build the plugin, run <B
-CLASS="COMMAND"
->make bin/pdb_mysql.so</B
->
-in the <TT
-CLASS="FILENAME"
->source/</TT
-> directory of samba distribution. </P
-><P
->Next, copy pdb_mysql.so to any location you want. I
-strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN554"
->3.7.2. Creating the database</A
+>3.7.1. Creating the database</A
></H3
><P
>You either can set up your own table and specify the field names to pdb_mysql (see below
@@ -3492,8 +3475,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN564"
->3.7.3. Configuring</A
+NAME="AEN558"
+>3.7.2. Configuring</A
></H3
><P
>This plugin lacks some good documentation, but here is some short info:</P
@@ -3507,7 +3490,7 @@ CLASS="FILENAME"
>:
<PRE
CLASS="PROGRAMLISTING"
->passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE
+>passdb backend = [other-plugins] mysql:identifier [other-plugins]</PRE
></P
><P
>The identifier can be any string you like, as long as it doesn't collide with
@@ -3603,8 +3586,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN581"
->3.7.4. Using plaintext passwords or encrypted password</A
+NAME="AEN575"
+>3.7.3. Using plaintext passwords or encrypted password</A
></H3
><P
>I strongly discourage the use of plaintext passwords, however, you can use them:</P
@@ -3618,8 +3601,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN586"
->3.7.5. Getting non-column data from the table</A
+NAME="AEN580"
+>3.7.4. Getting non-column data from the table</A
></H3
><P
>It is possible to have not all data in the database and making some 'constant'.</P
@@ -3644,43 +3627,17 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN594"
->3.8. Passdb XML plugin</A
+NAME="AEN588"
+>3.8. XML</A
></H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN596"
->3.8.1. Building</A
-></H3
><P
>This module requires libxml2 to be installed.</P
><P
->To build pdb_xml, run: <B
-CLASS="COMMAND"
->make bin/pdb_xml.so</B
-> in
-the directory <TT
-CLASS="FILENAME"
->source/</TT
->. </P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN602"
->3.8.2. Usage</A
-></H3
-><P
>The usage of pdb_xml is pretty straightforward. To export data, use:
<B
CLASS="COMMAND"
->pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</B
+>pdbedit -e xml:filename</B
>
(where filename is the name of the file to put the data in)</P
@@ -3688,14 +3645,13 @@ CLASS="COMMAND"
>To import data, use:
<B
CLASS="COMMAND"
->pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</B
+>pdbedit -i xml:filename -e current-pdb</B
>
Where filename is the name to read the data from and current-pdb to put it in.</P
></DIV
></DIV
></DIV
-></DIV
><DIV
CLASS="PART"
><A
@@ -3709,7 +3665,7 @@ CLASS="TITLE"
><DIV
CLASS="PARTINTRO"
><A
-NAME="AEN610"
+NAME="AEN597"
></A
><H1
>Introduction</H1
@@ -3733,24 +3689,24 @@ HREF="#SERVERTYPE"
><DL
><DT
>4.1. <A
-HREF="#AEN639"
+HREF="#AEN626"
>Stand Alone Server</A
></DT
><DT
>4.2. <A
-HREF="#AEN646"
+HREF="#AEN633"
>Domain Member Server</A
></DT
><DT
>4.3. <A
-HREF="#AEN652"
+HREF="#AEN639"
>Domain Controller</A
></DT
><DD
><DL
><DT
>4.3.1. <A
-HREF="#AEN655"
+HREF="#AEN642"
>Domain Controller Types</A
></DT
></DL
@@ -3766,34 +3722,34 @@ HREF="#SECURITYLEVELS"
><DL
><DT
>5.1. <A
-HREF="#AEN681"
+HREF="#AEN668"
>User and Share security level</A
></DT
><DD
><DL
><DT
>5.1.1. <A
-HREF="#AEN684"
+HREF="#AEN671"
>User Level Security</A
></DT
><DT
>5.1.2. <A
-HREF="#AEN694"
+HREF="#AEN681"
>Share Level Security</A
></DT
><DT
>5.1.3. <A
-HREF="#AEN698"
+HREF="#AEN685"
>Server Level Security</A
></DT
><DT
>5.1.4. <A
-HREF="#AEN737"
+HREF="#AEN724"
>Domain Level Security</A
></DT
><DT
>5.1.5. <A
-HREF="#AEN758"
+HREF="#AEN745"
>ADS Level Security</A
></DT
></DL
@@ -3809,63 +3765,63 @@ HREF="#SAMBA-PDC"
><DL
><DT
>6.1. <A
-HREF="#AEN785"
+HREF="#AEN772"
>Prerequisite Reading</A
></DT
><DT
>6.2. <A
-HREF="#AEN790"
+HREF="#AEN777"
>Background</A
></DT
><DT
>6.3. <A
-HREF="#AEN830"
+HREF="#AEN817"
>Configuring the Samba Domain Controller</A
></DT
><DT
>6.4. <A
-HREF="#AEN872"
+HREF="#AEN859"
>Creating Machine Trust Accounts and Joining Clients to the Domain</A
></DT
><DD
><DL
><DT
>6.4.1. <A
-HREF="#AEN915"
+HREF="#AEN902"
>Manual Creation of Machine Trust Accounts</A
></DT
><DT
>6.4.2. <A
-HREF="#AEN956"
+HREF="#AEN943"
>"On-the-Fly" Creation of Machine Trust Accounts</A
></DT
><DT
>6.4.3. <A
-HREF="#AEN965"
+HREF="#AEN952"
>Joining the Client to the Domain</A
></DT
></DL
></DD
><DT
>6.5. <A
-HREF="#AEN980"
+HREF="#AEN967"
>Common Problems and Errors</A
></DT
><DT
>6.6. <A
-HREF="#AEN1026"
+HREF="#AEN1013"
>What other help can I get?</A
></DT
><DT
>6.7. <A
-HREF="#AEN1140"
+HREF="#AEN1127"
>Domain Control for Windows 9x/ME</A
></DT
><DD
><DL
><DT
>6.7.1. <A
-HREF="#AEN1163"
+HREF="#AEN1150"
>Configuration Instructions: Network Logons</A
></DT
></DL
@@ -3881,53 +3837,53 @@ HREF="#SAMBA-BDC"
><DL
><DT
>7.1. <A
-HREF="#AEN1193"
+HREF="#AEN1180"
>Prerequisite Reading</A
></DT
><DT
>7.2. <A
-HREF="#AEN1197"
+HREF="#AEN1184"
>Background</A
></DT
><DT
>7.3. <A
-HREF="#AEN1205"
+HREF="#AEN1192"
>What qualifies a Domain Controller on the network?</A
></DT
><DD
><DL
><DT
>7.3.1. <A
-HREF="#AEN1208"
+HREF="#AEN1195"
>How does a Workstation find its domain controller?</A
></DT
><DT
>7.3.2. <A
-HREF="#AEN1211"
+HREF="#AEN1198"
>When is the PDC needed?</A
></DT
></DL
></DD
><DT
>7.4. <A
-HREF="#AEN1214"
+HREF="#AEN1201"
>Can Samba be a Backup Domain Controller to an NT PDC?</A
></DT
><DT
>7.5. <A
-HREF="#AEN1219"
+HREF="#AEN1206"
>How do I set up a Samba BDC?</A
></DT
><DD
><DL
><DT
>7.5.1. <A
-HREF="#AEN1236"
+HREF="#AEN1223"
>How do I replicate the smbpasswd file?</A
></DT
><DT
>7.5.2. <A
-HREF="#AEN1240"
+HREF="#AEN1227"
>Can I do this all with LDAP?</A
></DT
></DL
@@ -3943,7 +3899,7 @@ HREF="#ADS"
><DL
><DT
>8.1. <A
-HREF="#AEN1251"
+HREF="#AEN1238"
>Setup your <TT
CLASS="FILENAME"
>smb.conf</TT
@@ -3951,7 +3907,7 @@ CLASS="FILENAME"
></DT
><DT
>8.2. <A
-HREF="#AEN1262"
+HREF="#AEN1249"
>Setup your <TT
CLASS="FILENAME"
>/etc/krb5.conf</TT
@@ -3959,31 +3915,31 @@ CLASS="FILENAME"
></DT
><DT
>8.3. <A
-HREF="#AEN1273"
+HREF="#AEN1260"
>Create the computer account</A
></DT
><DD
><DL
><DT
>8.3.1. <A
-HREF="#AEN1277"
+HREF="#AEN1264"
>Possible errors</A
></DT
></DL
></DD
><DT
>8.4. <A
-HREF="#AEN1285"
+HREF="#AEN1272"
>Test your server setup</A
></DT
><DT
>8.5. <A
-HREF="#AEN1290"
+HREF="#AEN1277"
>Testing with smbclient</A
></DT
><DT
>8.6. <A
-HREF="#AEN1293"
+HREF="#AEN1280"
>Notes</A
></DT
></DL
@@ -3997,12 +3953,12 @@ HREF="#DOMAIN-SECURITY"
><DL
><DT
>9.1. <A
-HREF="#AEN1315"
+HREF="#AEN1302"
>Joining an NT Domain with Samba 3.0</A
></DT
><DT
>9.2. <A
-HREF="#AEN1369"
+HREF="#AEN1356"
>Why is this better than security = server?</A
></DT
></DL
@@ -4061,7 +4017,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN639"
+NAME="AEN626"
>4.1. Stand Alone Server</A
></H2
><P
@@ -4104,7 +4060,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN646"
+NAME="AEN633"
>4.2. Domain Member Server</A
></H2
><P
@@ -4135,7 +4091,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN652"
+NAME="AEN639"
>4.3. Domain Controller</A
></H2
><P
@@ -4147,7 +4103,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN655"
+NAME="AEN642"
>4.3.1. Domain Controller Types</A
></H3
><P
@@ -4241,7 +4197,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN681"
+NAME="AEN668"
>5.1. User and Share security level</A
></H2
><P
@@ -4259,7 +4215,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN684"
+NAME="AEN671"
>5.1.1. User Level Security</A
></H3
><P
@@ -4300,7 +4256,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN694"
+NAME="AEN681"
>5.1.2. Share Level Security</A
></H3
><P
@@ -4331,7 +4287,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN698"
+NAME="AEN685"
>5.1.3. Server Level Security</A
></H3
><P
@@ -4367,7 +4323,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN703"
+NAME="AEN690"
>5.1.3.1. Configuring Samba for Seemless Windows Network Integration</A
></H4
><P
@@ -4479,7 +4435,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN729"
+NAME="AEN716"
>5.1.3.2. Use MS Windows NT as an authentication server</A
></H4
><P
@@ -4515,7 +4471,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN737"
+NAME="AEN724"
>5.1.4. Domain Level Security</A
></H3
><P
@@ -4533,7 +4489,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN741"
+NAME="AEN728"
>5.1.4.1. Samba as a member of an MS Windows NT security domain</A
></H4
><P
@@ -4596,7 +4552,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN758"
+NAME="AEN745"
>5.1.5. ADS Level Security</A
></H3
><P
@@ -4623,7 +4579,7 @@ CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN785"
+NAME="AEN772"
>6.1. Prerequisite Reading</A
></H2
><P
@@ -4646,7 +4602,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN790"
+NAME="AEN777"
>6.2. Background</A
></H2
><P
@@ -4793,7 +4749,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN830"
+NAME="AEN817"
>6.3. Configuring the Samba Domain Controller</A
></H2
><P
@@ -4990,7 +4946,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN872"
+NAME="AEN859"
>6.4. Creating Machine Trust Accounts and Joining Clients to the Domain</A
></H2
><P
@@ -5176,7 +5132,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN915"
+NAME="AEN902"
>6.4.1. Manual Creation of Machine Trust Accounts</A
></H3
><P
@@ -5346,7 +5302,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN956"
+NAME="AEN943"
>6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A
></H3
><P
@@ -5383,7 +5339,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN965"
+NAME="AEN952"
>6.4.3. Joining the Client to the Domain</A
></H3
><P
@@ -5451,7 +5407,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN980"
+NAME="AEN967"
>6.5. Common Problems and Errors</A
></H2
><P
@@ -5650,7 +5606,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1026"
+NAME="AEN1013"
>6.6. What other help can I get?</A
></H2
><P
@@ -6070,7 +6026,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1140"
+NAME="AEN1127"
>6.7. Domain Control for Windows 9x/ME</A
></H2
><P
@@ -6169,7 +6125,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1163"
+NAME="AEN1150"
>6.7.1. Configuration Instructions: Network Logons</A
></H3
><P
@@ -6284,7 +6240,7 @@ CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN1193"
+NAME="AEN1180"
>7.1. Prerequisite Reading</A
></H2
><P
@@ -6301,7 +6257,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1197"
+NAME="AEN1184"
>7.2. Background</A
></H2
><P
@@ -6346,7 +6302,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1205"
+NAME="AEN1192"
>7.3. What qualifies a Domain Controller on the network?</A
></H2
><P
@@ -6363,7 +6319,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1208"
+NAME="AEN1195"
>7.3.1. How does a Workstation find its domain controller?</A
></H3
><P
@@ -6382,7 +6338,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1211"
+NAME="AEN1198"
>7.3.2. When is the PDC needed?</A
></H3
><P
@@ -6398,7 +6354,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1214"
+NAME="AEN1201"
>7.4. Can Samba be a Backup Domain Controller to an NT PDC?</A
></H2
><P
@@ -6421,7 +6377,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1219"
+NAME="AEN1206"
>7.5. How do I set up a Samba BDC?</A
></H2
><P
@@ -6488,7 +6444,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1236"
+NAME="AEN1223"
>7.5.1. How do I replicate the smbpasswd file?</A
></H3
><P
@@ -6509,7 +6465,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1240"
+NAME="AEN1227"
>7.5.2. Can I do this all with LDAP?</A
></H3
><P
@@ -6536,7 +6492,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1251"
+NAME="AEN1238"
>8.1. Setup your <TT
CLASS="FILENAME"
>smb.conf</TT
@@ -6576,7 +6532,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1262"
+NAME="AEN1249"
>8.2. Setup your <TT
CLASS="FILENAME"
>/etc/krb5.conf</TT
@@ -6618,7 +6574,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1273"
+NAME="AEN1260"
>8.3. Create the computer account</A
></H2
><P
@@ -6633,7 +6589,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1277"
+NAME="AEN1264"
>8.3.1. Possible errors</A
></H3
><P
@@ -6658,7 +6614,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1285"
+NAME="AEN1272"
>8.4. Test your server setup</A
></H2
><P
@@ -6678,7 +6634,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1290"
+NAME="AEN1277"
>8.5. Testing with smbclient</A
></H2
><P
@@ -6691,7 +6647,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1293"
+NAME="AEN1280"
>8.6. Notes</A
></H2
><P
@@ -6714,7 +6670,7 @@ CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN1315"
+NAME="AEN1302"
>9.1. Joining an NT Domain with Samba 3.0</A
></H2
><P
@@ -6897,7 +6853,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1369"
+NAME="AEN1356"
>9.2. Why is this better than security = server?</A
></H2
><P
@@ -7009,7 +6965,7 @@ CLASS="TITLE"
><DIV
CLASS="PARTINTRO"
><A
-NAME="AEN1387"
+NAME="AEN1374"
></A
><H1
>Introduction</H1
@@ -7027,81 +6983,18 @@ CLASS="TOC"
><DT
>10. <A
HREF="#ADVANCEDNETWORKMANAGEMENT"
->System Policies</A
+>Advanced Network Manangement Information</A
></DT
><DD
><DL
><DT
>10.1. <A
-HREF="#AEN1401"
->Basic System Policy Info</A
-></DT
-><DD
-><DL
-><DT
->10.1.1. <A
-HREF="#AEN1445"
->Creating Group Prolicy Files</A
+HREF="#AEN1388"
+>Remote Server Administration</A
></DT
></DL
></DD
><DT
->10.2. <A
-HREF="#AEN1456"
->Roaming Profiles</A
-></DT
-><DD
-><DL
-><DT
->10.2.1. <A
-HREF="#AEN1464"
->Windows NT Configuration</A
-></DT
-><DT
->10.2.2. <A
-HREF="#AEN1473"
->Windows 9X Configuration</A
-></DT
-><DT
->10.2.3. <A
-HREF="#AEN1481"
->Win9X and WinNT Configuration</A
-></DT
-><DT
->10.2.4. <A
-HREF="#AEN1488"
->Windows 9X Profile Setup</A
-></DT
-><DT
->10.2.5. <A
-HREF="#AEN1524"
->Windows NT Workstation 4.0</A
-></DT
-><DT
->10.2.6. <A
-HREF="#AEN1532"
->Windows NT/200x Server</A
-></DT
-><DT
->10.2.7. <A
-HREF="#AEN1535"
->Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A
-></DT
-><DT
->10.2.8. <A
-HREF="#AEN1542"
->Windows NT 4</A
-></DT
-><DT
->10.2.9. <A
-HREF="#AEN1580"
->Windows 2000/XP</A
-></DT
-></DL
-></DD
-></DL
-></DD
-><DT
>11. <A
HREF="#UNIX-PERMISSIONS"
>UNIX Permission Bits and Windows NT Access Control Lists</A
@@ -7110,53 +7003,53 @@ HREF="#UNIX-PERMISSIONS"
><DL
><DT
>11.1. <A
-HREF="#AEN1663"
+HREF="#AEN1416"
>Viewing and changing UNIX permissions using the NT
security dialogs</A
></DT
><DT
>11.2. <A
-HREF="#AEN1667"
+HREF="#AEN1420"
>How to view file security on a Samba share</A
></DT
><DT
>11.3. <A
-HREF="#AEN1678"
+HREF="#AEN1431"
>Viewing file ownership</A
></DT
><DT
>11.4. <A
-HREF="#AEN1698"
+HREF="#AEN1451"
>Viewing file or directory permissions</A
></DT
><DD
><DL
><DT
>11.4.1. <A
-HREF="#AEN1713"
+HREF="#AEN1466"
>File Permissions</A
></DT
><DT
>11.4.2. <A
-HREF="#AEN1727"
+HREF="#AEN1480"
>Directory Permissions</A
></DT
></DL
></DD
><DT
>11.5. <A
-HREF="#AEN1734"
+HREF="#AEN1487"
>Modifying file or directory permissions</A
></DT
><DT
>11.6. <A
-HREF="#AEN1756"
+HREF="#AEN1509"
>Interaction with the standard Samba create mask
parameters</A
></DT
><DT
>11.7. <A
-HREF="#AEN1810"
+HREF="#AEN1563"
>Interaction with the standard Samba file attribute
mapping</A
></DT
@@ -7177,17 +7070,17 @@ managed authentication</A
><DL
><DT
>13.1. <A
-HREF="#AEN1866"
+HREF="#AEN1619"
>Samba and PAM</A
></DT
><DT
>13.2. <A
-HREF="#AEN1915"
+HREF="#AEN1668"
>Distributed Authentication</A
></DT
><DT
>13.3. <A
-HREF="#AEN1920"
+HREF="#AEN1673"
>PAM Configuration in smb.conf</A
></DT
></DL
@@ -7201,122 +7094,122 @@ HREF="#PRINTING"
><DL
><DT
>14.1. <A
-HREF="#AEN1946"
+HREF="#AEN1699"
>Introduction</A
></DT
><DT
>14.2. <A
-HREF="#AEN1968"
+HREF="#AEN1721"
>Configuration</A
></DT
><DD
><DL
><DT
>14.2.1. <A
-HREF="#AEN1976"
+HREF="#AEN1729"
>Creating [print$]</A
></DT
><DT
>14.2.2. <A
-HREF="#AEN2011"
+HREF="#AEN1764"
>Setting Drivers for Existing Printers</A
></DT
><DT
>14.2.3. <A
-HREF="#AEN2027"
+HREF="#AEN1780"
>Support a large number of printers</A
></DT
><DT
>14.2.4. <A
-HREF="#AEN2038"
+HREF="#AEN1791"
>Adding New Printers via the Windows NT APW</A
></DT
><DT
>14.2.5. <A
-HREF="#AEN2068"
+HREF="#AEN1821"
>Samba and Printer Ports</A
></DT
></DL
></DD
><DT
>14.3. <A
-HREF="#AEN2076"
+HREF="#AEN1829"
>The Imprints Toolset</A
></DT
><DD
><DL
><DT
>14.3.1. <A
-HREF="#AEN2080"
+HREF="#AEN1833"
>What is Imprints?</A
></DT
><DT
>14.3.2. <A
-HREF="#AEN2090"
+HREF="#AEN1843"
>Creating Printer Driver Packages</A
></DT
><DT
>14.3.3. <A
-HREF="#AEN2093"
+HREF="#AEN1846"
>The Imprints server</A
></DT
><DT
>14.3.4. <A
-HREF="#AEN2097"
+HREF="#AEN1850"
>The Installation Client</A
></DT
></DL
></DD
><DT
>14.4. <A
-HREF="#AEN2119"
+HREF="#AEN1872"
>Diagnosis</A
></DT
><DD
><DL
><DT
>14.4.1. <A
-HREF="#AEN2121"
+HREF="#AEN1874"
>Introduction</A
></DT
><DT
>14.4.2. <A
-HREF="#AEN2137"
+HREF="#AEN1890"
>Debugging printer problems</A
></DT
><DT
>14.4.3. <A
-HREF="#AEN2146"
+HREF="#AEN1899"
>What printers do I have?</A
></DT
><DT
>14.4.4. <A
-HREF="#AEN2154"
+HREF="#AEN1907"
>Setting up printcap and print servers</A
></DT
><DT
>14.4.5. <A
-HREF="#AEN2182"
+HREF="#AEN1935"
>Job sent, no output</A
></DT
><DT
>14.4.6. <A
-HREF="#AEN2193"
+HREF="#AEN1946"
>Job sent, strange output</A
></DT
><DT
>14.4.7. <A
-HREF="#AEN2205"
+HREF="#AEN1958"
>Raw PostScript printed</A
></DT
><DT
>14.4.8. <A
-HREF="#AEN2208"
+HREF="#AEN1961"
>Advanced Printing</A
></DT
><DT
>14.4.9. <A
-HREF="#AEN2211"
+HREF="#AEN1964"
>Real debugging</A
></DT
></DL
@@ -7332,46 +7225,46 @@ HREF="#CUPS-PRINTING"
><DL
><DT
>15.1. <A
-HREF="#AEN2231"
+HREF="#AEN1984"
>Introduction</A
></DT
><DT
>15.2. <A
-HREF="#AEN2236"
+HREF="#AEN1989"
>CUPS - RAW Print Through Mode</A
></DT
><DT
>15.3. <A
-HREF="#AEN2291"
+HREF="#AEN2044"
>The CUPS Filter Chains</A
></DT
><DT
>15.4. <A
-HREF="#AEN2330"
+HREF="#AEN2083"
>CUPS Print Drivers and Devices</A
></DT
><DD
><DL
><DT
>15.4.1. <A
-HREF="#AEN2337"
+HREF="#AEN2090"
>Further printing steps</A
></DT
></DL
></DD
><DT
>15.5. <A
-HREF="#AEN2407"
+HREF="#AEN2160"
>Limiting the number of pages users can print</A
></DT
><DT
>15.6. <A
-HREF="#AEN2496"
+HREF="#AEN2249"
>Advanced Postscript Printing from MS Windows</A
></DT
><DT
>15.7. <A
-HREF="#AEN2511"
+HREF="#AEN2264"
>Auto-Deletion of CUPS spool files</A
></DT
></DL
@@ -7385,144 +7278,240 @@ HREF="#WINBIND"
><DL
><DT
>16.1. <A
-HREF="#AEN2573"
+HREF="#AEN2326"
>Abstract</A
></DT
><DT
>16.2. <A
-HREF="#AEN2577"
+HREF="#AEN2330"
>Introduction</A
></DT
><DT
>16.3. <A
-HREF="#AEN2590"
+HREF="#AEN2343"
>What Winbind Provides</A
></DT
><DD
><DL
><DT
>16.3.1. <A
-HREF="#AEN2597"
+HREF="#AEN2350"
>Target Uses</A
></DT
></DL
></DD
><DT
>16.4. <A
-HREF="#AEN2601"
+HREF="#AEN2354"
>How Winbind Works</A
></DT
><DD
><DL
><DT
>16.4.1. <A
-HREF="#AEN2606"
+HREF="#AEN2359"
>Microsoft Remote Procedure Calls</A
></DT
><DT
>16.4.2. <A
-HREF="#AEN2610"
+HREF="#AEN2363"
>Microsoft Active Directory Services</A
></DT
><DT
>16.4.3. <A
-HREF="#AEN2613"
+HREF="#AEN2366"
>Name Service Switch</A
></DT
><DT
>16.4.4. <A
-HREF="#AEN2629"
+HREF="#AEN2382"
>Pluggable Authentication Modules</A
></DT
><DT
>16.4.5. <A
-HREF="#AEN2637"
+HREF="#AEN2390"
>User and Group ID Allocation</A
></DT
><DT
>16.4.6. <A
-HREF="#AEN2641"
+HREF="#AEN2394"
>Result Caching</A
></DT
></DL
></DD
><DT
>16.5. <A
-HREF="#AEN2644"
+HREF="#AEN2397"
>Installation and Configuration</A
></DT
><DD
><DL
><DT
>16.5.1. <A
-HREF="#AEN2649"
+HREF="#AEN2402"
>Introduction</A
></DT
><DT
>16.5.2. <A
-HREF="#AEN2662"
+HREF="#AEN2415"
>Requirements</A
></DT
><DT
>16.5.3. <A
-HREF="#AEN2676"
+HREF="#AEN2429"
>Testing Things Out</A
></DT
></DL
></DD
><DT
>16.6. <A
-HREF="#AEN2901"
+HREF="#AEN2654"
>Limitations</A
></DT
><DT
>16.7. <A
-HREF="#AEN2911"
+HREF="#AEN2664"
>Conclusion</A
></DT
></DL
></DD
><DT
>17. <A
+HREF="#POLICYMGMT"
+>Policy Management - Hows and Whys</A
+></DT
+><DD
+><DL
+><DT
+>17.1. <A
+HREF="#AEN2678"
+>System Policies</A
+></DT
+><DD
+><DL
+><DT
+>17.1.1. <A
+HREF="#AEN2692"
+>Creating and Managing Windows 9x/Me Policies</A
+></DT
+><DT
+>17.1.2. <A
+HREF="#AEN2704"
+>Creating and Managing Windows NT4 Style Policy Files</A
+></DT
+><DT
+>17.1.3. <A
+HREF="#AEN2722"
+>Creating and Managing MS Windows 200x Policies</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>18. <A
+HREF="#PROFILEMGMT"
+>Profile Management</A
+></DT
+><DD
+><DL
+><DT
+>18.1. <A
+HREF="#AEN2761"
+>Roaming Profiles</A
+></DT
+><DD
+><DL
+><DT
+>18.1.1. <A
+HREF="#AEN2769"
+>Windows NT Configuration</A
+></DT
+><DT
+>18.1.2. <A
+HREF="#AEN2778"
+>Windows 9X Configuration</A
+></DT
+><DT
+>18.1.3. <A
+HREF="#AEN2786"
+>Win9X and WinNT Configuration</A
+></DT
+><DT
+>18.1.4. <A
+HREF="#AEN2793"
+>Windows 9X Profile Setup</A
+></DT
+><DT
+>18.1.5. <A
+HREF="#AEN2829"
+>Windows NT Workstation 4.0</A
+></DT
+><DT
+>18.1.6. <A
+HREF="#AEN2837"
+>Windows NT/200x Server</A
+></DT
+><DT
+>18.1.7. <A
+HREF="#AEN2840"
+>Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A
+></DT
+><DT
+>18.1.8. <A
+HREF="#AEN2847"
+>Windows NT 4</A
+></DT
+><DT
+>18.1.9. <A
+HREF="#AEN2885"
+>Windows 2000/XP</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>19. <A
HREF="#INTEGRATE-MS-NETWORKS"
>Integrating MS Windows networks with Samba</A
></DT
><DD
><DL
><DT
->17.1. <A
-HREF="#AEN2932"
+>19.1. <A
+HREF="#AEN2975"
>Name Resolution in a pure Unix/Linux world</A
></DT
><DD
><DL
><DT
->17.1.1. <A
-HREF="#AEN2948"
+>19.1.1. <A
+HREF="#AEN2991"
><TT
CLASS="FILENAME"
>/etc/hosts</TT
></A
></DT
><DT
->17.1.2. <A
-HREF="#AEN2964"
+>19.1.2. <A
+HREF="#AEN3007"
><TT
CLASS="FILENAME"
>/etc/resolv.conf</TT
></A
></DT
><DT
->17.1.3. <A
-HREF="#AEN2975"
+>19.1.3. <A
+HREF="#AEN3018"
><TT
CLASS="FILENAME"
>/etc/host.conf</TT
></A
></DT
><DT
->17.1.4. <A
-HREF="#AEN2983"
+>19.1.4. <A
+HREF="#AEN3026"
><TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
@@ -7531,35 +7520,35 @@ CLASS="FILENAME"
></DL
></DD
><DT
->17.2. <A
-HREF="#AEN2995"
+>19.2. <A
+HREF="#AEN3038"
>Name resolution as used within MS Windows networking</A
></DT
><DD
><DL
><DT
->17.2.1. <A
-HREF="#AEN3007"
+>19.2.1. <A
+HREF="#AEN3050"
>The NetBIOS Name Cache</A
></DT
><DT
->17.2.2. <A
-HREF="#AEN3012"
+>19.2.2. <A
+HREF="#AEN3055"
>The LMHOSTS file</A
></DT
><DT
->17.2.3. <A
-HREF="#AEN3020"
+>19.2.3. <A
+HREF="#AEN3063"
>HOSTS file</A
></DT
><DT
->17.2.4. <A
-HREF="#AEN3025"
+>19.2.4. <A
+HREF="#AEN3068"
>DNS Lookup</A
></DT
><DT
->17.2.5. <A
-HREF="#AEN3028"
+>19.2.5. <A
+HREF="#AEN3071"
>WINS Lookup</A
></DT
></DL
@@ -7567,95 +7556,95 @@ HREF="#AEN3028"
></DL
></DD
><DT
->18. <A
+>20. <A
HREF="#IMPROVED-BROWSING"
>Improved browsing in samba</A
></DT
><DD
><DL
><DT
->18.1. <A
-HREF="#AEN3047"
+>20.1. <A
+HREF="#AEN3090"
>Overview of browsing</A
></DT
><DT
->18.2. <A
-HREF="#AEN3052"
+>20.2. <A
+HREF="#AEN3095"
>Browsing support in samba</A
></DT
><DT
->18.3. <A
-HREF="#AEN3060"
+>20.3. <A
+HREF="#AEN3103"
>Problem resolution</A
></DT
><DT
->18.4. <A
-HREF="#AEN3069"
+>20.4. <A
+HREF="#AEN3112"
>Browsing across subnets</A
></DT
><DD
><DL
><DT
->18.4.1. <A
-HREF="#AEN3074"
+>20.4.1. <A
+HREF="#AEN3117"
>How does cross subnet browsing work ?</A
></DT
></DL
></DD
><DT
->18.5. <A
-HREF="#AEN3109"
+>20.5. <A
+HREF="#AEN3152"
>Setting up a WINS server</A
></DT
><DT
->18.6. <A
-HREF="#AEN3128"
+>20.6. <A
+HREF="#AEN3171"
>Setting up Browsing in a WORKGROUP</A
></DT
><DT
->18.7. <A
-HREF="#AEN3146"
+>20.7. <A
+HREF="#AEN3189"
>Setting up Browsing in a DOMAIN</A
></DT
><DT
->18.8. <A
-HREF="#AEN3156"
+>20.8. <A
+HREF="#AEN3199"
>Forcing samba to be the master</A
></DT
><DT
->18.9. <A
-HREF="#AEN3165"
+>20.9. <A
+HREF="#AEN3208"
>Making samba the domain master</A
></DT
><DT
->18.10. <A
-HREF="#AEN3183"
+>20.10. <A
+HREF="#AEN3226"
>Note about broadcast addresses</A
></DT
><DT
->18.11. <A
-HREF="#AEN3186"
+>20.11. <A
+HREF="#AEN3229"
>Multiple interfaces</A
></DT
></DL
></DD
><DT
->19. <A
+>21. <A
HREF="#MSDFS"
>Hosting a Microsoft Distributed File System tree on Samba</A
></DT
><DD
><DL
><DT
->19.1. <A
-HREF="#AEN3200"
+>21.1. <A
+HREF="#AEN3243"
>Instructions</A
></DT
><DD
><DL
><DT
->19.1.1. <A
-HREF="#AEN3235"
+>21.1.1. <A
+HREF="#AEN3278"
>Notes</A
></DT
></DL
@@ -7663,56 +7652,56 @@ HREF="#AEN3235"
></DL
></DD
><DT
->20. <A
+>22. <A
HREF="#VFS"
>Stackable VFS modules</A
></DT
><DD
><DL
><DT
->20.1. <A
-HREF="#AEN3259"
+>22.1. <A
+HREF="#AEN3302"
>Introduction and configuration</A
></DT
><DT
->20.2. <A
-HREF="#AEN3268"
+>22.2. <A
+HREF="#AEN3311"
>Included modules</A
></DT
><DD
><DL
><DT
->20.2.1. <A
-HREF="#AEN3270"
+>22.2.1. <A
+HREF="#AEN3313"
>audit</A
></DT
><DT
->20.2.2. <A
-HREF="#AEN3278"
+>22.2.2. <A
+HREF="#AEN3321"
>recycle</A
></DT
><DT
->20.2.3. <A
-HREF="#AEN3315"
+>22.2.3. <A
+HREF="#AEN3358"
>netatalk</A
></DT
></DL
></DD
><DT
->20.3. <A
-HREF="#AEN3322"
+>22.3. <A
+HREF="#AEN3365"
>VFS modules available elsewhere</A
></DT
><DD
><DL
><DT
->20.3.1. <A
-HREF="#AEN3326"
+>22.3.1. <A
+HREF="#AEN3369"
>DatabaseFS</A
></DT
><DT
->20.3.2. <A
-HREF="#AEN3334"
+>22.3.2. <A
+HREF="#AEN3377"
>vscan</A
></DT
></DL
@@ -7720,59 +7709,59 @@ HREF="#AEN3334"
></DL
></DD
><DT
->21. <A
+>23. <A
HREF="#SECURING-SAMBA"
>Securing Samba</A
></DT
><DD
><DL
><DT
->21.1. <A
-HREF="#AEN3348"
+>23.1. <A
+HREF="#AEN3391"
>Introduction</A
></DT
><DT
->21.2. <A
-HREF="#AEN3351"
+>23.2. <A
+HREF="#AEN3394"
>Using host based protection</A
></DT
><DT
->21.3. <A
-HREF="#AEN3358"
+>23.3. <A
+HREF="#AEN3401"
>Using interface protection</A
></DT
><DT
->21.4. <A
-HREF="#AEN3367"
+>23.4. <A
+HREF="#AEN3410"
>Using a firewall</A
></DT
><DT
->21.5. <A
-HREF="#AEN3374"
+>23.5. <A
+HREF="#AEN3417"
>Using a IPC$ share deny</A
></DT
><DT
->21.6. <A
-HREF="#AEN3383"
+>23.6. <A
+HREF="#AEN3426"
>Upgrading Samba</A
></DT
></DL
></DD
><DT
->22. <A
+>24. <A
HREF="#UNICODE"
>Unicode/Charsets</A
></DT
><DD
><DL
><DT
->22.1. <A
-HREF="#AEN3397"
+>24.1. <A
+HREF="#AEN3440"
>What are charsets and unicode?</A
></DT
><DT
->22.2. <A
-HREF="#AEN3406"
+>24.2. <A
+HREF="#AEN3449"
>Samba and charsets</A
></DT
></DL
@@ -7786,149 +7775,29 @@ CLASS="CHAPTER"
><A
NAME="ADVANCEDNETWORKMANAGEMENT"
></A
->Chapter 10. System Policies</H1
+>Chapter 10. Advanced Network Manangement Information</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN1401"
->10.1. Basic System Policy Info</A
+NAME="AEN1388"
+>10.1. Remote Server Administration</A
></H2
><P
->Much of the information necessary to implement System Policies and
-Roaming User Profiles in a Samba domain is the same as that for
-implementing these same items in a Windows NT 4.0 domain.
-You should read the white paper <A
-HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp"
-TARGET="_top"
->Implementing
-Profiles and Policies in Windows NT 4.0</A
-> available from Microsoft.</P
-><P
->Here are some additional details:</P
-><P
-></P
-><UL
-><LI
-><P
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->What about Windows NT Policy Editor?</I
-></SPAN
->
- </P
-><P
-> To create or edit <TT
-CLASS="FILENAME"
->ntconfig.pol</TT
-> you must use
- the NT Server Policy Editor, <B
-CLASS="COMMAND"
->poledit.exe</B
-> which
- is included with NT Server but <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not NT Workstation</I
-></SPAN
->.
- There is a Policy Editor on a NTws
- but it is not suitable for creating <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Domain Policies</I
-></SPAN
->.
- Further, although the Windows 95
- Policy Editor can be installed on an NT Workstation/Server, it will not
- work with NT policies because the registry key that are set by the policy templates.
- However, the files from the NT Server will run happily enough on an NTws.
- You need <TT
-CLASS="FILENAME"
->poledit.exe, common.adm</TT
-> and <TT
-CLASS="FILENAME"
->winnt.adm</TT
->. It is convenient
- to put the two *.adm files in <TT
-CLASS="FILENAME"
->c:\winnt\inf</TT
-> which is where
- the binary will look for them unless told otherwise. Note also that that
- directory is 'hidden'.
- </P
-><P
-> The Windows NT policy editor is also included with the Service Pack 3 (and
- later) for Windows NT 4.0. Extract the files using <B
-CLASS="COMMAND"
->servicepackname /x</B
->,
- i.e. that's <B
-CLASS="COMMAND"
->Nt4sp6ai.exe /x</B
-> for service pack 6a. The policy editor,
- <B
-CLASS="COMMAND"
->poledit.exe</B
-> and the associated template files (*.adm) should
- be extracted as well. It is also possible to downloaded the policy template
- files for Office97 and get a copy of the policy editor. Another possible
- location is with the Zero Administration Kit available for download from Microsoft.
- </P
-></LI
-><LI
-><P
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Can Win95 do Policies?</I
-></SPAN
->
- </P
-><P
-> Install the group policy handler for Win9x to pick up group
- policies. Look on the Win98 CD in <TT
-CLASS="FILENAME"
->\tools\reskit\netadmin\poledit</TT
->.
- Install group policies on a Win9x client by double-clicking
- <TT
-CLASS="FILENAME"
->grouppol.inf</TT
->. Log off and on again a couple of
- times and see if Win98 picks up group policies. Unfortunately this needs
- to be done on every Win9x machine that uses group policies....
- </P
-><P
-> If group policies don't work one reports suggests getting the updated
- (read: working) grouppol.dll for Windows 9x. The group list is grabbed
- from /etc/group.
- </P
-></LI
-><LI
-><P
-> <SPAN
+><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>How do I get 'User Manager' and 'Server Manager'</I
></SPAN
->
- </P
+></P
><P
-> Since I don't need to buy an NT Server CD now, how do I get
- the 'User Manager for Domains', the 'Server Manager'?
- </P
+>Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains',
+the 'Server Manager'?</P
><P
-> Microsoft distributes a version of these tools called nexus for
- installation on Windows 95 systems. The tools set includes
- </P
+>Microsoft distributes a version of these tools called nexus for installation on Windows 95
+systems. The tools set includes:</P
><P
></P
><UL
@@ -7946,890 +7815,19 @@ CLASS="EMPHASIS"
></LI
></UL
><P
-> Click here to download the archived file <A
+>Click here to download the archived file <A
HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE"
TARGET="_top"
>ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A
->
- </P
+></P
><P
-> The Windows NT 4.0 version of the 'User Manager for
- Domains' and 'Server Manager' are available from Microsoft via ftp
- from <A
+>The Windows NT 4.0 version of the 'User Manager for
+Domains' and 'Server Manager' are available from Microsoft via ftp
+from <A
HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE"
TARGET="_top"
>ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A
->
- </P
-></LI
-></UL
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1445"
->10.1.1. Creating Group Prolicy Files</A
-></H3
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="AEN1447"
->10.1.1.1. Windows '9x</A
-></H4
-><P
->You need the Win98 Group Policy Editor to
-set Group Profiles up under Windows '9x. It can be found on the Original
-full product Win98 installation CD under
-<TT
-CLASS="FILENAME"
->tools/reskit/netadmin/poledit</TT
->. You install this
-using the Add/Remove Programs facility and then click on the 'Have Disk'
-tab.</P
-><P
->Use the Group Policy Editor to create a policy file that specifies the
-location of user profiles and/or the <TT
-CLASS="FILENAME"
->My Documents</TT
-> etc.
-stuff. You then save these settings in a file called
-<TT
-CLASS="FILENAME"
->Config.POL</TT
-> that needs to be placed in
-the root of the [NETLOGON] share. If your Win98 is configured to log onto
-the Samba Domain, it will automatically read this file and update the
-Win9x/Me registry of the machine that is logging on.</P
-><P
->All of this is covered in the Win98 Resource Kit documentation.</P
-><P
->If you do not do it this way, then every so often Win9x/Me will check the
-integrity of the registry and will restore it's settings from the back-up
-copy of the registry it stores on each Win9x/Me machine. Hence, you will
-occasionally notice things changing back to the original settings.</P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1456"
->10.2. Roaming Profiles</A
-></H2
-><DIV
-CLASS="WARNING"
-><P
-></P
-><TABLE
-CLASS="WARNING"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOTE!</I
-></SPAN
-> Roaming profiles support is different for Win9X and WinNT.</P
-></TD
-></TR
-></TABLE
-></DIV
-><P
->Before discussing how to configure roaming profiles, it is useful to see how
-Win9X and WinNT clients implement these features.</P
-><P
->Win9X clients send a NetUserGetInfo request to the server to get the user's
-profiles location. However, the response does not have room for a separate
-profiles location field, only the user's home share. This means that Win9X
-profiles are restricted to being in the user's home directory.</P
-><P
->WinNT clients send a NetSAMLogon RPC request, which contains many fields,
-including a separate field for the location of the user's profiles.
-This means that support for profiles is different for Win9X and WinNT.</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1464"
->10.2.1. Windows NT Configuration</A
-></H3
-><P
->To support WinNT clients, in the [global] section of smb.conf set the
-following (for example):</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE
-></P
-><P
->The default for this option is \\%N\%U\profile, namely
-\\sambaserver\username\profile. The \\N%\%U service is created
-automatically by the [homes] service.
-If you are using a samba server for the profiles, you _must_ make the
-share specified in the logon path browseable. </P
-><DIV
-CLASS="NOTE"
-><P
-></P
-><TABLE
-CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
->MS Windows NT/2K clients at times do not disconnect a connection to a server
-between logons. It is recommended to NOT use the <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->homes</I
-></SPAN
->
-meta-service name as part of the profile share path.</P
-></TD
-></TR
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1473"
->10.2.2. Windows 9X Configuration</A
-></H3
-><P
->To support Win9X clients, you must use the "logon home" parameter. Samba has
-now been fixed so that "net use /home" now works as well, and it, too, relies
-on the "logon home" parameter.</P
-><P
->By using the logon home parameter, you are restricted to putting Win9X
-profiles in the user's home directory. But wait! There is a trick you
-can use. If you set the following in the [global] section of your
-smb.conf file:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->logon home = \\%L\%U\.profiles</PRE
-></P
-><P
->then your Win9X clients will dutifully put their clients in a subdirectory
-of your home directory called .profiles (thus making them hidden).</P
-><P
->Not only that, but 'net use/home' will also work, because of a feature in
-Win9X. It removes any directory stuff off the end of the home directory area
-and only uses the server and share portion. That is, it looks like you
-specified \\%L\%U for "logon home".</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1481"
->10.2.3. Win9X and WinNT Configuration</A
-></H3
-><P
->You can support profiles for both Win9X and WinNT clients by setting both the
-"logon home" and "logon path" parameters. For example:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->logon home = \\%L\%U\.profiles
-logon path = \\%L\profiles\%U</PRE
-></P
-><DIV
-CLASS="NOTE"
-><P
-></P
-><TABLE
-CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
->I have not checked what 'net use /home' does on NT when "logon home" is
-set as above.</P
-></TD
-></TR
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1488"
->10.2.4. Windows 9X Profile Setup</A
-></H3
-><P
->When a user first logs in on Windows 9X, the file user.DAT is created,
-as are folders "Start Menu", "Desktop", "Programs" and "Nethood".
-These directories and their contents will be merged with the local
-versions stored in c:\windows\profiles\username on subsequent logins,
-taking the most recent from each. You will need to use the [global]
-options "preserve case = yes", "short preserve case = yes" and
-"case sensitive = no" in order to maintain capital letters in shortcuts
-in any of the profile folders.</P
-><P
->The user.DAT file contains all the user's preferences. If you wish to
-enforce a set of preferences, rename their user.DAT file to user.MAN,
-and deny them write access to this file.</P
-><P
></P
-><OL
-TYPE="1"
-><LI
-><P
-> On the Windows 95 machine, go to Control Panel | Passwords and
- select the User Profiles tab. Select the required level of
- roaming preferences. Press OK, but do _not_ allow the computer
- to reboot.
- </P
-></LI
-><LI
-><P
-> On the Windows 95 machine, go to Control Panel | Network |
- Client for Microsoft Networks | Preferences. Select 'Log on to
- NT Domain'. Then, ensure that the Primary Logon is 'Client for
- Microsoft Networks'. Press OK, and this time allow the computer
- to reboot.
- </P
-></LI
-></OL
-><P
->Under Windows 95, Profiles are downloaded from the Primary Logon.
-If you have the Primary Logon as 'Client for Novell Networks', then
-the profiles and logon script will be downloaded from your Novell
-Server. If you have the Primary Logon as 'Windows Logon', then the
-profiles will be loaded from the local machine - a bit against the
-concept of roaming profiles, if you ask me.</P
-><P
->You will now find that the Microsoft Networks Login box contains
-[user, password, domain] instead of just [user, password]. Type in
-the samba server's domain name (or any other domain known to exist,
-but bear in mind that the user will be authenticated against this
-domain and profiles downloaded from it, if that domain logon server
-supports it), user name and user's password.</P
-><P
->Once the user has been successfully validated, the Windows 95 machine
-will inform you that 'The user has not logged on before' and asks you
-if you wish to save the user's preferences? Select 'yes'.</P
-><P
->Once the Windows 95 client comes up with the desktop, you should be able
-to examine the contents of the directory specified in the "logon path"
-on the samba server and verify that the "Desktop", "Start Menu",
-"Programs" and "Nethood" folders have been created.</P
-><P
->These folders will be cached locally on the client, and updated when
-the user logs off (if you haven't made them read-only by then :-).
-You will find that if the user creates further folders or short-cuts,
-that the client will merge the profile contents downloaded with the
-contents of the profile directory already on the local client, taking
-the newest folders and short-cuts from each set.</P
-><P
->If you have made the folders / files read-only on the samba server,
-then you will get errors from the w95 machine on logon and logout, as
-it attempts to merge the local and the remote profile. Basically, if
-you have any errors reported by the w95 machine, check the Unix file
-permissions and ownership rights on the profile directory contents,
-on the samba server.</P
-><P
->If you have problems creating user profiles, you can reset the user's
-local desktop cache, as shown below. When this user then next logs in,
-they will be told that they are logging in "for the first time".</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
-> instead of logging in under the [user, password, domain] dialog,
- press escape.
- </P
-></LI
-><LI
-><P
-> run the regedit.exe program, and look in:
- </P
-><P
-> HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
- </P
-><P
-> you will find an entry, for each user, of ProfilePath. Note the
- contents of this key (likely to be c:\windows\profiles\username),
- then delete the key ProfilePath for the required user.
- </P
-><P
-> [Exit the registry editor].
- </P
-></LI
-><LI
-><P
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->WARNING</I
-></SPAN
-> - before deleting the contents of the
- directory listed in
- the ProfilePath (this is likely to be c:\windows\profiles\username),
- ask them if they have any important files stored on their desktop
- or in their start menu. delete the contents of the directory
- ProfilePath (making a backup if any of the files are needed).
- </P
-><P
-> This will have the effect of removing the local (read-only hidden
- system file) user.DAT in their profile directory, as well as the
- local "desktop", "nethood", "start menu" and "programs" folders.
- </P
-></LI
-><LI
-><P
-> search for the user's .PWL password-caching file in the c:\windows
- directory, and delete it.
- </P
-></LI
-><LI
-><P
-> log off the windows 95 client.
- </P
-></LI
-><LI
-><P
-> check the contents of the profile path (see "logon path" described
- above), and delete the user.DAT or user.MAN file for the user,
- making a backup if required.
- </P
-></LI
-></OL
-><P
->If all else fails, increase samba's debug log levels to between 3 and 10,
-and / or run a packet trace program such as tcpdump or netmon.exe, and
-look for any error reports.</P
-><P
->If you have access to an NT server, then first set up roaming profiles
-and / or netlogons on the NT server. Make a packet trace, or examine
-the example packet traces provided with NT server, and see what the
-differences are with the equivalent samba trace.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1524"
->10.2.5. Windows NT Workstation 4.0</A
-></H3
-><P
->When a user first logs in to a Windows NT Workstation, the profile
-NTuser.DAT is created. The profile location can be now specified
-through the "logon path" parameter. </P
-><P
->There is a parameter that is now available for use with NT Profiles:
-"logon drive". This should be set to "h:" or any other drive, and
-should be used in conjunction with the new "logon home" parameter.</P
-><P
->The entry for the NT 4.0 profile is a _directory_ not a file. The NT
-help on profiles mentions that a directory is also created with a .PDS
-extension. The user, while logging in, must have write permission to
-create the full profile path (and the folder with the .PDS extension
-for those situations where it might be created.)</P
-><P
->In the profile directory, NT creates more folders than 95. It creates
-"Application Data" and others, as well as "Desktop", "Nethood",
-"Start Menu" and "Programs". The profile itself is stored in a file
-NTuser.DAT. Nothing appears to be stored in the .PDS directory, and
-its purpose is currently unknown.</P
-><P
->You can use the System Control Panel to copy a local profile onto
-a samba server (see NT Help on profiles: it is also capable of firing
-up the correct location in the System Control Panel for you). The
-NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
-turns a profile into a mandatory one.</P
-><P
->The case of the profile is significant. The file must be called
-NTuser.DAT or, for a mandatory profile, NTuser.MAN.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1532"
->10.2.6. Windows NT/200x Server</A
-></H3
-><P
->There is nothing to stop you specifying any path that you like for the
-location of users' profiles. Therefore, you could specify that the
-profile be stored on a samba server, or any other SMB server, as long as
-that SMB server supports encrypted passwords.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1535"
->10.2.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A
-></H3
-><P
->Sharing of desktop profiles between Windows versions is NOT recommended.
-Desktop profiles are an evolving phenomenon and profiles for later versions
-of MS Windows clients add features that may interfere with earlier versions
-of MS Windows clients. Probably the more salient reason to NOT mix profiles
-is that when logging off an earlier version of MS Windows the older format
-of profile contents may overwrite information that belongs to the newer
-version resulting in loss of profile information content when that user logs
-on again with the newer version of MS Windows.</P
-><P
->If you then want to share the same Start Menu / Desktop with W9x/Me, you will
-need to specify a common location for the profiles. The smb.conf parameters
-that need to be common are <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->logon path</I
-></SPAN
-> and
-<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->logon home</I
-></SPAN
->.</P
-><P
->If you have this set up correctly, you will find separate user.DAT and
-NTuser.DAT files in the same profile directory.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1542"
->10.2.8. Windows NT 4</A
-></H3
-><P
->Unfortunately, the Resource Kit info is Win NT4 or 200x specific.</P
-><P
->Here is a quick guide:</P
-><P
-></P
-><UL
-><LI
-><P
->On your NT4 Domain Controller, right click on 'My Computer', then
-select the tab labelled 'User Profiles'.</P
-></LI
-><LI
-><P
->Select a user profile you want to migrate and click on it.</P
-><DIV
-CLASS="NOTE"
-><P
-></P
-><TABLE
-CLASS="NOTE"
-WIDTH="90%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
->I am using the term "migrate" lossely. You can copy a profile to
-create a group profile. You can give the user 'Everyone' rights to the
-profile you copy this to. That is what you need to do, since your samba
-domain is not a member of a trust relationship with your NT4 PDC.</P
-></TD
-></TR
-></TABLE
-></DIV
-></LI
-><LI
-><P
->Click the 'Copy To' button.</P
-></LI
-><LI
-><P
->In the box labelled 'Copy Profile to' add your new path, eg:
-<TT
-CLASS="FILENAME"
->c:\temp\foobar</TT
-></P
-></LI
-><LI
-><P
->Click on the button labelled 'Change' in the "Permitted to use" box.</P
-></LI
-><LI
-><P
->Click on the group 'Everyone' and then click OK. This closes the
-'chose user' box.</P
-></LI
-><LI
-><P
->Now click OK.</P
-></LI
-></UL
-><P
->Follow the above for every profile you need to migrate.</P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1565"
->10.2.8.1. Side bar Notes</A
-></H4
-><P
->You should obtain the SID of your NT4 domain. You can use smbpasswd to do
-this. Read the man page.</P
-><P
->With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
-using the net samsync method. This way you can retain your profile
-settings as well as all your users.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1569"
->10.2.8.2. Mandatory profiles</A
-></H4
-><P
->The above method can be used to create mandatory profiles also. To convert
-a group profile into a mandatory profile simply locate the NTUser.DAT file
-in the copied profile and rename it to NTUser.MAN.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1572"
->10.2.8.3. moveuser.exe</A
-></H4
-><P
->The W2K professional resource kit has moveuser.exe. moveuser.exe changes
-the security of a profile from one user to another. This allows the account
-domain to change, and/or the user name to change.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1575"
->10.2.8.4. Get SID</A
-></H4
-><P
->You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
-Resource Kit.</P
-><P
->Windows NT 4.0 stores the local profile information in the registry under
-the following key:
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P
-><P
->Under the ProfileList key, there will be subkeys named with the SIDs of the
-users who have logged on to this computer. (To find the profile information
-for the user whose locally cached profile you want to move, find the SID for
-the user with the GetSID.exe utility.) Inside of the appropriate user's
-subkey, you will see a string value named ProfileImagePath.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1580"
->10.2.9. Windows 2000/XP</A
-></H3
-><P
->You must first convert the profile from a local profile to a domain
-profile on the MS Windows workstation as follows:</P
-><P
-></P
-><UL
-><LI
-><P
->Log on as the LOCAL workstation administrator.</P
-></LI
-><LI
-><P
->Right click on the 'My Computer' Icon, select 'Properties'</P
-></LI
-><LI
-><P
->Click on the 'User Profiles' tab</P
-></LI
-><LI
-><P
->Select the profile you wish to convert (click on it once)</P
-></LI
-><LI
-><P
->Click on the button 'Copy To'</P
-></LI
-><LI
-><P
->In the "Permitted to use" box, click on the 'Change' button.</P
-></LI
-><LI
-><P
->Click on the 'Look in" area that lists the machine name, when you click
-here it will open up a selection box. Click on the domain to which the
-profile must be accessible.</P
-><DIV
-CLASS="NOTE"
-><P
-></P
-><TABLE
-CLASS="NOTE"
-WIDTH="90%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
->You will need to log on if a logon box opens up. Eg: In the connect
-as: MIDEARTH\root, password: mypassword.</P
-></TD
-></TR
-></TABLE
-></DIV
-></LI
-><LI
-><P
->To make the profile capable of being used by anyone select 'Everyone'</P
-></LI
-><LI
-><P
->Click OK. The Selection box will close.</P
-></LI
-><LI
-><P
->Now click on the 'Ok' button to create the profile in the path you
-nominated.</P
-></LI
-></UL
-><P
->Done. You now have a profile that can be editted using the samba-3.0.0
-profiles tool.</P
-><DIV
-CLASS="NOTE"
-><P
-></P
-><TABLE
-CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
->Under NT/2K the use of mandotory profiles forces the use of MS Exchange
-storage of mail data. That keeps desktop profiles usable.</P
-></TD
-></TR
-></TABLE
-></DIV
-><DIV
-CLASS="NOTE"
-><P
-></P
-><TABLE
-CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
-></P
-><UL
-><LI
-><P
->This is a security check new to Windows XP (or maybe only
-Windows XP service pack 1). It can be disabled via a group policy in
-Active Directory. The policy is:</P
-><P
->"Computer Configuration\Administrative Templates\System\User
-Profiles\Do not check for user ownership of Roaming Profile Folders"</P
-><P
->...and it should be set to "Enabled".
-Does the new version of samba have an Active Directory analogue? If so,
-then you may be able to set the policy through this.</P
-><P
->If you cannot set group policies in samba, then you may be able to set
-the policy locally on each machine. If you want to try this, then do
-the following (N.B. I don't know for sure that this will work in the
-same way as a domain group policy):</P
-></LI
-><LI
-><P
->On the XP workstation log in with an Administrator account.</P
-></LI
-><LI
-><P
->Click: "Start", "Run"</P
-></LI
-><LI
-><P
->Type: "mmc"</P
-></LI
-><LI
-><P
->Click: "OK"</P
-></LI
-><LI
-><P
->A Microsoft Management Console should appear.</P
-></LI
-><LI
-><P
->Click: File, "Add/Remove Snap-in...", "Add"</P
-></LI
-><LI
-><P
->Double-Click: "Group Policy"</P
-></LI
-><LI
-><P
->Click: "Finish", "Close"</P
-></LI
-><LI
-><P
->Click: "OK"</P
-></LI
-><LI
-><P
->In the "Console Root" window:</P
-></LI
-><LI
-><P
->Expand: "Local Computer Policy", "Computer Configuration",</P
-></LI
-><LI
-><P
->"Administrative Templates", "System", "User Profiles"</P
-></LI
-><LI
-><P
->Double-Click: "Do not check for user ownership of Roaming Profile</P
-></LI
-><LI
-><P
->Folders"</P
-></LI
-><LI
-><P
->Select: "Enabled"</P
-></LI
-><LI
-><P
->Click: OK"</P
-></LI
-><LI
-><P
->Close the whole console. You do not need to save the settings (this
-refers to the console settings rather than the policies you have
-changed).</P
-></LI
-><LI
-><P
->Reboot</P
-></LI
-></UL
-></TD
-></TR
-></TABLE
-></DIV
-></DIV
></DIV
></DIV
><DIV
@@ -8844,7 +7842,7 @@ CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN1663"
+NAME="AEN1416"
>11.1. Viewing and changing UNIX permissions using the NT
security dialogs</A
></H2
@@ -8862,7 +7860,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1667"
+NAME="AEN1420"
>11.2. How to view file security on a Samba share</A
></H2
><P
@@ -8931,7 +7929,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1678"
+NAME="AEN1431"
>11.3. Viewing file ownership</A
></H2
><P
@@ -9017,7 +8015,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1698"
+NAME="AEN1451"
>11.4. Viewing file or directory permissions</A
></H2
><P
@@ -9071,7 +8069,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1713"
+NAME="AEN1466"
>11.4.1. File Permissions</A
></H3
><P
@@ -9133,7 +8131,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1727"
+NAME="AEN1480"
>11.4.2. Directory Permissions</A
></H3
><P
@@ -9165,7 +8163,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1734"
+NAME="AEN1487"
>11.5. Modifying file or directory permissions</A
></H2
><P
@@ -9261,7 +8259,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1756"
+NAME="AEN1509"
>11.6. Interaction with the standard Samba create mask
parameters</A
></H2
@@ -9455,7 +8453,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1810"
+NAME="AEN1563"
>11.7. Interaction with the standard Samba file attribute
mapping</A
></H2
@@ -9612,7 +8610,7 @@ CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN1866"
+NAME="AEN1619"
>13.1. Samba and PAM</A
></H2
><P
@@ -9889,7 +8887,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1915"
+NAME="AEN1668"
>13.2. Distributed Authentication</A
></H2
><P
@@ -9915,7 +8913,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1920"
+NAME="AEN1673"
>13.3. PAM Configuration in smb.conf</A
></H2
><P
@@ -9963,7 +8961,7 @@ CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN1946"
+NAME="AEN1699"
>14.1. Introduction</A
></H2
><P
@@ -10046,7 +9044,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1968"
+NAME="AEN1721"
>14.2. Configuration</A
></H2
><DIV
@@ -10108,7 +9106,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1976"
+NAME="AEN1729"
>14.2.1. Creating [print$]</A
></H3
><P
@@ -10325,7 +9323,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2011"
+NAME="AEN1764"
>14.2.2. Setting Drivers for Existing Printers</A
></H3
><P
@@ -10397,7 +9395,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2027"
+NAME="AEN1780"
>14.2.3. Support a large number of printers</A
></H3
><P
@@ -10463,7 +9461,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2038"
+NAME="AEN1791"
>14.2.4. Adding New Printers via the Windows NT APW</A
></H3
><P
@@ -10618,7 +9616,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2068"
+NAME="AEN1821"
>14.2.5. Samba and Printer Ports</A
></H3
><P
@@ -10653,7 +9651,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2076"
+NAME="AEN1829"
>14.3. The Imprints Toolset</A
></H2
><P
@@ -10671,7 +9669,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2080"
+NAME="AEN1833"
>14.3.1. What is Imprints?</A
></H3
><P
@@ -10703,7 +9701,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2090"
+NAME="AEN1843"
>14.3.2. Creating Printer Driver Packages</A
></H3
><P
@@ -10719,7 +9717,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2093"
+NAME="AEN1846"
>14.3.3. The Imprints server</A
></H3
><P
@@ -10743,7 +9741,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2097"
+NAME="AEN1850"
>14.3.4. The Installation Client</A
></H3
><P
@@ -10837,7 +9835,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2119"
+NAME="AEN1872"
>14.4. Diagnosis</A
></H2
><DIV
@@ -10845,7 +9843,7 @@ CLASS="SECT2"
><H3
CLASS="SECT2"
><A
-NAME="AEN2121"
+NAME="AEN1874"
>14.4.1. Introduction</A
></H3
><P
@@ -10920,7 +9918,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2137"
+NAME="AEN1890"
>14.4.2. Debugging printer problems</A
></H3
><P
@@ -10977,7 +9975,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2146"
+NAME="AEN1899"
>14.4.3. What printers do I have?</A
></H3
><P
@@ -11006,7 +10004,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2154"
+NAME="AEN1907"
>14.4.4. Setting up printcap and print servers</A
></H3
><P
@@ -11090,7 +10088,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2182"
+NAME="AEN1935"
>14.4.5. Job sent, no output</A
></H3
><P
@@ -11135,7 +10133,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2193"
+NAME="AEN1946"
>14.4.6. Job sent, strange output</A
></H3
><P
@@ -11181,7 +10179,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2205"
+NAME="AEN1958"
>14.4.7. Raw PostScript printed</A
></H3
><P
@@ -11196,7 +10194,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2208"
+NAME="AEN1961"
>14.4.8. Advanced Printing</A
></H3
><P
@@ -11212,7 +10210,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2211"
+NAME="AEN1964"
>14.4.9. Real debugging</A
></H3
><P
@@ -11233,7 +10231,7 @@ CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN2231"
+NAME="AEN1984"
>15.1. Introduction</A
></H2
><P
@@ -11261,7 +10259,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2236"
+NAME="AEN1989"
>15.2. CUPS - RAW Print Through Mode</A
></H2
><P
@@ -11547,7 +10545,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2291"
+NAME="AEN2044"
>15.3. The CUPS Filter Chains</A
></H2
><P
@@ -11995,7 +10993,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2330"
+NAME="AEN2083"
>15.4. CUPS Print Drivers and Devices</A
></H2
><P
@@ -12025,7 +11023,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2337"
+NAME="AEN2090"
>15.4.1. Further printing steps</A
></H3
><P
@@ -12349,7 +11347,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2407"
+NAME="AEN2160"
>15.5. Limiting the number of pages users can print</A
></H2
><P
@@ -12872,7 +11870,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2496"
+NAME="AEN2249"
>15.6. Advanced Postscript Printing from MS Windows</A
></H2
><P
@@ -12963,7 +11961,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2511"
+NAME="AEN2264"
>15.7. Auto-Deletion of CUPS spool files</A
></H2
><P
@@ -13099,7 +12097,7 @@ CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN2573"
+NAME="AEN2326"
>16.1. Abstract</A
></H2
><P
@@ -13126,7 +12124,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2577"
+NAME="AEN2330"
>16.2. Introduction</A
></H2
><P
@@ -13180,7 +12178,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2590"
+NAME="AEN2343"
>16.3. What Winbind Provides</A
></H2
><P
@@ -13222,7 +12220,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2597"
+NAME="AEN2350"
>16.3.1. Target Uses</A
></H3
><P
@@ -13246,7 +12244,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2601"
+NAME="AEN2354"
>16.4. How Winbind Works</A
></H2
><P
@@ -13266,7 +12264,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2606"
+NAME="AEN2359"
>16.4.1. Microsoft Remote Procedure Calls</A
></H3
><P
@@ -13292,7 +12290,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2610"
+NAME="AEN2363"
>16.4.2. Microsoft Active Directory Services</A
></H3
><P
@@ -13311,7 +12309,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2613"
+NAME="AEN2366"
>16.4.3. Name Service Switch</A
></H3
><P
@@ -13391,7 +12389,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2629"
+NAME="AEN2382"
>16.4.4. Pluggable Authentication Modules</A
></H3
><P
@@ -13440,7 +12438,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2637"
+NAME="AEN2390"
>16.4.5. User and Group ID Allocation</A
></H3
><P
@@ -13466,7 +12464,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2641"
+NAME="AEN2394"
>16.4.6. Result Caching</A
></H3
><P
@@ -13489,7 +12487,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2644"
+NAME="AEN2397"
>16.5. Installation and Configuration</A
></H2
><P
@@ -13508,7 +12506,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2649"
+NAME="AEN2402"
>16.5.1. Introduction</A
></H3
><P
@@ -13567,7 +12565,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2662"
+NAME="AEN2415"
>16.5.2. Requirements</A
></H3
><P
@@ -13637,7 +12635,7 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2676"
+NAME="AEN2429"
>16.5.3. Testing Things Out</A
></H3
><P
@@ -13682,7 +12680,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2687"
+NAME="AEN2440"
>16.5.3.1. Configure and compile SAMBA</A
></H4
><P
@@ -13748,7 +12746,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2706"
+NAME="AEN2459"
>16.5.3.2. Configure <TT
CLASS="FILENAME"
>nsswitch.conf</TT
@@ -13853,7 +12851,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2739"
+NAME="AEN2492"
>16.5.3.3. Configure smb.conf</A
></H4
><P
@@ -13928,7 +12926,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2755"
+NAME="AEN2508"
>16.5.3.4. Join the SAMBA server to the PDC domain</A
></H4
><P
@@ -13966,7 +12964,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2766"
+NAME="AEN2519"
>16.5.3.5. Start up the winbindd daemon and test it!</A
></H4
><P
@@ -14102,7 +13100,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2806"
+NAME="AEN2559"
>16.5.3.6. Fix the init.d startup scripts</A
></H4
><DIV
@@ -14110,7 +13108,7 @@ CLASS="SECT4"
><H5
CLASS="SECT4"
><A
-NAME="AEN2808"
+NAME="AEN2561"
>16.5.3.6.1. Linux</A
></H5
><P
@@ -14220,7 +13218,7 @@ CLASS="SECT4"
><HR><H5
CLASS="SECT4"
><A
-NAME="AEN2828"
+NAME="AEN2581"
>16.5.3.6.2. Solaris</A
></H5
><P
@@ -14304,7 +13302,7 @@ CLASS="SECT4"
><HR><H5
CLASS="SECT4"
><A
-NAME="AEN2838"
+NAME="AEN2591"
>16.5.3.6.3. Restarting</A
></H5
><P
@@ -14328,7 +13326,7 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2844"
+NAME="AEN2597"
>16.5.3.7. Configure Winbind and PAM</A
></H4
><P
@@ -14386,7 +13384,7 @@ CLASS="SECT4"
><HR><H5
CLASS="SECT4"
><A
-NAME="AEN2861"
+NAME="AEN2614"
>16.5.3.7.1. Linux/FreeBSD-specific PAM configuration</A
></H5
><P
@@ -14515,7 +13513,7 @@ CLASS="SECT4"
><HR><H5
CLASS="SECT4"
><A
-NAME="AEN2894"
+NAME="AEN2647"
>16.5.3.7.2. Solaris-specific configuration</A
></H5
><P
@@ -14602,7 +13600,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2901"
+NAME="AEN2654"
>16.6. Limitations</A
></H2
><P
@@ -14644,7 +13642,7 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2911"
+NAME="AEN2664"
>16.7. Conclusion</A
></H2
><P
@@ -14660,9 +13658,1182 @@ NAME="AEN2911"
CLASS="CHAPTER"
><HR><H1
><A
+NAME="POLICYMGMT"
+></A
+>Chapter 17. Policy Management - Hows and Whys</H1
+><DIV
+CLASS="SECT1"
+><H2
+CLASS="SECT1"
+><A
+NAME="AEN2678"
+>17.1. System Policies</A
+></H2
+><P
+>Under MS Windows platforms, particularly those following the release of MS Windows
+NT4 and MS Windows 95) it is possible to create a type of file that would be placed
+in the NETLOGON share of a domain controller. As the client logs onto the network
+this file is read and the contents initiate changes to the registry of the client
+machine. This file allows changes to be made to those parts of the registry that
+affect users, groups of users, or machines.</P
+><P
+>For MS Windows 9x/Me this file must be called <TT
+CLASS="FILENAME"
+>Config.POL</TT
+> and may
+be generated using a tool called <TT
+CLASS="FILENAME"
+>poledit.exe</TT
+>, better known as the
+Policy Editor. The policy editor was provided on the Windows 98 installation CD, but
+dissappeared again with the introduction of MS Windows Me (Millenium Edition). From
+comments from MS Windows network administrators it would appear that this tool became
+a part of the MS Windows Me Resource Kit.</P
+><P
+>MS Windows NT4 Server products include the <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>System Policy Editor</I
+></SPAN
+>
+under the <TT
+CLASS="FILENAME"
+>Start-&#62;Programs-&#62;Administrative Tools</TT
+> menu item.
+For MS Windows NT4 and later clients this file must be called <TT
+CLASS="FILENAME"
+>NTConfig.POL</TT
+>.</P
+><P
+>New with the introduction of MS Windows 2000 was the Microsoft Management Console
+or MMC. This tool is the new wave in the ever changing landscape of Microsoft
+methods for management of network access and security. Every new Microsoft product
+or technology seems to obsolete the old rules and to introduce newer and more
+complex tools and methods. To Microsoft's credit though, the MMC does appear to
+be a step forward, but improved functionality comes at a great price.</P
+><P
+>Before embarking on the configuration of network and system policies it is highly
+advisable to read the documentation available from Microsoft's web site from
+<A
+HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp"
+TARGET="_top"
+>Implementing Profiles and Policies in Windows NT 4.0</A
+> available from Microsoft.
+There are a large number of documents in addition to this old one that should also
+be read and understood. Try searching on the Microsoft web site for "Group Policies".</P
+><P
+>What follows is a very discussion with some helpful notes. The information provided
+here is incomplete - you are warned.</P
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2692"
+>17.1.1. Creating and Managing Windows 9x/Me Policies</A
+></H3
+><P
+>You need the Win98 Group Policy Editor to set Group Profiles up under Windows 9x/Me.
+It can be found on the Original full product Win98 installation CD under
+<TT
+CLASS="FILENAME"
+>tools/reskit/netadmin/poledit</TT
+>. You install this using the
+Add/Remove Programs facility and then click on the 'Have Disk' tab.</P
+><P
+>Use the Group Policy Editor to create a policy file that specifies the location of
+user profiles and/or the <TT
+CLASS="FILENAME"
+>My Documents</TT
+> etc. stuff. You then
+save these settings in a file called <TT
+CLASS="FILENAME"
+>Config.POL</TT
+> that needs to
+be placed in the root of the [NETLOGON] share. If your Win98 is configured to log onto
+the Samba Domain, it will automatically read this file and update the Win9x/Me registry
+of the machine that is logging on.</P
+><P
+>Further details are covered in the Win98 Resource Kit documentation.</P
+><P
+>If you do not do it this way, then every so often Win9x/Me will check the
+integrity of the registry and will restore it's settings from the back-up
+copy of the registry it stores on each Win9x/Me machine. Hence, you will
+occasionally notice things changing back to the original settings.</P
+><P
+>Install the group policy handler for Win9x to pick up group policies. Look on the
+Win98 CD in <TT
+CLASS="FILENAME"
+>\tools\reskit\netadmin\poledit</TT
+>.
+Install group policies on a Win9x client by double-clicking
+<TT
+CLASS="FILENAME"
+>grouppol.inf</TT
+>. Log off and on again a couple of times and see
+if Win98 picks up group policies. Unfortunately this needs to be done on every
+Win9x/Me machine that uses group policies.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2704"
+>17.1.2. Creating and Managing Windows NT4 Style Policy Files</A
+></H3
+><P
+>To create or edit <TT
+CLASS="FILENAME"
+>ntconfig.pol</TT
+> you must use the NT Server
+Policy Editor, <B
+CLASS="COMMAND"
+>poledit.exe</B
+> which is included with NT4 Server
+but <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>not NT Workstation</I
+></SPAN
+>. There is a Policy Editor on a NT4
+Workstation but it is not suitable for creating <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Domain Policies</I
+></SPAN
+>.
+Further, although the Windows 95 Policy Editor can be installed on an NT4
+Workstation/Server, it will not work with NT clients. However, the files from
+the NT Server will run happily enough on an NT4 Workstation.</P
+><P
+>You need <TT
+CLASS="FILENAME"
+>poledit.exe, common.adm</TT
+> and <TT
+CLASS="FILENAME"
+>winnt.adm</TT
+>.
+It is convenient to put the two *.adm files in the <TT
+CLASS="FILENAME"
+>c:\winnt\inf</TT
+>
+directory which is where the binary will look for them unless told otherwise. Note also that that
+directory is normally 'hidden'.</P
+><P
+>The Windows NT policy editor is also included with the Service Pack 3 (and
+later) for Windows NT 4.0. Extract the files using <B
+CLASS="COMMAND"
+>servicepackname /x</B
+>,
+i.e. that's <B
+CLASS="COMMAND"
+>Nt4sp6ai.exe /x</B
+> for service pack 6a. The policy editor,
+<B
+CLASS="COMMAND"
+>poledit.exe</B
+> and the associated template files (*.adm) should
+be extracted as well. It is also possible to downloaded the policy template
+files for Office97 and get a copy of the policy editor. Another possible
+location is with the Zero Administration Kit available for download from Microsoft.</P
+><DIV
+CLASS="SECT3"
+><HR><H4
+CLASS="SECT3"
+><A
+NAME="AEN2719"
+>17.1.2.1. Registry Tattoos</A
+></H4
+><P
+>With NT4 style registry based policy changes, a large number of settings are not
+automatically reversed as the user logs off. Since the settings that were in the
+NTConfig.POL file were applied to the client machine registry and that apply to the
+hive key HKEY_LOCAL_MACHINE are permanent until explicitly reveresd. This is known
+as tattooing. It can have serious consequences down-stream and the administrator must
+be extreemly careful not to lock out the ability to manage the machine at a later date.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2722"
+>17.1.3. Creating and Managing MS Windows 200x Policies</A
+></H3
+><P
+>Windows NT4 System policies allows setting of registry parameters specific to
+users, groups and computers (client workstations) that are members of the NT4
+style domain. Such policy file will work with MS Windows 2000 / XP clients also.</P
+><P
+>New to MS Windows 2000 Microsoft introduced a new style of group policy that confers
+a superset of capabilities compared with NT4 style policies. Obviously, the tool used
+to create them is different, and the mechanism for implementing them is much changed.</P
+><P
+>The older NT4 style registry based policies are known as <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Administrative Templates</I
+></SPAN
+>
+in MS Windows 2000/XP Group Policy Objects (GPOs). The later includes ability to set various security
+configurations, enforce Internet Explorer browser settings, change and redirect aspects of the
+users' desktop (including: the location of <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>My Documents</I
+></SPAN
+> files (directory), as
+well as intrinsics of where menu items will appear in the Start menu). An additional new
+feature is the ability to make available particular software Windows applications to particular
+users and/or groups.</P
+><P
+>Remember: NT4 policy files are named <TT
+CLASS="FILENAME"
+>NTConfig.POL</TT
+> and are stored in the root
+of the NETLOGON share on the domain controllers. A Windows NT4 user enters a username, a password
+and selects the domain name to which the logon will attempt to take place. During the logon
+process the client machine reads the NTConfig.POL file from the NETLOGON share on the authenticating
+server, modifies the local registry values according to the settings in this file.</P
+><P
+>Windows 2K GPOs are very feature rich. They are NOT stored in the NETLOGON share, rather part of
+a Windows 200x policy file is stored in the Active Directory itself and the other part is stored
+in a shared (and replicated) volume called the SYSVOL folder. This folder is present on all Active
+Directory domain controllers. The part that is stored in the Active Directory itself is called the
+group policy container (GPC), and the part that is stored in the replicated share called SYSVOL is
+known as the group policy template (GPT).</P
+><P
+>With NT4 clients the policy file is read and executed upon only aas each user log onto the network.
+MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine
+startup (machine specific part) and when the user logs onto the network the user specific part
+is applied. In MS Windows 200x style policy management each machine and/or user may be subject
+to any number of concurently applicable (and applied) policy sets (GPOs). Active Directory allows
+the administrator to also set filters over the policy settings. No such equivalent capability
+exists with NT4 style policy files.</P
+><DIV
+CLASS="SECT3"
+><HR><H4
+CLASS="SECT3"
+><A
+NAME="AEN2733"
+>17.1.3.1. Administration of Win2K Policies</A
+></H4
+><P
+>Instead of using the tool called "The System Policy Editor", commonly called Poledit (from the
+executable name poledit.exe), GPOs are created and managed using a Microsoft Management Console
+(MMC) snap-in as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+> Go to the Windows 200x / XP menu <TT
+CLASS="FILENAME"
+>Start-&#62;Programs-&#62;Adminsitrative Tools</TT
+>
+ and select the MMC snap-in called "Active Directory Users and Computers"
+ </P
+><P
+> </P
+></LI
+><LI
+><P
+> Select the domain or organizational unit (OU) that you wish to manage, then right click
+ to open the context menu for that object, select the properties item.
+ </P
+></LI
+><LI
+><P
+> Now left click on the Group Policy tab, then left click on the New tab. Type a name
+ for the new policy you will create.
+ </P
+></LI
+><LI
+><P
+> Now left click on the Edit tab to commence the steps needed to create the GPO.
+ </P
+></LI
+></UL
+><P
+>All policy configuration options are controlled through the use of policy administrative
+templates. These files have a .adm extension, both in NT4 as well as in Windows 200x / XP.
+Beware however, since the .adm files are NOT interchangible across NT4 and Windows 200x.
+The later introduces many new features as well as extended definition capabilities. It is
+well beyond the scope of this documentation to explain how to program .adm files, for that
+the adminsitrator is referred to the Microsoft Windows Resource Kit for your particular
+version of MS Windows.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>The MS Windows 2000 Resource Kit contains a tool called gpolmig.exe. This tool can be used
+to migrate an NT4 NTConfig.POL file into a Windows 200x style GPO. Be VERY careful how you
+use this powerful tool. Please refer to the resource kit manuals for specific usage information.</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="PROFILEMGMT"
+></A
+>Chapter 18. Profile Management</H1
+><DIV
+CLASS="SECT1"
+><H2
+CLASS="SECT1"
+><A
+NAME="AEN2761"
+>18.1. Roaming Profiles</A
+></H2
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>NOTE!</I
+></SPAN
+> Roaming profiles support is different for Win9X and WinNT.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Before discussing how to configure roaming profiles, it is useful to see how
+Win9X and WinNT clients implement these features.</P
+><P
+>Win9X clients send a NetUserGetInfo request to the server to get the user's
+profiles location. However, the response does not have room for a separate
+profiles location field, only the user's home share. This means that Win9X
+profiles are restricted to being in the user's home directory.</P
+><P
+>WinNT clients send a NetSAMLogon RPC request, which contains many fields,
+including a separate field for the location of the user's profiles.
+This means that support for profiles is different for Win9X and WinNT.</P
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2769"
+>18.1.1. Windows NT Configuration</A
+></H3
+><P
+>To support WinNT clients, in the [global] section of smb.conf set the
+following (for example):</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE
+></P
+><P
+>The default for this option is \\%N\%U\profile, namely
+\\sambaserver\username\profile. The \\N%\%U service is created
+automatically by the [homes] service.
+If you are using a samba server for the profiles, you _must_ make the
+share specified in the logon path browseable.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>MS Windows NT/2K clients at times do not disconnect a connection to a server
+between logons. It is recommended to NOT use the <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>homes</I
+></SPAN
+>
+meta-service name as part of the profile share path.</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2778"
+>18.1.2. Windows 9X Configuration</A
+></H3
+><P
+>To support Win9X clients, you must use the "logon home" parameter. Samba has
+now been fixed so that "net use /home" now works as well, and it, too, relies
+on the "logon home" parameter.</P
+><P
+>By using the logon home parameter, you are restricted to putting Win9X
+profiles in the user's home directory. But wait! There is a trick you
+can use. If you set the following in the [global] section of your
+smb.conf file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles</PRE
+></P
+><P
+>then your Win9X clients will dutifully put their clients in a subdirectory
+of your home directory called .profiles (thus making them hidden).</P
+><P
+>Not only that, but 'net use/home' will also work, because of a feature in
+Win9X. It removes any directory stuff off the end of the home directory area
+and only uses the server and share portion. That is, it looks like you
+specified \\%L\%U for "logon home".</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2786"
+>18.1.3. Win9X and WinNT Configuration</A
+></H3
+><P
+>You can support profiles for both Win9X and WinNT clients by setting both the
+"logon home" and "logon path" parameters. For example:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U</PRE
+></P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>I have not checked what 'net use /home' does on NT when "logon home" is
+set as above.</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2793"
+>18.1.4. Windows 9X Profile Setup</A
+></H3
+><P
+>When a user first logs in on Windows 9X, the file user.DAT is created,
+as are folders "Start Menu", "Desktop", "Programs" and "Nethood".
+These directories and their contents will be merged with the local
+versions stored in c:\windows\profiles\username on subsequent logins,
+taking the most recent from each. You will need to use the [global]
+options "preserve case = yes", "short preserve case = yes" and
+"case sensitive = no" in order to maintain capital letters in shortcuts
+in any of the profile folders.</P
+><P
+>The user.DAT file contains all the user's preferences. If you wish to
+enforce a set of preferences, rename their user.DAT file to user.MAN,
+and deny them write access to this file.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+> On the Windows 95 machine, go to Control Panel | Passwords and
+ select the User Profiles tab. Select the required level of
+ roaming preferences. Press OK, but do _not_ allow the computer
+ to reboot.
+ </P
+></LI
+><LI
+><P
+> On the Windows 95 machine, go to Control Panel | Network |
+ Client for Microsoft Networks | Preferences. Select 'Log on to
+ NT Domain'. Then, ensure that the Primary Logon is 'Client for
+ Microsoft Networks'. Press OK, and this time allow the computer
+ to reboot.
+ </P
+></LI
+></OL
+><P
+>Under Windows 95, Profiles are downloaded from the Primary Logon.
+If you have the Primary Logon as 'Client for Novell Networks', then
+the profiles and logon script will be downloaded from your Novell
+Server. If you have the Primary Logon as 'Windows Logon', then the
+profiles will be loaded from the local machine - a bit against the
+concept of roaming profiles, if you ask me.</P
+><P
+>You will now find that the Microsoft Networks Login box contains
+[user, password, domain] instead of just [user, password]. Type in
+the samba server's domain name (or any other domain known to exist,
+but bear in mind that the user will be authenticated against this
+domain and profiles downloaded from it, if that domain logon server
+supports it), user name and user's password.</P
+><P
+>Once the user has been successfully validated, the Windows 95 machine
+will inform you that 'The user has not logged on before' and asks you
+if you wish to save the user's preferences? Select 'yes'.</P
+><P
+>Once the Windows 95 client comes up with the desktop, you should be able
+to examine the contents of the directory specified in the "logon path"
+on the samba server and verify that the "Desktop", "Start Menu",
+"Programs" and "Nethood" folders have been created.</P
+><P
+>These folders will be cached locally on the client, and updated when
+the user logs off (if you haven't made them read-only by then :-).
+You will find that if the user creates further folders or short-cuts,
+that the client will merge the profile contents downloaded with the
+contents of the profile directory already on the local client, taking
+the newest folders and short-cuts from each set.</P
+><P
+>If you have made the folders / files read-only on the samba server,
+then you will get errors from the w95 machine on logon and logout, as
+it attempts to merge the local and the remote profile. Basically, if
+you have any errors reported by the w95 machine, check the Unix file
+permissions and ownership rights on the profile directory contents,
+on the samba server.</P
+><P
+>If you have problems creating user profiles, you can reset the user's
+local desktop cache, as shown below. When this user then next logs in,
+they will be told that they are logging in "for the first time".</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+> instead of logging in under the [user, password, domain] dialog,
+ press escape.
+ </P
+></LI
+><LI
+><P
+> run the regedit.exe program, and look in:
+ </P
+><P
+> HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
+ </P
+><P
+> you will find an entry, for each user, of ProfilePath. Note the
+ contents of this key (likely to be c:\windows\profiles\username),
+ then delete the key ProfilePath for the required user.
+ </P
+><P
+> [Exit the registry editor].
+ </P
+></LI
+><LI
+><P
+> <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>WARNING</I
+></SPAN
+> - before deleting the contents of the
+ directory listed in
+ the ProfilePath (this is likely to be c:\windows\profiles\username),
+ ask them if they have any important files stored on their desktop
+ or in their start menu. delete the contents of the directory
+ ProfilePath (making a backup if any of the files are needed).
+ </P
+><P
+> This will have the effect of removing the local (read-only hidden
+ system file) user.DAT in their profile directory, as well as the
+ local "desktop", "nethood", "start menu" and "programs" folders.
+ </P
+></LI
+><LI
+><P
+> search for the user's .PWL password-caching file in the c:\windows
+ directory, and delete it.
+ </P
+></LI
+><LI
+><P
+> log off the windows 95 client.
+ </P
+></LI
+><LI
+><P
+> check the contents of the profile path (see "logon path" described
+ above), and delete the user.DAT or user.MAN file for the user,
+ making a backup if required.
+ </P
+></LI
+></OL
+><P
+>If all else fails, increase samba's debug log levels to between 3 and 10,
+and / or run a packet trace program such as tcpdump or netmon.exe, and
+look for any error reports.</P
+><P
+>If you have access to an NT server, then first set up roaming profiles
+and / or netlogons on the NT server. Make a packet trace, or examine
+the example packet traces provided with NT server, and see what the
+differences are with the equivalent samba trace.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2829"
+>18.1.5. Windows NT Workstation 4.0</A
+></H3
+><P
+>When a user first logs in to a Windows NT Workstation, the profile
+NTuser.DAT is created. The profile location can be now specified
+through the "logon path" parameter.</P
+><P
+>There is a parameter that is now available for use with NT Profiles:
+"logon drive". This should be set to "h:" or any other drive, and
+should be used in conjunction with the new "logon home" parameter.</P
+><P
+>The entry for the NT 4.0 profile is a _directory_ not a file. The NT
+help on profiles mentions that a directory is also created with a .PDS
+extension. The user, while logging in, must have write permission to
+create the full profile path (and the folder with the .PDS extension
+for those situations where it might be created.)</P
+><P
+>In the profile directory, NT creates more folders than 95. It creates
+"Application Data" and others, as well as "Desktop", "Nethood",
+"Start Menu" and "Programs". The profile itself is stored in a file
+NTuser.DAT. Nothing appears to be stored in the .PDS directory, and
+its purpose is currently unknown.</P
+><P
+>You can use the System Control Panel to copy a local profile onto
+a samba server (see NT Help on profiles: it is also capable of firing
+up the correct location in the System Control Panel for you). The
+NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
+turns a profile into a mandatory one.</P
+><P
+>The case of the profile is significant. The file must be called
+NTuser.DAT or, for a mandatory profile, NTuser.MAN.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2837"
+>18.1.6. Windows NT/200x Server</A
+></H3
+><P
+>There is nothing to stop you specifying any path that you like for the
+location of users' profiles. Therefore, you could specify that the
+profile be stored on a samba server, or any other SMB server, as long as
+that SMB server supports encrypted passwords.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2840"
+>18.1.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A
+></H3
+><P
+>Sharing of desktop profiles between Windows versions is NOT recommended.
+Desktop profiles are an evolving phenomenon and profiles for later versions
+of MS Windows clients add features that may interfere with earlier versions
+of MS Windows clients. Probably the more salient reason to NOT mix profiles
+is that when logging off an earlier version of MS Windows the older format
+of profile contents may overwrite information that belongs to the newer
+version resulting in loss of profile information content when that user logs
+on again with the newer version of MS Windows.</P
+><P
+>If you then want to share the same Start Menu / Desktop with W9x/Me, you will
+need to specify a common location for the profiles. The smb.conf parameters
+that need to be common are <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>logon path</I
+></SPAN
+> and
+<SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>logon home</I
+></SPAN
+>.</P
+><P
+>If you have this set up correctly, you will find separate user.DAT and
+NTuser.DAT files in the same profile directory.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2847"
+>18.1.8. Windows NT 4</A
+></H3
+><P
+>Unfortunately, the Resource Kit info is Win NT4 or 200x specific.</P
+><P
+>Here is a quick guide:</P
+><P
+></P
+><UL
+><LI
+><P
+>On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.</P
+></LI
+><LI
+><P
+>Select a user profile you want to migrate and click on it.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>I am using the term "migrate" lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+>Click the 'Copy To' button.</P
+></LI
+><LI
+><P
+>In the box labelled 'Copy Profile to' add your new path, eg:
+<TT
+CLASS="FILENAME"
+>c:\temp\foobar</TT
+></P
+></LI
+><LI
+><P
+>Click on the button labelled 'Change' in the "Permitted to use" box.</P
+></LI
+><LI
+><P
+>Click on the group 'Everyone' and then click OK. This closes the
+'chose user' box.</P
+></LI
+><LI
+><P
+>Now click OK.</P
+></LI
+></UL
+><P
+>Follow the above for every profile you need to migrate.</P
+><DIV
+CLASS="SECT3"
+><HR><H4
+CLASS="SECT3"
+><A
+NAME="AEN2870"
+>18.1.8.1. Side bar Notes</A
+></H4
+><P
+>You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.</P
+><P
+>With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H4
+CLASS="SECT3"
+><A
+NAME="AEN2874"
+>18.1.8.2. Mandatory profiles</A
+></H4
+><P
+>The above method can be used to create mandatory profiles also. To convert
+a group profile into a mandatory profile simply locate the NTUser.DAT file
+in the copied profile and rename it to NTUser.MAN.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H4
+CLASS="SECT3"
+><A
+NAME="AEN2877"
+>18.1.8.3. moveuser.exe</A
+></H4
+><P
+>The W2K professional resource kit has moveuser.exe. moveuser.exe changes
+the security of a profile from one user to another. This allows the account
+domain to change, and/or the user name to change.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H4
+CLASS="SECT3"
+><A
+NAME="AEN2880"
+>18.1.8.4. Get SID</A
+></H4
+><P
+>You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.</P
+><P
+>Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P
+><P
+>Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2885"
+>18.1.9. Windows 2000/XP</A
+></H3
+><P
+>You must first convert the profile from a local profile to a domain
+profile on the MS Windows workstation as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>Log on as the LOCAL workstation administrator.</P
+></LI
+><LI
+><P
+>Right click on the 'My Computer' Icon, select 'Properties'</P
+></LI
+><LI
+><P
+>Click on the 'User Profiles' tab</P
+></LI
+><LI
+><P
+>Select the profile you wish to convert (click on it once)</P
+></LI
+><LI
+><P
+>Click on the button 'Copy To'</P
+></LI
+><LI
+><P
+>In the "Permitted to use" box, click on the 'Change' button.</P
+></LI
+><LI
+><P
+>Click on the 'Look in" area that lists the machine name, when you click
+here it will open up a selection box. Click on the domain to which the
+profile must be accessible.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>You will need to log on if a logon box opens up. Eg: In the connect
+as: MIDEARTH\root, password: mypassword.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+>To make the profile capable of being used by anyone select 'Everyone'</P
+></LI
+><LI
+><P
+>Click OK. The Selection box will close.</P
+></LI
+><LI
+><P
+>Now click on the 'Ok' button to create the profile in the path you
+nominated.</P
+></LI
+></UL
+><P
+>Done. You now have a profile that can be editted using the samba-3.0.0
+profiles tool.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>Under NT/2K the use of mandotory profiles forces the use of MS Exchange
+storage of mail data. That keeps desktop profiles usable.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+></P
+><UL
+><LI
+><P
+>This is a security check new to Windows XP (or maybe only
+Windows XP service pack 1). It can be disabled via a group policy in
+Active Directory. The policy is:</P
+><P
+>"Computer Configuration\Administrative Templates\System\User
+Profiles\Do not check for user ownership of Roaming Profile Folders"</P
+><P
+>...and it should be set to "Enabled".
+Does the new version of samba have an Active Directory analogue? If so,
+then you may be able to set the policy through this.</P
+><P
+>If you cannot set group policies in samba, then you may be able to set
+the policy locally on each machine. If you want to try this, then do
+the following (N.B. I don't know for sure that this will work in the
+same way as a domain group policy):</P
+></LI
+><LI
+><P
+>On the XP workstation log in with an Administrator account.</P
+></LI
+><LI
+><P
+>Click: "Start", "Run"</P
+></LI
+><LI
+><P
+>Type: "mmc"</P
+></LI
+><LI
+><P
+>Click: "OK"</P
+></LI
+><LI
+><P
+>A Microsoft Management Console should appear.</P
+></LI
+><LI
+><P
+>Click: File, "Add/Remove Snap-in...", "Add"</P
+></LI
+><LI
+><P
+>Double-Click: "Group Policy"</P
+></LI
+><LI
+><P
+>Click: "Finish", "Close"</P
+></LI
+><LI
+><P
+>Click: "OK"</P
+></LI
+><LI
+><P
+>In the "Console Root" window:</P
+></LI
+><LI
+><P
+>Expand: "Local Computer Policy", "Computer Configuration",</P
+></LI
+><LI
+><P
+>"Administrative Templates", "System", "User Profiles"</P
+></LI
+><LI
+><P
+>Double-Click: "Do not check for user ownership of Roaming Profile</P
+></LI
+><LI
+><P
+>Folders"</P
+></LI
+><LI
+><P
+>Select: "Enabled"</P
+></LI
+><LI
+><P
+>Click: OK"</P
+></LI
+><LI
+><P
+>Close the whole console. You do not need to save the settings (this
+refers to the console settings rather than the policies you have
+changed).</P
+></LI
+><LI
+><P
+>Reboot</P
+></LI
+></UL
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
NAME="INTEGRATE-MS-NETWORKS"
></A
->Chapter 17. Integrating MS Windows networks with Samba</H1
+>Chapter 19. Integrating MS Windows networks with Samba</H1
><P
>This section deals with NetBIOS over TCP/IP name to IP address resolution. If you
your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this
@@ -14743,8 +14914,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2932"
->17.1. Name Resolution in a pure Unix/Linux world</A
+NAME="AEN2975"
+>19.1. Name Resolution in a pure Unix/Linux world</A
></H2
><P
>The key configuration files covered in this section are:</P
@@ -14785,8 +14956,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2948"
->17.1.1. <TT
+NAME="AEN2991"
+>19.1.1. <TT
CLASS="FILENAME"
>/etc/hosts</TT
></A
@@ -14866,8 +15037,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2964"
->17.1.2. <TT
+NAME="AEN3007"
+>19.1.2. <TT
CLASS="FILENAME"
>/etc/resolv.conf</TT
></A
@@ -14904,8 +15075,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2975"
->17.1.3. <TT
+NAME="AEN3018"
+>19.1.3. <TT
CLASS="FILENAME"
>/etc/host.conf</TT
></A
@@ -14933,8 +15104,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2983"
->17.1.4. <TT
+NAME="AEN3026"
+>19.1.4. <TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
></A
@@ -15002,8 +15173,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2995"
->17.2. Name resolution as used within MS Windows networking</A
+NAME="AEN3038"
+>19.2. Name resolution as used within MS Windows networking</A
></H2
><P
>MS Windows networking is predicated about the name each machine
@@ -15087,8 +15258,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3007"
->17.2.1. The NetBIOS Name Cache</A
+NAME="AEN3050"
+>19.2.1. The NetBIOS Name Cache</A
></H3
><P
>All MS Windows machines employ an in memory buffer in which is
@@ -15114,8 +15285,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3012"
->17.2.2. The LMHOSTS file</A
+NAME="AEN3055"
+>19.2.2. The LMHOSTS file</A
></H3
><P
>This file is usually located in MS Windows NT 4.0 or
@@ -15217,8 +15388,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3020"
->17.2.3. HOSTS file</A
+NAME="AEN3063"
+>19.2.3. HOSTS file</A
></H3
><P
>This file is usually located in MS Windows NT 4.0 or 2000 in
@@ -15239,8 +15410,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3025"
->17.2.4. DNS Lookup</A
+NAME="AEN3068"
+>19.2.4. DNS Lookup</A
></H3
><P
>This capability is configured in the TCP/IP setup area in the network
@@ -15259,8 +15430,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3028"
->17.2.5. WINS Lookup</A
+NAME="AEN3071"
+>19.2.5. WINS Lookup</A
></H3
><P
>A WINS (Windows Internet Name Server) service is the equivaent of the
@@ -15302,14 +15473,14 @@ CLASS="CHAPTER"
><A
NAME="IMPROVED-BROWSING"
></A
->Chapter 18. Improved browsing in samba</H1
+>Chapter 20. Improved browsing in samba</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN3047"
->18.1. Overview of browsing</A
+NAME="AEN3090"
+>20.1. Overview of browsing</A
></H2
><P
>SMB networking provides a mechanism by which clients can access a list
@@ -15337,8 +15508,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3052"
->18.2. Browsing support in samba</A
+NAME="AEN3095"
+>20.2. Browsing support in samba</A
></H2
><P
>Samba facilitates browsing. The browsing is supported by nmbd
@@ -15380,8 +15551,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3060"
->18.3. Problem resolution</A
+NAME="AEN3103"
+>20.3. Problem resolution</A
></H2
><P
>If something doesn't work then hopefully the log.nmb file will help
@@ -15427,8 +15598,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3069"
->18.4. Browsing across subnets</A
+NAME="AEN3112"
+>20.4. Browsing across subnets</A
></H2
><P
>Since the release of Samba 1.9.17(alpha1) Samba has been
@@ -15458,8 +15629,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3074"
->18.4.1. How does cross subnet browsing work ?</A
+NAME="AEN3117"
+>20.4.1. How does cross subnet browsing work ?</A
></H3
><P
>Cross subnet browsing is a complicated dance, containing multiple
@@ -15669,8 +15840,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3109"
->18.5. Setting up a WINS server</A
+NAME="AEN3152"
+>20.5. Setting up a WINS server</A
></H2
><P
>Either a Samba machine or a Windows NT Server machine may be set up
@@ -15752,8 +15923,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3128"
->18.6. Setting up Browsing in a WORKGROUP</A
+NAME="AEN3171"
+>20.6. Setting up Browsing in a WORKGROUP</A
></H2
><P
>To set up cross subnet browsing on a network containing machines
@@ -15837,8 +16008,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3146"
->18.7. Setting up Browsing in a DOMAIN</A
+NAME="AEN3189"
+>20.7. Setting up Browsing in a DOMAIN</A
></H2
><P
>If you are adding Samba servers to a Windows NT Domain then
@@ -15888,8 +16059,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3156"
->18.8. Forcing samba to be the master</A
+NAME="AEN3199"
+>20.8. Forcing samba to be the master</A
></H2
><P
>Who becomes the "master browser" is determined by an election process
@@ -15936,8 +16107,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3165"
->18.9. Making samba the domain master</A
+NAME="AEN3208"
+>20.9. Making samba the domain master</A
></H2
><P
>The domain master is responsible for collating the browse lists of
@@ -16009,8 +16180,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3183"
->18.10. Note about broadcast addresses</A
+NAME="AEN3226"
+>20.10. Note about broadcast addresses</A
></H2
><P
>If your network uses a "0" based broadcast address (for example if it
@@ -16023,8 +16194,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3186"
->18.11. Multiple interfaces</A
+NAME="AEN3229"
+>20.11. Multiple interfaces</A
></H2
><P
>Samba now supports machines with multiple network interfaces. If you
@@ -16038,14 +16209,14 @@ CLASS="CHAPTER"
><A
NAME="MSDFS"
></A
->Chapter 19. Hosting a Microsoft Distributed File System tree on Samba</H1
+>Chapter 21. Hosting a Microsoft Distributed File System tree on Samba</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN3200"
->19.1. Instructions</A
+NAME="AEN3243"
+>21.1. Instructions</A
></H2
><P
>The Distributed File System (or Dfs) provides a means of
@@ -16176,8 +16347,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3235"
->19.1.1. Notes</A
+NAME="AEN3278"
+>21.1.1. Notes</A
></H3
><P
></P
@@ -16211,14 +16382,14 @@ CLASS="CHAPTER"
><A
NAME="VFS"
></A
->Chapter 20. Stackable VFS modules</H1
+>Chapter 22. Stackable VFS modules</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN3259"
->20.1. Introduction and configuration</A
+NAME="AEN3302"
+>22.1. Introduction and configuration</A
></H2
><P
>Since samba 3.0, samba supports stackable VFS(Virtual File System) modules.
@@ -16258,16 +16429,16 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3268"
->20.2. Included modules</A
+NAME="AEN3311"
+>22.2. Included modules</A
></H2
><DIV
CLASS="SECT2"
><H3
CLASS="SECT2"
><A
-NAME="AEN3270"
->20.2.1. audit</A
+NAME="AEN3313"
+>22.2.1. audit</A
></H3
><P
>A simple module to audit file access to the syslog
@@ -16304,8 +16475,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3278"
->20.2.2. recycle</A
+NAME="AEN3321"
+>22.2.2. recycle</A
></H3
><P
>A recycle-bin like modules. When used any unlink call
@@ -16375,8 +16546,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3315"
->20.2.3. netatalk</A
+NAME="AEN3358"
+>22.2.3. netatalk</A
></H3
><P
>A netatalk module, that will ease co-existence of samba and
@@ -16408,8 +16579,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3322"
->20.3. VFS modules available elsewhere</A
+NAME="AEN3365"
+>22.3. VFS modules available elsewhere</A
></H2
><P
>This section contains a listing of various other VFS modules that
@@ -16424,8 +16595,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3326"
->20.3.1. DatabaseFS</A
+NAME="AEN3369"
+>22.3.1. DatabaseFS</A
></H3
><P
>URL: <A
@@ -16458,8 +16629,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3334"
->20.3.2. vscan</A
+NAME="AEN3377"
+>22.3.2. vscan</A
></H3
><P
>URL: <A
@@ -16482,14 +16653,14 @@ CLASS="CHAPTER"
><A
NAME="SECURING-SAMBA"
></A
->Chapter 21. Securing Samba</H1
+>Chapter 23. Securing Samba</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN3348"
->21.1. Introduction</A
+NAME="AEN3391"
+>23.1. Introduction</A
></H2
><P
>This note was attached to the Samba 2.2.8 release notes as it contained an
@@ -16501,8 +16672,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3351"
->21.2. Using host based protection</A
+NAME="AEN3394"
+>23.2. Using host based protection</A
></H2
><P
>In many installations of Samba the greatest threat comes for outside
@@ -16533,8 +16704,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3358"
->21.3. Using interface protection</A
+NAME="AEN3401"
+>23.3. Using interface protection</A
></H2
><P
>By default Samba will accept connections on any network interface that
@@ -16569,8 +16740,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3367"
->21.4. Using a firewall</A
+NAME="AEN3410"
+>23.4. Using a firewall</A
></H2
><P
>Many people use a firewall to deny access to services that they don't
@@ -16599,8 +16770,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3374"
->21.5. Using a IPC$ share deny</A
+NAME="AEN3417"
+>23.5. Using a IPC$ share deny</A
></H2
><P
>If the above methods are not suitable, then you could also place a
@@ -16638,8 +16809,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3383"
->21.6. Upgrading Samba</A
+NAME="AEN3426"
+>23.6. Upgrading Samba</A
></H2
><P
>Please check regularly on http://www.samba.org/ for updates and
@@ -16654,14 +16825,14 @@ CLASS="CHAPTER"
><A
NAME="UNICODE"
></A
->Chapter 22. Unicode/Charsets</H1
+>Chapter 24. Unicode/Charsets</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN3397"
->22.1. What are charsets and unicode?</A
+NAME="AEN3440"
+>24.1. What are charsets and unicode?</A
></H2
><P
>Computers communicate in numbers. In texts, each number will be
@@ -16710,8 +16881,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3406"
->22.2. Samba and charsets</A
+NAME="AEN3449"
+>24.2. Samba and charsets</A
></H2
><P
>As of samba 3.0, samba can (and will) talk unicode over the wire. Internally,
@@ -16786,101 +16957,101 @@ CLASS="TOC"
>Table of Contents</B
></DT
><DT
->23. <A
+>25. <A
HREF="#SPEED"
>Samba performance issues</A
></DT
><DD
><DL
><DT
->23.1. <A
-HREF="#AEN3443"
+>25.1. <A
+HREF="#AEN3486"
>Comparisons</A
></DT
><DT
->23.2. <A
-HREF="#AEN3449"
+>25.2. <A
+HREF="#AEN3492"
>Socket options</A
></DT
><DT
->23.3. <A
-HREF="#AEN3456"
+>25.3. <A
+HREF="#AEN3499"
>Read size</A
></DT
><DT
->23.4. <A
-HREF="#AEN3461"
+>25.4. <A
+HREF="#AEN3504"
>Max xmit</A
></DT
><DT
->23.5. <A
-HREF="#AEN3466"
+>25.5. <A
+HREF="#AEN3509"
>Log level</A
></DT
><DT
->23.6. <A
-HREF="#AEN3469"
+>25.6. <A
+HREF="#AEN3512"
>Read raw</A
></DT
><DT
->23.7. <A
-HREF="#AEN3474"
+>25.7. <A
+HREF="#AEN3517"
>Write raw</A
></DT
><DT
->23.8. <A
-HREF="#AEN3478"
+>25.8. <A
+HREF="#AEN3521"
>Slow Clients</A
></DT
><DT
->23.9. <A
-HREF="#AEN3482"
+>25.9. <A
+HREF="#AEN3525"
>Slow Logins</A
></DT
><DT
->23.10. <A
-HREF="#AEN3485"
+>25.10. <A
+HREF="#AEN3528"
>Client tuning</A
></DT
></DL
></DD
><DT
->24. <A
+>26. <A
HREF="#PORTABILITY"
>Portability</A
></DT
><DD
><DL
><DT
->24.1. <A
-HREF="#AEN3525"
+>26.1. <A
+HREF="#AEN3568"
>HPUX</A
></DT
><DT
->24.2. <A
-HREF="#AEN3531"
+>26.2. <A
+HREF="#AEN3574"
>SCO Unix</A
></DT
><DT
->24.3. <A
-HREF="#AEN3535"
+>26.3. <A
+HREF="#AEN3578"
>DNIX</A
></DT
><DT
->24.4. <A
-HREF="#AEN3564"
+>26.4. <A
+HREF="#AEN3607"
>RedHat Linux Rembrandt-II</A
></DT
><DT
->24.5. <A
-HREF="#AEN3570"
+>26.5. <A
+HREF="#AEN3613"
>AIX</A
></DT
><DD
><DL
><DT
->24.5.1. <A
-HREF="#AEN3572"
+>26.5.1. <A
+HREF="#AEN3615"
>Sequential Read Ahead</A
></DT
></DL
@@ -16888,156 +17059,156 @@ HREF="#AEN3572"
></DL
></DD
><DT
->25. <A
+>27. <A
HREF="#OTHER-CLIENTS"
>Samba and other CIFS clients</A
></DT
><DD
><DL
><DT
->25.1. <A
-HREF="#AEN3590"
+>27.1. <A
+HREF="#AEN3633"
>Macintosh clients?</A
></DT
><DT
->25.2. <A
-HREF="#AEN3599"
+>27.2. <A
+HREF="#AEN3642"
>OS2 Client</A
></DT
><DD
><DL
><DT
->25.2.1. <A
-HREF="#AEN3601"
+>27.2.1. <A
+HREF="#AEN3644"
>How can I configure OS/2 Warp Connect or
OS/2 Warp 4 as a client for Samba?</A
></DT
><DT
->25.2.2. <A
-HREF="#AEN3616"
+>27.2.2. <A
+HREF="#AEN3659"
>How can I configure OS/2 Warp 3 (not Connect),
OS/2 1.2, 1.3 or 2.x for Samba?</A
></DT
><DT
->25.2.3. <A
-HREF="#AEN3625"
+>27.2.3. <A
+HREF="#AEN3668"
>Are there any other issues when OS/2 (any version)
is used as a client?</A
></DT
><DT
->25.2.4. <A
-HREF="#AEN3629"
+>27.2.4. <A
+HREF="#AEN3672"
>How do I get printer driver download working
for OS/2 clients?</A
></DT
></DL
></DD
><DT
->25.3. <A
-HREF="#AEN3639"
+>27.3. <A
+HREF="#AEN3682"
>Windows for Workgroups</A
></DT
><DD
><DL
><DT
->25.3.1. <A
-HREF="#AEN3641"
+>27.3.1. <A
+HREF="#AEN3684"
>Use latest TCP/IP stack from Microsoft</A
></DT
><DT
->25.3.2. <A
-HREF="#AEN3646"
+>27.3.2. <A
+HREF="#AEN3689"
>Delete .pwl files after password change</A
></DT
><DT
->25.3.3. <A
-HREF="#AEN3651"
+>27.3.3. <A
+HREF="#AEN3694"
>Configure WfW password handling</A
></DT
><DT
->25.3.4. <A
-HREF="#AEN3655"
+>27.3.4. <A
+HREF="#AEN3698"
>Case handling of passwords</A
></DT
><DT
->25.3.5. <A
-HREF="#AEN3660"
+>27.3.5. <A
+HREF="#AEN3703"
>Use TCP/IP as default protocol</A
></DT
></DL
></DD
><DT
->25.4. <A
-HREF="#AEN3663"
+>27.4. <A
+HREF="#AEN3706"
>Windows '95/'98</A
></DT
><DT
->25.5. <A
-HREF="#AEN3679"
+>27.5. <A
+HREF="#AEN3722"
>Windows 2000 Service Pack 2</A
></DT
></DL
></DD
><DT
->26. <A
+>28. <A
HREF="#COMPILING"
>How to compile SAMBA</A
></DT
><DD
><DL
><DT
->26.1. <A
-HREF="#AEN3706"
+>28.1. <A
+HREF="#AEN3749"
>Access Samba source code via CVS</A
></DT
><DD
><DL
><DT
->26.1.1. <A
-HREF="#AEN3708"
+>28.1.1. <A
+HREF="#AEN3751"
>Introduction</A
></DT
><DT
->26.1.2. <A
-HREF="#AEN3713"
+>28.1.2. <A
+HREF="#AEN3756"
>CVS Access to samba.org</A
></DT
></DL
></DD
><DT
->26.2. <A
-HREF="#AEN3749"
+>28.2. <A
+HREF="#AEN3792"
>Accessing the samba sources via rsync and ftp</A
></DT
><DT
->26.3. <A
-HREF="#AEN3755"
+>28.3. <A
+HREF="#AEN3798"
>Building the Binaries</A
></DT
><DD
><DL
><DT
->26.3.1. <A
-HREF="#AEN3783"
+>28.3.1. <A
+HREF="#AEN3826"
>Compiling samba with Active Directory support</A
></DT
></DL
></DD
><DT
->26.4. <A
-HREF="#AEN3812"
+>28.4. <A
+HREF="#AEN3855"
>Starting the smbd and nmbd</A
></DT
><DD
><DL
><DT
->26.4.1. <A
-HREF="#AEN3822"
+>28.4.1. <A
+HREF="#AEN3865"
>Starting from inetd.conf</A
></DT
><DT
->26.4.2. <A
-HREF="#AEN3851"
+>28.4.2. <A
+HREF="#AEN3894"
>Alternative: starting it as a daemon</A
></DT
></DL
@@ -17045,128 +17216,128 @@ HREF="#AEN3851"
></DL
></DD
><DT
->27. <A
+>29. <A
HREF="#BUGREPORT"
>Reporting Bugs</A
></DT
><DD
><DL
><DT
->27.1. <A
-HREF="#AEN3874"
+>29.1. <A
+HREF="#AEN3917"
>Introduction</A
></DT
><DT
->27.2. <A
-HREF="#AEN3884"
+>29.2. <A
+HREF="#AEN3927"
>General info</A
></DT
><DT
->27.3. <A
-HREF="#AEN3890"
+>29.3. <A
+HREF="#AEN3933"
>Debug levels</A
></DT
><DT
->27.4. <A
-HREF="#AEN3907"
+>29.4. <A
+HREF="#AEN3950"
>Internal errors</A
></DT
><DT
->27.5. <A
-HREF="#AEN3917"
+>29.5. <A
+HREF="#AEN3960"
>Attaching to a running process</A
></DT
><DT
->27.6. <A
-HREF="#AEN3920"
+>29.6. <A
+HREF="#AEN3963"
>Patches</A
></DT
></DL
></DD
><DT
->28. <A
+>30. <A
HREF="#DIAGNOSIS"
>The samba checklist</A
></DT
><DD
><DL
><DT
->28.1. <A
-HREF="#AEN3943"
+>30.1. <A
+HREF="#AEN3986"
>Introduction</A
></DT
><DT
->28.2. <A
-HREF="#AEN3948"
+>30.2. <A
+HREF="#AEN3991"
>Assumptions</A
></DT
><DT
->28.3. <A
-HREF="#AEN3958"
+>30.3. <A
+HREF="#AEN4001"
>Tests</A
></DT
><DD
><DL
><DT
->28.3.1. <A
-HREF="#AEN3960"
+>30.3.1. <A
+HREF="#AEN4003"
>Test 1</A
></DT
><DT
->28.3.2. <A
-HREF="#AEN3966"
+>30.3.2. <A
+HREF="#AEN4009"
>Test 2</A
></DT
><DT
->28.3.3. <A
-HREF="#AEN3972"
+>30.3.3. <A
+HREF="#AEN4015"
>Test 3</A
></DT
><DT
->28.3.4. <A
-HREF="#AEN3987"
+>30.3.4. <A
+HREF="#AEN4030"
>Test 4</A
></DT
><DT
->28.3.5. <A
-HREF="#AEN3992"
+>30.3.5. <A
+HREF="#AEN4035"
>Test 5</A
></DT
><DT
->28.3.6. <A
-HREF="#AEN3998"
+>30.3.6. <A
+HREF="#AEN4041"
>Test 6</A
></DT
><DT
->28.3.7. <A
-HREF="#AEN4006"
+>30.3.7. <A
+HREF="#AEN4049"
>Test 7</A
></DT
><DT
->28.3.8. <A
-HREF="#AEN4032"
+>30.3.8. <A
+HREF="#AEN4075"
>Test 8</A
></DT
><DT
->28.3.9. <A
-HREF="#AEN4049"
+>30.3.9. <A
+HREF="#AEN4092"
>Test 9</A
></DT
><DT
->28.3.10. <A
-HREF="#AEN4057"
+>30.3.10. <A
+HREF="#AEN4100"
>Test 10</A
></DT
><DT
->28.3.11. <A
-HREF="#AEN4063"
+>30.3.11. <A
+HREF="#AEN4106"
>Test 11</A
></DT
></DL
></DD
><DT
->28.4. <A
-HREF="#AEN4068"
+>30.4. <A
+HREF="#AEN4111"
>Still having troubles?</A
></DT
></DL
@@ -17180,14 +17351,14 @@ CLASS="CHAPTER"
><A
NAME="SPEED"
></A
->Chapter 23. Samba performance issues</H1
+>Chapter 25. Samba performance issues</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN3443"
->23.1. Comparisons</A
+NAME="AEN3486"
+>25.1. Comparisons</A
></H2
><P
>The Samba server uses TCP to talk to the client. Thus if you are
@@ -17217,8 +17388,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3449"
->23.2. Socket options</A
+NAME="AEN3492"
+>25.2. Socket options</A
></H2
><P
>There are a number of socket options that can greatly affect the
@@ -17245,8 +17416,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3456"
->23.3. Read size</A
+NAME="AEN3499"
+>25.3. Read size</A
></H2
><P
>The option "read size" affects the overlap of disk reads/writes with
@@ -17271,8 +17442,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3461"
->23.4. Max xmit</A
+NAME="AEN3504"
+>25.4. Max xmit</A
></H2
><P
>At startup the client and server negotiate a "maximum transmit" size,
@@ -17294,8 +17465,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3466"
->23.5. Log level</A
+NAME="AEN3509"
+>25.5. Log level</A
></H2
><P
>If you set the log level (also known as "debug level") higher than 2
@@ -17308,8 +17479,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3469"
->23.6. Read raw</A
+NAME="AEN3512"
+>25.6. Read raw</A
></H2
><P
>The "read raw" operation is designed to be an optimised, low-latency
@@ -17330,8 +17501,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3474"
->23.7. Write raw</A
+NAME="AEN3517"
+>25.7. Write raw</A
></H2
><P
>The "write raw" operation is designed to be an optimised, low-latency
@@ -17347,8 +17518,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3478"
->23.8. Slow Clients</A
+NAME="AEN3521"
+>25.8. Slow Clients</A
></H2
><P
>One person has reported that setting the protocol to COREPLUS rather
@@ -17364,8 +17535,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3482"
->23.9. Slow Logins</A
+NAME="AEN3525"
+>25.9. Slow Logins</A
></H2
><P
>Slow logins are almost always due to the password checking time. Using
@@ -17377,8 +17548,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3485"
->23.10. Client tuning</A
+NAME="AEN3528"
+>25.10. Client tuning</A
></H2
><P
>Often a speed problem can be traced to the client. The client (for
@@ -17485,7 +17656,7 @@ CLASS="CHAPTER"
><A
NAME="PORTABILITY"
></A
->Chapter 24. Portability</H1
+>Chapter 26. Portability</H1
><P
>Samba works on a wide range of platforms but the interface all the
platforms provide is not always compatible. This chapter contains
@@ -17495,8 +17666,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3525"
->24.1. HPUX</A
+NAME="AEN3568"
+>26.1. HPUX</A
></H2
><P
>HP's implementation of supplementary groups is, er, non-standard (for
@@ -17525,8 +17696,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3531"
->24.2. SCO Unix</A
+NAME="AEN3574"
+>26.2. SCO Unix</A
></H2
><P
>
@@ -17542,8 +17713,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3535"
->24.3. DNIX</A
+NAME="AEN3578"
+>26.3. DNIX</A
></H2
><P
>DNIX has a problem with seteuid() and setegid(). These routines are
@@ -17649,8 +17820,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3564"
->24.4. RedHat Linux Rembrandt-II</A
+NAME="AEN3607"
+>26.4. RedHat Linux Rembrandt-II</A
></H2
><P
>By default RedHat Rembrandt-II during installation adds an
@@ -17673,16 +17844,16 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3570"
->24.5. AIX</A
+NAME="AEN3613"
+>26.5. AIX</A
></H2
><DIV
CLASS="SECT2"
><H3
CLASS="SECT2"
><A
-NAME="AEN3572"
->24.5.1. Sequential Read Ahead</A
+NAME="AEN3615"
+>26.5.1. Sequential Read Ahead</A
></H3
><P
>Disabling Sequential Read Ahead using "vmtune -r 0" improves
@@ -17696,7 +17867,7 @@ CLASS="CHAPTER"
><A
NAME="OTHER-CLIENTS"
></A
->Chapter 25. Samba and other CIFS clients</H1
+>Chapter 27. Samba and other CIFS clients</H1
><P
>This chapter contains client-specific information.</P
><DIV
@@ -17704,8 +17875,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3590"
->25.1. Macintosh clients?</A
+NAME="AEN3633"
+>27.1. Macintosh clients?</A
></H2
><P
>Yes. <A
@@ -17750,16 +17921,16 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3599"
->25.2. OS2 Client</A
+NAME="AEN3642"
+>27.2. OS2 Client</A
></H2
><DIV
CLASS="SECT2"
><H3
CLASS="SECT2"
><A
-NAME="AEN3601"
->25.2.1. How can I configure OS/2 Warp Connect or
+NAME="AEN3644"
+>27.2.1. How can I configure OS/2 Warp Connect or
OS/2 Warp 4 as a client for Samba?</A
></H3
><P
@@ -17817,8 +17988,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3616"
->25.2.2. How can I configure OS/2 Warp 3 (not Connect),
+NAME="AEN3659"
+>27.2.2. How can I configure OS/2 Warp 3 (not Connect),
OS/2 1.2, 1.3 or 2.x for Samba?</A
></H3
><P
@@ -17861,8 +18032,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3625"
->25.2.3. Are there any other issues when OS/2 (any version)
+NAME="AEN3668"
+>27.2.3. Are there any other issues when OS/2 (any version)
is used as a client?</A
></H3
><P
@@ -17883,8 +18054,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3629"
->25.2.4. How do I get printer driver download working
+NAME="AEN3672"
+>27.2.4. How do I get printer driver download working
for OS/2 clients?</A
></H3
><P
@@ -17930,16 +18101,16 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3639"
->25.3. Windows for Workgroups</A
+NAME="AEN3682"
+>27.3. Windows for Workgroups</A
></H2
><DIV
CLASS="SECT2"
><H3
CLASS="SECT2"
><A
-NAME="AEN3641"
->25.3.1. Use latest TCP/IP stack from Microsoft</A
+NAME="AEN3684"
+>27.3.1. Use latest TCP/IP stack from Microsoft</A
></H3
><P
>Use the latest TCP/IP stack from microsoft if you use Windows
@@ -17960,8 +18131,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3646"
->25.3.2. Delete .pwl files after password change</A
+NAME="AEN3689"
+>27.3.2. Delete .pwl files after password change</A
></H3
><P
>WfWg does a lousy job with passwords. I find that if I change my
@@ -17980,8 +18151,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3651"
->25.3.3. Configure WfW password handling</A
+NAME="AEN3694"
+>27.3.3. Configure WfW password handling</A
></H3
><P
>There is a program call admincfg.exe
@@ -17999,8 +18170,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3655"
->25.3.4. Case handling of passwords</A
+NAME="AEN3698"
+>27.3.4. Case handling of passwords</A
></H3
><P
>Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A
@@ -18017,8 +18188,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3660"
->25.3.5. Use TCP/IP as default protocol</A
+NAME="AEN3703"
+>27.3.5. Use TCP/IP as default protocol</A
></H3
><P
>To support print queue reporting you may find
@@ -18033,8 +18204,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3663"
->25.4. Windows '95/'98</A
+NAME="AEN3706"
+>27.4. Windows '95/'98</A
></H2
><P
>When using Windows 95 OEM SR2 the following updates are recommended where Samba
@@ -18081,8 +18252,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3679"
->25.5. Windows 2000 Service Pack 2</A
+NAME="AEN3722"
+>27.5. Windows 2000 Service Pack 2</A
></H2
><P
>
@@ -18165,7 +18336,7 @@ CLASS="CHAPTER"
><A
NAME="COMPILING"
></A
->Chapter 26. How to compile SAMBA</H1
+>Chapter 28. How to compile SAMBA</H1
><P
>You can obtain the samba source from the <A
HREF="http://samba.org/"
@@ -18178,16 +18349,16 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3706"
->26.1. Access Samba source code via CVS</A
+NAME="AEN3749"
+>28.1. Access Samba source code via CVS</A
></H2
><DIV
CLASS="SECT2"
><H3
CLASS="SECT2"
><A
-NAME="AEN3708"
->26.1.1. Introduction</A
+NAME="AEN3751"
+>28.1.1. Introduction</A
></H3
><P
>Samba is developed in an open environment. Developers use CVS
@@ -18208,8 +18379,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3713"
->26.1.2. CVS Access to samba.org</A
+NAME="AEN3756"
+>28.1.2. CVS Access to samba.org</A
></H3
><P
>The machine samba.org runs a publicly accessible CVS
@@ -18221,8 +18392,8 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN3716"
->26.1.2.1. Access via CVSweb</A
+NAME="AEN3759"
+>28.1.2.1. Access via CVSweb</A
></H4
><P
>You can access the source code via your
@@ -18242,8 +18413,8 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN3721"
->26.1.2.2. Access via cvs</A
+NAME="AEN3764"
+>28.1.2.2. Access via cvs</A
></H4
><P
>You can also access the source code via a
@@ -18347,8 +18518,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3749"
->26.2. Accessing the samba sources via rsync and ftp</A
+NAME="AEN3792"
+>28.2. Accessing the samba sources via rsync and ftp</A
></H2
><P
> pserver.samba.org also exports unpacked copies of most parts of the CVS tree at <A
@@ -18375,8 +18546,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3755"
->26.3. Building the Binaries</A
+NAME="AEN3798"
+>28.3. Building the Binaries</A
></H2
><P
>To do this, first run the program <B
@@ -18461,8 +18632,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3783"
->26.3.1. Compiling samba with Active Directory support</A
+NAME="AEN3826"
+>28.3.1. Compiling samba with Active Directory support</A
></H3
><P
>In order to compile samba with ADS support, you need to have installed
@@ -18511,8 +18682,8 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN3795"
->26.3.1.1. Installing the required packages for Debian</A
+NAME="AEN3838"
+>28.3.1.1. Installing the required packages for Debian</A
></H4
><P
>On Debian you need to install the following packages:</P
@@ -18542,8 +18713,8 @@ CLASS="SECT3"
><HR><H4
CLASS="SECT3"
><A
-NAME="AEN3802"
->26.3.1.2. Installing the required packages for RedHat</A
+NAME="AEN3845"
+>28.3.1.2. Installing the required packages for RedHat</A
></H4
><P
>On RedHat this means you should have at least: </P
@@ -18584,8 +18755,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3812"
->26.4. Starting the smbd and nmbd</A
+NAME="AEN3855"
+>28.4. Starting the smbd and nmbd</A
></H2
><P
>You must choose to start smbd and nmbd either
@@ -18624,8 +18795,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3822"
->26.4.1. Starting from inetd.conf</A
+NAME="AEN3865"
+>28.4.1. Starting from inetd.conf</A
></H3
><P
>NOTE; The following will be different if
@@ -18724,8 +18895,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3851"
->26.4.2. Alternative: starting it as a daemon</A
+NAME="AEN3894"
+>28.4.2. Alternative: starting it as a daemon</A
></H3
><P
>To start the server as a daemon you should create
@@ -18783,14 +18954,14 @@ CLASS="CHAPTER"
><A
NAME="BUGREPORT"
></A
->Chapter 27. Reporting Bugs</H1
+>Chapter 29. Reporting Bugs</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN3874"
->27.1. Introduction</A
+NAME="AEN3917"
+>29.1. Introduction</A
></H2
><P
>The email address for bug reports for stable releases is <A
@@ -18834,8 +19005,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3884"
->27.2. General info</A
+NAME="AEN3927"
+>29.2. General info</A
></H2
><P
>Before submitting a bug report check your config for silly
@@ -18859,8 +19030,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3890"
->27.3. Debug levels</A
+NAME="AEN3933"
+>29.3. Debug levels</A
></H2
><P
>If the bug has anything to do with Samba behaving incorrectly as a
@@ -18929,8 +19100,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3907"
->27.4. Internal errors</A
+NAME="AEN3950"
+>29.4. Internal errors</A
></H2
><P
>If you get a "INTERNAL ERROR" message in your log files it means that
@@ -18973,8 +19144,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3917"
->27.5. Attaching to a running process</A
+NAME="AEN3960"
+>29.5. Attaching to a running process</A
></H2
><P
>Unfortunately some unixes (in particular some recent linux kernels)
@@ -18990,8 +19161,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3920"
->27.6. Patches</A
+NAME="AEN3963"
+>29.6. Patches</A
></H2
><P
>The best sort of bug report is one that includes a fix! If you send us
@@ -19013,14 +19184,14 @@ CLASS="CHAPTER"
><A
NAME="DIAGNOSIS"
></A
->Chapter 28. The samba checklist</H1
+>Chapter 30. The samba checklist</H1
><DIV
CLASS="SECT1"
><H2
CLASS="SECT1"
><A
-NAME="AEN3943"
->28.1. Introduction</A
+NAME="AEN3986"
+>30.1. Introduction</A
></H2
><P
>This file contains a list of tests you can perform to validate your
@@ -19041,8 +19212,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3948"
->28.2. Assumptions</A
+NAME="AEN3991"
+>30.2. Assumptions</A
></H2
><P
>In all of the tests it is assumed you have a Samba server called
@@ -19079,16 +19250,16 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN3958"
->28.3. Tests</A
+NAME="AEN4001"
+>30.3. Tests</A
></H2
><DIV
CLASS="SECT2"
><H3
CLASS="SECT2"
><A
-NAME="AEN3960"
->28.3.1. Test 1</A
+NAME="AEN4003"
+>30.3.1. Test 1</A
></H3
><P
>In the directory in which you store your smb.conf file, run the command
@@ -19109,8 +19280,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3966"
->28.3.2. Test 2</A
+NAME="AEN4009"
+>30.3.2. Test 2</A
></H3
><P
>Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
@@ -19135,8 +19306,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3972"
->28.3.3. Test 3</A
+NAME="AEN4015"
+>30.3.3. Test 3</A
></H3
><P
>Run the command "smbclient -L BIGSERVER" on the unix box. You
@@ -19206,8 +19377,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3987"
->28.3.4. Test 4</A
+NAME="AEN4030"
+>30.3.4. Test 4</A
></H3
><P
>Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
@@ -19227,8 +19398,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3992"
->28.3.5. Test 5</A
+NAME="AEN4035"
+>30.3.5. Test 5</A
></H3
><P
>run the command <B
@@ -19248,8 +19419,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN3998"
->28.3.6. Test 6</A
+NAME="AEN4041"
+>30.3.6. Test 6</A
></H3
><P
>Run the command <B
@@ -19282,8 +19453,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN4006"
->28.3.7. Test 7</A
+NAME="AEN4049"
+>30.3.7. Test 7</A
></H3
><P
>Run the command <B
@@ -19371,8 +19542,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN4032"
->28.3.8. Test 8</A
+NAME="AEN4075"
+>30.3.8. Test 8</A
></H3
><P
>On the PC type the command <B
@@ -19431,8 +19602,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN4049"
->28.3.9. Test 9</A
+NAME="AEN4092"
+>30.3.9. Test 9</A
></H3
><P
>Run the command <B
@@ -19465,8 +19636,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN4057"
->28.3.10. Test 10</A
+NAME="AEN4100"
+>30.3.10. Test 10</A
></H3
><P
>Run the command <B
@@ -19491,8 +19662,8 @@ CLASS="SECT2"
><HR><H3
CLASS="SECT2"
><A
-NAME="AEN4063"
->28.3.11. Test 11</A
+NAME="AEN4106"
+>30.3.11. Test 11</A
></H3
><P
>From file manager try to browse the server. Your samba server should
@@ -19519,8 +19690,8 @@ CLASS="SECT1"
><HR><H2
CLASS="SECT1"
><A
-NAME="AEN4068"
->28.4. Still having troubles?</A
+NAME="AEN4111"
+>30.4. Still having troubles?</A
></H2
><P
>Try the mailing list or newsgroup, or use the ethereal utility to