diff options
Diffstat (limited to 'docs/htmldocs/advancednetworkmanagement.html')
| -rw-r--r-- | docs/htmldocs/advancednetworkmanagement.html | 555 |
1 files changed, 0 insertions, 555 deletions
diff --git a/docs/htmldocs/advancednetworkmanagement.html b/docs/htmldocs/advancednetworkmanagement.html deleted file mode 100644 index b55eed16bc..0000000000 --- a/docs/htmldocs/advancednetworkmanagement.html +++ /dev/null @@ -1,555 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Advanced Network Manangement</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Advanced Configuration" -HREF="optional.html"><LINK -REL="PREVIOUS" -TITLE="Unified Logons between Windows NT and UNIX using Winbind" -HREF="winbind.html"><LINK -REL="NEXT" -TITLE="System and Account Policies" -HREF="policymgmt.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="winbind.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="policymgmt.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="ADVANCEDNETWORKMANAGEMENT" -></A ->Chapter 16. Advanced Network Manangement</H1 -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->16.1. <A -HREF="advancednetworkmanagement.html#AEN2869" ->Configuring Samba Share Access Controls</A -></DT -><DT ->16.2. <A -HREF="advancednetworkmanagement.html#AEN2907" ->Remote Server Administration</A -></DT -><DT ->16.3. <A -HREF="advancednetworkmanagement.html#AEN2924" ->Network Logon Script Magic</A -></DT -></DL -></DIV -><P ->This section attempts to document peripheral issues that are of great importance to network -administrators who want to improve network resource access control, to automate the user -environment, and to make their lives a little easier.</P -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2869" ->16.1. Configuring Samba Share Access Controls</A -></H1 -><P ->This section deals with how to configure Samba per share access control restrictions. -By default samba sets no restrictions on the share itself. Restrictions on the share itself -can be set on MS Windows NT4/200x/XP shares. This can be a very effective way to limit who can -connect to a share. In the absence of specific restrictions the default setting is to allow -the global user <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Everyone</I -></SPAN -> Full Control (ie: Full control, Change and Read).</P -><P ->At this time Samba does NOT provide a tool for configuring access control setting on the Share -itself. Samba does have the capacity to store and act on access control settings, but the only -way to create those settings is to use either the NT4 Server Manager or the Windows 200x MMC for -Computer Management.</P -><P ->Samba stores the per share access control settings in a file called <TT -CLASS="FILENAME" ->share_info.tdb</TT ->. -The location of this file on your system will depend on how samba was compiled. The default location -for samba's tdb files is under <TT -CLASS="FILENAME" ->/usr/local/samba/var</TT ->. If the <TT -CLASS="FILENAME" ->tdbdump</TT -> -utility has been compiled and installed on your system then you can examine the contents of this file -by: <KBD -CLASS="USERINPUT" ->tdbdump share_info.tdb</KBD ->.</P -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2879" ->16.1.1. Share Permissions Management</A -></H2 -><P ->The best tool for the task is platform dependant. Choose the best tool for your environmemt.</P -><DIV -CLASS="SECT3" -><H3 -CLASS="SECT3" -><A -NAME="AEN2882" ->16.1.1.1. Windows NT4 Workstation/Server</A -></H3 -><P ->The tool you need to use to manage share permissions on a Samba server is the NT Server Manager. -Server Manager is shipped with Windows NT4 Server products but not with Windows NT4 Workstation. -You can obtain the NT Server Manager for MS Windows NT4 Workstation from Microsoft - see details below.</P -><DIV -CLASS="PROCEDURE" -><P -><B ->Instructions</B -></P -><OL -TYPE="1" -><LI -><P ->Launch the NT4 Server Manager, click on the Samba server you want to administer, then from the menu -select Computer, then click on the Shared Directories entry.</P -></LI -><LI -><P -> Now click on the share that you wish to manage, then click on the Properties tab, next click on - the Permissions tab. Now you can Add or change access control settings as you wish.</P -></LI -></OL -></DIV -></DIV -><DIV -CLASS="SECT3" -><H3 -CLASS="SECT3" -><A -NAME="AEN2891" ->16.1.1.2. Windows 200x/XP</A -></H3 -><P ->On MS Windows NT4/200x/XP system access control lists on the share itself are set using native -tools, usually from filemanager. For example, in Windows 200x: right click on the shared folder, -then select 'Sharing', then click on 'Permissions'. The default Windows NT4/200x permission allows -<SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Everyone</I -></SPAN -> Full Control on the Share.</P -><P ->MS Windows 200x and later all comes with a tool called the 'Computer Management' snap-in for the -Microsoft Management Console (MMC). This tool is located by clicking on <TT -CLASS="FILENAME" ->Control Panel -> -Administrative Tools -> Computer Management</TT ->.</P -><DIV -CLASS="PROCEDURE" -><P -><B ->Instructions</B -></P -><OL -TYPE="1" -><LI -><P -> After launching the MMC with the Computer Management snap-in, click on the menu item 'Action', - select 'Connect to another computer'. If you are not logged onto a domain you will be prompted - to enter a domain login user identifier and a password. This will authenticate you to the domain. - If you where already logged in with administrative privilidge this step is not offered.</P -></LI -><LI -><P ->If the Samba server is not shown in the Select Computer box, then type in the name of the target -Samba server in the field 'Name:'. Now click on the [+] next to 'System Tools', then on the [+] -next to 'Shared Folders' in the left panel.</P -></LI -><LI -><P ->Now in the right panel, double-click on the share you wish to set access control permissions on. -Then click on the tab 'Share Permissions'. It is now possible to add access control entities -to the shared folder. Do NOT forget to set what type of access (full control, change, read) you -wish to assign for each entry.</P -></LI -></OL -></DIV -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" -HSPACE="5" -ALT="Warning"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->Be careful. If you take away all permissions from the Everyone user without removing this user -then effectively no user will be able to access the share. This is a result of what is known as -ACL precidence. ie: Everyone with NO ACCESS means that MaryK who is part of the group Everyone -will have no access even if this user is given explicit full control access.</P -></TD -></TR -></TABLE -></DIV -></DIV -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2907" ->16.2. Remote Server Administration</A -></H1 -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->How do I get 'User Manager' and 'Server Manager'?</I -></SPAN -></P -><P ->Since I don't need to buy an NT4 Server, how do I get the 'User Manager for Domains', -the 'Server Manager'?</P -><P ->Microsoft distributes a version of these tools called nexus for installation on Windows 9x / Me -systems. The tools set includes:</P -><P -></P -><UL -><LI -><P ->Server Manager</P -></LI -><LI -><P ->User Manager for Domains</P -></LI -><LI -><P ->Event Viewer</P -></LI -></UL -><P ->Click here to download the archived file <A -HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE" -TARGET="_top" ->ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A -></P -><P ->The Windows NT 4.0 version of the 'User Manager for -Domains' and 'Server Manager' are available from Microsoft via ftp -from <A -HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" -TARGET="_top" ->ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2924" ->16.3. Network Logon Script Magic</A -></H1 -><P ->This section needs work. Volunteer contributions most welcome. Please send your patches or updates -to <A -HREF="mailto:jht@samba.org" -TARGET="_top" ->John Terpstra</A ->.</P -><P ->There are several opportunities for creating a custom network startup configuration environment.</P -><P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->No Logon Script</TD -></TR -><TR -><TD ->Simple universal Logon Script that applies to all users</TD -></TR -><TR -><TD ->Use of a conditional Logon Script that applies per user or per group attirbutes</TD -></TR -><TR -><TD ->Use of Samba's Preexec and Postexec functions on access to the NETLOGON share to create - a custom Logon Script and then execute it.</TD -></TR -><TR -><TD ->User of a tool such as KixStart</TD -></TR -></TBODY -></TABLE -><P -></P -><P ->The Samba source code tree includes two logon script generation/execution tools. See <TT -CLASS="FILENAME" ->examples</TT -> directory <TT -CLASS="FILENAME" ->genlogon</TT -> and <TT -CLASS="FILENAME" ->ntlogon</TT -> subdirectories.</P -><P ->The following listings are from the genlogon directory.</P -><P ->This is the genlogon.pl file: - -<PRE -CLASS="PROGRAMLISTING" -> #!/usr/bin/perl - # - # genlogon.pl - # - # Perl script to generate user logon scripts on the fly, when users - # connect from a Windows client. This script should be called from smb.conf - # with the %U, %G and %L parameters. I.e: - # - # root preexec = genlogon.pl %U %G %L - # - # The script generated will perform - # the following: - # - # 1. Log the user connection to /var/log/samba/netlogon.log - # 2. Set the PC's time to the Linux server time (which is maintained - # daily to the National Institute of Standard's Atomic clock on the - # internet. - # 3. Connect the user's home drive to H: (H for Home). - # 4. Connect common drives that everyone uses. - # 5. Connect group-specific drives for certain user groups. - # 6. Connect user-specific drives for certain users. - # 7. Connect network printers. - - # Log client connection - #($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); - ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); - open LOG, ">>/var/log/samba/netlogon.log"; - print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] logged into $ARGV[1]\n"; - close LOG; - - # Start generating logon script - open LOGON, ">/shared/netlogon/$ARGV[0].bat"; - print LOGON "\@ECHO OFF\r\n"; - - # Connect shares just use by Software Development group - if ($ARGV[1] eq "SOFTDEV" || $ARGV[0] eq "softdev") - { - print LOGON "NET USE M: \\\\$ARGV[2]\\SOURCE\r\n"; - } - - # Connect shares just use by Technical Support staff - if ($ARGV[1] eq "SUPPORT" || $ARGV[0] eq "support") - { - print LOGON "NET USE S: \\\\$ARGV[2]\\SUPPORT\r\n"; - } - - # Connect shares just used by Administration staff - If ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin") - { - print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n"; - print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n"; - } - - # Now connect Printers. We handle just two or three users a little - # differently, because they are the exceptions that have desktop - # printers on LPT1: - all other user's go to the LaserJet on the - # server. - if ($ARGV[0] eq 'jim' - || $ARGV[0] eq 'yvonne') - { - print LOGON "NET USE LPT2: \\\\$ARGV[2]\\LJET3\r\n"; - print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n"; - } - else - { - print LOGON "NET USE LPT1: \\\\$ARGV[2]\\LJET3\r\n"; - print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n"; - } - - # All done! Close the output file. - close LOGON;</PRE -></P -><P ->Those wishing to use more elaborate or capable logon processing system should check out the following sites:</P -><P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->http://www.craigelachie.org/rhacer/ntlogon</TD -></TR -><TR -><TD ->http://www.kixtart.org</TD -></TR -></TBODY -></TABLE -><P -></P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="winbind.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="policymgmt.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Unified Logons between Windows NT and UNIX using Winbind</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="optional.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->System and Account Policies</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file |