diff options
Diffstat (limited to 'docs/htmldocs/integrate-ms-networks.html')
-rw-r--r-- | docs/htmldocs/integrate-ms-networks.html | 147 |
1 files changed, 59 insertions, 88 deletions
diff --git a/docs/htmldocs/integrate-ms-networks.html b/docs/htmldocs/integrate-ms-networks.html index 984f849f71..ad6aa9e225 100644 --- a/docs/htmldocs/integrate-ms-networks.html +++ b/docs/htmldocs/integrate-ms-networks.html @@ -5,7 +5,8 @@ >Integrating MS Windows networks with Samba</TITLE ><META NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK +CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ +"><LINK REL="HOME" TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html"><LINK @@ -72,17 +73,13 @@ WIDTH="100%"></DIV CLASS="CHAPTER" ><H1 ><A -NAME="INTEGRATE-MS-NETWORKS" -></A ->Chapter 10. Integrating MS Windows networks with Samba</H1 +NAME="INTEGRATE-MS-NETWORKS">Chapter 10. Integrating MS Windows networks with Samba</H1 ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1517" ->10.1. Agenda</A -></H1 +NAME="AEN1374">10.1. Agenda</H1 ><P >To identify the key functional mechanisms of MS Windows networking to enable the deployment of Samba as a means of extending and/or @@ -147,9 +144,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1539" ->10.2. Name Resolution in a pure Unix/Linux world</A -></H1 +NAME="AEN1396">10.2. Name Resolution in a pure Unix/Linux world</H1 ><P >The key configuration files covered in this section are:</P ><P @@ -189,11 +184,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1555" ->10.2.1. <TT +NAME="AEN1412">10.2.1. <TT CLASS="FILENAME" >/etc/hosts</TT -></A ></H2 ><P >Contains a static list of IP Addresses and names. @@ -270,11 +263,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1571" ->10.2.2. <TT +NAME="AEN1428">10.2.2. <TT CLASS="FILENAME" >/etc/resolv.conf</TT -></A ></H2 ><P >This file tells the name resolution libraries:</P @@ -308,11 +299,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1582" ->10.2.3. <TT +NAME="AEN1439">10.2.3. <TT CLASS="FILENAME" >/etc/host.conf</TT -></A ></H2 ><P ><TT @@ -337,11 +326,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1590" ->10.2.4. <TT +NAME="AEN1447">10.2.4. <TT CLASS="FILENAME" >/etc/nsswitch.conf</TT -></A ></H2 ><P >This file controls the actual name resolution targets. The @@ -406,9 +393,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1602" ->10.3. Name resolution as used within MS Windows networking</A -></H1 +NAME="AEN1459">10.3. Name resolution as used within MS Windows networking</H1 ><P >MS Windows networking is predicated about the name each machine is given. This name is known variously (and inconsistently) as @@ -491,9 +476,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1614" ->10.3.1. The NetBIOS Name Cache</A -></H2 +NAME="AEN1471">10.3.1. The NetBIOS Name Cache</H2 ><P >All MS Windows machines employ an in memory buffer in which is stored the NetBIOS names and IP addresses for all external @@ -518,9 +501,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1619" ->10.3.2. The LMHOSTS file</A -></H2 +NAME="AEN1476">10.3.2. The LMHOSTS file</H2 ><P >This file is usually located in MS Windows NT 4.0 or 2000 in <TT @@ -555,8 +536,8 @@ CLASS="PROGRAMLISTING" # files and offers the following extensions: # # #PRE - # #DOM:<domain> - # #INCLUDE <filename> + # #DOM:<domain> + # #INCLUDE <filename> # #BEGIN_ALTERNATE # #END_ALTERNATE # \0xnn (non-printing character support) @@ -565,16 +546,16 @@ CLASS="PROGRAMLISTING" # the entry to be preloaded into the name cache. By default, entries are # not preloaded, but are parsed only after dynamic name resolution fails. # - # Following an entry with the "#DOM:<domain>" tag will associate the - # entry with the domain specified by <domain>. This affects how the + # Following an entry with the "#DOM:<domain>" tag will associate the + # entry with the domain specified by <domain>. This affects how the # browser and logon services behave in TCP/IP environments. To preload # the host name associated with #DOM entry, it is necessary to also add a - # #PRE to the line. The <domain> is always preloaded although it will not + # #PRE to the line. The <domain> is always preloaded although it will not # be shown when the name cache is viewed. # - # Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT) - # software to seek the specified <filename> and parse it as if it were - # local. <filename> is generally a UNC-based name, allowing a + # Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT) + # software to seek the specified <filename> and parse it as if it were + # local. <filename> is generally a UNC-based name, allowing a # centralized lmhosts file to be maintained on a server. # It is ALWAYS necessary to provide a mapping for the IP address of the # server prior to the #INCLUDE. This mapping must use the #PRE directive. @@ -621,9 +602,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1627" ->10.3.3. HOSTS file</A -></H2 +NAME="AEN1484">10.3.3. HOSTS file</H2 ><P >This file is usually located in MS Windows NT 4.0 or 2000 in <TT @@ -643,9 +622,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1632" ->10.3.4. DNS Lookup</A -></H2 +NAME="AEN1489">10.3.4. DNS Lookup</H2 ><P >This capability is configured in the TCP/IP setup area in the network configuration facility. If enabled an elaborate name resolution sequence @@ -663,9 +640,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1635" ->10.3.5. WINS Lookup</A -></H2 +NAME="AEN1492">10.3.5. WINS Lookup</H2 ><P >A WINS (Windows Internet Name Server) service is the equivaent of the rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores @@ -692,9 +667,11 @@ CLASS="PROGRAMLISTING" wins server = xxx.xxx.xxx.xxx</PRE ></P ><P ->where <VAR +>where <TT CLASS="REPLACEABLE" ->xxx.xxx.xxx.xxx</VAR +><I +>xxx.xxx.xxx.xxx</I +></TT > is the IP address of the WINS server.</P ></DIV @@ -704,10 +681,8 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1647" ->10.4. How browsing functions and how to deploy stable and -dependable browsing using Samba</A -></H1 +NAME="AEN1504">10.4. How browsing functions and how to deploy stable and +dependable browsing using Samba</H1 ><P >As stated above, MS Windows machines register their NetBIOS names (i.e.: the machine name for each service type in operation) on start @@ -771,10 +746,8 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1657" ->10.5. MS Windows security options and how to configure -Samba for seemless integration</A -></H1 +NAME="AEN1514">10.5. MS Windows security options and how to configure +Samba for seemless integration</H1 ><P >MS Windows clients may use encrypted passwords as part of a challenege/response authentication model (a.k.a. NTLMv1) or @@ -843,35 +816,43 @@ CLASS="PROGRAMLISTING" HREF="smb.conf.5.html#PASSWORDLEVEL" TARGET="_top" >passsword level</A -> = <VAR +> = <TT CLASS="REPLACEABLE" ->integer</VAR +><I +>integer</I +></TT > <A HREF="smb.conf.5.html#USERNAMELEVEL" TARGET="_top" >username level</A -> = <VAR +> = <TT CLASS="REPLACEABLE" ->integer</VAR +><I +>integer</I +></TT ></PRE ></P ><P >By default Samba will lower case the username before attempting to lookup the user in the database of local system accounts. Because UNIX usernames conventionally only contain lower case -character, the <VAR +character, the <TT CLASS="PARAMETER" ->username level</VAR +><I +>username level</I +></TT > parameter is rarely even needed.</P ><P >However, password on UNIX systems often make use of mixed case characters. This means that in order for a user on a Windows 9x client to connect to a Samba server using clear text authentication, -the <VAR +the <TT CLASS="PARAMETER" ->password level</VAR +><I +>password level</I +></TT > must be set to the maximum number of upper case letter which <SPAN CLASS="emphasis" @@ -881,9 +862,11 @@ CLASS="EMPHASIS" ></SPAN > appear is a password. Note that is the server OS uses the traditional -DES version of crypt(), then a <VAR +DES version of crypt(), then a <TT CLASS="PARAMETER" ->password level</VAR +><I +>password level</I +></TT > of 8 will result in case insensitive passwords as seen from Windows users. This will also result in longer login times as Samba @@ -898,9 +881,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1685" ->10.5.1. Use MS Windows NT as an authentication server</A -></H2 +NAME="AEN1542">10.5.1. Use MS Windows NT as an authentication server</H2 ><P >This method involves the additions of the following parameters in the smb.conf file:</P @@ -934,9 +915,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1693" ->10.5.2. Make Samba a member of an MS Windows NT security domain</A -></H2 +NAME="AEN1550">10.5.2. Make Samba a member of an MS Windows NT security domain</H2 ><P >This method involves additon of the following paramters in the smb.conf file:</P ><P @@ -997,9 +976,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1710" ->10.5.3. Configure Samba as an authentication server</A -></H2 +NAME="AEN1567">10.5.3. Configure Samba as an authentication server</H2 ><P >This mode of authentication demands that there be on the Unix/Linux system both a Unix style account as well as an @@ -1034,9 +1011,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1717" ->10.5.3.1. Users</A -></H3 +NAME="AEN1574">10.5.3.1. Users</H3 ><P >A user account that may provide a home directory should be created. The following Linux system commands are typical of @@ -1046,10 +1021,10 @@ the procedure for creating an account.</P CLASS="PROGRAMLISTING" > # useradd -s /bin/bash -d /home/"userid" -m "userid" # passwd "userid" - Enter Password: <pw> + Enter Password: <pw> # smbpasswd -a "userid" - Enter Password: <pw></PRE + Enter Password: <pw></PRE ></P ></DIV ><DIV @@ -1057,9 +1032,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1722" ->10.5.3.2. MS Windows NT Machine Accounts</A -></H3 +NAME="AEN1579">10.5.3.2. MS Windows NT Machine Accounts</H3 ><P >These are required only when Samba is used as a domain controller. Refer to the Samba-PDC-HOWTO for more details.</P @@ -1078,9 +1051,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1727" ->10.6. Conclusions</A -></H1 +NAME="AEN1584">10.6. Conclusions</H1 ><P >Samba provides a flexible means to operate as...</P ><P |