diff options
Diffstat (limited to 'docs/htmldocs/integrate-ms-networks.html')
| -rw-r--r-- | docs/htmldocs/integrate-ms-networks.html | 188 |
1 files changed, 88 insertions, 100 deletions
diff --git a/docs/htmldocs/integrate-ms-networks.html b/docs/htmldocs/integrate-ms-networks.html index 8299a456bb..99614cfb3f 100644 --- a/docs/htmldocs/integrate-ms-networks.html +++ b/docs/htmldocs/integrate-ms-networks.html @@ -5,7 +5,7 @@ >Integrating MS Windows networks with Samba</TITLE ><META NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK +CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html"><LINK @@ -80,9 +80,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1513" -></A ->9.1. Agenda</H1 +NAME="AEN1416" +>9.1. Agenda</A +></H1 ><P >To identify the key functional mechanisms of MS Windows networking to enable the deployment of Samba as a means of extending and/or @@ -147,9 +147,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1535" -></A ->9.2. Name Resolution in a pure Unix/Linux world</H1 +NAME="AEN1438" +>9.2. Name Resolution in a pure Unix/Linux world</A +></H1 ><P >The key configuration files covered in this section are:</P ><P @@ -189,11 +189,11 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1551" -></A +NAME="AEN1454" >9.2.1. <TT CLASS="FILENAME" >/etc/hosts</TT +></A ></H2 ><P >Contains a static list of IP Addresses and names. @@ -270,11 +270,11 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1567" -></A +NAME="AEN1470" >9.2.2. <TT CLASS="FILENAME" >/etc/resolv.conf</TT +></A ></H2 ><P >This file tells the name resolution libraries:</P @@ -308,11 +308,11 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1578" -></A +NAME="AEN1481" >9.2.3. <TT CLASS="FILENAME" >/etc/host.conf</TT +></A ></H2 ><P ><TT @@ -337,11 +337,11 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1586" -></A +NAME="AEN1489" >9.2.4. <TT CLASS="FILENAME" >/etc/nsswitch.conf</TT +></A ></H2 ><P >This file controls the actual name resolution targets. The @@ -406,9 +406,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1598" -></A ->9.3. Name resolution as used within MS Windows networking</H1 +NAME="AEN1501" +>9.3. Name resolution as used within MS Windows networking</A +></H1 ><P >MS Windows networking is predicated about the name each machine is given. This name is known variously (and inconsistently) as @@ -428,16 +428,16 @@ the client/server.</P ><PRE CLASS="PROGRAMLISTING" > Unique NetBIOS Names: - MACHINENAME<00> = Server Service is running on MACHINENAME - MACHINENAME<03> = Generic Machine Name (NetBIOS name) - MACHINENAME<20> = LanMan Server service is running on MACHINENAME - WORKGROUP<1b> = Domain Master Browser + MACHINENAME<00> = Server Service is running on MACHINENAME + MACHINENAME<03> = Generic Machine Name (NetBIOS name) + MACHINENAME<20> = LanMan Server service is running on MACHINENAME + WORKGROUP<1b> = Domain Master Browser Group Names: - WORKGROUP<03> = Generic Name registered by all members of WORKGROUP - WORKGROUP<1c> = Domain Controllers / Netlogon Servers - WORKGROUP<1d> = Local Master Browsers - WORKGROUP<1e> = Internet Name Resolvers</PRE + WORKGROUP<03> = Generic Name registered by all members of WORKGROUP + WORKGROUP<1c> = Domain Controllers / Netlogon Servers + WORKGROUP<1d> = Local Master Browsers + WORKGROUP<1e> = Internet Name Resolvers</PRE ></P ><P >It should be noted that all NetBIOS machines register their own @@ -456,7 +456,7 @@ be needed. An example of this is what happens when an MS Windows client wants to locate a domain logon server. It find this service and the IP address of a server that provides it by performing a lookup (via a NetBIOS broadcast) for enumeration of all machines that have -registered the name type *<1c>. A logon request is then sent to each +registered the name type *<1c>. A logon request is then sent to each IP address that is returned in the enumerated list of IP addresses. Which ever machine first replies then ends up providing the logon services.</P ><P @@ -491,9 +491,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1610" -></A ->9.3.1. The NetBIOS Name Cache</H2 +NAME="AEN1513" +>9.3.1. The NetBIOS Name Cache</A +></H2 ><P >All MS Windows machines employ an in memory buffer in which is stored the NetBIOS names and IP addresses for all external @@ -518,9 +518,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1615" -></A ->9.3.2. The LMHOSTS file</H2 +NAME="AEN1518" +>9.3.2. The LMHOSTS file</A +></H2 ><P >This file is usually located in MS Windows NT 4.0 or 2000 in <TT @@ -555,8 +555,8 @@ CLASS="PROGRAMLISTING" # files and offers the following extensions: # # #PRE - # #DOM:<domain> - # #INCLUDE <filename> + # #DOM:<domain> + # #INCLUDE <filename> # #BEGIN_ALTERNATE # #END_ALTERNATE # \0xnn (non-printing character support) @@ -565,16 +565,16 @@ CLASS="PROGRAMLISTING" # the entry to be preloaded into the name cache. By default, entries are # not preloaded, but are parsed only after dynamic name resolution fails. # - # Following an entry with the "#DOM:<domain>" tag will associate the - # entry with the domain specified by <domain>. This affects how the + # Following an entry with the "#DOM:<domain>" tag will associate the + # entry with the domain specified by <domain>. This affects how the # browser and logon services behave in TCP/IP environments. To preload # the host name associated with #DOM entry, it is necessary to also add a - # #PRE to the line. The <domain> is always preloaded although it will not + # #PRE to the line. The <domain> is always preloaded although it will not # be shown when the name cache is viewed. # - # Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT) - # software to seek the specified <filename> and parse it as if it were - # local. <filename> is generally a UNC-based name, allowing a + # Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT) + # software to seek the specified <filename> and parse it as if it were + # local. <filename> is generally a UNC-based name, allowing a # centralized lmhosts file to be maintained on a server. # It is ALWAYS necessary to provide a mapping for the IP address of the # server prior to the #INCLUDE. This mapping must use the #PRE directive. @@ -621,9 +621,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1623" -></A ->9.3.3. HOSTS file</H2 +NAME="AEN1526" +>9.3.3. HOSTS file</A +></H2 ><P >This file is usually located in MS Windows NT 4.0 or 2000 in <TT @@ -643,9 +643,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1628" -></A ->9.3.4. DNS Lookup</H2 +NAME="AEN1531" +>9.3.4. DNS Lookup</A +></H2 ><P >This capability is configured in the TCP/IP setup area in the network configuration facility. If enabled an elaborate name resolution sequence @@ -663,9 +663,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1631" -></A ->9.3.5. WINS Lookup</H2 +NAME="AEN1534" +>9.3.5. WINS Lookup</A +></H2 ><P >A WINS (Windows Internet Name Server) service is the equivaent of the rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores @@ -692,11 +692,9 @@ CLASS="PROGRAMLISTING" wins server = xxx.xxx.xxx.xxx</PRE ></P ><P ->where <TT +>where <VAR CLASS="REPLACEABLE" -><I ->xxx.xxx.xxx.xxx</I -></TT +>xxx.xxx.xxx.xxx</VAR > is the IP address of the WINS server.</P ></DIV @@ -706,10 +704,10 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1643" -></A +NAME="AEN1546" >9.4. How browsing functions and how to deploy stable and -dependable browsing using Samba</H1 +dependable browsing using Samba</A +></H1 ><P >As stated above, MS Windows machines register their NetBIOS names (i.e.: the machine name for each service type in operation) on start @@ -773,10 +771,10 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1653" -></A +NAME="AEN1556" >9.5. MS Windows security options and how to configure -Samba for seemless integration</H1 +Samba for seemless integration</A +></H1 ><P >MS Windows clients may use encrypted passwords as part of a challenege/response authentication model (a.k.a. NTLMv1) or @@ -845,43 +843,35 @@ CLASS="PROGRAMLISTING" HREF="smb.conf.5.html#PASSWORDLEVEL" TARGET="_top" >passsword level</A -> = <TT +> = <VAR CLASS="REPLACEABLE" -><I ->integer</I -></TT +>integer</VAR > <A HREF="smb.conf.5.html#USERNAMELEVEL" TARGET="_top" >username level</A -> = <TT +> = <VAR CLASS="REPLACEABLE" -><I ->integer</I -></TT +>integer</VAR ></PRE ></P ><P >By default Samba will lower case the username before attempting to lookup the user in the database of local system accounts. Because UNIX usernames conventionally only contain lower case -character, the <TT +character, the <VAR CLASS="PARAMETER" -><I ->username level</I -></TT +>username level</VAR > parameter is rarely even needed.</P ><P >However, password on UNIX systems often make use of mixed case characters. This means that in order for a user on a Windows 9x client to connect to a Samba server using clear text authentication, -the <TT +the <VAR CLASS="PARAMETER" -><I ->password level</I -></TT +>password level</VAR > must be set to the maximum number of upper case letter which <SPAN CLASS="emphasis" @@ -891,11 +881,9 @@ CLASS="EMPHASIS" ></SPAN > appear is a password. Note that is the server OS uses the traditional -DES version of crypt(), then a <TT +DES version of crypt(), then a <VAR CLASS="PARAMETER" -><I ->password level</I -></TT +>password level</VAR > of 8 will result in case insensitive passwords as seen from Windows users. This will also result in longer login times as Samba @@ -910,9 +898,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1681" -></A ->9.5.1. Use MS Windows NT as an authentication server</H2 +NAME="AEN1584" +>9.5.1. Use MS Windows NT as an authentication server</A +></H2 ><P >This method involves the additions of the following parameters in the smb.conf file:</P @@ -946,9 +934,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1689" -></A ->9.5.2. Make Samba a member of an MS Windows NT security domain</H2 +NAME="AEN1592" +>9.5.2. Make Samba a member of an MS Windows NT security domain</A +></H2 ><P >This method involves additon of the following paramters in the smb.conf file:</P ><P @@ -1009,9 +997,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1706" -></A ->9.5.3. Configure Samba as an authentication server</H2 +NAME="AEN1609" +>9.5.3. Configure Samba as an authentication server</A +></H2 ><P >This mode of authentication demands that there be on the Unix/Linux system both a Unix style account as well as an @@ -1046,9 +1034,9 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1713" -></A ->9.5.3.1. Users</H3 +NAME="AEN1616" +>9.5.3.1. Users</A +></H3 ><P >A user account that may provide a home directory should be created. The following Linux system commands are typical of @@ -1058,10 +1046,10 @@ the procedure for creating an account.</P CLASS="PROGRAMLISTING" > # useradd -s /bin/bash -d /home/"userid" -m "userid" # passwd "userid" - Enter Password: <pw> + Enter Password: <pw> # smbpasswd -a "userid" - Enter Password: <pw></PRE + Enter Password: <pw></PRE ></P ></DIV ><DIV @@ -1069,9 +1057,9 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1718" -></A ->9.5.3.2. MS Windows NT Machine Accounts</H3 +NAME="AEN1621" +>9.5.3.2. MS Windows NT Machine Accounts</A +></H3 ><P >These are required only when Samba is used as a domain controller. Refer to the Samba-PDC-HOWTO for more details.</P @@ -1090,9 +1078,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1723" -></A ->9.6. Conclusions</H1 +NAME="AEN1626" +>9.6. Conclusions</A +></H1 ><P >Samba provides a flexible means to operate as...</P ><P |