diff options
Diffstat (limited to 'docs/htmldocs')
-rw-r--r-- | docs/htmldocs/Samba-HOWTO-Collection.html | 4165 |
1 files changed, 2168 insertions, 1997 deletions
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index c902d63bec..73bc3eb60a 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -219,8 +219,8 @@ HREF="#AEN546" ></DT ><DT >3.8. <A -HREF="#AEN594" ->Passdb XML plugin</A +HREF="#AEN588" +>XML</A ></DT ></DL ></DD @@ -242,17 +242,17 @@ HREF="#SERVERTYPE" ><DL ><DT >4.1. <A -HREF="#AEN639" +HREF="#AEN626" >Stand Alone Server</A ></DT ><DT >4.2. <A -HREF="#AEN646" +HREF="#AEN633" >Domain Member Server</A ></DT ><DT >4.3. <A -HREF="#AEN652" +HREF="#AEN639" >Domain Controller</A ></DT ></DL @@ -266,7 +266,7 @@ HREF="#SECURITYLEVELS" ><DL ><DT >5.1. <A -HREF="#AEN681" +HREF="#AEN668" >User and Share security level</A ></DT ></DL @@ -280,37 +280,37 @@ HREF="#SAMBA-PDC" ><DL ><DT >6.1. <A -HREF="#AEN785" +HREF="#AEN772" >Prerequisite Reading</A ></DT ><DT >6.2. <A -HREF="#AEN790" +HREF="#AEN777" >Background</A ></DT ><DT >6.3. <A -HREF="#AEN830" +HREF="#AEN817" >Configuring the Samba Domain Controller</A ></DT ><DT >6.4. <A -HREF="#AEN872" +HREF="#AEN859" >Creating Machine Trust Accounts and Joining Clients to the Domain</A ></DT ><DT >6.5. <A -HREF="#AEN980" +HREF="#AEN967" >Common Problems and Errors</A ></DT ><DT >6.6. <A -HREF="#AEN1026" +HREF="#AEN1013" >What other help can I get?</A ></DT ><DT >6.7. <A -HREF="#AEN1140" +HREF="#AEN1127" >Domain Control for Windows 9x/ME</A ></DT ></DL @@ -324,27 +324,27 @@ HREF="#SAMBA-BDC" ><DL ><DT >7.1. <A -HREF="#AEN1193" +HREF="#AEN1180" >Prerequisite Reading</A ></DT ><DT >7.2. <A -HREF="#AEN1197" +HREF="#AEN1184" >Background</A ></DT ><DT >7.3. <A -HREF="#AEN1205" +HREF="#AEN1192" >What qualifies a Domain Controller on the network?</A ></DT ><DT >7.4. <A -HREF="#AEN1214" +HREF="#AEN1201" >Can Samba be a Backup Domain Controller to an NT PDC?</A ></DT ><DT >7.5. <A -HREF="#AEN1219" +HREF="#AEN1206" >How do I set up a Samba BDC?</A ></DT ></DL @@ -358,7 +358,7 @@ HREF="#ADS" ><DL ><DT >8.1. <A -HREF="#AEN1251" +HREF="#AEN1238" >Setup your <TT CLASS="FILENAME" >smb.conf</TT @@ -366,7 +366,7 @@ CLASS="FILENAME" ></DT ><DT >8.2. <A -HREF="#AEN1262" +HREF="#AEN1249" >Setup your <TT CLASS="FILENAME" >/etc/krb5.conf</TT @@ -374,22 +374,22 @@ CLASS="FILENAME" ></DT ><DT >8.3. <A -HREF="#AEN1273" +HREF="#AEN1260" >Create the computer account</A ></DT ><DT >8.4. <A -HREF="#AEN1285" +HREF="#AEN1272" >Test your server setup</A ></DT ><DT >8.5. <A -HREF="#AEN1290" +HREF="#AEN1277" >Testing with smbclient</A ></DT ><DT >8.6. <A -HREF="#AEN1293" +HREF="#AEN1280" >Notes</A ></DT ></DL @@ -403,12 +403,12 @@ HREF="#DOMAIN-SECURITY" ><DL ><DT >9.1. <A -HREF="#AEN1315" +HREF="#AEN1302" >Joining an NT Domain with Samba 3.0</A ></DT ><DT >9.2. <A -HREF="#AEN1369" +HREF="#AEN1356" >Why is this better than security = server?</A ></DT ></DL @@ -425,19 +425,14 @@ HREF="#OPTIONAL" ><DT >10. <A HREF="#ADVANCEDNETWORKMANAGEMENT" ->System Policies</A +>Advanced Network Manangement Information</A ></DT ><DD ><DL ><DT >10.1. <A -HREF="#AEN1401" ->Basic System Policy Info</A -></DT -><DT ->10.2. <A -HREF="#AEN1456" ->Roaming Profiles</A +HREF="#AEN1388" +>Remote Server Administration</A ></DT ></DL ></DD @@ -450,39 +445,39 @@ HREF="#UNIX-PERMISSIONS" ><DL ><DT >11.1. <A -HREF="#AEN1663" +HREF="#AEN1416" >Viewing and changing UNIX permissions using the NT security dialogs</A ></DT ><DT >11.2. <A -HREF="#AEN1667" +HREF="#AEN1420" >How to view file security on a Samba share</A ></DT ><DT >11.3. <A -HREF="#AEN1678" +HREF="#AEN1431" >Viewing file ownership</A ></DT ><DT >11.4. <A -HREF="#AEN1698" +HREF="#AEN1451" >Viewing file or directory permissions</A ></DT ><DT >11.5. <A -HREF="#AEN1734" +HREF="#AEN1487" >Modifying file or directory permissions</A ></DT ><DT >11.6. <A -HREF="#AEN1756" +HREF="#AEN1509" >Interaction with the standard Samba create mask parameters</A ></DT ><DT >11.7. <A -HREF="#AEN1810" +HREF="#AEN1563" >Interaction with the standard Samba file attribute mapping</A ></DT @@ -503,17 +498,17 @@ managed authentication</A ><DL ><DT >13.1. <A -HREF="#AEN1866" +HREF="#AEN1619" >Samba and PAM</A ></DT ><DT >13.2. <A -HREF="#AEN1915" +HREF="#AEN1668" >Distributed Authentication</A ></DT ><DT >13.3. <A -HREF="#AEN1920" +HREF="#AEN1673" >PAM Configuration in smb.conf</A ></DT ></DL @@ -527,22 +522,22 @@ HREF="#PRINTING" ><DL ><DT >14.1. <A -HREF="#AEN1946" +HREF="#AEN1699" >Introduction</A ></DT ><DT >14.2. <A -HREF="#AEN1968" +HREF="#AEN1721" >Configuration</A ></DT ><DT >14.3. <A -HREF="#AEN2076" +HREF="#AEN1829" >The Imprints Toolset</A ></DT ><DT >14.4. <A -HREF="#AEN2119" +HREF="#AEN1872" >Diagnosis</A ></DT ></DL @@ -556,37 +551,37 @@ HREF="#CUPS-PRINTING" ><DL ><DT >15.1. <A -HREF="#AEN2231" +HREF="#AEN1984" >Introduction</A ></DT ><DT >15.2. <A -HREF="#AEN2236" +HREF="#AEN1989" >CUPS - RAW Print Through Mode</A ></DT ><DT >15.3. <A -HREF="#AEN2291" +HREF="#AEN2044" >The CUPS Filter Chains</A ></DT ><DT >15.4. <A -HREF="#AEN2330" +HREF="#AEN2083" >CUPS Print Drivers and Devices</A ></DT ><DT >15.5. <A -HREF="#AEN2407" +HREF="#AEN2160" >Limiting the number of pages users can print</A ></DT ><DT >15.6. <A -HREF="#AEN2496" +HREF="#AEN2249" >Advanced Postscript Printing from MS Windows</A ></DT ><DT >15.7. <A -HREF="#AEN2511" +HREF="#AEN2264" >Auto-Deletion of CUPS spool files</A ></DT ></DL @@ -600,216 +595,244 @@ HREF="#WINBIND" ><DL ><DT >16.1. <A -HREF="#AEN2573" +HREF="#AEN2326" >Abstract</A ></DT ><DT >16.2. <A -HREF="#AEN2577" +HREF="#AEN2330" >Introduction</A ></DT ><DT >16.3. <A -HREF="#AEN2590" +HREF="#AEN2343" >What Winbind Provides</A ></DT ><DT >16.4. <A -HREF="#AEN2601" +HREF="#AEN2354" >How Winbind Works</A ></DT ><DT >16.5. <A -HREF="#AEN2644" +HREF="#AEN2397" >Installation and Configuration</A ></DT ><DT >16.6. <A -HREF="#AEN2901" +HREF="#AEN2654" >Limitations</A ></DT ><DT >16.7. <A -HREF="#AEN2911" +HREF="#AEN2664" >Conclusion</A ></DT ></DL ></DD ><DT >17. <A +HREF="#POLICYMGMT" +>Policy Management - Hows and Whys</A +></DT +><DD +><DL +><DT +>17.1. <A +HREF="#AEN2678" +>System Policies</A +></DT +></DL +></DD +><DT +>18. <A +HREF="#PROFILEMGMT" +>Profile Management</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="#AEN2761" +>Roaming Profiles</A +></DT +></DL +></DD +><DT +>19. <A HREF="#INTEGRATE-MS-NETWORKS" >Integrating MS Windows networks with Samba</A ></DT ><DD ><DL ><DT ->17.1. <A -HREF="#AEN2932" +>19.1. <A +HREF="#AEN2975" >Name Resolution in a pure Unix/Linux world</A ></DT ><DT ->17.2. <A -HREF="#AEN2995" +>19.2. <A +HREF="#AEN3038" >Name resolution as used within MS Windows networking</A ></DT ></DL ></DD ><DT ->18. <A +>20. <A HREF="#IMPROVED-BROWSING" >Improved browsing in samba</A ></DT ><DD ><DL ><DT ->18.1. <A -HREF="#AEN3047" +>20.1. <A +HREF="#AEN3090" >Overview of browsing</A ></DT ><DT ->18.2. <A -HREF="#AEN3052" +>20.2. <A +HREF="#AEN3095" >Browsing support in samba</A ></DT ><DT ->18.3. <A -HREF="#AEN3060" +>20.3. <A +HREF="#AEN3103" >Problem resolution</A ></DT ><DT ->18.4. <A -HREF="#AEN3069" +>20.4. <A +HREF="#AEN3112" >Browsing across subnets</A ></DT ><DT ->18.5. <A -HREF="#AEN3109" +>20.5. <A +HREF="#AEN3152" >Setting up a WINS server</A ></DT ><DT ->18.6. <A -HREF="#AEN3128" +>20.6. <A +HREF="#AEN3171" >Setting up Browsing in a WORKGROUP</A ></DT ><DT ->18.7. <A -HREF="#AEN3146" +>20.7. <A +HREF="#AEN3189" >Setting up Browsing in a DOMAIN</A ></DT ><DT ->18.8. <A -HREF="#AEN3156" +>20.8. <A +HREF="#AEN3199" >Forcing samba to be the master</A ></DT ><DT ->18.9. <A -HREF="#AEN3165" +>20.9. <A +HREF="#AEN3208" >Making samba the domain master</A ></DT ><DT ->18.10. <A -HREF="#AEN3183" +>20.10. <A +HREF="#AEN3226" >Note about broadcast addresses</A ></DT ><DT ->18.11. <A -HREF="#AEN3186" +>20.11. <A +HREF="#AEN3229" >Multiple interfaces</A ></DT ></DL ></DD ><DT ->19. <A +>21. <A HREF="#MSDFS" >Hosting a Microsoft Distributed File System tree on Samba</A ></DT ><DD ><DL ><DT ->19.1. <A -HREF="#AEN3200" +>21.1. <A +HREF="#AEN3243" >Instructions</A ></DT ></DL ></DD ><DT ->20. <A +>22. <A HREF="#VFS" >Stackable VFS modules</A ></DT ><DD ><DL ><DT ->20.1. <A -HREF="#AEN3259" +>22.1. <A +HREF="#AEN3302" >Introduction and configuration</A ></DT ><DT ->20.2. <A -HREF="#AEN3268" +>22.2. <A +HREF="#AEN3311" >Included modules</A ></DT ><DT ->20.3. <A -HREF="#AEN3322" +>22.3. <A +HREF="#AEN3365" >VFS modules available elsewhere</A ></DT ></DL ></DD ><DT ->21. <A +>23. <A HREF="#SECURING-SAMBA" >Securing Samba</A ></DT ><DD ><DL ><DT ->21.1. <A -HREF="#AEN3348" +>23.1. <A +HREF="#AEN3391" >Introduction</A ></DT ><DT ->21.2. <A -HREF="#AEN3351" +>23.2. <A +HREF="#AEN3394" >Using host based protection</A ></DT ><DT ->21.3. <A -HREF="#AEN3358" +>23.3. <A +HREF="#AEN3401" >Using interface protection</A ></DT ><DT ->21.4. <A -HREF="#AEN3367" +>23.4. <A +HREF="#AEN3410" >Using a firewall</A ></DT ><DT ->21.5. <A -HREF="#AEN3374" +>23.5. <A +HREF="#AEN3417" >Using a IPC$ share deny</A ></DT ><DT ->21.6. <A -HREF="#AEN3383" +>23.6. <A +HREF="#AEN3426" >Upgrading Samba</A ></DT ></DL ></DD ><DT ->22. <A +>24. <A HREF="#UNICODE" >Unicode/Charsets</A ></DT ><DD ><DL ><DT ->22.1. <A -HREF="#AEN3397" +>24.1. <A +HREF="#AEN3440" >What are charsets and unicode?</A ></DT ><DT ->22.2. <A -HREF="#AEN3406" +>24.2. <A +HREF="#AEN3449" >Samba and charsets</A ></DT ></DL @@ -824,225 +847,225 @@ HREF="#APPENDIXES" ><DD ><DL ><DT ->23. <A +>25. <A HREF="#SPEED" >Samba performance issues</A ></DT ><DD ><DL ><DT ->23.1. <A -HREF="#AEN3443" +>25.1. <A +HREF="#AEN3486" >Comparisons</A ></DT ><DT ->23.2. <A -HREF="#AEN3449" +>25.2. <A +HREF="#AEN3492" >Socket options</A ></DT ><DT ->23.3. <A -HREF="#AEN3456" +>25.3. <A +HREF="#AEN3499" >Read size</A ></DT ><DT ->23.4. <A -HREF="#AEN3461" +>25.4. <A +HREF="#AEN3504" >Max xmit</A ></DT ><DT ->23.5. <A -HREF="#AEN3466" +>25.5. <A +HREF="#AEN3509" >Log level</A ></DT ><DT ->23.6. <A -HREF="#AEN3469" +>25.6. <A +HREF="#AEN3512" >Read raw</A ></DT ><DT ->23.7. <A -HREF="#AEN3474" +>25.7. <A +HREF="#AEN3517" >Write raw</A ></DT ><DT ->23.8. <A -HREF="#AEN3478" +>25.8. <A +HREF="#AEN3521" >Slow Clients</A ></DT ><DT ->23.9. <A -HREF="#AEN3482" +>25.9. <A +HREF="#AEN3525" >Slow Logins</A ></DT ><DT ->23.10. <A -HREF="#AEN3485" +>25.10. <A +HREF="#AEN3528" >Client tuning</A ></DT ></DL ></DD ><DT ->24. <A +>26. <A HREF="#PORTABILITY" >Portability</A ></DT ><DD ><DL ><DT ->24.1. <A -HREF="#AEN3525" +>26.1. <A +HREF="#AEN3568" >HPUX</A ></DT ><DT ->24.2. <A -HREF="#AEN3531" +>26.2. <A +HREF="#AEN3574" >SCO Unix</A ></DT ><DT ->24.3. <A -HREF="#AEN3535" +>26.3. <A +HREF="#AEN3578" >DNIX</A ></DT ><DT ->24.4. <A -HREF="#AEN3564" +>26.4. <A +HREF="#AEN3607" >RedHat Linux Rembrandt-II</A ></DT ><DT ->24.5. <A -HREF="#AEN3570" +>26.5. <A +HREF="#AEN3613" >AIX</A ></DT ></DL ></DD ><DT ->25. <A +>27. <A HREF="#OTHER-CLIENTS" >Samba and other CIFS clients</A ></DT ><DD ><DL ><DT ->25.1. <A -HREF="#AEN3590" +>27.1. <A +HREF="#AEN3633" >Macintosh clients?</A ></DT ><DT ->25.2. <A -HREF="#AEN3599" +>27.2. <A +HREF="#AEN3642" >OS2 Client</A ></DT ><DT ->25.3. <A -HREF="#AEN3639" +>27.3. <A +HREF="#AEN3682" >Windows for Workgroups</A ></DT ><DT ->25.4. <A -HREF="#AEN3663" +>27.4. <A +HREF="#AEN3706" >Windows '95/'98</A ></DT ><DT ->25.5. <A -HREF="#AEN3679" +>27.5. <A +HREF="#AEN3722" >Windows 2000 Service Pack 2</A ></DT ></DL ></DD ><DT ->26. <A +>28. <A HREF="#COMPILING" >How to compile SAMBA</A ></DT ><DD ><DL ><DT ->26.1. <A -HREF="#AEN3706" +>28.1. <A +HREF="#AEN3749" >Access Samba source code via CVS</A ></DT ><DT ->26.2. <A -HREF="#AEN3749" +>28.2. <A +HREF="#AEN3792" >Accessing the samba sources via rsync and ftp</A ></DT ><DT ->26.3. <A -HREF="#AEN3755" +>28.3. <A +HREF="#AEN3798" >Building the Binaries</A ></DT ><DT ->26.4. <A -HREF="#AEN3812" +>28.4. <A +HREF="#AEN3855" >Starting the smbd and nmbd</A ></DT ></DL ></DD ><DT ->27. <A +>29. <A HREF="#BUGREPORT" >Reporting Bugs</A ></DT ><DD ><DL ><DT ->27.1. <A -HREF="#AEN3874" +>29.1. <A +HREF="#AEN3917" >Introduction</A ></DT ><DT ->27.2. <A -HREF="#AEN3884" +>29.2. <A +HREF="#AEN3927" >General info</A ></DT ><DT ->27.3. <A -HREF="#AEN3890" +>29.3. <A +HREF="#AEN3933" >Debug levels</A ></DT ><DT ->27.4. <A -HREF="#AEN3907" +>29.4. <A +HREF="#AEN3950" >Internal errors</A ></DT ><DT ->27.5. <A -HREF="#AEN3917" +>29.5. <A +HREF="#AEN3960" >Attaching to a running process</A ></DT ><DT ->27.6. <A -HREF="#AEN3920" +>29.6. <A +HREF="#AEN3963" >Patches</A ></DT ></DL ></DD ><DT ->28. <A +>30. <A HREF="#DIAGNOSIS" >The samba checklist</A ></DT ><DD ><DL ><DT ->28.1. <A -HREF="#AEN3943" +>30.1. <A +HREF="#AEN3986" >Introduction</A ></DT ><DT ->28.2. <A -HREF="#AEN3948" +>30.2. <A +HREF="#AEN3991" >Assumptions</A ></DT ><DT ->28.3. <A -HREF="#AEN3958" +>30.3. <A +HREF="#AEN4001" >Tests</A ></DT ><DT ->28.4. <A -HREF="#AEN4068" +>30.4. <A +HREF="#AEN4111" >Still having troubles?</A ></DT ></DL @@ -1304,49 +1327,30 @@ HREF="#AEN546" ><DT >3.7.1. <A HREF="#AEN548" ->Building</A -></DT -><DT ->3.7.2. <A -HREF="#AEN554" >Creating the database</A ></DT ><DT ->3.7.3. <A -HREF="#AEN564" +>3.7.2. <A +HREF="#AEN558" >Configuring</A ></DT ><DT ->3.7.4. <A -HREF="#AEN581" +>3.7.3. <A +HREF="#AEN575" >Using plaintext passwords or encrypted password</A ></DT ><DT ->3.7.5. <A -HREF="#AEN586" +>3.7.4. <A +HREF="#AEN580" >Getting non-column data from the table</A ></DT ></DL ></DD ><DT >3.8. <A -HREF="#AEN594" ->Passdb XML plugin</A +HREF="#AEN588" +>XML</A ></DT -><DD -><DL -><DT ->3.8.1. <A -HREF="#AEN596" ->Building</A -></DT -><DT ->3.8.2. <A -HREF="#AEN602" ->Usage</A -></DT -></DL -></DD ></DL ></DD ></DL @@ -3436,28 +3440,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN548" ->3.7.1. Building</A -></H3 -><P ->To build the plugin, run <B -CLASS="COMMAND" ->make bin/pdb_mysql.so</B -> -in the <TT -CLASS="FILENAME" ->source/</TT -> directory of samba distribution. </P -><P ->Next, copy pdb_mysql.so to any location you want. I -strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN554" ->3.7.2. Creating the database</A +>3.7.1. Creating the database</A ></H3 ><P >You either can set up your own table and specify the field names to pdb_mysql (see below @@ -3492,8 +3475,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN564" ->3.7.3. Configuring</A +NAME="AEN558" +>3.7.2. Configuring</A ></H3 ><P >This plugin lacks some good documentation, but here is some short info:</P @@ -3507,7 +3490,7 @@ CLASS="FILENAME" >: <PRE CLASS="PROGRAMLISTING" ->passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE +>passdb backend = [other-plugins] mysql:identifier [other-plugins]</PRE ></P ><P >The identifier can be any string you like, as long as it doesn't collide with @@ -3603,8 +3586,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN581" ->3.7.4. Using plaintext passwords or encrypted password</A +NAME="AEN575" +>3.7.3. Using plaintext passwords or encrypted password</A ></H3 ><P >I strongly discourage the use of plaintext passwords, however, you can use them:</P @@ -3618,8 +3601,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN586" ->3.7.5. Getting non-column data from the table</A +NAME="AEN580" +>3.7.4. Getting non-column data from the table</A ></H3 ><P >It is possible to have not all data in the database and making some 'constant'.</P @@ -3644,43 +3627,17 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN594" ->3.8. Passdb XML plugin</A +NAME="AEN588" +>3.8. XML</A ></H2 -><DIV -CLASS="SECT2" -><H3 -CLASS="SECT2" -><A -NAME="AEN596" ->3.8.1. Building</A -></H3 ><P >This module requires libxml2 to be installed.</P ><P ->To build pdb_xml, run: <B -CLASS="COMMAND" ->make bin/pdb_xml.so</B -> in -the directory <TT -CLASS="FILENAME" ->source/</TT ->. </P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN602" ->3.8.2. Usage</A -></H3 -><P >The usage of pdb_xml is pretty straightforward. To export data, use: <B CLASS="COMMAND" ->pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</B +>pdbedit -e xml:filename</B > (where filename is the name of the file to put the data in)</P @@ -3688,14 +3645,13 @@ CLASS="COMMAND" >To import data, use: <B CLASS="COMMAND" ->pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</B +>pdbedit -i xml:filename -e current-pdb</B > Where filename is the name to read the data from and current-pdb to put it in.</P ></DIV ></DIV ></DIV -></DIV ><DIV CLASS="PART" ><A @@ -3709,7 +3665,7 @@ CLASS="TITLE" ><DIV CLASS="PARTINTRO" ><A -NAME="AEN610" +NAME="AEN597" ></A ><H1 >Introduction</H1 @@ -3733,24 +3689,24 @@ HREF="#SERVERTYPE" ><DL ><DT >4.1. <A -HREF="#AEN639" +HREF="#AEN626" >Stand Alone Server</A ></DT ><DT >4.2. <A -HREF="#AEN646" +HREF="#AEN633" >Domain Member Server</A ></DT ><DT >4.3. <A -HREF="#AEN652" +HREF="#AEN639" >Domain Controller</A ></DT ><DD ><DL ><DT >4.3.1. <A -HREF="#AEN655" +HREF="#AEN642" >Domain Controller Types</A ></DT ></DL @@ -3766,34 +3722,34 @@ HREF="#SECURITYLEVELS" ><DL ><DT >5.1. <A -HREF="#AEN681" +HREF="#AEN668" >User and Share security level</A ></DT ><DD ><DL ><DT >5.1.1. <A -HREF="#AEN684" +HREF="#AEN671" >User Level Security</A ></DT ><DT >5.1.2. <A -HREF="#AEN694" +HREF="#AEN681" >Share Level Security</A ></DT ><DT >5.1.3. <A -HREF="#AEN698" +HREF="#AEN685" >Server Level Security</A ></DT ><DT >5.1.4. <A -HREF="#AEN737" +HREF="#AEN724" >Domain Level Security</A ></DT ><DT >5.1.5. <A -HREF="#AEN758" +HREF="#AEN745" >ADS Level Security</A ></DT ></DL @@ -3809,63 +3765,63 @@ HREF="#SAMBA-PDC" ><DL ><DT >6.1. <A -HREF="#AEN785" +HREF="#AEN772" >Prerequisite Reading</A ></DT ><DT >6.2. <A -HREF="#AEN790" +HREF="#AEN777" >Background</A ></DT ><DT >6.3. <A -HREF="#AEN830" +HREF="#AEN817" >Configuring the Samba Domain Controller</A ></DT ><DT >6.4. <A -HREF="#AEN872" +HREF="#AEN859" >Creating Machine Trust Accounts and Joining Clients to the Domain</A ></DT ><DD ><DL ><DT >6.4.1. <A -HREF="#AEN915" +HREF="#AEN902" >Manual Creation of Machine Trust Accounts</A ></DT ><DT >6.4.2. <A -HREF="#AEN956" +HREF="#AEN943" >"On-the-Fly" Creation of Machine Trust Accounts</A ></DT ><DT >6.4.3. <A -HREF="#AEN965" +HREF="#AEN952" >Joining the Client to the Domain</A ></DT ></DL ></DD ><DT >6.5. <A -HREF="#AEN980" +HREF="#AEN967" >Common Problems and Errors</A ></DT ><DT >6.6. <A -HREF="#AEN1026" +HREF="#AEN1013" >What other help can I get?</A ></DT ><DT >6.7. <A -HREF="#AEN1140" +HREF="#AEN1127" >Domain Control for Windows 9x/ME</A ></DT ><DD ><DL ><DT >6.7.1. <A -HREF="#AEN1163" +HREF="#AEN1150" >Configuration Instructions: Network Logons</A ></DT ></DL @@ -3881,53 +3837,53 @@ HREF="#SAMBA-BDC" ><DL ><DT >7.1. <A -HREF="#AEN1193" +HREF="#AEN1180" >Prerequisite Reading</A ></DT ><DT >7.2. <A -HREF="#AEN1197" +HREF="#AEN1184" >Background</A ></DT ><DT >7.3. <A -HREF="#AEN1205" +HREF="#AEN1192" >What qualifies a Domain Controller on the network?</A ></DT ><DD ><DL ><DT >7.3.1. <A -HREF="#AEN1208" +HREF="#AEN1195" >How does a Workstation find its domain controller?</A ></DT ><DT >7.3.2. <A -HREF="#AEN1211" +HREF="#AEN1198" >When is the PDC needed?</A ></DT ></DL ></DD ><DT >7.4. <A -HREF="#AEN1214" +HREF="#AEN1201" >Can Samba be a Backup Domain Controller to an NT PDC?</A ></DT ><DT >7.5. <A -HREF="#AEN1219" +HREF="#AEN1206" >How do I set up a Samba BDC?</A ></DT ><DD ><DL ><DT >7.5.1. <A -HREF="#AEN1236" +HREF="#AEN1223" >How do I replicate the smbpasswd file?</A ></DT ><DT >7.5.2. <A -HREF="#AEN1240" +HREF="#AEN1227" >Can I do this all with LDAP?</A ></DT ></DL @@ -3943,7 +3899,7 @@ HREF="#ADS" ><DL ><DT >8.1. <A -HREF="#AEN1251" +HREF="#AEN1238" >Setup your <TT CLASS="FILENAME" >smb.conf</TT @@ -3951,7 +3907,7 @@ CLASS="FILENAME" ></DT ><DT >8.2. <A -HREF="#AEN1262" +HREF="#AEN1249" >Setup your <TT CLASS="FILENAME" >/etc/krb5.conf</TT @@ -3959,31 +3915,31 @@ CLASS="FILENAME" ></DT ><DT >8.3. <A -HREF="#AEN1273" +HREF="#AEN1260" >Create the computer account</A ></DT ><DD ><DL ><DT >8.3.1. <A -HREF="#AEN1277" +HREF="#AEN1264" >Possible errors</A ></DT ></DL ></DD ><DT >8.4. <A -HREF="#AEN1285" +HREF="#AEN1272" >Test your server setup</A ></DT ><DT >8.5. <A -HREF="#AEN1290" +HREF="#AEN1277" >Testing with smbclient</A ></DT ><DT >8.6. <A -HREF="#AEN1293" +HREF="#AEN1280" >Notes</A ></DT ></DL @@ -3997,12 +3953,12 @@ HREF="#DOMAIN-SECURITY" ><DL ><DT >9.1. <A -HREF="#AEN1315" +HREF="#AEN1302" >Joining an NT Domain with Samba 3.0</A ></DT ><DT >9.2. <A -HREF="#AEN1369" +HREF="#AEN1356" >Why is this better than security = server?</A ></DT ></DL @@ -4061,7 +4017,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN639" +NAME="AEN626" >4.1. Stand Alone Server</A ></H2 ><P @@ -4104,7 +4060,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN646" +NAME="AEN633" >4.2. Domain Member Server</A ></H2 ><P @@ -4135,7 +4091,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN652" +NAME="AEN639" >4.3. Domain Controller</A ></H2 ><P @@ -4147,7 +4103,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN655" +NAME="AEN642" >4.3.1. Domain Controller Types</A ></H3 ><P @@ -4241,7 +4197,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN681" +NAME="AEN668" >5.1. User and Share security level</A ></H2 ><P @@ -4259,7 +4215,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN684" +NAME="AEN671" >5.1.1. User Level Security</A ></H3 ><P @@ -4300,7 +4256,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN694" +NAME="AEN681" >5.1.2. Share Level Security</A ></H3 ><P @@ -4331,7 +4287,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN698" +NAME="AEN685" >5.1.3. Server Level Security</A ></H3 ><P @@ -4367,7 +4323,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN703" +NAME="AEN690" >5.1.3.1. Configuring Samba for Seemless Windows Network Integration</A ></H4 ><P @@ -4479,7 +4435,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN729" +NAME="AEN716" >5.1.3.2. Use MS Windows NT as an authentication server</A ></H4 ><P @@ -4515,7 +4471,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN737" +NAME="AEN724" >5.1.4. Domain Level Security</A ></H3 ><P @@ -4533,7 +4489,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN741" +NAME="AEN728" >5.1.4.1. Samba as a member of an MS Windows NT security domain</A ></H4 ><P @@ -4596,7 +4552,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN758" +NAME="AEN745" >5.1.5. ADS Level Security</A ></H3 ><P @@ -4623,7 +4579,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN785" +NAME="AEN772" >6.1. Prerequisite Reading</A ></H2 ><P @@ -4646,7 +4602,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN790" +NAME="AEN777" >6.2. Background</A ></H2 ><P @@ -4793,7 +4749,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN830" +NAME="AEN817" >6.3. Configuring the Samba Domain Controller</A ></H2 ><P @@ -4990,7 +4946,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN872" +NAME="AEN859" >6.4. Creating Machine Trust Accounts and Joining Clients to the Domain</A ></H2 ><P @@ -5176,7 +5132,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN915" +NAME="AEN902" >6.4.1. Manual Creation of Machine Trust Accounts</A ></H3 ><P @@ -5346,7 +5302,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN956" +NAME="AEN943" >6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A ></H3 ><P @@ -5383,7 +5339,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN965" +NAME="AEN952" >6.4.3. Joining the Client to the Domain</A ></H3 ><P @@ -5451,7 +5407,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN980" +NAME="AEN967" >6.5. Common Problems and Errors</A ></H2 ><P @@ -5650,7 +5606,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1026" +NAME="AEN1013" >6.6. What other help can I get?</A ></H2 ><P @@ -6070,7 +6026,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1140" +NAME="AEN1127" >6.7. Domain Control for Windows 9x/ME</A ></H2 ><P @@ -6169,7 +6125,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1163" +NAME="AEN1150" >6.7.1. Configuration Instructions: Network Logons</A ></H3 ><P @@ -6284,7 +6240,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1193" +NAME="AEN1180" >7.1. Prerequisite Reading</A ></H2 ><P @@ -6301,7 +6257,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1197" +NAME="AEN1184" >7.2. Background</A ></H2 ><P @@ -6346,7 +6302,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1205" +NAME="AEN1192" >7.3. What qualifies a Domain Controller on the network?</A ></H2 ><P @@ -6363,7 +6319,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1208" +NAME="AEN1195" >7.3.1. How does a Workstation find its domain controller?</A ></H3 ><P @@ -6382,7 +6338,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1211" +NAME="AEN1198" >7.3.2. When is the PDC needed?</A ></H3 ><P @@ -6398,7 +6354,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1214" +NAME="AEN1201" >7.4. Can Samba be a Backup Domain Controller to an NT PDC?</A ></H2 ><P @@ -6421,7 +6377,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1219" +NAME="AEN1206" >7.5. How do I set up a Samba BDC?</A ></H2 ><P @@ -6488,7 +6444,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1236" +NAME="AEN1223" >7.5.1. How do I replicate the smbpasswd file?</A ></H3 ><P @@ -6509,7 +6465,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1240" +NAME="AEN1227" >7.5.2. Can I do this all with LDAP?</A ></H3 ><P @@ -6536,7 +6492,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1251" +NAME="AEN1238" >8.1. Setup your <TT CLASS="FILENAME" >smb.conf</TT @@ -6576,7 +6532,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1262" +NAME="AEN1249" >8.2. Setup your <TT CLASS="FILENAME" >/etc/krb5.conf</TT @@ -6618,7 +6574,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1273" +NAME="AEN1260" >8.3. Create the computer account</A ></H2 ><P @@ -6633,7 +6589,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1277" +NAME="AEN1264" >8.3.1. Possible errors</A ></H3 ><P @@ -6658,7 +6614,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1285" +NAME="AEN1272" >8.4. Test your server setup</A ></H2 ><P @@ -6678,7 +6634,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1290" +NAME="AEN1277" >8.5. Testing with smbclient</A ></H2 ><P @@ -6691,7 +6647,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1293" +NAME="AEN1280" >8.6. Notes</A ></H2 ><P @@ -6714,7 +6670,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1315" +NAME="AEN1302" >9.1. Joining an NT Domain with Samba 3.0</A ></H2 ><P @@ -6897,7 +6853,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1369" +NAME="AEN1356" >9.2. Why is this better than security = server?</A ></H2 ><P @@ -7009,7 +6965,7 @@ CLASS="TITLE" ><DIV CLASS="PARTINTRO" ><A -NAME="AEN1387" +NAME="AEN1374" ></A ><H1 >Introduction</H1 @@ -7027,81 +6983,18 @@ CLASS="TOC" ><DT >10. <A HREF="#ADVANCEDNETWORKMANAGEMENT" ->System Policies</A +>Advanced Network Manangement Information</A ></DT ><DD ><DL ><DT >10.1. <A -HREF="#AEN1401" ->Basic System Policy Info</A -></DT -><DD -><DL -><DT ->10.1.1. <A -HREF="#AEN1445" ->Creating Group Prolicy Files</A +HREF="#AEN1388" +>Remote Server Administration</A ></DT ></DL ></DD ><DT ->10.2. <A -HREF="#AEN1456" ->Roaming Profiles</A -></DT -><DD -><DL -><DT ->10.2.1. <A -HREF="#AEN1464" ->Windows NT Configuration</A -></DT -><DT ->10.2.2. <A -HREF="#AEN1473" ->Windows 9X Configuration</A -></DT -><DT ->10.2.3. <A -HREF="#AEN1481" ->Win9X and WinNT Configuration</A -></DT -><DT ->10.2.4. <A -HREF="#AEN1488" ->Windows 9X Profile Setup</A -></DT -><DT ->10.2.5. <A -HREF="#AEN1524" ->Windows NT Workstation 4.0</A -></DT -><DT ->10.2.6. <A -HREF="#AEN1532" ->Windows NT/200x Server</A -></DT -><DT ->10.2.7. <A -HREF="#AEN1535" ->Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A -></DT -><DT ->10.2.8. <A -HREF="#AEN1542" ->Windows NT 4</A -></DT -><DT ->10.2.9. <A -HREF="#AEN1580" ->Windows 2000/XP</A -></DT -></DL -></DD -></DL -></DD -><DT >11. <A HREF="#UNIX-PERMISSIONS" >UNIX Permission Bits and Windows NT Access Control Lists</A @@ -7110,53 +7003,53 @@ HREF="#UNIX-PERMISSIONS" ><DL ><DT >11.1. <A -HREF="#AEN1663" +HREF="#AEN1416" >Viewing and changing UNIX permissions using the NT security dialogs</A ></DT ><DT >11.2. <A -HREF="#AEN1667" +HREF="#AEN1420" >How to view file security on a Samba share</A ></DT ><DT >11.3. <A -HREF="#AEN1678" +HREF="#AEN1431" >Viewing file ownership</A ></DT ><DT >11.4. <A -HREF="#AEN1698" +HREF="#AEN1451" >Viewing file or directory permissions</A ></DT ><DD ><DL ><DT >11.4.1. <A -HREF="#AEN1713" +HREF="#AEN1466" >File Permissions</A ></DT ><DT >11.4.2. <A -HREF="#AEN1727" +HREF="#AEN1480" >Directory Permissions</A ></DT ></DL ></DD ><DT >11.5. <A -HREF="#AEN1734" +HREF="#AEN1487" >Modifying file or directory permissions</A ></DT ><DT >11.6. <A -HREF="#AEN1756" +HREF="#AEN1509" >Interaction with the standard Samba create mask parameters</A ></DT ><DT >11.7. <A -HREF="#AEN1810" +HREF="#AEN1563" >Interaction with the standard Samba file attribute mapping</A ></DT @@ -7177,17 +7070,17 @@ managed authentication</A ><DL ><DT >13.1. <A -HREF="#AEN1866" +HREF="#AEN1619" >Samba and PAM</A ></DT ><DT >13.2. <A -HREF="#AEN1915" +HREF="#AEN1668" >Distributed Authentication</A ></DT ><DT >13.3. <A -HREF="#AEN1920" +HREF="#AEN1673" >PAM Configuration in smb.conf</A ></DT ></DL @@ -7201,122 +7094,122 @@ HREF="#PRINTING" ><DL ><DT >14.1. <A -HREF="#AEN1946" +HREF="#AEN1699" >Introduction</A ></DT ><DT >14.2. <A -HREF="#AEN1968" +HREF="#AEN1721" >Configuration</A ></DT ><DD ><DL ><DT >14.2.1. <A -HREF="#AEN1976" +HREF="#AEN1729" >Creating [print$]</A ></DT ><DT >14.2.2. <A -HREF="#AEN2011" +HREF="#AEN1764" >Setting Drivers for Existing Printers</A ></DT ><DT >14.2.3. <A -HREF="#AEN2027" +HREF="#AEN1780" >Support a large number of printers</A ></DT ><DT >14.2.4. <A -HREF="#AEN2038" +HREF="#AEN1791" >Adding New Printers via the Windows NT APW</A ></DT ><DT >14.2.5. <A -HREF="#AEN2068" +HREF="#AEN1821" >Samba and Printer Ports</A ></DT ></DL ></DD ><DT >14.3. <A -HREF="#AEN2076" +HREF="#AEN1829" >The Imprints Toolset</A ></DT ><DD ><DL ><DT >14.3.1. <A -HREF="#AEN2080" +HREF="#AEN1833" >What is Imprints?</A ></DT ><DT >14.3.2. <A -HREF="#AEN2090" +HREF="#AEN1843" >Creating Printer Driver Packages</A ></DT ><DT >14.3.3. <A -HREF="#AEN2093" +HREF="#AEN1846" >The Imprints server</A ></DT ><DT >14.3.4. <A -HREF="#AEN2097" +HREF="#AEN1850" >The Installation Client</A ></DT ></DL ></DD ><DT >14.4. <A -HREF="#AEN2119" +HREF="#AEN1872" >Diagnosis</A ></DT ><DD ><DL ><DT >14.4.1. <A -HREF="#AEN2121" +HREF="#AEN1874" >Introduction</A ></DT ><DT >14.4.2. <A -HREF="#AEN2137" +HREF="#AEN1890" >Debugging printer problems</A ></DT ><DT >14.4.3. <A -HREF="#AEN2146" +HREF="#AEN1899" >What printers do I have?</A ></DT ><DT >14.4.4. <A -HREF="#AEN2154" +HREF="#AEN1907" >Setting up printcap and print servers</A ></DT ><DT >14.4.5. <A -HREF="#AEN2182" +HREF="#AEN1935" >Job sent, no output</A ></DT ><DT >14.4.6. <A -HREF="#AEN2193" +HREF="#AEN1946" >Job sent, strange output</A ></DT ><DT >14.4.7. <A -HREF="#AEN2205" +HREF="#AEN1958" >Raw PostScript printed</A ></DT ><DT >14.4.8. <A -HREF="#AEN2208" +HREF="#AEN1961" >Advanced Printing</A ></DT ><DT >14.4.9. <A -HREF="#AEN2211" +HREF="#AEN1964" >Real debugging</A ></DT ></DL @@ -7332,46 +7225,46 @@ HREF="#CUPS-PRINTING" ><DL ><DT >15.1. <A -HREF="#AEN2231" +HREF="#AEN1984" >Introduction</A ></DT ><DT >15.2. <A -HREF="#AEN2236" +HREF="#AEN1989" >CUPS - RAW Print Through Mode</A ></DT ><DT >15.3. <A -HREF="#AEN2291" +HREF="#AEN2044" >The CUPS Filter Chains</A ></DT ><DT >15.4. <A -HREF="#AEN2330" +HREF="#AEN2083" >CUPS Print Drivers and Devices</A ></DT ><DD ><DL ><DT >15.4.1. <A -HREF="#AEN2337" +HREF="#AEN2090" >Further printing steps</A ></DT ></DL ></DD ><DT >15.5. <A -HREF="#AEN2407" +HREF="#AEN2160" >Limiting the number of pages users can print</A ></DT ><DT >15.6. <A -HREF="#AEN2496" +HREF="#AEN2249" >Advanced Postscript Printing from MS Windows</A ></DT ><DT >15.7. <A -HREF="#AEN2511" +HREF="#AEN2264" >Auto-Deletion of CUPS spool files</A ></DT ></DL @@ -7385,144 +7278,240 @@ HREF="#WINBIND" ><DL ><DT >16.1. <A -HREF="#AEN2573" +HREF="#AEN2326" >Abstract</A ></DT ><DT >16.2. <A -HREF="#AEN2577" +HREF="#AEN2330" >Introduction</A ></DT ><DT >16.3. <A -HREF="#AEN2590" +HREF="#AEN2343" >What Winbind Provides</A ></DT ><DD ><DL ><DT >16.3.1. <A -HREF="#AEN2597" +HREF="#AEN2350" >Target Uses</A ></DT ></DL ></DD ><DT >16.4. <A -HREF="#AEN2601" +HREF="#AEN2354" >How Winbind Works</A ></DT ><DD ><DL ><DT >16.4.1. <A -HREF="#AEN2606" +HREF="#AEN2359" >Microsoft Remote Procedure Calls</A ></DT ><DT >16.4.2. <A -HREF="#AEN2610" +HREF="#AEN2363" >Microsoft Active Directory Services</A ></DT ><DT >16.4.3. <A -HREF="#AEN2613" +HREF="#AEN2366" >Name Service Switch</A ></DT ><DT >16.4.4. <A -HREF="#AEN2629" +HREF="#AEN2382" >Pluggable Authentication Modules</A ></DT ><DT >16.4.5. <A -HREF="#AEN2637" +HREF="#AEN2390" >User and Group ID Allocation</A ></DT ><DT >16.4.6. <A -HREF="#AEN2641" +HREF="#AEN2394" >Result Caching</A ></DT ></DL ></DD ><DT >16.5. <A -HREF="#AEN2644" +HREF="#AEN2397" >Installation and Configuration</A ></DT ><DD ><DL ><DT >16.5.1. <A -HREF="#AEN2649" +HREF="#AEN2402" >Introduction</A ></DT ><DT >16.5.2. <A -HREF="#AEN2662" +HREF="#AEN2415" >Requirements</A ></DT ><DT >16.5.3. <A -HREF="#AEN2676" +HREF="#AEN2429" >Testing Things Out</A ></DT ></DL ></DD ><DT >16.6. <A -HREF="#AEN2901" +HREF="#AEN2654" >Limitations</A ></DT ><DT >16.7. <A -HREF="#AEN2911" +HREF="#AEN2664" >Conclusion</A ></DT ></DL ></DD ><DT >17. <A +HREF="#POLICYMGMT" +>Policy Management - Hows and Whys</A +></DT +><DD +><DL +><DT +>17.1. <A +HREF="#AEN2678" +>System Policies</A +></DT +><DD +><DL +><DT +>17.1.1. <A +HREF="#AEN2692" +>Creating and Managing Windows 9x/Me Policies</A +></DT +><DT +>17.1.2. <A +HREF="#AEN2704" +>Creating and Managing Windows NT4 Style Policy Files</A +></DT +><DT +>17.1.3. <A +HREF="#AEN2722" +>Creating and Managing MS Windows 200x Policies</A +></DT +></DL +></DD +></DL +></DD +><DT +>18. <A +HREF="#PROFILEMGMT" +>Profile Management</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="#AEN2761" +>Roaming Profiles</A +></DT +><DD +><DL +><DT +>18.1.1. <A +HREF="#AEN2769" +>Windows NT Configuration</A +></DT +><DT +>18.1.2. <A +HREF="#AEN2778" +>Windows 9X Configuration</A +></DT +><DT +>18.1.3. <A +HREF="#AEN2786" +>Win9X and WinNT Configuration</A +></DT +><DT +>18.1.4. <A +HREF="#AEN2793" +>Windows 9X Profile Setup</A +></DT +><DT +>18.1.5. <A +HREF="#AEN2829" +>Windows NT Workstation 4.0</A +></DT +><DT +>18.1.6. <A +HREF="#AEN2837" +>Windows NT/200x Server</A +></DT +><DT +>18.1.7. <A +HREF="#AEN2840" +>Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A +></DT +><DT +>18.1.8. <A +HREF="#AEN2847" +>Windows NT 4</A +></DT +><DT +>18.1.9. <A +HREF="#AEN2885" +>Windows 2000/XP</A +></DT +></DL +></DD +></DL +></DD +><DT +>19. <A HREF="#INTEGRATE-MS-NETWORKS" >Integrating MS Windows networks with Samba</A ></DT ><DD ><DL ><DT ->17.1. <A -HREF="#AEN2932" +>19.1. <A +HREF="#AEN2975" >Name Resolution in a pure Unix/Linux world</A ></DT ><DD ><DL ><DT ->17.1.1. <A -HREF="#AEN2948" +>19.1.1. <A +HREF="#AEN2991" ><TT CLASS="FILENAME" >/etc/hosts</TT ></A ></DT ><DT ->17.1.2. <A -HREF="#AEN2964" +>19.1.2. <A +HREF="#AEN3007" ><TT CLASS="FILENAME" >/etc/resolv.conf</TT ></A ></DT ><DT ->17.1.3. <A -HREF="#AEN2975" +>19.1.3. <A +HREF="#AEN3018" ><TT CLASS="FILENAME" >/etc/host.conf</TT ></A ></DT ><DT ->17.1.4. <A -HREF="#AEN2983" +>19.1.4. <A +HREF="#AEN3026" ><TT CLASS="FILENAME" >/etc/nsswitch.conf</TT @@ -7531,35 +7520,35 @@ CLASS="FILENAME" ></DL ></DD ><DT ->17.2. <A -HREF="#AEN2995" +>19.2. <A +HREF="#AEN3038" >Name resolution as used within MS Windows networking</A ></DT ><DD ><DL ><DT ->17.2.1. <A -HREF="#AEN3007" +>19.2.1. <A +HREF="#AEN3050" >The NetBIOS Name Cache</A ></DT ><DT ->17.2.2. <A -HREF="#AEN3012" +>19.2.2. <A +HREF="#AEN3055" >The LMHOSTS file</A ></DT ><DT ->17.2.3. <A -HREF="#AEN3020" +>19.2.3. <A +HREF="#AEN3063" >HOSTS file</A ></DT ><DT ->17.2.4. <A -HREF="#AEN3025" +>19.2.4. <A +HREF="#AEN3068" >DNS Lookup</A ></DT ><DT ->17.2.5. <A -HREF="#AEN3028" +>19.2.5. <A +HREF="#AEN3071" >WINS Lookup</A ></DT ></DL @@ -7567,95 +7556,95 @@ HREF="#AEN3028" ></DL ></DD ><DT ->18. <A +>20. <A HREF="#IMPROVED-BROWSING" >Improved browsing in samba</A ></DT ><DD ><DL ><DT ->18.1. <A -HREF="#AEN3047" +>20.1. <A +HREF="#AEN3090" >Overview of browsing</A ></DT ><DT ->18.2. <A -HREF="#AEN3052" +>20.2. <A +HREF="#AEN3095" >Browsing support in samba</A ></DT ><DT ->18.3. <A -HREF="#AEN3060" +>20.3. <A +HREF="#AEN3103" >Problem resolution</A ></DT ><DT ->18.4. <A -HREF="#AEN3069" +>20.4. <A +HREF="#AEN3112" >Browsing across subnets</A ></DT ><DD ><DL ><DT ->18.4.1. <A -HREF="#AEN3074" +>20.4.1. <A +HREF="#AEN3117" >How does cross subnet browsing work ?</A ></DT ></DL ></DD ><DT ->18.5. <A -HREF="#AEN3109" +>20.5. <A +HREF="#AEN3152" >Setting up a WINS server</A ></DT ><DT ->18.6. <A -HREF="#AEN3128" +>20.6. <A +HREF="#AEN3171" >Setting up Browsing in a WORKGROUP</A ></DT ><DT ->18.7. <A -HREF="#AEN3146" +>20.7. <A +HREF="#AEN3189" >Setting up Browsing in a DOMAIN</A ></DT ><DT ->18.8. <A -HREF="#AEN3156" +>20.8. <A +HREF="#AEN3199" >Forcing samba to be the master</A ></DT ><DT ->18.9. <A -HREF="#AEN3165" +>20.9. <A +HREF="#AEN3208" >Making samba the domain master</A ></DT ><DT ->18.10. <A -HREF="#AEN3183" +>20.10. <A +HREF="#AEN3226" >Note about broadcast addresses</A ></DT ><DT ->18.11. <A -HREF="#AEN3186" +>20.11. <A +HREF="#AEN3229" >Multiple interfaces</A ></DT ></DL ></DD ><DT ->19. <A +>21. <A HREF="#MSDFS" >Hosting a Microsoft Distributed File System tree on Samba</A ></DT ><DD ><DL ><DT ->19.1. <A -HREF="#AEN3200" +>21.1. <A +HREF="#AEN3243" >Instructions</A ></DT ><DD ><DL ><DT ->19.1.1. <A -HREF="#AEN3235" +>21.1.1. <A +HREF="#AEN3278" >Notes</A ></DT ></DL @@ -7663,56 +7652,56 @@ HREF="#AEN3235" ></DL ></DD ><DT ->20. <A +>22. <A HREF="#VFS" >Stackable VFS modules</A ></DT ><DD ><DL ><DT ->20.1. <A -HREF="#AEN3259" +>22.1. <A +HREF="#AEN3302" >Introduction and configuration</A ></DT ><DT ->20.2. <A -HREF="#AEN3268" +>22.2. <A +HREF="#AEN3311" >Included modules</A ></DT ><DD ><DL ><DT ->20.2.1. <A -HREF="#AEN3270" +>22.2.1. <A +HREF="#AEN3313" >audit</A ></DT ><DT ->20.2.2. <A -HREF="#AEN3278" +>22.2.2. <A +HREF="#AEN3321" >recycle</A ></DT ><DT ->20.2.3. <A -HREF="#AEN3315" +>22.2.3. <A +HREF="#AEN3358" >netatalk</A ></DT ></DL ></DD ><DT ->20.3. <A -HREF="#AEN3322" +>22.3. <A +HREF="#AEN3365" >VFS modules available elsewhere</A ></DT ><DD ><DL ><DT ->20.3.1. <A -HREF="#AEN3326" +>22.3.1. <A +HREF="#AEN3369" >DatabaseFS</A ></DT ><DT ->20.3.2. <A -HREF="#AEN3334" +>22.3.2. <A +HREF="#AEN3377" >vscan</A ></DT ></DL @@ -7720,59 +7709,59 @@ HREF="#AEN3334" ></DL ></DD ><DT ->21. <A +>23. <A HREF="#SECURING-SAMBA" >Securing Samba</A ></DT ><DD ><DL ><DT ->21.1. <A -HREF="#AEN3348" +>23.1. <A +HREF="#AEN3391" >Introduction</A ></DT ><DT ->21.2. <A -HREF="#AEN3351" +>23.2. <A +HREF="#AEN3394" >Using host based protection</A ></DT ><DT ->21.3. <A -HREF="#AEN3358" +>23.3. <A +HREF="#AEN3401" >Using interface protection</A ></DT ><DT ->21.4. <A -HREF="#AEN3367" +>23.4. <A +HREF="#AEN3410" >Using a firewall</A ></DT ><DT ->21.5. <A -HREF="#AEN3374" +>23.5. <A +HREF="#AEN3417" >Using a IPC$ share deny</A ></DT ><DT ->21.6. <A -HREF="#AEN3383" +>23.6. <A +HREF="#AEN3426" >Upgrading Samba</A ></DT ></DL ></DD ><DT ->22. <A +>24. <A HREF="#UNICODE" >Unicode/Charsets</A ></DT ><DD ><DL ><DT ->22.1. <A -HREF="#AEN3397" +>24.1. <A +HREF="#AEN3440" >What are charsets and unicode?</A ></DT ><DT ->22.2. <A -HREF="#AEN3406" +>24.2. <A +HREF="#AEN3449" >Samba and charsets</A ></DT ></DL @@ -7786,149 +7775,29 @@ CLASS="CHAPTER" ><A NAME="ADVANCEDNETWORKMANAGEMENT" ></A ->Chapter 10. System Policies</H1 +>Chapter 10. Advanced Network Manangement Information</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1401" ->10.1. Basic System Policy Info</A +NAME="AEN1388" +>10.1. Remote Server Administration</A ></H2 ><P ->Much of the information necessary to implement System Policies and -Roaming User Profiles in a Samba domain is the same as that for -implementing these same items in a Windows NT 4.0 domain. -You should read the white paper <A -HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp" -TARGET="_top" ->Implementing -Profiles and Policies in Windows NT 4.0</A -> available from Microsoft.</P -><P ->Here are some additional details:</P -><P -></P -><UL -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->What about Windows NT Policy Editor?</I -></SPAN -> - </P -><P -> To create or edit <TT -CLASS="FILENAME" ->ntconfig.pol</TT -> you must use - the NT Server Policy Editor, <B -CLASS="COMMAND" ->poledit.exe</B -> which - is included with NT Server but <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->not NT Workstation</I -></SPAN ->. - There is a Policy Editor on a NTws - but it is not suitable for creating <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Domain Policies</I -></SPAN ->. - Further, although the Windows 95 - Policy Editor can be installed on an NT Workstation/Server, it will not - work with NT policies because the registry key that are set by the policy templates. - However, the files from the NT Server will run happily enough on an NTws. - You need <TT -CLASS="FILENAME" ->poledit.exe, common.adm</TT -> and <TT -CLASS="FILENAME" ->winnt.adm</TT ->. It is convenient - to put the two *.adm files in <TT -CLASS="FILENAME" ->c:\winnt\inf</TT -> which is where - the binary will look for them unless told otherwise. Note also that that - directory is 'hidden'. - </P -><P -> The Windows NT policy editor is also included with the Service Pack 3 (and - later) for Windows NT 4.0. Extract the files using <B -CLASS="COMMAND" ->servicepackname /x</B ->, - i.e. that's <B -CLASS="COMMAND" ->Nt4sp6ai.exe /x</B -> for service pack 6a. The policy editor, - <B -CLASS="COMMAND" ->poledit.exe</B -> and the associated template files (*.adm) should - be extracted as well. It is also possible to downloaded the policy template - files for Office97 and get a copy of the policy editor. Another possible - location is with the Zero Administration Kit available for download from Microsoft. - </P -></LI -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Can Win95 do Policies?</I -></SPAN -> - </P -><P -> Install the group policy handler for Win9x to pick up group - policies. Look on the Win98 CD in <TT -CLASS="FILENAME" ->\tools\reskit\netadmin\poledit</TT ->. - Install group policies on a Win9x client by double-clicking - <TT -CLASS="FILENAME" ->grouppol.inf</TT ->. Log off and on again a couple of - times and see if Win98 picks up group policies. Unfortunately this needs - to be done on every Win9x machine that uses group policies.... - </P -><P -> If group policies don't work one reports suggests getting the updated - (read: working) grouppol.dll for Windows 9x. The group list is grabbed - from /etc/group. - </P -></LI -><LI -><P -> <SPAN +><SPAN CLASS="emphasis" ><I CLASS="EMPHASIS" >How do I get 'User Manager' and 'Server Manager'</I ></SPAN -> - </P +></P ><P -> Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager'? - </P +>Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains', +the 'Server Manager'?</P ><P -> Microsoft distributes a version of these tools called nexus for - installation on Windows 95 systems. The tools set includes - </P +>Microsoft distributes a version of these tools called nexus for installation on Windows 95 +systems. The tools set includes:</P ><P ></P ><UL @@ -7946,890 +7815,19 @@ CLASS="EMPHASIS" ></LI ></UL ><P -> Click here to download the archived file <A +>Click here to download the archived file <A HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE" TARGET="_top" >ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A -> - </P +></P ><P -> The Windows NT 4.0 version of the 'User Manager for - Domains' and 'Server Manager' are available from Microsoft via ftp - from <A +>The Windows NT 4.0 version of the 'User Manager for +Domains' and 'Server Manager' are available from Microsoft via ftp +from <A HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" TARGET="_top" >ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A -> - </P -></LI -></UL -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1445" ->10.1.1. Creating Group Prolicy Files</A -></H3 -><DIV -CLASS="SECT3" -><H4 -CLASS="SECT3" -><A -NAME="AEN1447" ->10.1.1.1. Windows '9x</A -></H4 -><P ->You need the Win98 Group Policy Editor to -set Group Profiles up under Windows '9x. It can be found on the Original -full product Win98 installation CD under -<TT -CLASS="FILENAME" ->tools/reskit/netadmin/poledit</TT ->. You install this -using the Add/Remove Programs facility and then click on the 'Have Disk' -tab.</P -><P ->Use the Group Policy Editor to create a policy file that specifies the -location of user profiles and/or the <TT -CLASS="FILENAME" ->My Documents</TT -> etc. -stuff. You then save these settings in a file called -<TT -CLASS="FILENAME" ->Config.POL</TT -> that needs to be placed in -the root of the [NETLOGON] share. If your Win98 is configured to log onto -the Samba Domain, it will automatically read this file and update the -Win9x/Me registry of the machine that is logging on.</P -><P ->All of this is covered in the Win98 Resource Kit documentation.</P -><P ->If you do not do it this way, then every so often Win9x/Me will check the -integrity of the registry and will restore it's settings from the back-up -copy of the registry it stores on each Win9x/Me machine. Hence, you will -occasionally notice things changing back to the original settings.</P -></DIV -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H2 -CLASS="SECT1" -><A -NAME="AEN1456" ->10.2. Roaming Profiles</A -></H2 -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" -HSPACE="5" -ALT="Warning"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->NOTE!</I -></SPAN -> Roaming profiles support is different for Win9X and WinNT.</P -></TD -></TR -></TABLE -></DIV -><P ->Before discussing how to configure roaming profiles, it is useful to see how -Win9X and WinNT clients implement these features.</P -><P ->Win9X clients send a NetUserGetInfo request to the server to get the user's -profiles location. However, the response does not have room for a separate -profiles location field, only the user's home share. This means that Win9X -profiles are restricted to being in the user's home directory.</P -><P ->WinNT clients send a NetSAMLogon RPC request, which contains many fields, -including a separate field for the location of the user's profiles. -This means that support for profiles is different for Win9X and WinNT.</P -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1464" ->10.2.1. Windows NT Configuration</A -></H3 -><P ->To support WinNT clients, in the [global] section of smb.conf set the -following (for example):</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE -></P -><P ->The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile. The \\N%\%U service is created -automatically by the [homes] service. -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. </P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->homes</I -></SPAN -> -meta-service name as part of the profile share path.</P -></TD -></TR -></TABLE -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1473" ->10.2.2. Windows 9X Configuration</A -></H3 -><P ->To support Win9X clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter.</P -><P ->By using the logon home parameter, you are restricted to putting Win9X -profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your -smb.conf file:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon home = \\%L\%U\.profiles</PRE -></P -><P ->then your Win9X clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden).</P -><P ->Not only that, but 'net use/home' will also work, because of a feature in -Win9X. It removes any directory stuff off the end of the home directory area -and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home".</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1481" ->10.2.3. Win9X and WinNT Configuration</A -></H3 -><P ->You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon home = \\%L\%U\.profiles -logon path = \\%L\profiles\%U</PRE -></P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->I have not checked what 'net use /home' does on NT when "logon home" is -set as above.</P -></TD -></TR -></TABLE -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1488" ->10.2.4. Windows 9X Profile Setup</A -></H3 -><P ->When a user first logs in on Windows 9X, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short preserve case = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders.</P -><P ->The user.DAT file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file.</P -><P ></P -><OL -TYPE="1" -><LI -><P -> On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - </P -></LI -><LI -><P -> On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer - to reboot. - </P -></LI -></OL -><P ->Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server. If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me.</P -><P ->You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password.</P -><P ->Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'.</P -><P ->Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created.</P -><P ->These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set.</P -><P ->If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the Unix file -permissions and ownership rights on the profile directory contents, -on the samba server.</P -><P ->If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time".</P -><P -></P -><OL -TYPE="1" -><LI -><P -> instead of logging in under the [user, password, domain] dialog, - press escape. - </P -></LI -><LI -><P -> run the regedit.exe program, and look in: - </P -><P -> HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - </P -><P -> you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - </P -><P -> [Exit the registry editor]. - </P -></LI -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->WARNING</I -></SPAN -> - before deleting the contents of the - directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - </P -><P -> This will have the effect of removing the local (read-only hidden - system file) user.DAT in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - </P -></LI -><LI -><P -> search for the user's .PWL password-caching file in the c:\windows - directory, and delete it. - </P -></LI -><LI -><P -> log off the windows 95 client. - </P -></LI -><LI -><P -> check the contents of the profile path (see "logon path" described - above), and delete the user.DAT or user.MAN file for the user, - making a backup if required. - </P -></LI -></OL -><P ->If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports.</P -><P ->If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server. Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1524" ->10.2.5. Windows NT Workstation 4.0</A -></H3 -><P ->When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created. The profile location can be now specified -through the "logon path" parameter. </P -><P ->There is a parameter that is now available for use with NT Profiles: -"logon drive". This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter.</P -><P ->The entry for the NT 4.0 profile is a _directory_ not a file. The NT -help on profiles mentions that a directory is also created with a .PDS -extension. The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension -for those situations where it might be created.)</P -><P ->In the profile directory, NT creates more folders than 95. It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs". The profile itself is stored in a file -NTuser.DAT. Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown.</P -><P ->You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you). The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one.</P -><P ->The case of the profile is significant. The file must be called -NTuser.DAT or, for a mandatory profile, NTuser.MAN.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1532" ->10.2.6. Windows NT/200x Server</A -></H3 -><P ->There is nothing to stop you specifying any path that you like for the -location of users' profiles. Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1535" ->10.2.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A -></H3 -><P ->Sharing of desktop profiles between Windows versions is NOT recommended. -Desktop profiles are an evolving phenomenon and profiles for later versions -of MS Windows clients add features that may interfere with earlier versions -of MS Windows clients. Probably the more salient reason to NOT mix profiles -is that when logging off an earlier version of MS Windows the older format -of profile contents may overwrite information that belongs to the newer -version resulting in loss of profile information content when that user logs -on again with the newer version of MS Windows.</P -><P ->If you then want to share the same Start Menu / Desktop with W9x/Me, you will -need to specify a common location for the profiles. The smb.conf parameters -that need to be common are <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->logon path</I -></SPAN -> and -<SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->logon home</I -></SPAN ->.</P -><P ->If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1542" ->10.2.8. Windows NT 4</A -></H3 -><P ->Unfortunately, the Resource Kit info is Win NT4 or 200x specific.</P -><P ->Here is a quick guide:</P -><P -></P -><UL -><LI -><P ->On your NT4 Domain Controller, right click on 'My Computer', then -select the tab labelled 'User Profiles'.</P -></LI -><LI -><P ->Select a user profile you want to migrate and click on it.</P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="90%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->I am using the term "migrate" lossely. You can copy a profile to -create a group profile. You can give the user 'Everyone' rights to the -profile you copy this to. That is what you need to do, since your samba -domain is not a member of a trust relationship with your NT4 PDC.</P -></TD -></TR -></TABLE -></DIV -></LI -><LI -><P ->Click the 'Copy To' button.</P -></LI -><LI -><P ->In the box labelled 'Copy Profile to' add your new path, eg: -<TT -CLASS="FILENAME" ->c:\temp\foobar</TT -></P -></LI -><LI -><P ->Click on the button labelled 'Change' in the "Permitted to use" box.</P -></LI -><LI -><P ->Click on the group 'Everyone' and then click OK. This closes the -'chose user' box.</P -></LI -><LI -><P ->Now click OK.</P -></LI -></UL -><P ->Follow the above for every profile you need to migrate.</P -><DIV -CLASS="SECT3" -><HR><H4 -CLASS="SECT3" -><A -NAME="AEN1565" ->10.2.8.1. Side bar Notes</A -></H4 -><P ->You should obtain the SID of your NT4 domain. You can use smbpasswd to do -this. Read the man page.</P -><P ->With Samba-3.0.0 alpha code you can import all you NT4 domain accounts -using the net samsync method. This way you can retain your profile -settings as well as all your users.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H4 -CLASS="SECT3" -><A -NAME="AEN1569" ->10.2.8.2. Mandatory profiles</A -></H4 -><P ->The above method can be used to create mandatory profiles also. To convert -a group profile into a mandatory profile simply locate the NTUser.DAT file -in the copied profile and rename it to NTUser.MAN.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H4 -CLASS="SECT3" -><A -NAME="AEN1572" ->10.2.8.3. moveuser.exe</A -></H4 -><P ->The W2K professional resource kit has moveuser.exe. moveuser.exe changes -the security of a profile from one user to another. This allows the account -domain to change, and/or the user name to change.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H4 -CLASS="SECT3" -><A -NAME="AEN1575" ->10.2.8.4. Get SID</A -></H4 -><P ->You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 -Resource Kit.</P -><P ->Windows NT 4.0 stores the local profile information in the registry under -the following key: -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P -><P ->Under the ProfileList key, there will be subkeys named with the SIDs of the -users who have logged on to this computer. (To find the profile information -for the user whose locally cached profile you want to move, find the SID for -the user with the GetSID.exe utility.) Inside of the appropriate user's -subkey, you will see a string value named ProfileImagePath.</P -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1580" ->10.2.9. Windows 2000/XP</A -></H3 -><P ->You must first convert the profile from a local profile to a domain -profile on the MS Windows workstation as follows:</P -><P -></P -><UL -><LI -><P ->Log on as the LOCAL workstation administrator.</P -></LI -><LI -><P ->Right click on the 'My Computer' Icon, select 'Properties'</P -></LI -><LI -><P ->Click on the 'User Profiles' tab</P -></LI -><LI -><P ->Select the profile you wish to convert (click on it once)</P -></LI -><LI -><P ->Click on the button 'Copy To'</P -></LI -><LI -><P ->In the "Permitted to use" box, click on the 'Change' button.</P -></LI -><LI -><P ->Click on the 'Look in" area that lists the machine name, when you click -here it will open up a selection box. Click on the domain to which the -profile must be accessible.</P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="90%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->You will need to log on if a logon box opens up. Eg: In the connect -as: MIDEARTH\root, password: mypassword.</P -></TD -></TR -></TABLE -></DIV -></LI -><LI -><P ->To make the profile capable of being used by anyone select 'Everyone'</P -></LI -><LI -><P ->Click OK. The Selection box will close.</P -></LI -><LI -><P ->Now click on the 'Ok' button to create the profile in the path you -nominated.</P -></LI -></UL -><P ->Done. You now have a profile that can be editted using the samba-3.0.0 -profiles tool.</P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->Under NT/2K the use of mandotory profiles forces the use of MS Exchange -storage of mail data. That keeps desktop profiles usable.</P -></TD -></TR -></TABLE -></DIV -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P -></P -><UL -><LI -><P ->This is a security check new to Windows XP (or maybe only -Windows XP service pack 1). It can be disabled via a group policy in -Active Directory. The policy is:</P -><P ->"Computer Configuration\Administrative Templates\System\User -Profiles\Do not check for user ownership of Roaming Profile Folders"</P -><P ->...and it should be set to "Enabled". -Does the new version of samba have an Active Directory analogue? If so, -then you may be able to set the policy through this.</P -><P ->If you cannot set group policies in samba, then you may be able to set -the policy locally on each machine. If you want to try this, then do -the following (N.B. I don't know for sure that this will work in the -same way as a domain group policy):</P -></LI -><LI -><P ->On the XP workstation log in with an Administrator account.</P -></LI -><LI -><P ->Click: "Start", "Run"</P -></LI -><LI -><P ->Type: "mmc"</P -></LI -><LI -><P ->Click: "OK"</P -></LI -><LI -><P ->A Microsoft Management Console should appear.</P -></LI -><LI -><P ->Click: File, "Add/Remove Snap-in...", "Add"</P -></LI -><LI -><P ->Double-Click: "Group Policy"</P -></LI -><LI -><P ->Click: "Finish", "Close"</P -></LI -><LI -><P ->Click: "OK"</P -></LI -><LI -><P ->In the "Console Root" window:</P -></LI -><LI -><P ->Expand: "Local Computer Policy", "Computer Configuration",</P -></LI -><LI -><P ->"Administrative Templates", "System", "User Profiles"</P -></LI -><LI -><P ->Double-Click: "Do not check for user ownership of Roaming Profile</P -></LI -><LI -><P ->Folders"</P -></LI -><LI -><P ->Select: "Enabled"</P -></LI -><LI -><P ->Click: OK"</P -></LI -><LI -><P ->Close the whole console. You do not need to save the settings (this -refers to the console settings rather than the policies you have -changed).</P -></LI -><LI -><P ->Reboot</P -></LI -></UL -></TD -></TR -></TABLE -></DIV -></DIV ></DIV ></DIV ><DIV @@ -8844,7 +7842,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1663" +NAME="AEN1416" >11.1. Viewing and changing UNIX permissions using the NT security dialogs</A ></H2 @@ -8862,7 +7860,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1667" +NAME="AEN1420" >11.2. How to view file security on a Samba share</A ></H2 ><P @@ -8931,7 +7929,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1678" +NAME="AEN1431" >11.3. Viewing file ownership</A ></H2 ><P @@ -9017,7 +8015,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1698" +NAME="AEN1451" >11.4. Viewing file or directory permissions</A ></H2 ><P @@ -9071,7 +8069,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1713" +NAME="AEN1466" >11.4.1. File Permissions</A ></H3 ><P @@ -9133,7 +8131,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1727" +NAME="AEN1480" >11.4.2. Directory Permissions</A ></H3 ><P @@ -9165,7 +8163,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1734" +NAME="AEN1487" >11.5. Modifying file or directory permissions</A ></H2 ><P @@ -9261,7 +8259,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1756" +NAME="AEN1509" >11.6. Interaction with the standard Samba create mask parameters</A ></H2 @@ -9455,7 +8453,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1810" +NAME="AEN1563" >11.7. Interaction with the standard Samba file attribute mapping</A ></H2 @@ -9612,7 +8610,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1866" +NAME="AEN1619" >13.1. Samba and PAM</A ></H2 ><P @@ -9889,7 +8887,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1915" +NAME="AEN1668" >13.2. Distributed Authentication</A ></H2 ><P @@ -9915,7 +8913,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1920" +NAME="AEN1673" >13.3. PAM Configuration in smb.conf</A ></H2 ><P @@ -9963,7 +8961,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN1946" +NAME="AEN1699" >14.1. Introduction</A ></H2 ><P @@ -10046,7 +9044,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN1968" +NAME="AEN1721" >14.2. Configuration</A ></H2 ><DIV @@ -10108,7 +9106,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN1976" +NAME="AEN1729" >14.2.1. Creating [print$]</A ></H3 ><P @@ -10325,7 +9323,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2011" +NAME="AEN1764" >14.2.2. Setting Drivers for Existing Printers</A ></H3 ><P @@ -10397,7 +9395,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2027" +NAME="AEN1780" >14.2.3. Support a large number of printers</A ></H3 ><P @@ -10463,7 +9461,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2038" +NAME="AEN1791" >14.2.4. Adding New Printers via the Windows NT APW</A ></H3 ><P @@ -10618,7 +9616,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2068" +NAME="AEN1821" >14.2.5. Samba and Printer Ports</A ></H3 ><P @@ -10653,7 +9651,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2076" +NAME="AEN1829" >14.3. The Imprints Toolset</A ></H2 ><P @@ -10671,7 +9669,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2080" +NAME="AEN1833" >14.3.1. What is Imprints?</A ></H3 ><P @@ -10703,7 +9701,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2090" +NAME="AEN1843" >14.3.2. Creating Printer Driver Packages</A ></H3 ><P @@ -10719,7 +9717,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2093" +NAME="AEN1846" >14.3.3. The Imprints server</A ></H3 ><P @@ -10743,7 +9741,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2097" +NAME="AEN1850" >14.3.4. The Installation Client</A ></H3 ><P @@ -10837,7 +9835,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2119" +NAME="AEN1872" >14.4. Diagnosis</A ></H2 ><DIV @@ -10845,7 +9843,7 @@ CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN2121" +NAME="AEN1874" >14.4.1. Introduction</A ></H3 ><P @@ -10920,7 +9918,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2137" +NAME="AEN1890" >14.4.2. Debugging printer problems</A ></H3 ><P @@ -10977,7 +9975,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2146" +NAME="AEN1899" >14.4.3. What printers do I have?</A ></H3 ><P @@ -11006,7 +10004,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2154" +NAME="AEN1907" >14.4.4. Setting up printcap and print servers</A ></H3 ><P @@ -11090,7 +10088,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2182" +NAME="AEN1935" >14.4.5. Job sent, no output</A ></H3 ><P @@ -11135,7 +10133,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2193" +NAME="AEN1946" >14.4.6. Job sent, strange output</A ></H3 ><P @@ -11181,7 +10179,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2205" +NAME="AEN1958" >14.4.7. Raw PostScript printed</A ></H3 ><P @@ -11196,7 +10194,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2208" +NAME="AEN1961" >14.4.8. Advanced Printing</A ></H3 ><P @@ -11212,7 +10210,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2211" +NAME="AEN1964" >14.4.9. Real debugging</A ></H3 ><P @@ -11233,7 +10231,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN2231" +NAME="AEN1984" >15.1. Introduction</A ></H2 ><P @@ -11261,7 +10259,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2236" +NAME="AEN1989" >15.2. CUPS - RAW Print Through Mode</A ></H2 ><P @@ -11547,7 +10545,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2291" +NAME="AEN2044" >15.3. The CUPS Filter Chains</A ></H2 ><P @@ -11995,7 +10993,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2330" +NAME="AEN2083" >15.4. CUPS Print Drivers and Devices</A ></H2 ><P @@ -12025,7 +11023,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2337" +NAME="AEN2090" >15.4.1. Further printing steps</A ></H3 ><P @@ -12349,7 +11347,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2407" +NAME="AEN2160" >15.5. Limiting the number of pages users can print</A ></H2 ><P @@ -12872,7 +11870,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2496" +NAME="AEN2249" >15.6. Advanced Postscript Printing from MS Windows</A ></H2 ><P @@ -12963,7 +11961,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2511" +NAME="AEN2264" >15.7. Auto-Deletion of CUPS spool files</A ></H2 ><P @@ -13099,7 +12097,7 @@ CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN2573" +NAME="AEN2326" >16.1. Abstract</A ></H2 ><P @@ -13126,7 +12124,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2577" +NAME="AEN2330" >16.2. Introduction</A ></H2 ><P @@ -13180,7 +12178,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2590" +NAME="AEN2343" >16.3. What Winbind Provides</A ></H2 ><P @@ -13222,7 +12220,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2597" +NAME="AEN2350" >16.3.1. Target Uses</A ></H3 ><P @@ -13246,7 +12244,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2601" +NAME="AEN2354" >16.4. How Winbind Works</A ></H2 ><P @@ -13266,7 +12264,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2606" +NAME="AEN2359" >16.4.1. Microsoft Remote Procedure Calls</A ></H3 ><P @@ -13292,7 +12290,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2610" +NAME="AEN2363" >16.4.2. Microsoft Active Directory Services</A ></H3 ><P @@ -13311,7 +12309,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2613" +NAME="AEN2366" >16.4.3. Name Service Switch</A ></H3 ><P @@ -13391,7 +12389,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2629" +NAME="AEN2382" >16.4.4. Pluggable Authentication Modules</A ></H3 ><P @@ -13440,7 +12438,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2637" +NAME="AEN2390" >16.4.5. User and Group ID Allocation</A ></H3 ><P @@ -13466,7 +12464,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2641" +NAME="AEN2394" >16.4.6. Result Caching</A ></H3 ><P @@ -13489,7 +12487,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2644" +NAME="AEN2397" >16.5. Installation and Configuration</A ></H2 ><P @@ -13508,7 +12506,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2649" +NAME="AEN2402" >16.5.1. Introduction</A ></H3 ><P @@ -13567,7 +12565,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2662" +NAME="AEN2415" >16.5.2. Requirements</A ></H3 ><P @@ -13637,7 +12635,7 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2676" +NAME="AEN2429" >16.5.3. Testing Things Out</A ></H3 ><P @@ -13682,7 +12680,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2687" +NAME="AEN2440" >16.5.3.1. Configure and compile SAMBA</A ></H4 ><P @@ -13748,7 +12746,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2706" +NAME="AEN2459" >16.5.3.2. Configure <TT CLASS="FILENAME" >nsswitch.conf</TT @@ -13853,7 +12851,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2739" +NAME="AEN2492" >16.5.3.3. Configure smb.conf</A ></H4 ><P @@ -13928,7 +12926,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2755" +NAME="AEN2508" >16.5.3.4. Join the SAMBA server to the PDC domain</A ></H4 ><P @@ -13966,7 +12964,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2766" +NAME="AEN2519" >16.5.3.5. Start up the winbindd daemon and test it!</A ></H4 ><P @@ -14102,7 +13100,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2806" +NAME="AEN2559" >16.5.3.6. Fix the init.d startup scripts</A ></H4 ><DIV @@ -14110,7 +13108,7 @@ CLASS="SECT4" ><H5 CLASS="SECT4" ><A -NAME="AEN2808" +NAME="AEN2561" >16.5.3.6.1. Linux</A ></H5 ><P @@ -14220,7 +13218,7 @@ CLASS="SECT4" ><HR><H5 CLASS="SECT4" ><A -NAME="AEN2828" +NAME="AEN2581" >16.5.3.6.2. Solaris</A ></H5 ><P @@ -14304,7 +13302,7 @@ CLASS="SECT4" ><HR><H5 CLASS="SECT4" ><A -NAME="AEN2838" +NAME="AEN2591" >16.5.3.6.3. Restarting</A ></H5 ><P @@ -14328,7 +13326,7 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN2844" +NAME="AEN2597" >16.5.3.7. Configure Winbind and PAM</A ></H4 ><P @@ -14386,7 +13384,7 @@ CLASS="SECT4" ><HR><H5 CLASS="SECT4" ><A -NAME="AEN2861" +NAME="AEN2614" >16.5.3.7.1. Linux/FreeBSD-specific PAM configuration</A ></H5 ><P @@ -14515,7 +13513,7 @@ CLASS="SECT4" ><HR><H5 CLASS="SECT4" ><A -NAME="AEN2894" +NAME="AEN2647" >16.5.3.7.2. Solaris-specific configuration</A ></H5 ><P @@ -14602,7 +13600,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2901" +NAME="AEN2654" >16.6. Limitations</A ></H2 ><P @@ -14644,7 +13642,7 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2911" +NAME="AEN2664" >16.7. Conclusion</A ></H2 ><P @@ -14660,9 +13658,1182 @@ NAME="AEN2911" CLASS="CHAPTER" ><HR><H1 ><A +NAME="POLICYMGMT" +></A +>Chapter 17. Policy Management - Hows and Whys</H1 +><DIV +CLASS="SECT1" +><H2 +CLASS="SECT1" +><A +NAME="AEN2678" +>17.1. System Policies</A +></H2 +><P +>Under MS Windows platforms, particularly those following the release of MS Windows +NT4 and MS Windows 95) it is possible to create a type of file that would be placed +in the NETLOGON share of a domain controller. As the client logs onto the network +this file is read and the contents initiate changes to the registry of the client +machine. This file allows changes to be made to those parts of the registry that +affect users, groups of users, or machines.</P +><P +>For MS Windows 9x/Me this file must be called <TT +CLASS="FILENAME" +>Config.POL</TT +> and may +be generated using a tool called <TT +CLASS="FILENAME" +>poledit.exe</TT +>, better known as the +Policy Editor. The policy editor was provided on the Windows 98 installation CD, but +dissappeared again with the introduction of MS Windows Me (Millenium Edition). From +comments from MS Windows network administrators it would appear that this tool became +a part of the MS Windows Me Resource Kit.</P +><P +>MS Windows NT4 Server products include the <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>System Policy Editor</I +></SPAN +> +under the <TT +CLASS="FILENAME" +>Start->Programs->Administrative Tools</TT +> menu item. +For MS Windows NT4 and later clients this file must be called <TT +CLASS="FILENAME" +>NTConfig.POL</TT +>.</P +><P +>New with the introduction of MS Windows 2000 was the Microsoft Management Console +or MMC. This tool is the new wave in the ever changing landscape of Microsoft +methods for management of network access and security. Every new Microsoft product +or technology seems to obsolete the old rules and to introduce newer and more +complex tools and methods. To Microsoft's credit though, the MMC does appear to +be a step forward, but improved functionality comes at a great price.</P +><P +>Before embarking on the configuration of network and system policies it is highly +advisable to read the documentation available from Microsoft's web site from +<A +HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp" +TARGET="_top" +>Implementing Profiles and Policies in Windows NT 4.0</A +> available from Microsoft. +There are a large number of documents in addition to this old one that should also +be read and understood. Try searching on the Microsoft web site for "Group Policies".</P +><P +>What follows is a very discussion with some helpful notes. The information provided +here is incomplete - you are warned.</P +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2692" +>17.1.1. Creating and Managing Windows 9x/Me Policies</A +></H3 +><P +>You need the Win98 Group Policy Editor to set Group Profiles up under Windows 9x/Me. +It can be found on the Original full product Win98 installation CD under +<TT +CLASS="FILENAME" +>tools/reskit/netadmin/poledit</TT +>. You install this using the +Add/Remove Programs facility and then click on the 'Have Disk' tab.</P +><P +>Use the Group Policy Editor to create a policy file that specifies the location of +user profiles and/or the <TT +CLASS="FILENAME" +>My Documents</TT +> etc. stuff. You then +save these settings in a file called <TT +CLASS="FILENAME" +>Config.POL</TT +> that needs to +be placed in the root of the [NETLOGON] share. If your Win98 is configured to log onto +the Samba Domain, it will automatically read this file and update the Win9x/Me registry +of the machine that is logging on.</P +><P +>Further details are covered in the Win98 Resource Kit documentation.</P +><P +>If you do not do it this way, then every so often Win9x/Me will check the +integrity of the registry and will restore it's settings from the back-up +copy of the registry it stores on each Win9x/Me machine. Hence, you will +occasionally notice things changing back to the original settings.</P +><P +>Install the group policy handler for Win9x to pick up group policies. Look on the +Win98 CD in <TT +CLASS="FILENAME" +>\tools\reskit\netadmin\poledit</TT +>. +Install group policies on a Win9x client by double-clicking +<TT +CLASS="FILENAME" +>grouppol.inf</TT +>. Log off and on again a couple of times and see +if Win98 picks up group policies. Unfortunately this needs to be done on every +Win9x/Me machine that uses group policies.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2704" +>17.1.2. Creating and Managing Windows NT4 Style Policy Files</A +></H3 +><P +>To create or edit <TT +CLASS="FILENAME" +>ntconfig.pol</TT +> you must use the NT Server +Policy Editor, <B +CLASS="COMMAND" +>poledit.exe</B +> which is included with NT4 Server +but <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>not NT Workstation</I +></SPAN +>. There is a Policy Editor on a NT4 +Workstation but it is not suitable for creating <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Domain Policies</I +></SPAN +>. +Further, although the Windows 95 Policy Editor can be installed on an NT4 +Workstation/Server, it will not work with NT clients. However, the files from +the NT Server will run happily enough on an NT4 Workstation.</P +><P +>You need <TT +CLASS="FILENAME" +>poledit.exe, common.adm</TT +> and <TT +CLASS="FILENAME" +>winnt.adm</TT +>. +It is convenient to put the two *.adm files in the <TT +CLASS="FILENAME" +>c:\winnt\inf</TT +> +directory which is where the binary will look for them unless told otherwise. Note also that that +directory is normally 'hidden'.</P +><P +>The Windows NT policy editor is also included with the Service Pack 3 (and +later) for Windows NT 4.0. Extract the files using <B +CLASS="COMMAND" +>servicepackname /x</B +>, +i.e. that's <B +CLASS="COMMAND" +>Nt4sp6ai.exe /x</B +> for service pack 6a. The policy editor, +<B +CLASS="COMMAND" +>poledit.exe</B +> and the associated template files (*.adm) should +be extracted as well. It is also possible to downloaded the policy template +files for Office97 and get a copy of the policy editor. Another possible +location is with the Zero Administration Kit available for download from Microsoft.</P +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2719" +>17.1.2.1. Registry Tattoos</A +></H4 +><P +>With NT4 style registry based policy changes, a large number of settings are not +automatically reversed as the user logs off. Since the settings that were in the +NTConfig.POL file were applied to the client machine registry and that apply to the +hive key HKEY_LOCAL_MACHINE are permanent until explicitly reveresd. This is known +as tattooing. It can have serious consequences down-stream and the administrator must +be extreemly careful not to lock out the ability to manage the machine at a later date.</P +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2722" +>17.1.3. Creating and Managing MS Windows 200x Policies</A +></H3 +><P +>Windows NT4 System policies allows setting of registry parameters specific to +users, groups and computers (client workstations) that are members of the NT4 +style domain. Such policy file will work with MS Windows 2000 / XP clients also.</P +><P +>New to MS Windows 2000 Microsoft introduced a new style of group policy that confers +a superset of capabilities compared with NT4 style policies. Obviously, the tool used +to create them is different, and the mechanism for implementing them is much changed.</P +><P +>The older NT4 style registry based policies are known as <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Administrative Templates</I +></SPAN +> +in MS Windows 2000/XP Group Policy Objects (GPOs). The later includes ability to set various security +configurations, enforce Internet Explorer browser settings, change and redirect aspects of the +users' desktop (including: the location of <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>My Documents</I +></SPAN +> files (directory), as +well as intrinsics of where menu items will appear in the Start menu). An additional new +feature is the ability to make available particular software Windows applications to particular +users and/or groups.</P +><P +>Remember: NT4 policy files are named <TT +CLASS="FILENAME" +>NTConfig.POL</TT +> and are stored in the root +of the NETLOGON share on the domain controllers. A Windows NT4 user enters a username, a password +and selects the domain name to which the logon will attempt to take place. During the logon +process the client machine reads the NTConfig.POL file from the NETLOGON share on the authenticating +server, modifies the local registry values according to the settings in this file.</P +><P +>Windows 2K GPOs are very feature rich. They are NOT stored in the NETLOGON share, rather part of +a Windows 200x policy file is stored in the Active Directory itself and the other part is stored +in a shared (and replicated) volume called the SYSVOL folder. This folder is present on all Active +Directory domain controllers. The part that is stored in the Active Directory itself is called the +group policy container (GPC), and the part that is stored in the replicated share called SYSVOL is +known as the group policy template (GPT).</P +><P +>With NT4 clients the policy file is read and executed upon only aas each user log onto the network. +MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine +startup (machine specific part) and when the user logs onto the network the user specific part +is applied. In MS Windows 200x style policy management each machine and/or user may be subject +to any number of concurently applicable (and applied) policy sets (GPOs). Active Directory allows +the administrator to also set filters over the policy settings. No such equivalent capability +exists with NT4 style policy files.</P +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2733" +>17.1.3.1. Administration of Win2K Policies</A +></H4 +><P +>Instead of using the tool called "The System Policy Editor", commonly called Poledit (from the +executable name poledit.exe), GPOs are created and managed using a Microsoft Management Console +(MMC) snap-in as follows:</P +><P +></P +><UL +><LI +><P +> Go to the Windows 200x / XP menu <TT +CLASS="FILENAME" +>Start->Programs->Adminsitrative Tools</TT +> + and select the MMC snap-in called "Active Directory Users and Computers" + </P +><P +> </P +></LI +><LI +><P +> Select the domain or organizational unit (OU) that you wish to manage, then right click + to open the context menu for that object, select the properties item. + </P +></LI +><LI +><P +> Now left click on the Group Policy tab, then left click on the New tab. Type a name + for the new policy you will create. + </P +></LI +><LI +><P +> Now left click on the Edit tab to commence the steps needed to create the GPO. + </P +></LI +></UL +><P +>All policy configuration options are controlled through the use of policy administrative +templates. These files have a .adm extension, both in NT4 as well as in Windows 200x / XP. +Beware however, since the .adm files are NOT interchangible across NT4 and Windows 200x. +The later introduces many new features as well as extended definition capabilities. It is +well beyond the scope of this documentation to explain how to program .adm files, for that +the adminsitrator is referred to the Microsoft Windows Resource Kit for your particular +version of MS Windows.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>The MS Windows 2000 Resource Kit contains a tool called gpolmig.exe. This tool can be used +to migrate an NT4 NTConfig.POL file into a Windows 200x style GPO. Be VERY careful how you +use this powerful tool. Please refer to the resource kit manuals for specific usage information.</P +></TD +></TR +></TABLE +></DIV +></DIV +></DIV +></DIV +></DIV +><DIV +CLASS="CHAPTER" +><HR><H1 +><A +NAME="PROFILEMGMT" +></A +>Chapter 18. Profile Management</H1 +><DIV +CLASS="SECT1" +><H2 +CLASS="SECT1" +><A +NAME="AEN2761" +>18.1. Roaming Profiles</A +></H2 +><DIV +CLASS="WARNING" +><P +></P +><TABLE +CLASS="WARNING" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" +HSPACE="5" +ALT="Warning"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +><SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>NOTE!</I +></SPAN +> Roaming profiles support is different for Win9X and WinNT.</P +></TD +></TR +></TABLE +></DIV +><P +>Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features.</P +><P +>Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory.</P +><P +>WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT.</P +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2769" +>18.1.1. Windows NT Configuration</A +></H3 +><P +>To support WinNT clients, in the [global] section of smb.conf set the +following (for example):</P +><P +><PRE +CLASS="PROGRAMLISTING" +>logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE +></P +><P +>The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>MS Windows NT/2K clients at times do not disconnect a connection to a server +between logons. It is recommended to NOT use the <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>homes</I +></SPAN +> +meta-service name as part of the profile share path.</P +></TD +></TR +></TABLE +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2778" +>18.1.2. Windows 9X Configuration</A +></H3 +><P +>To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use /home" now works as well, and it, too, relies +on the "logon home" parameter.</P +><P +>By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file:</P +><P +><PRE +CLASS="PROGRAMLISTING" +>logon home = \\%L\%U\.profiles</PRE +></P +><P +>then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden).</P +><P +>Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home".</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2786" +>18.1.3. Win9X and WinNT Configuration</A +></H3 +><P +>You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example:</P +><P +><PRE +CLASS="PROGRAMLISTING" +>logon home = \\%L\%U\.profiles +logon path = \\%L\profiles\%U</PRE +></P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>I have not checked what 'net use /home' does on NT when "logon home" is +set as above.</P +></TD +></TR +></TABLE +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2793" +>18.1.4. Windows 9X Profile Setup</A +></H3 +><P +>When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders.</P +><P +>The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file.</P +><P +></P +><OL +TYPE="1" +><LI +><P +> On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot. + </P +></LI +><LI +><P +> On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot. + </P +></LI +></OL +><P +>Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me.</P +><P +>You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password.</P +><P +>Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'.</P +><P +>Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created.</P +><P +>These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set.</P +><P +>If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server.</P +><P +>If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time".</P +><P +></P +><OL +TYPE="1" +><LI +><P +> instead of logging in under the [user, password, domain] dialog, + press escape. + </P +></LI +><LI +><P +> run the regedit.exe program, and look in: + </P +><P +> HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList + </P +><P +> you will find an entry, for each user, of ProfilePath. Note the + contents of this key (likely to be c:\windows\profiles\username), + then delete the key ProfilePath for the required user. + </P +><P +> [Exit the registry editor]. + </P +></LI +><LI +><P +> <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>WARNING</I +></SPAN +> - before deleting the contents of the + directory listed in + the ProfilePath (this is likely to be c:\windows\profiles\username), + ask them if they have any important files stored on their desktop + or in their start menu. delete the contents of the directory + ProfilePath (making a backup if any of the files are needed). + </P +><P +> This will have the effect of removing the local (read-only hidden + system file) user.DAT in their profile directory, as well as the + local "desktop", "nethood", "start menu" and "programs" folders. + </P +></LI +><LI +><P +> search for the user's .PWL password-caching file in the c:\windows + directory, and delete it. + </P +></LI +><LI +><P +> log off the windows 95 client. + </P +></LI +><LI +><P +> check the contents of the profile path (see "logon path" described + above), and delete the user.DAT or user.MAN file for the user, + making a backup if required. + </P +></LI +></OL +><P +>If all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports.</P +><P +>If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server. Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2829" +>18.1.5. Windows NT Workstation 4.0</A +></H3 +><P +>When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created. The profile location can be now specified +through the "logon path" parameter.</P +><P +>There is a parameter that is now available for use with NT Profiles: +"logon drive". This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter.</P +><P +>The entry for the NT 4.0 profile is a _directory_ not a file. The NT +help on profiles mentions that a directory is also created with a .PDS +extension. The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension +for those situations where it might be created.)</P +><P +>In the profile directory, NT creates more folders than 95. It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs". The profile itself is stored in a file +NTuser.DAT. Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown.</P +><P +>You can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you). The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one.</P +><P +>The case of the profile is significant. The file must be called +NTuser.DAT or, for a mandatory profile, NTuser.MAN.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2837" +>18.1.6. Windows NT/200x Server</A +></H3 +><P +>There is nothing to stop you specifying any path that you like for the +location of users' profiles. Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2840" +>18.1.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A +></H3 +><P +>Sharing of desktop profiles between Windows versions is NOT recommended. +Desktop profiles are an evolving phenomenon and profiles for later versions +of MS Windows clients add features that may interfere with earlier versions +of MS Windows clients. Probably the more salient reason to NOT mix profiles +is that when logging off an earlier version of MS Windows the older format +of profile contents may overwrite information that belongs to the newer +version resulting in loss of profile information content when that user logs +on again with the newer version of MS Windows.</P +><P +>If you then want to share the same Start Menu / Desktop with W9x/Me, you will +need to specify a common location for the profiles. The smb.conf parameters +that need to be common are <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>logon path</I +></SPAN +> and +<SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>logon home</I +></SPAN +>.</P +><P +>If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2847" +>18.1.8. Windows NT 4</A +></H3 +><P +>Unfortunately, the Resource Kit info is Win NT4 or 200x specific.</P +><P +>Here is a quick guide:</P +><P +></P +><UL +><LI +><P +>On your NT4 Domain Controller, right click on 'My Computer', then +select the tab labelled 'User Profiles'.</P +></LI +><LI +><P +>Select a user profile you want to migrate and click on it.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="90%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>I am using the term "migrate" lossely. You can copy a profile to +create a group profile. You can give the user 'Everyone' rights to the +profile you copy this to. That is what you need to do, since your samba +domain is not a member of a trust relationship with your NT4 PDC.</P +></TD +></TR +></TABLE +></DIV +></LI +><LI +><P +>Click the 'Copy To' button.</P +></LI +><LI +><P +>In the box labelled 'Copy Profile to' add your new path, eg: +<TT +CLASS="FILENAME" +>c:\temp\foobar</TT +></P +></LI +><LI +><P +>Click on the button labelled 'Change' in the "Permitted to use" box.</P +></LI +><LI +><P +>Click on the group 'Everyone' and then click OK. This closes the +'chose user' box.</P +></LI +><LI +><P +>Now click OK.</P +></LI +></UL +><P +>Follow the above for every profile you need to migrate.</P +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2870" +>18.1.8.1. Side bar Notes</A +></H4 +><P +>You should obtain the SID of your NT4 domain. You can use smbpasswd to do +this. Read the man page.</P +><P +>With Samba-3.0.0 alpha code you can import all you NT4 domain accounts +using the net samsync method. This way you can retain your profile +settings as well as all your users.</P +></DIV +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2874" +>18.1.8.2. Mandatory profiles</A +></H4 +><P +>The above method can be used to create mandatory profiles also. To convert +a group profile into a mandatory profile simply locate the NTUser.DAT file +in the copied profile and rename it to NTUser.MAN.</P +></DIV +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2877" +>18.1.8.3. moveuser.exe</A +></H4 +><P +>The W2K professional resource kit has moveuser.exe. moveuser.exe changes +the security of a profile from one user to another. This allows the account +domain to change, and/or the user name to change.</P +></DIV +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2880" +>18.1.8.4. Get SID</A +></H4 +><P +>You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 +Resource Kit.</P +><P +>Windows NT 4.0 stores the local profile information in the registry under +the following key: +HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P +><P +>Under the ProfileList key, there will be subkeys named with the SIDs of the +users who have logged on to this computer. (To find the profile information +for the user whose locally cached profile you want to move, find the SID for +the user with the GetSID.exe utility.) Inside of the appropriate user's +subkey, you will see a string value named ProfileImagePath.</P +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2885" +>18.1.9. Windows 2000/XP</A +></H3 +><P +>You must first convert the profile from a local profile to a domain +profile on the MS Windows workstation as follows:</P +><P +></P +><UL +><LI +><P +>Log on as the LOCAL workstation administrator.</P +></LI +><LI +><P +>Right click on the 'My Computer' Icon, select 'Properties'</P +></LI +><LI +><P +>Click on the 'User Profiles' tab</P +></LI +><LI +><P +>Select the profile you wish to convert (click on it once)</P +></LI +><LI +><P +>Click on the button 'Copy To'</P +></LI +><LI +><P +>In the "Permitted to use" box, click on the 'Change' button.</P +></LI +><LI +><P +>Click on the 'Look in" area that lists the machine name, when you click +here it will open up a selection box. Click on the domain to which the +profile must be accessible.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="90%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>You will need to log on if a logon box opens up. Eg: In the connect +as: MIDEARTH\root, password: mypassword.</P +></TD +></TR +></TABLE +></DIV +></LI +><LI +><P +>To make the profile capable of being used by anyone select 'Everyone'</P +></LI +><LI +><P +>Click OK. The Selection box will close.</P +></LI +><LI +><P +>Now click on the 'Ok' button to create the profile in the path you +nominated.</P +></LI +></UL +><P +>Done. You now have a profile that can be editted using the samba-3.0.0 +profiles tool.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Under NT/2K the use of mandotory profiles forces the use of MS Exchange +storage of mail data. That keeps desktop profiles usable.</P +></TD +></TR +></TABLE +></DIV +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +></P +><UL +><LI +><P +>This is a security check new to Windows XP (or maybe only +Windows XP service pack 1). It can be disabled via a group policy in +Active Directory. The policy is:</P +><P +>"Computer Configuration\Administrative Templates\System\User +Profiles\Do not check for user ownership of Roaming Profile Folders"</P +><P +>...and it should be set to "Enabled". +Does the new version of samba have an Active Directory analogue? If so, +then you may be able to set the policy through this.</P +><P +>If you cannot set group policies in samba, then you may be able to set +the policy locally on each machine. If you want to try this, then do +the following (N.B. I don't know for sure that this will work in the +same way as a domain group policy):</P +></LI +><LI +><P +>On the XP workstation log in with an Administrator account.</P +></LI +><LI +><P +>Click: "Start", "Run"</P +></LI +><LI +><P +>Type: "mmc"</P +></LI +><LI +><P +>Click: "OK"</P +></LI +><LI +><P +>A Microsoft Management Console should appear.</P +></LI +><LI +><P +>Click: File, "Add/Remove Snap-in...", "Add"</P +></LI +><LI +><P +>Double-Click: "Group Policy"</P +></LI +><LI +><P +>Click: "Finish", "Close"</P +></LI +><LI +><P +>Click: "OK"</P +></LI +><LI +><P +>In the "Console Root" window:</P +></LI +><LI +><P +>Expand: "Local Computer Policy", "Computer Configuration",</P +></LI +><LI +><P +>"Administrative Templates", "System", "User Profiles"</P +></LI +><LI +><P +>Double-Click: "Do not check for user ownership of Roaming Profile</P +></LI +><LI +><P +>Folders"</P +></LI +><LI +><P +>Select: "Enabled"</P +></LI +><LI +><P +>Click: OK"</P +></LI +><LI +><P +>Close the whole console. You do not need to save the settings (this +refers to the console settings rather than the policies you have +changed).</P +></LI +><LI +><P +>Reboot</P +></LI +></UL +></TD +></TR +></TABLE +></DIV +></DIV +></DIV +></DIV +><DIV +CLASS="CHAPTER" +><HR><H1 +><A NAME="INTEGRATE-MS-NETWORKS" ></A ->Chapter 17. Integrating MS Windows networks with Samba</H1 +>Chapter 19. Integrating MS Windows networks with Samba</H1 ><P >This section deals with NetBIOS over TCP/IP name to IP address resolution. If you your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this @@ -14743,8 +14914,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2932" ->17.1. Name Resolution in a pure Unix/Linux world</A +NAME="AEN2975" +>19.1. Name Resolution in a pure Unix/Linux world</A ></H2 ><P >The key configuration files covered in this section are:</P @@ -14785,8 +14956,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2948" ->17.1.1. <TT +NAME="AEN2991" +>19.1.1. <TT CLASS="FILENAME" >/etc/hosts</TT ></A @@ -14866,8 +15037,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2964" ->17.1.2. <TT +NAME="AEN3007" +>19.1.2. <TT CLASS="FILENAME" >/etc/resolv.conf</TT ></A @@ -14904,8 +15075,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2975" ->17.1.3. <TT +NAME="AEN3018" +>19.1.3. <TT CLASS="FILENAME" >/etc/host.conf</TT ></A @@ -14933,8 +15104,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN2983" ->17.1.4. <TT +NAME="AEN3026" +>19.1.4. <TT CLASS="FILENAME" >/etc/nsswitch.conf</TT ></A @@ -15002,8 +15173,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN2995" ->17.2. Name resolution as used within MS Windows networking</A +NAME="AEN3038" +>19.2. Name resolution as used within MS Windows networking</A ></H2 ><P >MS Windows networking is predicated about the name each machine @@ -15087,8 +15258,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3007" ->17.2.1. The NetBIOS Name Cache</A +NAME="AEN3050" +>19.2.1. The NetBIOS Name Cache</A ></H3 ><P >All MS Windows machines employ an in memory buffer in which is @@ -15114,8 +15285,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3012" ->17.2.2. The LMHOSTS file</A +NAME="AEN3055" +>19.2.2. The LMHOSTS file</A ></H3 ><P >This file is usually located in MS Windows NT 4.0 or @@ -15217,8 +15388,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3020" ->17.2.3. HOSTS file</A +NAME="AEN3063" +>19.2.3. HOSTS file</A ></H3 ><P >This file is usually located in MS Windows NT 4.0 or 2000 in @@ -15239,8 +15410,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3025" ->17.2.4. DNS Lookup</A +NAME="AEN3068" +>19.2.4. DNS Lookup</A ></H3 ><P >This capability is configured in the TCP/IP setup area in the network @@ -15259,8 +15430,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3028" ->17.2.5. WINS Lookup</A +NAME="AEN3071" +>19.2.5. WINS Lookup</A ></H3 ><P >A WINS (Windows Internet Name Server) service is the equivaent of the @@ -15302,14 +15473,14 @@ CLASS="CHAPTER" ><A NAME="IMPROVED-BROWSING" ></A ->Chapter 18. Improved browsing in samba</H1 +>Chapter 20. Improved browsing in samba</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3047" ->18.1. Overview of browsing</A +NAME="AEN3090" +>20.1. Overview of browsing</A ></H2 ><P >SMB networking provides a mechanism by which clients can access a list @@ -15337,8 +15508,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3052" ->18.2. Browsing support in samba</A +NAME="AEN3095" +>20.2. Browsing support in samba</A ></H2 ><P >Samba facilitates browsing. The browsing is supported by nmbd @@ -15380,8 +15551,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3060" ->18.3. Problem resolution</A +NAME="AEN3103" +>20.3. Problem resolution</A ></H2 ><P >If something doesn't work then hopefully the log.nmb file will help @@ -15427,8 +15598,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3069" ->18.4. Browsing across subnets</A +NAME="AEN3112" +>20.4. Browsing across subnets</A ></H2 ><P >Since the release of Samba 1.9.17(alpha1) Samba has been @@ -15458,8 +15629,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3074" ->18.4.1. How does cross subnet browsing work ?</A +NAME="AEN3117" +>20.4.1. How does cross subnet browsing work ?</A ></H3 ><P >Cross subnet browsing is a complicated dance, containing multiple @@ -15669,8 +15840,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3109" ->18.5. Setting up a WINS server</A +NAME="AEN3152" +>20.5. Setting up a WINS server</A ></H2 ><P >Either a Samba machine or a Windows NT Server machine may be set up @@ -15752,8 +15923,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3128" ->18.6. Setting up Browsing in a WORKGROUP</A +NAME="AEN3171" +>20.6. Setting up Browsing in a WORKGROUP</A ></H2 ><P >To set up cross subnet browsing on a network containing machines @@ -15837,8 +16008,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3146" ->18.7. Setting up Browsing in a DOMAIN</A +NAME="AEN3189" +>20.7. Setting up Browsing in a DOMAIN</A ></H2 ><P >If you are adding Samba servers to a Windows NT Domain then @@ -15888,8 +16059,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3156" ->18.8. Forcing samba to be the master</A +NAME="AEN3199" +>20.8. Forcing samba to be the master</A ></H2 ><P >Who becomes the "master browser" is determined by an election process @@ -15936,8 +16107,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3165" ->18.9. Making samba the domain master</A +NAME="AEN3208" +>20.9. Making samba the domain master</A ></H2 ><P >The domain master is responsible for collating the browse lists of @@ -16009,8 +16180,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3183" ->18.10. Note about broadcast addresses</A +NAME="AEN3226" +>20.10. Note about broadcast addresses</A ></H2 ><P >If your network uses a "0" based broadcast address (for example if it @@ -16023,8 +16194,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3186" ->18.11. Multiple interfaces</A +NAME="AEN3229" +>20.11. Multiple interfaces</A ></H2 ><P >Samba now supports machines with multiple network interfaces. If you @@ -16038,14 +16209,14 @@ CLASS="CHAPTER" ><A NAME="MSDFS" ></A ->Chapter 19. Hosting a Microsoft Distributed File System tree on Samba</H1 +>Chapter 21. Hosting a Microsoft Distributed File System tree on Samba</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3200" ->19.1. Instructions</A +NAME="AEN3243" +>21.1. Instructions</A ></H2 ><P >The Distributed File System (or Dfs) provides a means of @@ -16176,8 +16347,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3235" ->19.1.1. Notes</A +NAME="AEN3278" +>21.1.1. Notes</A ></H3 ><P ></P @@ -16211,14 +16382,14 @@ CLASS="CHAPTER" ><A NAME="VFS" ></A ->Chapter 20. Stackable VFS modules</H1 +>Chapter 22. Stackable VFS modules</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3259" ->20.1. Introduction and configuration</A +NAME="AEN3302" +>22.1. Introduction and configuration</A ></H2 ><P >Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -16258,16 +16429,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3268" ->20.2. Included modules</A +NAME="AEN3311" +>22.2. Included modules</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN3270" ->20.2.1. audit</A +NAME="AEN3313" +>22.2.1. audit</A ></H3 ><P >A simple module to audit file access to the syslog @@ -16304,8 +16475,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3278" ->20.2.2. recycle</A +NAME="AEN3321" +>22.2.2. recycle</A ></H3 ><P >A recycle-bin like modules. When used any unlink call @@ -16375,8 +16546,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3315" ->20.2.3. netatalk</A +NAME="AEN3358" +>22.2.3. netatalk</A ></H3 ><P >A netatalk module, that will ease co-existence of samba and @@ -16408,8 +16579,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3322" ->20.3. VFS modules available elsewhere</A +NAME="AEN3365" +>22.3. VFS modules available elsewhere</A ></H2 ><P >This section contains a listing of various other VFS modules that @@ -16424,8 +16595,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3326" ->20.3.1. DatabaseFS</A +NAME="AEN3369" +>22.3.1. DatabaseFS</A ></H3 ><P >URL: <A @@ -16458,8 +16629,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3334" ->20.3.2. vscan</A +NAME="AEN3377" +>22.3.2. vscan</A ></H3 ><P >URL: <A @@ -16482,14 +16653,14 @@ CLASS="CHAPTER" ><A NAME="SECURING-SAMBA" ></A ->Chapter 21. Securing Samba</H1 +>Chapter 23. Securing Samba</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3348" ->21.1. Introduction</A +NAME="AEN3391" +>23.1. Introduction</A ></H2 ><P >This note was attached to the Samba 2.2.8 release notes as it contained an @@ -16501,8 +16672,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3351" ->21.2. Using host based protection</A +NAME="AEN3394" +>23.2. Using host based protection</A ></H2 ><P >In many installations of Samba the greatest threat comes for outside @@ -16533,8 +16704,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3358" ->21.3. Using interface protection</A +NAME="AEN3401" +>23.3. Using interface protection</A ></H2 ><P >By default Samba will accept connections on any network interface that @@ -16569,8 +16740,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3367" ->21.4. Using a firewall</A +NAME="AEN3410" +>23.4. Using a firewall</A ></H2 ><P >Many people use a firewall to deny access to services that they don't @@ -16599,8 +16770,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3374" ->21.5. Using a IPC$ share deny</A +NAME="AEN3417" +>23.5. Using a IPC$ share deny</A ></H2 ><P >If the above methods are not suitable, then you could also place a @@ -16638,8 +16809,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3383" ->21.6. Upgrading Samba</A +NAME="AEN3426" +>23.6. Upgrading Samba</A ></H2 ><P >Please check regularly on http://www.samba.org/ for updates and @@ -16654,14 +16825,14 @@ CLASS="CHAPTER" ><A NAME="UNICODE" ></A ->Chapter 22. Unicode/Charsets</H1 +>Chapter 24. Unicode/Charsets</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3397" ->22.1. What are charsets and unicode?</A +NAME="AEN3440" +>24.1. What are charsets and unicode?</A ></H2 ><P >Computers communicate in numbers. In texts, each number will be @@ -16710,8 +16881,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3406" ->22.2. Samba and charsets</A +NAME="AEN3449" +>24.2. Samba and charsets</A ></H2 ><P >As of samba 3.0, samba can (and will) talk unicode over the wire. Internally, @@ -16786,101 +16957,101 @@ CLASS="TOC" >Table of Contents</B ></DT ><DT ->23. <A +>25. <A HREF="#SPEED" >Samba performance issues</A ></DT ><DD ><DL ><DT ->23.1. <A -HREF="#AEN3443" +>25.1. <A +HREF="#AEN3486" >Comparisons</A ></DT ><DT ->23.2. <A -HREF="#AEN3449" +>25.2. <A +HREF="#AEN3492" >Socket options</A ></DT ><DT ->23.3. <A -HREF="#AEN3456" +>25.3. <A +HREF="#AEN3499" >Read size</A ></DT ><DT ->23.4. <A -HREF="#AEN3461" +>25.4. <A +HREF="#AEN3504" >Max xmit</A ></DT ><DT ->23.5. <A -HREF="#AEN3466" +>25.5. <A +HREF="#AEN3509" >Log level</A ></DT ><DT ->23.6. <A -HREF="#AEN3469" +>25.6. <A +HREF="#AEN3512" >Read raw</A ></DT ><DT ->23.7. <A -HREF="#AEN3474" +>25.7. <A +HREF="#AEN3517" >Write raw</A ></DT ><DT ->23.8. <A -HREF="#AEN3478" +>25.8. <A +HREF="#AEN3521" >Slow Clients</A ></DT ><DT ->23.9. <A -HREF="#AEN3482" +>25.9. <A +HREF="#AEN3525" >Slow Logins</A ></DT ><DT ->23.10. <A -HREF="#AEN3485" +>25.10. <A +HREF="#AEN3528" >Client tuning</A ></DT ></DL ></DD ><DT ->24. <A +>26. <A HREF="#PORTABILITY" >Portability</A ></DT ><DD ><DL ><DT ->24.1. <A -HREF="#AEN3525" +>26.1. <A +HREF="#AEN3568" >HPUX</A ></DT ><DT ->24.2. <A -HREF="#AEN3531" +>26.2. <A +HREF="#AEN3574" >SCO Unix</A ></DT ><DT ->24.3. <A -HREF="#AEN3535" +>26.3. <A +HREF="#AEN3578" >DNIX</A ></DT ><DT ->24.4. <A -HREF="#AEN3564" +>26.4. <A +HREF="#AEN3607" >RedHat Linux Rembrandt-II</A ></DT ><DT ->24.5. <A -HREF="#AEN3570" +>26.5. <A +HREF="#AEN3613" >AIX</A ></DT ><DD ><DL ><DT ->24.5.1. <A -HREF="#AEN3572" +>26.5.1. <A +HREF="#AEN3615" >Sequential Read Ahead</A ></DT ></DL @@ -16888,156 +17059,156 @@ HREF="#AEN3572" ></DL ></DD ><DT ->25. <A +>27. <A HREF="#OTHER-CLIENTS" >Samba and other CIFS clients</A ></DT ><DD ><DL ><DT ->25.1. <A -HREF="#AEN3590" +>27.1. <A +HREF="#AEN3633" >Macintosh clients?</A ></DT ><DT ->25.2. <A -HREF="#AEN3599" +>27.2. <A +HREF="#AEN3642" >OS2 Client</A ></DT ><DD ><DL ><DT ->25.2.1. <A -HREF="#AEN3601" +>27.2.1. <A +HREF="#AEN3644" >How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></DT ><DT ->25.2.2. <A -HREF="#AEN3616" +>27.2.2. <A +HREF="#AEN3659" >How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></DT ><DT ->25.2.3. <A -HREF="#AEN3625" +>27.2.3. <A +HREF="#AEN3668" >Are there any other issues when OS/2 (any version) is used as a client?</A ></DT ><DT ->25.2.4. <A -HREF="#AEN3629" +>27.2.4. <A +HREF="#AEN3672" >How do I get printer driver download working for OS/2 clients?</A ></DT ></DL ></DD ><DT ->25.3. <A -HREF="#AEN3639" +>27.3. <A +HREF="#AEN3682" >Windows for Workgroups</A ></DT ><DD ><DL ><DT ->25.3.1. <A -HREF="#AEN3641" +>27.3.1. <A +HREF="#AEN3684" >Use latest TCP/IP stack from Microsoft</A ></DT ><DT ->25.3.2. <A -HREF="#AEN3646" +>27.3.2. <A +HREF="#AEN3689" >Delete .pwl files after password change</A ></DT ><DT ->25.3.3. <A -HREF="#AEN3651" +>27.3.3. <A +HREF="#AEN3694" >Configure WfW password handling</A ></DT ><DT ->25.3.4. <A -HREF="#AEN3655" +>27.3.4. <A +HREF="#AEN3698" >Case handling of passwords</A ></DT ><DT ->25.3.5. <A -HREF="#AEN3660" +>27.3.5. <A +HREF="#AEN3703" >Use TCP/IP as default protocol</A ></DT ></DL ></DD ><DT ->25.4. <A -HREF="#AEN3663" +>27.4. <A +HREF="#AEN3706" >Windows '95/'98</A ></DT ><DT ->25.5. <A -HREF="#AEN3679" +>27.5. <A +HREF="#AEN3722" >Windows 2000 Service Pack 2</A ></DT ></DL ></DD ><DT ->26. <A +>28. <A HREF="#COMPILING" >How to compile SAMBA</A ></DT ><DD ><DL ><DT ->26.1. <A -HREF="#AEN3706" +>28.1. <A +HREF="#AEN3749" >Access Samba source code via CVS</A ></DT ><DD ><DL ><DT ->26.1.1. <A -HREF="#AEN3708" +>28.1.1. <A +HREF="#AEN3751" >Introduction</A ></DT ><DT ->26.1.2. <A -HREF="#AEN3713" +>28.1.2. <A +HREF="#AEN3756" >CVS Access to samba.org</A ></DT ></DL ></DD ><DT ->26.2. <A -HREF="#AEN3749" +>28.2. <A +HREF="#AEN3792" >Accessing the samba sources via rsync and ftp</A ></DT ><DT ->26.3. <A -HREF="#AEN3755" +>28.3. <A +HREF="#AEN3798" >Building the Binaries</A ></DT ><DD ><DL ><DT ->26.3.1. <A -HREF="#AEN3783" +>28.3.1. <A +HREF="#AEN3826" >Compiling samba with Active Directory support</A ></DT ></DL ></DD ><DT ->26.4. <A -HREF="#AEN3812" +>28.4. <A +HREF="#AEN3855" >Starting the smbd and nmbd</A ></DT ><DD ><DL ><DT ->26.4.1. <A -HREF="#AEN3822" +>28.4.1. <A +HREF="#AEN3865" >Starting from inetd.conf</A ></DT ><DT ->26.4.2. <A -HREF="#AEN3851" +>28.4.2. <A +HREF="#AEN3894" >Alternative: starting it as a daemon</A ></DT ></DL @@ -17045,128 +17216,128 @@ HREF="#AEN3851" ></DL ></DD ><DT ->27. <A +>29. <A HREF="#BUGREPORT" >Reporting Bugs</A ></DT ><DD ><DL ><DT ->27.1. <A -HREF="#AEN3874" +>29.1. <A +HREF="#AEN3917" >Introduction</A ></DT ><DT ->27.2. <A -HREF="#AEN3884" +>29.2. <A +HREF="#AEN3927" >General info</A ></DT ><DT ->27.3. <A -HREF="#AEN3890" +>29.3. <A +HREF="#AEN3933" >Debug levels</A ></DT ><DT ->27.4. <A -HREF="#AEN3907" +>29.4. <A +HREF="#AEN3950" >Internal errors</A ></DT ><DT ->27.5. <A -HREF="#AEN3917" +>29.5. <A +HREF="#AEN3960" >Attaching to a running process</A ></DT ><DT ->27.6. <A -HREF="#AEN3920" +>29.6. <A +HREF="#AEN3963" >Patches</A ></DT ></DL ></DD ><DT ->28. <A +>30. <A HREF="#DIAGNOSIS" >The samba checklist</A ></DT ><DD ><DL ><DT ->28.1. <A -HREF="#AEN3943" +>30.1. <A +HREF="#AEN3986" >Introduction</A ></DT ><DT ->28.2. <A -HREF="#AEN3948" +>30.2. <A +HREF="#AEN3991" >Assumptions</A ></DT ><DT ->28.3. <A -HREF="#AEN3958" +>30.3. <A +HREF="#AEN4001" >Tests</A ></DT ><DD ><DL ><DT ->28.3.1. <A -HREF="#AEN3960" +>30.3.1. <A +HREF="#AEN4003" >Test 1</A ></DT ><DT ->28.3.2. <A -HREF="#AEN3966" +>30.3.2. <A +HREF="#AEN4009" >Test 2</A ></DT ><DT ->28.3.3. <A -HREF="#AEN3972" +>30.3.3. <A +HREF="#AEN4015" >Test 3</A ></DT ><DT ->28.3.4. <A -HREF="#AEN3987" +>30.3.4. <A +HREF="#AEN4030" >Test 4</A ></DT ><DT ->28.3.5. <A -HREF="#AEN3992" +>30.3.5. <A +HREF="#AEN4035" >Test 5</A ></DT ><DT ->28.3.6. <A -HREF="#AEN3998" +>30.3.6. <A +HREF="#AEN4041" >Test 6</A ></DT ><DT ->28.3.7. <A -HREF="#AEN4006" +>30.3.7. <A +HREF="#AEN4049" >Test 7</A ></DT ><DT ->28.3.8. <A -HREF="#AEN4032" +>30.3.8. <A +HREF="#AEN4075" >Test 8</A ></DT ><DT ->28.3.9. <A -HREF="#AEN4049" +>30.3.9. <A +HREF="#AEN4092" >Test 9</A ></DT ><DT ->28.3.10. <A -HREF="#AEN4057" +>30.3.10. <A +HREF="#AEN4100" >Test 10</A ></DT ><DT ->28.3.11. <A -HREF="#AEN4063" +>30.3.11. <A +HREF="#AEN4106" >Test 11</A ></DT ></DL ></DD ><DT ->28.4. <A -HREF="#AEN4068" +>30.4. <A +HREF="#AEN4111" >Still having troubles?</A ></DT ></DL @@ -17180,14 +17351,14 @@ CLASS="CHAPTER" ><A NAME="SPEED" ></A ->Chapter 23. Samba performance issues</H1 +>Chapter 25. Samba performance issues</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3443" ->23.1. Comparisons</A +NAME="AEN3486" +>25.1. Comparisons</A ></H2 ><P >The Samba server uses TCP to talk to the client. Thus if you are @@ -17217,8 +17388,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3449" ->23.2. Socket options</A +NAME="AEN3492" +>25.2. Socket options</A ></H2 ><P >There are a number of socket options that can greatly affect the @@ -17245,8 +17416,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3456" ->23.3. Read size</A +NAME="AEN3499" +>25.3. Read size</A ></H2 ><P >The option "read size" affects the overlap of disk reads/writes with @@ -17271,8 +17442,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3461" ->23.4. Max xmit</A +NAME="AEN3504" +>25.4. Max xmit</A ></H2 ><P >At startup the client and server negotiate a "maximum transmit" size, @@ -17294,8 +17465,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3466" ->23.5. Log level</A +NAME="AEN3509" +>25.5. Log level</A ></H2 ><P >If you set the log level (also known as "debug level") higher than 2 @@ -17308,8 +17479,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3469" ->23.6. Read raw</A +NAME="AEN3512" +>25.6. Read raw</A ></H2 ><P >The "read raw" operation is designed to be an optimised, low-latency @@ -17330,8 +17501,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3474" ->23.7. Write raw</A +NAME="AEN3517" +>25.7. Write raw</A ></H2 ><P >The "write raw" operation is designed to be an optimised, low-latency @@ -17347,8 +17518,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3478" ->23.8. Slow Clients</A +NAME="AEN3521" +>25.8. Slow Clients</A ></H2 ><P >One person has reported that setting the protocol to COREPLUS rather @@ -17364,8 +17535,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3482" ->23.9. Slow Logins</A +NAME="AEN3525" +>25.9. Slow Logins</A ></H2 ><P >Slow logins are almost always due to the password checking time. Using @@ -17377,8 +17548,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3485" ->23.10. Client tuning</A +NAME="AEN3528" +>25.10. Client tuning</A ></H2 ><P >Often a speed problem can be traced to the client. The client (for @@ -17485,7 +17656,7 @@ CLASS="CHAPTER" ><A NAME="PORTABILITY" ></A ->Chapter 24. Portability</H1 +>Chapter 26. Portability</H1 ><P >Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -17495,8 +17666,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3525" ->24.1. HPUX</A +NAME="AEN3568" +>26.1. HPUX</A ></H2 ><P >HP's implementation of supplementary groups is, er, non-standard (for @@ -17525,8 +17696,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3531" ->24.2. SCO Unix</A +NAME="AEN3574" +>26.2. SCO Unix</A ></H2 ><P > @@ -17542,8 +17713,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3535" ->24.3. DNIX</A +NAME="AEN3578" +>26.3. DNIX</A ></H2 ><P >DNIX has a problem with seteuid() and setegid(). These routines are @@ -17649,8 +17820,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3564" ->24.4. RedHat Linux Rembrandt-II</A +NAME="AEN3607" +>26.4. RedHat Linux Rembrandt-II</A ></H2 ><P >By default RedHat Rembrandt-II during installation adds an @@ -17673,16 +17844,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3570" ->24.5. AIX</A +NAME="AEN3613" +>26.5. AIX</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN3572" ->24.5.1. Sequential Read Ahead</A +NAME="AEN3615" +>26.5.1. Sequential Read Ahead</A ></H3 ><P >Disabling Sequential Read Ahead using "vmtune -r 0" improves @@ -17696,7 +17867,7 @@ CLASS="CHAPTER" ><A NAME="OTHER-CLIENTS" ></A ->Chapter 25. Samba and other CIFS clients</H1 +>Chapter 27. Samba and other CIFS clients</H1 ><P >This chapter contains client-specific information.</P ><DIV @@ -17704,8 +17875,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3590" ->25.1. Macintosh clients?</A +NAME="AEN3633" +>27.1. Macintosh clients?</A ></H2 ><P >Yes. <A @@ -17750,16 +17921,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3599" ->25.2. OS2 Client</A +NAME="AEN3642" +>27.2. OS2 Client</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN3601" ->25.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN3644" +>27.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></H3 ><P @@ -17817,8 +17988,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3616" ->25.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN3659" +>27.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></H3 ><P @@ -17861,8 +18032,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3625" ->25.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN3668" +>27.2.3. Are there any other issues when OS/2 (any version) is used as a client?</A ></H3 ><P @@ -17883,8 +18054,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3629" ->25.2.4. How do I get printer driver download working +NAME="AEN3672" +>27.2.4. How do I get printer driver download working for OS/2 clients?</A ></H3 ><P @@ -17930,16 +18101,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3639" ->25.3. Windows for Workgroups</A +NAME="AEN3682" +>27.3. Windows for Workgroups</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN3641" ->25.3.1. Use latest TCP/IP stack from Microsoft</A +NAME="AEN3684" +>27.3.1. Use latest TCP/IP stack from Microsoft</A ></H3 ><P >Use the latest TCP/IP stack from microsoft if you use Windows @@ -17960,8 +18131,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3646" ->25.3.2. Delete .pwl files after password change</A +NAME="AEN3689" +>27.3.2. Delete .pwl files after password change</A ></H3 ><P >WfWg does a lousy job with passwords. I find that if I change my @@ -17980,8 +18151,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3651" ->25.3.3. Configure WfW password handling</A +NAME="AEN3694" +>27.3.3. Configure WfW password handling</A ></H3 ><P >There is a program call admincfg.exe @@ -17999,8 +18170,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3655" ->25.3.4. Case handling of passwords</A +NAME="AEN3698" +>27.3.4. Case handling of passwords</A ></H3 ><P >Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A @@ -18017,8 +18188,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3660" ->25.3.5. Use TCP/IP as default protocol</A +NAME="AEN3703" +>27.3.5. Use TCP/IP as default protocol</A ></H3 ><P >To support print queue reporting you may find @@ -18033,8 +18204,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3663" ->25.4. Windows '95/'98</A +NAME="AEN3706" +>27.4. Windows '95/'98</A ></H2 ><P >When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -18081,8 +18252,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3679" ->25.5. Windows 2000 Service Pack 2</A +NAME="AEN3722" +>27.5. Windows 2000 Service Pack 2</A ></H2 ><P > @@ -18165,7 +18336,7 @@ CLASS="CHAPTER" ><A NAME="COMPILING" ></A ->Chapter 26. How to compile SAMBA</H1 +>Chapter 28. How to compile SAMBA</H1 ><P >You can obtain the samba source from the <A HREF="http://samba.org/" @@ -18178,16 +18349,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3706" ->26.1. Access Samba source code via CVS</A +NAME="AEN3749" +>28.1. Access Samba source code via CVS</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN3708" ->26.1.1. Introduction</A +NAME="AEN3751" +>28.1.1. Introduction</A ></H3 ><P >Samba is developed in an open environment. Developers use CVS @@ -18208,8 +18379,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3713" ->26.1.2. CVS Access to samba.org</A +NAME="AEN3756" +>28.1.2. CVS Access to samba.org</A ></H3 ><P >The machine samba.org runs a publicly accessible CVS @@ -18221,8 +18392,8 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3716" ->26.1.2.1. Access via CVSweb</A +NAME="AEN3759" +>28.1.2.1. Access via CVSweb</A ></H4 ><P >You can access the source code via your @@ -18242,8 +18413,8 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3721" ->26.1.2.2. Access via cvs</A +NAME="AEN3764" +>28.1.2.2. Access via cvs</A ></H4 ><P >You can also access the source code via a @@ -18347,8 +18518,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3749" ->26.2. Accessing the samba sources via rsync and ftp</A +NAME="AEN3792" +>28.2. Accessing the samba sources via rsync and ftp</A ></H2 ><P > pserver.samba.org also exports unpacked copies of most parts of the CVS tree at <A @@ -18375,8 +18546,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3755" ->26.3. Building the Binaries</A +NAME="AEN3798" +>28.3. Building the Binaries</A ></H2 ><P >To do this, first run the program <B @@ -18461,8 +18632,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3783" ->26.3.1. Compiling samba with Active Directory support</A +NAME="AEN3826" +>28.3.1. Compiling samba with Active Directory support</A ></H3 ><P >In order to compile samba with ADS support, you need to have installed @@ -18511,8 +18682,8 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3795" ->26.3.1.1. Installing the required packages for Debian</A +NAME="AEN3838" +>28.3.1.1. Installing the required packages for Debian</A ></H4 ><P >On Debian you need to install the following packages:</P @@ -18542,8 +18713,8 @@ CLASS="SECT3" ><HR><H4 CLASS="SECT3" ><A -NAME="AEN3802" ->26.3.1.2. Installing the required packages for RedHat</A +NAME="AEN3845" +>28.3.1.2. Installing the required packages for RedHat</A ></H4 ><P >On RedHat this means you should have at least: </P @@ -18584,8 +18755,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3812" ->26.4. Starting the smbd and nmbd</A +NAME="AEN3855" +>28.4. Starting the smbd and nmbd</A ></H2 ><P >You must choose to start smbd and nmbd either @@ -18624,8 +18795,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3822" ->26.4.1. Starting from inetd.conf</A +NAME="AEN3865" +>28.4.1. Starting from inetd.conf</A ></H3 ><P >NOTE; The following will be different if @@ -18724,8 +18895,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3851" ->26.4.2. Alternative: starting it as a daemon</A +NAME="AEN3894" +>28.4.2. Alternative: starting it as a daemon</A ></H3 ><P >To start the server as a daemon you should create @@ -18783,14 +18954,14 @@ CLASS="CHAPTER" ><A NAME="BUGREPORT" ></A ->Chapter 27. Reporting Bugs</H1 +>Chapter 29. Reporting Bugs</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3874" ->27.1. Introduction</A +NAME="AEN3917" +>29.1. Introduction</A ></H2 ><P >The email address for bug reports for stable releases is <A @@ -18834,8 +19005,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3884" ->27.2. General info</A +NAME="AEN3927" +>29.2. General info</A ></H2 ><P >Before submitting a bug report check your config for silly @@ -18859,8 +19030,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3890" ->27.3. Debug levels</A +NAME="AEN3933" +>29.3. Debug levels</A ></H2 ><P >If the bug has anything to do with Samba behaving incorrectly as a @@ -18929,8 +19100,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3907" ->27.4. Internal errors</A +NAME="AEN3950" +>29.4. Internal errors</A ></H2 ><P >If you get a "INTERNAL ERROR" message in your log files it means that @@ -18973,8 +19144,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3917" ->27.5. Attaching to a running process</A +NAME="AEN3960" +>29.5. Attaching to a running process</A ></H2 ><P >Unfortunately some unixes (in particular some recent linux kernels) @@ -18990,8 +19161,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3920" ->27.6. Patches</A +NAME="AEN3963" +>29.6. Patches</A ></H2 ><P >The best sort of bug report is one that includes a fix! If you send us @@ -19013,14 +19184,14 @@ CLASS="CHAPTER" ><A NAME="DIAGNOSIS" ></A ->Chapter 28. The samba checklist</H1 +>Chapter 30. The samba checklist</H1 ><DIV CLASS="SECT1" ><H2 CLASS="SECT1" ><A -NAME="AEN3943" ->28.1. Introduction</A +NAME="AEN3986" +>30.1. Introduction</A ></H2 ><P >This file contains a list of tests you can perform to validate your @@ -19041,8 +19212,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3948" ->28.2. Assumptions</A +NAME="AEN3991" +>30.2. Assumptions</A ></H2 ><P >In all of the tests it is assumed you have a Samba server called @@ -19079,16 +19250,16 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN3958" ->28.3. Tests</A +NAME="AEN4001" +>30.3. Tests</A ></H2 ><DIV CLASS="SECT2" ><H3 CLASS="SECT2" ><A -NAME="AEN3960" ->28.3.1. Test 1</A +NAME="AEN4003" +>30.3.1. Test 1</A ></H3 ><P >In the directory in which you store your smb.conf file, run the command @@ -19109,8 +19280,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3966" ->28.3.2. Test 2</A +NAME="AEN4009" +>30.3.2. Test 2</A ></H3 ><P >Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from @@ -19135,8 +19306,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3972" ->28.3.3. Test 3</A +NAME="AEN4015" +>30.3.3. Test 3</A ></H3 ><P >Run the command "smbclient -L BIGSERVER" on the unix box. You @@ -19206,8 +19377,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3987" ->28.3.4. Test 4</A +NAME="AEN4030" +>30.3.4. Test 4</A ></H3 ><P >Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the @@ -19227,8 +19398,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3992" ->28.3.5. Test 5</A +NAME="AEN4035" +>30.3.5. Test 5</A ></H3 ><P >run the command <B @@ -19248,8 +19419,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN3998" ->28.3.6. Test 6</A +NAME="AEN4041" +>30.3.6. Test 6</A ></H3 ><P >Run the command <B @@ -19282,8 +19453,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4006" ->28.3.7. Test 7</A +NAME="AEN4049" +>30.3.7. Test 7</A ></H3 ><P >Run the command <B @@ -19371,8 +19542,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4032" ->28.3.8. Test 8</A +NAME="AEN4075" +>30.3.8. Test 8</A ></H3 ><P >On the PC type the command <B @@ -19431,8 +19602,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4049" ->28.3.9. Test 9</A +NAME="AEN4092" +>30.3.9. Test 9</A ></H3 ><P >Run the command <B @@ -19465,8 +19636,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4057" ->28.3.10. Test 10</A +NAME="AEN4100" +>30.3.10. Test 10</A ></H3 ><P >Run the command <B @@ -19491,8 +19662,8 @@ CLASS="SECT2" ><HR><H3 CLASS="SECT2" ><A -NAME="AEN4063" ->28.3.11. Test 11</A +NAME="AEN4106" +>30.3.11. Test 11</A ></H3 ><P >From file manager try to browse the server. Your samba server should @@ -19519,8 +19690,8 @@ CLASS="SECT1" ><HR><H2 CLASS="SECT1" ><A -NAME="AEN4068" ->28.4. Still having troubles?</A +NAME="AEN4111" +>30.4. Still having troubles?</A ></H2 ><P >Try the mailing list or newsgroup, or use the ethereal utility to |