diff options
Diffstat (limited to 'docs/htmldocs')
25 files changed, 1972 insertions, 1618 deletions
diff --git a/docs/htmldocs/NT_Security.html b/docs/htmldocs/NT_Security.html index 081f7fb838..43ba056624 100644 --- a/docs/htmldocs/NT_Security.html +++ b/docs/htmldocs/NT_Security.html @@ -44,7 +44,7 @@ NAME="AEN3" ><P >In Samba 2.0.4 and above the default value of the parameter <A -HREF="smb.conf.5.html#NTACLSUPPOR" +HREF="smb.conf.5.html#NTACLSUPPORT" TARGET="_top" ><TT CLASS="PARAMETER" diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index a0d0573005..85ef2feb70 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -68,27 +68,27 @@ HREF="#AEN15" ><DD ><DL ><DT -><A +>1.1. <A HREF="#AEN17" >Step 0: Read the man pages</A ></DT ><DT -><A +>1.2. <A HREF="#AEN25" >Step 1: Building the Binaries</A ></DT ><DT -><A +>1.3. <A HREF="#AEN53" >Step 2: The all important step</A ></DT ><DT -><A +>1.4. <A HREF="#AEN57" >Step 3: Create the smb configuration file.</A ></DT ><DT -><A +>1.5. <A HREF="#AEN71" >Step 4: Test your config file with <B @@ -97,80 +97,80 @@ CLASS="COMMAND" ></A ></DT ><DT -><A +>1.6. <A HREF="#AEN77" >Step 5: Starting the smbd and nmbd</A ></DT ><DD ><DL ><DT -><A +>1.6.1. <A HREF="#AEN87" >Step 5a: Starting from inetd.conf</A ></DT ><DT -><A +>1.6.2. <A HREF="#AEN116" >Step 5b. Alternative: starting it as a daemon</A ></DT ></DL ></DD ><DT -><A +>1.7. <A HREF="#AEN132" >Step 6: Try listing the shares available on your server</A ></DT ><DT -><A +>1.8. <A HREF="#AEN141" >Step 7: Try connecting with the unix client</A ></DT ><DT -><A +>1.9. <A HREF="#AEN157" >Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client</A ></DT ><DT -><A +>1.10. <A HREF="#AEN171" >What If Things Don't Work?</A ></DT ><DD ><DL ><DT -><A +>1.10.1. <A HREF="#AEN176" >Diagnosing Problems</A ></DT ><DT -><A +>1.10.2. <A HREF="#AEN180" >Scope IDs</A ></DT ><DT -><A +>1.10.3. <A HREF="#AEN183" >Choosing the Protocol Level</A ></DT ><DT -><A +>1.10.4. <A HREF="#AEN192" >Printing from UNIX to a Client PC</A ></DT ><DT -><A +>1.10.5. <A HREF="#AEN196" >Locking</A ></DT ><DT -><A +>1.10.6. <A HREF="#AEN206" >Mapping Usernames</A ></DT ><DT -><A +>1.10.7. <A HREF="#AEN209" >Other Character Sets</A ></DT @@ -186,36 +186,36 @@ HREF="#AEN212" ><DD ><DL ><DT -><A +>2.1. <A HREF="#AEN223" >Introduction</A ></DT ><DT -><A +>2.2. <A HREF="#AEN227" >How does it work?</A ></DT ><DT -><A +>2.3. <A HREF="#AEN238" >Important Notes About Security</A ></DT ><DD ><DL ><DT -><A +>2.3.1. <A HREF="#AEN257" >Advantages of SMB Encryption</A ></DT ><DT -><A +>2.3.2. <A HREF="#AEN264" >Advantages of non-encrypted passwords</A ></DT ></DL ></DD ><DT -><A +>2.4. <A HREF="#AEN273" ><A NAME="SMBPASSWDFILEFORMAT" @@ -223,12 +223,12 @@ NAME="SMBPASSWDFILEFORMAT" >The smbpasswd file</A ></DT ><DT -><A +>2.5. <A HREF="#AEN325" >The smbpasswd Command</A ></DT ><DT -><A +>2.6. <A HREF="#AEN364" >Setting up Samba to support LanManager Encryption</A ></DT @@ -242,14 +242,14 @@ HREF="#AEN379" ><DD ><DL ><DT -><A +>3.1. <A HREF="#AEN390" >Instructions</A ></DT ><DD ><DL ><DT -><A +>3.1.1. <A HREF="#AEN425" >Notes</A ></DT @@ -265,56 +265,76 @@ HREF="#AEN434" ><DD ><DL ><DT -><A +>4.1. <A HREF="#AEN445" >Introduction</A ></DT ><DT -><A +>4.2. <A HREF="#AEN462" >Configuration</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN516" +>4.2.1. <A +HREF="#AEN472" +>Creating [print$]</A +></DT +><DT +>4.2.2. <A +HREF="#AEN507" +>Setting Drivers for Existing Printers</A +></DT +><DT +>4.2.3. <A +HREF="#AEN520" >Support a large number of printers</A ></DT +><DT +>4.2.4. <A +HREF="#AEN531" +>Adding New Printers via the Windows NT APW</A +></DT +><DT +>4.2.5. <A +HREF="#AEN556" +>Samba and Printer Ports</A +></DT ></DL ></DD ><DT -><A -HREF="#AEN527" +>4.3. <A +HREF="#AEN564" >The Imprints Toolset</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN531" +>4.3.1. <A +HREF="#AEN568" >What is Imprints?</A ></DT ><DT -><A -HREF="#AEN541" +>4.3.2. <A +HREF="#AEN578" >Creating Printer Driver Packages</A ></DT ><DT -><A -HREF="#AEN544" +>4.3.3. <A +HREF="#AEN581" >The Imprints server</A ></DT ><DT -><A -HREF="#AEN548" +>4.3.4. <A +HREF="#AEN585" >The Installation Client</A ></DT ></DL ></DD ><DT -><A -HREF="#AEN570" +>4.4. <A +HREF="#AEN607" ><A NAME="MIGRATION" ></A @@ -325,225 +345,225 @@ NAME="MIGRATION" ></DD ><DT >5. <A -HREF="#AEN599" +HREF="#AEN639" >security = domain in Samba 2.x</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN617" +>5.1. <A +HREF="#AEN657" >Joining an NT Domain with Samba 2.2</A ></DT ><DT -><A -HREF="#AEN681" +>5.2. <A +HREF="#AEN721" >Samba and Windows 2000 Domains</A ></DT ><DT -><A -HREF="#AEN686" +>5.3. <A +HREF="#AEN726" >Why is this better than security = server?</A ></DT ></DL ></DD ><DT >6. <A -HREF="#AEN702" +HREF="#AEN742" >How to Configure Samba 2.2.x as a Primary Domain Controller</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN713" +>6.1. <A +HREF="#AEN753" >Background</A ></DT ><DT -><A -HREF="#AEN750" +>6.2. <A +HREF="#AEN790" >Configuring the Samba Domain Controller</A ></DT ><DT -><A -HREF="#AEN793" +>6.3. <A +HREF="#AEN833" >Creating Machine Trust Accounts and Joining Clients to the Domain</A ></DT ><DT -><A -HREF="#AEN832" +>6.4. <A +HREF="#AEN872" >Common Problems and Errors</A ></DT ><DT -><A -HREF="#AEN860" +>6.5. <A +HREF="#AEN900" >System Policies and Profiles</A ></DT ><DT -><A -HREF="#AEN900" +>6.6. <A +HREF="#AEN940" >What other help can I get ?</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN947" +>6.6.1. <A +HREF="#AEN987" >URLs and similar</A ></DT ><DT -><A -HREF="#AEN971" +>6.6.2. <A +HREF="#AEN1011" >Mailing Lists</A ></DT ></DL ></DD ><DT -><A -HREF="#AEN1010" +>6.7. <A +HREF="#AEN1050" >DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A ></DT ></DL ></DD ><DT >7. <A -HREF="#AEN1034" +HREF="#AEN1074" >Unifed Logons between Windows NT and UNIX using Winbind</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN1052" +>7.1. <A +HREF="#AEN1092" >Abstract</A ></DT ><DT -><A -HREF="#AEN1056" +>7.2. <A +HREF="#AEN1096" >Introduction</A ></DT ><DT -><A -HREF="#AEN1069" +>7.3. <A +HREF="#AEN1109" >What Winbind Provides</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN1076" +>7.3.1. <A +HREF="#AEN1116" >Target Uses</A ></DT ></DL ></DD ><DT -><A -HREF="#AEN1080" +>7.4. <A +HREF="#AEN1120" >How Winbind Works</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN1085" +>7.4.1. <A +HREF="#AEN1125" >Microsoft Remote Procedure Calls</A ></DT ><DT -><A -HREF="#AEN1089" +>7.4.2. <A +HREF="#AEN1129" >Name Service Switch</A ></DT ><DT -><A -HREF="#AEN1105" +>7.4.3. <A +HREF="#AEN1145" >Pluggable Authentication Modules</A ></DT ><DT -><A -HREF="#AEN1113" +>7.4.4. <A +HREF="#AEN1153" >User and Group ID Allocation</A ></DT ><DT -><A -HREF="#AEN1117" +>7.4.5. <A +HREF="#AEN1157" >Result Caching</A ></DT ></DL ></DD ><DT -><A -HREF="#AEN1120" +>7.5. <A +HREF="#AEN1160" >Installation and Configuration</A ></DT ><DT -><A -HREF="#AEN1126" +>7.6. <A +HREF="#AEN1166" >Limitations</A ></DT ><DT -><A -HREF="#AEN1138" +>7.7. <A +HREF="#AEN1178" >Conclusion</A ></DT ></DL ></DD ><DT >8. <A -HREF="#AEN1141" +HREF="#AEN1181" >UNIX Permission Bits and WIndows NT Access Control Lists</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN1152" +>8.1. <A +HREF="#AEN1192" >Viewing and changing UNIX permissions using the NT security dialogs</A ></DT ><DT -><A -HREF="#AEN1161" +>8.2. <A +HREF="#AEN1201" >How to view file security on a Samba share</A ></DT ><DT -><A -HREF="#AEN1172" +>8.3. <A +HREF="#AEN1212" >Viewing file ownership</A ></DT ><DT -><A -HREF="#AEN1192" +>8.4. <A +HREF="#AEN1232" >Viewing file or directory permissions</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN1207" +>8.4.1. <A +HREF="#AEN1247" >File Permissions</A ></DT ><DT -><A -HREF="#AEN1221" +>8.4.2. <A +HREF="#AEN1261" >Directory Permissions</A ></DT ></DL ></DD ><DT -><A -HREF="#AEN1228" +>8.5. <A +HREF="#AEN1268" >Modifying file or directory permissions</A ></DT ><DT -><A -HREF="#AEN1250" +>8.6. <A +HREF="#AEN1290" >Interaction with the standard Samba create mask parameters</A ></DT ><DT -><A -HREF="#AEN1314" +>8.7. <A +HREF="#AEN1354" >Interaction with the standard Samba file attribute mapping</A ></DT @@ -551,39 +571,39 @@ HREF="#AEN1314" ></DD ><DT >9. <A -HREF="#AEN1324" +HREF="#AEN1364" >OS2 Client HOWTO</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN1335" +>9.1. <A +HREF="#AEN1375" >FAQs</A ></DT ><DD ><DL ><DT -><A -HREF="#AEN1337" +>9.1.1. <A +HREF="#AEN1377" >How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></DT ><DT -><A -HREF="#AEN1352" +>9.1.2. <A +HREF="#AEN1392" >How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></DT ><DT -><A -HREF="#AEN1361" +>9.1.3. <A +HREF="#AEN1401" >Are there any other issues when OS/2 (any version) is used as a client?</A ></DT ><DT -><A -HREF="#AEN1365" +>9.1.4. <A +HREF="#AEN1405" >How do I get printer driver download working for OS/2 clients?</A ></DT @@ -606,7 +626,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN17" ->Step 0: Read the man pages</A +>1.1. Step 0: Read the man pages</A ></H1 ><P >The man pages distributed with SAMBA contain @@ -638,7 +658,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN25" ->Step 1: Building the Binaries</A +>1.2. Step 1: Building the Binaries</A ></H1 ><P >To do this, first run the program <B @@ -737,7 +757,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN53" ->Step 2: The all important step</A +>1.3. Step 2: The all important step</A ></H1 ><P >At this stage you must fetch yourself a @@ -754,7 +774,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN57" ->Step 3: Create the smb configuration file.</A +>1.4. Step 3: Create the smb configuration file.</A ></H1 ><P >There are sample configuration files in the examples @@ -765,6 +785,12 @@ NAME="AEN57" >The simplest useful configuration file would be something like this:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > [global] @@ -774,6 +800,9 @@ CLASS="PROGRAMLISTING" guest ok = no read only = no </PRE +></TD +></TR +></TABLE ></P ><P >which would allow connections by anyone with an @@ -810,7 +839,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN71" ->Step 4: Test your config file with +>1.5. Step 4: Test your config file with <B CLASS="COMMAND" >testparm</B @@ -834,7 +863,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN77" ->Step 5: Starting the smbd and nmbd</A +>1.6. Step 5: Starting the smbd and nmbd</A ></H1 ><P >You must choose to start smbd and nmbd either @@ -874,7 +903,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN87" ->Step 5a: Starting from inetd.conf</A +>1.6.1. Step 5a: Starting from inetd.conf</A ></H2 ><P >NOTE; The following will be different if @@ -909,11 +938,20 @@ CLASS="FILENAME" > and add two lines something like this:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd </PRE +></TD +></TR +></TABLE ></P ><P >The exact syntax of <TT @@ -978,7 +1016,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN116" ->Step 5b. Alternative: starting it as a daemon</A +>1.6.2. Step 5b. Alternative: starting it as a daemon</A ></H2 ><P >To start the server as a daemon you should create @@ -988,12 +1026,21 @@ CLASS="FILENAME" >startsmb</TT >.</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > #!/bin/sh /usr/local/samba/bin/smbd -D /usr/local/samba/bin/nmbd -D </PRE +></TD +></TR +></TABLE ></P ><P >then make it executable with <B @@ -1035,7 +1082,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN132" ->Step 6: Try listing the shares available on your +>1.7. Step 6: Try listing the shares available on your server</A ></H1 ><P @@ -1076,7 +1123,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN141" ->Step 7: Try connecting with the unix client</A +>1.8. Step 7: Try connecting with the unix client</A ></H1 ><P ><TT @@ -1139,7 +1186,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN157" ->Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, +>1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client</A ></H1 ><P @@ -1188,7 +1235,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN171" ->What If Things Don't Work?</A +>1.10. What If Things Don't Work?</A ></H1 ><P >If nothing works and you start to think "who wrote @@ -1211,7 +1258,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN176" ->Diagnosing Problems</A +>1.10.1. Diagnosing Problems</A ></H2 ><P >If you have instalation problems then go to @@ -1227,13 +1274,13 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN180" ->Scope IDs</A +>1.10.2. Scope IDs</A ></H2 ><P >By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. If you really want to use a non-blank scope ID then you will - need to use the -i <scope> option to nmbd, smbd, and + need to use the -i <scope> option to nmbd, smbd, and smbclient. All your PCs will need to have the same setting for this to work. I do not recommend scope IDs.</P ></DIV @@ -1243,7 +1290,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN183" ->Choosing the Protocol Level</A +>1.10.3. Choosing the Protocol Level</A ></H2 ><P >The SMB protocol has many dialects. Currently @@ -1284,7 +1331,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN192" ->Printing from UNIX to a Client PC</A +>1.10.4. Printing from UNIX to a Client PC</A ></H2 ><P >To use a printer that is available via a smb-based @@ -1302,7 +1349,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN196" ->Locking</A +>1.10.5. Locking</A ></H2 ><P >One area which sometimes causes trouble is locking.</P @@ -1363,7 +1410,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN206" ->Mapping Usernames</A +>1.10.6. Mapping Usernames</A ></H2 ><P >If you have different usernames on the PCs and @@ -1376,7 +1423,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN209" ->Other Character Sets</A +>1.10.7. Other Character Sets</A ></H2 ><P >If you have problems using filenames with accented @@ -1400,7 +1447,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN223" ->Introduction</A +>2.1. Introduction</A ></H1 ><P >With the development of LanManager and Windows NT @@ -1419,7 +1466,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN227" ->How does it work?</A +>2.2. How does it work?</A ></H1 ><P >LanManager encryption is somewhat similar to UNIX @@ -1484,7 +1531,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN238" ->Important Notes About Security</A +>2.3. Important Notes About Security</A ></H1 ><P >The unix and SMB password encryption techniques seem similar @@ -1526,9 +1573,8 @@ ALIGN="LEFT" ><P >Note that Windows NT 4.0 Service pack 3 changed the default for permissible authentication so that plaintext - passwords are <I -CLASS="EMPHASIS" ->never</I + passwords are <EM +>never</EM > sent over the wire. The solution to this is either to switch to encrypted passwords with Samba or edit the Windows NT registry to re-enable plaintext @@ -1560,9 +1606,8 @@ CLASS="EMPHASIS" ></LI ></UL ><P -><I -CLASS="EMPHASIS" ->Note :</I +><EM +>Note :</EM >All current release of Microsoft SMB/CIFS clients support authentication via the SMB Challenge/Response mechanism described here. Enabling @@ -1578,7 +1623,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN257" ->Advantages of SMB Encryption</A +>2.3.1. Advantages of SMB Encryption</A ></H2 ><P ></P @@ -1607,7 +1652,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN264" ->Advantages of non-encrypted passwords</A +>2.3.2. Advantages of non-encrypted passwords</A ></H2 ><P ></P @@ -1638,7 +1683,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN273" -><A +>2.4. <A NAME="SMBPASSWDFILEFORMAT" ></A >The smbpasswd file</A @@ -1680,7 +1725,7 @@ CLASS="PROMPT" CLASS="USERINPUT" ><B >cat /etc/passwd | mksmbpasswd.sh - > /usr/local/samba/private/smbpasswd</B + > /usr/local/samba/private/smbpasswd</B ></TT ></P ><P @@ -1693,7 +1738,7 @@ CLASS="PROMPT" CLASS="USERINPUT" ><B >ypcat passwd | mksmbpasswd.sh - > /usr/local/samba/private/smbpasswd</B + > /usr/local/samba/private/smbpasswd</B ></TT ></P ><P @@ -1731,11 +1776,20 @@ CLASS="COMMAND" wrapped here. It should appear as one entry per line in your smbpasswd file.)</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: - [Account type]:LCT-<last-change-time>:Long name + [Account type]:LCT-<last-change-time>:Long name </PRE +></TD +></TR +></TABLE ></P ><P >Although only the <TT @@ -1768,9 +1822,8 @@ CLASS="REPLACEABLE" > sections are significant and are looked at in the Samba code.</P ><P ->It is <I -CLASS="EMPHASIS" ->VITALLY</I +>It is <EM +>VITALLY</EM > important that there by 32 'X' characters between the two ':' characters in the XXX sections - the smbpasswd and Samba code will fail to validate any entries that @@ -1794,10 +1847,19 @@ CLASS="CONSTANT" >For example, to clear the password for user bob, his smbpasswd file entry would look like :</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell </PRE +></TD +></TR +></TABLE ></P ><P >If you are allowing users to use the smbpasswd command to set @@ -1824,9 +1886,8 @@ CLASS="COMMAND" users a default password to begin with, so you do not have to enable this on your server.</P ><P -><I -CLASS="EMPHASIS" ->Note : </I +><EM +>Note : </EM >This file should be protected very carefully. Anyone with access to this file can (with enough knowledge of the protocols) gain access to your SMB server. The file is thus more @@ -1841,7 +1902,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN325" ->The smbpasswd Command</A +>2.5. The smbpasswd Command</A ></H1 ><P >The smbpasswd command maintains the two 32 byte password fields @@ -1859,10 +1920,9 @@ CLASS="FILENAME" > (or your main Samba binary directory).</P ><P ->Note that as of Samba 1.9.18p4 this program <I -CLASS="EMPHASIS" +>Note that as of Samba 1.9.18p4 this program <EM >MUST NOT - BE INSTALLED</I + BE INSTALLED</EM > setuid root (the new <B CLASS="COMMAND" >smbpasswd</B @@ -1915,8 +1975,8 @@ CLASS="PROMPT" ><TT CLASS="USERINPUT" ><B -><type old value here - - or hit return if there was no old password></B +><type old value here - + or hit return if there was no old password></B ></TT ></P ><P @@ -1926,7 +1986,7 @@ CLASS="PROMPT" ><TT CLASS="USERINPUT" ><B -><type new value> +><type new value> </B ></TT ></P @@ -1937,7 +1997,7 @@ CLASS="PROMPT" ><TT CLASS="USERINPUT" ><B -><re-type new value +><re-type new value </B ></TT ></P @@ -1980,7 +2040,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN364" ->Setting up Samba to support LanManager Encryption</A +>2.6. Setting up Samba to support LanManager Encryption</A ></H1 ><P >This is a very brief description on how to setup samba to @@ -2011,7 +2071,7 @@ CLASS="FILENAME" >smbpasswd</TT > password file in the place you specified in the Makefile - (--prefix=<dir>). See the notes under the <A + (--prefix=<dir>). See the notes under the <A HREF="#SMBPASSWDFILEFORMAT" >The smbpasswd File</A > @@ -2035,7 +2095,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN390" ->Instructions</A +>3.1. Instructions</A ></H1 ><P >The Distributed File System (or Dfs) provides a means of @@ -2087,7 +2147,7 @@ CLASS="PARAMETER" to other servers. For example, a symbolic link <TT CLASS="FILENAME" ->junction->msdfs:storage1\share1</TT +>junction->msdfs:storage1\share1</TT > in the share directory acts as the Dfs junction. When Dfs-aware clients attempt to access the junction link, they are redirected @@ -2099,6 +2159,12 @@ CLASS="FILENAME" >Here's an example of setting up a Dfs tree on a Samba server.</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" ># The smb.conf file: @@ -2110,6 +2176,9 @@ CLASS="PROGRAMLISTING" path = /export/dfsroot msdfs root = yes </PRE +></TD +></TR +></TABLE ></P ><P >In the /export/dfsroot directory we set up our dfs links to @@ -2183,7 +2252,7 @@ CLASS="SECT2" CLASS="SECT2" ><A NAME="AEN425" ->Notes</A +>3.1.1. Notes</A ></H2 ><P ></P @@ -2224,7 +2293,7 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN445" ->Introduction</A +>4.1. Introduction</A ></H1 ><P >Beginning with the 2.2.0 release, Samba supports @@ -2258,12 +2327,12 @@ TARGET="_top" ><P >Support for the native MS-RPC printing calls such as StartDocPrinter, EnumJobs(), etc... (See - the <A + the MSDN documentation at <A HREF="http://msdn.microsoft.com/" TARGET="_top" ->MSDN documentation - </A -> at http://msdn.microsoft.com/ for more information on the Win32 printing API) +>http://msdn.microsoft.com/</A +> + for more information on the Win32 printing API) </P ></LI ><LI @@ -2285,82 +2354,75 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN462" ->Configuration</A +>4.2. Configuration</A ></H1 ><P ->In order to support the uploading of printer driver -files, you must first configure a file share named [print$]. -The name of this share is hard coded in Samba's internals so -the name is very important (print$ is the service used by -Windows NT print servers to provide support for printer driver -download).</P -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Warning</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P ->Previous versions of Samba recommended using - a share named [printer$]. This name was taken from the - printer$ service created by Windows 9x clients when a - printer was shared. Windows 9x printer servers always have - a printer$ service which provides read-only access via no - password in order to support printer driver downloads.</P +><EM +>WARNING!!!</EM +> Previous versions of Samba +recommended using a share named [printer$]. This name was taken from the +printer$ service created by Windows 9x clients when a +printer was shared. Windows 9x printer servers always have +a printer$ service which provides read-only access via no +password in order to support printer driver downloads.</P ><P >However, the initial implementation allowed for a - parameter named <TT +parameter named <TT CLASS="PARAMETER" ><I >printer driver location</I ></TT > - to be used on a per share basis to specify the location of - the driver files associated with that printer. Another - parameter named <TT +to be used on a per share basis to specify the location of +the driver files associated with that printer. Another +parameter named <TT CLASS="PARAMETER" ><I >printer driver</I ></TT > provided - a means of defining the printer driver name to be sent to - the client.</P +a means of defining the printer driver name to be sent to +the client.</P ><P >These parameters, including <TT CLASS="PARAMETER" ><I >printer driver - file</I +file</I ></TT > parameter, are being depreciated and should not - be used in new installations. For more information on this change, - you should refer to the <A +be used in new installations. For more information on this change, +you should refer to the <A HREF="#MIGRATION" ->Migration section - </A +>Migration section </A >of this document.</P -></TD -></TR -></TABLE -></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN472" +>4.2.1. Creating [print$]</A +></H2 +><P +>In order to support the uploading of printer driver +files, you must first configure a file share named [print$]. +The name of this share is hard coded in Samba's internals so +the name is very important (print$ is the service used by +Windows NT print servers to provide support for printer driver +download).</P ><P >You should modify the server's smb.conf file to create the following file share (of course, some of the parameter values, such as 'path' are arbitrary and should be replaced with appropriate values for your site):</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >[print$] @@ -2369,6 +2431,9 @@ CLASS="PROGRAMLISTING" browseable = yes read only = yes write list = ntadmin</PRE +></TD +></TR +></TABLE ></P ><P >The <A @@ -2399,13 +2464,15 @@ CLASS="COMMAND" > depends upon how your site is configured. If users will be guaranteed to have an account on the Samba host, then this is a non-issue.</P +><DIV +CLASS="NOTE" +><BLOCKQUOTE +CLASS="NOTE" ><P -><I -CLASS="EMPHASIS" ->author's note: </I ->The non-issue is that -if all your Windows NT users are guaranteed to be authenticated -by the Samba server (such as a domain member server and the NT +><B +>Author's Note: </B +>The non-issue is that if all your Windows NT users are guaranteed to be +authenticated by the Samba server (such as a domain member server and the NT user has already been validated by the Domain Controller in order to logon to the Windows NT console), then guest access is not necessary. Of course, in a workgroup environment where @@ -2420,7 +2487,9 @@ CLASS="COMMAND" ></A > in the [global] section as well. Make sure you understand what this parameter does before using it -though. --jerry]</P +though. --jerry</P +></BLOCKQUOTE +></DIV ><P >In order for a Windows NT print server to support the downloading of driver files by multiple client architectures, @@ -2431,6 +2500,12 @@ Samba follows this model as well.</P >Next create the directory tree below the [print$] share for each architecture you wish to support.</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >[print$]----- @@ -2439,6 +2514,9 @@ CLASS="PROGRAMLISTING" |-W32ALPHA ; "Windows NT Alpha_AXP" |-W32MIPS ; "Windows NT R4000" |-W32PPC ; "Windows NT PowerPC"</PRE +></TD +></TR +></TABLE ></P ><DIV CLASS="WARNING" @@ -2452,18 +2530,13 @@ WIDTH="100%" ><TD ALIGN="CENTER" ><B ->Warning</B +>ATTENTION! REQUIRED PERMISSIONS</B ></TD ></TR ><TR ><TD ALIGN="LEFT" ><P -><I -CLASS="EMPHASIS" ->ATTENTION! REQUIRED PERMISSIONS</I -></P -><P >In order to currently add a new driver to you Samba host, one of two conditions must hold true:</P ><P @@ -2478,12 +2551,13 @@ CLASS="EMPHASIS" ><P >The account used to connect to the Samba host must be a member of the <A -HREF="smb.conf.5.html" +HREF="smb.conf.5.html#PRINTERADMIN" TARGET="_top" ><TT CLASS="PARAMETER" ><I -> printer admin</I +>printer + admin</I ></TT ></A > list.</P @@ -2508,6 +2582,15 @@ CLASS="PARAMETER" from a Windows NT 4.0 client. Navigate to the "Printers" folder on the Samba server. You should see an initial listing of printers that matches the printer shares defined on your Samba host.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN507" +>4.2.2. Setting Drivers for Existing Printers</A +></H2 ><P >The initial listing of printers in the Samba host's Printers folder will have no printer driver assigned to them. @@ -2553,13 +2636,14 @@ of course assumes that the printing client has the necessary privileges on the remote host serving the printer. The default permissions assigned by Windows NT to a printer gives the "Print" permissions to the "Everyone" well-known group.</P +></DIV ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN516" ->Support a large number of printers</A +NAME="AEN520" +>4.2.3. Support a large number of printers</A ></H2 ><P >One issue that has arisen during the development @@ -2578,6 +2662,12 @@ setdriver command</B associated with an installed driver. The following is example of how this could be accomplished:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > @@ -2613,20 +2703,165 @@ CLASS="PROMPT" >rpcclient pogo -U root%bleaK.er \ <TT CLASS="PROMPT" ->> </TT +>> </TT > -c "setdriver hp-print \"HP LaserJet 4000 Series PS\"" Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE +></TD +></TR +></TABLE ></P ></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN531" +>4.2.4. Adding New Printers via the Windows NT APW</A +></H2 +><P +>By default, Samba offers all printer shares defined in <TT +CLASS="FILENAME" +>smb.conf</TT +> +in the "Printers..." folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The APW will be show only if</P +><P +></P +><UL +><LI +><P +>The connected user is able to successfully + execute an OpenPrinterEx(\\server) with administrative + priviledges (i.e. root or <TT +CLASS="PARAMETER" +><I +>printer admin</I +></TT +>. + </P +></LI +><LI +><P +><A +HREF="smb.conf.5.html#SHOWADDPRINTERWIZARD" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>show + add printer wizard = yes</I +></TT +></A +> (the default). + </P +></LI +></UL +><P +>In order to be able to use the APW to successfully add a printer to a Samba +server, the <A +HREF="smb.conf.5.html#ADDPRINTERCOMMAND" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>addprinter +command</I +></TT +></A +> must have a defined value. The program +hook must successfully add the printer to the system (i.e. +<TT +CLASS="FILENAME" +>/etc/printcap</TT +> or appropriate files) and +<TT +CLASS="FILENAME" +>smb.conf</TT +> if necessary.</P +><P +>When using the APW from a client, if the named printer share does +not exist, <B +CLASS="COMMAND" +>smbd</B +> will execute the <TT +CLASS="PARAMETER" +><I +>add printer +program</I +></TT +> and reparse to the <TT +CLASS="FILENAME" +>smb.conf</TT +> +to attempt to locate the new printer share. If the share is still not defined, +an error of "Access Denied" is returned to the client. Note that the +<TT +CLASS="PARAMETER" +><I +>add printer program</I +></TT +> is executed undet the context +of the connected user, not necessarily a root account.</P +><P +>There is a complementing <A +HREF="smb.conf.5.html#DELETEPRINTERCOMMAND" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>deleteprinter +command</I +></TT +></A +> for removing entries from the "Printers..." +folder.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN556" +>4.2.5. Samba and Printer Ports</A +></H2 +><P +>Windows NT/2000 print servers associate a port with each printer. These normally +take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the +concept of ports associated with a printer. By default, only one printer port, +named "Samba Printer Port", exists on a system. Samba does not really a port in +order to print, rather it is a requirement of Windows clients. </P +><P +>Note that Samba does not support the concept of "Printer Pooling" internally +either. This is when a logical printer is assigned to multiple ports as +a form of load balancing or fail over.</P +><P +>If you require that multiple ports be defined for some reason, +<TT +CLASS="FILENAME" +>smb.conf</TT +> possesses a <A +HREF="smb.conf.5.html#ENUMPORTSCOMMAND" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>enumports +command</I +></TT +></A +> which can be used to define an external program +that generates a listing of ports on a system.</P +></DIV ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN527" ->The Imprints Toolset</A +NAME="AEN564" +>4.3. The Imprints Toolset</A ></H1 ><P >The Imprints tool set provides a UNIX equivalent of the @@ -2643,8 +2878,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN531" ->What is Imprints?</A +NAME="AEN568" +>4.3.1. What is Imprints?</A ></H2 ><P >Imprints is a collection of tools for supporting the goals @@ -2675,8 +2910,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN541" ->Creating Printer Driver Packages</A +NAME="AEN578" +>4.3.2. Creating Printer Driver Packages</A ></H2 ><P >The process of creating printer driver packages is beyond @@ -2691,8 +2926,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN544" ->The Imprints server</A +NAME="AEN581" +>4.3.3. The Imprints server</A ></H2 ><P >The Imprints server is really a database server that @@ -2701,9 +2936,8 @@ NAME="AEN544" downloading of the package. Each package is digitally signed via GnuPG which can be used to verify that package downloaded is actually the one referred in the Imprints database. It is - <I -CLASS="EMPHASIS" ->not</I + <EM +>not</EM > recommended that this security check be disabled.</P ></DIV @@ -2712,8 +2946,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN548" ->The Installation Client</A +NAME="AEN585" +>4.3.4. The Installation Client</A ></H2 ><P >More information regarding the Imprints installation client @@ -2754,20 +2988,28 @@ CLASS="COMMAND" >rpcclient</B >.</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > - foreach (supported architecture for a given driver) - { - 1. rpcclient: Get the appropriate upload directory - on the remote server - 2. smbclient: Upload the driver files - 3. rpcclient: Issues an AddPrinterDriver() MS-RPC - } +foreach (supported architecture for a given driver) +{ + 1. rpcclient: Get the appropriate upload directory + on the remote server + 2. smbclient: Upload the driver files + 3. rpcclient: Issues an AddPrinterDriver() MS-RPC +} - 4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually - create the printer - </PRE +4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually + create the printer</PRE +></TD +></TR +></TABLE ></P ><P >One of the problems encountered when implementing @@ -2807,8 +3049,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN570" -><A +NAME="AEN607" +>4.4. <A NAME="MIGRATION" ></A >Migration to from Samba 2.0.x to @@ -2831,7 +3073,7 @@ WIDTH="100%" ><TD ALIGN="CENTER" ><B ->Warning</B +>Achtung!</B ></TD ></TR ><TR @@ -2917,15 +3159,24 @@ CLASS="COMMAND" ><P >If you want to migrate an existing <TT CLASS="FILENAME" -> printers.def</TT -> file into the new setup, the current only +>printers.def</TT +> + file into the new setup, the current only solution is to use the Windows NT APW to install the NT drivers - and the 9x drivers. This can be scripted using smbclient and - rpcclient. See the <A + and the 9x drivers. This can be scripted using <B +CLASS="COMMAND" +>smbclient</B +> + and <B +CLASS="COMMAND" +>rpcclient</B +>. See the + Imprints installation client at <A HREF="http://imprints.sourceforge.net/" TARGET="_top" -> Imprints installation client</A -> for an example. +>http://imprints.sourceforge.net/</A +> + for an example. </P ></LI ></UL @@ -2935,7 +3186,7 @@ TARGET="_top" CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN599" +NAME="AEN639" >Chapter 5. security = domain in Samba 2.x</A ></H1 ><DIV @@ -2943,8 +3194,8 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN617" ->Joining an NT Domain with Samba 2.2</A +NAME="AEN657" +>5.1. Joining an NT Domain with Samba 2.2</A ></H1 ><P >In order for a Samba-2 server to join an NT domain, @@ -2952,9 +3203,8 @@ NAME="AEN617" NT domain on the PDC using Server Manager for Domains. This creates the machine account in the domain (PDC) SAM. Note that you should add the Samba server as a "Windows NT Workstation or Server", - <I -CLASS="EMPHASIS" ->NOT</I + <EM +>NOT</EM > as a Primary or backup domain controller.</P ><P >Assume you have a Samba-2 server with a NetBIOS name of @@ -3031,13 +3281,13 @@ CLASS="FILENAME" ><TT CLASS="REPLACEABLE" ><I -><NT DOMAIN NAME></I +><NT DOMAIN NAME></I ></TT >.<TT CLASS="REPLACEABLE" ><I -><Samba - Server Name></I +><Samba + Server Name></I ></TT >.mac</TT ></P @@ -3171,8 +3421,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN681" ->Samba and Windows 2000 Domains</A +NAME="AEN721" +>5.2. Samba and Windows 2000 Domains</A ></H1 ><P >Many people have asked regarding the state of Samba's ability to participate in @@ -3196,8 +3446,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN686" ->Why is this better than security = server?</A +NAME="AEN726" +>5.3. Why is this better than security = server?</A ></H1 ><P >Currently, domain security in Samba doesn't free you from @@ -3262,9 +3512,8 @@ CLASS="COMMAND" user is authenticated, making a Samba server truly plug and play in an NT domain environment. Watch for this code soon.</P ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > Much of the text of this document was first published in the Web magazine <A HREF="http://www.linuxworld.com" @@ -3283,7 +3532,7 @@ TARGET="_top" CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN702" +NAME="AEN742" >Chapter 6. How to Configure Samba 2.2.x as a Primary Domain Controller</A ></H1 ><DIV @@ -3291,13 +3540,12 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN713" ->Background</A +NAME="AEN753" +>6.1. Background</A ></H1 ><P -><I -CLASS="EMPHASIS" ->Author's Note :</I +><EM +>Author's Note :</EM > This document is a combination of David Bannon's Samba 2.2 PDC HOWTO and the Samba NT Domain FAQ. Both documents are superceeded by this one.</P @@ -3408,8 +3656,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN750" ->Configuring the Samba Domain Controller</A +NAME="AEN790" +>6.2. Configuring the Samba Domain Controller</A ></H1 ><P >The first step in creating a working Samba PDC is to @@ -3425,6 +3673,12 @@ linked with the actual smb.conf description.</P ><P >Here is an example smb.conf for acting as a PDC:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >[global] @@ -3566,6 +3820,9 @@ HREF="smb.conf.5.html#DIRECTORYMASK" TARGET="_top" >directory mask</A > = 0700</PRE +></TD +></TR +></TABLE ></P ><P >There are a couple of points to emphasize in the above @@ -3619,8 +3876,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN793" ->Creating Machine Trust Accounts and Joining Clients +NAME="AEN833" +>6.3. Creating Machine Trust Accounts and Joining Clients to the Domain</A ></H1 ><P @@ -3684,9 +3941,18 @@ CLASS="FILENAME" >/etc/passwd</TT > entry like this :</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >doppy$:x:505:501:NTMachine:/dev/null:/bin/false</PRE +></TD +></TR +></TABLE ></P ><P >If you are manually creating the machine accounts, it is necessary @@ -3719,10 +3985,9 @@ CLASS="REPLACEABLE" > is the machine's netbios name.</P ><P -><I -CLASS="EMPHASIS" +><EM >If you manually create a machine account, immediately join -the client to the domain.</I +the client to the domain.</EM > An open account like this can allow intruders to gain access to user account information in your domain.</P @@ -3737,23 +4002,29 @@ TARGET="_top" > parameter. Below is an example I use on a RedHat 6.2 Linux system.</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE +></TD +></TR +></TABLE ></P ><P ->In Samba 2.2.0, <I -CLASS="EMPHASIS" ->only the root account</I +>In Samba 2.2.0, <EM +>only the root account</EM > can be used to create machine accounts on the fly like this. Therefore, it is required -to create an entry in smbpasswd for <I -CLASS="EMPHASIS" ->root</I +to create an entry in smbpasswd for <EM +>root</EM >. -The password <I -CLASS="EMPHASIS" ->SHOULD</I +The password <EM +>SHOULD</EM > be set to s different password that the associated <TT CLASS="FILENAME" @@ -3766,15 +4037,14 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN832" ->Common Problems and Errors</A +NAME="AEN872" +>6.4. Common Problems and Errors</A ></H1 ><P ></P ><P -><I -CLASS="EMPHASIS" ->I cannot include a '$' in a machine name.</I +><EM +>I cannot include a '$' in a machine name.</EM ></P ><P >A 'machine name' in (typically) <TT @@ -3793,10 +4063,9 @@ CLASS="COMMAND" the whole entry with vipw if you like, make sure you use a unique uid !</P ><P -><I -CLASS="EMPHASIS" +><EM >I get told "You already have a connection to the Domain...." -when creating a machine account.</I +when creating a machine account.</EM ></P ><P >This happens if you try to create a machine account from the @@ -3810,18 +4079,16 @@ is the same name as the domain you are joining (bad idea) you will get this message. Change the workgroup name to something else, it does not matter what, reboot, and try again.</P ><P -><I -CLASS="EMPHASIS" +><EM >I get told "Cannot join domain, the credentials supplied -conflict with an existing set.."</I +conflict with an existing set.."</EM ></P ><P >This is the same basic problem as mentioned above, "You already have a connection..."</P ><P -><I -CLASS="EMPHASIS" ->"The system can not log you on (C000019B)...."</I +><EM +>"The system can not log you on (C000019B)...."</EM ></P ><P >I joined the domain successfully but after upgrading @@ -3843,10 +4110,9 @@ versions 2.0.7, TNG and the HEAD branch code (not recommended). The only way to correct the problem is to restore the original domain SID or remove the domain client from the domain and rejoin.</P ><P -><I -CLASS="EMPHASIS" +><EM >"The machine account for this computer either does not -exist or is not accessible."</I +exist or is not accessible."</EM ></P ><P >When I try to join the domain I get the message "The machine account @@ -3877,8 +4143,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN860" ->System Policies and Profiles</A +NAME="AEN900" +>6.5. System Policies and Profiles</A ></H1 ><P >Much of the information necessary to implement System Policies and @@ -3893,9 +4159,8 @@ Profiles and Policies in Windows NT 4.0</A ><P >Here are some additional details:</P ><P -><I -CLASS="EMPHASIS" ->What about Windows NT Policy Editor ?</I +><EM +>What about Windows NT Policy Editor ?</EM ></P ><P >To create or edit <TT @@ -3906,14 +4171,12 @@ the NT Server Policy Editor, <B CLASS="COMMAND" >poledit.exe</B > which -is included with NT Server but <I -CLASS="EMPHASIS" ->not NT Workstation</I +is included with NT Server but <EM +>not NT Workstation</EM >. There is a Policy Editor on a NTws -but it is not suitable for creating <I -CLASS="EMPHASIS" ->Domain Policies</I +but it is not suitable for creating <EM +>Domain Policies</EM >. Further, although the Windows 95 Policy Editor can be installed on an NT Workstation/Server, it will not @@ -3951,9 +4214,8 @@ be extracted as well. It is also possible to downloaded the policy template files for Office97 and get a copy of the policy editor. Another possible location is with the Zero Administration Kit available for download from Microsoft.</P ><P -><I -CLASS="EMPHASIS" ->Can Win95 do Policies ?</I +><EM +>Can Win95 do Policies ?</EM ></P ><P >Install the group policy handler for Win9x to pick up group @@ -3973,9 +4235,8 @@ to be done on every Win9x machine that uses group policies....</P (read: working) grouppol.dll for Windows 9x. The group list is grabbed from /etc/group.</P ><P -><I -CLASS="EMPHASIS" ->How do I get 'User Manager' and 'Server Manager'</I +><EM +>How do I get 'User Manager' and 'Server Manager'</EM ></P ><P >Since I don't need to buy an NT Server CD now, how do I get @@ -4020,8 +4281,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN900" ->What other help can I get ?</A +NAME="AEN940" +>6.6. What other help can I get ?</A ></H1 ><P >There are many sources of information available in the form @@ -4029,10 +4290,9 @@ of mailing lists, RFC's and documentation. The docs that come with the samba distribution contain very good explanations of general SMB topics such as browsing.</P ><P -><I -CLASS="EMPHASIS" +><EM >What are some diagnostics tools I can use to debug the domain logon -process and where can I find them?</I +process and where can I find them?</EM ></P ><P > One of the best diagnostic tools for debugging problems is Samba itself. @@ -4099,10 +4359,9 @@ TARGET="_top" formatted files. </P ><P -><I -CLASS="EMPHASIS" +><EM >How do I install 'Network Monitor' on an NT Workstation -or a Windows 9x box?</I +or a Windows 9x box?</EM ></P ><P > Installing netmon on an NT workstation requires a couple @@ -4203,8 +4462,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN947" ->URLs and similar</A +NAME="AEN987" +>6.6.1. URLs and similar</A ></H2 ><P ></P @@ -4219,9 +4478,8 @@ TARGET="_top" ></LI ><LI ><P -> The <I -CLASS="EMPHASIS" ->Development</I +> The <EM +>Development</EM > document on the Samba mirrors might mention your problem. If so, it might mean that the developers are working on it.</P @@ -4277,13 +4535,12 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN971" ->Mailing Lists</A +NAME="AEN1011" +>6.6.2. Mailing Lists</A ></H2 ><P -><I -CLASS="EMPHASIS" ->How do I get help from the mailing lists ?</I +><EM +>How do I get help from the mailing lists ?</EM ></P ><P >There are a number of Samba related mailing lists. Go to <A @@ -4355,9 +4612,8 @@ main stream Samba lists.</P ></LI ><LI ><P ->You might include <I -CLASS="EMPHASIS" ->partial</I +>You might include <EM +>partial</EM > log files written at a debug level set to as much as 20. Please don't send the entire log but enough to give the context of the @@ -4377,9 +4633,8 @@ CLASS="EMPHASIS" ></LI ></UL ><P -><I -CLASS="EMPHASIS" ->How do I get off the mailing lists ?</I +><EM +>How do I get off the mailing lists ?</EM ></P ><P >To have your name removed from a samba mailing list, go to the @@ -4412,16 +4667,15 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1010" ->DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A +NAME="AEN1050" +>6.7. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A ></H1 ><P >This appendix was originally authored by John H Terpstra of the Samba Team and is included here for posterity.</P ><P -><I -CLASS="EMPHASIS" ->NOTE :</I +><EM +>NOTE :</EM > The term "Domain Controller" and those related to it refer to one specific method of authentication that can underly an SMB domain. Domain Controllers @@ -4514,7 +4768,7 @@ within its registry.</P CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN1034" +NAME="AEN1074" >Chapter 7. Unifed Logons between Windows NT and UNIX using Winbind</A ></H1 ><DIV @@ -4522,16 +4776,15 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1052" ->Abstract</A +NAME="AEN1092" +>7.1. Abstract</A ></H1 ><P >Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous - computing environments for a long time. We present <I -CLASS="EMPHASIS" + computing environments for a long time. We present <EM >winbind - </I + </EM >, a component of the Samba suite of programs as a solution to the unied logon problem. Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules, and the Name @@ -4545,8 +4798,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1056" ->Introduction</A +NAME="AEN1096" +>7.2. Introduction</A ></H1 ><P >It is well known that UNIX and Microsoft Windows NT have @@ -4599,8 +4852,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1069" ->What Winbind Provides</A +NAME="AEN1109" +>7.3. What Winbind Provides</A ></H1 ><P >Winbind unifies UNIX and Windows NT account management by @@ -4641,8 +4894,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1076" ->Target Uses</A +NAME="AEN1116" +>7.3.1. Target Uses</A ></H2 ><P >Winbind is targeted at organizations that have an @@ -4665,8 +4918,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1080" ->How Winbind Works</A +NAME="AEN1120" +>7.4. How Winbind Works</A ></H1 ><P >The winbind system is designed around a client/server @@ -4685,8 +4938,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1085" ->Microsoft Remote Procedure Calls</A +NAME="AEN1125" +>7.4.1. Microsoft Remote Procedure Calls</A ></H2 ><P >Over the last two years, efforts have been underway @@ -4711,8 +4964,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1089" ->Name Service Switch</A +NAME="AEN1129" +>7.4.2. Name Service Switch</A ></H2 ><P >The Name Service Switch, or NSS, is a feature that is @@ -4790,8 +5043,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1105" ->Pluggable Authentication Modules</A +NAME="AEN1145" +>7.4.3. Pluggable Authentication Modules</A ></H2 ><P >Pluggable Authentication Modules, also known as PAM, @@ -4839,8 +5092,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1113" ->User and Group ID Allocation</A +NAME="AEN1153" +>7.4.4. User and Group ID Allocation</A ></H2 ><P >When a user or group is created under Windows NT @@ -4865,8 +5118,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1117" ->Result Caching</A +NAME="AEN1157" +>7.4.5. Result Caching</A ></H2 ><P >An active system can generate a lot of user and group @@ -4888,8 +5141,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1120" ->Installation and Configuration</A +NAME="AEN1160" +>7.5. Installation and Configuration</A ></H1 ><P >The easiest way to install winbind is by using the packages @@ -4919,8 +5172,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1126" ->Limitations</A +NAME="AEN1166" +>7.6. Limitations</A ></H1 ><P >Winbind has a number of limitations in its current @@ -4967,8 +5220,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1138" ->Conclusion</A +NAME="AEN1178" +>7.7. Conclusion</A ></H1 ><P >The winbind system, through the use of the Name Service @@ -4983,7 +5236,7 @@ NAME="AEN1138" CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN1141" +NAME="AEN1181" >Chapter 8. UNIX Permission Bits and WIndows NT Access Control Lists</A ></H1 ><DIV @@ -4991,8 +5244,8 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1152" ->Viewing and changing UNIX permissions using the NT +NAME="AEN1192" +>8.1. Viewing and changing UNIX permissions using the NT security dialogs</A ></H1 ><P @@ -5007,7 +5260,7 @@ NAME="AEN1152" ><P >In Samba 2.0.4 and above the default value of the parameter <A -HREF="smb.conf.5.html#NTACLSUPPOR" +HREF="smb.conf.5.html#NTACLSUPPORT" TARGET="_top" ><TT CLASS="PARAMETER" @@ -5030,37 +5283,31 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1161" ->How to view file security on a Samba share</A +NAME="AEN1201" +>8.2. How to view file security on a Samba share</A ></H1 ><P >From an NT 4.0 client, single-click with the right mouse button on any file or directory in a Samba mounted drive letter or UNC path. When the menu pops-up, click - on the <I -CLASS="EMPHASIS" ->Properties</I + on the <EM +>Properties</EM > entry at the bottom of the menu. This brings up the normal file properties dialog box, but with Samba 2.0.4 this will have a new tab along the top - marked <I -CLASS="EMPHASIS" ->Security</I + marked <EM +>Security</EM >. Click on this tab and you - will see three buttons, <I -CLASS="EMPHASIS" ->Permissions</I + will see three buttons, <EM +>Permissions</EM >, - <I -CLASS="EMPHASIS" ->Auditing</I ->, and <I -CLASS="EMPHASIS" ->Ownership</I + <EM +>Auditing</EM +>, and <EM +>Ownership</EM >. - The <I -CLASS="EMPHASIS" ->Auditing</I + The <EM +>Auditing</EM > button will cause either an error message <SPAN CLASS="ERRORNAME" @@ -5082,8 +5329,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1172" ->Viewing file ownership</A +NAME="AEN1212" +>8.3. Viewing file ownership</A ></H1 ><P >Clicking on the <B @@ -5146,9 +5393,8 @@ CLASS="COMMAND" it will display a dialog box complaining that the user you are currently logged onto the NT client cannot be found). The reason for this is that changing the ownership of a file is a privilaged - operation in UNIX, available only to the <I -CLASS="EMPHASIS" ->root</I + operation in UNIX, available only to the <EM +>root</EM > user. As clicking on this button causes NT to attempt to change the ownership of a file to the current user logged into the NT @@ -5158,10 +5404,9 @@ CLASS="EMPHASIS" and allow a user with Administrator privillage connected to a Samba 2.0.4 server as root to change the ownership of files on both a local NTFS filesystem or remote mounted NTFS - or Samba drive. This is available as part of the <I -CLASS="EMPHASIS" + or Samba drive. This is available as part of the <EM >Seclib - </I + </EM > NT security library written by Jeremy Allison of the Samba Team, available from the main Samba ftp site.</P ></DIV @@ -5170,8 +5415,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1192" ->Viewing file or directory permissions</A +NAME="AEN1232" +>8.4. Viewing file or directory permissions</A ></H1 ><P >The third button is the <B @@ -5232,8 +5477,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1207" ->File Permissions</A +NAME="AEN1247" +>8.4.1. File Permissions</A ></H2 ><P >The standard UNIX user/group/world triple and @@ -5294,8 +5539,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1221" ->Directory Permissions</A +NAME="AEN1261" +>8.4.2. Directory Permissions</A ></H2 ><P >Directories on an NT NTFS file system have two @@ -5326,8 +5571,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1228" ->Modifying file or directory permissions</A +NAME="AEN1268" +>8.5. Modifying file or directory permissions</A ></H1 ><P >Modifying file and directory permissions is as simple @@ -5424,8 +5669,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1250" ->Interaction with the standard Samba create mask +NAME="AEN1290" +>8.6. Interaction with the standard Samba create mask parameters</A ></H1 ><P @@ -5486,9 +5731,8 @@ CLASS="PARAMETER" >security mask</I ></TT > - mask may be treated as a set of bits the user is <I -CLASS="EMPHASIS" ->not</I + mask may be treated as a set of bits the user is <EM +>not</EM > allowed to change, and one bits are those the user is allowed to change. </P @@ -5698,8 +5942,8 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1314" ->Interaction with the standard Samba file attribute +NAME="AEN1354" +>8.7. Interaction with the standard Samba file attribute mapping</A ></H1 ><P @@ -5745,7 +5989,7 @@ CLASS="COMMAND" CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN1324" +NAME="AEN1364" >Chapter 9. OS2 Client HOWTO</A ></H1 ><DIV @@ -5753,16 +5997,16 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1335" ->FAQs</A +NAME="AEN1375" +>9.1. FAQs</A ></H1 ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1337" ->How can I configure OS/2 Warp Connect or +NAME="AEN1377" +>9.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></H2 ><P @@ -5820,8 +6064,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1352" ->How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN1392" +>9.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></H2 ><P @@ -5841,12 +6085,21 @@ TARGET="_top" a nutshell, edit the file \OS2VER in the root directory of the OS/2 boot partition and add the lines:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > 20=setup.exe 20=netwksta.sys 20=netvdd.sys </PRE +></TD +></TR +></TABLE ></P ><P >before you install the client. Also, don't use the @@ -5864,8 +6117,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1361" ->Are there any other issues when OS/2 (any version) +NAME="AEN1401" +>9.1.3. Are there any other issues when OS/2 (any version) is used as a client?</A ></H2 ><P @@ -5886,8 +6139,8 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1365" ->How do I get printer driver download working +NAME="AEN1405" +>9.1.4. How do I get printer driver download working for OS/2 clients?</A ></H2 ><P @@ -5914,8 +6167,8 @@ CLASS="REPLACEABLE" name of the NT driver name to the OS/2 driver name as follows:</P ><P -><nt driver name> = <os2 driver - name>.<device name>, e.g.: +><nt driver name> = <os2 driver + name>.<device name>, e.g.: HP LaserJet 5L = LASERJET.HP LaserJet 5L</P ><P >You can have multiple drivers mapped in this file.</P diff --git a/docs/htmldocs/findsmb.1.html b/docs/htmldocs/findsmb.1.html index 0f7ed2265e..2f246d666d 100644 --- a/docs/htmldocs/findsmb.1.html +++ b/docs/htmldocs/findsmb.1.html @@ -165,6 +165,12 @@ CLASS="COMMAND" >nmbd</B > running would yield output similar to the following</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" ><TT @@ -183,6 +189,9 @@ CLASS="COMPUTEROUTPUT" 192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] </TT ></PRE +></TD +></TR +></TABLE ></DIV ><DIV CLASS="REFSECT1" diff --git a/docs/htmldocs/lmhosts.5.html b/docs/htmldocs/lmhosts.5.html index 671278c19e..47df4a9733 100644 --- a/docs/htmldocs/lmhosts.5.html +++ b/docs/htmldocs/lmhosts.5.html @@ -59,10 +59,9 @@ TARGET="_top" ><TT CLASS="FILENAME" >lmhosts</TT -> is the <I -CLASS="EMPHASIS" +> is the <EM >Samba - </I + </EM > NetBIOS name to IP address mapping file. It is very similar to the <TT CLASS="FILENAME" @@ -105,6 +104,12 @@ NAME="AEN20" ><P >An example follows :</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" ># @@ -114,6 +119,9 @@ CLASS="PROGRAMLISTING" 192.9.200.20 NTSERVER#20 192.9.200.21 SAMBASERVER </PRE +></TD +></TR +></TABLE ></P ><P >Contains three IP to NetBIOS name mappings. The first diff --git a/docs/htmldocs/make_smbcodepage.1.html b/docs/htmldocs/make_smbcodepage.1.html index 456ea98b20..52eb12e527 100644 --- a/docs/htmldocs/make_smbcodepage.1.html +++ b/docs/htmldocs/make_smbcodepage.1.html @@ -202,7 +202,7 @@ NAME="AEN58" ><P ><B CLASS="COMMAND" ->codepage_def.<codepage></B +>codepage_def.<codepage></B ></P ><P >These are the input (text) codepage files provided in the @@ -259,7 +259,7 @@ CLASS="COMMAND" ><P ><B CLASS="COMMAND" ->codepage.<codepage></B +>codepage.<codepage></B > - These are the output (binary) codepage files produced and placed in the Samba destination <TT diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html index 4f7f71fe70..4b2c39dc4a 100644 --- a/docs/htmldocs/nmbd.8.html +++ b/docs/htmldocs/nmbd.8.html @@ -37,7 +37,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbd</B -> [-D] [-a] [-o] [-P] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log file>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]</P +> [-D] [-a] [-o] [-P] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log file>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]</P ></DIV ><DIV CLASS="REFSECT1" @@ -54,7 +54,7 @@ CLASS="COMMAND" >nmbd</B > is a server that understands and can reply to NetBIOS over IP name service requests, like - those produced by SMBD/CIFS clients such as Windows 95/98/ME, + those produced by SMB/CIFS clients such as Windows 95/98/ME, Windows NT, Windows 2000, and LanManager clients. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view.</P @@ -71,9 +71,8 @@ CLASS="COMMAND" specified it will respond with the IP number of the host it is running on. Its "own NetBIOS name" is by default the primary DNS name of the host it is running on, - but this can be overridden with the <I -CLASS="EMPHASIS" ->-n</I + but this can be overridden with the <EM +>-n</EM > option (see OPTIONS below). Thus <B CLASS="COMMAND" @@ -175,7 +174,7 @@ CLASS="COMMAND" >.</P ></DD ><DT ->-H <filename></DT +>-H <filename></DT ><DD ><P >NetBIOS lmhosts file. The lmhosts @@ -194,18 +193,16 @@ CLASS="FILENAME" ></A > to resolve any NetBIOS name queries needed by the server. Note - that the contents of this file are <I -CLASS="EMPHASIS" ->NOT</I + that the contents of this file are <EM +>NOT</EM > used by <B CLASS="COMMAND" >nmbd</B > to answer any name queries. Adding a line to this file affects name NetBIOS resolution - from this host <I -CLASS="EMPHASIS" ->ONLY</I + from this host <EM +>ONLY</EM >.</P ><P >The default path to this file is compiled into @@ -242,7 +239,7 @@ CLASS="COMMAND" >.</P ></DD ><DT ->-d <debug level></DT +>-d <debug level></DT ><DD ><P >debuglevel is an integer @@ -278,7 +275,7 @@ CLASS="FILENAME" > file.</P ></DD ><DT ->-l <log file></DT +>-l <log file></DT ><DD ><P >The -l parameter specifies a path @@ -306,7 +303,7 @@ CLASS="FILENAME" >.</P ></DD ><DT ->-n <primary NetBIOS name></DT +>-n <primary NetBIOS name></DT ><DD ><P >This option allows you to override @@ -331,7 +328,7 @@ CLASS="FILENAME" >.</P ></DD ><DT ->-p <UDP port number></DT +>-p <UDP port number></DT ><DD ><P >UDP port number is a positive integer value. @@ -344,7 +341,7 @@ CLASS="COMMAND" won't need help!</P ></DD ><DT ->-s <configuration file></DT +>-s <configuration file></DT ><DD ><P >The default configuration file name @@ -484,9 +481,8 @@ CLASS="FILENAME" >If <B CLASS="COMMAND" >nmbd</B -> is acting as a <I -CLASS="EMPHASIS" -> browse master</I +> is acting as a <EM +> browse master</EM > (see the <A HREF="smb.conf.5.html#localmaster" TARGET="_top" @@ -529,9 +525,8 @@ NAME="AEN171" CLASS="COMMAND" >nmbd</B > process it is recommended - that SIGKILL (-9) <I -CLASS="EMPHASIS" ->NOT</I + that SIGKILL (-9) <EM +>NOT</EM > be used, except as a last resort, as this may leave the name database in an inconsistent state. The correct way to terminate <B @@ -568,11 +563,11 @@ CLASS="FILENAME" of nmbd may be raised by sending it a SIGUSR1 (<B CLASS="COMMAND" >kill -USR1 - <nmbd-pid></B + <nmbd-pid></B >) and lowered by sending it a SIGUSR2 (<B CLASS="COMMAND" ->kill -USR2 <nmbd-pid></B +>kill -USR2 <nmbd-pid></B >). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level.</P diff --git a/docs/htmldocs/nmblookup.1.html b/docs/htmldocs/nmblookup.1.html index 7150370875..4312481b1c 100644 --- a/docs/htmldocs/nmblookup.1.html +++ b/docs/htmldocs/nmblookup.1.html @@ -37,7 +37,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >nmblookup</B -> [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}</P +> [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}</P ></DIV ><DIV CLASS="REFSECT1" @@ -156,7 +156,7 @@ CLASS="REPLACEABLE" >Print a help (usage) message.</P ></DD ><DT ->-B <broadcast address></DT +>-B <broadcast address></DT ><DD ><P >Send the query to the given broadcast address. Without @@ -179,7 +179,7 @@ CLASS="FILENAME" </P ></DD ><DT ->-U <unicast address></DT +>-U <unicast address></DT ><DD ><P >Do a unicast query to the specified address or @@ -198,7 +198,7 @@ CLASS="PARAMETER" query a WINS server.</P ></DD ><DT ->-d <debuglevel></DT +>-d <debuglevel></DT ><DD ><P >debuglevel is an integer from 0 to 10.</P @@ -234,7 +234,7 @@ CLASS="FILENAME" > file.</P ></DD ><DT ->-s <smb.conf></DT +>-s <smb.conf></DT ><DD ><P >This parameter specifies the pathname to @@ -246,7 +246,7 @@ TARGET="_top" the Samba setup on the machine.</P ></DD ><DT ->-i <scope></DT +>-i <scope></DT ><DD ><P >This specifies a NetBIOS scope that @@ -256,9 +256,8 @@ CLASS="COMMAND" > will use to communicate with when generating NetBIOS names. For details on the use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are - <I -CLASS="EMPHASIS" ->very</I + <EM +>very</EM > rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with.</P @@ -271,9 +270,8 @@ CLASS="EMPHASIS" lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each</P ><P -><I -CLASS="EMPHASIS" ->IP address .... NetBIOS name</I +><EM +>IP address .... NetBIOS name</EM ></P ><P > pair that is the normal output.</P @@ -285,7 +283,7 @@ CLASS="EMPHASIS" >This is the NetBIOS name being queried. Depending upon the previous options this may be a NetBIOS name or IP address. If a NetBIOS name then the different name types may be specified - by appending '#<type>' to the name. This name may also be + by appending '#<type>' to the name. This name may also be '*', which will return all registered names within a broadcast area.</P ></DD diff --git a/docs/htmldocs/printer_driver2.html b/docs/htmldocs/printer_driver2.html index 34208f8fee..ac845b8433 100644 --- a/docs/htmldocs/printer_driver2.html +++ b/docs/htmldocs/printer_driver2.html @@ -33,53 +33,54 @@ NAME="AEN3" ></H1 ><P >Beginning with the 2.2.0 release, Samba supports - the native Windows NT printing mechanisms implemented via - MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of - Samba only supported LanMan printing calls.</P +the native Windows NT printing mechanisms implemented via +MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of +Samba only supported LanMan printing calls.</P ><P >The additional functionality provided by the new - SPOOLSS support includes:</P +SPOOLSS support includes:</P ><P ></P ><UL ><LI ><P >Support for downloading printer driver - files to Windows 95/98/NT/2000 clients upon demand. - </P + files to Windows 95/98/NT/2000 clients upon demand. + </P ></LI ><LI ><P >Uploading of printer drivers via the - Windows NT Add Printer Wizard (APW) or the <A + Windows NT Add Printer Wizard (APW) or the + Imprints tool set (refer to <A HREF="http://imprints.sourceforge.net" TARGET="_top" ->Imprints tool set - </A -></P +>http://imprints.sourceforge.net</A +>). + </P ></LI ><LI ><P >Support for the native MS-RPC printing - calls such as StartDocPrinter, EnumJobs(), etc... (See - the <A + calls such as StartDocPrinter, EnumJobs(), etc... (See + the MSDN documentation at <A HREF="http://msdn.microsoft.com/" TARGET="_top" ->MSDN documentation - </A -> for more information on the Win32 printing API) - </P +>http://msdn.microsoft.com/</A +> + for more information on the Win32 printing API) + </P ></LI ><LI ><P >Support for NT Access Control Lists (ACL) - on printer objects</P + on printer objects</P ></LI ><LI ><P >Improved support for printer queue manipulation - through the use of an internal databases for spooled job - information</P + through the use of an internal databases for spooled job + information</P ></LI ></UL ></DIV @@ -92,88 +93,75 @@ NAME="AEN20" >Configuration</A ></H1 ><P ->In order to support the uploading of printer driver - files, you must first configure a file share named [print$]. - The name of this share is hard coded in Samba's internals so - the name is very important (print$ is the service used by - Windows NT print servers to provide support for printer driver - download).</P -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Warning</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P ->Previous versions of Samba recommended using - a share named [printer$]. This name was taken from the - printer$ service created by Windows 9x clients when a - printer was shared. Windows 9x printer servers always have - a printer$ service which provides read-only access via no - password in order to support printer driver downloads.</P +><I +CLASS="EMPHASIS" +>WARNING!!!</I +> Previous versions of Samba +recommended using a share named [printer$]. This name was taken from the +printer$ service created by Windows 9x clients when a +printer was shared. Windows 9x printer servers always have +a printer$ service which provides read-only access via no +password in order to support printer driver downloads.</P ><P >However, the initial implementation allowed for a - parameter named <TT +parameter named <TT CLASS="PARAMETER" ><I >printer driver location</I ></TT > - to be used on a per share basis to specify the location of - the driver files associated with that printer. Another - parameter named <TT +to be used on a per share basis to specify the location of +the driver files associated with that printer. Another +parameter named <TT CLASS="PARAMETER" ><I >printer driver</I ></TT > provided - a means of defining the printer driver name to be sent to - the client.</P +a means of defining the printer driver name to be sent to +the client.</P ><P >These parameters, including <TT CLASS="PARAMETER" ><I >printer driver - file</I +file</I ></TT > parameter, are being depreciated and should not - be used in new installations. For more information on this change, - you should refer to the <A +be used in new installations. For more information on this change, +you should refer to the <A HREF="#MIGRATION" ->Migration section - </A +>Migration section </A >of this document.</P -></TD -></TR -></TABLE -></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN30" +>Creating [print$]</A +></H2 +><P +>In order to support the uploading of printer driver +files, you must first configure a file share named [print$]. +The name of this share is hard coded in Samba's internals so +the name is very important (print$ is the service used by +Windows NT print servers to provide support for printer driver +download).</P ><P >You should modify the server's smb.conf file to create the - following file share (of course, some of the parameter values, - such as 'path' are arbitrary and should be replaced with - appropriate values for your site):</P +following file share (of course, some of the parameter values, +such as 'path' are arbitrary and should be replaced with +appropriate values for your site):</P ><P ><PRE CLASS="PROGRAMLISTING" >[print$] - path = /usr/local/samba/printers - guest ok = yes - browseable = yes - read only = yes - write list = ntadmin - </PRE + path = /usr/local/samba/printers + guest ok = yes + browseable = yes + read only = yes + write list = ntadmin</PRE ></P ><P >The <A @@ -182,70 +170,72 @@ TARGET="_top" ><TT CLASS="PARAMETER" ><I -> write list</I +>write list</I ></TT ></A > is used to allow administrative - level user accounts to have write access in order to update files - on the share. See the <A +level user accounts to have write access in order to update files +on the share. See the <A HREF="smb./conf.5.html" TARGET="_top" -> smb.conf(5) man page</A +>smb.conf(5) man page</A > for more information on - configuring file shares.</P +configuring file shares.</P ><P >The requirement for <A HREF="smb.conf.5.html#GUESTOK" TARGET="_top" ><B CLASS="COMMAND" -> guest ok = yes</B +>guest ok = yes</B ></A > depends upon how your - site is configured. If users will be guaranteed to have - an account on the Samba host, then this is a non-issue.</P +site is configured. If users will be guaranteed to have +an account on the Samba host, then this is a non-issue.</P +><DIV +CLASS="NOTE" +><BLOCKQUOTE +CLASS="NOTE" ><P -><I -CLASS="EMPHASIS" ->author's note: </I ->The non-issue is that - if all your Windows NT users are guarenteed to be authenticated - by the Samba server (such as a domain member server and the NT - user has already been validated by the Domain Controller in - order to logon to the Windows NT console), then guest access - is not necessary. Of course, in a workgroup environment where - you just want to be able to print without worrying about - silly accounts and security, then configure the share for - guest access. You'll probably want to add <A +><B +>Author's Note: </B +>The non-issue is that if all your Windows NT users are guaranteed to be +authenticated by the Samba server (such as a domain member server and the NT +user has already been validated by the Domain Controller in +order to logon to the Windows NT console), then guest access +is not necessary. Of course, in a workgroup environment where +you just want to be able to print without worrying about +silly accounts and security, then configure the share for +guest access. You'll probably want to add <A HREF="smb.conf.5.html#MAPTOGUEST" TARGET="_top" ><B CLASS="COMMAND" ->map to guest = Bad User - </B +>map to guest = Bad User</B ></A > in the [global] section as well. Make sure - you understand what this parameter does before using it - though. --jerry]</P +you understand what this parameter does before using it +though. --jerry</P +></BLOCKQUOTE +></DIV ><P >In order for a Windows NT print server to support - the downloading of driver files by multiple client architectures, - it must create subdirectories within the [print$] service - which correspond to each of the supported client architectures. - Samba follows this model as well.</P +the downloading of driver files by multiple client architectures, +it must create subdirectories within the [print$] service +which correspond to each of the supported client architectures. +Samba follows this model as well.</P ><P >Next create the directory tree below the [print$] share - for each architecture you wish to support.</P +for each architecture you wish to support.</P ><P ><PRE CLASS="PROGRAMLISTING" -> [print$]----- - |-W32X86 ; "Windows NT x86" - |-WIN40 ; "Windows 95/98" - |-W32ALPHA ; "Windows NT Alpha_AXP" - |-W32MIPS ; "Windows NT R4000" - |-W32PPC ; "Windows NT PowerPC" - </PRE +>[print$]----- + |-W32X86 ; "Windows NT x86" + |-WIN40 ; "Windows 95/98" + |-W32ALPHA ; "Windows NT Alpha_AXP" + |-W32MIPS ; "Windows NT R4000" + |-W32PPC ; "Windows NT PowerPC"</PRE ></P ><DIV CLASS="WARNING" @@ -259,38 +249,34 @@ WIDTH="100%" ><TD ALIGN="CENTER" ><B ->Warning</B +>ATTENTION! REQUIRED PERMISSIONS</B ></TD ></TR ><TR ><TD ALIGN="LEFT" ><P -><I -CLASS="EMPHASIS" ->ATTENTION! REQUIRED PERMISSIONS</I -></P -><P >In order to currently add a new driver to you Samba host, - one of two conditions must hold true:</P + one of two conditions must hold true:</P ><P ></P ><UL ><LI ><P >The account used to connect to the Samba host - must have a uid of 0 (i.e. a root account)</P + must have a uid of 0 (i.e. a root account)</P ></LI ><LI ><P >The account used to connect to the Samba host - must be a member of the <A -HREF="smb.conf.5.html" + must be a member of the <A +HREF="smb.conf.5.html#PRINTERADMIN" TARGET="_top" ><TT CLASS="PARAMETER" ><I -> printer admin</I +>printer + admin</I ></TT ></A > list.</P @@ -298,97 +284,107 @@ CLASS="PARAMETER" ></UL ><P >Of course, the connected account must still possess access - to add files to the subdirectories beneath [print$].</P + to add files to the subdirectories beneath [print$].</P ></TD ></TR ></TABLE ></DIV ><P >Once you have created the required [print$] service and - associated subdirectories, simply log onto the Samba server using - a root (or <TT +associated subdirectories, simply log onto the Samba server using +a root (or <TT CLASS="PARAMETER" ><I >printer admin</I ></TT >) account - from a Windows NT 4.0 client. Navigate to the "Printers" folder - on the Samba server. You should see an initial listing of printers - that matches the printer shares defined on your Samba host.</P +from a Windows NT 4.0 client. Navigate to the "Printers" folder +on the Samba server. You should see an initial listing of printers +that matches the printer shares defined on your Samba host.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN65" +>Setting Drivers for Existing Printers</A +></H2 ><P >The initial listing of printers in the Samba host's - Printers folder will have no printer driver assigned to them. - The way assign a driver to a printer is to view the Properties - of the printer and either</P +Printers folder will have no printer driver assigned to them. +The way assign a driver to a printer is to view the Properties +of the printer and either</P ><P ></P ><UL ><LI ><P >Use the "New Driver..." button to install - a new printer driver, or</P + a new printer driver, or</P ></LI ><LI ><P >Select a driver from the popup list of - installed drivers. Initially this list will be empty.</P + installed drivers. Initially this list will be empty.</P ></LI ></UL ><P >If you wish to install printer drivers for client - operating systems other than "Windows NT x86", you will need - to use the "Sharing" tab of the printer properties dialog.</P +operating systems other than "Windows NT x86", you will need +to use the "Sharing" tab of the printer properties dialog.</P ><P >Assuming you have connected with a root account, you - will also be able modify other printer properties such as - ACLs and device settings using this dialog box.</P +will also be able modify other printer properties such as +ACLs and device settings using this dialog box.</P ><P >A few closing comments for this section, it is possible - on a Windows NT print server to have printers - listed in the Printers folder which are not shared. Samba does - not make this distinction. By definition, the only printers of - which Samba is aware are those which are specified as shares in - <TT +on a Windows NT print server to have printers +listed in the Printers folder which are not shared. Samba does +not make this distinction. By definition, the only printers of +which Samba is aware are those which are specified as shares in +<TT CLASS="FILENAME" >smb.conf</TT >.</P ><P >Another interesting side note is that Windows NT clients do - not use the SMB printer share, but rather can print directly - to any printer on another Windows NT host using MS-RPC. This - of course assumes that the printing client has the necessary - privileges on the remote host serving the printer. The default - permissions assigned by Windows NT to a printer gives the "Print" - permissions to the "Everyone" well-known group.</P +not use the SMB printer share, but rather can print directly +to any printer on another Windows NT host using MS-RPC. This +of course assumes that the printing client has the necessary +privileges on the remote host serving the printer. The default +permissions assigned by Windows NT to a printer gives the "Print" +permissions to the "Everyone" well-known group.</P +></DIV ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN74" +NAME="AEN78" >Support a large number of printers</A ></H2 ><P >One issue that has arisen during the development - phase of Samba 2.2 is the need to support driver downloads for - 100's of printers. Using the Windows NT APW is somewhat - awkward to say the list. If more than one printer are using the - same driver, the <A +phase of Samba 2.2 is the need to support driver downloads for +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the +same driver, the <A HREF="rpcclient.1.html" TARGET="_top" ><B CLASS="COMMAND" >rpcclient's - setdriver command</B +setdriver command</B ></A > can be used to set the driver - associated with an installed driver. The following is example - of how this could be accomplished:</P +associated with an installed driver. The following is example +of how this could be accomplished:</P ><P ><PRE CLASS="PROGRAMLISTING" > - <TT +<TT CLASS="PROMPT" >$ </TT >rpcclient pogo -U root%secret -c "enumdrivers" @@ -396,44 +392,185 @@ Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] [Windows NT x86] Printer Driver Info 1: - Driver Name: [HP LaserJet 4000 Series PS] + Driver Name: [HP LaserJet 4000 Series PS] Printer Driver Info 1: - Driver Name: [HP LaserJet 2100 Series PS] + Driver Name: [HP LaserJet 2100 Series PS] Printer Driver Info 1: - Driver Name: [HP LaserJet 4Si/4SiMX PS] + Driver Name: [HP LaserJet 4Si/4SiMX PS] - <TT +<TT CLASS="PROMPT" >$ </TT >rpcclient pogo -U root%secret -c "enumprinters" Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] - flags:[0x800000] - name:[\\POGO\hp-print] - description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] - comment:[] + flags:[0x800000] + name:[\\POGO\hp-print] + description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] + comment:[] - <TT +<TT CLASS="PROMPT" >$ </TT >rpcclient pogo -U root%bleaK.er \ - <TT +<TT CLASS="PROMPT" >> </TT > -c "setdriver hp-print \"HP LaserJet 4000 Series PS\"" Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] -Succesfully set hp-print to driver HP LaserJet 4000 Series PS. - </PRE +Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE ></P ></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN89" +>Adding New Printers via the Windows NT APW</A +></H2 +><P +>By default, Samba offers all printer shares defined in <TT +CLASS="FILENAME" +>smb.conf</TT +> +in the "Printers..." folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The APW will be show only if</P +><P +></P +><UL +><LI +><P +>The connected user is able to successfully + execute an OpenPrinterEx(\\server) with administrative + priviledges (i.e. root or <TT +CLASS="PARAMETER" +><I +>printer admin</I +></TT +>. + </P +></LI +><LI +><P +><A +HREF="smb.conf.5.html#SHOWADDPRINTERWIZARD" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>show + add printer wizard = yes</I +></TT +></A +> (the default). + </P +></LI +></UL +><P +>In order to be able to use the APW to successfully add a printer to a Samba +server, the <A +HREF="smb.conf.5.html#ADDPRINTERCOMMAND" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>addprinter +command</I +></TT +></A +> must have a defined value. The program +hook must successfully add the printer to the system (i.e. +<TT +CLASS="FILENAME" +>/etc/printcap</TT +> or appropriate files) and +<TT +CLASS="FILENAME" +>smb.conf</TT +> if necessary.</P +><P +>When using the APW from a client, if the named printer share does +not exist, <B +CLASS="COMMAND" +>smbd</B +> will execute the <TT +CLASS="PARAMETER" +><I +>add printer +program</I +></TT +> and reparse to the <TT +CLASS="FILENAME" +>smb.conf</TT +> +to attempt to locate the new printer share. If the share is still not defined, +an error of "Access Denied" is returned to the client. Note that the +<TT +CLASS="PARAMETER" +><I +>add printer program</I +></TT +> is executed undet the context +of the connected user, not necessarily a root account.</P +><P +>There is a complementing <A +HREF="smb.conf.5.html#DELETEPRINTERCOMMAND" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>deleteprinter +command</I +></TT +></A +> for removing entries from the "Printers..." +folder.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN114" +>Samba and Printer Ports</A +></H2 +><P +>Windows NT/2000 print servers associate a port with each printer. These normally +take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the +concept of ports associated with a printer. By default, only one printer port, +named "Samba Printer Port", exists on a system. Samba does not really a port in +order to print, rather it is a requirement of Windows clients. </P +><P +>Note that Samba does not support the concept of "Printer Pooling" internally +either. This is when a logical printer is assigned to multiple ports as +a form of load balancing or fail over.</P +><P +>If you require that multiple ports be defined for some reason, +<TT +CLASS="FILENAME" +>smb.conf</TT +> possesses a <A +HREF="smb.conf.5.html#ENUMPORTSCOMMAND" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>enumports +command</I +></TT +></A +> which can be used to define an external program +that generates a listing of ports on a system.</P +></DIV ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN85" +NAME="AEN122" >The Imprints Toolset</A ></H1 ><P @@ -451,7 +588,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN89" +NAME="AEN126" >What is Imprints?</A ></H2 ><P @@ -483,7 +620,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN99" +NAME="AEN136" >Creating Printer Driver Packages</A ></H2 ><P @@ -499,7 +636,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN102" +NAME="AEN139" >The Imprints server</A ></H2 ><P @@ -520,7 +657,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN106" +NAME="AEN143" >The Installation Client</A ></H2 ><P @@ -565,17 +702,16 @@ CLASS="COMMAND" ><PRE CLASS="PROGRAMLISTING" > - foreach (supported architecture for a given driver) - { - 1. rpcclient: Get the appropriate upload directory - on the remote server - 2. smbclient: Upload the driver files - 3. rpcclient: Issues an AddPrinterDriver() MS-RPC - } +foreach (supported architecture for a given driver) +{ + 1. rpcclient: Get the appropriate upload directory + on the remote server + 2. smbclient: Upload the driver files + 3. rpcclient: Issues an AddPrinterDriver() MS-RPC +} - 4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually - create the printer - </PRE +4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually + create the printer</PRE ></P ><P >One of the problems encountered when implementing @@ -615,7 +751,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN128" +NAME="AEN165" ><A NAME="MIGRATION" ></A @@ -639,7 +775,7 @@ WIDTH="100%" ><TD ALIGN="CENTER" ><B ->Warning</B +>Achtung!</B ></TD ></TR ><TR @@ -725,15 +861,24 @@ CLASS="COMMAND" ><P >If you want to migrate an existing <TT CLASS="FILENAME" -> printers.def</TT -> file into the new setup, the current only +>printers.def</TT +> + file into the new setup, the current only solution is to use the Windows NT APW to install the NT drivers - and the 9x drivers. This can be scripted using smbclient and - rpcclient. See the <A + and the 9x drivers. This can be scripted using <B +CLASS="COMMAND" +>smbclient</B +> + and <B +CLASS="COMMAND" +>rpcclient</B +>. See the + Imprints installation client at <A HREF="http://imprints.sourceforge.net/" TARGET="_top" -> Imprints insrallation client</A -> for an example. +>http://imprints.sourceforge.net/</A +> + for an example. </P ></LI ></UL diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html index 0242f7b827..786dd6c866 100644 --- a/docs/htmldocs/rpcclient.1.html +++ b/docs/htmldocs/rpcclient.1.html @@ -37,7 +37,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >rpcclient</B -> {server} [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N]</P +> {server} [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N]</P ></DIV ><DIV CLASS="REFSECT1" @@ -104,12 +104,21 @@ CLASS="FILENAME" password used in the connection. The format of the file is </P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" -> username = <value> - password = <value> - domain = <value> +> username = <value> + password = <value> + domain = <value> </PRE +></TD +></TR +></TABLE ></P ><P >Make certain that the permissions on the file restrict @@ -248,9 +257,8 @@ NAME="AEN91" ><H2 >COMMANDS</H2 ><P -><I -CLASS="EMPHASIS" ->LSARPC</I +><EM +>LSARPC</EM ></P ><P ></P @@ -287,9 +295,8 @@ CLASS="COMMAND" ><P > </P ><P -><I -CLASS="EMPHASIS" ->SAMR</I +><EM +>SAMR</EM ></P ><P ></P @@ -326,9 +333,8 @@ CLASS="COMMAND" ><P > </P ><P -><I -CLASS="EMPHASIS" ->SPOOLSS</I +><EM +>SPOOLSS</EM ></P ><P ></P @@ -337,7 +343,7 @@ CLASS="EMPHASIS" ><P ><B CLASS="COMMAND" ->adddriver <arch> <config></B +>adddriver <arch> <config></B > - Execute an AddPrinterDriver() RPC to install the printer driver information on the server. Note that the driver files should @@ -364,6 +370,12 @@ CLASS="PARAMETER" > parameter is defined as follows: </P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > Long Printer Name:\ @@ -375,6 +387,9 @@ CLASS="PROGRAMLISTING" Default Data Type:\ Comma Separated list of Files </PRE +></TD +></TR +></TABLE ></P ><P >Any empty fields should be enter as the string "NULL". </P @@ -390,8 +405,8 @@ CLASS="PROGRAMLISTING" ><P ><B CLASS="COMMAND" ->addprinter <printername> - <sharename> <drivername> <port></B +>addprinter <printername> + <sharename> <drivername> <port></B > - Add a printer on the remote server. This printer will be automatically shared. Be aware that the printer driver @@ -426,7 +441,7 @@ CLASS="COMMAND" ><P ><B CLASS="COMMAND" ->enumjobs <printer></B +>enumjobs <printer></B > - List the jobs and status of a given printer. This command corresponds to the MS Platform SDK EnumJobs() @@ -468,7 +483,7 @@ CLASS="COMMAND" ><P ><B CLASS="COMMAND" ->getdata <printername></B +>getdata <printername></B > - Retrieve the data for a given printer setting. See the <B @@ -482,7 +497,7 @@ CLASS="COMMAND" ><P ><B CLASS="COMMAND" ->getdriver <printername></B +>getdriver <printername></B > - Retrieve the printer driver information (such as driver file, config file, dependent files, etc...) for @@ -494,7 +509,7 @@ CLASS="COMMAND" ><P ><B CLASS="COMMAND" ->getdriverdir <arch></B +>getdriverdir <arch></B > - Execute a GetPrinterDriverDirectory() RPC to retreive the SMB share name and subdirectory for @@ -512,7 +527,7 @@ CLASS="PARAMETER" ><P ><B CLASS="COMMAND" ->getprinter <printername></B +>getprinter <printername></B > - Retrieve the current printer information. This command corresponds to the GetPrinter() MS Platform SDK function. @@ -522,7 +537,7 @@ CLASS="COMMAND" ><P ><B CLASS="COMMAND" ->openprinter <printername></B +>openprinter <printername></B > - Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer. </P @@ -531,7 +546,7 @@ CLASS="COMMAND" ><P ><B CLASS="COMMAND" ->setdriver <printername> <drivername></B +>setdriver <printername> <drivername></B > - Execute a SetPrinter() command to update the printer driver associated with an installed printer. The printer driver must already be correctly @@ -549,9 +564,8 @@ CLASS="COMMAND" ></LI ></UL ><P -><I -CLASS="EMPHASIS" ->GENERAL OPTIONS</I +><EM +>GENERAL OPTIONS</EM ></P ><P ></P @@ -604,9 +618,8 @@ CLASS="COMMAND" ><P >From Luke Leighton's original rpcclient man page:</P ><P -><I -CLASS="EMPHASIS" ->"WARNING!</I +><EM +>"WARNING!</EM > The MSRPC over SMB code has been developed from examining Network traces. No documentation is available from the original creators (Microsoft) on how MSRPC over diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html index 2197fe195f..0f8a83a939 100644 --- a/docs/htmldocs/smb.conf.5.html +++ b/docs/htmldocs/smb.conf.5.html @@ -123,9 +123,8 @@ NAME="AEN28" ><P >There are three special sections, [global], [homes] and [printers], which are - described under <I -CLASS="EMPHASIS" ->special sections</I + described under <EM +>special sections</EM >. The following notes apply to ordinary section descriptions.</P ><P @@ -139,14 +138,12 @@ CLASS="EMPHASIS" printable services (used by the client to access print services on the host running the server).</P ><P ->Sections may be designated <I -CLASS="EMPHASIS" ->guest</I +>Sections may be designated <EM +>guest</EM > services, in which case no password is required to access them. A specified - UNIX <I -CLASS="EMPHASIS" ->guest account</I + UNIX <EM +>guest account</EM > is used to define access privileges in this case.</P ><P @@ -168,6 +165,12 @@ CLASS="FILENAME" >/home/bar</TT >. The share is accessed via the share name "foo":</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT @@ -178,16 +181,24 @@ CLASS="COMPUTEROUTPUT" </TT > </PRE +></TD +></TR +></TABLE ><P >The following sample section defines a printable share. The share is readonly, but printable. That is, the only write access permitted is via calls to open, write to and close a - spool file. The <I -CLASS="EMPHASIS" ->guest ok</I + spool file. The <EM +>guest ok</EM > parameter means access will be permitted as the default guest user (specified elsewhere):</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT @@ -200,6 +211,9 @@ CLASS="COMPUTEROUTPUT" </TT > </PRE +></TD +></TR +></TABLE ></DIV ><DIV CLASS="REFSECT1" @@ -257,9 +271,8 @@ NAME="AEN53" ></LI ></UL ><P ->If you decide to use a <I -CLASS="EMPHASIS" ->path=</I +>If you decide to use a <EM +>path=</EM > line in your [homes] section then you may find it useful to use the %S macro. For example :</P @@ -288,6 +301,12 @@ CLASS="USERINPUT" a normal service section can specify, though some make more sense than others. The following is a typical and suitable [homes] section:</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT @@ -297,23 +316,23 @@ CLASS="COMPUTEROUTPUT" </TT > </PRE +></TD +></TR +></TABLE ><P >An important point is that if guest access is specified in the [homes] section, all home directories will be - visible to all clients <I -CLASS="EMPHASIS" ->without a password</I + visible to all clients <EM +>without a password</EM >. In the very unlikely event that this is actually desirable, it - would be wise to also specify <I -CLASS="EMPHASIS" + would be wise to also specify <EM >read only - access</I + access</EM >.</P ><P ->Note that the <I -CLASS="EMPHASIS" ->browseable</I +>Note that the <EM +>browseable</EM > flag for auto home directories will be inherited from the global browseable flag, not the [homes] browseable flag. This is useful as @@ -376,6 +395,12 @@ NAME="AEN78" world-writeable spool directory with the sticky bit set on it. A typical [printers] entry would look like this:</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" ><TT @@ -386,12 +411,21 @@ CLASS="COMPUTEROUTPUT" printable = yes </TT ></PRE +></TD +></TR +></TABLE ><P >All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. If your printing subsystem doesn't work like that, you will have to set up a pseudo-printcap. This is a file consisting of one or more lines like this:</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT @@ -400,6 +434,9 @@ CLASS="COMPUTEROUTPUT" </TT > </PRE +></TD +></TR +></TABLE ><P >Each alias should be an acceptable printer name for your printing subsystem. In the [global] section, specify @@ -431,29 +468,24 @@ NAME="AEN101" >parameters define the specific attributes of sections.</P ><P >Some parameters are specific to the [global] section - (e.g., <I -CLASS="EMPHASIS" ->security</I + (e.g., <EM +>security</EM >). Some parameters are usable - in all sections (e.g., <I -CLASS="EMPHASIS" ->create mode</I + in all sections (e.g., <EM +>create mode</EM >). All others are permissible only in normal sections. For the purposes of the following descriptions the [homes] and [printers] - sections will be considered normal. The letter <I -CLASS="EMPHASIS" ->G</I + sections will be considered normal. The letter <EM +>G</EM > in parentheses indicates that a parameter is specific to the - [global] section. The letter <I -CLASS="EMPHASIS" ->S</I + [global] section. The letter <EM +>S</EM > indicates that a parameter can be specified in a service specific - section. Note that all <I -CLASS="EMPHASIS" ->S</I + section. Note that all <EM +>S</EM > parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.</P @@ -570,9 +602,8 @@ CLASS="VARIABLELIST" ><P >the name of your NIS home directory server. This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the <I -CLASS="EMPHASIS" ->--with-automount</I + not compiled Samba with the <EM +>--with-automount</EM > option then this value will be the same as %.</P ></DD @@ -682,9 +713,8 @@ CLASS="VARIABLELIST" > controls if names that have characters that aren't of the "default" case are mangled. For example, if this is yes then a name like "Mail" would be mangled. - Default <I -CLASS="EMPHASIS" ->no</I + Default <EM +>no</EM >.</P ></DD ><DT @@ -693,9 +723,8 @@ CLASS="EMPHASIS" ><P >controls whether filenames are case sensitive. If they aren't then Samba must do a filename search and match on passed - names. Default <I -CLASS="EMPHASIS" ->no</I + names. Default <EM +>no</EM >.</P ></DD ><DT @@ -703,9 +732,8 @@ CLASS="EMPHASIS" ><DD ><P >controls what the default case is for new - filenames. Default <I -CLASS="EMPHASIS" ->lower</I + filenames. Default <EM +>lower</EM >.</P ></DD ><DT @@ -714,9 +742,8 @@ CLASS="EMPHASIS" ><P >controls if new files are created with the case that the client passes, or if they are forced to be the - "default" case. Default <I -CLASS="EMPHASIS" ->yes</I + "default" case. Default <EM +>yes</EM >. </P ></DD @@ -729,9 +756,8 @@ CLASS="EMPHASIS" upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" to permit long filenames to retain their case, while short names - are lowered. Default <I -CLASS="EMPHASIS" ->yes</I + are lowered. Default <EM +>yes</EM >.</P ></DD ></DL @@ -4167,9 +4193,8 @@ NAME="ADDUSERSCRIPT" ><DD ><P >This is the full pathname to a script that will - be run <I -CLASS="EMPHASIS" ->AS ROOT</I + be run <EM +>AS ROOT</EM > by <A HREF="smbd.8.html" TARGET="_top" @@ -4186,9 +4211,8 @@ HREF="smbd.8.html" TARGET="_top" >smbd</A > to create the required UNIX users - <I -CLASS="EMPHASIS" ->ON DEMAND</I + <EM +>ON DEMAND</EM > when a user accesses the Samba server.</P ><P >In order to use this option, <A @@ -4248,9 +4272,8 @@ CLASS="PARAMETER" CLASS="COMMAND" >smbd</B > will - call the specified script <I -CLASS="EMPHASIS" ->AS ROOT</I + call the specified script <EM +>AS ROOT</EM >, expanding any <TT CLASS="PARAMETER" @@ -4297,7 +4320,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->add user script = <empty string> +>add user script = <empty string> </B ></P ><P @@ -4465,9 +4488,8 @@ CLASS="PARAMETER" ></A ></P ><P ->Default: <I -CLASS="EMPHASIS" ->none</I +>Default: <EM +>none</EM ></P ><P >Example: <B @@ -4491,9 +4513,8 @@ NAME="ADMINUSERS" this list will be able to do anything they like on the share, irrespective of file permissions.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no admin users</I +>Default: <EM +>no admin users</EM ></P ><P >Example: <B @@ -4648,9 +4669,8 @@ CLASS="PARAMETER" ><I >available = no</I ></TT ->, then <I -CLASS="EMPHASIS" ->ALL</I +>, then <EM +>ALL</EM > attempts to connect to the service will fail. Such failures are logged.</P @@ -4757,9 +4777,8 @@ CLASS="PARAMETER" >bind interfaces only</I ></TT > is set then - unless the network address <I -CLASS="EMPHASIS" ->127.0.0.1</I + unless the network address <EM +>127.0.0.1</EM > is added to the <TT CLASS="PARAMETER" @@ -4788,9 +4807,8 @@ CLASS="COMMAND" CLASS="COMMAND" >smbpasswd</B > - by default connects to the <I -CLASS="EMPHASIS" ->localhost - 127.0.0.1</I + by default connects to the <EM +>localhost - 127.0.0.1</EM > address as an SMB client to issue the password change request. If <TT @@ -4799,9 +4817,8 @@ CLASS="PARAMETER" >bind interfaces only</I ></TT > is set then unless the - network address <I -CLASS="EMPHASIS" ->127.0.0.1</I + network address <EM +>127.0.0.1</EM > is added to the <TT CLASS="PARAMETER" @@ -4850,13 +4867,11 @@ CLASS="COMMAND" CLASS="COMMAND" >nmbd</B > at the address - <I -CLASS="EMPHASIS" ->127.0.0.1</I + <EM +>127.0.0.1</EM > to determine if they are running. - Not adding <I -CLASS="EMPHASIS" ->127.0.0.1</I + Not adding <EM +>127.0.0.1</EM > will cause <B CLASS="COMMAND" > smbd</B @@ -5073,9 +5088,8 @@ CLASS="PARAMETER" >client code page</I ></TT > - <I -CLASS="EMPHASIS" ->MUST</I + <EM +>MUST</EM > be set to code page 850 if the <TT CLASS="PARAMETER" @@ -5101,9 +5115,8 @@ CLASS="PARAMETER" >client code page </I ></TT -> <I -CLASS="EMPHASIS" ->MUST</I +> <EM +>MUST</EM > be set to code page 852 if the <TT CLASS="PARAMETER" @@ -5129,9 +5142,8 @@ CLASS="PARAMETER" >client code page </I ></TT -> <I -CLASS="EMPHASIS" ->MUST</I +> <EM +>MUST</EM > be set to code page 866 if the <TT CLASS="PARAMETER" @@ -5157,9 +5169,8 @@ CLASS="PARAMETER" >client code page </I ></TT -> <I -CLASS="EMPHASIS" ->MUST</I +> <EM +>MUST</EM > be set to code page 737 if the <TT CLASS="PARAMETER" @@ -5185,9 +5196,8 @@ CLASS="PARAMETER" ><I >client code page</I ></TT -> <I -CLASS="EMPHASIS" ->MUST</I +> <EM +>MUST</EM > be set to code page 866 if the <TT CLASS="PARAMETER" @@ -5203,9 +5213,8 @@ CLASS="CONSTANT" ></LI ></UL ><P -><I -CLASS="EMPHASIS" ->BUG</I +><EM +>BUG</EM >. These MSDOS code page to UNIX character set mappings should be dynamic, like the loading of MS DOS code pages, not static.</P @@ -5215,7 +5224,7 @@ CLASS="EMPHASIS" ><P >Default: <B CLASS="COMMAND" ->character set = <empty string></B +>character set = <empty string></B ></P ><P >Example: <B @@ -5344,9 +5353,8 @@ CLASS="PARAMETER" >client code page</I ></TT > parameter - <I -CLASS="EMPHASIS" ->MUST</I + <EM +>MUST</EM > be set before the <TT CLASS="PARAMETER" ><I @@ -5541,7 +5549,7 @@ CLASS="CONSTANT" ><P >Default: <B CLASS="COMMAND" ->coding system = <empty value></B +>coding system = <empty value></B > </P ></DD @@ -5571,9 +5579,8 @@ CLASS="PARAMETER" ></A > parameter.</P ><P ->Default: <I -CLASS="EMPHASIS" ->No comment string</I +>Default: <EM +>No comment string</EM ></P ><P >Example: <B @@ -5630,9 +5637,8 @@ NAME="COPY" copied must occur earlier in the configuration file than the service doing the copying.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no value</I +>Default: <EM +>no value</EM ></P ><P >Example: <B @@ -5663,9 +5669,8 @@ CLASS="PARAMETER" calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise - MASK for the UNIX modes of a file. Any bit <I -CLASS="EMPHASIS" ->not</I + MASK for the UNIX modes of a file. Any bit <EM +>not</EM > set here will be removed from the modes set on a file when it is created.</P @@ -5971,9 +5976,8 @@ NAME="DEFAULTSERVICE" ><P >This parameter specifies the name of a service which will be connected to if the service actually requested cannot - be found. Note that the square brackets are <I -CLASS="EMPHASIS" ->NOT</I + be found. Note that the square brackets are <EM +>NOT</EM > given in the parameter value (see example below).</P ><P @@ -6015,6 +6019,12 @@ CLASS="PARAMETER" ><P >Example:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >[global] @@ -6023,6 +6033,9 @@ CLASS="PROGRAMLISTING" [pub] path = /%S </PRE +></TD +></TR +></TABLE ></P ></DD ><DT @@ -6052,9 +6065,8 @@ NAME="DELETEUSERSCRIPT" ><DD ><P >This is the full pathname to a script that will - be run <I -CLASS="EMPHASIS" ->AS ROOT</I + be run <EM +>AS ROOT</EM > by <A HREF="smbd.8.html" TARGET="_top" @@ -6072,10 +6084,9 @@ CLASS="COMMAND" Windows NT PDC is an onerous task. This option allows <B CLASS="COMMAND" > smbd</B -> to delete the required UNIX users <I -CLASS="EMPHASIS" +> to delete the required UNIX users <EM >ON - DEMAND</I + DEMAND</EM > when a user accesses the Samba server and the Windows NT user no longer exists.</P ><P @@ -6102,9 +6113,8 @@ CLASS="PARAMETER" </I ></TT >, which expands into the UNIX user name to delete. - <I -CLASS="EMPHASIS" ->NOTE</I + <EM +>NOTE</EM > that this is different to the <A HREF="#ADDUSERSCRIPT" ><TT @@ -6138,9 +6148,8 @@ CLASS="PARAMETER" the user in this circumstance would not be a good idea.</P ><P >When the Windows user attempts to access the Samba server, - at <I -CLASS="EMPHASIS" ->login</I + at <EM +>login</EM > (session setup in the SMB protocol) time, <B CLASS="COMMAND" @@ -6171,9 +6180,8 @@ CLASS="PARAMETER" CLASS="COMMAND" >smbd</B > will all the specified script - <I -CLASS="EMPHASIS" ->AS ROOT</I + <EM +>AS ROOT</EM >, expanding any <TT CLASS="PARAMETER" ><I @@ -6212,7 +6220,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->delete user script = <empty string> +>delete user script = <empty string> </B ></P ><P @@ -6308,9 +6316,8 @@ CLASS="PARAMETER" ></A ></P ><P ->Default: <I -CLASS="EMPHASIS" ->none</I +>Default: <EM +>none</EM ></P ><P >Example: <B @@ -6430,17 +6437,15 @@ CLASS="FILENAME" third return value can give the block size in bytes. The default blocksize is 1024 bytes.</P ><P ->Note: Your script should <I -CLASS="EMPHASIS" ->NOT</I +>Note: Your script should <EM +>NOT</EM > be setuid or setgid and should be owned by (and writeable only by) root!</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >By default internal routines for determining the disk capacity and remaining space will be used. - </I + </EM ></P ><P >Example: <B @@ -6451,22 +6456,40 @@ CLASS="COMMAND" ><P >Where the script dfree (which must be made executable) could be:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > #!/bin/sh df $1 | tail -1 | awk '{print $2" "$4}' </PRE +></TD +></TR +></TABLE ></P ><P >or perhaps (on Sys V based systems):</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > #!/bin/sh /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' </PRE +></TD +></TR +></TABLE ></P ><P >Note that you may have to replace the command names @@ -6505,9 +6528,8 @@ NAME="DIRECTORYMASK" calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise MASK for - the UNIX modes of a directory. Any bit <I -CLASS="EMPHASIS" ->not</I + the UNIX modes of a directory. Any bit <EM +>not</EM > set here will be removed from the modes set on a directory when it is created.</P @@ -6631,9 +6653,8 @@ CLASS="PARAMETER" modify all the user/group/world permissions on a directory, set this parameter to 0777.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -6670,8 +6691,8 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->directory security mask = <same as - directory mask></B +>directory security mask = <same as + directory mask></B ></P ><P >Example: <B @@ -6729,9 +6750,8 @@ NAME="DOMAINADMINGROUP" >domain admin group (G)</DT ><DD ><P ->This is an <I -CLASS="EMPHASIS" ->EXPERIMENTAL</I +>This is an <EM +>EXPERIMENTAL</EM > parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -6754,9 +6774,8 @@ NAME="DOMAINADMINUSERS" >domain admin users (G)</DT ><DD ><P ->This is an <I -CLASS="EMPHASIS" ->EXPERIMENTAL</I +>This is an <EM +>EXPERIMENTAL</EM > parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -6779,9 +6798,8 @@ NAME="DOMAINGROUPS" >domain groups (G)</DT ><DD ><P ->This is an <I -CLASS="EMPHASIS" ->EXPERIMENTAL</I +>This is an <EM +>EXPERIMENTAL</EM > parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -6804,9 +6822,8 @@ NAME="DOMAINGUESTGROUP" >domain guest group (G)</DT ><DD ><P ->This is an <I -CLASS="EMPHASIS" ->EXPERIMENTAL</I +>This is an <EM +>EXPERIMENTAL</EM > parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -6829,9 +6846,8 @@ NAME="DOMAINGUESTUSERS" >domain guest users (G)</DT ><DD ><P ->This is an <I -CLASS="EMPHASIS" ->EXPERIMENTAL</I +>This is an <EM +>EXPERIMENTAL</EM > parameter that is part of the unfinished Samba NT Domain Controller Code. It may be removed in a later release. To work with the latest code builds @@ -7015,10 +7031,9 @@ CLASS="FILENAME" >. Experimentation is the best policy :-) </P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >none (i.e., all directories are OK - to descend)</I + to descend)</EM ></P ><P >Example: <B @@ -7179,10 +7194,9 @@ NAME="ENHANCEDBROWSING" >This option enables a couple of enhancements to cross-subnet browse propogation that have been added in Samba but which are not standard in Microsoft implementations. - <I -CLASS="EMPHASIS" + <EM >These enhancements are currently only available in - the HEAD Samba CVS tree (not Samba 2.2.x).</I + the HEAD Samba CVS tree (not Samba 2.2.x).</EM ></P ><P >The first enhancement to browse propogation consists of a regular @@ -7240,9 +7254,8 @@ CLASS="PARAMETER" to standard output. This listing will then be used in response to the level 1 and 2 EnumPorts() RPC.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no enumports command</I +>Default: <EM +>no enumports command</EM ></P ><P >Example: <B @@ -7408,9 +7421,8 @@ NAME="FORCECREATEMODE" ><DD ><P >This parameter specifies a set of UNIX mode bit - permissions that will <I -CLASS="EMPHASIS" ->always</I + permissions that will <EM +>always</EM > be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created or having its @@ -7468,9 +7480,8 @@ NAME="FORCEDIRECTORYMODE" ><DD ><P >This parameter specifies a set of UNIX mode bit - permissions that will <I -CLASS="EMPHASIS" ->always</I + permissions that will <EM +>always</EM > be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a directory that is being created. The default for this @@ -7551,9 +7562,8 @@ CLASS="PARAMETER" a user to modify all the user/group/world permissions on a directory without restrictions, set this parameter to 000.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -7590,8 +7600,8 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->force directory security mode = <same as - force directory mode></B +>force directory security mode = <same as + force directory mode></B ></P ><P >Example: <B @@ -7664,9 +7674,8 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no forced group</I +>Default: <EM +>no forced group</EM ></P ><P >Example: <B @@ -7706,9 +7715,8 @@ CLASS="PARAMETER" modify all the user/group/world permissions on a file, with no restrictions set this parameter to 000.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -7745,8 +7753,8 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->force security mode = <same as force - create mode></B +>force security mode = <same as force + create mode></B ></P ><P >Example: <B @@ -7788,9 +7796,8 @@ CLASS="PARAMETER" ></A ></P ><P ->Default: <I -CLASS="EMPHASIS" ->no forced user</I +>Default: <EM +>no forced user</EM ></P ><P >Example: <B @@ -7925,10 +7932,9 @@ CLASS="COMMAND" > lp(1)</B >.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >specified at compile time, usually - "nobody"</I + "nobody"</EM ></P ><P >Example: <B @@ -8080,9 +8086,8 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no file are hidden</I +>Default: <EM +>no file are hidden</EM ></P ><P >Example: <B @@ -8162,9 +8167,8 @@ CLASS="COMMAND" that copes with different map formats and also Amd (another automounter) maps.</P ><P -><I -CLASS="EMPHASIS" ->NOTE :</I +><EM +>NOTE :</EM >A working NIS client is required on the system for this option to work.</P ><P @@ -8190,7 +8194,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->homedir map = <empty string></B +>homedir map = <empty string></B ></P ><P >Example: <B @@ -8287,9 +8291,8 @@ CLASS="PARAMETER" ><P >You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The - <I -CLASS="EMPHASIS" ->EXCEPT</I + <EM +>EXCEPT</EM > keyword can also be used to limit a wildcard list. The following examples may provide some help:</P ><P @@ -8340,10 +8343,9 @@ CLASS="COMMAND" > for a way of testing your host access to see if it does what you expect.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >none (i.e., all hosts permitted access) - </I + </EM ></P ><P >Example: <B @@ -8365,9 +8367,8 @@ CLASS="PARAMETER" >hosts allow</I ></TT > - - hosts listed here are <I -CLASS="EMPHASIS" ->NOT</I + - hosts listed here are <EM +>NOT</EM > permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the <TT @@ -8378,10 +8379,9 @@ CLASS="PARAMETER" > list takes precedence.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >none (i.e., no hosts specifically excluded) - </I + </EM ></P ><P >Example: <B @@ -8419,9 +8419,8 @@ CLASS="PARAMETER" > may be useful for NT clients which will not supply passwords to samba.</P ><P -><I -CLASS="EMPHASIS" ->NOTE :</I +><EM +>NOTE :</EM > The use of <TT CLASS="PARAMETER" ><I @@ -8438,15 +8437,13 @@ CLASS="PARAMETER" ></TT > option be only used if you really know what you are doing, or perhaps on a home network where you trust - your spouse and kids. And only if you <I -CLASS="EMPHASIS" ->really</I + your spouse and kids. And only if you <EM +>really</EM > trust them :-).</P ><P ->Default: <I -CLASS="EMPHASIS" ->no host equivalences</I +>Default: <EM +>no host equivalences</EM ></P ><P >Example: <B @@ -8484,9 +8481,8 @@ CLASS="PARAMETER" >. </P ><P ->Default: <I -CLASS="EMPHASIS" ->no file included</I +>Default: <EM +>no file included</EM ></P ><P >Example: <B @@ -8574,9 +8570,8 @@ CLASS="PARAMETER" </A > as usual.</P ><P ->Note that the setuid bit is <I -CLASS="EMPHASIS" ->never</I +>Note that the setuid bit is <EM +>never</EM > set via inheritance (the code explicitly prohibits this).</P ><P @@ -8696,10 +8691,9 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >all active interfaces except 127.0.0.1 - that are broadcast capable</I + that are broadcast capable</EM ></P ></DD ><DT @@ -8710,9 +8704,8 @@ NAME="INVALIDUSERS" ><DD ><P >This is a list of users that should not be allowed - to login to this service. This is really a <I -CLASS="EMPHASIS" ->paranoid</I + to login to this service. This is really a <EM +>paranoid</EM > check to absolutely ensure an improper setting does not breach your security.</P @@ -8729,7 +8722,7 @@ CLASS="EMPHASIS" so the value <TT CLASS="PARAMETER" ><I ->+&group</I +>+&group</I ></TT > means check the UNIX group database, followed by the NIS netgroup database, and @@ -8761,9 +8754,8 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no invalid users</I +>Default: <EM +>no invalid users</EM ></P ><P >Example: <B @@ -8847,9 +8839,8 @@ CLASS="COMMAND" > </A > has oplocked. This allows complete data consistency between - SMB/CIFS, NFS and local file access (and is a <I -CLASS="EMPHASIS" ->very</I + SMB/CIFS, NFS and local file access (and is a <EM +>very</EM > cool feature :-).</P ><P @@ -9159,25 +9150,22 @@ CLASS="COMMAND" > will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By default this value is set to true. Setting this value to true doesn't - mean that Samba will <I -CLASS="EMPHASIS" ->become</I + mean that Samba will <EM +>become</EM > the local master browser on a subnet, just that <B CLASS="COMMAND" >nmbd</B -> will <I -CLASS="EMPHASIS" -> participate</I +> will <EM +> participate</EM > in elections for local master browser.</P ><P >Setting this value to False will cause <B CLASS="COMMAND" >nmbd</B > - <I -CLASS="EMPHASIS" ->never</I + <EM +>never</EM > to become a local master browser.</P ><P >Default: <B @@ -9257,13 +9245,11 @@ CLASS="COMMAND" >, real locking will be performed by the server.</P ><P ->This option <I -CLASS="EMPHASIS" ->may</I +>This option <EM +>may</EM > be useful for read-only - filesystems which <I -CLASS="EMPHASIS" ->may</I + filesystems which <EM +>may</EM > not need locking (such as cdrom drives), although setting this parameter of <TT CLASS="CONSTANT" @@ -9479,9 +9465,8 @@ CLASS="FILENAME" >Thereafter, the directories and any of the contents can, if required, be made read-only. It is not advisable that the NTuser.dat file be made read-only - rename it to NTuser.man to - achieve the desired effect (a <I -CLASS="EMPHASIS" ->MAN</I + achieve the desired effect (a <EM +>MAN</EM >datory profile). </P ><P @@ -9571,9 +9556,8 @@ CLASS="COMMAND" >This option is only useful if Samba is set up as a logon server.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no logon script defined</I +>Default: <EM +>no logon script defined</EM ></P ><P >Example: <B @@ -9810,14 +9794,13 @@ CLASS="PARAMETER" ></A > parameter.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >depends on the setting of <TT CLASS="PARAMETER" ><I > printing</I ></TT -></I +></EM ></P ><P >Example: <B @@ -9969,15 +9952,14 @@ CLASS="PARAMETER" ></A > parameter.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >depends on the setting of <TT CLASS="PARAMETER" ><I >printing </I ></TT -></I +></EM ></P ><P >Example 1: <B @@ -10066,7 +10048,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->magic output = <magic script name>.out +>magic output = <magic script name>.out </B ></P ><P @@ -10105,24 +10087,20 @@ CLASS="PARAMETER" >Note that some shells are unable to interpret scripts containing CR/LF instead of CR as the end-of-line marker. Magic scripts must be executable - <I -CLASS="EMPHASIS" ->as is</I + <EM +>as is</EM > on the host, which for some hosts and some shells will require filtering at the DOS end.</P ><P ->Magic scripts are <I -CLASS="EMPHASIS" ->EXPERIMENTAL</I +>Magic scripts are <EM +>EXPERIMENTAL</EM > and - should <I -CLASS="EMPHASIS" ->NOT</I + should <EM +>NOT</EM > be relied upon.</P ><P ->Default: <I -CLASS="EMPHASIS" ->None. Magic scripts disabled.</I +>Default: <EM +>None. Magic scripts disabled.</EM ></P ><P >Example: <B @@ -10189,9 +10167,8 @@ CLASS="FILENAME" > off the ends of filenames on some CDROMS (only visible under some UNIXes). To do this use a map of (*;1 *;).</P ><P ->Default: <I -CLASS="EMPHASIS" ->no mangled map</I +>Default: <EM +>no mangled map</EM ></P ><P >Example: <B @@ -10329,9 +10306,8 @@ NAME="MANGLINGCHAR" ><DD ><P >This controls what character is used as - the <I -CLASS="EMPHASIS" ->magic</I + the <EM +>magic</EM > character in <A HREF="#AEN201" >name mangling</A @@ -10532,9 +10508,8 @@ HREF="#GUESTACCOUNT" will not know the reason they cannot access files they think they should - there will have been no message given to them that they got their password wrong. Helpdesk services will - <I -CLASS="EMPHASIS" ->hate</I + <EM +>hate</EM > you if you set the <TT CLASS="PARAMETER" ><I @@ -10553,9 +10528,8 @@ CLASS="PARAMETER" ></TT > modes other than share. This is because in these modes the name of the resource being - requested is <I -CLASS="EMPHASIS" ->not</I + requested is <EM +>not</EM > sent to the server until after the server has successfully authenticated the client so the server cannot make authentication decisions at the correct time (connection @@ -10805,9 +10779,8 @@ CLASS="CONSTANT" ><TT CLASS="CONSTANT" >LANMAN1</TT ->: First <I -CLASS="EMPHASIS" -> modern</I +>: First <EM +> modern</EM > version of the protocol. Long filename support.</P ></LI @@ -11006,10 +10979,9 @@ CLASS="COMMAND" CLASS="COMMAND" >xedit</B >, then - removes it afterwards. <I -CLASS="EMPHASIS" + removes it afterwards. <EM >NOTE THAT IT IS VERY IMPORTANT - THAT THIS COMMAND RETURN IMMEDIATELY</I + THAT THIS COMMAND RETURN IMMEDIATELY</EM >. That's why I have the '&' on the end. If it doesn't return immediately then your PCs may freeze when sending messages (they should recover @@ -11075,7 +11047,7 @@ CLASS="PARAMETER" ><B CLASS="COMMAND" >message command = /bin/mail -s 'message from %f on - %m' root < %s; rm %s</B + %m' root < %s; rm %s</B ></P ><P >If you don't have a message command then the message @@ -11091,9 +11063,8 @@ CLASS="COMMAND" >message command = rm %s</B ></P ><P ->Default: <I -CLASS="EMPHASIS" ->no message command</I +>Default: <EM +>no message command</EM ></P ><P >Example: <B @@ -11463,9 +11434,8 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" ->empty string (no additional names)</I +>Default: <EM +>empty string (no additional names)</EM ></P ><P >Example: <B @@ -11498,9 +11468,8 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" ->machine DNS name</I +>Default: <EM +>machine DNS name</EM ></P ><P >Example: <B @@ -11779,10 +11748,9 @@ NAME="OPLOCKBREAKWAITTIME" is the amount of time Samba will wait before sending an oplock break request to such (broken) clients.</P ><P -><I -CLASS="EMPHASIS" +><EM >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ - AND UNDERSTOOD THE SAMBA OPLOCK CODE</I + AND UNDERSTOOD THE SAMBA OPLOCK CODE</EM >.</P ><P >Default: <B @@ -11797,9 +11765,8 @@ NAME="OPLOCKCONTENTIONLIMIT" >oplock contention limit (S)</DT ><DD ><P ->This is a <I -CLASS="EMPHASIS" ->very</I +>This is a <EM +>very</EM > advanced <A HREF="smbd.8.html" @@ -11818,10 +11785,9 @@ CLASS="COMMAND" > to behave in a similar way to Windows NT.</P ><P -><I -CLASS="EMPHASIS" +><EM >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ - AND UNDERSTOOD THE SAMBA OPLOCK CODE</I + AND UNDERSTOOD THE SAMBA OPLOCK CODE</EM >.</P ><P >Default: <B @@ -11917,9 +11883,8 @@ CLASS="PARAMETER" ></TT > in the local broadcast area.</P ><P -><I -CLASS="EMPHASIS" ->Note :</I +><EM +>Note :</EM >By default, Samba will win a local master browsing election over all Microsoft operating systems except a Windows NT 4.0/2000 Domain Controller. This @@ -11955,8 +11920,8 @@ NAME="OS2DRIVERMAP" path to a file containing a mapping of Windows NT printer driver names to OS/2 printer driver names. The format is:</P ><P -><nt driver name> = <os2 driver - name>.<device name></P +><nt driver name> = <os2 driver + name>.<device name></P ><P >For example, a valid entry using the HP LaserJet 5 printer driver woudl appear as <B @@ -11981,7 +11946,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->os2 driver map = <empty string> +>os2 driver map = <empty string> </B ></P ></DD @@ -12007,7 +11972,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->panic action = <empty string></B +>panic action = <empty string></B ></P ><P >Example: <B @@ -12022,9 +11987,8 @@ NAME="PASSWDCHAT" >passwd chat (G)</DT ><DD ><P ->This string controls the <I -CLASS="EMPHASIS" ->"chat"</I +>This string controls the <EM +>"chat"</EM > conversation that takes places between <A HREF="smbd.8.html" @@ -12101,9 +12065,8 @@ CLASS="PARAMETER" ></TT ></A > parameter is set to true, then this - sequence is called <I -CLASS="EMPHASIS" ->AS ROOT</I + sequence is called <EM +>AS ROOT</EM > when the SMB password in the smbpasswd file is being changed, without access to the old password cleartext. In this case the old password cleartext is set @@ -12157,9 +12120,8 @@ NAME="PASSWDCHATDEBUG" ><DD ><P >This boolean specifies if the passwd chat script - parameter is run in <I -CLASS="EMPHASIS" ->debug</I + parameter is run in <EM +>debug</EM > mode. In this mode the strings passed to and received from the passwd chat are printed in the <A @@ -12238,18 +12200,16 @@ CLASS="PARAMETER" will be replaced with the user name. The user name is checked for existence before calling the password changing program.</P ><P ->Also note that many passwd programs insist in <I -CLASS="EMPHASIS" +>Also note that many passwd programs insist in <EM >reasonable - </I + </EM > passwords, such as a minimum length, or the inclusion of mixed case chars and digits. This can pose a problem as some clients (such as Windows for Workgroups) uppercase the password before sending it.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that if the <TT CLASS="PARAMETER" ><I @@ -12260,9 +12220,8 @@ CLASS="PARAMETER" CLASS="CONSTANT" >True </TT -> then this program is called <I -CLASS="EMPHASIS" ->AS ROOT</I +> then this program is called <EM +>AS ROOT</EM > before the SMB password in the <A HREF="smbpasswd.5.html" @@ -12282,13 +12241,11 @@ CLASS="PARAMETER" >unix password sync</I ></TT > parameter - is set this parameter <I -CLASS="EMPHASIS" ->MUST USE ABSOLUTE PATHS</I + is set this parameter <EM +>MUST USE ABSOLUTE PATHS</EM > - for <I -CLASS="EMPHASIS" ->ALL</I + for <EM +>ALL</EM > programs called, and must be examined for security implications. Note that by default <TT CLASS="PARAMETER" @@ -12427,15 +12384,13 @@ CLASS="PARAMETER" the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in user level security mode.</P ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > Using a password server means your UNIX box (running Samba) is only as secure as your - password server. <I -CLASS="EMPHASIS" + password server. <EM >DO NOT CHOOSE A PASSWORD SERVER THAT - YOU DON'T COMPLETELY TRUST</I + YOU DON'T COMPLETELY TRUST</EM >.</P ><P >Never point a Samba server at itself for password @@ -12492,7 +12447,7 @@ CLASS="PARAMETER" Primary or Backup Domain controllers to authenticate against by doing a query for the name <TT CLASS="CONSTANT" ->WORKGROUP<1C></TT +>WORKGROUP<1C></TT > and then contacting each server returned in the list of IP addresses from the name resolution source. </P @@ -12564,7 +12519,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->password server = <empty string></B +>password server = <empty string></B > </P ><P @@ -12624,9 +12579,8 @@ CLASS="PARAMETER" ></A > if one was specified.</P ><P ->Default: <I -CLASS="EMPHASIS" ->none</I +>Default: <EM +>none</EM ></P ><P >Example: <B @@ -12692,16 +12646,15 @@ CLASS="PARAMETER" </A >.</P ><P ->Default: <I -CLASS="EMPHASIS" ->none (no command executed)</I +>Default: <EM +>none (no command executed)</EM > </P ><P >Example: <B CLASS="COMMAND" >postexec = echo \"%u disconnected from %S - from %m (%I)\" >> /tmp/log</B + from %m (%I)\" >> /tmp/log</B ></P ></DD ><DT @@ -12769,15 +12722,14 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" ->none (no command executed)</I +>Default: <EM +>none (no command executed)</EM ></P ><P >Example: <B CLASS="COMMAND" >preexec = echo \"%u connected to %S from %m - (%I)\" >> /tmp/log</B + (%I)\" >> /tmp/log</B ></P ></DD ><DT @@ -12903,9 +12855,8 @@ CLASS="PARAMETER" ></A > option is easier.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no preloaded services</I +>Default: <EM +>no preloaded services</EM ></P ><P >Example: <B @@ -12986,9 +12937,8 @@ CLASS="PARAMETER" spool file name is generated automatically by the server, the printer name is discussed below.</P ><P ->The print command <I -CLASS="EMPHASIS" ->MUST</I +>The print command <EM +>MUST</EM > contain at least one occurrence of <TT CLASS="PARAMETER" @@ -13046,7 +12996,7 @@ CLASS="PARAMETER" ><P ><B CLASS="COMMAND" ->print command = echo Printing %s >> +>print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s</B ></P ><P @@ -13210,6 +13160,12 @@ CLASS="COMMAND" ><P >A minimal printcap file would look something like this:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > print1|My Printer 1 @@ -13218,15 +13174,17 @@ CLASS="PROGRAMLISTING" print4|My Printer 4 print5|My Printer 5 </PRE +></TD +></TR +></TABLE ></P ><P >where the '|' separates aliases of a printer. The fact that the second alias has a space in it gives a hint to Samba that it's a comment.</P ><P -><I -CLASS="EMPHASIS" ->NOTE</I +><EM +>NOTE</EM >: Under AIX the default printcap name is <TT CLASS="FILENAME" @@ -13265,7 +13223,7 @@ NAME="PRINTERADMIN" ><P >Default: <B CLASS="COMMAND" ->printer admin = <empty string></B +>printer admin = <empty string></B > </P ><P @@ -13281,9 +13239,8 @@ NAME="PRINTERDRIVER" >printer driver (S)</DT ><DD ><P -><I -CLASS="EMPHASIS" ->Note :</I +><EM +>Note :</EM >This is a depreciated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -13342,9 +13299,8 @@ NAME="PRINTERDRIVERFILE" >printer driver file (G)</DT ><DD ><P -><I -CLASS="EMPHASIS" ->Note :</I +><EM +>Note :</EM >This is a depreciated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -13399,9 +13355,8 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" ->None (set in compile).</I +>Default: <EM +>None (set in compile).</EM ></P ><P >Example: <B @@ -13417,9 +13372,8 @@ NAME="PRINTERDRIVERLOCATION" >printer driver location (S)</DT ><DD ><P -><I -CLASS="EMPHASIS" ->Note :</I +><EM +>Note :</EM >This is a depreciated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -13490,13 +13444,12 @@ NAME="PRINTERNAME" name given will be used for any printable service that does not have its own printer name specified.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >none (but may be <TT CLASS="CONSTANT" >lp</TT > - on many systems)</I + on many systems)</EM ></P ><P >Example: <B @@ -13675,15 +13628,14 @@ CLASS="PARAMETER" path in the command as the PATH may not be available to the server.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >depends on the setting of <TT CLASS="PARAMETER" ><I >printing </I ></TT -></I +></EM ></P ><P >Example: <B @@ -13732,8 +13684,7 @@ CLASS="PARAMETER" path in the command as the PATH may not be available to the server.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >depends on the setting of <A HREF="#PRINTING" ><TT @@ -13742,7 +13693,7 @@ CLASS="PARAMETER" >printing</I ></TT ></A -></I +></EM > </P ><P @@ -13826,7 +13777,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->read list = <empty string></B +>read list = <empty string></B ></P ><P >Example: <B @@ -13983,7 +13934,7 @@ CLASS="FILENAME" ><P >Default: <B CLASS="COMMAND" ->remote announce = <empty string> +>remote announce = <empty string> </B ></P ></DD @@ -14033,7 +13984,7 @@ CLASS="COMMAND" ><P >Default: <B CLASS="COMMAND" ->remote browse sync = <empty string> +>remote browse sync = <empty string> </B ></P ></DD @@ -14147,9 +14098,8 @@ CLASS="PARAMETER" >root directory</I ></TT > - option, <I -CLASS="EMPHASIS" ->including</I + option, <EM +>including</EM > some files needed for complete operation of the server. To maintain full operability of the server you will need to mirror some system files @@ -14206,7 +14156,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->root postexec = <empty string> +>root postexec = <empty string> </B ></P ></DD @@ -14247,7 +14197,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->root preexec = <empty string> +>root preexec = <empty string> </B ></P ></DD @@ -14382,9 +14332,8 @@ CLASS="PARAMETER" >It is possible to use <B CLASS="COMMAND" >smbd</B -> in a <I -CLASS="EMPHASIS" -> hybrid mode</I +> in a <EM +> hybrid mode</EM > where it is offers both user and share level security under different <A HREF="#NETBIOSALIASES" @@ -14401,10 +14350,9 @@ CLASS="PARAMETER" ><A NAME="SECURITYEQUALSSHARE" ></A -><I -CLASS="EMPHASIS" +><EM >SECURITY = SHARE - </I + </EM ></P ><P >When clients connect to a share level security server then @@ -14422,9 +14370,8 @@ CLASS="COMMAND" >Note that <B CLASS="COMMAND" >smbd</B -> <I -CLASS="EMPHASIS" ->ALWAYS</I +> <EM +>ALWAYS</EM > uses a valid UNIX user to act on behalf of the client, even in <B @@ -14484,10 +14431,9 @@ CLASS="PARAMETER" ></LI ><LI ><P ->If the client did a previous <I -CLASS="EMPHASIS" +>If the client did a previous <EM >logon - </I + </EM > request (the SessionSetup SMB call) then the username sent in this SMB will be added as a potential username. </P @@ -14542,9 +14488,8 @@ CLASS="PARAMETER" >, then this guest user will be used, otherwise access is denied.</P ><P ->Note that it can be <I -CLASS="EMPHASIS" ->very</I +>Note that it can be <EM +>very</EM > confusing in share-level security as to which UNIX username will eventually be used in granting access.</P @@ -14557,10 +14502,9 @@ HREF="#AEN234" ><A NAME="SECURITYEQUALSUSER" ></A -><I -CLASS="EMPHASIS" +><EM >SECURIYT = USER - </I + </EM ></P ><P >This is the default security setting in Samba 2.2. @@ -14603,13 +14547,11 @@ CLASS="PARAMETER" may change the UNIX user to use on this connection, but only after the user has been successfully authenticated.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that the name of the resource being - requested is <I -CLASS="EMPHASIS" ->not</I + requested is <EM +>not</EM > sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing @@ -14641,10 +14583,9 @@ HREF="#AEN234" ><A NAME="SECURITYEQUALSSERVER" ></A -><I -CLASS="EMPHASIS" +><EM >SECURITY = SERVER - </I + </EM ></P ><P >In this mode Samba will try to validate the username/password @@ -14669,9 +14610,8 @@ CLASS="FILENAME" > for details on how to set this up.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that from the clients point of view <B CLASS="COMMAND" @@ -14683,13 +14623,11 @@ CLASS="COMMAND" with the authentication, it does not in any way affect what the client sees.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that the name of the resource being - requested is <I -CLASS="EMPHASIS" ->not</I + requested is <EM +>not</EM > sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing @@ -14741,10 +14679,9 @@ CLASS="PARAMETER" ><A NAME="SECURITYEQUALSDOMAIN" ></A -><I -CLASS="EMPHASIS" +><EM >SECURITY = DOMAIN - </I + </EM ></P ><P >This mode will only work correctly if <A @@ -14769,16 +14706,14 @@ CLASS="CONSTANT" it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that from the clients point of view <B CLASS="COMMAND" @@ -14790,13 +14725,11 @@ CLASS="COMMAND" >. It only affects how the server deals with the authentication, it does not in any way affect what the client sees.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that the name of the resource being - requested is <I -CLASS="EMPHASIS" ->not</I + requested is <EM +>not</EM > sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing @@ -14820,9 +14753,8 @@ CLASS="PARAMETER" </A > parameter for details on doing this.</P ><P -><I -CLASS="EMPHASIS" ->BUG:</I +><EM +>BUG:</EM > There is currently a bug in the implementation of <B CLASS="COMMAND" @@ -14901,9 +14833,8 @@ CLASS="PARAMETER" user/group/world permissions on a file, set this parameter to 0777.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone @@ -14940,7 +14871,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->security mask = <same as create mask> +>security mask = <same as create mask> </B ></P ><P @@ -15068,9 +14999,8 @@ CLASS="CONSTANT" >This option gives full share compatibility and enabled by default.</P ><P ->You should <I -CLASS="EMPHASIS" ->NEVER</I +>You should <EM +>NEVER</EM > turn this parameter off as many Windows applications will break if you do so.</P ><P @@ -15153,9 +15083,8 @@ CLASS="PARAMETER" ></TT > parameter will always cause the OpenPrinterEx() on the server - to fail. Thus the APW icon will never be displayed. <I -CLASS="EMPHASIS" -> Note :</I + to fail. Thus the APW icon will never be displayed. <EM +> Note :</EM >This does not prevent the same user from having administrative privilege on an individual printer.</P ><P @@ -15320,9 +15249,8 @@ TARGET="_top" ></LI ></UL ><P ->Those marked with a <I -CLASS="EMPHASIS" ->'*'</I +>Those marked with a <EM +>'*'</EM > take an integer argument. The others can optionally take a 1 or 0 argument to enable or disable the option, by default they will be enabled if you @@ -15394,9 +15322,8 @@ CLASS="COMMAND" >SAMBA_NETBIOS_NAME=myhostname</B ></P ><P ->Default: <I -CLASS="EMPHASIS" ->No default value</I +>Default: <EM +>No default value</EM ></P ><P >Examples: <B @@ -15426,13 +15353,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15484,13 +15409,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15523,13 +15446,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15563,13 +15484,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15592,13 +15511,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15633,13 +15550,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15674,13 +15589,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15726,13 +15639,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15780,12 +15691,12 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->ssl hosts = <empty string></B +>ssl hosts = <empty string></B ></P ><P ><B CLASS="COMMAND" ->ssl hosts resign = <empty string></B +>ssl hosts resign = <empty string></B ></P ><P >Example: <B @@ -15808,13 +15719,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15848,9 +15757,8 @@ CLASS="PARAMETER" CLASS="CONSTANT" >no</TT >, clients don't need certificates. - Contrary to web applications you really <I -CLASS="EMPHASIS" ->should</I + Contrary to web applications you really <EM +>should</EM > require client certificates. In the web environment the client's data is sensitive (credit card numbers) and the server must prove @@ -15877,13 +15785,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -15932,27 +15838,24 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P >This is the file containing the server's certificate. - The server <I -CLASS="EMPHASIS" ->must</I + The server <EM +>must</EM > have a certificate. The file may also contain the server's private key. See later for how certificates and private keys are created.</P ><P >Default: <B CLASS="COMMAND" ->ssl server cert = <empty string> +>ssl server cert = <empty string> </B ></P ></DD @@ -15971,32 +15874,28 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P >This file contains the private key of the server. If this variable is not defined, the key is looked up in the certificate file (it may be appended to the certificate). - The server <I -CLASS="EMPHASIS" ->must</I + The server <EM +>must</EM > have a private key - and the certificate <I -CLASS="EMPHASIS" ->must</I + and the certificate <EM +>must</EM > match this private key.</P ><P >Default: <B CLASS="COMMAND" ->ssl server key = <empty string> +>ssl server key = <empty string> </B ></P ></DD @@ -16015,13 +15914,11 @@ CLASS="COMMAND" > was given at configure time.</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that for export control reasons - this code is <I -CLASS="EMPHASIS" ->NOT</I + this code is <EM +>NOT</EM > enabled by default in any current binary version of Samba.</P ><P @@ -16309,9 +16206,8 @@ NAME="TEMPLATEHOMEDIR" >template homedir (G)</DT ><DD ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > this parameter is only available in Samba 3.0.</P ><P @@ -16349,9 +16245,8 @@ NAME="TEMPLATESHELL" >template shell (G)</DT ><DD ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > this parameter is only available in Samba 3.0.</P ><P @@ -16479,9 +16374,8 @@ CLASS="PARAMETER" >passwd program</I ></TT ->parameter is called <I -CLASS="EMPHASIS" ->AS ROOT</I +>parameter is called <EM +>AS ROOT</EM > - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password has change code has no @@ -16581,9 +16475,8 @@ CLASS="FILENAME" will be read to find the names of hosts and users who will be allowed access without specifying a password.</P ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > The use of <TT CLASS="PARAMETER" ><I @@ -16728,7 +16621,7 @@ HREF="#AEN234" >Default: <B CLASS="COMMAND" >The guest account if a guest service, - else <empty string>.</B + else <empty string>.</B ></P ><P >Examples:<B @@ -16865,11 +16758,20 @@ CLASS="COMMAND" '!' to tell Samba to stop processing if it gets a match on that line.</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > !sys = mary fred guest = * </PRE +></TD +></TR +></TABLE ></P ><P >Note that the remapping is applied to all occurrences @@ -16906,9 +16808,8 @@ CLASS="PARAMETER" trouble deleting print jobs as PrintManager under WfWg will think they don't own the print job.</P ><P ->Default: <I -CLASS="EMPHASIS" ->no username map</I +>Default: <EM +>no username map</EM ></P ><P >Example: <B @@ -16977,9 +16878,8 @@ CLASS="FILENAME" >/var/run/utmp</TT > on Linux).</P ><P ->Default: <I -CLASS="EMPHASIS" ->no utmp directory</I +>Default: <EM +>no utmp directory</EM ></P ></DD ><DT @@ -17008,20 +16908,28 @@ NAME="VALIDCHARS" (which is a pointless thing to do as it's already there) you could do one of the following</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > valid chars = Z valid chars = z:Z valid chars = 0132:0172 </PRE +></TD +></TR +></TABLE ></P ><P >The last two examples above actually add two characters, and alter the uppercase and lowercase mappings appropriately.</P ><P ->Note that you <I -CLASS="EMPHASIS" ->MUST</I +>Note that you <EM +>MUST</EM > specify this parameter after the <TT CLASS="PARAMETER" @@ -17059,10 +16967,9 @@ CLASS="PARAMETER" ></A > parameter.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >Samba defaults to using a reasonable set - of valid characters for English systems</I + of valid characters for English systems</EM ></P ><P >Example: <B @@ -17074,9 +16981,8 @@ CLASS="COMMAND" >The above example allows filenames to have the Swedish characters in them.</P ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > It is actually quite difficult to correctly produce a <TT CLASS="PARAMETER" @@ -17151,10 +17057,9 @@ CLASS="PARAMETER" ></A ></P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >No valid users list (anyone can login) - </I + </EM ></P ><P >Example: <B @@ -17176,9 +17081,8 @@ NAME="VETOFILES" or directories as in DOS wildcards.</P ><P >Each entry must be a unix path, not a DOS path and - must <I -CLASS="EMPHASIS" ->not</I + must <EM +>not</EM > include the unix directory separator '/'.</P ><P @@ -17194,9 +17098,8 @@ CLASS="PARAMETER" to be aware of, is that if a directory contains nothing but files that match the veto files parameter (which means that Windows/DOS clients cannot ever see them) is deleted, the veto files within - that directory <I -CLASS="EMPHASIS" ->are automatically deleted</I + that directory <EM +>are automatically deleted</EM > along with it, if the user has UNIX permissions to do so.</P ><P @@ -17223,13 +17126,18 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >No files or directories are vetoed. - </I + </EM ></P ><P ->Examples:<PRE +>Examples:<TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD +><PRE CLASS="PROGRAMLISTING" > ; Veto any files containing the word Security, ; any ending in .tmp, and any directory containing the @@ -17240,6 +17148,9 @@ CLASS="PROGRAMLISTING" ; creates. veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ </PRE +></TD +></TR +></TABLE ></P ></DD ><DT @@ -17272,10 +17183,9 @@ CLASS="PARAMETER" > parameter.</P ><P ->Default: <I -CLASS="EMPHASIS" +>Default: <EM >No files are vetoed for oplock - grants</I + grants</EM ></P ><P >You might want to do this on files that you know will @@ -17308,9 +17218,8 @@ NAME="VFSOBJECT" with a VFS object. The Samba VFS layer is new to Samba 2.2 and must be enabled at compile time with --with-vfs.</P ><P ->Default : <I -CLASS="EMPHASIS" ->no value</I +>Default : <EM +>no value</EM ></P ></DD ><DT @@ -17333,9 +17242,8 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default : <I -CLASS="EMPHASIS" ->no value</I +>Default : <EM +>no value</EM ></P ></DD ><DT @@ -17349,9 +17257,8 @@ NAME="VOLUME" returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label.</P ><P ->Default: <I -CLASS="EMPHASIS" ->the name of the share</I +>Default: <EM +>the name of the share</EM ></P ></DD ><DT @@ -17383,9 +17290,8 @@ NAME="WINBINDCACHETIME" >winbind cache time</DT ><DD ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > this parameter is only available in Samba 3.0.</P ><P @@ -17410,9 +17316,8 @@ NAME="WINBINDGID" >winbind gid</DT ><DD ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > this parameter is only available in Samba 3.0.</P ><P @@ -17427,7 +17332,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->winbind gid = <empty string> +>winbind gid = <empty string> </B ></P ><P @@ -17443,9 +17348,8 @@ NAME="WINBINDSEPARATOR" >winbind separator</DT ><DD ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > this parameter is only available in Samba 3.0.</P ><P @@ -17489,9 +17393,8 @@ NAME="WINBINDUID" >winbind uid</DT ><DD ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > this parameter is only available in Samba 3.0.</P ><P @@ -17506,7 +17409,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->winbind uid = <empty string> +>winbind uid = <empty string> </B ></P ><P @@ -17621,9 +17524,8 @@ TARGET="_top" >You should point this at your WINS server if you have a multi-subnetted network.</P ><P -><I -CLASS="EMPHASIS" ->NOTE</I +><EM +>NOTE</EM >. You need to set up Samba to point to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly.</P @@ -17634,9 +17536,8 @@ CLASS="FILENAME" > in the docs/ directory of your Samba source distribution.</P ><P ->Default: <I -CLASS="EMPHASIS" ->not enabled</I +>Default: <EM +>not enabled</EM ></P ><P >Example: <B @@ -17662,9 +17563,8 @@ TARGET="_top" CLASS="COMMAND" >nmbd</B > to be your WINS server. - Note that you should <I -CLASS="EMPHASIS" ->NEVER</I + Note that you should <EM +>NEVER</EM > set this to true on more than one machine in your network.</P ><P @@ -17691,9 +17591,8 @@ CLASS="COMMAND" > setting.</P ><P ->Default: <I -CLASS="EMPHASIS" ->set at compile time to WORKGROUP</I +>Default: <EM +>set at compile time to WORKGROUP</EM ></P ><P >Example: <B @@ -17727,9 +17626,8 @@ NAME="WRITECACHESIZE" ><P >If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file - (it does <I -CLASS="EMPHASIS" ->not</I + (it does <EM +>not</EM > do this for non-oplocked files). All writes that the client does not request to be flushed directly to disk will be stored in this cache if possible. @@ -17796,7 +17694,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->write list = <empty string> +>write list = <empty string> </B ></P ><P @@ -17867,9 +17765,8 @@ CLASS="CONSTANT" CLASS="COMMAND" >printable = yes</B >) - will <I -CLASS="EMPHASIS" ->ALWAYS</I + will <EM +>ALWAYS</EM > allow writing to the directory (user privileges permitting), but only via spooling operations.</P ><P diff --git a/docs/htmldocs/smbcacls.1.html b/docs/htmldocs/smbcacls.1.html index d4e88ecae8..b8323dd8f5 100644 --- a/docs/htmldocs/smbcacls.1.html +++ b/docs/htmldocs/smbcacls.1.html @@ -183,14 +183,23 @@ NAME="AEN73" >The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following: </P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > -REVISION:<revision number> -OWNER:<sid or name> -GROUP:<sid or name> -ACL:<sid or name>:<type>/<flags>/<mask> +REVISION:<revision number> +OWNER:<sid or name> +GROUP:<sid or name> +ACL:<sid or name>:<type>/<flags>/<mask> </PRE +></TD +></TR +></TABLE ></P ><P >The revision of the ACL specifies the internal Windows @@ -247,44 +256,38 @@ ACL:<sid or name>:<type>/<flags>/<mask> ><UL ><LI ><P -><I -CLASS="EMPHASIS" ->R</I +><EM +>R</EM > - Allow read access </P ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->W</I +><EM +>W</EM > - Allow write access</P ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->X</I +><EM +>X</EM > - Execute permission on the object</P ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->D</I +><EM +>D</EM > - Delete the object</P ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->P</I +><EM +>P</EM > - Change permissions</P ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->O</I +><EM +>O</EM > - Take ownership</P ></LI ></UL @@ -295,25 +298,22 @@ CLASS="EMPHASIS" ><UL ><LI ><P -><I -CLASS="EMPHASIS" ->READ</I +><EM +>READ</EM > - Equivalent to 'RX' permissions</P ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->CHANGE</I +><EM +>CHANGE</EM > - Equivalent to 'RXWD' permissions </P ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->FULL</I +><EM +>FULL</EM > - Equivalent to 'RWXDPO' permissions</P ></LI diff --git a/docs/htmldocs/smbclient.1.html b/docs/htmldocs/smbclient.1.html index f9cc6085d8..8232906680 100644 --- a/docs/htmldocs/smbclient.1.html +++ b/docs/htmldocs/smbclient.1.html @@ -37,7 +37,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbclient</B -> {servicename} [password] [-b <buffer size>] [-d debuglevel] [-D Directory] [-S server] [-U username] [-W workgroup] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L <netbios name>] [-I destinationIP] [-E <terminal code>] [-c <command string>] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-T<c|x>IXFqgbNan]</P +> {servicename} [password] [-b <buffer size>] [-d debuglevel] [-D Directory] [-S server] [-U username] [-W workgroup] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L <netbios name>] [-I destinationIP] [-E <terminal code>] [-c <command string>] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-T<c|x>IXFqgbNan]</P ></DIV ><DIV CLASS="REFSECT1" @@ -189,7 +189,7 @@ CLASS="FILENAME" options. </P ></DD ><DT ->-R <name resolve order></DT +>-R <name resolve order></DT ><DD ><P >This option is used by the programs in the Samba @@ -339,9 +339,8 @@ CLASS="FILENAME" > for a description of how to handle incoming WinPopup messages in Samba. </P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM >: Copy WinPopup into the startup group on your WfWg PCs if you want them to always be able to receive messages. </P @@ -353,9 +352,8 @@ CLASS="EMPHASIS" >This specifies a NetBIOS scope that smbclient will use to communicate with when generating NetBIOS names. For details on the use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. - NetBIOS scopes are <I -CLASS="EMPHASIS" ->very</I + NetBIOS scopes are <EM +>very</EM > rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with. </P @@ -402,14 +400,12 @@ CLASS="EMPHASIS" data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely - cryptic. If debuglevel is set to the letter 'A', then <I -CLASS="EMPHASIS" + cryptic. If debuglevel is set to the letter 'A', then <EM >all - </I + </EM > debug messages will be printed. This setting - is for developers only (and people who <I -CLASS="EMPHASIS" ->really</I + is for developers only (and people who <EM +>really</EM > want to know how the code works internally). </P ><P @@ -561,11 +557,20 @@ CLASS="COMMAND" password used in the connection. The format of the file is </P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" ->username = <value> -password = <value> +>username = <value> +password = <value> </PRE +></TD +></TR +></TABLE ></P ><P >Make certain that the permissions on the file restrict @@ -597,12 +602,10 @@ CLASS="PARAMETER" >This option tells smbclient how to interpret filenames coming from the remote server. Usually Asian language multibyte UNIX implementations use different character sets than - SMB/CIFS servers (<I -CLASS="EMPHASIS" ->EUC</I -> instead of <I -CLASS="EMPHASIS" -> SJIS</I + SMB/CIFS servers (<EM +>EUC</EM +> instead of <EM +> SJIS</EM > for example). Setting this parameter will let <B CLASS="COMMAND" @@ -816,9 +819,8 @@ CLASS="PARAMETER" ></LI ></UL ><P -><I -CLASS="EMPHASIS" ->Tar Long File Names</I +><EM +>Tar Long File Names</EM ></P ><P ><B @@ -831,18 +833,16 @@ CLASS="COMMAND" files in the archive with relative names, not absolute names. </P ><P -><I -CLASS="EMPHASIS" ->Tar Filenames</I +><EM +>Tar Filenames</EM ></P ><P >All file names can be given as DOS path names (with '\' as the component separator) or as UNIX path names (with '/' as the component separator). </P ><P -><I -CLASS="EMPHASIS" ->Examples</I +><EM +>Examples</EM ></P ><P >Restore from tar file backup.tar into myshare on mypc @@ -941,7 +941,7 @@ NAME="AEN297" ><P ><TT CLASS="PROMPT" ->smb:\> </TT +>smb:\> </TT ></P ><P >The backslash ("\") indicates the current working directory @@ -961,7 +961,7 @@ CLASS="PROMPT" ><P >Parameters shown in square brackets (e.g., "[parameter]") are optional. If not given, the command will use suitable defaults. Parameters - shown in angle brackets (e.g., "<parameter>") are required. + shown in angle brackets (e.g., "<parameter>") are required. </P ><P >Note that all commands operating on the server are actually @@ -1006,7 +1006,7 @@ CLASS="VARIABLELIST" directory on the server will be reported. </P ></DD ><DT ->del <mask></DT +>del <mask></DT ><DD ><P >The client will request that the server attempt @@ -1014,7 +1014,7 @@ CLASS="VARIABLELIST" directory on the server. </P ></DD ><DT ->dir <mask></DT +>dir <mask></DT ><DD ><P >A list of the files matching "mask" in the current @@ -1029,7 +1029,7 @@ CLASS="VARIABLELIST" from the program. </P ></DD ><DT ->get <remote file name> [local file name]</DT +>get <remote file name> [local file name]</DT ><DD ><P >Copy the file called "remote file name" from @@ -1073,13 +1073,13 @@ CLASS="COMMAND" lowercase filenames are the norm on UNIX systems. </P ></DD ><DT ->ls <mask></DT +>ls <mask></DT ><DD ><P >See the dir command above. </P ></DD ><DT ->mask <mask></DT +>mask <mask></DT ><DD ><P >This command allows the user to set up a mask @@ -1105,13 +1105,13 @@ CLASS="COMMAND" mask back to "*" after using the mget or mput commands. </P ></DD ><DT ->md <directory name></DT +>md <directory name></DT ><DD ><P >See the mkdir command. </P ></DD ><DT ->mget <mask></DT +>mget <mask></DT ><DD ><P >Copy all files matching mask from the server to @@ -1123,14 +1123,14 @@ CLASS="COMMAND" smbclient are binary. See also the lowercase command. </P ></DD ><DT ->mkdir <directory name></DT +>mkdir <directory name></DT ><DD ><P >Create a new directory on the server (user access privileges permitting) with the specified name. </P ></DD ><DT ->mput <mask></DT +>mput <mask></DT ><DD ><P >Copy all files matching mask in the current working @@ -1143,7 +1143,7 @@ CLASS="COMMAND" are binary. </P ></DD ><DT ->print <file name></DT +>print <file name></DT ><DD ><P >Print the specified file from the local machine @@ -1152,7 +1152,7 @@ CLASS="COMMAND" >See also the printmode command.</P ></DD ><DT ->printmode <graphics or text></DT +>printmode <graphics or text></DT ><DD ><P >Set the print mode to suit either binary data @@ -1172,7 +1172,7 @@ CLASS="COMMAND" </P ></DD ><DT ->put <local file name> [remote file name]</DT +>put <local file name> [remote file name]</DT ><DD ><P >Copy the file called "local file name" from the @@ -1195,7 +1195,7 @@ CLASS="COMMAND" >See the exit command. </P ></DD ><DT ->rd <directory name></DT +>rd <directory name></DT ><DD ><P >See the rmdir command. </P @@ -1220,21 +1220,21 @@ CLASS="COMMAND" using the mask command will be ignored. </P ></DD ><DT ->rm <mask></DT +>rm <mask></DT ><DD ><P >Remove all files matching mask from the current working directory on the server. </P ></DD ><DT ->rmdir <directory name></DT +>rmdir <directory name></DT ><DD ><P >Remove the specified directory (user access privileges permitting) from the server. </P ></DD ><DT ->tar <c|x>[IXbgNa]</DT +>tar <c|x>[IXbgNa]</DT ><DD ><P >Performs a tar operation - see the <TT @@ -1250,7 +1250,7 @@ CLASS="PARAMETER" </P ></DD ><DT ->blocksize <blocksize></DT +>blocksize <blocksize></DT ><DD ><P >Blocksize. Must be followed by a valid (greater @@ -1258,7 +1258,7 @@ CLASS="PARAMETER" blocksize*TBLOCK (usually 512 byte) blocks. </P ></DD ><DT ->tarmode <full|inc|reset|noreset></DT +>tarmode <full|inc|reset|noreset></DT ><DD ><P >Changes tar's behavior with regard to archive @@ -1269,7 +1269,7 @@ CLASS="PARAMETER" read/write share). </P ></DD ><DT ->setmode <filename> <perm=[+|\-]rsha></DT +>setmode <filename> <perm=[+|\-]rsha></DT ><DD ><P >A version of the DOS attrib command to set @@ -1355,9 +1355,8 @@ CLASS="FILENAME" > /usr/samba/bin/</TT > directory, this directory readable by all, writeable only by root. The client program itself should - be executable by all. The client should <I -CLASS="EMPHASIS" ->NOT</I + be executable by all. The client should <EM +>NOT</EM > be setuid or setgid! </P ><P diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html index 33af0242e5..35520b05af 100644 --- a/docs/htmldocs/smbd.8.html +++ b/docs/htmldocs/smbd.8.html @@ -36,7 +36,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbd</B -> [-D] [-a] [-o] [-P] [-h] [-V] [-d <debug level>] [-l <log file>] [-p <port number>] [-O <socket option>] [-s <configuration file>]</P +> [-D] [-a] [-o] [-P] [-h] [-V] [-d <debug level>] [-l <log file>] [-p <port number>] [-O <socket option>] [-s <configuration file>]</P ></DIV ><DIV CLASS="REFSECT1" @@ -178,7 +178,7 @@ CLASS="COMMAND" >.</P ></DD ><DT ->-d <debug level></DT +>-d <debug level></DT ><DD ><P >debuglevel is an integer @@ -214,12 +214,11 @@ CLASS="FILENAME" > file.</P ></DD ><DT ->-l <log file></DT +>-l <log file></DT ><DD ><P ->If specified, <I -CLASS="EMPHASIS" ->log file</I +>If specified, <EM +>log file</EM > specifies a log filename into which informational and debug messages from the running server will be logged. The log @@ -240,7 +239,7 @@ CLASS="FILENAME" file name is specified at compile time.</P ></DD ><DT ->-O <socket options></DT +>-O <socket options></DT ><DD ><P >See the <A @@ -259,7 +258,7 @@ CLASS="FILENAME" > file for details.</P ></DD ><DT ->-p <port number></DT +>-p <port number></DT ><DD ><P >port number is a positive integer @@ -285,7 +284,7 @@ CLASS="FILENAME" in the above situation.</P ></DD ><DT ->-s <configuration file></DT +>-s <configuration file></DT ><DD ><P >The file specified contains the @@ -574,14 +573,12 @@ NAME="AEN179" >RUNNING THE SERVER AS A DAEMON</H2 ><P >To run the server as a daemon from the command - line, simply put the <I -CLASS="EMPHASIS" ->-D</I + line, simply put the <EM +>-D</EM > option on the command line. There is no need to place an ampersand at - the end of the command line - the <I -CLASS="EMPHASIS" ->-D</I + the end of the command line - the <EM +>-D</EM > option causes the server to detach itself from the tty anyway.</P @@ -617,9 +614,8 @@ CLASS="COMMAND" as a single space or TAB character.)</P ><P >If the options used at compile time are appropriate for - your system, all parameters except <I -CLASS="EMPHASIS" ->-D</I + your system, all parameters except <EM +>-D</EM > may be omitted. See the section OPTIONS above.</P ></DIV @@ -727,6 +723,12 @@ CLASS="FILENAME" >Lastly, edit the configuration file to provide suitable services. To start with, the following two services should be all you need:</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT @@ -742,6 +744,9 @@ CLASS="COMPUTEROUTPUT" </TT > </PRE +></TD +></TR +></TABLE ><P >This will allow you to connect to your home directory and print to any printer supported by the host (user privileges @@ -848,9 +853,8 @@ CLASS="FILENAME" that <B CLASS="COMMAND" >SIGKILL (-9)</B -> <I -CLASS="EMPHASIS" ->NOT</I +> <EM +>NOT</EM > be used, except as a last resort, as this may leave the shared memory area in an inconsistent state. The safe way to terminate @@ -860,11 +864,11 @@ CLASS="EMPHASIS" >The debug log level of smbd may be raised by sending it a SIGUSR1 (<B CLASS="COMMAND" ->kill -USR1 <smbd-pid></B +>kill -USR1 <smbd-pid></B >) and lowered by sending it a SIGUSR2 (<B CLASS="COMMAND" ->kill -USR2 <smbd-pid> +>kill -USR2 <smbd-pid> </B >). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level.</P diff --git a/docs/htmldocs/smbmnt.8.html b/docs/htmldocs/smbmnt.8.html index 88a28b8a69..e083cfd3ba 100644 --- a/docs/htmldocs/smbmnt.8.html +++ b/docs/htmldocs/smbmnt.8.html @@ -36,7 +36,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbmnt</B -> {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>]</P +> {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>]</P ></DIV ><DIV CLASS="REFSECT1" diff --git a/docs/htmldocs/smbmount.8.html b/docs/htmldocs/smbmount.8.html index ba07f08ed4..c8c9727be9 100644 --- a/docs/htmldocs/smbmount.8.html +++ b/docs/htmldocs/smbmount.8.html @@ -72,9 +72,8 @@ CLASS="COMMAND" typically this output will end up in log.smbmount. The smbmount process may also be called mount.smbfs.</P ><P -><I -CLASS="EMPHASIS" ->NOTE:</I +><EM +>NOTE:</EM > <B CLASS="COMMAND" >smbmount</B @@ -102,7 +101,7 @@ NAME="AEN27" CLASS="VARIABLELIST" ><DL ><DT ->username=<arg></DT +>username=<arg></DT ><DD ><P >specifies the username to connect as. If @@ -115,7 +114,7 @@ CLASS="ENVAR" to be specified as part of the username.</P ></DD ><DT ->password=<arg></DT +>password=<arg></DT ><DD ><P >specifies the SMB password. If this @@ -132,17 +131,26 @@ CLASS="COMMAND" given. </P ></DD ><DT ->credentials=<filename></DT +>credentials=<filename></DT ><DD ><P >specifies a file that contains a username and/or password. The format of the file is:</P ><P -> <PRE +> <TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD +><PRE CLASS="PROGRAMLISTING" -> username = <value> - password = <value> +> username = <value> + password = <value> </PRE +></TD +></TR +></TABLE > </P ><P @@ -152,14 +160,14 @@ CLASS="PROGRAMLISTING" </P ></DD ><DT ->netbiosname=<arg></DT +>netbiosname=<arg></DT ><DD ><P >sets the source NetBIOS name. It defaults to the local hostname. </P ></DD ><DT ->uid=<arg></DT +>uid=<arg></DT ><DD ><P >sets the uid that will own all files on @@ -168,7 +176,7 @@ CLASS="PROGRAMLISTING" </P ></DD ><DT ->gid=<arg></DT +>gid=<arg></DT ><DD ><P >sets the gid that will own all files on @@ -177,14 +185,14 @@ CLASS="PROGRAMLISTING" gid. </P ></DD ><DT ->port=<arg></DT +>port=<arg></DT ><DD ><P >sets the remote SMB port number. The default is 139. </P ></DD ><DT ->fmask=<arg></DT +>fmask=<arg></DT ><DD ><P >sets the file mask. This determines the @@ -192,7 +200,7 @@ CLASS="PROGRAMLISTING" The default is based on the current umask. </P ></DD ><DT ->dmask=<arg></DT +>dmask=<arg></DT ><DD ><P >sets the directory mask. This deterines the @@ -200,27 +208,27 @@ CLASS="PROGRAMLISTING" The default is based on the current umask. </P ></DD ><DT ->debug=<arg></DT +>debug=<arg></DT ><DD ><P >sets the debug level. This is useful for tracking down SMB connection problems. </P ></DD ><DT ->ip=<arg></DT +>ip=<arg></DT ><DD ><P >sets the destination host or IP address. </P ></DD ><DT ->workgroup=<arg></DT +>workgroup=<arg></DT ><DD ><P >sets the workgroup on the destination </P ></DD ><DT ->sockopt=<arg></DT +>sockopt=<arg></DT ><DD ><P >sets the TCP socket options. See the <A @@ -240,7 +248,7 @@ CLASS="PARAMETER" </P ></DD ><DT ->scope=<arg></DT +>scope=<arg></DT ><DD ><P >sets the NetBIOS scope </P @@ -264,7 +272,7 @@ CLASS="PARAMETER" >mount read-write </P ></DD ><DT ->iocharset=<arg></DT +>iocharset=<arg></DT ><DD ><P > sets the charset used by the linux side for codepage @@ -274,7 +282,7 @@ CLASS="PARAMETER" </P ></DD ><DT ->codepage=<arg></DT +>codepage=<arg></DT ><DD ><P > sets the codepage the server uses. See the iocharset @@ -283,7 +291,7 @@ CLASS="PARAMETER" </P ></DD ><DT ->ttl=<arg></DT +>ttl=<arg></DT ><DD ><P > how long a directory listing is cached in milliseconds diff --git a/docs/htmldocs/smbpasswd.5.html b/docs/htmldocs/smbpasswd.5.html index 4ec7b7c86a..7de54f6309 100644 --- a/docs/htmldocs/smbpasswd.5.html +++ b/docs/htmldocs/smbpasswd.5.html @@ -118,20 +118,17 @@ CLASS="CONSTANT" > and the user will not be able to log onto the Samba server. </P ><P -><I -CLASS="EMPHASIS" ->WARNING !!</I +><EM +>WARNING !!</EM > Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network. For this - reason these hashes are known as <I -CLASS="EMPHASIS" + reason these hashes are known as <EM >plain text - equivalents</I -> and must <I -CLASS="EMPHASIS" ->NOT</I + equivalents</EM +> and must <EM +>NOT</EM > be made available to anyone but the root user. To protect these passwords the smbpasswd file is placed in a directory with read and @@ -156,20 +153,17 @@ CLASS="EMPHASIS" password this entry will be identical (i.e. the password is not "salted" as the UNIX password is). </P ><P -><I -CLASS="EMPHASIS" ->WARNING !!</I +><EM +>WARNING !!</EM >. Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network. For this - reason these hashes are known as <I -CLASS="EMPHASIS" + reason these hashes are known as <EM >plain text - equivalents</I -> and must <I -CLASS="EMPHASIS" ->NOT</I + equivalents</EM +> and must <EM +>NOT</EM > be made available to anyone but the root user. To protect these passwords the smbpasswd file is placed in a directory with read and @@ -192,9 +186,8 @@ CLASS="EMPHASIS" ><UL ><LI ><P -><I -CLASS="EMPHASIS" ->U</I +><EM +>U</EM > - This means this is a "User" account, i.e. an ordinary user. Only User and Workstation Trust accounts are currently supported @@ -202,9 +195,8 @@ CLASS="EMPHASIS" ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->N</I +><EM +>N</EM > - This means the account has no password (the passwords in the fields Lanman Password Hash and NT Password Hash are ignored). Note that this @@ -225,18 +217,16 @@ CLASS="FILENAME" ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->D</I +><EM +>D</EM > - This means the account is disabled and no SMB/CIFS logins will be allowed for this user. </P ></LI ><LI ><P -><I -CLASS="EMPHASIS" ->W</I +><EM +>W</EM > - This means this account is a "Workstation Trust" account. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html index bb3eb7ca47..1c4df51941 100644 --- a/docs/htmldocs/smbpasswd.8.html +++ b/docs/htmldocs/smbpasswd.8.html @@ -36,7 +36,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbpasswd</B -> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-j DOMAIN] [-U username] [-h] [-s] [username]</P +> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-j DOMAIN] [-U username] [-h] [-s] [username]</P ></DIV ><DIV CLASS="REFSECT1" @@ -53,9 +53,8 @@ TARGET="_top" > suite.</P ><P >The smbpasswd program has several different - functions, depending on whether it is run by the <I -CLASS="EMPHASIS" ->root</I + functions, depending on whether it is run by the <EM +>root</EM > user or not. When run as a normal user it allows the user to change the password used for their SMB sessions on any machines that store @@ -71,9 +70,8 @@ CLASS="COMMAND" CLASS="COMMAND" >smbpasswd</B > differs from how the passwd program works - however in that it is not <I -CLASS="EMPHASIS" ->setuid root</I + however in that it is not <EM +>setuid root</EM > but works in a client-server mode and communicates with a locally running <B @@ -93,7 +91,7 @@ CLASS="FILENAME" was typed correctly. No passwords will be echoed on the screen whilst being typed. If you have a blank smb password (specified by the string "NO PASSWORD" in the smbpasswd file) then just press - the <Enter> key when asked for your old password. </P + the <Enter> key when asked for your old password. </P ><P >smbpasswd can also be used by a normal user to change their SMB password on remote machines, such as Windows NT Primary Domain @@ -127,7 +125,7 @@ CLASS="VARIABLELIST" ><P >This option specifies that the username following should be added to the local smbpasswd file, with the - new password typed (type <Enter> for the old password). This + new password typed (type <Enter> for the old password). This option is ignored if the username following already exists in the smbpasswd file and it is treated like a regular change password command. Note that the user to be added must already exist @@ -303,9 +301,8 @@ CLASS="PARAMETER" copy of the user account database and will not allow the password change).</P ><P -><I -CLASS="EMPHASIS" ->Note</I +><EM +>Note</EM > that Windows 95/98 do not have a real password database so it is not possible to change passwords specifying a Win95/98 machine as remote machine target. </P @@ -519,9 +516,8 @@ CLASS="COMMAND" ><DD ><P >This specifies the username for all of the - <I -CLASS="EMPHASIS" ->root only</I + <EM +>root only</EM > options to operate on. Only root can specify this parameter as only root has the permission needed to modify attributes directly in the local smbpasswd file. diff --git a/docs/htmldocs/smbsh.1.html b/docs/htmldocs/smbsh.1.html index 1264e241ba..3033a50ccd 100644 --- a/docs/htmldocs/smbsh.1.html +++ b/docs/htmldocs/smbsh.1.html @@ -83,6 +83,12 @@ CLASS="COMMAND" that authenticate you to the machine running the Windows NT operating system.</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > <TT @@ -113,6 +119,9 @@ CLASS="USERINPUT" ></TT > </PRE +></TD +></TR +></TABLE ></P ><P >Any dynamically linked command you execute from @@ -127,7 +136,7 @@ CLASS="COMMAND" > will show all the machines in your workgroup. The command <B CLASS="COMMAND" ->ls /smb/<machine-name></B +>ls /smb/<machine-name></B > will show the share names for that machine. You could then, for example, use the <B CLASS="COMMAND" diff --git a/docs/htmldocs/smbspool.8.html b/docs/htmldocs/smbspool.8.html index 321cc5d8d6..d29db41716 100644 --- a/docs/htmldocs/smbspool.8.html +++ b/docs/htmldocs/smbspool.8.html @@ -58,9 +58,8 @@ TARGET="_top" Printing System, but you can use smbspool with any printing system or from a program or script.</P ><P -><I -CLASS="EMPHASIS" ->DEVICE URI</I +><EM +>DEVICE URI</EM ></P ><P >smbspool specifies the destination using a Uniform Resource diff --git a/docs/htmldocs/smbstatus.1.html b/docs/htmldocs/smbstatus.1.html index b31437afea..cc366638df 100644 --- a/docs/htmldocs/smbstatus.1.html +++ b/docs/htmldocs/smbstatus.1.html @@ -36,7 +36,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbstatus</B -> [-P] [-b] [-d] [-L] [-p] [-S] [-s <configuration file>] [-u <username>]</P +> [-P] [-b] [-d] [-L] [-p] [-S] [-s <configuration file>] [-u <username>]</P ></DIV ><DIV CLASS="REFSECT1" @@ -117,7 +117,7 @@ CLASS="COMMAND" >causes smbstatus to only list shares.</P ></DD ><DT ->-s <configuration file></DT +>-s <configuration file></DT ><DD ><P >The default configuration file name is @@ -133,7 +133,7 @@ CLASS="FILENAME" > for more information.</P ></DD ><DT ->-u <username></DT +>-u <username></DT ><DD ><P >selects information relevant to diff --git a/docs/htmldocs/smbtar.1.html b/docs/htmldocs/smbtar.1.html index 5e13ef3577..47c41a015a 100644 --- a/docs/htmldocs/smbtar.1.html +++ b/docs/htmldocs/smbtar.1.html @@ -253,9 +253,8 @@ NAME="AEN106" ><H2 >DIAGNOSTICS</H2 ><P ->See the <I -CLASS="EMPHASIS" ->DIAGNOSTICS</I +>See the <EM +>DIAGNOSTICS</EM > section for the <A HREF="smbclient.1.html" diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html index f91366b1d6..e2977f3286 100644 --- a/docs/htmldocs/swat.8.html +++ b/docs/htmldocs/swat.8.html @@ -36,7 +36,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >nmblookup</B -> [-s <smb config file>] [-a]</P +> [-s <smb config file>] [-a]</P ></DIV ><DIV CLASS="REFSECT1" @@ -113,10 +113,9 @@ CLASS="FILENAME" swat in demo mode. In that mode anyone will be able to modify the smb.conf file. </P ><P -><I -CLASS="EMPHASIS" +><EM >Do NOT enable this option on a production - server. </I + server. </EM ></P ></DD ></DL diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html index d1a1e4333a..599746e414 100644 --- a/docs/htmldocs/testparm.1.html +++ b/docs/htmldocs/testparm.1.html @@ -37,7 +37,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >testparm</B -> [-s] [-h] [-L <servername>] {config filename} [hostname hostIP]</P +> [-s] [-h] [-L <servername>] {config filename} [hostname hostIP]</P ></DIV ><DIV CLASS="REFSECT1" @@ -68,9 +68,8 @@ CLASS="COMMAND" </B > will successfully load the configuration file.</P ><P ->Note that this is <I -CLASS="EMPHASIS" ->NOT</I +>Note that this is <EM +>NOT</EM > a guarantee that the services specified in the configuration file will be available or will operate as expected. </P diff --git a/docs/htmldocs/testprns.1.html b/docs/htmldocs/testprns.1.html index 94ab41c98d..4929415da0 100644 --- a/docs/htmldocs/testprns.1.html +++ b/docs/htmldocs/testprns.1.html @@ -163,11 +163,11 @@ NAME="AEN48" >DIAGNOSTICS</H2 ><P >If a printer is found to be valid, the message - "Printer name <printername> is valid" will be + "Printer name <printername> is valid" will be displayed. </P ><P >If a printer is found to be invalid, the message - "Printer name <printername> is not valid" will be + "Printer name <printername> is not valid" will be displayed. </P ><P >All messages that would normally be logged during diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html index a98b7a2864..0080386ee4 100644 --- a/docs/htmldocs/winbindd.8.html +++ b/docs/htmldocs/winbindd.8.html @@ -37,7 +37,7 @@ NAME="AEN8" ><B CLASS="COMMAND" >nmblookup</B -> [-d debuglevel] [-i] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}</P +> [-d debuglevel] [-i] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}</P ></DIV ><DIV CLASS="REFSECT1" @@ -128,11 +128,20 @@ CLASS="FILENAME" > and then from the Windows NT server. </P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >passwd: files winbind group: files winbind </PRE +></TD +></TR +></TABLE ></P ></DIV ><DIV @@ -272,7 +281,7 @@ CLASS="COMMAND" ><P >Default: <B CLASS="COMMAND" ->winbind uid = <empty string> +>winbind uid = <empty string> </B ></P ><P @@ -292,7 +301,7 @@ CLASS="COMMAND" ><P >Default: <B CLASS="COMMAND" ->winbind gid = <empty string> +>winbind gid = <empty string> </B ></P ><P @@ -363,9 +372,8 @@ CLASS="COMMAND" > system call will not return any data. </P ><P -><I -CLASS="EMPHASIS" ->Warning:</I +><EM +>Warning:</EM > Turning off user enumeration may cause some programs to behave oddly. For example, the finger program relies on having access to the full user list when @@ -404,9 +412,8 @@ CLASS="COMMAND" > system call will not return any data. </P ><P -><I -CLASS="EMPHASIS" ->Warning:</I +><EM +>Warning:</EM > Turning off group enumeration may cause some programs to behave oddly. </P @@ -487,11 +494,20 @@ CLASS="FILENAME" > put the following:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >passwd: files winbind group: files winbind </PRE +></TD +></TR +></TABLE ></P ><P >In <TT @@ -505,6 +521,12 @@ CLASS="PARAMETER" ></TT > lines with something like this: </P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >auth required /lib/security/pam_securetty.so @@ -512,6 +534,9 @@ auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok </PRE +></TD +></TR +></TABLE ></P ><P >Note in particular the use of the <TT @@ -585,6 +610,12 @@ CLASS="FILENAME" >Finally, setup a smb.conf containing directives like the following: </P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >[global] @@ -598,6 +629,9 @@ CLASS="PROGRAMLISTING" security = domain password server = * </PRE +></TD +></TR +></TABLE ></P ><P >Now start winbindd and you should find that your user and |