diff options
Diffstat (limited to 'docs/htmldocs')
-rw-r--r-- | docs/htmldocs/ENCRYPTION.html | 656 | ||||
-rw-r--r-- | docs/htmldocs/NT_Security.html | 783 | ||||
-rw-r--r-- | docs/htmldocs/Samba-HOWTO.html | 1440 | ||||
-rw-r--r-- | docs/htmldocs/ads.html | 423 | ||||
-rw-r--r-- | docs/htmldocs/oplocks.html | 208 | ||||
-rw-r--r-- | docs/htmldocs/p1346.html | 917 | ||||
-rw-r--r-- | docs/htmldocs/p18.html | 438 | ||||
-rw-r--r-- | docs/htmldocs/p3106.html | 391 | ||||
-rw-r--r-- | docs/htmldocs/p544.html | 388 | ||||
-rw-r--r-- | docs/htmldocs/pdb-mysql.html | 286 | ||||
-rw-r--r-- | docs/htmldocs/pdb-xml.html | 189 | ||||
-rw-r--r-- | docs/htmldocs/printingdebug.html | 522 | ||||
-rw-r--r-- | docs/htmldocs/pwencrypt.html | 445 | ||||
-rw-r--r-- | docs/htmldocs/samba-howto-collection.html | 1117 | ||||
-rw-r--r-- | docs/htmldocs/samba-pdc.html (renamed from docs/htmldocs/Samba-PDC-HOWTO.html) | 671 | ||||
-rw-r--r-- | docs/htmldocs/vfstest.1.html | 496 | ||||
-rw-r--r-- | docs/htmldocs/wfw_slip.htm | 175 |
17 files changed, 5816 insertions, 3729 deletions
diff --git a/docs/htmldocs/ENCRYPTION.html b/docs/htmldocs/ENCRYPTION.html deleted file mode 100644 index e4d3ef5fed..0000000000 --- a/docs/htmldocs/ENCRYPTION.html +++ /dev/null @@ -1,656 +0,0 @@ -<HTML -><HEAD -><TITLE ->LanMan and NT Password Encryption in Samba 2.x</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="PWENCRYPT" ->LanMan and NT Password Encryption in Samba 2.x</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->Introduction</A -></H1 -><P ->With the development of LanManager and Windows NT - compatible password encryption for Samba, it is now able - to validate user connections in exactly the same way as - a LanManager or Windows NT server.</P -><P ->This document describes how the SMB password encryption - algorithm works and what issues there are in choosing whether - you want to use it. You should read it carefully, especially - the part about security and the "PROS and CONS" section.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN7" ->How does it work?</A -></H1 -><P ->LanManager encryption is somewhat similar to UNIX - password encryption. The server uses a file containing a - hashed value of a user's password. This is created by taking - the user's plaintext password, capitalising it, and either - truncating to 14 bytes or padding to 14 bytes with null bytes. - This 14 byte value is used as two 56 bit DES keys to encrypt - a 'magic' eight byte value, forming a 16 byte value which is - stored by the server and client. Let this value be known as - the "hashed password".</P -><P ->Windows NT encryption is a higher quality mechanism, - consisting of doing an MD4 hash on a Unicode version of the user's - password. This also produces a 16 byte hash value that is - non-reversible.</P -><P ->When a client (LanManager, Windows for WorkGroups, Windows - 95 or Windows NT) wishes to mount a Samba drive (or use a Samba - resource), it first requests a connection and negotiates the - protocol that the client and server will use. In the reply to this - request the Samba server generates and appends an 8 byte, random - value - this is stored in the Samba server after the reply is sent - and is known as the "challenge". The challenge is different for - every client connection.</P -><P ->The client then uses the hashed password (16 byte values - described above), appended with 5 null bytes, as three 56 bit - DES keys, each of which is used to encrypt the challenge 8 byte - value, forming a 24 byte value known as the "response".</P -><P ->In the SMB call SMBsessionsetupX (when user level security - is selected) or the call SMBtconX (when share level security is - selected), the 24 byte response is returned by the client to the - Samba server. For Windows NT protocol levels the above calculation - is done on both hashes of the user's password and both responses are - returned in the SMB call, giving two 24 byte values.</P -><P ->The Samba server then reproduces the above calculation, using - its own stored value of the 16 byte hashed password (read from the - <TT -CLASS="FILENAME" ->smbpasswd</TT -> file - described later) and the challenge - value that it kept from the negotiate protocol reply. It then checks - to see if the 24 byte value it calculates matches the 24 byte value - returned to it from the client.</P -><P ->If these values match exactly, then the client knew the - correct password (or the 16 byte hashed value - see security note - below) and is thus allowed access. If not, then the client did not - know the correct password and is denied access.</P -><P ->Note that the Samba server never knows or stores the cleartext - of the user's password - just the 16 byte hashed values derived from - it. Also note that the cleartext password or 16 byte hashed values - are never transmitted over the network - thus increasing security.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN18" ->Important Notes About Security</A -></H1 -><P ->The unix and SMB password encryption techniques seem similar - on the surface. This similarity is, however, only skin deep. The unix - scheme typically sends clear text passwords over the network when - logging in. This is bad. The SMB encryption scheme never sends the - cleartext password over the network but it does store the 16 byte - hashed values on disk. This is also bad. Why? Because the 16 byte hashed - values are a "password equivalent". You cannot derive the user's - password from them, but they could potentially be used in a modified - client to gain access to a server. This would require considerable - technical knowledge on behalf of the attacker but is perfectly possible. - You should thus treat the smbpasswd file as though it contained the - cleartext passwords of all your users. Its contents must be kept - secret, and the file should be protected accordingly.</P -><P ->Ideally we would like a password scheme which neither requires - plain text passwords on the net or on disk. Unfortunately this - is not available as Samba is stuck with being compatible with - other SMB systems (WinNT, WfWg, Win95 etc). </P -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Warning</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P ->Note that Windows NT 4.0 Service pack 3 changed the - default for permissible authentication so that plaintext - passwords are <I -CLASS="EMPHASIS" ->never</I -> sent over the wire. - The solution to this is either to switch to encrypted passwords - with Samba or edit the Windows NT registry to re-enable plaintext - passwords. See the document WinNT.txt for details on how to do - this.</P -><P ->Other Microsoft operating systems which also exhibit - this behavior includes</P -><P -></P -><UL -><LI -><P ->MS DOS Network client 3.0 with - the basic network redirector installed</P -></LI -><LI -><P ->Windows 95 with the network redirector - update installed</P -></LI -><LI -><P ->Windows 98 [se]</P -></LI -><LI -><P ->Windows 2000</P -></LI -></UL -><P -><I -CLASS="EMPHASIS" ->Note :</I ->All current release of - Microsoft SMB/CIFS clients support authentication via the - SMB Challenge/Response mechanism described here. Enabling - clear text authentication does not disable the ability - of the client to participate in encrypted authentication.</P -></TD -></TR -></TABLE -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN37" ->Advantages of SMB Encryption</A -></H2 -><P -></P -><UL -><LI -><P ->plain text passwords are not passed across - the network. Someone using a network sniffer cannot just - record passwords going to the SMB server.</P -></LI -><LI -><P ->WinNT doesn't like talking to a server - that isn't using SMB encrypted passwords. It will refuse - to browse the server if the server is also in user level - security mode. It will insist on prompting the user for the - password on each connection, which is very annoying. The - only things you can do to stop this is to use SMB encryption. - </P -></LI -></UL -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN44" ->Advantages of non-encrypted passwords</A -></H2 -><P -></P -><UL -><LI -><P ->plain text passwords are not kept - on disk. </P -></LI -><LI -><P ->uses same password file as other unix - services such as login and ftp</P -></LI -><LI -><P ->you are probably already using other - services (such as telnet and ftp) which send plain text - passwords over the net, so sending them for SMB isn't - such a big deal.</P -></LI -></UL -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN53" -><A -NAME="SMBPASSWDFILEFORMAT" -></A ->The smbpasswd file</A -></H1 -><P ->In order for Samba to participate in the above protocol - it must be able to look up the 16 byte hashed values given a user name. - Unfortunately, as the UNIX password value is also a one way hash - function (ie. it is impossible to retrieve the cleartext of the user's - password given the UNIX hash of it), a separate password file - containing this 16 byte value must be kept. To minimise problems with - these two password files, getting out of sync, the UNIX <TT -CLASS="FILENAME" -> /etc/passwd</TT -> and the <TT -CLASS="FILENAME" ->smbpasswd</TT -> file, - a utility, <B -CLASS="COMMAND" ->mksmbpasswd.sh</B ->, is provided to generate - a smbpasswd file from a UNIX <TT -CLASS="FILENAME" ->/etc/passwd</TT -> file. - </P -><P ->To generate the smbpasswd file from your <TT -CLASS="FILENAME" ->/etc/passwd - </TT -> file use the following command :</P -><P -><TT -CLASS="PROMPT" ->$ </TT -><TT -CLASS="USERINPUT" -><B ->cat /etc/passwd | mksmbpasswd.sh - > /usr/local/samba/private/smbpasswd</B -></TT -></P -><P ->If you are running on a system that uses NIS, use</P -><P -><TT -CLASS="PROMPT" ->$ </TT -><TT -CLASS="USERINPUT" -><B ->ypcat passwd | mksmbpasswd.sh - > /usr/local/samba/private/smbpasswd</B -></TT -></P -><P ->The <B -CLASS="COMMAND" ->mksmbpasswd.sh</B -> program is found in - the Samba source directory. By default, the smbpasswd file is - stored in :</P -><P -><TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT -></P -><P ->The owner of the <TT -CLASS="FILENAME" ->/usr/local/samba/private/</TT -> - directory should be set to root, and the permissions on it should - be set to 0500 (<B -CLASS="COMMAND" ->chmod 500 /usr/local/samba/private</B ->). - </P -><P ->Likewise, the smbpasswd file inside the private directory should - be owned by root and the permissions on is should be set to 0600 - (<B -CLASS="COMMAND" ->chmod 600 smbpasswd</B ->).</P -><P ->The format of the smbpasswd file is (The line has been - wrapped here. It should appear as one entry per line in - your smbpasswd file.)</P -><P -><PRE -CLASS="PROGRAMLISTING" ->username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: - [Account type]:LCT-<last-change-time>:Long name - </PRE -></P -><P ->Although only the <TT -CLASS="REPLACEABLE" -><I ->username</I -></TT ->, - <TT -CLASS="REPLACEABLE" -><I ->uid</I -></TT ->, <TT -CLASS="REPLACEABLE" -><I -> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</I -></TT ->, - [<TT -CLASS="REPLACEABLE" -><I ->Account type</I -></TT ->] and <TT -CLASS="REPLACEABLE" -><I -> last-change-time</I -></TT -> sections are significant - and are looked at in the Samba code.</P -><P ->It is <I -CLASS="EMPHASIS" ->VITALLY</I -> important that there by 32 - 'X' characters between the two ':' characters in the XXX sections - - the smbpasswd and Samba code will fail to validate any entries that - do not have 32 characters between ':' characters. The first XXX - section is for the Lanman password hash, the second is for the - Windows NT version.</P -><P ->When the password file is created all users have password entries - consisting of 32 'X' characters. By default this disallows any access - as this user. When a user has a password set, the 'X' characters change - to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii - representation of the 16 byte hashed value of a user's password.</P -><P ->To set a user to have no password (not recommended), edit the file - using vi, and replace the first 11 characters with the ascii text - <TT -CLASS="CONSTANT" ->"NO PASSWORD"</TT -> (minus the quotes).</P -><P ->For example, to clear the password for user bob, his smbpasswd file - entry would look like :</P -><P -><PRE -CLASS="PROGRAMLISTING" -> bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell - </PRE -></P -><P ->If you are allowing users to use the smbpasswd command to set - their own passwords, you may want to give users NO PASSWORD initially - so they do not have to enter a previous password when changing to their - new password (not recommended). In order for you to allow this the - <B -CLASS="COMMAND" ->smbpasswd</B -> program must be able to connect to the - <B -CLASS="COMMAND" ->smbd</B -> daemon as that user with no password. Enable this - by adding the line :</P -><P -><B -CLASS="COMMAND" ->null passwords = yes</B -></P -><P ->to the [global] section of the smb.conf file (this is why - the above scenario is not recommended). Preferably, allocate your - users a default password to begin with, so you do not have - to enable this on your server.</P -><P -><I -CLASS="EMPHASIS" ->Note : </I ->This file should be protected very - carefully. Anyone with access to this file can (with enough knowledge of - the protocols) gain access to your SMB server. The file is thus more - sensitive than a normal unix <TT -CLASS="FILENAME" ->/etc/passwd</TT -> file.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN105" ->The smbpasswd Command</A -></H1 -><P ->The smbpasswd command maintains the two 32 byte password fields - in the smbpasswd file. If you wish to make it similar to the unix - <B -CLASS="COMMAND" ->passwd</B -> or <B -CLASS="COMMAND" ->yppasswd</B -> programs, - install it in <TT -CLASS="FILENAME" ->/usr/local/samba/bin/</TT -> (or your - main Samba binary directory).</P -><P ->Note that as of Samba 1.9.18p4 this program <I -CLASS="EMPHASIS" ->MUST NOT - BE INSTALLED</I -> setuid root (the new <B -CLASS="COMMAND" ->smbpasswd</B -> - code enforces this restriction so it cannot be run this way by - accident).</P -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> now works in a client-server mode - where it contacts the local smbd to change the user's password on its - behalf. This has enormous benefits - as follows.</P -><P -></P -><UL -><LI -><P ->smbpasswd no longer has to be setuid root - - an enormous range of potential security problems is - eliminated.</P -></LI -><LI -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> now has the capability - to change passwords on Windows NT servers (this only works when - the request is sent to the NT Primary Domain Controller if you - are changing an NT Domain user's password).</P -></LI -></UL -><P ->To run smbpasswd as a normal user just type :</P -><P -><TT -CLASS="PROMPT" ->$ </TT -><TT -CLASS="USERINPUT" -><B ->smbpasswd</B -></TT -></P -><P -><TT -CLASS="PROMPT" ->Old SMB password: </TT -><TT -CLASS="USERINPUT" -><B -><type old value here - - or hit return if there was no old password></B -></TT -></P -><P -><TT -CLASS="PROMPT" ->New SMB Password: </TT -><TT -CLASS="USERINPUT" -><B -><type new value> - </B -></TT -></P -><P -><TT -CLASS="PROMPT" ->Repeat New SMB Password: </TT -><TT -CLASS="USERINPUT" -><B -><re-type new value - </B -></TT -></P -><P ->If the old value does not match the current value stored for - that user, or the two new values do not match each other, then the - password will not be changed.</P -><P ->If invoked by an ordinary user it will only allow the user - to change his or her own Samba password.</P -><P ->If run by the root user smbpasswd may take an optional - argument, specifying the user name whose SMB password you wish to - change. Note that when run as root smbpasswd does not prompt for - or check the old password value, thus allowing root to set passwords - for users who have forgotten their passwords.</P -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> is designed to work in the same way - and be familiar to UNIX users who use the <B -CLASS="COMMAND" ->passwd</B -> or - <B -CLASS="COMMAND" ->yppasswd</B -> commands.</P -><P ->For more details on using <B -CLASS="COMMAND" ->smbpasswd</B -> refer - to the man page which will always be the definitive reference.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN144" ->Setting up Samba to support LanManager Encryption</A -></H1 -><P ->This is a very brief description on how to setup samba to - support password encryption. </P -><P -></P -><OL -TYPE="1" -><LI -><P ->compile and install samba as usual</P -></LI -><LI -><P ->enable encrypted passwords in <TT -CLASS="FILENAME" -> smb.conf</TT -> by adding the line <B -CLASS="COMMAND" ->encrypt - passwords = yes</B -> in the [global] section</P -></LI -><LI -><P ->create the initial <TT -CLASS="FILENAME" ->smbpasswd</TT -> - password file in the place you specified in the Makefile - (--prefix=<dir>). See the notes under the <A -HREF="#SMBPASSWDFILEFORMAT" ->The smbpasswd File</A -> - section earlier in the document for details.</P -></LI -></OL -><P ->Note that you can test things using smbclient.</P -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/NT_Security.html b/docs/htmldocs/NT_Security.html deleted file mode 100644 index ab8797563e..0000000000 --- a/docs/htmldocs/NT_Security.html +++ /dev/null @@ -1,783 +0,0 @@ -<HTML -><HEAD -><TITLE ->UNIX Permission Bits and Windows NT Access Control Lists</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="UNIX-PERMISSIONS" ->UNIX Permission Bits and Windows NT Access Control Lists</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->Viewing and changing UNIX permissions using the NT - security dialogs</A -></H1 -><P ->New in the Samba 2.0.4 release is the ability for Windows - NT clients to use their native security settings dialog box to - view and modify the underlying UNIX permissions.</P -><P ->Note that this ability is careful not to compromise - the security of the UNIX host Samba is running on, and - still obeys all the file permission rules that a Samba - administrator can set.</P -><P ->In Samba 2.0.4 and above the default value of the - parameter <A -HREF="smb.conf.5.html#NTACLSUPPORT" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I -> nt acl support</I -></TT -></A -> has been changed from - <TT -CLASS="CONSTANT" ->false</TT -> to <TT -CLASS="CONSTANT" ->true</TT ->, so - manipulation of permissions is turned on by default.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN12" ->How to view file security on a Samba share</A -></H1 -><P ->From an NT 4.0 client, single-click with the right - mouse button on any file or directory in a Samba mounted - drive letter or UNC path. When the menu pops-up, click - on the <I -CLASS="EMPHASIS" ->Properties</I -> entry at the bottom of - the menu. This brings up the normal file properties dialog - box, but with Samba 2.0.4 this will have a new tab along the top - marked <I -CLASS="EMPHASIS" ->Security</I ->. Click on this tab and you - will see three buttons, <I -CLASS="EMPHASIS" ->Permissions</I ->, - <I -CLASS="EMPHASIS" ->Auditing</I ->, and <I -CLASS="EMPHASIS" ->Ownership</I ->. - The <I -CLASS="EMPHASIS" ->Auditing</I -> button will cause either - an error message <SPAN -CLASS="ERRORNAME" ->A requested privilege is not held - by the client</SPAN -> to appear if the user is not the - NT Administrator, or a dialog which is intended to allow an - Administrator to add auditing requirements to a file if the - user is logged on as the NT Administrator. This dialog is - non-functional with a Samba share at this time, as the only - useful button, the <B -CLASS="COMMAND" ->Add</B -> button will not currently - allow a list of users to be seen.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN23" ->Viewing file ownership</A -></H1 -><P ->Clicking on the <B -CLASS="COMMAND" ->"Ownership"</B -> button - brings up a dialog box telling you who owns the given file. The - owner name will be of the form :</P -><P -><B -CLASS="COMMAND" ->"SERVER\user (Long name)"</B -></P -><P ->Where <TT -CLASS="REPLACEABLE" -><I ->SERVER</I -></TT -> is the NetBIOS name of - the Samba server, <TT -CLASS="REPLACEABLE" -><I ->user</I -></TT -> is the user name of - the UNIX user who owns the file, and <TT -CLASS="REPLACEABLE" -><I ->(Long name)</I -></TT -> - is the descriptive string identifying the user (normally found in the - GECOS field of the UNIX password database). Click on the <B -CLASS="COMMAND" ->Close - </B -> button to remove this dialog.</P -><P ->If the parameter <TT -CLASS="PARAMETER" -><I ->nt acl support</I -></TT -> - is set to <TT -CLASS="CONSTANT" ->false</TT -> then the file owner will - be shown as the NT user <B -CLASS="COMMAND" ->"Everyone"</B ->.</P -><P ->The <B -CLASS="COMMAND" ->Take Ownership</B -> button will not allow - you to change the ownership of this file to yourself (clicking on - it will display a dialog box complaining that the user you are - currently logged onto the NT client cannot be found). The reason - for this is that changing the ownership of a file is a privileged - operation in UNIX, available only to the <I -CLASS="EMPHASIS" ->root</I -> - user. As clicking on this button causes NT to attempt to change - the ownership of a file to the current user logged into the NT - client this will not work with Samba at this time.</P -><P ->There is an NT chown command that will work with Samba - and allow a user with Administrator privilege connected - to a Samba 2.0.4 server as root to change the ownership of - files on both a local NTFS filesystem or remote mounted NTFS - or Samba drive. This is available as part of the <I -CLASS="EMPHASIS" ->Seclib - </I -> NT security library written by Jeremy Allison of - the Samba Team, available from the main Samba ftp site.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN43" ->Viewing file or directory permissions</A -></H1 -><P ->The third button is the <B -CLASS="COMMAND" ->"Permissions"</B -> - button. Clicking on this brings up a dialog box that shows both - the permissions and the UNIX owner of the file or directory. - The owner is displayed in the form :</P -><P -><B -CLASS="COMMAND" ->"SERVER\user (Long name)"</B -></P -><P ->Where <TT -CLASS="REPLACEABLE" -><I ->SERVER</I -></TT -> is the NetBIOS name of - the Samba server, <TT -CLASS="REPLACEABLE" -><I ->user</I -></TT -> is the user name of - the UNIX user who owns the file, and <TT -CLASS="REPLACEABLE" -><I ->(Long name)</I -></TT -> - is the descriptive string identifying the user (normally found in the - GECOS field of the UNIX password database).</P -><P ->If the parameter <TT -CLASS="PARAMETER" -><I ->nt acl support</I -></TT -> - is set to <TT -CLASS="CONSTANT" ->false</TT -> then the file owner will - be shown as the NT user <B -CLASS="COMMAND" ->"Everyone"</B -> and the - permissions will be shown as NT "Full Control".</P -><P ->The permissions field is displayed differently for files - and directories, so I'll describe the way file permissions - are displayed first.</P -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN58" ->File Permissions</A -></H2 -><P ->The standard UNIX user/group/world triple and - the corresponding "read", "write", "execute" permissions - triples are mapped by Samba into a three element NT ACL - with the 'r', 'w', and 'x' bits mapped into the corresponding - NT permissions. The UNIX world permissions are mapped into - the global NT group <B -CLASS="COMMAND" ->Everyone</B ->, followed - by the list of permissions allowed for UNIX world. The UNIX - owner and group permissions are displayed as an NT - <B -CLASS="COMMAND" ->user</B -> icon and an NT <B -CLASS="COMMAND" ->local - group</B -> icon respectively followed by the list - of permissions allowed for the UNIX user and group.</P -><P ->As many UNIX permission sets don't map into common - NT names such as <B -CLASS="COMMAND" ->"read"</B ->, <B -CLASS="COMMAND" -> "change"</B -> or <B -CLASS="COMMAND" ->"full control"</B -> then - usually the permissions will be prefixed by the words <B -CLASS="COMMAND" -> "Special Access"</B -> in the NT display list.</P -><P ->But what happens if the file has no permissions allowed - for a particular UNIX user group or world component ? In order - to allow "no permissions" to be seen and modified then Samba - overloads the NT <B -CLASS="COMMAND" ->"Take Ownership"</B -> ACL attribute - (which has no meaning in UNIX) and reports a component with - no permissions as having the NT <B -CLASS="COMMAND" ->"O"</B -> bit set. - This was chosen of course to make it look like a zero, meaning - zero permissions. More details on the decision behind this will - be given below.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN72" ->Directory Permissions</A -></H2 -><P ->Directories on an NT NTFS file system have two - different sets of permissions. The first set of permissions - is the ACL set on the directory itself, this is usually displayed - in the first set of parentheses in the normal <B -CLASS="COMMAND" ->"RW"</B -> - NT style. This first set of permissions is created by Samba in - exactly the same way as normal file permissions are, described - above, and is displayed in the same way.</P -><P ->The second set of directory permissions has no real meaning - in the UNIX permissions world and represents the <B -CLASS="COMMAND" -> "inherited"</B -> permissions that any file created within - this directory would inherit.</P -><P ->Samba synthesises these inherited permissions for NT by - returning as an NT ACL the UNIX permission mode that a new file - created by Samba on this share would receive.</P -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN79" ->Modifying file or directory permissions</A -></H1 -><P ->Modifying file and directory permissions is as simple - as changing the displayed permissions in the dialog box, and - clicking the <B -CLASS="COMMAND" ->OK</B -> button. However, there are - limitations that a user needs to be aware of, and also interactions - with the standard Samba permission masks and mapping of DOS - attributes that need to also be taken into account.</P -><P ->If the parameter <TT -CLASS="PARAMETER" -><I ->nt acl support</I -></TT -> - is set to <TT -CLASS="CONSTANT" ->false</TT -> then any attempt to set - security permissions will fail with an <B -CLASS="COMMAND" ->"Access Denied" - </B -> message.</P -><P ->The first thing to note is that the <B -CLASS="COMMAND" ->"Add"</B -> - button will not return a list of users in Samba 2.0.4 (it will give - an error message of <B -CLASS="COMMAND" ->"The remote procedure call failed - and did not execute"</B ->). This means that you can only - manipulate the current user/group/world permissions listed in - the dialog box. This actually works quite well as these are the - only permissions that UNIX actually has.</P -><P ->If a permission triple (either user, group, or world) - is removed from the list of permissions in the NT dialog box, - then when the <B -CLASS="COMMAND" ->"OK"</B -> button is pressed it will - be applied as "no permissions" on the UNIX side. If you then - view the permissions again the "no permissions" entry will appear - as the NT <B -CLASS="COMMAND" ->"O"</B -> flag, as described above. This - allows you to add permissions back to a file or directory once - you have removed them from a triple component.</P -><P ->As UNIX supports only the "r", "w" and "x" bits of - an NT ACL then if other NT security attributes such as "Delete - access" are selected then they will be ignored when applied on - the Samba server.</P -><P ->When setting permissions on a directory the second - set of permissions (in the second set of parentheses) is - by default applied to all files within that directory. If this - is not what you want you must uncheck the <B -CLASS="COMMAND" ->"Replace - permissions on existing files"</B -> checkbox in the NT - dialog before clicking <B -CLASS="COMMAND" ->"OK"</B ->.</P -><P ->If you wish to remove all permissions from a - user/group/world component then you may either highlight the - component and click the <B -CLASS="COMMAND" ->"Remove"</B -> button, - or set the component to only have the special <B -CLASS="COMMAND" ->"Take - Ownership"</B -> permission (displayed as <B -CLASS="COMMAND" ->"O" - </B ->) highlighted.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN101" ->Interaction with the standard Samba create mask - parameters</A -></H1 -><P ->Note that with Samba 2.0.5 there are four new parameters - to control this interaction. These are :</P -><P -><TT -CLASS="PARAMETER" -><I ->security mask</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force security mode</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->directory security mask</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force directory security mode</I -></TT -></P -><P ->Once a user clicks <B -CLASS="COMMAND" ->"OK"</B -> to apply the - permissions Samba maps the given permissions into a user/group/world - r/w/x triple set, and then will check the changed permissions for a - file against the bits set in the <A -HREF="smb.conf.5.html#SECURITYMASK" -TARGET="_top" -> - <TT -CLASS="PARAMETER" -><I ->security mask</I -></TT -></A -> parameter. Any bits that - were changed that are not set to '1' in this parameter are left alone - in the file permissions.</P -><P ->Essentially, zero bits in the <TT -CLASS="PARAMETER" -><I ->security mask</I -></TT -> - mask may be treated as a set of bits the user is <I -CLASS="EMPHASIS" ->not</I -> - allowed to change, and one bits are those the user is allowed to change. - </P -><P ->If not set explicitly this parameter is set to the same value as - the <A -HREF="smb.conf.5.html#CREATEMASK" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I ->create mask - </I -></TT -></A -> parameter to provide compatibility with Samba 2.0.4 - where this permission change facility was introduced. To allow a user to - modify all the user/group/world permissions on a file, set this parameter - to 0777.</P -><P ->Next Samba checks the changed permissions for a file against - the bits set in the <A -HREF="smb.conf.5.html#FORCESECURITYMODE" -TARGET="_top" -> <TT -CLASS="PARAMETER" -><I ->force security mode</I -></TT -></A -> parameter. Any bits - that were changed that correspond to bits set to '1' in this parameter - are forced to be set.</P -><P ->Essentially, bits set in the <TT -CLASS="PARAMETER" -><I ->force security mode - </I -></TT -> parameter may be treated as a set of bits that, when - modifying security on a file, the user has always set to be 'on'.</P -><P ->If not set explicitly this parameter is set to the same value - as the <A -HREF="smb.conf.5.html#FORCECREATEMODE" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I ->force - create mode</I -></TT -></A -> parameter to provide compatibility - with Samba 2.0.4 where the permission change facility was introduced. - To allow a user to modify all the user/group/world permissions on a file - with no restrictions set this parameter to 000.</P -><P ->The <TT -CLASS="PARAMETER" -><I ->security mask</I -></TT -> and <TT -CLASS="PARAMETER" -><I ->force - security mode</I -></TT -> parameters are applied to the change - request in that order.</P -><P ->For a directory Samba will perform the same operations as - described above for a file except using the parameter <TT -CLASS="PARAMETER" -><I -> directory security mask</I -></TT -> instead of <TT -CLASS="PARAMETER" -><I ->security - mask</I -></TT ->, and <TT -CLASS="PARAMETER" -><I ->force directory security mode - </I -></TT -> parameter instead of <TT -CLASS="PARAMETER" -><I ->force security mode - </I -></TT ->.</P -><P ->The <TT -CLASS="PARAMETER" -><I ->directory security mask</I -></TT -> parameter - by default is set to the same value as the <TT -CLASS="PARAMETER" -><I ->directory mask - </I -></TT -> parameter and the <TT -CLASS="PARAMETER" -><I ->force directory security - mode</I -></TT -> parameter by default is set to the same value as - the <TT -CLASS="PARAMETER" -><I ->force directory mode</I -></TT -> parameter to provide - compatibility with Samba 2.0.4 where the permission change facility - was introduced.</P -><P ->In this way Samba enforces the permission restrictions that - an administrator can set on a Samba share, whilst still allowing users - to modify the permission bits within that restriction.</P -><P ->If you want to set up a share that allows users full control - in modifying the permission bits on their files and directories and - doesn't force any particular bits to be set 'on', then set the following - parameters in the <A -HREF="smb.conf.5.html" -TARGET="_top" -><TT -CLASS="FILENAME" ->smb.conf(5) - </TT -></A -> file in that share specific section :</P -><P -><TT -CLASS="PARAMETER" -><I ->security mask = 0777</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force security mode = 0</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->directory security mask = 0777</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force directory security mode = 0</I -></TT -></P -><P ->As described, in Samba 2.0.4 the parameters :</P -><P -><TT -CLASS="PARAMETER" -><I ->create mask</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force create mode</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->directory mask</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force directory mode</I -></TT -></P -><P ->were used instead of the parameters discussed here.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN165" ->Interaction with the standard Samba file attribute - mapping</A -></H1 -><P ->Samba maps some of the DOS attribute bits (such as "read - only") into the UNIX permissions of a file. This means there can - be a conflict between the permission bits set via the security - dialog and the permission bits set by the file attribute mapping. - </P -><P ->One way this can show up is if a file has no UNIX read access - for the owner it will show up as "read only" in the standard - file attributes tabbed dialog. Unfortunately this dialog is - the same one that contains the security info in another tab.</P -><P ->What this can mean is that if the owner changes the permissions - to allow themselves read access using the security dialog, clicks - <B -CLASS="COMMAND" ->"OK"</B -> to get back to the standard attributes tab - dialog, and then clicks <B -CLASS="COMMAND" ->"OK"</B -> on that dialog, then - NT will set the file permissions back to read-only (as that is what - the attributes still say in the dialog). This means that after setting - permissions and clicking <B -CLASS="COMMAND" ->"OK"</B -> to get back to the - attributes dialog you should always hit <B -CLASS="COMMAND" ->"Cancel"</B -> - rather than <B -CLASS="COMMAND" ->"OK"</B -> to ensure that your changes - are not overridden.</P -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/Samba-HOWTO.html b/docs/htmldocs/Samba-HOWTO.html deleted file mode 100644 index da69705bc3..0000000000 --- a/docs/htmldocs/Samba-HOWTO.html +++ /dev/null @@ -1,1440 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->SAMBA Project Documentation</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="NEXT" -TITLE="How to Install and Test SAMBA" -HREF="install.html"></HEAD -><BODY -CLASS="BOOK" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="BOOK" -><A -NAME="SAMBA-PROJECT-DOCUMENTATION"><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="SAMBA-PROJECT-DOCUMENTATION">SAMBA Project Documentation</H1 -><H3 -CLASS="AUTHOR" -><A -NAME="AEN4">SAMBA Team</H3 -><HR></DIV -><H1 -><A -NAME="AEN8">Abstract</H1 -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Last Update</I -></SPAN -> : Thu Aug 15 12:48:45 CDT 2002</P -><P ->This book is a collection of HOWTOs added to Samba documentation over the years. -I try to ensure that all are current, but sometimes the is a larger job -than one person can maintain. The most recent version of this document -can be found at <A -HREF="http://www.samba.org/" -TARGET="_top" ->http://www.samba.org/</A -> -on the "Documentation" page. Please send updates to <A -HREF="mailto:jerry@samba.org" -TARGET="_top" ->jerry@samba.org</A ->.</P -><P ->This documentation is distributed under the GNU General Public License (GPL) -version 2. A copy of the license is included with the Samba source -distribution. A copy can be found on-line at <A -HREF="http://www.fsf.org/licenses/gpl.txt" -TARGET="_top" ->http://www.fsf.org/licenses/gpl.txt</A -></P -><P ->Cheers, jerry</P -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->1. <A -HREF="install.html" ->How to Install and Test SAMBA</A -></DT -><DD -><DL -><DT ->1.1. <A -HREF="install.html#AEN20" ->Step 0: Read the man pages</A -></DT -><DT ->1.2. <A -HREF="install.html#AEN28" ->Step 1: Building the Binaries</A -></DT -><DT ->1.3. <A -HREF="install.html#AEN56" ->Step 2: The all important step</A -></DT -><DT ->1.4. <A -HREF="install.html#AEN60" ->Step 3: Create the smb configuration file.</A -></DT -><DT ->1.5. <A -HREF="install.html#AEN74" ->Step 4: Test your config file with - <B -CLASS="COMMAND" ->testparm</B -></A -></DT -><DT ->1.6. <A -HREF="install.html#AEN80" ->Step 5: Starting the smbd and nmbd</A -></DT -><DD -><DL -><DT ->1.6.1. <A -HREF="install.html#AEN90" ->Step 5a: Starting from inetd.conf</A -></DT -><DT ->1.6.2. <A -HREF="install.html#AEN119" ->Step 5b. Alternative: starting it as a daemon</A -></DT -></DL -></DD -><DT ->1.7. <A -HREF="install.html#AEN135" ->Step 6: Try listing the shares available on your - server</A -></DT -><DT ->1.8. <A -HREF="install.html#AEN144" ->Step 7: Try connecting with the unix client</A -></DT -><DT ->1.9. <A -HREF="install.html#AEN160" ->Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, - Win2k, OS/2, etc... client</A -></DT -><DT ->1.10. <A -HREF="install.html#AEN174" ->What If Things Don't Work?</A -></DT -><DD -><DL -><DT ->1.10.1. <A -HREF="install.html#AEN179" ->Diagnosing Problems</A -></DT -><DT ->1.10.2. <A -HREF="install.html#AEN183" ->Scope IDs</A -></DT -><DT ->1.10.3. <A -HREF="install.html#AEN186" ->Choosing the Protocol Level</A -></DT -><DT ->1.10.4. <A -HREF="install.html#AEN195" ->Printing from UNIX to a Client PC</A -></DT -><DT ->1.10.5. <A -HREF="install.html#AEN200" ->Locking</A -></DT -><DT ->1.10.6. <A -HREF="install.html#AEN209" ->Mapping Usernames</A -></DT -></DL -></DD -></DL -></DD -><DT ->2. <A -HREF="diagnosis.html" ->Diagnosing your samba server</A -></DT -><DD -><DL -><DT ->2.1. <A -HREF="diagnosis.html#AEN223" ->Introduction</A -></DT -><DT ->2.2. <A -HREF="diagnosis.html#AEN228" ->Assumptions</A -></DT -><DT ->2.3. <A -HREF="diagnosis.html#AEN238" ->Tests</A -></DT -><DD -><DL -><DT ->2.3.1. <A -HREF="diagnosis.html#AEN240" ->Test 1</A -></DT -><DT ->2.3.2. <A -HREF="diagnosis.html#AEN246" ->Test 2</A -></DT -><DT ->2.3.3. <A -HREF="diagnosis.html#AEN252" ->Test 3</A -></DT -><DT ->2.3.4. <A -HREF="diagnosis.html#AEN267" ->Test 4</A -></DT -><DT ->2.3.5. <A -HREF="diagnosis.html#AEN272" ->Test 5</A -></DT -><DT ->2.3.6. <A -HREF="diagnosis.html#AEN278" ->Test 6</A -></DT -><DT ->2.3.7. <A -HREF="diagnosis.html#AEN286" ->Test 7</A -></DT -><DT ->2.3.8. <A -HREF="diagnosis.html#AEN312" ->Test 8</A -></DT -><DT ->2.3.9. <A -HREF="diagnosis.html#AEN329" ->Test 9</A -></DT -><DT ->2.3.10. <A -HREF="diagnosis.html#AEN334" ->Test 10</A -></DT -><DT ->2.3.11. <A -HREF="diagnosis.html#AEN340" ->Test 11</A -></DT -></DL -></DD -><DT ->2.4. <A -HREF="diagnosis.html#AEN345" ->Still having troubles?</A -></DT -></DL -></DD -><DT ->3. <A -HREF="integrate-ms-networks.html" ->Integrating MS Windows networks with Samba</A -></DT -><DD -><DL -><DT ->3.1. <A -HREF="integrate-ms-networks.html#AEN362" ->Agenda</A -></DT -><DT ->3.2. <A -HREF="integrate-ms-networks.html#AEN384" ->Name Resolution in a pure Unix/Linux world</A -></DT -><DD -><DL -><DT ->3.2.1. <A -HREF="integrate-ms-networks.html#AEN400" -><TT -CLASS="FILENAME" ->/etc/hosts</TT -></A -></DT -><DT ->3.2.2. <A -HREF="integrate-ms-networks.html#AEN416" -><TT -CLASS="FILENAME" ->/etc/resolv.conf</TT -></A -></DT -><DT ->3.2.3. <A -HREF="integrate-ms-networks.html#AEN427" -><TT -CLASS="FILENAME" ->/etc/host.conf</TT -></A -></DT -><DT ->3.2.4. <A -HREF="integrate-ms-networks.html#AEN435" -><TT -CLASS="FILENAME" ->/etc/nsswitch.conf</TT -></A -></DT -></DL -></DD -><DT ->3.3. <A -HREF="integrate-ms-networks.html#AEN447" ->Name resolution as used within MS Windows networking</A -></DT -><DD -><DL -><DT ->3.3.1. <A -HREF="integrate-ms-networks.html#AEN459" ->The NetBIOS Name Cache</A -></DT -><DT ->3.3.2. <A -HREF="integrate-ms-networks.html#AEN464" ->The LMHOSTS file</A -></DT -><DT ->3.3.3. <A -HREF="integrate-ms-networks.html#AEN472" ->HOSTS file</A -></DT -><DT ->3.3.4. <A -HREF="integrate-ms-networks.html#AEN477" ->DNS Lookup</A -></DT -><DT ->3.3.5. <A -HREF="integrate-ms-networks.html#AEN480" ->WINS Lookup</A -></DT -></DL -></DD -><DT ->3.4. <A -HREF="integrate-ms-networks.html#AEN492" ->How browsing functions and how to deploy stable and -dependable browsing using Samba</A -></DT -><DT ->3.5. <A -HREF="integrate-ms-networks.html#AEN502" ->MS Windows security options and how to configure -Samba for seemless integration</A -></DT -><DD -><DL -><DT ->3.5.1. <A -HREF="integrate-ms-networks.html#AEN530" ->Use MS Windows NT as an authentication server</A -></DT -><DT ->3.5.2. <A -HREF="integrate-ms-networks.html#AEN538" ->Make Samba a member of an MS Windows NT security domain</A -></DT -><DT ->3.5.3. <A -HREF="integrate-ms-networks.html#AEN555" ->Configure Samba as an authentication server</A -></DT -></DL -></DD -><DT ->3.6. <A -HREF="integrate-ms-networks.html#AEN572" ->Conclusions</A -></DT -></DL -></DD -><DT ->4. <A -HREF="pam.html" ->Configuring PAM for distributed but centrally -managed authentication</A -></DT -><DD -><DL -><DT ->4.1. <A -HREF="pam.html#AEN593" ->Samba and PAM</A -></DT -><DT ->4.2. <A -HREF="pam.html#AEN637" ->Distributed Authentication</A -></DT -><DT ->4.3. <A -HREF="pam.html#AEN644" ->PAM Configuration in smb.conf</A -></DT -></DL -></DD -><DT ->5. <A -HREF="msdfs.html" ->Hosting a Microsoft Distributed File System tree on Samba</A -></DT -><DD -><DL -><DT ->5.1. <A -HREF="msdfs.html#AEN664" ->Instructions</A -></DT -><DD -><DL -><DT ->5.1.1. <A -HREF="msdfs.html#AEN699" ->Notes</A -></DT -></DL -></DD -></DL -></DD -><DT ->6. <A -HREF="unix-permissions.html" ->UNIX Permission Bits and Windows NT Access Control Lists</A -></DT -><DD -><DL -><DT ->6.1. <A -HREF="unix-permissions.html#AEN719" ->Viewing and changing UNIX permissions using the NT - security dialogs</A -></DT -><DT ->6.2. <A -HREF="unix-permissions.html#AEN728" ->How to view file security on a Samba share</A -></DT -><DT ->6.3. <A -HREF="unix-permissions.html#AEN739" ->Viewing file ownership</A -></DT -><DT ->6.4. <A -HREF="unix-permissions.html#AEN759" ->Viewing file or directory permissions</A -></DT -><DD -><DL -><DT ->6.4.1. <A -HREF="unix-permissions.html#AEN774" ->File Permissions</A -></DT -><DT ->6.4.2. <A -HREF="unix-permissions.html#AEN788" ->Directory Permissions</A -></DT -></DL -></DD -><DT ->6.5. <A -HREF="unix-permissions.html#AEN795" ->Modifying file or directory permissions</A -></DT -><DT ->6.6. <A -HREF="unix-permissions.html#AEN817" ->Interaction with the standard Samba create mask - parameters</A -></DT -><DT ->6.7. <A -HREF="unix-permissions.html#AEN881" ->Interaction with the standard Samba file attribute - mapping</A -></DT -></DL -></DD -><DT ->7. <A -HREF="printing.html" ->Printing Support in Samba 2.2.x</A -></DT -><DD -><DL -><DT ->7.1. <A -HREF="printing.html#AEN902" ->Introduction</A -></DT -><DT ->7.2. <A -HREF="printing.html#AEN924" ->Configuration</A -></DT -><DD -><DL -><DT ->7.2.1. <A -HREF="printing.html#AEN935" ->Creating [print$]</A -></DT -><DT ->7.2.2. <A -HREF="printing.html#AEN970" ->Setting Drivers for Existing Printers</A -></DT -><DT ->7.2.3. <A -HREF="printing.html#AEN987" ->Support a large number of printers</A -></DT -><DT ->7.2.4. <A -HREF="printing.html#AEN998" ->Adding New Printers via the Windows NT APW</A -></DT -><DT ->7.2.5. <A -HREF="printing.html#AEN1028" ->Samba and Printer Ports</A -></DT -></DL -></DD -><DT ->7.3. <A -HREF="printing.html#AEN1036" ->The Imprints Toolset</A -></DT -><DD -><DL -><DT ->7.3.1. <A -HREF="printing.html#AEN1040" ->What is Imprints?</A -></DT -><DT ->7.3.2. <A -HREF="printing.html#AEN1050" ->Creating Printer Driver Packages</A -></DT -><DT ->7.3.3. <A -HREF="printing.html#AEN1053" ->The Imprints server</A -></DT -><DT ->7.3.4. <A -HREF="printing.html#AEN1057" ->The Installation Client</A -></DT -></DL -></DD -><DT ->7.4. <A -HREF="printing.html#AEN1079" -><A -NAME="MIGRATION" -></A ->Migration to from Samba 2.0.x to 2.2.x</A -></DT -></DL -></DD -><DT ->8. <A -HREF="printingdebug.html" ->Debugging Printing Problems</A -></DT -><DD -><DL -><DT ->8.1. <A -HREF="printingdebug.html#AEN1125" ->Introduction</A -></DT -><DT ->8.2. <A -HREF="printingdebug.html#AEN1141" ->Debugging printer problems</A -></DT -><DT ->8.3. <A -HREF="printingdebug.html#AEN1150" ->What printers do I have?</A -></DT -><DT ->8.4. <A -HREF="printingdebug.html#AEN1158" ->Setting up printcap and print servers</A -></DT -><DT ->8.5. <A -HREF="printingdebug.html#AEN1186" ->Job sent, no output</A -></DT -><DT ->8.6. <A -HREF="printingdebug.html#AEN1197" ->Job sent, strange output</A -></DT -><DT ->8.7. <A -HREF="printingdebug.html#AEN1209" ->Raw PostScript printed</A -></DT -><DT ->8.8. <A -HREF="printingdebug.html#AEN1212" ->Advanced Printing</A -></DT -><DT ->8.9. <A -HREF="printingdebug.html#AEN1215" ->Real debugging</A -></DT -></DL -></DD -><DT ->9. <A -HREF="securitylevels.html" ->Security levels</A -></DT -><DD -><DL -><DT ->9.1. <A -HREF="securitylevels.html#AEN1228" ->Introduction</A -></DT -><DT ->9.2. <A -HREF="securitylevels.html#AEN1239" ->More complete description of security levels</A -></DT -></DL -></DD -><DT ->10. <A -HREF="domain-security.html" ->security = domain in Samba 2.x</A -></DT -><DD -><DL -><DT ->10.1. <A -HREF="domain-security.html#AEN1272" ->Joining an NT Domain with Samba 2.2</A -></DT -><DT ->10.2. <A -HREF="domain-security.html#AEN1336" ->Samba and Windows 2000 Domains</A -></DT -><DT ->10.3. <A -HREF="domain-security.html#AEN1341" ->Why is this better than security = server?</A -></DT -></DL -></DD -><DT ->11. <A -HREF="winbind.html" ->Unified Logons between Windows NT and UNIX using Winbind</A -></DT -><DD -><DL -><DT ->11.1. <A -HREF="winbind.html#AEN1394" ->Abstract</A -></DT -><DT ->11.2. <A -HREF="winbind.html#AEN1398" ->Introduction</A -></DT -><DT ->11.3. <A -HREF="winbind.html#AEN1411" ->What Winbind Provides</A -></DT -><DD -><DL -><DT ->11.3.1. <A -HREF="winbind.html#AEN1418" ->Target Uses</A -></DT -></DL -></DD -><DT ->11.4. <A -HREF="winbind.html#AEN1422" ->How Winbind Works</A -></DT -><DD -><DL -><DT ->11.4.1. <A -HREF="winbind.html#AEN1427" ->Microsoft Remote Procedure Calls</A -></DT -><DT ->11.4.2. <A -HREF="winbind.html#AEN1431" ->Name Service Switch</A -></DT -><DT ->11.4.3. <A -HREF="winbind.html#AEN1447" ->Pluggable Authentication Modules</A -></DT -><DT ->11.4.4. <A -HREF="winbind.html#AEN1455" ->User and Group ID Allocation</A -></DT -><DT ->11.4.5. <A -HREF="winbind.html#AEN1459" ->Result Caching</A -></DT -></DL -></DD -><DT ->11.5. <A -HREF="winbind.html#AEN1462" ->Installation and Configuration</A -></DT -><DD -><DL -><DT ->11.5.1. <A -HREF="winbind.html#AEN1469" ->Introduction</A -></DT -><DT ->11.5.2. <A -HREF="winbind.html#AEN1482" ->Requirements</A -></DT -><DT ->11.5.3. <A -HREF="winbind.html#AEN1496" ->Testing Things Out</A -></DT -></DL -></DD -><DT ->11.6. <A -HREF="winbind.html#AEN1711" ->Limitations</A -></DT -><DT ->11.7. <A -HREF="winbind.html#AEN1721" ->Conclusion</A -></DT -></DL -></DD -><DT ->12. <A -HREF="samba-pdc.html" ->How to Configure Samba 2.2 as a Primary Domain Controller</A -></DT -><DD -><DL -><DT ->12.1. <A -HREF="samba-pdc.html#AEN1741" ->Prerequisite Reading</A -></DT -><DT ->12.2. <A -HREF="samba-pdc.html#AEN1747" ->Background</A -></DT -><DT ->12.3. <A -HREF="samba-pdc.html#AEN1786" ->Configuring the Samba Domain Controller</A -></DT -><DT ->12.4. <A -HREF="samba-pdc.html#AEN1829" ->Creating Machine Trust Accounts and Joining Clients to the -Domain</A -></DT -><DD -><DL -><DT ->12.4.1. <A -HREF="samba-pdc.html#AEN1848" ->Manual Creation of Machine Trust Accounts</A -></DT -><DT ->12.4.2. <A -HREF="samba-pdc.html#AEN1883" ->"On-the-Fly" Creation of Machine Trust Accounts</A -></DT -><DT ->12.4.3. <A -HREF="samba-pdc.html#AEN1892" ->Joining the Client to the Domain</A -></DT -></DL -></DD -><DT ->12.5. <A -HREF="samba-pdc.html#AEN1907" ->Common Problems and Errors</A -></DT -><DT ->12.6. <A -HREF="samba-pdc.html#AEN1955" ->System Policies and Profiles</A -></DT -><DT ->12.7. <A -HREF="samba-pdc.html#AEN1999" ->What other help can I get?</A -></DT -><DT ->12.8. <A -HREF="samba-pdc.html#AEN2113" ->Domain Control for Windows 9x/ME</A -></DT -><DD -><DL -><DT ->12.8.1. <A -HREF="samba-pdc.html#AEN2139" ->Configuration Instructions: Network Logons</A -></DT -><DT ->12.8.2. <A -HREF="samba-pdc.html#AEN2158" ->Configuration Instructions: Setting up Roaming User Profiles</A -></DT -></DL -></DD -><DT ->12.9. <A -HREF="samba-pdc.html#AEN2251" ->DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A -></DT -></DL -></DD -><DT ->13. <A -HREF="samba-bdc.html" ->How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A -></DT -><DD -><DL -><DT ->13.1. <A -HREF="samba-bdc.html#AEN2287" ->Prerequisite Reading</A -></DT -><DT ->13.2. <A -HREF="samba-bdc.html#AEN2291" ->Background</A -></DT -><DT ->13.3. <A -HREF="samba-bdc.html#AEN2299" ->What qualifies a Domain Controller on the network?</A -></DT -><DD -><DL -><DT ->13.3.1. <A -HREF="samba-bdc.html#AEN2302" ->How does a Workstation find its domain controller?</A -></DT -><DT ->13.3.2. <A -HREF="samba-bdc.html#AEN2305" ->When is the PDC needed?</A -></DT -></DL -></DD -><DT ->13.4. <A -HREF="samba-bdc.html#AEN2308" ->Can Samba be a Backup Domain Controller?</A -></DT -><DT ->13.5. <A -HREF="samba-bdc.html#AEN2312" ->How do I set up a Samba BDC?</A -></DT -><DD -><DL -><DT ->13.5.1. <A -HREF="samba-bdc.html#AEN2329" ->How do I replicate the smbpasswd file?</A -></DT -></DL -></DD -></DL -></DD -><DT ->14. <A -HREF="samba-ldap-howto.html" ->Storing Samba's User/Machine Account information in an LDAP Directory</A -></DT -><DD -><DL -><DT ->14.1. <A -HREF="samba-ldap-howto.html#AEN2350" ->Purpose</A -></DT -><DT ->14.2. <A -HREF="samba-ldap-howto.html#AEN2370" ->Introduction</A -></DT -><DT ->14.3. <A -HREF="samba-ldap-howto.html#AEN2399" ->Supported LDAP Servers</A -></DT -><DT ->14.4. <A -HREF="samba-ldap-howto.html#AEN2404" ->Schema and Relationship to the RFC 2307 posixAccount</A -></DT -><DT ->14.5. <A -HREF="samba-ldap-howto.html#AEN2416" ->Configuring Samba with LDAP</A -></DT -><DD -><DL -><DT ->14.5.1. <A -HREF="samba-ldap-howto.html#AEN2418" ->OpenLDAP configuration</A -></DT -><DT ->14.5.2. <A -HREF="samba-ldap-howto.html#AEN2435" ->Configuring Samba</A -></DT -></DL -></DD -><DT ->14.6. <A -HREF="samba-ldap-howto.html#AEN2463" ->Accounts and Groups management</A -></DT -><DT ->14.7. <A -HREF="samba-ldap-howto.html#AEN2468" ->Security and sambaAccount</A -></DT -><DT ->14.8. <A -HREF="samba-ldap-howto.html#AEN2488" ->LDAP specials attributes for sambaAccounts</A -></DT -><DT ->14.9. <A -HREF="samba-ldap-howto.html#AEN2558" ->Example LDIF Entries for a sambaAccount</A -></DT -><DT ->14.10. <A -HREF="samba-ldap-howto.html#AEN2566" ->Comments</A -></DT -></DL -></DD -><DT ->15. <A -HREF="improved-browsing.html" ->Improved browsing in samba</A -></DT -><DD -><DL -><DT ->15.1. <A -HREF="improved-browsing.html#AEN2577" ->Overview of browsing</A -></DT -><DT ->15.2. <A -HREF="improved-browsing.html#AEN2581" ->Browsing support in samba</A -></DT -><DT ->15.3. <A -HREF="improved-browsing.html#AEN2590" ->Problem resolution</A -></DT -><DT ->15.4. <A -HREF="improved-browsing.html#AEN2597" ->Browsing across subnets</A -></DT -><DD -><DL -><DT ->15.4.1. <A -HREF="improved-browsing.html#AEN2602" ->How does cross subnet browsing work ?</A -></DT -></DL -></DD -><DT ->15.5. <A -HREF="improved-browsing.html#AEN2637" ->Setting up a WINS server</A -></DT -><DT ->15.6. <A -HREF="improved-browsing.html#AEN2656" ->Setting up Browsing in a WORKGROUP</A -></DT -><DT ->15.7. <A -HREF="improved-browsing.html#AEN2674" ->Setting up Browsing in a DOMAIN</A -></DT -><DT ->15.8. <A -HREF="improved-browsing.html#AEN2684" ->Forcing samba to be the master</A -></DT -><DT ->15.9. <A -HREF="improved-browsing.html#AEN2693" ->Making samba the domain master</A -></DT -><DT ->15.10. <A -HREF="improved-browsing.html#AEN2711" ->Note about broadcast addresses</A -></DT -><DT ->15.11. <A -HREF="improved-browsing.html#AEN2714" ->Multiple interfaces</A -></DT -></DL -></DD -><DT ->16. <A -HREF="speed.html" ->Samba performance issues</A -></DT -><DD -><DL -><DT ->16.1. <A -HREF="speed.html#AEN2732" ->Comparisons</A -></DT -><DT ->16.2. <A -HREF="speed.html#AEN2738" ->Oplocks</A -></DT -><DD -><DL -><DT ->16.2.1. <A -HREF="speed.html#AEN2740" ->Overview</A -></DT -><DT ->16.2.2. <A -HREF="speed.html#AEN2748" ->Level2 Oplocks</A -></DT -><DT ->16.2.3. <A -HREF="speed.html#AEN2754" ->Old 'fake oplocks' option - deprecated</A -></DT -></DL -></DD -><DT ->16.3. <A -HREF="speed.html#AEN2758" ->Socket options</A -></DT -><DT ->16.4. <A -HREF="speed.html#AEN2765" ->Read size</A -></DT -><DT ->16.5. <A -HREF="speed.html#AEN2770" ->Max xmit</A -></DT -><DT ->16.6. <A -HREF="speed.html#AEN2775" ->Locking</A -></DT -><DT ->16.7. <A -HREF="speed.html#AEN2779" ->Share modes</A -></DT -><DT ->16.8. <A -HREF="speed.html#AEN2784" ->Log level</A -></DT -><DT ->16.9. <A -HREF="speed.html#AEN2787" ->Wide lines</A -></DT -><DT ->16.10. <A -HREF="speed.html#AEN2790" ->Read raw</A -></DT -><DT ->16.11. <A -HREF="speed.html#AEN2795" ->Write raw</A -></DT -><DT ->16.12. <A -HREF="speed.html#AEN2799" ->Read prediction</A -></DT -><DT ->16.13. <A -HREF="speed.html#AEN2806" ->Memory mapping</A -></DT -><DT ->16.14. <A -HREF="speed.html#AEN2811" ->Slow Clients</A -></DT -><DT ->16.15. <A -HREF="speed.html#AEN2815" ->Slow Logins</A -></DT -><DT ->16.16. <A -HREF="speed.html#AEN2818" ->Client tuning</A -></DT -><DT ->16.17. <A -HREF="speed.html#AEN2850" ->My Results</A -></DT -></DL -></DD -><DT ->17. <A -HREF="other-clients.html" ->Samba and other CIFS clients</A -></DT -><DD -><DL -><DT ->17.1. <A -HREF="other-clients.html#AEN2871" ->Macintosh clients?</A -></DT -><DT ->17.2. <A -HREF="other-clients.html#AEN2880" ->OS2 Client</A -></DT -><DD -><DL -><DT ->17.2.1. <A -HREF="other-clients.html#AEN2882" ->How can I configure OS/2 Warp Connect or - OS/2 Warp 4 as a client for Samba?</A -></DT -><DT ->17.2.2. <A -HREF="other-clients.html#AEN2897" ->How can I configure OS/2 Warp 3 (not Connect), - OS/2 1.2, 1.3 or 2.x for Samba?</A -></DT -><DT ->17.2.3. <A -HREF="other-clients.html#AEN2906" ->Are there any other issues when OS/2 (any version) - is used as a client?</A -></DT -><DT ->17.2.4. <A -HREF="other-clients.html#AEN2910" ->How do I get printer driver download working - for OS/2 clients?</A -></DT -></DL -></DD -><DT ->17.3. <A -HREF="other-clients.html#AEN2920" ->Windows for Workgroups</A -></DT -><DD -><DL -><DT ->17.3.1. <A -HREF="other-clients.html#AEN2922" ->Use latest TCP/IP stack from Microsoft</A -></DT -><DT ->17.3.2. <A -HREF="other-clients.html#AEN2927" ->Delete .pwl files after password change</A -></DT -><DT ->17.3.3. <A -HREF="other-clients.html#AEN2932" ->Configure WfW password handling</A -></DT -><DT ->17.3.4. <A -HREF="other-clients.html#AEN2936" ->Case handling of passwords</A -></DT -></DL -></DD -><DT ->17.4. <A -HREF="other-clients.html#AEN2941" ->Windows '95/'98</A -></DT -><DT ->17.5. <A -HREF="other-clients.html#AEN2957" ->Windows 2000 Service Pack 2</A -></DT -></DL -></DD -><DT ->18. <A -HREF="cvs-access.html" ->HOWTO Access Samba source code via CVS</A -></DT -><DD -><DL -><DT ->18.1. <A -HREF="cvs-access.html#AEN2981" ->Introduction</A -></DT -><DT ->18.2. <A -HREF="cvs-access.html#AEN2986" ->CVS Access to samba.org</A -></DT -><DD -><DL -><DT ->18.2.1. <A -HREF="cvs-access.html#AEN2989" ->Access via CVSweb</A -></DT -><DT ->18.2.2. <A -HREF="cvs-access.html#AEN2994" ->Access via cvs</A -></DT -></DL -></DD -></DL -></DD -><DT ->19. <A -HREF="bugreport.html" ->Reporting Bugs</A -></DT -><DD -><DL -><DT ->19.1. <A -HREF="bugreport.html#AEN3029" ->Introduction</A -></DT -><DT ->19.2. <A -HREF="bugreport.html#AEN3036" ->General info</A -></DT -><DT ->19.3. <A -HREF="bugreport.html#AEN3042" ->Debug levels</A -></DT -><DT ->19.4. <A -HREF="bugreport.html#AEN3059" ->Internal errors</A -></DT -><DT ->19.5. <A -HREF="bugreport.html#AEN3069" ->Attaching to a running process</A -></DT -><DT ->19.6. <A -HREF="bugreport.html#AEN3072" ->Patches</A -></DT -></DL -></DD -><DT ->20. <A -HREF="groupmapping.html" ->Group mapping HOWTO</A -></DT -><DT ->21. <A -HREF="portability.html" ->Portability</A -></DT -><DD -><DL -><DT ->21.1. <A -HREF="portability.html#AEN3119" ->HPUX</A -></DT -><DT ->21.2. <A -HREF="portability.html#AEN3124" ->SCO Unix</A -></DT -><DT ->21.3. <A -HREF="portability.html#AEN3128" ->DNIX</A -></DT -></DL -></DD -></DL -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -> </TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="install.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -> </TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->How to Install and Test SAMBA</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/ads.html b/docs/htmldocs/ads.html new file mode 100644 index 0000000000..fc6b78b32c --- /dev/null +++ b/docs/htmldocs/ads.html @@ -0,0 +1,423 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Samba as a ADS domain member</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="UP" +TITLE="Type of installation" +HREF="p544.html"><LINK +REL="PREVIOUS" +TITLE="How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain" +HREF="samba-bdc.html"><LINK +REL="NEXT" +TITLE="Samba as a NT4 domain member" +HREF="domain-security.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="samba-bdc.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="domain-security.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="ADS" +></A +>Chapter 8. Samba as a ADS domain member</H1 +><P +>This is a VERY ROUGH guide to setting up the current (November 2001) +pre-alpha version of Samba 3.0 with kerberos authentication against a +Windows2000 KDC. The procedures listed here are likely to change as +the code develops.</P +><P +>Pieces you need before you begin: +<P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>a Windows 2000 server.</TD +></TR +><TR +><TD +>samba 3.0 or higher.</TD +></TR +><TR +><TD +>the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</TD +></TR +><TR +><TD +>the OpenLDAP development libraries.</TD +></TR +></TBODY +></TABLE +><P +></P +></P +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1178" +></A +>8.1. Installing the required packages for Debian</H1 +><P +>On Debian you need to install the following packages: +<P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>libkrb5-dev</TD +></TR +><TR +><TD +>krb5-user</TD +></TR +></TBODY +></TABLE +><P +></P +></P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1184" +></A +>8.2. Installing the required packages for RedHat</H1 +><P +>On RedHat this means you should have at least: +<P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +>krb5-workstation (for kinit)</TD +></TR +><TR +><TD +>krb5-libs (for linking with)</TD +></TR +><TR +><TD +>krb5-devel (because you are compiling from source)</TD +></TR +></TBODY +></TABLE +><P +></P +></P +><P +>in addition to the standard development environment.</P +><P +>Note that these are not standard on a RedHat install, and you may need +to get them off CD2.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1193" +></A +>8.3. Compile Samba</H1 +><P +>If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR.</P +><P +>After you run configure make sure that include/config.h contains + lines like this:</P +><P +><PRE +CLASS="PROGRAMLISTING" +>#define HAVE_KRB5 1 +#define HAVE_LDAP 1</PRE +></P +><P +>If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it.</P +><P +>Then compile and install Samba as usual. You must use at least the + following 3 options in smb.conf:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> realm = YOUR.KERBEROS.REALM + ads server = your.kerberos.server + security = ADS + encrypt passwords = yes</PRE +></P +><P +>Strictly speaking, you can omit the realm name and you can use an IP + address for the ads server. In that case Samba will auto-detect these.</P +><P +>You do *not* need a smbpasswd file, although it won't do any harm + and if you have one then Samba will be able to fall back to normal + password security for older clients. I expect that the above + required options will change soon when we get better active + directory integration.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1205" +></A +>8.4. Setup your /etc/krb5.conf</H1 +><P +>The minimal configuration for krb5.conf is:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> [realms] + YOUR.KERBEROS.REALM = { + kdc = your.kerberos.server + }</PRE +></P +><P +>Test your config by doing a "kinit USERNAME@REALM" and making sure that + your password is accepted by the Win2000 KDC. </P +><P +>NOTE: The realm must be uppercase. </P +><P +>You also must ensure that you can do a reverse DNS lookup on the IP +address of your KDC. Also, the name that this reverse lookup maps to +must either be the netbios name of the KDC (ie. the hostname with no +domain attached) or it can alternatively be the netbios name +followed by the realm. </P +><P +>The easiest way to ensure you get this right is to add a /etc/hosts +entry mapping the IP address of your KDC to its netbios name. If you +don't get this right then you will get a "local error" when you try +to join the realm.</P +><P +>If all you want is kerberos support in smbclient then you can skip +straight to step 5 now. Step 3 is only needed if you want kerberos +support in smbd.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1215" +></A +>8.5. Create the computer account</H1 +><P +>Do a "kinit" as a user that has authority to change arbitrary +passwords on the KDC ("Administrator" is a good choice). Then as a +user that has write permission on the Samba private directory +(usually root) run: +<B +CLASS="COMMAND" +>net ads join</B +></P +><DIV +CLASS="SECT2" +><H2 +CLASS="SECT2" +><A +NAME="AEN1219" +></A +>8.5.1. Possible errors</H2 +><P +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>"bash: kinit: command not found"</DT +><DD +><P +>kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)</P +></DD +><DT +>"ADS support not compiled in"</DT +><DD +><P +>Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed.</P +></DD +></DL +></DIV +></P +></DIV +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1231" +></A +>8.6. Test your server setup</H1 +><P +>On a Windows 2000 client try <B +CLASS="COMMAND" +>net use * \\server\share</B +>. You should +be logged in with kerberos without needing to know a password. If +this fails then run <B +CLASS="COMMAND" +>klist tickets</B +>. Did you get a ticket for the +server? Does it have an encoding type of DES-CBC-MD5 ? </P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1236" +></A +>8.7. Testing with smbclient</H1 +><P +>On your Samba server try to login to a Win2000 server or your Samba +server using smbclient and kerberos. Use smbclient as usual, but +specify the -k option to choose kerberos authentication.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1239" +></A +>8.8. Notes</H1 +><P +>You must change administrator password at least once after DC install, + to create the right encoding types</P +><P +>w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in + their defaults DNS setup. Maybe fixed in service packs?</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="samba-bdc.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="domain-security.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="p544.html" +ACCESSKEY="U" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Samba as a NT4 domain member</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/oplocks.html b/docs/htmldocs/oplocks.html new file mode 100644 index 0000000000..c926f32c14 --- /dev/null +++ b/docs/htmldocs/oplocks.html @@ -0,0 +1,208 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Oplocks</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="UP" +TITLE="General installation" +HREF="p18.html"><LINK +REL="PREVIOUS" +TITLE="Improved browsing in samba" +HREF="improved-browsing.html"><LINK +REL="NEXT" +TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide" +HREF="browsing-quick.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="improved-browsing.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="browsing-quick.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="OPLOCKS" +></A +>Chapter 3. Oplocks</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN377" +></A +>3.1. What are oplocks?</H1 +><P +>When a client opens a file it can request an "oplock" or file +lease. This is (to simplify a bit) a guarentee that no one else +has the file open simultaneously. It allows the client to not +send any updates on the file to the server, thus reducing a +network file access to local access (once the file is in +client cache). An "oplock break" is when the server sends +a request to the client to flush all its changes back to +the server, so the file is in a consistent state for other +opens to succeed. If a client fails to respond to this +asynchronous request then the file can be corrupted. Hence +the "turn off oplocks" answer if people are having multi-user +file access problems.</P +><P +>Unless the kernel is "oplock aware" (SGI IRIX and Linux are +the only two UNIXes that are at the moment) then if a local +UNIX process accesses the file simultaneously then Samba +has no way of telling this is occuring, so the guarentee +to the client is broken. This can corrupt the file. Short +answer - it you have UNIX clients accessing the same file +as smbd locally or via NFS and you're not running Linux or +IRIX then turn off oplocks for that file or share.</P +><P +>"Share modes". These are modes of opening a file, that +guarentee an invarient - such as DENY_WRITE - which means +that if any other opens are requested with write access after +this current open has succeeded then they should be denied +with a "sharing violation" error message. Samba handles these +internally inside smbd. UNIX clients accessing the same file +ignore these invarients. Just proving that if you need simultaneous +file access from a Windows and UNIX client you *must* have an +application that is written to lock records correctly on both +sides. Few applications are written like this, and even fewer +are cross platform (UNIX and Windows) so in practice this isn't +much of a problem.</P +><P +>"Locking". This really means "byte range locking" - such as +lock 10 bytes at file offset 24 for write access. This is the +area in which well written UNIX and Windows apps will cooperate. +Windows locks (at least from NT or above) are 64-bit unsigned +offsets. UNIX locks are either 31 bit or 63 bit and are signed +(the top bit is used for the sign). Samba handles these by +first ensuring that all the Windows locks don't conflict (ie. +if other Windows clients have competing locks then just reject +immediately) - this allows us to support 64-bit Windows locks +on 32-bit filesystems. Secondly any locks that are valid are +then mapped onto UNIX fcntl byte range locks. These are the +locks that will be seen by UNIX processes. If there is a conflict +here the lock is rejected.</P +><P +>Note that if a client has an oplock then it "knows" that no +other client can have the file open so usually doesn't bother +to send to lock request to the server - this means once again +if you need to share files between UNIX and Windows processes +either use IRIX or Linux, or turn off oplocks for these +files/shares.</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="improved-browsing.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="browsing-quick.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Improved browsing in samba</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="p18.html" +ACCESSKEY="U" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/p1346.html b/docs/htmldocs/p1346.html new file mode 100644 index 0000000000..e558561800 --- /dev/null +++ b/docs/htmldocs/p1346.html @@ -0,0 +1,917 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Optional configuration</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="PREVIOUS" +TITLE="Samba as a NT4 domain member" +HREF="domain-security.html"><LINK +REL="NEXT" +TITLE="Integrating MS Windows networks with Samba" +HREF="integrate-ms-networks.html"></HEAD +><BODY +CLASS="PART" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="domain-security.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="integrate-ms-networks.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="PART" +><A +NAME="AEN1346" +></A +><DIV +CLASS="TITLEPAGE" +><H1 +CLASS="TITLE" +>III. Optional configuration</H1 +><DIV +CLASS="PARTINTRO" +><A +NAME="AEN1348" +></A +><H1 +>Introduction</H1 +><P +>Samba has several features that you might want or might not want to use. The chapters in this +part each cover one specific feature.</P +></DIV +><DIV +CLASS="TOC" +><DL +><DT +><B +>Table of Contents</B +></DT +><DT +>10. <A +HREF="integrate-ms-networks.html" +>Integrating MS Windows networks with Samba</A +></DT +><DD +><DL +><DT +>10.1. <A +HREF="integrate-ms-networks.html#AEN1362" +>Agenda</A +></DT +><DT +>10.2. <A +HREF="integrate-ms-networks.html#AEN1384" +>Name Resolution in a pure Unix/Linux world</A +></DT +><DD +><DL +><DT +>10.2.1. <A +HREF="integrate-ms-networks.html#AEN1400" +><TT +CLASS="FILENAME" +>/etc/hosts</TT +></A +></DT +><DT +>10.2.2. <A +HREF="integrate-ms-networks.html#AEN1416" +><TT +CLASS="FILENAME" +>/etc/resolv.conf</TT +></A +></DT +><DT +>10.2.3. <A +HREF="integrate-ms-networks.html#AEN1427" +><TT +CLASS="FILENAME" +>/etc/host.conf</TT +></A +></DT +><DT +>10.2.4. <A +HREF="integrate-ms-networks.html#AEN1435" +><TT +CLASS="FILENAME" +>/etc/nsswitch.conf</TT +></A +></DT +></DL +></DD +><DT +>10.3. <A +HREF="integrate-ms-networks.html#AEN1447" +>Name resolution as used within MS Windows networking</A +></DT +><DD +><DL +><DT +>10.3.1. <A +HREF="integrate-ms-networks.html#AEN1459" +>The NetBIOS Name Cache</A +></DT +><DT +>10.3.2. <A +HREF="integrate-ms-networks.html#AEN1464" +>The LMHOSTS file</A +></DT +><DT +>10.3.3. <A +HREF="integrate-ms-networks.html#AEN1472" +>HOSTS file</A +></DT +><DT +>10.3.4. <A +HREF="integrate-ms-networks.html#AEN1477" +>DNS Lookup</A +></DT +><DT +>10.3.5. <A +HREF="integrate-ms-networks.html#AEN1480" +>WINS Lookup</A +></DT +></DL +></DD +><DT +>10.4. <A +HREF="integrate-ms-networks.html#AEN1492" +>How browsing functions and how to deploy stable and +dependable browsing using Samba</A +></DT +><DT +>10.5. <A +HREF="integrate-ms-networks.html#AEN1502" +>MS Windows security options and how to configure +Samba for seemless integration</A +></DT +><DD +><DL +><DT +>10.5.1. <A +HREF="integrate-ms-networks.html#AEN1530" +>Use MS Windows NT as an authentication server</A +></DT +><DT +>10.5.2. <A +HREF="integrate-ms-networks.html#AEN1538" +>Make Samba a member of an MS Windows NT security domain</A +></DT +><DT +>10.5.3. <A +HREF="integrate-ms-networks.html#AEN1555" +>Configure Samba as an authentication server</A +></DT +></DL +></DD +><DT +>10.6. <A +HREF="integrate-ms-networks.html#AEN1572" +>Conclusions</A +></DT +></DL +></DD +><DT +>11. <A +HREF="unix-permissions.html" +>UNIX Permission Bits and Windows NT Access Control Lists</A +></DT +><DD +><DL +><DT +>11.1. <A +HREF="unix-permissions.html#AEN1593" +>Viewing and changing UNIX permissions using the NT + security dialogs</A +></DT +><DT +>11.2. <A +HREF="unix-permissions.html#AEN1602" +>How to view file security on a Samba share</A +></DT +><DT +>11.3. <A +HREF="unix-permissions.html#AEN1613" +>Viewing file ownership</A +></DT +><DT +>11.4. <A +HREF="unix-permissions.html#AEN1633" +>Viewing file or directory permissions</A +></DT +><DD +><DL +><DT +>11.4.1. <A +HREF="unix-permissions.html#AEN1648" +>File Permissions</A +></DT +><DT +>11.4.2. <A +HREF="unix-permissions.html#AEN1662" +>Directory Permissions</A +></DT +></DL +></DD +><DT +>11.5. <A +HREF="unix-permissions.html#AEN1669" +>Modifying file or directory permissions</A +></DT +><DT +>11.6. <A +HREF="unix-permissions.html#AEN1691" +>Interaction with the standard Samba create mask + parameters</A +></DT +><DT +>11.7. <A +HREF="unix-permissions.html#AEN1755" +>Interaction with the standard Samba file attribute + mapping</A +></DT +></DL +></DD +><DT +>12. <A +HREF="pam.html" +>Configuring PAM for distributed but centrally +managed authentication</A +></DT +><DD +><DL +><DT +>12.1. <A +HREF="pam.html#AEN1776" +>Samba and PAM</A +></DT +><DT +>12.2. <A +HREF="pam.html#AEN1820" +>Distributed Authentication</A +></DT +><DT +>12.3. <A +HREF="pam.html#AEN1827" +>PAM Configuration in smb.conf</A +></DT +></DL +></DD +><DT +>13. <A +HREF="msdfs.html" +>Hosting a Microsoft Distributed File System tree on Samba</A +></DT +><DD +><DL +><DT +>13.1. <A +HREF="msdfs.html#AEN1847" +>Instructions</A +></DT +><DD +><DL +><DT +>13.1.1. <A +HREF="msdfs.html#AEN1882" +>Notes</A +></DT +></DL +></DD +></DL +></DD +><DT +>14. <A +HREF="printing.html" +>Printing Support</A +></DT +><DD +><DL +><DT +>14.1. <A +HREF="printing.html#AEN1908" +>Introduction</A +></DT +><DT +>14.2. <A +HREF="printing.html#AEN1930" +>Configuration</A +></DT +><DD +><DL +><DT +>14.2.1. <A +HREF="printing.html#AEN1938" +>Creating [print$]</A +></DT +><DT +>14.2.2. <A +HREF="printing.html#AEN1973" +>Setting Drivers for Existing Printers</A +></DT +><DT +>14.2.3. <A +HREF="printing.html#AEN1989" +>Support a large number of printers</A +></DT +><DT +>14.2.4. <A +HREF="printing.html#AEN2000" +>Adding New Printers via the Windows NT APW</A +></DT +><DT +>14.2.5. <A +HREF="printing.html#AEN2030" +>Samba and Printer Ports</A +></DT +></DL +></DD +><DT +>14.3. <A +HREF="printing.html#AEN2038" +>The Imprints Toolset</A +></DT +><DD +><DL +><DT +>14.3.1. <A +HREF="printing.html#AEN2042" +>What is Imprints?</A +></DT +><DT +>14.3.2. <A +HREF="printing.html#AEN2052" +>Creating Printer Driver Packages</A +></DT +><DT +>14.3.3. <A +HREF="printing.html#AEN2055" +>The Imprints server</A +></DT +><DT +>14.3.4. <A +HREF="printing.html#AEN2059" +>The Installation Client</A +></DT +></DL +></DD +><DT +>14.4. <A +HREF="printing.html#AEN2081" +>Diagnosis</A +></DT +><DD +><DL +><DT +>14.4.1. <A +HREF="printing.html#AEN2083" +>Introduction</A +></DT +><DT +>14.4.2. <A +HREF="printing.html#AEN2099" +>Debugging printer problems</A +></DT +><DT +>14.4.3. <A +HREF="printing.html#AEN2108" +>What printers do I have?</A +></DT +><DT +>14.4.4. <A +HREF="printing.html#AEN2116" +>Setting up printcap and print servers</A +></DT +><DT +>14.4.5. <A +HREF="printing.html#AEN2144" +>Job sent, no output</A +></DT +><DT +>14.4.6. <A +HREF="printing.html#AEN2155" +>Job sent, strange output</A +></DT +><DT +>14.4.7. <A +HREF="printing.html#AEN2167" +>Raw PostScript printed</A +></DT +><DT +>14.4.8. <A +HREF="printing.html#AEN2170" +>Advanced Printing</A +></DT +><DT +>14.4.9. <A +HREF="printing.html#AEN2173" +>Real debugging</A +></DT +></DL +></DD +></DL +></DD +><DT +>15. <A +HREF="securitylevels.html" +>Security levels</A +></DT +><DD +><DL +><DT +>15.1. <A +HREF="securitylevels.html#AEN2186" +>Introduction</A +></DT +><DT +>15.2. <A +HREF="securitylevels.html#AEN2197" +>More complete description of security levels</A +></DT +></DL +></DD +><DT +>16. <A +HREF="winbind.html" +>Unified Logons between Windows NT and UNIX using Winbind</A +></DT +><DD +><DL +><DT +>16.1. <A +HREF="winbind.html#AEN2249" +>Abstract</A +></DT +><DT +>16.2. <A +HREF="winbind.html#AEN2253" +>Introduction</A +></DT +><DT +>16.3. <A +HREF="winbind.html#AEN2266" +>What Winbind Provides</A +></DT +><DD +><DL +><DT +>16.3.1. <A +HREF="winbind.html#AEN2273" +>Target Uses</A +></DT +></DL +></DD +><DT +>16.4. <A +HREF="winbind.html#AEN2277" +>How Winbind Works</A +></DT +><DD +><DL +><DT +>16.4.1. <A +HREF="winbind.html#AEN2282" +>Microsoft Remote Procedure Calls</A +></DT +><DT +>16.4.2. <A +HREF="winbind.html#AEN2286" +>Name Service Switch</A +></DT +><DT +>16.4.3. <A +HREF="winbind.html#AEN2302" +>Pluggable Authentication Modules</A +></DT +><DT +>16.4.4. <A +HREF="winbind.html#AEN2310" +>User and Group ID Allocation</A +></DT +><DT +>16.4.5. <A +HREF="winbind.html#AEN2314" +>Result Caching</A +></DT +></DL +></DD +><DT +>16.5. <A +HREF="winbind.html#AEN2317" +>Installation and Configuration</A +></DT +><DD +><DL +><DT +>16.5.1. <A +HREF="winbind.html#AEN2324" +>Introduction</A +></DT +><DT +>16.5.2. <A +HREF="winbind.html#AEN2337" +>Requirements</A +></DT +><DT +>16.5.3. <A +HREF="winbind.html#AEN2351" +>Testing Things Out</A +></DT +></DL +></DD +><DT +>16.6. <A +HREF="winbind.html#AEN2566" +>Limitations</A +></DT +><DT +>16.7. <A +HREF="winbind.html#AEN2576" +>Conclusion</A +></DT +></DL +></DD +><DT +>17. <A +HREF="pdb-mysql.html" +>Passdb MySQL plugin</A +></DT +><DD +><DL +><DT +>17.1. <A +HREF="pdb-mysql.html#AEN2590" +>Building</A +></DT +><DT +>17.2. <A +HREF="pdb-mysql.html#AEN2596" +>Configuring</A +></DT +><DT +>17.3. <A +HREF="pdb-mysql.html#AEN2611" +>Using plaintext passwords or encrypted password</A +></DT +><DT +>17.4. <A +HREF="pdb-mysql.html#AEN2616" +>Getting non-column data from the table</A +></DT +></DL +></DD +><DT +>18. <A +HREF="pdb-xml.html" +>Passdb XML plugin</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="pdb-xml.html#AEN2635" +>Building</A +></DT +><DT +>18.2. <A +HREF="pdb-xml.html#AEN2641" +>Usage</A +></DT +></DL +></DD +><DT +>19. <A +HREF="samba-ldap-howto.html" +>Storing Samba's User/Machine Account information in an LDAP Directory</A +></DT +><DD +><DL +><DT +>19.1. <A +HREF="samba-ldap-howto.html#AEN2664" +>Purpose</A +></DT +><DT +>19.2. <A +HREF="samba-ldap-howto.html#AEN2684" +>Introduction</A +></DT +><DT +>19.3. <A +HREF="samba-ldap-howto.html#AEN2713" +>Supported LDAP Servers</A +></DT +><DT +>19.4. <A +HREF="samba-ldap-howto.html#AEN2718" +>Schema and Relationship to the RFC 2307 posixAccount</A +></DT +><DT +>19.5. <A +HREF="samba-ldap-howto.html#AEN2730" +>Configuring Samba with LDAP</A +></DT +><DD +><DL +><DT +>19.5.1. <A +HREF="samba-ldap-howto.html#AEN2732" +>OpenLDAP configuration</A +></DT +><DT +>19.5.2. <A +HREF="samba-ldap-howto.html#AEN2749" +>Configuring Samba</A +></DT +></DL +></DD +><DT +>19.6. <A +HREF="samba-ldap-howto.html#AEN2777" +>Accounts and Groups management</A +></DT +><DT +>19.7. <A +HREF="samba-ldap-howto.html#AEN2782" +>Security and sambaAccount</A +></DT +><DT +>19.8. <A +HREF="samba-ldap-howto.html#AEN2802" +>LDAP specials attributes for sambaAccounts</A +></DT +><DT +>19.9. <A +HREF="samba-ldap-howto.html#AEN2872" +>Example LDIF Entries for a sambaAccount</A +></DT +><DT +>19.10. <A +HREF="samba-ldap-howto.html#AEN2880" +>Comments</A +></DT +></DL +></DD +><DT +>20. <A +HREF="cvs-access.html" +>HOWTO Access Samba source code via CVS</A +></DT +><DD +><DL +><DT +>20.1. <A +HREF="cvs-access.html#AEN2891" +>Introduction</A +></DT +><DT +>20.2. <A +HREF="cvs-access.html#AEN2896" +>CVS Access to samba.org</A +></DT +><DD +><DL +><DT +>20.2.1. <A +HREF="cvs-access.html#AEN2899" +>Access via CVSweb</A +></DT +><DT +>20.2.2. <A +HREF="cvs-access.html#AEN2904" +>Access via cvs</A +></DT +></DL +></DD +></DL +></DD +><DT +>21. <A +HREF="groupmapping.html" +>Group mapping HOWTO</A +></DT +><DT +>22. <A +HREF="speed.html" +>Samba performance issues</A +></DT +><DD +><DL +><DT +>22.1. <A +HREF="speed.html#AEN2982" +>Comparisons</A +></DT +><DT +>22.2. <A +HREF="speed.html#AEN2988" +>Oplocks</A +></DT +><DD +><DL +><DT +>22.2.1. <A +HREF="speed.html#AEN2990" +>Overview</A +></DT +><DT +>22.2.2. <A +HREF="speed.html#AEN2998" +>Level2 Oplocks</A +></DT +><DT +>22.2.3. <A +HREF="speed.html#AEN3004" +>Old 'fake oplocks' option - deprecated</A +></DT +></DL +></DD +><DT +>22.3. <A +HREF="speed.html#AEN3008" +>Socket options</A +></DT +><DT +>22.4. <A +HREF="speed.html#AEN3015" +>Read size</A +></DT +><DT +>22.5. <A +HREF="speed.html#AEN3020" +>Max xmit</A +></DT +><DT +>22.6. <A +HREF="speed.html#AEN3025" +>Locking</A +></DT +><DT +>22.7. <A +HREF="speed.html#AEN3029" +>Share modes</A +></DT +><DT +>22.8. <A +HREF="speed.html#AEN3034" +>Log level</A +></DT +><DT +>22.9. <A +HREF="speed.html#AEN3037" +>Wide lines</A +></DT +><DT +>22.10. <A +HREF="speed.html#AEN3040" +>Read raw</A +></DT +><DT +>22.11. <A +HREF="speed.html#AEN3045" +>Write raw</A +></DT +><DT +>22.12. <A +HREF="speed.html#AEN3049" +>Read prediction</A +></DT +><DT +>22.13. <A +HREF="speed.html#AEN3056" +>Memory mapping</A +></DT +><DT +>22.14. <A +HREF="speed.html#AEN3061" +>Slow Clients</A +></DT +><DT +>22.15. <A +HREF="speed.html#AEN3065" +>Slow Logins</A +></DT +><DT +>22.16. <A +HREF="speed.html#AEN3068" +>Client tuning</A +></DT +><DT +>22.17. <A +HREF="speed.html#AEN3100" +>My Results</A +></DT +></DL +></DD +></DL +></DIV +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="domain-security.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="integrate-ms-networks.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Samba as a NT4 domain member</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Integrating MS Windows networks with Samba</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/p18.html b/docs/htmldocs/p18.html new file mode 100644 index 0000000000..a8f2a3c53c --- /dev/null +++ b/docs/htmldocs/p18.html @@ -0,0 +1,438 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>General installation</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="PREVIOUS" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="NEXT" +TITLE="How to Install and Test SAMBA" +HREF="install.html"></HEAD +><BODY +CLASS="PART" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="install.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="PART" +><A +NAME="AEN18" +></A +><DIV +CLASS="TITLEPAGE" +><H1 +CLASS="TITLE" +>I. General installation</H1 +><DIV +CLASS="PARTINTRO" +><A +NAME="AEN20" +></A +><H1 +>Introduction</H1 +><P +>This part contains general info on how to install samba +and how to configure the parts of samba you will most likely need. +PLEASE read this.</P +></DIV +><DIV +CLASS="TOC" +><DL +><DT +><B +>Table of Contents</B +></DT +><DT +>1. <A +HREF="install.html" +>How to Install and Test SAMBA</A +></DT +><DD +><DL +><DT +>1.1. <A +HREF="install.html#AEN25" +>Read the man pages</A +></DT +><DT +>1.2. <A +HREF="install.html#AEN35" +>Building the Binaries</A +></DT +><DT +>1.3. <A +HREF="install.html#AEN63" +>The all important step</A +></DT +><DT +>1.4. <A +HREF="install.html#AEN67" +>Create the smb configuration file.</A +></DT +><DT +>1.5. <A +HREF="install.html#AEN81" +>Test your config file with + <B +CLASS="COMMAND" +>testparm</B +></A +></DT +><DT +>1.6. <A +HREF="install.html#AEN89" +>Starting the smbd and nmbd</A +></DT +><DD +><DL +><DT +>1.6.1. <A +HREF="install.html#AEN99" +>Starting from inetd.conf</A +></DT +><DT +>1.6.2. <A +HREF="install.html#AEN128" +>Alternative: starting it as a daemon</A +></DT +></DL +></DD +><DT +>1.7. <A +HREF="install.html#AEN144" +>Try listing the shares available on your + server</A +></DT +><DT +>1.8. <A +HREF="install.html#AEN153" +>Try connecting with the unix client</A +></DT +><DT +>1.9. <A +HREF="install.html#AEN169" +>Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client</A +></DT +><DT +>1.10. <A +HREF="install.html#AEN183" +>What If Things Don't Work?</A +></DT +><DD +><DL +><DT +>1.10.1. <A +HREF="install.html#AEN188" +>Diagnosing Problems</A +></DT +><DT +>1.10.2. <A +HREF="install.html#AEN192" +>Scope IDs</A +></DT +><DT +>1.10.3. <A +HREF="install.html#AEN195" +>Choosing the Protocol Level</A +></DT +><DT +>1.10.4. <A +HREF="install.html#AEN204" +>Printing from UNIX to a Client PC</A +></DT +><DT +>1.10.5. <A +HREF="install.html#AEN209" +>Locking</A +></DT +><DT +>1.10.6. <A +HREF="install.html#AEN218" +>Mapping Usernames</A +></DT +></DL +></DD +></DL +></DD +><DT +>2. <A +HREF="improved-browsing.html" +>Improved browsing in samba</A +></DT +><DD +><DL +><DT +>2.1. <A +HREF="improved-browsing.html#AEN228" +>Overview of browsing</A +></DT +><DT +>2.2. <A +HREF="improved-browsing.html#AEN232" +>Browsing support in samba</A +></DT +><DT +>2.3. <A +HREF="improved-browsing.html#AEN241" +>Problem resolution</A +></DT +><DT +>2.4. <A +HREF="improved-browsing.html#AEN248" +>Browsing across subnets</A +></DT +><DD +><DL +><DT +>2.4.1. <A +HREF="improved-browsing.html#AEN253" +>How does cross subnet browsing work ?</A +></DT +></DL +></DD +><DT +>2.5. <A +HREF="improved-browsing.html#AEN288" +>Setting up a WINS server</A +></DT +><DT +>2.6. <A +HREF="improved-browsing.html#AEN307" +>Setting up Browsing in a WORKGROUP</A +></DT +><DT +>2.7. <A +HREF="improved-browsing.html#AEN325" +>Setting up Browsing in a DOMAIN</A +></DT +><DT +>2.8. <A +HREF="improved-browsing.html#AEN335" +>Forcing samba to be the master</A +></DT +><DT +>2.9. <A +HREF="improved-browsing.html#AEN344" +>Making samba the domain master</A +></DT +><DT +>2.10. <A +HREF="improved-browsing.html#AEN362" +>Note about broadcast addresses</A +></DT +><DT +>2.11. <A +HREF="improved-browsing.html#AEN365" +>Multiple interfaces</A +></DT +></DL +></DD +><DT +>3. <A +HREF="oplocks.html" +>Oplocks</A +></DT +><DD +><DL +><DT +>3.1. <A +HREF="oplocks.html#AEN377" +>What are oplocks?</A +></DT +></DL +></DD +><DT +>4. <A +HREF="browsing-quick.html" +>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A +></DT +><DD +><DL +><DT +>4.1. <A +HREF="browsing-quick.html#AEN392" +>Discussion</A +></DT +><DT +>4.2. <A +HREF="browsing-quick.html#AEN400" +>Use of the "Remote Announce" parameter</A +></DT +><DT +>4.3. <A +HREF="browsing-quick.html#AEN414" +>Use of the "Remote Browse Sync" parameter</A +></DT +><DT +>4.4. <A +HREF="browsing-quick.html#AEN419" +>Use of WINS</A +></DT +><DT +>4.5. <A +HREF="browsing-quick.html#AEN430" +>Do NOT use more than one (1) protocol on MS Windows machines</A +></DT +><DT +>4.6. <A +HREF="browsing-quick.html#AEN436" +>Name Resolution Order</A +></DT +></DL +></DD +><DT +>5. <A +HREF="pwencrypt.html" +>LanMan and NT Password Encryption in Samba</A +></DT +><DD +><DL +><DT +>5.1. <A +HREF="pwencrypt.html#AEN472" +>Introduction</A +></DT +><DT +>5.2. <A +HREF="pwencrypt.html#AEN477" +>Important Notes About Security</A +></DT +><DD +><DL +><DT +>5.2.1. <A +HREF="pwencrypt.html#AEN496" +>Advantages of SMB Encryption</A +></DT +><DT +>5.2.2. <A +HREF="pwencrypt.html#AEN503" +>Advantages of non-encrypted passwords</A +></DT +></DL +></DD +><DT +>5.3. <A +HREF="pwencrypt.html#AEN512" +>The smbpasswd Command</A +></DT +></DL +></DD +></DL +></DIV +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="install.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>SAMBA Project Documentation</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>How to Install and Test SAMBA</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/p3106.html b/docs/htmldocs/p3106.html new file mode 100644 index 0000000000..9967d8fb59 --- /dev/null +++ b/docs/htmldocs/p3106.html @@ -0,0 +1,391 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Appendixes</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="PREVIOUS" +TITLE="Samba performance issues" +HREF="speed.html"><LINK +REL="NEXT" +TITLE="Portability" +HREF="portability.html"></HEAD +><BODY +CLASS="PART" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="speed.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="portability.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="PART" +><A +NAME="AEN3106" +></A +><DIV +CLASS="TITLEPAGE" +><H1 +CLASS="TITLE" +>IV. Appendixes</H1 +><DIV +CLASS="TOC" +><DL +><DT +><B +>Table of Contents</B +></DT +><DT +>23. <A +HREF="portability.html" +>Portability</A +></DT +><DD +><DL +><DT +>23.1. <A +HREF="portability.html#AEN3115" +>HPUX</A +></DT +><DT +>23.2. <A +HREF="portability.html#AEN3121" +>SCO Unix</A +></DT +><DT +>23.3. <A +HREF="portability.html#AEN3125" +>DNIX</A +></DT +><DT +>23.4. <A +HREF="portability.html#AEN3154" +>RedHat Linux Rembrandt-II</A +></DT +></DL +></DD +><DT +>24. <A +HREF="other-clients.html" +>Samba and other CIFS clients</A +></DT +><DD +><DL +><DT +>24.1. <A +HREF="other-clients.html#AEN3175" +>Macintosh clients?</A +></DT +><DT +>24.2. <A +HREF="other-clients.html#AEN3184" +>OS2 Client</A +></DT +><DD +><DL +><DT +>24.2.1. <A +HREF="other-clients.html#AEN3186" +>How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?</A +></DT +><DT +>24.2.2. <A +HREF="other-clients.html#AEN3201" +>How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?</A +></DT +><DT +>24.2.3. <A +HREF="other-clients.html#AEN3210" +>Are there any other issues when OS/2 (any version) + is used as a client?</A +></DT +><DT +>24.2.4. <A +HREF="other-clients.html#AEN3214" +>How do I get printer driver download working + for OS/2 clients?</A +></DT +></DL +></DD +><DT +>24.3. <A +HREF="other-clients.html#AEN3224" +>Windows for Workgroups</A +></DT +><DD +><DL +><DT +>24.3.1. <A +HREF="other-clients.html#AEN3226" +>Use latest TCP/IP stack from Microsoft</A +></DT +><DT +>24.3.2. <A +HREF="other-clients.html#AEN3231" +>Delete .pwl files after password change</A +></DT +><DT +>24.3.3. <A +HREF="other-clients.html#AEN3236" +>Configure WfW password handling</A +></DT +><DT +>24.3.4. <A +HREF="other-clients.html#AEN3240" +>Case handling of passwords</A +></DT +></DL +></DD +><DT +>24.4. <A +HREF="other-clients.html#AEN3245" +>Windows '95/'98</A +></DT +><DT +>24.5. <A +HREF="other-clients.html#AEN3261" +>Windows 2000 Service Pack 2</A +></DT +></DL +></DD +><DT +>25. <A +HREF="bugreport.html" +>Reporting Bugs</A +></DT +><DD +><DL +><DT +>25.1. <A +HREF="bugreport.html#AEN3285" +>Introduction</A +></DT +><DT +>25.2. <A +HREF="bugreport.html#AEN3295" +>General info</A +></DT +><DT +>25.3. <A +HREF="bugreport.html#AEN3301" +>Debug levels</A +></DT +><DT +>25.4. <A +HREF="bugreport.html#AEN3318" +>Internal errors</A +></DT +><DT +>25.5. <A +HREF="bugreport.html#AEN3328" +>Attaching to a running process</A +></DT +><DT +>25.6. <A +HREF="bugreport.html#AEN3331" +>Patches</A +></DT +></DL +></DD +><DT +>26. <A +HREF="diagnosis.html" +>Diagnosing your samba server</A +></DT +><DD +><DL +><DT +>26.1. <A +HREF="diagnosis.html#AEN3354" +>Introduction</A +></DT +><DT +>26.2. <A +HREF="diagnosis.html#AEN3359" +>Assumptions</A +></DT +><DT +>26.3. <A +HREF="diagnosis.html#AEN3369" +>Tests</A +></DT +><DD +><DL +><DT +>26.3.1. <A +HREF="diagnosis.html#AEN3371" +>Test 1</A +></DT +><DT +>26.3.2. <A +HREF="diagnosis.html#AEN3377" +>Test 2</A +></DT +><DT +>26.3.3. <A +HREF="diagnosis.html#AEN3383" +>Test 3</A +></DT +><DT +>26.3.4. <A +HREF="diagnosis.html#AEN3398" +>Test 4</A +></DT +><DT +>26.3.5. <A +HREF="diagnosis.html#AEN3403" +>Test 5</A +></DT +><DT +>26.3.6. <A +HREF="diagnosis.html#AEN3409" +>Test 6</A +></DT +><DT +>26.3.7. <A +HREF="diagnosis.html#AEN3417" +>Test 7</A +></DT +><DT +>26.3.8. <A +HREF="diagnosis.html#AEN3443" +>Test 8</A +></DT +><DT +>26.3.9. <A +HREF="diagnosis.html#AEN3460" +>Test 9</A +></DT +><DT +>26.3.10. <A +HREF="diagnosis.html#AEN3468" +>Test 10</A +></DT +><DT +>26.3.11. <A +HREF="diagnosis.html#AEN3474" +>Test 11</A +></DT +></DL +></DD +><DT +>26.4. <A +HREF="diagnosis.html#AEN3479" +>Still having troubles?</A +></DT +></DL +></DD +></DL +></DIV +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="speed.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="portability.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Samba performance issues</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Portability</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/p544.html b/docs/htmldocs/p544.html new file mode 100644 index 0000000000..502d978b5f --- /dev/null +++ b/docs/htmldocs/p544.html @@ -0,0 +1,388 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Type of installation</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="PREVIOUS" +TITLE="LanMan and NT Password Encryption in Samba" +HREF="pwencrypt.html"><LINK +REL="NEXT" +TITLE="How to Configure Samba as a NT4 Primary Domain Controller" +HREF="samba-pdc.html"></HEAD +><BODY +CLASS="PART" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="pwencrypt.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="samba-pdc.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="PART" +><A +NAME="AEN544" +></A +><DIV +CLASS="TITLEPAGE" +><H1 +CLASS="TITLE" +>II. Type of installation</H1 +><DIV +CLASS="PARTINTRO" +><A +NAME="AEN546" +></A +><H1 +>Introduction</H1 +><P +>This part contains information on using samba in a (NT 4 or ADS) domain. +If you wish to run samba as a domain member or DC, read the appropriate chapter in +this part.</P +></DIV +><DIV +CLASS="TOC" +><DL +><DT +><B +>Table of Contents</B +></DT +><DT +>6. <A +HREF="samba-pdc.html" +>How to Configure Samba as a NT4 Primary Domain Controller</A +></DT +><DD +><DL +><DT +>6.1. <A +HREF="samba-pdc.html#AEN566" +>Prerequisite Reading</A +></DT +><DT +>6.2. <A +HREF="samba-pdc.html#AEN572" +>Background</A +></DT +><DT +>6.3. <A +HREF="samba-pdc.html#AEN611" +>Configuring the Samba Domain Controller</A +></DT +><DT +>6.4. <A +HREF="samba-pdc.html#AEN654" +>Creating Machine Trust Accounts and Joining Clients to the +Domain</A +></DT +><DD +><DL +><DT +>6.4.1. <A +HREF="samba-pdc.html#AEN673" +>Manual Creation of Machine Trust Accounts</A +></DT +><DT +>6.4.2. <A +HREF="samba-pdc.html#AEN714" +>"On-the-Fly" Creation of Machine Trust Accounts</A +></DT +><DT +>6.4.3. <A +HREF="samba-pdc.html#AEN723" +>Joining the Client to the Domain</A +></DT +></DL +></DD +><DT +>6.5. <A +HREF="samba-pdc.html#AEN738" +>Common Problems and Errors</A +></DT +><DT +>6.6. <A +HREF="samba-pdc.html#AEN786" +>System Policies and Profiles</A +></DT +><DT +>6.7. <A +HREF="samba-pdc.html#AEN830" +>What other help can I get?</A +></DT +><DT +>6.8. <A +HREF="samba-pdc.html#AEN944" +>Domain Control for Windows 9x/ME</A +></DT +><DD +><DL +><DT +>6.8.1. <A +HREF="samba-pdc.html#AEN970" +>Configuration Instructions: Network Logons</A +></DT +><DT +>6.8.2. <A +HREF="samba-pdc.html#AEN989" +>Configuration Instructions: Setting up Roaming User Profiles</A +></DT +></DL +></DD +><DT +>6.9. <A +HREF="samba-pdc.html#AEN1082" +>DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A +></DT +></DL +></DD +><DT +>7. <A +HREF="samba-bdc.html" +>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A +></DT +><DD +><DL +><DT +>7.1. <A +HREF="samba-bdc.html#AEN1118" +>Prerequisite Reading</A +></DT +><DT +>7.2. <A +HREF="samba-bdc.html#AEN1122" +>Background</A +></DT +><DT +>7.3. <A +HREF="samba-bdc.html#AEN1130" +>What qualifies a Domain Controller on the network?</A +></DT +><DD +><DL +><DT +>7.3.1. <A +HREF="samba-bdc.html#AEN1133" +>How does a Workstation find its domain controller?</A +></DT +><DT +>7.3.2. <A +HREF="samba-bdc.html#AEN1136" +>When is the PDC needed?</A +></DT +></DL +></DD +><DT +>7.4. <A +HREF="samba-bdc.html#AEN1139" +>Can Samba be a Backup Domain Controller?</A +></DT +><DT +>7.5. <A +HREF="samba-bdc.html#AEN1143" +>How do I set up a Samba BDC?</A +></DT +><DD +><DL +><DT +>7.5.1. <A +HREF="samba-bdc.html#AEN1160" +>How do I replicate the smbpasswd file?</A +></DT +></DL +></DD +></DL +></DD +><DT +>8. <A +HREF="ads.html" +>Samba as a ADS domain member</A +></DT +><DD +><DL +><DT +>8.1. <A +HREF="ads.html#AEN1178" +>Installing the required packages for Debian</A +></DT +><DT +>8.2. <A +HREF="ads.html#AEN1184" +>Installing the required packages for RedHat</A +></DT +><DT +>8.3. <A +HREF="ads.html#AEN1193" +>Compile Samba</A +></DT +><DT +>8.4. <A +HREF="ads.html#AEN1205" +>Setup your /etc/krb5.conf</A +></DT +><DT +>8.5. <A +HREF="ads.html#AEN1215" +>Create the computer account</A +></DT +><DD +><DL +><DT +>8.5.1. <A +HREF="ads.html#AEN1219" +>Possible errors</A +></DT +></DL +></DD +><DT +>8.6. <A +HREF="ads.html#AEN1231" +>Test your server setup</A +></DT +><DT +>8.7. <A +HREF="ads.html#AEN1236" +>Testing with smbclient</A +></DT +><DT +>8.8. <A +HREF="ads.html#AEN1239" +>Notes</A +></DT +></DL +></DD +><DT +>9. <A +HREF="domain-security.html" +>Samba as a NT4 domain member</A +></DT +><DD +><DL +><DT +>9.1. <A +HREF="domain-security.html#AEN1261" +>Joining an NT Domain with Samba 2.2</A +></DT +><DT +>9.2. <A +HREF="domain-security.html#AEN1325" +>Samba and Windows 2000 Domains</A +></DT +><DT +>9.3. <A +HREF="domain-security.html#AEN1330" +>Why is this better than security = server?</A +></DT +></DL +></DD +></DL +></DIV +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="pwencrypt.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="samba-pdc.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>LanMan and NT Password Encryption in Samba</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>How to Configure Samba as a NT4 Primary Domain Controller</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/pdb-mysql.html b/docs/htmldocs/pdb-mysql.html new file mode 100644 index 0000000000..33ccd322a3 --- /dev/null +++ b/docs/htmldocs/pdb-mysql.html @@ -0,0 +1,286 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Passdb MySQL plugin</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="UP" +TITLE="Optional configuration" +HREF="p1346.html"><LINK +REL="PREVIOUS" +TITLE="Unified Logons between Windows NT and UNIX using Winbind" +HREF="winbind.html"><LINK +REL="NEXT" +TITLE="Passdb XML plugin" +HREF="pdb-xml.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="winbind.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="pdb-xml.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="PDB-MYSQL" +></A +>Chapter 17. Passdb MySQL plugin</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN2590" +></A +>17.1. Building</H1 +><P +>To build the plugin, run <B +CLASS="COMMAND" +>make bin/pdb_mysql.so</B +> +in the <TT +CLASS="FILENAME" +>source/</TT +> directory of samba distribution. </P +><P +>Next, copy pdb_mysql.so to any location you want. I +strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN2596" +></A +>17.2. Configuring</H1 +><P +>This plugin lacks some good documentation, but here is some short info:</P +><P +>Add a the following to the <B +CLASS="COMMAND" +>passdb backend</B +> variable in your <TT +CLASS="FILENAME" +>smb.conf</TT +>: +<PRE +CLASS="PROGRAMLISTING" +>passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE +></P +><P +>The identifier can be any string you like, as long as it doesn't collide with +the identifiers of other plugins or other instances of pdb_mysql. If you +specify multiple pdb_mysql.so entries in 'passdb backend', you also need to +use different identifiers!</P +><P +>Additional options can be given thru the smb.conf file in the [global] section.</P +><P +><PRE +CLASS="PROGRAMLISTING" +>identifier:mysql host - host name, defaults to 'localhost' +identifier:mysql password +identifier:mysql user - defaults to 'samba' +identifier:mysql database - defaults to 'samba' +identifier:mysql port - defaults to 3306 +identifier:table - Name of the table containing users</PRE +></P +><P +>Names of the columns in this table(I've added column types those columns should have first):</P +><P +><PRE +CLASS="PROGRAMLISTING" +>identifier:logon time column - int(9) +identifier:logoff time column - int(9) +identifier:kickoff time column - int(9) +identifier:pass last set time column - int(9) +identifier:pass can change time column - int(9) +identifier:pass must change time column - int(9) +identifier:username column - varchar(255) - unix username +identifier:domain column - varchar(255) - NT domain user is part of +identifier:nt username column - varchar(255) - NT username +identifier:fullname column - varchar(255) - Full name of user +identifier:home dir column - varchar(255) - Unix homedir path +identifier:dir drive column - varchar(2) - Directory drive path (eg: 'H:') +identifier:logon script column - varchar(255) - Batch file to run on client side when logging on +identifier:profile path column - varchar(255) - Path of profile +identifier:acct desc column - varchar(255) - Some ASCII NT user data +identifier:workstations column - varchar(255) - Workstations user can logon to (or NULL for all) +identifier:unknown string column - varchar(255) - unknown string +identifier:munged dial column - varchar(255) - ? +identifier:uid column - int(9) - Unix user ID (uid) +identifier:gid column - int(9) - Unix user group (gid) +identifier:user sid column - varchar(255) - NT user SID +identifier:group sid column - varchar(255) - NT group ID +identifier:lanman pass column - varchar(255) - encrypted lanman password +identifier:nt pass column - varchar(255) - encrypted nt passwd +identifier:plaintext pass column - varchar(255) - plaintext password +identifier:acct control column - int(9) - nt user data +identifier:unknown 3 column - int(9) - unknown +identifier:logon divs column - int(9) - ? +identifier:hours len column - int(9) - ? +identifier:unknown 5 column - int(9) - unknown +identifier:unknown 6 column - int(9) - unknown</PRE +></P +><P +>Eventually, you can put a colon (:) after the name of each column, which +should specify the column to update when updating the table. You can also +specify nothing behind the colon - then the data from the field will not be +updated. </P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN2611" +></A +>17.3. Using plaintext passwords or encrypted password</H1 +><P +>I strongly discourage the use of plaintext passwords, however, you can use them:</P +><P +>If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plaintext pass column' to the name of the column containing the plaintext passwords. </P +><P +>If you use encrypted passwords, set the 'identifier:plaintext pass column' to 'NULL' (without the quotes). This is the default.</P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN2616" +></A +>17.4. Getting non-column data from the table</H1 +><P +>It is possible to have not all data in the database and making some 'constant'.</P +><P +>For example, you can set 'identifier:fullname column' to : +<B +CLASS="COMMAND" +>CONCAT(First_name,' ',Sur_name)</B +></P +><P +>Or, set 'identifier:workstations column' to : +<B +CLASS="COMMAND" +>NULL</B +></P +><P +>See the MySQL documentation for more language constructs.</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="winbind.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="pdb-xml.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Unified Logons between Windows NT and UNIX using Winbind</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="p1346.html" +ACCESSKEY="U" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Passdb XML plugin</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/pdb-xml.html b/docs/htmldocs/pdb-xml.html new file mode 100644 index 0000000000..75abfc5a81 --- /dev/null +++ b/docs/htmldocs/pdb-xml.html @@ -0,0 +1,189 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>Passdb XML plugin</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="UP" +TITLE="Optional configuration" +HREF="p1346.html"><LINK +REL="PREVIOUS" +TITLE="Passdb MySQL plugin" +HREF="pdb-mysql.html"><LINK +REL="NEXT" +TITLE="Storing Samba's User/Machine Account information in an LDAP Directory" +HREF="samba-ldap-howto.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="pdb-mysql.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="samba-ldap-howto.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="PDB-XML" +></A +>Chapter 18. Passdb XML plugin</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN2635" +></A +>18.1. Building</H1 +><P +>This module requires libxml2 to be installed.</P +><P +>To build pdb_xml, run: <B +CLASS="COMMAND" +>make bin/pdb_xml.so</B +> in +the directory <TT +CLASS="FILENAME" +>source/</TT +>. </P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN2641" +></A +>18.2. Usage</H1 +><P +>The usage of pdb_xml is pretty straightforward. To export data, use: + +<B +CLASS="COMMAND" +>pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</B +> + +(where filename is the name of the file to put the data in)</P +><P +>To import data, use: +<B +CLASS="COMMAND" +>pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</B +> + +Where filename is the name to read the data from and current-pdb to put it in.</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="pdb-mysql.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="samba-ldap-howto.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Passdb MySQL plugin</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="p1346.html" +ACCESSKEY="U" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Storing Samba's User/Machine Account information in an LDAP Directory</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/printingdebug.html b/docs/htmldocs/printingdebug.html deleted file mode 100644 index 0b99407257..0000000000 --- a/docs/htmldocs/printingdebug.html +++ /dev/null @@ -1,522 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Debugging Printing Problems</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Optional configuration" -HREF="p1342.html"><LINK -REL="PREVIOUS" -TITLE="Printing Support" -HREF="printing.html"><LINK -REL="NEXT" -TITLE="Security levels" -HREF="securitylevels.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="printing.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="securitylevels.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="PRINTINGDEBUG" -></A ->Chapter 15. Debugging Printing Problems</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2081" -></A ->15.1. Introduction</H1 -><P ->This is a short description of how to debug printing problems with -Samba. This describes how to debug problems with printing from a SMB -client to a Samba server, not the other way around. For the reverse -see the examples/printing directory.</P -><P ->Ok, so you want to print to a Samba server from your PC. The first -thing you need to understand is that Samba does not actually do any -printing itself, it just acts as a middleman between your PC client -and your Unix printing subsystem. Samba receives the file from the PC -then passes the file to a external "print command". What print command -you use is up to you.</P -><P ->The whole things is controlled using options in smb.conf. The most -relevant options (which you should look up in the smb.conf man page) -are:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> [global] - print command - send a file to a spooler - lpq command - get spool queue status - lprm command - remove a job - [printers] - path = /var/spool/lpd/samba</PRE -></P -><P ->The following are nice to know about:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> queuepause command - stop a printer or print queue - queueresume command - start a printer or print queue</PRE -></P -><P ->Example:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> print command = /usr/bin/lpr -r -P%p %s - lpq command = /usr/bin/lpq -P%p %s - lprm command = /usr/bin/lprm -P%p %j - queuepause command = /usr/sbin/lpc -P%p stop - queuepause command = /usr/sbin/lpc -P%p start</PRE -></P -><P ->Samba should set reasonable defaults for these depending on your -system type, but it isn't clairvoyant. It is not uncommon that you -have to tweak these for local conditions. The commands should -always have fully specified pathnames, as the smdb may not have -the correct PATH values.</P -><P ->When you send a job to Samba to be printed, it will make a temporary -copy of it in the directory specified in the [printers] section. -and it should be periodically cleaned out. The lpr -r option -requests that the temporary copy be removed after printing; If -printing fails then you might find leftover files in this directory, -and it should be periodically cleaned out. Samba used the lpq -command to determine the "job number" assigned to your print job -by the spooler.</P -><P ->The %>letter< are "macros" that get dynamically replaced with appropriate -values when they are used. The %s gets replaced with the name of the spool -file that Samba creates and the %p gets replaced with the name of the -printer. The %j gets replaced with the "job number" which comes from -the lpq output.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2097" -></A ->15.2. Debugging printer problems</H1 -><P ->One way to debug printing problems is to start by replacing these -command with shell scripts that record the arguments and the contents -of the print file. A simple example of this kind of things might -be:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> print command = /tmp/saveprint %p %s - - #!/bin/saveprint - # we make sure that we are the right user - /usr/bin/id -p >/tmp/tmp.print - # we run the command and save the error messages - # replace the command with the one appropriate for your system - /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print</PRE -></P -><P ->Then you print a file and try removing it. You may find that the -print queue needs to be stopped in order to see the queue status -and remove the job:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> h4: {42} % echo hi >/tmp/hi -h4: {43} % smbclient //localhost/lw4 -added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0 -Password: -Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7] -smb: \> print /tmp/hi -putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s) -smb: \> queue -1049 3 hi-17534 -smb: \> cancel 1049 -Error cancelling job 1049 : code 0 -smb: \> cancel 1049 -Job 1049 cancelled -smb: \> queue -smb: \> exit</PRE -></P -><P ->The 'code 0' indicates that the job was removed. The comment -by the smbclient is a bit misleading on this. -You can observe the command output and then and look at the -/tmp/tmp.print file to see what the results are. You can quickly -find out if the problem is with your printing system. Often people -have problems with their /etc/printcap file or permissions on -various print queues.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2106" -></A ->15.3. What printers do I have?</H1 -><P ->You can use the 'testprns' program to check to see if the printer -name you are using is recognized by Samba. For example, you can -use:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> testprns printer /etc/printcap</PRE -></P -><P ->Samba can get its printcap information from a file or from a program. -You can try the following to see the format of the extracted -information:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> testprns -a printer /etc/printcap - - testprns -a printer '|/bin/cat printcap'</PRE -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2114" -></A ->15.4. Setting up printcap and print servers</H1 -><P ->You may need to set up some printcaps for your Samba system to use. -It is strongly recommended that you use the facilities provided by -the print spooler to set up queues and printcap information.</P -><P ->Samba requires either a printcap or program to deliver printcap -information. This printcap information has the format:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> name|alias1|alias2...:option=value:...</PRE -></P -><P ->For almost all printing systems, the printer 'name' must be composed -only of alphanumeric or underscore '_' characters. Some systems also -allow hyphens ('-') as well. An alias is an alternative name for the -printer, and an alias with a space in it is used as a 'comment' -about the printer. The printcap format optionally uses a \ at the end of lines -to extend the printcap to multiple lines.</P -><P ->Here are some examples of printcap files:</P -><P -><P -></P -><OL -TYPE="1" -><LI -><P ->pr just printer name</P -></LI -><LI -><P ->pr|alias printer name and alias</P -></LI -><LI -><P ->pr|My Printer printer name, alias used as comment</P -></LI -><LI -><P ->pr:sh:\ Same as pr:sh:cm= testing - :cm= \ - testing</P -></LI -><LI -><P ->pr:sh Same as pr:sh:cm= testing - :cm= testing</P -></LI -></OL -></P -><P ->Samba reads the printcap information when first started. If you make -changes in the printcap information, then you must do the following:</P -><P -></P -><OL -TYPE="1" -><LI -><P ->make sure that the print spooler is aware of these changes. -The LPRng system uses the 'lpc reread' command to do this.</P -></LI -><LI -><P ->make sure that the spool queues, etc., exist and have the -correct permissions. The LPRng system uses the 'checkpc -f' -command to do this.</P -></LI -><LI -><P ->You now should send a SIGHUP signal to the smbd server to have -it reread the printcap information.</P -></LI -></OL -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2142" -></A ->15.5. Job sent, no output</H1 -><P ->This is the most frustrating part of printing. You may have sent the -job, verified that the job was forwarded, set up a wrapper around -the command to send the file, but there was no output from the printer.</P -><P ->First, check to make sure that the job REALLY is getting to the -right print queue. If you are using a BSD or LPRng print spooler, -you can temporarily stop the printing of jobs. Jobs can still be -submitted, but they will not be printed. Use:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> lpc -Pprinter stop</PRE -></P -><P ->Now submit a print job and then use 'lpq -Pprinter' to see if the -job is in the print queue. If it is not in the print queue then -you will have to find out why it is not being accepted for printing.</P -><P ->Next, you may want to check to see what the format of the job really -was. With the assistance of the system administrator you can view -the submitted jobs files. You may be surprised to find that these -are not in what you would expect to call a printable format. -You can use the UNIX 'file' utitily to determine what the job -format actually is:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> cd /var/spool/lpd/printer # spool directory of print jobs - ls # find job files - file dfA001myhost</PRE -></P -><P ->You should make sure that your printer supports this format OR that -your system administrator has installed a 'print filter' that will -convert the file to a format appropriate for your printer.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2153" -></A ->15.6. Job sent, strange output</H1 -><P ->Once you have the job printing, you can then start worrying about -making it print nicely.</P -><P ->The most common problem is extra pages of output: banner pages -OR blank pages at the end.</P -><P ->If you are getting banner pages, check and make sure that the -printcap option or printer option is configured for no banners. -If you have a printcap, this is the :sh (suppress header or banner -page) option. You should have the following in your printer.</P -><P -><PRE -CLASS="PROGRAMLISTING" -> printer: ... :sh</PRE -></P -><P ->If you have this option and are still getting banner pages, there -is a strong chance that your printer is generating them for you -automatically. You should make sure that banner printing is disabled -for the printer. This usually requires using the printer setup software -or procedures supplied by the printer manufacturer.</P -><P ->If you get an extra page of output, this could be due to problems -with your job format, or if you are generating PostScript jobs, -incorrect setting on your printer driver on the MicroSoft client. -For example, under Win95 there is a option:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|</PRE -></P -><P ->that allows you to choose if a Ctrl-D is appended to all jobs. -This is a very bad thing to do, as most spooling systems will -automatically add a ^D to the end of the job if it is detected as -PostScript. The multiple ^D may cause an additional page of output.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2165" -></A ->15.7. Raw PostScript printed</H1 -><P ->This is a problem that is usually caused by either the print spooling -system putting information at the start of the print job that makes -the printer think the job is a text file, or your printer simply -does not support PostScript. You may need to enable 'Automatic -Format Detection' on your printer.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2168" -></A ->15.8. Advanced Printing</H1 -><P ->Note that you can do some pretty magic things by using your -imagination with the "print command" option and some shell scripts. -Doing print accounting is easy by passing the %U option to a print -command shell script. You could even make the print command detect -the type of output and its size and send it to an appropriate -printer.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2171" -></A ->15.9. Real debugging</H1 -><P ->If the above debug tips don't help, then maybe you need to bring in -the bug guns, system tracing. See Tracing.txt in this directory.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="printing.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="securitylevels.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Printing Support</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="p1342.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Security levels</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/pwencrypt.html b/docs/htmldocs/pwencrypt.html new file mode 100644 index 0000000000..81c709a4ff --- /dev/null +++ b/docs/htmldocs/pwencrypt.html @@ -0,0 +1,445 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>LanMan and NT Password Encryption in Samba</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="UP" +TITLE="General installation" +HREF="p18.html"><LINK +REL="PREVIOUS" +TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide" +HREF="browsing-quick.html"><LINK +REL="NEXT" +TITLE="Type of installation" +HREF="p544.html"></HEAD +><BODY +CLASS="CHAPTER" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="browsing-quick.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="p544.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="CHAPTER" +><H1 +><A +NAME="PWENCRYPT" +></A +>Chapter 5. LanMan and NT Password Encryption in Samba</H1 +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN472" +></A +>5.1. Introduction</H1 +><P +>Newer windows clients send encrypted passwords over + the wire, instead of plain text passwords. The newest clients + will only send encrypted passwords and refuse to send plain text + passwords, unless their registry is tweaked.</P +><P +>These passwords can't be converted to unix style encrypted + passwords. Because of that you can't use the standard unix + user database, and you have to store the Lanman and NT hashes + somewhere else. For more information, see the documentation + about the <B +CLASS="COMMAND" +>passdb backend = </B +> parameter. + </P +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN477" +></A +>5.2. Important Notes About Security</H1 +><P +>The unix and SMB password encryption techniques seem similar + on the surface. This similarity is, however, only skin deep. The unix + scheme typically sends clear text passwords over the network when + logging in. This is bad. The SMB encryption scheme never sends the + cleartext password over the network but it does store the 16 byte + hashed values on disk. This is also bad. Why? Because the 16 byte hashed + values are a "password equivalent". You cannot derive the user's + password from them, but they could potentially be used in a modified + client to gain access to a server. This would require considerable + technical knowledge on behalf of the attacker but is perfectly possible. + You should thus treat the smbpasswd file as though it contained the + cleartext passwords of all your users. Its contents must be kept + secret, and the file should be protected accordingly.</P +><P +>Ideally we would like a password scheme which neither requires + plain text passwords on the net or on disk. Unfortunately this + is not available as Samba is stuck with being compatible with + other SMB systems (WinNT, WfWg, Win95 etc). </P +><DIV +CLASS="WARNING" +><P +></P +><TABLE +CLASS="WARNING" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/warning.gif" +HSPACE="5" +ALT="Warning"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Note that Windows NT 4.0 Service pack 3 changed the + default for permissible authentication so that plaintext + passwords are <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>never</I +></SPAN +> sent over the wire. + The solution to this is either to switch to encrypted passwords + with Samba or edit the Windows NT registry to re-enable plaintext + passwords. See the document WinNT.txt for details on how to do + this.</P +><P +>Other Microsoft operating systems which also exhibit + this behavior includes</P +><P +></P +><UL +><LI +><P +>MS DOS Network client 3.0 with + the basic network redirector installed</P +></LI +><LI +><P +>Windows 95 with the network redirector + update installed</P +></LI +><LI +><P +>Windows 98 [se]</P +></LI +><LI +><P +>Windows 2000</P +></LI +></UL +><P +><SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Note :</I +></SPAN +>All current release of + Microsoft SMB/CIFS clients support authentication via the + SMB Challenge/Response mechanism described here. Enabling + clear text authentication does not disable the ability + of the client to participate in encrypted authentication.</P +></TD +></TR +></TABLE +></DIV +><DIV +CLASS="SECT2" +><H2 +CLASS="SECT2" +><A +NAME="AEN496" +></A +>5.2.1. Advantages of SMB Encryption</H2 +><P +></P +><UL +><LI +><P +>plain text passwords are not passed across + the network. Someone using a network sniffer cannot just + record passwords going to the SMB server.</P +></LI +><LI +><P +>WinNT doesn't like talking to a server + that isn't using SMB encrypted passwords. It will refuse + to browse the server if the server is also in user level + security mode. It will insist on prompting the user for the + password on each connection, which is very annoying. The + only things you can do to stop this is to use SMB encryption. + </P +></LI +></UL +></DIV +><DIV +CLASS="SECT2" +><H2 +CLASS="SECT2" +><A +NAME="AEN503" +></A +>5.2.2. Advantages of non-encrypted passwords</H2 +><P +></P +><UL +><LI +><P +>plain text passwords are not kept + on disk. </P +></LI +><LI +><P +>uses same password file as other unix + services such as login and ftp</P +></LI +><LI +><P +>you are probably already using other + services (such as telnet and ftp) which send plain text + passwords over the net, so sending them for SMB isn't + such a big deal.</P +></LI +></UL +></DIV +></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN512" +></A +>5.3. The smbpasswd Command</H1 +><P +>The smbpasswd command maintains the two 32 byte password fields + in the smbpasswd file. If you wish to make it similar to the unix + <B +CLASS="COMMAND" +>passwd</B +> or <B +CLASS="COMMAND" +>yppasswd</B +> programs, + install it in <TT +CLASS="FILENAME" +>/usr/local/samba/bin/</TT +> (or your + main Samba binary directory).</P +><P +><B +CLASS="COMMAND" +>smbpasswd</B +> now works in a client-server mode + where it contacts the local smbd to change the user's password on its + behalf. This has enormous benefits - as follows.</P +><P +><B +CLASS="COMMAND" +>smbpasswd</B +> now has the capability + to change passwords on Windows NT servers (this only works when + the request is sent to the NT Primary Domain Controller if you + are changing an NT Domain user's password).</P +><P +>To run smbpasswd as a normal user just type :</P +><P +><TT +CLASS="PROMPT" +>$ </TT +><TT +CLASS="USERINPUT" +><B +>smbpasswd</B +></TT +></P +><P +><TT +CLASS="PROMPT" +>Old SMB password: </TT +><TT +CLASS="USERINPUT" +><B +><type old value here - + or hit return if there was no old password></B +></TT +></P +><P +><TT +CLASS="PROMPT" +>New SMB Password: </TT +><TT +CLASS="USERINPUT" +><B +><type new value> + </B +></TT +></P +><P +><TT +CLASS="PROMPT" +>Repeat New SMB Password: </TT +><TT +CLASS="USERINPUT" +><B +><re-type new value + </B +></TT +></P +><P +>If the old value does not match the current value stored for + that user, or the two new values do not match each other, then the + password will not be changed.</P +><P +>If invoked by an ordinary user it will only allow the user + to change his or her own Samba password.</P +><P +>If run by the root user smbpasswd may take an optional + argument, specifying the user name whose SMB password you wish to + change. Note that when run as root smbpasswd does not prompt for + or check the old password value, thus allowing root to set passwords + for users who have forgotten their passwords.</P +><P +><B +CLASS="COMMAND" +>smbpasswd</B +> is designed to work in the same way + and be familiar to UNIX users who use the <B +CLASS="COMMAND" +>passwd</B +> or + <B +CLASS="COMMAND" +>yppasswd</B +> commands.</P +><P +>For more details on using <B +CLASS="COMMAND" +>smbpasswd</B +> refer + to the man page which will always be the definitive reference.</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="browsing-quick.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="p544.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="p18.html" +ACCESSKEY="U" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Type of installation</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/samba-howto-collection.html b/docs/htmldocs/samba-howto-collection.html new file mode 100644 index 0000000000..0c5e284757 --- /dev/null +++ b/docs/htmldocs/samba-howto-collection.html @@ -0,0 +1,1117 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>SAMBA Project Documentation</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="NEXT" +TITLE="General installation" +HREF="p18.html"></HEAD +><BODY +CLASS="BOOK" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="BOOK" +><A +NAME="SAMBA-HOWTO-COLLECTION" +></A +><DIV +CLASS="TITLEPAGE" +><H1 +CLASS="TITLE" +><A +NAME="SAMBA-HOWTO-COLLECTION" +></A +>SAMBA Project Documentation</H1 +><H3 +CLASS="AUTHOR" +><A +NAME="AEN4" +></A +>SAMBA Team</H3 +><HR></DIV +><H1 +><A +NAME="AEN8" +></A +>Abstract</H1 +><P +><SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Last Update</I +></SPAN +> : Thu Aug 15 12:48:45 CDT 2002</P +><P +>This book is a collection of HOWTOs added to Samba documentation over the years. +I try to ensure that all are current, but sometimes the is a larger job +than one person can maintain. The most recent version of this document +can be found at <A +HREF="http://www.samba.org/" +TARGET="_top" +>http://www.samba.org/</A +> +on the "Documentation" page. Please send updates to <A +HREF="mailto:jerry@samba.org" +TARGET="_top" +>jerry@samba.org</A +>.</P +><P +>This documentation is distributed under the GNU General Public License (GPL) +version 2. A copy of the license is included with the Samba source +distribution. A copy can be found on-line at <A +HREF="http://www.fsf.org/licenses/gpl.txt" +TARGET="_top" +>http://www.fsf.org/licenses/gpl.txt</A +></P +><P +>Cheers, jerry</P +><DIV +CLASS="TOC" +><DL +><DT +><B +>Table of Contents</B +></DT +><DT +>I. <A +HREF="p18.html" +>General installation</A +></DT +><DD +><DL +><DT +>1. <A +HREF="install.html" +>How to Install and Test SAMBA</A +></DT +><DD +><DL +><DT +>1.1. <A +HREF="install.html#AEN25" +>Read the man pages</A +></DT +><DT +>1.2. <A +HREF="install.html#AEN35" +>Building the Binaries</A +></DT +><DT +>1.3. <A +HREF="install.html#AEN63" +>The all important step</A +></DT +><DT +>1.4. <A +HREF="install.html#AEN67" +>Create the smb configuration file.</A +></DT +><DT +>1.5. <A +HREF="install.html#AEN81" +>Test your config file with + <B +CLASS="COMMAND" +>testparm</B +></A +></DT +><DT +>1.6. <A +HREF="install.html#AEN89" +>Starting the smbd and nmbd</A +></DT +><DT +>1.7. <A +HREF="install.html#AEN144" +>Try listing the shares available on your + server</A +></DT +><DT +>1.8. <A +HREF="install.html#AEN153" +>Try connecting with the unix client</A +></DT +><DT +>1.9. <A +HREF="install.html#AEN169" +>Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client</A +></DT +><DT +>1.10. <A +HREF="install.html#AEN183" +>What If Things Don't Work?</A +></DT +></DL +></DD +><DT +>2. <A +HREF="improved-browsing.html" +>Improved browsing in samba</A +></DT +><DD +><DL +><DT +>2.1. <A +HREF="improved-browsing.html#AEN228" +>Overview of browsing</A +></DT +><DT +>2.2. <A +HREF="improved-browsing.html#AEN232" +>Browsing support in samba</A +></DT +><DT +>2.3. <A +HREF="improved-browsing.html#AEN241" +>Problem resolution</A +></DT +><DT +>2.4. <A +HREF="improved-browsing.html#AEN248" +>Browsing across subnets</A +></DT +><DT +>2.5. <A +HREF="improved-browsing.html#AEN288" +>Setting up a WINS server</A +></DT +><DT +>2.6. <A +HREF="improved-browsing.html#AEN307" +>Setting up Browsing in a WORKGROUP</A +></DT +><DT +>2.7. <A +HREF="improved-browsing.html#AEN325" +>Setting up Browsing in a DOMAIN</A +></DT +><DT +>2.8. <A +HREF="improved-browsing.html#AEN335" +>Forcing samba to be the master</A +></DT +><DT +>2.9. <A +HREF="improved-browsing.html#AEN344" +>Making samba the domain master</A +></DT +><DT +>2.10. <A +HREF="improved-browsing.html#AEN362" +>Note about broadcast addresses</A +></DT +><DT +>2.11. <A +HREF="improved-browsing.html#AEN365" +>Multiple interfaces</A +></DT +></DL +></DD +><DT +>3. <A +HREF="oplocks.html" +>Oplocks</A +></DT +><DD +><DL +><DT +>3.1. <A +HREF="oplocks.html#AEN377" +>What are oplocks?</A +></DT +></DL +></DD +><DT +>4. <A +HREF="browsing-quick.html" +>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A +></DT +><DD +><DL +><DT +>4.1. <A +HREF="browsing-quick.html#AEN392" +>Discussion</A +></DT +><DT +>4.2. <A +HREF="browsing-quick.html#AEN400" +>Use of the "Remote Announce" parameter</A +></DT +><DT +>4.3. <A +HREF="browsing-quick.html#AEN414" +>Use of the "Remote Browse Sync" parameter</A +></DT +><DT +>4.4. <A +HREF="browsing-quick.html#AEN419" +>Use of WINS</A +></DT +><DT +>4.5. <A +HREF="browsing-quick.html#AEN430" +>Do NOT use more than one (1) protocol on MS Windows machines</A +></DT +><DT +>4.6. <A +HREF="browsing-quick.html#AEN436" +>Name Resolution Order</A +></DT +></DL +></DD +><DT +>5. <A +HREF="pwencrypt.html" +>LanMan and NT Password Encryption in Samba</A +></DT +><DD +><DL +><DT +>5.1. <A +HREF="pwencrypt.html#AEN472" +>Introduction</A +></DT +><DT +>5.2. <A +HREF="pwencrypt.html#AEN477" +>Important Notes About Security</A +></DT +><DT +>5.3. <A +HREF="pwencrypt.html#AEN512" +>The smbpasswd Command</A +></DT +></DL +></DD +></DL +></DD +><DT +>II. <A +HREF="p544.html" +>Type of installation</A +></DT +><DD +><DL +><DT +>6. <A +HREF="samba-pdc.html" +>How to Configure Samba as a NT4 Primary Domain Controller</A +></DT +><DD +><DL +><DT +>6.1. <A +HREF="samba-pdc.html#AEN566" +>Prerequisite Reading</A +></DT +><DT +>6.2. <A +HREF="samba-pdc.html#AEN572" +>Background</A +></DT +><DT +>6.3. <A +HREF="samba-pdc.html#AEN611" +>Configuring the Samba Domain Controller</A +></DT +><DT +>6.4. <A +HREF="samba-pdc.html#AEN654" +>Creating Machine Trust Accounts and Joining Clients to the +Domain</A +></DT +><DT +>6.5. <A +HREF="samba-pdc.html#AEN738" +>Common Problems and Errors</A +></DT +><DT +>6.6. <A +HREF="samba-pdc.html#AEN786" +>System Policies and Profiles</A +></DT +><DT +>6.7. <A +HREF="samba-pdc.html#AEN830" +>What other help can I get?</A +></DT +><DT +>6.8. <A +HREF="samba-pdc.html#AEN944" +>Domain Control for Windows 9x/ME</A +></DT +><DT +>6.9. <A +HREF="samba-pdc.html#AEN1082" +>DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A +></DT +></DL +></DD +><DT +>7. <A +HREF="samba-bdc.html" +>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A +></DT +><DD +><DL +><DT +>7.1. <A +HREF="samba-bdc.html#AEN1118" +>Prerequisite Reading</A +></DT +><DT +>7.2. <A +HREF="samba-bdc.html#AEN1122" +>Background</A +></DT +><DT +>7.3. <A +HREF="samba-bdc.html#AEN1130" +>What qualifies a Domain Controller on the network?</A +></DT +><DT +>7.4. <A +HREF="samba-bdc.html#AEN1139" +>Can Samba be a Backup Domain Controller?</A +></DT +><DT +>7.5. <A +HREF="samba-bdc.html#AEN1143" +>How do I set up a Samba BDC?</A +></DT +></DL +></DD +><DT +>8. <A +HREF="ads.html" +>Samba as a ADS domain member</A +></DT +><DD +><DL +><DT +>8.1. <A +HREF="ads.html#AEN1178" +>Installing the required packages for Debian</A +></DT +><DT +>8.2. <A +HREF="ads.html#AEN1184" +>Installing the required packages for RedHat</A +></DT +><DT +>8.3. <A +HREF="ads.html#AEN1193" +>Compile Samba</A +></DT +><DT +>8.4. <A +HREF="ads.html#AEN1205" +>Setup your /etc/krb5.conf</A +></DT +><DT +>8.5. <A +HREF="ads.html#AEN1215" +>Create the computer account</A +></DT +><DT +>8.6. <A +HREF="ads.html#AEN1231" +>Test your server setup</A +></DT +><DT +>8.7. <A +HREF="ads.html#AEN1236" +>Testing with smbclient</A +></DT +><DT +>8.8. <A +HREF="ads.html#AEN1239" +>Notes</A +></DT +></DL +></DD +><DT +>9. <A +HREF="domain-security.html" +>Samba as a NT4 domain member</A +></DT +><DD +><DL +><DT +>9.1. <A +HREF="domain-security.html#AEN1261" +>Joining an NT Domain with Samba 2.2</A +></DT +><DT +>9.2. <A +HREF="domain-security.html#AEN1325" +>Samba and Windows 2000 Domains</A +></DT +><DT +>9.3. <A +HREF="domain-security.html#AEN1330" +>Why is this better than security = server?</A +></DT +></DL +></DD +></DL +></DD +><DT +>III. <A +HREF="p1346.html" +>Optional configuration</A +></DT +><DD +><DL +><DT +>10. <A +HREF="integrate-ms-networks.html" +>Integrating MS Windows networks with Samba</A +></DT +><DD +><DL +><DT +>10.1. <A +HREF="integrate-ms-networks.html#AEN1362" +>Agenda</A +></DT +><DT +>10.2. <A +HREF="integrate-ms-networks.html#AEN1384" +>Name Resolution in a pure Unix/Linux world</A +></DT +><DT +>10.3. <A +HREF="integrate-ms-networks.html#AEN1447" +>Name resolution as used within MS Windows networking</A +></DT +><DT +>10.4. <A +HREF="integrate-ms-networks.html#AEN1492" +>How browsing functions and how to deploy stable and +dependable browsing using Samba</A +></DT +><DT +>10.5. <A +HREF="integrate-ms-networks.html#AEN1502" +>MS Windows security options and how to configure +Samba for seemless integration</A +></DT +><DT +>10.6. <A +HREF="integrate-ms-networks.html#AEN1572" +>Conclusions</A +></DT +></DL +></DD +><DT +>11. <A +HREF="unix-permissions.html" +>UNIX Permission Bits and Windows NT Access Control Lists</A +></DT +><DD +><DL +><DT +>11.1. <A +HREF="unix-permissions.html#AEN1593" +>Viewing and changing UNIX permissions using the NT + security dialogs</A +></DT +><DT +>11.2. <A +HREF="unix-permissions.html#AEN1602" +>How to view file security on a Samba share</A +></DT +><DT +>11.3. <A +HREF="unix-permissions.html#AEN1613" +>Viewing file ownership</A +></DT +><DT +>11.4. <A +HREF="unix-permissions.html#AEN1633" +>Viewing file or directory permissions</A +></DT +><DT +>11.5. <A +HREF="unix-permissions.html#AEN1669" +>Modifying file or directory permissions</A +></DT +><DT +>11.6. <A +HREF="unix-permissions.html#AEN1691" +>Interaction with the standard Samba create mask + parameters</A +></DT +><DT +>11.7. <A +HREF="unix-permissions.html#AEN1755" +>Interaction with the standard Samba file attribute + mapping</A +></DT +></DL +></DD +><DT +>12. <A +HREF="pam.html" +>Configuring PAM for distributed but centrally +managed authentication</A +></DT +><DD +><DL +><DT +>12.1. <A +HREF="pam.html#AEN1776" +>Samba and PAM</A +></DT +><DT +>12.2. <A +HREF="pam.html#AEN1820" +>Distributed Authentication</A +></DT +><DT +>12.3. <A +HREF="pam.html#AEN1827" +>PAM Configuration in smb.conf</A +></DT +></DL +></DD +><DT +>13. <A +HREF="msdfs.html" +>Hosting a Microsoft Distributed File System tree on Samba</A +></DT +><DD +><DL +><DT +>13.1. <A +HREF="msdfs.html#AEN1847" +>Instructions</A +></DT +></DL +></DD +><DT +>14. <A +HREF="printing.html" +>Printing Support</A +></DT +><DD +><DL +><DT +>14.1. <A +HREF="printing.html#AEN1908" +>Introduction</A +></DT +><DT +>14.2. <A +HREF="printing.html#AEN1930" +>Configuration</A +></DT +><DT +>14.3. <A +HREF="printing.html#AEN2038" +>The Imprints Toolset</A +></DT +><DT +>14.4. <A +HREF="printing.html#AEN2081" +>Diagnosis</A +></DT +></DL +></DD +><DT +>15. <A +HREF="securitylevels.html" +>Security levels</A +></DT +><DD +><DL +><DT +>15.1. <A +HREF="securitylevels.html#AEN2186" +>Introduction</A +></DT +><DT +>15.2. <A +HREF="securitylevels.html#AEN2197" +>More complete description of security levels</A +></DT +></DL +></DD +><DT +>16. <A +HREF="winbind.html" +>Unified Logons between Windows NT and UNIX using Winbind</A +></DT +><DD +><DL +><DT +>16.1. <A +HREF="winbind.html#AEN2249" +>Abstract</A +></DT +><DT +>16.2. <A +HREF="winbind.html#AEN2253" +>Introduction</A +></DT +><DT +>16.3. <A +HREF="winbind.html#AEN2266" +>What Winbind Provides</A +></DT +><DT +>16.4. <A +HREF="winbind.html#AEN2277" +>How Winbind Works</A +></DT +><DT +>16.5. <A +HREF="winbind.html#AEN2317" +>Installation and Configuration</A +></DT +><DT +>16.6. <A +HREF="winbind.html#AEN2566" +>Limitations</A +></DT +><DT +>16.7. <A +HREF="winbind.html#AEN2576" +>Conclusion</A +></DT +></DL +></DD +><DT +>17. <A +HREF="pdb-mysql.html" +>Passdb MySQL plugin</A +></DT +><DD +><DL +><DT +>17.1. <A +HREF="pdb-mysql.html#AEN2590" +>Building</A +></DT +><DT +>17.2. <A +HREF="pdb-mysql.html#AEN2596" +>Configuring</A +></DT +><DT +>17.3. <A +HREF="pdb-mysql.html#AEN2611" +>Using plaintext passwords or encrypted password</A +></DT +><DT +>17.4. <A +HREF="pdb-mysql.html#AEN2616" +>Getting non-column data from the table</A +></DT +></DL +></DD +><DT +>18. <A +HREF="pdb-xml.html" +>Passdb XML plugin</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="pdb-xml.html#AEN2635" +>Building</A +></DT +><DT +>18.2. <A +HREF="pdb-xml.html#AEN2641" +>Usage</A +></DT +></DL +></DD +><DT +>19. <A +HREF="samba-ldap-howto.html" +>Storing Samba's User/Machine Account information in an LDAP Directory</A +></DT +><DD +><DL +><DT +>19.1. <A +HREF="samba-ldap-howto.html#AEN2664" +>Purpose</A +></DT +><DT +>19.2. <A +HREF="samba-ldap-howto.html#AEN2684" +>Introduction</A +></DT +><DT +>19.3. <A +HREF="samba-ldap-howto.html#AEN2713" +>Supported LDAP Servers</A +></DT +><DT +>19.4. <A +HREF="samba-ldap-howto.html#AEN2718" +>Schema and Relationship to the RFC 2307 posixAccount</A +></DT +><DT +>19.5. <A +HREF="samba-ldap-howto.html#AEN2730" +>Configuring Samba with LDAP</A +></DT +><DT +>19.6. <A +HREF="samba-ldap-howto.html#AEN2777" +>Accounts and Groups management</A +></DT +><DT +>19.7. <A +HREF="samba-ldap-howto.html#AEN2782" +>Security and sambaAccount</A +></DT +><DT +>19.8. <A +HREF="samba-ldap-howto.html#AEN2802" +>LDAP specials attributes for sambaAccounts</A +></DT +><DT +>19.9. <A +HREF="samba-ldap-howto.html#AEN2872" +>Example LDIF Entries for a sambaAccount</A +></DT +><DT +>19.10. <A +HREF="samba-ldap-howto.html#AEN2880" +>Comments</A +></DT +></DL +></DD +><DT +>20. <A +HREF="cvs-access.html" +>HOWTO Access Samba source code via CVS</A +></DT +><DD +><DL +><DT +>20.1. <A +HREF="cvs-access.html#AEN2891" +>Introduction</A +></DT +><DT +>20.2. <A +HREF="cvs-access.html#AEN2896" +>CVS Access to samba.org</A +></DT +></DL +></DD +><DT +>21. <A +HREF="groupmapping.html" +>Group mapping HOWTO</A +></DT +><DT +>22. <A +HREF="speed.html" +>Samba performance issues</A +></DT +><DD +><DL +><DT +>22.1. <A +HREF="speed.html#AEN2982" +>Comparisons</A +></DT +><DT +>22.2. <A +HREF="speed.html#AEN2988" +>Oplocks</A +></DT +><DT +>22.3. <A +HREF="speed.html#AEN3008" +>Socket options</A +></DT +><DT +>22.4. <A +HREF="speed.html#AEN3015" +>Read size</A +></DT +><DT +>22.5. <A +HREF="speed.html#AEN3020" +>Max xmit</A +></DT +><DT +>22.6. <A +HREF="speed.html#AEN3025" +>Locking</A +></DT +><DT +>22.7. <A +HREF="speed.html#AEN3029" +>Share modes</A +></DT +><DT +>22.8. <A +HREF="speed.html#AEN3034" +>Log level</A +></DT +><DT +>22.9. <A +HREF="speed.html#AEN3037" +>Wide lines</A +></DT +><DT +>22.10. <A +HREF="speed.html#AEN3040" +>Read raw</A +></DT +><DT +>22.11. <A +HREF="speed.html#AEN3045" +>Write raw</A +></DT +><DT +>22.12. <A +HREF="speed.html#AEN3049" +>Read prediction</A +></DT +><DT +>22.13. <A +HREF="speed.html#AEN3056" +>Memory mapping</A +></DT +><DT +>22.14. <A +HREF="speed.html#AEN3061" +>Slow Clients</A +></DT +><DT +>22.15. <A +HREF="speed.html#AEN3065" +>Slow Logins</A +></DT +><DT +>22.16. <A +HREF="speed.html#AEN3068" +>Client tuning</A +></DT +><DT +>22.17. <A +HREF="speed.html#AEN3100" +>My Results</A +></DT +></DL +></DD +></DL +></DD +><DT +>IV. <A +HREF="p3106.html" +>Appendixes</A +></DT +><DD +><DL +><DT +>23. <A +HREF="portability.html" +>Portability</A +></DT +><DD +><DL +><DT +>23.1. <A +HREF="portability.html#AEN3115" +>HPUX</A +></DT +><DT +>23.2. <A +HREF="portability.html#AEN3121" +>SCO Unix</A +></DT +><DT +>23.3. <A +HREF="portability.html#AEN3125" +>DNIX</A +></DT +><DT +>23.4. <A +HREF="portability.html#AEN3154" +>RedHat Linux Rembrandt-II</A +></DT +></DL +></DD +><DT +>24. <A +HREF="other-clients.html" +>Samba and other CIFS clients</A +></DT +><DD +><DL +><DT +>24.1. <A +HREF="other-clients.html#AEN3175" +>Macintosh clients?</A +></DT +><DT +>24.2. <A +HREF="other-clients.html#AEN3184" +>OS2 Client</A +></DT +><DT +>24.3. <A +HREF="other-clients.html#AEN3224" +>Windows for Workgroups</A +></DT +><DT +>24.4. <A +HREF="other-clients.html#AEN3245" +>Windows '95/'98</A +></DT +><DT +>24.5. <A +HREF="other-clients.html#AEN3261" +>Windows 2000 Service Pack 2</A +></DT +></DL +></DD +><DT +>25. <A +HREF="bugreport.html" +>Reporting Bugs</A +></DT +><DD +><DL +><DT +>25.1. <A +HREF="bugreport.html#AEN3285" +>Introduction</A +></DT +><DT +>25.2. <A +HREF="bugreport.html#AEN3295" +>General info</A +></DT +><DT +>25.3. <A +HREF="bugreport.html#AEN3301" +>Debug levels</A +></DT +><DT +>25.4. <A +HREF="bugreport.html#AEN3318" +>Internal errors</A +></DT +><DT +>25.5. <A +HREF="bugreport.html#AEN3328" +>Attaching to a running process</A +></DT +><DT +>25.6. <A +HREF="bugreport.html#AEN3331" +>Patches</A +></DT +></DL +></DD +><DT +>26. <A +HREF="diagnosis.html" +>Diagnosing your samba server</A +></DT +><DD +><DL +><DT +>26.1. <A +HREF="diagnosis.html#AEN3354" +>Introduction</A +></DT +><DT +>26.2. <A +HREF="diagnosis.html#AEN3359" +>Assumptions</A +></DT +><DT +>26.3. <A +HREF="diagnosis.html#AEN3369" +>Tests</A +></DT +><DT +>26.4. <A +HREF="diagnosis.html#AEN3479" +>Still having troubles?</A +></DT +></DL +></DD +></DL +></DD +></DL +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +> </TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="p18.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +> </TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>General installation</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/samba-pdc.html index ae4f545800..ebf6e85674 100644 --- a/docs/htmldocs/Samba-PDC-HOWTO.html +++ b/docs/htmldocs/samba-pdc.html @@ -1,36 +1,88 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML ><HEAD ><TITLE ->How to Configure Samba 2.2 as a Primary Domain Controller</TITLE +>How to Configure Samba as a NT4 Primary Domain Controller</TITLE ><META NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="samba-howto-collection.html"><LINK +REL="UP" +TITLE="Type of installation" +HREF="p544.html"><LINK +REL="PREVIOUS" +TITLE="Type of installation" +HREF="p544.html"><LINK +REL="NEXT" +TITLE="How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain" +HREF="samba-bdc.html"></HEAD ><BODY -CLASS="ARTICLE" +CLASS="CHAPTER" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV -CLASS="ARTICLE" +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="p544.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="samba-bdc.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV ><DIV -CLASS="TITLEPAGE" +CLASS="CHAPTER" ><H1 -CLASS="TITLE" ><A NAME="SAMBA-PDC" ->How to Configure Samba 2.2 as a Primary Domain Controller</A -></H1 -><HR></DIV +></A +>Chapter 6. How to Configure Samba as a NT4 Primary Domain Controller</H1 ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN3" ->Prerequisite Reading</A -></H1 +NAME="AEN566" +></A +>6.1. Prerequisite Reading</H1 ><P >Before you continue reading in this chapter, please make sure that you are comfortable with configuring basic files services @@ -53,26 +105,45 @@ of this HOWTO Collection.</P ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN9" ->Background</A -></H1 +NAME="AEN572" +></A +>6.2. Background</H1 ><DIV CLASS="NOTE" -><BLOCKQUOTE +><P +></P +><TABLE CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P -><B ->Note: </B +><SPAN +CLASS="emphasis" ><I CLASS="EMPHASIS" >Author's Note:</I +></SPAN > This document is a combination of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". Both documents are superseded by this one.</P -></BLOCKQUOTE +></TD +></TR +></TABLE ></DIV ><P >Versions of Samba prior to release 2.2 had marginal capabilities to act @@ -186,12 +257,12 @@ concepts. They will be mentioned only briefly here.</P ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN48" ->Configuring the Samba Domain Controller</A -></H1 +NAME="AEN611" +></A +>6.3. Configuring the Samba Domain Controller</H1 ><P >The first step in creating a working Samba PDC is to understand the parameters necessary in smb.conf. I will not @@ -398,13 +469,13 @@ Admins" style accounts.</P ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN91" ->Creating Machine Trust Accounts and Joining Clients to the -Domain</A -></H1 +NAME="AEN654" +></A +>6.4. Creating Machine Trust Accounts and Joining Clients to the +Domain</H1 ><P >A machine trust account is a Samba account that is used to authenticate a client machine (rather than a user) to the Samba @@ -472,12 +543,12 @@ CLASS="FILENAME" ></UL ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN110" ->Manual Creation of Machine Trust Accounts</A -></H2 +NAME="AEN673" +></A +>6.4.1. Manual Creation of Machine Trust Accounts</H2 ><P >The first step in manually creating a machine trust account is to manually create the corresponding Unix account in @@ -524,6 +595,26 @@ CLASS="REPLACEABLE" >$</B ></P ><P +>On *BSD systems, this can be done using the 'chpass' utility:</P +><P +><TT +CLASS="PROMPT" +>root# </TT +><B +CLASS="COMMAND" +>chpass -a "<TT +CLASS="REPLACEABLE" +><I +>machine_name</I +></TT +>$:*:101:100::0:0:Workstation <TT +CLASS="REPLACEABLE" +><I +>machine_name</I +></TT +>:/dev/null:/sbin/nologin"</B +></P +><P >The <TT CLASS="FILENAME" >/etc/passwd</TT @@ -601,18 +692,30 @@ CLASS="WARNING" ></P ><TABLE CLASS="WARNING" -BORDER="1" WIDTH="100%" +BORDER="0" ><TR ><TD +WIDTH="25" ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/warning.gif" +HSPACE="5" +ALT="Warning"></TD +><TH +ALIGN="LEFT" +VALIGN="CENTER" ><B >Join the client to the domain immediately</B -></TD +></TH ></TR ><TR ><TD +> </TD +><TD ALIGN="LEFT" +VALIGN="TOP" ><P > Manually creating a machine trust account using this method is the equivalent of creating a machine trust account on a Windows NT PDC using @@ -630,12 +733,12 @@ ALIGN="LEFT" ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN145" ->"On-the-Fly" Creation of Machine Trust Accounts</A -></H2 +NAME="AEN714" +></A +>6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</H2 ><P >The second (and recommended) way of creating machine trust accounts is simply to allow the Samba server to create them as needed when the client @@ -667,12 +770,12 @@ CLASS="PROGRAMLISTING" ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN154" ->Joining the Client to the Domain</A -></H2 +NAME="AEN723" +></A +>6.4.3. Joining the Client to the Domain</H2 ><P >The procedure for joining a client to the domain varies with the version of Windows.</P @@ -681,9 +784,12 @@ version of Windows.</P ><UL ><LI ><P +><SPAN +CLASS="emphasis" ><I CLASS="EMPHASIS" >Windows 2000</I +></SPAN ></P ><P > When the user elects to join the client to a domain, Windows prompts for @@ -706,9 +812,12 @@ CLASS="FILENAME" ></LI ><LI ><P +><SPAN +CLASS="emphasis" ><I CLASS="EMPHASIS" >Windows NT</I +></SPAN ></P ><P > If the machine trust account was created manually, on the @@ -729,12 +838,12 @@ CLASS="EMPHASIS" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN169" ->Common Problems and Errors</A -></H1 +NAME="AEN738" +></A +>6.5. Common Problems and Errors</H1 ><P ></P ><P @@ -742,9 +851,12 @@ NAME="AEN169" ><UL ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >I cannot include a '$' in a machine name.</I +></SPAN > </P ><P @@ -768,11 +880,14 @@ CLASS="COMMAND" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >I get told "You already have a connection to the Domain...." or "Cannot join domain, the credentials supplied conflict with an existing set.." when creating a machine trust account.</I +></SPAN > </P ><P @@ -799,9 +914,12 @@ CLASS="COMMAND" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >The system can not log you on (C000019B)....</I +></SPAN > </P ><P @@ -828,10 +946,13 @@ CLASS="COMMAND" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >The machine trust account for this computer either does not exist or is not accessible.</I +></SPAN > </P ><P @@ -865,10 +986,13 @@ CLASS="PARAMETER" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >When I attempt to login to a Samba Domain from a NT4/W2K workstation, I get a message about my account being disabled.</I +></SPAN > </P ><P @@ -924,12 +1048,12 @@ CLASS="FILENAME" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN217" ->System Policies and Profiles</A -></H1 +NAME="AEN786" +></A +>6.6. System Policies and Profiles</H1 ><P >Much of the information necessary to implement System Policies and Roving User Profiles in a Samba domain is the same as that for @@ -947,9 +1071,12 @@ Profiles and Policies in Windows NT 4.0</A ><UL ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >What about Windows NT Policy Editor?</I +></SPAN > </P ><P @@ -961,14 +1088,20 @@ CLASS="FILENAME" CLASS="COMMAND" >poledit.exe</B > which - is included with NT Server but <I + is included with NT Server but <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >not NT Workstation</I +></SPAN >. There is a Policy Editor on a NTws - but it is not suitable for creating <I + but it is not suitable for creating <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >Domain Policies</I +></SPAN >. Further, although the Windows 95 Policy Editor can be installed on an NT Workstation/Server, it will not @@ -1009,9 +1142,12 @@ CLASS="COMMAND" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >Can Win95 do Policies?</I +></SPAN > </P ><P @@ -1036,9 +1172,12 @@ CLASS="FILENAME" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >How do I get 'User Manager' and 'Server Manager'</I +></SPAN > </P ><P @@ -1086,12 +1225,12 @@ TARGET="_top" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN261" ->What other help can I get?</A -></H1 +NAME="AEN830" +></A +>6.7. What other help can I get?</H1 ><P >There are many sources of information available in the form of mailing lists, RFC's and documentation. The docs that come @@ -1102,10 +1241,13 @@ general SMB topics such as browsing.</P ><UL ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >What are some diagnostics tools I can use to debug the domain logon process and where can I find them?</I +></SPAN > </P ><P @@ -1175,10 +1317,13 @@ TARGET="_top" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >How do I install 'Network Monitor' on an NT Workstation or a Windows 9x box?</I +></SPAN > </P ><P @@ -1293,9 +1438,12 @@ TARGET="_top" ></LI ><LI ><P -> The <I +> The <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >Development</I +></SPAN > document on the Samba mirrors might mention your problem. If so, it might mean that the developers are working on it.</P @@ -1352,9 +1500,12 @@ TARGET="_top" ><UL ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >How do I get help from the mailing lists?</I +></SPAN > </P ><P @@ -1429,9 +1580,12 @@ TARGET="_top" ></LI ><LI ><P ->You might include <I +>You might include <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >partial</I +></SPAN > log files written at a debug level set to as much as 20. Please don't send the entire log but enough to give the context of the @@ -1453,9 +1607,12 @@ CLASS="EMPHASIS" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >How do I get off the mailing lists?</I +></SPAN > </P ><P @@ -1488,27 +1645,46 @@ TARGET="_top" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN375" ->Domain Control for Windows 9x/ME</A -></H1 +NAME="AEN944" +></A +>6.8. Domain Control for Windows 9x/ME</H1 ><DIV CLASS="NOTE" -><BLOCKQUOTE +><P +></P +><TABLE CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P -><B ->Note: </B >The following section contains much of the original DOMAIN.txt file previously included with Samba. Much of -the material is based on what went into the book <I +the material is based on what went into the book <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >Special Edition, Using Samba</I +></SPAN >, by Richard Sharpe.</P -></BLOCKQUOTE +></TD +></TR +></TABLE ></DIV ><P >A domain and a workgroup are exactly the same thing in terms of network @@ -1603,12 +1779,12 @@ TYPE="1" ></OL ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN401" ->Configuration Instructions: Network Logons</A -></H2 +NAME="AEN970" +></A +>6.8.1. Configuration Instructions: Network Logons</H2 ><P >The main difference between a PDC and a Windows 9x logon server configuration is that</P @@ -1633,18 +1809,30 @@ CLASS="WARNING" ></P ><TABLE CLASS="WARNING" -BORDER="1" WIDTH="100%" +BORDER="0" ><TR ><TD +WIDTH="25" ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/warning.gif" +HSPACE="5" +ALT="Warning"></TD +><TH +ALIGN="LEFT" +VALIGN="CENTER" ><B >security mode and master browsers</B -></TD +></TH ></TR ><TR ><TD +> </TD +><TD ALIGN="LEFT" +VALIGN="TOP" ><P >There are a few comments to make in order to tie up some loose ends. There has been much debate over the issue of whether @@ -1697,34 +1885,39 @@ for its domain.</P ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN420" ->Configuration Instructions: Setting up Roaming User Profiles</A -></H2 +NAME="AEN989" +></A +>6.8.2. Configuration Instructions: Setting up Roaming User Profiles</H2 ><DIV CLASS="WARNING" ><P ></P ><TABLE CLASS="WARNING" -BORDER="1" WIDTH="100%" +BORDER="0" ><TR ><TD +WIDTH="25" ALIGN="CENTER" -><B ->Warning</B -></TD -></TR -><TR +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/warning.gif" +HSPACE="5" +ALT="Warning"></TD ><TD ALIGN="LEFT" +VALIGN="TOP" ><P +><SPAN +CLASS="emphasis" ><I CLASS="EMPHASIS" >NOTE!</I +></SPAN > Roaming profiles support is different for Win9X and WinNT.</P ></TD @@ -1745,12 +1938,12 @@ including a separate field for the location of the user's profiles. This means that support for profiles is different for Win9X and WinNT.</P ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN428" ->Windows NT Configuration</A -></H3 +NAME="AEN997" +></A +>6.8.2.1. Windows NT Configuration</H3 ><P >To support WinNT clients, in the [global] section of smb.conf set the following (for example):</P @@ -1767,25 +1960,41 @@ If you are using a samba server for the profiles, you _must_ make the share specified in the logon path browseable. </P ><DIV CLASS="NOTE" -><BLOCKQUOTE +><P +></P +><TABLE CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P -><B ->Note: </B >[lkcl 26aug96 - we have discovered a problem where Windows clients can maintain a connection to the [homes] share in between logins. The [homes] share must NOT therefore be used in a profile path.]</P -></BLOCKQUOTE +></TD +></TR +></TABLE ></DIV ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN436" ->Windows 9X Configuration</A -></H3 +NAME="AEN1005" +></A +>6.8.2.2. Windows 9X Configuration</H3 ><P >To support Win9X clients, you must use the "logon home" parameter. Samba has now been fixed so that "net use/home" now works as well, and it, too, relies @@ -1811,12 +2020,12 @@ specified \\%L\%U for "logon home".</P ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN444" ->Win9X and WinNT Configuration</A -></H3 +NAME="AEN1013" +></A +>6.8.2.3. Win9X and WinNT Configuration</H3 ><P >You can support profiles for both Win9X and WinNT clients by setting both the "logon home" and "logon path" parameters. For example:</P @@ -1828,24 +2037,40 @@ logon path = \\%L\profiles\%U</PRE ></P ><DIV CLASS="NOTE" -><BLOCKQUOTE +><P +></P +><TABLE CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P -><B ->Note: </B >I have not checked what 'net use /home' does on NT when "logon home" is set as above.</P -></BLOCKQUOTE +></TD +></TR +></TABLE ></DIV ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN451" ->Windows 9X Profile Setup</A -></H3 +NAME="AEN1020" +></A +>6.8.2.4. Windows 9X Profile Setup</H3 ><P >When a user first logs in on Windows 9X, the file user.DAT is created, as are folders "Start Menu", "Desktop", "Programs" and "Nethood". @@ -1950,9 +2175,12 @@ TYPE="1" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >WARNING</I +></SPAN > - before deleting the contents of the directory listed in the ProfilePath (this is likely to be c:\windows\profiles\username), @@ -1997,30 +2225,46 @@ differences are with the equivalent samba trace.</P ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN487" ->Windows NT Workstation 4.0</A -></H3 +NAME="AEN1056" +></A +>6.8.2.5. Windows NT Workstation 4.0</H3 ><P >When a user first logs in to a Windows NT Workstation, the profile NTuser.DAT is created. The profile location can be now specified through the "logon path" parameter. </P ><DIV CLASS="NOTE" -><BLOCKQUOTE +><P +></P +><TABLE CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P -><B ->Note: </B >[lkcl 10aug97 - i tried setting the path to \\samba-server\homes\profile, and discovered that this fails because a background process maintains the connection to the [homes] share which does _not_ close down in between user logins. you have to have \\samba-server\%L\profile, where user is the username created from the [homes] share].</P -></BLOCKQUOTE +></TD +></TR +></TABLE ></DIV ><P >There is a parameter that is now available for use with NT Profiles: @@ -2051,11 +2295,25 @@ NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN turns a profile into a mandatory one.</P ><DIV CLASS="NOTE" -><BLOCKQUOTE +><P +></P +><TABLE CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P -><B ->Note: </B >[lkcl 10aug97 - i notice that NT Workstation tells me that it is downloading a profile from a slow link. whether this is actually the case, or whether there is some configuration issue, as yet unknown, @@ -2074,17 +2332,19 @@ workstation for clear-text passwords].</P >[lkcl 25aug97 - more comments received about NT profiles: the case of the profile _matters_. the file _must_ be called NTuser.DAT or, for a mandatory profile, NTuser.MAN].</P -></BLOCKQUOTE +></TD +></TR +></TABLE ></DIV ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN500" ->Windows NT Server</A -></H3 +NAME="AEN1069" +></A +>6.8.2.6. Windows NT Server</H3 ><P >There is nothing to stop you specifying any path that you like for the location of users' profiles. Therefore, you could specify that the @@ -2093,30 +2353,42 @@ that SMB server supports encrypted passwords.</P ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN503" ->Sharing Profiles between W95 and NT Workstation 4.0</A -></H3 +NAME="AEN1072" +></A +>6.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</H3 ><DIV CLASS="WARNING" ><P ></P ><TABLE CLASS="WARNING" -BORDER="1" WIDTH="100%" +BORDER="0" ><TR ><TD +WIDTH="25" ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/warning.gif" +HSPACE="5" +ALT="Warning"></TD +><TH +ALIGN="LEFT" +VALIGN="CENTER" ><B >Potentially outdated or incorrect material follows</B -></TD +></TH ></TR ><TR ><TD +> </TD +><TD ALIGN="LEFT" +VALIGN="TOP" ><P >I think this is all bogus, but have not deleted it. (Richard Sharpe)</P ></TD @@ -2141,47 +2413,75 @@ unlikely to exist on a Win95-only host].</P NTuser.DAT files in the same profile directory.</P ><DIV CLASS="NOTE" -><BLOCKQUOTE +><P +></P +><TABLE CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" ><P -><B ->Note: </B >[lkcl 25aug97 - there are some issues to resolve with downloading of NT profiles, probably to do with time/date stamps. i have found that NTuser.DAT is never updated on the workstation after the first time that it is copied to the local workstation profile directory. this is in contrast to w95, where it _does_ transfer / update profiles correctly].</P -></BLOCKQUOTE +></TD +></TR +></TABLE ></DIV ></DIV ></DIV ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN513" ->DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A -></H1 +NAME="AEN1082" +></A +>6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</H1 ><DIV CLASS="WARNING" ><P ></P ><TABLE CLASS="WARNING" -BORDER="1" WIDTH="100%" +BORDER="0" ><TR ><TD +WIDTH="25" ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/docbook-dsssl/warning.gif" +HSPACE="5" +ALT="Warning"></TD +><TH +ALIGN="LEFT" +VALIGN="CENTER" ><B >Possibly Outdated Material</B -></TD +></TH ></TR ><TR ><TD +> </TD +><TD ALIGN="LEFT" +VALIGN="TOP" ><P > This appendix was originally authored by John H Terpstra of the Samba Team and is included here for posterity. @@ -2191,9 +2491,12 @@ ALIGN="LEFT" ></TABLE ></DIV ><P +><SPAN +CLASS="emphasis" ><I CLASS="EMPHASIS" >NOTE :</I +></SPAN > The term "Domain Controller" and those related to it refer to one specific method of authentication that can underly an SMB domain. Domain Controllers @@ -2279,6 +2582,68 @@ each Domain Controlling participant will have an up to date SAM component within its registry.</P ></DIV ></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="p544.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="samba-howto-collection.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="samba-bdc.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Type of installation</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="p544.html" +ACCESSKEY="U" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TD +></TR +></TABLE +></DIV ></BODY ></HTML >
\ No newline at end of file diff --git a/docs/htmldocs/vfstest.1.html b/docs/htmldocs/vfstest.1.html new file mode 100644 index 0000000000..3db7ff3d97 --- /dev/null +++ b/docs/htmldocs/vfstest.1.html @@ -0,0 +1,496 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>vfstest</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="VFSTEST" +></A +>vfstest</H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN5" +></A +><H2 +>Name</H2 +>vfstest -- tool for testing samba VFS modules </DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN8" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>vfstest</B +> [-d debuglevel] [-c command] [-l logfile] [-h]</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN15" +></A +><H2 +>DESCRIPTION</H2 +><P +>This tool is part of the <A +HREF="samba.7.html" +TARGET="_top" +> Samba</A +> suite.</P +><P +><B +CLASS="COMMAND" +>vfstest</B +> is a small command line + utility that has the ability to test dso samba VFS modules. It gives the + user the ability to call the various VFS functions manually and + supports cascaded VFS modules. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN21" +></A +><H2 +>OPTIONS</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>-c|--command=command</DT +><DD +><P +>Execute the specified (colon-seperated) commands. + See below for the commands that are available. + </P +></DD +><DT +>-d|--debug=debuglevel</DT +><DD +><P +><TT +CLASS="REPLACEABLE" +><I +>debuglevel</I +></TT +> is an integer +from 0 to 10. The default value if this parameter is +not specified is zero.</P +><P +>The higher this value, the more detail will be +logged to the log files about the activities of the +server. At level 0, only critical errors and serious +warnings will be logged. Level 1 is a reasonable level for +day to day running - it generates a small amount of +information about operations carried out.</P +><P +>Levels above 1 will generate considerable +amounts of log data, and should only be used when +investigating a problem. Levels above 3 are designed for +use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic.</P +><P +>Note that specifying this parameter here will +override the <A +HREF="smb.conf.5.html#loglevel" +TARGET="_top" +>log +level</A +> parameter in the <A +HREF="smb.conf.5.html" +TARGET="_top" +><TT +CLASS="FILENAME" +>smb.conf(5)</TT +></A +> file.</P +></DD +><DT +>-h|--help</DT +><DD +><P +>Print a summary of command line options.</P +></DD +><DT +>-l|--logfile=logbasename</DT +><DD +><P +>File name for log/debug files. The extension + <TT +CLASS="CONSTANT" +>'.client'</TT +> will be appended. The log file is never removed + by the client. + </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN48" +></A +><H2 +>COMMANDS</H2 +><P +><SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>VFS COMMANDS</I +></SPAN +></P +><P +></P +><UL +><LI +><P +><B +CLASS="COMMAND" +>load <module.so></B +> - Load specified VFS module </P +></LI +><LI +><P +><B +CLASS="COMMAND" +>populate <char> <size></B +> - Populate a data buffer with the specified data + </P +></LI +><LI +><P +><B +CLASS="COMMAND" +>showdata [<offset> <len>]</B +> - Show data currently in data buffer + </P +></LI +><LI +><P +><B +CLASS="COMMAND" +>connect</B +> - VFS connect()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>disconnect</B +> - VFS disconnect()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>disk_free</B +> - VFS disk_free()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>opendir</B +> - VFS opendir()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>readdir</B +> - VFS readdir()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>mkdir</B +> - VFS mkdir()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>rmdir</B +> - VFS rmdir()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>closedir</B +> - VFS closedir()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>open</B +> - VFS open()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>close</B +> - VFS close()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>read</B +> - VFS read()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>write</B +> - VFS write()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>lseek</B +> - VFS lseek()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>rename</B +> - VFS rename()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>fsync</B +> - VFS fsync()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>stat</B +> - VFS stat()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>fstat</B +> - VFS fstat()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>lstat</B +> - VFS lstat()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>unlink</B +> - VFS unlink()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>chmod</B +> - VFS chmod()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>fchmod</B +> - VFS fchmod()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>chown</B +> - VFS chown()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>fchown</B +> - VFS fchown()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>chdir</B +> - VFS chdir()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>getwd</B +> - VFS getwd()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>utime</B +> - VFS utime()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>ftruncate</B +> - VFS ftruncate()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>lock</B +> - VFS lock()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>symlink</B +> - VFS symlink()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>readlink</B +> - VFS readlink()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>link</B +> - VFS link()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>mknod</B +> - VFS mknod()</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>realpath</B +> - VFS realpath()</P +></LI +></UL +><P +><SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>GENERAL COMMANDS</I +></SPAN +></P +><P +></P +><UL +><LI +><P +><B +CLASS="COMMAND" +>conf <smb.conf></B +> - Load a different configuration file</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>help [<command>]</B +> - Get list of commands or info about specified command</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>debuglevel <level></B +> - Set debug level</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>freemem</B +> - Free memory currently in use</P +></LI +><LI +><P +><B +CLASS="COMMAND" +>exit</B +> - Exit vfstest</P +></LI +></UL +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN179" +></A +><H2 +>VERSION</H2 +><P +>This man page is correct for version 3.0 of the Samba + suite.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN182" +></A +><H2 +>AUTHOR</H2 +><P +>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</P +><P +>The vfstest man page was written by Jelmer Vernooij.</P +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/wfw_slip.htm b/docs/htmldocs/wfw_slip.htm deleted file mode 100644 index 5b4a0a5e53..0000000000 --- a/docs/htmldocs/wfw_slip.htm +++ /dev/null @@ -1,175 +0,0 @@ -<HTML>
-<HEAD>
-<TITLE>Peter Karrer Announces SLIP for WFW</TITLE>
-</HEAD>
-<BODY>
-<H1><I>Winserve</I></H1>
-<HR>
-<H2><I>Peter Karrer Announces SLIP for WFW</I></H2>
-[NEW 03-22-95)
-<HR>
-<B>Hello,</B>
-<P>
-I've discovered a way to run WfW's TCP/IP-32 over a SLIP packet driver. This
-allows WfW users to do Windows networking over dialup lines just like it is
-possible with NT and the Windows 95 beta!
-<P>
-For instance, you can mount Microsoft's FTP server as a network drive in File
-Manager or connect to an MS Mail post office over the Internet. Of course,
-the usual Internet stuff works as well. Another interesting site is
-WINSERVE.001; check out www.winserve.com.
-<HR>
-This method should work with any class 1 (Ethernet II) packet driver. However,
-I'm not in a position to try anything else than SLIPPER/CSLIPPER.
-<HR>
-<H3>Files you need:</H3>
-<B>WFWT32.EXE:</B> ftp://ftp.microsoft.com/bussys/msclient/wfw/wfwt32.exe
-<P>
- Microsoft's free TCP/IP for WfW. It's a self-extracting archive which
- should be executed in an empty directory.
-<P>
-<B>SLIPPER.EXE:</B> ftp://biocserver.bioc.cwru.edu/pub/dos/slipper/slippr15.zip
-<P>
- Peter Tattam's SLIP packet driver. CSLIPPER.EXE is a variant which supports
- VJ header compression.
-<P>
-<B>PDETHER.EXE:</B> ftp://sjf-lwp.idz.sjf.novell.com/odi/pdether/pde105.zip
-<P>
- Don Provan's ODI-over-Packet Driver shim. This *must* be version 1.05 (or
- above).
-<P>
-<B>LSL.COM:</B>
-<P>
- Novell's LAN Support Layer. If you're an owner of Windows 3.10, you'll
- have it on one of your install disks. Use "expand a:lsl.co_ lsl.com" to
- expand it. Microsoft has stopped bundling LSL.COM with WfW 3.11, though.
- The newest version of LSL.COM can be downloaded as part of
- ftp://ftp.novell.com/pub/netware/nwos/dosclnt12/vlms/vlmup2.exe.
- However, it's not clear if this one may be legally used outside Netware
- environments.
-<P>
-<B>NET.CFG:</B>
-<P>
- A configuration file for LSL and PDETHER. It should contain the following
- text:
-<P>
-<PRE>
-Link Support
- Buffers 8 1600
-Link Driver PDETHER
- Int 60
- Frame Ethernet_II
- Protocol IP 800 Ethernet_II
- Protocol ARP 806 Ethernet_II
- Protocol RARP 8035 Ethernet_II
-</PRE>
-<P>
-<B>DISCOMX.COM:</B>
-<P>
- A little hack of mine to disable the COM port used by the SLIP packet driver.
- Usage is e.g. "discomx 2" to disable COM2. This should be run before
- starting WfW, otherwise you'll get "device conflict" messages. Here it is:
-<P><PRE>
-begin 644 discomx.com
-F,=N)V8H.@`"P(+^!`/.N3XH="=MT!DN`XP/1XS')!R:)CP`$S2``
-`
-end
- </PRE>
- (Save this text to disk as <I>filename</I>, then run "uudecode <I>filename</I>".
- uudecode can be found, for instance, at
- ftp://ftp.switch.ch/mirror/simtel/msdos/starter/uudecode.com )
-<P>
-<B>LMHOSTS:</B>
- <P>
- An optional file which should be stored in your Windows subdirectory. It is
- used to map NetBIOS computer names to IP addresses. Example:
-<P>
-<PRE>
-198.105.232.1 ftp #PRE # ftp.microsoft.com
-204.118.34.11 winserve.001 #PRE # Winserve
-</PRE>
-<HR>
-<H3>How to install it:</H3>
-<P>
-<UL>
-<LI>Put the files mentioned above into a directory, e.g. C:\SLIP.
-<P>
-<LI>Put the following lines into AUTOEXEC.BAT:
-<P><PRE>
- cd \slip
- slipper com1 vec=60 baud=57600 ether (may vary with your modem setup)
- lsl
- pdether
- discomx 1 (must correspond to SLIPPER's COM port)
-</PRE>
- (If you use another vec= setting, you must update that in NET.CFG as well.)
- Use CSLIPPER instead of SLIPPER if your SLIP provider supports VJC.
-<P>
-<LI>Start WfW.
-<UL>
-<LI>Under Windows Setup, choose "Change Network Settings".
-<LI>Select "Install Microsoft Windows Network".
-<LI>In "Drivers...", choose "Add Adapter"
- and install the "IPXODI Support driver (Ethernet) [ODI/NDIS3]".
-<LI>In "Add Protocols...", select "Unlisted or Updated Protocol". When asked for a
- driver disk, enter the directory where you expanded WFWT32.EXE.
-<LI>Configure TCP/IP (IP address, enable LMHOSTS lookup, try 204.118.34.11 as primary
- WINS server). Remove all other protocols (NetBEUI, IPX/SPX).
-</UL>
-<P>
-<LI>Windows will probably update the first lines of AUTOEXEC.BAT with
-<P>
-<PRE>
- c:\windows\net start
- c:\windows\odihlp.exe.
-</PRE>
- The "odihlp" line must be moved behind the "pdether" line.
-<P>
-<LI>Windows will also update NET.CFG with some "Frame" lines. These must
- be removed (except "Frame Ethernet_II").
-<P>
-<LI>Somehow, you will have to dial in to your SLIP provider. I do it manually
- before slipper (or cslipper) gets loaded, using a DOS-based terminal program.
- But there are some automatic dialers around. I've seen recommendations for
- ftp://mvmpc9.ciw.uni-karlsruhe.de/x-slip/slip_it.exe.
-<P>
-<LI>To connect to Microsoft's FTP server (or Winserve) go into File Manager,
- choose "Connect Network drive" and enter "\\ftp" or "\\winserve.001" into
- the "Path:" field.
-</UL>
-<HR>
-<H3>How it works:</H3>
-<P>
-Microsoft's TCP/IP-32 requires an NDIS3 interface. NDIS is Microsoft's way
-to interface with a network.
-<P>
-WfW also contains an NDIS3-over-ODI "shim", whose real mode component is
-ODIHLP.EXE. ODI is Novell's way to interface with a network.
-<P>
-SLIPPER is a Packet Driver (PD) for use over serial lines. PDs are everybody
-else's way to interface with a network. SLIPPER's "ether" option makes it
-look like an Ethernet PD to applications using it.
-<P>
-A "shim" is a program which simulates a network application programming
-interface on top of another.
-<P>
-There is no NDIS SLIP driver which would work with WfW.
-<P>
-There is no NDIS-over-PD shim.
-<P>
-However, there's an ODI-over-PD shim (PDETHER) and an NDIS-over-ODI shim
-(ODIHLP etc.)
-<P>
-OK, so let's do NDIS-over-ODI-over-PD!
- <P>
-This should have worked all the time; however, a non-feature in PDETHER
-versions < 1.05 has prevented the method from functioning until now.
-<HR>
-<B>Questions, suggestions etc. please to
-<P>
-<PRE>
-Peter Karrer pkarrer@ife.ee.ethz.ch
-</PRE>
-</B>
-</BODY>
-</HTML>
|