diff options
Diffstat (limited to 'docs/htmldocs')
| -rw-r--r-- | docs/htmldocs/Samba-HOWTO-Collection.html | 4165 | 
1 files changed, 2168 insertions, 1997 deletions
| diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index c902d63bec..73bc3eb60a 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -219,8 +219,8 @@ HREF="#AEN546"  ></DT  ><DT  >3.8. <A -HREF="#AEN594" ->Passdb XML plugin</A +HREF="#AEN588" +>XML</A  ></DT  ></DL  ></DD @@ -242,17 +242,17 @@ HREF="#SERVERTYPE"  ><DL  ><DT  >4.1. <A -HREF="#AEN639" +HREF="#AEN626"  >Stand Alone Server</A  ></DT  ><DT  >4.2. <A -HREF="#AEN646" +HREF="#AEN633"  >Domain Member Server</A  ></DT  ><DT  >4.3. <A -HREF="#AEN652" +HREF="#AEN639"  >Domain Controller</A  ></DT  ></DL @@ -266,7 +266,7 @@ HREF="#SECURITYLEVELS"  ><DL  ><DT  >5.1. <A -HREF="#AEN681" +HREF="#AEN668"  >User and Share security level</A  ></DT  ></DL @@ -280,37 +280,37 @@ HREF="#SAMBA-PDC"  ><DL  ><DT  >6.1. <A -HREF="#AEN785" +HREF="#AEN772"  >Prerequisite Reading</A  ></DT  ><DT  >6.2. <A -HREF="#AEN790" +HREF="#AEN777"  >Background</A  ></DT  ><DT  >6.3. <A -HREF="#AEN830" +HREF="#AEN817"  >Configuring the Samba Domain Controller</A  ></DT  ><DT  >6.4. <A -HREF="#AEN872" +HREF="#AEN859"  >Creating Machine Trust Accounts and Joining Clients to the Domain</A  ></DT  ><DT  >6.5. <A -HREF="#AEN980" +HREF="#AEN967"  >Common Problems and Errors</A  ></DT  ><DT  >6.6. <A -HREF="#AEN1026" +HREF="#AEN1013"  >What other help can I get?</A  ></DT  ><DT  >6.7. <A -HREF="#AEN1140" +HREF="#AEN1127"  >Domain Control for Windows 9x/ME</A  ></DT  ></DL @@ -324,27 +324,27 @@ HREF="#SAMBA-BDC"  ><DL  ><DT  >7.1. <A -HREF="#AEN1193" +HREF="#AEN1180"  >Prerequisite Reading</A  ></DT  ><DT  >7.2. <A -HREF="#AEN1197" +HREF="#AEN1184"  >Background</A  ></DT  ><DT  >7.3. <A -HREF="#AEN1205" +HREF="#AEN1192"  >What qualifies a Domain Controller on the network?</A  ></DT  ><DT  >7.4. <A -HREF="#AEN1214" +HREF="#AEN1201"  >Can Samba be a Backup Domain Controller to an NT PDC?</A  ></DT  ><DT  >7.5. <A -HREF="#AEN1219" +HREF="#AEN1206"  >How do I set up a Samba BDC?</A  ></DT  ></DL @@ -358,7 +358,7 @@ HREF="#ADS"  ><DL  ><DT  >8.1. <A -HREF="#AEN1251" +HREF="#AEN1238"  >Setup your <TT  CLASS="FILENAME"  >smb.conf</TT @@ -366,7 +366,7 @@ CLASS="FILENAME"  ></DT  ><DT  >8.2. <A -HREF="#AEN1262" +HREF="#AEN1249"  >Setup your <TT  CLASS="FILENAME"  >/etc/krb5.conf</TT @@ -374,22 +374,22 @@ CLASS="FILENAME"  ></DT  ><DT  >8.3. <A -HREF="#AEN1273" +HREF="#AEN1260"  >Create the computer account</A  ></DT  ><DT  >8.4. <A -HREF="#AEN1285" +HREF="#AEN1272"  >Test your server setup</A  ></DT  ><DT  >8.5. <A -HREF="#AEN1290" +HREF="#AEN1277"  >Testing with smbclient</A  ></DT  ><DT  >8.6. <A -HREF="#AEN1293" +HREF="#AEN1280"  >Notes</A  ></DT  ></DL @@ -403,12 +403,12 @@ HREF="#DOMAIN-SECURITY"  ><DL  ><DT  >9.1. <A -HREF="#AEN1315" +HREF="#AEN1302"  >Joining an NT Domain with Samba 3.0</A  ></DT  ><DT  >9.2. <A -HREF="#AEN1369" +HREF="#AEN1356"  >Why is this better than security = server?</A  ></DT  ></DL @@ -425,19 +425,14 @@ HREF="#OPTIONAL"  ><DT  >10. <A  HREF="#ADVANCEDNETWORKMANAGEMENT" ->System Policies</A +>Advanced Network Manangement Information</A  ></DT  ><DD  ><DL  ><DT  >10.1. <A -HREF="#AEN1401" ->Basic System Policy Info</A -></DT -><DT ->10.2. <A -HREF="#AEN1456" ->Roaming Profiles</A +HREF="#AEN1388" +>Remote Server Administration</A  ></DT  ></DL  ></DD @@ -450,39 +445,39 @@ HREF="#UNIX-PERMISSIONS"  ><DL  ><DT  >11.1. <A -HREF="#AEN1663" +HREF="#AEN1416"  >Viewing and changing UNIX permissions using the NT   	security dialogs</A  ></DT  ><DT  >11.2. <A -HREF="#AEN1667" +HREF="#AEN1420"  >How to view file security on a Samba share</A  ></DT  ><DT  >11.3. <A -HREF="#AEN1678" +HREF="#AEN1431"  >Viewing file ownership</A  ></DT  ><DT  >11.4. <A -HREF="#AEN1698" +HREF="#AEN1451"  >Viewing file or directory permissions</A  ></DT  ><DT  >11.5. <A -HREF="#AEN1734" +HREF="#AEN1487"  >Modifying file or directory permissions</A  ></DT  ><DT  >11.6. <A -HREF="#AEN1756" +HREF="#AEN1509"  >Interaction with the standard Samba create mask   	parameters</A  ></DT  ><DT  >11.7. <A -HREF="#AEN1810" +HREF="#AEN1563"  >Interaction with the standard Samba file attribute   	mapping</A  ></DT @@ -503,17 +498,17 @@ managed authentication</A  ><DL  ><DT  >13.1. <A -HREF="#AEN1866" +HREF="#AEN1619"  >Samba and PAM</A  ></DT  ><DT  >13.2. <A -HREF="#AEN1915" +HREF="#AEN1668"  >Distributed Authentication</A  ></DT  ><DT  >13.3. <A -HREF="#AEN1920" +HREF="#AEN1673"  >PAM Configuration in smb.conf</A  ></DT  ></DL @@ -527,22 +522,22 @@ HREF="#PRINTING"  ><DL  ><DT  >14.1. <A -HREF="#AEN1946" +HREF="#AEN1699"  >Introduction</A  ></DT  ><DT  >14.2. <A -HREF="#AEN1968" +HREF="#AEN1721"  >Configuration</A  ></DT  ><DT  >14.3. <A -HREF="#AEN2076" +HREF="#AEN1829"  >The Imprints Toolset</A  ></DT  ><DT  >14.4. <A -HREF="#AEN2119" +HREF="#AEN1872"  >Diagnosis</A  ></DT  ></DL @@ -556,37 +551,37 @@ HREF="#CUPS-PRINTING"  ><DL  ><DT  >15.1. <A -HREF="#AEN2231" +HREF="#AEN1984"  >Introduction</A  ></DT  ><DT  >15.2. <A -HREF="#AEN2236" +HREF="#AEN1989"  >CUPS - RAW Print Through  Mode</A  ></DT  ><DT  >15.3. <A -HREF="#AEN2291" +HREF="#AEN2044"  >The CUPS Filter Chains</A  ></DT  ><DT  >15.4. <A -HREF="#AEN2330" +HREF="#AEN2083"  >CUPS Print Drivers and Devices</A  ></DT  ><DT  >15.5. <A -HREF="#AEN2407" +HREF="#AEN2160"  >Limiting the number of pages users can print</A  ></DT  ><DT  >15.6. <A -HREF="#AEN2496" +HREF="#AEN2249"  >Advanced Postscript Printing from MS Windows</A  ></DT  ><DT  >15.7. <A -HREF="#AEN2511" +HREF="#AEN2264"  >Auto-Deletion of CUPS spool files</A  ></DT  ></DL @@ -600,216 +595,244 @@ HREF="#WINBIND"  ><DL  ><DT  >16.1. <A -HREF="#AEN2573" +HREF="#AEN2326"  >Abstract</A  ></DT  ><DT  >16.2. <A -HREF="#AEN2577" +HREF="#AEN2330"  >Introduction</A  ></DT  ><DT  >16.3. <A -HREF="#AEN2590" +HREF="#AEN2343"  >What Winbind Provides</A  ></DT  ><DT  >16.4. <A -HREF="#AEN2601" +HREF="#AEN2354"  >How Winbind Works</A  ></DT  ><DT  >16.5. <A -HREF="#AEN2644" +HREF="#AEN2397"  >Installation and Configuration</A  ></DT  ><DT  >16.6. <A -HREF="#AEN2901" +HREF="#AEN2654"  >Limitations</A  ></DT  ><DT  >16.7. <A -HREF="#AEN2911" +HREF="#AEN2664"  >Conclusion</A  ></DT  ></DL  ></DD  ><DT  >17. <A +HREF="#POLICYMGMT" +>Policy Management - Hows and Whys</A +></DT +><DD +><DL +><DT +>17.1. <A +HREF="#AEN2678" +>System Policies</A +></DT +></DL +></DD +><DT +>18. <A +HREF="#PROFILEMGMT" +>Profile Management</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="#AEN2761" +>Roaming Profiles</A +></DT +></DL +></DD +><DT +>19. <A  HREF="#INTEGRATE-MS-NETWORKS"  >Integrating MS Windows networks with Samba</A  ></DT  ><DD  ><DL  ><DT ->17.1. <A -HREF="#AEN2932" +>19.1. <A +HREF="#AEN2975"  >Name Resolution in a pure Unix/Linux world</A  ></DT  ><DT ->17.2. <A -HREF="#AEN2995" +>19.2. <A +HREF="#AEN3038"  >Name resolution as used within MS Windows networking</A  ></DT  ></DL  ></DD  ><DT ->18. <A +>20. <A  HREF="#IMPROVED-BROWSING"  >Improved browsing in samba</A  ></DT  ><DD  ><DL  ><DT ->18.1. <A -HREF="#AEN3047" +>20.1. <A +HREF="#AEN3090"  >Overview of browsing</A  ></DT  ><DT ->18.2. <A -HREF="#AEN3052" +>20.2. <A +HREF="#AEN3095"  >Browsing support in samba</A  ></DT  ><DT ->18.3. <A -HREF="#AEN3060" +>20.3. <A +HREF="#AEN3103"  >Problem resolution</A  ></DT  ><DT ->18.4. <A -HREF="#AEN3069" +>20.4. <A +HREF="#AEN3112"  >Browsing across subnets</A  ></DT  ><DT ->18.5. <A -HREF="#AEN3109" +>20.5. <A +HREF="#AEN3152"  >Setting up a WINS server</A  ></DT  ><DT ->18.6. <A -HREF="#AEN3128" +>20.6. <A +HREF="#AEN3171"  >Setting up Browsing in a WORKGROUP</A  ></DT  ><DT ->18.7. <A -HREF="#AEN3146" +>20.7. <A +HREF="#AEN3189"  >Setting up Browsing in a DOMAIN</A  ></DT  ><DT ->18.8. <A -HREF="#AEN3156" +>20.8. <A +HREF="#AEN3199"  >Forcing samba to be the master</A  ></DT  ><DT ->18.9. <A -HREF="#AEN3165" +>20.9. <A +HREF="#AEN3208"  >Making samba the domain master</A  ></DT  ><DT ->18.10. <A -HREF="#AEN3183" +>20.10. <A +HREF="#AEN3226"  >Note about broadcast addresses</A  ></DT  ><DT ->18.11. <A -HREF="#AEN3186" +>20.11. <A +HREF="#AEN3229"  >Multiple interfaces</A  ></DT  ></DL  ></DD  ><DT ->19. <A +>21. <A  HREF="#MSDFS"  >Hosting a Microsoft Distributed File System tree on Samba</A  ></DT  ><DD  ><DL  ><DT ->19.1. <A -HREF="#AEN3200" +>21.1. <A +HREF="#AEN3243"  >Instructions</A  ></DT  ></DL  ></DD  ><DT ->20. <A +>22. <A  HREF="#VFS"  >Stackable VFS modules</A  ></DT  ><DD  ><DL  ><DT ->20.1. <A -HREF="#AEN3259" +>22.1. <A +HREF="#AEN3302"  >Introduction and configuration</A  ></DT  ><DT ->20.2. <A -HREF="#AEN3268" +>22.2. <A +HREF="#AEN3311"  >Included modules</A  ></DT  ><DT ->20.3. <A -HREF="#AEN3322" +>22.3. <A +HREF="#AEN3365"  >VFS modules available elsewhere</A  ></DT  ></DL  ></DD  ><DT ->21. <A +>23. <A  HREF="#SECURING-SAMBA"  >Securing Samba</A  ></DT  ><DD  ><DL  ><DT ->21.1. <A -HREF="#AEN3348" +>23.1. <A +HREF="#AEN3391"  >Introduction</A  ></DT  ><DT ->21.2. <A -HREF="#AEN3351" +>23.2. <A +HREF="#AEN3394"  >Using host based protection</A  ></DT  ><DT ->21.3. <A -HREF="#AEN3358" +>23.3. <A +HREF="#AEN3401"  >Using interface protection</A  ></DT  ><DT ->21.4. <A -HREF="#AEN3367" +>23.4. <A +HREF="#AEN3410"  >Using a firewall</A  ></DT  ><DT ->21.5. <A -HREF="#AEN3374" +>23.5. <A +HREF="#AEN3417"  >Using a IPC$ share deny</A  ></DT  ><DT ->21.6. <A -HREF="#AEN3383" +>23.6. <A +HREF="#AEN3426"  >Upgrading Samba</A  ></DT  ></DL  ></DD  ><DT ->22. <A +>24. <A  HREF="#UNICODE"  >Unicode/Charsets</A  ></DT  ><DD  ><DL  ><DT ->22.1. <A -HREF="#AEN3397" +>24.1. <A +HREF="#AEN3440"  >What are charsets and unicode?</A  ></DT  ><DT ->22.2. <A -HREF="#AEN3406" +>24.2. <A +HREF="#AEN3449"  >Samba and charsets</A  ></DT  ></DL @@ -824,225 +847,225 @@ HREF="#APPENDIXES"  ><DD  ><DL  ><DT ->23. <A +>25. <A  HREF="#SPEED"  >Samba performance issues</A  ></DT  ><DD  ><DL  ><DT ->23.1. <A -HREF="#AEN3443" +>25.1. <A +HREF="#AEN3486"  >Comparisons</A  ></DT  ><DT ->23.2. <A -HREF="#AEN3449" +>25.2. <A +HREF="#AEN3492"  >Socket options</A  ></DT  ><DT ->23.3. <A -HREF="#AEN3456" +>25.3. <A +HREF="#AEN3499"  >Read size</A  ></DT  ><DT ->23.4. <A -HREF="#AEN3461" +>25.4. <A +HREF="#AEN3504"  >Max xmit</A  ></DT  ><DT ->23.5. <A -HREF="#AEN3466" +>25.5. <A +HREF="#AEN3509"  >Log level</A  ></DT  ><DT ->23.6. <A -HREF="#AEN3469" +>25.6. <A +HREF="#AEN3512"  >Read raw</A  ></DT  ><DT ->23.7. <A -HREF="#AEN3474" +>25.7. <A +HREF="#AEN3517"  >Write raw</A  ></DT  ><DT ->23.8. <A -HREF="#AEN3478" +>25.8. <A +HREF="#AEN3521"  >Slow Clients</A  ></DT  ><DT ->23.9. <A -HREF="#AEN3482" +>25.9. <A +HREF="#AEN3525"  >Slow Logins</A  ></DT  ><DT ->23.10. <A -HREF="#AEN3485" +>25.10. <A +HREF="#AEN3528"  >Client tuning</A  ></DT  ></DL  ></DD  ><DT ->24. <A +>26. <A  HREF="#PORTABILITY"  >Portability</A  ></DT  ><DD  ><DL  ><DT ->24.1. <A -HREF="#AEN3525" +>26.1. <A +HREF="#AEN3568"  >HPUX</A  ></DT  ><DT ->24.2. <A -HREF="#AEN3531" +>26.2. <A +HREF="#AEN3574"  >SCO Unix</A  ></DT  ><DT ->24.3. <A -HREF="#AEN3535" +>26.3. <A +HREF="#AEN3578"  >DNIX</A  ></DT  ><DT ->24.4. <A -HREF="#AEN3564" +>26.4. <A +HREF="#AEN3607"  >RedHat Linux Rembrandt-II</A  ></DT  ><DT ->24.5. <A -HREF="#AEN3570" +>26.5. <A +HREF="#AEN3613"  >AIX</A  ></DT  ></DL  ></DD  ><DT ->25. <A +>27. <A  HREF="#OTHER-CLIENTS"  >Samba and other CIFS clients</A  ></DT  ><DD  ><DL  ><DT ->25.1. <A -HREF="#AEN3590" +>27.1. <A +HREF="#AEN3633"  >Macintosh clients?</A  ></DT  ><DT ->25.2. <A -HREF="#AEN3599" +>27.2. <A +HREF="#AEN3642"  >OS2 Client</A  ></DT  ><DT ->25.3. <A -HREF="#AEN3639" +>27.3. <A +HREF="#AEN3682"  >Windows for Workgroups</A  ></DT  ><DT ->25.4. <A -HREF="#AEN3663" +>27.4. <A +HREF="#AEN3706"  >Windows '95/'98</A  ></DT  ><DT ->25.5. <A -HREF="#AEN3679" +>27.5. <A +HREF="#AEN3722"  >Windows 2000 Service Pack 2</A  ></DT  ></DL  ></DD  ><DT ->26. <A +>28. <A  HREF="#COMPILING"  >How to compile SAMBA</A  ></DT  ><DD  ><DL  ><DT ->26.1. <A -HREF="#AEN3706" +>28.1. <A +HREF="#AEN3749"  >Access Samba source code via CVS</A  ></DT  ><DT ->26.2. <A -HREF="#AEN3749" +>28.2. <A +HREF="#AEN3792"  >Accessing the samba sources via rsync and ftp</A  ></DT  ><DT ->26.3. <A -HREF="#AEN3755" +>28.3. <A +HREF="#AEN3798"  >Building the Binaries</A  ></DT  ><DT ->26.4. <A -HREF="#AEN3812" +>28.4. <A +HREF="#AEN3855"  >Starting the smbd and nmbd</A  ></DT  ></DL  ></DD  ><DT ->27. <A +>29. <A  HREF="#BUGREPORT"  >Reporting Bugs</A  ></DT  ><DD  ><DL  ><DT ->27.1. <A -HREF="#AEN3874" +>29.1. <A +HREF="#AEN3917"  >Introduction</A  ></DT  ><DT ->27.2. <A -HREF="#AEN3884" +>29.2. <A +HREF="#AEN3927"  >General info</A  ></DT  ><DT ->27.3. <A -HREF="#AEN3890" +>29.3. <A +HREF="#AEN3933"  >Debug levels</A  ></DT  ><DT ->27.4. <A -HREF="#AEN3907" +>29.4. <A +HREF="#AEN3950"  >Internal errors</A  ></DT  ><DT ->27.5. <A -HREF="#AEN3917" +>29.5. <A +HREF="#AEN3960"  >Attaching to a running process</A  ></DT  ><DT ->27.6. <A -HREF="#AEN3920" +>29.6. <A +HREF="#AEN3963"  >Patches</A  ></DT  ></DL  ></DD  ><DT ->28. <A +>30. <A  HREF="#DIAGNOSIS"  >The samba checklist</A  ></DT  ><DD  ><DL  ><DT ->28.1. <A -HREF="#AEN3943" +>30.1. <A +HREF="#AEN3986"  >Introduction</A  ></DT  ><DT ->28.2. <A -HREF="#AEN3948" +>30.2. <A +HREF="#AEN3991"  >Assumptions</A  ></DT  ><DT ->28.3. <A -HREF="#AEN3958" +>30.3. <A +HREF="#AEN4001"  >Tests</A  ></DT  ><DT ->28.4. <A -HREF="#AEN4068" +>30.4. <A +HREF="#AEN4111"  >Still having troubles?</A  ></DT  ></DL @@ -1304,49 +1327,30 @@ HREF="#AEN546"  ><DT  >3.7.1. <A  HREF="#AEN548" ->Building</A -></DT -><DT ->3.7.2. <A -HREF="#AEN554"  >Creating the database</A  ></DT  ><DT ->3.7.3. <A -HREF="#AEN564" +>3.7.2. <A +HREF="#AEN558"  >Configuring</A  ></DT  ><DT ->3.7.4. <A -HREF="#AEN581" +>3.7.3. <A +HREF="#AEN575"  >Using plaintext passwords or encrypted password</A  ></DT  ><DT ->3.7.5. <A -HREF="#AEN586" +>3.7.4. <A +HREF="#AEN580"  >Getting non-column data from the table</A  ></DT  ></DL  ></DD  ><DT  >3.8. <A -HREF="#AEN594" ->Passdb XML plugin</A +HREF="#AEN588" +>XML</A  ></DT -><DD -><DL -><DT ->3.8.1. <A -HREF="#AEN596" ->Building</A -></DT -><DT ->3.8.2. <A -HREF="#AEN602" ->Usage</A -></DT -></DL -></DD  ></DL  ></DD  ></DL @@ -3436,28 +3440,7 @@ CLASS="SECT2"  CLASS="SECT2"  ><A  NAME="AEN548" ->3.7.1. Building</A -></H3 -><P ->To build the plugin, run <B -CLASS="COMMAND" ->make bin/pdb_mysql.so</B -> -in the <TT -CLASS="FILENAME" ->source/</TT -> directory of samba distribution. </P -><P ->Next, copy pdb_mysql.so to any location you want. I  -strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN554" ->3.7.2. Creating the database</A +>3.7.1. Creating the database</A  ></H3  ><P  >You either can set up your own table and specify the field names to pdb_mysql (see below @@ -3492,8 +3475,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN564" ->3.7.3. Configuring</A +NAME="AEN558" +>3.7.2. Configuring</A  ></H3  ><P  >This plugin lacks some good documentation, but here is some short info:</P @@ -3507,7 +3490,7 @@ CLASS="FILENAME"  >:  <PRE  CLASS="PROGRAMLISTING" ->passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE +>passdb backend = [other-plugins] mysql:identifier [other-plugins]</PRE  ></P  ><P  >The identifier can be any string you like, as long as it doesn't collide with  @@ -3603,8 +3586,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN581" ->3.7.4. Using plaintext passwords or encrypted password</A +NAME="AEN575" +>3.7.3. Using plaintext passwords or encrypted password</A  ></H3  ><P  >I strongly discourage the use of plaintext passwords, however, you can use them:</P @@ -3618,8 +3601,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN586" ->3.7.5. Getting non-column data from the table</A +NAME="AEN580" +>3.7.4. Getting non-column data from the table</A  ></H3  ><P  >It is possible to have not all data in the database and making some 'constant'.</P @@ -3644,43 +3627,17 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN594" ->3.8. Passdb XML plugin</A +NAME="AEN588" +>3.8. XML</A  ></H2 -><DIV -CLASS="SECT2" -><H3 -CLASS="SECT2" -><A -NAME="AEN596" ->3.8.1. Building</A -></H3  ><P  >This module requires libxml2 to be installed.</P  ><P ->To build pdb_xml, run: <B -CLASS="COMMAND" ->make bin/pdb_xml.so</B -> in  -the directory <TT -CLASS="FILENAME" ->source/</TT ->. </P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN602" ->3.8.2. Usage</A -></H3 -><P  >The usage of pdb_xml is pretty straightforward. To export data, use:  <B  CLASS="COMMAND" ->pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</B +>pdbedit -e xml:filename</B  >  (where filename is the name of the file to put the data in)</P @@ -3688,14 +3645,13 @@ CLASS="COMMAND"  >To import data, use:  <B  CLASS="COMMAND" ->pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</B +>pdbedit -i xml:filename -e current-pdb</B  >  Where filename is the name to read the data from and current-pdb to put it in.</P  ></DIV  ></DIV  ></DIV -></DIV  ><DIV  CLASS="PART"  ><A @@ -3709,7 +3665,7 @@ CLASS="TITLE"  ><DIV  CLASS="PARTINTRO"  ><A -NAME="AEN610" +NAME="AEN597"  ></A  ><H1  >Introduction</H1 @@ -3733,24 +3689,24 @@ HREF="#SERVERTYPE"  ><DL  ><DT  >4.1. <A -HREF="#AEN639" +HREF="#AEN626"  >Stand Alone Server</A  ></DT  ><DT  >4.2. <A -HREF="#AEN646" +HREF="#AEN633"  >Domain Member Server</A  ></DT  ><DT  >4.3. <A -HREF="#AEN652" +HREF="#AEN639"  >Domain Controller</A  ></DT  ><DD  ><DL  ><DT  >4.3.1. <A -HREF="#AEN655" +HREF="#AEN642"  >Domain Controller Types</A  ></DT  ></DL @@ -3766,34 +3722,34 @@ HREF="#SECURITYLEVELS"  ><DL  ><DT  >5.1. <A -HREF="#AEN681" +HREF="#AEN668"  >User and Share security level</A  ></DT  ><DD  ><DL  ><DT  >5.1.1. <A -HREF="#AEN684" +HREF="#AEN671"  >User Level Security</A  ></DT  ><DT  >5.1.2. <A -HREF="#AEN694" +HREF="#AEN681"  >Share Level Security</A  ></DT  ><DT  >5.1.3. <A -HREF="#AEN698" +HREF="#AEN685"  >Server Level Security</A  ></DT  ><DT  >5.1.4. <A -HREF="#AEN737" +HREF="#AEN724"  >Domain Level Security</A  ></DT  ><DT  >5.1.5. <A -HREF="#AEN758" +HREF="#AEN745"  >ADS Level Security</A  ></DT  ></DL @@ -3809,63 +3765,63 @@ HREF="#SAMBA-PDC"  ><DL  ><DT  >6.1. <A -HREF="#AEN785" +HREF="#AEN772"  >Prerequisite Reading</A  ></DT  ><DT  >6.2. <A -HREF="#AEN790" +HREF="#AEN777"  >Background</A  ></DT  ><DT  >6.3. <A -HREF="#AEN830" +HREF="#AEN817"  >Configuring the Samba Domain Controller</A  ></DT  ><DT  >6.4. <A -HREF="#AEN872" +HREF="#AEN859"  >Creating Machine Trust Accounts and Joining Clients to the Domain</A  ></DT  ><DD  ><DL  ><DT  >6.4.1. <A -HREF="#AEN915" +HREF="#AEN902"  >Manual Creation of Machine Trust Accounts</A  ></DT  ><DT  >6.4.2. <A -HREF="#AEN956" +HREF="#AEN943"  >"On-the-Fly" Creation of Machine Trust Accounts</A  ></DT  ><DT  >6.4.3. <A -HREF="#AEN965" +HREF="#AEN952"  >Joining the Client to the Domain</A  ></DT  ></DL  ></DD  ><DT  >6.5. <A -HREF="#AEN980" +HREF="#AEN967"  >Common Problems and Errors</A  ></DT  ><DT  >6.6. <A -HREF="#AEN1026" +HREF="#AEN1013"  >What other help can I get?</A  ></DT  ><DT  >6.7. <A -HREF="#AEN1140" +HREF="#AEN1127"  >Domain Control for Windows 9x/ME</A  ></DT  ><DD  ><DL  ><DT  >6.7.1. <A -HREF="#AEN1163" +HREF="#AEN1150"  >Configuration Instructions:	Network Logons</A  ></DT  ></DL @@ -3881,53 +3837,53 @@ HREF="#SAMBA-BDC"  ><DL  ><DT  >7.1. <A -HREF="#AEN1193" +HREF="#AEN1180"  >Prerequisite Reading</A  ></DT  ><DT  >7.2. <A -HREF="#AEN1197" +HREF="#AEN1184"  >Background</A  ></DT  ><DT  >7.3. <A -HREF="#AEN1205" +HREF="#AEN1192"  >What qualifies a Domain Controller on the network?</A  ></DT  ><DD  ><DL  ><DT  >7.3.1. <A -HREF="#AEN1208" +HREF="#AEN1195"  >How does a Workstation find its domain controller?</A  ></DT  ><DT  >7.3.2. <A -HREF="#AEN1211" +HREF="#AEN1198"  >When is the PDC needed?</A  ></DT  ></DL  ></DD  ><DT  >7.4. <A -HREF="#AEN1214" +HREF="#AEN1201"  >Can Samba be a Backup Domain Controller to an NT PDC?</A  ></DT  ><DT  >7.5. <A -HREF="#AEN1219" +HREF="#AEN1206"  >How do I set up a Samba BDC?</A  ></DT  ><DD  ><DL  ><DT  >7.5.1. <A -HREF="#AEN1236" +HREF="#AEN1223"  >How do I replicate the smbpasswd file?</A  ></DT  ><DT  >7.5.2. <A -HREF="#AEN1240" +HREF="#AEN1227"  >Can I do this all with LDAP?</A  ></DT  ></DL @@ -3943,7 +3899,7 @@ HREF="#ADS"  ><DL  ><DT  >8.1. <A -HREF="#AEN1251" +HREF="#AEN1238"  >Setup your <TT  CLASS="FILENAME"  >smb.conf</TT @@ -3951,7 +3907,7 @@ CLASS="FILENAME"  ></DT  ><DT  >8.2. <A -HREF="#AEN1262" +HREF="#AEN1249"  >Setup your <TT  CLASS="FILENAME"  >/etc/krb5.conf</TT @@ -3959,31 +3915,31 @@ CLASS="FILENAME"  ></DT  ><DT  >8.3. <A -HREF="#AEN1273" +HREF="#AEN1260"  >Create the computer account</A  ></DT  ><DD  ><DL  ><DT  >8.3.1. <A -HREF="#AEN1277" +HREF="#AEN1264"  >Possible errors</A  ></DT  ></DL  ></DD  ><DT  >8.4. <A -HREF="#AEN1285" +HREF="#AEN1272"  >Test your server setup</A  ></DT  ><DT  >8.5. <A -HREF="#AEN1290" +HREF="#AEN1277"  >Testing with smbclient</A  ></DT  ><DT  >8.6. <A -HREF="#AEN1293" +HREF="#AEN1280"  >Notes</A  ></DT  ></DL @@ -3997,12 +3953,12 @@ HREF="#DOMAIN-SECURITY"  ><DL  ><DT  >9.1. <A -HREF="#AEN1315" +HREF="#AEN1302"  >Joining an NT Domain with Samba 3.0</A  ></DT  ><DT  >9.2. <A -HREF="#AEN1369" +HREF="#AEN1356"  >Why is this better than security = server?</A  ></DT  ></DL @@ -4061,7 +4017,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN639" +NAME="AEN626"  >4.1. Stand Alone Server</A  ></H2  ><P @@ -4104,7 +4060,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN646" +NAME="AEN633"  >4.2. Domain Member Server</A  ></H2  ><P @@ -4135,7 +4091,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN652" +NAME="AEN639"  >4.3. Domain Controller</A  ></H2  ><P @@ -4147,7 +4103,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN655" +NAME="AEN642"  >4.3.1. Domain Controller Types</A  ></H3  ><P @@ -4241,7 +4197,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN681" +NAME="AEN668"  >5.1. User and Share security level</A  ></H2  ><P @@ -4259,7 +4215,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN684" +NAME="AEN671"  >5.1.1. User Level Security</A  ></H3  ><P @@ -4300,7 +4256,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN694" +NAME="AEN681"  >5.1.2. Share Level Security</A  ></H3  ><P @@ -4331,7 +4287,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN698" +NAME="AEN685"  >5.1.3. Server Level Security</A  ></H3  ><P @@ -4367,7 +4323,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN703" +NAME="AEN690"  >5.1.3.1. Configuring Samba for Seemless Windows Network Integration</A  ></H4  ><P @@ -4479,7 +4435,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN729" +NAME="AEN716"  >5.1.3.2. Use MS Windows NT as an authentication server</A  ></H4  ><P @@ -4515,7 +4471,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN737" +NAME="AEN724"  >5.1.4. Domain Level Security</A  ></H3  ><P @@ -4533,7 +4489,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN741" +NAME="AEN728"  >5.1.4.1. Samba as a member of an MS Windows NT security domain</A  ></H4  ><P @@ -4596,7 +4552,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN758" +NAME="AEN745"  >5.1.5. ADS Level Security</A  ></H3  ><P @@ -4623,7 +4579,7 @@ CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN785" +NAME="AEN772"  >6.1. Prerequisite Reading</A  ></H2  ><P @@ -4646,7 +4602,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN790" +NAME="AEN777"  >6.2. Background</A  ></H2  ><P @@ -4793,7 +4749,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN830" +NAME="AEN817"  >6.3. Configuring the Samba Domain Controller</A  ></H2  ><P @@ -4990,7 +4946,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN872" +NAME="AEN859"  >6.4. Creating Machine Trust Accounts and Joining Clients to the Domain</A  ></H2  ><P @@ -5176,7 +5132,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN915" +NAME="AEN902"  >6.4.1. Manual Creation of Machine Trust Accounts</A  ></H3  ><P @@ -5346,7 +5302,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN956" +NAME="AEN943"  >6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A  ></H3  ><P @@ -5383,7 +5339,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN965" +NAME="AEN952"  >6.4.3. Joining the Client to the Domain</A  ></H3  ><P @@ -5451,7 +5407,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN980" +NAME="AEN967"  >6.5. Common Problems and Errors</A  ></H2  ><P @@ -5650,7 +5606,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1026" +NAME="AEN1013"  >6.6. What other help can I get?</A  ></H2  ><P @@ -6070,7 +6026,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1140" +NAME="AEN1127"  >6.7. Domain Control for Windows 9x/ME</A  ></H2  ><P @@ -6169,7 +6125,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1163" +NAME="AEN1150"  >6.7.1. Configuration Instructions:	Network Logons</A  ></H3  ><P @@ -6284,7 +6240,7 @@ CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN1193" +NAME="AEN1180"  >7.1. Prerequisite Reading</A  ></H2  ><P @@ -6301,7 +6257,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1197" +NAME="AEN1184"  >7.2. Background</A  ></H2  ><P @@ -6346,7 +6302,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1205" +NAME="AEN1192"  >7.3. What qualifies a Domain Controller on the network?</A  ></H2  ><P @@ -6363,7 +6319,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1208" +NAME="AEN1195"  >7.3.1. How does a Workstation find its domain controller?</A  ></H3  ><P @@ -6382,7 +6338,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1211" +NAME="AEN1198"  >7.3.2. When is the PDC needed?</A  ></H3  ><P @@ -6398,7 +6354,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1214" +NAME="AEN1201"  >7.4. Can Samba be a Backup Domain Controller to an NT PDC?</A  ></H2  ><P @@ -6421,7 +6377,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1219" +NAME="AEN1206"  >7.5. How do I set up a Samba BDC?</A  ></H2  ><P @@ -6488,7 +6444,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1236" +NAME="AEN1223"  >7.5.1. How do I replicate the smbpasswd file?</A  ></H3  ><P @@ -6509,7 +6465,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1240" +NAME="AEN1227"  >7.5.2. Can I do this all with LDAP?</A  ></H3  ><P @@ -6536,7 +6492,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1251" +NAME="AEN1238"  >8.1. Setup your <TT  CLASS="FILENAME"  >smb.conf</TT @@ -6576,7 +6532,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1262" +NAME="AEN1249"  >8.2. Setup your <TT  CLASS="FILENAME"  >/etc/krb5.conf</TT @@ -6618,7 +6574,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1273" +NAME="AEN1260"  >8.3. Create the computer account</A  ></H2  ><P @@ -6633,7 +6589,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1277" +NAME="AEN1264"  >8.3.1. Possible errors</A  ></H3  ><P @@ -6658,7 +6614,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1285" +NAME="AEN1272"  >8.4. Test your server setup</A  ></H2  ><P @@ -6678,7 +6634,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1290" +NAME="AEN1277"  >8.5. Testing with smbclient</A  ></H2  ><P @@ -6691,7 +6647,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1293" +NAME="AEN1280"  >8.6. Notes</A  ></H2  ><P @@ -6714,7 +6670,7 @@ CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN1315" +NAME="AEN1302"  >9.1. Joining an NT Domain with Samba 3.0</A  ></H2  ><P @@ -6897,7 +6853,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1369" +NAME="AEN1356"  >9.2. Why is this better than security = server?</A  ></H2  ><P @@ -7009,7 +6965,7 @@ CLASS="TITLE"  ><DIV  CLASS="PARTINTRO"  ><A -NAME="AEN1387" +NAME="AEN1374"  ></A  ><H1  >Introduction</H1 @@ -7027,81 +6983,18 @@ CLASS="TOC"  ><DT  >10. <A  HREF="#ADVANCEDNETWORKMANAGEMENT" ->System Policies</A +>Advanced Network Manangement Information</A  ></DT  ><DD  ><DL  ><DT  >10.1. <A -HREF="#AEN1401" ->Basic System Policy Info</A -></DT -><DD -><DL -><DT ->10.1.1. <A -HREF="#AEN1445" ->Creating Group Prolicy Files</A +HREF="#AEN1388" +>Remote Server Administration</A  ></DT  ></DL  ></DD  ><DT ->10.2. <A -HREF="#AEN1456" ->Roaming Profiles</A -></DT -><DD -><DL -><DT ->10.2.1. <A -HREF="#AEN1464" ->Windows NT Configuration</A -></DT -><DT ->10.2.2. <A -HREF="#AEN1473" ->Windows 9X Configuration</A -></DT -><DT ->10.2.3. <A -HREF="#AEN1481" ->Win9X and WinNT Configuration</A -></DT -><DT ->10.2.4. <A -HREF="#AEN1488" ->Windows 9X Profile Setup</A -></DT -><DT ->10.2.5. <A -HREF="#AEN1524" ->Windows NT Workstation 4.0</A -></DT -><DT ->10.2.6. <A -HREF="#AEN1532" ->Windows NT/200x Server</A -></DT -><DT ->10.2.7. <A -HREF="#AEN1535" ->Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A -></DT -><DT ->10.2.8. <A -HREF="#AEN1542" ->Windows NT 4</A -></DT -><DT ->10.2.9. <A -HREF="#AEN1580" ->Windows 2000/XP</A -></DT -></DL -></DD -></DL -></DD -><DT  >11. <A  HREF="#UNIX-PERMISSIONS"  >UNIX Permission Bits and Windows NT Access Control Lists</A @@ -7110,53 +7003,53 @@ HREF="#UNIX-PERMISSIONS"  ><DL  ><DT  >11.1. <A -HREF="#AEN1663" +HREF="#AEN1416"  >Viewing and changing UNIX permissions using the NT   	security dialogs</A  ></DT  ><DT  >11.2. <A -HREF="#AEN1667" +HREF="#AEN1420"  >How to view file security on a Samba share</A  ></DT  ><DT  >11.3. <A -HREF="#AEN1678" +HREF="#AEN1431"  >Viewing file ownership</A  ></DT  ><DT  >11.4. <A -HREF="#AEN1698" +HREF="#AEN1451"  >Viewing file or directory permissions</A  ></DT  ><DD  ><DL  ><DT  >11.4.1. <A -HREF="#AEN1713" +HREF="#AEN1466"  >File Permissions</A  ></DT  ><DT  >11.4.2. <A -HREF="#AEN1727" +HREF="#AEN1480"  >Directory Permissions</A  ></DT  ></DL  ></DD  ><DT  >11.5. <A -HREF="#AEN1734" +HREF="#AEN1487"  >Modifying file or directory permissions</A  ></DT  ><DT  >11.6. <A -HREF="#AEN1756" +HREF="#AEN1509"  >Interaction with the standard Samba create mask   	parameters</A  ></DT  ><DT  >11.7. <A -HREF="#AEN1810" +HREF="#AEN1563"  >Interaction with the standard Samba file attribute   	mapping</A  ></DT @@ -7177,17 +7070,17 @@ managed authentication</A  ><DL  ><DT  >13.1. <A -HREF="#AEN1866" +HREF="#AEN1619"  >Samba and PAM</A  ></DT  ><DT  >13.2. <A -HREF="#AEN1915" +HREF="#AEN1668"  >Distributed Authentication</A  ></DT  ><DT  >13.3. <A -HREF="#AEN1920" +HREF="#AEN1673"  >PAM Configuration in smb.conf</A  ></DT  ></DL @@ -7201,122 +7094,122 @@ HREF="#PRINTING"  ><DL  ><DT  >14.1. <A -HREF="#AEN1946" +HREF="#AEN1699"  >Introduction</A  ></DT  ><DT  >14.2. <A -HREF="#AEN1968" +HREF="#AEN1721"  >Configuration</A  ></DT  ><DD  ><DL  ><DT  >14.2.1. <A -HREF="#AEN1976" +HREF="#AEN1729"  >Creating [print$]</A  ></DT  ><DT  >14.2.2. <A -HREF="#AEN2011" +HREF="#AEN1764"  >Setting Drivers for Existing Printers</A  ></DT  ><DT  >14.2.3. <A -HREF="#AEN2027" +HREF="#AEN1780"  >Support a large number of printers</A  ></DT  ><DT  >14.2.4. <A -HREF="#AEN2038" +HREF="#AEN1791"  >Adding New Printers via the Windows NT APW</A  ></DT  ><DT  >14.2.5. <A -HREF="#AEN2068" +HREF="#AEN1821"  >Samba and Printer Ports</A  ></DT  ></DL  ></DD  ><DT  >14.3. <A -HREF="#AEN2076" +HREF="#AEN1829"  >The Imprints Toolset</A  ></DT  ><DD  ><DL  ><DT  >14.3.1. <A -HREF="#AEN2080" +HREF="#AEN1833"  >What is Imprints?</A  ></DT  ><DT  >14.3.2. <A -HREF="#AEN2090" +HREF="#AEN1843"  >Creating Printer Driver Packages</A  ></DT  ><DT  >14.3.3. <A -HREF="#AEN2093" +HREF="#AEN1846"  >The Imprints server</A  ></DT  ><DT  >14.3.4. <A -HREF="#AEN2097" +HREF="#AEN1850"  >The Installation Client</A  ></DT  ></DL  ></DD  ><DT  >14.4. <A -HREF="#AEN2119" +HREF="#AEN1872"  >Diagnosis</A  ></DT  ><DD  ><DL  ><DT  >14.4.1. <A -HREF="#AEN2121" +HREF="#AEN1874"  >Introduction</A  ></DT  ><DT  >14.4.2. <A -HREF="#AEN2137" +HREF="#AEN1890"  >Debugging printer problems</A  ></DT  ><DT  >14.4.3. <A -HREF="#AEN2146" +HREF="#AEN1899"  >What printers do I have?</A  ></DT  ><DT  >14.4.4. <A -HREF="#AEN2154" +HREF="#AEN1907"  >Setting up printcap and print servers</A  ></DT  ><DT  >14.4.5. <A -HREF="#AEN2182" +HREF="#AEN1935"  >Job sent, no output</A  ></DT  ><DT  >14.4.6. <A -HREF="#AEN2193" +HREF="#AEN1946"  >Job sent, strange output</A  ></DT  ><DT  >14.4.7. <A -HREF="#AEN2205" +HREF="#AEN1958"  >Raw PostScript printed</A  ></DT  ><DT  >14.4.8. <A -HREF="#AEN2208" +HREF="#AEN1961"  >Advanced Printing</A  ></DT  ><DT  >14.4.9. <A -HREF="#AEN2211" +HREF="#AEN1964"  >Real debugging</A  ></DT  ></DL @@ -7332,46 +7225,46 @@ HREF="#CUPS-PRINTING"  ><DL  ><DT  >15.1. <A -HREF="#AEN2231" +HREF="#AEN1984"  >Introduction</A  ></DT  ><DT  >15.2. <A -HREF="#AEN2236" +HREF="#AEN1989"  >CUPS - RAW Print Through  Mode</A  ></DT  ><DT  >15.3. <A -HREF="#AEN2291" +HREF="#AEN2044"  >The CUPS Filter Chains</A  ></DT  ><DT  >15.4. <A -HREF="#AEN2330" +HREF="#AEN2083"  >CUPS Print Drivers and Devices</A  ></DT  ><DD  ><DL  ><DT  >15.4.1. <A -HREF="#AEN2337" +HREF="#AEN2090"  >Further printing steps</A  ></DT  ></DL  ></DD  ><DT  >15.5. <A -HREF="#AEN2407" +HREF="#AEN2160"  >Limiting the number of pages users can print</A  ></DT  ><DT  >15.6. <A -HREF="#AEN2496" +HREF="#AEN2249"  >Advanced Postscript Printing from MS Windows</A  ></DT  ><DT  >15.7. <A -HREF="#AEN2511" +HREF="#AEN2264"  >Auto-Deletion of CUPS spool files</A  ></DT  ></DL @@ -7385,144 +7278,240 @@ HREF="#WINBIND"  ><DL  ><DT  >16.1. <A -HREF="#AEN2573" +HREF="#AEN2326"  >Abstract</A  ></DT  ><DT  >16.2. <A -HREF="#AEN2577" +HREF="#AEN2330"  >Introduction</A  ></DT  ><DT  >16.3. <A -HREF="#AEN2590" +HREF="#AEN2343"  >What Winbind Provides</A  ></DT  ><DD  ><DL  ><DT  >16.3.1. <A -HREF="#AEN2597" +HREF="#AEN2350"  >Target Uses</A  ></DT  ></DL  ></DD  ><DT  >16.4. <A -HREF="#AEN2601" +HREF="#AEN2354"  >How Winbind Works</A  ></DT  ><DD  ><DL  ><DT  >16.4.1. <A -HREF="#AEN2606" +HREF="#AEN2359"  >Microsoft Remote Procedure Calls</A  ></DT  ><DT  >16.4.2. <A -HREF="#AEN2610" +HREF="#AEN2363"  >Microsoft Active Directory Services</A  ></DT  ><DT  >16.4.3. <A -HREF="#AEN2613" +HREF="#AEN2366"  >Name Service Switch</A  ></DT  ><DT  >16.4.4. <A -HREF="#AEN2629" +HREF="#AEN2382"  >Pluggable Authentication Modules</A  ></DT  ><DT  >16.4.5. <A -HREF="#AEN2637" +HREF="#AEN2390"  >User and Group ID Allocation</A  ></DT  ><DT  >16.4.6. <A -HREF="#AEN2641" +HREF="#AEN2394"  >Result Caching</A  ></DT  ></DL  ></DD  ><DT  >16.5. <A -HREF="#AEN2644" +HREF="#AEN2397"  >Installation and Configuration</A  ></DT  ><DD  ><DL  ><DT  >16.5.1. <A -HREF="#AEN2649" +HREF="#AEN2402"  >Introduction</A  ></DT  ><DT  >16.5.2. <A -HREF="#AEN2662" +HREF="#AEN2415"  >Requirements</A  ></DT  ><DT  >16.5.3. <A -HREF="#AEN2676" +HREF="#AEN2429"  >Testing Things Out</A  ></DT  ></DL  ></DD  ><DT  >16.6. <A -HREF="#AEN2901" +HREF="#AEN2654"  >Limitations</A  ></DT  ><DT  >16.7. <A -HREF="#AEN2911" +HREF="#AEN2664"  >Conclusion</A  ></DT  ></DL  ></DD  ><DT  >17. <A +HREF="#POLICYMGMT" +>Policy Management - Hows and Whys</A +></DT +><DD +><DL +><DT +>17.1. <A +HREF="#AEN2678" +>System Policies</A +></DT +><DD +><DL +><DT +>17.1.1. <A +HREF="#AEN2692" +>Creating and Managing Windows 9x/Me Policies</A +></DT +><DT +>17.1.2. <A +HREF="#AEN2704" +>Creating and Managing Windows NT4 Style Policy Files</A +></DT +><DT +>17.1.3. <A +HREF="#AEN2722" +>Creating and Managing MS Windows 200x Policies</A +></DT +></DL +></DD +></DL +></DD +><DT +>18. <A +HREF="#PROFILEMGMT" +>Profile Management</A +></DT +><DD +><DL +><DT +>18.1. <A +HREF="#AEN2761" +>Roaming Profiles</A +></DT +><DD +><DL +><DT +>18.1.1. <A +HREF="#AEN2769" +>Windows NT Configuration</A +></DT +><DT +>18.1.2. <A +HREF="#AEN2778" +>Windows 9X Configuration</A +></DT +><DT +>18.1.3. <A +HREF="#AEN2786" +>Win9X and WinNT Configuration</A +></DT +><DT +>18.1.4. <A +HREF="#AEN2793" +>Windows 9X Profile Setup</A +></DT +><DT +>18.1.5. <A +HREF="#AEN2829" +>Windows NT Workstation 4.0</A +></DT +><DT +>18.1.6. <A +HREF="#AEN2837" +>Windows NT/200x Server</A +></DT +><DT +>18.1.7. <A +HREF="#AEN2840" +>Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A +></DT +><DT +>18.1.8. <A +HREF="#AEN2847" +>Windows NT 4</A +></DT +><DT +>18.1.9. <A +HREF="#AEN2885" +>Windows 2000/XP</A +></DT +></DL +></DD +></DL +></DD +><DT +>19. <A  HREF="#INTEGRATE-MS-NETWORKS"  >Integrating MS Windows networks with Samba</A  ></DT  ><DD  ><DL  ><DT ->17.1. <A -HREF="#AEN2932" +>19.1. <A +HREF="#AEN2975"  >Name Resolution in a pure Unix/Linux world</A  ></DT  ><DD  ><DL  ><DT ->17.1.1. <A -HREF="#AEN2948" +>19.1.1. <A +HREF="#AEN2991"  ><TT  CLASS="FILENAME"  >/etc/hosts</TT  ></A  ></DT  ><DT ->17.1.2. <A -HREF="#AEN2964" +>19.1.2. <A +HREF="#AEN3007"  ><TT  CLASS="FILENAME"  >/etc/resolv.conf</TT  ></A  ></DT  ><DT ->17.1.3. <A -HREF="#AEN2975" +>19.1.3. <A +HREF="#AEN3018"  ><TT  CLASS="FILENAME"  >/etc/host.conf</TT  ></A  ></DT  ><DT ->17.1.4. <A -HREF="#AEN2983" +>19.1.4. <A +HREF="#AEN3026"  ><TT  CLASS="FILENAME"  >/etc/nsswitch.conf</TT @@ -7531,35 +7520,35 @@ CLASS="FILENAME"  ></DL  ></DD  ><DT ->17.2. <A -HREF="#AEN2995" +>19.2. <A +HREF="#AEN3038"  >Name resolution as used within MS Windows networking</A  ></DT  ><DD  ><DL  ><DT ->17.2.1. <A -HREF="#AEN3007" +>19.2.1. <A +HREF="#AEN3050"  >The NetBIOS Name Cache</A  ></DT  ><DT ->17.2.2. <A -HREF="#AEN3012" +>19.2.2. <A +HREF="#AEN3055"  >The LMHOSTS file</A  ></DT  ><DT ->17.2.3. <A -HREF="#AEN3020" +>19.2.3. <A +HREF="#AEN3063"  >HOSTS file</A  ></DT  ><DT ->17.2.4. <A -HREF="#AEN3025" +>19.2.4. <A +HREF="#AEN3068"  >DNS Lookup</A  ></DT  ><DT ->17.2.5. <A -HREF="#AEN3028" +>19.2.5. <A +HREF="#AEN3071"  >WINS Lookup</A  ></DT  ></DL @@ -7567,95 +7556,95 @@ HREF="#AEN3028"  ></DL  ></DD  ><DT ->18. <A +>20. <A  HREF="#IMPROVED-BROWSING"  >Improved browsing in samba</A  ></DT  ><DD  ><DL  ><DT ->18.1. <A -HREF="#AEN3047" +>20.1. <A +HREF="#AEN3090"  >Overview of browsing</A  ></DT  ><DT ->18.2. <A -HREF="#AEN3052" +>20.2. <A +HREF="#AEN3095"  >Browsing support in samba</A  ></DT  ><DT ->18.3. <A -HREF="#AEN3060" +>20.3. <A +HREF="#AEN3103"  >Problem resolution</A  ></DT  ><DT ->18.4. <A -HREF="#AEN3069" +>20.4. <A +HREF="#AEN3112"  >Browsing across subnets</A  ></DT  ><DD  ><DL  ><DT ->18.4.1. <A -HREF="#AEN3074" +>20.4.1. <A +HREF="#AEN3117"  >How does cross subnet browsing work ?</A  ></DT  ></DL  ></DD  ><DT ->18.5. <A -HREF="#AEN3109" +>20.5. <A +HREF="#AEN3152"  >Setting up a WINS server</A  ></DT  ><DT ->18.6. <A -HREF="#AEN3128" +>20.6. <A +HREF="#AEN3171"  >Setting up Browsing in a WORKGROUP</A  ></DT  ><DT ->18.7. <A -HREF="#AEN3146" +>20.7. <A +HREF="#AEN3189"  >Setting up Browsing in a DOMAIN</A  ></DT  ><DT ->18.8. <A -HREF="#AEN3156" +>20.8. <A +HREF="#AEN3199"  >Forcing samba to be the master</A  ></DT  ><DT ->18.9. <A -HREF="#AEN3165" +>20.9. <A +HREF="#AEN3208"  >Making samba the domain master</A  ></DT  ><DT ->18.10. <A -HREF="#AEN3183" +>20.10. <A +HREF="#AEN3226"  >Note about broadcast addresses</A  ></DT  ><DT ->18.11. <A -HREF="#AEN3186" +>20.11. <A +HREF="#AEN3229"  >Multiple interfaces</A  ></DT  ></DL  ></DD  ><DT ->19. <A +>21. <A  HREF="#MSDFS"  >Hosting a Microsoft Distributed File System tree on Samba</A  ></DT  ><DD  ><DL  ><DT ->19.1. <A -HREF="#AEN3200" +>21.1. <A +HREF="#AEN3243"  >Instructions</A  ></DT  ><DD  ><DL  ><DT ->19.1.1. <A -HREF="#AEN3235" +>21.1.1. <A +HREF="#AEN3278"  >Notes</A  ></DT  ></DL @@ -7663,56 +7652,56 @@ HREF="#AEN3235"  ></DL  ></DD  ><DT ->20. <A +>22. <A  HREF="#VFS"  >Stackable VFS modules</A  ></DT  ><DD  ><DL  ><DT ->20.1. <A -HREF="#AEN3259" +>22.1. <A +HREF="#AEN3302"  >Introduction and configuration</A  ></DT  ><DT ->20.2. <A -HREF="#AEN3268" +>22.2. <A +HREF="#AEN3311"  >Included modules</A  ></DT  ><DD  ><DL  ><DT ->20.2.1. <A -HREF="#AEN3270" +>22.2.1. <A +HREF="#AEN3313"  >audit</A  ></DT  ><DT ->20.2.2. <A -HREF="#AEN3278" +>22.2.2. <A +HREF="#AEN3321"  >recycle</A  ></DT  ><DT ->20.2.3. <A -HREF="#AEN3315" +>22.2.3. <A +HREF="#AEN3358"  >netatalk</A  ></DT  ></DL  ></DD  ><DT ->20.3. <A -HREF="#AEN3322" +>22.3. <A +HREF="#AEN3365"  >VFS modules available elsewhere</A  ></DT  ><DD  ><DL  ><DT ->20.3.1. <A -HREF="#AEN3326" +>22.3.1. <A +HREF="#AEN3369"  >DatabaseFS</A  ></DT  ><DT ->20.3.2. <A -HREF="#AEN3334" +>22.3.2. <A +HREF="#AEN3377"  >vscan</A  ></DT  ></DL @@ -7720,59 +7709,59 @@ HREF="#AEN3334"  ></DL  ></DD  ><DT ->21. <A +>23. <A  HREF="#SECURING-SAMBA"  >Securing Samba</A  ></DT  ><DD  ><DL  ><DT ->21.1. <A -HREF="#AEN3348" +>23.1. <A +HREF="#AEN3391"  >Introduction</A  ></DT  ><DT ->21.2. <A -HREF="#AEN3351" +>23.2. <A +HREF="#AEN3394"  >Using host based protection</A  ></DT  ><DT ->21.3. <A -HREF="#AEN3358" +>23.3. <A +HREF="#AEN3401"  >Using interface protection</A  ></DT  ><DT ->21.4. <A -HREF="#AEN3367" +>23.4. <A +HREF="#AEN3410"  >Using a firewall</A  ></DT  ><DT ->21.5. <A -HREF="#AEN3374" +>23.5. <A +HREF="#AEN3417"  >Using a IPC$ share deny</A  ></DT  ><DT ->21.6. <A -HREF="#AEN3383" +>23.6. <A +HREF="#AEN3426"  >Upgrading Samba</A  ></DT  ></DL  ></DD  ><DT ->22. <A +>24. <A  HREF="#UNICODE"  >Unicode/Charsets</A  ></DT  ><DD  ><DL  ><DT ->22.1. <A -HREF="#AEN3397" +>24.1. <A +HREF="#AEN3440"  >What are charsets and unicode?</A  ></DT  ><DT ->22.2. <A -HREF="#AEN3406" +>24.2. <A +HREF="#AEN3449"  >Samba and charsets</A  ></DT  ></DL @@ -7786,149 +7775,29 @@ CLASS="CHAPTER"  ><A  NAME="ADVANCEDNETWORKMANAGEMENT"  ></A ->Chapter 10. System Policies</H1 +>Chapter 10. Advanced Network Manangement Information</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN1401" ->10.1. Basic System Policy Info</A +NAME="AEN1388" +>10.1. Remote Server Administration</A  ></H2  ><P ->Much of the information necessary to implement System Policies and -Roaming User Profiles in a Samba domain is the same as that for  -implementing these same items in a Windows NT 4.0 domain.  -You should read the white paper <A -HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp" -TARGET="_top" ->Implementing -Profiles and Policies in Windows NT 4.0</A -> available from Microsoft.</P -><P ->Here are some additional details:</P -><P -></P -><UL -><LI -><P ->	<SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->What about Windows NT Policy Editor?</I -></SPAN -> -	</P -><P ->	To create or edit <TT -CLASS="FILENAME" ->ntconfig.pol</TT -> you must use  -	the NT Server Policy Editor, <B -CLASS="COMMAND" ->poledit.exe</B ->	which  -	is included with NT Server but <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->not NT Workstation</I -></SPAN ->.  -	There is a Policy Editor on a NTws  -	but it is not suitable for creating <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Domain Policies</I -></SPAN ->.  -	Further, although the Windows 95  -	Policy Editor can be installed on an NT Workstation/Server, it will not -	work with NT policies because the registry key that are set by the policy templates.  -	However, the files from the NT Server will run happily enough on an NTws. 	 -	You need <TT -CLASS="FILENAME" ->poledit.exe, common.adm</TT -> and <TT -CLASS="FILENAME" ->winnt.adm</TT ->. It is convenient -	to put the two *.adm files in <TT -CLASS="FILENAME" ->c:\winnt\inf</TT -> which is where -	the binary will look for them unless told otherwise. Note also that that  -	directory is 'hidden'. -	</P -><P ->	The Windows NT policy editor is also included with the Service Pack 3 (and  -	later) for Windows NT 4.0. Extract the files using <B -CLASS="COMMAND" ->servicepackname /x</B ->,  -	i.e. that's <B -CLASS="COMMAND" ->Nt4sp6ai.exe /x</B -> for service pack 6a.  The policy editor,  -	<B -CLASS="COMMAND" ->poledit.exe</B -> and the associated template files (*.adm) should -	be extracted as well.  It is also possible to downloaded the policy template  -	files for Office97 and get a copy of the policy editor.  Another possible  -	location is with the Zero Administration Kit available for download from Microsoft. -	</P -></LI -><LI -><P ->	<SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Can Win95 do Policies?</I -></SPAN -> -	</P -><P ->	Install the group policy handler for Win9x to pick up group  -	policies.   Look on the Win98 CD in <TT -CLASS="FILENAME" ->\tools\reskit\netadmin\poledit</TT ->.  -	Install group policies on a Win9x client by double-clicking  -	<TT -CLASS="FILENAME" ->grouppol.inf</TT ->. Log off and on again a couple of  -	times and see if Win98 picks up group policies.  Unfortunately this needs  -	to be done on every Win9x machine that uses group policies.... -	</P -><P ->	If group policies don't work one reports suggests getting the updated  -	(read: working) grouppol.dll for Windows 9x. The group list is grabbed  -	from /etc/group. -	</P -></LI -><LI -><P ->	<SPAN +><SPAN  CLASS="emphasis"  ><I  CLASS="EMPHASIS"  >How do I get 'User Manager' and 'Server Manager'</I  ></SPAN -> -	</P +></P  ><P ->	Since I don't need to buy an NT Server CD now, how do I get  -	the 'User Manager for Domains', the 'Server Manager'? -	</P +>Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains', +the 'Server Manager'?</P  ><P ->	Microsoft distributes a version of these tools called nexus for  -	installation on Windows 95 systems.  The tools set includes -	</P +>Microsoft distributes a version of these tools called nexus for installation on Windows 95 +systems.  The tools set includes:</P  ><P  ></P  ><UL @@ -7946,890 +7815,19 @@ CLASS="EMPHASIS"  ></LI  ></UL  ><P ->	Click here to download the archived file <A +>Click here to download the archived file <A  HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE"  TARGET="_top"  >ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A -> -	</P +></P  ><P ->	The Windows NT 4.0 version of the 'User Manager for  -	Domains' and 'Server Manager' are available from Microsoft via ftp  -	from <A +>The Windows NT 4.0 version of the 'User Manager for  +Domains' and 'Server Manager' are available from Microsoft via ftp  +from <A  HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE"  TARGET="_top"  >ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A -> -	</P -></LI -></UL -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1445" ->10.1.1. Creating Group Prolicy Files</A -></H3 -><DIV -CLASS="SECT3" -><H4 -CLASS="SECT3" -><A -NAME="AEN1447" ->10.1.1.1. Windows '9x</A -></H4 -><P ->You need the Win98 Group Policy Editor to -set Group Profiles up under Windows '9x. It can be found on the Original -full product Win98 installation CD under  -<TT -CLASS="FILENAME" ->tools/reskit/netadmin/poledit</TT ->.  You install this -using the Add/Remove Programs facility and then click on the 'Have Disk' -tab.</P -><P ->Use the Group Policy Editor to create a policy file that specifies the -location of user profiles and/or the <TT -CLASS="FILENAME" ->My Documents</TT -> etc. -stuff. You then save these settings in a file called -<TT -CLASS="FILENAME" ->Config.POL</TT -> that needs to be placed in -the root of the [NETLOGON] share. If your Win98 is configured to log onto -the Samba Domain, it will automatically read this file and update the -Win9x/Me registry of the machine that is logging on.</P -><P ->All of this is covered in the Win98 Resource Kit documentation.</P -><P ->If you do not do it this way, then every so often Win9x/Me will check the -integrity of the registry and will restore it's settings from the back-up -copy of the registry it stores on each Win9x/Me machine. Hence, you will -occasionally notice things changing back to the original settings.</P -></DIV -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H2 -CLASS="SECT1" -><A -NAME="AEN1456" ->10.2. Roaming Profiles</A -></H2 -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" -HSPACE="5" -ALT="Warning"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->NOTE!</I -></SPAN -> Roaming profiles support is different for Win9X and WinNT.</P -></TD -></TR -></TABLE -></DIV -><P ->Before discussing how to configure roaming profiles, it is useful to see how -Win9X and WinNT clients implement these features.</P -><P ->Win9X clients send a NetUserGetInfo request to the server to get the user's -profiles location. However, the response does not have room for a separate  -profiles location field, only the user's home share. This means that Win9X  -profiles are restricted to being in the user's home directory.</P -><P ->WinNT clients send a NetSAMLogon RPC request, which contains many fields,  -including a separate field for the location of the user's profiles.  -This means that support for profiles is different for Win9X and WinNT.</P -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1464" ->10.2.1. Windows NT Configuration</A -></H3 -><P ->To support WinNT clients, in the [global] section of smb.conf set the -following (for example):</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE -></P -><P ->The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile.  The \\N%\%U service is created -automatically by the [homes] service. -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. </P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->homes</I -></SPAN -> -meta-service name as part of the profile share path.</P -></TD -></TR -></TABLE -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1473" ->10.2.2. Windows 9X Configuration</A -></H3 -><P ->To support Win9X clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter.</P -><P ->By using the logon home parameter, you are restricted to putting Win9X  -profiles in the user's home directory.   But wait! There is a trick you  -can use. If you set the following in the [global] section of your  -smb.conf file:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon home = \\%L\%U\.profiles</PRE -></P -><P ->then your Win9X clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden).</P -><P ->Not only that, but 'net use/home' will also work, because of a feature in  -Win9X. It removes any directory stuff off the end of the home directory area -and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home".</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1481" ->10.2.3. Win9X and WinNT Configuration</A -></H3 -><P ->You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon home = \\%L\%U\.profiles -logon path = \\%L\profiles\%U</PRE -></P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->I have not checked what 'net use /home' does on NT when "logon home" is -set as above.</P -></TD -></TR -></TABLE -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1488" ->10.2.4. Windows 9X Profile Setup</A -></H3 -><P ->When a user first logs in on Windows 9X, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood".   -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each.  You will need to use the [global] -options "preserve case = yes", "short preserve case = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders.</P -><P ->The user.DAT file contains all the user's preferences.  If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file.</P -><P  ></P -><OL -TYPE="1" -><LI -><P ->	On the Windows 95 machine, go to Control Panel | Passwords and -	select the User Profiles tab.  Select the required level of -	roaming preferences.  Press OK, but do _not_ allow the computer -	to reboot. -	</P -></LI -><LI -><P ->	On the Windows 95 machine, go to Control Panel | Network | -	Client for Microsoft Networks | Preferences.  Select 'Log on to -	NT Domain'.  Then, ensure that the Primary Logon is 'Client for -	Microsoft Networks'.  Press OK, and this time allow the computer -	to reboot. -	</P -></LI -></OL -><P ->Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server.  If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me.</P -><P ->You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password].  Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password.</P -><P ->Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences?  Select 'yes'.</P -><P ->Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created.</P -><P ->These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set.</P -><P ->If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile.  Basically, if -you have any errors reported by the w95 machine, check the Unix file -permissions and ownership rights on the profile directory contents, -on the samba server.</P -><P ->If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below.  When this user then next logs in, -they will be told that they are logging in "for the first time".</P -><P -></P -><OL -TYPE="1" -><LI -><P ->	instead of logging in under the [user, password, domain] dialog, -	press escape. -	</P -></LI -><LI -><P ->	run the regedit.exe program, and look in: -	</P -><P ->	HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList -	</P -><P ->	you will find an entry, for each user, of ProfilePath.  Note the -	contents of this key (likely to be c:\windows\profiles\username), -	then delete the key ProfilePath for the required user. -	</P -><P ->	[Exit the registry editor]. -	</P -></LI -><LI -><P ->	<SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->WARNING</I -></SPAN -> - before deleting the contents of the  -	directory listed in -   the ProfilePath (this is likely to be c:\windows\profiles\username), -   ask them if they have any important files stored on their desktop -   or in their start menu.  delete the contents of the directory -   ProfilePath (making a backup if any of the files are needed). -	</P -><P ->   This will have the effect of removing the local (read-only hidden -   system file) user.DAT in their profile directory, as well as the -   local "desktop", "nethood", "start menu" and "programs" folders. -	</P -></LI -><LI -><P ->	search for the user's .PWL password-caching file in the c:\windows -	directory, and delete it. -	</P -></LI -><LI -><P ->	log off the windows 95 client. -	</P -></LI -><LI -><P ->	check the contents of the profile path (see "logon path" described -	above), and delete the user.DAT or user.MAN file for the user, -	making a backup if required.   -	</P -></LI -></OL -><P ->If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports.</P -><P ->If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server.  Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1524" ->10.2.5. Windows NT Workstation 4.0</A -></H3 -><P ->When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created.  The profile location can be now specified -through the "logon path" parameter.  </P -><P ->There is a parameter that is now available for use with NT Profiles: -"logon drive".  This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter.</P -><P ->The entry for the NT 4.0 profile is a _directory_ not a file.  The NT -help on profiles mentions that a directory is also created with a .PDS -extension.  The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension -for those situations where it might be created.)</P -><P ->In the profile directory, NT creates more folders than 95.  It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs".  The profile itself is stored in a file -NTuser.DAT.  Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown.</P -><P ->You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you).  The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one.</P -><P ->The case of the profile is significant.  The file must be called -NTuser.DAT or, for a mandatory profile, NTuser.MAN.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1532" ->10.2.6. Windows NT/200x Server</A -></H3 -><P ->There is nothing to stop you specifying any path that you like for the -location of users' profiles.  Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1535" ->10.2.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A -></H3 -><P ->Sharing of desktop profiles between Windows versions is NOT recommended. -Desktop profiles are an evolving phenomenon and profiles for later versions -of MS Windows clients add features that may interfere with earlier versions -of MS Windows clients. Probably the more salient reason to NOT mix profiles -is that when logging off an earlier version of MS Windows the older format -of profile contents may overwrite information that belongs to the newer -version resulting in loss of profile information content when that user logs -on again with the newer version of MS Windows.</P -><P ->If you then want to share the same Start Menu / Desktop with W9x/Me, you will -need to specify a common location for the profiles. The smb.conf parameters -that need to be common are <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->logon path</I -></SPAN -> and -<SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->logon home</I -></SPAN ->.</P -><P ->If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1542" ->10.2.8. Windows NT 4</A -></H3 -><P ->Unfortunately, the Resource Kit info is Win NT4 or 200x specific.</P -><P ->Here is a quick guide:</P -><P -></P -><UL -><LI -><P ->On your NT4 Domain Controller, right click on 'My Computer', then -select the tab labelled 'User Profiles'.</P -></LI -><LI -><P ->Select a user profile you want to migrate and click on it.</P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="90%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->I am using the term "migrate" lossely. You can copy a profile to -create a group profile. You can give the user 'Everyone' rights to the -profile you copy this to. That is what you need to do, since your samba -domain is not a member of a trust relationship with your NT4 PDC.</P -></TD -></TR -></TABLE -></DIV -></LI -><LI -><P ->Click the 'Copy To' button.</P -></LI -><LI -><P ->In the box labelled 'Copy Profile to' add your new path, eg: -<TT -CLASS="FILENAME" ->c:\temp\foobar</TT -></P -></LI -><LI -><P ->Click on the button labelled 'Change' in the "Permitted to use" box.</P -></LI -><LI -><P ->Click on the group 'Everyone' and then click OK. This closes the -'chose user' box.</P -></LI -><LI -><P ->Now click OK.</P -></LI -></UL -><P ->Follow the above for every profile you need to migrate.</P -><DIV -CLASS="SECT3" -><HR><H4 -CLASS="SECT3" -><A -NAME="AEN1565" ->10.2.8.1. Side bar Notes</A -></H4 -><P ->You should obtain the SID of your NT4 domain. You can use smbpasswd to do -this. Read the man page.</P -><P ->With Samba-3.0.0 alpha code you can import all you NT4 domain accounts -using the net samsync method. This way you can retain your profile -settings as well as all your users.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H4 -CLASS="SECT3" -><A -NAME="AEN1569" ->10.2.8.2. Mandatory profiles</A -></H4 -><P ->The above method can be used to create mandatory profiles also. To convert -a group profile into a mandatory profile simply locate the NTUser.DAT file -in the copied profile and rename it to NTUser.MAN.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H4 -CLASS="SECT3" -><A -NAME="AEN1572" ->10.2.8.3. moveuser.exe</A -></H4 -><P ->The W2K professional resource kit has moveuser.exe. moveuser.exe changes -the security of a profile from one user to another.  This allows the account  -domain to change, and/or the user name to change.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H4 -CLASS="SECT3" -><A -NAME="AEN1575" ->10.2.8.4. Get SID</A -></H4 -><P ->You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 -Resource Kit.</P -><P ->Windows NT 4.0 stores the local profile information in the registry under -the following key: -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P -><P ->Under the ProfileList key, there will be subkeys named with the SIDs of the -users who have logged on to this computer. (To find the profile information -for the user whose locally cached profile you want to move, find the SID for -the user with the GetSID.exe utility.) Inside of the appropriate user's -subkey, you will see a string value named ProfileImagePath.</P -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H3 -CLASS="SECT2" -><A -NAME="AEN1580" ->10.2.9. Windows 2000/XP</A -></H3 -><P ->You must first convert the profile from a local profile to a domain -profile on the MS Windows workstation as follows:</P -><P -></P -><UL -><LI -><P ->Log on as the LOCAL workstation administrator.</P -></LI -><LI -><P ->Right click on the 'My Computer' Icon, select 'Properties'</P -></LI -><LI -><P ->Click on the 'User Profiles' tab</P -></LI -><LI -><P ->Select the profile you wish to convert (click on it once)</P -></LI -><LI -><P ->Click on the button 'Copy To'</P -></LI -><LI -><P ->In the "Permitted to use" box, click on the 'Change' button.</P -></LI -><LI -><P ->Click on the 'Look in" area that lists the machine name, when you click -here it will open up a selection box. Click on the domain to which the -profile must be accessible.</P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="90%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->You will need to log on if a logon box opens up. Eg: In the connect -as: MIDEARTH\root, password: mypassword.</P -></TD -></TR -></TABLE -></DIV -></LI -><LI -><P ->To make the profile capable of being used by anyone select 'Everyone'</P -></LI -><LI -><P ->Click OK. The Selection box will close.</P -></LI -><LI -><P ->Now click on the 'Ok' button to create the profile in the path you -nominated.</P -></LI -></UL -><P ->Done. You now have a profile that can be editted using the samba-3.0.0 -profiles tool.</P -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->Under NT/2K the use of mandotory profiles forces the use of MS Exchange -storage of mail data. That keeps desktop profiles usable.</P -></TD -></TR -></TABLE -></DIV -><DIV -CLASS="NOTE" -><P -></P -><TABLE -CLASS="NOTE" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" -HSPACE="5" -ALT="Note"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P -></P -><UL -><LI -><P ->This is a security check new to Windows XP (or maybe only -Windows XP service pack 1).  It can be disabled via a group policy in -Active Directory.  The policy is:</P -><P ->"Computer Configuration\Administrative Templates\System\User -Profiles\Do not check for user ownership of Roaming Profile Folders"</P -><P ->...and it should be set to "Enabled". -Does the new version of samba have an Active Directory analogue?  If so, -then you may be able to set the policy through this.</P -><P ->If you cannot set group policies in samba, then you may be able to set -the policy locally on each machine.  If you want to try this, then do -the following (N.B. I don't know for sure that this will work in the -same way as a domain group policy):</P -></LI -><LI -><P ->On the XP workstation log in with an Administrator account.</P -></LI -><LI -><P ->Click: "Start", "Run"</P -></LI -><LI -><P ->Type: "mmc"</P -></LI -><LI -><P ->Click: "OK"</P -></LI -><LI -><P ->A Microsoft Management Console should appear.</P -></LI -><LI -><P ->Click: File, "Add/Remove Snap-in...", "Add"</P -></LI -><LI -><P ->Double-Click: "Group Policy"</P -></LI -><LI -><P ->Click: "Finish", "Close"</P -></LI -><LI -><P ->Click: "OK"</P -></LI -><LI -><P ->In the "Console Root" window:</P -></LI -><LI -><P ->Expand: "Local Computer Policy", "Computer Configuration",</P -></LI -><LI -><P ->"Administrative Templates", "System", "User Profiles"</P -></LI -><LI -><P ->Double-Click: "Do not check for user ownership of Roaming Profile</P -></LI -><LI -><P ->Folders"</P -></LI -><LI -><P ->Select: "Enabled"</P -></LI -><LI -><P ->Click: OK"</P -></LI -><LI -><P ->Close the whole console.  You do not need to save the settings (this -refers to the console settings rather than the policies you have -changed).</P -></LI -><LI -><P ->Reboot</P -></LI -></UL -></TD -></TR -></TABLE -></DIV -></DIV  ></DIV  ></DIV  ><DIV @@ -8844,7 +7842,7 @@ CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN1663" +NAME="AEN1416"  >11.1. Viewing and changing UNIX permissions using the NT   	security dialogs</A  ></H2 @@ -8862,7 +7860,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1667" +NAME="AEN1420"  >11.2. How to view file security on a Samba share</A  ></H2  ><P @@ -8931,7 +7929,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1678" +NAME="AEN1431"  >11.3. Viewing file ownership</A  ></H2  ><P @@ -9017,7 +8015,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1698" +NAME="AEN1451"  >11.4. Viewing file or directory permissions</A  ></H2  ><P @@ -9071,7 +8069,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1713" +NAME="AEN1466"  >11.4.1. File Permissions</A  ></H3  ><P @@ -9133,7 +8131,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1727" +NAME="AEN1480"  >11.4.2. Directory Permissions</A  ></H3  ><P @@ -9165,7 +8163,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1734" +NAME="AEN1487"  >11.5. Modifying file or directory permissions</A  ></H2  ><P @@ -9261,7 +8259,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1756" +NAME="AEN1509"  >11.6. Interaction with the standard Samba create mask   	parameters</A  ></H2 @@ -9455,7 +8453,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1810" +NAME="AEN1563"  >11.7. Interaction with the standard Samba file attribute   	mapping</A  ></H2 @@ -9612,7 +8610,7 @@ CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN1866" +NAME="AEN1619"  >13.1. Samba and PAM</A  ></H2  ><P @@ -9889,7 +8887,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1915" +NAME="AEN1668"  >13.2. Distributed Authentication</A  ></H2  ><P @@ -9915,7 +8913,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1920" +NAME="AEN1673"  >13.3. PAM Configuration in smb.conf</A  ></H2  ><P @@ -9963,7 +8961,7 @@ CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN1946" +NAME="AEN1699"  >14.1. Introduction</A  ></H2  ><P @@ -10046,7 +9044,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN1968" +NAME="AEN1721"  >14.2. Configuration</A  ></H2  ><DIV @@ -10108,7 +9106,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN1976" +NAME="AEN1729"  >14.2.1. Creating [print$]</A  ></H3  ><P @@ -10325,7 +9323,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2011" +NAME="AEN1764"  >14.2.2. Setting Drivers for Existing Printers</A  ></H3  ><P @@ -10397,7 +9395,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2027" +NAME="AEN1780"  >14.2.3. Support a large number of printers</A  ></H3  ><P @@ -10463,7 +9461,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2038" +NAME="AEN1791"  >14.2.4. Adding New Printers via the Windows NT APW</A  ></H3  ><P @@ -10618,7 +9616,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2068" +NAME="AEN1821"  >14.2.5. Samba and Printer Ports</A  ></H3  ><P @@ -10653,7 +9651,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2076" +NAME="AEN1829"  >14.3. The Imprints Toolset</A  ></H2  ><P @@ -10671,7 +9669,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2080" +NAME="AEN1833"  >14.3.1. What is Imprints?</A  ></H3  ><P @@ -10703,7 +9701,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2090" +NAME="AEN1843"  >14.3.2. Creating Printer Driver Packages</A  ></H3  ><P @@ -10719,7 +9717,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2093" +NAME="AEN1846"  >14.3.3. The Imprints server</A  ></H3  ><P @@ -10743,7 +9741,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2097" +NAME="AEN1850"  >14.3.4. The Installation Client</A  ></H3  ><P @@ -10837,7 +9835,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2119" +NAME="AEN1872"  >14.4. Diagnosis</A  ></H2  ><DIV @@ -10845,7 +9843,7 @@ CLASS="SECT2"  ><H3  CLASS="SECT2"  ><A -NAME="AEN2121" +NAME="AEN1874"  >14.4.1. Introduction</A  ></H3  ><P @@ -10920,7 +9918,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2137" +NAME="AEN1890"  >14.4.2. Debugging printer problems</A  ></H3  ><P @@ -10977,7 +9975,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2146" +NAME="AEN1899"  >14.4.3. What printers do I have?</A  ></H3  ><P @@ -11006,7 +10004,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2154" +NAME="AEN1907"  >14.4.4. Setting up printcap and print servers</A  ></H3  ><P @@ -11090,7 +10088,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2182" +NAME="AEN1935"  >14.4.5. Job sent, no output</A  ></H3  ><P @@ -11135,7 +10133,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2193" +NAME="AEN1946"  >14.4.6. Job sent, strange output</A  ></H3  ><P @@ -11181,7 +10179,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2205" +NAME="AEN1958"  >14.4.7. Raw PostScript printed</A  ></H3  ><P @@ -11196,7 +10194,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2208" +NAME="AEN1961"  >14.4.8. Advanced Printing</A  ></H3  ><P @@ -11212,7 +10210,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2211" +NAME="AEN1964"  >14.4.9. Real debugging</A  ></H3  ><P @@ -11233,7 +10231,7 @@ CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN2231" +NAME="AEN1984"  >15.1. Introduction</A  ></H2  ><P @@ -11261,7 +10259,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2236" +NAME="AEN1989"  >15.2. CUPS - RAW Print Through  Mode</A  ></H2  ><P @@ -11547,7 +10545,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2291" +NAME="AEN2044"  >15.3. The CUPS Filter Chains</A  ></H2  ><P @@ -11995,7 +10993,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2330" +NAME="AEN2083"  >15.4. CUPS Print Drivers and Devices</A  ></H2  ><P @@ -12025,7 +11023,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2337" +NAME="AEN2090"  >15.4.1. Further printing steps</A  ></H3  ><P @@ -12349,7 +11347,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2407" +NAME="AEN2160"  >15.5. Limiting the number of pages users can print</A  ></H2  ><P @@ -12872,7 +11870,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2496" +NAME="AEN2249"  >15.6. Advanced Postscript Printing from MS Windows</A  ></H2  ><P @@ -12963,7 +11961,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2511" +NAME="AEN2264"  >15.7. Auto-Deletion of CUPS spool files</A  ></H2  ><P @@ -13099,7 +12097,7 @@ CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN2573" +NAME="AEN2326"  >16.1. Abstract</A  ></H2  ><P @@ -13126,7 +12124,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2577" +NAME="AEN2330"  >16.2. Introduction</A  ></H2  ><P @@ -13180,7 +12178,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2590" +NAME="AEN2343"  >16.3. What Winbind Provides</A  ></H2  ><P @@ -13222,7 +12220,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2597" +NAME="AEN2350"  >16.3.1. Target Uses</A  ></H3  ><P @@ -13246,7 +12244,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2601" +NAME="AEN2354"  >16.4. How Winbind Works</A  ></H2  ><P @@ -13266,7 +12264,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2606" +NAME="AEN2359"  >16.4.1. Microsoft Remote Procedure Calls</A  ></H3  ><P @@ -13292,7 +12290,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2610" +NAME="AEN2363"  >16.4.2. Microsoft Active Directory Services</A  ></H3  ><P @@ -13311,7 +12309,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2613" +NAME="AEN2366"  >16.4.3. Name Service Switch</A  ></H3  ><P @@ -13391,7 +12389,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2629" +NAME="AEN2382"  >16.4.4. Pluggable Authentication Modules</A  ></H3  ><P @@ -13440,7 +12438,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2637" +NAME="AEN2390"  >16.4.5. User and Group ID Allocation</A  ></H3  ><P @@ -13466,7 +12464,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2641" +NAME="AEN2394"  >16.4.6. Result Caching</A  ></H3  ><P @@ -13489,7 +12487,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2644" +NAME="AEN2397"  >16.5. Installation and Configuration</A  ></H2  ><P @@ -13508,7 +12506,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2649" +NAME="AEN2402"  >16.5.1. Introduction</A  ></H3  ><P @@ -13567,7 +12565,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2662" +NAME="AEN2415"  >16.5.2. Requirements</A  ></H3  ><P @@ -13637,7 +12635,7 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2676" +NAME="AEN2429"  >16.5.3. Testing Things Out</A  ></H3  ><P @@ -13682,7 +12680,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN2687" +NAME="AEN2440"  >16.5.3.1. Configure and compile SAMBA</A  ></H4  ><P @@ -13748,7 +12746,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN2706" +NAME="AEN2459"  >16.5.3.2. Configure <TT  CLASS="FILENAME"  >nsswitch.conf</TT @@ -13853,7 +12851,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN2739" +NAME="AEN2492"  >16.5.3.3. Configure smb.conf</A  ></H4  ><P @@ -13928,7 +12926,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN2755" +NAME="AEN2508"  >16.5.3.4. Join the SAMBA server to the PDC domain</A  ></H4  ><P @@ -13966,7 +12964,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN2766" +NAME="AEN2519"  >16.5.3.5. Start up the winbindd daemon and test it!</A  ></H4  ><P @@ -14102,7 +13100,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN2806" +NAME="AEN2559"  >16.5.3.6. Fix the init.d startup scripts</A  ></H4  ><DIV @@ -14110,7 +13108,7 @@ CLASS="SECT4"  ><H5  CLASS="SECT4"  ><A -NAME="AEN2808" +NAME="AEN2561"  >16.5.3.6.1. Linux</A  ></H5  ><P @@ -14220,7 +13218,7 @@ CLASS="SECT4"  ><HR><H5  CLASS="SECT4"  ><A -NAME="AEN2828" +NAME="AEN2581"  >16.5.3.6.2. Solaris</A  ></H5  ><P @@ -14304,7 +13302,7 @@ CLASS="SECT4"  ><HR><H5  CLASS="SECT4"  ><A -NAME="AEN2838" +NAME="AEN2591"  >16.5.3.6.3. Restarting</A  ></H5  ><P @@ -14328,7 +13326,7 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN2844" +NAME="AEN2597"  >16.5.3.7. Configure Winbind and PAM</A  ></H4  ><P @@ -14386,7 +13384,7 @@ CLASS="SECT4"  ><HR><H5  CLASS="SECT4"  ><A -NAME="AEN2861" +NAME="AEN2614"  >16.5.3.7.1. Linux/FreeBSD-specific PAM configuration</A  ></H5  ><P @@ -14515,7 +13513,7 @@ CLASS="SECT4"  ><HR><H5  CLASS="SECT4"  ><A -NAME="AEN2894" +NAME="AEN2647"  >16.5.3.7.2. Solaris-specific configuration</A  ></H5  ><P @@ -14602,7 +13600,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2901" +NAME="AEN2654"  >16.6. Limitations</A  ></H2  ><P @@ -14644,7 +13642,7 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2911" +NAME="AEN2664"  >16.7. Conclusion</A  ></H2  ><P @@ -14660,9 +13658,1182 @@ NAME="AEN2911"  CLASS="CHAPTER"  ><HR><H1  ><A +NAME="POLICYMGMT" +></A +>Chapter 17. Policy Management - Hows and Whys</H1 +><DIV +CLASS="SECT1" +><H2 +CLASS="SECT1" +><A +NAME="AEN2678" +>17.1. System Policies</A +></H2 +><P +>Under MS Windows platforms, particularly those following the release of MS Windows +NT4 and MS Windows 95) it is possible to create a type of file that would be placed +in the NETLOGON share of a domain controller. As the client logs onto the network +this file is read and the contents initiate changes to the registry of the client +machine. This file allows changes to be made to those parts of the registry that +affect users, groups of users, or machines.</P +><P +>For MS Windows 9x/Me this file must be called <TT +CLASS="FILENAME" +>Config.POL</TT +> and may +be generated using a tool called <TT +CLASS="FILENAME" +>poledit.exe</TT +>, better known as the +Policy Editor. The policy editor was provided on the Windows 98 installation CD, but +dissappeared again with the introduction of MS Windows Me (Millenium Edition). From +comments from MS Windows network administrators it would appear that this tool became +a part of the MS Windows Me Resource Kit.</P +><P +>MS Windows NT4 Server products include the <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>System Policy Editor</I +></SPAN +> +under the <TT +CLASS="FILENAME" +>Start->Programs->Administrative Tools</TT +> menu item. +For MS Windows NT4 and later clients this file must be called <TT +CLASS="FILENAME" +>NTConfig.POL</TT +>.</P +><P +>New with the introduction of MS Windows 2000 was the Microsoft Management Console +or MMC.  This tool is the new wave in the ever changing landscape of Microsoft +methods for management of network access and security. Every new Microsoft product +or technology seems to obsolete the old rules and to introduce newer and more +complex tools and methods. To Microsoft's credit though, the MMC does appear to +be a step forward, but improved functionality comes at a great price.</P +><P +>Before embarking on the configuration of network and system policies it is highly +advisable to read the documentation available from Microsoft's web site from +<A +HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp" +TARGET="_top" +>Implementing Profiles and Policies in Windows NT 4.0</A +> available from Microsoft. +There are a large number of documents in addition to this old one that should also +be read and understood. Try searching on the Microsoft web site for "Group Policies".</P +><P +>What follows is a very discussion with some helpful notes. The information provided +here is incomplete - you are warned.</P +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2692" +>17.1.1. Creating and Managing Windows 9x/Me Policies</A +></H3 +><P +>You need the Win98 Group Policy Editor to set Group Profiles up under Windows 9x/Me. +It can be found on the Original full product Win98 installation CD under +<TT +CLASS="FILENAME" +>tools/reskit/netadmin/poledit</TT +>.  You install this using the +Add/Remove Programs facility and then click on the 'Have Disk' tab.</P +><P +>Use the Group Policy Editor to create a policy file that specifies the location of +user profiles and/or the <TT +CLASS="FILENAME" +>My Documents</TT +> etc.  stuff. You then +save these settings in a file called <TT +CLASS="FILENAME" +>Config.POL</TT +> that needs to +be placed in the root of the [NETLOGON] share. If your Win98 is configured to log onto +the Samba Domain, it will automatically read this file and update the Win9x/Me registry +of the machine that is logging on.</P +><P +>Further details are covered in the Win98 Resource Kit documentation.</P +><P +>If you do not do it this way, then every so often Win9x/Me will check the +integrity of the registry and will restore it's settings from the back-up +copy of the registry it stores on each Win9x/Me machine. Hence, you will +occasionally notice things changing back to the original settings.</P +><P +>Install the group policy handler for Win9x to pick up group policies. Look on the +Win98 CD in <TT +CLASS="FILENAME" +>\tools\reskit\netadmin\poledit</TT +>. +Install group policies on a Win9x client by double-clicking +<TT +CLASS="FILENAME" +>grouppol.inf</TT +>. Log off and on again a couple of times and see +if Win98 picks up group policies.  Unfortunately this needs to be done on every +Win9x/Me machine that uses group policies.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2704" +>17.1.2. Creating and Managing Windows NT4 Style Policy Files</A +></H3 +><P +>To create or edit <TT +CLASS="FILENAME" +>ntconfig.pol</TT +> you must use the NT Server +Policy Editor, <B +CLASS="COMMAND" +>poledit.exe</B +> which is included with NT4 Server +but <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>not NT Workstation</I +></SPAN +>. There is a Policy Editor on a NT4 +Workstation but it is not suitable for creating <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Domain Policies</I +></SPAN +>. +Further, although the Windows 95 Policy Editor can be installed on an NT4 +Workstation/Server, it will not work with NT clients. However, the files from +the NT Server will run happily enough on an NT4 Workstation.</P +><P +>You need <TT +CLASS="FILENAME" +>poledit.exe, common.adm</TT +> and <TT +CLASS="FILENAME" +>winnt.adm</TT +>. +It is convenient to put the two *.adm files in  the <TT +CLASS="FILENAME" +>c:\winnt\inf</TT +>  +directory which is where the binary will look for them unless told otherwise. Note also that that +directory is normally 'hidden'.</P +><P +>The Windows NT policy editor is also included with the Service Pack 3 (and +later) for Windows NT 4.0. Extract the files using <B +CLASS="COMMAND" +>servicepackname /x</B +>, +i.e. that's <B +CLASS="COMMAND" +>Nt4sp6ai.exe /x</B +> for service pack 6a.  The policy editor, +<B +CLASS="COMMAND" +>poledit.exe</B +> and the associated template files (*.adm) should +be extracted as well.  It is also possible to downloaded the policy template +files for Office97 and get a copy of the policy editor.  Another possible +location is with the Zero Administration Kit available for download from Microsoft.</P +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2719" +>17.1.2.1. Registry Tattoos</A +></H4 +><P +>With NT4 style registry based policy changes, a large number of settings are not +automatically reversed as the user logs off. Since the settings that were in the +NTConfig.POL file were applied to the client machine registry and that apply to the +hive key HKEY_LOCAL_MACHINE are permanent until explicitly reveresd. This is known +as tattooing. It can have serious consequences down-stream and the administrator must +be extreemly careful not to lock out the ability to manage the machine at a later date.</P +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2722" +>17.1.3. Creating and Managing MS Windows 200x Policies</A +></H3 +><P +>Windows NT4 System policies allows setting of registry parameters specific to +users, groups and computers (client workstations) that are members of the NT4 +style domain. Such policy file will work with MS Windows 2000 / XP clients also.</P +><P +>New to MS Windows 2000 Microsoft introduced a new style of group policy that confers +a superset of capabilities compared with NT4 style policies. Obviously, the tool used +to create them is different, and the mechanism for implementing them is much changed.</P +><P +>The older NT4 style registry based policies are known as <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Administrative Templates</I +></SPAN +> +in MS Windows 2000/XP Group Policy Objects (GPOs). The later includes ability to set various security +configurations, enforce Internet Explorer browser settings, change and redirect aspects of the +users' desktop (including: the location of <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>My Documents</I +></SPAN +> files (directory), as +well as intrinsics of where menu items will appear in the Start menu). An additional new +feature is the ability to make available particular software Windows applications to particular +users and/or groups.</P +><P +>Remember: NT4 policy files are named <TT +CLASS="FILENAME" +>NTConfig.POL</TT +> and are stored in the root +of the NETLOGON share on the domain controllers. A Windows NT4 user enters a username, a password +and selects the domain name to which the logon will attempt to take place. During the logon +process the client machine reads the NTConfig.POL file from the NETLOGON share on the authenticating +server, modifies the local registry values according to the settings in this file.</P +><P +>Windows 2K GPOs are very feature rich. They are NOT stored in the NETLOGON share, rather part of +a Windows 200x policy file is stored in the Active Directory itself and the other part is stored +in a shared (and replicated) volume called the SYSVOL folder. This folder is present on all Active +Directory domain controllers. The part that is stored in the Active Directory itself is called the +group policy container (GPC), and the part that is stored in the replicated share called SYSVOL is +known as the group policy template (GPT).</P +><P +>With NT4 clients the policy file is read and executed upon only aas each user log onto the network. +MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine +startup (machine specific part) and when the user logs onto the network the user specific part +is applied. In MS Windows 200x style policy management each machine and/or user may be subject +to any number of concurently applicable (and applied) policy sets (GPOs). Active Directory allows +the administrator to also set filters over the policy settings. No such equivalent capability +exists with NT4 style policy files.</P +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2733" +>17.1.3.1. Administration of Win2K Policies</A +></H4 +><P +>Instead of using the tool called "The System Policy Editor", commonly called Poledit (from the +executable name poledit.exe), GPOs are created and managed using a Microsoft Management Console +(MMC) snap-in as follows:</P +><P +></P +><UL +><LI +><P +>	Go to the Windows 200x / XP menu <TT +CLASS="FILENAME" +>Start->Programs->Adminsitrative Tools</TT +> +	and select the MMC snap-in called "Active Directory Users and Computers" +	</P +><P +>	</P +></LI +><LI +><P +>	Select the domain or organizational unit (OU) that you wish to manage, then right click +	to open the context menu for that object, select the properties item. +	</P +></LI +><LI +><P +>	Now left click on the Group Policy tab, then left click on the New tab. Type a name +	for the new policy you will create. +	</P +></LI +><LI +><P +>	Now left click on the Edit tab to commence the steps needed to create the GPO. +	</P +></LI +></UL +><P +>All policy configuration options are controlled through the use of policy administrative +templates. These files have a .adm extension, both in NT4 as well as in Windows 200x / XP. +Beware however, since the .adm files are NOT interchangible across NT4 and Windows 200x. +The later introduces many new features as well as extended definition capabilities. It is +well beyond the scope of this documentation to explain how to program .adm files, for that +the adminsitrator is referred to the Microsoft Windows Resource Kit for your particular +version of MS Windows.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>The MS Windows 2000 Resource Kit contains a tool called gpolmig.exe. This tool can be used +to migrate an NT4 NTConfig.POL file into a Windows 200x style GPO. Be VERY careful how you +use this powerful tool. Please refer to the resource kit manuals for specific usage information.</P +></TD +></TR +></TABLE +></DIV +></DIV +></DIV +></DIV +></DIV +><DIV +CLASS="CHAPTER" +><HR><H1 +><A +NAME="PROFILEMGMT" +></A +>Chapter 18. Profile Management</H1 +><DIV +CLASS="SECT1" +><H2 +CLASS="SECT1" +><A +NAME="AEN2761" +>18.1. Roaming Profiles</A +></H2 +><DIV +CLASS="WARNING" +><P +></P +><TABLE +CLASS="WARNING" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" +HSPACE="5" +ALT="Warning"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +><SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>NOTE!</I +></SPAN +> Roaming profiles support is different for Win9X and WinNT.</P +></TD +></TR +></TABLE +></DIV +><P +>Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features.</P +><P +>Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory.</P +><P +>WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT.</P +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2769" +>18.1.1. Windows NT Configuration</A +></H3 +><P +>To support WinNT clients, in the [global] section of smb.conf set the +following (for example):</P +><P +><PRE +CLASS="PROGRAMLISTING" +>logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE +></P +><P +>The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile.  The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>MS Windows NT/2K clients at times do not disconnect a connection to a server +between logons. It is recommended to NOT use the <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>homes</I +></SPAN +> +meta-service name as part of the profile share path.</P +></TD +></TR +></TABLE +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2778" +>18.1.2. Windows 9X Configuration</A +></H3 +><P +>To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use /home" now works as well, and it, too, relies +on the "logon home" parameter.</P +><P +>By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory.   But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file:</P +><P +><PRE +CLASS="PROGRAMLISTING" +>logon home = \\%L\%U\.profiles</PRE +></P +><P +>then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden).</P +><P +>Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home".</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2786" +>18.1.3. Win9X and WinNT Configuration</A +></H3 +><P +>You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example:</P +><P +><PRE +CLASS="PROGRAMLISTING" +>logon home = \\%L\%U\.profiles +logon path = \\%L\profiles\%U</PRE +></P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>I have not checked what 'net use /home' does on NT when "logon home" is +set as above.</P +></TD +></TR +></TABLE +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2793" +>18.1.4. Windows 9X Profile Setup</A +></H3 +><P +>When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each.  You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders.</P +><P +>The user.DAT file contains all the user's preferences.  If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file.</P +><P +></P +><OL +TYPE="1" +><LI +><P +>        On the Windows 95 machine, go to Control Panel | Passwords and +        select the User Profiles tab.  Select the required level of +        roaming preferences.  Press OK, but do _not_ allow the computer +        to reboot. +        </P +></LI +><LI +><P +>        On the Windows 95 machine, go to Control Panel | Network | +        Client for Microsoft Networks | Preferences.  Select 'Log on to +        NT Domain'.  Then, ensure that the Primary Logon is 'Client for +        Microsoft Networks'.  Press OK, and this time allow the computer +        to reboot. +        </P +></LI +></OL +><P +>Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server.  If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me.</P +><P +>You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password].  Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password.</P +><P +>Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences?  Select 'yes'.</P +><P +>Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created.</P +><P +>These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set.</P +><P +>If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile.  Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server.</P +><P +>If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below.  When this user then next logs in, +they will be told that they are logging in "for the first time".</P +><P +></P +><OL +TYPE="1" +><LI +><P +>        instead of logging in under the [user, password, domain] dialog, +        press escape. +        </P +></LI +><LI +><P +>        run the regedit.exe program, and look in: +        </P +><P +>        HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList +        </P +><P +>        you will find an entry, for each user, of ProfilePath.  Note the +        contents of this key (likely to be c:\windows\profiles\username), +        then delete the key ProfilePath for the required user. +        </P +><P +>        [Exit the registry editor]. +        </P +></LI +><LI +><P +>        <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>WARNING</I +></SPAN +> - before deleting the contents of the +        directory listed in +   the ProfilePath (this is likely to be c:\windows\profiles\username), +   ask them if they have any important files stored on their desktop +   or in their start menu.  delete the contents of the directory +   ProfilePath (making a backup if any of the files are needed). +        </P +><P +>   This will have the effect of removing the local (read-only hidden +   system file) user.DAT in their profile directory, as well as the +   local "desktop", "nethood", "start menu" and "programs" folders. +        </P +></LI +><LI +><P +>        search for the user's .PWL password-caching file in the c:\windows +        directory, and delete it. +        </P +></LI +><LI +><P +>        log off the windows 95 client. +        </P +></LI +><LI +><P +>        check the contents of the profile path (see "logon path" described +        above), and delete the user.DAT or user.MAN file for the user, +        making a backup if required. +        </P +></LI +></OL +><P +>If all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports.</P +><P +>If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server.  Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2829" +>18.1.5. Windows NT Workstation 4.0</A +></H3 +><P +>When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created.  The profile location can be now specified +through the "logon path" parameter.</P +><P +>There is a parameter that is now available for use with NT Profiles: +"logon drive".  This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter.</P +><P +>The entry for the NT 4.0 profile is a _directory_ not a file.  The NT +help on profiles mentions that a directory is also created with a .PDS +extension.  The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension +for those situations where it might be created.)</P +><P +>In the profile directory, NT creates more folders than 95.  It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs".  The profile itself is stored in a file +NTuser.DAT.  Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown.</P +><P +>You can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you).  The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one.</P +><P +>The case of the profile is significant.  The file must be called +NTuser.DAT or, for a mandatory profile, NTuser.MAN.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2837" +>18.1.6. Windows NT/200x Server</A +></H3 +><P +>There is nothing to stop you specifying any path that you like for the +location of users' profiles.  Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2840" +>18.1.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations</A +></H3 +><P +>Sharing of desktop profiles between Windows versions is NOT recommended. +Desktop profiles are an evolving phenomenon and profiles for later versions +of MS Windows clients add features that may interfere with earlier versions +of MS Windows clients. Probably the more salient reason to NOT mix profiles +is that when logging off an earlier version of MS Windows the older format +of profile contents may overwrite information that belongs to the newer +version resulting in loss of profile information content when that user logs +on again with the newer version of MS Windows.</P +><P +>If you then want to share the same Start Menu / Desktop with W9x/Me, you will +need to specify a common location for the profiles. The smb.conf parameters +that need to be common are <SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>logon path</I +></SPAN +> and +<SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>logon home</I +></SPAN +>.</P +><P +>If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2847" +>18.1.8. Windows NT 4</A +></H3 +><P +>Unfortunately, the Resource Kit info is Win NT4 or 200x specific.</P +><P +>Here is a quick guide:</P +><P +></P +><UL +><LI +><P +>On your NT4 Domain Controller, right click on 'My Computer', then +select the tab labelled 'User Profiles'.</P +></LI +><LI +><P +>Select a user profile you want to migrate and click on it.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="90%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>I am using the term "migrate" lossely. You can copy a profile to +create a group profile. You can give the user 'Everyone' rights to the +profile you copy this to. That is what you need to do, since your samba +domain is not a member of a trust relationship with your NT4 PDC.</P +></TD +></TR +></TABLE +></DIV +></LI +><LI +><P +>Click the 'Copy To' button.</P +></LI +><LI +><P +>In the box labelled 'Copy Profile to' add your new path, eg: +<TT +CLASS="FILENAME" +>c:\temp\foobar</TT +></P +></LI +><LI +><P +>Click on the button labelled 'Change' in the "Permitted to use" box.</P +></LI +><LI +><P +>Click on the group 'Everyone' and then click OK. This closes the +'chose user' box.</P +></LI +><LI +><P +>Now click OK.</P +></LI +></UL +><P +>Follow the above for every profile you need to migrate.</P +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2870" +>18.1.8.1. Side bar Notes</A +></H4 +><P +>You should obtain the SID of your NT4 domain. You can use smbpasswd to do +this. Read the man page.</P +><P +>With Samba-3.0.0 alpha code you can import all you NT4 domain accounts +using the net samsync method. This way you can retain your profile +settings as well as all your users.</P +></DIV +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2874" +>18.1.8.2. Mandatory profiles</A +></H4 +><P +>The above method can be used to create mandatory profiles also. To convert +a group profile into a mandatory profile simply locate the NTUser.DAT file +in the copied profile and rename it to NTUser.MAN.</P +></DIV +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2877" +>18.1.8.3. moveuser.exe</A +></H4 +><P +>The W2K professional resource kit has moveuser.exe. moveuser.exe changes +the security of a profile from one user to another.  This allows the account +domain to change, and/or the user name to change.</P +></DIV +><DIV +CLASS="SECT3" +><HR><H4 +CLASS="SECT3" +><A +NAME="AEN2880" +>18.1.8.4. Get SID</A +></H4 +><P +>You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 +Resource Kit.</P +><P +>Windows NT 4.0 stores the local profile information in the registry under +the following key: +HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P +><P +>Under the ProfileList key, there will be subkeys named with the SIDs of the +users who have logged on to this computer. (To find the profile information +for the user whose locally cached profile you want to move, find the SID for +the user with the GetSID.exe utility.) Inside of the appropriate user's +subkey, you will see a string value named ProfileImagePath.</P +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H3 +CLASS="SECT2" +><A +NAME="AEN2885" +>18.1.9. Windows 2000/XP</A +></H3 +><P +>You must first convert the profile from a local profile to a domain +profile on the MS Windows workstation as follows:</P +><P +></P +><UL +><LI +><P +>Log on as the LOCAL workstation administrator.</P +></LI +><LI +><P +>Right click on the 'My Computer' Icon, select 'Properties'</P +></LI +><LI +><P +>Click on the 'User Profiles' tab</P +></LI +><LI +><P +>Select the profile you wish to convert (click on it once)</P +></LI +><LI +><P +>Click on the button 'Copy To'</P +></LI +><LI +><P +>In the "Permitted to use" box, click on the 'Change' button.</P +></LI +><LI +><P +>Click on the 'Look in" area that lists the machine name, when you click +here it will open up a selection box. Click on the domain to which the +profile must be accessible.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="90%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>You will need to log on if a logon box opens up. Eg: In the connect +as: MIDEARTH\root, password: mypassword.</P +></TD +></TR +></TABLE +></DIV +></LI +><LI +><P +>To make the profile capable of being used by anyone select 'Everyone'</P +></LI +><LI +><P +>Click OK. The Selection box will close.</P +></LI +><LI +><P +>Now click on the 'Ok' button to create the profile in the path you +nominated.</P +></LI +></UL +><P +>Done. You now have a profile that can be editted using the samba-3.0.0 +profiles tool.</P +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Under NT/2K the use of mandotory profiles forces the use of MS Exchange +storage of mail data. That keeps desktop profiles usable.</P +></TD +></TR +></TABLE +></DIV +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +></P +><UL +><LI +><P +>This is a security check new to Windows XP (or maybe only +Windows XP service pack 1).  It can be disabled via a group policy in +Active Directory.  The policy is:</P +><P +>"Computer Configuration\Administrative Templates\System\User +Profiles\Do not check for user ownership of Roaming Profile Folders"</P +><P +>...and it should be set to "Enabled". +Does the new version of samba have an Active Directory analogue?  If so, +then you may be able to set the policy through this.</P +><P +>If you cannot set group policies in samba, then you may be able to set +the policy locally on each machine.  If you want to try this, then do +the following (N.B. I don't know for sure that this will work in the +same way as a domain group policy):</P +></LI +><LI +><P +>On the XP workstation log in with an Administrator account.</P +></LI +><LI +><P +>Click: "Start", "Run"</P +></LI +><LI +><P +>Type: "mmc"</P +></LI +><LI +><P +>Click: "OK"</P +></LI +><LI +><P +>A Microsoft Management Console should appear.</P +></LI +><LI +><P +>Click: File, "Add/Remove Snap-in...", "Add"</P +></LI +><LI +><P +>Double-Click: "Group Policy"</P +></LI +><LI +><P +>Click: "Finish", "Close"</P +></LI +><LI +><P +>Click: "OK"</P +></LI +><LI +><P +>In the "Console Root" window:</P +></LI +><LI +><P +>Expand: "Local Computer Policy", "Computer Configuration",</P +></LI +><LI +><P +>"Administrative Templates", "System", "User Profiles"</P +></LI +><LI +><P +>Double-Click: "Do not check for user ownership of Roaming Profile</P +></LI +><LI +><P +>Folders"</P +></LI +><LI +><P +>Select: "Enabled"</P +></LI +><LI +><P +>Click: OK"</P +></LI +><LI +><P +>Close the whole console.  You do not need to save the settings (this +refers to the console settings rather than the policies you have +changed).</P +></LI +><LI +><P +>Reboot</P +></LI +></UL +></TD +></TR +></TABLE +></DIV +></DIV +></DIV +></DIV +><DIV +CLASS="CHAPTER" +><HR><H1 +><A  NAME="INTEGRATE-MS-NETWORKS"  ></A ->Chapter 17. Integrating MS Windows networks with Samba</H1 +>Chapter 19. Integrating MS Windows networks with Samba</H1  ><P  >This section deals with NetBIOS over TCP/IP name to IP address resolution. If you  your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this @@ -14743,8 +14914,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2932" ->17.1. Name Resolution in a pure Unix/Linux world</A +NAME="AEN2975" +>19.1. Name Resolution in a pure Unix/Linux world</A  ></H2  ><P  >The key configuration files covered in this section are:</P @@ -14785,8 +14956,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2948" ->17.1.1. <TT +NAME="AEN2991" +>19.1.1. <TT  CLASS="FILENAME"  >/etc/hosts</TT  ></A @@ -14866,8 +15037,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2964" ->17.1.2. <TT +NAME="AEN3007" +>19.1.2. <TT  CLASS="FILENAME"  >/etc/resolv.conf</TT  ></A @@ -14904,8 +15075,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2975" ->17.1.3. <TT +NAME="AEN3018" +>19.1.3. <TT  CLASS="FILENAME"  >/etc/host.conf</TT  ></A @@ -14933,8 +15104,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN2983" ->17.1.4. <TT +NAME="AEN3026" +>19.1.4. <TT  CLASS="FILENAME"  >/etc/nsswitch.conf</TT  ></A @@ -15002,8 +15173,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN2995" ->17.2. Name resolution as used within MS Windows networking</A +NAME="AEN3038" +>19.2. Name resolution as used within MS Windows networking</A  ></H2  ><P  >MS Windows networking is predicated about the name each machine  @@ -15087,8 +15258,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3007" ->17.2.1. The NetBIOS Name Cache</A +NAME="AEN3050" +>19.2.1. The NetBIOS Name Cache</A  ></H3  ><P  >All MS Windows machines employ an in memory buffer in which is  @@ -15114,8 +15285,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3012" ->17.2.2. The LMHOSTS file</A +NAME="AEN3055" +>19.2.2. The LMHOSTS file</A  ></H3  ><P  >This file is usually located in MS Windows NT 4.0 or  @@ -15217,8 +15388,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3020" ->17.2.3. HOSTS file</A +NAME="AEN3063" +>19.2.3. HOSTS file</A  ></H3  ><P  >This file is usually located in MS Windows NT 4.0 or 2000 in  @@ -15239,8 +15410,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3025" ->17.2.4. DNS Lookup</A +NAME="AEN3068" +>19.2.4. DNS Lookup</A  ></H3  ><P  >This capability is configured in the TCP/IP setup area in the network  @@ -15259,8 +15430,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3028" ->17.2.5. WINS Lookup</A +NAME="AEN3071" +>19.2.5. WINS Lookup</A  ></H3  ><P  >A WINS (Windows Internet Name Server) service is the equivaent of the  @@ -15302,14 +15473,14 @@ CLASS="CHAPTER"  ><A  NAME="IMPROVED-BROWSING"  ></A ->Chapter 18. Improved browsing in samba</H1 +>Chapter 20. Improved browsing in samba</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN3047" ->18.1. Overview of browsing</A +NAME="AEN3090" +>20.1. Overview of browsing</A  ></H2  ><P  >SMB networking provides a mechanism by which clients can access a list @@ -15337,8 +15508,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3052" ->18.2. Browsing support in samba</A +NAME="AEN3095" +>20.2. Browsing support in samba</A  ></H2  ><P  >Samba facilitates browsing.  The browsing is supported by nmbd @@ -15380,8 +15551,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3060" ->18.3. Problem resolution</A +NAME="AEN3103" +>20.3. Problem resolution</A  ></H2  ><P  >If something doesn't work then hopefully the log.nmb file will help @@ -15427,8 +15598,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3069" ->18.4. Browsing across subnets</A +NAME="AEN3112" +>20.4. Browsing across subnets</A  ></H2  ><P  >Since the release of Samba 1.9.17(alpha1) Samba has been @@ -15458,8 +15629,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3074" ->18.4.1. How does cross subnet browsing work ?</A +NAME="AEN3117" +>20.4.1. How does cross subnet browsing work ?</A  ></H3  ><P  >Cross subnet browsing is a complicated dance, containing multiple @@ -15669,8 +15840,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3109" ->18.5. Setting up a WINS server</A +NAME="AEN3152" +>20.5. Setting up a WINS server</A  ></H2  ><P  >Either a Samba machine or a Windows NT Server machine may be set up @@ -15752,8 +15923,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3128" ->18.6. Setting up Browsing in a WORKGROUP</A +NAME="AEN3171" +>20.6. Setting up Browsing in a WORKGROUP</A  ></H2  ><P  >To set up cross subnet browsing on a network containing machines @@ -15837,8 +16008,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3146" ->18.7. Setting up Browsing in a DOMAIN</A +NAME="AEN3189" +>20.7. Setting up Browsing in a DOMAIN</A  ></H2  ><P  >If you are adding Samba servers to a Windows NT Domain then @@ -15888,8 +16059,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3156" ->18.8. Forcing samba to be the master</A +NAME="AEN3199" +>20.8. Forcing samba to be the master</A  ></H2  ><P  >Who becomes the "master browser" is determined by an election process @@ -15936,8 +16107,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3165" ->18.9. Making samba the domain master</A +NAME="AEN3208" +>20.9. Making samba the domain master</A  ></H2  ><P  >The domain master is responsible for collating the browse lists of @@ -16009,8 +16180,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3183" ->18.10. Note about broadcast addresses</A +NAME="AEN3226" +>20.10. Note about broadcast addresses</A  ></H2  ><P  >If your network uses a "0" based broadcast address (for example if it @@ -16023,8 +16194,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3186" ->18.11. Multiple interfaces</A +NAME="AEN3229" +>20.11. Multiple interfaces</A  ></H2  ><P  >Samba now supports machines with multiple network interfaces.  If you @@ -16038,14 +16209,14 @@ CLASS="CHAPTER"  ><A  NAME="MSDFS"  ></A ->Chapter 19. Hosting a Microsoft Distributed File System tree on Samba</H1 +>Chapter 21. Hosting a Microsoft Distributed File System tree on Samba</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN3200" ->19.1. Instructions</A +NAME="AEN3243" +>21.1. Instructions</A  ></H2  ><P  >The Distributed File System (or Dfs) provides a means of  @@ -16176,8 +16347,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3235" ->19.1.1. Notes</A +NAME="AEN3278" +>21.1.1. Notes</A  ></H3  ><P  ></P @@ -16211,14 +16382,14 @@ CLASS="CHAPTER"  ><A  NAME="VFS"  ></A ->Chapter 20. Stackable VFS modules</H1 +>Chapter 22. Stackable VFS modules</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN3259" ->20.1. Introduction and configuration</A +NAME="AEN3302" +>22.1. Introduction and configuration</A  ></H2  ><P  >Since samba 3.0, samba supports stackable VFS(Virtual File System) modules.   @@ -16258,16 +16429,16 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3268" ->20.2. Included modules</A +NAME="AEN3311" +>22.2. Included modules</A  ></H2  ><DIV  CLASS="SECT2"  ><H3  CLASS="SECT2"  ><A -NAME="AEN3270" ->20.2.1. audit</A +NAME="AEN3313" +>22.2.1. audit</A  ></H3  ><P  >A simple module to audit file access to the syslog @@ -16304,8 +16475,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3278" ->20.2.2. recycle</A +NAME="AEN3321" +>22.2.2. recycle</A  ></H3  ><P  >A recycle-bin like modules. When used any unlink call @@ -16375,8 +16546,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3315" ->20.2.3. netatalk</A +NAME="AEN3358" +>22.2.3. netatalk</A  ></H3  ><P  >A netatalk module, that will ease co-existence of samba and @@ -16408,8 +16579,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3322" ->20.3. VFS modules available elsewhere</A +NAME="AEN3365" +>22.3. VFS modules available elsewhere</A  ></H2  ><P  >This section contains a listing of various other VFS modules that  @@ -16424,8 +16595,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3326" ->20.3.1. DatabaseFS</A +NAME="AEN3369" +>22.3.1. DatabaseFS</A  ></H3  ><P  >URL: <A @@ -16458,8 +16629,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3334" ->20.3.2. vscan</A +NAME="AEN3377" +>22.3.2. vscan</A  ></H3  ><P  >URL: <A @@ -16482,14 +16653,14 @@ CLASS="CHAPTER"  ><A  NAME="SECURING-SAMBA"  ></A ->Chapter 21. Securing Samba</H1 +>Chapter 23. Securing Samba</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN3348" ->21.1. Introduction</A +NAME="AEN3391" +>23.1. Introduction</A  ></H2  ><P  >This note was attached to the Samba 2.2.8 release notes as it contained an @@ -16501,8 +16672,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3351" ->21.2. Using host based protection</A +NAME="AEN3394" +>23.2. Using host based protection</A  ></H2  ><P  >In many installations of Samba the greatest threat comes for outside @@ -16533,8 +16704,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3358" ->21.3. Using interface protection</A +NAME="AEN3401" +>23.3. Using interface protection</A  ></H2  ><P  >By default Samba will accept connections on any network interface that @@ -16569,8 +16740,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3367" ->21.4. Using a firewall</A +NAME="AEN3410" +>23.4. Using a firewall</A  ></H2  ><P  >Many people use a firewall to deny access to services that they don't @@ -16599,8 +16770,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3374" ->21.5. Using a IPC$ share deny</A +NAME="AEN3417" +>23.5. Using a IPC$ share deny</A  ></H2  ><P  >If the above methods are not suitable, then you could also place a @@ -16638,8 +16809,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3383" ->21.6. Upgrading Samba</A +NAME="AEN3426" +>23.6. Upgrading Samba</A  ></H2  ><P  >Please check regularly on http://www.samba.org/ for updates and @@ -16654,14 +16825,14 @@ CLASS="CHAPTER"  ><A  NAME="UNICODE"  ></A ->Chapter 22. Unicode/Charsets</H1 +>Chapter 24. Unicode/Charsets</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN3397" ->22.1. What are charsets and unicode?</A +NAME="AEN3440" +>24.1. What are charsets and unicode?</A  ></H2  ><P  >Computers communicate in numbers. In texts, each number will be  @@ -16710,8 +16881,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3406" ->22.2. Samba and charsets</A +NAME="AEN3449" +>24.2. Samba and charsets</A  ></H2  ><P  >As of samba 3.0, samba can (and will) talk unicode over the wire. Internally,  @@ -16786,101 +16957,101 @@ CLASS="TOC"  >Table of Contents</B  ></DT  ><DT ->23. <A +>25. <A  HREF="#SPEED"  >Samba performance issues</A  ></DT  ><DD  ><DL  ><DT ->23.1. <A -HREF="#AEN3443" +>25.1. <A +HREF="#AEN3486"  >Comparisons</A  ></DT  ><DT ->23.2. <A -HREF="#AEN3449" +>25.2. <A +HREF="#AEN3492"  >Socket options</A  ></DT  ><DT ->23.3. <A -HREF="#AEN3456" +>25.3. <A +HREF="#AEN3499"  >Read size</A  ></DT  ><DT ->23.4. <A -HREF="#AEN3461" +>25.4. <A +HREF="#AEN3504"  >Max xmit</A  ></DT  ><DT ->23.5. <A -HREF="#AEN3466" +>25.5. <A +HREF="#AEN3509"  >Log level</A  ></DT  ><DT ->23.6. <A -HREF="#AEN3469" +>25.6. <A +HREF="#AEN3512"  >Read raw</A  ></DT  ><DT ->23.7. <A -HREF="#AEN3474" +>25.7. <A +HREF="#AEN3517"  >Write raw</A  ></DT  ><DT ->23.8. <A -HREF="#AEN3478" +>25.8. <A +HREF="#AEN3521"  >Slow Clients</A  ></DT  ><DT ->23.9. <A -HREF="#AEN3482" +>25.9. <A +HREF="#AEN3525"  >Slow Logins</A  ></DT  ><DT ->23.10. <A -HREF="#AEN3485" +>25.10. <A +HREF="#AEN3528"  >Client tuning</A  ></DT  ></DL  ></DD  ><DT ->24. <A +>26. <A  HREF="#PORTABILITY"  >Portability</A  ></DT  ><DD  ><DL  ><DT ->24.1. <A -HREF="#AEN3525" +>26.1. <A +HREF="#AEN3568"  >HPUX</A  ></DT  ><DT ->24.2. <A -HREF="#AEN3531" +>26.2. <A +HREF="#AEN3574"  >SCO Unix</A  ></DT  ><DT ->24.3. <A -HREF="#AEN3535" +>26.3. <A +HREF="#AEN3578"  >DNIX</A  ></DT  ><DT ->24.4. <A -HREF="#AEN3564" +>26.4. <A +HREF="#AEN3607"  >RedHat Linux Rembrandt-II</A  ></DT  ><DT ->24.5. <A -HREF="#AEN3570" +>26.5. <A +HREF="#AEN3613"  >AIX</A  ></DT  ><DD  ><DL  ><DT ->24.5.1. <A -HREF="#AEN3572" +>26.5.1. <A +HREF="#AEN3615"  >Sequential Read Ahead</A  ></DT  ></DL @@ -16888,156 +17059,156 @@ HREF="#AEN3572"  ></DL  ></DD  ><DT ->25. <A +>27. <A  HREF="#OTHER-CLIENTS"  >Samba and other CIFS clients</A  ></DT  ><DD  ><DL  ><DT ->25.1. <A -HREF="#AEN3590" +>27.1. <A +HREF="#AEN3633"  >Macintosh clients?</A  ></DT  ><DT ->25.2. <A -HREF="#AEN3599" +>27.2. <A +HREF="#AEN3642"  >OS2 Client</A  ></DT  ><DD  ><DL  ><DT ->25.2.1. <A -HREF="#AEN3601" +>27.2.1. <A +HREF="#AEN3644"  >How can I configure OS/2 Warp Connect or   		OS/2 Warp 4 as a client for Samba?</A  ></DT  ><DT ->25.2.2. <A -HREF="#AEN3616" +>27.2.2. <A +HREF="#AEN3659"  >How can I configure OS/2 Warp 3 (not Connect),   		OS/2 1.2, 1.3 or 2.x for Samba?</A  ></DT  ><DT ->25.2.3. <A -HREF="#AEN3625" +>27.2.3. <A +HREF="#AEN3668"  >Are there any other issues when OS/2 (any version)   		is used as a client?</A  ></DT  ><DT ->25.2.4. <A -HREF="#AEN3629" +>27.2.4. <A +HREF="#AEN3672"  >How do I get printer driver download working   		for OS/2 clients?</A  ></DT  ></DL  ></DD  ><DT ->25.3. <A -HREF="#AEN3639" +>27.3. <A +HREF="#AEN3682"  >Windows for Workgroups</A  ></DT  ><DD  ><DL  ><DT ->25.3.1. <A -HREF="#AEN3641" +>27.3.1. <A +HREF="#AEN3684"  >Use latest TCP/IP stack from Microsoft</A  ></DT  ><DT ->25.3.2. <A -HREF="#AEN3646" +>27.3.2. <A +HREF="#AEN3689"  >Delete .pwl files after password change</A  ></DT  ><DT ->25.3.3. <A -HREF="#AEN3651" +>27.3.3. <A +HREF="#AEN3694"  >Configure WfW password handling</A  ></DT  ><DT ->25.3.4. <A -HREF="#AEN3655" +>27.3.4. <A +HREF="#AEN3698"  >Case handling of passwords</A  ></DT  ><DT ->25.3.5. <A -HREF="#AEN3660" +>27.3.5. <A +HREF="#AEN3703"  >Use TCP/IP as default protocol</A  ></DT  ></DL  ></DD  ><DT ->25.4. <A -HREF="#AEN3663" +>27.4. <A +HREF="#AEN3706"  >Windows '95/'98</A  ></DT  ><DT ->25.5. <A -HREF="#AEN3679" +>27.5. <A +HREF="#AEN3722"  >Windows 2000 Service Pack 2</A  ></DT  ></DL  ></DD  ><DT ->26. <A +>28. <A  HREF="#COMPILING"  >How to compile SAMBA</A  ></DT  ><DD  ><DL  ><DT ->26.1. <A -HREF="#AEN3706" +>28.1. <A +HREF="#AEN3749"  >Access Samba source code via CVS</A  ></DT  ><DD  ><DL  ><DT ->26.1.1. <A -HREF="#AEN3708" +>28.1.1. <A +HREF="#AEN3751"  >Introduction</A  ></DT  ><DT ->26.1.2. <A -HREF="#AEN3713" +>28.1.2. <A +HREF="#AEN3756"  >CVS Access to samba.org</A  ></DT  ></DL  ></DD  ><DT ->26.2. <A -HREF="#AEN3749" +>28.2. <A +HREF="#AEN3792"  >Accessing the samba sources via rsync and ftp</A  ></DT  ><DT ->26.3. <A -HREF="#AEN3755" +>28.3. <A +HREF="#AEN3798"  >Building the Binaries</A  ></DT  ><DD  ><DL  ><DT ->26.3.1. <A -HREF="#AEN3783" +>28.3.1. <A +HREF="#AEN3826"  >Compiling samba with Active Directory support</A  ></DT  ></DL  ></DD  ><DT ->26.4. <A -HREF="#AEN3812" +>28.4. <A +HREF="#AEN3855"  >Starting the smbd and nmbd</A  ></DT  ><DD  ><DL  ><DT ->26.4.1. <A -HREF="#AEN3822" +>28.4.1. <A +HREF="#AEN3865"  >Starting from inetd.conf</A  ></DT  ><DT ->26.4.2. <A -HREF="#AEN3851" +>28.4.2. <A +HREF="#AEN3894"  >Alternative: starting it as a daemon</A  ></DT  ></DL @@ -17045,128 +17216,128 @@ HREF="#AEN3851"  ></DL  ></DD  ><DT ->27. <A +>29. <A  HREF="#BUGREPORT"  >Reporting Bugs</A  ></DT  ><DD  ><DL  ><DT ->27.1. <A -HREF="#AEN3874" +>29.1. <A +HREF="#AEN3917"  >Introduction</A  ></DT  ><DT ->27.2. <A -HREF="#AEN3884" +>29.2. <A +HREF="#AEN3927"  >General info</A  ></DT  ><DT ->27.3. <A -HREF="#AEN3890" +>29.3. <A +HREF="#AEN3933"  >Debug levels</A  ></DT  ><DT ->27.4. <A -HREF="#AEN3907" +>29.4. <A +HREF="#AEN3950"  >Internal errors</A  ></DT  ><DT ->27.5. <A -HREF="#AEN3917" +>29.5. <A +HREF="#AEN3960"  >Attaching to a running process</A  ></DT  ><DT ->27.6. <A -HREF="#AEN3920" +>29.6. <A +HREF="#AEN3963"  >Patches</A  ></DT  ></DL  ></DD  ><DT ->28. <A +>30. <A  HREF="#DIAGNOSIS"  >The samba checklist</A  ></DT  ><DD  ><DL  ><DT ->28.1. <A -HREF="#AEN3943" +>30.1. <A +HREF="#AEN3986"  >Introduction</A  ></DT  ><DT ->28.2. <A -HREF="#AEN3948" +>30.2. <A +HREF="#AEN3991"  >Assumptions</A  ></DT  ><DT ->28.3. <A -HREF="#AEN3958" +>30.3. <A +HREF="#AEN4001"  >Tests</A  ></DT  ><DD  ><DL  ><DT ->28.3.1. <A -HREF="#AEN3960" +>30.3.1. <A +HREF="#AEN4003"  >Test 1</A  ></DT  ><DT ->28.3.2. <A -HREF="#AEN3966" +>30.3.2. <A +HREF="#AEN4009"  >Test 2</A  ></DT  ><DT ->28.3.3. <A -HREF="#AEN3972" +>30.3.3. <A +HREF="#AEN4015"  >Test 3</A  ></DT  ><DT ->28.3.4. <A -HREF="#AEN3987" +>30.3.4. <A +HREF="#AEN4030"  >Test 4</A  ></DT  ><DT ->28.3.5. <A -HREF="#AEN3992" +>30.3.5. <A +HREF="#AEN4035"  >Test 5</A  ></DT  ><DT ->28.3.6. <A -HREF="#AEN3998" +>30.3.6. <A +HREF="#AEN4041"  >Test 6</A  ></DT  ><DT ->28.3.7. <A -HREF="#AEN4006" +>30.3.7. <A +HREF="#AEN4049"  >Test 7</A  ></DT  ><DT ->28.3.8. <A -HREF="#AEN4032" +>30.3.8. <A +HREF="#AEN4075"  >Test 8</A  ></DT  ><DT ->28.3.9. <A -HREF="#AEN4049" +>30.3.9. <A +HREF="#AEN4092"  >Test 9</A  ></DT  ><DT ->28.3.10. <A -HREF="#AEN4057" +>30.3.10. <A +HREF="#AEN4100"  >Test 10</A  ></DT  ><DT ->28.3.11. <A -HREF="#AEN4063" +>30.3.11. <A +HREF="#AEN4106"  >Test 11</A  ></DT  ></DL  ></DD  ><DT ->28.4. <A -HREF="#AEN4068" +>30.4. <A +HREF="#AEN4111"  >Still having troubles?</A  ></DT  ></DL @@ -17180,14 +17351,14 @@ CLASS="CHAPTER"  ><A  NAME="SPEED"  ></A ->Chapter 23. Samba performance issues</H1 +>Chapter 25. Samba performance issues</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN3443" ->23.1. Comparisons</A +NAME="AEN3486" +>25.1. Comparisons</A  ></H2  ><P  >The Samba server uses TCP to talk to the client. Thus if you are @@ -17217,8 +17388,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3449" ->23.2. Socket options</A +NAME="AEN3492" +>25.2. Socket options</A  ></H2  ><P  >There are a number of socket options that can greatly affect the @@ -17245,8 +17416,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3456" ->23.3. Read size</A +NAME="AEN3499" +>25.3. Read size</A  ></H2  ><P  >The option "read size" affects the overlap of disk reads/writes with @@ -17271,8 +17442,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3461" ->23.4. Max xmit</A +NAME="AEN3504" +>25.4. Max xmit</A  ></H2  ><P  >At startup the client and server negotiate a "maximum transmit" size, @@ -17294,8 +17465,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3466" ->23.5. Log level</A +NAME="AEN3509" +>25.5. Log level</A  ></H2  ><P  >If you set the log level (also known as "debug level") higher than 2 @@ -17308,8 +17479,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3469" ->23.6. Read raw</A +NAME="AEN3512" +>25.6. Read raw</A  ></H2  ><P  >The "read raw" operation is designed to be an optimised, low-latency @@ -17330,8 +17501,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3474" ->23.7. Write raw</A +NAME="AEN3517" +>25.7. Write raw</A  ></H2  ><P  >The "write raw" operation is designed to be an optimised, low-latency @@ -17347,8 +17518,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3478" ->23.8. Slow Clients</A +NAME="AEN3521" +>25.8. Slow Clients</A  ></H2  ><P  >One person has reported that setting the protocol to COREPLUS rather @@ -17364,8 +17535,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3482" ->23.9. Slow Logins</A +NAME="AEN3525" +>25.9. Slow Logins</A  ></H2  ><P  >Slow logins are almost always due to the password checking time. Using @@ -17377,8 +17548,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3485" ->23.10. Client tuning</A +NAME="AEN3528" +>25.10. Client tuning</A  ></H2  ><P  >Often a speed problem can be traced to the client. The client (for @@ -17485,7 +17656,7 @@ CLASS="CHAPTER"  ><A  NAME="PORTABILITY"  ></A ->Chapter 24. Portability</H1 +>Chapter 26. Portability</H1  ><P  >Samba works on a wide range of platforms but the interface all the   platforms provide is not always compatible. This chapter contains  @@ -17495,8 +17666,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3525" ->24.1. HPUX</A +NAME="AEN3568" +>26.1. HPUX</A  ></H2  ><P  >HP's implementation of supplementary groups is, er, non-standard (for @@ -17525,8 +17696,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3531" ->24.2. SCO Unix</A +NAME="AEN3574" +>26.2. SCO Unix</A  ></H2  ><P  >  @@ -17542,8 +17713,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3535" ->24.3. DNIX</A +NAME="AEN3578" +>26.3. DNIX</A  ></H2  ><P  >DNIX has a problem with seteuid() and setegid(). These routines are @@ -17649,8 +17820,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3564" ->24.4. RedHat Linux Rembrandt-II</A +NAME="AEN3607" +>26.4. RedHat Linux Rembrandt-II</A  ></H2  ><P  >By default RedHat Rembrandt-II during installation adds an @@ -17673,16 +17844,16 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3570" ->24.5. AIX</A +NAME="AEN3613" +>26.5. AIX</A  ></H2  ><DIV  CLASS="SECT2"  ><H3  CLASS="SECT2"  ><A -NAME="AEN3572" ->24.5.1. Sequential Read Ahead</A +NAME="AEN3615" +>26.5.1. Sequential Read Ahead</A  ></H3  ><P  >Disabling Sequential Read Ahead using "vmtune -r 0" improves  @@ -17696,7 +17867,7 @@ CLASS="CHAPTER"  ><A  NAME="OTHER-CLIENTS"  ></A ->Chapter 25. Samba and other CIFS clients</H1 +>Chapter 27. Samba and other CIFS clients</H1  ><P  >This chapter contains client-specific information.</P  ><DIV @@ -17704,8 +17875,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3590" ->25.1. Macintosh clients?</A +NAME="AEN3633" +>27.1. Macintosh clients?</A  ></H2  ><P  >Yes. <A @@ -17750,16 +17921,16 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3599" ->25.2. OS2 Client</A +NAME="AEN3642" +>27.2. OS2 Client</A  ></H2  ><DIV  CLASS="SECT2"  ><H3  CLASS="SECT2"  ><A -NAME="AEN3601" ->25.2.1. How can I configure OS/2 Warp Connect or  +NAME="AEN3644" +>27.2.1. How can I configure OS/2 Warp Connect or   		OS/2 Warp 4 as a client for Samba?</A  ></H3  ><P @@ -17817,8 +17988,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3616" ->25.2.2. How can I configure OS/2 Warp 3 (not Connect),  +NAME="AEN3659" +>27.2.2. How can I configure OS/2 Warp 3 (not Connect),   		OS/2 1.2, 1.3 or 2.x for Samba?</A  ></H3  ><P @@ -17861,8 +18032,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3625" ->25.2.3. Are there any other issues when OS/2 (any version)  +NAME="AEN3668" +>27.2.3. Are there any other issues when OS/2 (any version)   		is used as a client?</A  ></H3  ><P @@ -17883,8 +18054,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3629" ->25.2.4. How do I get printer driver download working  +NAME="AEN3672" +>27.2.4. How do I get printer driver download working   		for OS/2 clients?</A  ></H3  ><P @@ -17930,16 +18101,16 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3639" ->25.3. Windows for Workgroups</A +NAME="AEN3682" +>27.3. Windows for Workgroups</A  ></H2  ><DIV  CLASS="SECT2"  ><H3  CLASS="SECT2"  ><A -NAME="AEN3641" ->25.3.1. Use latest TCP/IP stack from Microsoft</A +NAME="AEN3684" +>27.3.1. Use latest TCP/IP stack from Microsoft</A  ></H3  ><P  >Use the latest TCP/IP stack from microsoft if you use Windows @@ -17960,8 +18131,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3646" ->25.3.2. Delete .pwl files after password change</A +NAME="AEN3689" +>27.3.2. Delete .pwl files after password change</A  ></H3  ><P  >WfWg does a lousy job with passwords. I find that if I change my @@ -17980,8 +18151,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3651" ->25.3.3. Configure WfW password handling</A +NAME="AEN3694" +>27.3.3. Configure WfW password handling</A  ></H3  ><P  >There is a program call admincfg.exe @@ -17999,8 +18170,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3655" ->25.3.4. Case handling of passwords</A +NAME="AEN3698" +>27.3.4. Case handling of passwords</A  ></H3  ><P  >Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A @@ -18017,8 +18188,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3660" ->25.3.5. Use TCP/IP as default protocol</A +NAME="AEN3703" +>27.3.5. Use TCP/IP as default protocol</A  ></H3  ><P  >To support print queue reporting you may find @@ -18033,8 +18204,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3663" ->25.4. Windows '95/'98</A +NAME="AEN3706" +>27.4. Windows '95/'98</A  ></H2  ><P  >When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -18081,8 +18252,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3679" ->25.5. Windows 2000 Service Pack 2</A +NAME="AEN3722" +>27.5. Windows 2000 Service Pack 2</A  ></H2  ><P  >  @@ -18165,7 +18336,7 @@ CLASS="CHAPTER"  ><A  NAME="COMPILING"  ></A ->Chapter 26. How to compile SAMBA</H1 +>Chapter 28. How to compile SAMBA</H1  ><P  >You can obtain the samba source from the <A  HREF="http://samba.org/" @@ -18178,16 +18349,16 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3706" ->26.1. Access Samba source code via CVS</A +NAME="AEN3749" +>28.1. Access Samba source code via CVS</A  ></H2  ><DIV  CLASS="SECT2"  ><H3  CLASS="SECT2"  ><A -NAME="AEN3708" ->26.1.1. Introduction</A +NAME="AEN3751" +>28.1.1. Introduction</A  ></H3  ><P  >Samba is developed in an open environment.  Developers use CVS @@ -18208,8 +18379,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3713" ->26.1.2. CVS Access to samba.org</A +NAME="AEN3756" +>28.1.2. CVS Access to samba.org</A  ></H3  ><P  >The machine samba.org runs a publicly accessible CVS  @@ -18221,8 +18392,8 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN3716" ->26.1.2.1. Access via CVSweb</A +NAME="AEN3759" +>28.1.2.1. Access via CVSweb</A  ></H4  ><P  >You can access the source code via your  @@ -18242,8 +18413,8 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN3721" ->26.1.2.2. Access via cvs</A +NAME="AEN3764" +>28.1.2.2. Access via cvs</A  ></H4  ><P  >You can also access the source code via a  @@ -18347,8 +18518,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3749" ->26.2. Accessing the samba sources via rsync and ftp</A +NAME="AEN3792" +>28.2. Accessing the samba sources via rsync and ftp</A  ></H2  ><P  >	pserver.samba.org also exports unpacked copies of most parts of the CVS tree at <A @@ -18375,8 +18546,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3755" ->26.3. Building the Binaries</A +NAME="AEN3798" +>28.3. Building the Binaries</A  ></H2  ><P  >To do this, first run the program <B @@ -18461,8 +18632,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3783" ->26.3.1. Compiling samba with Active Directory support</A +NAME="AEN3826" +>28.3.1. Compiling samba with Active Directory support</A  ></H3  ><P  >In order to compile samba with ADS support, you need to have installed @@ -18511,8 +18682,8 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN3795" ->26.3.1.1. Installing the required packages for Debian</A +NAME="AEN3838" +>28.3.1.1. Installing the required packages for Debian</A  ></H4  ><P  >On Debian you need to install the following packages:</P @@ -18542,8 +18713,8 @@ CLASS="SECT3"  ><HR><H4  CLASS="SECT3"  ><A -NAME="AEN3802" ->26.3.1.2. Installing the required packages for RedHat</A +NAME="AEN3845" +>28.3.1.2. Installing the required packages for RedHat</A  ></H4  ><P  >On RedHat this means you should have at least: </P @@ -18584,8 +18755,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3812" ->26.4. Starting the smbd and nmbd</A +NAME="AEN3855" +>28.4. Starting the smbd and nmbd</A  ></H2  ><P  >You must choose to start smbd and nmbd either @@ -18624,8 +18795,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3822" ->26.4.1. Starting from inetd.conf</A +NAME="AEN3865" +>28.4.1. Starting from inetd.conf</A  ></H3  ><P  >NOTE; The following will be different if  @@ -18724,8 +18895,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3851" ->26.4.2. Alternative: starting it as a daemon</A +NAME="AEN3894" +>28.4.2. Alternative: starting it as a daemon</A  ></H3  ><P  >To start the server as a daemon you should create  @@ -18783,14 +18954,14 @@ CLASS="CHAPTER"  ><A  NAME="BUGREPORT"  ></A ->Chapter 27. Reporting Bugs</H1 +>Chapter 29. Reporting Bugs</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN3874" ->27.1. Introduction</A +NAME="AEN3917" +>29.1. Introduction</A  ></H2  ><P  >The email address for bug reports for stable releases is <A @@ -18834,8 +19005,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3884" ->27.2. General info</A +NAME="AEN3927" +>29.2. General info</A  ></H2  ><P  >Before submitting a bug report check your config for silly @@ -18859,8 +19030,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3890" ->27.3. Debug levels</A +NAME="AEN3933" +>29.3. Debug levels</A  ></H2  ><P  >If the bug has anything to do with Samba behaving incorrectly as a @@ -18929,8 +19100,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3907" ->27.4. Internal errors</A +NAME="AEN3950" +>29.4. Internal errors</A  ></H2  ><P  >If you get a "INTERNAL ERROR" message in your log files it means that @@ -18973,8 +19144,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3917" ->27.5. Attaching to a running process</A +NAME="AEN3960" +>29.5. Attaching to a running process</A  ></H2  ><P  >Unfortunately some unixes (in particular some recent linux kernels) @@ -18990,8 +19161,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3920" ->27.6. Patches</A +NAME="AEN3963" +>29.6. Patches</A  ></H2  ><P  >The best sort of bug report is one that includes a fix! If you send us @@ -19013,14 +19184,14 @@ CLASS="CHAPTER"  ><A  NAME="DIAGNOSIS"  ></A ->Chapter 28. The samba checklist</H1 +>Chapter 30. The samba checklist</H1  ><DIV  CLASS="SECT1"  ><H2  CLASS="SECT1"  ><A -NAME="AEN3943" ->28.1. Introduction</A +NAME="AEN3986" +>30.1. Introduction</A  ></H2  ><P  >This file contains a list of tests you can perform to validate your @@ -19041,8 +19212,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3948" ->28.2. Assumptions</A +NAME="AEN3991" +>30.2. Assumptions</A  ></H2  ><P  >In all of the tests it is assumed you have a Samba server called  @@ -19079,16 +19250,16 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN3958" ->28.3. Tests</A +NAME="AEN4001" +>30.3. Tests</A  ></H2  ><DIV  CLASS="SECT2"  ><H3  CLASS="SECT2"  ><A -NAME="AEN3960" ->28.3.1. Test 1</A +NAME="AEN4003" +>30.3.1. Test 1</A  ></H3  ><P  >In the directory in which you store your smb.conf file, run the command @@ -19109,8 +19280,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3966" ->28.3.2. Test 2</A +NAME="AEN4009" +>30.3.2. Test 2</A  ></H3  ><P  >Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from @@ -19135,8 +19306,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3972" ->28.3.3. Test 3</A +NAME="AEN4015" +>30.3.3. Test 3</A  ></H3  ><P  >Run the command "smbclient -L BIGSERVER" on the unix box. You @@ -19206,8 +19377,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3987" ->28.3.4. Test 4</A +NAME="AEN4030" +>30.3.4. Test 4</A  ></H3  ><P  >Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the @@ -19227,8 +19398,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3992" ->28.3.5. Test 5</A +NAME="AEN4035" +>30.3.5. Test 5</A  ></H3  ><P  >run the command <B @@ -19248,8 +19419,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN3998" ->28.3.6. Test 6</A +NAME="AEN4041" +>30.3.6. Test 6</A  ></H3  ><P  >Run the command <B @@ -19282,8 +19453,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN4006" ->28.3.7. Test 7</A +NAME="AEN4049" +>30.3.7. Test 7</A  ></H3  ><P  >Run the command <B @@ -19371,8 +19542,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN4032" ->28.3.8. Test 8</A +NAME="AEN4075" +>30.3.8. Test 8</A  ></H3  ><P  >On the PC type the command <B @@ -19431,8 +19602,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN4049" ->28.3.9. Test 9</A +NAME="AEN4092" +>30.3.9. Test 9</A  ></H3  ><P  >Run the command <B @@ -19465,8 +19636,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN4057" ->28.3.10. Test 10</A +NAME="AEN4100" +>30.3.10. Test 10</A  ></H3  ><P  >Run the command <B @@ -19491,8 +19662,8 @@ CLASS="SECT2"  ><HR><H3  CLASS="SECT2"  ><A -NAME="AEN4063" ->28.3.11. Test 11</A +NAME="AEN4106" +>30.3.11. Test 11</A  ></H3  ><P  >From file manager try to browse the server. Your samba server should @@ -19519,8 +19690,8 @@ CLASS="SECT1"  ><HR><H2  CLASS="SECT1"  ><A -NAME="AEN4068" ->28.4. Still having troubles?</A +NAME="AEN4111" +>30.4. Still having troubles?</A  ></H2  ><P  >Try the mailing list or newsgroup, or use the ethereal utility to | 
