summaryrefslogtreecommitdiff
path: root/docs/textdocs
diff options
context:
space:
mode:
Diffstat (limited to 'docs/textdocs')
-rw-r--r--docs/textdocs/CUPS-PrintingInfo.txt1201
-rw-r--r--docs/textdocs/CreatingGroupProfiles-Win2K.txt112
-rw-r--r--docs/textdocs/CreatingGroupProfiles-Win9X.txt58
-rw-r--r--docs/textdocs/CreatingGroupProfilesInNT4.txt71
-rw-r--r--docs/textdocs/PROFILES.txt385
-rw-r--r--docs/textdocs/RoutedNetworks.txt63
6 files changed, 1890 insertions, 0 deletions
diff --git a/docs/textdocs/CUPS-PrintingInfo.txt b/docs/textdocs/CUPS-PrintingInfo.txt
new file mode 100644
index 0000000000..bd10c2e53e
--- /dev/null
+++ b/docs/textdocs/CUPS-PrintingInfo.txt
@@ -0,0 +1,1201 @@
+There are Six (6) Extracts here from mail in the Samba Mailing List.
+The key contribution here is from Kurt Pfeifle.
+
+I added them to this repository in the hope that someone would find the information helpful.
+
+John T. <jht@samba.org>
+
+==============================================================================
+<<< EXTANT 1 >>>
+==============================================================================
+Subject: Print Filtering Mechanism Explained
+============================================
+
+Date: Sun, 22 Sep 2002 15:38:02 +0200
+From: "Kurt Pfeifle" <kpfeifle@danka.de>
+Reply-To: kpfeifle@danka.de
+Organization: Danka Deutschland GmbH
+To: samba@lists.samba.org
+Subject: CUPS filtering mechanism explained, was: [cups raw mode, was Re: [Samba] unlink data file in cups_job_submit]
+
+Paul Janzen wrote on Samba digest:
+
+ > Message: 7
+ > To: Gerald Carter <jerry@samba.org>
+ > Cc: samba@lists.samba.org
+ > From: Paul Janzen <pcj@samba.sez.to>
+ > Subject: cups raw mode, was Re: [Samba] unlink data file in cups_job_submit
+ > Date: 21 Sep 2002 12:09:23 -0700
+ >
+ >
+ > Gerald Carter <jerry@samba.org> writes:
+ >
+ > > Looks right to me [:-)] Applying it now. Thanks. I've been meaning to
+ > > track this one down.
+ >
+ >
+ > Thanks!
+ >
+ > While we are on the subject... [:-)]
+ >
+ > If I am using native printer drivers on Windows clients, I would like
+ > the "raw" option to get propagated to CUPS. Otherwise cups does not
+ > pass the data on to the printer.
+
+Paul,
+
+I see you know about what you call the "raw data passthrough feature".
+I guess you mean the lines in "/etc/cups/mime.types" and
+"/etc/cups/mime.convs" which need to be uncommented to allow "raw"
+printing ?
+
+Here is some clarification (likely not very useful for you, but
+possibly for some other readers of the Samba list):
+
+### If you have "printing = cups" and "printcap = cups" enabled,
+--- everything is handled by Samba accessing the CUPS API. (And any
+ "print command" directive in Samba will be ignored.) If the CUPS
+ API is not available (because Samba might not be compiled against
+libcups), it automatically maps to the "System V" command set, with
+"-oraw" enabled automatically.
+
+ > (If I enable cups's application/
+ > octet-stream raw-data passthrough feature, both cupsomatic and the
+ > Windows driver add PJL headers and footers, which is not what I want
+ > either.)
+
+### According to my experience, cupsomatic on the Samba/CUPS server
+--- does *not* add any features if a file is really printed "raw".
+ However, if you have loaded the driver for the Windows client
+from the CUPS server, using the "cupsaddsmb" utility, and if this
+driver is one using a "Foomatic" PPD, the PJL header in question is
+already added on the Windows client, at the time when the driver
+initially generated the PostScript data -- and CUPS in true "-oraw"
+manner doesn't remove this PJL header and passes the file "as is"
+to its printer communication backend.
+
+NOTE, please, that the editing in the "mime.convs" and the
+----- "mime.types" file does not *enforce* "raw" printing, it
+ only *allows* it. Any file arriving from Windows is
+"auto-typed" by CUPS, which might consecutively lead to its
+treatment by various filters automatically (depending on the
+actual outcome of the auto-typing and the configuration of the
+printqueue in question):
+
+ --> Files generated by PCL drivers and destined to PCL
+ printers get auto-typed "application/octet-stream"
+ and are indeed printed "raw". Also, unknown file
+ types are getting tagged as "application/octet-stream".
+
+ --> Files generated by a PostScript driver (and destined
+ for any target printer type) are auto-typed. Depending
+ on the driver, the discovered MIME type may be
+
+ * application/postscript or
+ * application/vnd.cups-postscript
+
+"application/postscript" goes first thru the "pstops" filter
+ (where also the page counting and accounting takes place
+ currently), and the outcome will be of MIME type
+ "application/vnd.cups-postscript". The pstopsfilter reads and
+ uses information from the PPD and inserts user-provided options
+ into the PostScript file. As a consequence, the filtered file
+ will possibly have the PJL header you don't want.
+
+"application/postscript" will be all files with a ".ps", ".ai",
+ ".eps" suffix or which have as their first character string one
+ of "%!" or "<04>%".
+
+"application/vnd.cups-postscript" will be those files which do both,
+ first...
+ ...carry a string "LANGUAGE=POSTSCRIPT" (or similar variations
+ with different capitalization) amongst the first 512 bytes,
+ *plus*...
+ ...contain the "PJL super escape code" amongst the first 128
+ bytes ("<1B>%-12345X"). Very likely, most PostScript files
+ generated on Windows using a CUPS- or other PPD, will have
+ to be auto-typed as "vnd.cups-postscript".
+ Probably a file produced with a "Generic PostScript driver"
+ will be just "application/postscript" (have not checked).
+
+Once the file is in "application/vnd.cups-postscript" format,
+either "pstoraster" or "cupsomatic" will take over (depending
+on the printer configuration, as determined by the PPD in use).
+
+NOTE: a printer queue with *no* PPD associated to it is a "raw"
+----- printer and all files will go directly there as received
+ by the spooler; the exeption are file types
+"application/octet-stream" which need the mentioned "passthrough
+feature" enabled. "Raw" queues don't do any filtering at all, they
+hand the file directly to the CUPS backend. This backend is
+responsible for the sending of the data to the device (as visible
+in the "device URI" notation as lpd://, socket://, smb://, ipp://,
+http://, parallel:/, serial:/, usb:/ etc.)
+
+NOTE, please, also the following fact: "cupsomatic"/Foomatic are
+----- *not* native CUPS drivers and they don't ship with CUPS.
+ They are a Third Party add-on, developed at Linuxprinting.org.
+As such, they are a brilliant hack to make all models (driven by
+Ghostscript drivers/filters in traditional spoolers) also work via
+CUPS, with the same (good or bad!) quality as in these other
+spoolers. "cupsomatic" is only a vehicle to execute a ghostscript
+commandline at that stage in the CUPS filtering chain, where
+"normally" the native CUPS "pstoraster" filter would kick in.
+cupsomatic by-passes pstoraster, "kidnaps" the printfile from CUPS
+away and re-directs it to go through Ghostscipt. CUPS accepts this,
+because the associated CUPS-O-Matic-/Foomatic-PPD carries a line
+reading
+
+ *cupsFilter: "application/vnd.cups-postscript 0 cupsomatic"
+
+This line persuades CUPS to hand the file to cupsomatic, once it
+has successfully converted it to the MIME type
+"application/vnd.cups-postscript". This conversion will not
+happen for Jobs arriving from Windows which are autotyped
+"application/octet-stream", with the according changes in
+"/etc/cups/mime.types" in place.
+
+See small drawings at the end...
+
+I am not a programmer, so please correct me if I am wrong.
+
+ > With traditional lpr, you can just add "-oraw" to the "print command"
+ > line in smb.conf. With cups, you don't have that alternative.
+
+You *do* have it, I think.
+
+But you need to disable the settings "printing = cups" and "printcap =
+= cups" and use "printing = bsd" and "printcap = /etc/printcap"
+instead. [Additionally, you will probably have to enable and configure
+the CUPS mini-LPD daemon ("cups-lpd") run from inetd... but I have not
+checked, so take this item with a grain of salt and a proper dose of
+caution, please.]
+
+ > The result is that to support both unix printing and native-driver
+ > Windows printing from CUPS, you have to have two logical printers per
+ > physical printer: one ("cooked") for Unix clients and one ("raw") for
+ > Samba to use.
+
+Yes, that is one current workaround, if you don't want the auto-typing
+of CUPS influencing Samba/Windows client PostScript jobs.
+
+CUPS is widely configurable and flexible, even regarding its filtering
+mechanism. Another workaround in some situations would be to have
+lines in "/etc/cups/mime.types" saying
+
+ application/postscript application/vnd.cups-raw 0 -
+ application/vnd.cups-postscript application/vnd.cups-raw 0 -
+
+This would prevent all Postscript files to be filtered (or rather, they
+will go thru the virtual "nullfilter" denoted with "-". (This could only
+be useful for PS printers, or if you want to print PS code on non-PS
+printers ;-)
+
+A single line of
+
+ */* application/vnd.cups-raw 0 -
+
+would effectively send *all* files towards the backend immediately
+(good luck!)
+
+Last, you could have the following (without the need for a Samba
+patch):
+
+ application/vnd.cups-postscript application/vnd.cups-raw 0 my_PJL_stripping_filter
+
+You'd need to write a "my_PJL_stripping_filter" (could be a shellscript)
+which parses the PostScript and removes the undesired PJL. This would
+need to conform to CUPS filter design (mainly, receive and pass the
+parameters printername, job-id, username, jobtitle, copies, printoptions
+and possibly the filename). It would just go as world executably into
+"/usr/lib/cups/filters/" and work from there, called by cups if it
+encounters a MIME type "application/vnd.cups-postscript"
+
+ > The attached patch allows you to specify an option string for cups
+ > printers in smb.conf.
+
+I think your patch is in any case very useful (if it works as
+advertised ;-). It is the most generic, simple and flexible
+approach to complement CUPS.
+
+ > So, if you want to use native Windows drivers,
+ > all you need is
+ >
+ > cups printer options = raw
+ >
+ > in smb.conf. You can add any other options that cups and the printer
+ > understand.
+
+Now this last sentence makes me very curious. Do you mean you can add
+*multiple* options to this directive? Which syntax would be required
+for this ? (Some CUPS options are specified by an "-o option=value"
+pair on the commandline, some are single values, like the "-o raw"
+one...)
+
+I am thinking on one specific usage now:
+
+-----------------------------------------------------------------------
+-> passing any available IPP job attribute to the printer / the spooler
+-----------------------------------------------------------------------
+
+For example, CUPS can handle "-o job-hold-until=indefinite". This
+keeps the job in the queue "on hold". It will only be printed upon
+manual release by the printer operator. This is a requirement in
+many "central reproduction departments", where a few operators
+manage the jobs of hundreds of users on some big machine, where no
+user is allowed to have direct access. (The operators often need to
+load the proper paper type before running the 10.000 page job
+requested by marketing for the mailing, etc.).
+
+A lot more useful applications come to mind, if I could pass
+"any other options that cups and the printer understand" via
+the smb.conf directive!!
+
+Thanks a lot!
+
+Cheers,
+Kurt
+
+P.S.: List, please give me some feedback, if you think this type of
+ explanation could be useful in the Samba HOWTO Collection. In
+ that case, I'll try to write it up in a nicer form.
+
+
+#########################################################################
+#
+# CUPS in and of itself has this (general) filter chain (CAPITAL
+# letters are FILE-FORMATS or MIME types, other are filters (this is
+# true for pre-1.1.15 of pre-4.3 versions of CUPS and ESP PrintPro):
+#
+# <SOMETHNG>-FILEFORMAT
+# |
+# |
+# V
+# <something>tops
+# |
+# |
+# V
+# APPLICATION/POSTSCRIPT
+# |
+# |
+# V
+# pstops
+# |
+# |
+# V
+# APPLICATION/VND.CUPS-POSTSCRIPT
+# |
+# |
+# V
+# pstoraster # as shipped with CUPS, independent from any Ghostscipt
+# | # installation on the system
+# | (= "postscipt interpreter")
+# |
+# V
+# APPLICATION/VND.CUPS-RASTER
+# |
+# |
+# V
+# rasterto<something> (f.e. Gimp-Print filters may be plugged in here)
+# | (= "raster driver")
+# |
+# V
+# SOMETHING-DEVICE-SPECIFIC
+# |
+# |
+# V
+# backend
+#
+#
+# ESP PrintPro has some enhanced "rasterto<something>" filters as compared to
+# CUPS, and also a somewhat improved "pstoraster" filter.
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+# CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#
+#########################################################################
+#
+# This is how "cupsomatic" comes into play:
+# =========================================
+#
+# <SOMETHNG>-FILEFORMAT
+# |
+# |
+# V
+# <something>tops
+# |
+# |
+# V
+# APPLICATION/POSTSCRIPT
+# |
+# |
+# V
+# pstops
+# |
+# |
+# V
+# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+
+# | |
+# | V
+# V cupsomatic
+# pstoraster (constructs complicated
+# | (= "postscipt interpreter") Ghostscript commandline
+# | to let the file be
+# V processed by a
+# APPLICATION/VND.CUPS-RASTER "-sDEVICE=<s.th.>"
+# | call...)
+# | |
+# V |
+# rasterto<something> V
+# | (= "raster driver") +-------------------------+
+# | | Ghostscript at work.... |
+# V | |
+# SOMETHING-DEVICE-SPECIFIC *-------------------------+
+# | |
+# | |
+# V |
+# backend <------------------------------------+
+# |
+# |
+# V
+# THE PRINTER
+#
+#
+#
+# Note, that cupsomatic "kidnaps" the printfile after the
+# "APPLICATION/VND.CUPS-POSTSCRPT" stage and deviates it through
+# the CUPS-external, systemwide Ghostscript installation, bypassing the
+# "pstoraster" filter (therefor also bypassing the CUPS-raster-drivers
+# "rasterto<something>", and hands the rasterized file directly to the CUPS
+# backend...
+#
+# cupsomatic is not made by the CUPS developers. It is an independent
+# contribution to printing development, made by people from
+# Linuxprinting.org. (see also http://www.cups.org/cups-help.html)
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+# CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#
+#########################################################################
+#
+# And this is how it works for ESP PrintPro from 4.3:
+# ===================================================
+#
+# <SOMETHNG>-FILEFORMAT
+# |
+# |
+# V
+# <something>tops
+# |
+# |
+# V
+# APPLICATION/POSTSCRIPT
+# |
+# |
+# V
+# pstops
+# |
+# |
+# V
+# APPLICATION/VND.CUPS-POSTSCRIPT
+# |
+# |
+# V
+# gsrip
+# | (= "postscipt interpreter")
+# |
+# V
+# APPLICATION/VND.CUPS-RASTER
+# |
+# |
+# V
+# rasterto<something> (f.e. Gimp-Print filters may be plugged in here)
+# | (= "raster driver")
+# |
+# V
+# SOMETHING-DEVICE-SPECIFIC
+# |
+# |
+# V
+# backend
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+# CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#
+#########################################################################
+#
+# This is how "cupsomatic" would come into play with ESP PrintPro:
+# ================================================================
+#
+#
+# <SOMETHNG>-FILEFORMAT
+# |
+# |
+# V
+# <something>tops
+# |
+# |
+# V
+# APPLICATION/POSTSCRIPT
+# |
+# |
+# V
+# pstops
+# |
+# |
+# V
+# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+
+# | |
+# | V
+# V cupsomatic
+# gsrip (constructs complicated
+# | (= "postscipt interpreter") Ghostscript commandline
+# | to let the file be
+# V processed by a
+# APPLICATION/VND.CUPS-RASTER "-sDEVICE=<s.th.>"
+# | call...)
+# | |
+# V |
+# rasterto<something> V
+# | (= "raster driver") +-------------------------+
+# | | Ghostscript at work.... |
+# V | |
+# SOMETHING-DEVICE-SPECIFIC *-------------------------+
+# | |
+# | |
+# V |
+# backend <------------------------------------+
+# |
+# |
+# V
+# THE PRINTER
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+# CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#########################################################################
+#
+# And this is how it works for CUPS from 1.1.15:
+# ==============================================
+#
+# <SOMETHNG>-FILEFORMAT
+# |
+# |
+# V
+# <something>tops
+# |
+# |
+# V
+# APPLICATION/POSTSCRIPT
+# |
+# |
+# V
+# pstops
+# |
+# |
+# V
+# APPLICATION/VND.CUPS-POSTSCRIPT-----+
+# |
+# +------------------v------------------------------+
+# | Ghostscript |
+# | at work... |
+# | (with |
+# | "-sDEVICE=cups") |
+# | |
+# | (= "postscipt interpreter") |
+# | |
+# +------------------v------------------------------+
+# |
+# |
+# APPLICATION/VND.CUPS-RASTER <-------+
+# |
+# |
+# V
+# rasterto<something>
+# | (= "raster driver")
+# |
+# V
+# SOMETHING-DEVICE-SPECIFIC
+# |
+# |
+# V
+# backend
+#
+#
+# NOTE: since version 1.1.15 CUPS "outsourced" the pstoraster process to
+# Ghostscript. GNU Ghostscript needs to be patched to handle the
+# CUPS requirement; ESP Ghostscript has this builtin. In any case,
+# "gs -h" needs to show up a "cups" device. pstoraster is now a
+# calling an appropriate "gs -sDEVICE=cups..." commandline to do
+# the job. It will output "application/vnd.cup-raster", which will
+# be finally processed by a CUPS raster driver "rasterto<something>"
+# Note the difference to "cupsomatic", which will *not* output
+# CUPS-raster, but a final version of the printfile, ready to be
+# sent to the printer. cupsomatic also doesn't use the "cups"
+# devicemode in Ghostscript, but one of the classical devicemodes....
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+# CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#########################################################################
+#
+# And this is how it works for CUPS from 1.1.15, with cupsomatic included:
+# ========================================================================
+#
+# <SOMETHNG>-FILEFORMAT
+# |
+# |
+# V
+# <something>tops
+# |
+# |
+# V
+# APPLICATION/POSTSCRIPT
+# |
+# |
+# V
+# pstops
+# |
+# |
+# V
+# APPLICATION/VND.CUPS-POSTSCRIPT-----+
+# |
+# +------------------v------------------------------+
+# | Ghostscript . Ghostscript at work.... |
+# | at work... . (with "-sDEVICE= |
+# | (with . <s.th.>" |
+# | "-sDEVICE=cups") . |
+# | . |
+# | (CUPS standard) . (cupsomatic) |
+# | . |
+# | (= "postscript interpreter") |
+# | . |
+# +------------------v--------------v---------------+
+# | |
+# | |
+# APPLICATION/VND.CUPS-RASTER <-------+ |
+# | |
+# | |
+# V |
+# rasterto<something> |
+# | (= "raster driver") |
+# | |
+# V |
+# SOMETHING-DEVICE-SPECIFIC <------------------------+
+# |
+# |
+# V
+# backend
+#
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+# CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+##########################################################################
+
+I hope this helps more people understand how CUPS works and how they
+can possibly tweak it to their needs.
+
+
+==============================================================================
+<<< EXTANT 2 >>>
+==============================================================================
+Subject: Print Drivers and Devices with CUPS
+============================================
+
+CUPS ships a well-working Laserjet driver. Install it (as root) with
+
+ "lpadmin -p laserjet4plus -v parallel:/dev/lp0 -E -m laserjet.ppd"
+
+(The "-m" switch will retrieve the "laserjet.ppd" from the standard repository
+for not-yet-installed-PPDs, which CUPS keeps at "/usr/share/cups/model/". Alter-
+natively, you may use "-P /absolute/filesystem/path/to/where/there/is/PPD/your.ppd")
+
+You didn't state if the print system is working on the Linux side of things.
+Even if it does -- to print from Windows, involves some more steps....
+
+But let me first point out some more general things about printer "drivers"
+for Linux/Unix (yes, and for Mac OS X now!), be it you use CUPS or one of
+the venerable (I'd even call them "ancient" and "rusty" now...) printing
+systems.
+
+You -- and everybody else, for that matter -- should always also consult the
+database on linuxprinting.org for all recommendations about "which driver
+is best used for which printer":
+
+ http://www.linuxprinting.org/printer_list.cgi
+
+There select your model and click on "Show". You'll arrive at a page listing
+all drivers working with your model. There will always be *one* "recommended"
+one. Try this one first. In your case ("HP LaserJet 4 Plus"), you'll arrive
+here:
+
+ http://www.linuxprinting.org/show_printer.cgi?recnum=75104
+
+The recommended driver is "ljet4". It has a link to the page for the ljet4
+driver too:
+
+ http://www.linuxprinting.org/show_driver.cgi?driver=ljet4
+
+On the driver's page, you'll find various important and detailed infos about
+how to use that driver within various spoolers. You can generate a PPD for
+CUPS. The PPD contains all the info about how to use your model and the driver;
+this is, once installed, working transparently for the user -- you'll only
+need to choose resolution, paper size etc. from the web-based menu or from
+the print dialog GUI or from the commandline...
+
+On the driver's page, choose to use the "PPD-O-Matic" online PPD generator
+program. Select your model and click "Generate PPD file". When you safe the
+appearing ASCII text file, don't use "cut'n'past" (as it will possible corrupt
+line endings and tabs), but use "Save as..." in your browser's menu. Save it
+at "/some/path/on/your/filesystem/somewhere/my-name-for-my-printer.ppd"
+
+Then install the printer:
+
+ "lpadmin -p laserjet4plus -v parallel:/dev/lp0 -E -P /some/path/on/your/filesystem/somewhere/my-name-for-my-printer.ppd"
+
+Note, that for all the "Foomatic-PPDs" from Linuxprinting.org, you also need
+a special "CUPS filter" named "cupsomatic". Get the latest version of
+"cupsomatic" from
+
+ http://www.linuxprinting.org/cupsomatic
+
+This needs to be copied to "/usr/lib/cups/filter/cupsomatic" and be made world
+executable. This filter is needed to read and act upon the specially encoded
+Foomatic comments, embedded in the printfile, which in turn are used to
+construct (transparently for you, the user) the complicated ghostscript command
+line needed for your printer/driver combo.
+
+You can have a look at all the options for the Ghostscript commandline supported
+by your printer and the ljet4 driver by going to the section "Execution details",
+selecting your model (Laserjet 4 Plus) and clicking on "Show execution details".
+This will bring up this web page:
+
+ http://www.linuxprinting.org/execution.cgi?driver=ljet4&printer=75104&.submit=Show+execution+details
+
+The ingenious thing is this: the database is kept very current. If there
+is a bug fix and an improvement somewhere in the database, you will
+always get the most current and stable and feature-rich driver by following
+the steps described above... Till Kamppeter from MandrakeSoft is doing an
+excellent job here, and too few people still know about it. (So if you use
+it often, please send him a note of your appreciation sometime...)
+
+(The latest and greatest improvement now is support for "custom page sizes"
+for all those printers which support it...)
+
+"cupsomatic" is documented here:
+
+ http://www.linuxprinting.org/cups-doc.html
+
+More printing tutorial info may be found here:
+
+ http://www.linuxprinting.org/kpfeifle/LinuxKongress2002/Tutorial/
+
+Note, that *all* the Foomatic drivers listed on Linuxprinting.org (now
+approaching the "all-time high" number of 1.000 for the supported models)
+are using a special filtering chain involving Ghostscript, as described
+in great detail in the Samba CVS sources (for 2.2.x) in
+
+ docs/textdocs/CUPS-PrintingInfo.txt
+
+To sum it up:
+
+* having a "foomatic+<something>" PPD is not enough to print with CUPS
+ (but it is *one* important component)
+* you also need the "cupsomatic" filter script (Perl) in "/usr/lib/cups/filters/"
+* you need Perl to make cupsomatic run
+* you also need Ghostscript (because it is called and controlled by the
+ PPD/cupsomatic combo in a way to fit your printermodel/driver combo...)
+* your Ghostscript *must*, depending on the driver/model, contain support
+ for a certain "device" (as shown by "gs -h")
+
+In the case of the "hpijs" driver, you need a Ghostscript version, which
+is showing a "ijs" amongst its supported devices in "gs -h". In the case of
+"hpijs+foomatic", a valid ghostscript commandline would be reading like this:
+
+ gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs \
+ -sIjsServer=hpijs<PageSize> -dDuplex=<Duplex> <Model> \
+ -r<Resolution>,PS:MediaPosition=<InputSlot> -dIjsUseOutputFD \
+ -sOutputFile=- -
+
+Note, that with CUPS and the "hpijs+foomatic" PPD (plus Perl and cupsomatic)
+you don't need to remember this. You can choose the available print options
+thru a GUI print command (like "glp" from ESP's commercially supported
+PrintPro software, or KDE's "kprinter", or GNOME's "gtklp" or the independent
+"xpp") or the CUPS web interface via human-readable drop-down selection
+menus.....
+
+If you use "ESP Ghostscript" (also under the GPL, provided by Easy Software
+Products, the makers of CUPS, downloadable from http://www.cups.org/software.html,
+co-maintained by the developers of linuxprinting.org), you are guaranteed to
+have in use the most uptodate, bug-fixed, enhanced and stable version of a Free
+Ghostscript. It contains support for ~300 devices, whereas plain vanilla
+GNU Ghostscript 7.05 only has ~200....
+
+>>/ However, I can only print a Cups test page, from the web interface. when I
+/>>/ try to print a windows test page, it acts like the job was never sent.
+/
+ * Can you print "standard" jobs from the CUPS machine?
+
+ * Are the jobs from Windows visible in the Web interface on CUPS
+ (http://localhost:631/)?
+
+*Most important:* What kind of printer driver are you using on the Windows clients???
+
+You can try to get a more detailed debugging info by setting "LogLevel debug" in
+"/etc/cups/cupsd.conf", re-start cupsd and investigate "/var/log/cups/error_log"
+for the whereabouts of your Windows-originating printjobs:
+
+ * what does the "auto-typing" line say? which is the "MIME type" CUPS thinks
+ is arriving from the Windows clients?
+ * are there "filter" available for this MIME type?
+ * are there "filter rules" defined in "/etc/cups/mime.convs" for this MIME type?
+
+==============================================================================
+<<< EXTANT 3 >>>
+==============================================================================
+Subject: Printer Drivers
+========================
+
+>> Where can I find a program or how can I configure my samba server in order
+>> to limit the number of pages to be printed by users.
+
+The feature you want is dependent on the real print subsystem
+you're using. Samba's part is always to receive the job files
+from the clients (filtered *or* unfiltered) and hand it over
+to this printing subsystem.
+
+Of course one could "hack" things with one's own scripts.
+
+But there is CUPS (Common Unix Printing System). CUPS supports "quotas".
+Quotas can be based on sizes of jobs or on the number of pages or both,
+and are spanning any time period you want.
+
+This is an example command how root would set a print quota in CUPS,
+assuming an existing printer named "quotaprinter":
+
+ lpadmin -p quotaprinter -o job-quota-period=604800 -o job-k-limit=1024 -o job-page-limit=100
+
+This would limit every single user to print 100 pages or 1024 KB of
+data (whichever comes first) within the last 604.800 seconds ( = 1 week).
+
+For CUPS to count correctly, the printfile needs to pass the CUPS
+"pstops" filter, otherwise it uses a "dummy" count of "1". (Some
+printfiles don't pass it -- f.e. image files -- but then those are
+mostly 1 page jobs anyway). This also means, proprietary drivers for
+the target printer running on the client computers and CUPS/Samba
+then spooling these files as "raw" (i.e. leaving them untouched, not
+filtering them), will be counted as "1-pagers" too!
+
+You need to send PostScript from the clients (i.e. run a PostScript
+driver there) for having the chance to get accounting done. If the
+printer is a non-PostScript model, you need to let CUPS do the job to
+convert the file to a print-ready format for the target printer. This
+will be working for currently ~1.000 different printer models, see
+
+ http://www.linuxprinting.org/printer_list.cgi
+
+Before CUPS-1.1.16 your only option was to use the Adobe PostScript
+Driver on the Windows clients. The output of this driver was not always
+passed thru the "pstops" filter on the CUPS/Samba side, and therefor was
+not counted correctly (the reason is that it often --- depending on the
+"PPD" being used --- did write a "PJL"-header in front of the real
+PostScript which made CUPS to skip the pstops and go directy to
+the "pstoraster" stage).
+
+ From CUPS-1.1.16 onward you can use the "CUPS PostScript Driver
+for Windows NT/2K/XP clients" (it is tagged in the download area of
+http://www.cups.org/ as the "cups-samba-1.1.16.tar.gz" package).
+It is *not* working for Win9x/ME clients. But it....
+
+ ...it guarantees to not write an PJL-header;
+ ...it guarantees to still read and support all PJL-options named
+ in the driver PPD with its own means;
+ ...it guarantees the file going thru the "pstops" filter on the
+ CUPS/Samba server;
+ ...it guarantees to page-count correctly the printfile...
+
+You can read more about the setup of this combination in the
+manpage for "cupsaddsmb" (only present with CUPS installed, only
+current with CUPS 1.1.16).
+
+These are the items CUPS logs in the "page_log" for every single
+*page* of a job:
+
+* Printer name
+* User name
+* Job ID
+* Time of printing
+* the page number
+* the number of copies
+* a billing info string (optional)
+
+Here is an extract of my CUPS server's page_log file to illustrate
+the format and included items:
+
+infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 1 2 #marketing
+infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 2 2 #marketing
+infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 3 2 #marketing
+infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 4 2 #marketing
+infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 5 2 #marketing
+infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 6 2 #marketing
+
+This was Job ID "40", printed on "infotec_IS2027" by user "kurt",
+a 6-page job printed in 2 copies and billed to "#marketing"...
+
+Which flaws or shortcomings are there?
+
+ * the ones named above;
+ * CUPS really counts the job pages being *processsed in software*
+ (going thru the "RIP") rather than the physical sheets successfully
+ leaving the printing device -- if there is a jam while printing
+ the 5th sheet out of 1000 and the job is aborted by the printer,
+ the "page count" will still show the figure of 1000 for that
+ job;
+ * all quotas are the same for all users (no flexibility to
+ give the boss a higher quota than the clerk)
+ * no support for groups;
+ * no means to read out the current balance or "used-up"
+ number of current quota;
+ * a user having used up 99 sheets of 100 quota will still be
+ able to send and print a 1.000 sheet job;
+ * a user being denied a job because of a filled-up quota
+ doesn't get a meaningful error message from CUPS other than
+ "client-error-not-possible".
+
+But this is the best system out there currently. And there are
+huge improvements under development:
+
+--> page counting will go into the "backends" (these talk directly
+ to the printer and will increase the count in sync with the
+ actual printing process -- a jam at the 5th sheet will lead
+ to a stop in the counting...)
+
+--> quotas will be handled more flexibly;
+
+--> probably there will be support for users to inquire their
+ "accounts" in advance;
+
+--> probably there will be support for some other tools around
+ this topic...
+
+Other than the current stage of the CUPS development, I don't
+know any other ready-to-use tool which you could consider.
+
+
+==============================================================================
+<<< EXTANT 4 >>>
+==============================================================================
+Subject: More on CUPS Print Drivers
+===================================
+
+>> If you could get around the EULA, then you could package preinitialized
+>> drivers and write the information to smbd's tdbs. We have support for
+>> storing driver initialization data already.
+>
+> Have you heard that you can get CUPS printer drivers exactly for that
+> from cups.org? If they are good drivers, this could be very interesting.
+
+Hi, all,
+
+I'll give you some more info about the PostScript driver Volker mentioned
+above here as a reference. (Maybe one day before the 3.0 release it will
+end up as a worked-out paragraph inside the HOWTO collection):
+
+You can download the driver files from http://www.cups.org/software.html. It
+is a separate package from the CUPS base software files, tagged as "CUPS 1.1.16
+Windows NT/2k/XP Printer Driver for SAMBA (tar.gz, 192k)". The filename to
+download is "cups-samba-1.1.16.tar.gz". Upon untar-/unzip-ping it will reveal
+the files
+
+ cups-samba.install
+ cups-samba.license
+ cups-samba.readme
+ cups-samba.remove
+ cups-samba.ss
+
+These have been packaged with the ESP meta packager software "EPM". The
+*.install and *.remove files are simple shell script, which untars the
+*.ss (which is nothing else than a tar-archive) and puts its contents
+into "/usr/share/cups/drivers/". Its contents are 3 files:
+
+ cupsdrvr.dll
+ cupsui.dll
+ cups.hlp
+
+[ ATTENTION: due to a bug the current release puts the "cups.hlp" into
+ "/usr/share/drivers/" instead of "/usr/share/cups/drivers/". To work
+ around this, copy/move the file after running the "./cups-samba.install"
+ script manually to the right place:
+
+ "cp /usr/share/drivers/cups.hlp /usr/share/cups/drivers/" ]
+
+This new CUPS PostScript driver is currently binary-only, but free (as in
+free beer); no source code is provided (yet). The reason is this: it has
+been developed with the help of the Microsoft Driver Developer Kit (DDK)
+and compiled with Microsoft Visual Studio 6. It is not clear to the driver
+developers if they are allowed to distribute the whole of the source code
+as Free Software. However, they will likely release the "diff" in source
+code under the GPL, so anybody with a license of Visual Studio and a DDK
+will be able to compile for him/herself.
+
+Once you have run the install script (and possibly manually moved the
+"cups.hlp" file to "/usr/share/cups/drivers/"), the driver is ready to be
+put into Samba's [print$] share (which often maps to "/etc/samba/drivers/"
+and contains a subdir tree with WIN40 and W32X86 branches), by running
+"cupsaddsmb" (see also "man cupsaddsmb" for CUPS 1.1.16). [Don't forget to
+put root into the smbpasswd file by running "smbpasswd" should you run
+this whole procedure for the first time.] Once the driver files are in the
+[print$] share, they are ready to be downloaded and installed by the
+Win NT/2k/XP clients.
+
+NOTE 1: Win 9x/ME clients won't work with this driver. For these you'd
+ still need to use the ADOBE*.* drivers as previously.
+
+NOTE 2: It is not harming if you've still the ADOBE*.* driver files from
+ previous installations in the "/usr/share/cups/drivers/" directory.
+ The new cupsaddsmb (from 1.1.16) will automatically use the
+ "newest" installed driver (which here then is the CUPS drivers).
+
+NOTE 3: Should your Win clients have had the old ADOBE*.* files and the
+ Adobe PostScript drivers installed, the download and installation
+ of the new CUPS PostScript driver for Windows NT/2k/XP will fail
+ at first.
+ It is not enough to "delete" the printer (as the driver files
+ will still be kept by the clients and re-used if you try to
+ re-install the printer). To really get rid of the Adobe driver
+ files on the clients, open the "Printers" folder (possibly via
+ "Start --> Settings --> Control Panel --> Printers"), right-click
+ onto the folder background and select "Server Properties". A
+ new dialog opens; select the "Drivers" tab; on the list select
+ the driver you want to delete and click on the "Delete" button.
+ (This will only work if there is no single printer left which
+ uses that particular driver -- you need to "delete" all printers
+ using this driver in the "Printers" folder first...)
+
+NOTE 4: Once you have successfully downloaded the CUPS PostScript driver
+ to a client, you can easily switch all printers to this one
+ by proceeding as described elsewhere in the "Samba HOWTO
+ Collection" to change a driver for an existing printer....
+
+
+What are the benefits with the "CUPS PostScript driver for Windows NT/2k/XP"
+as compared to the Adobe drivers?
+
+* no hassle with the Adobe EULA; no hassle with the question "where do I
+ get the ADOBE*.* driver files from?"
+
+* the Adobe drivers (depending on the printer PPD associated with them)
+ often put a PJL header in front of the core PostScript part of the print
+ file (thus the file starts with "<1B>%-12345X" or "<escape>%-12345X"
+ instead of "%!PS"). This leads to the CUPS daemon autotyping the
+ arriving file as a print-ready file, not requiring a pass thru the
+ "pstops" filter (to speak more technical, it is not regarded as the
+ generic MIME type "application/postscript", but as the more special
+ MIME type "application/cups.vnd-postscript"), which therefore also
+ leads to the page accounting in "/var/log/cups/page_log" not receiving
+ the exact mumber of pages; instead the dummy page number of "1" is
+ logged in a standard setup...)
+
+* the Adobe driver has more options to "mis-configure" the PostScript
+ generated by it (like setting it inadvertedly to "Optimize for Speed",
+ instead of "Optimize for Portability", which could lead to CUPS being
+ unable to process it....)
+
+* the CUPS PostScript driver output sent by Windows clients to the CUPS
+ server will be guaranteed to be auto-typed as generic MIME type
+ "application/postscript", thusly passing thru the CUPS "pstops" filter
+ and logging the correct number of pages in the page_log for accounting
+ and quota purposes...
+
+* the CUPS PostScript driver supports the sending of additional print
+ options by the Win NT/2k/XP clients, such as naming the CUPS standard
+ banner pages (or the custom ones, should they be installed at the time
+ of driver download), using the CUPS "page-label" option, setting a
+ job-priority and setting the scheduled time of printing (with the option
+ to support additional useful IPP job attributes in the future).
+
+* the CUPS PostScript driver supports the inclusion of the new
+ "*cupsJobTicket" comments at the beginnig of the PostScript file (which
+ could be used in the future for all sort of beneficial extensions on
+ the CUPS side, but which will not disturb any other application as those
+ will regard it as a comment and simply ignore it).
+
+* the CUPS PostScript driver will be the heart of the fully fledged CUPS
+ IPP client for Windows NT/2k/XP to be released soon (probably alongside
+ the first Beta release for CUPS 1.2).
+
+==============================================================================
+<<< EXTANT 5 >>>
+==============================================================================
+Subject: Printing with Bells and Whistles
+=========================================
+
+May I suggest a radically different approach to your problem?
+
+* Let the Windows Clients use a PostScript driver, to produce
+ PostScript as their print output sent towards the Samba print
+ server (just like any Linux or Unix Client would also use
+ PostScript to send to the server...)
+
+* make the Unix printing subsystem which is underneath Samba
+ convert the incoming PostScript files to the native print
+ format of the target printers (would likely be PCL?
+ I understand you have mainly HP models?)
+
+* You're afraid, that this would just mean a *Generic* PostScript
+ driver for the clients? With no Simplex/Duplex selection,
+ no paper tray choice? But you need them to be able to set up
+ their jobs, ringing all the bells and whistles of the printers?
+
+ --> Not possible with traditional spooling systems!
+
+ --> But perfectly supported by CUPS (which uses "PPD" files to
+ describe how to control the print options for PostScript and
+ non-PostScript devices alike...
+
+ CUPS PPDs are working perfectly on Windows
+ clients who use Adobe PostScript drivers (or the new CUPS
+ PostScript driver for Windows NT/2K/XP). Clients can use
+ them to setup the job to their liking and CUPS will use
+ the received job options to make the (PCL-, ESC/P- or
+ PostScript-) printer behave as required.
+
+* You want to have the additional benefit of page count logging
+ and accounting? In this case the CUPS PostScript driver
+ is the best choice (better than the Adobe one).
+
+* You want to make the drivers downloadable for the clients?
+ "cupsaddsmb" is your friend. It will setup the [print$]
+ share on the Samba host to be ready to serve the clients
+ for a "point and print" driver installation...
+
+"What strings are attached?", I hear you asking...
+
+You are right, there are some. But, given the sheer CPU power
+you can buy nowadays in German supermarkets, these can be
+overcome easily.
+
+The strings: Well, if the
+CUPS/Samba side will have to print a *lot* onto 40 printers
+serving 500 users, you probably will need to set up a second
+server (which can do automatic load balancing with the first
+one, plus a degree of fail-over mechanism). Converting the
+incoming PostScript jobs, "interpreting" them for
+non-PostScript printers, amounts to the work of a "RIP"
+(Raster Image Processor) done in software. This requires
+more CPU and RAM than for the mere "raw spooling" task
+your current setup is solving... It all depends on the
+avarage and peak printing load the server should be
+able to handle....
+
+==============================================================================
+<<< EXTANT 6 >>>
+==============================================================================
+Subject: Deletion of CUPS spool files
+=====================================
+
+From samba-technical-admin@lists.samba.org Thu Dec 5 17:18:48 2002
+Zdenek Niederle wrote on Samba-digest:
+
+> Message: 1
+> From: Zdenek Niederle <zniederle@collicutt.com>
+> Organization: Collicutt Hanover
+> To: samba-technical@lists.samba.org
+> Subject: Clean up of spool files
+> Date: Wed, 4 Dec 2002 15:13:15 -0700
+>
+> I'm using Samba 2.2.5 and CUPS to handle printing on our network.
+> Unfortunately, the smbprn.xxxxxx spool files are not being cleaned up and
+> instead are quickly filling the spool directory. Is their a setting or
+> option to ensure the files are cleaned up once sent to the printer? I am
+> aware that using a cron job would work but this can't be the best solution.
+>
+> Thanks.
+
+
+Hi, Zdenek,
+
+you need to be aware, that the Samba print files pass thru 2
+different "spool" directories. Once the incoming directory
+managed by Samba, (set f.e. in the "path = /var/spool/samba"
+directive in the [printers] section of "smb.conf"). Second is
+the spool directory of your UNIX print subsystem. For CUPS it is
+normally "/var/spool/cups/", as set by the cupsd.conf directive
+"RequestRoot /var/spool/cups".
+
+I am not sure, which one of your directories keeps the files.
+ From what you say, it is most likely the Samba part.
+
+For the CUPS part, you may want to consult:
+
+ http://localhost:631/sam.html#PreserveJobFiles and
+ http://localhost:631/sam.html#PreserveJobHistory and
+ http://localhost:631/sam.html#MaxJobs
+
+There are the settings described for your CUPS daemon, which
+could lead to completed job files not being deleted.
+
+"PreserveJobHistory Yes" -- keeps some details of jobs in
+cupsd's mind (well it keeps the "c12345", "c12346" etc. files
+in the CUPS spool directory, which do a similar job as the
+old-fashioned BSD-LPD control files). This is set to "Yes"
+as a default.
+
+"PreserveJobFiles Yes" -- keeps the job files themselves in
+cupsd's mind (well it keeps the "d12345", "d12346" etc. files
+in the CUPS spool directory...). This is set to "No" as the
+CUPS default.
+
+"MaxJobs 500" -- this directive controls the maximum number
+of jobs that are kept in memory. Once the number of jobs
+reaches the limit, the oldest completed job is automatically
+purged from the system to make room for the new one. If all
+of the known jobs are still pending or active then the new
+job will be rejected. Setting the maximum to 0 disables this
+functionality. The default setting is 0.
+
+(There are also additional settings for "MaxJobsPerUser" and
+"MaxJobsPerPrinter"...)
+
+For everything to work as announced, you need to have three
+things:
+
+ * a Samba-smbd which is compiled against "libcups" (Check
+ on Linux by running "ldd `which smbd`")
+
+ * a Samba-smb.conf setting of "printing = cups"
+
+ * another Samba-smb.conf setting of "printcap = cups"
+
+Note, that in this case all other manually set printing-related
+commands (like "print command", "lpq command", "lprm command",
+"lppause command" or "lpresume command") are ignored and they
+should normally have no influence what-so-ever on your printing.
+
+If you want to do things manually, replace the "printing = cups"
+by "printing = bsd". Then your manually set commands may work
+(haven't tested this), and a "print command = lp -d %P %s; rm %s"
+may do what you need.
+
+You forgot to mention the CUPS version you're using. If you did
+set things up as described in the man pages, then the Samba
+spool files should be deleted. Otherwise it may be a bug. On
+the CUPS side, you can control the behaviour as described
+above.
+
+If you have more problems, post the output of these commands:
+
+ grep -v ^# /etc/cups/cupsd.conf | grep -v ^$
+ grep -v ^# /etc/samba/smb.conf | grep -v ^$ | grep -v "^;"
+
+(adapt paths as needed). These commands sanitize the files
+and cut out the empty lines and lines with comments, providing
+the "naked settings" in a compact way.
+
+Cheers,
+Kurt
+
diff --git a/docs/textdocs/CreatingGroupProfiles-Win2K.txt b/docs/textdocs/CreatingGroupProfiles-Win2K.txt
new file mode 100644
index 0000000000..11a326bafb
--- /dev/null
+++ b/docs/textdocs/CreatingGroupProfiles-Win2K.txt
@@ -0,0 +1,112 @@
+You must first convert the profile from a local profile to a domain
+profile on the MS Windows workstation as follows:
+
+1. Log on as the LOCAL workstation administrator.
+
+2. Right click on the 'My Computer' Icon, select 'Properties'
+
+3. Click on the 'User Profiles' tab
+
+4. Select the profile you wish to convert (click on it once)
+
+5. Click on the button 'Copy To'
+
+6. In the "Permitted to use" box, click on the 'Change' button.
+
+7. Click on the 'Look in" area that lists the machine name, when you click
+here it will open up a selection box. Click on the domain to which the
+profile must be accessible.
+
+Note: You will need to log on if a logon box opens up. Eg: In the connect
+as: MIDEARTH\root, password: mypassword.
+
+8. To make the profile capable of being used by anyone select 'Everyone'
+
+9. Click OK. The Selection box will close.
+
+10. Now click on the 'Ok' button to create the profile in the path you
+nominated.
+
+Done. You now have a profile that can be editted using the samba-3.0.0
+profiles tool.
+
+
+
+> Keep profiles clean and small by making them mandatory.
+> See the Win2K/WinXP resource kits for details how to create a mandatory profile.
+>
+> Can you do this when using Samba as a PDC? I thought you could only do
+> policies if you had a Win2K server?
+
+No difference. Samba handles the profile ACLs the same way Win2K does.
+But understand that it is the Win2K client that does all the processing
+of the SIDs on the ACLs in the profile NTUser.DAT file.
+
+
+Note:
+-----
+> Unless your users are using Outlook (or virtually any E-mail client for
+> that matter) I have a few users with .PST files that are over 1Gig in
+> size. This is due to the regular amount of data files that we are sent. I
+> have discussed with them the need to trim those files down.
+
+Under NT/2K the use of mandotory profiles forces the use of MS Exchange
+storage of mail data. That keeps desktop profiles usable.
+
+
+Note:
+-----
+ Date: Tue, 19 Nov 2002 08:32:17 -0000
+ From: John Russell <apca72@dsl.pipex.com>
+ Reply-To: John Russell <j.c.russell@sussex.ac.uk>
+ To: samba@lists.samba.org
+ Subject: Re: [Samba] Samba and Windows XP
+
+ [ The following text is in the "iso-8859-1" character set. ]
+ [ Your display is set for the "US-ASCII" character set. ]
+ [ Some characters may be displayed incorrectly. ]
+
+ this is a security check new to Windows XP (or maybe only
+ Windows XP service pack 1). It can be disabled via a group policy in
+ Active Directory. The policy is:
+
+ "Computer Configuration\Administrative Templates\System\User
+ Profiles\Do not check for user ownership of Roaming Profile Folders"
+
+ ...and it should be set to "Enabled".
+
+ Does the new version of samba have an Active Directory analogue? If so,
+ then you may be able to set the policy through this.
+
+ If you cannot set group policies in samba, then you may be able to set
+ the policy locally on each machine. If you want to try this, then do
+ the following (N.B. I don't know for sure that this will work in the
+ same way as a domain group policy):
+
+ On the XP workstation log in with an Administrator account.
+
+ Click: "Start", "Run"
+ Type: "mmc"
+ Click: "OK"
+
+ A Microsoft Management Console should appear.
+ Click: File, "Add/Remove Snap-in...", "Add"
+ Double-Click: "Group Policy"
+ Click: "Finish", "Close"
+ Click: "OK"
+
+ In the "Console Root" window:
+ Expand: "Local Computer Policy", "Computer Configuration",
+ "Administrative Templates", "System", "User Profiles"
+ Double-Click: "Do not check for user ownership of Roaming Profile
+ Folders"
+ Select: "Enabled"
+ Click: OK"
+
+ Close the whole console. You do not need to save the settings (this
+ refers to the console settings rather than the policies you have
+ changed).
+
+ Reboot.
+
+
diff --git a/docs/textdocs/CreatingGroupProfiles-Win9X.txt b/docs/textdocs/CreatingGroupProfiles-Win9X.txt
new file mode 100644
index 0000000000..3d9c239a61
--- /dev/null
+++ b/docs/textdocs/CreatingGroupProfiles-Win9X.txt
@@ -0,0 +1,58 @@
+To : "C.Lee Taylor" <leet@leenx.co.za>
+Cc : Bart <bartro@go.ro>,
+ samba@lists.samba.org
+Attchmnt:
+Subject : Re: [Samba] Profiles ...
+----- Message Text -----
+On Fri, 17 Jan 2003, C.Lee Taylor wrote:
+
+> John H Terpstra wrote:
+> > On Thu, 16 Jan 2003, C.Lee Taylor wrote:
+> >
+> >
+> >>Bart wrote:
+> >>
+> >>>Or ju put the documents on the home drive and change the target of the
+> >>>'my documents' folder to this home drive.
+> >>>
+> >>>that way you have security & all the docs on a mounted drive.
+> >>
+> >> We did that with Win98SE, and found that some times it would change
+> >>back or to something that should cause problems ... that is why I was
+> >>hoping, there was away around this ... but then it seems not.
+> >
+> >
+> > Did you check the Win98 Resource Kit for how to configure this?
+> No, just searched the registery for the set strings, changed them and
+> tested. Also used support.microsoft.com for other info ... Don't have
+> access to the Resource kits, unless they have not put them up on the net
+> and it's legal for us to use them wihtout paying?
+
+That method does not work well. You need the Win98 Group Policy Editor to
+set this up. It can be found on the Original full product Win98
+installation CD under tools/reskit/netadmin/poledit. You install this
+using the Add/Remove Programs facility and then click on the 'Have Disk'
+tab.
+
+Use the Group Policy Editor to create a policy file that specifies the
+location of user profiles and/or the 'My Documents' etc. stuff. You then
+save these settings in a file called Config.POL that needs to be placed in
+the root of the [NETLOGON] share. If your Win98 is configured to log onto
+the Samba Domain, it will automatically read this file and update the
+Win98 registry of the machine that is logging on.
+
+All of this is covered in the Win98 Resource Kit documentation.
+
+If you do not do it this way, then every so often Win98 will check the
+integrity of the registry and will restore it's settings from the back-up
+copy of the registry it stores on each Win98 machine. Hence, your symptoms
+of things changing back to original settings.
+
+Hope this helps. I have omitted quite a lot of detail you will need to
+figure out. Yell if you need more help.
+
+- John T.
+--
+John H Terpstra
+Email: jht@samba.org
+
diff --git a/docs/textdocs/CreatingGroupProfilesInNT4.txt b/docs/textdocs/CreatingGroupProfilesInNT4.txt
new file mode 100644
index 0000000000..666788643e
--- /dev/null
+++ b/docs/textdocs/CreatingGroupProfilesInNT4.txt
@@ -0,0 +1,71 @@
+Unfortunately, the Resource Kit info is Win NT4/2K version specific.
+
+Here is a quick guide:
+
+1. On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.
+
+2. Select a user profile you want to migrate and click on it.
+
+Note: I am using the term "migrate" lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.
+
+3. Click the 'Copy To' button.
+
+4. In the box labelled 'Copy Profile to' add your new path, eg:
+c:\temp\foobar
+
+5. Click on the button labelled 'Change' in the "Permitted to use" box.
+
+6. Click on the group 'Everyone' and then click OK. This closes the
+'chose user' box.
+
+7. Now click OK.
+
+Follow the above for every profile you need to migrate.
+
+
+Side bar Notes:
+---------------
+You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.
+
+With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.
+
+Also Note:
+----------
+The above method can be used to create mandatory profiles also. To convert
+a group profile into a mandatory profile simply locate the NTUser.DAT file
+in the copied profile and rename it to NTUser.MAN.
+
+
+Next Note:
+----------
+The W2K professional resource kit has moveuser.exe:
+
+Description:
+
+ moveuser.exe changes the security of a profile from one user to another.
+ This allows the account domain to change, and/or the user name to change.
+
+
+Next Note:
+----------
+You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.
+
+Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
+
+Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.
+
+
diff --git a/docs/textdocs/PROFILES.txt b/docs/textdocs/PROFILES.txt
new file mode 100644
index 0000000000..1b9cf4213e
--- /dev/null
+++ b/docs/textdocs/PROFILES.txt
@@ -0,0 +1,385 @@
+Contributors: Bruce Cook <BC3-AU@bigfoot.com>
+ Copyright (C) 1998 Bruce Cook
+
+ John Terpstra <samba@samba.org>
+ Copyright (C) 1998 John H. Terpstra
+
+ Wolfgang Ratzka <ratzka@hrz.uni-marburg.de>
+ Copyright (C) 1998 Wolfgang Ratzka
+
+Created: April 11, 1998
+Updated: April 11, 1998
+
+Subject: User Profiles
+===========================================================================
+
+From BC3-AU@bigfoot.com Sat Apr 11 13:36:05 1998
+Date: Sat, 11 Apr 1998 17:13:49 +1000
+From: Bruce Cook <BC3-AU@bigfoot.com>
+To: Multiple recipients of list <samba-ntdom@samba.org>
+Subject: RE: A question about NT Domains
+
+Luke Kenneth Casson Leighton writes:
+ > On Fri, 10 Apr 1998, Jean-Francois Micouleau wrote:
+ >
+ > > On Fri, 10 Apr 1998, Luke Kenneth Casson Leighton wrote:
+ > >
+ > > > ah, then i need to explain better. two or more users have identical
+ > > > profiles. say only one user installs a program which adds additional keys
+ > > > into the registry. those keys, as i understand it, will *not* be removed
+ > > > from HKEY_LOCAL_USER when subsequent users log in.
+ > >
+ > > under W95 or NT ?
+ >
+ > my experience is with Win95, but i expect the same for NT, and have been
+ > told that it is so by someone who runs NT admin training courses.
+ >
+ > > and why do you want to have one profile shared between multiples users ?
+ >
+ > you don't. how did you get that impression? i said multiple users with
+ > identical profiles, not multiple users sharing one profile.
+
+In my experience with both Win95 and NT, is that the HKEY_LOCAL_USER information
+is stored in USER.dat or NTuser.DAT for NT. ALL of this branch is in this file
+and there is no overlap between any two users (Unless you have '95 set up
+to use a single common profile).
+
+[** lkcl: see jht's message for conditions under which an overlap can occur **]
+
+The HKEY_LOCAL_MACHINE branch is machine based, and shared by all users of that
+machine.
+
+
+[And now for a whole stack of caveats]
+
+1. User start menu paths are not stored in the registry (obviously) they're
+ a directory structure that located by settings in HKEY_LOCAL_USER.
+
+ If you want start menues / desktop / favorites to be individual to a user
+ you must set up your user registry so these can be located individually.
+ The easiest tool to manage this is the policy editor.
+
+2. When you log onto 'Doze 95, it has to find the user registry.
+
+
+ If you have specified a common profile, a "default user" USER.DAT is used.
+
+ If you have specified individualised profiles, then USER.DAT will be found
+ by the following formula:
+
+ 1. if NET USE x: /HOME was used at startup, try for x:\USER.DAT (where
+ x: is any drive letter from A to Z.
+ if no USER.DAT is found go to step 3
+
+ 2. if no home is specified in a mapping,
+ ...\windows\profiles\username\USER.DAT is used. If no USER.DAT exists
+ go to step 3.
+
+ 3. If neither of the previous two found a USER.DAT, then it will use
+ a prototype USER.DAT which it will later save to the above specified
+ path when the user logs out.
+
+ The interesting thing here is that the prototype USER.DAT used here
+ is actually a copy of the last USER.DAT used on this machine. (This
+ may be the effect that the original poster is seeing)
+
+ 4. As discussed above the start menu and desktop are specified in the
+ registry contained within USER.DAT. When a new USER.DAT is created
+ from a prototype, new directories are created for the start menu and
+ desktop ACCORDING TO HOW THE COPIED PROTOTYPE DEFINES THEM.
+
+ So if the prototype USER.DAT says that start menu is in H:\Start Menu
+ but programs folder is C:\windows\start menu\programs, then the
+ H:\start menu will be created, and the existing machine programs
+ folder used.
+
+ This means that is is important when creating roving profiles to get
+ your prototype USER.DAT and general user directory structure set up
+ exactly as you want it, and then make a copy of it that you know will
+ be safe from modification. When creating a new user you then copy
+ this prototype into the new user area, so that the new user doesn't
+ just inherit what the previous user had.
+
+
+3. When you log onto 'Doze NT, it has to find the user registry.
+
+
+ NT is easier to see what's going on, but follows much the same rules as
+ '95. The big difference being that 'NT gets its profile location from
+ the login server when it's logged in. (On an NT system have a look at user
+ manager/user/profile - you will see that you can specify the user profile
+ path) Under NT3.51 this profile path was a path to NTuser.DAT, on 4.0 this
+ seems to be a path to a directory structure (haven't played with many NT4
+ servers)
+
+ I'm not sure how this works in samba, as I haven't yet tried the NT_DOM stuff
+ yet (Luke: I assume you have a keyword for this?)
+
+[lkcl: nt workstations should look in exactly the same places for things on
+ samba or other SMB servers as they do on an NT server, as long as that
+ SMB server looks like NT. if anyone finds that something fails, alert
+ us on samba@samba.org and we'll look into it].
+
+ When an NT system find a user without a NTuser.DAT, it copies from a
+ prototype that it stores especially for this purpose, so while unlike '95
+ the user doesn't get whatever happened last on the machine, the user will
+ get a fairly minimalist configuration.
+
+[[jht:
+When a Win95 machine logs onto a Windows NT Domain the Win95 machine looks
+for the presence of a file called Config.Pol in the following location:
+ \\"Authenticating Server"\NETLOGON
+It reads this file and uses it to ammend both the desktop environment as well
+as the file %WinDir%\Profiles\%USERNAME%\User.DAT. As with Windows NT, on log
+out this file gets written back to the profile server into the %USERNAME%
+directory in the profile share.
+
+It is thus possible to share a common desktop profile between Windows NT and
+Windows 9x.
+:jht]]
+
+
+4. There are a *LOT* of reasons that the 'doze machine might not find USER.DAT
+ and therefore default to a prototype.
+
+ 1. Can't execute logon script & therefore no /HOME mapping (Most common)
+ .Make sure the script exists
+ .that you have your logon script set right
+ .Netlogon share must exist
+ .Protection/ownership of the script and share
+
+ 2. no /HOME mapping in the logon script
+
+ 3. no home path specified in /etc/smb.conf (Or no home mapping set
+ up for that user in NT's user manager)
+
+ 4. Protection/ownership of the user directory
+
+ 5. protection/ownership of USER.DAT
+
+ 6. basic networking problems
+ .Is the networking available (Test it by manually mapping
+ to both the user share and netlogon share)
+ .Was the networking working during logon ?
+
+ 7. Has it defaulted to a prototype, and then had you map the home
+ directory afterwards ? - This will result in the bad prototype
+ being written into the users home, and them being stuck with it,
+ (Just replace USER.DAT again)
+
+
+5. Interesting NOTE
+
+ When '95 is performing the logon script, the HKEY_LOCAL_USERS has
+ NOT been mapped from the USER.DAT. What has been mapped at this stage
+ is the prototype registry (last one used).
+
+ I assume the reason for this is that '95 is waiting for the logon
+ script to complete so that it can identify where the user's home
+ directory is.
+
+ If at this point you attempt to do anything that uses the USER registry,
+ (installing something for example or reading something from the user
+ registry) you will actually be operating on the machine stored prototype
+ profile not the user profile. This means that nothing will realy
+ happen to the user setup (No menu items, no settings etc).
+
+ To get around this you can name a process in the "run once" entries in
+ the HKEY_LOCAL_MACHINE branch, and these "run once" processes will be
+ executed once the USER.DAT is loaded, and all the user directories are
+ accessible.
+
+
+To sum up:
+
+ NET USE H: /HOME
+ is the key to getting your user profiles loaded from a server.
+ NET USE H: \\server\homes
+ Won't get it right without a lot of stuffing about.
+
+ Windoze '95 goes through a lot to bring you your user profile and
+ if anything goes wrong during this process, it will drop back to
+ using whatever profile was last used on the machine.
+
+
+From samba@aquasoft.com.au Sat Apr 11 13:48:54 1998
+Date: Sat, 11 Apr 1998 09:34:08 +1000
+From: Samba Bugs <samba@aquasoft.com.au>
+To: Multiple recipients of list <samba-ntdom@samba.org>
+Subject: Re: A question about NT Domains
+
+Just for the sake of completeness I thought I'd add a bit to this.
+Let's be clear about which files affect registry changes (or contents).
+
+Under NT, open a command prompt interface:
+cd %SystemRoot%\System32\config
+dir
+
+The standard registry files are:
+ Default - all component default settings
+ System - all HKLM\System entries
+ Software - all HKLM\Software entries
+ Security - Domain/Machine releated User Rights & Privs.
+ SAM - the Security Access Manager database (ie:Passwords etc.)
+
+[[jht:
+The SAM and Security files are the only files that get synchronised between
+Windows NT Domain Controllers.
+:jht]]
+
+These are used by EVERYTHING!!
+
+When a user logs in the following files get checked:
+ 1) \\"Authenticating Server"\NETLOGON\NTConfig.Pol
+ 2) %SystemRoot%\Profiles\Policies\NTConfig.Pol
+ this one is a copy of the last NTConfig.Pol downloaded
+ from (1) above - if available.
+ 3) %SystemRoot%\Policies\%UserName%\NTUser.DAT
+
+[[jht:
+The System Policy Editor on Windows NT can be used to create both the
+Windows 95 "Config.Pol" file, as well as the Windows NT "NTConfig.Pol"
+file. To create the Windows 95 policy file you MUST load the Windows 95
+policy template BEFORE creating the Config.Pol file.
+:jht]]
+
+The later, is first obtained from a profile server if the User_Init_Info
+passed from the Domain Logon Server specifies use of a roaming profile.
+If item (3) does NOT exist and/or NO default profile is available one gets
+created from the system default settings PLUS the last loaded file at item
+(2) above.
+
+The HKCU is always unique to the currently logged in user, BUT if the
+currently logged in user is using a shared profile that has NOT been made
+exclusive then on logout the HKCU will be written over the top of the
+source files. That is why Mandatory profiles are essential when sharing a
+roaming profile.
+
+On Sat, 11 Apr 1998, Wolfgang Ratzka wrote:
+
+> Luke Kenneth Casson Leighton wrote:
+>
+> > my experience is with Win95, but i expect the same for NT, and have been
+> > told that it is so by someone who runs NT admin training courses.
+>
+> On NT it is quite definitely not so. HKCU will always be loaded completely from
+> the user's NTuser.dat file and unloaded again after logout.
+> In fact HKCU is not a proper registry hive but a symbolic reference to the subkey of
+> HKEY_USERS that corresponds to the current user. If more than one user
+> is active on an NT machine (on plain vanilla NT this *is* possible if you have
+> services running as a non-system user; on WinFrame or Hydra multiple users
+> can be logged in) you will see several subkeys of HKU that correspond to
+> the active users and don't interfere with each other.
+>
+> Of course some settings that a user can change do not go into the HKCU hive
+> but into HKLM, most notably the screen resolution and the number of colours
+> (you can use policies to prevent user's from changing these).
+> Some applications put information that should go into HKCU into HKLM instead.
+> (Hall of Shame: Netscape Communicator, Microsoft Office 97 [User dictionaries!]...).
+> Others just use plain good old INI files in their program directory or even
+> in \WINNT\SYSTEM32. Those changes will not be user specific but machine
+> specific and those programs will cause trouble, when one tries to run them
+> on WinFrame or Hydra... :-).
+>
+> Summarizing:
+>
+> Q: Will the next user inherit a previous user's additions
+> to the HKCU registry hive?
+> A: Quite definitely not.
+
+Correct.
+
+>
+> Q: Can a user foul up the configuration for the next user?
+> A: Quite definitely yes!
+
+See above. Yes, but not if correctly configured.
+
+>
+> Q: Is this discussion out of place on the samba-ntdom list?
+> A: Errr....
+
+Errr... Really? I think it is. Do we, or do we not, want to help people to
+gain stable and dependable use of samba?
+
+> --
+> Wolfgang Ratzka (dialing in from home)
+
+Cheers,
+John H Terpstra (Also from home!!!!)
+
+=============================================================================
+Further notes by Bruce Cook
+
+Date: Sun, 12 Apr 1998 14:12:22 +1000
+From: Bruce Cook <BC3-AU@bigfoot.com>
+Subject: Re: Win95 / NT Profiles (was: RE: A question about NT Domains)
+
+Ah yes I knew there was something I forgot.
+here it is for completeness.
+
+=============================================================================
+
+When a user logs into a specific machine for the first time, they will be
+told that they've never logged into the machine, and would they like to
+store the user setting for future use.
+
+If the user answers NO, they will be nagged about this every time they
+log into the machine until they say YES. (How about it MS, could we
+possible do something about this feature?)
+
+When the user answers YES, thereafter upon logging out of the machine,
+a copy of the user's profile is also written onto the machines local disk
+for later use.
+
+When a user logs into a machine where his/her profile has previously been
+saved, a comparison is made between the date of the profile copy kept on
+the machine, and the date of the profile stored on the server. In theory
+the server date should be later or the same.
+
+If the local machine date is later than the server date, the client
+machine will tell you the the settings on the local machine are more
+recent than those of the server, and would you like to user them instead.
+
+This occurs for a couple of reasons:
+ 1. Server not available when the user logs out
+ 2. Date mismatch between the server and the client
+ (I always use NET TIME \\server /SET /YES in my logon scripts)
+
+
+Logging in with NO server available.
+
+In some cases a client will want to log into a network with no server
+available. (Portables away from the office, or a dead server)
+
+This can only happen if the administrator has NOT set the machine to
+give access only upon password verification from the server.
+(If the admin has done this, it can be circumvented by restarting
+ the machine in safe mode, and running poledit, or regedit and
+ disabling that feature)
+
+If you are able to log in while the server is unavailable, you have
+two choices
+ 1. Log in as a user that previously stored a profile
+ (The password won't have to match unless the machine
+ is set up to store passwords)
+
+ 2. log in as the default user (bit the cancel button or escape key)
+
+If you choose to use your profile stored on the local machine, there are
+several things you should be wary of:
+ 1. the profile stored on the machine will be a copy of the last
+ profile used when you logged into THAT machine. You may get
+ quite an old profile.
+ 2. When you log out, that local profile is garunteed to be later
+ than the one on the server, and if the server is available, or
+ you later log into that machine when the server is available
+ you could overwrite the good server profile with a bogus profile.
+
+
+Technique note:
+ I set portable computers up so that they don't use roaming profiles,
+ rather they have a single profile kept on the machine. This means
+ that a user has the same desktop look an feel regardless of where
+ they are. This follows the philosophy that laptops tend to be used
+ by only one person.
diff --git a/docs/textdocs/RoutedNetworks.txt b/docs/textdocs/RoutedNetworks.txt
new file mode 100644
index 0000000000..fb55f9f9bf
--- /dev/null
+++ b/docs/textdocs/RoutedNetworks.txt
@@ -0,0 +1,63 @@
+#NOFNR Flag in LMHosts to Communicate Across Routers
+
+ Last reviewed: May 5, 1997
+ Article ID: Q103765
+ The information in this article applies to:
+
+ Microsoft Windows NT operating system version 3.1
+ Microsoft Windows NT Advanced Server version 3.1
+
+ SUMMARY
+
+ Some of the LAN Manager for UNIX and Pathworks servers may have
+problems in communicating across routers with
+ Windows NT workstations. The use of #NOFNR flag in the LMHosts
+file solves the problem.
+
+ MORE INFORMATION
+
+ When you are communicating with a server across a router in a IP
+routed environment, the LMHosts file is used to
+ resolve Workstation name-to-IP address mapping. The LMHosts
+entry for a remote machine name provides the IP
+ address for the remote machine. In Lan Manager 2.x, providing
+the LMHosts entry eliminates the need to do a Name
+ Query broadcast to the local domain and instead a TCP session is
+established with the remote machine. Windows NT
+ performs the same function in a different way.
+
+ When an LMHosts entry exists for a remote server, Windows NT
+will not send a Name Query broadcast to the local
+ subnet and instead send a directed Name Query to the remote
+server. If the remote server does not respond to the Name
+ Query, further communications (TCP SYN, and so on) will not take
+place. This was done to eliminate the performance
+ issues when trying to connect to a remote machine when it was
+not available (down).
+
+ Some of the older LAN Manager for UNIX and DEC Pathworks servers
+do not respond to directed Name Queries sent
+ by Windows NT. In that case, the users will see an error 53
+(Path not found), even though they have specified the
+ LMHosts entries correctly. A new LMHosts flag #NOFNR was added
+to solve this problem. By specifying the
+ #NOFNR flag on the same line where the name resolution
+information for the server is provided, the directed Name
+ Query can be avoided. For example:
+
+ 130.20.1.1 mylmxserver #PRE #NOFNR
+
+
+ Note that this will only apply to mylmxserver and not to any
+other entries in the LMHosts file. To set
+ a global flag, an entry could be added in the registry. To
+completely remove any directed Name
+ Queries sent from a Windows NT machine, create the following
+value in
+
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nbt\Parameters:
+
+ NoDirectedFNR REG_DWORD 1
+
+
+ This will cause the directed Name Queries to not go out for any
generated by cgit (git 2.34.1) at 2025-03-11 23:02:28 +0000