diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/docbook/global.ent | 68 | ||||
-rw-r--r-- | docs/docbook/projdoc/Compiling.sgml | 57 | ||||
-rw-r--r-- | docs/docbook/projdoc/IntroSMB.sgml | 175 |
3 files changed, 269 insertions, 31 deletions
diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent index 70f7849868..5abcc606d7 100644 --- a/docs/docbook/global.ent +++ b/docs/docbook/global.ent @@ -83,6 +83,15 @@ </affiliation> </author>'> +<!ENTITY author.dlechnyr ' +<author> + <firstname>David</firstname><surname>Lechnyr</surname> + <affiliation> + <orgname>Unofficial HOWTO</orgname> + <address><email>david@lechnyr.com</email></address> + </affiliation> +</author>'> + <!-- URL's --> <!ENTITY url.samba.cvsinfo 'http://pserver.samba.org/samba/cvs.html'> <!ENTITY url.pdc-howto.local 'samba-pdc-howto.html'> @@ -440,42 +449,43 @@ an Active Directory environment. <!ENTITY MAN-WINBINDD SYSTEM "manpages/winbindd.8.sgml"> -<!ENTITY UNIX-INSTALL SYSTEM "projdoc/UNIX_INSTALL.sgml"> -<!ENTITY ENCRYPTION SYSTEM "projdoc/ENCRYPTION.sgml"> -<!ENTITY MS-Dfs-Setup SYSTEM "projdoc/msdfs_setup.sgml"> -<!ENTITY PRINTER-DRIVER2 SYSTEM "projdoc/printer_driver2.sgml"> -<!ENTITY DOMAIN-MEMBER SYSTEM "projdoc/DOMAIN_MEMBER.sgml"> -<!ENTITY WINBIND SYSTEM "projdoc/winbind.sgml"> -<!ENTITY NT-Security SYSTEM "projdoc/NT_Security.sgml"> -<!ENTITY Samba-PDC-HOWTO SYSTEM "projdoc/Samba-PDC-HOWTO.sgml"> -<!ENTITY Samba-BDC-HOWTO SYSTEM "projdoc/Samba-BDC-HOWTO.sgml"> -<!ENTITY CVS-Access SYSTEM "projdoc/CVS-Access.sgml"> -<!ENTITY IntegratingWithWindows SYSTEM "projdoc/Integrating-with-Windows.sgml"> -<!ENTITY Samba-PAM SYSTEM "projdoc/PAM-Authentication-And-Samba.sgml"> -<!ENTITY Samba-LDAP SYSTEM "projdoc/Samba-LDAP-HOWTO.sgml"> -<!ENTITY Diagnosis SYSTEM "projdoc/Diagnosis.sgml"> -<!ENTITY BUGS SYSTEM "projdoc/Bugs.sgml"> -<!ENTITY SECURITY-LEVEL SYSTEM "projdoc/security_level.sgml"> -<!ENTITY SPEED SYSTEM "projdoc/Speed.sgml"> +<!ENTITY ADS-HOWTO SYSTEM "projdoc/ADS-HOWTO.sgml"> +<!ENTITY AdvancedNetworkAdmin SYSTEM "projdoc/AdvancedNetworkAdmin.sgml"> <!ENTITY BROWSING SYSTEM "projdoc/Browsing.sgml"> <!ENTITY BROWSING-Quick SYSTEM "projdoc/Browsing-Quickguide.sgml"> +<!ENTITY BUGS SYSTEM "projdoc/Bugs.sgml"> +<!ENTITY CUPS SYSTEM "projdoc/CUPS-printing.sgml"> +<!ENTITY CVS-Access SYSTEM "projdoc/CVS-Access.sgml"> +<!ENTITY Compiling SYSTEM "projdoc/Compiling.sgml"> +<!ENTITY DOMAIN-MEMBER SYSTEM "projdoc/DOMAIN_MEMBER.sgml"> +<!ENTITY Diagnosis SYSTEM "projdoc/Diagnosis.sgml"> +<!ENTITY ENCRYPTION SYSTEM "projdoc/ENCRYPTION.sgml"> <!ENTITY GROUP-MAPPING-HOWTO SYSTEM "projdoc/GROUP-MAPPING-HOWTO.sgml"> -<!ENTITY Portability SYSTEM "projdoc/Portability.sgml"> +<!ENTITY IntegratingWithWindows SYSTEM "projdoc/Integrating-with-Windows.sgml"> +<!ENTITY IntroSMB SYSTEM "projdoc/IntroSMB.sgml"> +<!ENTITY MS-Dfs-Setup SYSTEM "projdoc/msdfs_setup.sgml"> +<!ENTITY NT-Security SYSTEM "projdoc/NT_Security.sgml"> +<!ENTITY NT4Migration SYSTEM "projdoc/NT4Migration.sgml"> <!ENTITY Other-Clients SYSTEM "projdoc/Other-Clients.sgml"> -<!ENTITY ADS-HOWTO SYSTEM "projdoc/ADS-HOWTO.sgml"> -<!ENTITY pdb-mysql SYSTEM "projdoc/pdb_mysql.sgml"> -<!ENTITY pdb.sgml SYSTEM "projdoc/pdb.sgml.sgml"> -<!ENTITY VFS SYSTEM "projdoc/VFS.sgml"> +<!ENTITY PRINTER-DRIVER2 SYSTEM "projdoc/printer_driver2.sgml"> <!ENTITY Passdb SYSTEM "projdoc/passdb.sgml"> -<!ENTITY ServerType SYSTEM "projdoc/ServerType.sgml"> -<!ENTITY SecuringSamba SYSTEM "projdoc/securing-samba.sgml"> -<!ENTITY Compiling SYSTEM "projdoc/Compiling.sgml"> -<!ENTITY unicode SYSTEM "projdoc/unicode.sgml"> -<!ENTITY CUPS SYSTEM "projdoc/CUPS-printing.sgml"> -<!ENTITY AdvancedNetworkAdmin SYSTEM "projdoc/AdvancedNetworkAdmin.sgml"> <!ENTITY PolicyMgmt SYSTEM "projdoc/PolicyMgmt.sgml"> +<!ENTITY Portability SYSTEM "projdoc/Portability.sgml"> <!ENTITY ProfileMgmt SYSTEM "projdoc/ProfileMgmt.sgml"> -<!ENTITY NT4Migration SYSTEM "projdoc/NT4Migration.sgml"> +<!ENTITY SECURITY-LEVEL SYSTEM "projdoc/security_level.sgml"> +<!ENTITY SPEED SYSTEM "projdoc/Speed.sgml"> <!ENTITY SWAT SYSTEM "projdoc/SWAT.sgml"> +<!ENTITY Samba-BDC-HOWTO SYSTEM "projdoc/Samba-BDC-HOWTO.sgml"> +<!ENTITY Samba-LDAP SYSTEM "projdoc/Samba-LDAP-HOWTO.sgml"> +<!ENTITY Samba-PAM SYSTEM "projdoc/PAM-Authentication-And-Samba.sgml"> +<!ENTITY Samba-PDC-HOWTO SYSTEM "projdoc/Samba-PDC-HOWTO.sgml"> +<!ENTITY SecuringSamba SYSTEM "projdoc/securing-samba.sgml"> +<!ENTITY ServerType SYSTEM "projdoc/ServerType.sgml"> <!ENTITY Trusts SYSTEM "projdoc/InterdomainTrusts.sgml"> +<!ENTITY UNIX-INSTALL SYSTEM "projdoc/UNIX_INSTALL.sgml"> +<!ENTITY VFS SYSTEM "projdoc/VFS.sgml"> +<!ENTITY WINBIND SYSTEM "projdoc/winbind.sgml"> +<!ENTITY pdb-mysql SYSTEM "projdoc/pdb_mysql.sgml"> +<!ENTITY pdb.sgml SYSTEM "projdoc/pdb.sgml.sgml"> <!ENTITY problems SYSTEM "projdoc/Problems.sgml"> +<!ENTITY unicode SYSTEM "projdoc/unicode.sgml"> diff --git a/docs/docbook/projdoc/Compiling.sgml b/docs/docbook/projdoc/Compiling.sgml index b8471508f6..15b5acc594 100644 --- a/docs/docbook/projdoc/Compiling.sgml +++ b/docs/docbook/projdoc/Compiling.sgml @@ -13,8 +13,10 @@ <title>How to compile SAMBA</title> -<para>You can obtain the samba source from the <ulink url="http://samba.org/">samba website</ulink>. To obtain a development version, -you can download samba from CVS or using rsync. </para> +<para> +You can obtain the samba source from the <ulink url="http://samba.org/">samba website</ulink>. To obtain a development version, +you can download samba from CVS or using rsync. +</para> <sect1> <title>Access Samba source code via CVS</title> @@ -178,6 +180,57 @@ on this system just substitute the correct package name </sect1> <sect1> +<title>Verifying Samba's PGP signature</title> + +<para> +In these days of insecurity, it's strongly recommended that you verify the PGP signature for any +source file before installing it. According to Jerry Carter of the Samba Team, only about 22% of +all Samba downloads have had a corresponding PGP signature download (a very low percentage, which +should be considered a bad thing). Even if you're not downloading from a mirror site, verifying PGP +signatures should be a standard reflex. +</para> + + +<para> +With that said, go ahead and download the following files: +</para> + +<para><programlisting> + $ wget http://us1.samba.org/samba/ftp/samba-2.2.8a.tar.asc + $ wget http://us1.samba.org/samba/ftp/samba-pubkey.asc +</programlisting></para> + +<para> +The first file is the PGP signature for the Samba source file; the other is the Samba public +PGP key itself. Import the public PGP key with: +</para> + +<programlisting> + $ gpg --import samba-pubkey.asc +</programlisting> + +<para> +And verify the Samba source code integrity with: +</para> + +<programlisting> + $ gzip -d samba-2.2.8a.tar.gz + $ gpg --verify samba-2.2.8a.tar.asc +</programlisting> + +<para> +If you receive a message like, "Good signature from Samba Distribution Verification Key..." +then all is well. The warnings about trust relationships can be ignored. An example of what +you would not want to see would be: +</para> + +<programlisting> + gpg: BAD signature from "Samba Distribution Verification Key" +</programlisting> + +</sect1> + +<sect1> <title>Building the Binaries</title> <para>To do this, first run the program <userinput>./configure diff --git a/docs/docbook/projdoc/IntroSMB.sgml b/docs/docbook/projdoc/IntroSMB.sgml new file mode 100644 index 0000000000..e81155a36f --- /dev/null +++ b/docs/docbook/projdoc/IntroSMB.sgml @@ -0,0 +1,175 @@ +<chapter id="IntroSMB"> +<chapterinfo> + &author.dlechnyr; + <pubdate>April 13, 2003</pubdate> +</chapterinfo> + +<title>Introduction to Samba</title> + +<para> +Samba provides MS Windows file and print services over TCP/IP and provides compatible support for +all SMB/CIFS enabled clients. Samba can be used to provide seemless interoperability between unix +/ Linux systems and MS Windows clients and servers. A global team of about 30 active programmers +is responsible for the development of Samba, a marvelous tool that was originally developed by +Andrew Tridgell. That team of developers is known as the Samba-Team. +</para> + +<sect1> +<title>Background</title> + +<para> +Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed Computing +Environment/Remote Procedure Calls and conceptually was a good idea. It was originally developed +by Apollo/HP as NCA 1.0 (Network Computing Architecture) and only ran over UDP. When there was +a need to run it over TCP so that it would be compatible with DECnet 3.0, it was redesigned, +submitted to The Open Group, and officially became known as DCE/RPC. Microsoft came along and +decided, rather than pay $20 per seat to license this technology, to reimplement DCE/RPC +themselves as MSRPC. From this, the concept continued in the form of SMB (Server Message Block, +or the "what") using the NetBIOS (Network Basic Input/Output System, or the "how") compatibility +layer. You can run SMB (i.e., transport) over several different protocols; many different +implementations arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and +NBT (NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form of +implementation until the advance of "Direct-Hosted TCP" -- the Microsoft marketing term for +eliminating NetBIOS entirely and running SMB by itself across TCP port 445 only. As of yet, +direct-hosted TCP has yet to catch on. And so the story goes. +</para> + +<para> +Perhaps the best summary of the origins of SMB are voiced in the 1997 article titled, CIFS: +Common Insecurities Fail Scrutiny: +</para> + +<para><emphasis> +Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba +stuff, a few MS knowledge-base articles, strings extracted from binaries, and packet dumps have +been dutifully waded through during the information-gathering stages of this project, and there +are *still* many missing pieces... While often tedious, at least the way has been generously +littered with occurrences of clapping hand to forehead and muttering 'crikey, what are they +thinking? +</emphasis></para> + +<sect2> +<title>Terminology</title> + +<itemizedlist> + + <listitem><para> + SMB: Acronym for "Server Message Block". This is a Microsoft's file and printer + sharing protocol. + </para></listitem> + + <listitem><para> + CIFS: Acronym for the "Common Internet File System". Around 1996, Microsoft apparently + decided that SMB needed the word "Internet" in it, so they changed it to CIFS. + </para></listitem> + + <listitem><para> + Direct-Hosted: A method of providing file/printer sharing services over port 445/tcp + only, using DNS for name resolution instead of WINS. + </para></listitem> + + <listitem><para> + IPC: Acronym for "Inter-process Communication". A method to communicate specific + information between programs. + </para></listitem> + + <listitem><para> + Marshalling: - A method of serializing (i.e., sequential ordering of) variable data + suitable for transmission via a network connection or storing in a file. The source + data can be re-created using a similar process called unmarshalling. + </para></listitem> + + <listitem><para> + NetBIOS: Acronym for "Network Basic Input/Output System". This is not a protocol; + it is a method of communication across an existing protocol. This is a standard which + was originally developed for IBM by Sytek in 1983. To exaggerate the analogy a bit, + it can help to think of this in comparison your computer's BIOS -- it controlls the + essential functions of your input/output hardware -- whereas NetBIOS controlls the + essential functions of your input/output traffic via the network. Again, this is a bit + of an exaggeration but it should help that paradigm shift. What is important to realize + is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically + brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second + thought; this will cause no end (and no doubt) of confusion. + </para></listitem> + + <listitem><para> + NetBEUI: Acronym for the "NetBIOS Extended User Interface". Unlike NetBIOS, NetBEUI + is a protocol, not a standard. It is also not routable, so traffic on one side of a + router will be unable to communicate with the other side. Understanding NetBEUI is + not essential to deciphering SMB; however it helps to point out that it is not the + same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally + referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver". + It is not often heard from these days. + </para></listitem> + + <listitem><para> + NBT: Acronym for "NetBIOS over TCP"; also known as "NetBT". Allows the continued use + of NetBIOS traffic proxied over TCP/IP. As a result, NetBIOS names are made equivilant + to IP addresses and NetBIOS name types are conceptually equivilant to TCP/IP ports. + This is how file and printer sharing are accomplished in Windows 95/98/ME. They + traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port 137, + NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service + (nbsession) via TCP port 139. All name resolution is done via WINS, NetBIOS broadcasts, + and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002 + (Detailed specifications). + </para></listitem> + + <listitem><para> + W2K: Acronym for Windows 2000 Professional or Server + </para></listitem> + + <listitem><para> + W3K: Acronym for Windows 2003 Server + </para></listitem> + +</itemizedlist> + +</sect2> + +<sect2> +<title>Related Projects> + +<para> +Currently, there are two projects that are directly related to Samba: SMBFS and CIFS network +client file systems for Linux, both available in the Linux kernel itself. +</para> + +<itemizedlist> + + <listitem><para> + SMBFS (Server Message Block File System) allows you to mount SMB shares (the protocol + Windows 95/98/ME, Windows NT/2000/XP and OS/2 Lan Manager use to share files and printers + over local networks) and access them just like any other Unix directory. This is useful + if you just want to mount such filesystems without being a SMBFS server. + </para></listitem> + + <listitem><para> + CIFS (Common Internet File System) is the successor to SMB, and is actively being worked + on in the upcoming version of the Linux kernel (2.5/2.6). The intent of this module is to + provide advanced network file system functionality including support for dfs (heirarchical + name space), secure per-user session establishment, safe distributed caching (oplock), + optional packet signing, Unicode and other internationalization improvements, and optional + Winbind (nsswitch) integration. If you enable CONFIG_CIFS in the Linux kernel, be aware + that it is currently in an early development stage and may not be as stable as the existing + CONFIG_SMB_FS option. + </para></listitem> + +</itemizedlist> + +<para> +Again, it's important to note that these are implementations for client filesystems, and have +nothing to do with acting as a file and print server for SMB/CIFS clients. +</para> + +</sect2> + +<sect2> +<title>Miscellaneous</title> + +<para> +This chapter is Copyright © 2003 David Lechnyr. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation. A copy of the license is available at http://www.gnu.org/licenses/fdl.txt. +</para> + +</sect2> +</sect1> +</chapter> |