diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/Samba3-ByExample/SBE-500UserNetwork.xml | 2 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-AddingUNIXClients.xml | 2 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-Appendix1.xml | 2 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-Appendix2.xml | 16 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-HighAvailability.xml | 2 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-MakingHappyUsers.xml | 4 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-SecureOfficeServer.xml | 12 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml | 8 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-TheSmallOffice.xml | 7 | ||||
-rw-r--r-- | docs/Samba3-ByExample/SBE-glossary.xml | 12 | ||||
-rw-r--r-- | docs/Samba3-ByExample/conventions.xml | 13 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml | 322 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/conventions.xml | 13 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/index.xml | 2 |
14 files changed, 377 insertions, 40 deletions
diff --git a/docs/Samba3-ByExample/SBE-500UserNetwork.xml b/docs/Samba3-ByExample/SBE-500UserNetwork.xml index 77cfa92a01..9756e33334 100644 --- a/docs/Samba3-ByExample/SBE-500UserNetwork.xml +++ b/docs/Samba3-ByExample/SBE-500UserNetwork.xml @@ -1976,7 +1976,7 @@ net groupmap add ntgroup="Insurance Group" unixgroup=piops type=d <para> Oh, I did not think you would notice that. It is there so that it can be used. This is more fully discussed - in <emphasis>TOSHARG</emphasis>, which has a full chapter dedicated to the subject. While we are on the + in <emphasis>TOSHARG2</emphasis>, which has a full chapter dedicated to the subject. While we are on the subject, it should be noted that you should definitely not use SWAT on any system that makes use of &smb.conf; <parameter>include</parameter> files because SWAT optimizes them out into an aggregated file but leaves in place a broken reference to the top-layer include file. SWAT was not designed to diff --git a/docs/Samba3-ByExample/SBE-AddingUNIXClients.xml b/docs/Samba3-ByExample/SBE-AddingUNIXClients.xml index 7415da34b9..15a228ae5b 100644 --- a/docs/Samba3-ByExample/SBE-AddingUNIXClients.xml +++ b/docs/Samba3-ByExample/SBE-AddingUNIXClients.xml @@ -1855,7 +1855,7 @@ administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash In the case of an NT4 or Samba-3-style domain the <parameter>realm</parameter> is not used, and the command used to join the domain is <command>net rpc join</command>. The above example also demonstrates advanced error reporting techniques that are documented in the chapter called "Reporting Bugs" in - <quote>The Official Samba-3 HOWTO and Reference Guide</quote> (TOSHARG). + <quote>The Official Samba-3 HOWTO and Reference Guide, Second Edition</quote> (TOSHARG2). </para> <para> diff --git a/docs/Samba3-ByExample/SBE-Appendix1.xml b/docs/Samba3-ByExample/SBE-Appendix1.xml index da42a4e054..fe321f8929 100644 --- a/docs/Samba3-ByExample/SBE-Appendix1.xml +++ b/docs/Samba3-ByExample/SBE-Appendix1.xml @@ -1605,7 +1605,7 @@ REGEDIT4 </para> <para> - Comprehensive coverage of file and record-locking controls is provided in TOSHARG, Chapter 13. + Comprehensive coverage of file and record-locking controls is provided in TOSHARG2, Chapter 13. The information in that chapter was obtained from a wide variety of sources. </para> diff --git a/docs/Samba3-ByExample/SBE-Appendix2.xml b/docs/Samba3-ByExample/SBE-Appendix2.xml index 0a73100d3a..395c843916 100644 --- a/docs/Samba3-ByExample/SBE-Appendix2.xml +++ b/docs/Samba3-ByExample/SBE-Appendix2.xml @@ -118,9 +118,9 @@ </para> <para> - Recommended preparatory reading: <emphasis>The Official Samba-3 HOWTO and Reference Guide</emphasis> (TOSHARG) - Chapter 9, <quote>Network Browsing,</quote> and Chapter 3, <quote>Server Types and - Security Modes.</quote> + Recommended preparatory reading: <emphasis>The Official Samba-3 HOWTO and Reference Guide, Second + Edition</emphasis> (TOSHARG2) Chapter 9, <quote>Network Browsing,</quote> and Chapter 3, + <quote>Server Types and Security Modes.</quote> </para> <sect2> @@ -686,7 +686,7 @@ <para> <indexterm><primary>IPC$</primary></indexterm> - The <constant>IPC$</constant> share serves a vital purpose<footnote><para>TOSHARG, Sect 4.5.1</para></footnote> + The <constant>IPC$</constant> share serves a vital purpose<footnote><para>TOSHARG2, Sect 4.5.1</para></footnote> in SMB/CIFS-based networking. A Windows client connects to this resource to obtain the list of resources that are available on the server. The server responds with the shares and print queues that are available. In most but not all cases, the connection is made with a <constant>NULL</constant> @@ -947,7 +947,7 @@ database and thus must be stored elsewhere on the UNIX system in a manner that Samba can use. Samba-2.x permitted such encrypted passwords to be stored in the <constant>smbpasswd</constant> file or in an LDAP database. Samba-3 permits use of multiple <parameter>passdb backend</parameter> - databases in concurrent deployment. Refer to <emphasis>TOSHARG</emphasis>, Chapter 10, <quote>Account Information Databases.</quote> + databases in concurrent deployment. Refer to <emphasis>TOSHARG2</emphasis>, Chapter 10, <quote>Account Information Databases.</quote> </para></listitem> </itemizedlist> @@ -1010,7 +1010,7 @@ <indexterm><primary>DMB</primary></indexterm> This is a broadcast announcement by which the Windows machine is attempting to locate a Domain Master Browser (DMB) in the event that it might exist on the network. - Refer to <emphasis>TOSHARG,</emphasis> Chapter 9, Section 9.7, <quote>Technical Overview of Browsing,</quote> + Refer to <emphasis>TOSHARG2,</emphasis> Chapter 9, Section 9.7, <quote>Technical Overview of Browsing,</quote> for details regarding the function of the DMB and its role in network browsing. </para> @@ -1151,10 +1151,10 @@ <para> <indexterm><primary>WINS</primary></indexterm> <indexterm><primary>NetBIOS</primary></indexterm> - Yes, there are two ways to do this. The first involves use of WINS (See <emphasis>TOSHARG</emphasis>, Chapter 9, + Yes, there are two ways to do this. The first involves use of WINS (See <emphasis>TOSHARG2</emphasis>, Chapter 9, Section 9.5, <quote>WINS &smbmdash; The Windows Inter-networking Name Server</quote>); the alternate method involves disabling the use of NetBIOS over TCP/IP. This second method requires - a correctly configured DNS server (see <emphasis>TOSHARG</emphasis>, Chapter 9, Section 9.3, <quote>Discussion</quote>). + a correctly configured DNS server (see <emphasis>TOSHARG2</emphasis>, Chapter 9, Section 9.3, <quote>Discussion</quote>). </para> <para> diff --git a/docs/Samba3-ByExample/SBE-HighAvailability.xml b/docs/Samba3-ByExample/SBE-HighAvailability.xml index db94af4d2f..4ad4c79851 100644 --- a/docs/Samba3-ByExample/SBE-HighAvailability.xml +++ b/docs/Samba3-ByExample/SBE-HighAvailability.xml @@ -531,7 +531,7 @@ cannot be set in the smb.conf file. nmbd will abort with this setting. <indexterm><primary>distributed</primary></indexterm> Microsoft DFS (distributed file system) technology has been implemented in Samba. MSDFS permits data to be accessed from a single share and yet to actually be distributed across multiple actual - servers. Refer to <emphasis>TOSHARG</emphasis>, Chapter 19, for information regarding + servers. Refer to <emphasis>TOSHARG2</emphasis>, Chapter 19, for information regarding implementation of an MSDFS installation. </para> diff --git a/docs/Samba3-ByExample/SBE-MakingHappyUsers.xml b/docs/Samba3-ByExample/SBE-MakingHappyUsers.xml index e489592ece..bfefce4d60 100644 --- a/docs/Samba3-ByExample/SBE-MakingHappyUsers.xml +++ b/docs/Samba3-ByExample/SBE-MakingHappyUsers.xml @@ -3492,7 +3492,7 @@ structuralObjectClass: organizationalUnit </para> <para> - You should research the options for logon script implementation by referring to <emphasis>TOSHARG</emphasis>, Chapter 24, + You should research the options for logon script implementation by referring to <emphasis>TOSHARG2</emphasis>, Chapter 24, Section 24.4. A quick Web search will bring up a host of options. One of the most popular logon facilities in use today is called <ulink url="http://www.kixtart.org">KiXtart</ulink>. </para> @@ -4248,7 +4248,7 @@ HKEY_LOCAL_MACHINE\Default\Software\Microsoft\Windows\ <para> There are people in the Linux and open source community who feel that SWAT is dangerous and insecure. Many will not touch it with a barge-pole. By not introducing SWAT, I - hope to have brought their interests on board. SWAT is well covered is <emphasis>TOSHARG</emphasis>. + hope to have brought their interests on board. SWAT is well covered is <emphasis>TOSHARG2</emphasis>. </para> </answer> diff --git a/docs/Samba3-ByExample/SBE-SecureOfficeServer.xml b/docs/Samba3-ByExample/SBE-SecureOfficeServer.xml index 5459be6807..2b29b42d2f 100644 --- a/docs/Samba3-ByExample/SBE-SecureOfficeServer.xml +++ b/docs/Samba3-ByExample/SBE-SecureOfficeServer.xml @@ -520,9 +520,9 @@ Given 500 Users and 2 years: <listitem><para> <indexterm><primary>User Mode</primary></indexterm> The &smb.conf; file specifies that the Samba server will operate in (default) <parameter> - security = user</parameter> mode<footnote><para>See <emphasis>TOSHARG</emphasis>, Chapter 3. + security = user</parameter> mode<footnote><para>See <emphasis>TOSHARG2</emphasis>, Chapter 3. This is necessary so that Samba can act as a Domain Controller (PDC); see - <emphasis>TOSHARG</emphasis>, Chapter 4, for additional information.</para></footnote> + <emphasis>TOSHARG2</emphasis>, Chapter 4, for additional information.</para></footnote> (User Mode). </para></listitem> @@ -1908,7 +1908,7 @@ $rootprompt; ps ax | grep winbind 14295 ? S 0:00 /usr/sbin/winbindd -B </screen> The <command>winbindd</command> daemon is running in split mode (normal), so there are also - two instances<footnote><para>For more information regarding winbindd, see <emphasis>TOSHARG</emphasis>, + two instances<footnote><para>For more information regarding winbindd, see <emphasis>TOSHARG2</emphasis>, Chapter 23, Section 23.3. The single instance of <command>smbd</command> is normal. One additional <command>smbd</command> slave process is spawned for each SMB/CIFS client connection.</para></footnote> of it. @@ -2452,7 +2452,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds </para> <para> - The guideline provided in <emphasis>TOSHARG</emphasis>, Chapter 10, Section 10.1.2, + The guideline provided in <emphasis>TOSHARG2</emphasis>, Chapter 10, Section 10.1.2, is to limit the number of accounts in the tdbsam backend to 250. This is the point at which most networks tend to want backup domain controllers (BDCs). Samba-3 does not provide a mechanism for replicating tdbsam data so it can be used by a BDC. The @@ -2630,7 +2630,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds expression that may be up to 1024 characters in length and that represents an IP address. A NetBIOS name is always 16 characters long. The 16<superscript>th</superscript> character is a name type indicator. A specific name type is registered<footnote><para> - See <emphasis>TOSHARG</emphasis>, Chapter 9, for more information.</para></footnote> for each + See <emphasis>TOSHARG2</emphasis>, Chapter 9, for more information.</para></footnote> for each type of service that is provided by the Windows server or client and that may be registered where a WINS server is in use. </para> @@ -2651,7 +2651,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds <para> Windows 200x Active Directory requires the registration in the DNS zone for the domain it - controls of service locator<footnote><para>See TOSHARG, Chapter 9, Section 9.3.3.</para></footnote> records + controls of service locator<footnote><para>See TOSHARG2, Chapter 9, Section 9.3.3.</para></footnote> records that Windows clients and servers will use to locate Kerberos and LDAP services. ADS also requires the registration of special records that are called global catalog (GC) entries and site entries by which domain controllers and other essential ADS servers may be located. diff --git a/docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml b/docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml index 9996a7de13..d3acd9d1da 100644 --- a/docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml +++ b/docs/Samba3-ByExample/SBE-SimpleOfficeServer.xml @@ -18,8 +18,8 @@ This chapter lays the groundwork for understanding the basics of Samba operation. Instead of a bland technical discussion, each principle is demonstrated by way of a real-world scenario for which a working solution<footnote><para>The examples given mirror those documented - in The Official Samba-3 HOWTO and Reference Guide (TOSHARG) Chapter 2, Section 2.3.1. You may gain additional - insight from the standalone server configurations covered in TOSHARG, sections 2.3.1.2 through 2.3.1.4. + in The Official Samba-3 HOWTO and Reference Guide, Second Edition (TOSHARG2) Chapter 2, Section 2.3.1. You may gain additional + insight from the standalone server configurations covered in TOSHARG2, sections 2.3.1.2 through 2.3.1.4. </para></footnote> is fully described. </para> @@ -548,7 +548,7 @@ Password changed /data/officefiles/invitations /data/officefiles/misc </programlisting> - <indexterm><primary>TOSHARG</primary></indexterm> + <indexterm><primary>TOSHARG2</primary></indexterm> The <command>chown</command> operation sets the owner to the user <constant>abmas</constant> and the group to <constant>office</constant> on all directories just created. It recursively sets the permissions so that the owner and group have SUID/SGID with read, write, and execute @@ -556,7 +556,7 @@ Password changed directories are created with the same owner and group as the directory in which they are created. Any new directories created still have the same owner, group, and permissions as the directory they are in. This should eliminate all permissions-based file access problems. For - more information on this subject, refer to TOSHARG<footnote>The Official Samba-3 HOWTO and + more information on this subject, refer to TOSHARG2<footnote>The Official Samba-3 HOWTO and Reference Guide, Chapter 15, File, Directory and Share Access Controls.</footnote> or refer to the UNIX man page for the <command>chmod</command> and the <command>chown</command> commands. </para></step> diff --git a/docs/Samba3-ByExample/SBE-TheSmallOffice.xml b/docs/Samba3-ByExample/SBE-TheSmallOffice.xml index a599f6fe30..59c5963794 100644 --- a/docs/Samba3-ByExample/SBE-TheSmallOffice.xml +++ b/docs/Samba3-ByExample/SBE-TheSmallOffice.xml @@ -224,7 +224,7 @@ of this package may have been patched to resolve this bug. If your operating platform has this bug, it means that attempts to add a Windows Domain Group that has either a space or uppercase characters in it will fail. See - <emphasis>TOSHARG</emphasis>, Chapter 11, Section 11.3.1, Example 11.1, for + <emphasis>TOSHARG2</emphasis>, Chapter 11, Section 11.3.1, Example 11.1, for more information. </para> @@ -772,8 +772,9 @@ $rootprompt; ps ax | grep winbind 14295 ? S 0:00 /usr/sbin/winbindd -B </screen> The <command>winbindd</command> daemon is running in split mode (normal), so there are also - two instances of it. For more information regarding <command>winbindd</command>, see <emphasis>TOSHARG</emphasis>, - Chapter 23, Section 23.3. The single instance of <command>smbd</command> is normal. + two instances of it. For more information regarding <command>winbindd</command>, see + <emphasis>TOSHARG2</emphasis>, Chapter 23, Section 23.3. The single instance of + <command>smbd</command> is normal. </para></step> <step><para> diff --git a/docs/Samba3-ByExample/SBE-glossary.xml b/docs/Samba3-ByExample/SBE-glossary.xml index 1066d253c7..bb63b0426d 100644 --- a/docs/Samba3-ByExample/SBE-glossary.xml +++ b/docs/Samba3-ByExample/SBE-glossary.xml @@ -227,13 +227,13 @@ </glossentry> <glossentry> - <glossterm>The Official Samba-3 HOWTO and Reference Guide</glossterm> - <acronym>TOSHARG</acronym> + <glossterm>The Official Samba-3 HOWTO and Reference Guide, Second Edition</glossterm> + <acronym>TOSHARG2</acronym> <glossdef><para> - This book makes repeated reference to <quote>The Official Samba-3 HOWTO and Reference Guide</quote> - by John H. Terpstra and Jelmer R. Vernooij. This publication is available from - Amazon.com. Publisher: Prentice Hall PTR (October 2003), - ISBN: 0131453556. + This book makes repeated reference to <quote>The Official Samba-3 HOWTO and Reference Guide, Second + Edition</quote> by John H. Terpstra and Jelmer R. Vernooij. This publication is available from + Amazon.com. Publisher: Prentice Hall PTR (August 2005), + ISBN: 013122282. </para></glossdef> </glossentry> diff --git a/docs/Samba3-ByExample/conventions.xml b/docs/Samba3-ByExample/conventions.xml index 069f8abbe0..1b3848405c 100644 --- a/docs/Samba3-ByExample/conventions.xml +++ b/docs/Samba3-ByExample/conventions.xml @@ -11,9 +11,16 @@ <itemizedlist> <listitem> <para> - TOSHARG is used as an abbreviation for the book, <emphasis>The Official Samba-3 - HOWTO and Reference Guide,</emphasis> Editors: John H. Terpstra and Jelmer R. Vernooij, - Publisher: Prentice Hall PTR, www.phptr.com/perens. + TOSHARG2 is used as an abbreviation for the book, <quote>The Official Samba-3 + HOWTO and Reference Guide, Second Edition</quote> Editors: John H. Terpstra and Jelmer R. Vernooij, + Publisher: Prentice Hall, ISBN: 0131882228. + </para> + </listitem> + + <listitem> + <para> + S3bE2 is used as an abbreviation for the book, <quote>Samba-3 by Example, Second Edition</quote> + Editors: John H. Terpstra, Publisher: Prentice Hall, ISBN: 013188221X. </para> </listitem> diff --git a/docs/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml b/docs/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml new file mode 100644 index 0000000000..7c9cfcbc04 --- /dev/null +++ b/docs/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml @@ -0,0 +1,322 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<chapter id="cfgsmarts"> +<chapterinfo> + &author.jht; + <pubdate>June 30, 2005</pubdate> +</chapterinfo> +<title>Advanced Configuration Techniques</title> + +<para> +Since the release of the first edition of this book there have been repeated requests to better document +configuration techniques that may help a network administrator to get more out of Samba. Some users have asked +for documentation regarding the use of the <smbconfoption name="include">file-name</smbconfoption> parameter. +</para> + +<para> +Commencing around mid-2004 there has been increasing interest in the ability to host multiple Samba servers on +one machine. There has also been an interest in the hosting of multiple Samba server personalities on one +server. +</para> + +<para> +Feedback from technical reviewers made the inclusion of this chapter a necessity. So finally, here is an attempt +to answer the questions that have to date not been adequately addressed. Additional user input is welcome as +it will help this chapter to mature. What is presented here is just a small beginning. +</para> + +<para> +There are a number of ways in which multiple servers can be hosted on a single Samba server. Multiple server +hosting makes it possible to host multiple domain controllers on one machine. Each such machine is +independent, and each can be stopped or started without affecting another. +</para> + +<para> +Sometimes it is desirable to host multiple servers, each with its own security mode. For example, a single +UNIX/Linux host may be a domain member server (DMS) as well as a generic anonymous print server. In this case, +only domain member machines and domain users can access the DMS, but even guest users can access the generic +print server. Another example of a situation where it may be beneficial to host a generic (anonymous) server +is to host a CDROM server. +</para> + +<para> +Some environments dictate the need to have separate servers, each with their own resources, each of which are +accessible only by certain users or groups. This is one of the simple, but highly effective, capabilities +</para> + +<sect1> +<title>Implementation</title> + +<para> +</para> + +<sect2> +<title>Multiple Server Hosting</title> + +<para> +The use of multiple server hosting involves running multiple separate instances of Samba, each with it's own +configuration file. This method is complicated by the fact that each instance of &nmbd;, &smbd; and &winbindd; +must have write access to entirely separate TDB files. The ability to keep separate the TDB files used by +&nmbd;, &smbd; and &winbindd; can be enabled either by recompiling Samba for each server hosted so each has its +own default TDB directories, or by configuring these in the &smb.conf; file, in which case each instance of +&nmbd;, &smbd; and &winbindd; must be told to start up with its own &smb.conf; configuration file. +</para> + +<para> +Each instance should operate on its own IP address (that independent IP address can be an IP Alias). +Each instance of &nmbd;, &smbd; and &winbindd; should listen only on its own IP socket. This can be secured +using the <smbconfoption name="socket address"/> parameter. Each instance of the Samba server will have its +own SID also, this means that the servers are discrete and independent of each other. +</para> + +<para> +The user of multiple server hosting is non-trivial, and requires careful configuration of each aspect of +process management and start up. The &smb.conf; parameters that must be carefully configured includes: +<smbconfoption name="private dir"/>, <smbconfoption name="pid directory"/>,<smbconfoption name="lock +directory"/>, <smbconfoption name="interfaces"/>, <smbconfoption name="bind interfaces only"/>, <smbconfoption +name="netbios name"/>, <smbconfoption name="workgroup"/>, <smbconfoption name="socket address"/>. +</para> + +<para> +Those who elect to use this method of creating multiple Samba servers must have the ability to read and follow +the Samba source code, and to modify it as needed. This mode of deployment is considered beyond the scope of +this book. However, if someone will contribute more comprehensive documentation we will gladly review it, and +if it is suitable extend this section of this chapter. Until such documentation becomes available the hosting +of multiple samba servers on a single host is considered not supported for Samba-3 by the Samba Team. +</para> + +</sect2> + +<sect2> +<title>Multiple Virtual Server Personalities</title> + +<para> +Samba has the ability to host multiple virtual servers, each of which have their own personality. This is +achieved by configuring an &smb.conf; file that is common to all personalities hosted. Each server +personality is hosted using its own <smbconfoption name="netbios alias"/> name, and each has its own distinct +<smbconfoption name="[global]"/> section. Each server may have its own stanzas for services and meta-services. +</para> + +<para> +When hosting multiple virtual servers, each with their own personality, each can be in a different workgroup. +Only the primary server can be a domain member or a domain controller. The personality is defined by the +combination of the <smbconfoption name="security"/> mode it is operating in, the <smbconfoption name="netbios +alias"/> it has, and the <smbconfoption name="workgroup"/> that is defined for it. +</para> + +<para> +This configuration style can be used either with NetBIOS names, or using NetBIOS-less SMB over TCP services. +If run using NetBIOS mode (the most common method) it is important that the parameter <smbconfoption name="smb +ports">139</smbconfoption> should be specified in the primary &smb.conf; file. Failure to do this will result +in Samba operating over TCP port 445 and problematic operation at best, and at worst only being able to obtain +the functionality that is specified in the primary &smb.conf; file. The use of NetBIOS over TCP/IP using only +TCP port 139 means that the use of the <literal>%L</literal> macro is fully enabled. If the <smbconfoption +name="smb ports">139</smbconfoption> is not specified (the default is <parameter>445 139</parameter>, or if +the value of this parameter is set at <parameter>139 445</parameter> then the <literal>%L</literal> parameter +is not serviceable. +</para> + +<para> +It is possible to host multiple servers, each with their own personality, using port 445 (the NetBIOS-less SMB +port), in which case the <literal>%i</literal> parameter can be used to provide separate server identities (by +IP Address). Each can have its own <smbconfoption name="security"/> mode. It will be necessary to use the +<smbconfoption name="interfaces"/>, <smbconfoption name="bind interfaces only"/> and IP aliases in addition to +the <smbconfoption name="netbios name"/> parameters to create the virtual servers. This method is considerably +more complex than that using NetBIOS names only using TCP port 139. +</para> + +<para> +Consider an example environment that consists of a standalone, user-mode security Samba server and a read-only +Windows 95 file server that has to be replaced. Instead of replacing the Windows 95 machine with a new PC, it +is possible to add this server as a read-only anonymous file server that is hosted on the Samba server. Here +are some parameters: +</para> + +<para> +The Samba server is called <literal>ELASTIC</literal>, its workgroup name is <literal>ROBINSNEST</literal>. +The CDROM server is called <literal>CDSERVER</literal> and its workgroup is <literal>ARTSDEPT</literal>. A +possible implementation is shown here: +</para> + +<para> +The &smb.conf; file for the master server is shown in <link linkend="elastic">Elastic smb.conf File</link>. +This file is placed in the <filename>/etc/samba</filename> directory. Only the &nmbd; and the &smbd; daemons +are needed. When started the server will appear in Windows Network Neighborhood as the machine +<literal>ELASTIC</literal> under the workgroup <literal>ROBINSNEST</literal>. It is helpful if the Windows +clients that must access this server are also in the workgroup <literal>ROBINSNEST</literal> as this will make +browsing much more reliable. +</para> + +<example id="elastic"> +<title>Elastic smb.conf File</title> +<smbconfblock> +<smbconfcomment>Global parameters</smbconfcomment> +<smbconfsection name="[global]"/> +<smbconfoption name="workgroup">ROBINSNEST</smbconfoption> +<smbconfoption name="netbios name">ELASTIC</smbconfoption> +<smbconfoption name="netbios aliases">CDSERVER</smbconfoption> +<smbconfoption name="smb ports">139</smbconfoption> +<smbconfoption name="printcap name">cups</smbconfoption> +<smbconfoption name="disable spoolss">Yes</smbconfoption> +<smbconfoption name="show add printer wizard">No</smbconfoption> +<smbconfoption name="printing">cups</smbconfoption> +<smbconfoption name="include">/etc/samba/smb-%L.conf</smbconfoption> + +<smbconfsection name="[homes]"/> +<smbconfoption name="comment">Home Directories</smbconfoption> +<smbconfoption name="valid users">%S</smbconfoption> +<smbconfoption name="read only">No</smbconfoption> +<smbconfoption name="browseable">No</smbconfoption> + +<smbconfsection name="[office]"/> +<smbconfoption name="comment">Data</smbconfoption> +<smbconfoption name="path">/data</smbconfoption> +<smbconfoption name="read only">No</smbconfoption> + +<smbconfsection name="[printers]"/> +<smbconfoption name="comment">All Printers</smbconfoption> +<smbconfoption name="path">/var/spool/samba</smbconfoption> +<smbconfoption name="create mask">0600</smbconfoption> +<smbconfoption name="guest ok">Yes</smbconfoption> +<smbconfoption name="printable">Yes</smbconfoption> +<smbconfoption name="use client driver">Yes</smbconfoption> +<smbconfoption name="browseable">No</smbconfoption> +</smbconfblock> +</example> + +<para> +The configuration file for the CDROM server is listed in <link linkend="cdserver">CDROM Server +smb-cdserver.conf file</link>. This file is called <filename>smb-cdserver.conf</filename> and it should be +located in the <filename>/etc/samba</filename> directory. Machines that are in the workgroup +<literal>ARTSDEPT</literal> will be able to browse this server freely. +</para> + +<example id="cdserver"> +<title>CDROM Server smb-cdserver.conf file</title> +<smbconfblock> +<smbconfcomment>Global parameters</smbconfcomment> +<smbconfsection name="[global]"/> +<smbconfoption name="workgroup">ARTSDEPT</smbconfoption> +<smbconfoption name="netbios name">CDSERVER</smbconfoption> +<smbconfoption name="map to guest">Bad User</smbconfoption> +<smbconfoption name="guest ok">Yes</smbconfoption> + +<smbconfsection name="[carousel]"/> +<smbconfoption name="comment">CDROM Share</smbconfoption> +<smbconfoption name="path">/export/cddata</smbconfoption> +<smbconfoption name="read only">Yes</smbconfoption> +<smbconfoption name="guest ok">Yes</smbconfoption> +</smbconfblock> +</example> + +<para> +The two servers have different resources and are in separate workgroups. The server <literal>ELASTIC</literal> +can only be accessed by uses who have an appropriate account on the host server. All users will be able to +access the CDROM data that is stored in the <filename>/export/cddata</filename> directory. File system +permissions should set so that the <literal>others</literal> user has read-only access to the directory and its +contents. The files can be owned by root (any user other than the nobody account). +</para> + +</sect2> + +<sect2> +<title>Multiple Virtual Server Hosting</title> + +<para> +In this example, the requirement is for a primary domain controller for the domain called +<literal>MIDEARTH</literal>. The PDC will be called <literal>MERLIN</literal>. An extra machine called +<literal>SAURON</literal> is required. Each machine will have only its own shares. Both machines belong to the +same domain/workgroup. +</para> + +<para> +The master &smb.conf; file is shown in <link linkend="mastersmbc">the Master smb.conf File Global Section</link>. +The two files that specify the share information for each server are shown in <link linkend="merlinsmbc">the +smb-merlin.conf File Share Section</link>, and <link linkend="sauronsmbc">the smb-sauron.conf File Share +Section</link>. All three files are locate in the <filename>/etc/samba</filename> directory. +</para> + +<example id="mastersmbc"> +<title>Master smb.conf File Global Section</title> +<smbconfblock> +<smbconfcomment>Global parameters</smbconfcomment> +<smbconfsection name="[global]"/> +<smbconfoption name="workgroup">MIDEARTH</smbconfoption> +<smbconfoption name="netbios name">MERLIN</smbconfoption> +<smbconfoption name="netbios aliases">SAURON</smbconfoption> +<smbconfoption name="passdb backend">tdbsam</smbconfoption> +<smbconfoption name="smb ports">139</smbconfoption> +<smbconfoption name="syslog">0</smbconfoption> +<smbconfoption name="printcap name">CUPS</smbconfoption> +<smbconfoption name="show add printer wizard">No</smbconfoption> +<smbconfoption name="add user script">/usr/sbin/useradd -m '%u'</smbconfoption> +<smbconfoption name="delete user script">/usr/sbin/userdel -r '%u'</smbconfoption> +<smbconfoption name="add group script">/usr/sbin/groupadd '%g'</smbconfoption> +<smbconfoption name="delete group script">/usr/sbin/groupdel '%g'</smbconfoption> +<smbconfoption name="add user to group script">/usr/sbin/usermod -G '%g' '%u'</smbconfoption> +<smbconfoption name="add machine script">/usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</smbconfoption> +<smbconfoption name="logon script">scripts\login.bat</smbconfoption> +<smbconfoption name="logon path"> </smbconfoption> +<smbconfoption name="logon drive">X:</smbconfoption> +<smbconfoption name="domain logons">Yes</smbconfoption> +<smbconfoption name="preferred master">Yes</smbconfoption> +<smbconfoption name="wins support">Yes</smbconfoption> +<smbconfoption name="printing">CUPS</smbconfoption> +<smbconfoption name="include">/etc/samba/smb-%L.conf</smbconfoption> +</smbconfblock> +</example> + +<example id="merlinsmbc"> +<title>MERLIN smb-merlin.conf File Share Section</title> +<smbconfblock> +<smbconfcomment>Global parameters</smbconfcomment> +<smbconfsection name="[global]"/> +<smbconfoption name="workgroup">MIDEARTH</smbconfoption> +<smbconfoption name="netbios name">MERLIN</smbconfoption> + +<smbconfsection name="[homes]"/> +<smbconfoption name="comment">Home Directories</smbconfoption> +<smbconfoption name="valid users">%S</smbconfoption> +<smbconfoption name="read only">No</smbconfoption> +<smbconfoption name="browseable">No</smbconfoption> + +<smbconfsection name="[office]"/> +<smbconfoption name="comment">Data</smbconfoption> +<smbconfoption name="path">/data</smbconfoption> +<smbconfoption name="read only">No</smbconfoption> + +<smbconfsection name="[netlogon]"/> +<smbconfoption name="comment">NETLOGON</smbconfoption> +<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption> +<smbconfoption name="read only">Yes</smbconfoption> +<smbconfoption name="browseable">No</smbconfoption> + +<smbconfsection name="[printers]"/> +<smbconfoption name="comment">All Printers</smbconfoption> +<smbconfoption name="path">/var/spool/samba</smbconfoption> +<smbconfoption name="printable">Yes</smbconfoption> +<smbconfoption name="use client driver">Yes</smbconfoption> +<smbconfoption name="browseable">No</smbconfoption> +</smbconfblock> +</example> + +<example id="sauronsmbc"> +<title>SAURON smb-sauron.conf File Share Section</title> +<smbconfblock> +<smbconfcomment>Global parameters</smbconfcomment> +<smbconfsection name="[global]"/> +<smbconfoption name="workgroup">MIDEARTH</smbconfoption> +<smbconfoption name="netbios name">SAURON</smbconfoption> + +<smbconfsection name="[www]"/> +<smbconfoption name="comment">Web Pages</smbconfoption> +<smbconfoption name="path">/srv/www/htdocs</smbconfoption> +<smbconfoption name="read only">No</smbconfoption> +</smbconfblock> +</example> + +</sect2> + +</sect1> + +</chapter> diff --git a/docs/Samba3-HOWTO/conventions.xml b/docs/Samba3-HOWTO/conventions.xml index d4bbde8f85..1b3848405c 100644 --- a/docs/Samba3-HOWTO/conventions.xml +++ b/docs/Samba3-HOWTO/conventions.xml @@ -11,9 +11,16 @@ <itemizedlist> <listitem> <para> - TOSHARG is used as an abbreviation for the book, <quote>The Official Samba-3 - HOWTO and Reference Guide,</quote> Editors: John H. Terpstra and Jelmer R. Vernooij, - Publisher: Prentice Hall, ISBN: 0131453556. + TOSHARG2 is used as an abbreviation for the book, <quote>The Official Samba-3 + HOWTO and Reference Guide, Second Edition</quote> Editors: John H. Terpstra and Jelmer R. Vernooij, + Publisher: Prentice Hall, ISBN: 0131882228. + </para> + </listitem> + + <listitem> + <para> + S3bE2 is used as an abbreviation for the book, <quote>Samba-3 by Example, Second Edition</quote> + Editors: John H. Terpstra, Publisher: Prentice Hall, ISBN: 013188221X. </para> </listitem> diff --git a/docs/Samba3-HOWTO/index.xml b/docs/Samba3-HOWTO/index.xml index 5404639325..609f7b174e 100644 --- a/docs/Samba3-HOWTO/index.xml +++ b/docs/Samba3-HOWTO/index.xml @@ -128,7 +128,7 @@ The chapters in this part each cover specific Samba features. <xi:include href="TOSHARG-Backup.xml"/> <xi:include href="TOSHARG-HighAvailability.xml"/> <xi:include href="TOSHARG-LargeFile.xml"/> - <!-- <xi:include href="TOSHARG-SecureLDAP.xml"/> --> + <xi:include href="TOSHARG-ConfigSmarts.xml"/> </part> |