From 0d38339f541c530f39b79300ed3b4afa21507932 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Tue, 17 May 2005 09:27:28 +0000 Subject: Final progress update. (This used to be commit 024161477fca9629d8a0121ad49cfdcc5bc2cb3b) --- docs/Samba-HOWTO-Collection/TOSHARG-Compiling.xml | 8 ++-- docs/Samba-HOWTO-Collection/TOSHARG-FastStart.xml | 54 +++++++++++++++------- .../TOSHARG-NetworkBrowsing.xml | 2 +- docs/Samba-HOWTO-Collection/TOSHARG-PolicyMgmt.xml | 2 +- .../TOSHARG-TheNetCommand.xml | 50 ++++++++++---------- .../TOSHARG-upgrading-to-3.0.xml | 12 ++--- 6 files changed, 75 insertions(+), 53 deletions(-) diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-Compiling.xml b/docs/Samba-HOWTO-Collection/TOSHARG-Compiling.xml index 9fbadfb661..8b6a82df81 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-Compiling.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-Compiling.xml @@ -184,7 +184,7 @@ With that said, go ahead and download the following files: -&prompt;wget http://us1.samba.org/samba/ftp/samba-3.0.0.tar.asc +&prompt;wget http://us1.samba.org/samba/ftp/samba-3.0.20.tar.asc &prompt;wget http://us1.samba.org/samba/ftp/samba-pubkey.asc @@ -204,8 +204,8 @@ and verify the Samba source code integrity with: -&prompt;gzip -d samba-3.0.0.tar.gz -&prompt;gpg --verify samba-3.0.0.tar.asc +&prompt;gzip -d samba-3.0.20.tar.gz +&prompt;gpg --verify samba-3.0.20.tar.asc @@ -233,7 +233,7 @@ example of what you would not want to see would be: tool kit. Where the necessary version of autoconf is present, the configure script can be generated by executing the following: -&rootprompt; cd samba-3.0.0 +&rootprompt; cd samba-3.0.20 &rootprompt; ./autogen.sh diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-FastStart.xml b/docs/Samba-HOWTO-Collection/TOSHARG-FastStart.xml index a50b4fa553..4469bc88ef 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-FastStart.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-FastStart.xml @@ -17,6 +17,25 @@ context of the chapter that covers it. We hope that this chapter is the medicine that has been requested. + +The information in this chapter is very sparse compared with the book Samba-3 by Example +that was written after the original version of this book was nearly complete. Samba-3 by Example +was the result of feedback from reviewers during the final copy editing of the first edition. It +was interesting to see that reader feedback mirrored that given be the original reviewers. +In any case, a month and a half was spent in doing basic research to better understand what +new as well as experienced network administrators would best benefit from. The book Samba-3 by Example +is the result of that research. What is presented in the few pages of this book is covered +far more comprehensively in the second edition of Samba-3 by Example. The second edition +of both books will be released at the same time. + + + +So in summary, the book The Official Samba-3 HOWTO & Reference Guide is intended +as the equivalent of a auto mechanics' repair guide. The book Samba-3 by Example is the +equivalent of the drivers guide that explains how to drive the car. If you want complete network +configuration examples go to Samba-3 by Example. + + Features and Benefits @@ -25,7 +44,7 @@ Samba needs very little configuration to create a basic working system. In this chapter we progress from the simple to the complex, for each providing all steps and configuration file changes needed to make each work. Please note that a comprehensively configured system will likely employ additional smart -features. The additional features are covered in the remainder of this document. +features. These additional features are covered in the remainder of this document. @@ -62,8 +81,8 @@ mirror of the system described in , @@ -183,9 +202,8 @@ of the packages that are provided by the operating system vendor, or through oth &rootprompt;testparm - Note any error messages that might be produced. Do not proceed until you - obtain error-free output. An example of the output with the following file - will list the file. + Note any error messages that might be produced. Proceed only if error-free output has been + obtained. An example of the output with the following file will list the file. Load smb config files from /etc/samba/smb.conf Processing section "[data]" @@ -359,8 +377,10 @@ Added user jackb. Directory permissions should be set for public read-write with the sticky-bit set as shown: -&rootprompt;chmod a+rw TX /var/spool/samba +&rootprompt;chmod a+trw TX /var/spool/samba + The purpose of setting the sticky bit is to prevent who does not own the temporary print file + from being able to take control of it with the potential for devious mis-use. @@ -499,7 +519,7 @@ Added user ameds. Start Samba using the operating system administrative interface. - Alternately, this can be done manually by running: + Alternately, this can be done manually by executing: smbd nmbd starting sambasmbd @@ -507,6 +527,9 @@ Added user ameds. &rootprompt; nmbd; smbd; + Both applications automatically will execute as daemons. Those who are paranoid about + maintaining control can add the -D flag to coerce them to start + up in daemon mode. @@ -522,18 +545,18 @@ Added user ameds. Check that Samba is running correctly: &rootprompt;smbclient -L localhost -U% -Domain=[MIDEARTH] OS=[UNIX] Server=[Samba-3.0.0] +Domain=[MIDEARTH] OS=[UNIX] Server=[Samba-3.0.20] Sharename Type Comment --------- ---- ------- public Disk Data -IPC$ IPC IPC Service (Samba-3.0.0) -ADMIN$ IPC IPC Service (Samba-3.0.0) +IPC$ IPC IPC Service (Samba-3.0.20) +ADMIN$ IPC IPC Service (Samba-3.0.20) hplj4 Printer hplj4 Server Comment --------- ------- -OLORIN Samba-3.0.0 +OLORIN Samba-3.0.20 Workgroup Master --------- ------- @@ -545,10 +568,10 @@ MIDEARTH OLORIN Connect to OLORIN as maryo: &rootprompt;smbclient //olorin/maryo -Umaryo%secret -OS=[UNIX] Server=[Samba-3.0.0] +OS=[UNIX] Server=[Samba-3.0.20] smb: \> dir -. D 0 Sat Jun 21 10:58:16 2003 -.. D 0 Sat Jun 21 10:54:32 2003 +. D 0 Sat Jun 21 10:58:16 2003 +.. D 0 Sat Jun 21 10:54:32 2003 Documents D 0 Fri Apr 25 13:23:58 2003 DOCWORK D 0 Sat Jun 14 15:40:34 2003 OpenOffice.org D 0 Fri Apr 25 13:55:16 2003 @@ -654,7 +677,6 @@ smb: \> q 15000-20000 15000-20000 Yes -Yes cups diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-NetworkBrowsing.xml b/docs/Samba-HOWTO-Collection/TOSHARG-NetworkBrowsing.xml index 6470295d66..9592982429 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-NetworkBrowsing.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-NetworkBrowsing.xml @@ -229,7 +229,7 @@ the use of the and the replicationWINS As of Samba-3 WINS replication is being worked on. The bulk of the code has been committed, but it still needs maturation. This is not a supported feature -of the Samba-3.0.0 release. Hopefully, this will become a supported feature +of the Samba-3.0.20 release. Hopefully, this will become a supported feature of one of the Samba-3 release series. diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-PolicyMgmt.xml b/docs/Samba-HOWTO-Collection/TOSHARG-PolicyMgmt.xml index c4fb0aeaaa..c529963155 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-PolicyMgmt.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-PolicyMgmt.xml @@ -350,7 +350,7 @@ Common restrictions that are frequently used include: -Samba-3.0.0 does not yet implement all account controls that are common to MS Windows NT4/200x/XP. +Samba-3.0.20 does not yet implement all account controls that are common to MS Windows NT4/200x/XP. While it is possible to set many controls using the Domain User Manager for MS Windows NT4, only password expiry is functional today. Most of the remaining controls at this time have only stub routines that may eventually be completed to provide actual control. Do not be misled by the fact that a diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml b/docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml index 68b6e4ca33..e811fa150c 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml @@ -19,7 +19,7 @@ control application. -Originally introduced with the intent to mimick the Microsoft Windows command that has the same name, the +Originally introduced with the intent to mimic the Microsoft Windows command that has the same name, the net command has morphed into a very powerful instrument that has become an essential part of the Samba network administrator's toolbox. The Samba Team have introduced tools, such as smbgroupedit, rpcclient from which really useful have been integrated into the @@ -61,7 +61,7 @@ the infliction of self induced pain, agony and desperation. Be warned, this is a - The establishment of interdomain trusts is achieved using the net command also, as + The establishment of inter-domain trusts is achieved using the net command also, as may a plethora of typical administrative duties such as: user management, group management, share and printer management, file and printer migration, security identifier management, and so on. @@ -103,7 +103,7 @@ the infliction of self induced pain, agony and desperation. Be warned, this is a - Sambas' net tool implements sufficient capability to permit all common adminstrative + Sambas' net tool implements sufficient capability to permit all common administrative tasks to be completed from the command line. In this section each of the essential user and group management facilities are explored. @@ -180,7 +180,7 @@ Engineers:x:1002:jht SupportEngrs:x:1003: The following demonstrates that the use of the net command to add a group account -results in immediate mapping of the POSIX group that has been created to the Windows group account as whown +results in immediate mapping of the POSIX group that has been created to the Windows group account as shown here: &rootprompt; net groupmap list @@ -345,7 +345,7 @@ Engineers (S-1-5-21-72630-412605-116429-3001) -> Engineers &rootprompt; net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot%not24get Could not add ajt to MIDEARTH\Engineers: NT_STATUS_MEMBER_IN_GROUP - This showns that the group mapping between UNIX/Linux groups and Windows groups is effective and + This shows that the group mapping between UNIX/Linux groups and Windows groups is effective and transparent. @@ -474,7 +474,7 @@ DOM\jht the only account information the UNIX/Linux Samba server needs is a UID. The UID is available either from a system (POSIX) account, or from a pool (range) of UID numbers that is set aside for the purpose of being allocated for use by Windows user accounts. In the case of the UID pool, the UID for a - particular user will be allocated by windbindd. + particular user will be allocated by winbindd. @@ -537,7 +537,7 @@ Deleted user account Managing User Accounts - Two basic user accont operations are routinely used, change of password and querying which groups a user + Two basic user account operations are routinely used, change of password and querying which groups a user is a member of. The change of password operation is shown in . @@ -565,7 +565,7 @@ Emergency Services In some situations it is unavoidable that a users' Windows logon name will differ from the login ID that user has on the Samba server. It is possible to create a special file on the Samba server that will permit the Windows user name to be mapped to a different UNIX/Linux user name. The &smb.conf; - file must also be ammended so that the [global] stanza contains the parameter: + file must also be amended so that the [global] stanza contains the parameter: username map = /etc/samba/smbusers @@ -715,7 +715,7 @@ SeDiskOperatorPrivilege There are essentially two types of trust relationships. The first between domain controllers and domain member machines (network clients), the second trusts between domains (called inter-domain trusts). All - Samba servers that pasticipate in domain security require a domain membership trust account, as do like + Samba servers that participate in domain security require a domain membership trust account, as do like Windows NT/2KX/XPP workstations. @@ -865,7 +865,7 @@ damnation$:1016:9AC1F121DF897688AAD3B435B51404EE: \ - If the trusting domain is not capable of being reached the following command will failL + If the trusting domain is not capable of being reached the following command will fail &rootprompt; net rpc trustdom list -Uroot%not24get Trusted domains list: @@ -876,7 +876,7 @@ Trusting domains list: DAMNATION S-1-5-21-1385457007-882775198-1210191635 - The above command executed successfuly; a failure is indicated when the following response is obtained: + The above command executed successfully; a failure is indicated when the following response is obtained: net rpc trustdom list -Uroot%not24get Trusted domains list: @@ -987,7 +987,7 @@ Storing SID S-1-5-21-726309263-4128913605-1168186429 \ for Domain MIDEARTH in secrets.tdb Usually it is not necessary to specify the target server (-S FRODO) or the administrator account - redentials (-Uroot%not24get). + credentials (-Uroot%not24get). @@ -1018,7 +1018,7 @@ Storing SID S-1-5-21-726309263-4128913605-1168186429 \ A share can be added using the net rpc share command capabilities. The target machine may be local or remote and is specified by the -S option. It must be noted that the addition and deletion of shares using this tool depends on the availability of a suitable - interface script. The interface scripts Samba's smbd uses are called: + interface script. The interface scripts Sambas smbd uses are called: and . A set of example scripts are provided in the Samba source code tarball in the directory ~samba/examples/scripts. @@ -1106,7 +1106,7 @@ kyocera A set of command-line switches permit the creation of almost direct clones of Windows file servers. For example, when migrating a file-server, file ACLs and DOS file attributes from - the Windows server can be included in the migration process and will reappear, almost identicaly + the Windows server can be included in the migration process and will reappear, almost identically on the Samba server when the migration has been completed. @@ -1118,13 +1118,13 @@ kyocera been implemented, the possibility now exists to use a Samba server as a man-in-middle migration service that affects a transfer of data from one server to another. For example, if the Samba server is called MESSER, the source Windows NT4 server is called PEPPY, and the target Samba - server is called GONZALES, the machien MESSER can be used to affect the migration of all data + server is called GONZALES, the machine MESSER can be used to affect the migration of all data (files and shares) from PEPPY to GONZALES. If the target machine is not specified, the local server is assumed by default. - The success of server migration requires a firm understanding of the structure of ther source + The success of server migration requires a firm understanding of the structure of the source server (or domain) as well as the processes on which the migration is critically dependant. @@ -1174,10 +1174,10 @@ kyocera The syntax of the share migration command is shown here: -net rpc share MIGRATE SHARES <sharename> -S <source> +net rpc share MIGRATE SHARES <share-name> -S <source> [--destination=localhost] [--exclude=share1,share2] [-v] - When the parameter <sharename> is ommited, all shares will be migrated. The potentially + When the parameter <share-name> is omitted, all shares will be migrated. The potentially large list of available shares on the system that is being migrated can be limited using the --exclude switch. For example: @@ -1236,11 +1236,11 @@ net rpc share MIGRATE SHARES <sharename> -S <source> The syntax for the migration commands is shown here: -net rpc share MIGRATE FILES <sharename> -S <source> +net rpc share MIGRATE FILES <share-name> -S <source> [--destination=localhost] [--exclude=share1,share2] [--acls] [--attrs] [--timestamps] [-v] - If the <sharename> parameter is ommited, all shares will be migrated. The potentially large + If the <share-name> parameter is omitted, all shares will be migrated. The potentially large list of shares on the source system can be restricted using the --exclude command switch. @@ -1248,7 +1248,7 @@ net rpc share MIGRATE FILES <sharename> -S <source> Where it is necessary to preserve all file ACLs, the --acls switch should be added to the above command line. Original file time stamps can be preserved by specifying the - --timestamps switch, and the DOS file attributs (i.e.: hidden, archive, etc.) cab + --timestamps switch, and the DOS file attributes (i.e.: hidden, archive, etc.) cab be preserved by specifying the --attrs switch. @@ -1291,7 +1291,7 @@ net rpc share MIGRATE FILES <sharename> -S <source> This operating mode shown here is just a combination of the two above. It first migrates share-definitions and then all shared files and directories afterwards: -net rpc share MIGRATE ALL <sharename> -S <source> +net rpc share MIGRATE ALL <share-name> -S <source> [--exclude=share1, share2] [--acls] [--attrs] [--timestamps] [-v] @@ -1329,7 +1329,7 @@ net rpc share MIGRATE ALL <sharename> -S <source> currently in use thus necessitating the installation of newer drivers. Newer drivers often implement printing features that will necessitate a change in the printer usage. Additionally, with very complex printer configurations it becomes almost impossible to re-create the same environment - not matter - how extensivly it has been documented. + how extensively it has been documented. @@ -1522,10 +1522,10 @@ Tue May 17 00:50:43 2005 The time can be set on a target server by executing: -&rootprompt; net time set -S MAGGOT -U Adminsitrator%not24get +&rootprompt; net time set -S MAGGOT -U Administrator%not24get Tue May 17 00:55:30 MDT 2005 - It is possible to obtain the timezone a server is in by executing the following command against it: + It is possible to obtain the time-zone a server is in by executing the following command against it: &rootprompt; net time zone -S SAURON -0600 diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-upgrading-to-3.0.xml b/docs/Samba-HOWTO-Collection/TOSHARG-upgrading-to-3.0.xml index fa87a220ea..6f3853fd6f 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-upgrading-to-3.0.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-upgrading-to-3.0.xml @@ -8,19 +8,19 @@ June 30, 2003 -Upgrading from Samba-2.x to Samba-3.0.0 +Upgrading from Samba-2.x to Samba-3.0.20 -This chapter deals exclusively with the differences between Samba-3.0.0 and Samba-2.2.8a. +This chapter deals exclusively with the differences between Samba-3.0.20 and Samba-2.2.8a. It points out where configuration parameters have changed, and provides a simple guide for -the move from 2.2.x to 3.0.0. +the move from 2.2.x to 3.0.20. Quick Migration Guide -Samba-3.0.0 default behavior should be approximately the same as Samba-2.2.x. +Samba-3.0.20 default behavior should be approximately the same as Samba-2.2.x. The default behavior when the new parameter is not defined in the &smb.conf; file provides the same default behavior as Samba-2.2.x with Yes, and @@ -29,7 +29,7 @@ will use the smbpasswd database. So why say that behavior should be approximately the same as Samba-2.2.x? Because -Samba-3.0.0 can negotiate new protocols, such as support for native Unicode, that may result in +Samba-3.0.20 can negotiate new protocols, such as support for native Unicode, that may result in differing protocol code paths being taken. The new behavior under such circumstances is not exactly the same as the old one. The good news is that the domain and machine SIDs will be preserved across the upgrade. @@ -138,7 +138,7 @@ Plus lots of other improvements! This section contains a brief listing of changes to &smb.conf; options -in the 3.0.0 release. Please refer to the smb.conf(5) man page for +in the 3.0.20 release. Please refer to the smb.conf(5) man page for complete descriptions of new or modified parameters. -- cgit