From 56a251ee25533890044a1b4b21e4ab772c1979e2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 5 Apr 2003 00:48:15 +0000 Subject: Some layout updates (This used to be commit 5827981c0dc8fd7e2af0c4490225566dafe9c334) --- docs/docbook/projdoc/ADS-HOWTO.sgml | 30 ++++++----- docs/docbook/projdoc/AdvancedNetworkAdmin.sgml | 2 +- docs/docbook/projdoc/Browsing-Quickguide.sgml | 72 +++++++++++++++----------- 3 files changed, 59 insertions(+), 45 deletions(-) diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index a0bba36e99..5e93c62876 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -2,7 +2,8 @@ &author.tridge; - 2002 + &author.jelmer; + 2002/2003 Samba as a ADS domain member @@ -43,7 +44,7 @@ In case samba can't figure out your ads server using your realm name, use the Setup your <filename>/etc/krb5.conf</filename> -The minimal configuration for krb5.conf is: +The minimal configuration for krb5.conf is: [realms] @@ -52,7 +53,7 @@ In case samba can't figure out your ads server using your realm name, use the } -Test your config by doing a "kinit USERNAME@REALM" and making sure that +Test your config by doing a kinit USERNAME@REALM and making sure that your password is accepted by the Win2000 KDC. The realm must be uppercase. @@ -66,21 +67,24 @@ followed by the realm. -The easiest way to ensure you get this right is to add a /etc/hosts -entry mapping the IP address of your KDC to its netbios name. If you -don't get this right then you will get a "local error" when you try -to join the realm. +The easiest way to ensure you get this right is to add a +/etc/hosts entry mapping the IP address of your KDC to +its netbios name. If you don't get this right then you will get a +"local error" when you try to join the realm. If all you want is kerberos support in smbclient then you can skip -straight to step 5 now. Step 3 is only needed if you want kerberos +straight to Test with smbclient now. +Creating a computer account +and testing your servers +is only needed if you want kerberos support for smbd and winbindd. - + Create the computer account @@ -103,19 +107,19 @@ As a user that has write permission on the Samba private directory - + Test your server setup -On a Windows 2000 client try net use * \\server\share. You should +On a Windows 2000 client try net use * \\server\share. You should be logged in with kerberos without needing to know a password. If -this fails then run klist tickets. Did you get a ticket for the +this fails then run klist tickets. Did you get a ticket for the server? Does it have an encoding type of DES-CBC-MD5 ? - + Testing with smbclient diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml index 525ab6dd37..58bc9a444e 100644 --- a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml +++ b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml @@ -35,7 +35,7 @@ Samba stores the per share access control settings in a file called sh The location of this file on your system will depend on how samba was compiled. The default location for samba's tdb files is under /usr/local/samba/var. If the tdbdump utility has been compiled and installed on your system then you can examine the contents of this file -by: tdbdump share_info.tdb. +by: tdbdump share_info.tdb. diff --git a/docs/docbook/projdoc/Browsing-Quickguide.sgml b/docs/docbook/projdoc/Browsing-Quickguide.sgml index 3a26ebcb21..a2b67983f8 100644 --- a/docs/docbook/projdoc/Browsing-Quickguide.sgml +++ b/docs/docbook/projdoc/Browsing-Quickguide.sgml @@ -35,9 +35,11 @@ TCP/IP this uses UDP based messaging. UDP messages can be broadcast or unicast. Normally, only unicast UDP messaging can be forwarded by routers. The -"remote announce" parameter to smb.conf helps to project browse announcements -to remote network segments via unicast UDP. Similarly, the "remote browse sync" -parameter of smb.conf implements browse list collation using unicast UDP. +remote announce +parameter to smb.conf helps to project browse announcements +to remote network segments via unicast UDP. Similarly, the +remote browse sync parameter of smb.conf +implements browse list collation using unicast UDP. @@ -45,18 +47,19 @@ Secondly, in those networks where Samba is the only SMB server technology wherever possible nmbd should be configured on one (1) machine as the WINS server. This makes it easy to manage the browsing environment. If each network segment is configured with it's own Samba WINS server, then the only way to -get cross segment browsing to work is by using the "remote announce" and -the "remote browse sync" parameters to your smb.conf file. +get cross segment browsing to work is by using the +remote announce and the remote browse sync +parameters to your smb.conf file. If only one WINS server is used for an entire multi-segment network then -the use of the "remote announce" and the "remote browse sync" parameters -should NOT be necessary. +the use of the remote announce and the +remote browse sync parameters should NOT be necessary. -As of Samba-3 WINS replication is being worked on. The bulk of the code has +As of Samba 3 WINS replication is being worked on. The bulk of the code has been committed, but it still needs maturation. @@ -64,8 +67,9 @@ been committed, but it still needs maturation. Right now samba WINS does not support MS-WINS replication. This means that when setting up Samba as a WINS server there must only be one nmbd configured as a WINS server on the network. Some sites have used multiple Samba WINS -servers for redundancy (one server per subnet) and then used "remote browse -sync" and "remote announce" to affect browse list collation across all +servers for redundancy (one server per subnet) and then used +remote browse sync and remote announce +to affect browse list collation across all segments. Note that this means clients will only resolve local names, and must be configured to use DNS to resolve names on other subnets in order to resolve the IP addresses of the servers they can see on other @@ -102,7 +106,8 @@ well as name lookups are done by UDP broadcast. This isolates name resolution to the local subnet, unless LMHOSTS is used to list all names and IP addresses. In such situations Samba provides a means by which the samba server name may be forcibly injected into the browse -list of a remote MS Windows network (using the "remote announce" parameter). +list of a remote MS Windows network (using the +remote announce parameter). @@ -140,14 +145,14 @@ inability to use the network services. Samba supports a feature that allows forced synchonisation -of browse lists across routed networks using the "remote -browse sync" parameter in the smb.conf file. This causes Samba -to contact the local master browser on a remote network and +of browse lists across routed networks using the remote +browse sync parameter in the smb.conf file. +This causes Samba to contact the local master browser on a remote network and to request browse list synchronisation. This effectively bridges two networks that are separated by routers. The two remote networks may use either broadcast based name resolution or WINS -based name resolution, but it should be noted that the "remote -browse sync" parameter provides browse list synchronisation - and +based name resolution, but it should be noted that the remote +browse sync parameter provides browse list synchronisation - and that is distinct from name to address resolution, in other words, for cross subnet browsing to function correctly it is essential that a name to address resolution mechanism be provided. @@ -158,22 +163,24 @@ and so on. -Use of the "Remote Announce" parameter +Use of the <command>Remote Announce</command> parameter -The "remote announce" parameter of smb.conf can be used to forcibly ensure +The remote announce parameter of +smb.conf can be used to forcibly ensure that all the NetBIOS names on a network get announced to a remote network. -The syntax of the "remote announce" parameter is: +The syntax of the remote announce parameter is: - remote announce = a.b.c.d [e.f.g.h] ... + remote announce = a.b.c.d [e.f.g.h] ... _or_ - remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ... + remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ... where: -a.b.c.d and e.f.g.h +a.b.c.d and +e.f.g.h is either the LMB (Local Master Browser) IP address or the broadcst address of the remote network. ie: the LMB is at 192.168.1.10, or the address @@ -187,7 +194,7 @@ the IP address of the remote LMB. -WORKGROUP +WORKGROUP is optional and can be either our own workgroup or that of the remote network. If you use the workgroup name of the remote network then our @@ -202,23 +209,24 @@ name resolution problems and should be avoided. -Use of the "Remote Browse Sync" parameter +Use of the <command>Remote Browse Sync</command> parameter -The "remote browse sync" parameter of smb.conf is used to announce to +The remote browse sync parameter of +smb.conf is used to announce to another LMB that it must synchronise it's NetBIOS name list with our Samba LMB. It works ONLY if the Samba server that has this option is simultaneously the LMB on it's network segment. -The syntax of the "remote browse sync" parameter is: +The syntax of the remote browse sync parameter is: -remote browse sync = a.b.c.d +remote browse sync = a.b.c.d -where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment. +where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment. @@ -251,7 +259,8 @@ of all names that have registered the NetLogon service name_type. This saves broadcast traffic and greatly expedites logon processing. Since broadcast name resolution can not be used across network segments this type of information can only be provided via WINS _or_ via statically configured -"lmhosts" files that must reside on all clients in the absence of WINS. +lmhosts files that must reside on all clients in the +absence of WINS. @@ -275,8 +284,9 @@ errors. -To configure Samba as a WINS server just add "wins support = yes" to the -smb.conf file [globals] section. +To configure Samba as a WINS server just add +wins support = yes to the smb.conf +file [globals] section. -- cgit