From f0b417e1272994085a03d7bac3a8c558e2dd80a3 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sat, 18 Aug 2007 19:10:12 +0000 Subject: Changes following input from Petr Klima (This used to be commit efe67f4d8f6778b0b7f091fbb829ef4441a9b201) --- docs/Samba3-ByExample/SBE-TheSmallOffice.xml | 67 ++++++++++++++-------------- 1 file changed, 33 insertions(+), 34 deletions(-) diff --git a/docs/Samba3-ByExample/SBE-TheSmallOffice.xml b/docs/Samba3-ByExample/SBE-TheSmallOffice.xml index 1794700ec0..ca39af3063 100644 --- a/docs/Samba3-ByExample/SBE-TheSmallOffice.xml +++ b/docs/Samba3-ByExample/SBE-TheSmallOffice.xml @@ -5,11 +5,11 @@ focused on the basics of simple yet effective - network solutions. Network administrators who take pride in their work - (that's most of us, right?) take care to deliver what our users want, + network solutions. Network administrators who take pride in their work + (that's most of us, right?) take care to deliver what our users want, but not too much more. If we make things too complex, we confound our users - and increase costs of network ownership. A professional network manager - avoids the temptation to put too much pizazz into the way that the network + and increase costs of network ownership. A professional network manager + avoids the temptation to put too much pizazz into the way that the network operates. Some creativity is helpful, but keep it under control &smbmdash; good advice that the following two scenarios illustrate. @@ -60,10 +60,9 @@ - Some of the Windows clients are nearly past their use-by date. - You found damaged and unusable software on some of the workstations - that came with the acquired business and found some machines - in need of both hardware and software maintenance. + Some of the Windows clients are nearly past their use-by date. You found damaged and unusable software on + some of the workstations that came with the acquired business and found some machines in need of both + hardware and software maintenance. @@ -143,11 +142,11 @@ - In this instance the installed Linux system is assumed to be a Red Hat Linux Fedora Core2 server + In this instance the installed Linux system is assumed to be a Red Hat Linux Fedora Core2 server (as in ). - + - + Technical Issues @@ -165,7 +164,7 @@ - All printers will be configured as DHCP clients. The DHCP server will assign + All printers will be configured as DHCP clients. The DHCP server will assign the printer a fixed IP address by way of its Ethernet interface (MAC) address. See . @@ -189,8 +188,8 @@ Ethernet switch You have split the network into two separate areas. Each has its own Ethernet switch. There are 20 users on the accounting network and 32 users on the financial services - network. The server has two network interfaces, one serving each network. The - network printers will be located in a central area. You plan to install the new + network. The server has two network interfaces, one serving each network. The + network printers will be located in a central area. You plan to install the new printers and keep the old printer in use also. @@ -202,7 +201,7 @@ - Given that DNS will not be used, you will configure WINS name resolution for UNIX + Given that DNS will not be used, you will configure WINS name resolution for UNIX hostname name resolution. @@ -339,7 +338,7 @@ echo 1 > /proc/sys/net/ipv4/ip_forward - Install the &smb.conf; file as shown in and + Install the &smb.conf; file as shown in and . Combine these two examples to form a single /etc/samba/smb.conf file. @@ -362,7 +361,7 @@ Retype new SMB password: XXXXXXX username map - Create the username map file to permit the root account to be called + Create the username map file to permit the root account to be called Administrator from the Windows network environment. To do this, create the file /etc/samba/smbusers with the following contents: @@ -392,7 +391,7 @@ root = Administrator initGrps.sh Create and map Windows Domain Groups to UNIX groups. A sample script is provided in - . Create a file containing this script. We called ours + . Create a file containing this script. We called ours /etc/samba/initGrps.sh. Set this file so it can be executed, and then execute the script. Sample output should be as follows: @@ -422,7 +421,7 @@ net groupmap add ntgroup="Financial Services" unixgroup=finsrvcs type=d &rootprompt; chmod 755 initGrps.sh -&rootprompt; cd /etc/samba +&rootprompt; cd /etc/samba &rootprompt; ./initGrps.sh Updated mapping entry for Domain Admins Updated mapping entry for Domain Users @@ -432,7 +431,7 @@ Successfully added group Accounts Dept to the mapping db No rid or sid specified, choosing algorithmic mapping Successfully added group Domain Guests to the mapping db -&rootprompt; cd /etc/samba +&rootprompt; cd /etc/samba &rootprompt; net groupmap list | sort Account Operators (S-1-5-32-548) -> -1 Accounts Dept (S-1-5-21-194350-25496802-3394589-2003) -> acctsdep @@ -479,7 +478,7 @@ Users (S-1-5-32-545) -> -1 Create the directory mount point for the disk subsystem that is mounted to provide data storage for company files. In this case the mount point is indicated in the &smb.conf; file is /data. Format the file system as required, mount the formatted - file system partition using mount, + file system partition using mount, and make the appropriate changes in /etc/fstab. @@ -642,11 +641,11 @@ hosts: files wins wins bcast hosts CUPS No -/usr/sbin/useradd -m '%u' +/usr/sbin/useradd -m -G users '%u' /usr/sbin/userdel -r '%u' /usr/sbin/groupadd '%g' /usr/sbin/groupdel '%g' -/usr/sbin/usermod -G '%g' '%u' +/usr/sbin/usermod -A '%g' '%u' /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' scripts\login.bat @@ -730,12 +729,12 @@ Loaded services file OK. name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No - add user script = /usr/sbin/useradd -m '%u' + add user script = /usr/sbin/useradd -m -G users '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' - add user to group script = /usr/sbin/usermod -G '%g' '%u' - add machine script = /usr/sbin/useradd + add user to group script = /usr/sbin/usermod -A '%g' '%u' + add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' logon script = scripts\logon.bat logon path = @@ -776,7 +775,7 @@ $rootprompt; ps ax | grep winbind TOSHARG2, Chapter 23, Section 23.3. The single instance of smbd is normal. - + anonymous connection Check that an anonymous connection can be made to the Samba server: @@ -830,7 +829,7 @@ hplj4 (192.168.1.11) at 08:00:46:7A:35:E4 [ether] on eth0 IP address from which the printer has responded and the entry for it in the /etc/dhcpd.conf file. - + authenticated connection Make an authenticated connection to the server using the smbclient tool: @@ -850,7 +849,7 @@ smb: \> dir smb: \> q - + @@ -871,7 +870,7 @@ smb: \> q Join the Windows Domain called BILLMORE. Use the Domain Administrator username root and the SMB password you assigned to this account. A detailed step-by-step procedure for joining a Windows 200x/XP Professional client to - a Windows Domain is given in , . + a Windows Domain is given in , . Reboot the machine as prompted and then log on using a Domain User account. @@ -931,7 +930,7 @@ smb: \> q In the Network panel, enter the name of the print queue on the Samba server as follows: \\SERVER\hplj4. - Click + Click OK OK to complete the installation. @@ -1156,7 +1155,7 @@ smb: \> q - This is a nasty problem. Fortunately, there is a solution. + This is a nasty problem. Fortunately, there is a solution. @@ -1165,7 +1164,7 @@ smb: \> q - Rename the group_mapping.tdb file. + Rename the group_mapping.tdb file. @@ -1193,7 +1192,7 @@ smb: \> q The group called Administrators is representative of the same account that would be - present as the Local Group account on a Domain Member server or workstation. Samba uses only Domain + present as the Local Group account on a Domain Member server or workstation. Samba uses only Domain Groups at this time. A Workstation or Server Local Group has no meaning in a Samba context. This may change at some later date. These accounts are provided only so that security objects are correctly shown. -- cgit