From 2d885476f11fce599ff6e19d74c993e9fdbe4b50 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Thu, 30 Jun 2005 22:53:26 +0000 Subject: Guenther's edits. (This used to be commit e7ef1df3a8c4fcf892945cecfc252fb9cef4941d) --- docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml | 55 +++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 14 deletions(-) (limited to 'docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml') diff --git a/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml b/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml index b2be6ecc18..1dea6a1320 100644 --- a/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml +++ b/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml @@ -309,7 +309,8 @@ SupportEngrs (S-1-5-21-72630-4128915-11681869-3007) -> SupportEngrs hosting a Samba server, are implemented using a UID/GID identity tuple. Samba does not in any way override or replace UNIX file system semantics. Thus it is necessary that all Windows networking operations that access the file system provide a mechanism that maps a Windows user to a particular UNIX/Linux group - account. The user account must also map to a locally known UID. + account. The user account must also map to a locally known UID. Note that the net + command does not call any RPC-functions here but directly accesses the passdb. @@ -366,7 +367,7 @@ SupportEngrs (S-1-5-21-72630-4128915-11681869-3007) -> SupportEngrs &rootprompt; net groupmap add ntgroup=Pixies unixgroup=pixies type=l Supported mapping types are 'd' (domain global) and 'l' (domain local), a domain local group is Samba is - treated as local to the individual Samba serverr. Local groups can be used with Samba to enable multiple + treated as local to the individual Samba server. Local groups can be used with Samba to enable multiple nested group support. @@ -394,8 +395,8 @@ SupportEngrs (S-1-5-21-72630-4128915-11681869-3007) -> SupportEngrs This command is not documented in the man pages; it is implemented in the source code, but it does not - work. The example given documents (from the source code) how it should work. Watch the release notes - of a future release to see when this may have been fixed. + work at this time. The example given documents, from the source code, how it should work. Watch the + release notes of a future release to see when this may have been fixed. @@ -640,7 +641,7 @@ exit 0 - Ensure that every Windows workstation Adminsitrator account has the same password that you + Ensure that every Windows workstation Administrator account has the same password that you have used in the script shown in the Netlogon Example smb.conf file @@ -763,6 +764,14 @@ Emergency Services + + It is also possible to rename user accounts: +netrpcuser renameoldusername newusername + Note that this operation does not yet work against Samba Servers. It is, however, possible to rename useraccounts on + Windows Servers. + + + @@ -1284,9 +1293,9 @@ Storing SID S-1-5-21-726309263-4128913605-1168186429 \ The target machine may be local or remote and is specified by the -S option. It must be noted that the addition and deletion of shares using this tool depends on the availability of a suitable interface script. The interface scripts Sambas smbd uses are called - and . - A set of example scripts are provided in the Samba source code tarball in the directory - ~samba/examples/scripts. + , and + A set of example scripts are provided in the Samba source + code tarball in the directory ~samba/examples/scripts. @@ -1368,7 +1377,7 @@ kyocera The net rpc share command may be used to migrate shares, directories, - files, printers, and all relevant data from a Windows server to a Samba server. + files, and all relevant data from a Windows server to a Samba server. @@ -1388,7 +1397,7 @@ kyocera server is called MESSER, the source Windows NT4 server is called PEPPY, and the target Samba server is called GONZALES, the machine MESSER can be used to effect the migration of all data (files and shares) from PEPPY to GONZALES. If the target machine is not specified, the local - server is assumed by default. + server is assumed by default - as net's general rule of thumb . @@ -1483,8 +1492,9 @@ net rpc share MIGRATE SHARES <share-name> -S <source> Transfer of files from one server to another has always been a challenge for MS Windows - administrators because Windows NT and 200X servers do not include the tools needed. The - xcopy is not capable of preserving file and directory ACLs. Microsoft does provide a + administrators because Windows NT and 200X servers do not always include the tools needed. The + xcopy from Windows NT is not capable of preserving file and directory ACLs, + it does so only with Windows 200x. Microsoft does provide a utility that can copy ACLs (security settings) called scopy, but it is provided only as part of the Windows NT or 200X Server Resource Kit. @@ -1554,13 +1564,30 @@ net rpc share MIGRATE FILES <share-name> -S <source> + + + Share-ACL Migration + + It is possible to have share-ACLs (security descriptors) that won't allow you, even as Administrator, to + copy any files or directories into it. Therefor the migration of the share-ACLs has been put into a separate + function: +netrpcshare migrate security + +&rootprompt; net rpc share migrate security -S nt4box -U administrator%secret + + + + + This command will only copy the share-ACL of each share on nt4box to your local samba-system. + + Simultaneous Share and File Migration - The operating mode shown here is just a combination of the previous two. It first migrates - share definitions and then all shared files and directories: + The operating mode shown here is just a combination of the previous three. It first migrates + share definitions and then all shared files and directories and finally migrates the share-ACLs: net rpc share MIGRATE ALL <share-name> -S <source> [--exclude=share1, share2] [--acls] [--attrs] [--timestamps] [-v] -- cgit