From 2e629a17bb8ede16a6e82ccece82428b0801aaf3 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Fri, 4 Apr 2003 03:52:35 +0000 Subject: More docs updates. Much more under way. (This used to be commit ed6fd02ff806c7cda9fb05fe3b2bf96be164c1ec) --- docs/docbook/projdoc/AdvancedNetworkAdmin.sgml | 130 ++++++++++++++++++++++++- 1 file changed, 125 insertions(+), 5 deletions(-) (limited to 'docs/docbook/projdoc/AdvancedNetworkAdmin.sgml') diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml index 18fda67123..3c230a9110 100644 --- a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml +++ b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml @@ -12,23 +12,137 @@ April 3 2003 -Advanced Network Manangement Information +Advanced Network Manangement + + +This section attempts to document peripheral issues that are of great importance to network +administrators who want to improve network resource access control, to automate the user +environment, and to make their lives a little easier. + -Remote Server Administration +Configuring Samba Share Access Controls + + +This section deals with how to configure Samba per share access control restrictions. +By default samba sets no restrictions on the share itself. Restrictions on the share itself +can be set on MS Windows NT4/200x/XP shares. This can be a very effective way to limit who can +connect to a share. In the absence of specific restrictions the default setting is to allow +the global user Everyone Full Control (ie: Full control, Change and Read). + + + +At this time Samba does NOT provide a tool for configuring access control setting on the Share +itself. Samba does have the capacity to store and act on access control settings, but the only +way to create those settings is to use either the NT4 Server Manager or the Windows 200x MMC for +Computer Management. + + + +Samba stores the per share access control settings in a file called share_info.tdb. +The location of this file on your system will depend on how samba was compiled. The default location +for samba's tdb files is under /usr/local/samba/var. If the tdbdump +utility has been compiled and installed on your system then you can examine the contents of this file +by: tdbdump share_info.tdb. + + + +Share Permissions Management + + +The best tool for the task is platform dependant. Choose the best tool for your environmemt. + + +Windows NT4 Workstation/Server + +The tool you need to use to manage share permissions on a Samba server is the NT Server Manager. +Server Manager is shipped with Windows NT4 Server products but not with Windows NT4 Workstation. +You can obtain the NT Server Manager for MS Windows NT4 Workstation from Microsoft - see details below. + -How do I get 'User Manager' and 'Server Manager' +Instructions: + + Launch the NT4 Server Manager, click on the Samba server you want to administer, then from the menu + select Computer, then click on the Shared Directories entry. + + + + Now click on the share that you wish to manage, then click on the Properties tab, next click on + the Permissions tab. Now you can Add or change access control settings as you wish. + + + + + +Windows 200x/XP + -Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains', +On MS Windows NT4/200x/XP system access control lists on the share itself are set using native +tools, usually from filemanager. For example, in Windows 200x: right click on the shared folder, +then select 'Sharing', then click on 'Permissions'. The default Windows NT4/200x permission allows +Everyone Full Control on the Share. + + + +MS Windows 200x and later all comes with a tool called the 'Computer Management' snap-in for the +Microsoft Management Console (MMC). This tool is located by clicking on Control Panel -> +Administrative Tools -> Computer Management. + + + +Instructions: + + + After launching the MMC with the Computer Management snap-in, click on the menu item 'Action', + select 'Connect to another computer'. If you are not logged onto a domain you will be prompted + to enter a domain login user identifier and a password. This will authenticate you to the domain. + If you where already logged in with administrative privilidge this step is not offered. + + + + If the Samba server is not shown in the Select Computer box, then type in the name of the target + Samba server in the field 'Name:'. Now click on the [+] next to 'System Tools', then on the [+] + next to 'Shared Folders' in the left panel. + + + + Now in the right panel, double-click on the share you wish to set access control permissions on. + Then click on the tab 'Share Permissions'. It is now possible to add access control entities + to the shared folder. Do NOT forget to set what type of access (full control, change, read) you + wish to assign for each entry. + + + + + Be careful. If you take away all permissions from the Everyone user without removing this user + then effectively no user will be able to access the share. This is a result of what is known as + ACL precidence. ie: Everyone with NO ACCESS means that MaryK who is part of the group Everyone + will have no access even if this user is given explicit full control access. + + + + + + + + +Remote Server Administration + + +How do I get 'User Manager' and 'Server Manager'? + + + +Since I don't need to buy an NT4 Server, how do I get the 'User Manager for Domains', the 'Server Manager'? -Microsoft distributes a version of these tools called nexus for installation on Windows 95 +Microsoft distributes a version of these tools called nexus for installation on Windows 9x / Me systems. The tools set includes: @@ -52,6 +166,12 @@ from ftp://ft + +Network Logon Script Magic + + +Lots of blah blah here. + -- cgit