From 6647e15cc7c08982038de9fd599ab36e29c0371b Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Tue, 27 May 2003 07:08:04 +0000 Subject: Another little edit. Still much more to be done. (This used to be commit d6b8a8ab492d49971f8c9a4b1aed23146a32c779) --- docs/docbook/projdoc/AdvancedNetworkAdmin.xml | 176 +++++++++++- docs/docbook/projdoc/Integrating-with-Windows.xml | 65 ++++- docs/docbook/projdoc/VFS.xml | 334 ++++++++++++---------- docs/docbook/projdoc/msdfs_setup.xml | 151 +++++----- docs/docbook/projdoc/winbind.xml | 34 +-- 5 files changed, 516 insertions(+), 244 deletions(-) (limited to 'docs/docbook/projdoc') diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.xml b/docs/docbook/projdoc/AdvancedNetworkAdmin.xml index a52728d9c9..bbaf5c2e59 100644 --- a/docs/docbook/projdoc/AdvancedNetworkAdmin.xml +++ b/docs/docbook/projdoc/AdvancedNetworkAdmin.xml @@ -7,11 +7,30 @@ Advanced Network Manangement -This section attempts to document peripheral issues that are of great importance to network +This section documents peripheral issues that are of great importance to network administrators who want to improve network resource access control, to automate the user environment, and to make their lives a little easier. + +Features and Benefits + + +Often the difference between a working network environment and a well appreciated one can +best be measured by the little things that makes everything work more +harmoniously. A key part of every network environment solution is the ability to remotely +manage MS Windows workstations, to remotely access the Samba server, to provide customised +logon scripts, as well as other house keeping activities that help to sustain more reliable +network operations. + + + +This chapter presents information on each of these area. They are placed here, and not in +other chapters, for ease of reference. + + + + Remote Server Administration @@ -47,6 +66,151 @@ from ftp://ft + + +Remote Desktop Management + + +There are a number of possible remote desktop management solutions that range from free +through costly. Do not let that put you off. Sometimes the most costly solutions is the +most cost effective. In any case, you will need to draw your own conclusions as to which +is the best tool in your network environment. + + + + Remote Management from NoMachines.Com + + + The following information was posted to the Samba mailing list at Apr 3 23:33:50 GMT 2003. + It is presented in full (with author details omitted for privacy reasons). + + + + +> I have a wounderfull linux/samba server running as pdc for a network. +> Now I would like to add remote desktop capabilites so that +> users outside could login to the system and get their desktop up from +> home or another country.. +> +> Is there a way to acomplish this? Do I need a windows terminal server? +> Do I need to configure it so that it is a member of the domain or a +> BDC,PDC? Are there any hacks for MS Windows XP to enable remote login even if +> the computer is in a domain? +> +> Any ideas/experience would be appreciated :) + + + + + Answer provided: Check out the new offer from NoMachine, "NX" software: + http://www.nomachine.com/. + + + + It implements a very easy-to-use interface to the remote X protocol as + well as incorporating VNC/RFB and rdesktop/RDP into it, but at a speed + performance much better than anything you may have ever seen... + + + + Remote X is not new at all -- but what they did achieve successfully is + a new way of compression and caching technologies which makes the thing + fast enough to run even over slow modem/ISDN connections. + + + + I could testdrive their (public) RedHat machine in Italy, over a loaded + internet connection, with enabled thumbnail previews in KDE konqueror + which popped up immediately on "mouse-over". From inside that (remote X) + session I started a rdesktop session on another, a Windows XP machine. + To test the performance, I played Pinball. I am proud to announce here + that my score was 631750 points at first try... + + + + NX performs better on my local LAN than any of the other "pure" + connection methods I am using from time to time: TightVNC, rdesktop or + remote X. It is even faster than a direct crosslink connection between + two nodes. + + + + I even got sound playing from the remote X app to my local boxes, and + had a working "copy'n'paste" from an NX window (running a KDE session + in Italy) to my Mozilla mailing agent... These guys are certainly doing + something right! + + + + I recommend to testdrive NX to anybody with a only a remote interest + in remote computing + http://www.nomachine.com/testdrive.php. + + + + Just download the free of charge client software (available for RedHat, + SuSE, Debian and Windows) and be up and running within 5 minutes (they + need to send you your account data, though, because you are assigned + a real Unix account on their testdrive.nomachine.com box... + + + + They plan to get to the point were you can have NX application servers + running as a cluster of nodes, and users simply start an NX session locally, + and can select applications to run transparently (apps may even run on + another NX node, but pretend to be on the same as used for initial login, + because it displays in the same window.... well, you also can run it + fullscreen, and after a short time you forget that it is a remote session + at all). + + + + Now the best thing at the end: all the core compression and caching + technologies are released under the GPL and available as source code + to anybody who wants to build on it! These technolgies are working, + albeit started from the command line only (and very inconvenient to + use in order to get a fully running remote X session up and running....) + + + + To answer your questions: + + + + + You don't need to install a terminal server; XP has RDP support built in. + + + + NX is much cheaper than Citrix -- and comparable in performance, probably faster + + + + You don't need to hack XP -- it just works + + + + You log into the XP box from remote transparently (and I think there is no + need to change anything to get a connection, even if authentication is against a domain) + + + + The NX core technologies are all Open Source and released under the GPL -- + you can today use a (very inconvenient) commandline to use it at no cost, + but you can buy a comfortable (proprietary) NX GUI frontend for money + + + + NoMachine are encouraging and offering help to OSS/Free Software implementations + for such a frontend too, even if it means competition to them (they have written + to this effect even to the LTSP, KDE and GNOME developer mailing lists) + + + + + + + Network Logon Script Magic @@ -181,4 +345,14 @@ See the documentation in the + Due to inconsistent netmasks, the Windows machine was on network 192.168.1.0/24, while @@ -610,6 +610,67 @@ carelessness. Of course, noone is every deliberately careless! + + Samba server name change problem + + + The name of the samba server was changed, samba was restarted, samba server can not be + pinged by new name from MS Windows NT4 Workstation, but it does still respond to ping using + the old name. Why? + + + + From this description three (3) things are rather obvious: + + + + WINS is NOT in use, only broadcast based name resolution is used + The samba server was renamed and restarted within the last 10-15 minutes + The old samba server name is still in the NetBIOS name cache on the MS Windows NT4 Workstation + + + + To find what names are present in the NetBIOS name cache on the MS Windows NT4 machine, + open a cmd shell, then: + + + + + C:\temp\>nbtstat -n + + NetBIOS Local Name Table + + Name Type Status + ------------------------------------------------ + SLACK <03> UNIQUE Registered + ADMININSTRATOR <03> UNIQUE Registered + SLACK <00> UNIQUE Registered + SARDON <00> GROUP Registered + SLACK <20> UNIQUE Registered + SLACK <1F> UNIQUE Registered + + + C:\Temp\>nbtstat -c + + NetBIOS Remote Cache Name Table + + Name Type Host Address Life [sec] + -------------------------------------------------------------- + FRODO <20> UNIQUE 192.168.1.1 240 + + C:\Temp\> + + + + + In the above example, FRODO is the Samba server and SLACK is the MS Windows NT4 Workstation. + The first listing shows the contents of the Local Name Table (ie: Identity information on + the MS Windows workstation), the second shows the NetBIOS name in the NetBIOS name cache. + The name cache contains the remote machines known to this workstation. + + + + diff --git a/docs/docbook/projdoc/VFS.xml b/docs/docbook/projdoc/VFS.xml index 225411b427..51dd32fe64 100644 --- a/docs/docbook/projdoc/VFS.xml +++ b/docs/docbook/projdoc/VFS.xml @@ -9,19 +9,25 @@ Stackable VFS modules -Introduction and configuration +Features and Benefits -Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. +Since Samba-3, there is support for stackable VFS(Virtual File System) modules. Samba passes each request to access the unix file system thru the loaded VFS modules. This chapter covers all the modules that come with the samba source and references to some external modules. + + + + +Discussion + -You may have problems to compile these modules, as shared libraries are -compiled and linked in different ways on different systems. -They currently have been tested against GNU/linux and IRIX. +If not supplied with your platform distribution binary Samba package you may have problems +to compile these modules, as shared libraries are compiled and linked in different ways +on different systems. They currently have been tested against GNU/Linux and IRIX. @@ -30,14 +36,14 @@ important parameter is the vfs object parameter which must po the exact pathname of the shared library objects. For example, to log all access to files and use a recycle bin: - + [audit] comment = Audited /data directory path = /data vfs object = /path/to/audit.so /path/to/recycle.so writeable = yes browseable = yes - + @@ -54,117 +60,135 @@ the Samba Developers Guide. Included modules - -audit -A simple module to audit file access to the syslog -facility. The following operations are logged: - -share -connect/disconnect -directory opens/create/remove -file open/close/rename/unlink/chmod - - - - - -extd_audit - -This module is identical with the audit module above except -that it sends audit logs to both syslog as well as the smbd log file/s. The -loglevel for this module is set in the smb.conf file. - - - -The logging information that will be written to the smbd log file is controlled by -the log level parameter in smb.conf. The -following information will be recorded: - - -Extended Auditing Log Information - - - Log LevelLog Details - File and Directory Operations - - - 0Creation / Deletion - 1Create / Delete / Rename / Permission Changes - 2Create / Delete / Rename / Perm Change / Open / Close - - -
- -
- - -recycle - -A recycle-bin like module. When used any unlink call -will be intercepted and files moved to the recycle -directory instead of being deleted. - - -Supported options: - - - vfs_recycle_bin:repository - FIXME - - - - vfs_recycle_bin:keeptree - FIXME - - - - vfs_recycle_bin:versions - FIXME - - - - vfs_recycle_bin:touch - FIXME - - - - vfs_recycle_bin:maxsize - FIXME - - - - vfs_recycle_bin:exclude - FIXME - - - - vfs_recycle_bin:exclude_dir - FIXME - - - - vfs_recycle_bin:noversions - FIXME - - - - - - - -netatalk - -A netatalk module, that will ease co-existence of samba and -netatalk file sharing services. - - -Advantages compared to the old netatalk module: - -it doesn't care about creating of .AppleDouble forks, just keeps them in sync -if share in smb.conf doesn't contain .AppleDouble item in hide or veto list, it will be added automatically - - - - + + audit + + + A simple module to audit file access to the syslog + facility. The following operations are logged: + + share + connect/disconnect + directory opens/create/remove + file open/close/rename/unlink/chmod + + + + + + + extd_audit + + + This module is identical with the audit module above except + that it sends audit logs to both syslog as well as the smbd log file/s. The + loglevel for this module is set in the smb.conf file. + + + + The logging information that will be written to the smbd log file is controlled by + the log level parameter in smb.conf. The + following information will be recorded: + + + Extended Auditing Log Information + + + Log LevelLog Details - File and Directory Operations + + + 0Creation / Deletion + 1Create / Delete / Rename / Permission Changes + 2Create / Delete / Rename / Perm Change / Open / Close + + +
+ +
+ + + fake_perms + + + This module was created to allow Roaming Profile files and directories to be set (on the Samba server + under Unix) as read only. This module will if installed on the Profiles share will report to the client + that the Profile files and directories are writable. This satisfies the client even though the files + will never be overwritten as the client logs out or shuts down. + + + + + + recycle + + + A recycle-bin like module. When used any unlink call + will be intercepted and files moved to the recycle + directory instead of being deleted. + + + Supported options: + + + vfs_recycle_bin:repository + FIXME + + + + vfs_recycle_bin:keeptree + FIXME + + + + vfs_recycle_bin:versions + FIXME + + + + vfs_recycle_bin:touch + FIXME + + + + vfs_recycle_bin:maxsize + FIXME + + + + vfs_recycle_bin:exclude + FIXME + + + + vfs_recycle_bin:exclude_dir + FIXME + + + + vfs_recycle_bin:noversions + FIXME + + + + + + + + netatalk + + + A netatalk module, that will ease co-existence of samba and + netatalk file sharing services. + + + Advantages compared to the old netatalk module: + + it doesn't care about creating of .AppleDouble forks, just keeps them in sync + if share in smb.conf doesn't contain .AppleDouble item in hide or veto list, it will be added automatically + + + +
@@ -183,48 +207,56 @@ No statemets about the stability or functionality of any module should be implied due to its presence here.
- -DatabaseFS + + DatabaseFS - -URL: http://www.css.tayloru.edu/~elorimer/databasefs/index.php - + + URL: http://www.css.tayloru.edu/~elorimer/databasefs/index.php + -By Eric Lorimer. + By Eric Lorimer. - -I have created a VFS module which implements a fairly complete read-only -filesystem. It presents information from a database as a filesystem in -a modular and generic way to allow different databases to be used -(originally designed for organizing MP3s under directories such as -"Artists," "Song Keywords," etc... I have since applied it to a student -roster database very easily). The directory structure is stored in the -database itself and the module makes no assumptions about the database -structure beyond the table it requires to run. - + + I have created a VFS module which implements a fairly complete read-only + filesystem. It presents information from a database as a filesystem in + a modular and generic way to allow different databases to be used + (originally designed for organizing MP3s under directories such as + "Artists," "Song Keywords," etc... I have since applied it to a student + roster database very easily). The directory structure is stored in the + database itself and the module makes no assumptions about the database + structure beyond the table it requires to run. + - -Any feedback would be appreciated: comments, suggestions, patches, -etc... If nothing else, hopefully it might prove useful for someone -else who wishes to create a virtual filesystem. - + + Any feedback would be appreciated: comments, suggestions, patches, + etc... If nothing else, hopefully it might prove useful for someone + else who wishes to create a virtual filesystem. + - + - -vscan -URL: http://www.openantivirus.org/ + + vscan - -samba-vscan is a proof-of-concept module for Samba, which -uses the VFS (virtual file system) features of Samba 2.2.x/3.0 -alphaX. Of couse, Samba has to be compiled with VFS support. -samba-vscan supports various virus scanners and is maintained -by Rainer Link. - + URL: http://www.openantivirus.org/ - + + samba-vscan is a proof-of-concept module for Samba, which + uses the VFS (virtual file system) features of Samba 2.2.x/3.0 + alphaX. Of couse, Samba has to be compiled with VFS support. + samba-vscan supports various virus scanners and is maintained + by Rainer Link. + +
+ +Common Errors + + +There must be some gotchas we should record here! Jelmer??? + + + diff --git a/docs/docbook/projdoc/msdfs_setup.xml b/docs/docbook/projdoc/msdfs_setup.xml index a86cd74235..cd2d41794f 100644 --- a/docs/docbook/projdoc/msdfs_setup.xml +++ b/docs/docbook/projdoc/msdfs_setup.xml @@ -14,103 +14,108 @@ 12 Jul 2000 - Hosting a Microsoft Distributed File System tree on Samba - - Instructions - - The Distributed File System (or Dfs) provides a means of - separating the logical view of files and directories that users - see from the actual physical locations of these resources on the - network. It allows for higher availability, smoother storage expansion, - load balancing etc. For more information about Dfs, refer to - Microsoft documentation. - - This document explains how to host a Dfs tree on a Unix - machine (for Dfs-aware clients to browse) using Samba. - - To enable SMB-based DFS for Samba, configure it with the - --with-msdfs option. Once built, a - Samba server can be made a Dfs server by setting the global - boolean - host msdfs parameter in the smb.conf - file. You designate a share as a Dfs root using the share - level boolean - msdfs root parameter. A Dfs root directory on - Samba hosts Dfs links in the form of symbolic links that point - to other servers. For example, a symbolic link - junction->msdfs:storage1\share1 in - the share directory acts as the Dfs junction. When Dfs-aware - clients attempt to access the junction link, they are redirected - to the storage location (in this case, \\storage1\share1). - - Dfs trees on Samba work with all Dfs-aware clients ranging - from Windows 95 to 2000. +Features and Benefits + + + The Distributed File System (or DFS) provides a means of separating the logical + view of files and directories that users see from the actual physical locations + of these resources on the network. It allows for higher availability, smoother + storage expansion, load balancing etc. + + + + For information about DFS, refer to + + Microsoft documentation at http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp. + + + + This document explains how to host a DFS tree on a Unix machine (for DFS-aware + clients to browse) using Samba. + + + + To enable SMB-based DFS for Samba, configure it with the --with-msdfs + option. Once built, a Samba server can be made a DFS server by setting the global + boolean host msdfs + parameter in the smb.conf file. You designate a share as a DFS + root using the share level boolean + msdfs root parameter. A DFS root directory on Samba hosts DFS + links in the form of symbolic links that point to other servers. For example, a symbolic link + junction->msdfs:storage1\share1 in the share directory acts + as the DFS junction. When DFS-aware clients attempt to access the junction link, + they are redirected to the storage location (in this case, \\storage1\share1). + + + + DFS trees on Samba work with all DFS-aware clients ranging from Windows 95 to 200x. + - Here's an example of setting up a Dfs tree on a Samba - server. + + Here's an example of setting up a DFS tree on a Samba server. + - + # The smb.conf file: [global] - netbios name = SAMBA + netbios name = SMOKEY host msdfs = yes [dfs] path = /export/dfsroot msdfs root = yes - - - - In the /export/dfsroot directory we set up our dfs links to - other servers on the network. - - root# cd /export/dfsroot - root# chown root /export/dfsroot - root# chmod 755 /export/dfsroot - root# ln -s msdfs:storageA\\shareA linka - root# ln -s msdfs:serverB\\share,serverC\\share linkb - + + + + In the /export/dfsroot directory we set up our dfs links to other servers on the network. + + + + + &rootprompt;cd /export/dfsroot + &rootprompt;chown root /export/dfsroot + &rootprompt;chmod 755 /export/dfsroot + &rootprompt;ln -s msdfs:storageA\\shareA linka + &rootprompt;ln -s msdfs:serverB\\share,serverC\\share linkb + + You should set up the permissions and ownership of - the directory acting as the Dfs root such that only designated + the directory acting as the DFS root such that only designated users can create, delete or modify the msdfs links. Also note that symlink names should be all lowercase. This limitation exists to have Samba avoid trying all the case combinations to get at the link name. Finally set up the symbolic links to point to the network shares you want, and start Samba. - Users on Dfs-aware clients can now browse the Dfs tree + Users on DFS-aware clients can now browse the DFS tree on the Samba server at \\samba\dfs. Accessing links linka or linkb (which appear as directories to the client) takes users directly to the appropriate shares on the network. - - - Notes - - - Windows clients need to be rebooted - if a previously mounted non-dfs share is made a dfs - root or vice versa. A better way is to introduce a - new share and make it the dfs root. - - - Currently there's a restriction that msdfs - symlink names should all be lowercase. - - - For security purposes, the directory - acting as the root of the Dfs tree should have ownership - and permissions set so that only designated users can - modify the symbolic links in the directory. - - - + +Common Errors + + Windows clients need to be rebooted + if a previously mounted non-dfs share is made a dfs + root or vice versa. A better way is to introduce a + new share and make it the dfs root. + + + Currently there's a restriction that msdfs + symlink names should all be lowercase. + + + For security purposes, the directory + acting as the root of the DFS tree should have ownership + and permissions set so that only designated users can + modify the symbolic links in the directory. + + + - diff --git a/docs/docbook/projdoc/winbind.xml b/docs/docbook/projdoc/winbind.xml index cb6a56687d..b588d162d1 100644 --- a/docs/docbook/projdoc/winbind.xml +++ b/docs/docbook/projdoc/winbind.xml @@ -18,6 +18,7 @@ &author.jelmer; + &author.jht; 27 June 2002 @@ -25,7 +26,7 @@ Unified Logons between Windows NT and UNIX using Winbind - Abstract + Features and Benefits Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous @@ -337,8 +338,8 @@ the winbind services which come with SAMBA 3.0. Introduction -This HOWTO describes the procedures used to get winbind up and -running on my RedHat 7.1 system. Winbind is capable of providing access +This section describes the procedures used to get winbind up and +running on a RedHat 7.1 system. Winbind is capable of providing access and authentication control for Windows Domain users through an NT or Win2K PDC for 'regular' services, such as telnet a nd ftp, as well for SAMBA services. @@ -1124,7 +1125,19 @@ configured in the pam.conf. - Limitations +Conclusion + + The winbind system, through the use of the Name Service + Switch, Pluggable Authentication Modules, and appropriate + Microsoft RPC calls have allowed us to provide seamless + integration of Microsoft Windows NT domain users on a + UNIX system. The result is a great reduction in the administrative + cost of running a mixed UNIX and NT network. + + + + +Common Errors Winbind has a number of limitations in its current released version that we hope to overcome in future @@ -1153,17 +1166,4 @@ configured in the pam.conf. - - - Conclusion - - The winbind system, through the use of the Name Service - Switch, Pluggable Authentication Modules, and appropriate - Microsoft RPC calls have allowed us to provide seamless - integration of Microsoft Windows NT domain users on a - UNIX system. The result is a great reduction in the administrative - cost of running a mixed UNIX and NT network. - - - -- cgit