From 147e2a82531b68b8964defe0ebd26f62d7531027 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 28 Aug 2002 08:43:04 +0000 Subject: Adding new series of text-to-sgml converted files. Removed OS2-Client-HOWTO and put it into Other-Clients.sgml (This used to be commit 076f34af8e5af7fb2d07b724522ef77f33559c82) --- docs/docbook/Makefile.in | 11 +- docs/docbook/devdoc/NetBIOS.sgml | 154 ++++++++++++ docs/docbook/devdoc/dev-doc.sgml | 44 ++++ docs/docbook/manpages/smbtar.1.sgml | 2 +- docs/docbook/manpages/vfstest.1.sgml | 3 +- docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml | 78 ++++++ docs/docbook/projdoc/OS2-Client-HOWTO.sgml | 142 ----------- docs/docbook/projdoc/Other-Clients.sgml | 332 ++++++++++++++++++++++++++ docs/docbook/projdoc/Portability.sgml | 148 ++++++++++++ docs/docbook/projdoc/samba-doc.sgml | 8 +- 10 files changed, 773 insertions(+), 149 deletions(-) create mode 100644 docs/docbook/devdoc/NetBIOS.sgml create mode 100644 docs/docbook/devdoc/dev-doc.sgml create mode 100644 docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml delete mode 100644 docs/docbook/projdoc/OS2-Client-HOWTO.sgml create mode 100644 docs/docbook/projdoc/Other-Clients.sgml create mode 100644 docs/docbook/projdoc/Portability.sgml (limited to 'docs/docbook') diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index 612c495135..f1fb97d1e2 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -50,7 +50,8 @@ all: @echo "manpages - Build manpages" @echo "ps - Build PostScript version of HOWTO Collection" @echo "pdf - Build PDF version of HOWTO Collection" - @echo "html-single - Build single HTML version of HOWTO Collection" + @echo -n "html-single - Build single file HTML version of HOWTO Collection" + @echo "and developers guide" @echo "html - Build HTML version of HOWTO Collection and manpages" @echo "txt - Build plain text version of HOWTO Collection" @@ -58,8 +59,8 @@ manpages: $(MANPAGES) pdf: ../Samba-HOWTO-Collection.pdf ps: ../Samba-HOWTO-Collection.ps txt: ../Samba-HOWTO-Collection.txt -html: $(HTMLDIR)/samba-doc.html -html-single: ../Samba-HOWTO-Collection.html $(MANPAGES_HTML) +html: $(HTMLDIR)/samba-doc.html $(MANPAGES_HTML) +html-single: ../Samba-HOWTO-Collection.html ../Samba-Developers-Guide.html ../Samba-HOWTO-Collection.txt: $(SGMLDIR)/samba-doc.sgml $(DOCBOOK2TXT) -o .. $< @@ -76,6 +77,10 @@ html-single: ../Samba-HOWTO-Collection.html $(MANPAGES_HTML) $(DOCBOOK2HTML) -u -o .. $< mv ../samba-doc.html $@ +../Samba-Developers-Guide.html: devdoc/dev-doc.sgml + $(DOCBOOK2HTML) -u -o .. $< + mv ../dev-doc.html $@ + $(HTMLDIR)/samba-doc.html: $(SGMLDIR)/samba-doc.sgml $(DOCBOOK2HTML) -o $(HTMLDIR) $< diff --git a/docs/docbook/devdoc/NetBIOS.sgml b/docs/docbook/devdoc/NetBIOS.sgml new file mode 100644 index 0000000000..ec9d3af563 --- /dev/null +++ b/docs/docbook/devdoc/NetBIOS.sgml @@ -0,0 +1,154 @@ + + + + LukeLeighton + + 12 June 1997 + + +Definition of NetBIOS Protocol and Name Resolution Modes + + +NETBIOS + + +NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX. +Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS +Session Service NetBIOS Datagram Service, and NetBIOS Names, see +rfc1001.txt and rfc1002.txt. + + + +NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS +datagrams to be sent out over the 'wire' embedded within LLC frames. +NetBEUI is not required when using NetBIOS over TCP/IP protocols and it +is preferable NOT to install NetBEUI if it can be avoided. + + + +IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is +preferable NOT to install the IPX/SPX transport unless you are using Novell +servers. At the very least, it is recommended that you do not install +'NetBIOS over IPX/SPX'. + + + +[When installing Windows 95, you will find that NetBEUI and IPX/SPX are +installed as the default protocols. This is because they are the simplest +to manage: no Windows 95 user-configuration is required]. + + + +NetBIOS applications (such as samba) offer their services (for example, +SMB file and print sharing) on a NetBIOS name. They must claim this name +on the network before doing so. The NetBIOS session service will then +accept connections on the application's behalf (on the NetBIOS name +claimed by the application). A NetBIOS session between the application +and the client can then commence. + + + +NetBIOS names consist of 15 characters plus a 'type' character. This is +similar, in concept, to an IP address and a TCP port number, respectively. +A NetBIOS-aware application on a host will offer different services under +different NetBIOS name types, just as a host will offer different TCP/IP +services on different port numbers. + + + +NetBIOS names must be claimed on a network, and must be defended. The use +of NetBIOS names is most suitable on a single subnet; a Local Area Network +or a Wide Area Network. + + + +NetBIOS names are either UNIQUE or GROUP. Only one application can claim a +UNIQUE NetBIOS name on a network. + + + +There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point. + + + + + +BROADCAST NetBIOS + + +Clients can claim names, and therefore offer services on successfully claimed +names, on their broadcast-isolated subnet. One way to get NetBIOS services +(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and +SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make +your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. + + + +This, however, is not recommended. If you have a large LAN or WAN, you will +find that some of your hosts spend 95 percent of their time dealing with +broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find +that this is already happening: a packet analyzer will show, roughly +every twelve minutes, great swathes of broadcast traffic!]. + + + + + +NBNS NetBIOS + + +rfc1001.txt describes, amongst other things, the implementation and use +of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service' +which is fully rfc1001/2 compliant, but has had to take specific action +with certain NetBIOS names in order to make it useful. (for example, it +deals with the registration of <1c> <1d> <1e> names all in different ways. +I recommend the reading of the Microsoft WINS Server Help files for full +details). + + + +The use of a WINS server cuts down on broadcast network traffic for +NetBIOS name resolution. It has the effect of pulling all the broadcast +isolated subnets together into a single NetBIOS scope, across your LAN +or WAN, while avoiding the use of TCP/IP broadcast packets. + + + +When you have a WINS server on your LAN, WINS clients will be able to +contact the WINS server to resolve NetBIOS names. Note that only those +WINS clients that have registered with the same WINS server will be +visible. The WINS server _can_ have static NetBIOS entries added to its +database (usually for security reasons you might want to consider putting +your domain controllers or other important servers as static entries, +but you should not rely on this as your sole means of security), but for +the most part, NetBIOS names are registered dynamically. + + + +This provides some confusion for lots of people, and is worth mentioning +here: a Browse Server is NOT a WINS Server, even if these services are +implemented in the same application. A Browse Server _needs_ a WINS server +because a Browse Server is a WINS client, which is _not_ the same thing]. + + + +Clients can claim names, and therefore offer services on successfully claimed +names, on their broadcast-isolated subnet. One way to get NetBIOS services +(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and +SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make +your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. +You will find, however, if you do this on a large LAN or a WAN, that your +network is completely swamped by NetBIOS and browsing packets, which is why +WINS was developed to minimise the necessity of broadcast traffic. + + + +WINS Clients therefore claim names from the WINS server. If the WINS +server allows them to register a name, the client's NetBIOS session service +can then offer services on this name. Other WINS clients will then +contact the WINS server to resolve a NetBIOS name. + + + + + diff --git a/docs/docbook/devdoc/dev-doc.sgml b/docs/docbook/devdoc/dev-doc.sgml new file mode 100644 index 0000000000..f84c129f00 --- /dev/null +++ b/docs/docbook/devdoc/dev-doc.sgml @@ -0,0 +1,44 @@ + +]> + + + +SAMBA Deverlopers Guide + + + + SAMBA Team + +
samba@samba.org
+
+ + +Abstract + + +Last Update : Mon aug 26 12:41:19 CEST 2002 + + + +This book is a collection of documents that might be useful for +people developing samba or those interested in doing so. +than one person can maintain. The most recent version of this document +can be found at http://www.samba.org/ +on the "Documentation" page. Please send updates to jerry@samba.org. + + + +This documentation is distributed under the GNU General Public License (GPL) +version 2. A copy of the license is included with the Samba source +distribution. A copy can be found on-line at http://www.fsf.org/licenses/gpl.txt + + + + + +&NetBIOS; + +
diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.sgml index 4e2ee5fff0..d1585d7ca3 100644 --- a/docs/docbook/manpages/smbtar.1.sgml +++ b/docs/docbook/manpages/smbtar.1.sgml @@ -190,7 +190,7 @@ VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. diff --git a/docs/docbook/manpages/vfstest.1.sgml b/docs/docbook/manpages/vfstest.1.sgml index fe1d7560d0..11878c1c89 100644 --- a/docs/docbook/manpages/vfstest.1.sgml +++ b/docs/docbook/manpages/vfstest.1.sgml @@ -52,7 +52,8 @@ -d|--debug=debuglevel set the debuglevel. Debug level 0 is the lowest and 100 being the highest. This should be set to 100 if you are - planning on submitting a bug report to the Samba team (see BUGS.txt). + planning on submitting a bug report to the Samba team (see + BUGS.txt). diff --git a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml new file mode 100644 index 0000000000..6d5a019fcb --- /dev/null +++ b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml @@ -0,0 +1,78 @@ + + + + Jean FrançoisMicouleau + + + +Group mapping HOWTO + + +Starting with Samba 3.0 alpha 2, a new group mapping function is available. The +current method (likely to change) to manage the groups is a new command called +smbgroupedit. + + + +The first immediate reason to use the group mapping on a PDC, is that +the domain admin group of smb.conf is +now gone. This parameter was used to give the listed users local admin rights +on their workstations. It was some magic stuff that simply worked but didn't +scale very well for complex setups. + + + +Let me explain how it works on NT/W2K, to have this magic fade away. +When installing NT/W2K on a computer, the installer program creates some users +and groups. Notably the 'Administrators' group, and gives to that group some +privileges like the ability to change the date and time or to kill any process +(or close too) running on the local machine. The 'Administrator' user is a +member of the 'Administrators' group, and thus 'inherit' the 'Administrators' +group privileges. If a 'joe' user is created and become a member of the +'Administrator' group, 'joe' has exactly the same rights as 'Administrator'. + + + +When a NT/W2K machine is joined to a domain, during that phase, the "Domain +Administrators' group of the PDC is added to the 'Administrators' group of the +workstation. Every members of the 'Domain Administrators' group 'inherit' the +rights of the 'Administrators' group when logging on the workstation. + + + +You are now wondering how to make some of your samba PDC users members of the +'Domain Administrators' ? That's really easy. + + + +create a unix group (usually in /etc/group), let's call it domadm +add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in /etc/group will look like: + + +domadm:x:502:joe,john,mary + + + + +Map this domadm group to the domain admins group by running the command: + +smbgroupedit -c "Domain Admins" -u domadm + + + +You're set, joe, john and mary are domain administrators ! + + +Like the Domain Admins group, you can map any arbitrary Unix group to any NT +group. You can also make any Unix group a domain group. For example, on a domain +member machine (an NT/W2K or a samba server running winbind), you would like to +give access to a certain directory to some users who are member of a group on +your samba PDC. Flag that group as a domain group by running: + + +smbgroupedit -a unixgroup -td + +You can list the various groups in the mapping database like this +smbgroupedit -v + + diff --git a/docs/docbook/projdoc/OS2-Client-HOWTO.sgml b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml deleted file mode 100644 index ca7ad6a754..0000000000 --- a/docs/docbook/projdoc/OS2-Client-HOWTO.sgml +++ /dev/null @@ -1,142 +0,0 @@ - - - - - - JimMcDonough - - IBM -
- jerry@samba.org -
-
-
- - - 5 Mar 2001 -
- -OS2 Client HOWTO - - - FAQs - - - How can I configure OS/2 Warp Connect or - OS/2 Warp 4 as a client for Samba? - - A more complete answer to this question can be - found on - http://carol.wins.uva.nl/~leeuw/samba/warp.html. - - Basically, you need three components: - - - The File and Print Client ('IBM Peer') - - TCP/IP ('Internet support') - - The "NetBIOS over TCP/IP" driver ('TCPBEUI') - - - - Installing the first two together with the base operating - system on a blank system is explained in the Warp manual. If Warp - has already been installed, but you now want to install the - networking support, use the "Selective Install for Networking" - object in the "System Setup" folder. - - Adding the "NetBIOS over TCP/IP" driver is not described - in the manual and just barely in the online documentation. Start - MPTS.EXE, click on OK, click on "Configure LAPS" and click - on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line - is then moved to 'Current Configuration'. Select that line, - click on "Change number" and increase it from 0 to 1. Save this - configuration. - - If the Samba server(s) is not on your local subnet, you - can optionally add IP names and addresses of these servers - to the "Names List", or specify a WINS server ('NetBIOS - Nameserver' in IBM and RFC terminology). For Warp Connect you - may need to download an update for 'IBM Peer' to bring it on - the same level as Warp 4. See the webpage mentioned above. - - - - How can I configure OS/2 Warp 3 (not Connect), - OS/2 1.2, 1.3 or 2.x for Samba? - - You can use the free Microsoft LAN Manager 2.2c Client - for OS/2 from - - ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/. - See - http://carol.wins.uva.nl/~leeuw/lanman.html for - more information on how to install and use this client. In - a nutshell, edit the file \OS2VER in the root directory of - the OS/2 boot partition and add the lines: - - - 20=setup.exe - 20=netwksta.sys - 20=netvdd.sys - - - before you install the client. Also, don't use the - included NE2000 driver because it is buggy. Try the NE2000 - or NS2000 driver from - - ftp://ftp.cdrom.com/pub/os2/network/ndis/ instead. - - - - - Are there any other issues when OS/2 (any version) - is used as a client? - - When you do a NET VIEW or use the "File and Print - Client Resource Browser", no Samba servers show up. This can - be fixed by a patch from - http://carol.wins.uva.nl/~leeuw/samba/fix.html. - The patch will be included in a later version of Samba. It also - fixes a couple of other problems, such as preserving long - filenames when objects are dragged from the Workplace Shell - to the Samba server. - - - - How do I get printer driver download working - for OS/2 clients? - - First, create a share called [PRINTDRV] that is - world-readable. Copy your OS/2 driver files there. Note - that the .EA_ files must still be separate, so you will need - to use the original install files, and not copy an installed - driver from an OS/2 system. - - Install the NT driver first for that printer. Then, - add to your smb.conf a parameter, "os2 driver map = - filename". Then, in the file - specified by filename, map the - name of the NT driver name to the OS/2 driver name as - follows: - - <nt driver name> = <os2 driver - name>.<device name>, e.g.: - HP LaserJet 5L = LASERJET.HP LaserJet 5L - - You can have multiple drivers mapped in this file. - - If you only specify the OS/2 driver name, and not the - device name, the first attempt to download the driver will - actually download the files, but the OS/2 client will tell - you the driver is not available. On the second attempt, it - will work. This is fixed simply by adding the device name - to the mapping, after which it will work on the first attempt. - - - - -
- diff --git a/docs/docbook/projdoc/Other-Clients.sgml b/docs/docbook/projdoc/Other-Clients.sgml new file mode 100644 index 0000000000..f790024c3a --- /dev/null +++ b/docs/docbook/projdoc/Other-Clients.sgml @@ -0,0 +1,332 @@ + + + + JimMcDonough + + IBM + + JelmerVernooij + + Samba Team +
jelmer@samba.org
+
+
+ + 5 Mar 2001 +
+ +Samba and other CIFS clients + +This chapter contains client-specific information. + + +Macintosh clients? + + +Yes. Thursby now have a CIFS Client / Server called DAVE - see + + + +They test it against Windows 95, Windows NT and samba for +compatibility issues. At the time of writing, DAVE was at version +1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from +the Thursby web site (the speed of finder copies has been greatly +enhanced, and there are bug-fixes included). + + + +Alternatives - There are two free implementations of AppleTalk for +several kinds of UNIX machnes, and several more commercial ones. +These products allow you to run file services and print services +natively to Macintosh users, with no additional support required on +the Macintosh. The two free omplementations are +Netatalk, and +CAP. +What Samba offers MS +Windows users, these packages offer to Macs. For more info on these +packages, Samba, and Linux (and other UNIX-based systems) see +http://www.eats.com/linux_mac_win.html + + + + + +OS2 Client + + + How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba? + + A more complete answer to this question can be + found on + http://carol.wins.uva.nl/~leeuw/samba/warp.html. + + Basically, you need three components: + + + The File and Print Client ('IBM Peer') + + TCP/IP ('Internet support') + + The "NetBIOS over TCP/IP" driver ('TCPBEUI') + + + + Installing the first two together with the base operating + system on a blank system is explained in the Warp manual. If Warp + has already been installed, but you now want to install the + networking support, use the "Selective Install for Networking" + object in the "System Setup" folder. + + Adding the "NetBIOS over TCP/IP" driver is not described + in the manual and just barely in the online documentation. Start + MPTS.EXE, click on OK, click on "Configure LAPS" and click + on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line + is then moved to 'Current Configuration'. Select that line, + click on "Change number" and increase it from 0 to 1. Save this + configuration. + + If the Samba server(s) is not on your local subnet, you + can optionally add IP names and addresses of these servers + to the "Names List", or specify a WINS server ('NetBIOS + Nameserver' in IBM and RFC terminology). For Warp Connect you + may need to download an update for 'IBM Peer' to bring it on + the same level as Warp 4. See the webpage mentioned above. + + + + How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba? + + You can use the free Microsoft LAN Manager 2.2c Client + for OS/2 from + + ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/. + See + http://carol.wins.uva.nl/~leeuw/lanman.html for + more information on how to install and use this client. In + a nutshell, edit the file \OS2VER in the root directory of + the OS/2 boot partition and add the lines: + + + 20=setup.exe + 20=netwksta.sys + 20=netvdd.sys + + + before you install the client. Also, don't use the + included NE2000 driver because it is buggy. Try the NE2000 + or NS2000 driver from + + ftp://ftp.cdrom.com/pub/os2/network/ndis/ instead. + + + + + Are there any other issues when OS/2 (any version) + is used as a client? + + When you do a NET VIEW or use the "File and Print + Client Resource Browser", no Samba servers show up. This can + be fixed by a patch from + http://carol.wins.uva.nl/~leeuw/samba/fix.html. + The patch will be included in a later version of Samba. It also + fixes a couple of other problems, such as preserving long + filenames when objects are dragged from the Workplace Shell + to the Samba server. + + + + How do I get printer driver download working + for OS/2 clients? + + First, create a share called [PRINTDRV] that is + world-readable. Copy your OS/2 driver files there. Note + that the .EA_ files must still be separate, so you will need + to use the original install files, and not copy an installed + driver from an OS/2 system. + + Install the NT driver first for that printer. Then, + add to your smb.conf a parameter, os2 driver map = + filename". Then, in the file + specified by filename, map the + name of the NT driver name to the OS/2 driver name as + follows: + + nt driver name = os2 "driver + name"."device name", e.g.: + HP LaserJet 5L = LASERJET.HP LaserJet 5L + + You can have multiple drivers mapped in this file. + + If you only specify the OS/2 driver name, and not the + device name, the first attempt to download the driver will + actually download the files, but the OS/2 client will tell + you the driver is not available. On the second attempt, it + will work. This is fixed simply by adding the device name + to the mapping, after which it will work on the first attempt. + + + + + +Windows for Workgroups + + +Use latest TCP/IP stack from Microsoft + +Use the latest TCP/IP stack from microsoft if you use Windows +for workgroups. + +The early TCP/IP stacks had lots of bugs. + + +Microsoft has released an incremental upgrade to their TCP/IP 32-Bit +VxD drivers. The latest release can be found on their ftp site at +ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe. +There is an update.txt file there that describes the problems that were +fixed. New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386, +WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE. + + + + + +Delete .pwl files after password change + + +WfWg does a lousy job with passwords. I find that if I change my +password on either the unix box or the PC the safest thing to do is to +delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password. + + + +If you don't do this you may find that WfWg remembers and uses the old +password, even if you told it a new one. + + + +Often WfWg will totally ignore a password you give it in a dialog box. + + + + + +Configure WfW password handling + + +There is a program call admincfg.exe +on the last disk (disk 8) of the WFW 3.11 disk set. To install it +type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon +for it via the "Progam Manager" "New" Menu. This program allows you +to control how WFW handles passwords. ie disable Password Caching etc +for use with security = user + + + + + +Case handling of passwords + +Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the smb.conf(5) information on password level to specify what characters samba should try to uppercase when checking. + + + + + + +Windows '95/'98 + + +When using Windows 95 OEM SR2 the following updates are recommended where Samba +is being used. Please NOTE that the above change will affect you once these +updates have been installed. + + + +There are more updates than the ones mentioned here. You are referred to the +Microsoft Web site for all currently available updates to your specific version +of Windows 95. + + + +Kernel Update: KRNLUPD.EXE +Ping Fix: PINGUPD.EXE +RPC Update: RPCRTUPD.EXE +TCP/IP Update: VIPUPD.EXE +Redirector Update: VRDRUPD.EXE + + + +Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This +fix may stop your machine from hanging for an extended period when exiting +OutLook and you may also notice a significant speedup when accessing network +neighborhood services. + + + + + +Windows 2000 Service Pack 2 + + +There are several annoyances with Windows 2000 SP2. One of which +only appears when using a Samba server to host user profiles +to Windows 2000 SP2 clients in a Windows domain. This assumes +that Samba is a member of the domain, but the problem will +likely occur if it is not. + + + +In order to server profiles successfully to Windows 2000 SP2 +clients (when not operating as a PDC), Samba must have +nt acl support = no +added to the file share which houses the roaming profiles. +If this is not done, then the Windows 2000 SP2 client will +complain about not being able to access the profile (Access +Denied) and create multiple copies of it on disk (DOMAIN.user.001, +DOMAIN.user.002, etc...). See the +smb.conf(5) man page +for more details on this option. Also note that the +nt acl support parameter was formally a global parameter in +releases prior to Samba 2.2.2. + + + +The following is a minimal profile share: + + + + [profile] + path = /export/profile + create mask = 0600 + directory mask = 0700 + nt acl support = no + read only = no + + + +The reason for this bug is that the Win2k SP2 client copies +the security descriptor for the profile which contains +the Samba server's SID, and not the domain SID. The client +compares the SID for SAMBA\user and realizes it is +different that the one assigned to DOMAIN\user. Hence the reason +for the "access denied" message. + + + +By disabling the nt acl support parameter, Samba will send +the Win2k client a response to the QuerySecurityDescriptor +trans2 call which causes the client to set a default ACL +for the profile. This default ACL includes + + +DOMAIN\user "Full Control" + +NOTE : This bug does not occur when using winbind to +create accounts on the Samba host for Domain users. + + + +
diff --git a/docs/docbook/projdoc/Portability.sgml b/docs/docbook/projdoc/Portability.sgml new file mode 100644 index 0000000000..f2fe66b9dd --- /dev/null +++ b/docs/docbook/projdoc/Portability.sgml @@ -0,0 +1,148 @@ + + + + JelmerVernooij + + + +Portability + +Samba works on a wide range of platforms but the interface all the +platforms provide is not always compatible. This chapter contains +platform-specific information about compiling and using samba. + + +HPUX + + +HP's implementation of supplementary groups is, er, non-standard (for +hysterical reasons). There are two group files, /etc/group and +/etc/logingroup; the system maps UIDs to numbers using the former, but +initgroups() reads the latter. Most system admins who know the ropes +symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons +too stupid to go into here). initgroups() will complain if one of the +groups you're in in /etc/logingroup has what it considers to be an invalid +ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think) +60000 currently on HP-UX. This precludes -2 and 65534, the usual 'nobody' +GIDs. + + + +If you encounter this problem, make sure that the programs that are failing +to initgroups() be run as users not in any groups with GIDs outside the +allowed range. + + +This is documented in the HP manual pages under setgroups(2) and passwd(4). + + + + + +SCO Unix + + +If you run an old version of SCO Unix then you may need to get important +TCP/IP patches for Samba to work correctly. Without the patch, you may +encounter corrupt data transfers using samba. + + + +The patch you need is UOD385 Connection Drivers SLS. It is available from +SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z). + + + + + +DNIX + + +DNIX has a problem with seteuid() and setegid(). These routines are +needed for Samba to work correctly, but they were left out of the DNIX +C library for some reason. + + + +For this reason Samba by default defines the macro NO_EID in the DNIX +section of includes.h. This works around the problem in a limited way, +but it is far from ideal, some things still won't work right. + + + +To fix the problem properly you need to assemble the following two +functions and then either add them to your C library or link them into +Samba. + + + +put this in the file setegid.s: + + + + .globl _setegid +_setegid: + moveq #47,d0 + movl #100,a0 + moveq #1,d1 + movl 4(sp),a1 + trap #9 + bccs 1$ + jmp cerror +1$: + clrl d0 + rts + + + +put this in the file seteuid.s: + + + + .globl _seteuid +_seteuid: + moveq #47,d0 + movl #100,a0 + moveq #0,d1 + movl 4(sp),a1 + trap #9 + bccs 1$ + jmp cerror +1$: + clrl d0 + rts + + + +after creating the above files you then assemble them using + + +as seteuid.s +as setegid.s + + +that should produce the files seteuid.o and +setegid.o + + + +then you need to add these to the LIBSM line in the DNIX section of +the Samba Makefile. Your LIBSM line will then look something like this: + + + +LIBSM = setegid.o seteuid.o -ln + + + +You should then remove the line: + + + +#define NO_EID + + +from the DNIX section of includes.h + + + diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index e407b622de..a50389b7f0 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -6,7 +6,6 @@ - @@ -19,6 +18,9 @@ + + + ]> @@ -78,8 +80,10 @@ Cheers, jerry &Samba-LDAP; &BROWSING; &SPEED; -&OS2-Client; +&Other-Clients; &CVS-Access; &BUGS; +&GROUP-MAPPING-HOWTO; +&Portability; -- cgit