From af733342552ca6687a21f0a765993fb0e41059ed Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 15 Oct 2002 18:02:23 +0000 Subject: Convert BROWSING-Config.txt to SGML (This used to be commit 0b34832e33fbd81cec88730d671ca91abe6cc382) --- docs/docbook/projdoc/Browsing-Quickguide.sgml | 280 ++++++++++++++++++++++++++ docs/docbook/projdoc/samba-doc.sgml | 10 +- 2 files changed, 287 insertions(+), 3 deletions(-) create mode 100644 docs/docbook/projdoc/Browsing-Quickguide.sgml (limited to 'docs/docbook') diff --git a/docs/docbook/projdoc/Browsing-Quickguide.sgml b/docs/docbook/projdoc/Browsing-Quickguide.sgml new file mode 100644 index 0000000000..deb431020d --- /dev/null +++ b/docs/docbook/projdoc/Browsing-Quickguide.sgml @@ -0,0 +1,280 @@ + + + + JohnTerpstra + + July 5, 1998 + + +Quick Cross Subnet Browsing / Cross Workgroup Browsing guide + + +This document should be read in conjunction with Browsing and may +be taken as the fast track guide to implementing browsing across subnets +and / or across workgroups (or domains). WINS is the best tool for resolution +of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling +except by way of name to address mapping. + + + +Discussion + + +Firstly, all MS Windows networking is based on SMB (Server Message +Block) based messaging. SMB messaging is implemented using NetBIOS. Samba +implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can +do likewise. NetBIOS based networking uses broadcast messaging to affect +browse list management. When running NetBIOS over TCP/IP this uses UDP +based messaging. UDP messages can be broadcast or unicast. + + + +Normally, only unicast UDP messaging can be forwarded by routers. The +"remote announce" parameter to smb.conf helps to project browse announcements +to remote network segments via unicast UDP. Similarly, the "remote browse sync" +parameter of smb.conf implements browse list collation using unicast UDP. + + + +Secondly, in those networks where Samba is the only SMB server technology +wherever possible nmbd should be configured on one (1) machine as the WINS +server. This makes it easy to manage the browsing environment. If each network +segment is configured with it's own Samba WINS server, then the only way to +get cross segment browsing to work is by using the "remote announce" and +the "remote browse sync" parameters to your smb.conf file. + + + +If only one WINS server is used then the use of the "remote announce" and the +"remote browse sync" parameters should NOT be necessary. + + + +Samba WINS does not support MS-WINS replication. This means that when setting up +Samba as a WINS server there must only be one nmbd configured as a WINS server +on the network. Some sites have used multiple Samba WINS servers for redundancy +(one server per subnet) and then used "remote browse sync" and "remote announce" +to affect browse list collation across all segments. Note that this means +clients will only resolve local names, and must be configured to use DNS to +resolve names on other subnets in order to resolve the IP addresses of the +servers they can see on other subnets. This setup is not recommended, but is +mentioned as a practical consideration (ie: an 'if all else fails' scenario). + + + +Lastly, take note that browse lists are a collection of unreliable broadcast +messages that are repeated at intervals of not more than 15 minutes. This means +that it will take time to establish a browse list and it can take up to 45 +minutes to stabilise, particularly across network segments. + + + + + +Use of the "Remote Announce" parameter + +The "remote announce" parameter of smb.conf can be used to forcibly ensure +that all the NetBIOS names on a network get announced to a remote network. +The syntax of the "remote announce" parameter is: + + remote announce = a.b.c.d [e.f.g.h] ... + +_or_ + + remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ... + + +where: + +a.b.c.d and e.f.g.h +is either the LMB (Local Master Browser) IP address +or the broadcst address of the remote network. +ie: the LMB is at 192.168.1.10, or the address +could be given as 192.168.1.255 where the netmask +is assumed to be 24 bits (255.255.255.0). +When the remote announcement is made to the broadcast +address of the remote network every host will receive +our announcements. This is noisy and therefore +undesirable but may be necessary if we do NOT know +the IP address of the remote LMB. + + + +WORKGROUP +is optional and can be either our own workgroup +or that of the remote network. If you use the +workgroup name of the remote network then our +NetBIOS machine names will end up looking like +they belong to that workgroup, this may cause +name resolution problems and should be avoided. + + + + + + + +Use of the "Remote Browse Sync" parameter + + +The "remote browse sync" parameter of smb.conf is used to announce to +another LMB that it must synchronise it's NetBIOS name list with our +Samba LMB. It works ONLY if the Samba server that has this option is +simultaneously the LMB on it's network segment. + + + +The syntax of the "remote browse sync" parameter is: + + remote browse sync = a.b.c.d + + +where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment. + + + + + +Use of WINS + + +Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly +recommended. Every NetBIOS machine registers it's name together with a +name_type value for each of of several types of service it has available. +eg: It registers it's name directly as a unique (the type 0x03) name. +It also registers it's name if it is running the lanmanager compatible +server service (used to make shares and printers available to other users) +by registering the server (the type 0x20) name. + + + +All NetBIOS names are up to 15 characters in length. The name_type variable +is added to the end of the name - thus creating a 16 character name. Any +name that is shorter than 15 characters is padded with spaces to the 15th +character. ie: All NetBIOS names are 16 characters long (including the +name_type information). + + + +WINS can store these 16 character names as they get registered. A client +that wants to log onto the network can ask the WINS server for a list +of all names that have registered the NetLogon service name_type. This saves +broadcast traffic and greatly expedites logon processing. Since broadcast +name resolution can not be used across network segments this type of +information can only be provided via WINS _or_ via statically configured +"lmhosts" files that must reside on all clients in the absence of WINS. + + + +WINS also serves the purpose of forcing browse list synchronisation by all +LMB's. LMB's must synchronise their browse list with the DMB (domain master +browser) and WINS helps the LMB to identify it's DMB. By definition this +will work only within a single workgroup. Note that the domain master browser +has NOTHING to do with what is referred to as an MS Windows NT Domain. The +later is a reference to a security environment while the DMB refers to the +master controller for browse list information only. + + + +Use of WINS will work correctly only if EVERY client TCP/IP protocol stack +has been configured to use the WINS server/s. Any client that has not been +configured to use the WINS server will continue to use only broadcast based +name registration so that WINS may NEVER get to know about it. In any case, +machines that have not registered with a WINS server will fail name to address +lookup attempts by other clients and will therefore cause workstation access +errors. + + + +To configure Samba as a WINS server just add "wins support = yes" to the +smb.conf file [globals] section. + + + +To configure Samba to register with a WINS server just add +"wins server = a.b.c.d" to your smb.conf file [globals] section. + + + +DO NOT EVER use both "wins support = yes" together with "wins server = a.b.c.d" +particularly not using it's own IP address. + + + + + +Do NOT use more than one (1) protocol on MS Windows machines + + +A very common cause of browsing problems results from installing more than +one protocol on an MS Windows machine. + + + +Every NetBIOS machine take part in a process of electing the LMB (and DMB) +every 15 minutes. A set of election criteria is used to determine the order +of precidence for winning this election process. A machine running Samba or +Windows NT will be biased so that the most suitable machine will predictably +win and thus retain it's role. + + + +The election process is "fought out" so to speak over every NetBIOS network +interface. In the case of a Windows 9x machine that has both TCP/IP and IPX +installed and has NetBIOS enabled over both protocols the election will be +decided over both protocols. As often happens, if the Windows 9x machine is +the only one with both protocols then the LMB may be won on the NetBIOS +interface over the IPX protocol. Samba will then lose the LMB role as Windows +9x will insist it knows who the LMB is. Samba will then cease to function +as an LMB and thus browse list operation on all TCP/IP only machines will +fail. + + + +The safest rule of all to follow it this - USE ONLY ONE PROTOCOL! + + + + + +Name Resolution Order + + +Resolution of NetBIOS names to IP addresses can take place using a number +of methods. The only ones that can provide NetBIOS name_type information +are: + +WINS: the best tool! +LMHOSTS: is static and hard to maintain. +Broadcast: uses UDP and can not resolve names across remote segments. + + + + +Alternative means of name resolution includes: + +/etc/hosts: is static, hard to maintain, and lacks name_type info +DNS: is a good choice but lacks essential name_type info. + + + + +Many sites want to restrict DNS lookups and want to avoid broadcast name +resolution traffic. The "name resolve order" parameter is of great help here. +The syntax of the "name resolve order" parameter is: + + name resolve order = wins lmhosts bcast host + +_or_ + + name resolve order = wins lmhosts (eliminates bcast and host) + +The default is: + + name resolve order = host lmhost wins bcast +. +where "host" refers the the native methods used by the Unix system +to implement the gethostbyname() function call. This is normally +controlled by /etc/host.conf, /etc/nsswitch.conf and /etc/resolv.conf. + + diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index 6fb77750e7..f20849edbf 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -18,13 +18,14 @@ + ]> - + SAMBA Project Documentation @@ -66,7 +67,6 @@ Cheers, jerry &UNIX-INSTALL; -&Diagnosis; &IntegratingWithWindows; &Samba-PAM; &MS-Dfs-Setup; @@ -81,11 +81,15 @@ Cheers, jerry &Samba-LDAP; &ADS-HOWTO; &BROWSING; +&BROWSING-Quick; &SPEED; -&Other-Clients; &CVS-Access; &BUGS; &GROUP-MAPPING-HOWTO; + + &Portability; +&Other-Clients; +&Diagnosis; -- cgit From 03a709902c0b9c8a1ede786cd4f5ee70c5bebaaa Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 15 Oct 2002 20:13:43 +0000 Subject: Add info on chpass on *BSD systems (thanks Krzysztof Kowalik ) (This used to be commit 5a81ac79dbf40eee3c506cd11d473a1fcfd38df0) --- docs/docbook/projdoc/Samba-PDC-HOWTO.sgml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/docbook') diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml index 5b21e0a535..25a9783277 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml @@ -341,6 +341,12 @@ nickname" -s /bin/false machine_name$ < root# passwd -l machine_name$ +On *BSD systems, this can be done using the 'chpass' utility: + + +root# chpass -a "machine_name$:*:101:100::0:0:Workstation machine_name:/dev/null:/sbin/nologin" + + The /etc/passwd entry will list the machine name with a "$" appended, won't have a password, will have a null shell and no -- cgit From 0a12f1af0b2fb22f65d64cb792a074bcb4e5527a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 15 Oct 2002 20:53:27 +0000 Subject: make_smbcodepage and make_unicodemap are gone in HEAD (This used to be commit ef40bde4344a19fcc61d6d1719c1c87970445139) --- docs/docbook/manpages/make_smbcodepage.1.sgml | 197 -------------------------- docs/docbook/manpages/make_unicodemap.1.sgml | 172 ---------------------- 2 files changed, 369 deletions(-) delete mode 100644 docs/docbook/manpages/make_smbcodepage.1.sgml delete mode 100644 docs/docbook/manpages/make_unicodemap.1.sgml (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/make_smbcodepage.1.sgml b/docs/docbook/manpages/make_smbcodepage.1.sgml deleted file mode 100644 index 774b3d8f8b..0000000000 --- a/docs/docbook/manpages/make_smbcodepage.1.sgml +++ /dev/null @@ -1,197 +0,0 @@ - - - - - make_smbcodepage - 1 - - - - - make_smbcodepage - construct a codepage file for Samba - - - - - make_smbcodepage - c|d - codepage - inputfile - outputfile - - - - - DESCRIPTION - - This tool is part of the - Samba suite. - - make_smbcodepage compiles or de-compiles - codepage files for use with the internationalization features - of Samba 2.2 - - - - - - OPTIONS - - - - c|d - This tells make_smbcodepage - if it is compiling (c) a text format code - page file to binary, or (d) de-compiling - a binary codepage file to text. - - - - codepage - This is the codepage we are processing (a - number, e.g. 850). - - - - - inputfile - This is the input file to process. In - the c case, this will be a text - codepage definition file such as the ones found in the Samba - source/codepages directory. In - the d case, this will be the - binary format codepage definition file normally found in - the lib/codepages directory in the - Samba install directory path. - - - - - outputfile - This is the output file to produce. - - - - - - Samba Codepage Files - - A text Samba codepage definition file is a description - that tells Samba how to map from upper to lower case for - characters greater than ascii 127 in the specified DOS code page. - Note that for certain DOS codepages (437 for example) mapping - from lower to upper case may be non-symmetrical. For example, in - code page 437 lower case a acute maps to a plain upper case A - when going from lower to upper case, but plain upper case A maps - to plain lower case a when lower casing a character. - - A binary Samba codepage definition file is a binary - representation of the same information, including a value that - specifies what codepage this file is describing. - - As Samba does not yet use UNICODE (current for Samba version 2.2) - you must specify the client code page that your DOS and Windows - clients are using if you wish to have case insensitivity done - correctly for your particular language. The default codepage Samba - uses is 850 (Western European). Text codepage definition sample files - are provided in the Samba distribution for codepages 437 (USA), 737 (Greek), - 850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic), - 932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional - Chinese). Users are encouraged to write text codepage definition files for - their own code pages and donate them to samba@samba.org. All codepage files - in the Samba source/codepages directory are - compiled and installed when a 'make install' - command is issued there. - - The client codepage used by the smbd server - is configured using the client code page parameter - in the smb.conf file. - - - - - Files - - codepage_def.<codepage> - - These are the input (text) codepage files provided in the - Samba source/codepages directory. - - A text codepage definition file consists of multiple lines - containing four fields. These fields are: - - - lower: which is the - (hex) lower case character mapped on this line. - - - upper: which is the (hex) - upper case character that the lower case character will map to. - - - map upper to lower which - is a boolean value (put either True or False here) which tells - Samba if it is to map the given upper case character to the - given lower case character when lower casing a filename. - - - map lower to upper which - is a boolean value (put either True or False here) which tells - Samba if it is to map the given lower case character to the - given upper case character when upper casing a filename. - - - - - codepage.<codepage> - These are the - output (binary) codepage files produced and placed in the Samba - destination lib/codepage directory. - - - - Installation - - The location of the server and its support files is a - matter for individual system administrators. The following are - thus suggestions only. - - It is recommended that the make_smbcodepage - program be installed under the /usr/local/samba - hierarchy, in a directory readable by all, writeable - only by root. The program itself should be executable by all. The - program should NOT be setuid or setgid! - - - - VERSION - - This man page is correct for version 2.2 of - the Samba suite. - - - - SEE ALSO - smbd(8), - smb.conf(5) - - - - - AUTHOR - - The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed. - - The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at - - ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter - - - diff --git a/docs/docbook/manpages/make_unicodemap.1.sgml b/docs/docbook/manpages/make_unicodemap.1.sgml deleted file mode 100644 index 5e7292341b..0000000000 --- a/docs/docbook/manpages/make_unicodemap.1.sgml +++ /dev/null @@ -1,172 +0,0 @@ - - - - - make_unicodemap - 1 - - - - - make_unicodemap - construct a unicode map file for Samba - - - - - make_unicodemap - codepage - inputfile - outputfile - - - - - - - DESCRIPTION - - - This tool is part of the Samba - suite. - - - - make_unicodemap compiles text unicode map - files into binary unicode map files for use with the - internationalization features of Samba 2.2. - - - - - - - OPTIONS - - - - codepage - This is the codepage or UNIX character - set we are processing (a number, e.g. 850). - - - - - inputfile - This is the input file to process. This is a - text unicode map file such as the ones found in the Samba - source/codepages directory. - - - - - outputfile - This is the binary output file to produce. - - - - - - - - Samba Unicode Map Files - - - A text Samba unicode map file is a description that tells Samba - how to map characters from a specified DOS code page or UNIX character - set to 16 bit unicode. - - - A binary Samba unicode map file is a binary representation - of the same information, including a value that specifies what - codepage or UNIX character set this file is describing. - - - - - Files - - CP<codepage>.TXT - - - These are the input (text) unicode map files provided - in the Samba source/codepages - directory. - - - - A text unicode map file consists of multiple lines - containing two fields. These fields are : - - - - character - which is - the (hex) character mapped on this line. - - - unicode - which - is the (hex) 16 bit unicode character that the character - will map to. - - - - - unicode_map.<codepage> - These are - the output (binary) unicode map files produced and placed in - the Samba destination lib/codepage - directory. - - - - - - Installation - - - The location of the server and its support files is a matter - for individual system administrators. The following are thus - suggestions only. - - - - It is recommended that the make_unicodemap - program be installed under the - $prefix/samba hierarchy, - in a directory readable by all, writeable only by root. The - program itself should be executable by all. The program - should NOT be setuid or setgid! - - - - - VERSION - - This man page is correct for version 2.2 of - the Samba suite. - - - - SEE ALSO - smbd(8), - smb.conf(5) - - - - - AUTHOR - - The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed. - - The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at - - ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter - - - -- cgit From 9cd6f05f2b78720a22dfd80d15134a32831cbc2b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 18 Oct 2002 15:54:02 +0000 Subject: Remove note about the howto being in 'htmldocs' - this notice has been in since 2.2 so people should know by now... (This used to be commit 744615f13f591b334fe85d4285ffbaa11419755c) --- docs/docbook/howto/README.NOW | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 docs/docbook/howto/README.NOW (limited to 'docs/docbook') diff --git a/docs/docbook/howto/README.NOW b/docs/docbook/howto/README.NOW deleted file mode 100644 index 77f1659a89..0000000000 --- a/docs/docbook/howto/README.NOW +++ /dev/null @@ -1,2 +0,0 @@ -The files previously in this directory have been incorporated -into the Samba-HOWTO-Collection -- cgit From 0fc3596a95dc54c27cbb3edf6ebb264e646299af Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 18 Oct 2002 18:30:49 +0000 Subject: Add note to HP-UX: use gcc or HP's ansi C compiler and not the freely supplied C compiler (which isn't ansi C compatible) (This used to be commit 853558151e0d26a98bf9278b664f98987f17813e) --- docs/docbook/projdoc/Portability.sgml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/docbook') diff --git a/docs/docbook/projdoc/Portability.sgml b/docs/docbook/projdoc/Portability.sgml index 88527cbe62..0ae720af53 100644 --- a/docs/docbook/projdoc/Portability.sgml +++ b/docs/docbook/projdoc/Portability.sgml @@ -36,6 +36,12 @@ allowed range. This is documented in the HP manual pages under setgroups(2) and passwd(4). + +On HPUX you must use gcc or the HP Ansi compiler. The free compiler +that comes with HP-UX is not Ansi compliant and cannot compile +Samba. + + -- cgit From 010e444fd934b3df6840ce9f015627ef2bf389a0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 18 Oct 2002 20:31:13 +0000 Subject: Document %D. Make a difference between sub_basic and sub_advanced substitutions (This used to be commit 7fe52d378d7e4ce6381be3544d865088a7659009) --- docs/docbook/manpages/smb.conf.5.sgml | 113 ++++++++++++++++++---------------- 1 file changed, 59 insertions(+), 54 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 5ce8691076..b87564e622 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -333,29 +333,6 @@ might be relevant. These are: - - %S - the name of the current service, if any. - - - - - %P - the root directory of the current service, - if any. - - - - %u - user name of the current service, if any. - - - - - %g - primary group name of %u. - - %U session user name (the user name that the client @@ -367,17 +344,6 @@ primary group name of %U. - - %H - the home directory of the user given - by %u. - - - - %v - the Samba version. - - %h the Internet hostname that Samba is running @@ -408,22 +374,6 @@ - - %N - the name of your NIS home directory server. - This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the --with-automount - option then this value will be the same as %L. - - - - - %p - the path of the service's home directory, - obtained from your NIS auto.map entry. The NIS auto.map entry - is split up as "%N:%p". - - %R the selected protocol level after @@ -458,6 +408,11 @@ %T the current date and time. + + + %D + Name of the domain or workgroup of the current user. + %$(envvar) @@ -466,6 +421,56 @@ + The following substitutes apply only to some configuration options(only those + that are used when a connection has been established): + + + + %S + the name of the current service, if any. + + + + + %P + the root directory of the current service, + if any. + + + + %u + user name of the current service, if any. + + + + + %g + primary group name of %u. + + + + %H + the home directory of the user given + by %u. + + + + %N + the name of your NIS home directory server. + This is obtained from your NIS auto.map entry. If you have + not compiled Samba with the --with-automount + option then this value will be the same as %L. + + + + + %p + the path of the service's home directory, + obtained from your NIS auto.map entry. The NIS auto.map entry + is split up as "%N:%p". + + + There are some quite creative things that can be done with these substitutions and other smb.conf options. @@ -528,7 +533,7 @@ - By default, Samba 2.2 has the same semantics as a Windows + By default, Samba 3.0 has the same semantics as a Windows NT server, in that it is case insensitive but case preserving. @@ -1393,12 +1398,12 @@ request has a time limit associated with it. If this parameter is set and the lock range requested - cannot be immediately satisfied, Samba 2.2 will internally + cannot be immediately satisfied, samba will internally queue the lock request, and periodically attempt to obtain the lock until the timeout period expires. If this parameter is set to no, then - Samba 2.2 will behave as previous versions of Samba would and + samba will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained. @@ -1746,7 +1751,7 @@ debug timestamp (G) - Samba 2.2 debug log messages are timestamped + Samba debug log messages are timestamped by default. If you are running at a high debug level these timestamps can be distracting. This boolean parameter allows timestamping -- cgit From 14a2b338ff18b99c8968869755747fa683310b7d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 18 Oct 2002 20:36:43 +0000 Subject: Add FAQ 'I have set 'force user' and samba still makes 'root' the owner of all the files I touch!' (This used to be commit e8d7f8eb43e299cbe7f46c91e2040e9d74d693e2) --- docs/docbook/faq/config.sgml | 11 +++++++++++ docs/docbook/faq/sambafaq.sgml | 2 ++ 2 files changed, 13 insertions(+) create mode 100644 docs/docbook/faq/config.sgml (limited to 'docs/docbook') diff --git a/docs/docbook/faq/config.sgml b/docs/docbook/faq/config.sgml new file mode 100644 index 0000000000..78f73252a2 --- /dev/null +++ b/docs/docbook/faq/config.sgml @@ -0,0 +1,11 @@ + +Configuration problems + + +I have set 'force user' and samba still makes 'root' the owner of all the files I touch! + +When you have a user in 'admin users', samba will always do file operations for +this user as 'root', even if 'force user' has been set. + + + diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml index 0e5e146b5a..e9e5ed7a3c 100644 --- a/docs/docbook/faq/sambafaq.sgml +++ b/docs/docbook/faq/sambafaq.sgml @@ -4,6 +4,7 @@ + ]> @@ -29,6 +30,7 @@ and the old samba text documents which were mostly written by John Terpstra. &general; &install; +&config; &clientapp; &errors; &features; -- cgit From e5d7c4f15050d4119a63d048bfbed88c018788df Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 18 Oct 2002 21:01:42 +0000 Subject: Try to put some questions from the mailinglist in (This used to be commit 1bf8ca3c89b5cbbc329f34971d5d2541d3b0265c) --- docs/docbook/faq/errors.sgml | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'docs/docbook') diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml index 0a40011fbb..2f378a3688 100644 --- a/docs/docbook/faq/errors.sgml +++ b/docs/docbook/faq/errors.sgml @@ -159,4 +159,12 @@ the smb.conf man page. + + +Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable" + +A domain controller has to announce on the network who it is. This usually takes a while. + + + -- cgit From 8e8d6da1ce6b1ec5e8e5cc98e257aeb07617c2ce Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 18 Oct 2002 21:14:55 +0000 Subject: smb.conf.5 is completely up-to-date for 3.0 now. Say so in the VERSION section (This used to be commit 28fb5f00c0683ed7af6ea05ac5e005215ad7a7c7) --- docs/docbook/manpages/smb.conf.5.sgml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index b87564e622..0e03eabd03 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -8449,7 +8449,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. -- cgit From 19eb4688cf04ec14dc412f54611de18b66c48fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 18 Oct 2002 21:43:31 +0000 Subject: Update for 3.0 (document -B, -s, -n options). Is now current (This used to be commit 9f388e15b0bef1590c5605f8d7cdeac7c82cd64f) --- docs/docbook/manpages/winbindd.8.sgml | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index 32ea86b0d6..848f6ed3fa 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -17,8 +17,10 @@ winbindd -i + -B -d <debug level> -s <smb config file> + -n @@ -118,6 +120,33 @@ group: files winbind option is used by developers when interactive debugging of winbindd is required. + + + -n + Disable caching. This means winbindd will + always have to wait for a response from the domain controller + before it can respond to a client and this thus makes things + slower. The results will however be more accurate, since + results from the cache might not be up-to-date. This + might also temporarily hang winbindd if the DC doesn't respond. + + + + + -B + Dual daemon mode. This means winbindd will run + as 2 threads. The first will answer all requests from the cache, + thus making responses to clients faster. The other will + update the cache for the query that the first has just responded. + Advantage of this is that responses are accurate and fast. + + + + + -s|--conf=smb.conf + Specifies the location of the all-important + smb.conf file. + @@ -368,7 +397,7 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. -- cgit From e9368b1d20bd64c7450851f458a3e13ee446e025 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 18 Oct 2002 22:16:08 +0000 Subject: Document parameters that have been added in 3.0 (This used to be commit 1fb6353c39439220465fcce7950511c63e31ea44) --- docs/docbook/manpages/findsmb.1.sgml | 2 +- docs/docbook/manpages/nmbd.8.sgml | 4 ++-- docs/docbook/manpages/nmblookup.1.sgml | 12 +++++++++++- docs/docbook/manpages/smbpasswd.5.sgml | 2 +- 4 files changed, 15 insertions(+), 5 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/findsmb.1.sgml b/docs/docbook/manpages/findsmb.1.sgml index 7b2371fdb7..fb953b9f25 100644 --- a/docs/docbook/manpages/findsmb.1.sgml +++ b/docs/docbook/manpages/findsmb.1.sgml @@ -98,7 +98,7 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml index 2b8e066120..bd8bf964f1 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -1,3 +1,4 @@ +2Q @@ -20,7 +21,6 @@ -a -i -o - -P -h -V -d <debug level> @@ -39,7 +39,7 @@ nmbd is a server that understands and can reply to NetBIOS over IP name service requests, like those produced by SMB/CIFS clients such as Windows 95/98/ME, - Windows NT, Windows 2000, and LanManager clients. It also + Windows NT, Windows 2000, Windows XP and LanManager clients. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view. diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.sgml index 67efac5634..33ae631ed9 100644 --- a/docs/docbook/manpages/nmblookup.1.sgml +++ b/docs/docbook/manpages/nmblookup.1.sgml @@ -28,6 +28,7 @@ -s <smb config file> -i <NetBIOS scope> -T + -f name @@ -182,6 +183,15 @@ pair that is the normal output. + + -f + + Show which flags apply to the name that has been looked up. Possible + answers are zero or more of: Response, Authoritative, + Truncated, Recursion_Desired, Recursion_Available, Broadcast. + + + name @@ -217,7 +227,7 @@ VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml index be75107819..5c80ac4c06 100644 --- a/docs/docbook/manpages/smbpasswd.5.sgml +++ b/docs/docbook/manpages/smbpasswd.5.sgml @@ -172,7 +172,7 @@ VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. -- cgit From 48a56c12e268845d037ea0c4115a0df37cb20e26 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Oct 2002 04:30:51 +0000 Subject: add a 'mangle prefix' option to allow people to tune the number of characters used in the prefix for 8.3 names in the hash2 algorithm. The longer the prefix the more readable the 8.3 names will be, but the weaker the hash. this was added because of someone complaining that the new hashing algorithm was unreadable but the old one was broken :) (This used to be commit 3ca3cc838e5b957c7244b21947daddc4ee4c3099) --- docs/docbook/manpages/smb.conf.5.sgml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 0e03eabd03..a1f767185c 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -4292,10 +4292,21 @@ a better algorithm (generates less collisions) in the names. However, many Win32 applications store the mangled names and so changing to the new algorithm must not be done - lightly as these applications may break unless reinstalled. - New installations of Samba may set the default to hash2. - Default: mangling method = hash - Example: mangling method = hash2 + lightly as these applications may break unless reinstalled. + Default: mangling method = hash2 + Example: mangling method = hash + + + + + mangle prefix (G) + controls the number of prefix + characters from the original name used when generating + the mangled names. A larger value will give a weaker + hash and therefore more name collisions. The minimum + value is 1 and the maximum value is 6. + Default: mangle prefix = 1 + Example: mangle prefix = 4 -- cgit From 6c82e994d9d796a6ffd6061eb2b5a368edfa8969 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 21 Oct 2002 18:01:02 +0000 Subject: Add faq chapter about the samba features (This used to be commit b55fe96c1f073e81ce564d16d70cae49e1862cf5) --- docs/docbook/faq/features.sgml | 376 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 376 insertions(+) create mode 100644 docs/docbook/faq/features.sgml (limited to 'docs/docbook') diff --git a/docs/docbook/faq/features.sgml b/docs/docbook/faq/features.sgml new file mode 100644 index 0000000000..d464885f9e --- /dev/null +++ b/docs/docbook/faq/features.sgml @@ -0,0 +1,376 @@ + + +Features + + +How can I prevent my samba server from being used to distribute the Nimda worm? + +Author: HASEGAWA Yosuke (translated by TAKAHASHI Motonobu) + + +Nimba Worm is infected through shared disks on a network, as well as through +Microsoft IIS, Internet Explorer and mailer of Outlook series. + + + +At this time, the worm copies itself by the name *.nws and *.eml on +the shared disk, moreover, by the name of Riched20.dll in the folder +where *.doc file is included. + + + +To prevent infection through the shared disk offered by Samba, set +up as follows: + + + + +[global] + ... + # This can break Administration installations of Office2k. + # in that case, don't veto the riched20.dll + veto files = /*.eml/*.nws/riched20.dll/ + + + + +By setting the "veto files" parameter, matched files on the Samba +server are completely hidden from the clients and making it impossible +to access them at all. + + + +In addition to it, the following setting is also pointed out by the +samba-jp:09448 thread: when the +"readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on +a Samba server, it is visible only as "readme.txt" and dangerous +code may be executed if this file is double-clicked. + + + +Setting the following, + + veto files = /*.{*}/ + +any files having CLSID in its file extension will be inaccessible from any +clients. + + + +This technical article is created based on the discussion of +samba-jp:09448 and samba-jp:10900 threads. + + + + +How can I use samba as a fax server? + +Contributor: Gerhard Zuber + +Requirements: + +UNIX box (Linux preferred) with SAMBA and a faxmodem +ghostscript package +mgetty+sendfax package +pbm package (portable bitmap tools) + + + +First, install and configure the required packages. Be sure to read the mgetty+sendfax +manual carefully. + + +Tools for printing faxes + +Your incomed faxes are in: +/var/spool/fax/incoming + +print it with: + + +for i in * +do +g3cat $i | g3tolj | lpr -P hp +done + + + + +g3cat is in the tools-section, g3tolj is in the contrib-section +for printing to HP lasers. + + + +If you want to produce files for displaying and printing with Windows, use +some tools from the pbm-package like the following command: g3cat $i | g3topbm - | ppmtopcx - >$i.pcx +and view it with your favourite Windows tool (maybe paintbrush) + + + + + +Making the fax-server + +fetch the file mgetty+sendfax/frontends/winword/faxfilter and place it in /usr/local/etc/mgetty+sendfax/(replace /usr/local/ with whatever place you installed mgetty+sendfax) + +prepare your faxspool file as mentioned in this file +edit fax/faxspool.in and reinstall or change the final +/usr/local/bin/faxspool too. + + + +if [ "$user" = "root" -o "$user" = "fax" -o \ + "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ] + + +find the first line and change it to the second. + + +make sure you have pbmtext (from the pbm-package). This is +needed for creating the small header line on each page. + + +Prepare your faxheader /usr/local/etc/mgetty+sendfax/faxheader + + +Edit your /etc/printcap file: + +# FAX +lp3|fax:\ + :lp=/dev/null:\ + :sd=/usr/spool/lp3:\ + :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\ + :lf=/usr/spool/lp3/fax-log: + + +Now, edit your smb.conf so you have a smb based printer named "fax" + + + + +Installing the client drivers + + +Now you have a printer called "fax" which can be used via +TCP/IP-printing (lpd-system) or via SAMBA (windows printing). + + + +On every system you are able to produce postscript-files you +are ready to fax. + + + +On Windows 3.1 95 and NT: + + + +Install a printer wich produces postscript output, + e.g. apple laserwriter + + +Connect the "fax" to your printer. + + +Now write your first fax. Use your favourite wordprocessor, +write, winword, notepad or whatever you want, and start +with the headerpage. + + + +Usually each fax has a header page. It carries your name, +your address, your phone/fax-number. + + + +It carries also the recipient, his address and his *** fax +number ***. Now here is the trick: + + + +Use the text: + +Fax-Nr: 123456789 + +as the recipients fax-number. Make sure this text does not +occur in regular text ! Make sure this text is not broken +by formatting information, e.g. format it as a single entity. +(Windows Write and Win95 Wordpad are functional, maybe newer + versions of Winword are breaking formatting information). + + + +The trick is that postscript output is human readable and +the faxfilter program scans the text for this pattern and +uses the found number as the fax-destination-number. + + + +Now print your fax through the fax-printer and it will be +queued for later transmission. Use faxrunq for sending the +queue out. + + + + + +Example smb.conf + + +[global] + printcap name = /etc/printcap + print command = /usr/bin/lpr -r -P %p %s + lpq command = /usr/bin/lpq -P %p + lprm command = /usr/bin/lprm -P %p %j + +[fax] + comment = FAX (mgetty+sendfax) + path = /tmp + printable = yes + public = yes + writable = no + create mode = 0700 + browseable = yes + guest ok = no + + + + + + +Samba doesn't work well together with DHCP! + + +We wish to help those folks who wish to use the ISC DHCP Server and provide +sample configuration settings. Most operating systems today come ship with +the ISC DHCP Server. ISC DHCP is available from: +ftp://ftp.isc.org/isc/dhcp + + + +Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows +NT/2000) will lead to problems with browsing and with general network +operation. Windows 9X/ME users often report problems where the TCP/IP and related +network settings will inadvertantly become reset at machine start-up resulting +in loss of configuration settings. This results in increased maintenance +overheads as well as serious user frustration. + + + +In recent times users on one mailing list incorrectly attributed the cause of +network operating problems to incorrect configuration of Samba. + + + +One user insisted that the only way to provent Windows95 from periodically +performing a full system reset and hardware detection process on start-up was +to install the NetBEUI protocol in addition to TCP/IP. This assertion is not +correct. + + + +In the first place, there is NO need for NetBEUI. All Microsoft Windows clients +natively run NetBIOS over TCP/IP, and that is the only protocol that is +recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will +cause problems with browse list operation on most networks. Even Windows NT +networks experience these problems when incorrectly configured Windows95 +systems share the same name space. It is important that only those protocols +that are strictly needed for site specific reasons should EVER be installed. + + + +Secondly, and totally against common opinion, DHCP is NOT an evil design but is +an extension of the BOOTP protocol that has been in use in Unix environments +for many years without any of the melt-down problems that some sensationalists +would have us believe can be experienced with DHCP. In fact, DHCP in covered by +rfc1541 and is a very safe method of keeping an MS Windows desktop environment +under control and for ensuring stable network operation. + + + +Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95 +store all network configuration settings a registry. There are a few reports +from MS Windows network administrators that warrant mention here. It would appear +that when one sets certain MS TCP/IP protocol settings (either directly or via +DHCP) that these do get written to the registry. Even though a subsequent +change of setting may occur the old value may persist in the registry. This +has been known to create serious networking problems. + + + +An example of this occurs when a manual TCP/IP environment is configured to +include a NetBIOS Scope. In this event, when the administrator then changes the +configuration of the MS TCP/IP protocol stack, without first deleting the +current settings, by simply checking the box to configure the MS TCP/IP stack +via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be +applied to the resulting DHCP offered settings UNLESS the DHCP server also sets +a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS +Scope from your DHCP server. The can be done in the dhcpd.conf file with the +parameter: +option netbios-scope ""; + + + +While it is true that the Microsoft DHCP server that comes with Windows NT +Server provides only a sub-set of rfc1533 functionality this is hardly an issue +in those sites that already have a large investment and commitment to Unix +systems and technologies. The current state of the art of the DHCP Server +specification in covered in rfc2132. + + + + + +How can I assign NetBIOS names to clients with DHCP? + + +SMB network clients need to be configured so that all standard TCP/IP name to +address resolution works correctly. Once this has been achieved the SMB +environment provides additional tools and services that act as helper agents in +the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One +such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it +in their Windows NT Server implementation WINS (Windows Internet Name Server). + + + +A client needs to be configured so that it has a unique Machine (Computer) +Name. + + + +This can be done, but needs a few NT registry hacks and you need to be able to +speak UNICODE, which is of course no problem for a True Wizzard(tm) :) +Instructions on how to do this (including a small util for less capable +Wizzards) can be found at + + +http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html + + + + +How do I convert between unix and dos text formats? + + +Jim barry has written an +excellent drag-and-drop cr/lf converter for +windows. Just drag your file onto the icon and it converts the file. + + + +The utilities unix2dos and dos2unix(in the mtools package) should do +the job under unix. + + + + + +Does samba have wins replication support? + + +At the time of writing there is currently being worked on a wins replication implementation(wrepld). + + + + + -- cgit