From 4ea9be5467b6274ec2074af8c6438d42415d8fb6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 7 Apr 2003 14:01:19 +0000 Subject: Regenerate docs (This used to be commit 3d61303ea9783e01796a90e74efb3457ef76497f) --- docs/htmldocs/Samba-HOWTO-Collection.html | 3491 ++++++++++++++++++----------- 1 file changed, 2181 insertions(+), 1310 deletions(-) (limited to 'docs/htmldocs/Samba-HOWTO-Collection.html') diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index 9b79518cec..8c470203e7 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -69,8 +69,8 @@ NAME="AEN32" >

This book is a collection of HOWTOs added to Samba documentation over the years. -I try to ensure that all are current, but sometimes the is a larger job -than one person can maintain. The most recent version of this document +Samba is always under development, and so is it's documentation. +The most recent version of this document can be found at

1.2. Configuring samba
1.3. Try listing the shares available on your server
1.4. Try connecting with the unix client
1.5. Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client
1.6. What If Things Don't Work?
2.1. Discussion
2.2. How browsing functions and how to deploy stable and dependable browsing using Samba
2.3. Use of the Remote Announce
2.4. Use of the Remote Browse Sync
2.5. Use of WINS
2.6. Do NOT use more than one (1) protocol on MS Windows machines
2.7. Name Resolution Order
3.1. Introduction
3.2. Important Notes About Security
3.3. The smbpasswd Command
3.4. Plain text
3.5. TDB
3.6. LDAP
3.7. MySQL
3.8. XML
4.1. Stand Alone Server
4.2. Domain Member Server
4.3. Domain Controller
5.1. User and Share security level
6.1. Prerequisite Reading
6.2. Background
6.3. Configuring the Samba Domain Controller
6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
6.5. Common Problems and Errors
6.6. What other help can I get?
6.7. Domain Control for Windows 9x/ME
7.1. Prerequisite Reading
7.2. Background
7.3. What qualifies a Domain Controller on the network?
7.4. Can Samba be a Backup Domain Controller to an NT PDC?
7.5. How do I set up a Samba BDC?
8.1. Setup your smb.conf
8.2. Setup your /etc/krb5.conf
8.5. Testing with smbclientTesting with smbclient
8.6. Notes
9.1. Joining an NT Domain with Samba 3.0
9.2. Why is this better than security = server?
10.1. Viewing and changing UNIX permissions using the NT security dialogs
10.2. How to view file security on a Samba share
10.3. Viewing file ownership
10.4. Viewing file or directory permissions
10.5. Modifying file or directory permissions
10.6. Interaction with the standard Samba create mask parameters
10.7. Interaction with the standard Samba file attribute mapping
12.1. Introduction
12.2. Configuration
12.3. The Imprints Toolset
12.4. Diagnosis
13.1. Introduction
13.2. Configuring smb.conf
13.3. CUPS - RAW Print Through Mode
13.4. CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe PostScript driver with CUPS-PPDs downloaded to clients
13.5. Windows Terminal Servers (WTS) as CUPS clients
13.6. Setting up CUPS for driver download
13.7. Sources of CUPS drivers / PPDs
13.8. The CUPS Filter Chains
13.9. CUPS Print Drivers and Devices
13.10. Limiting the number of pages users can print
13.11. Advanced Postscript Printing from MS Windows
13.12. Auto-Deletion of CUPS spool files
14.1. Abstract
14.2. Introduction
14.3. What Winbind Provides
14.4. How Winbind Works
14.5. Installation and Configuration
14.6. Limitations
14.7. Conclusion
15.1. Configuring Samba Share Access Controls
15.2. Remote Server Administration
15.3. Network Logon Script Magic
16.1. Creating and Managing System Policies
16.2. Managing Account/User Policies
17.1. Roaming Profiles
17.2. Mandatory profiles
17.3. Creating/Managing Group Profiles
17.4. Default Profile for Windows Users
18. Interdomain Trust Relationships
18.1. Trust Relationship Background
18.2. MS Windows NT4 Trust Configuration
18.3. Configuring Samba Domain Trusts
19. PAM Configuration for Centrally Managed Authentication
18.1. 19.1. Samba and PAM
18.2. 19.2. Distributed Authentication
18.3. 19.3. PAM Configuration in smb.conf
19. 20. Stackable VFS modules
19.1. 20.1. Introduction and configuration
19.2. 20.2. Included modules
19.3. 20.3. VFS modules available elsewhere
20. 21. Hosting a Microsoft Distributed File System tree on Samba
20.1. 21.1. Instructions
21. 22. Integrating MS Windows networks with Samba
21.1. 22.1. Name Resolution in a pure Unix/Linux world
21.2. 22.2. Name resolution as used within MS Windows networking
22. 23. Improved browsing in samba
22.1. 23.1. Overview of browsing
22.2. 23.2. Browsing support in samba
22.3. 23.3. Problem resolution
22.4. 23.4. Browsing across subnets
22.5. 23.5. Setting up a WINS server
22.6. 23.6. Setting up Browsing in a WORKGROUP
22.7. 23.7. Setting up Browsing in a DOMAIN
22.8. 23.8. Forcing samba to be the master
22.9. 23.9. Making samba the domain master
22.10. 23.10. Note about broadcast addresses
22.11. 23.11. Multiple interfaces
23. 24. Securing Samba
23.1. 24.1. Introduction
23.2. 24.2. Using host based protection
23.3. 24.3. Using interface protection
23.4. 24.4. Using a firewall
23.5. 24.5. Using a IPC$ share deny
23.6. 24.6. Upgrading Samba
24. 25. Unicode/Charsets
24.1. 25.1. What are charsets and unicode?
24.2. 25.2. Samba and charsets
25. 26. SWAT - The Samba Web Admininistration Tool
25.1. 26.1. SWAT Features and Benefits
26. 27. Migration from NT4 PDC to Samba-3 PDC
26.1. 27.1. Planning and Getting Started
26.2. 27.2. Managing Samba-3 Domain Control
27. 28. Samba performance issues
27.1. 28.1. Comparisons
27.2. 28.2. Socket options
27.3. 28.3. Read size
27.4. 28.4. Max xmit
27.5. 28.5. Log level
27.6. 28.6. Read raw
27.7. 28.7. Write raw
27.8. 28.8. Slow Clients
27.9. 28.9. Slow Logins
27.10. 28.10. Client tuning
28. 29. Portability
28.1. 29.1. HPUX
28.2. 29.2. SCO Unix
28.3. 29.3. DNIX
28.4. 29.4. RedHat Linux Rembrandt-II
28.5. 29.5. AIX
29. 30. Samba and other CIFS clients
29.1. 30.1. Macintosh clients?
29.2. 30.2. OS2 Client
29.3. 30.3. Windows for Workgroups
29.4. 30.4. Windows '95/'98
29.5. 30.5. Windows 2000 Service Pack 2
29.6. 30.6. Windows NT 3.1
30. 31. How to compile SAMBA
30.1. 31.1. Access Samba source code via CVS
30.2. 31.2. Accessing the samba sources via rsync and ftp
30.3. 31.3. Building the Binaries
30.4. 31.4. Starting the smbd and nmbd
31. 32. Reporting Bugs
31.1. 32.1. Introduction
31.2. 32.2. General info
31.3. 32.3. Debug levels
31.4. 32.4. Internal errors
31.5. 32.5. Attaching to a running process
31.6. 32.6. Patches
32. 33. The samba checklist
32.1. 33.1. Introduction
32.2. 33.2. Assumptions
32.3. 33.3. The tests
32.4. 33.4. Still having troubles?
1.2. Configuring samba
1.2.1. Editing the smb.conf fileEditing the smb.conf file
1.2.2. SWAT
1.3. Try listing the shares available on your server
1.4. Try connecting with the unix client
1.5. Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client
1.6. What If Things Don't Work?
1.6.1. Scope IDs
1.6.2. Locking
2.1. Discussion
2.2. How browsing functions and how to deploy stable and dependable browsing using Samba
2.3. Use of the Remote Announce
2.4. Use of the Remote Browse Sync
2.5. Use of WINS
2.6. Do NOT use more than one (1) protocol on MS Windows machines
2.7. Name Resolution Order
3.1. Introduction
3.2. Important Notes About Security
3.2.1. Advantages of SMB Encryption
3.2.2. Advantages of non-encrypted passwords
3.3. The smbpasswd Command
3.4. Plain text
3.5. TDB
3.6. LDAP
3.6.1. Introduction
3.6.2. Introduction
3.6.3. Supported LDAP Servers
3.6.4. Schema and Relationship to the RFC 2307 posixAccount
3.6.5. Configuring Samba with LDAP
3.6.6. Accounts and Groups management
3.6.7. Security and sambaAccount
3.6.8. LDAP specials attributes for sambaAccounts
3.6.9. Example LDIF Entries for a sambaAccount
3.7. MySQL
3.7.1. Creating the database
3.7.2. Configuring
3.7.3. Using plaintext passwords or encrypted password
3.7.4. Getting non-column data from the table
3.8. XML
the samba homepage +>.

If you need to compile samba from source, check the - appropriate appendix chapter.

appropriate appendix chapter.


1.2. Configuring samba


1.2.1. Editing the smb.conf file1.2.1. Editing the smb.conf file

There are sample configuration files in the examples @@ -1566,31 +1602,27 @@ NAME="AEN75" >

	[global]
-	   workgroup = MYGROUP
+>[global]
+	workgroup = MYGROUP
 
-	   [homes]
-	      guest ok = no
-	      read only = no
+[homes]
+	guest ok = no
+	read only = no
 	

which would allow connections by anyone with an account on the server, using either their login name or - "homes" as the service name. (Note that I also set the + "homes" as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details)

Note that make install will not install - a Make sure you put the smb.conf file. You need to create it - yourself.

Make sure you put the smb.conf file in the same place +> file in the same place you specified in theMakefile).

For more information about security settings for the - [homes] share please refer to the document UNIX_SECURITY.txt.

[homes] share please refer to the chapter + Securing Samba.


1.2.1.1. Test your config file with smb.conf file using the testparm program. +> file using the testparm program. If testparm runs OK then it will list the loaded services. If not it will give an error message.


1.2.2. SWAT


1.3. Try listing the shares available on your server


1.4. Try connecting with the unix client

yourhostname - would be the name of the host where you installed smbd. The smbd. + The aservice is any service you have defined in the smb.conf - file. Try your user name if you just have a [homes] section +> + file. Try your user name if you just have a [homes] + section in smb.conf.

For example if your unix host is bambi and your login - name is fred you would type:

For example if your unix host is bambi + and your login name is fred you would type:

$ smbclient //bambi/fred +>smbclient //bambi/fred


1.5. Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client

print filename

Celebrate, or send me a bug report!


1.6. What If Things Don't Work?

Then you might read the file HOWTO chapter Diagnosis and the +>Then you might read the file chapter + Diagnosis and the FAQ. If you are still stuck then try the mailing list or newsgroup (look in the README for details). Samba has been successfully installed at thousands of sites worldwide, so maybe @@ -1825,7 +1886,7 @@ CLASS="SECT2" >


1.6.1. Scope IDs


1.6.2. Locking


2.1. Discussion

Secondly, in those networks where Samba is the only SMB server technology -wherever possible nmbd should be configured on one (1) machine as the WINS +wherever possible nmbd should be configured on one (1) machine as the WINS server. This makes it easy to manage the browsing environment. If each network segment is configured with it's own Samba WINS server, then the only way to get cross segment browsing to work is by using the @@ -2001,7 +2065,10 @@ CLASS="COMMAND" been committed, but it still needs maturation.

Right now samba WINS does not support MS-WINS replication. This means that -when setting up Samba as a WINS server there must only be one nmbd configured +when setting up Samba as a WINS server there must only be one nmbd configured as a WINS server on the network. Some sites have used multiple Samba WINS servers for redundancy (one server per subnet) and then used


2.2. How browsing functions and how to deploy stable and dependable browsing using Samba


2.3. Use of the Remote Announce

2.4. Use of the Remote Browse Sync

2.5. Use of WINS

To configure Samba to register with a WINS server just add "wins server = a.b.c.d" to your smb.conf file [globals] section.

DO NOT EVER use both "wins support = yes" together -with "wins server = a.b.c.d" particularly not using it's own IP address. -Specifying both will cause nmbd to refuse to start!

Never use both wins support = yes together +with wins server = a.b.c.d +particularly not using it's own IP address. +Specifying both will cause nmbd to refuse to start!


2.6. Do NOT use more than one (1) protocol on MS Windows machines


2.7. Name Resolution Order

3.1. Introduction


3.2. Important Notes About Security


3.2.1. Advantages of SMB Encryption


3.2.2. Advantages of non-encrypted passwords


3.3. The smbpasswd Command


3.4. Plain text


3.5. TDB


3.6. LDAP

3.6.1. Introduction


3.6.2. Introduction


3.6.3. Supported LDAP Servers


3.6.4. Schema and Relationship to the RFC 2307 posixAccount


3.6.5. Configuring Samba with LDAP

3.6.5.1. OpenLDAP configuration


3.6.5.2. Configuring Samba


3.6.6. Accounts and Groups management


3.6.7. Security and sambaAccount


3.6.8. LDAP specials attributes for sambaAccounts


3.6.9. Example LDIF Entries for a sambaAccount


3.7. MySQL

3.7.1. Creating the database


3.7.2. Configuring


3.7.3. Using plaintext passwords or encrypted password


3.7.4. Getting non-column data from the table


3.8. XML

Introduction

4.1. Stand Alone Server
4.2. Domain Member Server
4.3. Domain Controller
4.3.1. Domain Controller Types
5.1. User and Share security level
5.1.1. User Level Security
5.1.2. Share Level Security
5.1.3. Server Level Security
5.1.4. Domain Level Security
5.1.5. ADS Level Security
6.1. Prerequisite Reading
6.2. Background
6.3. Configuring the Samba Domain Controller
6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
6.4.1. Manual Creation of Machine Trust Accounts
6.4.2. "On-the-Fly" Creation of Machine Trust Accounts
6.4.3. Joining the Client to the Domain
6.5. Common Problems and Errors
6.6. What other help can I get?
6.7. Domain Control for Windows 9x/ME
6.7.1. Configuration Instructions: Network Logons
7.1. Prerequisite Reading
7.2. Background
7.3. What qualifies a Domain Controller on the network?
7.3.1. How does a Workstation find its domain controller?
7.3.2. When is the PDC needed?
7.4. Can Samba be a Backup Domain Controller to an NT PDC?
7.5. How do I set up a Samba BDC?
7.5.1. How do I replicate the smbpasswd file?
7.5.2. Can I do this all with LDAP?
8.1. Setup your smb.conf
8.2. Setup your /etc/krb5.conf
8.3.1. Possible errors
8.5. Testing with smbclientTesting with smbclient
8.6. Notes
9.1. Joining an NT Domain with Samba 3.0
9.2. Why is this better than security = server?

4.1. Stand Alone Server


4.2. Domain Member Server


4.3. Domain Controller


4.3.1. Domain Controller Types


5.1. User and Share security level


5.1.1. User Level Security


5.1.2. Share Level Security

user = smb.conf line. The password is then checked in turn against these "possible usernames". If a match is found then the client is authenticated as that user.


5.1.3. Server Level Security


5.1.3.1. Configuring Samba for Seemless Windows Network Integration


5.1.3.2. Use MS Windows NT as an authentication server

This method involves the additions of the following parameters in the smb.conf file:

This method involves the additions of the following parameters in the smb.conf file:


5.1.4. Domain Level Security


5.1.4.1. Samba as a member of an MS Windows NT security domain

This method involves additon of the following paramters in the smb.conf file:

This method involves additon of the following paramters in the smb.conf file:

The use of the "*" argument to "password server" will cause samba to locate the +>The use of the "*" argument to password server will cause samba to locate the domain controller in a way analogous to the way this is done within MS Windows NT. This is the default behaviour.


5.1.5. ADS Level Security

6.1. Prerequisite Reading


6.2. Background


6.3. Configuring the Samba Domain Controller


6.4. Creating Machine Trust Accounts and Joining Clients to the Domain


6.4.1. Manual Creation of Machine Trust Accounts


6.4.2. "On-the-Fly" Creation of Machine Trust Accounts


6.4.3. Joining the Client to the Domain


6.5. Common Problems and Errors


6.6. What other help can I get?


6.7. Domain Control for Windows 9x/ME


6.7.1. Configuration Instructions: Network Logons

7.1. Prerequisite Reading


7.2. Background


7.3. What qualifies a Domain Controller on the network?


7.3.1. How does a Workstation find its domain controller?


7.3.2. When is the PDC needed?


7.4. Can Samba be a Backup Domain Controller to an NT PDC?


7.5. How do I set up a Samba BDC?


7.5.1. How do I replicate the smbpasswd file?


7.5.2. Can I do this all with LDAP?


8.1. Setup your smb.conf

8.2. Setup your /etc/krb5.conf

If all you want is kerberos support in smbclient then you can skip +>If all you want is kerberos support in smbclient then you can skip straight to Test with smbclientTest with smbclient now. testing your servers is only needed if you want kerberos -support for smbd and winbindd.

smbd and winbindd.


8.3.1. Possible errors

8.5. Testing with smbclient8.5. Testing with smbclient

On your Samba server try to login to a Win2000 server or your Samba -server using smbclient and kerberos. Use smbclient as usual, but -specify the smbclient and kerberos. Use smbclient as usual, but +specify the -k option to choose kerberos authentication.


8.6. Notes

9.1. Joining an NT Domain with Samba 3.0

.

Firstly, you must edit your Firstly, you must edit your smb.conf(5) - file to tell Samba it should now use domain security.

smb.conf file to tell Samba it should + now use domain security.

Change (or add) your security = line in the [global] section - of your smb.conf to read:

smb.conf to read:


9.2. Why is this better than security = server?

Introduction

Samba has several features that you might want or might not want to use. The chapters in this -part each cover one specific feature.

Samba has several features that you might want or might not want to use. The chapters in this part each cover one specific feature.

10.1. Viewing and changing UNIX permissions using the NT security dialogs
10.2. How to view file security on a Samba share
10.3. Viewing file ownership
10.4. Viewing file or directory permissions
10.4.1. File Permissions
10.4.2. Directory Permissions
10.5. Modifying file or directory permissions
10.6. Interaction with the standard Samba create mask parameters
10.7. Interaction with the standard Samba file attribute mapping
12.1. Introduction
12.2. Configuration
12.2.1. Creating [print$]
12.2.2. Setting Drivers for Existing Printers
12.2.3. Support a large number of printers
12.2.4. Adding New Printers via the Windows NT APW
12.2.5. Samba and Printer Ports
12.3. The Imprints Toolset
12.3.1. What is Imprints?
12.3.2. Creating Printer Driver Packages
12.3.3. The Imprints server
12.3.4. The Installation Client
12.4. Diagnosis
12.4.1. Introduction
12.4.2. Debugging printer problems
12.4.3. What printers do I have?
12.4.4. Setting up printcap and print servers
12.4.5. Job sent, no output
12.4.6. Job sent, strange output
12.4.7. Raw PostScript printed
12.4.8. Advanced Printing
12.4.9. Real debugging
13.1. Introduction
13.2. Configuring smb.conf
13.3. CUPS - RAW Print Through Mode
13.4. CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe PostScript driver with CUPS-PPDs downloaded to clients
13.5. Windows Terminal Servers (WTS) as CUPS clients
13.6. Setting up CUPS for driver download
13.7. Sources of CUPS drivers / PPDs
13.7.1. cupsaddsmb
13.8. The CUPS Filter Chains
13.9. CUPS Print Drivers and Devices
13.9.1. Further printing steps
13.10. Limiting the number of pages users can print
13.11. Advanced Postscript Printing from MS Windows
13.12. Auto-Deletion of CUPS spool files
14.1. Abstract
14.2. Introduction
14.3. What Winbind Provides
14.3.1. Target Uses
14.4. How Winbind Works
14.4.1. Microsoft Remote Procedure Calls
14.4.2. Microsoft Active Directory Services
14.4.3. Name Service Switch
14.4.4. Pluggable Authentication Modules
14.4.5. User and Group ID Allocation
14.4.6. Result Caching
14.5. Installation and Configuration
14.5.1. Introduction
14.5.2. Requirements
14.5.3. Testing Things Out
14.6. Limitations
14.7. Conclusion
15.1. Configuring Samba Share Access Controls
15.1.1. Share Permissions Management
15.2. Remote Server Administration
15.3. Network Logon Script Magic
16.1. Creating and Managing System Policies
16.1.1. Windows 9x/Me Policies
16.1.2. Windows NT4 Style Policy Files
16.1.3. MS Windows 200x / XP Professional Policies
16.2. Managing Account/User Policies
16.2.1. With Windows NT4/200x
16.2.2. With a Samba PDC
17.1. Roaming Profiles
17.1.1. Samba Configuration for Profile Handling
17.1.2. Windows Client Profile Configuration Information
17.1.3. Sharing Profiles between W9x/Me and NT4/200x/XP workstations
17.1.4. Profile Migration from Windows NT4/200x Server to Samba
17.2. Mandatory profiles
17.3. Creating/Managing Group Profiles
17.4. Default Profile for Windows Users
17.4.1. MS Windows 9x/Me
17.4.2. MS Windows NT4 Workstation
17.4.3. MS Windows 200x/XP
18. Interdomain Trust Relationships
18.1. Trust Relationship Background
18.2. MS Windows NT4 Trust Configuration
18.2.1. NT4 as the Trusting Domain
18.2.2. NT4 as the Trusted Domain
18.3. Configuring Samba Domain Trusts
18.3.1. Samba3 as the Trusting Domain
18.3.2. Samba3 as the Trusted Domain
19. PAM Configuration for Centrally Managed Authentication
18.1. 19.1. Samba and PAM
18.2. 19.2. Distributed Authentication
18.3. 19.3. PAM Configuration in smb.conf
19. 20. Stackable VFS modules
19.1. 20.1. Introduction and configuration
19.2. 20.2. Included modules
19.2.1. 20.2.1. audit
19.2.2. 20.2.2. extd_audit
19.2.3. 20.2.3. recycle
19.2.4. 20.2.4. netatalk
19.3. 20.3. VFS modules available elsewhere
19.3.1. 20.3.1. DatabaseFS
19.3.2. 20.3.2. vscan
20. 21. Hosting a Microsoft Distributed File System tree on Samba
20.1. 21.1. Instructions
20.1.1. 21.1.1. Notes
21. 22. Integrating MS Windows networks with Samba
21.1. 22.1. Name Resolution in a pure Unix/Linux world
21.1.1. 22.1.1. /etc/hosts
21.1.2. 22.1.2. /etc/resolv.conf
21.1.3. 22.1.3. /etc/host.conf
21.1.4. 22.1.4. /etc/nsswitch.conf
21.2. 22.2. Name resolution as used within MS Windows networking
21.2.1. 22.2.1. The NetBIOS Name Cache
21.2.2. 22.2.2. The LMHOSTS file
21.2.3. 22.2.3. HOSTS file
21.2.4. 22.2.4. DNS Lookup
21.2.5. 22.2.5. WINS Lookup
22. 23. Improved browsing in samba
22.1. 23.1. Overview of browsing
22.2. 23.2. Browsing support in samba
22.3. 23.3. Problem resolution
22.4. 23.4. Browsing across subnets
22.4.1. 23.4.1. How does cross subnet browsing work ?
22.5. 23.5. Setting up a WINS server
22.6. 23.6. Setting up Browsing in a WORKGROUP
22.7. 23.7. Setting up Browsing in a DOMAIN
22.8. 23.8. Forcing samba to be the master
22.9. 23.9. Making samba the domain master
22.10. 23.10. Note about broadcast addresses
22.11. 23.11. Multiple interfaces
23. 24. Securing Samba
23.1. 24.1. Introduction
23.2. 24.2. Using host based protection
23.3. 24.3. Using interface protection
23.4. 24.4. Using a firewall
23.5. 24.5. Using a IPC$ share deny
23.6. 24.6. Upgrading Samba
24. 25. Unicode/Charsets
24.1. 25.1. What are charsets and unicode?
24.2. 25.2. Samba and charsets

10.1. Viewing and changing UNIX permissions using the NT security dialogs


10.2. How to view file security on a Samba share


10.3. Viewing file ownership


10.4. Viewing file or directory permissions


10.4.1. File Permissions


10.4.2. Directory Permissions


10.5. Modifying file or directory permissions


10.6. Interaction with the standard Samba create mask parameters

If you want to set up a share that allows users full control in modifying the permission bits on their files and directories and doesn't force any particular bits to be set 'on', then set the following - parameters in the smb.conf(5) - smb.conf file in that share specific section :


10.7. Interaction with the standard Samba file attribute mapping

Starting with Samba 3.0 alpha 2, a new group mapping function is available. The current method (likely to change) to manage the groups is a new command called -smbgroupeditsmbgroupedit.

The first immediate reason to use the group mapping on a PDC, is that @@ -9000,9 +9179,9 @@ member machine (an NT/W2K or a samba server running winbind), you would like to give access to a certain directory to some users who are member of a group on your samba PDC. Flag that group as a domain group by running:

smbgroupedit -a unixgroup -tdsmbgroupedit -a unixgroup -td

You can list the various groups in the mapping database like this

12.1. Introduction


12.2. Configuration


12.2.1. Creating [print$]


12.2.2. Setting Drivers for Existing Printers


12.2.3. Support a large number of printers


12.2.4. Adding New Printers via the Windows NT APW


12.2.5. Samba and Printer Ports


12.3. The Imprints Toolset


12.3.1. What is Imprints?


12.3.2. Creating Printer Driver Packages


12.3.3. The Imprints server


12.3.4. The Installation Client


12.4. Diagnosis


13.3. CUPS - RAW Print Through Mode

Firstly, to enable CUPS based printing from Samba the following options must be -enabled in your smb.conf file [globals] section: +enabled in your smb.conf file [globals] section:

-When these parameters are specified the print directives in smb.conf (as well as in +When these parameters are specified the print directives in smb.conf (as well as in samba itself) will be ignored because samba will directly interface with CUPS through it's application program interface (API) - so long as Samba has been compiled with CUPS library (libcups) support. If samba has NOT been compiled with CUPS support then @@ -10731,7 +10919,7 @@ CLASS="SECT1" >

13.4. CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe PostScript driver with CUPS-PPDs downloaded to clients


13.5. Windows Terminal Servers (WTS) as CUPS clients


13.6. Setting up CUPS for driver download

cupsadsmb utility (shipped with all current CUPS versions) makes the sharing of any (or all) installed CUPS printers very -easy. Prior to using it, you need the following settings in smb.conf:

smb.conf:


13.7. Sources of CUPS drivers / PPDs


13.7.1. cupsaddsmb

13.8. The CUPS Filter Chains


13.9. CUPS Print Drivers and Devices


13.9.1. Further printing steps


13.10. Limiting the number of pages users can print


13.11. Advanced Postscript Printing from MS Windows


13.12. Auto-Deletion of CUPS spool files

Samba print files pass thru two "spool" directories. One the incoming directory -managed by Samba, (set eg: in the "path = /var/spool/samba" directive in the [printers] -section of "smb.conf"). Second is the spool directory of your UNIX print subsystem. +managed by Samba, (set eg: in the path = /var/spool/samba directive in the [printers] +section of smb.conf). Second is the spool directory of your UNIX print subsystem. For CUPS it is normally "/var/spool/cups/", as set by the cupsd.conf directive "RequestRoot /var/spool/cups".

a Samba-smbd which is compiled against "libcups" (Check on Linux by running "ldd `which smbd`") +> a Samba-smbd which is compiled against "libcups" (Check on Linux by running ldd `which smbd`) a Samba-smb.conf setting of "printing = cups" +> a Samba-smb.conf setting of printing = cups another Samba-smb.conf setting of "printcap = cups" +> another Samba-smb.conf setting of printcap = cups

14.1. Abstract


14.2. Introduction


14.3. What Winbind Provides


14.3.1. Target Uses


14.4. How Winbind Works


14.4.1. Microsoft Remote Procedure Calls


14.4.2. Microsoft Active Directory Services


14.4.3. Name Service Switch


14.4.4. Pluggable Authentication Modules


14.4.5. User and Group ID Allocation


14.4.6. Result Caching


14.5. Installation and Configuration


14.5.1. Introduction


14.5.2. Requirements


14.5.3. Testing Things Out


14.5.3.1. Configure and compile SAMBA


14.5.3.2. Configure nsswitch.conf

14.5.3.3. Configure smb.conf


14.5.3.4. Join the SAMBA server to the PDC domain


14.5.3.5. Start up the winbindd daemon and test it!


14.5.3.6. Fix the init.d startup scripts

logon path = \\%L\Profiles\%u +where %L translates to the name of the Samba server and %u translates to the user name

The default for this option is \\%N\%U\profile, namely \\sambaserver\username\profile. The \\N%\%U service is created automatically by the [homes] service. If you are using @@ -15222,12 +15430,9 @@ ALIGN="LEFT" VALIGN="TOP" >

MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the homeshomes meta-service name as part of the profile share path.


17.1.1.2. Windows 9x / Me User Profiles

To support Windows 9x / Me clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter.

net use /home now works as well, and it, too, relies +on the logon home< parameter.

By using the logon home parameter, you are restricted to putting Win9x / Me profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your smb.conf file:

[global] section of your smb.conf file:

then your Windows 9x / Me clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden).

.profiles (thus making them hidden).

Not only that, but 'net use/home' will also work, because of a feature in +>Not only that, but net use/home will also work, because of a feature in Windows 9x / Me. It removes any directory stuff off the end of the home directory area and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home".

logon home
.


17.1.1.3. Mixed Windows 9x / Me and Windows NT4/200x User Profiles

You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example:

logon home and logon path parameters. For example:


17.1.2. Windows Client Profile Configuration Information

17.1.2.1. Windows 9x / Me Profile Setup


17.1.2.2. Windows NT4 Workstation


17.1.2.3. Windows 2000/XP Professional


17.1.3. Sharing Profiles between W9x/Me and NT4/200x/XP workstations


17.1.4. Profile Migration from Windows NT4/200x Server to Samba


17.1.4.1. Windows NT4 Profile Management Tools


17.1.4.2. Side bar Notes


17.1.4.3. moveuser.exe


17.1.4.4. Get SID


17.2. Mandatory profiles


17.3. Creating/Managing Group Profiles


17.4. Default Profile for Windows Users


17.4.1. MS Windows 9x/Me


17.4.1.1. How User Profiles Are Handled in Windows 9x / Me?


17.4.2. MS Windows NT4 Workstation


17.4.3. MS Windows 200x/XP


Chapter 18. PAM Configuration for Centrally Managed Authentication

Chapter 18. Interdomain Trust Relationships

Samba-3 supports NT4 style domain trust relationships. This is feature that many sites +will want to use if they migrate to Samba-3 from and NT4 style domain and do NOT want to +adopt Active Directory or an LDAP based authentication back end. This section explains +some background information regarding trust relationships and how to create them. It is now +possible for Samba3 to NT4 trust (and vica versa), as well as Samba3 to Samba3 trusts.


18.1. Samba and PAM18.1. Trust Relationship Background

A number of Unix systems (eg: Sun Solaris), as well as the -xxxxBSD family and Linux, now utilize the Pluggable Authentication -Modules (PAM) facility to provide all authentication, -authorization and resource control services. Prior to the -introduction of PAM, a decision to use an alternative to -the system password database (/etc/passwd) -would require the provision of alternatives for all programs that provide -security services. Such a choice would involve provision of -alternatives to such programs as: login, -passwd, chown, etc.

MS Windows NT3.x/4.0 type security domains employ a non-hierchical security structure. +The limitations of this architecture as it affects the scalability of MS Windows networking +in large organisations is well known. Additionally, the flat-name space that results from +this design significantly impacts the delegation of administrative responsibilities in +large and diverse organisations.

Microsoft developed Active Directory Service (ADS), based on Kerberos and LDAP, as a means +of circumventing the limitations of the older technologies. Not every organisation is ready +or willing to embrace ADS. For small companies the older NT4 style domain security paradigm +is quite adequate, there thus remains an entrenched user base for whom there is no direct +desire to go through a disruptive change to adopt ADS.

Microsoft introduced with MS Windows NT the ability to allow differing security domains +to affect a mechanism so that users from one domain may be given access rights and privilidges +in another domain. The language that describes this capability is couched in terms of +Trusts. Specifically, one domain will trust the users +from another domain. The domain from which users are available to another security domain is +said to be a trusted domain. The domain in which those users have assigned rights and privilidges +is the trusting domain. With NT3.x/4.0 all trust relationships are always in one direction only, +thus if users in both domains are to have privilidges and rights in each others' domain, then it is +necessary to establish two (2) relationships, one in each direction.

PAM provides a mechanism that disconnects these security programs -from the underlying authentication/authorization infrastructure. -PAM is configured either through one file /etc/pam.conf (Solaris), -or by editing individual files that are located in /etc/pam.d.

In an NT4 style MS security domain, all trusts are non-transitive. This means that if there +are three (3) domains (let's call them RED, WHITE, and BLUE) where RED and WHITE have a trust +relationship, and WHITE and BLUE have a trust relationship, then it holds that there is no +implied trust between the RED and BLUE domains. ie: Relationships are explicit and not +transitive.

New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way +by default. Also, all inter-ADS domain trusts are transitive. In the case of the RED, WHITE and BLUE +domains above, with Windows 2000 and ADS the RED and BLUE domains CAN trust each other. This is +an inherent feature of ADS domains.


18.2. MS Windows NT4 Trust Configuration

There are two steps to creating an inter-domain trust relationship.


18.2.1. NT4 as the Trusting Domain

For MS Windows NT4, all domain trust relationships are configured using the Domain User Manager. +To affect a two way trust relationship it is necessary for each domain administrator to make +available (for use by an external domain) it's security resources. This is done from the Domain +User Manager Policies entry on the menu bar. From the Policy menu, select Trust Relationships, then +next to the lower box that is labelled "Permitted to Trust this Domain" are two buttons, "Add" and +"Remove". The "Add" button will open a panel in which needs to be entered the remote domain that +will be able to assign user rights to your domain. In addition it is necessary to enter a password +that is specific to this trust relationship. The password is added twice.


18.2.2. NT4 as the Trusted Domain

A trust relationship will work only when the other (trusting) domain makes the appropriate connections +with the trusted domain. To consumate the trust relationship the administrator will launch the +Domain User Manager, from the menu select Policies, then select Trust Relationships, then click on the +"Add" button that is next to the box that is labelled "Trusted Domains". A panel will open in +which must be entered the name of the remote domain as well as the password assigned to that trust.


18.3. Configuring Samba Domain Trusts

This descitpion is meant to be a fairly short introduction about how to set up a Samba server so +that it could participate in interdomain trust relationships. Trust relationship support in Samba +is in its early stage, so lot of things don't work yet. Paricularly, the contents of this document +applies to NT4-style trusts.

Each of the procedures described below is treated as they were performed with Windows NT4 Server on +one end. The other end could just as well be another Samba3 domain. It can be clearly seen, after +reading this document, that combining Samba-specific parts of what's written below leads to trust +between domains in purely Samba environment.


18.3.1. Samba3 as the Trusting Domain

In order to set Samba PDC to be trusted party of the relationship first you need +to create special account for domain that will be the trusting party. To do that, +you can use 'smbpasswd' utility. Creating the trusted domain account is very +similiar to creating the connection to the trusting machine's account. Suppose, +your domain is called SAMBA, and the remote domain is called RUMBA. Your first +step will be to issue this command from your favourite shell:

	deity# smbpasswd -a -i rumba
+	New SMB password: XXXXXXXX
+	Retype SMB password: XXXXXXXX
+	Added user rumba$
+
+	where:
+		-a means to add a new account into the passdb database
+		-i means create this account with the Inter-Domain trust flag
+
+	The account name will be 'rumba$' (the name ofthe remote domain)

fter issuing this command you'll be asked for typing account's +password. You can use any password you want, but be aware that Windows NT will +not change this password until 7 days have passed since account creating. +After command returns successfully, you can look at your new account's entry +(in the way depending on your configuration) and see that account's name is +really RUMBA$ and it has 'I' flag in the flags field. Now you're ready to confirm +the trust by establishing it from Windows NT Server.

Open 'User Manager for Domains' and from menu 'Policies' select 'Trust Relationships...'. +Right beside 'Trusted domains' list press 'Add...' button. You'll be prompted for +trusted domain name and the relationship's password. Type in SAMBA, as this is +your domain name and the password you've just used during account creation. +Press OK and if everything went fine, you will see 'Trusted domain relationship +successfully established' message. Well done.


18.3.2. Samba3 as the Trusted Domain

This time activities are somewhat reversed. Again, we'll assume that your domain +controlled by Samba PDC is called SAMBA and NT-controlled domain is called RUMBA.

The very first thing is to add account for SAMBA domain on RUMBA's PDC.

Launch the Domain User Manager, then from the menu select 'Policies', 'Trust Relationships'. +Now, next to 'Trusted Domains' box press the 'Add' button, and type in the name of the trusted +domein (SAMBA) and password securing the relationship.

Password can be arbitrarily chosen the more, because it's easy to change it +from Samba server whenever you want. After confirming password your account is +ready and waiting. Now it's Samba's turn.

Using your favourite shell while being logged on as root, issue this command:

	deity#  net rpc trustdom establish rumba

You'll be prompted for password you've just typed on your Windows NT4 Server box. +Don't worry if you will see the error message with returned code of +NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT. It means the +password you gave is correct and the NT4 Server says the account is ready for trusting your domain +and not for ordinary connection. After that, be patient it can take a while (especially +in large networks), you should see 'Success' message. Contgratulations! Your trust +relationship has just been established.

Note that you have to run this command as root, since you need write access to +your secrets.tdb file.


Chapter 19. PAM Configuration for Centrally Managed Authentication

19.1. Samba and PAM

A number of Unix systems (eg: Sun Solaris), as well as the +xxxxBSD family and Linux, now utilize the Pluggable Authentication +Modules (PAM) facility to provide all authentication, +authorization and resource control services. Prior to the +introduction of PAM, a decision to use an alternative to +the system password database (/etc/passwd) +would require the provision of alternatives for all programs that provide +security services. Such a choice would involve provision of +alternatives to such programs as: login, +passwd, chown, etc.

PAM provides a mechanism that disconnects these security programs +from the underlying authentication/authorization infrastructure. +PAM is configured either through one file /etc/pam.conf (Solaris), +or by editing individual files that are located in /etc/pam.d.


18.2. Distributed Authentication19.2. Distributed Authentication

The astute administrator will realize from this that the @@ -16891,8 +17368,8 @@ CLASS="SECT1" >


18.3. PAM Configuration in smb.conf19.3. PAM Configuration in smb.conf

There is an option in smb.conf called Chapter 19. Stackable VFS modulesChapter 20. Stackable VFS modules

19.1. Introduction and configuration20.1. Introduction and configuration

Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -16980,16 +17457,16 @@ CLASS="SECT1" >


19.2. Included modules20.2. Included modules

19.2.1. audit20.2.1. audit

A simple module to audit file access to the syslog @@ -17026,8 +17503,8 @@ CLASS="SECT2" >


19.2.2. extd_audit20.2.2. extd_audit

This module is identical with the


19.2.3. recycle20.2.3. recycle

A recycle-bin like modules. When used any unlink call @@ -17119,8 +17596,8 @@ CLASS="SECT2" >


19.2.4. netatalk20.2.4. netatalk

A netatalk module, that will ease co-existence of samba and @@ -17152,8 +17629,8 @@ CLASS="SECT1" >


19.3. VFS modules available elsewhere20.3. VFS modules available elsewhere

This section contains a listing of various other VFS modules that @@ -17168,8 +17645,8 @@ CLASS="SECT2" >


19.3.1. DatabaseFS20.3.1. DatabaseFS

URL:


19.3.2. vscan20.3.2. vscan

URL: Chapter 20. Hosting a Microsoft Distributed File System tree on SambaChapter 21. Hosting a Microsoft Distributed File System tree on Samba

20.1. Instructions21.1. Instructions

The Distributed File System (or Dfs) provides a means of @@ -17364,8 +17841,8 @@ CLASS="SECT2" >


20.1.1. Notes21.1.1. Notes

Chapter 21. Integrating MS Windows networks with SambaChapter 22. Integrating MS Windows networks with Samba

This section deals with NetBIOS over TCP/IP name to IP address resolution. If you your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this @@ -17480,8 +17957,8 @@ CLASS="SECT1" >


21.1. Name Resolution in a pure Unix/Linux world22.1. Name Resolution in a pure Unix/Linux world

The key configuration files covered in this section are:


21.1.1. 22.1.1. /etc/hosts

21.1.2. 22.1.2. /etc/resolv.conf

21.1.3. 22.1.3. /etc/host.conf

21.1.4. 22.1.4. /etc/nsswitch.conf

21.2. Name resolution as used within MS Windows networking22.2. Name resolution as used within MS Windows networking

MS Windows networking is predicated about the name each machine @@ -17824,8 +18301,8 @@ CLASS="SECT2" >


21.2.1. The NetBIOS Name Cache22.2.1. The NetBIOS Name Cache

All MS Windows machines employ an in memory buffer in which is @@ -17851,8 +18328,8 @@ CLASS="SECT2" >


21.2.2. The LMHOSTS file22.2.2. The LMHOSTS file

This file is usually located in MS Windows NT 4.0 or @@ -17954,8 +18431,8 @@ CLASS="SECT2" >


21.2.3. HOSTS file22.2.3. HOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in @@ -17976,8 +18453,8 @@ CLASS="SECT2" >


21.2.4. DNS Lookup22.2.4. DNS Lookup

This capability is configured in the TCP/IP setup area in the network @@ -17996,8 +18473,8 @@ CLASS="SECT2" >


21.2.5. WINS Lookup22.2.5. WINS Lookup

A WINS (Windows Internet Name Server) service is the equivaent of the @@ -18017,7 +18494,10 @@ CLASS="PROGRAMLISTING" >

To configure Samba to use a WINS server the following parameters are -needed in the smb.conf file:

smb.conf file:

Chapter 22. Improved browsing in samba

Chapter 23. Improved browsing in samba

22.1. Overview of browsing23.1. Overview of browsing

SMB networking provides a mechanism by which clients can access a list @@ -18077,12 +18557,18 @@ CLASS="SECT1" >


22.2. Browsing support in samba23.2. Browsing support in samba

Samba facilitates browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)). +>Samba facilitates browsing. The browsing is supported by nmbd +and is also controlled by options in the smb.conf file. Samba can act as a local browse master for a workgroup and the ability for samba to support domain logons and scripts is now available.


22.3. Problem resolution23.3. Problem resolution

If something doesn't work then hopefully the log.nmb file will help @@ -18199,15 +18685,18 @@ server resources.

The other big problem people have is that their broadcast address, netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf)

smb.conf)


22.4. Browsing across subnets23.4. Browsing across subnets

Since the release of Samba 1.9.17(alpha1) Samba has been @@ -18231,14 +18720,17 @@ another subnet without using a WINS server.

smb.conf file.


22.4.1. How does cross subnet browsing work ?23.4.1. How does cross subnet browsing work ?

Cross subnet browsing is a complicated dance, containing multiple @@ -18448,13 +18940,16 @@ CLASS="SECT1" >


22.5. Setting up a WINS server23.5. Setting up a WINS server

Either a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : +add the following option to the smb.conf file on the selected machine : in the [globals] section add the line

smb.conf files :

where >name or IP address< is either the DNS name of the WINS server machine or its IP address.

Note that this line MUST NOT BE SET in the smb.conf file of the Samba +>Note that this line MUST NOT BE SET in the smb.conf file of the Samba server acting as the WINS server itself. If you set both the


22.6. Setting up Browsing in a WORKGROUP23.6. Setting up Browsing in a WORKGROUP

To set up cross subnet browsing on a network containing machines @@ -18553,7 +19054,10 @@ cross subnet browsing possible for a workgroup.

In an WORKGROUP environment the domain master browser must be a Samba server, and there must only be one domain master browser per workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file :

smb.conf file :

The domain master browser should also preferrably be the local master browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file :

smb.conf file :

smb.conf file :


22.7. Setting up Browsing in a DOMAIN23.7. Setting up Browsing in a DOMAIN

If you are adding Samba servers to a Windows NT Domain then @@ -18710,7 +19220,7 @@ CLASS="SECT1" CLASS="SECT1" >22.8. Forcing samba to be the master23.8. Forcing samba to be the master

Who becomes the


22.9. Making samba the domain master23.9. Making samba the domain master

The domain master is responsible for collating the browse lists of @@ -18869,8 +19379,8 @@ CLASS="SECT1" >


22.10. Note about broadcast addresses23.10. Note about broadcast addresses

If your network uses a "0" based broadcast address (for example if it @@ -18883,8 +19393,8 @@ CLASS="SECT1" >


22.11. Multiple interfaces23.11. Multiple interfaces

Samba now supports machines with multiple network interfaces. If you @@ -18892,10 +19402,10 @@ have multiple interfaces then you will need to use the interfaces -option in smb.conf to configure them. See smb.conf(5) for details.

smb.conf to configure them.

Chapter 23. Securing SambaChapter 24. Securing Samba

23.1. Introduction24.1. Introduction

This note was attached to the Samba 2.2.8 release notes as it contained an @@ -18923,8 +19433,8 @@ CLASS="SECT1" >


23.2. Using host based protection24.2. Using host based protection

In many installations of Samba the greatest threat comes for outside @@ -18933,8 +19443,17 @@ any host, which means that if you run an insecure version of Samba on a host that is directly connected to the Internet you can be especially vulnerable.

One of the simplest fixes in this case is to use the 'hosts allow' and -'hosts deny' options in the Samba smb.conf configuration file to only +>One of the simplest fixes in this case is to use the hosts allow and +hosts deny options in the Samba smb.conf configuration file to only allow access to your server from a specific range of hosts. An example might be:


23.3. Using interface protection24.3. Using interface protection

By default Samba will accept connections on any network interface that @@ -18991,8 +19510,8 @@ CLASS="SECT1" >


23.4. Using a firewall24.4. Using a firewall

Many people use a firewall to deny access to services that they don't @@ -19021,8 +19540,8 @@ CLASS="SECT1" >


23.5. Using a IPC$ share deny24.5. Using a IPC$ share deny

If the above methods are not suitable, then you could also place a @@ -19060,11 +19579,15 @@ CLASS="SECT1" >


23.6. Upgrading Samba24.6. Upgrading Samba

Please check regularly on http://www.samba.org/ for updates and +>Please check regularly on http://www.samba.org/ for updates and important announcements. Occasionally security releases are made and it is highly recommended to upgrade Samba when a security vulnerability is discovered.

Chapter 24. Unicode/CharsetsChapter 25. Unicode/Charsets

24.1. What are charsets and unicode?25.1. What are charsets and unicode?

Computers communicate in numbers. In texts, each number will be @@ -19132,8 +19655,8 @@ CLASS="SECT1" >


24.2. Samba and charsets25.2. Samba and charsets

As of samba 3.0, samba can (and will) talk unicode over the wire. Internally, @@ -19185,8 +19708,6 @@ CLASS="COMMAND" >

Table of Contents
25. 26. SWAT - The Samba Web Admininistration Tool
25.1. 26.1. SWAT Features and Benefits
25.1.1. 26.1.1. The SWAT Home Page
25.1.2. 26.1.2. Global Settings
25.1.3. 26.1.3. The SWAT Wizard
25.1.4. 26.1.4. Share Settings
25.1.5. 26.1.5. Printing Settings
25.1.6. 26.1.6. The Status Page
25.1.7. 26.1.7. The Password Change Page
26. 27. Migration from NT4 PDC to Samba-3 PDC
26.1. 27.1. Planning and Getting Started
26.1.1. 27.1.1. Objectives
26.1.2. 27.1.2. Steps In Migration Process
26.2. 27.2. Managing Samba-3 Domain Control
27. 28. Samba performance issues
27.1. 28.1. Comparisons
27.2. 28.2. Socket options
27.3. 28.3. Read size
27.4. 28.4. Max xmit
27.5. 28.5. Log level
27.6. 28.6. Read raw
27.7. 28.7. Write raw
27.8. 28.8. Slow Clients
27.9. 28.9. Slow Logins
27.10. 28.10. Client tuning
28. 29. Portability
28.1. 29.1. HPUX
28.2. 29.2. SCO Unix
28.3. 29.3. DNIX
28.4. 29.4. RedHat Linux Rembrandt-II
28.5. 29.5. AIX
28.5.1. 29.5.1. Sequential Read Ahead
29. 30. Samba and other CIFS clients
29.1. 30.1. Macintosh clients?
29.2. 30.2. OS2 Client
29.2.1. 30.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
29.2.2. 30.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
29.2.3. 30.2.3. Are there any other issues when OS/2 (any version) is used as a client?
29.2.4. 30.2.4. How do I get printer driver download working for OS/2 clients?
29.3. 30.3. Windows for Workgroups
29.3.1. 30.3.1. Use latest TCP/IP stack from Microsoft
29.3.2. 30.3.2. Delete .pwl files after password change
29.3.3. 30.3.3. Configure WfW password handling
29.3.4. 30.3.4. Case handling of passwords
29.3.5. 30.3.5. Use TCP/IP as default protocol
29.4. 30.4. Windows '95/'98
29.5. 30.5. Windows 2000 Service Pack 2
29.6. 30.6. Windows NT 3.1
30. 31. How to compile SAMBA
30.1. 31.1. Access Samba source code via CVS
30.1.1. 31.1.1. Introduction
30.1.2. 31.1.2. CVS Access to samba.org
30.2. 31.2. Accessing the samba sources via rsync and ftp
30.3. 31.3. Building the Binaries
30.3.1. 31.3.1. Compiling samba with Active Directory support
30.4. 31.4. Starting the smbd and nmbd
30.4.1. 31.4.1. Starting from inetd.conf
30.4.2. 31.4.2. Alternative: starting it as a daemon
31. 32. Reporting Bugs
31.1. 32.1. Introduction
31.2. 32.2. General info
31.3. 32.3. Debug levels
31.4. 32.4. Internal errors
31.5. 32.5. Attaching to a running process
31.6. 32.6. Patches
32. 33. The samba checklist
32.1. 33.1. Introduction
32.2. 33.2. Assumptions
32.3. 33.3. The tests
32.4. 33.4. Still having troubles?
Chapter 25. SWAT - The Samba Web Admininistration ToolChapter 26. SWAT - The Samba Web Admininistration Tool

This is a rough guide to SWAT.


25.1. SWAT Features and Benefits26.1. SWAT Features and Benefits

You must use at least the following ...


25.1.1. The SWAT Home Page26.1.1. The SWAT Home Page

Blah blah here.


25.1.2. Global Settings26.1.2. Global Settings

Document steps right here!


25.1.3. The SWAT Wizard26.1.3. The SWAT Wizard

Lots of blah blah here.


25.1.4. Share Settings26.1.4. Share Settings

Document steps right here!


25.1.5. Printing Settings26.1.5. Printing Settings

Document steps right here!


25.1.6. The Status Page26.1.6. The Status Page

Document steps right here!


25.1.7. The Password Change Page26.1.7. The Password Change Page

Document steps right here!

Chapter 26. Migration from NT4 PDC to Samba-3 PDCChapter 27. Migration from NT4 PDC to Samba-3 PDC

This is a rough guide to assist those wishing to migrate from NT4 domain control to Samba-3 based domain control.


26.1. Planning and Getting Started27.1. Planning and Getting Started

You must use at least the following ...


26.1.1. Objectives27.1.1. Objectives

Blah blah objectives here.


26.1.2. Steps In Migration Process27.1.2. Steps In Migration Process

Document steps right here!


26.2. Managing Samba-3 Domain Control27.2. Managing Samba-3 Domain Control

Lots of blah blah here.

Chapter 27. Samba performance issuesChapter 28. Samba performance issues

27.1. Comparisons28.1. Comparisons

The Samba server uses TCP to talk to the client. Thus if you are @@ -19824,8 +20345,8 @@ CLASS="SECT1" >


27.2. Socket options28.2. Socket options

There are a number of socket options that can greatly affect the @@ -19852,8 +20373,8 @@ CLASS="SECT1" >


27.3. Read size28.3. Read size

The option "read size" affects the overlap of disk reads/writes with @@ -19878,8 +20399,8 @@ CLASS="SECT1" >


27.4. Max xmit28.4. Max xmit

At startup the client and server negotiate a "maximum transmit" size, @@ -19901,8 +20422,8 @@ CLASS="SECT1" >


27.5. Log level28.5. Log level

If you set the log level (also known as "debug level") higher than 2 @@ -19915,8 +20436,8 @@ CLASS="SECT1" >


27.6. Read raw28.6. Read raw

The "read raw" operation is designed to be an optimised, low-latency @@ -19937,8 +20458,8 @@ CLASS="SECT1" >


27.7. Write raw28.7. Write raw

The "write raw" operation is designed to be an optimised, low-latency @@ -19954,8 +20475,8 @@ CLASS="SECT1" >


27.8. Slow Clients28.8. Slow Clients

One person has reported that setting the protocol to COREPLUS rather @@ -19971,8 +20492,8 @@ CLASS="SECT1" >


27.9. Slow Logins28.9. Slow Logins

Slow logins are almost always due to the password checking time. Using @@ -19984,8 +20505,8 @@ CLASS="SECT1" >


27.10. Client tuning28.10. Client tuning

Often a speed problem can be traced to the client. The client (for @@ -20092,7 +20613,7 @@ CLASS="CHAPTER" >Chapter 28. PortabilityChapter 29. Portability

Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -20102,8 +20623,8 @@ CLASS="SECT1" >


28.1. HPUX29.1. HPUX

HP's implementation of supplementary groups is, er, non-standard (for @@ -20132,8 +20653,8 @@ CLASS="SECT1" >


28.2. SCO Unix29.2. SCO Unix

@@ -20149,8 +20670,8 @@ CLASS="SECT1" >


28.3. DNIX29.3. DNIX

DNIX has a problem with seteuid() and setegid(). These routines are @@ -20256,8 +20777,8 @@ CLASS="SECT1" >


28.4. RedHat Linux Rembrandt-II29.4. RedHat Linux Rembrandt-II

By default RedHat Rembrandt-II during installation adds an @@ -20280,19 +20801,22 @@ CLASS="SECT1" >


28.5. AIX29.5. AIX

28.5.1. Sequential Read Ahead29.5.1. Sequential Read Ahead

Disabling Sequential Read Ahead using "vmtune -r 0" improves +>Disabling Sequential Read Ahead using vmtune -r 0 improves samba performance significally.

Chapter 29. Samba and other CIFS clientsChapter 30. Samba and other CIFS clients

This chapter contains client-specific information.


29.1. Macintosh clients?30.1. Macintosh clients?

Yes.


29.2. OS2 Client30.2. OS2 Client

29.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN4330" +>30.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?


29.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN4345" +>30.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?


29.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN4354" +>30.2.3. Are there any other issues when OS/2 (any version) is used as a client?


29.2.4. How do I get printer driver download working +NAME="AEN4358" +>30.2.4. How do I get printer driver download working for OS/2 clients?


29.3. Windows for Workgroups30.3. Windows for Workgroups

29.3.1. Use latest TCP/IP stack from Microsoft30.3.1. Use latest TCP/IP stack from Microsoft

Use the latest TCP/IP stack from microsoft if you use Windows @@ -20567,8 +21091,8 @@ CLASS="SECT2" >


29.3.2. Delete .pwl files after password change30.3.2. Delete .pwl files after password change

WfWg does a lousy job with passwords. I find that if I change my @@ -20587,8 +21111,8 @@ CLASS="SECT2" >


29.3.3. Configure WfW password handling30.3.3. Configure WfW password handling

There is a program call admincfg.exe @@ -20606,8 +21130,8 @@ CLASS="SECT2" >


29.3.4. Case handling of passwords30.3.4. Case handling of passwords

Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the


29.3.5. Use TCP/IP as default protocol30.3.5. Use TCP/IP as default protocol

To support print queue reporting you may find @@ -20640,8 +21164,8 @@ CLASS="SECT1" >


29.4. Windows '95/'9830.4. Windows '95/'98

When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -20688,8 +21212,8 @@ CLASS="SECT1" >


29.5. Windows 2000 Service Pack 230.5. Windows 2000 Service Pack 2

@@ -20788,8 +21312,8 @@ CLASS="SECT1" >


29.6. Windows NT 3.130.6. Windows NT 3.1

If you have problems communicating across routers with Windows @@ -20806,7 +21330,7 @@ CLASS="CHAPTER" >Chapter 30. How to compile SAMBAChapter 31. How to compile SAMBA

You can obtain the samba source from the


30.1. Access Samba source code via CVS31.1. Access Samba source code via CVS

30.1.1. Introduction31.1.1. Introduction

Samba is developed in an open environment. Developers use CVS @@ -20849,8 +21373,8 @@ CLASS="SECT2" >


30.1.2. CVS Access to samba.org31.1.2. CVS Access to samba.org

The machine samba.org runs a publicly accessible CVS @@ -20862,8 +21386,8 @@ CLASS="SECT3" >


30.1.2.1. Access via CVSweb31.1.2.1. Access via CVSweb

You can access the source code via your @@ -20883,8 +21407,8 @@ CLASS="SECT3" >


30.1.2.2. Access via cvs31.1.2.2. Access via cvs

You can also access the source code via a @@ -20988,8 +21512,8 @@ CLASS="SECT1" >


30.2. Accessing the samba sources via rsync and ftp31.2. Accessing the samba sources via rsync and ftp

pserver.samba.org also exports unpacked copies of most parts of the CVS tree at


30.3. Building the Binaries31.3. Building the Binaries

To do this, first run the program


30.3.1. Compiling samba with Active Directory support31.3.1. Compiling samba with Active Directory support

In order to compile samba with ADS support, you need to have installed @@ -21152,8 +21676,8 @@ CLASS="SECT3" >


30.3.1.1. Installing the required packages for Debian31.3.1.1. Installing the required packages for Debian

On Debian you need to install the following packages:


30.3.1.2. Installing the required packages for RedHat31.3.1.2. Installing the required packages for RedHat

On RedHat this means you should have at least:


30.4. Starting the smbd and nmbd31.4. Starting the smbd and nmbd

You must choose to start smbd and nmbd either @@ -21265,8 +21789,8 @@ CLASS="SECT2" >


30.4.1. Starting from inetd.conf31.4.1. Starting from inetd.conf

NOTE; The following will be different if @@ -21310,8 +21834,28 @@ CLASS="FILENAME" > varies between unixes. Look at the other entries in inetd.conf for a guide.

NOTE: Some unixes already have entries like netbios_ns +>Some unixes already have entries like netbios_ns (note the underscore) in /etc/services/etc/inetd.conf to make them consistent.

NOTE: On many systems you may need to use the - "interfaces" option in smb.conf to specify the IP address +>

On many systems you may need to use the + interfaces option in smb.conf to specify the IP address and netmask of your interfaces. Run ifconfig tries to determine it at run time, but fails on some unixes.


30.4.2. Alternative: starting it as a daemon31.4.2. Alternative: starting it as a daemon

To start the server as a daemon you should create @@ -21472,14 +22050,14 @@ CLASS="CHAPTER" >Chapter 31. Reporting BugsChapter 32. Reporting Bugs

31.1. Introduction32.1. Introduction

The email address for bug reports for stable releases is


31.2. General info32.2. General info

Before submitting a bug report check your config for silly @@ -21547,8 +22125,8 @@ CLASS="SECT1" >


31.3. Debug levels32.3. Debug levels

If the bug has anything to do with Samba behaving incorrectly as a @@ -21587,7 +22165,10 @@ CLASS="REPLACEABLE" CLASS="REPLACEABLE" >machine is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example +put any smb.conf commands you want, for example log level=


31.4. Internal errors32.4. Internal errors

If you get a "INTERNAL ERROR" message in your log files it means that @@ -21682,8 +22263,8 @@ CLASS="SECT1" >


31.5. Attaching to a running process32.5. Attaching to a running process

Unfortunately some unixes (in particular some recent linux kernels) @@ -21714,8 +22295,8 @@ CLASS="SECT1" >


31.6. Patches32.6. Patches

The best sort of bug report is one that includes a fix! If you send us @@ -21737,14 +22318,14 @@ CLASS="CHAPTER" >Chapter 32. The samba checklistChapter 33. The samba checklist

32.1. Introduction33.1. Introduction

This file contains a list of tests you can perform to validate your @@ -21765,8 +22346,8 @@ CLASS="SECT1" >


32.2. Assumptions33.2. Assumptions

In all of the tests it is assumed you have a Samba server called @@ -21775,8 +22356,21 @@ BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.

The procedure is similar for other types of clients.

It is also assumed you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf:

smb.conf. I will assume this share is called tmp. +You can add a tmp share like by adding the +following to smb.conf:

THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS

These tests assume version 3.0 or later of the samba suite. Some commands shown did not exist in earlier versions.

Please pay attention to the error messages you receive. If any error message reports that your server is being unfriendly you should first check that you -IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf file points to name servers that really do exist.

Also, if you do not have DNS server access for name resolution please check -that the settings for your smb.conf file results in "dns proxy = no". The -best way to check this is with "testparm smb.conf"

smb.conf file results in dns proxy = no. The +best way to check this is with testparm smb.conf.


32.3. The tests33.3. The tests

  • In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf +>In the directory in which you store your smb.conf file, run the command +testparm smb.conf. If it reports any errors then your smb.conf configuration file is faulty.

    Note: Your smb.conf file may be located in:

    Your smb.conf file may be located in: /etc/samba - Or in: /usr/local/samba/lib

  • Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from +>Run the command ping BIGSERVER from the PC and +ping ACLIENT from the unix box. If you don't get a valid response then your TCP/IP software is not correctly installed.

    If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to +software or /etc/hosts file is not correctly setup. +It is possible to run samba without DNS entries for the server and client, but I assume you do have correct entries for the remainder of these tests.

    Another reason why ping might fail is if your host is running firewall software. You will need to relax the rules to let in the workstation in question, perhaps by allowing access from another subnet (on Linux -this is done via the ipfwadm program.)

    ipfwadm program.)

  • Run the command "smbclient -L BIGSERVER" on the unix box. You +>Run the command smbclient -L BIGSERVER on the unix box. You should get a list of available shares back.

    If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines.

    hosts allow, +hosts deny or valid users line in your +smb.conf, or your guest account is not +valid. Check what your guest account is using testparm and +temporarily remove any hosts allow, hosts deny, valid users or invalid users lines.

    If you get a "connection refused" response then the smbd server may not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a".

    netstat -a.

    If you get a "session request failed" then the server refused the connection. If it says "Your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" +its probably because you have invalid command line parameters to smbd, +or a similar fatal problem with the initial startup of smbd. Also +check your config file (smb.conf) for syntax errors with testparm and that the various directories where samba keeps its log and lock files exist.

    There are a number of reasons for which smbd may refuse or decline a session request. The most common of these involve one or more of -the following smb.conf file entries:

    smb.conf
    file entries:

    Do NOT use the "bind interfaces only" parameter where you may wish to -use the samba password change facility, or where smbclient may need to +>Do NOT use the bind interfaces only parameter where you +may wish to +use the samba password change facility, or where smbclient may need to access local service for name resolution or for local resource -connections. (Note: the "bind interfaces only" parameter deficiency +connections. (Note: the bind interfaces only parameter deficiency where it will not allow connections to the loopback address will be fixed soon).

    Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration!

    inetd already) or +something like Digital's Pathworks. Check your inetd.conf file before trying +to start smbd as a daemon, it can avoid a lot of frustration!

    And yet another possible cause for failure of TEST 3 is when the subnet mask +>And yet another possible cause for failure of this test is when the subnet mask and / or broadcast address settings are incorrect. Please check that the network interface IP Address / Broadcast Address / Subnet Mask settings are -correct and that Samba has correctly noted these in the log.nmb file.

    log.nmb file.

  • Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the +>Run the command nmblookup -B BIGSERVER __SAMBA__. You should get the IP address of your Samba server back.

    If you don't then nmbd is incorrectly installed. Check your inetd.conf +>If you don't then nmbd is incorrectly installed. Check your inetd.conf if you run it from there, or that the daemon is running and listening to udp port 137.

  • run the command nmblookup -B ACLIENT '*'run the command nmblookup -B ACLIENT '*'

    You should get the PCs IP address back. If you don't then the client @@ -21942,9 +22697,9 @@ client in the above test.

  • Run the command nmblookup -d 2 '*'Run the command nmblookup -d 2 '*'

    This time we are trying the same as the previous test but are trying @@ -21957,11 +22712,20 @@ hosts.

    If this doesn't give a similar result to the previous test then nmblookup isn't correctly getting your broadcast address through its automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP +interfaces option in smb.conf to manually configure your IP address, broadcast and netmask.

    If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs +use the -B option to set the broadcast address to the that of the PCs subnet.

    This test will probably fail if your subnet mask and broadcast address are @@ -21969,29 +22733,65 @@ not correct. (Refer to TEST 3 notes above).

  • Run the command smbclient //BIGSERVER/TMPRun the command smbclient //BIGSERVER/TMP. You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with -another account then add the -U >accountname< option to the end of +another account then add the -U accountname option to the end of the command line. eg: -smbclient //bigserver/tmp -Ujohndoesmbclient //bigserver/tmp -Ujohndoe

    Note: It is possible to specify the password along with the username +>

    It is possible to specify the password along with the username as follows: -smbclient //bigserver/tmp -Ujohndoe%secretsmbclient //bigserver/tmp -Ujohndoe%secret

    Once you enter the password you should get the "smb>" prompt. If you +>Once you enter the password you should get the smb> prompt. If you don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf.

    smb.conf.

    If it says "bad password" then the likely causes are:

  • you have shadow passords (or some other password system) but didn't - compile in support for them in smbd + compile in support for them in smbd

  • your "valid users" configuration is incorrect +> your valid users configuration is incorrect

  • you have a mixed case password and you haven't enabled the "password - level" option at a high enough level +> you have a mixed case password and you haven't enabled the password + level option at a high enough level

  • the "path =" line in smb.conf is incorrect. Check it with testparm +> the path = line in smb.conf is incorrect. Check it with testparm

  • etc. Type help >command<help command for instructions. You should especially check that the amount of free disk space shown is correct when you type
  • On the PC type the command net view \\BIGSERVEROn the PC type the command net view \\BIGSERVER. You will need to do this from within a "dos prompt" window. You should get back a list of available shares on the server.

  • fixup the nmbd installation

    fixup the nmbd installation

  • add the IP address of BIGSERVER to the "wins server" box in the +> add the IP address of BIGSERVER to the wins server box in the advanced tcp/ip setup on the PC.

  • If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man +same fixes apply as they did for the smbclient -L test above. In +particular, make sure your hosts allow line is correct (see the man pages)

    Also, do not overlook that fact that when the workstation requests the @@ -22100,22 +22933,47 @@ name and password.

    If you get "specified computer is not receiving requests" or similar it probably means that the host is not contactable via tcp services. Check to see if the host is running tcp wrappers, and if so add an entry in -the hosts.allow file for your client (or subnet, etc.)

    hosts.allow file for your client (or subnet, etc.)

  • Run the command net use x: \\BIGSERVER\TMPRun the command net use x: \\BIGSERVER\TMP. You should be prompted for a password then you should get a "command completed successfully" message. If not then your PC software is incorrectly -installed or your smb.conf is incorrect. make sure your "hosts allow" -and other config lines in smb.conf are correct.

    hosts allow +and other config lines in smb.conf are correct.

    It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the +connect you as. To see if this is the problem add the line user = +username to the [tmp] section of +smb.conf where username is the username corresponding to the password you typed. If you find this fixes things you may need the username mapping option.

    in smb.conf. +> Turn it back on to fix.

  • Run the command nmblookup -M TESTGROUPRun the command nmblookup -M testgroup where -TESTGROUP is the name of the workgroup that your Samba server and +testgroup is the name of the workgroup that your Samba server and Windows PCs belong to. You should get back the IP address of the master browser for that workgroup.

    If you don't then the election process has failed. Wait a minute to see if it is just being slow then try again. If it still fails after -that then look at the browsing options you have set in smb.conf. Make +that then look at the browsing options you have set in smb.conf. Make sure you have preferred master = yespassword server = Windows_NT_Machine in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile).

    smb.conf file, or make sure encrypted passwords is +set to "yes".


  • 32.4. Still having troubles?33.4. Still having troubles?

    Try the mailing list or newsgroup, or use the ethereal utility to @@ -22194,8 +23067,6 @@ HREF="http://samba.org/samba" TARGET="_top" >http://samba.org/samba/

    Also look at the other docs in the Samba package!