From 20967627378194121bc48bf387838b8bd7682478 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Mar 2003 16:48:14 +0000 Subject: Regenerate (This used to be commit 25db62e3101dbcae8e9daee3cb16430297afa223) --- docs/htmldocs/integrate-ms-networks.html | 188 +++++++++++++++---------------- 1 file changed, 88 insertions(+), 100 deletions(-) (limited to 'docs/htmldocs/integrate-ms-networks.html') diff --git a/docs/htmldocs/integrate-ms-networks.html b/docs/htmldocs/integrate-ms-networks.html index 8299a456bb..99614cfb3f 100644 --- a/docs/htmldocs/integrate-ms-networks.html +++ b/docs/htmldocs/integrate-ms-networks.html @@ -5,7 +5,7 @@ >Integrating MS Windows networks with Samba

9.1. Agenda

9.1. Agenda

To identify the key functional mechanisms of MS Windows networking to enable the deployment of Samba as a means of extending and/or @@ -147,9 +147,9 @@ CLASS="SECT1" >

9.2. Name Resolution in a pure Unix/Linux world

9.2. Name Resolution in a pure Unix/Linux world

The key configuration files covered in this section are:

9.2.1. /etc/hosts

Contains a static list of IP Addresses and names. @@ -270,11 +270,11 @@ CLASS="SECT2" >

9.2.2. /etc/resolv.conf

This file tells the name resolution libraries:

9.2.3. /etc/host.conf

9.2.4. /etc/nsswitch.conf

This file controls the actual name resolution targets. The @@ -406,9 +406,9 @@ CLASS="SECT1" >

9.3. Name resolution as used within MS Windows networking

9.3. Name resolution as used within MS Windows networking

MS Windows networking is predicated about the name each machine is given. This name is known variously (and inconsistently) as @@ -428,16 +428,16 @@ the client/server.

	Unique NetBIOS Names:
-		MACHINENAME<00>	= Server Service is running on MACHINENAME
-		MACHINENAME<03> = Generic Machine Name (NetBIOS name)
-		MACHINENAME<20> = LanMan Server service is running on MACHINENAME
-		WORKGROUP<1b> = Domain Master Browser
+		MACHINENAME<00>	= Server Service is running on MACHINENAME
+		MACHINENAME<03> = Generic Machine Name (NetBIOS name)
+		MACHINENAME<20> = LanMan Server service is running on MACHINENAME
+		WORKGROUP<1b> = Domain Master Browser
 
 	Group Names:
-		WORKGROUP<03> = Generic Name registered by all members of WORKGROUP
-		WORKGROUP<1c> = Domain Controllers / Netlogon Servers
-		WORKGROUP<1d> = Local Master Browsers
-		WORKGROUP<1e> = Internet Name Resolvers

It should be noted that all NetBIOS machines register their own @@ -456,7 +456,7 @@ be needed. An example of this is what happens when an MS Windows client wants to locate a domain logon server. It find this service and the IP address of a server that provides it by performing a lookup (via a NetBIOS broadcast) for enumeration of all machines that have -registered the name type *<1c>. A logon request is then sent to each +registered the name type *<1c>. A logon request is then sent to each IP address that is returned in the enumerated list of IP addresses. Which ever machine first replies then ends up providing the logon services.

9.3.1. The NetBIOS Name Cache

9.3.1. The NetBIOS Name Cache

All MS Windows machines employ an in memory buffer in which is stored the NetBIOS names and IP addresses for all external @@ -518,9 +518,9 @@ CLASS="SECT2" >

9.3.2. The LMHOSTS file

9.3.2. The LMHOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in

9.3.3. HOSTS file

9.3.3. HOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in

9.3.4. DNS Lookup

9.3.4. DNS Lookup

This capability is configured in the TCP/IP setup area in the network configuration facility. If enabled an elaborate name resolution sequence @@ -663,9 +663,9 @@ CLASS="SECT2" >

9.3.5. WINS Lookup

9.3.5. WINS Lookup

A WINS (Windows Internet Name Server) service is the equivaent of the rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores @@ -692,11 +692,9 @@ CLASS="PROGRAMLISTING" wins server = xxx.xxx.xxx.xxx

where where xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx is the IP address of the WINS server.

9.4. How browsing functions and how to deploy stable and -dependable browsing using Samba

As stated above, MS Windows machines register their NetBIOS names (i.e.: the machine name for each service type in operation) on start @@ -773,10 +771,10 @@ CLASS="SECT1" >

9.5. MS Windows security options and how to configure -Samba for seemless integration

MS Windows clients may use encrypted passwords as part of a challenege/response authentication model (a.k.a. NTLMv1) or @@ -845,43 +843,35 @@ CLASS="PROGRAMLISTING" HREF="smb.conf.5.html#PASSWORDLEVEL" TARGET="_top" >passsword level = = integerinteger username level = = integerinteger

By default Samba will lower case the username before attempting to lookup the user in the database of local system accounts. Because UNIX usernames conventionally only contain lower case -character, the username levelusername level parameter is rarely even needed.

However, password on UNIX systems often make use of mixed case characters. This means that in order for a user on a Windows 9x client to connect to a Samba server using clear text authentication, -the password levelpassword level must be set to the maximum number of upper case letter which appear is a password. Note that is the server OS uses the traditional -DES version of crypt(), then a password levelpassword level of 8 will result in case insensitive passwords as seen from Windows users. This will also result in longer login times as Samba @@ -910,9 +898,9 @@ CLASS="SECT2" >

9.5.1. Use MS Windows NT as an authentication server

9.5.1. Use MS Windows NT as an authentication server

This method involves the additions of the following parameters in the smb.conf file:

9.5.2. Make Samba a member of an MS Windows NT security domain

9.5.2. Make Samba a member of an MS Windows NT security domain

This method involves additon of the following paramters in the smb.conf file:

9.5.3. Configure Samba as an authentication server

9.5.3. Configure Samba as an authentication server

This mode of authentication demands that there be on the Unix/Linux system both a Unix style account as well as an @@ -1046,9 +1034,9 @@ CLASS="SECT3" >

9.5.3.1. Users

9.5.3.1. Users

A user account that may provide a home directory should be created. The following Linux system commands are typical of @@ -1058,10 +1046,10 @@ the procedure for creating an account.

# useradd -s /bin/bash -d /home/"userid" -m "userid" # passwd "userid" - Enter Password: <pw> + Enter Password: <pw> # smbpasswd -a "userid" - Enter Password: <pw>

9.5.3.2. MS Windows NT Machine Accounts

9.5.3.2. MS Windows NT Machine Accounts

These are required only when Samba is used as a domain controller. Refer to the Samba-PDC-HOWTO for more details.

9.6. Conclusions

9.6. Conclusions

Samba provides a flexible means to operate as...