Chapter 15. Unified Logons between Windows NT and UNIX using Winbind

Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous computing environments for a long time. We present winbind, a component of the Samba suite @@ -9,7 +8,7 @@ Service Switch to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine. This paper describes the winbind system, explaining the functionality it provides, how it is configured, - and how it works internally.

Introduction

It is well known that UNIX and Microsoft Windows NT have + and how it works internally.

Introduction

It is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and use different technologies for implementing them. This fact has made it difficult to integrate the two systems in a satisfactory @@ -30,7 +29,7 @@ tasks for the system administrator when maintaining users and groups on either system. The winbind system provides a simple and elegant solution to all three components of the unified logon - problem.

What Winbind Provides

Winbind unifies UNIX and Windows NT account management by + problem.

What Winbind Provides

Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once this is done the UNIX box will see NT users and groups as if they were native UNIX users and groups, allowing the NT domain @@ -54,7 +53,7 @@ to provide authentication via a NT domain to any PAM enabled applications. This capability solves the problem of synchronizing passwords between systems since all passwords are stored in a single - location (on the domain controller).

Target Uses

Winbind is targeted at organizations that have an + location (on the domain controller).

Target Uses

Winbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish to put UNIX workstations or servers. Winbind will allow these organizations to deploy UNIX workstations without having to @@ -64,12 +63,12 @@ be used is as a central part of UNIX based appliances. Appliances that provide file and print services to Microsoft based networks will be able to use Winbind to provide seamless integration of - the appliance into the domain.

How Winbind Works

The winbind system is designed around a client/server - architecture. A long running winbindd daemon + the appliance into the domain.

How Winbind Works

The winbind system is designed around a client/server + architecture. A long running winbindd daemon listens on a UNIX domain socket waiting for requests to arrive. These requests are generated by the NSS and PAM clients and processed sequentially.

The technologies used to implement winbind are described - in detail below.

Microsoft Remote Procedure Calls

Over the last few years, efforts have been underway + in detail below.

Microsoft Remote Procedure Calls

Over the last few years, efforts have been underway by various Samba Team members to decode various aspects of the Microsoft Remote Procedure Call (MSRPC) system. This system is used for most network related operations between @@ -82,7 +81,7 @@ users or groups. Other MSRPC calls can be used to authenticate NT domain users and to change user passwords. By directly querying a Windows PDC for user and group information, winbind maps the - NT account information onto UNIX user and group names.

Microsoft Active Directory Services

+ NT account information onto UNIX user and group names.

Microsoft Active Directory Services

Since late 2001, Samba has gained the ability to interact with Microsoft Windows 2000 using its 'Native Mode' protocols, rather than the NT4 RPC services. @@ -91,7 +90,7 @@ same way as a Win2k client would, and in so doing provide a much more efficient and effective winbind implementation. -

Name Service Switch

The Name Service Switch, or NSS, is a feature that is +

Name Service Switch

The Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system information such as hostnames, mail aliases and user information to be resolved from different sources. For example, a standalone @@ -108,25 +107,27 @@ a UNIX machine running winbind and see all users and groups in a NT domain plus any trusted domain as though they were local users and groups.

The primary control file for NSS is - /etc/nsswitch.conf. + /etc/nsswitch.conf. When a UNIX application makes a request to do a lookup - the C library looks in /etc/nsswitch.conf + the C library looks in /etc/nsswitch.conf for a line which matches the service type being requested, for example the "passwd" service type is used when user or group names are looked up. This config line species which implementations of that service should be tried and in what order. If the passwd - config line is:

passwd: files example

then the C library will first load a module called - /lib/libnss_files.so followed by - the module /lib/libnss_example.so. The + config line is:

+passwd: files example
+

then the C library will first load a module called + /lib/libnss_files.so followed by + the module /lib/libnss_example.so. The C library will dynamically load each of these modules in turn and call resolver functions within the modules to try to resolve the request. Once the request is resolved the C library returns the result to the application.

This NSS interface provides a very easy way for Winbind to hook into the operating system. All that needs to be done - is to put libnss_winbind.so in /lib/ - then add "winbind" into /etc/nsswitch.conf at + is to put libnss_winbind.so in /lib/ + then add "winbind" into /etc/nsswitch.conf at the appropriate place. The C library will then call Winbind to - resolve user and group names.

Pluggable Authentication Modules

Pluggable Authentication Modules, also known as PAM, + resolve user and group names.

Pluggable Authentication Modules

Pluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization technologies. With a PAM module it is possible to specify different authentication methods for different system applications without @@ -141,17 +142,17 @@ Controller. These users can also change their passwords and have this change take effect directly on the Primary Domain Controller.

PAM is configured by providing control files in the directory - /etc/pam.d/ for each of the services that + /etc/pam.d/ for each of the services that require authentication. When an authentication request is made by an application the PAM code in the C library looks up this control file to determine what modules to load to do the authentication check and in what order. This interface makes adding a new authentication service for Winbind very easy, all that needs - to be done is that the pam_winbind.so module - is copied to /lib/security/ and the PAM + to be done is that the pam_winbind.so module + is copied to /lib/security/ and the PAM control files for relevant services are updated to allow authentication via winbind. See the PAM documentation - for more details.

User and Group ID Allocation

When a user or group is created under Windows NT + for more details.

User and Group ID Allocation

When a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is slightly different to UNIX which has a range of numbers that are used to identify users, and the same range in which to identify @@ -164,7 +165,7 @@ time, winbind will have mapped all Windows NT users and groups to UNIX user ids and group ids.

The results of this mapping are stored persistently in an ID mapping database held in a tdb database). This ensures that - RIDs are mapped to UNIX IDs in a consistent way.

Result Caching

An active system can generate a lot of user and group + RIDs are mapped to UNIX IDs in a consistent way.

Result Caching

An active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind uses a caching scheme based on the SAM sequence number supplied by NT domain controllers. User or group information returned @@ -175,16 +176,16 @@ the PDC and compared against the sequence number of the cached entry. If the sequence numbers do not match, then the cached information is discarded and up to date information is requested directly - from the PDC.

Installation and Configuration

+ from the PDC.

Installation and Configuration

Many thanks to John Trostel jtrostel@snapserver.com for providing the HOWTO for this section.

This HOWTO describes how to get winbind services up and running to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 3.0. -

Introduction

-This HOWTO describes the procedures used to get winbind up and -running on my RedHat 7.1 system. Winbind is capable of providing access +

Introduction

+This section describes the procedures used to get winbind up and +running on a RedHat 7.1 system. Winbind is capable of providing access and authentication control for Windows Domain users through an NT or Win2K PDC for 'regular' services, such as telnet a nd ftp, as well for SAMBA services. @@ -207,17 +208,17 @@ somewhat to fit the way your distribution works. SAMBA server, this HOWTO is for you. That said, I am no NT or PAM expert, so you may find a better or easier way to accomplish these tasks. -

Requirements

-If you have a samba configuration file that you are currently +

Requirements

+If you have a Samba configuration file that you are currently using... BACK IT UP! If your system already uses PAM, -back up the /etc/pam.d directory +back up the /etc/pam.d directory contents! If you haven't already made a boot disk, MAKE ONE NOW!

-Messing with the pam configuration files can make it nearly impossible -to log in to yourmachine. That's why you want to be able to boot back +Messing with the PAM configuration files can make it nearly impossible +to log in to your machine. That's why you want to be able to boot back into your machine in single user mode and restore your -/etc/pam.d back to the original state they were in if +/etc/pam.d back to the original state they were in if you get frustrated with the way things are going. ;-)

The latest version of SAMBA (version 3.0 as of this writing), now @@ -232,54 +233,54 @@ SAMBA machine, PAM (pluggable authentication modules) must be setup properly on your machine. In order to compile the winbind modules, you should have at least the pam libraries resident on your system. For recent RedHat systems (7.1, for instance), that -means pam-0.74-22. For best results, it is helpful to also -install the development packages in pam-devel-0.74-22. -

Testing Things Out

+means pam-0.74-22. For best results, it is helpful to also +install the development packages in pam-devel-0.74-22. +

Testing Things Out

Before starting, it is probably best to kill off all the SAMBA -related daemons running on your server. Kill off all smbd, -nmbd, and winbindd processes that may +related daemons running on your server. Kill off all smbd, +nmbd, and winbindd processes that may be running. To use PAM, you will want to make sure that you have the -standard PAM package (for RedHat) which supplies the /etc/pam.d +standard PAM package (for RedHat) which supplies the /etc/pam.d directory structure, including the pam modules are used by pam-aware -services, several pam libraries, and the /usr/doc -and /usr/man entries for pam. Winbind built better +services, several pam libraries, and the /usr/doc +and /usr/man entries for pam. Winbind built better in SAMBA if the pam-devel package was also installed. This package includes -the header files needed to compile pam-aware applications. For instance, -my RedHat system has both pam-0.74-22 and -pam-devel-0.74-22 RPMs installed. -

Configure and compile SAMBA

+the header files needed to compile pam-aware applications. +

Configure and compile SAMBA

The configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon whether or not you have previously built the Samba binaries. -

-root# autoconf
-root# make clean
-root# rm config.cache
-root# ./configure
-root# make
-root# make install
+
+root# autoconf
+root# make clean
+root# rm config.cache
+root# ./configure
+root# make
+root# make install
 

-This will, by default, install SAMBA in /usr/local/samba.
+This will, by default, install SAMBA in /usr/local/samba.
 See the main SAMBA documentation if you want to install SAMBA somewhere else.
 It will also build the winbindd executable and libraries. 
-

Configure `nsswitch.conf` and the -winbind libraries on Linux and Solaris

-The libraries needed to run the winbindd daemon +

Configure `nsswitch.conf` and the +winbind libraries on Linux and Solaris

+The libraries needed to run the winbindd daemon through nsswitch need to be copied to their proper locations, so

-root# cp ../samba/source/nsswitch/libnss_winbind.so /lib +

+root# cp ../samba/source/nsswitch/libnss_winbind.so /lib
+

I also found it necessary to make the following symbolic link:

-root# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 -

And, in the case of Sun solaris:

-root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 -root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 -root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2 -

-Now, as root you need to edit /etc/nsswitch.conf to -allow user and group entries to be visible from the winbindd -daemon. My /etc/nsswitch.conf file look like +root# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 +

And, in the case of Sun Solaris:

+root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1
+root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1
+root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2
+

+Now, as root you need to edit /etc/nsswitch.conf to +allow user and group entries to be visible from the winbindd +daemon. My /etc/nsswitch.conf file look like this after editing:

 	passwd:     files winbind
@@ -287,15 +288,15 @@ this after editing:
 	group:      files winbind

The libraries needed by the winbind daemon will be automatically -entered into the ldconfig cache the next time +entered into the ldconfig cache the next time your system reboots, but it is faster (and you don't need to reboot) if you do it manually:

-root# /sbin/ldconfig -v | grep winbind +root# /sbin/ldconfig -v | grep winbind

-This makes libnss_winbind available to winbindd +This makes libnss_winbind available to winbindd and echos back a check to you. -

NSS Winbind on AIX

(This section is only for those running AIX)

NSS Winbind on AIX

(This section is only for those running AIX)

The winbind AIX identification module gets built as libnss_winbind.so in the nsswitch directory of the samba source. This file can be copied to /usr/lib/security, and the AIX naming convention would indicate that it @@ -305,22 +306,22 @@ WINBIND: program = /usr/lib/security/WINBIND options = authonly

can then be added to -/usr/lib/security/methods.cfg. This module only +/usr/lib/security/methods.cfg. This module only supports identification, but there have been success reports using the standard winbind pam module for authentication. Use caution configuring loadable authentication modules as it is possible to make it impossible to logon to the system. More information about the AIX authentication module API can be found at "Kernel Extensions and Device Support -Programming Concepts for AIX": +Programming Concepts for AIX": Chapter 18. Loadable Authentication Module Programming Interface -and more information on administering the modules at +and more information on administering the modules at "System Management Guide: Operating System and Devices". -

Configure smb.conf

Several parameters are needed in the smb.conf file to control -the behavior of winbindd. Configure -smb.conf These are described in more detail in -the winbindd(8) man page. My -smb.conf file was modified to +the behavior of winbindd. Configure +smb.conf These are described in more detail in +the winbindd(8) man page. My +smb.conf file was modified to include the following entries in the [global] section:

 [global]
@@ -328,61 +329,61 @@ include the following entries in the [global] section:
      # separate domain and username with '+', like DOMAIN+username
      winbind separator = +
      # use uids from 10000 to 20000 for domain users
-     winbind uid = 10000-20000
+     idmap uid = 10000-20000
      # use gids from 10000 to 20000 for domain groups
-     winbind gid = 10000-20000
+     idmap gid = 10000-20000
      # allow enumeration of winbind users and groups
      winbind enum users = yes
      winbind enum groups = yes
      # give winbind users a real shell (only needed if they have telnet access)
      template homedir = /home/winnt/%D/%U
      template shell = /bin/bash
-

Join the SAMBA server to the PDC domain

Enter the following command to make the SAMBA server join the -PDC domain, where DOMAIN is the name of -your Windows domain and Administrator is +PDC domain, where DOMAIN is the name of +your Windows domain and Administrator is a domain user who has administrative privileges in the domain.

-root# /usr/local/samba/bin/net join -S PDC -U Administrator +root# /usr/local/samba/bin/net join -S PDC -U Administrator

The proper response to the command should be: "Joined the domain -DOMAIN" where DOMAIN +DOMAIN" where DOMAIN is your DOMAIN name. -

Start up the winbindd daemon and test it!

Eventually, you will want to modify your smb startup script to automatically invoke the winbindd daemon when the other parts of SAMBA start, but it is possible to test out just the winbind portion first. To start up winbind services, enter the following command as root:

-root# /usr/local/samba/bin/winbindd +root# /usr/local/samba/bin/winbindd

Winbindd can now also run in 'dual daemon mode'. This will make it run as 2 processes. The first will answer all requests from the cache, thus making responses to clients faster. The other will update the cache for the query that the first has just responded. Advantage of this is that responses stay accurate and are faster. -You can enable dual daemon mode by adding '-B' to the commandline: +You can enable dual daemon mode by adding -B to the commandline:

-root# /usr/local/samba/bin/winbindd -B +root# /usr/local/samba/bin/winbindd -B

I'm always paranoid and like to make sure the daemon is really running...

-root# ps -ae | grep winbindd +root# ps -ae | grep winbindd

This command should produce output like this, if the daemon is running -

 3025 ?        00:00:00 winbindd
-

+

Now... for the real test, try to get some information about the users on your PDC

-root# /usr/local/samba/bin/wbinfo -u +root# /usr/local/samba/bin/wbinfo -u

This should echo back a list of users on your Windows users on your PDC. For example, I get the following response: -

+
 	CEO+Administrator
 	CEO+burdell
 	CEO+Guest
@@ -390,13 +391,13 @@ your PDC.  For example, I get the following response:
 	CEO+krbtgt
 	CEO+TsInternetUser
 

-Obviously, I have named my domain 'CEO' and my winbind
+Obviously, I have named my domain 'CEO' and my winbind
 separator is '+'.
 

 You can do the same sort of thing to get group information from 
 the PDC:
-
-root# /usr/local/samba/bin/wbinfo -g
+
+root# /usr/local/samba/bin/wbinfo -g
 	CEO+Domain Admins
 	CEO+Domain Users
 	CEO+Domain Guests
@@ -411,25 +412,24 @@ The function 'getent' can now be used to get unified
 lists of both local and PDC users and groups.
 Try the following command:
 

-root# getent passwd
+root# getent passwd
 

-You should get a list that looks like your /etc/passwd 
+You should get a list that looks like your /etc/passwd 
 list followed by the domain users with their new uids, gids, home 
 directories and default shells.
 

 The same thing can be done for groups with the command
 

-root# getent group
-

`Fix the init.d startup scripts`

`Linux`

-The winbindd daemon needs to start up after the -smbd and nmbd daemons are running. +root# getent group +

`Fix the init.d startup scripts`

`Linux`

+The winbindd daemon needs to start up after the +smbd and nmbd daemons are running. To accomplish this task, you need to modify the startup scripts of your system. -They are located at /etc/init.d/smb in RedHat and -/etc/init.d/samba in Debian. +They are located at /etc/init.d/smb in RedHat and +/etc/init.d/samba in Debian. script to add commands to invoke this daemon in the proper sequence. My -startup script starts up smbd, -nmbd, and winbindd from the -/usr/local/samba/bin directory directly. The 'start' +startup script starts up smbd, nmbd, and winbindd from the +/usr/local/samba/bin directory directly. The 'start' function in the script looks like this:

 start() {
@@ -487,10 +487,10 @@ stop() {
         echo ""
         return $RETVAL
 }
-

`Solaris`

Winbind doesn't work on solaris 9, see the Portability chapter for details.

On solaris, you need to modify the -/etc/init.d/samba.server startup script. It usually +

`Solaris`

Winbind doesn't work on Solaris 9, see the Portability chapter for details.

On Solaris, you need to modify the +/etc/init.d/samba.server startup script. It usually only starts smbd and nmbd but should now start winbindd too. If you -have samba installed in /usr/local/samba/bin, +have samba installed in /usr/local/samba/bin, the file could contains something like this:

 	##
@@ -550,34 +550,33 @@ in the script above with:
 
 	/usr/local/samba/bin/winbindd -B
 

-

`Restarting`

-If you restart the smbd, nmbd, -and winbindd daemons at this point, you +

`Restarting`

+If you restart the smbd, nmbd, and winbindd daemons at this point, you should be able to connect to the samba server as a domain member just as if you were a local user. -

`Configure Winbind and PAM`

+

`Configure Winbind and PAM`

If you have made it this far, you know that winbindd and samba are working together. If you want to use winbind to provide authentication for other services, keep reading. The pam configuration files need to be altered in this step. (Did you remember to make backups of your original -/etc/pam.d files? If not, do it now.) +/etc/pam.d files? If not, do it now.)

You will need a pam module to use winbindd with these other services. This -module will be compiled in the ../source/nsswitch directory +module will be compiled in the ../source/nsswitch directory by invoking the command

-root# make nsswitch/pam_winbind.so +root# make nsswitch/pam_winbind.so

-from the ../source directory. The -pam_winbind.so file should be copied to the location of +from the ../source directory. The +pam_winbind.so file should be copied to the location of your other pam security modules. On my RedHat system, this was the -/lib/security directory. On Solaris, the pam security -modules reside in /usr/lib/security. +/lib/security directory. On Solaris, the pam security +modules reside in /usr/lib/security.

-root# cp ../samba/source/nsswitch/pam_winbind.so /lib/security -

`Linux/FreeBSD-specific PAM configuration`

-The /etc/pam.d/samba file does not need to be changed. I -just left this fileas it was: +root# cp ../samba/source/nsswitch/pam_winbind.so /lib/security +

`Linux/FreeBSD-specific PAM configuration`

+The /etc/pam.d/samba file does not need to be changed. I +just left this file as it was:

 	auth    required        /lib/security/pam_stack.so service=system-auth
 	account required        /lib/security/pam_stack.so service=system-auth
@@ -586,10 +585,10 @@ The other services that I modified to allow the use of winbind
 as an authentication service were the normal login on the console (or a terminal 
 session), telnet logins, and ftp service.  In order to enable these 
 services, you may first need to change the entries in 
-/etc/xinetd.d (or /etc/inetd.conf).  
+/etc/xinetd.d (or /etc/inetd.conf).  
 RedHat 7.1 uses the new xinetd.d structure, in this case you need 
-to change the lines in /etc/xinetd.d/telnet 
-and /etc/xinetd.d/wu-ftp from 
+to change the lines in /etc/xinetd.d/telnet 
+and /etc/xinetd.d/wu-ftp from 
 
 	enable = no
 

@@ -601,12 +600,12 @@ For ftp services to work properly, you will also need to either
 have individual directories for the domain users already present on 
 the server, or change the home directory template to a general
 directory for all domain users.  These can be easily set using 
-the smb.conf global entry 
-template homedir.
+the smb.conf global entry 
+template homedir.
 

-The /etc/pam.d/ftp file can be changed 
+The /etc/pam.d/ftp file can be changed 
 to allow winbind ftp access in a manner similar to the
-samba file.  My /etc/pam.d/ftp file was 
+samba file.  My /etc/pam.d/ftp file was 
 changed to look like this:
 
 	auth       required     /lib/security/pam_listfile.so item=user sense=deny \
@@ -618,7 +617,7 @@ changed to look like this:
 	account    required     /lib/security/pam_stack.so service=system-auth
 	session    required     /lib/security/pam_stack.so service=system-auth
 

-The /etc/pam.d/login file can be changed nearly the 
+The /etc/pam.d/login file can be changed nearly the 
 same way.  It now looks like this:
 
 	auth       required     /lib/security/pam_securetty.so
@@ -632,13 +631,13 @@ same way.  It now looks like this:
 	session    required     /lib/security/pam_stack.so service=system-auth
 	session    optional     /lib/security/pam_console.so
 

-In this case, I added the auth sufficient /lib/security/pam_winbind.so 
-lines as before, but also added the required pam_securetty.so 
+In this case, I added the 
auth sufficient /lib/security/pam_winbind.so
 
+lines as before, but also added the 
required pam_securetty.so

 above it, to disallow root logins over the network.  I also added a 
-sufficient /lib/security/pam_unix.so use_first_pass
-line after the winbind.so line to get rid of annoying 
+sufficient /lib/security/pam_unix.so use_first_pass
+line after the winbind.so line to get rid of annoying 
 double prompts for passwords.
-

`Solaris-specific configuration`

+

`Solaris-specific configuration`

The /etc/pam.conf needs to be changed. I changed this file so that my Domain users can logon both locally as well as telnet.The following are the changes that I made.You can customize the pam.conf file as per your requirements,but @@ -710,7 +709,12 @@ annoying double prompts for passwords.

Now restart your Samba and try connecting through your application that you configured in the pam.conf. -

`Limitations`

Winbind has a number of limitations in its current +

`Conclusion`

The winbind system, through the use of the Name Service + Switch, Pluggable Authentication Modules, and appropriate + Microsoft RPC calls have allowed us to provide seamless + integration of Microsoft Windows NT domain users on a + UNIX system. The result is a great reduction in the administrative + cost of running a mixed UNIX and NT network.

`Common Errors`

Winbind has a number of limitations in its current released version that we hope to overcome in future releases:

Winbind is currently only available for the Linux, Solaris and IRIX operating systems, although ports to other operating @@ -718,16 +722,11 @@ configured in the pam.conf. we require the C library of the target operating system to support the Name Service Switch and Pluggable Authentication Modules systems. This is becoming more common as NSS and - PAM gain support among UNIX vendors.
The mappings of Windows NT RIDs to UNIX ids + PAM gain support among UNIX vendors.
The mappings of Windows NT RIDs to UNIX ids is not made algorithmically and depends on the order in which unmapped users or groups are seen by winbind. It may be difficult to recover the mappings of rid to UNIX id mapping if the file containing this information is corrupted or destroyed.
Currently the winbind PAM module does not take into account possible workstation and logon time restrictions that may be been set for Windows NT users, this is - instead up to the PDC to enforce.

`Conclusion`

The winbind system, through the use of the Name Service - Switch, Pluggable Authentication Modules, and appropriate - Microsoft RPC calls have allowed us to provide seamless - integration of Microsoft Windows NT domain users on a - UNIX system. The result is a great reduction in the administrative - cost of running a mixed UNIX and NT network.

Prev	Up	Next
Chapter 14. CUPS Printing Support	Home	Chapter 16. Advanced Network Manangement

Prev	Up	Next
Chapter 20. Stackable VFS modules	Home	Chapter 22. Advanced Network Management