From 01f0236f58775e2bf60250caf2b9740bd9f988ea Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 30 Mar 2003 11:22:22 +0000 Subject: - Regenerate docs - Document 'preload modules' (This used to be commit 57407401d0f261d4b8e42fdc64479afef10211c3) --- docs/htmldocs/Samba-HOWTO-Collection.html | 3765 ++++++++++++++++++++++------- docs/htmldocs/ads.html | 38 +- docs/htmldocs/appendixes.html | 216 +- docs/htmldocs/bugreport.html | 26 +- docs/htmldocs/compiling.html | 42 +- docs/htmldocs/diagnosis.html | 62 +- docs/htmldocs/domain-security.html | 14 +- docs/htmldocs/groupmapping.html | 2 +- docs/htmldocs/groupprofiles.html | 30 +- docs/htmldocs/improved-browsing.html | 50 +- docs/htmldocs/integrate-ms-networks.html | 82 +- docs/htmldocs/introduction.html | 52 +- docs/htmldocs/msdfs.html | 10 +- docs/htmldocs/optional.html | 554 +++-- docs/htmldocs/other-clients.html | 58 +- docs/htmldocs/pam.html | 14 +- docs/htmldocs/passdb.html | 149 +- docs/htmldocs/portability.html | 26 +- docs/htmldocs/printing.html | 100 +- docs/htmldocs/samba-bdc.html | 42 +- docs/htmldocs/samba-howto-collection.html | 592 +++-- docs/htmldocs/samba-pdc.html | 352 +-- docs/htmldocs/securing-samba.html | 36 +- docs/htmldocs/securitylevels.html | 18 +- docs/htmldocs/speed.html | 42 +- docs/htmldocs/type.html | 200 +- docs/htmldocs/unix-permissions.html | 38 +- docs/htmldocs/vfs.html | 34 +- docs/htmldocs/winbind.html | 180 +- 29 files changed, 4570 insertions(+), 2254 deletions(-) (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index 3bc4ad32e3..d9125d5aad 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -236,17 +236,17 @@ HREF="#SERVERTYPE" >
4.1. Stand Alone Server
4.2. Domain Member Server
4.3. Domain Controller
5. User and Share security level (for servers not in a domain)Samba as Stand-Alone server (User and Share security level)
6.
6.1. Prerequisite Reading
6.2. Background
6.3. Configuring the Samba Domain Controller
6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
6.5. Common Problems and Errors
6.6. System Policies and Profiles
6.7. What other help can I get?
6.8. Domain Control for Windows 9x/ME
6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
7.1. Prerequisite Reading
7.2. Background
7.3. What qualifies a Domain Controller on the network?
7.4. Can Samba be a Backup Domain Controller to an NT PDC?
7.5. How do I set up a Samba BDC?
8.1. Installing the required packages for Debian
8.2. Installing the required packages for RedHat
8.3. Compile Samba
8.4. Setup your /etc/krb5.conf
8.5. Create the computer account
8.6. Test your server setup
8.7. Testing with smbclient
8.8. Notes
9.1. Joining an NT Domain with Samba 3.0
9.2. Samba and Windows 2000 Domains
9.3. Why is this better than security = server?
10.1. Agenda
10.2. Name Resolution in a pure Unix/Linux world
10.3. Name resolution as used within MS Windows networking
10.4. How browsing functions and how to deploy stable and dependable browsing using Samba
10.5. MS Windows security options and how to configure Samba for seemless integration
10.6. Conclusions
11.1. Viewing and changing UNIX permissions using the NT security dialogs
11.2. How to view file security on a Samba share
11.3. Viewing file ownership
11.4. Viewing file or directory permissions
11.5. Modifying file or directory permissions
11.6. Interaction with the standard Samba create mask parameters
11.7. Interaction with the standard Samba file attribute mapping
12.1. Samba and PAM
12.2. Distributed Authentication
12.3. PAM Configuration in smb.conf
13.1. Instructions
14.1. Introduction
14.2. Configuration
14.3. The Imprints Toolset
14.4. Diagnosis
15. CUPS Printing Support
15.1. Introduction
15.2. CUPS - RAW Print Through Mode
15.3. The CUPS Filter Chains
15.4. CUPS Print Drivers and Devices
15.5. Limiting the number of pages users can print
15.6. Advanced Postscript Printing from MS Windows
15.7. Auto-Deletion of CUPS spool files
16. Unified Logons between Windows NT and UNIX using Winbind
15.1. 16.1. Abstract
15.2. 16.2. Introduction
15.3. 16.3. What Winbind Provides
15.4. 16.4. How Winbind Works
15.5. 16.5. Installation and Configuration
15.6. 16.6. Limitations
15.7. 16.7. Conclusion
16. 17. Improved browsing in samba
16.1. 17.1. Overview of browsing
16.2. 17.2. Browsing support in samba
16.3. 17.3. Problem resolution
16.4. 17.4. Browsing across subnets
16.5. 17.5. Setting up a WINS server
16.6. 17.6. Setting up Browsing in a WORKGROUP
16.7. 17.7. Setting up Browsing in a DOMAIN
16.8. 17.8. Forcing samba to be the master
16.9. 17.9. Making samba the domain master
16.10. 17.10. Note about broadcast addresses
16.11. 17.11. Multiple interfaces
17. 18. Stackable VFS modules
17.1. 18.1. Introduction and configuration
17.2. 18.2. Included modules
17.3. 18.3. VFS modules available elsewhere
18. 19. Group mapping HOWTO
19. 20. Samba performance issues
19.1. 20.1. Comparisons
19.2. 20.2. Socket options
19.3. 20.3. Read size
19.4. 20.4. Max xmit
19.5. 20.5. Log level
19.6. 20.6. Read raw
19.7. 20.7. Write raw
19.8. 20.8. Slow Clients
19.9. 20.9. Slow Logins
19.10. 20.10. Client tuning
20. 21. Creating Group Prolicy Files
20.1. 21.1. Windows '9x
20.2. 21.2. Windows NT 4
20.3. 21.3. Windows 2000/XP
21. 22. Securing Samba
21.1. 22.1. Introduction
21.2. 22.2. Using host based protection
21.3. 22.3. Using interface protection
21.4. 22.4. Using a firewall
21.5. 22.5. Using a IPC$ share deny
21.6. 22.6. Upgrading Samba
22. 23. Unicode/Charsets
22.1. 23.1. What are charsets and unicode?
22.2. 23.2. Samba and charsets
23. 24. Portability
23.1. 24.1. HPUX
23.2. 24.2. SCO Unix
23.3. 24.3. DNIX
23.4. 24.4. RedHat Linux Rembrandt-II
23.5. 24.5. AIX
24. 25. Samba and other CIFS clients
24.1. 25.1. Macintosh clients?
24.2. 25.2. OS2 Client
24.3. 25.3. Windows for Workgroups
24.4. 25.4. Windows '95/'98
24.5. 25.5. Windows 2000 Service Pack 2
25. 26. How to compile SAMBA
25.1. 26.1. Access Samba source code via CVS
25.2. 26.2. Accessing the samba sources via rsync and ftp
25.3. 26.3. Building the Binaries
25.4. 26.4. Starting the smbd and nmbd
26. 27. Reporting Bugs
26.1. 27.1. Introduction
26.2. 27.2. General info
26.3. 27.3. Debug levels
26.4. 27.4. Internal errors
26.5. 27.5. Attaching to a running process
26.6. 27.6. Patches
27. 28. The samba checklist
27.1. 28.1. Introduction
27.2. 28.2. Assumptions
27.3. 28.3. Tests
27.4. 28.4. Still having troubles?
4.1. Stand Alone Server
4.2. Domain Member Server
4.3. Domain Controller
4.3.1. Domain Controller Types
5. User and Share security level (for servers not in a domain)Samba as Stand-Alone server (User and Share security level)
6.
6.1. Prerequisite Reading
6.2. Background
6.3. Configuring the Samba Domain Controller
6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
6.4.1. Manual Creation of Machine Trust Accounts
6.4.2. "On-the-Fly" Creation of Machine Trust Accounts
6.4.3. Joining the Client to the Domain
6.5. Common Problems and Errors
6.6. System Policies and Profiles
6.7. What other help can I get?
6.8. Domain Control for Windows 9x/ME
6.8.1. Configuration Instructions: Network Logons
6.8.2. Configuration Instructions: Setting up Roaming User Profiles
6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
7.1. Prerequisite Reading
7.2. Background
7.3. What qualifies a Domain Controller on the network?
7.3.1. How does a Workstation find its domain controller?
7.3.2. When is the PDC needed?
7.4. Can Samba be a Backup Domain Controller to an NT PDC?
7.5. How do I set up a Samba BDC?
7.5.1. How do I replicate the smbpasswd file?
7.5.2. Can I do this all with LDAP?
8.1. Installing the required packages for Debian
8.2. Installing the required packages for RedHat
8.3. Compile Samba
8.4. Setup your /etc/krb5.conf
8.5. Create the computer account
8.5.1. Possible errors
8.6. Test your server setup
8.7. Testing with smbclient
8.8. Notes
9.1. Joining an NT Domain with Samba 3.0
9.2. Samba and Windows 2000 Domains
9.3. Why is this better than security = server?

Backup Domain Controller

  • ADS Domain Controller


  • 4.1. Stand Alone Server


    4.2. Domain Member Server


    4.3. Domain Controller


    4.3.1. Domain Controller Types

    Chapter 5. User and Share security level (for servers not in a domain)Chapter 5. Samba as Stand-Alone server (User and Share security level)

    A SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which @@ -4223,7 +4271,7 @@ CLASS="SECT1" >

    6.1. Prerequisite Reading


    6.2. Background


    6.3. Configuring the Samba Domain Controller


    6.4. Creating Machine Trust Accounts and Joining Clients to the Domain


    6.4.1. Manual Creation of Machine Trust Accounts


    6.4.2. "On-the-Fly" Creation of Machine Trust Accounts


    6.4.3. Joining the Client to the Domain


    6.5. Common Problems and Errors


    6.6. System Policies and Profiles


    6.7. What other help can I get?


    6.8. Domain Control for Windows 9x/ME


    6.8.1. Configuration Instructions: Network Logons


    6.8.2. Configuration Instructions: Setting up Roaming User Profiles


    6.8.2.1. Windows NT Configuration


    6.8.2.2. Windows 9X Configuration


    6.8.2.3. Win9X and WinNT Configuration


    6.8.2.4. Windows 9X Profile Setup


    6.8.2.5. Windows NT Workstation 4.0


    6.8.2.6. Windows NT Server


    6.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0

    10.6. Conclusions
    11.1. Viewing and changing UNIX permissions using the NT security dialogs
    11.2. How to view file security on a Samba share
    11.3. Viewing file ownership
    11.4. Viewing file or directory permissions
    11.4.1. File Permissions
    11.4.2. Directory Permissions
    11.5. Modifying file or directory permissions
    11.6. Interaction with the standard Samba create mask parameters
    11.7. Interaction with the standard Samba file attribute mapping
    12.1. Samba and PAM
    12.2. Distributed Authentication
    12.3. PAM Configuration in smb.conf
    13.1. Instructions
    13.1.1. Notes
    14.1. Introduction
    14.2. Configuration
    14.2.1. Creating [print$]
    14.2.2. Setting Drivers for Existing Printers
    14.2.3. Support a large number of printers
    14.2.4. Adding New Printers via the Windows NT APW
    14.2.5. Samba and Printer Ports
    14.3. The Imprints Toolset
    14.3.1. What is Imprints?
    14.3.2. Creating Printer Driver Packages
    14.3.3. The Imprints server
    14.3.4. The Installation Client
    14.4. Diagnosis
    14.4.1. Introduction
    14.4.2. Debugging printer problems
    14.4.3. What printers do I have?
    14.4.4. Setting up printcap and print servers
    14.4.5. Job sent, no output
    14.4.6. Job sent, strange output
    14.4.7. Raw PostScript printed
    14.4.8. Advanced Printing
    14.4.9. Real debugging
    15. CUPS Printing Support
    15.1. Introduction
    15.2. CUPS - RAW Print Through Mode
    15.3. The CUPS Filter Chains
    15.4. CUPS Print Drivers and Devices
    15.4.1. Further printing steps
    15.5. Limiting the number of pages users can print
    15.6. Advanced Postscript Printing from MS Windows
    15.7. Auto-Deletion of CUPS spool files
    16. Unified Logons between Windows NT and UNIX using Winbind
    15.1. 16.1. Abstract
    15.2. 16.2. Introduction
    15.3. 16.3. What Winbind Provides
    15.3.1. 16.3.1. Target Uses
    15.4. 16.4. How Winbind Works
    15.4.1. 16.4.1. Microsoft Remote Procedure Calls
    15.4.2. 16.4.2. Microsoft Active Directory Services
    15.4.3. 16.4.3. Name Service Switch
    15.4.4. 16.4.4. Pluggable Authentication Modules
    15.4.5. 16.4.5. User and Group ID Allocation
    15.4.6. 16.4.6. Result Caching
    15.5. 16.5. Installation and Configuration
    15.5.1. 16.5.1. Introduction
    15.5.2. 16.5.2. Requirements
    15.5.3. 16.5.3. Testing Things Out
    15.6. 16.6. Limitations
    15.7. 16.7. Conclusion
    16. 17. Improved browsing in samba
    16.1. 17.1. Overview of browsing
    16.2. 17.2. Browsing support in samba
    16.3. 17.3. Problem resolution
    16.4. 17.4. Browsing across subnets
    16.4.1. 17.4.1. How does cross subnet browsing work ?
    16.5. 17.5. Setting up a WINS server
    16.6. 17.6. Setting up Browsing in a WORKGROUP
    16.7. 17.7. Setting up Browsing in a DOMAIN
    16.8. 17.8. Forcing samba to be the master
    16.9. 17.9. Making samba the domain master
    16.10. 17.10. Note about broadcast addresses
    16.11. 17.11. Multiple interfaces
    17. 18. Stackable VFS modules
    17.1. 18.1. Introduction and configuration
    17.2. 18.2. Included modules
    17.2.1. 18.2.1. audit
    17.2.2. 18.2.2. recycle
    17.2.3. 18.2.3. netatalk
    17.3. 18.3. VFS modules available elsewhere
    17.3.1. 18.3.1. DatabaseFS
    17.3.2. 18.3.2. vscan
    18. 19. Group mapping HOWTO
    19. 20. Samba performance issues
    19.1. 20.1. Comparisons
    19.2. 20.2. Socket options
    19.3. 20.3. Read size
    19.4. 20.4. Max xmit
    19.5. 20.5. Log level
    19.6. 20.6. Read raw
    19.7. 20.7. Write raw
    19.8. 20.8. Slow Clients
    19.9. 20.9. Slow Logins
    19.10. 20.10. Client tuning
    20. 21. Creating Group Prolicy Files
    20.1. 21.1. Windows '9x
    20.2. 21.2. Windows NT 4
    20.2.1. 21.2.1. Side bar Notes
    20.2.2. 21.2.2. Mandatory profiles
    20.2.3. 21.2.3. moveuser.exe
    20.2.4. 21.2.4. Get SID
    20.3. 21.3. Windows 2000/XP
    21. 22. Securing Samba
    21.1. 22.1. Introduction
    21.2. 22.2. Using host based protection
    21.3. 22.3. Using interface protection
    21.4. 22.4. Using a firewall
    21.5. 22.5. Using a IPC$ share deny
    21.6. 22.6. Upgrading Samba
    22. 23. Unicode/Charsets
    22.1. 23.1. What are charsets and unicode?
    22.2. 23.2. Samba and charsets

    10.1. Agenda


    10.2. Name Resolution in a pure Unix/Linux world


    10.2.1. /etc/hosts

    10.2.2. /etc/resolv.conf

    10.2.3. /etc/host.conf

    10.2.4. /etc/nsswitch.conf

    10.3. Name resolution as used within MS Windows networking


    10.3.1. The NetBIOS Name Cache


    10.3.2. The LMHOSTS file


    10.3.3. HOSTS file


    10.3.4. DNS Lookup


    10.3.5. WINS Lookup


    10.4. How browsing functions and how to deploy stable and dependable browsing using Samba


    10.5. MS Windows security options and how to configure Samba for seemless integration


    10.5.1. Use MS Windows NT as an authentication server


    10.5.2. Make Samba a member of an MS Windows NT security domain


    10.5.3. Configure Samba as an authentication server


    10.5.3.1. Users


    10.5.3.2. MS Windows NT Machine Accounts


    10.6. Conclusions

    11.1. Viewing and changing UNIX permissions using the NT security dialogs


    11.2. How to view file security on a Samba share


    11.3. Viewing file ownership


    11.4. Viewing file or directory permissions


    11.4.1. File Permissions


    11.4.2. Directory Permissions


    11.5. Modifying file or directory permissions


    11.6. Interaction with the standard Samba create mask parameters


    11.7. Interaction with the standard Samba file attribute mapping

    12.1. Samba and PAM


    12.2. Distributed Authentication


    12.3. PAM Configuration in smb.conf

    13.1. Instructions


    13.1.1. Notes

    14.1. Introduction


    14.2. Configuration


    14.2.1. Creating [print$]


    14.2.2. Setting Drivers for Existing Printers


    14.2.3. Support a large number of printers


    14.2.4. Adding New Printers via the Windows NT APW


    14.2.5. Samba and Printer Ports


    14.3. The Imprints Toolset


    14.3.1. What is Imprints?


    14.3.2. Creating Printer Driver Packages


    14.3.3. The Imprints server


    14.3.4. The Installation Client


    14.4. Diagnosis

    14.4.1. Introduction


    14.4.2. Debugging printer problems


    14.4.3. What printers do I have?


    14.4.4. Setting up printcap and print servers


    14.4.5. Job sent, no output


    14.4.6. Job sent, strange output


    14.4.7. Raw PostScript printed


    14.4.8. Advanced Printing


    14.4.9. Real debugging


    Chapter 15. Unified Logons between Windows NT and UNIX using Winbind

    Chapter 15. CUPS Printing Support

    15.1. Abstract15.1. Introduction

    Integration of UNIX and Microsoft Windows NT through - a unified logon has been considered a "holy grail" in heterogeneous - computing environments for a long time. We present - winbindThe Common Unix Print System (CUPS) has become very popular, but to many it is +a very mystical tool. There is a great deal of uncertainty regarding CUPS and how +it works. The result is seen in a large number of posting on the samba mailing lists +expressing frustration when MS Windows printers appear not to work with a CUPS +backr-end. +/para>

    This is a good time to point out how CUPS can be used and what it does. CUPS is more +than just a print spooling system - it is a complete printer management system that +complies with HTTP and IPP protocols. It can be managed remotely via a web browser +and it can print using http and ipp protocols.

    CUPS allows to creation of RAW printers (ie: NO file format translation) as well as +SMART printers (ie: CUPS does file format conversion as required for the printer). In +many ways this gives CUPS similar capabilities to the MS Windows print monitoring +system. Of course, if you are a CUPS advocate, you would agrue that CUPS is better! +In any case, let us now move on to explore how one may configure CUPS for interfacing +with MS Windows print clients via Samba.


    15.2. CUPS - RAW Print Through Mode

    When CUPS printers are configured for RAW print-through mode operation it is the +responsibility of the Samba client to fully render the print job (file) in a format +that is suitable for direct delivery to the printer. In this case CUPS will NOT +do any print file format conversion work.

    The CUPS files that need to be correctly set for RAW mode printers to work are: + +

    • /etc/cups/mime.types

    • /etc/cups/mime.convs

    + +Both contain entries that must be uncommented to allow RAW mode +operation.

    Firstly, to enable CUPS based printing from Samba the following options must be +enabled in your smb.conf file [globals] section: + +

    • printing = CUPS

    • printcap = CUPS

    + +When these parameters are specified the print directives in smb.conf (as well as in +samba itself) will be ignored because samba will directly interface with CUPS through +it's application program interface (API) - so long as Samba has been compiled with +CUPS library (libcups) support. If samba has NOT been compiled with CUPS support then +printing will use the System V AT&T command set with the -oraw +option automatically passing through.

    Cupsomatic (an enhanced printing utility that is part of some CUPS implementations) +on the Samba/CUPS server does *not* add any features if a file is really +printed "raw". However, if you have loaded the driver for the Windows client from +the CUPS server, using the "cupsaddsmb" utility, and if this driver is one using +a "Foomatic" PPD, the PJL header in question is already added on the Windows client, +at the time when the driver initially generated the PostScript data and CUPS in true +"-oraw" manner doesn't remove this PJL header and passes the file "as is" to its +printer communication backend.

    NOTE: editing in the "mime.convs" and the "mime.types" file does not *enforce* +"raw" printing, it only *allows* it.

    Print files that arrive from MS Windows printing are "auto-typed" by CUPS. This aids +the process of determining proper treatment while in the print queue system. + +

    • Files generated by PCL drivers and directed at PCK printers get auto-typed as + application/octet-stream. Unknown file format types also + get auto-typed with this tag. +

    • Files generated by a Postscript driver and directed at a Postscript printer + are auto-typed depending on the auto-detected most suitable MIME type as: + +

      • * application/postscript

      • * application/vnd.cups-postscript

      +

    "application/postscript" first goes thru the "pstops" filter (where the page counting +and accounting takes place). The outcome will be of MIME type +"application/vnd.cups-postscript". The pstopsfilter reads and uses information from +the PPD and inserts user-provided options into the PostScript file. As a consequence, +the filtered file could possibly have an unwanted PJL header.

    "application/postscript" will be all files with a ".ps", ".ai", ".eps" suffix or which +have as their first character string one of "%!" or "<04>%".

    "application/vnd.cups-postscript" will files which contain the string +"LANGUAGE=POSTSCRIPT" (or similar variations with different capitalization) in the +first 512 bytes, and also contain the "PJL super escape code" in the first 128 bytes +("<1B>%-12345X"). Very likely, most PostScript files generated on Windows using a CUPS +or other PPD, will have to be auto-typed as "vnd.cups-postscript". A file produced +with a "Generic PostScript driver" will just be tagged "application/postscript".

    Once the file is in "application/vnd.cups-postscript" format, either "pstoraster" +or "cupsomatic" will take over (depending on the printer configuration, as +determined by the PPD in use).

    A printer queue with *no* PPD associated to it is a "raw" printer and all files +will go directly there as received by the spooler. The exeptions are file types +"application/octet-stream" which need "passthrough feature" enabled. +"Raw" queues don't do any filtering at all, they hand the file directly to the +CUPS backend. This backend is responsible for the sending of the data to the device +(as in the "device URI" notation as lpd://, socket://, smb://, ipp://, http://, +parallel:/, serial:/, usb:/ etc.)

    "cupsomatic"/Foomatic are *not* native CUPS drivers and they don't ship with CUPS. +They are a Third Party add-on, developed at Linuxprinting.org. As such, they are +a brilliant hack to make all models (driven by Ghostscript drivers/filters in +traditional spoolers) also work via CUPS, with the same (good or bad!) quality +as in these other spoolers. "cupsomatic" is only a vehicle to execute a ghostscript +commandline at that stage in the CUPS filtering chain, where "normally" the native +CUPS "pstoraster" filter would kick in. cupsomatic by-passes pstoraster, "kidnaps" +the printfile from CUPS away and re-directs it to go through Ghostscipt. CUPS accepts this, +because the associated CUPS-O-Matic-/Foomatic-PPD specifies:

       *cupsFilter:  "application/vnd.cups-postscript 0 cupsomatic"

    This line persuades CUPS to hand the file to cupsomatic, once it has successfully +converted it to the MIME type "application/vnd.cups-postscript". This conversion will not +happen for Jobs arriving from Windows which are auto-typed "application/octet-stream", +with the according changes in "/etc/cups/mime.types" in place.

    CUPS is widely configurable and flexible, even regarding its filtering mechanism. +Another workaround in some situations would be to have +in "/etc/cups/mime.types" entries as follows:

       application/postscript           application/vnd.cups-raw  0  -
    +   application/vnd.cups-postscript  application/vnd.cups-raw  0  -

    This would prevent all Postscript files from being filtered (rather, they will go +thru the virtual "nullfilter" denoted with "-"). This could only be useful for +PS printers. If you want to print PS code on non-PS printers an entry as follows +could be useful:

       */*           application/vnd.cups-raw  0  -

    and would effectively send *all* files to the backend without further processing.

    Lastly, you could have the following entry:

       application/vnd.cups-postscript  application/vnd.cups-raw  0  my_PJL_stripping_filter

    You will need to write a "my_PJL_stripping_filter" (could be a shellscript) that +parses the PostScript and removes the unwanted PJL. This would need to conform to +CUPS filter design (mainly, receive and pass the parameters printername, job-id, +username, jobtitle, copies, print options and possibly the filename). It would +be installed as world executable into "/usr/lib/cups/filters/" and will be called +by CUPS if it encounters a MIME type "application/vnd.cups-postscript".

    CUPS can handle "-o job-hold-until=indefinite". This keeps the job in the queue +"on hold". It will only be printed upon manual release by the printer operator. +This is a requirement in many "central reproduction departments", where a few +operators manage the jobs of hundreds of users on some big machine, where no +user is allowed to have direct access. (The operators often need to load the +proper paper type before running the 10.000 page job requested by marketing +for the mailing, etc.).


    15.3. The CUPS Filter Chains

    The following diagrams reveal how CUPS handles print jobs.

    #########################################################################
    +#
    +# CUPS in and of itself has this (general) filter chain (CAPITAL
    +# letters are FILE-FORMATS or MIME types, other are filters (this is
    +# true for pre-1.1.15 of pre-4.3 versions of CUPS and ESP PrintPro):
    +#
    +# SOMETHNG-FILEFORMAT
    +#      |
    +#      |
    +#      V
    +#     somethingtops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/POSTSCRIPT
    +#      |
    +#      |
    +#      V
    +#     pstops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/VND.CUPS-POSTSCRIPT
    +#      |
    +#      |
    +#      V
    +#     pstoraster   # as shipped with CUPS, independent from any Ghostscipt
    +#      |           # installation on the system
    +#      |  (= "postscipt interpreter")
    +#      |
    +#      V
    +# APPLICATION/VND.CUPS-RASTER
    +#      |
    +#      |
    +#      V
    +#     rastertosomething  (f.e. Gimp-Print filters may be plugged in here)
    +#      |   (= "raster driver")
    +#      |
    +#      V
    +# SOMETHING-DEVICE-SPECIFIC
    +#      |
    +#      |
    +#      V
    +#     backend
    +#
    +#
    +# ESP PrintPro has some enhanced "rastertosomething" filters as compared to
    +# CUPS, and also a somewhat improved "pstoraster" filter.
    +#
    +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
    +#       CUPS and ESP PrintPro plug-in where rastertosomething is noted.
    +#
    +#########################################################################
    #########################################################################
    +#
    +# This is how "cupsomatic" comes into play:
    +# =========================================
    +#
    +# SOMETHNG-FILEFORMAT
    +#      |
    +#      |
    +#      V
    +#    somethingtops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/POSTSCRIPT
    +#      |
    +#      |
    +#      V
    +#    pstops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+
    +#      |                                          |
    +#      |                                          V
    +#      V                                         cupsomatic
    +#    pstoraster                                  (constructs complicated
    +#      |  (= "postscipt interpreter")            Ghostscript commandline
    +#      |                                         to let the file be
    +#      V                                         processed by a
    +# APPLICATION/VND.CUPS-RASTER                    "-sDEVICE=s.th."
    +#      |                                         call...)
    +#      |                                          |
    +#      V                                          |
    +#    rastertosomething                          V
    +#      |    (= "raster driver")     +-------------------------+
    +#      |                            | Ghostscript at work.... |
    +#      V                            |                         |
    +# SOMETHING-DEVICE-SPECIFIC         *-------------------------+
    +#      |                                          |
    +#      |                                          |
    +#      V                                          |
    +#    backend >------------------------------------+
    +#      |
    +#      |
    +#      V
    +#    THE PRINTER
    +#
    +#
    +# Note, that cupsomatic "kidnaps" the printfile after the
    +# "APPLICATION/VND.CUPS-POSTSCRPT" stage and deviates it through
    +# the CUPS-external, systemwide Ghostscript installation, bypassing the
    +# "pstoraster" filter (therefor also bypassing the CUPS-raster-drivers
    +# "rastertosomething", and hands the rasterized file directly to the CUPS
    +# backend...
    +#
    +# cupsomatic is not made by the CUPS developers. It is an independent
    +# contribution to printing development, made by people from
    +# Linuxprinting.org. (see also http://www.cups.org/cups-help.html)
    +#
    +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
    +#       CUPS and ESP PrintPro plug-in where rastertosomething is noted.
    +#
    +#########################################################################
    #########################################################################
    +#
    +# And this is how it works for ESP PrintPro from 4.3:
    +# ===================================================
    +#
    +# SOMETHNG-FILEFORMAT
    +#      |
    +#      |
    +#      V
    +#     somethingtops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/POSTSCRIPT
    +#      |
    +#      |
    +#      V
    +#     pstops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/VND.CUPS-POSTSCRIPT
    +#      |
    +#      |
    +#      V
    +#     gsrip
    +#      |  (= "postscipt interpreter")
    +#      |
    +#      V
    +# APPLICATION/VND.CUPS-RASTER
    +#      |
    +#      |
    +#      V
    +#     rastertosomething  (f.e. Gimp-Print filters may be plugged in here)
    +#      |   (= "raster driver")
    +#      |
    +#      V
    +# SOMETHING-DEVICE-SPECIFIC
    +#      |
    +#      |
    +#      V
    +#     backend
    +#
    +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
    +#       CUPS and ESP PrintPro plug-in where rastertosomething is noted.
    +#
    +#########################################################################
    #########################################################################
    +#
    +# This is how "cupsomatic" would come into play with ESP PrintPro:
    +# ================================================================
    +#
    +#
    +# SOMETHNG-FILEFORMAT
    +#      |
    +#      |
    +#      V
    +#    somethingtops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/POSTSCRIPT
    +#      |
    +#      |
    +#      V
    +#    pstops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+
    +#      |                                          |
    +#      |                                          V
    +#      V                                         cupsomatic
    +#    gsrip                                       (constructs complicated
    +#      |  (= "postscipt interpreter")            Ghostscript commandline
    +#      |                                         to let the file be
    +#      V                                         processed by a
    +# APPLICATION/VND.CUPS-RASTER                    "-sDEVICE=s.th."
    +#      |                                         call...)
    +#      |                                          |
    +#      V                                          |
    +#    rastertosomething                          V
    +#      |   (= "raster driver")      +-------------------------+
    +#      |                            | Ghostscript at work.... |
    +#      V                            |                         |
    +# SOMETHING-DEVICE-SPECIFIC         *-------------------------+
    +#      |                                          |
    +#      |                                          |
    +#      V                                          |
    +#    backend >------------------------------------+
    +#      |
    +#      |
    +#      V
    +#    THE PRINTER
    +#
    +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
    +#       CUPS and ESP PrintPro plug-in where rastertosomething is noted.
    +#
    +#########################################################################
    #########################################################################
    +#
    +# And this is how it works for CUPS from 1.1.15:
    +# ==============================================
    +#
    +# SOMETHNG-FILEFORMAT
    +#      |
    +#      |
    +#      V
    +#     somethingtops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/POSTSCRIPT
    +#      |
    +#      |
    +#      V
    +#     pstops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/VND.CUPS-POSTSCRIPT-----+
    +#                                     |
    +#                  +------------------v------------------------------+
    +#                  | Ghostscript                                     |
    +#                  | at work...                                      |
    +#                  | (with                                           |
    +#                  | "-sDEVICE=cups")                                |
    +#                  |                                                 |
    +#                  |         (= "postscipt interpreter")             |
    +#                  |                                                 |
    +#                  +------------------v------------------------------+
    +#                                     |
    +#                                     |
    +# APPLICATION/VND.CUPS-RASTER >-------+
    +#      |
    +#      |
    +#      V
    +#     rastertosomething
    +#      |   (= "raster driver")
    +#      |
    +#      V
    +# SOMETHING-DEVICE-SPECIFIC
    +#      |
    +#      |
    +#      V
    +#     backend
    +#
    +#
    +# NOTE: since version 1.1.15 CUPS "outsourced" the pstoraster process to
    +#       Ghostscript. GNU Ghostscript needs to be patched to handle the
    +#       CUPS requirement; ESP Ghostscript has this builtin. In any case,
    +#       "gs -h" needs to show up a "cups" device. pstoraster is now a
    +#       calling an appropriate "gs -sDEVICE=cups..." commandline to do
    +#       the job. It will output "application/vnd.cup-raster", which will
    +#       be finally processed by a CUPS raster driver "rastertosomething"
    +#       Note the difference to "cupsomatic", which will *not* output
    +#       CUPS-raster, but a final version of the printfile, ready to be
    +#       sent to the printer. cupsomatic also doesn't use the "cups"
    +#       devicemode in Ghostscript, but one of the classical devicemodes....
    +#
    +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
    +#       CUPS and ESP PrintPro plug-in where rastertosomething is noted.
    +#
    +#########################################################################
    #########################################################################
    +#
    +# And this is how it works for CUPS from 1.1.15, with cupsomatic included:
    +# ========================================================================
    +#
    +# SOMETHNG-FILEFORMAT
    +#      |
    +#      |
    +#      V
    +#     somethingtops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/POSTSCRIPT
    +#      |
    +#      |
    +#      V
    +#     pstops
    +#      |
    +#      |
    +#      V
    +# APPLICATION/VND.CUPS-POSTSCRIPT-----+
    +#                                     |
    +#                  +------------------v------------------------------+
    +#                  | Ghostscript        . Ghostscript at work....    |
    +#                  | at work...         . (with "-sDEVICE=           |
    +#                  | (with              .            s.th."        |
    +#                  | "-sDEVICE=cups")   .                            |
    +#                  |                    .                            |
    +#                  | (CUPS standard)    .      (cupsomatic)          |
    +#                  |                    .                            |
    +#                  |          (= "postscript interpreter")           |
    +#                  |                    .                            |
    +#                  +------------------v--------------v---------------+
    +#                                     |              |
    +#                                     |              |
    +# APPLICATION/VND.CUPS-RASTER >-------+              |
    +#      |                                             |
    +#      |                                             |
    +#      V                                             |
    +#     rastertosomething                            |
    +#      |   (= "raster driver")                       |
    +#      |                                             |
    +#      V                                             |
    +# SOMETHING-DEVICE-SPECIFIC >------------------------+
    +#      |
    +#      |
    +#      V
    +#     backend
    +#
    +#
    +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
    +#       CUPS and ESP PrintPro plug-in where rastertosomething is noted.
    +#
    +##########################################################################

    15.4. CUPS Print Drivers and Devices

    CUPS ships with good support for HP LaserJet type printers. You can install +the driver as follows: + +

    • lpadmin -p laserjet4plus -v parallel:/dev/lp0 -E -m laserjet.ppd +

    + +(The "-m" switch will retrieve the "laserjet.ppd" from the standard repository +for not-yet-installed-PPDs, which CUPS typically stores in +/usr/share/cups/model. Alternatively, you may use +"-P /absolute/filesystem/path/to/where/there/is/PPD/your.ppd").


    15.4.1. Further printing steps

    Always also consult the database on linuxprinting.org for all recommendations +about which driver is best used for each printer:

    http://www.linuxprinting.org/printer_list.cgi

    There select your model and click on "Show". You'll arrive at a page listing +all drivers working with your model. There will always be *one* +recommended one. Try this one first. In your case +("HP LaserJet 4 Plus"), you'll arrive here:

    http://www.linuxprinting.org/show_printer.cgi?recnum=75104

    The recommended driver is "ljet4". It has a link to the page for the ljet4 +driver too:

    http://www.linuxprinting.org/show_driver.cgi?driver=ljet4

    On the driver's page, you'll find important and detailed info about how to use +that driver within the various available spoolers. You can generate a PPD for +CUPS. The PPD contains all the info about how to use your model and the driver; +this is, once installed, working transparently for the user -- you'll only +need to choose resolution, paper size etc. from the web-based menu or from +the print dialog GUI or from the commandline...

    On the driver's page, choose to use the "PPD-O-Matic" online PPD generator +program. Select your model and click "Generate PPD file". When you safe the +appearing ASCII text file, don't use "cut'n'past" (as it could possiblly corrupt +line endings and tabs), but use "Save as..." in your browser's menu. Save it +at "/some/path/on/your/filesystem/somewhere/my-name-for-my-printer.ppd"

    Then install the printer:

        "lpadmin -p laserjet4plus -v parallel:/dev/lp0 -E -P /some/path/on/your/filesystem/somewhere/my-name-for-my-printer.ppd"

    Note, that for all the "Foomatic-PPDs" from Linuxprinting.org, you also need +a special "CUPS filter" named "cupsomatic". Get the latest version of +"cupsomatic" from:

    http://www.linuxprinting.org/cupsomatic

    This needs to be copied to /usr/lib/cups/filter/cupsomatic +and be made world executable. This filter is needed to read and act upon the +specially encoded Foomatic comments, embedded in the printfile, which in turn +are used to construct (transparently for you, the user) the complicated +ghostscript command line needed for your printer/driver combo.

    You can have a look at all the options for the Ghostscript commandline supported +by your printer and the ljet4 driver by going to the section "Execution details", +selecting your model (Laserjet 4 Plus) and clicking on "Show execution details". +This will bring up this web page:

    http://www.linuxprinting.org/execution.cgi?driver=ljet4&printer=75104&.submit=Show+execution+details

    The ingenious thing is that the database is kept current. If there +is a bug fix and an improvement somewhere in the database, you will +always get the most current and stable and feature-rich driver by following +the steps described above.

    Till Kamppeter from MandrakeSoft is doing an excellent job here that too few +people are aware of. (So if you use it often, please send him a note showing +your appreciation).

    The latest and greatest improvement now is support for "custom page sizes" +for all those printers which support it.

    "cupsomatic" is documented here:

    http://www.linuxprinting.org/cups-doc.html

    More printing tutorial info may be found here:

    http://www.linuxprinting.org/kpfeifle/LinuxKongress2002/Tutorial/

    Note, that *all* the Foomatic drivers listed on Linuxprinting.org (now +approaching the "all-time high" number of 1.000 for the supported models) +are using a special filtering chain involving Ghostscript, as described +in this document.

    Summary - You need:

    A "foomatic+something" PPD is not enough to print with CUPS (but it is *one* important component)
    The "cupsomatic" filter script (Perl) in /usr/lib/cups/filters/
    Perl to make cupsomatic run
    Ghostscript (because it is called and controlled by the PPD/cupsomatic combo in a way to fit your printermodel/driver combo.
    Ghostscript *must*, depending on the driver/model, contain support for a certain "device" (as shown by "gs -h")

    In the case of the "hpijs" driver, you need a Ghostscript version, which +has "ijs" amongst its supported devices in "gs -h". In the case of +"hpijs+foomatic", a valid ghostscript commandline would be reading like this:

           gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs       \
    +             -sIjsServer=hpijsPageSize -dDuplex=Duplex Model        \
    +             -rResolution,PS:MediaPosition=InputSlot -dIjsUseOutputFD \
    +             -sOutputFile=- -

    Note, that with CUPS and the "hpijs+foomatic" PPD (plus Perl and cupsomatic) +you don't need to remember this. You can choose the available print options +thru a GUI print command (like "glp" from ESP's commercially supported +PrintPro software, or KDE's "kprinter", or GNOME's "gtklp" or the independent +"xpp") or the CUPS web interface via human-readable drop-down selection +menus.

    If you use "ESP Ghostscript" (also under the GPL, provided by Easy Software +Products, the makers of CUPS, downloadable from +http://www.cups.org/software.html, +co-maintained by the developers of linuxprinting.org), you are guaranteed to +have in use the most uptodate, bug-fixed, enhanced and stable version of a Free +Ghostscript. It contains support for ~300 devices, whereas plain vanilla +GNU Ghostscript 7.05 only has ~200.

    If you print only one CUPS test page, from the web interface and when you try to +print a windows test page, it acts like the job was never sent: + +

    Can you print "standard" jobs from the CUPS machine?
    Are the jobs from Windows visible in the Web interface on CUPS (http://localhost:631/)?
    Most important: What kind of printer driver are you using on the Windows clients?

    + +You can try to get a more detailed debugging info by setting "LogLevel debug" in +/etc/cups/cupsd.conf, re-start cupsd and investigate /var/log/cups/error_log +for the whereabouts of your Windows-originating printjobs:

    what does the "auto-typing" line say? which is the "MIME type" CUPS thinks is arriving from the Windows clients?
    are there "filter" available for this MIME type?
    are there "filter rules" defined in "/etc/cups/mime.convs" for this MIME type?


    15.5. Limiting the number of pages users can print

    The feature you want is dependent on the real print subsystem you're using. +Samba's part is always to receive the job files from the clients (filtered +*or* unfiltered) and hand it over to this printing subsystem.

    Of course one could "hack" things with one's own scripts.

    But there is CUPS (Common Unix Printing System). CUPS supports "quotas". +Quotas can be based on sizes of jobs or on the number of pages or both, +and are spanning any time period you want.

    This is an example command how root would set a print quota in CUPS, +assuming an existing printer named "quotaprinter":

      lpadmin -p quotaprinter -o job-quota-period=604800 -o job-k-limit=1024 -o job-page-limit=100

    This would limit every single user to print 100 pages or 1024 KB of +data (whichever comes first) within the last 604.800 seconds ( = 1 week).

    For CUPS to count correctly, the printfile needs to pass the CUPS "pstops" filter, +otherwise it uses a "dummy" count of "1". Some printfiles don't pass it +(eg: image files) but then those are mostly 1 page jobs anyway. This also means, +proprietary drivers for the target printer running on the client computers and +CUPS/Samba then spooling these files as "raw" (i.e. leaving them untouched, not +filtering them), will be counted as "1-pagers" too!

    You need to send PostScript from the clients (i.e. run a PostScript driver there) +for having the chance to get accounting done. If the printer is a non-PostScript model, +you need to let CUPS do the job to convert the file to a print-ready format for the +target printer. This will be working for currently ~1.000 different printer models, see

         http://www.linuxprinting.org/printer_list.cgi

    Before CUPS-1.1.16 your only option was to use the Adobe PostScript +Driver on the Windows clients. The output of this driver was not always +passed thru the "pstops" filter on the CUPS/Samba side, and therefor was +not counted correctly (the reason is that it often --- depending on the +"PPD" being used --- did write a "PJL"-header in front of the real +PostScript which made CUPS to skip the pstops and go directy to +the "pstoraster" stage).

    From CUPS-1.1.16 onward you can use the "CUPS PostScript Driver +for Windows NT/2K/XP clients" (it is tagged in the download area of +http://www.cups.org/ as the "cups-samba-1.1.16.tar.gz" package). +It is *not* working for Win9x/ME clients. But it:

    >it guarantees to not write an PJL-header
    it guarantees to still read and support all PJL-options named in the driver PPD with its own means
    it guarantees the file going thru the "pstops" filter on the CUPS/Samba server
    it guarantees to page-count correctly the printfile

    You can read more about the setup of this combination in the +manpage for "cupsaddsmb" (only present with CUPS installed, only +current with CUPS 1.1.16).

    These are the items CUPS logs in the "page_log" for every single *page* of a job:

    	* Printer name
    +	* User name
    +	* Job ID
    +	* Time of printing
    +	* the page number
    +	* the number of copies
    +	* a billing info string (optional)

    Here is an extract of my CUPS server's page_log file to illustrate +the format and included items:

    	infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 1 2  #marketing
    +	infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 2 2  #marketing
    +	infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 3 2  #marketing
    +	infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 4 2  #marketing
    +	infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 5 2  #marketing
    +	infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 6 2  #marketing

    This was Job ID "40", printed on "infotec_IS2027" by user "kurt", a 6-page job +printed in 2 copies and billed to "#marketing"...

    What flaws or shortcomings are there?

    the ones named above
    CUPS really counts the job pages being *processsed in software* + (going thru the "RIP") rather than the physical sheets successfully + leaving the printing device -- if there is a jam while printing + the 5th sheet out of 1000 and the job is aborted by the printer, + the "page count" will still show the figure of 1000 for that job +
    all quotas are the same for all users (no flexibility to give the + boss a higher quota than the clerk) no support for groups +
    no means to read out the current balance or "used-up" number of current quota +
    a user having used up 99 sheets of 100 quota will still be able to send and print a 1.000 sheet job +
    a user being denied a job because of a filled-up quota doesn't get a meaningful + error message from CUPS other than "client-error-not-possible". +

    But this is the best system out there currently. And there are +huge improvements under development:

    page counting will go into the "backends" (these talk + directly to the printer and will increase the count in sync with the + actual printing process -- a jam at the 5th sheet will lead to a stop in the counting)
    quotas will be handled more flexibly
    probably there will be support for users to inquire their "accounts" in advance
    probably there will be support for some other tools around this topic

    Other than the current stage of the CUPS development, I don't +know any other ready-to-use tool which you could consider.

    You can download the driver files from +http://www.cups.org/software.html. +It is a separate package from the CUPS base software files, tagged as "CUPS 1.1.16 +Windows NT/2k/XP Printer Driver for SAMBA (tar.gz, 192k)". The filename to +download is "cups-samba-1.1.16.tar.gz". Upon untar-/unzip-ping it will reveal +the files:

       cups-samba.install
    +   cups-samba.license
    +   cups-samba.readme
    +   cups-samba.remove
    +   cups-samba.ss

    These have been packaged with the ESP meta packager software "EPM". The +*.install and *.remove files are simple shell script, which untars the +*.ss (which is nothing else than a tar-archive) and puts its contents +into /usr/share/cups/drivers/. Its contents are 3 files:

       cupsdrvr.dll
    +   cupsui.dll
    +   cups.hlp

    ATTENTION: due to a bug one CUPS release puts the cups.hlp +into /usr/share/drivers/ instead of +/usr/share/cups/drivers/. To work around this, copy/move +the file after running the "./cups-samba.install" script manually to the right place:

          cp /usr/share/drivers/cups.hlp /usr/share/cups/drivers/

    This new CUPS PostScript driver is currently binary-only, but free +no source code is provided (yet). The reason is this: it has +been developed with the help of the Microsoft Driver Developer Kit (DDK) +and compiled with Microsoft Visual Studio 6. It is not clear to the driver +developers if they are allowed to distribute the whole of the source code +as Free Software. However, they will likely release the "diff" in source +code under the GPL, so anybody with a license of Visual Studio and a DDK +will be able to compile for him/herself.

    Once you have run the install script (and possibly manually moved the +"cups.hlp" file to "/usr/share/cups/drivers/"), the driver is ready to be +put into Samba's [print$] share (which often maps to "/etc/samba/drivers/" +and contains a subdir tree with WIN40 and W32X86 branches), by running +"cupsaddsmb" (see also "man cupsaddsmb" for CUPS 1.1.16). [Don't forget to +put root into the smbpasswd file by running "smbpasswd" should you run +this whole procedure for the first time.] Once the driver files are in the +[print$] share, they are ready to be downloaded and installed by the +Win NT/2k/XP clients.

    NOTE 1: Win 9x/ME clients won't work with this driver. For these you'd +still need to use the ADOBE*.* drivers as previously.

    NOTE 2: It is not harming if you've still the ADOBE*.* driver files from +previous installations in the "/usr/share/cups/drivers/" directory. +The new cupsaddsmb (from 1.1.16) will automatically use the +"newest" installed driver (which here then is the CUPS drivers).

    NOTE 3: Should your Win clients have had the old ADOBE*.* files and the +Adobe PostScript drivers installed, the download and installation +of the new CUPS PostScript driver for Windows NT/2k/XP will fail +at first.

    It is not enough to "delete" the printer (as the driver files +will still be kept by the clients and re-used if you try to +re-install the printer). To really get rid of the Adobe driver +files on the clients, open the "Printers" folder (possibly via +"Start --> Settings --> Control Panel --> Printers"), right-click +onto the folder background and select "Server Properties". A +new dialog opens; select the "Drivers" tab; on the list select +the driver you want to delete and click on the "Delete" button. +(This will only work if there is no single printer left which +uses that particular driver -- you need to "delete" all printers +using this driver in the "Printers" folder first.)

    Once you have successfully downloaded the CUPS PostScript driver +to a client, you can easily switch all printers to this one +by proceeding as described elsewhere in the "Samba HOWTO +Collection" to change a driver for an existing printer.

    What are the benefits with the "CUPS PostScript driver for Windows NT/2k/XP" +as compared to the Adobe drivers?

    • no hassle with the Adobe EULA +

    • no hassle with the question "where do I get the ADOBE*.* driver files from?" +

    • the Adobe drivers (depending on the printer PPD associated with them) + often put a PJL header in front of the core PostScript part of the print + file (thus the file starts with "1B%-12345X" or "escape%-12345X" + instead of "%!PS"). This leads to the CUPS daemon autotyping the + arriving file as a print-ready file, not requiring a pass thru the + "pstops" filter (to speak more technical, it is not regarded as the + generic MIME type "application/postscript", but as the more special + MIME type "application/cups.vnd-postscript"), which therefore also + leads to the page accounting in "/var/log/cups/page_log" not receiving + the exact mumber of pages; instead the dummy page number of "1" is + logged in a standard setup) +

    • the Adobe driver has more options to "mis-configure" the PostScript + generated by it (like setting it inadvertedly to "Optimize for Speed", + instead of "Optimize for Portability", which could lead to CUPS being + unable to process it) +

    • the CUPS PostScript driver output sent by Windows clients to the CUPS + server will be guaranteed to be auto-typed as generic MIME type + "application/postscript", thusly passing thru the CUPS "pstops" filter + and logging the correct number of pages in the page_log for accounting + and quota purposes +

    • the CUPS PostScript driver supports the sending of additional print + options by the Win NT/2k/XP clients, such as naming the CUPS standard + banner pages (or the custom ones, should they be installed at the time + of driver download), using the CUPS "page-label" option, setting a + job-priority and setting the scheduled time of printing (with the option + to support additional useful IPP job attributes in the future). +

    • the CUPS PostScript driver supports the inclusion of the new + "*cupsJobTicket" comments at the beginnig of the PostScript file (which + could be used in the future for all sort of beneficial extensions on + the CUPS side, but which will not disturb any other application as those + will regard it as a comment and simply ignore it). +

    • the CUPS PostScript driver will be the heart of the fully fledged CUPS + IPP client for Windows NT/2k/XP to be released soon (probably alongside + the first Beta release for CUPS 1.2). +


    15.6. Advanced Postscript Printing from MS Windows

    Let the Windows Clients use a PostScript driver to deliver poistscript to +the samba print server (just like any Linux or Unix Client would also use +PostScript to send to the server)

    Make the Unix printing subsystem to which Samba sends the job convert the +incoming PostScript files to the native print format of the target printers +(would be PCL if you have an HP printer)

    Now if you are afraid that this would just mean using a *Generic* PostScript +driver for the clients that has no Simplex/Duplex selection, and no paper tray +choice, but you need them to be able to set up print jobs, with all the bells +and whistles of your printers:-

    Not possible with traditional spooling systems
    But perfectly supported by CUPS (which uses "PPD" files to + describe how to control the print options for PostScript and + non-PostScript devices alike... +

    CUPS PPDs are working perfectly on Windows clients who use Adobe PostScript +drivers (or the new CUPS PostScript driver for Windows NT/2K/XP). Clients can use +them to setup the job to their liking and CUPS will use the received job options +to make the (PCL-, ESC/P- or PostScript-) printer behave as required.

    If you want to have the additional benefit of page count logging and accounting +then the CUPS PostScript driver is the best choice (better than the Adobe one).

    If you want to make the drivers downloadable for the clients then "cupsaddsmb" is +your friend. It will setup the [print$] share on the Samba host to be ready to serve +the clients for a "point and print" driver installation.

    What strings are attached?

    There are some. But, given the sheer CPU power you can buy nowadays, +these can be overcome easily. The strings:

    Well, if the CUPS/Samba side will have to print to many printers serving many users, +you probably will need to set up a second server (which can do automatic load balancing +with the first one, plus a degree of fail-over mechanism). Converting the incoming +PostScript jobs, "interpreting" them for non-PostScript printers, amounts to the work +of a "RIP" (Raster Image Processor) done in software. This requires more CPU and RAM +than for the mere "raw spooling" task your current setup is solving. It all depends +on the avarage and peak printing load the server should be able to handle.


    15.7. Auto-Deletion of CUPS spool files

    Samba print files pass thru two "spool" directories. One the incoming directory +managed by Samba, (set eg: in the "path = /var/spool/samba" directive in the [printers] +section of "smb.conf"). Second is the spool directory of your UNIX print subsystem. +For CUPS it is normally "/var/spool/cups/", as set by the cupsd.conf directive +"RequestRoot /var/spool/cups".

    I am not sure, which one of your directories keeps the files. From what you say, +it is most likely the Samba part.

    For the CUPS part, you may want to consult:

       http://localhost:631/sam.html#PreserveJobFiles and
    +   http://localhost:631/sam.html#PreserveJobHistory and
    +   http://localhost:631/sam.html#MaxJobs

    There are the settings described for your CUPS daemon, which could lead to completed +job files not being deleted.

    "PreserveJobHistory Yes" -- keeps some details of jobs in +cupsd's mind (well it keeps the "c12345", "c12346" etc. files +in the CUPS spool directory, which do a similar job as the +old-fashioned BSD-LPD control files). This is set to "Yes" +as a default.

    "PreserveJobFiles Yes" -- keeps the job files themselves in +cupsd's mind (well it keeps the "d12345", "d12346" etc. files +in the CUPS spool directory...). This is set to "No" as the +CUPS default.

    "MaxJobs 500" -- this directive controls the maximum number +of jobs that are kept in memory. Once the number of jobs +reaches the limit, the oldest completed job is automatically +purged from the system to make room for the new one. If all +of the known jobs are still pending or active then the new +job will be rejected. Setting the maximum to 0 disables this +functionality. The default setting is 0.

    (There are also additional settings for "MaxJobsPerUser" and +"MaxJobsPerPrinter"...)

    For everything to work as announced, you need to have three things:

    a Samba-smbd which is compiled against "libcups" (Check on Linux by running "ldd `which smbd`") +
    a Samba-smb.conf setting of "printing = cups" +
    another Samba-smb.conf setting of "printcap = cups" +

    Note, that in this case all other manually set printing-related +commands (like "print command", "lpq command", "lprm command", +"lppause command" or "lpresume command") are ignored and they +should normally have no influence what-so-ever on your printing.

    If you want to do things manually, replace the "printing = cups" +by "printing = bsd". Then your manually set commands may work +(haven't tested this), and a "print command = lp -d %P %s; rm %s" +may do what you need.

    You forgot to mention the CUPS version you're using. If you did +set things up as described in the man pages, then the Samba +spool files should be deleted. Otherwise it may be a bug. On +the CUPS side, you can control the behaviour as described +above.

    If you have more problems, post the output of these commands:

       grep -v ^# /etc/cups/cupsd.conf | grep -v ^$
    +   grep -v ^# /etc/samba/smb.conf | grep -v ^$ | grep -v "^;"

    (adapt paths as needed). These commands sanitize the files +and cut out the empty lines and lines with comments, providing +the "naked settings" in a compact way.


    Chapter 16. Unified Logons between Windows NT and UNIX using Winbind

    16.1. Abstract

    Integration of UNIX and Microsoft Windows NT through + a unified logon has been considered a "holy grail" in heterogeneous + computing environments for a long time. We present + winbind, a component of the Samba suite of programs as a solution to the unified logon problem. Winbind uses a UNIX implementation @@ -11914,8 +13881,8 @@ CLASS="SECT1" >


    15.2. Introduction16.2. Introduction

    It is well known that UNIX and Microsoft Windows NT have @@ -11968,8 +13935,8 @@ CLASS="SECT1" >


    15.3. What Winbind Provides16.3. What Winbind Provides

    Winbind unifies UNIX and Windows NT account management by @@ -12010,8 +13977,8 @@ CLASS="SECT2" >


    15.3.1. Target Uses16.3.1. Target Uses

    Winbind is targeted at organizations that have an @@ -12034,8 +14001,8 @@ CLASS="SECT1" >


    15.4. How Winbind Works16.4. How Winbind Works

    The winbind system is designed around a client/server @@ -12054,8 +14021,8 @@ CLASS="SECT2" >


    15.4.1. Microsoft Remote Procedure Calls16.4.1. Microsoft Remote Procedure Calls

    Over the last few years, efforts have been underway @@ -12080,8 +14047,8 @@ CLASS="SECT2" >


    15.4.2. Microsoft Active Directory Services16.4.2. Microsoft Active Directory Services

    Since late 2001, Samba has gained the ability to @@ -12099,8 +14066,8 @@ CLASS="SECT2" >


    15.4.3. Name Service Switch16.4.3. Name Service Switch

    The Name Service Switch, or NSS, is a feature that is @@ -12179,8 +14146,8 @@ CLASS="SECT2" >


    15.4.4. Pluggable Authentication Modules16.4.4. Pluggable Authentication Modules

    Pluggable Authentication Modules, also known as PAM, @@ -12228,8 +14195,8 @@ CLASS="SECT2" >


    15.4.5. User and Group ID Allocation16.4.5. User and Group ID Allocation

    When a user or group is created under Windows NT @@ -12254,8 +14221,8 @@ CLASS="SECT2" >


    15.4.6. Result Caching16.4.6. Result Caching

    An active system can generate a lot of user and group @@ -12277,8 +14244,8 @@ CLASS="SECT1" >


    15.5. Installation and Configuration16.5. Installation and Configuration

    Many thanks to John Trostel


    15.5.1. Introduction16.5.1. Introduction

    This HOWTO describes the procedures used to get winbind up and @@ -12355,8 +14322,8 @@ CLASS="SECT2" >


    15.5.2. Requirements16.5.2. Requirements

    If you have a samba configuration file that you are currently @@ -12425,8 +14392,8 @@ CLASS="SECT2" >


    15.5.3. Testing Things Out16.5.3. Testing Things Out

    Before starting, it is probably best to kill off all the SAMBA @@ -12470,8 +14437,8 @@ CLASS="SECT3" >


    15.5.3.1. Configure and compile SAMBA16.5.3.1. Configure and compile SAMBA

    The configuration and compilation of SAMBA is pretty straightforward. @@ -12536,8 +14503,8 @@ CLASS="SECT3" >


    15.5.3.2. Configure 16.5.3.2. Configure nsswitch.conf and the @@ -12641,8 +14608,8 @@ CLASS="SECT3" >

    15.5.3.3. Configure smb.conf16.5.3.3. Configure smb.conf

    Several parameters are needed in the smb.conf file to control @@ -12716,8 +14683,8 @@ CLASS="SECT3" >


    15.5.3.4. Join the SAMBA server to the PDC domain16.5.3.4. Join the SAMBA server to the PDC domain

    Enter the following command to make the SAMBA server join the @@ -12754,8 +14721,8 @@ CLASS="SECT3" >


    15.5.3.5. Start up the winbindd daemon and test it!16.5.3.5. Start up the winbindd daemon and test it!

    Eventually, you will want to modify your smb startup script to @@ -12890,16 +14857,16 @@ CLASS="SECT3" >


    15.5.3.6. Fix the init.d startup scripts16.5.3.6. Fix the init.d startup scripts

    15.5.3.6.1. Linux16.5.3.6.1. Linux

    The


    15.5.3.6.2. Solaris16.5.3.6.2. Solaris

    On solaris, you need to modify the @@ -13092,8 +15059,8 @@ CLASS="SECT4" >


    15.5.3.6.3. Restarting16.5.3.6.3. Restarting

    If you restart the


    15.5.3.7. Configure Winbind and PAM16.5.3.7. Configure Winbind and PAM

    If you have made it this far, you know that winbindd and samba are working @@ -13174,8 +15141,8 @@ CLASS="SECT4" >


    15.5.3.7.1. Linux/FreeBSD-specific PAM configuration16.5.3.7.1. Linux/FreeBSD-specific PAM configuration

    The


    15.5.3.7.2. Solaris-specific configuration16.5.3.7.2. Solaris-specific configuration

    The /etc/pam.conf needs to be changed. I changed this file so that my Domain @@ -13390,8 +15357,8 @@ CLASS="SECT1" >


    15.6. Limitations16.6. Limitations

    Winbind has a number of limitations in its current @@ -13432,8 +15399,8 @@ CLASS="SECT1" >


    15.7. Conclusion16.7. Conclusion

    The winbind system, through the use of the Name Service @@ -13450,14 +15417,14 @@ CLASS="CHAPTER" >Chapter 16. Improved browsing in samba

    Chapter 17. Improved browsing in samba

    16.1. Overview of browsing17.1. Overview of browsing

    SMB networking provides a mechanism by which clients can access a list @@ -13485,8 +15452,8 @@ CLASS="SECT1" >


    16.2. Browsing support in samba17.2. Browsing support in samba

    Samba facilitates browsing. The browsing is supported by nmbd @@ -13528,8 +15495,8 @@ CLASS="SECT1" >


    16.3. Problem resolution17.3. Problem resolution

    If something doesn't work then hopefully the log.nmb file will help @@ -13575,8 +15542,8 @@ CLASS="SECT1" >


    16.4. Browsing across subnets17.4. Browsing across subnets

    Since the release of Samba 1.9.17(alpha1) Samba has been @@ -13606,8 +15573,8 @@ CLASS="SECT2" >


    16.4.1. How does cross subnet browsing work ?17.4.1. How does cross subnet browsing work ?

    Cross subnet browsing is a complicated dance, containing multiple @@ -13817,8 +15784,8 @@ CLASS="SECT1" >


    16.5. Setting up a WINS server17.5. Setting up a WINS server

    Either a Samba machine or a Windows NT Server machine may be set up @@ -13900,8 +15867,8 @@ CLASS="SECT1" >


    16.6. Setting up Browsing in a WORKGROUP17.6. Setting up Browsing in a WORKGROUP

    To set up cross subnet browsing on a network containing machines @@ -13985,8 +15952,8 @@ CLASS="SECT1" >


    16.7. Setting up Browsing in a DOMAIN17.7. Setting up Browsing in a DOMAIN

    If you are adding Samba servers to a Windows NT Domain then @@ -14036,8 +16003,8 @@ CLASS="SECT1" >


    16.8. Forcing samba to be the master17.8. Forcing samba to be the master

    Who becomes the "master browser" is determined by an election process @@ -14084,8 +16051,8 @@ CLASS="SECT1" >


    16.9. Making samba the domain master17.9. Making samba the domain master

    The domain master is responsible for collating the browse lists of @@ -14157,8 +16124,8 @@ CLASS="SECT1" >


    16.10. Note about broadcast addresses17.10. Note about broadcast addresses

    If your network uses a "0" based broadcast address (for example if it @@ -14171,8 +16138,8 @@ CLASS="SECT1" >


    16.11. Multiple interfaces17.11. Multiple interfaces

    Samba now supports machines with multiple network interfaces. If you @@ -14186,14 +16153,14 @@ CLASS="CHAPTER" >Chapter 17. Stackable VFS modulesChapter 18. Stackable VFS modules

    17.1. Introduction and configuration18.1. Introduction and configuration

    Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -14233,16 +16200,16 @@ CLASS="SECT1" >


    17.2. Included modules18.2. Included modules

    17.2.1. audit18.2.1. audit

    A simple module to audit file access to the syslog @@ -14279,8 +16246,8 @@ CLASS="SECT2" >


    17.2.2. recycle18.2.2. recycle

    A recycle-bin like modules. When used any unlink call @@ -14350,8 +16317,8 @@ CLASS="SECT2" >


    17.2.3. netatalk18.2.3. netatalk

    A netatalk module, that will ease co-existence of samba and @@ -14383,8 +16350,8 @@ CLASS="SECT1" >


    17.3. VFS modules available elsewhere18.3. VFS modules available elsewhere

    This section contains a listing of various other VFS modules that @@ -14399,8 +16366,8 @@ CLASS="SECT2" >


    17.3.1. DatabaseFS18.3.1. DatabaseFS

    URL:


    17.3.2. vscan18.3.2. vscan

    URL: Chapter 18. Group mapping HOWTOChapter 19. Group mapping HOWTO

    Starting with Samba 3.0 alpha 2, a new group mapping function is available. The @@ -14558,14 +16525,14 @@ CLASS="CHAPTER" >Chapter 19. Samba performance issuesChapter 20. Samba performance issues

    19.1. Comparisons20.1. Comparisons

    The Samba server uses TCP to talk to the client. Thus if you are @@ -14595,8 +16562,8 @@ CLASS="SECT1" >


    19.2. Socket options20.2. Socket options

    There are a number of socket options that can greatly affect the @@ -14623,8 +16590,8 @@ CLASS="SECT1" >


    19.3. Read size20.3. Read size

    The option "read size" affects the overlap of disk reads/writes with @@ -14649,8 +16616,8 @@ CLASS="SECT1" >


    19.4. Max xmit20.4. Max xmit

    At startup the client and server negotiate a "maximum transmit" size, @@ -14672,8 +16639,8 @@ CLASS="SECT1" >


    19.5. Log level20.5. Log level

    If you set the log level (also known as "debug level") higher than 2 @@ -14686,8 +16653,8 @@ CLASS="SECT1" >


    19.6. Read raw20.6. Read raw

    The "read raw" operation is designed to be an optimised, low-latency @@ -14708,8 +16675,8 @@ CLASS="SECT1" >


    19.7. Write raw20.7. Write raw

    The "write raw" operation is designed to be an optimised, low-latency @@ -14725,8 +16692,8 @@ CLASS="SECT1" >


    19.8. Slow Clients20.8. Slow Clients

    One person has reported that setting the protocol to COREPLUS rather @@ -14742,8 +16709,8 @@ CLASS="SECT1" >


    19.9. Slow Logins20.9. Slow Logins

    Slow logins are almost always due to the password checking time. Using @@ -14755,8 +16722,8 @@ CLASS="SECT1" >


    19.10. Client tuning20.10. Client tuning

    Often a speed problem can be traced to the client. The client (for @@ -14863,14 +16830,14 @@ CLASS="CHAPTER" >Chapter 20. Creating Group Prolicy FilesChapter 21. Creating Group Prolicy Files

    20.1. Windows '9x21.1. Windows '9x

    You need the Win98 Group Policy Editor to @@ -14912,8 +16879,8 @@ CLASS="SECT1" >


    20.2. Windows NT 421.2. Windows NT 4

    Unfortunately, the Resource Kit info is Win NT4 or 200x specific.


    20.2.1. Side bar Notes21.2.1. Side bar Notes

    You should obtain the SID of your NT4 domain. You can use smbpasswd to do @@ -15009,8 +16976,8 @@ CLASS="SECT2" >


    20.2.2. Mandatory profiles21.2.2. Mandatory profiles

    The above method can be used to create mandatory profiles also. To convert @@ -15022,8 +16989,8 @@ CLASS="SECT2" >


    20.2.3. moveuser.exe21.2.3. moveuser.exe

    The W2K professional resource kit has moveuser.exe. moveuser.exe changes @@ -15035,8 +17002,8 @@ CLASS="SECT2" >


    20.2.4. Get SID21.2.4. Get SID

    You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 @@ -15058,8 +17025,8 @@ CLASS="SECT1" >


    20.3. Windows 2000/XP21.3. Windows 2000/XP

    You must first convert the profile from a local profile to a domain @@ -15296,14 +17263,14 @@ CLASS="CHAPTER" >Chapter 21. Securing SambaChapter 22. Securing Samba

    21.1. Introduction22.1. Introduction

    This note was attached to the Samba 2.2.8 release notes as it contained an @@ -15315,8 +17282,8 @@ CLASS="SECT1" >


    21.2. Using host based protection22.2. Using host based protection

    In many installations of Samba the greatest threat comes for outside @@ -15347,8 +17314,8 @@ CLASS="SECT1" >


    21.3. Using interface protection22.3. Using interface protection

    By default Samba will accept connections on any network interface that @@ -15383,8 +17350,8 @@ CLASS="SECT1" >


    21.4. Using a firewall22.4. Using a firewall

    Many people use a firewall to deny access to services that they don't @@ -15413,8 +17380,8 @@ CLASS="SECT1" >


    21.5. Using a IPC$ share deny22.5. Using a IPC$ share deny

    If the above methods are not suitable, then you could also place a @@ -15452,8 +17419,8 @@ CLASS="SECT1" >


    21.6. Upgrading Samba22.6. Upgrading Samba

    Please check regularly on http://www.samba.org/ for updates and @@ -15468,14 +17435,14 @@ CLASS="CHAPTER" >Chapter 22. Unicode/CharsetsChapter 23. Unicode/Charsets

    22.1. What are charsets and unicode?23.1. What are charsets and unicode?

    Computers communicate in numbers. In texts, each number will be @@ -15524,8 +17491,8 @@ CLASS="SECT1" >


    22.2. Samba and charsets23.2. Samba and charsets

    As of samba 3.0, samba can (and will) talk unicode over the wire. Internally, @@ -15600,42 +17567,42 @@ CLASS="TOC" >Table of Contents

    23. 24. Portability
    23.1. 24.1. HPUX
    23.2. 24.2. SCO Unix
    23.3. 24.3. DNIX
    23.4. 24.4. RedHat Linux Rembrandt-II
    23.5. 24.5. AIX
    23.5.1. 24.5.1. Sequential Read Ahead
    24. 25. Samba and other CIFS clients
    24.1. 25.1. Macintosh clients?
    24.2. 25.2. OS2 Client
    24.2.1. 25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
    24.2.2. 25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
    24.2.3. 25.2.3. Are there any other issues when OS/2 (any version) is used as a client?
    24.2.4. 25.2.4. How do I get printer driver download working for OS/2 clients?
    24.3. 25.3. Windows for Workgroups
    24.3.1. 25.3.1. Use latest TCP/IP stack from Microsoft
    24.3.2. 25.3.2. Delete .pwl files after password change
    24.3.3. 25.3.3. Configure WfW password handling
    24.3.4. 25.3.4. Case handling of passwords
    24.3.5. 25.3.5. Use TCP/IP as default protocol
    24.4. 25.4. Windows '95/'98
    24.5. 25.5. Windows 2000 Service Pack 2
    25. 26. How to compile SAMBA
    25.1. 26.1. Access Samba source code via CVS
    25.1.1. 26.1.1. Introduction
    25.1.2. 26.1.2. CVS Access to samba.org
    25.2. 26.2. Accessing the samba sources via rsync and ftp
    25.3. 26.3. Building the Binaries
    25.4. 26.4. Starting the smbd and nmbd
    25.4.1. 26.4.1. Starting from inetd.conf
    25.4.2. 26.4.2. Alternative: starting it as a daemon
    26. 27. Reporting Bugs
    26.1. 27.1. Introduction
    26.2. 27.2. General info
    26.3. 27.3. Debug levels
    26.4. 27.4. Internal errors
    26.5. 27.5. Attaching to a running process
    26.6. 27.6. Patches
    27. 28. The samba checklist
    27.1. 28.1. Introduction
    27.2. 28.2. Assumptions
    27.3. 28.3. Tests
    27.3.1. 28.3.1. Test 1
    27.3.2. 28.3.2. Test 2
    27.3.3. 28.3.3. Test 3
    27.3.4. 28.3.4. Test 4
    27.3.5. 28.3.5. Test 5
    27.3.6. 28.3.6. Test 6
    27.3.7. 28.3.7. Test 7
    27.3.8. 28.3.8. Test 8
    27.3.9. 28.3.9. Test 9
    27.3.10. 28.3.10. Test 10
    27.3.11. 28.3.11. Test 11
    27.4. 28.4. Still having troubles?
    Chapter 23. PortabilityChapter 24. Portability

    Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -15936,8 +17903,8 @@ CLASS="SECT1" >


    23.1. HPUX24.1. HPUX

    HP's implementation of supplementary groups is, er, non-standard (for @@ -15966,8 +17933,8 @@ CLASS="SECT1" >


    23.2. SCO Unix24.2. SCO Unix

    @@ -15983,8 +17950,8 @@ CLASS="SECT1" >


    23.3. DNIX24.3. DNIX

    DNIX has a problem with seteuid() and setegid(). These routines are @@ -16090,8 +18057,8 @@ CLASS="SECT1" >


    23.4. RedHat Linux Rembrandt-II24.4. RedHat Linux Rembrandt-II

    By default RedHat Rembrandt-II during installation adds an @@ -16114,16 +18081,16 @@ CLASS="SECT1" >


    23.5. AIX24.5. AIX

    23.5.1. Sequential Read Ahead24.5.1. Sequential Read Ahead

    Disabling Sequential Read Ahead using "vmtune -r 0" improves @@ -16137,7 +18104,7 @@ CLASS="CHAPTER" >Chapter 24. Samba and other CIFS clientsChapter 25. Samba and other CIFS clients

    This chapter contains client-specific information.


    24.1. Macintosh clients?25.1. Macintosh clients?

    Yes.


    24.2. OS2 Client25.2. OS2 Client

    24.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN3702" +>25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?


    24.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN3717" +>25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?


    24.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN3726" +>25.2.3. Are there any other issues when OS/2 (any version) is used as a client?


    24.2.4. How do I get printer driver download working +NAME="AEN3730" +>25.2.4. How do I get printer driver download working for OS/2 clients?


    24.3. Windows for Workgroups25.3. Windows for Workgroups

    24.3.1. Use latest TCP/IP stack from Microsoft25.3.1. Use latest TCP/IP stack from Microsoft

    Use the latest TCP/IP stack from microsoft if you use Windows @@ -16401,8 +18368,8 @@ CLASS="SECT2" >


    24.3.2. Delete .pwl files after password change25.3.2. Delete .pwl files after password change

    WfWg does a lousy job with passwords. I find that if I change my @@ -16421,8 +18388,8 @@ CLASS="SECT2" >


    24.3.3. Configure WfW password handling25.3.3. Configure WfW password handling

    There is a program call admincfg.exe @@ -16440,8 +18407,8 @@ CLASS="SECT2" >


    24.3.4. Case handling of passwords25.3.4. Case handling of passwords

    Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the


    24.3.5. Use TCP/IP as default protocol25.3.5. Use TCP/IP as default protocol

    To support print queue reporting you may find @@ -16474,8 +18441,8 @@ CLASS="SECT1" >


    24.4. Windows '95/'9825.4. Windows '95/'98

    When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -16522,8 +18489,8 @@ CLASS="SECT1" >


    24.5. Windows 2000 Service Pack 225.5. Windows 2000 Service Pack 2

    @@ -16606,7 +18573,7 @@ CLASS="CHAPTER" >Chapter 25. How to compile SAMBAChapter 26. How to compile SAMBA

    You can obtain the samba source from the


    25.1. Access Samba source code via CVS26.1. Access Samba source code via CVS

    25.1.1. Introduction26.1.1. Introduction

    Samba is developed in an open environment. Developers use CVS @@ -16649,8 +18616,8 @@ CLASS="SECT2" >


    25.1.2. CVS Access to samba.org26.1.2. CVS Access to samba.org

    The machine samba.org runs a publicly accessible CVS @@ -16662,8 +18629,8 @@ CLASS="SECT3" >


    25.1.2.1. Access via CVSweb26.1.2.1. Access via CVSweb

    You can access the source code via your @@ -16683,8 +18650,8 @@ CLASS="SECT3" >


    25.1.2.2. Access via cvs26.1.2.2. Access via cvs

    You can also access the source code via a @@ -16788,8 +18755,8 @@ CLASS="SECT1" >


    25.2. Accessing the samba sources via rsync and ftp26.2. Accessing the samba sources via rsync and ftp

    pserver.samba.org also exports unpacked copies of most parts of the CVS tree at


    25.3. Building the Binaries26.3. Building the Binaries

    To do this, first run the program


    25.4. Starting the smbd and nmbd26.4. Starting the smbd and nmbd

    You must choose to start smbd and nmbd either @@ -16943,8 +18910,8 @@ CLASS="SECT2" >


    25.4.1. Starting from inetd.conf26.4.1. Starting from inetd.conf

    NOTE; The following will be different if @@ -17043,8 +19010,8 @@ CLASS="SECT2" >


    25.4.2. Alternative: starting it as a daemon26.4.2. Alternative: starting it as a daemon

    To start the server as a daemon you should create @@ -17102,14 +19069,14 @@ CLASS="CHAPTER" >Chapter 26. Reporting BugsChapter 27. Reporting Bugs

    26.1. Introduction27.1. Introduction

    The email address for bug reports for stable releases is


    26.2. General info27.2. General info

    Before submitting a bug report check your config for silly @@ -17178,8 +19145,8 @@ CLASS="SECT1" >


    26.3. Debug levels27.3. Debug levels

    If the bug has anything to do with Samba behaving incorrectly as a @@ -17248,8 +19215,8 @@ CLASS="SECT1" >


    26.4. Internal errors27.4. Internal errors

    If you get a "INTERNAL ERROR" message in your log files it means that @@ -17292,8 +19259,8 @@ CLASS="SECT1" >


    26.5. Attaching to a running process27.5. Attaching to a running process

    Unfortunately some unixes (in particular some recent linux kernels) @@ -17309,8 +19276,8 @@ CLASS="SECT1" >


    26.6. Patches27.6. Patches

    The best sort of bug report is one that includes a fix! If you send us @@ -17332,14 +19299,14 @@ CLASS="CHAPTER" >Chapter 27. The samba checklistChapter 28. The samba checklist

    27.1. Introduction28.1. Introduction

    This file contains a list of tests you can perform to validate your @@ -17360,8 +19327,8 @@ CLASS="SECT1" >


    27.2. Assumptions28.2. Assumptions

    In all of the tests it is assumed you have a Samba server called @@ -17398,16 +19365,16 @@ CLASS="SECT1" >


    27.3. Tests28.3. Tests

    27.3.1. Test 128.3.1. Test 1

    In the directory in which you store your smb.conf file, run the command @@ -17428,8 +19395,8 @@ CLASS="SECT2" >


    27.3.2. Test 228.3.2. Test 2

    Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from @@ -17454,8 +19421,8 @@ CLASS="SECT2" >


    27.3.3. Test 328.3.3. Test 3

    Run the command "smbclient -L BIGSERVER" on the unix box. You @@ -17525,8 +19492,8 @@ CLASS="SECT2" >


    27.3.4. Test 428.3.4. Test 4

    Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the @@ -17546,8 +19513,8 @@ CLASS="SECT2" >


    27.3.5. Test 528.3.5. Test 5

    run the command


    27.3.6. Test 628.3.6. Test 6

    Run the command


    27.3.7. Test 728.3.7. Test 7

    Run the command


    27.3.8. Test 828.3.8. Test 8

    On the PC type the command


    27.3.9. Test 928.3.9. Test 9

    Run the command


    27.3.10. Test 1028.3.10. Test 10

    Run the command


    27.3.11. Test 1128.3.11. Test 11

    From file manager try to browse the server. Your samba server should @@ -17838,8 +19805,8 @@ CLASS="SECT1" >


    27.4. Still having troubles?28.4. Still having troubles?

    Try the mailing list or newsgroup, or use the ethereal utility to diff --git a/docs/htmldocs/ads.html b/docs/htmldocs/ads.html index 6fc44d9170..ef019915d8 100644 --- a/docs/htmldocs/ads.html +++ b/docs/htmldocs/ads.html @@ -74,7 +74,7 @@ CLASS="CHAPTER" >Chapter 7. Samba as a ADS domain memberChapter 8. Samba as a ADS domain member

    This is a rough guide to setting up Samba 3.0 with kerberos authentication against a Windows2000 KDC.

    7.1. Installing the required packages for Debian8.1. Installing the required packages for Debian

    On Debian you need to install the following packages:

    7.2. Installing the required packages for RedHat8.2. Installing the required packages for RedHat

    On RedHat this means you should have at least:

    7.3. Compile Samba8.3. Compile Samba

    If your kerberos libraries are in a non-standard location then @@ -237,8 +237,8 @@ CLASS="SECT1" >

    7.4. Setup your /etc/krb5.conf8.4. Setup your /etc/krb5.conf

    The minimal configuration for krb5.conf is:

    7.5. Create the computer account8.5. Create the computer account

    As a user that has write permission on the Samba private directory @@ -291,8 +291,8 @@ CLASS="SECT2" >

    7.5.1. Possible errors8.5.1. Possible errors

    7.6. Test your server setup8.6. Test your server setup

    On a Windows 2000 client try

    7.7. Testing with smbclient8.7. Testing with smbclient

    On your Samba server try to login to a Win2000 server or your Samba @@ -349,8 +349,8 @@ CLASS="SECT1" >

    7.8. Notes8.8. Notes

    You must change administrator password at least once after DC install, diff --git a/docs/htmldocs/appendixes.html b/docs/htmldocs/appendixes.html index 21071bceaa..8ae86c9c79 100644 --- a/docs/htmldocs/appendixes.html +++ b/docs/htmldocs/appendixes.html @@ -10,8 +10,8 @@ REL="HOME" TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html">PrevTable of Contents

    21. 24. Portability
    21.1. 24.1. HPUX
    21.2. 24.2. SCO Unix
    21.3. 24.3. DNIX
    21.4. 24.4. RedHat Linux Rembrandt-II
    21.5. 24.5. AIX
    21.5.1. 24.5.1. Sequential Read Ahead
    22. 25. Samba and other CIFS clients
    22.1. 25.1. Macintosh clients?
    22.2. 25.2. OS2 Client
    22.2.1. 25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
    22.2.2. 25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
    22.2.3. 25.2.3. Are there any other issues when OS/2 (any version) is used as a client?
    22.2.4. 25.2.4. How do I get printer driver download working for OS/2 clients?
    22.3. 25.3. Windows for Workgroups
    22.3.1. 25.3.1. Use latest TCP/IP stack from Microsoft
    22.3.2. 25.3.2. Delete .pwl files after password change
    22.3.3. 25.3.3. Configure WfW password handling
    22.3.4. 25.3.4. Case handling of passwords
    22.3.5. 25.3.5. Use TCP/IP as default protocol
    22.4. 25.4. Windows '95/'98
    22.5. 25.5. Windows 2000 Service Pack 2
    23. 26. How to compile SAMBA
    23.1. 26.1. Access Samba source code via CVS
    23.1.1. 26.1.1. Introduction
    23.1.2. 26.1.2. CVS Access to samba.org
    23.2. 26.2. Accessing the samba sources via rsync and ftp
    23.3. 26.3. Building the Binaries
    23.4. 26.4. Starting the smbd and nmbd
    23.4.1. 26.4.1. Starting from inetd.conf
    23.4.2. 26.4.2. Alternative: starting it as a daemon
    24. 27. Reporting Bugs
    24.1. 27.1. Introduction
    24.2. 27.2. General info
    24.3. 27.3. Debug levels
    24.4. 27.4. Internal errors
    24.5. 27.5. Attaching to a running process
    24.6. 27.6. Patches
    25. 28. The samba checklist
    25.1. 28.1. Introduction
    25.2. 28.2. Assumptions
    25.3. 28.3. Tests
    25.3.1. 28.3.1. Test 1
    25.3.2. 28.3.2. Test 2
    25.3.3. 28.3.3. Test 3
    25.3.4. 28.3.4. Test 4
    25.3.5. 28.3.5. Test 5
    25.3.6. 28.3.6. Test 6
    25.3.7. 28.3.7. Test 7
    25.3.8. 28.3.8. Test 8
    25.3.9. 28.3.9. Test 9
    25.3.10. 28.3.10. Test 10
    25.3.11. 28.3.11. Test 11
    25.4. 28.4. Still having troubles?
    PrevSecuring SambaUnicode/CharsetsChapter 24. Reporting BugsChapter 27. Reporting Bugs

    24.1. Introduction27.1. Introduction

    The email address for bug reports for stable releases is

    24.2. General info27.2. General info

    Before submitting a bug report check your config for silly @@ -150,8 +150,8 @@ CLASS="SECT1" >

    24.3. Debug levels27.3. Debug levels

    If the bug has anything to do with Samba behaving incorrectly as a @@ -220,8 +220,8 @@ CLASS="SECT1" >

    24.4. Internal errors27.4. Internal errors

    If you get a "INTERNAL ERROR" message in your log files it means that @@ -264,8 +264,8 @@ CLASS="SECT1" >

    24.5. Attaching to a running process27.5. Attaching to a running process

    Unfortunately some unixes (in particular some recent linux kernels) @@ -281,8 +281,8 @@ CLASS="SECT1" >

    24.6. Patches27.6. Patches

    The best sort of bug report is one that includes a fix! If you send us diff --git a/docs/htmldocs/compiling.html b/docs/htmldocs/compiling.html index 95c29b5193..b40b17b22a 100644 --- a/docs/htmldocs/compiling.html +++ b/docs/htmldocs/compiling.html @@ -74,7 +74,7 @@ CLASS="CHAPTER" >Chapter 23. How to compile SAMBAChapter 26. How to compile SAMBA

    You can obtain the samba source from the

    23.1. Access Samba source code via CVS26.1. Access Samba source code via CVS

    23.1.1. Introduction26.1.1. Introduction

    Samba is developed in an open environment. Developers use CVS @@ -117,8 +117,8 @@ CLASS="SECT2" >

    23.1.2. CVS Access to samba.org26.1.2. CVS Access to samba.org

    The machine samba.org runs a publicly accessible CVS @@ -130,8 +130,8 @@ CLASS="SECT3" >

    23.1.2.1. Access via CVSweb26.1.2.1. Access via CVSweb

    You can access the source code via your @@ -151,8 +151,8 @@ CLASS="SECT3" >

    23.1.2.2. Access via cvs26.1.2.2. Access via cvs

    You can also access the source code via a @@ -256,8 +256,8 @@ CLASS="SECT1" >

    23.2. Accessing the samba sources via rsync and ftp26.2. Accessing the samba sources via rsync and ftp

    pserver.samba.org also exports unpacked copies of most parts of the CVS tree at

    23.3. Building the Binaries26.3. Building the Binaries

    To do this, first run the program

    23.4. Starting the smbd and nmbd26.4. Starting the smbd and nmbd

    You must choose to start smbd and nmbd either @@ -411,8 +411,8 @@ CLASS="SECT2" >

    23.4.1. Starting from inetd.conf26.4.1. Starting from inetd.conf

    NOTE; The following will be different if @@ -511,8 +511,8 @@ CLASS="SECT2" >

    23.4.2. Alternative: starting it as a daemon26.4.2. Alternative: starting it as a daemon

    To start the server as a daemon you should create diff --git a/docs/htmldocs/diagnosis.html b/docs/htmldocs/diagnosis.html index e91ac21f03..7d64e083ea 100644 --- a/docs/htmldocs/diagnosis.html +++ b/docs/htmldocs/diagnosis.html @@ -67,14 +67,14 @@ CLASS="CHAPTER" >Chapter 25. The samba checklistChapter 28. The samba checklist

    25.1. Introduction28.1. Introduction

    This file contains a list of tests you can perform to validate your @@ -95,8 +95,8 @@ CLASS="SECT1" >

    25.2. Assumptions28.2. Assumptions

    In all of the tests it is assumed you have a Samba server called @@ -133,16 +133,16 @@ CLASS="SECT1" >

    25.3. Tests28.3. Tests

    25.3.1. Test 128.3.1. Test 1

    In the directory in which you store your smb.conf file, run the command @@ -163,8 +163,8 @@ CLASS="SECT2" >

    25.3.2. Test 228.3.2. Test 2

    Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from @@ -189,8 +189,8 @@ CLASS="SECT2" >

    25.3.3. Test 328.3.3. Test 3

    Run the command "smbclient -L BIGSERVER" on the unix box. You @@ -260,8 +260,8 @@ CLASS="SECT2" >

    25.3.4. Test 428.3.4. Test 4

    Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the @@ -281,8 +281,8 @@ CLASS="SECT2" >

    25.3.5. Test 528.3.5. Test 5

    run the command

    25.3.6. Test 628.3.6. Test 6

    Run the command

    25.3.7. Test 728.3.7. Test 7

    Run the command

    25.3.8. Test 828.3.8. Test 8

    On the PC type the command

    25.3.9. Test 928.3.9. Test 9

    Run the command

    25.3.10. Test 1028.3.10. Test 10

    Run the command

    25.3.11. Test 1128.3.11. Test 11

    From file manager try to browse the server. Your samba server should @@ -573,8 +573,8 @@ CLASS="SECT1" >

    25.4. Still having troubles?28.4. Still having troubles?

    Try the mailing list or newsgroup, or use the ethereal utility to diff --git a/docs/htmldocs/domain-security.html b/docs/htmldocs/domain-security.html index d47138d791..8267dda020 100644 --- a/docs/htmldocs/domain-security.html +++ b/docs/htmldocs/domain-security.html @@ -74,14 +74,14 @@ CLASS="CHAPTER" >Chapter 8. Samba as a NT4 or Win2k domain memberChapter 9. Samba as a NT4 or Win2k domain member

    8.1. Joining an NT Domain with Samba 3.09.1. Joining an NT Domain with Samba 3.0

    Assume you have a Samba 3.0 server with a NetBIOS name of @@ -268,8 +268,8 @@ CLASS="SECT1" >

    8.2. Samba and Windows 2000 Domains9.2. Samba and Windows 2000 Domains

    Many people have asked regarding the state of Samba's ability to participate in @@ -282,8 +282,8 @@ CLASS="SECT1" >

    8.3. Why is this better than security = server?9.3. Why is this better than security = server?

    Currently, domain security in Samba doesn't free you from diff --git a/docs/htmldocs/groupmapping.html b/docs/htmldocs/groupmapping.html index 54921b3798..26dc50f4f0 100644 --- a/docs/htmldocs/groupmapping.html +++ b/docs/htmldocs/groupmapping.html @@ -74,7 +74,7 @@ CLASS="CHAPTER" >Chapter 17. Group mapping HOWTOChapter 19. Group mapping HOWTO

    Starting with Samba 3.0 alpha 2, a new group mapping function is available. The diff --git a/docs/htmldocs/groupprofiles.html b/docs/htmldocs/groupprofiles.html index 6741aa3599..9c25717238 100644 --- a/docs/htmldocs/groupprofiles.html +++ b/docs/htmldocs/groupprofiles.html @@ -74,14 +74,14 @@ CLASS="CHAPTER" >Chapter 19. Creating Group Prolicy FilesChapter 21. Creating Group Prolicy Files

    19.1. Windows '9x21.1. Windows '9x

    You need the Win98 Group Policy Editor to @@ -123,8 +123,8 @@ CLASS="SECT1" >

    19.2. Windows NT 421.2. Windows NT 4

    Unfortunately, the Resource Kit info is Win NT4 or 200x specific.

    19.2.1. Side bar Notes21.2.1. Side bar Notes

    You should obtain the SID of your NT4 domain. You can use smbpasswd to do @@ -220,8 +220,8 @@ CLASS="SECT2" >

    19.2.2. Mandatory profiles21.2.2. Mandatory profiles

    The above method can be used to create mandatory profiles also. To convert @@ -233,8 +233,8 @@ CLASS="SECT2" >

    19.2.3. moveuser.exe21.2.3. moveuser.exe

    The W2K professional resource kit has moveuser.exe. moveuser.exe changes @@ -246,8 +246,8 @@ CLASS="SECT2" >

    19.2.4. Get SID21.2.4. Get SID

    You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 @@ -269,8 +269,8 @@ CLASS="SECT1" >

    19.3. Windows 2000/XP21.3. Windows 2000/XP

    You must first convert the profile from a local profile to a domain diff --git a/docs/htmldocs/improved-browsing.html b/docs/htmldocs/improved-browsing.html index b58945a0b5..f7a98153aa 100644 --- a/docs/htmldocs/improved-browsing.html +++ b/docs/htmldocs/improved-browsing.html @@ -74,14 +74,14 @@ CLASS="CHAPTER" >Chapter 15. Improved browsing in sambaChapter 17. Improved browsing in samba

    15.1. Overview of browsing17.1. Overview of browsing

    SMB networking provides a mechanism by which clients can access a list @@ -109,8 +109,8 @@ CLASS="SECT1" >

    15.2. Browsing support in samba17.2. Browsing support in samba

    Samba facilitates browsing. The browsing is supported by nmbd @@ -152,8 +152,8 @@ CLASS="SECT1" >

    15.3. Problem resolution17.3. Problem resolution

    If something doesn't work then hopefully the log.nmb file will help @@ -199,8 +199,8 @@ CLASS="SECT1" >

    15.4. Browsing across subnets17.4. Browsing across subnets

    Since the release of Samba 1.9.17(alpha1) Samba has been @@ -230,8 +230,8 @@ CLASS="SECT2" >

    15.4.1. How does cross subnet browsing work ?17.4.1. How does cross subnet browsing work ?

    Cross subnet browsing is a complicated dance, containing multiple @@ -441,8 +441,8 @@ CLASS="SECT1" >

    15.5. Setting up a WINS server17.5. Setting up a WINS server

    Either a Samba machine or a Windows NT Server machine may be set up @@ -524,8 +524,8 @@ CLASS="SECT1" >

    15.6. Setting up Browsing in a WORKGROUP17.6. Setting up Browsing in a WORKGROUP

    To set up cross subnet browsing on a network containing machines @@ -609,8 +609,8 @@ CLASS="SECT1" >

    15.7. Setting up Browsing in a DOMAIN17.7. Setting up Browsing in a DOMAIN

    If you are adding Samba servers to a Windows NT Domain then @@ -660,8 +660,8 @@ CLASS="SECT1" >

    15.8. Forcing samba to be the master17.8. Forcing samba to be the master

    Who becomes the "master browser" is determined by an election process @@ -708,8 +708,8 @@ CLASS="SECT1" >

    15.9. Making samba the domain master17.9. Making samba the domain master

    The domain master is responsible for collating the browse lists of @@ -781,8 +781,8 @@ CLASS="SECT1" >

    15.10. Note about broadcast addresses17.10. Note about broadcast addresses

    If your network uses a "0" based broadcast address (for example if it @@ -795,8 +795,8 @@ CLASS="SECT1" >

    15.11. Multiple interfaces17.11. Multiple interfaces

    Samba now supports machines with multiple network interfaces. If you diff --git a/docs/htmldocs/integrate-ms-networks.html b/docs/htmldocs/integrate-ms-networks.html index 99614cfb3f..984f849f71 100644 --- a/docs/htmldocs/integrate-ms-networks.html +++ b/docs/htmldocs/integrate-ms-networks.html @@ -74,14 +74,14 @@ CLASS="CHAPTER" >Chapter 9. Integrating MS Windows networks with SambaChapter 10. Integrating MS Windows networks with Samba

    9.1. Agenda10.1. Agenda

    To identify the key functional mechanisms of MS Windows networking @@ -147,8 +147,8 @@ CLASS="SECT1" >

    9.2. Name Resolution in a pure Unix/Linux world10.2. Name Resolution in a pure Unix/Linux world

    The key configuration files covered in this section are:

    9.2.1. 10.2.1. /etc/hosts

    9.2.2. 10.2.2. /etc/resolv.conf

    9.2.3. 10.2.3. /etc/host.conf

    9.2.4. 10.2.4. /etc/nsswitch.conf

    9.3. Name resolution as used within MS Windows networking10.3. Name resolution as used within MS Windows networking

    MS Windows networking is predicated about the name each machine @@ -491,8 +491,8 @@ CLASS="SECT2" >

    9.3.1. The NetBIOS Name Cache10.3.1. The NetBIOS Name Cache

    All MS Windows machines employ an in memory buffer in which is @@ -518,8 +518,8 @@ CLASS="SECT2" >

    9.3.2. The LMHOSTS file10.3.2. The LMHOSTS file

    This file is usually located in MS Windows NT 4.0 or @@ -621,8 +621,8 @@ CLASS="SECT2" >

    9.3.3. HOSTS file10.3.3. HOSTS file

    This file is usually located in MS Windows NT 4.0 or 2000 in @@ -643,8 +643,8 @@ CLASS="SECT2" >

    9.3.4. DNS Lookup10.3.4. DNS Lookup

    This capability is configured in the TCP/IP setup area in the network @@ -663,8 +663,8 @@ CLASS="SECT2" >

    9.3.5. WINS Lookup10.3.5. WINS Lookup

    A WINS (Windows Internet Name Server) service is the equivaent of the @@ -704,8 +704,8 @@ CLASS="SECT1" >

    9.4. How browsing functions and how to deploy stable and +NAME="AEN1647" +>10.4. How browsing functions and how to deploy stable and dependable browsing using Samba

    9.5. MS Windows security options and how to configure +NAME="AEN1657" +>10.5. MS Windows security options and how to configure Samba for seemless integration

    9.5.1. Use MS Windows NT as an authentication server10.5.1. Use MS Windows NT as an authentication server

    This method involves the additions of the following parameters @@ -934,8 +934,8 @@ CLASS="SECT2" >

    9.5.2. Make Samba a member of an MS Windows NT security domain10.5.2. Make Samba a member of an MS Windows NT security domain

    This method involves additon of the following paramters in the smb.conf file:

    9.5.3. Configure Samba as an authentication server10.5.3. Configure Samba as an authentication server

    This mode of authentication demands that there be on the @@ -1034,8 +1034,8 @@ CLASS="SECT3" >

    9.5.3.1. Users10.5.3.1. Users

    A user account that may provide a home directory should be @@ -1057,8 +1057,8 @@ CLASS="SECT3" >

    9.5.3.2. MS Windows NT Machine Accounts10.5.3.2. MS Windows NT Machine Accounts

    These are required only when Samba is used as a domain @@ -1078,8 +1078,8 @@ CLASS="SECT1" >

    9.6. Conclusions10.6. Conclusions

    Samba provides a flexible means to operate as...

    3.1. Introduction
    3.2. Important Notes About Security
    3.2.1. Advantages of SMB Encryption
    3.2.2. Advantages of non-encrypted passwords
    3.3. The smbpasswd Command
    3.4. Plain text
    3.5. TDB
    3.6. LDAP
    3.6.1. Introduction
    3.6.2. Introduction
    3.6.3. Supported LDAP Servers
    3.6.4. Schema and Relationship to the RFC 2307 posixAccount
    3.6.5. Configuring Samba with LDAP
    3.6.6. Accounts and Groups management
    3.6.7. Security and sambaAccount
    3.6.8. LDAP specials attributes for sambaAccounts
    3.6.9. Example LDIF Entries for a sambaAccount
    3.7. MySQL
    3.7.1. Building
    3.7.2. Creating the database
    3.7.3. Configuring
    3.7.4. Using plaintext passwords or encrypted password
    3.7.5. Getting non-column data from the table
    3.8. Passdb XML plugin
    3.8.1. Building
    3.8.2. Usage
    Chapter 12. Hosting a Microsoft Distributed File System tree on Samba

    Chapter 13. Hosting a Microsoft Distributed File System tree on Samba

    12.1. Instructions13.1. Instructions

    The Distributed File System (or Dfs) provides a means of @@ -213,8 +213,8 @@ CLASS="SECT2" >

    12.1.1. Notes13.1.1. Notes

    Introduction

    Table of Contents
    9. 10. Integrating MS Windows networks with Samba
    9.1. 10.1. Agenda
    9.2. 10.2. Name Resolution in a pure Unix/Linux world
    9.2.1. 10.2.1. /etc/hosts
    9.2.2. 10.2.2. /etc/resolv.conf
    9.2.3. 10.2.3. /etc/host.conf
    9.2.4. 10.2.4. /etc/nsswitch.conf
    9.3. 10.3. Name resolution as used within MS Windows networking
    9.3.1. 10.3.1. The NetBIOS Name Cache
    9.3.2. 10.3.2. The LMHOSTS file
    9.3.3. 10.3.3. HOSTS file
    9.3.4. 10.3.4. DNS Lookup
    9.3.5. 10.3.5. WINS Lookup
    9.4. 10.4. How browsing functions and how to deploy stable and dependable browsing using Samba
    9.5. 10.5. MS Windows security options and how to configure Samba for seemless integration
    9.5.1. 10.5.1. Use MS Windows NT as an authentication server
    9.5.2. 10.5.2. Make Samba a member of an MS Windows NT security domain
    9.5.3. 10.5.3. Configure Samba as an authentication server
    9.6. 10.6. Conclusions
    10. 11. UNIX Permission Bits and Windows NT Access Control Lists
    10.1. 11.1. Viewing and changing UNIX permissions using the NT security dialogs
    10.2. 11.2. How to view file security on a Samba share
    10.3. 11.3. Viewing file ownership
    10.4. 11.4. Viewing file or directory permissions
    10.4.1. 11.4.1. File Permissions
    10.4.2. 11.4.2. Directory Permissions
    10.5. 11.5. Modifying file or directory permissions
    10.6. 11.6. Interaction with the standard Samba create mask parameters
    10.7. 11.7. Interaction with the standard Samba file attribute mapping
    11. 12. Configuring PAM for distributed but centrally managed authentication
    11.1. 12.1. Samba and PAM
    11.2. 12.2. Distributed Authentication
    11.3. 12.3. PAM Configuration in smb.conf
    12. 13. Hosting a Microsoft Distributed File System tree on Samba
    12.1. 13.1. Instructions
    12.1.1. 13.1.1. Notes
    13. 14. Printing Support
    13.1. 14.1. Introduction
    13.2. 14.2. Configuration
    13.2.1. 14.2.1. Creating [print$]
    13.2.2. 14.2.2. Setting Drivers for Existing Printers
    13.2.3. 14.2.3. Support a large number of printers
    13.2.4. 14.2.4. Adding New Printers via the Windows NT APW
    13.2.5. 14.2.5. Samba and Printer Ports
    13.3. 14.3. The Imprints Toolset
    13.3.1. 14.3.1. What is Imprints?
    13.3.2. 14.3.2. Creating Printer Driver Packages
    13.3.3. 14.3.3. The Imprints server
    13.3.4. 14.3.4. The Installation Client
    13.4. 14.4. Diagnosis
    13.4.1. 14.4.1. Introduction
    13.4.2. 14.4.2. Debugging printer problems
    13.4.3. 14.4.3. What printers do I have?
    13.4.4. 14.4.4. Setting up printcap and print servers
    13.4.5. 14.4.5. Job sent, no output
    13.4.6. 14.4.6. Job sent, strange output
    13.4.7. 14.4.7. Raw PostScript printed
    13.4.8. 14.4.8. Advanced Printing
    13.4.9. 14.4.9. Real debugging
    14. 15. CUPS Printing Support
    15.1. Introduction
    15.2. CUPS - RAW Print Through Mode
    15.3. The CUPS Filter Chains
    15.4. CUPS Print Drivers and Devices
    15.4.1. Further printing steps
    15.5. Limiting the number of pages users can print
    15.6. Advanced Postscript Printing from MS Windows
    15.7. Auto-Deletion of CUPS spool files
    16. Unified Logons between Windows NT and UNIX using Winbind
    14.1. 16.1. Abstract
    14.2. 16.2. Introduction
    14.3. 16.3. What Winbind Provides
    14.3.1. 16.3.1. Target Uses
    14.4. 16.4. How Winbind Works
    14.4.1. 16.4.1. Microsoft Remote Procedure Calls
    14.4.2. 16.4.2. Microsoft Active Directory Services
    14.4.3. 16.4.3. Name Service Switch
    14.4.4. 16.4.4. Pluggable Authentication Modules
    14.4.5. 16.4.5. User and Group ID Allocation
    14.4.6. 16.4.6. Result Caching
    14.5. 16.5. Installation and Configuration
    14.5.1. 16.5.1. Introduction
    14.5.2. 16.5.2. Requirements
    14.5.3. 16.5.3. Testing Things Out
    14.6. 16.6. Limitations
    14.7. 16.7. Conclusion
    15. 17. Improved browsing in samba
    15.1. 17.1. Overview of browsing
    15.2. 17.2. Browsing support in samba
    15.3. 17.3. Problem resolution
    15.4. 17.4. Browsing across subnets
    15.4.1. 17.4.1. How does cross subnet browsing work ?
    15.5. 17.5. Setting up a WINS server
    15.6. 17.6. Setting up Browsing in a WORKGROUP
    15.7. 17.7. Setting up Browsing in a DOMAIN
    15.8. 17.8. Forcing samba to be the master
    15.9. 17.9. Making samba the domain master
    15.10. 17.10. Note about broadcast addresses
    15.11. 17.11. Multiple interfaces
    16. 18. Stackable VFS modules
    16.1. 18.1. Introduction and configuration
    16.2. 18.2. Included modules
    16.2.1. 18.2.1. audit
    16.2.2. 18.2.2. recycle
    16.2.3. 18.2.3. netatalk
    16.3. 18.3. VFS modules available elsewhere
    16.3.1. 18.3.1. DatabaseFS
    16.3.2. 18.3.2. vscan
    17. 19. Group mapping HOWTO
    18. 20. Samba performance issues
    18.1. 20.1. Comparisons
    18.2. 20.2. Socket options
    18.3. 20.3. Read size
    18.4. 20.4. Max xmit
    18.5. 20.5. Log level
    18.6. 20.6. Read raw
    18.7. 20.7. Write raw
    18.8. 20.8. Slow Clients
    18.9. 20.9. Slow Logins
    18.10. 20.10. Client tuning
    19. 21. Creating Group Prolicy Files
    19.1. 21.1. Windows '9x
    19.2. 21.2. Windows NT 4
    19.2.1. 21.2.1. Side bar Notes
    19.2.2. 21.2.2. Mandatory profiles
    19.2.3. 21.2.3. moveuser.exe
    19.2.4. 21.2.4. Get SID
    19.3. 21.3. Windows 2000/XP
    20. 22. Securing Samba
    20.1. 22.1. Introduction
    20.2. 22.2. Using host based protection
    20.3. 22.3. Using interface protection
    20.4. 22.4. Using a firewall
    20.5. 22.5. Using a IPC$ share deny
    20.6. 22.6. Upgrading Samba
    23. Unicode/Charsets
    23.1. What are charsets and unicode?
    23.2. Samba and charsets
    Chapter 22. Samba and other CIFS clients

    Chapter 25. Samba and other CIFS clients

    This chapter contains client-specific information.

    22.1. Macintosh clients?25.1. Macintosh clients?

    Yes.

    22.2. OS2 Client25.2. OS2 Client

    22.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN3702" +>25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?

    22.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN3717" +>25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?

    22.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN3726" +>25.2.3. Are there any other issues when OS/2 (any version) is used as a client?

    22.2.4. How do I get printer driver download working +NAME="AEN3730" +>25.2.4. How do I get printer driver download working for OS/2 clients?

    22.3. Windows for Workgroups25.3. Windows for Workgroups

    22.3.1. Use latest TCP/IP stack from Microsoft25.3.1. Use latest TCP/IP stack from Microsoft

    Use the latest TCP/IP stack from microsoft if you use Windows @@ -338,8 +338,8 @@ CLASS="SECT2" >

    22.3.2. Delete .pwl files after password change25.3.2. Delete .pwl files after password change

    WfWg does a lousy job with passwords. I find that if I change my @@ -358,8 +358,8 @@ CLASS="SECT2" >

    22.3.3. Configure WfW password handling25.3.3. Configure WfW password handling

    There is a program call admincfg.exe @@ -377,8 +377,8 @@ CLASS="SECT2" >

    22.3.4. Case handling of passwords25.3.4. Case handling of passwords

    Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the

    22.3.5. Use TCP/IP as default protocol25.3.5. Use TCP/IP as default protocol

    To support print queue reporting you may find @@ -411,8 +411,8 @@ CLASS="SECT1" >

    22.4. Windows '95/'9825.4. Windows '95/'98

    When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -459,8 +459,8 @@ CLASS="SECT1" >

    22.5. Windows 2000 Service Pack 225.5. Windows 2000 Service Pack 2

    diff --git a/docs/htmldocs/pam.html b/docs/htmldocs/pam.html index d110c385f1..3b257d50ca 100644 --- a/docs/htmldocs/pam.html +++ b/docs/htmldocs/pam.html @@ -75,15 +75,15 @@ CLASS="CHAPTER" >Chapter 11. Configuring PAM for distributed but centrally +>Chapter 12. Configuring PAM for distributed but centrally managed authentication

    11.1. Samba and PAM12.1. Samba and PAM

    A number of Unix systems (eg: Sun Solaris), as well as the @@ -296,8 +296,8 @@ CLASS="SECT1" >

    11.2. Distributed Authentication12.2. Distributed Authentication

    The astute administrator will realize from this that the @@ -329,8 +329,8 @@ CLASS="SECT1" >

    11.3. PAM Configuration in smb.conf12.3. PAM Configuration in smb.conf

    There is an option in smb.conf called

    3.1. Introduction

    3.2. Important Notes About Security

    Other Microsoft operating systems which also exhibit this behavior includes

    These versions of MS Windows do not support full domain + security protocols, although they may log onto a domain environment. + Of these Only MS Windows XP Home does NOT support domain logons.

    Windows Me
    Windows 2000
    Windows XP Home

    The following versions of MS Windows fully support domain + security protocols.

    Windows NT 3.5x
    Windows NT 4.0
    Windows 2000 Professional
    Windows 200x Server/Advanced Server
    Windows XP Professional

    MS Windows clients will cache the encrypted password alone. + Even when plain text passwords are re-enabled, through the appropriate + registry change, the plain text password is NEVER cached. This means that + in the event that a network connections should become disconnected (broken) + only the cached (encrypted) password will be sent to the resource server + to affect a auto-reconnect. If the resource server does not support encrypted + passwords the auto-reconnect will fail. USE OF ENCRYPTED PASSWORDS + IS STRONGLY ADVISED.

    3.2.1. Advantages of SMB Encryption

    plain text passwords are not passed across +>Plain text passwords are not passed across the network. Someone using a network sniffer cannot just record passwords going to the SMB server.WinNT doesn't like talking to a server - that isn't using SMB encrypted passwords. It will refuse + that SM not support encrypted passwords. It will refuse to browse the server if the server is also in user level security mode. It will insist on prompting the user for the password on each connection, which is very annoying. The only things you can do to stop this is to use SMB encryption. Encrypted password support allows auto-matic share + (resource) reconnects.

    3.2.2. Advantages of non-encrypted passwords

    plain text passwords are not kept - on disk. Plain text passwords are not kept + on disk, and are NOT cached in memory. uses same password file as other unix +>Uses same password file as other unix services such as login and ftpyou are probably already using other - services (such as telnet and ftp) which send plain text - passwords over the net, so sending them for SMB isn't - such a big deal.Use of other services (such as telnet and ftp) which + send plain text passwords over the net, so sending them for SMB + isn't such a big deal.

    3.3. The smbpasswd Command

    yppasswd programs. - It maintains the two 32 byte password fields - in the passdb backend.

    3.4. Plain text

    3.5. TDB

    3.6. LDAP

    3.6.1. Introduction

    3.6.2. Introduction

    3.6.3. Supported LDAP Servers

    The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP -2.0 server and client libraries. The same code should be able to work with -Netscape's Directory Server and client SDK. However, due to lack of testing -so far, there are bound to be compile errors and bugs. These should not be -hard to fix. If you are so inclined, please be sure to forward all patches to +>The LDAP samdb code in 2.2.3 (and later) has been developed and tested +using the OpenLDAP 2.0 server and client libraries. +The same code should be able to work with Netscape's Directory Server +and client SDK. However, due to lack of testing so far, there are bound +to be compile errors and bugs. These should not be hard to fix. +If you are so inclined, please be sure to forward all patches to

    3.6.4. Schema and Relationship to the RFC 2307 posixAccount

    3.6.5. Configuring Samba with LDAP

    3.6.5.1. OpenLDAP configuration

    3.6.5.2. Configuring Samba

    3.6.6. Accounts and Groups management

    3.6.7. Security and sambaAccount

    3.6.8. LDAP specials attributes for sambaAccounts

    3.6.9. Example LDIF Entries for a sambaAccount

    3.7. MySQL

    3.7.1. Building

    3.7.2. Creating the database

    3.7.3. Configuring

    3.7.4. Using plaintext passwords or encrypted password

    3.7.5. Getting non-column data from the table

    3.8. Passdb XML plugin

    3.8.1. Building

    3.8.2. Usage

    Chapter 21. PortabilityChapter 24. Portability

    Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -84,8 +84,8 @@ CLASS="SECT1" >

    21.1. HPUX24.1. HPUX

    HP's implementation of supplementary groups is, er, non-standard (for @@ -114,8 +114,8 @@ CLASS="SECT1" >

    21.2. SCO Unix24.2. SCO Unix

    @@ -131,8 +131,8 @@ CLASS="SECT1" >

    21.3. DNIX24.3. DNIX

    DNIX has a problem with seteuid() and setegid(). These routines are @@ -238,8 +238,8 @@ CLASS="SECT1" >

    21.4. RedHat Linux Rembrandt-II24.4. RedHat Linux Rembrandt-II

    By default RedHat Rembrandt-II during installation adds an @@ -262,16 +262,16 @@ CLASS="SECT1" >

    21.5. AIX24.5. AIX

    21.5.1. Sequential Read Ahead24.5.1. Sequential Read Ahead

    Disabling Sequential Read Ahead using "vmtune -r 0" improves diff --git a/docs/htmldocs/printing.html b/docs/htmldocs/printing.html index 91a1ad72b0..ed4528281b 100644 --- a/docs/htmldocs/printing.html +++ b/docs/htmldocs/printing.html @@ -16,8 +16,8 @@ REL="PREVIOUS" TITLE="Hosting a Microsoft Distributed File System tree on Samba" HREF="msdfs.html">NextChapter 13. Printing SupportChapter 14. Printing Support

    13.1. Introduction14.1. Introduction

    Beginning with the 2.2.0 release, Samba supports @@ -163,8 +163,8 @@ CLASS="SECT1" >

    13.2. Configuration14.2. Configuration

    13.2.1. Creating [print$]14.2.1. Creating [print$]

    In order to support the uploading of printer driver @@ -442,8 +442,8 @@ CLASS="SECT2" >

    13.2.2. Setting Drivers for Existing Printers14.2.2. Setting Drivers for Existing Printers

    The initial listing of printers in the Samba host's @@ -514,8 +514,8 @@ CLASS="SECT2" >

    13.2.3. Support a large number of printers14.2.3. Support a large number of printers

    One issue that has arisen during the development @@ -580,8 +580,8 @@ CLASS="SECT2" >

    13.2.4. Adding New Printers via the Windows NT APW14.2.4. Adding New Printers via the Windows NT APW

    By default, Samba offers all printer shares defined in

    13.2.5. Samba and Printer Ports14.2.5. Samba and Printer Ports

    Windows NT/2000 print servers associate a port with each printer. These normally @@ -770,8 +770,8 @@ CLASS="SECT1" >

    13.3. The Imprints Toolset14.3. The Imprints Toolset

    The Imprints tool set provides a UNIX equivalent of the @@ -788,8 +788,8 @@ CLASS="SECT2" >

    13.3.1. What is Imprints?14.3.1. What is Imprints?

    Imprints is a collection of tools for supporting the goals @@ -820,8 +820,8 @@ CLASS="SECT2" >

    13.3.2. Creating Printer Driver Packages14.3.2. Creating Printer Driver Packages

    The process of creating printer driver packages is beyond @@ -836,8 +836,8 @@ CLASS="SECT2" >

    13.3.3. The Imprints server14.3.3. The Imprints server

    The Imprints server is really a database server that @@ -860,8 +860,8 @@ CLASS="SECT2" >

    13.3.4. The Installation Client14.3.4. The Installation Client

    More information regarding the Imprints installation client @@ -954,16 +954,16 @@ CLASS="SECT1" >

    13.4. Diagnosis14.4. Diagnosis

    13.4.1. Introduction14.4.1. Introduction

    This is a short description of how to debug printing problems with @@ -1037,8 +1037,8 @@ CLASS="SECT2" >

    13.4.2. Debugging printer problems14.4.2. Debugging printer problems

    One way to debug printing problems is to start by replacing these @@ -1094,8 +1094,8 @@ CLASS="SECT2" >

    13.4.3. What printers do I have?14.4.3. What printers do I have?

    You can use the 'testprns' program to check to see if the printer @@ -1123,8 +1123,8 @@ CLASS="SECT2" >

    13.4.4. Setting up printcap and print servers14.4.4. Setting up printcap and print servers

    You may need to set up some printcaps for your Samba system to use. @@ -1207,8 +1207,8 @@ CLASS="SECT2" >

    13.4.5. Job sent, no output14.4.5. Job sent, no output

    This is the most frustrating part of printing. You may have sent the @@ -1252,8 +1252,8 @@ CLASS="SECT2" >

    13.4.6. Job sent, strange output14.4.6. Job sent, strange output

    Once you have the job printing, you can then start worrying about @@ -1298,8 +1298,8 @@ CLASS="SECT2" >

    13.4.7. Raw PostScript printed14.4.7. Raw PostScript printed

    This is a problem that is usually caused by either the print spooling @@ -1313,8 +1313,8 @@ CLASS="SECT2" >

    13.4.8. Advanced Printing14.4.8. Advanced Printing

    Note that you can do some pretty magic things by using your @@ -1329,8 +1329,8 @@ CLASS="SECT2" >

    13.4.9. Real debugging14.4.9. Real debugging

    If the above debug tips don't help, then maybe you need to bring in @@ -1372,7 +1372,7 @@ WIDTH="33%" ALIGN="right" VALIGN="top" >NextUnified Logons between Windows NT and UNIX using WinbindCUPS Printing Support

    Chapter 6. How to Act as a Backup Domain Controller in a Purely Samba Controlled DomainChapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

    6.1. Prerequisite Reading7.1. Prerequisite Reading

    Before you continue reading in this chapter, please make sure @@ -97,8 +97,8 @@ CLASS="SECT1" >

    6.2. Background7.2. Background

    What is a Domain Controller? It is a machine that is able to answer @@ -142,8 +142,8 @@ CLASS="SECT1" >

    6.3. What qualifies a Domain Controller on the network?7.3. What qualifies a Domain Controller on the network?

    Every machine that is a Domain Controller for the domain SAMBA has to @@ -159,8 +159,8 @@ CLASS="SECT2" >

    6.3.1. How does a Workstation find its domain controller?7.3.1. How does a Workstation find its domain controller?

    A NT workstation in the domain SAMBA that wants a local user to be @@ -178,8 +178,8 @@ CLASS="SECT2" >

    6.3.2. When is the PDC needed?7.3.2. When is the PDC needed?

    Whenever a user wants to change his password, this has to be done on @@ -194,8 +194,8 @@ CLASS="SECT1" >

    6.4. Can Samba be a Backup Domain Controller to an NT PDC?7.4. Can Samba be a Backup Domain Controller to an NT PDC?

    With version 2.2, no. The native NT SAM replication protocols have @@ -217,8 +217,8 @@ CLASS="SECT1" >

    6.5. How do I set up a Samba BDC?7.5. How do I set up a Samba BDC?

    Several things have to be done:

    6.5.1. How do I replicate the smbpasswd file?7.5.1. How do I replicate the smbpasswd file?

    Replication of the smbpasswd file is sensitive. It has to be done @@ -305,8 +305,8 @@ CLASS="SECT2" >

    6.5.2. Can I do this all with LDAP?7.5.2. Can I do this all with LDAP?

    The simple answer is YES. Samba's pdb_ldap code supports @@ -361,7 +361,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->Samba as a NT4 or Win2k Primary Domain ControllerSamba as an NT4 or Win2k Primary Domain Controller

    3.1. Introduction
    3.2. Important Notes About Security
    3.3. The smbpasswd Command
    3.4. Plain text
    3.5. TDB
    3.6. LDAP
    3.7. MySQL
    3.8. Passdb XML plugin
    4. User and Share security level (for servers not in a domain)Nomenclature of Server Types
    4.1. Stand Alone Server
    4.2. Domain Member Server
    4.3. Domain Controller
    5. Samba as Stand-Alone server (User and Share security level)
    6. Samba as a NT4 or Win2k Primary Domain ControllerSamba as an NT4 or Win2k Primary Domain Controller
    5.1. 6.1. Prerequisite Reading
    5.2. 6.2. Background
    5.3. 6.3. Configuring the Samba Domain Controller
    5.4. Creating Machine Trust Accounts and Joining Clients to the -Domain6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
    5.5. 6.5. Common Problems and Errors
    5.6. 6.6. System Policies and Profiles
    5.7. 6.7. What other help can I get?
    5.8. 6.8. Domain Control for Windows 9x/ME
    5.9. 6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
    6. 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
    6.1. 7.1. Prerequisite Reading
    6.2. 7.2. Background
    6.3. 7.3. What qualifies a Domain Controller on the network?
    6.4. 7.4. Can Samba be a Backup Domain Controller to an NT PDC?
    6.5. 7.5. How do I set up a Samba BDC?
    7. 8. Samba as a ADS domain member
    7.1. 8.1. Installing the required packages for Debian
    7.2. 8.2. Installing the required packages for RedHat
    7.3. 8.3. Compile Samba
    7.4. 8.4. Setup your /etc/krb5.conf
    7.5. 8.5. Create the computer account
    7.6. 8.6. Test your server setup
    7.7. 8.7. Testing with smbclient
    7.8. 8.8. Notes
    8. 9. Samba as a NT4 or Win2k domain member
    8.1. 9.1. Joining an NT Domain with Samba 3.0
    8.2. 9.2. Samba and Windows 2000 Domains
    8.3. 9.3. Why is this better than security = server?
    9. 10. Integrating MS Windows networks with Samba
    9.1. 10.1. Agenda
    9.2. 10.2. Name Resolution in a pure Unix/Linux world
    9.3. 10.3. Name resolution as used within MS Windows networking
    9.4. 10.4. How browsing functions and how to deploy stable and dependable browsing using Samba
    9.5. 10.5. MS Windows security options and how to configure Samba for seemless integration
    9.6. 10.6. Conclusions
    10. 11. UNIX Permission Bits and Windows NT Access Control Lists
    10.1. 11.1. Viewing and changing UNIX permissions using the NT security dialogs
    10.2. 11.2. How to view file security on a Samba share
    10.3. 11.3. Viewing file ownership
    10.4. 11.4. Viewing file or directory permissions
    10.5. 11.5. Modifying file or directory permissions
    10.6. 11.6. Interaction with the standard Samba create mask parameters
    10.7. 11.7. Interaction with the standard Samba file attribute mapping
    11. 12. Configuring PAM for distributed but centrally managed authentication
    11.1. 12.1. Samba and PAM
    11.2. 12.2. Distributed Authentication
    11.3. 12.3. PAM Configuration in smb.conf
    12. 13. Hosting a Microsoft Distributed File System tree on Samba
    12.1. 13.1. Instructions
    13. 14. Printing Support
    13.1. 14.1. Introduction
    13.2. 14.2. Configuration
    13.3. 14.3. The Imprints Toolset
    13.4. 14.4. Diagnosis
    14. 15. CUPS Printing Support
    15.1. Introduction
    15.2. CUPS - RAW Print Through Mode
    15.3. The CUPS Filter Chains
    15.4. CUPS Print Drivers and Devices
    15.5. Limiting the number of pages users can print
    15.6. Advanced Postscript Printing from MS Windows
    15.7. Auto-Deletion of CUPS spool files
    16. Unified Logons between Windows NT and UNIX using Winbind
    14.1. 16.1. Abstract
    14.2. 16.2. Introduction
    14.3. 16.3. What Winbind Provides
    14.4. 16.4. How Winbind Works
    14.5. 16.5. Installation and Configuration
    14.6. 16.6. Limitations
    14.7. 16.7. Conclusion
    15. 17. Improved browsing in samba
    15.1. 17.1. Overview of browsing
    15.2. 17.2. Browsing support in samba
    15.3. 17.3. Problem resolution
    15.4. 17.4. Browsing across subnets
    15.5. 17.5. Setting up a WINS server
    15.6. 17.6. Setting up Browsing in a WORKGROUP
    15.7. 17.7. Setting up Browsing in a DOMAIN
    15.8. 17.8. Forcing samba to be the master
    15.9. 17.9. Making samba the domain master
    15.10. 17.10. Note about broadcast addresses
    15.11. 17.11. Multiple interfaces
    16. 18. Stackable VFS modules
    16.1. 18.1. Introduction and configuration
    16.2. 18.2. Included modules
    16.3. 18.3. VFS modules available elsewhere
    17. 19. Group mapping HOWTO
    18. 20. Samba performance issues
    18.1. 20.1. Comparisons
    18.2. 20.2. Socket options
    18.3. 20.3. Read size
    18.4. 20.4. Max xmit
    18.5. 20.5. Log level
    18.6. 20.6. Read raw
    18.7. 20.7. Write raw
    18.8. 20.8. Slow Clients
    18.9. 20.9. Slow Logins
    18.10. 20.10. Client tuning
    19. 21. Creating Group Prolicy Files
    19.1. 21.1. Windows '9x
    19.2. 21.2. Windows NT 4
    19.3. 21.3. Windows 2000/XP
    20. 22. Securing Samba
    20.1. 22.1. Introduction
    20.2. 22.2. Using host based protection
    20.3. 22.3. Using interface protection
    20.4. 22.4. Using a firewall
    20.5. 22.5. Using a IPC$ share deny
    20.6. 22.6. Upgrading Samba
    23. Unicode/Charsets
    23.1. What are charsets and unicode?
    23.2. Samba and charsets
    21. 24. Portability
    21.1. 24.1. HPUX
    21.2. 24.2. SCO Unix
    21.3. 24.3. DNIX
    21.4. 24.4. RedHat Linux Rembrandt-II
    21.5. 24.5. AIX
    22. 25. Samba and other CIFS clients
    22.1. 25.1. Macintosh clients?
    22.2. 25.2. OS2 Client
    22.3. 25.3. Windows for Workgroups
    22.4. 25.4. Windows '95/'98
    22.5. 25.5. Windows 2000 Service Pack 2
    23. 26. How to compile SAMBA
    23.1. 26.1. Access Samba source code via CVS
    23.2. 26.2. Accessing the samba sources via rsync and ftp
    23.3. 26.3. Building the Binaries
    23.4. 26.4. Starting the smbd and nmbd
    24. 27. Reporting Bugs
    24.1. 27.1. Introduction
    24.2. 27.2. General info
    24.3. 27.3. Debug levels
    24.4. 27.4. Internal errors
    24.5. 27.5. Attaching to a running process
    24.6. 27.6. Patches
    25. 28. The samba checklist
    25.1. 28.1. Introduction
    25.2. 28.2. Assumptions
    25.3. 28.3. Tests
    25.4. 28.4. Still having troubles?
    Samba as a NT4 or Win2k Primary Domain ControllerSamba as an NT4 or Win2k Primary Domain ControllerChapter 5. Samba as a NT4 or Win2k Primary Domain ControllerChapter 6. Samba as an NT4 or Win2k Primary Domain Controller

    5.1. Prerequisite Reading6.1. Prerequisite Reading

    Before you continue reading in this chapter, please make sure @@ -96,98 +96,42 @@ CLASS="FILENAME" >smb.conf(5) -manpage and the Encryption chapter -of this HOWTO Collection.

    5.2. Background6.2. Background

    Author's Note: This document is a combination -of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". -Both documents are superseded by this one.

    Versions of Samba prior to release 2.2 had marginal capabilities to act -as a Windows NT 4.0 Primary Domain Controller - -(PDC). With Samba 2.2.0, we are proud to announce official support for -Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows -2000 clients. This article outlines the steps -necessary for configuring Samba as a PDC. It is necessary to have a -working Samba server prior to implementing the PDC functionality. If -you have not followed the steps outlined in UNIX_INSTALL.html, please make sure -that your server is configured correctly before proceeding. Another -good resource in the smb.conf(5) man -page. The following functionality should work in 2.2:

    This article outlines the steps necessary for configuring Samba as a PDC. +It is necessary to have a working Samba server prior to implementing the +PDC functionality.

    • domain logons for Windows NT 4.0/2000 clients. +> domain logons for Windows NT 4.0 / 200x / XP Professional clients.

    • placing a Windows 9x client in user level security +> placing Windows 9x / Me clients in user level security

    • retrieving a list of users and groups from a Samba PDC to - Windows 9x/NT/2000 clients + Windows 9x / Me / NT / 200x / XP Professional clients

    • roving (roaming) user profiles +> roaming user profiles

    The following pieces of functionality are not included in the 2.2 release:

    The following functionalities are new to the Samba 3.0 release:

    • SAM replication with Windows NT 4.0 Domain Controllers - (i.e. a Samba PDC and a Windows NT BDC or vice versa) +> Adding users via the User Manager for Domains

    The following functionalities are NOT provided by Samba 3.0:

    • Adding users via the User Manager for Domains +> SAM replication with Windows NT 4.0 Domain Controllers + (i.e. a Samba PDC and a Windows NT BDC or vice versa)

    Please note that Windows 9x clients are not true members of a domain +>Please note that Windows 9x / Me / XP Home clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for support Windows 9x-style domain logons is completely different -from NT4 domain logons and has been officially supported for some +from NT4 / Win2k type domain logons and has been officially supported for some time.

    Implementing a Samba PDC can basically be divided into 2 broad +>MS Windows XP Home edition is NOT able to join a domain and does not permit +the use of domain logons.

    Implementing a Samba PDC can basically be divided into 3 broad steps.

  • Creating machine trust accounts and joining clients - to the domain +> Creating machine trust accounts and joining clients to the domain +

  • Adding and managing domain user accounts

  • There are other minor details such as user profiles, system policies, etc... However, these are not necessarily specific to a Samba PDC as much as they are related to Windows NT networking -concepts. They will be mentioned only briefly here.

    5.3. Configuring the Samba Domain Controller6.3. Configuring the Samba Domain Controller

    The first step in creating a working Samba PDC is to -understand the parameters necessary in smb.conf. I will not -attempt to re-explain the parameters here as they are more that -adequately covered in the smb.conf man page. For convenience, the parameters have been -linked with the actual smb.conf description.

    .

    Here is an example logon path = \\%N\profiles\%u - ; where is a user's home directory and where should it - ; be mounted at? + ; where is a user's home directory and where should it be mounted at?

    As Samba 2.2 does not offer a complete implementation of group mapping +>Samba 3.0 offers a complete implementation of group mapping between Windows NT groups and Unix groups (this is really quite -complicated to explain in a short space), you should refer to the -domain admin -group smb.conf parameter for information of creating "Domain -Admins" style accounts.

    5.4. Creating Machine Trust Accounts and Joining Clients to the -Domain6.4. Creating Machine Trust Accounts and Joining Clients to the Domain

    A machine trust account is a Samba account that is used to @@ -480,14 +433,127 @@ Account."

    A Windows PDC stores each machine trust account in the Windows -Registry. A Samba PDC, however, stores each machine trust account -in two parts, as follows: +Registry. A Samba-3 PDC also has to stoe machine trust account information +in a suitable back-end data store. With Samba-3 there can be multiple back-ends +for this including:

    • smbpaswd - the plain ascii file stored used by + earlier versions of Samba. This file configuration option requires + a Unix/Linux system account for EVERY entry (ie: both for user and for + machine accounts). This file will be located in the private + directory (default is /usr/local/samba/lib/private or on linux /etc/samba). +

    • smbpasswd_nua - This file is independant of the + system wide user accounts. The use of this back-end option requires + specification of the "non unix account range" option also. It is called + smbpasswd and will be located in the private directory. +

    • tdbsam - a binary database backend that will be + stored in the private directory in a file called + passwd.tdb. The key benefit of this binary format + file is that it can store binary objects that can not be accomodated + in the traditional plain text smbpasswd file. +

    • tdbsam_nua like the smbpasswd_nua option above, this + file allows the creation of arbitrary user and machine accounts without + requiring that account to be added to the system (/etc/passwd) file. It + too requires the specification of the "non unix account range" option + in the [globals] section of the smb.conf file. +

    • ldapsam - An LDAP based back-end. Permits the + LDAP server to be specified. eg: ldap://localhost or ldap://frodo.murphy.com +

    • ldapsam_nua - LDAP based back-end with no unix + account requirement, like smbpasswd_nua and tdbsam_nua above. +

    A Samba PDC, however, stores each machine trust account in two parts, +as follows:

    5.4.1. Manual Creation of Machine Trust Accounts6.4.1. Manual Creation of Machine Trust Accounts

    The first step in manually creating a machine trust account is to @@ -710,8 +776,8 @@ CLASS="SECT2" >

    5.4.2. "On-the-Fly" Creation of Machine Trust Accounts6.4.2. "On-the-Fly" Creation of Machine Trust Accounts

    The second (and recommended) way of creating machine trust accounts is @@ -747,8 +813,8 @@ CLASS="SECT2" >

    5.4.3. Joining the Client to the Domain6.4.3. Joining the Client to the Domain

    The procedure for joining a client to the domain varies with the @@ -815,8 +881,8 @@ CLASS="SECT1" >

    5.5. Common Problems and Errors6.5. Common Problems and Errors

    5.6. System Policies and Profiles6.6. System Policies and Profiles

    Much of the information necessary to implement System Policies and @@ -1198,8 +1264,8 @@ CLASS="SECT1" >

    5.7. What other help can I get?6.7. What other help can I get?

    There are many sources of information available in the form @@ -1618,8 +1684,8 @@ CLASS="SECT1" >

    5.8. Domain Control for Windows 9x/ME6.8. Domain Control for Windows 9x/ME

    5.8.1. Configuration Instructions: Network Logons6.8.1. Configuration Instructions: Network Logons

    The main difference between a PDC and a Windows 9x logon @@ -1858,8 +1924,8 @@ CLASS="SECT2" >

    5.8.2. Configuration Instructions: Setting up Roaming User Profiles6.8.2. Configuration Instructions: Setting up Roaming User Profiles

    5.8.2.1. Windows NT Configuration6.8.2.1. Windows NT Configuration

    To support WinNT clients, in the [global] section of smb.conf set the @@ -1962,8 +2028,8 @@ CLASS="SECT3" >

    5.8.2.2. Windows 9X Configuration6.8.2.2. Windows 9X Configuration

    To support Win9X clients, you must use the "logon home" parameter. Samba has @@ -1993,8 +2059,8 @@ CLASS="SECT3" >

    5.8.2.3. Win9X and WinNT Configuration6.8.2.3. Win9X and WinNT Configuration

    You can support profiles for both Win9X and WinNT clients by setting both the @@ -2038,8 +2104,8 @@ CLASS="SECT3" >

    5.8.2.4. Windows 9X Profile Setup6.8.2.4. Windows 9X Profile Setup

    When a user first logs in on Windows 9X, the file user.DAT is created, @@ -2198,8 +2264,8 @@ CLASS="SECT3" >

    5.8.2.5. Windows NT Workstation 4.06.8.2.5. Windows NT Workstation 4.0

    When a user first logs in to a Windows NT Workstation, the profile @@ -2312,8 +2378,8 @@ CLASS="SECT3" >

    5.8.2.6. Windows NT Server6.8.2.6. Windows NT Server

    There is nothing to stop you specifying any path that you like for the @@ -2326,8 +2392,8 @@ CLASS="SECT3" >

    5.8.2.7. Sharing Profiles between W95 and NT Workstation 4.06.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0

    5.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

    User and Share security level (for servers not in a domain)Samba as Stand-Alone server (User and Share security level)NextChapter 20. Securing SambaChapter 22. Securing Samba

    20.1. Introduction22.1. Introduction

    This note was attached to the Samba 2.2.8 release notes as it contained an @@ -93,8 +93,8 @@ CLASS="SECT1" >

    20.2. Using host based protection22.2. Using host based protection

    In many installations of Samba the greatest threat comes for outside @@ -125,8 +125,8 @@ CLASS="SECT1" >

    20.3. Using interface protection22.3. Using interface protection

    By default Samba will accept connections on any network interface that @@ -161,8 +161,8 @@ CLASS="SECT1" >

    20.4. Using a firewall22.4. Using a firewall

    Many people use a firewall to deny access to services that they don't @@ -191,8 +191,8 @@ CLASS="SECT1" >

    20.5. Using a IPC$ share deny22.5. Using a IPC$ share deny

    If the above methods are not suitable, then you could also place a @@ -230,8 +230,8 @@ CLASS="SECT1" >

    20.6. Upgrading Samba22.6. Upgrading Samba

    Please check regularly on http://www.samba.org/ for updates and @@ -274,7 +274,7 @@ WIDTH="33%" ALIGN="right" VALIGN="top" >NextAppendixesUnicode/Charsets

    User and Share security level (for servers not in a domain)Samba as Stand-Alone server (User and Share security level)PrevChapter 4. User and Share security level (for servers not in a domain)Chapter 5. Samba as Stand-Alone server (User and Share security level)

    A SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which @@ -184,7 +184,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevType of installationNomenclature of Server TypesSamba as a NT4 or Win2k Primary Domain ControllerSamba as an NT4 or Win2k Primary Domain Controller

    Chapter 18. Samba performance issuesChapter 20. Samba performance issues

    18.1. Comparisons20.1. Comparisons

    The Samba server uses TCP to talk to the client. Thus if you are @@ -111,8 +111,8 @@ CLASS="SECT1" >

    18.2. Socket options20.2. Socket options

    There are a number of socket options that can greatly affect the @@ -139,8 +139,8 @@ CLASS="SECT1" >

    18.3. Read size20.3. Read size

    The option "read size" affects the overlap of disk reads/writes with @@ -165,8 +165,8 @@ CLASS="SECT1" >

    18.4. Max xmit20.4. Max xmit

    At startup the client and server negotiate a "maximum transmit" size, @@ -188,8 +188,8 @@ CLASS="SECT1" >

    18.5. Log level20.5. Log level

    If you set the log level (also known as "debug level") higher than 2 @@ -202,8 +202,8 @@ CLASS="SECT1" >

    18.6. Read raw20.6. Read raw

    The "read raw" operation is designed to be an optimised, low-latency @@ -224,8 +224,8 @@ CLASS="SECT1" >

    18.7. Write raw20.7. Write raw

    The "write raw" operation is designed to be an optimised, low-latency @@ -241,8 +241,8 @@ CLASS="SECT1" >

    18.8. Slow Clients20.8. Slow Clients

    One person has reported that setting the protocol to COREPLUS rather @@ -258,8 +258,8 @@ CLASS="SECT1" >

    18.9. Slow Logins20.9. Slow Logins

    Slow logins are almost always due to the password checking time. Using @@ -271,8 +271,8 @@ CLASS="SECT1" >

    18.10. Client tuning20.10. Client tuning

    Often a speed problem can be traced to the client. The client (for diff --git a/docs/htmldocs/type.html b/docs/htmldocs/type.html index d4db19bf43..8e6bc0c4e7 100644 --- a/docs/htmldocs/type.html +++ b/docs/htmldocs/type.html @@ -13,8 +13,8 @@ REL="PREVIOUS" TITLE="User information database" HREF="passdb.html">Next

    Introduction

    4. User and Share security level (for servers not in a domain)Nomenclature of Server Types
    4.1. Stand Alone Server
    4.2. Domain Member Server
    4.3. Domain Controller
    4.3.1. Domain Controller Types
    5. Samba as Stand-Alone server (User and Share security level)
    6. Samba as a NT4 or Win2k Primary Domain ControllerSamba as an NT4 or Win2k Primary Domain Controller
    5.1. 6.1. Prerequisite Reading
    5.2. 6.2. Background
    5.3. 6.3. Configuring the Samba Domain Controller
    5.4. Creating Machine Trust Accounts and Joining Clients to the -Domain6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
    5.4.1. 6.4.1. Manual Creation of Machine Trust Accounts
    5.4.2. 6.4.2. "On-the-Fly" Creation of Machine Trust Accounts
    5.4.3. 6.4.3. Joining the Client to the Domain
    5.5. 6.5. Common Problems and Errors
    5.6. 6.6. System Policies and Profiles
    5.7. 6.7. What other help can I get?
    5.8. 6.8. Domain Control for Windows 9x/ME
    5.8.1. 6.8.1. Configuration Instructions: Network Logons
    5.8.2. 6.8.2. Configuration Instructions: Setting up Roaming User Profiles
    5.9. 6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
    6. 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
    6.1. 7.1. Prerequisite Reading
    6.2. 7.2. Background
    6.3. 7.3. What qualifies a Domain Controller on the network?
    6.3.1. 7.3.1. How does a Workstation find its domain controller?
    6.3.2. 7.3.2. When is the PDC needed?
    6.4. 7.4. Can Samba be a Backup Domain Controller to an NT PDC?
    6.5. 7.5. How do I set up a Samba BDC?
    6.5.1. 7.5.1. How do I replicate the smbpasswd file?
    6.5.2. 7.5.2. Can I do this all with LDAP?
    7. 8. Samba as a ADS domain member
    7.1. 8.1. Installing the required packages for Debian
    7.2. 8.2. Installing the required packages for RedHat
    7.3. 8.3. Compile Samba
    7.4. 8.4. Setup your /etc/krb5.conf
    7.5. 8.5. Create the computer account
    7.5.1. 8.5.1. Possible errors
    7.6. 8.6. Test your server setup
    7.7. 8.7. Testing with smbclient
    7.8. 8.8. Notes
    8. 9. Samba as a NT4 or Win2k domain member
    8.1. 9.1. Joining an NT Domain with Samba 3.0
    8.2. 9.2. Samba and Windows 2000 Domains
    8.3. 9.3. Why is this better than security = server?
    NextUser and Share security level (for servers not in a domain)Nomenclature of Server Types
    Chapter 10. UNIX Permission Bits and Windows NT Access Control ListsChapter 11. UNIX Permission Bits and Windows NT Access Control Lists

    10.1. Viewing and changing UNIX permissions using the NT +NAME="AEN1748" +>11.1. Viewing and changing UNIX permissions using the NT security dialogs

    10.2. How to view file security on a Samba share11.2. How to view file security on a Samba share

    From an NT 4.0 client, single-click with the right @@ -170,8 +170,8 @@ CLASS="SECT1" >

    10.3. Viewing file ownership11.3. Viewing file ownership

    Clicking on the

    10.4. Viewing file or directory permissions11.4. Viewing file or directory permissions

    The third button is the

    10.4.1. File Permissions11.4.1. File Permissions

    The standard UNIX user/group/world triple and @@ -372,8 +372,8 @@ CLASS="SECT2" >

    10.4.2. Directory Permissions11.4.2. Directory Permissions

    Directories on an NT NTFS file system have two @@ -404,8 +404,8 @@ CLASS="SECT1" >

    10.5. Modifying file or directory permissions11.5. Modifying file or directory permissions

    Modifying file and directory permissions is as simple @@ -500,8 +500,8 @@ CLASS="SECT1" >

    10.6. Interaction with the standard Samba create mask +NAME="AEN1841" +>11.6. Interaction with the standard Samba create mask parameters

    10.7. Interaction with the standard Samba file attribute +NAME="AEN1905" +>11.7. Interaction with the standard Samba file attribute mapping

    Chapter 16. Stackable VFS modulesChapter 18. Stackable VFS modules

    16.1. Introduction and configuration18.1. Introduction and configuration

    Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -121,16 +121,16 @@ CLASS="SECT1" >

    16.2. Included modules18.2. Included modules

    16.2.1. audit18.2.1. audit

    A simple module to audit file access to the syslog @@ -167,8 +167,8 @@ CLASS="SECT2" >

    16.2.2. recycle18.2.2. recycle

    A recycle-bin like modules. When used any unlink call @@ -238,8 +238,8 @@ CLASS="SECT2" >

    16.2.3. netatalk18.2.3. netatalk

    A netatalk module, that will ease co-existence of samba and @@ -271,8 +271,8 @@ CLASS="SECT1" >

    16.3. VFS modules available elsewhere18.3. VFS modules available elsewhere

    This section contains a listing of various other VFS modules that @@ -287,8 +287,8 @@ CLASS="SECT2" >

    16.3.1. DatabaseFS18.3.1. DatabaseFS

    URL:

    16.3.2. vscan18.3.2. vscan

    URL: PrevChapter 14. Unified Logons between Windows NT and UNIX using WinbindChapter 16. Unified Logons between Windows NT and UNIX using Winbind

    14.1. Abstract16.1. Abstract

    Integration of UNIX and Microsoft Windows NT through @@ -107,8 +107,8 @@ CLASS="SECT1" >

    14.2. Introduction16.2. Introduction

    It is well known that UNIX and Microsoft Windows NT have @@ -161,8 +161,8 @@ CLASS="SECT1" >

    14.3. What Winbind Provides16.3. What Winbind Provides

    Winbind unifies UNIX and Windows NT account management by @@ -203,8 +203,8 @@ CLASS="SECT2" >

    14.3.1. Target Uses16.3.1. Target Uses

    Winbind is targeted at organizations that have an @@ -227,8 +227,8 @@ CLASS="SECT1" >

    14.4. How Winbind Works16.4. How Winbind Works

    The winbind system is designed around a client/server @@ -247,8 +247,8 @@ CLASS="SECT2" >

    14.4.1. Microsoft Remote Procedure Calls16.4.1. Microsoft Remote Procedure Calls

    Over the last few years, efforts have been underway @@ -273,8 +273,8 @@ CLASS="SECT2" >

    14.4.2. Microsoft Active Directory Services16.4.2. Microsoft Active Directory Services

    Since late 2001, Samba has gained the ability to @@ -292,8 +292,8 @@ CLASS="SECT2" >

    14.4.3. Name Service Switch16.4.3. Name Service Switch

    The Name Service Switch, or NSS, is a feature that is @@ -372,8 +372,8 @@ CLASS="SECT2" >

    14.4.4. Pluggable Authentication Modules16.4.4. Pluggable Authentication Modules

    Pluggable Authentication Modules, also known as PAM, @@ -421,8 +421,8 @@ CLASS="SECT2" >

    14.4.5. User and Group ID Allocation16.4.5. User and Group ID Allocation

    When a user or group is created under Windows NT @@ -447,8 +447,8 @@ CLASS="SECT2" >

    14.4.6. Result Caching16.4.6. Result Caching

    An active system can generate a lot of user and group @@ -470,8 +470,8 @@ CLASS="SECT1" >

    14.5. Installation and Configuration16.5. Installation and Configuration

    Many thanks to John Trostel This HOWTO describes how to get winbind services up and running to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2.

    There is also some Solaris specific information in -docs/textdocs/Solaris-Winbind-HOWTO.txt. -Future revisions of this document will incorporate that -information.

    14.5.1. Introduction16.5.1. Introduction

    This HOWTO describes the procedures used to get winbind up and @@ -556,8 +548,8 @@ CLASS="SECT2" >

    14.5.2. Requirements16.5.2. Requirements

    If you have a samba configuration file that you are currently @@ -626,8 +618,8 @@ CLASS="SECT2" >

    14.5.3. Testing Things Out16.5.3. Testing Things Out

    Before starting, it is probably best to kill off all the SAMBA @@ -671,8 +663,8 @@ CLASS="SECT3" >

    14.5.3.1. Configure and compile SAMBA16.5.3.1. Configure and compile SAMBA

    The configuration and compilation of SAMBA is pretty straightforward. @@ -737,8 +729,8 @@ CLASS="SECT3" >

    14.5.3.2. Configure 16.5.3.2. Configure nsswitch.conf and the @@ -842,8 +834,8 @@ CLASS="SECT3" >

    14.5.3.3. Configure smb.conf16.5.3.3. Configure smb.conf

    Several parameters are needed in the smb.conf file to control @@ -917,8 +909,8 @@ CLASS="SECT3" >

    14.5.3.4. Join the SAMBA server to the PDC domain16.5.3.4. Join the SAMBA server to the PDC domain

    Enter the following command to make the SAMBA server join the @@ -955,8 +947,8 @@ CLASS="SECT3" >

    14.5.3.5. Start up the winbindd daemon and test it!16.5.3.5. Start up the winbindd daemon and test it!

    Eventually, you will want to modify your smb startup script to @@ -973,6 +965,21 @@ CLASS="COMMAND" >/usr/local/samba/bin/winbindd

    Winbindd can now also run in 'dual daemon mode'. This will make it +run as 2 processes. The first will answer all requests from the cache, +thus making responses to clients faster. The other will +update the cache for the query that the first has just responded. +Advantage of this is that responses stay accurate and are faster. +You can enable dual daemon mode by adding '-B' to the commandline:

    root# /usr/local/samba/bin/winbindd -B

    I'm always paranoid and like to make sure the daemon is really running...

    14.5.3.6. Fix the init.d startup scripts16.5.3.6. Fix the init.d startup scripts

    14.5.3.6.1. Linux16.5.3.6.1. Linux

    The

    If you would like to run winbindd in dual daemon mode, replace +the line +

            daemon /usr/local/samba/bin/winbindd
    + +in the example above with: + +
            daemon /usr/local/samba/bin/winbindd -B
    .

    The 'stop' function has a corresponding entry to shut down the -services and look s like this:

    14.5.3.6.2. Solaris16.5.3.6.2. Solaris

    On solaris, you need to modify the @@ -1245,14 +1266,27 @@ echo Starting Winbind Daemon ;; esac

    Again, if you would like to run samba in dual daemon mode, replace +

       /usr/local/samba/bin/winbindd
    + +in the script above with: + +
       /usr/local/samba/bin/winbindd -B

    14.5.3.6.3. Restarting16.5.3.6.3. Restarting

    If you restart the

    14.5.3.7. Configure Winbind and PAM16.5.3.7. Configure Winbind and PAM

    If you have made it this far, you know that winbindd and samba are working @@ -1333,8 +1367,8 @@ CLASS="SECT4" >

    14.5.3.7.1. Linux/FreeBSD-specific PAM configuration16.5.3.7.1. Linux/FreeBSD-specific PAM configuration

    The

    14.5.3.7.2. Solaris-specific configuration16.5.3.7.2. Solaris-specific configuration

    The /etc/pam.conf needs to be changed. I changed this file so that my Domain @@ -1549,8 +1583,8 @@ CLASS="SECT1" >

    14.6. Limitations16.6. Limitations

    Winbind has a number of limitations in its current @@ -1591,8 +1625,8 @@ CLASS="SECT1" >

    14.7. Conclusion16.7. Conclusion

    The winbind system, through the use of the Name Service @@ -1619,7 +1653,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevPrinting SupportCUPS Printing Support