From 2fb5c7c580a3fff3c7d477b65a1c4852af86433b Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Tue, 1 Oct 2002 17:16:07 +0000
Subject: merge from HEAD (This used to be commit
c0ca286e36d49deba6c73690114b0d867cbfd63e)
---
docs/htmldocs/Samba-HOWTO-Collection.html | 3593 ++++++++++++++++-------------
docs/htmldocs/winbind.html | 320 ++-
2 files changed, 2192 insertions(+), 1721 deletions(-)
(limited to 'docs/htmldocs')
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html
index ffb6939e17..71e27a2e80 100644
--- a/docs/htmldocs/Samba-HOWTO-Collection.html
+++ b/docs/htmldocs/Samba-HOWTO-Collection.html
@@ -1,10 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<HTML
><HEAD
><TITLE
>SAMBA Project Documentation</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+"></HEAD
><BODY
CLASS="BOOK"
BGCOLOR="#FFFFFF"
@@ -15,31 +17,24 @@ ALINK="#0000FF"
><DIV
CLASS="BOOK"
><A
-NAME="SAMBA-PROJECT-DOCUMENTATION"
-></A
-><DIV
+NAME="SAMBA-PROJECT-DOCUMENTATION"><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
-NAME="SAMBA-PROJECT-DOCUMENTATION"
->SAMBA Project Documentation</A
-></H1
+NAME="SAMBA-PROJECT-DOCUMENTATION">SAMBA Project Documentation</H1
><H3
CLASS="AUTHOR"
><A
-NAME="AEN4"
->SAMBA Team</A
-></H3
+NAME="AEN4">SAMBA Team</H3
><HR></DIV
><HR><H1
><A
-NAME="AEN8"
->Abstract</A
-></H1
+NAME="AEN8">Abstract</H1
><P
-><EM
->Last Update</EM
+><I
+CLASS="EMPHASIS"
+>Last Update</I
> : Thu Aug 15 12:48:45 CDT 2002</P
><P
>This book is a collection of HOWTOs added to Samba documentation over the years.
@@ -73,34 +68,34 @@ CLASS="TOC"
>Table of Contents</B
></DT
><DT
->1. <A
+><A
HREF="#INSTALL"
>How to Install and Test SAMBA</A
></DT
><DD
><DL
><DT
->1.1. <A
+><A
HREF="#AEN20"
>Step 0: Read the man pages</A
></DT
><DT
->1.2. <A
+><A
HREF="#AEN28"
>Step 1: Building the Binaries</A
></DT
><DT
->1.3. <A
+><A
HREF="#AEN56"
>Step 2: The all important step</A
></DT
><DT
->1.4. <A
+><A
HREF="#AEN60"
>Step 3: Create the smb configuration file.</A
></DT
><DT
->1.5. <A
+><A
HREF="#AEN74"
>Step 4: Test your config file with
<B
@@ -109,76 +104,76 @@ CLASS="COMMAND"
></A
></DT
><DT
->1.6. <A
+><A
HREF="#AEN80"
>Step 5: Starting the smbd and nmbd</A
></DT
><DD
><DL
><DT
->1.6.1. <A
+><A
HREF="#AEN90"
>Step 5a: Starting from inetd.conf</A
></DT
><DT
->1.6.2. <A
+><A
HREF="#AEN119"
>Step 5b. Alternative: starting it as a daemon</A
></DT
></DL
></DD
><DT
->1.7. <A
+><A
HREF="#AEN135"
>Step 6: Try listing the shares available on your
server</A
></DT
><DT
->1.8. <A
+><A
HREF="#AEN144"
>Step 7: Try connecting with the unix client</A
></DT
><DT
->1.9. <A
+><A
HREF="#AEN160"
>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</A
></DT
><DT
->1.10. <A
+><A
HREF="#AEN174"
>What If Things Don't Work?</A
></DT
><DD
><DL
><DT
->1.10.1. <A
+><A
HREF="#AEN179"
>Diagnosing Problems</A
></DT
><DT
->1.10.2. <A
+><A
HREF="#AEN183"
>Scope IDs</A
></DT
><DT
->1.10.3. <A
+><A
HREF="#AEN186"
>Choosing the Protocol Level</A
></DT
><DT
->1.10.4. <A
+><A
HREF="#AEN195"
>Printing from UNIX to a Client PC</A
></DT
><DT
->1.10.5. <A
-HREF="#AEN199"
+><A
+HREF="#AEN200"
>Locking</A
></DT
><DT
->1.10.6. <A
-HREF="#AEN208"
+><A
+HREF="#AEN209"
>Mapping Usernames</A
></DT
></DL
@@ -186,139 +181,139 @@ HREF="#AEN208"
></DL
></DD
><DT
->2. <A
+><A
HREF="#DIAGNOSIS"
>Diagnosing your samba server</A
></DT
><DD
><DL
><DT
->2.1. <A
-HREF="#AEN222"
+><A
+HREF="#AEN223"
>Introduction</A
></DT
><DT
->2.2. <A
-HREF="#AEN227"
+><A
+HREF="#AEN228"
>Assumptions</A
></DT
><DT
->2.3. <A
-HREF="#AEN237"
+><A
+HREF="#AEN238"
>Tests</A
></DT
><DD
><DL
><DT
->2.3.1. <A
-HREF="#AEN239"
+><A
+HREF="#AEN240"
>Test 1</A
></DT
><DT
->2.3.2. <A
-HREF="#AEN245"
+><A
+HREF="#AEN246"
>Test 2</A
></DT
><DT
->2.3.3. <A
-HREF="#AEN251"
+><A
+HREF="#AEN252"
>Test 3</A
></DT
><DT
->2.3.4. <A
-HREF="#AEN266"
+><A
+HREF="#AEN267"
>Test 4</A
></DT
><DT
->2.3.5. <A
-HREF="#AEN271"
+><A
+HREF="#AEN272"
>Test 5</A
></DT
><DT
->2.3.6. <A
-HREF="#AEN277"
+><A
+HREF="#AEN278"
>Test 6</A
></DT
><DT
->2.3.7. <A
-HREF="#AEN285"
+><A
+HREF="#AEN286"
>Test 7</A
></DT
><DT
->2.3.8. <A
-HREF="#AEN311"
+><A
+HREF="#AEN312"
>Test 8</A
></DT
><DT
->2.3.9. <A
-HREF="#AEN328"
+><A
+HREF="#AEN329"
>Test 9</A
></DT
><DT
->2.3.10. <A
-HREF="#AEN333"
+><A
+HREF="#AEN334"
>Test 10</A
></DT
><DT
->2.3.11. <A
-HREF="#AEN339"
+><A
+HREF="#AEN340"
>Test 11</A
></DT
></DL
></DD
><DT
->2.4. <A
-HREF="#AEN344"
+><A
+HREF="#AEN345"
>Still having troubles?</A
></DT
></DL
></DD
><DT
->3. <A
+><A
HREF="#INTEGRATE-MS-NETWORKS"
>Integrating MS Windows networks with Samba</A
></DT
><DD
><DL
><DT
->3.1. <A
-HREF="#AEN361"
+><A
+HREF="#AEN362"
>Agenda</A
></DT
><DT
->3.2. <A
-HREF="#AEN383"
+><A
+HREF="#AEN384"
>Name Resolution in a pure Unix/Linux world</A
></DT
><DD
><DL
><DT
->3.2.1. <A
-HREF="#AEN399"
+><A
+HREF="#AEN400"
><TT
CLASS="FILENAME"
>/etc/hosts</TT
></A
></DT
><DT
->3.2.2. <A
-HREF="#AEN415"
+><A
+HREF="#AEN416"
><TT
CLASS="FILENAME"
>/etc/resolv.conf</TT
></A
></DT
><DT
->3.2.3. <A
-HREF="#AEN426"
+><A
+HREF="#AEN427"
><TT
CLASS="FILENAME"
>/etc/host.conf</TT
></A
></DT
><DT
->3.2.4. <A
-HREF="#AEN434"
+><A
+HREF="#AEN435"
><TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
@@ -327,93 +322,79 @@ CLASS="FILENAME"
></DL
></DD
><DT
->3.3. <A
-HREF="#AEN446"
+><A
+HREF="#AEN447"
>Name resolution as used within MS Windows networking</A
></DT
><DD
><DL
><DT
->3.3.1. <A
-HREF="#AEN458"
+><A
+HREF="#AEN459"
>The NetBIOS Name Cache</A
></DT
><DT
->3.3.2. <A
-HREF="#AEN463"
+><A
+HREF="#AEN464"
>The LMHOSTS file</A
></DT
><DT
->3.3.3. <A
-HREF="#AEN471"
+><A
+HREF="#AEN472"
>HOSTS file</A
></DT
><DT
->3.3.4. <A
-HREF="#AEN476"
+><A
+HREF="#AEN477"
>DNS Lookup</A
></DT
><DT
->3.3.5. <A
-HREF="#AEN479"
+><A
+HREF="#AEN480"
>WINS Lookup</A
></DT
></DL
></DD
><DT
->3.4. <A
-HREF="#AEN491"
+><A
+HREF="#AEN492"
>How browsing functions and how to deploy stable and
dependable browsing using Samba</A
></DT
><DT
->3.5. <A
-HREF="#AEN501"
+><A
+HREF="#AEN502"
>MS Windows security options and how to configure
Samba for seemless integration</A
></DT
><DD
><DL
><DT
->3.5.1. <A
-HREF="#AEN529"
+><A
+HREF="#AEN530"
>Use MS Windows NT as an authentication server</A
></DT
><DT
->3.5.2. <A
-HREF="#AEN537"
+><A
+HREF="#AEN538"
>Make Samba a member of an MS Windows NT security domain</A
></DT
><DT
->3.5.3. <A
-HREF="#AEN554"
+><A
+HREF="#AEN555"
>Configure Samba as an authentication server</A
></DT
-><DD
-><DL
-><DT
->3.5.3.1. <A
-HREF="#AEN561"
->Users</A
-></DT
-><DT
->3.5.3.2. <A
-HREF="#AEN566"
->MS Windows NT Machine Accounts</A
-></DT
-></DL
-></DD
></DL
></DD
><DT
->3.6. <A
-HREF="#AEN571"
+><A
+HREF="#AEN572"
>Conclusions</A
></DT
></DL
></DD
><DT
->4. <A
+><A
HREF="#PAM"
>Configuring PAM for distributed but centrally
managed authentication</A
@@ -421,39 +402,39 @@ managed authentication</A
><DD
><DL
><DT
->4.1. <A
-HREF="#AEN592"
+><A
+HREF="#AEN593"
>Samba and PAM</A
></DT
><DT
->4.2. <A
-HREF="#AEN636"
+><A
+HREF="#AEN637"
>Distributed Authentication</A
></DT
><DT
->4.3. <A
-HREF="#AEN643"
+><A
+HREF="#AEN644"
>PAM Configuration in smb.conf</A
></DT
></DL
></DD
><DT
->5. <A
+><A
HREF="#MSDFS"
>Hosting a Microsoft Distributed File System tree on Samba</A
></DT
><DD
><DL
><DT
->5.1. <A
-HREF="#AEN663"
+><A
+HREF="#AEN664"
>Instructions</A
></DT
><DD
><DL
><DT
->5.1.1. <A
-HREF="#AEN698"
+><A
+HREF="#AEN699"
>Notes</A
></DT
></DL
@@ -461,144 +442,144 @@ HREF="#AEN698"
></DL
></DD
><DT
->6. <A
+><A
HREF="#UNIX-PERMISSIONS"
>UNIX Permission Bits and Windows NT Access Control Lists</A
></DT
><DD
><DL
><DT
->6.1. <A
-HREF="#AEN718"
+><A
+HREF="#AEN719"
>Viewing and changing UNIX permissions using the NT
security dialogs</A
></DT
><DT
->6.2. <A
-HREF="#AEN727"
+><A
+HREF="#AEN728"
>How to view file security on a Samba share</A
></DT
><DT
->6.3. <A
-HREF="#AEN738"
+><A
+HREF="#AEN739"
>Viewing file ownership</A
></DT
><DT
->6.4. <A
-HREF="#AEN758"
+><A
+HREF="#AEN759"
>Viewing file or directory permissions</A
></DT
><DD
><DL
><DT
->6.4.1. <A
-HREF="#AEN773"
+><A
+HREF="#AEN774"
>File Permissions</A
></DT
><DT
->6.4.2. <A
-HREF="#AEN787"
+><A
+HREF="#AEN788"
>Directory Permissions</A
></DT
></DL
></DD
><DT
->6.5. <A
-HREF="#AEN794"
+><A
+HREF="#AEN795"
>Modifying file or directory permissions</A
></DT
><DT
->6.6. <A
-HREF="#AEN816"
+><A
+HREF="#AEN817"
>Interaction with the standard Samba create mask
parameters</A
></DT
><DT
->6.7. <A
-HREF="#AEN880"
+><A
+HREF="#AEN881"
>Interaction with the standard Samba file attribute
mapping</A
></DT
></DL
></DD
><DT
->7. <A
+><A
HREF="#PRINTING"
>Printing Support in Samba 2.2.x</A
></DT
><DD
><DL
><DT
->7.1. <A
-HREF="#AEN901"
+><A
+HREF="#AEN902"
>Introduction</A
></DT
><DT
->7.2. <A
-HREF="#AEN923"
+><A
+HREF="#AEN924"
>Configuration</A
></DT
><DD
><DL
><DT
->7.2.1. <A
-HREF="#AEN934"
+><A
+HREF="#AEN935"
>Creating [print$]</A
></DT
><DT
->7.2.2. <A
-HREF="#AEN969"
+><A
+HREF="#AEN970"
>Setting Drivers for Existing Printers</A
></DT
><DT
->7.2.3. <A
-HREF="#AEN986"
+><A
+HREF="#AEN987"
>Support a large number of printers</A
></DT
><DT
->7.2.4. <A
-HREF="#AEN997"
+><A
+HREF="#AEN998"
>Adding New Printers via the Windows NT APW</A
></DT
><DT
->7.2.5. <A
-HREF="#AEN1022"
+><A
+HREF="#AEN1028"
>Samba and Printer Ports</A
></DT
></DL
></DD
><DT
->7.3. <A
-HREF="#AEN1030"
+><A
+HREF="#AEN1036"
>The Imprints Toolset</A
></DT
><DD
><DL
><DT
->7.3.1. <A
-HREF="#AEN1034"
+><A
+HREF="#AEN1040"
>What is Imprints?</A
></DT
><DT
->7.3.2. <A
-HREF="#AEN1044"
+><A
+HREF="#AEN1050"
>Creating Printer Driver Packages</A
></DT
><DT
->7.3.3. <A
-HREF="#AEN1047"
+><A
+HREF="#AEN1053"
>The Imprints server</A
></DT
><DT
->7.3.4. <A
-HREF="#AEN1051"
+><A
+HREF="#AEN1057"
>The Installation Client</A
></DT
></DL
></DD
><DT
->7.4. <A
-HREF="#AEN1073"
+><A
+HREF="#AEN1079"
><A
NAME="MIGRATION"
></A
@@ -607,424 +588,342 @@ NAME="MIGRATION"
></DL
></DD
><DT
->8. <A
-HREF="#PRINTING_DEBUG"
+><A
+HREF="#PRINTINGDEBUG"
>Debugging Printing Problems</A
></DT
><DD
><DL
><DT
->8.1. <A
-HREF="#AEN1119"
+><A
+HREF="#AEN1125"
>Introduction</A
></DT
><DT
->8.2. <A
-HREF="#AEN1135"
+><A
+HREF="#AEN1141"
>Debugging printer problems</A
></DT
><DT
->8.3. <A
-HREF="#AEN1144"
+><A
+HREF="#AEN1150"
>What printers do I have?</A
></DT
><DT
->8.4. <A
-HREF="#AEN1152"
+><A
+HREF="#AEN1158"
>Setting up printcap and print servers</A
></DT
><DT
->8.5. <A
-HREF="#AEN1180"
+><A
+HREF="#AEN1186"
>Job sent, no output</A
></DT
><DT
->8.6. <A
-HREF="#AEN1191"
+><A
+HREF="#AEN1197"
>Job sent, strange output</A
></DT
><DT
->8.7. <A
-HREF="#AEN1203"
+><A
+HREF="#AEN1209"
>Raw PostScript printed</A
></DT
><DT
->8.8. <A
-HREF="#AEN1206"
+><A
+HREF="#AEN1212"
>Advanced Printing</A
></DT
><DT
->8.9. <A
-HREF="#AEN1209"
+><A
+HREF="#AEN1215"
>Real debugging</A
></DT
></DL
></DD
><DT
->9. <A
-HREF="#SECURITY_LEVELS"
+><A
+HREF="#SECURITYLEVELS"
>Security levels</A
></DT
><DD
><DL
><DT
->9.1. <A
-HREF="#AEN1222"
+><A
+HREF="#AEN1228"
>Introduction</A
></DT
><DT
->9.2. <A
-HREF="#AEN1233"
+><A
+HREF="#AEN1239"
>More complete description of security levels</A
></DT
></DL
></DD
><DT
->10. <A
+><A
HREF="#DOMAIN-SECURITY"
>security = domain in Samba 2.x</A
></DT
><DD
><DL
><DT
->10.1. <A
-HREF="#AEN1266"
+><A
+HREF="#AEN1272"
>Joining an NT Domain with Samba 2.2</A
></DT
><DT
->10.2. <A
-HREF="#AEN1330"
+><A
+HREF="#AEN1336"
>Samba and Windows 2000 Domains</A
></DT
><DT
->10.3. <A
-HREF="#AEN1335"
+><A
+HREF="#AEN1341"
>Why is this better than security = server?</A
></DT
></DL
></DD
><DT
->11. <A
+><A
HREF="#WINBIND"
>Unified Logons between Windows NT and UNIX using Winbind</A
></DT
><DD
><DL
><DT
->11.1. <A
-HREF="#AEN1388"
+><A
+HREF="#AEN1394"
>Abstract</A
></DT
><DT
->11.2. <A
-HREF="#AEN1392"
+><A
+HREF="#AEN1398"
>Introduction</A
></DT
><DT
->11.3. <A
-HREF="#AEN1405"
+><A
+HREF="#AEN1411"
>What Winbind Provides</A
></DT
><DD
><DL
><DT
->11.3.1. <A
-HREF="#AEN1412"
+><A
+HREF="#AEN1418"
>Target Uses</A
></DT
></DL
></DD
><DT
->11.4. <A
-HREF="#AEN1416"
+><A
+HREF="#AEN1422"
>How Winbind Works</A
></DT
><DD
><DL
><DT
->11.4.1. <A
-HREF="#AEN1421"
+><A
+HREF="#AEN1427"
>Microsoft Remote Procedure Calls</A
></DT
><DT
->11.4.2. <A
-HREF="#AEN1425"
+><A
+HREF="#AEN1431"
>Name Service Switch</A
></DT
><DT
->11.4.3. <A
-HREF="#AEN1441"
+><A
+HREF="#AEN1447"
>Pluggable Authentication Modules</A
></DT
><DT
->11.4.4. <A
-HREF="#AEN1449"
+><A
+HREF="#AEN1455"
>User and Group ID Allocation</A
></DT
><DT
->11.4.5. <A
-HREF="#AEN1453"
+><A
+HREF="#AEN1459"
>Result Caching</A
></DT
></DL
></DD
><DT
->11.5. <A
-HREF="#AEN1456"
+><A
+HREF="#AEN1462"
>Installation and Configuration</A
></DT
><DD
><DL
><DT
->11.5.1. <A
-HREF="#AEN1463"
+><A
+HREF="#AEN1469"
>Introduction</A
></DT
><DT
->11.5.2. <A
-HREF="#AEN1476"
+><A
+HREF="#AEN1482"
>Requirements</A
></DT
><DT
->11.5.3. <A
-HREF="#AEN1490"
+><A
+HREF="#AEN1496"
>Testing Things Out</A
></DT
-><DD
-><DL
-><DT
->11.5.3.1. <A
-HREF="#AEN1501"
->Configure and compile SAMBA</A
-></DT
-><DT
->11.5.3.2. <A
-HREF="#AEN1520"
->Configure <TT
-CLASS="FILENAME"
->nsswitch.conf</TT
-> and the
-winbind libraries</A
-></DT
-><DT
->11.5.3.3. <A
-HREF="#AEN1553"
->Configure smb.conf</A
-></DT
-><DT
->11.5.3.4. <A
-HREF="#AEN1569"
->Join the SAMBA server to the PDC domain</A
-></DT
-><DT
->11.5.3.5. <A
-HREF="#AEN1580"
->Start up the winbindd daemon and test it!</A
-></DT
-><DT
->11.5.3.6. <A
-HREF="#AEN1616"
->Fix the init.d startup scripts</A
-></DT
-><DT
->11.5.3.7. <A
-HREF="#AEN1648"
->Configure Winbind and PAM</A
-></DT
-></DL
-></DD
></DL
></DD
><DT
->11.6. <A
-HREF="#AEN1705"
+><A
+HREF="#AEN1711"
>Limitations</A
></DT
><DT
->11.7. <A
-HREF="#AEN1715"
+><A
+HREF="#AEN1721"
>Conclusion</A
></DT
></DL
></DD
><DT
->12. <A
+><A
HREF="#SAMBA-PDC"
>How to Configure Samba 2.2 as a Primary Domain Controller</A
></DT
><DD
><DL
><DT
->12.1. <A
-HREF="#AEN1735"
+><A
+HREF="#AEN1741"
>Prerequisite Reading</A
></DT
><DT
->12.2. <A
-HREF="#AEN1741"
+><A
+HREF="#AEN1747"
>Background</A
></DT
><DT
->12.3. <A
-HREF="#AEN1780"
+><A
+HREF="#AEN1786"
>Configuring the Samba Domain Controller</A
></DT
><DT
->12.4. <A
-HREF="#AEN1823"
+><A
+HREF="#AEN1829"
>Creating Machine Trust Accounts and Joining Clients to the
Domain</A
></DT
><DD
><DL
><DT
->12.4.1. <A
-HREF="#AEN1842"
+><A
+HREF="#AEN1848"
>Manual Creation of Machine Trust Accounts</A
></DT
><DT
->12.4.2. <A
-HREF="#AEN1877"
+><A
+HREF="#AEN1883"
>"On-the-Fly" Creation of Machine Trust Accounts</A
></DT
><DT
->12.4.3. <A
-HREF="#AEN1886"
+><A
+HREF="#AEN1892"
>Joining the Client to the Domain</A
></DT
></DL
></DD
><DT
->12.5. <A
-HREF="#AEN1901"
+><A
+HREF="#AEN1907"
>Common Problems and Errors</A
></DT
><DT
->12.6. <A
-HREF="#AEN1949"
+><A
+HREF="#AEN1955"
>System Policies and Profiles</A
></DT
><DT
->12.7. <A
-HREF="#AEN1993"
+><A
+HREF="#AEN1999"
>What other help can I get?</A
></DT
><DT
->12.8. <A
-HREF="#AEN2107"
+><A
+HREF="#AEN2113"
>Domain Control for Windows 9x/ME</A
></DT
><DD
><DL
><DT
->12.8.1. <A
-HREF="#AEN2133"
+><A
+HREF="#AEN2139"
>Configuration Instructions: Network Logons</A
></DT
><DT
->12.8.2. <A
-HREF="#AEN2152"
+><A
+HREF="#AEN2158"
>Configuration Instructions: Setting up Roaming User Profiles</A
></DT
-><DD
-><DL
-><DT
->12.8.2.1. <A
-HREF="#AEN2160"
->Windows NT Configuration</A
-></DT
-><DT
->12.8.2.2. <A
-HREF="#AEN2168"
->Windows 9X Configuration</A
-></DT
-><DT
->12.8.2.3. <A
-HREF="#AEN2176"
->Win9X and WinNT Configuration</A
-></DT
-><DT
->12.8.2.4. <A
-HREF="#AEN2183"
->Windows 9X Profile Setup</A
-></DT
-><DT
->12.8.2.5. <A
-HREF="#AEN2219"
->Windows NT Workstation 4.0</A
-></DT
-><DT
->12.8.2.6. <A
-HREF="#AEN2232"
->Windows NT Server</A
-></DT
-><DT
->12.8.2.7. <A
-HREF="#AEN2235"
->Sharing Profiles between W95 and NT Workstation 4.0</A
-></DT
-></DL
-></DD
></DL
></DD
><DT
->12.9. <A
-HREF="#AEN2245"
+><A
+HREF="#AEN2251"
>DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A
></DT
></DL
></DD
><DT
->13. <A
+><A
HREF="#SAMBA-BDC"
>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
></DT
><DD
><DL
><DT
->13.1. <A
-HREF="#AEN2281"
+><A
+HREF="#AEN2287"
>Prerequisite Reading</A
></DT
><DT
->13.2. <A
-HREF="#AEN2285"
+><A
+HREF="#AEN2291"
>Background</A
></DT
><DT
->13.3. <A
-HREF="#AEN2293"
+><A
+HREF="#AEN2299"
>What qualifies a Domain Controller on the network?</A
></DT
><DD
><DL
><DT
->13.3.1. <A
-HREF="#AEN2296"
+><A
+HREF="#AEN2302"
>How does a Workstation find its domain controller?</A
></DT
><DT
->13.3.2. <A
-HREF="#AEN2299"
+><A
+HREF="#AEN2305"
>When is the PDC needed?</A
></DT
></DL
></DD
><DT
->13.4. <A
-HREF="#AEN2302"
+><A
+HREF="#AEN2308"
>Can Samba be a Backup Domain Controller?</A
></DT
><DT
->13.5. <A
-HREF="#AEN2306"
+><A
+HREF="#AEN2312"
>How do I set up a Samba BDC?</A
></DT
><DD
><DL
><DT
->13.5.1. <A
-HREF="#AEN2322"
+><A
+HREF="#AEN2329"
>How do I replicate the smbpasswd file?</A
></DT
></DL
@@ -1032,333 +931,377 @@ HREF="#AEN2322"
></DL
></DD
><DT
->14. <A
+><A
HREF="#SAMBA-LDAP-HOWTO"
>Storing Samba's User/Machine Account information in an LDAP Directory</A
></DT
><DD
><DL
><DT
->14.1. <A
-HREF="#AEN2343"
+><A
+HREF="#AEN2350"
>Purpose</A
></DT
><DT
->14.2. <A
-HREF="#AEN2363"
+><A
+HREF="#AEN2370"
>Introduction</A
></DT
><DT
->14.3. <A
-HREF="#AEN2392"
+><A
+HREF="#AEN2399"
>Supported LDAP Servers</A
></DT
><DT
->14.4. <A
-HREF="#AEN2397"
+><A
+HREF="#AEN2404"
>Schema and Relationship to the RFC 2307 posixAccount</A
></DT
><DT
->14.5. <A
-HREF="#AEN2409"
+><A
+HREF="#AEN2416"
>Configuring Samba with LDAP</A
></DT
><DD
><DL
><DT
->14.5.1. <A
-HREF="#AEN2411"
+><A
+HREF="#AEN2418"
>OpenLDAP configuration</A
></DT
><DT
->14.5.2. <A
-HREF="#AEN2428"
+><A
+HREF="#AEN2435"
>Configuring Samba</A
></DT
></DL
></DD
><DT
->14.6. <A
-HREF="#AEN2456"
+><A
+HREF="#AEN2463"
>Accounts and Groups management</A
></DT
><DT
->14.7. <A
-HREF="#AEN2461"
+><A
+HREF="#AEN2468"
>Security and sambaAccount</A
></DT
><DT
->14.8. <A
-HREF="#AEN2481"
+><A
+HREF="#AEN2488"
>LDAP specials attributes for sambaAccounts</A
></DT
><DT
->14.9. <A
-HREF="#AEN2551"
+><A
+HREF="#AEN2558"
>Example LDIF Entries for a sambaAccount</A
></DT
><DT
->14.10. <A
-HREF="#AEN2559"
+><A
+HREF="#AEN2566"
>Comments</A
></DT
></DL
></DD
><DT
->15. <A
+><A
HREF="#IMPROVED-BROWSING"
>Improved browsing in samba</A
></DT
><DD
><DL
><DT
->15.1. <A
-HREF="#AEN2570"
+><A
+HREF="#AEN2577"
>Overview of browsing</A
></DT
><DT
->15.2. <A
-HREF="#AEN2574"
+><A
+HREF="#AEN2581"
>Browsing support in samba</A
></DT
><DT
->15.3. <A
-HREF="#AEN2583"
+><A
+HREF="#AEN2590"
>Problem resolution</A
></DT
><DT
->15.4. <A
-HREF="#AEN2590"
+><A
+HREF="#AEN2597"
>Browsing across subnets</A
></DT
><DD
><DL
><DT
->15.4.1. <A
-HREF="#AEN2595"
+><A
+HREF="#AEN2602"
>How does cross subnet browsing work ?</A
></DT
></DL
></DD
><DT
->15.5. <A
-HREF="#AEN2630"
+><A
+HREF="#AEN2637"
>Setting up a WINS server</A
></DT
><DT
->15.6. <A
-HREF="#AEN2649"
+><A
+HREF="#AEN2656"
>Setting up Browsing in a WORKGROUP</A
></DT
><DT
->15.7. <A
-HREF="#AEN2667"
+><A
+HREF="#AEN2674"
>Setting up Browsing in a DOMAIN</A
></DT
><DT
->15.8. <A
-HREF="#AEN2677"
+><A
+HREF="#AEN2684"
>Forcing samba to be the master</A
></DT
><DT
->15.9. <A
-HREF="#AEN2686"
+><A
+HREF="#AEN2693"
>Making samba the domain master</A
></DT
><DT
->15.10. <A
-HREF="#AEN2704"
+><A
+HREF="#AEN2711"
>Note about broadcast addresses</A
></DT
><DT
->15.11. <A
-HREF="#AEN2707"
+><A
+HREF="#AEN2714"
>Multiple interfaces</A
></DT
></DL
></DD
><DT
->16. <A
+><A
HREF="#SPEED"
>Samba performance issues</A
></DT
><DD
><DL
><DT
->16.1. <A
-HREF="#AEN2725"
+><A
+HREF="#AEN2732"
>Comparisons</A
></DT
><DT
->16.2. <A
-HREF="#AEN2731"
+><A
+HREF="#AEN2738"
>Oplocks</A
></DT
><DD
><DL
><DT
->16.2.1. <A
-HREF="#AEN2733"
+><A
+HREF="#AEN2740"
>Overview</A
></DT
><DT
->16.2.2. <A
-HREF="#AEN2741"
+><A
+HREF="#AEN2748"
>Level2 Oplocks</A
></DT
><DT
->16.2.3. <A
-HREF="#AEN2747"
+><A
+HREF="#AEN2754"
>Old 'fake oplocks' option - deprecated</A
></DT
></DL
></DD
><DT
->16.3. <A
-HREF="#AEN2751"
+><A
+HREF="#AEN2758"
>Socket options</A
></DT
><DT
->16.4. <A
-HREF="#AEN2758"
+><A
+HREF="#AEN2765"
>Read size</A
></DT
><DT
->16.5. <A
-HREF="#AEN2763"
+><A
+HREF="#AEN2770"
>Max xmit</A
></DT
><DT
->16.6. <A
-HREF="#AEN2768"
+><A
+HREF="#AEN2775"
>Locking</A
></DT
><DT
->16.7. <A
-HREF="#AEN2772"
+><A
+HREF="#AEN2779"
>Share modes</A
></DT
><DT
->16.8. <A
-HREF="#AEN2777"
+><A
+HREF="#AEN2784"
>Log level</A
></DT
><DT
->16.9. <A
-HREF="#AEN2780"
+><A
+HREF="#AEN2787"
>Wide lines</A
></DT
><DT
->16.10. <A
-HREF="#AEN2783"
+><A
+HREF="#AEN2790"
>Read raw</A
></DT
><DT
->16.11. <A
-HREF="#AEN2788"
+><A
+HREF="#AEN2795"
>Write raw</A
></DT
><DT
->16.12. <A
-HREF="#AEN2792"
+><A
+HREF="#AEN2799"
>Read prediction</A
></DT
><DT
->16.13. <A
-HREF="#AEN2799"
+><A
+HREF="#AEN2806"
>Memory mapping</A
></DT
><DT
->16.14. <A
-HREF="#AEN2804"
+><A
+HREF="#AEN2811"
>Slow Clients</A
></DT
><DT
->16.15. <A
-HREF="#AEN2808"
+><A
+HREF="#AEN2815"
>Slow Logins</A
></DT
><DT
->16.16. <A
-HREF="#AEN2811"
+><A
+HREF="#AEN2818"
>Client tuning</A
></DT
><DT
->16.17. <A
-HREF="#AEN2843"
+><A
+HREF="#AEN2850"
>My Results</A
></DT
></DL
></DD
><DT
->17. <A
-HREF="#OS2"
->OS2 Client HOWTO</A
+><A
+HREF="#OTHER-CLIENTS"
+>Samba and other CIFS clients</A
></DT
><DD
><DL
><DT
->17.1. <A
-HREF="#AEN2860"
->FAQs</A
+><A
+HREF="#AEN2871"
+>Macintosh clients?</A
+></DT
+><DT
+><A
+HREF="#AEN2880"
+>OS2 Client</A
></DT
><DD
><DL
><DT
->17.1.1. <A
-HREF="#AEN2862"
+><A
+HREF="#AEN2882"
>How can I configure OS/2 Warp Connect or
OS/2 Warp 4 as a client for Samba?</A
></DT
><DT
->17.1.2. <A
-HREF="#AEN2877"
+><A
+HREF="#AEN2897"
>How can I configure OS/2 Warp 3 (not Connect),
OS/2 1.2, 1.3 or 2.x for Samba?</A
></DT
><DT
->17.1.3. <A
-HREF="#AEN2886"
+><A
+HREF="#AEN2906"
>Are there any other issues when OS/2 (any version)
is used as a client?</A
></DT
><DT
->17.1.4. <A
-HREF="#AEN2890"
+><A
+HREF="#AEN2910"
>How do I get printer driver download working
for OS/2 clients?</A
></DT
></DL
></DD
+><DT
+><A
+HREF="#AEN2920"
+>Windows for Workgroups</A
+></DT
+><DD
+><DL
+><DT
+><A
+HREF="#AEN2922"
+>Use latest TCP/IP stack from Microsoft</A
+></DT
+><DT
+><A
+HREF="#AEN2927"
+>Delete .pwl files after password change</A
+></DT
+><DT
+><A
+HREF="#AEN2932"
+>Configure WfW password handling</A
+></DT
+><DT
+><A
+HREF="#AEN2936"
+>Case handling of passwords</A
+></DT
+></DL
+></DD
+><DT
+><A
+HREF="#AEN2941"
+>Windows '95/'98</A
+></DT
+><DT
+><A
+HREF="#AEN2957"
+>Windows 2000 Service Pack 2</A
+></DT
></DL
></DD
><DT
->18. <A
+><A
HREF="#CVS-ACCESS"
>HOWTO Access Samba source code via CVS</A
></DT
><DD
><DL
><DT
->18.1. <A
-HREF="#AEN2906"
+><A
+HREF="#AEN2981"
>Introduction</A
></DT
><DT
->18.2. <A
-HREF="#AEN2911"
+><A
+HREF="#AEN2986"
>CVS Access to samba.org</A
></DT
><DD
><DL
><DT
->18.2.1. <A
-HREF="#AEN2914"
+><A
+HREF="#AEN2989"
>Access via CVSweb</A
></DT
><DT
->18.2.2. <A
-HREF="#AEN2919"
+><A
+HREF="#AEN2994"
>Access via cvs</A
></DT
></DL
@@ -1366,66 +1309,86 @@ HREF="#AEN2919"
></DL
></DD
><DT
->19. <A
+><A
HREF="#BUGREPORT"
>Reporting Bugs</A
></DT
><DD
><DL
><DT
->19.1. <A
-HREF="#AEN2954"
+><A
+HREF="#AEN3029"
>Introduction</A
></DT
><DT
->19.2. <A
-HREF="#AEN2961"
+><A
+HREF="#AEN3036"
>General info</A
></DT
><DT
->19.3. <A
-HREF="#AEN2967"
+><A
+HREF="#AEN3042"
>Debug levels</A
></DT
><DT
->19.4. <A
-HREF="#AEN2984"
+><A
+HREF="#AEN3059"
>Internal errors</A
></DT
><DT
->19.5. <A
-HREF="#AEN2994"
+><A
+HREF="#AEN3069"
>Attaching to a running process</A
></DT
><DT
->19.6. <A
-HREF="#AEN2997"
+><A
+HREF="#AEN3072"
>Patches</A
></DT
></DL
></DD
><DT
><A
-HREF="#AEN3002"
->Index</A
+HREF="#GROUPMAPPING"
+>Group mapping HOWTO</A
+></DT
+><DT
+><A
+HREF="#PORTABILITY"
+>Portability</A
+></DT
+><DD
+><DL
+><DT
+><A
+HREF="#AEN3119"
+>HPUX</A
+></DT
+><DT
+><A
+HREF="#AEN3124"
+>SCO Unix</A
+></DT
+><DT
+><A
+HREF="#AEN3128"
+>DNIX</A
></DT
></DL
+></DD
+></DL
></DIV
><DIV
CLASS="CHAPTER"
><HR><H1
><A
-NAME="INSTALL"
->Chapter 1. How to Install and Test SAMBA</A
-></H1
+NAME="INSTALL">How to Install and Test SAMBA</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN20"
->1.1. Step 0: Read the man pages</A
-></H1
+NAME="AEN20">Step 0: Read the man pages</H2
><P
>The man pages distributed with SAMBA contain
lots of useful info that will help to get you started.
@@ -1452,12 +1415,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN28"
->1.2. Step 1: Building the Binaries</A
-></H1
+NAME="AEN28">Step 1: Building the Binaries</H2
><P
>To do this, first run the program <B
CLASS="COMMAND"
@@ -1551,12 +1512,10 @@ CLASS="USERINPUT"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN56"
->1.3. Step 2: The all important step</A
-></H1
+NAME="AEN56">Step 2: The all important step</H2
><P
>At this stage you must fetch yourself a
coffee or other drink you find stimulating. Getting the rest
@@ -1568,12 +1527,10 @@ NAME="AEN56"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN60"
->1.4. Step 3: Create the smb configuration file.</A
-></H1
+NAME="AEN60">Step 3: Create the smb configuration file.</H2
><P
>There are sample configuration files in the examples
subdirectory in the distribution. I suggest you read them
@@ -1633,16 +1590,14 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN74"
->1.5. Step 4: Test your config file with
+NAME="AEN74">Step 4: Test your config file with
<B
CLASS="COMMAND"
>testparm</B
-></A
-></H1
+></H2
><P
>It's important that you test the validity of your
<TT
@@ -1657,12 +1612,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN80"
->1.6. Step 5: Starting the smbd and nmbd</A
-></H1
+NAME="AEN80">Step 5: Starting the smbd and nmbd</H2
><P
>You must choose to start smbd and nmbd either
as daemons or from <B
@@ -1697,12 +1650,10 @@ CLASS="COMMAND"
request.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN90"
->1.6.1. Step 5a: Starting from inetd.conf</A
-></H2
+NAME="AEN90">Step 5a: Starting from inetd.conf</H3
><P
>NOTE; The following will be different if
you use NIS or NIS+ to distributed services maps.</P
@@ -1810,12 +1761,10 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN119"
->1.6.2. Step 5b. Alternative: starting it as a daemon</A
-></H2
+NAME="AEN119">Step 5b. Alternative: starting it as a daemon</H3
><P
>To start the server as a daemon you should create
a script something like this one, perhaps calling
@@ -1876,13 +1825,11 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN135"
->1.7. Step 6: Try listing the shares available on your
- server</A
-></H1
+NAME="AEN135">Step 6: Try listing the shares available on your
+ server</H2
><P
><TT
CLASS="PROMPT"
@@ -1917,12 +1864,10 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN144"
->1.8. Step 7: Try connecting with the unix client</A
-></H1
+NAME="AEN144">Step 7: Try connecting with the unix client</H2
><P
><TT
CLASS="PROMPT"
@@ -1980,13 +1925,11 @@ CLASS="USERINPUT"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN160"
->1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT,
- Win2k, OS/2, etc... client</A
-></H1
+NAME="AEN160">Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT,
+ Win2k, OS/2, etc... client</H2
><P
>Try mounting disks. eg:</P
><P
@@ -2029,12 +1972,10 @@ CLASS="USERINPUT"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN174"
->1.10. What If Things Don't Work?</A
-></H1
+NAME="AEN174">What If Things Don't Work?</H2
><P
>If nothing works and you start to think "who wrote
this pile of trash" then I suggest you do step 2 again (and
@@ -2052,12 +1993,10 @@ NAME="AEN174"
easier. </P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN179"
->1.10.1. Diagnosing Problems</A
-></H2
+NAME="AEN179">Diagnosing Problems</H3
><P
>If you have installation problems then go to
<TT
@@ -2068,12 +2007,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN183"
->1.10.2. Scope IDs</A
-></H2
+NAME="AEN183">Scope IDs</H3
><P
>By default Samba uses a blank scope ID. This means
all your windows boxes must also have a blank scope ID.
@@ -2084,12 +2021,10 @@ NAME="AEN183"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN186"
->1.10.3. Choosing the Protocol Level</A
-></H2
+NAME="AEN186">Choosing the Protocol Level</H3
><P
>The SMB protocol has many dialects. Currently
Samba supports 5, called CORE, COREPLUS, LANMAN1,
@@ -2125,30 +2060,29 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN195"
->1.10.4. Printing from UNIX to a Client PC</A
-></H2
+NAME="AEN195">Printing from UNIX to a Client PC</H3
><P
>To use a printer that is available via a smb-based
- server from a unix host you will need to compile the
+ server from a unix host with LPR you will need to compile the
smbclient program. You then need to install the script
"smbprint". Read the instruction in smbprint for more details.
</P
><P
>There is also a SYSV style script that does much
the same thing called smbprint.sysv. It contains instructions.</P
+><P
+>See the CUPS manual for information about setting up
+ printing from a unix host with CUPS to a smb-based server. </P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN199"
->1.10.5. Locking</A
-></H2
+NAME="AEN200">Locking</H3
><P
>One area which sometimes causes trouble is locking.</P
><P
@@ -2203,12 +2137,10 @@ NAME="AEN199"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN208"
->1.10.6. Mapping Usernames</A
-></H2
+NAME="AEN209">Mapping Usernames</H3
><P
>If you have different usernames on the PCs and
the unix server then take a look at the "username map" option.
@@ -2220,17 +2152,13 @@ NAME="AEN208"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="DIAGNOSIS"
->Chapter 2. Diagnosing your samba server</A
-></H1
+NAME="DIAGNOSIS">Diagnosing your samba server</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN222"
->2.1. Introduction</A
-></H1
+NAME="AEN223">Introduction</H2
><P
>This file contains a list of tests you can perform to validate your
Samba server. It also tells you what the likely cause of the problem
@@ -2247,12 +2175,10 @@ ignore your email.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN227"
->2.2. Assumptions</A
-></H1
+NAME="AEN228">Assumptions</H2
><P
>In all of the tests I assume you have a Samba server called BIGSERVER
and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
@@ -2297,20 +2223,16 @@ best way to check this is with "testparm smb.conf"</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN237"
->2.3. Tests</A
-></H1
+NAME="AEN238">Tests</H2
><DIV
CLASS="SECT2"
-><H2
+><H3
CLASS="SECT2"
><A
-NAME="AEN239"
->2.3.1. Test 1</A
-></H2
+NAME="AEN240">Test 1</H3
><P
>In the directory in which you store your smb.conf file, run the command
"testparm smb.conf". If it reports any errors then your smb.conf
@@ -2327,12 +2249,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN245"
->2.3.2. Test 2</A
-></H2
+NAME="AEN246">Test 2</H3
><P
>Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
the unix box. If you don't get a valid response then your TCP/IP
@@ -2353,12 +2273,10 @@ this is done via the ipfwadm program.)</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN251"
->2.3.3. Test 3</A
-></H2
+NAME="AEN252">Test 3</H3
><P
>Run the command "smbclient -L BIGSERVER" on the unix box. You
should get a list of available shares back. </P
@@ -2442,12 +2360,10 @@ correct and that Samba has correctly noted these in the log.nmb file.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN266"
->2.3.4. Test 4</A
-></H2
+NAME="AEN267">Test 4</H3
><P
>Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
IP address of your Samba server back.</P
@@ -2463,12 +2379,10 @@ inetd.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN271"
->2.3.5. Test 5</A
-></H2
+NAME="AEN272">Test 5</H3
><P
>run the command <B
CLASS="COMMAND"
@@ -2484,12 +2398,10 @@ client in the above test.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN277"
->2.3.6. Test 6</A
-></H2
+NAME="AEN278">Test 6</H3
><P
>Run the command <B
CLASS="COMMAND"
@@ -2518,12 +2430,10 @@ not correct. (Refer to TEST 3 notes above).</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN285"
->2.3.7. Test 7</A
-></H2
+NAME="AEN286">Test 7</H3
><P
>Run the command <B
CLASS="COMMAND"
@@ -2607,12 +2517,10 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN311"
->2.3.8. Test 8</A
-></H2
+NAME="AEN312">Test 8</H3
><P
>On the PC type the command <B
CLASS="COMMAND"
@@ -2667,12 +2575,10 @@ the hosts.allow file for your client (or subnet, etc.)</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN328"
->2.3.9. Test 9</A
-></H2
+NAME="AEN329">Test 9</H3
><P
>Run the command <B
CLASS="COMMAND"
@@ -2691,12 +2597,10 @@ fixes things you may need the username mapping option.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN333"
->2.3.10. Test 10</A
-></H2
+NAME="AEN334">Test 10</H3
><P
>Run the command <B
CLASS="COMMAND"
@@ -2717,12 +2621,10 @@ an election is held at startup.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN339"
->2.3.11. Test 11</A
-></H2
+NAME="AEN340">Test 11</H3
><P
>From file manager try to browse the server. Your samba server should
appear in the browse list of your local workgroup (or the one you
@@ -2745,12 +2647,10 @@ for encrypted passwords (refer to the Makefile).</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN344"
->2.4. Still having troubles?</A
-></H1
+NAME="AEN345">Still having troubles?</H2
><P
>Try the mailing list or newsgroup, or use the ethereal utility to
sniff the problem. The official samba mailing list can be reached at
@@ -2774,17 +2674,13 @@ TARGET="_top"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="INTEGRATE-MS-NETWORKS"
->Chapter 3. Integrating MS Windows networks with Samba</A
-></H1
+NAME="INTEGRATE-MS-NETWORKS">Integrating MS Windows networks with Samba</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN361"
->3.1. Agenda</A
-></H1
+NAME="AEN362">Agenda</H2
><P
>To identify the key functional mechanisms of MS Windows networking
to enable the deployment of Samba as a means of extending and/or
@@ -2846,12 +2742,10 @@ TYPE="a"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN383"
->3.2. Name Resolution in a pure Unix/Linux world</A
-></H1
+NAME="AEN384">Name Resolution in a pure Unix/Linux world</H2
><P
>The key configuration files covered in this section are:</P
><P
@@ -2888,15 +2782,13 @@ CLASS="FILENAME"
></UL
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN399"
->3.2.1. <TT
+NAME="AEN400"><TT
CLASS="FILENAME"
>/etc/hosts</TT
-></A
-></H2
+></H3
><P
>Contains a static list of IP Addresses and names.
eg:</P
@@ -2978,15 +2870,13 @@ becomes available.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN415"
->3.2.2. <TT
+NAME="AEN416"><TT
CLASS="FILENAME"
>/etc/resolv.conf</TT
-></A
-></H2
+></H3
><P
>This file tells the name resolution libraries:</P
><P
@@ -3016,15 +2906,13 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN426"
->3.2.3. <TT
+NAME="AEN427"><TT
CLASS="FILENAME"
>/etc/host.conf</TT
-></A
-></H2
+></H3
><P
><TT
CLASS="FILENAME"
@@ -3054,15 +2942,13 @@ man page for host.conf for further details.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN434"
->3.2.4. <TT
+NAME="AEN435"><TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
-></A
-></H2
+></H3
><P
>This file controls the actual name resolution targets. The
file typically has resolver object specifications as follows:</P
@@ -3132,12 +3018,10 @@ which both the samba machine and the MS Windows machine belong.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN446"
->3.3. Name resolution as used within MS Windows networking</A
-></H1
+NAME="AEN447">Name resolution as used within MS Windows networking</H2
><P
>MS Windows networking is predicated about the name each machine
is given. This name is known variously (and inconsistently) as
@@ -3226,12 +3110,10 @@ Since we are primarily concerned with TCP/IP this demonstration is
limited to this area.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN458"
->3.3.1. The NetBIOS Name Cache</A
-></H2
+NAME="AEN459">The NetBIOS Name Cache</H3
><P
>All MS Windows machines employ an in memory buffer in which is
stored the NetBIOS names and IP addresses for all external
@@ -3253,12 +3135,10 @@ is called "nmblookup".</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN463"
->3.3.2. The LMHOSTS file</A
-></H2
+NAME="AEN464">The LMHOSTS file</H3
><P
>This file is usually located in MS Windows NT 4.0 or
2000 in <TT
@@ -3365,12 +3245,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN471"
->3.3.3. HOSTS file</A
-></H2
+NAME="AEN472">HOSTS file</H3
><P
>This file is usually located in MS Windows NT 4.0 or 2000 in
<TT
@@ -3387,12 +3265,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN476"
->3.3.4. DNS Lookup</A
-></H2
+NAME="AEN477">DNS Lookup</H3
><P
>This capability is configured in the TCP/IP setup area in the network
configuration facility. If enabled an elaborate name resolution sequence
@@ -3407,12 +3283,10 @@ lookup is used.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN479"
->3.3.5. WINS Lookup</A
-></H2
+NAME="AEN480">WINS Lookup</H3
><P
>A WINS (Windows Internet Name Server) service is the equivaent of the
rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores
@@ -3468,13 +3342,11 @@ of the WINS server.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN491"
->3.4. How browsing functions and how to deploy stable and
-dependable browsing using Samba</A
-></H1
+NAME="AEN492">How browsing functions and how to deploy stable and
+dependable browsing using Samba</H2
><P
>As stated above, MS Windows machines register their NetBIOS names
(i.e.: the machine name for each service type in operation) on start
@@ -3535,13 +3407,11 @@ and so on.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN501"
->3.5. MS Windows security options and how to configure
-Samba for seemless integration</A
-></H1
+NAME="AEN502">MS Windows security options and how to configure
+Samba for seemless integration</H2
><P
>MS Windows clients may use encrypted passwords as part of a
challenege/response authentication model (a.k.a. NTLMv1) or
@@ -3657,8 +3527,9 @@ CLASS="PARAMETER"
>password level</I
></TT
> must be set to the maximum
-number of upper case letter which <EM
->could</EM
+number of upper case letter which <I
+CLASS="EMPHASIS"
+>could</I
> appear
is a password. Note that is the server OS uses the traditional
DES version of crypt(), then a <TT
@@ -3677,12 +3548,10 @@ where ever Samba is used. There are three configuration possibilities
for support of encrypted passwords:</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN529"
->3.5.1. Use MS Windows NT as an authentication server</A
-></H2
+NAME="AEN530">Use MS Windows NT as an authentication server</H3
><P
>This method involves the additions of the following parameters
in the smb.conf file:</P
@@ -3722,12 +3591,10 @@ to prevent logons by other than MS Windows clients.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN537"
->3.5.2. Make Samba a member of an MS Windows NT security domain</A
-></H2
+NAME="AEN538">Make Samba a member of an MS Windows NT security domain</H3
><P
>This method involves additon of the following paramters in the smb.conf file:</P
><P
@@ -3794,12 +3661,10 @@ this HOWTO collection.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN554"
->3.5.3. Configure Samba as an authentication server</A
-></H2
+NAME="AEN555">Configure Samba as an authentication server</H3
><P
>This mode of authentication demands that there be on the
Unix/Linux system both a Unix style account as well as an
@@ -3840,12 +3705,10 @@ to be created for each user, as well as for each MS Windows NT/2000
machine. The following structure is required.</P
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN561"
->3.5.3.1. Users</A
-></H3
+NAME="AEN562">Users</H4
><P
>A user account that may provide a home directory should be
created. The following Linux system commands are typical of
@@ -3872,12 +3735,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN566"
->3.5.3.2. MS Windows NT Machine Accounts</A
-></H3
+NAME="AEN567">MS Windows NT Machine Accounts</H4
><P
>These are required only when Samba is used as a domain
controller. Refer to the Samba-PDC-HOWTO for more details.</P
@@ -3902,12 +3763,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN571"
->3.6. Conclusions</A
-></H1
+NAME="AEN572">Conclusions</H2
><P
>Samba provides a flexible means to operate as...</P
><P
@@ -3941,18 +3800,14 @@ NAME="AEN571"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="PAM"
->Chapter 4. Configuring PAM for distributed but centrally
-managed authentication</A
-></H1
+NAME="PAM">Configuring PAM for distributed but centrally
+managed authentication</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN592"
->4.1. Samba and PAM</A
-></H1
+NAME="AEN593">Samba and PAM</H2
><P
>A number of Unix systems (eg: Sun Solaris), as well as the
xxxxBSD family and Linux, now utilize the Pluggable Authentication
@@ -4187,7 +4042,7 @@ password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.
></P
><P
>Note: PAM allows stacking of authentication mechanisms. It is
-also possible to pass information obtained within on PAM module through
+also possible to pass information obtained within one PAM module through
to the next module in the PAM stack. Please refer to the documentation for
your particular system implementation for details regarding the specific
capabilities of PAM in this environment. Some Linux implmentations also
@@ -4206,12 +4061,10 @@ PAM documentation for further helpful information.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN636"
->4.2. Distributed Authentication</A
-></H1
+NAME="AEN637">Distributed Authentication</H2
><P
>The astute administrator will realize from this that the
combination of <TT
@@ -4239,12 +4092,10 @@ reduction of wide area network authentication traffic.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN643"
->4.3. PAM Configuration in smb.conf</A
-></H1
+NAME="AEN644">PAM Configuration in smb.conf</H2
><P
>There is an option in smb.conf called <A
HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
@@ -4282,17 +4133,13 @@ CLASS="COMMAND"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="MSDFS"
->Chapter 5. Hosting a Microsoft Distributed File System tree on Samba</A
-></H1
+NAME="MSDFS">Hosting a Microsoft Distributed File System tree on Samba</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN663"
->5.1. Instructions</A
-></H1
+NAME="AEN664">Instructions</H2
><P
>The Distributed File System (or Dfs) provides a means of
separating the logical view of files and directories that users
@@ -4444,12 +4291,10 @@ CLASS="USERINPUT"
takes users directly to the appropriate shares on the network.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN698"
->5.1.1. Notes</A
-></H2
+NAME="AEN699">Notes</H3
><P
></P
><UL
@@ -4480,18 +4325,14 @@ NAME="AEN698"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="UNIX-PERMISSIONS"
->Chapter 6. UNIX Permission Bits and Windows NT Access Control Lists</A
-></H1
+NAME="UNIX-PERMISSIONS">UNIX Permission Bits and Windows NT Access Control Lists</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN718"
->6.1. Viewing and changing UNIX permissions using the NT
- security dialogs</A
-></H1
+NAME="AEN719">Viewing and changing UNIX permissions using the NT
+ security dialogs</H2
><P
>New in the Samba 2.0.4 release is the ability for Windows
NT clients to use their native security settings dialog box to
@@ -4524,34 +4365,38 @@ CLASS="CONSTANT"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN727"
->6.2. How to view file security on a Samba share</A
-></H1
+NAME="AEN728">How to view file security on a Samba share</H2
><P
>From an NT 4.0 client, single-click with the right
mouse button on any file or directory in a Samba mounted
drive letter or UNC path. When the menu pops-up, click
- on the <EM
->Properties</EM
+ on the <I
+CLASS="EMPHASIS"
+>Properties</I
> entry at the bottom of
the menu. This brings up the normal file properties dialog
box, but with Samba 2.0.4 this will have a new tab along the top
- marked <EM
->Security</EM
+ marked <I
+CLASS="EMPHASIS"
+>Security</I
>. Click on this tab and you
- will see three buttons, <EM
->Permissions</EM
+ will see three buttons, <I
+CLASS="EMPHASIS"
+>Permissions</I
>,
- <EM
->Auditing</EM
->, and <EM
->Ownership</EM
+ <I
+CLASS="EMPHASIS"
+>Auditing</I
+>, and <I
+CLASS="EMPHASIS"
+>Ownership</I
>.
- The <EM
->Auditing</EM
+ The <I
+CLASS="EMPHASIS"
+>Auditing</I
> button will cause either
an error message <SPAN
CLASS="ERRORNAME"
@@ -4570,12 +4415,10 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN738"
->6.3. Viewing file ownership</A
-></H1
+NAME="AEN739">Viewing file ownership</H2
><P
>Clicking on the <B
CLASS="COMMAND"
@@ -4637,8 +4480,9 @@ CLASS="COMMAND"
it will display a dialog box complaining that the user you are
currently logged onto the NT client cannot be found). The reason
for this is that changing the ownership of a file is a privileged
- operation in UNIX, available only to the <EM
->root</EM
+ operation in UNIX, available only to the <I
+CLASS="EMPHASIS"
+>root</I
>
user. As clicking on this button causes NT to attempt to change
the ownership of a file to the current user logged into the NT
@@ -4648,20 +4492,19 @@ CLASS="COMMAND"
and allow a user with Administrator privilege connected
to a Samba 2.0.4 server as root to change the ownership of
files on both a local NTFS filesystem or remote mounted NTFS
- or Samba drive. This is available as part of the <EM
+ or Samba drive. This is available as part of the <I
+CLASS="EMPHASIS"
>Seclib
- </EM
+ </I
> NT security library written by Jeremy Allison of
the Samba Team, available from the main Samba ftp site.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN758"
->6.4. Viewing file or directory permissions</A
-></H1
+NAME="AEN759">Viewing file or directory permissions</H2
><P
>The third button is the <B
CLASS="COMMAND"
@@ -4718,12 +4561,10 @@ CLASS="COMMAND"
are displayed first.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN773"
->6.4.1. File Permissions</A
-></H2
+NAME="AEN774">File Permissions</H3
><P
>The standard UNIX user/group/world triple and
the corresponding "read", "write", "execute" permissions
@@ -4780,12 +4621,10 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN787"
->6.4.2. Directory Permissions</A
-></H2
+NAME="AEN788">Directory Permissions</H3
><P
>Directories on an NT NTFS file system have two
different sets of permissions. The first set of permissions
@@ -4812,12 +4651,10 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN794"
->6.5. Modifying file or directory permissions</A
-></H1
+NAME="AEN795">Modifying file or directory permissions</H2
><P
>Modifying file and directory permissions is as simple
as changing the displayed permissions in the dialog box, and
@@ -4910,13 +4747,11 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN816"
->6.6. Interaction with the standard Samba create mask
- parameters</A
-></H1
+NAME="AEN817">Interaction with the standard Samba create mask
+ parameters</H2
><P
>Note that with Samba 2.0.5 there are four new parameters
to control this interaction. These are :</P
@@ -4975,8 +4810,9 @@ CLASS="PARAMETER"
>security mask</I
></TT
>
- mask may be treated as a set of bits the user is <EM
->not</EM
+ mask may be treated as a set of bits the user is <I
+CLASS="EMPHASIS"
+>not</I
>
allowed to change, and one bits are those the user is allowed to change.
</P
@@ -5183,13 +5019,11 @@ CLASS="PARAMETER"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN880"
->6.7. Interaction with the standard Samba file attribute
- mapping</A
-></H1
+NAME="AEN881">Interaction with the standard Samba file attribute
+ mapping</H2
><P
>Samba maps some of the DOS attribute bits (such as "read
only") into the UNIX permissions of a file. This means there can
@@ -5233,17 +5067,13 @@ CLASS="COMMAND"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="PRINTING"
->Chapter 7. Printing Support in Samba 2.2.x</A
-></H1
+NAME="PRINTING">Printing Support in Samba 2.2.x</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN901"
->7.1. Introduction</A
-></H1
+NAME="AEN902">Introduction</H2
><P
>Beginning with the 2.2.0 release, Samba supports
the native Windows NT printing mechanisms implemented via
@@ -5309,9 +5139,10 @@ As a side note, Samba does not use these drivers in any way to process
spooled files. They are utilized entirely by the clients.</P
><P
>The following MS KB article, may be of some help if you are dealing with
-Windows 2000 clients: <EM
+Windows 2000 clients: <I
+CLASS="EMPHASIS"
>How to Add Printers with No User
-Interaction in Windows 2000</EM
+Interaction in Windows 2000</I
></P
><P
><A
@@ -5322,30 +5153,40 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN923"
->7.2. Configuration</A
-></H1
+NAME="AEN924">Configuration</H2
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
-BORDER="1"
WIDTH="100%"
+BORDER="0"
><TR
><TD
+WIDTH="25"
ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TH
+ALIGN="LEFT"
+VALIGN="CENTER"
><B
>[print$] vs. [printer$]</B
-></TD
+></TH
></TR
><TR
><TD
+> </TD
+><TD
ALIGN="LEFT"
+VALIGN="TOP"
><P
>Previous versions of Samba recommended using a share named [printer$].
This name was taken from the printer$ service created by Windows 9x
@@ -5377,7 +5218,7 @@ CLASS="PARAMETER"
>printer driver
file</I
></TT
-> parameter, are being depreciated and should not
+> parameter, are being deprecated and should not
be used in new installations. For more information on this change,
you should refer to the <A
HREF="#MIGRATION"
@@ -5390,12 +5231,10 @@ of this document.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN934"
->7.2.1. Creating [print$]</A
-></H2
+NAME="AEN935">Creating [print$]</H3
><P
>In order to support the uploading of printer driver
files, you must first configure a file share named [print$].
@@ -5471,11 +5310,35 @@ site is configured. If users will be guaranteed to have
an account on the Samba host, then this is a non-issue.</P
><DIV
CLASS="NOTE"
-><BLOCKQUOTE
-CLASS="NOTE"
><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TH
+ALIGN="LEFT"
+VALIGN="CENTER"
><B
->Author's Note: </B
+>Author's Note</B
+></TH
+></TR
+><TR
+><TD
+> </TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
>The non-issue is that if all your Windows NT users are guaranteed to be
authenticated by the Samba server (such as a domain member server and the NT
user has already been validated by the Domain Controller in
@@ -5493,7 +5356,9 @@ CLASS="COMMAND"
> in the [global] section as well. Make sure
you understand what this parameter does before using it
though. --jerry</P
-></BLOCKQUOTE
+></TD
+></TR
+></TABLE
></DIV
><P
>In order for a Windows NT print server to support
@@ -5529,18 +5394,30 @@ CLASS="WARNING"
></P
><TABLE
CLASS="WARNING"
-BORDER="1"
WIDTH="100%"
+BORDER="0"
><TR
><TD
+WIDTH="25"
ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TH
+ALIGN="LEFT"
+VALIGN="CENTER"
><B
>ATTENTION! REQUIRED PERMISSIONS</B
-></TD
+></TH
></TR
><TR
><TD
+> </TD
+><TD
ALIGN="LEFT"
+VALIGN="TOP"
><P
>In order to currently add a new driver to you Samba host,
one of two conditions must hold true:</P
@@ -5593,18 +5470,17 @@ that matches the printer shares defined on your Samba host.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN969"
->7.2.2. Setting Drivers for Existing Printers</A
-></H2
+NAME="AEN970">Setting Drivers for Existing Printers</H3
><P
>The initial listing of printers in the Samba host's
Printers folder will have no real printer driver assigned
to them. By default, in Samba 2.2.0 this driver name was set to
-<EM
->NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</EM
+<I
+CLASS="EMPHASIS"
+>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</I
>.
Later versions changed this to a NULL string to allow the use
tof the local Add Printer Wizard on NT/2000 clients.
@@ -5612,15 +5488,16 @@ Attempting to view the printer properties for a printer
which has this default driver assigned will result in
the error message:</P
><P
-><EM
+><I
+CLASS="EMPHASIS"
>Device settings cannot be displayed. The driver
for the specified printer is not installed, only spooler
properties will be displayed. Do you want to install the
-driver now?</EM
+driver now?</I
></P
><P
>Click "No" in the error dialog and you will be presented with
-the printer properties window. The way assign a driver to a
+the printer properties window. The way to assign a driver to a
printer is to either</P
><P
></P
@@ -5665,12 +5542,10 @@ permissions to the "Everyone" well-known group.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN986"
->7.2.3. Support a large number of printers</A
-></H2
+NAME="AEN987">Support a large number of printers</H3
><P
>One issue that has arisen during the development
phase of Samba 2.2 is the need to support driver downloads for
@@ -5740,12 +5615,10 @@ Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN997"
->7.2.4. Adding New Printers via the Windows NT APW</A
-></H2
+NAME="AEN998">Adding New Printers via the Windows NT APW</H3
><P
>By default, Samba offers all printer shares defined in <TT
CLASS="FILENAME"
@@ -5831,7 +5704,7 @@ CLASS="PARAMETER"
> is executed under the context
of the connected user, not necessarily a root account.</P
><P
->There is a complementing <A
+>There is a complementary <A
HREF="smb.conf.5.html#DELETEPRINTERCOMMAND"
TARGET="_top"
><TT
@@ -5843,15 +5716,85 @@ printer command</I
></A
> for removing entries from the "Printers..."
folder.</P
+><P
+>The following is an example <A
+HREF="smb.conf.5.html#ADDPRINTERCOMMAN"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>add printer command</I
+></TT
+></A
+> script. It adds the appropriate entries to <TT
+CLASS="FILENAME"
+>/etc/printcap.local</TT
+> (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work.</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#!/bin/sh
+
+# Script to insert a new printer entry into printcap.local
+#
+# $1, printer name, used as the descriptive name
+# $2, share name, used as the printer name for Linux
+# $3, port name
+# $4, driver name
+# $5, location, used for the device file of the printer
+# $6, win9x location
+
+#
+# Make sure we use the location that RedHat uses for local printer defs
+PRINTCAP=/etc/printcap.local
+DATE=`date +%Y%m%d-%H%M%S`
+LP=lp
+RESTART="service lpd restart"
+
+# Keep a copy
+cp $PRINTCAP $PRINTCAP.$DATE
+# Add the printer to $PRINTCAP
+echo "" >> $PRINTCAP
+echo "$2|$1:\\" >> $PRINTCAP
+echo " :sd=/var/spool/lpd/$2:\\" >> $PRINTCAP
+echo " :mx=0:ml=0:sh:\\" >> $PRINTCAP
+echo " :lp=/usr/local/samba/var/print/$5.prn:" >> $PRINTCAP
+
+touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
+chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
+
+mkdir /var/spool/lpd/$2
+chmod 700 /var/spool/lpd/$2
+chown $LP /var/spool/lpd/$2
+#echo $1 >> "/usr/local/samba/var/print/$5.prn"
+#echo $2 >> "/usr/local/samba/var/print/$5.prn"
+#echo $3 >> "/usr/local/samba/var/print/$5.prn"
+#echo $4 >> "/usr/local/samba/var/print/$5.prn"
+#echo $5 >> "/usr/local/samba/var/print/$5.prn"
+#echo $6 >> "/usr/local/samba/var/print/$5.prn"
+$RESTART >> "/usr/local/samba/var/print/$5.prn"
+# Not sure if this is needed
+touch /usr/local/samba/lib/smb.conf
+#
+# You need to return a value, but I am not sure what it means.
+#
+echo "Done"
+exit 0</PRE
+></TD
+></TR
+></TABLE
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1022"
->7.2.5. Samba and Printer Ports</A
-></H2
+NAME="AEN1028">Samba and Printer Ports</H3
><P
>Windows NT/2000 print servers associate a port with each printer. These normally
take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the
@@ -5883,12 +5826,10 @@ that generates a listing of ports on a system.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1030"
->7.3. The Imprints Toolset</A
-></H1
+NAME="AEN1036">The Imprints Toolset</H2
><P
>The Imprints tool set provides a UNIX equivalent of the
Windows NT Add Printer Wizard. For complete information, please
@@ -5901,12 +5842,10 @@ TARGET="_top"
only provide a brief introduction to the features of Imprints.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1034"
->7.3.1. What is Imprints?</A
-></H2
+NAME="AEN1040">What is Imprints?</H3
><P
>Imprints is a collection of tools for supporting the goals
of</P
@@ -5933,12 +5872,10 @@ NAME="AEN1034"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1044"
->7.3.2. Creating Printer Driver Packages</A
-></H2
+NAME="AEN1050">Creating Printer Driver Packages</H3
><P
>The process of creating printer driver packages is beyond
the scope of this document (refer to Imprints.txt also included
@@ -5949,12 +5886,10 @@ NAME="AEN1044"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1047"
->7.3.3. The Imprints server</A
-></H2
+NAME="AEN1053">The Imprints server</H3
><P
>The Imprints server is really a database server that
may be queried via standard HTTP mechanisms. Each printer
@@ -5962,19 +5897,18 @@ NAME="AEN1047"
downloading of the package. Each package is digitally signed
via GnuPG which can be used to verify that package downloaded
is actually the one referred in the Imprints database. It is
- <EM
->not</EM
+ <I
+CLASS="EMPHASIS"
+>not</I
> recommended that this security check
be disabled.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1051"
->7.3.4. The Installation Client</A
-></H2
+NAME="AEN1057">The Installation Client</H3
><P
>More information regarding the Imprints installation client
is available in the <TT
@@ -6072,15 +6006,13 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1073"
->7.4. <A
+NAME="AEN1079"><A
NAME="MIGRATION"
></A
->Migration to from Samba 2.0.x to 2.2.x</A
-></H1
+>Migration to from Samba 2.0.x to 2.2.x</H2
><P
>Given that printer driver management has changed (we hope improved) in
2.2 over prior releases, migration from an existing setup to 2.2 can
@@ -6151,18 +6083,30 @@ CLASS="WARNING"
></P
><TABLE
CLASS="WARNING"
-BORDER="1"
WIDTH="100%"
+BORDER="0"
><TR
><TD
+WIDTH="25"
ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TH
+ALIGN="LEFT"
+VALIGN="CENTER"
><B
>Achtung!</B
-></TD
+></TH
></TR
><TR
><TD
+> </TD
+><TD
ALIGN="LEFT"
+VALIGN="TOP"
><P
>The following <TT
CLASS="FILENAME"
@@ -6231,17 +6175,13 @@ disabled by default.</P
CLASS="CHAPTER"
><HR><H1
><A
-NAME="PRINTING_DEBUG"
->Chapter 8. Debugging Printing Problems</A
-></H1
+NAME="PRINTINGDEBUG">Debugging Printing Problems</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN1119"
->8.1. Introduction</A
-></H1
+NAME="AEN1125">Introduction</H2
><P
>This is a short description of how to debug printing problems with
Samba. This describes how to debug problems with printing from a SMB
@@ -6338,12 +6278,10 @@ the lpq output.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1135"
->8.2. Debugging printer problems</A
-></H1
+NAME="AEN1141">Debugging printer problems</H2
><P
>One way to debug printing problems is to start by replacing these
command with shell scripts that record the arguments and the contents
@@ -6413,12 +6351,10 @@ various print queues.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1144"
->8.3. What printers do I have?</A
-></H1
+NAME="AEN1150">What printers do I have?</H2
><P
>You can use the 'testprns' program to check to see if the printer
name you are using is recognized by Samba. For example, you can
@@ -6460,12 +6396,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1152"
->8.4. Setting up printcap and print servers</A
-></H1
+NAME="AEN1158">Setting up printcap and print servers</H2
><P
>You may need to set up some printcaps for your Samba system to use.
It is strongly recommended that you use the facilities provided by
@@ -6553,12 +6487,10 @@ it reread the printcap information.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1180"
->8.5. Job sent, no output</A
-></H1
+NAME="AEN1186">Job sent, no output</H2
><P
>This is the most frustrating part of printing. You may have sent the
job, verified that the job was forwarded, set up a wrapper around
@@ -6616,12 +6548,10 @@ convert the file to a format appropriate for your printer.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1191"
->8.6. Job sent, strange output</A
-></H1
+NAME="AEN1197">Job sent, strange output</H2
><P
>Once you have the job printing, you can then start worrying about
making it print nicely.</P
@@ -6680,12 +6610,10 @@ PostScript. The multiple ^D may cause an additional page of output.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1203"
->8.7. Raw PostScript printed</A
-></H1
+NAME="AEN1209">Raw PostScript printed</H2
><P
>This is a problem that is usually caused by either the print spooling
system putting information at the start of the print job that makes
@@ -6695,12 +6623,10 @@ Format Detection' on your printer.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1206"
->8.8. Advanced Printing</A
-></H1
+NAME="AEN1212">Advanced Printing</H2
><P
>Note that you can do some pretty magic things by using your
imagination with the "print command" option and some shell scripts.
@@ -6711,12 +6637,10 @@ printer.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1209"
->8.9. Real debugging</A
-></H1
+NAME="AEN1215">Real debugging</H2
><P
>If the above debug tips don't help, then maybe you need to bring in
the bug guns, system tracing. See Tracing.txt in this directory.</P
@@ -6726,17 +6650,13 @@ the bug guns, system tracing. See Tracing.txt in this directory.</P
CLASS="CHAPTER"
><HR><H1
><A
-NAME="SECURITY_LEVELS"
->Chapter 9. Security levels</A
-></H1
+NAME="SECURITYLEVELS">Security levels</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN1222"
->9.1. Introduction</A
-></H1
+NAME="AEN1228">Introduction</H2
><P
>Samba supports the following options to the global smb.conf parameter</P
><P
@@ -6786,12 +6706,10 @@ Windows NT server, the later natively capable of encrypted password support.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1233"
->9.2. More complete description of security levels</A
-></H1
+NAME="AEN1239">More complete description of security levels</H2
><P
>A SMB server tells the client at startup what "security level" it is
running. There are two options "share level" and "user level". Which
@@ -6883,17 +6801,13 @@ schemes by which the two could be kept in sync.</P
CLASS="CHAPTER"
><HR><H1
><A
-NAME="DOMAIN-SECURITY"
->Chapter 10. security = domain in Samba 2.x</A
-></H1
+NAME="DOMAIN-SECURITY">security = domain in Samba 2.x</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN1266"
->10.1. Joining an NT Domain with Samba 2.2</A
-></H1
+NAME="AEN1272">Joining an NT Domain with Samba 2.2</H2
><P
>Assume you have a Samba 2.x server with a NetBIOS name of
<TT
@@ -7119,12 +7033,10 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1330"
->10.2. Samba and Windows 2000 Domains</A
-></H1
+NAME="AEN1336">Samba and Windows 2000 Domains</H2
><P
>Many people have asked regarding the state of Samba's ability to participate in
a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows
@@ -7144,12 +7056,10 @@ Computers" MMC (Microsoft Management Console) plugin.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1335"
->10.3. Why is this better than security = server?</A
-></H1
+NAME="AEN1341">Why is this better than security = server?</H2
><P
>Currently, domain security in Samba doesn't free you from
having to create local Unix users to represent the users attaching
@@ -7213,8 +7123,9 @@ CLASS="COMMAND"
user is authenticated, making a Samba server truly plug and play
in an NT domain environment. Watch for this code soon.</P
><P
-><EM
->NOTE:</EM
+><I
+CLASS="EMPHASIS"
+>NOTE:</I
> Much of the text of this document
was first published in the Web magazine <A
HREF="http://www.linuxworld.com"
@@ -7233,23 +7144,20 @@ TARGET="_top"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="WINBIND"
->Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</A
-></H1
+NAME="WINBIND">Unified Logons between Windows NT and UNIX using Winbind</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN1388"
->11.1. Abstract</A
-></H1
+NAME="AEN1394">Abstract</H2
><P
>Integration of UNIX and Microsoft Windows NT through
a unified logon has been considered a "holy grail" in heterogeneous
computing environments for a long time. We present
- <EM
->winbind</EM
+ <I
+CLASS="EMPHASIS"
+>winbind</I
>, a component of the Samba suite
of programs as a solution to the unified logon problem. Winbind
uses a UNIX implementation
@@ -7261,12 +7169,10 @@ NAME="AEN1388"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1392"
->11.2. Introduction</A
-></H1
+NAME="AEN1398">Introduction</H2
><P
>It is well known that UNIX and Microsoft Windows NT have
different models for representing user and group information and
@@ -7315,12 +7221,10 @@ NAME="AEN1392"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1405"
->11.3. What Winbind Provides</A
-></H1
+NAME="AEN1411">What Winbind Provides</H2
><P
>Winbind unifies UNIX and Windows NT account management by
allowing a UNIX box to become a full member of a NT domain. Once
@@ -7357,12 +7261,10 @@ NAME="AEN1405"
location (on the domain controller).</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1412"
->11.3.1. Target Uses</A
-></H2
+NAME="AEN1418">Target Uses</H3
><P
>Winbind is targeted at organizations that have an
existing NT based domain infrastructure into which they wish
@@ -7381,12 +7283,10 @@ NAME="AEN1412"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1416"
->11.4. How Winbind Works</A
-></H1
+NAME="AEN1422">How Winbind Works</H2
><P
>The winbind system is designed around a client/server
architecture. A long running <B
@@ -7401,12 +7301,10 @@ CLASS="COMMAND"
in detail below.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1421"
->11.4.1. Microsoft Remote Procedure Calls</A
-></H2
+NAME="AEN1427">Microsoft Remote Procedure Calls</H3
><P
>Over the last two years, efforts have been underway
by various Samba Team members to decode various aspects of
@@ -7427,12 +7325,10 @@ NAME="AEN1421"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1425"
->11.4.2. Name Service Switch</A
-></H2
+NAME="AEN1431">Name Service Switch</H3
><P
>The Name Service Switch, or NSS, is a feature that is
present in many UNIX operating systems. It allows system
@@ -7507,12 +7403,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1441"
->11.4.3. Pluggable Authentication Modules</A
-></H2
+NAME="AEN1447">Pluggable Authentication Modules</H3
><P
>Pluggable Authentication Modules, also known as PAM,
is a system for abstracting authentication and authorization
@@ -7556,12 +7450,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1449"
->11.4.4. User and Group ID Allocation</A
-></H2
+NAME="AEN1455">User and Group ID Allocation</H3
><P
>When a user or group is created under Windows NT
is it allocated a numerical relative identifier (RID). This is
@@ -7582,12 +7474,10 @@ NAME="AEN1449"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1453"
->11.4.5. Result Caching</A
-></H2
+NAME="AEN1459">Result Caching</H3
><P
>An active system can generate a lot of user and group
name lookups. To reduce the network cost of these lookups winbind
@@ -7605,12 +7495,10 @@ NAME="AEN1453"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1456"
->11.5. Installation and Configuration</A
-></H1
+NAME="AEN1462">Installation and Configuration</H2
><P
>Many thanks to John Trostel <A
HREF="mailto:jtrostel@snapserver.com"
@@ -7632,12 +7520,10 @@ Future revisions of this document will incorporate that
information.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1463"
->11.5.1. Introduction</A
-></H2
+NAME="AEN1469">Introduction</H3
><P
>This HOWTO describes the procedures used to get winbind up and
running on my RedHat 7.1 system. Winbind is capable of providing access
@@ -7653,8 +7539,9 @@ somewhat to fit the way your distribution works.</P
><UL
><LI
><P
-> <EM
->Why should I to this?</EM
+> <I
+CLASS="EMPHASIS"
+>Why should I to this?</I
>
</P
><P
@@ -7666,8 +7553,9 @@ somewhat to fit the way your distribution works.</P
></LI
><LI
><P
-> <EM
->Who should be reading this document?</EM
+> <I
+CLASS="EMPHASIS"
+>Who should be reading this document?</I
>
</P
><P
@@ -7683,26 +7571,27 @@ somewhat to fit the way your distribution works.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1476"
->11.5.2. Requirements</A
-></H2
+NAME="AEN1482">Requirements</H3
><P
>If you have a samba configuration file that you are currently
-using... <EM
->BACK IT UP!</EM
+using... <I
+CLASS="EMPHASIS"
+>BACK IT UP!</I
> If your system already uses PAM,
-<EM
+<I
+CLASS="EMPHASIS"
>back up the <TT
CLASS="FILENAME"
>/etc/pam.d</TT
> directory
-contents!</EM
+contents!</I
> If you haven't already made a boot disk,
-<EM
->MAKE ONE NOW!</EM
+<I
+CLASS="EMPHASIS"
+>MAKE ONE NOW!</I
></P
><P
>Messing with the pam configuration files can make it nearly impossible
@@ -7741,12 +7630,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1490"
->11.5.3. Testing Things Out</A
-></H2
+NAME="AEN1496">Testing Things Out</H3
><P
>Before starting, it is probably best to kill off all the SAMBA
related daemons running on your server. Kill off all <B
@@ -7786,12 +7673,10 @@ CLASS="FILENAME"
> RPMs installed.</P
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN1501"
->11.5.3.1. Configure and compile SAMBA</A
-></H3
+NAME="AEN1507">Configure and compile SAMBA</H4
><P
>The configuration and compilation of SAMBA is pretty straightforward.
The first three steps may not be necessary depending upon
@@ -7861,16 +7746,14 @@ It will also build the winbindd executable and libraries. </P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN1520"
->11.5.3.2. Configure <TT
+NAME="AEN1526">Configure <TT
CLASS="FILENAME"
>nsswitch.conf</TT
> and the
-winbind libraries</A
-></H3
+winbind libraries</H4
><P
>The libraries needed to run the <B
CLASS="COMMAND"
@@ -7975,12 +7858,10 @@ and echos back a check to you.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN1553"
->11.5.3.3. Configure smb.conf</A
-></H3
+NAME="AEN1559">Configure smb.conf</H4
><P
>Several parameters are needed in the smb.conf file to control
the behavior of <B
@@ -8059,12 +7940,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN1569"
->11.5.3.4. Join the SAMBA server to the PDC domain</A
-></H3
+NAME="AEN1575">Join the SAMBA server to the PDC domain</H4
><P
>Enter the following command to make the SAMBA server join the
PDC domain, where <TT
@@ -8105,12 +7984,10 @@ is your DOMAIN name.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN1580"
->11.5.3.5. Start up the winbindd daemon and test it!</A
-></H3
+NAME="AEN1586">Start up the winbindd daemon and test it!</H4
><P
>Eventually, you will want to modify your smb startup script to
automatically invoke the winbindd daemon when the other parts of
@@ -8246,20 +8123,16 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN1616"
->11.5.3.6. Fix the init.d startup scripts</A
-></H3
+NAME="AEN1622">Fix the init.d startup scripts</H4
><DIV
CLASS="SECT4"
-><H4
+><H5
CLASS="SECT4"
><A
-NAME="AEN1618"
->11.5.3.6.1. Linux</A
-></H4
+NAME="AEN1624">Linux</H5
><P
>The <B
CLASS="COMMAND"
@@ -8368,12 +8241,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><HR><H5
CLASS="SECT4"
><A
-NAME="AEN1635"
->11.5.3.6.2. Solaris</A
-></H4
+NAME="AEN1641">Solaris</H5
><P
>On solaris, you need to modify the
<TT
@@ -8448,12 +8319,10 @@ esac</PRE
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><HR><H5
CLASS="SECT4"
><A
-NAME="AEN1642"
->11.5.3.6.3. Restarting</A
-></H4
+NAME="AEN1648">Restarting</H5
><P
>If you restart the <B
CLASS="COMMAND"
@@ -8472,12 +8341,10 @@ if you were a local user.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN1648"
->11.5.3.7. Configure Winbind and PAM</A
-></H3
+NAME="AEN1654">Configure Winbind and PAM</H4
><P
>If you have made it this far, you know that winbindd and samba are working
together. If you want to use winbind to provide authentication for other
@@ -8530,12 +8397,10 @@ CLASS="COMMAND"
></P
><DIV
CLASS="SECT4"
-><HR><H4
+><HR><H5
CLASS="SECT4"
><A
-NAME="AEN1665"
->11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</A
-></H4
+NAME="AEN1671">Linux/FreeBSD-specific PAM configuration</H5
><P
>The <TT
CLASS="FILENAME"
@@ -8704,12 +8569,10 @@ double prompts for passwords.</P
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><HR><H5
CLASS="SECT4"
><A
-NAME="AEN1698"
->11.5.3.7.2. Solaris-specific configuration</A
-></H4
+NAME="AEN1704">Solaris-specific configuration</H5
><P
>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
users can logon both locally as well as telnet.The following are the changes
@@ -8800,12 +8663,10 @@ configured in the pam.conf.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1705"
->11.6. Limitations</A
-></H1
+NAME="AEN1711">Limitations</H2
><P
>Winbind has a number of limitations in its current
released version that we hope to overcome in future
@@ -8841,12 +8702,10 @@ NAME="AEN1705"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1715"
->11.7. Conclusion</A
-></H1
+NAME="AEN1721">Conclusion</H2
><P
>The winbind system, through the use of the Name Service
Switch, Pluggable Authentication Modules, and appropriate
@@ -8860,17 +8719,13 @@ NAME="AEN1715"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="SAMBA-PDC"
->Chapter 12. How to Configure Samba 2.2 as a Primary Domain Controller</A
-></H1
+NAME="SAMBA-PDC">How to Configure Samba 2.2 as a Primary Domain Controller</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN1735"
->12.1. Prerequisite Reading</A
-></H1
+NAME="AEN1741">Prerequisite Reading</H2
><P
>Before you continue reading in this chapter, please make sure
that you are comfortable with configuring basic files services
@@ -8893,25 +8748,40 @@ of this HOWTO Collection.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1741"
->12.2. Background</A
-></H1
+NAME="AEN1747">Background</H2
><DIV
CLASS="NOTE"
-><BLOCKQUOTE
+><P
+></P
+><TABLE
CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
><P
-><B
->Note: </B
-><EM
->Author's Note:</EM
+><I
+CLASS="EMPHASIS"
+>Author's Note:</I
> This document is a combination
of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ".
Both documents are superseded by this one.</P
-></BLOCKQUOTE
+></TD
+></TR
+></TABLE
></DIV
><P
>Versions of Samba prior to release 2.2 had marginal capabilities to act
@@ -9025,12 +8895,10 @@ concepts. They will be mentioned only briefly here.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1780"
->12.3. Configuring the Samba Domain Controller</A
-></H1
+NAME="AEN1786">Configuring the Samba Domain Controller</H2
><P
>The first step in creating a working Samba PDC is to
understand the parameters necessary in smb.conf. I will not
@@ -9246,13 +9114,11 @@ Admins" style accounts.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1823"
->12.4. Creating Machine Trust Accounts and Joining Clients to the
-Domain</A
-></H1
+NAME="AEN1829">Creating Machine Trust Accounts and Joining Clients to the
+Domain</H2
><P
>A machine trust account is a Samba account that is used to
authenticate a client machine (rather than a user) to the Samba
@@ -9320,12 +9186,10 @@ CLASS="FILENAME"
></UL
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1842"
->12.4.1. Manual Creation of Machine Trust Accounts</A
-></H2
+NAME="AEN1848">Manual Creation of Machine Trust Accounts</H3
><P
>The first step in manually creating a machine trust account is to
manually create the corresponding Unix account in
@@ -9458,18 +9322,30 @@ CLASS="WARNING"
></P
><TABLE
CLASS="WARNING"
-BORDER="1"
WIDTH="100%"
+BORDER="0"
><TR
><TD
+WIDTH="25"
ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TH
+ALIGN="LEFT"
+VALIGN="CENTER"
><B
>Join the client to the domain immediately</B
-></TD
+></TH
></TR
><TR
><TD
+> </TD
+><TD
ALIGN="LEFT"
+VALIGN="TOP"
><P
> Manually creating a machine trust account using this method is the
equivalent of creating a machine trust account on a Windows NT PDC using
@@ -9487,12 +9363,10 @@ ALIGN="LEFT"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1877"
->12.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A
-></H2
+NAME="AEN1883">"On-the-Fly" Creation of Machine Trust Accounts</H3
><P
>The second (and recommended) way of creating machine trust accounts is
simply to allow the Samba server to create them as needed when the client
@@ -9533,12 +9407,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN1886"
->12.4.3. Joining the Client to the Domain</A
-></H2
+NAME="AEN1892">Joining the Client to the Domain</H3
><P
>The procedure for joining a client to the domain varies with the
version of Windows.</P
@@ -9547,8 +9419,9 @@ version of Windows.</P
><UL
><LI
><P
-><EM
->Windows 2000</EM
+><I
+CLASS="EMPHASIS"
+>Windows 2000</I
></P
><P
> When the user elects to join the client to a domain, Windows prompts for
@@ -9571,8 +9444,9 @@ CLASS="FILENAME"
></LI
><LI
><P
-><EM
->Windows NT</EM
+><I
+CLASS="EMPHASIS"
+>Windows NT</I
></P
><P
> If the machine trust account was created manually, on the
@@ -9593,12 +9467,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1901"
->12.5. Common Problems and Errors</A
-></H1
+NAME="AEN1907">Common Problems and Errors</H2
><P
></P
><P
@@ -9606,8 +9478,9 @@ NAME="AEN1901"
><UL
><LI
><P
-> <EM
->I cannot include a '$' in a machine name.</EM
+> <I
+CLASS="EMPHASIS"
+>I cannot include a '$' in a machine name.</I
>
</P
><P
@@ -9631,10 +9504,11 @@ CLASS="COMMAND"
></LI
><LI
><P
-> <EM
+> <I
+CLASS="EMPHASIS"
>I get told "You already have a connection to the Domain...."
or "Cannot join domain, the credentials supplied conflict with an
- existing set.." when creating a machine trust account.</EM
+ existing set.." when creating a machine trust account.</I
>
</P
><P
@@ -9661,8 +9535,9 @@ CLASS="COMMAND"
></LI
><LI
><P
-> <EM
->The system can not log you on (C000019B)....</EM
+> <I
+CLASS="EMPHASIS"
+>The system can not log you on (C000019B)....</I
>
</P
><P
@@ -9689,9 +9564,10 @@ CLASS="COMMAND"
></LI
><LI
><P
-> <EM
+> <I
+CLASS="EMPHASIS"
>The machine trust account for this computer either does not
- exist or is not accessible.</EM
+ exist or is not accessible.</I
>
</P
><P
@@ -9725,9 +9601,10 @@ CLASS="PARAMETER"
></LI
><LI
><P
-> <EM
+> <I
+CLASS="EMPHASIS"
>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
- I get a message about my account being disabled.</EM
+ I get a message about my account being disabled.</I
>
</P
><P
@@ -9792,12 +9669,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1949"
->12.6. System Policies and Profiles</A
-></H1
+NAME="AEN1955">System Policies and Profiles</H2
><P
>Much of the information necessary to implement System Policies and
Roving User Profiles in a Samba domain is the same as that for
@@ -9815,8 +9690,9 @@ Profiles and Policies in Windows NT 4.0</A
><UL
><LI
><P
-> <EM
->What about Windows NT Policy Editor?</EM
+> <I
+CLASS="EMPHASIS"
+>What about Windows NT Policy Editor?</I
>
</P
><P
@@ -9828,12 +9704,14 @@ CLASS="FILENAME"
CLASS="COMMAND"
>poledit.exe</B
> which
- is included with NT Server but <EM
->not NT Workstation</EM
+ is included with NT Server but <I
+CLASS="EMPHASIS"
+>not NT Workstation</I
>.
There is a Policy Editor on a NTws
- but it is not suitable for creating <EM
->Domain Policies</EM
+ but it is not suitable for creating <I
+CLASS="EMPHASIS"
+>Domain Policies</I
>.
Further, although the Windows 95
Policy Editor can be installed on an NT Workstation/Server, it will not
@@ -9874,8 +9752,9 @@ CLASS="COMMAND"
></LI
><LI
><P
-> <EM
->Can Win95 do Policies?</EM
+> <I
+CLASS="EMPHASIS"
+>Can Win95 do Policies?</I
>
</P
><P
@@ -9900,8 +9779,9 @@ CLASS="FILENAME"
></LI
><LI
><P
-> <EM
->How do I get 'User Manager' and 'Server Manager'</EM
+> <I
+CLASS="EMPHASIS"
+>How do I get 'User Manager' and 'Server Manager'</I
>
</P
><P
@@ -9949,12 +9829,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN1993"
->12.7. What other help can I get?</A
-></H1
+NAME="AEN1999">What other help can I get?</H2
><P
>There are many sources of information available in the form
of mailing lists, RFC's and documentation. The docs that come
@@ -9965,9 +9843,10 @@ general SMB topics such as browsing.</P
><UL
><LI
><P
-> <EM
+> <I
+CLASS="EMPHASIS"
>What are some diagnostics tools I can use to debug the domain logon
- process and where can I find them?</EM
+ process and where can I find them?</I
>
</P
><P
@@ -10037,9 +9916,10 @@ TARGET="_top"
></LI
><LI
><P
-> <EM
+> <I
+CLASS="EMPHASIS"
>How do I install 'Network Monitor' on an NT Workstation
- or a Windows 9x box?</EM
+ or a Windows 9x box?</I
>
</P
><P
@@ -10154,8 +10034,9 @@ TARGET="_top"
></LI
><LI
><P
-> The <EM
->Development</EM
+> The <I
+CLASS="EMPHASIS"
+>Development</I
> document
on the Samba mirrors might mention your problem. If so,
it might mean that the developers are working on it.</P
@@ -10212,8 +10093,9 @@ TARGET="_top"
><UL
><LI
><P
-> <EM
->How do I get help from the mailing lists?</EM
+> <I
+CLASS="EMPHASIS"
+>How do I get help from the mailing lists?</I
>
</P
><P
@@ -10288,8 +10170,9 @@ TARGET="_top"
></LI
><LI
><P
->You might include <EM
->partial</EM
+>You might include <I
+CLASS="EMPHASIS"
+>partial</I
>
log files written at a debug level set to as much as 20.
Please don't send the entire log but enough to give the context of the
@@ -10311,8 +10194,9 @@ TARGET="_top"
></LI
><LI
><P
-> <EM
->How do I get off the mailing lists?</EM
+> <I
+CLASS="EMPHASIS"
+>How do I get off the mailing lists?</I
>
</P
><P
@@ -10345,26 +10229,41 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2107"
->12.8. Domain Control for Windows 9x/ME</A
-></H1
+NAME="AEN2113">Domain Control for Windows 9x/ME</H2
><DIV
CLASS="NOTE"
-><BLOCKQUOTE
+><P
+></P
+><TABLE
CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
><P
-><B
->Note: </B
>The following section contains much of the original
DOMAIN.txt file previously included with Samba. Much of
-the material is based on what went into the book <EM
+the material is based on what went into the book <I
+CLASS="EMPHASIS"
>Special
-Edition, Using Samba</EM
+Edition, Using Samba</I
>, by Richard Sharpe.</P
-></BLOCKQUOTE
+></TD
+></TR
+></TABLE
></DIV
><P
>A domain and a workgroup are exactly the same thing in terms of network
@@ -10459,12 +10358,10 @@ TYPE="1"
></OL
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2133"
->12.8.1. Configuration Instructions: Network Logons</A
-></H2
+NAME="AEN2139">Configuration Instructions: Network Logons</H3
><P
>The main difference between a PDC and a Windows 9x logon
server configuration is that</P
@@ -10489,18 +10386,30 @@ CLASS="WARNING"
></P
><TABLE
CLASS="WARNING"
-BORDER="1"
WIDTH="100%"
+BORDER="0"
><TR
><TD
+WIDTH="25"
ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TH
+ALIGN="LEFT"
+VALIGN="CENTER"
><B
>security mode and master browsers</B
-></TD
+></TH
></TR
><TR
><TD
+> </TD
+><TD
ALIGN="LEFT"
+VALIGN="TOP"
><P
>There are a few comments to make in order to tie up some
loose ends. There has been much debate over the issue of whether
@@ -10553,33 +10462,34 @@ for its domain.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2152"
->12.8.2. Configuration Instructions: Setting up Roaming User Profiles</A
-></H2
+NAME="AEN2158">Configuration Instructions: Setting up Roaming User Profiles</H3
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
-BORDER="1"
WIDTH="100%"
+BORDER="0"
><TR
><TD
+WIDTH="25"
ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
><TD
ALIGN="LEFT"
+VALIGN="TOP"
><P
-><EM
->NOTE!</EM
+><I
+CLASS="EMPHASIS"
+>NOTE!</I
> Roaming profiles support is different
for Win9X and WinNT.</P
></TD
@@ -10600,12 +10510,10 @@ including a separate field for the location of the user's profiles.
This means that support for profiles is different for Win9X and WinNT.</P
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2160"
->12.8.2.1. Windows NT Configuration</A
-></H3
+NAME="AEN2166">Windows NT Configuration</H4
><P
>To support WinNT clients, in the [global] section of smb.conf set the
following (for example):</P
@@ -10631,25 +10539,39 @@ If you are using a samba server for the profiles, you _must_ make the
share specified in the logon path browseable. </P
><DIV
CLASS="NOTE"
-><BLOCKQUOTE
+><P
+></P
+><TABLE
CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
><P
-><B
->Note: </B
>[lkcl 26aug96 - we have discovered a problem where Windows clients can
maintain a connection to the [homes] share in between logins. The
[homes] share must NOT therefore be used in a profile path.]</P
-></BLOCKQUOTE
+></TD
+></TR
+></TABLE
></DIV
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2168"
->12.8.2.2. Windows 9X Configuration</A
-></H3
+NAME="AEN2174">Windows 9X Configuration</H4
><P
>To support Win9X clients, you must use the "logon home" parameter. Samba has
now been fixed so that "net use/home" now works as well, and it, too, relies
@@ -10684,12 +10606,10 @@ specified \\%L\%U for "logon home".</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2176"
->12.8.2.3. Win9X and WinNT Configuration</A
-></H3
+NAME="AEN2182">Win9X and WinNT Configuration</H4
><P
>You can support profiles for both Win9X and WinNT clients by setting both the
"logon home" and "logon path" parameters. For example:</P
@@ -10710,24 +10630,38 @@ logon path = \\%L\profiles\%U</PRE
></P
><DIV
CLASS="NOTE"
-><BLOCKQUOTE
+><P
+></P
+><TABLE
CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
><P
-><B
->Note: </B
>I have not checked what 'net use /home' does on NT when "logon home" is
set as above.</P
-></BLOCKQUOTE
+></TD
+></TR
+></TABLE
></DIV
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2183"
->12.8.2.4. Windows 9X Profile Setup</A
-></H3
+NAME="AEN2189">Windows 9X Profile Setup</H4
><P
>When a user first logs in on Windows 9X, the file user.DAT is created,
as are folders "Start Menu", "Desktop", "Programs" and "Nethood".
@@ -10832,8 +10766,9 @@ TYPE="1"
></LI
><LI
><P
-> <EM
->WARNING</EM
+> <I
+CLASS="EMPHASIS"
+>WARNING</I
> - before deleting the contents of the
directory listed in
the ProfilePath (this is likely to be c:\windows\profiles\username),
@@ -10878,30 +10813,44 @@ differences are with the equivalent samba trace.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2219"
->12.8.2.5. Windows NT Workstation 4.0</A
-></H3
+NAME="AEN2225">Windows NT Workstation 4.0</H4
><P
>When a user first logs in to a Windows NT Workstation, the profile
NTuser.DAT is created. The profile location can be now specified
through the "logon path" parameter. </P
><DIV
CLASS="NOTE"
-><BLOCKQUOTE
+><P
+></P
+><TABLE
CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
><P
-><B
->Note: </B
>[lkcl 10aug97 - i tried setting the path to
\\samba-server\homes\profile, and discovered that this fails because
a background process maintains the connection to the [homes] share
which does _not_ close down in between user logins. you have to
have \\samba-server\%L\profile, where user is the username created
from the [homes] share].</P
-></BLOCKQUOTE
+></TD
+></TR
+></TABLE
></DIV
><P
>There is a parameter that is now available for use with NT Profiles:
@@ -10932,11 +10881,25 @@ NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
turns a profile into a mandatory one.</P
><DIV
CLASS="NOTE"
-><BLOCKQUOTE
+><P
+></P
+><TABLE
CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
><P
-><B
->Note: </B
>[lkcl 10aug97 - i notice that NT Workstation tells me that it is
downloading a profile from a slow link. whether this is actually the
case, or whether there is some configuration issue, as yet unknown,
@@ -10955,17 +10918,17 @@ workstation for clear-text passwords].</P
>[lkcl 25aug97 - more comments received about NT profiles: the case of
the profile _matters_. the file _must_ be called NTuser.DAT or, for
a mandatory profile, NTuser.MAN].</P
-></BLOCKQUOTE
+></TD
+></TR
+></TABLE
></DIV
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2232"
->12.8.2.6. Windows NT Server</A
-></H3
+NAME="AEN2238">Windows NT Server</H4
><P
>There is nothing to stop you specifying any path that you like for the
location of users' profiles. Therefore, you could specify that the
@@ -10974,30 +10937,40 @@ that SMB server supports encrypted passwords.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><HR><H4
CLASS="SECT3"
><A
-NAME="AEN2235"
->12.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</A
-></H3
+NAME="AEN2241">Sharing Profiles between W95 and NT Workstation 4.0</H4
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
-BORDER="1"
WIDTH="100%"
+BORDER="0"
><TR
><TD
+WIDTH="25"
ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TH
+ALIGN="LEFT"
+VALIGN="CENTER"
><B
>Potentially outdated or incorrect material follows</B
-></TD
+></TH
></TR
><TR
><TD
+> </TD
+><TD
ALIGN="LEFT"
+VALIGN="TOP"
><P
>I think this is all bogus, but have not deleted it. (Richard Sharpe)</P
></TD
@@ -11022,47 +10995,73 @@ unlikely to exist on a Win95-only host].</P
NTuser.DAT files in the same profile directory.</P
><DIV
CLASS="NOTE"
-><BLOCKQUOTE
+><P
+></P
+><TABLE
CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
><P
-><B
->Note: </B
>[lkcl 25aug97 - there are some issues to resolve with downloading of
NT profiles, probably to do with time/date stamps. i have found that
NTuser.DAT is never updated on the workstation after the first time that
it is copied to the local workstation profile directory. this is in
contrast to w95, where it _does_ transfer / update profiles correctly].</P
-></BLOCKQUOTE
+></TD
+></TR
+></TABLE
></DIV
></DIV
></DIV
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2245"
->12.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A
-></H1
+NAME="AEN2251">DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</H2
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
-BORDER="1"
WIDTH="100%"
+BORDER="0"
><TR
><TD
+WIDTH="25"
ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="./stylesheet-images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TH
+ALIGN="LEFT"
+VALIGN="CENTER"
><B
>Possibly Outdated Material</B
-></TD
+></TH
></TR
><TR
><TD
+> </TD
+><TD
ALIGN="LEFT"
+VALIGN="TOP"
><P
> This appendix was originally authored by John H Terpstra of
the Samba Team and is included here for posterity.
@@ -11072,8 +11071,9 @@ ALIGN="LEFT"
></TABLE
></DIV
><P
-><EM
->NOTE :</EM
+><I
+CLASS="EMPHASIS"
+>NOTE :</I
>
The term "Domain Controller" and those related to it refer to one specific
method of authentication that can underly an SMB domain. Domain Controllers
@@ -11163,17 +11163,13 @@ within its registry.</P
CLASS="CHAPTER"
><HR><H1
><A
-NAME="SAMBA-BDC"
->Chapter 13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
-></H1
+NAME="SAMBA-BDC">How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN2281"
->13.1. Prerequisite Reading</A
-></H1
+NAME="AEN2287">Prerequisite Reading</H2
><P
>Before you continue reading in this chapter, please make sure
that you are comfortable with configuring a Samba PDC
@@ -11185,12 +11181,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2285"
->13.2. Background</A
-></H1
+NAME="AEN2291">Background</H2
><P
>What is a Domain Controller? It is a machine that is able to answer
logon requests from workstations in a Windows NT Domain. Whenever a
@@ -11239,12 +11233,10 @@ others. This will not be covered in this document.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2293"
->13.3. What qualifies a Domain Controller on the network?</A
-></H1
+NAME="AEN2299">What qualifies a Domain Controller on the network?</H2
><P
>Every machine that is a Domain Controller for the domain SAMBA has to
register the NetBIOS group name SAMBA#1c with the WINS server and/or
@@ -11256,12 +11248,10 @@ Microsoft Domain implementation requires the domain master browser to
be on the same machine as the PDC.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2296"
->13.3.1. How does a Workstation find its domain controller?</A
-></H2
+NAME="AEN2302">How does a Workstation find its domain controller?</H3
><P
>A NT workstation in the domain SAMBA that wants a local user to be
authenticated has to find the domain controller for SAMBA. It does
@@ -11275,12 +11265,10 @@ the domain controller, asking for approval.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2299"
->13.3.2. When is the PDC needed?</A
-></H2
+NAME="AEN2305">When is the PDC needed?</H3
><P
>Whenever a user wants to change his password, this has to be done on
the PDC. To find the PDC, the workstation does a NetBIOS name query
@@ -11291,12 +11279,10 @@ the password change is done.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2302"
->13.4. Can Samba be a Backup Domain Controller?</A
-></H1
+NAME="AEN2308">Can Samba be a Backup Domain Controller?</H2
><P
>With version 2.2, no. The native NT SAM replication protocols have
not yet been fully implemented. The Samba Team is working on
@@ -11310,12 +11296,10 @@ service logon requests whenever the PDC is down.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2306"
->13.5. How do I set up a Samba BDC?</A
-></H1
+NAME="AEN2312">How do I set up a Samba BDC?</H2
><P
>Several things have to be done:</P
><P
@@ -11323,10 +11307,16 @@ NAME="AEN2306"
><UL
><LI
><P
->The file private/MACHINE.SID identifies the domain. When a samba
-server is first started, it is created on the fly and must never be
-changed again. This file has to be the same on the PDC and the BDC,
-so the MACHINE.SID has to be copied from the PDC to the BDC.</P
+>The domain SID has to be the same on the PDC and the BDC. This used to
+be stored in the file private/MACHINE.SID. This file is not created
+anymore since Samba 2.2.5 or even earlier. Nowadays the domain SID is
+stored in the file private/secrets.tdb. Simply copying the secrets.tdb
+from the PDC to the BDC does not work, as the BDC would
+generate a new SID for itself and override the domain SID with this
+new BDC SID.</P
+><P
+>To retrieve the domain SID from the PDC or an existing BDC and store it in the
+secrets.tdb, execute 'net rpc getsid' on the BDC.</P
></LI
><LI
><P
@@ -11380,12 +11370,10 @@ no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
name is reserved for the Primary Domain Controller.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2322"
->13.5.1. How do I replicate the smbpasswd file?</A
-></H2
+NAME="AEN2329">How do I replicate the smbpasswd file?</H3
><P
>Replication of the smbpasswd file is sensitive. It has to be done
whenever changes to the SAM are made. Every user's password change is
@@ -11405,17 +11393,13 @@ password.</P
CLASS="CHAPTER"
><HR><H1
><A
-NAME="SAMBA-LDAP-HOWTO"
->Chapter 14. Storing Samba's User/Machine Account information in an LDAP Directory</A
-></H1
+NAME="SAMBA-LDAP-HOWTO">Storing Samba's User/Machine Account information in an LDAP Directory</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN2343"
->14.1. Purpose</A
-></H1
+NAME="AEN2350">Purpose</H2
><P
>This document describes how to use an LDAP directory for storing Samba user
account information traditionally stored in the smbpasswd(5) file. It is
@@ -11478,12 +11462,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2363"
->14.2. Introduction</A
-></H1
+NAME="AEN2370">Introduction</H2
><P
>Traditionally, when configuring <A
HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
@@ -11595,12 +11577,10 @@ the details of configuring these packages are beyond the scope of this document.
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2392"
->14.3. Supported LDAP Servers</A
-></H1
+NAME="AEN2399">Supported LDAP Servers</H2
><P
>The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
2.0 server and client libraries. The same code should be able to work with
@@ -11620,12 +11600,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2397"
->14.4. Schema and Relationship to the RFC 2307 posixAccount</A
-></H1
+NAME="AEN2404">Schema and Relationship to the RFC 2307 posixAccount</H2
><P
>Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
<TT
@@ -11688,20 +11666,16 @@ information in NIS while the network is transitioning to a full LDAP infrastruct
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2409"
->14.5. Configuring Samba with LDAP</A
-></H1
+NAME="AEN2416">Configuring Samba with LDAP</H2
><DIV
CLASS="SECT2"
-><H2
+><H3
CLASS="SECT2"
><A
-NAME="AEN2411"
->14.5.1. OpenLDAP configuration</A
-></H2
+NAME="AEN2418">OpenLDAP configuration</H3
><P
>To include support for the sambaAccount object in an OpenLDAP directory
server, first copy the samba.schema file to slapd's configuration directory.</P
@@ -11796,12 +11770,10 @@ index rid eq
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2428"
->14.5.2. Configuring Samba</A
-></H2
+NAME="AEN2435">Configuring Samba</H3
><P
>The following parameters are available in smb.conf only with <TT
CLASS="PARAMETER"
@@ -11925,12 +11897,10 @@ CLASS="REPLACEABLE"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2456"
->14.6. Accounts and Groups management</A
-></H1
+NAME="AEN2463">Accounts and Groups management</H2
><P
>As users accounts are managed thru the sambaAccount objectclass, you should
modify you existing administration tools to deal with sambaAccount attributes.</P
@@ -11950,12 +11920,10 @@ groups).</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2461"
->14.7. Security and sambaAccount</A
-></H1
+NAME="AEN2468">Security and sambaAccount</H2
><P
>There are two important points to remember when discussing the security
of sambaAccount entries in the directory.</P
@@ -11964,15 +11932,17 @@ of sambaAccount entries in the directory.</P
><UL
><LI
><P
-><EM
->Never</EM
+><I
+CLASS="EMPHASIS"
+>Never</I
> retrieve the lmPassword or
ntPassword attribute values over an unencrypted LDAP session.</P
></LI
><LI
><P
-><EM
->Never</EM
+><I
+CLASS="EMPHASIS"
+>Never</I
> allow non-admin users to
view the lmPassword or ntPassword attribute values.</P
></LI
@@ -12030,12 +12000,10 @@ access to attrs=lmPassword,ntPassword
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2481"
->14.8. LDAP specials attributes for sambaAccounts</A
-></H1
+NAME="AEN2488">LDAP specials attributes for sambaAccounts</H2
><P
>The sambaAccount objectclass is composed of the following attributes:</P
><P
@@ -12241,12 +12209,10 @@ something other than the default (e.g. \\MOBY\becky).</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2551"
->14.9. Example LDIF Entries for a sambaAccount</A
-></H1
+NAME="AEN2558">Example LDIF Entries for a sambaAccount</H2
><P
>The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
><P
@@ -12317,12 +12283,10 @@ ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2559"
->14.10. Comments</A
-></H1
+NAME="AEN2566">Comments</H2
><P
>Please mail all comments regarding this HOWTO to <A
HREF="mailto:jerry@samba.org"
@@ -12336,17 +12300,13 @@ last updated to reflect the Samba 2.2.3 release. </P
CLASS="CHAPTER"
><HR><H1
><A
-NAME="IMPROVED-BROWSING"
->Chapter 15. Improved browsing in samba</A
-></H1
+NAME="IMPROVED-BROWSING">Improved browsing in samba</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN2570"
->15.1. Overview of browsing</A
-></H1
+NAME="AEN2577">Overview of browsing</H2
><P
>SMB networking provides a mechanism by which clients can access a list
of machines in a network, a so-called "browse list". This list
@@ -12365,12 +12325,10 @@ that can NOT be provided by any other means of name resolution.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2574"
->15.2. Browsing support in samba</A
-></H1
+NAME="AEN2581">Browsing support in samba</H2
><P
>Samba now fully supports browsing. The browsing is supported by nmbd
and is also controlled by options in the smb.conf file (see smb.conf(5)).</P
@@ -12410,12 +12368,10 @@ example. See "remote announce" in the smb.conf man page. </P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2583"
->15.3. Problem resolution</A
-></H1
+NAME="AEN2590">Problem resolution</H2
><P
>If something doesn't work then hopefully the log.nmb file will help
you track down the problem. Try a debug level of 2 or 3 for finding
@@ -12444,12 +12400,10 @@ in smb.conf)</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2590"
->15.4. Browsing across subnets</A
-></H1
+NAME="AEN2597">Browsing across subnets</H2
><P
>With the release of Samba 1.9.17(alpha1 and above) Samba has been
updated to enable it to support the replication of browse lists
@@ -12475,12 +12429,10 @@ of a WINS server given to them by a DHCP server, or by manual configuration
settings) for Samba this is in the smb.conf file.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2595"
->15.4.1. How does cross subnet browsing work ?</A
-></H2
+NAME="AEN2602">How does cross subnet browsing work ?</H3
><P
>Cross subnet browsing is a complicated dance, containing multiple
moving parts. It has taken Microsoft several years to get the code
@@ -12732,12 +12684,10 @@ TYPE="1"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2630"
->15.5. Setting up a WINS server</A
-></H1
+NAME="AEN2637">Setting up a WINS server</H2
><P
>Either a Samba machine or a Windows NT Server machine may be set up
as a WINS server. To set a Samba machine to be a WINS server you must
@@ -12815,12 +12765,10 @@ browsing on networks that contain NT Domains.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2649"
->15.6. Setting up Browsing in a WORKGROUP</A
-></H1
+NAME="AEN2656">Setting up Browsing in a WORKGROUP</H2
><P
>To set up cross subnet browsing on a network containing machines
in up to be in a WORKGROUP, not an NT Domain you need to set up one
@@ -12926,12 +12874,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2667"
->15.7. Setting up Browsing in a DOMAIN</A
-></H1
+NAME="AEN2674">Setting up Browsing in a DOMAIN</H2
><P
>If you are adding Samba servers to a Windows NT Domain then
you must not set up a Samba server as a domain master browser.
@@ -12986,12 +12932,10 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2677"
->15.8. Forcing samba to be the master</A
-></H1
+NAME="AEN2684">Forcing samba to be the master</H2
><P
>Who becomes the "master browser" is determined by an election process
using broadcasts. Each election packet contains a number of parameters
@@ -13034,12 +12978,10 @@ the current domain master browser fail.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2686"
->15.9. Making samba the domain master</A
-></H1
+NAME="AEN2693">Making samba the domain master</H2
><P
>The domain master is responsible for collating the browse lists of
multiple subnets so that browsing can occur between subnets. You can
@@ -13107,12 +13049,10 @@ TYPE="1"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2704"
->15.10. Note about broadcast addresses</A
-></H1
+NAME="AEN2711">Note about broadcast addresses</H2
><P
>If your network uses a "0" based broadcast address (for example if it
ends in a 0) then you will strike problems. Windows for Workgroups
@@ -13121,12 +13061,10 @@ that browsing and name lookups won't work.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2707"
->15.11. Multiple interfaces</A
-></H1
+NAME="AEN2714">Multiple interfaces</H2
><P
>Samba now supports machines with multiple network interfaces. If you
have multiple interfaces then you will need to use the "interfaces"
@@ -13137,17 +13075,13 @@ option in smb.conf to configure them. See smb.conf(5) for details.</P
CLASS="CHAPTER"
><HR><H1
><A
-NAME="SPEED"
->Chapter 16. Samba performance issues</A
-></H1
+NAME="SPEED">Samba performance issues</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN2725"
->16.1. Comparisons</A
-></H1
+NAME="AEN2732">Comparisons</H2
><P
>The Samba server uses TCP to talk to the client. Thus if you are
trying to see if it performs well you should really compare it to
@@ -13173,20 +13107,16 @@ systems.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2731"
->16.2. Oplocks</A
-></H1
+NAME="AEN2738">Oplocks</H2
><DIV
CLASS="SECT2"
-><H2
+><H3
CLASS="SECT2"
><A
-NAME="AEN2733"
->16.2.1. Overview</A
-></H2
+NAME="AEN2740">Overview</H3
><P
>Oplocks are the way that SMB clients get permission from a server to
locally cache file operations. If a server grants an oplock
@@ -13217,12 +13147,10 @@ code did follows.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2741"
->16.2.2. Level2 Oplocks</A
-></H2
+NAME="AEN2748">Level2 Oplocks</H3
><P
>With Samba 2.0.5 a new capability - level2 (read only) oplocks is
supported (although the option is off by default - see the smb.conf
@@ -13241,12 +13169,10 @@ read-ahread cache copies of these files.</P
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2747"
->16.2.3. Old 'fake oplocks' option - deprecated</A
-></H2
+NAME="AEN2754">Old 'fake oplocks' option - deprecated</H3
><P
>Samba can also fake oplocks, by granting a oplock whenever a client
asks for one. This is controlled using the smb.conf option "fake
@@ -13262,12 +13188,10 @@ at the same time you can get data corruption.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2751"
->16.3. Socket options</A
-></H1
+NAME="AEN2758">Socket options</H2
><P
>There are a number of socket options that can greatly affect the
performance of a TCP based server like Samba.</P
@@ -13290,12 +13214,10 @@ Microsoft TCP/IP stack is slow in sending tcp ACKs.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2758"
->16.4. Read size</A
-></H1
+NAME="AEN2765">Read size</H2
><P
>The option "read size" affects the overlap of disk reads/writes with
network reads/writes. If the amount of data being transferred in
@@ -13316,12 +13238,10 @@ pointless and will cause you to allocate memory unnecessarily.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2763"
->16.5. Max xmit</A
-></H1
+NAME="AEN2770">Max xmit</H2
><P
>At startup the client and server negotiate a "maximum transmit" size,
which limits the size of nearly all SMB commands. You can set the
@@ -13339,12 +13259,10 @@ of less than 2048 is likely to cause severe problems.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2768"
->16.6. Locking</A
-></H1
+NAME="AEN2775">Locking</H2
><P
>By default Samba does not implement strict locking on each read/write
call (although it did in previous versions). If you enable strict
@@ -13356,12 +13274,10 @@ filesystems, but could be quite high even on local disks.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2772"
->16.7. Share modes</A
-></H1
+NAME="AEN2779">Share modes</H2
><P
>Some people find that opening files is very slow. This is often
because of the "share modes" code needed to fully implement the dos
@@ -13386,12 +13302,10 @@ things much faster. See the Makefile for how to enable this.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2777"
->16.8. Log level</A
-></H1
+NAME="AEN2784">Log level</H2
><P
>If you set the log level (also known as "debug level") higher than 2
then you may suffer a large drop in performance. This is because the
@@ -13400,12 +13314,10 @@ expensive. </P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2780"
->16.9. Wide lines</A
-></H1
+NAME="AEN2787">Wide lines</H2
><P
>The "wide links" option is now enabled by default, but if you disable
it (for better security) then you may suffer a performance hit in
@@ -13414,12 +13326,10 @@ resolving filenames. The performance loss is lessened if you have
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2783"
->16.10. Read raw</A
-></H1
+NAME="AEN2790">Read raw</H2
><P
>The "read raw" operation is designed to be an optimised, low-latency
file read operation. A server may choose to not support it,
@@ -13436,12 +13346,10 @@ testing can really tell.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2788"
->16.11. Write raw</A
-></H1
+NAME="AEN2795">Write raw</H2
><P
>The "write raw" operation is designed to be an optimised, low-latency
file write operation. A server may choose to not support it,
@@ -13453,12 +13361,10 @@ case you may wish to change this option.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2792"
->16.12. Read prediction</A
-></H1
+NAME="AEN2799">Read prediction</H2
><P
>Samba can do read prediction on some of the SMB commands. Read
prediction means that Samba reads some extra data on the last file it
@@ -13479,12 +13385,10 @@ as "Write" under NT) which do lots of very small reads on a file.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2799"
->16.13. Memory mapping</A
-></H1
+NAME="AEN2806">Memory mapping</H2
><P
>Samba supports reading files via memory mapping them. One some
machines this can give a large boost to performance, on others it
@@ -13500,12 +13404,10 @@ no".</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2804"
->16.14. Slow Clients</A
-></H1
+NAME="AEN2811">Slow Clients</H2
><P
>One person has reported that setting the protocol to COREPLUS rather
than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
@@ -13517,12 +13419,10 @@ protocol. Lowering the "read size" might also help.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2808"
->16.15. Slow Logins</A
-></H1
+NAME="AEN2815">Slow Logins</H2
><P
>Slow logins are almost always due to the password checking time. Using
the lowest practical "password level" will improve things a lot. You
@@ -13530,12 +13430,10 @@ could also enable the "UFC crypt" option in the Makefile.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2811"
->16.16. Client tuning</A
-></H1
+NAME="AEN2818">Client tuning</H2
><P
>Often a speed problem can be traced to the client. The client (for
example Windows for Workgroups) can often be tuned for better TCP
@@ -13634,12 +13532,10 @@ staggering.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2843"
->16.17. My Results</A
-></H1
+NAME="AEN2850">My Results</H2
><P
>Some people want to see real numbers in a document like this, so here
they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b
@@ -13666,38 +13562,78 @@ here someday ...</P
CLASS="CHAPTER"
><HR><H1
><A
-NAME="OS2"
->Chapter 17. OS2 Client HOWTO</A
-></H1
+NAME="OTHER-CLIENTS">Samba and other CIFS clients</H1
+><P
+>This chapter contains client-specific information.</P
><DIV
CLASS="SECT1"
-><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2860"
->17.1. FAQs</A
-></H1
-><DIV
-CLASS="SECT2"
-><H2
-CLASS="SECT2"
-><A
-NAME="AEN2862"
->17.1.1. How can I configure OS/2 Warp Connect or
- OS/2 Warp 4 as a client for Samba?</A
-></H2
+NAME="AEN2871">Macintosh clients?</H2
><P
->A more complete answer to this question can be
- found on <A
-HREF="http://carol.wins.uva.nl/~leeuw/samba/warp.html"
+>Yes. <A
+HREF="http://www.thursby.com/"
TARGET="_top"
-> http://carol.wins.uva.nl/~leeuw/samba/warp.html</A
->.</P
+>Thursby</A
+> now have a CIFS Client / Server called DAVE - see</P
><P
->Basically, you need three components:</P
+>They test it against Windows 95, Windows NT and samba for
+compatibility issues. At the time of writing, DAVE was at version
+1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from
+the Thursby web site (the speed of finder copies has been greatly
+enhanced, and there are bug-fixes included).</P
><P
+>
+Alternatives - There are two free implementations of AppleTalk for
+several kinds of UNIX machnes, and several more commercial ones.
+These products allow you to run file services and print services
+natively to Macintosh users, with no additional support required on
+the Macintosh. The two free omplementations are
+<A
+HREF="http://www.umich.edu/~rsug/netatalk/"
+TARGET="_top"
+>Netatalk</A
+>, and
+<A
+HREF="http://www.cs.mu.oz.au/appletalk/atalk.html"
+TARGET="_top"
+>CAP</A
+>.
+What Samba offers MS
+Windows users, these packages offer to Macs. For more info on these
+packages, Samba, and Linux (and other UNIX-based systems) see
+<A
+HREF="http://www.eats.com/linux_mac_win.html"
+TARGET="_top"
+>http://www.eats.com/linux_mac_win.html</A
></P
-><UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN2880">OS2 Client</H2
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="AEN2882">How can I configure OS/2 Warp Connect or
+ OS/2 Warp 4 as a client for Samba?</H3
+><P
+>A more complete answer to this question can be
+ found on <A
+HREF="http://carol.wins.uva.nl/~leeuw/samba/warp.html"
+TARGET="_top"
+> http://carol.wins.uva.nl/~leeuw/samba/warp.html</A
+>.</P
+><P
+>Basically, you need three components:</P
+><P
+></P
+><UL
><LI
><P
>The File and Print Client ('IBM Peer')
@@ -13738,13 +13674,11 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2877"
->17.1.2. How can I configure OS/2 Warp 3 (not Connect),
- OS/2 1.2, 1.3 or 2.x for Samba?</A
-></H2
+NAME="AEN2897">How can I configure OS/2 Warp 3 (not Connect),
+ OS/2 1.2, 1.3 or 2.x for Samba?</H3
><P
>You can use the free Microsoft LAN Manager 2.2c Client
for OS/2 from
@@ -13791,13 +13725,11 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2886"
->17.1.3. Are there any other issues when OS/2 (any version)
- is used as a client?</A
-></H2
+NAME="AEN2906">Are there any other issues when OS/2 (any version)
+ is used as a client?</H3
><P
>When you do a NET VIEW or use the "File and Print
Client Resource Browser", no Samba servers show up. This can
@@ -13813,13 +13745,11 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2890"
->17.1.4. How do I get printer driver download working
- for OS/2 clients?</A
-></H2
+NAME="AEN2910">How do I get printer driver download working
+ for OS/2 clients?</H3
><P
>First, create a share called [PRINTDRV] that is
world-readable. Copy your OS/2 driver files there. Note
@@ -13828,7 +13758,7 @@ NAME="AEN2890"
driver from an OS/2 system.</P
><P
>Install the NT driver first for that printer. Then,
- add to your smb.conf a parameter, "os2 driver map =
+ add to your smb.conf a parameter, os2 driver map =
<TT
CLASS="REPLACEABLE"
><I
@@ -13844,8 +13774,11 @@ CLASS="REPLACEABLE"
name of the NT driver name to the OS/2 driver name as
follows:</P
><P
-><nt driver name> = <os2 driver
- name>.<device name>, e.g.:
+><B
+CLASS="COMMAND"
+>nt driver name = os2 "driver
+ name"."device name"</B
+>, e.g.:
HP LaserJet 5L = LASERJET.HP LaserJet 5L</P
><P
>You can have multiple drivers mapped in this file.</P
@@ -13859,22 +13792,228 @@ CLASS="REPLACEABLE"
</P
></DIV
></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN2920">Windows for Workgroups</H2
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="AEN2922">Use latest TCP/IP stack from Microsoft</H3
+><P
+>Use the latest TCP/IP stack from microsoft if you use Windows
+for workgroups.</P
+><P
+>The early TCP/IP stacks had lots of bugs.</P
+><P
+>
+Microsoft has released an incremental upgrade to their TCP/IP 32-Bit
+VxD drivers. The latest release can be found on their ftp site at
+ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe.
+There is an update.txt file there that describes the problems that were
+fixed. New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386,
+WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2927">Delete .pwl files after password change</H3
+><P
+>WfWg does a lousy job with passwords. I find that if I change my
+password on either the unix box or the PC the safest thing to do is to
+delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password.</P
+><P
+>
+If you don't do this you may find that WfWg remembers and uses the old
+password, even if you told it a new one.</P
+><P
+>
+Often WfWg will totally ignore a password you give it in a dialog box.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2932">Configure WfW password handling</H3
+><P
+>There is a program call admincfg.exe
+on the last disk (disk 8) of the WFW 3.11 disk set. To install it
+type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon
+for it via the "Progam Manager" "New" Menu. This program allows you
+to control how WFW handles passwords. ie disable Password Caching etc
+for use with <B
+CLASS="COMMAND"
+>security = user</B
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2936">Case handling of passwords</H3
+><P
+>Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+> information on <B
+CLASS="COMMAND"
+>password level</B
+> to specify what characters samba should try to uppercase when checking.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN2941">Windows '95/'98</H2
+><P
+>When using Windows 95 OEM SR2 the following updates are recommended where Samba
+is being used. Please NOTE that the above change will affect you once these
+updates have been installed.</P
+><P
+>
+There are more updates than the ones mentioned here. You are referred to the
+Microsoft Web site for all currently available updates to your specific version
+of Windows 95.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>Kernel Update: KRNLUPD.EXE</P
+></LI
+><LI
+><P
+>Ping Fix: PINGUPD.EXE</P
+></LI
+><LI
+><P
+>RPC Update: RPCRTUPD.EXE</P
+></LI
+><LI
+><P
+>TCP/IP Update: VIPUPD.EXE</P
+></LI
+><LI
+><P
+>Redirector Update: VRDRUPD.EXE</P
+></LI
+></OL
+><P
+>Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This
+fix may stop your machine from hanging for an extended period when exiting
+OutLook and you may also notice a significant speedup when accessing network
+neighborhood services.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN2957">Windows 2000 Service Pack 2</H2
+><P
+>
+There are several annoyances with Windows 2000 SP2. One of which
+only appears when using a Samba server to host user profiles
+to Windows 2000 SP2 clients in a Windows domain. This assumes
+that Samba is a member of the domain, but the problem will
+likely occur if it is not.</P
+><P
+>
+In order to server profiles successfully to Windows 2000 SP2
+clients (when not operating as a PDC), Samba must have
+<B
+CLASS="COMMAND"
+>nt acl support = no</B
+>
+added to the file share which houses the roaming profiles.
+If this is not done, then the Windows 2000 SP2 client will
+complain about not being able to access the profile (Access
+Denied) and create multiple copies of it on disk (DOMAIN.user.001,
+DOMAIN.user.002, etc...). See the
+<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+> man page
+for more details on this option. Also note that the
+<B
+CLASS="COMMAND"
+>nt acl support</B
+> parameter was formally a global parameter in
+releases prior to Samba 2.2.2.</P
+><P
+>
+The following is a minimal profile share:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+> [profile]
+ path = /export/profile
+ create mask = 0600
+ directory mask = 0700
+ nt acl support = no
+ read only = no</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The reason for this bug is that the Win2k SP2 client copies
+the security descriptor for the profile which contains
+the Samba server's SID, and not the domain SID. The client
+compares the SID for SAMBA\user and realizes it is
+different that the one assigned to DOMAIN\user. Hence the reason
+for the "access denied" message.</P
+><P
+>By disabling the <B
+CLASS="COMMAND"
+>nt acl support</B
+> parameter, Samba will send
+the Win2k client a response to the QuerySecurityDescriptor
+trans2 call which causes the client to set a default ACL
+for the profile. This default ACL includes </P
+><P
+><B
+CLASS="COMMAND"
+>DOMAIN\user "Full Control"</B
+></P
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE : This bug does not occur when using winbind to
+create accounts on the Samba host for Domain users.</I
+></P
+></DIV
></DIV
><DIV
CLASS="CHAPTER"
><HR><H1
><A
-NAME="CVS-ACCESS"
->Chapter 18. HOWTO Access Samba source code via CVS</A
-></H1
+NAME="CVS-ACCESS">HOWTO Access Samba source code via CVS</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN2906"
->18.1. Introduction</A
-></H1
+NAME="AEN2981">Introduction</H2
><P
>Samba is developed in an open environment. Developers use CVS
(Concurrent Versioning System) to "checkin" (also known as
@@ -13891,12 +14030,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2911"
->18.2. CVS Access to samba.org</A
-></H1
+NAME="AEN2986">CVS Access to samba.org</H2
><P
>The machine samba.org runs a publicly accessible CVS
repository for access to the source code of several packages,
@@ -13904,12 +14041,10 @@ including samba, rsync and jitterbug. There are two main ways of
accessing the CVS server on this host.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2914"
->18.2.1. Access via CVSweb</A
-></H2
+NAME="AEN2989">Access via CVSweb</H3
><P
>You can access the source code via your
favourite WWW browser. This allows you to access the contents of
@@ -13925,12 +14060,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><HR><H3
CLASS="SECT2"
><A
-NAME="AEN2919"
->18.2.2. Access via cvs</A
-></H2
+NAME="AEN2994">Access via cvs</H3
><P
>You can also access the source code via a
normal cvs client. This gives you much more control over you can
@@ -14036,17 +14169,13 @@ CLASS="COMMAND"
CLASS="CHAPTER"
><HR><H1
><A
-NAME="BUGREPORT"
->Chapter 19. Reporting Bugs</A
-></H1
+NAME="BUGREPORT">Reporting Bugs</H1
><DIV
CLASS="SECT1"
-><H1
+><H2
CLASS="SECT1"
><A
-NAME="AEN2954"
->19.1. Introduction</A
-></H1
+NAME="AEN3029">Introduction</H2
><P
>The email address for bug reports is samba@samba.org</P
><P
@@ -14073,12 +14202,10 @@ at http://samba.org/samba/ </P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2961"
->19.2. General info</A
-></H1
+NAME="AEN3036">General info</H2
><P
>Before submitting a bug report check your config for silly
errors. Look in your log files for obvious messages that tell you that
@@ -14098,12 +14225,10 @@ time, and exactly what the results were.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2967"
->19.3. Debug levels</A
-></H1
+NAME="AEN3042">Debug levels</H2
><P
>If the bug has anything to do with Samba behaving incorrectly as a
server (like refusing to open a file) then the log files will probably
@@ -14177,12 +14302,10 @@ large volume of log data.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2984"
->19.4. Internal errors</A
-></H1
+NAME="AEN3059">Internal errors</H2
><P
>If you get a "INTERNAL ERROR" message in your log files it means that
Samba got an unexpected signal while running. It is probably a
@@ -14221,12 +14344,10 @@ useful. </P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2994"
->19.5. Attaching to a running process</A
-></H1
+NAME="AEN3069">Attaching to a running process</H2
><P
>Unfortunately some unixes (in particular some recent linux kernels)
refuse to dump a core file if the task has changed uid (which smbd
@@ -14238,12 +14359,10 @@ where it occurred.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><HR><H2
CLASS="SECT1"
><A
-NAME="AEN2997"
->19.6. Patches</A
-></H1
+NAME="AEN3072">Patches</H2
><P
>The best sort of bug report is one that includes a fix! If you send us
patches please use <B
@@ -14258,20 +14377,304 @@ your do the diff against a clean version of the source and let me know
exactly what version you used. </P
></DIV
></DIV
+><DIV
+CLASS="CHAPTER"
><HR><H1
><A
-NAME="AEN3002"
->Index</A
-></H1
-><DL
-><DT
->Primary Domain Controller,
- <A
-HREF="x1741.htm"
->Background</A
->
- </DT
-></DL
+NAME="GROUPMAPPING">Group mapping HOWTO</H1
+><P
+>
+Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
+current method (likely to change) to manage the groups is a new command called
+<B
+CLASS="COMMAND"
+>smbgroupedit</B
+>.</P
+><P
+>The first immediate reason to use the group mapping on a PDC, is that
+the <B
+CLASS="COMMAND"
+>domain admin group</B
+> of <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> is
+now gone. This parameter was used to give the listed users local admin rights
+on their workstations. It was some magic stuff that simply worked but didn't
+scale very well for complex setups.</P
+><P
+>Let me explain how it works on NT/W2K, to have this magic fade away.
+When installing NT/W2K on a computer, the installer program creates some users
+and groups. Notably the 'Administrators' group, and gives to that group some
+privileges like the ability to change the date and time or to kill any process
+(or close too) running on the local machine. The 'Administrator' user is a
+member of the 'Administrators' group, and thus 'inherit' the 'Administrators'
+group privileges. If a 'joe' user is created and become a member of the
+'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.</P
+><P
+>When a NT/W2K machine is joined to a domain, during that phase, the "Domain
+Administrators' group of the PDC is added to the 'Administrators' group of the
+workstation. Every members of the 'Domain Administrators' group 'inherit' the
+rights of the 'Administrators' group when logging on the workstation.</P
+><P
+>You are now wondering how to make some of your samba PDC users members of the
+'Domain Administrators' ? That's really easy.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>create a unix group (usually in <TT
+CLASS="FILENAME"
+>/etc/group</TT
+>), let's call it domadm</P
+></LI
+><LI
+><P
+>add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in <TT
+CLASS="FILENAME"
+>/etc/group</TT
+> will look like:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>domadm:x:502:joe,john,mary</PRE
+></TD
+></TR
+></TABLE
+></P
+></LI
+><LI
+><P
+>Map this domadm group to the <B
+CLASS="COMMAND"
+>domain admins</B
+> group by running the command:</P
+><P
+><B
+CLASS="COMMAND"
+>smbgroupedit -c "Domain Admins" -u domadm</B
+></P
+></LI
+></OL
+><P
+>You're set, joe, john and mary are domain administrators !</P
+><P
+>Like the Domain Admins group, you can map any arbitrary Unix group to any NT
+group. You can also make any Unix group a domain group. For example, on a domain
+member machine (an NT/W2K or a samba server running winbind), you would like to
+give access to a certain directory to some users who are member of a group on
+your samba PDC. Flag that group as a domain group by running:</P
+><P
+><B
+CLASS="COMMAND"
+>smbgroupedit -a unixgroup -td</B
+></P
+><P
+>You can list the various groups in the mapping database like this</P
+><P
+><B
+CLASS="COMMAND"
+>smbgroupedit -v</B
+></P
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="PORTABILITY">Portability</H1
+><P
+>Samba works on a wide range of platforms but the interface all the
+platforms provide is not always compatible. This chapter contains
+platform-specific information about compiling and using samba.</P
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN3119">HPUX</H2
+><P
+>HP's implementation of supplementary groups is, er, non-standard (for
+hysterical reasons). There are two group files, /etc/group and
+/etc/logingroup; the system maps UIDs to numbers using the former, but
+initgroups() reads the latter. Most system admins who know the ropes
+symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons
+too stupid to go into here). initgroups() will complain if one of the
+groups you're in in /etc/logingroup has what it considers to be an invalid
+ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think)
+60000 currently on HP-UX. This precludes -2 and 65534, the usual 'nobody'
+GIDs.</P
+><P
+>If you encounter this problem, make sure that the programs that are failing
+to initgroups() be run as users not in any groups with GIDs outside the
+allowed range.</P
+><P
+>This is documented in the HP manual pages under setgroups(2) and passwd(4).</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN3124">SCO Unix</H2
+><P
+>
+If you run an old version of SCO Unix then you may need to get important
+TCP/IP patches for Samba to work correctly. Without the patch, you may
+encounter corrupt data transfers using samba.</P
+><P
+>The patch you need is UOD385 Connection Drivers SLS. It is available from
+SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z).</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN3128">DNIX</H2
+><P
+>DNIX has a problem with seteuid() and setegid(). These routines are
+needed for Samba to work correctly, but they were left out of the DNIX
+C library for some reason.</P
+><P
+>For this reason Samba by default defines the macro NO_EID in the DNIX
+section of includes.h. This works around the problem in a limited way,
+but it is far from ideal, some things still won't work right.</P
+><P
+>
+To fix the problem properly you need to assemble the following two
+functions and then either add them to your C library or link them into
+Samba.</P
+><P
+>
+put this in the file <TT
+CLASS="FILENAME"
+>setegid.s</TT
+>:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+> .globl _setegid
+_setegid:
+ moveq #47,d0
+ movl #100,a0
+ moveq #1,d1
+ movl 4(sp),a1
+ trap #9
+ bccs 1$
+ jmp cerror
+1$:
+ clrl d0
+ rts</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>put this in the file <TT
+CLASS="FILENAME"
+>seteuid.s</TT
+>:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+> .globl _seteuid
+_seteuid:
+ moveq #47,d0
+ movl #100,a0
+ moveq #0,d1
+ movl 4(sp),a1
+ trap #9
+ bccs 1$
+ jmp cerror
+1$:
+ clrl d0
+ rts</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>after creating the above files you then assemble them using</P
+><P
+><B
+CLASS="COMMAND"
+>as seteuid.s</B
+></P
+><P
+><B
+CLASS="COMMAND"
+>as setegid.s</B
+></P
+><P
+>that should produce the files <TT
+CLASS="FILENAME"
+>seteuid.o</TT
+> and
+<TT
+CLASS="FILENAME"
+>setegid.o</TT
+></P
+><P
+>then you need to add these to the LIBSM line in the DNIX section of
+the Samba Makefile. Your LIBSM line will then look something like this:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>LIBSM = setegid.o seteuid.o -ln</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>
+You should then remove the line:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#define NO_EID</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>from the DNIX section of <TT
+CLASS="FILENAME"
+>includes.h</TT
+></P
+></DIV
+></DIV
></DIV
></BODY
></HTML
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index 7d45b174dd..cac9a70a6d 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -1,43 +1,92 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Unified Logons between Windows NT and UNIX using Winbind</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="Samba-HOWTO.html"><LINK
+REL="PREVIOUS"
+TITLE="security = domain in Samba 2.x"
+HREF="domain-security.html"><LINK
+REL="NEXT"
+TITLE="How to Configure Samba 2.2 as a Primary Domain Controller"
+HREF="samba-pdc.html"></HEAD
><BODY
-CLASS="ARTICLE"
+CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
-CLASS="ARTICLE"
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="domain-security.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="samba-pdc.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
><DIV
-CLASS="TITLEPAGE"
+CLASS="CHAPTER"
><H1
-CLASS="TITLE"
><A
-NAME="WINBIND"
->Unified Logons between Windows NT and UNIX using Winbind</A
-></H1
-><HR></DIV
+NAME="WINBIND">Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN3"
->Abstract</A
-></H1
+NAME="AEN1394">11.1. Abstract</H1
><P
>Integration of UNIX and Microsoft Windows NT through
a unified logon has been considered a "holy grail" in heterogeneous
computing environments for a long time. We present
- <I
+ <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>winbind</I
+></SPAN
>, a component of the Samba suite
of programs as a solution to the unified logon problem. Winbind
uses a UNIX implementation
@@ -49,12 +98,10 @@ CLASS="EMPHASIS"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN7"
->Introduction</A
-></H1
+NAME="AEN1398">11.2. Introduction</H1
><P
>It is well known that UNIX and Microsoft Windows NT have
different models for representing user and group information and
@@ -103,12 +150,10 @@ NAME="AEN7"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN20"
->What Winbind Provides</A
-></H1
+NAME="AEN1411">11.3. What Winbind Provides</H1
><P
>Winbind unifies UNIX and Windows NT account management by
allowing a UNIX box to become a full member of a NT domain. Once
@@ -145,12 +190,10 @@ NAME="AEN20"
location (on the domain controller).</P
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN27"
->Target Uses</A
-></H2
+NAME="AEN1418">11.3.1. Target Uses</H2
><P
>Winbind is targeted at organizations that have an
existing NT based domain infrastructure into which they wish
@@ -169,12 +212,10 @@ NAME="AEN27"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN31"
->How Winbind Works</A
-></H1
+NAME="AEN1422">11.4. How Winbind Works</H1
><P
>The winbind system is designed around a client/server
architecture. A long running <B
@@ -189,12 +230,10 @@ CLASS="COMMAND"
in detail below.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN36"
->Microsoft Remote Procedure Calls</A
-></H2
+NAME="AEN1427">11.4.1. Microsoft Remote Procedure Calls</H2
><P
>Over the last two years, efforts have been underway
by various Samba Team members to decode various aspects of
@@ -215,12 +254,10 @@ NAME="AEN36"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN40"
->Name Service Switch</A
-></H2
+NAME="AEN1431">11.4.2. Name Service Switch</H2
><P
>The Name Service Switch, or NSS, is a feature that is
present in many UNIX operating systems. It allows system
@@ -295,12 +332,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN56"
->Pluggable Authentication Modules</A
-></H2
+NAME="AEN1447">11.4.3. Pluggable Authentication Modules</H2
><P
>Pluggable Authentication Modules, also known as PAM,
is a system for abstracting authentication and authorization
@@ -344,12 +379,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN64"
->User and Group ID Allocation</A
-></H2
+NAME="AEN1455">11.4.4. User and Group ID Allocation</H2
><P
>When a user or group is created under Windows NT
is it allocated a numerical relative identifier (RID). This is
@@ -370,12 +403,10 @@ NAME="AEN64"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN68"
->Result Caching</A
-></H2
+NAME="AEN1459">11.4.5. Result Caching</H2
><P
>An active system can generate a lot of user and group
name lookups. To reduce the network cost of these lookups winbind
@@ -393,12 +424,10 @@ NAME="AEN68"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN71"
->Installation and Configuration</A
-></H1
+NAME="AEN1462">11.5. Installation and Configuration</H1
><P
>Many thanks to John Trostel <A
HREF="mailto:jtrostel@snapserver.com"
@@ -420,12 +449,10 @@ Future revisions of this document will incorporate that
information.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN78"
->Introduction</A
-></H2
+NAME="AEN1469">11.5.1. Introduction</H2
><P
>This HOWTO describes the procedures used to get winbind up and
running on my RedHat 7.1 system. Winbind is capable of providing access
@@ -441,9 +468,12 @@ somewhat to fit the way your distribution works.</P
><UL
><LI
><P
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>Why should I to this?</I
+></SPAN
>
</P
><P
@@ -455,9 +485,12 @@ CLASS="EMPHASIS"
></LI
><LI
><P
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>Who should be reading this document?</I
+></SPAN
>
</P
><P
@@ -473,29 +506,36 @@ CLASS="EMPHASIS"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN91"
->Requirements</A
-></H2
+NAME="AEN1482">11.5.2. Requirements</H2
><P
>If you have a samba configuration file that you are currently
-using... <I
+using... <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>BACK IT UP!</I
+></SPAN
> If your system already uses PAM,
-<I
+<SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>back up the <TT
CLASS="FILENAME"
>/etc/pam.d</TT
> directory
contents!</I
+></SPAN
> If you haven't already made a boot disk,
-<I
+<SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>MAKE ONE NOW!</I
+></SPAN
></P
><P
>Messing with the pam configuration files can make it nearly impossible
@@ -534,12 +574,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN105"
->Testing Things Out</A
-></H2
+NAME="AEN1496">11.5.3. Testing Things Out</H2
><P
>Before starting, it is probably best to kill off all the SAMBA
related daemons running on your server. Kill off all <B
@@ -579,12 +617,10 @@ CLASS="FILENAME"
> RPMs installed.</P
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN116"
->Configure and compile SAMBA</A
-></H3
+NAME="AEN1507">11.5.3.1. Configure and compile SAMBA</H3
><P
>The configuration and compilation of SAMBA is pretty straightforward.
The first three steps may not be necessary depending upon
@@ -645,16 +681,14 @@ It will also build the winbindd executable and libraries. </P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN135"
->Configure <TT
+NAME="AEN1526">11.5.3.2. Configure <TT
CLASS="FILENAME"
>nsswitch.conf</TT
> and the
-winbind libraries</A
-></H3
+winbind libraries</H3
><P
>The libraries needed to run the <B
CLASS="COMMAND"
@@ -750,12 +784,10 @@ and echos back a check to you.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN168"
->Configure smb.conf</A
-></H3
+NAME="AEN1559">11.5.3.3. Configure smb.conf</H3
><P
>Several parameters are needed in the smb.conf file to control
the behavior of <B
@@ -825,12 +857,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN184"
->Join the SAMBA server to the PDC domain</A
-></H3
+NAME="AEN1575">11.5.3.4. Join the SAMBA server to the PDC domain</H3
><P
>Enter the following command to make the SAMBA server join the
PDC domain, where <TT
@@ -871,12 +901,10 @@ is your DOMAIN name.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN195"
->Start up the winbindd daemon and test it!</A
-></H3
+NAME="AEN1586">11.5.3.5. Start up the winbindd daemon and test it!</H3
><P
>Eventually, you will want to modify your smb startup script to
automatically invoke the winbindd daemon when the other parts of
@@ -994,20 +1022,16 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN231"
->Fix the init.d startup scripts</A
-></H3
+NAME="AEN1622">11.5.3.6. Fix the init.d startup scripts</H3
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
-NAME="AEN233"
->Linux</A
-></H4
+NAME="AEN1624">11.5.3.6.1. Linux</H4
><P
>The <B
CLASS="COMMAND"
@@ -1098,12 +1122,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><H4
CLASS="SECT4"
><A
-NAME="AEN250"
->Solaris</A
-></H4
+NAME="AEN1641">11.5.3.6.2. Solaris</H4
><P
>On solaris, you need to modify the
<TT
@@ -1169,12 +1191,10 @@ esac</PRE
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><H4
CLASS="SECT4"
><A
-NAME="AEN257"
->Restarting</A
-></H4
+NAME="AEN1648">11.5.3.6.3. Restarting</H4
><P
>If you restart the <B
CLASS="COMMAND"
@@ -1193,12 +1213,10 @@ if you were a local user.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN263"
->Configure Winbind and PAM</A
-></H3
+NAME="AEN1654">11.5.3.7. Configure Winbind and PAM</H3
><P
>If you have made it this far, you know that winbindd and samba are working
together. If you want to use winbind to provide authentication for other
@@ -1251,12 +1269,10 @@ CLASS="COMMAND"
></P
><DIV
CLASS="SECT4"
-><HR><H4
+><H4
CLASS="SECT4"
><A
-NAME="AEN280"
->Linux/FreeBSD-specific PAM configuration</A
-></H4
+NAME="AEN1671">11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
><P
>The <TT
CLASS="FILENAME"
@@ -1380,12 +1396,10 @@ double prompts for passwords.</P
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><H4
CLASS="SECT4"
><A
-NAME="AEN313"
->Solaris-specific configuration</A
-></H4
+NAME="AEN1704">11.5.3.7.2. Solaris-specific configuration</H4
><P
>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
users can logon both locally as well as telnet.The following are the changes
@@ -1467,12 +1481,10 @@ configured in the pam.conf.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN320"
->Limitations</A
-></H1
+NAME="AEN1711">11.6. Limitations</H1
><P
>Winbind has a number of limitations in its current
released version that we hope to overcome in future
@@ -1508,12 +1520,10 @@ NAME="AEN320"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN330"
->Conclusion</A
-></H1
+NAME="AEN1721">11.7. Conclusion</H1
><P
>The winbind system, through the use of the Name Service
Switch, Pluggable Authentication Modules, and appropriate
@@ -1523,6 +1533,64 @@ NAME="AEN330"
cost of running a mixed UNIX and NT network.</P
></DIV
></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="domain-security.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="Samba-HOWTO.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="samba-pdc.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>security = domain in Samba 2.x</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+> </TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>How to Configure Samba 2.2 as a Primary Domain Controller</TD
+></TR
+></TABLE
+></DIV
></BODY
></HTML
>
\ No newline at end of file
--
cgit