Date: Fri, 4 Oct 2002 16:36:40 +0000 Subject: Convert GOTCHAS to SGML (This used to be commit c48207ef0e219680d4e4102256c76189aaf73ebc) --- docs/htmldocs/bugreport.html | 35 ++++++--- docs/htmldocs/cvs-access.html | 27 ++++--- docs/htmldocs/diagnosis.html | 83 +++++++++++++++------ docs/htmldocs/domain-security.html | 23 ++++-- docs/htmldocs/groupmapping.html | 11 +-- docs/htmldocs/improved-browsing.html | 69 +++++++++++------ docs/htmldocs/install.html | 89 +++++++++++++++------- docs/htmldocs/integrate-ms-networks.html | 91 ++++++++++++++++------- docs/htmldocs/msdfs.html | 19 +++-- docs/htmldocs/other-clients.html | 63 +++++++++++----- docs/htmldocs/pam.html | 23 ++++-- docs/htmldocs/portability.html | 47 ++++++++++-- docs/htmldocs/printing.html | 71 ++++++++++++------ docs/htmldocs/printingdebug.html | 47 ++++++++---- docs/htmldocs/samba-bdc.html | 43 +++++++---- docs/htmldocs/samba-ldap-howto.html | 69 +++++++++++------ docs/htmldocs/securitylevels.html | 19 +++-- docs/htmldocs/speed.html | 91 ++++++++++++++++------- docs/htmldocs/unix-permissions.html | 47 ++++++++---- docs/htmldocs/winbind.html | 123 ++++++++++++++++++++++--------- 20 files changed, 772 insertions(+), 318 deletions(-) (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/bugreport.html b/docs/htmldocs/bugreport.html index cfe9ac01c6..53f34c9f0a 100644 --- a/docs/htmldocs/bugreport.html +++ b/docs/htmldocs/bugreport.html @@ -5,11 +5,10 @@ >Reporting Bugs

Chapter 19. Reporting Bugs

Chapter 20. Reporting Bugs

19.1. Introduction

20.1. Introduction

The email address for bug reports is samba@samba.org

19.2. General info

20.2. General info

Before submitting a bug report check your config for silly errors. Look in your log files for obvious messages that tell you that @@ -129,7 +134,9 @@ CLASS="SECT1" >

19.3. Debug levels

20.3. Debug levels

If the bug has anything to do with Samba behaving incorrectly as a server (like refusing to open a file) then the log files will probably @@ -197,7 +204,9 @@ CLASS="SECT1" >

19.4. Internal errors

20.4. Internal errors

If you get a "INTERNAL ERROR" message in your log files it means that Samba got an unexpected signal while running. It is probably a @@ -239,7 +248,9 @@ CLASS="SECT1" >

19.5. Attaching to a running process

20.5. Attaching to a running process

Unfortunately some unixes (in particular some recent linux kernels) refuse to dump a core file if the task has changed uid (which smbd @@ -254,7 +265,9 @@ CLASS="SECT1" >

19.6. Patches

20.6. Patches

The best sort of bug report is one that includes a fix! If you send us patches please use HomeHOWTO Access Samba source code via CVS

Chapter 18. HOWTO Access Samba source code via CVS

Chapter 19. HOWTO Access Samba source code via CVS
18.1. Introduction
19.1. Introduction
Samba is developed in an open environment. Developers use CVS (Concurrent Versioning System) to "checkin" (also known as @@ -96,7 +99,9 @@ CLASS="SECT1" >
18.2. CVS Access to samba.org
19.2. CVS Access to samba.org
The machine samba.org runs a publicly accessible CVS repository for access to the source code of several packages, @@ -107,7 +112,9 @@ CLASS="SECT2" >
18.2.1. Access via CVSweb
19.2.1. Access via CVSweb
You can access the source code via your favourite WWW browser. This allows you to access the contents of @@ -126,7 +133,9 @@ CLASS="SECT2" >
18.2.2. Access via cvs
19.2.2. Access via cvs
You can also access the source code via a normal cvs client. This gives you much more control over you can @@ -253,7 +262,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeDiagnosing your samba server
Chapter 2. Diagnosing your samba server
Chapter 2. Diagnosing your samba server
2.1. Introduction
2.1. Introduction
This file contains a list of tests you can perform to validate your Samba server. It also tells you what the likely cause of the problem @@ -96,7 +99,9 @@ CLASS="SECT1" >
2.2. Assumptions
2.2. Assumptions
In all of the tests I assume you have a Samba server called BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the @@ -135,13 +140,17 @@ CLASS="SECT1" >
2.3. Tests
2.3. Tests
2.3.1. Test 1
2.3.1. Test 1
In the directory in which you store your smb.conf file, run the command "testparm smb.conf". If it reports any errors then your smb.conf @@ -161,7 +170,9 @@ CLASS="SECT2" >
2.3.2. Test 2
2.3.2. Test 2
Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from the unix box. If you don't get a valid response then your TCP/IP @@ -185,7 +196,9 @@ CLASS="SECT2" >
2.3.3. Test 3
2.3.3. Test 3
Run the command "smbclient -L BIGSERVER" on the unix box. You should get a list of available shares back.
2.3.4. Test 4
2.3.4. Test 4
Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the IP address of your Samba server back.
2.3.5. Test 5
2.3.5. Test 5
run the command
2.3.6. Test 6
2.3.6. Test 6
Run the command
2.3.7. Test 7
2.3.7. Test 7
Run the command
2.3.8. Test 8
2.3.8. Test 8
On the PC type the command
2.3.9. Test 9
2.3.9. Test 9
Run the command
It might also be the case that your client only sends encrypted passwords +and you have encrypt passwords = no in smb.conf. +Turn it back on to fix.
2.3.10. Test 10
2.3.10. Test 10
Run the command
2.3.11. Test 11
2.3.11. Test 11
From file manager try to browse the server. Your samba server should appear in the browse list of your local workgroup (or the one you @@ -541,7 +580,9 @@ CLASS="SECT1" >
2.4. Still having troubles?
2.4. Still having troubles?
Try the mailing list or newsgroup, or use the ethereal utility to sniff the problem. The official samba mailing list can be reached at @@ -586,7 +627,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >Homesecurity = domain in Samba 2.x
Chapter 10. security = domain in Samba 2.x
Chapter 10. security = domain in Samba 2.x
10.1. Joining an NT Domain with Samba 2.2
10.1. Joining an NT Domain with Samba 2.2
Assume you have a Samba 2.x server with a NetBIOS name of
10.2. Samba and Windows 2000 Domains
10.2. Samba and Windows 2000 DomainsMany people have asked regarding the state of Samba's ability to participate in a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows @@ -328,7 +333,9 @@ CLASS="SECT1" > 10.3. Why is this better than security = server? 10.3. Why is this better than security = server?Currently, domain security in Samba doesn't free you from having to create local Unix users to represent the users attaching @@ -437,7 +444,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeGroup mapping HOWTO
Chapter 20. Group mapping HOWTO
Chapter 21. Group mapping HOWTO Starting with Samba 3.0 alpha 2, a new group mapping function is available. The @@ -190,7 +191,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeImproved browsing in sambaPrev
Chapter 15. Improved browsing in samba
Chapter 16. Improved browsing in samba15.1. Overview of browsing 16.1. Overview of browsingSMB networking provides a mechanism by which clients can access a list of machines in a network, a so-called "browse list". This list @@ -98,7 +101,9 @@ CLASS="SECT1" > 15.2. Browsing support in samba 16.2. Browsing support in sambaSamba now fully supports browsing. The browsing is supported by nmbd and is also controlled by options in the smb.conf file (see smb.conf(5)). 15.3. Problem resolution 16.3. Problem resolutionIf something doesn't work then hopefully the log.nmb file will help you track down the problem. Try a debug level of 2 or 3 for finding @@ -173,7 +180,9 @@ CLASS="SECT1" > 15.4. Browsing across subnets 16.4. Browsing across subnetsWith the release of Samba 1.9.17(alpha1 and above) Samba has been updated to enable it to support the replication of browse lists @@ -202,7 +211,9 @@ CLASS="SECT2" > 15.4.1. How does cross subnet browsing work ? 16.4.1. How does cross subnet browsing work ?Cross subnet browsing is a complicated dance, containing multiple moving parts. It has taken Microsoft several years to get the code @@ -412,7 +423,9 @@ CLASS="SECT1" > 15.5. Setting up a WINS server 16.5. Setting up a WINS serverEither a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must @@ -493,7 +506,9 @@ CLASS="SECT1" > 15.6. Setting up Browsing in a WORKGROUP 16.6. Setting up Browsing in a WORKGROUPTo set up cross subnet browsing on a network containing machines in up to be in a WORKGROUP, not an NT Domain you need to set up one @@ -575,7 +590,9 @@ CLASS="SECT1" > 15.7. Setting up Browsing in a DOMAIN 16.7. Setting up Browsing in a DOMAINIf you are adding Samba servers to a Windows NT Domain then you must not set up a Samba server as a domain master browser. @@ -624,7 +641,9 @@ CLASS="SECT1" > 15.8. Forcing samba to be the master 16.8. Forcing samba to be the masterWho becomes the "master browser" is determined by an election process using broadcasts. Each election packet contains a number of parameters @@ -670,7 +689,9 @@ CLASS="SECT1" > 15.9. Making samba the domain master 16.9. Making samba the domain masterThe domain master is responsible for collating the browse lists of multiple subnets so that browsing can occur between subnets. You can @@ -741,7 +762,9 @@ CLASS="SECT1" > 15.10. Note about broadcast addresses 16.10. Note about broadcast addressesIf your network uses a "0" based broadcast address (for example if it ends in a 0) then you will strike problems. Windows for Workgroups @@ -753,7 +776,9 @@ CLASS="SECT1" > 15.11. Multiple interfaces 16.11. Multiple interfacesSamba now supports machines with multiple network interfaces. If you have multiple interfaces then you will need to use the "interfaces" @@ -776,7 +801,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevHomeStoring Samba's User/Machine Account information in an LDAP DirectoryUsing samba 3.0 with ActiveDirectory supportHow to Install and Test SAMBAPrev Chapter 1. How to Install and Test SAMBA Chapter 1. How to Install and Test SAMBA1.1. Step 0: Read the man pages 1.1. Step 0: Read the man pagesThe man pages distributed with SAMBA contain lots of useful info that will help to get you started. @@ -106,7 +109,9 @@ CLASS="SECT1" > 1.2. Step 1: Building the Binaries 1.2. Step 1: Building the BinariesTo do this, first run the program 1.3. Step 2: The all important step 1.3. Step 2: The all important stepAt this stage you must fetch yourself a coffee or other drink you find stimulating. Getting the rest @@ -218,7 +225,9 @@ CLASS="SECT1" > 1.4. Step 3: Create the smb configuration file. 1.4. Step 3: Create the smb configuration file.There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them @@ -272,7 +281,9 @@ CLASS="SECT1" > 1.5. Step 4: Test your config file with +NAME="AEN74" +>1.5. Step 4: Test your config file with testparm 1.6. Step 5: Starting the smbd and nmbd 1.6. Step 5: Starting the smbd and nmbdYou must choose to start smbd and nmbd either as daemons or from 1.6.1. Step 5a: Starting from inetd.conf 1.6.1. Step 5a: Starting from inetd.confNOTE; The following will be different if you use NIS or NIS+ to distributed services maps. 1.6.2. Step 5b. Alternative: starting it as a daemon 1.6.2. Step 5b. Alternative: starting it as a daemonTo start the server as a daemon you should create a script something like this one, perhaps calling @@ -489,7 +506,9 @@ CLASS="SECT1" > 1.7. Step 6: Try listing the shares available on your +NAME="AEN135" +>1.7. Step 6: Try listing the shares available on your server 1.8. Step 7: Try connecting with the unix client 1.8. Step 7: Try connecting with the unix client 1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, +NAME="AEN160" +>1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client Try mounting disks. eg: 1.10. What If Things Don't Work? 1.10. What If Things Don't Work?If nothing works and you start to think "who wrote this pile of trash" then I suggest you do step 2 again (and @@ -657,7 +682,9 @@ CLASS="SECT2" > 1.10.1. Diagnosing Problems 1.10.1. Diagnosing ProblemsIf you have installation problems then go to 1.10.2. Scope IDs 1.10.2. Scope IDsBy default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. @@ -685,7 +714,9 @@ CLASS="SECT2" > 1.10.3. Choosing the Protocol Level 1.10.3. Choosing the Protocol LevelThe SMB protocol has many dialects. Currently Samba supports 5, called CORE, COREPLUS, LANMAN1, @@ -724,7 +755,9 @@ CLASS="SECT2" > 1.10.4. Printing from UNIX to a Client PC 1.10.4. Printing from UNIX to a Client PCTo use a printer that is available via a smb-based server from a unix host with LPR you will need to compile the @@ -743,7 +776,9 @@ CLASS="SECT2" > 1.10.5. Locking 1.10.5. LockingOne area which sometimes causes trouble is locking. 1.10.6. Mapping Usernames 1.10.6. Mapping UsernamesIf you have different usernames on the PCs and the unix server then take a look at the "username map" option. @@ -825,7 +862,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevHomeIntegrating MS Windows networks with Samba Chapter 3. Integrating MS Windows networks with Samba Chapter 3. Integrating MS Windows networks with Samba3.1. Agenda 3.1. AgendaTo identify the key functional mechanisms of MS Windows networking to enable the deployment of Samba as a means of extending and/or @@ -142,7 +145,9 @@ CLASS="SECT1" > 3.2. Name Resolution in a pure Unix/Linux world 3.2. Name Resolution in a pure Unix/Linux worldThe key configuration files covered in this section are: 3.2.1. 3.2.1. /etc/hosts 3.2.2. 3.2.2. /etc/resolv.conf 3.2.3. 3.2.3. /etc/host.conf 3.2.4. 3.2.4. /etc/nsswitch.conf 3.3. Name resolution as used within MS Windows networking 3.3. Name resolution as used within MS Windows networkingMS Windows networking is predicated about the name each machine is given. This name is known variously (and inconsistently) as @@ -474,7 +489,9 @@ CLASS="SECT2" > 3.3.1. The NetBIOS Name Cache 3.3.1. The NetBIOS Name CacheAll MS Windows machines employ an in memory buffer in which is stored the NetBIOS names and IP addresses for all external @@ -499,7 +516,9 @@ CLASS="SECT2" > 3.3.2. The LMHOSTS file 3.3.2. The LMHOSTS fileThis file is usually located in MS Windows NT 4.0 or 2000 in 3.3.3. HOSTS file 3.3.3. HOSTS fileThis file is usually located in MS Windows NT 4.0 or 2000 in 3.3.4. DNS Lookup 3.3.4. DNS LookupThis capability is configured in the TCP/IP setup area in the network configuration facility. If enabled an elaborate name resolution sequence @@ -638,7 +661,9 @@ CLASS="SECT2" > 3.3.5. WINS Lookup 3.3.5. WINS LookupA WINS (Windows Internet Name Server) service is the equivaent of the rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores @@ -679,7 +704,9 @@ CLASS="SECT1" > 3.4. How browsing functions and how to deploy stable and +NAME="AEN495" +>3.4. How browsing functions and how to deploy stable and dependable browsing using Samba As stated above, MS Windows machines register their NetBIOS names @@ -744,7 +771,9 @@ CLASS="SECT1" > 3.5. MS Windows security options and how to configure +NAME="AEN505" +>3.5. MS Windows security options and how to configure Samba for seemless integration MS Windows clients may use encrypted passwords as part of a @@ -879,7 +908,9 @@ CLASS="SECT2" > 3.5.1. Use MS Windows NT as an authentication server 3.5.1. Use MS Windows NT as an authentication serverThis method involves the additions of the following parameters in the smb.conf file: 3.5.2. Make Samba a member of an MS Windows NT security domain 3.5.2. Make Samba a member of an MS Windows NT security domainThis method involves additon of the following paramters in the smb.conf file: 3.5.3. Configure Samba as an authentication server 3.5.3. Configure Samba as an authentication serverThis mode of authentication demands that there be on the Unix/Linux system both a Unix style account as well as an @@ -1009,7 +1044,9 @@ CLASS="SECT3" > 3.5.3.1. Users 3.5.3.1. UsersA user account that may provide a home directory should be created. The following Linux system commands are typical of @@ -1030,7 +1067,9 @@ CLASS="SECT3" > 3.5.3.2. MS Windows NT Machine Accounts 3.5.3.2. MS Windows NT Machine AccountsThese are required only when Samba is used as a domain controller. Refer to the Samba-PDC-HOWTO for more details. 3.6. Conclusions 3.6. ConclusionsSamba provides a flexible means to operate as... HomeHosting a Microsoft Distributed File System tree on Samba Chapter 5. Hosting a Microsoft Distributed File System tree on Samba Chapter 5. Hosting a Microsoft Distributed File System tree on Samba5.1. Instructions 5.1. InstructionsThe Distributed File System (or Dfs) provides a means of separating the logical view of files and directories that users @@ -223,7 +226,9 @@ CLASS="SECT2" > 5.1.1. Notes 5.1.1. Notes HomeSamba and other CIFS clients Chapter 17. Samba and other CIFS clients Chapter 18. Samba and other CIFS clientsThis chapter contains client-specific information. 17.1. Macintosh clients? 18.1. Macintosh clients?Yes. 17.2. OS2 Client 18.2. OS2 Client17.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN2964" +>18.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba? A more complete answer to this question can be @@ -185,7 +192,9 @@ CLASS="SECT2" > 17.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN2979" +>18.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba? You can use the free Microsoft LAN Manager 2.2c Client @@ -227,7 +236,9 @@ CLASS="SECT2" > 17.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN2988" +>18.2.3. Are there any other issues when OS/2 (any version) is used as a client? When you do a NET VIEW or use the "File and Print @@ -247,7 +258,9 @@ CLASS="SECT2" > 17.2.4. How do I get printer driver download working +NAME="AEN2992" +>18.2.4. How do I get printer driver download working for OS/2 clients? First, create a share called [PRINTDRV] that is @@ -296,13 +309,17 @@ CLASS="SECT1" > 17.3. Windows for Workgroups 18.3. Windows for Workgroups17.3.1. Use latest TCP/IP stack from Microsoft 18.3.1. Use latest TCP/IP stack from MicrosoftUse the latest TCP/IP stack from microsoft if you use Windows for workgroups. 17.3.2. Delete .pwl files after password change 18.3.2. Delete .pwl files after password changeWfWg does a lousy job with passwords. I find that if I change my password on either the unix box or the PC the safest thing to do is to @@ -340,7 +359,9 @@ CLASS="SECT2" > 17.3.3. Configure WfW password handling 18.3.3. Configure WfW password handlingThere is a program call admincfg.exe on the last disk (disk 8) of the WFW 3.11 disk set. To install it @@ -357,7 +378,9 @@ CLASS="SECT2" > 17.3.4. Case handling of passwords 18.3.4. Case handling of passwordsWindows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the 17.4. Windows '95/'98 18.4. Windows '95/'98When using Windows 95 OEM SR2 the following updates are recommended where Samba is being used. Please NOTE that the above change will affect you once these @@ -420,7 +445,9 @@ CLASS="SECT1" > 17.5. Windows 2000 Service Pack 2 18.5. Windows 2000 Service Pack 2 There are several annoyances with Windows 2000 SP2. One of which @@ -521,7 +548,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >Home Chapter 4. Configuring PAM for distributed but centrally +NAME="PAM" +>Chapter 4. Configuring PAM for distributed but centrally managed authentication 4.1. Samba and PAM 4.1. Samba and PAMA number of Unix systems (eg: Sun Solaris), as well as the xxxxBSD family and Linux, now utilize the Pluggable Authentication @@ -290,7 +293,9 @@ CLASS="SECT1" > 4.2. Distributed Authentication 4.2. Distributed AuthenticationThe astute administrator will realize from this that the combination of 4.3. PAM Configuration in smb.conf 4.3. PAM Configuration in smb.confThere is an option in smb.conf called HomePortability Chapter 21. Portability Chapter 22. PortabilitySamba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -73,7 +74,9 @@ CLASS="SECT1" > 21.1. HPUX 22.1. HPUXHP's implementation of supplementary groups is, er, non-standard (for hysterical reasons). There are two group files, /etc/group and @@ -97,7 +100,9 @@ CLASS="SECT1" > 21.2. SCO Unix 22.2. SCO Unix If you run an old version of SCO Unix then you may need to get important @@ -112,7 +117,9 @@ CLASS="SECT1" > 21.3. DNIX 22.3. DNIXDNIX has a problem with seteuid() and setegid(). These routines are needed for Samba to work correctly, but they were left out of the DNIX @@ -212,6 +219,30 @@ CLASS="FILENAME" >includes.h 22.4. RedHat Linux Rembrandt-II By default RedHat Rembrandt-II during installation adds an +entry to /etc/hosts as follows: + 127.0.0.1 loopback "hostname"."domainname" This causes Samba to loop back onto the loopback interface. +The result is that Samba fails to communicate correctly with +the world and therefor may fail to correctly negotiate who +is the master browse list holder and who is the master browser. Corrective Action: Delete the entry after the word loopback + in the line starting 127.0.0.1 HomePrinting Support in Samba 2.2.x Chapter 7. Printing Support in Samba 2.2.x Chapter 7. Printing Support in Samba 2.2.x7.1. Introduction 7.1. IntroductionBeginning with the 2.2.0 release, Samba supports the native Windows NT printing mechanisms implemented via @@ -162,7 +165,9 @@ CLASS="SECT1" > 7.2. Configuration 7.2. Configuration 7.2.1. Creating [print$] 7.2.1. Creating [print$]In order to support the uploading of printer driver files, you must first configure a file share named [print$]. @@ -319,7 +326,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" > 7.2.2. Setting Drivers for Existing Printers 7.2.2. Setting Drivers for Existing PrintersThe initial listing of printers in the Samba host's Printers folder will have no real printer driver assigned @@ -539,7 +548,9 @@ CLASS="SECT2" > 7.2.3. Support a large number of printers 7.2.3. Support a large number of printersOne issue that has arisen during the development phase of Samba 2.2 is the need to support driver downloads for @@ -603,7 +614,9 @@ CLASS="SECT2" > 7.2.4. Adding New Printers via the Windows NT APW 7.2.4. Adding New Printers via the Windows NT APWBy default, Samba offers all printer shares defined in 7.2.5. Samba and Printer Ports 7.2.5. Samba and Printer PortsWindows NT/2000 print servers associate a port with each printer. These normally take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the @@ -805,7 +820,9 @@ CLASS="SECT1" > 7.3. The Imprints Toolset 7.3. The Imprints ToolsetThe Imprints tool set provides a UNIX equivalent of the Windows NT Add Printer Wizard. For complete information, please @@ -821,7 +838,9 @@ CLASS="SECT2" > 7.3.1. What is Imprints? 7.3.1. What is Imprints?Imprints is a collection of tools for supporting the goals of 7.3.2. Creating Printer Driver Packages 7.3.2. Creating Printer Driver PackagesThe process of creating printer driver packages is beyond the scope of this document (refer to Imprints.txt also included @@ -865,7 +886,9 @@ CLASS="SECT2" > 7.3.3. The Imprints server 7.3.3. The Imprints serverThe Imprints server is really a database server that may be queried via standard HTTP mechanisms. Each printer @@ -887,7 +910,9 @@ CLASS="SECT2" > 7.3.4. The Installation Client 7.3.4. The Installation ClientMore information regarding the Imprints installation client is available in the 7.4. 7.4. Migration to from Samba 2.0.x to 2.2.x HomeDebugging Printing Problems Chapter 8. Debugging Printing Problems Chapter 8. Debugging Printing Problems8.1. Introduction 8.1. IntroductionThis is a short description of how to debug printing problems with Samba. This describes how to debug problems with printing from a SMB @@ -149,7 +152,9 @@ CLASS="SECT1" > 8.2. Debugging printer problems 8.2. Debugging printer problemsOne way to debug printing problems is to start by replacing these command with shell scripts that record the arguments and the contents @@ -204,7 +209,9 @@ CLASS="SECT1" > 8.3. What printers do I have? 8.3. What printers do I have?You can use the 'testprns' program to check to see if the printer name you are using is recognized by Samba. For example, you can @@ -231,7 +238,9 @@ CLASS="SECT1" > 8.4. Setting up printcap and print servers 8.4. Setting up printcap and print serversYou may need to set up some printcaps for your Samba system to use. It is strongly recommended that you use the facilities provided by @@ -313,7 +322,9 @@ CLASS="SECT1" > 8.5. Job sent, no output 8.5. Job sent, no outputThis is the most frustrating part of printing. You may have sent the job, verified that the job was forwarded, set up a wrapper around @@ -356,7 +367,9 @@ CLASS="SECT1" > 8.6. Job sent, strange output 8.6. Job sent, strange outputOnce you have the job printing, you can then start worrying about making it print nicely. 8.7. Raw PostScript printed 8.7. Raw PostScript printedThis is a problem that is usually caused by either the print spooling system putting information at the start of the print job that makes @@ -413,7 +428,9 @@ CLASS="SECT1" > 8.8. Advanced Printing 8.8. Advanced PrintingNote that you can do some pretty magic things by using your imagination with the "print command" option and some shell scripts. @@ -427,7 +444,9 @@ CLASS="SECT1" > 8.9. Real debugging 8.9. Real debuggingIf the above debug tips don't help, then maybe you need to bring in the bug guns, system tracing. See Tracing.txt in this directory. HomeHow to Act as a Backup Domain Controller in a Purely Samba Controlled Domain Chapter 13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain Chapter 13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain13.1. Prerequisite Reading 13.1. Prerequisite ReadingBefore you continue reading in this chapter, please make sure that you are comfortable with configuring a Samba PDC @@ -91,7 +94,9 @@ CLASS="SECT1" > 13.2. Background 13.2. BackgroundWhat is a Domain Controller? It is a machine that is able to answer logon requests from workstations in a Windows NT Domain. Whenever a @@ -134,7 +139,9 @@ CLASS="SECT1" > 13.3. What qualifies a Domain Controller on the network? 13.3. What qualifies a Domain Controller on the network?Every machine that is a Domain Controller for the domain SAMBA has to register the NetBIOS group name SAMBA#1c with the WINS server and/or @@ -149,7 +156,9 @@ CLASS="SECT2" > 13.3.1. How does a Workstation find its domain controller? 13.3.1. How does a Workstation find its domain controller?A NT workstation in the domain SAMBA that wants a local user to be authenticated has to find the domain controller for SAMBA. It does @@ -166,7 +175,9 @@ CLASS="SECT2" > 13.3.2. When is the PDC needed? 13.3.2. When is the PDC needed?Whenever a user wants to change his password, this has to be done on the PDC. To find the PDC, the workstation does a NetBIOS name query @@ -180,7 +191,9 @@ CLASS="SECT1" > 13.4. Can Samba be a Backup Domain Controller? 13.4. Can Samba be a Backup Domain Controller?With version 2.2, no. The native NT SAM replication protocols have not yet been fully implemented. The Samba Team is working on @@ -197,7 +210,9 @@ CLASS="SECT1" > 13.5. How do I set up a Samba BDC? 13.5. How do I set up a Samba BDC?Several things have to be done: 13.5.1. How do I replicate the smbpasswd file? 13.5.1. How do I replicate the smbpasswd file?Replication of the smbpasswd file is sensitive. It has to be done whenever changes to the SAM are made. Every user's password change is @@ -303,7 +320,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeStoring Samba's User/Machine Account information in an LDAP DirectoryNext Chapter 14. Storing Samba's User/Machine Account information in an LDAP Directory Chapter 14. Storing Samba's User/Machine Account information in an LDAP Directory14.1. Purpose 14.1. PurposeThis document describes how to use an LDAP directory for storing Samba user account information traditionally stored in the smbpasswd(5) file. It is @@ -142,7 +145,9 @@ CLASS="SECT1" > 14.2. Introduction 14.2. IntroductionTraditionally, when configuring 14.3. Supported LDAP Servers 14.3. Supported LDAP ServersThe LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP 2.0 server and client libraries. The same code should be able to work with @@ -280,7 +287,9 @@ CLASS="SECT1" > 14.4. Schema and Relationship to the RFC 2307 posixAccount 14.4. Schema and Relationship to the RFC 2307 posixAccountSamba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in 14.5. Configuring Samba with LDAP 14.5. Configuring Samba with LDAP14.5.1. OpenLDAP configuration 14.5.1. OpenLDAP configurationTo include support for the sambaAccount object in an OpenLDAP directory server, first copy the samba.schema file to slapd's configuration directory. 14.5.2. Configuring Samba 14.5.2. Configuring SambaThe following parameters are available in smb.conf only with 14.6. Accounts and Groups management 14.6. Accounts and Groups managementAs users accounts are managed thru the sambaAccount objectclass, you should modify you existing administration tools to deal with sambaAccount attributes. 14.7. Security and sambaAccount 14.7. Security and sambaAccountThere are two important points to remember when discussing the security of sambaAccount entries in the directory. 14.8. LDAP specials attributes for sambaAccounts 14.8. LDAP specials attributes for sambaAccountsThe sambaAccount objectclass is composed of the following attributes: 14.9. Example LDIF Entries for a sambaAccount 14.9. Example LDIF Entries for a sambaAccountThe following is a working LDIF with the inclusion of the posixAccount objectclass: 14.10. Comments 14.10. CommentsPlease mail all comments regarding this HOWTO to HomeNextImproved browsing in sambaUsing samba 3.0 with ActiveDirectory support Security levels Chapter 9. Security levels Chapter 9. Security levels9.1. Introduction 9.1. IntroductionSamba supports the following options to the global smb.conf parameter 9.2. More complete description of security levels 9.2. More complete description of security levelsA SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which @@ -233,7 +238,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeSamba performance issues Chapter 16. Samba performance issues Chapter 17. Samba performance issues16.1. Comparisons 17.1. ComparisonsThe Samba server uses TCP to talk to the client. Thus if you are trying to see if it performs well you should really compare it to @@ -105,13 +108,17 @@ CLASS="SECT1" > 16.2. Oplocks 17.2. Oplocks16.2.1. Overview 17.2.1. OverviewOplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock @@ -145,7 +152,9 @@ CLASS="SECT2" > 16.2.2. Level2 Oplocks 17.2.2. Level2 OplocksWith Samba 2.0.5 a new capability - level2 (read only) oplocks is supported (although the option is off by default - see the smb.conf @@ -167,7 +176,9 @@ CLASS="SECT2" > 16.2.3. Old 'fake oplocks' option - deprecated 17.2.3. Old 'fake oplocks' option - deprecatedSamba can also fake oplocks, by granting a oplock whenever a client asks for one. This is controlled using the smb.conf option "fake @@ -186,7 +197,9 @@ CLASS="SECT1" > 16.3. Socket options 17.3. Socket optionsThere are a number of socket options that can greatly affect the performance of a TCP based server like Samba. 16.4. Read size 17.4. Read sizeThe option "read size" affects the overlap of disk reads/writes with network reads/writes. If the amount of data being transferred in @@ -236,7 +251,9 @@ CLASS="SECT1" > 16.5. Max xmit 17.5. Max xmitAt startup the client and server negotiate a "maximum transmit" size, which limits the size of nearly all SMB commands. You can set the @@ -257,7 +274,9 @@ CLASS="SECT1" > 16.6. Locking 17.6. LockingBy default Samba does not implement strict locking on each read/write call (although it did in previous versions). If you enable strict @@ -272,7 +291,9 @@ CLASS="SECT1" > 16.7. Share modes 17.7. Share modesSome people find that opening files is very slow. This is often because of the "share modes" code needed to fully implement the dos @@ -300,7 +321,9 @@ CLASS="SECT1" > 16.8. Log level 17.8. Log levelIf you set the log level (also known as "debug level") higher than 2 then you may suffer a large drop in performance. This is because the @@ -312,7 +335,9 @@ CLASS="SECT1" > 16.9. Wide lines 17.9. Wide linesThe "wide links" option is now enabled by default, but if you disable it (for better security) then you may suffer a performance hit in @@ -324,7 +349,9 @@ CLASS="SECT1" > 16.10. Read raw 17.10. Read rawThe "read raw" operation is designed to be an optimised, low-latency file read operation. A server may choose to not support it, @@ -344,7 +371,9 @@ CLASS="SECT1" > 16.11. Write raw 17.11. Write rawThe "write raw" operation is designed to be an optimised, low-latency file write operation. A server may choose to not support it, @@ -359,7 +388,9 @@ CLASS="SECT1" > 16.12. Read prediction 17.12. Read predictionSamba can do read prediction on some of the SMB commands. Read prediction means that Samba reads some extra data on the last file it @@ -383,7 +414,9 @@ CLASS="SECT1" > 16.13. Memory mapping 17.13. Memory mappingSamba supports reading files via memory mapping them. One some machines this can give a large boost to performance, on others it @@ -402,7 +435,9 @@ CLASS="SECT1" > 16.14. Slow Clients 17.14. Slow ClientsOne person has reported that setting the protocol to COREPLUS rather than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s). 16.15. Slow Logins 17.15. Slow LoginsSlow logins are almost always due to the password checking time. Using the lowest practical "password level" will improve things a lot. You @@ -428,7 +465,9 @@ CLASS="SECT1" > 16.16. Client tuning 17.16. Client tuningOften a speed problem can be traced to the client. The client (for example Windows for Workgroups) can often be tuned for better TCP @@ -530,7 +569,9 @@ CLASS="SECT1" > 16.17. My Results 17.17. My ResultsSome people want to see real numbers in a document like this, so here they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b @@ -578,7 +619,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeUNIX Permission Bits and Windows NT Access Control Lists Chapter 6. UNIX Permission Bits and Windows NT Access Control Lists Chapter 6. UNIX Permission Bits and Windows NT Access Control Lists6.1. Viewing and changing UNIX permissions using the NT +NAME="AEN722" +>6.1. Viewing and changing UNIX permissions using the NT security dialogs New in the Samba 2.0.4 release is the ability for Windows @@ -113,7 +116,9 @@ CLASS="SECT1" > 6.2. How to view file security on a Samba share 6.2. How to view file security on a Samba shareFrom an NT 4.0 client, single-click with the right mouse button on any file or directory in a Samba mounted @@ -181,7 +186,9 @@ CLASS="SECT1" > 6.3. Viewing file ownership 6.3. Viewing file ownershipClicking on the 6.4. Viewing file or directory permissions 6.4. Viewing file or directory permissionsThe third button is the 6.4.1. File Permissions 6.4.1. File PermissionsThe standard UNIX user/group/world triple and the corresponding "read", "write", "execute" permissions @@ -393,7 +404,9 @@ CLASS="SECT2" > 6.4.2. Directory Permissions 6.4.2. Directory PermissionsDirectories on an NT NTFS file system have two different sets of permissions. The first set of permissions @@ -423,7 +436,9 @@ CLASS="SECT1" > 6.5. Modifying file or directory permissions 6.5. Modifying file or directory permissionsModifying file and directory permissions is as simple as changing the displayed permissions in the dialog box, and @@ -519,7 +534,9 @@ CLASS="SECT1" > 6.6. Interaction with the standard Samba create mask +NAME="AEN820" +>6.6. Interaction with the standard Samba create mask parameters Note that with Samba 2.0.5 there are four new parameters @@ -794,7 +811,9 @@ CLASS="SECT1" > 6.7. Interaction with the standard Samba file attribute +NAME="AEN884" +>6.7. Interaction with the standard Samba file attribute mapping Samba maps some of the DOS attribute bits (such as "read @@ -860,7 +879,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeUnified Logons between Windows NT and UNIX using Winbind Chapter 11. Unified Logons between Windows NT and UNIX using Winbind Chapter 11. Unified Logons between Windows NT and UNIX using Winbind11.1. Abstract 11.1. AbstractIntegration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous @@ -101,7 +104,9 @@ CLASS="SECT1" > 11.2. Introduction 11.2. IntroductionIt is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and @@ -153,7 +158,9 @@ CLASS="SECT1" > 11.3. What Winbind Provides 11.3. What Winbind ProvidesWinbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once @@ -193,7 +200,9 @@ CLASS="SECT2" > 11.3.1. Target Uses 11.3.1. Target UsesWinbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish @@ -215,7 +224,9 @@ CLASS="SECT1" > 11.4. How Winbind Works 11.4. How Winbind WorksThe winbind system is designed around a client/server architecture. A long running 11.4.1. Microsoft Remote Procedure Calls 11.4.1. Microsoft Remote Procedure CallsOver the last two years, efforts have been underway by various Samba Team members to decode various aspects of @@ -257,7 +270,9 @@ CLASS="SECT2" > 11.4.2. Name Service Switch 11.4.2. Name Service SwitchThe Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system @@ -335,7 +350,9 @@ CLASS="SECT2" > 11.4.3. Pluggable Authentication Modules 11.4.3. Pluggable Authentication ModulesPluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization @@ -382,7 +399,9 @@ CLASS="SECT2" > 11.4.4. User and Group ID Allocation 11.4.4. User and Group ID AllocationWhen a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is @@ -406,7 +425,9 @@ CLASS="SECT2" > 11.4.5. Result Caching 11.4.5. Result CachingAn active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind @@ -427,7 +448,9 @@ CLASS="SECT1" > 11.5. Installation and Configuration 11.5. Installation and ConfigurationMany thanks to John Trostel 11.5.1. Introduction 11.5.1. IntroductionThis HOWTO describes the procedures used to get winbind up and running on my RedHat 7.1 system. Winbind is capable of providing access @@ -509,7 +534,9 @@ CLASS="SECT2" > 11.5.2. Requirements 11.5.2. RequirementsIf you have a samba configuration file that you are currently using... 11.5.3. Testing Things Out 11.5.3. Testing Things OutBefore starting, it is probably best to kill off all the SAMBA related daemons running on your server. Kill off all 11.5.3.1. Configure and compile SAMBA 11.5.3.1. Configure and compile SAMBAThe configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon @@ -684,7 +715,9 @@ CLASS="SECT3" > 11.5.3.2. Configure 11.5.3.2. Configure nsswitch.conf and the @@ -787,7 +820,9 @@ CLASS="SECT3" >11.5.3.3. Configure smb.conf 11.5.3.3. Configure smb.conf Several parameters are needed in the smb.conf file to control the behavior of 11.5.3.4. Join the SAMBA server to the PDC domain 11.5.3.4. Join the SAMBA server to the PDC domainEnter the following command to make the SAMBA server join the PDC domain, where 11.5.3.5. Start up the winbindd daemon and test it! 11.5.3.5. Start up the winbindd daemon and test it!Eventually, you will want to modify your smb startup script to automatically invoke the winbindd daemon when the other parts of @@ -1025,13 +1064,17 @@ CLASS="SECT3" > 11.5.3.6. Fix the init.d startup scripts 11.5.3.6. Fix the init.d startup scripts11.5.3.6.1. Linux 11.5.3.6.1. LinuxThe 11.5.3.6.2. Solaris 11.5.3.6.2. SolarisOn solaris, you need to modify the 11.5.3.6.3. Restarting 11.5.3.6.3. RestartingIf you restart the 11.5.3.7. Configure Winbind and PAM 11.5.3.7. Configure Winbind and PAMIf you have made it this far, you know that winbindd and samba are working together. If you want to use winbind to provide authentication for other @@ -1272,7 +1321,9 @@ CLASS="SECT4" > 11.5.3.7.1. Linux/FreeBSD-specific PAM configuration 11.5.3.7.1. Linux/FreeBSD-specific PAM configurationThe 11.5.3.7.2. Solaris-specific configuration 11.5.3.7.2. Solaris-specific configurationThe /etc/pam.conf needs to be changed. I changed this file so that my Domain users can logon both locally as well as telnet.The following are the changes @@ -1484,7 +1537,9 @@ CLASS="SECT1" > 11.6. Limitations 11.6. LimitationsWinbind has a number of limitations in its current released version that we hope to overcome in future @@ -1523,7 +1578,9 @@ CLASS="SECT1" > 11.7. Conclusion 11.7. ConclusionThe winbind system, through the use of the Name Service Switch, Pluggable Authentication Modules, and appropriate @@ -1558,7 +1615,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >Home