From 4474f67fa3f915f7e09fddc3df42cd97403752f9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 26 Mar 2003 11:09:12 +0000 Subject: - Patch from John to update PDC-HOWTO, add ServerType and CUPS (not finished yet) - Regenerate docs - Update docs-status (This used to be commit adbb714ade8ab6f4e9b5d80f0f85041746c0edf1) --- docs/htmldocs/Samba-Developers-Guide.html | 367 +++- docs/htmldocs/Samba-HOWTO-Collection.html | 3202 +++++++++++++++++------------ 2 files changed, 2242 insertions(+), 1327 deletions(-) (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/Samba-Developers-Guide.html b/docs/htmldocs/Samba-Developers-Guide.html index 22cbcec3ee..142d9dc537 100644 --- a/docs/htmldocs/Samba-Developers-Guide.html +++ b/docs/htmldocs/Samba-Developers-Guide.html @@ -816,23 +816,89 @@ NAME="SMBPASSWDFILEFORMAT" >
14. RPC Pluggable ModulesModules
14.1. AboutAdvantages
14.2. Loading modules
14.2.1. Static modules
14.2.2. Shared modules
14.3. Writing modules
14.3.1. Static/Shared selection in configure.in
15. RPC Pluggable Modules
15.1. About
15.2. General Overview
16. Notes to packagers
16.1. Versioning
16.2. Modules

Chapter 14. RPC Pluggable Modules

Chapter 14. Modules

14.1. About14.1. Advantages

The new modules system has the following advantages:

Transparent loading of static and shared modules (no need +for a subsystem to know about modules)
Simple selection between shared and static modules at configure time
"preload modules" option for increasing performance for stable modules
No nasty #define stuff anymore
All backends are available as plugin now (including pdb_ldap and pdb_tdb)


14.2. Loading modules

Some subsystems in samba use different backends. These backends can be +either statically linked in to samba or available as a plugin. A subsystem +should have a function that allows a module to register itself. For example, +the passdb subsystem has:

BOOL smb_register_passdb(const char *name, pdb_init_function init, int version);

This function will be called by the initialisation function of the module to +register itself.


14.2.1. Static modules

The modules system compiles a list of initialisation functions for the +static modules of each subsystem. This is a define. For example, +it is here currently (from include/config.h):

/* Static init functions */
+#define static_init_pdb { pdb_mysql_init(); pdb_ldap_init(); pdb_smbpasswd_init(); pdb_tdbsam_init(); pdb_guest_init();}

These functions should be called before the subsystem is used. That +should be done when the subsystem is initialised or first used.


14.2.2. Shared modules

If a subsystem needs a certain backend, it should check if it has +already been registered. If the backend hasn't been registered already, +the subsystem should call smb_probe_module(char *subsystem, char *backend). +This function tries to load the correct module from a certain path +($LIBDIR/subsystem/backend.so). If the first character in 'backend' +is a slash, smb_probe_module() tries to load the module from the +absolute path specified in 'backend'.

After smb_probe_module() has been executed, the subsystem +should check again if the module has been registered.


14.3. Writing modules

Each module has an initialisation function. For modules that are +included with samba this name is 'subsystem_backend_init'. For external modules (that will never be built-in, but only available as a module) this name is always 'init_module'. (In the case of modules included with samba, the configure system will add a #define subsystem_backend_init() init_module()). +The prototype for these functions is:

int init_module(void);

This function should call one or more +registration functions. The function should return non-zero on success and zero on +failure.

For example, pdb_ldap_init() contains:

int pdb_ldap_init(void)
+{
+    smb_register_passdb("ldapsam", pdb_init_ldapsam, PASSDB_INTERFACE_VERSION);
+    smb_register_passdb("ldapsam_nua", pdb_init_ldapsam_nua, PASSDB_INTERFACE_VERSION);
+	return TRUE;
+}


14.3.1. Static/Shared selection in configure.in

Some macros in configure.in generate the various defines and substs that +are necessary for the system to work correct. All modules that should +be built by default have to be added to the variable 'default_modules'. +For example, if ldap is found, pdb_ldap is added to this variable.

On the bottom of configure.in, SMB_MODULE() should be called +for each module and SMB_SUBSYSTEM() for each subsystem.

Syntax:

SMB_MODULE(subsystem_backend, object files, plugin name, subsystem name, static_action, shared_action)
+SMB_SUBSYSTEM(subsystem)

Also, make sure to add the correct directives to +Makefile.in. @SUBSYSTEM_STATIC@ +will be replaced with a list of objects files of the modules that need to +be linked in statically. @SUBSYSTEM_MODULES@ will +be replaced with the names of the plugins to build.

You must make sure all .c files that contain defines that can +be changed by ./configure are rebuilded in the 'modules_clean' make target. +Practically, this means all c files that contain static_init_subsystem; calls need to be rebuilded.


Chapter 15. RPC Pluggable Modules

15.1. About

This document describes how to make use the new RPC Pluggable Modules features @@ -9346,8 +9639,8 @@ CLASS="SECT1" >


14.2. General Overview15.2. General Overview

When an RPC call is sent to smbd, smbd tries to load a shared library by the @@ -9363,10 +9656,10 @@ CLASS="FILENAME" These shared libraries should be located in the <sambaroot>/lib/rpc. smbd then attempts to call the rpc_pipe_init function within -the shared library.

. smbd then attempts to call the init_module function within +the shared library. Check the chapter on modules for more information.

In the rpc_pipe_init function, the library should call +>In the init_module function, the library should call rpc_pipe_register_commands(). This function takes the following arguments:


Chapter 16. Notes to packagers

16.1. Versioning

Please, please update the version number in +source/include/version.h to include the versioning of your package. This makes it easier to distinguish standard samba builds +from custom-build samba builds (distributions often patch packages). For +example, a good version would be:

Version 2.999+3.0.alpha21-5 for Debian


16.2. Modules

Samba now has support for building parts of samba as plugins. This +makes it possible to, for example, put ldap or mysql support in a seperate +package, thus making it possible to have a normal samba package not +depending on ldap or mysql. To build as much parts of samba +as a plugin, run:

./configure --with-shared-modules=rpc,vfs,auth,pdb,charset

3.1. Introduction
3.2. Important Notes About Security
3.3. The smbpasswd Command
3.4. Plain text
3.5. TDB
3.6. LDAP
3.7. MySQL
3.8. Passdb XML plugin
4. Nomenclature of Server Types
4.1. Stand Alone Server
4.2. Domain Member Server
4.3. Domain Controller
5. User and Share security level (for servers not in a domain)
5. 6. Samba as a NT4 or Win2k Primary Domain ControllerSamba as an NT4 or Win2k Primary Domain Controller
5.1. 6.1. Prerequisite Reading
5.2. 6.2. Background
5.3. 6.3. Configuring the Samba Domain Controller
5.4. Creating Machine Trust Accounts and Joining Clients to the -Domain6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
5.5. 6.5. Common Problems and Errors
5.6. 6.6. System Policies and Profiles
5.7. 6.7. What other help can I get?
5.8. 6.8. Domain Control for Windows 9x/ME
5.9. 6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
6. 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
6.1. 7.1. Prerequisite Reading
6.2. 7.2. Background
6.3. 7.3. What qualifies a Domain Controller on the network?
6.4. 7.4. Can Samba be a Backup Domain Controller to an NT PDC?
6.5. 7.5. How do I set up a Samba BDC?
7. 8. Samba as a ADS domain member
7.1. 8.1. Installing the required packages for Debian
7.2. 8.2. Installing the required packages for RedHat
7.3. 8.3. Compile Samba
7.4. 8.4. Setup your /etc/krb5.conf
7.5. 8.5. Create the computer account
7.6. 8.6. Test your server setup
7.7. 8.7. Testing with smbclient
7.8. 8.8. Notes
8. 9. Samba as a NT4 or Win2k domain member
8.1. 9.1. Joining an NT Domain with Samba 3.0
8.2. 9.2. Samba and Windows 2000 Domains
8.3. 9.3. Why is this better than security = server?
9. 10. Integrating MS Windows networks with Samba
9.1. 10.1. Agenda
9.2. 10.2. Name Resolution in a pure Unix/Linux world
9.3. 10.3. Name resolution as used within MS Windows networking
9.4. 10.4. How browsing functions and how to deploy stable and dependable browsing using Samba
9.5. 10.5. MS Windows security options and how to configure Samba for seemless integration
9.6. 10.6. Conclusions
10. 11. UNIX Permission Bits and Windows NT Access Control Lists
10.1. 11.1. Viewing and changing UNIX permissions using the NT security dialogs
10.2. 11.2. How to view file security on a Samba share
10.3. 11.3. Viewing file ownership
10.4. 11.4. Viewing file or directory permissions
10.5. 11.5. Modifying file or directory permissions
10.6. 11.6. Interaction with the standard Samba create mask parameters
10.7. 11.7. Interaction with the standard Samba file attribute mapping
11. 12. Configuring PAM for distributed but centrally managed authentication
11.1. 12.1. Samba and PAM
11.2. 12.2. Distributed Authentication
11.3. 12.3. PAM Configuration in smb.conf
12. 13. Hosting a Microsoft Distributed File System tree on Samba
12.1. 13.1. Instructions
13. 14. Printing Support
13.1. 14.1. Introduction
13.2. 14.2. Configuration
13.3. 14.3. The Imprints Toolset
13.4. 14.4. Diagnosis
14. 15. Unified Logons between Windows NT and UNIX using Winbind
14.1. 15.1. Abstract
14.2. 15.2. Introduction
14.3. 15.3. What Winbind Provides
14.4. 15.4. How Winbind Works
14.5. 15.5. Installation and Configuration
14.6. 15.6. Limitations
14.7. 15.7. Conclusion
15. 16. Improved browsing in samba
15.1. 16.1. Overview of browsing
15.2. 16.2. Browsing support in samba
15.3. 16.3. Problem resolution
15.4. 16.4. Browsing across subnets
15.5. 16.5. Setting up a WINS server
15.6. 16.6. Setting up Browsing in a WORKGROUP
15.7. 16.7. Setting up Browsing in a DOMAIN
15.8. 16.8. Forcing samba to be the master
15.9. 16.9. Making samba the domain master
15.10. 16.10. Note about broadcast addresses
15.11. 16.11. Multiple interfaces
16. 17. Stackable VFS modules
16.1. 17.1. Introduction and configuration
16.2. 17.2. Included modules
16.3. 17.3. VFS modules available elsewhere
17. 18. Group mapping HOWTO
18. 19. Samba performance issues
18.1. 19.1. Comparisons
18.2. 19.2. Socket options
18.3. 19.3. Read size
18.4. 19.4. Max xmit
18.5. 19.5. Log level
18.6. 19.6. Read raw
18.7. 19.7. Write raw
18.8. 19.8. Slow Clients
18.9. 19.9. Slow Logins
18.10. 19.10. Client tuning
19. 20. Creating Group Prolicy Files
19.1. 20.1. Windows '9x
19.2. 20.2. Windows NT 4
19.3. 20.3. Windows 2000/XP
20. 21. Securing Samba
20.1. 21.1. Introduction
20.2. 21.2. Using host based protection
20.3. 21.3. Using interface protection
20.4. 21.4. Using a firewall
20.5. 21.5. Using a IPC$ share deny
20.6. 21.6. Upgrading Samba
22. Unicode/Charsets
22.1. What are charsets and unicode?
22.2. Samba and charsets
21. 23. Portability
21.1. 23.1. HPUX
21.2. 23.2. SCO Unix
21.3. 23.3. DNIX
21.4. 23.4. RedHat Linux Rembrandt-II
21.5. 23.5. AIX
22. 24. Samba and other CIFS clients
22.1. 24.1. Macintosh clients?
22.2. 24.2. OS2 Client
22.3. 24.3. Windows for Workgroups
22.4. 24.4. Windows '95/'98
22.5. 24.5. Windows 2000 Service Pack 2
23. 25. How to compile SAMBA
23.1. 25.1. Access Samba source code via CVS
23.2. 25.2. Accessing the samba sources via rsync and ftp
23.3. 25.3. Building the Binaries
23.4. 25.4. Starting the smbd and nmbd
24. 26. Reporting Bugs
24.1. 26.1. Introduction
24.2. 26.2. General info
24.3. 26.3. Debug levels
24.4. 26.4. Internal errors
24.5. 26.5. Attaching to a running process
24.6. 26.6. Patches
25. 27. The samba checklist
25.1. 27.1. Introduction
25.2. 27.2. Assumptions
25.3. 27.3. Tests
25.4. 27.4. Still having troubles?
3.1. Introduction
3.2. Important Notes About Security
3.2.1. Advantages of SMB Encryption
3.2.2. Advantages of non-encrypted passwords
3.3. The smbpasswd Command
3.4. Plain text
3.5. TDB
3.6. LDAP
3.6.1. Introduction
3.6.2. Introduction
3.6.3. Supported LDAP Servers
3.6.4. Schema and Relationship to the RFC 2307 posixAccount
3.6.5. Configuring Samba with LDAP
3.6.6. Accounts and Groups management
3.6.7. Security and sambaAccount
3.6.8. LDAP specials attributes for sambaAccounts
3.6.9. Example LDIF Entries for a sambaAccount
3.7. MySQL
3.7.1. Building
3.7.2. Creating the database
3.7.3. Configuring
3.7.4. Using plaintext passwords or encrypted password
3.7.5. Getting non-column data from the table
3.8. Passdb XML plugin
3.8.1. Building
3.8.2. Usage

3.1. Introduction


3.2. Important Notes About Security

Other Microsoft operating systems which also exhibit this behavior includes

These versions of MS Windows do not support full domain + security protocols, although they may log onto a domain environment. + Of these Only MS Windows XP Home does NOT support domain logons.

Windows Me
Windows 2000
Windows XP Home

The following versions of MS Windows fully support domain + security protocols.

Windows NT 3.5x
Windows NT 4.0
Windows 2000 Professional
Windows 200x Server/Advanced Server
Windows XP Professional

MS Windows clients will cache the encrypted password alone. + Even when plain text passwords are re-enabled, through the appropriate + registry change, the plain text password is NEVER cached. This means that + in the event that a network connections should become disconnected (broken) + only the cached (encrypted) password will be sent to the resource server + to affect a auto-reconnect. If the resource server does not support encrypted + passwords the auto-reconnect will fail. USE OF ENCRYPTED PASSWORDS + IS STRONGLY ADVISED.


3.2.1. Advantages of SMB Encryption

plain text passwords are not passed across +>Plain text passwords are not passed across the network. Someone using a network sniffer cannot just record passwords going to the SMB server.WinNT doesn't like talking to a server - that isn't using SMB encrypted passwords. It will refuse + that SM not support encrypted passwords. It will refuse to browse the server if the server is also in user level security mode. It will insist on prompting the user for the password on each connection, which is very annoying. The only things you can do to stop this is to use SMB encryption. Encrypted password support allows auto-matic share + (resource) reconnects.


3.2.2. Advantages of non-encrypted passwords

plain text passwords are not kept - on disk. Plain text passwords are not kept + on disk, and are NOT cached in memory. uses same password file as other unix +>Uses same password file as other unix services such as login and ftpyou are probably already using other - services (such as telnet and ftp) which send plain text - passwords over the net, so sending them for SMB isn't - such a big deal.Use of other services (such as telnet and ftp) which + send plain text passwords over the net, so sending them for SMB + isn't such a big deal.


3.3. The smbpasswd Command

yppasswd programs. - It maintains the two 32 byte password fields - in the passdb backend.


3.4. Plain text


3.5. TDB


3.6. LDAP

3.6.1. Introduction


3.6.2. Introduction


3.6.3. Supported LDAP Servers

The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP -2.0 server and client libraries. The same code should be able to work with -Netscape's Directory Server and client SDK. However, due to lack of testing -so far, there are bound to be compile errors and bugs. These should not be -hard to fix. If you are so inclined, please be sure to forward all patches to +>The LDAP samdb code in 2.2.3 (and later) has been developed and tested +using the OpenLDAP 2.0 server and client libraries. +The same code should be able to work with Netscape's Directory Server +and client SDK. However, due to lack of testing so far, there are bound +to be compile errors and bugs. These should not be hard to fix. +If you are so inclined, please be sure to forward all patches to


3.6.4. Schema and Relationship to the RFC 2307 posixAccount


3.6.5. Configuring Samba with LDAP

4. Nomenclature of Server Types
4.1. Stand Alone Server
4.2. Domain Member Server
4.3. Domain Controller
4.3.1. Domain Controller Types
5. User and Share security level (for servers not in a domain)
5. 6. Samba as a NT4 or Win2k Primary Domain ControllerSamba as an NT4 or Win2k Primary Domain Controller
5.1. 6.1. Prerequisite Reading
5.2. 6.2. Background
5.3. 6.3. Configuring the Samba Domain Controller
5.4. Creating Machine Trust Accounts and Joining Clients to the -Domain6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
5.4.1. 6.4.1. Manual Creation of Machine Trust Accounts
5.4.2. 6.4.2. "On-the-Fly" Creation of Machine Trust Accounts
5.4.3. 6.4.3. Joining the Client to the Domain
5.5. 6.5. Common Problems and Errors
5.6. 6.6. System Policies and Profiles
5.7. 6.7. What other help can I get?
5.8. 6.8. Domain Control for Windows 9x/ME
5.8.1. 6.8.1. Configuration Instructions: Network Logons
5.8.2. 6.8.2. Configuration Instructions: Setting up Roaming User Profiles
5.9. 6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
6. 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
6.1. 7.1. Prerequisite Reading
6.2. 7.2. Background
6.3. 7.3. What qualifies a Domain Controller on the network?
6.3.1. 7.3.1. How does a Workstation find its domain controller?
6.3.2. 7.3.2. When is the PDC needed?
6.4. 7.4. Can Samba be a Backup Domain Controller to an NT PDC?
6.5. 7.5. How do I set up a Samba BDC?
6.5.1. 7.5.1. How do I replicate the smbpasswd file?
6.5.2. 7.5.2. Can I do this all with LDAP?
7. 8. Samba as a ADS domain member
7.1. 8.1. Installing the required packages for Debian
7.2. 8.2. Installing the required packages for RedHat
7.3. 8.3. Compile Samba
7.4. 8.4. Setup your /etc/krb5.conf
7.5. 8.5. Create the computer account
7.5.1. 8.5.1. Possible errors
7.6. 8.6. Test your server setup
7.7. 8.7. Testing with smbclient
7.8. 8.8. Notes
8. 9. Samba as a NT4 or Win2k domain member
8.1. 9.1. Joining an NT Domain with Samba 3.0
8.2. 9.2. Samba and Windows 2000 Domains
8.3. 9.3. Why is this better than security = server?

Chapter 4. Nomenclature of Server Types

Adminstrators of Microsoft networks often refer to there being three +different type of servers:

  • Stand Alone Server

  • Domain Member Server

  • Domain Controller

    • Primary Domain Controller

    • Backup Domain Controller

A network administrator who is familiar with these terms and who +wishes to migrate to or use Samba will want to know what these terms mean +within a Samba context.


4.1. Stand Alone Server

The term stand alone server means that the server +will provide local authentication and access control for all resources +that are available from it. In general this means that there will be a +local user database. In more technical terms, it means that resources +on the machine will either be made available in either SHARE mode or in +USER mode. SHARE mode and USER mode security are documented under +discussions regarding "security mode". The smb.conf configuration parameters +that control security mode are: "security = user" and "security = share".

Samba tends to blur the distinction a little in respect of what is +a stand alone server. This is because the authentication database may be +local or on a remote server, even if from the samba protocol perspective +the samba server is NOT a member of a domain security context.

Through the use of PAM (Pluggable Authentication Modules) and nsswitch +(the name service switcher) the source of authentication may reside on +another server. We would be inclined to call this the authentication server. +This means that the samba server may use the local Unix/Linux system +password database (/etc/passwd or /etc/shadow), may use a local smbpasswd +file (/etc/samba/smbpasswd or /usr/local/samba/lib/private/smbpasswd), or +may use an LDAP back end, or even via PAM and Winbind another CIFS/SMB +server for authentication.


4.2. Domain Member Server

This mode of server operation involves the samba machine being made a member +of a domain security context. This means by definition that all user authentication +will be done from a centrally defined authentication regime. The authentication +regime may come from an NT3/4 style (old domain technology) server, or it may be +provided from an Active Directory server (ADS) running on MS Windows 2000 or later. +>/para>

Of course it should be clear that the authentication back end itself could be from any +distributed directory architecture server that is supported by Samba. This can be +LDAP (from OpenLDAP), or Sun's iPlanet, of NetWare Directory Server, etc.

Please refer to the section on Howto configure Samba as a Primary Domain Controller +and for more information regarding how to create a domain machine account for a +domain member server as well as for information regading how to enable the samba +domain member machine to join the domain and to be fully trusted by it.


4.3. Domain Controller

Over the years public perceptions of what Domain Control really is has taken on an +almost mystical nature. Before we branch into a brief overview of what Domain Control +is the following types of controller are known:


4.3.1. Domain Controller Types

Primary Domain Controller
Backup Domain Controller
ADS Domain Controller

The Primary Domain Controller or PDC plays an important role in the MS +Windows NT3 and NT4 Domain Control architecture, but not in the manner that so many +expect. The PDC seeds the Domain Control database (a part of the Windows registry) and +it plays a key part in synchronisation of the domain authentication database.

New to Samba-3.0.0 is the ability to use a back-end file that holds the same type of data as +the NT4 style SAM (Security Account Manager) database (one of the registry files). +The samba-3.0.0 SAM can be specified via the smb.conf file parameter "passwd backend" and +valid options include smbpasswd tdbsam ldapsam nisplussam plugin unixsam. +The smbpasswd, tdbsam and ldapsam options can have a "_nua" suffix to indicate that No Unix +Accounts need to be created. In other words, the Samba SAM will be independant of Unix/Linux +system accounts, provided a uid range is defined from which SAM accounts can be created.

The Backup Domain Controller or BDC plays a key role in servicing network +authentication requests. The BDC is biased to answer logon requests so that on a network segment +that has a BDC and a PDC the BDC will be most likely to service network logon requests. The PDC will +answer network logon requests when the BDC is too busy (high load). A BDC can be promoted to +a PDC. If the PDC is on line at the time that the BDC is promoted to PDC the previous PDC is +automatically demoted to a BDC.

At this time Samba is NOT capable of acting as an ADS Domain Controller.


Chapter 4. User and Share security level (for servers not in a domain)

Chapter 5. User and Share security level (for servers not in a domain)

A SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which @@ -3883,14 +4217,14 @@ CLASS="CHAPTER" >Chapter 5. Samba as a NT4 or Win2k Primary Domain ControllerChapter 6. Samba as an NT4 or Win2k Primary Domain Controller

5.1. Prerequisite Reading6.1. Prerequisite Reading

Before you continue reading in this chapter, please make sure @@ -3905,98 +4239,42 @@ CLASS="FILENAME" >smb.conf(5) -manpage and the Encryption chapter -of this HOWTO Collection.


5.2. Background6.2. Background

Author's Note: This document is a combination -of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". -Both documents are superseded by this one.

Versions of Samba prior to release 2.2 had marginal capabilities to act -as a Windows NT 4.0 Primary Domain Controller - -(PDC). With Samba 2.2.0, we are proud to announce official support for -Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows -2000 clients. This article outlines the steps -necessary for configuring Samba as a PDC. It is necessary to have a -working Samba server prior to implementing the PDC functionality. If -you have not followed the steps outlined in UNIX_INSTALL.html, please make sure -that your server is configured correctly before proceeding. Another -good resource in the smb.conf(5) man -page. The following functionality should work in 2.2:

This article outlines the steps necessary for configuring Samba as a PDC. +It is necessary to have a working Samba server prior to implementing the +PDC functionality.

  • domain logons for Windows NT 4.0/2000 clients. +> domain logons for Windows NT 4.0 / 200x / XP Professional clients.

  • placing a Windows 9x client in user level security +> placing Windows 9x / Me clients in user level security

  • retrieving a list of users and groups from a Samba PDC to - Windows 9x/NT/2000 clients + Windows 9x / Me / NT / 200x / XP Professional clients

  • roving (roaming) user profiles +> roaming user profiles

The following pieces of functionality are not included in the 2.2 release:

The following functionalities are new to the Samba 3.0 release:

  • SAM replication with Windows NT 4.0 Domain Controllers - (i.e. a Samba PDC and a Windows NT BDC or vice versa) +> Adding users via the User Manager for Domains

The following functionalities are NOT provided by Samba 3.0:

  • Adding users via the User Manager for Domains +> SAM replication with Windows NT 4.0 Domain Controllers + (i.e. a Samba PDC and a Windows NT BDC or vice versa)

Please note that Windows 9x clients are not true members of a domain +>Please note that Windows 9x / Me / XP Home clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for support Windows 9x-style domain logons is completely different -from NT4 domain logons and has been officially supported for some +from NT4 / Win2k type domain logons and has been officially supported for some time.

Implementing a Samba PDC can basically be divided into 2 broad +>MS Windows XP Home edition is NOT able to join a domain and does not permit +the use of domain logons.

Implementing a Samba PDC can basically be divided into 3 broad steps.

  • Creating machine trust accounts and joining clients - to the domain +> Creating machine trust accounts and joining clients to the domain +

  • Adding and managing domain user accounts

  • There are other minor details such as user profiles, system policies, etc... However, these are not necessarily specific to a Samba PDC as much as they are related to Windows NT networking -concepts. They will be mentioned only briefly here.


    5.3. Configuring the Samba Domain Controller6.3. Configuring the Samba Domain Controller

    The first step in creating a working Samba PDC is to -understand the parameters necessary in smb.conf. I will not -attempt to re-explain the parameters here as they are more that -adequately covered in the smb.conf man page. For convenience, the parameters have been -linked with the actual smb.conf description.

    .

    Here is an example logon path = \\%N\profiles\%u - ; where is a user's home directory and where should it - ; be mounted at? + ; where is a user's home directory and where should it be mounted at?

    As Samba 2.2 does not offer a complete implementation of group mapping +>Samba 3.0 offers a complete implementation of group mapping between Windows NT groups and Unix groups (this is really quite -complicated to explain in a short space), you should refer to the -domain admin -group smb.conf parameter for information of creating "Domain -Admins" style accounts.


    5.4. Creating Machine Trust Accounts and Joining Clients to the -Domain6.4. Creating Machine Trust Accounts and Joining Clients to the Domain

    A machine trust account is a Samba account that is used to @@ -4289,14 +4576,127 @@ Account."

    A Windows PDC stores each machine trust account in the Windows -Registry. A Samba PDC, however, stores each machine trust account -in two parts, as follows: +Registry. A Samba-3 PDC also has to stoe machine trust account information +in a suitable back-end data store. With Samba-3 there can be multiple back-ends +for this including:

    • smbpaswd - the plain ascii file stored used by + earlier versions of Samba. This file configuration option requires + a Unix/Linux system account for EVERY entry (ie: both for user and for + machine accounts). This file will be located in the private + directory (default is /usr/local/samba/lib/private or on linux /etc/samba). +

    • smbpasswd_nua - This file is independant of the + system wide user accounts. The use of this back-end option requires + specification of the "non unix account range" option also. It is called + smbpasswd and will be located in the private directory. +

    • tdbsam - a binary database backend that will be + stored in the private directory in a file called + passwd.tdb. The key benefit of this binary format + file is that it can store binary objects that can not be accomodated + in the traditional plain text smbpasswd file. +

    • tdbsam_nua like the smbpasswd_nua option above, this + file allows the creation of arbitrary user and machine accounts without + requiring that account to be added to the system (/etc/passwd) file. It + too requires the specification of the "non unix account range" option + in the [globals] section of the smb.conf file. +

    • ldapsam - An LDAP based back-end. Permits the + LDAP server to be specified. eg: ldap://localhost or ldap://frodo.murphy.com +

    • ldapsam_nua - LDAP based back-end with no unix + account requirement, like smbpasswd_nua and tdbsam_nua above. +

    A Samba PDC, however, stores each machine trust account in two parts, +as follows:


    5.4.1. Manual Creation of Machine Trust Accounts6.4.1. Manual Creation of Machine Trust Accounts

    The first step in manually creating a machine trust account is to @@ -4519,8 +4919,8 @@ CLASS="SECT2" >


    5.4.2. "On-the-Fly" Creation of Machine Trust Accounts6.4.2. "On-the-Fly" Creation of Machine Trust Accounts

    The second (and recommended) way of creating machine trust accounts is @@ -4556,8 +4956,8 @@ CLASS="SECT2" >


    5.4.3. Joining the Client to the Domain6.4.3. Joining the Client to the Domain

    The procedure for joining a client to the domain varies with the @@ -4624,8 +5024,8 @@ CLASS="SECT1" >


    5.5. Common Problems and Errors6.5. Common Problems and Errors


    5.6. System Policies and Profiles6.6. System Policies and Profiles

    Much of the information necessary to implement System Policies and @@ -5007,8 +5407,8 @@ CLASS="SECT1" >


    5.7. What other help can I get?6.7. What other help can I get?

    There are many sources of information available in the form @@ -5427,8 +5827,8 @@ CLASS="SECT1" >


    5.8. Domain Control for Windows 9x/ME6.8. Domain Control for Windows 9x/ME


    5.8.1. Configuration Instructions: Network Logons6.8.1. Configuration Instructions: Network Logons

    The main difference between a PDC and a Windows 9x logon @@ -5667,8 +6067,8 @@ CLASS="SECT2" >


    5.8.2. Configuration Instructions: Setting up Roaming User Profiles6.8.2. Configuration Instructions: Setting up Roaming User Profiles


    5.8.2.1. Windows NT Configuration6.8.2.1. Windows NT Configuration

    To support WinNT clients, in the [global] section of smb.conf set the @@ -5771,8 +6171,8 @@ CLASS="SECT3" >


    5.8.2.2. Windows 9X Configuration6.8.2.2. Windows 9X Configuration

    To support Win9X clients, you must use the "logon home" parameter. Samba has @@ -5802,8 +6202,8 @@ CLASS="SECT3" >


    5.8.2.3. Win9X and WinNT Configuration6.8.2.3. Win9X and WinNT Configuration

    You can support profiles for both Win9X and WinNT clients by setting both the @@ -5847,8 +6247,8 @@ CLASS="SECT3" >


    5.8.2.4. Windows 9X Profile Setup6.8.2.4. Windows 9X Profile Setup

    When a user first logs in on Windows 9X, the file user.DAT is created, @@ -6007,8 +6407,8 @@ CLASS="SECT3" >


    5.8.2.5. Windows NT Workstation 4.06.8.2.5. Windows NT Workstation 4.0

    When a user first logs in to a Windows NT Workstation, the profile @@ -6121,8 +6521,8 @@ CLASS="SECT3" >


    5.8.2.6. Windows NT Server6.8.2.6. Windows NT Server

    There is nothing to stop you specifying any path that you like for the @@ -6135,8 +6535,8 @@ CLASS="SECT3" >


    5.8.2.7. Sharing Profiles between W95 and NT Workstation 4.06.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0


    5.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

    Chapter 6. How to Act as a Backup Domain Controller in a Purely Samba Controlled DomainChapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

    6.1. Prerequisite Reading7.1. Prerequisite Reading

    Before you continue reading in this chapter, please make sure @@ -6390,8 +6790,8 @@ CLASS="SECT1" >


    6.2. Background7.2. Background

    What is a Domain Controller? It is a machine that is able to answer @@ -6435,8 +6835,8 @@ CLASS="SECT1" >


    6.3. What qualifies a Domain Controller on the network?7.3. What qualifies a Domain Controller on the network?

    Every machine that is a Domain Controller for the domain SAMBA has to @@ -6452,8 +6852,8 @@ CLASS="SECT2" >


    6.3.1. How does a Workstation find its domain controller?7.3.1. How does a Workstation find its domain controller?

    A NT workstation in the domain SAMBA that wants a local user to be @@ -6471,8 +6871,8 @@ CLASS="SECT2" >


    6.3.2. When is the PDC needed?7.3.2. When is the PDC needed?

    Whenever a user wants to change his password, this has to be done on @@ -6487,8 +6887,8 @@ CLASS="SECT1" >


    6.4. Can Samba be a Backup Domain Controller to an NT PDC?7.4. Can Samba be a Backup Domain Controller to an NT PDC?

    With version 2.2, no. The native NT SAM replication protocols have @@ -6510,8 +6910,8 @@ CLASS="SECT1" >


    6.5. How do I set up a Samba BDC?7.5. How do I set up a Samba BDC?

    Several things have to be done:


    6.5.1. How do I replicate the smbpasswd file?7.5.1. How do I replicate the smbpasswd file?

    Replication of the smbpasswd file is sensitive. It has to be done @@ -6598,8 +6998,8 @@ CLASS="SECT2" >


    6.5.2. Can I do this all with LDAP?7.5.2. Can I do this all with LDAP?

    The simple answer is YES. Samba's pdb_ldap code supports @@ -6616,7 +7016,7 @@ CLASS="CHAPTER" >Chapter 7. Samba as a ADS domain memberChapter 8. Samba as a ADS domain member

    This is a rough guide to setting up Samba 3.0 with kerberos authentication against a Windows2000 KDC.


    7.1. Installing the required packages for Debian8.1. Installing the required packages for Debian

    On Debian you need to install the following packages:


    7.2. Installing the required packages for RedHat8.2. Installing the required packages for RedHat

    On RedHat this means you should have at least:


    7.3. Compile Samba8.3. Compile Samba

    If your kerberos libraries are in a non-standard location then @@ -6779,8 +7179,8 @@ CLASS="SECT1" >


    7.4. Setup your /etc/krb5.conf8.4. Setup your /etc/krb5.conf

    The minimal configuration for krb5.conf is:


    7.5. Create the computer account8.5. Create the computer account

    As a user that has write permission on the Samba private directory @@ -6833,8 +7233,8 @@ CLASS="SECT2" >


    7.5.1. Possible errors8.5.1. Possible errors


    7.6. Test your server setup8.6. Test your server setup

    On a Windows 2000 client try


    7.7. Testing with smbclient8.7. Testing with smbclient

    On your Samba server try to login to a Win2000 server or your Samba @@ -6891,8 +7291,8 @@ CLASS="SECT1" >


    7.8. Notes8.8. Notes

    You must change administrator password at least once after DC install, @@ -6908,14 +7308,14 @@ CLASS="CHAPTER" >Chapter 8. Samba as a NT4 or Win2k domain memberChapter 9. Samba as a NT4 or Win2k domain member

    8.1. Joining an NT Domain with Samba 3.09.1. Joining an NT Domain with Samba 3.0

    Assume you have a Samba 3.0 server with a NetBIOS name of @@ -7102,8 +7502,8 @@ CLASS="SECT1" >


    8.2. Samba and Windows 2000 Domains9.2. Samba and Windows 2000 Domains

    Many people have asked regarding the state of Samba's ability to participate in @@ -7116,8 +7516,8 @@ CLASS="SECT1" >


    8.3. Why is this better than security = server?9.3. Why is this better than security = server?

    Currently, domain security in Samba doesn't free you from @@ -7210,7 +7610,7 @@ CLASS="TITLE" >

    Introduction

    Table of Contents
    9. 10. Integrating MS Windows networks with Samba
    9.1. 10.1. Agenda
    9.2. 10.2. Name Resolution in a pure Unix/Linux world
    9.2.1. 10.2.1. /etc/hosts
    9.2.2. 10.2.2. /etc/resolv.conf
    9.2.3. 10.2.3. /etc/host.conf
    9.2.4. 10.2.4. /etc/nsswitch.conf
    9.3. 10.3. Name resolution as used within MS Windows networking
    9.3.1. 10.3.1. The NetBIOS Name Cache
    9.3.2. 10.3.2. The LMHOSTS file
    9.3.3. 10.3.3. HOSTS file
    9.3.4. 10.3.4. DNS Lookup
    9.3.5. 10.3.5. WINS Lookup
    9.4. 10.4. How browsing functions and how to deploy stable and dependable browsing using Samba
    9.5. 10.5. MS Windows security options and how to configure Samba for seemless integration
    9.5.1. 10.5.1. Use MS Windows NT as an authentication server
    9.5.2. 10.5.2. Make Samba a member of an MS Windows NT security domain
    9.5.3. 10.5.3. Configure Samba as an authentication server
    9.6. 10.6. Conclusions
    10. 11. UNIX Permission Bits and Windows NT Access Control Lists
    10.1. 11.1. Viewing and changing UNIX permissions using the NT security dialogs
    10.2. 11.2. How to view file security on a Samba share
    10.3. 11.3. Viewing file ownership
    10.4. 11.4. Viewing file or directory permissions
    10.4.1. 11.4.1. File Permissions
    10.4.2. 11.4.2. Directory Permissions
    10.5. 11.5. Modifying file or directory permissions
    10.6. 11.6. Interaction with the standard Samba create mask parameters
    10.7. 11.7. Interaction with the standard Samba file attribute mapping
    11. 12. Configuring PAM for distributed but centrally managed authentication
    11.1. 12.1. Samba and PAM
    11.2. 12.2. Distributed Authentication
    11.3. 12.3. PAM Configuration in smb.conf
    12. 13. Hosting a Microsoft Distributed File System tree on Samba
    12.1. 13.1. Instructions
    12.1.1. 13.1.1. Notes
    13. 14. Printing Support
    13.1. 14.1. Introduction
    13.2. 14.2. Configuration
    13.2.1. 14.2.1. Creating [print$]
    13.2.2. 14.2.2. Setting Drivers for Existing Printers
    13.2.3. 14.2.3. Support a large number of printers
    13.2.4. 14.2.4. Adding New Printers via the Windows NT APW
    13.2.5. 14.2.5. Samba and Printer Ports
    13.3. 14.3. The Imprints Toolset
    13.3.1. 14.3.1. What is Imprints?
    13.3.2. 14.3.2. Creating Printer Driver Packages
    13.3.3. 14.3.3. The Imprints server
    13.3.4. 14.3.4. The Installation Client
    13.4. 14.4. Diagnosis
    13.4.1. 14.4.1. Introduction
    13.4.2. 14.4.2. Debugging printer problems
    13.4.3. 14.4.3. What printers do I have?
    13.4.4. 14.4.4. Setting up printcap and print servers
    13.4.5. 14.4.5. Job sent, no output
    13.4.6. 14.4.6. Job sent, strange output
    13.4.7. 14.4.7. Raw PostScript printed
    13.4.8. 14.4.8. Advanced Printing
    13.4.9. 14.4.9. Real debugging
    14. 15. Unified Logons between Windows NT and UNIX using Winbind
    14.1. 15.1. Abstract
    14.2. 15.2. Introduction
    14.3. 15.3. What Winbind Provides
    14.3.1. 15.3.1. Target Uses
    14.4. 15.4. How Winbind Works
    14.4.1. 15.4.1. Microsoft Remote Procedure Calls
    14.4.2. 15.4.2. Microsoft Active Directory Services
    14.4.3. 15.4.3. Name Service Switch
    14.4.4. 15.4.4. Pluggable Authentication Modules
    14.4.5. 15.4.5. User and Group ID Allocation
    14.4.6. 15.4.6. Result Caching
    14.5. 15.5. Installation and Configuration
    14.5.1. 15.5.1. Introduction
    14.5.2. 15.5.2. Requirements
    14.5.3. 15.5.3. Testing Things Out
    14.6. 15.6. Limitations
    14.7. 15.7. Conclusion
    15. 16. Improved browsing in samba
    15.1. 16.1. Overview of browsing
    15.2. 16.2. Browsing support in samba
    15.3. 16.3. Problem resolution
    15.4. 16.4. Browsing across subnets
    15.4.1. 16.4.1. How does cross subnet browsing work ?
    15.5. 16.5. Setting up a WINS server
    15.6. 16.6. Setting up Browsing in a WORKGROUP
    15.7. 16.7. Setting up Browsing in a DOMAIN
    15.8. 16.8. Forcing samba to be the master
    15.9. 16.9. Making samba the domain master
    15.10. 16.10. Note about broadcast addresses
    15.11. 16.11. Multiple interfaces
    16. 17. Stackable VFS modules
    16.1. 17.1. Introduction and configuration
    16.2. 17.2. Included modules
    16.2.1. 17.2.1. audit
    16.2.2. 17.2.2. recycle
    16.2.3. 17.2.3. netatalk
    16.3. 17.3. VFS modules available elsewhere
    16.3.1. 17.3.1. DatabaseFS
    16.3.2. 17.3.2. vscan
    17. 18. Group mapping HOWTO
    18. 19. Samba performance issues
    18.1. 19.1. Comparisons
    18.2. 19.2. Socket options
    18.3. 19.3. Read size
    18.4. 19.4. Max xmit
    18.5. 19.5. Log level
    18.6. 19.6. Read raw
    18.7. 19.7. Write raw
    18.8. 19.8. Slow Clients
    18.9. 19.9. Slow Logins
    18.10. 19.10. Client tuning
    19. 20. Creating Group Prolicy Files
    19.1. 20.1. Windows '9x
    19.2. 20.2. Windows NT 4
    19.2.1. 20.2.1. Side bar Notes
    19.2.2. 20.2.2. Mandatory profiles
    19.2.3. 20.2.3. moveuser.exe
    19.2.4. 20.2.4. Get SID
    19.3. 20.3. Windows 2000/XP
    20. 21. Securing Samba
    20.1. 21.1. Introduction
    20.2. 21.2. Using host based protection
    20.3. 21.3. Using interface protection
    20.4. 21.4. Using a firewall
    20.5. 21.5. Using a IPC$ share deny
    20.6. 21.6. Upgrading Samba
    22. Unicode/Charsets
    22.1. What are charsets and unicode?
    22.2. Samba and charsets
    Chapter 9. Integrating MS Windows networks with SambaChapter 10. Integrating MS Windows networks with Samba

    9.1. Agenda10.1. Agenda

    To identify the key functional mechanisms of MS Windows networking @@ -8059,8 +8478,8 @@ CLASS="SECT1" >


    9.2. Name Resolution in a pure Unix/Linux world10.2. Name Resolution in a pure Unix/Linux world

    The key configuration files covered in this section are:


    9.2.1. 10.2.1. /etc/hosts

    9.2.2. 10.2.2. /etc/resolv.conf

    9.2.3. 10.2.3. /etc/host.conf

    9.2.4. 10.2.4. /etc/nsswitch.conf

    9.3. Name resolution as used within MS Windows networking10.3. Name resolution as used within MS Windows networking

    MS Windows networking is predicated about the name each machine @@ -8403,8 +8822,8 @@ CLASS="SECT2" >


    9.3.1. The NetBIOS Name Cache10.3.1. The NetBIOS Name Cache

    All MS Windows machines employ an in memory buffer in which is @@ -8430,8 +8849,8 @@ CLASS="SECT2" >


    9.3.2. The LMHOSTS file10.3.2. The LMHOSTS file

    This file is usually located in MS Windows NT 4.0 or @@ -8533,8 +8952,8 @@ CLASS="SECT2" >


    9.3.3. HOSTS file10.3.3. HOSTS file

    This file is usually located in MS Windows NT 4.0 or 2000 in @@ -8555,8 +8974,8 @@ CLASS="SECT2" >


    9.3.4. DNS Lookup10.3.4. DNS Lookup

    This capability is configured in the TCP/IP setup area in the network @@ -8575,8 +8994,8 @@ CLASS="SECT2" >


    9.3.5. WINS Lookup10.3.5. WINS Lookup

    A WINS (Windows Internet Name Server) service is the equivaent of the @@ -8616,8 +9035,8 @@ CLASS="SECT1" >


    9.4. How browsing functions and how to deploy stable and +NAME="AEN1645" +>10.4. How browsing functions and how to deploy stable and dependable browsing using Samba


    9.5. MS Windows security options and how to configure +NAME="AEN1655" +>10.5. MS Windows security options and how to configure Samba for seemless integration


    9.5.1. Use MS Windows NT as an authentication server10.5.1. Use MS Windows NT as an authentication server

    This method involves the additions of the following parameters @@ -8846,8 +9265,8 @@ CLASS="SECT2" >


    9.5.2. Make Samba a member of an MS Windows NT security domain10.5.2. Make Samba a member of an MS Windows NT security domain

    This method involves additon of the following paramters in the smb.conf file:


    9.5.3. Configure Samba as an authentication server10.5.3. Configure Samba as an authentication server

    This mode of authentication demands that there be on the @@ -8946,8 +9365,8 @@ CLASS="SECT3" >


    9.5.3.1. Users10.5.3.1. Users

    A user account that may provide a home directory should be @@ -8969,8 +9388,8 @@ CLASS="SECT3" >


    9.5.3.2. MS Windows NT Machine Accounts10.5.3.2. MS Windows NT Machine Accounts

    These are required only when Samba is used as a domain @@ -8990,8 +9409,8 @@ CLASS="SECT1" >


    9.6. Conclusions10.6. Conclusions

    Samba provides a flexible means to operate as...

    Chapter 10. UNIX Permission Bits and Windows NT Access Control Lists

    Chapter 11. UNIX Permission Bits and Windows NT Access Control Lists

    10.1. Viewing and changing UNIX permissions using the NT +NAME="AEN1746" +>11.1. Viewing and changing UNIX permissions using the NT security dialogs


    10.2. How to view file security on a Samba share11.2. How to view file security on a Samba share

    From an NT 4.0 client, single-click with the right @@ -9123,8 +9542,8 @@ CLASS="SECT1" >


    10.3. Viewing file ownership11.3. Viewing file ownership

    Clicking on the


    10.4. Viewing file or directory permissions11.4. Viewing file or directory permissions

    The third button is the


    10.4.1. File Permissions11.4.1. File Permissions

    The standard UNIX user/group/world triple and @@ -9325,8 +9744,8 @@ CLASS="SECT2" >


    10.4.2. Directory Permissions11.4.2. Directory Permissions

    Directories on an NT NTFS file system have two @@ -9357,8 +9776,8 @@ CLASS="SECT1" >


    10.5. Modifying file or directory permissions11.5. Modifying file or directory permissions

    Modifying file and directory permissions is as simple @@ -9453,8 +9872,8 @@ CLASS="SECT1" >


    10.6. Interaction with the standard Samba create mask +NAME="AEN1839" +>11.6. Interaction with the standard Samba create mask parameters


    10.7. Interaction with the standard Samba file attribute +NAME="AEN1903" +>11.7. Interaction with the standard Samba file attribute mapping

    Chapter 11. Configuring PAM for distributed but centrally +>Chapter 12. Configuring PAM for distributed but centrally managed authentication

    11.1. Samba and PAM12.1. Samba and PAM

    A number of Unix systems (eg: Sun Solaris), as well as the @@ -9944,8 +10363,8 @@ CLASS="SECT1" >


    11.2. Distributed Authentication12.2. Distributed Authentication

    The astute administrator will realize from this that the @@ -9977,8 +10396,8 @@ CLASS="SECT1" >


    11.3. PAM Configuration in smb.conf12.3. PAM Configuration in smb.conf

    There is an option in smb.conf called Chapter 12. Hosting a Microsoft Distributed File System tree on SambaChapter 13. Hosting a Microsoft Distributed File System tree on Samba

    12.1. Instructions13.1. Instructions

    The Distributed File System (or Dfs) provides a means of @@ -10157,8 +10576,8 @@ CLASS="SECT2" >


    12.1.1. Notes13.1.1. Notes

    Chapter 13. Printing SupportChapter 14. Printing Support

    13.1. Introduction14.1. Introduction

    Beginning with the 2.2.0 release, Samba supports @@ -10281,8 +10700,8 @@ CLASS="SECT1" >


    13.2. Configuration14.2. Configuration


    13.2.1. Creating [print$]14.2.1. Creating [print$]

    In order to support the uploading of printer driver @@ -10560,8 +10979,8 @@ CLASS="SECT2" >


    13.2.2. Setting Drivers for Existing Printers14.2.2. Setting Drivers for Existing Printers

    The initial listing of printers in the Samba host's @@ -10632,8 +11051,8 @@ CLASS="SECT2" >


    13.2.3. Support a large number of printers14.2.3. Support a large number of printers

    One issue that has arisen during the development @@ -10698,8 +11117,8 @@ CLASS="SECT2" >


    13.2.4. Adding New Printers via the Windows NT APW14.2.4. Adding New Printers via the Windows NT APW

    By default, Samba offers all printer shares defined in


    13.2.5. Samba and Printer Ports14.2.5. Samba and Printer Ports

    Windows NT/2000 print servers associate a port with each printer. These normally @@ -10888,8 +11307,8 @@ CLASS="SECT1" >


    13.3. The Imprints Toolset14.3. The Imprints Toolset

    The Imprints tool set provides a UNIX equivalent of the @@ -10906,8 +11325,8 @@ CLASS="SECT2" >


    13.3.1. What is Imprints?14.3.1. What is Imprints?

    Imprints is a collection of tools for supporting the goals @@ -10938,8 +11357,8 @@ CLASS="SECT2" >


    13.3.2. Creating Printer Driver Packages14.3.2. Creating Printer Driver Packages

    The process of creating printer driver packages is beyond @@ -10954,8 +11373,8 @@ CLASS="SECT2" >


    13.3.3. The Imprints server14.3.3. The Imprints server

    The Imprints server is really a database server that @@ -10978,8 +11397,8 @@ CLASS="SECT2" >


    13.3.4. The Installation Client14.3.4. The Installation Client

    More information regarding the Imprints installation client @@ -11072,16 +11491,16 @@ CLASS="SECT1" >


    13.4. Diagnosis14.4. Diagnosis

    13.4.1. Introduction14.4.1. Introduction

    This is a short description of how to debug printing problems with @@ -11155,8 +11574,8 @@ CLASS="SECT2" >


    13.4.2. Debugging printer problems14.4.2. Debugging printer problems

    One way to debug printing problems is to start by replacing these @@ -11212,8 +11631,8 @@ CLASS="SECT2" >


    13.4.3. What printers do I have?14.4.3. What printers do I have?

    You can use the 'testprns' program to check to see if the printer @@ -11241,8 +11660,8 @@ CLASS="SECT2" >


    13.4.4. Setting up printcap and print servers14.4.4. Setting up printcap and print servers

    You may need to set up some printcaps for your Samba system to use. @@ -11325,8 +11744,8 @@ CLASS="SECT2" >


    13.4.5. Job sent, no output14.4.5. Job sent, no output

    This is the most frustrating part of printing. You may have sent the @@ -11370,8 +11789,8 @@ CLASS="SECT2" >


    13.4.6. Job sent, strange output14.4.6. Job sent, strange output

    Once you have the job printing, you can then start worrying about @@ -11416,8 +11835,8 @@ CLASS="SECT2" >


    13.4.7. Raw PostScript printed14.4.7. Raw PostScript printed

    This is a problem that is usually caused by either the print spooling @@ -11431,8 +11850,8 @@ CLASS="SECT2" >


    13.4.8. Advanced Printing14.4.8. Advanced Printing

    Note that you can do some pretty magic things by using your @@ -11447,8 +11866,8 @@ CLASS="SECT2" >


    13.4.9. Real debugging14.4.9. Real debugging

    If the above debug tips don't help, then maybe you need to bring in @@ -11462,14 +11881,14 @@ CLASS="CHAPTER" >Chapter 14. Unified Logons between Windows NT and UNIX using WinbindChapter 15. Unified Logons between Windows NT and UNIX using Winbind

    14.1. Abstract15.1. Abstract

    Integration of UNIX and Microsoft Windows NT through @@ -11495,8 +11914,8 @@ CLASS="SECT1" >


    14.2. Introduction15.2. Introduction

    It is well known that UNIX and Microsoft Windows NT have @@ -11549,8 +11968,8 @@ CLASS="SECT1" >


    14.3. What Winbind Provides15.3. What Winbind Provides

    Winbind unifies UNIX and Windows NT account management by @@ -11591,8 +12010,8 @@ CLASS="SECT2" >


    14.3.1. Target Uses15.3.1. Target Uses

    Winbind is targeted at organizations that have an @@ -11615,8 +12034,8 @@ CLASS="SECT1" >


    14.4. How Winbind Works15.4. How Winbind Works

    The winbind system is designed around a client/server @@ -11635,8 +12054,8 @@ CLASS="SECT2" >


    14.4.1. Microsoft Remote Procedure Calls15.4.1. Microsoft Remote Procedure Calls

    Over the last few years, efforts have been underway @@ -11661,8 +12080,8 @@ CLASS="SECT2" >


    14.4.2. Microsoft Active Directory Services15.4.2. Microsoft Active Directory Services

    Since late 2001, Samba has gained the ability to @@ -11680,8 +12099,8 @@ CLASS="SECT2" >


    14.4.3. Name Service Switch15.4.3. Name Service Switch

    The Name Service Switch, or NSS, is a feature that is @@ -11760,8 +12179,8 @@ CLASS="SECT2" >


    14.4.4. Pluggable Authentication Modules15.4.4. Pluggable Authentication Modules

    Pluggable Authentication Modules, also known as PAM, @@ -11809,8 +12228,8 @@ CLASS="SECT2" >


    14.4.5. User and Group ID Allocation15.4.5. User and Group ID Allocation

    When a user or group is created under Windows NT @@ -11835,8 +12254,8 @@ CLASS="SECT2" >


    14.4.6. Result Caching15.4.6. Result Caching

    An active system can generate a lot of user and group @@ -11858,8 +12277,8 @@ CLASS="SECT1" >


    14.5. Installation and Configuration15.5. Installation and Configuration

    Many thanks to John Trostel This HOWTO describes how to get winbind services up and running to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2.

    There is also some Solaris specific information in -docs/textdocs/Solaris-Winbind-HOWTO.txt. -Future revisions of this document will incorporate that -information.


    14.5.1. Introduction15.5.1. Introduction

    This HOWTO describes the procedures used to get winbind up and @@ -11944,8 +12355,8 @@ CLASS="SECT2" >


    14.5.2. Requirements15.5.2. Requirements

    If you have a samba configuration file that you are currently @@ -12014,8 +12425,8 @@ CLASS="SECT2" >


    14.5.3. Testing Things Out15.5.3. Testing Things Out

    Before starting, it is probably best to kill off all the SAMBA @@ -12059,8 +12470,8 @@ CLASS="SECT3" >


    14.5.3.1. Configure and compile SAMBA15.5.3.1. Configure and compile SAMBA

    The configuration and compilation of SAMBA is pretty straightforward. @@ -12125,8 +12536,8 @@ CLASS="SECT3" >


    14.5.3.2. Configure 15.5.3.2. Configure nsswitch.conf and the @@ -12230,8 +12641,8 @@ CLASS="SECT3" >

    14.5.3.3. Configure smb.conf15.5.3.3. Configure smb.conf

    Several parameters are needed in the smb.conf file to control @@ -12305,8 +12716,8 @@ CLASS="SECT3" >


    14.5.3.4. Join the SAMBA server to the PDC domain15.5.3.4. Join the SAMBA server to the PDC domain

    Enter the following command to make the SAMBA server join the @@ -12343,8 +12754,8 @@ CLASS="SECT3" >


    14.5.3.5. Start up the winbindd daemon and test it!15.5.3.5. Start up the winbindd daemon and test it!

    Eventually, you will want to modify your smb startup script to @@ -12361,6 +12772,21 @@ CLASS="COMMAND" >/usr/local/samba/bin/winbindd

    Winbindd can now also run in 'dual daemon mode'. This will make it +run as 2 processes. The first will answer all requests from the cache, +thus making responses to clients faster. The other will +update the cache for the query that the first has just responded. +Advantage of this is that responses stay accurate and are faster. +You can enable dual daemon mode by adding '-B' to the commandline:

    root# /usr/local/samba/bin/winbindd -B

    I'm always paranoid and like to make sure the daemon is really running...


    14.5.3.6. Fix the init.d startup scripts15.5.3.6. Fix the init.d startup scripts

    14.5.3.6.1. Linux15.5.3.6.1. Linux

    The

    If you would like to run winbindd in dual daemon mode, replace +the line +

            daemon /usr/local/samba/bin/winbindd
    + +in the example above with: + +
            daemon /usr/local/samba/bin/winbindd -B
    .

    The 'stop' function has a corresponding entry to shut down the -services and look s like this:


    14.5.3.6.2. Solaris15.5.3.6.2. Solaris

    On solaris, you need to modify the @@ -12633,14 +13073,27 @@ echo Starting Winbind Daemon ;; esac

    Again, if you would like to run samba in dual daemon mode, replace +

       /usr/local/samba/bin/winbindd
    + +in the script above with: + +
       /usr/local/samba/bin/winbindd -B


    14.5.3.6.3. Restarting15.5.3.6.3. Restarting

    If you restart the


    14.5.3.7. Configure Winbind and PAM15.5.3.7. Configure Winbind and PAM

    If you have made it this far, you know that winbindd and samba are working @@ -12721,8 +13174,8 @@ CLASS="SECT4" >


    14.5.3.7.1. Linux/FreeBSD-specific PAM configuration15.5.3.7.1. Linux/FreeBSD-specific PAM configuration

    The


    14.5.3.7.2. Solaris-specific configuration15.5.3.7.2. Solaris-specific configuration

    The /etc/pam.conf needs to be changed. I changed this file so that my Domain @@ -12937,8 +13390,8 @@ CLASS="SECT1" >


    14.6. Limitations15.6. Limitations

    Winbind has a number of limitations in its current @@ -12979,8 +13432,8 @@ CLASS="SECT1" >


    14.7. Conclusion15.7. Conclusion

    The winbind system, through the use of the Name Service @@ -12997,14 +13450,14 @@ CLASS="CHAPTER" >Chapter 15. Improved browsing in samba

    Chapter 16. Improved browsing in samba

    15.1. Overview of browsing16.1. Overview of browsing

    SMB networking provides a mechanism by which clients can access a list @@ -13032,8 +13485,8 @@ CLASS="SECT1" >


    15.2. Browsing support in samba16.2. Browsing support in samba

    Samba facilitates browsing. The browsing is supported by nmbd @@ -13075,8 +13528,8 @@ CLASS="SECT1" >


    15.3. Problem resolution16.3. Problem resolution

    If something doesn't work then hopefully the log.nmb file will help @@ -13122,8 +13575,8 @@ CLASS="SECT1" >


    15.4. Browsing across subnets16.4. Browsing across subnets

    Since the release of Samba 1.9.17(alpha1) Samba has been @@ -13153,8 +13606,8 @@ CLASS="SECT2" >


    15.4.1. How does cross subnet browsing work ?16.4.1. How does cross subnet browsing work ?

    Cross subnet browsing is a complicated dance, containing multiple @@ -13364,8 +13817,8 @@ CLASS="SECT1" >


    15.5. Setting up a WINS server16.5. Setting up a WINS server

    Either a Samba machine or a Windows NT Server machine may be set up @@ -13447,8 +13900,8 @@ CLASS="SECT1" >


    15.6. Setting up Browsing in a WORKGROUP16.6. Setting up Browsing in a WORKGROUP

    To set up cross subnet browsing on a network containing machines @@ -13532,8 +13985,8 @@ CLASS="SECT1" >


    15.7. Setting up Browsing in a DOMAIN16.7. Setting up Browsing in a DOMAIN

    If you are adding Samba servers to a Windows NT Domain then @@ -13583,8 +14036,8 @@ CLASS="SECT1" >


    15.8. Forcing samba to be the master16.8. Forcing samba to be the master

    Who becomes the "master browser" is determined by an election process @@ -13631,8 +14084,8 @@ CLASS="SECT1" >


    15.9. Making samba the domain master16.9. Making samba the domain master

    The domain master is responsible for collating the browse lists of @@ -13704,8 +14157,8 @@ CLASS="SECT1" >


    15.10. Note about broadcast addresses16.10. Note about broadcast addresses

    If your network uses a "0" based broadcast address (for example if it @@ -13718,8 +14171,8 @@ CLASS="SECT1" >


    15.11. Multiple interfaces16.11. Multiple interfaces

    Samba now supports machines with multiple network interfaces. If you @@ -13733,14 +14186,14 @@ CLASS="CHAPTER" >Chapter 16. Stackable VFS modulesChapter 17. Stackable VFS modules

    16.1. Introduction and configuration17.1. Introduction and configuration

    Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -13780,16 +14233,16 @@ CLASS="SECT1" >


    16.2. Included modules17.2. Included modules

    16.2.1. audit17.2.1. audit

    A simple module to audit file access to the syslog @@ -13826,8 +14279,8 @@ CLASS="SECT2" >


    16.2.2. recycle17.2.2. recycle

    A recycle-bin like modules. When used any unlink call @@ -13897,8 +14350,8 @@ CLASS="SECT2" >


    16.2.3. netatalk17.2.3. netatalk

    A netatalk module, that will ease co-existence of samba and @@ -13930,8 +14383,8 @@ CLASS="SECT1" >


    16.3. VFS modules available elsewhere17.3. VFS modules available elsewhere

    This section contains a listing of various other VFS modules that @@ -13946,8 +14399,8 @@ CLASS="SECT2" >


    16.3.1. DatabaseFS17.3.1. DatabaseFS

    URL:


    16.3.2. vscan17.3.2. vscan

    URL: Chapter 17. Group mapping HOWTOChapter 18. Group mapping HOWTO

    Starting with Samba 3.0 alpha 2, a new group mapping function is available. The @@ -14105,14 +14558,14 @@ CLASS="CHAPTER" >Chapter 18. Samba performance issuesChapter 19. Samba performance issues

    18.1. Comparisons19.1. Comparisons

    The Samba server uses TCP to talk to the client. Thus if you are @@ -14142,8 +14595,8 @@ CLASS="SECT1" >


    18.2. Socket options19.2. Socket options

    There are a number of socket options that can greatly affect the @@ -14170,8 +14623,8 @@ CLASS="SECT1" >


    18.3. Read size19.3. Read size

    The option "read size" affects the overlap of disk reads/writes with @@ -14196,8 +14649,8 @@ CLASS="SECT1" >


    18.4. Max xmit19.4. Max xmit

    At startup the client and server negotiate a "maximum transmit" size, @@ -14219,8 +14672,8 @@ CLASS="SECT1" >


    18.5. Log level19.5. Log level

    If you set the log level (also known as "debug level") higher than 2 @@ -14233,8 +14686,8 @@ CLASS="SECT1" >


    18.6. Read raw19.6. Read raw

    The "read raw" operation is designed to be an optimised, low-latency @@ -14255,8 +14708,8 @@ CLASS="SECT1" >


    18.7. Write raw19.7. Write raw

    The "write raw" operation is designed to be an optimised, low-latency @@ -14272,8 +14725,8 @@ CLASS="SECT1" >


    18.8. Slow Clients19.8. Slow Clients

    One person has reported that setting the protocol to COREPLUS rather @@ -14289,8 +14742,8 @@ CLASS="SECT1" >


    18.9. Slow Logins19.9. Slow Logins

    Slow logins are almost always due to the password checking time. Using @@ -14302,8 +14755,8 @@ CLASS="SECT1" >


    18.10. Client tuning19.10. Client tuning

    Often a speed problem can be traced to the client. The client (for @@ -14410,14 +14863,14 @@ CLASS="CHAPTER" >Chapter 19. Creating Group Prolicy FilesChapter 20. Creating Group Prolicy Files

    19.1. Windows '9x20.1. Windows '9x

    You need the Win98 Group Policy Editor to @@ -14459,8 +14912,8 @@ CLASS="SECT1" >


    19.2. Windows NT 420.2. Windows NT 4

    Unfortunately, the Resource Kit info is Win NT4 or 200x specific.


    19.2.1. Side bar Notes20.2.1. Side bar Notes

    You should obtain the SID of your NT4 domain. You can use smbpasswd to do @@ -14556,8 +15009,8 @@ CLASS="SECT2" >


    19.2.2. Mandatory profiles20.2.2. Mandatory profiles

    The above method can be used to create mandatory profiles also. To convert @@ -14569,8 +15022,8 @@ CLASS="SECT2" >


    19.2.3. moveuser.exe20.2.3. moveuser.exe

    The W2K professional resource kit has moveuser.exe. moveuser.exe changes @@ -14582,8 +15035,8 @@ CLASS="SECT2" >


    19.2.4. Get SID20.2.4. Get SID

    You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 @@ -14605,8 +15058,8 @@ CLASS="SECT1" >


    19.3. Windows 2000/XP20.3. Windows 2000/XP

    You must first convert the profile from a local profile to a domain @@ -14843,14 +15296,14 @@ CLASS="CHAPTER" >Chapter 20. Securing SambaChapter 21. Securing Samba

    20.1. Introduction21.1. Introduction

    This note was attached to the Samba 2.2.8 release notes as it contained an @@ -14862,8 +15315,8 @@ CLASS="SECT1" >


    20.2. Using host based protection21.2. Using host based protection

    In many installations of Samba the greatest threat comes for outside @@ -14894,8 +15347,8 @@ CLASS="SECT1" >


    20.3. Using interface protection21.3. Using interface protection

    By default Samba will accept connections on any network interface that @@ -14930,8 +15383,8 @@ CLASS="SECT1" >


    20.4. Using a firewall21.4. Using a firewall

    Many people use a firewall to deny access to services that they don't @@ -14960,8 +15413,8 @@ CLASS="SECT1" >


    20.5. Using a IPC$ share deny21.5. Using a IPC$ share deny

    If the above methods are not suitable, then you could also place a @@ -14999,8 +15452,8 @@ CLASS="SECT1" >


    20.6. Upgrading Samba21.6. Upgrading Samba

    Please check regularly on http://www.samba.org/ for updates and @@ -15009,6 +15462,125 @@ it is highly recommended to upgrade Samba when a security vulnerability is discovered.


    Chapter 22. Unicode/Charsets

    22.1. What are charsets and unicode?

    Computers communicate in numbers. In texts, each number will be +translated to a corresponding letter. The meaning that will be assigned +to a certain number depends on the character set(charset) that is used. +A charset can be seen as a table that is used to translate numbers to +letters. Not all computers use the same charset (there are charsets +with German umlauts, Japanese characters, etc). Usually a charset contains +256 characters, which means that storing a character with it takes +exactly one byte.

    There are also charsets that support even more characters, +but those need twice(or even more) as much storage space. These +charsets can contain 256 * 256 = 65536 characters, which +is more then all possible characters one could think of. They are called +multibyte charsets (because they use more then one byte to +store one character).

    A standardised multibyte charset is unicode, info available at +www.unicode.org. +Big advantage of using a multibyte charset is that you only need one; no +need to make sure two computers use the same charset when they are +communicating.

    Old windows clients used to use single-byte charsets, named +'codepages' by microsoft. However, there is no support for +negotiating the charset to be used in the smb protocol. Thus, you +have to make sure you are using the same charset when talking to an old client. +Newer clients (Windows NT, 2K, XP) talk unicode over the wire.


    22.2. Samba and charsets

    As of samba 3.0, samba can (and will) talk unicode over the wire. Internally, +samba knows of three kinds of character sets:

    unix charset

    This is the charset used internally by your operating system. + The default is ASCII, which is fine for most + systems. +

    display charset

    This is the charset samba will use to print messages + on your screen. It should generally be the same as the unix charset. +

    dos charset

    This is the charset samba uses when communicating with + DOS and Windows 9x clients. It will talk unicode to all newer clients. + The default depends on the charsets you have installed on your system. + Run testparm -v | grep "dos charset" to see + what the default is on your system. +

    Table of Contents
    21. 23. Portability
    21.1. 23.1. HPUX
    21.2. 23.2. SCO Unix
    21.3. 23.3. DNIX
    21.4. 23.4. RedHat Linux Rembrandt-II
    21.5. 23.5. AIX
    21.5.1. 23.5.1. Sequential Read Ahead
    22. 24. Samba and other CIFS clients
    22.1. 24.1. Macintosh clients?
    22.2. 24.2. OS2 Client
    22.2.1. 24.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
    22.2.2. 24.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
    22.2.3. 24.2.3. Are there any other issues when OS/2 (any version) is used as a client?
    22.2.4. 24.2.4. How do I get printer driver download working for OS/2 clients?
    22.3. 24.3. Windows for Workgroups
    22.3.1. 24.3.1. Use latest TCP/IP stack from Microsoft
    22.3.2. 24.3.2. Delete .pwl files after password change
    22.3.3. 24.3.3. Configure WfW password handling
    22.3.4. 24.3.4. Case handling of passwords
    22.3.5. 24.3.5. Use TCP/IP as default protocol
    22.4. 24.4. Windows '95/'98
    22.5. 24.5. Windows 2000 Service Pack 2
    23. 25. How to compile SAMBA
    23.1. 25.1. Access Samba source code via CVS
    23.1.1. 25.1.1. Introduction
    23.1.2. 25.1.2. CVS Access to samba.org
    23.2. 25.2. Accessing the samba sources via rsync and ftp
    23.3. 25.3. Building the Binaries
    23.4. 25.4. Starting the smbd and nmbd
    23.4.1. 25.4.1. Starting from inetd.conf
    23.4.2. 25.4.2. Alternative: starting it as a daemon
    24. 26. Reporting Bugs
    24.1. 26.1. Introduction
    24.2. 26.2. General info
    24.3. 26.3. Debug levels
    24.4. 26.4. Internal errors
    24.5. 26.5. Attaching to a running process
    24.6. 26.6. Patches
    25. 27. The samba checklist
    25.1. 27.1. Introduction
    25.2. 27.2. Assumptions
    25.3. 27.3. Tests
    25.3.1. 27.3.1. Test 1
    25.3.2. 27.3.2. Test 2
    25.3.3. 27.3.3. Test 3
    25.3.4. 27.3.4. Test 4
    25.3.5. 27.3.5. Test 5
    25.3.6. 27.3.6. Test 6
    25.3.7. 27.3.7. Test 7
    25.3.8. 27.3.8. Test 8
    25.3.9. 27.3.9. Test 9
    25.3.10. 27.3.10. Test 10
    25.3.11. 27.3.11. Test 11
    25.4. 27.4. Still having troubles?
    Chapter 21. PortabilityChapter 23. Portability

    Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -15364,8 +15936,8 @@ CLASS="SECT1" >


    21.1. HPUX23.1. HPUX

    HP's implementation of supplementary groups is, er, non-standard (for @@ -15394,8 +15966,8 @@ CLASS="SECT1" >


    21.2. SCO Unix23.2. SCO Unix

    @@ -15411,8 +15983,8 @@ CLASS="SECT1" >


    21.3. DNIX23.3. DNIX

    DNIX has a problem with seteuid() and setegid(). These routines are @@ -15518,8 +16090,8 @@ CLASS="SECT1" >


    21.4. RedHat Linux Rembrandt-II23.4. RedHat Linux Rembrandt-II

    By default RedHat Rembrandt-II during installation adds an @@ -15542,16 +16114,16 @@ CLASS="SECT1" >


    21.5. AIX23.5. AIX

    21.5.1. Sequential Read Ahead23.5.1. Sequential Read Ahead

    Disabling Sequential Read Ahead using "vmtune -r 0" improves @@ -15565,7 +16137,7 @@ CLASS="CHAPTER" >Chapter 22. Samba and other CIFS clientsChapter 24. Samba and other CIFS clients

    This chapter contains client-specific information.


    22.1. Macintosh clients?24.1. Macintosh clients?

    Yes.


    22.2. OS2 Client24.2. OS2 Client

    22.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN3379" +>24.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?


    22.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN3394" +>24.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?


    22.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN3403" +>24.2.3. Are there any other issues when OS/2 (any version) is used as a client?


    22.2.4. How do I get printer driver download working +NAME="AEN3407" +>24.2.4. How do I get printer driver download working for OS/2 clients?


    22.3. Windows for Workgroups24.3. Windows for Workgroups

    22.3.1. Use latest TCP/IP stack from Microsoft24.3.1. Use latest TCP/IP stack from Microsoft

    Use the latest TCP/IP stack from microsoft if you use Windows @@ -15829,8 +16401,8 @@ CLASS="SECT2" >


    22.3.2. Delete .pwl files after password change24.3.2. Delete .pwl files after password change

    WfWg does a lousy job with passwords. I find that if I change my @@ -15849,8 +16421,8 @@ CLASS="SECT2" >


    22.3.3. Configure WfW password handling24.3.3. Configure WfW password handling

    There is a program call admincfg.exe @@ -15868,8 +16440,8 @@ CLASS="SECT2" >


    22.3.4. Case handling of passwords24.3.4. Case handling of passwords

    Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the


    22.3.5. Use TCP/IP as default protocol24.3.5. Use TCP/IP as default protocol

    To support print queue reporting you may find @@ -15902,8 +16474,8 @@ CLASS="SECT1" >


    22.4. Windows '95/'9824.4. Windows '95/'98

    When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -15950,8 +16522,8 @@ CLASS="SECT1" >


    22.5. Windows 2000 Service Pack 224.5. Windows 2000 Service Pack 2

    @@ -16034,7 +16606,7 @@ CLASS="CHAPTER" >Chapter 23. How to compile SAMBAChapter 25. How to compile SAMBA

    You can obtain the samba source from the


    23.1. Access Samba source code via CVS25.1. Access Samba source code via CVS

    23.1.1. Introduction25.1.1. Introduction

    Samba is developed in an open environment. Developers use CVS @@ -16077,8 +16649,8 @@ CLASS="SECT2" >


    23.1.2. CVS Access to samba.org25.1.2. CVS Access to samba.org

    The machine samba.org runs a publicly accessible CVS @@ -16090,8 +16662,8 @@ CLASS="SECT3" >


    23.1.2.1. Access via CVSweb25.1.2.1. Access via CVSweb

    You can access the source code via your @@ -16111,8 +16683,8 @@ CLASS="SECT3" >


    23.1.2.2. Access via cvs25.1.2.2. Access via cvs

    You can also access the source code via a @@ -16216,8 +16788,8 @@ CLASS="SECT1" >


    23.2. Accessing the samba sources via rsync and ftp25.2. Accessing the samba sources via rsync and ftp

    pserver.samba.org also exports unpacked copies of most parts of the CVS tree at


    23.3. Building the Binaries25.3. Building the Binaries

    To do this, first run the program


    23.4. Starting the smbd and nmbd25.4. Starting the smbd and nmbd

    You must choose to start smbd and nmbd either @@ -16371,8 +16943,8 @@ CLASS="SECT2" >


    23.4.1. Starting from inetd.conf25.4.1. Starting from inetd.conf

    NOTE; The following will be different if @@ -16471,8 +17043,8 @@ CLASS="SECT2" >


    23.4.2. Alternative: starting it as a daemon25.4.2. Alternative: starting it as a daemon

    To start the server as a daemon you should create @@ -16530,14 +17102,14 @@ CLASS="CHAPTER" >Chapter 24. Reporting BugsChapter 26. Reporting Bugs

    24.1. Introduction26.1. Introduction

    The email address for bug reports for stable releases is


    24.2. General info26.2. General info

    Before submitting a bug report check your config for silly @@ -16606,8 +17178,8 @@ CLASS="SECT1" >


    24.3. Debug levels26.3. Debug levels

    If the bug has anything to do with Samba behaving incorrectly as a @@ -16676,8 +17248,8 @@ CLASS="SECT1" >


    24.4. Internal errors26.4. Internal errors

    If you get a "INTERNAL ERROR" message in your log files it means that @@ -16720,8 +17292,8 @@ CLASS="SECT1" >


    24.5. Attaching to a running process26.5. Attaching to a running process

    Unfortunately some unixes (in particular some recent linux kernels) @@ -16737,8 +17309,8 @@ CLASS="SECT1" >


    24.6. Patches26.6. Patches

    The best sort of bug report is one that includes a fix! If you send us @@ -16760,14 +17332,14 @@ CLASS="CHAPTER" >Chapter 25. The samba checklistChapter 27. The samba checklist

    25.1. Introduction27.1. Introduction

    This file contains a list of tests you can perform to validate your @@ -16788,8 +17360,8 @@ CLASS="SECT1" >


    25.2. Assumptions27.2. Assumptions

    In all of the tests it is assumed you have a Samba server called @@ -16826,16 +17398,16 @@ CLASS="SECT1" >


    25.3. Tests27.3. Tests

    25.3.1. Test 127.3.1. Test 1

    In the directory in which you store your smb.conf file, run the command @@ -16856,8 +17428,8 @@ CLASS="SECT2" >


    25.3.2. Test 227.3.2. Test 2

    Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from @@ -16882,8 +17454,8 @@ CLASS="SECT2" >


    25.3.3. Test 327.3.3. Test 3

    Run the command "smbclient -L BIGSERVER" on the unix box. You @@ -16953,8 +17525,8 @@ CLASS="SECT2" >


    25.3.4. Test 427.3.4. Test 4

    Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the @@ -16974,8 +17546,8 @@ CLASS="SECT2" >


    25.3.5. Test 527.3.5. Test 5

    run the command


    25.3.6. Test 627.3.6. Test 6

    Run the command


    25.3.7. Test 727.3.7. Test 7

    Run the command


    25.3.8. Test 827.3.8. Test 8

    On the PC type the command


    25.3.9. Test 927.3.9. Test 9

    Run the command


    25.3.10. Test 1027.3.10. Test 10

    Run the command


    25.3.11. Test 1127.3.11. Test 11

    From file manager try to browse the server. Your samba server should @@ -17266,8 +17838,8 @@ CLASS="SECT1" >


    25.4. Still having troubles?27.4. Still having troubles?

    Try the mailing list or newsgroup, or use the ethereal utility to -- cgit