From 05b2b2cdd4895b6d2a4d345192bfd4fed1e0ec25 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 1 Jun 2001 11:50:38 +0000 Subject: syncing up with SAMBA_2_2 (This used to be commit 1bc58c21b15fcdb0a504d051f60e20c4e24441e6) --- docs/textdocs/CVS_ACCESS.txt | 124 ------------ docs/textdocs/DOMAIN.txt | 381 ------------------------------------ docs/textdocs/MIRRORS.txt | 6 - docs/textdocs/outdated/NTDOMAIN.txt | 51 +++++ docs/textdocs/outdated/PROJECTS | 88 +++++++++ 5 files changed, 139 insertions(+), 511 deletions(-) delete mode 100644 docs/textdocs/CVS_ACCESS.txt delete mode 100644 docs/textdocs/DOMAIN.txt delete mode 100755 docs/textdocs/MIRRORS.txt create mode 100644 docs/textdocs/outdated/NTDOMAIN.txt create mode 100644 docs/textdocs/outdated/PROJECTS (limited to 'docs/textdocs') diff --git a/docs/textdocs/CVS_ACCESS.txt b/docs/textdocs/CVS_ACCESS.txt deleted file mode 100644 index c854d3fe33..0000000000 --- a/docs/textdocs/CVS_ACCESS.txt +++ /dev/null @@ -1,124 +0,0 @@ -!== -!== CVS_ACCESS.txt for Samba release 2.0.4 18 May 1999 -!== -Contributor: Modified from the Web pages by Jeremy Allison. -Date: 23 Dec 1997 -Status: Current - -How to get access to Samba source code via cvs. -=============================================== - -CVS Access to samba.org ------------------------------- - -The machine samba.org runs a publicly accessible CVS -repository for access to the source code of several packages, -including samba, rsync and jitterbug. This document describes -how to get anonymous read-only access to this source code. - -Access via cvsweb ------------------ - -You can access the source code via your favourite WWW browser. -This allows you to access the contents of individual files in -the repository and also to look at the revision history and -commit logs of individual files. You can also ask for a diff -listing between any two versions on the repository. - -Use the URL : http://samba.org/cgi-bin/cvsweb - -Access via cvs --------------- - -You can also access the source code via a normal cvs client. -This gives you much more control over you can do with the -repository and allows you to checkout whole source trees -and keep them uptodate via normal cvs commands. This is the -preferred method of access if you are a developer and not -just a casual browser. - -To download the latest cvs source code, point your -browser at the URL : - -http://www.cyclic.com/ - -and click on the 'How to get cvs' link. CVS is free -software under the GNU GPL (as is Samba). - -To gain access via anonymous cvs use the following steps. -For this example it is assumed that you want a copy of the -samba source code. For the other source code repositories -on this system just substitute the correct package name - -1. Install a recent copy of cvs. All you really need is a - copy of the cvs client binary. - -2. Run the command - - cvs -d :pserver:cvs@samba.org:/cvsroot login - -When it asks you for a password type 'cvs' (not including -the quotes). - -3. Run the command - - cvs -d :pserver:cvs@samba.org:/cvsroot co samba - -This will create a directory called samba containing the -latest samba source code. This currently corresponds to the -1.9.18alpha development tree. - -4. Whenever you want to merge in the latest code changes use -the following command from within the samba directory: - - cvs update -d -P - -NOTE: If you instead want the latest source code for the -1.9.17 stable tree then replace step 4 with the command: - - cvs -d :pserver:cvs@samba.org:/cvsroot co -r BRANCH_1_9_17 samba - -Access to the NT DOMAIN Controller code ---------------------------------------- - -The Samba PDC code is being separately developed on a -branch named BRANCH_NTDOM. To gain access to the latest -source code (this changes daily) do the following: - -1). Log onto cvs - - cvs -d :pserver:cvs@samba.org:/cvsroot login - -When it asks you for a password type 'cvs' (not including -the quotes). - -2). Check out the BRANCH_NTDOM by typing : - - cvs -d :pserver:cvs@samba.org:/cvsroot co -r BRANCH_NTDOM samba - -This will create a directory called samba containing the -latest snapshot of the domain controller code. - -3). To keep this code up to date after it has been -changed in the cvs repository, cd into the samba -directory you created above and type : - - cvs update -d -P - -How it's done. --------------- - -If you are interested in how anonymous cvs access is set up and -want to set it up on your own system then you might like to checkout -the pserver source code using the the command : - - cvs -d :pserver:cvs@samba.org:/cvsroot co pserver - -You really have to know what you are doing to do this. Please don't -email samba-bugs with basic cvs or unix security questions. - -Reporting problems. -------------------- - -If you have any problems with this system please email -samba-bugs@samba.org. diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt deleted file mode 100644 index d16f3aa55d..0000000000 --- a/docs/textdocs/DOMAIN.txt +++ /dev/null @@ -1,381 +0,0 @@ -!== -!== DOMAIN.txt for Samba release 2.0.4 18 May 1999 -!== -Contributor: Samba Team -Updated: December 4, 1998 (John H Terpstra) - -Subject: Network Logons and Roaming (Roving) Profiles -=========================================================================== - -A domain and a workgroup are exactly the same thing in terms of network -browsing. The difference is that a distributable authentication -database is associated with a domain, for secure login access to a -network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server (samba does not -support this, but NT server and other systems based on NT server do). - -As of samba-2.0.0 this is now a work in progress that is expected to -mature rapidly. Since this document pre-dates samba-2.0.0 it should be -read from the perspective of it's origins but the reader should understand -that the following details may NOT be up to date with current development. - -The SMB client logging on to a domain has an expectation that every other -server in the domain should accept the same authentication information. -However the network browsing functionality of domains and workgroups is -identical and is explained in BROWSING.txt. - -Issues related to the single-logon network model are discussed in this -document. Samba supports domain logons, network logon scripts, and user -profiles for MS Windows for workgroups and MS Windows 9X clients. - -Work is underway to support domain logon for MS Windows NT clients - this -is mostly working but will undergo much change as the the behaviour of the -new code matures and becomes easier to manage. - -Support is also not complete. Samba does not yet support the sharing -of the Windows NT-style SAM database with other systems. However this is -only one way of having a shared user database: exactly the same effect can -be achieved by having all servers in a domain share a distributed NIS or -Kerberos authentication database. - -When an SMB client in a domain wishes to logon it broadcast requests for a -logon server. The first one to reply gets the job, and validates its -password using whatever mechanism the Samba administrator has installed. -It is possible (but very stupid) to create a domain where the user -database is not shared between servers, ie they are effectively workgroup -servers advertising themselves as participating in a domain. This -demonstrates how authentication is quite different from but closely -involved with domains. - -Another thing commonly associated with single-logon domains is remote -administration over the SMB protocol. Again, there is no reason why this -cannot be implemented with an underlying username database which is -different from the Windows NT SAM. Support for the Remote Administration -Protocol is planned for a future release of Samba. - -The domain support works for WfWg, and Win95 clients and NT 4.0 and 3.51. -Domain support is currently at an early experimental stage for NT 4.0 and -NT 3.51. Support for Windows OS/2 clients is still being worked on and is -still experimental. - -Support for profiles is confirmed as working for Win95, NT 4.0 and NT 3.51. -It is possible to specify: the profile location; script file to be loaded -on login; the user's home directory; and for NT a kick-off time could also -now easily be supported. - -With NT Workstations, all this does not require the use or intervention of -an NT 4.0 or NT 3.51 server: Samba can now replace the logon services -provided by an NT server, to a limited and experimental degree (for example, -running "User Manager for Domains" will not provide you with access to -a domain created by a Samba Server). - -With Win95, the help of an NT server can be enlisted, both for profile storage -and for user authentication. For details on user authentication, see -security_level.txt. For details on profile storage, see below. - - -Using these features you can make your clients verify their logon via -the Samba server; make clients run a batch file when they logon to -the network and download their preferences, desktop and start menu. - - -Configuration Instructions: Network Logons -============================================== - -To use domain logons and profiles you need to do the following: - - -1) Setup nmbd and smbd by configuring smb.conf so that Samba is - acting as the master browser. See _INSTALL.txt and BROWSING.txt - for details. - -2) Setup a WINS server (see NetBIOS.txt) and configure all your clients - to use that WINS service. - -3) Create a share called [netlogon] in your smb.conf. This share should - be readable by all users, and probably should not be writeable. This - share will hold your network logon scripts, and the CONFIG.POL file - (Note: for details on the CONFIG.POL file, how to use it, what it is, - refer to the Microsoft Windows NT Administration documentation. - The format of these files is not known, so you will need to use - Microsoft tools). - -For example I have used: - - [netlogon] - path = /data/dos/netlogon - writeable = no - guest ok = no - -Note that it is important that this share is not writeable by ordinary -users, in a secure environment: ordinary users should not be allowed -to modify or add files that another user's computer would then download -when they log in. - -4) in the [global] section of smb.conf set the following: - - domain logons = yes - logon script = %U.bat - -The choice of batch file is, of course, up to you. The above would -give each user a separate batch file as the %U will be changed to -their username automatically. The other standard % macros may also be -used. You can make the batch files come from a subdirectory by using -something like: - - logon script = scripts\%U.bat - -5) create the batch files to be run when the user logs in. If the batch - file doesn't exist then no batch file will be run. - -In the batch files you need to be careful to use DOS style cr/lf line -endings. If you don't then DOS may get confused. I suggest you use a -DOS editor to remotely edit the files if you don't know how to produce -DOS style files under unix. - -6) Use smbclient with the -U option for some users to make sure that - the \\server\NETLOGON share is available, the batch files are - visible and they are readable by the users. - -7) you will probabaly find that your clients automatically mount the - \\SERVER\NETLOGON share as drive z: while logging in. You can put - some useful programs there to execute from the batch files. - -NOTE: You must be using "security = user" or "security = server" for -domain logons to work correctly. Share level security won't work -correctly. - - - -Configuration Instructions: Setting up Roaming User Profiles -================================================================ - -In the [global] section of smb.conf set the following (for example): - - logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath - -The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile. The \\N%\%U service is created -automatically by the [homes] service. - -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. Windows 95 appears to -check that it can see the share and any subdirectories within that share -specified by the logon path option, rather than just connecting straight -away. It also attempts to create the components of the full path for -you. If the creation of any component fails, or if it cannot see any -component of the path, the profile creation / reading fails. - -[lkcl 26aug96 - we have discovered a problem where Windows clients can -maintain a connection to the [homes] share in between logins. The -[homes] share must NOT therefore be used in a profile path.] - - -Windows 95 ----------- - -When a user first logs in on Windows 95, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short case preserve = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders. - -The user.DAT file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file. - -2) On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - -3) On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer - to reboot. - -Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server. If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me. - -You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password. - -Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. - -Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created. - -These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set. - -If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the unix file -permissions and ownership rights on the profile directory contents, -on the samba server. - - -If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time". - - -1) instead of logging in under the [user, password, domain] dialog], - press escape. - -2) run the regedit.exe program, and look in: - - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - - you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - - [Exit the registry editor]. - -3) WARNING - before deleting the contents of the directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - - This will have the effect of removing the local (read-only hidden - system file) user.DAT in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - -4) search for the user's .PWL password-cacheing file in the c:\windows - directory, and delete it. - -5) log off the windows 95 client. - -6) check the contents of the profile path (see "logon path" described - above), and delete the user.DAT or user.MAN file for the user, - making a backup if required. - - -If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports. - -If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server. Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace. - - -Windows NT Workstation 4.0 --------------------------- - -When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created. The profile location can be now specified -through the "logon path" parameter, in exactly the same way as it -can for Win95. [lkcl 10aug97 - i tried setting the path to -\\samba-server\homes\profile, and discovered that this fails because -a background process maintains the connection to the [homes] share -which does _not_ close down in between user logins. you have to -have \\samba-server\%L\profile, where user is the username created -from the [homes] share]. - -There is a parameter that is now available for use with NT Profiles: -"logon drive". This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter. - -The entry for the NT 4.0 profile is a _directory_ not a file. The NT -help on profiles mentions that a directory is also created with a .PDS -extension. The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension) -[lkcl 10aug97 - i found that the creation of the .PDS directory failed, -and had to create these manually for each user, with a shell script. -also, i presume, but have not tested, that the full profile path must -be browseable just as it is for w95, due to the manner in which they -attempt to create the full profile path: test existence of each path -component; create path component]. - -In the profile directory, NT creates more folders than 95. It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs". The profile itself is stored in a file -NTuser.DAT. Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown. - -You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you). The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one. - -[lkcl 10aug97 - i notice that NT Workstation tells me that it is -downloading a profile from a slow link. whether this is actually the -case, or whether there is some configuration issue, as yet unknown, -that makes NT Workstation _think_ that the link is a slow one is a -matter to be resolved]. - -[lkcl 20aug97 - after samba digest correspondance, one user found, and -another confirmed, that profiles cannot be loaded from a samba server -unless "security = user" and "encrypt passwords = yes" (see the file -ENCRYPTION.txt) or "security = server" and "password server = ip.address. -of.yourNTserver" are used. either of these options will allow the NT -workstation to access the samba server using LAN manager encrypted -passwords, without the user intervention normally required by NT -workstation for clear-text passwords]. - -[lkcl 25aug97 - more comments received about NT profiles: the case of -the profile _matters_. the file _must_ be called NTuser.DAT or, for -a mandatory profile, NTuser.MAN]. - - -Windows NT Server ------------------ - -There is nothing to stop you specifying any path that you like for the -location of users' profiles. Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords. - - - -Sharing Profiles between W95 and NT Workstation 4.0 ---------------------------------------------------- - -The default logon path is \\%N\U%. NT Workstation will attempt to create -a directory "\\samba-server\username.PDS" if you specify the logon path -as "\\samba-server\username" with the NT User Manager. Therefore, you -will need to specify (for example) "\\samba-server\username\profile". -NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which -is more likely to succeed. - -If you then want to share the same Start Menu / Desktop with W95, you will -need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 -this has its drawbacks: i created a shortcut to telnet.exe, which attempts -to run from the c:\winnt\system32 directory. this directory is obviously -unlikely to exist on a Win95-only host]. - -If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory. - -[lkcl 25aug97 - there are some issues to resolve with downloading of -NT profiles, probably to do with time/date stamps. i have found that -NTuser.DAT is never updated on the workstation after the first time that -it is copied to the local workstation profile directory. this is in -contrast to w95, where it _does_ transfer / update profiles correctly]. - diff --git a/docs/textdocs/MIRRORS.txt b/docs/textdocs/MIRRORS.txt deleted file mode 100755 index a133f261c5..0000000000 --- a/docs/textdocs/MIRRORS.txt +++ /dev/null @@ -1,6 +0,0 @@ -!== -!== MIRRORS.txt for Samba release 2.0.4 18 May 1999 -!== - -For a list of web and ftp mirrors please see -http://samba.org/samba/ diff --git a/docs/textdocs/outdated/NTDOMAIN.txt b/docs/textdocs/outdated/NTDOMAIN.txt new file mode 100644 index 0000000000..8408acb979 --- /dev/null +++ b/docs/textdocs/outdated/NTDOMAIN.txt @@ -0,0 +1,51 @@ +!== +!== NTDOMAIN.txt for Samba release 2.0.4 18 May 1999 +!== +Contributor: Luke Kenneth Casson Leighton (samba-bugs@samba.org) + Copyright (C) 1997 Luke Kenneth Casson Leighton +Created: October 20, 1997 +Updated: February 25, 1999 (Jerry Carter) + +Subject: NT Domain Logons +=========================================================================== + +As of 1.9.18alpha1, Samba supports logins for NT 3.51 and 4.0 Workstations, +without the need, use or intervention of NT Server. This document describes +how to set this up. Over the continued development of the 1.9.18alpha +series, this process (and therefore this document) should become simpler. + +One useful thing to do is to get this version of Samba up and running +with Win95 profiles, as you would for the current stable version of +Samba (currently at 1.9.17p4), and is fully documented. You will need +to set up encrypted passwords. Even if you don't have any Win95 machines, +using your Samba Server to store the profile for one of your NT Workstation +users is a good test that you have 1.9.18alpha1 correctly configured *prior* +to attempting NT Domain Logons. + +The support is still experimental, so should be used at your own risk. + +NT is not as robust as you might have been led to believe: during the +development of the Domain Logon Support, one person reported having to +reinstall NT from scratch: their workstation had become totally unuseable. + +[further reports on ntsec@iss.net by independent administrators showing + similar symptoms lead us to believe that the SAM database file may be + corruptible. this _is_ recoverable (or, at least the machine is accessible), + by deleting the SAM file, under which circumstances all user account details + are lost, but at least the Administrator can log in with a blank password. + this is *not* possible except if the NT system is installed in a FAT + partition.] + +This *has* been reported to the NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM digest. + +========================================================================== +Please note that Samba 2.0 does not **officially** support domain logons +for Windows NT clients. Of course, domain logon support for Windows 9x +clients is complete and official. These are two different issues. + +Samba's capability to act as a Primary Domain Controller for Windows NT +domains is not advertised as it is not completed yet. For more information +regarding how to obtain the latest development (HEAD branch) source code +and what features are available, please refer to the NT Domain FAQ on-line +at the Samba web site under the documentation page. + diff --git a/docs/textdocs/outdated/PROJECTS b/docs/textdocs/outdated/PROJECTS new file mode 100644 index 0000000000..3008bea430 --- /dev/null +++ b/docs/textdocs/outdated/PROJECTS @@ -0,0 +1,88 @@ + Samba Projects Directory + ======================== + + +>>>>> NOTE: THIS FILE IS NOW VERY OUT OF DATE <<<<< + + +This is a list of who's working on what in Samba. It's not guaranteed +to be uptodate or accurate but I hope it will help us getting +coordinated. + +If you are working on something to do with Samba and you aren't here +then please let me know! Also, if you are listed below and you have +any corrections or updates then please let me know. + +Email contact: +samba-bugs@samba.org + +======================================================================== +Documentation and FAQ + +Docs and FAQ files for the Samba suite of software. + +Contact samba-bugs@samba.org with the diffs. These are urgently +required. + +The FAQ is being added to on an ad hoc basis, see the web pages for info. + +Mark Preston was working on a set of formatted docs for Samba. Is this +still happening? Contact mpreston@sghms.ac.uk + +Status last updated 2nd October 1996 +======================================================================== + +======================================================================== +Netbeui support + +This aimed to produce patches so that Samba can be used with clients +that do not have TCP/IP. It will try to remain as portable as possible. +Contact Brian.Onn@Canada.Sun.COM (Brian Onn) Unfortunately it died, and +although a lot of people have expressed interest nobody has come forward +to do it. The Novell port (see Samba web pages) includes NetBEUI +functionality in a proprietrary library which should still be helpful as +we have the interfaces. Alan Cox (a.cox@li.org) has the information +required to write the state machine if someone is going to do the work. + +Status last updated 2nd October 1996 +======================================================================== + +======================================================================== +Smbfs + +A mountable smb filesystem for Linux using the userfs userspace filesystem + +Contact lendecke@namu01.gwdg.de (Volker Lendecke) + +This works really well, and is measurably more efficient than commercial +client software. It is now part of the Linux kernel. Long filename support +is in use. + +Status last updated June 1997 +======================================================================== + +======================================================================== +Admin Tool + +Aims to produce a nice smb.conf editor and other useful tools for +administering a Samba system. + +Contact: Steve Brown (steve@unicorn.dungeon.com) + +In the design phase. + +Status last updated 4th September 1994 +======================================================================== + + +======================================================================== +Lanman Client. + +Contact: john@amanda.xs4all.nl (John Stewart) + +Aims to produce a reliable LANMAN Client implementation for LINUX, +and possibly other variations of UNIX. Project ably started by +Tor Lillqvist; tml@hemuli.tte.vtt.fi + +Status last updated 17th January 1995 +======================================================================== -- cgit