From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:27:58 +0000 Subject: first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154) --- docs/textdocs/Application_Serving.txt | 2 +- docs/textdocs/BROWSING-Config.txt | 2 +- docs/textdocs/BROWSING.txt | 2 +- docs/textdocs/BUGS.txt | 2 +- docs/textdocs/CVS_ACCESS.txt | 2 +- docs/textdocs/DHCP-Server-Configuration.txt | 2 +- docs/textdocs/DIAGNOSIS.txt | 52 +++++++++++++++++++++-------- docs/textdocs/DNIX.txt | 2 +- docs/textdocs/DOMAIN.txt | 2 +- docs/textdocs/DOMAIN_CONTROL.txt | 2 +- docs/textdocs/DOMAIN_MEMBER.txt | 29 ++++++++-------- docs/textdocs/ENCRYPTION.txt | 43 ++++++++++++------------ docs/textdocs/Faxing.txt | 2 +- docs/textdocs/GOTCHAS.txt | 2 +- docs/textdocs/HINTS.txt | 2 +- docs/textdocs/MIRRORS.txt | 2 +- docs/textdocs/Macintosh_Clients.txt | 2 +- docs/textdocs/NTDOMAIN.txt | 2 +- docs/textdocs/NetBIOS.txt | 2 +- docs/textdocs/OS2-Client-HOWTO.txt | 2 +- docs/textdocs/PRINTER_DRIVER.txt | 2 +- docs/textdocs/PROFILES.txt | 2 +- docs/textdocs/Passwords.txt | 8 ++--- docs/textdocs/Printing.txt | 37 ++++++++++++++------ docs/textdocs/Recent-FAQs.txt | 2 +- docs/textdocs/RoutedNetworks.txt | 2 +- docs/textdocs/SCO.txt | 2 +- docs/textdocs/SSLeay.txt | 2 +- docs/textdocs/Speed.txt | 20 ++++++++--- docs/textdocs/Speed2.txt | 2 +- docs/textdocs/Support.txt | 2 +- docs/textdocs/Tracing.txt | 2 +- docs/textdocs/UNIX-SMB.txt | 2 +- docs/textdocs/UNIX_INSTALL.txt | 13 ++------ docs/textdocs/UNIX_SECURITY.txt | 2 +- docs/textdocs/Win95.txt | 2 +- docs/textdocs/WinNT.txt | 2 +- docs/textdocs/cifsntdomain.txt | 2 +- docs/textdocs/security_level.txt | 22 ++++++------ 39 files changed, 166 insertions(+), 120 deletions(-) (limited to 'docs/textdocs') diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt index 0149b17e6d..be07cfe062 100644 --- a/docs/textdocs/Application_Serving.txt +++ b/docs/textdocs/Application_Serving.txt @@ -1,5 +1,5 @@ !== -!== Application_Serving.txt for Samba release 2.1.0prealpha 981204 +!== Application_Serving.txt for Samba release 2.0.4 18 May 1999 !== Contributed: January 7, 1997 Updated: March 24, 1998 diff --git a/docs/textdocs/BROWSING-Config.txt b/docs/textdocs/BROWSING-Config.txt index 2811f02659..a27cf7401d 100644 --- a/docs/textdocs/BROWSING-Config.txt +++ b/docs/textdocs/BROWSING-Config.txt @@ -1,5 +1,5 @@ !== -!== BROWSING-Config.txt for Samba release 2.1.0prealpha 981204 +!== BROWSING-Config.txt for Samba release 2.0.4 18 May 1999 !== Date: July 5, 1998 Contributor: John H Terpstra diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt index 2ed2369f08..ae18382bd9 100644 --- a/docs/textdocs/BROWSING.txt +++ b/docs/textdocs/BROWSING.txt @@ -1,5 +1,5 @@ !== -!== BROWSING.txt for Samba release 2.1.0prealpha 981204 +!== BROWSING.txt for Samba release 2.0.4 18 May 1999 !== Author/s: Many (Thanks to Luke, Jeremy, Andrew, etc.) Updated: July 5, 1998 diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt index db3a548450..14a77f4cb4 100644 --- a/docs/textdocs/BUGS.txt +++ b/docs/textdocs/BUGS.txt @@ -1,5 +1,5 @@ !== -!== BUGS.txt for Samba release 2.1.0prealpha 981204 +!== BUGS.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Samba Team Updated: June 27, 1997 diff --git a/docs/textdocs/CVS_ACCESS.txt b/docs/textdocs/CVS_ACCESS.txt index 6fec05eae5..c854d3fe33 100644 --- a/docs/textdocs/CVS_ACCESS.txt +++ b/docs/textdocs/CVS_ACCESS.txt @@ -1,5 +1,5 @@ !== -!== CVS_ACCESS.txt for Samba release 2.1.0prealpha 981204 +!== CVS_ACCESS.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Modified from the Web pages by Jeremy Allison. Date: 23 Dec 1997 diff --git a/docs/textdocs/DHCP-Server-Configuration.txt b/docs/textdocs/DHCP-Server-Configuration.txt index 52ecf2d9b0..72afd85e59 100644 --- a/docs/textdocs/DHCP-Server-Configuration.txt +++ b/docs/textdocs/DHCP-Server-Configuration.txt @@ -1,5 +1,5 @@ !== -!== DHCP-Server-Configuration.txt for Samba release 2.1.0prealpha 981204 +!== DHCP-Server-Configuration.txt for Samba release 2.0.4 18 May 1999 !== Subject: DHCP Server Configuration for SMB Clients Date: March 1, 1998 diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt index e490fb81eb..ce51400464 100644 --- a/docs/textdocs/DIAGNOSIS.txt +++ b/docs/textdocs/DIAGNOSIS.txt @@ -1,8 +1,8 @@ !== -!== DIAGNOSIS.txt for Samba release 2.1.0prealpha 981204 +!== DIAGNOSIS.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Andrew Tridgell -Updated: October 14, 1997 +Updated: November 1, 1999 Subject: DIAGNOSING YOUR SAMBA SERVER =========================================================================== @@ -16,9 +16,6 @@ You should do ALL the tests, in the order shown. I have tried to carefully choose them so later tests only use capabilities verified in the earlier tests. -I would welcome additions to this set of tests. Please mail them to -samba-bugs@samba.org - If you send me an email saying "it doesn't work" and you have not followed this test procedure then you should not be surprised if I ignore your email. @@ -28,9 +25,10 @@ ASSUMPTIONS ----------- In all of the tests I assume you have a Samba server called BIGSERVER -and a PC called ACLIENT. I also assume the PC is running windows for -workgroups with a recent copy of the microsoft tcp/ip stack. Alternatively, -your PC may be running Windows 95 or Windows NT (Workstation or Server). +and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the +PC is running windows for workgroups with a recent copy of the +microsoft tcp/ip stack. Alternatively, your PC may be running Windows +95 or Windows NT (Workstation or Server). The procedure is similar for other types of clients. @@ -44,7 +42,7 @@ smb.conf. I will assume this share is called "tmp". You can add a read only = yes -THESE TESTS ASSUME VERSION 1.9.16 OR LATER OF THE SAMBA SUITE. SOME +THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS Please pay attention to the error messages you receive. If any error message @@ -102,7 +100,7 @@ valid. Check what your guest account is using "testparm" and temporarily remove any "hosts allow", "hosts deny", "valid users" or "invalid users" lines. -If you get a "connection refused" response then the smbd server could +If you get a "connection refused" response then the smbd server may not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN @@ -170,6 +168,9 @@ You should get the PCs IP address back. If you don't then the client software on the PC isn't installed correctly, or isn't started, or you got the name of the PC wrong. +If ACLIENT doesn't resolve via DNS then use the IP address of the +client in the above test. + TEST 6: ------- @@ -199,11 +200,15 @@ not correct. (Refer to TEST 3 notes above). TEST 7: ------- -Run the command "smbclient '\\BIGSERVER\TMP'". You should then be +Run the command "smbclient //BIGSERVER/TMP". You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with -another account then add the -U option to the command -line. +another account then add the -U option to the end of +the command line. eg: smbclient //bigserver/tmp -Ujohndoe + +Note: It is possible to specify the password along with the username +as follows: + smbclient //bigserver/tmp -Ujohndoe%secret Once you enter the password you should get the "smb>" prompt. If you don't then look at the error message. If it says "invalid network @@ -250,6 +255,12 @@ same fixes apply as they did for the "smbclient -L" test above. In particular, make sure your "hosts allow" line is correct (see the man pages) +Also, do not overlook that fact that when the workstation requests the +connection to the samba server it will attempt to connect using the +name with which you logged onto your Windows machine. You need to make +sure that an account exists on your Samba server with that exact same +name and password. + If you get "specified computer is not receiving requests" or similar it probably means that the host is not contactable via tcp services. Check to see if the host is running tcp wrappers, and if so add an entry in @@ -271,10 +282,23 @@ USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the username corresponding to the password you typed. If you find this fixes things you may need the username mapping option. - TEST 10: -------- +Run the command "nmblookup -M TESTGROUP" where TESTGROUP is the name +of the workgroup that your Samba server and Windows PCs belong to. You +should get back the IP address of the master browser for that +workgroup. + +If you don't then the election process has failed. Wait a minute to +see if it is just being slow then try again. If it still fails after +that then look at the browsing options you have set in smb.conf. Make +sure you have "preferred master = yes" to ensure that an election is +held at startup. + +TEST 11: +-------- + From file manager try to browse the server. Your samba server should appear in the browse list of your local workgroup (or the one you specified in smb.conf). You should be able to double click on the name diff --git a/docs/textdocs/DNIX.txt b/docs/textdocs/DNIX.txt index 4c1fcbde31..f209f04618 100644 --- a/docs/textdocs/DNIX.txt +++ b/docs/textdocs/DNIX.txt @@ -1,5 +1,5 @@ !== -!== DNIX.txt for Samba release 2.1.0prealpha 981204 +!== DNIX.txt for Samba release 2.0.4 18 May 1999 !== DNIX has a problem with seteuid() and setegid(). These routines are needed for Samba to work correctly, but they were left out of the DNIX diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt index f5b85ea28f..d16f3aa55d 100644 --- a/docs/textdocs/DOMAIN.txt +++ b/docs/textdocs/DOMAIN.txt @@ -1,5 +1,5 @@ !== -!== DOMAIN.txt for Samba release 2.1.0prealpha 981204 +!== DOMAIN.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Samba Team Updated: December 4, 1998 (John H Terpstra) diff --git a/docs/textdocs/DOMAIN_CONTROL.txt b/docs/textdocs/DOMAIN_CONTROL.txt index ac3f618501..dd4afa3475 100644 --- a/docs/textdocs/DOMAIN_CONTROL.txt +++ b/docs/textdocs/DOMAIN_CONTROL.txt @@ -1,5 +1,5 @@ !== -!== DOMAIN_CONTROL.txt for Samba release 2.1.0prealpha 981204 +!== DOMAIN_CONTROL.txt for Samba release 2.0.4 18 May 1999 !== Initial Release: August 22, 1996 Contributor: John H Terpstra diff --git a/docs/textdocs/DOMAIN_MEMBER.txt b/docs/textdocs/DOMAIN_MEMBER.txt index 3238fde179..53fd6d94f9 100644 --- a/docs/textdocs/DOMAIN_MEMBER.txt +++ b/docs/textdocs/DOMAIN_MEMBER.txt @@ -1,7 +1,7 @@ TITLE INFORMATION: Joining an NT Domain with Samba 2.0 AUTHOR INFORMATION: Jeremy Allison, Samba Team -DATE INFORMATION: 11th November 1998 +DATE INFORMATION: 7th October 1999 Contents @@ -11,7 +11,8 @@ Joining an NT Domain with Samba 2.0 In order for a Samba-2 server to join an NT domain, you must first add the NetBIOS name of the Samba server to the NT domain on the PDC using Server Manager for Domains. This creates the machine account in the -domain (PDC) SAM. +domain (PDC) SAM. Note that you should add the Samba server as a "Windows +NT Workstation or Server", NOT as a Primary or backup domain controller. Assume you have a Samba-2 server with a NetBIOS name of SERV1 and are joining an NT domain called DOM, which has a PDC with a NetBIOS name @@ -75,6 +76,10 @@ workgroup = DOM as this is the name of the domain we are joining. +You must also have the parameter "encrypt passwords" +set to "yes" in order for your users to authenticate to the +NT PDC. + Finally, add (or modify) a: "password server =" @@ -89,19 +94,15 @@ each of these servers in order, so you may want to rearrange this list in order to spread out the authentication load among domain controllers. -Currently, Samba requires that a defined list of domain controllers be -listed in this parameter in order to authenticate with domain-level -security. NT does not use this method, and will either broadcast or -use a WINS database in order to find domain controllers to -authenticate against. +Alternatively, if you want smbd to automatically determine the +list of Domain controllers to use for authentication, you may set this line to be : -Originally, I considered this idea for Samba, but dropped it because -it seemed so insecure. However several Samba-2 alpha users have -requested that this feature be added to make Samba more NT-like, so -I'll probably add a special name of '*' (which means: act like NT -when looking for domain controllers) in a future release of the -code. At present, however, you need to know where your domain -controllers are. +password server = * + +This method, which is new in Samba 2.0.6 and above, allows Samba +to use exactly the same mechanism that NT does. This method either broadcasts or +uses a WINS database in order to find domain controllers to +authenticate against. Finally, restart your Samba daemons and get ready for clients to begin using domain security! diff --git a/docs/textdocs/ENCRYPTION.txt b/docs/textdocs/ENCRYPTION.txt index ace8ef88bd..89f30b0d53 100644 --- a/docs/textdocs/ENCRYPTION.txt +++ b/docs/textdocs/ENCRYPTION.txt @@ -1,8 +1,8 @@ !== -!== ENCRYPTION.txt for Samba release 2.1.0prealpha 981204 +!== ENCRYPTION.txt for Samba release 2.0.5a 22 Jul 1999 !== Contributor: Jeremy Allison -Updated: March 19, 1998 +Updated: April 19, 1999 Note: Please refer to WinNT.txt also Subject: LanManager / Samba Password Encryption. @@ -22,7 +22,7 @@ How does it work ? LanManager encryption is somewhat similar to UNIX password encryption. The server uses a file containing a hashed value of a -users password. This is created by taking the users plaintext +user's password. This is created by taking the user's plaintext password, capitalising it, and either truncating to 14 bytes (or padding to 14 bytes with null bytes). This 14 byte value is used as two 56 bit DES keys to encrypt a 'magic' eight byte value, forming a @@ -30,7 +30,7 @@ two 56 bit DES keys to encrypt a 'magic' eight byte value, forming a be known as the *hashed password*. Windows NT encryption is a higher quality mechanism, consisting -of doing an MD4 hash on a Unicode version of the users password. This +of doing an MD4 hash on a Unicode version of the user's password. This also produces a 16 byte hash value that is non-reversible. When a client (LanManager, Windows for WorkGroups, Windows 95 or @@ -51,10 +51,10 @@ In the SMB call SMBsessionsetupX (when user level security is selected) or the call SMBtconX (when share level security is selected) the 24 byte response is returned by the client to the Samba server. For Windows NT protocol levels the above calculation is done on -both hashes of the users password and both responses are returned +both hashes of the user's password and both responses are returned in the SMB call, giving two 24 byte values. -The Samba server then reproduces the above calculation, using it's own +The Samba server then reproduces the above calculation, using its own stored value of the 16 byte hashed password (read from the smbpasswd file - described later) and the challenge value that it kept from the negotiate protocol reply. It then checks to see if the 24 byte value it @@ -62,11 +62,11 @@ calculates matches the 24 byte value returned to it from the client. If these values match exactly, then the client knew the correct password (or the 16 byte hashed value - see security note below) and -is this allowed access. If not then the client did not know the +is thus allowed access. If not, then the client did not know the correct password and is denied access. Note that the Samba server never knows or stores the cleartext of the -users password - just the 16 byte hashed values derived from it. Also +user's password - just the 16 byte hashed values derived from it. Also note that the cleartext password or 16 byte hashed values are never transmitted over the network - thus increasing security. @@ -79,7 +79,7 @@ typically sends clear text passwords over the nextwork when logging in. This is bad. The SMB encryption scheme never sends the cleartext password over the network but it does store the 16 byte hashed values on disk. This is also bad. Why? Because the 16 byte hashed values are a -"password equivalent". You cannot derive the users password from them, +"password equivalent". You cannot derive the user's password from them, but they could potentially be used in a modified client to gain access to a server. This would require considerable technical knowledge on behalf of the attacker but is perfectly possible. You should thus @@ -106,7 +106,7 @@ a network sniffer cannot just record passwords going to the SMB server. - WinNT doesn't like talking to a server that isn't using SMB encrypted passwords. It will refuse to browse the server if the server -is also in user level security mode. It will insist on promting the +is also in user level security mode. It will insist on prompting the user for the password on each connection, which is very annoying. The only things you can do to stop this is to use SMB encryption. @@ -135,7 +135,7 @@ The smbpasswd file. In order for Samba to participate in the above protocol it must be able to look up the 16 byte hashed values given a user name. Unfortunately, as the UNIX password value is also a one way hash -function (ie. it is impossible to retrieve the cleartext of the users +function (ie. it is impossible to retrieve the cleartext of the user's password given the UNIX hash of it) then a separate password file containing this 16 byte value must be kept. To minimise problems with these two password files, getting out of sync, the UNIX /etc/passwd and @@ -177,10 +177,11 @@ chmod 600 smbpasswd. The format of the smbpasswd file is -username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Long name:user home dir:user shell +username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[Account type]:LCT-:Long name -Although only the username, uid, and XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -sections are significant and are looked at in the Samba code. +Although only the username, uid, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, +[Account type] and last-change-time sections are significant and +are looked at in the Samba code. It is *VITALLY* important that there by 32 'X' characters between the two ':' characters in the XXX sections - the smbpasswd and Samba code @@ -192,7 +193,7 @@ When the password file is created all users have password entries consisting of 32 'X' characters. By default this disallows any access as this user. When a user has a password set, the 'X' characters change to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii -representation of the 16 byte hashed value of a users password. +representation of the 16 byte hashed value of a user's password. To set a user to have no password (not recommended), edit the file using vi, and replace the first 11 characters with the asci text @@ -202,7 +203,7 @@ NO PASSWORD Eg. To clear the password for user bob, his smbpasswd file entry would look like : -bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Bob's full name:/bobhome:/bobshell +bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell If you are allowing users to use the smbpasswd command to set their own passwords, you may want to give users NO PASSWORD initially so they do @@ -214,7 +215,7 @@ that user with no password. Enable this by adding the line : null passwords = true to the [global] section of the smb.conf file (this is why the -above scenario is not recommended). Preferebly, allocate your +above scenario is not recommended). Preferably, allocate your users a default password to begin with, so you do not have to enable this on your server. @@ -236,16 +237,16 @@ setuid root (the new smbpasswd code enforces this restriction so it cannot be run this way by accident). smbpasswd now works in a client-server mode where it contacts -the local smbd to change the users password on its behalf. This +the local smbd to change the user's password on its behalf. This has enormous benefits - as follows. -1). smbpasswd no longer has to be setuid root - an enourmous +1). smbpasswd no longer has to be setuid root - an enormous range of potential security problems is eliminated. 2). smbpasswd now has the capability to change passwords on Windows NT servers (this only works when the request is sent to the NT Primary Domain Controller if you are changing -an NT Domain users password). +an NT Domain user's password). To run smbpasswd as a normal user just type : @@ -313,7 +314,7 @@ If this fails then you will find that you will need entries that look like this: # SMB password file. -tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Andrew Tridgell:/home/tridge:/bin/tcsh +tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Andrew Tridgell:/home/tridge:/bin/tcsh note that the uid and username fields must be right. Also, you must get the number of X's right (there should be 32). diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt index 7c21e96c6f..426cbfcee3 100644 --- a/docs/textdocs/Faxing.txt +++ b/docs/textdocs/Faxing.txt @@ -1,5 +1,5 @@ !== -!== Faxing.txt for Samba release 2.1.0prealpha 981204 +!== Faxing.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Gerhard Zuber Date: August 5th 1997. diff --git a/docs/textdocs/GOTCHAS.txt b/docs/textdocs/GOTCHAS.txt index 356da2eeac..023e33b1ce 100644 --- a/docs/textdocs/GOTCHAS.txt +++ b/docs/textdocs/GOTCHAS.txt @@ -1,5 +1,5 @@ !== -!== GOTCHAS.txt for Samba release 2.1.0prealpha 981204 +!== GOTCHAS.txt for Samba release 2.0.4 18 May 1999 !== This file lists Gotchas to watch out for: ========================================================================= diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt index 93a2263d97..87a77dacc1 100644 --- a/docs/textdocs/HINTS.txt +++ b/docs/textdocs/HINTS.txt @@ -1,5 +1,5 @@ !== -!== HINTS.txt for Samba release 2.1.0prealpha 981204 +!== HINTS.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Many Updated: Not for a long time! diff --git a/docs/textdocs/MIRRORS.txt b/docs/textdocs/MIRRORS.txt index 9b7c8ab23a..a133f261c5 100755 --- a/docs/textdocs/MIRRORS.txt +++ b/docs/textdocs/MIRRORS.txt @@ -1,5 +1,5 @@ !== -!== MIRRORS.txt for Samba release 2.1.0prealpha 981204 +!== MIRRORS.txt for Samba release 2.0.4 18 May 1999 !== For a list of web and ftp mirrors please see diff --git a/docs/textdocs/Macintosh_Clients.txt b/docs/textdocs/Macintosh_Clients.txt index 15ccce829e..2af6e213d1 100644 --- a/docs/textdocs/Macintosh_Clients.txt +++ b/docs/textdocs/Macintosh_Clients.txt @@ -1,5 +1,5 @@ !== -!== Macintosh_Clients.txt for Samba release 2.1.0prealpha 981204 +!== Macintosh_Clients.txt for Samba release 2.0.4 18 May 1999 !== > Are there any Macintosh clients for Samba? diff --git a/docs/textdocs/NTDOMAIN.txt b/docs/textdocs/NTDOMAIN.txt index f1207582bd..8408acb979 100644 --- a/docs/textdocs/NTDOMAIN.txt +++ b/docs/textdocs/NTDOMAIN.txt @@ -1,5 +1,5 @@ !== -!== NTDOMAIN.txt for Samba release 2.1.0prealpha 981204 +!== NTDOMAIN.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Luke Kenneth Casson Leighton (samba-bugs@samba.org) Copyright (C) 1997 Luke Kenneth Casson Leighton diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt index ff4acd5e98..9295f5c4bd 100644 --- a/docs/textdocs/NetBIOS.txt +++ b/docs/textdocs/NetBIOS.txt @@ -1,5 +1,5 @@ !== -!== NetBIOS.txt for Samba release 2.1.0prealpha 981204 +!== NetBIOS.txt for Samba release 2.0.4 18 May 1999 !== Contributor: lkcl - samba-bugs@arvidsjaur.anu.edu.au Copyright 1997 Luke Kenneth Casson Leighton diff --git a/docs/textdocs/OS2-Client-HOWTO.txt b/docs/textdocs/OS2-Client-HOWTO.txt index bc687c22ce..4413d387eb 100644 --- a/docs/textdocs/OS2-Client-HOWTO.txt +++ b/docs/textdocs/OS2-Client-HOWTO.txt @@ -1,5 +1,5 @@ !== -!== OS2-Client-HOWTO.txt for Samba release 2.1.0prealpha 981204 +!== OS2-Client-HOWTO.txt for Samba release 2.0.4 18 May 1999 !== diff --git a/docs/textdocs/PRINTER_DRIVER.txt b/docs/textdocs/PRINTER_DRIVER.txt index 63befa9e7f..5bf82e0cfe 100644 --- a/docs/textdocs/PRINTER_DRIVER.txt +++ b/docs/textdocs/PRINTER_DRIVER.txt @@ -1,5 +1,5 @@ !== -!== PRINTER_DRIVER.txt for Samba release 2.1.0prealpha 981204 +!== PRINTER_DRIVER.txt for Samba release 2.0.4 18 May 1999 !== ========================================================================== Supporting the famous PRINTER$ share diff --git a/docs/textdocs/PROFILES.txt b/docs/textdocs/PROFILES.txt index e0d271bd05..af9f99a002 100644 --- a/docs/textdocs/PROFILES.txt +++ b/docs/textdocs/PROFILES.txt @@ -1,5 +1,5 @@ !== -!== PROFILES.txt for Samba release 2.1.0prealpha 981204 +!== PROFILES.txt for Samba release 2.0.4 18 May 1999 !== Contributors: Bruce Cook Copyright (C) 1998 Bruce Cook diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt index ec633ee1b5..f86827367f 100644 --- a/docs/textdocs/Passwords.txt +++ b/docs/textdocs/Passwords.txt @@ -1,8 +1,8 @@ !== -!== Passwords.txt for Samba release 2.1.0prealpha 981204 +!== Passwords.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Unknown -Date: Unknown +Date: Updated April 19th 1999. Status: Current Subject: NOTE ABOUT PASSWORDS @@ -37,8 +37,8 @@ Unix password checking method you are using. Note that the AFS code is only written and tested for AFS 3.3 and later. -SECURITY = SERVER -================= +SECURITY = SERVER or DOMAIN +=========================== Samba can use a remote server to do its username/password validation. This allows you to have one central machine (for example a diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt index 3e894e68e5..358eab3b60 100644 --- a/docs/textdocs/Printing.txt +++ b/docs/textdocs/Printing.txt @@ -1,5 +1,5 @@ !== -!== Printing.txt for Samba release 2.1.0prealpha 981204 +!== Printing.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Unknown Date: Unknown @@ -54,7 +54,7 @@ might be: then you print a file and look at the /tmp/tmp.print file to see what is produced. Try printing this file with lpr. Does it work? If not -then your problem with with your lpr system, not with Samba. Often +then the problem is with your lpr system, not with Samba. Often people have problems with their /etc/printcap file or permissions on various print queues. @@ -95,18 +95,32 @@ If the above debug tips don't help, then maybe you need to bring in the bug gun, system tracing. See Tracing.txt in this directory. ===================================================================== -From Caldera Inc., the following documentation has been contributed: +From Caldera Inc., the following documentation has been +contributed. Note that it contains stuff that is only relevant on some +systems (specifically Caldera OpenLinux systems). 8.6 Setting up a raw SAMBA printer. -Note: this is not a guide on setting up SAMBA. It merely addresses creating a printer configuration that will allow the output of regular (i.e. not PostScript) Windows printer drivers to print through SAMBA. +Note: this is not a guide on setting up SAMBA. It merely addresses +creating a printer configuration that will allow the output of regular +(i.e. not PostScript) Windows printer drivers to print through SAMBA. -Regular Windows printer drivers can be used to print via SAMBA, but you must set up a raw printer entry in "/etc/printcap" to accomplish this. Also, a print command will need to be specified in "/etc/smb.conf" that forces binary printing. +Regular Windows printer drivers can be used to print via SAMBA, but +you must set up a raw printer entry in "/etc/printcap" to accomplish +this. Also, a print command will need to be specified in +"/etc/smb.conf" that forces binary printing. -The best way to start is to use printtool under X to create a new entry specifically for this printer. All you really need for it to do is create the necessary directories and set the permissions correctly, so don't worry about setting up a filter for a specific printer. Filters are not going to be used at all for this entry. +The best way to start is to use printtool under X to create a new +entry specifically for this printer. All you really need for it to do +is create the necessary directories and set the permissions correctly, +so don't worry about setting up a filter for a specific printer. +Filters are not going to be used at all for this entry. -Next, go into "/etc" and edit the printcap entry you just created, changing it to look like this (if you named it something other than raw, the entry name and spool directory should be changed here to match): +Next, go into "/etc" and edit the printcap entry you just created, +changing it to look like this (if you named it something other than +raw, the entry name and spool directory should be changed here to +match): raw:\ :rw:sh: \ @@ -114,12 +128,15 @@ raw:\ :sd=/var/spool/lpd/raw: \ :fx=flp: -When this is done and saved, edit the section of the smb.conf file that applies to the printer. Make sure the name of the section (enclosed in brackets) matches the name of the raw printer you just set up, then go down a line or two and add this line: +When this is done and saved, edit the section of the smb.conf file +that applies to the printer. Make sure the name of the section +(enclosed in brackets) matches the name of the raw printer you just +set up, then go down a line or two and add this line: print command = lpr -b -P%p %s -Save the file, change to "/etc/rc.d/init.d", and type the following commands -to restart the necessary daemons: +Save the file, change to "/etc/rc.d/init.d", and type the following +commands to restart the necessary daemons: ./lpd stop ./lpd start diff --git a/docs/textdocs/Recent-FAQs.txt b/docs/textdocs/Recent-FAQs.txt index b0e96d3c96..64af51a7a8 100644 --- a/docs/textdocs/Recent-FAQs.txt +++ b/docs/textdocs/Recent-FAQs.txt @@ -1,5 +1,5 @@ !== -!== Recent-FAQs.txt for Samba release 2.1.0prealpha 981204 +!== Recent-FAQs.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Samba-bugs@samba.org Date: July 5, 1998 diff --git a/docs/textdocs/RoutedNetworks.txt b/docs/textdocs/RoutedNetworks.txt index fb170319d8..35a185052f 100644 --- a/docs/textdocs/RoutedNetworks.txt +++ b/docs/textdocs/RoutedNetworks.txt @@ -1,5 +1,5 @@ !== -!== RoutedNetworks.txt for Samba release 2.1.0prealpha 981204 +!== RoutedNetworks.txt for Samba release 2.0.4 18 May 1999 !== #NOFNR Flag in LMHosts to Communicate Across Routers diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt index b9d1240306..d723a14889 100644 --- a/docs/textdocs/SCO.txt +++ b/docs/textdocs/SCO.txt @@ -1,5 +1,5 @@ !== -!== SCO.txt for Samba release 2.1.0prealpha 981204 +!== SCO.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Geza Makay Date: Unknown diff --git a/docs/textdocs/SSLeay.txt b/docs/textdocs/SSLeay.txt index 99ce214e3f..981e35e4ef 100644 --- a/docs/textdocs/SSLeay.txt +++ b/docs/textdocs/SSLeay.txt @@ -1,5 +1,5 @@ !== -!== SSLeay.txt for Samba release 2.1.0prealpha 981204 +!== SSLeay.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Christian Starkjohann Date: May 29, 1998 diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt index 73681f1ce2..b2fcd15cda 100644 --- a/docs/textdocs/Speed.txt +++ b/docs/textdocs/Speed.txt @@ -1,9 +1,6 @@ !== -!== Speed.txt for Samba release 2.1.0prealpha 981204 +!== Speed.txt for Samba release 2.0.4b 20 May 1999 !== -Contributor: Andrew Tridgell -Date: January 1995 -Status: Current Subject: Samba performance issues ============================================================================ @@ -63,6 +60,21 @@ option has been left in the code for backwards compatibility reasons but it's use is now deprecated. A short summary of what the old code did follows. +LEVEL2 OPLOCKS +-------------- + +With Samba 2.0.5 a new capability - level2 (read only) oplocks is +supported (although the option is off by default - see the smb.conf +man page for details). Turning on level2 oplocks (on a share-by-share basis) +by setting the parameter : + +level2 oplocks = true + +should speed concurrent access to files that are not commonly written +to, such as application serving shares (ie. shares that contain common +.EXE files - such as a Microsoft Office share) as it allows clients to +read-ahread cache copies of these files. + Old 'fake oplocks' option - deprecated. --------------------------------------- diff --git a/docs/textdocs/Speed2.txt b/docs/textdocs/Speed2.txt index 2a5baa144a..057f8e6bf3 100644 --- a/docs/textdocs/Speed2.txt +++ b/docs/textdocs/Speed2.txt @@ -1,5 +1,5 @@ !== -!== Speed2.txt for Samba release 2.1.0prealpha 981204 +!== Speed2.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Paul Cochrane Organization: Dundee Limb Fitting Centre diff --git a/docs/textdocs/Support.txt b/docs/textdocs/Support.txt index af5a9e0c46..ff342e3eac 100644 --- a/docs/textdocs/Support.txt +++ b/docs/textdocs/Support.txt @@ -1,5 +1,5 @@ !== -!== Support.txt for Samba release 2.1.0prealpha 981204 +!== Support.txt for Samba release 2.0.4 18 May 1999 !== The Samba Consultants List ========================== diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt index 31aef9bfc1..d156b34633 100644 --- a/docs/textdocs/Tracing.txt +++ b/docs/textdocs/Tracing.txt @@ -1,5 +1,5 @@ !== -!== Tracing.txt for Samba release 2.1.0prealpha 981204 +!== Tracing.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Andrew Tridgell Date: Old diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt index cea6001ff2..7d597af654 100644 --- a/docs/textdocs/UNIX-SMB.txt +++ b/docs/textdocs/UNIX-SMB.txt @@ -1,5 +1,5 @@ !== -!== UNIX-SMB.txt for Samba release 2.1.0prealpha 981204 +!== UNIX-SMB.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Andrew Tridgell Date: April 1995 diff --git a/docs/textdocs/UNIX_INSTALL.txt b/docs/textdocs/UNIX_INSTALL.txt index bc9d1c50b4..1de821e152 100644 --- a/docs/textdocs/UNIX_INSTALL.txt +++ b/docs/textdocs/UNIX_INSTALL.txt @@ -1,14 +1,5 @@ -!== -!== UNIX_INSTALL.txt for Samba release 2.1.0prealpha 981204 -!== -Contributor: Andrew Tridgell -Date: Unknown -Status: Current -Updated: November 13, 1998 - -Subject: HOW TO INSTALL AND TEST SAMBA -=============================================================================== - +HOW TO INSTALL AND TEST SAMBA +============================= STEP 0. Read the man pages. They contain lots of useful info that will help to get you started. If you don't know how to read man pages then diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt index 59a955ff7e..1a610d8e4c 100644 --- a/docs/textdocs/UNIX_SECURITY.txt +++ b/docs/textdocs/UNIX_SECURITY.txt @@ -1,5 +1,5 @@ !== -!== UNIX_SECURITY.txt for Samba release 2.1.0prealpha 981204 +!== UNIX_SECURITY.txt for Samba release 2.0.4 18 May 1999 !== Contributor: John H Terpstra Date: July 5, 1998 diff --git a/docs/textdocs/Win95.txt b/docs/textdocs/Win95.txt index c75edeefdd..417fe01220 100644 --- a/docs/textdocs/Win95.txt +++ b/docs/textdocs/Win95.txt @@ -1,5 +1,5 @@ !== -!== Win95.txt for Samba release 2.1.0prealpha 981204 +!== Win95.txt for Samba release 2.0.4 18 May 1999 !== Copyright (C) 1997 - Samba-Team Contributed Date: August 20, 1997 diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt index b0f614bbad..4894936aa9 100644 --- a/docs/textdocs/WinNT.txt +++ b/docs/textdocs/WinNT.txt @@ -1,5 +1,5 @@ !== -!== WinNT.txt for Samba release 2.1.0prealpha 981204 +!== WinNT.txt for Samba release 2.0.4 18 May 1999 !== Contributors: Various Password Section - Copyright (C) 1997 - John H Terpstra diff --git a/docs/textdocs/cifsntdomain.txt b/docs/textdocs/cifsntdomain.txt index 782267b780..ba6e0c46be 100644 --- a/docs/textdocs/cifsntdomain.txt +++ b/docs/textdocs/cifsntdomain.txt @@ -1,5 +1,5 @@ !== -!== cifsntdomain.txt for Samba release 2.1.0prealpha 981204 +!== cifsntdomain.txt for Samba release 2.0.4 18 May 1999 !== NT Domain Authentication ------------------------ diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt index 87e0e38d48..9c4680ebe1 100644 --- a/docs/textdocs/security_level.txt +++ b/docs/textdocs/security_level.txt @@ -1,5 +1,5 @@ !== -!== security_level.txt for Samba release 2.1.0prealpha 981204 +!== security_level.txt for Samba release 2.0.4 18 May 1999 !== Contributor: Andrew Tridgell Updated: June 27, 1997 @@ -59,16 +59,16 @@ maintain multiple authentication contexts in this way (WinDD is an example of an application that does this) -Ok, now for share level security. In share level security (the default -with samba) the client authenticates itself separately for each -share. It will send a password along with each "tree connection" -(share mount). It does not explicitly send a username with this -operation. The client is expecting a password to be associated with -each share, independent of the user. This means that samba has to work -out what username the client probably wants to use. It is never -explicitly sent the username. Some commercial SMB servers such as NT actually -associate passwords directly with shares in share level security, but -samba always uses the unix authentication scheme where it is a +Ok, now for share level security. In share level security the client +authenticates itself separately for each share. It will send a +password along with each "tree connection" (share mount). It does not +explicitly send a username with this operation. The client is +expecting a password to be associated with each share, independent of +the user. This means that samba has to work out what username the +client probably wants to use. It is never explicitly sent the +username. Some commercial SMB servers such as NT actually associate +passwords directly with shares in share level security, but samba +always uses the unix authentication scheme where it is a username/password that is authenticated, not a "share/password". Many clients send a "session setup" even if the server is in share -- cgit