From 7faabd42c5cd010f0c19e074e805e41047b5d6c2 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 1 Oct 2002 17:02:36 +0000 Subject: * fixed typos in SGML source * regenerated man pages (This used to be commit 89bbec5216e1e02469dea6f68ceb797dd9165c1f) --- docs/docbook/manpages/samba.7.sgml | 2 +- docs/docbook/manpages/vfstest.1.sgml | 44 +++---- docs/manpages/findsmb.1 | 16 +-- docs/manpages/lmhosts.5 | 30 ++--- docs/manpages/make_smbcodepage.1 | 34 ++--- docs/manpages/make_unicodemap.1 | 24 ++-- docs/manpages/net.8 | 13 +- docs/manpages/nmbd.8 | 76 +++++------ docs/manpages/nmblookup.1 | 35 ++--- docs/manpages/pdbedit.8 | 53 ++++---- docs/manpages/rpcclient.1 | 148 +++++++++++---------- docs/manpages/samba.7 | 42 +++--- docs/manpages/smb.conf.5 | 68 +++++++--- docs/manpages/smbcacls.1 | 83 ++++++------ docs/manpages/smbclient.1 | 6 +- docs/manpages/smbcontrol.1 | 43 ++++--- docs/manpages/smbd.8 | 75 +++++------ docs/manpages/smbgroupedit.8 | 68 +++++----- docs/manpages/smbmnt.8 | 17 +-- docs/manpages/smbmount.8 | 33 +++-- docs/manpages/smbpasswd.5 | 30 ++--- docs/manpages/smbpasswd.8 | 66 +++++----- docs/manpages/smbsh.1 | 48 ++++--- docs/manpages/smbspool.8 | 29 ++--- docs/manpages/smbstatus.1 | 14 +- docs/manpages/smbtar.1 | 41 +++--- docs/manpages/smbumount.8 | 15 ++- docs/manpages/swat.8 | 53 ++++---- docs/manpages/testparm.1 | 8 +- docs/manpages/testprns.1 | 23 ++-- docs/manpages/vfstest.1 | 25 ++-- docs/manpages/wbinfo.1 | 57 ++++---- docs/manpages/winbindd.8 | 243 +++++++++++------------------------ 33 files changed, 753 insertions(+), 809 deletions(-) (limited to 'docs') diff --git a/docs/docbook/manpages/samba.7.sgml b/docs/docbook/manpages/samba.7.sgml index ce443e78d9..17865edd81 100644 --- a/docs/docbook/manpages/samba.7.sgml +++ b/docs/docbook/manpages/samba.7.sgml @@ -124,7 +124,7 @@ If you require help, visit the Samba webpage at http://www.samba.org/ and explore the many option available to you. - + diff --git a/docs/docbook/manpages/vfstest.1.sgml b/docs/docbook/manpages/vfstest.1.sgml index 11878c1c89..9a7eff1939 100644 --- a/docs/docbook/manpages/vfstest.1.sgml +++ b/docs/docbook/manpages/vfstest.1.sgml @@ -16,8 +16,8 @@ vfstest -d debuglevel - -c "command" - -l "logfile" + -c command + -l logfile -h @@ -28,9 +28,9 @@ This tool is part of the Samba suite. - vfstest is a small command line + vfstest is a small command line utility that has the ability to test dso samba VFS modules. It gives the - user the ability to call the various VFS functions manually and + user the ability to call the various VFS functions manually and supports cascaded VFS modules. @@ -43,20 +43,20 @@ -c|--command=command - Execute the specified (colon-seperated) commands. + Execute the specified (colon-seperated) commands. See below for the commands that are available. - + -d|--debug=debuglevel - set the debuglevel. Debug level 0 is the lowest + set the debuglevel. Debug level 0 is the lowest and 100 being the highest. This should be set to 100 if you are - planning on submitting a bug report to the Samba team (see - BUGS.txt). + planning on submitting a bug report to the Samba team (see + BUGS.txt). - + -h|--help Print a summary of command line options. @@ -65,8 +65,8 @@ -l|--logfile=logbasename - File name for log/debug files. The extension - '.client' will be appended. The log file is never removed + File name for log/debug files. The extension + '.client' will be appended. The log file is never removed by the client. @@ -81,10 +81,10 @@ VFS COMMANDS load <module.so> - Load specified VFS module - + populate <char> <size> - Populate a data buffer with the specified data - + showdata [<offset> <len>] - Show data currently in data buffer @@ -122,9 +122,9 @@ mknod - VFS mknod() realpath - VFS realpath() - + GENERAL COMMANDS - + conf <smb.conf> - Load a different configuration file help [<command>] - Get list of commands or info about specified command @@ -134,25 +134,25 @@ freemem - Free memory currently in use exit - Exit vfstest - + VERSION - This man page is correct for version 3.0 of the Samba + This man page is correct for version 3.0 of the Samba suite. AUTHOR - - The original Samba software and related utilities + + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. - + The vfstest man page was written by Jelmer Vernooij. diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1 index c10076fd5c..c5553267b5 100644 --- a/docs/manpages/findsmb.1 +++ b/docs/manpages/findsmb.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "FINDSMB" "1" "20 augustus 2002" "" "" +.TH "FINDSMB" "1" "01 October 2002" "" "" .SH NAME findsmb \- list info about machines that respond to SMB name queries on a subnet .SH SYNOPSIS @@ -12,12 +12,12 @@ findsmb \- list info about machines that respond to SMB name queries on a subne .SH "DESCRIPTION" .PP -This perl script is part of the Samba suite. +This perl script is part of the Samba suite. .PP \fBfindsmb\fR is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests. -It uses \fB nmblookup(1)\fR and \fBsmbclient(1)\fR to obtain this information. +It uses \fB nmblookup(1)\fR to obtain this information. .SH "OPTIONS" .TP \fBsubnet broadcast address\fR @@ -25,7 +25,7 @@ Without this option, \fBfindsmb \fR will probe the subnet of the machine where \fBfindsmb\fR is run. This value is passed to \fBnmblookup\fR as part of the --B option +-B option. .SH "EXAMPLES" .PP The output of \fBfindsmb\fR lists the following @@ -41,13 +41,13 @@ Machines that are running Windows, Windows 95 or Windows 98 will not show any information about the operating system or server version. .PP -The command must be run on a system without \fBnmbd\fR running. +The command must be run on a system without \fBnmbd\fR running. If \fBnmbd\fR is running on the system, you will only get the IP address and the DNS name of the machine. To get proper responses from Windows 95 and Windows 98 machines, the command must be run as root. .PP -For example running \fBfindsmb\fR on a machine +For example, running \fBfindsmb\fR on a machine without \fBnmbd\fR running would yield output similar to the following @@ -72,9 +72,9 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR , +\fBnmbd(8)\fR \fBsmbclient(1) -\fR , and \fBnmblookup(1)\fR +\fR and \fBnmblookup(1)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5 index ed3a81251b..f13d8ff78a 100644 --- a/docs/manpages/lmhosts.5 +++ b/docs/manpages/lmhosts.5 @@ -1,20 +1,20 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "LMHOSTS" "5" "28 January 2002" "" "" +.TH "LMHOSTS" "5" "01 October 2002" "" "" .SH NAME lmhosts \- The Samba NetBIOS hosts file .SH SYNOPSIS .PP -\fIlmhosts\fR is the SambaNetBIOS name to IP address mapping file. +\fIlmhosts\fR is the Samba NetBIOS name to IP address mapping file. .SH "DESCRIPTION" .PP -This file is part of the Sambasuite. +This file is part of the Samba suite. .PP \fIlmhosts\fR is the \fBSamba -\fRNetBIOS name to IP address mapping file. It +\fR NetBIOS name to IP address mapping file. It is very similar to the \fI/etc/hosts\fR file format, except that the hostname component must correspond to the NetBIOS naming format. @@ -40,8 +40,7 @@ name, whatever the NetBIOS name type in the lookup. .PP An example follows : .PP -.PP -.sp + .nf # # Sample Samba lmhosts file. @@ -50,25 +49,20 @@ An example follows : 192.9.200.20 NTSERVER#20 192.9.200.21 SAMBASERVER -.sp .fi .PP -.PP Contains three IP to NetBIOS name mappings. The first and third will be returned for any queries for the names "TESTPC" and "SAMBASERVER" respectively, whatever the type component of the NetBIOS name requested. .PP -.PP The second mapping will be returned only when the "0x20" name type for a name "NTSERVER" is queried. Any other name type will not be resolved. .PP -.PP The default location of the \fIlmhosts\fR file -is in the same directory as the -smb.conf(5)>file. -.PP +is in the same directory as the +smb.conf(5)> file. .SH "VERSION" .PP This man page is correct for version 2.2 of @@ -76,7 +70,7 @@ the Samba suite. .SH "SEE ALSO" .PP \fBsmbclient(1) -\fR +\fR and \fB smbpasswd(8)\fR .SH "AUTHOR" .PP The original Samba software and related utilities @@ -88,5 +82,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1 index 915f0fc44b..143f24dc43 100644 --- a/docs/manpages/make_smbcodepage.1 +++ b/docs/manpages/make_smbcodepage.1 @@ -1,17 +1,18 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "MAKE_SMBCODEPAGE" "1" "28 January 2002" "" "" +.TH "MAKE_SMBCODEPAGE" "1" "01 October 2002" "" "" .SH NAME make_smbcodepage \- construct a codepage file for Samba .SH SYNOPSIS -.sp + \fBmake_smbcodepage\fR \fBc|d\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBmake_smbcodepage\fR compiles or de-compiles codepage files for use with the internationalization features @@ -30,10 +31,10 @@ number, e.g. 850). .TP \fBinputfile\fR This is the input file to process. In -the \fIc\fR case this will be a text -codepage definition file such as the ones found in the Samba +the \fIc\fR case, this will be a text +codepage definition file such as the ones found in the Samba \fIsource/codepages\fR directory. In -the \fId\fR case this will be the +the \fId\fR case, this will be the binary format codepage definition file normally found in the \fIlib/codepages\fR directory in the Samba install directory path. @@ -43,7 +44,7 @@ This is the output file to produce. .SH "SAMBA CODEPAGE FILES" .PP A text Samba codepage definition file is a description -that tells Samba how to map from upper to lower case for +that tells Samba how to map from upper to lower case for characters greater than ascii 127 in the specified DOS code page. Note that for certain DOS codepages (437 for example) mapping from lower to upper case may be non-symmetrical. For example, in @@ -103,9 +104,8 @@ Samba if it is to map the given lower case character to the given upper case character when upper casing a filename. .PP \fBcodepage.\fR - These are the -output (binary) codepage files produced and placed in the Samba +output (binary) codepage files produced and placed in the Samba destination \fIlib/codepage\fR directory. -.PP .SH "INSTALLATION" .PP The location of the server and its support files is a @@ -113,9 +113,9 @@ matter for individual system administrators. The following are thus suggestions only. .PP It is recommended that the \fBmake_smbcodepage -\fRprogram be installed under the \fI/usr/local/samba -\fRhierarchy, in a directory readable by all, writeable -only by root. The program itself should be executable by all. The +\fR program be installed under the \fI/usr/local/samba +\fR hierarchy, in a directory readable by all, writeable +only by root. The program itself should be executable by all. The program should NOT be setuid or setgid! .SH "VERSION" .PP @@ -123,7 +123,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP @@ -136,5 +136,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/make_unicodemap.1 b/docs/manpages/make_unicodemap.1 index a49d66d7a7..0c506349e7 100644 --- a/docs/manpages/make_unicodemap.1 +++ b/docs/manpages/make_unicodemap.1 @@ -1,17 +1,18 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "MAKE_UNICODEMAP" "1" "28 January 2002" "" "" +.TH "MAKE_UNICODEMAP" "1" "01 October 2002" "" "" .SH NAME make_unicodemap \- construct a unicode map file for Samba .SH SYNOPSIS -.sp + \fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR + .SH "DESCRIPTION" .PP -This tool is part of the Samba +This tool is part of the Samba suite. .PP \fBmake_unicodemap\fR compiles text unicode map @@ -48,7 +49,7 @@ in the Samba \fIsource/codepages\fR directory. .PP A text unicode map file consists of multiple lines -containing two fields. These fields are : +containing two fields. These fields are : .TP 0.2i \(bu \fIcharacter\fR - which is @@ -59,11 +60,10 @@ the (hex) character mapped on this line. is the (hex) 16 bit unicode character that the character will map to. .PP -\fIunicode_map.\fR - These are +\fIunicode_map.\fR - These are the output (binary) unicode map files produced and placed in the Samba destination \fIlib/codepage\fR directory. -.PP .SH "INSTALLATION" .PP The location of the server and its support files is a matter @@ -74,7 +74,7 @@ It is recommended that the \fBmake_unicodemap\fR program be installed under the \fI$prefix/samba\fR hierarchy, in a directory readable by all, writeable only by root. The -program itself should be executable by all. The program +program itself should be executable by all. The program should NOT be setuid or setgid! .SH "VERSION" .PP @@ -82,7 +82,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP @@ -95,5 +95,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/net.8 b/docs/manpages/net.8 index e063e3c229..fd2a450a6b 100644 --- a/docs/manpages/net.8 +++ b/docs/manpages/net.8 @@ -1,17 +1,18 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NET" "8" "28 January 2002" "" "" +.TH "NET" "8" "01 October 2002" "" "" .SH NAME net \- Tool for administration of Samba and remote CIFS servers. .SH SYNOPSIS -.sp + \fBnet\fR \fB\fR + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .SH "OPTIONS" .PP .SH "COMMANDS" diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index 875de31f42..d5662dbdb4 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -1,14 +1,15 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NMBD" "8" "08 May 2002" "" "" +.TH "NMBD" "8" "01 October 2002" "" "" .SH NAME nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients .SH SYNOPSIS -.sp -\fBnmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d \fR ] [ \fB-H \fR ] [ \fB-l \fR ] [ \fB-n \fR ] [ \fB-p \fR ] [ \fB-s \fR ] + +\fBnmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d \fR ] [ \fB-H \fR ] [ \fB-l \fR ] [ \fB-n \fR ] [ \fB-p \fR ] [ \fB-s \fR ] + .SH "DESCRIPTION" .PP This program is part of the Samba suite. @@ -27,13 +28,13 @@ IP number a specified host is using. Amongst other services, \fBnmbd\fR will listen for such requests, and if its own NetBIOS name is specified it will respond with the IP number of the host it -is running on. Its "own NetBIOS name" is by +is running on. Its "own NetBIOS name" is by default the primary DNS name of the host it is running on, but this can be overridden with the \fB-n\fR option (see OPTIONS below). Thus \fBnmbd\fR will reply to broadcast queries for its own name(s). Additional names for \fBnmbd\fR to respond on can be set -via parameters in the \fI smb.conf(5)\fRconfiguration file. +via parameters in the \fI smb.conf(5)\fR configuration file. .PP \fBnmbd\fR can also be used as a WINS (Windows Internet Name Server) server. What this basically means @@ -43,7 +44,7 @@ replying to queries from clients for these names. .PP In addition, \fBnmbd\fR can act as a WINS proxy, relaying broadcast queries from clients that do -not understand how to talk the WINS protocol to a WIN +not understand how to talk the WINS protocol to a WINS server. .SH "OPTIONS" .TP @@ -58,19 +59,19 @@ meta-daemon, although this is not recommended. .TP \fB-a\fR If this parameter is specified, each new -connection will append log messages to the log file. +connection will append log messages to the log file. This is the default. .TP \fB-i\fR If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell. Setting this -parameter negates the implicit deamon mode when run from the +parameter negates the implicit daemon mode when run from the command line. .TP \fB-o\fR If this parameter is specified, the -log files will be overwritten when opened. By default, +log files will be overwritten when opened. By default, \fBsmbd\fR will append entries to the log files. .TP @@ -79,10 +80,10 @@ Prints the help information (usage) for \fBnmbd\fR. .TP \fB-H \fR -NetBIOS lmhosts file. The lmhosts +NetBIOS lmhosts file. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name -resolution mechanism name resolve order +resolution mechanism name resolve order described in \fIsmb.conf(5)\fR to resolve any NetBIOS name queries needed by the server. Note that the contents of this file are \fBNOT\fR used by \fBnmbd\fR to answer any name queries. @@ -93,8 +94,9 @@ The default path to this file is compiled into Samba as part of the build process. Common defaults are \fI/usr/local/samba/lib/lmhosts\fR, \fI/usr/samba/lib/lmhosts\fR or -\fI/etc/lmhosts\fR. See the \fIlmhosts(5)\fRman page for details on the -contents of this file. +\fI/etc/lmhosts\fR. See the +\fIlmhosts(5)\fR +man page for details on the contents of this file. .TP \fB-V\fR Prints the version number for @@ -102,7 +104,7 @@ Prints the version number for .TP \fB-d \fR debuglevel is an integer -from 0 to 10. The default value if this parameter is +from 0 to 10. The default value if this parameter is not specified is zero. The higher this value, the more detail will @@ -119,24 +121,24 @@ and generate HUGE amounts of log data, most of which is extremely cryptic. Note that specifying this parameter here will override -the log level -parameter in the \fI smb.conf\fRfile. +the log level +parameter in the \fI smb.conf(5)\fR file. .TP \fB-l \fR The -l parameter specifies a directory into which the "log.nmbd" log file will be created -for operational data from the running -\fBnmbd\fR server. The default log directory is compiled into Samba -as part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or -\fI/var/log/log.nmb\fR. \fBBeware:\fR +for operational data from the running \fBnmbd\fR +server. The default log directory is compiled into Samba +as part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or +\fI/var/log/log.nmb\fR. \fBBeware:\fR If the directory specified does not exist, \fBnmbd\fR will log to the default debug log location defined at compile time. .TP \fB-n \fR This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the NetBIOS nameparameter in the -\fIsmb.conf\fRfile. However, a command +to setting the NetBIOS name parameter in the +\fIsmb.conf\fR file. However, a command line setting will take precedence over settings in \fIsmb.conf\fR. .TP @@ -149,18 +151,18 @@ won't need help! .TP \fB-s \fR The default configuration file name -is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but +is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but this may be changed when Samba is autoconfigured. The file specified contains the configuration details -required by the server. See \fIsmb.conf(5)\fRfor more information. +required by the server. See \fIsmb.conf(5)\fR for more information. .SH "FILES" .TP \fB\fI/etc/inetd.conf\fB\fR If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the -meta-daemon. See the UNIX_INSTALL.htmldocument +meta-daemon. See the UNIX_INSTALL.html document for details. .TP \fB\fI/etc/rc\fB\fR @@ -169,7 +171,7 @@ system uses). If running the server as a daemon at startup, this file will need to contain an appropriate startup -sequence for the server. See the UNIX_INSTALL.htmldocument +sequence for the server. See the UNIX_INSTALL.html document for details. .TP \fB\fI/etc/services\fB\fR @@ -195,11 +197,11 @@ will store the WINS database in the file \fIwins.dat\fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself. -If \fBnmbd\fR is acting as a \fB browse master\fR (see the local master +If \fBnmbd\fR is acting as a \fB browse master\fR (see the local master parameter in the \fIsmb.conf(5)\fR man page, \fBnmbd\fR will store the browsing database in the file \fIbrowse.dat -\fRin the \fIvar/locks\fR directory +\fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself. .SH "SIGNALS" .PP @@ -211,7 +213,7 @@ a SIGTERM (-15) signal and wait for it to die on its own. .PP \fBnmbd\fR will accept SIGHUP, which will cause it to dump out its namelists into the file \fInamelist.debug -\fRin the \fI/usr/local/samba/var/locks\fR +\fR in the \fI/usr/local/samba/var/locks\fR directory (or the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself). This will also cause \fBnmbd\fR to dump out its server database in @@ -219,7 +221,7 @@ the \fIlog.nmb\fR file. .PP The debug log level of nmbd may be raised or lowered using \fBsmbcontrol(1)\fR -(SIGUSR[1|2] signals are no longer used in Samba 2.2). This is + (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level. .SH "VERSION" @@ -228,10 +230,10 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBinetd(8)\fR, \fBsmbd(8)\fR, +\fBinetd(8)\fR, \fBsmbd(8)\fR \fIsmb.conf(5)\fR -, \fBsmbclient(1) -\fR, and the Internet RFC's + \fBsmbclient(1) +\fR and the Internet RFC's \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. In addition the CIFS (formerly SMB) specification is available as a link from the Web page @@ -247,5 +249,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 index ed6bd38eba..49f602ab42 100644 --- a/docs/manpages/nmblookup.1 +++ b/docs/manpages/nmblookup.1 @@ -1,17 +1,18 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NMBLOOKUP" "1" "28 January 2002" "" "" +.TH "NMBLOOKUP" "1" "01 October 2002" "" "" .SH NAME nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names .SH SYNOPSIS -.sp -\fBnmblookup\fR [ \fB-M\fR ] [ \fB-R\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B \fR ] [ \fB-U \fR ] [ \fB-d \fR ] [ \fB-s \fR ] [ \fB-i \fR ] [ \fB-T\fR ] \fBname\fR + +\fBnmblookup\fR [ \fB-M\fR ] [ \fB-R\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B \fR ] [ \fB-U \fR ] [ \fB-d \fR ] [ \fB-s \fR ] [ \fB-i \fR ] [ \fB-T\fR ] \fBname\fR + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBnmblookup\fR is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP @@ -22,15 +23,15 @@ are done over UDP. .TP \fB-M\fR Searches for a master browser by looking -up the NetBIOS name \fIname\fR with a -type of 0x1d. If \fI name\fR is "-" then it does a lookup on the special name +up the NetBIOS name \fIname\fR with a +type of 0x1d. If \fI name\fR is "-" then it does a lookup on the special name __MSBROWSE__. .TP \fB-R\fR Set the recursion desired bit in the packet to do a recursive lookup. This is used when sending a name query to a machine running a WINS server and the user wishes -to query the names in the WINS server. If this bit is unset +to query the names in the WINS server. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead. See rfc1001, rfc1002 for details. .TP @@ -45,7 +46,7 @@ datagrams. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and -in addition, if the nmbd(8) +in addition, if the nmbd(8) daemon is running on this machine it also binds to this port. .TP \fB-A\fR @@ -60,7 +61,7 @@ Send the query to the given broadcast address. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto-detected or defined in the \fIinterfaces\fR -parameter of the \fIsmb.conf (5)\fR file. + parameter of the \fIsmb.conf (5)\fR file. .TP \fB-U \fR Do a unicast query to the specified address or @@ -84,11 +85,11 @@ Levels above 3 are designed for use only by developers and generate HUGE amounts of data, most of which is extremely cryptic. Note that specifying this parameter here will override -the \fI log level\fRparameter in the \fI smb.conf(5)\fR file. +the \fI log level\fR parameter in the \fI smb.conf(5)\fR file. .TP \fB-s \fR This parameter specifies the pathname to -the Samba configuration file, smb.conf(5). This file controls all aspects of +the Samba configuration file, smb.conf(5) This file controls all aspects of the Samba setup on the machine. .TP \fB-i \fR @@ -137,8 +138,8 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR, -samba(7) +\fBnmbd(8)\fR +samba(7) and smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities @@ -150,5 +151,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index 523751712d..38e5efab59 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "PDBEDIT" "8" "20 August 2002" "" "" +.TH "PDBEDIT" "8" "01 October 2002" "" "" .SH NAME pdbedit \- manage the SAM database .SH SYNOPSIS @@ -12,14 +12,14 @@ pdbedit \- manage the SAM database .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The pdbedit program is used to manage the users accounts -stored in the sam database and can be run only by root. +stored in the sam database and can only be run by root. .PP -The pdbedit tool use the passdb modular interface and is +The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there -are smbpasswd, ldap, nis+ and tdb based and more can be addedd +are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool). .PP There are five main ways to use pdbedit: adding a user account, @@ -28,7 +28,7 @@ accounts, importing users accounts. .SH "OPTIONS" .TP \fB-l\fR -This option list all the user accounts +This option lists all the user accounts present in the users database. This option prints a list of user/uid pairs separated by the ':' character. @@ -43,8 +43,8 @@ Example: \fBpdbedit -l\fR .fi .TP \fB-v\fR -This option sets the verbose listing format. -It will make pdbedit list the users in the database printing +This option enables the verbose listing format. +It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format. Example: \fBpdbedit -l -v\fR @@ -74,9 +74,9 @@ Example: \fBpdbedit -l -v\fR .TP \fB-w\fR This option sets the "smbpasswd" listing format. -It will make pdbedit list the users in the database printing +It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the -\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fRfor details) +\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fR for details) Example: \fBpdbedit -l -w\fR @@ -88,8 +88,8 @@ Example: \fBpdbedit -l -w\fR .fi .TP \fB-u username\fR -This option specifies that the username to be -used for the operation requested (listing, adding, removing) +This option specifies the username to be +used for the operation requested (listing, adding, removing). It is \fBrequired\fR in add, remove and modify operations and \fBoptional\fR in list operations. @@ -131,9 +131,9 @@ Example: \fB-p "\\\\\\\\BERSERKER\\\\netlogon"\fR .TP \fB-a\fR This option is used to add a user into the -database. This command need the user name be specified with -the -u switch. When adding a new user pdbedit will also -ask for the password to be used +database. This command needs a user name specified with +the -u switch. When adding a new user, pdbedit will also +ask for the password to be used. Example: \fBpdbedit -a -u sorce\fR @@ -152,23 +152,28 @@ Example: \fBpdbedit -a -m -u w2k-wks\fR .TP \fB-x\fR This option causes pdbedit to delete an account -from the database. It need the username be specified with the +from the database. It needs a username specified with the -u switch. Example: \fBpdbedit -x -u bob\fR .TP \fB-i passdb-backend\fR -Use a different passdb backend to retrieve users than the one specified in smb.conf. Can be used to import data into your -local user database. +Use a different passdb backend to retrieve users +than the one specified in smb.conf. Can be used to import data into +your local user database. -This option will ease migration from one passdb backend to another. +This option will ease migration from one passdb backend to +another. -Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old\fR +Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old +\fR .TP \fB-e passdb-backend\fR -Export all currently available users to the specified password database backend. +Exports all currently available users to the +specified password database backend. -This option will ease migration from one passdb backend to another and will ease backupping +This option will ease migration from one passdb backend to +another and will ease backing up. Example: \fBpdbedit -e smbpasswd:/root/samba-users.backup\fR .TP @@ -185,7 +190,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -smbpasswd(8), +smbpasswd(8) samba(7) .SH "AUTHOR" .PP @@ -197,6 +202,6 @@ to the way the Linux kernel is developed. The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at -ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index ea112a35ad..083aef4f5f 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -1,43 +1,43 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "RPCCLIENT" "1" "15 August 2002" "" "" +.TH "RPCCLIENT" "1" "01 October 2002" "" "" .SH NAME rpcclient \- tool for executing client side MS-RPC functions .SH SYNOPSIS -.sp -\fBrpcclient\fR [ \fB-A authfile\fR ] [ \fB-c \fR ] [ \fB-d debuglevel\fR ] [ \fB-h\fR ] [ \fB-l logfile\fR ] [ \fB-N\fR ] [ \fB-s \fR ] [ \fB-U username[%password]\fR ] [ \fB-W workgroup\fR ] [ \fB-N\fR ] [ \fB-I destinationIP\fR ] \fBserver\fR + +\fBrpcclient\fR [ \fB-A authfile\fR ] [ \fB-c \fR ] [ \fB-d debuglevel\fR ] [ \fB-h\fR ] [ \fB-l logfile\fR ] [ \fB-N\fR ] [ \fB-s \fR ] [ \fB-U username[%password]\fR ] [ \fB-W workgroup\fR ] [ \fB-N\fR ] [ \fB-I destinationIP\fR ] \fBserver\fR + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBrpcclient\fR is a utility initially developed -to test MS-RPC functionality in Samba itself. It has undergone -several stages of development and stability. Many system administrators +to test MS-RPC functionality in Samba itself. It has undergone +several stages of development and stability. Many system administrators have now written scripts around it to manage Windows NT clients from their UNIX workstation. .SH "OPTIONS" .TP \fBserver\fR NetBIOS name of Server to which to connect. -The server can be any SMB/CIFS server. The name is -resolved using the \fIname resolve order\fRline from +The server can be any SMB/CIFS server. The name is +resolved using the \fIname resolve order\fR line from \fIsmb.conf(5)\fR. .TP \fB-A|--authfile=filename\fR This option allows you to specify a file from which to read the username and -password used in the connection. The format of the file is +password used in the connection. The format of the file is + -.sp .nf username = password = domain = -.sp .fi Make certain that the permissions on the file restrict @@ -73,16 +73,17 @@ above. .TP \fB-l|--logfile=logbasename\fR File name for log/debug files. The extension -\&'.client' will be appended. The log file is never removed -by the client. +\&'.client' will be appended. The log file is +never removed by the client. .TP \fB-N|--nopass\fR instruct \fBrpcclient\fR not to ask -for a password. By default, \fBrpcclient\fR will prompt -for a password. See also the \fI-U\fR option. +for a password. By default, \fBrpcclient\fR will +prompt for a password. See also the \fI-U\fR +option. .TP \fB-s|--conf=smb.conf\fR -Specifies the location of the all important +Specifies the location of the all-important \fIsmb.conf\fR file. .TP \fB-U|--user=username[%password]\fR @@ -95,24 +96,24 @@ string is uppercased. If these environmental variables are not found, the username GUEST is used. A third option is to use a credentials file which -contains the plaintext of the username and password. This -option is mainly provided for scripts where the admin doesn't -desire to pass the credentials on the command line or via environment +contains the plaintext of the username and password. This +option is mainly provided for scripts where the admin does not +wish to pass the credentials on the command line or via environment variables. If this method is used, make certain that the permissions -on the file restrict access from unwanted users. See the +on the file restrict access from unwanted users. See the \fI-A\fR for more details. Be cautious about including passwords in scripts. Also, on many systems the command line of a running process may be seen -via the \fBps\fR command. To be safe always allow +via the \fBps\fR command. To be safe always allow \fBrpcclient\fR to prompt for a password and type it in directly. .TP \fB-W|--workgroup=domain\fR -Set the SMB domain of the username. This +Set the SMB domain of the username. This overrides the default domain which is the domain defined in -smb.conf. If the domain specified is the same as the server's NetBIOS name, -it causes the client to log on using the server's local SAM (as +smb.conf. If the domain specified is the same as the server's NetBIOS name, +it causes the client to log on using the server's local SAM (as opposed to the Domain SAM). .SH "COMMANDS" .PP @@ -126,16 +127,14 @@ opposed to the Domain SAM). of SIDs to usernames. .TP 0.2i \(bu -\fBlookupnames\fR - Resolve s list +\fBlookupnames\fR - Resolve a list of usernames to SIDs. .TP 0.2i \(bu \fBenumtrusts\fR .PP .PP -.PP \fBSAMR\fR -.PP .TP 0.2i \(bu \fBqueryuser\fR @@ -162,22 +161,20 @@ of usernames to SIDs. \fBenumdomgroups\fR .PP .PP -.PP \fBSPOOLSS\fR -.PP .TP 0.2i \(bu \fBadddriver \fR - Execute an AddPrinterDriver() RPC to install the printer driver -information on the server. Note that the driver files should -already exist in the directory returned by -\fBgetdriverdir\fR. Possible values for +information on the server. Note that the driver files should +already exist in the directory returned by +\fBgetdriverdir\fR. Possible values for \fIarch\fR are the same as those for the \fBgetdriverdir\fR command. The \fIconfig\fR parameter is defined as follows: -.sp + .nf Long Printer Name:\\ Driver File Name:\\ @@ -188,38 +185,37 @@ follows: Default Data Type:\\ Comma Separated list of Files -.sp .fi Any empty fields should be enter as the string "NULL". Samba does not need to support the concept of Print Monitors since these only apply to local printers whose driver can make -use of a bi-directional link for communication. This field should -be "NULL". On a remote NT print server, the Print Monitor for a +use of a bi-directional link for communication. This field should +be "NULL". On a remote NT print server, the Print Monitor for a driver must already be installed prior to adding the driver or else the RPC will fail. .TP 0.2i \(bu \fBaddprinter \fR -- Add a printer on the remote server. This printer -will be automatically shared. Be aware that the printer driver +- Add a printer on the remote server. This printer +will be automatically shared. Be aware that the printer driver must already be installed on the server (see \fBadddriver\fR) and the \fIport\fRmust be a valid port name (see \fBenumports\fR. .TP 0.2i \(bu \fBdeldriver\fR - Delete the -specified printer driver for all architectures. This +specified printer driver for all architectures. This does not delete the actual driver files from the server, only the entry from the server's list of drivers. .TP 0.2i \(bu \fBenumdata\fR - Enumerate all -printer setting data stored on the server. On Windows NT clients, -these values are stored in the registry, while Samba servers -store them in the printers TDB. This command corresponds +printer setting data stored on the server. On Windows NT clients, +these values are stored in the registry, while Samba servers +store them in the printers TDB. This command corresponds to the MS Platform SDK GetPrinterData() function (* This command is currently unimplemented). .TP 0.2i @@ -236,22 +232,22 @@ info level. Currently only info levels 1 and 2 are supported. .TP 0.2i \(bu \fBenumdrivers [level]\fR -- Execute an EnumPrinterDrivers() call. This lists the various installed -printer drivers for all architectures. Refer to the MS Platform SDK +- Execute an EnumPrinterDrivers() call. This lists the various installed +printer drivers for all architectures. Refer to the MS Platform SDK documentation for more details of the various flags and calling options. Currently supported info levels are 1, 2, and 3. .TP 0.2i \(bu \fBenumprinters [level]\fR -- Execute an EnumPrinters() call. This lists the various installed -and share printers. Refer to the MS Platform SDK documentation for +- Execute an EnumPrinters() call. This lists the various installed +and share printers. Refer to the MS Platform SDK documentation for more details of the various flags and calling options. Currently supported info levels are 0, 1, and 2. .TP 0.2i \(bu \fBgetdata \fR -- Retrieve the data for a given printer setting. See -the \fBenumdata\fR command for more information. +- Retrieve the data for a given printer setting. See +the \fBenumdata\fR command for more information. This command corresponds to the GetPrinterData() MS Platform SDK function (* This command is currently unimplemented). .TP 0.2i @@ -260,20 +256,20 @@ SDK function (* This command is currently unimplemented). - Retrieve the printer driver information (such as driver file, config file, dependent files, etc...) for the given printer. This command corresponds to the GetPrinterDriver() -MS Platform SDK function. Currently info level 1, 2, and 3 are supported. +MS Platform SDK function. Currently info level 1, 2, and 3 are supported. .TP 0.2i \(bu \fBgetdriverdir \fR - Execute a GetPrinterDriverDirectory() -RPC to retreive the SMB share name and subdirectory for -storing printer driver files for a given architecture. Possible +RPC to retrieve the SMB share name and subdirectory for +storing printer driver files for a given architecture. Possible values for \fIarch\fR are "Windows 4.0" (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows Alpha_AXP", and "Windows NT R4000". .TP 0.2i \(bu \fBgetprinter \fR -- Retrieve the current printer information. This command +- Retrieve the current printer information. This command corresponds to the GetPrinter() MS Platform SDK function. .TP 0.2i \(bu @@ -282,51 +278,51 @@ corresponds to the GetPrinter() MS Platform SDK function. against a given printer. .TP 0.2i \(bu -\fBsetdriver \fR -- Execute a SetPrinter() command to update the printer driver associated -with an installed printer. The printer driver must already be correctly -installed on the print server. +\fBsetdriver +\fR +- Execute a SetPrinter() command to update the printer driver +associated with an installed printer. The printer driver must +already be correctly installed on the print server. See also the \fBenumprinters\fR and \fBenumdrivers\fR commands for obtaining a list of of installed printers and drivers. .PP \fBGENERAL OPTIONS\fR -.PP .TP 0.2i \(bu -\fBdebuglevel\fR - Set the current debug level -used to log information. +\fBdebuglevel\fR - Set the current +debug level used to log information. .TP 0.2i \(bu \fBhelp (?)\fR - Print a listing of all -known commands or extended help on a particular command. +known commands or extended help on a particular command. .TP 0.2i \(bu \fBquit (exit)\fR - Exit \fBrpcclient -\fR\&. +\fR. .SH "BUGS" .PP \fBrpcclient\fR is designed as a developer testing tool -and may not be robust in certain areas (such as command line parsing). -It has been known to generate a core dump upon failures when invalid +and may not be robust in certain areas (such as command line parsing). +It has been known to generate a core dump upon failures when invalid parameters where passed to the interpreter. .PP From Luke Leighton's original rpcclient man page: .PP \fB"WARNING!\fR The MSRPC over SMB code has -been developed from examining Network traces. No documentation is -available from the original creators (Microsoft) on how MSRPC over -SMB works, or how the individual MSRPC services work. Microsoft's -implementation of these services has been demonstrated (and reported) +been developed from examining Network traces. No documentation is +available from the original creators (Microsoft) on how MSRPC over +SMB works, or how the individual MSRPC services work. Microsoft's +implementation of these services has been demonstrated (and reported) to be... a bit flaky in places. .PP The development of Samba's implementation is also a bit rough, -and as more of the services are understood, it can even result in -versions of \fBsmbd(8)\fR and \fBrpcclient(1)\fR -that are incompatible for some commands or services. Additionally, -the developers are sending reports to Microsoft, and problems found -or reported to Microsoft are fixed in Service Packs, which may +and as more of the services are understood, it can even result in +versions of \fBsmbd(8)\fR and \fBrpcclient(1)\fR +that are incompatible for some commands or services. Additionally, +the developers are sending reports to Microsoft, and problems found +or reported to Microsoft are fixed in Service Packs, which may result in incompatibilities." .SH "VERSION" .PP @@ -340,6 +336,6 @@ by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. .PP The original rpcclient man page was written by Matthew -Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. +Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index 82e7409627..c898b8ce73 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -1,21 +1,23 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SAMBA" "7" "28 January 2002" "" "" +.TH "SAMBA" "7" "01 October 2002" "" "" .SH NAME SAMBA \- A Windows SMB/CIFS fileserver for UNIX .SH SYNOPSIS -.sp + \fBSamba\fR + .SH "DESCRIPTION" .PP The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes -also referred to as the Common Internet File System (CIFS), -LanManager or NetBIOS protocol. +also referred to as the Common Internet File System (CIFS). For a +more thorough description, see http://www.ubiqx.org/cifs/ . Samba also implements the NetBIOS +protocol in nmbd. .TP \fBsmbd\fR The \fBsmbd \fR @@ -26,7 +28,7 @@ for this daemon is described in \fIsmb.conf\fR .TP \fBnmbd\fR The \fBnmbd\fR -daemon provides NetBIOS nameserving and browsing +daemon provides NetBIOS nameservice and browsing support. The configuration file for this daemon is described in \fIsmb.conf\fR .TP @@ -46,7 +48,7 @@ utility is a simple syntax checker for Samba's \fBtestprns\fR The \fBtestprns\fR utility supports testing printer names defined -in your \fIprintcap>\fR file used +in your \fIprintcap\fR file used by Samba. .TP \fBsmbstatus\fR @@ -74,8 +76,13 @@ The Samba suite is made up of several components. Each component is described in a separate manual page. It is strongly recommended that you read the documentation that comes with Samba and the manual pages of those components that you use. If the -manual pages aren't clear enough then please send a patch or -bug report to samba@samba.org +manual pages and documents aren't clear enough then please visit +http://devel.samba.org +for information on how to file a bug report or submit a patch. +.PP +If you require help, visit the Samba webpage at +http://www.samba.org/ and +explore the many option available to you. .SH "AVAILABILITY" .PP The Samba software suite is licensed under the @@ -108,11 +115,10 @@ If you wish to contribute to the Samba project, then I suggest you join the Samba mailing list at http://lists.samba.org . .PP -If you have patches to submit or bugs to report -then you may mail them directly to samba-patches@samba.org. -Note, however, that due to the enormous popularity of this -package the Samba Team may take some time to respond to mail. We -prefer patches in \fBdiff -u\fR format. +If you have patches to submit, visit +http://devel.samba.org/ +for information on how to do it properly. We prefer patches in +\fBdiff -u\fR format. .SH "CONTRIBUTORS" .PP Contributors to the project are now too numerous @@ -125,7 +131,7 @@ Samba. The project would have been unmanageable without it. .PP In addition, several commercial organizations now help fund the Samba Team with money and equipment. For details see -the Samba Web pages at http://samba.org/samba/samba-thanks.html. +the Samba Web pages at http://samba.org/samba/samba-thanks.html .SH "AUTHOR" .PP The original Samba software and related utilities @@ -137,5 +143,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 8967134481..ed4b8cbda2 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMB.CONF" "5" "07 September 2002" "" "" +.TH "SMB.CONF" "5" "01 October 2002" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -679,10 +679,13 @@ each parameter for details. Note that some are synonyms. \fIldap suffix\fR .TP 0.2i \(bu -\fIldap suffix\fR +\fIldap user suffix\fR .TP 0.2i \(bu -\fIldap suffix\fR +\fIldap machine suffix\fR +.TP 0.2i +\(bu +\fIldap passwd sync\fR .TP 0.2i \(bu \fIlm announce\fR @@ -1616,13 +1619,16 @@ Example: \fBadd user script = /usr/local/samba/bin/add_user %u\fR .TP \fBadd group script (G)\fR -This is the full pathname to a script that will be run \fBAS ROOT\fR -by smbd(8) when a new group is requested. It will expand any \fI%g\fR -to the group name passed. This script is only useful for -installations using the Windows NT domain administration tools. The -script is free to create a group with an arbitrary name to circumvent -unix group name restrictions. In that case the script must print the -numeric gid of the created group on stdout. +This is the full pathname to a script that will +be run \fBAS ROOT\fR by smbd(8) when a new group is +requested. It will expand any +\fI%g\fR to the group name passed. +This script is only useful for installations using the +Windows NT domain administration tools. The script is +free to create a group with an arbitrary name to +circumvent unix group name restrictions. In that case +the script must print the numeric gid of the created +group on stdout. .TP \fBadmin users (S)\fR This is a list of users who will be granted @@ -2964,9 +2970,9 @@ this by trying to log in as your guest user (perhaps by using the \fBsu -\fR command) and trying to print using the system print command such as \fBlpr(1)\fR or \fB lp(1)\fR. -This paramater does not accept % marcos, becouse +This paramater does not accept % macros, because many parts of the system require this value to be -constant for correct operation +constant for correct operation. Default: \fBspecified at compile time, usually "nobody"\fR @@ -3412,11 +3418,19 @@ Samba's previous SSL support which was enabled by specifying the script. The \fIldap ssl\fR can be set to one of three values: -(a) on - Always use SSL when contacting the -\fIldap server\fR, (b) off - -Never use SSL when querying the directory, or (c) start_tls -- Use the LDAPv3 StartTLS extended operation +.RS +.TP 0.2i +\(bu +\fIOn\fR = Always use SSL when contacting the +\fIldap server\fR. +.TP 0.2i +\(bu +\fIOff\fR = Never use SSL when querying the directory. +.TP 0.2i +\(bu +\fIStart_tls\fR = Use the LDAPv3 StartTLS extended operation (RFC2830) for communicating with the directory server. +.RE Default : \fBldap ssl = on\fR .TP @@ -3434,6 +3448,28 @@ added to the ldap tree. Default : \fBnone\fR .TP +\fBldap passwd sync (G)\fR +This option is used to define whether +or not Samba should sync the LDAP password with the NT +and LM hashes for normal accounts (NOT for +workstation, server or domain trusts) on a password +change via SAMBA. + +The \fIldap passwd sync\fR can be set to one of three values: +.RS +.TP 0.2i +\(bu +\fIYes\fR = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time. +.TP 0.2i +\(bu +\fINo\fR = Update NT and LM passwords and update the pwdLastSet time. +.TP 0.2i +\(bu +\fIOnly\fR = Only update the LDAP password and let the LDAP server do the rest. +.RE + +Default : \fBldap passwd sync = no\fR +.TP \fBlevel2 oplocks (S)\fR This parameter controls whether Samba supports level2 (read-only) oplocks on a share. diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1 index 449a2a24b8..fccb6ec887 100644 --- a/docs/manpages/smbcacls.1 +++ b/docs/manpages/smbcacls.1 @@ -1,56 +1,57 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCACLS" "1" "28 January 2002" "" "" +.TH "SMBCACLS" "1" "01 October 2002" "" "" .SH NAME smbcacls \- Set or get ACLs on an NT file or directory names .SH SYNOPSIS -.sp -\fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ] [ \fB-A acls\fR ] [ \fB-M acls\fR ] [ \fB-D acls\fR ] [ \fB-S acls\fR ] [ \fB-C name\fR ] [ \fB-G name\fR ] [ \fB-n\fR ] [ \fB-h\fR ] + +\fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ] [ \fB-A acls\fR ] [ \fB-M acls\fR ] [ \fB-D acls\fR ] [ \fB-S acls\fR ] [ \fB-C name\fR ] [ \fB-G name\fR ] [ \fB-n\fR ] [ \fB-h\fR ] + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP -The \fBsmbcacls\fR program manipulates NT Access Control Lists -(ACLs) on SMB file shares. +The \fBsmbcacls\fR program manipulates NT Access Control +Lists (ACLs) on SMB file shares. .SH "OPTIONS" .PP -The following options are available to the \fBsmbcacls\fR program. +The following options are available to the \fBsmbcacls\fR program. The format of ACLs is described in the section ACL FORMAT .TP \fB-A acls\fR -Add the ACLs specified to the ACL list. Existing +Add the ACLs specified to the ACL list. Existing access control entries are unchanged. .TP \fB-M acls\fR Modify the mask value (permissions) for the ACLs -specified on the command line. An error will be printed for each +specified on the command line. An error will be printed for each ACL specified that was not already present in the ACL list .TP \fB-D acls\fR -Delete any ACLs specified on the command line. +Delete any ACLs specified on the command line. An error will be printed for each ACL specified that was not already present in the ACL list. .TP \fB-S acls\fR This command sets the ACLs on the file with -only the ones specified on the command line. All other ACLs are -erased. Note that the ACL specified must contain at least a revision, +only the ones specified on the command line. All other ACLs are +erased. Note that the ACL specified must contain at least a revision, type, owner and group for the call to succeed. .TP \fB-U username\fR Specifies a username used to connect to the -specified service. The username may be of the form "username" in +specified service. The username may be of the form "username" in which case the user is prompted to enter in a password and the workgroup specified in the \fIsmb.conf\fR file is -used, or "username%password" or "DOMAIN\\username%password" and the +used, or "username%password" or "DOMAIN\\username%password" and the password and workgroup names are used as provided. .TP \fB-C name\fR The owner of a file or directory can be changed -to the name given using the \fI-C\fR option. +to the name given using the \fI-C\fR option. The name can be a sid in the form S-1-x-y-z or a name resolved against the server specified in the first argument. @@ -59,25 +60,25 @@ This command is a shortcut for -M OWNER:name. \fB-G name\fR The group owner of a file or directory can be changed to the name given using the \fI-G\fR -option. The name can be a sid in the form S-1-x-y-z or a name +option. The name can be a sid in the form S-1-x-y-z or a name resolved against the server specified n the first argument. This command is a shortcut for -M GROUP:name. .TP \fB-n\fR This option displays all ACL information in numeric -format. The default is to convert SIDs to names and ACE types -and masks to a readable string format. +format. The default is to convert SIDs to names and ACE types +and masks to a readable string format. .TP \fB-h\fR Print usage information on the \fBsmbcacls -\fRprogram. +\fR program. .SH "ACL FORMAT" .PP The format of an ACL is one or more ACL entries separated by -either commas or newlines. An ACL entry is one of the following: +either commas or newlines. An ACL entry is one of the following: .PP -.sp + .nf REVISION: @@ -85,51 +86,48 @@ OWNER: GROUP: ACL::// -.sp .fi .PP The revision of the ACL specifies the internal Windows -NT ACL revision for the security descriptor. -If not specified it defaults to 1. Using values other than 1 may +NT ACL revision for the security descriptor. +If not specified it defaults to 1. Using values other than 1 may cause strange behaviour. .PP The owner and group specify the owner and group sids for the -object. If a SID in the format CWS-1-x-y-z is specified this is used, +object. If a SID in the format CWS-1-x-y-z is specified this is used, otherwise the name specified is resolved using the server on which the file or directory resides. .PP -ACLs specify permissions granted to the SID. This SID again +ACLs specify permissions granted to the SID. This SID again can be specified in CWS-1-x-y-z format or as a name in which case it is resolved against the server on which the file or directory -resides. The type, flags and mask values determine the type of +resides. The type, flags and mask values determine the type of access granted to the SID. .PP The type can be either 0 or 1 corresponding to ALLOWED or -DENIED access to the SID. The flags values are generally -zero for file ACLs and either 9 or 2 for directory ACLs. Some +DENIED access to the SID. The flags values are generally +zero for file ACLs and either 9 or 2 for directory ACLs. Some common flags are: .TP 0.2i \(bu -#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 +#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 .TP 0.2i \(bu -#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 +#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 .TP 0.2i \(bu -#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 +#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 .TP 0.2i \(bu -#define SEC_ACE_FLAG_INHERIT_ONLY 0x8 +#define SEC_ACE_FLAG_INHERIT_ONLY 0x8 .PP At present flags can only be specified as decimal or hexadecimal values. .PP -.PP The mask is a value which expresses the access right granted to the SID. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name. -.PP .TP 0.2i \(bu \fBR\fR - Allow read access @@ -150,10 +148,9 @@ file permissions of the same name. \fBO\fR - Take ownership .PP The following combined permissions can be specified: -.PP .TP 0.2i \(bu -\fBREAD\fR - Equivalent to 'RX' +\fBREAD\fR - Equivalent to 'RX' permissions .TP 0.2i \(bu @@ -165,13 +162,13 @@ permissions .SH "EXIT STATUS" .PP The \fBsmbcacls\fR program sets the exit status -depending on the success or otherwise of the operations performed. +depending on the success or otherwise of the operations performed. The exit status may be one of the following values. .PP If the operation succeeded, smbcacls returns and exit -status of 0. If \fBsmbcacls\fR couldn't connect to the specified server, +status of 0. If \fBsmbcacls\fR couldn't connect to the specified server, or there was an error getting or setting the ACLs, an exit status -of 1 is returned. If there was an error parsing any command line +of 1 is returned. If there was an error parsing any command line arguments, an exit status of 2 is returned. .SH "VERSION" .PP diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 765c9e5273..63d78658a6 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCLIENT" "1" "20 augustus 2002" "" "" +.TH "SMBCLIENT" "1" "01 October 2002" "" "" .SH NAME smbclient \- ftp-like client to access SMB/CIFS resources on servers .SH SYNOPSIS @@ -12,7 +12,7 @@ smbclient \- ftp-like client to access SMB/CIFS resources on servers .SH "DESCRIPTION" .PP -This tool is part of the Samba suite. +This tool is part of the Samba suite. .PP \fBsmbclient\fR is a client that can \&'talk' to an SMB/CIFS server. It offers an interface @@ -87,7 +87,7 @@ cause names to be resolved as follows : \(bu lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has -no name type attached to the NetBIOS name (see the lmhosts(5) for details) then +no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup. .TP 0.2i \(bu diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index d1479bff25..b60841dc94 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -1,24 +1,26 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCONTROL" "1" "15 August 2002" "" "" +.TH "SMBCONTROL" "1" "01 October 2002" "" "" .SH NAME smbcontrol \- send messages to smbd, nmbd or winbindd processes .SH SYNOPSIS -.sp -\fBsmbcontrol\fR [ \fB-i\fR ] -.sp -\fBsmbcontrol\fR [ \fBdestination\fR ] [ \fBmessage-type\fR ] [ \fBparameter\fR ] + +\fBsmbcontrol\fR [ \fB-i\fR ] + + +\fBsmbcontrol\fR [ \fBdestination\fR ] [ \fBmessage-type\fR ] [ \fBparameter\fR ] + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbcontrol\fR is a very small program, which -sends messages to an smbd(8), +sends messages to an smbd(8) an nmbd(8) -or a winbindd(8) +or a winbindd(8) daemon running on the system. .SH "OPTIONS" .TP @@ -46,7 +48,7 @@ to only that process. One of: close-share, debug, force-election, ping -, profile, debuglevel, profilelevel, +, profile, debuglevel, profilelevel, or printnotify. The close-share message-type sends a @@ -69,7 +71,7 @@ master election. The ping message-type sends the number of "ping" messages specified by the parameter and waits -for the same number of reply "pong" messages. This can be sent to +for the same number of reply "pong" messages. This can be sent to any of the destinations. The profile message-type sends a @@ -82,12 +84,12 @@ be sent to any smbd or nmbd destinations. The debuglevel message-type sends a "request debug level" message. The current debug level setting -is returned by a "debuglevel" message. This can be +is returned by a "debuglevel" message. This can be sent to any of the destinations. The profilelevel message-type sends -a "request profile level" message. The current profile level -setting is returned by a "profilelevel" message. This can be sent +a "request profile level" message. The current profile level +setting is returned by a "profilelevel" message. This can be sent to any smbd or nmbd destinations. The printnotify message-type sends a @@ -119,9 +121,8 @@ Send a job delete change notify message for the printer and unix jobid specified. .RE -.PP Note that this message only sends notification that an -event has occured. It doesn't actually cause the +event has occured. It doesn't actually cause the event to happen. This message can only be sent to smbd. .TP @@ -133,8 +134,8 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR, -and \fBsmbd(8)\fR. +\fBnmbd(8)\fR +and \fBsmbd(8)\fR .SH "AUTHOR" .PP The original Samba software and related utilities @@ -146,5 +147,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index 83483c8835..7e1b35d5aa 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -1,14 +1,15 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBD" "8" "08 May 2002" "" "" +.TH "SMBD" "8" "01 October 2002" "" "" .SH NAME smbd \- server to provide SMB/CIFS services to clients .SH SYNOPSIS -.sp -\fBsmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-b\fR ] [ \fB-d \fR ] [ \fB-l \fR ] [ \fB-p \fR ] [ \fB-O \fR ] [ \fB-s \fR ] + +\fBsmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-b\fR ] [ \fB-d \fR ] [ \fB-l \fR ] [ \fB-p \fR ] [ \fB-O \fR ] [ \fB-s \fR ] + .SH "DESCRIPTION" .PP This program is part of the Samba suite. @@ -18,7 +19,7 @@ provides filesharing and printing services to Windows clients. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol. This is compatible with the LanManager protocol, and can service LanManager -clients. These include MSCLIENT 3.0 for DOS, Windows for +clients. These include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, OS/2, DAVE for Macintosh, and smbfs for Linux. .PP @@ -26,12 +27,12 @@ An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those services (see \fIsmb.conf(5) -\fR. This man page will not describe the +\fR This man page will not describe the services, but will concentrate on the administrative aspects of running the server. .PP Please note that there are significant security -implications to running this server, and the \fIsmb.conf(5)\fR +implications to running this server, and the \fIsmb.conf(5)\fR manpage should be regarded as mandatory reading before proceeding with installation. .PP @@ -42,10 +43,10 @@ that session. When all connections from its client are closed, the copy of the server for that client terminates. .PP The configuration file, and any files that it includes, -are automatically reloaded every minute, if they change. You -can force a reload by sending a SIGHUP to the server. Reloading +are automatically reloaded every minute, if they change. You +can force a reload by sending a SIGHUP to the server. Reloading the configuration file will not affect connections to any service -that is already established. Either the user will have to +that is already established. Either the user will have to disconnect from the service, or \fBsmbd\fR killed and restarted. .SH "OPTIONS" .TP @@ -56,12 +57,12 @@ itself and runs in the background, fielding requests on the appropriate port. Operating the server as a daemon is the recommended way of running \fBsmbd\fR for servers that provide more than casual use file and -print services. This switch is assumed if \fBsmbd -\fRis executed on the command line of a shell. +print services. This switch is assumed if \fBsmbd +\fR is executed on the command line of a shell. .TP \fB-a\fR If this parameter is specified, each new -connection will append log messages to the log file. +connection will append log messages to the log file. This is the default. .TP \fB-i\fR @@ -73,7 +74,7 @@ command line. .TP \fB-o\fR If this parameter is specified, the -log files will be overwritten when opened. By default, +log files will be overwritten when opened. By default, \fBsmbd\fR will append entries to the log files. .TP @@ -96,7 +97,7 @@ Samba was built. .TP \fB-d \fR \fIdebuglevel\fR is an integer -from 0 to 10. The default value if this parameter is +from 0 to 10. The default value if this parameter is not specified is zero. The higher this value, the more detail will be @@ -114,7 +115,7 @@ data, most of which is extremely cryptic. Note that specifying this parameter here will override the log -levelfile. +level file. .TP \fB-l \fR If specified, @@ -124,7 +125,7 @@ file will be created for informational and debug messages from the running server. The log file generated is never removed by the server although its size may be controlled by the max log size -option in the \fI smb.conf(5)\fRfile. \fBBeware:\fR +option in the \fI smb.conf(5)\fR file. \fBBeware:\fR If the directory specified does not exist, \fBsmbd\fR will log to the default debug log location defined at compile time. @@ -132,13 +133,13 @@ The default log directory is specified at compile time. .TP \fB-O \fR -See the socket options +See the socket options parameter in the \fIsmb.conf(5) -\fRfile for details. +\fR file for details. .TP \fB-p \fR \fIport number\fR is a positive integer -value. The default value if this parameter is not +value. The default value if this parameter is not specified is 139. This number is the port number that will be @@ -161,11 +162,11 @@ in the above situation. .TP \fB-s \fR The file specified contains the -configuration details required by the server. The +configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is -to provide. See \fI smb.conf(5)\fRfor more information. +to provide. See \fI smb.conf(5)\fR for more information. The default configuration file name is determined at compile time. .SH "FILES" @@ -202,11 +203,11 @@ install this file are \fI/usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf\fR. This file describes all the services the server -is to make available to clients. See \fIsmb.conf(5)\fRfor more information. +is to make available to clients. See \fIsmb.conf(5)\fR for more information. .SH "LIMITATIONS" .PP On some systems \fBsmbd\fR cannot change uid back -to root after a setuid() call. Such systems are called +to root after a setuid() call. Such systems are called trapdoor uid systems. If you have such a system, you will be unable to connect from a client (such as a PC) as two different users at once. Attempts to connect the @@ -224,21 +225,21 @@ is not specific to the server, however. .PP Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for -session management. The degree too which samba supports PAM is restricted +session management. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the obey pam restricions -smb.conf paramater. When this is set, the following restrictions apply: +smb.conf paramater. When this is set, the following restrictions apply: .TP 0.2i \(bu -\fBAccount Validation\fR: All acccesses to a +\fBAccount Validation\fR: All acccesses to a samba server are checked against PAM to see if the account is vaild, not disabled and is permitted to -login at this time. This also applies to encrypted logins. +login at this time. This also applies to encrypted logins. .TP 0.2i \(bu -\fBSession Management\fR: When not using share +\fBSession Management\fR: When not using share level secuirty, users must pass PAM's session checks before access -is granted. Note however, that this is bypassed in share level secuirty. +is granted. Note however, that this is bypassed in share level secuirty. Note also that some older pam configuration files may need a line added for session support. .SH "VERSION" @@ -276,7 +277,7 @@ it to die on its own. .PP The debug log level of \fBsmbd\fR may be raised or lowered using \fBsmbcontrol(1) -\fRprogram (SIGUSR[1|2] signals are no longer used in +\fR program (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level. .PP @@ -289,10 +290,10 @@ them after, however this would affect performance. .SH "SEE ALSO" .PP hosts_access(5), \fBinetd(8)\fR, -\fBnmbd(8)\fR, +\fBnmbd(8)\fR \fIsmb.conf(5)\fR -, \fBsmbclient(1) -\fR, and the Internet RFC's + \fBsmbclient(1) +\fR and the Internet RFC's \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. In addition the CIFS (formerly SMB) specification is available as a link from the Web page @@ -308,5 +309,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbgroupedit.8 b/docs/manpages/smbgroupedit.8 index 9f01fcaaea..3ee7980e5d 100644 --- a/docs/manpages/smbgroupedit.8 +++ b/docs/manpages/smbgroupedit.8 @@ -1,21 +1,22 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBGROUPEDIT" "8" "28 January 2002" "" "" +.TH "SMBGROUPEDIT" "8" "01 October 2002" "" "" .SH NAME smbgroupedit \- Query/set/change UNIX - Windows NT group mapping .SH SYNOPSIS -.sp -\fBsmbroupedit\fR [ \fB-v [l|s]\fR ] [ \fB-a UNIX-groupname [-d NT-groupname|-p prividge|\fR ] + +\fBsmbroupedit\fR [ \fB-v [l|s]\fR ] [ \fB-a UNIX-groupname [-d NT-groupname|-p privilege|]\fR ] + .SH "DESCRIPTION" .PP This program is part of the Samba suite. .PP -The smbgroupedit command allows for mapping unix groups -to NT Builtin, Domain, or Local groups. Also +The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also allows setting privileges for that group, such as saAddUser, etc. .SH "OPTIONS" @@ -28,7 +29,7 @@ in the Windows NT domain in which samba is operating. \fB-l\fR give a long listing, of the format: -.sp + .nf "NT Group Name" SID : @@ -36,37 +37,33 @@ give a long listing, of the format: Group type : Comment : Privilege : -.sp .fi For examples, -.sp + .nf Users - SID : S-1-5-32-545 + SID : S-1-5-32-545 Unix group: -1 Group type: Local group - Comment : + Comment : Privilege : No privilege -.sp .fi .TP \fB-s\fR display a short listing of the format: -.sp + .nf NTGroupName(SID) -> UnixGroupName -.sp .fi For example, -.sp + .nf Users (S-1-5-32-545) -> -1 -.sp .fi .RE .SH "FILES" @@ -79,67 +76,64 @@ of a failure. .SH "EXAMPLES" .PP To make a subset of your samba PDC users members of -the 'Domain Admins' Global group: -.IP 1. +the 'Domain Admins' Global group: +.TP 3 +1. create a unix group (usually in \fI/etc/group\fR), let's call it domadm. -.IP 2. +.TP 3 +2. add to this group the users that you want to be domain administrators. For example if you want joe, john and mary, your entry in \fI/etc/group\fR will look like: domadm:x:502:joe,john,mary -.IP 3. +.TP 3 +3. map this domadm group to the 'domain admins' group: .RS -.IP 1. +.TP 3 +1. Get the SID for the Windows NT "Domain Admins" group: -.sp + .nf root# \fBsmbgroupedit -vs | grep "Domain Admins"\fR Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 -.sp .fi -.IP 2. +.TP 3 +2. map the unix domadm group to the Windows NT "Domain Admins" group, by running the command: -.sp + .nf root# \fBsmbgroupedit \\ -c S-1-5-21-1108995562-3116817432-1375597819-512 \\ -u domadm\fR -.sp .fi \fBwarning:\fR don't copy and paste this sample, the Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. .RE .PP -To verify that you mapping has taken effect: -.PP +To verify that your mapping has taken effect: .PP -.sp + .nf root# \fBsmbgroupedit -vs|grep "Domain Admins"\fR Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm -.sp .fi .PP -.PP To give access to a certain directory on a domain member machine (an NT/W2K or a samba server running winbind) to some users who are member of a group on your samba PDC, flag that group as a domain group: .PP -.PP -.sp + .nf root# \fBsmbgroupedit -a unixgroup -td\fR -.sp .fi -.PP .SH "VERSION" .PP This man page is correct for the 3.0alpha releases of diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8 index 885ab82f99..b316268b0c 100644 --- a/docs/manpages/smbmnt.8 +++ b/docs/manpages/smbmnt.8 @@ -1,14 +1,15 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBMNT" "8" "28 January 2002" "" "" +.TH "SMBMNT" "8" "01 October 2002" "" "" .SH NAME smbmnt \- helper utility for mounting SMB filesystems .SH SYNOPSIS -.sp -\fBsmbmnt\fR \fBmount-point\fR [ \fB-s \fR ] [ \fB-r\fR ] [ \fB-u \fR ] [ \fB-g \fR ] [ \fB-f \fR ] [ \fB-d \fR ] [ \fB-o \fR ] + +\fBsmbmnt\fR \fBmount-point\fR [ \fB-s \fR ] [ \fB-r\fR ] [ \fB-u \fR ] [ \fB-g \fR ] [ \fB-f \fR ] [ \fB-d \fR ] [ \fB-o \fR ] + .SH "DESCRIPTION" .PP \fBsmbmnt\fR is a helper application used @@ -21,7 +22,7 @@ by the user, and that the user has write permission on. .PP The \fBsmbmnt\fR program is normally invoked by \fBsmbmount(8)\fR -. It should not be invoked directly by users. + It should not be invoked directly by users. .PP smbmount searches the normal PATH for smbmnt. You must ensure that the smbmnt version in your path matches the smbmount used. @@ -43,7 +44,7 @@ specify the octal file mask applied .TP \fB-d mask\fR specify the octal directory mask -applied +applied .TP \fB-o options\fR list of options that are passed as-is to smbfs, if this diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 index 0d4a7fc870..ac67d0ee60 100644 --- a/docs/manpages/smbmount.8 +++ b/docs/manpages/smbmount.8 @@ -1,14 +1,15 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBMOUNT" "8" "08 May 2002" "" "" +.TH "SMBMOUNT" "8" "01 October 2002" "" "" .SH NAME smbmount \- mount an smbfs filesystem .SH SYNOPSIS -.sp -\fBsmbmount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ] + +\fBsmbmount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ] + .SH "DESCRIPTION" .PP \fBsmbmount\fR mounts a Linux SMB filesystem. It @@ -37,7 +38,7 @@ that it can be found. .TP \fBusername=\fR specifies the username to connect as. If -this is not given, then the environment variable \fB USER\fR is used. This option can also take the +this is not given, then the environment variable \fB USER\fR is used. This option can also take the form "user%password" or "user/workgroup" or "user/workgroup%password" to allow the password and workgroup to be specified as part of the username. @@ -50,9 +51,9 @@ no password \fBsmbmount\fR will prompt for a passeword, unless the guest option is given. -Note that password which contain the arguement delimiter +Note that passwords which contain the argument delimiter character (i.e. a comma ',') will failed to be parsed correctly -on the command line. However, the same password defined +on the command line. However, the same password defined in the PASSWD environment variable or a credentials file (see below) will be read correctly. .TP @@ -60,12 +61,11 @@ below) will be read correctly. specifies a file that contains a username and/or password. The format of the file is: -.sp + .nf username = password = -.sp .fi This is preferred over having passwords in plaintext in a @@ -115,7 +115,7 @@ sets the workgroup on the destination .TP \fBsockopt=\fR sets the TCP socket options. See the \fIsmb.conf -\fR\fIsocket options\fR option. +\fR \fIsocket options\fR option. .TP \fBscope=\fR sets the NetBIOS scope @@ -141,7 +141,7 @@ option. Example value cp850. (Note: only kernel 2.4.0 or later) .TP \fBttl=\fR -how long a directory listing is cached in milliseconds +sets how long a directory listing is cached in milliseconds (also affects visibility of file size and date changes). A higher value means that changes on the server take longer to be noticed but it can give @@ -153,13 +153,13 @@ in many cases. .SH "ENVIRONMENT VARIABLES" .PP The variable \fBUSER\fR may contain the username of the -person using the client. This information is used only if the +person using the client. This information is used only if the protocol level is high enough to support session-level passwords. The variable can be used to set both username and password by using the format username%password. .PP The variable \fBPASSWD\fR may contain the password of the -person using the client. This information is used only if the +person using the client. This information is used only if the protocol level is high enough to support session-level passwords. .PP @@ -189,7 +189,6 @@ Note that the typical response to a bug report is suggestion to try the latest version first. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: samba, kernel, distribution) -.PP .SH "SEE ALSO" .PP Documentation/filesystems/smbfs.txt in the linux kernel @@ -198,7 +197,7 @@ source tree may contain additional options and information. FreeBSD also has a smbfs, but it is not related to smbmount .PP For Solaris, HP-UX and others you may want to look at -\fBsmbsh(1)\fRor at other +\fBsmbsh(1)\fR or at other solutions, such as sharity or perhaps replacing the SMB server with a NFS server. .SH "AUTHOR" diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5 index 39281eb34e..47eabcaec8 100644 --- a/docs/manpages/smbpasswd.5 +++ b/docs/manpages/smbpasswd.5 @@ -1,9 +1,9 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBPASSWD" "5" "28 January 2002" "" "" +.TH "SMBPASSWD" "5" "01 October 2002" "" "" .SH NAME smbpasswd \- The Samba encrypted password file .SH SYNOPSIS @@ -11,7 +11,7 @@ smbpasswd \- The Samba encrypted password file \fIsmbpasswd\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the @@ -39,7 +39,7 @@ this smbpasswd file entry as being valid for a user. .TP \fBLanman Password Hash\fR This is the LANMAN hash of the user's password, -encoded as 32 hex digits. The LANMAN hash is created by DES +encoded as 32 hex digits. The LANMAN hash is created by DES encrypting a well known string with the user's password as the DES key. This is the same password used by Windows 95/98 machines. Note that this password hash is regarded as weak as it is @@ -66,7 +66,7 @@ other access. .TP \fBNT Password Hash\fR This is the Windows NT hash of the user's -password, encoded as 32 hex digits. The Windows NT hash is +password, encoded as 32 hex digits. The Windows NT hash is created by taking the user's password as represented in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it. @@ -108,12 +108,12 @@ in the smbpasswd file. \fBN\fR - This means the account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored). Note that this -will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5) -\fRconfig file. +will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5) +\fR config file. .TP 0.2i \(bu \fBD\fR - This means the account -is disabled and no SMB/CIFS logins will be allowed for +is disabled and no SMB/CIFS logins will be allowed for this user. .TP 0.2i \(bu @@ -122,10 +122,9 @@ is a "Workstation Trust" account. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC. .RE -.PP + Other flags may be added as the code is extended in future. The rest of this field space is filled in with spaces. -.PP .TP \fBLast Change Time\fR This field consists of the time the account was @@ -134,15 +133,14 @@ last modified. It consists of the characters 'LCT-' (standing for in seconds since the epoch (1970) that the last change was made. .PP All other colon separated fields are ignored at this time. -.PP .SH "VERSION" .PP This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbpasswd(8)\fR, -samba(7), and +\fBsmbpasswd(8)\fR +samba(7) and the Internet RFC1321 for details on the MD4 algorithm. .SH "AUTHOR" .PP @@ -155,5 +153,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index 1a841e53ce..ee097cf6f1 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -1,17 +1,18 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBPASSWD" "8" "28 January 2002" "" "" +.TH "SMBPASSWD" "8" "01 October 2002" "" "" .SH NAME smbpasswd \- change a user's SMB password .SH SYNOPSIS -.sp -\fBsmbpasswd\fR [ \fB-a\fR ] [ \fB-x\fR ] [ \fB-d\fR ] [ \fB-e\fR ] [ \fB-D debuglevel\fR ] [ \fB-n\fR ] [ \fB-r \fR ] [ \fB-R \fR ] [ \fB-m\fR ] [ \fB-j DOMAIN\fR ] [ \fB-U username[%password]\fR ] [ \fB-h\fR ] [ \fB-s\fR ] [ \fB-w pass\fR ] [ \fBusername\fR ] + +\fBsmbpasswd\fR [ \fB-a\fR ] [ \fB-x\fR ] [ \fB-d\fR ] [ \fB-e\fR ] [ \fB-D debuglevel\fR ] [ \fB-n\fR ] [ \fB-r \fR ] [ \fB-R \fR ] [ \fB-m\fR ] [ \fB-U username[%password]\fR ] [ \fB-h\fR ] [ \fB-s\fR ] [ \fB-w pass\fR ] [ \fBusername\fR ] + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The smbpasswd program has several different functions, depending on whether it is run by the \fBroot\fR @@ -30,7 +31,7 @@ succeed the smbd daemon must be running on the local machine. On a UNIX machine the encrypted SMB passwords are usually stored in the \fIsmbpasswd(5)\fR file. .PP -When run by an ordinary user with no options. smbpasswd +When run by an ordinary user with no options, smbpasswd will prompt them for their old SMB password and then ask them for their new password twice, to ensure that the new password was typed correctly. No passwords will be echoed on the screen @@ -40,7 +41,7 @@ the key when asked for your old password. .PP smbpasswd can also be used by a normal user to change their SMB password on remote machines, such as Windows NT Primary Domain -Controllers. See the (-r) and -U options below. +Controllers. See the (-r) and -U options below. .PP When run by root, smbpasswd allows new users to be added and deleted in the smbpasswd file, as well as allows changes to @@ -56,7 +57,7 @@ following should be added to the local smbpasswd file, with the new password typed (type for the old password). This option is ignored if the username following already exists in the smbpasswd file and it is treated like a regular change -password command. Note that the default passdb backends require +password command. Note that the default passdb backends require the user to already exist in the system password file (usually \fI/etc/passwd\fR), else the request to add the user will fail. @@ -82,7 +83,7 @@ will fail. If the smbpasswd file is in the 'old' format (pre-Samba 2.0 format) there is no space in the user's password entry to write this information and the command will FAIL. See \fBsmbpasswd(5) -\fRfor details on the 'old' and new password file formats. +\fR for details on the 'old' and new password file formats. This option is only available when running smbpasswd as root. @@ -94,7 +95,7 @@ if the account was previously disabled. If the account was not disabled this option has no effect. Once the account is enabled then the user will be able to authenticate via SMB once again. -If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will FAIL to enable the account. +If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will FAIL to enable the account. See \fBsmbpasswd (5)\fR for details on the 'old' and new password file formats. @@ -102,7 +103,7 @@ This option is only available when running smbpasswd as root. .TP \fB-D debuglevel\fR \fIdebuglevel\fR is an integer -from 0 to 10. The default value if this parameter is not specified +from 0 to 10. The default value if this parameter is not specified is zero. The higher this value, the more detail will be logged to the @@ -155,21 +156,21 @@ change). \fBNote\fR that Windows 95/98 do not have a real password database so it is not possible to change passwords -specifying a Win95/98 machine as remote machine target. +specifying a Win95/98 machine as remote machine target. .TP \fB-R name resolve order\fR -This option allows the user of smbpasswd to determine +This option allows the user of smbpasswd to determine what name resolution services to use when looking up the NetBIOS name of the host being connected to. -The options are :"lmhosts", "host", "wins" and "bcast". They cause -names to be resolved as follows : +The options are :"lmhosts", "host", "wins" and "bcast". They +cause names to be resolved as follows : .RS .TP 0.2i \(bu lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has -no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup. .TP 0.2i \(bu @@ -178,14 +179,14 @@ name to IP address resolution, using the system \fI/etc/hosts \fR, NIS, or DNS lookups. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch.conf\fR -file). Note that this method is only used if the NetBIOS name +file). Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored. .TP 0.2i \(bu wins : Query a name with the IP address listed in the \fIwins server\fR -parameter. If no WINS server has been specified this method +parameter. If no WINS server has been specified this method will be ignored. .TP 0.2i \(bu @@ -195,19 +196,18 @@ each of the known local interfaces listed in the reliable of the name resolution methods as it depends on the target host being on a locally connected subnet. .RE -.PP + The default order is \fBlmhosts, host, wins, bcast\fR and without this parameter or any entry in the \fIsmb.conf\fR file the name resolution methods will be attempted in this order. -.PP .TP \fB-m\fR This option tells smbpasswd that the account being changed is a MACHINE account. Currently this is used when Samba is being used as an NT Primary Domain Controller. -This option is only available when running smbpasswd as root. +This option is only available when running smbpasswd as root. .TP \fB-U username\fR This option may only be used in conjunction @@ -218,26 +218,26 @@ is present to allow users who have different user names on different systems to change these passwords. .TP \fB-h\fR -This option prints the help string for \fB smbpasswd\fR, selecting the correct one for running as root +This option prints the help string for \fB smbpasswd\fR, selecting the correct one for running as root or as an ordinary user. .TP \fB-s\fR This option causes smbpasswd to be silent (i.e. not issue prompts) and to read its old and new passwords from -standard input, rather than from \fI/dev/tty\fR +standard input, rather than from \fI/dev/tty\fR (like the \fBpasswd(1)\fR program does). This option is to aid people writing scripts to drive smbpasswd .TP \fB-w password\fR -This parameter is only available is Samba -has been configured to use the experiemental +This parameter is only available if Samba +has been configured to use the experimental \fB--with-ldapsam\fR option. The \fI-w\fR switch is used to specify the password to be used with the \fIldap admin -dn\fR. Note that the password is stored in +dn\fR Note that the password is stored in the \fIprivate/secrets.tdb\fR and is keyed off -of the admin's DN. This means that if the value of \fIldap -admin dn\fR ever changes, the password will beed to be +of the admin's DN. This means that if the value of \fIldap +admin dn\fR ever changes, the password will need to be manually updated as well. .TP \fBusername\fR @@ -248,7 +248,7 @@ to modify attributes directly in the local smbpasswd file. .SH "NOTES" .PP Since \fBsmbpasswd\fR works in client-server -mode communicating with a local smbd for a non-root user then +mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work. A common problem is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying a \fIallow hosts\fR or \fIdeny hosts\fR @@ -265,7 +265,7 @@ This man page is correct for version 3.0 of the Samba suite. .SH "SEE ALSO" .PP -\fIsmbpasswd(5)\fR, +\fIsmbpasswd(5)\fR samba(7) .SH "AUTHOR" .PP @@ -278,5 +278,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index 774607c3a2..b2eec12c81 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -1,17 +1,18 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSH" "1" "08 May 2002" "" "" +.TH "SMBSH" "1" "01 October 2002" "" "" .SH NAME smbsh \- Allows access to Windows NT filesystem using UNIX commands .SH SYNOPSIS -.sp -\fBsmbsh\fR [ \fB-W workgroup\fR ] [ \fB-U username\fR ] [ \fB-P prefix\fR ] [ \fB-R \fR ] [ \fB-d \fR ] [ \fB-l logfile\fR ] [ \fB-L libdir\fR ] + +\fBsmbsh\fR [ \fB-W workgroup\fR ] [ \fB-U username\fR ] [ \fB-P prefix\fR ] [ \fB-R \fR ] [ \fB-d \fR ] [ \fB-l logfile\fR ] [ \fB-L libdir\fR ] + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbsh\fR allows you to access an NT filesystem using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a @@ -28,7 +29,7 @@ servers. \fB-U username[%pass]\fR Sets the SMB username or username and password. If this option is not specified, the user will be prompted for -both the username and the password. If %pass is not specified, +both the username and the password. If %pass is not specified, the user will be prompted for the password. .TP \fB-P prefix\fR @@ -62,14 +63,14 @@ the system \fI/etc/hosts\fR, NIS, or DNS lookups. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch.conf -\fRfile). Note that this method is only used +\fR file). Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored. .TP 0.2i \(bu wins : Query a name with the IP address listed in the -\fIwins server\fR parameter. If no +\fIwins server\fR parameter. If no WINS server has been specified this method will be ignored. .TP 0.2i @@ -81,18 +82,16 @@ parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet. .RE -.PP + If this parameter is not set then the name resolve order -defined in the \fIsmb.conf\fR file parameter +defined in the \fIsmb.conf\fR file parameter (name resolve order) will be used. -.PP -.PP + The default order is lmhosts, host, wins, bcast. Without this parameter or any entry in the \fIname resolve order -\fRparameter of the \fIsmb.conf\fR +\fR parameter of the \fIsmb.conf\fR file, the name resolution methods will be attempted in this order. -.PP .TP \fB-d \fR debug level is an integer from 0 to 10. @@ -107,7 +106,7 @@ about the activities of \fBnmblookup\fR. At level \fB-l logfilename\fR If specified causes all debug messages to be written to the file specified by \fIlogfilename -\fR\&. If not specified then all messages will be +\fR. If not specified then all messages will be written to\fIstderr\fR. .TP \fB-L libdir\fR @@ -120,24 +119,23 @@ To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter t that authenticates you to the machine running the Windows NT operating system. .PP -.sp + .nf system% \fBsmbsh\fR Username: \fBuser\fR Password: \fBXXXXXXX\fR -.sp .fi .PP Any dynamically linked command you execute from this shell will access the \fI/smb\fR directory using the smb protocol. For example, the command \fBls /smb -\fRwill show a list of workgroups. The command +\fR will show a list of workgroups. The command \fBls /smb/MYGROUP \fR will show all the machines in -the workgroup MYGROUP. The command +the workgroup MYGROUP. The command \fBls /smb/MYGROUP/\fR will show the share names for that machine. You could then, for example, use the \fB cd\fR command to change directories, \fBvi\fR to -edit files, and \fBrcp\fR to copy files. +edit files, and \fBrcp\fR to copy files. .SH "VERSION" .PP This man page is correct for version 2.2 of @@ -147,7 +145,7 @@ the Samba suite. \fBsmbsh\fR works by intercepting the standard libc calls with the dynamically loaded versions in \fI smbwrapper.o\fR. Not all calls have been "wrapped", so some programs may not function correctly under \fBsmbsh -\fR\&. +\fR. .PP Programs which are not dynamically linked cannot make use of \fBsmbsh\fR's functionality. Most versions @@ -155,7 +153,7 @@ of UNIX have a \fBfile\fR command that will describe how a program was linked. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP @@ -168,5 +166,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8 index 779ba4921f..e9496e7a74 100644 --- a/docs/manpages/smbspool.8 +++ b/docs/manpages/smbspool.8 @@ -1,17 +1,18 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSPOOL" "8" "28 January 2002" "" "" +.TH "SMBSPOOL" "8" "01 October 2002" "" "" .SH NAME -smbspool \- send print file to an SMB printer +smbspool \- send a print file to an SMB printer .SH SYNOPSIS -.sp -\fBsmbspool\fR [ \fBjob\fR ] [ \fBuser\fR ] [ \fBtitle\fR ] [ \fBcopies\fR ] [ \fBoptions\fR ] [ \fBfilename\fR ] + +\fBsmbspool\fR [ \fBjob\fR ] [ \fBuser\fR ] [ \fBtitle\fR ] [ \fBcopies\fR ] [ \fBoptions\fR ] [ \fBfilename\fR ] + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP smbspool is a very small print spooling program that sends a print file to an SMB printer. The command-line arguments @@ -40,12 +41,10 @@ smb://username:password@workgroup/server/printer smbspool tries to get the URI from argv[0]. If argv[0] contains the name of the program then it looks in the \fB DEVICE_URI\fR environment variable. .PP -.PP Programs using the \fBexec(2)\fR functions can pass the URI in argv[0], while shell scripts must set the \fBDEVICE_URI\fR environment variable prior to running smbspool. -.PP .SH "OPTIONS" .TP 0.2i \(bu @@ -64,12 +63,12 @@ when sending the print job. \(bu The copies argument (argv[4]) contains the number of copies to be printed of the named file. If -no filename is provided than this argument is not used by +no filename is provided then this argument is not used by smbspool. .TP 0.2i \(bu The options argument (argv[5]) contains -the print options in a single string and is presently +the print options in a single string and is currently not used by smbspool. .TP 0.2i \(bu @@ -82,8 +81,8 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, -and samba(7). +\fBsmbd(8)\fR +and samba(7) .SH "AUTHOR" .PP \fBsmbspool\fR was written by Michael Sweet @@ -98,5 +97,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index 1f5d4f7571..fc452ae731 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -3,16 +3,16 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSTATUS" "1" "28 March 2002" "" "" +.TH "SMBSTATUS" "1" "01 October 2002" "" "" .SH NAME smbstatus \- report on current Samba connections .SH SYNOPSIS -\fBsmbstatus\fR [ \fB-P\fR] [ \fB-b\fR] [ \fB-d \fR] [ \fB-v\fR] [ \fB-L\fR] [ \fB-B\fR] [ \fB-p\fR] [ \fB-S\fR] [ \fB-s \fR] [ \fB-u \fR] +\fBsmbstatus\fR [ \fB-P\fR ] [ \fB-b\fR ] [ \fB-d \fR ] [ \fB-v\fR ] [ \fB-L\fR ] [ \fB-B\fR ] [ \fB-p\fR ] [ \fB-S\fR ] [ \fB-s \fR ] [ \fB-u \fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbstatus\fR is a very simple program to list the current Samba connections. @@ -39,7 +39,7 @@ causes smbstatus to only list locks. causes smbstatus to include byte range locks. .TP \fB-p|--processes\fR -print a list of \fBsmbd(8)\fRprocesses and exit. +print a list of \fBsmbd(8)\fR processes and exit. Useful for scripting. .TP \fB-S|--shares\fR @@ -49,7 +49,7 @@ causes smbstatus to only list shares. The default configuration file name is determined at compile time. The file specified contains the configuration details required by the server. See \fIsmb.conf(5)\fR -for more information. + for more information. .TP \fB-u|--user=\fR selects information relevant to @@ -60,8 +60,8 @@ This man page is correct for version 3.0 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fRand -smb.conf(5). +\fBsmbd(8)\fR and +smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1 index b9bbf3df15..bee874dcba 100644 --- a/docs/manpages/smbtar.1 +++ b/docs/manpages/smbtar.1 @@ -1,20 +1,21 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBTAR" "1" "28 January 2002" "" "" +.TH "SMBTAR" "1" "01 October 2002" "" "" .SH NAME smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives .SH SYNOPSIS -.sp -\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR + +\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbtar\fR is a very small shell script on top -of \fBsmbclient(1)\fR +of \fBsmbclient(1)\fR which dumps SMB shares directly to tape. .SH "OPTIONS" .TP @@ -32,7 +33,7 @@ create or restore. .TP \fB-d directory\fR Change to initial \fIdirectory -\fRbefore restoring / backing up files. +\fR before restoring / backing up files. .TP \fB-v\fR Verbose mode. @@ -49,7 +50,7 @@ UNIX login name. Tape device. May be regular file or tape device. Default: \fI$TAPE\fR environmental variable; if not set, a file called \fItar.out -\fR\&. +\fR. .TP \fB-b blocksize\fR Blocking factor. Defaults to 20. See @@ -72,7 +73,7 @@ from the tar file. \fB-l log level\fR Log (debug) level. Corresponds to the \fI-d\fR flag of \fBsmbclient(1) -\fR\&. +\fR. .SH "ENVIRONMENT VARIABLES" .PP The \fI$TAPE\fR variable specifies the @@ -81,27 +82,27 @@ with the -t option. .SH "BUGS" .PP The \fBsmbtar\fR script has different -options from ordinary tar and tar called from smbclient. +options from ordinary tar and from smbclient's tar command. .SH "CAVEATS" .PP Sites that are more careful about security may not like the way the script handles PC passwords. Backup and restore work -on entire shares, should work on file lists. smbtar works best +on entire shares; should work on file lists. smbtar works best with GNU tar and may not work well with other versions. .SH "DIAGNOSTICS" .PP See the \fBDIAGNOSTICS\fR section for the \fBsmbclient(1)\fR -command. + command. .SH "VERSION" .PP -This man page is correct for version 2.2 of +This man page is correct for version 3.0 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, -\fBsmbclient(1)\fR, -smb.conf(5), +\fBsmbd(8)\fR +\fBsmbclient(1)\fR +smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities @@ -109,12 +110,12 @@ were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. .PP -Ricky Poulten +Ricky Poulten wrote the tar extension and this man page. The \fBsmbtar\fR script was heavily rewritten and improved by Martin Kraemer . Many thanks to everyone who suggested extensions, improvements, bug fixes, etc. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8 index bf64061e3a..da16cc5288 100644 --- a/docs/manpages/smbumount.8 +++ b/docs/manpages/smbumount.8 @@ -1,21 +1,22 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBUMOUNT" "8" "28 January 2002" "" "" +.TH "SMBUMOUNT" "8" "01 October 2002" "" "" .SH NAME smbumount \- smbfs umount for normal users .SH SYNOPSIS -.sp + \fBsmbumount\fR \fBmount-point\fR + .SH "DESCRIPTION" .PP With this program, normal users can unmount smb-filesystems, -provided that it is suid root. \fBsmbumount\fR has +provided that it is suid root. \fBsmbumount\fR has been written to give normal Linux users more control over their resources. It is safe to install this program suid root, because only -the user who has mounted a filesystem is allowed to unmount it again. +the user who has mounted a filesystem is allowed to unmount it again. For root it is not necessary to use smbumount. The normal umount program works perfectly well, but it would certainly be problematic to make umount setuid root. diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8 index e42d963806..c097dd499b 100644 --- a/docs/manpages/swat.8 +++ b/docs/manpages/swat.8 @@ -1,20 +1,21 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SWAT" "8" "28 January 2002" "" "" +.TH "SWAT" "8" "01 October 2002" "" "" .SH NAME swat \- Samba Web Administration Tool .SH SYNOPSIS -.sp -\fBswat\fR [ \fB-s \fR ] [ \fB-a\fR ] + +\fBswat\fR [ \fB-s \fR ] [ \fB-a\fR ] + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBswat\fR allows a Samba administrator to -configure the complex \fI smb.conf(5)\fRfile via a Web browser. In addition, +configure the complex \fI smb.conf(5)\fR file via a Web browser. In addition, a \fBswat\fR configuration page has help links to all the configurable options in the \fIsmb.conf\fR file allowing an administrator to easily look up the effects of any change. @@ -24,9 +25,9 @@ administrator to easily look up the effects of any change. .TP \fB-s smb configuration file\fR The default configuration file path is -determined at compile time. The file specified contains +determined at compile time. The file specified contains the configuration details required by the \fBsmbd -\fRserver. This is the file that \fBswat\fR will modify. +\fR server. This is the file that \fBswat\fR will modify. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. @@ -37,12 +38,12 @@ This option disables authentication and puts \fBswat\fR in demo mode. In that mode anyone will be able to modify the \fIsmb.conf\fR file. -\fBDo NOT enable this option on a production +\fBWARNING: Do NOT enable this option on a production server. \fR .SH "INSTALLATION" .PP After you compile SWAT you need to run \fBmake install -\fRto install the \fBswat\fR binary +\fR to install the \fBswat\fR binary and the various help files and images. A default install would put these in: .TP 0.2i @@ -57,16 +58,16 @@ these in: .SS "INETD INSTALLATION" .PP You need to edit your \fI/etc/inetd.conf -\fRand \fI/etc/services\fR +\fR and \fI/etc/services\fR to enable SWAT to be launched via \fBinetd\fR. .PP In \fI/etc/services\fR you need to add a line like this: .PP -\fBswat 901/tcp\fR +\fBswat 901/tcp\fR .PP Note for NIS/YP users - you may need to rebuild the -NIS service maps rather than alter your local \fI /etc/services\fR file. +NIS service maps rather than alter your local \fI /etc/services\fR file. .PP the choice of port number isn't really important except that it should be less than 1024 and not currently @@ -77,13 +78,13 @@ hole depending on the implementation details of your In \fI/etc/inetd.conf\fR you should add a line like this: .PP -\fBswat stream tcp nowait.400 root +\fBswat stream tcp nowait.400 root /usr/local/samba/bin/swat swat\fR .PP One you have edited \fI/etc/services\fR and \fI/etc/inetd.conf\fR you need to send a HUP signal to inetd. To do this use \fBkill -1 PID -\fRwhere PID is the process ID of the inetd daemon. +\fR where PID is the process ID of the inetd daemon. .SS "LAUNCHING" .PP To launch SWAT just run your favorite web browser and @@ -102,20 +103,20 @@ information for the meta-daemon. \fB\fI/etc/services\fB\fR This file must contain a mapping of service name (e.g., swat) to service port (e.g., 901) and protocol type -(e.g., tcp). +(e.g., tcp). .TP \fB\fI/usr/local/samba/lib/smb.conf\fB\fR This is the default location of the \fIsmb.conf(5) -\fRserver configuration file that swat edits. Other -common places that systems install this file are \fI /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf -\fR\&. This file describes all the services the server +\fR server configuration file that swat edits. Other +common places that systems install this file are \fI /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf +\fR. This file describes all the services the server is to make available to clients. .SH "WARNINGS" .PP \fBswat\fR will rewrite your \fIsmb.conf -\fRfile. It will rearrange the entries and delete all -comments, \fIinclude=\fR and \fIcopy=" -\fRoptions. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat! +\fR file. It will rearrange the entries and delete all +comments, \fIinclude=\fR and \fIcopy= +\fR options. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat! .SH "VERSION" .PP This man page is correct for version 2.2 of @@ -123,7 +124,7 @@ the Samba suite. .SH "SEE ALSO" .PP \fBinetd(5)\fR, -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP @@ -136,5 +137,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1 index d463db78b1..a53e066acf 100644 --- a/docs/manpages/testparm.1 +++ b/docs/manpages/testparm.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "TESTPARM" "1" "21 August 2002" "" "" +.TH "TESTPARM" "1" "01 October 2002" "" "" .SH NAME testparm \- check an smb.conf configuration file for internal correctness .SH SYNOPSIS @@ -12,7 +12,7 @@ testparm \- check an smb.conf configuration file for internal correctness .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBtestparm\fR is a very simple test program to check an \fBsmbd\fR configuration file for @@ -90,7 +90,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fIsmb.conf(5)\fR, +\fIsmb.conf(5)\fR \fBsmbd(8)\fR .SH "AUTHOR" .PP @@ -102,6 +102,6 @@ to the way the Linux kernel is developed. The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at -ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1 index bc1a27b198..5d5cb97f31 100644 --- a/docs/manpages/testprns.1 +++ b/docs/manpages/testprns.1 @@ -1,21 +1,22 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "TESTPRNS" "1" "28 January 2002" "" "" +.TH "TESTPRNS" "1" "01 October 2002" "" "" .SH NAME testprns \- check printer name for validity with smbd .SH SYNOPSIS -.sp -\fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ] + +\fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ] + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBtestprns\fR is a very simple test program to determine whether a given printer name is valid for use in -a service to be provided by \fB smbd(8)\fR. +a service to be provided by \fB smbd(8)\fR .PP "Valid" in this context means "can be found in the printcap specified". This program is very stupid - so stupid in @@ -41,7 +42,7 @@ This is the name of the printcap file within which to search for the given printer name. If no printcap name is specified \fBtestprns -\fRwill attempt to scan the printcap file name +\fR will attempt to scan the printcap file name specified at compile time. .SH "FILES" .TP @@ -73,7 +74,7 @@ the Samba suite. .SH "SEE ALSO" .PP \fIprintcap(5)\fR, -\fBsmbd(8)\fR, +\fBsmbd(8)\fR \fBsmbclient(1)\fR .SH "AUTHOR" .PP @@ -86,5 +87,5 @@ The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for +release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1 index 78e6e6c35a..dc3092bc66 100644 --- a/docs/manpages/vfstest.1 +++ b/docs/manpages/vfstest.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "VFSTEST" "1" "20 August 2002" "" "" +.TH "VFSTEST" "1" "01 October 2002" "" "" .SH NAME vfstest \- tool for testing samba VFS modules .SH SYNOPSIS @@ -12,29 +12,30 @@ vfstest \- tool for testing samba VFS modules .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP -\fBvfstest\fR is a small command line +\fBvfstest\fR is a small command line utility that has the ability to test dso samba VFS modules. It gives the -user the ability to call the various VFS functions manually and +user the ability to call the various VFS functions manually and supports cascaded VFS modules. .SH "OPTIONS" .TP \fB-c|--command=command\fR -Execute the specified (colon-seperated) commands. +Execute the specified (colon-seperated) commands. See below for the commands that are available. .TP \fB-d|--debug=debuglevel\fR -set the debuglevel. Debug level 0 is the lowest +set the debuglevel. Debug level 0 is the lowest and 100 being the highest. This should be set to 100 if you are -planning on submitting a bug report to the Samba team (see \fIBUGS.txt\fR). +planning on submitting a bug report to the Samba team (see +\fIBUGS.txt\fR). .TP \fB-h|--help\fR Print a summary of command line options. .TP \fB-l|--logfile=logbasename\fR -File name for log/debug files. The extension -\&'.client' will be appended. The log file is never removed +File name for log/debug files. The extension +\&'.client' will be appended. The log file is never removed by the client. .SH "COMMANDS" .PP @@ -166,13 +167,13 @@ by the client. \fBexit\fR - Exit vfstest .SH "VERSION" .PP -This man page is correct for version 3.0 of the Samba +This man page is correct for version 3.0 of the Samba suite. .SH "AUTHOR" .PP -The original Samba software and related utilities +The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed -by the Samba Team as an Open Source project similar +by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. .PP The vfstest man page was written by Jelmer Vernooij. diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 57aaf98b62..96464987e3 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -1,20 +1,21 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WBINFO" "1" "08 May 2002" "" "" +.TH "WBINFO" "1" "01 October 2002" "" "" .SH NAME wbinfo \- Query information from winbind daemon .SH SYNOPSIS -.sp -\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-h name\fR ] [ \fB-i ip\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-r user\fR ] [ \fB-a user%password\fR ] [ \fB-A user%password\fR ] + +\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-h name\fR ] [ \fB-i ip\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-r user\fR ] [ \fB-a user%password\fR ] [ \fB-A user%password\fR ] + .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The \fBwbinfo\fR program queries and returns information -created and used by the \fB winbindd(8)\fRdaemon. +created and used by the \fB winbindd(8)\fR daemon. .PP The \fBwinbindd(8)\fR daemon must be configured and running for the \fBwbinfo\fR program to be able @@ -24,16 +25,16 @@ to return information. \fB-u\fR This option will list all users available in the Windows NT domain for which the \fBwinbindd(8) -\fRdaemon is operating in. Users in all trusted domains -will also be listed. Note that this operation does not assign +\fR daemon is operating in. Users in all trusted domains +will also be listed. Note that this operation does not assign user ids to any users that have not already been seen by \fBwinbindd(8)\fR. .TP \fB-g\fR This option will list all groups available in the Windows NT domain for which the \fBwinbindd(8) -\fRdaemon is operating in. Groups in all trusted domains -will also be listed. Note that this operation does not assign +\fR daemon is operating in. Groups in all trusted domains +will also be listed. Note that this operation does not assign group ids to any groups that have not already been seen by \fBwinbindd(8)\fR. .TP @@ -51,38 +52,38 @@ specified by the \fIip\fR parameter. .TP \fB-n name\fR The \fI-n\fR option -queries \fBwinbindd(8)\fR for the SID +queries \fBwinbindd(8)\fR for the SID associated with the name specified. Domain names can be specified -before the user name by using the winbind separator character. +before the user name by using the winbind separator character. For example CWDOM1/Administrator refers to the Administrator -user in the domain CWDOM1. If no domain is specified then the +user in the domain CWDOM1. If no domain is specified then the domain used is the one specified in the \fIsmb.conf\fR \fIworkgroup\fR parameter. .TP \fB-s sid\fR Use \fI-s\fR to resolve -a SID to a name. This is the inverse of the \fI-n -\fRoption above. SIDs must be specified as ASCII strings +a SID to a name. This is the inverse of the \fI-n +\fR option above. SIDs must be specified as ASCII strings in the traditional Microsoft format. For example, S-1-5-21-1455342024-3071081365-2475485837-500. .TP \fB-U uid\fR Try to convert a UNIX user id to a Windows NT -SID. If the uid specified does not refer to one within +SID. If the uid specified does not refer to one within the winbind uid range then the operation will fail. .TP \fB-G gid\fR Try to convert a UNIX group id to a Windows -NT SID. If the gid specified does not refer to one within +NT SID. If the gid specified does not refer to one within the winbind gid range then the operation will fail. .TP \fB-S sid\fR -Convert a SID to a UNIX user id. If the SID -does not correspond to a UNIX user mapped by \fB winbindd(8)\fR then the operation will fail. +Convert a SID to a UNIX user id. If the SID +does not correspond to a UNIX user mapped by \fB winbindd(8)\fR then the operation will fail. .TP \fB-Y sid\fR -Convert a SID to a UNIX group id. If the SID -does not correspond to a UNIX group mapped by \fB winbindd(8)\fR then the operation will fail. +Convert a SID to a UNIX group id. If the SID +does not correspond to a UNIX group mapped by \fB winbindd(8)\fR then the operation will fail. .TP \fB-t\fR Verify that the workstation trust account @@ -92,12 +93,12 @@ domain is working. \fB-m\fR Produce a list of domains trusted by the Windows NT server \fBwinbindd(8)\fR contacts -when resolving names. This list does not include the Windows +when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for. .TP \fB-r username\fR Try to obtain the list of UNIX group ids -to which the user belongs. This only works for users +to which the user belongs. This only works for users defined on a Domain Controller. .TP \fB-a username%password\fR @@ -106,15 +107,15 @@ This checks both authenticaion methods and reports its results. .TP \fB-A username%password\fR Store username and password used by winbindd -during session setup to a domain controller. This enables +during session setup to a domain controller. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a.k.a. Permissions compatiable with Windows 2000 servers only). .SH "EXIT STATUS" .PP The wbinfo program returns 0 if the operation -succeeded, or 1 if the operation failed. If the \fBwinbindd(8) -\fRdaemon is not working \fBwbinfo\fR will always return +succeeded, or 1 if the operation failed. If the \fBwinbindd(8) +\fR daemon is not working \fBwbinfo\fR will always return failure. .SH "VERSION" .PP diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index ca0c87bd08..fe02c424e1 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -1,24 +1,25 @@ -.\" This manpage has been automatically generated by docbook2man-spec -.\" from a DocBook document. docbook2man-spec can be found at: -.\" +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WINBINDD" "8" "08 May 2002" "" "" +.TH "WINBINDD" "8" "01 October 2002" "" "" .SH NAME winbindd \- Name Service Switch daemon for resolving names from NT servers .SH SYNOPSIS -.sp -\fBwinbindd\fR [ \fB-i\fR ] [ \fB-d \fR ] [ \fB-s \fR ] + +\fBwinbindd\fR [ \fB-i\fR ] [ \fB-d \fR ] [ \fB-s \fR ] + .SH "DESCRIPTION" .PP -This program is part of the Sambasuite. +This program is part of the Samba suite. .PP \fBwinbindd\fR is a daemon that provides a service for the Name Service Switch capability that is present -in most modern C libraries. The Name Service Switch allows user +in most modern C libraries. The Name Service Switch allows user and system information to be obtained from different databases -services such as NIS or DNS. The exact behaviour can be configured -throught the \fI/etc/nsswitch.conf\fR file. +services such as NIS or DNS. The exact behaviour can be configured +throught the \fI/etc/nsswitch.conf\fR file. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system. @@ -30,10 +31,10 @@ services via an associated PAM module. .PP The \fIpam_winbind\fR module in the 2.2.2 release only supports the \fIauth\fR and \fIaccount\fR -module-types. The latter is simply +module-types. The latter simply performs a getpwnam() to verify that the system can obtain a uid for the -user. If the \fIlibnss_winbind\fR library has been correctly -installed, this should always suceed. +user. If the \fIlibnss_winbind\fR library has been correctly +installed, this should always succeed. .PP The following nsswitch databases are implemented by the winbindd service: @@ -51,37 +52,33 @@ the \fIpasswd(5)\fR file and used by .TP \fBgroup\fR Group information traditionally stored in -the \fIgroup(5)\fR file and used by +the \fIgroup(5)\fR file and used by \fBgetgrent(3)\fR functions. .PP For example, the following simple configuration in the \fI/etc/nsswitch.conf\fR file can be used to initially resolve user and group information from \fI/etc/passwd -\fRand \fI/etc/group\fR and then from the +\fR and \fI/etc/group\fR and then from the Windows NT server. .PP -.PP -.sp + .nf passwd: files winbind group: files winbind -.sp .fi .PP -.PP The following simple configuration in the \fI/etc/nsswitch.conf\fR file can be used to initially resolve hostnames from \fI/etc/hosts\fR and then from the WINS server. -.PP .SH "OPTIONS" .TP \fB-d debuglevel\fR Sets the debuglevel to an integer between 0 and 100. 0 is for no debugging and 100 is for reams and reams. To submit a bug report to the Samba Team, use debug -level 100 (see BUGS.txt). +level 100 (see BUGS.txt). .TP \fB-i\fR Tells \fBwinbindd\fR to not @@ -92,20 +89,20 @@ of \fBwinbindd\fR is required. .PP Users and groups on a Windows NT server are assigned a relative id (rid) which is unique for the domain when the -user or group is created. To convert the Windows NT user or group +user or group is created. To convert the Windows NT user or group into a unix user or group, a mapping between rids and unix user -and group ids is required. This is one of the jobs that \fB winbindd\fR performs. +and group ids is required. This is one of the jobs that \fB winbindd\fR performs. .PP As winbindd users and groups are resolved from a server, user -and group ids are allocated from a specified range. This +and group ids are allocated from a specified range. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user -or group enumeration command. The allocated unix ids are stored +or group enumeration command. The allocated unix ids are stored in a database file under the Samba lock directory and will be remembered. .PP WARNING: The rid to unix id database is the only location -where the user and group mappings are stored by winbindd. If this +where the user and group mappings are stored by winbindd. If this file is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids. @@ -113,121 +110,35 @@ and group rids. .PP Configuration of the \fBwinbindd\fR daemon is done through configuration parameters in the \fIsmb.conf(5) -\fRfile. All parameters should be specified in the +\fR file. All parameters should be specified in the [global] section of smb.conf. -.TP -\fBwinbind separator\fR -The winbind separator option allows you -to specify how NT domain names and user names are combined -into unix user names when presented to users. By default, -\fBwinbindd\fR will use the traditional '\\' -separator so that the unix user names look like -DOMAIN\\username. In some cases this separator character may -cause problems as the '\\' character has special meaning in -unix shells. In that case you can use the winbind separator -option to specify an alternative separator character. Good -alternatives may be '/' (although that conflicts -with the unix directory separator) or a '+ 'character. -The '+' character appears to be the best choice for 100% -compatibility with existing unix utilities, but may be an -aesthetically bad choice depending on your taste. - -Default: \fBwinbind separator = \\ \fR - -Example: \fBwinbind separator = + \fR -.TP -\fBwinbind uid\fR -The winbind uid parameter specifies the -range of user ids that are allocated by the winbindd daemon. -This range of ids should have no existing local or NIS users -within it as strange conflicts can occur otherwise. - -Default: \fBwinbind uid = -\fR -Example: \fBwinbind uid = 10000-20000\fR -.TP -\fBwinbind gid\fR -The winbind gid parameter specifies the -range of group ids that are allocated by the winbindd daemon. -This range of group ids should have no existing local or NIS -groups within it as strange conflicts can occur otherwise. - -Default: \fBwinbind gid = -\fR -Example: \fBwinbind gid = 10000-20000 -\fR.TP -\fBwinbind cache time\fR -This parameter specifies the number of -seconds the winbindd daemon will cache user and group information -before querying a Windows NT server again. When a item in the -cache is older than this time winbindd will ask the domain -controller for the sequence number of the server's account database. -If the sequence number has not changed then the cached item is -marked as valid for a further \fIwinbind cache time -\fRseconds. Otherwise the item is fetched from the -server. This means that as long as the account database is not -actively changing winbindd will only have to send one sequence -number query packet every \fIwinbind cache time -\fRseconds. - -Default: \fBwinbind cache time = 15\fR -.TP -\fBwinbind enum users\fR -On large installations it may be necessary -to suppress the enumeration of users through the \fB setpwent()\fR, \fBgetpwent()\fR and -\fBendpwent()\fR group of system calls. If -the \fIwinbind enum users\fR parameter is false, -calls to the \fBgetpwent\fR system call will not -return any data. - -\fBWarning:\fR Turning off user enumeration -may cause some programs to behave oddly. For example, the \fBfinger\fR -program relies on having access to the full user list when -searching for matching usernames. - -Default: \fBwinbind enum users = yes \fR -.TP -\fBwinbind enum groups\fR -On large installations it may be necessary -to suppress the enumeration of groups through the \fB setgrent()\fR, \fBgetgrent()\fR and -\fBendgrent()\fR group of system calls. If -the \fIwinbind enum groups\fR parameter is -false, calls to the \fBgetgrent()\fR system -call will not return any data. - -\fBWarning:\fR Turning off group -enumeration may cause some programs to behave oddly. - -Default: \fBwinbind enum groups = no \fR -.TP -\fBtemplate homedir\fR -When filling out the user information -for a Windows NT user, the \fBwinbindd\fR daemon -uses this parameter to fill in the home directory for that user. -If the string \fI%D\fR is present it is -substituted with the user's Windows NT domain name. If the -string \fI%U\fR is present it is substituted -with the user's Windows NT user name. - -Default: \fBtemplate homedir = /home/%D/%U \fR -.TP -\fBtemplate shell\fR -When filling out the user information for -a Windows NT user, the \fBwinbindd\fR daemon -uses this parameter to fill in the shell for that user. - -Default: \fBtemplate shell = /bin/false \fR -.TP -\fBwinbind use default domain\fR -This parameter specifies whether the \fBwinbindd\fR -daemon should operate on users without domain component in their username. -Users without a domain component are treated as is part of the winbindd server's -own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail -function in a way much closer to the way they would in a native unix system. - -Default: \fBwinbind use default domain = -\fR -Example: \fBwinbind use default domain = true\fR +.TP 0.2i +\(bu +\fIwinbind separator\fR +.TP 0.2i +\(bu +\fIwinbind uid\fR +.TP 0.2i +\(bu +\fIwinbind gid\fR +.TP 0.2i +\(bu +\fIwinbind cache time\fR +.TP 0.2i +\(bu +\fIwinbind enum users\fR +.TP 0.2i +\(bu +\fIwinbind enum groups\fR +.TP 0.2i +\(bu +\fItemplate homedir\fR +.TP 0.2i +\(bu +\fItemplate shell\fR +.TP 0.2i +\(bu +\fIwinbind use default domain\fR .SH "EXAMPLE SETUP" .PP To setup winbindd for user and group lookups plus @@ -237,25 +148,23 @@ following setup. This was tested on a RedHat 6.2 Linux box. In \fI/etc/nsswitch.conf\fR put the following: .PP -.sp + .nf passwd: files winbind group: files winbind -.sp .fi .PP In \fI/etc/pam.d/*\fR replace the \fIauth\fR lines with something like this: .PP -.sp + .nf auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok -.sp .fi .PP Note in particular the use of the \fIsufficient\fR @@ -263,10 +172,11 @@ keyword and the \fIuse_first_pass\fR keyword. .PP Now replace the account lines with this: .PP -\fBaccount required /lib/security/pam_winbind.so -\fR.PP +\fBaccount required /lib/security/pam_winbind.so +\fR +.PP The next step is to join the domain. To do that use the -\fBsmbpasswd\fR program like this: +\fBsmbpasswd\fR program like this: .PP \fBsmbpasswd -j DOMAIN -r PDC -U Administrator\fR @@ -278,16 +188,16 @@ for "PDC". .PP Next copy \fIlibnss_winbind.so\fR to \fI/lib\fR and \fIpam_winbind.so\fR -to \fI/lib/security\fR. A symbolic link needs to be +to \fI/lib/security\fR. A symbolic link needs to be made from \fI/lib/libnss_winbind.so\fR to -\fI/lib/libnss_winbind.so.2\fR. If you are using an +\fI/lib/libnss_winbind.so.2\fR. If you are using an older version of glibc then the target of the link should be \fI/lib/libnss_winbind.so.1\fR. .PP Finally, setup a \fIsmb.conf\fR containing directives like the -following: +following: .PP -.sp + .nf [global] winbind separator = + @@ -300,7 +210,6 @@ following: security = domain password server = * -.sp .fi .PP Now start winbindd and you should find that your user and @@ -308,7 +217,7 @@ group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username. You may wish to use the commands \fBgetent passwd\fR and \fBgetent group -\fRto confirm the correct operation of winbindd. +\fR to confirm the correct operation of winbindd. .SH "NOTES" .PP The following notes are useful when configuring and @@ -317,21 +226,21 @@ running \fBwinbindd\fR: \fBnmbd\fR must be running on the local machine for \fBwinbindd\fR to work. \fBwinbindd\fR queries the list of trusted domains for the Windows NT server -on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between +on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between servers, it must be sent a SIGHUP signal. .PP Client processes resolving names through the \fBwinbindd\fR -nsswitch module read an environment variable named \fB $WINBINDD_DOMAIN\fR. If this variable contains a comma separated +nsswitch module read an environment variable named \fB $WINBINDD_DOMAIN\fR. If this variable contains a comma separated list of Windows NT domain names, then winbindd will only resolve users and groups within those Windows NT domains. .PP -PAM is really easy to misconfigure. Make sure you know what -you are doing when modifying PAM configuration files. It is possible +PAM is really easy to misconfigure. Make sure you know what +you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system. .PP If more than one UNIX machine is running \fBwinbindd\fR, then in general the user and groups ids allocated by winbindd will not -be the same. The user and group ids will only be valid for the local +be the same. The user and group ids will only be valid for the local machine. .PP If the the Windows NT RID to UNIX user and group id mapping @@ -344,12 +253,12 @@ The following signals can be used to manipulate the \fBSIGHUP\fR Reload the \fIsmb.conf(5)\fR file and apply any parameter changes to the running -version of winbindd. This signal also clears any cached -user and group information. The list of other domains trusted -by winbindd is also reloaded. +version of winbindd. This signal also clears any cached +user and group information. The list of other domains trusted +by winbindd is also reloaded. .TP \fBSIGUSR1\fR -The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind +The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind log file including information about the number of user and group ids allocated by \fBwinbindd\fR. @@ -362,7 +271,7 @@ Name service switch configuration file. .TP \fB/tmp/.winbindd/pipe\fR The UNIX pipe over which clients communicate with -the \fBwinbindd\fR program. For security reasons, the +the \fBwinbindd\fR program. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the \fI/tmp/.winbindd\fR directory and \fI/tmp/.winbindd/pipe\fR file are owned by @@ -373,10 +282,10 @@ Implementation of name service switch library. .TP \fB$LOCKDIR/winbindd_idmap.tdb\fR Storage for the Windows NT rid to UNIX user/group -id mapping. The lock directory is specified when Samba is initially +id mapping. The lock directory is specified when Samba is initially compiled using the \fI--with-lockdir\fR option. This directory is by default \fI/usr/local/samba/var/locks -\fR\&. +\fR. .TP \fB$LOCKDIR/winbindd_cache.tdb\fR Storage for cached user and group information. @@ -387,8 +296,8 @@ the Samba suite. .SH "SEE ALSO" .PP \fInsswitch.conf(5)\fR, -samba(7), -wbinfo(1), +samba(7) +wbinfo(1) smb.conf(5) .SH "AUTHOR" .PP -- cgit From d962f8b3c04c066aa65141ba4d63552d40e8b041 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 1 Oct 2002 17:03:24 +0000 Subject: regenerate (This used to be commit 57c9a6a1e8159f2eeaf0e3dae104a0815a000fa4) --- docs/htmldocs/winbind.html | 320 +++++++++++++++++++++++++++------------------ 1 file changed, 194 insertions(+), 126 deletions(-) (limited to 'docs') diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html index 7d45b174dd..cac9a70a6d 100644 --- a/docs/htmldocs/winbind.html +++ b/docs/htmldocs/winbind.html @@ -1,43 +1,92 @@ + Unified Logons between Windows NT and UNIX using Winbind
SAMBA Project Documentation
PrevNext
Chapter 11. Unified Logons between Windows NT and UNIX using Winbind

Abstract

11.1. Abstract

Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous computing environments for a long time. We present - winbind, a component of the Samba suite of programs as a solution to the unified logon problem. Winbind uses a UNIX implementation @@ -49,12 +98,10 @@ CLASS="EMPHASIS" >

Introduction

11.2. Introduction

It is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and @@ -103,12 +150,10 @@ NAME="AEN7" >

What Winbind Provides

11.3. What Winbind Provides

Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once @@ -145,12 +190,10 @@ NAME="AEN20" location (on the domain controller).

Target Uses

11.3.1. Target Uses

Winbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish @@ -169,12 +212,10 @@ NAME="AEN27" >

How Winbind Works

11.4. How Winbind Works

The winbind system is designed around a client/server architecture. A long running

Microsoft Remote Procedure Calls

11.4.1. Microsoft Remote Procedure Calls

Over the last two years, efforts have been underway by various Samba Team members to decode various aspects of @@ -215,12 +254,10 @@ NAME="AEN36" >

Name Service Switch

11.4.2. Name Service Switch

The Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system @@ -295,12 +332,10 @@ CLASS="FILENAME" >

Pluggable Authentication Modules

11.4.3. Pluggable Authentication Modules

Pluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization @@ -344,12 +379,10 @@ CLASS="FILENAME" >

User and Group ID Allocation

11.4.4. User and Group ID Allocation

When a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is @@ -370,12 +403,10 @@ NAME="AEN64" >

Result Caching

11.4.5. Result Caching

An active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind @@ -393,12 +424,10 @@ NAME="AEN68" >

Installation and Configuration

11.5. Installation and Configuration

Many thanks to John Trostel

Introduction

11.5.1. Introduction

This HOWTO describes the procedures used to get winbind up and running on my RedHat 7.1 system. Winbind is capable of providing access @@ -441,9 +468,12 @@ somewhat to fit the way your distribution works.

  • Why should I to this?

  • Who should be reading this document?

Requirements

11.5.2. Requirements

If you have a samba configuration file that you are currently -using... BACK IT UP! If your system already uses PAM, -back up the /etc/pam.d directory contents! If you haven't already made a boot disk, -MAKE ONE NOW!

Messing with the pam configuration files can make it nearly impossible @@ -534,12 +574,10 @@ CLASS="FILENAME" >

Testing Things Out

11.5.3. Testing Things Out

Before starting, it is probably best to kill off all the SAMBA related daemons running on your server. Kill off all RPMs installed.

Configure and compile SAMBA

11.5.3.1. Configure and compile SAMBA

The configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon @@ -645,16 +681,14 @@ It will also build the winbindd executable and libraries.

Configure 11.5.3.2. Configure nsswitch.conf and the -winbind libraries

The libraries needed to run the

Configure smb.conf

11.5.3.3. Configure smb.conf

Several parameters are needed in the smb.conf file to control the behavior of

Join the SAMBA server to the PDC domain

11.5.3.4. Join the SAMBA server to the PDC domain

Enter the following command to make the SAMBA server join the PDC domain, where

Start up the winbindd daemon and test it!

11.5.3.5. Start up the winbindd daemon and test it!

Eventually, you will want to modify your smb startup script to automatically invoke the winbindd daemon when the other parts of @@ -994,20 +1022,16 @@ CLASS="COMMAND" >

Fix the init.d startup scripts

11.5.3.6. Fix the init.d startup scripts

Linux

11.5.3.6.1. Linux

The

Solaris

11.5.3.6.2. Solaris

On solaris, you need to modify the

Restarting

11.5.3.6.3. Restarting

If you restart the

Configure Winbind and PAM

11.5.3.7. Configure Winbind and PAM

If you have made it this far, you know that winbindd and samba are working together. If you want to use winbind to provide authentication for other @@ -1251,12 +1269,10 @@ CLASS="COMMAND" >

Linux/FreeBSD-specific PAM configuration

11.5.3.7.1. Linux/FreeBSD-specific PAM configuration

The

Solaris-specific configuration

11.5.3.7.2. Solaris-specific configuration

The /etc/pam.conf needs to be changed. I changed this file so that my Domain users can logon both locally as well as telnet.The following are the changes @@ -1467,12 +1481,10 @@ configured in the pam.conf.

Limitations

11.6. Limitations

Winbind has a number of limitations in its current released version that we hope to overcome in future @@ -1508,12 +1520,10 @@ NAME="AEN320" >

Conclusion

11.7. Conclusion

The winbind system, through the use of the Name Service Switch, Pluggable Authentication Modules, and appropriate @@ -1523,6 +1533,64 @@ NAME="AEN330" cost of running a mixed UNIX and NT network.

PrevHomeNext
security = domain in Samba 2.x How to Configure Samba 2.2 as a Primary Domain Controller
\ No newline at end of file -- cgit From eb17f95e164520e0e5b0c665ad1ffc8323c7293f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Oct 2002 13:38:50 +0000 Subject: Remove manpage when there are errors during generation (This used to be commit ae230491a8860a1846bd272d6455119a5bc99dd5) --- docs/docbook/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index c79c9008ff..499c1742b8 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -101,7 +101,7 @@ $(HTMLDIR)/%.html: $(MANSGMLDIR)/%.sgml mv $(HTMLDIR)/index.html $@ $(MANDIR)/%: $(MANSGMLDIR)/%.sgml - $(DOCBOOK2MAN) -o $(MANDIR) $< + $(DOCBOOK2MAN) -o $(MANDIR) $< || rm $@ $(PERL) scripts/strip-links.pl < $@ > $@.temp mv $@.temp $@ -- cgit From 53b16591832dc07e9e15a9078f08a899503bbaa6 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 2 Oct 2002 14:08:40 +0000 Subject: newly generated docs; removing old ones (This used to be commit d72538fd14b8d00ea07f19464b4f3a3d93445cbf) --- docs/htmldocs/Browsing.html | 741 ------------ docs/htmldocs/Bugs.html | 238 ---- docs/htmldocs/CVS-Access.html | 193 --- docs/htmldocs/DOMAIN_MEMBER.html | 372 ------ docs/htmldocs/Diagnosis.html | 548 --------- docs/htmldocs/Integrating-with-Windows.html | 1072 ----------------- docs/htmldocs/OS2-Client-HOWTO.html | 210 ---- docs/htmldocs/PAM-Authentication-And-Samba.html | 318 ----- docs/htmldocs/Printing.html | 408 ------- docs/htmldocs/Samba-HOWTO.html | 1440 +++++++++++++++++++++++ docs/htmldocs/Samba-LDAP-HOWTO.html | 891 -------------- docs/htmldocs/Speed.html | 550 --------- docs/htmldocs/UNIX_INSTALL.html | 799 ------------- docs/htmldocs/bugreport.html | 332 ++++++ docs/htmldocs/cvs-access.html | 291 +++++ docs/htmldocs/diagnosis.html | 624 ++++++++++ docs/htmldocs/domain-security.html | 475 ++++++++ docs/htmldocs/groupmapping.html | 228 ++++ docs/htmldocs/improved-browsing.html | 823 +++++++++++++ docs/htmldocs/install.html | 872 ++++++++++++++ docs/htmldocs/integrate-ms-networks.html | 1143 ++++++++++++++++++ docs/htmldocs/msdfs.html | 314 +++++ docs/htmldocs/msdfs_setup.html | 210 ---- docs/htmldocs/other-clients.html | 559 +++++++++ docs/htmldocs/pam.html | 418 +++++++ docs/htmldocs/portability.html | 272 +++++ docs/htmldocs/printer_driver2.html | 987 ---------------- docs/htmldocs/printing.html | 1204 +++++++++++++++++++ docs/htmldocs/printingdebug.html | 496 ++++++++ docs/htmldocs/samba-bdc.html | 341 ++++++ docs/htmldocs/samba-ldap-howto.html | 979 +++++++++++++++ docs/htmldocs/security_level.html | 169 --- docs/htmldocs/securitylevels.html | 271 +++++ docs/htmldocs/speed.html | 616 ++++++++++ docs/htmldocs/unix-permissions.html | 898 ++++++++++++++ 35 files changed, 12596 insertions(+), 7706 deletions(-) delete mode 100644 docs/htmldocs/Browsing.html delete mode 100644 docs/htmldocs/Bugs.html delete mode 100644 docs/htmldocs/CVS-Access.html delete mode 100644 docs/htmldocs/DOMAIN_MEMBER.html delete mode 100644 docs/htmldocs/Diagnosis.html delete mode 100644 docs/htmldocs/Integrating-with-Windows.html delete mode 100644 docs/htmldocs/OS2-Client-HOWTO.html delete mode 100644 docs/htmldocs/PAM-Authentication-And-Samba.html delete mode 100644 docs/htmldocs/Printing.html create mode 100644 docs/htmldocs/Samba-HOWTO.html delete mode 100644 docs/htmldocs/Samba-LDAP-HOWTO.html delete mode 100644 docs/htmldocs/Speed.html delete mode 100644 docs/htmldocs/UNIX_INSTALL.html create mode 100644 docs/htmldocs/bugreport.html create mode 100644 docs/htmldocs/cvs-access.html create mode 100644 docs/htmldocs/diagnosis.html create mode 100644 docs/htmldocs/domain-security.html create mode 100644 docs/htmldocs/groupmapping.html create mode 100644 docs/htmldocs/improved-browsing.html create mode 100644 docs/htmldocs/install.html create mode 100644 docs/htmldocs/integrate-ms-networks.html create mode 100644 docs/htmldocs/msdfs.html delete mode 100644 docs/htmldocs/msdfs_setup.html create mode 100644 docs/htmldocs/other-clients.html create mode 100644 docs/htmldocs/pam.html create mode 100644 docs/htmldocs/portability.html delete mode 100644 docs/htmldocs/printer_driver2.html create mode 100644 docs/htmldocs/printing.html create mode 100644 docs/htmldocs/printingdebug.html create mode 100644 docs/htmldocs/samba-bdc.html create mode 100644 docs/htmldocs/samba-ldap-howto.html delete mode 100644 docs/htmldocs/security_level.html create mode 100644 docs/htmldocs/securitylevels.html create mode 100644 docs/htmldocs/speed.html create mode 100644 docs/htmldocs/unix-permissions.html (limited to 'docs') diff --git a/docs/htmldocs/Browsing.html b/docs/htmldocs/Browsing.html deleted file mode 100644 index 5f5f71ba69..0000000000 --- a/docs/htmldocs/Browsing.html +++ /dev/null @@ -1,741 +0,0 @@ -Improved browsing in samba

Overview of browsing

SMB networking provides a mechanism by which clients can access a list -of machines in a network, a so-called "browse list". This list -contains machines that are ready to offer file and/or print services -to other machines within the network. Thus it does not include -machines which aren't currently able to do server tasks. The browse -list is heavily used by all SMB clients. Configuration of SMB -browsing has been problematic for some Samba users, hence this -document.

Browsing will NOT work if name resolution from NetBIOS names to IP -addresses does not function correctly. Use of a WINS server is highly -recommended to aid the resolution of NetBIOS (SMB) names to IP addresses. -WINS allows remote segment clients to obtain NetBIOS name_type information -that can NOT be provided by any other means of name resolution.

Browsing support in samba

Samba now fully supports browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)).

Samba can act as a local browse master for a workgroup and the ability -for samba to support domain logons and scripts is now available. See -DOMAIN.txt for more information on domain logons.

Samba can also act as a domain master browser for a workgroup. This -means that it will collate lists from local browse masters into a -wide area network server list. In order for browse clients to -resolve the names they may find in this list, it is recommended that -both samba and your clients use a WINS server.

Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain: on each wide area -network, you must only ever have one domain master browser per workgroup, -regardless of whether it is NT, Samba or any other type of domain master -that is providing this service.

[Note that nmbd can be configured as a WINS server, but it is not -necessary to specifically use samba as your WINS server. NTAS can -be configured as your WINS server. In a mixed NT server and -samba environment on a Wide Area Network, it is recommended that -you use the NT server's WINS server capabilities. In a samba-only -environment, it is recommended that you use one and only one nmbd -as your WINS server].

To get browsing to work you need to run nmbd as usual, but will need -to use the "workgroup" option in smb.conf to control what workgroup -Samba becomes a part of.

Samba also has a useful option for a Samba server to offer itself for -browsing on another subnet. It is recommended that this option is only -used for 'unusual' purposes: announcements over the internet, for -example. See "remote announce" in the smb.conf man page.

Problem resolution

If something doesn't work then hopefully the log.nmb file will help -you track down the problem. Try a debug level of 2 or 3 for finding -problems. Also note that the current browse list usually gets stored -in text form in a file called browse.dat.

Note that if it doesn't work for you, then you should still be able to -type the server name as \\SERVER in filemanager then hit enter and -filemanager should display the list of available shares.

Some people find browsing fails because they don't have the global -"guest account" set to a valid account. Remember that the IPC$ -connection that lists the shares is done as guest, and thus you must -have a valid guest account.

Also, a lot of people are getting bitten by the problem of too many -parameters on the command line of nmbd in inetd.conf. This trick is to -not use spaces between the option and the parameter (eg: -d2 instead -of -d 2), and to not use the -B and -N options. New versions of nmbd -are now far more likely to correctly find your broadcast and network -address, so in most cases these aren't needed.

The other big problem people have is that their broadcast address, -netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf)

Browsing across subnets

With the release of Samba 1.9.17(alpha1 and above) Samba has been -updated to enable it to support the replication of browse lists -across subnet boundaries. New code and options have been added to -achieve this. This section describes how to set this feature up -in different settings.

To see browse lists that span TCP/IP subnets (ie. networks separated -by routers that don't pass broadcast traffic) you must set up at least -one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing -NetBIOS name to IP address translation to be done by doing a direct -query of the WINS server. This is done via a directed UDP packet on -port 137 to the WINS server machine. The reason for a WINS server is -that by default, all NetBIOS name to IP address translation is done -by broadcasts from the querying machine. This means that machines -on one subnet will not be able to resolve the names of machines on -another subnet without using a WINS server.

Remember, for browsing across subnets to work correctly, all machines, -be they Windows 95, Windows NT, or Samba servers must have the IP address -of a WINS server given to them by a DHCP server, or by manual configuration -(for Win95 and WinNT, this is in the TCP/IP Properties, under Network -settings) for Samba this is in the smb.conf file.

How does cross subnet browsing work ?

Cross subnet browsing is a complicated dance, containing multiple -moving parts. It has taken Microsoft several years to get the code -that achieves this correct, and Samba lags behind in some areas. -However, with the 1.9.17 release, Samba is capable of cross subnet -browsing when configured correctly.

Consider a network set up as follows :

                                   (DMB)
-             N1_A      N1_B        N1_C       N1_D        N1_E
-              |          |           |          |           |
-          -------------------------------------------------------
-            |          subnet 1                       |
-          +---+                                      +---+
-          |R1 | Router 1                  Router 2   |R2 |
-          +---+                                      +---+
-            |                                          |
-            |  subnet 2              subnet 3          |
-  --------------------------       ------------------------------------
-  |     |     |      |               |        |         |           |
- N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
-                    (WINS)

Consisting of 3 subnets (1, 2, 3) connected by two routers -(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines -on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume -for the moment that all these machines are configured to be in the -same workgroup (for simplicities sake). Machine N1_C on subnet 1 -is configured as Domain Master Browser (ie. it will collate the -browse lists for the workgroup). Machine N2_D is configured as -WINS server and all the other machines are configured to register -their NetBIOS names with it.

As all these machines are booted up, elections for master browsers -will take place on each of the three subnets. Assume that machine -N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on -subnet 3 - these machines are known as local master browsers for -their particular subnet. N1_C has an advantage in winning as the -local master browser on subnet 1 as it is set up as Domain Master -Browser.

On each of the three networks, machines that are configured to -offer sharing services will broadcast that they are offering -these services. The local master browser on each subnet will -receive these broadcasts and keep a record of the fact that -the machine is offering a service. This list of records is -the basis of the browse list. For this case, assume that -all the machines are configured to offer services so all machines -will be on the browse list.

For each network, the local master browser on that network is -considered 'authoritative' for all the names it receives via -local broadcast. This is because a machine seen by the local -master browser via a local broadcast must be on the same -network as the local master browser and thus is a 'trusted' -and 'verifiable' resource. Machines on other networks that -the local master browsers learn about when collating their -browse lists have not been directly seen - these records are -called 'non-authoritative'.

At this point the browse lists look as follows (these are -the machines you would see in your network neighborhood if -you looked in it on a particular network right now).

Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D

Note that at this point all the subnets are separate, no -machine is seen across any of the subnets.

Now examine subnet 2. As soon as N2_B has become the local -master browser it looks for a Domain master browser to synchronize -its browse list with. It does this by querying the WINS server -(N2_D) for the IP address associated with the NetBIOS name -WORKGROUP>1B<. This name was registerd by the Domain master -browser (N1_C) with the WINS server as soon as it was booted.

Once N2_B knows the address of the Domain master browser it -tells it that is the local master browser for subnet 2 by -sending a MasterAnnouncement packet as a UDP port 138 packet. -It then synchronizes with it by doing a NetServerEnum2 call. This -tells the Domain Master Browser to send it all the server -names it knows about. Once the domain master browser receives -the MasterAnnouncement packet it schedules a synchronization -request to the sender of that packet. After both synchronizations -are done the browse lists look like :

Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-
-Servers with a (*) after them are non-authoritative names.

At this point users looking in their network neighborhood on -subnets 1 or 2 will see all the servers on both, users on -subnet 3 will still only see the servers on their own subnet.

The same sequence of events that occured for N2_B now occurs -for the local master browser on subnet 3 (N3_D). When it -synchronizes browse lists with the domain master browser (N1_A) -it gets both the server entries on subnet 1, and those on -subnet 2. After N3_D has synchronized with N1_C and vica-versa -the browse lists look like.

Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Servers with a (*) after them are non-authoritative names.

At this point users looking in their network neighborhood on -subnets 1 or 3 will see all the servers on all sunbets, users on -subnet 2 will still only see the servers on subnets 1 and 2, but not 3.

Finally, the local master browser for subnet 2 (N2_B) will sync again -with the domain master browser (N1_C) and will recieve the missing -server entries. Finally - and as a steady state (if no machines -are removed or shut off) the browse lists will look like :

Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-	
-Servers with a (*) after them are non-authoritative names.

Synchronizations between the domain master browser and local -master browsers will continue to occur, but this should be a -steady state situation.

If either router R1 or R2 fails the following will occur:

  1. Names of computers on each side of the inaccessible network fragments - will be maintained for as long as 36 minutes, in the network neighbourhood - lists. -

  2. Attempts to connect to these inaccessible computers will fail, but the - names will not be removed from the network neighbourhood lists. -

  3. If one of the fragments is cut off from the WINS server, it will only - be able to access servers on its local subnet, by using subnet-isolated - broadcast NetBIOS name resolution. The effects are similar to that of - losing access to a DNS server. -

Setting up a WINS server

Either a Samba machine or a Windows NT Server machine may be set up -as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : -in the [globals] section add the line

wins support = yes

Versions of Samba previous to 1.9.17 had this parameter default to -yes. If you have any older versions of Samba on your network it is -strongly suggested you upgrade to 1.9.17 or above, or at the very -least set the parameter to 'no' on all these machines.

Machines with "wins support = yes" will keep a list of -all NetBIOS names registered with them, acting as a DNS for NetBIOS names.

You should set up only ONE wins server. Do NOT set the -"wins support = yes" option on more than one Samba -server.

To set up a Windows NT Server as a WINS server you need to set up -the WINS service - see your NT documentation for details. Note that -Windows NT WINS Servers can replicate to each other, allowing more -than one to be set up in a complex subnet environment. As Microsoft -refuse to document these replication protocols Samba cannot currently -participate in these replications. It is possible in the future that -a Samba->Samba WINS replication protocol may be defined, in which -case more than one Samba machine could be set up as a WINS server -but currently only one Samba server should have the "wins support = yes" -parameter set.

After the WINS server has been configured you must ensure that all -machines participating on the network are configured with the address -of this WINS server. If your WINS server is a Samba machine, fill in -the Samba machine IP address in the "Primary WINS Server" field of -the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs -in Windows 95 or Windows NT. To tell a Samba server the IP address -of the WINS server add the following line to the [global] section of -all smb.conf files :

wins server = >name or IP address<

where >name or IP address< is either the DNS name of the WINS server -machine or its IP address.

Note that this line MUST NOT BE SET in the smb.conf file of the Samba -server acting as the WINS server itself. If you set both the -"wins support = yes" option and the -"wins server = >name<" option then -nmbd will fail to start.

There are two possible scenarios for setting up cross subnet browsing. -The first details setting up cross subnet browsing on a network containing -Windows 95, Samba and Windows NT machines that are not configured as -part of a Windows NT Domain. The second details setting up cross subnet -browsing on networks that contain NT Domains.

Setting up Browsing in a WORKGROUP

To set up cross subnet browsing on a network containing machines -in up to be in a WORKGROUP, not an NT Domain you need to set up one -Samba server to be the Domain Master Browser (note that this is *NOT* -the same as a Primary Domain Controller, although in an NT Domain the -same machine plays both roles). The role of a Domain master browser is -to collate the browse lists from local master browsers on all the -subnets that have a machine participating in the workgroup. Without -one machine configured as a domain master browser each subnet would -be an isolated workgroup, unable to see any machines on any other -subnet. It is the presense of a domain master browser that makes -cross subnet browsing possible for a workgroup.

In an WORKGROUP environment the domain master browser must be a -Samba server, and there must only be one domain master browser per -workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file :

domain master = yes

The domain master browser should also preferrably be the local master -browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file :

        domain master = yes
-        local master = yes
-        preferred master = yes
-        os level = 65

The domain master browser may be the same machine as the WINS -server, if you require.

Next, you should ensure that each of the subnets contains a -machine that can act as a local master browser for the -workgroup. Any NT machine should be able to do this, as will -Windows 95 machines (although these tend to get rebooted more -often, so it's not such a good idea to use these). To make a -Samba server a local master browser set the following -options in the [global] section of the smb.conf file :

        domain master = no
-        local master = yes
-        preferred master = yes
-        os level = 65

Do not do this for more than one Samba server on each subnet, -or they will war with each other over which is to be the local -master browser.

The "local master" parameter allows Samba to act as a local master -browser. The "preferred master" causes nmbd to force a browser -election on startup and the "os level" parameter sets Samba high -enough so that it should win any browser elections.

If you have an NT machine on the subnet that you wish to -be the local master browser then you can disable Samba from -becoming a local master browser by setting the following -options in the [global] section of the smb.conf file :

        domain master = no
-        local master = no
-        preferred master = no
-        os level = 0

Setting up Browsing in a DOMAIN

If you are adding Samba servers to a Windows NT Domain then -you must not set up a Samba server as a domain master browser. -By default, a Windows NT Primary Domain Controller for a Domain -name is also the Domain master browser for that name, and many -things will break if a Samba server registers the Domain master -browser NetBIOS name (DOMAIN>1B<) with WINS instead of the PDC.

For subnets other than the one containing the Windows NT PDC -you may set up Samba servers as local master browsers as -described. To make a Samba server a local master browser set -the following options in the [global] section of the smb.conf -file :

        domain master = no
-        local master = yes
-        preferred master = yes
-        os level = 65

If you wish to have a Samba server fight the election with machines -on the same subnet you may set the "os level" parameter to lower -levels. By doing this you can tune the order of machines that -will become local master browsers if they are running. For -more details on this see the section "FORCING SAMBA TO BE THE MASTER" -below.

If you have Windows NT machines that are members of the domain -on all subnets, and you are sure they will always be running then -you can disable Samba from taking part in browser elections and -ever becoming a local master browser by setting following options -in the [global] section of the smb.conf file :

domain master = no - local master = no - preferred master = no - os level = 0

Forcing samba to be the master

Who becomes the "master browser" is determined by an election process -using broadcasts. Each election packet contains a number of parameters -which determine what precedence (bias) a host should have in the -election. By default Samba uses a very low precedence and thus loses -elections to just about anyone else.

If you want Samba to win elections then just set the "os level" global -option in smb.conf to a higher number. It defaults to 0. Using 34 -would make it win all elections over every other system (except other -samba systems!)

A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A -NTAS domain controller uses level 32.

The maximum os level is 255

If you want samba to force an election on startup, then set the -"preferred master" global option in smb.conf to "yes". Samba will -then have a slight advantage over other potential master browsers -that are not preferred master browsers. Use this parameter with -care, as if you have two hosts (whether they are windows 95 or NT or -samba) on the same local subnet both set with "preferred master" to -"yes", then periodically and continually they will force an election -in order to become the local master browser.

If you want samba to be a "domain master browser", then it is -recommended that you also set "preferred master" to "yes", because -samba will not become a domain master browser for the whole of your -LAN or WAN if it is not also a local master browser on its own -broadcast isolated subnet.

It is possible to configure two samba servers to attempt to become -the domain master browser for a domain. The first server that comes -up will be the domain master browser. All other samba servers will -attempt to become the domain master browser every 5 minutes. They -will find that another samba server is already the domain master -browser and will fail. This provides automatic redundancy, should -the current domain master browser fail.

Making samba the domain master

The domain master is responsible for collating the browse lists of -multiple subnets so that browsing can occur between subnets. You can -make samba act as the domain master by setting "domain master = yes" -in smb.conf. By default it will not be a domain master.

Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain.

When samba is the domain master and the master browser it will listen -for master announcements (made roughly every twelve minutes) from local -master browsers on other subnets and then contact them to synchronise -browse lists.

If you want samba to be the domain master then I suggest you also set -the "os level" high enough to make sure it wins elections, and set -"preferred master" to "yes", to get samba to force an election on -startup.

Note that all your servers (including samba) and clients should be -using a WINS server to resolve NetBIOS names. If your clients are only -using broadcasting to resolve NetBIOS names, then two things will occur:

  1. your local master browsers will be unable to find a domain master - browser, as it will only be looking on the local subnet. -

  2. if a client happens to get hold of a domain-wide browse list, and - a user attempts to access a host in that list, it will be unable to - resolve the NetBIOS name of that host. -

If, however, both samba and your clients are using a WINS server, then:

  1. your local master browsers will contact the WINS server and, as long as - samba has registered that it is a domain master browser with the WINS - server, your local master browser will receive samba's ip address - as its domain master browser. -

  2. when a client receives a domain-wide browse list, and a user attempts - to access a host in that list, it will contact the WINS server to - resolve the NetBIOS name of that host. as long as that host has - registered its NetBIOS name with the same WINS server, the user will - be able to see that host. -

Note about broadcast addresses

If your network uses a "0" based broadcast address (for example if it -ends in a 0) then you will strike problems. Windows for Workgroups -does not seem to support a 0's broadcast and you will probably find -that browsing and name lookups won't work.

Multiple interfaces

Samba now supports machines with multiple network interfaces. If you -have multiple interfaces then you will need to use the "interfaces" -option in smb.conf to configure them. See smb.conf(5) for details.

\ No newline at end of file diff --git a/docs/htmldocs/Bugs.html b/docs/htmldocs/Bugs.html deleted file mode 100644 index 0f7fb7bd60..0000000000 --- a/docs/htmldocs/Bugs.html +++ /dev/null @@ -1,238 +0,0 @@ -Reporting Bugs

Introduction

The email address for bug reports is samba@samba.org

Please take the time to read this file before you submit a bug -report. Also, please see if it has changed between releases, as we -may be changing the bug reporting mechanism at some time.

Please also do as much as you can yourself to help track down the -bug. Samba is maintained by a dedicated group of people who volunteer -their time, skills and efforts. We receive far more mail about it than -we can possibly answer, so you have a much higher chance of an answer -and a fix if you send us a "developer friendly" bug report that lets -us fix it fast.

Do not assume that if you post the bug to the comp.protocols.smb -newsgroup or the mailing list that we will read it. If you suspect that your -problem is not a bug but a configuration problem then it is better to send -it to the Samba mailing list, as there are (at last count) 5000 other users on -that list that may be able to help you.

You may also like to look though the recent mailing list archives, -which are conveniently accessible on the Samba web pages -at http://samba.org/samba/

General info

Before submitting a bug report check your config for silly -errors. Look in your log files for obvious messages that tell you that -you've misconfigured something and run testparm to test your config -file for correct syntax.

Have you run through the diagnosis? -This is very important.

If you include part of a log file with your bug report then be sure to -annotate it with exactly what you were doing on the client at the -time, and exactly what the results were.

Debug levels

If the bug has anything to do with Samba behaving incorrectly as a -server (like refusing to open a file) then the log files will probably -be very useful. Depending on the problem a log level of between 3 and -10 showing the problem may be appropriate. A higher level givesmore -detail, but may use too much disk space.

To set the debug level use log level = in your -smb.conf. You may also find it useful to set the log -level higher for just one machine and keep separate logs for each machine. -To do this use:

log level = 10
-log file = /usr/local/samba/lib/log.%m
-include = /usr/local/samba/lib/smb.conf.%m

then create a file -/usr/local/samba/lib/smb.conf.machine where -"machine" is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example -log level= may be useful. This also allows you to -experiment with different security systems, protocol levels etc on just -one machine.

The smb.conf entry log level = -is synonymous with the entry debuglevel = that has been -used in older versions of Samba and is being retained for backwards -compatibility of smb.conf files.

As the log level = value is increased you will record -a significantly increasing level of debugging information. For most -debugging operations you may not need a setting higher than 3. Nearly -all bugs can be tracked at a setting of 10, but be prepared for a VERY -large volume of log data.

Internal errors

If you get a "INTERNAL ERROR" message in your log files it means that -Samba got an unexpected signal while running. It is probably a -segmentation fault and almost certainly means a bug in Samba (unless -you have faulty hardware or system software)

If the message came from smbd then it will probably be accompanied by -a message which details the last SMB message received by smbd. This -info is often very useful in tracking down the problem so please -include it in your bug report.

You should also detail how to reproduce the problem, if -possible. Please make this reasonably detailed.

You may also find that a core file appeared in a "corefiles" -subdirectory of the directory where you keep your samba log -files. This file is the most useful tool for tracking down the bug. To -use it you do this:

gdb smbd core

adding appropriate paths to smbd and core so gdb can find them. If you -don't have gdb then try "dbx". Then within the debugger use the -command "where" to give a stack trace of where the problem -occurred. Include this in your mail.

If you known any assembly language then do a "disass" of the routine -where the problem occurred (if its in a library routine then -disassemble the routine that called it) and try to work out exactly -where the problem is by looking at the surrounding code. Even if you -don't know assembly then incuding this info in the bug report can be -useful.

Attaching to a running process

Unfortunately some unixes (in particular some recent linux kernels) -refuse to dump a core file if the task has changed uid (which smbd -does often). To debug with this sort of system you could try to attach -to the running process using "gdb smbd PID" where you get PID from -smbstatus. Then use "c" to continue and try to cause the core dump -using the client. The debugger should catch the fault and tell you -where it occurred.

Patches

The best sort of bug report is one that includes a fix! If you send us -patches please use diff -u format if your version of -diff supports it, otherwise use diff -c4. Make sure -your do the diff against a clean version of the source and let me know -exactly what version you used.

\ No newline at end of file diff --git a/docs/htmldocs/CVS-Access.html b/docs/htmldocs/CVS-Access.html deleted file mode 100644 index 1329433f1a..0000000000 --- a/docs/htmldocs/CVS-Access.html +++ /dev/null @@ -1,193 +0,0 @@ -HOWTO Access Samba source code via CVS

Introduction

Samba is developed in an open environment. Developers use CVS -(Concurrent Versioning System) to "checkin" (also known as -"commit") new source code. Samba's various CVS branches can -be accessed via anonymous CVS using the instructions -detailed in this chapter.

This document is a modified version of the instructions found at -http://samba.org/samba/cvs.html

CVS Access to samba.org

The machine samba.org runs a publicly accessible CVS -repository for access to the source code of several packages, -including samba, rsync and jitterbug. There are two main ways of -accessing the CVS server on this host.

Access via CVSweb

You can access the source code via your -favourite WWW browser. This allows you to access the contents of -individual files in the repository and also to look at the revision -history and commit logs of individual files. You can also ask for a diff -listing between any two versions on the repository.

Use the URL : http://samba.org/cgi-bin/cvsweb

Access via cvs

You can also access the source code via a -normal cvs client. This gives you much more control over you can -do with the repository and allows you to checkout whole source trees -and keep them up to date via normal cvs commands. This is the -preferred method of access if you are a developer and not -just a casual browser.

To download the latest cvs source code, point your -browser at the URL : http://www.cyclic.com/. -and click on the 'How to get cvs' link. CVS is free software under -the GNU GPL (as is Samba). Note that there are several graphical CVS clients -which provide a graphical interface to the sometimes mundane CVS commands. -Links to theses clients are also available from http://www.cyclic.com.

To gain access via anonymous cvs use the following steps. -For this example it is assumed that you want a copy of the -samba source code. For the other source code repositories -on this system just substitute the correct package name

  1. Install a recent copy of cvs. All you really need is a - copy of the cvs client binary. -

  2. Run the command -

    cvs -d :pserver:cvs@samba.org:/cvsroot login -

    When it asks you for a password type cvs. -

  3. Run the command -

    cvs -d :pserver:cvs@samba.org:/cvsroot co samba -

    This will create a directory called samba containing the - latest samba source code (i.e. the HEAD tagged cvs branch). This - currently corresponds to the 3.0 development tree. -

    CVS branches other HEAD can be obtained by using the -r - and defining a tag name. A list of branch tag names can be found on the - "Development" page of the samba web site. A common request is to obtain the - latest 2.2 release code. This could be done by using the following command. -

    cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba -

  4. Whenever you want to merge in the latest code changes use - the following command from within the samba directory: -

    cvs update -d -P -

\ No newline at end of file diff --git a/docs/htmldocs/DOMAIN_MEMBER.html b/docs/htmldocs/DOMAIN_MEMBER.html deleted file mode 100644 index b7ef4c9a61..0000000000 --- a/docs/htmldocs/DOMAIN_MEMBER.html +++ /dev/null @@ -1,372 +0,0 @@ -security = domain in Samba 2.x

Joining an NT Domain with Samba 2.2

Assume you have a Samba 2.x server with a NetBIOS name of - SERV1 and are joining an NT domain called - DOM, which has a PDC with a NetBIOS name - of DOMPDC and two backup domain controllers - with NetBIOS names DOMBDC1 and DOMBDC2 - .

In order to join the domain, first stop all Samba daemons - and run the command:

root# smbpasswd -j DOM -r DOMPDC - -UAdministrator%password

as we are joining the domain DOM and the PDC for that domain - (the only machine that has write access to the domain SAM database) - is DOMPDC. The Administrator%password is - the login name and password for an account which has the necessary - privilege to add machines to the domain. If this is successful - you will see the message:

smbpasswd: Joined domain DOM. -

in your terminal window. See the smbpasswd(8) man page for more details.

There is existing development code to join a domain - without having to create the machine trust account on the PDC - beforehand. This code will hopefully be available soon - in release branches as well.

This command goes through the machine account password - change protocol, then writes the new (random) machine account - password for this Samba server into a file in the same directory - in which an smbpasswd file would be stored - normally :

/usr/local/samba/private

In Samba 2.0.x, the filename looks like this:

<NT DOMAIN NAME>.<Samba - Server Name>.mac

The .mac suffix stands for machine account - password file. So in our example above, the file would be called:

DOM.SERV1.mac

In Samba 2.2, this file has been replaced with a TDB - (Trivial Database) file named secrets.tdb. -

This file is created and owned by root and is not - readable by any other user. It is the key to the domain-level - security for your system, and should be treated as carefully - as a shadow password file.

Now, before restarting the Samba daemons you must - edit your smb.conf(5) - file to tell Samba it should now use domain security.

Change (or add) your security = line in the [global] section - of your smb.conf to read:

security = domain

Next change the workgroup = line in the [global] section to read:

workgroup = DOM

as this is the name of the domain we are joining.

You must also have the parameter encrypt passwords set to yes - in order for your users to authenticate to the NT PDC.

Finally, add (or modify) a password server = line in the [global] - section to read:

password server = DOMPDC DOMBDC1 DOMBDC2

These are the primary and backup domain controllers Samba - will attempt to contact in order to authenticate users. Samba will - try to contact each of these servers in order, so you may want to - rearrange this list in order to spread out the authentication load - among domain controllers.

Alternatively, if you want smbd to automatically determine - the list of Domain controllers to use for authentication, you may - set this line to be :

password server = *

This method, which was introduced in Samba 2.0.6, - allows Samba to use exactly the same mechanism that NT does. This - method either broadcasts or uses a WINS database in order to - find domain controllers to authenticate against.

Finally, restart your Samba daemons and get ready for - clients to begin using domain security!

Samba and Windows 2000 Domains

Many people have asked regarding the state of Samba's ability to participate in -a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows -2000 domain operating in mixed or native mode.

There is much confusion between the circumstances that require a "mixed" mode -Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode -Win2k domain controller is only needed if Windows NT BDCs must exist in the same -domain. By default, a Win2k DC in "native" mode will still support -NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and -NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server.

The steps for adding a Samba 2.2 host to a Win2k domain are the same as those -for adding a Samba server to a Windows NT 4.0 domain. The only exception is that -the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and -Computers" MMC (Microsoft Management Console) plugin.

Why is this better than security = server?

Currently, domain security in Samba doesn't free you from - having to create local Unix users to represent the users attaching - to your server. This means that if domain user DOM\fred - attaches to your domain security Samba server, there needs - to be a local Unix user fred to represent that user in the Unix - filesystem. This is very similar to the older Samba security mode - security = server, - where Samba would pass through the authentication request to a Windows - NT server in the same way as a Windows 95 or Windows 98 server would. -

Please refer to the Winbind - paper for information on a system to automatically - assign UNIX uids and gids to Windows NT Domain users and groups. - This code is available in development branches only at the moment, - but will be moved to release branches soon.

The advantage to domain-level security is that the - authentication in domain-level security is passed down the authenticated - RPC channel in exactly the same way that an NT server would do it. This - means Samba servers now participate in domain trust relationships in - exactly the same way NT servers do (i.e., you can add Samba servers into - a resource domain and have the authentication passed on from a resource - domain PDC to an account domain PDC.

In addition, with security = server every Samba - daemon on a server has to keep a connection open to the - authenticating server for as long as that daemon lasts. This can drain - the connection resources on a Microsoft NT server and cause it to run - out of available connections. With security = domain, - however, the Samba daemons connect to the PDC/BDC only for as long - as is necessary to authenticate the user, and then drop the connection, - thus conserving PDC connection resources.

And finally, acting in the same manner as an NT server - authenticating to a PDC means that as part of the authentication - reply, the Samba server gets the user identification information such - as the user SID, the list of NT groups the user belongs to, etc. All - this information will allow Samba to be extended in the future into - a mode the developers currently call appliance mode. In this mode, - no local Unix users will be necessary, and Samba will generate Unix - uids and gids from the information passed back from the PDC when a - user is authenticated, making a Samba server truly plug and play - in an NT domain environment. Watch for this code soon.

NOTE: Much of the text of this document - was first published in the Web magazine - LinuxWorld as the article Doing - the NIS/NT Samba.

\ No newline at end of file diff --git a/docs/htmldocs/Diagnosis.html b/docs/htmldocs/Diagnosis.html deleted file mode 100644 index 1944c37be9..0000000000 --- a/docs/htmldocs/Diagnosis.html +++ /dev/null @@ -1,548 +0,0 @@ -Diagnosing your samba server

Introduction

This file contains a list of tests you can perform to validate your -Samba server. It also tells you what the likely cause of the problem -is if it fails any one of these steps. If it passes all these tests -then it is probably working fine.

You should do ALL the tests, in the order shown. I have tried to -carefully choose them so later tests only use capabilities verified in -the earlier tests.

If you send me an email saying "it doesn't work" and you have not -followed this test procedure then you should not be surprised if I -ignore your email.

Assumptions

In all of the tests I assume you have a Samba server called BIGSERVER -and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the -PC is running windows for workgroups with a recent copy of the -microsoft tcp/ip stack. Alternatively, your PC may be running Windows -95 or Windows NT (Workstation or Server).

The procedure is similar for other types of clients.

I also assume you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf:


[tmp]
- comment = temporary files 
- path = /tmp
- read only = yes

THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS

Please pay attention to the error messages you receive. If any error message -reports that your server is being unfriendly you should first check that you -IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf -file points to name servers that really do exist.

Also, if you do not have DNS server access for name resolution please check -that the settings for your smb.conf file results in "dns proxy = no". The -best way to check this is with "testparm smb.conf"

Tests

Test 1

In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf -configuration file is faulty.

Note: Your smb.conf file may be located in: /etc - Or in: /usr/local/samba/lib

Test 2

Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from -the unix box. If you don't get a valid response then your TCP/IP -software is not correctly installed.

Note that you will need to start a "dos prompt" window on the PC to -run ping.

If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to -run samba without DNS entries for the server and client, but I assume -you do have correct entries for the remainder of these tests.

Another reason why ping might fail is if your host is running firewall -software. You will need to relax the rules to let in the workstation -in question, perhaps by allowing access from another subnet (on Linux -this is done via the ipfwadm program.)

Test 3

Run the command "smbclient -L BIGSERVER" on the unix box. You -should get a list of available shares back.

If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines.

If you get a "connection refused" response then the smbd server may -not be running. If you installed it in inetd.conf then you probably edited -that file incorrectly. If you installed it as a daemon then check that -it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a".

If you get a "session request failed" then the server refused the -connection. If it says "Your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" -and that the various directories where samba keeps its log and lock -files exist.

There are a number of reasons for which smbd may refuse or decline -a session request. The most common of these involve one or more of -the following smb.conf file entries:

	hosts deny = ALL
-	hosts allow = xxx.xxx.xxx.xxx/yy
-	bind interfaces only = Yes

In the above, no allowance has been made for any session requests that -will automatically translate to the loopback adaptor address 127.0.0.1. -To solve this problem change these lines to:

	hosts deny = ALL
-	hosts allow = xxx.xxx.xxx.xxx/yy 127.

Do NOT use the "bind interfaces only" parameter where you may wish to -use the samba password change facility, or where smbclient may need to -access local service for name resolution or for local resource -connections. (Note: the "bind interfaces only" parameter deficiency -where it will not allow connections to the loopback address will be -fixed soon).

Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration!

And yet another possible cause for failure of TEST 3 is when the subnet mask -and / or broadcast address settings are incorrect. Please check that the -network interface IP Address / Broadcast Address / Subnet Mask settings are -correct and that Samba has correctly noted these in the log.nmb file.

Test 4

Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the -IP address of your Samba server back.

If you don't then nmbd is incorrectly installed. Check your inetd.conf -if you run it from there, or that the daemon is running and listening -to udp port 137.

One common problem is that many inetd implementations can't take many -parameters on the command line. If this is the case then create a -one-line script that contains the right parameters and run that from -inetd.

Test 5

run the command nmblookup -B ACLIENT '*'

You should get the PCs IP address back. If you don't then the client -software on the PC isn't installed correctly, or isn't started, or you -got the name of the PC wrong.

If ACLIENT doesn't resolve via DNS then use the IP address of the -client in the above test.

Test 6

Run the command nmblookup -d 2 '*'

This time we are trying the same as the previous test but are trying -it via a broadcast to the default broadcast address. A number of -Netbios/TCPIP hosts on the network should respond, although Samba may -not catch all of the responses in the short time it listens. You -should see "got a positive name query response" messages from several -hosts.

If this doesn't give a similar result to the previous test then -nmblookup isn't correctly getting your broadcast address through its -automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP -address, broadcast and netmask.

If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs -subnet.

This test will probably fail if your subnet mask and broadcast address are -not correct. (Refer to TEST 3 notes above).

Test 7

Run the command smbclient //BIGSERVER/TMP. You should -then be prompted for a password. You should use the password of the account -you are logged into the unix box with. If you want to test with -another account then add the -U >accountname< option to the end of -the command line. eg: -smbclient //bigserver/tmp -Ujohndoe

Note: It is possible to specify the password along with the username -as follows: -smbclient //bigserver/tmp -Ujohndoe%secret

Once you enter the password you should get the "smb>" prompt. If you -don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf.

If it says "bad password" then the likely causes are:

  1. you have shadow passords (or some other password system) but didn't - compile in support for them in smbd -

  2. your "valid users" configuration is incorrect -

  3. you have a mixed case password and you haven't enabled the "password - level" option at a high enough level -

  4. the "path =" line in smb.conf is incorrect. Check it with testparm -

  5. you enabled password encryption but didn't create the SMB encrypted - password file -

Once connected you should be able to use the commands -dir get put etc. -Type help >command< for instructions. You should -especially check that the amount of free disk space shown is correct -when you type dir.

Test 8

On the PC type the command net view \\BIGSERVER. You will -need to do this from within a "dos prompt" window. You should get back a -list of available shares on the server.

If you get a "network name not found" or similar error then netbios -name resolution is not working. This is usually caused by a problem in -nmbd. To overcome it you could do one of the following (you only need -to choose one of them):

  1. fixup the nmbd installation

  2. add the IP address of BIGSERVER to the "wins server" box in the - advanced tcp/ip setup on the PC.

  3. enable windows name resolution via DNS in the advanced section of - the tcp/ip setup

  4. add BIGSERVER to your lmhosts file on the PC.

If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man -pages)

Also, do not overlook that fact that when the workstation requests the -connection to the samba server it will attempt to connect using the -name with which you logged onto your Windows machine. You need to make -sure that an account exists on your Samba server with that exact same -name and password.

If you get "specified computer is not receiving requests" or similar -it probably means that the host is not contactable via tcp services. -Check to see if the host is running tcp wrappers, and if so add an entry in -the hosts.allow file for your client (or subnet, etc.)

Test 9

Run the command net use x: \\BIGSERVER\TMP. You should -be prompted for a password then you should get a "command completed -successfully" message. If not then your PC software is incorrectly -installed or your smb.conf is incorrect. make sure your "hosts allow" -and other config lines in smb.conf are correct.

It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the -username corresponding to the password you typed. If you find this -fixes things you may need the username mapping option.

Test 10

Run the command nmblookup -M TESTGROUP where -TESTGROUP is the name of the workgroup that your Samba server and -Windows PCs belong to. You should get back the IP address of the -master browser for that workgroup.

If you don't then the election process has failed. Wait a minute to -see if it is just being slow then try again. If it still fails after -that then look at the browsing options you have set in smb.conf. Make -sure you have preferred master = yes to ensure that -an election is held at startup.

Test 11

From file manager try to browse the server. Your samba server should -appear in the browse list of your local workgroup (or the one you -specified in smb.conf). You should be able to double click on the name -of the server and get a list of shares. If you get a "invalid -password" error when you do then you are probably running WinNT and it -is refusing to browse a server that has no encrypted password -capability and is in user level security mode. In this case either set -security = server AND -password server = Windows_NT_Machine in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile).

Still having troubles?

Try the mailing list or newsgroup, or use the ethereal utility to -sniff the problem. The official samba mailing list can be reached at -samba@samba.org. To find -out more about samba and how to subscribe to the mailing list check -out the samba web page at -http://samba.org/samba

Also look at the other docs in the Samba package!

\ No newline at end of file diff --git a/docs/htmldocs/Integrating-with-Windows.html b/docs/htmldocs/Integrating-with-Windows.html deleted file mode 100644 index fd2bd7fdaf..0000000000 --- a/docs/htmldocs/Integrating-with-Windows.html +++ /dev/null @@ -1,1072 +0,0 @@ -Integrating MS Windows networks with Samba

Agenda

To identify the key functional mechanisms of MS Windows networking -to enable the deployment of Samba as a means of extending and/or -replacing MS Windows NT/2000 technology.

We will examine:

  1. Name resolution in a pure Unix/Linux TCP/IP - environment -

  2. Name resolution as used within MS Windows - networking -

  3. How browsing functions and how to deploy stable - and dependable browsing using Samba -

  4. MS Windows security options and how to - configure Samba for seemless integration -

  5. Configuration of Samba as:

    1. A stand-alone server

    2. An MS Windows NT 3.x/4.0 security domain member -

    3. An alternative to an MS Windows NT 3.x/4.0 Domain Controller -

Name Resolution in a pure Unix/Linux world

The key configuration files covered in this section are:

  • /etc/hosts

  • /etc/resolv.conf

  • /etc/host.conf

  • /etc/nsswitch.conf

/etc/hosts

Contains a static list of IP Addresses and names. -eg:

	127.0.0.1	localhost localhost.localdomain
-	192.168.1.1	bigbox.caldera.com	bigbox	alias4box

The purpose of /etc/hosts is to provide a -name resolution mechanism so that uses do not need to remember -IP addresses.

Network packets that are sent over the physical network transport -layer communicate not via IP addresses but rather using the Media -Access Control address, or MAC address. IP Addresses are currently -32 bits in length and are typically presented as four (4) decimal -numbers that are separated by a dot (or period). eg: 168.192.1.1

MAC Addresses use 48 bits (or 6 bytes) and are typically represented -as two digit hexadecimal numbers separated by colons. eg: -40:8e:0a:12:34:56

Every network interfrace must have an MAC address. Associated with -a MAC address there may be one or more IP addresses. There is NO -relationship between an IP address and a MAC address, all such assignments -are arbitary or discretionary in nature. At the most basic level all -network communications takes place using MAC addressing. Since MAC -addresses must be globally unique, and generally remains fixed for -any particular interface, the assignment of an IP address makes sense -from a network management perspective. More than one IP address can -be assigned per MAC address. One address must be the primary IP address, -this is the address that will be returned in the ARP reply.

When a user or a process wants to communicate with another machine -the protocol implementation ensures that the "machine name" or "host -name" is resolved to an IP address in a manner that is controlled -by the TCP/IP configuration control files. The file -/etc/hosts is one such file.

When the IP address of the destination interface has been -determined a protocol called ARP/RARP is used to identify -the MAC address of the target interface. ARP stands for Address -Resolution Protocol, and is a broadcast oriented method that -uses UDP (User Datagram Protocol) to send a request to all -interfaces on the local network segment using the all 1's MAC -address. Network interfaces are programmed to respond to two -MAC addresses only; their own unique address and the address -ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will -contain the MAC address and the primary IP address for each -interface.

The /etc/hosts file is foundational to all -Unix/Linux TCP/IP installations and as a minumum will contain -the localhost and local network interface IP addresses and the -primary names by which they are known within the local machine. -This file helps to prime the pump so that a basic level of name -resolution can exist before any other method of name resolution -becomes available.

/etc/resolv.conf

This file tells the name resolution libraries:

  • The name of the domain to which the machine - belongs -

  • The name(s) of any domains that should be - automatically searched when trying to resolve unqualified - host names to their IP address -

  • The name or IP address of available Domain - Name Servers that may be asked to perform name to address - translation lookups -

/etc/host.conf

/etc/host.conf is the primary means by -which the setting in /etc/resolv.conf may be affected. It is a -critical configuration file. This file controls the order by -which name resolution may procede. The typical structure is:

	order hosts,bind
-	multi on

then both addresses should be returned. Please refer to the -man page for host.conf for further details.

/etc/nsswitch.conf

This file controls the actual name resolution targets. The -file typically has resolver object specifications as follows:

	# /etc/nsswitch.conf
-	#
-	# Name Service Switch configuration file.
-	#
-
-	passwd:		compat
-	# Alternative entries for password authentication are:
-	# passwd:	compat files nis ldap winbind
-	shadow:		compat
-	group:		compat
-
-	hosts:		files nis dns
-	# Alternative entries for host name resolution are:
-	# hosts:	files dns nis nis+ hesoid db compat ldap wins
-	networks:	nis files dns
-
-	ethers:		nis files
-	protocols:	nis files
-	rpc:		nis files
-	services:	nis files

Of course, each of these mechanisms requires that the appropriate -facilities and/or services are correctly configured.

It should be noted that unless a network request/message must be -sent, TCP/IP networks are silent. All TCP/IP communications assumes a -principal of speaking only when necessary.

Samba version 2.2.0 will add Linux support for extensions to -the name service switch infrastructure so that linux clients will -be able to obtain resolution of MS Windows NetBIOS names to IP -Addresses. To gain this functionality Samba needs to be compiled -with appropriate arguments to the make command (ie: make -nsswitch/libnss_wins.so). The resulting library should -then be installed in the /lib directory and -the "wins" parameter needs to be added to the "hosts:" line in -the /etc/nsswitch.conf file. At this point it -will be possible to ping any MS Windows machine by it's NetBIOS -machine name, so long as that machine is within the workgroup to -which both the samba machine and the MS Windows machine belong.

Name resolution as used within MS Windows networking

MS Windows networking is predicated about the name each machine -is given. This name is known variously (and inconsistently) as -the "computer name", "machine name", "networking name", "netbios name", -"SMB name". All terms mean the same thing with the exception of -"netbios name" which can apply also to the name of the workgroup or the -domain name. The terms "workgroup" and "domain" are really just a -simply name with which the machine is associated. All NetBIOS names -are exactly 16 characters in length. The 16th character is reserved. -It is used to store a one byte value that indicates service level -information for the NetBIOS name that is registered. A NetBIOS machine -name is therefore registered for each service type that is provided by -the client/server.

The following are typical NetBIOS name/service type registrations:

	Unique NetBIOS Names:
-		MACHINENAME<00>	= Server Service is running on MACHINENAME
-		MACHINENAME<03> = Generic Machine Name (NetBIOS name)
-		MACHINENAME<20> = LanMan Server service is running on MACHINENAME
-		WORKGROUP<1b> = Domain Master Browser
-
-	Group Names:
-		WORKGROUP<03> = Generic Name registered by all members of WORKGROUP
-		WORKGROUP<1c> = Domain Controllers / Netlogon Servers
-		WORKGROUP<1d> = Local Master Browsers
-		WORKGROUP<1e> = Internet Name Resolvers

It should be noted that all NetBIOS machines register their own -names as per the above. This is in vast contrast to TCP/IP -installations where traditionally the system administrator will -determine in the /etc/hosts or in the DNS database what names -are associated with each IP address.

One further point of clarification should be noted, the /etc/hosts -file and the DNS records do not provide the NetBIOS name type information -that MS Windows clients depend on to locate the type of service that may -be needed. An example of this is what happens when an MS Windows client -wants to locate a domain logon server. It find this service and the IP -address of a server that provides it by performing a lookup (via a -NetBIOS broadcast) for enumeration of all machines that have -registered the name type *<1c>. A logon request is then sent to each -IP address that is returned in the enumerated list of IP addresses. Which -ever machine first replies then ends up providing the logon services.

The name "workgroup" or "domain" really can be confusing since these -have the added significance of indicating what is the security -architecture of the MS Windows network. The term "workgroup" indicates -that the primary nature of the network environment is that of a -peer-to-peer design. In a WORKGROUP all machines are responsible for -their own security, and generally such security is limited to use of -just a password (known as SHARE MODE security). In most situations -with peer-to-peer networking the users who control their own machines -will simply opt to have no security at all. It is possible to have -USER MODE security in a WORKGROUP environment, thus requiring use -of a user name and a matching password.

MS Windows networking is thus predetermined to use machine names -for all local and remote machine message passing. The protocol used is -called Server Message Block (SMB) and this is implemented using -the NetBIOS protocol (Network Basic Input Output System). NetBIOS can -be encapsulated using LLC (Logical Link Control) protocol - in which case -the resulting protocol is called NetBEUI (Network Basic Extended User -Interface). NetBIOS can also be run over IPX (Internetworking Packet -Exchange) protocol as used by Novell NetWare, and it can be run -over TCP/IP protocols - in which case the resulting protocol is called -NBT or NetBT, the NetBIOS over TCP/IP.

MS Windows machines use a complex array of name resolution mechanisms. -Since we are primarily concerned with TCP/IP this demonstration is -limited to this area.

The NetBIOS Name Cache

All MS Windows machines employ an in memory buffer in which is -stored the NetBIOS names and IP addresses for all external -machines that that machine has communicated with over the -past 10-15 minutes. It is more efficient to obtain an IP address -for a machine from the local cache than it is to go through all the -configured name resolution mechanisms.

If a machine whose name is in the local name cache has been shut -down before the name had been expired and flushed from the cache, then -an attempt to exchange a message with that machine will be subject -to time-out delays. i.e.: Its name is in the cache, so a name resolution -lookup will succeed, but the machine can not respond. This can be -frustrating for users - but it is a characteristic of the protocol.

The MS Windows utility that allows examination of the NetBIOS -name cache is called "nbtstat". The Samba equivalent of this -is called "nmblookup".

The LMHOSTS file

This file is usually located in MS Windows NT 4.0 or -2000 in C:\WINNT\SYSTEM32\DRIVERS\ETC and contains -the IP Address and the machine name in matched pairs. The -LMHOSTS file performs NetBIOS name -to IP address mapping oriented.

It typically looks like:

	# Copyright (c) 1998 Microsoft Corp.
-	#
-	# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
-	# over TCP/IP) stack for Windows98
-	#
-	# This file contains the mappings of IP addresses to NT computernames
-	# (NetBIOS) names.  Each entry should be kept on an individual line.
-	# The IP address should be placed in the first column followed by the
-	# corresponding computername. The address and the comptername
-	# should be separated by at least one space or tab. The "#" character
-	# is generally used to denote the start of a comment (see the exceptions
-	# below).
-	#
-	# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
-	# files and offers the following extensions:
-	#
-	#      #PRE
-	#      #DOM:<domain>
-	#      #INCLUDE <filename>
-	#      #BEGIN_ALTERNATE
-	#      #END_ALTERNATE
-	#      \0xnn (non-printing character support)
-	#
-	# Following any entry in the file with the characters "#PRE" will cause
-	# the entry to be preloaded into the name cache. By default, entries are
-	# not preloaded, but are parsed only after dynamic name resolution fails.
-	#
-	# Following an entry with the "#DOM:<domain>" tag will associate the
-	# entry with the domain specified by <domain>. This affects how the
-	# browser and logon services behave in TCP/IP environments. To preload
-	# the host name associated with #DOM entry, it is necessary to also add a
-	# #PRE to the line. The <domain> is always preloaded although it will not
-	# be shown when the name cache is viewed.
-	#
-	# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
-	# software to seek the specified <filename> and parse it as if it were
-	# local. <filename> is generally a UNC-based name, allowing a
-	# centralized lmhosts file to be maintained on a server.
-	# It is ALWAYS necessary to provide a mapping for the IP address of the
-	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
-	# In addtion the share "public" in the example below must be in the
-	# LanManServer list of "NullSessionShares" in order for client machines to
-	# be able to read the lmhosts file successfully. This key is under
-	# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
-	# in the registry. Simply add "public" to the list found there.
-	#
-	# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
-	# statements to be grouped together. Any single successful include
-	# will cause the group to succeed.
-	#
-	# Finally, non-printing characters can be embedded in mappings by
-	# first surrounding the NetBIOS name in quotations, then using the
-	# \0xnn notation to specify a hex value for a non-printing character.
-	#
-	# The following example illustrates all of these extensions:
-	#
-	# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
-	# 102.54.94.102    "appname  \0x14"                    #special app server
-	# 102.54.94.123    popular            #PRE             #source server
-	# 102.54.94.117    localsrv           #PRE             #needed for the include
-	#
-	# #BEGIN_ALTERNATE
-	# #INCLUDE \\localsrv\public\lmhosts
-	# #INCLUDE \\rhino\public\lmhosts
-	# #END_ALTERNATE
-	#
-	# In the above example, the "appname" server contains a special
-	# character in its name, the "popular" and "localsrv" server names are
-	# preloaded, and the "rhino" server name is specified so it can be used
-	# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
-	# system is unavailable.
-	#
-	# Note that the whole file is parsed including comments on each lookup,
-	# so keeping the number of comments to a minimum will improve performance.
-	# Therefore it is not advisable to simply add lmhosts file entries onto the
-	# end of this file.

HOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in -C:\WINNT\SYSTEM32\DRIVERS\ETC and contains -the IP Address and the IP hostname in matched pairs. It can be -used by the name resolution infrastructure in MS Windows, depending -on how the TCP/IP environment is configured. This file is in -every way the equivalent of the Unix/Linux /etc/hosts file.

DNS Lookup

This capability is configured in the TCP/IP setup area in the network -configuration facility. If enabled an elaborate name resolution sequence -is followed the precise nature of which isdependant on what the NetBIOS -Node Type parameter is configured to. A Node Type of 0 means use -NetBIOS broadcast (over UDP broadcast) is first used if the name -that is the subject of a name lookup is not found in the NetBIOS name -cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to -Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the -WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast -lookup is used.

WINS Lookup

A WINS (Windows Internet Name Server) service is the equivaent of the -rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores -the names and IP addresses that are registered by a Windows client -if the TCP/IP setup has been given at least one WINS Server IP Address.

To configure Samba to be a WINS server the following parameter needs -to be added to the smb.conf file:

	wins support = Yes

To configure Samba to use a WINS server the following parameters are -needed in the smb.conf file:

	wins support = No
-	wins server = xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the IP address -of the WINS server.

How browsing functions and how to deploy stable and -dependable browsing using Samba

As stated above, MS Windows machines register their NetBIOS names -(i.e.: the machine name for each service type in operation) on start -up. Also, as stated above, the exact method by which this name registration -takes place is determined by whether or not the MS Windows client/server -has been given a WINS server address, whether or not LMHOSTS lookup -is enabled, or if DNS for NetBIOS name resolution is enabled, etc.

In the case where there is no WINS server all name registrations as -well as name lookups are done by UDP broadcast. This isolates name -resolution to the local subnet, unless LMHOSTS is used to list all -names and IP addresses. In such situations Samba provides a means by -which the samba server name may be forcibly injected into the browse -list of a remote MS Windows network (using the "remote announce" parameter).

Where a WINS server is used, the MS Windows client will use UDP -unicast to register with the WINS server. Such packets can be routed -and thus WINS allows name resolution to function across routed networks.

During the startup process an election will take place to create a -local master browser if one does not already exist. On each NetBIOS network -one machine will be elected to function as the domain master browser. This -domain browsing has nothing to do with MS security domain control. -Instead, the domain master browser serves the role of contacting each local -master browser (found by asking WINS or from LMHOSTS) and exchanging browse -list contents. This way every master browser will eventually obtain a complete -list of all machines that are on the network. Every 11-15 minutes an election -is held to determine which machine will be the master browser. By the nature of -the election criteria used, the machine with the highest uptime, or the -most senior protocol version, or other criteria, will win the election -as domain master browser.

Clients wishing to browse the network make use of this list, but also depend -on the availability of correct name resolution to the respective IP -address/addresses.

Any configuration that breaks name resolution and/or browsing intrinsics -will annoy users because they will have to put up with protracted -inability to use the network services.

Samba supports a feature that allows forced synchonisation -of browse lists across routed networks using the "remote -browse sync" parameter in the smb.conf file. This causes Samba -to contact the local master browser on a remote network and -to request browse list synchronisation. This effectively bridges -two networks that are separated by routers. The two remote -networks may use either broadcast based name resolution or WINS -based name resolution, but it should be noted that the "remote -browse sync" parameter provides browse list synchronisation - and -that is distinct from name to address resolution, in other -words, for cross subnet browsing to function correctly it is -essential that a name to address resolution mechanism be provided. -This mechanism could be via DNS, /etc/hosts, -and so on.

MS Windows security options and how to configure -Samba for seemless integration

MS Windows clients may use encrypted passwords as part of a -challenege/response authentication model (a.k.a. NTLMv1) or -alone, or clear text strings for simple password based -authentication. It should be realized that with the SMB -protocol the password is passed over the network either -in plain text or encrypted, but not both in the same -authentication requets.

When encrypted passwords are used a password that has been -entered by the user is encrypted in two ways:

  • An MD4 hash of the UNICODE of the password - string. This is known as the NT hash. -

  • The password is converted to upper case, - and then padded or trucated to 14 bytes. This string is - then appended with 5 bytes of NULL characters and split to - form two 56 bit DES keys to encrypt a "magic" 8 byte value. - The resulting 16 bytes for the LanMan hash. -

You should refer to the Password Encryption chapter in this HOWTO collection -for more details on the inner workings

MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x -and version 4.0 pre-service pack 3 will use either mode of -password authentication. All versions of MS Windows that follow -these versions no longer support plain text passwords by default.

MS Windows clients have a habit of dropping network mappings that -have been idle for 10 minutes or longer. When the user attempts to -use the mapped drive connection that has been dropped, the client -re-establishes the connection using -a cached copy of the password.

When Microsoft changed the default password mode, they dropped support for -caching of the plain text password. This means that when the registry -parameter is changed to re-enable use of plain text passwords it appears to -work, but when a dropped mapping attempts to revalidate it will fail if -the remote authentication server does not support encrypted passwords. -This means that it is definitely not a good idea to re-enable plain text -password support in such clients.

The following parameters can be used to work around the -issue of Windows 9x client upper casing usernames and -password before transmitting them to the SMB server -when using clear text authentication.

	passsword level = integer
-	username level = integer

By default Samba will lower case the username before attempting -to lookup the user in the database of local system accounts. -Because UNIX usernames conventionally only contain lower case -character, the username level parameter -is rarely even needed.

However, password on UNIX systems often make use of mixed case -characters. This means that in order for a user on a Windows 9x -client to connect to a Samba server using clear text authentication, -the password level must be set to the maximum -number of upper case letter which could appear -is a password. Note that is the server OS uses the traditional -DES version of crypt(), then a password level -of 8 will result in case insensitive passwords as seen from Windows -users. This will also result in longer login times as Samba -hash to compute the permutations of the password string and -try them one by one until a match is located (or all combinations fail).

The best option to adopt is to enable support for encrypted passwords -where ever Samba is used. There are three configuration possibilities -for support of encrypted passwords:

Use MS Windows NT as an authentication server

This method involves the additions of the following parameters -in the smb.conf file:

	encrypt passwords = Yes
-	security = server
-	password server = "NetBIOS_name_of_PDC"

There are two ways of identifying whether or not a username and -password pair was valid or not. One uses the reply information provided -as part of the authentication messaging process, the other uses -just and error code.

The down-side of this mode of configuration is the fact that -for security reasons Samba will send the password server a bogus -username and a bogus password and if the remote server fails to -reject the username and password pair then an alternative mode -of identification of validation is used. Where a site uses password -lock out after a certain number of failed authentication attempts -this will result in user lockouts.

Use of this mode of authentication does require there to be -a standard Unix account for the user, this account can be blocked -to prevent logons by other than MS Windows clients.

Make Samba a member of an MS Windows NT security domain

This method involves additon of the following paramters in the smb.conf file:

	encrypt passwords = Yes
-	security = domain
-	workgroup = "name of NT domain"
-	password server = *

The use of the "*" argument to "password server" will cause samba -to locate the domain controller in a way analogous to the way -this is done within MS Windows NT.

In order for this method to work the Samba server needs to join the -MS Windows NT security domain. This is done as follows:

  • On the MS Windows NT domain controller using - the Server Manager add a machine account for the Samba server. -

  • Next, on the Linux system execute: - smbpasswd -r PDC_NAME -j DOMAIN_NAME -

Use of this mode of authentication does require there to be -a standard Unix account for the user in order to assign -a uid once the account has been authenticated by the remote -Windows DC. This account can be blocked to prevent logons by -other than MS Windows clients by things such as setting an invalid -shell in the /etc/passwd entry.

An alternative to assigning UIDs to Windows users on a -Samba member server is presented in the Winbind Overview chapter in -this HOWTO collection.

Configure Samba as an authentication server

This mode of authentication demands that there be on the -Unix/Linux system both a Unix style account as well as an -smbpasswd entry for the user. The Unix system account can be -locked if required as only the encrypted password will be -used for SMB client authentication.

This method involves addition of the following parameters to -the smb.conf file:

## please refer to the Samba PDC HOWTO chapter later in 
-## this collection for more details
-[global]
-	encrypt passwords = Yes
-	security = user
-	domain logons = Yes
-	; an OS level of 33 or more is recommended
-	os level = 33
-
-[NETLOGON]
-	path = /somewhare/in/file/system
-	read only = yes

in order for this method to work a Unix system account needs -to be created for each user, as well as for each MS Windows NT/2000 -machine. The following structure is required.

Users

A user account that may provide a home directory should be -created. The following Linux system commands are typical of -the procedure for creating an account.

	# useradd -s /bin/bash -d /home/"userid" -m "userid"
-	# passwd "userid"
-	  Enter Password: <pw>
-	  
-	# smbpasswd -a "userid"
-	  Enter Password: <pw>

MS Windows NT Machine Accounts

These are required only when Samba is used as a domain -controller. Refer to the Samba-PDC-HOWTO for more details.

	# useradd -s /bin/false -d /dev/null "machine_name"\$
-	# passwd -l "machine_name"\$
-	# smbpasswd -a -m "machine_name"

Conclusions

Samba provides a flexible means to operate as...

  • A Stand-alone server - No special action is needed - other than to create user accounts. Stand-alone servers do NOT - provide network logon services, meaning that machines that use this - server do NOT perform a domain logon but instead make use only of - the MS Windows logon which is local to the MS Windows - workstation/server. -

  • An MS Windows NT 3.x/4.0 security domain member. -

  • An alternative to an MS Windows NT 3.x/4.0 - Domain Controller. -

\ No newline at end of file diff --git a/docs/htmldocs/OS2-Client-HOWTO.html b/docs/htmldocs/OS2-Client-HOWTO.html deleted file mode 100644 index 90f62306e8..0000000000 --- a/docs/htmldocs/OS2-Client-HOWTO.html +++ /dev/null @@ -1,210 +0,0 @@ -OS2 Client HOWTO

FAQs

How can I configure OS/2 Warp Connect or - OS/2 Warp 4 as a client for Samba?

A more complete answer to this question can be - found on http://carol.wins.uva.nl/~leeuw/samba/warp.html.

Basically, you need three components:

  • The File and Print Client ('IBM Peer') -

  • TCP/IP ('Internet support') -

  • The "NetBIOS over TCP/IP" driver ('TCPBEUI') -

Installing the first two together with the base operating - system on a blank system is explained in the Warp manual. If Warp - has already been installed, but you now want to install the - networking support, use the "Selective Install for Networking" - object in the "System Setup" folder.

Adding the "NetBIOS over TCP/IP" driver is not described - in the manual and just barely in the online documentation. Start - MPTS.EXE, click on OK, click on "Configure LAPS" and click - on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line - is then moved to 'Current Configuration'. Select that line, - click on "Change number" and increase it from 0 to 1. Save this - configuration.

If the Samba server(s) is not on your local subnet, you - can optionally add IP names and addresses of these servers - to the "Names List", or specify a WINS server ('NetBIOS - Nameserver' in IBM and RFC terminology). For Warp Connect you - may need to download an update for 'IBM Peer' to bring it on - the same level as Warp 4. See the webpage mentioned above.

How can I configure OS/2 Warp 3 (not Connect), - OS/2 1.2, 1.3 or 2.x for Samba?

You can use the free Microsoft LAN Manager 2.2c Client - for OS/2 from - ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/. - See http://carol.wins.uva.nl/~leeuw/lanman.html for - more information on how to install and use this client. In - a nutshell, edit the file \OS2VER in the root directory of - the OS/2 boot partition and add the lines:

		20=setup.exe
-		20=netwksta.sys
-		20=netvdd.sys
-

before you install the client. Also, don't use the - included NE2000 driver because it is buggy. Try the NE2000 - or NS2000 driver from - ftp://ftp.cdrom.com/pub/os2/network/ndis/ instead. -

Are there any other issues when OS/2 (any version) - is used as a client?

When you do a NET VIEW or use the "File and Print - Client Resource Browser", no Samba servers show up. This can - be fixed by a patch from http://carol.wins.uva.nl/~leeuw/samba/fix.html. - The patch will be included in a later version of Samba. It also - fixes a couple of other problems, such as preserving long - filenames when objects are dragged from the Workplace Shell - to the Samba server.

How do I get printer driver download working - for OS/2 clients?

First, create a share called [PRINTDRV] that is - world-readable. Copy your OS/2 driver files there. Note - that the .EA_ files must still be separate, so you will need - to use the original install files, and not copy an installed - driver from an OS/2 system.

Install the NT driver first for that printer. Then, - add to your smb.conf a parameter, "os2 driver map = - filename". Then, in the file - specified by filename, map the - name of the NT driver name to the OS/2 driver name as - follows:

<nt driver name> = <os2 driver - name>.<device name>, e.g.: - HP LaserJet 5L = LASERJET.HP LaserJet 5L

You can have multiple drivers mapped in this file.

If you only specify the OS/2 driver name, and not the - device name, the first attempt to download the driver will - actually download the files, but the OS/2 client will tell - you the driver is not available. On the second attempt, it - will work. This is fixed simply by adding the device name - to the mapping, after which it will work on the first attempt. -

\ No newline at end of file diff --git a/docs/htmldocs/PAM-Authentication-And-Samba.html b/docs/htmldocs/PAM-Authentication-And-Samba.html deleted file mode 100644 index 6dc815b87b..0000000000 --- a/docs/htmldocs/PAM-Authentication-And-Samba.html +++ /dev/null @@ -1,318 +0,0 @@ -Configuring PAM for distributed but centrally -managed authentication

Samba and PAM

A number of Unix systems (eg: Sun Solaris), as well as the -xxxxBSD family and Linux, now utilize the Pluggable Authentication -Modules (PAM) facility to provide all authentication, -authorization and resource control services. Prior to the -introduction of PAM, a decision to use an alternative to -the system password database (/etc/passwd) -would require the provision of alternatives for all programs that provide -security services. Such a choice would involve provision of -alternatives to such programs as: login, -passwd, chown, etc.

PAM provides a mechanism that disconnects these security programs -from the underlying authentication/authorization infrastructure. -PAM is configured either through one file /etc/pam.conf (Solaris), -or by editing individual files that are located in /etc/pam.d.

The following is an example /etc/pam.d/login configuration file. -This example had all options been uncommented is probably not usable -as it stacks many conditions before allowing successful completion -of the login process. Essentially all conditions can be disabled -by commenting them out except the calls to pam_pwdb.so.

#%PAM-1.0
-# The PAM configuration file for the `login' service
-#
-auth 		required	pam_securetty.so
-auth 		required	pam_nologin.so
-# auth 		required	pam_dialup.so
-# auth 		optional	pam_mail.so
-auth		required	pam_pwdb.so shadow md5
-# account    	requisite  	pam_time.so
-account		required	pam_pwdb.so
-session		required	pam_pwdb.so
-# session 	optional	pam_lastlog.so
-# password   	required   	pam_cracklib.so retry=3
-password	required	pam_pwdb.so shadow md5

PAM allows use of replacable modules. Those available on a -sample system include:

$ /bin/ls /lib/security
-pam_access.so    pam_ftp.so          pam_limits.so     
-pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
-pam_cracklib.so  pam_group.so        pam_listfile.so   
-pam_nologin.so   pam_rootok.so       pam_tally.so      
-pam_deny.so      pam_issue.so        pam_mail.so       
-pam_permit.so    pam_securetty.so    pam_time.so       
-pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
-pam_pwdb.so      pam_shells.so       pam_unix.so       
-pam_env.so       pam_ldap.so         pam_motd.so       
-pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
-pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
-pam_userdb.so    pam_warn.so         pam_unix_session.so

The following example for the login program replaces the use of -the pam_pwdb.so module which uses the system -password database (/etc/passwd, -/etc/shadow, /etc/group) with -the module pam_smbpass.so which uses the Samba -database which contains the Microsoft MD4 encrypted password -hashes. This database is stored in either -/usr/local/samba/private/smbpasswd, -/etc/samba/smbpasswd, or in -/etc/samba.d/smbpasswd, depending on the -Samba implementation for your Unix/Linux system. The -pam_smbpass.so module is provided by -Samba version 2.2.1 or later. It can be compiled by specifying the ---with-pam_smbpass options when running Samba's -configure script. For more information -on the pam_smbpass module, see the documentation -in the source/pam_smbpass directory of the Samba -source distribution.

#%PAM-1.0
-# The PAM configuration file for the `login' service
-#
-auth		required	pam_smbpass.so nodelay
-account		required	pam_smbpass.so nodelay
-session		required	pam_smbpass.so nodelay
-password	required	pam_smbpass.so nodelay

The following is the PAM configuration file for a particular -Linux system. The default condition uses pam_pwdb.so.

#%PAM-1.0
-# The PAM configuration file for the `samba' service
-#
-auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
-account    required     /lib/security/pam_pwdb.so audit nodelay
-session    required     /lib/security/pam_pwdb.so nodelay
-password   required     /lib/security/pam_pwdb.so shadow md5

In the following example the decision has been made to use the -smbpasswd database even for basic samba authentication. Such a -decision could also be made for the passwd program and would -thus allow the smbpasswd passwords to be changed using the passwd -program.

#%PAM-1.0
-# The PAM configuration file for the `samba' service
-#
-auth       required     /lib/security/pam_smbpass.so nodelay
-account    required     /lib/security/pam_pwdb.so audit nodelay
-session    required     /lib/security/pam_pwdb.so nodelay
-password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf

Note: PAM allows stacking of authentication mechanisms. It is -also possible to pass information obtained within on PAM module through -to the next module in the PAM stack. Please refer to the documentation for -your particular system implementation for details regarding the specific -capabilities of PAM in this environment. Some Linux implmentations also -provide the pam_stack.so module that allows all -authentication to be configured in a single central file. The -pam_stack.so method has some very devoted followers -on the basis that it allows for easier administration. As with all issues in -life though, every decision makes trade-offs, so you may want examine the -PAM documentation for further helpful information.

Distributed Authentication

The astute administrator will realize from this that the -combination of pam_smbpass.so, -winbindd, and rsync (see -http://rsync.samba.org/) -will allow the establishment of a centrally managed, distributed -user/password database that can also be used by all -PAM (eg: Linux) aware programs and applications. This arrangement -can have particularly potent advantages compared with the -use of Microsoft Active Directory Service (ADS) in so far as -reduction of wide area network authentication traffic.

PAM Configuration in smb.conf

There is an option in smb.conf called obey pam restrictions. -The following is from the on-line help for this option in SWAT;

When Samba 2.2 is configure to enable PAM support (i.e. ---with-pam), this parameter will -control whether or not Samba should obey PAM's account -and session management directives. The default behavior -is to use PAM for clear text authentication only and to -ignore any account or session management. Note that Samba always -ignores PAM for authentication in the case of -encrypt passwords = yes. -The reason is that PAM modules cannot support the challenge/response -authentication mechanism needed in the presence of SMB -password encryption.

Default: obey pam restrictions = no

\ No newline at end of file diff --git a/docs/htmldocs/Printing.html b/docs/htmldocs/Printing.html deleted file mode 100644 index 6c8b196240..0000000000 --- a/docs/htmldocs/Printing.html +++ /dev/null @@ -1,408 +0,0 @@ -Debugging Printing Problems

Introduction

This is a short description of how to debug printing problems with -Samba. This describes how to debug problems with printing from a SMB -client to a Samba server, not the other way around. For the reverse -see the examples/printing directory.

Ok, so you want to print to a Samba server from your PC. The first -thing you need to understand is that Samba does not actually do any -printing itself, it just acts as a middleman between your PC client -and your Unix printing subsystem. Samba receives the file from the PC -then passes the file to a external "print command". What print command -you use is up to you.

The whole things is controlled using options in smb.conf. The most -relevant options (which you should look up in the smb.conf man page) -are:

      [global]
-        print command     - send a file to a spooler
-        lpq command       - get spool queue status
-        lprm command      - remove a job
-      [printers]
-        path = /var/spool/lpd/samba

The following are nice to know about:

        queuepause command   - stop a printer or print queue
-        queueresume command  - start a printer or print queue

Example:

        print command = /usr/bin/lpr -r -P%p %s
-        lpq command   = /usr/bin/lpq    -P%p %s
-        lprm command  = /usr/bin/lprm   -P%p %j
-        queuepause command = /usr/sbin/lpc -P%p stop
-        queuepause command = /usr/sbin/lpc -P%p start

Samba should set reasonable defaults for these depending on your -system type, but it isn't clairvoyant. It is not uncommon that you -have to tweak these for local conditions. The commands should -always have fully specified pathnames, as the smdb may not have -the correct PATH values.

When you send a job to Samba to be printed, it will make a temporary -copy of it in the directory specified in the [printers] section. -and it should be periodically cleaned out. The lpr -r option -requests that the temporary copy be removed after printing; If -printing fails then you might find leftover files in this directory, -and it should be periodically cleaned out. Samba used the lpq -command to determine the "job number" assigned to your print job -by the spooler.

The %>letter< are "macros" that get dynamically replaced with appropriate -values when they are used. The %s gets replaced with the name of the spool -file that Samba creates and the %p gets replaced with the name of the -printer. The %j gets replaced with the "job number" which comes from -the lpq output.

Debugging printer problems

One way to debug printing problems is to start by replacing these -command with shell scripts that record the arguments and the contents -of the print file. A simple example of this kind of things might -be:

	print command = /tmp/saveprint %p %s
-
-    #!/bin/saveprint
-    # we make sure that we are the right user
-    /usr/bin/id -p >/tmp/tmp.print
-    # we run the command and save the error messages
-    # replace the command with the one appropriate for your system
-    /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print

Then you print a file and try removing it. You may find that the -print queue needs to be stopped in order to see the queue status -and remove the job:


h4: {42} % echo hi >/tmp/hi
-h4: {43} % smbclient //localhost/lw4
-added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0
-Password: 
-Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7]
-smb: \> print /tmp/hi
-putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s)
-smb: \> queue
-1049     3            hi-17534
-smb: \> cancel 1049
-Error cancelling job 1049 : code 0
-smb: \> cancel 1049
-Job 1049 cancelled
-smb: \> queue
-smb: \> exit

The 'code 0' indicates that the job was removed. The comment -by the smbclient is a bit misleading on this. -You can observe the command output and then and look at the -/tmp/tmp.print file to see what the results are. You can quickly -find out if the problem is with your printing system. Often people -have problems with their /etc/printcap file or permissions on -various print queues.

What printers do I have?

You can use the 'testprns' program to check to see if the printer -name you are using is recognized by Samba. For example, you can -use:

    testprns printer /etc/printcap

Samba can get its printcap information from a file or from a program. -You can try the following to see the format of the extracted -information:

    testprns -a printer /etc/printcap
-
-    testprns -a printer '|/bin/cat printcap'

Setting up printcap and print servers

You may need to set up some printcaps for your Samba system to use. -It is strongly recommended that you use the facilities provided by -the print spooler to set up queues and printcap information.

Samba requires either a printcap or program to deliver printcap -information. This printcap information has the format:

  name|alias1|alias2...:option=value:...

For almost all printing systems, the printer 'name' must be composed -only of alphanumeric or underscore '_' characters. Some systems also -allow hyphens ('-') as well. An alias is an alternative name for the -printer, and an alias with a space in it is used as a 'comment' -about the printer. The printcap format optionally uses a \ at the end of lines -to extend the printcap to multiple lines.

Here are some examples of printcap files:

  1. pr just printer name

  2. pr|alias printer name and alias

  3. pr|My Printer printer name, alias used as comment

  4. pr:sh:\ Same as pr:sh:cm= testing - :cm= \ - testing

  5. pr:sh Same as pr:sh:cm= testing - :cm= testing

Samba reads the printcap information when first started. If you make -changes in the printcap information, then you must do the following:

  1. make sure that the print spooler is aware of these changes. -The LPRng system uses the 'lpc reread' command to do this.

  2. make sure that the spool queues, etc., exist and have the -correct permissions. The LPRng system uses the 'checkpc -f' -command to do this.

  3. You now should send a SIGHUP signal to the smbd server to have -it reread the printcap information.

Job sent, no output

This is the most frustrating part of printing. You may have sent the -job, verified that the job was forwarded, set up a wrapper around -the command to send the file, but there was no output from the printer.

First, check to make sure that the job REALLY is getting to the -right print queue. If you are using a BSD or LPRng print spooler, -you can temporarily stop the printing of jobs. Jobs can still be -submitted, but they will not be printed. Use:

  lpc -Pprinter stop

Now submit a print job and then use 'lpq -Pprinter' to see if the -job is in the print queue. If it is not in the print queue then -you will have to find out why it is not being accepted for printing.

Next, you may want to check to see what the format of the job really -was. With the assistance of the system administrator you can view -the submitted jobs files. You may be surprised to find that these -are not in what you would expect to call a printable format. -You can use the UNIX 'file' utitily to determine what the job -format actually is:

    cd /var/spool/lpd/printer   # spool directory of print jobs
-    ls                          # find job files
-    file dfA001myhost

You should make sure that your printer supports this format OR that -your system administrator has installed a 'print filter' that will -convert the file to a format appropriate for your printer.

Job sent, strange output

Once you have the job printing, you can then start worrying about -making it print nicely.

The most common problem is extra pages of output: banner pages -OR blank pages at the end.

If you are getting banner pages, check and make sure that the -printcap option or printer option is configured for no banners. -If you have a printcap, this is the :sh (suppress header or banner -page) option. You should have the following in your printer.

   printer: ... :sh

If you have this option and are still getting banner pages, there -is a strong chance that your printer is generating them for you -automatically. You should make sure that banner printing is disabled -for the printer. This usually requires using the printer setup software -or procedures supplied by the printer manufacturer.

If you get an extra page of output, this could be due to problems -with your job format, or if you are generating PostScript jobs, -incorrect setting on your printer driver on the MicroSoft client. -For example, under Win95 there is a option:

  Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|

that allows you to choose if a Ctrl-D is appended to all jobs. -This is a very bad thing to do, as most spooling systems will -automatically add a ^D to the end of the job if it is detected as -PostScript. The multiple ^D may cause an additional page of output.

Raw PostScript printed

This is a problem that is usually caused by either the print spooling -system putting information at the start of the print job that makes -the printer think the job is a text file, or your printer simply -does not support PostScript. You may need to enable 'Automatic -Format Detection' on your printer.

Advanced Printing

Note that you can do some pretty magic things by using your -imagination with the "print command" option and some shell scripts. -Doing print accounting is easy by passing the %U option to a print -command shell script. You could even make the print command detect -the type of output and its size and send it to an appropriate -printer.

Real debugging

If the above debug tips don't help, then maybe you need to bring in -the bug guns, system tracing. See Tracing.txt in this directory.

\ No newline at end of file diff --git a/docs/htmldocs/Samba-HOWTO.html b/docs/htmldocs/Samba-HOWTO.html new file mode 100644 index 0000000000..da69705bc3 --- /dev/null +++ b/docs/htmldocs/Samba-HOWTO.html @@ -0,0 +1,1440 @@ + +SAMBA Project Documentation

Abstract

Last Update : Thu Aug 15 12:48:45 CDT 2002

This book is a collection of HOWTOs added to Samba documentation over the years. +I try to ensure that all are current, but sometimes the is a larger job +than one person can maintain. The most recent version of this document +can be found at http://www.samba.org/ +on the "Documentation" page. Please send updates to jerry@samba.org.

This documentation is distributed under the GNU General Public License (GPL) +version 2. A copy of the license is included with the Samba source +distribution. A copy can be found on-line at http://www.fsf.org/licenses/gpl.txt

Cheers, jerry

Table of Contents
1. How to Install and Test SAMBA
1.1. Step 0: Read the man pages
1.2. Step 1: Building the Binaries
1.3. Step 2: The all important step
1.4. Step 3: Create the smb configuration file.
1.5. Step 4: Test your config file with + testparm
1.6. Step 5: Starting the smbd and nmbd
1.6.1. Step 5a: Starting from inetd.conf
1.6.2. Step 5b. Alternative: starting it as a daemon
1.7. Step 6: Try listing the shares available on your + server
1.8. Step 7: Try connecting with the unix client
1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client
1.10. What If Things Don't Work?
1.10.1. Diagnosing Problems
1.10.2. Scope IDs
1.10.3. Choosing the Protocol Level
1.10.4. Printing from UNIX to a Client PC
1.10.5. Locking
1.10.6. Mapping Usernames
2. Diagnosing your samba server
2.1. Introduction
2.2. Assumptions
2.3. Tests
2.3.1. Test 1
2.3.2. Test 2
2.3.3. Test 3
2.3.4. Test 4
2.3.5. Test 5
2.3.6. Test 6
2.3.7. Test 7
2.3.8. Test 8
2.3.9. Test 9
2.3.10. Test 10
2.3.11. Test 11
2.4. Still having troubles?
3. Integrating MS Windows networks with Samba
3.1. Agenda
3.2. Name Resolution in a pure Unix/Linux world
3.2.1. /etc/hosts
3.2.2. /etc/resolv.conf
3.2.3. /etc/host.conf
3.2.4. /etc/nsswitch.conf
3.3. Name resolution as used within MS Windows networking
3.3.1. The NetBIOS Name Cache
3.3.2. The LMHOSTS file
3.3.3. HOSTS file
3.3.4. DNS Lookup
3.3.5. WINS Lookup
3.4. How browsing functions and how to deploy stable and +dependable browsing using Samba
3.5. MS Windows security options and how to configure +Samba for seemless integration
3.5.1. Use MS Windows NT as an authentication server
3.5.2. Make Samba a member of an MS Windows NT security domain
3.5.3. Configure Samba as an authentication server
3.6. Conclusions
4. Configuring PAM for distributed but centrally +managed authentication
4.1. Samba and PAM
4.2. Distributed Authentication
4.3. PAM Configuration in smb.conf
5. Hosting a Microsoft Distributed File System tree on Samba
5.1. Instructions
5.1.1. Notes
6. UNIX Permission Bits and Windows NT Access Control Lists
6.1. Viewing and changing UNIX permissions using the NT + security dialogs
6.2. How to view file security on a Samba share
6.3. Viewing file ownership
6.4. Viewing file or directory permissions
6.4.1. File Permissions
6.4.2. Directory Permissions
6.5. Modifying file or directory permissions
6.6. Interaction with the standard Samba create mask + parameters
6.7. Interaction with the standard Samba file attribute + mapping
7. Printing Support in Samba 2.2.x
7.1. Introduction
7.2. Configuration
7.2.1. Creating [print$]
7.2.2. Setting Drivers for Existing Printers
7.2.3. Support a large number of printers
7.2.4. Adding New Printers via the Windows NT APW
7.2.5. Samba and Printer Ports
7.3. The Imprints Toolset
7.3.1. What is Imprints?
7.3.2. Creating Printer Driver Packages
7.3.3. The Imprints server
7.3.4. The Installation Client
7.4. Migration to from Samba 2.0.x to 2.2.x
8. Debugging Printing Problems
8.1. Introduction
8.2. Debugging printer problems
8.3. What printers do I have?
8.4. Setting up printcap and print servers
8.5. Job sent, no output
8.6. Job sent, strange output
8.7. Raw PostScript printed
8.8. Advanced Printing
8.9. Real debugging
9. Security levels
9.1. Introduction
9.2. More complete description of security levels
10. security = domain in Samba 2.x
10.1. Joining an NT Domain with Samba 2.2
10.2. Samba and Windows 2000 Domains
10.3. Why is this better than security = server?
11. Unified Logons between Windows NT and UNIX using Winbind
11.1. Abstract
11.2. Introduction
11.3. What Winbind Provides
11.3.1. Target Uses
11.4. How Winbind Works
11.4.1. Microsoft Remote Procedure Calls
11.4.2. Name Service Switch
11.4.3. Pluggable Authentication Modules
11.4.4. User and Group ID Allocation
11.4.5. Result Caching
11.5. Installation and Configuration
11.5.1. Introduction
11.5.2. Requirements
11.5.3. Testing Things Out
11.6. Limitations
11.7. Conclusion
12. How to Configure Samba 2.2 as a Primary Domain Controller
12.1. Prerequisite Reading
12.2. Background
12.3. Configuring the Samba Domain Controller
12.4. Creating Machine Trust Accounts and Joining Clients to the +Domain
12.4.1. Manual Creation of Machine Trust Accounts
12.4.2. "On-the-Fly" Creation of Machine Trust Accounts
12.4.3. Joining the Client to the Domain
12.5. Common Problems and Errors
12.6. System Policies and Profiles
12.7. What other help can I get?
12.8. Domain Control for Windows 9x/ME
12.8.1. Configuration Instructions: Network Logons
12.8.2. Configuration Instructions: Setting up Roaming User Profiles
12.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
13.1. Prerequisite Reading
13.2. Background
13.3. What qualifies a Domain Controller on the network?
13.3.1. How does a Workstation find its domain controller?
13.3.2. When is the PDC needed?
13.4. Can Samba be a Backup Domain Controller?
13.5. How do I set up a Samba BDC?
13.5.1. How do I replicate the smbpasswd file?
14. Storing Samba's User/Machine Account information in an LDAP Directory
14.1. Purpose
14.2. Introduction
14.3. Supported LDAP Servers
14.4. Schema and Relationship to the RFC 2307 posixAccount
14.5. Configuring Samba with LDAP
14.5.1. OpenLDAP configuration
14.5.2. Configuring Samba
14.6. Accounts and Groups management
14.7. Security and sambaAccount
14.8. LDAP specials attributes for sambaAccounts
14.9. Example LDIF Entries for a sambaAccount
14.10. Comments
15. Improved browsing in samba
15.1. Overview of browsing
15.2. Browsing support in samba
15.3. Problem resolution
15.4. Browsing across subnets
15.4.1. How does cross subnet browsing work ?
15.5. Setting up a WINS server
15.6. Setting up Browsing in a WORKGROUP
15.7. Setting up Browsing in a DOMAIN
15.8. Forcing samba to be the master
15.9. Making samba the domain master
15.10. Note about broadcast addresses
15.11. Multiple interfaces
16. Samba performance issues
16.1. Comparisons
16.2. Oplocks
16.2.1. Overview
16.2.2. Level2 Oplocks
16.2.3. Old 'fake oplocks' option - deprecated
16.3. Socket options
16.4. Read size
16.5. Max xmit
16.6. Locking
16.7. Share modes
16.8. Log level
16.9. Wide lines
16.10. Read raw
16.11. Write raw
16.12. Read prediction
16.13. Memory mapping
16.14. Slow Clients
16.15. Slow Logins
16.16. Client tuning
16.17. My Results
17. Samba and other CIFS clients
17.1. Macintosh clients?
17.2. OS2 Client
17.2.1. How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?
17.2.2. How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?
17.2.3. Are there any other issues when OS/2 (any version) + is used as a client?
17.2.4. How do I get printer driver download working + for OS/2 clients?
17.3. Windows for Workgroups
17.3.1. Use latest TCP/IP stack from Microsoft
17.3.2. Delete .pwl files after password change
17.3.3. Configure WfW password handling
17.3.4. Case handling of passwords
17.4. Windows '95/'98
17.5. Windows 2000 Service Pack 2
18. HOWTO Access Samba source code via CVS
18.1. Introduction
18.2. CVS Access to samba.org
18.2.1. Access via CVSweb
18.2.2. Access via cvs
19. Reporting Bugs
19.1. Introduction
19.2. General info
19.3. Debug levels
19.4. Internal errors
19.5. Attaching to a running process
19.6. Patches
20. Group mapping HOWTO
21. Portability
21.1. HPUX
21.2. SCO Unix
21.3. DNIX
  Next
  How to Install and Test SAMBA
\ No newline at end of file diff --git a/docs/htmldocs/Samba-LDAP-HOWTO.html b/docs/htmldocs/Samba-LDAP-HOWTO.html deleted file mode 100644 index 21ebbfe7b0..0000000000 --- a/docs/htmldocs/Samba-LDAP-HOWTO.html +++ /dev/null @@ -1,891 +0,0 @@ -Storing Samba's User/Machine Account information in an LDAP Directory

Purpose

This document describes how to use an LDAP directory for storing Samba user -account information traditionally stored in the smbpasswd(5) file. It is -assumed that the reader already has a basic understanding of LDAP concepts -and has a working directory server already installed. For more information -on LDAP architectures and Directories, please refer to the following sites.

Note that O'Reilly Publishing is working on -a guide to LDAP for System Administrators which has a planned release date of -early summer, 2002.

Two additional Samba resources which may prove to be helpful are

  • The Samba-PDC-LDAP-HOWTO - maintained by Ignacio Coupeau.

  • The NT migration scripts from IDEALX that are - geared to manage users and group in such a Samba-LDAP Domain Controller configuration. -

Introduction

Traditionally, when configuring "encrypt -passwords = yes" in Samba's smb.conf file, user account -information such as username, LM/NT password hashes, password change times, and account -flags have been stored in the smbpasswd(5) file. There are several -disadvantages to this approach for sites with very large numbers of users (counted -in the thousands).

  • The first is that all lookups must be performed sequentially. Given that -there are approximately two lookups per domain logon (one for a normal -session connection such as when mapping a network drive or printer), this -is a performance bottleneck for lareg sites. What is needed is an indexed approach -such as is used in databases.

  • The second problem is that administrators who desired to replicate a -smbpasswd file to more than one Samba server were left to use external -tools such as rsync(1) and ssh(1) -and wrote custom, in-house scripts.

  • And finally, the amount of information which is stored in an -smbpasswd entry leaves no room for additional attributes such as -a home directory, password expiration time, or even a Relative -Identified (RID).

As a result of these defeciencies, a more robust means of storing user attributes -used by smbd was developed. The API which defines access to user accounts -is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support -for a samdb backend (e.g. --with-ldapsam or ---with-tdbsam) requires compile time support.

When compiling Samba to include the --with-ldapsam autoconf -option, smbd (and associated tools) will store and lookup user accounts in -an LDAP directory. In reality, this is very easy to understand. If you are -comfortable with using an smbpasswd file, simply replace "smbpasswd" with -"LDAP directory" in all the documentation.

There are a few points to stress about what the --with-ldapsam -does not provide. The LDAP support referred to in the this documentation does not -include:

  • A means of retrieving user account information from - an Windows 2000 Active Directory server.

  • A means of replacing /etc/passwd.

The second item can be accomplished by using LDAP NSS and PAM modules. LGPL -versions of these libraries can be obtained from PADL Software -(http://www.padl.com/). However, -the details of configuring these packages are beyond the scope of this document.

Supported LDAP Servers

The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP -2.0 server and client libraries. The same code should be able to work with -Netscape's Directory Server and client SDK. However, due to lack of testing -so far, there are bound to be compile errors and bugs. These should not be -hard to fix. If you are so inclined, please be sure to forward all patches to -samba-patches@samba.org and -jerry@samba.org.

Schema and Relationship to the RFC 2307 posixAccount

Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in -examples/LDAP/samba.schema. (Note that this schema -file has been modified since the experimental support initially included -in 2.2.2). The sambaAccount objectclass is given here:

objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
-     DESC 'Samba Account'
-     MUST ( uid $ rid )
-     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-            description $ userWorkstations $ primaryGroupID $ domain ))

The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are -owned by the Samba Team and as such is legal to be openly published. -If you translate the schema to be used with Netscape DS, please -submit the modified schema file as a patch to jerry@samba.org

Just as the smbpasswd file is mean to store information which supplements a -user's /etc/passwd entry, so is the sambaAccount object -meant to supplement the UNIX user account information. A sambaAccount is a -STRUCTURAL objectclass so it can be stored individually -in the directory. However, there are several fields (e.g. uid) which overlap -with the posixAccount objectclass outlined in RFC2307. This is by design.

In order to store all user account information (UNIX and Samba) in the directory, -it is necessary to use the sambaAccount and posixAccount objectclasses in -combination. However, smbd will still obtain the user's UNIX account -information via the standard C library calls (e.g. getpwnam(), et. al.). -This means that the Samba server must also have the LDAP NSS library installed -and functioning correctly. This division of information makes it possible to -store all Samba account information in LDAP, but still maintain UNIX account -information in NIS while the network is transitioning to a full LDAP infrastructure.

Configuring Samba with LDAP

OpenLDAP configuration

To include support for the sambaAccount object in an OpenLDAP directory -server, first copy the samba.schema file to slapd's configuration directory.

root# cp samba.schema /etc/openldap/schema/

Next, include the samba.schema file in slapd.conf. -The sambaAccount object contains two attributes which depend upon other schema -files. The 'uid' attribute is defined in cosine.schema and -the 'displayName' attribute is defined in the inetorgperson.schema -file. Both of these must be included before the samba.schema file.

## /etc/openldap/slapd.conf
-
-## schema files (core.schema is required by default)
-include	           /etc/openldap/schema/core.schema
-
-## needed for sambaAccount
-include            /etc/openldap/schema/cosine.schema
-include            /etc/openldap/schema/inetorgperson.schema
-include            /etc/openldap/schema/samba.schema
-
-## uncomment this line if you want to support the RFC2307 (NIS) schema
-## include         /etc/openldap/schema/nis.schema
-
-....

It is recommended that you maintain some indices on some of the most usefull attributes, -like in the following example, to speed up searches made on sambaAccount objectclasses -(and possibly posixAccount and posixGroup as well).

# Indices to maintain
-## required by OpenLDAP 2.0
-index objectclass   eq
-
-## support pb_getsampwnam()
-index uid           pres,eq
-## support pdb_getsambapwrid()
-index rid           eq
-
-## uncomment these if you are storing posixAccount and
-## posixGroup entries in the directory as well
-##index uidNumber     eq
-##index gidNumber     eq
-##index cn            eq
-##index memberUid     eq

Configuring Samba

The following parameters are available in smb.conf only with --with-ldapsam -was included with compiling Samba.

These are described in the smb.conf(5) man -page and so will not be repeated here. However, a sample smb.conf file for -use with an LDAP directory could appear as

## /usr/local/samba/lib/smb.conf
-[global]
-     security = user
-     encrypt passwords = yes
-
-     netbios name = TASHTEGO
-     workgroup = NARNIA
-
-     # ldap related parameters
-
-     # define the DN to use when binding to the directory servers
-     # The password for this DN is not stored in smb.conf.  Rather it
-     # must be set by using 'smbpasswd -w secretpw' to store the
-     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
-     # changes, this password will need to be reset.
-     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
-
-     #  specify the LDAP server's hostname (defaults to locahost)
-     ldap server = ahab.samba.org
-
-     # Define the SSL option when connecting to the directory
-     # ('off', 'start tls', or 'on' (default))
-     ldap ssl = start tls
-
-     # define the port to use in the LDAP session (defaults to 636 when
-     # "ldap ssl = on")
-     ldap port = 389
-
-     # specify the base DN to use when searching the directory
-     ldap suffix = "ou=people,dc=samba,dc=org"
-
-     # generally the default ldap search filter is ok
-     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"

Accounts and Groups management

As users accounts are managed thru the sambaAccount objectclass, you should -modify you existing administration tools to deal with sambaAccount attributes.

Machines accounts are managed with the sambaAccount objectclass, just -like users accounts. However, it's up to you to stored thoses accounts -in a different tree of you LDAP namespace: you should use -"ou=Groups,dc=plainjoe,dc=org" to store groups and -"ou=People,dc=plainjoe,dc=org" to store users. Just configure your -NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration -file).

In Samba release 2.2.3, the group management system is based on posix -groups. This meand that Samba make usage of the posixGroup objectclass. -For now, there is no NT-like group system management (global and local -groups).

Security and sambaAccount

There are two important points to remember when discussing the security -of sambaAccount entries in the directory.

  • Never retrieve the lmPassword or - ntPassword attribute values over an unencrypted LDAP session.

  • Never allow non-admin users to - view the lmPassword or ntPassword attribute values.

These password hashes are clear text equivalents and can be used to impersonate -the user without deriving the original clear text strings. For more information -on the details of LM/NT password hashes, refer to the ENCRYPTION chapter of the Samba-HOWTO-Collection.

To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults -to require an encrypted session (ldap ssl = on) using -the default port of 636 -when contacting the directory server. When using an OpenLDAP 2.0 server, it -is possible to use the use the StartTLS LDAP extended operation in the place of -LDAPS. In either case, you are strongly discouraged to disable this security -(ldap ssl = off).

Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS -extended operation. However, the OpenLDAP library still provides support for -the older method of securing communication between clients and servers.

The second security precaution is to prevent non-administrative users from -harvesting password hashes from the directory. This can be done using the -following ACL in slapd.conf:

## allow the "ldap admin dn" access, but deny everyone else
-access to attrs=lmPassword,ntPassword
-     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
-     by * none

LDAP specials attributes for sambaAccounts

The sambaAccount objectclass is composed of the following attributes:

  • lmPassword: the LANMAN password 16-byte hash stored as a character - representation of a hexidecimal string.

  • ntPassword: the NT password hash 16-byte stored as a character - representation of a hexidecimal string.

  • pwdLastSet: The integer time in seconds since 1970 when the - lmPassword and ntPassword attributes were last set. -

  • acctFlags: string of 11 characters surrounded by square brackets [] - representing account flags such as U (user), W(workstation), X(no password expiration), and - D(disabled).

  • logonTime: Integer value currently unused

  • logoffTime: Integer value currently unused

  • kickoffTime: Integer value currently unused

  • pwdCanChange: Integer value currently unused

  • pwdMustChange: Integer value currently unused

  • homeDrive: specifies the drive letter to which to map the - UNC path specified by homeDirectory. The drive letter must be specified in the form "X:" - where X is the letter of the drive to map. Refer to the "logon drive" parameter in the - smb.conf(5) man page for more information.

  • scriptPath: The scriptPath property specifies the path of - the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path - is relative to the netlogon share. Refer to the "logon script" parameter in the - smb.conf(5) man page for more information.

  • profilePath: specifies a path to the user's profile. - This value can be a null string, a local absolute path, or a UNC path. Refer to the - "logon path" parameter in the smb.conf(5) man page for more information.

  • smbHome: The homeDirectory property specifies the path of - the home directory for the user. The string can be null. If homeDrive is set and specifies - a drive letter, homeDirectory should be a UNC path. The path must be a network - UNC path of the form \\server\share\directory. This value can be a null string. - Refer to the "logon home" parameter in the smb.conf(5) man page for more information. -

  • userWorkstation: character string value currently unused. -

  • rid: the integer representation of the user's relative identifier - (RID).

  • primaryGroupID: the relative identifier (RID) of the primary group - of the user.

The majority of these parameters are only used when Samba is acting as a PDC of -a domain (refer to the Samba-PDC-HOWTO for details on -how to configure Samba as a Primary Domain Controller). The following four attributes -are only stored with the sambaAccount entry if the values are non-default values:

  • smbHome

  • scriptPath

  • logonPath

  • homeDrive

These attributes are only stored with the sambaAccount entry if -the values are non-default values. For example, assume TASHTEGO has now been -configured as a PDC and that logon home = \\%L\%u was defined in -its smb.conf file. When a user named "becky" logons to the domain, -the logon home string is expanded to \\TASHTEGO\becky. -If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", -this value is used. However, if this attribute does not exist, then the value -of the logon home parameter is used in its place. Samba -will only write the attribute value to the directory entry is the value is -something other than the default (e.g. \\MOBY\becky).

Example LDIF Entries for a sambaAccount

The following is a working LDIF with the inclusion of the posixAccount objectclass:

dn: uid=guest2, ou=people,dc=plainjoe,dc=org
-ntPassword: 878D8014606CDA29677A44EFA1353FC7
-pwdMustChange: 2147483647
-primaryGroupID: 1201
-lmPassword: 552902031BEDE9EFAAD3B435B51404EE
-pwdLastSet: 1010179124
-logonTime: 0
-objectClass: sambaAccount
-uid: guest2
-kickoffTime: 2147483647
-acctFlags: [UX         ]
-logoffTime: 2147483647
-rid: 19006
-pwdCanChange: 0

The following is an LDIF entry for using both the sambaAccount and -posixAccount objectclasses:

dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
-logonTime: 0
-displayName: Gerald Carter
-lmPassword: 552902031BEDE9EFAAD3B435B51404EE
-primaryGroupID: 1201
-objectClass: posixAccount
-objectClass: sambaAccount
-acctFlags: [UX         ]
-userPassword: {crypt}BpM2ej8Rkzogo
-uid: gcarter
-uidNumber: 9000
-cn: Gerald Carter
-loginShell: /bin/bash
-logoffTime: 2147483647
-gidNumber: 100
-kickoffTime: 2147483647
-pwdLastSet: 1010179230
-rid: 19000
-homeDirectory: /home/tashtego/gcarter
-pwdCanChange: 0
-pwdMustChange: 2147483647
-ntPassword: 878D8014606CDA29677A44EFA1353FC7

Comments

Please mail all comments regarding this HOWTO to jerry@samba.org. This documents was -last updated to reflect the Samba 2.2.3 release.

\ No newline at end of file diff --git a/docs/htmldocs/Speed.html b/docs/htmldocs/Speed.html deleted file mode 100644 index 47a8c885b6..0000000000 --- a/docs/htmldocs/Speed.html +++ /dev/null @@ -1,550 +0,0 @@ -Samba performance issues

Comparisons

The Samba server uses TCP to talk to the client. Thus if you are -trying to see if it performs well you should really compare it to -programs that use the same protocol. The most readily available -programs for file transfer that use TCP are ftp or another TCP based -SMB server.

If you want to test against something like a NT or WfWg server then -you will have to disable all but TCP on either the client or -server. Otherwise you may well be using a totally different protocol -(such as Netbeui) and comparisons may not be valid.

Generally you should find that Samba performs similarly to ftp at raw -transfer speed. It should perform quite a bit faster than NFS, -although this very much depends on your system.

Several people have done comparisons between Samba and Novell, NFS or -WinNT. In some cases Samba performed the best, in others the worst. I -suspect the biggest factor is not Samba vs some other system but the -hardware and drivers used on the various systems. Given similar -hardware Samba should certainly be competitive in speed with other -systems.

Oplocks

Overview

Oplocks are the way that SMB clients get permission from a server to -locally cache file operations. If a server grants an oplock -(opportunistic lock) then the client is free to assume that it is the -only one accessing the file and it will agressively cache file -data. With some oplock types the client may even cache file open/close -operations. This can give enormous performance benefits.

With the release of Samba 1.9.18 we now correctly support opportunistic -locks. This is turned on by default, and can be turned off on a share- -by-share basis by setting the parameter :

oplocks = False

We recommend that you leave oplocks on however, as current benchmark -tests with NetBench seem to give approximately a 30% improvement in -speed with them on. This is on average however, and the actual -improvement seen can be orders of magnitude greater, depending on -what the client redirector is doing.

Previous to Samba 1.9.18 there was a 'fake oplocks' option. This -option has been left in the code for backwards compatibility reasons -but it's use is now deprecated. A short summary of what the old -code did follows.

Level2 Oplocks

With Samba 2.0.5 a new capability - level2 (read only) oplocks is -supported (although the option is off by default - see the smb.conf -man page for details). Turning on level2 oplocks (on a share-by-share basis) -by setting the parameter :

level2 oplocks = true

should speed concurrent access to files that are not commonly written -to, such as application serving shares (ie. shares that contain common -.EXE files - such as a Microsoft Office share) as it allows clients to -read-ahread cache copies of these files.

Old 'fake oplocks' option - deprecated

Samba can also fake oplocks, by granting a oplock whenever a client -asks for one. This is controlled using the smb.conf option "fake -oplocks". If you set "fake oplocks = yes" then you are telling the -client that it may agressively cache the file data for all opens.

Enabling 'fake oplocks' on all read-only shares or shares that you know -will only be accessed from one client at a time you will see a big -performance improvement on many operations. If you enable this option -on shares where multiple clients may be accessing the files read-write -at the same time you can get data corruption.

Socket options

There are a number of socket options that can greatly affect the -performance of a TCP based server like Samba.

The socket options that Samba uses are settable both on the command -line with the -O option, or in the smb.conf file.

The "socket options" section of the smb.conf manual page describes how -to set these and gives recommendations.

Getting the socket options right can make a big difference to your -performance, but getting them wrong can degrade it by just as -much. The correct settings are very dependent on your local network.

The socket option TCP_NODELAY is the one that seems to make the -biggest single difference for most networks. Many people report that -adding "socket options = TCP_NODELAY" doubles the read performance of -a Samba drive. The best explanation I have seen for this is that the -Microsoft TCP/IP stack is slow in sending tcp ACKs.

Read size

The option "read size" affects the overlap of disk reads/writes with -network reads/writes. If the amount of data being transferred in -several of the SMB commands (currently SMBwrite, SMBwriteX and -SMBreadbraw) is larger than this value then the server begins writing -the data before it has received the whole packet from the network, or -in the case of SMBreadbraw, it begins writing to the network before -all the data has been read from disk.

This overlapping works best when the speeds of disk and network access -are similar, having very little effect when the speed of one is much -greater than the other.

The default value is 16384, but very little experimentation has been -done yet to determine the optimal value, and it is likely that the best -value will vary greatly between systems anyway. A value over 65536 is -pointless and will cause you to allocate memory unnecessarily.

Max xmit

At startup the client and server negotiate a "maximum transmit" size, -which limits the size of nearly all SMB commands. You can set the -maximum size that Samba will negotiate using the "max xmit = " option -in smb.conf. Note that this is the maximum size of SMB request that -Samba will accept, but not the maximum size that the *client* will accept. -The client maximum receive size is sent to Samba by the client and Samba -honours this limit.

It defaults to 65536 bytes (the maximum), but it is possible that some -clients may perform better with a smaller transmit unit. Trying values -of less than 2048 is likely to cause severe problems.

In most cases the default is the best option.

Locking

By default Samba does not implement strict locking on each read/write -call (although it did in previous versions). If you enable strict -locking (using "strict locking = yes") then you may find that you -suffer a severe performance hit on some systems.

The performance hit will probably be greater on NFS mounted -filesystems, but could be quite high even on local disks.

Share modes

Some people find that opening files is very slow. This is often -because of the "share modes" code needed to fully implement the dos -share modes stuff. You can disable this code using "share modes = -no". This will gain you a lot in opening and closing files but will -mean that (in some cases) the system won't force a second user of a -file to open the file read-only if the first has it open -read-write. For many applications that do their own locking this -doesn't matter, but for some it may. Most Windows applications -depend heavily on "share modes" working correctly and it is -recommended that the Samba share mode support be left at the -default of "on".

The share mode code in Samba has been re-written in the 1.9.17 -release following tests with the Ziff-Davis NetBench PC Benchmarking -tool. It is now believed that Samba 1.9.17 implements share modes -similarly to Windows NT.

NOTE: In the most recent versions of Samba there is an option to use -shared memory via mmap() to implement the share modes. This makes -things much faster. See the Makefile for how to enable this.

Log level

If you set the log level (also known as "debug level") higher than 2 -then you may suffer a large drop in performance. This is because the -server flushes the log file after each operation, which can be very -expensive.

Wide lines

The "wide links" option is now enabled by default, but if you disable -it (for better security) then you may suffer a performance hit in -resolving filenames. The performance loss is lessened if you have -"getwd cache = yes", which is now the default.

Read raw

The "read raw" operation is designed to be an optimised, low-latency -file read operation. A server may choose to not support it, -however. and Samba makes support for "read raw" optional, with it -being enabled by default.

In some cases clients don't handle "read raw" very well and actually -get lower performance using it than they get using the conventional -read operations.

So you might like to try "read raw = no" and see what happens on your -network. It might lower, raise or not affect your performance. Only -testing can really tell.

Write raw

The "write raw" operation is designed to be an optimised, low-latency -file write operation. A server may choose to not support it, -however. and Samba makes support for "write raw" optional, with it -being enabled by default.

Some machines may find "write raw" slower than normal write, in which -case you may wish to change this option.

Read prediction

Samba can do read prediction on some of the SMB commands. Read -prediction means that Samba reads some extra data on the last file it -read while waiting for the next SMB command to arrive. It can then -respond more quickly when the next read request arrives.

This is disabled by default. You can enable it by using "read -prediction = yes".

Note that read prediction is only used on files that were opened read -only.

Read prediction should particularly help for those silly clients (such -as "Write" under NT) which do lots of very small reads on a file.

Samba will not read ahead more data than the amount specified in the -"read size" option. It always reads ahead on 1k block boundaries.

Memory mapping

Samba supports reading files via memory mapping them. One some -machines this can give a large boost to performance, on others it -makes not difference at all, and on some it may reduce performance.

To enable you you have to recompile Samba with the -DUSE_MMAP option -on the FLAGS line of the Makefile.

Note that memory mapping is only used on files opened read only, and -is not used by the "read raw" operation. Thus you may find memory -mapping is more effective if you disable "read raw" using "read raw = -no".

Slow Clients

One person has reported that setting the protocol to COREPLUS rather -than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).

I suspect that his PC's (386sx16 based) were asking for more data than -they could chew. I suspect a similar speed could be had by setting -"read raw = no" and "max xmit = 2048", instead of changing the -protocol. Lowering the "read size" might also help.

Slow Logins

Slow logins are almost always due to the password checking time. Using -the lowest practical "password level" will improve things a lot. You -could also enable the "UFC crypt" option in the Makefile.

Client tuning

Often a speed problem can be traced to the client. The client (for -example Windows for Workgroups) can often be tuned for better TCP -performance.

See your client docs for details. In particular, I have heard rumours -that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a -large impact on performance.

Also note that some people have found that setting DefaultRcvWindow in -the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a -big improvement. I don't know why.

My own experience wth DefaultRcvWindow is that I get much better -performance with a large value (16384 or larger). Other people have -reported that anything over 3072 slows things down enourmously. One -person even reported a speed drop of a factor of 30 when he went from -3072 to 8192. I don't know why.

It probably depends a lot on your hardware, and the type of unix box -you have at the other end of the link.

Paul Cochrane has done some testing on client side tuning and come -to the following conclusions:

Install the W2setup.exe file from www.microsoft.com. This is an -update for the winsock stack and utilities which improve performance.

Configure the win95 TCPIP registry settings to give better -perfomance. I use a program called MTUSPEED.exe which I got off the -net. There are various other utilities of this type freely available. -The setting which give the best performance for me are:

  1. MaxMTU Remove

  2. RWIN Remove

  3. MTUAutoDiscover Disable

  4. MTUBlackHoleDetect Disable

  5. Time To Live Enabled

  6. Time To Live - HOPS 32

  7. NDI Cache Size 0

I tried virtually all of the items mentioned in the document and -the only one which made a difference to me was the socket options. It -turned out I was better off without any!!!!!

In terms of overall speed of transfer, between various win95 clients -and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE -drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.

FIXME -The figures are: Put Get -P166 client 3Com card: 420-440kB/s 500-520kB/s -P100 client 3Com card: 390-410kB/s 490-510kB/s -DX4-75 client NE2000: 370-380kB/s 330-350kB/s

I based these test on transfer two files a 4.5MB text file and a 15MB -textfile. The results arn't bad considering the hardware Samba is -running on. It's a crap machine!!!!

The updates mentioned in 1 and 2 brought up the transfer rates from -just over 100kB/s in some clients.

A new client is a P333 connected via a 100MB/s card and hub. The -transfer rates from this were good: 450-500kB/s on put and 600+kB/s -on get.

Looking at standard FTP throughput, Samba is a bit slower (100kB/s -upwards). I suppose there is more going on in the samba protocol, but -if it could get up to the rate of FTP the perfomance would be quite -staggering.

My Results

Some people want to see real numbers in a document like this, so here -they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b -tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC -Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to -set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My -server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC -Elite-16 card. You can see my server config in the examples/tridge/ -subdirectory of the distribution.

I get 490k/s on reading a 8Mb file with copy. -I get 441k/s writing the same file to the samba server.

Of course, there's a lot more to benchmarks than 2 raw throughput -figures, but it gives you a ballpark figure.

I've also tested Win95 and WinNT, and found WinNT gave me the best -speed as a samba client. The fastest client of all (for me) is -smbclient running on another linux box. Maybe I'll add those results -here someday ...

\ No newline at end of file diff --git a/docs/htmldocs/UNIX_INSTALL.html b/docs/htmldocs/UNIX_INSTALL.html deleted file mode 100644 index 9946e7e64e..0000000000 --- a/docs/htmldocs/UNIX_INSTALL.html +++ /dev/null @@ -1,799 +0,0 @@ -How to Install and Test SAMBA

Step 0: Read the man pages

The man pages distributed with SAMBA contain - lots of useful info that will help to get you started. - If you don't know how to read man pages then try - something like:

$ nroff -man smbd.8 | more -

Other sources of information are pointed to - by the Samba web site, http://www.samba.org

Step 1: Building the Binaries

To do this, first run the program ./configure - in the source directory. This should automatically - configure Samba for your operating system. If you have unusual - needs then you may wish to run

root# ./configure --help -

first to see what special options you can enable. - Then executing

root# make

will create the binaries. Once it's successfully - compiled you can use

root# make install

to install the binaries and manual pages. You can - separately install the binaries and/or man pages using

root# make installbin -

and

root# make installman -

Note that if you are upgrading for a previous version - of Samba you might like to know that the old versions of - the binaries will be renamed with a ".old" extension. You - can go back to the previous version with

root# make revert -

if you find this version a disaster!

Step 2: The all important step

At this stage you must fetch yourself a - coffee or other drink you find stimulating. Getting the rest - of the install right can sometimes be tricky, so you will - probably need it.

If you have installed samba before then you can skip - this step.

Step 3: Create the smb configuration file.

There are sample configuration files in the examples - subdirectory in the distribution. I suggest you read them - carefully so you can see how the options go together in - practice. See the man page for all the options.

The simplest useful configuration file would be - something like this:

	[global]
-	   workgroup = MYGROUP
-
-	   [homes]
-	      guest ok = no
-	      read only = no
-

which would allow connections by anyone with an - account on the server, using either their login name or - "homes" as the service name. (Note that I also set the - workgroup that Samba is part of. See BROWSING.txt for details)

Note that make install will not install - a smb.conf file. You need to create it - yourself.

Make sure you put the smb.conf file in the same place - you specified in theMakefile (the default is to - look for it in /usr/local/samba/lib/).

For more information about security settings for the - [homes] share please refer to the document UNIX_SECURITY.txt.

Step 4: Test your config file with - testparm

It's important that you test the validity of your - smb.conf file using the testparm program. - If testparm runs OK then it will list the loaded services. If - not it will give an error message.

Make sure it runs OK and that the services look - reasonable before proceeding.

Step 5: Starting the smbd and nmbd

You must choose to start smbd and nmbd either - as daemons or from inetd. Don't try - to do both! Either you can put them in inetd.conf and have them started on demand - by inetd, or you can start them as - daemons either from the command line or in /etc/rc.local. See the man pages for details - on the command line options. Take particular care to read - the bit about what user you need to be in order to start - Samba. In many cases you must be root.

The main advantage of starting smbd - and nmbd using the recommended daemon method - is that they will respond slightly more quickly to an initial connection - request.

Step 5a: Starting from inetd.conf

NOTE; The following will be different if - you use NIS or NIS+ to distributed services maps.

Look at your /etc/services. - What is defined at port 139/tcp. If nothing is defined - then add a line like this:

netbios-ssn 139/tcp

similarly for 137/udp you should have an entry like:

netbios-ns 137/udp

Next edit your /etc/inetd.conf - and add two lines something like this:

		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
-		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
-

The exact syntax of /etc/inetd.conf - varies between unixes. Look at the other entries in inetd.conf - for a guide.

NOTE: Some unixes already have entries like netbios_ns - (note the underscore) in /etc/services. - You must either edit /etc/services or - /etc/inetd.conf to make them consistent.

NOTE: On many systems you may need to use the - "interfaces" option in smb.conf to specify the IP address - and netmask of your interfaces. Run ifconfig - as root if you don't know what the broadcast is for your - net. nmbd tries to determine it at run - time, but fails on some unixes. See the section on "testing nmbd" - for a method of finding if you need to do this.

!!!WARNING!!! Many unixes only accept around 5 - parameters on the command line in inetd.conf. - This means you shouldn't use spaces between the options and - arguments, or you should use a script, and start the script - from inetd.

Restart inetd, perhaps just send - it a HUP. If you have installed an earlier version of nmbd then you may need to kill nmbd as well.

Step 5b. Alternative: starting it as a daemon

To start the server as a daemon you should create - a script something like this one, perhaps calling - it startsmb.

		#!/bin/sh
-		/usr/local/samba/bin/smbd -D 
-		/usr/local/samba/bin/nmbd -D 
-

then make it executable with chmod - +x startsmb

You can then run startsmb by - hand or execute it from /etc/rc.local -

To kill it send a kill signal to the processes - nmbd and smbd.

NOTE: If you use the SVR4 style init system then - you may like to look at the examples/svr4-startup - script to make Samba fit into that system.

Step 6: Try listing the shares available on your - server

$ smbclient -L - yourhostname

You should get back a list of shares available on - your server. If you don't then something is incorrectly setup. - Note that this method can also be used to see what shares - are available on other LanManager clients (such as WfWg).

If you choose user level security then you may find - that Samba requests a password before it will list the shares. - See the smbclient man page for details. (you - can force it to list the shares without a password by - adding the option -U% to the command line. This will not work - with non-Samba servers)

Step 7: Try connecting with the unix client

$ smbclient //yourhostname/aservice

Typically the yourhostname - would be the name of the host where you installed smbd. The aservice is - any service you have defined in the smb.conf - file. Try your user name if you just have a [homes] section - in smb.conf.

For example if your unix host is bambi and your login - name is fred you would type:

$ smbclient //bambi/fred -

Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, - Win2k, OS/2, etc... client

Try mounting disks. eg:

C:\WINDOWS\> net use d: \\servername\service -

Try printing. eg:

C:\WINDOWS\> net use lpt1: - \\servername\spoolservice

C:\WINDOWS\> print filename -

Celebrate, or send me a bug report!

What If Things Don't Work?

If nothing works and you start to think "who wrote - this pile of trash" then I suggest you do step 2 again (and - again) till you calm down.

Then you might read the file DIAGNOSIS.txt and the - FAQ. If you are still stuck then try the mailing list or - newsgroup (look in the README for details). Samba has been - successfully installed at thousands of sites worldwide, so maybe - someone else has hit your problem and has overcome it. You could - also use the WWW site to scan back issues of the samba-digest.

When you fix the problem PLEASE send me some updates to the - documentation (or source code) so that the next person will find it - easier.

Diagnosing Problems

If you have installation problems then go to - DIAGNOSIS.txt to try to find the - problem.

Scope IDs

By default Samba uses a blank scope ID. This means - all your windows boxes must also have a blank scope ID. - If you really want to use a non-blank scope ID then you will - need to use the 'netbios scope' smb.conf option. - All your PCs will need to have the same setting for - this to work. I do not recommend scope IDs.

Choosing the Protocol Level

The SMB protocol has many dialects. Currently - Samba supports 5, called CORE, COREPLUS, LANMAN1, - LANMAN2 and NT1.

You can choose what maximum protocol to support - in the smb.conf file. The default is - NT1 and that is the best for the vast majority of sites.

In older versions of Samba you may have found it - necessary to use COREPLUS. The limitations that led to - this have mostly been fixed. It is now less likely that you - will want to use less than LANMAN1. The only remaining advantage - of COREPLUS is that for some obscure reason WfWg preserves - the case of passwords in this protocol, whereas under LANMAN1, - LANMAN2 or NT1 it uppercases all passwords before sending them, - forcing you to use the "password level=" option in some cases.

The main advantage of LANMAN2 and NT1 is support for - long filenames with some clients (eg: smbclient, Windows NT - or Win95).

See the smb.conf(5) manual page for more details.

Note: To support print queue reporting you may find - that you have to use TCP/IP as the default protocol under - WfWg. For some reason if you leave Netbeui as the default - it may break the print queue reporting on some systems. - It is presumably a WfWg bug.

Printing from UNIX to a Client PC

To use a printer that is available via a smb-based - server from a unix host you will need to compile the - smbclient program. You then need to install the script - "smbprint". Read the instruction in smbprint for more details. -

There is also a SYSV style script that does much - the same thing called smbprint.sysv. It contains instructions.

Locking

One area which sometimes causes trouble is locking.

There are two types of locking which need to be - performed by a SMB server. The first is "record locking" - which allows a client to lock a range of bytes in a open file. - The second is the "deny modes" that are specified when a file - is open.

Record locking semantics under Unix is very - different from record locking under Windows. Versions - of Samba before 2.2 have tried to use the native - fcntl() unix system call to implement proper record - locking between different Samba clients. This can not - be fully correct due to several reasons. The simplest - is the fact that a Windows client is allowed to lock a - byte range up to 2^32 or 2^64, depending on the client - OS. The unix locking only supports byte ranges up to - 2^31. So it is not possible to correctly satisfy a - lock request above 2^31. There are many more - differences, too many to be listed here.

Samba 2.2 and above implements record locking - completely independent of the underlying unix - system. If a byte range lock that the client requests - happens to fall into the range 0-2^31, Samba hands - this request down to the Unix system. All other locks - can not be seen by unix anyway.

Strictly a SMB server should check for locks before - every read and write call on a file. Unfortunately with the - way fcntl() works this can be slow and may overstress the - rpc.lockd. It is also almost always unnecessary as clients - are supposed to independently make locking calls before reads - and writes anyway if locking is important to them. By default - Samba only makes locking calls when explicitly asked - to by a client, but if you set "strict locking = yes" then it will - make lock checking calls on every read and write.

You can also disable by range locking completely - using "locking = no". This is useful for those shares that - don't support locking or don't need it (such as cdroms). In - this case Samba fakes the return codes of locking calls to - tell clients that everything is OK.

The second class of locking is the "deny modes". These - are set by an application when it opens a file to determine - what types of access should be allowed simultaneously with - its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE - or DENY_ALL. There are also special compatibility modes called - DENY_FCB and DENY_DOS.

Mapping Usernames

If you have different usernames on the PCs and - the unix server then take a look at the "username map" option. - See the smb.conf man page for details.

\ No newline at end of file diff --git a/docs/htmldocs/bugreport.html b/docs/htmldocs/bugreport.html new file mode 100644 index 0000000000..cfe9ac01c6 --- /dev/null +++ b/docs/htmldocs/bugreport.html @@ -0,0 +1,332 @@ + +Reporting Bugs
SAMBA Project Documentation
PrevNext

Chapter 19. Reporting Bugs

19.1. Introduction

The email address for bug reports is samba@samba.org

Please take the time to read this file before you submit a bug +report. Also, please see if it has changed between releases, as we +may be changing the bug reporting mechanism at some time.

Please also do as much as you can yourself to help track down the +bug. Samba is maintained by a dedicated group of people who volunteer +their time, skills and efforts. We receive far more mail about it than +we can possibly answer, so you have a much higher chance of an answer +and a fix if you send us a "developer friendly" bug report that lets +us fix it fast.

Do not assume that if you post the bug to the comp.protocols.smb +newsgroup or the mailing list that we will read it. If you suspect that your +problem is not a bug but a configuration problem then it is better to send +it to the Samba mailing list, as there are (at last count) 5000 other users on +that list that may be able to help you.

You may also like to look though the recent mailing list archives, +which are conveniently accessible on the Samba web pages +at http://samba.org/samba/

19.2. General info

Before submitting a bug report check your config for silly +errors. Look in your log files for obvious messages that tell you that +you've misconfigured something and run testparm to test your config +file for correct syntax.

Have you run through the diagnosis? +This is very important.

If you include part of a log file with your bug report then be sure to +annotate it with exactly what you were doing on the client at the +time, and exactly what the results were.

19.3. Debug levels

If the bug has anything to do with Samba behaving incorrectly as a +server (like refusing to open a file) then the log files will probably +be very useful. Depending on the problem a log level of between 3 and +10 showing the problem may be appropriate. A higher level givesmore +detail, but may use too much disk space.

To set the debug level use log level = in your +smb.conf. You may also find it useful to set the log +level higher for just one machine and keep separate logs for each machine. +To do this use:

log level = 10
+log file = /usr/local/samba/lib/log.%m
+include = /usr/local/samba/lib/smb.conf.%m

then create a file +/usr/local/samba/lib/smb.conf.machine where +"machine" is the name of the client you wish to debug. In that file +put any smb.conf commands you want, for example +log level= may be useful. This also allows you to +experiment with different security systems, protocol levels etc on just +one machine.

The smb.conf entry log level = +is synonymous with the entry debuglevel = that has been +used in older versions of Samba and is being retained for backwards +compatibility of smb.conf files.

As the log level = value is increased you will record +a significantly increasing level of debugging information. For most +debugging operations you may not need a setting higher than 3. Nearly +all bugs can be tracked at a setting of 10, but be prepared for a VERY +large volume of log data.

19.4. Internal errors

If you get a "INTERNAL ERROR" message in your log files it means that +Samba got an unexpected signal while running. It is probably a +segmentation fault and almost certainly means a bug in Samba (unless +you have faulty hardware or system software)

If the message came from smbd then it will probably be accompanied by +a message which details the last SMB message received by smbd. This +info is often very useful in tracking down the problem so please +include it in your bug report.

You should also detail how to reproduce the problem, if +possible. Please make this reasonably detailed.

You may also find that a core file appeared in a "corefiles" +subdirectory of the directory where you keep your samba log +files. This file is the most useful tool for tracking down the bug. To +use it you do this:

gdb smbd core

adding appropriate paths to smbd and core so gdb can find them. If you +don't have gdb then try "dbx". Then within the debugger use the +command "where" to give a stack trace of where the problem +occurred. Include this in your mail.

If you known any assembly language then do a "disass" of the routine +where the problem occurred (if its in a library routine then +disassemble the routine that called it) and try to work out exactly +where the problem is by looking at the surrounding code. Even if you +don't know assembly then incuding this info in the bug report can be +useful.

PrevHomeNext
HOWTO Access Samba source code via CVS Group mapping HOWTO
\ No newline at end of file diff --git a/docs/htmldocs/cvs-access.html b/docs/htmldocs/cvs-access.html new file mode 100644 index 0000000000..c62d09d135 --- /dev/null +++ b/docs/htmldocs/cvs-access.html @@ -0,0 +1,291 @@ + +HOWTO Access Samba source code via CVS
SAMBA Project Documentation
PrevNext

Chapter 18. HOWTO Access Samba source code via CVS

18.2. CVS Access to samba.org

The machine samba.org runs a publicly accessible CVS +repository for access to the source code of several packages, +including samba, rsync and jitterbug. There are two main ways of +accessing the CVS server on this host.

18.2.2. Access via cvs

You can also access the source code via a +normal cvs client. This gives you much more control over you can +do with the repository and allows you to checkout whole source trees +and keep them up to date via normal cvs commands. This is the +preferred method of access if you are a developer and not +just a casual browser.

To download the latest cvs source code, point your +browser at the URL : http://www.cyclic.com/. +and click on the 'How to get cvs' link. CVS is free software under +the GNU GPL (as is Samba). Note that there are several graphical CVS clients +which provide a graphical interface to the sometimes mundane CVS commands. +Links to theses clients are also available from http://www.cyclic.com.

To gain access via anonymous cvs use the following steps. +For this example it is assumed that you want a copy of the +samba source code. For the other source code repositories +on this system just substitute the correct package name

  1. Install a recent copy of cvs. All you really need is a + copy of the cvs client binary. +

  2. Run the command +

    cvs -d :pserver:cvs@samba.org:/cvsroot login +

    When it asks you for a password type cvs. +

  3. Run the command +

    cvs -d :pserver:cvs@samba.org:/cvsroot co samba +

    This will create a directory called samba containing the + latest samba source code (i.e. the HEAD tagged cvs branch). This + currently corresponds to the 3.0 development tree. +

    CVS branches other HEAD can be obtained by using the -r + and defining a tag name. A list of branch tag names can be found on the + "Development" page of the samba web site. A common request is to obtain the + latest 2.2 release code. This could be done by using the following command. +

    cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba +

  4. Whenever you want to merge in the latest code changes use + the following command from within the samba directory: +

    cvs update -d -P +

PrevHomeNext
Samba and other CIFS clients Reporting Bugs
\ No newline at end of file diff --git a/docs/htmldocs/diagnosis.html b/docs/htmldocs/diagnosis.html new file mode 100644 index 0000000000..e44474250d --- /dev/null +++ b/docs/htmldocs/diagnosis.html @@ -0,0 +1,624 @@ + +Diagnosing your samba server
SAMBA Project Documentation
PrevNext

Chapter 2. Diagnosing your samba server

2.2. Assumptions

In all of the tests I assume you have a Samba server called BIGSERVER +and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the +PC is running windows for workgroups with a recent copy of the +microsoft tcp/ip stack. Alternatively, your PC may be running Windows +95 or Windows NT (Workstation or Server).

The procedure is similar for other types of clients.

I also assume you know the name of an available share in your +smb.conf. I will assume this share is called "tmp". You can add a +"tmp" share like by adding the following to smb.conf:


[tmp]
+ comment = temporary files 
+ path = /tmp
+ read only = yes

THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME +COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS

Please pay attention to the error messages you receive. If any error message +reports that your server is being unfriendly you should first check that you +IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +file points to name servers that really do exist.

Also, if you do not have DNS server access for name resolution please check +that the settings for your smb.conf file results in "dns proxy = no". The +best way to check this is with "testparm smb.conf"

2.3. Tests

2.3.3. Test 3

Run the command "smbclient -L BIGSERVER" on the unix box. You +should get a list of available shares back.

If you get a error message containing the string "Bad password" then +you probably have either an incorrect "hosts allow", "hosts deny" or +"valid users" line in your smb.conf, or your guest account is not +valid. Check what your guest account is using "testparm" and +temporarily remove any "hosts allow", "hosts deny", "valid users" or +"invalid users" lines.

If you get a "connection refused" response then the smbd server may +not be running. If you installed it in inetd.conf then you probably edited +that file incorrectly. If you installed it as a daemon then check that +it is running, and check that the netbios-ssn port is in a LISTEN +state using "netstat -a".

If you get a "session request failed" then the server refused the +connection. If it says "Your server software is being unfriendly" then +its probably because you have invalid command line parameters to smbd, +or a similar fatal problem with the initial startup of smbd. Also +check your config file (smb.conf) for syntax errors with "testparm" +and that the various directories where samba keeps its log and lock +files exist.

There are a number of reasons for which smbd may refuse or decline +a session request. The most common of these involve one or more of +the following smb.conf file entries:

	hosts deny = ALL
+	hosts allow = xxx.xxx.xxx.xxx/yy
+	bind interfaces only = Yes

In the above, no allowance has been made for any session requests that +will automatically translate to the loopback adaptor address 127.0.0.1. +To solve this problem change these lines to:

	hosts deny = ALL
+	hosts allow = xxx.xxx.xxx.xxx/yy 127.

Do NOT use the "bind interfaces only" parameter where you may wish to +use the samba password change facility, or where smbclient may need to +access local service for name resolution or for local resource +connections. (Note: the "bind interfaces only" parameter deficiency +where it will not allow connections to the loopback address will be +fixed soon).

Another common cause of these two errors is having something already running +on port 139, such as Samba (ie: smbd is running from inetd already) or +something like Digital's Pathworks. Check your inetd.conf file before trying +to start smbd as a daemon, it can avoid a lot of frustration!

And yet another possible cause for failure of TEST 3 is when the subnet mask +and / or broadcast address settings are incorrect. Please check that the +network interface IP Address / Broadcast Address / Subnet Mask settings are +correct and that Samba has correctly noted these in the log.nmb file.

2.3.6. Test 6

Run the command nmblookup -d 2 '*'

This time we are trying the same as the previous test but are trying +it via a broadcast to the default broadcast address. A number of +Netbios/TCPIP hosts on the network should respond, although Samba may +not catch all of the responses in the short time it listens. You +should see "got a positive name query response" messages from several +hosts.

If this doesn't give a similar result to the previous test then +nmblookup isn't correctly getting your broadcast address through its +automatic mechanism. In this case you should experiment use the +"interfaces" option in smb.conf to manually configure your IP +address, broadcast and netmask.

If your PC and server aren't on the same subnet then you will need to +use the -B option to set the broadcast address to the that of the PCs +subnet.

This test will probably fail if your subnet mask and broadcast address are +not correct. (Refer to TEST 3 notes above).

2.3.7. Test 7

Run the command smbclient //BIGSERVER/TMP. You should +then be prompted for a password. You should use the password of the account +you are logged into the unix box with. If you want to test with +another account then add the -U >accountname< option to the end of +the command line. eg: +smbclient //bigserver/tmp -Ujohndoe

Note: It is possible to specify the password along with the username +as follows: +smbclient //bigserver/tmp -Ujohndoe%secret

Once you enter the password you should get the "smb>" prompt. If you +don't then look at the error message. If it says "invalid network +name" then the service "tmp" is not correctly setup in your smb.conf.

If it says "bad password" then the likely causes are:

  1. you have shadow passords (or some other password system) but didn't + compile in support for them in smbd +

  2. your "valid users" configuration is incorrect +

  3. you have a mixed case password and you haven't enabled the "password + level" option at a high enough level +

  4. the "path =" line in smb.conf is incorrect. Check it with testparm +

  5. you enabled password encryption but didn't create the SMB encrypted + password file +

Once connected you should be able to use the commands +dir get put etc. +Type help >command< for instructions. You should +especially check that the amount of free disk space shown is correct +when you type dir.

2.3.8. Test 8

On the PC type the command net view \\BIGSERVER. You will +need to do this from within a "dos prompt" window. You should get back a +list of available shares on the server.

If you get a "network name not found" or similar error then netbios +name resolution is not working. This is usually caused by a problem in +nmbd. To overcome it you could do one of the following (you only need +to choose one of them):

  1. fixup the nmbd installation

  2. add the IP address of BIGSERVER to the "wins server" box in the + advanced tcp/ip setup on the PC.

  3. enable windows name resolution via DNS in the advanced section of + the tcp/ip setup

  4. add BIGSERVER to your lmhosts file on the PC.

If you get a "invalid network name" or "bad password error" then the +same fixes apply as they did for the "smbclient -L" test above. In +particular, make sure your "hosts allow" line is correct (see the man +pages)

Also, do not overlook that fact that when the workstation requests the +connection to the samba server it will attempt to connect using the +name with which you logged onto your Windows machine. You need to make +sure that an account exists on your Samba server with that exact same +name and password.

If you get "specified computer is not receiving requests" or similar +it probably means that the host is not contactable via tcp services. +Check to see if the host is running tcp wrappers, and if so add an entry in +the hosts.allow file for your client (or subnet, etc.)

2.4. Still having troubles?

Try the mailing list or newsgroup, or use the ethereal utility to +sniff the problem. The official samba mailing list can be reached at +samba@samba.org. To find +out more about samba and how to subscribe to the mailing list check +out the samba web page at +http://samba.org/samba

Also look at the other docs in the Samba package!

PrevHomeNext
How to Install and Test SAMBA Integrating MS Windows networks with Samba
\ No newline at end of file diff --git a/docs/htmldocs/domain-security.html b/docs/htmldocs/domain-security.html new file mode 100644 index 0000000000..653bbed47e --- /dev/null +++ b/docs/htmldocs/domain-security.html @@ -0,0 +1,475 @@ + +security = domain in Samba 2.x
SAMBA Project Documentation
PrevNext

Chapter 10. security = domain in Samba 2.x

10.1. Joining an NT Domain with Samba 2.2

Assume you have a Samba 2.x server with a NetBIOS name of + SERV1 and are joining an NT domain called + DOM, which has a PDC with a NetBIOS name + of DOMPDC and two backup domain controllers + with NetBIOS names DOMBDC1 and DOMBDC2 + .

In order to join the domain, first stop all Samba daemons + and run the command:

root# smbpasswd -j DOM -r DOMPDC + -UAdministrator%password

as we are joining the domain DOM and the PDC for that domain + (the only machine that has write access to the domain SAM database) + is DOMPDC. The Administrator%password is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:

smbpasswd: Joined domain DOM. +

in your terminal window. See the smbpasswd(8) man page for more details.

There is existing development code to join a domain + without having to create the machine trust account on the PDC + beforehand. This code will hopefully be available soon + in release branches as well.

This command goes through the machine account password + change protocol, then writes the new (random) machine account + password for this Samba server into a file in the same directory + in which an smbpasswd file would be stored - normally :

/usr/local/samba/private

In Samba 2.0.x, the filename looks like this:

<NT DOMAIN NAME>.<Samba + Server Name>.mac

The .mac suffix stands for machine account + password file. So in our example above, the file would be called:

DOM.SERV1.mac

In Samba 2.2, this file has been replaced with a TDB + (Trivial Database) file named secrets.tdb. +

This file is created and owned by root and is not + readable by any other user. It is the key to the domain-level + security for your system, and should be treated as carefully + as a shadow password file.

Now, before restarting the Samba daemons you must + edit your smb.conf(5) + file to tell Samba it should now use domain security.

Change (or add) your security = line in the [global] section + of your smb.conf to read:

security = domain

Next change the workgroup = line in the [global] section to read:

workgroup = DOM

as this is the name of the domain we are joining.

You must also have the parameter encrypt passwords set to yes + in order for your users to authenticate to the NT PDC.

Finally, add (or modify) a password server = line in the [global] + section to read:

password server = DOMPDC DOMBDC1 DOMBDC2

These are the primary and backup domain controllers Samba + will attempt to contact in order to authenticate users. Samba will + try to contact each of these servers in order, so you may want to + rearrange this list in order to spread out the authentication load + among domain controllers.

Alternatively, if you want smbd to automatically determine + the list of Domain controllers to use for authentication, you may + set this line to be :

password server = *

This method, which was introduced in Samba 2.0.6, + allows Samba to use exactly the same mechanism that NT does. This + method either broadcasts or uses a WINS database in order to + find domain controllers to authenticate against.

Finally, restart your Samba daemons and get ready for + clients to begin using domain security!

10.2. Samba and Windows 2000 Domains

Many people have asked regarding the state of Samba's ability to participate in +a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows +2000 domain operating in mixed or native mode.

There is much confusion between the circumstances that require a "mixed" mode +Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode +Win2k domain controller is only needed if Windows NT BDCs must exist in the same +domain. By default, a Win2k DC in "native" mode will still support +NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and +NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server.

The steps for adding a Samba 2.2 host to a Win2k domain are the same as those +for adding a Samba server to a Windows NT 4.0 domain. The only exception is that +the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and +Computers" MMC (Microsoft Management Console) plugin.

10.3. Why is this better than security = server?

Currently, domain security in Samba doesn't free you from + having to create local Unix users to represent the users attaching + to your server. This means that if domain user DOM\fred + attaches to your domain security Samba server, there needs + to be a local Unix user fred to represent that user in the Unix + filesystem. This is very similar to the older Samba security mode + security = server, + where Samba would pass through the authentication request to a Windows + NT server in the same way as a Windows 95 or Windows 98 server would. +

Please refer to the Winbind + paper for information on a system to automatically + assign UNIX uids and gids to Windows NT Domain users and groups. + This code is available in development branches only at the moment, + but will be moved to release branches soon.

The advantage to domain-level security is that the + authentication in domain-level security is passed down the authenticated + RPC channel in exactly the same way that an NT server would do it. This + means Samba servers now participate in domain trust relationships in + exactly the same way NT servers do (i.e., you can add Samba servers into + a resource domain and have the authentication passed on from a resource + domain PDC to an account domain PDC.

In addition, with security = server every Samba + daemon on a server has to keep a connection open to the + authenticating server for as long as that daemon lasts. This can drain + the connection resources on a Microsoft NT server and cause it to run + out of available connections. With security = domain, + however, the Samba daemons connect to the PDC/BDC only for as long + as is necessary to authenticate the user, and then drop the connection, + thus conserving PDC connection resources.

And finally, acting in the same manner as an NT server + authenticating to a PDC means that as part of the authentication + reply, the Samba server gets the user identification information such + as the user SID, the list of NT groups the user belongs to, etc. All + this information will allow Samba to be extended in the future into + a mode the developers currently call appliance mode. In this mode, + no local Unix users will be necessary, and Samba will generate Unix + uids and gids from the information passed back from the PDC when a + user is authenticated, making a Samba server truly plug and play + in an NT domain environment. Watch for this code soon.

NOTE: Much of the text of this document + was first published in the Web magazine + LinuxWorld as the article Doing + the NIS/NT Samba.

PrevHomeNext
Security levels Unified Logons between Windows NT and UNIX using Winbind
\ No newline at end of file diff --git a/docs/htmldocs/groupmapping.html b/docs/htmldocs/groupmapping.html new file mode 100644 index 0000000000..ebca750bd1 --- /dev/null +++ b/docs/htmldocs/groupmapping.html @@ -0,0 +1,228 @@ + +Group mapping HOWTO
SAMBA Project Documentation
PrevNext

Chapter 20. Group mapping HOWTO

+Starting with Samba 3.0 alpha 2, a new group mapping function is available. The +current method (likely to change) to manage the groups is a new command called +smbgroupedit.

The first immediate reason to use the group mapping on a PDC, is that +the domain admin group of smb.conf is +now gone. This parameter was used to give the listed users local admin rights +on their workstations. It was some magic stuff that simply worked but didn't +scale very well for complex setups.

Let me explain how it works on NT/W2K, to have this magic fade away. +When installing NT/W2K on a computer, the installer program creates some users +and groups. Notably the 'Administrators' group, and gives to that group some +privileges like the ability to change the date and time or to kill any process +(or close too) running on the local machine. The 'Administrator' user is a +member of the 'Administrators' group, and thus 'inherit' the 'Administrators' +group privileges. If a 'joe' user is created and become a member of the +'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.

When a NT/W2K machine is joined to a domain, during that phase, the "Domain +Administrators' group of the PDC is added to the 'Administrators' group of the +workstation. Every members of the 'Domain Administrators' group 'inherit' the +rights of the 'Administrators' group when logging on the workstation.

You are now wondering how to make some of your samba PDC users members of the +'Domain Administrators' ? That's really easy.

  1. create a unix group (usually in /etc/group), let's call it domadm

  2. add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in /etc/group will look like:

    domadm:x:502:joe,john,mary

  3. Map this domadm group to the domain admins group by running the command:

    smbgroupedit -c "Domain Admins" -u domadm

You're set, joe, john and mary are domain administrators !

Like the Domain Admins group, you can map any arbitrary Unix group to any NT +group. You can also make any Unix group a domain group. For example, on a domain +member machine (an NT/W2K or a samba server running winbind), you would like to +give access to a certain directory to some users who are member of a group on +your samba PDC. Flag that group as a domain group by running:

smbgroupedit -a unixgroup -td

You can list the various groups in the mapping database like this

smbgroupedit -v

PrevHomeNext
Reporting Bugs Portability
\ No newline at end of file diff --git a/docs/htmldocs/improved-browsing.html b/docs/htmldocs/improved-browsing.html new file mode 100644 index 0000000000..4a483ecdc1 --- /dev/null +++ b/docs/htmldocs/improved-browsing.html @@ -0,0 +1,823 @@ + +Improved browsing in samba
SAMBA Project Documentation
PrevNext

Chapter 15. Improved browsing in samba

15.1. Overview of browsing

SMB networking provides a mechanism by which clients can access a list +of machines in a network, a so-called "browse list". This list +contains machines that are ready to offer file and/or print services +to other machines within the network. Thus it does not include +machines which aren't currently able to do server tasks. The browse +list is heavily used by all SMB clients. Configuration of SMB +browsing has been problematic for some Samba users, hence this +document.

Browsing will NOT work if name resolution from NetBIOS names to IP +addresses does not function correctly. Use of a WINS server is highly +recommended to aid the resolution of NetBIOS (SMB) names to IP addresses. +WINS allows remote segment clients to obtain NetBIOS name_type information +that can NOT be provided by any other means of name resolution.

15.2. Browsing support in samba

Samba now fully supports browsing. The browsing is supported by nmbd +and is also controlled by options in the smb.conf file (see smb.conf(5)).

Samba can act as a local browse master for a workgroup and the ability +for samba to support domain logons and scripts is now available. See +DOMAIN.txt for more information on domain logons.

Samba can also act as a domain master browser for a workgroup. This +means that it will collate lists from local browse masters into a +wide area network server list. In order for browse clients to +resolve the names they may find in this list, it is recommended that +both samba and your clients use a WINS server.

Note that you should NOT set Samba to be the domain master for a +workgroup that has the same name as an NT Domain: on each wide area +network, you must only ever have one domain master browser per workgroup, +regardless of whether it is NT, Samba or any other type of domain master +that is providing this service.

[Note that nmbd can be configured as a WINS server, but it is not +necessary to specifically use samba as your WINS server. NTAS can +be configured as your WINS server. In a mixed NT server and +samba environment on a Wide Area Network, it is recommended that +you use the NT server's WINS server capabilities. In a samba-only +environment, it is recommended that you use one and only one nmbd +as your WINS server].

To get browsing to work you need to run nmbd as usual, but will need +to use the "workgroup" option in smb.conf to control what workgroup +Samba becomes a part of.

Samba also has a useful option for a Samba server to offer itself for +browsing on another subnet. It is recommended that this option is only +used for 'unusual' purposes: announcements over the internet, for +example. See "remote announce" in the smb.conf man page.

15.3. Problem resolution

If something doesn't work then hopefully the log.nmb file will help +you track down the problem. Try a debug level of 2 or 3 for finding +problems. Also note that the current browse list usually gets stored +in text form in a file called browse.dat.

Note that if it doesn't work for you, then you should still be able to +type the server name as \\SERVER in filemanager then hit enter and +filemanager should display the list of available shares.

Some people find browsing fails because they don't have the global +"guest account" set to a valid account. Remember that the IPC$ +connection that lists the shares is done as guest, and thus you must +have a valid guest account.

Also, a lot of people are getting bitten by the problem of too many +parameters on the command line of nmbd in inetd.conf. This trick is to +not use spaces between the option and the parameter (eg: -d2 instead +of -d 2), and to not use the -B and -N options. New versions of nmbd +are now far more likely to correctly find your broadcast and network +address, so in most cases these aren't needed.

The other big problem people have is that their broadcast address, +netmask or IP address is wrong (specified with the "interfaces" option +in smb.conf)

15.4. Browsing across subnets

With the release of Samba 1.9.17(alpha1 and above) Samba has been +updated to enable it to support the replication of browse lists +across subnet boundaries. New code and options have been added to +achieve this. This section describes how to set this feature up +in different settings.

To see browse lists that span TCP/IP subnets (ie. networks separated +by routers that don't pass broadcast traffic) you must set up at least +one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing +NetBIOS name to IP address translation to be done by doing a direct +query of the WINS server. This is done via a directed UDP packet on +port 137 to the WINS server machine. The reason for a WINS server is +that by default, all NetBIOS name to IP address translation is done +by broadcasts from the querying machine. This means that machines +on one subnet will not be able to resolve the names of machines on +another subnet without using a WINS server.

Remember, for browsing across subnets to work correctly, all machines, +be they Windows 95, Windows NT, or Samba servers must have the IP address +of a WINS server given to them by a DHCP server, or by manual configuration +(for Win95 and WinNT, this is in the TCP/IP Properties, under Network +settings) for Samba this is in the smb.conf file.

15.4.1. How does cross subnet browsing work ?

Cross subnet browsing is a complicated dance, containing multiple +moving parts. It has taken Microsoft several years to get the code +that achieves this correct, and Samba lags behind in some areas. +However, with the 1.9.17 release, Samba is capable of cross subnet +browsing when configured correctly.

Consider a network set up as follows :

                                   (DMB)
+             N1_A      N1_B        N1_C       N1_D        N1_E
+              |          |           |          |           |
+          -------------------------------------------------------
+            |          subnet 1                       |
+          +---+                                      +---+
+          |R1 | Router 1                  Router 2   |R2 |
+          +---+                                      +---+
+            |                                          |
+            |  subnet 2              subnet 3          |
+  --------------------------       ------------------------------------
+  |     |     |      |               |        |         |           |
+ N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
+                    (WINS)

Consisting of 3 subnets (1, 2, 3) connected by two routers +(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines +on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume +for the moment that all these machines are configured to be in the +same workgroup (for simplicities sake). Machine N1_C on subnet 1 +is configured as Domain Master Browser (ie. it will collate the +browse lists for the workgroup). Machine N2_D is configured as +WINS server and all the other machines are configured to register +their NetBIOS names with it.

As all these machines are booted up, elections for master browsers +will take place on each of the three subnets. Assume that machine +N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on +subnet 3 - these machines are known as local master browsers for +their particular subnet. N1_C has an advantage in winning as the +local master browser on subnet 1 as it is set up as Domain Master +Browser.

On each of the three networks, machines that are configured to +offer sharing services will broadcast that they are offering +these services. The local master browser on each subnet will +receive these broadcasts and keep a record of the fact that +the machine is offering a service. This list of records is +the basis of the browse list. For this case, assume that +all the machines are configured to offer services so all machines +will be on the browse list.

For each network, the local master browser on that network is +considered 'authoritative' for all the names it receives via +local broadcast. This is because a machine seen by the local +master browser via a local broadcast must be on the same +network as the local master browser and thus is a 'trusted' +and 'verifiable' resource. Machines on other networks that +the local master browsers learn about when collating their +browse lists have not been directly seen - these records are +called 'non-authoritative'.

At this point the browse lists look as follows (these are +the machines you would see in your network neighborhood if +you looked in it on a particular network right now).

Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D

Note that at this point all the subnets are separate, no +machine is seen across any of the subnets.

Now examine subnet 2. As soon as N2_B has become the local +master browser it looks for a Domain master browser to synchronize +its browse list with. It does this by querying the WINS server +(N2_D) for the IP address associated with the NetBIOS name +WORKGROUP>1B<. This name was registerd by the Domain master +browser (N1_C) with the WINS server as soon as it was booted.

Once N2_B knows the address of the Domain master browser it +tells it that is the local master browser for subnet 2 by +sending a MasterAnnouncement packet as a UDP port 138 packet. +It then synchronizes with it by doing a NetServerEnum2 call. This +tells the Domain Master Browser to send it all the server +names it knows about. Once the domain master browser receives +the MasterAnnouncement packet it schedules a synchronization +request to the sender of that packet. After both synchronizations +are done the browse lists look like :

Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+
+Servers with a (*) after them are non-authoritative names.

At this point users looking in their network neighborhood on +subnets 1 or 2 will see all the servers on both, users on +subnet 3 will still only see the servers on their own subnet.

The same sequence of events that occured for N2_B now occurs +for the local master browser on subnet 3 (N3_D). When it +synchronizes browse lists with the domain master browser (N1_A) +it gets both the server entries on subnet 1, and those on +subnet 2. After N3_D has synchronized with N1_C and vica-versa +the browse lists look like.

Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+
+Servers with a (*) after them are non-authoritative names.

At this point users looking in their network neighborhood on +subnets 1 or 3 will see all the servers on all sunbets, users on +subnet 2 will still only see the servers on subnets 1 and 2, but not 3.

Finally, the local master browser for subnet 2 (N2_B) will sync again +with the domain master browser (N1_C) and will recieve the missing +server entries. Finally - and as a steady state (if no machines +are removed or shut off) the browse lists will look like :

Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+	
+Servers with a (*) after them are non-authoritative names.

Synchronizations between the domain master browser and local +master browsers will continue to occur, but this should be a +steady state situation.

If either router R1 or R2 fails the following will occur:

  1. Names of computers on each side of the inaccessible network fragments + will be maintained for as long as 36 minutes, in the network neighbourhood + lists. +

  2. Attempts to connect to these inaccessible computers will fail, but the + names will not be removed from the network neighbourhood lists. +

  3. If one of the fragments is cut off from the WINS server, it will only + be able to access servers on its local subnet, by using subnet-isolated + broadcast NetBIOS name resolution. The effects are similar to that of + losing access to a DNS server. +

15.5. Setting up a WINS server

Either a Samba machine or a Windows NT Server machine may be set up +as a WINS server. To set a Samba machine to be a WINS server you must +add the following option to the smb.conf file on the selected machine : +in the [globals] section add the line

wins support = yes

Versions of Samba previous to 1.9.17 had this parameter default to +yes. If you have any older versions of Samba on your network it is +strongly suggested you upgrade to 1.9.17 or above, or at the very +least set the parameter to 'no' on all these machines.

Machines with "wins support = yes" will keep a list of +all NetBIOS names registered with them, acting as a DNS for NetBIOS names.

You should set up only ONE wins server. Do NOT set the +"wins support = yes" option on more than one Samba +server.

To set up a Windows NT Server as a WINS server you need to set up +the WINS service - see your NT documentation for details. Note that +Windows NT WINS Servers can replicate to each other, allowing more +than one to be set up in a complex subnet environment. As Microsoft +refuse to document these replication protocols Samba cannot currently +participate in these replications. It is possible in the future that +a Samba->Samba WINS replication protocol may be defined, in which +case more than one Samba machine could be set up as a WINS server +but currently only one Samba server should have the "wins support = yes" +parameter set.

After the WINS server has been configured you must ensure that all +machines participating on the network are configured with the address +of this WINS server. If your WINS server is a Samba machine, fill in +the Samba machine IP address in the "Primary WINS Server" field of +the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs +in Windows 95 or Windows NT. To tell a Samba server the IP address +of the WINS server add the following line to the [global] section of +all smb.conf files :

wins server = >name or IP address<

where >name or IP address< is either the DNS name of the WINS server +machine or its IP address.

Note that this line MUST NOT BE SET in the smb.conf file of the Samba +server acting as the WINS server itself. If you set both the +"wins support = yes" option and the +"wins server = >name<" option then +nmbd will fail to start.

There are two possible scenarios for setting up cross subnet browsing. +The first details setting up cross subnet browsing on a network containing +Windows 95, Samba and Windows NT machines that are not configured as +part of a Windows NT Domain. The second details setting up cross subnet +browsing on networks that contain NT Domains.

15.6. Setting up Browsing in a WORKGROUP

To set up cross subnet browsing on a network containing machines +in up to be in a WORKGROUP, not an NT Domain you need to set up one +Samba server to be the Domain Master Browser (note that this is *NOT* +the same as a Primary Domain Controller, although in an NT Domain the +same machine plays both roles). The role of a Domain master browser is +to collate the browse lists from local master browsers on all the +subnets that have a machine participating in the workgroup. Without +one machine configured as a domain master browser each subnet would +be an isolated workgroup, unable to see any machines on any other +subnet. It is the presense of a domain master browser that makes +cross subnet browsing possible for a workgroup.

In an WORKGROUP environment the domain master browser must be a +Samba server, and there must only be one domain master browser per +workgroup name. To set up a Samba server as a domain master browser, +set the following option in the [global] section of the smb.conf file :

domain master = yes

The domain master browser should also preferrably be the local master +browser for its own subnet. In order to achieve this set the following +options in the [global] section of the smb.conf file :

        domain master = yes
+        local master = yes
+        preferred master = yes
+        os level = 65

The domain master browser may be the same machine as the WINS +server, if you require.

Next, you should ensure that each of the subnets contains a +machine that can act as a local master browser for the +workgroup. Any NT machine should be able to do this, as will +Windows 95 machines (although these tend to get rebooted more +often, so it's not such a good idea to use these). To make a +Samba server a local master browser set the following +options in the [global] section of the smb.conf file :

        domain master = no
+        local master = yes
+        preferred master = yes
+        os level = 65

Do not do this for more than one Samba server on each subnet, +or they will war with each other over which is to be the local +master browser.

The "local master" parameter allows Samba to act as a local master +browser. The "preferred master" causes nmbd to force a browser +election on startup and the "os level" parameter sets Samba high +enough so that it should win any browser elections.

If you have an NT machine on the subnet that you wish to +be the local master browser then you can disable Samba from +becoming a local master browser by setting the following +options in the [global] section of the smb.conf file :

        domain master = no
+        local master = no
+        preferred master = no
+        os level = 0

15.7. Setting up Browsing in a DOMAIN

If you are adding Samba servers to a Windows NT Domain then +you must not set up a Samba server as a domain master browser. +By default, a Windows NT Primary Domain Controller for a Domain +name is also the Domain master browser for that name, and many +things will break if a Samba server registers the Domain master +browser NetBIOS name (DOMAIN>1B<) with WINS instead of the PDC.

For subnets other than the one containing the Windows NT PDC +you may set up Samba servers as local master browsers as +described. To make a Samba server a local master browser set +the following options in the [global] section of the smb.conf +file :

        domain master = no
+        local master = yes
+        preferred master = yes
+        os level = 65

If you wish to have a Samba server fight the election with machines +on the same subnet you may set the "os level" parameter to lower +levels. By doing this you can tune the order of machines that +will become local master browsers if they are running. For +more details on this see the section "FORCING SAMBA TO BE THE MASTER" +below.

If you have Windows NT machines that are members of the domain +on all subnets, and you are sure they will always be running then +you can disable Samba from taking part in browser elections and +ever becoming a local master browser by setting following options +in the [global] section of the smb.conf file :

domain master = no + local master = no + preferred master = no + os level = 0

15.8. Forcing samba to be the master

Who becomes the "master browser" is determined by an election process +using broadcasts. Each election packet contains a number of parameters +which determine what precedence (bias) a host should have in the +election. By default Samba uses a very low precedence and thus loses +elections to just about anyone else.

If you want Samba to win elections then just set the "os level" global +option in smb.conf to a higher number. It defaults to 0. Using 34 +would make it win all elections over every other system (except other +samba systems!)

A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A +NTAS domain controller uses level 32.

The maximum os level is 255

If you want samba to force an election on startup, then set the +"preferred master" global option in smb.conf to "yes". Samba will +then have a slight advantage over other potential master browsers +that are not preferred master browsers. Use this parameter with +care, as if you have two hosts (whether they are windows 95 or NT or +samba) on the same local subnet both set with "preferred master" to +"yes", then periodically and continually they will force an election +in order to become the local master browser.

If you want samba to be a "domain master browser", then it is +recommended that you also set "preferred master" to "yes", because +samba will not become a domain master browser for the whole of your +LAN or WAN if it is not also a local master browser on its own +broadcast isolated subnet.

It is possible to configure two samba servers to attempt to become +the domain master browser for a domain. The first server that comes +up will be the domain master browser. All other samba servers will +attempt to become the domain master browser every 5 minutes. They +will find that another samba server is already the domain master +browser and will fail. This provides automatic redundancy, should +the current domain master browser fail.

15.9. Making samba the domain master

The domain master is responsible for collating the browse lists of +multiple subnets so that browsing can occur between subnets. You can +make samba act as the domain master by setting "domain master = yes" +in smb.conf. By default it will not be a domain master.

Note that you should NOT set Samba to be the domain master for a +workgroup that has the same name as an NT Domain.

When samba is the domain master and the master browser it will listen +for master announcements (made roughly every twelve minutes) from local +master browsers on other subnets and then contact them to synchronise +browse lists.

If you want samba to be the domain master then I suggest you also set +the "os level" high enough to make sure it wins elections, and set +"preferred master" to "yes", to get samba to force an election on +startup.

Note that all your servers (including samba) and clients should be +using a WINS server to resolve NetBIOS names. If your clients are only +using broadcasting to resolve NetBIOS names, then two things will occur:

  1. your local master browsers will be unable to find a domain master + browser, as it will only be looking on the local subnet. +

  2. if a client happens to get hold of a domain-wide browse list, and + a user attempts to access a host in that list, it will be unable to + resolve the NetBIOS name of that host. +

If, however, both samba and your clients are using a WINS server, then:

  1. your local master browsers will contact the WINS server and, as long as + samba has registered that it is a domain master browser with the WINS + server, your local master browser will receive samba's ip address + as its domain master browser. +

  2. when a client receives a domain-wide browse list, and a user attempts + to access a host in that list, it will contact the WINS server to + resolve the NetBIOS name of that host. as long as that host has + registered its NetBIOS name with the same WINS server, the user will + be able to see that host. +

PrevHomeNext
Storing Samba's User/Machine Account information in an LDAP Directory Samba performance issues
\ No newline at end of file diff --git a/docs/htmldocs/install.html b/docs/htmldocs/install.html new file mode 100644 index 0000000000..97503ad7a7 --- /dev/null +++ b/docs/htmldocs/install.html @@ -0,0 +1,872 @@ + +How to Install and Test SAMBA
SAMBA Project Documentation
PrevNext

Chapter 1. How to Install and Test SAMBA

1.2. Step 1: Building the Binaries

To do this, first run the program ./configure + in the source directory. This should automatically + configure Samba for your operating system. If you have unusual + needs then you may wish to run

root# ./configure --help +

first to see what special options you can enable. + Then executing

root# make

will create the binaries. Once it's successfully + compiled you can use

root# make install

to install the binaries and manual pages. You can + separately install the binaries and/or man pages using

root# make installbin +

and

root# make installman +

Note that if you are upgrading for a previous version + of Samba you might like to know that the old versions of + the binaries will be renamed with a ".old" extension. You + can go back to the previous version with

root# make revert +

if you find this version a disaster!

1.4. Step 3: Create the smb configuration file.

There are sample configuration files in the examples + subdirectory in the distribution. I suggest you read them + carefully so you can see how the options go together in + practice. See the man page for all the options.

The simplest useful configuration file would be + something like this:

	[global]
+	   workgroup = MYGROUP
+
+	   [homes]
+	      guest ok = no
+	      read only = no
+

which would allow connections by anyone with an + account on the server, using either their login name or + "homes" as the service name. (Note that I also set the + workgroup that Samba is part of. See BROWSING.txt for details)

Note that make install will not install + a smb.conf file. You need to create it + yourself.

Make sure you put the smb.conf file in the same place + you specified in theMakefile (the default is to + look for it in /usr/local/samba/lib/).

For more information about security settings for the + [homes] share please refer to the document UNIX_SECURITY.txt.

1.6. Step 5: Starting the smbd and nmbd

You must choose to start smbd and nmbd either + as daemons or from inetd. Don't try + to do both! Either you can put them in inetd.conf and have them started on demand + by inetd, or you can start them as + daemons either from the command line or in /etc/rc.local. See the man pages for details + on the command line options. Take particular care to read + the bit about what user you need to be in order to start + Samba. In many cases you must be root.

The main advantage of starting smbd + and nmbd using the recommended daemon method + is that they will respond slightly more quickly to an initial connection + request.

1.6.1. Step 5a: Starting from inetd.conf

NOTE; The following will be different if + you use NIS or NIS+ to distributed services maps.

Look at your /etc/services. + What is defined at port 139/tcp. If nothing is defined + then add a line like this:

netbios-ssn 139/tcp

similarly for 137/udp you should have an entry like:

netbios-ns 137/udp

Next edit your /etc/inetd.conf + and add two lines something like this:

		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
+		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
+

The exact syntax of /etc/inetd.conf + varies between unixes. Look at the other entries in inetd.conf + for a guide.

NOTE: Some unixes already have entries like netbios_ns + (note the underscore) in /etc/services. + You must either edit /etc/services or + /etc/inetd.conf to make them consistent.

NOTE: On many systems you may need to use the + "interfaces" option in smb.conf to specify the IP address + and netmask of your interfaces. Run ifconfig + as root if you don't know what the broadcast is for your + net. nmbd tries to determine it at run + time, but fails on some unixes. See the section on "testing nmbd" + for a method of finding if you need to do this.

!!!WARNING!!! Many unixes only accept around 5 + parameters on the command line in inetd.conf. + This means you shouldn't use spaces between the options and + arguments, or you should use a script, and start the script + from inetd.

Restart inetd, perhaps just send + it a HUP. If you have installed an earlier version of nmbd then you may need to kill nmbd as well.

1.10. What If Things Don't Work?

If nothing works and you start to think "who wrote + this pile of trash" then I suggest you do step 2 again (and + again) till you calm down.

Then you might read the file DIAGNOSIS.txt and the + FAQ. If you are still stuck then try the mailing list or + newsgroup (look in the README for details). Samba has been + successfully installed at thousands of sites worldwide, so maybe + someone else has hit your problem and has overcome it. You could + also use the WWW site to scan back issues of the samba-digest.

When you fix the problem PLEASE send me some updates to the + documentation (or source code) so that the next person will find it + easier.

1.10.3. Choosing the Protocol Level

The SMB protocol has many dialects. Currently + Samba supports 5, called CORE, COREPLUS, LANMAN1, + LANMAN2 and NT1.

You can choose what maximum protocol to support + in the smb.conf file. The default is + NT1 and that is the best for the vast majority of sites.

In older versions of Samba you may have found it + necessary to use COREPLUS. The limitations that led to + this have mostly been fixed. It is now less likely that you + will want to use less than LANMAN1. The only remaining advantage + of COREPLUS is that for some obscure reason WfWg preserves + the case of passwords in this protocol, whereas under LANMAN1, + LANMAN2 or NT1 it uppercases all passwords before sending them, + forcing you to use the "password level=" option in some cases.

The main advantage of LANMAN2 and NT1 is support for + long filenames with some clients (eg: smbclient, Windows NT + or Win95).

See the smb.conf(5) manual page for more details.

Note: To support print queue reporting you may find + that you have to use TCP/IP as the default protocol under + WfWg. For some reason if you leave Netbeui as the default + it may break the print queue reporting on some systems. + It is presumably a WfWg bug.

1.10.5. Locking

One area which sometimes causes trouble is locking.

There are two types of locking which need to be + performed by a SMB server. The first is "record locking" + which allows a client to lock a range of bytes in a open file. + The second is the "deny modes" that are specified when a file + is open.

Record locking semantics under Unix is very + different from record locking under Windows. Versions + of Samba before 2.2 have tried to use the native + fcntl() unix system call to implement proper record + locking between different Samba clients. This can not + be fully correct due to several reasons. The simplest + is the fact that a Windows client is allowed to lock a + byte range up to 2^32 or 2^64, depending on the client + OS. The unix locking only supports byte ranges up to + 2^31. So it is not possible to correctly satisfy a + lock request above 2^31. There are many more + differences, too many to be listed here.

Samba 2.2 and above implements record locking + completely independent of the underlying unix + system. If a byte range lock that the client requests + happens to fall into the range 0-2^31, Samba hands + this request down to the Unix system. All other locks + can not be seen by unix anyway.

Strictly a SMB server should check for locks before + every read and write call on a file. Unfortunately with the + way fcntl() works this can be slow and may overstress the + rpc.lockd. It is also almost always unnecessary as clients + are supposed to independently make locking calls before reads + and writes anyway if locking is important to them. By default + Samba only makes locking calls when explicitly asked + to by a client, but if you set "strict locking = yes" then it will + make lock checking calls on every read and write.

You can also disable by range locking completely + using "locking = no". This is useful for those shares that + don't support locking or don't need it (such as cdroms). In + this case Samba fakes the return codes of locking calls to + tell clients that everything is OK.

The second class of locking is the "deny modes". These + are set by an application when it opens a file to determine + what types of access should be allowed simultaneously with + its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE + or DENY_ALL. There are also special compatibility modes called + DENY_FCB and DENY_DOS.

PrevHomeNext
SAMBA Project Documentation Diagnosing your samba server
\ No newline at end of file diff --git a/docs/htmldocs/integrate-ms-networks.html b/docs/htmldocs/integrate-ms-networks.html new file mode 100644 index 0000000000..5d2d759817 --- /dev/null +++ b/docs/htmldocs/integrate-ms-networks.html @@ -0,0 +1,1143 @@ + +Integrating MS Windows networks with Samba
SAMBA Project Documentation
PrevNext

Chapter 3. Integrating MS Windows networks with Samba

3.2. Name Resolution in a pure Unix/Linux world

The key configuration files covered in this section are:

3.2.1. /etc/hosts

Contains a static list of IP Addresses and names. +eg:

	127.0.0.1	localhost localhost.localdomain
+	192.168.1.1	bigbox.caldera.com	bigbox	alias4box

The purpose of /etc/hosts is to provide a +name resolution mechanism so that uses do not need to remember +IP addresses.

Network packets that are sent over the physical network transport +layer communicate not via IP addresses but rather using the Media +Access Control address, or MAC address. IP Addresses are currently +32 bits in length and are typically presented as four (4) decimal +numbers that are separated by a dot (or period). eg: 168.192.1.1

MAC Addresses use 48 bits (or 6 bytes) and are typically represented +as two digit hexadecimal numbers separated by colons. eg: +40:8e:0a:12:34:56

Every network interfrace must have an MAC address. Associated with +a MAC address there may be one or more IP addresses. There is NO +relationship between an IP address and a MAC address, all such assignments +are arbitary or discretionary in nature. At the most basic level all +network communications takes place using MAC addressing. Since MAC +addresses must be globally unique, and generally remains fixed for +any particular interface, the assignment of an IP address makes sense +from a network management perspective. More than one IP address can +be assigned per MAC address. One address must be the primary IP address, +this is the address that will be returned in the ARP reply.

When a user or a process wants to communicate with another machine +the protocol implementation ensures that the "machine name" or "host +name" is resolved to an IP address in a manner that is controlled +by the TCP/IP configuration control files. The file +/etc/hosts is one such file.

When the IP address of the destination interface has been +determined a protocol called ARP/RARP is used to identify +the MAC address of the target interface. ARP stands for Address +Resolution Protocol, and is a broadcast oriented method that +uses UDP (User Datagram Protocol) to send a request to all +interfaces on the local network segment using the all 1's MAC +address. Network interfaces are programmed to respond to two +MAC addresses only; their own unique address and the address +ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will +contain the MAC address and the primary IP address for each +interface.

The /etc/hosts file is foundational to all +Unix/Linux TCP/IP installations and as a minumum will contain +the localhost and local network interface IP addresses and the +primary names by which they are known within the local machine. +This file helps to prime the pump so that a basic level of name +resolution can exist before any other method of name resolution +becomes available.

3.2.4. /etc/nsswitch.conf

This file controls the actual name resolution targets. The +file typically has resolver object specifications as follows:

	# /etc/nsswitch.conf
+	#
+	# Name Service Switch configuration file.
+	#
+
+	passwd:		compat
+	# Alternative entries for password authentication are:
+	# passwd:	compat files nis ldap winbind
+	shadow:		compat
+	group:		compat
+
+	hosts:		files nis dns
+	# Alternative entries for host name resolution are:
+	# hosts:	files dns nis nis+ hesoid db compat ldap wins
+	networks:	nis files dns
+
+	ethers:		nis files
+	protocols:	nis files
+	rpc:		nis files
+	services:	nis files

Of course, each of these mechanisms requires that the appropriate +facilities and/or services are correctly configured.

It should be noted that unless a network request/message must be +sent, TCP/IP networks are silent. All TCP/IP communications assumes a +principal of speaking only when necessary.

Samba version 2.2.0 will add Linux support for extensions to +the name service switch infrastructure so that linux clients will +be able to obtain resolution of MS Windows NetBIOS names to IP +Addresses. To gain this functionality Samba needs to be compiled +with appropriate arguments to the make command (ie: make +nsswitch/libnss_wins.so). The resulting library should +then be installed in the /lib directory and +the "wins" parameter needs to be added to the "hosts:" line in +the /etc/nsswitch.conf file. At this point it +will be possible to ping any MS Windows machine by it's NetBIOS +machine name, so long as that machine is within the workgroup to +which both the samba machine and the MS Windows machine belong.

3.3. Name resolution as used within MS Windows networking

MS Windows networking is predicated about the name each machine +is given. This name is known variously (and inconsistently) as +the "computer name", "machine name", "networking name", "netbios name", +"SMB name". All terms mean the same thing with the exception of +"netbios name" which can apply also to the name of the workgroup or the +domain name. The terms "workgroup" and "domain" are really just a +simply name with which the machine is associated. All NetBIOS names +are exactly 16 characters in length. The 16th character is reserved. +It is used to store a one byte value that indicates service level +information for the NetBIOS name that is registered. A NetBIOS machine +name is therefore registered for each service type that is provided by +the client/server.

The following are typical NetBIOS name/service type registrations:

	Unique NetBIOS Names:
+		MACHINENAME<00>	= Server Service is running on MACHINENAME
+		MACHINENAME<03> = Generic Machine Name (NetBIOS name)
+		MACHINENAME<20> = LanMan Server service is running on MACHINENAME
+		WORKGROUP<1b> = Domain Master Browser
+
+	Group Names:
+		WORKGROUP<03> = Generic Name registered by all members of WORKGROUP
+		WORKGROUP<1c> = Domain Controllers / Netlogon Servers
+		WORKGROUP<1d> = Local Master Browsers
+		WORKGROUP<1e> = Internet Name Resolvers

It should be noted that all NetBIOS machines register their own +names as per the above. This is in vast contrast to TCP/IP +installations where traditionally the system administrator will +determine in the /etc/hosts or in the DNS database what names +are associated with each IP address.

One further point of clarification should be noted, the /etc/hosts +file and the DNS records do not provide the NetBIOS name type information +that MS Windows clients depend on to locate the type of service that may +be needed. An example of this is what happens when an MS Windows client +wants to locate a domain logon server. It find this service and the IP +address of a server that provides it by performing a lookup (via a +NetBIOS broadcast) for enumeration of all machines that have +registered the name type *<1c>. A logon request is then sent to each +IP address that is returned in the enumerated list of IP addresses. Which +ever machine first replies then ends up providing the logon services.

The name "workgroup" or "domain" really can be confusing since these +have the added significance of indicating what is the security +architecture of the MS Windows network. The term "workgroup" indicates +that the primary nature of the network environment is that of a +peer-to-peer design. In a WORKGROUP all machines are responsible for +their own security, and generally such security is limited to use of +just a password (known as SHARE MODE security). In most situations +with peer-to-peer networking the users who control their own machines +will simply opt to have no security at all. It is possible to have +USER MODE security in a WORKGROUP environment, thus requiring use +of a user name and a matching password.

MS Windows networking is thus predetermined to use machine names +for all local and remote machine message passing. The protocol used is +called Server Message Block (SMB) and this is implemented using +the NetBIOS protocol (Network Basic Input Output System). NetBIOS can +be encapsulated using LLC (Logical Link Control) protocol - in which case +the resulting protocol is called NetBEUI (Network Basic Extended User +Interface). NetBIOS can also be run over IPX (Internetworking Packet +Exchange) protocol as used by Novell NetWare, and it can be run +over TCP/IP protocols - in which case the resulting protocol is called +NBT or NetBT, the NetBIOS over TCP/IP.

MS Windows machines use a complex array of name resolution mechanisms. +Since we are primarily concerned with TCP/IP this demonstration is +limited to this area.

3.3.1. The NetBIOS Name Cache

All MS Windows machines employ an in memory buffer in which is +stored the NetBIOS names and IP addresses for all external +machines that that machine has communicated with over the +past 10-15 minutes. It is more efficient to obtain an IP address +for a machine from the local cache than it is to go through all the +configured name resolution mechanisms.

If a machine whose name is in the local name cache has been shut +down before the name had been expired and flushed from the cache, then +an attempt to exchange a message with that machine will be subject +to time-out delays. i.e.: Its name is in the cache, so a name resolution +lookup will succeed, but the machine can not respond. This can be +frustrating for users - but it is a characteristic of the protocol.

The MS Windows utility that allows examination of the NetBIOS +name cache is called "nbtstat". The Samba equivalent of this +is called "nmblookup".

3.3.2. The LMHOSTS file

This file is usually located in MS Windows NT 4.0 or +2000 in C:\WINNT\SYSTEM32\DRIVERS\ETC and contains +the IP Address and the machine name in matched pairs. The +LMHOSTS file performs NetBIOS name +to IP address mapping oriented.

It typically looks like:

	# Copyright (c) 1998 Microsoft Corp.
+	#
+	# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
+	# over TCP/IP) stack for Windows98
+	#
+	# This file contains the mappings of IP addresses to NT computernames
+	# (NetBIOS) names.  Each entry should be kept on an individual line.
+	# The IP address should be placed in the first column followed by the
+	# corresponding computername. The address and the comptername
+	# should be separated by at least one space or tab. The "#" character
+	# is generally used to denote the start of a comment (see the exceptions
+	# below).
+	#
+	# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
+	# files and offers the following extensions:
+	#
+	#      #PRE
+	#      #DOM:<domain>
+	#      #INCLUDE <filename>
+	#      #BEGIN_ALTERNATE
+	#      #END_ALTERNATE
+	#      \0xnn (non-printing character support)
+	#
+	# Following any entry in the file with the characters "#PRE" will cause
+	# the entry to be preloaded into the name cache. By default, entries are
+	# not preloaded, but are parsed only after dynamic name resolution fails.
+	#
+	# Following an entry with the "#DOM:<domain>" tag will associate the
+	# entry with the domain specified by <domain>. This affects how the
+	# browser and logon services behave in TCP/IP environments. To preload
+	# the host name associated with #DOM entry, it is necessary to also add a
+	# #PRE to the line. The <domain> is always preloaded although it will not
+	# be shown when the name cache is viewed.
+	#
+	# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
+	# software to seek the specified <filename> and parse it as if it were
+	# local. <filename> is generally a UNC-based name, allowing a
+	# centralized lmhosts file to be maintained on a server.
+	# It is ALWAYS necessary to provide a mapping for the IP address of the
+	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
+	# In addtion the share "public" in the example below must be in the
+	# LanManServer list of "NullSessionShares" in order for client machines to
+	# be able to read the lmhosts file successfully. This key is under
+	# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
+	# in the registry. Simply add "public" to the list found there.
+	#
+	# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
+	# statements to be grouped together. Any single successful include
+	# will cause the group to succeed.
+	#
+	# Finally, non-printing characters can be embedded in mappings by
+	# first surrounding the NetBIOS name in quotations, then using the
+	# \0xnn notation to specify a hex value for a non-printing character.
+	#
+	# The following example illustrates all of these extensions:
+	#
+	# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
+	# 102.54.94.102    "appname  \0x14"                    #special app server
+	# 102.54.94.123    popular            #PRE             #source server
+	# 102.54.94.117    localsrv           #PRE             #needed for the include
+	#
+	# #BEGIN_ALTERNATE
+	# #INCLUDE \\localsrv\public\lmhosts
+	# #INCLUDE \\rhino\public\lmhosts
+	# #END_ALTERNATE
+	#
+	# In the above example, the "appname" server contains a special
+	# character in its name, the "popular" and "localsrv" server names are
+	# preloaded, and the "rhino" server name is specified so it can be used
+	# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
+	# system is unavailable.
+	#
+	# Note that the whole file is parsed including comments on each lookup,
+	# so keeping the number of comments to a minimum will improve performance.
+	# Therefore it is not advisable to simply add lmhosts file entries onto the
+	# end of this file.

3.4. How browsing functions and how to deploy stable and +dependable browsing using Samba

As stated above, MS Windows machines register their NetBIOS names +(i.e.: the machine name for each service type in operation) on start +up. Also, as stated above, the exact method by which this name registration +takes place is determined by whether or not the MS Windows client/server +has been given a WINS server address, whether or not LMHOSTS lookup +is enabled, or if DNS for NetBIOS name resolution is enabled, etc.

In the case where there is no WINS server all name registrations as +well as name lookups are done by UDP broadcast. This isolates name +resolution to the local subnet, unless LMHOSTS is used to list all +names and IP addresses. In such situations Samba provides a means by +which the samba server name may be forcibly injected into the browse +list of a remote MS Windows network (using the "remote announce" parameter).

Where a WINS server is used, the MS Windows client will use UDP +unicast to register with the WINS server. Such packets can be routed +and thus WINS allows name resolution to function across routed networks.

During the startup process an election will take place to create a +local master browser if one does not already exist. On each NetBIOS network +one machine will be elected to function as the domain master browser. This +domain browsing has nothing to do with MS security domain control. +Instead, the domain master browser serves the role of contacting each local +master browser (found by asking WINS or from LMHOSTS) and exchanging browse +list contents. This way every master browser will eventually obtain a complete +list of all machines that are on the network. Every 11-15 minutes an election +is held to determine which machine will be the master browser. By the nature of +the election criteria used, the machine with the highest uptime, or the +most senior protocol version, or other criteria, will win the election +as domain master browser.

Clients wishing to browse the network make use of this list, but also depend +on the availability of correct name resolution to the respective IP +address/addresses.

Any configuration that breaks name resolution and/or browsing intrinsics +will annoy users because they will have to put up with protracted +inability to use the network services.

Samba supports a feature that allows forced synchonisation +of browse lists across routed networks using the "remote +browse sync" parameter in the smb.conf file. This causes Samba +to contact the local master browser on a remote network and +to request browse list synchronisation. This effectively bridges +two networks that are separated by routers. The two remote +networks may use either broadcast based name resolution or WINS +based name resolution, but it should be noted that the "remote +browse sync" parameter provides browse list synchronisation - and +that is distinct from name to address resolution, in other +words, for cross subnet browsing to function correctly it is +essential that a name to address resolution mechanism be provided. +This mechanism could be via DNS, /etc/hosts, +and so on.

3.5. MS Windows security options and how to configure +Samba for seemless integration

MS Windows clients may use encrypted passwords as part of a +challenege/response authentication model (a.k.a. NTLMv1) or +alone, or clear text strings for simple password based +authentication. It should be realized that with the SMB +protocol the password is passed over the network either +in plain text or encrypted, but not both in the same +authentication requets.

When encrypted passwords are used a password that has been +entered by the user is encrypted in two ways:

You should refer to the Password Encryption chapter in this HOWTO collection +for more details on the inner workings

MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x +and version 4.0 pre-service pack 3 will use either mode of +password authentication. All versions of MS Windows that follow +these versions no longer support plain text passwords by default.

MS Windows clients have a habit of dropping network mappings that +have been idle for 10 minutes or longer. When the user attempts to +use the mapped drive connection that has been dropped, the client +re-establishes the connection using +a cached copy of the password.

When Microsoft changed the default password mode, they dropped support for +caching of the plain text password. This means that when the registry +parameter is changed to re-enable use of plain text passwords it appears to +work, but when a dropped mapping attempts to revalidate it will fail if +the remote authentication server does not support encrypted passwords. +This means that it is definitely not a good idea to re-enable plain text +password support in such clients.

The following parameters can be used to work around the +issue of Windows 9x client upper casing usernames and +password before transmitting them to the SMB server +when using clear text authentication.

	passsword level = integer
+	username level = integer

By default Samba will lower case the username before attempting +to lookup the user in the database of local system accounts. +Because UNIX usernames conventionally only contain lower case +character, the username level parameter +is rarely even needed.

However, password on UNIX systems often make use of mixed case +characters. This means that in order for a user on a Windows 9x +client to connect to a Samba server using clear text authentication, +the password level must be set to the maximum +number of upper case letter which could appear +is a password. Note that is the server OS uses the traditional +DES version of crypt(), then a password level +of 8 will result in case insensitive passwords as seen from Windows +users. This will also result in longer login times as Samba +hash to compute the permutations of the password string and +try them one by one until a match is located (or all combinations fail).

The best option to adopt is to enable support for encrypted passwords +where ever Samba is used. There are three configuration possibilities +for support of encrypted passwords:

3.5.1. Use MS Windows NT as an authentication server

This method involves the additions of the following parameters +in the smb.conf file:

	encrypt passwords = Yes
+	security = server
+	password server = "NetBIOS_name_of_PDC"

There are two ways of identifying whether or not a username and +password pair was valid or not. One uses the reply information provided +as part of the authentication messaging process, the other uses +just and error code.

The down-side of this mode of configuration is the fact that +for security reasons Samba will send the password server a bogus +username and a bogus password and if the remote server fails to +reject the username and password pair then an alternative mode +of identification of validation is used. Where a site uses password +lock out after a certain number of failed authentication attempts +this will result in user lockouts.

Use of this mode of authentication does require there to be +a standard Unix account for the user, this account can be blocked +to prevent logons by other than MS Windows clients.

3.5.2. Make Samba a member of an MS Windows NT security domain

This method involves additon of the following paramters in the smb.conf file:

	encrypt passwords = Yes
+	security = domain
+	workgroup = "name of NT domain"
+	password server = *

The use of the "*" argument to "password server" will cause samba +to locate the domain controller in a way analogous to the way +this is done within MS Windows NT.

In order for this method to work the Samba server needs to join the +MS Windows NT security domain. This is done as follows:

Use of this mode of authentication does require there to be +a standard Unix account for the user in order to assign +a uid once the account has been authenticated by the remote +Windows DC. This account can be blocked to prevent logons by +other than MS Windows clients by things such as setting an invalid +shell in the /etc/passwd entry.

An alternative to assigning UIDs to Windows users on a +Samba member server is presented in the Winbind Overview chapter in +this HOWTO collection.

3.5.3. Configure Samba as an authentication server

This mode of authentication demands that there be on the +Unix/Linux system both a Unix style account as well as an +smbpasswd entry for the user. The Unix system account can be +locked if required as only the encrypted password will be +used for SMB client authentication.

This method involves addition of the following parameters to +the smb.conf file:

## please refer to the Samba PDC HOWTO chapter later in 
+## this collection for more details
+[global]
+	encrypt passwords = Yes
+	security = user
+	domain logons = Yes
+	; an OS level of 33 or more is recommended
+	os level = 33
+
+[NETLOGON]
+	path = /somewhare/in/file/system
+	read only = yes

in order for this method to work a Unix system account needs +to be created for each user, as well as for each MS Windows NT/2000 +machine. The following structure is required.

PrevHomeNext
Diagnosing your samba server Configuring PAM for distributed but centrally +managed authentication
\ No newline at end of file diff --git a/docs/htmldocs/msdfs.html b/docs/htmldocs/msdfs.html new file mode 100644 index 0000000000..a43aded3d3 --- /dev/null +++ b/docs/htmldocs/msdfs.html @@ -0,0 +1,314 @@ + +Hosting a Microsoft Distributed File System tree on Samba
SAMBA Project Documentation
PrevNext

Chapter 5. Hosting a Microsoft Distributed File System tree on Samba

5.1. Instructions

The Distributed File System (or Dfs) provides a means of + separating the logical view of files and directories that users + see from the actual physical locations of these resources on the + network. It allows for higher availability, smoother storage expansion, + load balancing etc. For more information about Dfs, refer to Microsoft documentation.

This document explains how to host a Dfs tree on a Unix + machine (for Dfs-aware clients to browse) using Samba.

To enable SMB-based DFS for Samba, configure it with the + --with-msdfs option. Once built, a + Samba server can be made a Dfs server by setting the global + boolean host msdfs parameter in the smb.conf + file. You designate a share as a Dfs root using the share + level boolean msdfs root parameter. A Dfs root directory on + Samba hosts Dfs links in the form of symbolic links that point + to other servers. For example, a symbolic link + junction->msdfs:storage1\share1 in + the share directory acts as the Dfs junction. When Dfs-aware + clients attempt to access the junction link, they are redirected + to the storage location (in this case, \\storage1\share1).

Dfs trees on Samba work with all Dfs-aware clients ranging + from Windows 95 to 2000.

Here's an example of setting up a Dfs tree on a Samba + server.

# The smb.conf file:
+[global]
+	netbios name = SAMBA
+	host msdfs   = yes
+
+[dfs]
+	path = /export/dfsroot
+	msdfs root = yes
+

In the /export/dfsroot directory we set up our dfs links to + other servers on the network.

root# cd /export/dfsroot

root# chown root /export/dfsroot

root# chmod 755 /export/dfsroot

root# ln -s msdfs:storageA\\shareA linka

root# ln -s msdfs:serverB\\share,serverC\\share linkb

You should set up the permissions and ownership of + the directory acting as the Dfs root such that only designated + users can create, delete or modify the msdfs links. Also note + that symlink names should be all lowercase. This limitation exists + to have Samba avoid trying all the case combinations to get at + the link name. Finally set up the symbolic links to point to the + network shares you want, and start Samba.

Users on Dfs-aware clients can now browse the Dfs tree + on the Samba server at \\samba\dfs. Accessing + links linka or linkb (which appear as directories to the client) + takes users directly to the appropriate shares on the network.

PrevHomeNext
Configuring PAM for distributed but centrally +managed authentication UNIX Permission Bits and Windows NT Access Control Lists
\ No newline at end of file diff --git a/docs/htmldocs/msdfs_setup.html b/docs/htmldocs/msdfs_setup.html deleted file mode 100644 index 36b9911bae..0000000000 --- a/docs/htmldocs/msdfs_setup.html +++ /dev/null @@ -1,210 +0,0 @@ -Hosting a Microsoft Distributed File System tree on Samba

Instructions

The Distributed File System (or Dfs) provides a means of - separating the logical view of files and directories that users - see from the actual physical locations of these resources on the - network. It allows for higher availability, smoother storage expansion, - load balancing etc. For more information about Dfs, refer to Microsoft documentation.

This document explains how to host a Dfs tree on a Unix - machine (for Dfs-aware clients to browse) using Samba.

To enable SMB-based DFS for Samba, configure it with the - --with-msdfs option. Once built, a - Samba server can be made a Dfs server by setting the global - boolean host msdfs parameter in the smb.conf - file. You designate a share as a Dfs root using the share - level boolean msdfs root parameter. A Dfs root directory on - Samba hosts Dfs links in the form of symbolic links that point - to other servers. For example, a symbolic link - junction->msdfs:storage1\share1 in - the share directory acts as the Dfs junction. When Dfs-aware - clients attempt to access the junction link, they are redirected - to the storage location (in this case, \\storage1\share1).

Dfs trees on Samba work with all Dfs-aware clients ranging - from Windows 95 to 2000.

Here's an example of setting up a Dfs tree on a Samba - server.

# The smb.conf file:
-[global]
-	netbios name = SAMBA
-	host msdfs   = yes
-
-[dfs]
-	path = /export/dfsroot
-	msdfs root = yes
-

In the /export/dfsroot directory we set up our dfs links to - other servers on the network.

root# cd /export/dfsroot

root# chown root /export/dfsroot

root# chmod 755 /export/dfsroot

root# ln -s msdfs:storageA\\shareA linka

root# ln -s msdfs:serverB\\share,serverC\\share linkb

You should set up the permissions and ownership of - the directory acting as the Dfs root such that only designated - users can create, delete or modify the msdfs links. Also note - that symlink names should be all lowercase. This limitation exists - to have Samba avoid trying all the case combinations to get at - the link name. Finally set up the symbolic links to point to the - network shares you want, and start Samba.

Users on Dfs-aware clients can now browse the Dfs tree - on the Samba server at \\samba\dfs. Accessing - links linka or linkb (which appear as directories to the client) - takes users directly to the appropriate shares on the network.

Notes

  • Windows clients need to be rebooted - if a previously mounted non-dfs share is made a dfs - root or vice versa. A better way is to introduce a - new share and make it the dfs root.

  • Currently there's a restriction that msdfs - symlink names should all be lowercase.

  • For security purposes, the directory - acting as the root of the Dfs tree should have ownership - and permissions set so that only designated users can - modify the symbolic links in the directory.

\ No newline at end of file diff --git a/docs/htmldocs/other-clients.html b/docs/htmldocs/other-clients.html new file mode 100644 index 0000000000..c0e5e3fb93 --- /dev/null +++ b/docs/htmldocs/other-clients.html @@ -0,0 +1,559 @@ + +Samba and other CIFS clients
SAMBA Project Documentation
PrevNext

Chapter 17. Samba and other CIFS clients

This chapter contains client-specific information.

17.1. Macintosh clients?

Yes. Thursby now have a CIFS Client / Server called DAVE - see

They test it against Windows 95, Windows NT and samba for +compatibility issues. At the time of writing, DAVE was at version +1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from +the Thursby web site (the speed of finder copies has been greatly +enhanced, and there are bug-fixes included).

+Alternatives - There are two free implementations of AppleTalk for +several kinds of UNIX machnes, and several more commercial ones. +These products allow you to run file services and print services +natively to Macintosh users, with no additional support required on +the Macintosh. The two free omplementations are +Netatalk, and +CAP. +What Samba offers MS +Windows users, these packages offer to Macs. For more info on these +packages, Samba, and Linux (and other UNIX-based systems) see +http://www.eats.com/linux_mac_win.html

17.2. OS2 Client

17.2.1. How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?

A more complete answer to this question can be + found on http://carol.wins.uva.nl/~leeuw/samba/warp.html.

Basically, you need three components:

  • The File and Print Client ('IBM Peer') +

  • TCP/IP ('Internet support') +

  • The "NetBIOS over TCP/IP" driver ('TCPBEUI') +

Installing the first two together with the base operating + system on a blank system is explained in the Warp manual. If Warp + has already been installed, but you now want to install the + networking support, use the "Selective Install for Networking" + object in the "System Setup" folder.

Adding the "NetBIOS over TCP/IP" driver is not described + in the manual and just barely in the online documentation. Start + MPTS.EXE, click on OK, click on "Configure LAPS" and click + on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line + is then moved to 'Current Configuration'. Select that line, + click on "Change number" and increase it from 0 to 1. Save this + configuration.

If the Samba server(s) is not on your local subnet, you + can optionally add IP names and addresses of these servers + to the "Names List", or specify a WINS server ('NetBIOS + Nameserver' in IBM and RFC terminology). For Warp Connect you + may need to download an update for 'IBM Peer' to bring it on + the same level as Warp 4. See the webpage mentioned above.

17.2.2. How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?

You can use the free Microsoft LAN Manager 2.2c Client + for OS/2 from + ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/. + See http://carol.wins.uva.nl/~leeuw/lanman.html for + more information on how to install and use this client. In + a nutshell, edit the file \OS2VER in the root directory of + the OS/2 boot partition and add the lines:

		20=setup.exe
+		20=netwksta.sys
+		20=netvdd.sys
+

before you install the client. Also, don't use the + included NE2000 driver because it is buggy. Try the NE2000 + or NS2000 driver from + ftp://ftp.cdrom.com/pub/os2/network/ndis/ instead. +

17.2.3. Are there any other issues when OS/2 (any version) + is used as a client?

When you do a NET VIEW or use the "File and Print + Client Resource Browser", no Samba servers show up. This can + be fixed by a patch from http://carol.wins.uva.nl/~leeuw/samba/fix.html. + The patch will be included in a later version of Samba. It also + fixes a couple of other problems, such as preserving long + filenames when objects are dragged from the Workplace Shell + to the Samba server.

17.2.4. How do I get printer driver download working + for OS/2 clients?

First, create a share called [PRINTDRV] that is + world-readable. Copy your OS/2 driver files there. Note + that the .EA_ files must still be separate, so you will need + to use the original install files, and not copy an installed + driver from an OS/2 system.

Install the NT driver first for that printer. Then, + add to your smb.conf a parameter, os2 driver map = + filename". Then, in the file + specified by filename, map the + name of the NT driver name to the OS/2 driver name as + follows:

nt driver name = os2 "driver + name"."device name", e.g.: + HP LaserJet 5L = LASERJET.HP LaserJet 5L

You can have multiple drivers mapped in this file.

If you only specify the OS/2 driver name, and not the + device name, the first attempt to download the driver will + actually download the files, but the OS/2 client will tell + you the driver is not available. On the second attempt, it + will work. This is fixed simply by adding the device name + to the mapping, after which it will work on the first attempt. +

17.3. Windows for Workgroups

17.5. Windows 2000 Service Pack 2

+There are several annoyances with Windows 2000 SP2. One of which +only appears when using a Samba server to host user profiles +to Windows 2000 SP2 clients in a Windows domain. This assumes +that Samba is a member of the domain, but the problem will +likely occur if it is not.

+In order to server profiles successfully to Windows 2000 SP2 +clients (when not operating as a PDC), Samba must have +nt acl support = no +added to the file share which houses the roaming profiles. +If this is not done, then the Windows 2000 SP2 client will +complain about not being able to access the profile (Access +Denied) and create multiple copies of it on disk (DOMAIN.user.001, +DOMAIN.user.002, etc...). See the +smb.conf(5) man page +for more details on this option. Also note that the +nt acl support parameter was formally a global parameter in +releases prior to Samba 2.2.2.

+The following is a minimal profile share:

	[profile]
+		path = /export/profile
+		create mask = 0600
+		directory mask = 0700
+		nt acl support = no
+		read only = no

The reason for this bug is that the Win2k SP2 client copies +the security descriptor for the profile which contains +the Samba server's SID, and not the domain SID. The client +compares the SID for SAMBA\user and realizes it is +different that the one assigned to DOMAIN\user. Hence the reason +for the "access denied" message.

By disabling the nt acl support parameter, Samba will send +the Win2k client a response to the QuerySecurityDescriptor +trans2 call which causes the client to set a default ACL +for the profile. This default ACL includes

DOMAIN\user "Full Control"

NOTE : This bug does not occur when using winbind to +create accounts on the Samba host for Domain users.

PrevHomeNext
Samba performance issues HOWTO Access Samba source code via CVS
\ No newline at end of file diff --git a/docs/htmldocs/pam.html b/docs/htmldocs/pam.html new file mode 100644 index 0000000000..988a0790ef --- /dev/null +++ b/docs/htmldocs/pam.html @@ -0,0 +1,418 @@ + +Configuring PAM for distributed but centrally +managed authentication
SAMBA Project Documentation
PrevNext

Chapter 4. Configuring PAM for distributed but centrally +managed authentication

4.1. Samba and PAM

A number of Unix systems (eg: Sun Solaris), as well as the +xxxxBSD family and Linux, now utilize the Pluggable Authentication +Modules (PAM) facility to provide all authentication, +authorization and resource control services. Prior to the +introduction of PAM, a decision to use an alternative to +the system password database (/etc/passwd) +would require the provision of alternatives for all programs that provide +security services. Such a choice would involve provision of +alternatives to such programs as: login, +passwd, chown, etc.

PAM provides a mechanism that disconnects these security programs +from the underlying authentication/authorization infrastructure. +PAM is configured either through one file /etc/pam.conf (Solaris), +or by editing individual files that are located in /etc/pam.d.

The following is an example /etc/pam.d/login configuration file. +This example had all options been uncommented is probably not usable +as it stacks many conditions before allowing successful completion +of the login process. Essentially all conditions can be disabled +by commenting them out except the calls to pam_pwdb.so.

#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth 		required	pam_securetty.so
+auth 		required	pam_nologin.so
+# auth 		required	pam_dialup.so
+# auth 		optional	pam_mail.so
+auth		required	pam_pwdb.so shadow md5
+# account    	requisite  	pam_time.so
+account		required	pam_pwdb.so
+session		required	pam_pwdb.so
+# session 	optional	pam_lastlog.so
+# password   	required   	pam_cracklib.so retry=3
+password	required	pam_pwdb.so shadow md5

PAM allows use of replacable modules. Those available on a +sample system include:

$ /bin/ls /lib/security
+pam_access.so    pam_ftp.so          pam_limits.so     
+pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
+pam_cracklib.so  pam_group.so        pam_listfile.so   
+pam_nologin.so   pam_rootok.so       pam_tally.so      
+pam_deny.so      pam_issue.so        pam_mail.so       
+pam_permit.so    pam_securetty.so    pam_time.so       
+pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
+pam_pwdb.so      pam_shells.so       pam_unix.so       
+pam_env.so       pam_ldap.so         pam_motd.so       
+pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
+pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
+pam_userdb.so    pam_warn.so         pam_unix_session.so

The following example for the login program replaces the use of +the pam_pwdb.so module which uses the system +password database (/etc/passwd, +/etc/shadow, /etc/group) with +the module pam_smbpass.so which uses the Samba +database which contains the Microsoft MD4 encrypted password +hashes. This database is stored in either +/usr/local/samba/private/smbpasswd, +/etc/samba/smbpasswd, or in +/etc/samba.d/smbpasswd, depending on the +Samba implementation for your Unix/Linux system. The +pam_smbpass.so module is provided by +Samba version 2.2.1 or later. It can be compiled by specifying the +--with-pam_smbpass options when running Samba's +configure script. For more information +on the pam_smbpass module, see the documentation +in the source/pam_smbpass directory of the Samba +source distribution.

#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth		required	pam_smbpass.so nodelay
+account		required	pam_smbpass.so nodelay
+session		required	pam_smbpass.so nodelay
+password	required	pam_smbpass.so nodelay

The following is the PAM configuration file for a particular +Linux system. The default condition uses pam_pwdb.so.

#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_pwdb.so shadow md5

In the following example the decision has been made to use the +smbpasswd database even for basic samba authentication. Such a +decision could also be made for the passwd program and would +thus allow the smbpasswd passwords to be changed using the passwd +program.

#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf

Note: PAM allows stacking of authentication mechanisms. It is +also possible to pass information obtained within one PAM module through +to the next module in the PAM stack. Please refer to the documentation for +your particular system implementation for details regarding the specific +capabilities of PAM in this environment. Some Linux implmentations also +provide the pam_stack.so module that allows all +authentication to be configured in a single central file. The +pam_stack.so method has some very devoted followers +on the basis that it allows for easier administration. As with all issues in +life though, every decision makes trade-offs, so you may want examine the +PAM documentation for further helpful information.

4.2. Distributed Authentication

The astute administrator will realize from this that the +combination of pam_smbpass.so, +winbindd, and rsync (see +http://rsync.samba.org/) +will allow the establishment of a centrally managed, distributed +user/password database that can also be used by all +PAM (eg: Linux) aware programs and applications. This arrangement +can have particularly potent advantages compared with the +use of Microsoft Active Directory Service (ADS) in so far as +reduction of wide area network authentication traffic.

4.3. PAM Configuration in smb.conf

There is an option in smb.conf called obey pam restrictions. +The following is from the on-line help for this option in SWAT;

When Samba 2.2 is configure to enable PAM support (i.e. +--with-pam), this parameter will +control whether or not Samba should obey PAM's account +and session management directives. The default behavior +is to use PAM for clear text authentication only and to +ignore any account or session management. Note that Samba always +ignores PAM for authentication in the case of +encrypt passwords = yes. +The reason is that PAM modules cannot support the challenge/response +authentication mechanism needed in the presence of SMB +password encryption.

Default: obey pam restrictions = no

PrevHomeNext
Integrating MS Windows networks with Samba Hosting a Microsoft Distributed File System tree on Samba
\ No newline at end of file diff --git a/docs/htmldocs/portability.html b/docs/htmldocs/portability.html new file mode 100644 index 0000000000..72a5146892 --- /dev/null +++ b/docs/htmldocs/portability.html @@ -0,0 +1,272 @@ + +Portability
SAMBA Project Documentation
Prev 

Chapter 21. Portability

Samba works on a wide range of platforms but the interface all the +platforms provide is not always compatible. This chapter contains +platform-specific information about compiling and using samba.

21.1. HPUX

HP's implementation of supplementary groups is, er, non-standard (for +hysterical reasons). There are two group files, /etc/group and +/etc/logingroup; the system maps UIDs to numbers using the former, but +initgroups() reads the latter. Most system admins who know the ropes +symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons +too stupid to go into here). initgroups() will complain if one of the +groups you're in in /etc/logingroup has what it considers to be an invalid +ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think) +60000 currently on HP-UX. This precludes -2 and 65534, the usual 'nobody' +GIDs.

If you encounter this problem, make sure that the programs that are failing +to initgroups() be run as users not in any groups with GIDs outside the +allowed range.

This is documented in the HP manual pages under setgroups(2) and passwd(4).

21.3. DNIX

DNIX has a problem with seteuid() and setegid(). These routines are +needed for Samba to work correctly, but they were left out of the DNIX +C library for some reason.

For this reason Samba by default defines the macro NO_EID in the DNIX +section of includes.h. This works around the problem in a limited way, +but it is far from ideal, some things still won't work right.

+To fix the problem properly you need to assemble the following two +functions and then either add them to your C library or link them into +Samba.

+put this in the file setegid.s:

        .globl  _setegid
+_setegid:
+        moveq   #47,d0
+        movl    #100,a0
+        moveq   #1,d1
+        movl    4(sp),a1
+        trap    #9
+        bccs    1$
+        jmp     cerror
+1$:
+        clrl    d0
+        rts

put this in the file seteuid.s:

        .globl  _seteuid
+_seteuid:
+        moveq   #47,d0
+        movl    #100,a0
+        moveq   #0,d1
+        movl    4(sp),a1
+        trap    #9
+        bccs    1$
+        jmp     cerror
+1$:
+        clrl    d0
+        rts

after creating the above files you then assemble them using

as seteuid.s

as setegid.s

that should produce the files seteuid.o and +setegid.o

then you need to add these to the LIBSM line in the DNIX section of +the Samba Makefile. Your LIBSM line will then look something like this:

LIBSM = setegid.o seteuid.o -ln

+You should then remove the line:

#define NO_EID

from the DNIX section of includes.h

PrevHome 
Group mapping HOWTO  
\ No newline at end of file diff --git a/docs/htmldocs/printer_driver2.html b/docs/htmldocs/printer_driver2.html deleted file mode 100644 index 5a6e6586da..0000000000 --- a/docs/htmldocs/printer_driver2.html +++ /dev/null @@ -1,987 +0,0 @@ -Printing Support in Samba 2.2.x

Introduction

Beginning with the 2.2.0 release, Samba supports -the native Windows NT printing mechanisms implemented via -MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of -Samba only supported LanMan printing calls.

The additional functionality provided by the new -SPOOLSS support includes:

  • Support for downloading printer driver - files to Windows 95/98/NT/2000 clients upon demand. -

  • Uploading of printer drivers via the - Windows NT Add Printer Wizard (APW) or the - Imprints tool set (refer to http://imprints.sourceforge.net). -

  • Support for the native MS-RPC printing - calls such as StartDocPrinter, EnumJobs(), etc... (See - the MSDN documentation at http://msdn.microsoft.com/ - for more information on the Win32 printing API) -

  • Support for NT Access Control Lists (ACL) - on printer objects

  • Improved support for printer queue manipulation - through the use of an internal databases for spooled job - information

There has been some initial confusion about what all this means -and whether or not it is a requirement for printer drivers to be -installed on a Samba host in order to support printing from Windows -clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients -require that the Samba server possess a valid driver for the printer. -This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients -can use the local APW for installing drivers to be used with a Samba -served printer. This is the same behavior exhibited by Windows 9x clients. -As a side note, Samba does not use these drivers in any way to process -spooled files. They are utilized entirely by the clients.

The following MS KB article, may be of some help if you are dealing with -Windows 2000 clients: How to Add Printers with No User -Interaction in Windows 2000

http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP

Configuration

[print$] vs. [printer$]

Previous versions of Samba recommended using a share named [printer$]. -This name was taken from the printer$ service created by Windows 9x -clients when a printer was shared. Windows 9x printer servers always have -a printer$ service which provides read-only access via no -password in order to support printer driver downloads.

However, the initial implementation allowed for a -parameter named printer driver location -to be used on a per share basis to specify the location of -the driver files associated with that printer. Another -parameter named printer driver provided -a means of defining the printer driver name to be sent to -the client.

These parameters, including printer driver -file parameter, are being deprecated and should not -be used in new installations. For more information on this change, -you should refer to the Migration section -of this document.

Creating [print$]

In order to support the uploading of printer driver -files, you must first configure a file share named [print$]. -The name of this share is hard coded in Samba's internals so -the name is very important (print$ is the service used by -Windows NT print servers to provide support for printer driver -download).

You should modify the server's smb.conf file to add the global -parameters and to create the -following file share (of course, some of the parameter values, -such as 'path' are arbitrary and should be replaced with -appropriate values for your site):

[global]
-    ; members of the ntadmin group should be able
-    ; to add drivers and set printer properties
-    ; root is implicitly a 'printer admin'
-    printer admin = @ntadmin
-
-[print$]
-    path = /usr/local/samba/printers
-    guest ok = yes
-    browseable = yes
-    read only = yes
-    ; since this share is configured as read only, then we need
-    ; a 'write list'.  Check the file system permissions to make
-    ; sure this account can copy files to the share.  If this
-    ; is setup to a non-root account, then it should also exist
-    ; as a 'printer admin'
-    write list = @ntadmin,root

The write list is used to allow administrative -level user accounts to have write access in order to update files -on the share. See the smb.conf(5) -man page for more information on configuring file shares.

The requirement for guest -ok = yes depends upon how your -site is configured. If users will be guaranteed to have -an account on the Samba host, then this is a non-issue.

Author's Note: The non-issue is that if all your Windows NT users are guaranteed to be -authenticated by the Samba server (such as a domain member server and the NT -user has already been validated by the Domain Controller in -order to logon to the Windows NT console), then guest access -is not necessary. Of course, in a workgroup environment where -you just want to be able to print without worrying about -silly accounts and security, then configure the share for -guest access. You'll probably want to add map to guest = Bad User in the [global] section as well. Make sure -you understand what this parameter does before using it -though. --jerry

In order for a Windows NT print server to support -the downloading of driver files by multiple client architectures, -it must create subdirectories within the [print$] service -which correspond to each of the supported client architectures. -Samba follows this model as well.

Next create the directory tree below the [print$] share -for each architecture you wish to support.

[print$]-----
-        |-W32X86           ; "Windows NT x86"
-        |-WIN40            ; "Windows 95/98"
-        |-W32ALPHA         ; "Windows NT Alpha_AXP"
-        |-W32MIPS          ; "Windows NT R4000"
-        |-W32PPC           ; "Windows NT PowerPC"

ATTENTION! REQUIRED PERMISSIONS

In order to currently add a new driver to you Samba host, -one of two conditions must hold true:

  • The account used to connect to the Samba host - must have a uid of 0 (i.e. a root account)

  • The account used to connect to the Samba host - must be a member of the printer - admin list.

Of course, the connected account must still possess access -to add files to the subdirectories beneath [print$]. Remember -that all file shares are set to 'read only' by default.

Once you have created the required [print$] service and -associated subdirectories, simply log onto the Samba server using -a root (or printer admin) account -from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or -"My Network Places" and browse for the Samba host. Once you have located -the server, navigate to the "Printers..." folder. -You should see an initial listing of printers -that matches the printer shares defined on your Samba host.

Setting Drivers for Existing Printers

The initial listing of printers in the Samba host's -Printers folder will have no real printer driver assigned -to them. By default, in Samba 2.2.0 this driver name was set to -NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER. -Later versions changed this to a NULL string to allow the use -tof the local Add Printer Wizard on NT/2000 clients. -Attempting to view the printer properties for a printer -which has this default driver assigned will result in -the error message:

Device settings cannot be displayed. The driver -for the specified printer is not installed, only spooler -properties will be displayed. Do you want to install the -driver now?

Click "No" in the error dialog and you will be presented with -the printer properties window. The way assign a driver to a -printer is to either

  • Use the "New Driver..." button to install - a new printer driver, or

  • Select a driver from the popup list of - installed drivers. Initially this list will be empty.

If you wish to install printer drivers for client -operating systems other than "Windows NT x86", you will need -to use the "Sharing" tab of the printer properties dialog.

Assuming you have connected with a root account, you -will also be able modify other printer properties such as -ACLs and device settings using this dialog box.

A few closing comments for this section, it is possible -on a Windows NT print server to have printers -listed in the Printers folder which are not shared. Samba does -not make this distinction. By definition, the only printers of -which Samba is aware are those which are specified as shares in -smb.conf.

Another interesting side note is that Windows NT clients do -not use the SMB printer share, but rather can print directly -to any printer on another Windows NT host using MS-RPC. This -of course assumes that the printing client has the necessary -privileges on the remote host serving the printer. The default -permissions assigned by Windows NT to a printer gives the "Print" -permissions to the "Everyone" well-known group.

Support a large number of printers

One issue that has arisen during the development -phase of Samba 2.2 is the need to support driver downloads for -100's of printers. Using the Windows NT APW is somewhat -awkward to say the least. If more than one printer is using the -same driver, the rpcclient's -setdriver command can be used to set the driver -associated with an installed driver. The following is an example -of how this could be accomplished:

 
-$ rpcclient pogo -U root%secret -c "enumdrivers"
-Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
- 
-[Windows NT x86]
-Printer Driver Info 1:
-     Driver Name: [HP LaserJet 4000 Series PS]
- 
-Printer Driver Info 1:
-     Driver Name: [HP LaserJet 2100 Series PS]
- 
-Printer Driver Info 1:
-     Driver Name: [HP LaserJet 4Si/4SiMX PS]
-				  
-$ rpcclient pogo -U root%secret -c "enumprinters"
-Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
-     flags:[0x800000]
-     name:[\\POGO\hp-print]
-     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
-     comment:[]
-				  
-$ rpcclient pogo -U root%secret \
->  -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
-Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
-Successfully set hp-print to driver HP LaserJet 4000 Series PS.

Adding New Printers via the Windows NT APW

By default, Samba offers all printer shares defined in smb.conf -in the "Printers..." folder. Also in this folder is the Windows NT -Add Printer Wizard icon. The APW will be show only if

  • The connected user is able to successfully - execute an OpenPrinterEx(\\server) with administrative - privileges (i.e. root or printer admin). -

  • show - add printer wizard = yes (the default). -

In order to be able to use the APW to successfully add a printer to a Samba -server, the add -printer command must have a defined value. The program -hook must successfully add the printer to the system (i.e. -/etc/printcap or appropriate files) and -smb.conf if necessary.

When using the APW from a client, if the named printer share does -not exist, smbd will execute the add printer -command and reparse the smb.conf -to attempt to locate the new printer share. If the share is still not defined, -an error of "Access Denied" is returned to the client. Note that the -add printer program is executed under the context -of the connected user, not necessarily a root account.

There is a complementary delete -printer command for removing entries from the "Printers..." -folder.

Samba and Printer Ports

Windows NT/2000 print servers associate a port with each printer. These normally -take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the -concept of ports associated with a printer. By default, only one printer port, -named "Samba Printer Port", exists on a system. Samba does not really need a port in -order to print, rather it is a requirement of Windows clients.

Note that Samba does not support the concept of "Printer Pooling" internally -either. This is when a logical printer is assigned to multiple ports as -a form of load balancing or fail over.

If you require that multiple ports be defined for some reason, -smb.conf possesses a enumports -command which can be used to define an external program -that generates a listing of ports on a system.

The Imprints Toolset

The Imprints tool set provides a UNIX equivalent of the - Windows NT Add Printer Wizard. For complete information, please - refer to the Imprints web site at http://imprints.sourceforge.net/ as well as the documentation - included with the imprints source distribution. This section will - only provide a brief introduction to the features of Imprints.

What is Imprints?

Imprints is a collection of tools for supporting the goals - of

  • Providing a central repository information - regarding Windows NT and 95/98 printer driver packages

  • Providing the tools necessary for creating - the Imprints printer driver packages.

  • Providing an installation client which - will obtain and install printer drivers on remote Samba - and Windows NT 4 print servers.

Creating Printer Driver Packages

The process of creating printer driver packages is beyond - the scope of this document (refer to Imprints.txt also included - with the Samba distribution for more information). In short, - an Imprints driver package is a gzipped tarball containing the - driver files, related INF files, and a control file needed by the - installation client.

The Imprints server

The Imprints server is really a database server that - may be queried via standard HTTP mechanisms. Each printer - entry in the database has an associated URL for the actual - downloading of the package. Each package is digitally signed - via GnuPG which can be used to verify that package downloaded - is actually the one referred in the Imprints database. It is - not recommended that this security check - be disabled.

The Installation Client

More information regarding the Imprints installation client - is available in the Imprints-Client-HOWTO.ps - file included with the imprints source package.

The Imprints installation client comes in two forms.

  • a set of command line Perl scripts

  • a GTK+ based graphical interface to - the command line perl scripts

The installation client (in both forms) provides a means - of querying the Imprints database server for a matching - list of known printer model names as well as a means to - download and install the drivers on remote Samba and Windows - NT print servers.

The basic installation process is in four steps and - perl code is wrapped around smbclient - and rpcclient.

	
-foreach (supported architecture for a given driver)
-{
-     1.  rpcclient: Get the appropriate upload directory 
-         on the remote server
-     2.  smbclient: Upload the driver files
-     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
-}
-	
-4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
-    create the printer

One of the problems encountered when implementing - the Imprints tool set was the name space issues between - various supported client architectures. For example, Windows - NT includes a driver named "Apple LaserWriter II NTX v51.8" - and Windows 95 calls its version of this driver "Apple - LaserWriter II NTX"

The problem is how to know what client drivers have - been uploaded for a printer. As astute reader will remember - that the Windows NT Printer Properties dialog only includes - space for one printer driver name. A quick look in the - Windows NT 4.0 system registry at

HKLM\System\CurrentControlSet\Control\Print\Environment -

will reveal that Windows NT always uses the NT driver - name. This is ok as Windows NT always requires that at least - the Windows NT version of the printer driver is present. - However, Samba does not have the requirement internally. - Therefore, how can you use the NT driver name if is has not - already been installed?

The way of sidestepping this limitation is to require - that all Imprints printer driver packages include both the Intel - Windows NT and 95/98 printer drivers and that NT driver is - installed first.

Migration to from Samba 2.0.x to 2.2.x

Given that printer driver management has changed (we hope improved) in -2.2 over prior releases, migration from an existing setup to 2.2 can -follow several paths. Here are the possible scenarios for -migration:

  • If you do not desire the new Windows NT - print driver support, nothing needs to be done. - All existing parameters work the same.

  • If you want to take advantage of NT printer - driver support but do not want to migrate the - 9x drivers to the new setup, the leave the existing - printers.def file. When smbd attempts - to locate a - 9x driver for the printer in the TDB and fails it - will drop down to using the printers.def (and all - associated parameters). The make_printerdef - tool will also remain for backwards compatibility but will - be removed in the next major release.

  • If you install a Windows 9x driver for a printer - on your Samba host (in the printing TDB), this information will - take precedence and the three old printing parameters - will be ignored (including print driver location).

  • If you want to migrate an existing printers.def - file into the new setup, the current only solution is to use the Windows - NT APW to install the NT drivers and the 9x drivers. This can be scripted - using smbclient and rpcclient. See the - Imprints installation client at http://imprints.sourceforge.net/ - for an example. -

Achtung!

The following smb.conf parameters are considered to -be deprecated and will be removed soon. Do not use them in new -installations

  • printer driver file (G) -

  • printer driver (S) -

  • printer driver location (S) -

The have been two new parameters add in Samba 2.2.2 to for -better support of Samba 2.0.x backwards capability (disable -spoolss) and for using local printers drivers on Windows -NT/2000 clients (use client driver). Both of -these options are described in the smb.conf(5) man page and are -disabled by default.

diff --git a/docs/htmldocs/printing.html b/docs/htmldocs/printing.html new file mode 100644 index 0000000000..0bdbd65198 --- /dev/null +++ b/docs/htmldocs/printing.html @@ -0,0 +1,1204 @@ + +Printing Support in Samba 2.2.x
SAMBA Project Documentation
PrevNext

Chapter 7. Printing Support in Samba 2.2.x

7.1. Introduction

Beginning with the 2.2.0 release, Samba supports +the native Windows NT printing mechanisms implemented via +MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of +Samba only supported LanMan printing calls.

The additional functionality provided by the new +SPOOLSS support includes:

There has been some initial confusion about what all this means +and whether or not it is a requirement for printer drivers to be +installed on a Samba host in order to support printing from Windows +clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients +require that the Samba server possess a valid driver for the printer. +This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients +can use the local APW for installing drivers to be used with a Samba +served printer. This is the same behavior exhibited by Windows 9x clients. +As a side note, Samba does not use these drivers in any way to process +spooled files. They are utilized entirely by the clients.

The following MS KB article, may be of some help if you are dealing with +Windows 2000 clients: How to Add Printers with No User +Interaction in Windows 2000

http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP

7.2. Configuration

[print$] vs. [printer$]
 

Previous versions of Samba recommended using a share named [printer$]. +This name was taken from the printer$ service created by Windows 9x +clients when a printer was shared. Windows 9x printer servers always have +a printer$ service which provides read-only access via no +password in order to support printer driver downloads.

However, the initial implementation allowed for a +parameter named printer driver location +to be used on a per share basis to specify the location of +the driver files associated with that printer. Another +parameter named printer driver provided +a means of defining the printer driver name to be sent to +the client.

These parameters, including printer driver +file parameter, are being deprecated and should not +be used in new installations. For more information on this change, +you should refer to the Migration section +of this document.

7.2.1. Creating [print$]

In order to support the uploading of printer driver +files, you must first configure a file share named [print$]. +The name of this share is hard coded in Samba's internals so +the name is very important (print$ is the service used by +Windows NT print servers to provide support for printer driver +download).

You should modify the server's smb.conf file to add the global +parameters and to create the +following file share (of course, some of the parameter values, +such as 'path' are arbitrary and should be replaced with +appropriate values for your site):

[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
+
+[print$]
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root

The write list is used to allow administrative +level user accounts to have write access in order to update files +on the share. See the smb.conf(5) +man page for more information on configuring file shares.

The requirement for guest +ok = yes depends upon how your +site is configured. If users will be guaranteed to have +an account on the Samba host, then this is a non-issue.

Author's Note
 

The non-issue is that if all your Windows NT users are guaranteed to be +authenticated by the Samba server (such as a domain member server and the NT +user has already been validated by the Domain Controller in +order to logon to the Windows NT console), then guest access +is not necessary. Of course, in a workgroup environment where +you just want to be able to print without worrying about +silly accounts and security, then configure the share for +guest access. You'll probably want to add map to guest = Bad User in the [global] section as well. Make sure +you understand what this parameter does before using it +though. --jerry

In order for a Windows NT print server to support +the downloading of driver files by multiple client architectures, +it must create subdirectories within the [print$] service +which correspond to each of the supported client architectures. +Samba follows this model as well.

Next create the directory tree below the [print$] share +for each architecture you wish to support.

[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"

ATTENTION! REQUIRED PERMISSIONS
 

In order to currently add a new driver to you Samba host, +one of two conditions must hold true:

  • The account used to connect to the Samba host + must have a uid of 0 (i.e. a root account)

  • The account used to connect to the Samba host + must be a member of the printer + admin list.

Of course, the connected account must still possess access +to add files to the subdirectories beneath [print$]. Remember +that all file shares are set to 'read only' by default.

Once you have created the required [print$] service and +associated subdirectories, simply log onto the Samba server using +a root (or printer admin) account +from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or +"My Network Places" and browse for the Samba host. Once you have located +the server, navigate to the "Printers..." folder. +You should see an initial listing of printers +that matches the printer shares defined on your Samba host.

7.2.2. Setting Drivers for Existing Printers

The initial listing of printers in the Samba host's +Printers folder will have no real printer driver assigned +to them. By default, in Samba 2.2.0 this driver name was set to +NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER. +Later versions changed this to a NULL string to allow the use +tof the local Add Printer Wizard on NT/2000 clients. +Attempting to view the printer properties for a printer +which has this default driver assigned will result in +the error message:

Device settings cannot be displayed. The driver +for the specified printer is not installed, only spooler +properties will be displayed. Do you want to install the +driver now?

Click "No" in the error dialog and you will be presented with +the printer properties window. The way to assign a driver to a +printer is to either

If you wish to install printer drivers for client +operating systems other than "Windows NT x86", you will need +to use the "Sharing" tab of the printer properties dialog.

Assuming you have connected with a root account, you +will also be able modify other printer properties such as +ACLs and device settings using this dialog box.

A few closing comments for this section, it is possible +on a Windows NT print server to have printers +listed in the Printers folder which are not shared. Samba does +not make this distinction. By definition, the only printers of +which Samba is aware are those which are specified as shares in +smb.conf.

Another interesting side note is that Windows NT clients do +not use the SMB printer share, but rather can print directly +to any printer on another Windows NT host using MS-RPC. This +of course assumes that the printing client has the necessary +privileges on the remote host serving the printer. The default +permissions assigned by Windows NT to a printer gives the "Print" +permissions to the "Everyone" well-known group.

7.2.3. Support a large number of printers

One issue that has arisen during the development +phase of Samba 2.2 is the need to support driver downloads for +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the +same driver, the rpcclient's +setdriver command can be used to set the driver +associated with an installed driver. The following is example +of how this could be accomplished:

 
+$ rpcclient pogo -U root%secret -c "enumdrivers"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+ 
+[Windows NT x86]
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4000 Series PS]
+ 
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 2100 Series PS]
+ 
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
+				  
+$ rpcclient pogo -U root%secret -c "enumprinters"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
+				  
+$ rpcclient pogo -U root%secret \
+>  -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.

7.2.4. Adding New Printers via the Windows NT APW

By default, Samba offers all printer shares defined in smb.conf +in the "Printers..." folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The APW will be show only if

In order to be able to use the APW to successfully add a printer to a Samba +server, the add +printer command must have a defined value. The program +hook must successfully add the printer to the system (i.e. +/etc/printcap or appropriate files) and +smb.conf if necessary.

When using the APW from a client, if the named printer share does +not exist, smbd will execute the add printer +command and reparse to the smb.conf +to attempt to locate the new printer share. If the share is still not defined, +an error of "Access Denied" is returned to the client. Note that the +add printer program is executed under the context +of the connected user, not necessarily a root account.

There is a complementary delete +printer command for removing entries from the "Printers..." +folder.

The following is an example add printer command script. It adds the appropriate entries to /etc/printcap.local (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work.

#!/bin/sh
+
+# Script to insert a new printer entry into printcap.local
+#
+# $1, printer name, used as the descriptive name
+# $2, share name, used as the printer name for Linux
+# $3, port name
+# $4, driver name
+# $5, location, used for the device file of the printer
+# $6, win9x location
+
+#
+# Make sure we use the location that RedHat uses for local printer defs
+PRINTCAP=/etc/printcap.local
+DATE=`date +%Y%m%d-%H%M%S`
+LP=lp
+RESTART="service lpd restart"
+
+# Keep a copy
+cp $PRINTCAP $PRINTCAP.$DATE
+# Add the printer to $PRINTCAP
+echo ""				 			>> $PRINTCAP
+echo "$2|$1:\\" 					>> $PRINTCAP
+echo "  :sd=/var/spool/lpd/$2:\\" 			>> $PRINTCAP
+echo "  :mx=0:ml=0:sh:\\" 				>> $PRINTCAP
+echo "  :lp=/usr/local/samba/var/print/$5.prn:" 	>> $PRINTCAP
+
+touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
+chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
+
+mkdir /var/spool/lpd/$2
+chmod 700 /var/spool/lpd/$2
+chown $LP /var/spool/lpd/$2
+#echo $1 >> "/usr/local/samba/var/print/$5.prn"
+#echo $2 >> "/usr/local/samba/var/print/$5.prn"
+#echo $3 >> "/usr/local/samba/var/print/$5.prn"
+#echo $4 >> "/usr/local/samba/var/print/$5.prn"
+#echo $5 >> "/usr/local/samba/var/print/$5.prn"
+#echo $6 >> "/usr/local/samba/var/print/$5.prn"
+$RESTART >> "/usr/local/samba/var/print/$5.prn"
+# Not sure if this is needed
+touch /usr/local/samba/lib/smb.conf
+#
+# You need to return a value, but I am not sure what it means.
+#
+echo "Done"
+exit 0

7.3. The Imprints Toolset

The Imprints tool set provides a UNIX equivalent of the + Windows NT Add Printer Wizard. For complete information, please + refer to the Imprints web site at http://imprints.sourceforge.net/ as well as the documentation + included with the imprints source distribution. This section will + only provide a brief introduction to the features of Imprints.

7.3.4. The Installation Client

More information regarding the Imprints installation client + is available in the Imprints-Client-HOWTO.ps + file included with the imprints source package.

The Imprints installation client comes in two forms.

The installation client (in both forms) provides a means + of querying the Imprints database server for a matching + list of known printer model names as well as a means to + download and install the drivers on remote Samba and Windows + NT print servers.

The basic installation process is in four steps and + perl code is wrapped around smbclient + and rpcclient.

	
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
+	
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer

One of the problems encountered when implementing + the Imprints tool set was the name space issues between + various supported client architectures. For example, Windows + NT includes a driver named "Apple LaserWriter II NTX v51.8" + and Windows 95 calls its version of this driver "Apple + LaserWriter II NTX"

The problem is how to know what client drivers have + been uploaded for a printer. As astute reader will remember + that the Windows NT Printer Properties dialog only includes + space for one printer driver name. A quick look in the + Windows NT 4.0 system registry at

HKLM\System\CurrentControlSet\Control\Print\Environment +

will reveal that Windows NT always uses the NT driver + name. This is ok as Windows NT always requires that at least + the Windows NT version of the printer driver is present. + However, Samba does not have the requirement internally. + Therefore, how can you use the NT driver name if is has not + already been installed?

The way of sidestepping this limitation is to require + that all Imprints printer driver packages include both the Intel + Windows NT and 95/98 printer drivers and that NT driver is + installed first.

7.4. Migration to from Samba 2.0.x to 2.2.x

Given that printer driver management has changed (we hope improved) in +2.2 over prior releases, migration from an existing setup to 2.2 can +follow several paths. Here are the possible scenarios for +migration:

  • If you do not desire the new Windows NT + print driver support, nothing needs to be done. + All existing parameters work the same.

  • If you want to take advantage of NT printer + driver support but do not want to migrate the + 9x drivers to the new setup, the leave the existing + printers.def file. When smbd attempts + to locate a + 9x driver for the printer in the TDB and fails it + will drop down to using the printers.def (and all + associated parameters). The make_printerdef + tool will also remain for backwards compatibility but will + be removed in the next major release.

  • If you install a Windows 9x driver for a printer + on your Samba host (in the printing TDB), this information will + take precedence and the three old printing parameters + will be ignored (including print driver location).

  • If you want to migrate an existing printers.def + file into the new setup, the current only solution is to use the Windows + NT APW to install the NT drivers and the 9x drivers. This can be scripted + using smbclient and rpcclient. See the + Imprints installation client at http://imprints.sourceforge.net/ + for an example. +

Achtung!
 

The following smb.conf parameters are considered to +be deprecated and will be removed soon. Do not use them in new +installations

  • printer driver file (G) +

  • printer driver (S) +

  • printer driver location (S) +

The have been two new parameters add in Samba 2.2.2 to for +better support of Samba 2.0.x backwards capability (disable +spoolss) and for using local printers drivers on Windows +NT/2000 clients (use client driver). Both of +these options are described in the smb.coinf(5) man page and are +disabled by default.

PrevHomeNext
UNIX Permission Bits and Windows NT Access Control Lists Debugging Printing Problems
\ No newline at end of file diff --git a/docs/htmldocs/printingdebug.html b/docs/htmldocs/printingdebug.html new file mode 100644 index 0000000000..6b11f83727 --- /dev/null +++ b/docs/htmldocs/printingdebug.html @@ -0,0 +1,496 @@ + +Debugging Printing Problems
SAMBA Project Documentation
PrevNext

Chapter 8. Debugging Printing Problems

8.1. Introduction

This is a short description of how to debug printing problems with +Samba. This describes how to debug problems with printing from a SMB +client to a Samba server, not the other way around. For the reverse +see the examples/printing directory.

Ok, so you want to print to a Samba server from your PC. The first +thing you need to understand is that Samba does not actually do any +printing itself, it just acts as a middleman between your PC client +and your Unix printing subsystem. Samba receives the file from the PC +then passes the file to a external "print command". What print command +you use is up to you.

The whole things is controlled using options in smb.conf. The most +relevant options (which you should look up in the smb.conf man page) +are:

      [global]
+        print command     - send a file to a spooler
+        lpq command       - get spool queue status
+        lprm command      - remove a job
+      [printers]
+        path = /var/spool/lpd/samba

The following are nice to know about:

        queuepause command   - stop a printer or print queue
+        queueresume command  - start a printer or print queue

Example:

        print command = /usr/bin/lpr -r -P%p %s
+        lpq command   = /usr/bin/lpq    -P%p %s
+        lprm command  = /usr/bin/lprm   -P%p %j
+        queuepause command = /usr/sbin/lpc -P%p stop
+        queuepause command = /usr/sbin/lpc -P%p start

Samba should set reasonable defaults for these depending on your +system type, but it isn't clairvoyant. It is not uncommon that you +have to tweak these for local conditions. The commands should +always have fully specified pathnames, as the smdb may not have +the correct PATH values.

When you send a job to Samba to be printed, it will make a temporary +copy of it in the directory specified in the [printers] section. +and it should be periodically cleaned out. The lpr -r option +requests that the temporary copy be removed after printing; If +printing fails then you might find leftover files in this directory, +and it should be periodically cleaned out. Samba used the lpq +command to determine the "job number" assigned to your print job +by the spooler.

The %>letter< are "macros" that get dynamically replaced with appropriate +values when they are used. The %s gets replaced with the name of the spool +file that Samba creates and the %p gets replaced with the name of the +printer. The %j gets replaced with the "job number" which comes from +the lpq output.

8.2. Debugging printer problems

One way to debug printing problems is to start by replacing these +command with shell scripts that record the arguments and the contents +of the print file. A simple example of this kind of things might +be:

	print command = /tmp/saveprint %p %s
+
+    #!/bin/saveprint
+    # we make sure that we are the right user
+    /usr/bin/id -p >/tmp/tmp.print
+    # we run the command and save the error messages
+    # replace the command with the one appropriate for your system
+    /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print

Then you print a file and try removing it. You may find that the +print queue needs to be stopped in order to see the queue status +and remove the job:


h4: {42} % echo hi >/tmp/hi
+h4: {43} % smbclient //localhost/lw4
+added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0
+Password: 
+Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7]
+smb: \> print /tmp/hi
+putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s)
+smb: \> queue
+1049     3            hi-17534
+smb: \> cancel 1049
+Error cancelling job 1049 : code 0
+smb: \> cancel 1049
+Job 1049 cancelled
+smb: \> queue
+smb: \> exit

The 'code 0' indicates that the job was removed. The comment +by the smbclient is a bit misleading on this. +You can observe the command output and then and look at the +/tmp/tmp.print file to see what the results are. You can quickly +find out if the problem is with your printing system. Often people +have problems with their /etc/printcap file or permissions on +various print queues.

8.4. Setting up printcap and print servers

You may need to set up some printcaps for your Samba system to use. +It is strongly recommended that you use the facilities provided by +the print spooler to set up queues and printcap information.

Samba requires either a printcap or program to deliver printcap +information. This printcap information has the format:

  name|alias1|alias2...:option=value:...

For almost all printing systems, the printer 'name' must be composed +only of alphanumeric or underscore '_' characters. Some systems also +allow hyphens ('-') as well. An alias is an alternative name for the +printer, and an alias with a space in it is used as a 'comment' +about the printer. The printcap format optionally uses a \ at the end of lines +to extend the printcap to multiple lines.

Here are some examples of printcap files:

  1. pr just printer name

  2. pr|alias printer name and alias

  3. pr|My Printer printer name, alias used as comment

  4. pr:sh:\ Same as pr:sh:cm= testing + :cm= \ + testing

  5. pr:sh Same as pr:sh:cm= testing + :cm= testing

Samba reads the printcap information when first started. If you make +changes in the printcap information, then you must do the following:

  1. make sure that the print spooler is aware of these changes. +The LPRng system uses the 'lpc reread' command to do this.

  2. make sure that the spool queues, etc., exist and have the +correct permissions. The LPRng system uses the 'checkpc -f' +command to do this.

  3. You now should send a SIGHUP signal to the smbd server to have +it reread the printcap information.

8.5. Job sent, no output

This is the most frustrating part of printing. You may have sent the +job, verified that the job was forwarded, set up a wrapper around +the command to send the file, but there was no output from the printer.

First, check to make sure that the job REALLY is getting to the +right print queue. If you are using a BSD or LPRng print spooler, +you can temporarily stop the printing of jobs. Jobs can still be +submitted, but they will not be printed. Use:

  lpc -Pprinter stop

Now submit a print job and then use 'lpq -Pprinter' to see if the +job is in the print queue. If it is not in the print queue then +you will have to find out why it is not being accepted for printing.

Next, you may want to check to see what the format of the job really +was. With the assistance of the system administrator you can view +the submitted jobs files. You may be surprised to find that these +are not in what you would expect to call a printable format. +You can use the UNIX 'file' utitily to determine what the job +format actually is:

    cd /var/spool/lpd/printer   # spool directory of print jobs
+    ls                          # find job files
+    file dfA001myhost

You should make sure that your printer supports this format OR that +your system administrator has installed a 'print filter' that will +convert the file to a format appropriate for your printer.

8.6. Job sent, strange output

Once you have the job printing, you can then start worrying about +making it print nicely.

The most common problem is extra pages of output: banner pages +OR blank pages at the end.

If you are getting banner pages, check and make sure that the +printcap option or printer option is configured for no banners. +If you have a printcap, this is the :sh (suppress header or banner +page) option. You should have the following in your printer.

   printer: ... :sh

If you have this option and are still getting banner pages, there +is a strong chance that your printer is generating them for you +automatically. You should make sure that banner printing is disabled +for the printer. This usually requires using the printer setup software +or procedures supplied by the printer manufacturer.

If you get an extra page of output, this could be due to problems +with your job format, or if you are generating PostScript jobs, +incorrect setting on your printer driver on the MicroSoft client. +For example, under Win95 there is a option:

  Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|

that allows you to choose if a Ctrl-D is appended to all jobs. +This is a very bad thing to do, as most spooling systems will +automatically add a ^D to the end of the job if it is detected as +PostScript. The multiple ^D may cause an additional page of output.

PrevHomeNext
Printing Support in Samba 2.2.x Security levels
\ No newline at end of file diff --git a/docs/htmldocs/samba-bdc.html b/docs/htmldocs/samba-bdc.html new file mode 100644 index 0000000000..e543ac5047 --- /dev/null +++ b/docs/htmldocs/samba-bdc.html @@ -0,0 +1,341 @@ + +How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
SAMBA Project Documentation
PrevNext

Chapter 13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

13.2. Background

What is a Domain Controller? It is a machine that is able to answer +logon requests from workstations in a Windows NT Domain. Whenever a +user logs into a Windows NT Workstation, the workstation connects to a +Domain Controller and asks him whether the username and password the +user typed in is correct. The Domain Controller replies with a lot of +information about the user, for example the place where the users +profile is stored, the users full name of the user. All this +information is stored in the NT user database, the so-called SAM.

There are two kinds of Domain Controller in a NT 4 compatible Domain: +A Primary Domain Controller (PDC) and one or more Backup Domain +Controllers (BDC). The PDC contains the master copy of the +SAM. Whenever the SAM has to change, for example when a user changes +his password, this change has to be done on the PDC. A Backup Domain +Controller is a machine that maintains a read-only copy of the +SAM. This way it is able to reply to logon requests and authenticate +users in case the PDC is not available. During this time no changes to +the SAM are possible. Whenever changes to the SAM are done on the PDC, +all BDC receive the changes from the PDC.

Since version 2.2 Samba officially supports domain logons for all +current Windows Clients, including Windows 2000 and XP. This text +assumes the domain to be named SAMBA. To be able to act as a PDC, some +parameters in the [global]-section of the smb.conf have to be set:

workgroup = SAMBA
+domain master = yes
+domain logons = yes

Several other things like a [homes] and a [netlogon] share also may be +set along with settings for the profile path, the users home drive and +others. This will not be covered in this document.

13.3. What qualifies a Domain Controller on the network?

Every machine that is a Domain Controller for the domain SAMBA has to +register the NetBIOS group name SAMBA#1c with the WINS server and/or +by broadcast on the local network. The PDC also registers the unique +NetBIOS name SAMBA#1b with the WINS server. The name type #1b is +normally reserved for the domain master browser, a role that has +nothing to do with anything related to authentication, but the +Microsoft Domain implementation requires the domain master browser to +be on the same machine as the PDC.

13.5. How do I set up a Samba BDC?

Several things have to be done:

Finally, the BDC has to be found by the workstations. This can be done +by setting

workgroup = samba
+domain master = no
+domain logons = yes

in the [global]-section of the smb.conf of the BDC. This makes the BDC +only register the name SAMBA#1c with the WINS server. This is no +problem as the name SAMBA#1c is a NetBIOS group name that is meant to +be registered by more than one machine. The parameter 'domain master = +no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS +name is reserved for the Primary Domain Controller.

PrevHomeNext
How to Configure Samba 2.2 as a Primary Domain Controller Storing Samba's User/Machine Account information in an LDAP Directory
\ No newline at end of file diff --git a/docs/htmldocs/samba-ldap-howto.html b/docs/htmldocs/samba-ldap-howto.html new file mode 100644 index 0000000000..11553d440c --- /dev/null +++ b/docs/htmldocs/samba-ldap-howto.html @@ -0,0 +1,979 @@ + +Storing Samba's User/Machine Account information in an LDAP Directory
SAMBA Project Documentation
PrevNext

Chapter 14. Storing Samba's User/Machine Account information in an LDAP Directory

14.1. Purpose

This document describes how to use an LDAP directory for storing Samba user +account information traditionally stored in the smbpasswd(5) file. It is +assumed that the reader already has a basic understanding of LDAP concepts +and has a working directory server already installed. For more information +on LDAP architectures and Directories, please refer to the following sites.

Note that O'Reilly Publishing is working on +a guide to LDAP for System Administrators which has a planned release date of +early summer, 2002.

Two additional Samba resources which may prove to be helpful are

  • The Samba-PDC-LDAP-HOWTO + maintained by Ignacio Coupeau.

  • The NT migration scripts from IDEALX that are + geared to manage users and group in such a Samba-LDAP Domain Controller configuration. +

14.2. Introduction

Traditionally, when configuring "encrypt +passwords = yes" in Samba's smb.conf file, user account +information such as username, LM/NT password hashes, password change times, and account +flags have been stored in the smbpasswd(5) file. There are several +disadvantages to this approach for sites with very large numbers of users (counted +in the thousands).

  • The first is that all lookups must be performed sequentially. Given that +there are approximately two lookups per domain logon (one for a normal +session connection such as when mapping a network drive or printer), this +is a performance bottleneck for lareg sites. What is needed is an indexed approach +such as is used in databases.

  • The second problem is that administrators who desired to replicate a +smbpasswd file to more than one Samba server were left to use external +tools such as rsync(1) and ssh(1) +and wrote custom, in-house scripts.

  • And finally, the amount of information which is stored in an +smbpasswd entry leaves no room for additional attributes such as +a home directory, password expiration time, or even a Relative +Identified (RID).

As a result of these defeciencies, a more robust means of storing user attributes +used by smbd was developed. The API which defines access to user accounts +is commonly referred to as the samdb interface (previously this was called the passdb +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +for a samdb backend (e.g. --with-ldapsam or +--with-tdbsam) requires compile time support.

When compiling Samba to include the --with-ldapsam autoconf +option, smbd (and associated tools) will store and lookup user accounts in +an LDAP directory. In reality, this is very easy to understand. If you are +comfortable with using an smbpasswd file, simply replace "smbpasswd" with +"LDAP directory" in all the documentation.

There are a few points to stress about what the --with-ldapsam +does not provide. The LDAP support referred to in the this documentation does not +include:

  • A means of retrieving user account information from + an Windows 2000 Active Directory server.

  • A means of replacing /etc/passwd.

The second item can be accomplished by using LDAP NSS and PAM modules. LGPL +versions of these libraries can be obtained from PADL Software +(http://www.padl.com/). However, +the details of configuring these packages are beyond the scope of this document.

14.4. Schema and Relationship to the RFC 2307 posixAccount

Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in +examples/LDAP/samba.schema. (Note that this schema +file has been modified since the experimental support initially included +in 2.2.2). The sambaAccount objectclass is given here:

objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+     DESC 'Samba Account'
+     MUST ( uid $ rid )
+     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+            description $ userWorkstations $ primaryGroupID $ domain ))

The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are +owned by the Samba Team and as such is legal to be openly published. +If you translate the schema to be used with Netscape DS, please +submit the modified schema file as a patch to jerry@samba.org

Just as the smbpasswd file is mean to store information which supplements a +user's /etc/passwd entry, so is the sambaAccount object +meant to supplement the UNIX user account information. A sambaAccount is a +STRUCTURAL objectclass so it can be stored individually +in the directory. However, there are several fields (e.g. uid) which overlap +with the posixAccount objectclass outlined in RFC2307. This is by design.

In order to store all user account information (UNIX and Samba) in the directory, +it is necessary to use the sambaAccount and posixAccount objectclasses in +combination. However, smbd will still obtain the user's UNIX account +information via the standard C library calls (e.g. getpwnam(), et. al.). +This means that the Samba server must also have the LDAP NSS library installed +and functioning correctly. This division of information makes it possible to +store all Samba account information in LDAP, but still maintain UNIX account +information in NIS while the network is transitioning to a full LDAP infrastructure.

14.5. Configuring Samba with LDAP

14.5.1. OpenLDAP configuration

To include support for the sambaAccount object in an OpenLDAP directory +server, first copy the samba.schema file to slapd's configuration directory.

root# cp samba.schema /etc/openldap/schema/

Next, include the samba.schema file in slapd.conf. +The sambaAccount object contains two attributes which depend upon other schema +files. The 'uid' attribute is defined in cosine.schema and +the 'displayName' attribute is defined in the inetorgperson.schema +file. Both of these must be included before the samba.schema file.

## /etc/openldap/slapd.conf
+
+## schema files (core.schema is required by default)
+include	           /etc/openldap/schema/core.schema
+
+## needed for sambaAccount
+include            /etc/openldap/schema/cosine.schema
+include            /etc/openldap/schema/inetorgperson.schema
+include            /etc/openldap/schema/samba.schema
+
+## uncomment this line if you want to support the RFC2307 (NIS) schema
+## include         /etc/openldap/schema/nis.schema
+
+....

It is recommended that you maintain some indices on some of the most usefull attributes, +like in the following example, to speed up searches made on sambaAccount objectclasses +(and possibly posixAccount and posixGroup as well).

# Indices to maintain
+## required by OpenLDAP 2.0
+index objectclass   eq
+
+## support pb_getsampwnam()
+index uid           pres,eq
+## support pdb_getsambapwrid()
+index rid           eq
+
+## uncomment these if you are storing posixAccount and
+## posixGroup entries in the directory as well
+##index uidNumber     eq
+##index gidNumber     eq
+##index cn            eq
+##index memberUid     eq

14.5.2. Configuring Samba

The following parameters are available in smb.conf only with --with-ldapsam +was included with compiling Samba.

These are described in the smb.conf(5) man +page and so will not be repeated here. However, a sample smb.conf file for +use with an LDAP directory could appear as

## /usr/local/samba/lib/smb.conf
+[global]
+     security = user
+     encrypt passwords = yes
+
+     netbios name = TASHTEGO
+     workgroup = NARNIA
+
+     # ldap related parameters
+
+     # define the DN to use when binding to the directory servers
+     # The password for this DN is not stored in smb.conf.  Rather it
+     # must be set by using 'smbpasswd -w secretpw' to store the
+     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
+     # changes, this password will need to be reset.
+     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
+
+     #  specify the LDAP server's hostname (defaults to locahost)
+     ldap server = ahab.samba.org
+
+     # Define the SSL option when connecting to the directory
+     # ('off', 'start tls', or 'on' (default))
+     ldap ssl = start tls
+
+     # define the port to use in the LDAP session (defaults to 636 when
+     # "ldap ssl = on")
+     ldap port = 389
+
+     # specify the base DN to use when searching the directory
+     ldap suffix = "ou=people,dc=samba,dc=org"
+
+     # generally the default ldap search filter is ok
+     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"

14.6. Accounts and Groups management

As users accounts are managed thru the sambaAccount objectclass, you should +modify you existing administration tools to deal with sambaAccount attributes.

Machines accounts are managed with the sambaAccount objectclass, just +like users accounts. However, it's up to you to stored thoses accounts +in a different tree of you LDAP namespace: you should use +"ou=Groups,dc=plainjoe,dc=org" to store groups and +"ou=People,dc=plainjoe,dc=org" to store users. Just configure your +NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration +file).

In Samba release 2.2.3, the group management system is based on posix +groups. This meand that Samba make usage of the posixGroup objectclass. +For now, there is no NT-like group system management (global and local +groups).

14.7. Security and sambaAccount

There are two important points to remember when discussing the security +of sambaAccount entries in the directory.

These password hashes are clear text equivalents and can be used to impersonate +the user without deriving the original clear text strings. For more information +on the details of LM/NT password hashes, refer to the ENCRYPTION chapter of the Samba-HOWTO-Collection.

To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults +to require an encrypted session (ldap ssl = on) using +the default port of 636 +when contacting the directory server. When using an OpenLDAP 2.0 server, it +is possible to use the use the StartTLS LDAP extended operation in the place of +LDAPS. In either case, you are strongly discouraged to disable this security +(ldap ssl = off).

Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS +extended operation. However, the OpenLDAP library still provides support for +the older method of securing communication between clients and servers.

The second security precaution is to prevent non-administrative users from +harvesting password hashes from the directory. This can be done using the +following ACL in slapd.conf:

## allow the "ldap admin dn" access, but deny everyone else
+access to attrs=lmPassword,ntPassword
+     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
+     by * none

14.8. LDAP specials attributes for sambaAccounts

The sambaAccount objectclass is composed of the following attributes:

The majority of these parameters are only used when Samba is acting as a PDC of +a domain (refer to the Samba-PDC-HOWTO for details on +how to configure Samba as a Primary Domain Controller). The following four attributes +are only stored with the sambaAccount entry if the values are non-default values:

  • smbHome

  • scriptPath

  • logonPath

  • homeDrive

These attributes are only stored with the sambaAccount entry if +the values are non-default values. For example, assume TASHTEGO has now been +configured as a PDC and that logon home = \\%L\%u was defined in +its smb.conf file. When a user named "becky" logons to the domain, +the logon home string is expanded to \\TASHTEGO\becky. +If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", +this value is used. However, if this attribute does not exist, then the value +of the logon home parameter is used in its place. Samba +will only write the attribute value to the directory entry is the value is +something other than the default (e.g. \\MOBY\becky).

14.9. Example LDIF Entries for a sambaAccount

The following is a working LDIF with the inclusion of the posixAccount objectclass:

dn: uid=guest2, ou=people,dc=plainjoe,dc=org
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+pwdMustChange: 2147483647
+primaryGroupID: 1201
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+pwdLastSet: 1010179124
+logonTime: 0
+objectClass: sambaAccount
+uid: guest2
+kickoffTime: 2147483647
+acctFlags: [UX         ]
+logoffTime: 2147483647
+rid: 19006
+pwdCanChange: 0

The following is an LDIF entry for using both the sambaAccount and +posixAccount objectclasses:

dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7

14.10. Comments

Please mail all comments regarding this HOWTO to jerry@samba.org. This documents was +last updated to reflect the Samba 2.2.3 release.

PrevHomeNext
How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain Improved browsing in samba
\ No newline at end of file diff --git a/docs/htmldocs/security_level.html b/docs/htmldocs/security_level.html deleted file mode 100644 index e26e1ea78b..0000000000 --- a/docs/htmldocs/security_level.html +++ /dev/null @@ -1,169 +0,0 @@ -Security levels

Introduction

Samba supports the following options to the global smb.conf parameter

[global]
-security = [share|user(default)|domain|ads]

Please refer to the smb.conf man page for usage information and to the document -DOMAIN_MEMBER.html for further background details -on domain mode security. The Windows 2000 Kerberos domain security model -(security = ads) is described in the ADS-HOWTO.html.

Of the above, "security = server" means that Samba reports to clients that -it is running in "user mode" but actually passes off all authentication -requests to another "user mode" server. This requires an additional -parameter "password server =" that points to the real authentication server. -That real authentication server can be another Samba server or can be a -Windows NT server, the later natively capable of encrypted password support.

More complete description of security levels

A SMB server tells the client at startup what "security level" it is -running. There are two options "share level" and "user level". Which -of these two the client receives affects the way the client then tries -to authenticate itself. It does not directly affect (to any great -extent) the way the Samba server does security. I know this is -strange, but it fits in with the client/server approach of SMB. In SMB -everything is initiated and controlled by the client, and the server -can only tell the client what is available and whether an action is -allowed.

I'll describe user level security first, as its simpler. In user level -security the client will send a "session setup" command directly after -the protocol negotiation. This contains a username and password. The -server can either accept or reject that username/password -combination. Note that at this stage the server has no idea what -share the client will eventually try to connect to, so it can't base -the "accept/reject" on anything other than:

  1. the username/password

  2. the machine that the client is coming from

If the server accepts the username/password then the client expects to -be able to mount any share (using a "tree connection") without -specifying a password. It expects that all access rights will be as -the username/password specified in the "session setup".

It is also possible for a client to send multiple "session setup" -requests. When the server responds it gives the client a "uid" to use -as an authentication tag for that username/password. The client can -maintain multiple authentication contexts in this way (WinDD is an -example of an application that does this)

Ok, now for share level security. In share level security the client -authenticates itself separately for each share. It will send a -password along with each "tree connection" (share mount). It does not -explicitly send a username with this operation. The client is -expecting a password to be associated with each share, independent of -the user. This means that samba has to work out what username the -client probably wants to use. It is never explicitly sent the -username. Some commercial SMB servers such as NT actually associate -passwords directly with shares in share level security, but samba -always uses the unix authentication scheme where it is a -username/password that is authenticated, not a "share/password".

Many clients send a "session setup" even if the server is in share -level security. They normally send a valid username but no -password. Samba records this username in a list of "possible -usernames". When the client then does a "tree connection" it also adds -to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the "user =" smb.conf -line. The password is then checked in turn against these "possible -usernames". If a match is found then the client is authenticated as -that user.

Finally "server level" security. In server level security the samba -server reports to the client that it is in user level security. The -client then does a "session setup" as described earlier. The samba -server takes the username/password that the client sends and attempts -to login to the "password server" by sending exactly the same -username/password that it got from the client. If that server is in -user level security and accepts the password then samba accepts the -clients connection. This allows the samba server to use another SMB -server as the "password server".

You should also note that at the very start of all this, where the -server tells the client what security level it is in, it also tells -the client if it supports encryption. If it does then it supplies the -client with a random "cryptkey". The client will then send all -passwords in encrypted form. You have to compile samba with encryption -enabled to support this feature, and you have to maintain a separate -smbpasswd file with SMB style encrypted passwords. It is -cryptographically impossible to translate from unix style encryption -to SMB style encryption, although there are some fairly simple management -schemes by which the two could be kept in sync.

\ No newline at end of file diff --git a/docs/htmldocs/securitylevels.html b/docs/htmldocs/securitylevels.html new file mode 100644 index 0000000000..54ae57efd4 --- /dev/null +++ b/docs/htmldocs/securitylevels.html @@ -0,0 +1,271 @@ + +Security levels
SAMBA Project Documentation
PrevNext

Chapter 9. Security levels

9.1. Introduction

Samba supports the following options to the global smb.conf parameter

[global]
+security = [share|user(default)|domain|ads]

Please refer to the smb.conf man page for usage information and to the document +DOMAIN_MEMBER.html for further background details +on domain mode security. The Windows 2000 Kerberos domain security model +(security = ads) is described in the ADS-HOWTO.html.

Of the above, "security = server" means that Samba reports to clients that +it is running in "user mode" but actually passes off all authentication +requests to another "user mode" server. This requires an additional +parameter "password server =" that points to the real authentication server. +That real authentication server can be another Samba server or can be a +Windows NT server, the later natively capable of encrypted password support.

9.2. More complete description of security levels

A SMB server tells the client at startup what "security level" it is +running. There are two options "share level" and "user level". Which +of these two the client receives affects the way the client then tries +to authenticate itself. It does not directly affect (to any great +extent) the way the Samba server does security. I know this is +strange, but it fits in with the client/server approach of SMB. In SMB +everything is initiated and controlled by the client, and the server +can only tell the client what is available and whether an action is +allowed.

I'll describe user level security first, as its simpler. In user level +security the client will send a "session setup" command directly after +the protocol negotiation. This contains a username and password. The +server can either accept or reject that username/password +combination. Note that at this stage the server has no idea what +share the client will eventually try to connect to, so it can't base +the "accept/reject" on anything other than:

  1. the username/password

  2. the machine that the client is coming from

If the server accepts the username/password then the client expects to +be able to mount any share (using a "tree connection") without +specifying a password. It expects that all access rights will be as +the username/password specified in the "session setup".

It is also possible for a client to send multiple "session setup" +requests. When the server responds it gives the client a "uid" to use +as an authentication tag for that username/password. The client can +maintain multiple authentication contexts in this way (WinDD is an +example of an application that does this)

Ok, now for share level security. In share level security the client +authenticates itself separately for each share. It will send a +password along with each "tree connection" (share mount). It does not +explicitly send a username with this operation. The client is +expecting a password to be associated with each share, independent of +the user. This means that samba has to work out what username the +client probably wants to use. It is never explicitly sent the +username. Some commercial SMB servers such as NT actually associate +passwords directly with shares in share level security, but samba +always uses the unix authentication scheme where it is a +username/password that is authenticated, not a "share/password".

Many clients send a "session setup" even if the server is in share +level security. They normally send a valid username but no +password. Samba records this username in a list of "possible +usernames". When the client then does a "tree connection" it also adds +to this list the name of the share they try to connect to (useful for +home directories) and any users listed in the "user =" smb.conf +line. The password is then checked in turn against these "possible +usernames". If a match is found then the client is authenticated as +that user.

Finally "server level" security. In server level security the samba +server reports to the client that it is in user level security. The +client then does a "session setup" as described earlier. The samba +server takes the username/password that the client sends and attempts +to login to the "password server" by sending exactly the same +username/password that it got from the client. If that server is in +user level security and accepts the password then samba accepts the +clients connection. This allows the samba server to use another SMB +server as the "password server".

You should also note that at the very start of all this, where the +server tells the client what security level it is in, it also tells +the client if it supports encryption. If it does then it supplies the +client with a random "cryptkey". The client will then send all +passwords in encrypted form. You have to compile samba with encryption +enabled to support this feature, and you have to maintain a separate +smbpasswd file with SMB style encrypted passwords. It is +cryptographically impossible to translate from unix style encryption +to SMB style encryption, although there are some fairly simple management +schemes by which the two could be kept in sync.

PrevHomeNext
Debugging Printing Problems security = domain in Samba 2.x
\ No newline at end of file diff --git a/docs/htmldocs/speed.html b/docs/htmldocs/speed.html new file mode 100644 index 0000000000..67843d6190 --- /dev/null +++ b/docs/htmldocs/speed.html @@ -0,0 +1,616 @@ + +Samba performance issues
SAMBA Project Documentation
PrevNext

Chapter 16. Samba performance issues

16.1. Comparisons

The Samba server uses TCP to talk to the client. Thus if you are +trying to see if it performs well you should really compare it to +programs that use the same protocol. The most readily available +programs for file transfer that use TCP are ftp or another TCP based +SMB server.

If you want to test against something like a NT or WfWg server then +you will have to disable all but TCP on either the client or +server. Otherwise you may well be using a totally different protocol +(such as Netbeui) and comparisons may not be valid.

Generally you should find that Samba performs similarly to ftp at raw +transfer speed. It should perform quite a bit faster than NFS, +although this very much depends on your system.

Several people have done comparisons between Samba and Novell, NFS or +WinNT. In some cases Samba performed the best, in others the worst. I +suspect the biggest factor is not Samba vs some other system but the +hardware and drivers used on the various systems. Given similar +hardware Samba should certainly be competitive in speed with other +systems.

16.2. Oplocks

16.2.1. Overview

Oplocks are the way that SMB clients get permission from a server to +locally cache file operations. If a server grants an oplock +(opportunistic lock) then the client is free to assume that it is the +only one accessing the file and it will agressively cache file +data. With some oplock types the client may even cache file open/close +operations. This can give enormous performance benefits.

With the release of Samba 1.9.18 we now correctly support opportunistic +locks. This is turned on by default, and can be turned off on a share- +by-share basis by setting the parameter :

oplocks = False

We recommend that you leave oplocks on however, as current benchmark +tests with NetBench seem to give approximately a 30% improvement in +speed with them on. This is on average however, and the actual +improvement seen can be orders of magnitude greater, depending on +what the client redirector is doing.

Previous to Samba 1.9.18 there was a 'fake oplocks' option. This +option has been left in the code for backwards compatibility reasons +but it's use is now deprecated. A short summary of what the old +code did follows.

16.3. Socket options

There are a number of socket options that can greatly affect the +performance of a TCP based server like Samba.

The socket options that Samba uses are settable both on the command +line with the -O option, or in the smb.conf file.

The "socket options" section of the smb.conf manual page describes how +to set these and gives recommendations.

Getting the socket options right can make a big difference to your +performance, but getting them wrong can degrade it by just as +much. The correct settings are very dependent on your local network.

The socket option TCP_NODELAY is the one that seems to make the +biggest single difference for most networks. Many people report that +adding "socket options = TCP_NODELAY" doubles the read performance of +a Samba drive. The best explanation I have seen for this is that the +Microsoft TCP/IP stack is slow in sending tcp ACKs.

16.4. Read size

The option "read size" affects the overlap of disk reads/writes with +network reads/writes. If the amount of data being transferred in +several of the SMB commands (currently SMBwrite, SMBwriteX and +SMBreadbraw) is larger than this value then the server begins writing +the data before it has received the whole packet from the network, or +in the case of SMBreadbraw, it begins writing to the network before +all the data has been read from disk.

This overlapping works best when the speeds of disk and network access +are similar, having very little effect when the speed of one is much +greater than the other.

The default value is 16384, but very little experimentation has been +done yet to determine the optimal value, and it is likely that the best +value will vary greatly between systems anyway. A value over 65536 is +pointless and will cause you to allocate memory unnecessarily.

16.7. Share modes

Some people find that opening files is very slow. This is often +because of the "share modes" code needed to fully implement the dos +share modes stuff. You can disable this code using "share modes = +no". This will gain you a lot in opening and closing files but will +mean that (in some cases) the system won't force a second user of a +file to open the file read-only if the first has it open +read-write. For many applications that do their own locking this +doesn't matter, but for some it may. Most Windows applications +depend heavily on "share modes" working correctly and it is +recommended that the Samba share mode support be left at the +default of "on".

The share mode code in Samba has been re-written in the 1.9.17 +release following tests with the Ziff-Davis NetBench PC Benchmarking +tool. It is now believed that Samba 1.9.17 implements share modes +similarly to Windows NT.

NOTE: In the most recent versions of Samba there is an option to use +shared memory via mmap() to implement the share modes. This makes +things much faster. See the Makefile for how to enable this.

16.16. Client tuning

Often a speed problem can be traced to the client. The client (for +example Windows for Workgroups) can often be tuned for better TCP +performance.

See your client docs for details. In particular, I have heard rumours +that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a +large impact on performance.

Also note that some people have found that setting DefaultRcvWindow in +the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a +big improvement. I don't know why.

My own experience wth DefaultRcvWindow is that I get much better +performance with a large value (16384 or larger). Other people have +reported that anything over 3072 slows things down enourmously. One +person even reported a speed drop of a factor of 30 when he went from +3072 to 8192. I don't know why.

It probably depends a lot on your hardware, and the type of unix box +you have at the other end of the link.

Paul Cochrane has done some testing on client side tuning and come +to the following conclusions:

Install the W2setup.exe file from www.microsoft.com. This is an +update for the winsock stack and utilities which improve performance.

Configure the win95 TCPIP registry settings to give better +perfomance. I use a program called MTUSPEED.exe which I got off the +net. There are various other utilities of this type freely available. +The setting which give the best performance for me are:

  1. MaxMTU Remove

  2. RWIN Remove

  3. MTUAutoDiscover Disable

  4. MTUBlackHoleDetect Disable

  5. Time To Live Enabled

  6. Time To Live - HOPS 32

  7. NDI Cache Size 0

I tried virtually all of the items mentioned in the document and +the only one which made a difference to me was the socket options. It +turned out I was better off without any!!!!!

In terms of overall speed of transfer, between various win95 clients +and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE +drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.

FIXME +The figures are: Put Get +P166 client 3Com card: 420-440kB/s 500-520kB/s +P100 client 3Com card: 390-410kB/s 490-510kB/s +DX4-75 client NE2000: 370-380kB/s 330-350kB/s

I based these test on transfer two files a 4.5MB text file and a 15MB +textfile. The results arn't bad considering the hardware Samba is +running on. It's a crap machine!!!!

The updates mentioned in 1 and 2 brought up the transfer rates from +just over 100kB/s in some clients.

A new client is a P333 connected via a 100MB/s card and hub. The +transfer rates from this were good: 450-500kB/s on put and 600+kB/s +on get.

Looking at standard FTP throughput, Samba is a bit slower (100kB/s +upwards). I suppose there is more going on in the samba protocol, but +if it could get up to the rate of FTP the perfomance would be quite +staggering.

16.17. My Results

Some people want to see real numbers in a document like this, so here +they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b +tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC +Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to +set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My +server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC +Elite-16 card. You can see my server config in the examples/tridge/ +subdirectory of the distribution.

I get 490k/s on reading a 8Mb file with copy. +I get 441k/s writing the same file to the samba server.

Of course, there's a lot more to benchmarks than 2 raw throughput +figures, but it gives you a ballpark figure.

I've also tested Win95 and WinNT, and found WinNT gave me the best +speed as a samba client. The fastest client of all (for me) is +smbclient running on another linux box. Maybe I'll add those results +here someday ...

PrevHomeNext
Improved browsing in samba Samba and other CIFS clients
\ No newline at end of file diff --git a/docs/htmldocs/unix-permissions.html b/docs/htmldocs/unix-permissions.html new file mode 100644 index 0000000000..a10f307da7 --- /dev/null +++ b/docs/htmldocs/unix-permissions.html @@ -0,0 +1,898 @@ + +UNIX Permission Bits and Windows NT Access Control Lists
SAMBA Project Documentation
PrevNext

Chapter 6. UNIX Permission Bits and Windows NT Access Control Lists

6.2. How to view file security on a Samba share

From an NT 4.0 client, single-click with the right + mouse button on any file or directory in a Samba mounted + drive letter or UNC path. When the menu pops-up, click + on the Properties entry at the bottom of + the menu. This brings up the normal file properties dialog + box, but with Samba 2.0.4 this will have a new tab along the top + marked Security. Click on this tab and you + will see three buttons, Permissions, + Auditing, and Ownership. + The Auditing button will cause either + an error message A requested privilege is not held + by the client to appear if the user is not the + NT Administrator, or a dialog which is intended to allow an + Administrator to add auditing requirements to a file if the + user is logged on as the NT Administrator. This dialog is + non-functional with a Samba share at this time, as the only + useful button, the Add button will not currently + allow a list of users to be seen.

6.3. Viewing file ownership

Clicking on the "Ownership" button + brings up a dialog box telling you who owns the given file. The + owner name will be of the form :

"SERVER\user (Long name)"

Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database). Click on the Close + button to remove this dialog.

If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone".

The Take Ownership button will not allow + you to change the ownership of this file to yourself (clicking on + it will display a dialog box complaining that the user you are + currently logged onto the NT client cannot be found). The reason + for this is that changing the ownership of a file is a privileged + operation in UNIX, available only to the root + user. As clicking on this button causes NT to attempt to change + the ownership of a file to the current user logged into the NT + client this will not work with Samba at this time.

There is an NT chown command that will work with Samba + and allow a user with Administrator privilege connected + to a Samba 2.0.4 server as root to change the ownership of + files on both a local NTFS filesystem or remote mounted NTFS + or Samba drive. This is available as part of the Seclib + NT security library written by Jeremy Allison of + the Samba Team, available from the main Samba ftp site.

6.4. Viewing file or directory permissions

The third button is the "Permissions" + button. Clicking on this brings up a dialog box that shows both + the permissions and the UNIX owner of the file or directory. + The owner is displayed in the form :

"SERVER\user (Long name)"

Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database).

If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone" and the + permissions will be shown as NT "Full Control".

The permissions field is displayed differently for files + and directories, so I'll describe the way file permissions + are displayed first.

6.4.1. File Permissions

The standard UNIX user/group/world triple and + the corresponding "read", "write", "execute" permissions + triples are mapped by Samba into a three element NT ACL + with the 'r', 'w', and 'x' bits mapped into the corresponding + NT permissions. The UNIX world permissions are mapped into + the global NT group Everyone, followed + by the list of permissions allowed for UNIX world. The UNIX + owner and group permissions are displayed as an NT + user icon and an NT local + group icon respectively followed by the list + of permissions allowed for the UNIX user and group.

As many UNIX permission sets don't map into common + NT names such as "read", "change" or "full control" then + usually the permissions will be prefixed by the words "Special Access" in the NT display list.

But what happens if the file has no permissions allowed + for a particular UNIX user group or world component ? In order + to allow "no permissions" to be seen and modified then Samba + overloads the NT "Take Ownership" ACL attribute + (which has no meaning in UNIX) and reports a component with + no permissions as having the NT "O" bit set. + This was chosen of course to make it look like a zero, meaning + zero permissions. More details on the decision behind this will + be given below.

6.5. Modifying file or directory permissions

Modifying file and directory permissions is as simple + as changing the displayed permissions in the dialog box, and + clicking the OK button. However, there are + limitations that a user needs to be aware of, and also interactions + with the standard Samba permission masks and mapping of DOS + attributes that need to also be taken into account.

If the parameter nt acl support + is set to false then any attempt to set + security permissions will fail with an "Access Denied" + message.

The first thing to note is that the "Add" + button will not return a list of users in Samba 2.0.4 (it will give + an error message of "The remote procedure call failed + and did not execute"). This means that you can only + manipulate the current user/group/world permissions listed in + the dialog box. This actually works quite well as these are the + only permissions that UNIX actually has.

If a permission triple (either user, group, or world) + is removed from the list of permissions in the NT dialog box, + then when the "OK" button is pressed it will + be applied as "no permissions" on the UNIX side. If you then + view the permissions again the "no permissions" entry will appear + as the NT "O" flag, as described above. This + allows you to add permissions back to a file or directory once + you have removed them from a triple component.

As UNIX supports only the "r", "w" and "x" bits of + an NT ACL then if other NT security attributes such as "Delete + access" are selected then they will be ignored when applied on + the Samba server.

When setting permissions on a directory the second + set of permissions (in the second set of parentheses) is + by default applied to all files within that directory. If this + is not what you want you must uncheck the "Replace + permissions on existing files" checkbox in the NT + dialog before clicking "OK".

If you wish to remove all permissions from a + user/group/world component then you may either highlight the + component and click the "Remove" button, + or set the component to only have the special "Take + Ownership" permission (displayed as "O" + ) highlighted.

6.6. Interaction with the standard Samba create mask + parameters

Note that with Samba 2.0.5 there are four new parameters + to control this interaction. These are :

security mask

force security mode

directory security mask

force directory security mode

Once a user clicks "OK" to apply the + permissions Samba maps the given permissions into a user/group/world + r/w/x triple set, and then will check the changed permissions for a + file against the bits set in the + security mask parameter. Any bits that + were changed that are not set to '1' in this parameter are left alone + in the file permissions.

Essentially, zero bits in the security mask + mask may be treated as a set of bits the user is not + allowed to change, and one bits are those the user is allowed to change. +

If not set explicitly this parameter is set to the same value as + the create mask + parameter to provide compatibility with Samba 2.0.4 + where this permission change facility was introduced. To allow a user to + modify all the user/group/world permissions on a file, set this parameter + to 0777.

Next Samba checks the changed permissions for a file against + the bits set in the force security mode parameter. Any bits + that were changed that correspond to bits set to '1' in this parameter + are forced to be set.

Essentially, bits set in the force security mode + parameter may be treated as a set of bits that, when + modifying security on a file, the user has always set to be 'on'.

If not set explicitly this parameter is set to the same value + as the force + create mode parameter to provide compatibility + with Samba 2.0.4 where the permission change facility was introduced. + To allow a user to modify all the user/group/world permissions on a file + with no restrictions set this parameter to 000.

The security mask and force + security mode parameters are applied to the change + request in that order.

For a directory Samba will perform the same operations as + described above for a file except using the parameter directory security mask instead of security + mask, and force directory security mode + parameter instead of force security mode + .

The directory security mask parameter + by default is set to the same value as the directory mask + parameter and the force directory security + mode parameter by default is set to the same value as + the force directory mode parameter to provide + compatibility with Samba 2.0.4 where the permission change facility + was introduced.

In this way Samba enforces the permission restrictions that + an administrator can set on a Samba share, whilst still allowing users + to modify the permission bits within that restriction.

If you want to set up a share that allows users full control + in modifying the permission bits on their files and directories and + doesn't force any particular bits to be set 'on', then set the following + parameters in the smb.conf(5) + file in that share specific section :

security mask = 0777

force security mode = 0

directory security mask = 0777

force directory security mode = 0

As described, in Samba 2.0.4 the parameters :

create mask

force create mode

directory mask

force directory mode

were used instead of the parameters discussed here.

6.7. Interaction with the standard Samba file attribute + mapping

Samba maps some of the DOS attribute bits (such as "read + only") into the UNIX permissions of a file. This means there can + be a conflict between the permission bits set via the security + dialog and the permission bits set by the file attribute mapping. +

One way this can show up is if a file has no UNIX read access + for the owner it will show up as "read only" in the standard + file attributes tabbed dialog. Unfortunately this dialog is + the same one that contains the security info in another tab.

What this can mean is that if the owner changes the permissions + to allow themselves read access using the security dialog, clicks + "OK" to get back to the standard attributes tab + dialog, and then clicks "OK" on that dialog, then + NT will set the file permissions back to read-only (as that is what + the attributes still say in the dialog). This means that after setting + permissions and clicking "OK" to get back to the + attributes dialog you should always hit "Cancel" + rather than "OK" to ensure that your changes + are not overridden.

PrevHomeNext
Hosting a Microsoft Distributed File System tree on Samba Printing Support in Samba 2.2.x
\ No newline at end of file -- cgit From 2475f6ee3c2042f9a68311b577a72460241ab560 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Oct 2002 14:18:58 +0000 Subject: Add note to test 9 about 'encrypt passwords' (This used to be commit bc04c2c82fe5c236a030237032952c707bd17073) --- docs/docbook/projdoc/Diagnosis.sgml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/docbook/projdoc/Diagnosis.sgml b/docs/docbook/projdoc/Diagnosis.sgml index 20b2ccee08..3cc0bab5d5 100644 --- a/docs/docbook/projdoc/Diagnosis.sgml +++ b/docs/docbook/projdoc/Diagnosis.sgml @@ -443,7 +443,13 @@ It's also possible that the server can't work out what user name to connect you as. To see if this is the problem add the line "user = USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the username corresponding to the password you typed. If you find this -fixes things you may need the username mapping option. +fixes things you may need the username mapping option. + + + +It might also be the case that your client only sends encrypted passwords +and you have encrypt passwords = no in smb.conf. +Turn it back on to fix. -- cgit From 83e4c6ea4b27ce4645acea34c3184f8bb30c8e93 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 2 Oct 2002 14:36:55 +0000 Subject: more doc structure updates. SWAT now on links to the TOC for the HOWTO collection instead of linking each article. (This used to be commit a0e0a76e000c2962037dddde11261108b3d63e50) --- docs/htmldocs/Samba-BDC-HOWTO.html | 245 ------------------------------------- 1 file changed, 245 deletions(-) delete mode 100644 docs/htmldocs/Samba-BDC-HOWTO.html (limited to 'docs') diff --git a/docs/htmldocs/Samba-BDC-HOWTO.html b/docs/htmldocs/Samba-BDC-HOWTO.html deleted file mode 100644 index fd83c4e09a..0000000000 --- a/docs/htmldocs/Samba-BDC-HOWTO.html +++ /dev/null @@ -1,245 +0,0 @@ -How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

Prerequisite Reading

Before you continue reading in this chapter, please make sure -that you are comfortable with configuring a Samba PDC -as described in the Samba-PDC-HOWTO.

Background

What is a Domain Controller? It is a machine that is able to answer -logon requests from workstations in a Windows NT Domain. Whenever a -user logs into a Windows NT Workstation, the workstation connects to a -Domain Controller and asks him whether the username and password the -user typed in is correct. The Domain Controller replies with a lot of -information about the user, for example the place where the users -profile is stored, the users full name of the user. All this -information is stored in the NT user database, the so-called SAM.

There are two kinds of Domain Controller in a NT 4 compatible Domain: -A Primary Domain Controller (PDC) and one or more Backup Domain -Controllers (BDC). The PDC contains the master copy of the -SAM. Whenever the SAM has to change, for example when a user changes -his password, this change has to be done on the PDC. A Backup Domain -Controller is a machine that maintains a read-only copy of the -SAM. This way it is able to reply to logon requests and authenticate -users in case the PDC is not available. During this time no changes to -the SAM are possible. Whenever changes to the SAM are done on the PDC, -all BDC receive the changes from the PDC.

Since version 2.2 Samba officially supports domain logons for all -current Windows Clients, including Windows 2000 and XP. This text -assumes the domain to be named SAMBA. To be able to act as a PDC, some -parameters in the [global]-section of the smb.conf have to be set:

workgroup = SAMBA
-domain master = yes
-domain logons = yes

Several other things like a [homes] and a [netlogon] share also may be -set along with settings for the profile path, the users home drive and -others. This will not be covered in this document.

What qualifies a Domain Controller on the network?

Every machine that is a Domain Controller for the domain SAMBA has to -register the NetBIOS group name SAMBA#1c with the WINS server and/or -by broadcast on the local network. The PDC also registers the unique -NetBIOS name SAMBA#1b with the WINS server. The name type #1b is -normally reserved for the domain master browser, a role that has -nothing to do with anything related to authentication, but the -Microsoft Domain implementation requires the domain master browser to -be on the same machine as the PDC.

How does a Workstation find its domain controller?

A NT workstation in the domain SAMBA that wants a local user to be -authenticated has to find the domain controller for SAMBA. It does -this by doing a NetBIOS name query for the group name SAMBA#1c. It -assumes that each of the machines it gets back from the queries is a -domain controller and can answer logon requests. To not open security -holes both the workstation and the selected (TODO: How is the DC -chosen) domain controller authenticate each other. After that the -workstation sends the user's credentials (his name and password) to -the domain controller, asking for approval.

When is the PDC needed?

Whenever a user wants to change his password, this has to be done on -the PDC. To find the PDC, the workstation does a NetBIOS name query -for SAMBA#1b, assuming this machine maintains the master copy of the -SAM. The workstation contacts the PDC, both mutually authenticate and -the password change is done.

Can Samba be a Backup Domain Controller?

With version 2.2, no. The native NT SAM replication protocols have -not yet been fully implemented. The Samba Team is working on -understanding and implementing the protocols, but this work has not -been finished for version 2.2.

Can I get the benefits of a BDC with Samba? Yes. The main reason for -implementing a BDC is availability. If the PDC is a Samba machine, -a second Samba machine can be set up to -service logon requests whenever the PDC is down.

How do I set up a Samba BDC?

Several things have to be done:

  • The file private/MACHINE.SID identifies the domain. When a samba -server is first started, it is created on the fly and must never be -changed again. This file has to be the same on the PDC and the BDC, -so the MACHINE.SID has to be copied from the PDC to the BDC.

  • The Unix user database has to be synchronized from the PDC to the -BDC. This means that both the /etc/passwd and /etc/group have to be -replicated from the PDC to the BDC. This can be done manually -whenever changes are made, or the PDC is set up as a NIS master -server and the BDC as a NIS slave server. To set up the BDC as a -mere NIS client would not be enough, as the BDC would not be able to -access its user database in case of a PDC failure.

  • The Samba password database in the file private/smbpasswd has to be -replicated from the PDC to the BDC. This is a bit tricky, see the -next section.

  • Any netlogon share has to be replicated from the PDC to the -BDC. This can be done manually whenever login scripts are changed, -or it can be done automatically together with the smbpasswd -synchronization.

Finally, the BDC has to be found by the workstations. This can be done -by setting

workgroup = samba
-domain master = no
-domain logons = yes

in the [global]-section of the smb.conf of the BDC. This makes the BDC -only register the name SAMBA#1c with the WINS server. This is no -problem as the name SAMBA#1c is a NetBIOS group name that is meant to -be registered by more than one machine. The parameter 'domain master = -no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS -name is reserved for the Primary Domain Controller.

How do I replicate the smbpasswd file?

Replication of the smbpasswd file is sensitive. It has to be done -whenever changes to the SAM are made. Every user's password change is -done in the smbpasswd file and has to be replicated to the BDC. So -replicating the smbpasswd file very often is necessary.

As the smbpasswd file contains plain text password equivalents, it -must not be sent unencrypted over the wire. The best way to set up -smbpasswd replication from the PDC to the BDC is to use the utility -rsync. rsync can use ssh as a transport. ssh itself can be set up to -accept *only* rsync transfer without requiring the user to type a -password.

\ No newline at end of file -- cgit From 7a822527e485303eb1c5b2f8a8d2efd8f836b688 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Oct 2002 15:05:35 +0000 Subject: Fix Makefile.in (use variables instead of directory names, don't try to put files in ../../htmldocs, etc) Add sam.sgml (This used to be commit dfb3ee0bb646557ef911c827a5a68ef9c7833835) --- docs/docbook/Makefile.in | 79 +++++---- docs/docbook/devdoc/dev-doc.sgml | 2 + docs/docbook/devdoc/sam.sgml | 357 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 407 insertions(+), 31 deletions(-) create mode 100644 docs/docbook/devdoc/sam.sgml (limited to 'docs') diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index 499c1742b8..04e1fe87c4 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -38,9 +38,13 @@ HTMLDOC = @HTMLDOC@ SRCDIR = @srcdir@ MANDIR=../manpages HTMLDIR=../htmldocs -MANSGMLDIR = manpages/ -SGMLDIR = projdoc/ +MANPROJDOC = manpages/ +PROJDOC = projdoc/ +DEVDOC = devdoc/ PERL = @PERL@ +PSDIR = .. +PDFDIR = .. +TXTDIR = ../textdocs MANPAGES=$(patsubst %,$(MANDIR)/%,$(MANPAGES_NAMES)) MANPAGES_HTML=$(patsubst %,$(HTMLDIR)/%.html,$(MANPAGES_NAMES)) @@ -55,55 +59,68 @@ all: @echo "html - Build HTML version of HOWTO Collection" @echo "htmlman - Build html version of manpages" @echo "txt - Build plain text version of HOWTO Collection" + @echo "everything - Build all of the above" + +everything: manpages ps pdf html-single html htmlman txt + +# Global rules manpages: $(MANPAGES) -pdf: ../Samba-HOWTO-Collection.pdf ../Samba-Developers-Guide.pdf -ps: ../Samba-HOWTO-Collection.ps ../Samba-Developers-Guide.ps -txt: ../textdocs/Samba-HOWTO-Collection.txt ../textdocs/Samba-Developers-Guide.txt +pdf: $(PDFDIR)/Samba-HOWTO-Collection.pdf ../Samba-Developers-Guide.pdf +ps: $(PSDIR)/Samba-HOWTO-Collection.ps ../Samba-Developers-Guide.ps +txt: $(TXTDIR)/Samba-HOWTO-Collection.txt $(TXTDIR)/Samba-Developers-Guide.txt htmlman: $(MANPAGES_HTML) -html-single: ../$(HTMLDIR)/Samba-HOWTO-Collection.html ../$(HTMLDIR)/Samba-Developers-Guide.html +html-single: $(HTMLDIR)/Samba-HOWTO-Collection.html $(HTMLDIR)/Samba-Developers-Guide.html html: $(DOCBOOK2HTML) -d samba.dsl -o $(HTMLDIR) projdoc/samba-doc.sgml -../Samba-HOWTO-Collection.txt: $(SGMLDIR)/samba-doc.sgml - $(DOCBOOK2TXT) -o .. $< - mv ../samba-doc.txt $@ +# Text files + +$(TXTDIR)/Samba-HOWTO-Collection.txt: $(PROJDOC)/samba-doc.sgml + $(DOCBOOK2TXT) -o . $< + mv ./samba-doc.txt $@ -../Samba-Developers-Guide.txt: $(SGMLDIR)/samba-doc.sgml - $(DOCBOOK2TXT) -o .. $< - mv ../samba-doc.txt $@ +$(TXTDIR)/Samba-Developers-Guide.txt: $(PROJDOC)/samba-doc.sgml + $(DOCBOOK2TXT) -o . $< + mv ./samba-doc.txt $@ -../Samba-HOWTO-Collection.ps: $(SGMLDIR)/samba-doc.sgml - $(DOCBOOK2PS) -o .. $< - mv ../samba-doc.ps $@ +# PostScript -../Samba-Developers-Guide.ps: $(SGMLDIR)/samba-doc.sgml - $(DOCBOOK2PS) -o .. $< - mv ../samba-doc.ps $@ +$(PSDIR)/Samba-HOWTO-Collection.ps: $(PROJDOC)/samba-doc.sgml + $(DOCBOOK2PS) -o . $< + mv ./samba-doc.ps $@ -../Samba-HOWTO-Collection.pdf: ../$(HTMLDIR)/Samba-HOWTO-Collection.html +$(PSDIR)/Samba-Developers-Guide.ps: $(PROJDOC)/samba-doc.sgml + $(DOCBOOK2PS) -o . $< + mv ./samba-doc.ps $@ + +# Adobe PDF files + +$(PDFDIR)/Samba-HOWTO-Collection.pdf: $(HTMLDIR)/Samba-HOWTO-Collection.html $(HTMLDOC) --book --color --links -f $@ $< -../Samba-Developers-Guide.pdf: ../$(HTMLDIR)/Samba-Developers-Guide.html +$(PDFDIR)/Samba-Developers-Guide.pdf: $(HTMLDIR)/Samba-Developers-Guide.html $(HTMLDOC) --book --color --links -f $@ $< -../$(HTMLDIR)/Samba-HOWTO-Collection.html: $(SGMLDIR)/samba-doc.sgml - $(DOCBOOK2HTML) -u -o .. $< - mv ../samba-doc.html $@ +# Single large HTML files + +$(HTMLDIR)/Samba-HOWTO-Collection.html: $(PROJDOC)/samba-doc.sgml + $(DOCBOOK2HTML) -u -o . $< + mv ./samba-doc.html $@ -../$(HTMLDIR)/Samba-Developers-Guide.html: devdoc/dev-doc.sgml - $(DOCBOOK2HTML) -u -o .. $< - mv ../dev-doc.html $@ +$(HTMLDIR)/Samba-Developers-Guide.html: $(DEVDOC)/dev-doc.sgml + $(DOCBOOK2HTML) -u -o . $< + mv ./dev-doc.html $@ -$(HTMLDIR)/%.html: $(MANSGMLDIR)/%.sgml - $(DOCBOOK2HTML) -o $(HTMLDIR) $< - mv $(HTMLDIR)/index.html $@ +$(HTMLDIR)/%.html: $(MANPROJDOC)/%.sgml + $(DOCBOOK2HTML) -o . $< + mv ./index.html $@ -$(MANDIR)/%: $(MANSGMLDIR)/%.sgml +$(MANDIR)/%: $(MANPROJDOC)/%.sgml $(DOCBOOK2MAN) -o $(MANDIR) $< || rm $@ $(PERL) scripts/strip-links.pl < $@ > $@.temp mv $@.temp $@ clean: - rm -f $(MANPAGES) $(MANPAGES_HTML) ../$(HTMLDIR)/*.html ../Samba-HOWTO-Collection.p* ../Samba-Developers-Guide.p* + rm -f $(MANPAGES) $(MANPAGES_HTML) $(HTMLDIR)/*.html $(TXTDIR)/*.txt $(PSDIR)/*.ps $(PDFDIR)/*.pdf diff --git a/docs/docbook/devdoc/dev-doc.sgml b/docs/docbook/devdoc/dev-doc.sgml index 5191ddcb93..2e40997106 100644 --- a/docs/docbook/devdoc/dev-doc.sgml +++ b/docs/docbook/devdoc/dev-doc.sgml @@ -10,6 +10,7 @@ + ]> @@ -62,5 +63,6 @@ url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt diff --git a/docs/docbook/devdoc/sam.sgml b/docs/docbook/devdoc/sam.sgml new file mode 100644 index 0000000000..654bd5fe9c --- /dev/null +++ b/docs/docbook/devdoc/sam.sgml @@ -0,0 +1,357 @@ + + + + + AndrewBartlett + + 1 October 2002 + + +The Upcoming SAM System + + +Security in the 'new SAM' + +One of the biggest problems with passdb is it's implementation of +'security'. Access control is on a 'are you root at the moment' basis, +and it has no concept of NT ACLs. Things like ldapsam had to add +'magic' 'are you root' checks. + +We took this very seriously when we started work, and the new structure +is designed with this in mind, from the ground up. Each call to the SAM +has a NT_TOKEN and (if relevant) an 'access desired'. This is either +provided as a parameter, or implicitly supplied by the object being +accessed. + + +For example, when you call + + +< +NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const +NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, +const char *name, SAM_ACCOUNT_HANDLE **account) + + + +The context can be NULL (and is used to allow import/export by setting +up 2 contexts, and allowing calls on both simultaneously) + + + +The access token *must* be specified. Normally the user's token out of +current_user, this can also be a global 'system' context. + + + +The access desired is as per the ACL, for passing to the seaccess stuff. + + + +The domain/username are standard. Even if we only have one domain, +keeping this ensures that we don't get 'unqualified' usernames (same +problem as we had with unqualified SIDs). + + + +We return a 'handle'. This is opaque to the rest of Samba, but is +operated on by get/set routines, all of which return NTSTATUS. + + + +The access checking is done by the SAM module. The reason it is not +done 'above' the interface is to ensure a 'choke point'. I put a lot of +effort into the auth subsystem to ensure we never 'accidentally' forgot +to check for null passwords, missed a restriction etc. I intend the SAM +to be written with the same caution. + + + +The reason the access checking is not handled by the interface itself is +due to the different implementations it make take on. For example, on +ADS, you cannot set a password over a non-SSL connection. Other +backends may have similar requirements - we need to leave this policy up +to the modules. They will naturally have access to 'helper' procedures +and good examples to avoid mishaps. + + + +(Furthermore, some backends my actually chose to push the whole ACL +issue to the remote server, and - assuming ldap for this example - bind +as the user directly) + + + +Each returned handle has an internal 'access permitted', which allows +the 'get' and 'set' routines to return 'ACCESS_DENIED' for things that +were not able to be retrieved from the backend. This removes the need +to specify the NT_TOKEN on every operation, and allows for 'object not +present' to be easily distinguished from 'access denied'. + + + +When you 'set' an object (calling sam_update_account) the internal +details are again used. Each change that has been made to the object +has been flagged, so as to avoid race conditions (on unmodified +components) and to avoid violating any extra ACL requirements on the +actual data store (like the LDAP server). + + + +Finally, we have generic get_sec_desc() and set_sec_desc() routines to +allow external ACL manipulation. These do lookups based on SID. + + + + + +Standalone from UNIX + + +One of the primary tenants of the 'new SAM' is that it would not attempt +to deal with 'what unix id for that'. This would be left to the 'SMS' +(Sid Mapping System') or SID farm, and probably administered via +winbind. We have had constructive discussion on how 'basic' unix +accounts like 'root' would be handled, and we think this can work. +Accounts not preexisting in unix would be served up via winbind. + + + +This is an *optional* part, and my preferred end-game. We have a fare +way to go before things like winbind up to it however. + + + + + +Handles and Races in the new SAM + + +One of the things that the 'new SAM' work has tried to face is both +compatibility with existing code, and a closer alignment to the SAMR +interface. I consider SAMR to be a 'primary customer' to the this work, +because if we get alignment with that wrong, things get more, rather +than less complex. Also, most other parts of Samba are much more +flexible with what they can allow. + + + +In any case, that was a decision taken as to how the general design +would progress. BTW, my understanding of SAMR may be completely flawed. + + + +One of the most race-prone areas of the new code is the conflicting +update problem. We have taken two approaches: + + + + +'Not conflicting' conflicts. Due to the way usrmgr operates, it will +open a user, display all the properties and *save* them all, even if you +don't change any. + + + +For this, see what I've done in rpc_server/srv_samr_util.c. I intend +to take this one step further, and operate on the 'handle' that the +values were read from. This should mean that we only update things that +have *really* changed. + + + + + +'conflicting' updates: Currently we don't deal with this (in passdb +or the new sam stuff), but the design is sufficiently flexible to 'deny' +a second update. I don't foresee locking records however. + + + + + + + +Layers + + +Application + + +This is where smbd, samtest and whatever end-user replacement we have +for pdbedit sits. They use only the SAM interface, and do not get +'special knowledge' of what is below them. + + + +SAM Interface + + +This level 'owns' the various handle structures, the get/set routines on +those structures and provides the public interface. The application +layer may initialize a 'context' to be passed to all interface routines, +else a default, self-initialising context will be supplied. This layser +finds the appropriate backend module for the task, and tries very hard +not to need to much 'knowledge'. It should just provide the required +abstraction to the modules below, and arrange for their initial loading. + + + +We could possibly add ACL checking at this layer, to avoid discrepancies +in implementation modules. + + + + + +SAM Modules + + +These do not communicate with the application directly, only by setting +values in the handles, and receiving requests from the interface. These +modules are responsible for translating values from the handle's +.private into (say) an LDAP modification list. The module is expected +to 'know' things like it's own domain SID, domain name, and any other +state attached to the SAM. Simpler modules may call back to some helper +routine. + + + + + + +SAM Modules + + +Special Module: sam_passdb + + +In order for there to be a smooth transition, kai is writing a module +that reads existing passdb backends, and translates them into SAM +replies. (Also pulling data from the account policy DB etc). We also +intend to write a module that does the reverse - gives the SAM a passdb +interface. + + + + +sam_ads + +This is the first of the SAM modules to be committed to the tree - +mainly because I needed to coordinate work with metze (who authored most +of it). This module aims to use Samba's libads code to provide an +Active Directory LDAP client, suitable for use on a mixed-mode DC. +While it is currently being tested against Win2k servers (with a +password in the smb.conf file) it is expected to eventually use a +(possibly modified) OpenLDAP server. We hope that this will assist in +the construction of an Samba AD DC. + + + +We also intend to construct a Samba 2.2/3.0 compatible ldap module, +again using libads code. + + + + + +Memory Management + + +The 'new SAM' development effort also concerned itself with getting a +sane implementation of memory management. It was decided that we would +be (as much as possible) talloc based, using an 'internal talloc +context' on many objects. That is, the creation of an object would +initiate it's own internal talloc context, and this would be used for +all operations on that object. Much of this is already implemented in +passdb. Also, like passdb, it will be possible to specify that some +object actually be created on a specified context. + + + +Memory management is important here because the APIs in the 'new SAM' do +not use 'pdb_init()' or an equivalent. They always allocate new +objects. Enumeration's are slightly different, and occur on a supplied +context that 'owns' the entire list, rather than per-element. (the +enumeration functions return an array of all elements - not full handles +just basic (and public) info) Likewise for things that fill in a char +**. + + +For example: + + +NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN +*access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, +uint32 *type) + + +Takes a context to allocate the 'name' on, while: + + +NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const +NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID +*accountsid, SAM_ACCOUNT_HANDLE **account) + + +Allocates a handle and stores the allocation context on that handle. + +I think that the following: + + +NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const +NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, +int32 *account_count, SAM_ACCOUNT_ENUM **accounts) + + + + + +Testing + + +Testing is vital in any piece of software, and Samba is certainly no +exception. In designing this new subsystem, we have taken care to ensure +it is easily tested, independent of outside protocols. + + + +To this end, Jelmer has constructed 'samtest'. + + + +This utility (see torture/samtest.c) is structured like rpcclient, but +instead operates on the SAM subsystem. It creates a 'custom' SAM +context, that may be distinct from the default values used by the rest +of the system, and can load a separate configuration file. + + + +A small number of commands are currently implemented, but these have +already proved vital in testing. I expect SAM module authors will find +it particularly valuable. + + +Example useage: + +$ bin/samtest + + +> context ads:ldap://192.168.1.96 + +(this loads a new context, using the new ADS module. The parameter is +the 'location' of the ldap server) + + + +> lookup_name DOMAIN abartlet + +(returns a sid). + + + +Because the 'new SAM' is NT ACL based, there will be a command to +specify an arbitrary NT ACL, but for now it uses 'system' by default. + + + -- cgit From e6eb2dc3c5abb71282b8dde563e3539a96a5feb1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Oct 2002 17:33:06 +0000 Subject: Add framework for net command manpage - still contains a lot of FIXME's... (This used to be commit 1e7686e5e7952b9b6f0474bace43078d2f6cb871) --- docs/docbook/manpages/net.8.sgml | 286 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 282 insertions(+), 4 deletions(-) (limited to 'docs') diff --git a/docs/docbook/manpages/net.8.sgml b/docs/docbook/manpages/net.8.sgml index 5b822ccfe6..8e777d2afe 100644 --- a/docs/docbook/manpages/net.8.sgml +++ b/docs/docbook/manpages/net.8.sgml @@ -17,6 +17,25 @@ net <ads|rap|rpc> + -h + -w workgroup + -W myworkgroup + -U user + -I ip-address + -p port + -n myname + -s conffile + -S server + -C comment + -M maxusers + -F flags + -j jobid + -l + -r + -f + -t timeout + -P + -D debuglevel @@ -26,25 +45,284 @@ This tool is part of the Samba suite. - + The samba net utility is meant to work just like the net utility + available for windows and DOS. + FIXME + OPTIONS - + + + -h + + Display summary of all available options. + + + + + + -w target-workgroup + + Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server. + + + + + -W workgroup + + Sets client workgroup or domain + + + + + -U user + + User name to use + + + + + -I ip-address + + IP address of target server to use. You have to specify either this option or a target workgroup or a target server. + + + + + -p port + + Port on the target server to connect to. + + + + + -n myname + + Sets name of the client. + + + + + -s conffile + + Specify alternative configuration file that should be loaded. + + + + + -S server + + Name of target server. You should specify either this option or a target workgroup or a target IP address. + + + + + -C comment + + FIXME + + + + -M maxusers + + FIXME + + + + + -F flags + + FIXME + + + + + -j jobid + + FIXME + + + + + -l + + FIXME + + + + + -r + + FIXME + + + + + -f + + FIXME + + + + + -t timeout + + FIXME + + + + + -P + + Make queries to the external server using the machine account of the local server. + + + + + -D debuglevel + set the debuglevel. Debug level 0 is the lowest + and 100 being the highest. This should be set to 100 if you are + planning on submitting a bug report to the Samba team (see + BUGS.txt). + + + - COMMANDS + TIME + + The NET TIME command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server. + + + + + Without any options, the NET TIME command + displays the time on the remote server. + + - + + SYSTEM + + Displays the time on the remote server in a format ready for /bin/date + + + + SET + + Tries to set the date and time of the local server to that on + the remote server using /bin/date. + + + + + ZONE + + Displays the timezone in hours from GMT on the remote computer. + + + + + RPC + + The NET RPC command allows you to do various + NT4 operations. + + + + JOIN -U username[%password] [options] + + Join a domain with specified username and password. Password + will be prompted if none is specified. + + + + + JOIN [options except -U] + + to join a domain created in server manager + + + + + USER [misc. options] [targets] + + List users + + + + + USER DELETE <name> [misc options] + + delete specified user + + + + + USER INFO <name> [misc options] + + list the domain groups of the specified user + + + + + USER ADD <name> [password] [-F user flags] [misc. options + + Add specified user + + + + + GROUP [misc options] [targets] + + List user groups + + + + + GROUP DELETE <name> [misc. options] [targets] + + Delete specified group + + + + + GROUP ADD <name> [-C comment] + + Create specified group + + + + + SHARE [misc. options] [targets] + + enumerates all exported resources (network shares) on target server + + + + + SHARE ADD <name=serverpath> [misc. options] [targets] + + Adds a share from a server (makes the export active) + + + + + SHARE DELETE <sharenam + + + VERSION -- cgit From 2646df5691979d4a92acfe7664187fcacf734574 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Oct 2002 18:43:25 +0000 Subject: Remove deprecated smb.conf options that were still in smb.conf.5: domain admin group domain guest group use rhosts status (This used to be commit 475594a43938aaace7868b4fadc50d571ce18414) --- docs/docbook/manpages/smb.conf.5.sgml | 91 +---------------------------------- 1 file changed, 2 insertions(+), 89 deletions(-) (limited to 'docs') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index c0893f1005..8cb40e2284 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -630,8 +630,6 @@ disable spoolss display charset dns proxy - domain admin group - domain guest group domain logons domain master dos charset @@ -762,7 +760,6 @@ unix password sync update encrypted use mmap - use rhosts username level username map utmp @@ -897,7 +894,6 @@ set directory share modes short preserve case - status strict allocate strict locking strict sync @@ -2291,53 +2287,6 @@ - - - domain admin group (G) - This parameter is intended as a temporary solution - to enable users to be a member of the "Domain Admins" group when - a Samba host is acting as a PDC. A complete solution will be provided - by a system for mapping Windows NT/2000 groups onto UNIX groups. - Please note that this parameter has a somewhat confusing name. It - accepts a list of usernames and of group names in standard - smb.conf notation. - - - See also domain - guest group, domain - logons - - - Default: no domain administrators - Example: domain admin group = root @wheel - - - - - - - - domain guest group (G) - This parameter is intended as a temporary solution - to enable users to be a member of the "Domain Guests" group when - a Samba host is acting as a PDC. A complete solution will be provided - by a system for mapping Windows NT/2000 groups onto UNIX groups. - Please note that this parameter has a somewhat confusing name. It - accepts a list of usernames and of group names in standard - smb.conf notation. - - - See also domain - admin group, domain - logons - - - Default: no domain guests - Example: domain guest group = nobody @guest - - - - domain logons (G) If set to true, the Samba server will serve @@ -5849,7 +5798,7 @@ - preload + preload (G) This is a list of services that you want to be automatically added to the browse lists. This is most useful for homes and printers services that would otherwise not be @@ -7257,22 +7206,6 @@ - - status (G) - This enables or disables logging of connections - to a status file that smbstatus(1) - can read. - - With this disabled smbstatus won't be able - to tell you what connections are active. You should never need to - change this parameter. - - Default: status = yes - - - - - strict allocate (S) This is a boolean that controls the handling of @@ -7635,26 +7568,6 @@ - - use rhosts (G) - If this global parameter is true, it specifies - that the UNIX user's .rhosts file in their home directory - will be read to find the names of hosts and users who will be allowed - access without specifying a password. - - NOTE: The use of use rhosts - can be a major security hole. This is because you are - trusting the PC to supply the correct username. It is very easy to - get a PC to supply a false username. I recommend that the - use rhosts option be only used if you really know what - you are doing. - - Default: use rhosts = no - - - - - user (S) Synonym for @@ -8199,7 +8112,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ winbind use default domain - winbind use default domain + winbind use default domain (G) This parameter specifies whether the winbindd(8) daemon should operate on users without domain component in their username. -- cgit From 8ab937c344e153c918097156229374f9a2fdc4fe Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Oct 2002 19:26:18 +0000 Subject: Add initial version of new FAQ (This used to be commit 9e61533b20e1dea815d467cfc0a09d5cb4fe8d14) --- docs/docbook/faq/README.NOW | 2 - docs/docbook/faq/sambafaq.sgml | 538 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 538 insertions(+), 2 deletions(-) delete mode 100644 docs/docbook/faq/README.NOW create mode 100644 docs/docbook/faq/sambafaq.sgml (limited to 'docs') diff --git a/docs/docbook/faq/README.NOW b/docs/docbook/faq/README.NOW deleted file mode 100644 index 77f1659a89..0000000000 --- a/docs/docbook/faq/README.NOW +++ /dev/null @@ -1,2 +0,0 @@ -The files previously in this directory have been incorporated -into the Samba-HOWTO-Collection diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml new file mode 100644 index 0000000000..003db97aca --- /dev/null +++ b/docs/docbook/faq/sambafaq.sgml @@ -0,0 +1,538 @@ + + + + + + Samba Team + October 2002 + + +Samba FAQ + +<abstract> +This is the Frequently Asked Questions (FAQ) document for +Samba, the free and very popular SMB server product. An SMB server +allows file and printer connections from clients such as Windows, +OS/2, Linux and others. Current to version 3.0. Please send any +corrections to the samba documentation mailinglist at +<ulink url="mailto:samba-doc@samba.org">samba-doc@samba.org</ulink>. +This FAQ is based on the old Samba FAQ by Dan Shearer and Paul Blackman. +</abstract> + +<chapter> +<title>General Information + + +Where can I get it?

-

1. What is Samba?

- -

- -

-

See the -meta FAQ introduction if you don't have any idea what Samba does.

-

Samba has many features that are not supported in other CIFS and SMB -implementations, all of which are commercial. It approaches some -problems from a different angle.

-

Some of its features include: -

    -
  • extremely dynamic runtime configuration
    • -
  • host as well as username/password security
    • -
  • scriptable SMB client
    • -
  • automatic home directory exporting
    • -
  • automatic printer exporting
    • -
  • intelligent dead connection timeouts
    • -
  • guest connections
    • -
-

-

Look at the -manual pages included with the package for a full list of -features. The components of the suite are (in summary):

-

-

- -
smbd

the SMB server. This handles actual connections from clients, -doing all the interfacing with the -authentication database for file, permission and username work.

- -
nmbd

the NetBIOS name server, which helps clients locate servers, -maintaining the -authentication database doing the browsing work and managing -domains as this capability is being built into Samba.

- -
smbclient

the scriptable commandline SMB client program. -Useful for automated work, printer filters and testing purposes. It is -more CIFS-compliant than most commercial implementations. Note that this -is not a filesystem. The Samba team does not supply a network filesystem -driver, although the smbfs filesystem for Linux is derived from -smbclient code.

- -
smbrun

a little 'glue' program to help the server run -external programs.

- -
testprns

a program to test server access to printers

- -
testparms

a program to test the Samba configuration file -for correctness

- -
smb.conf

the Samba configuration file

- -
examples

many examples have been put together for the different -operating systems that Samba supports.

- -
Documentation!

DON'T neglect to read it - you will save a great -deal of time!

- -
-

- -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-Server-FAQ-2.html b/docs/faq/Samba-Server-FAQ-2.html deleted file mode 100644 index 37a3983399..0000000000 --- a/docs/faq/Samba-Server-FAQ-2.html +++ /dev/null @@ -1,500 +0,0 @@ - - - Samba Server FAQ: How do I get the CIFS, SMB and NetBIOS protocols? - - -Previous -Next -Table of Contents -
-

2. How do I get the CIFS, SMB and NetBIOS protocols?

- -

- -

-

See the -meta FAQ on CIFS and SMB if you don't have any idea what these protocols are.

-

CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. -.....

-

nmbd speaks a limited amount of CIFS (...) but is mostly concerned with -NetBIOS. NetBIOS is ....

-

RFC1001, RFC1002 ...

-

So, provided you have got Samba correctly installed and running you have -all three of these protocols. Some operating systems already come with -stacks for all or some of these, such as SCO Unix, OS/2 and ... In this -case you must ...

- -

2.1 What server operating systems are supported?

- -

- -

-

At the last count, Samba runs on about 40 operating systems! This -section looks at general questions about running Samba on the different -platforms. Issues specific to particular operating systems are dealt -with in elsewhere in this document.

-

Many of the ports have been done by people outside the Samba team keen -to get the advantages of Samba. The Samba team is currently trying to -bring as many of these ports as possible into the main source tree and -integrate the documentation. Samba is an integration tool, and so it has -been made as easy as possible to port. The platforms most widely used -and thus best tested are Linux and SunOS.

-

This migration has not been completed yet. This means that some -documentation is on web sites ...

-

There are two main families of Samba ports, Unix and other. The Unix -ports cover anything that remotely resembles Unix and includes some -extremely old products as well as best-sellers, tiny PCs to massive -multiprocessor machines supporting hundreds of thousands of users. Samba -has been run on more than 30 Unix and Unix-like operating systems.

- -

Running Samba on a Unix or Unix-like system

- -

- -

-

-../UNIX-SMB.txt describes some of the issues that confront a -SMB implementation on unix, and how Samba copes with them. They may help -people who are looking at unix<->PC interoperability.

-

There is great variation between Unix implementations, especially those -not adhering to the Common Unix Specification agreed to in 1996. Things -that can be quite tricky are .....

-

There are also some considerable advantages conferred on Samba running -under Unix compared to, say, Windows NT or LAN Server. Unix has ...

-

At time of writing, the Makefile claimed support for: -

    -
  • A/UX 3.0
    • -
  • AIX
    • -
  • Altos Series 386/1000
    • -
  • Amiga
    • -
  • Apollo Domain/OS sr10.3
    • -
  • BSDI
    • -
  • B.O.S. (Bull Operating System)
    • -
  • Cray, Unicos 8.0
    • -
  • Convex
    • -
  • DGUX.
    • -
  • DNIX.
    • -
  • FreeBSD
    • -
  • HP-UX
    • -
  • Intergraph.
    • -
  • Linux with/without shadow passwords and quota
    • -
  • LYNX 2.3.0
    • -
  • MachTen (a unix like system for Macintoshes)
    • -
  • Motorola 88xxx/9xx range of machines
    • -
  • NetBSD
    • -
  • NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
    • -
  • OS/2 using EMX 0.9b
    • -
  • OSF1
    • -
  • QNX 4.22
    • -
  • RiscIX.
    • -
  • RISCOs 5.0B
    • -
  • SEQUENT.
    • -
  • SCO (including: 3.2v2, European dist., OpenServer 5)
    • -
  • SGI.
    • -
  • SMP_DC.OSx v1.1-94c079 on Pyramid S series
    • -
  • SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
    • -
  • SUNOS 4
    • -
  • SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
    • -
  • Sunsoft ISC SVR3V4
    • -
  • SVR4
    • -
  • System V with some berkely extensions (Motorola 88k R32V3.2).
    • -
  • ULTRIX.
    • -
  • UNIXWARE
    • -
  • UXP/DS
    • -
-

- - -

Running Samba on systems unlike Unix

- -

- -

-

More recently Samba has been ported to a number of operating systems -which can provide a BSD Unix-like implementation of TCP/IP sockets. -These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, -Windows NT and several others are being worked on but not yet available -for use.

-

Home pages for these ports are:

-

...

- - -

2.2 Exporting server resources with Samba

- -

- -

-

Files, printers, CD ROMs and other local devices. Network devices, -including networked filesystems and remote printer queues. Other devices -such as ....

-

1.4) Configuring SHARES -1.4.1) Homes service -1.4.2) Public services -1.4.3) Application serving -1.4.4) Team sharing a Samba resource

-

1.5) Printer configuration -1.5.1) Berkeley LPR/LPD systems -1.5.2) ATT SysV lp systems -1.5.3) Using a private printcap file -1.5.4) Use of the smbprint utility -1.5.5) Printing from Windows to Unix -1.5.6) Printing from Unix to Windows

- - -

2.3 Name Resolution and Browsing

- -

- -

-

See also -../BROWSING.txt

-

1.6) Name resolution issues -1.6.1) LMHOSTS file and when to use it -1.6.2) configuring WINS (support, server, proxy) -1.6.3) configuring DNS proxy

-

1.7) Problem Diagnosis -1.8) What NOT to do!!!!

-

3.2) Browse list managment -3.3) Name resolution mangement

- - - -

2.4 Handling SMB Encryption

- -

- -

-

SMB encryption is ...

-

...in -../ENCRYPTION.txt there is...

-

Samba compiled with libdes - enabling encrypted passwords

- - -

Laws in different countries affecting Samba

- -

- -

- -

Relationship between encryption and Domain Authentication

- - - - -

2.5 Files and record locking 3.1.1) Old DOS clients 3.1.2) Opportunistic locking and the consequences 3.1.3) Files caching under Windows for Workgroups, Win95 and NT Some of the foregoing links into Client-FAQ

- - -

2.6 Managing Samba Log files

- -

- -

- - -

2.7 I can't see the Samba server in any browse lists!

- -

- - -See -BROWSING.txt -for more information on browsing. Browsing.txt can also be found -in the docs directory of the Samba source.

-

If your GUI client does not permit you to select non-browsable -servers, you may need to do so on the command line. For example, under -Lan Manager you might connect to the above service as disk drive M: -thusly: -

-
-   net use M: \\mary\fred
-
-
- -The details of how to do this and the specific syntax varies from -client to client - check your client's documentation.

- - -

2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client!

- -

- - -See the next question.

- - -

2.9 Some files on the server show up with really wierd filenames when I view the files from my client!

- -

- - -If you check what files are not showing up, you will note that they -are files which contain upper case letters or which are otherwise not -DOS-compatible (ie, they are not legal DOS filenames for some reason).

-

The Samba server can be configured either to ignore such files -completely, or to present them to the client in "mangled" form. If you -are not seeing the files at all, the Samba server has most likely been -configured to ignore them. Consult the man page smb.conf(5) for -details of how to change this - the parameter you need to set is -"mangled names = yes".

- - -

2.10 My client reports "cannot locate specified computer" or similar

- -

- - -This indicates one of three things: You supplied an incorrect server -name, the underlying TCP/IP layer is not working correctly, or the -name you specified cannot be resolved.

-

After carefully checking that the name you typed is the name you -should have typed, try doing things like pinging a host or telnetting -to somewhere on your network to see if TCP/IP is functioning OK. If it -is, the problem is most likely name resolution.

-

If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Man Manager -or Windows for Workgroups you would put a suitable entry in the file -LMHOSTS. If this works, the problem is in the communication between -your client and the netbios name server. If it does not work, then -there is something fundamental wrong with your naming and the solution -is beyond the scope of this document.

-

If you do not have any server on your subnet supplying netbios name -resolution, hardcoded mappings are your only option. If you DO have a -netbios name server running (such as the Samba suite's nmbd program), -the problem probably lies in the way it is set up. Refer to Section -Two of this FAQ for more ideas.

-

By the way, remember to REMOVE the hardcoded mapping before further -tests :-)

- - -

2.11 My client reports "cannot locate specified share name" or similar

- -

- - -This message indicates that your client CAN locate the specified -server, which is a good start, but that it cannot find a service of -the name you gave.

-

The first step is to check the exact name of the service you are -trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's doco on how -to specify a service name correctly), read on:

-

-

    -
  • Many clients cannot accept or use service names longer than eight characters.
    • -
  • Many clients cannot accept or use service names containing spaces.
    • -
  • Some servers (not Samba though) are case sensitive with service names.
    • -
  • Some clients force service names into upper case.
    • -
-

- - -

2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar

- -

- - -Nothing is wrong - Samba does not implement the primary domain name -controller stuff for several reasons, including the fact that the -whole concept of a primary domain controller and "logging in to a -network" doesn't fit well with clients possibly running on multiuser -machines (such as users of smbclient under Unix). Having said that, -several developers are working hard on building it in to the next -major version of Samba. If you can contribute, send a message to -samba@samba.org !

-

Seeing this message should not affect your ability to mount redirected -disks and printers, which is really what all this is about.

-

For many clients (including Windows for Workgroups and Lan Manager), -setting the domain to STANDALONE at least gets rid of the message.

- - -

2.13 Printing doesn't work :-(

- -

- -

-

Make sure that the specified print command for the service you are -connecting to is correct and that it has a fully-qualified path (eg., -use "/usr/bin/lpr" rather than just "lpr", if you happen to be using -Unix).

-

Make sure that the spool directory specified for the service is -writable by the user connected to the service.

-

Make sure that the user specified in the service is permitted to use -the printer.

-

Check the debug log produced by smbd. Search for the printer name and -see if the log turns up any clues. Note that error messages to do with -a service ipc$ are meaningless - they relate to the way the client -attempts to retrieve status information when using the LANMAN1 -protocol.

-

If using WfWg then you need to set the default protocol to TCP/IP, not -Netbeui. This is a WfWg bug.

-

If using the Lanman1 protocol (the default) then try switching to -coreplus. Also not that print status error messages don't mean -printing won't work. The print status is received by a different -mechanism.

- - -

2.14 My programs install on the server OK, but refuse to work properly

- -

- - -There are numerous possible reasons for this, but one MAJOR -possibility is that your software uses locking. Make sure you are -using Samba 1.6.11 or later. It may also be possible to work around -the problem by setting "locking=no" in the Samba configuration file -for the service the software is installed on. This should be regarded -as a strictly temporary solution.

-

In earlier Samba versions there were some difficulties with the very -latest Microsoft products, particularly Excel 5 and Word for Windows -6. These should have all been solved. If not then please let Andrew -Tridgell know via email at -samba@samba.org.

- - -

2.15 My "server string" doesn't seem to be recognised

- -

- - -OR My client reports the default setting, eg. "Samba 1.9.15p4", instead -of what I have changed it to in the smb.conf file.

-

You need to use the -C option in nmbd. The "server string" affects -what smbd puts out and -C affects what nmbd puts out.

-

Current versions of Samba (1.9.16 +) have combined these options into -the "server string" field of smb.conf, -C for nmbd is now obsolete.

- - -

2.16 My client reports "This server is not configured to list shared resources"

- -

- - -Your guest account is probably invalid for some reason. Samba uses the -guest account for browsing in smbd. Check that your guest account is -valid.

-

See also 'guest account' in smb.conf man page.

- - -

2.17 Issues specific to Unix and Unix-like systems

- -

- -

- -

Printing doesn't work with my Unix Samba server

- -

- -

-

The user "nobody" often has problems with printing, even if it worked -with an earlier version of Samba. Try creating another guest user other -than "nobody".

- -

Log message "you appear to have a trapdoor uid system"

- -

- - -This can have several causes. It might be because you are using a uid -or gid of 65535 or -1. This is a VERY bad idea, and is a big security -hole. Check carefully in your /etc/passwd file and make sure that no -user has uid 65535 or -1. Especially check the "nobody" user, as many -broken systems are shipped with nobody setup with a uid of 65535.

-

It might also mean that your OS has a trapdoor uid/gid system :-)

-

This means that once a process changes effective uid from root to -another user it can't go back to root. Unfortunately Samba relies on -being able to change effective uid from root to non-root and back -again to implement its security policy. If your OS has a trapdoor uid -system this won't work, and several things in Samba may break. Less -things will break if you use user or server level security instead of -the default share level security, but you may still strike -problems.

-

The problems don't give rise to any security holes, so don't panic, -but it does mean some of Samba's capabilities will be unavailable. -In particular you will not be able to connect to the Samba server as -two different uids at once. This may happen if you try to print as a -"guest" while accessing a share as a normal user. It may also affect -your ability to list the available shares as this is normally done as -the guest user.

-

Complain to your OS vendor and ask them to fix their system.

-

Note: the reason why 65535 is a VERY bad choice of uid and gid is that -it casts to -1 as a uid, and the setreuid() system call ignores (with -no error) uid changes to -1. This means any daemon attempting to run -as uid 65535 will actually run as root. This is not good!

- - -

2.18 Issues specific to IBM OS/2 systems

- -

- -

-

-Samba for OS/2

- - -

2.19 Issues specific to IBM MVS systems

- -

- -

-

-Samba for OS/390 MVS

- - -

2.20 Issues specific to Digital VMS systems

- -

- -

- - -

2.21 Issues specific to Amiga systems

- -

- -

-

-Samba for Amiga

-

There is a mailing list for Samba on the Amiga.

-

Subscribing.

-

Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe -in the message. The list server will use the address in the Reply-To: or -From: header field, in that order.

-

Unsubscribing.

-

Send an email to rask-samba-request@kampsax.dtu.dk with the word -unsubscribe in the message. The list server will use the address in the -Reply-To: or From: header field, in that order. If you are unsure which -address you are subscribed with, look at the headers. You should see a -"From " (no colon) or Return-Path: header looking something like

-

rask-samba-owner-myname=my.domain@kampsax.dtu.dk

-

where myname=my.domain gives you the address myname@my.domain. This also -means that I will always be able to find out which address is causing -bounces, for example. -List archive.

-

Messages sent to the list are archived in HTML. See the mailing list home -page at -http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/

- - -

2.22 Issues specific to Novell IntraNetware systems

- -

- -

- - -

2.23 Issues specific to Stratus VOS systems

- -

- -

-

-Samba for Stratus VOS

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-Server-FAQ.html b/docs/faq/Samba-Server-FAQ.html deleted file mode 100644 index 2abfe50db6..0000000000 --- a/docs/faq/Samba-Server-FAQ.html +++ /dev/null @@ -1,88 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Samba Server FAQ - - -Previous -Next -Table of Contents -
-

Samba Server FAQ

- -

Dan Shearer & Paul Blackman, ictinus@samba.org

v 0.3, 7 Oct '97 -

This is the Server Frequently Asked Questions (FAQ) -document for Samba, the free and very popular SMB and CIFS server -product. A general -meta FAQ -exists and also a companion -Client FAQ, together with more detailed HOWTO documents on -topics to do with Samba software. This is current to Samba version -1.9.17. Please send any corrections to the author.

-

-

1. What is Samba?

- -

-

2. How do I get the CIFS, SMB and NetBIOS protocols?

- - - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml deleted file mode 100644 index 8f57e73aa3..0000000000 --- a/docs/faq/Samba-Server-FAQ.sgml +++ /dev/null @@ -1,407 +0,0 @@ - - - - -
- - Samba Server FAQ - -<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt> - -<date>v 0.3, 7 Oct '97 - -<abstract> This is the <em>Server</em> Frequently Asked Questions (FAQ) -document for Samba, the free and very popular SMB and CIFS server -product. A general <url url="Samba-meta-FAQ.html" name="meta FAQ"> -exists and also a companion <url url="Samba-Client-FAQ.html" -name="Client FAQ">, together with more detailed HOWTO documents on -topics to do with Samba software. This is current to Samba version -1.9.17. Please send any corrections to the author. - -</abstract> - -<toc> - -<sect>What is Samba?<p><label id="WhatIsSamba"> - -See the <url url="Samba-meta-FAQ.html#introduction" name="meta FAQ -introduction"> if you don't have any idea what Samba does. - -Samba has many features that are not supported in other CIFS and SMB -implementations, all of which are commercial. It approaches some -problems from a different angle. - -Some of its features include: -<itemize> -<item>extremely dynamic runtime configuration -<item>host as well as username/password security -<item>scriptable SMB client -<item>automatic home directory exporting -<item>automatic printer exporting -<item>intelligent dead connection timeouts -<item>guest connections -</itemize> - -Look at the <url url="samba-man-index.html" name="manual pages"> included with the package for a full list of -features. The components of the suite are (in summary): - -<descrip> - -<tag/smbd/ the SMB server. This handles actual connections from clients, -doing all the interfacing with the <url -url="Samba-meta-FAQ.html#DomainModeSecurity" name="authentication -database"> for file, permission and username work. - -<tag/nmbd/ the NetBIOS name server, which helps clients locate servers, -maintaining the <url url="Samba-meta-FAQ.html#BrowseAndDomainDefs" -name="authentication database"> doing the browsing work and managing -domains as this capability is being built into Samba. - -<tag/smbclient/ the scriptable commandline SMB client program. -Useful for automated work, printer filters and testing purposes. It is -more CIFS-compliant than most commercial implementations. Note that this -is not a filesystem. The Samba team does not supply a network filesystem -driver, although the smbfs filesystem for Linux is derived from -smbclient code. - -<tag/smbrun/ a little 'glue' program to help the server run -external programs. - -<tag/testprns/ a program to test server access to printers - -<tag/testparms/ a program to test the Samba configuration file -for correctness - -<tag/smb.conf/ the Samba configuration file - -<tag/examples/ many examples have been put together for the different -operating systems that Samba supports. - -<tag/Documentation!/ DON'T neglect to read it - you will save a great -deal of time! - -</descrip> - -<sect>How do I get the CIFS, SMB and NetBIOS protocols?<p><label id="ServerProtocols"> - -See the <url url="Samba-meta-FAQ.html#CifsSmb" name="meta FAQ -on CIFS and SMB"> if you don't have any idea what these protocols are. - -CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. -[.....] - -nmbd speaks a limited amount of CIFS (...) but is mostly concerned with -NetBIOS. NetBIOS is [....] - -RFC1001, RFC1002 [...] - -So, provided you have got Samba correctly installed and running you have -all three of these protocols. Some operating systems already come with -stacks for all or some of these, such as SCO Unix, OS/2 and [...] In this -case you must [...] - -<sect1>What server operating systems are supported?<p><label id="PortInfo"> - -At the last count, Samba runs on about 40 operating systems! This -section looks at general questions about running Samba on the different -platforms. Issues specific to particular operating systems are dealt -with in elsewhere in this document. - -Many of the ports have been done by people outside the Samba team keen -to get the advantages of Samba. The Samba team is currently trying to -bring as many of these ports as possible into the main source tree and -integrate the documentation. Samba is an integration tool, and so it has -been made as easy as possible to port. The platforms most widely used -and thus best tested are Linux and SunOS. - -This migration has not been completed yet. This means that some -documentation is on web sites [...] - -There are two main families of Samba ports, Unix and other. The Unix -ports cover anything that remotely resembles Unix and includes some -extremely old products as well as best-sellers, tiny PCs to massive -multiprocessor machines supporting hundreds of thousands of users. Samba -has been run on more than 30 Unix and Unix-like operating systems. - -<sect2>Running Samba on a Unix or Unix-like system<p><label id="OnUnix"> - -<url url="../UNIX-SMB.txt"> describes some of the issues that confront a -SMB implementation on unix, and how Samba copes with them. They may help -people who are looking at unix<->PC interoperability. - -There is great variation between Unix implementations, especially those -not adhering to the Common Unix Specification agreed to in 1996. Things -that can be quite tricky are [.....] - -There are also some considerable advantages conferred on Samba running -under Unix compared to, say, Windows NT or LAN Server. Unix has [...] - -At time of writing, the Makefile claimed support for: -<itemize> -<item> A/UX 3.0 -<item> AIX -<item> Altos Series 386/1000 -<item> Amiga -<item> Apollo Domain/OS sr10.3 -<item> BSDI -<item> B.O.S. (Bull Operating System) -<item> Cray, Unicos 8.0 -<item> Convex -<item> DGUX. -<item> DNIX. -<item> FreeBSD -<item> HP-UX -<item> Intergraph. -<item> Linux with/without shadow passwords and quota -<item> LYNX 2.3.0 -<item> MachTen (a unix like system for Macintoshes) -<item> Motorola 88xxx/9xx range of machines -<item> NetBSD -<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). -<item> OS/2 using EMX 0.9b -<item> OSF1 -<item> QNX 4.22 -<item> RiscIX. -<item> RISCOs 5.0B -<item> SEQUENT. -<item> SCO (including: 3.2v2, European dist., OpenServer 5) -<item> SGI. -<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series -<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) -<item> SUNOS 4 -<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') -<item> Sunsoft ISC SVR3V4 -<item> SVR4 -<item> System V with some berkely extensions (Motorola 88k R32V3.2). -<item> ULTRIX. -<item> UNIXWARE -<item> UXP/DS -</itemize> - - -<sect2>Running Samba on systems unlike Unix<p><label id="OnUnlikeUnix"> - -More recently Samba has been ported to a number of operating systems -which can provide a BSD Unix-like implementation of TCP/IP sockets. -These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, -Windows NT and several others are being worked on but not yet available -for use. - -Home pages for these ports are: - -[... ] - -<sect1>Exporting server resources with Samba<p><label id="Exporting"> - -Files, printers, CD ROMs and other local devices. Network devices, -including networked filesystems and remote printer queues. Other devices -such as [....] - - 1.4) Configuring SHARES - 1.4.1) Homes service - 1.4.2) Public services - 1.4.3) Application serving - 1.4.4) Team sharing a Samba resource - - 1.5) Printer configuration - 1.5.1) Berkeley LPR/LPD systems - 1.5.2) ATT SysV lp systems - 1.5.3) Using a private printcap file - 1.5.4) Use of the smbprint utility - 1.5.5) Printing from Windows to Unix - 1.5.6) Printing from Unix to Windows - -<sect1>Name Resolution and Browsing<p><label id="NameBrowsing"> - -See also <url url="../BROWSING.txt"> - - 1.6) Name resolution issues - 1.6.1) LMHOSTS file and when to use it - 1.6.2) configuring WINS (support, server, proxy) - 1.6.3) configuring DNS proxy - - 1.7) Problem Diagnosis - 1.8) What NOT to do!!!! - - 3.2) Browse list managment - 3.3) Name resolution mangement - - -<sect1>Handling SMB Encryption<p><label id="SMBEncryptionSteps"> - -SMB encryption is ... - -...in <url url="../ENCRYPTION.txt"> there is... - -Samba compiled with libdes - enabling encrypted passwords - - -<sect2>Laws in different countries affecting Samba<p><label id="CryptoLaws"> - -<sect2>Relationship between encryption and Domain Authentication<p> - -<sect1> Files and record locking - - 3.1.1) Old DOS clients - 3.1.2) Opportunistic locking and the consequences - 3.1.3) Files caching under Windows for Workgroups, Win95 and NT - - Some of the foregoing links into Client-FAQ - -<sect1>Managing Samba Log files<p><label id="LogFiles"> - -<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> - See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt"> - for more information on browsing. Browsing.txt can also be found - in the docs directory of the Samba source. - -If your GUI client does not permit you to select non-browsable -servers, you may need to do so on the command line. For example, under -Lan Manager you might connect to the above service as disk drive M: -thusly: -<tscreen><verb> - net use M: \\mary\fred -</verb></tscreen> -The details of how to do this and the specific syntax varies from -client to client - check your client's documentation. - -<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> -See the next question. - -<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> -If you check what files are not showing up, you will note that they -are files which contain upper case letters or which are otherwise not -DOS-compatible (ie, they are not legal DOS filenames for some reason). - -The Samba server can be configured either to ignore such files -completely, or to present them to the client in "mangled" form. If you -are not seeing the files at all, the Samba server has most likely been -configured to ignore them. Consult the man page smb.conf(5) for -details of how to change this - the parameter you need to set is -"mangled names = yes". - -<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> -This indicates one of three things: You supplied an incorrect server -name, the underlying TCP/IP layer is not working correctly, or the -name you specified cannot be resolved. - -After carefully checking that the name you typed is the name you -should have typed, try doing things like pinging a host or telnetting -to somewhere on your network to see if TCP/IP is functioning OK. If it -is, the problem is most likely name resolution. - -If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Lan Manager -or Windows for Workgroups you would put a suitable entry in the file -LMHOSTS. If this works, the problem is in the communication between -your client and the netbios name server. If it does not work, then -there is something fundamental wrong with your naming and the solution -is beyond the scope of this document. - -If you do not have any server on your subnet supplying netbios name -resolution, hardcoded mappings are your only option. If you DO have a -netbios name server running (such as the Samba suite's nmbd program), -the problem probably lies in the way it is set up. Refer to Section -Two of this FAQ for more ideas. - -By the way, remember to REMOVE the hardcoded mapping before further -tests :-) - -<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> -This message indicates that your client CAN locate the specified -server, which is a good start, but that it cannot find a service of -the name you gave. - -The first step is to check the exact name of the service you are -trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's docs on how -to specify a service name correctly), read on: - -<itemize> -<item> Many clients cannot accept or use service names longer than eight characters. -<item> Many clients cannot accept or use service names containing spaces. -<item> Some servers (not Samba though) are case sensitive with service names. -<item> Some clients force service names into upper case. -</itemize> - -<sect1>Printing doesn't work :-(<p> <label id="no_printing"> - -Make sure that the specified print command for the service you are -connecting to is correct and that it has a fully-qualified path (eg., -use "/usr/bin/lpr" rather than just "lpr", if you happen to be using -Unix). - -Make sure that the spool directory specified for the service is -writable by the user connected to the service. - -Make sure that the user specified in the service is permitted to use -the printer. - -Check the debug log produced by smbd. Search for the printer name and -see if the log turns up any clues. Note that error messages to do with -a service ipc$ are meaningless - they relate to the way the client -attempts to retrieve status information when using the LANMAN1 -protocol. - -If using WfWg then you need to set the default protocol to TCP/IP, not -Netbeui. This is a WfWg bug. - -If using the Lanman1 protocol (the default) then try switching to -coreplus. Also not that print status error messages don't mean -printing won't work. The print status is received by a different -mechanism. - -<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> -Your guest account is probably invalid for some reason. Samba uses the -guest account for browsing in smbd. Check that your guest account is -valid. - -See also 'guest account' in smb.conf man page. - -<sect1>Issues specific to Unix and Unix-like systems<p><label id="UnixIssues"> - -<sect2>Printing doesn't work with my Unix Samba server<p> <label id="no_printing"> - -The user "nobody" often has problems with printing, even if it worked -with an earlier version of Samba. Try creating another guest user other -than "nobody". - -<sect2>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> -This can have several causes. It might be because you are using a uid -or gid of 65535 or -1. This is a VERY bad idea, and is a big security -hole. Check carefully in your /etc/passwd file and make sure that no -user has uid 65535 or -1. Especially check the "nobody" user, as many -broken systems are shipped with nobody setup with a uid of 65535. - -It might also mean that your OS has a trapdoor uid/gid system :-) - -This means that once a process changes effective uid from root to -another user it can't go back to root. Unfortunately Samba relies on -being able to change effective uid from root to non-root and back -again to implement its security policy. If your OS has a trapdoor uid -system this won't work, and several things in Samba may break. Less -things will break if you use user or server level security instead of -the default share level security, but you may still strike -problems. - -The problems don't give rise to any security holes, so don't panic, -but it does mean some of Samba's capabilities will be unavailable. -In particular you will not be able to connect to the Samba server as -two different uids at once. This may happen if you try to print as a -"guest" while accessing a share as a normal user. It may also affect -your ability to list the available shares as this is normally done as -the guest user. - -Complain to your OS vendor and ask them to fix their system. - -Note: the reason why 65535 is a VERY bad choice of uid and gid is that -it casts to -1 as a uid, and the setreuid() system call ignores (with -no error) uid changes to -1. This means any daemon attempting to run -as uid 65535 will actually run as root. This is not good! - -</article> diff --git a/docs/faq/Samba-meta-FAQ-1.html b/docs/faq/Samba-meta-FAQ-1.html deleted file mode 100644 index 7258a32f1e..0000000000 --- a/docs/faq/Samba-meta-FAQ-1.html +++ /dev/null @@ -1,160 +0,0 @@ -<HTML> -<HEAD> -<TITLE> Samba meta FAQ: Quick Reference Guides to Samba Documentation - - -Previous -Next -Table of Contents -
-

1. Quick Reference Guides to Samba Documentation

- -

- -

-

We are endeavouring to provide links here to every major class of -information about Samba or things related to Samba. We cannot list every -document, but we are aiming for all documents to be at most two -referrals from those listed here. This needs constant maintaining, so -please send the author your feedback.

- -

1.1 Samba for the Impatient

- -

- -

-

You know you should read the documentation but can't wait to start? What -you need to do then is follow the instructions in the following -documents in the order given. This should be enough to get a fairly -simple site going quickly. If you have any problems, refer back to this -meta-FAQ and follow the links to find more reading material.

-

-

-

- -

-
Getting Samba:

The fastest way to get Samba -going is and install it is to have an operating system for which the -Samba team has put together an installation package. To see if your OS -is included have a look at the directory -/pub/samba/Binary_Packages/"OS_Vendor" on your nearest -mirror site. If it is included follow the -installation instructions in the README file there and then do some -basic testing. If you are not so fortunate, follow the normal -download instructions and then continue with -building and installing Samba.

-

- -

-
Building and Installing Samba:

At the moment -there are two kinds of Samba server installs besides the prepackaged -binaries mentioned in the previous step. You need to decide if you have a -Unix or close relative or -other supported operating system.

-

- -

-
Basic Testing:

Try to connect using the -supplied smbclient command-line program. You need to know the IP -hostname of your server. A service name must be defined in smb.conf, as -given in the examples (under many operating systems if there is a -homes service you can just use a valid username.) Then type -smbclient \\hostname\servicename -Under most Unixes you will need to put the parameters within quotation -marks. If this works, try connecting from one of the SMB clients you -were planning to use with Samba.

-

- -

-
Debug sequence:

If you think you have completed the -previous step and things aren't working properly work through -the diagnosis recipe.

-

- -

-
Exporting files to SMB clients:

You should read the manual pages -for smb.conf, but here is a -quick answer guide.

-

- -

-
Controlling user access:

the quickest and dirtiest way of sharing -resources is to use -share level security. If you want to spend more time and have a proper username -and password database you must read the paragraph on -domain mode security. If you want -encryption (eg you are using Windows NT clients) follow the -SMB encryption instructions.

-

- -

-
Browsing:

if you are happy to type in "\\samba-server\sharename" -at the client end then do not read any further. Otherwise you need to -understand the -browsing terminology -and read -Samba-Server-FAQ.html#NameBrowsing.

-

- -

-
Printing:

See the -printing quick answer guide.

- -
-

-

If you have got everything working to this point, you can expect Samba -to be stable and secure: these are its greatest strengths. However Samba -has a great deal to offer and to go further you must do some more -reading. Speed and security optimisations, printer accounting, network -logons, roving profiles, browsing across multiple subnets and so on are -all covered either in this document or in those it refers to.

- - -

1.2 All Samba Documentation

- -

- -

-

-

    -
  • Meta-FAQ. This is the mother of all documents, and is the one you -are reading now. The latest version is always at -http://samba.org/[.....] but there is probably a much -nearer -mirror site which you should use -instead. -
    • -
  • -Samba-Server-FAQ.html is the best starting point for -information about server-side issues. Includes configuration tips and -pointers for Samba on particular operating systems (with 40 to choose -from...) -
    • -
  • -Samba-Client-FAQ.html is the best starting point for -information about client-side issues, includes a list of all clients -that are known to work with Samba. -
    • -
  • -manual pages contains -descriptions of and links to all the Samba manual pages, in Unix man and -postscript format. -
    • -
  • -samba-txt-index.html has descriptions of and links to -a large number of text files have been contributed to samba covering -many topics. These are gradually being absorbed into the FAQs and HOWTOs -but in the meantime you might find helpful answers here. -
    • -
  • -
    • -
-

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-meta-FAQ-2.html b/docs/faq/Samba-meta-FAQ-2.html deleted file mode 100644 index 1e36332d42..0000000000 --- a/docs/faq/Samba-meta-FAQ-2.html +++ /dev/null @@ -1,384 +0,0 @@ - - - Samba meta FAQ: General Information - - -Previous -Next -Table of Contents -
-

2. General Information

- -

- -

-

All about Samba - what it is, how to get it, related sources of -information, how to understand the numbering scheme, pizza -details.

- -

2.1 What is Samba?

- -

- -

-

Samba is a suite of programs which work together to allow clients to -access to a server's filespace and printers via the SMB (Server Message -Block) and CIFS (Common Internet Filesystem) protocols. Initially -written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and -Amigas. Ports to BeOS and other operating systems are underway. Samba -gives the capability for these operating systems to behave much like a -LAN Server, Windows NT Server or Pathworks machine, only with added -functionality and flexibility designed to make life easier for -administrators.

-

This means that using Samba you can share a server's disks and printers -to many sorts of network clients, including Lan Manager, Windows for -Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic -client program supplied as part of the Samba suite which gives a user on -the server an ftp-like interface to access filespace and printers on any -other SMB/CIFS servers.

-

SMB has been implemented over many protocols, including XNS, NBT, IPX, -NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change -although there have been some requests for NetBEUI support.

-

Many users report that compared to other SMB implementations Samba is -more stable, faster, and compatible with more clients. Administrators of -some large installations say that Samba is the only SMB server available -which will scale to many tens of thousands of users without crashing. -The easy way to test these claims is to download it and try it for -yourself!

-

The suite is supplied with full source code under the -GNU Public License. The GPL means that you can -use Samba for whatever purpose you wish (including changing the source -or selling it for money) but under all circumstances the source code -must be made freely available. A copy of the GPL must always be included -in any copy of the package.

-

The primary creator of the Samba suite is Andrew Tridgell. Later -versions incorporate much effort by many net.helpers. The man pages -and this FAQ were originally written by Karl Auer.

- - -

2.2 What is the current version of Samba?

- -

- -

-

At time of writing, the current version was 1.9.17. If you want to be -sure check the bottom of the change-log file. -ftp://samba.org/pub/samba/alpha/change-log

-

For more information see -What do the version numbers mean?

- - -

2.3 Where can I get it?

- -

- -

-

The Samba suite is available via anonymous ftp from samba.org and -many -mirror sites. You will get much -faster performance if you use a mirror site. The latest and greatest -versions of the suite are in the directory:

-

/pub/samba/

-

Development (read "alpha") versions, which are NOT necessarily stable -and which do NOT necessarily have accurate documentation, are available -in the directory:

-

/pub/samba/alpha

-

Note that binaries are NOT included in any of the above. Samba is -distributed ONLY in source form, though binaries may be available from -other sites. Most Linux distributions, for example, do contain Samba -binaries for that platform. The VMS, OS/2, Netware and Amiga and other -ports typically have binaries made available.

-

A special case is vendor-provided binary packages. Samba binaries and -default configuration files are put into packages for a specific -operating system. RedHat Linux and Sun Solaris (Sparc and x86) is -already included, and others such as OS/2 may follow. All packages are -in the directory:

-

/pub/samba/Binary_Packages/"OS_Vendor"

- - -

2.4 What do the version numbers mean?

- -

- -

-

It is not recommended that you run a version of Samba with the word -"alpha" in its name unless you know what you are doing and are willing -to do some debugging. Many, many people just get the latest -recommended stable release version and are happy. If you are brave, by -all means take the plunge and help with the testing and development - -but don't install it on your departmental server. Samba is typically -very stable and safe, and this is mostly due to the policy of many -public releases.

-

How the scheme works:

-

-

    -
  1. When major changes are made the version number is increased. For -example, the transition from 1.9.16 to 1.9.17. However, this version -number will not appear immediately and people should continue to use -1.9.15 for production systems (see next point.) -
    2. -
  2. Just after major changes are made the software is considered -unstable, and a series of alpha releases are distributed, for example -1.9.16alpha1. These are for testing by those who know what they are -doing. The "alpha" in the filename will hopefully scare off those who -are just looking for the latest version to install. -
    3. -
  3. When Andrew thinks that the alphas have stabilised to the point -where he would recommend new users install it, he renames it to the -same version number without the alpha, for example 1.9.17. -
    4. -
  4. Inevitably bugs are found in the "stable" releases and minor patch -levels are released which give us the pXX series, for example 1.9.17p2. -
    5. -
-

-

So the progression goes:

-

-

-                1.9.16p10       (production)
-                1.9.16p11       (production)
-                1.9.17alpha1    (test sites only)
-                  :
-                1.9.17alpha20   (test sites only)
-                1.9.17          (production)
-                1.9.17p1        (production)
-
-

-

The above system means that whenever someone looks at the samba ftp -site they will be able to grab the highest numbered release without an -alpha in the name and be sure of getting the current recommended -version.

- - -

2.5 Where can I go for further information?

- -

- -

-

There are a number of places to look for more information on Samba, -including:

-

-

    -
  • Two mailing lists devoted to discussion of Samba-related matters. -See below for subscription information. -
    • -
  • The newsgroup comp.protocols.smb, which has a great deal of -discussion about Samba. -
    • -
  • The WWW site 'SAMBA Web Pages' at -http://samba.org/samba/ includes: - -
      -
    • Links to man pages and documentation, including this FAQ
      • -
    • A comprehensive survey of Samba users
      • -
    • A searchable hypertext archive of the Samba mailing list
      • -
    • Links to Samba source code, binaries, and mirrors of both
      • -
    • This FAQ and the rest in its family
      • -
    - -
    • -
-

- - -

2.6 How do I subscribe to the Samba Mailing Lists?

- -

- -

-

Send email to -listproc@samba.org. Make sure the subject line is blank, -and include the following two lines in the body of the message:

-

-

-
-subscribe samba Firstname Lastname
-subscribe samba-announce Firstname Lastname
-
-
-

-

Obviously you should substitute YOUR first name for "Firstname" and -YOUR last name for "Lastname"! Try not to send any signature, it -sometimes confuses the list processor.

-

The samba list is a digest list - every eight hours or so it sends a -single message containing all the messages that have been received by -the list since the last time and sends a copy of this message to all -subscribers. There are thousands of people on this list.

-

If you stop being interested in Samba, please send another email to -listproc@samba.org. Make sure the subject line is blank, and -include the following two lines in the body of the message:

-

-

-
-unsubscribe samba
-unsubscribe samba-announce
-
-
-

-

The From: line in your message MUST be the same -address you used when you subscribed.

- - -

2.7 Something's gone wrong - what should I do?

- -

- -

-

# *** IMPORTANT! *** #

- -

DO NOT post messages on mailing lists or in newsgroups until you have -carried out the first three steps given here!

-

-

    -
  1. See if there are any likely looking entries in this FAQ! -If you have just installed Samba, have you run through the checklist in -DIAGNOSIS.txt? It can save you a lot of time and effort. -DIAGNOSIS.txt can also be found in the docs directory of the Samba -distribution. -
    2. -
  2. Read the man pages for smbd, nmbd and smb.conf, looking for -topics that relate to what you are trying to do. -
    3. -
  3. If there is no obvious solution to hand, try to get a look at -the log files for smbd and/or nmbd for the period during which you -were having problems. You may need to reconfigure the servers to -provide more extensive debugging information - usually level 2 or -level 3 provide ample debugging info. Inspect these logs closely, -looking particularly for the string "Error:". -
    4. -
  4. If you need urgent help and are willing to pay for it see -Paid Support. -
    5. -
-

-

If you still haven't got anywhere, ask the mailing list or newsgroup. In -general nobody minds answering questions provided you have followed the -preceding steps. It might be a good idea to scan the archives of the -mailing list, which are available through the Samba web site described -in the previous section. When you post be sure to include a good -description of your environment and your problem.

-

If you successfully solve a problem, please mail the FAQ maintainer a -succinct description of the symptom, the problem and the solution, so -that an explanation can be incorporated into the next version.

- - -

2.8 How do I submit patches or bug reports?

- - -

If you make changes to the source code, please submit these patches -so that everyone else gets the benefit of your work. This is one of -the most important aspects to the maintainence of Samba. Send all -patches to -samba@samba.org. Do not send patches to Andrew Tridgell or any -other individual, they may be lost if you do.

-

Patch format -------------

-

If you are sending a patch to fix a problem then please don't just use -standard diff format. As an example, samba@samba.org received this patch from -someone:

-

382a -#endif -.. -381a -#if !defined(NEWS61)

-

How are we supposed to work out what this does and where it goes? These -sort of patches only work if we both have identical files in the first -place. The Samba sources are constantly changing at the hands of multiple -developers, so it doesn't work.

-

Please use either context diffs or (even better) unified diffs. You -get these using "diff -c4" or "diff -u". If you don't have a diff that -can generate these then please send manualy commented patches to I -know what is being changed and where. Most patches are applied by hand so -the info must be clear.

-

This is a basic guideline that will assist us with assessing your problem -more efficiently :

-

Machine Arch: -Machine OS: -OS Version: -Kernel:

-

Compiler: -Libc Version:

-

Samba Version:

-

Network Layout (description):

-

What else is on machine (services, etc):

-

Some extras :

-

-

    -
  • what you did and what happened -
    • -
  • relevant parts of a debugging output file with debuglevel higher. -If you can't find the relevant parts, please ask before mailing -huge files. -
    • -
  • anything else you think is useful to trace down the bug -
    • -
-

- - -

2.9 What if I have an URGENT message for the developers?

- - -

If you have spotted something very serious and believe that it is -important to contact the developers quickly send a message to -samba-urgent@samba.org. This will be processed more quickly than -mail to samba@samba.org. Please think carefully before using this address. An -example of its use might be to report a security hole.

-

Examples of things not to send to samba-urgent include problems -getting Samba to work at all and bugs that cannot potentially cause damage.

- - -

2.10 What if I need paid-for support?

- -

- -

-

Samba has a large network of consultants who provide Samba support on a -commercial basis. The list is included in the package in -../Support.txt, and the latest version will always be on the main -samba ftp site. Any company in the world can request that the samba team -include their details in Support.txt so we can give no guarantee of -their services.

- - -

2.11 Pizza supply details

- -

- - -Those who have registered in the Samba survey as "Pizza Factory" will -already know this, but the rest may need some help. Andrew doesn't ask -for payment, but he does appreciate it when people give him -pizza. This calls for a little organisation when the pizza donor is -twenty thousand kilometres away, but it has been done.

-

-

    -
  1. Ring up your local branch of an international pizza chain -and see if they honour their vouchers internationally. Pizza Hut do, -which is how the entire Canberra Linux Users Group got to eat pizza -one night, courtesy of someone in the US. -
    2. -
  2. Ring up a local pizza shop in Canberra and quote a credit -card number for a certain amount, and tell them that Andrew will be -collecting it (don't forget to tell him.) One kind soul from Germany -did this. -
    3. -
  3. Purchase a pizza voucher from your local pizza shop that has -no international affiliations and send it to Andrew. It is completely -useless but he can hang it on the wall next to the one he already has -from Germany :-) -
    4. -
  4. Air freight him a pizza with your favourite regional -flavours. It will probably get stuck in customs or torn apart by -hungry sniffer dogs but it will have been a noble gesture. -
    5. -
-

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-meta-FAQ-3.html b/docs/faq/Samba-meta-FAQ-3.html deleted file mode 100644 index 8ebb38a334..0000000000 --- a/docs/faq/Samba-meta-FAQ-3.html +++ /dev/null @@ -1,101 +0,0 @@ - - - Samba meta FAQ: About the CIFS and SMB Protocols - - -Previous -Next -Table of Contents -
-

3. About the CIFS and SMB Protocols

- -

- -

- -

3.1 What is the Server Message Block (SMB) Protocol?

- -

SMB is a filesharing protocol that has had several maintainers and -contributors over the years including Xerox, 3Com and most recently -Microsoft. Names for this protocol include LAN Manager and Microsoft -Networking. Parts of the specification has been made public at several -versions including in an X/Open document, as listed at -ftp://ftp.microsoft.com/developr/drg/CIFS/. No specification -releases were made between 1992 and 1996, and during that period -Microsoft became the SMB implementor with the largest market share. -Microsoft developed the specification further for its products but for -various reasons connected with developer's workload rather than market -strategy did not make the changes public. This culminated with the -"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant -improvements and bugs. Because Microsoft client systems are so popular, -it is fair to say that what Microsoft with Windows affects all suppliers -of SMB server products.

-

From 1994 Andrew Tridgell began doing some serious work on his -Smbserver (now Samba) product and with some helpers started to -implement more and more of these protocols. Samba began to take -a significant share of the SMB server market.

- - -

3.2 What is the Common Internet Filesystem (CIFS)?

- -

The initial pressure for Microsoft to document their current SMB -implementation came from the Samba team, who kept coming across things -on the wire that Microsoft either didn't know about or hadn't documented -anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems -came out with their WebNFS initiative, designed to replace FTP for file -transfers on the Internet. There are many drawbacks to WebNFS (including -its scope - it aims to replace HTTP as well!) but the concept was -attractive. FTP is not very clever, and why should it be harder to get -files from across the world than across the room?

-

Some hasty revisions were made and an Internet Draft for the Common -Internet Filesystem (CIFS) was released. Note that CIFS is not an -Internet standard and is a very long way from becoming one, BUT the -protocol specification is in the public domain and ongoing discussions -concerning the spec take place on a public mailing list according to the -rules of the Internet Engineering Task Force. For more information and -pointers see -http://samba.org/cifs/

-

The following is taken from -http://www.microsoft.com/intdev/cifs/

-

-

-    CIFS defines a standard remote file system access protocol for use
-    over the Internet, enabling groups of users to work together and
-    share documents across the Internet or within their corporate
-    intranets. CIFS is an open, cross-platform technology based on the
-    native file-sharing protocols built into Microsoft® Windows® and
-    other popular PC operating systems, and supported on dozens of
-    other platforms, including UNIX®. With CIFS, millions of computer
-    users can open and share remote files on the Internet without having
-    to install new software or change the way they work."
-
-

-

If you consider CIFS as a backwardsly-compatible refinement of SMB that -will work reasonably efficiently over the Internet you won't be too far -wrong.

-

The net effect is that Microsoft is now documenting large parts of their -Windows NT fileserver protocols. The security concepts embodied in -Windows NT are part of the specification, which is why Samba -documentation often talks in terms of Windows NT. However there is no -reason why a site shouldn't conduct all its file and printer sharing -with CIFS and yet have no Microsoft products at all.

- - -

3.3 What is Browsing?

- -

The term "Browsing" causes a lot of confusion. It is the part of the -SMB/CIFS protocol which allows for resource discovery. For example, in -the Windows NT Explorer it is possible to see a "Network Neighbourhood" -of computers in the same SMB workgroup. Clicking on the name of one of -these machines brings up a list of file and printer resources for -connecting to. In this way you can cruise the network, seeing what -things are available. How this scales to the Internet is a subject for -debate. Look at the CIFS list archives to see what the experts think.

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-meta-FAQ-4.html b/docs/faq/Samba-meta-FAQ-4.html deleted file mode 100644 index 73a9eea847..0000000000 --- a/docs/faq/Samba-meta-FAQ-4.html +++ /dev/null @@ -1,215 +0,0 @@ - - - Samba meta FAQ: Designing A SMB and CIFS Network - - -Previous -Next -Table of Contents -
-

4. Designing A SMB and CIFS Network

- - -

The big issues for installing any network of LAN or WAN file and print -servers are

-

-

    -
  • How and where usernames, passwords and other security information -is stored -
    • -
  • What method can be used for locating the resources that users have -permission to use -
    • -
  • What protocols the clients can converse with -
    • -
-

-

If you buy Netware, Windows NT or just about any other LAN fileserver -product you are expected to lock yourself into the product's preferred -answers to these questions. This tendancy is restrictive and often very -expensive for a site where there is only one kind of client or server, -and for sites with a mixture of operating systems it often makes it -impossible to share resources between some sets of users.

-

The Samba philosophy is to make things as easy as possible for -administators, which means allowing as many combinations of clients, -servers, operating systems and protocols as possible.

- -

4.1 Workgroups, Domains, Authentication and Browsing

- - -

From the point of view of networking implementation, Domains and -Workgroups are exactly the same, except for the client logon -sequence. Some kind of distributed authentication database is associated -with a domain (there are quite a few choices) and this adds so much -flexibility that many people think of a domain as a completely different -entity to a workgroup. From Samba's point of view a client connecting to -a service presents an authentication token, and it if it is valid they -have access. Samba does not care what mechanism was used to generate -that token in the first place.

-

The SMB client logging on to a domain has an expectation that every other -server in the domain should accept the same authentication information. -However the network browsing functionality of domains and workgroups is -identical and is explained in -../BROWSING.txt.

-

There are some implementation differences: Windows 95 can be a member of -both a workgroup and a domain, but Windows NT cannot. Windows 95 also -has the concept of an "alternative workgroup". Samba can only be a -member of a single workgroup or domain, although this is due to change -with a future version when nmbd will be split into two daemons, one for -WINS and the other for browsing ( -../NetBIOS.txt explains -what WINS is.)

- -

Defining the Terms

- -

- -

-

-

- -
Workgroup

means a collection of machines that maintain a common -browsing database containing information about their shared resources. -They do not necessarily have any security information in common (if they -do, it gets called a Domain.) The browsing database is dynamic, modified -as servers come and go on the network and as resources are added or -deleted. The term "browsing" refers to a user accessing the database via -whatever interface the client provides, eg the OS/2 Workplace Shell or -Windows 95 Explorer. SMB servers agree between themselves as to which -ones will maintain the browsing database. Workgroups can be anywhere on -a connected TCP/IP network, including on different subnets or even on -the Interet. This is a very tricky part of SMB to implement.

- -
Master Browsers

are machines which holds the master browsing -database for a workgroup or domain. There are two kinds of Master Browser:

-

-

    -
  • Domain Master Browser, which holds the master browsing -information for an entire domain, which may well cross multiple TCP/IP -subnets. -
    • -
  • Local Master Browser, which holds the master browsing database -for a particular subnet and communicates with the Domain Master Browser -to get information on other subnets. -
    • -
-

-

Subnets are differentiated because browsing is based on broadcasts, and -broadcasts do not pass through routers. Subnets are not routed: while it -is possible to have more than one subnet on a single network segment -this is regarded as very bad practice.

-

Master Browsers (both Domain and Local) are elected dynamically -according to an algorithm which is supposed to take into account the -machine's ability to sustain the browsing load. Samba can be configured -to always act as a master browser, ie it always wins elections under all -circumstances, even against systems such as a Windows NT Primary Domain -Controller which themselves expect to win.

-

There are also Backup Browsers which are promoted to Master Browsers in -the event of a Master Browser disappearing from the network.

-

Alternative terms include confusing variations such as "Browse Master", -and "Master Browser" which we are trying to eliminate from the Samba -documentation.

- -
Domain Controller

is a term which comes from the Microsoft and IBM -etc implementation of the LAN Manager protocols. It is tied to -authentication. There are other ways of doing domain authentication, but -the Windows NT method has a large market share. The general issues are -discussed in -../DOMAIN.txt and a Windows NT-specific -discussion is in -../DOMAIN_CONTROL.txt.

- -
-

- -

Sharelevel (Workgroup) Security Services

- -

- -

-

With the Samba setting "security = SHARE", all shared resources -information about what password is associated with them but only hints -as to what usernames might be valid (the hint can be 'all users', in -which case any username will work. This is usually a bad idea, but -reflects both the initial implementations of SMB in the mid-80s and -its reincarnation with Windows for Workgroups in 1992. The idea behind -workgroup security was that small independant groups of people could -share information on an ad-hoc basis without there being an -authentication infrastructure present or requiring them to do more than -fill in a dialogue box.

- -

Authentication Domain Mode Services

- -

- -

-

With the Samba settings "security = USER" or "security = SERVER" -accesses to all resources are checked for username/password pair matches -in a more rigorous manner. To the client, this has the effect of -emulating a Microsoft Domain. The client is not concerned whether or not -Samba looks up a Windows NT SAM or does it in some other way.

- - -

4.2 Authentication Schemes

- - -

In the simple case authentication information is stored on a single -server and the user types a password on connecting for the first time. -However client operating systems often require a password before they -can be used at all, and in addition users usually want access to more -than one server. Asking users to remember many different passwords in -different contexts just does not work. Some kind of distributed -authentication database is needed. It must cope with password changes -and provide for assigning groups of users the same level of access -permissions. This is why Samba installations often choose to implement a -Domain model straight away.

-

Authentication decisions are some of the biggest in designing a network. -Are you going to use a scheme native to the client operating system, -native to the server operating system, or newly installed on both? A -list of options relevant to Samba (ie that make sense in the context of -the SMB protocol) follows. Any experiences with other setups would be -appreciated. refer to server FAQ for "passwd chat" passwd program -password server etc etc...

- -

NIS

- - -

For Windows 95, Windows for Workgroups and most other clients Samba can -be a domain controller and share the password database via NIS -transparently. Windows NT is different. -Free NIS NT client

- -

Kerberos

- - -

Kerberos for US users only: -Kerberos overview -Download Kerberos

- -

FTP

- - -

Other NT w/s logon hack via NT

- -

Default Server Method

- - - -

Client-side Database Only

- - - - -

4.3 Post-Authentication: Netlogon, Logon Scripts, Profiles

- - -

See -../DOMAIN.txt

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-meta-FAQ-5.html b/docs/faq/Samba-meta-FAQ-5.html deleted file mode 100644 index ad528b0a97..0000000000 --- a/docs/faq/Samba-meta-FAQ-5.html +++ /dev/null @@ -1,30 +0,0 @@ - - - Samba meta FAQ: Cross-Protocol File Sharing - - -Previous -Next -Table of Contents -
-

5. Cross-Protocol File Sharing

- - -

Samba is an important tool for...

-

It is possible to...

-

File protocol gateways...

-

"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html

-

Two free implementations of Appletalk for Unix are Netatalk, -http://www.umich.edu/~rsug/netatalk/, and CAP, -http://www.cs.mu.oz.au/appletalk/atalk.html. What Samba offers MS -Windows users, these packages offer to Macs. For more info on these -packages, Samba, and Linux (and other UNIX-based systems) see -http://www.eats.com/linux_mac_win.html 3.5) Sniffing your nework

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-meta-FAQ-6.html b/docs/faq/Samba-meta-FAQ-6.html deleted file mode 100644 index f8cd7817d6..0000000000 --- a/docs/faq/Samba-meta-FAQ-6.html +++ /dev/null @@ -1,30 +0,0 @@ - - - Samba meta FAQ: Miscellaneous - - -Previous -Next -Table of Contents -
-

6. Miscellaneous

- -

- -

-

6.1 Is Samba Year 2000 compliant?

- -

- - -The CIFS protocol that Samba implements -negotiates times in various formats, all of which -are able to cope with dates beyond 2000.

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-meta-FAQ.html b/docs/faq/Samba-meta-FAQ.html deleted file mode 100644 index 38f094bf33..0000000000 --- a/docs/faq/Samba-meta-FAQ.html +++ /dev/null @@ -1,102 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Samba meta FAQ - - -Previous -Next -Table of Contents -
-

Samba meta FAQ

- -

Dan Shearer & Paul Blackman, ictinus@samba.org

v 0.3, 7 Oct '97 -

This is the meta-Frequently Asked Questions (FAQ) document -for Samba, the free and very popular SMB and CIFS server product. It -contains overview information for the Samba suite of programs, a -quick-start guide, and pointers to all other Samba documentation. Other -FAQs exist for specific client and server issues, and HOWTO documents -for more extended topics to do with Samba software. Current to version -Samba 1.9.17. Please send any corrections to the author.

-

-

1. Quick Reference Guides to Samba Documentation

- - -

-

2. General Information

- - -

-

3. About the CIFS and SMB Protocols

- - -

-

4. Designing A SMB and CIFS Network

- - -

-

5. Cross-Protocol File Sharing

- -

-

6. Miscellaneous

- - - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/Samba-meta-FAQ.sgml b/docs/faq/Samba-meta-FAQ.sgml deleted file mode 100644 index ecaa1b267c..0000000000 --- a/docs/faq/Samba-meta-FAQ.sgml +++ /dev/null @@ -1,644 +0,0 @@ - - - -
- - Samba meta FAQ - -<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt> - -<date>v 0.3, 7 Oct '97 - -<abstract> This is the meta-Frequently Asked Questions (FAQ) document -for Samba, the free and very popular SMB and CIFS server product. It -contains overview information for the Samba suite of programs, a -quick-start guide, and pointers to all other Samba documentation. Other -FAQs exist for specific client and server issues, and HOWTO documents -for more extended topics to do with Samba software. Current to version -Samba 1.9.17. Please send any corrections to the author. -</abstract> - -<toc> - -<sect> Quick Reference Guides to Samba Documentation<p><label id=quickref> - -We are endeavouring to provide links here to every major class of -information about Samba or things related to Samba. We cannot list every -document, but we are aiming for all documents to be at most two -referrals from those listed here. This needs constant maintaining, so -please send the author your feedback. - -<sect1> Samba for the Impatient<p><label id="impatient"> - -You know you should read the documentation but can't wait to start? What -you need to do then is follow the instructions in the following -documents in the order given. This should be enough to get a fairly -simple site going quickly. If you have any problems, refer back to this -meta-FAQ and follow the links to find more reading material. - -<descrip> - -<label id="ImpGet"><tag/Getting Samba:/ The fastest way to get Samba -going is and install it is to have an operating system for which the -Samba team has put together an installation package. To see if your OS -is included have a look at the directory -/pub/samba/Binary_Packages/"OS_Vendor" on your nearest <url -url="../MIRRORS" name="mirror site">. If it is included follow the -installation instructions in the README file there and then do some <ref id="ImpTest" -name="basic testing">. If you are not so fortunate, follow the normal <ref -id="WhereFrom" name="download instructions"> and then continue with <ref -id="ImpInst" name="building and installing Samba">. - -<label id="ImpInst"><tag/Building and Installing Samba:/ At the moment -there are two kinds of Samba server installs besides the prepackaged -binaries mentioned in the previous step. You need to decide if you have a <url url="../UNIX_INSTALL.txt" -name="Unix or close relative"> or <url -url="Samba-Server-FAQ.html#PortInfo" name="other supported operating system">. - -<label id="ImpTest"><tag/Basic Testing:/ Try to connect using the -supplied smbclient command-line program. You need to know the IP -hostname of your server. A service name must be defined in smb.conf, as -given in the examples (under many operating systems if there is a -[homes] service you can just use a valid username.) Then type -<tt> - smbclient \\hostname\servicename -</tt> -Under most Unixes you will need to put the parameters within quotation -marks. If this works, try connecting from one of the SMB clients you -were planning to use with Samba. - -<label id="ImpDebug"><tag/Debug sequence:/ If you think you have completed the -previous step and things aren't working properly work through -<url url="../DIAGNOSIS.txt" name="the diagnosis recipe."> - -<label id="ImpExp"><tag/Exporting files to SMB clients:/ You should read the manual pages -for smb.conf, but here is a <url url="Samba-Server-FAQ.html#Exporting" -name="quick answer guide."> - -<label id="ImpControl"><tag/Controlling user access:/ the quickest and dirtiest way of sharing -resources is to use <ref id="ShareModeSecurity" name="share level -security."> If you want to spend more time and have a proper username -and password database you must read the paragraph on <ref -id="DomainModeSecurity" name="domain mode security."> If you want -encryption (eg you are using Windows NT clients) follow the <url -url="Samba-Server-FAQ.html#SMBEncryptionSteps" name="SMB encryption -instructions."> - -<label id="ImpBrowse"><tag/Browsing:/ if you are happy to type in "\\samba-server\sharename" -at the client end then do not read any further. Otherwise you need to -understand the <ref id="BrowsingDefinitions" name="browsing terminology"> -and read <url url="Samba-Server-FAQ.html#NameBrowsing">. - -<label id="ImpPrint"><tag/Printing:/ See the <url url="Samba-Server-FAQ.html#Printing" -name="printing quick answer guide."> - -</descrip> - -If you have got everything working to this point, you can expect Samba -to be stable and secure: these are its greatest strengths. However Samba -has a great deal to offer and to go further you must do some more -reading. Speed and security optimisations, printer accounting, network -logons, roving profiles, browsing across multiple subnets and so on are -all covered either in this document or in those it refers to. - -<sect1> All Samba Documentation<p><label id=AllDocs> - -<itemize> - -<item> Meta-FAQ. This is the mother of all documents, and is the one you -are reading now. The latest version is always at <url -url="http://samba.org/[.....]"> but there is probably a much -nearer <url url="../MIRRORS" name="mirror site"> which you should use -instead. - -<item> <url url="Samba-Server-FAQ.html"> is the best starting point for -information about server-side issues. Includes configuration tips and -pointers for Samba on particular operating systems (with 40 to choose -from...) - -<item> <url url="Samba-Client-FAQ.html"> is the best starting point for -information about client-side issues, includes a list of all clients -that are known to work with Samba. - -</itemize> - -<sect> General Information<p><label id="general_info"> - -All about Samba - what it is, how to get it, related sources of -information, how to understand the numbering scheme, pizza -details. - -<sect1> What is Samba?<p><label id="introduction"> - -Samba is a suite of programs which work together to allow clients to -access to a server's filespace and printers via the SMB (Server Message -Block) and CIFS (Common Internet Filesystem) protocols. Initially -written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and -Amigas. Ports to BeOS and other operating systems are underway. Samba -gives the capability for these operating systems to behave much like a -LAN Server, Windows NT Server or Pathworks machine, only with added -functionality and flexibility designed to make life easier for -administrators. - -This means that using Samba you can share a server's disks and printers -to many sorts of network clients, including Lan Manager, Windows for -Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic -client program supplied as part of the Samba suite which gives a user on -the server an ftp-like interface to access filespace and printers on any -other SMB/CIFS servers. - -SMB has been implemented over many protocols, including XNS, NBT, IPX, -NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change -although there have been some requests for NetBEUI support. - -Many users report that compared to other SMB implementations Samba is -more stable, faster, and compatible with more clients. Administrators of -some large installations say that Samba is the only SMB server available -which will scale to many tens of thousands of users without crashing. -The easy way to test these claims is to download it and try it for -yourself! - -The suite is supplied with full source code under the <url -url="../COPYING" name="GNU Public License">. The GPL means that you can -use Samba for whatever purpose you wish (including changing the source -or selling it for money) but under all circumstances the source code -must be made freely available. A copy of the GPL must always be included -in any copy of the package. - -The primary creator of the Samba suite is Andrew Tridgell. Later -versions incorporate much effort by many helpers. The man pages -and this FAQ were originally written by Karl Auer. - -<sect1> Where can I go for further information?<p><label id="more"> - -There are a number of places to look for more information on Samba, -including: - -<itemize> - -<item>The mailing lists devoted to discussion of Samba-related matters. -See below for subscription information. - -<item>The newsgroup comp.protocols.smb, which has a great deal of -discussion about Samba. - -<item>The WWW site 'SAMBA Web Pages' at <url -url="http://samba.org/samba/"> includes: - - <itemize> - <item>Links to man pages and documentation, including this FAQ - <item>A comprehensive survey of Samba users - <item>A searchable hypertext archive of the Samba mailing list - <item>Links to Samba source code, binaries, and mirrors of both - <item>This FAQ and the rest in its family - </itemize> - -</itemize> - -<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist"> - -Surf to <url url="http://lists.samba.org/"> for an overview of all the mailing lists. - -<sect1> Something's gone wrong - what should I do?<p><label id="wrong"> - -<bf>[#] *** IMPORTANT! *** [#]</bf> -<p> - -DO NOT post messages on mailing lists or in newsgroups until you have -carried out the first three steps given here! - -<enum> <item> See if there are any likely looking entries in this FAQ! -If you have just installed Samba, have you run through the checklist in -<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt" -name="DIAGNOSIS.txt">? It can save you a lot of time and effort. -DIAGNOSIS.txt can also be found in the docs directory of the Samba -distribution. - -<item> Read the man pages for smbd, nmbd and smb.conf, looking for -topics that relate to what you are trying to do. - -<item> If there is no obvious solution to hand, try to get a look at -the log files for smbd and/or nmbd for the period during which you -were having problems. You may need to reconfigure the servers to -provide more extensive debugging information - usually level 2 or -level 3 provide ample debugging info. Inspect these logs closely, -looking particularly for the string "Error:". - -<item> If you need urgent help and are willing to pay for it see -<ref id="PaidSupport" name="Paid Support">. - -</enum> - -If you still haven't got anywhere, ask the mailing list or newsgroup. In -general nobody minds answering questions provided you have followed the -preceding steps. It might be a good idea to scan the archives of the -mailing list, which are available through the Samba web site described -in the previous section. When you post be sure to include a good -description of your environment and your problem. - -If you successfully solve a problem, please mail the FAQ maintainer a -succinct description of the symptom, the problem and the solution, so -that an explanation can be incorporated into the next version. - -<sect1> How do I submit patches or bug reports?<p> - -If you make changes to the source code, <em>please</em> submit these patches -so that everyone else gets the benefit of your work. This is one of -the most important aspects to the maintainence of Samba. Send all -patches to <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. Do not send patches to Andrew Tridgell or any -other individual, they may be lost if you do. - -Patch format ------------- - -If you are sending a patch to fix a problem then please don't just use -standard diff format. As an example, samba@samba.org received this patch from -someone: - -382a -#endif -.. -381a -#if !defined(NEWS61) - -How are we supposed to work out what this does and where it goes? These -sort of patches only work if we both have identical files in the first -place. The Samba sources are constantly changing at the hands of multiple -developers, so it doesn't work. - -Please use either context diffs or (even better) unified diffs. You -get these using "diff -c4" or "diff -u". If you don't have a diff that -can generate these then please send manualy commented patches to I -know what is being changed and where. Most patches are applied by hand so -the info must be clear. - -This is a basic guideline that will assist us with assessing your problem -more efficiently : - -Machine Arch: -Machine OS: -OS Version: -Kernel: - -Compiler: -Libc Version: - -Samba Version: - -Network Layout (description): - -What else is on machine (services, etc): - -Some extras : - -<itemize> - -<item> what you did and what happened - -<item> relevant parts of a debugging output file with debuglevel higher. - If you can't find the relevant parts, please ask before mailing - huge files. - -<item> anything else you think is useful to trace down the bug - -</itemize> - -<sect1> What if I have an URGENT message for the developers?<p> - -If you have spotted something very serious and believe that it is -important to contact the developers quickly send a message to -samba-urgent@samba.org. This will be processed more quickly than -mail to samba@samba.org. Please think carefully before using this address. An -example of its use might be to report a security hole. - -Examples of things <em>not</em> to send to samba-urgent include problems -getting Samba to work at all and bugs that cannot potentially cause damage. - -<sect1> What if I need paid-for support?<p><label id=PaidSupport> - -Samba has a large network of consultants who provide Samba support on a -commercial basis. The list is included in the package in <url -url="../Support.txt">, and the latest version will always be on the main -samba ftp site. Any company in the world can request that the samba team -include their details in Support.txt so we can give no guarantee of -their services. - -<sect1> Pizza supply details<p><label id="pizza"> -Those who have registered in the Samba survey as "Pizza Factory" will -already know this, but the rest may need some help. Andrew doesn't ask -for payment, but he does appreciate it when people give him -pizza. This calls for a little organisation when the pizza donor is -twenty thousand kilometres away, but it has been done. - -<enum> -<item> Ring up your local branch of an international pizza chain -and see if they honour their vouchers internationally. Pizza Hut do, -which is how the entire Canberra Linux Users Group got to eat pizza -one night, courtesy of someone in the US. - -<item>Ring up a local pizza shop in Canberra and quote a credit -card number for a certain amount, and tell them that Andrew will be -collecting it (don't forget to tell him.) One kind soul from Germany -did this. - -<item>Purchase a pizza voucher from your local pizza shop that has -no international affiliations and send it to Andrew. It is completely -useless but he can hang it on the wall next to the one he already has -from Germany :-) - -<item>Air freight him a pizza with your favourite regional -flavours. It will probably get stuck in customs or torn apart by -hungry sniffer dogs but it will have been a noble gesture. - -</enum> - -<sect>About the CIFS and SMB Protocols<p><label id="CifsSmb"> - -<sect1> What is the Server Message Block (SMB) Protocol?<p> -SMB is a filesharing protocol that has had several maintainers and -contributors over the years including Xerox, 3Com and most recently -Microsoft. Names for this protocol include LAN Manager and Microsoft -Networking. Parts of the specification has been made public at several -versions including in an X/Open document, as listed at -<url url="ftp://ftp.microsoft.com/developr/drg/CIFS/">. No specification -releases were made between 1992 and 1996, and during that period -Microsoft became the SMB implementor with the largest market share. -Microsoft developed the specification further for its products but for -various reasons connected with developer's workload rather than market -strategy did not make the changes public. This culminated with the -"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant -improvements and bugs. Because Microsoft client systems are so popular, -it is fair to say that what Microsoft with Windows affects all suppliers -of SMB server products. - -From 1994 Andrew Tridgell began doing some serious work on his -Smbserver (now Samba) product and with some helpers started to -implement more and more of these protocols. Samba began to take -a significant share of the SMB server market. - -<sect1> What is the Common Internet Filesystem (CIFS)?<p> -The initial pressure for Microsoft to document their current SMB -implementation came from the Samba team, who kept coming across things -on the wire that Microsoft either didn't know about or hadn't documented -anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems -came out with their WebNFS initiative, designed to replace FTP for file -transfers on the Internet. There are many drawbacks to WebNFS (including -its scope - it aims to replace HTTP as well!) but the concept was -attractive. FTP is not very clever, and why should it be harder to get -files from across the world than across the room? - -Some hasty revisions were made and an Internet Draft for the Common -Internet Filesystem (CIFS) was released. Note that CIFS is not an -Internet standard and is a very long way from becoming one, BUT the -protocol specification is in the public domain and ongoing discussions -concerning the spec take place on a public mailing list according to the -rules of the Internet Engineering Task Force. For more information and -pointers see <url url="http://samba.org/cifs/"> - -The following is taken from <url url="http://www.microsoft.com/intdev/cifs/"> - -<verb> - CIFS defines a standard remote file system access protocol for use - over the Internet, enabling groups of users to work together and - share documents across the Internet or within their corporate - intranets. CIFS is an open, cross-platform technology based on the - native file-sharing protocols built into Microsoft® Windows® and - other popular PC operating systems, and supported on dozens of - other platforms, including UNIX®. With CIFS, millions of computer - users can open and share remote files on the Internet without having - to install new software or change the way they work." -</verb> - -If you consider CIFS as a backwardsly-compatible refinement of SMB that -will work reasonably efficiently over the Internet you won't be too far -wrong. - -The net effect is that Microsoft is now documenting large parts of their -Windows NT fileserver protocols. The security concepts embodied in -Windows NT are part of the specification, which is why Samba -documentation often talks in terms of Windows NT. However there is no -reason why a site shouldn't conduct all its file and printer sharing -with CIFS and yet have no Microsoft products at all. - -<sect1> What is Browsing? <p> -The term "Browsing" causes a lot of confusion. It is the part of the -SMB/CIFS protocol which allows for resource discovery. For example, in -the Windows NT Explorer it is possible to see a "Network Neighbourhood" -of computers in the same SMB workgroup. Clicking on the name of one of -these machines brings up a list of file and printer resources for -connecting to. In this way you can cruise the network, seeing what -things are available. How this scales to the Internet is a subject for -debate. Look at the CIFS list archives to see what the experts think. - -<sect>Designing A SMB and CIFS Network<p> - -The big issues for installing any network of LAN or WAN file and print -servers are - -<itemize> - -<item>How and where usernames, passwords and other security information -is stored - -<item>What method can be used for locating the resources that users have -permission to use - -<item>What protocols the clients can converse with - -</itemize> - -If you buy Netware, Windows NT or just about any other LAN fileserver -product you are expected to lock yourself into the product's preferred -answers to these questions. This tendancy is restrictive and often very -expensive for a site where there is only one kind of client or server, -and for sites with a mixture of operating systems it often makes it -impossible to share resources between some sets of users. - -The Samba philosophy is to make things as easy as possible for -administators, which means allowing as many combinations of clients, -servers, operating systems and protocols as possible. - -<sect1>Workgroups, Domains, Authentication and Browsing<p> - -From the point of view of networking implementation, Domains and -Workgroups are <em>exactly</em> the same, except for the client logon -sequence. Some kind of distributed authentication database is associated -with a domain (there are quite a few choices) and this adds so much -flexibility that many people think of a domain as a completely different -entity to a workgroup. From Samba's point of view a client connecting to -a service presents an authentication token, and it if it is valid they -have access. Samba does not care what mechanism was used to generate -that token in the first place. - -The SMB client logging on to a domain has an expectation that every other -server in the domain should accept the same authentication information. -However the network browsing functionality of domains and workgroups is -identical and is explained in <url url="../BROWSING.txt">. - -There are some implementation differences: Windows 95 can be a member of -both a workgroup and a domain, but Windows NT cannot. Windows 95 also -has the concept of an "alternative workgroup". Samba can only be a -member of a single workgroup or domain, although this is due to change -with a future version when nmbd will be split into two daemons, one for -WINS and the other for browsing (<url url="../NetBIOS.txt"> explains -what WINS is.) - -<sect2> Defining the Terms<p><label id="BrowseAndDomainDefs"> - -<descrip> - -<tag/Workgroup/ means a collection of machines that maintain a common -browsing database containing information about their shared resources. -They do not necessarily have any security information in common (if they -do, it gets called a Domain.) The browsing database is dynamic, modified -as servers come and go on the network and as resources are added or -deleted. The term "browsing" refers to a user accessing the database via -whatever interface the client provides, eg the OS/2 Workplace Shell or -Windows 95 Explorer. SMB servers agree between themselves as to which -ones will maintain the browsing database. Workgroups can be anywhere on -a connected TCP/IP network, including on different subnets or even on -the Interet. This is a very tricky part of SMB to implement. - -<tag/Master Browsers/ are machines which holds the master browsing -database for a workgroup or domain. There are two kinds of Master Browser: - -<itemize> - -<item> Domain Master Browser, which holds the master browsing -information for an entire domain, which may well cross multiple TCP/IP -subnets. - -<item> Local Master Browser, which holds the master browsing database -for a particular subnet and communicates with the Domain Master Browser -to get information on other subnets. - -</itemize> - -Subnets are differentiated because browsing is based on broadcasts, and -broadcasts do not pass through routers. Subnets are not routed: while it -is possible to have more than one subnet on a single network segment -this is regarded as very bad practice. - -Master Browsers (both Domain and Local) are elected dynamically -according to an algorithm which is supposed to take into account the -machine's ability to sustain the browsing load. Samba can be configured -to always act as a master browser, ie it always wins elections under all -circumstances, even against systems such as a Windows NT Primary Domain -Controller which themselves expect to win. - -There are also Backup Browsers which are promoted to Master Browsers in -the event of a Master Browser disappearing from the network. - -Alternative terms include confusing variations such as "Browse Master", -and "Master Browser" which we are trying to eliminate from the Samba -documentation. - -<tag/Domain Controller/ is a term which comes from the Microsoft and IBM -etc implementation of the LAN Manager protocols. It is tied to -authentication. There are other ways of doing domain authentication, but -the Windows NT method has a large market share. The general issues are -discussed in <url url="../DOMAIN.txt"> and a Windows NT-specific -discussion is in <url url="../DOMAIN_CONTROL.txt">. - -</descrip> - -<sect2>Sharelevel (Workgroup) Security Services<p><label id="ShareModeSecurity"> - -With the Samba setting "security = SHARE", all shared resources -information about what password is associated with them but only hints -as to what usernames might be valid (the hint can be 'all users', in -which case any username will work. This is usually a bad idea, but -reflects both the initial implementations of SMB in the mid-80s and -its reincarnation with Windows for Workgroups in 1992. The idea behind -workgroup security was that small independant groups of people could -share information on an ad-hoc basis without there being an -authentication infrastructure present or requiring them to do more than -fill in a dialogue box. - -<sect2>Authentication Domain Mode Services<p><label id="DomainModeSecurity"> - -With the Samba settings "security = USER" or "security = SERVER" -accesses to all resources are checked for username/password pair matches -in a more rigorous manner. To the client, this has the effect of -emulating a Microsoft Domain. The client is not concerned whether or not -Samba looks up a Windows NT SAM or does it in some other way. - -<sect1>Authentication Schemes<p> - -In the simple case authentication information is stored on a single -server and the user types a password on connecting for the first time. -However client operating systems often require a password before they -can be used at all, and in addition users usually want access to more -than one server. Asking users to remember many different passwords in -different contexts just does not work. Some kind of distributed -authentication database is needed. It must cope with password changes -and provide for assigning groups of users the same level of access -permissions. This is why Samba installations often choose to implement a -Domain model straight away. - -Authentication decisions are some of the biggest in designing a network. -Are you going to use a scheme native to the client operating system, -native to the server operating system, or newly installed on both? A -list of options relevant to Samba (ie that make sense in the context of -the SMB protocol) follows. Any experiences with other setups would be -appreciated. [refer to server FAQ for "passwd chat" passwd program -password server etc etc...] - -<sect2>NIS<p> - -For Windows 95, Windows for Workgroups and most other clients Samba can -be a domain controller and share the password database via NIS -transparently. Windows NT is different. -<url url="http://www.dcs.qmw.ac.uk/~williams" name="Free NIS NT client"> - -<sect2>Kerberos<p> - -Kerberos for US users only: -<url url="http://www.cygnus.com/product/unifying-security.html" -name="Kerberos overview"> -<url url="http://www.cygnus.com/product/kerbnet-download.html" -name="Download Kerberos"> - -<sect2>FTP<p> - -Other NT w/s logon hack via NT - -<sect2>Default Server Method<p> - -<sect2>Client-side Database Only<p> - -<sect1>Post-Authentication: Netlogon, Logon Scripts, Profiles<p> - -See <url url="../DOMAIN.txt"> - -<sect>Cross-Protocol File Sharing<p> - -Samba is an important tool for... - -It is possible to... - -File protocol gateways... - -"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html - -Two free implementations of Appletalk for Unix are Netatalk, <url -url="http://www.umich.edu/~rsug/netatalk/">, and CAP, <url -url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers MS -Windows users, these packages offer to Macs. For more info on these -packages, Samba, and Linux (and other UNIX-based systems) see <url -url="http://www.eats.com/linux_mac_win.html"> 3.5) Sniffing your nework - - -<sect>Miscellaneous<p><label id="miscellaneous"> -<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant"> -The CIFS protocol that Samba implements -negotiates times in various formats, all of which -are able to cope with dates beyond 2000. - -</article> diff --git a/docs/faq/Samba-meta-FAQ.txt b/docs/faq/Samba-meta-FAQ.txt deleted file mode 100644 index 01fc8d6ccf..0000000000 --- a/docs/faq/Samba-meta-FAQ.txt +++ /dev/null @@ -1,924 +0,0 @@ - Samba meta FAQ - Dan Shearer & Paul Blackman, ictinus@samba.org - v 0.3, 7 Oct '97 - - This is the meta-Frequently Asked Questions (FAQ) document for Samba, - the free and very popular SMB and CIFS server product. It contains - overview information for the Samba suite of programs, a quick-start - guide, and pointers to all other Samba documentation. Other FAQs exist - for specific client and server issues, and HOWTO documents for more - extended topics to do with Samba software. Current to version Samba - 1.9.17. Please send any corrections to the author. - ______________________________________________________________________ - - Table of Contents: - - 1. Quick Reference Guides to Samba Documentation - - 1.1. Samba for the Impatient - - 1.2. All Samba Documentation - - 2. General Information - - 2.1. What is Samba? - - 2.2. What is the current version of Samba? - - 2.3. Where can I get it? - - 2.4. What do the version numbers mean? - - 2.5. Where can I go for further information? - - 2.6. How do I subscribe to the Samba Mailing Lists? - - 2.7. Something's gone wrong - what should I do? - - 2.8. How do I submit patches or bug reports? - - 2.9. What if I have an URGENT message for the developers? - - 2.10. What if I need paid-for support? - - 2.11. Pizza supply details - - 3. About the CIFS and SMB Protocols - - 3.1. What is the Server Message Block (SMB) Protocol? - - 3.2. What is the Common Internet Filesystem (CIFS)? - - 3.3. What is Browsing? - - 4. Designing A SMB and CIFS Network - - 4.1. Workgroups, Domains, Authentication and Browsing - - 4.1.1. Defining the Terms - - 4.1.2. Sharelevel (Workgroup) Security Services - - 4.1.3. Authentication Domain Mode Services - - 4.2. Authentication Schemes - - - 4.2.1. NIS - - 4.2.2. Kerberos - - 4.2.3. FTP - - 4.2.4. Default Server Method - - 4.2.5. Client-side Database Only - - 4.3. Post-Authentication: Netlogon, Logon Scripts, Profiles - - 5. Cross-Protocol File Sharing - - 6. Miscellaneous - - 6.1. Is Samba Year 2000 compliant? - ______________________________________________________________________ - - 11.. QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn - - - We are endeavouring to provide links here to every major class of - information about Samba or things related to Samba. We cannot list - every document, but we are aiming for all documents to be at most two - referrals from those listed here. This needs constant maintaining, so - please send the author your feedback. - - - 11..11.. SSaammbbaa ffoorr tthhee IImmppaattiieenntt - - - You know you should read the documentation but can't wait to start? - What you need to do then is follow the instructions in the following - documents in the order given. This should be enough to get a fairly - simple site going quickly. If you have any problems, refer back to - this meta-FAQ and follow the links to find more reading material. - - - - GGeettttiinngg SSaammbbaa:: - The fastest way to get Samba going is and install it is to have - an operating system for which the Samba team has put together an - installation package. To see if your OS is included have a look - at the directory /pub/samba/Binary_Packages/"OS_Vendor" on your - nearest mirror site <../MIRRORS>. If it is included follow the - installation instructions in the README file there and then do - some ``basic testing''. If you are not so fortunate, follow the - normal ``download instructions'' and then continue with - ``building and installing Samba''. - - - BBuuiillddiinngg aanndd IInnssttaalllliinngg SSaammbbaa:: - At the moment there are two kinds of Samba server installs - besides the prepackaged binaries mentioned in the previous step. - You need to decide if you have a Unix or close relative - <../UNIX_INSTALL.txt> or other supported operating system - <Samba-Server-FAQ.html#PortInfo>. - - - BBaassiicc TTeessttiinngg:: - Try to connect using the supplied smbclient command-line - program. You need to know the IP hostname of your server. A - service name must be defined in smb.conf, as given in the - examples (under many operating systems if there is a homes - service you can just use a valid username.) Then type smbclient - \hostnamevicename Under most Unixes you will need to put the - parameters within quotation marks. If this works, try connecting - from one of the SMB clients you were planning to use with Samba. - - - DDeebbuugg sseeqquueennccee:: - If you think you have completed the previous step and things - aren't working properly work through the diagnosis recipe. - <../DIAGNOSIS.txt> - - - EExxppoorrttiinngg ffiilleess ttoo SSMMBB cclliieennttss:: - You should read the manual pages for smb.conf, but here is a - quick answer guide. <Samba-Server-FAQ.html#Exporting> - - - CCoonnttrroolllliinngg uusseerr aacccceessss:: - the quickest and dirtiest way of sharing resources is to use - ``share level security.'' If you want to spend more time and - have a proper username and password database you must read the - paragraph on ``domain mode security.'' If you want encryption - (eg you are using Windows NT clients) follow the SMB encryption - instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps> - - - BBrroowwssiinngg:: - if you are happy to type in "\samba-serverrename" at the client - end then do not read any further. Otherwise you need to - understand the ``browsing terminology'' and read <Samba-Server- - FAQ.html#NameBrowsing>. - - - PPrriinnttiinngg:: - See the printing quick answer guide. <Samba-Server- - FAQ.html#Printing> - - - If you have got everything working to this point, you can expect Samba - to be stable and secure: these are its greatest strengths. However - Samba has a great deal to offer and to go further you must do some - more reading. Speed and security optimisations, printer accounting, - network logons, roving profiles, browsing across multiple subnets and - so on are all covered either in this document or in those it refers - to. - - - 11..22.. AAllll SSaammbbaa DDooccuummeennttaattiioonn - - - - +o Meta-FAQ. This is the mother of all documents, and is the one you - are reading now. The latest version is always at - <http://samba.org/[.....]> but there is probably a much - nearer mirror site <../MIRRORS> which you should use instead. - - +o <Samba-Server-FAQ.html> is the best starting point for information - about server-side issues. Includes configuration tips and pointers - for Samba on particular operating systems (with 40 to choose - from...) - - +o <Samba-Client-FAQ.html> is the best starting point for information - about client-side issues, includes a list of all clients that are - known to work with Samba. - - +o manual pages <samba-man-index.html> contains descriptions of and - links to all the Samba manual pages, in Unix man and postscript - format. - - +o <samba-txt-index.html> has descriptions of and links to a large - number of text files have been contributed to samba covering many - topics. These are gradually being absorbed into the FAQs and HOWTOs - but in the meantime you might find helpful answers here. - - +o - - - 22.. GGeenneerraall IInnffoorrmmaattiioonn - - - All about Samba - what it is, how to get it, related sources of - information, how to understand the numbering scheme, pizza details. - - - 22..11.. WWhhaatt iiss SSaammbbaa?? - - - Samba is a suite of programs which work together to allow clients to - access to a server's filespace and printers via the SMB (Server - Message Block) and CIFS (Common Internet Filesystem) protocols. - Initially written for Unix, Samba now also runs on Netware, OS/2, VMS, - StratOS and Amigas. Ports to BeOS and other operating systems are - underway. Samba gives the capability for these operating systems to - behave much like a LAN Server, Windows NT Server or Pathworks machine, - only with added functionality and flexibility designed to make life - easier for administrators. - - This means that using Samba you can share a server's disks and - printers to many sorts of network clients, including Lan Manager, - Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is - also a generic client program supplied as part of the Samba suite - which gives a user on the server an ftp-like interface to access - filespace and printers on any other SMB/CIFS servers. - - SMB has been implemented over many protocols, including XNS, NBT, IPX, - NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to - change although there have been some requests for NetBEUI support. - - Many users report that compared to other SMB implementations Samba is - more stable, faster, and compatible with more clients. Administrators - of some large installations say that Samba is the only SMB server - available which will scale to many tens of thousands of users without - crashing. The easy way to test these claims is to download it and try - it for yourself! - - The suite is supplied with full source code under the GNU Public - License <../COPYING>. The GPL means that you can use Samba for - whatever purpose you wish (including changing the source or selling it - for money) but under all circumstances the source code must be made - freely available. A copy of the GPL must always be included in any - copy of the package. - - The primary creator of the Samba suite is Andrew Tridgell. Later - versions incorporate much effort by many net.helpers. The man pages - and this FAQ were originally written by Karl Auer. - - - 22..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa?? - - - At time of writing, the current version was 1.9.17. If you want to be - sure check the bottom of the change-log file. - <ftp://samba.org/pub/samba/alpha/change-log> - For more information see ``What do the version numbers mean?'' - - - 22..33.. WWhheerree ccaann II ggeett iitt?? - - - The Samba suite is available via anonymous ftp from samba.org - and many mirror <../MIRRORS> sites. You will get much faster - performance if you use a mirror site. The latest and greatest versions - of the suite are in the directory: - - /pub/samba/ - - Development (read "alpha") versions, which are NOT necessarily stable - and which do NOT necessarily have accurate documentation, are - available in the directory: - - /pub/samba/alpha - - Note that binaries are NOT included in any of the above. Samba is - distributed ONLY in source form, though binaries may be available from - other sites. Most Linux distributions, for example, do contain Samba - binaries for that platform. The VMS, OS/2, Netware and Amiga and other - ports typically have binaries made available. - - A special case is vendor-provided binary packages. Samba binaries and - default configuration files are put into packages for a specific - operating system. RedHat Linux and Sun Solaris (Sparc and x86) is - already included, and others such as OS/2 may follow. All packages are - in the directory: - - /pub/samba/Binary_Packages/"OS_Vendor" - - - 22..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann?? - - - It is not recommended that you run a version of Samba with the word - "alpha" in its name unless you know what you are doing and are willing - to do some debugging. Many, many people just get the latest - recommended stable release version and are happy. If you are brave, by - all means take the plunge and help with the testing and development - - but don't install it on your departmental server. Samba is typically - very stable and safe, and this is mostly due to the policy of many - public releases. - - How the scheme works: - - - 1. When major changes are made the version number is increased. For - example, the transition from 1.9.16 to 1.9.17. However, this - version number will not appear immediately and people should - continue to use 1.9.15 for production systems (see next point.) - - 2. Just after major changes are made the software is considered - unstable, and a series of alpha releases are distributed, for - example 1.9.16alpha1. These are for testing by those who know what - they are doing. The "alpha" in the filename will hopefully scare - off those who are just looking for the latest version to install. - - 3. When Andrew thinks that the alphas have stabilised to the point - where he would recommend new users install it, he renames it to the - same version number without the alpha, for example 1.9.17. - - 4. Inevitably bugs are found in the "stable" releases and minor patch - levels are released which give us the pXX series, for example - 1.9.17p2. - - So the progression goes: - - - 1.9.16p10 (production) - 1.9.16p11 (production) - 1.9.17alpha1 (test sites only) - : - 1.9.17alpha20 (test sites only) - 1.9.17 (production) - 1.9.17p1 (production) - - - - The above system means that whenever someone looks at the samba ftp - site they will be able to grab the highest numbered release without an - alpha in the name and be sure of getting the current recommended - version. - - - 22..55.. WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn?? - - - There are a number of places to look for more information on Samba, - including: - - - +o Two mailing lists devoted to discussion of Samba-related matters. - See below for subscription information. - - +o The newsgroup comp.protocols.smb, which has a great deal of - discussion about Samba. - - +o The WWW site 'SAMBA Web Pages' at <http://samba.org/samba/> - includes: - - - +o Links to man pages and documentation, including this FAQ - - +o A comprehensive survey of Samba users - - +o A searchable hypertext archive of the Samba mailing list - - +o Links to Samba source code, binaries, and mirrors of both - - +o This FAQ and the rest in its family - - - - 22..66.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss?? - - - Send email to listproc@samba.org. Make sure the subject line is - blank, and include the following two lines in the body of the message: - - - - subscribe samba Firstname Lastname - subscribe samba-announce Firstname Lastname - - - - - Obviously you should substitute YOUR first name for "Firstname" and - YOUR last name for "Lastname"! Try not to send any signature, it - sometimes confuses the list processor. - - The samba list is a digest list - every eight hours or so it sends a - single message containing all the messages that have been received by - the list since the last time and sends a copy of this message to all - subscribers. There are thousands of people on this list. - - If you stop being interested in Samba, please send another email to - listproc@samba.org. Make sure the subject line is blank, and - include the following two lines in the body of the message: - - - - unsubscribe samba - unsubscribe samba-announce - - - - - The FFrroomm:: line in your message _M_U_S_T be the same address you used when - you subscribed. - - - 22..77.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo?? - - - ## ****** IIMMPPOORRTTAANNTT!! ****** ## - - - DO NOT post messages on mailing lists or in newsgroups until you have - carried out the first three steps given here! - - - 1. See if there are any likely looking entries in this FAQ! If you - have just installed Samba, have you run through the checklist in - DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It - can save you a lot of time and effort. DIAGNOSIS.txt can also be - found in the docs directory of the Samba distribution. - - 2. Read the man pages for smbd, nmbd and smb.conf, looking for topics - that relate to what you are trying to do. - - 3. If there is no obvious solution to hand, try to get a look at the - log files for smbd and/or nmbd for the period during which you were - having problems. You may need to reconfigure the servers to provide - more extensive debugging information - usually level 2 or level 3 - provide ample debugging info. Inspect these logs closely, looking - particularly for the string "Error:". - - 4. If you need urgent help and are willing to pay for it see ``Paid - Support''. - - If you still haven't got anywhere, ask the mailing list or newsgroup. - In general nobody minds answering questions provided you have followed - the preceding steps. It might be a good idea to scan the archives of - the mailing list, which are available through the Samba web site - described in the previous section. When you post be sure to include a - good description of your environment and your problem. - - If you successfully solve a problem, please mail the FAQ maintainer a - succinct description of the symptom, the problem and the solution, so - that an explanation can be incorporated into the next version. - - - - - 22..88.. HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss?? - - - If you make changes to the source code, _p_l_e_a_s_e submit these patches so - that everyone else gets the benefit of your work. This is one of the - most important aspects to the maintainence of Samba. Send all patches - to samba@samba.org. Do not send patches to Andrew Tridgell - or any other individual, they may be lost if you do. - - Patch format ------------ - - If you are sending a patch to fix a problem then please don't just use - standard diff format. As an example, samba@samba.org received this patch - from someone: - - 382a #endif 381a #if !defined(NEWS61) - - How are we supposed to work out what this does and where it goes? - These sort of patches only work if we both have identical files in the - first place. The Samba sources are constantly changing at the hands of - multiple developers, so it doesn't work. - - Please use either context diffs or (even better) unified diffs. You - get these using "diff -c4" or "diff -u". If you don't have a diff that - can generate these then please send manualy commented patches to I - know what is being changed and where. Most patches are applied by hand - so the info must be clear. - - This is a basic guideline that will assist us with assessing your - problem more efficiently : - - Machine Arch: Machine OS: OS Version: Kernel: - - Compiler: Libc Version: - - Samba Version: - - Network Layout (description): - - What else is on machine (services, etc): - - Some extras : - - - +o what you did and what happened - - +o relevant parts of a debugging output file with debuglevel higher. - If you can't find the relevant parts, please ask before mailing - huge files. - - +o anything else you think is useful to trace down the bug - - - 22..99.. WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss?? - - - If you have spotted something very serious and believe that it is - important to contact the developers quickly send a message to samba- - urgent@samba.org. This will be processed more quickly than mail - to samba@samba.org. Please think carefully before using this address. An - example of its use might be to report a security hole. - - Examples of things _n_o_t to send to samba-urgent include problems - getting Samba to work at all and bugs that cannot potentially cause - damage. - - 22..1100.. WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt?? - - - Samba has a large network of consultants who provide Samba support on - a commercial basis. The list is included in the package in - <../Support.txt>, and the latest version will always be on the main - samba ftp site. Any company in the world can request that the samba - team include their details in Support.txt so we can give no guarantee - of their services. - - - 22..1111.. PPiizzzzaa ssuuppppllyy ddeettaaiillss - - - Those who have registered in the Samba survey as "Pizza Factory" will - already know this, but the rest may need some help. Andrew doesn't ask - for payment, but he does appreciate it when people give him pizza. - This calls for a little organisation when the pizza donor is twenty - thousand kilometres away, but it has been done. - - - 1. Ring up your local branch of an international pizza chain and see - if they honour their vouchers internationally. Pizza Hut do, which - is how the entire Canberra Linux Users Group got to eat pizza one - night, courtesy of someone in the US. - - 2. Ring up a local pizza shop in Canberra and quote a credit card - number for a certain amount, and tell them that Andrew will be - collecting it (don't forget to tell him.) One kind soul from - Germany did this. - - 3. Purchase a pizza voucher from your local pizza shop that has no - international affiliations and send it to Andrew. It is completely - useless but he can hang it on the wall next to the one he already - has from Germany :-) - - 4. Air freight him a pizza with your favourite regional flavours. It - will probably get stuck in customs or torn apart by hungry sniffer - dogs but it will have been a noble gesture. - - - 33.. AAbboouutt tthhee CCIIFFSS aanndd SSMMBB PPrroottooccoollss - - - - 33..11.. WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll?? - - SMB is a filesharing protocol that has had several maintainers and - contributors over the years including Xerox, 3Com and most recently - Microsoft. Names for this protocol include LAN Manager and Microsoft - Networking. Parts of the specification has been made public at several - versions including in an X/Open document, as listed at - <ftp://ftp.microsoft.com/developr/drg/CIFS/>. No specification - releases were made between 1992 and 1996, and during that period - Microsoft became the SMB implementor with the largest market share. - Microsoft developed the specification further for its products but for - various reasons connected with developer's workload rather than market - strategy did not make the changes public. This culminated with the - "Windows NT 0.12" version released with NT 3.5 in 1995 which had - significant improvements and bugs. Because Microsoft client systems - are so popular, it is fair to say that what Microsoft with Windows - affects all suppliers of SMB server products. - - From 1994 Andrew Tridgell began doing some serious work on his - Smbserver (now Samba) product and with some helpers started to - implement more and more of these protocols. Samba began to take a - significant share of the SMB server market. - - - 33..22.. WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))?? - - The initial pressure for Microsoft to document their current SMB - implementation came from the Samba team, who kept coming across things - on the wire that Microsoft either didn't know about or hadn't - documented anywhere (even in the sourcecode to Windows NT.) Then Sun - Microsystems came out with their WebNFS initiative, designed to - replace FTP for file transfers on the Internet. There are many - drawbacks to WebNFS (including its scope - it aims to replace HTTP as - well!) but the concept was attractive. FTP is not very clever, and why - should it be harder to get files from across the world than across the - room? - - Some hasty revisions were made and an Internet Draft for the Common - Internet Filesystem (CIFS) was released. Note that CIFS is not an - Internet standard and is a very long way from becoming one, BUT the - protocol specification is in the public domain and ongoing discussions - concerning the spec take place on a public mailing list according to - the rules of the Internet Engineering Task Force. For more information - and pointers see <http://samba.org/cifs/> - - The following is taken from <http://www.microsoft.com/intdev/cifs/> - - - CIFS defines a standard remote file system access protocol for use - over the Internet, enabling groups of users to work together and - share documents across the Internet or within their corporate - intranets. CIFS is an open, cross-platform technology based on the - native file-sharing protocols built into Microsoft Windows and - other popular PC operating systems, and supported on dozens of - other platforms, including UNIX. With CIFS, millions of computer - users can open and share remote files on the Internet without having - to install new software or change the way they work." - - - - If you consider CIFS as a backwardsly-compatible refinement of SMB - that will work reasonably efficiently over the Internet you won't be - too far wrong. - - The net effect is that Microsoft is now documenting large parts of - their Windows NT fileserver protocols. The security concepts embodied - in Windows NT are part of the specification, which is why Samba - documentation often talks in terms of Windows NT. However there is no - reason why a site shouldn't conduct all its file and printer sharing - with CIFS and yet have no Microsoft products at all. - - - 33..33.. WWhhaatt iiss BBrroowwssiinngg?? - - The term "Browsing" causes a lot of confusion. It is the part of the - SMB/CIFS protocol which allows for resource discovery. For example, in - the Windows NT Explorer it is possible to see a "Network - Neighbourhood" of computers in the same SMB workgroup. Clicking on the - name of one of these machines brings up a list of file and printer - resources for connecting to. In this way you can cruise the network, - seeing what things are available. How this scales to the Internet is a - subject for debate. Look at the CIFS list archives to see what the - experts think. - - - - - 44.. DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk - - - The big issues for installing any network of LAN or WAN file and print - servers are - - - +o How and where usernames, passwords and other security information - is stored - - +o What method can be used for locating the resources that users have - permission to use - - +o What protocols the clients can converse with - - - If you buy Netware, Windows NT or just about any other LAN fileserver - product you are expected to lock yourself into the product's preferred - answers to these questions. This tendancy is restrictive and often - very expensive for a site where there is only one kind of client or - server, and for sites with a mixture of operating systems it often - makes it impossible to share resources between some sets of users. - - The Samba philosophy is to make things as easy as possible for - administators, which means allowing as many combinations of clients, - servers, operating systems and protocols as possible. - - - 44..11.. WWoorrkkggrroouuppss,, DDoommaaiinnss,, AAuutthheennttiiccaattiioonn aanndd BBrroowwssiinngg - - - From the point of view of networking implementation, Domains and - Workgroups are _e_x_a_c_t_l_y the same, except for the client logon sequence. - Some kind of distributed authentication database is associated with a - domain (there are quite a few choices) and this adds so much - flexibility that many people think of a domain as a completely - different entity to a workgroup. From Samba's point of view a client - connecting to a service presents an authentication token, and it if it - is valid they have access. Samba does not care what mechanism was used - to generate that token in the first place. - - The SMB client logging on to a domain has an expectation that every - other server in the domain should accept the same authentication - information. However the network browsing functionality of domains - and workgroups is identical and is explained in <../BROWSING.txt>. - - There are some implementation differences: Windows 95 can be a member - of both a workgroup and a domain, but Windows NT cannot. Windows 95 - also has the concept of an "alternative workgroup". Samba can only be - a member of a single workgroup or domain, although this is due to - change with a future version when nmbd will be split into two daemons, - one for WINS and the other for browsing ( <../NetBIOS.txt> explains - what WINS is.) - - - 44..11..11.. DDeeffiinniinngg tthhee TTeerrmmss - - - - - WWoorrkkggrroouupp - means a collection of machines that maintain a common browsing - database containing information about their shared resources. - They do not necessarily have any security information in common - (if they do, it gets called a Domain.) The browsing database is - dynamic, modified as servers come and go on the network and as - resources are added or deleted. The term "browsing" refers to a - user accessing the database via whatever interface the client - provides, eg the OS/2 Workplace Shell or Windows 95 Explorer. - SMB servers agree between themselves as to which ones will - maintain the browsing database. Workgroups can be anywhere on a - connected TCP/IP network, including on different subnets or even - on the Interet. This is a very tricky part of SMB to implement. - - - MMaasstteerr BBrroowwsseerrss - are machines which holds the master browsing database for a - workgroup or domain. There are two kinds of Master Browser: - - - +o Domain Master Browser, which holds the master browsing - information for an entire domain, which may well cross multiple - TCP/IP subnets. - - +o Local Master Browser, which holds the master browsing database - for a particular subnet and communicates with the Domain Master - Browser to get information on other subnets. - - Subnets are differentiated because browsing is based on - broadcasts, and broadcasts do not pass through routers. Subnets - are not routed: while it is possible to have more than one - subnet on a single network segment this is regarded as very bad - practice. - - Master Browsers (both Domain and Local) are elected dynamically - according to an algorithm which is supposed to take into account - the machine's ability to sustain the browsing load. Samba can be - configured to always act as a master browser, ie it always wins - elections under all circumstances, even against systems such as - a Windows NT Primary Domain Controller which themselves expect - to win. - - There are also Backup Browsers which are promoted to Master - Browsers in the event of a Master Browser disappearing from the - network. - - Alternative terms include confusing variations such as "Browse - Master", and "Master Browser" which we are trying to eliminate - from the Samba documentation. - - - DDoommaaiinn CCoonnttrroolllleerr - is a term which comes from the Microsoft and IBM etc - implementation of the LAN Manager protocols. It is tied to - authentication. There are other ways of doing domain - authentication, but the Windows NT method has a large market - share. The general issues are discussed in <../DOMAIN.txt> and - a Windows NT-specific discussion is in <../DOMAIN_CONTROL.txt>. - - - - 44..11..22.. SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess - - - With the Samba setting "security = SHARE", all shared resources - information about what password is associated with them but only hints - as to what usernames might be valid (the hint can be 'all users', in - which case any username will work. This is usually a bad idea, but - reflects both the initial implementations of SMB in the mid-80s and - its reincarnation with Windows for Workgroups in 1992. The idea behind - workgroup security was that small independant groups of people could - share information on an ad-hoc basis without there being an - authentication infrastructure present or requiring them to do more - than fill in a dialogue box. - - - 44..11..33.. AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess - - - With the Samba settings "security = USER" or "security = SERVER" - accesses to all resources are checked for username/password pair - matches in a more rigorous manner. To the client, this has the effect - of emulating a Microsoft Domain. The client is not concerned whether - or not Samba looks up a Windows NT SAM or does it in some other way. - - - 44..22.. AAuutthheennttiiccaattiioonn SScchheemmeess - - - In the simple case authentication information is stored on a single - server and the user types a password on connecting for the first time. - However client operating systems often require a password before they - can be used at all, and in addition users usually want access to more - than one server. Asking users to remember many different passwords in - different contexts just does not work. Some kind of distributed - authentication database is needed. It must cope with password changes - and provide for assigning groups of users the same level of access - permissions. This is why Samba installations often choose to implement - a Domain model straight away. - - Authentication decisions are some of the biggest in designing a - network. Are you going to use a scheme native to the client operating - system, native to the server operating system, or newly installed on - both? A list of options relevant to Samba (ie that make sense in the - context of the SMB protocol) follows. Any experiences with other - setups would be appreciated. refer to server FAQ for "passwd chat" - passwd program password server etc etc... - - - 44..22..11.. NNIISS - - - For Windows 95, Windows for Workgroups and most other clients Samba - can be a domain controller and share the password database via NIS - transparently. Windows NT is different. Free NIS NT client - <http://www.dcs.qmw.ac.uk/~williams> - - - 44..22..22.. KKeerrbbeerrooss - - - Kerberos for US users only: Kerberos overview - <http://www.cygnus.com/product/unifying-security.html> Download - Kerberos <http://www.cygnus.com/product/kerbnet-download.html> - - - 44..22..33.. FFTTPP - - - Other NT w/s logon hack via NT - - - 44..22..44.. DDeeffaauulltt SSeerrvveerr MMeetthhoodd - - - - - - 44..22..55.. CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy - - - - 44..33.. PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess - - - See <../DOMAIN.txt> - - - 55.. CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg - - - Samba is an important tool for... - - It is possible to... - - File protocol gateways... - - "Setting up a Linux File Server" - http://vetrec.mit.edu/people/narf/linux.html - - Two free implementations of Appletalk for Unix are Netatalk, - <http://www.umich.edu/~rsug/netatalk/>, and CAP, - <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS - Windows users, these packages offer to Macs. For more info on these - packages, Samba, and Linux (and other UNIX-based systems) see - <http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework - - - - 66.. MMiisscceellllaanneeoouuss - - - 66..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt?? - - - The CIFS protocol that Samba implements negotiates times in various - formats, all of which are able to cope with dates beyond 2000. - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/sambafaq-1.html b/docs/faq/sambafaq-1.html deleted file mode 100644 index dde0784099..0000000000 --- a/docs/faq/sambafaq-1.html +++ /dev/null @@ -1,392 +0,0 @@ -<HTML> -<HEAD> -<TITLE> Samba FAQ: General Information - - -Previous -Next -Table of Contents -
-

1. General Information

- -

- -

-

All about Samba - what it is, how to get it, related sources of -information, how to understand the version numbering scheme, pizza -details

- -

1.1 What is Samba?

- -

- - -Samba is a suite of programs which work together to allow clients to -access to a server's filespace and printers via the SMB (Server -Message Block) protocol. Initially written for Unix, Samba now also -runs on Netware, OS/2 and VMS.

-

In practice, this means that you can redirect disks and printers to -Unix disks and printers from Lan Manager clients, Windows for -Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 -clients. There is also a generic Unix client program supplied as part -of the suite which allows Unix users to use an ftp-like interface to -access filespace and printers on any other SMB servers. This gives the -capability for these operating systems to behave much like a LAN -Server or Windows NT Server machine, only with added functionality and -flexibility designed to make life easier for administrators.

-

The components of the suite are (in summary):

-

-

    -
  • smbd, the SMB server. This handles actual connections from clients, doing all the file, permission and username work
    • -
  • nmbd, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba
    • -
  • smbclient, the Unix-hosted client program
    • -
  • smbrun, a little 'glue' program to help the server run external programs
    • -
  • testprns, a program to test server access to printers
    • -
  • testparms, a program to test the Samba configuration file for correctness
    • -
  • smb.conf, the Samba configuration file
    • -
  • smbprint, a sample script to allow a Unix host to use smbclient to print to an SMB server
    • -
  • Documentation! DON'T neglect to read it - you will save a great deal of time!
    • -
-

-

The suite is supplied with full source (of course!) and is GPLed.

-

The primary creator of the Samba suite is Andrew Tridgell. Later -versions incorporate much effort by many net.helpers. The man pages -and this FAQ were originally written by Karl Auer.

- - -

1.2 What is the current version of Samba?

- -

- - -At time of writing, the current version was 1.9.17. If you want to be -sure check the bottom of the change-log file. -ftp://samba.org/pub/samba/alpha/change-log

-

For more information see -What do the version numbers mean?

- - -

1.3 Where can I get it?

- -

- - -The Samba suite is available via anonymous ftp from -samba.org. The latest and greatest versions of the suite are in -the directory:

-

/pub/samba/

-

Development (read "alpha") versions, which are NOT necessarily stable -and which do NOT necessarily have accurate documentation, are -available in the directory:

-

/pub/samba/alpha

-

Note that binaries are NOT included in any of the above. Samba is -distributed ONLY in source form, though binaries may be available from -other sites. Recent versions of some Linux distributions, for example, -do contain Samba binaries for that platform.

- - -

1.4 What do the version numbers mean?

- -

- - -It is not recommended that you run a version of Samba with the word -"alpha" in its name unless you know what you are doing and are willing -to do some debugging. Many, many people just get the latest -recommended stable release version and are happy. If you are brave, by -all means take the plunge and help with the testing and development - -but don't install it on your departmental server. Samba is typically -very stable and safe, and this is mostly due to the policy of many -public releases.

-

How the scheme works: -

    -
  1. When major changes are made the version number is increased. For -example, the transition from 1.9.15 to 1.9.16. However, this version -number will not appear immediately and people should continue to use -1.9.15 for production systems (see next point.) -
    2. -
  2. Just after major changes are made the software is considered -unstable, and a series of alpha releases are distributed, for example -1.9.16alpha1. These are for testing by those who know what they are -doing. The "alpha" in the filename will hopefully scare off those who -are just looking for the latest version to install. -
    3. -
  3. When Andrew thinks that the alphas have stabilised to the point -where he would recommend new users install it, he renames it to the -same version number without the alpha, for example 1.9.16. -
    4. -
  4. Inevitably bugs are found in the "stable" releases and minor patch -levels are released which give us the pXX series, for example 1.9.16p2.
    5. -
- -So the progression goes: -
-                1.9.15p7        (production)
-                1.9.15p8        (production)
-                1.9.16alpha1    (test sites only)
-                  :
-                1.9.16alpha20   (test sites only)
-                1.9.16          (production)
-                1.9.16p1        (production)
-
- -The above system means that whenever someone looks at the samba ftp -site they will be able to grab the highest numbered release without an -alpha in the name and be sure of getting the current recommended -version.

- - -

1.5 What platforms are supported?

- -

- - -Many different platforms have run Samba successfully. The platforms -most widely used and thus best tested are Linux and SunOS.

-

At time of writing, the Makefile claimed support for: -

    -
  • A/UX 3.0
    • -
  • AIX
    • -
  • Altos Series 386/1000
    • -
  • Amiga
    • -
  • Apollo Domain/OS sr10.3
    • -
  • BSDI
    • -
  • B.O.S. (Bull Operating System)
    • -
  • Cray, Unicos 8.0
    • -
  • Convex
    • -
  • DGUX.
    • -
  • DNIX.
    • -
  • FreeBSD
    • -
  • HP-UX
    • -
  • Intergraph.
    • -
  • Linux with/without shadow passwords and quota
    • -
  • LYNX 2.3.0
    • -
  • MachTen (a unix like system for Macintoshes)
    • -
  • Motorola 88xxx/9xx range of machines
    • -
  • NetBSD
    • -
  • NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
    • -
  • OS/2 using EMX 0.9b
    • -
  • OSF1
    • -
  • QNX 4.22
    • -
  • RiscIX.
    • -
  • RISCOs 5.0B
    • -
  • SEQUENT.
    • -
  • SCO (including: 3.2v2, European dist., OpenServer 5)
    • -
  • SGI.
    • -
  • SMP_DC.OSx v1.1-94c079 on Pyramid S series
    • -
  • SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
    • -
  • SUNOS 4
    • -
  • SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
    • -
  • Sunsoft ISC SVR3V4
    • -
  • SVR4
    • -
  • System V with some berkely extensions (Motorola 88k R32V3.2).
    • -
  • ULTRIX.
    • -
  • UNIXWARE
    • -
  • UXP/DS
    • -
-

- - -

1.6 How can I find out more about Samba?

- -

- - -There are a number of places to look for more information on Samba, including: -

-

- - -

1.7 How do I subscribe to the Samba Mailing Lists?

- -

- - -Send email to -listproc@samba.org. Make sure the subject line is -blank, and include the following two lines in the body of the message: -

-
-subscribe samba Firstname Lastname
-subscribe samba-announce Firstname Lastname
-
-
- -Obviously you should substitute YOUR first name for "Firstname" and -YOUR last name for "Lastname"! Try not to send any signature stuff, it -sometimes confuses the list processor.

-

The samba list is a digest list - every eight hours or so it -regurgitates a single message containing all the messages that have -been received by the list since the last time and sends a copy of this -message to all subscribers.

-

If you stop being interested in Samba, please send another email to -listproc@samba.org. Make sure the subject line is blank, and -include the following two lines in the body of the message: -

-
-unsubscribe samba
-unsubscribe samba-announce
-
-
- -The From: line in your message MUST be the same address you used when -you subscribed.

- - -

1.8 Something's gone wrong - what should I do?

- -

- - -# *** IMPORTANT! *** #

-

DO NOT post messages on mailing lists or in newsgroups until you have -carried out the first three steps given here!

-

Firstly, see if there are any likely looking entries in this FAQ! If -you have just installed Samba, have you run through the checklist in -DIAGNOSIS.txt? It can save you a lot of time and effort. -DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution.

-

Secondly, read the man pages for smbd, nmbd and smb.conf, looking for -topics that relate to what you are trying to do.

-

Thirdly, if there is no obvious solution to hand, try to get a look at -the log files for smbd and/or nmbd for the period during which you -were having problems. You may need to reconfigure the servers to -provide more extensive debugging information - usually level 2 or -level 3 provide ample debugging info. Inspect these logs closely, -looking particularly for the string "Error:".

-

Fourthly, if you still haven't got anywhere, ask the mailing list or -newsgroup. In general nobody minds answering questions provided you -have followed the preceding steps. It might be a good idea to scan the -archives of the mailing list, which are available through the Samba -web site described in the previous -section.

-

If you successfully solve a problem, please mail the FAQ maintainer a -succinct description of the symptom, the problem and the solution, so -I can incorporate it in the next version.

-

If you make changes to the source code, _please_ submit these patches -so that everyone else gets the benefit of your work. This is one of -the most important aspects to the maintainence of Samba. Send all -patches to -samba@samba.org. Do not send patches to Andrew Tridgell or any -other individual, they may be lost if you do.

- - -

1.9 Pizza supply details

- -

- - -Those who have registered in the Samba survey as "Pizza Factory" will -already know this, but the rest may need some help. Andrew doesn't ask -for payment, but he does appreciate it when people give him -pizza. This calls for a little organisation when the pizza donor is -twenty thousand kilometres away, but it has been done.

-

Method 1: Ring up your local branch of an international pizza chain -and see if they honour their vouchers internationally. Pizza Hut do, -which is how the entire Canberra Linux Users Group got to eat pizza -one night, courtesy of someone in the US

-

Method 2: Ring up a local pizza shop in Canberra and quote a credit -card number for a certain amount, and tell them that Andrew will be -collecting it (don't forget to tell him.) One kind soul from Germany -did this.

-

Method 3: Purchase a pizza voucher from your local pizza shop that has -no international affiliations and send it to Andrew. It is completely -useless but he can hang it on the wall next to the one he already has -from Germany :-)

-

Method 4: Air freight him a pizza with your favourite regional -flavours. It will probably get stuck in customs or torn apart by -hungry sniffer dogs but it will have been a noble gesture.

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/sambafaq-2.html b/docs/faq/sambafaq-2.html deleted file mode 100644 index 8978bc331c..0000000000 --- a/docs/faq/sambafaq-2.html +++ /dev/null @@ -1,236 +0,0 @@ - - - Samba FAQ: Compiling and installing Samba on a Unix host - - -Previous -Next -Table of Contents -
-

2. Compiling and installing Samba on a Unix host

- -

- -

- -

2.1 I can't see the Samba server in any browse lists!

- -

- - -See BROWSING.txt for more information on browsing. BROWSING.txt can -be found in the docs directory of the Samba source.

If your GUI -client does not permit you to select non-browsable servers, you may -need to do so on the command line. For example, under Lan Manager you -might connect to the above service as disk drive M: thusly: -

-
-   net use M: \\mary\fred
-
-
- -The details of how to do this and the specific syntax varies from -client to client - check your client's documentation.

- - -

2.2 Some files that I KNOW are on the server doesn't show up when I view the files from my client!

- -

- - -See the next question.

- -

2.3 Some files on the server show up with really wierd filenames when I view the files from my client!

- -

- - -If you check what files are not showing up, you will note that they -are files which contain upper case letters or which are otherwise not -DOS-compatible (ie, they are not legal DOS filenames for some reason).

-

The Samba server can be configured either to ignore such files -completely, or to present them to the client in "mangled" form. If you -are not seeing the files at all, the Samba server has most likely been -configured to ignore them. Consult the man page smb.conf(5) for -details of how to change this - the parameter you need to set is -"mangled names = yes".

- - -

2.4 My client reports "cannot locate specified computer" or similar

- -

- - -This indicates one of three things: You supplied an incorrect server -name, the underlying TCP/IP layer is not working correctly, or the -name you specified cannot be resolved.

-

After carefully checking that the name you typed is the name you -should have typed, try doing things like pinging a host or telnetting -to somewhere on your network to see if TCP/IP is functioning OK. If it -is, the problem is most likely name resolution.

-

If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Man Manager -or Windows for Workgroups you would put a suitable entry in the file -LMHOSTS. If this works, the problem is in the communication between -your client and the netbios name server. If it does not work, then -there is something fundamental wrong with your naming and the solution -is beyond the scope of this document.

-

If you do not have any server on your subnet supplying netbios name -resolution, hardcoded mappings are your only option. If you DO have a -netbios name server running (such as the Samba suite's nmbd program), -the problem probably lies in the way it is set up. Refer to Section -Two of this FAQ for more ideas.

-

By the way, remember to REMOVE the hardcoded mapping before further -tests :-)

- - -

2.5 My client reports "cannot locate specified share name" or similar

- -

- - -This message indicates that your client CAN locate the specified -server, which is a good start, but that it cannot find a service of -the name you gave.

-

The first step is to check the exact name of the service you are -trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's doco on how -to specify a service name correctly), read on:

-

-

    -
  • Many clients cannot accept or use service names longer than eight characters.
    • -
  • Many clients cannot accept or use service names containing spaces.
    • -
  • Some servers (not Samba though) are case sensitive with service names.
    • -
  • Some clients force service names into upper case.
    • -
-

- - -

2.6 My client reports "cannot find domain controller", "cannot log on to the network" or similar

- -

- - -Nothing is wrong - Samba does not implement the primary domain name -controller stuff for several reasons, including the fact that the -whole concept of a primary domain controller and "logging in to a -network" doesn't fit well with clients possibly running on multiuser -machines (such as users of smbclient under Unix). Having said that, -several developers are working hard on building it in to the next -major version of Samba. If you can contribute, send a message to -samba@samba.org !

-

Seeing this message should not affect your ability to mount redirected -disks and printers, which is really what all this is about.

-

For many clients (including Windows for Workgroups and Lan Manager), -setting the domain to STANDALONE at least gets rid of the message.

- - -

2.7 Printing doesn't work :-(

- -

- - -Make sure that the specified print command for the service you are -connecting to is correct and that it has a fully-qualified path (eg., -use "/usr/bin/lpr" rather than just "lpr").

-

Make sure that the spool directory specified for the service is -writable by the user connected to the service. In particular the user -"nobody" often has problems with printing, even if it worked with an -earlier version of Samba. Try creating another guest user other than -"nobody".

-

Make sure that the user specified in the service is permitted to use -the printer.

-

Check the debug log produced by smbd. Search for the printer name and -see if the log turns up any clues. Note that error messages to do with -a service ipc$ are meaningless - they relate to the way the client -attempts to retrieve status information when using the LANMAN1 -protocol.

-

If using WfWg then you need to set the default protocol to TCP/IP, not -Netbeui. This is a WfWg bug.

-

If using the Lanman1 protocol (the default) then try switching to -coreplus. Also not that print status error messages don't mean -printing won't work. The print status is received by a different -mechanism.

- - -

2.8 My programs install on the server OK, but refuse to work properly

- -

- - -There are numerous possible reasons for this, but one MAJOR -possibility is that your software uses locking. Make sure you are -using Samba 1.6.11 or later. It may also be possible to work around -the problem by setting "locking=no" in the Samba configuration file -for the service the software is installed on. This should be regarded -as a strictly temporary solution.

-

In earlier Samba versions there were some difficulties with the very -latest Microsoft products, particularly Excel 5 and Word for Windows -6. These should have all been solved. If not then please let Andrew -Tridgell know via email at -samba@samba.org.

- - -

2.9 My "server string" doesn't seem to be recognised

- -

- - -OR My client reports the default setting, eg. "Samba 1.9.15p4", instead -of what I have changed it to in the smb.conf file.

-

You need to use the -C option in nmbd. The "server string" affects -what smbd puts out and -C affects what nmbd puts out.

-

Current versions of Samba (1.9.16 +) have combined these options into -the "server string" field of smb.conf, -C for nmbd is now obsolete.

- - -

2.10 My client reports "This server is not configured to list shared resources"

- -

- - -Your guest account is probably invalid for some reason. Samba uses the -guest account for browsing in smbd. Check that your guest account is -valid.

-

See also 'guest account' in smb.conf man page.

- - -

2.11 Log message "you appear to have a trapdoor uid system"

- -

- - -This can have several causes. It might be because you are using a uid -or gid of 65535 or -1. This is a VERY bad idea, and is a big security -hole. Check carefully in your /etc/passwd file and make sure that no -user has uid 65535 or -1. Especially check the "nobody" user, as many -broken systems are shipped with nobody setup with a uid of 65535.

-

It might also mean that your OS has a trapdoor uid/gid system :-)

-

This means that once a process changes effective uid from root to -another user it can't go back to root. Unfortunately Samba relies on -being able to change effective uid from root to non-root and back -again to implement its security policy. If your OS has a trapdoor uid -system this won't work, and several things in Samba may break. Less -things will break if you use user or server level security instead of -the default share level security, but you may still strike -problems.

-

The problems don't give rise to any security holes, so don't panic, -but it does mean some of Samba's capabilities will be unavailable. -In particular you will not be able to connect to the Samba server as -two different uids at once. This may happen if you try to print as a -"guest" while accessing a share as a normal user. It may also affect -your ability to list the available shares as this is normally done as -the guest user.

-

Complain to your OS vendor and ask them to fix their system.

-

Note: the reason why 65535 is a VERY bad choice of uid and gid is that -it casts to -1 as a uid, and the setreuid() system call ignores (with -no error) uid changes to -1. This means any daemon attempting to run -as uid 65535 will actually run as root. This is not good!

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/sambafaq-3.html b/docs/faq/sambafaq-3.html deleted file mode 100644 index d7e0c7abd2..0000000000 --- a/docs/faq/sambafaq-3.html +++ /dev/null @@ -1,322 +0,0 @@ - - - Samba FAQ: Common client questions - - -Previous -Next -Table of Contents -
-

3. Common client questions

- -

- -

- -

3.1 Are there any Macintosh clients for Samba?

- -

- - -Yes! Thursby now have a CIFS Client / Server called DAVE - see -http://www.thursby.com/. -They test it against Windows 95, Windows NT and samba for compatibility issues. -At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available -as a free download from the Thursby web site (the speed of finder copies has -been greatly enhanced, and there are bug-fixes included).

-

Alternatives - There are two free implementations of AppleTalk for -several kinds of UNIX machnes, and several more commercial ones. -These products allow you to run file services and print services -natively to Macintosh users, with no additional support required on -the Macintosh. The two free omplementations are Netatalk, -http://www.umich.edu/~rsug/netatalk/, and CAP, -http://www.cs.mu.oz.au/appletalk/atalk.html. What Samba offers -MS Windows users, these packages offer to Macs. For more info on -these packages, Samba, and Linux (and other UNIX-based systems) -see -http://www.eats.com/linux_mac_win.html

- - -

3.2 "Session request failed (131,130)" error

- -

- - -The following answer is provided by John E. Miller:

-

I'll assume that you're able to ping back and forth between the -machines by IP address and name, and that you're using some security -model where you're confident that you've got user IDs and passwords -right. The logging options (-d3 or greater) can help a lot with that. -DNS and WINS configuration can also impact connectivity as well.

-

Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network -configuration (I'm too much of an NT bigot to know where it's located -in the Win95 setup, but I'll have to learn someday since I teach for a -Microsoft Solution Provider Authorized Tech Education Center - what an -acronym...) Note: It's under Control Panel | Network | TCP/IP | WINS -Configuration there's a little text entry field called something like -'Scope ID'.

-

This field essentially creates 'invisible' sub-workgroups on the same -wire. Boxes can only see other boxes whose Scope IDs are set to the -exact same value - it's sometimes used by OEMs to configure their -boxes to browse only other boxes from the same vendor and, in most -environments, this field should be left blank. If you, in fact, have -something in this box that EXACT value (case-sensitive!) needs to be -provided to smbclient and nmbd as the -i (lowercase) parameter. So, if -your Scope ID is configured as the string 'SomeStr' in Win95 then -you'd have to use smbclient -iSomeStr otherparms in connecting to -it.

- - -

3.3 How do I synchronise my PC's clock with my Samba server?

- -

- - -To syncronize your PC's clock with your Samba server: -

    -
  • Copy timesync.pif to your windows directory
    • -
  • timesync.pif can be found at: -http://samba.org/samba/binaries/miscellaneous/timesync.pif
    • -
  • Add timesync.pif to your 'Start Up' group/folder
    • -
  • Open the properties dialog box for the program/icon
    • -
  • Make sure the 'Run Minimized' option is set in program 'Properties'
    • -
  • Change the command line section that reads \\sambahost to reflect the name of your server.
    • -
  • Close the properties dialog box by choosing 'OK'
    • -
- -Each time you start your computer (or login for Win95) your PC will -synchronize its clock with your Samba server.

-

Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba -- see: -BROWSING.txt *** for more information.

-

Then add -

-
-NET TIME \\%L /SET /YES
-
-
- -as one of the lines in the logon script.

- -

3.4 Problems with WinDD, NTrigue, WinCenterPro etc

- -

- -

-

All of the above programs are applications that sit on an NT box and -allow multiple users to access the NT GUI applications from remote -workstations (often over X).

-

What has this got to do with Samba? The problem comes when these users -use filemanager to mount shares from a Samba server. The most common -symptom is that the first user to connect get correct file permissions -and has a nice day, but subsequent connections get logged in as the -same user as the first person to login. They find that they cannot -access files in their own home directory, but that they can access -files in the first users home directory (maybe not such a nice day -after all?)

-

Why does this happen? The above products all share a common heritage -(and code base I believe). They all open just a single TCP based SMB -connection to the Samba server, and requests from all users are piped -over this connection. This is unfortunate, but not fatal.

-

It means that if you run your Samba server in share level security -(the default) then things will definately break as described -above. The share level SMB security model has no provision for -multiple user IDs on the one SMB connection. See -security_level.txt in -the docs for more info on share/user/server level security.

-

If you run in user or server level security then you have a chance, -but only if you have a recent version of Samba (at least 1.9.15p6). In -older versions bugs in Samba meant you still would have had problems.

-

If you have a trapdoor uid system in your OS then it will never work -properly. Samba needs to be able to switch uids on the connection and -it can't if your OS has a trapdoor uid system. You'll know this -because Samba will note it in your logs.

-

Also note that you should not use the magic "homes" share name with -products like these, as otherwise all users will end up with the same -home directory. Use \\server\username instead.

- - -

3.5 Problem with printers under NT

- -

- - -This info from Stefan Hergeth -hergeth@f7axp1.informatik.fh-muenchen.de may be useful:

-

A network-printer (with ethernetcard) is connected to the NT-Clients -via our UNIX-Fileserver (SAMBA-Server), like the configuration told by -Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) -

    -
  1. If a user has choosen this printer as the default printer in his -NT-Session and this printer is not connected to the network -(e.g. switched off) than this user has a problem with the SAMBA- -connection of his filesystems. It's very slow. -
    2. -
  2. If the printer is connected to the network everything works fine. -
    3. -
  3. When the smbd ist started with debug level 3, you can see that the -NT spooling system try to connect to the printer many times. If the -printer ist not connected to the network this request fails and the -NT spooler is wasting a lot of time to connect to the printer service. -This seems to be the reason for the slow network connection. -
    4. -
  4. Maybe it's possible to change this behaviour by setting different -printer properties in the Print-Manager-Menu of NT, but i didn't try it yet.
    5. -
-

- - -

3.6 Why are my file's timestamps off by an hour, or by a few hours?

- -

- - -This is from Paul Eggert eggert@twinsun.com.

-

Most likely it's a problem with your time zone settings.

-

Internally, Samba maintains time in traditional Unix format, -namely, the number of seconds since 1970-01-01 00:00:00 Universal Time -(or ``GMT''), not counting leap seconds.

-

On the server side, Samba uses the Unix TZ variable to convert -internal timestamps to and from local time. So on the server side, there are -two things to get right. -

    -
  1. The Unix system clock must have the correct Universal time. -Use the shell command "sh -c 'TZ=UTC0 date'" to check this. -
    2. -
  2. The TZ environment variable must be set on the server -before Samba is invoked. The details of this depend on the -server OS, but typically you must edit a file whose name is -/etc/TIMEZONE or /etc/default/init, or run the command `zic -l'. -
    3. -
  3. TZ must have the correct value. -
      -
    1. If possible, use geographical time zone settings -(e.g. TZ='America/Los_Angeles' or perhaps -TZ=':US/Pacific'). These are supported by most -popular Unix OSes, are easier to get right, and are -more accurate for historical timestamps. If your -operating system has out-of-date tables, you should be -able to update them from the public domain time zone -tables at -ftp://elsie.nci.nih.gov/pub/. -
      2. -
    2. If your system does not support geographical timezone -settings, you must use a Posix-style TZ strings, e.g. -TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. -Posix TZ strings can take the following form (with optional -items in brackets): -
      -        StdOffset[Dst[Offset],Date/Time,Date/Time]
-
      - -where: -
        -
      • `Std' is the standard time designation (e.g. `PST'). -
        • -
      • `Offset' is the number of hours behind UTC (e.g. `8'). -Prepend a `-' if you are ahead of UTC, and -append `:30' if you are at a half-hour offset. -Omit all the remaining items if you do not use -daylight-saving time. -
        • -
      • `Dst' is the daylight-saving time designation -(e.g. `PDT'). - -The optional second `Offset' is the number of -hours that daylight-saving time is behind UTC. -The default is 1 hour ahead of standard time. -
        • -
      • `Date/Time,Date/Time' specify when daylight-saving -time starts and ends. The format for a date is -`Mm.n.d', which specifies the dth day (0 is Sunday) -of the nth week of the mth month, where week 5 means -the last such day in the month. The format for a -time is hh:mm[:ss], using a 24-hour clock.
        • -
      - -Other Posix string formats are allowed but you don't want -to know about them.
      3. -
    -
    4. -
- -On the client side, you must make sure that your client's clock and -time zone is also set appropriately. [I don't know how to do this.] -Samba traditionally has had many problems dealing with time zones, due -to the bizarre ways that Microsoft network protocols handle time -zones. A common symptom is for file timestamps to be off by an hour. -To work around the problem, try disconnecting from your Samba server -and then reconnecting to it; or upgrade your Samba server to -1.9.16alpha10 or later.

- - -

3.7 How do I set the printer driver name correctly?

- -

- - -Question: -On NT, I opened "Printer Manager" and "Connect to Printer". -Enter "\\ptdi270\ps1" in the box of printer. I got the -following error message: -

-
-     You do not have sufficient access to your machine
-     to connect to the selected printer, since a driver
-     needs to be installed locally.
-
-
- -Answer:

-

In the more recent versions of Samba you can now set the "printer -driver" in smb.conf. This tells the client what driver to use. For -example: -

-
-     printer driver = HP LaserJet 4L
-
-
- -with this, NT knows to use the right driver. You have to get this string -exactly right.

-

To find the exact string to use, you need to get to the dialog box in -your client where you select which printer driver to install. The -correct strings for all the different printers are shown in a listbox -in that dialog box.

-

You could also try setting the driver to NULL like this: -

-
-     printer driver = NULL
-
-
- -this is effectively what older versions of Samba did, so if that -worked for you then give it a go. If this does work then let us know via -samba@samba.org, -and we'll make it the default. Currently the default is a 0 length -string.

- - -

3.8 I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?

- -

- - -As of SP3, Microsoft has decided that they will no longer default to -passing clear text passwords over the network. To enable access to -Samba shares from NT 4.0 SP3, you must do ONE of two things: -

    -
  1. Set the Samba configuration option 'security = user' and implement all of the stuff detailed in -ENCRYPTION.txt.
    2. -
  2. Follow Microsoft's directions for setting your NT box to allow plain text passwords. see -Knowledge Base Article Q166730
    3. -
-

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/sambafaq-4.html b/docs/faq/sambafaq-4.html deleted file mode 100644 index 94d5c41990..0000000000 --- a/docs/faq/sambafaq-4.html +++ /dev/null @@ -1,37 +0,0 @@ - - - Samba FAQ: Specific client application problems - - -Previous -Next -Table of Contents -
-

4. Specific client application problems

- -

- -

- -

4.1 MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"

- -

- - -When installing MS Office on a Samba drive for which you have admin -user permissions, ie. admin users = username, you will find the -setup program unable to complete the installation.

-

To get around this problem, do the installation without admin user -permissions The problem is that MS Office Setup checks that a file is -rdonly by trying to open it for writing.

-

Admin users can always open a file for writing, as they run as root. -You just have to install as a non-admin user and then use "chown -R" -to fix the owner.

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/sambafaq-5.html b/docs/faq/sambafaq-5.html deleted file mode 100644 index 0a6e9d08f0..0000000000 --- a/docs/faq/sambafaq-5.html +++ /dev/null @@ -1,30 +0,0 @@ - - - Samba FAQ: Miscellaneous - - -Previous -Next -Table of Contents -
-

5. Miscellaneous

- -

- -

-

5.1 Is Samba Year 2000 compliant?

- -

- - -The CIFS protocol that Samba implements -negotiates times in various formats, all of which -are able to cope with dates beyond 2000.

- - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/sambafaq.html b/docs/faq/sambafaq.html deleted file mode 100644 index 2c703885cd..0000000000 --- a/docs/faq/sambafaq.html +++ /dev/null @@ -1,115 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Samba FAQ - - -Previous -Next -Table of Contents -
-

Samba FAQ

- -

Paul Blackman, ictinus@samba.org

v 0.8, June '97 -

This is the Frequently Asked Questions (FAQ) document for -Samba, the free and very popular SMB server product. An SMB server -allows file and printer connections from clients such as Windows, -OS/2, Linux and others. Current to version 1.9.17. Please send any -corrections to the author.

-

-

1. General Information

- - -

-

2. Compiling and installing Samba on a Unix host

- - -

-

3. Common client questions

- - -

-

4. Specific client application problems

- - -

-

5. Miscellaneous

- - - -
-Previous -Next -Table of Contents - - diff --git a/docs/faq/sambafaq.sgml b/docs/faq/sambafaq.sgml deleted file mode 100644 index a80981a1e9..0000000000 --- a/docs/faq/sambafaq.sgml +++ /dev/null @@ -1,793 +0,0 @@ - - - -
- - Samba FAQ - -<author>Paul Blackman, <tt>ictinus@samba.org</tt> -<author>Jelmer Vernooij, <tt>jelmer@samba.org</tt> - -<date>v 1.0, August 2002 - -<abstract> This is the Frequently Asked Questions (FAQ) document for -Samba, the free and very popular SMB server product. An SMB server -allows file and printer connections from clients such as Windows, -OS/2, Linux and others. Current to version 3.0. Please send any -corrections to the author. -</abstract> - -<toc> - -<sect> General Information<p> <label id="general_info"> - -All about Samba - what it is, how to get it, related sources of -information, how to understand the version numbering scheme, pizza -details - -<sect1> What is Samba? <p> <label id="introduction"> -Samba is a suite of programs which work together to allow clients to -access to a server's filespace and printers via the SMB (Server -Message Block) protocol. Initially written for Unix, Samba now also -runs on Netware, OS/2 and VMS. - -In practice, this means that you can redirect disks and printers to -Unix disks and printers from Lan Manager clients, Windows for -Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 -clients. There is also a generic Unix client program supplied as part -of the suite which allows Unix users to use an ftp-like interface to -access filespace and printers on any other SMB servers. This gives the -capability for these operating systems to behave much like a LAN -Server or Windows NT Server machine, only with added functionality and -flexibility designed to make life easier for administrators. - -The components of the suite are (in summary): - -<itemize> -<item><bf>smbd</bf>, the SMB server. This handles actual connections from clients, doing all the file, permission and username work -<item><bf>nmbd</bf>, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba -<item><bf>smbclient</bf>, the Unix-hosted client program -<item><bf>smbrun</bf>, a little 'glue' program to help the server run external programs -<item><bf>testprns</bf>, a program to test server access to printers -<item><bf>testparms</bf>, a program to test the Samba configuration file for correctness -<item><bf>smb.conf</bf>, the Samba configuration file -<item><bf>smbprint</bf>, a sample script to allow a Unix host to use smbclient to print to an SMB server -<item><bf>Documentation!</bf> DON'T neglect to read it - you will save a great deal of time! -</itemize> - -The suite is supplied with full source (of course!) and is GPLed. - -The primary creator of the Samba suite is Andrew Tridgell. Later -versions incorporate much effort by many net.helpers. The man pages -and this FAQ were originally written by Karl Auer. - -<sect1> What is the current version of Samba? <p><label id="current_version"> -At time of writing, the current version was 1.9.17. If you want to be -sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log"> - -For more information see <ref id="version_nums" name="What do the -version numbers mean?"> - -<sect1> Where can I get it? <p> <label id="where"> -The Samba suite is available via anonymous ftp from -samba.org. The latest and greatest versions of the suite are in -the directory: - -/pub/samba/ - -Development (read "alpha") versions, which are NOT necessarily stable -and which do NOT necessarily have accurate documentation, are -available in the directory: - -/pub/samba/alpha - -Note that binaries are NOT included in any of the above. Samba is -distributed ONLY in source form, though binaries may be available from -other sites. Recent versions of some Linux distributions, for example, -do contain Samba binaries for that platform. - -<sect1> What do the version numbers mean? <p> <label id="version_nums"> -It is not recommended that you run a version of Samba with the word -"alpha" in its name unless you know what you are doing and are willing -to do some debugging. Many, many people just get the latest -recommended stable release version and are happy. If you are brave, by -all means take the plunge and help with the testing and development - -but don't install it on your departmental server. Samba is typically -very stable and safe, and this is mostly due to the policy of many -public releases. - -How the scheme works: -<enum> -<item>When major changes are made the version number is increased. For -example, the transition from 1.9.15 to 1.9.16. However, this version -number will not appear immediately and people should continue to use -1.9.15 for production systems (see next point.) - -<item>Just after major changes are made the software is considered -unstable, and a series of alpha releases are distributed, for example -1.9.16alpha1. These are for testing by those who know what they are -doing. The "alpha" in the filename will hopefully scare off those who -are just looking for the latest version to install. - -<item>When Andrew thinks that the alphas have stabilised to the point -where he would recommend new users install it, he renames it to the -same version number without the alpha, for example 1.9.16. - -<item>Inevitably bugs are found in the "stable" releases and minor patch -levels are released which give us the pXX series, for example 1.9.16p2. -</enum> -So the progression goes: -<verb> - 1.9.15p7 (production) - 1.9.15p8 (production) - 1.9.16alpha1 (test sites only) - : - 1.9.16alpha20 (test sites only) - 1.9.16 (production) - 1.9.16p1 (production) -</verb> -The above system means that whenever someone looks at the samba ftp -site they will be able to grab the highest numbered release without an -alpha in the name and be sure of getting the current recommended -version. - -<sect1> What platforms are supported? <p> <label id="platforms"> -Many different platforms have run Samba successfully. The platforms -most widely used and thus best tested are Linux and SunOS. - -At time of writing, the Makefile claimed support for: -<itemize> -<item> A/UX 3.0 -<item> AIX -<item> Altos Series 386/1000 -<item> Amiga -<item> Apollo Domain/OS sr10.3 -<item> BSDI -<item> B.O.S. (Bull Operating System) -<item> Cray, Unicos 8.0 -<item> Convex -<item> DGUX. -<item> DNIX. -<item> FreeBSD -<item> HP-UX -<item> Intergraph. -<item> Linux with/without shadow passwords and quota -<item> LYNX 2.3.0 -<item> MachTen (a unix like system for Macintoshes) -<item> Motorola 88xxx/9xx range of machines -<item> NetBSD -<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). -<item> OS/2 using EMX 0.9b -<item> OSF1 -<item> QNX 4.22 -<item> RiscIX. -<item> RISCOs 5.0B -<item> SEQUENT. -<item> SCO (including: 3.2v2, European dist., OpenServer 5) -<item> SGI. -<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series -<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) -<item> SUNOS 4 -<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') -<item> Sunsoft ISC SVR3V4 -<item> SVR4 -<item> System V with some berkely extensions (Motorola 88k R32V3.2). -<item> ULTRIX. -<item> UNIXWARE -<item> UXP/DS -</itemize> - -<sect1> How can I find out more about Samba? <p> <label id="more"> -There are a number of places to look for more information on Samba, including: -<itemize> -<item>Two mailing lists devoted to discussion of Samba-related matters. -<item>The newsgroup, comp.protocols.smb, which has a great deal of discussion on Samba. -<item>The WWW site 'SAMBA Web Pages' at <url url="http://samba.edu.au/samba/"> includes: - <itemize> - <item>Links to man pages and documentation, including this FAQ - <item>A comprehensive survey of Samba users. - <item>A searchable hypertext archive of the Samba mailing list. - <item>Links to Samba source code, binaries, and mirrors of both. - </itemize> -<item>The long list of topic documentation. These files can be found in the 'docs' directory of the Samba source, or at <url url="ftp://samba.org/pub/samba/docs/"> - <itemize> - <item><url url="ftp://samba.org/pub/samba/docs/Application_Serving.txt" name="Application_Serving.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/BUGS.txt" name="BUGS.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt" name="DIAGNOSIS.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/DNIX.txt" name="DNIX.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/DOMAIN.txt" name="DOMAIN.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt" name="CONTROL.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/Faxing.txt" name="Faxing.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/GOTCHAS.txt" name="GOTCHAS.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/HINTS.txt" name="HINTS.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/INSTALL.sambatar" name="INSTALL.sambatar"> - <item><url url="ftp://samba.org/pub/samba/docs/INSTALL.txt" name="INSTALL.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/MIRRORS" name="MIRRORS"> - <item><url url="ftp://samba.org/pub/samba/docs/NetBIOS.txt" name="NetBIOS.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/OS2.txt" name="OS2.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/PROJECTS" name="PROJECTS"> - <item><url url="ftp://samba.org/pub/samba/docs/Passwords.txt" name="Passwords.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/Printing.txt" name="Printing.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/README.DCEDFS" name="README.DCEDFS"> - <item><url url="ftp://samba.org/pub/samba/docs/README.OS2" name="README.OS2"> - <item><url url="ftp://samba.org/pub/samba/docs/README.jis" name="README.jis"> - <item><url url="ftp://samba.org/pub/samba/docs/README.sambatar" name="README.sambatar"> - <item><url url="ftp://samba.org/pub/samba/docs/SCO.txt" name="SCO.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/SMBTAR.notes" name="SMBTAR.notes"> - <item><url url="ftp://samba.org/pub/samba/docs/Speed.txt" name="Speed.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/Support.txt" name="Support.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/THANKS" name="THANKS"> - <item><url url="ftp://samba.org/pub/samba/docs/Tracing.txt" name="Tracing.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/UNIX-SMB.txt" name="SMB.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/Warp.txt" name="Warp.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/WinNT.txt" name="WinNT.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/history" name="history"> - <item><url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="level.txt"> - <item><url url="ftp://samba.org/pub/samba/docs/wfw_slip.htm" name="slip.htm"> - </itemize> -</itemize> - -<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist"> -Send email to <htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is -blank, and include the following two lines in the body of the message: -<tscreen><verb> -subscribe samba Firstname Lastname -subscribe samba-announce Firstname Lastname -</verb></tscreen> -Obviously you should substitute YOUR first name for "Firstname" and -YOUR last name for "Lastname"! Try not to send any signature stuff, it -sometimes confuses the list processor. - -The samba list is a digest list - every eight hours or so it -regurgitates a single message containing all the messages that have -been received by the list since the last time and sends a copy of this -message to all subscribers. - -If you stop being interested in Samba, please send another email to -<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and -include the following two lines in the body of the message: -<tscreen><verb> -unsubscribe samba -unsubscribe samba-announce -</verb></tscreen> -The <bf>From:</bf> line in your message <em>MUST</em> be the same address you used when -you subscribed. - -<sect1> Something's gone wrong - what should I do? <p> <label id="wrong"> -<bf>[#] *** IMPORTANT! *** [#]</bf> -<p>DO NOT post messages on mailing lists or in newsgroups until you have -carried out the first three steps given here! - -Firstly, see if there are any likely looking entries in this FAQ! If -you have just installed Samba, have you run through the checklist in -<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt" name="DIAGNOSIS.txt">? It can save you a lot of time and effort. -DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution. - -Secondly, read the man pages for smbd, nmbd and smb.conf, looking for -topics that relate to what you are trying to do. - -Thirdly, if there is no obvious solution to hand, try to get a look at -the log files for smbd and/or nmbd for the period during which you -were having problems. You may need to reconfigure the servers to -provide more extensive debugging information - usually level 2 or -level 3 provide ample debugging info. Inspect these logs closely, -looking particularly for the string "Error:". - -Fourthly, if you still haven't got anywhere, ask the mailing list or -newsgroup. In general nobody minds answering questions provided you -have followed the preceding steps. It might be a good idea to scan the -archives of the mailing list, which are available through the Samba -web site described in the previous -section. - -If you successfully solve a problem, please mail the FAQ maintainer a -succinct description of the symptom, the problem and the solution, so -I can incorporate it in the next version. - -If you make changes to the source code, _please_ submit these patches -so that everyone else gets the benefit of your work. This is one of -the most important aspects to the maintainence of Samba. Send all -patches to <htmlurl url="mailto:samba-patches@samba.org" name="samba-patches@samba.org">. Do not send patches to Andrew Tridgell or any -other individual, they may be lost if you do. - -<sect1> Pizza supply details <p> <label id="pizza"> -Those who have registered in the Samba survey as "Pizza Factory" will -already know this, but the rest may need some help. Andrew doesn't ask -for payment, but he does appreciate it when people give him -pizza. This calls for a little organisation when the pizza donor is -twenty thousand kilometres away, but it has been done. - -Method 1: Ring up your local branch of an international pizza chain -and see if they honour their vouchers internationally. Pizza Hut do, -which is how the entire Canberra Linux Users Group got to eat pizza -one night, courtesy of someone in the US - -Method 2: Ring up a local pizza shop in Canberra and quote a credit -card number for a certain amount, and tell them that Andrew will be -collecting it (don't forget to tell him.) One kind soul from Germany -did this. - -Method 3: Purchase a pizza voucher from your local pizza shop that has -no international affiliations and send it to Andrew. It is completely -useless but he can hang it on the wall next to the one he already has -from Germany :-) - -Method 4: Air freight him a pizza with your favourite regional -flavours. It will probably get stuck in customs or torn apart by -hungry sniffer dogs but it will have been a noble gesture. - -<sect>Compiling and installing Samba on a Unix host<p><label id="unix_install"> - -<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> - See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt"> - for more information on browsing. Browsing.txt can also be found - in the docs directory of the Samba source. - -If your GUI client does not permit you to select non-browsable -servers, you may need to do so on the command line. For example, under -Lan Manager you might connect to the above service as disk drive M: -thusly: -<tscreen><verb> - net use M: \\mary\fred -</verb></tscreen> -The details of how to do this and the specific syntax varies from -client to client - check your client's documentation. - -<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> -See the next question. -<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> -If you check what files are not showing up, you will note that they -are files which contain upper case letters or which are otherwise not -DOS-compatible (ie, they are not legal DOS filenames for some reason). - -The Samba server can be configured either to ignore such files -completely, or to present them to the client in "mangled" form. If you -are not seeing the files at all, the Samba server has most likely been -configured to ignore them. Consult the man page smb.conf(5) for -details of how to change this - the parameter you need to set is -"mangled names = yes". - -<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> -This indicates one of three things: You supplied an incorrect server -name, the underlying TCP/IP layer is not working correctly, or the -name you specified cannot be resolved. - -After carefully checking that the name you typed is the name you -should have typed, try doing things like pinging a host or telnetting -to somewhere on your network to see if TCP/IP is functioning OK. If it -is, the problem is most likely name resolution. - -If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Lan Manager -or Windows for Workgroups you would put a suitable entry in the file -LMHOSTS. If this works, the problem is in the communication between -your client and the netbios name server. If it does not work, then -there is something fundamental wrong with your naming and the solution -is beyond the scope of this document. - -If you do not have any server on your subnet supplying netbios name -resolution, hardcoded mappings are your only option. If you DO have a -netbios name server running (such as the Samba suite's nmbd program), -the problem probably lies in the way it is set up. Refer to Section -Two of this FAQ for more ideas. - -By the way, remember to REMOVE the hardcoded mapping before further -tests :-) - -<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> -This message indicates that your client CAN locate the specified -server, which is a good start, but that it cannot find a service of -the name you gave. - -The first step is to check the exact name of the service you are -trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's docs on how -to specify a service name correctly), read on: - -<itemize> -<item> Many clients cannot accept or use service names longer than eight characters. -<item> Many clients cannot accept or use service names containing spaces. -<item> Some servers (not Samba though) are case sensitive with service names. -<item> Some clients force service names into upper case. -</itemize> - -<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net"> -Nothing is wrong - Samba does not implement the primary domain name -controller stuff for several reasons, including the fact that the -whole concept of a primary domain controller and "logging in to a -network" doesn't fit well with clients possibly running on multiuser -machines (such as users of smbclient under Unix). Having said that, -several developers are working hard on building it in to the next -major version of Samba. If you can contribute, send a message to -<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> ! - -Seeing this message should not affect your ability to mount redirected -disks and printers, which is really what all this is about. - -For many clients (including Windows for Workgroups and Lan Manager), -setting the domain to STANDALONE at least gets rid of the message. - -<sect1>Printing doesn't work :-(<p> <label id="no_printing"> -Make sure that the specified print command for the service you are -connecting to is correct and that it has a fully-qualified path (eg., -use "/usr/bin/lpr" rather than just "lpr"). - -Make sure that the spool directory specified for the service is -writable by the user connected to the service. In particular the user -"nobody" often has problems with printing, even if it worked with an -earlier version of Samba. Try creating another guest user other than -"nobody". - -Make sure that the user specified in the service is permitted to use -the printer. - -Check the debug log produced by smbd. Search for the printer name and -see if the log turns up any clues. Note that error messages to do with -a service ipc$ are meaningless - they relate to the way the client -attempts to retrieve status information when using the LANMAN1 -protocol. - -If using WfWg then you need to set the default protocol to TCP/IP, not -Netbeui. This is a WfWg bug. - -If using the Lanman1 protocol (the default) then try switching to -coreplus. Also not that print status error messages don't mean -printing won't work. The print status is received by a different -mechanism. - -<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run"> -There are numerous possible reasons for this, but one MAJOR -possibility is that your software uses locking. Make sure you are -using Samba 1.6.11 or later. It may also be possible to work around -the problem by setting "locking=no" in the Samba configuration file -for the service the software is installed on. This should be regarded -as a strictly temporary solution. - -In earlier Samba versions there were some difficulties with the very -latest Microsoft products, particularly Excel 5 and Word for Windows -6. These should have all been solved. If not then please let Andrew -Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. - -<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> -OR My client reports the default setting, eg. "Samba 1.9.15p4", instead -of what I have changed it to in the smb.conf file. - -You need to use the -C option in nmbd. The "server string" affects -what smbd puts out and -C affects what nmbd puts out. - -Current versions of Samba (1.9.16 +) have combined these options into -the "server string" field of smb.conf, -C for nmbd is now obsolete. - -<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> -Your guest account is probably invalid for some reason. Samba uses the -guest account for browsing in smbd. Check that your guest account is -valid. - -See also 'guest account' in smb.conf man page. - -<sect1>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> -This can have several causes. It might be because you are using a uid -or gid of 65535 or -1. This is a VERY bad idea, and is a big security -hole. Check carefully in your /etc/passwd file and make sure that no -user has uid 65535 or -1. Especially check the "nobody" user, as many -broken systems are shipped with nobody setup with a uid of 65535. - -It might also mean that your OS has a trapdoor uid/gid system :-) - -This means that once a process changes effective uid from root to -another user it can't go back to root. Unfortunately Samba relies on -being able to change effective uid from root to non-root and back -again to implement its security policy. If your OS has a trapdoor uid -system this won't work, and several things in Samba may break. Less -things will break if you use user or server level security instead of -the default share level security, but you may still strike -problems. - -The problems don't give rise to any security holes, so don't panic, -but it does mean some of Samba's capabilities will be unavailable. -In particular you will not be able to connect to the Samba server as -two different uids at once. This may happen if you try to print as a -"guest" while accessing a share as a normal user. It may also affect -your ability to list the available shares as this is normally done as -the guest user. - -Complain to your OS vendor and ask them to fix their system. - -Note: the reason why 65535 is a VERY bad choice of uid and gid is that -it casts to -1 as a uid, and the setreuid() system call ignores (with -no error) uid changes to -1. This means any daemon attempting to run -as uid 65535 will actually run as root. This is not good! - -<sect>Common client questions<p> <label id="client_questions"> - -<sect1>Are there any Macintosh clients for Samba?<p> <label id="mac_clients"> -Yes! Thursby now have a CIFS Client / Server called DAVE - see <url url="http://www.thursby.com/">. -They test it against Windows 95, Windows NT and samba for compatibility issues. -At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available -as a free download from the Thursby web site (the speed of finder copies has -been greatly enhanced, and there are bug-fixes included). - -Alternatives - There are two free implementations of AppleTalk for -several kinds of UNIX machnes, and several more commercial ones. -These products allow you to run file services and print services -natively to Macintosh users, with no additional support required on -the Macintosh. The two free omplementations are Netatalk, -<url url="http://www.umich.edu/~rsug/netatalk/">, and CAP, -<url url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers -MS Windows users, these packages offer to Macs. For more info on -these packages, Samba, and Linux (and other UNIX-based systems) -see <url url="http://www.eats.com/linux_mac_win.html"> - -<sect1>"Session request failed (131,130)" error<p> <label id="sess_req_fail"> -The following answer is provided by John E. Miller: - -I'll assume that you're able to ping back and forth between the -machines by IP address and name, and that you're using some security -model where you're confident that you've got user IDs and passwords -right. The logging options (-d3 or greater) can help a lot with that. -DNS and WINS configuration can also impact connectivity as well. - -Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network -configuration (I'm too much of an NT bigot to know where it's located -in the Win95 setup, but I'll have to learn someday since I teach for a -Microsoft Solution Provider Authorized Tech Education Center - what an -acronym...) [Note: It's under Control Panel | Network | TCP/IP | WINS -Configuration] there's a little text entry field called something like -'Scope ID'. - -This field essentially creates 'invisible' sub-workgroups on the same -wire. Boxes can only see other boxes whose Scope IDs are set to the -exact same value - it's sometimes used by OEMs to configure their -boxes to browse only other boxes from the same vendor and, in most -environments, this field should be left blank. If you, in fact, have -something in this box that EXACT value (case-sensitive!) needs to be -provided to smbclient and nmbd as the -i (lowercase) parameter. So, if -your Scope ID is configured as the string 'SomeStr' in Win95 then -you'd have to use smbclient -iSomeStr [otherparms] in connecting to -it. - -<sect1>How do I synchronise my PC's clock with my Samba server? <p><label id="synchronise_clock"> -To syncronize your PC's clock with your Samba server: -<itemize> -<item> Copy timesync.pif to your windows directory - <item> timesync.pif can be found at: - <url -url="http://samba.org/samba/binaries/miscellaneous/timesync.pif"> -<item> Add timesync.pif to your 'Start Up' group/folder -<item> Open the properties dialog box for the program/icon -<item> Make sure the 'Run Minimized' option is set in program 'Properties' -<iteM> Change the command line section that reads [\\sambahost] to reflect the name of your server. -<item> Close the properties dialog box by choosing 'OK' -</itemize> -Each time you start your computer (or login for Win95) your PC will -synchronize its clock with your Samba server. - -Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba - - see: <url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt"> *** for more information. -<p>Then add -<tscreen><verb> -NET TIME \\%L /SET /YES -</verb></tscreen> -as one of the lines in the logon script. -<sect1>Problems with WinDD, NTrigue, WinCenterPro etc<p> -<label id="multiple_session_clients"> - -All of the above programs are applications that sit on an NT box and -allow multiple users to access the NT GUI applications from remote -workstations (often over X). - -What has this got to do with Samba? The problem comes when these users -use filemanager to mount shares from a Samba server. The most common -symptom is that the first user to connect get correct file permissions -and has a nice day, but subsequent connections get logged in as the -same user as the first person to login. They find that they cannot -access files in their own home directory, but that they can access -files in the first users home directory (maybe not such a nice day -after all?) - -Why does this happen? The above products all share a common heritage -(and code base I believe). They all open just a single TCP based SMB -connection to the Samba server, and requests from all users are piped -over this connection. This is unfortunate, but not fatal. - -It means that if you run your Samba server in share level security -(the default) then things will definately break as described -above. The share level SMB security model has no provision for -multiple user IDs on the one SMB connection. See <url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="security_level.txt"> in -the docs for more info on share/user/server level security. - -If you run in user or server level security then you have a chance, -but only if you have a recent version of Samba (at least 1.9.15p6). In -older versions bugs in Samba meant you still would have had problems. - -If you have a trapdoor uid system in your OS then it will never work -properly. Samba needs to be able to switch uids on the connection and -it can't if your OS has a trapdoor uid system. You'll know this -because Samba will note it in your logs. - -Also note that you should not use the magic "homes" share name with -products like these, as otherwise all users will end up with the same -home directory. Use [\\server\username] instead. - -<sect1>Problem with printers under NT<p> <label id="nt_printers"> -This info from Stefan Hergeth -hergeth@f7axp1.informatik.fh-muenchen.de may be useful: - - A network-printer (with ethernetcard) is connected to the NT-Clients -via our UNIX-Fileserver (SAMBA-Server), like the configuration told by - Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) -<enum> -<item>If a user has choosen this printer as the default printer in his - NT-Session and this printer is not connected to the network - (e.g. switched off) than this user has a problem with the SAMBA- - connection of his filesystems. It's very slow. - -<item>If the printer is connected to the network everything works fine. - -<item>When the smbd ist started with debug level 3, you can see that the - NT spooling system try to connect to the printer many times. If the - printer ist not connected to the network this request fails and the - NT spooler is wasting a lot of time to connect to the printer service. - This seems to be the reason for the slow network connection. - -<item>Maybe it's possible to change this behaviour by setting different - printer properties in the Print-Manager-Menu of NT, but i didn't try it yet. -</enum> - -<sect1>Why are my file's timestamps off by an hour, or by a few hours?<p><label id="dst_bugs"> -This is from Paul Eggert eggert@twinsun.com. - -Most likely it's a problem with your time zone settings. - -Internally, Samba maintains time in traditional Unix format, -namely, the number of seconds since 1970-01-01 00:00:00 Universal Time -(or ``GMT''), not counting leap seconds. - -On the server side, Samba uses the Unix TZ variable to convert -internal timestamps to and from local time. So on the server side, there are -two things to get right. -<enum> -<item>The Unix system clock must have the correct Universal time. - Use the shell command "sh -c 'TZ=UTC0 date'" to check this. - -<item>The TZ environment variable must be set on the server - before Samba is invoked. The details of this depend on the - server OS, but typically you must edit a file whose name is - /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'. - -<item>TZ must have the correct value. -<enum> - <item>If possible, use geographical time zone settings - (e.g. TZ='America/Los_Angeles' or perhaps - TZ=':US/Pacific'). These are supported by most - popular Unix OSes, are easier to get right, and are - more accurate for historical timestamps. If your - operating system has out-of-date tables, you should be - able to update them from the public domain time zone - tables at <url url="ftp://elsie.nci.nih.gov/pub/">. - - <item>If your system does not support geographical timezone - settings, you must use a Posix-style TZ strings, e.g. - TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. - Posix TZ strings can take the following form (with optional - items in brackets): -<verb> - StdOffset[Dst[Offset],Date/Time,Date/Time] -</verb> - where: -<itemize> -<item> `Std' is the standard time designation (e.g. `PST'). - -<item> `Offset' is the number of hours behind UTC (e.g. `8'). - Prepend a `-' if you are ahead of UTC, and - append `:30' if you are at a half-hour offset. - Omit all the remaining items if you do not use - daylight-saving time. - -<item> `Dst' is the daylight-saving time designation - (e.g. `PDT'). - - The optional second `Offset' is the number of - hours that daylight-saving time is behind UTC. - The default is 1 hour ahead of standard time. - -<item> `Date/Time,Date/Time' specify when daylight-saving - time starts and ends. The format for a date is - `Mm.n.d', which specifies the dth day (0 is Sunday) - of the nth week of the mth month, where week 5 means - the last such day in the month. The format for a - time is [h]h[:mm[:ss]], using a 24-hour clock. -</itemize> - Other Posix string formats are allowed but you don't want - to know about them. -</enum> -</enum> -On the client side, you must make sure that your client's clock and -time zone is also set appropriately. [[I don't know how to do this.]] -Samba traditionally has had many problems dealing with time zones, due -to the bizarre ways that Microsoft network protocols handle time -zones. A common symptom is for file timestamps to be off by an hour. -To work around the problem, try disconnecting from your Samba server -and then reconnecting to it; or upgrade your Samba server to -1.9.16alpha10 or later. - -<sect1> How do I set the printer driver name correctly? <p><label id="printer_driver_name"> -Question: - On NT, I opened "Printer Manager" and "Connect to Printer". - Enter ["\\ptdi270\ps1"] in the box of printer. I got the - following error message: -<tscreen><verb> - You do not have sufficient access to your machine - to connect to the selected printer, since a driver - needs to be installed locally. -</verb></tscreen> -Answer: - -In the more recent versions of Samba you can now set the "printer -driver" in smb.conf. This tells the client what driver to use. For -example: -<tscreen><verb> - printer driver = HP LaserJet 4L -</verb></tscreen> -with this, NT knows to use the right driver. You have to get this string -exactly right. - -To find the exact string to use, you need to get to the dialog box in -your client where you select which printer driver to install. The -correct strings for all the different printers are shown in a listbox -in that dialog box. - -You could also try setting the driver to NULL like this: -<tscreen><verb> - printer driver = NULL -</verb></tscreen> -this is effectively what older versions of Samba did, so if that -worked for you then give it a go. If this does work then let us know via <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">, -and we'll make it the default. Currently the default is a 0 length -string. - -<sect1>I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?<p><label id="NT_SP3_FIX"> -As of SP3, Microsoft has decided that they will no longer default to -passing clear text passwords over the network. To enable access to -Samba shares from NT 4.0 SP3, you must do <bf>ONE</bf> of two things: -<enum> -<item> Set the Samba configuration option 'security = user' and implement all of the stuff detailed in <url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt">. -<item> Follow Microsoft's directions for setting your NT box to allow plain text passwords. see <url url="http://www.microsoft.com/kb/articles/q166/7/30.htm" name="Knowledge Base Article Q166730"> -</enum> - -<sect>Specific client application problems<p> <label id="client_problems"> - -<sect1>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"<p> <label id="cant_change_properties"> -When installing MS Office on a Samba drive for which you have admin -user permissions, ie. admin users = username, you will find the -setup program unable to complete the installation. - -To get around this problem, do the installation without admin user -permissions The problem is that MS Office Setup checks that a file is -rdonly by trying to open it for writing. - -Admin users can always open a file for writing, as they run as root. -You just have to install as a non-admin user and then use "chown -R" -to fix the owner. - -<sect>Miscellaneous<p> <label id="miscellaneous"> -<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant"> -The CIFS protocol that Samba implements -negotiates times in various formats, all of which -are able to cope with dates beyond 2000. - -</article> diff --git a/docs/faq/sambafaq.txt b/docs/faq/sambafaq.txt deleted file mode 100644 index e629e8ad87..0000000000 --- a/docs/faq/sambafaq.txt +++ /dev/null @@ -1,1122 +0,0 @@ - Samba FAQ - Paul Blackman, ictinus@samba.org - v 0.8, June '97 - - This is the Frequently Asked Questions (FAQ) document for Samba, the - free and very popular SMB server product. An SMB server allows file - and printer connections from clients such as Windows, OS/2, Linux and - others. Current to version 1.9.17. Please send any corrections to the - author. - ______________________________________________________________________ - - Table of Contents: - - 1. General Information - - 1.1. What is Samba? - - 1.2. What is the current version of Samba? - - 1.3. Where can I get it? - - 1.4. What do the version numbers mean? - - 1.5. What platforms are supported? - - 1.6. How can I find out more about Samba? - - 1.7. How do I subscribe to the Samba Mailing Lists? - - 1.8. Something's gone wrong - what should I do? - - 1.9. Pizza supply details - - 2. Compiling and installing Samba on a Unix host - - 2.1. I can't see the Samba server in any browse lists! - - 2.2. Some files that I KNOW are on the server doesn't show up when - I view the files from my client! - - 2.3. Some files on the server show up with really wierd filenames - when I view the files from my client! - - 2.4. My client reports "cannot locate specified computer" or - similar - - 2.5. My client reports "cannot locate specified share name" or - similar - - 2.6. My client reports "cannot find domain controller", "cannot log - on to the network" or similar - - 2.7. Printing doesn't work :-( - - 2.8. My programs install on the server OK, but refuse to work - properly - - 2.9. My "server string" doesn't seem to be recognised - - 2.10. My client reports "This server is not configured to list - shared resources" - - 2.11. Log message "you appear to have a trapdoor uid system" - - 3. Common client questions - - 3.1. Are there any Macintosh clients for Samba? - - 3.2. "Session request failed (131,130)" error - - 3.3. How do I synchronise my PC's clock with my Samba server? - - 3.4. Problems with WinDD, NTrigue, WinCenterPro etc - - 3.5. Problem with printers under NT - - 3.6. Why are my file's timestamps off by an hour, or by a few - hours? - - 3.7. How do I set the printer driver name correctly? - - 3.8. I've applied NT 4.0 SP3, and now I can't access Samba shares, - Why? - - 4. Specific client application problems - - 4.1. MS Office Setup reports "Cannot change properties of - 'MSOFFICEUP.INI'" - - 5. Miscellaneous - - 5.1. Is Samba Year 2000 compliant? - ______________________________________________________________________ - - 11.. GGeenneerraall IInnffoorrmmaattiioonn - - - - All about Samba - what it is, how to get it, related sources of - information, how to understand the version numbering scheme, pizza - details - - - 11..11.. WWhhaatt iiss SSaammbbaa?? - - - Samba is a suite of programs which work together to allow clients to - access to a server's filespace and printers via the SMB (Server - Message Block) protocol. Initially written for Unix, Samba now also - runs on Netware, OS/2 and VMS. - - In practice, this means that you can redirect disks and printers to - Unix disks and printers from Lan Manager clients, Windows for - Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 - clients. There is also a generic Unix client program supplied as part - of the suite which allows Unix users to use an ftp-like interface to - access filespace and printers on any other SMB servers. This gives the - capability for these operating systems to behave much like a LAN - Server or Windows NT Server machine, only with added functionality and - flexibility designed to make life easier for administrators. - - The components of the suite are (in summary): - - - +o ssmmbbdd, the SMB server. This handles actual connections from clients, - doing all the file, permission and username work - - +o nnmmbbdd, the Netbios name server, which helps clients locate servers, - doing the browsing work and managing domains as this capability is - being built into Samba - - - +o ssmmbbcclliieenntt, the Unix-hosted client program - - +o ssmmbbrruunn, a little 'glue' program to help the server run external - programs - - +o tteessttpprrnnss, a program to test server access to printers - - +o tteessttppaarrmmss, a program to test the Samba configuration file for - correctness - - +o ssmmbb..ccoonnff, the Samba configuration file - - +o ssmmbbpprriinntt, a sample script to allow a Unix host to use smbclient to - print to an SMB server - - +o DDooccuummeennttaattiioonn!! DON'T neglect to read it - you will save a great - deal of time! - - The suite is supplied with full source (of course!) and is GPLed. - - The primary creator of the Samba suite is Andrew Tridgell. Later - versions incorporate much effort by many net.helpers. The man pages - and this FAQ were originally written by Karl Auer. - - - 11..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa?? - - - At time of writing, the current version was 1.9.17. If you want to be - sure check the bottom of the change-log file. - <ftp://samba.org/pub/samba/alpha/change-log> - - For more information see ``What do the version numbers mean?'' - - - 11..33.. WWhheerree ccaann II ggeett iitt?? - - - The Samba suite is available via anonymous ftp from samba.org. - The latest and greatest versions of the suite are in the directory: - - /pub/samba/ - - Development (read "alpha") versions, which are NOT necessarily stable - and which do NOT necessarily have accurate documentation, are - available in the directory: - - /pub/samba/alpha - - Note that binaries are NOT included in any of the above. Samba is - distributed ONLY in source form, though binaries may be available from - other sites. Recent versions of some Linux distributions, for example, - do contain Samba binaries for that platform. - - - 11..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann?? - - - It is not recommended that you run a version of Samba with the word - "alpha" in its name unless you know what you are doing and are willing - to do some debugging. Many, many people just get the latest - recommended stable release version and are happy. If you are brave, by - all means take the plunge and help with the testing and development - - but don't install it on your departmental server. Samba is typically - very stable and safe, and this is mostly due to the policy of many - public releases. - How the scheme works: - - 1. When major changes are made the version number is increased. For - example, the transition from 1.9.15 to 1.9.16. However, this - version number will not appear immediately and people should - continue to use 1.9.15 for production systems (see next point.) - - 2. Just after major changes are made the software is considered - unstable, and a series of alpha releases are distributed, for - example 1.9.16alpha1. These are for testing by those who know what - they are doing. The "alpha" in the filename will hopefully scare - off those who are just looking for the latest version to install. - - 3. When Andrew thinks that the alphas have stabilised to the point - where he would recommend new users install it, he renames it to the - same version number without the alpha, for example 1.9.16. - - 4. Inevitably bugs are found in the "stable" releases and minor patch - levels are released which give us the pXX series, for example - 1.9.16p2. - - So the progression goes: - - 1.9.15p7 (production) - 1.9.15p8 (production) - 1.9.16alpha1 (test sites only) - : - 1.9.16alpha20 (test sites only) - 1.9.16 (production) - 1.9.16p1 (production) - - - The above system means that whenever someone looks at the samba ftp - site they will be able to grab the highest numbered release without an - alpha in the name and be sure of getting the current recommended ver- - sion. - - - 11..55.. WWhhaatt ppllaattffoorrmmss aarree ssuuppppoorrtteedd?? - - - Many different platforms have run Samba successfully. The platforms - most widely used and thus best tested are Linux and SunOS. - - At time of writing, the Makefile claimed support for: - - +o A/UX 3.0 - - +o AIX - - +o Altos Series 386/1000 - - +o Amiga - - +o Apollo Domain/OS sr10.3 - - +o BSDI - - +o B.O.S. (Bull Operating System) - - +o Cray, Unicos 8.0 - - +o Convex - - +o DGUX. - - +o DNIX. - - +o FreeBSD - - +o HP-UX - - +o Intergraph. - - +o Linux with/without shadow passwords and quota - - +o LYNX 2.3.0 - - +o MachTen (a unix like system for Macintoshes) - - +o Motorola 88xxx/9xx range of machines - - +o NetBSD - - +o NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for - Mach). - - +o OS/2 using EMX 0.9b - - +o OSF1 - - +o QNX 4.22 - - +o RiscIX. - - +o RISCOs 5.0B - - +o SEQUENT. - - +o SCO (including: 3.2v2, European dist., OpenServer 5) - - +o SGI. - - +o SMP_DC.OSx v1.1-94c079 on Pyramid S series - - +o SONY NEWS, NEWS-OS (4.2.x and 6.1.x) - - +o SUNOS 4 - - +o SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') - - +o Sunsoft ISC SVR3V4 - - +o SVR4 - - +o System V with some berkely extensions (Motorola 88k R32V3.2). - - +o ULTRIX. - - +o UNIXWARE - - +o UXP/DS - - - 11..66.. HHooww ccaann II ffiinndd oouutt mmoorree aabboouutt SSaammbbaa?? - - - There are a number of places to look for more information on Samba, - including: - - +o Two mailing lists devoted to discussion of Samba-related matters. - - +o The newsgroup, comp.protocols.smb, which has a great deal of - discussion on Samba. - - +o The WWW site 'SAMBA Web Pages' at <http://samba.edu.au/samba/> - includes: - - +o Links to man pages and documentation, including this FAQ - - +o A comprehensive survey of Samba users. - - +o A searchable hypertext archive of the Samba mailing list. - - +o Links to Samba source code, binaries, and mirrors of both. - - +o The long list of topic documentation. These files can be found in - the 'docs' directory of the Samba source, or at - <ftp://samba.org/pub/samba/docs/> - - +o Application_Serving.txt - <ftp://samba.org/pub/samba/docs/Application_Serving.txt> - - +o BROWSING.txt <ftp://samba.org/pub/samba/docs/BROWSING.txt> - - +o BUGS.txt <ftp://samba.org/pub/samba/docs/BUGS.txt> - - +o DIAGNOSIS.txt <ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt> - - +o DNIX.txt <ftp://samba.org/pub/samba/docs/DNIX.txt> - - +o DOMAIN.txt <ftp://samba.org/pub/samba/docs/DOMAIN.txt> - - +o CONTROL.txt - <ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt> - - +o ENCRYPTION.txt - <ftp://samba.org/pub/samba/docs/ENCRYPTION.txt> - - +o Faxing.txt <ftp://samba.org/pub/samba/docs/Faxing.txt> - - +o GOTCHAS.txt <ftp://samba.org/pub/samba/docs/GOTCHAS.txt> - - +o HINTS.txt <ftp://samba.org/pub/samba/docs/HINTS.txt> - - +o INSTALL.sambatar - <ftp://samba.org/pub/samba/docs/INSTALL.sambatar> - - +o INSTALL.txt <ftp://samba.org/pub/samba/docs/INSTALL.txt> - - +o MIRRORS <ftp://samba.org/pub/samba/docs/MIRRORS> - - +o NetBIOS.txt <ftp://samba.org/pub/samba/docs/NetBIOS.txt> - - +o OS2.txt <ftp://samba.org/pub/samba/docs/OS2.txt> - - +o PROJECTS <ftp://samba.org/pub/samba/docs/PROJECTS> - - +o Passwords.txt <ftp://samba.org/pub/samba/docs/Passwords.txt> - - +o Printing.txt <ftp://samba.org/pub/samba/docs/Printing.txt> - - +o README.DCEDFS <ftp://samba.org/pub/samba/docs/README.DCEDFS> - - +o README.OS2 <ftp://samba.org/pub/samba/docs/README.OS2> - - +o README.jis <ftp://samba.org/pub/samba/docs/README.jis> - - +o README.sambatar - <ftp://samba.org/pub/samba/docs/README.sambatar> - - +o SCO.txt <ftp://samba.org/pub/samba/docs/SCO.txt> - - +o SMBTAR.notes <ftp://samba.org/pub/samba/docs/SMBTAR.notes> - - +o Speed.txt <ftp://samba.org/pub/samba/docs/Speed.txt> - - +o Support.txt <ftp://samba.org/pub/samba/docs/Support.txt> - - +o THANKS <ftp://samba.org/pub/samba/docs/THANKS> - - +o Tracing.txt <ftp://samba.org/pub/samba/docs/Tracing.txt> - - +o SMB.txt <ftp://samba.org/pub/samba/docs/UNIX-SMB.txt> - - +o Warp.txt <ftp://samba.org/pub/samba/docs/Warp.txt> - - +o WinNT.txt <ftp://samba.org/pub/samba/docs/WinNT.txt> - - +o history <ftp://samba.org/pub/samba/docs/history> - - +o level.txt - <ftp://samba.org/pub/samba/docs/security_level.txt> - - +o slip.htm <ftp://samba.org/pub/samba/docs/wfw_slip.htm> - - - 11..77.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss?? - - - Send email to listproc@samba.org. Make sure the subject line is - blank, and include the following two lines in the body of the message: - - - subscribe samba Firstname Lastname - subscribe samba-announce Firstname Lastname - - - - - Obviously you should substitute YOUR first name for "Firstname" and - YOUR last name for "Lastname"! Try not to send any signature stuff, it - sometimes confuses the list processor. - - The samba list is a digest list - every eight hours or so it - regurgitates a single message containing all the messages that have - been received by the list since the last time and sends a copy of this - message to all subscribers. - - If you stop being interested in Samba, please send another email to - listproc@samba.org. Make sure the subject line is blank, and - include the following two lines in the body of the message: - - - unsubscribe samba - unsubscribe samba-announce - - - - - The FFrroomm:: line in your message _M_U_S_T be the same address you used when - you subscribed. - - - 11..88.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo?? - - - ## ****** IIMMPPOORRTTAANNTT!! ****** ## - - DO NOT post messages on mailing lists or in newsgroups until you have - carried out the first three steps given here! - - Firstly, see if there are any likely looking entries in this FAQ! If - you have just installed Samba, have you run through the checklist in - DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It can - save you a lot of time and effort. DIAGNOSIS.txt can also be found in - the docs directory of the Samba distribution. - - Secondly, read the man pages for smbd, nmbd and smb.conf, looking for - topics that relate to what you are trying to do. - - Thirdly, if there is no obvious solution to hand, try to get a look at - the log files for smbd and/or nmbd for the period during which you - were having problems. You may need to reconfigure the servers to - provide more extensive debugging information - usually level 2 or - level 3 provide ample debugging info. Inspect these logs closely, - looking particularly for the string "Error:". - - Fourthly, if you still haven't got anywhere, ask the mailing list or - newsgroup. In general nobody minds answering questions provided you - have followed the preceding steps. It might be a good idea to scan the - archives of the mailing list, which are available through the Samba - web site described in the previous section. - - If you successfully solve a problem, please mail the FAQ maintainer a - succinct description of the symptom, the problem and the solution, so - I can incorporate it in the next version. - - If you make changes to the source code, _please_ submit these patches - so that everyone else gets the benefit of your work. This is one of - the most important aspects to the maintainence of Samba. Send all - patches to samba@samba.org. Do not send patches to Andrew - Tridgell or any other individual, they may be lost if you do. - - - 11..99.. PPiizzzzaa ssuuppppllyy ddeettaaiillss - - - Those who have registered in the Samba survey as "Pizza Factory" will - already know this, but the rest may need some help. Andrew doesn't ask - for payment, but he does appreciate it when people give him pizza. - This calls for a little organisation when the pizza donor is twenty - thousand kilometres away, but it has been done. - - Method 1: Ring up your local branch of an international pizza chain - and see if they honour their vouchers internationally. Pizza Hut do, - which is how the entire Canberra Linux Users Group got to eat pizza - one night, courtesy of someone in the US - - Method 2: Ring up a local pizza shop in Canberra and quote a credit - card number for a certain amount, and tell them that Andrew will be - collecting it (don't forget to tell him.) One kind soul from Germany - did this. - - Method 3: Purchase a pizza voucher from your local pizza shop that has - no international affiliations and send it to Andrew. It is completely - useless but he can hang it on the wall next to the one he already has - from Germany :-) - - - Method 4: Air freight him a pizza with your favourite regional - flavours. It will probably get stuck in customs or torn apart by - hungry sniffer dogs but it will have been a noble gesture. - - - 22.. CCoommppiilliinngg aanndd iinnssttaalllliinngg SSaammbbaa oonn aa UUnniixx hhoosstt - - - - 22..11.. II ccaann''tt sseeee tthhee SSaammbbaa sseerrvveerr iinn aannyy bbrroowwssee lliissttss!! - - - See BROWSING.txt <ftp://samba.org/pub/samba/BROWSING.txt> for - more information on browsing. Browsing.txt can also be found in the - docs directory of the Samba source. - - If your GUI client does not permit you to select non-browsable - servers, you may need to do so on the command line. For example, under - Lan Manager you might connect to the above service as disk drive M: - thusly: - - - net use M: \\mary\fred - - - - - The details of how to do this and the specific syntax varies from - client to client - check your client's documentation. - - - 22..22.. SSoommee ffiilleess tthhaatt II KKNNOOWW aarree oonn tthhee sseerrvveerr ddooeessnn''tt sshhooww uupp wwhheenn II - vviieeww tthhee ffiilleess ffrroomm mmyy cclliieenntt!! - - - See the next question. - - 22..33.. SSoommee ffiilleess oonn tthhee sseerrvveerr sshhooww uupp wwiitthh rreeaallllyy wwiieerrdd ffiilleennaammeess - wwhheenn II vviieeww tthhee ffiilleess ffrroomm mmyy cclliieenntt!! - - - If you check what files are not showing up, you will note that they - are files which contain upper case letters or which are otherwise not - DOS-compatible (ie, they are not legal DOS filenames for some reason). - - The Samba server can be configured either to ignore such files - completely, or to present them to the client in "mangled" form. If you - are not seeing the files at all, the Samba server has most likely been - configured to ignore them. Consult the man page smb.conf(5) for - details of how to change this - the parameter you need to set is - "mangled names = yes". - - - 22..44.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott llooccaattee ssppeecciiffiieedd ccoommppuutteerr"" oorr ssiimmiillaarr - - - This indicates one of three things: You supplied an incorrect server - name, the underlying TCP/IP layer is not working correctly, or the - name you specified cannot be resolved. - - After carefully checking that the name you typed is the name you - should have typed, try doing things like pinging a host or telnetting - to somewhere on your network to see if TCP/IP is functioning OK. If it - is, the problem is most likely name resolution. - - - If your client has a facility to do so, hardcode a mapping between the - hosts IP and the name you want to use. For example, with Man Manager - or Windows for Workgroups you would put a suitable entry in the file - LMHOSTS. If this works, the problem is in the communication between - your client and the netbios name server. If it does not work, then - there is something fundamental wrong with your naming and the solution - is beyond the scope of this document. - - If you do not have any server on your subnet supplying netbios name - resolution, hardcoded mappings are your only option. If you DO have a - netbios name server running (such as the Samba suite's nmbd program), - the problem probably lies in the way it is set up. Refer to Section - Two of this FAQ for more ideas. - - By the way, remember to REMOVE the hardcoded mapping before further - tests :-) - - - 22..55.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott llooccaattee ssppeecciiffiieedd sshhaarree nnaammee"" oorr ssiimmii-- - llaarr - - - This message indicates that your client CAN locate the specified - server, which is a good start, but that it cannot find a service of - the name you gave. - - The first step is to check the exact name of the service you are - trying to connect to (consult your system administrator). Assuming it - exists and you specified it correctly (read your client's doco on how - to specify a service name correctly), read on: - - - +o Many clients cannot accept or use service names longer than eight - characters. - - +o Many clients cannot accept or use service names containing spaces. - - +o Some servers (not Samba though) are case sensitive with service - names. - - +o Some clients force service names into upper case. - - - 22..66.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott ffiinndd ddoommaaiinn ccoonnttrroolllleerr"",, ""ccaannnnoott lloogg - oonn ttoo tthhee nneettwwoorrkk"" oorr ssiimmiillaarr - - - Nothing is wrong - Samba does not implement the primary domain name - controller stuff for several reasons, including the fact that the - whole concept of a primary domain controller and "logging in to a - network" doesn't fit well with clients possibly running on multiuser - machines (such as users of smbclient under Unix). Having said that, - several developers are working hard on building it in to the next - major version of Samba. If you can contribute, send a message to - samba@samba.org ! - - Seeing this message should not affect your ability to mount redirected - disks and printers, which is really what all this is about. - - For many clients (including Windows for Workgroups and Lan Manager), - setting the domain to STANDALONE at least gets rid of the message. - - - - - - 22..77.. PPrriinnttiinngg ddooeessnn''tt wwoorrkk ::--(( - - - Make sure that the specified print command for the service you are - connecting to is correct and that it has a fully-qualified path (eg., - use "/usr/bin/lpr" rather than just "lpr"). - - Make sure that the spool directory specified for the service is - writable by the user connected to the service. In particular the user - "nobody" often has problems with printing, even if it worked with an - earlier version of Samba. Try creating another guest user other than - "nobody". - - Make sure that the user specified in the service is permitted to use - the printer. - - Check the debug log produced by smbd. Search for the printer name and - see if the log turns up any clues. Note that error messages to do with - a service ipc$ are meaningless - they relate to the way the client - attempts to retrieve status information when using the LANMAN1 - protocol. - - If using WfWg then you need to set the default protocol to TCP/IP, not - Netbeui. This is a WfWg bug. - - If using the Lanman1 protocol (the default) then try switching to - coreplus. Also not that print status error messages don't mean - printing won't work. The print status is received by a different - mechanism. - - - 22..88.. MMyy pprrooggrraammss iinnssttaallll oonn tthhee sseerrvveerr OOKK,, bbuutt rreeffuussee ttoo wwoorrkk pprroopp-- - eerrllyy - - - There are numerous possible reasons for this, but one MAJOR - possibility is that your software uses locking. Make sure you are - using Samba 1.6.11 or later. It may also be possible to work around - the problem by setting "locking=no" in the Samba configuration file - for the service the software is installed on. This should be regarded - as a strictly temporary solution. - - In earlier Samba versions there were some difficulties with the very - latest Microsoft products, particularly Excel 5 and Word for Windows - 6. These should have all been solved. If not then please let Andrew - Tridgell know via email at samba@samba.org. - - - 22..99.. MMyy ""sseerrvveerr ssttrriinngg"" ddooeessnn''tt sseeeemm ttoo bbee rreeccooggnniisseedd - - - OR My client reports the default setting, eg. "Samba 1.9.15p4", - instead of what I have changed it to in the smb.conf file. - - You need to use the -C option in nmbd. The "server string" affects - what smbd puts out and -C affects what nmbd puts out. - - Current versions of Samba (1.9.16 +) have combined these options into - the "server string" field of smb.conf, -C for nmbd is now obsolete. - - - 22..1100.. MMyy cclliieenntt rreeppoorrttss ""TThhiiss sseerrvveerr iiss nnoott ccoonnffiigguurreedd ttoo lliisstt sshhaarreedd - rreessoouurrcceess"" - - - Your guest account is probably invalid for some reason. Samba uses the - guest account for browsing in smbd. Check that your guest account is - valid. - - See also 'guest account' in smb.conf man page. - - - 22..1111.. LLoogg mmeessssaaggee ""yyoouu aappppeeaarr ttoo hhaavvee aa ttrraappddoooorr uuiidd ssyysstteemm"" - - - This can have several causes. It might be because you are using a uid - or gid of 65535 or -1. This is a VERY bad idea, and is a big security - hole. Check carefully in your /etc/passwd file and make sure that no - user has uid 65535 or -1. Especially check the "nobody" user, as many - broken systems are shipped with nobody setup with a uid of 65535. - - It might also mean that your OS has a trapdoor uid/gid system :-) - - This means that once a process changes effective uid from root to - another user it can't go back to root. Unfortunately Samba relies on - being able to change effective uid from root to non-root and back - again to implement its security policy. If your OS has a trapdoor uid - system this won't work, and several things in Samba may break. Less - things will break if you use user or server level security instead of - the default share level security, but you may still strike problems. - - The problems don't give rise to any security holes, so don't panic, - but it does mean some of Samba's capabilities will be unavailable. In - particular you will not be able to connect to the Samba server as two - different uids at once. This may happen if you try to print as a - "guest" while accessing a share as a normal user. It may also affect - your ability to list the available shares as this is normally done as - the guest user. - - Complain to your OS vendor and ask them to fix their system. - - Note: the reason why 65535 is a VERY bad choice of uid and gid is that - it casts to -1 as a uid, and the setreuid() system call ignores (with - no error) uid changes to -1. This means any daemon attempting to run - as uid 65535 will actually run as root. This is not good! - - - 33.. CCoommmmoonn cclliieenntt qquueessttiioonnss - - - - - 33..11.. AArree tthheerree aannyy MMaacciinnttoosshh cclliieennttss ffoorr SSaammbbaa?? - - - Yes! Thursby now have a CIFS Client / Server called DAVE - see - <http://www.thursby.com/>. They test it against Windows 95, Windows - NT and samba for compatibility issues. At the time of writing, DAVE - was at version 1.0.1. The 1.0.0 to 1.0.1 update is available as a free - download from the Thursby web site (the speed of finder copies has - been greatly enhanced, and there are bug-fixes included). - - Alternatives - There are two free implementations of AppleTalk for - several kinds of UNIX machnes, and several more commercial ones. - These products allow you to run file services and print services - natively to Macintosh users, with no additional support required on - the Macintosh. The two free omplementations are Netatalk, - <http://www.umich.edu/~rsug/netatalk/>, and CAP, - <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS - Windows users, these packages offer to Macs. For more info on these - packages, Samba, and Linux (and other UNIX-based systems) see - <http://www.eats.com/linux_mac_win.html> - 33..22.. SSeessssiioonn rreeqquueesstt ffaaiilleedd ((113311,,113300))"" eerrrroorr - - - The following answer is provided by John E. Miller: - - I'll assume that you're able to ping back and forth between the - machines by IP address and name, and that you're using some security - model where you're confident that you've got user IDs and passwords - right. The logging options (-d3 or greater) can help a lot with that. - DNS and WINS configuration can also impact connectivity as well. - - Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network - configuration (I'm too much of an NT bigot to know where it's located - in the Win95 setup, but I'll have to learn someday since I teach for a - Microsoft Solution Provider Authorized Tech Education Center - what an - acronym...) Note: It's under Control Panel | Network | TCP/IP | WINS - Configuration there's a little text entry field called something like - - This field essentially creates 'invisible' sub-workgroups on the same - wire. Boxes can only see other boxes whose Scope IDs are set to the - exact same value - it's sometimes used by OEMs to configure their - boxes to browse only other boxes from the same vendor and, in most - environments, this field should be left blank. If you, in fact, have - something in this box that EXACT value (case-sensitive!) needs to be - provided to smbclient and nmbd as the -i (lowercase) parameter. So, if - your Scope ID is configured as the string 'SomeStr' in Win95 then - you'd have to use smbclient -iSomeStr otherparms in connecting to it. - - - 33..33.. HHooww ddoo II ssyynncchhrroonniissee mmyy PPCC''ss cclloocckk wwiitthh mmyy SSaammbbaa sseerrvveerr?? - - - To syncronize your PC's clock with your Samba server: - - +o Copy timesync.pif to your windows directory - - +o timesync.pif can be found at: - <http://samba.org/samba/binaries/miscellaneous/timesync.pif> - - +o Add timesync.pif to your 'Start Up' group/folder - - +o Open the properties dialog box for the program/icon - - +o Make sure the 'Run Minimized' option is set in program 'Properties' - - +o Change the command line section that reads \sambahost to reflect - the name of your server. - - +o Close the properties dialog box by choosing 'OK' - - Each time you start your computer (or login for Win95) your PC will - synchronize its clock with your Samba server. - - Alternativley, if you clients support Domain Logons, you can setup - Domain Logons with Samba - see: BROWSING.txt - <ftp://samba.org/pub/samba/docs/BROWSING.txt> *** for more - information. - - Then add - - - NET TIME \\%L /SET /YES - - - - - as one of the lines in the logon script. - - 33..44.. PPrroobblleemmss wwiitthh WWiinnDDDD,, NNTTrriigguuee,, WWiinnCCeenntteerrPPrroo eettcc - - - All of the above programs are applications that sit on an NT box and - allow multiple users to access the NT GUI applications from remote - workstations (often over X). - - What has this got to do with Samba? The problem comes when these users - use filemanager to mount shares from a Samba server. The most common - symptom is that the first user to connect get correct file permissions - and has a nice day, but subsequent connections get logged in as the - same user as the first person to login. They find that they cannot - access files in their own home directory, but that they can access - files in the first users home directory (maybe not such a nice day - after all?) - - Why does this happen? The above products all share a common heritage - (and code base I believe). They all open just a single TCP based SMB - connection to the Samba server, and requests from all users are piped - over this connection. This is unfortunate, but not fatal. - - It means that if you run your Samba server in share level security - (the default) then things will definately break as described above. - The share level SMB security model has no provision for multiple user - IDs on the one SMB connection. See security_level.txt - <ftp://samba.org/pub/samba/docs/security_level.txt> in the docs - for more info on share/user/server level security. - - If you run in user or server level security then you have a chance, - but only if you have a recent version of Samba (at least 1.9.15p6). In - older versions bugs in Samba meant you still would have had problems. - - If you have a trapdoor uid system in your OS then it will never work - properly. Samba needs to be able to switch uids on the connection and - it can't if your OS has a trapdoor uid system. You'll know this - because Samba will note it in your logs. - - Also note that you should not use the magic "homes" share name with - products like these, as otherwise all users will end up with the same - home directory. Use \serversername instead. - - - 33..55.. PPrroobblleemm wwiitthh pprriinntteerrss uunnddeerr NNTT - - - This info from Stefan Hergeth hergeth@f7axp1.informatik.fh-muenchen.de - may be useful: - - A network-printer (with ethernetcard) is connected to the NT-Clients - via our UNIX-Fileserver (SAMBA-Server), like the configuration told by - Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) - - 1. If a user has choosen this printer as the default printer in his - NT-Session and this printer is not connected to the network (e.g. - switched off) than this user has a problem with the SAMBA- - connection of his filesystems. It's very slow. - - 2. If the printer is connected to the network everything works fine. - - 3. When the smbd ist started with debug level 3, you can see that the - NT spooling system try to connect to the printer many times. If the - printer ist not connected to the network this request fails and the - NT spooler is wasting a lot of time to connect to the printer - service. This seems to be the reason for the slow network - connection. - - 4. Maybe it's possible to change this behaviour by setting different - printer properties in the Print-Manager-Menu of NT, but i didn't - try it yet. - - - 33..66.. WWhhyy aarree mmyy ffiillee''ss ttiimmeessttaammppss ooffff bbyy aann hhoouurr,, oorr bbyy aa ffeeww hhoouurrss?? - - - This is from Paul Eggert eggert@twinsun.com. - - Most likely it's a problem with your time zone settings. - - Internally, Samba maintains time in traditional Unix format, namely, - the number of seconds since 1970-01-01 00:00:00 Universal Time (or - ``GMT''), not counting leap seconds. - - On the server side, Samba uses the Unix TZ variable to convert - internal timestamps to and from local time. So on the server side, - there are two things to get right. - - 1. The Unix system clock must have the correct Universal time. Use - the shell command "sh -c 'TZ=UTC0 date'" to check this. - - 2. The TZ environment variable must be set on the server before Samba - is invoked. The details of this depend on the server OS, but - typically you must edit a file whose name is /etc/TIMEZONE or - /etc/default/init, or run the command `zic -l'. - - 3. TZ must have the correct value. - - a. If possible, use geographical time zone settings (e.g. - TZ='America/Los_Angeles' or perhaps TZ=':US/Pacific'). These - are supported by most popular Unix OSes, are easier to get - right, and are more accurate for historical timestamps. If your - operating system has out-of-date tables, you should be able to - update them from the public domain time zone tables at - <ftp://elsie.nci.nih.gov/pub/>. - - b. If your system does not support geographical timezone settings, - you must use a Posix-style TZ strings, e.g. - TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. Posix TZ - strings can take the following form (with optional items in - brackets): - - StdOffset[Dst[Offset],Date/Time,Date/Time] - - - where: - - +o `Std' is the standard time designation (e.g. `PST'). - - +o `Offset' is the number of hours behind UTC (e.g. `8'). Prepend - a `-' if you are ahead of UTC, and append `:30' if you are at a - half-hour offset. Omit all the remaining items if you do not - use daylight-saving time. - - +o `Dst' is the daylight-saving time designation (e.g. `PDT'). - - The optional second `Offset' is the number of hours that - daylight-saving time is behind UTC. The default is 1 hour ahead - of standard time. - - +o `Date/Time,Date/Time' specify when daylight-saving time starts - and ends. The format for a date is `Mm.n.d', which specifies - the dth day (0 is Sunday) of the nth week of the mth month, - where week 5 means the last such day in the month. The format - for a time is hh:mm[:ss], using a 24-hour clock. - - Other Posix string formats are allowed but you don't want to - know about them. - - On the client side, you must make sure that your client's clock and - time zone is also set appropriately. [I don't know how to do - this.] Samba traditionally has had many problems dealing with time - zones, due to the bizarre ways that Microsoft network protocols - handle time zones. A common symptom is for file timestamps to be - off by an hour. To work around the problem, try disconnecting from - your Samba server and then reconnecting to it; or upgrade your - Samba server to 1.9.16alpha10 or later. - - - 33..77.. HHooww ddoo II sseett tthhee pprriinntteerr ddrriivveerr nnaammee ccoorrrreeccttllyy?? - - - Question: On NT, I opened "Printer Manager" and "Connect to Printer". - Enter "\ptdi270s1" - in the box of printer. I got the following error message: - - - You do not have sufficient access to your machine - to connect to the selected printer, since a driver - needs to be installed locally. - - - - - Answer: - - In the more recent versions of Samba you can now set the "printer - driver" in smb.conf. This tells the client what driver to use. For - example: - - - printer driver = HP LaserJet 4L - - - - - with this, NT knows to use the right driver. You have to get this - string exactly right. - - To find the exact string to use, you need to get to the dialog box in - your client where you select which printer driver to install. The - correct strings for all the different printers are shown in a listbox - in that dialog box. - - You could also try setting the driver to NULL like this: - - - printer driver = NULL - - - - - this is effectively what older versions of Samba did, so if that - worked for you then give it a go. If this does work then let us know - via samba@samba.org, and we'll make it the default. Cur- - rently the default is a 0 length string. - - - 33..88.. II''vvee aapppplliieedd NNTT 44..00 SSPP33,, aanndd nnooww II ccaann''tt aacccceessss SSaammbbaa sshhaarreess,, - WWhhyy?? - - - As of SP3, Microsoft has decided that they will no longer default to - passing clear text passwords over the network. To enable access to - Samba shares from NT 4.0 SP3, you must do OONNEE of two things: - - 1. Set the Samba configuration option 'security = user' and implement - all of the stuff detailed in ENCRYPTION.txt - <ftp://samba.org/pub/samba/docs/ENCRYPTION.txt>. - - 2. Follow Microsoft's directions for setting your NT box to allow - plain text passwords. see Knowledge Base Article Q166730 - <http://www.microsoft.com/kb/articles/q166/7/30.htm> - - - 44.. SSppeecciiffiicc cclliieenntt aapppplliiccaattiioonn pprroobblleemmss - - - - - 44..11.. MMSS OOffffiiccee SSeettuupp rreeppoorrttss ""CCaannnnoott cchhaannggee pprrooppeerrttiieess ooff ''MMSSOOFF-- - FFIICCEEUUPP..IINNII''"" - - - When installing MS Office on a Samba drive for which you have admin - user permissions, ie. admin users = username, you will find the setup - program unable to complete the installation. - - To get around this problem, do the installation without admin user - permissions The problem is that MS Office Setup checks that a file is - rdonly by trying to open it for writing. - - Admin users can always open a file for writing, as they run as root. - You just have to install as a non-admin user and then use "chown -R" - to fix the owner. - - - 55.. MMiisscceellllaanneeoouuss - - - - 55..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt?? - - - The CIFS protocol that Samba implements negotiates times in various - formats, all of which are able to cope with dates beyond 2000. - - - - - - - - - - - - - - - - - - -- cgit From 71c116647207c582489b5c7f0667f70e1da498ff Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij <jelmer@samba.org> Date: Wed, 2 Oct 2002 19:35:07 +0000 Subject: Add htmlfaq to Makefile Fix syntax errors in FAQ (This used to be commit e538e5005faf2a447d101d9a872872206ac1e16c) --- docs/docbook/Makefile.in | 9 +++++++-- docs/docbook/faq/sambafaq.sgml | 25 ++++++++++++++++--------- 2 files changed, 23 insertions(+), 11 deletions(-) (limited to 'docs') diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index 04e1fe87c4..654df30fc1 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -45,6 +45,8 @@ PERL = @PERL@ PSDIR = .. PDFDIR = .. TXTDIR = ../textdocs +FAQPROJDOC = faq/ +FAQDIR = ../faq MANPAGES=$(patsubst %,$(MANDIR)/%,$(MANPAGES_NAMES)) MANPAGES_HTML=$(patsubst %,$(HTMLDIR)/%.html,$(MANPAGES_NAMES)) @@ -59,9 +61,10 @@ all: @echo "html - Build HTML version of HOWTO Collection" @echo "htmlman - Build html version of manpages" @echo "txt - Build plain text version of HOWTO Collection" + @echo "htmlfaq - Build html version of the FAQ" @echo "everything - Build all of the above" -everything: manpages ps pdf html-single html htmlman txt +everything: manpages ps pdf html-single html htmlman txt htmlfaq # Global rules @@ -70,9 +73,11 @@ pdf: $(PDFDIR)/Samba-HOWTO-Collection.pdf ../Samba-Developers-Guide.pdf ps: $(PSDIR)/Samba-HOWTO-Collection.ps ../Samba-Developers-Guide.ps txt: $(TXTDIR)/Samba-HOWTO-Collection.txt $(TXTDIR)/Samba-Developers-Guide.txt htmlman: $(MANPAGES_HTML) +htmlfaq: + $(DOCBOOK2HTML) -d samba.dsl -o $(FAQDIR) $(FAQPROJDOC)/sambafaq.sgml html-single: $(HTMLDIR)/Samba-HOWTO-Collection.html $(HTMLDIR)/Samba-Developers-Guide.html html: - $(DOCBOOK2HTML) -d samba.dsl -o $(HTMLDIR) projdoc/samba-doc.sgml + $(DOCBOOK2HTML) -d samba.dsl -o $(HTMLDIR) $(PROJDOC)/samba-doc.sgml # Text files diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml index 003db97aca..33d9c8dada 100644 --- a/docs/docbook/faq/sambafaq.sgml +++ b/docs/docbook/faq/sambafaq.sgml @@ -1,15 +1,15 @@ <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> <book id="sambafaq"> +<title>Samba FAQ Samba Team October 2002 -Samba FAQ - -<abstract> +<dedication> +<para> This is the Frequently Asked Questions (FAQ) document for Samba, the free and very popular SMB server product. An SMB server allows file and printer connections from clients such as Windows, @@ -17,13 +17,14 @@ OS/2, Linux and others. Current to version 3.0. Please send any corrections to the samba documentation mailinglist at <ulink url="mailto:samba-doc@samba.org">samba-doc@samba.org</ulink>. This FAQ is based on the old Samba FAQ by Dan Shearer and Paul Blackman. -</abstract> +</para> +</dedication> <chapter> <title>General Information -Where can I get it?

SAMBA Project Documentation

SAMBA Project Documentation

SAMBA Team

SAMBA Team

Abstract

Abstract

Last Update : Thu Aug 15 12:48:45 CDT 2002

This book is a collection of HOWTOs added to Samba documentation over the years. @@ -68,34 +78,34 @@ CLASS="TOC" >Table of Contents

1. How to Install and Test SAMBA
1.1. Step 0: Read the man pages
1.2. Step 1: Building the Binaries
1.3. Step 2: The all important step
1.4. Step 3: Create the smb configuration file.
1.5. Step 4: Test your config file with
1.6. Step 5: Starting the smbd and nmbd
1.6.1. Step 5a: Starting from inetd.conf
1.6.2. Step 5b. Alternative: starting it as a daemon
1.7. Step 6: Try listing the shares available on your server
1.8. Step 7: Try connecting with the unix client
1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client
1.10. What If Things Don't Work?
1.10.1. Diagnosing Problems
1.10.2. Scope IDs
1.10.3. Choosing the Protocol Level
1.10.4. Printing from UNIX to a Client PC
1.10.5. Locking
1.10.6. Mapping Usernames
2. Diagnosing your samba server
2.1. Introduction
2.2. Assumptions
2.3. Tests
2.3.1. Test 1
2.3.2. Test 2
2.3.3. Test 3
2.3.4. Test 4
2.3.5. Test 5
2.3.6. Test 6
2.3.7. Test 7
2.3.8. Test 8
2.3.9. Test 9
2.3.10. Test 10
2.3.11. Test 11
2.4. Still having troubles?
3. Integrating MS Windows networks with Samba
3.1. Agenda
3.2. Name Resolution in a pure Unix/Linux world
3.2.1. /etc/hosts
3.2.2. /etc/resolv.conf
3.2.3. /etc/host.conf
3.2.4. /etc/nsswitch.conf
3.3. Name resolution as used within MS Windows networking
3.3.1. The NetBIOS Name Cache
3.3.2. The LMHOSTS file
3.3.3. HOSTS file
3.3.4. DNS Lookup
3.3.5. WINS Lookup
3.4. How browsing functions and how to deploy stable and dependable browsing using Samba
3.5. MS Windows security options and how to configure Samba for seemless integration
3.5.1. Use MS Windows NT as an authentication server
3.5.2. Make Samba a member of an MS Windows NT security domain
3.5.3. Configure Samba as an authentication server
3.6. Conclusions
4. Configuring PAM for distributed but centrally managed authentication
4.1. Samba and PAM
4.2. Distributed Authentication
4.3. PAM Configuration in smb.conf
5. Hosting a Microsoft Distributed File System tree on Samba
5.1. Instructions
5.1.1. Notes
6. UNIX Permission Bits and Windows NT Access Control Lists
6.1. Viewing and changing UNIX permissions using the NT security dialogs
6.2. How to view file security on a Samba share
6.3. Viewing file ownership
6.4. Viewing file or directory permissions
6.4.1. File Permissions
6.4.2. Directory Permissions
6.5. Modifying file or directory permissions
6.6. Interaction with the standard Samba create mask parameters
6.7. Interaction with the standard Samba file attribute mapping
7. Printing Support in Samba 2.2.x
7.1. Introduction
7.2. Configuration
7.2.1. Creating [print$]
7.2.2. Setting Drivers for Existing Printers
7.2.3. Support a large number of printers
7.2.4. Adding New Printers via the Windows NT APW
7.2.5. Samba and Printer Ports
7.3. The Imprints Toolset
7.3.1. What is Imprints?
7.3.2. Creating Printer Driver Packages
7.3.3. The Imprints server
7.3.4. The Installation Client
7.4.
8. Debugging Printing Problems
8.1. Introduction
8.2. Debugging printer problems
8.3. What printers do I have?
8.4. Setting up printcap and print servers
8.5. Job sent, no output
8.6. Job sent, strange output
8.7. Raw PostScript printed
8.8. Advanced Printing
8.9. Real debugging
9. Security levels
9.1. Introduction
9.2. More complete description of security levels
10. security = domain in Samba 2.x
10.1. Joining an NT Domain with Samba 2.2
10.2. Samba and Windows 2000 Domains
10.3. Why is this better than security = server?
11. Unified Logons between Windows NT and UNIX using Winbind
11.1. Abstract
11.2. Introduction
11.3. What Winbind Provides
11.3.1. Target Uses
11.4. How Winbind Works
11.4.1. Microsoft Remote Procedure Calls
11.4.2. Name Service Switch
11.4.3. Pluggable Authentication Modules
11.4.4. User and Group ID Allocation
11.4.5. Result Caching
11.5. Installation and Configuration
11.5.1. Introduction
11.5.2. Requirements
11.5.3. Testing Things Out
11.6. Limitations
11.7. Conclusion
12. How to Configure Samba 2.2 as a Primary Domain Controller
12.1. Prerequisite Reading
12.2. Background
12.3. Configuring the Samba Domain Controller
12.4. Creating Machine Trust Accounts and Joining Clients to the Domain
12.4.1. Manual Creation of Machine Trust Accounts
12.4.2. "On-the-Fly" Creation of Machine Trust Accounts
12.4.3. Joining the Client to the Domain
12.5. Common Problems and Errors
12.6. System Policies and Profiles
12.7. What other help can I get?
12.8. Domain Control for Windows 9x/ME
12.8.1. Configuration Instructions: Network Logons
12.8.2. Configuration Instructions: Setting up Roaming User Profiles
12.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
13.1. Prerequisite Reading
13.2. Background
13.3. What qualifies a Domain Controller on the network?
13.3.1. How does a Workstation find its domain controller?
13.3.2. When is the PDC needed?
13.4. Can Samba be a Backup Domain Controller?
13.5. How do I set up a Samba BDC?
13.5.1. How do I replicate the smbpasswd file?
14. Storing Samba's User/Machine Account information in an LDAP Directory
14.1. Purpose
14.2. Introduction
14.3. Supported LDAP Servers
14.4. Schema and Relationship to the RFC 2307 posixAccount
14.5. Configuring Samba with LDAP
14.5.1. OpenLDAP configuration
14.5.2. Configuring Samba
14.6. Accounts and Groups management
14.7. Security and sambaAccount
14.8. LDAP specials attributes for sambaAccounts
14.9. Example LDIF Entries for a sambaAccount
14.10. Comments
15. Using samba 3.0 with ActiveDirectory support
15.1. Installing the required packages for Debian
15.2. Installing the required packages for RedHat
15.3. Compile Samba
15.4. Setup your /etc/krb5.conf
15.5. Create the computer account
15.5.1. Possible errors
15.6. Test your server setup
15.7. Testing with smbclient
15.8. Notes
16. Improved browsing in samba
16.1. Overview of browsing
16.2. Browsing support in samba
16.3. Problem resolution
16.4. Browsing across subnets
16.4.1. How does cross subnet browsing work ?
16.5. Setting up a WINS server
16.6. Setting up Browsing in a WORKGROUP
16.7. Setting up Browsing in a DOMAIN
16.8. Forcing samba to be the master
16.9. Making samba the domain master
16.10. Note about broadcast addresses
16.11. Multiple interfaces
17. Samba performance issues
17.1. Comparisons
17.2. Oplocks
17.2.1. Overview
17.2.2. Level2 Oplocks
17.2.3. Old 'fake oplocks' option - deprecated
17.3. Socket options
17.4. Read size
17.5. Max xmit
17.6. Locking
17.7. Share modes
17.8. Log level
17.9. Wide lines
17.10. Read raw
17.11. Write raw
17.12. Read prediction
17.13. Memory mapping
17.14. Slow Clients
17.15. Slow Logins
17.16. Client tuning
17.17. My Results
18. Samba and other CIFS clients
18.1. Macintosh clients?
18.2. OS2 Client
18.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
18.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
18.2.3. Are there any other issues when OS/2 (any version) is used as a client?
18.2.4. How do I get printer driver download working for OS/2 clients?
18.3. Windows for Workgroups
18.3.1. Use latest TCP/IP stack from Microsoft
18.3.2. Delete .pwl files after password change
18.3.3. Configure WfW password handling
18.3.4. Case handling of passwords
18.4. Windows '95/'98
18.5. Windows 2000 Service Pack 2
19. HOWTO Access Samba source code via CVS
19.1. Introduction
19.2. CVS Access to samba.org
19.2.1. Access via CVSweb
19.2.2. Access via cvs
20. Reporting Bugs
20.1. Introduction
20.2. General info
20.3. Debug levels
20.4. Internal errors
20.5. Attaching to a running process
20.6. Patches
21. Group mapping HOWTO
22. Portability
22.1. HPUX
22.2. SCO Unix
22.3. DNIX

How to Install and Test SAMBA

Chapter 1. How to Install and Test SAMBA

Step 0: Read the man pages

1.1. Step 0: Read the man pages

The man pages distributed with SAMBA contain lots of useful info that will help to get you started. @@ -1418,7 +1490,9 @@ CLASS="SECT1" >

Step 1: Building the Binaries

1.2. Step 1: Building the Binaries

To do this, first run the program

Step 2: The all important step

1.3. Step 2: The all important step

At this stage you must fetch yourself a coffee or other drink you find stimulating. Getting the rest @@ -1530,7 +1606,9 @@ CLASS="SECT1" >

Step 3: Create the smb configuration file.

1.4. Step 3: Create the smb configuration file.

There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them @@ -1540,12 +1618,6 @@ NAME="AEN60">Step 3: Create the smb configuration file.The simplest useful configuration file would be something like this:

	[global]
@@ -1555,9 +1627,6 @@ CLASS="PROGRAMLISTING"
 	      guest ok = no
 	      read only = no

which would allow connections by anyone with an @@ -1593,7 +1662,9 @@ CLASS="SECT1" >

Step 4: Test your config file with +NAME="AEN74" +>1.5. Step 4: Test your config file with testparm

Step 5: Starting the smbd and nmbd

1.6. Step 5: Starting the smbd and nmbd

You must choose to start smbd and nmbd either as daemons or from

Step 5a: Starting from inetd.conf

1.6.1. Step 5a: Starting from inetd.conf

NOTE; The following will be different if you use NIS or NIS+ to distributed services maps.

and add two lines something like this:

		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
 		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd

The exact syntax of

Step 5b. Alternative: starting it as a daemon

1.6.2. Step 5b. Alternative: starting it as a daemon

To start the server as a daemon you should create a script something like this one, perhaps calling @@ -1773,21 +1841,12 @@ CLASS="FILENAME" >startsmb.

		#!/bin/sh
 		/usr/local/samba/bin/smbd -D 
 		/usr/local/samba/bin/nmbd -D

then make it executable with

Step 6: Try listing the shares available on your +NAME="AEN135" +>1.7. Step 6: Try listing the shares available on your server

Step 7: Try connecting with the unix client

1.8. Step 7: Try connecting with the unix client

Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, +NAME="AEN160" +>1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client

Try mounting disks. eg:

What If Things Don't Work?

1.10. What If Things Don't Work?

If nothing works and you start to think "who wrote this pile of trash" then I suggest you do step 2 again (and @@ -1996,7 +2063,9 @@ CLASS="SECT2" >

Diagnosing Problems

1.10.1. Diagnosing Problems

If you have installation problems then go to

Scope IDs

1.10.2. Scope IDs

By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. @@ -2024,7 +2095,9 @@ CLASS="SECT2" >

Choosing the Protocol Level

1.10.3. Choosing the Protocol Level

The SMB protocol has many dialects. Currently Samba supports 5, called CORE, COREPLUS, LANMAN1, @@ -2063,7 +2136,9 @@ CLASS="SECT2" >

Printing from UNIX to a Client PC

1.10.4. Printing from UNIX to a Client PC

To use a printer that is available via a smb-based server from a unix host with LPR you will need to compile the @@ -2082,7 +2157,9 @@ CLASS="SECT2" >

Locking

1.10.5. Locking

One area which sometimes causes trouble is locking.

Mapping Usernames

1.10.6. Mapping Usernames

If you have different usernames on the PCs and the unix server then take a look at the "username map" option. @@ -2152,13 +2231,17 @@ NAME="AEN209">Mapping Usernames

Diagnosing your samba server

Chapter 2. Diagnosing your samba server

Introduction

2.1. Introduction

This file contains a list of tests you can perform to validate your Samba server. It also tells you what the likely cause of the problem @@ -2178,7 +2261,9 @@ CLASS="SECT1" >

Assumptions

2.2. Assumptions

In all of the tests I assume you have a Samba server called BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the @@ -2192,21 +2277,12 @@ microsoft tcp/ip stack. Alternatively, your PC may be running Windows smb.conf. I will assume this share is called "tmp". You can add a "tmp" share like by adding the following to smb.conf:


[tmp]
  comment = temporary files 
  path = /tmp
  read only = yes

THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME @@ -2226,13 +2302,17 @@ CLASS="SECT1" >

Tests

2.3. Tests

Test 1

2.3.1. Test 1

In the directory in which you store your smb.conf file, run the command "testparm smb.conf". If it reports any errors then your smb.conf @@ -2252,7 +2332,9 @@ CLASS="SECT2" >

Test 2

2.3.2. Test 2

Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from the unix box. If you don't get a valid response then your TCP/IP @@ -2276,7 +2358,9 @@ CLASS="SECT2" >

Test 3

2.3.3. Test 3

Run the command "smbclient -L BIGSERVER" on the unix box. You should get a list of available shares back. 

	hosts deny = ALL
 	hosts allow = xxx.xxx.xxx.xxx/yy
 	bind interfaces only = Yes

In the above, no allowance has been made for any session requests that will automatically translate to the loopback adaptor address 127.0.0.1. To solve this problem change these lines to:

	hosts deny = ALL
 	hosts allow = xxx.xxx.xxx.xxx/yy 127.

Do NOT use the "bind interfaces only" parameter where you may wish to @@ -2363,7 +2429,9 @@ CLASS="SECT2" >

Test 4

2.3.4. Test 4

Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the IP address of your Samba server back.

Test 5

2.3.5. Test 5

run the command

Test 6

2.3.6. Test 6

Run the command

Test 7

2.3.7. Test 7

Run the command . You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with -another account then add the -U >accountname< option to the end of +another account then add the -U >accountname< option to the end of the command line. eg: etc. Type help >command<help >command< for instructions. You should especially check that the amount of free disk space shown is correct when you type

Test 8

2.3.8. Test 8

On the PC type the command

Test 9

2.3.9. Test 9

Run the command

It might also be the case that your client only sends encrypted passwords +and you have encrypt passwords = no in smb.conf. +Turn it back on to fix.

Test 10

2.3.10. Test 10

Run the command

Test 11

2.3.11. Test 11

From file manager try to browse the server. Your samba server should appear in the browse list of your local workgroup (or the one you @@ -2650,7 +2742,9 @@ CLASS="SECT1" >

Still having troubles?

2.4. Still having troubles?

Try the mailing list or newsgroup, or use the ethereal utility to sniff the problem. The official samba mailing list can be reached at @@ -2674,13 +2768,17 @@ TARGET="_top" CLASS="CHAPTER" >

Integrating MS Windows networks with Samba

Chapter 3. Integrating MS Windows networks with Samba

Agenda

3.1. Agenda

To identify the key functional mechanisms of MS Windows networking to enable the deployment of Samba as a means of extending and/or @@ -2745,7 +2843,9 @@ CLASS="SECT1" >

Name Resolution in a pure Unix/Linux world

3.2. Name Resolution in a pure Unix/Linux world

The key configuration files covered in this section are:

3.2.1. /etc/hosts

Contains a static list of IP Addresses and names. eg:

	127.0.0.1	localhost localhost.localdomain
 	192.168.1.1	bigbox.caldera.com	bigbox	alias4box

The purpose of

3.2.2. /etc/resolv.conf

3.2.3. /etc/host.conf

	order hosts,bind
 	multi on

then both addresses should be returned. Please refer to the @@ -2945,7 +3033,9 @@ CLASS="SECT2" >

3.2.4. /etc/nsswitch.conf

This file controls the actual name resolution targets. The file typically has resolver object specifications as follows:

	# /etc/nsswitch.conf
@@ -2981,9 +3065,6 @@ CLASS="PROGRAMLISTING"
 	protocols:	nis files
 	rpc:		nis files
 	services:	nis files

Of course, each of these mechanisms requires that the appropriate @@ -3021,7 +3102,9 @@ CLASS="SECT1" >

Name resolution as used within MS Windows networking

3.3. Name resolution as used within MS Windows networking

MS Windows networking is predicated about the name each machine is given. This name is known variously (and inconsistently) as @@ -3038,12 +3121,6 @@ the client/server.

The following are typical NetBIOS name/service type registrations:

	Unique NetBIOS Names:
@@ -3057,9 +3134,6 @@ CLASS="PROGRAMLISTING"
 		WORKGROUP<1c> = Domain Controllers / Netlogon Servers
 		WORKGROUP<1d> = Local Master Browsers
 		WORKGROUP<1e> = Internet Name Resolvers

It should be noted that all NetBIOS machines register their own @@ -3113,7 +3187,9 @@ CLASS="SECT2" >

The NetBIOS Name Cache

3.3.1. The NetBIOS Name Cache

All MS Windows machines employ an in memory buffer in which is stored the NetBIOS names and IP addresses for all external @@ -3138,7 +3214,9 @@ CLASS="SECT2" >

The LMHOSTS file

3.3.2. The LMHOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in

It typically looks like:

	# Copyright (c) 1998 Microsoft Corp.
@@ -3179,8 +3251,8 @@ CLASS="PROGRAMLISTING"
 	# files and offers the following extensions:
 	#
 	#      #PRE
-	#      #DOM:<domain>
-	#      #INCLUDE <filename>
+	#      #DOM:<domain>
+	#      #INCLUDE <filename>
 	#      #BEGIN_ALTERNATE
 	#      #END_ALTERNATE
 	#      \0xnn (non-printing character support)
@@ -3189,16 +3261,16 @@ CLASS="PROGRAMLISTING"
 	# the entry to be preloaded into the name cache. By default, entries are
 	# not preloaded, but are parsed only after dynamic name resolution fails.
 	#
-	# Following an entry with the "#DOM:<domain>" tag will associate the
-	# entry with the domain specified by <domain>. This affects how the
+	# Following an entry with the "#DOM:<domain>" tag will associate the
+	# entry with the domain specified by <domain>. This affects how the
 	# browser and logon services behave in TCP/IP environments. To preload
 	# the host name associated with #DOM entry, it is necessary to also add a
-	# #PRE to the line. The <domain> is always preloaded although it will not
+	# #PRE to the line. The <domain> is always preloaded although it will not
 	# be shown when the name cache is viewed.
 	#
-	# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
-	# software to seek the specified <filename> and parse it as if it were
-	# local. <filename> is generally a UNC-based name, allowing a
+	# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
+	# software to seek the specified <filename> and parse it as if it were
+	# local. <filename> is generally a UNC-based name, allowing a
 	# centralized lmhosts file to be maintained on a server.
 	# It is ALWAYS necessary to provide a mapping for the IP address of the
 	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
@@ -3238,9 +3310,6 @@ CLASS="PROGRAMLISTING"
 	# so keeping the number of comments to a minimum will improve performance.
 	# Therefore it is not advisable to simply add lmhosts file entries onto the
 	# end of this file.

HOSTS file

3.3.3. HOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in

DNS Lookup

3.3.4. DNS Lookup

This capability is configured in the TCP/IP setup area in the network configuration facility. If enabled an elaborate name resolution sequence @@ -3286,7 +3359,9 @@ CLASS="SECT2" >

WINS Lookup

3.3.5. WINS Lookup

A WINS (Windows Internet Name Server) service is the equivaent of the rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores @@ -3299,36 +3374,18 @@ CLASS="FILENAME" >smb.conf file:

	wins support = Yes

To configure Samba to use a WINS server the following parameters are needed in the smb.conf file:

	wins support = No
 	wins server = xxx.xxx.xxx.xxx

where

How browsing functions and how to deploy stable and +NAME="AEN495" +>3.4. How browsing functions and how to deploy stable and dependable browsing using Samba

As stated above, MS Windows machines register their NetBIOS names @@ -3410,7 +3469,9 @@ CLASS="SECT1" >

MS Windows security options and how to configure +NAME="AEN505" +>3.5. MS Windows security options and how to configure Samba for seemless integration

MS Windows clients may use encrypted passwords as part of a @@ -3474,12 +3535,6 @@ issue of Windows 9x client upper casing usernames and password before transmitting them to the SMB server when using clear text authentication.

	integer

By default Samba will lower case the username before attempting @@ -3527,9 +3579,12 @@ CLASS="PARAMETER" >password level must be set to the maximum -number of upper case letter which could appear is a password. Note that is the server OS uses the traditional DES version of crypt(), then a

Use MS Windows NT as an authentication server

3.5.1. Use MS Windows NT as an authentication server

This method involves the additions of the following parameters in the smb.conf file:

	encrypt passwords = Yes
 	security = server
 	password server = "NetBIOS_name_of_PDC"

There are two ways of identifying whether or not a username and @@ -3594,25 +3642,18 @@ CLASS="SECT2" >

Make Samba a member of an MS Windows NT security domain

3.5.2. Make Samba a member of an MS Windows NT security domain

This method involves additon of the following paramters in the smb.conf file:

	encrypt passwords = Yes
 	security = domain
 	workgroup = "name of NT domain"
 	password server = *

The use of the "*" argument to "password server" will cause samba @@ -3664,7 +3705,9 @@ CLASS="SECT2" >

Configure Samba as an authentication server

3.5.3. Configure Samba as an authentication server

This mode of authentication demands that there be on the Unix/Linux system both a Unix style account as well as an @@ -3675,12 +3718,6 @@ used for SMB client authentication.

This method involves addition of the following parameters to the smb.conf file:

## please refer to the Samba PDC HOWTO chapter later in 
@@ -3695,9 +3732,6 @@ CLASS="PROGRAMLISTING"
 [NETLOGON]
 	path = /somewhare/in/file/system
 	read only = yes

in order for this method to work a Unix system account needs @@ -3708,29 +3742,22 @@ CLASS="SECT3" >

Users

3.5.3.1. Users

A user account that may provide a home directory should be created. The following Linux system commands are typical of the procedure for creating an account.

	# useradd -s /bin/bash -d /home/"userid" -m "userid"
 	# passwd "userid"
-	  Enter Password: <pw>
+	  Enter Password: <pw>
 	  
 	# smbpasswd -a "userid"
-	  Enter Password: <pw>

MS Windows NT Machine Accounts

3.5.3.2. MS Windows NT Machine Accounts

These are required only when Samba is used as a domain controller. Refer to the Samba-PDC-HOWTO for more details.

	# useradd -s /bin/false -d /dev/null "machine_name"\$
 	# passwd -l "machine_name"\$
 	# smbpasswd -a -m "machine_name"

Conclusions

3.6. Conclusions

Samba provides a flexible means to operate as...

Conclusions

Configuring PAM for distributed but centrally +NAME="PAM" +>Chapter 4. Configuring PAM for distributed but centrally managed authentication

Samba and PAM

4.1. Samba and PAM

A number of Unix systems (eg: Sun Solaris), as well as the xxxxBSD family and Linux, now utilize the Pluggable Authentication @@ -3855,12 +3881,6 @@ CLASS="FILENAME" >pam_pwdb.so.

#%PAM-1.0
@@ -3877,20 +3897,11 @@ session		required	pam_pwdb.so
 # session 	optional	pam_lastlog.so
 # password   	required   	pam_cracklib.so retry=3
 password	required	pam_pwdb.so shadow md5

PAM allows use of replacable modules. Those available on a sample system include:

$ /bin/ls /lib/security
@@ -3906,9 +3917,6 @@ pam_env.so       pam_ldap.so         pam_motd.so
 pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
 pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
 pam_userdb.so    pam_warn.so         pam_unix_session.so

The following example for the login program replaces the use of @@ -3969,12 +3977,6 @@ CLASS="FILENAME" > directory of the Samba source distribution.

#%PAM-1.0
@@ -3984,9 +3986,6 @@ auth		required	pam_smbpass.so nodelay
 account		required	pam_smbpass.so nodelay
 session		required	pam_smbpass.so nodelay
 password	required	pam_smbpass.so nodelay

The following is the PAM configuration file for a particular @@ -3995,12 +3994,6 @@ CLASS="FILENAME" >pam_pwdb.so.

#%PAM-1.0
@@ -4010,9 +4003,6 @@ auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
 account    required     /lib/security/pam_pwdb.so audit nodelay
 session    required     /lib/security/pam_pwdb.so nodelay
 password   required     /lib/security/pam_pwdb.so shadow md5

In the following example the decision has been made to use the @@ -4021,12 +4011,6 @@ decision could also be made for the passwd program and would thus allow the smbpasswd passwords to be changed using the passwd program.

#%PAM-1.0
@@ -4036,9 +4020,6 @@ auth       required     /lib/security/pam_smbpass.so nodelay
 account    required     /lib/security/pam_pwdb.so audit nodelay
 session    required     /lib/security/pam_pwdb.so nodelay
 password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf

Note: PAM allows stacking of authentication mechanisms. It is @@ -4064,7 +4045,9 @@ CLASS="SECT1" >

Distributed Authentication

4.2. Distributed Authentication

The astute administrator will realize from this that the combination of

PAM Configuration in smb.conf

4.3. PAM Configuration in smb.conf

There is an option in smb.conf called

Hosting a Microsoft Distributed File System tree on Samba

Chapter 5. Hosting a Microsoft Distributed File System tree on Samba

Instructions

5.1. Instructions

The Distributed File System (or Dfs) provides a means of separating the logical view of files and directories that users @@ -4190,7 +4179,7 @@ CLASS="PARAMETER" to other servers. For example, a symbolic link junction->msdfs:storage1\share1junction->msdfs:storage1\share1 in the share directory acts as the Dfs junction. When Dfs-aware clients attempt to access the junction link, they are redirected @@ -4202,12 +4191,6 @@ CLASS="FILENAME" >Here's an example of setting up a Dfs tree on a Samba server.

# The smb.conf file:
@@ -4219,9 +4202,6 @@ CLASS="PROGRAMLISTING"
 	path = /export/dfsroot
 	msdfs root = yes

In the /export/dfsroot directory we set up our dfs links to @@ -4294,7 +4274,9 @@ CLASS="SECT2" >

Notes

5.1.1. Notes

    Notes

    UNIX Permission Bits and Windows NT Access Control Lists

    Chapter 6. UNIX Permission Bits and Windows NT Access Control Lists

    Viewing and changing UNIX permissions using the NT +NAME="AEN722" +>6.1. Viewing and changing UNIX permissions using the NT security dialogs

    New in the Samba 2.0.4 release is the ability for Windows @@ -4368,35 +4354,55 @@ CLASS="SECT1" >

    How to view file security on a Samba share

    6.2. How to view file security on a Samba share

    From an NT 4.0 client, single-click with the right mouse button on any file or directory in a Samba mounted drive letter or UNC path. When the menu pops-up, click - on the Properties entry at the bottom of the menu. This brings up the normal file properties dialog box, but with Samba 2.0.4 this will have a new tab along the top - marked Security. Click on this tab and you - will see three buttons, Permissions, - Auditing, and , and Ownership. - The Auditing button will cause either an error message

    Viewing file ownership

    6.3. Viewing file ownership

    Clicking on the root user. As clicking on this button causes NT to attempt to change the ownership of a file to the current user logged into the NT @@ -4492,10 +4503,13 @@ CLASS="EMPHASIS" and allow a user with Administrator privilege connected to a Samba 2.0.4 server as root to change the ownership of files on both a local NTFS filesystem or remote mounted NTFS - or Samba drive. This is available as part of the Seclib NT security library written by Jeremy Allison of the Samba Team, available from the main Samba ftp site.

    Viewing file or directory permissions

    6.4. Viewing file or directory permissions

    The third button is the

    File Permissions

    6.4.1. File Permissions

    The standard UNIX user/group/world triple and the corresponding "read", "write", "execute" permissions @@ -4624,7 +4642,9 @@ CLASS="SECT2" >

    Directory Permissions

    6.4.2. Directory Permissions

    Directories on an NT NTFS file system have two different sets of permissions. The first set of permissions @@ -4654,7 +4674,9 @@ CLASS="SECT1" >

    Modifying file or directory permissions

    6.5. Modifying file or directory permissions

    Modifying file and directory permissions is as simple as changing the displayed permissions in the dialog box, and @@ -4750,7 +4772,9 @@ CLASS="SECT1" >

    Interaction with the standard Samba create mask +NAME="AEN820" +>6.6. Interaction with the standard Samba create mask parameters

    Note that with Samba 2.0.5 there are four new parameters @@ -4810,9 +4834,12 @@ CLASS="PARAMETER" >security mask - mask may be treated as a set of bits the user is not allowed to change, and one bits are those the user is allowed to change.

    Interaction with the standard Samba file attribute +NAME="AEN884" +>6.7. Interaction with the standard Samba file attribute mapping

    Samba maps some of the DOS attribute bits (such as "read @@ -5067,13 +5096,17 @@ CLASS="COMMAND" CLASS="CHAPTER" >

    Printing Support in Samba 2.2.x

    Chapter 7. Printing Support in Samba 2.2.x

    Introduction

    7.1. Introduction

    Beginning with the 2.2.0 release, Samba supports the native Windows NT printing mechanisms implemented via @@ -5139,10 +5172,13 @@ As a side note, Samba does not use these drivers in any way to process spooled files. They are utilized entirely by the clients.

    The following MS KB article, may be of some help if you are dealing with -Windows 2000 clients: How to Add Printers with No User Interaction in Windows 2000

    Configuration

    7.2. Configuration

    Warning

    Creating [print$]

    7.2.1. Creating [print$]

    In order to support the uploading of printer driver files, you must first configure a file share named [print$]. @@ -5249,12 +5289,6 @@ following file share (of course, some of the parameter values, such as 'path' are arbitrary and should be replaced with appropriate values for your site):

    [global]
@@ -5274,9 +5308,6 @@ CLASS="PROGRAMLISTING"
     ; is setup to a non-root account, then it should also exist
     ; as a 'printer admin'
     write list = @ntadmin,root

    The NoteNext create the directory tree below the [print$] share for each architecture you wish to support.

    [print$]-----
@@ -5384,9 +5409,6 @@ CLASS="PROGRAMLISTING"
         |-W32ALPHA         ; "Windows NT Alpha_AXP"
         |-W32MIPS          ; "Windows NT R4000"
         |-W32PPC           ; "Windows NT PowerPC"

    Warning

    Setting Drivers for Existing Printers

    7.2.2. Setting Drivers for Existing Printers

    The initial listing of printers in the Samba host's Printers folder will have no real printer driver assigned to them. By default, in Samba 2.2.0 this driver name was set to -NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER. Later versions changed this to a NULL string to allow the use tof the local Add Printer Wizard on NT/2000 clients. @@ -5488,12 +5515,15 @@ Attempting to view the printer properties for a printer which has this default driver assigned will result in the error message:

    Device settings cannot be displayed. The driver for the specified printer is not installed, only spooler properties will be displayed. Do you want to install the driver now?

    Click "No" in the error dialog and you will be presented with @@ -5545,7 +5575,9 @@ CLASS="SECT2" >

    Support a large number of printers

    7.2.3. Support a large number of printers

    One issue that has arisen during the development phase of Samba 2.2 is the need to support driver downloads for @@ -5563,12 +5595,6 @@ setdriver command

     
@@ -5604,13 +5630,10 @@ CLASS="PROMPT"
 >rpcclient pogo -U root%secret \
 > >  -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
 Successfully set hp-print to driver HP LaserJet 4000 Series PS.

    Adding New Printers via the Windows NT APW

    7.2.4. Adding New Printers via the Windows NT APW

    By default, Samba offers all printer shares defined in /etc/printcap.local (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work.

    #!/bin/sh
@@ -5785,16 +5804,15 @@ touch /usr/local/samba/lib/smb.conf
 #
 echo "Done"
 exit 0

    Samba and Printer Ports

    7.2.5. Samba and Printer Ports

    Windows NT/2000 print servers associate a port with each printer. These normally take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the @@ -5829,7 +5847,9 @@ CLASS="SECT1" >

    The Imprints Toolset

    7.3. The Imprints Toolset

    The Imprints tool set provides a UNIX equivalent of the Windows NT Add Printer Wizard. For complete information, please @@ -5845,7 +5865,9 @@ CLASS="SECT2" >

    What is Imprints?

    7.3.1. What is Imprints?

    Imprints is a collection of tools for supporting the goals of

    Creating Printer Driver Packages

    7.3.2. Creating Printer Driver Packages

    The process of creating printer driver packages is beyond the scope of this document (refer to Imprints.txt also included @@ -5889,7 +5913,9 @@ CLASS="SECT2" >

    The Imprints server

    7.3.3. The Imprints server

    The Imprints server is really a database server that may be queried via standard HTTP mechanisms. Each printer @@ -5897,9 +5923,12 @@ NAME="AEN1053">The Imprints servernot recommended that this security check be disabled.

    The Installation Client

    7.3.4. The Installation Client

    More information regarding the Imprints installation client is available in the rpcclient.

    	
@@ -5967,9 +5992,6 @@ foreach (supported architecture for a given driver)
 	
 4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
     create the printer

    One of the problems encountered when implementing @@ -6009,7 +6031,9 @@ CLASS="SECT1" >

    7.4. Migration to from Samba 2.0.x to 2.2.x

    Warning

    Debugging Printing Problems

    Chapter 8. Debugging Printing Problems

    Introduction

    8.1. Introduction

    This is a short description of how to debug printing problems with Samba. This describes how to debug problems with printing from a SMB @@ -6199,12 +6227,6 @@ you use is up to you.

          [global]
@@ -6213,36 +6235,18 @@ CLASS="PROGRAMLISTING"
         lprm command      - remove a job
       [printers]
         path = /var/spool/lpd/samba

    The following are nice to know about:

            queuepause command   - stop a printer or print queue
         queueresume command  - start a printer or print queue

    Example:

            print command = /usr/bin/lpr -r -P%p %s
@@ -6250,9 +6254,6 @@ CLASS="PROGRAMLISTING"
         lprm command  = /usr/bin/lprm   -P%p %j
         queuepause command = /usr/sbin/lpc -P%p stop
         queuepause command = /usr/sbin/lpc -P%p start

    Samba should set reasonable defaults for these depending on your @@ -6270,7 +6271,7 @@ and it should be periodically cleaned out. Samba used the lpq command to determine the "job number" assigned to your print job by the spooler.

    The %>letter< are "macros" that get dynamically replaced with appropriate +>The %>letter< are "macros" that get dynamically replaced with appropriate values when they are used. The %s gets replaced with the name of the spool file that Samba creates and the %p gets replaced with the name of the printer. The %j gets replaced with the "job number" which comes from @@ -6281,19 +6282,15 @@ CLASS="SECT1" >

    Debugging printer problems

    8.2. Debugging printer problems

    One way to debug printing problems is to start by replacing these command with shell scripts that record the arguments and the contents of the print file. A simple example of this kind of things might be:

    	print command = /tmp/saveprint %p %s
@@ -6304,21 +6301,12 @@ CLASS="PROGRAMLISTING"
     # we run the command and save the error messages
     # replace the command with the one appropriate for your system
     /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print

    Then you print a file and try removing it. You may find that the print queue needs to be stopped in order to see the queue status and remove the job:

    
h4: {42} % echo hi >/tmp/hi
@@ -6336,9 +6324,6 @@ smb: \> cancel 1049
 Job 1049 cancelled
 smb: \> queue
 smb: \> exit

    The 'code 0' indicates that the job was removed. The comment @@ -6354,44 +6339,28 @@ CLASS="SECT1" >

    What printers do I have?

    8.3. What printers do I have?

    You can use the 'testprns' program to check to see if the printer name you are using is recognized by Samba. For example, you can use:

        testprns printer /etc/printcap

    Samba can get its printcap information from a file or from a program. You can try the following to see the format of the extracted information:

        testprns -a printer /etc/printcap
 
     testprns -a printer '|/bin/cat printcap'

    Setting up printcap and print servers

    8.4. Setting up printcap and print servers

    You may need to set up some printcaps for your Samba system to use. It is strongly recommended that you use the facilities provided by @@ -6408,18 +6379,9 @@ the print spooler to set up queues and printcap information.

    Samba requires either a printcap or program to deliver printcap information. This printcap information has the format:

      name|alias1|alias2...:option=value:...

    For almost all printing systems, the printer 'name' must be composed @@ -6490,7 +6452,9 @@ CLASS="SECT1" >

    Job sent, no output

    8.5. Job sent, no output

    This is the most frustrating part of printing. You may have sent the job, verified that the job was forwarded, set up a wrapper around @@ -6501,18 +6465,9 @@ right print queue. If you are using a BSD or LPRng print spooler, you can temporarily stop the printing of jobs. Jobs can still be submitted, but they will not be printed. Use:

      lpc -Pprinter stop

    Now submit a print job and then use 'lpq -Pprinter' to see if the @@ -6526,20 +6481,11 @@ are not in what you would expect to call a printable format. You can use the UNIX 'file' utitily to determine what the job format actually is:

        cd /var/spool/lpd/printer   # spool directory of print jobs
     ls                          # find job files
     file dfA001myhost

    You should make sure that your printer supports this format OR that @@ -6551,7 +6497,9 @@ CLASS="SECT1" >

    Job sent, strange output

    8.6. Job sent, strange output

    Once you have the job printing, you can then start worrying about making it print nicely.

       printer: ... :sh

    If you have this option and are still getting banner pages, there @@ -6589,18 +6528,9 @@ with your job format, or if you are generating PostScript jobs, incorrect setting on your printer driver on the MicroSoft client. For example, under Win95 there is a option:

      Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|

    that allows you to choose if a Ctrl-D is appended to all jobs. @@ -6613,7 +6543,9 @@ CLASS="SECT1" >

    Raw PostScript printed

    8.7. Raw PostScript printed

    This is a problem that is usually caused by either the print spooling system putting information at the start of the print job that makes @@ -6626,7 +6558,9 @@ CLASS="SECT1" >

    Advanced Printing

    8.8. Advanced Printing

    Note that you can do some pretty magic things by using your imagination with the "print command" option and some shell scripts. @@ -6640,7 +6574,9 @@ CLASS="SECT1" >

    Real debugging

    8.9. Real debugging

    If the above debug tips don't help, then maybe you need to bring in the bug guns, system tracing. See Tracing.txt in this directory.

    Security levels

    Chapter 9. Security levels

    Introduction

    9.1. Introduction

    Samba supports the following options to the global smb.conf parameter

    [global]
@@ -6679,9 +6613,6 @@ CLASS="PARAMETER"
 > = [share|user(default)|domain|ads]

    Please refer to the smb.conf man page for usage information and to the document @@ -6709,7 +6640,9 @@ CLASS="SECT1" >

    More complete description of security levels

    9.2. More complete description of security levels

    A SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which @@ -6801,13 +6734,17 @@ schemes by which the two could be kept in sync.

    security = domain in Samba 2.x

    Chapter 10. security = domain in Samba 2.x

    Joining an NT Domain with Samba 2.2

    10.1. Joining an NT Domain with Samba 2.2

    Assume you have a Samba 2.x server with a NetBIOS name of <NT DOMAIN NAME><NT DOMAIN NAME>.<Samba - Server Name><Samba + Server Name>.mac

    Samba and Windows 2000 Domains

    10.2. Samba and Windows 2000 Domains

    Many people have asked regarding the state of Samba's ability to participate in a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows @@ -7059,7 +6998,9 @@ CLASS="SECT1" >

    Why is this better than security = server?

    10.3. Why is this better than security = server?

    Currently, domain security in Samba doesn't free you from having to create local Unix users to represent the users attaching @@ -7123,9 +7064,12 @@ CLASS="COMMAND" user is authenticated, making a Samba server truly plug and play in an NT domain environment. Watch for this code soon.

    NOTE: Much of the text of this document was first published in the Web magazine

    Unified Logons between Windows NT and UNIX using Winbind

    Chapter 11. Unified Logons between Windows NT and UNIX using Winbind

    Abstract

    11.1. Abstract

    Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous computing environments for a long time. We present - winbind, a component of the Samba suite of programs as a solution to the unified logon problem. Winbind uses a UNIX implementation @@ -7172,7 +7123,9 @@ CLASS="SECT1" >

    Introduction

    11.2. Introduction

    It is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and @@ -7224,7 +7177,9 @@ CLASS="SECT1" >

    What Winbind Provides

    11.3. What Winbind Provides

    Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once @@ -7264,7 +7219,9 @@ CLASS="SECT2" >

    Target Uses

    11.3.1. Target Uses

    Winbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish @@ -7286,7 +7243,9 @@ CLASS="SECT1" >

    How Winbind Works

    11.4. How Winbind Works

    The winbind system is designed around a client/server architecture. A long running

    Microsoft Remote Procedure Calls

    11.4.1. Microsoft Remote Procedure Calls

    Over the last two years, efforts have been underway by various Samba Team members to decode various aspects of @@ -7328,7 +7289,9 @@ CLASS="SECT2" >

    Name Service Switch

    11.4.2. Name Service Switch

    The Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system @@ -7406,7 +7369,9 @@ CLASS="SECT2" >

    Pluggable Authentication Modules

    11.4.3. Pluggable Authentication Modules

    Pluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization @@ -7453,7 +7418,9 @@ CLASS="SECT2" >

    User and Group ID Allocation

    11.4.4. User and Group ID Allocation

    When a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is @@ -7477,7 +7444,9 @@ CLASS="SECT2" >

    Result Caching

    11.4.5. Result Caching

    An active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind @@ -7498,7 +7467,9 @@ CLASS="SECT1" >

    Installation and Configuration

    11.5. Installation and Configuration

    Many thanks to John Trostel

    Introduction

    11.5.1. Introduction

    This HOWTO describes the procedures used to get winbind up and running on my RedHat 7.1 system. Winbind is capable of providing access @@ -7539,9 +7512,12 @@ somewhat to fit the way your distribution works.

    • Why should I to this?

    • Who should be reading this document?

      Requirements

      11.5.2. Requirements

      If you have a samba configuration file that you are currently -using... BACK IT UP! If your system already uses PAM, -back up the /etc/pam.d directory contents! If you haven't already made a boot disk, -MAKE ONE NOW!

      Messing with the pam configuration files can make it nearly impossible @@ -7633,7 +7623,9 @@ CLASS="SECT2" >

      Testing Things Out

      11.5.3. Testing Things Out

      Before starting, it is probably best to kill off all the SAMBA related daemons running on your server. Kill off all

      Configure and compile SAMBA

      11.5.3.1. Configure and compile SAMBA

      The configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon whether or not you have previously built the Samba binaries.

      make install

      This will, by default, install SAMBA in

      Configure 11.5.3.2. Configure nsswitch.conf and the @@ -7817,20 +7804,11 @@ CLASS="FILENAME" > file look like this after editing:

      	passwd:     files winbind
 	shadow:     files 
 	group:      files winbind

      @@ -7861,7 +7839,9 @@ CLASS="SECT3" >

      Configure smb.conf

      11.5.3.3. Configure smb.conf

      Several parameters are needed in the smb.conf file to control the behavior of file was modified to include the following entries in the [global] section:

      [global]
@@ -7933,9 +7907,6 @@ HREF="winbindd.8.html#TEMPLATESHELL"
 TARGET="_top"
 >template shell = /bin/bash

    Join the SAMBA server to the PDC domain

    11.5.3.4. Join the SAMBA server to the PDC domain

    Enter the following command to make the SAMBA server join the PDC domain, where

    Start up the winbindd daemon and test it!

    11.5.3.5. Start up the winbindd daemon and test it!

    Eventually, you will want to modify your smb startup script to automatically invoke the winbindd daemon when the other parts of @@ -8033,12 +8008,6 @@ CLASS="COMMAND" This should echo back a list of users on your Windows users on your PDC. For example, I get the following response:

    CEO+Administrator
@@ -8047,9 +8016,6 @@ CEO+Guest
 CEO+jt-ad
 CEO+krbtgt
 CEO+TsInternetUser

    Obviously, I have named my domain 'CEO' and my You can do the same sort of thing to get group information from the PDC:

    The function 'getent' can now be used to get unified @@ -8126,13 +8083,17 @@ CLASS="SECT3" >

    Fix the init.d startup scripts

    11.5.3.6. Fix the init.d startup scripts
    Linux
    11.5.3.6.1. Linux

    The directory directly. The 'start' function in the script looks like this:

    start() {
@@ -8199,20 +8154,11 @@ CLASS="PROGRAMLISTING"
            RETVAL=1
         return $RETVAL
 }

    The 'stop' function has a corresponding entry to shut down the services and look s like this:

    stop() {
@@ -8234,9 +8180,6 @@ CLASS="PROGRAMLISTING"
         echo ""
         return $RETVAL
 }

    Solaris
    11.5.3.6.2. Solaris

    On solaris, you need to modify the , the file could contains something like this:

    ##
@@ -8312,9 +8251,6 @@ echo Starting Winbind Daemon
    echo "Usage: /etc/init.d/samba.server { start | stop }"
    ;;
 esac

    Restarting
    11.5.3.6.3. Restarting

    If you restart the

    Configure Winbind and PAM

    11.5.3.7. Configure Winbind and PAM

    If you have made it this far, you know that winbindd and samba are working together. If you want to use winbind to provide authentication for other @@ -8400,7 +8340,9 @@ CLASS="SECT4" >

    Linux/FreeBSD-specific PAM configuration
    11.5.3.7.1. Linux/FreeBSD-specific PAM configuration

    The file does not need to be changed. I just left this fileas it was:

    auth    required        /lib/security/pam_stack.so service=system-auth
 account required        /lib/security/pam_stack.so service=system-auth

    The other services that I modified to allow the use of winbind @@ -8444,34 +8377,16 @@ CLASS="FILENAME" >/etc/xinetd.d/wu-ftp from 

    enable = no

    to

    enable = yes

    @@ -8499,12 +8414,6 @@ CLASS="FILENAME" > file was changed to look like this:

    auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
@@ -8514,9 +8423,6 @@ auth       required     /lib/security/pam_shells.so
 account    sufficient   /lib/security/pam_winbind.so
 account    required     /lib/security/pam_stack.so service=system-auth
 session    required     /lib/security/pam_stack.so service=system-auth

    The file can be changed nearly the same way. It now looks like this:

    auth       required     /lib/security/pam_securetty.so
@@ -8543,9 +8443,6 @@ account    required     /lib/security/pam_stack.so service=system-auth
 password   required     /lib/security/pam_stack.so service=system-auth
 session    required     /lib/security/pam_stack.so service=system-auth
 session    optional     /lib/security/pam_console.so

    In this case, I added the

    Solaris-specific configuration
    11.5.3.7.2. Solaris-specific configuration

    The /etc/pam.conf needs to be changed. I changed this file so that my Domain users can logon both locally as well as telnet.The following are the changes @@ -8580,12 +8479,6 @@ that I made.You can customize the pam.conf file as per your requirements,but be sure of those changes because in the worst case it will leave your system nearly impossible to boot.

    #
@@ -8647,9 +8540,6 @@ dtsession auth required	/usr/lib/security/$ISA/pam_unix.so.1
 #other	account optional /usr/lib/security/$ISA/pam_krb5.so.1
 #other	session optional /usr/lib/security/$ISA/pam_krb5.so.1
 #other	password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass

    I also added a try_first_pass line after the winbind.so line to get rid of @@ -8666,7 +8556,9 @@ CLASS="SECT1" >

    Limitations

    11.6. Limitations

    Winbind has a number of limitations in its current released version that we hope to overcome in future @@ -8705,7 +8597,9 @@ CLASS="SECT1" >

    Conclusion

    11.7. Conclusion

    The winbind system, through the use of the Name Service Switch, Pluggable Authentication Modules, and appropriate @@ -8719,13 +8613,17 @@ NAME="AEN1721">Conclusion

    How to Configure Samba 2.2 as a Primary Domain Controller

    Chapter 12. How to Configure Samba 2.2 as a Primary Domain Controller

    Prerequisite Reading

    12.1. Prerequisite Reading

    Before you continue reading in this chapter, please make sure that you are comfortable with configuring basic files services @@ -8751,7 +8649,9 @@ CLASS="SECT1" >

    Background

    12.2. Background

    Note

    Author's Note: This document is a combination of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". Both documents are superseded by this one.

    Configuring the Samba Domain Controller

    12.3. Configuring the Samba Domain Controller

    The first step in creating a working Samba PDC is to understand the parameters necessary in smb.conf. I will not @@ -8916,12 +8821,6 @@ CLASS="FILENAME" >smb.conf for acting as a PDC:

    [global]
@@ -9063,9 +8962,6 @@ HREF="smb.conf.5.html#DIRECTORYMASK"
 TARGET="_top"
 >directory mask = 0700

    There are a couple of points to emphasize in the above configuration.

    Creating Machine Trust Accounts and Joining Clients to the +NAME="AEN1832" +>12.4. Creating Machine Trust Accounts and Joining Clients to the Domain

    A machine trust account is a Samba account that is used to @@ -9189,7 +9087,9 @@ CLASS="SECT2" >

    Manual Creation of Machine Trust Accounts

    12.4.1. Manual Creation of Machine Trust Accounts

    The first step in manually creating a machine trust account is to manually create the corresponding Unix account in @@ -9247,12 +9147,6 @@ CLASS="FILENAME" >/etc/passwd entry like this:

    doppy$:x:505:501:machine_nickname:/dev/null:/bin/false

    Above, Warning

    "On-the-Fly" Creation of Machine Trust Accounts

    12.4.2. "On-the-Fly" Creation of Machine Trust Accounts

    The second (and recommended) way of creating machine trust accounts is simply to allow the Samba server to create them as needed when the client @@ -9389,20 +9282,11 @@ be created manually.

    Below is an example for a RedHat 6.2 Linux system.

    [global]
    # <...remainder of parameters...>
    add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

    Joining the Client to the Domain

    12.4.3. Joining the Client to the Domain

    The procedure for joining a client to the domain varies with the version of Windows.

    • Windows 2000

      When the user elects to join the client to a domain, Windows prompts for @@ -9444,9 +9333,12 @@ CLASS="FILENAME" >

    • Windows NT

      If the machine trust account was created manually, on the @@ -9470,7 +9362,9 @@ CLASS="SECT1" >

      Common Problems and Errors

      12.5. Common Problems and Errors

      Common Problems and Errors

      • I cannot include a '$' in a machine name.

      • I get told "You already have a connection to the Domain...." or "Cannot join domain, the credentials supplied conflict with an existing set.." when creating a machine trust account.

      • The system can not log you on (C000019B)....

      • The machine trust account for this computer either does not exist or is not accessible.

      • When I attempt to login to a Samba Domain from a NT4/W2K workstation, I get a message about my account being disabled.

        file as follows: 

        	account required        pam_permit.so

        If you want to remain backward compatibility to samba 2.0.x use @@ -9672,7 +9572,9 @@ CLASS="SECT1" >

        System Policies and Profiles

        12.6. System Policies and Profiles

        Much of the information necessary to implement System Policies and Roving User Profiles in a Samba domain is the same as that for @@ -9690,9 +9592,12 @@ Profiles and Policies in Windows NT 4.0

        • What about Windows NT Policy Editor?

          poledit.exe which - is included with NT Server but not NT Workstation. There is a Policy Editor on a NTws - but it is not suitable for creating Domain Policies. Further, although the Windows 95 Policy Editor can be installed on an NT Workstation/Server, it will not @@ -9752,9 +9663,12 @@ CLASS="COMMAND" >

        • Can Win95 do Policies?

        • How do I get 'User Manager' and 'Server Manager'

          What other help can I get?

          12.7. What other help can I get?

          There are many sources of information available in the form of mailing lists, RFC's and documentation. The docs that come @@ -9843,10 +9762,13 @@ general SMB topics such as browsing.

          • What are some diagnostics tools I can use to debug the domain logon process and where can I find them?

          • How do I install 'Network Monitor' on an NT Workstation or a Windows 9x box?

          • The The Development document on the Samba mirrors might mention your problem. If so, it might mean that the developers are working on it.

            • How do I get help from the mailing lists?

            • You might include You might include partial log files written at a debug level set to as much as 20. Please don't send the entire log but enough to give the context of the @@ -10194,9 +10128,12 @@ CLASS="EMPHASIS" >

            • How do I get off the mailing lists?

              Domain Control for Windows 9x/ME

              12.8. Domain Control for Windows 9x/ME

              Note

              The following section contains much of the original DOMAIN.txt file previously included with Samba. Much of -the material is based on what went into the book Special Edition, Using Samba, by Richard Sharpe.

              Configuration Instructions: Network Logons

              12.8.1. Configuration Instructions: Network Logons

              The main difference between a PDC and a Windows 9x logon server configuration is that

              Warning

              Configuration Instructions: Setting up Roaming User Profiles

              12.8.2. Configuration Instructions: Setting up Roaming User Profiles

              Warning

              NOTE! Roaming profiles support is different for Win9X and WinNT.

              Windows NT Configuration

              12.8.2.1. Windows NT Configuration

              To support WinNT clients, in the [global] section of smb.conf set the following (for example):

              logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath

              The default for this option is \\%N\%U\profile, namely @@ -10551,7 +10493,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" >Note

              Windows 9X Configuration

              12.8.2.2. Windows 9X Configuration

              To support Win9X clients, you must use the "logon home" parameter. Samba has now been fixed so that "net use/home" now works as well, and it, too, relies @@ -10582,18 +10526,9 @@ profiles in the user's home directory. But wait! There is a trick you can use. If you set the following in the [global] section of your smb.conf file:

              logon home = \\%L\%U\.profiles

              then your Win9X clients will dutifully put their clients in a subdirectory @@ -10609,24 +10544,17 @@ CLASS="SECT3" >

              Win9X and WinNT Configuration

              12.8.2.3. Win9X and WinNT Configuration

              You can support profiles for both Win9X and WinNT clients by setting both the "logon home" and "logon path" parameters. For example:

              logon home = \\%L\%U\.profiles
 logon path = \\%L\profiles\%U

              Note

              Windows 9X Profile Setup

              12.8.2.4. Windows 9X Profile Setup

              When a user first logs in on Windows 9X, the file user.DAT is created, as are folders "Start Menu", "Desktop", "Programs" and "Nethood". @@ -10766,9 +10696,12 @@ TYPE="1" >

            • WARNING - before deleting the contents of the directory listed in the ProfilePath (this is likely to be c:\windows\profiles\username), @@ -10816,7 +10749,9 @@ CLASS="SECT3" >

              Windows NT Workstation 4.0

              12.8.2.5. Windows NT Workstation 4.0

              When a user first logs in to a Windows NT Workstation, the profile NTuser.DAT is created. The profile location can be now specified @@ -10835,7 +10770,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" >NoteNote

              Windows NT Server

              12.8.2.6. Windows NT Server

              There is nothing to stop you specifying any path that you like for the location of users' profiles. Therefore, you could specify that the @@ -10940,7 +10877,9 @@ CLASS="SECT3" >

              Sharing Profiles between W95 and NT Workstation 4.0

              12.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0

              WarningNote

              DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

              12.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

              Warning

              NOTE : The term "Domain Controller" and those related to it refer to one specific method of authentication that can underly an SMB domain. Domain Controllers @@ -11163,13 +11107,17 @@ within its registry.

              How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

              Chapter 13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

              Prerequisite Reading

              13.1. Prerequisite Reading

              Before you continue reading in this chapter, please make sure that you are comfortable with configuring a Samba PDC @@ -11184,7 +11132,9 @@ CLASS="SECT1" >

              Background

              13.2. Background

              What is a Domain Controller? It is a machine that is able to answer logon requests from workstations in a Windows NT Domain. Whenever a @@ -11211,20 +11161,11 @@ current Windows Clients, including Windows 2000 and XP. This text assumes the domain to be named SAMBA. To be able to act as a PDC, some parameters in the [global]-section of the smb.conf have to be set:

              workgroup = SAMBA
 domain master = yes
 domain logons = yes

              Several other things like a [homes] and a [netlogon] share also may be @@ -11236,7 +11177,9 @@ CLASS="SECT1" >

              What qualifies a Domain Controller on the network?

              13.3. What qualifies a Domain Controller on the network?

              Every machine that is a Domain Controller for the domain SAMBA has to register the NetBIOS group name SAMBA#1c with the WINS server and/or @@ -11251,7 +11194,9 @@ CLASS="SECT2" >

              How does a Workstation find its domain controller?

              13.3.1. How does a Workstation find its domain controller?

              A NT workstation in the domain SAMBA that wants a local user to be authenticated has to find the domain controller for SAMBA. It does @@ -11268,7 +11213,9 @@ CLASS="SECT2" >

              When is the PDC needed?

              13.3.2. When is the PDC needed?

              Whenever a user wants to change his password, this has to be done on the PDC. To find the PDC, the workstation does a NetBIOS name query @@ -11282,7 +11229,9 @@ CLASS="SECT1" >

              Can Samba be a Backup Domain Controller?

              13.4. Can Samba be a Backup Domain Controller?

              With version 2.2, no. The native NT SAM replication protocols have not yet been fully implemented. The Samba Team is working on @@ -11299,7 +11248,9 @@ CLASS="SECT1" >

              How do I set up a Samba BDC?

              13.5. How do I set up a Samba BDC?

              Several things have to be done:

              Finally, the BDC has to be found by the workstations. This can be done by setting

              workgroup = samba
 domain master = no
 domain logons = yes

              in the [global]-section of the smb.conf of the BDC. This makes the BDC @@ -11373,7 +11315,9 @@ CLASS="SECT2" >

              How do I replicate the smbpasswd file?

              13.5.1. How do I replicate the smbpasswd file?

              Replication of the smbpasswd file is sensitive. It has to be done whenever changes to the SAM are made. Every user's password change is @@ -11393,13 +11337,17 @@ password.

              Storing Samba's User/Machine Account information in an LDAP Directory

              Chapter 14. Storing Samba's User/Machine Account information in an LDAP Directory

              Purpose

              14.1. Purpose

              This document describes how to use an LDAP directory for storing Samba user account information traditionally stored in the smbpasswd(5) file. It is @@ -11465,7 +11413,9 @@ CLASS="SECT1" >

              Introduction

              14.2. Introduction

              Traditionally, when configuring

              Supported LDAP Servers

              14.3. Supported LDAP Servers

              The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP 2.0 server and client libraries. The same code should be able to work with @@ -11603,7 +11555,9 @@ CLASS="SECT1" >

              Schema and Relationship to the RFC 2307 posixAccount

              14.4. Schema and Relationship to the RFC 2307 posixAccount

              Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in 

              objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
@@ -11628,9 +11576,6 @@ CLASS="PROGRAMLISTING"
             logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
             displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
             description $ userWorkstations $ primaryGroupID $ domain ))

              The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are @@ -11669,13 +11614,17 @@ CLASS="SECT1" >

              Configuring Samba with LDAP

              14.5. Configuring Samba with LDAP

              OpenLDAP configuration

              14.5.1. OpenLDAP configuration

              To include support for the sambaAccount object in an OpenLDAP directory server, first copy the samba.schema file to slapd's configuration directory.

              samba.schema               file.

              ## /etc/openldap/slapd.conf
@@ -11731,21 +11674,12 @@ include            /etc/openldap/schema/samba.schema
 ## include         /etc/openldap/schema/nis.schema
 
 ....

              It is recommended that you maintain some indices on some of the most usefull attributes, like in the following example, to speed up searches made on sambaAccount objectclasses (and possibly posixAccount and posixGroup as well).

              # Indices to maintain
@@ -11763,9 +11697,6 @@ index rid           eq
 ##index gidNumber     eq
 ##index cn            eq
 ##index memberUid     eq

              Configuring Samba

              14.5.2. Configuring Samba

              The following parameters are available in smb.conf only with 

              ## /usr/local/samba/lib/smb.conf
@@ -11888,10 +11815,7 @@ CLASS="REPLACEABLE"
      ldap suffix = "ou=people,dc=samba,dc=org"
 
      # generally the default ldap search filter is ok
-     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"

              Accounts and Groups management

              14.6. Accounts and Groups management

              As users accounts are managed thru the sambaAccount objectclass, you should modify you existing administration tools to deal with sambaAccount attributes.

              Security and sambaAccount

              14.7. Security and sambaAccount

              There are two important points to remember when discussing the security of sambaAccount entries in the directory.

              • Never retrieve the lmPassword or ntPassword attribute values over an unencrypted LDAP session.

              • Never allow non-admin users to view the lmPassword or ntPassword attribute values.

                • slapd.conf                :

                ## allow the "ldap admin dn" access, but deny everyone else
 access to attrs=lmPassword,ntPassword
      by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
      by * none

              LDAP specials attributes for sambaAccounts

              14.8. LDAP specials attributes for sambaAccounts

              The sambaAccount objectclass is composed of the following attributes:

              Example LDIF Entries for a sambaAccount

              14.9. Example LDIF Entries for a sambaAccount

              The following is a working LDIF with the inclusion of the posixAccount objectclass:

              The following is an LDIF entry for using both the sambaAccount and +posixAccount objectclasses:

              dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7

              14.10. Comments

              Please mail all comments regarding this HOWTO to jerry@samba.org. This documents was +last updated to reflect the Samba 2.2.3 release.

              Chapter 15. Using samba 3.0 with ActiveDirectory support

              This is a VERY ROUGH guide to setting up the current (November 2001) +pre-alpha version of Samba 3.0 with kerberos authentication against a +Windows2000 KDC. The procedures listed here are likely to change as +the code develops.

              Pieces you need before you begin: +

              dn: uid=guest2, ou=people,dc=plainjoe,dc=org
@@ -12238,75 +12161,357 @@ acctFlags: [UX         ]
 logoffTime: 2147483647
 rid: 19006
 pwdCanChange: 0
              a Windows 2000 server.
              samba 3.0 or higher.
              the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.
              the OpenLDAP development libraries.

              15.1. Installing the required packages for Debian

              On Debian you need to install the following packages: +

              libkrb5-dev
              krb5-user

              15.2. Installing the required packages for RedHat

              On RedHat this means you should have at least: +

              krb5-workstation (for kinit)
              krb5-libs (for linking with)
              krb5-devel (because you are compiling from source)

              in addition to the standard development environment.

              Note that these are not standard on a RedHat install, and you may need +to get them off CD2.

              15.3. Compile Samba

              If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR.

              After you run configure make sure that include/config.h contains + lines like this:

              #define HAVE_KRB5 1
+#define HAVE_LDAP 1

              The following is an LDIF entry for using both the sambaAccount and -posixAccount objectclasses:

              If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it.

              Then compile and install Samba as usual. You must use at least the + following 3 options in smb.conf:

                realm = YOUR.KERBEROS.REALM
+  ads server = your.kerberos.server
+  security = ADS
+  encrypt passwords = yes

              Strictly speaking, you can omit the realm name and you can use an IP + address for the ads server. In that case Samba will auto-detect these.

              You do *not* need a smbpasswd file, although it won't do any harm + and if you have one then Samba will be able to fall back to normal + password security for older clients. I expect that the above + required options will change soon when we get better active + directory integration.

              15.4. Setup your /etc/krb5.conf

              The minimal configuration for krb5.conf is:

              	[realms]
+    YOUR.KERBEROS.REALM = {
+	kdc = your.kerberos.server
+    }

              Test your config by doing a "kinit USERNAME@REALM" and making sure that + your password is accepted by the Win2000 KDC.

              NOTE: The realm must be uppercase.

              You also must ensure that you can do a reverse DNS lookup on the IP +address of your KDC. Also, the name that this reverse lookup maps to +must either be the netbios name of the KDC (ie. the hostname with no +domain attached) or it can alternatively be the netbios name +followed by the realm.

              The easiest way to ensure you get this right is to add a /etc/hosts +entry mapping the IP address of your KDC to its netbios name. If you +don't get this right then you will get a "local error" when you try +to join the realm.

              If all you want is kerberos support in smbclient then you can skip +straight to step 5 now. Step 3 is only needed if you want kerberos +support in smbd.

              15.5. Create the computer account

              Do a "kinit" as a user that has authority to change arbitrary +passwords on the KDC ("Administrator" is a good choice). Then as a +user that has write permission on the Samba private directory +(usually root) run: +net ads join

              15.5.1. Possible errors

              "bash: kinit: command not found"

              kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)

              "ADS support not compiled in"

              Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed.

              15.6. Test your server setup

              On a Windows 2000 client try net use * \\server\share. You should +be logged in with kerberos without needing to know a password. If +this fails then run klist tickets. Did you get a ticket for the +server? Does it have an encoding type of DES-CBC-MD5 ?

              15.7. Testing with smbclient

              dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
-logonTime: 0
-displayName: Gerald Carter
-lmPassword: 552902031BEDE9EFAAD3B435B51404EE
-primaryGroupID: 1201
-objectClass: posixAccount
-objectClass: sambaAccount
-acctFlags: [UX         ]
-userPassword: {crypt}BpM2ej8Rkzogo
-uid: gcarter
-uidNumber: 9000
-cn: Gerald Carter
-loginShell: /bin/bash
-logoffTime: 2147483647
-gidNumber: 100
-kickoffTime: 2147483647
-pwdLastSet: 1010179230
-rid: 19000
-homeDirectory: /home/tashtego/gcarter
-pwdCanChange: 0
-pwdMustChange: 2147483647
-ntPassword: 878D8014606CDA29677A44EFA1353FC7

              On your Samba server try to login to a Win2000 server or your Samba +server using smbclient and kerberos. Use smbclient as usual, but +specify the -k option to choose kerberos authentication.

              Comments

              15.8. Notes

              Please mail all comments regarding this HOWTO to jerry@samba.org. This documents was -last updated to reflect the Samba 2.2.3 release.

              You must change administrator password at least once after DC install, + to create the right encoding types

              w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in + their defaults DNS setup. Maybe fixed in service packs?

              Improved browsing in samba

              Chapter 16. Improved browsing in samba

              Overview of browsing

              16.1. Overview of browsing

              SMB networking provides a mechanism by which clients can access a list of machines in a network, a so-called "browse list". This list @@ -12328,7 +12533,9 @@ CLASS="SECT1" >

              Browsing support in samba

              16.2. Browsing support in samba

              Samba now fully supports browsing. The browsing is supported by nmbd and is also controlled by options in the smb.conf file (see smb.conf(5)).

              Problem resolution

              16.3. Problem resolution

              If something doesn't work then hopefully the log.nmb file will help you track down the problem. Try a debug level of 2 or 3 for finding @@ -12403,7 +12612,9 @@ CLASS="SECT1" >

              Browsing across subnets

              16.4. Browsing across subnets

              With the release of Samba 1.9.17(alpha1 and above) Samba has been updated to enable it to support the replication of browse lists @@ -12432,7 +12643,9 @@ CLASS="SECT2" >

              How does cross subnet browsing work ?

              16.4.1. How does cross subnet browsing work ?

              Cross subnet browsing is a complicated dance, containing multiple moving parts. It has taken Microsoft several years to get the code @@ -12442,12 +12655,6 @@ browsing when configured correctly.

              Consider a network set up as follows :

                                                 (DMB)
@@ -12464,9 +12671,6 @@ CLASS="PROGRAMLISTING"
   |     |     |      |               |        |         |           |
  N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
                     (WINS)

              Consisting of 3 subnets (1, 2, 3) connected by two routers @@ -12510,12 +12714,6 @@ called 'non-authoritative'.

              Subnet           Browse Master   List
@@ -12525,9 +12723,6 @@ Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
 Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
 
 Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D

              Note that at this point all the subnets are separate, no @@ -12537,7 +12732,7 @@ machine is seen across any of the subnets.

              Once N2_B knows the address of the Domain master browser it @@ -12550,12 +12745,6 @@ the MasterAnnouncement packet it schedules a synchronization request to the sender of that packet. After both synchronizations are done the browse lists look like :

              Subnet           Browse Master   List
@@ -12569,9 +12758,6 @@ Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
 Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
 
 Servers with a (*) after them are non-authoritative names.

              At this point users looking in their network neighborhood on @@ -12585,12 +12771,6 @@ it gets both the server entries on subnet 1, and those on subnet 2. After N3_D has synchronized with N1_C and vica-versa the browse lists look like.

              Subnet           Browse Master   List
@@ -12607,9 +12787,6 @@ Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
                                  N2_A(*), N2_B(*), N2_C(*), N2_D(*)
 
 Servers with a (*) after them are non-authoritative names.

              At this point users looking in their network neighborhood on @@ -12621,12 +12798,6 @@ with the domain master browser (N1_C) and will recieve the missing server entries. Finally - and as a steady state (if no machines are removed or shut off) the browse lists will look like :

              Subnet           Browse Master   List
@@ -12644,9 +12815,6 @@ Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
                                  N2_A(*), N2_B(*), N2_C(*), N2_D(*)
 	
 Servers with a (*) after them are non-authoritative names.

              Synchronizations between the domain master browser and local @@ -12687,7 +12855,9 @@ CLASS="SECT1" >

              Setting up a WINS server

              16.5. Setting up a WINS server

              Either a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must @@ -12739,10 +12909,10 @@ all smb.conf files :

              wins server = >name or IP address< wins server = >name or IP address<

              where >name or IP address< is either the DNS name of the WINS server +>where >name or IP address< is either the DNS name of the WINS server machine or its IP address.

              Note that this line MUST NOT BE SET in the smb.conf file of the Samba @@ -12753,7 +12923,7 @@ CLASS="COMMAND" >" option and the "wins server = >name<wins server = >name<" option then nmbd will fail to start.

              Setting up Browsing in a WORKGROUP

              16.6. Setting up Browsing in a WORKGROUP

              To set up cross subnet browsing on a network containing machines in up to be in a WORKGROUP, not an NT Domain you need to set up one @@ -12796,21 +12968,12 @@ CLASS="COMMAND" browser for its own subnet. In order to achieve this set the following options in the [global] section of the smb.conf file :

                      domain master = yes
         local master = yes
         preferred master = yes
         os level = 65

              The domain master browser may be the same machine as the WINS @@ -12824,21 +12987,12 @@ often, so it's not such a good idea to use these). To make a Samba server a local master browser set the following options in the [global] section of the smb.conf file :

                      domain master = no
         local master = yes
         preferred master = yes
         os level = 65

              Do not do this for more than one Samba server on each subnet, @@ -12855,21 +13009,12 @@ be the local master browser then you can disable Samba from becoming a local master browser by setting the following options in the [global] section of the smb.conf file :

                      domain master = no
         local master = no
         preferred master = no
         os level = 0

              Setting up Browsing in a DOMAIN

              16.7. Setting up Browsing in a DOMAIN

              If you are adding Samba servers to a Windows NT Domain then you must not set up a Samba server as a domain master browser. By default, a Windows NT Primary Domain Controller for a Domain name is also the Domain master browser for that name, and many things will break if a Samba server registers the Domain master -browser NetBIOS name (DOMAIN>1B<) with WINS instead of the PDC.

              For subnets other than the one containing the Windows NT PDC you may set up Samba servers as local master browsers as @@ -12892,21 +13039,12 @@ described. To make a Samba server a local master browser set the following options in the [global] section of the smb.conf file :

                      domain master = no
         local master = yes
         preferred master = yes
         os level = 65

              If you wish to have a Samba server fight the election with machines @@ -12935,7 +13073,9 @@ CLASS="SECT1" >

              Forcing samba to be the master

              16.8. Forcing samba to be the master

              Who becomes the "master browser" is determined by an election process using broadcasts. Each election packet contains a number of parameters @@ -12981,7 +13121,9 @@ CLASS="SECT1" >

              Making samba the domain master

              16.9. Making samba the domain master

              The domain master is responsible for collating the browse lists of multiple subnets so that browsing can occur between subnets. You can @@ -13052,7 +13194,9 @@ CLASS="SECT1" >

              Note about broadcast addresses

              16.10. Note about broadcast addresses

              If your network uses a "0" based broadcast address (for example if it ends in a 0) then you will strike problems. Windows for Workgroups @@ -13064,7 +13208,9 @@ CLASS="SECT1" >

              Multiple interfaces

              16.11. Multiple interfaces

              Samba now supports machines with multiple network interfaces. If you have multiple interfaces then you will need to use the "interfaces" @@ -13075,13 +13221,17 @@ option in smb.conf to configure them. See smb.conf(5) for details.

              Samba performance issues

              Chapter 17. Samba performance issues

              Comparisons

              17.1. Comparisons

              The Samba server uses TCP to talk to the client. Thus if you are trying to see if it performs well you should really compare it to @@ -13110,13 +13260,17 @@ CLASS="SECT1" >

              Oplocks

              17.2. Oplocks

              Overview

              17.2.1. Overview

              Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock @@ -13150,7 +13304,9 @@ CLASS="SECT2" >

              Level2 Oplocks

              17.2.2. Level2 Oplocks

              With Samba 2.0.5 a new capability - level2 (read only) oplocks is supported (although the option is off by default - see the smb.conf @@ -13172,7 +13328,9 @@ CLASS="SECT2" >

              Old 'fake oplocks' option - deprecated

              17.2.3. Old 'fake oplocks' option - deprecated

              Samba can also fake oplocks, by granting a oplock whenever a client asks for one. This is controlled using the smb.conf option "fake @@ -13191,7 +13349,9 @@ CLASS="SECT1" >

              Socket options

              17.3. Socket options

              There are a number of socket options that can greatly affect the performance of a TCP based server like Samba.

              Read size

              17.4. Read size

              The option "read size" affects the overlap of disk reads/writes with network reads/writes. If the amount of data being transferred in @@ -13241,7 +13403,9 @@ CLASS="SECT1" >

              Max xmit

              17.5. Max xmit

              At startup the client and server negotiate a "maximum transmit" size, which limits the size of nearly all SMB commands. You can set the @@ -13262,7 +13426,9 @@ CLASS="SECT1" >

              Locking

              17.6. Locking

              By default Samba does not implement strict locking on each read/write call (although it did in previous versions). If you enable strict @@ -13277,7 +13443,9 @@ CLASS="SECT1" >

              Share modes

              17.7. Share modes

              Some people find that opening files is very slow. This is often because of the "share modes" code needed to fully implement the dos @@ -13305,7 +13473,9 @@ CLASS="SECT1" >

              Log level

              17.8. Log level

              If you set the log level (also known as "debug level") higher than 2 then you may suffer a large drop in performance. This is because the @@ -13317,7 +13487,9 @@ CLASS="SECT1" >

              Wide lines

              17.9. Wide lines

              The "wide links" option is now enabled by default, but if you disable it (for better security) then you may suffer a performance hit in @@ -13329,7 +13501,9 @@ CLASS="SECT1" >

              Read raw

              17.10. Read raw

              The "read raw" operation is designed to be an optimised, low-latency file read operation. A server may choose to not support it, @@ -13349,7 +13523,9 @@ CLASS="SECT1" >

              Write raw

              17.11. Write raw

              The "write raw" operation is designed to be an optimised, low-latency file write operation. A server may choose to not support it, @@ -13364,7 +13540,9 @@ CLASS="SECT1" >

              Read prediction

              17.12. Read prediction

              Samba can do read prediction on some of the SMB commands. Read prediction means that Samba reads some extra data on the last file it @@ -13388,7 +13566,9 @@ CLASS="SECT1" >

              Memory mapping

              17.13. Memory mapping

              Samba supports reading files via memory mapping them. One some machines this can give a large boost to performance, on others it @@ -13407,7 +13587,9 @@ CLASS="SECT1" >

              Slow Clients

              17.14. Slow Clients

              One person has reported that setting the protocol to COREPLUS rather than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).

              Slow Logins

              17.15. Slow Logins

              Slow logins are almost always due to the password checking time. Using the lowest practical "password level" will improve things a lot. You @@ -13433,7 +13617,9 @@ CLASS="SECT1" >

              Client tuning

              17.16. Client tuning

              Often a speed problem can be traced to the client. The client (for example Windows for Workgroups) can often be tuned for better TCP @@ -13535,7 +13721,9 @@ CLASS="SECT1" >

              My Results

              17.17. My Results

              Some people want to see real numbers in a document like this, so here they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b @@ -13562,7 +13750,9 @@ here someday ...

              Samba and other CIFS clients

              Chapter 18. Samba and other CIFS clients

              This chapter contains client-specific information.

              Macintosh clients?

              18.1. Macintosh clients?

              Yes.

              OS2 Client

              18.2. OS2 Client

              How can I configure OS/2 Warp Connect or +NAME="AEN2964" +>18.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?

              A more complete answer to this question can be @@ -13677,7 +13873,9 @@ CLASS="SECT2" >

              How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN2979" +>18.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?

              You can use the free Microsoft LAN Manager 2.2c Client @@ -13696,21 +13894,12 @@ TARGET="_top" a nutshell, edit the file \OS2VER in the root directory of the OS/2 boot partition and add the lines:

              		20=setup.exe
 		20=netwksta.sys
 		20=netvdd.sys

              before you install the client. Also, don't use the @@ -13728,7 +13917,9 @@ CLASS="SECT2" >

              Are there any other issues when OS/2 (any version) +NAME="AEN2988" +>18.2.3. Are there any other issues when OS/2 (any version) is used as a client?

              When you do a NET VIEW or use the "File and Print @@ -13748,7 +13939,9 @@ CLASS="SECT2" >

              How do I get printer driver download working +NAME="AEN2992" +>18.2.4. How do I get printer driver download working for OS/2 clients?

              First, create a share called [PRINTDRV] that is @@ -13797,13 +13990,17 @@ CLASS="SECT1" >

              Windows for Workgroups

              18.3. Windows for Workgroups

              Use latest TCP/IP stack from Microsoft

              18.3.1. Use latest TCP/IP stack from Microsoft

              Use the latest TCP/IP stack from microsoft if you use Windows for workgroups.

              Delete .pwl files after password change

              18.3.2. Delete .pwl files after password change

              WfWg does a lousy job with passwords. I find that if I change my password on either the unix box or the PC the safest thing to do is to @@ -13841,7 +14040,9 @@ CLASS="SECT2" >

              Configure WfW password handling

              18.3.3. Configure WfW password handling

              There is a program call admincfg.exe on the last disk (disk 8) of the WFW 3.11 disk set. To install it @@ -13858,7 +14059,9 @@ CLASS="SECT2" >

              Case handling of passwords

              18.3.4. Case handling of passwords

              Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the

              Windows '95/'98

              18.4. Windows '95/'98

              When using Windows 95 OEM SR2 the following updates are recommended where Samba is being used. Please NOTE that the above change will affect you once these @@ -13921,7 +14126,9 @@ CLASS="SECT1" >

              Windows 2000 Service Pack 2

              18.5. Windows 2000 Service Pack 2

              There are several annoyances with Windows 2000 SP2. One of which @@ -13957,12 +14164,6 @@ releases prior to Samba 2.2.2.

              The following is a minimal profile share:

              	[profile]
@@ -13971,9 +14172,6 @@ CLASS="PROGRAMLISTING"
 		directory mask = 0700
 		nt acl support = no
 		read only = no

              The reason for this bug is that the Win2k SP2 client copies @@ -13996,10 +14194,13 @@ CLASS="COMMAND" >DOMAIN\user "Full Control"

              NOTE : This bug does not occur when using winbind to create accounts on the Samba host for Domain users.

              HOWTO Access Samba source code via CVS

              Chapter 19. HOWTO Access Samba source code via CVS

              Introduction

              19.1. Introduction

              Samba is developed in an open environment. Developers use CVS (Concurrent Versioning System) to "checkin" (also known as @@ -14033,7 +14238,9 @@ CLASS="SECT1" >

              CVS Access to samba.org

              19.2. CVS Access to samba.org

              The machine samba.org runs a publicly accessible CVS repository for access to the source code of several packages, @@ -14044,7 +14251,9 @@ CLASS="SECT2" >

              Access via CVSweb

              19.2.1. Access via CVSweb

              You can access the source code via your favourite WWW browser. This allows you to access the contents of @@ -14063,7 +14272,9 @@ CLASS="SECT2" >

              Access via cvs

              19.2.2. Access via cvs

              You can also access the source code via a normal cvs client. This gives you much more control over you can @@ -14169,13 +14380,17 @@ CLASS="COMMAND" CLASS="CHAPTER" >

              Reporting Bugs

              Chapter 20. Reporting Bugs

              Introduction

              20.1. Introduction

              The email address for bug reports is samba@samba.org

              General info

              20.2. General info

              Before submitting a bug report check your config for silly errors. Look in your log files for obvious messages that tell you that @@ -14228,7 +14445,9 @@ CLASS="SECT1" >

              Debug levels

              20.3. Debug levels

              If the bug has anything to do with Samba behaving incorrectly as a server (like refusing to open a file) then the log files will probably @@ -14247,20 +14466,11 @@ CLASS="FILENAME" level higher for just one machine and keep separate logs for each machine. To do this use:

              log level = 10
 log file = /usr/local/samba/lib/log.%m
 include = /usr/local/samba/lib/smb.conf.%m

              then create a file @@ -14305,7 +14515,9 @@ CLASS="SECT1" >

              Internal errors

              20.4. Internal errors

              If you get a "INTERNAL ERROR" message in your log files it means that Samba got an unexpected signal while running. It is probably a @@ -14347,7 +14559,9 @@ CLASS="SECT1" >

              Attaching to a running process

              20.5. Attaching to a running process

              Unfortunately some unixes (in particular some recent linux kernels) refuse to dump a core file if the task has changed uid (which smbd @@ -14362,7 +14576,9 @@ CLASS="SECT1" >

              Patches

              20.6. Patches

              The best sort of bug report is one that includes a fix! If you send us patches please use

              Group mapping HOWTO

              Chapter 21. Group mapping HOWTO

              Starting with Samba 3.0 alpha 2, a new group mapping function is available. The @@ -14437,18 +14655,9 @@ CLASS="FILENAME" >/etc/group will look like:

              domadm:x:502:joe,john,mary

            • Portability

              Chapter 22. Portability

              Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -14499,7 +14710,9 @@ CLASS="SECT1" >

              HPUX

              22.1. HPUX

              HP's implementation of supplementary groups is, er, non-standard (for hysterical reasons). There are two group files, /etc/group and @@ -14523,7 +14736,9 @@ CLASS="SECT1" >

              SCO Unix

              22.2. SCO Unix

              If you run an old version of SCO Unix then you may need to get important @@ -14538,7 +14753,9 @@ CLASS="SECT1" >

              DNIX

              22.3. DNIX

              DNIX has a problem with seteuid() and setegid(). These routines are needed for Samba to work correctly, but they were left out of the DNIX @@ -14559,12 +14776,6 @@ CLASS="FILENAME" >setegid.s:

                      .globl  _setegid
@@ -14579,9 +14790,6 @@ _setegid:
 1$:
         clrl    d0
         rts

              put this in the file seteuid.s:

                      .globl  _seteuid
@@ -14609,9 +14811,6 @@ _seteuid:
 1$:
         clrl    d0
         rts

              after creating the above files you then assemble them using

              then you need to add these to the LIBSM line in the DNIX section of the Samba Makefile. Your LIBSM line will then look something like this:

              LIBSM = setegid.o seteuid.o -ln

              You should then remove the line:

              #define NO_EID

              from the DNIX section of .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMB.CONF" "5" "01 October 2002" "" "" +.TH "SMB.CONF" "5" "02 oktober 2002" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -604,12 +604,6 @@ each parameter for details. Note that some are synonyms. \fIdns proxy\fR .TP 0.2i \(bu -\fIdomain admin group\fR -.TP 0.2i -\(bu -\fIdomain guest group\fR -.TP 0.2i -\(bu \fIdomain logons\fR .TP 0.2i \(bu @@ -994,9 +988,6 @@ each parameter for details. Note that some are synonyms. \fIuse mmap\fR .TP 0.2i \(bu -\fIuse rhosts\fR -.TP 0.2i -\(bu \fIusername level\fR .TP 0.2i \(bu @@ -1367,9 +1358,6 @@ each parameter for details. Note that some are synonyms. \fIshort preserve case\fR .TP 0.2i \(bu -\fIstatus\fR -.TP 0.2i -\(bu \fIstrict allocate\fR .TP 0.2i \(bu @@ -2484,40 +2472,6 @@ See also the parameter \fI wins support\fR. Default: \fBdns proxy = yes\fR .TP -\fBdomain admin group (G)\fR -This parameter is intended as a temporary solution -to enable users to be a member of the "Domain Admins" group when -a Samba host is acting as a PDC. A complete solution will be provided -by a system for mapping Windows NT/2000 groups onto UNIX groups. -Please note that this parameter has a somewhat confusing name. It -accepts a list of usernames and of group names in standard -\fIsmb.conf\fR notation. - -See also \fIdomain -guest group\fR, \fIdomain -logons\fR - -Default: \fBno domain administrators\fR - -Example: \fBdomain admin group = root @wheel\fR -.TP -\fBdomain guest group (G)\fR -This parameter is intended as a temporary solution -to enable users to be a member of the "Domain Guests" group when -a Samba host is acting as a PDC. A complete solution will be provided -by a system for mapping Windows NT/2000 groups onto UNIX groups. -Please note that this parameter has a somewhat confusing name. It -accepts a list of usernames and of group names in standard -\fIsmb.conf\fR notation. - -See also \fIdomain -admin group\fR, \fIdomain -logons\fR - -Default: \fBno domain guests\fR - -Example: \fBdomain guest group = nobody @guest\fR -.TP \fBdomain logons (G)\fR If set to true, the Samba server will serve Windows 95/98 Domain logons for the \fIworkgroup\fR it is in. Samba 2.2 also @@ -5285,7 +5239,7 @@ Default: \fBpreferred master = auto\fR \fBprefered master (G)\fR Synonym for \fI preferred master\fR for people who cannot spell :-). .TP -\fBpreload\fR +\fBpreload (G)\fR This is a list of services that you want to be automatically added to the browse lists. This is most useful for homes and printers services that would otherwise not be @@ -6419,17 +6373,6 @@ never need to change this parameter. Default: \fBstat cache size = 50\fR .TP -\fBstatus (G)\fR -This enables or disables logging of connections -to a status file that smbstatus(1) -can read. - -With this disabled \fBsmbstatus\fR won't be able -to tell you what connections are active. You should never need to -change this parameter. - -Default: \fBstatus = yes\fR -.TP \fBstrict allocate (S)\fR This is a boolean that controls the handling of disk space allocation in the server. When this is set to yes @@ -6689,20 +6632,6 @@ the tdb internal code. Default: \fBuse mmap = yes\fR .TP -\fBuse rhosts (G)\fR -If this global parameter is true, it specifies -that the UNIX user's \fI.rhosts\fR file in their home directory -will be read to find the names of hosts and users who will be allowed -access without specifying a password. - -\fBNOTE:\fR The use of \fIuse rhosts -\fR can be a major security hole. This is because you are -trusting the PC to supply the correct username. It is very easy to -get a PC to supply a false username. I recommend that the \fI use rhosts\fR option be only used if you really know what -you are doing. - -Default: \fBuse rhosts = no\fR -.TP \fBuser (S)\fR Synonym for \fI username\fR. .TP @@ -7137,7 +7066,7 @@ Example: \fBwinbind uid = 10000-20000\fR .TP \fBwinbind use default domain\fR .TP -\fBwinbind use default domain\fR +\fBwinbind use default domain (G)\fR This parameter specifies whether the winbindd(8) daemon should operate on users without domain component in their username. Users without a domain component are treated as is part of the winbindd server's diff --git a/docs/textdocs/ADS-HOWTO.txt b/docs/textdocs/ADS-HOWTO.txt deleted file mode 100644 index 7a066c69ec..0000000000 --- a/docs/textdocs/ADS-HOWTO.txt +++ /dev/null @@ -1,142 +0,0 @@ -Samba 3.0 prealpha guide to Kerberos authentication ---------------------------------------------------- - -Andrew Tridgell -tridge@samba.org - -This is a VERY ROUGH guide to setting up the current (November 2001) -pre-alpha version of Samba 3.0 with kerberos authentication against a -Windows2000 KDC. The procedures listed here are likely to change as -the code develops. - -Pieces you need before you begin: - -- a Windows 2000 server -- the latest CVS source code for Samba. See http://cvs.samba.org/ for how to - fetch this. -- the MIT kerberos development libraries (either install from the - above sources or use a package). Under debian you need "libkrb5-dev" - and "krb5-user". The heimdal libraries will not work. -- the OpenLDAP development libraries. - -On RedHat this means you should have at least: - -krb5-workstation (for kinit) -krb5-libs (for linking with) -krb5-devel (because you are compiling from source) - -in addition to the standard development environment. - -Note that these are not standard on a RedHat install, and you may need -to get them off CD2. - -Also check that you have the latest copy of this HOWTO. It is -available from http://samba.org/ftp/tridge/kerberos/HOWTO - -Step 1: Compile Samba - - If your kerberos libraries are in a non-standard location then - remember to add the configure option --with-krb5=DIR. - - After you run configure make sure that include/config.h contains - lines like this: - - #define HAVE_KRB5 1 - #define HAVE_LDAP 1 - - If it doesn't then configure did not find your krb5 libraries or - your ldap libraries. Look in config.log to figure out why and fix - it. - - Then compile and install Samba as usual. You must use at least the - following 3 options in smb.conf: - - realm = YOUR.KERBEROS.REALM - ads server = your.kerberos.server - security = ADS - encrypt passwords = yes - - Strictly speaking, you can omit the realm name and you can use an IP - address for the ads server. In that case Samba will auto-detect these. - - You do *not* need a smbpasswd file, although it won't do any harm - and if you have one then Samba will be able to fall back to normal - password security for older clients. I expect that the above - required options will change soon when we get better active - directory integration. - - -Step 2: Setup your /etc/krb5.conf - - The minimal configuration for krb5.conf is: - - [realms] - YOUR.KERBEROS.REALM = { - kdc = your.kerberos.server - } - - - Test your config by doing a "kinit USERNAME@REALM" and making sure that - your password is accepted by the Win2000 KDC. - - NOTE: The realm must be uppercase. - - You also must ensure that you can do a reverse DNS lookup on the IP - address of your KDC. Also, the name that this reverse lookup maps to - must either be the netbios name of the KDC (ie. the hostname with no - domain attached) or it can alternatively be the netbios name - followed by the realm. - - The easiest way to ensure you get this right is to add a /etc/hosts - entry mapping the IP address of your KDC to its netbios name. If you - don't get this right then you will get a "local error" when you try - to join the realm. - -* If all you want is kerberos support in smbclient then you can skip -* straight to step 5 now. Step 3 is only needed if you want kerberos -* support in smbd. - - -Step 3: Create the computer account - - Do a "kinit" as a user that has authority to change arbitrary - passwords on the KDC ("Administrator" is a good choice). Then as a - user that has write permission on the Samba private directory - (usually root) run: - - net ads join - - Possible errors: - - "bash: kinit: command not found": - - kinit is in the krb5-workstation RPM on RedHat systems, and is - in /usr/kerberos/bin, so it won't be in the path until - you log in again (or open a new terminal) - - "ADS support not compiled in" - - Samba must be reconfigured (remove config.cache) and - recompiled (make clean all install) after the kerberos libs - and headers are installed. - - -Step 4: Test your server setup - - On a Windows 2000 client try "net use * \\server\share". You should - be logged in with kerberos without needing to know a password. If - this fails then run "klist tickets". Did you get a ticket for the - server? Does it have an encoding type of DES-CBC-MD5 ? - -Step 5: Testing with smbclient - - On your Samba server try to login to a Win2000 server or your Samba - server using smbclient and kerberos. Use smbclient as usual, but - specify the -k option to choose kerberos authentication. - - --------- - -NOTES: - - must change administrator password at least once after DC install, - to create the right encoding types - - - w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in - their defaults DNS setup. Maybe fixed in service packs? - -- cgit From 15d544de7d27cac50718406da2ed6e61b46b7b96 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Oct 2002 16:32:26 +0000 Subject: Document 'hide special files' (This used to be commit 36a9fe66c50021443a9d4336f9413a2afd5d3af3) --- docs/docbook/manpages/smb.conf.5.sgml | 12 ++++++++++++ docs/manpages/smb.conf.5 | 12 +++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 8cb40e2284..79b7afda49 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -640,6 +640,7 @@ hide local users hide unreadable hide unwriteable files + hide special files homedir map host msdfs hostname lookups @@ -2975,6 +2976,17 @@ + + hide special files (G) + This parameter prevents clients from seeing + special files such as sockets, devices and fifo's in directory + listings. + + + Default: hide special files = no + + + homedir map (G) Ifnis homedir diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 0f07da2c3e..0fcf0179b8 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMB.CONF" "5" "02 oktober 2002" "" "" +.TH "SMB.CONF" "5" "03 oktober 2002" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -634,6 +634,9 @@ each parameter for details. Note that some are synonyms. \fIhide unwriteable files\fR .TP 0.2i \(bu +\fIhide special files\fR +.TP 0.2i +\(bu \fIhomedir map\fR .TP 0.2i \(bu @@ -3009,6 +3012,13 @@ Note that unwriteable directories are shown as usual. Default: \fBhide unwriteable = no\fR .TP +\fBhide special files (G)\fR +This parameter prevents clients from seeing +special files such as sockets, devices and fifo's in directory +listings. + +Default: \fBhide special files = no\fR +.TP \fBhomedir map (G)\fR If\fInis homedir \fR is true, and \fBsmbd(8)\fR is also acting -- cgit From 16612b8d32b136c7877f4b1b2c6034d180458d6c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 3 Oct 2002 16:57:37 +0000 Subject: merge sendfile entry from SAMBA_2_2 and fix typo (This used to be commit 068d7ab14c0f6f83b61e6fe1724ef00ca2e0e590) --- docs/docbook/manpages/smb.conf.5.sgml | 208 ++++++++++++++++++++-------------- docs/manpages/net.8 | 139 ++++++++++++++++++++--- docs/manpages/smb.conf.5 | 189 +++++++++++++++++------------- 3 files changed, 355 insertions(+), 181 deletions(-) (limited to 'docs') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 79b7afda49..5ce8691076 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -109,7 +109,7 @@ [foo] path = /home/bar - writeable = true + read only = no @@ -124,9 +124,9 @@ [aprinter] path = /usr/spool/public - writeable = false - printable = true - guest ok = true + read only = yes + printable = yes + guest ok = yes @@ -195,7 +195,7 @@ [homes] - writeable = yes + read only = no @@ -761,6 +761,8 @@ unix password sync update encrypted use mmap + use rhosts + use sendfile username level username map utmp @@ -1395,7 +1397,7 @@ queue the lock request, and periodically attempt to obtain the lock until the timeout period expires. - If this parameter is set to false, then + If this parameter is set to no, then Samba 2.2 will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained. @@ -1444,7 +1446,7 @@ This controls whether smbd(8) will serve a browse list to a client doing a NetServerEnum call. Normally - set to true. You should never need to change + set to yes. You should never need to change this. Default: browse list = yes @@ -2028,11 +2030,11 @@ This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the veto files - option). If this option is set to false (the default) then if a vetoed + option). If this option is set to no (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want. - If this option is set to true, then Samba + If this option is set to yes, then Samba will attempt to recursively delete any files and directories within the vetoed directory. This can be useful for integration with file serving systems such as NetAtalk which create meta-files within @@ -2290,7 +2292,7 @@ domain logons (G) - If set to true, the Samba server will serve + If set to yes, the Samba server will serve Windows 95/98 Domain logons for the workgroup it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows @@ -2428,7 +2430,7 @@ default, Samba runs with POSIX semantics and refuses to change the timestamp on a file if the user smbd is acting on behalf of is not the file owner. Setting this option to - true allows DOS semantics and smbd will change the file + yes allows DOS semantics and smbd will change the file timestamp as DOS requires. Default: dos filetimes = no @@ -2820,7 +2822,7 @@ caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially when the wide links - parameter is set to false. + parameter is set to no. Default: getwd cache = yes @@ -2977,7 +2979,7 @@ - hide special files (G) + hide special files (G) This parameter prevents clients from seeing special files such as sockets, devices and fifo's in directory listings. @@ -2990,7 +2992,7 @@ homedir map (G) Ifnis homedir - is true, and is yes, and smbd(8) is also acting as a Win95/98 logon server then this parameter specifies the NIS (or YP) map from which the server for the user's @@ -3564,7 +3566,7 @@ oplocks are supported then level2 oplocks are not granted (even if this parameter is set to yes). Note also, the oplocks - parameter must be set to true on this share in order for + parameter must be set to yes on this share in order for this parameter to have any effect. See also the oplocks @@ -3585,10 +3587,10 @@ nmbd(8) will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three - values, true, false, or + values, yes, no, or auto. The default is auto. - If set to false Samba will never produce these - broadcasts. If set to true Samba will produce + If set to no Samba will never produce these + broadcasts. If set to yes Samba will produce Lanman announce broadcasts at a frequency set by the parameter lm interval. If set to auto Samba will not send Lanman announce broadcasts by default but will @@ -3643,15 +3645,15 @@ local master (G) This option allows nmbd(8) to try and become a local master browser - on a subnet. If set to false then + on a subnet. If set to no then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By - default this value is set to true. Setting this value to true doesn't + default this value is set to yes. Setting this value to yes doesn't mean that Samba will become the local master browser on a subnet, just that nmbd will participate in elections for local master browser. - Setting this value to false will cause nmbd + Setting this value to no will cause nmbd never to become a local master browser. Default: local master = yes @@ -5415,7 +5417,7 @@ if the expect string is a full stop then no string is expected. If the pam - password change parameter is set to true, the chat pairs + password change parameter is set to yes, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions. @@ -5477,7 +5479,7 @@ it. Note that if the unix - password sync parameter is set to true + password sync parameter is set to yes then this program is called AS ROOT before the SMB password in the smbpasswd(5) file is changed. If this UNIX password change fails, then @@ -5488,7 +5490,7 @@ is set this parameter MUST USE ABSOLUTE PATHS for ALL programs called, and must be examined for security implications. Note that by default unix - password sync is set to false. + password sync is set to no. See also unix password sync. @@ -5777,7 +5779,7 @@ url="nmbd.8.html">nmbd(8) is a preferred master browser for its workgroup. - If this is set to true, on startup, nmbd + If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with @@ -5951,7 +5953,7 @@ Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling - of print data. The writeable + of print data. The read only parameter controls only non-printing access to the resource. @@ -6317,7 +6319,7 @@ This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the writeable + linkend="READONLY">read only option is set to. The list can include group names using the syntax described in the invalid users parameter. @@ -6336,8 +6338,18 @@ read only (S) - Note that this is an inverted synonym for writeable. + An inverted synonym is + writeable. + + If this parameter is yes, then users + of a service may not create or modify files in the service's + directory. + + Note that a printable service (printable = yes) + will ALWAYS allow writing to the directory + (user privileges permitting), but only via spooling operations. + + Default: read only = yes @@ -6482,10 +6494,10 @@ restrict anonymous (G) - This is a boolean parameter. If it is true, then + This is a boolean parameter. If it is yes, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, - but it doesn't. Setting it to true will force these anonymous + but it doesn't. Setting it to yes will force these anonymous connections to be denied, and the client will be required to always supply a username and password when connecting. Use of this parameter is only recommended for homogeneous NT client environments. @@ -6495,7 +6507,7 @@ likes to use anonymous connections when refreshing the share list, and this is a way to work around that. - When restrict anonymous is true, all anonymous connections + When restrict anonymous is yes, all anonymous connections are denied no matter what they are for. This can effect the ability of a machine to access the Samba Primary Domain Controller to revalidate its machine account after someone else has logged on the client @@ -6799,7 +6811,7 @@ url="smbpasswd.8.html">smbpasswd(8) has been used to add this machine into a Windows NT Domain. It expects the encrypted passwords - parameter to be set to true. In this + parameter to be set to yes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do. @@ -7302,10 +7314,10 @@ sync always (S) This is a boolean parameter that controls whether writes will always be written to stable storage before - the write call returns. If this is false then the server will be + the write call returns. If this is no then the server will be guided by the client's request in each write call (clients can set a bit indicating that a particular write should be synchronous). - If this is true then every write will be followed by a fsync() + If this is yes then every write will be followed by a fsync() call to ensure the data is written to disk. Note that the strict sync parameter must be set to yes in order for this parameter to have @@ -7477,7 +7489,7 @@ This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. - If this is set to true the program specified in the passwd + If this is set to yes the program specified in the passwd programparameter is called AS ROOT - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password change code has no @@ -7567,7 +7579,7 @@ This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a - coherent cache, and so this parameter is set to false by + coherent cache, and so this parameter is set to no by default on HPUX. On all other systems this parameter should be left alone. This parameter is provided to help the Samba developers track down problems with the tdb internal code. @@ -7580,6 +7592,26 @@ + + use rhosts (G) + If this global parameter is yes, it specifies + that the UNIX user's .rhosts file in their home directory + will be read to find the names of hosts and users who will be allowed + access without specifying a password. + + NOTE: The use of use rhosts + can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the + use rhosts option be only used if you really know what + you are doing. + + Default: use rhosts = no + + + + + user (S) Synonym for @@ -7711,28 +7743,28 @@ If any line begins with a '#' or a ';' then it is ignored - If any line begins with an '!' then the processing - will stop after that line if a mapping was done by the line. - Otherwise mapping continues with every line being processed. - Using '!' is most useful when you have a wildcard mapping line + If any line begins with an '!' then the processing + will stop after that line if a mapping was done by the line. + Otherwise mapping continues with every line being processed. + Using '!' is most useful when you have a wildcard mapping line later in the file. - - For example to map from the name admin + + For example to map from the name admin or administrator to the UNIX name root you would use: root = admin administrator - Or to map anyone in the UNIX group system + Or to map anyone in the UNIX group system to the UNIX name sys you would use: sys = @system - You can have as many mappings as you like in a username + You can have as many mappings as you like in a username map file. - - - If your system supports the NIS NETGROUP option then + + + If your system supports the NIS NETGROUP option then the netgroup database is checked before the /etc/group database for matching groups. @@ -7741,12 +7773,12 @@ tridge = "Andrew Tridgell" - would map the windows username "Andrew Tridgell" to the + would map the windows username "Andrew Tridgell" to the unix username "tridge". - The following example would map mary and fred to the - unix user sys, and map the rest to guest. Note the use of the - '!' to tell Samba to stop processing if it gets a match on + The following example would map mary and fred to the + unix user sys, and map the rest to guest. Note the use of the + '!' to tell Samba to stop processing if it gets a match on that line. @@ -7754,20 +7786,20 @@ guest = * - Note that the remapping is applied to all occurrences + Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and - fred is remapped to mary then you - will actually be connecting to \\server\mary and will need to - supply a password suitable for mary not - fred. The only exception to this is the + fred is remapped to mary then you + will actually be connecting to \\server\mary and will need to + supply a password suitable for mary not + fred. The only exception to this is the username passed to the - password server (if you have one). The password - server will receive whatever username the client supplies without + password server (if you have one). The password + server will receive whatever username the client supplies without modification. - Also note that no reverse mapping is done. The main effect - this has is with printing. Users who have been mapped may have - trouble deleting print jobs as PrintManager under WfWg will think + Also note that no reverse mapping is done. The main effect + this has is with printing. Users who have been mapped may have + trouble deleting print jobs as PrintManager under WfWg will think they don't own the print job. Default: no username map @@ -7776,13 +7808,29 @@ + + + use sendfile (S) + If this parameter is yes, and Samba + was built with the --with-sendfile-support option, and the underlying operating + system supports sendfile system call, then some SMB read calls (mainly ReadAndX + and ReadRaw) will use the more efficient sendfile system call for files that + are exclusively oplocked. This may make more efficient use of the system CPU's + and cause Samba to be faster. This is off by default as it's effects are unknown + as yet. + + + Default: use sendfile = no + + + utmp (G) - This boolean parameter is only available if + This boolean parameter is only available if Samba has been configured and compiled with the option - --with-utmp. If set to true then Samba will attempt + --with-utmp. If set to yes then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the user connecting to a Samba share. @@ -8034,7 +8082,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ getpwent() and endpwent() group of system calls. If the winbind enum users parameter is - false, calls to the getpwent system call + no, calls to the getpwent system call will not return any data. Warning: Turning off user @@ -8056,7 +8104,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ getgrent() and endgrent() group of system calls. If the winbind enum groups parameter is - false, calls to the getgrent() system + no, calls to the getgrent() system call will not return any data. Warning: Turning off group @@ -8132,9 +8180,9 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail function in a way much closer to the way they would in a native unix system. - Default: winbind use default domain = <falseg> + Default: winbind use default domain = <no> - Example: winbind use default domain = true + Example: winbind use default domain = yes @@ -8229,9 +8277,9 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ wins support (G) This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should - not set this to true unless you have a multi-subnetted network and + not set this to yes unless you have a multi-subnetted network and you wish a particular nmbd to be your WINS server. - Note that you should NEVER set this to true + Note that you should NEVER set this to yes on more than one machine in your network. Default: wins support = no @@ -8302,7 +8350,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the writeable + linkend="READONLY">read only option is set to. The list can include group names using the @group syntax. @@ -8340,8 +8388,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ write ok (S) - Synonym for - writeable. + Inverted synonym for + read only. @@ -8361,18 +8409,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ writeable (S) - An inverted synonym is - read only. - - If this parameter is no, then users - of a service may not create or modify files in the service's - directory. - - Note that a printable service (printable = yes) - will ALWAYS allow writing to the directory - (user privileges permitting), but only via spooling operations. - - Default: writeable = no + Inverted synonym for + read only. diff --git a/docs/manpages/net.8 b/docs/manpages/net.8 index fd2a450a6b..1ac5af9287 100644 --- a/docs/manpages/net.8 +++ b/docs/manpages/net.8 @@ -3,31 +3,136 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NET" "8" "01 October 2002" "" "" +.TH "NET" "8" "03 October 2002" "" "" .SH NAME net \- Tool for administration of Samba and remote CIFS servers. .SH SYNOPSIS -\fBnet\fR \fB\fR +\fBnet\fR \fB\fR [ \fB-h\fR ] [ \fB-w workgroup\fR ] [ \fB-W myworkgroup\fR ] [ \fB-U user\fR ] [ \fB-I ip-address\fR ] [ \fB-p port\fR ] [ \fB-n myname\fR ] [ \fB-s conffile\fR ] [ \fB-S server\fR ] [ \fB-C comment\fR ] [ \fB-M maxusers\fR ] [ \fB-F flags\fR ] [ \fB-j jobid\fR ] [ \fB-l\fR ] [ \fB-r\fR ] [ \fB-f\fR ] [ \fB-t timeout\fR ] [ \fB-P\fR ] [ \fB-D debuglevel\fR ] .SH "DESCRIPTION" .PP This tool is part of the Samba suite. -.SH "OPTIONS" -.PP -.SH "COMMANDS" .PP -.SH "VERSION" -.PP -This man page is incomplete for version 3.0 of the Samba -suite. -.SH "AUTHOR" +The samba net utility is meant to work just like the net utility +available for windows and DOS. +FIXME +.SH "OPTIONS" +.TP +\fB-h\fR +Display summary of all available options. +.TP +\fB-w target-workgroup\fR +Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server. +.TP +\fB-W workgroup\fR +Sets client workgroup or domain +.TP +\fB-U user\fR +User name to use +.TP +\fB-I ip-address\fR +IP address of target server to use. You have to specify either this option or a target workgroup or a target server. +.TP +\fB-p port\fR +Port on the target server to connect to. +.TP +\fB-n myname\fR +Sets name of the client. +.TP +\fB-s conffile\fR +Specify alternative configuration file that should be loaded. +.TP +\fB-S server\fR +Name of target server. You should specify either this option or a target workgroup or a target IP address. +.TP +\fB-C comment\fR +FIXME +.TP +\fB-M maxusers\fR +FIXME +.TP +\fB-F flags\fR +FIXME +.TP +\fB-j jobid\fR +FIXME +.TP +\fB-l\fR +FIXME +.TP +\fB-r\fR +FIXME +.TP +\fB-f\fR +FIXME +.TP +\fB-t timeout\fR +FIXME +.TP +\fB-P\fR +Make queries to the external server using the machine account of the local server. +.TP +\fB-D debuglevel\fR +set the debuglevel. Debug level 0 is the lowest +and 100 being the highest. This should be set to 100 if you are +planning on submitting a bug report to the Samba team (see +\fIBUGS.txt\fR). +.SH "TIME" .PP -The original Samba software and related utilities -were created by Andrew Tridgell. Samba is now developed -by the Samba Team as an Open Source project similar -to the way the Linux kernel is developed. +The \fBNET TIME\fR command allows you to view the time on a remote server +or synchronise the time on the local server with the time on the remote server. +.TP +\fB\fR +Without any options, the \fBNET TIME\fR command +displays the time on the remote server. +.TP +\fBSYSTEM\fR +Displays the time on the remote server in a format ready for /bin/date +.TP +\fBSET\fR +Tries to set the date and time of the local server to that on +the remote server using /bin/date. +.TP +\fBZONE\fR +Displays the timezone in hours from GMT on the remote computer. +.SH "RPC" .PP -The original Samba man pages were written by Karl Auer. -The current set of manpages and documentation is maintained -by the Samba Team in the same fashion as the Samba source code. +The \fBNET RPC\fR command allows you to do various +NT4 operations. +.TP +\fBJOIN -U username[%password] [options]\fR +Join a domain with specified username and password. Password +will be prompted if none is specified. +.TP +\fBJOIN [options except -U]\fR +to join a domain created in server manager +.TP +\fBUSER [misc. options] [targets]\fR +List users +.TP +\fBUSER DELETE [misc options]\fR +delete specified user +.TP +\fBUSER INFO [misc options]\fR +list the domain groups of the specified user +.TP +\fBUSER ADD [password] [-F user flags] [misc. options\fR +Add specified user +.TP +\fBGROUP [misc options] [targets]\fR +List user groups +.TP +\fBGROUP DELETE [misc. options] [targets]\fR +Delete specified group +.TP +\fBGROUP ADD [-C comment]\fR +Create specified group +.TP +\fBSHARE [misc. options] [targets]\fR +enumerates all exported resources (network shares) on target server +.TP +\fBSHARE ADD [misc. options] [targets]\fR +Adds a share from a server (makes the export active) +.TP +\fBSHARE DELETE .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMB.CONF" "5" "03 oktober 2002" "" "" +.TH "SMB.CONF" "5" "03 October 2002" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -95,7 +95,7 @@ The share is accessed via the share name "foo": .nf [foo] path = /home/bar - writeable = true + read only = no .fi @@ -110,9 +110,9 @@ elsewhere): .nf [aprinter] path = /usr/spool/public - writeable = false - printable = true - guest ok = true + read only = yes + printable = yes + guest ok = yes .fi @@ -173,7 +173,7 @@ section: .nf [homes] - writeable = yes + read only = no .fi @@ -991,6 +991,12 @@ each parameter for details. Note that some are synonyms. \fIuse mmap\fR .TP 0.2i \(bu +\fIuse rhosts\fR +.TP 0.2i +\(bu +\fIuse sendfile\fR +.TP 0.2i +\(bu \fIusername level\fR .TP 0.2i \(bu @@ -1804,7 +1810,7 @@ cannot be immediately satisfied, Samba 2.2 will internally queue the lock request, and periodically attempt to obtain the lock until the timeout period expires. -If this parameter is set to false, then +If this parameter is set to no, then Samba 2.2 will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained. @@ -1836,7 +1842,7 @@ See the \fI browseable\fR. \fBbrowse list (G)\fR This controls whether \fBsmbd(8)\fR will serve a browse list to a client doing a \fBNetServerEnum\fR call. Normally -set to true. You should never need to change +set to yes. You should never need to change this. Default: \fBbrowse list = yes\fR @@ -2263,11 +2269,11 @@ Example: \fBdelete user from group script = /usr/sbin/deluser %u %g\fR This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the \fIveto files\fR -option). If this option is set to false (the default) then if a vetoed +option). If this option is set to no (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want. -If this option is set to true, then Samba +If this option is set to yes, then Samba will attempt to recursively delete any files and directories within the vetoed directory. This can be useful for integration with file serving systems such as NetAtalk which create meta-files within @@ -2476,7 +2482,7 @@ See also the parameter \fI wins support\fR. Default: \fBdns proxy = yes\fR .TP \fBdomain logons (G)\fR -If set to true, the Samba server will serve +If set to yes, the Samba server will serve Windows 95/98 Domain logons for the \fIworkgroup\fR it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows NT 4 Domains. For more details on setting up this feature see @@ -2583,7 +2589,7 @@ file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the timestamp on a file if the user \fBsmbd\fR is acting -on behalf of is not the file owner. Setting this option to true allows DOS semantics and smbd will change the file +on behalf of is not the file owner. Setting this option to yes allows DOS semantics and smbd will change the file timestamp as DOS requires. Default: \fBdos filetimes = no\fR @@ -2904,7 +2910,7 @@ This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially when the \fIwide links\fR -parameter is set to false. +parameter is set to no. Default: \fBgetwd cache = yes\fR .TP @@ -3021,7 +3027,7 @@ Default: \fBhide special files = no\fR .TP \fBhomedir map (G)\fR If\fInis homedir -\fR is true, and \fBsmbd(8)\fR is also acting +\fR is yes, and \fBsmbd(8)\fR is also acting as a Win95/98 \fIlogon server\fR then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun @@ -3462,7 +3468,7 @@ Currently, if \fIkernel oplocks\fR are supported then level2 oplocks are not granted (even if this parameter is set to yes). Note also, the \fIoplocks\fR -parameter must be set to true on this share in order for +parameter must be set to yes on this share in order for this parameter to have any effect. See also the \fIoplocks\fR @@ -3475,10 +3481,10 @@ Default: \fBlevel2 oplocks = yes\fR This parameter determines if \fBnmbd(8)\fR will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three -values, true, false, or +values, yes, no, or auto. The default is auto. -If set to false Samba will never produce these -broadcasts. If set to true Samba will produce +If set to no Samba will never produce these +broadcasts. If set to yes Samba will produce Lanman announce broadcasts at a frequency set by the parameter \fIlm interval\fR. If set to auto Samba will not send Lanman announce broadcasts by default but will @@ -3518,13 +3524,13 @@ Default: \fBload printers = yes\fR .TP \fBlocal master (G)\fR This option allows \fB nmbd(8)\fR to try and become a local master browser -on a subnet. If set to false then \fB nmbd\fR will not attempt to become a local master browser +on a subnet. If set to no then \fB nmbd\fR will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By -default this value is set to true. Setting this value to true doesn't +default this value is set to yes. Setting this value to yes doesn't mean that Samba will \fBbecome\fR the local master browser on a subnet, just that \fBnmbd\fR will \fB participate\fR in elections for local master browser. -Setting this value to false will cause \fBnmbd\fR +Setting this value to no will cause \fBnmbd\fR \fBnever\fR to become a local master browser. Default: \fBlocal master = yes\fR @@ -4931,7 +4937,7 @@ is a full stop ".", then no string is sent. Similarly, if the expect string is a full stop then no string is expected. If the \fIpam -password change\fR parameter is set to true, the chat pairs +password change\fR parameter is set to yes, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \\n macro is ignored for PAM conversions. @@ -4979,7 +4985,7 @@ of mixed case chars and digits. This can pose a problem as some clients it. \fBNote\fR that if the \fIunix -password sync\fR parameter is set to true +password sync\fR parameter is set to yes then this program is called \fBAS ROOT\fR before the SMB password in the smbpasswd(5) file is changed. If this UNIX password change fails, then @@ -4990,7 +4996,7 @@ If the \fIunix password sync\fR parameter is set this parameter \fBMUST USE ABSOLUTE PATHS\fR for \fBALL\fR programs called, and must be examined for security implications. Note that by default \fIunix -password sync\fR is set to false. +password sync\fR is set to no. See also \fIunix password sync\fR. @@ -5229,7 +5235,7 @@ Default: \fBpreexec close = no\fR This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup. -If this is set to true, on startup, \fBnmbd\fR +If this is set to yes, on startup, \fBnmbd\fR will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with \fB\fI domain master\fB = yes\fR, so that \fB nmbd\fR can guarantee becoming a domain master. @@ -5368,7 +5374,7 @@ specified for the service. Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling -of print data. The \fIwriteable +of print data. The \fIread only \fR parameter controls only non-printing access to the resource. @@ -5628,7 +5634,7 @@ Default: \fBread bmpx = no\fR \fBread list (S)\fR This is a list of users that are given read-only access to a service. If the connecting user is in this list then -they will not be given write access, no matter what the \fIwriteable\fR +they will not be given write access, no matter what the \fIread only\fR option is set to. The list can include group names using the syntax described in the \fI invalid users\fR parameter. @@ -5640,7 +5646,17 @@ Default: \fBread list = \fR Example: \fBread list = mary, @students\fR .TP \fBread only (S)\fR -Note that this is an inverted synonym for \fIwriteable\fR. +An inverted synonym is \fIwriteable\fR. + +If this parameter is yes, then users +of a service may not create or modify files in the service's +directory. + +Note that a printable service (\fBprintable = yes\fR) +will \fBALWAYS\fR allow writing to the directory +(user privileges permitting), but only via spooling operations. + +Default: \fBread only = yes\fR .TP \fBread raw (G)\fR This parameter controls whether or not the server @@ -5754,10 +5770,10 @@ Default: \fBremote browse sync = \fR .TP \fBrestrict anonymous (G)\fR -This is a boolean parameter. If it is true, then +This is a boolean parameter. If it is yes, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, -but it doesn't. Setting it to true will force these anonymous +but it doesn't. Setting it to yes will force these anonymous connections to be denied, and the client will be required to always supply a username and password when connecting. Use of this parameter is only recommended for homogeneous NT client environments. @@ -5767,7 +5783,7 @@ on the username (%U, %G, etc) consistent. NT 4.0 likes to use anonymous connections when refreshing the share list, and this is a way to work around that. -When restrict anonymous is true, all anonymous connections +When restrict anonymous is yes, all anonymous connections are denied no matter what they are for. This can effect the ability of a machine to access the Samba Primary Domain Controller to revalidate its machine account after someone else has logged on the client @@ -6015,7 +6031,7 @@ parameter. This mode will only work correctly if smbpasswd(8) has been used to add this machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR -parameter to be set to true. In this +parameter to be set to yes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do. @@ -6447,10 +6463,10 @@ Default: \fBstrip dot = no\fR \fBsync always (S)\fR This is a boolean parameter that controls whether writes will always be written to stable storage before -the write call returns. If this is false then the server will be +the write call returns. If this is no then the server will be guided by the client's request in each write call (clients can set a bit indicating that a particular write should be synchronous). -If this is true then every write will be followed by a \fBfsync() +If this is yes then every write will be followed by a \fBfsync() \fR call to ensure the data is written to disk. Note that the \fIstrict sync\fR parameter must be set to yes in order for this parameter to have @@ -6562,7 +6578,7 @@ Default: \fBunix extensions = no\fR This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. -If this is set to true the program specified in the \fIpasswd +If this is set to yes the program specified in the \fIpasswd program\fRparameter is called \fBAS ROOT\fR - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password change code has no @@ -6635,13 +6651,27 @@ Default: \fBuse client driver = no\fR This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a -coherent cache, and so this parameter is set to false by +coherent cache, and so this parameter is set to no by default on HPUX. On all other systems this parameter should be left alone. This parameter is provided to help the Samba developers track down problems with the tdb internal code. Default: \fBuse mmap = yes\fR .TP +\fBuse rhosts (G)\fR +If this global parameter is yes, it specifies +that the UNIX user's \fI.rhosts\fR file in their home directory +will be read to find the names of hosts and users who will be allowed +access without specifying a password. + +\fBNOTE:\fR The use of \fIuse rhosts +\fR can be a major security hole. This is because you are +trusting the PC to supply the correct username. It is very easy to +get a PC to supply a false username. I recommend that the \fI use rhosts\fR option be only used if you really know what +you are doing. + +Default: \fBuse rhosts = no\fR +.TP \fBuser (S)\fR Synonym for \fI username\fR. .TP @@ -6752,26 +6782,26 @@ on the left. Processing then continues with the next line. If any line begins with a '#' or a ';' then it is ignored -If any line begins with an '!' then the processing -will stop after that line if a mapping was done by the line. -Otherwise mapping continues with every line being processed. -Using '!' is most useful when you have a wildcard mapping line +If any line begins with an '!' then the processing +will stop after that line if a mapping was done by the line. +Otherwise mapping continues with every line being processed. +Using '!' is most useful when you have a wildcard mapping line later in the file. -For example to map from the name admin +For example to map from the name admin or administrator to the UNIX name root you would use: \fBroot = admin administrator\fR -Or to map anyone in the UNIX group system +Or to map anyone in the UNIX group system to the UNIX name sys you would use: \fBsys = @system\fR -You can have as many mappings as you like in a username +You can have as many mappings as you like in a username map file. -If your system supports the NIS NETGROUP option then +If your system supports the NIS NETGROUP option then the netgroup database is checked before the \fI/etc/group \fR database for matching groups. @@ -6780,12 +6810,12 @@ by using double quotes around the name. For example: \fBtridge = "Andrew Tridgell"\fR -would map the windows username "Andrew Tridgell" to the +would map the windows username "Andrew Tridgell" to the unix username "tridge". -The following example would map mary and fred to the -unix user sys, and map the rest to guest. Note the use of the -\&'!' to tell Samba to stop processing if it gets a match on +The following example would map mary and fred to the +unix user sys, and map the rest to guest. Note the use of the +\&'!' to tell Samba to stop processing if it gets a match on that line. @@ -6795,18 +6825,18 @@ that line. .fi -Note that the remapping is applied to all occurrences -of usernames. Thus if you connect to \\\\server\\fred and fred is remapped to mary then you -will actually be connecting to \\\\server\\mary and will need to -supply a password suitable for mary not -fred. The only exception to this is the -username passed to the \fI password server\fR (if you have one). The password -server will receive whatever username the client supplies without +Note that the remapping is applied to all occurrences +of usernames. Thus if you connect to \\\\server\\fred and fred is remapped to mary then you +will actually be connecting to \\\\server\\mary and will need to +supply a password suitable for mary not +fred. The only exception to this is the +username passed to the \fI password server\fR (if you have one). The password +server will receive whatever username the client supplies without modification. -Also note that no reverse mapping is done. The main effect -this has is with printing. Users who have been mapped may have -trouble deleting print jobs as PrintManager under WfWg will think +Also note that no reverse mapping is done. The main effect +this has is with printing. Users who have been mapped may have +trouble deleting print jobs as PrintManager under WfWg will think they don't own the print job. Default: \fBno username map\fR @@ -6814,9 +6844,20 @@ Default: \fBno username map\fR Example: \fBusername map = /usr/local/samba/lib/users.map \fR .TP +\fBuse sendfile (S)\fR +If this parameter is yes, and Samba +was built with the --with-sendfile-support option, and the underlying operating +system supports sendfile system call, then some SMB read calls (mainly ReadAndX +and ReadRaw) will use the more efficient sendfile system call for files that +are exclusively oplocked. This may make more efficient use of the system CPU's +and cause Samba to be faster. This is off by default as it's effects are unknown +as yet. + +Default: \fBuse sendfile = no\fR +.TP \fButmp (G)\fR -This boolean parameter is only available if -Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to true then Samba will attempt +This boolean parameter is only available if +Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to yes then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the user connecting to a Samba share. @@ -7010,7 +7051,7 @@ necessary to suppress the enumeration of users through the \fBgetpwent()\fR and \fBendpwent()\fR group of system calls. If the \fIwinbind enum users\fR parameter is -false, calls to the \fBgetpwent\fR system call +no, calls to the \fBgetpwent\fR system call will not return any data. \fBWarning:\fR Turning off user @@ -7029,7 +7070,7 @@ necessary to suppress the enumeration of groups through the \fBgetgrent()\fR and \fBendgrent()\fR group of system calls. If the \fIwinbind enum groups\fR parameter is -false, calls to the \fBgetgrent()\fR system +no, calls to the \fBgetgrent()\fR system call will not return any data. \fBWarning:\fR Turning off group @@ -7083,10 +7124,10 @@ Users without a domain component are treated as is part of the winbindd server's own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail function in a way much closer to the way they would in a native unix system. -Default: \fBwinbind use default domain = +Default: \fBwinbind use default domain = \fR -Example: \fBwinbind use default domain = true\fR +Example: \fBwinbind use default domain = yes\fR .TP \fBwins hook (G)\fR When Samba is running as a WINS server this @@ -7163,9 +7204,9 @@ Example: \fBwins server = 192.9.200.1\fR \fBwins support (G)\fR This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should -not set this to true unless you have a multi-subnetted network and +not set this to yes unless you have a multi-subnetted network and you wish a particular \fBnmbd\fR to be your WINS server. -Note that you should \fBNEVER\fR set this to true +Note that you should \fBNEVER\fR set this to yes on more than one machine in your network. Default: \fBwins support = no\fR @@ -7212,7 +7253,7 @@ for a 256k cache size per file. \fBwrite list (S)\fR This is a list of users that are given read-write access to a service. If the connecting user is in this list then -they will be given write access, no matter what the \fIwriteable\fR +they will be given write access, no matter what the \fIread only\fR option is set to. The list can include group names using the @group syntax. @@ -7240,7 +7281,7 @@ Default: \fBwins partners = \fR Example: \fBwins partners = 192.168.0.1 172.16.1.2\fR .TP \fBwrite ok (S)\fR -Synonym for \fI writeable\fR. +Inverted synonym for \fI read only\fR. .TP \fBwrite raw (G)\fR This parameter controls whether or not the server @@ -7250,17 +7291,7 @@ You should never need to change this parameter. Default: \fBwrite raw = yes\fR .TP \fBwriteable (S)\fR -An inverted synonym is \fIread only\fR. - -If this parameter is no, then users -of a service may not create or modify files in the service's -directory. - -Note that a printable service (\fBprintable = yes\fR) -will \fBALWAYS\fR allow writing to the directory -(user privileges permitting), but only via spooling operations. - -Default: \fBwriteable = no\fR +Inverted synonym for \fI read only\fR. .SH "WARNINGS" .PP Although the configuration file permits service names -- cgit From 8f3fc6ac4b6cb147cdf7d7bfe1ffbefbbb1bac42 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 3 Oct 2002 17:17:54 +0000 Subject: fix typos in net.8.sgml so it will compile and regenerate html versions of manpages.... (This used to be commit 4d4ef0d34afb43e62b4bec274fd4e64cda04c949) --- docs/docbook/manpages/net.8.sgml | 19 +- docs/htmldocs/net.8.html | 322 ++++- docs/htmldocs/smb.conf.5.html | 2831 ++++++++++++++++---------------------- docs/manpages/net.8 | 17 +- 4 files changed, 1532 insertions(+), 1657 deletions(-) (limited to 'docs') diff --git a/docs/docbook/manpages/net.8.sgml b/docs/docbook/manpages/net.8.sgml index 8e777d2afe..aab9032f14 100644 --- a/docs/docbook/manpages/net.8.sgml +++ b/docs/docbook/manpages/net.8.sgml @@ -48,7 +48,6 @@ The samba net utility is meant to work just like the net utility available for windows and DOS. - FIXME @@ -60,7 +59,7 @@ Display summary of all available options. - + @@ -198,7 +197,7 @@ TIME The NET TIME command allows you to view the time on a remote server - or synchronise the time on the local server with the time on the remote server. + or synchronise the time on the local server with the time on the remote server. @@ -245,7 +244,7 @@ Join a domain with specified username and password. Password will be prompted if none is specified. - + @@ -273,14 +272,14 @@ USER INFO <name> [misc options] list the domain groups of the specified user - + USER ADD <name> [password] [-F user flags] [misc. options Add specified user - + @@ -319,9 +318,11 @@ - SHARE DELETE <sharenam - - + SHARE DELETE <sharenam + + + + VERSION diff --git a/docs/htmldocs/net.8.html b/docs/htmldocs/net.8.html index 77cb2b2b38..97b0e8dc59 100644 --- a/docs/htmldocs/net.8.html +++ b/docs/htmldocs/net.8.html @@ -1,10 +1,12 @@ + net

              net

              net

              Synopsis

              net {<ads|rap|rpc>}

              {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-C comment] [-M maxusers] [-F flags] [-j jobid] [-l] [-r] [-f] [-t timeout] [-P] [-D debuglevel]

              DESCRIPTION

              Samba suite.

              The samba net utility is meant to work just like the net utility + available for windows and DOS.

              OPTIONS

              -h

              Display summary of all available options. + +

              -w target-workgroup

              Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server. +

              -W workgroup

              Sets client workgroup or domain +

              -U user

              User name to use +

              -I ip-address

              IP address of target server to use. You have to specify either this option or a target workgroup or a target server. +

              -p port

              Port on the target server to connect to. +

              -n myname

              Sets name of the client. +

              -s conffile

              Specify alternative configuration file that should be loaded. +

              -S server

              Name of target server. You should specify either this option or a target workgroup or a target IP address. +

              -C comment

              FIXME +

              -M maxusers

              FIXME +

              -F flags

              FIXME +

              -j jobid

              FIXME +

              -l

              FIXME +

              -r

              FIXME +

              -f

              FIXME +

              -t timeout

              FIXME +

              -P

              Make queries to the external server using the machine account of the local server. +

              -D debuglevel

              set the debuglevel. Debug level 0 is the lowest + and 100 being the highest. This should be set to 100 if you are + planning on submitting a bug report to the Samba team (see + BUGS.txt). +

              TIME

              The NET TIME command allows you to view the time on a remote server + or synchronise the time on the local server with the time on the remote server.

              Without any options, the NET TIME command + displays the time on the remote server. +

              SYSTEM

              Displays the time on the remote server in a format ready for /bin/date +

              SET

              Tries to set the date and time of the local server to that on + the remote server using /bin/date. +

              ZONE

              Displays the timezone in hours from GMT on the remote computer. +

              COMMANDS

              RPC

              The NET RPC command allows you to do various + NT4 operations.

              JOIN -U username[%password] [options]

              Join a domain with specified username and password. Password + will be prompted if none is specified.

              JOIN [options except -U]

              to join a domain created in server manager +

              USER [misc. options] [targets]

              List users +

              USER DELETE <name> [misc options]

              delete specified user +

              USER INFO <name> [misc options]

              list the domain groups of the specified user +

              USER ADD <name> [password] [-F user flags] [misc. options

              Add specified user +

              GROUP [misc options] [targets]

              List user groups +

              GROUP DELETE <name> [misc. options] [targets]

              Delete specified group +

              GROUP ADD <name> [-C comment]

              Create specified group +

              SHARE [misc. options] [targets]

              enumerates all exported resources (network shares) on target server +

              SHARE ADD <name=serverpath> [misc. options] [targets]

              Adds a share from a server (makes the export active) +

              SHARE DELETE <sharenam

              VERSION

              AUTHOR

              + <P >There are three special sections, [global], [homes] and [printers], which are - described under <SPAN -CLASS="emphasis" -><I + described under <I CLASS="EMPHASIS" >special sections</I -></SPAN >. The following notes apply to ordinary section descriptions.</P ><P @@ -142,20 +139,14 @@ CLASS="EMPHASIS" printable services (used by the client to access print services on the host running the server).</P ><P ->Sections may be designated <SPAN -CLASS="emphasis" -><I +>Sections may be designated <I CLASS="EMPHASIS" >guest</I -></SPAN > services, in which case no password is required to access them. A specified - UNIX <SPAN -CLASS="emphasis" -><I + UNIX <I CLASS="EMPHASIS" >guest account</I -></SPAN > is used to define access privileges in this case.</P ><P @@ -177,41 +168,56 @@ CLASS="FILENAME" >/home/bar</TT >. The share is accessed via the share name "foo":</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT CLASS="COMPUTEROUTPUT" > [foo] path = /home/bar - writeable = true + read only = no </TT > </PRE +></TD +></TR +></TABLE ><P >The following sample section defines a printable share. The share is readonly, but printable. That is, the only write access permitted is via calls to open, write to and close a - spool file. The <SPAN -CLASS="emphasis" -><I + spool file. The <I CLASS="EMPHASIS" >guest ok</I -></SPAN > parameter means access will be permitted as the default guest user (specified elsewhere):</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT CLASS="COMPUTEROUTPUT" > [aprinter] path = /usr/spool/public - writeable = false - printable = true - guest ok = true + read only = yes + printable = yes + guest ok = yes </TT > </PRE +></TD +></TR +></TABLE ></DIV ><DIV CLASS="REFSECT1" @@ -269,12 +275,9 @@ NAME="AEN53" ></LI ></UL ><P ->If you decide to use a <SPAN -CLASS="emphasis" -><I +>If you decide to use a <I CLASS="EMPHASIS" >path =</I -></SPAN > line in your [homes] section then you may find it useful to use the %S macro. For example :</P @@ -303,50 +306,47 @@ CLASS="USERINPUT" a normal service section can specify, though some make more sense than others. The following is a typical and suitable [homes] section:</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT CLASS="COMPUTEROUTPUT" > [homes] - writeable = yes + read only = no </TT > </PRE +></TD +></TR +></TABLE ><P >An important point is that if guest access is specified in the [homes] section, all home directories will be - visible to all clients <SPAN -CLASS="emphasis" -><I + visible to all clients <I CLASS="EMPHASIS" >without a password</I -></SPAN >. In the very unlikely event that this is actually desirable, it - would be wise to also specify <SPAN -CLASS="emphasis" -><I + would be wise to also specify <I CLASS="EMPHASIS" >read only access</I -></SPAN >.</P ><P ->Note that the <SPAN -CLASS="emphasis" -><I +>Note that the <I CLASS="EMPHASIS" >browseable</I -></SPAN > flag for auto home directories will be inherited from the global browseable flag, not the [homes] browseable flag. This is useful as - it means setting <SPAN -CLASS="emphasis" -><I + it means setting <I CLASS="EMPHASIS" >browseable = no</I -></SPAN > in the [homes] section will hide the [homes] share but make any auto home directories visible.</P @@ -406,6 +406,12 @@ NAME="AEN79" world-writeable spool directory with the sticky bit set on it. A typical [printers] entry would look like this:</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" ><TT @@ -416,12 +422,21 @@ CLASS="COMPUTEROUTPUT" printable = yes </TT ></PRE +></TD +></TR +></TABLE ><P >All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. If your printing subsystem doesn't work like that, you will have to set up a pseudo-printcap. This is a file consisting of one or more lines like this:</P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD ><PRE CLASS="SCREEN" > <TT @@ -430,6 +445,9 @@ CLASS="COMPUTEROUTPUT" </TT > </PRE +></TD +></TR +></TABLE ><P >Each alias should be an acceptable printer name for your printing subsystem. In the [global] section, specify @@ -461,44 +479,29 @@ NAME="AEN102" >parameters define the specific attributes of sections.</P ><P >Some parameters are specific to the [global] section - (e.g., <SPAN -CLASS="emphasis" -><I + (e.g., <I CLASS="EMPHASIS" >security</I -></SPAN >). Some parameters are usable - in all sections (e.g., <SPAN -CLASS="emphasis" -><I + in all sections (e.g., <I CLASS="EMPHASIS" >create mode</I -></SPAN >). All others are permissible only in normal sections. For the purposes of the following descriptions the [homes] and [printers] - sections will be considered normal. The letter <SPAN -CLASS="emphasis" -><I + sections will be considered normal. The letter <I CLASS="EMPHASIS" >G</I -></SPAN > in parentheses indicates that a parameter is specific to the - [global] section. The letter <SPAN -CLASS="emphasis" -><I + [global] section. The letter <I CLASS="EMPHASIS" >S</I -></SPAN > indicates that a parameter can be specified in a service specific - section. Note that all <SPAN -CLASS="emphasis" -><I + section. Note that all <I CLASS="EMPHASIS" >S</I -></SPAN > parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.</P @@ -618,12 +621,9 @@ CLASS="VARIABLELIST" ><P >the name of your NIS home directory server. This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the <SPAN -CLASS="emphasis" -><I + not compiled Samba with the <I CLASS="EMPHASIS" >--with-automount</I -></SPAN > option then this value will be the same as %L.</P ></DD @@ -733,12 +733,9 @@ CLASS="VARIABLELIST" > controls if names that have characters that aren't of the "default" case are mangled. For example, if this is yes then a name like "Mail" would be mangled. - Default <SPAN -CLASS="emphasis" -><I + Default <I CLASS="EMPHASIS" >no</I -></SPAN >.</P ></DD ><DT @@ -747,12 +744,9 @@ CLASS="EMPHASIS" ><P >controls whether filenames are case sensitive. If they aren't then Samba must do a filename search and match on passed - names. Default <SPAN -CLASS="emphasis" -><I + names. Default <I CLASS="EMPHASIS" >no</I -></SPAN >.</P ></DD ><DT @@ -760,12 +754,9 @@ CLASS="EMPHASIS" ><DD ><P >controls what the default case is for new - filenames. Default <SPAN -CLASS="emphasis" -><I + filenames. Default <I CLASS="EMPHASIS" >lower</I -></SPAN >.</P ></DD ><DT @@ -774,12 +765,9 @@ CLASS="EMPHASIS" ><P >controls if new files are created with the case that the client passes, or if they are forced to be the - "default" case. Default <SPAN -CLASS="emphasis" -><I + "default" case. Default <I CLASS="EMPHASIS" >yes</I -></SPAN >. </P ></DD @@ -792,12 +780,9 @@ CLASS="EMPHASIS" upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" to permit long filenames to retain their case, while short names - are lowercased. Default <SPAN -CLASS="emphasis" -><I + are lowercased. Default <I CLASS="EMPHASIS" >yes</I -></SPAN >.</P ></DD ></DL @@ -900,7 +885,7 @@ NAME="AEN255" ><LI ><P ><A -HREF="index.html#ABORTSHUTDOWNSCRIPT" +HREF="r1.html#ABORTSHUTDOWNSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -912,7 +897,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ADDGROUPSCRIPT" +HREF="r1.html#ADDGROUPSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -924,7 +909,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ADDPRINTERCOMMAND" +HREF="r1.html#ADDPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -936,7 +921,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ADDSHARECOMMAND" +HREF="r1.html#ADDSHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -948,7 +933,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ADDUSERSCRIPT" +HREF="r1.html#ADDUSERSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -960,7 +945,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ADDUSERTOGROUPSCRIPT" +HREF="r1.html#ADDUSERTOGROUPSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -972,7 +957,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ADDMACHINESCRIPT" +HREF="r1.html#ADDMACHINESCRIPT" ><TT CLASS="PARAMETER" ><I @@ -984,7 +969,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DELETEGROUPSCRIPT" +HREF="r1.html#DELETEGROUPSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -996,7 +981,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ADSSERVER" +HREF="r1.html#ADSSERVER" ><TT CLASS="PARAMETER" ><I @@ -1008,7 +993,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ALGORITHMICRIDBASE" +HREF="r1.html#ALGORITHMICRIDBASE" ><TT CLASS="PARAMETER" ><I @@ -1020,7 +1005,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ALLOWTRUSTEDDOMAINS" +HREF="r1.html#ALLOWTRUSTEDDOMAINS" ><TT CLASS="PARAMETER" ><I @@ -1032,7 +1017,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ANNOUNCEAS" +HREF="r1.html#ANNOUNCEAS" ><TT CLASS="PARAMETER" ><I @@ -1044,7 +1029,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ANNOUNCEVERSION" +HREF="r1.html#ANNOUNCEVERSION" ><TT CLASS="PARAMETER" ><I @@ -1056,7 +1041,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#AUTHMETHODS" +HREF="r1.html#AUTHMETHODS" ><TT CLASS="PARAMETER" ><I @@ -1068,7 +1053,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#AUTOSERVICES" +HREF="r1.html#AUTOSERVICES" ><TT CLASS="PARAMETER" ><I @@ -1080,7 +1065,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#BINDINTERFACESONLY" +HREF="r1.html#BINDINTERFACESONLY" ><TT CLASS="PARAMETER" ><I @@ -1092,7 +1077,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#BROWSELIST" +HREF="r1.html#BROWSELIST" ><TT CLASS="PARAMETER" ><I @@ -1104,7 +1089,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#CHANGENOTIFYTIMEOUT" +HREF="r1.html#CHANGENOTIFYTIMEOUT" ><TT CLASS="PARAMETER" ><I @@ -1116,7 +1101,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#CHANGESHARECOMMAND" +HREF="r1.html#CHANGESHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -1128,7 +1113,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#CONFIGFILE" +HREF="r1.html#CONFIGFILE" ><TT CLASS="PARAMETER" ><I @@ -1140,7 +1125,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEADTIME" +HREF="r1.html#DEADTIME" ><TT CLASS="PARAMETER" ><I @@ -1152,7 +1137,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEBUGHIRESTIMESTAMP" +HREF="r1.html#DEBUGHIRESTIMESTAMP" ><TT CLASS="PARAMETER" ><I @@ -1164,7 +1149,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEBUGPID" +HREF="r1.html#DEBUGPID" ><TT CLASS="PARAMETER" ><I @@ -1176,7 +1161,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEBUGTIMESTAMP" +HREF="r1.html#DEBUGTIMESTAMP" ><TT CLASS="PARAMETER" ><I @@ -1188,7 +1173,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEBUGUID" +HREF="r1.html#DEBUGUID" ><TT CLASS="PARAMETER" ><I @@ -1200,7 +1185,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEBUGLEVEL" +HREF="r1.html#DEBUGLEVEL" ><TT CLASS="PARAMETER" ><I @@ -1212,7 +1197,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEFAULT" +HREF="r1.html#DEFAULT" ><TT CLASS="PARAMETER" ><I @@ -1224,7 +1209,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEFAULTSERVICE" +HREF="r1.html#DEFAULTSERVICE" ><TT CLASS="PARAMETER" ><I @@ -1236,7 +1221,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DELETEPRINTERCOMMAND" +HREF="r1.html#DELETEPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -1248,7 +1233,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DELETESHARECOMMAND" +HREF="r1.html#DELETESHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -1260,7 +1245,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DELETEUSERSCRIPT" +HREF="r1.html#DELETEUSERSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -1272,7 +1257,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DELETEUSERFROMGROUPSCRIPT" +HREF="r1.html#DELETEUSERFROMGROUPSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -1284,7 +1269,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DFREECOMMAND" +HREF="r1.html#DFREECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -1296,7 +1281,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DISABLENETBIOS" +HREF="r1.html#DISABLENETBIOS" ><TT CLASS="PARAMETER" ><I @@ -1308,7 +1293,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DISABLESPOOLSS" +HREF="r1.html#DISABLESPOOLSS" ><TT CLASS="PARAMETER" ><I @@ -1320,7 +1305,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DISPLAYCHARSET" +HREF="r1.html#DISPLAYCHARSET" ><TT CLASS="PARAMETER" ><I @@ -1332,7 +1317,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DNSPROXY" +HREF="r1.html#DNSPROXY" ><TT CLASS="PARAMETER" ><I @@ -1344,31 +1329,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DOMAINADMINGROUP" -><TT -CLASS="PARAMETER" -><I ->domain admin group</I -></TT -></A -></P -></LI -><LI -><P -><A -HREF="index.html#DOMAINGUESTGROUP" -><TT -CLASS="PARAMETER" -><I ->domain guest group</I -></TT -></A -></P -></LI -><LI -><P -><A -HREF="index.html#DOMAINLOGONS" +HREF="r1.html#DOMAINLOGONS" ><TT CLASS="PARAMETER" ><I @@ -1380,7 +1341,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DOMAINMASTER" +HREF="r1.html#DOMAINMASTER" ><TT CLASS="PARAMETER" ><I @@ -1392,7 +1353,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DOSCHARSET" +HREF="r1.html#DOSCHARSET" ><TT CLASS="PARAMETER" ><I @@ -1404,7 +1365,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ENCRYPTPASSWORDS" +HREF="r1.html#ENCRYPTPASSWORDS" ><TT CLASS="PARAMETER" ><I @@ -1416,7 +1377,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ENHANCEDBROWSING" +HREF="r1.html#ENHANCEDBROWSING" ><TT CLASS="PARAMETER" ><I @@ -1428,7 +1389,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ENUMPORTSCOMMAND" +HREF="r1.html#ENUMPORTSCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -1440,7 +1401,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#GETWDCACHE" +HREF="r1.html#GETWDCACHE" ><TT CLASS="PARAMETER" ><I @@ -1452,7 +1413,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HIDELOCALUSERS" +HREF="r1.html#HIDELOCALUSERS" ><TT CLASS="PARAMETER" ><I @@ -1464,7 +1425,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HIDEUNREADABLE" +HREF="r1.html#HIDEUNREADABLE" ><TT CLASS="PARAMETER" ><I @@ -1476,7 +1437,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HIDEUNWRITEABLEFILES" +HREF="r1.html#HIDEUNWRITEABLEFILES" ><TT CLASS="PARAMETER" ><I @@ -1488,7 +1449,19 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HOMEDIRMAP" +HREF="r1.html#HIDESPECIALFILES" +><TT +CLASS="PARAMETER" +><I +>hide special files</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="r1.html#HOMEDIRMAP" ><TT CLASS="PARAMETER" ><I @@ -1500,7 +1473,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HOSTMSDFS" +HREF="r1.html#HOSTMSDFS" ><TT CLASS="PARAMETER" ><I @@ -1512,7 +1485,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HOSTNAMELOOKUPS" +HREF="r1.html#HOSTNAMELOOKUPS" ><TT CLASS="PARAMETER" ><I @@ -1524,7 +1497,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HOSTSEQUIV" +HREF="r1.html#HOSTSEQUIV" ><TT CLASS="PARAMETER" ><I @@ -1536,7 +1509,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#INTERFACES" +HREF="r1.html#INTERFACES" ><TT CLASS="PARAMETER" ><I @@ -1548,7 +1521,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#KEEPALIVE" +HREF="r1.html#KEEPALIVE" ><TT CLASS="PARAMETER" ><I @@ -1560,7 +1533,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#KERNELOPLOCKS" +HREF="r1.html#KERNELOPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -1572,7 +1545,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LANMANAUTH" +HREF="r1.html#LANMANAUTH" ><TT CLASS="PARAMETER" ><I @@ -1584,7 +1557,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LARGEREADWRITE" +HREF="r1.html#LARGEREADWRITE" ><TT CLASS="PARAMETER" ><I @@ -1596,7 +1569,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LDAPADMINDN" +HREF="r1.html#LDAPADMINDN" ><TT CLASS="PARAMETER" ><I @@ -1608,7 +1581,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LDAPFILTER" +HREF="r1.html#LDAPFILTER" ><TT CLASS="PARAMETER" ><I @@ -1620,7 +1593,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LDAPSSL" +HREF="r1.html#LDAPSSL" ><TT CLASS="PARAMETER" ><I @@ -1632,7 +1605,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LDAPSUFFIX" +HREF="r1.html#LDAPSUFFIX" ><TT CLASS="PARAMETER" ><I @@ -1644,11 +1617,11 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LDAPUSERSUFFIX" +HREF="r1.html#LDAPUSERSUFFIX" ><TT CLASS="PARAMETER" ><I ->ldap suffix</I +>ldap user suffix</I ></TT ></A ></P @@ -1656,11 +1629,23 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LDAPMACHINESUFFIX" +HREF="r1.html#LDAPMACHINESUFFIX" ><TT CLASS="PARAMETER" ><I ->ldap suffix</I +>ldap machine suffix</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="r1.html#LDAPPASSWDSYNC" +><TT +CLASS="PARAMETER" +><I +>ldap passwd sync</I ></TT ></A ></P @@ -1668,7 +1653,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LMANNOUNCE" +HREF="r1.html#LMANNOUNCE" ><TT CLASS="PARAMETER" ><I @@ -1680,7 +1665,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LMINTERVAL" +HREF="r1.html#LMINTERVAL" ><TT CLASS="PARAMETER" ><I @@ -1692,7 +1677,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOADPRINTERS" +HREF="r1.html#LOADPRINTERS" ><TT CLASS="PARAMETER" ><I @@ -1704,7 +1689,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOCALMASTER" +HREF="r1.html#LOCALMASTER" ><TT CLASS="PARAMETER" ><I @@ -1716,7 +1701,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOCKDIR" +HREF="r1.html#LOCKDIR" ><TT CLASS="PARAMETER" ><I @@ -1728,7 +1713,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOCKDIRECTORY" +HREF="r1.html#LOCKDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -1740,7 +1725,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOCKSPINCOUNT" +HREF="r1.html#LOCKSPINCOUNT" ><TT CLASS="PARAMETER" ><I @@ -1752,7 +1737,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOCKSPINTIME" +HREF="r1.html#LOCKSPINTIME" ><TT CLASS="PARAMETER" ><I @@ -1764,7 +1749,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PIDDIRECTORY" +HREF="r1.html#PIDDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -1776,7 +1761,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOGFILE" +HREF="r1.html#LOGFILE" ><TT CLASS="PARAMETER" ><I @@ -1788,7 +1773,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOGLEVEL" +HREF="r1.html#LOGLEVEL" ><TT CLASS="PARAMETER" ><I @@ -1800,7 +1785,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOGONDRIVE" +HREF="r1.html#LOGONDRIVE" ><TT CLASS="PARAMETER" ><I @@ -1812,7 +1797,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOGONHOME" +HREF="r1.html#LOGONHOME" ><TT CLASS="PARAMETER" ><I @@ -1824,7 +1809,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOGONPATH" +HREF="r1.html#LOGONPATH" ><TT CLASS="PARAMETER" ><I @@ -1836,7 +1821,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOGONSCRIPT" +HREF="r1.html#LOGONSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -1848,7 +1833,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LPQCACHETIME" +HREF="r1.html#LPQCACHETIME" ><TT CLASS="PARAMETER" ><I @@ -1860,7 +1845,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MACHINEPASSWORDTIMEOUT" +HREF="r1.html#MACHINEPASSWORDTIMEOUT" ><TT CLASS="PARAMETER" ><I @@ -1872,7 +1857,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MANGLEDSTACK" +HREF="r1.html#MANGLEDSTACK" ><TT CLASS="PARAMETER" ><I @@ -1884,7 +1869,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAPTOGUEST" +HREF="r1.html#MAPTOGUEST" ><TT CLASS="PARAMETER" ><I @@ -1896,7 +1881,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXDISKSIZE" +HREF="r1.html#MAXDISKSIZE" ><TT CLASS="PARAMETER" ><I @@ -1908,7 +1893,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXLOGSIZE" +HREF="r1.html#MAXLOGSIZE" ><TT CLASS="PARAMETER" ><I @@ -1920,7 +1905,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXMUX" +HREF="r1.html#MAXMUX" ><TT CLASS="PARAMETER" ><I @@ -1932,7 +1917,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXOPENFILES" +HREF="r1.html#MAXOPENFILES" ><TT CLASS="PARAMETER" ><I @@ -1944,7 +1929,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXPROTOCOL" +HREF="r1.html#MAXPROTOCOL" ><TT CLASS="PARAMETER" ><I @@ -1956,7 +1941,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXSMBDPROCESSES" +HREF="r1.html#MAXSMBDPROCESSES" ><TT CLASS="PARAMETER" ><I @@ -1968,7 +1953,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXTTL" +HREF="r1.html#MAXTTL" ><TT CLASS="PARAMETER" ><I @@ -1980,7 +1965,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXWINSTTL" +HREF="r1.html#MAXWINSTTL" ><TT CLASS="PARAMETER" ><I @@ -1992,7 +1977,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXXMIT" +HREF="r1.html#MAXXMIT" ><TT CLASS="PARAMETER" ><I @@ -2004,7 +1989,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MESSAGECOMMAND" +HREF="r1.html#MESSAGECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -2016,7 +2001,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MINPASSWDLENGTH" +HREF="r1.html#MINPASSWDLENGTH" ><TT CLASS="PARAMETER" ><I @@ -2028,7 +2013,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MINPASSWORDLENGTH" +HREF="r1.html#MINPASSWORDLENGTH" ><TT CLASS="PARAMETER" ><I @@ -2040,7 +2025,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MINPROTOCOL" +HREF="r1.html#MINPROTOCOL" ><TT CLASS="PARAMETER" ><I @@ -2052,7 +2037,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MINWINSTTL" +HREF="r1.html#MINWINSTTL" ><TT CLASS="PARAMETER" ><I @@ -2064,7 +2049,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NAMECACHETIMEOUT" +HREF="r1.html#NAMECACHETIMEOUT" ><TT CLASS="PARAMETER" ><I @@ -2076,7 +2061,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NAMERESOLVEORDER" +HREF="r1.html#NAMERESOLVEORDER" ><TT CLASS="PARAMETER" ><I @@ -2088,7 +2073,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NETBIOSALIASES" +HREF="r1.html#NETBIOSALIASES" ><TT CLASS="PARAMETER" ><I @@ -2100,7 +2085,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NETBIOSNAME" +HREF="r1.html#NETBIOSNAME" ><TT CLASS="PARAMETER" ><I @@ -2112,7 +2097,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NETBIOSSCOPE" +HREF="r1.html#NETBIOSSCOPE" ><TT CLASS="PARAMETER" ><I @@ -2124,7 +2109,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NISHOMEDIR" +HREF="r1.html#NISHOMEDIR" ><TT CLASS="PARAMETER" ><I @@ -2136,7 +2121,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NTLMAUTH" +HREF="r1.html#NTLMAUTH" ><TT CLASS="PARAMETER" ><I @@ -2148,7 +2133,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NONUNIXACCOUNTRANGE" +HREF="r1.html#NONUNIXACCOUNTRANGE" ><TT CLASS="PARAMETER" ><I @@ -2160,7 +2145,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NTPIPESUPPORT" +HREF="r1.html#NTPIPESUPPORT" ><TT CLASS="PARAMETER" ><I @@ -2172,7 +2157,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NTSTATUSSUPPORT" +HREF="r1.html#NTSTATUSSUPPORT" ><TT CLASS="PARAMETER" ><I @@ -2184,7 +2169,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NULLPASSWORDS" +HREF="r1.html#NULLPASSWORDS" ><TT CLASS="PARAMETER" ><I @@ -2196,7 +2181,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#OBEYPAMRESTRICTIONS" +HREF="r1.html#OBEYPAMRESTRICTIONS" ><TT CLASS="PARAMETER" ><I @@ -2208,7 +2193,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#OPLOCKBREAKWAITTIME" +HREF="r1.html#OPLOCKBREAKWAITTIME" ><TT CLASS="PARAMETER" ><I @@ -2220,7 +2205,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#OSLEVEL" +HREF="r1.html#OSLEVEL" ><TT CLASS="PARAMETER" ><I @@ -2232,7 +2217,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#OS2DRIVERMAP" +HREF="r1.html#OS2DRIVERMAP" ><TT CLASS="PARAMETER" ><I @@ -2244,7 +2229,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PAMPASSWORDCHANGE" +HREF="r1.html#PAMPASSWORDCHANGE" ><TT CLASS="PARAMETER" ><I @@ -2256,7 +2241,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PANICACTION" +HREF="r1.html#PANICACTION" ><TT CLASS="PARAMETER" ><I @@ -2268,7 +2253,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PARANOIDSERVERSECURITY" +HREF="r1.html#PARANOIDSERVERSECURITY" ><TT CLASS="PARAMETER" ><I @@ -2280,7 +2265,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PASSDBBACKEND" +HREF="r1.html#PASSDBBACKEND" ><TT CLASS="PARAMETER" ><I @@ -2292,7 +2277,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PASSWDCHAT" +HREF="r1.html#PASSWDCHAT" ><TT CLASS="PARAMETER" ><I @@ -2304,7 +2289,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PASSWDCHATDEBUG" +HREF="r1.html#PASSWDCHATDEBUG" ><TT CLASS="PARAMETER" ><I @@ -2316,7 +2301,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PASSWDPROGRAM" +HREF="r1.html#PASSWDPROGRAM" ><TT CLASS="PARAMETER" ><I @@ -2328,7 +2313,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PASSWORDLEVEL" +HREF="r1.html#PASSWORDLEVEL" ><TT CLASS="PARAMETER" ><I @@ -2340,7 +2325,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PASSWORDSERVER" +HREF="r1.html#PASSWORDSERVER" ><TT CLASS="PARAMETER" ><I @@ -2352,7 +2337,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PREFEREDMASTER" +HREF="r1.html#PREFEREDMASTER" ><TT CLASS="PARAMETER" ><I @@ -2364,7 +2349,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PREFERREDMASTER" +HREF="r1.html#PREFERREDMASTER" ><TT CLASS="PARAMETER" ><I @@ -2376,7 +2361,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRELOAD" +HREF="r1.html#PRELOAD" ><TT CLASS="PARAMETER" ><I @@ -2388,7 +2373,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTCAP" +HREF="r1.html#PRINTCAP" ><TT CLASS="PARAMETER" ><I @@ -2400,7 +2385,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTCAPNAME" +HREF="r1.html#PRINTCAPNAME" ><TT CLASS="PARAMETER" ><I @@ -2412,7 +2397,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTERDRIVERFILE" +HREF="r1.html#PRINTERDRIVERFILE" ><TT CLASS="PARAMETER" ><I @@ -2424,7 +2409,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRIVATEDIR" +HREF="r1.html#PRIVATEDIR" ><TT CLASS="PARAMETER" ><I @@ -2436,7 +2421,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PROTOCOL" +HREF="r1.html#PROTOCOL" ><TT CLASS="PARAMETER" ><I @@ -2448,7 +2433,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#READBMPX" +HREF="r1.html#READBMPX" ><TT CLASS="PARAMETER" ><I @@ -2460,7 +2445,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#READRAW" +HREF="r1.html#READRAW" ><TT CLASS="PARAMETER" ><I @@ -2472,7 +2457,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#READSIZE" +HREF="r1.html#READSIZE" ><TT CLASS="PARAMETER" ><I @@ -2484,7 +2469,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#REALM" +HREF="r1.html#REALM" ><TT CLASS="PARAMETER" ><I @@ -2496,7 +2481,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#REMOTEANNOUNCE" +HREF="r1.html#REMOTEANNOUNCE" ><TT CLASS="PARAMETER" ><I @@ -2508,7 +2493,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#REMOTEBROWSESYNC" +HREF="r1.html#REMOTEBROWSESYNC" ><TT CLASS="PARAMETER" ><I @@ -2520,7 +2505,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#RESTRICTANONYMOUS" +HREF="r1.html#RESTRICTANONYMOUS" ><TT CLASS="PARAMETER" ><I @@ -2532,7 +2517,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ROOT" +HREF="r1.html#ROOT" ><TT CLASS="PARAMETER" ><I @@ -2544,7 +2529,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ROOTDIR" +HREF="r1.html#ROOTDIR" ><TT CLASS="PARAMETER" ><I @@ -2556,7 +2541,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ROOTDIRECTORY" +HREF="r1.html#ROOTDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -2568,7 +2553,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" ><TT CLASS="PARAMETER" ><I @@ -2580,7 +2565,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SERVERSTRING" +HREF="r1.html#SERVERSTRING" ><TT CLASS="PARAMETER" ><I @@ -2592,7 +2577,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SHOWADDPRINTERWIZARD" +HREF="r1.html#SHOWADDPRINTERWIZARD" ><TT CLASS="PARAMETER" ><I @@ -2604,7 +2589,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SHUTDOWNSCRIPT" +HREF="r1.html#SHUTDOWNSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -2616,7 +2601,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SMBPASSWDFILE" +HREF="r1.html#SMBPASSWDFILE" ><TT CLASS="PARAMETER" ><I @@ -2628,7 +2613,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SMBPORTS" +HREF="r1.html#SMBPORTS" ><TT CLASS="PARAMETER" ><I @@ -2640,7 +2625,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SOCKETADDRESS" +HREF="r1.html#SOCKETADDRESS" ><TT CLASS="PARAMETER" ><I @@ -2652,7 +2637,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SOCKETOPTIONS" +HREF="r1.html#SOCKETOPTIONS" ><TT CLASS="PARAMETER" ><I @@ -2664,7 +2649,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SOURCEENVIRONMENT" +HREF="r1.html#SOURCEENVIRONMENT" ><TT CLASS="PARAMETER" ><I @@ -2676,7 +2661,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SPNEGO" +HREF="r1.html#SPNEGO" ><TT CLASS="PARAMETER" ><I @@ -2688,7 +2673,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#STATCACHE" +HREF="r1.html#STATCACHE" ><TT CLASS="PARAMETER" ><I @@ -2700,7 +2685,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#STATCACHESIZE" +HREF="r1.html#STATCACHESIZE" ><TT CLASS="PARAMETER" ><I @@ -2712,7 +2697,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#STRIPDOT" +HREF="r1.html#STRIPDOT" ><TT CLASS="PARAMETER" ><I @@ -2724,7 +2709,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SYSLOG" +HREF="r1.html#SYSLOG" ><TT CLASS="PARAMETER" ><I @@ -2736,7 +2721,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SYSLOGONLY" +HREF="r1.html#SYSLOGONLY" ><TT CLASS="PARAMETER" ><I @@ -2748,7 +2733,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#TEMPLATEHOMEDIR" +HREF="r1.html#TEMPLATEHOMEDIR" ><TT CLASS="PARAMETER" ><I @@ -2760,7 +2745,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#TEMPLATESHELL" +HREF="r1.html#TEMPLATESHELL" ><TT CLASS="PARAMETER" ><I @@ -2772,7 +2757,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#TIMEOFFSET" +HREF="r1.html#TIMEOFFSET" ><TT CLASS="PARAMETER" ><I @@ -2784,7 +2769,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#TIMESERVER" +HREF="r1.html#TIMESERVER" ><TT CLASS="PARAMETER" ><I @@ -2796,7 +2781,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#TIMESTAMPLOGS" +HREF="r1.html#TIMESTAMPLOGS" ><TT CLASS="PARAMETER" ><I @@ -2808,7 +2793,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#TOTALPRINTJOBS" +HREF="r1.html#TOTALPRINTJOBS" ><TT CLASS="PARAMETER" ><I @@ -2820,7 +2805,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#UNICODE" +HREF="r1.html#UNICODE" ><TT CLASS="PARAMETER" ><I @@ -2832,7 +2817,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#UNIXCHARSET" +HREF="r1.html#UNIXCHARSET" ><TT CLASS="PARAMETER" ><I @@ -2844,7 +2829,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#UNIXEXTENSIONS" +HREF="r1.html#UNIXEXTENSIONS" ><TT CLASS="PARAMETER" ><I @@ -2856,7 +2841,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#UNIXPASSWORDSYNC" +HREF="r1.html#UNIXPASSWORDSYNC" ><TT CLASS="PARAMETER" ><I @@ -2868,7 +2853,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#UPDATEENCRYPTED" +HREF="r1.html#UPDATEENCRYPTED" ><TT CLASS="PARAMETER" ><I @@ -2880,7 +2865,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#USEMMAP" +HREF="r1.html#USEMMAP" ><TT CLASS="PARAMETER" ><I @@ -2892,7 +2877,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#USERHOSTS" +HREF="r1.html#USERHOSTS" ><TT CLASS="PARAMETER" ><I @@ -2904,7 +2889,19 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#USERNAMELEVEL" +HREF="r1.html#USESENDFILE" +><TT +CLASS="PARAMETER" +><I +>use sendfile</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="r1.html#USERNAMELEVEL" ><TT CLASS="PARAMETER" ><I @@ -2916,7 +2913,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#USERNAMEMAP" +HREF="r1.html#USERNAMEMAP" ><TT CLASS="PARAMETER" ><I @@ -2928,7 +2925,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#UTMP" +HREF="r1.html#UTMP" ><TT CLASS="PARAMETER" ><I @@ -2940,7 +2937,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#UTMPDIRECTORY" +HREF="r1.html#UTMPDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -2952,7 +2949,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WTMPDIRECTORY" +HREF="r1.html#WTMPDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -2964,7 +2961,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINBINDCACHETIME" +HREF="r1.html#WINBINDCACHETIME" ><TT CLASS="PARAMETER" ><I @@ -2976,7 +2973,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINBINDENUMUSERS" +HREF="r1.html#WINBINDENUMUSERS" ><TT CLASS="PARAMETER" ><I @@ -2988,7 +2985,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINBINDENUMGROUPS" +HREF="r1.html#WINBINDENUMGROUPS" ><TT CLASS="PARAMETER" ><I @@ -3000,7 +2997,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINBINDGID" +HREF="r1.html#WINBINDGID" ><TT CLASS="PARAMETER" ><I @@ -3012,7 +3009,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINBINDSEPARATOR" +HREF="r1.html#WINBINDSEPARATOR" ><TT CLASS="PARAMETER" ><I @@ -3024,7 +3021,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINBINDUID" +HREF="r1.html#WINBINDUID" ><TT CLASS="PARAMETER" ><I @@ -3036,7 +3033,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINBINDUSEDEFAULTDOMAIN" +HREF="r1.html#WINBINDUSEDEFAULTDOMAIN" ><TT CLASS="PARAMETER" ><I @@ -3048,7 +3045,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINSHOOK" +HREF="r1.html#WINSHOOK" ><TT CLASS="PARAMETER" ><I @@ -3060,7 +3057,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINSPARTNERS" +HREF="r1.html#WINSPARTNERS" ><TT CLASS="PARAMETER" ><I @@ -3072,7 +3069,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINSPROXY" +HREF="r1.html#WINSPROXY" ><TT CLASS="PARAMETER" ><I @@ -3084,7 +3081,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINSSERVER" +HREF="r1.html#WINSSERVER" ><TT CLASS="PARAMETER" ><I @@ -3096,7 +3093,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WINSSUPPORT" +HREF="r1.html#WINSSUPPORT" ><TT CLASS="PARAMETER" ><I @@ -3108,7 +3105,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WORKGROUP" +HREF="r1.html#WORKGROUP" ><TT CLASS="PARAMETER" ><I @@ -3120,7 +3117,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WRITERAW" +HREF="r1.html#WRITERAW" ><TT CLASS="PARAMETER" ><I @@ -3134,7 +3131,7 @@ CLASS="PARAMETER" ><DIV CLASS="REFSECT1" ><A -NAME="AEN1003" +NAME="AEN1007" ></A ><H2 >COMPLETE LIST OF SERVICE PARAMETERS</H2 @@ -3147,7 +3144,7 @@ NAME="AEN1003" ><LI ><P ><A -HREF="index.html#ADMINUSERS" +HREF="r1.html#ADMINUSERS" ><TT CLASS="PARAMETER" ><I @@ -3159,7 +3156,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ALLOWHOSTS" +HREF="r1.html#ALLOWHOSTS" ><TT CLASS="PARAMETER" ><I @@ -3171,7 +3168,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#AVAILABLE" +HREF="r1.html#AVAILABLE" ><TT CLASS="PARAMETER" ><I @@ -3183,7 +3180,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#BLOCKINGLOCKS" +HREF="r1.html#BLOCKINGLOCKS" ><TT CLASS="PARAMETER" ><I @@ -3195,7 +3192,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#BLOCKSIZE" +HREF="r1.html#BLOCKSIZE" ><TT CLASS="PARAMETER" ><I @@ -3207,7 +3204,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#BROWSABLE" +HREF="r1.html#BROWSABLE" ><TT CLASS="PARAMETER" ><I @@ -3219,7 +3216,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#BROWSEABLE" +HREF="r1.html#BROWSEABLE" ><TT CLASS="PARAMETER" ><I @@ -3231,7 +3228,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#CASESENSITIVE" +HREF="r1.html#CASESENSITIVE" ><TT CLASS="PARAMETER" ><I @@ -3243,7 +3240,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#CASESIGNAMES" +HREF="r1.html#CASESIGNAMES" ><TT CLASS="PARAMETER" ><I @@ -3255,7 +3252,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#COMMENT" +HREF="r1.html#COMMENT" ><TT CLASS="PARAMETER" ><I @@ -3267,7 +3264,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#COPY" +HREF="r1.html#COPY" ><TT CLASS="PARAMETER" ><I @@ -3279,7 +3276,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#CREATEMASK" +HREF="r1.html#CREATEMASK" ><TT CLASS="PARAMETER" ><I @@ -3291,7 +3288,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#CREATEMODE" +HREF="r1.html#CREATEMODE" ><TT CLASS="PARAMETER" ><I @@ -3303,7 +3300,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#CSCPOLICY" +HREF="r1.html#CSCPOLICY" ><TT CLASS="PARAMETER" ><I @@ -3315,7 +3312,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEFAULTCASE" +HREF="r1.html#DEFAULTCASE" ><TT CLASS="PARAMETER" ><I @@ -3327,7 +3324,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DEFAULTDEVMODE" +HREF="r1.html#DEFAULTDEVMODE" ><TT CLASS="PARAMETER" ><I @@ -3339,7 +3336,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DELETEREADONLY" +HREF="r1.html#DELETEREADONLY" ><TT CLASS="PARAMETER" ><I @@ -3351,7 +3348,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DELETEVETOFILES" +HREF="r1.html#DELETEVETOFILES" ><TT CLASS="PARAMETER" ><I @@ -3363,7 +3360,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DENYHOSTS" +HREF="r1.html#DENYHOSTS" ><TT CLASS="PARAMETER" ><I @@ -3375,7 +3372,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DIRECTORY" +HREF="r1.html#DIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -3387,7 +3384,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DIRECTORYMASK" +HREF="r1.html#DIRECTORYMASK" ><TT CLASS="PARAMETER" ><I @@ -3399,7 +3396,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DIRECTORYMODE" +HREF="r1.html#DIRECTORYMODE" ><TT CLASS="PARAMETER" ><I @@ -3411,7 +3408,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DIRECTORYSECURITYMASK" +HREF="r1.html#DIRECTORYSECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -3423,7 +3420,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DONTDESCEND" +HREF="r1.html#DONTDESCEND" ><TT CLASS="PARAMETER" ><I @@ -3435,7 +3432,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DOSFILEMODE" +HREF="r1.html#DOSFILEMODE" ><TT CLASS="PARAMETER" ><I @@ -3447,7 +3444,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DOSFILETIMERESOLUTION" +HREF="r1.html#DOSFILETIMERESOLUTION" ><TT CLASS="PARAMETER" ><I @@ -3459,7 +3456,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#DOSFILETIMES" +HREF="r1.html#DOSFILETIMES" ><TT CLASS="PARAMETER" ><I @@ -3471,7 +3468,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#EXEC" +HREF="r1.html#EXEC" ><TT CLASS="PARAMETER" ><I @@ -3483,7 +3480,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FAKEDIRECTORYCREATETIMES" +HREF="r1.html#FAKEDIRECTORYCREATETIMES" ><TT CLASS="PARAMETER" ><I @@ -3495,7 +3492,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FAKEOPLOCKS" +HREF="r1.html#FAKEOPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -3507,7 +3504,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FOLLOWSYMLINKS" +HREF="r1.html#FOLLOWSYMLINKS" ><TT CLASS="PARAMETER" ><I @@ -3519,7 +3516,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FORCECREATEMODE" +HREF="r1.html#FORCECREATEMODE" ><TT CLASS="PARAMETER" ><I @@ -3531,7 +3528,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FORCEDIRECTORYMODE" +HREF="r1.html#FORCEDIRECTORYMODE" ><TT CLASS="PARAMETER" ><I @@ -3543,7 +3540,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FORCEDIRECTORYSECURITYMODE" +HREF="r1.html#FORCEDIRECTORYSECURITYMODE" ><TT CLASS="PARAMETER" ><I @@ -3555,7 +3552,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FORCEGROUP" +HREF="r1.html#FORCEGROUP" ><TT CLASS="PARAMETER" ><I @@ -3567,7 +3564,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FORCESECURITYMODE" +HREF="r1.html#FORCESECURITYMODE" ><TT CLASS="PARAMETER" ><I @@ -3579,7 +3576,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FORCEUSER" +HREF="r1.html#FORCEUSER" ><TT CLASS="PARAMETER" ><I @@ -3591,7 +3588,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#FSTYPE" +HREF="r1.html#FSTYPE" ><TT CLASS="PARAMETER" ><I @@ -3603,7 +3600,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#GROUP" +HREF="r1.html#GROUP" ><TT CLASS="PARAMETER" ><I @@ -3615,7 +3612,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" ><TT CLASS="PARAMETER" ><I @@ -3627,7 +3624,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#GUESTOK" +HREF="r1.html#GUESTOK" ><TT CLASS="PARAMETER" ><I @@ -3639,7 +3636,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#GUESTONLY" +HREF="r1.html#GUESTONLY" ><TT CLASS="PARAMETER" ><I @@ -3651,7 +3648,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HIDEDOTFILES" +HREF="r1.html#HIDEDOTFILES" ><TT CLASS="PARAMETER" ><I @@ -3663,7 +3660,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HIDEFILES" +HREF="r1.html#HIDEFILES" ><TT CLASS="PARAMETER" ><I @@ -3675,7 +3672,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HOSTSALLOW" +HREF="r1.html#HOSTSALLOW" ><TT CLASS="PARAMETER" ><I @@ -3687,7 +3684,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#HOSTSDENY" +HREF="r1.html#HOSTSDENY" ><TT CLASS="PARAMETER" ><I @@ -3699,7 +3696,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#INCLUDE" +HREF="r1.html#INCLUDE" ><TT CLASS="PARAMETER" ><I @@ -3711,7 +3708,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#INHERITACLS" +HREF="r1.html#INHERITACLS" ><TT CLASS="PARAMETER" ><I @@ -3723,7 +3720,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#INHERITPERMISSIONS" +HREF="r1.html#INHERITPERMISSIONS" ><TT CLASS="PARAMETER" ><I @@ -3735,7 +3732,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#INVALIDUSERS" +HREF="r1.html#INVALIDUSERS" ><TT CLASS="PARAMETER" ><I @@ -3747,7 +3744,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LEVEL2OPLOCKS" +HREF="r1.html#LEVEL2OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -3759,7 +3756,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LOCKING" +HREF="r1.html#LOCKING" ><TT CLASS="PARAMETER" ><I @@ -3771,7 +3768,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LPPAUSECOMMAND" +HREF="r1.html#LPPAUSECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -3783,7 +3780,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LPQCOMMAND" +HREF="r1.html#LPQCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -3795,7 +3792,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LPRESUMECOMMAND" +HREF="r1.html#LPRESUMECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -3807,7 +3804,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#LPRMCOMMAND" +HREF="r1.html#LPRMCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -3819,7 +3816,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAGICOUTPUT" +HREF="r1.html#MAGICOUTPUT" ><TT CLASS="PARAMETER" ><I @@ -3831,7 +3828,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAGICSCRIPT" +HREF="r1.html#MAGICSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -3843,7 +3840,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MANGLECASE" +HREF="r1.html#MANGLECASE" ><TT CLASS="PARAMETER" ><I @@ -3855,7 +3852,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MANGLEDMAP" +HREF="r1.html#MANGLEDMAP" ><TT CLASS="PARAMETER" ><I @@ -3867,7 +3864,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MANGLEDNAMES" +HREF="r1.html#MANGLEDNAMES" ><TT CLASS="PARAMETER" ><I @@ -3879,7 +3876,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MANGLINGCHAR" +HREF="r1.html#MANGLINGCHAR" ><TT CLASS="PARAMETER" ><I @@ -3891,7 +3888,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MANGLINGMETHOD" +HREF="r1.html#MANGLINGMETHOD" ><TT CLASS="PARAMETER" ><I @@ -3903,7 +3900,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAPARCHIVE" +HREF="r1.html#MAPARCHIVE" ><TT CLASS="PARAMETER" ><I @@ -3915,7 +3912,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAPHIDDEN" +HREF="r1.html#MAPHIDDEN" ><TT CLASS="PARAMETER" ><I @@ -3927,7 +3924,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAPSYSTEM" +HREF="r1.html#MAPSYSTEM" ><TT CLASS="PARAMETER" ><I @@ -3939,7 +3936,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXCONNECTIONS" +HREF="r1.html#MAXCONNECTIONS" ><TT CLASS="PARAMETER" ><I @@ -3951,7 +3948,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MAXPRINTJOBS" +HREF="r1.html#MAXPRINTJOBS" ><TT CLASS="PARAMETER" ><I @@ -3963,7 +3960,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MINPRINTSPACE" +HREF="r1.html#MINPRINTSPACE" ><TT CLASS="PARAMETER" ><I @@ -3975,7 +3972,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#MSDFSROOT" +HREF="r1.html#MSDFSROOT" ><TT CLASS="PARAMETER" ><I @@ -3987,7 +3984,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#NTACLSUPPORT" +HREF="r1.html#NTACLSUPPORT" ><TT CLASS="PARAMETER" ><I @@ -3999,7 +3996,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ONLYGUEST" +HREF="r1.html#ONLYGUEST" ><TT CLASS="PARAMETER" ><I @@ -4011,7 +4008,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ONLYUSER" +HREF="r1.html#ONLYUSER" ><TT CLASS="PARAMETER" ><I @@ -4023,7 +4020,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#OPLOCKCONTENTIONLIMIT" +HREF="r1.html#OPLOCKCONTENTIONLIMIT" ><TT CLASS="PARAMETER" ><I @@ -4035,7 +4032,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#OPLOCKS" +HREF="r1.html#OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -4047,7 +4044,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PATH" +HREF="r1.html#PATH" ><TT CLASS="PARAMETER" ><I @@ -4059,7 +4056,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#POSIXLOCKING" +HREF="r1.html#POSIXLOCKING" ><TT CLASS="PARAMETER" ><I @@ -4071,7 +4068,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#POSTEXEC" +HREF="r1.html#POSTEXEC" ><TT CLASS="PARAMETER" ><I @@ -4083,7 +4080,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#POSTSCRIPT" +HREF="r1.html#POSTSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -4095,7 +4092,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PREEXEC" +HREF="r1.html#PREEXEC" ><TT CLASS="PARAMETER" ><I @@ -4107,7 +4104,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PREEXECCLOSE" +HREF="r1.html#PREEXECCLOSE" ><TT CLASS="PARAMETER" ><I @@ -4119,7 +4116,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRESERVECASE" +HREF="r1.html#PRESERVECASE" ><TT CLASS="PARAMETER" ><I @@ -4131,7 +4128,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTCOMMAND" +HREF="r1.html#PRINTCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -4143,7 +4140,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTOK" +HREF="r1.html#PRINTOK" ><TT CLASS="PARAMETER" ><I @@ -4155,7 +4152,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTABLE" +HREF="r1.html#PRINTABLE" ><TT CLASS="PARAMETER" ><I @@ -4167,7 +4164,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTER" +HREF="r1.html#PRINTER" ><TT CLASS="PARAMETER" ><I @@ -4179,7 +4176,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTERADMIN" +HREF="r1.html#PRINTERADMIN" ><TT CLASS="PARAMETER" ><I @@ -4191,7 +4188,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTERDRIVER" +HREF="r1.html#PRINTERDRIVER" ><TT CLASS="PARAMETER" ><I @@ -4203,7 +4200,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTERDRIVERLOCATION" +HREF="r1.html#PRINTERDRIVERLOCATION" ><TT CLASS="PARAMETER" ><I @@ -4215,7 +4212,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTERNAME" +HREF="r1.html#PRINTERNAME" ><TT CLASS="PARAMETER" ><I @@ -4227,7 +4224,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -4239,7 +4236,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#PUBLIC" +HREF="r1.html#PUBLIC" ><TT CLASS="PARAMETER" ><I @@ -4251,7 +4248,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#QUEUEPAUSECOMMAND" +HREF="r1.html#QUEUEPAUSECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -4263,7 +4260,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#QUEUERESUMECOMMAND" +HREF="r1.html#QUEUERESUMECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -4275,7 +4272,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#READLIST" +HREF="r1.html#READLIST" ><TT CLASS="PARAMETER" ><I @@ -4287,7 +4284,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#READONLY" +HREF="r1.html#READONLY" ><TT CLASS="PARAMETER" ><I @@ -4299,7 +4296,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ROOTPOSTEXEC" +HREF="r1.html#ROOTPOSTEXEC" ><TT CLASS="PARAMETER" ><I @@ -4311,7 +4308,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ROOTPREEXEC" +HREF="r1.html#ROOTPREEXEC" ><TT CLASS="PARAMETER" ><I @@ -4323,7 +4320,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#ROOTPREEXECCLOSE" +HREF="r1.html#ROOTPREEXECCLOSE" ><TT CLASS="PARAMETER" ><I @@ -4335,7 +4332,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SECURITYMASK" +HREF="r1.html#SECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -4347,7 +4344,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SETDIRECTORY" +HREF="r1.html#SETDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -4359,7 +4356,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SHAREMODES" +HREF="r1.html#SHAREMODES" ><TT CLASS="PARAMETER" ><I @@ -4371,7 +4368,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SHORTPRESERVECASE" +HREF="r1.html#SHORTPRESERVECASE" ><TT CLASS="PARAMETER" ><I @@ -4383,19 +4380,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#STATUS" -><TT -CLASS="PARAMETER" -><I ->status</I -></TT -></A -></P -></LI -><LI -><P -><A -HREF="index.html#STRICTALLOCATE" +HREF="r1.html#STRICTALLOCATE" ><TT CLASS="PARAMETER" ><I @@ -4407,7 +4392,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#STRICTLOCKING" +HREF="r1.html#STRICTLOCKING" ><TT CLASS="PARAMETER" ><I @@ -4419,7 +4404,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#STRICTSYNC" +HREF="r1.html#STRICTSYNC" ><TT CLASS="PARAMETER" ><I @@ -4431,7 +4416,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#SYNCALWAYS" +HREF="r1.html#SYNCALWAYS" ><TT CLASS="PARAMETER" ><I @@ -4443,7 +4428,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#USECLIENTDRIVER" +HREF="r1.html#USECLIENTDRIVER" ><TT CLASS="PARAMETER" ><I @@ -4455,7 +4440,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#USER" +HREF="r1.html#USER" ><TT CLASS="PARAMETER" ><I @@ -4467,7 +4452,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#USERNAME" +HREF="r1.html#USERNAME" ><TT CLASS="PARAMETER" ><I @@ -4479,7 +4464,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#USERS" +HREF="r1.html#USERS" ><TT CLASS="PARAMETER" ><I @@ -4491,7 +4476,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#VALIDUSERS" +HREF="r1.html#VALIDUSERS" ><TT CLASS="PARAMETER" ><I @@ -4503,7 +4488,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#VETOFILES" +HREF="r1.html#VETOFILES" ><TT CLASS="PARAMETER" ><I @@ -4515,7 +4500,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#VETOOPLOCKFILES" +HREF="r1.html#VETOOPLOCKFILES" ><TT CLASS="PARAMETER" ><I @@ -4527,7 +4512,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#VFSPATH" +HREF="r1.html#VFSPATH" ><TT CLASS="PARAMETER" ><I @@ -4539,7 +4524,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#VFSOBJECT" +HREF="r1.html#VFSOBJECT" ><TT CLASS="PARAMETER" ><I @@ -4551,7 +4536,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#VFSOPTIONS" +HREF="r1.html#VFSOPTIONS" ><TT CLASS="PARAMETER" ><I @@ -4563,7 +4548,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#VOLUME" +HREF="r1.html#VOLUME" ><TT CLASS="PARAMETER" ><I @@ -4575,7 +4560,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WIDELINKS" +HREF="r1.html#WIDELINKS" ><TT CLASS="PARAMETER" ><I @@ -4587,7 +4572,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WRITABLE" +HREF="r1.html#WRITABLE" ><TT CLASS="PARAMETER" ><I @@ -4599,7 +4584,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WRITECACHESIZE" +HREF="r1.html#WRITECACHESIZE" ><TT CLASS="PARAMETER" ><I @@ -4611,7 +4596,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WRITELIST" +HREF="r1.html#WRITELIST" ><TT CLASS="PARAMETER" ><I @@ -4623,7 +4608,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WRITEOK" +HREF="r1.html#WRITEOK" ><TT CLASS="PARAMETER" ><I @@ -4635,7 +4620,7 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="index.html#WRITEABLE" +HREF="r1.html#WRITEABLE" ><TT CLASS="PARAMETER" ><I @@ -4665,12 +4650,9 @@ NAME="ABORTSHUTDOWNSCRIPT" >abort shutdown script (G)</DT ><DD ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >This parameter only exists in the HEAD cvs branch</I -></SPAN > This a full path name to a script called by <A @@ -4682,7 +4664,7 @@ CLASS="COMMAND" ></A > that should stop a shutdown procedure issued by the <A -HREF="index.html#SHUTDOWNSCRIPT" +HREF="r1.html#SHUTDOWNSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -4693,12 +4675,9 @@ CLASS="PARAMETER" ><P >This command will be run as user.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >None</I -></SPAN >.</P ><P >Example: <B @@ -4838,7 +4817,7 @@ CLASS="COMMAND" > will return an ACCESS_DENIED error to the client.</P ><P >See also <A -HREF="index.html#DELETEPRINTERCOMMAND" +HREF="r1.html#DELETEPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -4846,7 +4825,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -4855,7 +4834,7 @@ CLASS="PARAMETER" ></A >, <A -HREF="index.html#SHOWADDPRINTERWIZARD" +HREF="r1.html#SHOWADDPRINTERWIZARD" ><TT CLASS="PARAMETER" ><I @@ -4865,12 +4844,9 @@ CLASS="PARAMETER" ></A ></P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none</I -></SPAN ></P ><P >Example: <B @@ -4977,7 +4953,7 @@ CLASS="PARAMETER" ><P > This parameter is only used for add file shares. To add printer shares, see the <A -HREF="index.html#ADDPRINTERCOMMAND" +HREF="r1.html#ADDPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -4989,7 +4965,7 @@ CLASS="PARAMETER" </P ><P > See also <A -HREF="index.html#CHANGESHARECOMMAND" +HREF="r1.html#CHANGESHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -4998,7 +4974,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#DELETESHARECOMMAND" +HREF="r1.html#DELETESHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -5009,12 +4985,9 @@ CLASS="PARAMETER" >. </P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none</I -></SPAN ></P ><P >Example: <B @@ -5043,7 +5016,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->add machine script = <empty string> +>add machine script = <empty string> </B ></P ><P @@ -5083,12 +5056,9 @@ NAME="ADDUSERSCRIPT" ><DD ><P >This is the full pathname to a script that will - be run <SPAN -CLASS="emphasis" -><I + be run <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN > by <A HREF="smbd.8.html" TARGET="_top" @@ -5105,12 +5075,9 @@ HREF="smbd.8.html" TARGET="_top" >smbd</A > to create the required UNIX users - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >ON DEMAND</I -></SPAN > when a user accesses the Samba server.</P ><P >In order to use this option, <A @@ -5118,12 +5085,9 @@ HREF="smbd.8.html" TARGET="_top" >smbd</A > - must <SPAN -CLASS="emphasis" -><I + must <I CLASS="EMPHASIS" >NOT</I -></SPAN > be set to <TT CLASS="PARAMETER" ><I @@ -5172,12 +5136,9 @@ CLASS="PARAMETER" CLASS="COMMAND" >smbd</B > will - call the specified script <SPAN -CLASS="emphasis" -><I + call the specified script <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN >, expanding any <TT CLASS="PARAMETER" @@ -5195,7 +5156,7 @@ CLASS="COMMAND" match existing Windows NT accounts.</P ><P >See also <A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" ><TT CLASS="PARAMETER" ><I @@ -5203,7 +5164,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#PASSWORDSERVER" +HREF="r1.html#PASSWORDSERVER" > <TT CLASS="PARAMETER" ><I @@ -5212,7 +5173,7 @@ CLASS="PARAMETER" ></A >, <A -HREF="index.html#DELETEUSERSCRIPT" +HREF="r1.html#DELETEUSERSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -5224,7 +5185,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->add user script = <empty string> +>add user script = <empty string> </B ></P ><P @@ -5242,22 +5203,27 @@ NAME="ADDGROUPSCRIPT" ><DD ><P >This is the full pathname to a script that will - be run <SPAN -CLASS="emphasis" -><I + be run <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN > by <A HREF="smbd.8.html" TARGET="_top" >smbd(8)</A -> when a new group is requested. It will expand any <TT +> when a new group is + requested. It will expand any + <TT CLASS="PARAMETER" ><I >%g</I ></TT -> to the group name passed. This script is only useful for installations using the Windows NT domain administration tools. +> to the group name passed. + This script is only useful for installations using the + Windows NT domain administration tools. The script is + free to create a group with an arbitrary name to + circumvent unix group name restrictions. In that case + the script must print the numeric gid of the created + group on stdout. </P ></DD ><DT @@ -5275,12 +5241,9 @@ NAME="ADMINUSERS" this list will be able to do anything they like on the share, irrespective of file permissions.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no admin users</I -></SPAN ></P ><P >Example: <B @@ -5302,12 +5265,9 @@ HREF="smbd.8.html" TARGET="_top" >smbd(8)</A > - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN >. Any <TT CLASS="PARAMETER" ><I @@ -5341,7 +5301,7 @@ NAME="ALLOWHOSTS" ><DD ><P >Synonym for <A -HREF="index.html#HOSTSALLOW" +HREF="r1.html#HOSTSALLOW" > <TT CLASS="PARAMETER" ><I @@ -5390,7 +5350,7 @@ NAME="ALLOWTRUSTEDDOMAINS" ><DD ><P >This option only takes effect when the <A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" ><TT CLASS="PARAMETER" ><I @@ -5494,7 +5454,7 @@ NAME="AUTOSERVICES" ><DD ><P >This is a synonym for the <A -HREF="index.html#PRELOAD" +HREF="r1.html#PRELOAD" > <TT CLASS="PARAMETER" ><I @@ -5516,7 +5476,7 @@ CLASS="COMMAND" >smbd</B > will use when authenticating a user. This option defaults to sensible values based on <A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" ><TT CLASS="PARAMETER" ><I @@ -5532,7 +5492,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->auth methods = <empty string></B +>auth methods = <empty string></B ></P ><P >Example: <B @@ -5553,12 +5513,9 @@ CLASS="PARAMETER" ><I >available = no</I ></TT ->, then <SPAN -CLASS="emphasis" -><I +>, then <I CLASS="EMPHASIS" >ALL</I -></SPAN > attempts to connect to the service will fail. Such failures are logged.</P @@ -5594,7 +5551,7 @@ CLASS="COMMAND" >nmbd</B > to bind to ports 137 and 138 on the interfaces listed in the <A -HREF="index.html#INTERFACES" +HREF="r1.html#INTERFACES" >interfaces</A > parameter. <B CLASS="COMMAND" @@ -5648,7 +5605,7 @@ TARGET="_top" >smbd(8)</A > to bind only to the interface list given in the <A -HREF="index.html#INTERFACES" +HREF="r1.html#INTERFACES" > interfaces</A > parameter. This restricts the networks that <B @@ -5665,12 +5622,9 @@ CLASS="PARAMETER" >bind interfaces only</I ></TT > is set then - unless the network address <SPAN -CLASS="emphasis" -><I + unless the network address <I CLASS="EMPHASIS" >127.0.0.1</I -></SPAN > is added to the <TT CLASS="PARAMETER" @@ -5699,12 +5653,9 @@ CLASS="COMMAND" CLASS="COMMAND" >smbpasswd</B > - by default connects to the <SPAN -CLASS="emphasis" -><I + by default connects to the <I CLASS="EMPHASIS" >localhost - 127.0.0.1</I -></SPAN > address as an SMB client to issue the password change request. If <TT @@ -5713,12 +5664,9 @@ CLASS="PARAMETER" >bind interfaces only</I ></TT > is set then unless the - network address <SPAN -CLASS="emphasis" -><I + network address <I CLASS="EMPHASIS" >127.0.0.1</I -></SPAN > is added to the <TT CLASS="PARAMETER" @@ -5767,19 +5715,13 @@ CLASS="COMMAND" CLASS="COMMAND" >nmbd</B > at the address - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >127.0.0.1</I -></SPAN > to determine if they are running. - Not adding <SPAN -CLASS="emphasis" -><I + Not adding <I CLASS="EMPHASIS" >127.0.0.1</I -></SPAN > will cause <B CLASS="COMMAND" > smbd</B @@ -5826,7 +5768,7 @@ TARGET="_top" ><P >If this parameter is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT >, then Samba 2.2 will behave as previous versions of Samba would and will fail the lock request immediately if the lock range @@ -5882,7 +5824,7 @@ NAME="BROWSABLE" ><DD ><P >See the <A -HREF="index.html#BROWSEABLE" +HREF="r1.html#BROWSEABLE" ><TT CLASS="PARAMETER" ><I @@ -5912,7 +5854,7 @@ CLASS="COMMAND" > call. Normally set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >. You should never need to change this.</P ><P @@ -5944,7 +5886,7 @@ NAME="CASESENSITIVE" ><DD ><P >See the discussion in the section <A -HREF="index.html#AEN203" +HREF="r1.html#AEN203" >NAME MANGLING</A >.</P ><P @@ -5961,7 +5903,7 @@ NAME="CASESIGNAMES" ><DD ><P >Synonym for <A -HREF="index.html#CASESENSITIVE" +HREF="r1.html#CASESENSITIVE" >case sensitive</A >.</P @@ -6105,7 +6047,7 @@ CLASS="PARAMETER" </P ><P > See also <A -HREF="index.html#ADDSHARECOMMAND" +HREF="r1.html#ADDSHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -6114,7 +6056,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#DELETESHARECOMMAND" +HREF="r1.html#DELETESHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -6125,12 +6067,9 @@ CLASS="PARAMETER" >. </P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none</I -></SPAN ></P ><P >Example: <B @@ -6155,7 +6094,7 @@ CLASS="COMMAND" ><P >If you want to set the string that is displayed next to the machine name then see the <A -HREF="index.html#SERVERSTRING" +HREF="r1.html#SERVERSTRING" ><TT CLASS="PARAMETER" ><I @@ -6164,12 +6103,9 @@ CLASS="PARAMETER" ></A > parameter.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >No comment string</I -></SPAN ></P ><P >Example: <B @@ -6226,12 +6162,9 @@ NAME="COPY" copied must occur earlier in the configuration file than the service doing the copying.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no value</I -></SPAN ></P ><P >Example: <B @@ -6248,7 +6181,7 @@ NAME="CREATEMASK" ><P >A synonym for this parameter is <A -HREF="index.html#CREATEMODE" +HREF="r1.html#CREATEMODE" ><TT CLASS="PARAMETER" ><I @@ -6262,12 +6195,9 @@ CLASS="PARAMETER" calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise - MASK for the UNIX modes of a file. Any bit <SPAN -CLASS="emphasis" -><I + MASK for the UNIX modes of a file. Any bit <I CLASS="EMPHASIS" >not</I -></SPAN > set here will be removed from the modes set on a file when it is created.</P @@ -6277,7 +6207,7 @@ CLASS="EMPHASIS" ><P >Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the <A -HREF="index.html#FORCECREATEMODE" +HREF="r1.html#FORCECREATEMODE" ><TT CLASS="PARAMETER" ><I @@ -6289,7 +6219,7 @@ CLASS="PARAMETER" ><P >This parameter does not affect directory modes. See the parameter <A -HREF="index.html#DIRECTORYMODE" +HREF="r1.html#DIRECTORYMODE" ><TT CLASS="PARAMETER" ><I @@ -6300,7 +6230,7 @@ CLASS="PARAMETER" > for details.</P ><P >See also the <A -HREF="index.html#FORCECREATEMODE" +HREF="r1.html#FORCECREATEMODE" ><TT CLASS="PARAMETER" ><I @@ -6310,7 +6240,7 @@ CLASS="PARAMETER" ></A > parameter for forcing particular mode bits to be set on created files. See also the <A -HREF="index.html#DIRECTORYMODE" +HREF="r1.html#DIRECTORYMODE" > <TT CLASS="PARAMETER" ><I @@ -6319,7 +6249,7 @@ CLASS="PARAMETER" ></A > parameter for masking mode bits on created directories. See also the <A -HREF="index.html#INHERITPERMISSIONS" +HREF="r1.html#INHERITPERMISSIONS" > <TT CLASS="PARAMETER" ><I @@ -6331,7 +6261,7 @@ CLASS="PARAMETER" >Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control lists also, they need to set the <A -HREF="index.html#SECURITYMASK" +HREF="r1.html#SECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -6358,7 +6288,7 @@ NAME="CREATEMODE" ><DD ><P >This is a synonym for <A -HREF="index.html#CREATEMASK" +HREF="r1.html#CREATEMASK" ><TT CLASS="PARAMETER" ><I @@ -6374,13 +6304,10 @@ NAME="CSCPOLICY" >csc policy (S)</DT ><DD ><P ->This stands for <SPAN -CLASS="emphasis" -><I +>This stands for <I CLASS="EMPHASIS" >client-side caching policy</I -></SPAN >, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable.</P @@ -6453,7 +6380,7 @@ NAME="DEBUGHIRESTIMESTAMP" message header when turned on.</P ><P >Note that the parameter <A -HREF="index.html#DEBUGTIMESTAMP" +HREF="r1.html#DEBUGTIMESTAMP" ><TT CLASS="PARAMETER" ><I @@ -6485,7 +6412,7 @@ TARGET="_top" to the timestamp message headers in the logfile when turned on.</P ><P >Note that the parameter <A -HREF="index.html#DEBUGTIMESTAMP" +HREF="r1.html#DEBUGTIMESTAMP" ><TT CLASS="PARAMETER" ><I @@ -6509,7 +6436,7 @@ NAME="DEBUGTIMESTAMP" ><P >Samba 2.2 debug log messages are timestamped by default. If you are running at a high <A -HREF="index.html#DEBUGLEVEL" +HREF="r1.html#DEBUGLEVEL" > <TT CLASS="PARAMETER" ><I @@ -6538,7 +6465,7 @@ NAME="DEBUGUID" in the log file if turned on.</P ><P >Note that the parameter <A -HREF="index.html#DEBUGTIMESTAMP" +HREF="r1.html#DEBUGTIMESTAMP" ><TT CLASS="PARAMETER" ><I @@ -6561,7 +6488,7 @@ NAME="DEBUGLEVEL" ><DD ><P >Synonym for <A -HREF="index.html#LOGLEVEL" +HREF="r1.html#LOGLEVEL" ><TT CLASS="PARAMETER" ><I @@ -6578,7 +6505,7 @@ NAME="DEFAULT" ><DD ><P >A synonym for <A -HREF="index.html#DEFAULTSERVICE" +HREF="r1.html#DEFAULTSERVICE" ><TT CLASS="PARAMETER" ><I @@ -6595,10 +6522,10 @@ NAME="DEFAULTCASE" ><DD ><P >See the section on <A -HREF="index.html#AEN203" +HREF="r1.html#AEN203" > NAME MANGLING</A >. Also note the <A -HREF="index.html#SHORTPRESERVECASE" +HREF="r1.html#SHORTPRESERVECASE" > <TT CLASS="PARAMETER" ><I @@ -6620,7 +6547,7 @@ NAME="DEFAULTDEVMODE" ><DD ><P >This parameter is only applicable to <A -HREF="index.html#PRINTOK" +HREF="r1.html#PRINTOK" >printable</A > services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba @@ -6672,12 +6599,9 @@ NAME="DEFAULTSERVICE" ><P >This parameter specifies the name of a service which will be connected to if the service actually requested cannot - be found. Note that the square brackets are <SPAN -CLASS="emphasis" -><I + be found. Note that the square brackets are <I CLASS="EMPHASIS" >NOT</I -></SPAN > given in the parameter value (see example below).</P ><P @@ -6686,7 +6610,7 @@ CLASS="EMPHASIS" service results in an error.</P ><P >Typically the default service would be a <A -HREF="index.html#GUESTOK" +HREF="r1.html#GUESTOK" > <TT CLASS="PARAMETER" ><I @@ -6694,7 +6618,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#READONLY" +HREF="r1.html#READONLY" > <TT CLASS="PARAMETER" ><I @@ -6719,6 +6643,12 @@ CLASS="PARAMETER" ><P >Example:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" >[global] @@ -6727,6 +6657,9 @@ CLASS="PROGRAMLISTING" [pub] path = /%S </PRE +></TD +></TR +></TABLE ></P ></DD ><DT @@ -6737,12 +6670,9 @@ NAME="DELETEGROUPSCRIPT" ><DD ><P >This is the full pathname to a script that will - be run <SPAN -CLASS="emphasis" -><I + be run <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN > by <A HREF="smbd.8.html" TARGET="_top" @@ -6814,7 +6744,7 @@ CLASS="COMMAND" > will return an ACCESS_DENIED error to the client.</P ><P >See also <A -HREF="index.html#ADDPRINTERCOMMAND" +HREF="r1.html#ADDPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -6822,7 +6752,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -6831,7 +6761,7 @@ CLASS="PARAMETER" ></A >, <A -HREF="index.html#SHOWADDPRINTERWIZARD" +HREF="r1.html#SHOWADDPRINTERWIZARD" ><TT CLASS="PARAMETER" ><I @@ -6841,12 +6771,9 @@ CLASS="PARAMETER" ></A ></P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none</I -></SPAN ></P ><P >Example: <B @@ -6950,7 +6877,7 @@ CLASS="PARAMETER" ><P > This parameter is only used to remove file shares. To delete printer shares, see the <A -HREF="index.html#DELETEPRINTERCOMMAND" +HREF="r1.html#DELETEPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -6962,7 +6889,7 @@ CLASS="PARAMETER" </P ><P > See also <A -HREF="index.html#ADDSHARECOMMAND" +HREF="r1.html#ADDSHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -6971,7 +6898,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#CHANGESHARECOMMAND" +HREF="r1.html#CHANGESHARECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -6982,12 +6909,9 @@ CLASS="PARAMETER" >. </P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none</I -></SPAN ></P ><P >Example: <B @@ -7027,7 +6951,7 @@ CLASS="COMMAND" ><P >Default: <B CLASS="COMMAND" ->delete user script = <empty string> +>delete user script = <empty string> </B ></P ><P @@ -7051,12 +6975,9 @@ HREF="smbd.8.html" TARGET="_top" >smbd(8)</A > - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN >. Any <TT CLASS="PARAMETER" ><I @@ -7092,7 +7013,7 @@ NAME="DELETEVETOFILES" >This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the <A -HREF="index.html#VETOFILES" +HREF="r1.html#VETOFILES" ><TT CLASS="PARAMETER" ><I @@ -7102,14 +7023,14 @@ CLASS="PARAMETER" > option). If this option is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT > (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want.</P ><P >If this option is set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, then Samba will attempt to recursively delete any files and directories within the vetoed directory. This can be useful for integration with file @@ -7128,7 +7049,7 @@ CLASS="COMMAND" is deleted (so long as the user has permissions to do so).</P ><P >See also the <A -HREF="index.html#VETOFILES" +HREF="r1.html#VETOFILES" ><TT CLASS="PARAMETER" ><I @@ -7151,7 +7072,7 @@ NAME="DENYHOSTS" ><DD ><P >Synonym for <A -HREF="index.html#HOSTSDENY" +HREF="r1.html#HOSTSDENY" ><TT CLASS="PARAMETER" ><I @@ -7196,23 +7117,17 @@ CLASS="FILENAME" third return value can give the block size in bytes. The default blocksize is 1024 bytes.</P ><P ->Note: Your script should <SPAN -CLASS="emphasis" -><I +>Note: Your script should <I CLASS="EMPHASIS" >NOT</I -></SPAN > be setuid or setgid and should be owned by (and writeable only by) root!</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >By default internal routines for determining the disk capacity and remaining space will be used. </I -></SPAN ></P ><P >Example: <B @@ -7223,22 +7138,40 @@ CLASS="COMMAND" ><P >Where the script dfree (which must be made executable) could be:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > #!/bin/sh df $1 | tail -1 | awk '{print $2" "$4}' </PRE +></TD +></TR +></TABLE ></P ><P >or perhaps (on Sys V based systems):</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > #!/bin/sh /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' </PRE +></TD +></TR +></TABLE ></P ><P >Note that you may have to replace the command names @@ -7252,7 +7185,7 @@ NAME="DIRECTORY" ><DD ><P >Synonym for <A -HREF="index.html#PATH" +HREF="r1.html#PATH" ><TT CLASS="PARAMETER" ><I @@ -7277,12 +7210,9 @@ NAME="DIRECTORYMASK" calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise MASK for - the UNIX modes of a directory. Any bit <SPAN -CLASS="emphasis" -><I + the UNIX modes of a directory. Any bit <I CLASS="EMPHASIS" >not</I -></SPAN > set here will be removed from the modes set on a directory when it is created.</P @@ -7293,7 +7223,7 @@ CLASS="EMPHASIS" ><P >Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the <A -HREF="index.html#FORCEDIRECTORYMODE" +HREF="r1.html#FORCEDIRECTORYMODE" ><TT CLASS="PARAMETER" ><I @@ -7307,7 +7237,7 @@ CLASS="PARAMETER" >Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control lists also, they need to set the <A -HREF="index.html#DIRECTORYSECURITYMASK" +HREF="r1.html#DIRECTORYSECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -7317,7 +7247,7 @@ CLASS="PARAMETER" >.</P ><P >See the <A -HREF="index.html#FORCEDIRECTORYMODE" +HREF="r1.html#FORCEDIRECTORYMODE" ><TT CLASS="PARAMETER" ><I @@ -7329,7 +7259,7 @@ CLASS="PARAMETER" bits to always be set on created directories.</P ><P >See also the <A -HREF="index.html#CREATEMODE" +HREF="r1.html#CREATEMODE" ><TT CLASS="PARAMETER" ><I @@ -7339,7 +7269,7 @@ CLASS="PARAMETER" ></A > parameter for masking mode bits on created files, and the <A -HREF="index.html#DIRECTORYSECURITYMASK" +HREF="r1.html#DIRECTORYSECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -7350,7 +7280,7 @@ CLASS="PARAMETER" > parameter.</P ><P >Also refer to the <A -HREF="index.html#INHERITPERMISSIONS" +HREF="r1.html#INHERITPERMISSIONS" ><TT CLASS="PARAMETER" ><I @@ -7377,7 +7307,7 @@ NAME="DIRECTORYMODE" ><DD ><P >Synonym for <A -HREF="index.html#DIRECTORYMASK" +HREF="r1.html#DIRECTORYMASK" ><TT CLASS="PARAMETER" ><I @@ -7408,12 +7338,9 @@ NAME="DIRECTORYSECURITYMASK" meaning a user is allowed to modify all the user/group/world permissions on a directory.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -7424,7 +7351,7 @@ CLASS="CONSTANT" >.</P ><P >See also the <A -HREF="index.html#FORCEDIRECTORYSECURITYMODE" +HREF="r1.html#FORCEDIRECTORYSECURITYMODE" ><TT CLASS="PARAMETER" ><I @@ -7432,7 +7359,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#SECURITYMASK" +HREF="r1.html#SECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -7441,7 +7368,7 @@ CLASS="PARAMETER" ></A >, <A -HREF="index.html#FORCESECURITYMODE" +HREF="r1.html#FORCESECURITYMODE" ><TT CLASS="PARAMETER" ><I @@ -7502,17 +7429,14 @@ NAME="DISABLESPOOLSS" Wizard or by using the NT printer properties dialog window. It will also disable the capability of Windows NT/2000 clients to download print drivers from the Samba host upon demand. - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >Be very careful about enabling this parameter.</I -></SPAN > </P ><P >See also <A -HREF="index.html#USECLIENTDRIVER" +HREF="r1.html#USECLIENTDRIVER" >use client driver</A > </P @@ -7576,7 +7500,7 @@ CLASS="COMMAND" action.</P ><P >See also the parameter <A -HREF="index.html#WINSSUPPORT" +HREF="r1.html#WINSSUPPORT" ><TT CLASS="PARAMETER" ><I @@ -7592,112 +7516,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="DOMAINADMINGROUP" -></A ->domain admin group (G)</DT -><DD -><P ->This parameter is intended as a temporary solution - to enable users to be a member of the "Domain Admins" group when - a Samba host is acting as a PDC. A complete solution will be provided - by a system for mapping Windows NT/2000 groups onto UNIX groups. - Please note that this parameter has a somewhat confusing name. It - accepts a list of usernames and of group names in standard - <TT -CLASS="FILENAME" ->smb.conf</TT -> notation. - </P -><P ->See also <A -HREF="index.html#DOMAINGUESTGROUP" -><TT -CLASS="PARAMETER" -><I ->domain - guest group</I -></TT -></A ->, <A -HREF="index.html#DOMAINLOGONS" -><TT -CLASS="PARAMETER" -><I ->domain - logons</I -></TT -></A -> - </P -><P ->Default: <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->no domain administrators</I -></SPAN -></P -><P ->Example: <B -CLASS="COMMAND" ->domain admin group = root @wheel</B -></P -></DD -><DT -><A -NAME="DOMAINGUESTGROUP" -></A ->domain guest group (G)</DT -><DD -><P ->This parameter is intended as a temporary solution - to enable users to be a member of the "Domain Guests" group when - a Samba host is acting as a PDC. A complete solution will be provided - by a system for mapping Windows NT/2000 groups onto UNIX groups. - Please note that this parameter has a somewhat confusing name. It - accepts a list of usernames and of group names in standard - <TT -CLASS="FILENAME" ->smb.conf</TT -> notation. - </P -><P ->See also <A -HREF="index.html#DOMAINADMINGROUP" -><TT -CLASS="PARAMETER" -><I ->domain - admin group</I -></TT -></A ->, <A -HREF="index.html#DOMAINLOGONS" -><TT -CLASS="PARAMETER" -><I ->domain - logons</I -></TT -></A -> - </P -><P ->Default: <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->no domain guests</I -></SPAN -></P -><P ->Example: <B -CLASS="COMMAND" ->domain guest group = nobody @guest</B -></P -></DD -><DT -><A NAME="DOMAINLOGONS" ></A >domain logons (G)</DT @@ -7705,10 +7523,10 @@ NAME="DOMAINLOGONS" ><P >If set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, the Samba server will serve Windows 95/98 Domain logons for the <A -HREF="index.html#WORKGROUP" +HREF="r1.html#WORKGROUP" > <TT CLASS="PARAMETER" ><I @@ -7750,7 +7568,7 @@ CLASS="COMMAND" > to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given <A -HREF="index.html#WORKGROUP" +HREF="r1.html#WORKGROUP" > <TT CLASS="PARAMETER" ><I @@ -7810,7 +7628,7 @@ CLASS="PARAMETER" strangely and may fail.</P ><P >If <A -HREF="index.html#DOMAINLOGONS" +HREF="r1.html#DOMAINLOGONS" ><B CLASS="COMMAND" >domain logons = yes</B @@ -7867,13 +7685,10 @@ CLASS="FILENAME" >. Experimentation is the best policy :-) </P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none (i.e., all directories are OK to descend)</I -></SPAN ></P ><P >Example: <B @@ -7980,7 +7795,7 @@ CLASS="COMMAND" > is acting on behalf of is not the file owner. Setting this option to <TT CLASS="CONSTANT" -> true</TT +> yes</TT > allows DOS semantics and <A HREF="smbd.8.html" TARGET="_top" @@ -8036,7 +7851,7 @@ CLASS="COMMAND" ></A > program for information on how to set up and maintain this file), or set the <A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" >security = [server|domain|ads]</A > parameter which causes <B @@ -8117,12 +7932,9 @@ CLASS="PARAMETER" to standard output. This listing will then be used in response to the level 1 and 2 EnumPorts() RPC.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no enumports command</I -></SPAN ></P ><P >Example: <B @@ -8139,7 +7951,7 @@ NAME="EXEC" ><DD ><P >This is a synonym for <A -HREF="index.html#PREEXEC" +HREF="r1.html#PREEXEC" > <TT CLASS="PARAMETER" ><I @@ -8216,7 +8028,7 @@ CLASS="COMMAND" the file.</P ><P >It is generally much better to use the real <A -HREF="index.html#OPLOCKS" +HREF="r1.html#OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -8288,12 +8100,9 @@ NAME="FORCECREATEMODE" ><DD ><P >This parameter specifies a set of UNIX mode bit - permissions that will <SPAN -CLASS="emphasis" -><I + permissions that will <I CLASS="EMPHASIS" >always</I -></SPAN > be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created or having its @@ -8308,7 +8117,7 @@ CLASS="PARAMETER" parameter is applied.</P ><P >See also the parameter <A -HREF="index.html#CREATEMASK" +HREF="r1.html#CREATEMASK" ><TT CLASS="PARAMETER" ><I @@ -8319,7 +8128,7 @@ CLASS="PARAMETER" > for details on masking mode bits on files.</P ><P >See also the <A -HREF="index.html#INHERITPERMISSIONS" +HREF="r1.html#INHERITPERMISSIONS" ><TT CLASS="PARAMETER" ><I @@ -8351,12 +8160,9 @@ NAME="FORCEDIRECTORYMODE" ><DD ><P >This parameter specifies a set of UNIX mode bit - permissions that will <SPAN -CLASS="emphasis" -><I + permissions that will <I CLASS="EMPHASIS" >always</I -></SPAN > be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a directory that is being created. The default for this @@ -8371,7 +8177,7 @@ CLASS="PARAMETER" applied.</P ><P >See also the parameter <A -HREF="index.html#DIRECTORYMASK" +HREF="r1.html#DIRECTORYMASK" ><TT CLASS="PARAMETER" ><I @@ -8382,7 +8188,7 @@ CLASS="PARAMETER" on created directories.</P ><P >See also the <A -HREF="index.html#INHERITPERMISSIONS" +HREF="r1.html#INHERITPERMISSIONS" ><TT CLASS="PARAMETER" ><I @@ -8426,12 +8232,9 @@ NAME="FORCEDIRECTORYSECURITYMODE" allows a user to modify all the user/group/world permissions on a directory without restrictions.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -8439,7 +8242,7 @@ CLASS="EMPHASIS" it set as 0000.</P ><P >See also the <A -HREF="index.html#DIRECTORYSECURITYMASK" +HREF="r1.html#DIRECTORYSECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -8447,7 +8250,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#SECURITYMASK" +HREF="r1.html#SECURITYMASK" > <TT CLASS="PARAMETER" ><I @@ -8456,7 +8259,7 @@ CLASS="PARAMETER" ></A >, <A -HREF="index.html#FORCESECURITYMODE" +HREF="r1.html#FORCESECURITYMODE" ><TT CLASS="PARAMETER" ><I @@ -8508,7 +8311,7 @@ CLASS="FILENAME" other users will retain their ordinary primary group.</P ><P >If the <A -HREF="index.html#FORCEUSER" +HREF="r1.html#FORCEUSER" ><TT CLASS="PARAMETER" ><I @@ -8531,7 +8334,7 @@ CLASS="PARAMETER" >.</P ><P >See also <A -HREF="index.html#FORCEUSER" +HREF="r1.html#FORCEUSER" ><TT CLASS="PARAMETER" ><I @@ -8541,12 +8344,9 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no forced group</I -></SPAN ></P ><P >Example: <B @@ -8576,12 +8376,9 @@ NAME="FORCESECURITYMODE" and allows a user to modify all the user/group/world permissions on a file, with no restrictions.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -8589,7 +8386,7 @@ CLASS="EMPHASIS" this set to 0000.</P ><P >See also the <A -HREF="index.html#FORCEDIRECTORYSECURITYMODE" +HREF="r1.html#FORCEDIRECTORYSECURITYMODE" ><TT CLASS="PARAMETER" ><I @@ -8598,7 +8395,7 @@ CLASS="PARAMETER" ></A >, <A -HREF="index.html#DIRECTORYSECURITYMASK" +HREF="r1.html#DIRECTORYSECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -8607,7 +8404,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#SECURITYMASK" +HREF="r1.html#SECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -8650,7 +8447,7 @@ NAME="FORCEUSER" as the primary group of the connecting user (this was a bug).</P ><P >See also <A -HREF="index.html#FORCEGROUP" +HREF="r1.html#FORCEGROUP" ><TT CLASS="PARAMETER" ><I @@ -8660,12 +8457,9 @@ CLASS="PARAMETER" ></A ></P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no forced user</I -></SPAN ></P ><P >Example: <B @@ -8726,7 +8520,7 @@ NAME="GETWDCACHE" caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially when the <A -HREF="index.html#WIDELINKS" +HREF="r1.html#WIDELINKS" ><TT CLASS="PARAMETER" ><I @@ -8736,7 +8530,7 @@ CLASS="PARAMETER" </A >parameter is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT >.</P ><P >Default: <B @@ -8752,7 +8546,7 @@ NAME="GROUP" ><DD ><P >Synonym for <A -HREF="index.html#FORCEGROUP" +HREF="r1.html#FORCEGROUP" ><TT CLASS="PARAMETER" ><I @@ -8771,7 +8565,7 @@ NAME="GUESTACCOUNT" ><P >This is a username which will be used for access to services which are specified as <A -HREF="index.html#GUESTOK" +HREF="r1.html#GUESTOK" ><TT CLASS="PARAMETER" ><I @@ -8800,17 +8594,14 @@ CLASS="COMMAND" > lp(1)</B >.</P ><P ->This paramater does not accept % marcos, becouse +>This paramater does not accept % macros, because many parts of the system require this value to be - constant for correct operation</P + constant for correct operation.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >specified at compile time, usually "nobody"</I -></SPAN ></P ><P >Example: <B @@ -8831,7 +8622,7 @@ CLASS="CONSTANT" > for a service, then no password is required to connect to the service. Privileges will be those of the <A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" ><TT CLASS="PARAMETER" ><I @@ -8841,7 +8632,7 @@ CLASS="PARAMETER" >.</P ><P >See the section below on <A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" ><TT CLASS="PARAMETER" ><I @@ -8869,7 +8660,7 @@ CLASS="CONSTANT" > for a service, then only guest connections to the service are permitted. This parameter will have no effect if <A -HREF="index.html#GUESTOK" +HREF="r1.html#GUESTOK" > <TT CLASS="PARAMETER" ><I @@ -8879,7 +8670,7 @@ CLASS="PARAMETER" > is not set for the service.</P ><P >See the section below on <A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" ><TT CLASS="PARAMETER" ><I @@ -8936,7 +8727,7 @@ NAME="HIDEFILES" as they are scanned.</P ><P >See also <A -HREF="index.html#HIDEDOTFILES" +HREF="r1.html#HIDEDOTFILES" ><TT CLASS="PARAMETER" ><I @@ -8945,7 +8736,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#VETOFILES" +HREF="r1.html#VETOFILES" ><TT CLASS="PARAMETER" ><I @@ -8953,7 +8744,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#CASESENSITIVE" +HREF="r1.html#CASESENSITIVE" > <TT CLASS="PARAMETER" ><I @@ -8962,12 +8753,9 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no file are hidden</I -></SPAN ></P ><P >Example: <B @@ -9034,13 +8822,30 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="HIDESPECIALFILES" +></A +>hide special files (G)</DT +><DD +><P +>This parameter prevents clients from seeing + special files such as sockets, devices and fifo's in directory + listings. + </P +><P +>Default: <B +CLASS="COMMAND" +>hide special files = no</B +></P +></DD +><DT +><A NAME="HOMEDIRMAP" ></A >homedir map (G)</DT ><DD ><P >If<A -HREF="index.html#NISHOMEDIR" +HREF="r1.html#NISHOMEDIR" ><TT CLASS="PARAMETER" ><I @@ -9050,7 +8855,7 @@ CLASS="PARAMETER" ></A > is <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, and <A HREF="smbd.8.html" TARGET="_top" @@ -9079,17 +8884,14 @@ CLASS="COMMAND" that copes with different map formats and also Amd (another automounter) maps.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >NOTE :</I -></SPAN >A working NIS client is required on the system for this option to work.</P ><P >See also <A -HREF="index.html#NISHOMEDIR" +HREF="r1.html#NISHOMEDIR" ><TT CLASS="PARAMETER" ><I @@ -9098,7 +8900,7 @@ CLASS="PARAMETER" > </A >, <A -HREF="index.html#DOMAINLOGONS" +HREF="r1.html#DOMAINLOGONS" ><TT CLASS="PARAMETER" ><I @@ -9110,7 +8912,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->homedir map = <empty string></B +>homedir map = <empty string></B ></P ><P >Example: <B @@ -9137,7 +8939,7 @@ CLASS="CONSTANT" to browse Dfs trees hosted on the server.</P ><P >See also the <A -HREF="index.html#MSDFSROOT" +HREF="r1.html#MSDFSROOT" ><TT CLASS="PARAMETER" ><I @@ -9225,7 +9027,7 @@ CLASS="FILENAME" ><P >Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a <A -HREF="index.html#HOSTSDENY" +HREF="r1.html#HOSTSDENY" ><TT CLASS="PARAMETER" ><I @@ -9236,12 +9038,9 @@ CLASS="PARAMETER" ><P >You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >EXCEPT</I -></SPAN > keyword can also be used to limit a wildcard list. The following examples may provide some help:</P ><P @@ -9292,13 +9091,10 @@ CLASS="COMMAND" > for a way of testing your host access to see if it does what you expect.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none (i.e., all hosts permitted access) </I -></SPAN ></P ><P >Example: <B @@ -9320,12 +9116,9 @@ CLASS="PARAMETER" >hosts allow</I ></TT > - - hosts listed here are <SPAN -CLASS="emphasis" -><I + - hosts listed here are <I CLASS="EMPHASIS" >NOT</I -></SPAN > permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the <TT @@ -9336,13 +9129,10 @@ CLASS="PARAMETER" > list takes precedence.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none (i.e., no hosts specifically excluded) </I -></SPAN ></P ><P >Example: <B @@ -9364,7 +9154,7 @@ NAME="HOSTSEQUIV" </P ><P >This is not be confused with <A -HREF="index.html#HOSTSALLOW" +HREF="r1.html#HOSTSALLOW" > <TT CLASS="PARAMETER" ><I @@ -9380,12 +9170,9 @@ CLASS="PARAMETER" > may be useful for NT clients which will not supply passwords to Samba.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >NOTE :</I -></SPAN > The use of <TT CLASS="PARAMETER" ><I @@ -9402,21 +9189,15 @@ CLASS="PARAMETER" ></TT > option be only used if you really know what you are doing, or perhaps on a home network where you trust - your spouse and kids. And only if you <SPAN -CLASS="emphasis" -><I + your spouse and kids. And only if you <I CLASS="EMPHASIS" >really</I -></SPAN > trust them :-).</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no host equivalences</I -></SPAN ></P ><P >Example: <B @@ -9454,12 +9235,9 @@ CLASS="PARAMETER" >. </P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no file included</I -></SPAN ></P ><P >Example: <B @@ -9499,7 +9277,7 @@ NAME="INHERITPERMISSIONS" ><P >The permissions on new files and directories are normally governed by <A -HREF="index.html#CREATEMASK" +HREF="r1.html#CREATEMASK" ><TT CLASS="PARAMETER" ><I @@ -9507,7 +9285,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#DIRECTORYMASK" +HREF="r1.html#DIRECTORYMASK" > <TT CLASS="PARAMETER" ><I @@ -9515,7 +9293,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#FORCECREATEMODE" +HREF="r1.html#FORCECREATEMODE" ><TT CLASS="PARAMETER" ><I @@ -9524,7 +9302,7 @@ CLASS="PARAMETER" > </A > and <A -HREF="index.html#FORCEDIRECTORYMODE" +HREF="r1.html#FORCEDIRECTORYMODE" ><TT CLASS="PARAMETER" ><I @@ -9541,7 +9319,7 @@ CLASS="PARAMETER" >New files inherit their read/write bits from the parent directory. Their execute bits continue to be determined by <A -HREF="index.html#MAPARCHIVE" +HREF="r1.html#MAPARCHIVE" ><TT CLASS="PARAMETER" ><I @@ -9550,7 +9328,7 @@ CLASS="PARAMETER" > </A >, <A -HREF="index.html#MAPHIDDEN" +HREF="r1.html#MAPHIDDEN" ><TT CLASS="PARAMETER" ><I @@ -9559,7 +9337,7 @@ CLASS="PARAMETER" > </A > and <A -HREF="index.html#MAPSYSTEM" +HREF="r1.html#MAPSYSTEM" ><TT CLASS="PARAMETER" ><I @@ -9569,12 +9347,9 @@ CLASS="PARAMETER" </A > as usual.</P ><P ->Note that the setuid bit is <SPAN -CLASS="emphasis" -><I +>Note that the setuid bit is <I CLASS="EMPHASIS" >never</I -></SPAN > set via inheritance (the code explicitly prohibits this).</P ><P @@ -9583,7 +9358,7 @@ CLASS="EMPHASIS" share to be used flexibly by each user.</P ><P >See also <A -HREF="index.html#CREATEMASK" +HREF="r1.html#CREATEMASK" ><TT CLASS="PARAMETER" ><I @@ -9592,7 +9367,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#DIRECTORYMASK" +HREF="r1.html#DIRECTORYMASK" ><TT CLASS="PARAMETER" ><I @@ -9600,7 +9375,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#FORCECREATEMODE" +HREF="r1.html#FORCECREATEMODE" > <TT CLASS="PARAMETER" ><I @@ -9608,7 +9383,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#FORCEDIRECTORYMODE" +HREF="r1.html#FORCEDIRECTORYMODE" ><TT CLASS="PARAMETER" ><I @@ -9684,7 +9459,7 @@ CLASS="COMMAND" The netmasks of the latter two interfaces would be set to 255.255.255.0.</P ><P >See also <A -HREF="index.html#BINDINTERFACESONLY" +HREF="r1.html#BINDINTERFACESONLY" ><TT CLASS="PARAMETER" ><I @@ -9694,13 +9469,10 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >all active interfaces except 127.0.0.1 that are broadcast capable</I -></SPAN ></P ></DD ><DT @@ -9711,12 +9483,9 @@ NAME="INVALIDUSERS" ><DD ><P >This is a list of users that should not be allowed - to login to this service. This is really a <SPAN -CLASS="emphasis" -><I + to login to this service. This is really a <I CLASS="EMPHASIS" >paranoid</I -></SPAN > check to absolutely ensure an improper setting does not breach your security.</P @@ -9733,7 +9502,7 @@ CLASS="EMPHASIS" so the value <TT CLASS="PARAMETER" ><I ->+&group</I +>+&group</I ></TT > means check the UNIX group database, followed by the NIS netgroup database, and @@ -9755,7 +9524,7 @@ CLASS="PARAMETER" This is useful in the [homes] section.</P ><P >See also <A -HREF="index.html#VALIDUSERS" +HREF="r1.html#VALIDUSERS" ><TT CLASS="PARAMETER" ><I @@ -9765,12 +9534,9 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no invalid users</I -></SPAN ></P ><P >Example: <B @@ -9799,7 +9565,7 @@ CLASS="PARAMETER" ><P >Keepalives should, in general, not be needed if the socket being used has the SO_KEEPALIVE attribute set on it (see <A -HREF="index.html#SOCKETOPTIONS" +HREF="r1.html#SOCKETOPTIONS" ><TT CLASS="PARAMETER" ><I @@ -9827,7 +9593,7 @@ NAME="KERNELOPLOCKS" ><DD ><P >For UNIXes that support kernel based <A -HREF="index.html#OPLOCKS" +HREF="r1.html#OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -9854,12 +9620,9 @@ CLASS="COMMAND" > </A > has oplocked. This allows complete data consistency between - SMB/CIFS, NFS and local file access (and is a <SPAN -CLASS="emphasis" -><I + SMB/CIFS, NFS and local file access (and is a <I CLASS="EMPHASIS" >very</I -></SPAN > cool feature :-).</P ><P @@ -9871,7 +9634,7 @@ CLASS="CONSTANT" You should never need to touch this parameter.</P ><P >See also the <A -HREF="index.html#OPLOCKS" +HREF="r1.html#OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -9880,7 +9643,7 @@ CLASS="PARAMETER" > </A > and <A -HREF="index.html#LEVEL2OPLOCKS" +HREF="r1.html#LEVEL2OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -9978,12 +9741,9 @@ CLASS="COMMAND" page for more information on how to accmplish this. </P ><P ->Default : <SPAN -CLASS="emphasis" -><I +>Default : <I CLASS="EMPHASIS" >none</I -></SPAN ></P ></DD ><DT @@ -10007,7 +9767,7 @@ CLASS="CONSTANT" ><P >Default : <B CLASS="COMMAND" ->ldap filter = (&(uid=%u)(objectclass=sambaAccount))</B +>ldap filter = (&(uid=%u)(objectclass=sambaAccount))</B ></P ></DD ><DT @@ -10019,12 +9779,9 @@ NAME="LDAPSSL" ><P >This option is used to define whether or not Samba should use SSL when connecting to the ldap server - This is <SPAN -CLASS="emphasis" -><I + This is <I CLASS="EMPHASIS" >NOT</I -></SPAN > related to Samba's previous SSL support which was enabled by specifying the <B @@ -10043,26 +9800,45 @@ CLASS="PARAMETER" >ldap ssl</I ></TT > can be set to one of three values: - (a) <TT -CLASS="CONSTANT" ->on</TT -> - Always use SSL when contacting the - <TT + </P +><P +></P +><UL +><LI +><P +><TT +CLASS="PARAMETER" +><I +>On</I +></TT +> = Always use SSL when contacting the + <TT CLASS="PARAMETER" ><I >ldap server</I ></TT ->, (b) <TT -CLASS="CONSTANT" ->off</TT -> - - Never use SSL when querying the directory, or (c) <TT -CLASS="CONSTANT" ->start_tls</TT -> - - Use the LDAPv3 StartTLS extended operation - (RFC2830) for communicating with the directory server. - </P +>.</P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>Off</I +></TT +> = Never use SSL when querying the directory.</P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>Start_tls</I +></TT +> = Use the LDAPv3 StartTLS extended operation + (RFC2830) for communicating with the directory server.</P +></LI +></UL ><P >Default : <B CLASS="COMMAND" @@ -10076,12 +9852,9 @@ NAME="LDAPSUFFIX" >ldap suffix (G)</DT ><DD ><P ->Default : <SPAN -CLASS="emphasis" -><I +>Default : <I CLASS="EMPHASIS" >none</I -></SPAN ></P ></DD ><DT @@ -10094,12 +9867,9 @@ NAME="LDAPUSERSUFFIX" >It specifies where users are added to the tree. </P ><P ->Default : <SPAN -CLASS="emphasis" -><I +>Default : <I CLASS="EMPHASIS" >none</I -></SPAN ></P ></DD ><DT @@ -10113,12 +9883,67 @@ NAME="LDAPMACHINESUFFIX" added to the ldap tree. </P ><P ->Default : <SPAN -CLASS="emphasis" -><I +>Default : <I CLASS="EMPHASIS" >none</I -></SPAN +></P +></DD +><DT +><A +NAME="LDAPPASSWDSYNC" +></A +>ldap passwd sync (G)</DT +><DD +><P +>This option is used to define whether + or not Samba should sync the LDAP password with the NT + and LM hashes for normal accounts (NOT for + workstation, server or domain trusts) on a password + change via SAMBA. + </P +><P +> The <TT +CLASS="PARAMETER" +><I +>ldap passwd sync</I +></TT +> can be set to one of three values: + </P +><P +></P +><UL +><LI +><P +><TT +CLASS="PARAMETER" +><I +>Yes</I +></TT +> = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.</P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>No</I +></TT +> = Update NT and LM passwords and update the pwdLastSet time.</P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>Only</I +></TT +> = Only update the LDAP password and let the LDAP server do the rest.</P +></LI +></UL +><P +>Default : <B +CLASS="COMMAND" +>ldap passwd sync = no</B ></P ></DD ><DT @@ -10152,7 +9977,7 @@ NAME="LEVEL2OPLOCKS" >For more discussions on level2 oplocks see the CIFS spec.</P ><P >Currently, if <A -HREF="index.html#KERNELOPLOCKS" +HREF="r1.html#KERNELOPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -10166,7 +9991,7 @@ CLASS="CONSTANT" >yes</TT >). Note also, the <A -HREF="index.html#OPLOCKS" +HREF="r1.html#OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -10176,12 +10001,12 @@ CLASS="PARAMETER" </A > parameter must be set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > on this share in order for this parameter to have any effect.</P ><P >See also the <A -HREF="index.html#OPLOCKS" +HREF="r1.html#OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -10190,7 +10015,7 @@ CLASS="PARAMETER" > </A > and <A -HREF="index.html#OPLOCKS" +HREF="r1.html#OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -10224,10 +10049,10 @@ CLASS="COMMAND" the Samba server in their browse list. This parameter can have three values, <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, <TT CLASS="CONSTANT" ->false</TT +>no</TT >, or <TT CLASS="CONSTANT" @@ -10238,11 +10063,11 @@ CLASS="CONSTANT" >. If set to <TT CLASS="CONSTANT" ->false</TT +>no</TT > Samba will never produce these broadcasts. If set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > Samba will produce Lanman announce broadcasts at a frequency set by the parameter <TT @@ -10265,7 +10090,7 @@ CLASS="PARAMETER" >.</P ><P >See also <A -HREF="index.html#LMINTERVAL" +HREF="r1.html#LMINTERVAL" ><TT CLASS="PARAMETER" ><I @@ -10294,7 +10119,7 @@ NAME="LMINTERVAL" ><P >If Samba is set to produce Lanman announce broadcasts needed by OS/2 clients (see the <A -HREF="index.html#LMANNOUNCE" +HREF="r1.html#LMANNOUNCE" > <TT CLASS="PARAMETER" ><I @@ -10313,7 +10138,7 @@ CLASS="PARAMETER" parameter.</P ><P >See also <A -HREF="index.html#LMANNOUNCE" +HREF="r1.html#LMANNOUNCE" ><TT CLASS="PARAMETER" ><I @@ -10343,7 +10168,7 @@ NAME="LOADPRINTERS" >A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. See the <A -HREF="index.html#AEN79" +HREF="r1.html#AEN79" >printers</A > section for more details.</P @@ -10370,7 +10195,7 @@ CLASS="COMMAND" > to try and become a local master browser on a subnet. If set to <TT CLASS="CONSTANT" ->false</TT +>no</TT > then <B CLASS="COMMAND" > nmbd</B @@ -10378,42 +10203,33 @@ CLASS="COMMAND" on a subnet and will also lose in all browsing elections. By default this value is set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >. Setting this value to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > doesn't - mean that Samba will <SPAN -CLASS="emphasis" -><I + mean that Samba will <I CLASS="EMPHASIS" >become</I -></SPAN > the local master browser on a subnet, just that <B CLASS="COMMAND" >nmbd</B -> will <SPAN -CLASS="emphasis" -><I +> will <I CLASS="EMPHASIS" > participate</I -></SPAN > in elections for local master browser.</P ><P >Setting this value to <TT CLASS="CONSTANT" ->false</TT +>no</TT > will cause <B CLASS="COMMAND" >nmbd</B > - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >never</I -></SPAN > to become a local master browser.</P ><P >Default: <B @@ -10429,7 +10245,7 @@ NAME="LOCKDIR" ><DD ><P >Synonym for <A -HREF="index.html#LOCKDIRECTORY" +HREF="r1.html#LOCKDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -10448,7 +10264,7 @@ NAME="LOCKDIRECTORY" >This option specifies the directory where lock files will be placed. The lock files are used to implement the <A -HREF="index.html#MAXCONNECTIONS" +HREF="r1.html#MAXCONNECTIONS" ><TT CLASS="PARAMETER" ><I @@ -10502,7 +10318,7 @@ NAME="LOCKSPINTIME" >The time in microseconds that smbd should pause before attempting to gain a failed lock. See <A -HREF="index.html#LOCKSPINCOUNT" +HREF="r1.html#LOCKSPINCOUNT" ><TT CLASS="PARAMETER" ><I @@ -10543,19 +10359,13 @@ CLASS="COMMAND" >, real locking will be performed by the server.</P ><P ->This option <SPAN -CLASS="emphasis" -><I +>This option <I CLASS="EMPHASIS" >may</I -></SPAN > be useful for read-only - filesystems which <SPAN -CLASS="emphasis" -><I + filesystems which <I CLASS="EMPHASIS" >may</I -></SPAN > not need locking (such as CDROM drives), although setting this parameter of <TT CLASS="CONSTANT" @@ -10626,7 +10436,7 @@ NAME="LOGONDRIVE" ><P >This parameter specifies the local path to which the home directory will be connected (see <A -HREF="index.html#LOGONHOME" +HREF="r1.html#LOGONHOME" ><TT CLASS="PARAMETER" ><I @@ -10695,7 +10505,7 @@ CLASS="COMMAND" but use the whole string when dealing with profiles.</P ><P >Note that in prior versions of Samba, the <A -HREF="index.html#LOGONPATH" +HREF="r1.html#LOGONPATH" > <TT CLASS="PARAMETER" ><I @@ -10742,7 +10552,7 @@ NAME="LOGONPATH" stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to handle roaming profiles for Win 9X system, see the <A -HREF="index.html#LOGONHOME" +HREF="r1.html#LOGONHOME" > <TT CLASS="PARAMETER" ><I @@ -10780,12 +10590,9 @@ CLASS="FILENAME" >Thereafter, the directories and any of the contents can, if required, be made read-only. It is not advisable that the NTuser.dat file be made read-only - rename it to NTuser.man to - achieve the desired effect (a <SPAN -CLASS="emphasis" -><I + achieve the desired effect (a <I CLASS="EMPHASIS" >MAN</I -></SPAN >datory profile). </P ><P @@ -10826,7 +10633,7 @@ NAME="LOGONSCRIPT" ><P >The script must be a relative path to the [netlogon] service. If the [netlogon] service specifies a <A -HREF="index.html#PATH" +HREF="r1.html#PATH" > <TT CLASS="PARAMETER" ><I @@ -10875,12 +10682,9 @@ CLASS="COMMAND" >This option is only useful if Samba is set up as a logon server.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no logon script defined</I -></SPAN ></P ><P >Example: <B @@ -10937,7 +10741,7 @@ CLASS="PARAMETER" in the lppause command as the PATH may not be available to the server.</P ><P >See also the <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -11031,7 +10835,7 @@ CLASS="COMMAND" >A value of 0 will disable caching completely.</P ><P >See also the <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -11115,7 +10919,7 @@ CLASS="PARAMETER" print queue listing.</P ><P >See also the <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -11125,9 +10929,7 @@ CLASS="PARAMETER" ></A > parameter.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >depends on the setting of <TT CLASS="PARAMETER" @@ -11135,7 +10937,6 @@ CLASS="PARAMETER" > printing</I ></TT ></I -></SPAN ></P ><P >Example: <B @@ -11157,7 +10958,7 @@ NAME="LPRESUMECOMMAND" >This command should be a program or script which takes a printer name and job number to resume the print job. See also the <A -HREF="index.html#LPPAUSECOMMAND" +HREF="r1.html#LPPAUSECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -11191,7 +10992,7 @@ CLASS="PARAMETER" be available to the server.</P ><P >See also the <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -11277,7 +11078,7 @@ CLASS="PARAMETER" available to the server.</P ><P >See also the <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -11287,9 +11088,7 @@ CLASS="PARAMETER" ></A > parameter.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >depends on the setting of <TT CLASS="PARAMETER" @@ -11298,7 +11097,6 @@ CLASS="PARAMETER" </I ></TT ></I -></SPAN ></P ><P >Example 1: <B @@ -11322,7 +11120,7 @@ NAME="MACHINEPASSWORDTIMEOUT" ><P >If a Samba server is a member of a Windows NT Domain (see the <A -HREF="index.html#SECURITYEQUALSDOMAIN" +HREF="r1.html#SECURITYEQUALSDOMAIN" >security = domain</A >) parameter) then periodically a running <A @@ -11347,7 +11145,7 @@ CLASS="COMMAND" </B ></A >, and the <A -HREF="index.html#SECURITYEQUALSDOMAIN" +HREF="r1.html#SECURITYEQUALSDOMAIN" > security = domain</A >) parameter.</P ><P @@ -11366,7 +11164,7 @@ NAME="MAGICOUTPUT" >This parameter specifies the name of a file which will contain output created by a magic script (see the <A -HREF="index.html#MAGICSCRIPT" +HREF="r1.html#MAGICSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -11387,7 +11185,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->magic output = <magic script name>.out +>magic output = <magic script name>.out </B ></P ><P @@ -11414,7 +11212,7 @@ NAME="MAGICSCRIPT" ><P >If the script generates output, output will be sent to the file specified by the <A -HREF="index.html#MAGICOUTPUT" +HREF="r1.html#MAGICOUTPUT" ><TT CLASS="PARAMETER" ><I @@ -11426,36 +11224,24 @@ CLASS="PARAMETER" >Note that some shells are unable to interpret scripts containing CR/LF instead of CR as the end-of-line marker. Magic scripts must be executable - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >as is</I -></SPAN > on the host, which for some hosts and some shells will require filtering at the DOS end.</P ><P ->Magic scripts are <SPAN -CLASS="emphasis" -><I +>Magic scripts are <I CLASS="EMPHASIS" >EXPERIMENTAL</I -></SPAN > and - should <SPAN -CLASS="emphasis" -><I + should <I CLASS="EMPHASIS" >NOT</I -></SPAN > be relied upon.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >None. Magic scripts disabled.</I -></SPAN ></P ><P >Example: <B @@ -11471,7 +11257,7 @@ NAME="MANGLECASE" ><DD ><P >See the section on <A -HREF="index.html#AEN203" +HREF="r1.html#AEN203" > NAME MANGLING</A ></P ><P @@ -11522,12 +11308,9 @@ CLASS="FILENAME" > off the ends of filenames on some CDROMs (only visible under some UNIXes). To do this use a map of (*;1 *;).</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no mangled map</I -></SPAN ></P ><P >Example: <B @@ -11547,7 +11330,7 @@ NAME="MANGLEDNAMES" or whether non-DOS names should simply be ignored.</P ><P >See the section on <A -HREF="index.html#AEN203" +HREF="r1.html#AEN203" > NAME MANGLING</A > for details on how to control the mangling process.</P ><P @@ -11573,7 +11356,7 @@ HREF="index.html#AEN203" ><P >Note that the character to use may be specified using the <A -HREF="index.html#MANGLINGCHAR" +HREF="r1.html#MANGLINGCHAR" ><TT CLASS="PARAMETER" ><I @@ -11692,14 +11475,11 @@ NAME="MANGLINGCHAR" ><DD ><P >This controls what character is used as - the <SPAN -CLASS="emphasis" -><I + the <I CLASS="EMPHASIS" >magic</I -></SPAN > character in <A -HREF="index.html#AEN203" +HREF="r1.html#AEN203" >name mangling</A >. The default is a '~' but this may interfere with some software. Use this option to set @@ -11737,7 +11517,7 @@ CLASS="PARAMETER" > parameter to be set such that owner execute bit is not masked out (i.e. it must include 100). See the parameter <A -HREF="index.html#CREATEMASK" +HREF="r1.html#CREATEMASK" > <TT CLASS="PARAMETER" ><I @@ -11769,7 +11549,7 @@ CLASS="PARAMETER" > to be set such that the world execute bit is not masked out (i.e. it must include 001). See the parameter <A -HREF="index.html#CREATEMASK" +HREF="r1.html#CREATEMASK" > <TT CLASS="PARAMETER" ><I @@ -11801,7 +11581,7 @@ CLASS="PARAMETER" > to be set such that the group execute bit is not masked out (i.e. it must include 010). See the parameter <A -HREF="index.html#CREATEMASK" +HREF="r1.html#CREATEMASK" > <TT CLASS="PARAMETER" ><I @@ -11823,7 +11603,7 @@ NAME="MAPTOGUEST" ><DD ><P >This parameter is only useful in <A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" > security</A > modes other than <TT CLASS="PARAMETER" @@ -11873,7 +11653,7 @@ CLASS="CONSTANT" logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and mapped into the <A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" ><TT CLASS="PARAMETER" ><I @@ -11890,7 +11670,7 @@ CLASS="CONSTANT" > - Means user logins with an invalid password are treated as a guest login and mapped into the <A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" >guest account</A >. Note that this can cause problems as it means that any user incorrectly typing @@ -11898,12 +11678,9 @@ HREF="index.html#GUESTACCOUNT" will not know the reason they cannot access files they think they should - there will have been no message given to them that they got their password wrong. Helpdesk services will - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >hate</I -></SPAN > you if you set the <TT CLASS="PARAMETER" ><I @@ -11922,12 +11699,9 @@ CLASS="PARAMETER" ></TT > modes other than share. This is because in these modes the name of the resource being - requested is <SPAN -CLASS="emphasis" -><I + requested is <I CLASS="EMPHASIS" >not</I -></SPAN > sent to the server until after the server has successfully authenticated the client so the server cannot make authentication decisions at the correct time (connection @@ -11969,7 +11743,7 @@ CLASS="PARAMETER" ><P >Record lock files are used to implement this feature. The lock files will be stored in the directory specified by the <A -HREF="index.html#LOCKDIRECTORY" +HREF="r1.html#LOCKDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -12121,7 +11895,7 @@ CLASS="COMMAND" ></A > will remote "Out of Space" to the client. See all <A -HREF="index.html#TOTALPRINTJOBS" +HREF="r1.html#TOTALPRINTJOBS" ><TT CLASS="PARAMETER" ><I @@ -12177,12 +11951,9 @@ CLASS="CONSTANT" ><TT CLASS="CONSTANT" >LANMAN1</TT ->: First <SPAN -CLASS="emphasis" -><I +>: First <I CLASS="EMPHASIS" > modern</I -></SPAN > version of the protocol. Long filename support.</P ></LI @@ -12209,7 +11980,7 @@ CLASS="CONSTANT" the appropriate protocol.</P ><P >See also <A -HREF="index.html#MINPROTOCOL" +HREF="r1.html#MINPROTOCOL" ><TT CLASS="PARAMETER" ><I @@ -12305,7 +12076,7 @@ TARGET="_top" >nmbd(8) </A > when acting as a WINS server (<A -HREF="index.html#WINSSUPPORT" +HREF="r1.html#WINSSUPPORT" > <TT CLASS="PARAMETER" ><I @@ -12321,7 +12092,7 @@ CLASS="COMMAND" parameter. The default is 6 days (518400 seconds).</P ><P >See also the <A -HREF="index.html#MINWINSTTL" +HREF="r1.html#MINWINSTTL" ><TT CLASS="PARAMETER" ><I @@ -12385,13 +12156,10 @@ CLASS="COMMAND" CLASS="COMMAND" >xedit</B >, then - removes it afterwards. <SPAN -CLASS="emphasis" -><I + removes it afterwards. <I CLASS="EMPHASIS" >NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN IMMEDIATELY</I -></SPAN >. That's why I have the '&' on the end. If it doesn't return immediately then your PCs may freeze when sending messages (they should recover @@ -12457,7 +12225,7 @@ CLASS="PARAMETER" ><B CLASS="COMMAND" >message command = /bin/mail -s 'message from %f on - %m' root < %s; rm %s</B + %m' root < %s; rm %s</B ></P ><P >If you don't have a message command then the message @@ -12473,12 +12241,9 @@ CLASS="COMMAND" >message command = rm %s</B ></P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no message command</I -></SPAN ></P ><P >Example: <B @@ -12495,7 +12260,7 @@ NAME="MINPASSWDLENGTH" ><DD ><P >Synonym for <A -HREF="index.html#MINPASSWORDLENGTH" +HREF="r1.html#MINPASSWORDLENGTH" > <TT CLASS="PARAMETER" ><I @@ -12519,7 +12284,7 @@ CLASS="COMMAND" UNIX password changing.</P ><P >See also <A -HREF="index.html#UNIXPASSWORDSYNC" +HREF="r1.html#UNIXPASSWORDSYNC" ><TT CLASS="PARAMETER" ><I @@ -12528,7 +12293,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#PASSWDPROGRAM" +HREF="r1.html#PASSWDPROGRAM" > <TT CLASS="PARAMETER" ><I @@ -12536,7 +12301,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#PASSWDCHATDEBUG" +HREF="r1.html#PASSWDCHATDEBUG" ><TT CLASS="PARAMETER" ><I @@ -12564,7 +12329,7 @@ NAME="MINPRINTSPACE" means a user can always spool a print job.</P ><P >See also the <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -12594,7 +12359,7 @@ NAME="MINPROTOCOL" >The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer to the <A -HREF="index.html#MAXPROTOCOL" +HREF="r1.html#MAXPROTOCOL" ><TT CLASS="PARAMETER" ><I @@ -12612,7 +12377,7 @@ CLASS="FILENAME" ><P >If you are viewing this parameter as a security measure, you should also refer to the <A -HREF="index.html#LANMANAUTH" +HREF="r1.html#LANMANAUTH" ><TT CLASS="PARAMETER" ><I @@ -12647,7 +12412,7 @@ TARGET="_top" >nmbd(8)</A > when acting as a WINS server (<A -HREF="index.html#WINSSUPPORT" +HREF="r1.html#WINSSUPPORT" ><TT CLASS="PARAMETER" ><I @@ -12698,7 +12463,7 @@ TARGET="_top" >.</P ><P >See also <A -HREF="index.html#HOSTMSDFS" +HREF="r1.html#HOSTMSDFS" ><TT CLASS="PARAMETER" ><I @@ -12793,7 +12558,7 @@ CLASS="CONSTANT" >wins</TT > : Query a name with the IP address listed in the <A -HREF="index.html#WINSSERVER" +HREF="r1.html#WINSSERVER" ><TT CLASS="PARAMETER" ><I @@ -12810,7 +12575,7 @@ CLASS="CONSTANT" >bcast</TT > : Do a broadcast on each of the known local interfaces listed in the <A -HREF="index.html#INTERFACES" +HREF="r1.html#INTERFACES" ><TT CLASS="PARAMETER" ><I @@ -12860,7 +12625,7 @@ TARGET="_top" with these capabilities.</P ><P >See also <A -HREF="index.html#NETBIOSNAME" +HREF="r1.html#NETBIOSNAME" ><TT CLASS="PARAMETER" ><I @@ -12870,12 +12635,9 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >empty string (no additional names)</I -></SPAN ></P ><P >Example: <B @@ -12898,7 +12660,7 @@ NAME="NETBIOSNAME" advertised under.</P ><P >See also <A -HREF="index.html#NETBIOSALIASES" +HREF="r1.html#NETBIOSALIASES" ><TT CLASS="PARAMETER" ><I @@ -12908,12 +12670,9 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >machine DNS name</I -></SPAN ></P ><P >Example: <B @@ -12957,7 +12716,7 @@ NAME="NISHOMEDIR" it will be mounted on the Samba client directly from the directory server. When Samba is returning the home share to the client, it will consult the NIS map specified in <A -HREF="index.html#HOMEDIRMAP" +HREF="r1.html#HOMEDIRMAP" > <TT CLASS="PARAMETER" ><I @@ -12998,7 +12757,7 @@ NAME="NONUNIXACCOUNTRANGE" ><P >Default: <B CLASS="COMMAND" ->non unix account range = <empty string> +>non unix account range = <empty string> </B ></P ><P @@ -13116,7 +12875,7 @@ NAME="OBEYPAMRESTRICTIONS" default behavior is to use PAM for clear text authentication only and to ignore any account or session management. Note that Samba always ignores PAM for authentication in the case of <A -HREF="index.html#ENCRYPTPASSWORDS" +HREF="r1.html#ENCRYPTPASSWORDS" ><TT CLASS="PARAMETER" ><I @@ -13157,7 +12916,7 @@ CLASS="PARAMETER" ></TT > list and is only really useful in <A -HREF="index.html#SECURITYEQUALSSHARE" +HREF="r1.html#SECURITYEQUALSSHARE" >shave level</A > security.</P @@ -13178,7 +12937,7 @@ CLASS="PARAMETER" name of the user.</P ><P >See also the <A -HREF="index.html#USER" +HREF="r1.html#USER" ><TT CLASS="PARAMETER" ><I @@ -13201,7 +12960,7 @@ NAME="ONLYGUEST" ><DD ><P >A synonym for <A -HREF="index.html#GUESTONLY" +HREF="r1.html#GUESTONLY" ><TT CLASS="PARAMETER" ><I @@ -13225,13 +12984,10 @@ NAME="OPLOCKBREAKWAITTIME" is the amount of time Samba will wait before sending an oplock break request to such (broken) clients.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE</I -></SPAN >.</P ><P >Default: <B @@ -13246,12 +13002,9 @@ NAME="OPLOCKCONTENTIONLIMIT" >oplock contention limit (S)</DT ><DD ><P ->This is a <SPAN -CLASS="emphasis" -><I +>This is a <I CLASS="EMPHASIS" >very</I -></SPAN > advanced <A HREF="smbd.8.html" @@ -13274,13 +13027,10 @@ CLASS="COMMAND" > to behave in a similar way to Windows NT.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE</I -></SPAN >.</P ><P >Default: <B @@ -13316,7 +13066,7 @@ CLASS="FILENAME" ><P >Oplocks may be selectively turned off on certain files with a share. See the <A -HREF="index.html#VETOOPLOCKFILES" +HREF="r1.html#VETOOPLOCKFILES" ><TT CLASS="PARAMETER" ><I @@ -13335,7 +13085,7 @@ CLASS="PARAMETER" > parameter for details.</P ><P >See also the <A -HREF="index.html#KERNELOPLOCKS" +HREF="r1.html#KERNELOPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -13344,7 +13094,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#LEVEL2OPLOCKS" +HREF="r1.html#LEVEL2OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -13406,12 +13156,9 @@ CLASS="PARAMETER" ></TT > in the local broadcast area.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note :</I -></SPAN >By default, Samba will win a local master browsing election over all Microsoft operating systems except a Windows NT 4.0/2000 Domain Controller. This @@ -13447,8 +13194,8 @@ NAME="OS2DRIVERMAP" path to a file containing a mapping of Windows NT printer driver names to OS/2 printer driver names. The format is:</P ><P -><nt driver name> = <os2 driver - name>.<device name></P +><nt driver name> = <os2 driver + name>.<device name></P ><P >For example, a valid entry using the HP LaserJet 5 printer driver would appear as <B @@ -13473,7 +13220,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->os2 driver map = <empty string> +>os2 driver map = <empty string> </B ></P ></DD @@ -13489,7 +13236,7 @@ NAME="PAMPASSWORDCHANGE" flag for Samba. If enabled, then PAM will be used for password changes when requested by an SMB client instead of the program listed in <A -HREF="index.html#PASSWDPROGRAM" +HREF="r1.html#PASSWDPROGRAM" ><TT CLASS="PARAMETER" ><I @@ -13499,7 +13246,7 @@ CLASS="PARAMETER" >. It should be possible to enable this without changing your <A -HREF="index.html#PASSWDCHAT" +HREF="r1.html#PASSWDCHAT" ><TT CLASS="PARAMETER" ><I @@ -13537,7 +13284,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->panic action = <empty string></B +>panic action = <empty string></B ></P ><P >Example: <B @@ -13603,7 +13350,7 @@ CLASS="COMMAND" Takes a path to the smbpasswd file as an optional argument.</P ><P >See also <A -HREF="index.html#NONUNIXACCOUNTRANGE" +HREF="r1.html#NONUNIXACCOUNTRANGE" > <TT CLASS="PARAMETER" ><I @@ -13620,7 +13367,7 @@ CLASS="COMMAND" > - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the <A -HREF="index.html#PRIVATEDIR" +HREF="r1.html#PRIVATEDIR" > <TT CLASS="PARAMETER" ><I @@ -13637,7 +13384,7 @@ CLASS="COMMAND" > - The TDB based password storage backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the <A -HREF="index.html#PRIVATEDIR" +HREF="r1.html#PRIVATEDIR" > <TT CLASS="PARAMETER" ><I @@ -13647,7 +13394,7 @@ CLASS="PARAMETER" > directory.</P ><P >See also <A -HREF="index.html#NONUNIXACCOUNTRANGE" +HREF="r1.html#NONUNIXACCOUNTRANGE" > <TT CLASS="PARAMETER" ><I @@ -13681,7 +13428,7 @@ CLASS="COMMAND" >)</P ><P >See also <A -HREF="index.html#NONUNIXACCOUNTRANGE" +HREF="r1.html#NONUNIXACCOUNTRANGE" > <TT CLASS="PARAMETER" ><I @@ -13758,12 +13505,9 @@ NAME="PASSWDCHAT" >passwd chat (G)</DT ><DD ><P ->This string controls the <SPAN -CLASS="emphasis" -><I +>This string controls the <I CLASS="EMPHASIS" >"chat"</I -></SPAN > conversation that takes places between <A HREF="smbd.8.html" @@ -13777,7 +13521,7 @@ TARGET="_top" > smbd(8)</A > uses to determine what to send to the <A -HREF="index.html#PASSWDPROGRAM" +HREF="r1.html#PASSWDPROGRAM" ><TT CLASS="PARAMETER" ><I @@ -13793,7 +13537,7 @@ CLASS="PARAMETER" etc).</P ><P >Note that this parameter only is only used if the <A -HREF="index.html#UNIXPASSWORDSYNC" +HREF="r1.html#UNIXPASSWORDSYNC" ><TT CLASS="PARAMETER" ><I @@ -13805,18 +13549,15 @@ CLASS="PARAMETER" CLASS="CONSTANT" >yes</TT >. This - sequence is then called <SPAN -CLASS="emphasis" -><I + sequence is then called <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN > when the SMB password in the smbpasswd file is being changed, without access to the old password cleartext. This means that root must be able to reset the user's password without knowing the text of the previous password. In the presence of NIS/YP, this means that the <A -HREF="index.html#PASSWDPROGRAM" +HREF="r1.html#PASSWDPROGRAM" >passwd program</A > must be executed on the NIS master. @@ -13852,7 +13593,7 @@ CLASS="CONSTANT" if the expect string is a full stop then no string is expected.</P ><P >If the <A -HREF="index.html#PAMPASSWORDCHANGE" +HREF="r1.html#PAMPASSWORDCHANGE" ><TT CLASS="PARAMETER" ><I @@ -13860,13 +13601,16 @@ CLASS="PARAMETER" password change</I ></TT ></A -> parameter is set to true, the chat pairs +> parameter is set to <TT +CLASS="CONSTANT" +>yes</TT +>, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions. </P ><P >See also <A -HREF="index.html#UNIXPASSWORDSYNC" +HREF="r1.html#UNIXPASSWORDSYNC" ><TT CLASS="PARAMETER" ><I @@ -13875,7 +13619,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#PASSWDPROGRAM" +HREF="r1.html#PASSWDPROGRAM" ><TT CLASS="PARAMETER" ><I @@ -13883,7 +13627,7 @@ CLASS="PARAMETER" ></TT ></A > ,<A -HREF="index.html#PASSWDCHATDEBUG" +HREF="r1.html#PASSWDCHATDEBUG" > <TT CLASS="PARAMETER" ><I @@ -13891,7 +13635,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#PAMPASSWORDCHANGE" +HREF="r1.html#PAMPASSWORDCHANGE" > <TT CLASS="PARAMETER" ><I @@ -13921,12 +13665,9 @@ NAME="PASSWDCHATDEBUG" ><DD ><P >This boolean specifies if the passwd chat script - parameter is run in <SPAN -CLASS="emphasis" -><I + parameter is run in <I CLASS="EMPHASIS" >debug</I -></SPAN > mode. In this mode the strings passed to and received from the passwd chat are printed in the <A @@ -13935,7 +13676,7 @@ TARGET="_top" >smbd(8)</A > log with a <A -HREF="index.html#DEBUGLEVEL" +HREF="r1.html#DEBUGLEVEL" ><TT CLASS="PARAMETER" ><I @@ -13962,7 +13703,7 @@ CLASS="PARAMETER" > and should be turned off after this has been done. This option has no effect if the <A -HREF="index.html#PAMPASSWORDCHANGE" +HREF="r1.html#PAMPASSWORDCHANGE" ><TT CLASS="PARAMETER" ><I @@ -13973,7 +13714,7 @@ CLASS="PARAMETER" paramter is set. This parameter is off by default.</P ><P >See also <A -HREF="index.html#PASSWDCHAT" +HREF="r1.html#PASSWDCHAT" ><TT CLASS="PARAMETER" ><I @@ -13982,7 +13723,7 @@ CLASS="PARAMETER" > </A >, <A -HREF="index.html#PAMPASSWORDCHANGE" +HREF="r1.html#PAMPASSWORDCHANGE" ><TT CLASS="PARAMETER" ><I @@ -13991,7 +13732,7 @@ CLASS="PARAMETER" > </A >, <A -HREF="index.html#PASSWDPROGRAM" +HREF="r1.html#PASSWDPROGRAM" ><TT CLASS="PARAMETER" ><I @@ -14023,24 +13764,18 @@ CLASS="PARAMETER" will be replaced with the user name. The user name is checked for existence before calling the password changing program.</P ><P ->Also note that many passwd programs insist in <SPAN -CLASS="emphasis" -><I +>Also note that many passwd programs insist in <I CLASS="EMPHASIS" >reasonable </I -></SPAN > passwords, such as a minimum length, or the inclusion of mixed case chars and digits. This can pose a problem as some clients (such as Windows for Workgroups) uppercase the password before sending it.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that if the <TT CLASS="PARAMETER" ><I @@ -14049,14 +13784,11 @@ CLASS="PARAMETER" ></TT > parameter is set to <TT CLASS="CONSTANT" ->true +>yes </TT -> then this program is called <SPAN -CLASS="emphasis" -><I +> then this program is called <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN > before the SMB password in the <A HREF="smbpasswd.5.html" @@ -14076,19 +13808,13 @@ CLASS="PARAMETER" >unix password sync</I ></TT > parameter - is set this parameter <SPAN -CLASS="emphasis" -><I + is set this parameter <I CLASS="EMPHASIS" >MUST USE ABSOLUTE PATHS</I -></SPAN > - for <SPAN -CLASS="emphasis" -><I + for <I CLASS="EMPHASIS" >ALL</I -></SPAN > programs called, and must be examined for security implications. Note that by default <TT CLASS="PARAMETER" @@ -14098,11 +13824,11 @@ CLASS="PARAMETER" ></TT > is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT >.</P ><P >See also <A -HREF="index.html#UNIXPASSWORDSYNC" +HREF="r1.html#UNIXPASSWORDSYNC" ><TT CLASS="PARAMETER" ><I @@ -14212,7 +13938,7 @@ CLASS="FILENAME" ><P >The name of the password server is looked up using the parameter <A -HREF="index.html#NAMERESOLVEORDER" +HREF="r1.html#NAMERESOLVEORDER" ><TT CLASS="PARAMETER" ><I @@ -14227,21 +13953,15 @@ CLASS="PARAMETER" the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in user level security mode.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >NOTE:</I -></SPAN > Using a password server means your UNIX box (running Samba) is only as secure as your - password server. <SPAN -CLASS="emphasis" -><I + password server. <I CLASS="EMPHASIS" >DO NOT CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</I -></SPAN >.</P ><P >Never point a Samba server at itself for password @@ -14298,7 +14018,7 @@ CLASS="PARAMETER" Primary or Backup Domain controllers to authenticate against by doing a query for the name <TT CLASS="CONSTANT" ->WORKGROUP<1C></TT +>WORKGROUP<1C></TT > and then contacting each server returned in the list of IP addresses from the name resolution source. </P @@ -14358,7 +14078,7 @@ CLASS="COMMAND" ></UL ><P >See also the <A -HREF="index.html#SECURITY" +HREF="r1.html#SECURITY" ><TT CLASS="PARAMETER" ><I @@ -14370,7 +14090,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->password server = <empty string></B +>password server = <empty string></B > </P ><P @@ -14421,7 +14141,7 @@ CLASS="PARAMETER" up pseudo home directories for users.</P ><P >Note that this path will be based on <A -HREF="index.html#ROOTDIR" +HREF="r1.html#ROOTDIR" > <TT CLASS="PARAMETER" ><I @@ -14430,12 +14150,9 @@ CLASS="PARAMETER" ></A > if one was specified.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none</I -></SPAN ></P ><P >Example: <B @@ -14512,7 +14229,7 @@ CLASS="COMMAND" ></P ><P >See also <A -HREF="index.html#PREEXEC" +HREF="r1.html#PREEXEC" ><TT CLASS="PARAMETER" ><I @@ -14522,19 +14239,16 @@ CLASS="PARAMETER" </A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none (no command executed)</I -></SPAN > </P ><P >Example: <B CLASS="COMMAND" >postexec = echo \"%u disconnected from %S - from %m (%I)\" >> /tmp/log</B + from %m (%I)\" >> /tmp/log</B ></P ></DD ><DT @@ -14583,7 +14297,7 @@ CLASS="COMMAND" >Of course, this could get annoying after a while :-)</P ><P >See also <A -HREF="index.html#PREEXECCLOSE" +HREF="r1.html#PREEXECCLOSE" ><TT CLASS="PARAMETER" ><I @@ -14592,7 +14306,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#POSTEXEC" +HREF="r1.html#POSTEXEC" ><TT CLASS="PARAMETER" ><I @@ -14602,18 +14316,15 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none (no command executed)</I -></SPAN ></P ><P >Example: <B CLASS="COMMAND" >preexec = echo \"%u connected to %S from %m - (%I)\" >> /tmp/log</B + (%I)\" >> /tmp/log</B ></P ></DD ><DT @@ -14625,7 +14336,7 @@ NAME="PREEXECCLOSE" ><P >This boolean option controls whether a non-zero return code from <A -HREF="index.html#PREEXEC" +HREF="r1.html#PREEXEC" ><TT CLASS="PARAMETER" ><I @@ -14656,7 +14367,7 @@ TARGET="_top" ><P >If this is set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, on startup, <B CLASS="COMMAND" >nmbd</B @@ -14666,7 +14377,7 @@ CLASS="COMMAND" used in conjunction with <B CLASS="COMMAND" ><A -HREF="index.html#DOMAINMASTER" +HREF="r1.html#DOMAINMASTER" ><TT CLASS="PARAMETER" ><I @@ -14687,7 +14398,7 @@ CLASS="COMMAND" capabilities.</P ><P >See also <A -HREF="index.html#OSLEVEL" +HREF="r1.html#OSLEVEL" ><TT CLASS="PARAMETER" ><I @@ -14710,7 +14421,7 @@ NAME="PREFEREDMASTER" ><DD ><P >Synonym for <A -HREF="index.html#PREFERREDMASTER" +HREF="r1.html#PREFERREDMASTER" ><TT CLASS="PARAMETER" ><I @@ -14723,7 +14434,7 @@ CLASS="PARAMETER" ><A NAME="PRELOAD" ></A ->preload</DT +>preload (G)</DT ><DD ><P >This is a list of services that you want to be @@ -14733,7 +14444,7 @@ NAME="PRELOAD" ><P >Note that if you just want all printers in your printcap file loaded then the <A -HREF="index.html#LOADPRINTERS" +HREF="r1.html#LOADPRINTERS" > <TT CLASS="PARAMETER" ><I @@ -14742,12 +14453,9 @@ CLASS="PARAMETER" ></A > option is easier.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no preloaded services</I -></SPAN ></P ><P >Example: <B @@ -14765,7 +14473,7 @@ NAME="PRESERVECASE" > This controls if new filenames are created with the case that the client passes, or if they are forced to be the <A -HREF="index.html#DEFAULTCASE" +HREF="r1.html#DEFAULTCASE" ><TT CLASS="PARAMETER" ><I @@ -14781,7 +14489,7 @@ CLASS="COMMAND" ></P ><P >See the section on <A -HREF="index.html#AEN203" +HREF="r1.html#AEN203" >NAME MANGLING</A > for a fuller discussion.</P @@ -14823,12 +14531,9 @@ CLASS="COMMAND" >%z - the size of the spooled print job (in bytes)</P ><P ->The print command <SPAN -CLASS="emphasis" -><I +>The print command <I CLASS="EMPHASIS" >MUST</I -></SPAN > contain at least one occurrence of <TT CLASS="PARAMETER" @@ -14869,7 +14574,7 @@ CLASS="CONSTANT" >nobody</TT > account. If this happens then create an alternative guest account that can print and set the <A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" ><TT CLASS="PARAMETER" ><I @@ -14886,14 +14591,14 @@ CLASS="PARAMETER" ><P ><B CLASS="COMMAND" ->print command = echo Printing %s >> +>print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s</B ></P ><P >You may have to vary this command considerably depending on how you normally print files on your system. The default for the parameter varies depending on the setting of the <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" > <TT CLASS="PARAMETER" ><I @@ -14935,7 +14640,7 @@ CLASS="COMMAND" ><P >For printing = CUPS : If SAMBA is compiled against libcups, then <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" >printcap = cups</A > uses the CUPS API to @@ -14966,7 +14671,7 @@ NAME="PRINTOK" ><DD ><P >Synonym for <A -HREF="index.html#PRINTABLE" +HREF="r1.html#PRINTABLE" > <TT CLASS="PARAMETER" ><I @@ -14992,11 +14697,11 @@ CLASS="CONSTANT" >Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling of print data. The <A -HREF="index.html#WRITEABLE" +HREF="r1.html#READONLY" ><TT CLASS="PARAMETER" ><I ->writeable +>read only </I ></TT ></A @@ -15016,7 +14721,7 @@ NAME="PRINTCAP" ><DD ><P >Synonym for <A -HREF="index.html#PRINTCAPNAME" +HREF="r1.html#PRINTCAPNAME" ><TT CLASS="PARAMETER" ><I @@ -15037,7 +14742,7 @@ NAME="PRINTCAPNAME" CLASS="FILENAME" > /etc/printcap</TT >). See the discussion of the <A -HREF="index.html#AEN79" +HREF="r1.html#AEN79" >[printers]</A > section above for reasons why you might want to do this.</P @@ -15048,7 +14753,7 @@ CLASS="COMMAND" </B >. This should be supplemented by an addtional setting <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" >printing = cups</A > in the [global] section. <B @@ -15086,6 +14791,12 @@ CLASS="COMMAND" ><P >A minimal printcap file would look something like this:</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > print1|My Printer 1 @@ -15094,18 +14805,18 @@ CLASS="PROGRAMLISTING" print4|My Printer 4 print5|My Printer 5 </PRE +></TD +></TR +></TABLE ></P ><P >where the '|' separates aliases of a printer. The fact that the second alias has a space in it gives a hint to Samba that it's a comment.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >NOTE</I -></SPAN >: Under AIX the default printcap name is <TT CLASS="FILENAME" @@ -15144,7 +14855,7 @@ NAME="PRINTERADMIN" ><P >Default: <B CLASS="COMMAND" ->printer admin = <empty string></B +>printer admin = <empty string></B > </P ><P @@ -15160,12 +14871,9 @@ NAME="PRINTERDRIVER" >printer driver (S)</DT ><DD ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note :</I -></SPAN >This is a deprecated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -15188,7 +14896,7 @@ TARGET="_top" sensitive) that describes the appropriate printer driver for your system. If you don't know the exact string to use then you should first try with no <A -HREF="index.html#PRINTERDRIVER" +HREF="r1.html#PRINTERDRIVER" ><TT CLASS="PARAMETER" ><I @@ -15200,7 +14908,7 @@ CLASS="PARAMETER" shown in a scroll box after you have chosen the printer manufacturer.</P ><P >See also <A -HREF="index.html#PRINTERDRIVERFILE" +HREF="r1.html#PRINTERDRIVERFILE" ><TT CLASS="PARAMETER" ><I @@ -15222,12 +14930,9 @@ NAME="PRINTERDRIVERFILE" >printer driver file (G)</DT ><DD ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note :</I -></SPAN >This is a deprecated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -15271,7 +14976,7 @@ CLASS="FILENAME" >.</P ><P >See also <A -HREF="index.html#PRINTERDRIVERLOCATION" +HREF="r1.html#PRINTERDRIVERLOCATION" ><TT CLASS="PARAMETER" ><I @@ -15280,12 +14985,9 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >None (set in compile).</I -></SPAN ></P ><P >Example: <B @@ -15301,12 +15003,9 @@ NAME="PRINTERDRIVERLOCATION" >printer driver location (S)</DT ><DD ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note :</I -></SPAN >This is a deprecated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -15341,7 +15040,7 @@ CLASS="FILENAME" >.</P ><P >See also <A -HREF="index.html#PRINTERDRIVERFILE" +HREF="r1.html#PRINTERDRIVERFILE" ><TT CLASS="PARAMETER" ><I @@ -15375,16 +15074,13 @@ NAME="PRINTERNAME" name given will be used for any printable service that does not have its own printer name specified.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >none (but may be <TT CLASS="CONSTANT" >lp</TT > on many systems)</I -></SPAN ></P ><P >Example: <B @@ -15400,7 +15096,7 @@ NAME="PRINTER" ><DD ><P >Synonym for <A -HREF="index.html#PRINTERNAME" +HREF="r1.html#PRINTERNAME" ><TT CLASS="PARAMETER" ><I @@ -15493,7 +15189,7 @@ TARGET="_top" >This option can be set on a per printer basis</P ><P >See also the discussion in the <A -HREF="index.html#AEN79" +HREF="r1.html#AEN79" > [printers]</A > section.</P ></DD @@ -15528,7 +15224,7 @@ NAME="PROTOCOL" ><DD ><P >Synonym for <A -HREF="index.html#MAXPROTOCOL" +HREF="r1.html#MAXPROTOCOL" > <TT CLASS="PARAMETER" ><I @@ -15545,7 +15241,7 @@ NAME="PUBLIC" ><DD ><P >Synonym for <A -HREF="index.html#GUESTOK" +HREF="r1.html#GUESTOK" ><TT CLASS="PARAMETER" ><I @@ -15586,9 +15282,7 @@ CLASS="PARAMETER" path in the command as the PATH may not be available to the server.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >depends on the setting of <TT CLASS="PARAMETER" @@ -15597,7 +15291,6 @@ CLASS="PARAMETER" </I ></TT ></I -></SPAN ></P ><P >Example: <B @@ -15616,7 +15309,7 @@ NAME="QUEUERESUMECOMMAND" executed on the server host in order to resume the printer queue. It is the command to undo the behavior that is caused by the previous parameter (<A -HREF="index.html#QUEUEPAUSECOMMAND" +HREF="r1.html#QUEUEPAUSECOMMAND" ><TT CLASS="PARAMETER" ><I @@ -15646,12 +15339,10 @@ CLASS="PARAMETER" path in the command as the PATH may not be available to the server.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >depends on the setting of <A -HREF="index.html#PRINTING" +HREF="r1.html#PRINTING" ><TT CLASS="PARAMETER" ><I @@ -15659,7 +15350,6 @@ CLASS="PARAMETER" ></TT ></A ></I -></SPAN > </P ><P @@ -15703,17 +15393,17 @@ NAME="READLIST" >This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the <A -HREF="index.html#WRITEABLE" +HREF="r1.html#READONLY" ><TT CLASS="PARAMETER" ><I ->writeable</I +>read only</I ></TT ></A > option is set to. The list can include group names using the syntax described in the <A -HREF="index.html#INVALIDUSERS" +HREF="r1.html#INVALIDUSERS" ><TT CLASS="PARAMETER" ><I @@ -15723,7 +15413,7 @@ CLASS="PARAMETER" > parameter.</P ><P >See also the <A -HREF="index.html#WRITELIST" +HREF="r1.html#WRITELIST" ><TT CLASS="PARAMETER" ><I @@ -15731,7 +15421,7 @@ CLASS="PARAMETER" ></TT ></A > parameter and the <A -HREF="index.html#INVALIDUSERS" +HREF="r1.html#INVALIDUSERS" ><TT CLASS="PARAMETER" ><I @@ -15743,7 +15433,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->read list = <empty string></B +>read list = <empty string></B ></P ><P >Example: <B @@ -15758,15 +15448,37 @@ NAME="READONLY" >read only (S)</DT ><DD ><P ->Note that this is an inverted synonym for <A -HREF="index.html#WRITEABLE" -><TT +>An inverted synonym is <A +HREF="r1.html#WRITEABLE" +> <TT CLASS="PARAMETER" ><I >writeable</I ></TT ></A >.</P +><P +>If this parameter is <TT +CLASS="CONSTANT" +>yes</TT +>, then users + of a service may not create or modify files in the service's + directory.</P +><P +>Note that a printable service (<B +CLASS="COMMAND" +>printable = yes</B +>) + will <I +CLASS="EMPHASIS" +>ALWAYS</I +> allow writing to the directory + (user privileges permitting), but only via spooling operations.</P +><P +>Default: <B +CLASS="COMMAND" +>read only = yes</B +></P ></DD ><DT ><A @@ -15789,7 +15501,7 @@ NAME="READRAW" ><P >In general this parameter should be viewed as a system tuning tool and left severely alone. See also <A -HREF="index.html#WRITERAW" +HREF="r1.html#WRITERAW" > <TT CLASS="PARAMETER" ><I @@ -15903,7 +15615,7 @@ CLASS="COMMAND" to the two given IP addresses using the given workgroup names. If you leave out the workgroup name then the one given in the <A -HREF="index.html#WORKGROUP" +HREF="r1.html#WORKGROUP" ><TT CLASS="PARAMETER" ><I @@ -15928,7 +15640,7 @@ CLASS="FILENAME" ><P >Default: <B CLASS="COMMAND" ->remote announce = <empty string> +>remote announce = <empty string> </B ></P ></DD @@ -15978,7 +15690,7 @@ CLASS="COMMAND" ><P >Default: <B CLASS="COMMAND" ->remote browse sync = <empty string> +>remote browse sync = <empty string> </B ></P ></DD @@ -15991,13 +15703,13 @@ NAME="RESTRICTANONYMOUS" ><P >This is a boolean parameter. If it is <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, but it doesn't. Setting it to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > will force these anonymous connections to be denied, and the client will be required to always supply a username and password when connecting. Use of this parameter @@ -16010,7 +15722,7 @@ CLASS="CONSTANT" ><P >When restrict anonymous is <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, all anonymous connections are denied no matter what they are for. This can effect the ability of a machine to access the Samba Primary Domain Controller to revalidate @@ -16034,7 +15746,7 @@ NAME="ROOT" ><DD ><P >Synonym for <A -HREF="index.html#ROOTDIRECTORY" +HREF="r1.html#ROOTDIRECTORY" > <TT CLASS="PARAMETER" ><I @@ -16051,7 +15763,7 @@ NAME="ROOTDIR" ><DD ><P >Synonym for <A -HREF="index.html#ROOTDIRECTORY" +HREF="r1.html#ROOTDIRECTORY" > <TT CLASS="PARAMETER" ><I @@ -16077,7 +15789,7 @@ CLASS="COMMAND" It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use ".." in file names to access other directories (depending on the setting of the <A -HREF="index.html#WIDELINKS" +HREF="r1.html#WIDELINKS" ><TT CLASS="PARAMETER" ><I @@ -16101,12 +15813,9 @@ CLASS="PARAMETER" >root directory</I ></TT > - option, <SPAN -CLASS="emphasis" -><I + option, <I CLASS="EMPHASIS" >including</I -></SPAN > some files needed for complete operation of the server. To maintain full operability of the server you will need to mirror some system files @@ -16152,7 +15861,7 @@ CLASS="PARAMETER" (such as CDROMs) after a connection is closed.</P ><P >See also <A -HREF="index.html#POSTEXEC" +HREF="r1.html#POSTEXEC" ><TT CLASS="PARAMETER" ><I @@ -16163,7 +15872,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->root postexec = <empty string> +>root postexec = <empty string> </B ></P ></DD @@ -16185,7 +15894,7 @@ CLASS="PARAMETER" connection is opened.</P ><P >See also <A -HREF="index.html#PREEXEC" +HREF="r1.html#PREEXEC" ><TT CLASS="PARAMETER" ><I @@ -16193,7 +15902,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#PREEXECCLOSE" +HREF="r1.html#PREEXECCLOSE" > <TT CLASS="PARAMETER" ><I @@ -16204,7 +15913,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->root preexec = <empty string> +>root preexec = <empty string> </B ></P ></DD @@ -16224,7 +15933,7 @@ CLASS="PARAMETER" > parameter except that the command is run as root.</P ><P >See also <A -HREF="index.html#PREEXEC" +HREF="r1.html#PREEXEC" ><TT CLASS="PARAMETER" ><I @@ -16232,7 +15941,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#PREEXECCLOSE" +HREF="r1.html#PREEXECCLOSE" > <TT CLASS="PARAMETER" ><I @@ -16326,7 +16035,7 @@ CLASS="COMMAND" >security = user</B >, see the <A -HREF="index.html#MAPTOGUEST" +HREF="r1.html#MAPTOGUEST" ><TT CLASS="PARAMETER" ><I @@ -16339,15 +16048,12 @@ CLASS="PARAMETER" >It is possible to use <B CLASS="COMMAND" >smbd</B -> in a <SPAN -CLASS="emphasis" -><I +> in a <I CLASS="EMPHASIS" > hybrid mode</I -></SPAN > where it is offers both user and share level security under different <A -HREF="index.html#NETBIOSALIASES" +HREF="r1.html#NETBIOSALIASES" > <TT CLASS="PARAMETER" ><I @@ -16361,13 +16067,10 @@ CLASS="PARAMETER" ><A NAME="SECURITYEQUALSSHARE" ></A -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >SECURITY = SHARE </I -></SPAN ></P ><P >When clients connect to a share level security server they @@ -16385,12 +16088,9 @@ CLASS="COMMAND" >Note that <B CLASS="COMMAND" >smbd</B -> <SPAN -CLASS="emphasis" -><I +> <I CLASS="EMPHASIS" >ALWAYS</I -></SPAN > uses a valid UNIX user to act on behalf of the client, even in <B @@ -16414,7 +16114,7 @@ CLASS="COMMAND" ><LI ><P >If the <A -HREF="index.html#GUESTONLY" +HREF="r1.html#GUESTONLY" ><TT CLASS="PARAMETER" ><I @@ -16424,7 +16124,7 @@ CLASS="PARAMETER" ></A > parameter is set, then all the other stages are missed and only the <A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" > <TT CLASS="PARAMETER" ><I @@ -16438,7 +16138,7 @@ CLASS="PARAMETER" ><P >Is a username is sent with the share connection request, then this username (after mapping - see <A -HREF="index.html#USERNAMEMAP" +HREF="r1.html#USERNAMEMAP" ><TT CLASS="PARAMETER" ><I @@ -16450,13 +16150,10 @@ CLASS="PARAMETER" ></LI ><LI ><P ->If the client did a previous <SPAN -CLASS="emphasis" -><I +>If the client did a previous <I CLASS="EMPHASIS" >logon </I -></SPAN > request (the SessionSetup SMB call) then the username sent in this SMB will be added as a potential username. </P @@ -16474,7 +16171,7 @@ CLASS="EMPHASIS" ><LI ><P >Any users on the <A -HREF="index.html#USER" +HREF="r1.html#USER" ><TT CLASS="PARAMETER" ><I @@ -16511,37 +16208,31 @@ CLASS="PARAMETER" >, then this guest user will be used, otherwise access is denied.</P ><P ->Note that it can be <SPAN -CLASS="emphasis" -><I +>Note that it can be <I CLASS="EMPHASIS" >very</I -></SPAN > confusing in share-level security as to which UNIX username will eventually be used in granting access.</P ><P >See also the section <A -HREF="index.html#AEN236" +HREF="r1.html#AEN236" > NOTE ABOUT USERNAME/PASSWORD VALIDATION</A >.</P ><P ><A NAME="SECURITYEQUALSUSER" ></A -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >SECURITY = USER </I -></SPAN ></P ><P >This is the default security setting in Samba 2.2. With user-level security a client must first "log-on" with a valid username and password (which can be mapped using the <A -HREF="index.html#USERNAMEMAP" +HREF="r1.html#USERNAMEMAP" ><TT CLASS="PARAMETER" ><I @@ -16550,7 +16241,7 @@ CLASS="PARAMETER" ></A > parameter). Encrypted passwords (see the <A -HREF="index.html#ENCRYPTPASSWORDS" +HREF="r1.html#ENCRYPTPASSWORDS" > <TT CLASS="PARAMETER" ><I @@ -16559,7 +16250,7 @@ CLASS="PARAMETER" ></A > parameter) can also be used in this security mode. Parameters such as <A -HREF="index.html#USER" +HREF="r1.html#USER" > <TT CLASS="PARAMETER" ><I @@ -16567,7 +16258,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#GUESTONLY" +HREF="r1.html#GUESTONLY" > <TT CLASS="PARAMETER" ><I @@ -16578,24 +16269,18 @@ CLASS="PARAMETER" may change the UNIX user to use on this connection, but only after the user has been successfully authenticated.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that the name of the resource being - requested is <SPAN -CLASS="emphasis" -><I + requested is <I CLASS="EMPHASIS" >not</I -></SPAN > sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the <A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" ><TT CLASS="PARAMETER" ><I @@ -16604,7 +16289,7 @@ CLASS="PARAMETER" ></A >. See the <A -HREF="index.html#MAPTOGUEST" +HREF="r1.html#MAPTOGUEST" ><TT CLASS="PARAMETER" ><I @@ -16615,20 +16300,17 @@ CLASS="PARAMETER" > parameter for details on doing this.</P ><P >See also the section <A -HREF="index.html#AEN236" +HREF="r1.html#AEN236" > NOTE ABOUT USERNAME/PASSWORD VALIDATION</A >.</P ><P ><A NAME="SECURITYEQUALSSERVER" ></A -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >SECURITY = SERVER </I -></SPAN ></P ><P >In this mode Samba will try to validate the username/password @@ -16653,12 +16335,9 @@ CLASS="FILENAME" > for details on how to set this up.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that from the client's point of view <B CLASS="COMMAND" @@ -16670,24 +16349,18 @@ CLASS="COMMAND" with the authentication, it does not in any way affect what the client sees.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that the name of the resource being - requested is <SPAN -CLASS="emphasis" -><I + requested is <I CLASS="EMPHASIS" >not</I -></SPAN > sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the <A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" ><TT CLASS="PARAMETER" ><I @@ -16696,7 +16369,7 @@ CLASS="PARAMETER" ></A >. See the <A -HREF="index.html#MAPTOGUEST" +HREF="r1.html#MAPTOGUEST" ><TT CLASS="PARAMETER" ><I @@ -16707,12 +16380,12 @@ CLASS="PARAMETER" > parameter for details on doing this.</P ><P >See also the section <A -HREF="index.html#AEN236" +HREF="r1.html#AEN236" > NOTE ABOUT USERNAME/PASSWORD VALIDATION</A >.</P ><P >See also the <A -HREF="index.html#PASSWORDSERVER" +HREF="r1.html#PASSWORDSERVER" ><TT CLASS="PARAMETER" ><I @@ -16721,7 +16394,7 @@ CLASS="PARAMETER" ></TT ></A > parameter and the <A -HREF="index.html#ENCRYPTPASSWORDS" +HREF="r1.html#ENCRYPTPASSWORDS" ><TT CLASS="PARAMETER" ><I @@ -16734,13 +16407,10 @@ CLASS="PARAMETER" ><A NAME="SECURITYEQUALSDOMAIN" ></A -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >SECURITY = DOMAIN </I -></SPAN ></P ><P >This mode will only work correctly if <A @@ -16749,7 +16419,7 @@ TARGET="_top" >smbpasswd(8)</A > has been used to add this machine into a Windows NT Domain. It expects the <A -HREF="index.html#ENCRYPTPASSWORDS" +HREF="r1.html#ENCRYPTPASSWORDS" ><TT CLASS="PARAMETER" ><I @@ -16759,28 +16429,22 @@ CLASS="PARAMETER" </A > parameter to be set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that from the client's point of view <B CLASS="COMMAND" @@ -16792,24 +16456,18 @@ CLASS="COMMAND" >. It only affects how the server deals with the authentication, it does not in any way affect what the client sees.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that the name of the resource being - requested is <SPAN -CLASS="emphasis" -><I + requested is <I CLASS="EMPHASIS" >not</I -></SPAN > sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the <A -HREF="index.html#GUESTACCOUNT" +HREF="r1.html#GUESTACCOUNT" ><TT CLASS="PARAMETER" ><I @@ -16818,7 +16476,7 @@ CLASS="PARAMETER" ></A >. See the <A -HREF="index.html#MAPTOGUEST" +HREF="r1.html#MAPTOGUEST" ><TT CLASS="PARAMETER" ><I @@ -16828,12 +16486,9 @@ CLASS="PARAMETER" </A > parameter for details on doing this.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >BUG:</I -></SPAN > There is currently a bug in the implementation of <B CLASS="COMMAND" @@ -16846,12 +16501,12 @@ CLASS="COMMAND" Domain Controller. This issue will be addressed in a future release.</P ><P >See also the section <A -HREF="index.html#AEN236" +HREF="r1.html#AEN236" > NOTE ABOUT USERNAME/PASSWORD VALIDATION</A >.</P ><P >See also the <A -HREF="index.html#PASSWORDSERVER" +HREF="r1.html#PASSWORDSERVER" ><TT CLASS="PARAMETER" ><I @@ -16860,7 +16515,7 @@ CLASS="PARAMETER" ></TT ></A > parameter and the <A -HREF="index.html#ENCRYPTPASSWORDS" +HREF="r1.html#ENCRYPTPASSWORDS" ><TT CLASS="PARAMETER" ><I @@ -16902,12 +16557,9 @@ NAME="SECURITYMASK" a user to modify all the user/group/world permissions on a file. </P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone @@ -16918,7 +16570,7 @@ CLASS="CONSTANT" >.</P ><P >See also the <A -HREF="index.html#FORCEDIRECTORYSECURITYMODE" +HREF="r1.html#FORCEDIRECTORYSECURITYMODE" > <TT CLASS="PARAMETER" ><I @@ -16927,7 +16579,7 @@ CLASS="PARAMETER" ></A >, <A -HREF="index.html#DIRECTORYSECURITYMASK" +HREF="r1.html#DIRECTORYSECURITYMASK" ><TT CLASS="PARAMETER" ><I @@ -16936,7 +16588,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#FORCESECURITYMODE" +HREF="r1.html#FORCESECURITYMODE" > <TT CLASS="PARAMETER" ><I @@ -17074,12 +16726,9 @@ CLASS="CONSTANT" >This option gives full share compatibility and enabled by default.</P ><P ->You should <SPAN -CLASS="emphasis" -><I +>You should <I CLASS="EMPHASIS" >NEVER</I -></SPAN > turn this parameter off as many Windows applications will break if you do so.</P ><P @@ -17099,7 +16748,7 @@ NAME="SHORTPRESERVECASE" which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the <A -HREF="index.html#DEFAULTCASE" +HREF="r1.html#DEFAULTCASE" ><TT CLASS="PARAMETER" ><I @@ -17108,7 +16757,7 @@ CLASS="PARAMETER" ></TT ></A >. This option can be use with <A -HREF="index.html#PRESERVECASE" +HREF="r1.html#PRESERVECASE" ><B CLASS="COMMAND" >preserve case = yes</B @@ -17118,7 +16767,7 @@ CLASS="COMMAND" names are lowered. </P ><P >See the section on <A -HREF="index.html#AEN203" +HREF="r1.html#AEN203" > NAME MANGLING</A >.</P ><P @@ -17162,17 +16811,14 @@ CLASS="PARAMETER" ></TT > parameter will always cause the OpenPrinterEx() on the server - to fail. Thus the APW icon will never be displayed. <SPAN -CLASS="emphasis" -><I + to fail. Thus the APW icon will never be displayed. <I CLASS="EMPHASIS" > Note :</I -></SPAN >This does not prevent the same user from having administrative privilege on an individual printer.</P ><P >See also <A -HREF="index.html#ADDPRINTERCOMMAND" +HREF="r1.html#ADDPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I @@ -17181,7 +16827,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#DELETEPRINTERCOMMAND" +HREF="r1.html#DELETEPRINTERCOMMAND" > <TT CLASS="PARAMETER" ><I @@ -17189,7 +16835,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#PRINTERADMIN" +HREF="r1.html#PRINTERADMIN" ><TT CLASS="PARAMETER" ><I @@ -17210,12 +16856,9 @@ NAME="SHUTDOWNSCRIPT" >shutdown script (G)</DT ><DD ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >This parameter only exists in the HEAD cvs branch</I -></SPAN > This a full path name to a script called by <A @@ -17256,12 +16899,9 @@ CLASS="PARAMETER" >%r</I ></TT > will be substituted with the - switch <SPAN -CLASS="emphasis" -><I + switch <I CLASS="EMPHASIS" >-r</I -></SPAN >. It means reboot after shutdown for NT. </P @@ -17272,21 +16912,15 @@ CLASS="PARAMETER" >%f</I ></TT > will be substituted with the - switch <SPAN -CLASS="emphasis" -><I + switch <I CLASS="EMPHASIS" >-f</I -></SPAN >. It means force the shutdown even if applications do not respond for NT.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >None</I -></SPAN >.</P ><P >Example: <B @@ -17295,7 +16929,13 @@ CLASS="COMMAND" ></P ><P >Shutdown script example: - <PRE + <TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD +><PRE CLASS="PROGRAMLISTING" > #!/bin/bash @@ -17305,12 +16945,15 @@ CLASS="PROGRAMLISTING" /sbin/shutdown $3 $4 +$time $1 & </PRE +></TD +></TR +></TABLE > Shutdown does not return so we need to launch it in background. </P ><P >See also <A -HREF="index.html#ABORTSHUTDOWNSCRIPT" +HREF="r1.html#ABORTSHUTDOWNSCRIPT" ><TT CLASS="PARAMETER" ><I @@ -17464,12 +17107,9 @@ TARGET="_top" ></LI ></UL ><P ->Those marked with a <SPAN -CLASS="emphasis" -><I +>Those marked with a <I CLASS="EMPHASIS" >'*'</I -></SPAN > take an integer argument. The others can optionally take a 1 or 0 argument to enable or disable the option, by default they will be enabled if you @@ -17541,12 +17181,9 @@ CLASS="COMMAND" >SAMBA_NETBIOS_NAME = myhostname</B ></P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >No default value</I -></SPAN ></P ><P >Examples: <B @@ -17570,12 +17207,9 @@ NAME="SPNEGO" ><P > This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller. It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >use spnego = yes</I -></SPAN ></P ></DD ><DT @@ -17621,33 +17255,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="STATUS" -></A ->status (G)</DT -><DD -><P ->This enables or disables logging of connections - to a status file that <A -HREF="smbstatus.1.html" -TARGET="_top" ->smbstatus(1)</A -> - can read.</P -><P ->With this disabled <B -CLASS="COMMAND" ->smbstatus</B -> won't be able - to tell you what connections are active. You should never need to - change this parameter.</P -><P ->Default: <B -CLASS="COMMAND" ->status = yes</B -></P -></DD -><DT -><A NAME="STRICTALLOCATE" ></A >strict allocate (S)</DT @@ -17745,7 +17352,7 @@ TARGET="_top" explorer shell file copies.</P ><P >See also the <A -HREF="index.html#SYNCALWAYS" +HREF="r1.html#SYNCALWAYS" ><TT CLASS="PARAMETER" ><I @@ -17787,13 +17394,13 @@ NAME="SYNCALWAYS" whether writes will always be written to stable storage before the write call returns. If this is <TT CLASS="CONSTANT" ->false</TT +>no</TT > then the server will be guided by the client's request in each write call (clients can set a bit indicating that a particular write should be synchronous). If this is <TT CLASS="CONSTANT" ->true</TT +>yes</TT > then every write will be followed by a <B CLASS="COMMAND" >fsync() @@ -17812,7 +17419,7 @@ CLASS="CONSTANT" any affect.</P ><P >See also the <A -HREF="index.html#STRICTSYNC" +HREF="r1.html#STRICTSYNC" ><TT CLASS="PARAMETER" ><I @@ -17982,7 +17589,7 @@ NAME="TIMESTAMPLOGS" ><DD ><P >Synonym for <A -HREF="index.html#DEBUGTIMESTAMP" +HREF="r1.html#DEBUGTIMESTAMP" ><TT CLASS="PARAMETER" ><I @@ -18011,7 +17618,7 @@ TARGET="_top" can be used to prevent a server from exceeding its capacity and is designed as a printing throttle. See also <A -HREF="index.html#MAXPRINTJOBS" +HREF="r1.html#MAXPRINTJOBS" ><TT CLASS="PARAMETER" ><I @@ -18095,26 +17702,23 @@ NAME="UNIXPASSWORDSYNC" when the encrypted SMB password in the smbpasswd file is changed. If this is set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > the program specified in the <TT CLASS="PARAMETER" ><I >passwd program</I ></TT ->parameter is called <SPAN -CLASS="emphasis" -><I +>parameter is called <I CLASS="EMPHASIS" >AS ROOT</I -></SPAN > - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password change code has no access to the old password cleartext, only the new).</P ><P >See also <A -HREF="index.html#PASSWDPROGRAM" +HREF="r1.html#PASSWDPROGRAM" ><TT CLASS="PARAMETER" ><I @@ -18123,7 +17727,7 @@ CLASS="PARAMETER" ></TT ></A >, <A -HREF="index.html#PASSWDCHAT" +HREF="r1.html#PASSWDCHAT" ><TT CLASS="PARAMETER" ><I @@ -18162,7 +17766,7 @@ CLASS="CONSTANT" >.</P ><P >In order for this parameter to work correctly the <A -HREF="index.html#ENCRYPTPASSWORDS" +HREF="r1.html#ENCRYPTPASSWORDS" ><TT CLASS="PARAMETER" ><I @@ -18225,18 +17829,15 @@ CLASS="COMMAND" >If this parameter is enabled for a printer, then any attempt to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() - call to succeed. <SPAN -CLASS="emphasis" -><I + call to succeed. <I CLASS="EMPHASIS" >This parameter MUST not be able enabled on a print share which has valid print driver installed on the Samba server.</I -></SPAN ></P ><P >See also <A -HREF="index.html#DISABLESPOOLSS" +HREF="r1.html#DISABLESPOOLSS" >disable spoolss</A > </P @@ -18258,7 +17859,7 @@ NAME="USEMMAP" mmap/read-write system memory cache. Currently only HPUX does not have such a coherent cache, and so this parameter is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT > by default on HPUX. On all other systems this parameter should be left alone. This parameter is provided to help the Samba developers track down problems with @@ -18279,7 +17880,7 @@ NAME="USERHOSTS" ><P >If this global parameter is <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, it specifies that the UNIX user's <TT CLASS="FILENAME" @@ -18288,12 +17889,9 @@ CLASS="FILENAME" will be read to find the names of hosts and users who will be allowed access without specifying a password.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >NOTE:</I -></SPAN > The use of <TT CLASS="PARAMETER" ><I @@ -18323,7 +17921,7 @@ NAME="USER" ><DD ><P >Synonym for <A -HREF="index.html#USERNAME" +HREF="r1.html#USERNAME" ><TT CLASS="PARAMETER" ><I @@ -18340,7 +17938,7 @@ NAME="USERS" ><DD ><P >Synonym for <A -HREF="index.html#USERNAME" +HREF="r1.html#USERNAME" ><TT CLASS="PARAMETER" ><I @@ -18399,7 +17997,7 @@ CLASS="PARAMETER" ><P >To restrict a service to a particular set of users you can use the <A -HREF="index.html#VALIDUSERS" +HREF="r1.html#VALIDUSERS" ><TT CLASS="PARAMETER" ><I @@ -18429,7 +18027,7 @@ CLASS="PARAMETER" search.</P ><P >See the section <A -HREF="index.html#AEN236" +HREF="r1.html#AEN236" >NOTE ABOUT USERNAME/PASSWORD VALIDATION</A > for more information on how @@ -18438,7 +18036,7 @@ HREF="index.html#AEN236" >Default: <B CLASS="COMMAND" >The guest account if a guest service, - else <empty string>.</B + else <empty string>.</B ></P ><P >Examples:<B @@ -18512,16 +18110,16 @@ NAME="USERNAMEMAP" >If any line begins with a '#' or a ';' then it is ignored</P ><P ->If any line begins with an '!' then the processing - will stop after that line if a mapping was done by the line. - Otherwise mapping continues with every line being processed. - Using '!' is most useful when you have a wildcard mapping line +>If any line begins with an '!' then the processing + will stop after that line if a mapping was done by the line. + Otherwise mapping continues with every line being processed. + Using '!' is most useful when you have a wildcard mapping line later in the file.</P ><P >For example to map from the name <TT CLASS="CONSTANT" >admin</TT -> +> or <TT CLASS="CONSTANT" >administrator</TT @@ -18538,7 +18136,7 @@ CLASS="COMMAND" >Or to map anyone in the UNIX group <TT CLASS="CONSTANT" >system</TT -> +> to the UNIX name <TT CLASS="CONSTANT" >sys</TT @@ -18549,10 +18147,10 @@ CLASS="COMMAND" >sys = @system</B ></P ><P ->You can have as many mappings as you like in a username +>You can have as many mappings as you like in a username map file.</P ><P ->If your system supports the NIS NETGROUP option then +>If your system supports the NIS NETGROUP option then the netgroup database is checked before the <TT CLASS="FILENAME" >/etc/group @@ -18567,61 +18165,67 @@ CLASS="COMMAND" >tridge = "Andrew Tridgell"</B ></P ><P ->would map the windows username "Andrew Tridgell" to the +>would map the windows username "Andrew Tridgell" to the unix username "tridge".</P ><P ->The following example would map mary and fred to the - unix user sys, and map the rest to guest. Note the use of the - '!' to tell Samba to stop processing if it gets a match on +>The following example would map mary and fred to the + unix user sys, and map the rest to guest. Note the use of the + '!' to tell Samba to stop processing if it gets a match on that line.</P ><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD ><PRE CLASS="PROGRAMLISTING" > !sys = mary fred guest = * </PRE +></TD +></TR +></TABLE ></P ><P ->Note that the remapping is applied to all occurrences +>Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and <TT CLASS="CONSTANT" > fred</TT > is remapped to <TT CLASS="CONSTANT" >mary</TT -> then you - will actually be connecting to \\server\mary and will need to +> then you + will actually be connecting to \\server\mary and will need to supply a password suitable for <TT CLASS="CONSTANT" >mary</TT -> not +> not <TT CLASS="CONSTANT" >fred</TT ->. The only exception to this is the +>. The only exception to this is the username passed to the <A -HREF="index.html#PASSWORDSERVER" +HREF="r1.html#PASSWORDSERVER" ><TT CLASS="PARAMETER" ><I > password server</I ></TT ></A -> (if you have one). The password - server will receive whatever username the client supplies without +> (if you have one). The password + server will receive whatever username the client supplies without modification.</P ><P ->Also note that no reverse mapping is done. The main effect - this has is with printing. Users who have been mapped may have - trouble deleting print jobs as PrintManager under WfWg will think +>Also note that no reverse mapping is done. The main effect + this has is with printing. Users who have been mapped may have + trouble deleting print jobs as PrintManager under WfWg will think they don't own the print job.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no username map</I -></SPAN ></P ><P >Example: <B @@ -18632,18 +18236,42 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="USESENDFILE" +></A +>use sendfile (S)</DT +><DD +><P +>If this parameter is <TT +CLASS="CONSTANT" +>yes</TT +>, and Samba + was built with the --with-sendfile-support option, and the underlying operating + system supports sendfile system call, then some SMB read calls (mainly ReadAndX + and ReadRaw) will use the more efficient sendfile system call for files that + are exclusively oplocked. This may make more efficient use of the system CPU's + and cause Samba to be faster. This is off by default as it's effects are unknown + as yet. + </P +><P +>Default: <B +CLASS="COMMAND" +>use sendfile = no</B +></P +></DD +><DT +><A NAME="UTMP" ></A >utmp (G)</DT ><DD ><P ->This boolean parameter is only available if +>This boolean parameter is only available if Samba has been configured and compiled with the option <B CLASS="COMMAND" > --with-utmp</B >. If set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the @@ -18656,7 +18284,7 @@ CLASS="CONSTANT" performance on large installations. </P ><P >See also the <A -HREF="index.html#UTMPDIRECTORY" +HREF="r1.html#UTMPDIRECTORY" ><TT CLASS="PARAMETER" ><I @@ -18684,7 +18312,7 @@ CLASS="COMMAND" >. It specifies a directory pathname that is used to store the utmp or utmpx files (depending on the UNIX system) that record user connections to a Samba server. See also the <A -HREF="index.html#UTMP" +HREF="r1.html#UTMP" > <TT CLASS="PARAMETER" ><I @@ -18699,12 +18327,9 @@ CLASS="FILENAME" >/var/run/utmp</TT > on Linux).</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no utmp directory</I -></SPAN ></P ><P >Example: <B @@ -18730,7 +18355,7 @@ CLASS="COMMAND" has logged out. See also the <A -HREF="index.html#UTMP" +HREF="r1.html#UTMP" > <TT CLASS="PARAMETER" ><I @@ -18745,12 +18370,9 @@ CLASS="FILENAME" >/var/run/wtmp</TT > on Linux).</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >no wtmp directory</I -></SPAN ></P ><P >Example: <B @@ -18793,7 +18415,7 @@ CLASS="PARAMETER" >. This is useful in the [homes] section.</P ><P >See also <A -HREF="index.html#INVALIDUSERS" +HREF="r1.html#INVALIDUSERS" ><TT CLASS="PARAMETER" ><I @@ -18803,13 +18425,10 @@ CLASS="PARAMETER" ></A ></P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >No valid users list (anyone can login) </I -></SPAN ></P ><P >Example: <B @@ -18831,12 +18450,9 @@ NAME="VETOFILES" or directories as in DOS wildcards.</P ><P >Each entry must be a unix path, not a DOS path and - must <SPAN -CLASS="emphasis" -><I + must <I CLASS="EMPHASIS" >not</I -></SPAN > include the unix directory separator '/'.</P ><P @@ -18852,12 +18468,9 @@ CLASS="PARAMETER" is important to be aware of is Samba's behaviour when trying to delete a directory. If a directory that is to be deleted contains nothing but veto files this - deletion will <SPAN -CLASS="emphasis" -><I + deletion will <I CLASS="EMPHASIS" >fail</I -></SPAN > unless you also set the <TT CLASS="PARAMETER" @@ -18877,7 +18490,7 @@ CLASS="PARAMETER" for a match as they are scanned.</P ><P >See also <A -HREF="index.html#HIDEFILES" +HREF="r1.html#HIDEFILES" ><TT CLASS="PARAMETER" ><I @@ -18886,7 +18499,7 @@ CLASS="PARAMETER" ></TT ></A > and <A -HREF="index.html#CASESENSITIVE" +HREF="r1.html#CASESENSITIVE" ><TT CLASS="PARAMETER" ><I @@ -18895,16 +18508,19 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >No files or directories are vetoed. </I -></SPAN ></P ><P ->Examples:<PRE +>Examples:<TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="90%" +><TR +><TD +><PRE CLASS="PROGRAMLISTING" >; Veto any files containing the word Security, ; any ending in .tmp, and any directory containing the @@ -18914,6 +18530,9 @@ veto files = /*Security*/*.tmp/*root*/ ; Veto the Apple specific files that a NetAtalk server ; creates. veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/</PRE +></TD +></TR +></TABLE ></P ></DD ><DT @@ -18924,7 +18543,7 @@ NAME="VETOOPLOCKFILES" ><DD ><P >This parameter is only valid when the <A -HREF="index.html#OPLOCKS" +HREF="r1.html#OPLOCKS" ><TT CLASS="PARAMETER" ><I @@ -18936,7 +18555,7 @@ CLASS="PARAMETER" to selectively turn off the granting of oplocks on selected files that match a wildcarded list, similar to the wildcarded list used in the <A -HREF="index.html#VETOFILES" +HREF="r1.html#VETOFILES" ><TT CLASS="PARAMETER" ><I @@ -18946,13 +18565,10 @@ CLASS="PARAMETER" > parameter.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >No files are vetoed for oplock grants</I -></SPAN ></P ><P >You might want to do this on files that you know will @@ -19010,12 +18626,9 @@ NAME="VFSOBJECT" with a VFS object. The Samba VFS layer is new to Samba 2.2 and must be enabled at compile time with --with-vfs.</P ><P ->Default : <SPAN -CLASS="emphasis" -><I +>Default : <I CLASS="EMPHASIS" >no value</I -></SPAN ></P ></DD ><DT @@ -19029,7 +18642,7 @@ NAME="VFSOPTIONS" to the vfs layer at initialization time. The Samba VFS layer is new to Samba 2.2 and must be enabled at compile time with --with-vfs. See also <A -HREF="index.html#VFSOBJECT" +HREF="r1.html#VFSOBJECT" ><TT CLASS="PARAMETER" ><I @@ -19038,12 +18651,9 @@ CLASS="PARAMETER" ></A >.</P ><P ->Default : <SPAN -CLASS="emphasis" -><I +>Default : <I CLASS="EMPHASIS" >no value</I -></SPAN ></P ></DD ><DT @@ -19057,12 +18667,9 @@ NAME="VOLUME" returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >the name of the share</I -></SPAN ></P ></DD ><DT @@ -19140,18 +18747,18 @@ CLASS="PARAMETER" >winbind enum users</I ></TT > parameter is - false, calls to the <B + <TT +CLASS="CONSTANT" +>no</TT +>, calls to the <B CLASS="COMMAND" >getpwent</B > system call will not return any data. </P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Warning:</I -></SPAN > Turning off user enumeration may cause some programs to behave oddly. For example, the finger program relies on having access to the @@ -19195,18 +18802,18 @@ CLASS="PARAMETER" >winbind enum groups</I ></TT > parameter is - false, calls to the <B + <TT +CLASS="CONSTANT" +>no</TT +>, calls to the <B CLASS="COMMAND" >getgrent()</B > system call will not return any data. </P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Warning:</I -></SPAN > Turning off group enumeration may cause some programs to behave oddly. </P @@ -19235,7 +18842,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->winbind gid = <empty string> +>winbind gid = <empty string> </B ></P ><P @@ -19306,7 +18913,7 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->winbind uid = <empty string> +>winbind uid = <empty string> </B ></P ><P @@ -19319,7 +18926,7 @@ CLASS="COMMAND" >winbind use default domain, <A NAME="WINBINDUSEDEFAULTDOMAIN" ></A ->winbind use default domain</DT +>winbind use default domain (G)</DT ><DD ><P >This parameter specifies whether the <A @@ -19334,13 +18941,13 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->winbind use default domain = <falseg> +>winbind use default domain = <no> </B ></P ><P >Example: <B CLASS="COMMAND" ->winbind use default domain = true</B +>winbind use default domain = yes</B ></P ></DD ><DT @@ -19449,12 +19056,9 @@ TARGET="_top" >You should point this at your WINS server if you have a multi-subnetted network.</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >NOTE</I -></SPAN >. You need to set up Samba to point to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly.</P @@ -19465,12 +19069,9 @@ CLASS="FILENAME" > in the docs/ directory of your Samba source distribution.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >not enabled</I -></SPAN ></P ><P >Example: <B @@ -19493,21 +19094,18 @@ TARGET="_top" > process in Samba will act as a WINS server. You should not set this to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > unless you have a multi-subnetted network and you wish a particular <B CLASS="COMMAND" >nmbd</B > to be your WINS server. - Note that you should <SPAN -CLASS="emphasis" -><I + Note that you should <I CLASS="EMPHASIS" >NEVER</I -></SPAN > set this to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > on more than one machine in your network.</P ><P @@ -19526,7 +19124,7 @@ NAME="WORKGROUP" >This controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with the <A -HREF="index.html#SECURITYEQUALSDOMAIN" +HREF="r1.html#SECURITYEQUALSDOMAIN" ><B CLASS="COMMAND" >security = domain</B @@ -19534,12 +19132,9 @@ CLASS="COMMAND" > setting.</P ><P ->Default: <SPAN -CLASS="emphasis" -><I +>Default: <I CLASS="EMPHASIS" >set at compile time to WORKGROUP</I -></SPAN ></P ><P >Example: <B @@ -19555,7 +19150,7 @@ NAME="WRITABLE" ><DD ><P >Synonym for <A -HREF="index.html#WRITEABLE" +HREF="r1.html#WRITEABLE" ><TT CLASS="PARAMETER" ><I @@ -19573,12 +19168,9 @@ NAME="WRITECACHESIZE" ><P >If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file - (it does <SPAN -CLASS="emphasis" -><I + (it does <I CLASS="EMPHASIS" >not</I -></SPAN > do this for non-oplocked files). All writes that the client does not request to be flushed directly to disk will be stored in this cache if possible. @@ -19618,11 +19210,11 @@ NAME="WRITELIST" >This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the <A -HREF="index.html#WRITEABLE" +HREF="r1.html#READONLY" ><TT CLASS="PARAMETER" ><I ->writeable</I +>read only</I ></TT ></A > @@ -19633,7 +19225,7 @@ CLASS="PARAMETER" write list then they will be given write access.</P ><P >See also the <A -HREF="index.html#READLIST" +HREF="r1.html#READLIST" ><TT CLASS="PARAMETER" ><I @@ -19645,7 +19237,7 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->write list = <empty string> +>write list = <empty string> </B ></P ><P @@ -19686,12 +19278,12 @@ NAME="WRITEOK" >write ok (S)</DT ><DD ><P ->Synonym for <A -HREF="index.html#WRITEABLE" +>Inverted synonym for <A +HREF="r1.html#READONLY" ><TT CLASS="PARAMETER" ><I -> writeable</I +> read only</I ></TT ></A >.</P @@ -19719,40 +19311,15 @@ NAME="WRITEABLE" >writeable (S)</DT ><DD ><P ->An inverted synonym is <A -HREF="index.html#READONLY" -> <TT +>Inverted synonym for <A +HREF="r1.html#READONLY" +><TT CLASS="PARAMETER" ><I ->read only</I +> read only</I ></TT ></A >.</P -><P ->If this parameter is <TT -CLASS="CONSTANT" ->no</TT ->, then users - of a service may not create or modify files in the service's - directory.</P -><P ->Note that a printable service (<B -CLASS="COMMAND" ->printable = yes</B ->) - will <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->ALWAYS</I -></SPAN -> allow writing to the directory - (user privileges permitting), but only via spooling operations.</P -><P ->Default: <B -CLASS="COMMAND" ->writeable = no</B -></P ></DD ></DL ></DIV @@ -19760,7 +19327,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6109" +NAME="AEN6113" ></A ><H2 >WARNINGS</H2 @@ -19790,7 +19357,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6115" +NAME="AEN6119" ></A ><H2 >VERSION</H2 @@ -19801,7 +19368,7 @@ NAME="AEN6115" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6118" +NAME="AEN6122" ></A ><H2 >SEE ALSO</H2 @@ -19880,7 +19447,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6138" +NAME="AEN6142" ></A ><H2 >AUTHOR</H2 diff --git a/docs/manpages/net.8 b/docs/manpages/net.8 index 1ac5af9287..7a6a5c18c6 100644 --- a/docs/manpages/net.8 +++ b/docs/manpages/net.8 @@ -16,7 +16,6 @@ This tool is part of the Samba suite. .PP The samba net utility is meant to work just like the net utility available for windows and DOS. -FIXME .SH "OPTIONS" .TP \fB-h\fR @@ -135,4 +134,18 @@ enumerates all exported resources (network shares) on target server \fBSHARE ADD <name=serverpath> [misc. options] [targets]\fR Adds a share from a server (makes the export active) .TP -\fBSHARE DELETE <sharenam .SH "VERSION" .PP This man page is incomplete for version 3.0 of the Samba suite. .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. .PP The original Samba man pages were written by Karl Auer. The current set of manpages and documentation is maintained by the Samba Team in the same fashion as the Samba source code. \fR +\fBSHARE DELETE <sharenam\fR +.SH "VERSION" +.PP +This man page is incomplete for version 3.0 of the Samba +suite. +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code. -- cgit From 4a1e64555cf70b9d131f13ce746b1b8b3af4c968 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij <jelmer@samba.org> Date: Thu, 3 Oct 2002 17:54:22 +0000 Subject: Fix generation of HTML versions of manpages Add comments to dsssl file (This used to be commit 16656d35bb7a316d219f83e073b88d79f66101de) --- docs/docbook/Makefile.in | 3 +-- docs/docbook/samba.dsl | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index 654df30fc1..fb81c8528f 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -119,8 +119,7 @@ $(HTMLDIR)/Samba-Developers-Guide.html: $(DEVDOC)/dev-doc.sgml $(HTMLDIR)/%.html: $(MANPROJDOC)/%.sgml - $(DOCBOOK2HTML) -o . $< - mv ./index.html $@ + $(DOCBOOK2HTML) -o $(HTMLDIR) $< $(MANDIR)/%: $(MANPROJDOC)/%.sgml $(DOCBOOK2MAN) -o $(MANDIR) $< || rm $@ diff --git a/docs/docbook/samba.dsl b/docs/docbook/samba.dsl index 80197dfa77..c920166771 100644 --- a/docs/docbook/samba.dsl +++ b/docs/docbook/samba.dsl @@ -34,6 +34,7 @@ (normalize "reference") (normalize "refentry") (normalize "part") +; We would like to split up in chapters, not in sect1's... ; (normalize "sect1") (normalize "section") (normalize "book") ;; just in case nothing else matches... -- cgit From 49cd711d49a321de8eeb9ab3720c1357089059b8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij <jelmer@samba.org> Date: Thu, 3 Oct 2002 18:10:16 +0000 Subject: Fix links in html versions of manpages (This used to be commit e0632a7752f123859290140b5fc190fee0da8484) --- docs/docbook/Makefile.in | 2 +- docs/htmldocs/findsmb.1.html | 20 +- docs/htmldocs/lmhosts.5.html | 24 +- docs/htmldocs/make_smbcodepage.1.html | 15 +- docs/htmldocs/make_unicodemap.1.html | 11 +- docs/htmldocs/net.8.html | 29 +- docs/htmldocs/nmbd.8.html | 90 +- docs/htmldocs/nmblookup.1.html | 37 +- docs/htmldocs/pdbedit.8.html | 132 +- docs/htmldocs/rpcclient.1.html | 129 +- docs/htmldocs/samba.7.html | 65 +- docs/htmldocs/smb.conf.5.html | 2256 ++++++++++++++++++++------------- docs/htmldocs/smbcacls.1.html | 102 +- docs/htmldocs/smbclient.1.html | 148 ++- docs/htmldocs/smbcontrol.1.html | 9 +- docs/htmldocs/smbd.8.html | 51 +- docs/htmldocs/smbgroupedit.8.html | 95 +- docs/htmldocs/smbmnt.8.html | 9 +- docs/htmldocs/smbmount.8.html | 68 +- docs/htmldocs/smbpasswd.5.html | 87 +- docs/htmldocs/smbpasswd.8.html | 83 +- docs/htmldocs/smbsh.1.html | 32 +- docs/htmldocs/smbspool.8.html | 21 +- docs/htmldocs/smbstatus.1.html | 50 +- docs/htmldocs/smbtar.1.html | 21 +- docs/htmldocs/smbumount.8.html | 7 +- docs/htmldocs/swat.8.html | 21 +- docs/htmldocs/testparm.1.html | 43 +- docs/htmldocs/testprns.1.html | 11 +- docs/htmldocs/wbinfo.1.html | 7 +- docs/htmldocs/winbindd.8.html | 386 ++---- 31 files changed, 2232 insertions(+), 1829 deletions(-) (limited to 'docs') diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index fb81c8528f..1ac71e452b 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -119,7 +119,7 @@ $(HTMLDIR)/Samba-Developers-Guide.html: $(DEVDOC)/dev-doc.sgml $(HTMLDIR)/%.html: $(MANPROJDOC)/%.sgml - $(DOCBOOK2HTML) -o $(HTMLDIR) $< + $(DOCBOOK2HTML) -u -o $(HTMLDIR) $< $(MANDIR)/%: $(MANPROJDOC)/%.sgml $(DOCBOOK2MAN) -o $(MANDIR) $< || rm $@ diff --git a/docs/htmldocs/findsmb.1.html b/docs/htmldocs/findsmb.1.html index 2f246d666d..08fffb47b6 100644 --- a/docs/htmldocs/findsmb.1.html +++ b/docs/htmldocs/findsmb.1.html @@ -1,10 +1,11 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML ><HEAD ><TITLE >findsmb

              findsmb

              findsmb
              -B option

              option.

For example running For example, running findsmb on a machine @@ -165,12 +166,6 @@ CLASS="COMMAND" >nmbd running would yield output similar to the following

lmhosts

lmhosts

lmhosts
lmhosts is the is the Samba - NetBIOS name to IP address mapping file. It is very similar to the

An example follows :

#
@@ -119,9 +118,6 @@ CLASS="PROGRAMLISTING"
 192.9.200.20	NTSERVER#20
 192.9.200.21	SAMBASERVER

Contains three IP to NetBIOS name mappings. The first diff --git a/docs/htmldocs/make_smbcodepage.1.html b/docs/htmldocs/make_smbcodepage.1.html index 8e792e3122..4c2ad993ae 100644 --- a/docs/htmldocs/make_smbcodepage.1.html +++ b/docs/htmldocs/make_smbcodepage.1.html @@ -1,10 +1,11 @@ + make_smbcodepage

make_smbcodepage

make_smbcodepage
c case this will be a text +> case, this will be a text codepage definition file such as the ones found in the Samba d case this will be the +> case, this will be the binary format codepage definition file normally found in the

codepage_def.<codepage>codepage_def.<codepage>

These are the input (text) codepage files provided in the @@ -259,7 +260,7 @@ CLASS="COMMAND" >

codepage.<codepage>codepage.<codepage> - These are the output (binary) codepage files produced and placed in the Samba destination make_unicodemap

make_unicodemap

make_unicodemap

CP<codepage>.TXTCP<codepage>.TXT

These are the input (text) unicode map files provided @@ -176,7 +177,7 @@ CLASS="PARAMETER" >

unicode_map.<codepage>unicode_map.<codepage> - These are the output (binary) unicode map files produced and placed in the Samba destination + net

net

net

Synopsis

net {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-C comment] [-M maxusers] [-F flags] [-j jobid] [-l] [-r] [-f] [-t timeout] [-P] [-D debuglevel]

{<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-C comment] [-M maxusers] [-F flags] [-j jobid] [-l] [-r] [-f] [-t timeout] [-P] [-D debuglevel]

USER DELETE <name> [misc options]
USER DELETE <name> [misc options]

delete specified user

USER INFO <name> [misc options]
USER INFO <name> [misc options]

list the domain groups of the specified user

USER ADD <name> [password] [-F user flags] [misc. options
USER ADD <name> [password] [-F user flags] [misc. options

Add specified user @@ -331,14 +334,14 @@ CLASS="VARIABLELIST"

GROUP DELETE <name> [misc. options] [targets]
GROUP DELETE <name> [misc. options] [targets]

Delete specified group

GROUP ADD <name> [-C comment]
GROUP ADD <name> [-C comment]

Create specified group @@ -352,14 +355,14 @@ CLASS="VARIABLELIST"

SHARE ADD <name=serverpath> [misc. options] [targets]
SHARE ADD <name=serverpath> [misc. options] [targets]

Adds a share from a server (makes the export active)

SHARE DELETE <sharenam
SHARE DELETE <sharenam

nmbd

nmbd

nmbd
nmbd [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]

[-D] [-a] [-i] [-o] [-P] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]

-n-n option (see OPTIONS below). Thus nmbd can act as a WINS proxy, relaying broadcast queries from clients that do - not understand how to talk the WINS protocol to a WIN + not understand how to talk the WINS protocol to a WINS server.

If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell. Setting this - parameter negates the implicit deamon mode when run from the + parameter negates the implicit daemon mode when run from the command line.

.

-H <filename>
-H <filename>

NetBIOS lmhosts file. The lmhosts @@ -204,16 +209,24 @@ CLASS="FILENAME" > to resolve any NetBIOS name queries needed by the server. Note - that the contents of this file are NOTNOT used by nmbd to answer any name queries. Adding a line to this file affects name NetBIOS resolution - from this host ONLYONLY.

The default path to this file is compiled into @@ -229,15 +242,16 @@ CLASS="FILENAME" /etc/lmhosts. See the . See the + lmhosts(5) man page for details on the - contents of this file.

+ man page for details on the contents of this file.

-V
.

-d <debug level>
-d <debug level>

debuglevel is an integer @@ -281,21 +295,21 @@ HREF="smb.conf.5.html" TARGET="_top" > smb.conf smb.conf(5) file.

-l <log directory>
-l <log directory>

The -l parameter specifies a directory into which the "log.nmbd" log file will be created - for operational data from the running - nmbd server. The default log directory is compiled into Samba +> + server. The default log directory is compiled into Samba as part of the build process. Common defaults are /usr/local/samba/var/log.nmb/var/log/log.nmb. Beware:. Beware: If the directory specified does not exist,

-n <primary NetBIOS name>
-n <primary NetBIOS name>

This option allows you to override @@ -342,7 +360,7 @@ CLASS="FILENAME" >.

-p <UDP port number>
-p <UDP port number>

UDP port number is a positive integer value. @@ -355,7 +373,7 @@ CLASS="COMMAND" won't need help!

-s <configuration file>
-s <configuration file>

The default configuration file name @@ -505,8 +523,12 @@ CLASS="FILENAME" >If nmbd is acting as a browse master is acting as a browse master (see the nmbd process it is recommended - that SIGKILL (-9) NOTNOT be used, except as a last resort, as this may leave the name database in an inconsistent state. The correct way to terminate nmblookup

nmblookup

nmblookup
nmblookup [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}

[-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}

Print a help (usage) message.

-B <broadcast address>
-B <broadcast address>

Send the query to the given broadcast address. Without @@ -179,7 +180,7 @@ CLASS="FILENAME"

-U <unicast address>
-U <unicast address>

Do a unicast query to the specified address or @@ -198,7 +199,7 @@ CLASS="PARAMETER" query a WINS server.

-d <debuglevel>
-d <debuglevel>

debuglevel is an integer from 0 to 10.

file.

-s <smb.conf>
-s <smb.conf>

This parameter specifies the pathname to @@ -246,7 +247,7 @@ TARGET="_top" the Samba setup on the machine.

-i <scope>
-i <scope>

This specifies a NetBIOS scope that @@ -256,8 +257,12 @@ CLASS="COMMAND" > will use to communicate with when generating NetBIOS names. For details on the use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are - veryvery rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with.

IP address .... NetBIOS nameIP address .... NetBIOS name

pair that is the normal output.

This is the NetBIOS name being queried. Depending upon the previous options this may be a NetBIOS name or IP address. If a NetBIOS name then the different name types may be specified - by appending '#<type>' to the name. This name may also be + by appending '#<type>' to the name. This name may also be '*', which will return all registered names within a broadcast area.

pdbedit

pdbedit

pdbedit
pdbedit [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-D debuglevel]

[-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-D debuglevel]

DESCRIPTION

suite.

The pdbedit program is used to manage the users accounts - stored in the sam database and can be run only by root.

The pdbedit tool use the passdb modular interface and is +>The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there - are smbpasswd, ldap, nis+ and tdb based and more can be addedd + are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool).

There are five main ways to use pdbedit: adding a user account, @@ -67,7 +68,7 @@ TARGET="_top" >

OPTIONS

-l

This option list all the user accounts +>This option lists all the user accounts present in the users database. This option prints a list of user/uid pairs separated by the ':' character.

pdbedit -l

		sorce:500:Simo Sorce
 		samba:45:Test User

-v

This option sets the verbose listing format. - It will make pdbedit list the users in the database printing +>This option enables the verbose listing format. + It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format.

Example: pdbedit -l -v

		---------------
@@ -146,9 +132,6 @@ CLASS="PROGRAMLISTING"
 		Logon Script:   
 		Profile Path:   \\BERSERKER\profile

This option sets the "smbpasswd" listing format. - It will make pdbedit list the users in the database printing + It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the pdbedit -l -w

		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
 		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:

-u username

This option specifies that the username to be - used for the operation requested (listing, adding, removing) - It is requiredThis option specifies the username to be + used for the operation requested (listing, adding, removing). + It is required in add, remove and modify - operations and optionaloptional in list operations.

This option is used to add a user into the - database. This command need the user name be specified with - the -u switch. When adding a new user pdbedit will also - ask for the password to be used

Example: pdbedit -a -u sorce - 
new password:
 		retype new password

This option causes pdbedit to delete an account - from the database. It need the username be specified with the + from the database. It needs a username specified with the -u switch.

Example: -i passdb-backend

Use a different passdb backend to retrieve users than the one specified in smb.conf.

Use a different passdb backend to retrieve users + than the one specified in smb.conf. Can be used to import data into + your local user database.

This option will ease migration from one passdb backend to another. -

This option will ease migration from one passdb backend to + another.

Example: pdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb -

pdbedit -i smbpasswd:/etc/smbpasswd.old +

-e passdb-backend

Export all currently available users to the specified password database backend.

Exports all currently available users to the + specified password database backend.

This option will ease migration from one passdb backend to another and will ease backupping

This option will ease migration from one passdb backend to + another and will ease backing up.

Example: pdbedit -e smbpasswd:/root/samba-users.backup

-b passdb-backend

Use a different default passdb backend.

Example: pdbedit -b xml:/root/pdb-backup.xml -l

NOTES

VERSION

SEE ALSO

AUTHOR

rpcclient

rpcclient

rpcclient
rpcclient [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}

[-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}

		username = <value> 
-		password = <value>
-		domain   = <value>
+>		username = <value> 
+		password = <value>
+		domain   = <value>

Make certain that the permissions on the file restrict @@ -187,8 +179,8 @@ CLASS="PARAMETER" '.client' will be appended. The log file is never removed - by the client. +> will be appended. The log file is + never removed by the client.

rpcclient will prompt - for a password. See also the will + prompt for a password. See also the -U option.

+ option.

-s|--conf=smb.conf

Specifies the location of the all important +>Specifies the location of the all-important smb.conf

A third option is to use a credentials file which contains the plaintext of the username and password. This - option is mainly provided for scripts where the admin doesn't - desire to pass the credentials on the command line or via environment + option is mainly provided for scripts where the admin does not + wish to pass the credentials on the command line or via environment variables. If this method is used, make certain that the permissions on the file restrict access from unwanted users. See the

COMMANDS

LSARPCLSARPC

lookupnames - Resolve s list +> - Resolve a list of usernames to SIDs.

SAMRSAMR

SPOOLSSSPOOLSS

adddriver <arch> <config>adddriver <arch> <config> - Execute an AddPrinterDriver() RPC to install the printer driver information on the server. Note that the driver files should @@ -432,12 +437,6 @@ CLASS="PARAMETER" > parameter is defined as follows: 

		Long Printer Name:\
@@ -449,9 +448,6 @@ CLASS="PROGRAMLISTING"
 		Default Data Type:\
 		Comma Separated list of Files

Any empty fields should be enter as the string "NULL".

addprinter <printername> - <sharename> <drivername> <port>addprinter <printername> + <sharename> <drivername> <port> - Add a printer on the remote server. This printer will be automatically shared. Be aware that the printer driver @@ -514,9 +510,9 @@ CLASS="COMMAND" >

enumjobs <printer>enumjobs <printer> - - List the jobs and status of a given printer. + - List the jobs and status of a given printer. This command corresponds to the MS Platform SDK EnumJobs() function (* This command is currently unimplemented).

getdata <printername>getdata <printername> - Retrieve the data for a given printer setting. See the

getdriver <printername>getdriver <printername> - Retrieve the printer driver information (such as driver file, config file, dependent files, etc...) for @@ -582,10 +578,10 @@ CLASS="COMMAND" >

getdriverdir <arch>getdriverdir <arch> - Execute a GetPrinterDriverDirectory() - RPC to retreive the SMB share name and subdirectory for + RPC to retrieve the SMB share name and subdirectory for storing printer driver files for a given architecture. Possible values for

getprinter <printername>getprinter <printername> - Retrieve the current printer information. This command corresponds to the GetPrinter() MS Platform SDK function. @@ -610,7 +606,7 @@ CLASS="COMMAND" >

openprinter <printername>openprinter <printername> - Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer.

setdriver <printername> <drivername> - - Execute a SetPrinter() command to update the printer driver associated - with an installed printer. The printer driver must already be correctly - installed on the print server.

setdriver <printername> + <drivername> + - Execute a SetPrinter() command to update the printer driver + associated with an installed printer. The printer driver must + already be correctly installed on the print server.

See also the

GENERAL OPTIONSGENERAL OPTIONS

debuglevel - Set the current debug level - used to log information.

- Set the current + debug level used to log information.

  • From Luke Leighton's original rpcclient man page:

    "WARNING!"WARNING! The MSRPC over SMB code has been developed from examining Network traces. No documentation is available from the original creators (Microsoft) on how MSRPC over diff --git a/docs/htmldocs/samba.7.html b/docs/htmldocs/samba.7.html index 6fb9eac578..0851e99bd5 100644 --- a/docs/htmldocs/samba.7.html +++ b/docs/htmldocs/samba.7.html @@ -1,10 +1,11 @@ + samba

    samba

    samba
    The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes - also referred to as the Common Internet File System (CIFS), - LanManager or NetBIOS protocol.

    http://www.ubiqx.org/cifs/    . Samba also implements the NetBIOS + protocol in nmbd.

    nmbd - daemon provides NetBIOS nameserving and browsing + daemon provides NetBIOS nameservice and browsing support. The configuration file for this daemon is described in printcap>printcap file used by Samba.

    • COMPONENTS

    samba@samba.org

    http://devel.samba.org + for information on how to file a bug report or submit a patch.

    If you require help, visit the Samba webpage at + http://www.samba.org/ and + explore the many option available to you. +

    AVAILABILITY

    VERSION

    CONTRIBUTIONS

    .

    If you have patches to submit or bugs to report - then you may mail them directly to samba-patches@samba.org. - Note, however, that due to the enormous popularity of this - package the Samba Team may take some time to respond to mail. We - prefer patches in If you have patches to submit, visit + http://devel.samba.org/ + for information on how to do it properly. We prefer patches in + diff -u format.

    CONTRIBUTORS

    AUTHOR

    + smb.conf

    smb.conf

    smb.conf

    There are three special sections, [global], [homes] and [printers], which are - described under special sections. The following notes apply to ordinary section descriptions.

    Sections may be designated Sections may be designated guest services, in which case no password is required to access them. A specified - UNIX guest account is used to define access privileges in this case.

    /home/bar. The share is accessed via the share name "foo":

    The following sample section defines a printable share. The share is readonly, but printable. That is, the only write access permitted is via calls to open, write to and close a - spool file. The guest ok parameter means access will be permitted as the default guest user (specified elsewhere):

    If you decide to use a If you decide to use a path = line in your [homes] section then you may find it useful to use the %S macro. For example :

    An important point is that if guest access is specified in the [homes] section, all home directories will be - visible to all clients without a password. In the very unlikely event that this is actually desirable, it - would be wise to also specify read only access.

    Note that the Note that the browseable flag for auto home directories will be inherited from the global browseable flag, not the [homes] browseable flag. This is useful as - it means setting browseable = no in the [homes] section will hide the [homes] share but make any auto home directories visible.

    All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. If your printing subsystem doesn't work like that, you will have to set up a pseudo-printcap. This is a file consisting of one or more lines like this:

    Each alias should be an acceptable printer name for your printing subsystem. In the [global] section, specify @@ -479,29 +462,44 @@ NAME="AEN102" >parameters define the specific attributes of sections.

    Some parameters are specific to the [global] section - (e.g., security). Some parameters are usable - in all sections (e.g., create mode). All others are permissible only in normal sections. For the purposes of the following descriptions the [homes] and [printers] - sections will be considered normal. The letter G in parentheses indicates that a parameter is specific to the - [global] section. The letter S indicates that a parameter can be specified in a service specific - section. Note that all S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.

    the name of your NIS home directory server. This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the --with-automount option then this value will be the same as %L.

    controls if names that have characters that aren't of the "default" case are mangled. For example, if this is yes then a name like "Mail" would be mangled. - Default no.

    controls whether filenames are case sensitive. If they aren't then Samba must do a filename search and match on passed - names. Default no.

    controls what the default case is for new - filenames. Default lower.

    controls if new files are created with the case that the client passes, or if they are forced to be the - "default" case. Default yes.

    yes.

  • abort shutdown script (G)

    • This parameter only exists in the HEAD cvs branch This a full path name to a script called by that should stop a shutdown procedure issued by the

    This command will be run as user.

    Default: Default: None.

    Example: will return an ACCESS_DENIED error to the client.

    See also , ,

    Default: Default: none

    Example:

    This parameter is only used for add file shares. To add printer shares, see the

    See also , .

    Default: Default: none

    Example:

    Default: add machine script = <empty string> +>add machine script = <empty string>

    This is the full pathname to a script that will - be run AS ROOT by smbd to create the required UNIX users - ON DEMAND when a user accesses the Samba server.

    In order to use this option, smbd - must NOT be set to smbd will - call the specified script AS ROOT, expanding any

    See also , ,

    Default: add user script = <empty string> +>add user script = <empty string>

    This is the full pathname to a script that will - be run AS ROOT by

    Default: Default: no admin users

    Example: smbd(8) - AS ROOT. Any

    Synonym for

    This option only takes effect when the

    This is a synonym for the smbd will use when authenticating a user. This option defaults to sensible values based on

    Default: auth methods = <empty string>auth methods = <empty string>

    Example: available = no, then , then ALL attempts to connect to the service will fail. Such failures are logged.

    nmbd to bind to ports 137 and 138 on the interfaces listed in the interfaces parameter. smbd(8) to bind only to the interface list given in the interfaces parameter. This restricts the networks that bind interfaces only is set then - unless the network address 127.0.0.1 is added to the smbpasswd - by default connects to the localhost - 127.0.0.1 address as an SMB client to issue the password change request. If bind interfaces only is set then unless the - network address 127.0.0.1 is added to the nmbd at the address - 127.0.0.1 to determine if they are running. - Not adding 127.0.0.1 will cause smbd

    See the

    See the discussion in the section NAME MANGLING.

    Synonym for case sensitive.

    See also , .

    Default: Default: none

    Example:

    If you want to set the string that is displayed next to the machine name then see the parameter.

    Default: Default: No comment string

    Example:

    Default: Default: no value

    Example:

    A synonym for this parameter is not set here will be removed from the modes set on a file when it is created.

    Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the

    This parameter does not affect directory modes. See the parameter for details.

    See also the parameter for forcing particular mode bits to be set on created files. See also the parameter for masking mode bits on created directories. See also the Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control lists also, they need to set the

    This is a synonym for csc policy (S)

    This stands for This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable.

    Note that the parameter

    Note that the parameter

    Samba 2.2 debug log messages are timestamped by default. If you are running at a high

    Note that the parameter

    Synonym for

    A synonym for

    See the section on NAME MANGLING. Also note the

    This parameter is only applicable to printable services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba @@ -6599,9 +6681,12 @@ NAME="DEFAULTSERVICE" >

    This parameter specifies the name of a service which will be connected to if the service actually requested cannot - be found. Note that the square brackets are NOT given in the parameter value (see example below).

    Typically the default service would be a ,

    Example:

    [global]
@@ -6657,9 +6736,6 @@ CLASS="PROGRAMLISTING"
 [pub]
 	path = /%S

    This is the full pathname to a script that will - be run AS ROOT by will return an ACCESS_DENIED error to the client.

    See also , ,

    Default: Default: none

    Example:

    This parameter is only used to remove file shares. To delete printer shares, see the

    See also , .

    Default: Default: none

    Example:

    Default: delete user script = <empty string> +>delete user script = <empty string>

    smbd(8) - AS ROOT. Any This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the

    See also the

    Synonym for

    Note: Your script should Note: Your script should NOT be setuid or setgid and should be owned by (and writeable only by) root!

    Default: Default: By default internal routines for determining the disk capacity and remaining space will be used.

    Example:

    Where the script dfree (which must be made executable) could be:

     
 		#!/bin/sh
 		df $1 | tail -1 | awk '{print $2" "$4}'

    or perhaps (on Sys V based systems):

     
 		#!/bin/sh
 		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'

    Note that you may have to replace the command names @@ -7185,7 +7261,7 @@ NAME="DIRECTORY" >

    Synonym for not set here will be removed from the modes set on a directory when it is created.

    Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control lists also, they need to set the .

    See the

    See also the parameter for masking mode bits on created files, and the parameter.

    Also refer to the

    Synonym for

    Note that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -7351,7 +7433,7 @@ CLASS="CONSTANT" >.

    See also the , , Be very careful about enabling this parameter.

    See also use client driver

    See also the parameter yes, the Samba server will serve Windows 95/98 Domain logons for the to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given

    If domain logons = yes. Experimentation is the best policy :-)

    Default: Default: none (i.e., all directories are OK to descend)

    Example: program for information on how to set up and maintain this file), or set the security = [server|domain|ads] parameter which causes

    Default: Default: no enumports command

    Example:

    This is a synonym for

    It is generally much better to use the real

    This parameter specifies a set of UNIX mode bit - permissions that will always be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created or having its @@ -8117,7 +8211,7 @@ CLASS="PARAMETER" parameter is applied.

    See also the parameter for details on masking mode bits on files.

    See also the

    This parameter specifies a set of UNIX mode bit - permissions that will always be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a directory that is being created. The default for this @@ -8177,7 +8274,7 @@ CLASS="PARAMETER" applied.

    See also the parameter

    See also the

    Note that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -8242,7 +8342,7 @@ CLASS="EMPHASIS" it set as 0000.

    See also the , ,

    If the .

    See also .

    Default: Default: no forced group

    Example:

    Note that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. @@ -8386,7 +8492,7 @@ CLASS="EMPHASIS" this set to 0000.

    See also the , ,

    See also

    Default: Default: no forced user

    Example:

    Synonym for

    This is a username which will be used for access to services which are specified as

    Default: Default: specified at compile time, usually "nobody"

    Example: for a service, then no password is required to connect to the service. Privileges will be those of the .

    See the section below on for a service, then only guest connections to the service are permitted. This parameter will have no effect if is not set for the service.

    See the section below on

    See also , and .

    Default: Default: no file are hidden

    Example:

    If

    NOTE :A working NIS client is required on the system for this option to work.

    See also ,

    Default: homedir map = <empty string>homedir map = <empty string>

    Example:

    See also the

    Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a

    You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The - EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:

    for a way of testing your host access to see if it does what you expect.

    Default: Default: none (i.e., all hosts permitted access)

    Example: hosts allow - - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the list takes precedence.

    Default: Default: none (i.e., no hosts specifically excluded)

    Example:

    This is not be confused with may be useful for NT clients which will not supply passwords to Samba.

    NOTE : The use of option be only used if you really know what you are doing, or perhaps on a home network where you trust - your spouse and kids. And only if you really trust them :-).

    Default: Default: no host equivalences

    Example: .

    Default: Default: no file included

    Example:

    The permissions on new files and directories are normally governed by , , and New files inherit their read/write bits from the parent directory. Their execute bits continue to be determined by , and as usual.

    Note that the setuid bit is Note that the setuid bit is never set via inheritance (the code explicitly prohibits this).

    See also , , and

    See also .

    Default: Default: all active interfaces except 127.0.0.1 that are broadcast capable

    This is a list of users that should not be allowed - to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security.

    +&group+&group means check the UNIX group database, followed by the NIS netgroup database, and @@ -9524,7 +9675,7 @@ CLASS="PARAMETER" This is useful in the [homes] section.

    See also .

    Default: Default: no invalid users

    Example:

    Keepalives should, in general, not be needed if the socket being used has the SO_KEEPALIVE attribute set on it (see

    For UNIXes that support kernel based has oplocked. This allows complete data consistency between - SMB/CIFS, NFS and local file access (and is a very cool feature :-).

    See also the and

    Default : Default : none

    Default : ldap filter = (&(uid=%u)(objectclass=sambaAccount))ldap filter = (&(uid=%u)(objectclass=sambaAccount))

    This option is used to define whether or not Samba should use SSL when connecting to the ldap server - This is NOT related to Samba's previous SSL support which was enabled by specifying the ldap suffix (G)

    Default : Default : none

    It specifies where users are added to the tree.

    Default : Default : none

    Default : Default : none

    For more discussions on level2 oplocks see the CIFS spec.

    Currently, if yes). Note also, the

    See also the and .

    See also

    If Samba is set to produce Lanman announce broadcasts needed by OS/2 clients (see the

    See also A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. See the printers section for more details.

    yes doesn't - mean that Samba will become the local master browser on a subnet, just that nmbd will will participate in elections for local master browser.

    Setting this value to nmbd - never to become a local master browser.

    Default:

    Synonym for This option specifies the directory where lock files will be placed. The lock files are used to implement the The time in microseconds that smbd should pause before attempting to gain a failed lock. See , real locking will be performed by the server.

    This option This option may be useful for read-only - filesystems which may not need locking (such as CDROM drives), although setting this parameter of

    This parameter specifies the local path to which the home directory will be connected (see

    Note that in prior versions of Samba, the Thereafter, the directories and any of the contents can, if required, be made read-only. It is not advisable that the NTuser.dat file be made read-only - rename it to NTuser.man to - achieve the desired effect (a MANdatory profile).

    The script must be a relative path to the [netlogon] service. If the [netlogon] service specifies a This option is only useful if Samba is set up as a logon server.

    Default: Default: no logon script defined

    Example:

    See also the A value of 0 will disable caching completely.

    See also the

    See also the parameter.

    Default: Default: depends on the setting of printing

    Example: This command should be a program or script which takes a printer name and job number to resume the print job. See also the

    See also the

    See also the parameter.

    Default: Default: depends on the setting of

    Example 1:

    If a Samba server is a member of a Windows NT Domain (see the security = domain) parameter) then periodically a running , and the security = domain) parameter.

    This parameter specifies the name of a file which will contain output created by a magic script (see the

    Default: magic output = <magic script name>.out +>magic output = <magic script name>.out

    If the script generates output, output will be sent to the file specified by the Note that some shells are unable to interpret scripts containing CR/LF instead of CR as the end-of-line marker. Magic scripts must be executable - as is on the host, which for some hosts and some shells will require filtering at the DOS end.

    Magic scripts are Magic scripts are EXPERIMENTAL and - should NOT be relied upon.

    Default: Default: None. Magic scripts disabled.

    Example:

    See the section on NAME MANGLING

    off the ends of filenames on some CDROMs (only visible under some UNIXes). To do this use a map of (*;1 *;).

    Default: Default: no mangled map

    Example:

    See the section on NAME MANGLING for details on how to control the mangling process.

    Note that the character to use may be specified using the

    This controls what character is used as - the magic character in name mangling. The default is a '~' but this may interfere with some software. Use this option to set @@ -11517,7 +11734,7 @@ CLASS="PARAMETER" > parameter to be set such that owner execute bit is not masked out (i.e. it must include 100). See the parameter to be set such that the world execute bit is not masked out (i.e. it must include 001). See the parameter to be set such that the group execute bit is not masked out (i.e. it must include 010). See the parameter

    This parameter is only useful in security modes other than - Means user logins with an invalid password are treated as a guest login and mapped into the guest account. Note that this can cause problems as it means that any user incorrectly typing @@ -11678,9 +11895,12 @@ HREF="r1.html#GUESTACCOUNT" will not know the reason they cannot access files they think they should - there will have been no message given to them that they got their password wrong. Helpdesk services will - hate you if you set the modes other than share. This is because in these modes the name of the resource being - requested is not sent to the server until after the server has successfully authenticated the client so the server cannot make authentication decisions at the correct time (connection @@ -11743,7 +11966,7 @@ CLASS="PARAMETER" >

    Record lock files are used to implement this feature. The lock files will be stored in the directory specified by the will remote "Out of Space" to the client. See all LANMAN1: First : First modern version of the protocol. Long filename support.

    See also nmbd(8) when acting as a WINS server (

    See also the xedit, then - removes it afterwards. NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN IMMEDIATELY. That's why I have the '&' on the end. If it doesn't return immediately then your PCs may freeze when sending messages (they should recover @@ -12225,7 +12454,7 @@ CLASS="PARAMETER" >message command = /bin/mail -s 'message from %f on - %m' root < %s; rm %s

    If you don't have a message command then the message @@ -12241,9 +12470,12 @@ CLASS="COMMAND" >message command = rm %s

    Default: Default: no message command

    Example:

    Synonym for

    See also , and

    See also the The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer to the

    If you are viewing this parameter as a security measure, you should also refer to the nmbd(8) when acting as a WINS server (.

    See also wins : Query a name with the IP address listed in the bcast : Do a broadcast on each of the known local interfaces listed in the

    See also .

    Default: Default: empty string (no additional names)

    Example:

    See also .

    Default: Default: machine DNS name

    Example:

    Default: non unix account range = <empty string> +>non unix account range = <empty string>

    list and is only really useful in shave level security.

    See also the

    A synonym for

    DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.

    Default: oplock contention limit (S)

    This is a This is a very advanced to behave in a similar way to Windows NT.

    DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE.

    Default:

    Oplocks may be selectively turned off on certain files with a share. See the parameter for details.

    See also the and in the local broadcast area.

    Note :By default, Samba will win a local master browsing election over all Microsoft operating systems except a Windows NT 4.0/2000 Domain Controller. This @@ -13194,8 +13444,8 @@ NAME="OS2DRIVERMAP" path to a file containing a mapping of Windows NT printer driver names to OS/2 printer driver names. The format is:

    <nt driver name> = <os2 driver - name>.<device name>

    <nt driver name> = <os2 driver + name>.<device name>

    For example, a valid entry using the HP LaserJet 5 printer driver would appear as

    Default: os2 driver map = <empty string> +>os2 driver map = <empty string>

    . It should be possible to enable this without changing your

    See also - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the - The TDB based password storage backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the directory.

    See also )

    See also passwd chat (G)

    This string controls the This string controls the "chat" conversation that takes places between smbd(8) uses to determine what to send to the

    Note that this parameter only is only used if the yes. This - sequence is then called AS ROOT when the SMB password in the smbpasswd file is being changed, without access to the old password cleartext. This means that root must be able to reset the user's password without knowing the text of the previous password. In the presence of NIS/YP, this means that the passwd program must be executed on the NIS master. @@ -13593,7 +13849,7 @@ CLASS="CONSTANT" if the expect string is a full stop then no string is expected.

    If the

    See also , , and

    This boolean specifies if the passwd chat script - parameter is run in debug mode. In this mode the strings passed to and received from the passwd chat are printed in the smbd(8) log with a and should be turned off after this has been done. This option has no effect if the

    See also , ,

    Also note that many passwd programs insist in Also note that many passwd programs insist in reasonable passwords, such as a minimum length, or the inclusion of mixed case chars and digits. This can pose a problem as some clients (such as Windows for Workgroups) uppercase the password before sending it.

    Note that if the yes then this program is called then this program is called AS ROOT before the SMB password in the unix password sync parameter - is set this parameter MUST USE ABSOLUTE PATHS - for ALL programs called, and must be examined for security implications. Note that by default .

    See also

    The name of the password server is looked up using the parameter

    NOTE: Using a password server means your UNIX box (running Samba) is only as secure as your - password server. DO NOT CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST.

    Never point a Samba server at itself for password @@ -14018,7 +14298,7 @@ CLASS="PARAMETER" Primary or Backup Domain controllers to authenticate against by doing a query for the name WORKGROUP<1C>WORKGROUP<1C> and then contacting each server returned in the list of IP addresses from the name resolution source.

    See also the

    Default: password server = <empty string>password server = <empty string>

    Note that this path will be based on if one was specified.

    Default: Default: none

    Example:

    See also .

    Default: Default: none (no command executed)

    Example: postexec = echo \"%u disconnected from %S - from %m (%I)\" >> /tmp/log

    Of course, this could get annoying after a while :-)

    See also and .

    Default: Default: none (no command executed)

    Example: preexec = echo \"%u connected to %S from %m - (%I)\" >> /tmp/log

    This boolean option controls whether a non-zero return code from

    See also

    Synonym for

    Note that if you just want all printers in your printcap file loaded then the option is easier.

    Default: Default: no preloaded services

    Example: This controls if new filenames are created with the case that the client passes, or if they are forced to be the

    See the section on NAME MANGLING for a fuller discussion.

    %z - the size of the spooled print job (in bytes)

    The print command The print command MUST contain at least one occurrence of nobody account. If this happens then create an alternative guest account that can print and set the

    print command = echo Printing %s >> +>print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s

    You may have to vary this command considerably depending on how you normally print files on your system. The default for the parameter varies depending on the setting of the

    For printing = CUPS : If SAMBA is compiled against libcups, then printcap = cups uses the CUPS API to @@ -14671,7 +14966,7 @@ NAME="PRINTOK" >

    Synonym for Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling of print data. The

    Synonym for /etc/printcap). See the discussion of the [printers] section above for reasons why you might want to do this.

    . This should be supplemented by an addtional setting printing = cups in the [global] section.

    A minimal printcap file would look something like this:

    		print1|My Printer 1
@@ -14805,18 +15094,18 @@ CLASS="PROGRAMLISTING"
 		print4|My Printer 4
 		print5|My Printer 5

    where the '|' separates aliases of a printer. The fact that the second alias has a space in it gives a hint to Samba that it's a comment.

    NOTE: Under AIX the default printcap name is

    Default: printer admin = <empty string>printer admin = <empty string>

    printer driver (S)

    Note :This is a deprecated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -14896,7 +15188,7 @@ TARGET="_top" sensitive) that describes the appropriate printer driver for your system. If you don't know the exact string to use then you should first try with no

    See also printer driver file (G)

    Note :This is a deprecated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -14976,7 +15271,7 @@ CLASS="FILENAME" >.

    See also .

    Default: Default: None (set in compile).

    Example: printer driver location (S)

    Note :This is a deprecated parameter and will be removed in the next major release following version 2.2. Please see the instructions in @@ -15040,7 +15341,7 @@ CLASS="FILENAME" >.

    See also

    Default: Default: none (but may be lp on many systems)

    Example:

    Synonym for This option can be set on a per printer basis

    See also the discussion in the [printers] section.

    Synonym for

    Synonym for

    Default: Default: depends on the setting of

    Example:

    Default: Default: depends on the setting of

    This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the option is set to. The list can include group names using the syntax described in the parameter.

    See also the parameter and the

    Default: read list = <empty string>read list = <empty string>

    Example:

    An inverted synonym is printable = yes) - will ALWAYS allow writing to the directory (user privileges permitting), but only via spooling operations.

    In general this parameter should be viewed as a system tuning tool and left severely alone. See also

    Default: remote announce = <empty string> +>remote announce = <empty string>

    Default: remote browse sync = <empty string> +>remote browse sync = <empty string>

    Synonym for

    Synonym for root directory - option, including some files needed for complete operation of the server. To maintain full operability of the server you will need to mirror some system files @@ -15861,7 +16177,7 @@ CLASS="PARAMETER" (such as CDROMs) after a connection is closed.

    See also

    Default: root postexec = <empty string> +>root postexec = <empty string>

    See also and

    Default: root preexec = <empty string> +>root preexec = <empty string>

    parameter except that the command is run as root.

    See also and security = user, see the It is possible to use smbd in a in a hybrid mode where it is offers both user and share level security under different SECURITY = SHARE

    When clients connect to a share level security server they @@ -16088,9 +16410,12 @@ CLASS="COMMAND" >Note that smbd ALWAYS uses a valid UNIX user to act on behalf of the client, even in

  • If the parameter is set, then all the other stages are missed and only the

    Is a username is sent with the share connection request, then this username (after mapping - see

  • If the client did a previous If the client did a previous logon request (the SessionSetup SMB call) then the username sent in this SMB will be added as a potential username.

  • Any users on the , then this guest user will be used, otherwise access is denied.

    Note that it can be Note that it can be very confusing in share-level security as to which UNIX username will eventually be used in granting access.

    See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

    SECURITY = USER

    This is the default security setting in Samba 2.2. With user-level security a client must first "log-on" with a valid username and password (which can be mapped using the parameter). Encrypted passwords (see the parameter) can also be used in this security mode. Parameters such as and

    Note that the name of the resource being - requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the . See the parameter for details on doing this.

    See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

    SECURITY = SERVER

    In this mode Samba will try to validate the username/password @@ -16335,9 +16678,12 @@ CLASS="FILENAME" > for details on how to set this up.

    Note that from the client's point of view

    Note that the name of the resource being - requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the . See the parameter for details on doing this.

    See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

    See also the parameter and the SECURITY = DOMAIN

    This mode will only work correctly if smbpasswd(8) has been used to add this machine into a Windows NT Domain. It expects the

    Note that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to.

    Note that from the client's point of view . It only affects how the server deals with the authentication, it does not in any way affect what the client sees.

    Note that the name of the resource being - requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the . See the parameter for details on doing this.

    BUG: There is currently a bug in the implementation of

    See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

    See also the parameter and the

    Note that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone @@ -16570,7 +16943,7 @@ CLASS="CONSTANT" >.

    See also the , , This option gives full share compatibility and enabled by default.

    You should You should NEVER turn this parameter off as many Windows applications will break if you do so.

    . This option can be use with preserve case = yes

    See the section on NAME MANGLING.

    parameter will always cause the OpenPrinterEx() on the server - to fail. Thus the APW icon will never be displayed. Note :This does not prevent the same user from having administrative privilege on an individual printer.

    See also , , shutdown script (G)

    This parameter only exists in the HEAD cvs branch This a full path name to a script called by %r will be substituted with the - switch -r. It means reboot after shutdown for NT.

    %f will be substituted with the - switch -f. It means force the shutdown even if applications do not respond for NT.

    Default: Default: None.

    Example:

    Shutdown script example: - 
    		#!/bin/bash
 		
@@ -16945,15 +17330,12 @@ CLASS="PROGRAMLISTING"
 
 		/sbin/shutdown $3 $4 +$time $1 &
    Shutdown does not return so we need to launch it in background.

    See also

    • Those marked with a Those marked with a '*' take an integer argument. The others can optionally take a 1 or 0 argument to enable or disable the option, by default they will be enabled if you @@ -17181,9 +17566,12 @@ CLASS="COMMAND" >SAMBA_NETBIOS_NAME = myhostname

    Default: Default: No default value

    Examples:

    This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller. It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.

    Default: Default: use spnego = yes

    See also the

    See also the

    Synonym for passwd programparameter is called parameter is called AS ROOT - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password change code has no access to the old password cleartext, only the new).

    See also , .

    In order for this parameter to work correctly the If this parameter is enabled for a printer, then any attempt to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() - call to succeed. This parameter MUST not be able enabled on a print share which has valid print driver installed on the Samba server.

    See also disable spoolss

    NOTE: The use of

    Synonym for

    Synonym for

    To restrict a service to a particular set of users you can use the

    See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION for more information on how @@ -18036,7 +18436,7 @@ HREF="r1.html#AEN236" >Default: The guest account if a guest service, - else <empty string>.

    Examples:

    		!sys = mary fred
 		guest = *

    Note that the remapping is applied to all occurrences @@ -18207,7 +18598,7 @@ CLASS="CONSTANT" >fred. The only exception to this is the username passed to the

    Default: Default: no username map

    Example:

    See also the . It specifies a directory pathname that is used to store the utmp or utmpx files (depending on the UNIX system) that record user connections to a Samba server. See also the /var/run/utmp on Linux).

    Default: Default: no utmp directory

    Example: /var/run/wtmp on Linux).

    Default: Default: no wtmp directory

    Example: . This is useful in the [homes] section.

    See also

    Default: Default: No valid users list (anyone can login)

    Example:

    Each entry must be a unix path, not a DOS path and - must not include the unix directory separator '/'.

    fail unless you also set the

    See also and .

    Default: Default: No files or directories are vetoed.

    Examples:
    Examples:
    ; Veto any files containing the word Security, 
 ; any ending in .tmp, and any directory containing the
@@ -18530,9 +18936,6 @@ veto files = /*Security*/*.tmp/*root*/
 ; Veto the Apple specific files that a NetAtalk server
 ; creates.
 veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/

    This parameter is only valid when the parameter.

    Default: Default: No files are vetoed for oplock grants

    You might want to do this on files that you know will @@ -18626,9 +19032,12 @@ NAME="VFSOBJECT" with a VFS object. The Samba VFS layer is new to Samba 2.2 and must be enabled at compile time with --with-vfs.

    Default : Default : no value

    .

    Default : Default : no value

    Default: Default: the name of the share

    system call will not return any data.

    Warning: Turning off user enumeration may cause some programs to behave oddly. For example, the finger program relies on having access to the @@ -18811,9 +19229,12 @@ CLASS="COMMAND" > system call will not return any data.

    Warning: Turning off group enumeration may cause some programs to behave oddly.

    Default: winbind gid = <empty string> +>winbind gid = <empty string>

    Default: winbind uid = <empty string> +>winbind uid = <empty string>

    Default: winbind use default domain = <no> +>winbind use default domain = <no>

    You should point this at your WINS server if you have a multi-subnetted network.

    NOTE. You need to set up Samba to point to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly.

    in the docs/ directory of your Samba source distribution.

    Default: Default: not enabled

    Example: nmbd to be your WINS server. - Note that you should NEVER set this to yesThis controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with the security = domain setting.

    Default: Default: set at compile time to WORKGROUP

    Example:

    Synonym for

    If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file - (it does not do this for non-oplocked files). All writes that the client does not request to be flushed directly to disk will be stored in this cache if possible. @@ -19210,7 +19646,7 @@ NAME="WRITELIST" >This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the

    See also the

    Default: write list = <empty string> +>write list = <empty string>

    Inverted synonym for

    Inverted synonym for smbcacls

    smbcacls

    smbcacls
    The smbcacls program manipulates NT Access Control Lists - (ACLs) on SMB file shares.

    program manipulates NT Access Control + Lists (ACLs) on SMB file shares.

    This command sets the ACLs on the file with only the ones specified on the command line. All other ACLs are - erased. Note that the ACL specified must contain at least a revision, + erased. Note that the ACL specified must contain at least a revision, type, owner and group for the call to succeed.

    The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following: 

     
-REVISION:<revision number>
-OWNER:<sid or name>
-GROUP:<sid or name>
-ACL:<sid or name>:<type>/<flags>/<mask>
+REVISION:<revision number>
+OWNER:<sid or name>
+GROUP:<sid or name>
+ACL:<sid or name>:<type>/<flags>/<mask>

    The revision of the ACL specifies the internal Windows @@ -262,38 +254,62 @@ ACL:<sid or name>:<type>/<flags>/<mask> >

    • RR - Allow read access

    • WW - Allow write access

    • XX - Execute permission on the object

    • DD - Delete the object

    • PP - Change permissions

    • OO - Take ownership

    This option is used by the programs in the Samba @@ -348,8 +349,12 @@ CLASS="FILENAME" > for a description of how to handle incoming WinPopup messages in Samba.

    NoteNote: Copy WinPopup into the startup group on your WfWg PCs if you want them to always be able to receive messages.

    rfc1002.txt. - NetBIOS scopes are veryvery rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with.

    debuglevel     is set to the letter 'A', then is set to the letter 'A', then all - debug messages will be printed. This setting - is for developers only (and people who reallyreally want to know how the code works internally). 

    username = <value> 
-password = <value>
-domain = <value>
+>username = <value> 
+password = <value>
+domain = <value>

    If the domain parameter is missing the current workgroup name @@ -643,10 +651,18 @@ CLASS="COMMAND" > how to interpret filenames coming from the remote server. Usually Asian language multibyte UNIX implementations use different character sets than - SMB/CIFS servers (EUC instead of SJISEUC instead of SJIS for example). Setting this parameter will let

    Tar Long File NamesTar Long File Names

    Tar FilenamesTar Filenames

    All file names can be given as DOS path names (with '\' as the component separator) or as UNIX path names (with '/' as the component separator).

    ExamplesExamples

    Restore from tar file

    smb:\> smb:\>

    The backslash ("\") indicates the current working directory @@ -1008,7 +1036,7 @@ CLASS="PROMPT" >

    Parameters shown in square brackets (e.g., "[parameter]") are optional. If not given, the command will use suitable defaults. Parameters - shown in angle brackets (e.g., "<parameter>") are required. + shown in angle brackets (e.g., "<parameter>") are required.

    Note that all commands operating on the server are actually @@ -1099,7 +1127,7 @@ CLASS="REPLACEABLE" directory on the server will be reported.

    del <mask>
    del <mask>

    The client will request that the server attempt @@ -1112,7 +1140,7 @@ CLASS="REPLACEABLE" directory on the server.

    dir <mask>
    dir <mask>

    A list of the files matching

    get <remote file name> [local file name]
    get <remote file name> [local file name]

    Copy the file called

    ls <mask>
    ls <mask>

    See the dir command above.

    mask <mask>
    mask <mask>

    This command allows the user to set up a mask @@ -1229,13 +1257,13 @@ CLASS="REPLACEABLE" mask back to "*" after using the mget or mput commands.

    md <directory name>
    md <directory name>

    See the mkdir command.

    mget <mask>
    mget <mask>

    Copy all files matching are binary. See also the lowercase command.

    mkdir <directory name>
    mkdir <directory name>

    Create a new directory on the server (user access privileges permitting) with the specified name.

    mput <mask>
    mput <mask>

    Copy all files matching

    print <file name>
    print <file name>

    Print the specified file from the local machine @@ -1302,7 +1330,7 @@ CLASS="COMMAND" >See also the printmode command.

    printmode <graphics or text>
    printmode <graphics or text>

    Set the print mode to suit either binary data @@ -1322,7 +1350,7 @@ CLASS="COMMAND"

    put <local file name> [remote file name]
    put <local file name> [remote file name]

    Copy the file called See the exit command.

    rd <directory name>
    rd <directory name>

    See the rmdir command.

    rm <mask>
    rm <mask>

    Remove all files matching

    rmdir <directory name>
    rmdir <directory name>

    Remove the specified directory (user access privileges permitting) from the server.

    setmode <filename> <perm=[+|\-]rsha>
    setmode <filename> <perm=[+|\-]rsha>

    A version of the DOS attrib command to set @@ -1423,7 +1451,7 @@ CLASS="COMMAND"

    tar <c|x>[IXbgNa]
    tar <c|x>[IXbgNa]

    Performs a tar operation - see the

    blocksize <blocksize>
    blocksize <blocksize>

    Blocksize. Must be followed by a valid (greater @@ -1452,7 +1480,7 @@ CLASS="REPLACEABLE" >*TBLOCK (usually 512 byte) blocks.

    tarmode <full|inc|reset|noreset>
    tarmode <full|inc|reset|noreset>

    Changes tar's behavior with regard to archive @@ -1540,8 +1568,12 @@ CLASS="FILENAME" > /usr/samba/bin/ directory, this directory readable by all, writeable only by root. The client program itself should - be executable by all. The client should NOTNOT be setuid or setgid!

    smbcontrol

    smbcontrol

    smbcontrol
    printnotify message-type sends a message to smbd which in turn sends a printer notify message to - any Windows NT clients connected to a printer. This message-type + any Windows NT clients connected to a printer. This message-type takes the following arguments:

    smbd

    smbd

    smbd
    smbd [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number>] [-O <socket option>] [-s <configuration file>]

    [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number>] [-O <socket option>] [-s <configuration file>]

    -d <debug level>
    -d <debug level>

    file.

    -l <log directory>
    -l <log directory>

    If specified, @@ -272,8 +273,12 @@ TARGET="_top" CLASS="FILENAME" > smb.conf(5) file. Beware: file. Beware: If the directory specified does not exist,

    -O <socket options>
    -O <socket options>

    See the file for details.

    -p <port number>
    -p <port number>

    -s <configuration file>
    -s <configuration file>

    The file specified contains the @@ -544,8 +549,12 @@ TARGET="_top" >

    display a short listing of the format:

    NTGroupName(SID) -> UnixGroupName

    For example,

    Users (S-1-5-32-545) -> -1

    Get the SID for the Windows NT "Domain Admins" group:

    smbgroupedit -vs | grep "Domain Admins"
 Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1

  • warning: warning: don't copy and paste this sample, the Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.

    • To verify that you mapping has taken effect:

    To verify that your mapping has taken effect:

    smbgroupedit -vs|grep "Domain Admins"
 Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm

    To give access to a certain directory on a domain member machine (an NT/W2K or a samba server running winbind) to some users who are member of a group on your samba PDC, flag that group as a domain group:

    smbgroupedit -a unixgroup -td

    Default: panic action = <empty string>panic action = <empty string>

    Example:

    smbmnt

    smbmnt

    smbmnt
    smbmnt {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>]

    {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>]

    smbmount

    smbmount

    smbmount
    smbmount process may also be called mount.smbfs.

    NOTE:NOTE: smbmount

    username=<arg>
    username=<arg>

    specifies the username to connect as. If @@ -127,7 +132,7 @@ CLASS="ENVAR" to be specified as part of the username.

    password=<arg>
    password=<arg>

    specifies the SMB password. If this @@ -143,7 +148,7 @@ CLASS="COMMAND" for a passeword, unless the guest option is given.

    Note that password which contain the arguement delimiter +> Note that passwords which contain the argument delimiter character (i.e. a comma ',') will failed to be parsed correctly on the command line. However, the same password defined in the PASSWD environment variable or a credentials file (see @@ -151,26 +156,17 @@ CLASS="COMMAND"

    credentials=<filename>
    credentials=<filename>

    specifies a file that contains a username and/or password. The format of the file is:

    		
    		username = <value>
-		password = <value>
+>		username = <value>
+		password = <value>

    netbiosname=<arg>
    netbiosname=<arg>

    sets the source NetBIOS name. It defaults to the local hostname.

    uid=<arg>
    uid=<arg>

    sets the uid that will own all files on @@ -199,7 +195,7 @@ CLASS="FILENAME"

    gid=<arg>
    gid=<arg>

    sets the gid that will own all files on @@ -208,14 +204,14 @@ CLASS="FILENAME" gid.

    port=<arg>
    port=<arg>

    sets the remote SMB port number. The default is 139.

    fmask=<arg>
    fmask=<arg>

    sets the file mask. This determines the @@ -223,7 +219,7 @@ CLASS="FILENAME" The default is based on the current umask.

    dmask=<arg>
    dmask=<arg>

    sets the directory mask. This determines the @@ -231,7 +227,7 @@ CLASS="FILENAME" The default is based on the current umask.

    debug=<arg>
    debug=<arg>

    sets the debug level. This is useful for @@ -240,20 +236,20 @@ CLASS="FILENAME" output, possibly hiding the useful output.

    ip=<arg>
    ip=<arg>

    sets the destination host or IP address.

    workgroup=<arg>
    workgroup=<arg>

    sets the workgroup on the destination

    sockopt=<arg>
    sockopt=<arg>

    sets the TCP socket options. See the

    scope=<arg>
    scope=<arg>

    sets the NetBIOS scope

    mount read-write

    iocharset=<arg>
    iocharset=<arg>

    sets the charset used by the Linux side for codepage @@ -307,7 +303,7 @@ CLASS="PARAMETER"

    codepage=<arg>
    codepage=<arg>

    sets the codepage the server uses. See the iocharset @@ -316,10 +312,10 @@ CLASS="PARAMETER"

    ttl=<arg>
    ttl=<arg>

    how long a directory listing is cached in milliseconds +> sets how long a directory listing is cached in milliseconds (also affects visibility of file size and date changes). A higher value means that changes on the server take longer to be noticed but it can give diff --git a/docs/htmldocs/smbpasswd.5.html b/docs/htmldocs/smbpasswd.5.html index 1f862b6611..04fab30ed6 100644 --- a/docs/htmldocs/smbpasswd.5.html +++ b/docs/htmldocs/smbpasswd.5.html @@ -1,10 +1,11 @@ + smbpasswd

    smbpasswd

    smbpasswd
    and the user will not be able to log onto the Samba server.

    WARNING !!WARNING !! Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network. For this - reason these hashes are known as plain text - equivalents and must NOT and must NOT be made available to anyone but the root user. To protect these passwords the smbpasswd file is placed in a directory with read and @@ -153,17 +166,29 @@ CLASS="CONSTANT" password this entry will be identical (i.e. the password is not "salted" as the UNIX password is).

    WARNING !!WARNING !!. Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network. For this - reason these hashes are known as plain text - equivalents and must NOT and must NOT be made available to anyone but the root user. To protect these passwords the smbpasswd file is placed in a directory with read and @@ -186,8 +211,12 @@ CLASS="CONSTANT" >

    -v

    If this option is specified, testparm + will also output all options that were not used in + smb.conf and are thus set to + their defaults.

    configfilename

    FILES

    DIAGNOSTICS

    VERSION

    SEE ALSO

    AUTHOR

    testprns

    testprns

    testprns
    DIAGNOSTICS

    If a printer is found to be valid, the message - "Printer name <printername> is valid" will be + "Printer name <printername> is valid" will be displayed.

    If a printer is found to be invalid, the message - "Printer name <printername> is not valid" will be + "Printer name <printername> is not valid" will be displayed.

    All messages that would normally be logged during diff --git a/docs/htmldocs/wbinfo.1.html b/docs/htmldocs/wbinfo.1.html index fe218a8f67..26e098868e 100644 --- a/docs/htmldocs/wbinfo.1.html +++ b/docs/htmldocs/wbinfo.1.html @@ -1,10 +1,11 @@ + wbinfo

    wbinfo

    wbinfo
    winbindd

    winbindd

    winbindd
    winbindd [-i] [-d <debug level>] [-s <smb config file>]

    [-i] [-d <debug level>] [-s <smb config file>]

    account - module-types. The latter is simply + module-types. The latter simply performs a getpwnam() to verify that the system can obtain a uid for the user. If the libnss_winbind library has been correctly - installed, this should always suceed. + installed, this should always succeed.

    The following nsswitch databases are implemented by @@ -170,20 +171,11 @@ CLASS="FILENAME" > and then from the Windows NT server. 

    passwd:         files winbind
 group:          files winbind

    The following simple configuration in the @@ -287,279 +279,130 @@ CLASS="FILENAME" [global] section of smb.conf.

    winbind separator

    The winbind separator option allows you - to specify how NT domain names and user names are combined - into unix user names when presented to users. By default, - winbindd will use the traditional '\' - separator so that the unix user names look like - DOMAIN\username. In some cases this separator character may - cause problems as the '\' character has special meaning in - unix shells. In that case you can use the winbind separator - option to specify an alternative separator character. Good - alternatives may be '/' (although that conflicts - with the unix directory separator) or a '+ 'character. - The '+' character appears to be the best choice for 100% - compatibility with existing unix utilities, but may be an - aesthetically bad choice depending on your taste.

    Default: winbind separator = \ -

    Example: winbind separator = +

    winbind uid

    The winbind uid parameter specifies the - range of user ids that are allocated by the winbindd daemon. - This range of ids should have no existing local or NIS users - within it as strange conflicts can occur otherwise.

    Default: winbind uid = <empty string> -

    winbind gid

    The winbind gid parameter specifies the - range of group ids that are allocated by the winbindd daemon. - This range of group ids should have no existing local or NIS - groups within it as strange conflicts can occur otherwise.

  • Default: winbind gid = <empty string> - winbind uid

  • Example: winbind gid = 10000-20000 -

    • winbind cache time

    This parameter specifies the number of - seconds the winbindd daemon will cache user and group information - before querying a Windows NT server again. When a item in the - cache is older than this time winbindd will ask the domain - controller for the sequence number of the server's account database. - If the sequence number has not changed then the cached item is - marked as valid for a further winbind cache time - winbind gid seconds. Otherwise the item is fetched from the - server. This means that as long as the account database is not - actively changing winbindd will only have to send one sequence - number query packet every

  • winbind cache time - winbind cache time seconds.

    Default: winbind cache time = 15 -

    • winbind enum users

  • On large installations it may be necessary - to suppress the enumeration of users through the setpwent(), getpwent() and - endpwent() group of system calls. If - the winbind enum users parameter is false, - calls to the getpwent system call will not - return any data.

    Warning: Turning off user enumeration - may cause some programs to behave oddly. For example, the finger - program relies on having access to the full user list when - searching for matching usernames.

    Default: winbind enum users = yes

    • winbind enum groups

  • On large installations it may be necessary - to suppress the enumeration of groups through the setgrent(), getgrent() and - endgrent() group of system calls. If - the winbind enum groups parameter is - false, calls to the getgrent() system - call will not return any data.

    Warning: Turning off group - enumeration may cause some programs to behave oddly. -

    Default: winbind enum groups = no -

    • template homedir

  • When filling out the user information - for a Windows NT user, the winbindd daemon - uses this parameter to fill in the home directory for that user. - If the string %Dtemplate homedir is present it is - substituted with the user's Windows NT domain name. If the - string

  • %Utemplate shell is present it is substituted - with the user's Windows NT user name.

    Default: template homedir = /home/%D/%U -

    • template shell

    When filling out the user information for - a Windows NT user, the winbindd daemon - uses this parameter to fill in the shell for that user. -

    Default: template shell = /bin/false -

    winbind use default domain

    This parameter specifies whether the winbindd - daemon should operate on users without domain component in their username. - Users without a domain component are treated as is part of the winbindd server's - own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail - function in a way much closer to the way they would in a native unix system.

    Default: winbind use default domain = <falseg> -

  • Example: winbind use default domain = true winbind use default domain

    • EXAMPLE SETUP

    put the following:

    passwd:     files winbind
 group:      files winbind

    In lines with something like this: 

    auth       required	/lib/security/pam_securetty.so
@@ -614,9 +442,6 @@ auth       required	/lib/security/pam_nologin.so
 auth       sufficient	/lib/security/pam_winbind.so
 auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok

    Note in particular the use of the containing directives like the following: 

    [global]
@@ -716,9 +535,6 @@ CLASS="PROGRAMLISTING"
         security = domain
         password server = *

    Now start winbindd and you should find that your user and @@ -737,7 +553,7 @@ CLASS="COMMAND" >

    NOTES

    SIGNALS

    FILES

    VERSION

    SEE ALSO

    AUTHOR

    Date: Thu, 3 Oct 2002 18:37:37 +0000 Subject: Fix generation of FAQ (This used to be commit 26ce370e0c858c017333e33535956658e1a9fe7f) --- docs/docbook/devdoc/dev-doc.sgml | 2 +- docs/docbook/faq/sambafaq.sgml | 12 ++++++++---- docs/docbook/samba.dsl | 1 - 3 files changed, 9 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/docbook/devdoc/dev-doc.sgml b/docs/docbook/devdoc/dev-doc.sgml index 2e40997106..adc25e83bd 100644 --- a/docs/docbook/devdoc/dev-doc.sgml +++ b/docs/docbook/devdoc/dev-doc.sgml @@ -13,7 +13,7 @@ ]> - + SAMBA Developers Guide diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml index 33d9c8dada..221a7f31b7 100644 --- a/docs/docbook/faq/sambafaq.sgml +++ b/docs/docbook/faq/sambafaq.sgml @@ -1,6 +1,6 @@ - + Samba FAQ @@ -20,7 +20,7 @@ This FAQ is based on the old Samba FAQ by Dan Shearer and Paul Blackman. - + General Information @@ -187,7 +187,9 @@ hungry sniffer dogs but it will have been a noble gesture. - + + + Compiling and installing Samba on a Unix host @@ -516,7 +518,9 @@ in that dialog box. - + + + Specific client application problems diff --git a/docs/docbook/samba.dsl b/docs/docbook/samba.dsl index c920166771..7c530ce424 100644 --- a/docs/docbook/samba.dsl +++ b/docs/docbook/samba.dsl @@ -45,7 +45,6 @@ (define %section-autolabel% #t) (define (toc-depth nd) 3) -(define %root-filename% "Samba-HOWTO") ;; name for the root html file (define %html-ext% ".html") ;; default extension for html output files (define %html-prefix% "") ;; prefix for all filenames generated (except root) (define %use-id-as-filename% #t) -- cgit From 62d14a17da0cef9f5369f5009dc7b229b0af1547 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Oct 2002 18:43:39 +0000 Subject: Add generated files for FAQ (This used to be commit fd9854d45dee6697e1d1515e7e1729a3237093ca) --- docs/faq/clientapp.html | 146 ++++++++++++++ docs/faq/general.html | 450 +++++++++++++++++++++++++++++++++++++++++ docs/faq/install.html | 525 ++++++++++++++++++++++++++++++++++++++++++++++++ docs/faq/samba-faq.html | 225 +++++++++++++++++++++ 4 files changed, 1346 insertions(+) create mode 100644 docs/faq/clientapp.html create mode 100644 docs/faq/general.html create mode 100644 docs/faq/install.html create mode 100644 docs/faq/samba-faq.html (limited to 'docs') diff --git a/docs/faq/clientapp.html b/docs/faq/clientapp.html new file mode 100644 index 0000000000..d2ba0a08b5 --- /dev/null +++ b/docs/faq/clientapp.html @@ -0,0 +1,146 @@ + +Specific client application problems
    Samba FAQ
    Prev 

    Chapter 3. Specific client application problems

    3.1. MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"

    When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation.

    To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing.

    Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner.

    PrevHome 
    Compiling and installing Samba on a Unix host  
    \ No newline at end of file diff --git a/docs/faq/general.html b/docs/faq/general.html new file mode 100644 index 0000000000..5a42678cb6 --- /dev/null +++ b/docs/faq/general.html @@ -0,0 +1,450 @@ + +General Information
    Samba FAQ
    PrevNext

    Chapter 1. General Information

    1.1. Where can I get it?

    The Samba suite is available at the samba website.

    1.2. What do the version numbers mean?

    It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases.

    How the scheme works: +

    When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.)
    Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install.
    When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16.
    Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2.

    So the progression goes: + +

    1.9.15p7	(production)
+1.9.15p8	(production)
+1.9.16alpha1	(test sites only)
+:
+1.9.16alpha20	(test sites only)
+1.9.16		(production)
+1.9.16p1	(production)

    The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version.

    1.3. What platforms are supported?

    Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS.

    At time of writing, there is support (or has been support for in earlier +versions):

    A/UX 3.0
    AIX
    Altos Series 386/1000
    Amiga
    Apollo Domain/OS sr10.3
    BSDI
    B.O.S. (Bull Operating System)
    Cray, Unicos 8.0
    Convex
    DGUX.
    DNIX.
    FreeBSD
    HP-UX
    Intergraph.
    Linux with/without shadow passwords and quota
    LYNX 2.3.0
    MachTen (a unix like system for Macintoshes)
    Motorola 88xxx/9xx range of machines
    NetBSD
    NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
    OS/2 using EMX 0.9b
    OSF1
    QNX 4.22
    RiscIX.
    RISCOs 5.0B
    SEQUENT.
    SCO (including: 3.2v2, European dist., OpenServer 5)
    SGI.
    SMP_DC.OSx v1.1-94c079 on Pyramid S series
    SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
    SUNOS 4
    SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
    Sunsoft ISC SVR3V4
    SVR4
    System V with some berkely extensions (Motorola 88k R32V3.2).
    ULTRIX.
    UNIXWARE
    UXP/DS

    1.4. How do I subscribe to the Samba Mailing Lists?

    Look at the samba mailing list page

    1.5. Pizza supply details

    Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done.

    Method 1: Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US.

    Method 2: Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this.

    Method 3: Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-)

    Method 4: Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture.

    PrevHomeNext
    Samba FAQ Compiling and installing Samba on a Unix host
    \ No newline at end of file diff --git a/docs/faq/install.html b/docs/faq/install.html new file mode 100644 index 0000000000..f9ecac1384 --- /dev/null +++ b/docs/faq/install.html @@ -0,0 +1,525 @@ + +Compiling and installing Samba on a Unix host
    Samba FAQ
    PrevNext

    Chapter 2. Compiling and installing Samba on a Unix host

    2.1. I can't see the Samba server in any browse lists!

    See Browsing.html in the docs directory of the samba source +for more information on browsing.

    If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +

       net use M: \\mary\fred
    +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation.

    2.2. Some files that I KNOW are on the server doesn't show up when I view the files from my client!

    See the next question.

    2.3. Some files on the server show up with really wierd filenames when I view the files from my client!

    If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason).

    The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes".

    2.4. My client reports "cannot locate specified computer" or similar

    This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved.

    After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution.

    If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Lan Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document.

    If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas.

    By the way, remember to REMOVE the hardcoded mapping before further +tests :-)

    2.5. My client reports "cannot locate specified share name" or similar

    This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave.

    The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's docs on how +to specify a service name correctly), read on:

    Many clients cannot accept or use service names longer than eight characters.
    Many clients cannot accept or use service names containing spaces.
    Some servers (not Samba though) are case sensitive with service names.
    Some clients force service names into upper case.

    2.6. Printing doesn't work

    Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr").

    Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody".

    Make sure that the user specified in the service is permitted to use +the printer.

    Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol.

    If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug.

    If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism.

    2.7. My client reports "This server is not configured to list shared resources"

    Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid.

    See also 'guest account' in smb.conf man page.

    2.8. Log message "you appear to have a trapdoor uid system"

    This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535.

    It might also mean that your OS has a trapdoor uid/gid system :-)

    This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems.

    The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user.

    Complain to your OS vendor and ask them to fix their system.

    Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good!

    2.9. Why are my file's timestamps off by an hour, or by a few hours?

    This is from Paul Eggert eggert@twinsun.com.

    Most likely it's a problem with your time zone settings.

    Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds.

    On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. +

    The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this.
    The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.

    TZ must have the correct value.

    If possible, use geographical time zone settings +(e.g. TZ='America/Los_Angeles' or perhaps + TZ=':US/Pacific'). These are supported by most +popular Unix OSes, are easier to get right, and are +more accurate for historical timestamps. If your +operating system has out-of-date tables, you should be +able to update them from the public domain time zone +tables at ftp://elsie.nci.nih.gov/pub/.

    If your system does not support geographical timezone +settings, you must use a Posix-style TZ strings, e.g. +TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. +Posix TZ strings can take the following form (with optional + items in brackets): +

    	StdOffset[Dst[Offset],Date/Time,Date/Time]
    + where:

    `Std' is the standard time designation (e.g. `PST').
    `Offset' is the number of hours behind UTC (e.g. `8'). +Prepend a `-' if you are ahead of UTC, and +append `:30' if you are at a half-hour offset. +Omit all the remaining items if you do not use +daylight-saving time.
    `Dst' is the daylight-saving time designation +(e.g. `PDT').
    The optional second `Offset' is the number of +hours that daylight-saving time is behind UTC. +The default is 1 hour ahead of standard time.
    `Date/Time,Date/Time' specify when daylight-saving +time starts and ends. The format for a date is +`Mm.n.d', which specifies the dth day (0 is Sunday) +of the nth week of the mth month, where week 5 means +the last such day in the month. The format for a +time is [h]h[:mm[:ss]], using a 24-hour clock.

    Other Posix string formats are allowed but you don't want +to know about them.

    On the client side, you must make sure that your client's clock and +time zone is also set appropriately. [[I don't know how to do this.]] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones.

    2.10. How do I set the printer driver name correctly?

    Question:

    " On NT, I opened "Printer Manager" and "Connect to Printer". + Enter ["\\ptdi270\ps1"] in the box of printer. I got the + following error message + " + 

         You do not have sufficient access to your machine
+     to connect to the selected printer, since a driver
+     needs to be installed locally.
+
    +

    Answer:

    In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example:

         printer driver = HP LaserJet 4L

    With this, NT knows to use the right driver. You have to get this string +exactly right.

    To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box.

    PrevHomeNext
    General Information Specific client application problems
    \ No newline at end of file diff --git a/docs/faq/samba-faq.html b/docs/faq/samba-faq.html new file mode 100644 index 0000000000..9623dc9a7c --- /dev/null +++ b/docs/faq/samba-faq.html @@ -0,0 +1,225 @@ + +Samba FAQ

    Samba FAQ

    Samba Team

    Dedication

    This is the Frequently Asked Questions (FAQ) document for +Samba, the free and very popular SMB server product. An SMB server +allows file and printer connections from clients such as Windows, +OS/2, Linux and others. Current to version 3.0. Please send any +corrections to the samba documentation mailinglist at +samba-doc@samba.org. +This FAQ is based on the old Samba FAQ by Dan Shearer and Paul Blackman.

    Table of Contents
    1. General Information
    1.1. Where can I get it?
    1.2. What do the version numbers mean?
    1.3. What platforms are supported?
    1.4. How do I subscribe to the Samba Mailing Lists?
    1.5. Pizza supply details
    2. Compiling and installing Samba on a Unix host
    2.1. I can't see the Samba server in any browse lists!
    2.2. Some files that I KNOW are on the server doesn't show up when I view the files from my client!
    2.3. Some files on the server show up with really wierd filenames when I view the files from my client!
    2.4. My client reports "cannot locate specified computer" or similar
    2.5. My client reports "cannot locate specified share name" or similar
    2.6. Printing doesn't work
    2.7. My client reports "This server is not configured to list shared resources"
    2.8. Log message "you appear to have a trapdoor uid system"
    2.9. Why are my file's timestamps off by an hour, or by a few hours?
    2.10. How do I set the printer driver name correctly?
    3. Specific client application problems
    3.1. MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"
      Next
      General Information
    \ No newline at end of file -- cgit From 6f8a1c20410b7eedd451fdd2b8e7da1818d36a0b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 4 Oct 2002 16:05:11 +0000 Subject: Split up faq in smaller files (This used to be commit 5129c40c8391f6cc52b3b8382ec9a72bf1c8d097) --- docs/docbook/faq/clientapp.sgml | 26 ++ docs/docbook/faq/general.sgml | 168 +++++++++++++ docs/docbook/faq/install.sgml | 330 +++++++++++++++++++++++++ docs/docbook/faq/sambafaq.sgml | 535 +--------------------------------------- 4 files changed, 532 insertions(+), 527 deletions(-) create mode 100644 docs/docbook/faq/clientapp.sgml create mode 100644 docs/docbook/faq/general.sgml create mode 100644 docs/docbook/faq/install.sgml (limited to 'docs') diff --git a/docs/docbook/faq/clientapp.sgml b/docs/docbook/faq/clientapp.sgml new file mode 100644 index 0000000000..9bb7cb320f --- /dev/null +++ b/docs/docbook/faq/clientapp.sgml @@ -0,0 +1,26 @@ + +Specific client application problems + + +MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'" + +When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation. + + + +To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing. + + + +Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner. + + + + + diff --git a/docs/docbook/faq/general.sgml b/docs/docbook/faq/general.sgml new file mode 100644 index 0000000000..5111e69bec --- /dev/null +++ b/docs/docbook/faq/general.sgml @@ -0,0 +1,168 @@ + +General Information + + +Where can I get it? + +The Samba suite is available at the samba website. + + + +What do the version numbers mean? + +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases. + + + +How the scheme works: + +When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) + +Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. + +When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16. + +Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2. + + + +So the progression goes: + + +1.9.15p7 (production) +1.9.15p8 (production) +1.9.16alpha1 (test sites only) +: +1.9.16alpha20 (test sites only) +1.9.16 (production) +1.9.16p1 (production) + + + + +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version. + + + + + +What platforms are supported? + +Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS. + + +At time of writing, there is support (or has been support for in earlier +versions): + + + +A/UX 3.0 +AIX +Altos Series 386/1000 +Amiga +Apollo Domain/OS sr10.3 +BSDI +B.O.S. (Bull Operating System) +Cray, Unicos 8.0 +Convex +DGUX. +DNIX. +FreeBSD +HP-UX +Intergraph. +Linux with/without shadow passwords and quota +LYNX 2.3.0 +MachTen (a unix like system for Macintoshes) +Motorola 88xxx/9xx range of machines +NetBSD +NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). +OS/2 using EMX 0.9b +OSF1 +QNX 4.22 +RiscIX. +RISCOs 5.0B +SEQUENT. +SCO (including: 3.2v2, European dist., OpenServer 5) +SGI. +SMP_DC.OSx v1.1-94c079 on Pyramid S series +SONY NEWS, NEWS-OS (4.2.x and 6.1.x) +SUNOS 4 +SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') +Sunsoft ISC SVR3V4 +SVR4 +System V with some berkely extensions (Motorola 88k R32V3.2). +ULTRIX. +UNIXWARE +UXP/DS + + + + + +How do I subscribe to the Samba Mailing Lists? + +Look at the samba mailing list page + + + + +Pizza supply details + +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done. + + + +Method 1: Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US. + + + +Method 2: Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this. + + + +Method 3: Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-) + + + +Method 4: Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture. + + + + + diff --git a/docs/docbook/faq/install.sgml b/docs/docbook/faq/install.sgml new file mode 100644 index 0000000000..288e3a5f32 --- /dev/null +++ b/docs/docbook/faq/install.sgml @@ -0,0 +1,330 @@ + +Compiling and installing Samba on a Unix host + + +I can't see the Samba server in any browse lists! + +See Browsing.html in the docs directory of the samba source +for more information on browsing. + + + +If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: + + net use M: \\mary\fred + +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation. + + + +Some files that I KNOW are on the server doesn't show up when I view the files from my client! +<para>See the next question.</para> +</sect1> + +<sect1> +<title>Some files on the server show up with really wierd filenames when I view the files from my client! + +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason). + + + +The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes". + + + + +My client reports "cannot locate specified computer" or similar + +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved. + + + +After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution. + + + +If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Lan Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document. + + + +If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas. + + + +By the way, remember to REMOVE the hardcoded mapping before further +tests :-) + + + + + +My client reports "cannot locate specified share name" or similar + +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave. + + + +The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's docs on how +to specify a service name correctly), read on: + + + +Many clients cannot accept or use service names longer than eight characters. +Many clients cannot accept or use service names containing spaces. +Some servers (not Samba though) are case sensitive with service names. +Some clients force service names into upper case. + + + + +Printing doesn't work + +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr"). + + + +Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody". + + + +Make sure that the user specified in the service is permitted to use +the printer. + + + +Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol. + + + +If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug. + + + +If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism. + + + +My client reports "This server is not configured to list shared resources" + +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. + + +See also 'guest account' in smb.conf man page. + + + + +Log message "you appear to have a trapdoor uid system" + +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. + + +It might also mean that your OS has a trapdoor uid/gid system :-) + + +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. + + + +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. + + + +Complain to your OS vendor and ask them to fix their system. + + + +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! + + + + + +Why are my file's timestamps off by an hour, or by a few hours? + +This is from Paul Eggert eggert@twinsun.com. + + + +Most likely it's a problem with your time zone settings. + + + +Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds. + + + +On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. + +The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this. +The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'. + + + +TZ must have the correct value. + + +If possible, use geographical time zone settings +(e.g. TZ='America/Los_Angeles' or perhaps + TZ=':US/Pacific'). These are supported by most +popular Unix OSes, are easier to get right, and are +more accurate for historical timestamps. If your +operating system has out-of-date tables, you should be +able to update them from the public domain time zone +tables at ftp://elsie.nci.nih.gov/pub/. + + +If your system does not support geographical timezone +settings, you must use a Posix-style TZ strings, e.g. +TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. +Posix TZ strings can take the following form (with optional + items in brackets): + + StdOffset[Dst[Offset],Date/Time,Date/Time] + + where: + + + +`Std' is the standard time designation (e.g. `PST'). +`Offset' is the number of hours behind UTC (e.g. `8'). +Prepend a `-' if you are ahead of UTC, and +append `:30' if you are at a half-hour offset. +Omit all the remaining items if you do not use +daylight-saving time. + +`Dst' is the daylight-saving time designation +(e.g. `PDT'). + +The optional second `Offset' is the number of +hours that daylight-saving time is behind UTC. +The default is 1 hour ahead of standard time. + + +`Date/Time,Date/Time' specify when daylight-saving +time starts and ends. The format for a date is +`Mm.n.d', which specifies the dth day (0 is Sunday) +of the nth week of the mth month, where week 5 means +the last such day in the month. The format for a +time is [h]h[:mm[:ss]], using a 24-hour clock. + + + + + + +Other Posix string formats are allowed but you don't want +to know about them. + + +On the client side, you must make sure that your client's clock and +time zone is also set appropriately. [[I don't know how to do this.]] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones. + + + +How do I set the printer driver name correctly? +Question: + On NT, I opened "Printer Manager" and "Connect to Printer". + Enter ["\\ptdi270\ps1"] in the box of printer. I got the + following error message + + + + You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. + + + + Answer: + + In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example: + + printer driver = HP LaserJet 4L + +With this, NT knows to use the right driver. You have to get this string +exactly right. + +To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box. + + + + diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml index 221a7f31b7..db918e349f 100644 --- a/docs/docbook/faq/sambafaq.sgml +++ b/docs/docbook/faq/sambafaq.sgml @@ -1,4 +1,8 @@ - + + + +]> Samba FAQ @@ -20,530 +24,7 @@ This FAQ is based on the old Samba FAQ by Dan Shearer and Paul Blackman. - -General Information - - -Where can I get it? - -The Samba suite is available at the samba website. - - - -What do the version numbers mean? - -It is not recommended that you run a version of Samba with the word -"alpha" in its name unless you know what you are doing and are willing -to do some debugging. Many, many people just get the latest -recommended stable release version and are happy. If you are brave, by -all means take the plunge and help with the testing and development - -but don't install it on your departmental server. Samba is typically -very stable and safe, and this is mostly due to the policy of many -public releases. - - - -How the scheme works: - -When major changes are made the version number is increased. For -example, the transition from 1.9.15 to 1.9.16. However, this version -number will not appear immediately and people should continue to use -1.9.15 for production systems (see next point.) - -Just after major changes are made the software is considered -unstable, and a series of alpha releases are distributed, for example -1.9.16alpha1. These are for testing by those who know what they are -doing. The "alpha" in the filename will hopefully scare off those who -are just looking for the latest version to install. - -When Andrew thinks that the alphas have stabilised to the point -where he would recommend new users install it, he renames it to the -same version number without the alpha, for example 1.9.16. - -Inevitably bugs are found in the "stable" releases and minor patch -levels are released which give us the pXX series, for example 1.9.16p2. - - - -So the progression goes: - - -1.9.15p7 (production) -1.9.15p8 (production) -1.9.16alpha1 (test sites only) -: -1.9.16alpha20 (test sites only) -1.9.16 (production) -1.9.16p1 (production) - - - - -The above system means that whenever someone looks at the samba ftp -site they will be able to grab the highest numbered release without an -alpha in the name and be sure of getting the current recommended -version. - - - - - -What platforms are supported? - -Many different platforms have run Samba successfully. The platforms -most widely used and thus best tested are Linux and SunOS. - - -At time of writing, there is support (or has been support for in earlier -versions): - - - -A/UX 3.0 -AIX -Altos Series 386/1000 -Amiga -Apollo Domain/OS sr10.3 -BSDI -B.O.S. (Bull Operating System) -Cray, Unicos 8.0 -Convex -DGUX. -DNIX. -FreeBSD -HP-UX -Intergraph. -Linux with/without shadow passwords and quota -LYNX 2.3.0 -MachTen (a unix like system for Macintoshes) -Motorola 88xxx/9xx range of machines -NetBSD -NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). -OS/2 using EMX 0.9b -OSF1 -QNX 4.22 -RiscIX. -RISCOs 5.0B -SEQUENT. -SCO (including: 3.2v2, European dist., OpenServer 5) -SGI. -SMP_DC.OSx v1.1-94c079 on Pyramid S series -SONY NEWS, NEWS-OS (4.2.x and 6.1.x) -SUNOS 4 -SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') -Sunsoft ISC SVR3V4 -SVR4 -System V with some berkely extensions (Motorola 88k R32V3.2). -ULTRIX. -UNIXWARE -UXP/DS - - - - - -How do I subscribe to the Samba Mailing Lists? - -Look at the samba mailing list page - - - - -Pizza supply details - -Those who have registered in the Samba survey as "Pizza Factory" will -already know this, but the rest may need some help. Andrew doesn't ask -for payment, but he does appreciate it when people give him -pizza. This calls for a little organisation when the pizza donor is -twenty thousand kilometres away, but it has been done. - - - -Method 1: Ring up your local branch of an international pizza chain -and see if they honour their vouchers internationally. Pizza Hut do, -which is how the entire Canberra Linux Users Group got to eat pizza -one night, courtesy of someone in the US. - - - -Method 2: Ring up a local pizza shop in Canberra and quote a credit -card number for a certain amount, and tell them that Andrew will be -collecting it (don't forget to tell him.) One kind soul from Germany -did this. - - - -Method 3: Purchase a pizza voucher from your local pizza shop that has -no international affiliations and send it to Andrew. It is completely -useless but he can hang it on the wall next to the one he already has -from Germany :-) - - - -Method 4: Air freight him a pizza with your favourite regional -flavours. It will probably get stuck in customs or torn apart by -hungry sniffer dogs but it will have been a noble gesture. - - - - - - - -Compiling and installing Samba on a Unix host - - -I can't see the Samba server in any browse lists! - -See Browsing.html in the docs directory of the samba source -for more information on browsing. - - - -If your GUI client does not permit you to select non-browsable -servers, you may need to do so on the command line. For example, under -Lan Manager you might connect to the above service as disk drive M: -thusly: - - net use M: \\mary\fred - -The details of how to do this and the specific syntax varies from -client to client - check your client's documentation. - - - -Some files that I KNOW are on the server doesn't show up when I view the files from my client! -<para>See the next question.</para> -</sect1> - -<sect1> -<title>Some files on the server show up with really wierd filenames when I view the files from my client! - -If you check what files are not showing up, you will note that they -are files which contain upper case letters or which are otherwise not -DOS-compatible (ie, they are not legal DOS filenames for some reason). - - - -The Samba server can be configured either to ignore such files -completely, or to present them to the client in "mangled" form. If you -are not seeing the files at all, the Samba server has most likely been -configured to ignore them. Consult the man page smb.conf(5) for -details of how to change this - the parameter you need to set is -"mangled names = yes". - - - - -My client reports "cannot locate specified computer" or similar - -This indicates one of three things: You supplied an incorrect server -name, the underlying TCP/IP layer is not working correctly, or the -name you specified cannot be resolved. - - - -After carefully checking that the name you typed is the name you -should have typed, try doing things like pinging a host or telnetting -to somewhere on your network to see if TCP/IP is functioning OK. If it -is, the problem is most likely name resolution. - - - -If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Lan Manager -or Windows for Workgroups you would put a suitable entry in the file -LMHOSTS. If this works, the problem is in the communication between -your client and the netbios name server. If it does not work, then -there is something fundamental wrong with your naming and the solution -is beyond the scope of this document. - - - -If you do not have any server on your subnet supplying netbios name -resolution, hardcoded mappings are your only option. If you DO have a -netbios name server running (such as the Samba suite's nmbd program), -the problem probably lies in the way it is set up. Refer to Section -Two of this FAQ for more ideas. - - - -By the way, remember to REMOVE the hardcoded mapping before further -tests :-) - - - - - -My client reports "cannot locate specified share name" or similar - -This message indicates that your client CAN locate the specified -server, which is a good start, but that it cannot find a service of -the name you gave. - - - -The first step is to check the exact name of the service you are -trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's docs on how -to specify a service name correctly), read on: - - - -Many clients cannot accept or use service names longer than eight characters. -Many clients cannot accept or use service names containing spaces. -Some servers (not Samba though) are case sensitive with service names. -Some clients force service names into upper case. - - - - -Printing doesn't work - -Make sure that the specified print command for the service you are -connecting to is correct and that it has a fully-qualified path (eg., -use "/usr/bin/lpr" rather than just "lpr"). - - - -Make sure that the spool directory specified for the service is -writable by the user connected to the service. In particular the user -"nobody" often has problems with printing, even if it worked with an -earlier version of Samba. Try creating another guest user other than -"nobody". - - - -Make sure that the user specified in the service is permitted to use -the printer. - - - -Check the debug log produced by smbd. Search for the printer name and -see if the log turns up any clues. Note that error messages to do with -a service ipc$ are meaningless - they relate to the way the client -attempts to retrieve status information when using the LANMAN1 -protocol. - - - -If using WfWg then you need to set the default protocol to TCP/IP, not -Netbeui. This is a WfWg bug. - - - -If using the Lanman1 protocol (the default) then try switching to -coreplus. Also not that print status error messages don't mean -printing won't work. The print status is received by a different -mechanism. - - - -My client reports "This server is not configured to list shared resources" - -Your guest account is probably invalid for some reason. Samba uses the -guest account for browsing in smbd. Check that your guest account is -valid. - - -See also 'guest account' in smb.conf man page. - - - - -Log message "you appear to have a trapdoor uid system" - -This can have several causes. It might be because you are using a uid -or gid of 65535 or -1. This is a VERY bad idea, and is a big security -hole. Check carefully in your /etc/passwd file and make sure that no -user has uid 65535 or -1. Especially check the "nobody" user, as many -broken systems are shipped with nobody setup with a uid of 65535. - - -It might also mean that your OS has a trapdoor uid/gid system :-) - - -This means that once a process changes effective uid from root to -another user it can't go back to root. Unfortunately Samba relies on -being able to change effective uid from root to non-root and back -again to implement its security policy. If your OS has a trapdoor uid -system this won't work, and several things in Samba may break. Less -things will break if you use user or server level security instead of -the default share level security, but you may still strike -problems. - - - -The problems don't give rise to any security holes, so don't panic, -but it does mean some of Samba's capabilities will be unavailable. -In particular you will not be able to connect to the Samba server as -two different uids at once. This may happen if you try to print as a -"guest" while accessing a share as a normal user. It may also affect -your ability to list the available shares as this is normally done as -the guest user. - - - -Complain to your OS vendor and ask them to fix their system. - - - -Note: the reason why 65535 is a VERY bad choice of uid and gid is that -it casts to -1 as a uid, and the setreuid() system call ignores (with -no error) uid changes to -1. This means any daemon attempting to run -as uid 65535 will actually run as root. This is not good! - - - - - -Why are my file's timestamps off by an hour, or by a few hours? - -This is from Paul Eggert eggert@twinsun.com. - - - -Most likely it's a problem with your time zone settings. - - - -Internally, Samba maintains time in traditional Unix format, -namely, the number of seconds since 1970-01-01 00:00:00 Universal Time -(or ``GMT''), not counting leap seconds. - - - -On the server side, Samba uses the Unix TZ variable to convert -internal timestamps to and from local time. So on the server side, there are -two things to get right. - -The Unix system clock must have the correct Universal time. Use the shell command "sh -c 'TZ=UTC0 date'" to check this. -The TZ environment variable must be set on the server before Samba is invoked. The details of this depend on the server OS, but typically you must edit a file whose name is /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'. - - - -TZ must have the correct value. - - -If possible, use geographical time zone settings -(e.g. TZ='America/Los_Angeles' or perhaps - TZ=':US/Pacific'). These are supported by most -popular Unix OSes, are easier to get right, and are -more accurate for historical timestamps. If your -operating system has out-of-date tables, you should be -able to update them from the public domain time zone -tables at ftp://elsie.nci.nih.gov/pub/. - - -If your system does not support geographical timezone -settings, you must use a Posix-style TZ strings, e.g. -TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. -Posix TZ strings can take the following form (with optional - items in brackets): - - StdOffset[Dst[Offset],Date/Time,Date/Time] - - where: - - - -`Std' is the standard time designation (e.g. `PST'). -`Offset' is the number of hours behind UTC (e.g. `8'). -Prepend a `-' if you are ahead of UTC, and -append `:30' if you are at a half-hour offset. -Omit all the remaining items if you do not use -daylight-saving time. - -`Dst' is the daylight-saving time designation -(e.g. `PDT'). - -The optional second `Offset' is the number of -hours that daylight-saving time is behind UTC. -The default is 1 hour ahead of standard time. - - -`Date/Time,Date/Time' specify when daylight-saving -time starts and ends. The format for a date is -`Mm.n.d', which specifies the dth day (0 is Sunday) -of the nth week of the mth month, where week 5 means -the last such day in the month. The format for a -time is [h]h[:mm[:ss]], using a 24-hour clock. - - - - - - -Other Posix string formats are allowed but you don't want -to know about them. - - -On the client side, you must make sure that your client's clock and -time zone is also set appropriately. [[I don't know how to do this.]] -Samba traditionally has had many problems dealing with time zones, due -to the bizarre ways that Microsoft network protocols handle time -zones. - - - -How do I set the printer driver name correctly? -Question: - On NT, I opened "Printer Manager" and "Connect to Printer". - Enter ["\\ptdi270\ps1"] in the box of printer. I got the - following error message - - - - You do not have sufficient access to your machine - to connect to the selected printer, since a driver - needs to be installed locally. - - - - Answer: - - In the more recent versions of Samba you can now set the "printer -driver" in smb.conf. This tells the client what driver to use. For -example: - - printer driver = HP LaserJet 4L - -With this, NT knows to use the right driver. You have to get this string -exactly right. - -To find the exact string to use, you need to get to the dialog box in -your client where you select which printer driver to install. The -correct strings for all the different printers are shown in a listbox -in that dialog box. - - - - - - -Specific client application problems - - -MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'" - -When installing MS Office on a Samba drive for which you have admin -user permissions, ie. admin users = username, you will find the -setup program unable to complete the installation. - - - -To get around this problem, do the installation without admin user -permissions The problem is that MS Office Setup checks that a file is -rdonly by trying to open it for writing. - - - -Admin users can always open a file for writing, as they run as root. -You just have to install as a non-admin user and then use "chown -R" -to fix the owner. - - - - - +&general; +&install; +&clientapp; -- cgit From 502a960354717bb1d7a2d001cbd1ad918a2f7a33 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 4 Oct 2002 16:11:31 +0000 Subject: Move Application_Serving.txt to FAQ question "How to use a samba share as a administrative share for MS Office, etc?" (This used to be commit 5e96448348d3db232a9a9f273a16dcfc4f69aaab) --- docs/docbook/faq/clientapp.sgml | 59 +++++++++++++++++++++++++++++++++ docs/faq/clientapp.html | 62 +++++++++++++++++++++++++++++++++++ docs/faq/samba-faq.html | 5 +++ docs/textdocs/Application_Serving.txt | 56 ------------------------------- 4 files changed, 126 insertions(+), 56 deletions(-) delete mode 100644 docs/textdocs/Application_Serving.txt (limited to 'docs') diff --git a/docs/docbook/faq/clientapp.sgml b/docs/docbook/faq/clientapp.sgml index 9bb7cb320f..2077b230ce 100644 --- a/docs/docbook/faq/clientapp.sgml +++ b/docs/docbook/faq/clientapp.sgml @@ -23,4 +23,63 @@ to fix the owner.     + +How to use a Samba share as an administrative share for MS Office, etc. + + +Microsoft Office products can be installed as an administrative installation +from which the application can either be run off the administratively installed +product that resides on a shared resource, or from which that product can be +installed onto workstation clients. + + + +The general mechanism for implementing an adminstrative installation involves +running X:\setup /A, where X is the drive letter of either CDROM or floppy. + + + +This installation process will NOT install the product for use per se, but +rather results in unpacking of the compressed distribution files into a target +shared folder. For this process you need write privilidge to the share and it +is desirable to enable file locking and share mode operation during this +process. + + + +Subsequent installation of MS Office from this share will FAIL unless certain +precautions are taken. This failure will be caused by share mode operation +which will prevent the MS Office installation process from re-opening various +dynamic link library files and will cause sporadic file not found problems. + + + + +As soon as the administrative installation (unpacking) has completed +set the following parameters on the share containing it: + + + + [MSOP95] + path = /where_you_put_it + comment = Your comment + volume = "The_CD_ROM_Label" + read only = yes + available = yes + share modes = no + locking = no + browseable = yes + public = yes + + + + + +Now you are ready to run the setup program from the Microsoft Windows +workstation as follows: \\"Server_Name"\MSOP95\msoffice\setup + + + + +     diff --git a/docs/faq/clientapp.html b/docs/faq/clientapp.html index d2ba0a08b5..0081891331 100644 --- a/docs/faq/clientapp.html +++ b/docs/faq/clientapp.html @@ -86,6 +86,68 @@ rdonly by trying to open it for writing.

    3.2. How to use a Samba share as an administrative share for MS Office, etc.

    Microsoft Office products can be installed as an administrative installation +from which the application can either be run off the administratively installed +product that resides on a shared resource, or from which that product can be +installed onto workstation clients.

    The general mechanism for implementing an adminstrative installation involves +running X:\setup /A, where X is the drive letter of either CDROM or floppy.

    This installation process will NOT install the product for use per se, but +rather results in unpacking of the compressed distribution files into a target +shared folder. For this process you need write privilidge to the share and it +is desirable to enable file locking and share mode operation during this +process.

    Subsequent installation of MS Office from this share will FAIL unless certain +precautions are taken. This failure will be caused by share mode operation +which will prevent the MS Office installation process from re-opening various +dynamic link library files and will cause sporadic file not found problems.

    • As soon as the administrative installation (unpacking) has completed +set the following parameters on the share containing it:

      	[MSOP95]
+		path = /where_you_put_it
+		comment = Your comment
+		volume = "The_CD_ROM_Label"
+		read only = yes
+		available = yes
+		share modes = no
+		locking = no
+		browseable = yes
+		public = yes

    • Now you are ready to run the setup program from the Microsoft Windows +workstation as follows: \\"Server_Name"\MSOP95\msoffice\setup

    MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"
    3.2. How to use a Samba share as an administrative share for MS Office, etc.
    - Copyright (C) 1997 - John H Terpstra -Status: Current - -Subject: Using a Samba share as an administrative share for MS Office, etc. -============================================================================== - -Problem: -======== -Microsoft Office products can be installed as an administrative installation -from which the application can either be run off the administratively installed -product that resides on a shared resource, or from which that product can be -installed onto workstation clients. - -The general mechanism for implementing an adminstrative installation involves -running: - X:\setup /A, where X is the drive letter of either CDROM or floppy - -This installation process will NOT install the product for use per se, but -rather results in unpacking of the compressed distribution files into a target -shared folder. For this process you need write privilidge to the share and it -is desirable to enable file locking and share mode operation during this -process. - -Subsequent installation of MS Office from this share will FAIL unless certain -precautions are taken. This failure will be caused by share mode operation -which will prevent the MS Office installation process from re-opening various -dynamic link library files and will cause sporadic file not found problems. - -Solution: -========= -1. As soon as the administrative installation (unpacking) has completed - set the following parameters on the share containing it: - [MSOP95] - path = /where_you_put_it - comment = Your comment - volume = "The_CD_ROM_Label" - read only = yes - available = yes - share modes = no - locking = no - browseable = yes - public = yes - -2. Now you are ready to run the setup program from the Microsoft Windows -workstation as follows:- - \\"Server_Name"\MSOP95\msoffice\setup - -MS Office Sharing - Please note: -================================ - -Workgroup Templates should be stored on an ordinary writable or read-only share -but USER templates MUST be stored on a writable share _OR_ on the users' local -machine. -- cgit From 42efc1092dcb3042724e280c0bb18e813b3aac98 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 4 Oct 2002 16:36:40 +0000 Subject: Convert GOTCHAS to SGML (This used to be commit c48207ef0e219680d4e4102256c76189aaf73ebc) --- docs/Samba-HOWTO-Collection.pdf | 8905 +++++++++++++++--------------- docs/docbook/projdoc/Portability.sgml | 23 + docs/htmldocs/bugreport.html | 35 +- docs/htmldocs/cvs-access.html | 27 +- docs/htmldocs/diagnosis.html | 83 +- docs/htmldocs/domain-security.html | 23 +- docs/htmldocs/groupmapping.html | 11 +- docs/htmldocs/improved-browsing.html | 69 +- docs/htmldocs/install.html | 89 +- docs/htmldocs/integrate-ms-networks.html | 91 +- docs/htmldocs/msdfs.html | 19 +- docs/htmldocs/other-clients.html | 63 +- docs/htmldocs/pam.html | 23 +- docs/htmldocs/portability.html | 47 +- docs/htmldocs/printing.html | 71 +- docs/htmldocs/printingdebug.html | 47 +- docs/htmldocs/samba-bdc.html | 43 +- docs/htmldocs/samba-ldap-howto.html | 69 +- docs/htmldocs/securitylevels.html | 19 +- docs/htmldocs/speed.html | 91 +- docs/htmldocs/unix-permissions.html | 47 +- docs/htmldocs/winbind.html | 123 +- docs/textdocs/GOTCHAS.txt | 22 - 23 files changed, 5341 insertions(+), 4699 deletions(-) delete mode 100644 docs/textdocs/GOTCHAS.txt (limited to 'docs') diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf index 874badf995..57b7083492 100644 --- a/docs/Samba-HOWTO-Collection.pdf +++ b/docs/Samba-HOWTO-Collection.pdf @@ -1,6 +1,6 @@ %PDF-1.3 %âãÏÓ -1 0 obj<>endobj +1 0 obj<>endobj 2 0 obj<>endobj 3 0 obj<>endobj 4 0 obj<>endobj @@ -13,50 +13,50 @@ 11 0 obj<>endobj 12 0 obj<>endobj 13 0 obj<>endobj -14 0 obj<>endobj -15 0 obj<>endobj -16 0 obj<>endobj -17 0 obj<>endobj -18 0 obj<>endobj -19 0 obj<>endobj -20 0 obj<>endobj -21 0 obj<>endobj -22 0 obj<>endobj -23 0 obj<>endobj -24 0 obj<>endobj -25 0 obj<>endobj -26 0 obj<>endobj -27 0 obj<>endobj -28 0 obj<>endobj -29 0 obj<>endobj -30 0 obj<>endobj -31 0 obj<>endobj -32 0 obj<>endobj -33 0 obj<>endobj -34 0 obj<>endobj -35 0 obj<>endobj -36 0 obj<>endobj -37 0 obj<>endobj -38 0 obj<>endobj -39 0 obj<>endobj -40 0 obj<>endobj -41 0 obj<>endobj -42 0 obj<>endobj -43 0 obj<>endobj -44 0 obj<>endobj -45 0 obj<>endobj -46 0 obj<>endobj -47 0 obj<>endobj -48 0 obj<>endobj -49 0 obj<>endobj -50 0 obj<>endobj -51 0 obj<>endobj -52 0 obj<>endobj -53 0 obj<>endobj -54 0 obj<>endobj -55 0 obj<>endobj -56 0 obj<>endobj -57 0 obj<>endobj +14 0 obj<>endobj +15 0 obj<>endobj +16 0 obj<>endobj +17 0 obj<>endobj +18 0 obj<>endobj +19 0 obj<>endobj +20 0 obj<>endobj +21 0 obj<>endobj +22 0 obj<>endobj +23 0 obj<>endobj +24 0 obj<>endobj +25 0 obj<>endobj +26 0 obj<>endobj +27 0 obj<>endobj +28 0 obj<>endobj +29 0 obj<>endobj +30 0 obj<>endobj +31 0 obj<>endobj +32 0 obj<>endobj +33 0 obj<>endobj +34 0 obj<>endobj +35 0 obj<>endobj +36 0 obj<>endobj +37 0 obj<>endobj +38 0 obj<>endobj +39 0 obj<>endobj +40 0 obj<>endobj +41 0 obj<>endobj +42 0 obj<>endobj +43 0 obj<>endobj +44 0 obj<>endobj +45 0 obj<>endobj +46 0 obj<>endobj +47 0 obj<>endobj +48 0 obj<>endobj +49 0 obj<>endobj +50 0 obj<>endobj +51 0 obj<>endobj +52 0 obj<>endobj +53 0 obj<>endobj +54 0 obj<>endobj +55 0 obj<>endobj +56 0 obj<>endobj +57 0 obj<>endobj 58 0 obj[14 0 R 15 0 R 16 0 R @@ -101,50 +101,50 @@ 55 0 R 56 0 R 57 0 R]endobj -59 0 obj<>endobj -60 0 obj<>endobj -61 0 obj<>endobj -62 0 obj<>endobj -63 0 obj<>endobj -64 0 obj<>endobj -65 0 obj<>endobj -66 0 obj<>endobj -67 0 obj<>endobj -68 0 obj<>endobj -69 0 obj<>endobj -70 0 obj<>endobj -71 0 obj<>endobj -72 0 obj<>endobj -73 0 obj<>endobj -74 0 obj<>endobj -75 0 obj<>endobj -76 0 obj<>endobj -77 0 obj<>endobj -78 0 obj<>endobj -79 0 obj<>endobj -80 0 obj<>endobj -81 0 obj<>endobj -82 0 obj<>endobj -83 0 obj<>endobj -84 0 obj<>endobj -85 0 obj<>endobj -86 0 obj<>endobj -87 0 obj<>endobj -88 0 obj<>endobj -89 0 obj<>endobj -90 0 obj<>endobj -91 0 obj<>endobj -92 0 obj<>endobj -93 0 obj<>endobj -94 0 obj<>endobj -95 0 obj<>endobj -96 0 obj<>endobj -97 0 obj<>endobj -98 0 obj<>endobj -99 0 obj<>endobj -100 0 obj<>endobj -101 0 obj<>endobj -102 0 obj<>endobj +59 0 obj<>endobj +60 0 obj<>endobj +61 0 obj<>endobj +62 0 obj<>endobj +63 0 obj<>endobj +64 0 obj<>endobj +65 0 obj<>endobj +66 0 obj<>endobj +67 0 obj<>endobj +68 0 obj<>endobj +69 0 obj<>endobj +70 0 obj<>endobj +71 0 obj<>endobj +72 0 obj<>endobj +73 0 obj<>endobj +74 0 obj<>endobj +75 0 obj<>endobj +76 0 obj<>endobj +77 0 obj<>endobj +78 0 obj<>endobj +79 0 obj<>endobj +80 0 obj<>endobj +81 0 obj<>endobj +82 0 obj<>endobj +83 0 obj<>endobj +84 0 obj<>endobj +85 0 obj<>endobj +86 0 obj<>endobj +87 0 obj<>endobj +88 0 obj<>endobj +89 0 obj<>endobj +90 0 obj<>endobj +91 0 obj<>endobj +92 0 obj<>endobj +93 0 obj<>endobj +94 0 obj<>endobj +95 0 obj<>endobj +96 0 obj<>endobj +97 0 obj<>endobj +98 0 obj<>endobj +99 0 obj<>endobj +100 0 obj<>endobj +101 0 obj<>endobj +102 0 obj<>endobj 103 0 obj[59 0 R 60 0 R 61 0 R @@ -189,49 +189,49 @@ 100 0 R 101 0 R 102 0 R]endobj -104 0 obj<>endobj -105 0 obj<>endobj -106 0 obj<>endobj -107 0 obj<>endobj -108 0 obj<>endobj -109 0 obj<>endobj -110 0 obj<>endobj -111 0 obj<>endobj -112 0 obj<>endobj -113 0 obj<>endobj -114 0 obj<>endobj -115 0 obj<>endobj -116 0 obj<>endobj -117 0 obj<>endobj -118 0 obj<>endobj -119 0 obj<>endobj -120 0 obj<>endobj -121 0 obj<>endobj -122 0 obj<>endobj -123 0 obj<>endobj -124 0 obj<>endobj -125 0 obj<>endobj -126 0 obj<>endobj -127 0 obj<>endobj -128 0 obj<>endobj -129 0 obj<>endobj -130 0 obj<>endobj -131 0 obj<>endobj -132 0 obj<>endobj -133 0 obj<>endobj -134 0 obj<>endobj -135 0 obj<>endobj -136 0 obj<>endobj -137 0 obj<>endobj -138 0 obj<>endobj -139 0 obj<>endobj -140 0 obj<>endobj -141 0 obj<>endobj -142 0 obj<>endobj -143 0 obj<>endobj -144 0 obj<>endobj -145 0 obj<>endobj -146 0 obj<>endobj +104 0 obj<>endobj +105 0 obj<>endobj +106 0 obj<>endobj +107 0 obj<>endobj +108 0 obj<>endobj +109 0 obj<>endobj +110 0 obj<>endobj +111 0 obj<>endobj +112 0 obj<>endobj +113 0 obj<>endobj +114 0 obj<>endobj +115 0 obj<>endobj +116 0 obj<>endobj +117 0 obj<>endobj +118 0 obj<>endobj +119 0 obj<>endobj +120 0 obj<>endobj +121 0 obj<>endobj +122 0 obj<>endobj +123 0 obj<>endobj +124 0 obj<>endobj +125 0 obj<>endobj +126 0 obj<>endobj +127 0 obj<>endobj +128 0 obj<>endobj +129 0 obj<>endobj +130 0 obj<>endobj +131 0 obj<>endobj +132 0 obj<>endobj +133 0 obj<>endobj +134 0 obj<>endobj +135 0 obj<>endobj +136 0 obj<>endobj +137 0 obj<>endobj +138 0 obj<>endobj +139 0 obj<>endobj +140 0 obj<>endobj +141 0 obj<>endobj +142 0 obj<>endobj +143 0 obj<>endobj +144 0 obj<>endobj +145 0 obj<>endobj +146 0 obj<>endobj 147 0 obj[104 0 R 105 0 R 106 0 R @@ -275,50 +275,50 @@ 144 0 R 145 0 R 146 0 R]endobj -148 0 obj<>endobj -149 0 obj<>endobj -150 0 obj<>endobj -151 0 obj<>endobj -152 0 obj<>endobj -153 0 obj<>endobj -154 0 obj<>endobj -155 0 obj<>endobj -156 0 obj<>endobj -157 0 obj<>endobj -158 0 obj<>endobj -159 0 obj<>endobj -160 0 obj<>endobj -161 0 obj<>endobj -162 0 obj<>endobj -163 0 obj<>endobj -164 0 obj<>endobj -165 0 obj<>endobj -166 0 obj<>endobj -167 0 obj<>endobj -168 0 obj<>endobj -169 0 obj<>endobj -170 0 obj<>endobj -171 0 obj<>endobj -172 0 obj<>endobj -173 0 obj<>endobj -174 0 obj<>endobj -175 0 obj<>endobj -176 0 obj<>endobj -177 0 obj<>endobj -178 0 obj<>endobj -179 0 obj<>endobj -180 0 obj<>endobj -181 0 obj<>endobj -182 0 obj<>endobj -183 0 obj<>endobj -184 0 obj<>endobj -185 0 obj<>endobj -186 0 obj<>endobj -187 0 obj<>endobj -188 0 obj<>endobj -189 0 obj<>endobj -190 0 obj<>endobj -191 0 obj<>endobj +148 0 obj<>endobj +149 0 obj<>endobj +150 0 obj<>endobj +151 0 obj<>endobj +152 0 obj<>endobj +153 0 obj<>endobj +154 0 obj<>endobj +155 0 obj<>endobj +156 0 obj<>endobj +157 0 obj<>endobj +158 0 obj<>endobj +159 0 obj<>endobj +160 0 obj<>endobj +161 0 obj<>endobj +162 0 obj<>endobj +163 0 obj<>endobj +164 0 obj<>endobj +165 0 obj<>endobj +166 0 obj<>endobj +167 0 obj<>endobj +168 0 obj<>endobj +169 0 obj<>endobj +170 0 obj<>endobj +171 0 obj<>endobj +172 0 obj<>endobj +173 0 obj<>endobj +174 0 obj<>endobj +175 0 obj<>endobj +176 0 obj<>endobj +177 0 obj<>endobj +178 0 obj<>endobj +179 0 obj<>endobj +180 0 obj<>endobj +181 0 obj<>endobj +182 0 obj<>endobj +183 0 obj<>endobj +184 0 obj<>endobj +185 0 obj<>endobj +186 0 obj<>endobj +187 0 obj<>endobj +188 0 obj<>endobj +189 0 obj<>endobj +190 0 obj<>endobj +191 0 obj<>endobj 192 0 obj[148 0 R 149 0 R 150 0 R @@ -363,52 +363,53 @@ 189 0 R 190 0 R 191 0 R]endobj -193 0 obj<>endobj -194 0 obj<>endobj -195 0 obj<>endobj -196 0 obj<>endobj -197 0 obj<>endobj -198 0 obj<>endobj -199 0 obj<>endobj -200 0 obj<>endobj -201 0 obj<>endobj -202 0 obj<>endobj -203 0 obj<>endobj -204 0 obj<>endobj -205 0 obj<>endobj -206 0 obj<>endobj -207 0 obj<>endobj -208 0 obj<>endobj -209 0 obj<>endobj -210 0 obj<>endobj -211 0 obj<>endobj -212 0 obj<>endobj -213 0 obj<>endobj -214 0 obj<>endobj -215 0 obj<>endobj -216 0 obj<>endobj -217 0 obj<>endobj -218 0 obj<>endobj -219 0 obj<>endobj -220 0 obj<>endobj -221 0 obj<>endobj -222 0 obj<>endobj -223 0 obj<>endobj -224 0 obj<>endobj -225 0 obj<>endobj -226 0 obj<>endobj -227 0 obj<>endobj -228 0 obj<>endobj -229 0 obj<>endobj -230 0 obj<>endobj -231 0 obj<>endobj -232 0 obj<>endobj -233 0 obj<>endobj -234 0 obj<>endobj -235 0 obj<>endobj -236 0 obj<>endobj -237 0 obj<>endobj -238 0 obj[193 0 R +193 0 obj<>endobj +194 0 obj<>endobj +195 0 obj<>endobj +196 0 obj<>endobj +197 0 obj<>endobj +198 0 obj<>endobj +199 0 obj<>endobj +200 0 obj<>endobj +201 0 obj<>endobj +202 0 obj<>endobj +203 0 obj<>endobj +204 0 obj<>endobj +205 0 obj<>endobj +206 0 obj<>endobj +207 0 obj<>endobj +208 0 obj<>endobj +209 0 obj<>endobj +210 0 obj<>endobj +211 0 obj<>endobj +212 0 obj<>endobj +213 0 obj<>endobj +214 0 obj<>endobj +215 0 obj<>endobj +216 0 obj<>endobj +217 0 obj<>endobj +218 0 obj<>endobj +219 0 obj<>endobj +220 0 obj<>endobj +221 0 obj<>endobj +222 0 obj<>endobj +223 0 obj<>endobj +224 0 obj<>endobj +225 0 obj<>endobj +226 0 obj<>endobj +227 0 obj<>endobj +228 0 obj<>endobj +229 0 obj<>endobj +230 0 obj<>endobj +231 0 obj<>endobj +232 0 obj<>endobj +233 0 obj<>endobj +234 0 obj<>endobj +235 0 obj<>endobj +236 0 obj<>endobj +237 0 obj<>endobj +238 0 obj<>endobj +239 0 obj[193 0 R 194 0 R 195 0 R 196 0 R @@ -452,77 +453,88 @@ 234 0 R 235 0 R 236 0 R -237 0 R]endobj -239 0 obj<>endobj -240 0 obj<>endobj -241 0 obj<>endobj -242 0 obj<>endobj -243 0 obj<>endobj -244 0 obj<>endobj -245 0 obj<>endobj -246 0 obj<>endobj -247 0 obj[239 0 R -240 0 R +237 0 R +238 0 R]endobj +240 0 obj<>endobj +241 0 obj<>endobj +242 0 obj<>endobj +243 0 obj<>endobj +244 0 obj<>endobj +245 0 obj<>endobj +246 0 obj<>endobj +247 0 obj<>endobj +248 0 obj<>endobj +249 0 obj<>endobj +250 0 obj<>endobj +251 0 obj<>endobj +252 0 obj<>endobj +253 0 obj<>endobj +254 0 obj<>endobj +255 0 obj<>endobj +256 0 obj<>endobj +257 0 obj<>endobj +258 0 obj<>endobj +259 0 obj[240 0 R 241 0 R 242 0 R 243 0 R 244 0 R 245 0 R -246 0 R]endobj -248 0 obj<>endobj -249 0 obj<>endobj -250 0 obj<>endobj -251 0 obj<>endobj -252 0 obj<>endobj -253 0 obj<>endobj -254 0 obj<>endobj -255 0 obj<>endobj -256 0 obj<>endobj -257 0 obj<>endobj -258 0 obj<>endobj -259 0 obj<>endobj -260 0 obj<>endobj -261 0 obj<>endobj -262 0 obj<>endobj -263 0 obj<>endobj -264 0 obj<>endobj -265 0 obj<>endobj -266 0 obj<>endobj -267 0 obj<>endobj -268 0 obj<>endobj -269 0 obj<>endobj -270 0 obj<>endobj -271 0 obj<>endobj -272 0 obj<>endobj -273 0 obj<>endobj -274 0 obj<>endobj -275 0 obj<>endobj -276 0 obj<>endobj -277 0 obj<>endobj -278 0 obj<>endobj -279 0 obj<>endobj -280 0 obj<>endobj -281 0 obj<>endobj -282 0 obj<>endobj -283 0 obj<>endobj -284 0 obj<>endobj -285 0 obj<>endobj -286 0 obj<>endobj -287 0 obj<>endobj -288 0 obj[249 0 R +246 0 R +247 0 R +248 0 R +249 0 R +250 0 R 251 0 R +252 0 R 253 0 R 254 0 R 255 0 R 256 0 R 257 0 R -258 0 R -259 0 R -260 0 R -261 0 R -262 0 R +258 0 R]endobj +260 0 obj<>endobj +261 0 obj<>endobj +262 0 obj<>endobj +263 0 obj<>endobj +264 0 obj<>endobj +265 0 obj<>endobj +266 0 obj<>endobj +267 0 obj<>endobj +268 0 obj<>endobj +269 0 obj<>endobj +270 0 obj<>endobj +271 0 obj<>endobj +272 0 obj<>endobj +273 0 obj<>endobj +274 0 obj<>endobj +275 0 obj<>endobj +276 0 obj<>endobj +277 0 obj<>endobj +278 0 obj<>endobj +279 0 obj<>endobj +280 0 obj<>endobj +281 0 obj<>endobj +282 0 obj<>endobj +283 0 obj<>endobj +284 0 obj<>endobj +285 0 obj<>endobj +286 0 obj<>endobj +287 0 obj<>endobj +288 0 obj<>endobj +289 0 obj<>endobj +290 0 obj<>endobj +291 0 obj<>endobj +292 0 obj<>endobj +293 0 obj<>endobj +294 0 obj<>endobj +295 0 obj<>endobj +296 0 obj<>endobj +297 0 obj<>endobj +298 0 obj<>endobj +299 0 obj<>endobj +300 0 obj[261 0 R 263 0 R -264 0 R 265 0 R 266 0 R 267 0 R @@ -545,59 +557,9 @@ 284 0 R 285 0 R 286 0 R -287 0 R]endobj -289 0 obj<>endobj -290 0 obj<>endobj -291 0 obj<>endobj -292 0 obj<>endobj -293 0 obj<>endobj -294 0 obj<>endobj -295 0 obj<>endobj -296 0 obj<>endobj -297 0 obj<>endobj -298 0 obj<>endobj -299 0 obj<>endobj -300 0 obj<>endobj -301 0 obj<>endobj -302 0 obj<>endobj -303 0 obj<>endobj -304 0 obj<>endobj -305 0 obj<>endobj -306 0 obj<>endobj -307 0 obj<>endobj -308 0 obj<>endobj -309 0 obj<>endobj -310 0 obj<>endobj -311 0 obj<>endobj -312 0 obj<>endobj -313 0 obj<>endobj -314 0 obj<>endobj -315 0 obj<>endobj -316 0 obj<>endobj -317 0 obj<>endobj -318 0 obj<>endobj -319 0 obj<>endobj -320 0 obj<>endobj -321 0 obj<>endobj -322 0 obj<>endobj -323 0 obj<>endobj -324 0 obj<>endobj -325 0 obj<>endobj -326 0 obj<>endobj -327 0 obj<>endobj -328 0 obj<>endobj -329 0 obj<>endobj -330 0 obj<>endobj -331 0 obj<>endobj -332 0 obj<>endobj -333 0 obj<>endobj -334 0 obj<>endobj -335 0 obj<>endobj -336 0 obj<>endobj -337 0 obj<>endobj -338 0 obj<>endobj -339 0 obj<>endobj -340 0 obj[289 0 R +287 0 R +288 0 R +289 0 R 290 0 R 291 0 R 292 0 R @@ -607,9 +569,59 @@ 296 0 R 297 0 R 298 0 R -299 0 R -300 0 R -301 0 R +299 0 R]endobj +301 0 obj<>endobj +302 0 obj<>endobj +303 0 obj<>endobj +304 0 obj<>endobj +305 0 obj<>endobj +306 0 obj<>endobj +307 0 obj<>endobj +308 0 obj<>endobj +309 0 obj<>endobj +310 0 obj<>endobj +311 0 obj<>endobj +312 0 obj<>endobj +313 0 obj<>endobj +314 0 obj<>endobj +315 0 obj<>endobj +316 0 obj<>endobj +317 0 obj<>endobj +318 0 obj<>endobj +319 0 obj<>endobj +320 0 obj<>endobj +321 0 obj<>endobj +322 0 obj<>endobj +323 0 obj<>endobj +324 0 obj<>endobj +325 0 obj<>endobj +326 0 obj<>endobj +327 0 obj<>endobj +328 0 obj<>endobj +329 0 obj<>endobj +330 0 obj<>endobj +331 0 obj<>endobj +332 0 obj<>endobj +333 0 obj<>endobj +334 0 obj<>endobj +335 0 obj<>endobj +336 0 obj<>endobj +337 0 obj<>endobj +338 0 obj<>endobj +339 0 obj<>endobj +340 0 obj<>endobj +341 0 obj<>endobj +342 0 obj<>endobj +343 0 obj<>endobj +344 0 obj<>endobj +345 0 obj<>endobj +346 0 obj<>endobj +347 0 obj<>endobj +348 0 obj<>endobj +349 0 obj<>endobj +350 0 obj<>endobj +351 0 obj<>endobj +352 0 obj[301 0 R 302 0 R 303 0 R 304 0 R @@ -647,59 +659,9 @@ 336 0 R 337 0 R 338 0 R -339 0 R]endobj -341 0 obj<>endobj -342 0 obj<>endobj -343 0 obj<>endobj -344 0 obj<>endobj -345 0 obj<>endobj -346 0 obj<>endobj -347 0 obj<>endobj -348 0 obj<>endobj -349 0 obj<>endobj -350 0 obj<>endobj -351 0 obj<>endobj -352 0 obj<>endobj -353 0 obj<>endobj -354 0 obj<>endobj -355 0 obj<>endobj -356 0 obj<>endobj -357 0 obj<>endobj -358 0 obj<>endobj -359 0 obj<>endobj -360 0 obj<>endobj -361 0 obj<>endobj -362 0 obj<>endobj -363 0 obj<>endobj -364 0 obj<>endobj -365 0 obj<>endobj -366 0 obj<>endobj -367 0 obj<>endobj -368 0 obj<>endobj -369 0 obj<>endobj -370 0 obj<>endobj -371 0 obj<>endobj -372 0 obj<>endobj -373 0 obj<>endobj -374 0 obj<>endobj -375 0 obj<>endobj -376 0 obj<>endobj -377 0 obj<>endobj -378 0 obj<>endobj -379 0 obj<>endobj -380 0 obj<>endobj -381 0 obj<>endobj -382 0 obj<>endobj -383 0 obj<>endobj -384 0 obj<>endobj -385 0 obj<>endobj -386 0 obj<>endobj -387 0 obj<>endobj -388 0 obj<>endobj -389 0 obj<>endobj -390 0 obj<>endobj -391 0 obj<>endobj -392 0 obj[341 0 R +339 0 R +340 0 R +341 0 R 342 0 R 343 0 R 344 0 R @@ -709,9 +671,59 @@ 348 0 R 349 0 R 350 0 R -351 0 R -352 0 R -353 0 R +351 0 R]endobj +353 0 obj<>endobj +354 0 obj<>endobj +355 0 obj<>endobj +356 0 obj<>endobj +357 0 obj<>endobj +358 0 obj<>endobj +359 0 obj<>endobj +360 0 obj<>endobj +361 0 obj<>endobj +362 0 obj<>endobj +363 0 obj<>endobj +364 0 obj<>endobj +365 0 obj<>endobj +366 0 obj<>endobj +367 0 obj<>endobj +368 0 obj<>endobj +369 0 obj<>endobj +370 0 obj<>endobj +371 0 obj<>endobj +372 0 obj<>endobj +373 0 obj<>endobj +374 0 obj<>endobj +375 0 obj<>endobj +376 0 obj<>endobj +377 0 obj<>endobj +378 0 obj<>endobj +379 0 obj<>endobj +380 0 obj<>endobj +381 0 obj<>endobj +382 0 obj<>endobj +383 0 obj<>endobj +384 0 obj<>endobj +385 0 obj<>endobj +386 0 obj<>endobj +387 0 obj<>endobj +388 0 obj<>endobj +389 0 obj<>endobj +390 0 obj<>endobj +391 0 obj<>endobj +392 0 obj<>endobj +393 0 obj<>endobj +394 0 obj<>endobj +395 0 obj<>endobj +396 0 obj<>endobj +397 0 obj<>endobj +398 0 obj<>endobj +399 0 obj<>endobj +400 0 obj<>endobj +401 0 obj<>endobj +402 0 obj<>endobj +403 0 obj<>endobj +404 0 obj[353 0 R 354 0 R 355 0 R 356 0 R @@ -749,59 +761,9 @@ 388 0 R 389 0 R 390 0 R -391 0 R]endobj -393 0 obj<>endobj -394 0 obj<>endobj -395 0 obj<>endobj -396 0 obj<>endobj -397 0 obj<>endobj -398 0 obj<>endobj -399 0 obj<>endobj -400 0 obj<>endobj -401 0 obj<>endobj -402 0 obj<>endobj -403 0 obj<>endobj -404 0 obj<>endobj -405 0 obj<>endobj -406 0 obj<>endobj -407 0 obj<>endobj -408 0 obj<>endobj -409 0 obj<>endobj -410 0 obj<>endobj -411 0 obj<>endobj -412 0 obj<>endobj -413 0 obj<>endobj -414 0 obj<>endobj -415 0 obj<>endobj -416 0 obj<>endobj -417 0 obj<>endobj -418 0 obj<>endobj -419 0 obj<>endobj -420 0 obj<>endobj -421 0 obj<>endobj -422 0 obj<>endobj -423 0 obj<>endobj -424 0 obj<>endobj -425 0 obj<>endobj -426 0 obj<>endobj -427 0 obj<>endobj -428 0 obj<>endobj -429 0 obj<>endobj -430 0 obj<>endobj -431 0 obj<>endobj -432 0 obj<>endobj -433 0 obj<>endobj -434 0 obj<>endobj -435 0 obj<>endobj -436 0 obj<>endobj -437 0 obj<>endobj -438 0 obj<>endobj -439 0 obj<>endobj -440 0 obj<>endobj -441 0 obj<>endobj -442 0 obj<>endobj -443 0 obj<>endobj -444 0 obj[393 0 R +391 0 R +392 0 R +393 0 R 394 0 R 395 0 R 396 0 R @@ -811,9 +773,59 @@ 400 0 R 401 0 R 402 0 R -403 0 R -404 0 R -405 0 R +403 0 R]endobj +405 0 obj<>endobj +406 0 obj<>endobj +407 0 obj<>endobj +408 0 obj<>endobj +409 0 obj<>endobj +410 0 obj<>endobj +411 0 obj<>endobj +412 0 obj<>endobj +413 0 obj<>endobj +414 0 obj<>endobj +415 0 obj<>endobj +416 0 obj<>endobj +417 0 obj<>endobj +418 0 obj<>endobj +419 0 obj<>endobj +420 0 obj<>endobj +421 0 obj<>endobj +422 0 obj<>endobj +423 0 obj<>endobj +424 0 obj<>endobj +425 0 obj<>endobj +426 0 obj<>endobj +427 0 obj<>endobj +428 0 obj<>endobj +429 0 obj<>endobj +430 0 obj<>endobj +431 0 obj<>endobj +432 0 obj<>endobj +433 0 obj<>endobj +434 0 obj<>endobj +435 0 obj<>endobj +436 0 obj<>endobj +437 0 obj<>endobj +438 0 obj<>endobj +439 0 obj<>endobj +440 0 obj<>endobj +441 0 obj<>endobj +442 0 obj<>endobj +443 0 obj<>endobj +444 0 obj<>endobj +445 0 obj<>endobj +446 0 obj<>endobj +447 0 obj<>endobj +448 0 obj<>endobj +449 0 obj<>endobj +450 0 obj<>endobj +451 0 obj<>endobj +452 0 obj<>endobj +453 0 obj<>endobj +454 0 obj<>endobj +455 0 obj<>endobj +456 0 obj[405 0 R 406 0 R 407 0 R 408 0 R @@ -851,42 +863,9 @@ 440 0 R 441 0 R 442 0 R -443 0 R]endobj -445 0 obj<>endobj -446 0 obj<>endobj -447 0 obj<>endobj -448 0 obj<>endobj -449 0 obj<>endobj -450 0 obj<>endobj -451 0 obj<>endobj -452 0 obj<>endobj -453 0 obj<>endobj -454 0 obj<>endobj -455 0 obj<>endobj -456 0 obj<>endobj -457 0 obj<>endobj -458 0 obj<>endobj -459 0 obj<>endobj -460 0 obj<>endobj -461 0 obj<>endobj -462 0 obj<>endobj -463 0 obj<>endobj -464 0 obj<>endobj -465 0 obj<>endobj -466 0 obj<>endobj -467 0 obj<>endobj -468 0 obj<>endobj -469 0 obj<>endobj -470 0 obj<>endobj -471 0 obj<>endobj -472 0 obj<>endobj -473 0 obj<>endobj -474 0 obj<>endobj -475 0 obj<>endobj -476 0 obj<>endobj -477 0 obj<>endobj -478 0 obj<>endobj -479 0 obj[445 0 R +443 0 R +444 0 R +445 0 R 446 0 R 447 0 R 448 0 R @@ -896,9 +875,52 @@ 452 0 R 453 0 R 454 0 R -455 0 R -456 0 R -457 0 R +455 0 R]endobj +457 0 obj<>endobj +458 0 obj<>endobj +459 0 obj<>endobj +460 0 obj<>endobj +461 0 obj<>endobj +462 0 obj<>endobj +463 0 obj<>endobj +464 0 obj<>endobj +465 0 obj<>endobj +466 0 obj<>endobj +467 0 obj<>endobj +468 0 obj<>endobj +469 0 obj<>endobj +470 0 obj<>endobj +471 0 obj<>endobj +472 0 obj<>endobj +473 0 obj<>endobj +474 0 obj<>endobj +475 0 obj<>endobj +476 0 obj<>endobj +477 0 obj<>endobj +478 0 obj<>endobj +479 0 obj<>endobj +480 0 obj<>endobj +481 0 obj<>endobj +482 0 obj<>endobj +483 0 obj<>endobj +484 0 obj<>endobj +485 0 obj<>endobj +486 0 obj<>endobj +487 0 obj<>endobj +488 0 obj<>endobj +489 0 obj<>endobj +490 0 obj<>endobj +491 0 obj<>endobj +492 0 obj<>endobj +493 0 obj<>endobj +494 0 obj<>endobj +495 0 obj<>endobj +496 0 obj<>endobj +497 0 obj<>endobj +498 0 obj<>endobj +499 0 obj<>endobj +500 0 obj<>endobj +501 0 obj[457 0 R 458 0 R 459 0 R 460 0 R @@ -919,269 +941,281 @@ 475 0 R 476 0 R 477 0 R -478 0 R]endobj -480 0 obj<>endobj -481 0 obj<>endobj -482 0 obj[481 0 R]endobj -483 0 obj<>endobj -484 0 obj<>endobj -485 0 obj<>endobj -486 0 obj<>endobj -487 0 obj[484 0 R -486 0 R]endobj -488 0 obj<>endobj -489 0 obj<>endobj -490 0 obj<>endobj -491 0 obj<>endobj -492 0 obj<>endobj -493 0 obj<>endobj -494 0 obj[489 0 R +478 0 R +479 0 R +480 0 R +481 0 R +482 0 R +483 0 R +484 0 R +485 0 R +486 0 R +487 0 R +488 0 R +489 0 R +490 0 R 491 0 R -493 0 R]endobj -495 0 obj<>endobj -496 0 obj<>endobj -497 0 obj<>endobj -498 0 obj<>endobj -499 0 obj[496 0 R -498 0 R]endobj -500 0 obj<>endobj -501 0 obj<>endobj -502 0 obj[501 0 R]endobj -503 0 obj<>endobj -504 0 obj<>endobj -505 0 obj<>endobj -506 0 obj<>endobj -507 0 obj[504 0 R -506 0 R]endobj -508 0 obj<>endobj -509 0 obj<>endobj -510 0 obj<>endobj -511 0 obj<>endobj -512 0 obj<>endobj -513 0 obj<>endobj -514 0 obj[509 0 R -511 0 R -513 0 R]endobj -515 0 obj<>endobj -516 0 obj<>endobj -517 0 obj[516 0 R]endobj -518 0 obj<>endobj -519 0 obj<>endobj -520 0 obj<>endobj -521 0 obj<>endobj -522 0 obj<>endobj -523 0 obj<>endobj -524 0 obj<>endobj -525 0 obj<>endobj -526 0 obj<>endobj -527 0 obj<>endobj -528 0 obj<>endobj -529 0 obj<>endobj -530 0 obj[519 0 R -521 0 R -523 0 R -525 0 R -527 0 R -529 0 R]endobj -531 0 obj<>endobj -532 0 obj<>endobj -533 0 obj<>endobj -534 0 obj<>endobj -535 0 obj<>endobj -536 0 obj<>endobj -537 0 obj<>endobj -538 0 obj[532 0 R -534 0 R -536 0 R -537 0 R]endobj -539 0 obj<>endobj -540 0 obj<>endobj -541 0 obj<>endobj -542 0 obj<>endobj -543 0 obj<>endobj -544 0 obj<>endobj -545 0 obj<>endobj -546 0 obj<>endobj -547 0 obj<>endobj -548 0 obj<>endobj -549 0 obj<>endobj -550 0 obj[539 0 R -541 0 R +492 0 R +493 0 R +494 0 R +495 0 R +496 0 R +497 0 R +498 0 R +499 0 R +500 0 R]endobj +502 0 obj<>endobj +503 0 obj<>endobj +504 0 obj[503 0 R]endobj +505 0 obj<>endobj +506 0 obj<>endobj +507 0 obj<>endobj +508 0 obj<>endobj +509 0 obj[506 0 R +508 0 R]endobj +510 0 obj<>endobj +511 0 obj<>endobj +512 0 obj<>endobj +513 0 obj<>endobj +514 0 obj<>endobj +515 0 obj<>endobj +516 0 obj[511 0 R +513 0 R +515 0 R]endobj +517 0 obj<>endobj +518 0 obj<>endobj +519 0 obj<>endobj +520 0 obj<>endobj +521 0 obj[518 0 R +520 0 R]endobj +522 0 obj<>endobj +523 0 obj<>endobj +524 0 obj[523 0 R]endobj +525 0 obj<>endobj +526 0 obj<>endobj +527 0 obj<>endobj +528 0 obj<>endobj +529 0 obj[526 0 R +528 0 R]endobj +530 0 obj<>endobj +531 0 obj<>endobj +532 0 obj<>endobj +533 0 obj<>endobj +534 0 obj<>endobj +535 0 obj<>endobj +536 0 obj[531 0 R +533 0 R +535 0 R]endobj +537 0 obj<>endobj +538 0 obj<>endobj +539 0 obj[538 0 R]endobj +540 0 obj<>endobj +541 0 obj<>endobj +542 0 obj<>endobj +543 0 obj<>endobj +544 0 obj<>endobj +545 0 obj<>endobj +546 0 obj<>endobj +547 0 obj<>endobj +548 0 obj<>endobj +549 0 obj<>endobj +550 0 obj<>endobj +551 0 obj<>endobj +552 0 obj[541 0 R 543 0 R 545 0 R 547 0 R -549 0 R]endobj -551 0 obj<>endobj -552 0 obj<>endobj -553 0 obj[552 0 R]endobj -554 0 obj<>endobj -555 0 obj<>endobj -556 0 obj<>endobj -557 0 obj<>endobj -558 0 obj<>endobj -559 0 obj<>endobj -560 0 obj<>endobj -561 0 obj<>endobj -562 0 obj<>endobj -563 0 obj<>endobj -564 0 obj[555 0 R -557 0 R -559 0 R -561 0 R -563 0 R]endobj -565 0 obj<>endobj -566 0 obj<>endobj -567 0 obj[566 0 R]endobj -568 0 obj<>endobj -569 0 obj<>endobj -570 0 obj<>endobj -571 0 obj<>endobj -572 0 obj<>endobj -573 0 obj<>endobj -574 0 obj[569 0 R -571 0 R -573 0 R]endobj -575 0 obj<>endobj -576 0 obj<>endobj -577 0 obj[576 0 R]endobj -578 0 obj<>endobj -579 0 obj<>endobj -580 0 obj<>endobj -581 0 obj<>endobj -582 0 obj<>endobj -583 0 obj<>endobj -584 0 obj[579 0 R +549 0 R +551 0 R]endobj +553 0 obj<>endobj +554 0 obj<>endobj +555 0 obj<>endobj +556 0 obj<>endobj +557 0 obj<>endobj +558 0 obj<>endobj +559 0 obj<>endobj +560 0 obj[554 0 R +556 0 R +558 0 R +559 0 R]endobj +561 0 obj<>endobj +562 0 obj<>endobj +563 0 obj<>endobj +564 0 obj<>endobj +565 0 obj<>endobj +566 0 obj<>endobj +567 0 obj<>endobj +568 0 obj<>endobj +569 0 obj<>endobj +570 0 obj<>endobj +571 0 obj<>endobj +572 0 obj[561 0 R +563 0 R +565 0 R +567 0 R +569 0 R +571 0 R]endobj +573 0 obj<>endobj +574 0 obj<>endobj +575 0 obj[574 0 R]endobj +576 0 obj<>endobj +577 0 obj<>endobj +578 0 obj<>endobj +579 0 obj<>endobj +580 0 obj<>endobj +581 0 obj<>endobj +582 0 obj<>endobj +583 0 obj<>endobj +584 0 obj<>endobj +585 0 obj<>endobj +586 0 obj<>endobj +587 0 obj<>endobj +588 0 obj[577 0 R +579 0 R 581 0 R -583 0 R]endobj -585 0 obj<>endobj -586 0 obj<>endobj -587 0 obj<>endobj -588 0 obj<>endobj -589 0 obj<>endobj -590 0 obj<>endobj -591 0 obj[586 0 R -588 0 R -590 0 R]endobj -592 0 obj<>endobj -593 0 obj<>endobj -594 0 obj<>endobj -595 0 obj<>endobj -596 0 obj<>endobj -597 0 obj<>endobj -598 0 obj<>endobj -599 0 obj<>endobj -600 0 obj[593 0 R -595 0 R -597 0 R -599 0 R]endobj -601 0 obj<>endobj -602 0 obj<>endobj -603 0 obj<>endobj -604 0 obj<>endobj -605 0 obj<>endobj -606 0 obj<>endobj -607 0 obj[602 0 R -604 0 R -606 0 R]endobj -608 0 obj<>endobj -609 0 obj<>endobj -610 0 obj[609 0 R]endobj -611 0 obj<>endobj -612 0 obj<>endobj -613 0 obj[612 0 R]endobj -614 0 obj<>endobj -615 0 obj<>endobj -616 0 obj<>endobj -617 0 obj<>endobj -618 0 obj<>endobj -619 0 obj<>endobj -620 0 obj<>endobj -621 0 obj<>endobj -622 0 obj<>endobj -623 0 obj<>endobj -624 0 obj<>endobj -625 0 obj<>endobj -626 0 obj<>endobj -627 0 obj<>endobj -628 0 obj[615 0 R -617 0 R -619 0 R -621 0 R -623 0 R +583 0 R +585 0 R +587 0 R]endobj +589 0 obj<>endobj +590 0 obj<>endobj +591 0 obj<>endobj +592 0 obj<>endobj +593 0 obj<>endobj +594 0 obj<>endobj +595 0 obj[590 0 R +592 0 R +594 0 R]endobj +596 0 obj<>endobj +597 0 obj<>endobj +598 0 obj[597 0 R]endobj +599 0 obj<>endobj +600 0 obj<>endobj +601 0 obj<>endobj +602 0 obj<>endobj +603 0 obj<>endobj +604 0 obj<>endobj +605 0 obj[600 0 R +602 0 R +604 0 R]endobj +606 0 obj<>endobj +607 0 obj<>endobj +608 0 obj<>endobj +609 0 obj<>endobj +610 0 obj<>endobj +611 0 obj<>endobj +612 0 obj[607 0 R +609 0 R +611 0 R]endobj +613 0 obj<>endobj +614 0 obj<>endobj +615 0 obj<>endobj +616 0 obj<>endobj +617 0 obj<>endobj +618 0 obj<>endobj +619 0 obj<>endobj +620 0 obj<>endobj +621 0 obj[614 0 R +616 0 R +618 0 R +620 0 R]endobj +622 0 obj<>endobj +623 0 obj<>endobj +624 0 obj<>endobj +625 0 obj<>endobj +626 0 obj<>endobj +627 0 obj<>endobj +628 0 obj[623 0 R 625 0 R 627 0 R]endobj -629 0 obj<>endobj -630 0 obj<>endobj +629 0 obj<>endobj +630 0 obj<>endobj 631 0 obj[630 0 R]endobj -632 0 obj<>endobj -633 0 obj<>endobj -634 0 obj<>endobj -635 0 obj<>endobj -636 0 obj<>endobj -637 0 obj<>endobj -638 0 obj<>endobj -639 0 obj<>endobj -640 0 obj[633 0 R -635 0 R -637 0 R -639 0 R]endobj -641 0 obj<>endobj -642 0 obj<>endobj -643 0 obj<>endobj -644 0 obj<>endobj -645 0 obj<>endobj -646 0 obj<>endobj -647 0 obj<>endobj -648 0 obj<>endobj -649 0 obj<>endobj -650 0 obj<>endobj -651 0 obj<>endobj -652 0 obj<>endobj -653 0 obj<>endobj -654 0 obj<>endobj -655 0 obj<>endobj -656 0 obj<>endobj -657 0 obj<>endobj -658 0 obj<>endobj -659 0 obj<>endobj -660 0 obj<>endobj -661 0 obj<>endobj -662 0 obj<>endobj -663 0 obj<>endobj -664 0 obj<>endobj -665 0 obj<>endobj -666 0 obj<>endobj -667 0 obj<>endobj -668 0 obj<>endobj -669 0 obj<>endobj -670 0 obj<>endobj -671 0 obj<>endobj -672 0 obj<>endobj -673 0 obj<>endobj -674 0 obj<>endobj -675 0 obj<>endobj -676 0 obj<>endobj -677 0 obj<>endobj -678 0 obj<>endobj -679 0 obj<>endobj -680 0 obj<>endobj -681 0 obj<>endobj -682 0 obj<>endobj -683 0 obj<>endobj -684 0 obj<>endobj -685 0 obj<>endobj -686 0 obj<>endobj -687 0 obj[642 0 R +632 0 obj<>endobj +633 0 obj<>endobj +634 0 obj[633 0 R]endobj +635 0 obj<>endobj +636 0 obj<>endobj +637 0 obj<>endobj +638 0 obj<>endobj +639 0 obj<>endobj +640 0 obj<>endobj +641 0 obj<>endobj +642 0 obj<>endobj +643 0 obj<>endobj +644 0 obj<>endobj +645 0 obj<>endobj +646 0 obj<>endobj +647 0 obj<>endobj +648 0 obj<>endobj +649 0 obj<>endobj +650 0 obj<>endobj +651 0 obj[636 0 R +638 0 R +640 0 R +642 0 R 644 0 R 646 0 R 648 0 R -650 0 R -652 0 R -654 0 R -656 0 R -658 0 R -660 0 R -662 0 R +650 0 R]endobj +652 0 obj<>endobj +653 0 obj<>endobj +654 0 obj<>endobj +655 0 obj<>endobj +656 0 obj<>endobj +657 0 obj<>endobj +658 0 obj<>endobj +659 0 obj<>endobj +660 0 obj[653 0 R +655 0 R +657 0 R +659 0 R]endobj +661 0 obj<>endobj +662 0 obj<>endobj +663 0 obj<>endobj +664 0 obj<>endobj +665 0 obj<>endobj +666 0 obj<>endobj +667 0 obj<>endobj +668 0 obj<>endobj +669 0 obj<>endobj +670 0 obj<>endobj +671 0 obj<>endobj +672 0 obj<>endobj +673 0 obj<>endobj +674 0 obj<>endobj +675 0 obj<>endobj +676 0 obj<>endobj +677 0 obj<>endobj +678 0 obj<>endobj +679 0 obj<>endobj +680 0 obj<>endobj +681 0 obj<>endobj +682 0 obj<>endobj +683 0 obj<>endobj +684 0 obj<>endobj +685 0 obj<>endobj +686 0 obj<>endobj +687 0 obj<>endobj +688 0 obj<>endobj +689 0 obj<>endobj +690 0 obj<>endobj +691 0 obj<>endobj +692 0 obj<>endobj +693 0 obj<>endobj +694 0 obj<>endobj +695 0 obj<>endobj +696 0 obj<>endobj +697 0 obj<>endobj +698 0 obj<>endobj +699 0 obj<>endobj +700 0 obj<>endobj +701 0 obj<>endobj +702 0 obj<>endobj +703 0 obj<>endobj +704 0 obj<>endobj +705 0 obj<>endobj +706 0 obj<>endobj +707 0 obj[662 0 R 664 0 R 666 0 R 668 0 R @@ -1193,3645 +1227,3798 @@ 680 0 R 682 0 R 684 0 R -686 0 R]endobj -688 0 obj<>endobj -689 0 obj<>endobj -690 0 obj<>endobj -691 0 obj<>endobj -692 0 obj[689 0 R -691 0 R]endobj -693 0 obj<>endobj -694 0 obj<>endobj -695 0 obj<>endobj -696 0 obj<>endobj -697 0 obj[694 0 R -696 0 R]endobj -698 0 obj<>endobj -699 0 obj<>endobj -700 0 obj[699 0 R]endobj -701 0 obj<>endobj -702 0 obj<>endobj -703 0 obj<>endobj -704 0 obj<>endobj -705 0 obj[702 0 R -704 0 R]endobj -706 0 obj<>endobj -707 0 obj<>endobj -708 0 obj<>endobj -709 0 obj<>endobj -710 0 obj[707 0 R -709 0 R]endobj -711 0 obj<>endobj -712 0 obj<>endobj -713 0 obj<>endobj -714 0 obj<>endobj -715 0 obj<>endobj -716 0 obj<>endobj -717 0 obj<>endobj -718 0 obj<>endobj -719 0 obj<>endobj -720 0 obj<>endobj -721 0 obj<>endobj -722 0 obj<>endobj -723 0 obj<>endobj -724 0 obj<>endobj -725 0 obj<>endobj -726 0 obj<>endobj -727 0 obj[712 0 R -714 0 R -716 0 R -718 0 R -720 0 R -722 0 R -724 0 R -726 0 R]endobj -728 0 obj<>endobj -729 0 obj<>endobj -730 0 obj<>endobj -731 0 obj<>endobj -732 0 obj[729 0 R -731 0 R]endobj -733 0 obj<>endobj -734 0 obj<>endobj -735 0 obj[734 0 R]endobj -736 0 obj<>endobj -737 0 obj<>endobj -738 0 obj<>endobj -739 0 obj<>endobj -740 0 obj<>endobj -741 0 obj<>endobj -742 0 obj<>endobj -743 0 obj<>endobj -744 0 obj<>endobj -745 0 obj<>endobj -746 0 obj<>endobj -747 0 obj<>endobj -748 0 obj[737 0 R -739 0 R -741 0 R -743 0 R -745 0 R -747 0 R]endobj -749 0 obj<>endobj -750 0 obj<>endobj -751 0 obj<>endobj -752 0 obj<>endobj -753 0 obj<>endobj -754 0 obj<>endobj -755 0 obj<>endobj -756 0 obj<>endobj -757 0 obj[750 0 R -752 0 R -754 0 R -756 0 R]endobj -758 0 obj<>endobj -759 0 obj<>endobj -760 0 obj<>endobj -761 0 obj<>endobj -762 0 obj<>endobj -763 0 obj<>endobj -764 0 obj<>endobj -765 0 obj<>endobj -766 0 obj<>endobj -767 0 obj<>endobj -768 0 obj<>endobj -769 0 obj<>endobj -770 0 obj<>endobj -771 0 obj<>endobj -772 0 obj[759 0 R +686 0 R +688 0 R +690 0 R +692 0 R +694 0 R +696 0 R +698 0 R +700 0 R +702 0 R +704 0 R +706 0 R]endobj +708 0 obj<>endobj +709 0 obj<>endobj +710 0 obj<>endobj +711 0 obj<>endobj +712 0 obj[709 0 R +711 0 R]endobj +713 0 obj<>endobj +714 0 obj<>endobj +715 0 obj<>endobj +716 0 obj<>endobj +717 0 obj[714 0 R +716 0 R]endobj +718 0 obj<>endobj +719 0 obj<>endobj +720 0 obj[719 0 R]endobj +721 0 obj<>endobj +722 0 obj<>endobj +723 0 obj<>endobj +724 0 obj<>endobj +725 0 obj[722 0 R +724 0 R]endobj +726 0 obj<>endobj +727 0 obj<>endobj +728 0 obj<>endobj +729 0 obj<>endobj +730 0 obj[727 0 R +729 0 R]endobj +731 0 obj<>endobj +732 0 obj<>endobj +733 0 obj<>endobj +734 0 obj<>endobj +735 0 obj<>endobj +736 0 obj<>endobj +737 0 obj<>endobj +738 0 obj<>endobj +739 0 obj<>endobj +740 0 obj<>endobj +741 0 obj<>endobj +742 0 obj<>endobj +743 0 obj<>endobj +744 0 obj<>endobj +745 0 obj<>endobj +746 0 obj<>endobj +747 0 obj[732 0 R +734 0 R +736 0 R +738 0 R +740 0 R +742 0 R +744 0 R +746 0 R]endobj +748 0 obj<>endobj +749 0 obj<>endobj +750 0 obj<>endobj +751 0 obj<>endobj +752 0 obj[749 0 R +751 0 R]endobj +753 0 obj<>endobj +754 0 obj<>endobj +755 0 obj[754 0 R]endobj +756 0 obj<>endobj +757 0 obj<>endobj +758 0 obj<>endobj +759 0 obj<>endobj +760 0 obj<>endobj +761 0 obj<>endobj +762 0 obj<>endobj +763 0 obj<>endobj +764 0 obj<>endobj +765 0 obj<>endobj +766 0 obj<>endobj +767 0 obj<>endobj +768 0 obj[757 0 R +759 0 R 761 0 R 763 0 R 765 0 R -767 0 R -769 0 R -771 0 R]endobj -773 0 obj<>endobj -774 0 obj<>endobj -775 0 obj[774 0 R]endobj -776 0 obj<>endobj -777 0 obj<>endobj -778 0 obj[777 0 R]endobj -779 0 obj<>endobj -780 0 obj<>endobj -781 0 obj[780 0 R]endobj -782 0 obj<>endobj -783 0 obj<>endobj -784 0 obj<>endobj -785 0 obj<>endobj -786 0 obj<>endobj -787 0 obj<>endobj -788 0 obj<>endobj -789 0 obj<>endobj -790 0 obj<>endobj -791 0 obj<>endobj -792 0 obj[783 0 R -785 0 R -787 0 R -789 0 R -791 0 R]endobj -793 0 obj<>endobj -794 0 obj<>endobj -795 0 obj<>endobj -796 0 obj<>endobj -797 0 obj<>endobj -798 0 obj<>endobj -799 0 obj<>endobj -800 0 obj<>endobj -801 0 obj[794 0 R -796 0 R -798 0 R -800 0 R]endobj -802 0 obj<>endobj -803 0 obj<>endobj -804 0 obj[803 0 R]endobj -805 0 obj<>endobj -806 0 obj<>endobj -807 0 obj[806 0 R]endobj -808 0 obj<>endobj -809 0 obj<>endobj -810 0 obj<>endobj -811 0 obj<>endobj -812 0 obj<>endobj -813 0 obj<>endobj -814 0 obj[809 0 R -811 0 R -813 0 R]endobj -815 0 obj<>endobj -816 0 obj<>endobj -817 0 obj[816 0 R]endobj -818 0 obj<>endobj -819 0 obj<>endobj -820 0 obj<>endobj -821 0 obj<>endobj -822 0 obj<>endobj -823 0 obj<>endobj -824 0 obj<>endobj -825 0 obj<>endobj -826 0 obj<>endobj -827 0 obj<>endobj -828 0 obj<>endobj -829 0 obj<>endobj -830 0 obj<>endobj -831 0 obj<>endobj -832 0 obj<>endobj -833 0 obj<>endobj -834 0 obj<>endobj -835 0 obj<>endobj -836 0 obj<>endobj -837 0 obj<>endobj -838 0 obj<>endobj -839 0 obj<>endobj -840 0 obj<>endobj -841 0 obj<>endobj -842 0 obj<>endobj -843 0 obj<>endobj -844 0 obj<>endobj -845 0 obj<>endobj -846 0 obj<>endobj -847 0 obj<>endobj -848 0 obj<>endobj -849 0 obj<>endobj -850 0 obj<>endobj -851 0 obj<>endobj -852 0 obj<>endobj -853 0 obj<>endobj -854 0 obj<>endobj -855 0 obj<>endobj -856 0 obj<>endobj -857 0 obj<>endobj -858 0 obj<>endobj -859 0 obj<>endobj -860 0 obj<>endobj -861 0 obj<>endobj -862 0 obj<>endobj -863 0 obj<>endobj -864 0 obj<>endobj -865 0 obj<>endobj -866 0 obj<>endobj -867 0 obj<>endobj -868 0 obj<>endobj -869 0 obj<>endobj -870 0 obj<>endobj -871 0 obj<>endobj -872 0 obj<>endobj -873 0 obj<>endobj -874 0 obj<>endobj -875 0 obj<>endobj -876 0 obj<>endobj -877 0 obj<>endobj -878 0 obj<>endobj -879 0 obj<>endobj -880 0 obj<>endobj -881 0 obj<>endobj -882 0 obj<>endobj -883 0 obj<>endobj -884 0 obj<>endobj -885 0 obj<>endobj -886 0 obj<>endobj -887 0 obj<>endobj -888 0 obj<>endobj -889 0 obj<>endobj -890 0 obj<>endobj -891 0 obj<>endobj -892 0 obj<>endobj -893 0 obj<>endobj -894 0 obj<>endobj -895 0 obj<>endobj -896 0 obj<>endobj -897 0 obj<>endobj -898 0 obj<>endobj -899 0 obj<>endobj -900 0 obj<>endobj -901 0 obj<>endobj -902 0 obj<>endobj -903 0 obj<>endobj -904 0 obj<>endobj -905 0 obj<>endobj -906 0 obj<>endobj -907 0 obj<>endobj -908 0 obj<>endobj -909 0 obj<>endobj -910 0 obj<>endobj -911 0 obj<>endobj -912 0 obj<>endobj -913 0 obj<>endobj -914 0 obj<>endobj -915 0 obj<>endobj -916 0 obj<>endobj -917 0 obj<>endobj -918 0 obj<>endobj -919 0 obj<>endobj -920 0 obj<>endobj -921 0 obj<>endobj -922 0 obj<>endobj -923 0 obj<>endobj -924 0 obj<>endobj -925 0 obj<>endobj -926 0 obj<>endobj -927 0 obj<>endobj -928 0 obj<>endobj -929 0 obj<>endobj -930 0 obj<>endobj -931 0 obj<>endobj -932 0 obj<>endobj -933 0 obj<>endobj -934 0 obj<>endobj -935 0 obj<>endobj -936 0 obj<>endobj -937 0 obj<>endobj -938 0 obj<>endobj -939 0 obj<>endobj -940 0 obj<>endobj -941 0 obj<>endobj -942 0 obj<>endobj -943 0 obj<>endobj -944 0 obj<>endobj -945 0 obj<>endobj -946 0 obj<>endobj -947 0 obj<>endobj -948 0 obj<>endobj -949 0 obj<>endobj -950 0 obj<>endobj -951 0 obj<>endobj -952 0 obj<>endobj -953 0 obj<>endobj -954 0 obj<>endobj -955 0 obj<>endobj -956 0 obj<>endobj -957 0 obj<>endobj -958 0 obj<>endobj -959 0 obj<>endobj -960 0 obj<>endobj -961 0 obj<>endobj -962 0 obj<>endobj -963 0 obj<>endobj -964 0 obj<>endobj -965 0 obj<>endobj -966 0 obj<>endobj -967 0 obj<>endobj -968 0 obj<>endobj -969 0 obj<>endobj -970 0 obj<>endobj -971 0 obj<>endobj -972 0 obj<>endobj -973 0 obj<>endobj -974 0 obj<>endobj -975 0 obj<>endobj -976 0 obj<>endobj -977 0 obj<>endobj -978 0 obj<>endobj -979 0 obj<>endobj -980 0 obj<>endobj -981 0 obj<>endobj -982 0 obj<>endobj -983 0 obj<>endobj -984 0 obj<>endobj -985 0 obj<>endobj -986 0 obj<>endobj -987 0 obj<>endobj -988 0 obj<>endobj -989 0 obj<>endobj -990 0 obj<>endobj -991 0 obj<>endobj -992 0 obj<>endobj -993 0 obj<>endobj -994 0 obj<>endobj -995 0 obj<>endobj -996 0 obj<>endobj -997 0 obj<>endobj -998 0 obj<>endobj -999 0 obj<>endobj -1000 0 obj<>endobj -1001 0 obj<>endobj -1002 0 obj<>endobj -1003 0 obj<>endobj -1004 0 obj<>endobj -1005 0 obj<>endobj -1006 0 obj<>endobj -1007 0 obj<>endobj -1008 0 obj<>endobj -1009 0 obj<>endobj -1010 0 obj<>endobj -1011 0 obj<>endobj -1012 0 obj<>endobj -1013 0 obj<>endobj -1014 0 obj<>endobj -1015 0 obj<>endobj -1016 0 obj<>endobj -1017 0 obj<>endobj -1018 0 obj<>endobj -1019 0 obj<>endobj -1020 0 obj<>endobj -1021 0 obj<>endobj -1022 0 obj<>endobj -1023 0 obj<>endobj -1024 0 obj<>endobj -1025 0 obj<>endobj -1026 0 obj<>endobj -1027 0 obj<>endobj -1028 0 obj<>endobj -1029 0 obj<>endobj -1030 0 obj<>endobj -1031 0 obj<>endobj -1032 0 obj<>endobj -1033 0 obj<>endobj -1034 0 obj<>endobj -1035 0 obj<>endobj -1036 0 obj<>endobj -1037 0 obj<>endobj -1038 0 obj<>endobj -1039 0 obj<>endobj -1040 0 obj<>endobj -1041 0 obj<>endobj -1042 0 obj<>endobj -1043 0 obj<>endobj -1044 0 obj<>endobj -1045 0 obj<>endobj -1046 0 obj<>endobj -1047 0 obj<>endobj -1048 0 obj<>endobj -1049 0 obj<>endobj -1050 0 obj<>endobj -1051 0 obj<>endobj -1052 0 obj<>endobj -1053 0 obj<>endobj -1054 0 obj<>endobj -1055 0 obj<>endobj -1056 0 obj<>endobj -1057 0 obj<>endobj -1058 0 obj<>endobj -1059 0 obj<>endobj -1060 0 obj<>endobj -1061 0 obj<>endobj -1062 0 obj<>endobj -1063 0 obj<>endobj -1064 0 obj<>endobj -1065 0 obj<>endobj -1066 0 obj<>endobj -1067 0 obj<>endobj -1068 0 obj<>endobj +770 0 obj<>endobj +771 0 obj<>endobj +772 0 obj<>endobj +773 0 obj<>endobj +774 0 obj<>endobj +775 0 obj<>endobj +776 0 obj<>endobj +777 0 obj[770 0 R +772 0 R +774 0 R +776 0 R]endobj +778 0 obj<>endobj +779 0 obj<>endobj +780 0 obj[779 0 R]endobj +781 0 obj<>endobj +782 0 obj<>endobj +783 0 obj<>endobj +784 0 obj<>endobj +785 0 obj<>endobj +786 0 obj<>endobj +787 0 obj<>endobj +788 0 obj<>endobj +789 0 obj<>endobj +790 0 obj<>endobj +791 0 obj<>endobj +792 0 obj<>endobj +793 0 obj[782 0 R +784 0 R +786 0 R +788 0 R +790 0 R +792 0 R]endobj +794 0 obj<>endobj +795 0 obj<>endobj +796 0 obj[795 0 R]endobj +797 0 obj<>endobj +798 0 obj<>endobj +799 0 obj[798 0 R]endobj +800 0 obj<>endobj +801 0 obj<>endobj +802 0 obj[801 0 R]endobj +803 0 obj<>endobj +804 0 obj<>endobj +805 0 obj<>endobj +806 0 obj<>endobj +807 0 obj<>endobj +808 0 obj<>endobj +809 0 obj<>endobj +810 0 obj<>endobj +811 0 obj<>endobj +812 0 obj<>endobj +813 0 obj[804 0 R +806 0 R +808 0 R +810 0 R +812 0 R]endobj +814 0 obj<>endobj +815 0 obj<>endobj +816 0 obj<>endobj +817 0 obj<>endobj +818 0 obj<>endobj +819 0 obj<>endobj +820 0 obj<>endobj +821 0 obj<>endobj +822 0 obj[815 0 R +817 0 R +819 0 R +821 0 R]endobj +823 0 obj<>endobj +824 0 obj<>endobj +825 0 obj[824 0 R]endobj +826 0 obj<>endobj +827 0 obj<>endobj +828 0 obj[827 0 R]endobj +829 0 obj<>endobj +830 0 obj<>endobj +831 0 obj<>endobj +832 0 obj<>endobj +833 0 obj<>endobj +834 0 obj<>endobj +835 0 obj[830 0 R +832 0 R +834 0 R]endobj +836 0 obj<>endobj +837 0 obj<>endobj +838 0 obj[837 0 R]endobj +839 0 obj<>endobj +840 0 obj<>endobj +841 0 obj<>endobj +842 0 obj<>endobj +843 0 obj<>endobj +844 0 obj<>endobj +845 0 obj<>endobj +846 0 obj<>endobj +847 0 obj<>endobj +848 0 obj<>endobj +849 0 obj<>endobj +850 0 obj<>endobj +851 0 obj<>endobj +852 0 obj<>endobj +853 0 obj<>endobj +854 0 obj<>endobj +855 0 obj<>endobj +856 0 obj<>endobj +857 0 obj<>endobj +858 0 obj<>endobj +859 0 obj<>endobj +860 0 obj<>endobj +861 0 obj<>endobj +862 0 obj<>endobj +863 0 obj<>endobj +864 0 obj<>endobj +865 0 obj<>endobj +866 0 obj<>endobj +867 0 obj<>endobj +868 0 obj<>endobj +869 0 obj<>endobj +870 0 obj<>endobj +871 0 obj<>endobj +872 0 obj<>endobj +873 0 obj<>endobj +874 0 obj<>endobj +875 0 obj<>endobj +876 0 obj<>endobj +877 0 obj<>endobj +878 0 obj<>endobj +879 0 obj<>endobj +880 0 obj<>endobj +881 0 obj<>endobj +882 0 obj<>endobj +883 0 obj<>endobj +884 0 obj<>endobj +885 0 obj<>endobj +886 0 obj<>endobj +887 0 obj<>endobj +888 0 obj<>endobj +889 0 obj<>endobj +890 0 obj<>endobj +891 0 obj<>endobj +892 0 obj<>endobj +893 0 obj<>endobj +894 0 obj<>endobj +895 0 obj<>endobj +896 0 obj<>endobj +897 0 obj<>endobj +898 0 obj<>endobj +899 0 obj<>endobj +900 0 obj<>endobj +901 0 obj<>endobj +902 0 obj<>endobj +903 0 obj<>endobj +904 0 obj<>endobj +905 0 obj<>endobj +906 0 obj<>endobj +907 0 obj<>endobj +908 0 obj<>endobj +909 0 obj<>endobj +910 0 obj<>endobj +911 0 obj<>endobj +912 0 obj<>endobj +913 0 obj<>endobj +914 0 obj<>endobj +915 0 obj<>endobj +916 0 obj<>endobj +917 0 obj<>endobj +918 0 obj<>endobj +919 0 obj<>endobj +920 0 obj<>endobj +921 0 obj<>endobj +922 0 obj<>endobj +923 0 obj<>endobj +924 0 obj<>endobj +925 0 obj<>endobj +926 0 obj<>endobj +927 0 obj<>endobj +928 0 obj<>endobj +929 0 obj<>endobj +930 0 obj<>endobj +931 0 obj<>endobj +932 0 obj<>endobj +933 0 obj<>endobj +934 0 obj<>endobj +935 0 obj<>endobj +936 0 obj<>endobj +937 0 obj<>endobj +938 0 obj<>endobj +939 0 obj<>endobj +940 0 obj<>endobj +941 0 obj<>endobj +942 0 obj<>endobj +943 0 obj<>endobj +944 0 obj<>endobj +945 0 obj<>endobj +946 0 obj<>endobj +947 0 obj<>endobj +948 0 obj<>endobj +949 0 obj<>endobj +950 0 obj<>endobj +951 0 obj<>endobj +952 0 obj<>endobj +953 0 obj<>endobj +954 0 obj<>endobj +955 0 obj<>endobj +956 0 obj<>endobj +957 0 obj<>endobj +958 0 obj<>endobj +959 0 obj<>endobj +960 0 obj<>endobj +961 0 obj<>endobj +962 0 obj<>endobj +963 0 obj<>endobj +964 0 obj<>endobj +965 0 obj<>endobj +966 0 obj<>endobj +967 0 obj<>endobj +968 0 obj<>endobj +969 0 obj<>endobj +970 0 obj<>endobj +971 0 obj<>endobj +972 0 obj<>endobj +973 0 obj<>endobj +974 0 obj<>endobj +975 0 obj<>endobj +976 0 obj<>endobj +977 0 obj<>endobj +978 0 obj<>endobj +979 0 obj<>endobj +980 0 obj<>endobj +981 0 obj<>endobj +982 0 obj<>endobj +983 0 obj<>endobj +984 0 obj<>endobj +985 0 obj<>endobj +986 0 obj<>endobj +987 0 obj<>endobj +988 0 obj<>endobj +989 0 obj<>endobj +990 0 obj<>endobj +991 0 obj<>endobj +992 0 obj<>endobj +993 0 obj<>endobj +994 0 obj<>endobj +995 0 obj<>endobj +996 0 obj<>endobj +997 0 obj<>endobj +998 0 obj<>endobj +999 0 obj<>endobj +1000 0 obj<>endobj +1001 0 obj<>endobj +1002 0 obj<>endobj +1003 0 obj<>endobj +1004 0 obj<>endobj +1005 0 obj<>endobj +1006 0 obj<>endobj +1007 0 obj<>endobj +1008 0 obj<>endobj +1009 0 obj<>endobj +1010 0 obj<>endobj +1011 0 obj<>endobj +1012 0 obj<>endobj +1013 0 obj<>endobj +1014 0 obj<>endobj +1015 0 obj<>endobj +1016 0 obj<>endobj +1017 0 obj<>endobj +1018 0 obj<>endobj +1019 0 obj<>endobj +1020 0 obj<>endobj +1021 0 obj<>endobj +1022 0 obj<>endobj +1023 0 obj<>endobj +1024 0 obj<>endobj +1025 0 obj<>endobj +1026 0 obj<>endobj +1027 0 obj<>endobj +1028 0 obj<>endobj +1029 0 obj<>endobj +1030 0 obj<>endobj +1031 0 obj<>endobj +1032 0 obj<>endobj +1033 0 obj<>endobj +1034 0 obj<>endobj +1035 0 obj<>endobj +1036 0 obj<>endobj +1037 0 obj<>endobj +1038 0 obj<>endobj +1039 0 obj<>endobj +1040 0 obj<>endobj +1041 0 obj<>endobj +1042 0 obj<>endobj +1043 0 obj<>endobj +1044 0 obj<>endobj +1045 0 obj<>endobj +1046 0 obj<>endobj +1047 0 obj<>endobj +1048 0 obj<>endobj +1049 0 obj<>endobj +1050 0 obj<>endobj +1051 0 obj<>endobj +1052 0 obj<>endobj +1053 0 obj<>endobj +1054 0 obj<>endobj +1055 0 obj<>endobj +1056 0 obj<>endobj +1057 0 obj<>endobj +1058 0 obj<>endobj +1059 0 obj<>endobj +1060 0 obj<>endobj +1061 0 obj<>endobj +1062 0 obj<>endobj +1063 0 obj<>endobj +1064 0 obj<>endobj +1065 0 obj<>endobj +1066 0 obj<>endobj +1067 0 obj<>endobj +1068 0 obj<>endobj +1069 0 obj<>endobj +1070 0 obj<>endobj +1071 0 obj<>endobj +1072 0 obj<>endobj +1073 0 obj<>endobj +1074 0 obj<>endobj +1075 0 obj<>endobj +1076 0 obj<>endobj +1077 0 obj<>endobj +1078 0 obj<>endobj +1079 0 obj<>endobj +1080 0 obj<>endobj +1081 0 obj<>endobj +1082 0 obj<>endobj +1083 0 obj<>endobj +1084 0 obj<>endobj +1085 0 obj<>endobj +1086 0 obj<>endobj +1087 0 obj<>endobj +1088 0 obj<>endobj +1089 0 obj<>endobj +1090 0 obj<>endobj +1091 0 obj<>endobj +1092 0 obj<>endobj +1093 0 obj<>endobj +1094 0 obj<>endobj +1095 0 obj<>endobj +1096 0 obj<>endobj +1097 0 obj<>endobj +1098 0 obj<>endobj +1099 0 obj<>endobj -1069 0 obj<>/XObject<<>>>>>>endobj -1070 0 obj<>stream +1100 0 obj<>/XObject<<>>>>>>endobj +1101 0 obj<>stream x+ä2T0BCs#c3…ä\.§.}7K#…4K=3cS’¢` g`NÖvôurT(ÊÏJM.QpÉO.ÍMÍ+I,ÉÌÏÓ Éâr á ä«endstream endobj -1071 0 obj<>/XObject<<>>>>/Annots 58 0 R>>endobj -1072 0 obj<>stream -xÕ[MsÉ ½ëWÌ-›ªˆšïæ’’í8q•íu,ºœëHI\“…¤äÝ¿@7š´äª˜TíêÍ#º4 ôÌþï(KRü?Kš<)êäb~”ŽR<Ѽÿ=IêrŒΓbéW±ØM6€Æ7¶WÙ†8þŠ’û~ÜÊ'/¿ªëþ–€â±jƒOÒ¿ó#ô¥i|ô¾ïÄxdß*¬²¾éù‡õe^w¼Gq Ôú춻î9#PèŸ2zØÇ8ÅÜfÝålÛÏËéâš,¦F«Žyk—žMÝr*F#q¥òd[&šLm½e¨]FçÛFO -£,ÔU[É.&‚d:¿–ënÁ[åx•Çä½²‰ò'[øèTù ØöÁóeß­9ÐqX—1›ïZõÕüœ¢ƒŠ©¶ ûábX\M¯ï–zz¡ŠH³¸­®¦³~Ä{n‚ÌžSBKóÓ-ßcÎ(·¡ùÎïï?†»%î“ NQZôÅl0ŠZ͸Ÿ§ë›0€¥œ5Rëm·ä3{(yx¿î‰ÞA!ý˜{ªm÷œ­»å:$ Ü¥T_ É©ØšúÃpÈàŠ°.B‘,æçñ‡?¼rþ§¨V8¶­íب:qˆ?¾ê«å ÕP9ÊÔÐé¢__Ž(r(ðª¨i~èéŒ-¿eñÏeßRZ•úõt¶î— ìóûžý€<Ç4€ŠÂ£r™“S&Ú–:&–ŽOÊ‚¤#oàå“úé²ëçR ã •#{Ùcšû7÷õöf˜,ÿ áPžMWº?Ðv=xˆ®nºe8BñÓ")Ý}7Q¿Á1‚¶1zN<âÏ¥‰iÕ/ï{ÉW¸—/¾û©”¥â2¼9Çùð‘Û|›×°#hBb¡t=Av§Î…ÙÝbú;)†JÕrìÅlŠÎŠ£SDSÇ¡¼—@’Aƒsp¿òˆgÚÿÛ3;3ÌÖVzñëÙßØ~dë°‘?^}¼æg´¹ŠXæ}œ.Æ¿ëã2Ö»xüv"Ç£ ­±$<Î?mÿú׳“œŸ¢»¶Î°__À;¬î™òÏ‹ƒO;¾¾8Á«^ÔúSëãM'këG}Ź•¾ÀhâD“D§ĬÇ‹añ‘G"ŽMÐÇaùé¤*Z£* °ÇxÙ=tŒ"Ü‚¸öbÚ]/†UÜ%¸Nöw Hs¶Ù=õéîá÷ý4ãnû\ âb¸åœæ/’W/ä<À ¦xDì[½o?˜zßÝó›A×÷äYL*;»EÜù¬‡‹aF…”t]’×ý}ÏOáŒ:îªoUì;ü.Ø–yËÞ-§‹˜ƒ)5TqOìÌ4Þ¾ú/ïvémƒí²­ŒôÜròxT—1£¼{N£áûí-¾ƒ™ÀdéAöz¸øK\.”ö}f<¬ä6 7?›eÜ›îö6êíï?  Xts©4ðrP›×#ÿG¢¾¿=Åë9 -Äx÷E¢£D‹#­x8·ÈY´êæçeÙÝ•AÔ{†Xþ!îš$+(¼ýE¤Q÷j±^—w(‚¤ÌCLÂ%‡zlƱh§ÊŸ®Vwó[R“y¼JÙå‡'z&î?†fª4µú¬nþ@åñDêúiƒêå¦æœ,[¼Fˆ…Ÿ¹x‡o9ýðw°ÅßÆl™Á©í€Í(IcdªGÌàmòó›ÁÖ°Õ·­ÿìç7£&k~3øºú€Í`7?¾Åù2íç7ƒ/ÀØ y¹ñh•–_-è}íz¦B&fà ËÈÖ(MÉ¡B}„g멼OÆ]hQÆ—?7Ý}ìGðy˜¾-E{‡ËŠß² ƒŽ÷›æ¬'øKÖÇ÷$ø>Óµ$(Ïûë%.¿å)>]ÁˆîÂÞœñ"òÛ7éHp;v9|æâ’.ùõ×ÿŸq¿ {1 ·œø€.ÞÝ$gÚ×àBœm¾É8£ùÅßbž^÷‹ËÐf^_Ü"&…Åæ[´¾´>h.ó:†æû~5Ìî´×ÂørGÖnÊï÷ñ~â+ŒÛ»¥Œ‰&M_|ÀôÉëé⎯¡é[$}é…EŸÅÏ ÆñÛŠ=­dp¾¬5œàöäfý}•tp­e\9ÖM[V/I†Ù½¾6«ñŸÃˆú™¼=6•&o«ÊÕ}Ë÷``‰Ê'/ÛðmÇ)>äsã·]ñ[µdëÛ´ÿÕTI·º Þ˜áçSÚZÿœýçèO ÿ…endstream -endobj -1073 0 obj<>/XObject<<>>>>/Annots 103 0 R>>endobj -1074 0 obj<>stream -xÍ\MsǽëWì!ç@û‰Å)¥+V•%+!¥*•‚",Ë eÿ{¿×3Óó@‚ч)JV•Ä‡‡™íîéééîúÊbŒ?e1©Šº+æ«ãÑŸø_ÿü;?)ºfŠ¿WE[ª.ŠãW˜bÔ'pU”åto b°];ªe¨b°}?ꕼ*ªªqùL$ƒu‹!Z×£IÑ"YwünU:]Ň 'ÇÔ7“ŠÁVãÑTYÁ`›šòúÄŠÁNŠ”YÁ`§5˜YÁеî÷DV vZŽJÛš% He'Æ ²ñв¡ÀN*vu2Ô‹óR<ÔY{h;í°Úñ¡øCWV-¾“IÅ|(×(³aÚ¾6'´õo pZ8î`¢L†ÝÔÜaÂåo ˜<Òœ<“a`Û™«ô”l Ø3äÀéi>ÖÂH4{;Á?p @ŠÊ5ɤb° EXÁ`;Î/¬`°}»?³`°X½±‚¹ŸL“Ÿ"+ Zy®b°0°j¤xUÔ˜ö™ƒE¼˜(+ìtÊeÍc¯Š¦®ög¶…­Çæ„m‰½Ú°%ÈpU@sØØ90SÝÐLN*æLiˆÌ -æôtîÌ -†™°[T$Å\€ro¬b°™ØgV vÊP™Ÿ«FÄ>‡}¬b°po•Y1LŒ}… écÃö('°{Úçhb .mäzn½È &Æšû@š8a°­m³Ì -æ0¼ÉXÁ`'zb+fBtªÎ* ùUä ê˜Aªš0U3ÄCË’â;©˜,#±²ƒmÍcòXÁTgLu2+,B!Ôɬ`¨ƒ0osV1Ma[ ³‚Á¨:³bx f†¡|¬b°µ… -gÍŒÍtl~ÚÐŒ¡N]ÂM3©,b@¥¬`°pâ½±‚¡¶V#cƒE¤ k¼ã0CnŒ4@™5ö}‹ñm¤,B&âØÉBö8®3jeRqФWš$ vÒRŸX14«M„UÌEÍRP(Å\6¦Nyæ`¬%½#§ˆ¶)pUô —Ô9;Š;&EæÆ< Fý D%H+ÔœÕÉ0³ÙáÊÐÒàÀ6C ÄXÞIÅ`¡$¦Í¬`°¶É3ËÅ®!%C˜DÀg -DŒl`ðErá?5”Ìœ@*™ŸÀŠ)Íxo¨b,&âr/+[MöDR a°Ö±‚Áš³g‘ÍôµÅF¬™ÍkÀLÏX\#dq=a=˜È9Ó 4ªG« ˆ)+*âœ@ØQ¦uR1X¬u£¬`Úi–Œ JŸ<³`Ú¯Þ«,J,ªUL]¹M2ì‡i'¦éc€†˜dW±YqÍQk'ƒÅ†Ä#3+˜Ê˜!œU ¶™pÙ2+˜ªf måSUFl+[¦ì¹x>³b°ØáX¼Ì2w«Ç¡~³|9>U bQOyí‹äš aç`Âa¤’ya&ƒ…Ú黜V1 \ÂÅe¬`²æKþXÅ0’Ãy¬b°a§úXó– -‚ÛŽ¢ñ Læ-‰CÑW 'ÕL4óÀ0)ö§U„6© çHDðÿ™LF˜¾>•AÖk¥û#ÿår! ŽžŽY³3Qr¦(N™)ÚPqسŸM+æü=R1!ÊE´GœËšgèS$ÎÖ°”û™3Z¦–p%J&|Í–!&lä³ aK]ìçÏ>adJœ*8B%ÒódwîñɃ‡ÏXÇÅÉ8¤ÐmÑMšâäÔÞTàãùw'³7‹b8+ž ëÝb½Ûþõ䌂ۗu‡UöÝs|çíf¶[®ßò{\ó®Æ‹PÅ‹c~„„´jã'¯—ëÓá½ÍˆöȤãK~s½Ø½6ï‰÷ËÝ9'Šm5ÏVofA*¸}” -±¯'Iæ|¸ØÍ®·[Ì0?͇õGLàMQ˜ÑWü¯œR˜#&Xmùålµ0eñq×Ge7‹ípqµ[kR´Z2æÌÌ÷™–ÉâWÛÅ©Í€`íÒ†K¦cßuqâ¸:p›&ͨ˃<ÆgˆË“Öx<šÔU˜ålXÍU-–897C ¯XÂCƒ¼\ì?ÿÉ\ -ªn%(Üjðæ2YíÉl¦@«¼ë¿ÆŠW¥©ÅfåûñÅ?Ÿ˜bÜðý$*|¶¼V@,GÅîÀÞŸ7EU™:=oßc.wÜ|a¡Dnw¡Ï{è]ªjS]"l"×âéK³}•êÇaxwuÉo2Éú¾s‹ÞIüý¨ñúy”-!ß,¢ú¸ÓoE‰¨ZRbÿ†÷46rÁºOqÿÍÇDŒ7{»ýìj=g0ÜrÈ3[[èC¤óããܧÎñb7p(¦oªâtqy1ün+ŽœÈ#ËvÇ£ÐdëGGÃC ‹õiú:ê…¾ù *WIAT|­ïz?ܹ¦} Ö×¢j(ÕQDJÒÑòI+^ÜÒ·‹ùÕf¹ J#©¤ca¸tó"ëC"F£CZ¤yyø.ß^mÌ”læŽÓVse‘µe»Ÿ ["´³]¬íb±ºXlò#wj“\Ë”€Ä/öËNU̇@ ~øóöæ¡ó ‡äËÕ]öwï„žÙAŒ$%ç8³«Ý9ò¬åYTPÝƱh¾ùuaA‘Ú¶1eºîŸ«ÎŒQ•è7‰5^ÌÞׇ,M:’¯—åb¨Õ|Û­«7Adܳ˜LÓèÁR°™ãÏ™üV¿>V³˜¡ºmc}ØŒÉ\(sÔ\H–÷|¼óP|‹ÍîØ5ü|©¡šDit·@áùBX Ål‘|+§Œ,b]ªÞ€—#äZù’–-¥¶Ø½mJ¦_=zAÅ±ë² §Ð„4ÜÝút¹Ým–o®v!÷F7§9ð©EͲçØì›ÙÅ…Å^„ÃÊgZÍÖ³·at{sÁs3BðUVª‡DÝü±²òãá3¯ž*²²ùÝgy5)Z:’‘ðu¤%€)ÄýZÐðwªô||º¿R详SäÑÍ|ËÑûEÅN“ס&*“eU’­ÑxD¥’íäÀùìÀ+¼Iª«CÀÛËu¶«7^ #ò”+=úþ­­4’M‰ÖXÞ’? ÛÔM@oɽª°S&—ïÅ‹å|3l‡3Û`M?j»´˜×–ß+ųXT¡QšÍtüûv·Xq£â‰µ§»Í"èrúäá„æ ¯¤}· ‹™bÝé.¨­ðÒ½ŠŽ·:õó5ÂÏ•$ÅîÕ÷°”ÿˆ Ç®¤ˆG¿v ;ÑßùªW×t ñV4"õùùåóÛ9¡õ׫ÅfµÜòt$…#!g·—¡¥Æ–¸gý1´Ò+ûn5u×fYL4ûÑ8Å£ù<æƸ§›Ók‡Ýf¸0ÇF‹ØóÒ“Ù'Ø{wæ°µÕ%ê¬H±ÕYÿµ\¼g-ï°x½wèh™ŸÏÖos ˜3âdqÞ¡«SSðÒ-nš¡)›ë»Ã•²nZ¦Ä=@/ù$ñ·g”ËÙÅðÖž«×ÍgdæÁ^Øû%ý¡Šø@Ùú+Œiž‡›Ãž{{÷E ‘[uˆÑ ï-Rð¼‘ÌktË^¼=Ÿ…z;·oïÐ…G”h(^2Ñ<å6w:h„áýz±Ùž/­µƒFªgz‡yŸ&µp£áóÕ -Ų¶O—›Å|7lB†‰쩸¿¾IЇùRUÃóÕ¡ìæ…l éHf··L’暶³——f¾Ç¢¼T-ÙÓkÇ+㘠ÝT¤nîÑæ7,“a?µ|1œ.Ï~OÁ/D“_‡·ÒŸð9ä§ã{Ê­ëÐÚàÛyu8¾³ÚÌ,cbøÄ;ÜΗË_8áz@ª¨‹C'šƒhøm¬çˆ·vùÕÃáx9ß,f»M¢T§ô}5Û¾³Žwïžµ_Î6xƒëãÆòÝØ+šwsóûkØâ KÍv±ˆ¦9âæle5»¼Lž CwêîÝpùÛ>¨{>K2;þâwuê¼Ú »˜ÒÜ3IëP_]^›Pyà -ƒ¿ÇôzkŠ·£¡@Ëî ÝTtKF¿ÙÂãOû5 çúz/àZÑ Ù §¡¾ Àßh£'¨q¤óW;7«cv|ï,ݽͱ>éó(9nxÈyò„á"yž&Êÿ¹¤Oþ忶KðÊ;¡ŸôÈ;ÿrú×ÅãÅÎuÀí…Ô*žn–èh‡ÄMgOáSsMûþßÿ†Z%QÁ÷•íÍ4 ®h¤RêÎuÛŸ°‰¯uq>º—I4Ø{z#•¾˜mÞ†3=BW{}åÝrí>è–ÛÚ'‘DáwMïÉ—ëB•h™iÚóèô4­Mêx¾Œ5 .løÛøkk•Oº_—f£½ìÐa«¥°^L8P®=zõ:ÆÕ~üÙþjß@Ѹ™(ËŸ®£|¸Yʽ_Œè ¯W8Kl;ð¾}ªÿo<û‹ÐÔ´Ü/é"Ÿ¸Œñ|e¾hB3ûñNÄÉ0\lv2¢(îÒ‰ùÅeÿ¿h¬-qt-<½>Ÿ™œ¬`«Tw,M%\ô€R$]ÿFë vÁïcÝ׶»]«¤Rx‘.=ÝzlÄh§†z^Åö1®ð%#¼šÍßáEDX]¤*å=&(Q±ëEâ'9ává¯LñÛ®_ýˆŒ*íß9¨Z¹x1ä½|ɵŠ'K¼7âJá6Ÿ¿–¿ÝA¾ ôyø ÷UíòKÉÿûM\½;~ôâñ£âÕfø]ˆâé0¿ZAtתÆ÷Ç5èd<åM½å’Z}òàþ¥æBendstream -endobj -1075 0 obj<>/XObject<<>>>>/Annots 147 0 R>>endobj -1076 0 obj<>stream -xÕ[ÛrÇ}×WlùÉ© -à½/ö!•¢¥È‘Ë´‘*å—äÚ–ÆEŠÿ>çtïô4 *.Y¼ÄN•Ãƒ³3Ó=ÝÓ—Ùõ¯Ï²$Åÿ²¤É“¢N«gé4Å/ö¯7ßñ—¤.[ü{•í4Á29{æà*™¥ÓÒq®’6ŸŽsp•dys0Ðc°U>ÍÝТ¦8E5A¬ÅqKf\R$ç &Í*.i¤Ç`˵Œ¬Ã`›|ÚzÖa°³’âƱ¯’<ŒñÓ²¬’*6I-€ò:(ÛW;Û ¥³ˆM¸AU[C ¤MDnVˆ-!Y›TÈ9ˆI³†³é1Øš²FVlRխؤâÿ)="„8”*rbR¨ydô˜Õ0§c[–Èƪ@UmZ%uÃEp^Å°¦qp ¹dËIôl1ãÖFÖa°uf3‰2ƒmé¾q¬Š[êôÛJ€ì_„«¤)§•ã„*3ªiãTU2Gê‚E*>RÉ -â‚#§+ç &…Áà#Fz ±{i¬.)n_? KFÈiKœ¾ÊH9-ÏfduÚ´á Æ9"à´°f€˜Í¸çFÊÀçƒ."ò(0y—¥Œ‘äi+kžò1*à8 ‡ƒŸUãƒÂñX–Øk†Q9– -"W4¢„œŸR€ÈÂó£{ÃØIÁVtÇ: ¶®©‡Mì1#SIùŒõl‘Œ•=È2ñW )’R€èá -êpÂ_EXç Ä ˆjâD€Ð£È`³Hz VbudÅÌE˳HÀ#«€¢:q2ì]ä„8ŒÚ‘sâ4pÈHz ÖôKz ü`¬Ãš,j7³ª2«ÄƒêŠ" U"”Å8ã°³bɼ¥žFzLqé׎u˜âÖˆ‘UšLÝ–I¼ n¡D`¬iœœ …¶æç Ì -ji¤Ç`‘d¡XdÛT%²ƒÉÎGÖaì<’‹Ÿ™î^” 8ò%ÔU î!Â3·"rª.PTfá@ê0X9õŽu˜º048Öa°ðdzCû`ëz ¶bžw¬ÃÐ5ejˆ¬±€‡ û N€lã[”iñMAäGY³©fÈ9U° 6ÅHÁ–¬"# çL“\Š!øQßTÀiä´5–Ž¤è‘7cÝEOU òD(¿v66@LŠÔ†e(Ò ÈJÝ%³ ×FÈ%W4Òc°ˆ<˜6²3&0ÚDV·  ºÛ“ -ˆÓÂ¥±YFz 彪Ó"Ñ`Ð#ˆ.b ä„¡Ž' Xü-Ö1å`ìÇ€î¸ÃïÉÙþövØìø;v0¯y]Æßû5BƒÒb‚ñÑùêb. 2—Õø+j¥éøë7/ËumIJ¬!+TÌvÚ_oæ»~9Ë0ßn—(ÒÙ8ÙÕfXñGœ7„ÚÖÅ­P›Ûº©®‹g› ÌSš|˶Ðô¡ÿ)+Ý3GŽ°Dk°ÑÃŽ¼è.ö××£AxV½¼¥èÓu°ÔëÍ‹¯ÄÎ(vqm¨;ñЪ|zþ²9²;«YØÂìþj½Û —ûE0=o:GS}zÖÇgT‰Jg˜t6 yËÃÔm¨<ºƒ´ ºõBµÞ>•Êe›dyq`Žw7s9èøy–G¡Eq+„¤¢ -géR§L¡àg…gÅxoæóG¸u›Ž3>¾ýtÅ 4²œÌÌxÖí,ð!é"Šª2û[ -ŽeÁC̺˜Ëï¬ Úf|t¾¾”gž-(Éâz1­òÑÒɶۼï6º—Å´QöQ¶¤l)ŽÄ}§þ÷Ã…È^MÑÈúl‘.þ:Êžç!â¯?²÷°ßÝîÅcxÉùÿrpG=ÑÌü!5·»Í|}ÝQ}óUROTiØÂñ£XîÎEªTÍyRßÌ?ˆåÒiV‡cøzØîΛþVÓx3mg!›h¨÷E'R£ ï¿sÅGùñj\¾Ÿ¯ŠWUŽék_¸@³§Ž2¶I£"‡nø¦›/?2Ï¥ÏõlÅfc`±¹žô*£Ä¾rD“Á,j•³n±ßô»ßøkÇàDɲ{ß-%Øá§U„OªÌ'¯rÕÑ*T h–$þ$…Šªq\¨œ gi}1¬n—ÝN¼2‹EÊe·•P1VãèbR®¸M,ú-Åo½ññÂÇŠãç‚c=—$LóÁIäÌë×ÿF•Ð -…ˆx9¬æÚÜ Ççiˆ¡ŸÑïH·“¡icÔ'|î¡®Ê#ŸÎ²4–=ßý:ô{h|ÚPÕ͵¯Ãu€•2?ž‹ÕÑD›Õ_øMÂKœ±pøÐïnø¬o¥’3k Û39rئ"t0½!SÝ‘IÖ¤¾40ùðž -ƒ*wÕtïúõåðA,|:`»ëKIƾÓÔÒg]ßüà:rJšËãJïÝDhÜãÖ©ô" .%Òs’ÝÍø#ªYkâ/P$kCƒH ßݺ æŒ÷ÑI‹AN^$V!wk5, ú¤:{”âC7Ç¥³>èÓÙÛuÕk¥pV„*ÿ‡ázXË~¡ Š¶æC×éÍ ]„"Ú; .vìâd§¿kDf±7|?é…2>~-C/öTŠLÑ’0°LŽ_[ýЯúx³ÈÝÿé$½cåZ«‘Î,³¸X¢_µÚÁ½cüÓýTK’p-š|_dW9¡Ð -­º½Ôy9’ñú4Þ\X·ŽÀ®$¼w”ªT 繘6CšŠmÁPxWÏ«ùFšjô]xŸ­#ãÝÿ»Í×ð›a¹ÔL«XKxÝH²qoØñ[<~¯7݆ñbÛkÍÆr¨ m-®¤/Cæq^÷ ÔL¡úL𕸯t¾/~¹F ½®vE²ç_°Ò½E?êÙ‚CŽ;`ÞØë6j£óÅ›´è¦þÒ,ºî&ãÃG®…ÃÅͽk'lÆ؈‹£]6Ââø ®(ìžéTÊ­Pý%Éùf¿ÕbŸo[q²XÀÈúÅ -^öäÿóE«¿ÈôGúù²É‘ßØ…Æ7±hsÎ]p[ý%o•‰+~4å²÷é|½×Aþ¥[ò\¶o Íø°*TøŠGÄß»ÁŽòn÷¡ŠáQ_~(ïôýê§õ›endstream -endobj -1077 0 obj<>/XObject<<>>>>/Annots 192 0 R>>endobj -1078 0 obj<>stream -xÍ[]wÜÆ }÷¯àS›>H&—ß}é±%;uë¯JÊñcÏjEYLvEe?lçß÷^ ÀJ[–"¥í9Žï^ÎÀ 8þõI–¤ø–Ô“$¯’ÙâIºŸâýãèGþ’TE‹?Éd¢`ž?qp‘äù~;>HÎÁEÒû¹ã\$YÖî—Žôl^m½Òc°E³=Öa°eµßø™Û¶ûÏ: MómÖc°m¶õÞ² y‰×AÙj¿ á ^šNö+Gz 6ŸP$™‡C=[ä|©±ƒ-ÛýÚ³ƒmk®ŽŽ VÅúU¸®)½¾ÕA œd\:%= +aZc[§û™cÃKÓæY$UC+ àKÄÀT]I)RAë0Ø*Ûbå¥e[Á°‹6ið_ê –­Ä¯Æ9jI"E$Ë"›Ó‚6±Ç`Ë ì`l·É±"X˜ŒœYƒ©¦.JzL‘ò­¡ƒ…µ!’uÎÒ‚ÆŠs—M‡¡Y 7 HtulMu¬Ã˜8+¶Æz ¶L·Æ†×"dé¢ãk¹×F6¼ÆX‡©OM[(ë1X8xæY‡ÁV½ÂÆ: ¶‘50Öa$D¸L¥lXZ-Ý?+¹Ä¥ QÈa² ×±†©PΉ•õ8(‘…Bƒ…Ïcéul+«k¬ÃP†ô2{ÌüÏd3sß(3Ž L -¨¬ƒã¾$'ûF£@t™„œƒH "ªr"p¸Ù8éJÚVzLË_c†i¹­ˆÃ`3É -:³Ç´$c‹u€ë0Ø–¨c£a`Á¢¦åu¬Ç`ƒSËÜZÂ…d¯âþ Ü„)&>)+ÃE›J@6L‡ƒ¾ ÑÁ U3ˆISF¹‘“m`Ï[T°‚c+6r¬Ã° f†ô*”Ç\ÚÓ±ƒ­¸y+™©LW+¡sTÖÁEÒ2Íç U-9©Ìƒ­rÂX‡Á"sÈÆ:LCTpÇ: ePcx=ÛÐýmlPµÌ`;ì)Õ@‰„ª)gUÎAªZQ\%=›§×X‡Ábßñc%‰9ó.y0q4ƒcfœTaq*=Ì)“pœƒ¶¦+(é1X¤F?Ôc°M¶%Ç´<ë›9¨OãW2t -¢ŠA)à Ê¡*ˆ\MyŒ3ˆ5™lqRM‰%è1ØŒ Ô¦õ˜Fà¦ìX‡ÁÖ¬º .”±v‰Ñ"€j†h9¤襜ƒP¥¤*Ê9ˆÂX1%=+–cÆš -!¬Žõ,2 ‰[ZŽÂÁ€ÅlF@M”Eɇ5Š0/s$1X$ëÖ³C<ëYÁJÑä£HƒÅ&ˆCžH/¬ÃÐF²‘±ƒE m)Ë ‡2¥H @ !D¡WKÈW0c"@Y–äÈ93`®é1Mȳƒ •@ÊåìqRŠ*€Ó:ˆW2îs“2§é1XÙŽë0Xø1VX_ê1Xä}¬š±ÓÇr˜ÊXÁbý½ÈAUœ˜%sc͈ ⥨±0PIÁâ½Æ:Lu˜l¬D0=B’Ìâ[C2W' h#Ï’•¡d)âåÈPJ“+[°20VTÔá´(i.ŽtNÆð7ÎA¨"‡/#= ÿÌÝÐðÊ*œkºàD€¼Ò ^É#qbR¸FáÈ0)"ˆK†-“ -à¤b z˜UIÁ"öSÏ: VN½n¬Ãð"d'?6ˆ„z]â·Dþa{£‘31\9BIÉQ¤qdH´6ÔcŒÅŽŽÕµ±“+9Ö0ƒ‚nocƒÀ“pD± -  ™”'¨*y¾‡M`z¤ÄšÑ sz|Ÿô¬ÆŠ4ÌÔ\QqÐÄM¨FäÄ/Œs“r12LŠ¤,kÂãÓãšÄ@œ¢KGz § -?Ôc°8ŒÖnlxiJz¼.‡#ˆ&9-Íldˆ”)›ºˆ'@Ä@´i0PIÁJÞ1VÒEoåbJq€LËm#rRJç e¥ƒé1Ø’îX‡Áb&˜O$àK=¦[R2c=f”Ñá 6Âé[ŸU%›g©'Š¥®n‡º:Bp̧6ÎA‹ü “褃•ž­±AIÁÈCò~TÓÁ(ŽrAœq\†°ƒó)é1^)âX‡)¬ uÖ“ÍÈÆŠ¸8Âqãñäï*ìȈpÊÂÛDR¥Œr'bŽ3)!#ײy£œˆˆºEb€ Hþ.¾ª/C;-3ÊAp¨s -Ǥ¬yuJÁ®¸2†0Ý„Õ›R‚« ØQ9yl"©TN2ü»è¬ƒ$|ä1RÏOž<}ÙbHNÎe{JÑl¯‹ääL¾‡àçÙ'ÓÓy— çÉÁp¹î.׫¿üŒQˆˆŒ£ö¸«aØÞ„Ã~øçð™üd‚O,€Éz ÄY£Íòñ'ÌsÞÜ,;2h€ÊO§SþŠ}>9>ï2£0L:à8å¤?ñ˜=>ò~Ù/¦Ëßøk«ÆLJŴ¿”_‘Üu4U[óy·$õô%2̨[ây -y’€BÿúËþò#Cq›·ñ}ë QÝ°¬ºÌ{Ø‹b+ÕGM’§Í(Ö®Ñ&*¬QWã£ûñ¿:§Ð²²XبúÁ°X Ñvm—óýr€ƒ,dI°µ™RÓË3N“!›çŨè‹årXÊ£„µãKIíí×ÔU0¾Ö8l…UQh¬† ÀȤy­s>ˆm8GûÐ_ž Ÿ£Ã[bk¿<}óBfÀ¹)ãc[¦Au-jóç˜d§ë>Ä,Gõ„Ÿ¾™•_]®ÖËÍŒÜêïŒíŽÈ·Ýúó°ü…?c£`ö ¿¿>âqÑ»1¢ÿx…š4hƒºÃûî=:îÖ똳±b£ - -mÄÑÞTõ£aºŸDÓ3Õhÿi5†:¡êù[áŽ"ù~ÉlT{ÒT¶ˆ‡ïÞ<{õö¿ïÞž½{½¿þ"ÑËÚÄâ/,ß~£{ÉïyçÛÚc-T], k˜»¡¬´…¿Èhè»lÃFEØŒ±ôÝ.ÑH>v%Ežó›ÌªÙÛÖÏfÁ4¸À þz‹*áùtöKð¼±É¢§›]Пù½*=U{W¨)Xæ¨wI!ã+TBy…N¯…Ð C|ÀöµZëÖ‡ÍMk±ä›7CÍ‹©>œj`;vœéQõwÜgzRæÀ×Θ6n(u§š†Òí±×çÝúÃE'µ~žÄ³@ÒËnœ!GéNµkýވƅÓî²ëκ3ÑiD3úD¾û QYÜù²e?‹LT$Z¯X’DCS÷©Ópä¢ÅJ;¹á -.Ãc+Óòö›¡"–a|â– äÀ»+ùÕ‘ÑmcØíø\B©7 -ïUö@\ÄÒ¿YâÜ°ÐnÛ>?<ðäZþ U|´ ÝïRw4Ͳ»Â9nv6&ÑI<½îŠ—ÕâôjºZ}¾¹÷òx'fA¥ÍÆÝñ«ë{/²‘ÂÞF¼Oì+£ãõ°Œû2¾nåq¿–5ýk8¡ û+³„uìÓ7ÓÙE)±ƒFU­õÒ³Ù Û¦øD+ý%A ˦ø²§þµ«î gDtôõúðÙ{º/ŽÖ½‡ý²›AþУApÆ$ÿ=&kå°àËt`¼Ã¼ß,¯†•(›?Þ‰ì{Tà³A=H¨»ß+v¤Î¶û?­dFɯU2Ç›««a¹î$‚ÐMÆ…ÃxˆŒ®€ƒzÑq·üÔ…¶jã?k3Š‹Öf´÷^–¥¶dz‹n!©“—´w²« tÔÍ%VV½œ/qÀ"á–½¿£—aÇÆq3V>Ü<¤\ø£Å<»ÿâ¶B|Å­0jsŸÿŽ–à-USñ(>fœNê:vï&Ÿûõ…–©5+8W¸´ß;¶•¶òo xíÞ]u—Q4¸µ‚PúIßZ3!Z*Elƒ~ïËïù|”=+ÌGoµ,ØÏ5{ßS†{ âã3‘/rGWûþµž?wÅÙ8ä]…v”ëµ&‹éåôc·&Ó<î°ÍCú@äj2?îf›e¿§|ѯbù±K±¿‚ø¨Æžÿ'ž¸[éÎ L2Ó'ÆšøV¤¯®ºY?‡%AkBû¥ÓõzÙŸnÖáè†Æš»Ú«^™ ×!|£–¸eç“Á‹/ÓÅÕ<”¸ª?X$¯_½”„†£¥žG^`ËŽß -|‹g—’7Êp¯5gÆ%œ‡/XÚñ;n…ù8ä—žø¥÷Iâ~s€€¡­´÷]qŒk¼T"ÖƯWËáÓX‚ “¨­þÓ%š÷±Ë‹ïuúanG1+«Âå@]¢Ý¾Pæ–S¶×»xühíWîê¨O}'ß`hyÍpN-¶¾ÃnÙ÷/ªkéßR;<Üã}6×›|îW «¬ÕÆ*Ô™²@®I£ iņ.$R–6Ào/×÷ä¨a†h^Åñ+ªh‚{*ªá²[ óMüˆãKé?N¤;Î4j‚°»ÍRMgËaöT“zè\mNÑ^ ¿ã -AÙmù¦¦mè¾!úÅÙÝuØщT·¾¥ei]©›lÅŸßã×·­I¤í€?|`4@vmôŸÐpµWD~ïÚíë·Ç¢;.)kO}d*þŒ‚4}‹o.Ï<€ J1pÜ ÛZlrÑãöoe'|'ŽŸd’iè¦uÞýûÇ£w?I×oµÄxU㔸ÑTÆ…)º¤qø¨Ið)B;²Q¶‡üo–æAoÞuŠ¿–3ë¢Y¯B÷ üësÝGøè]}ÅÅwLÄéqk2fø‡TøÚܪ??Z1ÿfúËwh¿ãžÓî/%[Új òšHq™9,µüãx=‡½B ·Z´Ý˜LO‡t=qÛŠydçéÙ +&žŠžz¯ŠLÏΰ+¯ÆÓ n™ÇËn¥ÌŽy‘&‚~×–r3_÷ñ¼‚h ×Óz\Ý[žOg*t2;&ÌŸFEž¾Ä-b¹rÇkpõRþîª?{óüY‚òègt‹“Ãa¶áÑD{09KZs¶¼ÚÒ¢]^œ<ùÏ“ÿ–]øñendstream -endobj -1079 0 obj<>/XObject<<>>>>/Annots 238 0 R>>endobj -1080 0 obj<>stream -xÕ[MsǽóWìMRUîì7N)‰ŠlU™%Ed‹.+`AÁ°È üú¼×óÕ !Y:H€’*›oz¶¿¦g¦wüŸ3“¤ø¿Iê,É«d²+ˆ}f¡¼cÎÊ!êLF±¯ì³ïKÜÈY¹’ðïßç8“rš´‚y-Ž©s_  ‚È -S"J‘´‚˜œnÖBñŽ“H³rÆ(ψrŽ*8‘ËÇõ ßÊU"ò rä¬\SZÏx- ï‹­ RäX¾r±Ë•/ (&åËs¥¼[~(CF(AªÝ ä39Ë8[â ƒ- ¬µ¢(Åk «i.@†ajh~ ­ 4fB•,µ¹Ñ5BèZò…‘cáÉ-ß5ßkåwkÞ÷gH”Sô†¼ƒj ÔhVa°(áˆc”U…6ë‘5[púEYÁÖÑnj¥1ò@*c”Õ˜,×ÍFÌ’d :kL¶aF+6b°¨žÚƒ­Íž½/“Zi_ɪ•§v µ‘ë8ÉÀ)è9‰³“s ¤Æ!°‘µõ²6‘UÁÁsL™Àj 6ceS¬Â ¬a.FY…Áâ=ÈþÈ* ) Õ,æ BY…Á"Íõ{5‹àDY…ÁÖÕþÈ -#°†{•(+ÍPmeÿÃíˆØ<ÎôÈ)ˆð.‘Ôl>ÞÕlÅâ¬d‹mO£Y…<.÷QVc°WsÅ* ¶¡«0CË¥F± -ÃÅp¢–Õ,RHk¥1XlÝ´Eƒ•=U|¯ ¶:ÜȼË„yg! -1wC‘SPB?9„ÎC†Že ’ƒÅö -ÊQÁb›µÇ* JYŠ²ƒÅÚ‡‘5+U± -38,NŠU˜.÷,’µ,«ìN›M„F€¸0B¸‰;ºÈ)S±õÓ‚  ¶„Ü9¡(À÷dÐ1h½Ç)ˆA1çá¿ ¨1_)ÊEVa°XÎáƒÈ* aa€ºµêbò„_ÂNTWA ›r}¤Æ`‘ÙZÕ,ŽmP)² -ƒ…?+Í*L…k*d­Âx˶o@…¤J\“"©1XY'«0^ŠÜ‡Âa`ûRÔ²8ÙHP¹™ÉgPÚ¡Q 5¦JâüÈ*L•$#kÓ3uç ¹yi„Ä’Œ"H4=ÔH^[=gR.5‘ÔÃæ "®X…Áb“ÜhVaÚ£C”åî×Tö؃Ìj¤ ;.ÙŠ¶<=y9®Æ!’ã30ŠjL}¸b)Va°ðU®Y…™ ÙžÂÖ½…=‹á(‡· - N–Ëíy«äOŒr -"s™`‘Sê ,•"5[¦tJVÜ‰Ý Žìº¾RA+ï ¤Æ`¥ GQIy“ÚƒœG@Öqn˜@jŒaåü`Ç¡(ë)çœVÛ¿ID„,`A_‘ŸÊÚ·ÑÝòw`p‘R›"åo2¯CÎÕ‘Ñpb½Ã’ŠC/ÿ¦LDaÅŒÈ`®ºÖ þíÞãd¤yæÅÍÙÅ+ÎÊäf†˜áàS&U]$7SikáñäéMûaÑ%ý,¹ìWÛnµÝ<»ùRHTC©s'vžQìéu»üÐòXòq‰~&ën˜õò]M:rU>B‰wÜ|³Ùu2(ÎëÚ>óèX#13¬‘MC¡5­¹ì—ëv˜oú•hS;;©³~·Óÿܪ³^ô“O¢47'¦´7À+6TŒÊßwÃý¼{``d',™å…Žüo¯³(Tþ­»ï™LöÂev¢Ã€C{šŸ@Ƽ΄Úë‹)õdžÁOå'³ö“LbtZ«Š-qNðÞ¦Ö1§ø2Ûy¿r>hªÊýþœOø»Â=˜vë¡›´ÛNÞ‡Õ#­\øn¡E½§çXXcš]c†t[>Ï°_)²`Í°Sæô{ëöMF{CXVUìÞu­8“P×m 6óÿIô°âUÅIVo ›Êš«ö‰ -Zd•›1É˹ öâ)U@48%Çó²l¾º#uÒ•Ø*oU eíúc;Ø -€MM¨jË~êVqÌ›ò$jššD>¥Ê¨ßz י̗«K¶äY>*³ñO”R·ó©/ËMæËìb¾rAÁ -´“›!8Úù…P…æ`éZYüO¹r9cö+×í0ßþy¾DkNo¶pâ„Èqq<¬ÛÓùįò8àšSZW¼8Žé»ê–ýð_©¿8<6~²l×k_—Ñ‘4n©Brœ?½8Å2¼èe>py÷Š&—‹¹?¢ñæ ;ŽÖÞjL*ó]×áëC† 8ÏÝ~ëg±Ãú^jÔ„³ïv·ò)…ó> ?©"²Úº’¹¯ßhS[…“wÝf·°§¶uü’y ÈÇz„æ?½¯zh aU‘¶ïg{íÊî’Ñ´iÂvû±$’pËØÜ._¿ºvH&{3.5Ç=#çÍ‹W¡sÁ¸ZY¯ÚÉ|µí7i»‘áˆã ù; ö’ÊãZâ“ÈYtŽ>¿2ã͵؉o4¥×ÓÕ> 3v±ôãœÂ¿½-htéÅèWWÈÑùô;™´rhÆf'¤Tòš¶!dÆŸ&ýj6¿ÛÙÝ8ZÔãÔ'ð›ë q¯’…C÷m;¬½{¿ãEWoÕMä…Ïqì^òŸÆáu_?hÁ× ûïO­œœ÷“&a=ªr¿öÚüóúùð%èòJQYûm­4m¢âqñÅDõ>Ïñ5IŸ'êôü‘Þ?]õö$‹*T? -ÍûgãÏq»%nì†ÛNù%fEðïŸÑ~S -ÌÜæ2:T¾åì6¶m…âlùúœ—LF»©ø¶55x_Öþ*³§½d>ø)ù§brgÛ^N¨ÉzÀbaWBl'Ó0§ÃâP;¨iÿ°Zô¶ëă@ÝC?„~‡.2‡Òì`ö'4ë/ÎùC9éžy§1Òa+};_Au‰+:¸±¿tH½[˜r7ô»µüœ_lð‰àh[:oî•è‰ö¯L)´6Lèü-Ð\ÝØ"ƒ{°¡ÈÜ\¾½xýV²ßBCw³m'Ÿ$Àz²Í†~)q 9÷j>úM?“±y¡õ{7¼Ñü~«­~Ù-:wÒÆ„õUt´~°¿6Îæ ×1£*¬3íÌ%:'qXG×ífƒä•"ØX&ÛÕ8W¾o -#+êùc‹±xïmbŸ÷vv+B„¥þ³ÆÀ–)ZE¶‰soõCz©Á(L"]¿.[›½¼;öCZEÛL•9‡ï’4sogáÍ´óøÿ…%˜Vàb„Ú¶~®Ð<—OÆÒmEAÍóâÿ/TÉHyK0Õ¾Â\ïó=.>‡…æšßíìw_6’ÃÿÖ]KdÓŠûÕz•¸ìÍ\RÇG^È`ñÈ_ßÜÞ¼áoxÄ—ýäùdÒm$Ùp7.–Žø%wÈ}K,Ùô»Á9ûÑ°©˜ {.óU;ã~.›d¬Èñ¸yùïk÷»“ÖèY§Ä%vaå|½Úýtڸ1‡Žý—³áÜ*t÷®D™ ÍšÏÄrk·Oøe8÷oxÑaÔR4Ýõô>Ú(kp©¯ô `Ì«¸Óƒ3º’Û8ò¥Gm|zkp TÏo°fr/ó‘ûŸò¨¦„Ôó(Þ›ÁÙ^Õ–wݺ¶nÆ=£*|å|±»kPTÑ#Œ{"àÕ£2ñè£áOR(ìÏG…â—nÕ ­l"ÑùlŒ?BÍW3© ¸Æmšëëâã…³E-Û/»;©WÜdÄ„üæi3 ÿm ní4s0™‚lê†U‰?7'Ý0ôƒ5¦¿ó¦ü ¶ŸhŒ|¼x… ©r©Œ·;ü‡žr‰œíéçW/ž'o‡þwôã’—ýd·Ä·œÖYã-ýÂàÔZ§cÞ¹¹ç„ûÇÍÙ?ÏþCÜÚendstream -endobj -1081 0 obj<>/XObject<<>>>>/Annots 247 0 R>>endobj -1082 0 obj<>stream -xÍUMSÛ0½çWì‘",­>¬czhI‰™öj\fb; N§ý÷Ý•G½1Ó¡%™±çi÷IïiWò÷™„Œþœ´Pµ³Ld42=n.y¬öôlA;á"ØÀz–À -›ÄÐ2ȉç¼Ð0/-øŒç ‰K Åriì[DIƒ)¦¨“Óú<í(G)ÒØ‚õ,5Ž±Cã­PBI¯Ú’ #LK ­G³a sÒ:ìÞ°CÀ$Å;J1ÂÃŽ1´]Äsô2p,-äJÈ$ìÌ‚‹¬3æ-‹Ùé…•AqÒP% X§¡ø -MÃÕIQÞmjèïá¬ï†ºžßOÄ2 %³æ‘6WL;¹©·ýnhº΢&°©‹(ËýC¤ê‰*C|.‘ÄQÎbÊêñ@F¹Žä¡çù¤˜åq¨äZ9»}×E.yöŽ˜Þîúª~kS_h‰ø“Ò³Z2ª…3´gÑðªªÇz”öd½h¢ö¤âÖÃ\Yj@ÚÝË]¿ß²7:’:gÜò¶ÜneÔ¥ãW×_ŠkÎÖ†öÁ£/RñjIRecig*ÍÁØŠÚ¸¼k6Íð+ö\¸àîÕ¤üåÄRIVzzq<_øG·]­n¿r†rt ¼U+ÑÅ<ˆœÊú,´ Õ}Ô·]ó3Ø¡››î­·gè`Eëã‰?ÿôa¬A¸Þžæ؃S/åñ®–™ˆHOG.:øëÅÇåV»þ©®8ï«}K‡rhúŽ‹‚tW{¾ê\æ9ýGãï‹ÙçÙo¹¶”endstream -endobj -1083 0 obj<>/XObject<<>>>>>>endobj -1084 0 obj<>stream +1102 0 obj<>/XObject<<>>>>/Annots 58 0 R>>endobj +1103 0 obj<>stream +xÍ\Ûr#Ç }߯˜·8U5÷áä%µ—8Ù*ßbɵy•¸c‘THj×þûœt£1$ѶèU\µÅ3g Ñh4f”ÿ¾(²ÿYWfU›]-^ä“WøOÁ¾ÿ¯dmÝãßEVõ“.€»ìâ…ƒ‹¬kGœƒ‹¬hŠIã¶Z5“)„vͤ€BÄÀ¼œôŽeò~Rc\“Àq¤šiõ,zF¸ÈšÓÉ9UjˆLœƒ‹lÚBÛÄ95‹ö%Òc°Ð4êÆGz ¶¥‰n¬Ã‹¬Ì›IåØŠžkÚ^<×”|ª1%A1êS"Sàã`J„4…S•HÁ–fÙ±ÓPÎŒcÛu“Ò±jJÓNZL¦š" ™8ÕÝ8£)Æ©)a•…:FzLe+<Ù±ƒ•HJ¬*‹[yª¬€¤làT;ãŒÊ§Ê†qE.3k¤ÇP¿'Öa°mCÏ&ÖašÒŒÆª)UŽ!ÑÉ”À©îÆ9M1NM ㊢£gôêTC1±ƒmd &Öa¬†¢åZ1Öc°UÇÅa¬ +e˜ºtÎ$C§–ç`4Ô854Œ+òŽ¦é1 Íé÷Ä: ¶-è¤Ä: ¶cÂu¬ÃL +“‚õl]ÐIƪrz=ºA@rCàÔnãŒn0NÝÆeECô˜nè©Nb¦Z¦›Ä: ¡‹Ô”X‡ ’9íJø¬îsI(=Óµê ÄbõŽô˜ +s5¥¡ƒÅS¼`ÁöŒ67ÖaÎL=bUa¤E&ÕP@R8pAA#=V…Û¬N, ˆ˜*qŸt¬ÃP©dþM¬Ç`!©ñ¬Ã4‡š»±ƒmkZy ¶/GÏ• ­Û:%%¤‘“¨Lœƒ!H'AÇy M$1æ1<‘s eñ‘Ã…(_‰uì´ ë0 Åâ€ûõ,R–×Êc°-cÙu˜.d +O¬ºªYº«$N}fœƒÑ…Æ© øàB#ƒ #‹ù†Cë0œÔM¹äë0c´FBs¬Ã0Yn°±ƒÅ¶çŸ«n€_-ÝÕ’§vç`tƒqê†0.¸ÁÈà†ÈªÙ‰u˜n`2L +yÌHê¸ÜÒX‡é‰Qc=‹BÖõ,§®Ç(ë˱dÁ"ê¼dÁN§œÓÊcÔèHÑXÆz [Áh,K º¬q;ÕÔ€L]‚˜Þ¢7’syTÖ¹!ç \&)$=‹Z‹Ñ†z¬“SŒÕäj™É›ç¬EA"Øa +fæX‡179‰ÁU?•T¨‚%ÁÆVÜêë0ˉK¬ +F$0AÁ‚œàÈ"•ãH˜X‡1¶eìX‡iϘõ,Tô’U©®å”䔊,ÎQ°'±S)…c‹8˜zÖaªÌ#Pë1Ø‚Ʊƒ•²Û±ƒmâ‰UsÛ ñ`® gndQÇuYe¬­p• 74²(404±Ó-²mb~J¢p‡#P,h„X‘<9'ÎAšB½é1X©Éë0X„æÕê1µe ’XÉïgù]Õ•"?rZp½Ü)¶0»hÝê`60r’VîL‘¹íìW +H‡=­É'V¢ åAKÊ;ç L,¦HÁ¢Dƒ:"‡CUl£•# ‰ \c¤Ç&ÖX‹ §_U¬€$6pAŒ‘›XcU¬T™Q¬€$6pAŒ‘›XcU,¢•Î\¥u–Ä.ˆ1Òck¬ŠEBNS& ‰ \c¤Ç&ÖXËÝKL|«ÀÄFNÅ$Òã(6±*¶Ó“ŠÄ.ˆ1Òck¬Š•Z3j+ ‰ \c¤Ç&ÖX+g²A‚(×ceÑìX‡Á¢œè«‚+=;A‚œàȪ Ä:l‚•TS”®¢V@¹’j"×µPš7’s–2Û&Òc°Ò"K,s1¶&îXB…þ¦Ì„B"–»D¦å0F»FF9ˆG¡Ê«’@Á‰Ó¸¹ý±1ÎAn~Ü£— 8´€§‰gÊÑ(d_ùm® Ì”TcdL«•8\~Û˜Ààv4—y™„`–ÔCF9HÏWpG⇽ ½å(ÒAºªÂ“— LFÇÑÉtœ}6N<ŒK–ä7 …é+ó.a QýÓnƒD.Yò–ß&.2Cײgg”ˆC±Ì8Ô½€¿M\d(@~›v)Pö‰zuùâüËeVvùÎE© ëêìòZÞ5àòÕ—Ãû»Y¶ú½^-·³åvóçËÿ쾎Xßdç_6Ø/)ç,:+)è‹‹—_¿zÉ1X)]ɸ˜}·^ýgvµ•ëèÖ}¸þfuõ°ÀS†í|µ$Ëã_¥ääóü¯ ç_ÖfÎ{ ¬d¸íØWm°ãr6,8ãtZVý÷½,J–—Ù4•ùzù~³]aj¦“®yfÊï›#WJzû¬…Í–×·Ãýv¶&Å<èÖè+&¼„pUøÏÕ'™+çñŽíJï˜ôEˆ¾ìír³îîD +Ñ<^–×2:ŸÔÓ2H¼œm$¶KtBM€­œþР訟`$Xj!ŒŒ¥aÏW]r±Ý‹Uå¤Ê§ábþW^Âa:]ú~6¨õØÚ8x{;“qxë£Gƒ,gìÅ­]»nf’N¸Jú0úæ÷D—Å5g|óWŽRåbß!¯æw×óå €´]¶1È9åÕ|9¬çê„.:–êé{PlôZ!#TGy Ü÷Àe˜}œX,"ºAδ6_ܯÖÛa)ë'⦌{À&Äž˜‰ÇƒšŸæbôÏŒn…ÔG¹£ÚwÇëõlØÊz@ÑSÇýáP4lïeÉ¡\vaÉ]­–æ7kÛñ:/â‚ü0¿›©^pvÆœÆ-“ɔʱ+6”æ(ÏÔûž±$ésÂÏ«Éף̩^àóÑ HQEóy¯Ôj˲ŸæÛ[q£Ï\[äãûa-[2Z_'«è*öO\ µGyªÙ÷ÔÅvXoCRÁ!«±ðø…0Ò”Œln7†M +G†¶ +åH¶\¼7þqÛ‘º wìÝ€ÐĵüppjuŽßY~Ñ9Ö+­ÁêIaFÏ—³íõ„Å AÞA_è”±ìív7tŸ$7ùýnÔ¼¼CM³DFø8oà°Qö1a FI¡"9]7ô¹äÙédÚÆ4ÈÖ‹Ý­å"Wq¦åí “Ž©‹òßJ"Æ­¹]º¼EÈIvÂ7H)jÞ¬–Šã»xúz·Zÿø7*]á+» ó)òÓ12‚Ýãà‚5º¡ñ}JœÐ7óáf¹ÚÄÕ„®xgÝd˜…˜\ÃŽX +£ÄァnÀßfì¡[”7ââju/©°ÄKÛ&޾ѽǸ¸½ü^µ~Ûø` ?rÝD=Ïx[^ß®l:ð"®G¿J—Þ¡ª +S´]]­îj8-æqŠ²¯fgrm\ë0ü6íg Oî¨'oàwëù2fo_õf“Òß¼ý·,$¿ýY$-ýäõ:esEãý»×”†µQU'9™DWà#½ÉÖ3‰÷ÅW««cÀÓíÃGLÚ[ +íW¡í¼;zHðª=ÜßÕ‘RÖøµÅrXhÑ‚ÎxwÚJvÇ +µÀ·}å…𣽷ÐY‰©o'+"ZŠXzY=åN›añ^p´3¤" »€); +Ÿ£Ü7×ÐFwsZî÷ÖÞ.·ëÕõ ++­!c—ä4 +þJ©jÏ>æ±×{¹Ù<,îi‚¤þF:Š'+ã~¥8ïqVÎðòÀïi(Aw«>ö Äwûµ;õýÁ˜q‘A[öÍ[*²Á£ÁÖ„¶Ñ©õ}D~4ïâ;³>hŒäÍgdL-Öì£qæb*;hŒDé³7F ‹GO<#cšƒ3£•Á£ÆÈàgoŒÖ +ÓÒÏÞíü¾ðº>ÆCþNÅ^$£ž~@e# ž‘þàFиâÑÉò'£ú¸ÏBuF8'ÌnÖèóëÛd´ùS§þë æt÷†4C¯ïzõIjÙ'bëuã}Ç'ôÈ"‘Þ„X o©¬›qáÎWO^0’îÜY möQKZüaIì"¼¼™-¯õÄ—ÞfŒýýy‘… `Ç’½Ó78ªsÒÐ9³#jöýl³º{°“ ¾!±.Ô|)S쿶Øk½Ü?¬U&žn¯€~@Ëýü«ùòAïøã‰ô:‘p¿×èã×*Oí¿àþý•?}±Ä'ërŸ£é|~» +g°:DþS+t´¼ ù¸+C½Ãád¬7^­î>Ú»Düqo|yyôŸèÆBߦõPÕÚ©x8ˆŒ§ÃMmœÜ?_3LG;5üŸÈ/ùšp>·ã‹|ØâêÒç„ñóÁlïsÁŠß°Øñ£Æë/æ\C¿|ñ¯ÿœözKendstream +endobj +1104 0 obj<>/XObject<<>>>>/Annots 103 0 R>>endobj +1105 0 obj<>stream +xÍ\ÛrÇ}×WìC”BØûâ)¥‹«Ê’•ŽR•Ê‚$,Ë dÿ}N÷ÌtŸ@‘4u±]Eóà`f§{zú6KÿïQžñožµEV6Ùlùh<ãù‘Ëþ]>Éšj‚ŸË¬œŒò.³ãG—Y=p—Y>nlÈlQJš–1ضŽ%¼ÌŠ¼4–1Ø*µÌÛ6£ŽØ0qYãÃe6QN¬˜ ¸É¨ÎçÊr'² #K•¼(F &­ ¨@&%¸Ìº|À u¢!Èl5–G:KlSÊÆ8Kì¤í:KX´+ëv–1غ,™1l%*´;žàä]®ÝÈåy#5’±ˆ3U8Kl7²„EœÉ`f]R­-Ò’°%%.,ÁIÆxh;†•KX–ÔAÿΆ‡v¥(5«Z?4ryYA'cÚ:‡:¦m&n¼µŸ6ry!†æ$c™¶°aÚZv$îZ­À§\^´øŽ“Œ1mS X=uUª1è1@¦%¸ÌpD1«~Q8‚˜´Sp’qxä˜Y,!a°]!{f3†¡ŒUõÆ23ªcƒ­ä¬úÌŒÁªÏ!–0ØI K' +3Ä2ßœ&Ì^fü$vÝ$b Æ4˜YœV]Š[‰N+ߞȵ¹Ø¶Ý‡P1Î1“ŒÁÖ¥ì¬ e,ÛÓ‰u;Kj·¢&cƒ-$JK,œã`,a°„"KX\Zgzqƒ-‡1ÛêÖÚšc±yƆc—·ä$ÈSƒÏˆ\ôDF2†† Ž³ÀØç4¶“ &–0ÆNô@ûX²ô|,cÙ‰Ä%·r~lfÆ¢äv°æ ŠqIŽM«"ryQÉ’Œd,öÖŠ°Î çý;KX„-eÁÆ2 wa%,ªè†c ƒ­Ô’},a°“BTá,a( +[À«b 3ñXÆ`5Æø̪äj2† ÑÍ`JN\^U8\N2†Õ›K,qËc Cر4ËlÓ`ƒˆ%,Šj°õÎjx©ZÑmô_ˆ8^—C‡Mæ¤$»â -Ù @Æi²›8Ín#1‘ø”qÈl)é€e ¶;$–°¨HW«ë“™ƒÕ$ÑÇ2‹-†Š|,a9tÃU1kѳ±A½e«G2èS«7rðžEVG¢ªY;ÉXÔ$nÚÙðHœpK£+þÈÈåÝ0##cZH ý¦Ís2>mäÕc׌#ˆIUaDF2¶ÐYÂ`'’-øX1Àz2 @Ö£˜8µ8碒×ìAœmÙ4çŠ Öâ$c1>Q³ŒÅøÊÁXÆ`kqU4–0XÄ^c°ÈrK¦ ;á5놖HK¤†SÓ À64q9r½úM!Õ–È~Í œFÜÄIuŠúM!uÇÊŸa5b%¥¡b1R;GPk?l»Cí— v1º3’±XW3d ƒ… ÄZ},aÙ3Ɉe ¶’º›XÂ`‘ÎÀlfÆâN$ïp–1X¤\,QØ3Ôfbôaψ + Âx¥’-#QqÀ`DF25‰W –0X8ž˜±(B\‘e ¶‘$XÂ`g±¶*ÆPÄX®³ŒÁ"RðXÆ`a°P¢Í”8Í‹ 5®ÄÈ!$ã™Æ„¶²©Æ¢$#ƒE’ §ã,a°PÊ`,aQ¿žKXØNÔO¬c(Õ,ÏÌX¶nø\U’dUE0%%NMË9‚Xâ{­¹Y“É@Æ`áÚrbÃ#/,)ø##žaA{¤‘ñ‘qdŽì r–0Æj*K,aÑŸÔΪ”dËZ"ÈrÕ &.N2ÆC1–¤óÈÐ0-J>9âa>märíÐF2Æ´Zƒ8” 7kÞ¾PàÊ\ŽàUfN2õJx"–0Ø2‡½KX$•„˜X¢^Ùxg‹ÐNÑSZ(ðGN8Ápù¦ŒñPAÄ â¡>–0XD—K ÎUËXΓx`Ÿ™1Xt˜,a8,X³A9µ€ +®ŠÈEÑdlªp6¨" ¢;KØTálPEE7–1„…ÀÂ% -@lŸ³„¡ +¸R:c%…Èál-é @4¡)Dâ4gpŽ •DkçBNt& +"ƒ­$¡ñ¡ŒEG’`KrÂ-çÄê¦æm(ÖÕ¾°MM\(¼œ ÑË5Ï,Þ`ûažÈåÚ6pR=K®esô,ÈÕÑ$.GRAXù)$cˆ‰5·Ä†iÑ5?(í×BG†i#'… +ÉÓÂâ¡ÎÝê¦9KºEh㱌Á"e6,CÌÃJcwL Ž\h#;ÉKÒ,XÂAk‹x ‹1ˆwp–1Xä„°PËXÄÉÅÌŒ â G·»IØ;'r9RÐÅd"cÁH‡ñPg ƒE°„E¹Éñ±ŒÁÂÏ@ÿ63c°8ïÇYÂ`µF,añÒpVUk+Lôw³ïÈHVeF”M•êÞ9‡à4ÙrΡh@:¸ÆéUÓtýÝŽvd°ÜJ.³Â)s„GÁíE0-‘‡áVJòßx¨õw“92¹FÄ„ðy¸~’)Âi7®Õë´Ä©‚ëPsëÙÖßía‘ þÂ(‚2¡Ä6çŠõ¾E¦—) ‚S×kãt!ˆPfóú»-$2!Ó2Š û–VD<)ÁuRÞ§CËÈÌJ·‡E&¦uò5¡bBhAÎ8‡àÐ×@xLܳ“GO^â»ãìäLSä1îAÛ*;9ÕËf|<{|2}9Ïú³ìy¿ÚÎWÛÍ_O~ݽ^ŸgO^â¸ç2Ï‘äژ訉?¿˜^mçk%Q¦=}œ•#ùC|…ÉÏ×Óíbu.ŸCù“¼ŒÜëcý*Î}ün±:í?éRÐi›4Ëj¾ýÔ¯?$N4Nñi±½I`šu1‰O—ï§òé“—ðqñÈŽšI)$8c¡øϨҵâ*->ÿÉ|;{²Úl0ëìb4ëWg2 2ýȾÝ?ùD}„æ/9*WÚ¯A½o¦Ë¹Ê­É»øáz¾é/¯·‹~%”(2}}ªDíî›p½™Ÿê È€mgD­ xÛ5Mœ8n̬J3òŽÁ‘Ú qÇÒ¶#j—E˜å!:,ƪ•¾6C{‰Pö²raO.T5¨.º:-÷Í|ûìÕÏjwÒF„A|Fϧ³0š_þ­¢¹Ê'9áŽxÅÄûéõ?Ÿ¨xh¹Œ»6Šw¶¸ º€åÔÑLn]ÌúBQ™ìîY0gôÅÌ@mùHëý壿ÐDïñ…Vw¿iŠReQ0°¾èIH’otX¸ŸúþÃõ•Ì€&ã·0§ÃÂE!`Ðê= {÷*È >ÀN &ßä{‰…ÈQ:ä»ðtâì?‰Æ±5Þ¯d¢k¸³ëÕLüæF† ˜éJ½$.n >qj4,Ì‘l{ +[Ž“;>_]ö¿ë¶£fßÜl%ëÚP[˜ã<ô Ì0_¦¯£@ëªoå: (²“d¡ù뤋~Ý̤¨d9G2ÇRƒiRï6óÙõz± òãP·)˜ôW¦i¸¼è«)àŽš–ˆ½8¿^«Vqu:'ÿnr£~ñ-8ë5gòemæóåå|,™þ"e21¬"©Ío iQ“%ê,ø6:gtïœý²ÙT÷Ðð›59TÚnDºüAœŸ®ô[”f¿Óëí2¿Å éYªAÞl´™¯?†ñ¯Ç\̌徿W}ÙÑÈ~l{=ýN^]˜¤ vx5Ñû&Õr¾|óRÜ£Úè^s¹ÛTò0µßhë§ýró)DA¼û©YÇ­Œ*“wûvT¶9‘Æ“íãm3Üôö…MDâõźMîd)úrFO¹!È<»„£‹;I|Ûüß„/Z1w.ŸÐžÀ.¶~Š,U>i[c´B[}žè)ß>}-Ï@ýâfž\’~3ýÓÅf»^¼¿Þ†L™aksàSõ œÓÏàÖÓËKõÙ8®…Í´œ®¦çaIQ­â:àI_P(ÞÅ΋.hÊjµ²¦: q{wÛo0è:i¯ ¡ü½Ëb¾®mQÐø¢ó ïJøbgÇÐÀNáñé¾Ó¾«;ù¢²±@E;•#ÞäÜ&mç!ɬ=òT£ªMF\å ‰Ú,ß[AŽÄ¬ì¾áv–ZuòQF»Ej™ÛÎrÌ›’X?ö›ÔA˯ÅÄs¬!Lg ÅèëÅlÝoú3=™èÖMÚü]»€Jí ¾Œ5.~\“Ç¿o¶ó¥œ/”̶ëyˆ¯èYÛä!@;´´‚ßOò–“ÛíªÔº–Ú1Úœ\ ¦´ˆœû«¼Öµ§ãH{Ó!¸ýßâA¨#d”|D’ýïM¿kÀ…³þ“HQj]ÎV ƒ¼Õ¤c N&ýË›WÿVëâñí|½\l$, …pã÷³Eh4Ê̓%1ãÃíRÂÎ}%îÆdo›á?Íb¾Ž&´§üp1Ûu©«Ãi³Üø'øÖ°È…ÿpT(K™˜,ºÄ29u´òwýà¿óO©èÄe›%¬‡ +žÙÅtuž¾ŒkKÊIá¸çŽäÊ®‚¡ÉêÕçá:‰¿¬Ç-·‚ô@qsB»˜^öçú4(½¬¢=ÜéØÕ•Ú±ô½]…*ÝÔסWfPâ[Ç‹Ë¢ʼn®—’ÉÓî•î +¹‚Ü\LCµ‰tWÇý¸“î÷¥¨3\Šy1 ‡¾«±›Lì 6úO«ùzs±ÐŽºÄUýýZkQ>ÜH²|{ÍœûÉŠ{nvŸ.ÖóÙ¶_‡Ì©±{‚p–¿T5ó¹.CÃe§ß‹­8BR|—~¶hwµáäS—ësÏýò\”‰C‘d¿º1ØnÓ슃CU}‹}HúHû›®/ßo€õ§‹³ß“ƒÆŽX·ïðQ{€)"1í ¿¬Å! åÞ«¸å:o=Õ¤LFà˜Êzlv‡—¿L‡ :Ÿèf®µ¡Š·=ýâê°­çÓmHWqË5Ní åtóAÝ>®­r¸š®q#†5†ã€{âª.jFß$˜D»ë{¿‡jÛt«}ÑŽ–ú,§WWÉf¡÷æ}<1ån—£Ä}ë­IdÔ]J"ß®Ñ[MëBËÕ¼ÛñõÕU¿eþdήƒ­>´C榃ÜzÉ(F¿©‘à}„êë…çä?’Vv;òF.ûEÜc0Ÿuê=Z1Ù™úûÀR:ÂëûtPÉì +±_ÖãšýO#H”íƒá^àMk„ïêž‹ÓI6ÉÙú®ÄZÿò_=\HŸê`þІ–±ù¢/»X +-²mçÛ$ˆÔGÖux±^ ½Rxü̓©ƒÈ—"?ü†¢)jcкУ›fAc?ÕtHª›UáÞ?G×g í~œ\Æà +y/Ÿ¿œ®ÏCPAË„_]Ûå÷K\¨$É¥úpgzXþ*¾€·¨vßþ¥óÓÓÓ´KØÒT˼‰õºŽöŽÈ`ãðÇ~A?.TUƒÊðPç_ü8PE>}ûN}0^¬ïS(ÔGT‡þ¿&vô±ƒíQ‹¶CwÔ‡žjþî[Ä=#xË’ºöE?¬´9s´7öJ¾“o¹¼Zªuêº%Á²VÉIß_næPá šïâ»\OU)ê>B†õ¡7yÞ]LuÍr•m…Š‡«1o$%¹ÿ&óâUÚ®ŒÉ¢?óëÿ¥’¿„ä'nä8çÃÌMö¼¶š)^úLåëÛéì.f†#Õi¾^w<‰×Ò‹i"Û¾+¾—eÒe3Þ-Nà×ß­ø„$ÕðÍ‘kßÉ” ÍjܘÙu5«³ç— \¨É–᥋ò[¾1¤Â ‰ÿ“!ýM_êìÒ{‘ø; +8™¬Á£ëµäñÓ×Ïžfo×ý¯h”d/úÙõ‹7¹äO Ç%¶¾•—KO/"×'þñèÿXQòendstream +endobj +1106 0 obj<>/XObject<<>>>>/Annots 147 0 R>>endobj +1107 0 obj<>stream +xÍ›]s[Ç †ïý+Îô*©žoò¢Óqì:u&N\K÷–¦h‰ ?ŠršßØà²ã:¡âvÆ£÷¼Ü= `±'??*‹1ÿ/‹¾*ꮘ¯GcžÈ?¥üóêkyRtÍ”×E=•¬ŠóG®‹v<à\Ó*O"ã\e]*7©Ç°M;d†ŒGµëðº¨Æí@¤º)êv4A•¶µˆH"îTfÕª¸S!Ž+Ëñ¨s¤Ç¢L3ê=ë0l×Ï: ‹Y°n~­Ç¢L=ë1l5É2ŠÈºhã)#Ò¢)*,ZäÂ*eÎAäáhšIaY h¬ÃA—‰cÕôí´CÈhú²éW2aWNju?]¤V Œ\9n°ž‘#óTžu¶ŸŽ¦Ž /í¦æ(­{iäÇ;3ç “–-æ7ÒcØJœÊ±‹¸­X!Oì1l×`cƒ¸mÇd\&nä&H”9™t<2é±$À±ö½ˆkc†”b%cÆs1“Ÿ9(Óˆ³'e˜2‘ëÇø_›9ÙÀ5Kgœƒ¢h?è±(:åiƒ8µØ&‰£Àĉ\xæLâd.ˆÇ•ìܺh3é±XV=,³Aœ²wÛA‰¹^/s2i%Öm3é±¼²2^I,ÈQ³U`¯ŒQ£gÎÁ`VV9“:i3•PÍ@ž4q*¸qŠ ã” ×°7d©4Ê s:Èû$Sç`ÌTÆi¦Js–Õ»”hI”Y ¦DäBPk2Ö½™´Q`#§Å8Eû +Mô¶—s¬Ã°“–4åX‡%™Ôx€±â†«V/KݯÁÌ +Ìê‘k%¤5™s«9‘•Àîz ÛT¢gžÖcض²‹$ì»±£çX¢¥±ºhõTò,.4aÑÐE3¨»½t»=AQ¦Ã´6ÐcX ß{ÖaØ®D\7ÖaQFß±K”íc=†¥kÜØ *>¡Ž­º)0U#ÇFÞÌ9(ªJe¤Ç°¬âæ¡ÃâéØ×X‡·*‰àÆqû2l'W‰¹‰XuæÔ<™cã'ˆ8Ô|X>“Ã’2°‚±Ãv4ë0ì´ÎìppAÿ^qÉ„aÙt6³lÄš*,×|ä˜8ÝyÆ9¨¾‹Ú:‰ŒÃw=% é1,ú#Mê1²–²oŒõ–°ÃR9`ß<³Ç°IçŽu˜4 E˜±Ã’]ýÌÁ‘jYú´Å˜#EŽ(€­3Æ•áŒBƒ9©ñÀL†S4·ê¤ +l`äØÌ]QgÎA,_Éx#=†åŒÁ+óÐ^Žbî-™·‹®É;=†%,ôžu–:aâXÕ¥b£já&ºuIœn;ãdR-MŒôX^)gcƒ.]8UDÙ9]ÛH]Wë0i¬Ãâž•Ø!õXÜs‚ BµáÄ…Rä„Jl]"+cF(V#ë0¯¥^÷cÃkIÀâJñµŠÜk«§ùÊX‡™˜Ê}2ëqÐKe6¼¶ +gøZEU?­Œu‘›F–ÀX‡a)üÐÖX‡aIÜgFdâ1ŽšÇ‘Ëpˆ"+r"'ÇÆ:,BIÁØ°ôÇ,RUȼd ùm2)˜mGÊ `êY‡KLÆNy¬jSô$Wm2m2K¸k0–üVØ0T ÃßÜîÙäÙŸ¦Ï ê¾µãòïíòêÎ.ĸÎ=•ï½Ç:I7ª³#ÝŽ£áQEa·mï™ÿ”£ì“Ã59Žu¯?ß-w‹uºií0€y tzä:;®¸â?Ú‹Û|ß ·†s‹ Ù!‘JI­åïCKONóYÆ¿ù„G¥ø˜ysBû<ïo—ëå^w†Êî¶Æ Eûè©»Píô|5ô¦ÐÏZ°cç+Î)áþúsSBS¥;$ê'vèó›M¨°cø\>•ÓVׂßå zë!¤ø¥Ù–~—u]¬?qðÑ€¦%{ÏL¡¤ÿ™JÝB¿5 ¡•ÞK+~=Û…Þ.Ÿ˜¤*Ùú:Ò$Ë£å{ŠÝvµ +Ù“®á§µî;M^îÛ†šjÊ{Õ+á—»ÅN¢Ìí2…|”“ïÜ Zò—)¹^ÝG»çùàڙ|•=TèàôøÕlþÓÅE8z§–ú)É'Îœi —#¹f´:_˜‡Q F7´~ 9¬oý™“ÑbµLN©Õô‰*}`XRFE?HÐl…w ÂküÖ‡/HS­T¼Ð*Tľ…s±»»ÕŠ‹oRìüòx>gÍÃI4 ͇ï+`Þך}²Z¦T;¸*Ï1ÄòÖ}‹áÌþ wo½^¯œUòuÚÐÃï=àÍ6wá¾lðùµfüLÉ[󞻇ßa`¹Õøcªð¤u5qYXœä¸úË÷›3Ì~ölõë_d#ð!d®ŠRœˆßþŽ#p¯-yüïöõ/ý`Ž/mã×hÓ\.ŸSëÌùã_=–FÑ‹ù¾xºßI=˜‹õZ²Ýų^¾Ü»üb¹\Šqþyñèßþtëztendstream +endobj +1108 0 obj<>/XObject<<>>>>/Annots 192 0 R>>endobj +1109 0 obj<>stream +xÍ\ÛrÇ}×Wà)Qbï»yII”d+¥ #ҥǮDØA $ÿ}N÷ÌtŸ ‹–H*I•‹ggvº§¯3kÿþ MðÿlÔ䣢Í&ã ~‘dò·?É/£ºìðÏŨèÆY£ã£ª×Ä\ŒÚɸ$ŽàbÔåã‚8‚‹QVæã†HÆ`›fÜ2KlW&f¼å“zÜÑXÆ`³j (c°U3•1Øn‹% B“¼æ&õ~Ä’'ù8HôËlшõYe ƒ­ +Y”³„Á¶ÅpfÂ`¡ªŠÇeLdlfÆ`ËVilQ‹@yŽÅÀ&Z²b‚xé$“iõÉ ¬c°¥Ï£,a°u)ÂúXÂA,ÉØ°¤Ií¥%)ð%E®+d×#ˆI Õ‚‘Œe¹2»e ¶­Åm¬.¨êjlI\P¶ Äµ"¦s1)¦ëˆd,ËÍC‡åòIJ܄ÁV5ôà¯e ^Ælö$Bw¸RàÂDNåuŽ ,W ÆIƲÜV^iÓ2‹}š0Kö™×Ø«WÕâ…ªZa°u %–°L,Nã,c°u5ËQ¶Ïcâ vqš¸(E´¨Ä†E8KØel\T›c{  g c,V-;KKFH̉e ¶h¡PËl£Ê°™ƒÉ”…;d¥ÀM&r!Â;ÉŠ‚AÀhl(cQE+:6–1زïq–0XxTá,aˆ“O33Ud¢ +Ë,"¯J²k•5ê<šNM„cIvuŽ`Ì®ÎivMsj:uŽ ô—©êÛÕЃ…}§µ)K,¶ 1Ûd¢?Ÿ™0´‹÷0Ël-vácƒ…)ñ{˾¢]{/cè¿3Ël¥!ÈÆ2^ŒJÔ ¼fÆ`‘˜ >)4È„˜¨À 0ršaœ#(!ÀIÆÁ Zfa ƒ˜0 ƒHX BÊKŸ™1XšI̬Ö4–0X|M3k -გyC  H&f,âJâ –0XdÌ‚YÂ`ê:f ‹¸]|fÆ"®î®1ˆëXÄm`4–0XØ?¯™±D&1H”QÉN˜2‘2‹ q%,ÊÈäµÎeˆÛKl+e±„!†Zgƒ!£ð•ì<@¬˜àbÔHð/#ˆW"þÀd q¢:K,ÇÎ:KlÝdž0ˆ!¼(Æ`+µ(›9ˆŠ—[!]*pQ#×JÚvŽ š+ÉrÎÄbQì@P›”1XÂK8¨ëc¡†„…meO‰u ¾?˜™°(I +WŒ;&¡+z¨"2ÒÄu–0Æ–Ñ“³„…Õ½!Ö1ض‹q–°,Y½ÎXƲ¯µx³„Á6ÒR;+õ@ÑVê’Z ÂŒõ€sZ¤q¨ÑÎë$2Ž $A£ÖÉX$)¡gÊ,tT0KÑe"éÁÇ2¹wÀÂœ–È$•% Vc!±„‘{3iš™¦,D`~“8m@œS+DÌßðq‘ËôpÀÉ0õ£%×BŒ\ÿÇÒŒd,;#é™XÂ`ÝT^ŠÌh-d¡À_9¸| ýʃÂĤHDP‘Œå•’;‰% ©¦c–°’8›e 6—ÂXÂbfÒ¥KX I·ÛÖ¡DÌ…WDäBMä$cˆƒ< +UØPÆ`Ñ/Â>%,ÂJðsVC–˜¿·˜ÉšB3Vs!±„11^=éL2V'% Ö¤½j@>±±0Ö6–?ÊÆØNüÍǪ%™  #1p¢a*à"¢ôÒ„1-²uÇ,a°|³„EV zþÚ°$4·fà¹_Räp¼V¢i…#ˆWfâqN2‹ò6'6¼çfv’‘+ðWF®kpŽ è@š9'ƒmä‰X² °Ä††°<6,YÁ]®À—¹NŠœ#h˵q¹qdV‹eûPÆ"ŒäHb ‹0ª]Ÿ™°#Ň  aKôEˆyˆ01-:&Hc¤$L‰.b&x LŒ#¦sš0Ó8¤J¬ÅÆ”÷IFp’1X¤S~%c°Ø±ÁXÂPd†˜öZÆ`ÑèBNcUAR‡˜q`»¸PÆ9É8ˆSaod*â$, nðRb cIçœe ¾–f’™ƒEsÑÌA$53^Ép­®I#N€X’V©N26qlh'ÎÅq6ˆÙ¸|c›8ÎñÒX˜/el§¦Î +Ë6 »u™öNزØ<®û†‚ÖCAÿXoúÅÎ-/æ³y¯«Ç–Tm…Ú'(´ò~~†‘' ì]Ù]üØ”AZtÕCa›¡°ïΧÁDáuMòž% Rã¼¢¨’«÷W2)RomF>›ªI`—ÍFG/ä)¤ó÷ýæ_:ɹ‹/¹ ¡¿4gSEe¨'³·CmÓÁ>MÈ6dd„¢Nzz¿T-¡§uݽ›_ž-?%wðhØ}>xõLgÀmOòž/-øûoÚ 2zÙ-k‡`*4‡µª§›ypqœ½•|6$ àÅåz³ºž ·þ§L‹Ûÿë~ói¹úM~FÚD«½\~Àã*0êÌøëwÊÕt*îx +éà6%:î7›ãÑ…"95\«õ#A˜ìo—ÓE|Á‹¿¬£û H‘{´¢WÝD#Ql¹mG"bóí¶Ì÷Í«Ç/^ÿ÷ðÍë“·o^Ž7ŸÕµ3œ/5uÊ5aÇ­Åé/ìëQ6pÝÿ¢{üM'@·cïòIJ´™å&*gZ àT¾82…èÀŸ0!ÿåæñ,è¯#³¾AIòd:û-ØŠ|.‘%‡påáJâK% Nw¡PÀ 1» jÕÄåÊ« ­~pëçÁÆõÌ–U?š˜ÜÅ}q(ý¤°T“÷ikÙK*˜J|—4,ø¨jhŒG«~Õÿ~=_Ï7¡ÄÅA—ræÛ~z–| âÜ}50K¯ÔÔÐð‰c*\Fd!{Rc¬¨qÂÐYÚ™„ãå¾:÷2ä­PÁ·“˜u¾_Q-r¼¾e©ÉV9zOcÅÚèl*8|cè¾µ£™wHë¥N$GŸá=ªñ‘»³ÍCkÍxósf ‹\Ý¥’kfýJÐN¤ëoO¥m#KA¸Ì¶ e7}¾;ï/uÝh-ƒÍ5ã;QÏtûvôèé¡EnMÏeߟõg*‚bUÝY;ãf¥Õê¡_—CÏ8 %ì`‹<€âèÇêÀÓÐäaßÌ-v¬¢?JÅ%¾î>ª ÿøH{+øºLßþWÚ{˜ò–3lµyûý@6”=y§Ä_÷!W–v ¦mí×󓧇ª雫ûë’Å Zõ" %Üž‚ùµ´ê¯ÐDNCB”x›§6zŸ#­§WÓõúÓnº–Þ2hçíuLªßnƒ‘­vTfå Êí¯ÖXÁ©¨Æ:Þ,W)Ås»¬[þ÷Ð á%U#)š^MgçóKu3|TÓX7ñx6CâU“Ã9s«ù%z°…Ç^|¥nùg_ù¤A ÷áÞý|úøH¬§¶îèOç«~†õ‡s%äæÏ£n« •GJ(·!DÂaÈ9º^]-×*&…ûÁ6üPäyú<–c«$z!Çig¡5%¦}ù¡‹/" Š¢t¢ggZÇ×WWËÕ¦W/fhTÌ¢ŽûÕÇ>œ_¡Ü¶¶æ~¥í&¢ilŠž¾òælåµãÙy¿Ðˆ+ÇUv¸³ï¸êm¡>´>Ÿk“‹K ÷X¾}Ò>fê˜ób¢%ÃîçŸÉqÔoEæw(2j÷©¿ÛJnéœ#Æ%úÉòþTôi¾9}#oÚ~öÇw¬ý¦C»,ìü ?á³Ñ=ùéÍU™V‰ko¼PQ꡼‡LÜÓU1 Ýt!ßô\Z=>nÚÞ£Ýúóf…ó¦üÖÚ… •„€‰³çm Gó9NN¿RÛ»Ï÷~BKy¥Ê‚–‹éåôC¿ˆ7òIAûŽŒn$ÌÞ‡ºpá[Ú-_Ú:9>îg׫ù&>à›";íÝ'äZn|Øë‘Sï¿éïŠà@0Á-ٶΓëàªÞ£ÿúªŸÍ§a«u³YÍO¯7¡YÄI ûNˆY:>3»«Íãë½n>û<]\]h92¨®^>}ñ\ƒZZk‚ž!ç§k>sÚ'êN½Ï²ËÌø «¸«àÓ•ºÛòÝý0à ƒR¥>ûw[éÆ.Ü‹£íõ¾í;½¹ bFÝ iŠñ_Ö1å ®"u7D\ÍŒp’-¿ÑhK‚Èíé(„ÓÑùÇ~P)ã_/iÓ9ó:”V:;BI{Ë»ÜmHÊGfƒÓñ”­Ø“kŒéÅETÄà®r_÷¥‡—«Pbîr’.B¯pˆÐ¬®+Çþu²¢}ð´?‡ó9 ­n·Usk êÀ-îÐÖ‘ù‡ÇÑÁÛþìçpËøct°u +g¿Bÿ,–)-¸QÛW ï0]Å?௸«øþ‡>An*.¬ÂQ >Jõ{?–×á—/úÍìà·Õi5–BPT€úÛ.#îWÄ.Gî42¨‡ò®úxd"ù8]¾îóÙ¶yX冃Sáåç蛪ê~«Æ1N%D׸cÀ·,”‰EÔÝÛØ£åz=ÇG;yì²÷Ï'7óû;cÃH¢ù@­ø¤_ëiÍàc½&‰c4Õ"«ä&;Ãb4jô¹ws&ÊR}ñï.^¤£ÑðŠõãÐDEÜtØ¥Åe¸2¶ÄÉÝ#ŽõföiW‹_\Ã&ÜÖWøÒt(ßëe¬nbþª#×K„ê$| Gûê©e°Z*u^,®VËñ@_ÁYÙ{ºÂW©vÀg^–6ö3z]u;‡.ç×þê¶"å?Ž8XùpgßÀù>ÎûOâ€òï7›.5=Èí³uvàkÎzçžøkë»5>ú_ú’[âß +÷„7 aÅ+W§ä¯¶—~Öc{‰/֬ǽ51¾>Qwnñ?Ø£égœø<~Æ){„ÿÈ +þ•qýóøñ«'å{“_qˆ›§Ùµ47vâSÈžJÿÛÈç¤gçeïŸ<øσÿ¥ÔHŽendstream +endobj +1110 0 obj<>/XObject<<>>>>/Annots 239 0 R>>endobj +1111 0 obj<>stream +xÕ\]“Ç­}ׯ˜7ÉUYŠó=ó”’ב£Š×ëh×µ/z‘\‰ÉaH®dç×çè0$ei“¥ÜTÙ><Óh ÑF£{ï¿¥ÉÿK“:Kò*™,GcüBÿHé/¤_’ªhñÏe’·£4€ErõÈÁeR–£Êq.“t\ŒGz ¶ZÏ: ¶Ê†¬Ã`Ûj”¹¶yEêæ%ºƒJR×ÁeÒ9!´`uY +ÛÉB³ F¡ LhàÒq>*“JI!6ÏiŒu˜ìlm댔·£¦ãŒÌdD½z 6«ð•c çåžul]ŒjÏ:¼L²qE×~= I0ÈX‡ÁÖå@gÁ6Ù -;®do†1 c¹6Åt0ÎA¦Æé1Ø4Ç@8Öa¦ê:Öa&ò±¢n“ó²à‰U20u'ú)ç ª«dP7´LË”2Öa´Å2(=ë0©;†ß\[‡ÉolŒJc0ÿtÑ” ̘À‰öÊ9¨Æ(Œ -ƒ1ÆŠ1‘åuX1VŒ m³´!S•cÊÊkÉÀŒ \[ÂyÆ9ˆ.3Š Fz 6¯©Kë1X„/L3c[Uä7c‹8äY1î¢ ÓŒ8Ñ^9!TŒQÒc°šÒX‡ÁÖ5 „±c"aé{VÔÍǘ·KDa2…©ëà2ij¸Ç8ÑeJÑ×HÁ–--që1)T ‹BiÍËT4`` +Žv$¸TIiŒ¸SeiO,Ú1O1ÞTá1ÚsÐVç Yh$Ôc°X¸^,YÀ1:IPKž3‘K±TÐ'ɺҾVT÷Âì` ×’lãxk*°‚)'­HëÊ[•²ECMù[b¥)Ö…šÐ”‘kYì¿eRë0ÚbwòÊŠàŒÜ¯‚9Á‘ÍRl¬Ãh[жåX‡Á64Oë0¦_ÊJ©dÁf9¶.kë1Xl¼¹cÅ«iê¼Ê€ì¯3§N +儺¼ôd¡9‚Œz\€ +¦Xt>$ÎAÝ?)B2=L£œ \CyžqŠÐÆ‘"´Ny¢°½98ž›ÆI;4Ð\-g`íПrB¬ôÜ‘"AWXÎÀ„®¦ðmœƒd!%FŠÐœ»8l Lhà0ÅÐN9I(í~FŠÐTÒux9ê "pC¾PÎAª¤EnE‹V¤00¡CB€aSÎAÓ1’,4k%©f¡ThäX5ã„PHÉ#Eh-I³e`B'ñ=SÒcˆew+b±Së¾–10±å”sB‘ø7‰5¡¥¤¢+8‘¢œƒ" ¤Å&¤®Ê˜ÐÀµ9æq’PÚ~Œ¡8TКM˜ÐÀ5X3å„дBœ2’öÐl,©ošH¦ƒa5Ž÷ÐØŽ7Mã¤þ(}6Òc°è#öO]z „«X;fÛÒIÍXž9ŒÆ?ÔñGéÀ¥ã*é1Ä"É*+bùÜâƒBLlàGóp@!ÎAŪƒü%‘¼M¦•¤.²ÿ +"Òc4… }ˬäm1d‹œ·ñm‹ô´ö¬Ã´M¦˜šÖ¯Ç`‘PÀZÕÊc°i/Ùc°p\åÛ:ŒâöJ •Jöl™ ´ò,Zù±ò,FÝëì1±-B±ë×áeR`ÎøÑð,bŠ·×c°ÐÊ÷+Î/$Q ÎfäœYq¶±«óçǶâlcVç+Îmƒ³•õXo¬L†Ø‡*, cF[¤½p¯±à œõ,úÁÂÕ¶ƒ­hDë0XäNp¯µu,¬ÇB1Öa80剣¬Çäüz YÜ›K:Ÿâh†¹ÎÈ>––åì)#çûÈâßGc&ßÓ6èX‡ÁâÄk­­Ãä{Š÷ŽuBÂáYÉ÷t Æ0Ëb5Öar Õ†\[‡‰åEdm‹Â ⱃmÙ c†pü¹ÊzLäÊX‡1T\c´¶ƒ•È­m=‹ð÷ë09ÒÇÒ™zëñÿ› oå¡àÙÊgqýˆQÀ)»tœAp5-É>E–d%^Qd–DÑ)ÀœAˆDlòœApˆ5kgŽ! LÁ¡2[;ÉQ”ý¨žlB%JÙR˜ ‘ƒHÔ™ã’jáBM$už3H#FÁÕÚ$ȳÊ9[î#b’ ä!åØôi‘‘™9TPµ¢™3HjRÆhœAt‡NåÂÐÎApX@T, «RÈ¡WF“©9^ÑÆ„*Ø~P"!ÜÎ ©IÎ3Î ©II9IúÝ9´$‚¼A /¥‡Ílöýõ£§Ï[8-¹¾å2Þ>¨‹äzÊNøyòäº{½˜%ýmrÞ¯v³ÕnûÝõoûwR›7ÉÓçˆæ)É9£úe$èÉùÛn½›m¨"@@ìô ÆdD¿á_ñ—Ëõ¦?›ÒÏpdÚfáÓ×›þÃv¾zÃn?ŠØb¾b¸~@_"vÛ-_wôëÓçØ"‚BðESUÐŒª$èæÜ{»øeÓÃÌ%÷€¨—µAÜf¶íw»yÏ=a¿ÃTjô•þ¯mIÉ3 +Ù™T MúÞêvjS7Ùô[v#•lóhêöîõj&î¥%CsR3Óñ˜­k‡ÎBm#}£ïÿÞ Oq.ƤÞšö3¶ Á¸Móð£Z‹-)/cs±–$äöupj2˜j¨éêüÐoÞq^È_é mópS"ŽEÇzèßrèß«Ùn"·­€»5i…yæ²&x= é8ݼøùŠMÇ‘ÐFd¶y/ë4Ãíd^?œMŸ9…PÄ$¥0¥kÄ?³%Tèbý|Ë?º4räãà¼äp”._þãÇ——¿þBZaÐØõ™öÜã3ÔºØtºÌÝ[ÕõëõÿÉö./ž½ø™tÂIGWÍ=,ºï§\q>Ò˜¡ó›á<ï7“8í‘ŽëÊÕÀ a“zדTÔÌϯgüŠmºvoå7ì-ºà—Ý6n[é¨Aò¾VÝÿ{d!{3¡ÄE÷îãpÄÂi¿ìdàGƒÅÀî¢9É.Ž+q>Šb{F£XFÎÕ1šýÜïØ[ƒÈß½îïváCó!¢y7À‘Ä  ¶ã¸ßwÓ)¶ö­l`Æ1¸Üßc÷k}[LE¸ß1K÷L½¸[ìæ뛋#aåÌÍÛn¢úW1¯ºŸ6óu°É§€8òuœÿY(ÑÍ%W1Ãœ´Do kûͲ[Mx,PðFjv·ùv{¶} )žMñ¦÷0–}Z +n{Èi>ÛD–8ð,ª…Õ{Þ/×Ýf¾íWœ­ $æö§»û¢_[Îðȇ`$šCý/׋~òŽuÏéØvÒÿÄDöm8Ì!/‘ð¼ŸÏ8‘D©?ÆÀOtñeè¨8Ž_–úÐÐËàûÔ÷§ÙûÙ"£i‡Ä/kC¦–x·  Y†ø˨{Tj´!7q2C\ÞŒËõ¨ÄcûãÛîwäÞULÊ{™oÙb\’–FÄ“mú8áI¾{FÒwz.˜­7³I· gKÌÙêSv J»ÔçY†#úpÚí3¯°pf¼¡Âi§‹~M†ÈŠB'æ¤GùT?F›šf0!÷N™/g{qx¸šÿ›½ˆ:›îY§RûOû‰6 ŠH-†ñí¢û¼98Eþ¾œK~r}sú³ÑÇ­Âu"O½=“öŽL?aÞÅlñ› ÙÑÚ}ìÛ?ú¼í6°ÏkÔ[öÓ°ûãÎî+ļ£ž‰NA1o/Ø;ÍüÔsU+Ã]¥ždÞyâŠ$VmŽvsê£Y{smï`r3ŸŠ› ë“óUpj3±Zwjýô‡7¼|pY5œ|‡£¡nÓqöðEº[upƸÙÌÃyʯ*3ë›YSØe£¯PžÜsVÈPí”xÔYȦóIÌp¦'Œ#3ã4?E›ÚvúP¾ã`]Ì–ýæú‘N‚ZºXvëu 쨙§a½Fùý^¢1ÅiBÞ`]-BUMÝÎóxÇ@WÀMÈàö;:-NSN¶Ïð qÞ…ÌáV!ÊÏCv÷ÿ`TÈÌ(ñ +OHÜ·ibw·ŠSÏÕÜN뛽ÞÔUäG÷—/%„m»ëy9Û¢Þ"I8"Ì׾艖áodHw_]Á›æϪ®H²ñÉêJ·’IH¬÷%=j¢|i‡Ê›%[ç/ž_…lâ!%™¸5‹»”xñõÿrÿÆŸ!ÈÈØMß~Õ÷§û¹=ªÇ»~û–Znƒ|§C7­y«sÿ1¶Þóáú|hÑåG'œVôܘ¸‹ÐkÚ÷×âÁ[D³ø,×'£Ë3Ç®ø&ÝŠý™Ì·RMS¹Y;²äkrÏdÍÐ0éÃÚ ä@‡+iýµ[ÅÔ’QÛ4ü-¹+ÐãaH<Ð&ÞÎx)ãŽÀfðQç½z:CŒ³r'j·[Í^}GNDÚv©¹¬*¼ãˆ•šän+µ¿AMçóWŸ¬)äÝñ~$0ê8ó£qˆTx­È!Û?­±©\VZ!:9ˆlo¤xˆéh‘`½ÁŽ^Øà5L7s»Ð·h9í?¬¸ã…9z” '1ŸóïX¤9ê§ÁŠÛ¶xEsd°ÜO6n\ö·W<½™¯ <;—‚º†äc +ÞÀ˜7›þnÍŸÓk.<:õ’Œ¦í×Ãñ^þÈv÷ëVŠ¦øK}”±@ÑZ®/Q`µËîëó_ž¾àw tu«…òí®›¼#¿ª±·›ž6 .L/æô.¦¿åЊѤg_7<Ñp¼g°‰•€ëŠƒ•ðÃl1“ +½Ä‰Q|´þ 5°xc{;_„Rê +çÝm˜ù´°õvwÝm·˜Í2Å‘Êk±pò¶[½áQÆÍIŽ3÷Cš,w؇&FYì^.?q,’›ÛöŸÏD>j Œ™¢®&ïâ°;¦_—FAô9Kz¥8\›‡Aí¼“)<˜i-±Çܧ¿%ɃÜ'Z*KOaÆ_øË›7(ÔâOdy¢ÆgÉÇbÏã¶|ú¸å;à¯ôlÊ…RúÏ`6¿ðÿ5„ÿ‹_hâ©7?ˆÄó¾&Ç+]<õç'šWÏ.¾–à äoHx“úÉÝE˜.ÖÉrÔnhnÕôPtúä=ùío×þùè?Ä!DCendstream +endobj +1112 0 obj<>/XObject<<>>>>/Annots 259 0 R>>endobj +1113 0 obj<>stream +xÕYËvÔFÝû+´t#ÔÝzõÒ˜X$8xÙŽ5™‘yÆ$Ÿ[Õ¯’8>ÎññÕUU׫««å?ŽTVà¿Ê™:ëvGE^à ýPôãõsz’Õ¥ÅÏ]fl®<ØfGÊkÁ ¸Ël‘·‚p—)¥r-H‰Áb°>-)1غž)–¬µy%4›šT™ +"0·€ô +ÁBçÖ¿É‹ + V7y#YÉ$“—’lÛIlk¬%ÛË¡/,ô…Ð3 AzϹXGN@è„í°'’ƒELŒdÛ¨¹¬À»L%Å!j–¬nÉ—Ä + ¶¬æ²ƒmŠÙºœ¸ÊÖ¨Ÿ8bâ§T…M¤l /§¸b=×j’‹œ€ˆ‚¢ºI¤Ä`‘ýR²SiW$ÙF“ªÚr R*´G\ CÆÏXÁV‰sšXV`°¶Ä +‰uËV5lé–a$– ¬[&±Çeë– ²ìXYªßÊœ6.XhQ}ëH×oSGŸµ8k†=†Y‹%UƒŸ¡R¤Ë¿ç|¥DÒ †ãÞd=‡-Š„FN@Xã*%’¬´D·£°³R¢ÒÀá•%N@RÚ¢e$Ò)m¨ê‚RI©ç`Z‘•‘J5u©D:¥u™vXÉ )õœÂ¦‡©‘”˜l­Hmbv‹ÎdaDÀ`k*!+0X˜ß +Ö\áŠQ` öv,Š¯¡KÎ×`É€Äô%™8.IwYKÇJ℆J(‘ƒm©KÖÛ¦ â@´&p¼|â„N´Xåµ° mÓRò}}8#8TYã_Lrèðñt4 ’œç¸9&N@2¦ÆÉ™HN“AéÇà@Rê¹–‚¸§Ë£'gGL¶|‡^‡§fSfË5'xÜ/W—Û>ße§ã°ï‡ýÍËwç—é}öä¬B]’ž…W´Ð¤èøôju½ï'’¢Ôc¨]#I9=Ã^O.V»Ë¿‡ã¥ OWÚžiœU­ö²ãþÊi¤™À6þéé˳ ~µÉÛ¢õ»í&ý䬌&¢•µ¦­9´ûÙÖx»ÖãGö¶,s«ŒW¨‹¢àUp,/úévÓõÞöÆXÿîùªûÝ¿«LГ&·µÿ÷ÿ”jhQ™#lô*[èÛöŸ’dï&éÅ«·ËW¤¬¬ó¦¦Á–’yÒuý Ç +Ó!†ŸÎèÍx˜|°ý˜¾n\sÑ)R°n7\¨’”ÒÓ_]šË¼°>ÍBœ.P±R4BžS¡ †ç…òrØOãúÐí7ã@•¯Š‡²é›õxg¬s›ë¹ù)šiÏÝ“ÎýHþá"aâöº¡=›Ó{_QÇ7[ýõ‚ÁOU(ªé¸¥ÉU—+\Â^½Ç·ThʆòEh>ö—ìºOQ»bÿz¿^"º„¶w§ú0Ìr¿Ñ§î–·)&†ºzD‡bâKÇEÝ~¾!\{é´xÝ_Ó~3påUÈOìÐOïÙG¾Â‘×ü_”æóBœ>ÖÈ:…kÿ›Žâ\™u˜§£<ï‡~Zm)_÷ð:ì¼ÍðŽ9Ü~'MÒ'gÑØÙ>ƒ‰fÞ&Ÿõ—.5º +5~çdÛþ¶ßºbÆÂäÄÇáã×Ø|Åû*çNáèê§Á§ +#ep«Ÿ¦qrnáv짙ù”VTP LÜhå±É#Qw涓ý~Õ]ù¾€!%ÍŸ8¾x¸hò:gÓa¼,†jÛ„çz㄃ËWå§ÁGˆBpœ¦ê¹ãõ<™ç«}wÕsÖðá+̦`á-áÝ#(º mŸAµkŽâžð|×Ü]0kâ’áFÐÝêú:d½Ì +3xXq«¨üÑþE&?ÄKJk.[ÕØ/pÕ5Ráê9Ž¸Õåf»ÙÿEjp¿níwÒ9|Þ «ÄɆ»«¬Ñ0ÅKÕ‹ó7¿qæÒ@öQ~Þ>¶ÍZL˜¸¢§|¢‹J¼¦¾6’gZçu¸ã>ŒYÿNKpªnç¾kÎÛdzŸ_rjp¥þ~*,øî½À‡ÿgþ?;´þNߢôZƒ¿¯ÐGmÜI/N~zz’OㇾÛgÏÆî°Ã‡€U¸¥\c,õŸ†¾~¬o7”½—G¿ý LÒIfendstream +endobj +1114 0 obj<>/XObject<<>>>>>>endobj +1115 0 obj<>stream x…ŽA‚0 …ïûï¨g;æ˜Gˆz3Ѹ?@ÆH$"ÁÿoN^LÓ¤é{ïk_ŠARŒÜ sˆ"MpÙA[XŸËl¤Ç„f ió+”Aí/GBh„årPC8$›¸yײÀmÚ'œ†øîR?UÓsè·¡ýFÙ.Ñ]Æ‚õš ©ê‹ójqÖéùÀ?®õ¤½·òxyÆœƒº«•ã;Òendstream endobj -1085 0 obj<>/XObject<<>>>>/Annots 288 0 R>>endobj -1086 0 obj<>stream -xm˜ÛrÛ8†ïý]s³ž*›æQ”|³ëØ›Œ«<‰w¬”÷bn( ²™ð %©8~ûý»A-E•ªX??4Ð'€þwQˆå1%3Z×gaâ‰ûï¯OgQ”3ʳ ¤šâ(棪è‰ÇS6ñ¬¦|¤£p(á5EY$”‰šX:Kí”!¬­`{YS‘bJÖ4K`î픬 ÅŠ) _¾xC­AÓ0X(špÜiÆNÕ”¥ÌD°«JÂÙS²¦…¸ãì”dwæH›ŸTkP¤ p¦Zƒfó SÔ:›ä(Øä¬ïìȬwŽ)Éå<©ƒZƒÆIkª4(ª ©u(NáäïÐȬŽ)‰bÎ8Ž)ÉΆ쬃Zƒ¦3¤BQ¥ÙÙü`bël¡u&gExgGf½sLI”zÁþ8¦$Œ2ÎŽƒZƒb}4­§Jƒ.æÜ_ž*ÍÛRšÈQ %ÁÞ|Ò¦V¸P&&¾{¦$òžcEÏ”äPx›x¨5h!³Š* šN¬5h¾@Í”­Ò4Ž_Om óÔoÏD„td62ǔĒaÆî:¨5(–L4U4ÍQ5e«4(Ö»~f¥A¼[<ÍcÔ+É#Ù¾ I°FIÊ™aG2Ôš]â®WTiÐœOE•æF‡Ý²Ö%3¼­"¼K#ãS"¥ÄA­±è,æH=U»ä€* —,Âq¶ZÛ†@8ž¢:“fº8ðJkPÛÎÖ6Sšù á›idÖÎ1%±køáí”D 8àœ3Ô4‘FóTi›Â¹¶E -'ÍI’º9[­9 !·°§Jƒ¦ ·°§Jƒæ §ÐQ›$¼‰ýÑ"Â'id6+Ž)9%É1›¤Ñ.J2ΠƒZ# 8<Ð ž* -g‘O•]d¼=Uš“$=ê¨ «{ó'"| #³‘9¦ä¨c6ÐÑn ÌA­9Pi]O•Å» [ÆS¥9Д“ä©Ò(_U<ÕtØj ºãÎͬ5®k¸­ ýŽj Š†.ôTiP¹¤)ªtMix˜ [œÛrÓYpÿŠâx‰kÙœó䘒HSqk;¨5hÌ—+E•æHšœ­”1nv|Pò%)A®X±GZ³)çÁSkŠ×ß;ðÎÁ–J‡óBAkˆ~“+v”b>ÒB»¦Ò0EeRM••ó^Ù* -'ôÌvÙÌ^úùÕ“S,JBUš—囯¢JƒJUÚ:…hýÌpjÒ óðpf¥Ñ¦h—¹²ÕÚn€™¢6 „ï˜X^d±(ÈBl),nXˆV”D«4ÇÃßh<åï>1¾>É}’Ïv+ØP¾M,O$r6Úñ]+Š²ùõ+Ê>ðÔJ܉¹#¯/‚-…E¸=óy6CYx†ÃR¶¿où$ “p©Æ+@"u³Á$¥ua'yNk'×!0(‚™’“cÖ.±_í@Þnbâ§cÖN¾>Në‰ðv;ǬªÎ±ÛõDx»‰‰cb‡ƒÕ¥E>;«‰°‘#b3·ß0d)ùìl&Â6Žˆ Ž ))§Q>;›‰°#bƒ{¿”šmä³³™Û8"6¸¨»4Ègg3’(Lq…qHŒp0º$Ègg4käЇåÙÕGlå–[üü0Ëç´Üȯx²>¿YõCW¬‡ß—ß0-Ùq—˜ ÆÈó‡¢èënS ÆŽIÇ1çtMË×=Ýì_ðþÄ1|ίӌnï–¼bÒ¥l_̳|-{ZµíwÂß‚ÖmU™õP¶ µ[úãËóò o6fCCKOE½*hÓ®÷µi†Âûa:^ ½›¢ëº§¡{çÁ¦é÷**ªj\W61Ö-€Öû®Ã<´ÚÔ·µÊÚô2™8SÝ &ÿÖ®xxÔÚ™®‡skȺ(áDÙˆ×PÝ"!YcB‚Ký€øŽ–žü—IV†¶í¾Ù¼|†ÝõÕÕÛÛ[Ðs¤AÛ½\aUñè·;öo´+^L@•)zC½Á {©üoüfºîý_nÊàT &§lRþ¦D”È RÿÆ$úü•>™ÆtEEûUU®é¡DÌðáïóOÿA=wï\IèÈ)˜Š–*›uµç¿•Ã«k Ý·ûnm¼'H©›“ àr×6—U‰âү让Ê*£Û~+ù×í¯^vU0üœ,¦~¼}5(ÞIÎØ嫹ê~~q׫Êp\·m3 âRâƒ}2yðGûÆÍxßôš -ÔiiÐ)O7~¸áùñ›Ÿs÷i0; -¯é/S ß¹©%ú¸…d`tMöeµ)›ü¡lŠ®<=6æM‰Á…²ÞµÝP M{,wT™8¹¦ÛÎ`gË´}½B›mù²ïlwlËÊLM4Å)†)VáàÞQ¸Ñ†x°ö0™ç4`ä®èjû|:b.UõdÎìšž†¢¦(á6 ÒØàÃÉf…2Ùvm3Ã&à Øà×%Vh«j0]ƒø~˜k$f\°ÄÑÁÇÒ¦0uÛˆñ/õš!hœ8ö‹óñÇ ì~ee;¥±9éM‡³á¤¹N6|¢¦n7ì›ò'­«ƦÇšÿb)At÷åé‚ž·Ï/ø¿l?åÏç¥ü‰¿_З§«ø‚Ì°‚àôüÏ|xÞoÑ;p¨§»¶ùÇ@Ïm÷ýŸìˆNÅ]Y¼4mÏ~?v-vGýKÏâ,0t'Ïu n_[kÈã¡Å[€Ìs|h?v8qy ðëçûÿòÞ*èVrC·Géyh×ß1üèéŸÅnÇ“|E5š'>óKüüîö¡ -FZYŽN²Sñtà÷Íе›½¼³d"Už›¾ß×;~M'ƒ·‰<ÓSÉÞ‰Ž¼•‡Ó[sÚmò0952=õ0;õpvêa~êáüÔÃÅ©‡Qxò©Ätõq>¤’kùUG©¾i¤ø1Ÿ§¸HÌÿ^žýçìÿ¶ Üîendstream -endobj -1087 0 obj<>/XObject<<>>>>/Annots 340 0 R>>endobj -1088 0 obj<>stream -xZËrÜȼó+úàƒ|Яy”´ò*BäÒ;”å‡à Hb53 Œ(þýfVcºX‡íØ-“‰ª®Ê®®.@ú÷Eêü—ºeæò…Û.’Y‚ß„?~ýëE¾˜%n±âŸ7ÏgËìÝæBàÁá‘B8—æÉÈ+¸Å2›­à³XÏæ O·XÌÖ „Ï4z¡¡b°óläV1Øe1ËıâƒË’ñ²^‚ùz¶@¸ þoa€«z®`îàRfi€œ@†›2 @*›Q aƒÍS -mƒÅ6@¥È -öÉ ÕÀ2¹3›L'°Ø,”çx„Ë®b>žÌ(;Èå’–†" çÜÓtQ° r¾ÎMÁtà!Hš„óU%ô€œIxæÒd¥#©kf)Ü +lQ@~a3™;'¬`°ël–*+˜ΡV´U vµ­kÎKxµ"g€É -Ä¢82…ŠÁÎWÔ0˜*»b‘FÖ/:/lãü*⢗æ<Œó@*梋Y.¬w[p7A&snŽ!úU ›xëM3–ÐÁANph)†¦Q ½aÊò‚á’»fÀ #„!ŠúÒWY’šðH+ ¡@&’Pƒ@*[°ˆ… va©D[Á`W<¨b+ìÚê(Ú -FAhXÅ`ýÎDV0Øå|³âƒË3;UÁV1X#+ìz=ŠJ1:{În"¶¼D -ÔŸ]%¼<°-ˆûšc{"'2¡÷åB*æ,°yÑT17`>ZT1d²vmƒMWh -»ÈCnLG1Xl¥&«"âfÐŒƒµ‹,®«'¼È"kÇ£@÷â‘D@Ä“@Hd!T ƒÅ-¼PV0Ežs¢­`°ËÓ‰¬`°Ö;… ¡ÐÖ -±U ¥£QùdqEXá\`²ë±(JJR1Ø|92UÌtxxÄV0XŒ9ke#`´µU „ó¢R ¿×˜ƒÅí ‘£­`VT1ŠJ1+j•—± òH(]0dCÔQ1XÔ–¬`°uYÁ`½p‘Œ„Š”!V1Óå Ykæ…]¼è¼(=`ÄO -ŒOüŠ€ Â`t†·´šœ@¸ä8íRöéH*¦\YXÁÈ#‰0 ÅÔÀŠ)„¤˜›Ê©,zö$œ0yΩžúˆ6`ñN ÂÅ6Hsš£]ñH¡–S´x:Ch¹Ò®2+"œbpLöa˜ñ"’ŠÁbOeƒE•ãM%8æVçÈ9¬b] €k -äEÄDìAr‘¤8XE9CÅ`mk£[Å`¡[®¶À|ËòÑfé|’b†žµØ*‹c¥Qyéqã³â}ü˜ªí¼ðoZ— ƒr¦:#·:ãÅ›ßoµ@”%ƒ œ@›À zà°ÂBtÉý ¤bª—0šÈ -»ä¨)¬`Dk/‘U ÇH×ULõ8âF[¯º»Ÿµ™ÜÀ B¸5oéÈ D¸¾Lƒ¡b¦ÊQ4š*F@¸ }°UÌd¬Œ"+˜ÉX)DV0XlÕȳ`ö“±gÅþ’И½Lh_>HN ÂÀ1Ò;E…³“{§¢Óó^'N1¢Ørz¡¡b°öº+¬`°ãWbk]ƒ#¬Ýk‘–I„tËcIoˆùÂlÉ™!‹SÉÃtÉóY/”a­øš–°5#DqjŠœ@8Åu¶R1X»³¢©b‚mYXÔ” /ͨ2P„p‹Q‹R1X\çÈ:²‚ÁâCÉÈV0XôShmûÚT[ÖêƒÅ{ƒ†¬Çoë•OêÙ{ƒeg &;pCrT’¬Oölë“‹¬àld}²ƒm†âIÑ+!ƒRÌd­´"+,^P2塤´¬n$¾Ý -ÄQ, ¾œ@T(§¢È D&èèj¨,.àBLMút5|Ñ`‡ô`'…‡•¯,šüîÃVį‰é€H*æ’Ûý³Ñ-€»&S1d¦‚ÁâàZYÁ`¡ó\YÁ`ñâŽe£gÁØ|@ȵÞÁ·yn Ëj…ʼn|PƒµéIXÁ`1µÁq´ — ä¬`°è©¨‡È -FÈÛ]d}ÈØmkw¸œ²!rÄp SYÁ`q rd3(K(²‚ÁÚ9[ÁŸÜn°U W7ö>²‚Ábʧ‹ÎÁjäýÒO7b°øÞ—)+ìœã¦Ø -‹ù*Ïv@ð™À^èøUß~æšöid`ð?a"b,ƒ‚‘eo¬}›Éígº‹FX>wÈðÙ…gñÆeukçЀ‰!Ì0³ð¯Î%!8Í"!«Ž4p¶2gÍ¡:ñ©’?sµˆàpøn:P¿}<>›™C|øµ‹—íçàp`ض0¼ñ1Ë,BFÏs8Û0Ô·½Ø…ÌŸÍa@6 â~:3˜w8ΘΔ@pøB€{ p2 Nä"‡o­¸ƒ]„£'Gœ!Èww—y*ÜÝîL´Kw·³¿KÜÝöͦ¯÷{÷T~¯®o›Óý¾êþòç»ß.Þâé·öš~·{óéØWmÙó©ëûZwÍKçŽUÿÒ´ß:÷R÷OnSîKšªåÕcuÜÙoß&ÑßMy¨Ü¯U×ìO}Ý]}t¥{>µ•ûr¬\~®§®÷;ú»üˆãwÎ ÄtYõÛ˧¦ë;>#ÎhéüûlÛ,›)OÃÀNÉc×!£íSx j8’ÅÒ°•|eçN]µ39Ò•‚~Sîž*wSõï>ý²qæï}¹}ª&)ñ¡Ï×?ÿ²¹Û¸‡zo´ê9f$7÷¹i¾ž'¿~1£´~n^Ü}‹ æv?œŽ[îQçÊãÎ=ê·«ž÷Í«ëúõb~Ã& ¦'sÊBÂeºj{jëþÕ5ÏX†»W?²,̉{hZ×UÕ5Ú¡f†šlŽSM¿t•Šsç°3%jìÔ?UǾޢ’Qu]Õ~¯Z«–×å·óz¥;T‡ûªuÍÍ%j¸ ïšCY[ ’áûIèÿ+=3°Ýî!D·à&œI­¹½º6Ivu×·õý©GéáO·EŽm¹ß¿ºCy,ñÛqâS¹¼¸Ü^xœÊñAœ_ôã“’1£9gíõÅè÷áMj¬³nRºëzÛ6]óÐ;]ê#ªÜm^»¾: /U•Ã~…JRA>‘üÉ—è4±›¦¯¼„øG¡q|¹ùôw[µ‡º£Æî]Ýûâ>·5lîÕvËC>hŠ{÷"˜#]ùïuõÂm pÛ§òøH`Οƒs6þuçF5S—ûæqÚ¹xðpº¾Ã±óXc³A÷T¶Óþp…½Á5/Ǫížêé‘?Ôº]ÝVÛ¾i_Ä;•Ðö!Š5øCð1yf´Ù×Í®~x¥>Àÿ²¶/¶´õ EDËA›iwƒÛ¶*û -uÞ}sÏe‹k6Ó ÿGXÙ矟¯ÝóÛm‡‰lNÏÏMÛóæòÇ'›e³Sõ°rÛì|u’“ìFGej÷žiq™>sÁ?ýkb¼©z£?´5:Xg]à§(RÚXŒTáqéöeûX¹ãéÜÚlÁ@;áÕnG7¨Æ³OÔfiŬgåöë4>/XObject<<>>>>/Annots 392 0 R>>endobj -1090 0 obj<>stream -x•ZkoÛÈýî_1ØE -Ԋć …ã$[/b'µ¤ß -š¢mîJ¢—¢ìøßï9wÈ™#% Zl`ûøð>æ¾æRÞ?N&nŒÿ&n–¸têÊÍÉx4Æo—ë_ø7Oñuã²ùhуµ»9¸qóù(NàÆMÒt”™RÝt–ŒæPº˜@¥žË£)¸yFƒÈ „ÒÉœJ©ìtr êÕfÓQµ¤ªw¦ð*rir ·"©˜ìŒ' jƒÅï•õY`6n:¥^tH b0f`'J“CR1Ø”QŒ¢ŠÁNÓÑLYÁ`–Ï`Ö» s¬ƒÜbkÀâáÆÍòÑÄM'Ðjé jd€08YÐ@zƒcfc0h ì9o!p©tLT 6›Ðd`Íd¾H­ôòß<0“Bpœá‘T 6Cmd½Zä¥7[à[n€jÒÛ9NI/8¡X‚)¾åÌŸéON­d–ò<³\y%('e—ÒÞ—-äÖ–¹(—Ì|l”3`¾DH_Ôk$ƒ…±\YÁ`§ùbÅ—ŒSž2˜U 60@µL2 zšQ­;K„˜i9ƒ8Öz*‡¬ s"a 98G-Рb°*J+ˆú”Œé>R² ;()îp`FN Ü9”ƒéŒ¾¥ŠÁæVu‘ u€„EV0S2?p׎’¡¯9%Ì® ;J„8JŽÓFN L&=‘TLwS(V0ÝÍánd½C3¦-dœ:$Ðœº,pð}€p6£?ƒ“ÍIÅ`SV—°‚Áâ¬X™kùYÁˆ‰¤bEW§"ª,.¿LYÁ,Á M5+‹ËPe3mÜTDV0XØ™*+åëh.¬b°°‹dYd,¼Ù8¬ÿ‘Ÿ¤GcÁ w ÿ¬±‚ÁârÅL“±‚ ®Ê‘U Ù;`ƒÅ5‚@Í6•8eýTbÙydfÑ»†SÖÀ -‹ŠG¤L“É -†YÌ „&°ŠÁÚï…ìs€PYï2® ¿?p—ä¥2·}š/}†S s!¬`FÙ\Ž²‚ÁN9¡DV0Ø×qaã@h„\XßAxãFË (tØRHÅ`q¡m#+˜.YŒëb#fÛbñ„ChT }sR1]​¢ŠÁÚYoI` ØŠÈŒ$–ý»NäÐuHT/ÇQ†sAÅtˆK¡°‚Áâü²‚Áâ½4›»xKeõ£'2¾Àú³ˆ …T(ô†á bÁ᳇‰p‚³9ÈYîPCVÓx3Oß…RŒÛ{ä"d“pÁá'rfÎ^ç Ò̈æÎôG.B¨´Á8àl"G.BpöʹÙëöi!G2}Èi›á×AÎR—÷[{6Ãé Ø"Äñò…p2š4å"„›xÿâG'ÈRñ7Eùû=‚í+Tˆ!^¬ad®÷¡oÅC“*ÕV8-D.-/•[¶û]çÎÊ&:8L Í}¾®T•¼êã#\Û=æÙ¹éõ£æûª­Ä“Ÿ>nO¡öôýúå§ÿQ\¤é˜÷ó[7rvÞl6p c7˜ô]Û6ß\7/»®Ú`̯벮|D uW÷Ý ÝcßÀ‡Ö=TëGWbF]8ô÷ñ­u˜w×´a"-¾¾¾|wÕ!¹¾=Ø+­¿]w?»«ª{Æpè'%%.?”«óº)6¬ëçƒÓi¾ýxyvqõŸóWËëFÝ×ÎýüŽs¿/6÷_ƒ–hUÓ·ËYÙùö`IcxÆÝÁ̓i¶~é˹W½Æ@ÿ~ùý·zý¯ö¶Øðõj<çÿÓ`½yusvùæŒeð[Þ6åž“# S¾ññÓÙxÁçõÈø—Ãy†] DÆs¾[žüëäObçªæendstream -endobj -1091 0 obj<>/XObject<<>>>>/Annots 444 0 R>>endobj -1092 0 obj<>stream -xYËrÛH¼ë+úæÙƒd¼ ž6ô°¼Šµ,­¨ A°%aD´<ûõ›Y v)oìÆDx˜Î®ê¬GW7é?Obá¿ØÌ“¦nO¢³ãÿxøz’g‘)JþÙšr~VN`m7Kð—­Éçg‰)S°5óùÙ\q -¶&ŽÊ³X‘ƒÍŠ³T³ -ƒçg¹fnMÍl5›Új ¶˜¨B\H‚*êœ;ÀP„¤8?›)Rc°IÊLˆšj ¶ŒN`f8Ãñ¬Æ`ãôÀVc°™T'Ø*Üš4Šl]°ÈtÆ`gŒ\€ G3fÉ“»`!8°~ÁfR÷À*ÌTÌ(ɳ® Ó=†VËèG€´Z€hQÑç9)7bzRc²%ÖlÀ”›Ú*L¹É$‘ýôP” &Á9c0›I€`kfÒžS\ÁN -\€¨Y|À)È0¥A½¡Æ`ÑFÚ­ÆLB6Õì±$93ÚŸÒFr„&.ÆÿQlOjLI %Va°hä/° -SRÌî ¬Â¨‹;žÕ˜g¦`Å=ËråóT&@š U`4 -¢01@à„t‚6Ô˜j¹c0Õ˜]!Õ˜j“[Á¢Ëöê)Xc°ïz_1ÒÀ¤{sŒ&NŒ -+@!Û3¸“.Äž‡òÈMsGäÊ‘†˜ã(ƒÍè=°NNI—á„€@· -Ê寞Ã]¶‡Îi©Hn²Ç`17cÍ* v–ãìǃ—¬šßVcdX(VcÖ%?`]¨ÉLZPîâ\€dW³ƒØ4Iœ'5+£K± -3œŒ-êmå2Ècþ%s„;Ä]5+Ï„À:S\.ì†÷- -r¦ƒÍK*ö¬„š•¥4 ŽEjªˆ&cŠ§ œ¢sµ¡Æ`ç¼Oƒ©ÛÑs\‰ôL€lÉQæ ô5ì<‡éº‡.ŽR‘ÎiKÉ -^Ñ™:U†}¦HÁÊà ¦ƒ-xö«0º(å‘ ¬“„ÛVÎoFI$ν$ON’&Ë~°i`†m#ŠU˜‚9L«0;<°NpšKá¢ÍL&€‚ź3E&`&€”‚8ü9NaàD=9P§ ”&%µx§N ^ -Ò$% Hòœ¦MàdÚ8§ò ¤8M¥uÑyôâ€wºçbÃ\‘S+OT0Õl>CŸÖm*éĦ¼õS²i€tˤ3Äû˜§Ú©ÔN\Œ÷w/\IRc¸ÍrT2°râR¹§P> ¥‚0”v 5¦[ž#Å* ÆšUó­l5 OGR”Æd9€버d£|6¥h© …S(p -‚có).@¦Ê@jÌ4°©ëä$îû‹Û_@3qnÏ)§h08õ¤Æ`±š3° -S«bv™G0ÞÖÉE98£œ\AîÄ9}žSÐËõä$w²œäÖÉݳN^`†g¹:RÏ:¹‘ûv‚úZå*ÈoÙ@j Çùõ¦3¾«0ØŒ—‹b+/ËÀŠàQpnâ€ÆÉo€0ĵ+Rc°èÁT³ -ƒÍSøŽ5‹&°` `q¹°bsvxÊ·qŽX>F# ö‚ÎÙÉ\@ÃòÇ$7㸟‚b—(ÎÙ¡Q¥ë8,Ø¥®$Ž‹ÝÛ EÄ @bP.Hìç9g‡oöŒÇ… Z„ÞD;Ü®>tù,VŒ|bð.ˆÝg2bƒ{_Î)WÉgo31ø_±)øTGixnä3mB—¹¸°Êï“󹇸|öûL +P”l”No~7•Ï4B?Oˆ-+œýÃDŒ÷'^I<éûú{„”óôxæâñäó5R›ÇgþxZ”3ó¸’ßN#óXÿvQÕo/}·Û¬þöøÇIdN±e‚¿=½V£ùsW­›çƦ2W][5sÙmƾ[¯moº_­ÙØñ½ëßþNØÁ{øG÷nVØ>Æjl`òÜlV¦pâ°öÅÃé»1Í »Ü_]b'»²+·LïtYmÌ¢j—•YZ(eL»íGÁb¨Ü;æÆ v40¨&'W—ÿ%¬íívÝÔÕhEÕÐ.·Õ0¼¯ÖÚ:eø•Úç`1v}³yqŽ? æ÷ÁöŸo«úµÙXs^×HühšÍs×·.;È0‚ùvu~o®šÞÖ°ÿë8±÷»~Û ö¨`7¬ËjW3ÉGÔb·ÝvýhWÎñÂö?l?/ª_m[a÷•y°kQ3¼6[3véÃõ%Ú™lÝüœ¤Ó….šã¹yÙ…Í{3¾Ê®\ªkv·µ õÙñ:”ÚϤ -á_ÑÉÛÁ´Õ¦z±­ÝŒ\®*¾°5ÄÉâ£QëDØ°µuS­áyûf¹ÑÊ(”ÑvÇIüò³j·k‹ˆo®ÍT„g‡FÕÙÇ0[ªo§:º›vÛw?P¸eß½ì$4ˆ  ½ò%ýÑØwÓ=ûÅGÑ_ì} ®|©èïûn¹¶-Z}èÖ»}?é:{OUÝwÃ`†ÝS@äkM~èU^áÔ0OóÂŽ##•ùtó}óɆ=ŠF-órxzÌÓÝÃ?¿>Üý~ÿÿ\ÝÝžß|çjãu××”!Ùæ)Àlá¸k«aü æ¶zSk±jn¿\ü½Ãô¨–Ýnd.ªU ¦Z­ïÁwÔín=6l©fƒmŸ«Ú­8蒅̾-hΑMÅðs u=.»v[õÍÐm\§©šßm×]ýö¡‚û®:Jå7û´«õÊ|z®Þ¬éœÓOø £ÿÔ¬ìC ÓS®›Ã °?æ°[zœ…[­ÌÐü[†ž®ÒmõÓül›ãƒþ ÎP#ًתG»Õ”C%ú[÷bÖŒêÈä©YY³Æ´þ¥¢¾z?n›'Ìk&Bm  øUó« }k[ zôÖv;ÉÖA.Ö¸J/×Í~D|¾.§O²¨Ä¿2•ri/Îo/Î Îï¸9pÖ;Ž•0YcüÊÍ姳hÎKþ|9Œ}UKö2>/XObject<<>>>>/Annots 479 0 R>>endobj -1094 0 obj<>stream -x}˜]oÛF…ïõ+æ®ÐÈüI]ŽÓ$ÞÔn¤Ô½È MQ6[‰ôKRvóï{fVä)@Q4ÀñÙ]RÿŸ…à¿P²HâTÊý,˜øËôÏ—³8’æúï^Ù<9Š¬f$÷² æ!1g—Eóvi4_JjBíHÂ.Æ#ž9»ÅržêzER¶ž—{É<♡$E|{‰–ºœ 5#¹—d9ˆ‘ÜK¶8a$÷¡æ79e GÍD]q ˆ4Òª™ÐpHÂ0\ž@gi6H?ÑèAèI:KÍs²#‰`pè`Á ÚÎL0z’iÿÐS–iP¼}"gOIƒ.,¢‰:ÇvíMŽM‘ã‘:Gž’†m¬Ÿ -ÉDu+ÄK- Þ?tvœP·$ñ¦7®g¶©cû^±cv&ÔÎ1ÛrØBZ‹Ø„2’ÇãÜ3g·pß“é×@lBíHÂ.Få'¨,B.ºWqôeG¡>-”shŸèÚ -'ñÝ®éa¸±ž µ³Pp#`@ñb‹°ðWÉvön=»ü"tYoõ‡ˆ4Ïd½±ß!Y—«]û*ÿk릳þkö6·ö.¼Þ\\ïêªd84uó¨Øçïò¥ê»ÁYÁñd¶*ö…ÍFÚá©êäúæÃJJóe󳟋²n†¶øålÛU$.lú q—E#7R¶Í¶~< ÝÛÕe$÷E÷,×mÓTå mGL¤è¥8.%[0‹ÕÖäÄÿÛu,ß.šv—øöæg·nÓŸ%D§á7šÿsæŸjw…Hµ2ŠôýX¤ºïU/¯OUã¼}»PøRu}Ý6ßÞHÝË¡¯6œÁy­4ìM‹‚>/XObject<<>>>>/Annots 482 0 R>>endobj -1096 0 obj<>stream -x­VMoÛF½ëWLÓq‹ú¶$ßl IshƒÆºä¸"‡âVä.»»´* ?¾ov)[v¨ Á‚Èý˜7ïͼñ_ƒ ñ™ÐrJ³+Ê›Á8ãÍÃק÷ƒéz‘Mh1_gSjh¶¾ÊfýSMw²Ÿ³u6§ùj‰ßSü9¦2.LfsúÆÂlš]=»ŒÞ­i:¦M LWËmŠoò‹_í‚¥ÆUפLAöîn~»½ùyóg<ps* ªÔ=Sg:ß©š sႉåÓ¨#êÊWB0’J‰|Cvgmø1­ž¤Ÿ-²e¯ýY¾4J‰¦­§V¦½²'Ò3ÓAjÛ·œkÀ³­Hï#¶¥ÄFmkv˜ÿ漓 ÿ#ÌFퟗã3`±ÅrôHà(Ó¶/Œ>šœI‡·Ð¨ËQ¬½µiZ]£@¥0ºöèPÑ‹^¦Äõûž€Œ†þ™£eô¹Gå¹U(âï¡Ž}¡ó¯£ù¾œ L÷à À_󻊢ÒtôÉh.]‹æ6 M¤ÐÍ|¯mçéž‚ §&u½«BtGi–è©Ñ–Å,š¶?$6&XÎUvœ*)¹ø–1ÑŒjN@Ñ› w¼A‰6ûQ»¬Oå{ *}RFÈk(DÒìÂËôõ¤•#R|ð”,HÃ4S°÷Cºá{¦;½–&™³ºi­ Ê ë1JŸk§¡yR(4ÄŽ“Yu°Þ’C^É£ó\—cîÀF  ?Ž -§Í>îp}ÐMWGcÌè=‡èB¤“Q…å÷YÛéæ¢âÒÕq:ê3 -Êaxçûã%^Æ(Ñ30¶pªcôWøD&iI2ý KÓ9Yq ÚÇ…+Q~Ño’'Ç€{1G8Š·Þ­Çñ|–Æñ¿þ 3_³ÕjžfôRPý²ü1ø* åyendstream -endobj -1097 0 obj<>/XObject<<>>>>>>endobj -1098 0 obj<>stream -xW]oÛ6}ϯ¸ëK]¬‘¿'ÃÚ.-‚¡IW»Ø‚f(‰’ÙH¤CRIýïw.)Õ®švKÛ‰.ïç9‡7wGcá{L'š.(«FÉrIû[â—ÍǧÉ)Í–'ø|²Læd%°áô——Öv:Ÿ|±À¾3¥É|œL['_=8]|{àåúhøú”Æ'´.áb9¦u‚h V^nizF¯¬^’ßHruJ™Ñ…*+¼2š -UÉäÙú<Íh ìéxr’,àk°ÞH¤&ðãD½­ä#‡)|ËÏÁÄ‘kÒ\Y™ycwÝÃ\9oUÚpÌ„.`S–Òyڙŋœ=Ôœ‚§É„ƒgˆ[4Uµ#g‚a&49)icBD³ewŽJCÞ”.,ÇÛZ‘y•É„V0æ²kÜŠó0–DUžÅsÉ‹dÖ–LNq±H¯qœÁ#UÓƒiªœR4ÆÔˆ¬tI•ºåpÊÅ~Žè”Û9NfÓ üÏ“%ÞQµ_Ëʤ¢ú»+ˆ:| «coKkš-ýJo¯ß¼¿úð®5žŒã€:_xÿ¸A&îÞ`S6\•¹…?m¾–a(F£ùé ÇmIÓe2‰%=lT¶i{‚þb>@™Â|Ò ½3ZÒƒò|&‘e¦ÑÈ$BÇI{/ís´›û(a„IâEYªL‰‘jQK2¶Ë¸È“Pñ. ”½`ìÁ8¡›Á¥ ¨x0䤆û¶ú ž®D -R±H©ˆ¸yùþêÏÕÅå›Äö½¸Œ¢\z¡*wó¬H Ÿ/AùïÃ×ó–S`èPÚyô'>ëø6@[€Im|÷œEÈN äÄM˜¸ý“¾t i)Á"CYd» -ܲNVEáo9×€Ô̾m›ÒEŠÐѬ—´­ºÊ¶n+3U(Šœï%ÉŽ9¡~’7&a. ÑT¨Ó2˜«¹e»¾s[‘6\÷üg‡•ÉD5DB©V*ö‚Ü<ë—ùîjƒ*•†ç:ÊH êu2k¬òé= ç‚0p’-‰ÈmXô ÂIp¡`3uW!SöõˆBHŸ m–‘øz8hW ˆto¼»ƒƒôòi÷Œ„Ö¬œ|K¨¬©xË"t ¥€e”˜$Ö‡Xy'Îؼ±yÔ“pÿ€š÷”ÐÑQÌ @.t/À -¬1Q\vKK-àZä÷Ð^uÀûàø퉱Øk#»oö-Ðí Í|À‚‡±HͤŽ iýÆànàë8ÒqD ×N+ÝÖ=®RåÆcÃ*}רì¿ €«ÒÊ+6¯v@À;Þ^ö´Åº–Õ)Ö^œ‚®ÎÅo‚¾ïÀZ>wyµ>ÿ…Ö¨©0¼»0ãƒv¡Ù¹* ý{RAGy¤ty±bâíç@Àn·=7ŒrëÚT—í%>^à_ƒå”óÓd±˜‡”_¼}ù‚ÞYó »h¯–pUqÓŽ»#Ç'#ì’m‰ÿ{¥Ÿ-ùŸ”z]²ÃóõÑGÿ|Õê^endstream -endobj -1099 0 obj<>/XObject<<>>>>>>endobj -1100 0 obj<>stream -xWmS7þίXè‡:S|öù|#“¤e¦!)¸Íd&3ùN¶¤üïû¬t‡1y)0‡Á«Õî³Ï>»þz”Rß)M4œPVõ“ÙŒ¶»Â}§ÓdL£Ù¯‡ãdHVÒ¶}œ~x4¶ƒi -ƒh;€}czÈm::KÒÆt4ÁË`ûj~ÀsïíˆÒ”æK„;™Miž‡›û4Ï:sCÂÓÆÔ–^Ì¿õÞ"§`ÜéIŸõœ´·*“.¾×:ê$ôqcÊQ.—JËœTÆzJ‡g=ŸU ],I¿Vzµkæ×R“ÈaOÎáq#ÙwŸºé0 ¸θ—ñ¾ô!ðî`’Œø]-ýB×uN·w=Ž žZ[§JU[lhi,¬§½:¯8WrkS9­Å­$¡Ijo7!–ï_¬]ëéÙ{/å½'™«oàŠÜ}ždF/{é €€ü 9r¦”HF‹vðéÓ×5MFÃÒ'3üH´÷µ šóVŠ’P#ÔçN HkŒ§^íl¯0™(zN” Ñ[(Ýså"§ðà(¹Fà÷·.8ùÊÂ=ý皇ÇcºM:ÃY2ˆéÌ×’ä½È<¹öâžÌò YŸõVX%-¤¿“ `­Õ½t µô+ \•60-•ÆO[¢@ÑBÐÐtU«\&Í?[Æ]¾Ÿ¿yI×(Xs‰pç›H5æ{ulŠò/0ûÜA«peùX.­ËŒ•Ÿ_p›lÊO¦Þ‹²¬¨¨bnÌÈŸðGhšCæ[`⻪@ÞP)EeI ·SÎ#çÃ(½×0ÖÔF¥ }YŠ i 9§ÚEDN”öÒ.Tè„Lå•áÚ0-Cÿ°©«d¦–›àÅn+]Ь]áÆæ¥p7L  y[× ]Õ:æ3nÔ’;T­öó.6 -n(7úWO7h'ºcYä:.¬y&€>D’å'܇û½·í%;r/ìßù‚s J@O("î°µ&¯JyJ‹ÚÓR¨Â€a­x ÷µŒ:™Ôðþ‰—γ&óe'‰Íbcr†ÊžýŽi¶…ÉMРýª<¿º¼¸ü¯è—6öâ‚‹,“B·§1U:ÁI…¸²Ì” DTïõŸ¥]BsŒ FnÌR -4ÖVë¹BÌ(W1‘”€ïœrQyíª.AYwÊìßg¹ÌªÊŸSçæìÝmhiM«Ù–º%e¯Äû0^¡@pü#GO©’v-*G_¸ÍxÌúãïasüaÆ) §EÁsÓ#QAën=7“ifÐ6΃LäÉÍÛÝK½QE r'‹¢áú¥˜Ý¼t‡w ×^V4^$t^€Zxu+_RÈ<0Y  ” Yý1xðÓ™£ñÛ y‹|vOíV/ƒC`Û©`)š©sû V—¦­ï0,Ü z]§ÉùGGó/ÇqÒ®[8Ÿ™°ÏÏçîë ÒÙÏœ “·9»]Ÿ_œ…ªjÉ{™Õ^, -Iw*1õ-o²u åøí>Öå 6\¹fû"eàbð-Û÷ô ¸´àI -š£9c,!,£ÊfIØi×h'p(°¹…öñO§VZ>/XObject<<>>>>>>endobj -1102 0 obj<>stream -x­VmOãFþί˜žZ5HÄy%/|hÅ•£Bºƒ^“ -UM?l콇½ëó® ù÷}f×NIàÚª-0YïÌ33Ï33ŸOÔÇ÷€¦CM(.NúQŸ&³y4¦ñlŠç!~*Ip>D³×FçãhøÚÁ`4yãíò¤w=§Á”–xŸLÎñÎ2!øî÷iwN–4¹ eµ£\Y§tJ.“d3QIKâQ¨\¬sIFÓÎÔYY=Êêtù †Î î§Ñ†;_‡“As2Fçð‹[¬ã\Ií¨ûžÂK£æ¥ÎŒuZ2›£®7ÐN%ùÕÔ@fê<¡T:Z‹ø„ÇMfów˜#ºÙp ”ý­ã(5YSH—qÐÊ’Ò±©*»|‡0]]F ¦OÝÁ)‡û[ã$î ¾Œ÷ùªI(šDn ­%ÕV&ä ®KÚò‹mQ؃\¸¯è½Ð„)Cr,­:¶Ž3öÈ÷ýæ>]¶ˆÚ„4Å™1Ö{¯(—2€¸®”Û…09êBìh£4à1®…(Ötû\KëPg*…µ[S%ˆbc€V9Úª<ÉØ#8!®ˆ´9í]Ÿ·¥}µËÙ - W)hn*J¤½l„ !'ÇÞ9’È|dãm· -ù®ÝØÝ.‘$-…MéXÛýå®Û‰Mÿ kÑ’kècÔÁšêÿ¹Œ´ÑÝžÀu»: Qü©£îhéå3 ò‰Ö »÷vØc­ÕSSÚ`ãßI&ÜÝë…z=äk/™ž` *þkí,w¥ŠEn3°`qØì¹¹pÔ*°ƒÌ°Þ@n¾Çe­ñ3K,—` —Oië`_&ÁÀšÏöF9û/@¼FÒd‹Ït(4 Ô‡ì=gâQ‚L`7Ô§ô³Ûtsû‰P Íqp•3Ðý8¬ß*ĨB¯øT#Fo_Ðoº…ýµå™¥t°Ö:y†ð îŽå{ È'Q”h°Á! 0e|jAÏ5dªˆ9ëáå&Ex¾8ÜT—3*äv¥¼x¨íÿ 1÷zÞ]í;-ã›6|ÀúÙ Öo*S@œWw‹3âv…ßJÏŸüŸÛå›DŠ†ý œ ÎènÑž‘tqEJi¹ÂWšáÂe*L­½ÆeÐ:dú嘸X­îon¯îî«Õw!¤v2ÍѼM£…§ä‚Vø -ªç$‡ç— -w÷S‰a••ò°þW@yé¯`*Éß°{ìÆï±c6äò•|lRær] 'ÏܵÌDC´®SL“ÒTî«Cê |-mîyð`b¡ñêÔÒ•Ã÷è»ß‡+¯To£9ûÍ ƒ*HÐj* îëJ?Лmfh[…ù i”Æ·©JØì 7M7dë4ŸóšI0¤y÷’HDµêÀtCÑvÞû“Õ)9„,4ôÏëÃV ÝÌïGT¨4sÈ„à9‹)Ç8®n.¼½[Ü,"÷„é…øèúòã~#Á®4ìź;Çë@+~±ÀŒä¡âÇ¡ñ«×³N£åÖ¦•©KDóÐö¿Ÿß]^}x÷|Ìb{hÆ~&ÐY$¯?uKk75…}ÿ&¿à˜Úªõ‹•rÒ÷àÞõ¬™ƒ VÖÙˆ&Óf7Z\~x{I?Uæº#j×–=Á’³Úm/t§ý9ïRÿañOÇÑt2 {å Ïæß-O>žü³gkšendstream -endobj -1103 0 obj<>/XObject<<>>>>>>endobj -1104 0 obj<>stream -x}WÑrÚ8}ÏWÜÉKé ¸@H;³„¤;̤”-îf;“Ù Æ–XK†ð÷{®d'ÄIv2!€%Ý£sÎ=Rþ=P?élDiqÒú4žEçt~9Æû!~KI+ÿàbto<8¿ìG÷ ƃ×3®â“O_Ïi0 x…ê£Ë1Å¡r¿OqÚÙ›2Ïö*“]²† -qH$ÞÒhI2·’6ÂÒF9:˜ª¤mi’\$tæ˜,SŒ&å"úe*JM•g$r¬Ua²ÛHº»»ûÿ>éSopÜqÖ±Êá‘!› -M‰HHY[IKfågXQ$¢—©µ´.ªçG` sï6R3Z©G?¸´¸½™,oÈJ@ ÞUÛL8¬‹ZŒ$3iUHí„SFÓ}Ç”V•©ìLÞdÜF8Ü‚¬å££­,-&îUž£<ê€)¬’¥Gùéëg$ÓÜ;¼×J¬µ±J¯iȳ¼ô±$½!KÒ™­ü¾6b:µu"ÏÐz‡Øï} Œ†Â0“—µs=›ü9ÿ¾œ-#÷è^®ßñ»/üǃf&ê%߇½LÍVÒìú=°WÊäJT¹£%«Åj[”äB?@Ø0;¢x£,äÁš7ÑÔ™½¥Äè¶ø _}*ÌãA»e}. ÓSÞ†¤=wX!UQÏAQ ægÙÚ?Öæ¹{:ðt.ÙghïÚ (<ßÍ,À«†N-µ@’v -ñÛ”Ê8…8¡‚ Li=3M&ÏdI= Cø¼ -ܱÃÈD4ïÊT!´L¥µ"ôÇ!óÉL¼¹*TÈ"R˜rgZäzùu cY­D"~2ƒŸ¢†Úc®µ”«‰~±'Ó÷ˆ…Ǻ‘2 1:?´Ê–²J³‹E¶C—‰µdbšpY_†=î³Ö$6­px¡39$ïVwk¨+­,wœÀÐ' kl…µh‡ÌgËѱàuǺi»°Šäå|‚öÆ}õ›!¡4 †uqaý3O@rGê {ií Š.› å}2au”0ÚÓfP‹Fûã”B °=ý†}¹¶×cÌdâ^²Öj&¯1;ó— øX#=8Yܦ.‘+t¨ÅQ%×_8RÿE»ÿîê@ÇL >}¾¸ÿØF¶”á8nú较AÀª+‘CÈËP -f+“N¨ü•ÿçÆÉ/?7ê¶Tˆß+Y±ì Ü õa_3³!!CRÇÓŧق ,Ý´m#{K¤ =Û)¢¯@蹯M¦Â‘™Kn»9²\Vª½,ÜÁhLyðõÞFmt«®¯cÖÉaý\"A‰àð¤Z{¢ß<ûÌS²*MA?ç³Ø`‚¦^EZL¹äs–=§ws y¨p¾ï4˜Fì  Ê#±”ÀBв—Àõ8E¸ÍÊP‡±Æåhƒ¸^º]üð¼8qþla¹Ö®Y'Ÿq'®KQ„«ijNÐú‚â µi©¶ŽN1Ï>臈2¬ÅãÊ*õ.nœz{­Uùÿœsp×ø‹¥ å¯åßdÝDÔÅ=C™ñ÷‰t`ñQŒôÿõqÖT ëÎkŠÃVG’á|åû¦s¦?˦a¸W”Ækîh"1•{:ø«-¨;Öþ•$~-o€ -¶øŠÖ溬/zƒþM¸<£Ñø’¯ŒËÉ·« ß~ãH§ëãë-¯Ök†÷ÆýÏ<þËèùø<.qmŘÁ€§ÞÄ'ü§% Îendstream -endobj -1105 0 obj<>/XObject<<>>>>>>endobj -1106 0 obj<>stream -xmVÛnÛ8}ÏW ü² k}«í<ô!iR Ø\º±»E`´DÕl$R%©ºþû=CRŽ«EY"çr朙ù~2¦þi1¡éœòúd”h¾¼Èf4[.ð<Á+© &Ó7øù›ãùôõ«õÉŸï/h<£u 'óù2[Òº ¸hŸÞšüYé¯gëo88£ñ8N8vú % +í¶*ß’3µôª–ŽrÑ:üñÖ´›J’rTEC[Ñp2G0°°ÞJ„äw†ü¾Á-Sv§“]-eAÞÐFR#milß›= ZÝ]‘“ö‡´Á•Ê:ÏîVæÆ¡Ar;žfvãUevfòJIíÙ‡‰V诒Ùì="RïL#5T2ºrp  öåáxPH½§ÚÒ ðBø“kd®J%‹WîaJcl€-÷yü%~$Y íUî¨Õ…´ôI«Ÿ|™ï©Pe ‘AiM .§ž.|Vº@²ý#­SF3̽¨V¢Þ€ €%H5¡­øºXÄÏР¢!U-¼Âû2×¾z:}:ƒÄâöÎË…¯*>¬ê¦’5‡ÔX¤g{AõÎX†Öw -d:dëÏšà⢇ÃûoJߧÔÓâ˜Àõ(”Ü5b¤ýÊ=¶Ž} º/oÑw© C˜hÀ…~‹œ˜àÌÑo4…Ñø®¯r}ã‡0Ù‘åÓ©k±@h¥ÀsOg ·ÐÐöá!J² %‚•¾µ-÷haèáAâºJ Ø±+´‡ì#Møxø«Ù]!ø¼ øÑV‚ ÃñÌmqò&ÃUåú†Œ:ª Uö¼sð&Êõ".Ðm­°Wíx‰8,D"gÑt]:ìf“S5x*´4­ëT­0AÂNA—] dµ -:GÏãõÍý—ÿîîoÎ)<>Þ\^§ÇÏÖ7<݇ËÛÛãa¸Œ\nåHs£*åÓÔsÃ¥€4‚¥÷ﮂHÃk G>{¼‡1—Âzx¹DŸ°äiÍ2ž|µˆb(@]qaéf—gžÆ[Ý8þø.v®^*awäj‚lÜVxjl€€ž+ÜY€›0åJvLévÉ•Œ{‘«7VÂ’g%5û#·iT¨Ê¥—iƒϱ¸/§ôf: ÷éêòîê’>Zóšk“·¼<æpÊÃîÂp1ºàö6¶?þ6[̲Å|‰õïÇ~u³>ùûä#4dendstream -endobj -1107 0 obj<>/XObject<<>>>>>>endobj -1108 0 obj<>stream -x…VÛnÛ8}ÏW ü²-ÐÈ×ÄN>¸ÓHìl¤n·Øî-Q67©%©¸þû=CIi*X$q,q®gÎÌðß³1ð3¦ù„¦—”–g£hD³««hA³Åß'ø³’r,ôãÃîñ€ãÅ8ºhEg—Ѹ“ÁlÔ}´²ãÙ(ºê›}Ÿœ o®h2¢$G$—ó%YÐÅ›ôÕµ{mœÒ{:™Ú’åN“öIÚ×É?AwÊâıŒè|‘ÑÄ—•ƒ¯ S ç$„Š‚½à´‰ß5›€-6+vʼnŽÆ>Å^¹Ò2jßM.£óY»ƒ©‹Œ2CËÛÛA°ü†”OÆfÅ8˜£F,tOðm•Ì£TX™×œ¦c8ª0€³mŒFãù÷JE%vªP^!/ÔXål´õ*…-Tg¡6áz9©3*%€#YB0æÄìÌH§ó‹$² ‚׈›¢0GΩÁ 3|©Ìj4@Àzñ¶@±úÅ©me•ãˆsÀ¢@]¨BË6Á„˜™î/)@_:W—Ö±‡áÍ/»Ö¡ÒLO¦)õš@ùrî!A/Y‰bây¿þ¯þX=„´ÝèN–n׫MB;㺗ÓfoM]Q²Š“ÛÏ÷\ðÀóÖ3s€ÌÖZ3ÖG¥3sDw°^ÃÀ„H¥öèº -Ô¹ô|–*µÆ™­“VCUó"}ŒhY€>Zxõ„^zÓÀ -Ç¥81öó/­ó« ‚ûî ~{õÉÀ£Œ³ž×8Ì”o¯û¼Jšæli€,*U!lȘ1OØŠ\RÐS{×7ñ3^\©GmŽ¡ŠZ vÐ]ÅèŠ^è &}`Ž+wFTθZýw¦um5{9 |Y "ú -<ÇD–ÿð²Uä¹D»ŸpḔM„'Cï·lxx3¢+ž¢ãh6Ðùä"Zà?FÆ_ðówç;‚ß¡ÀeÉ…~ª–•±ÂžÂ¼uÔ—¬ˆñŽ†°Ò?²Rd€˜ïè${½qÞ2ñPÿ´ŠWª1-ãøóÝŠÀùx½Ýð"Ãàß>Ðí2AloÂ/ïÞ/)þ¼NVÅ[ÈØÞÝ-7×qI;¬ãOÛ/º^_Óf›ÐêÏuœÐzC«åÚç¡óÒiu³ô¾°E…÷@ƒ©‡É@KkAÐR:'ö Ó‚[ìã'ÿO"8ŠXKž·JCÀYn½DÅz!×:ÇHÖÀcãí¨Ê•Å`K2}|¶Dë{ -L´Ò™¢QÂhj,"òÐwÒS]E$÷oéN€3˜tÍ`ëùJŸƒ•§@ÚfÃVF¡-8ñà¥Yßm"¨0¯ -¬ùÛ·ß;KlT¬f¸Cˆ'm˜s×›¸½HS ²ŸEÕàEº =ÒñÀ«Qa${Yt´o¢G:uðу ×,…ïÌGmÐ[ ÌíxUQc^~-°€¿aä xTWˆÎî€ýýr$|ñx>ÅjàKÑù”©ËôfGãæø§Á‡Xœ[¦¸f͆x•šêãU»Šº(BvoxpEîWÞ‰¿7 ´c ¸ÙC,0•+Š›GCÍvjñí*WûÚ6c7\¸L.é){x³øq;ÃòbzÁéüßÍo6ŸEóK\IYx<åxVÉÙïgÿjendstream -endobj -1109 0 obj<>/XObject<<>>>>>>endobj -1110 0 obj<>stream -x½WËnÛH¼û+¼¬X”õ°äÈÁNœ…¯ã…ø2$‡ÒÄ$‡™!-éï·º‡ôƒJö¸6,Kä°U]Ý­ŸG:Åï„–Sš-(-NãSZ,ñ”æçK¼ŸâÏiÊåÆ|9‡7ÎÏé4î_Ü`r¶ˆ—ÝÑÙY<{1rö>>ëmÌñV¬_®Øby~ñ—9M&´Êââ|I«LîŸÒ*=¾µþ@ßmëÈ—IœÚ*§ÜšJµ§DSaSÕèŒLõÞ­~¿ &±u<ÖM.õæé«ûåÉÖ»1[*Æ^•‰& O¾§É<6šMb¼ÍŽWÚ74}kø”FSŽûø[[Q³Ñ”Ú²TUFQmª5]^ÿyõퟫoåΖrâøts}u»zu»­ÌŽ»‹é:§½m)³Õ ­uÞáo2wð¨èI&¼¾¶•×l¼â'­>ݯïÈÛ¼Ù*ÀoÈVJí½ZkòjÏ@E p9ÈܶU‘í¦4…r¯òú|{ÿ’N0Ñc~Ò‡ÒypzÉÚ릭kÀÔÖ{“ žºˆ…äÓllÛ{ÒU㌆ixbj½vOÚ yiap÷„½&å}[ꎬ÷zâ¢à,:]*£6gL"ŠÌ‘»0œrZy@½Ýì`*ÍzÄ”)8##õâH ÄgðP1¶¹qz ¶Ÿ¡‹YVHõ¹NjÇ! ÂwmQÖL`ykÝ#Š¡1—~¶ïO¨Ön£jOÉžà΢6Ö¤ÒL‡êW]¾M*˜{8†Sµì˜ã÷ç¨|MOF ú¦Î·*+¹òÖN•ñÃ;>=þò;¡ÎÂí¾ü^¨è.NݼlWÓ/zdÐ<ª£ÈX¨á fÁœzŠkÉo ·a‰J‡Œ¾Ñ‚v%Ö+®AU0xRu(BȥʨF¥}ÈwDë G×{’BÓ(_)QÓÝSšüD'Awž2]íEsQè)-jÝGH€bi*}>amÊ•53Ï C²¢)Ö¯ˆéÓF§ßÛ®¯8:x²õ’$W­\‰Ê]ÖÖ)g¤b¡$Uíû˜¥Ä) !ñ?pÜ¥ƒ¸#Sdx ·7äDà£B×äjw:‡)Àÿ¶ç -Me’õ‚'C)Õið¹™?7^2¬§Aœ€»É¨;$Xg†ç4g„Ïû_ÛWà™2äD¸¥LJ°ÀÚ{ZÜËYΑ%Æú‘÷h[ÁþÍõýêê–§&GG#óg©è? ?òè Xé"ÒÊ_É^` =·ž¯£™ö|HÖH3ÄSybf„ó¯&ßâDs¡µUŽÖ^eª^|Œg)%:UàYºÈª/š~¸‹.P§ªÔ „"Óü‹2T?·Žs…‰+> -]Êœ‘l ôÆà†L׶æv¡e1]Þv„‰Øx2ÜÌÑfŽ{1>¼“ñä÷è;’FâÅøÀ{4P+‘Á|‚ºl‹€‘6VæÝ-„3ö!zÔ Ñ),š9lK…'½C¼’§yëPTµe†[˜\a–n7&ÝH–²Ën¹©d¾­‹˜`•J^˜”³Í "0¢l6Áƒƒ[ªEa´¦~$õØ,»)ÿíñùž·>l|³)V»³øÿ±lQ÷– n—ô‘.nnú(°“…s»Ý.~õ7ÞïóX‚e9 ¦r…±‰4Ðù>Ò÷0R^¶åQßRâD|×a4«MòÍ'4xU¥ƒYc\”*ÞX¸‰F sIÈN ÚÆ–ïØŠá¾qªò‹îCï¶ÐÂÚš©LÕ( üÏÐ=M¦øvß ÈÃò(´È˜g™±Òª°â˜wÖÑÿKƒˆï÷„Ch?[ºýºBk“X)úIFs× °±| Y©î­ñF®<Ȫä!„óîûËdäÎgø–6‹—3.«û‹¿./èÎÙ)}¶)ÖMžg?:êŸ-OQ¾¯¿©Ì—óx¹À×7¾<™óé«ÕÑßGÿÓ}Åendstream -endobj -1111 0 obj<>/XObject<<>>>>>>endobj -1112 0 obj<>stream -x…WkO9ýί¸›/Ð y‘À~JWH[6 £•VBBž'qñØ©í!Í¿ßsíÉ£SZ„Âd|çžs|ùz4 >~4ÒhBEuÔïõé|<î i|1Åç!~¤yübt9êßúb8¹Ä{­×ÙÑÙ§1 ”Í‘dr1¥¬$$è÷)+Næ¢PZ…Í)YGë¥D_å…VҪĆŒ”%K¢(¤÷¤m!4yé^U‚pȈJ¢8ou”5‡§ùyí -ù!ûrÔ§î`„–²ò¤°ÆÈ‚_÷=z:¹·AþAa)©“+S’2A:T&=Y£7Z ‡,xH¥œ«Å›¦Zh­´&c ­íš‚sáÛÊ®­]å¢x!Q–(Ч9ÚQßЬ·Ö<}è5‡†€’¯ð zU¡ËBÔ^’sx|kKÒ9ë<)OKñªÌPó’? í¤(7äjcøoXYh0º<%_KžE•‹V©O' -È`"ÅïŽÏ­’ å6òÓÆ}ŸP«IÕB¡=ÍDX®­{Ú7K‰Î7˜JŠÐ\st®Û(åcDgnÃHJŽµ ZA¥@â”0B¯V¡ >0.sWûàÏø· ,i#1®Ò•õ^åZ6 2{æBéÙ(»}ÌhÄ탞&²Ä×9š==f¾œqó¹³¢,„GÜ4Ö”^†€NP9â*SXç@ÁÍ´˜`q Kb -ÄgÀöT¤»]5|9£ë]²ý³ÇTÕgTõ«ÔMâXxLçÎxp+Ö¤¡:(²‹ÜR©im=SåqT‘œgŸ.in²¬»£A¢i&À˜óª¾;dÕŸ<Ô)s˜që ÄðR¯¨{M×w>Þ>ü{û@ÏÏWŸ¯¯žŸ;=úÏÖä—¶Ö%-€9Jb$¶ÊÁ|˜J­~SGl +­-¦»xŒJkŽcHC¨$R|7€  (§µ,ÆZ•Â@UL¨ -Ö¨Œf¶e«¶ÄÚC51Zù £4Aôº\må9mWþ·U’¬œi!DT@@Ê5³*UµÂ7°ÐÈ VÄFDßÚù\Ät;=º›·ª†DgaøÁqÈ’µPÀU‚„欑]>I¾pjÅ¢;`ã;µX†½Bèš‹¯î åfÿ„Y)R‚‘Ó[çÍ­sÂÓÝóìê毻ÛûŒŽ?þ1Zã¶o°nvã™i ˜‡DŠ¥ëËÛyX³ÚŒg7˜bG¬Ê;ýE¥w£ëÉ2>áT Øçˆ×^òB൳fÑ& ªÛ6[ZSÇ‹òUÒ«ôñþ‘Câ«„c~/¬ƒN ¹Åщ¿3¦ÉÀ¾e¿SIÃ_(cB…« ÜhÃóF;ãVN¾*[ã6¦¼†;ï_†hqàÝéÂæk^Ô¶>ÛšTã?=º"SW9l£¸—!WÖŸe73 ¹´>ìäµµóÆÉ0…•5ªÐÞ¶X¦Ë7-<p!ßÉZ·Ò6óNÇ=Ö“f0‹«1ž’™à®=`±—Xn˜;ÖâUPd¤Ð×Z:,± /;Ta! é[™£B½„¡býŠ­½A¶è[¦-8… ¯*¥…ã hƒï÷c‰$Ük4'ö}¾9ÓÒðÎD0tU_ÔÁV°À]Ka”¯àmì9 O´1VT3ùm%…½s«‡Î~ì]ÅõR™2XHÒƒÖ`®5¦¶aoÈà„uº§T´@ƒ×ˆ7ÀŒ¡l6Êæ*uÙ>;‰4oV‘ˆ 7“vÑfgÞö˵©5b‰ÊxȸºâUXùÎg<¶EÞ}Úõ&9²Äb|5‰8ðEéšÄzØZ›vì®sÖ&/ÒÍìy7s¨ u7{o&‘œgŸ.Lð?Êň&ÓaZBâö@3g¿`ⶨww!¯»=Ðö/y/Ù/-ãé¸7\`£ÁãA¼mn³£Žþ DÅendstream -endobj -1113 0 obj<>/XObject<<>>>>>>endobj -1114 0 obj<>stream -x…W]oÛF|÷¯X(*‘dÙŽäi€8I MâÆj‹~9‘Gñb’ÇÜ‘’õï;»³Mž°½’Vš*g‹ªÖ ¥Ö‘¢Jy¿µ.‘³|ÿŒÆ³ ä‹0ÂÍÆk‰¦;J6•ÿUÛAìàD­Ü®×°kÊÚÊû¦4´²´5u6¡›TNn®ð €ß*-‚sGÎ;ë·J$ÿMoËRú Ùª6`µu™tÁè(7¥ž^¿~Ä#¿Óéʬ½ví¦uQÁåw›•‰Õ­a­æm)?ÛZ¿¦›šŒ§ÊzoV9³ä+›twˆÊm¹nóæ -[Ç™ò(HžÛ­>R”û ¶£ÈûHñ:vº~6à/e¬¥ v‡ñq1CÝ×…BŒøö6 -Äéë˜ØòWy_¢ðöT{X;^Ú{µð7éQ¦&¯vž"SnTn*u þ=£±¿–ú\ƒ0#Ô bdAôƒs:®óy]7¨Æi8nˆIlËTÚ >•åz+•ôdøÉ̓†½X¡ži,ðCz#ŒH¦6°¨ÄnÅÆÓý™z‹â {ëäw¾ÖÅý)­šš“0PàceÀ „웪²®–D¾>cÆÃÎ+VÒõcèK׳ ñ1|2 ÍQÔâÈLòü”©Y7NI_7SÔÄnCŸ’ÑùÞXg¿ÏSQaÑȱBã÷MÎ0œ.xÞ¶eÔŸÊõFçQ×–à„¢Ì¬³#èÒ6ëŒäpVÆÅ>²®ŒBÂJA*~‹¤¡ÅPsæFŸã„Þg:~ઋ´°ÈTÊÉýrï¡sʹw õ¹è2v»V_†…tZÕ­ Þ}ºÆ-9 ú{)ê|àðeëp|þr_:éA«Ÿq™mfdYA:å bæÙêô÷ý HŒ#îÒª9jöé:žÐrWÙÚßÉt^ÑÛ`ñMk±µs’?PÑ”¾vMÌtòE‹¾©œ»G@¯³ ª¹€1‘:­Ñþb¨ÐÍHq[rÅ'iËýÎÉ×OBÄ€<ýŸÁzuxœ%Aë—V\nß‹?Q·€D{ad‰6Foé?ý=4ìÖä9dŒ{ÁR“ ¦³ÂA4¼¢(±˜ 2y#¶1Èmk0\¶ÈrIW -4V`;¦$€Ter¡TÈA©xèA›ÛAõÝcLÙ|Vd4Ey4)ÔË0ë¨Um_œ^D+S žlÞtRÂÌZmÊ5¸ÅY¡ä ›Æ7-#XOZíòŸY樄®áª%lGÈCÛý›v€gKÈi»_´óΠ´œŽ-Aµ€óˆqf-ÄjêûDÈSóˆ™Á¨qÇ׈U„’ͱ֊> „¶Ó‡nÿ¸¹%< ¥žÝþ¡˜>Ô$’Õ9³C•l†.WSS…ñjxû^ê×ûÿ‰6·Ú>1WžÖfc}ø|Çxà µ €d<ÐÜaÆù¡Žò"³¾»y”=~×µ »_ äÏG?è ‡tKÊÁ¨ö¼'¡ˆ<§« -\À΄twlw£„‰]IcËtÜf&ÎD}Ãênyu—üÿ L+TœÉý ØicuäQ“”H·ºëG¨—H•Ø¼ÞŽgÆ@?2RÜvÆ¢ÑÍÒ óWá«ÏlŽ/gW4ŸÏ'W¼ÆܽûtýŽnýŒèƒ›;í ¥Ã…ñâìŸßëº\\Nó«ÐñsNçãò䯓ÿ¯rrendstream -endobj -1115 0 obj<>/XObject<<>>>>/Annots 487 0 R>>endobj -1116 0 obj<>stream -xWÛnÛF}×WLõˆiI–u `´Nb~°ëÚJƒ¢.‚¹”6&¹ wiEß3³”,1î%AJÜÛ9sfü­3 >þh2¤“1Åy§õi<šESM'xâ_¥)•£Ù _xq2D£—^ ‡'/š‚רßü¸ûØ™ £! N§0’Ó`2Åð)£ûÎÆãègrŽÇѤùÄo9àAÿ…¸ÞÍ;Ç—# hž"ÇñtBóDÜöi÷®RÚØš–ÚSו:6©Ñ Å6/k¯+2Ž -ë‘z¬Í“)–xúVkç]—lEÎä&S8婬ìB-² åZŽüJyüд²Î7V^Ï¿vút48Aó¤Û«Øã’¦'£ÈÇ%9]=™X»ˆÞ¯tüHÞâ+M&=°UÕEÁ±ðu¥ÊRWî ©"áƒÎ’J|"]øjC¦à»-ß•‹T–Ù5¥¤Èu¨(Î îÑCÓ«…öoHû8zxÍ&Ž/g¨y¨äÑ ƒDæ¨ÍÂëçB ¹Ð½»ZüsEsDN6pôö©vš¾¿¥üywõñþâî÷‹»‡‡ùõí¡É^D)·²u–ÐBsÉóÒ-^Q©œ[Û*át 5e+{eg¤u›xéL³WǨ¼Kë,Ût£sj©#A˜[£ݾGS¿VèÐñ­ÀìMá<Š -c¶j¹•âº|öôà^D¹zÔp{rª+è ÓX-¼Ü4KÊL¡Ù-í¬q$MQãv8Ø\ùW–@ŠÒ:g˜k;j2Ùج*^yBåÉÖx`æ’Š -•ã´e¿ò“’*Ps¾GJ.³]Ѐõ¼•6S‘ßrÐÔ³gô ßœ__tÙ:¿ýÓçå_`zì-È‚ÄÛB­‘8.>ßh¼±%Ž¯åNªàJ[$ÒÁúŽ¨.ùM©A•?¥MãW0ššï¨*‹¥“Lsµ;%¸u¨ÊGZnmÉKíÿ¹C}¾µ¯Eÿ³EòEfíc]ÒÑ5Í/îçï~ýÔî ÀÆ…Ú½Þ¢"¢ œC¼¬, 1Z)óîU¾P"B€Ÿõä3êcלwè¸Ì²è؃>ävZ(–*x¸ºeí©Ð: "“+Ç2º¨`ÿ£S[~…»È~ oPçÄ2Ea/h‰Î¦@¸ei¥ ‚ŽÙÏ -j¬(7|O@ñ-`þZC«šÙáXü‚MȤZ*S/L»4Λ,ûh¥”ÓÙ¶PAŒ 5R/I²å@‡@£•zBo£H{ Ñõ~Ç#ü'!òñå³0–•N5tEsO¾š‚žÑF»C>õ8Y]ˆŽH€<¶•Bê+ ÙD¨¨Ê×å±uph!A¿„ꆙ=‡B¢(\Œõ ,ÂL‘}R5êÍ3‹çfÀ³¹™`Þ3«¬Å•MÂxb~YÈ -7òóèÞ«óÃëªbdÈ°E¬‰­Y -1ìÀ\H›Úk•–ߎ4D˜ÛHÝ -Ò EÜ["0ZLñ¤2“ìR—$FZ4Ì¥Dt)<³vow‡–Ûí˜GÞÌÅ{à0˜Q;æÙsÑwM+Às;Ì…¸ÚÈ€Ü)`¬Jµ0™ñ <¯ 2GXÜZ®3ý¤3äºâ³¹Mxrp%VØÚ fWK·ì3wwë¬Q¶ý,{=:¿ù¾Úcûvv7¥>kÅÓèЗ›ù—kC¤›~Ù®=¦’ðf79x­yÃKš.õ«áèür~q'+j‚‚2wê²´U[xÃxÉÀCOÚ”‘` -q[³_/dˆm [ïG'£0‘ïEMÐò‚ äDt?ÖHš-ËrÅÍ%BB ÔÃpÖk'b.9B9¥­2ªá…‘C`®0icæF4&8wNššØàhèÏò‰ˆZuoXxÝ‚Ýx…yÈÂ-ý‹üŒlµ”•@F)/¹¥Õ‚ƒifÚŠµ±Ô WÖšŠý›[Ù€Ù çL­õmµ„}O+ïË·ÇÇ»(ÂS“Àvÿ9çÕg_¤Ã*•ØX¨Ï–ïEŸJÌ0þ)ß;ä÷…Á¿üLOèt: Kûýùõ»sº­ìWÞˆ>ظα.+ÿ|óh{áhÒŸîÆ£É(šŒ§ ¶âÁ„O_Ì;¿uþ EFendstream -endobj -1117 0 obj<>/XObject<<>>>>>>endobj -1118 0 obj<>stream -x­VÛrÛ6}÷Wì£<QâEûMMãif7mÔÉ‹_ Q“K€²õ÷9 ^LIé´Ö;AìžsvÞ„4Ç¿VÅKJË›y0§$Žƒ5%ë>Gø­%íýB<_|oa½¦yÐÿ©ø‚}á:ˆ{Œ$X´ ?lGðúìᎢ9m÷ˆd¹ZÓ6óëx’N>j'µpJèÓúªtf^,ié^LýléE¹œ¾ˆr'n·Ü0R¸j‘¦qDÀšlRgÝrBaØ-G«`ÉË[C*“Ú©ý‰\.éYžhßèÔ)£EA¥Ls¡•--™ýwBàÀœ!©Å® “UaN% yÇÛœ¦aÜF$, í1å«C€Œ#t635˜ª -‘^dü¸Es0ç6…9œÎ¨Ñ2H8‘¯lÉWQ*-ïyš뢔À¶¦h87RQT Äý]«×ÙÏJ7¯´}ÿyöñ3Ò9ªÚhN‚a¦` rd“0 þŽ¯C2—°H®±2óÊàˆkÑØftù“y¡] ¡™„^ ¦3ʱ¾[’É:O;/à ëÌ* [0H0¤_9ŠÓÊ´©•;‘©˜¨³sS£÷êÀ¤yTÚC/+eYHkÁhgV£Ï2L®{ßáÀÙ¢÷ {%Û†“ÔÙTFKœUeݢσx´ºˆî„öÑ ÍæŒÿÇ-ÅÁë,Au)f¦P©”宇í¤Þ] 8Q8YkD}„Ù  <:àÇiºÚE= -9mñ§ñ2X†KZDè,pØ¢}üVÉÓhAS´"_ËÞl¿ý‡ÑŠŒ)š=|¯Þ»ï•lØ+(H©¹ð.q¹²L“×GÔm9ÍÐ+}ÖLºt–ël{hÚ½3]ëŽÌ§h¹ò•ó†à¥<†/ÎcÀ‘ýG$ŽæÿÀÑ֢æù?Æ -)D3ڣ묃ðŽ¦qØ6§KŽÎ„aÝÙ)p"wFøÝ©” -e}E;Úd¸±Pˆ+]£‘Ù€äÁ× -3zÇGâ¤8ÂÁQøÔý„hõ8AØ}/L* -fˆ†OÿÔSÏÍ#í å. -Â%²êpvê°3¯ 2Y T¶ðísB¥(a¼rîÄiæʇ‹0·0$Úpe¬äFоÞûlòWÄMþDVµ9b~6¦eÜ߇ÉEÖÀÎÂq_¶”ÒÆa‚ÂçÎôÉv“©–m' .zÒ/Íc;|©é³tˆ‚±Q"(žy(!?«üdèé‡5¹¯25x'¼ÊÊFã'}HG%ÎÎ¥]ã§Ïhrâ&cgÛ×yZ’vmÒ”ûo×múÈßšó§Íûþ{Àè#+!b4úA'‚ev -É ô ©.¿`†Ç9ºSÅIaGKb/hÄÈÛ›¦¦§Iòt‹A”ª’Ón¸§žÑS $€ »ôÊ ÂÓ!V²V&{ºõ–&ï1öZv!ôžSy bâzÕía–€uÒ"‚ëXq¥G‹Ëeê å¸-\|‘¸•£¨SÜNîË‹p?À§A|žõ¾©¤²Aéå„ÇÇXŸµ&Už"±ãe6(ʼnv¨ CãáÈ¥Á gÖ%Tž¡VAq¾ÛÛ\UÀp/Rb¢éÑŽ–ºñ©ïPÈÙ&Í!³U'ò~t.CÔð@ÆP4S6­%~KabâÎÐÆùÒ(¹ùìÊf;ÊŸÑÝiGeá/N<£jùF([ß3ͳ‡õÛM6^«xÁ½êßÝ–“U¬–¸»óÖp͸¶7¿Þ|í:¨Gendstream -endobj -1119 0 obj<>/XObject<<>>>>>>endobj -1120 0 obj<>stream -xWÛnÛ8}ÏW Ú‡MZ¾Ä±îSÚl›n¶q±/y¡%Êf#‘.I%ñßïR”%ÚK.9·sÎÌøçÉ”&ø;¥åŒÎ”×'“lBóÙy6§ùj‰Ÿgøo%•áÅ V/_¬V4ÉÒ»Å/0¹<Ë.ÒÑyvÞ¿lÒ~IgÏVdzGÉb°Ýq<1²ù$[F«×ÝÀðøóœ¦SZ—Èo±ZÒºŽ'´ÎO¯/?‘( -+Sz›Ñ­Ò¹¤ÞSé¨nœ§¤me6¢ªÔhõ³‘ïI肶RKžZY ¥•êIT‹÷‡wë'Mϲüžî…õ*o*aIi/m)rØñ;Ilu-µ'Sâ&}¹IQ-ڡüÖÔ$HKÿhì=^i±•áÚ^Z·—¹W2¸½6Îï`ÕhÙ·œã2‹Î5lô“ÏèœoëÓÕÃÝ[U {èÙâ4”8V.&+Ì!xzTUÅN­ôÕpªt8tùíÏöÕ!E?[€{(Ú;©‘rãWÎMÀèQh†rS×%^¼ߡ~QZ”'ß)¤C6Þä¦"Uï«P2á•Ñ„²6Ày•¯½I6´¨åàÍ΀ñW$ˆ»¦z@ä9nHL0B`HL§s£½5U…ó›Ç5ð»þt3ô8Vªmccˆí%P«’.£5Ââ‰ïŽ?Cbݧcéó1’9Òþ”à˜‘wM¾ 7_-1gÛchÈO -é¼Ò1ŽŽ³´—B‚Æ5j\D`b‰s(Oéøã -ÿ€K4HW`¼*C%úÌc°w/ìVú£X2¶IÎCzPÀ¸l©õQh 76 -×bàtc(rUðÀjéwñ1A©£ïW7twú9w%¼ØZQS2|÷Ž±†9g+Ñ `ŠÑ±»qÅ_Á·2¨M'_'·A» wŸ0Û˜þáúµÈèk«öžqECW -Ë<Ü„„@Ð)?ïhFW‡?Ù‚¢uÛÐ:¡s_ãâ'á—å‡çÿ"ƒXi/ò{ û’fx®S‚î™Éè’Á|/&'º|ÙWÊ:>–vÈÞ5be§¿%… ¢4.­G Þw­žÆ+ÝÈŠUÈÄÕÅ#C>©0!ÀaÿÂÌ£¶÷FI½bb#Ñ°9ס*±©â¼žÒ ŸÇôèl{hi±ÃfÜ#ÌÇy>šñ¯4¼j[ætqž-Χ´X®²ÙEhâ·—×/yÉ -‰^™¼áÝ($ÊwGÓ>†®Îh´œ€y­j³a¾œgË>…òéßûk}òïÉÿØï®>endstream -endobj -1121 0 obj<>/XObject<<>>>>>>endobj -1122 0 obj<>stream -xWmoGþî_1"JTûàÀR¥•ì4N­Æ/‰òÅRµÜ-°ñ±{ÙÝ3æß÷™½àj”´‰dnvæ™gfžÙûvSÿch8¢duÔ&Úþ° |èÓYGgt:ãïx2ÂßVÒÆ}o~TÆÃxÅ•ñ*Ó—üøyå6îGãÒöbú‚çÞeŸÞÐtNqt:ÐXÎFš¦@Ÿ¦I—ª¯^O¿õédG#4ßç¹uúKmF‰YåÂWÆÏÞãWtžyiµðêI’ÔÞ*éhn,7Ʀ$ -¿Ä•ÀÆhVþrÐÙ~ì22ÍUŸZ9ÊR‘ÓZé™Òén)R³þAô kŠ|k»Ÿj›—¥qÞíoa¥Ú@s˜öFZ¬$ŠéLV|Ÿ›ýøetDÄ€œŸi G*¥tVåÑÐu–~mìc“SÜø­2j³ QLÛœ =œ9À@n7‰Éê#MŒö6Ov8þ¾'í“Jdí~Oïò”â˜Çᤜ‡“Á8Ì:øvš -ëä1I‘,ÉÌ ©9I+™,`®Jó­P¨žÏIäH(·JxL¶HT¦<7¼Ði=_ƒá&‡wkeâ³Mé0ðè$FÏÕ¢°2jŽGÑ)?¹òä–¦ÈRšIÒÆË´ \h ‚PU°€K:ß[ák±äÍ„3svLÓww½«»ÚçÆa†´0­Y NeY[ºRœq®€wÄD²:Q¹È˜!—Kñ¨ô‚ŒÎ6´Æ\# ØwÂnÚÙÜ‹ÕLк…Ç~±ˆ­U–‘HSú¨tñL®Èsc}Ð ùì¥fS°m×a:*JÉ­•G•”ž[á¼-ɱåVœ*†³à<ÉRveL#f™d×fæ…Ò»c‡Ä®ïé DŬÝHqu{†3`—çiŠ6pÒE45´àó~©š¹ªâÎ ð tņÊüµ”ið¬g¨C -H~¹×JÂ.@7£­r_‰Ç`¿BgÑCW•šÙ»<«ú¹KlÑ*¥†p3K½LÍð÷ßPJ9ÃVÛIè>¼Fhe$Tdž‹ s‹Ö͇>×ÜM8íEÆxCº’JGØma¤º¦å›RŒKâ œ1pž˜£è´æÂBú°8Ð>[~ÐÜòeõ;¥Þu€N3–à¬@ú¤Wgñ`µñ°4¡ëyx!n¹QÚ“òuO´QçTÕ%9#ôf·3VÐ 3ÛÀÇOÛN©¿ç†=æžÌ F1Y6꧈ÏuWº•Ibˈ³_/:}fÐ#üÌ…9ª½Ô´î4lýh&9nÃÞåŠÇ,|XðÃÓR^nÚÛÆQáªn¿;+û|òma\Þ^´&æÂÆ2ÇbfŠR6Ã(™­ÁÂr+ƒæ^ÄßÁ¿µYkzV™ÂýK:ºœ>ô*¡ôêúðºdÆóU„¦B¦cêÔÁØ;ÞæV_Í”)ðçûë‹V}Âá œßØ -+)ÊnDe (¨è¢œh®–|Nd–9T…n½W…Mpkú)2Ö¯­Øµ—i§7°a8DjV,@Œ«œäV§i¢N¾Ni‡J+1ÉúÊ‹B`¬8>{hÅ ÊT6 ‡ª De°LÂ{/-¹Ø—IŽ!Ÿ¯;ŠqE^bÀàr<¹X= ¿,±Æ#¿lÅlŒ¹} JØèÛŸC‡‚#Q†cñðüaû>‰¬`ö1aîÐq®^Àˆø$3|‹èª¼vò•µBï&Qùb n.^ÐtÞ¬ƒš -&Á™•ðÊÜÖöå"ãÛD½¶ü&/A¶Ã.OŠrÂ\—ûªÒ·íe:…ÁÜd™šBZž‘tÖàc\á0nCü°ÆeCþ.ܹ[o'ƒ³h‚·„ûüg­¾Öš—8-bôÛwÿú áúüÝW7ïoί߿í÷£_éžKhÃ/FÃe-´fä¸ ì˜×¤´^*^tÝ~¾{Ïóïå¸^ãÚN.,îÒVÛ·ëüBB?Äú6Lš@ÉNK¢»0ú­ÕŒÇ¢ÒœüQÝÛ8ÙIäÁ[Z‘½õ¸S2³@YKöš+Ñ’îøLÙçGÃ=¼ÏMðÑ»œT÷ŒxtÎb¼Ë£É,µ´{~}qNwÖ|Åe'áòs:‰GxŸ édÜÇËpÚ­8Ù¾gýàæ;ŸFc¼>ã½9íúìûýô诣ò××ÿendstream -endobj -1123 0 obj<>/XObject<<>>>>>>endobj -1124 0 obj<>stream -x•X]sÛ6|÷¯¸ñ“Ó‰hI¶%§“vÆNÜÖÓø£–2éC^ “€’õﻀ”BÏd¦MÆqe····wô÷£ ñgBó)Í(­ŽÆÉå%í¿˜5þgL³ËóäŒÎ/çø~r–ÌÉHÊqvŒ§û/ñìt6K.âÙ)ÎwGi6MÞ ?¿^þ1¦w´Ìi’œŸMjž\Ì.i™ù«Ç´LOhðß—‡§¿ÿ|zøüø~"§ßè¶vÒÔÒѽ¨$=I«Ë4öÍòn?§É„¯…ûGÓ¹³ÌNnÙB·eF+Iµv2#WG¢,é^ºëÛ‡U"-T--ÒX+‹08"•!½­©F4KÂR>&±Ò™Ð²P–øoMaÃ#üY2EV'©®ÁÇä4-?<žÞ>â u*œÒµ¥m!ÁÎdŠ?Àv”ìñ+Y¥j@1ÂiC[°™0|*9$=•.=-´u–´ÄG>Þ/(N¬„•‰´c:ˆ-¬Õ©LÈV¹‚$H àYf¤µI¼q:KÎ9£Î[ƒÀ†­jG:§´Få*õI y~ëQ†ú@Q¾>'{Ðá]áN(W%@Õ\I ÜÈT›ÌR¦¹nÔ½Q™$ʇ»2rnäv 3”kST¾Úw ú¢êLo-0+Yƒ³L6Ñ4ÈÔTj䀇q›¿¹Yi6*åÏÄ°º•Øy5I™É,¡«šä‹¨àÇs. -ÃÓ]ˆQ|¹k$G¯pÐV0˜=|+¡êAž¥^)c’&!ˆ:G:!V´ãn_C†#âC>ŽDÈÖÑjÇšf¢T½Æ¹Rë綡¯'%H âw¯ŒY -e}Cx”dÝV*…†}4µï&Ï|!6²ï+ß|hþP¿¼Ÿ¤¿ƒAG~ƒ˜F~o%z]†ÂpöP˜(5d†CFº‘u ÒaÃ'%z‰ñí¹‘6¡/…‚æ%(DŽ)€dƒçŒl ™š±š‚™9;<Ì«ÞYâ„Ïùx«ÍóÚè¶9FÏÒq(õ1"xH¡¸Ì#o-_/^íë‰äXhPddÕºö­Ç't>Hâð]‰;¼…`0mr;Žçd -¢hå¡6a³Œ”] Û¡CäñrÏÈ«Þ`„Q•0;ä|x¼’Ù(£ëŠ«éqÁ–¼P)ÍÈéÿ‹öä !uô õ³€m{j/7Tà\ ìU­Ð‹,O ‰>Þ¥þÖ{ÌZÖP-›®m!§T˜AoijA;}k!‚aC4ðOp”¡_žk‹¿®žnèîáãMã×7>… -6’¹¶³vÜòìt‚Bè0ۆʶЬ gtyXŸ¿ŸVÁ‡v¤ß)^3µîÑP|Þ@j£m  -¹ú£Ÿ7Oÿ€ã=??Vã ”ìö-÷à÷VÎ"’'øäÏ%àŽÇíš: -‡£æÀ$XñRA„ÆÀuã(ì«Ô5lo\y×»zéëmd…ÑßYÓ ; x+Ö-J -\Aõèo§S0 øpÌ ÜˆïÞ‚é.>sÉñ ,î®áˆÁ‚q˜ÿò@`‘ã¡ÐÍã ò}\@ú`_Oð·] «R¨¿i=´ŽÿYøÝ€Õ= CÖ©hl‹Ý¢õéÓ ú¤×°aÇ|Rõ3}Bè>øˆsë=¦!ª-¯VGÈž †qóù~D}óâ`“2dû™…à׸\¤r˜‡(­f÷3-& ,^ý/nîÖ>&…a<ŠôKàÍKZˆz[öøѾX«Ý ð=î ëÞ˜Dp ÀÈ^0.j–þ?!×ËAh(‘YZ†e¨«›Ï/„û‰øûÎFVè›T³¢^àÝû|ÉH—­Ÿ¿•dN”­0Ú~rlñ\1ø±*‡¼ÀLRÞ©ãó÷ L††ÁÂ';J~`‹þîûéïh‚1Ç;Æè û7o‹<7ºdïyÚÀvéÕ¿ßÕq|:çÃW¨ÍAÏ÷iKä«1«jÖe@)«6Ï¡^¨@f±"#<]È`Ü·ƒ‚Äõës µlà;ð ‡Oú/¯Ðø¯ÚšÇjG˜/#Ç…s8šŒG“ Â2Õ:^.n‡[# "I2ÇÆÌ;(½rXö8Çýjup(7ºòÙñ’ZBµ`’Ñ–0@5­5>ÀZ±.¼ï½6^)ÔÃ>û™j"UÝÊËÛcdžTè%‡D™óˆü‡ó´’¼«0,ìۼЀè`&þ`!øU GäK£hX-/[[jŸ¹¿Ü·§J8¼#… '£0ÒhÉþmæ‡êùÉk±íêvð>êT%GšËRìP<•ÈäW”Ð3ŽH`Uâ“qs¸MS¼¼…`YJýèaÓç—›°·à]¿VFcÊ î@Ø‹6`Ø”øÊPz˜B!ŒH!`,¸˜p¯ÇèÕCsYÈA§Á6JÞ=YoüzÄo2 -‹[\èù¶Ã®Šòƒâ<<®W/¶î8ŒÍ…¨VÃU‰W‚(Yñëçàùjˆ;Žvrß'3ü&âòŒfgÉtvÁN±¸º»¾¢G£}?ê/5‚,“:êÍÇømÃÏlè|~žÌñˆ1›Nøé›åÑ?Gÿ\¦Ÿendstream -endobj -1125 0 obj<>/XObject<<>>>>>>endobj -1126 0 obj<>stream -xXaOãHýί(…/Œ™$0!ŒV'w‘ ÑìV²têØí¤§ÛÛmr¿þ^uÛ$p×3·7Œ ±ÛÕU¯Þ«ªÎG}êá§O—:Rº9êuG#Ú_ì -z4àr1ºÄõËpØ‘•”]/°¼o,ÿ|wEý Zä°;áÌ?ïÑ"=Y¬%Ý?üíÛ|1§\òÓâ÷£ÏwÔï‡õgƒK¬Ç2åüsÂïÚÕ¢(vT˜TT2#¥éaNß•ÎÌÖÑlApÊXôà ›ˆÉÛ<¹ùš$ߧ³Ù"Iæ¿Í“‡óA’Ü>Mÿ1yš'ÉdqóÞ‡:ã[=:ëŸwìNjt%”vTÁýé#³ÌJçx¥¿µéZiIZl${°Uº†§¥PÖu‰ƒþàTƒÁÇ­*¥ÍÝ 4Y]O¿Í½ÙU†ýQ–J¯‚’u›Õƒa—á?™VTíJ•60šgG…z–_[§®ü~÷â|@gƒ/Ý~ã-jþÓ)wV­Ö%'iò‰úWW#zP©5Îä۲ݲæ¼{¹uüã} ‚Üâ¿ '6%â>ä’ü–;ï~'$ÝÑMÁQ•ŸèæEZZÜ<~ž>ÂiW‰ô™€lK«QìÍØýà³OÒ;J4ø;2ùAZ$øb˜Ÿ©Ù”u%-ÓÃEm¿Å_ýÊ.ÑÄ"kwäÖ¦.‰¤gYVd4Ø®eêEeЪe4 ž‚„Ù+ ‘M1·s𵂿E½Ñ€ª(Ìö- QÇSc¡†ÒÀpð0Ø@ý–¥­ZxEƒFÔæÞA'Ka½îÁQQ!\4P›+á: ¿Ë°Sç¸CéËSØÚçVRKëÕày†4eR›Jzº(;ä`&\Ý®9Ê×ð+£ã‰\JÀ–|Š&#êØ»ªÇ(‰J-!Œ­ªÖr»ÏèAh±»Ý׆áTlÖÆUq·˜¶¡d™<—6³cΛ|­¤v˜/ \ý>J6ê¸/ÇO“Ÿ¬¸ýöðõ—ÌlPKÿò“¥ÓÙÍý¯·ú…Ýf9üì…ëÉ_§³Žï“§Ùxñ3O&³Ûÿum’ô^µF¹ÑFŸ•VéÊÓ¼¥¹º,­’O±ˆb÷éÎ Œ­ ½kdŽî„Øæ?½qÚQ‡aî€EA©{£ÖùÅP:@o”Ò‚—"óbÇ~ìûUŠ#»t½ƒrQÕ©M1YlÜ<ä²7yJ˺âåhy–+·ÑhØ"‡ )Ûa•†ÍP(P\X?” U¸?/’CКø¼>8žÎñ!Ã:( «€”pΤ -U„ÃŽ"Ðz³ˆŠ2#S•«P[ör½áÞ%¥•£µÙþÐòÒbT\ ³Bôøô¢R`¼”kñ⧆ЩÓ‹²FsÝáÙÁ´(GÝæÈYúá·P³P7’€Ó)©Š®–Ø× ôÐ@—,#µÏŒã¥¼ï2¾›´Hø^lÅεŽ)QThW«5ïè© -¶D탛(÷[MÛµ ìßó’­¿(‰.ôç™2÷‰Û±¾:ÇÿYOa @áØžînÞF.4ãëE\ÒÄsÏ–ù\О½=SöU˧܋‚±˜xrŠü´xÐ-º¥QØ·,A¿ÎnΖ‚uÆHnt_G¢ §LnQ¨ᥦS„ \’yÄÅSž,<=¥bN˜(áÓøþûø7̧‡„*­ÁD"a£Jyäb|æ4W܉:Ëâ€ZPlùÕÀ¼6ƒòZã›ÄGô;x¦fÊB“êåÓÐ!f™¯Bì˜C-Gñ(ëe¡Òð|W¾†±Ô·sòû¨ð0êù½ÐhÍóà¡xRÉ©3«‹bÍ¡ìÍy/ç716CŒN&ÚæÁcct¸ x&*VŠpüx—OW§,ï[厳Ukì5œ$ÍöIâv®’›$Ik vºâQךÂÉ -š²•$…СC¦’„g´D¹wI¢±µ Ñzdã#Iƒ´•+ eáî\á$€Æzô–Ž&ÿÌÜ ÎŽg7áI=c‚Wåñ»!cõn‹” ¨³šð¢R|,i‰µ‹ypq¹æ¬ A+kêJªÌJ²¯]£¿;æöù—Ò¢Îâ2Ø7yOHo–·ð&þŸŠx§4½§ôßG‡‰Bsr³”Y˜Z£Qí¢„cƒ]8?\ˆX@‡ÇWÖ͵R>/XObject<<>>>>>>endobj -1128 0 obj<>stream -x•WïoÛ6ýž¿â|˜$²%;qR`’ØÝ $n«+ -h‰ŽÙJ¤*JNòßï%ù×â-]ÃfÈãÝ»wïŽ?Ž|êáŸOÀúgG=ïò’6Å~ôhÐ?÷®hp9Ä÷à"ð|*$-°¹‡ãëvs0ôúífh·R?¸zûþ•ï ÿ}â-OpykÛïã3~¾áJ÷c®(\ï ú]Àùó‹K -çq¸CÍ'E½­I›R”Êh* Ù\ÆjñJ‚–ò…V"­²)ð[}–J—J?Q¼…ˆKYx¿†ßŽztæ=ܲ1~hÂ%[LSó̆ä‹ÈòT’JÓÊ–…(¥%‘¦dT.¥•ØPJmáýpÈä¡uò{w>ð®ðÿÐ],•6mütòð8¦“ѧûZ–ϦøÎÑ ~ÐSaªüK£ÛwÇ5lóXä¹™$‡«?8^_´õåÄ,RÂf²²XÉâ=7}¶‘›¼JE±e®ŽagÁšªˆåOØö6©‰Ej‹Õ–-‡ÏÖo†F&2q„@vHé8­y(€Cëtr3þ}2ýûú.?N¯Ãñá“éíÝçшFQëaåÕÍ™ÛÊ6»äû¼M#rË—)—<[9B0K6ÝÏè‹Ò‰y¶4 i€ÞŠ~ôЄQµM4sg³sû!Š¾L¦Ó0Šf_gáø¾DÑèqò×øqEãÐÉùƇ3½ µïìκ9C“ºN’BZ”o–XuœÒÃL”ñŽæBÖ£ÉN5ÐüµN4·X1iÅvïF¥…@ó«â²âÌé­O)‘90gÊ€eKóì †·]ø&õJF3 <¸¾PO°‘x`ª0)Ñi^÷.~µ{òG¥ÐêÙJÝwé³V/Ý;¥«—}„»²Œ»kÙ݆ò 6 Ç}‚aMgtçÊ£NÙÛ4ˆE.æ*Uåën< -ƒßÄmeYå,f¢ýCÓÁ×ÔÍBÄÎò²X\ ¹ƒ„V=œœnå -ý£’(8v¦žYpžý€VÆ -Ó‰.e@íy© ÊÖé ¥Æb#$SYÞL>Íö.žš!½æ°‡q*“,;iDÅztM›}¸¨G™èP[jÌÒ¼€pÇàEhEAŸG{w­·D¿ºhÀÖÒ)v«±ŽÐNùàÇh«ù7;J`úc×òÆÇYW¦BI4‰i=á}{7ÇPFé2à¬/ ÍîMàÄ)ÕúÀÕuwß|GàHüyŒÄ!Û,].]ËÓPÊ·q{÷À`BóR¼e¦×:GP‹ÍÜ ÆKfÎm–›X絚n<=mÝ\«|£¥5Æíi ÅMqO#·ªÂÝþŸeq]{uZ œhÐD’)§¤öañ,©j¦ròê’Þªèbû½žßÅG°ÕÀ§7Ó}VF6™;70»õÔJ¶D›©™ÂI¯š„ÖÂzéþö£HQQO -ݺĂ(Z9ßçIªœŽÕ-§Ò—ÂbÀšžÔ -Ÿ0›Jf»Ñr'¹vs‹¹¨å'4kih"› Î6†xà h‚bè6“MUòà‹Xë ÏÀøΛ9~s5ýÇfsU¸^n5®ãÚŸ{¿ì½Ï΂sïï4d;hãY„ «ÊsS”ô}•n¾ÝmÛañÞä7Ð7cc}xWpn*¤f´oʹcÛñË&HÿâË>] {ÞU€ÇfÒ™]ßß\ÓCaœ`ŒL\qKrÌHœµGΆ=·w& ÞT¼N“NÐçãðèÏ£Õ ŒÉendstream -endobj -1129 0 obj<>/XObject<<>>>>>>endobj -1130 0 obj<>stream -xW]oÛ6}ϯ¸èS -8òGÛ°‡diÑëÇ`}É %щtE*ŽÿýÎ%)YQ ؆¥]DÞÏsνüu1¥ þÒrF× Êª‹I²ZÑéG½ÃÿLh±¼Nnh¾Zâï³9þZKÚâì·»íÙëÕé,ηGéÃ<™¶6Úßßm.ÆŸ&ô6[š&óë-àäf±¢MîMOh“]Rüç ´%Ûì÷¦vô'}5ï7?/&t5EÀ¸08'ëgYãØËËKÒûïŒ?Íi:e§WÁëÕlé½ÃÈ¡9œšÅS—½ûlëµKR–\!éá;‰<¯¥µd¶þ7?¾®ÉúH’péM—ìa_Ï“9‡ýÙ(­ÍÁ*½£m£3§ :§Ÿœ¡\îKs$ëDZJþÀ¶`a6 ð]êÜì 5ÞÜZT©x.ß[& ö|‹r:ádN"5ÏrD_ÖôCé±P%²BiiÑÀ²¥DŠª¦¯ÒÝ=|[“>>^ªD&ødã ÿ…¶¦& 1Òéu2c\ •Irǽ$¥Éìe-8ßÇ÷d4GƒÖ6û„nKkF$†r™å‹ÈUÒ&§ôH‡Be"@8¨p0;pïÄ‚Þ—!àx.‘W…,£˜Džˆ\çSêÕ#+•ÔnšI"K¥Ô´SÏø)¨×éωâ|eÿï/Ÿ¿­7k*yjöŽÔÜÂ|Ĩ-Ý;\Æ~Å‘œ5eÃ{uCºÌŒ›» xÐ>…LXÉ®jÎÎç­M?^eù¶r ¥ƒÄ'üéëÅïa$7Zríÿ½ÿ>H9œº„6Ü…x±®7]øÀ5w³4™(ÁêTK7¢F—LŸ¶6¸ßXtgK€°‹4°ãaè;–ZÚ„½m «\ãfÉsöµyV9â€Ïz’d™/‘±!ëJÑinD¦Òò8ÈVéŸ2c)óñDZ.T@ c•q²O-dz0õÈHÊex ­ $@¾£½¨fôñý°µ?|#_ŽÑÀ¥Ç-:‰Ü1TYq‡¸¬»Ê1‰d­ß–½k®è^dOÒYÊ„æÂÔ¦ñµrEcÃu Š5$Ò±ßòVßHdµA§ãõXÛzlA|ßÔ¬Š—× Ì#p/KŸ©à³crGn#±¬–€êV!_p;tÇÓ‹œ&È.Jχݕ/èbBßà Rv"bì[hEÏG€røbO©†ñ›J@ò^GX2@U<Ùi9« ¢„£ £[P'+3TÈñ;o<3ÚÕ¦dü#_ápÖóÀ§¶( HÆ.ƒÔ²WŸÿÙJ>^nX/ Â>ñY/…Эmmª–É÷ÓØjá$_²Bèß鳆ÝBjAb/ Pb”• MÇ †—å‘L긾qWûÌ9‘°,ÙvÓÍ݇¢EŒ²Ä„>z—ÓéÕô†0"ò×ß -YziêÆHE}L ü!ìeˆ»cp.\á„å¡Cw†ËZ‰ÁO."k µ+$(Ýìª0ÉQ8x¯ NX©¾‚FÎd¦$äiÁ!IZY¬X»|t]<@ãYD Éû—™˜"ʶÐ}îUµmY™|Ú(+KçˆÒ†Yiýòƒå¦íxª©*ô£u $zFxØ%†çž㹿«OS#ZiÅçV™[µkÂ62-)¤âé­¸ßcÔµ#-&´ËªŒ ÀcÊ~äDk^2Á)#(ì/ø:ˆ¿Lߣ<ÏvnX :úaÓVg¢¹~xaÅz#¥aüÅõ™ÇßÉp ŠÍcìQg…ÑÊúÑÉuîwÏj7"ñõvíl‹6Øxo¼ñÈͱUšpµi«J¹ï«ÔNnõ Hþü95”œîæo;ty­†¥Zþj˜/½¼BÖu—vŒAn·3˜´VùB€ùÝÖ›%3HÈÀ¹•<Á¹]Ø0ü˜«½¤¡à¸Ç};÷À ’ö0§ÂE)ö·üÍ$ÐXf.Ïž TR ~a$³6}Ü\ùßô§Û˜zµ8öx9UŽ®Xíƒ:¡ž5a"xn¢íSé´ÑŽü‹Àçý(·#¿þ¬…qàÖä1gº‡0âÝBÎðŽ]#BaÉ -µ<6BžHÊV\¥˜w~vDŸNfmUŸ¡ÐØÙGññˆwµb^Ž±œ H¯åðOoÏK¼oP%HœÑ^:ÇŸVñÎt§öêš“y2YÜðËi}ûå׆Nº7YS!-ÏO6{Õ^¹ZNðœþ_¯J~gþî9_Γ%Þçö1›³ë›‹.þÇoendstream -endobj -1131 0 obj<>/XObject<<>>>>/Annots 494 0 R>>endobj -1132 0 obj<>stream -x•XßoÛ6~Ï_qè“ÄŠå8þ1`É’¬š¤[\tòBK´ÍF"]‘ŠãýõûŽeGi±-œH&ï>Þ}÷Ý1ߎRà_J“!)+ÉoÚ??JÃd@£ÉY2¦’ÒÑ8™5O=>ãÛÙ«ÂZþvL§°?ª›ÆªI’Òh:ÁïÃQrN•¤åQšŒh˜’!¼L‡íƒw‚§t6ÃgIÞø«Ëy2œœÞÌ(Ð|‰³§)Ís¤ͳÞí}Q:7[KVfu¥ÜŽÌÆ)£- ÓÚlÉÊŒ^ªU d¢\ˆãù×£õ‡`˜ç½¥©°[–…´–”vrU 6ÁËNo>Ùy8A<°áÀkV(©¥R쨶’¤ÎªÝÆÉœ6ÂÚ­©r±x¨™% ÊÖ¢(¤–+yZI»PI¢vkXQ™wK¥ÉeÑ`LÏB¸|ì‰ä) ÝÍ?Þ>§ÇТ0ZžðoY!EEN¾8²®RzeÉŸJ•›B¶Ph!,½v—ÐlZ›ºÈi!‘=Q¨dÞñïÖÂÑV¹5*=Ü^Ò¦2Îd¦ð/âaIñY-{1ψ°XK‡8<‘Än¼Rš6…À§G ìmÈNhQ;ÒÆu|/ Üò³¢|¯J~«¥³I³m8iý‚˜î·A@>Àä -h_Â6ηF¦Òïr²Â‚ÅÎ;Åbà¶ÆÍÖÐVìì/ìåÖ~/4Ý^ØØšSΨ?ß}øíþê:>¶Ñ -¹Jh¾†uüÒf«™/¼énîmøcÞd û“5òƒÃñ„Øûž¤þË~$ÍVZ_02@R˜œ¨‰z³Á©20âÄ— -\"3"Ï9wÈ\UƒŽai:B$œ´ ЀšñòžN²Ìj¶áÉr6òÁï>üÈì¯D†à†ò´›B9²–>¢çcZàÕÕõ=É<˜uŠeO÷®+•½£©÷AÏ¢¨%#dÛºp¨JaŽ‘ûjZú(ô­Ð?lLâwbÛN“tFýóa2åðÿmêX7•\2ÙÏÛ§¦ðé:h”„Ï Qðäwœë÷÷_æ÷Ȥ c©ñøJbæÒ UXÂ;Æ«´–U'Ä\M\âÍëù@•fç(OÙmŸUÆÈž(=¡ƒ ¨`½Pž%/žÍ A“ßl?CB‹®*yÅ eÍ¢ÅinùÖU™‹¢Ø»ÄÂ0¾ø–«õZB[lÚDnõ&ô5ÐÔ)‰žQÃ;„q)À®&8ʽÏP0‚y\ye6æNÔ­”öŠÚh–{‘P9¤•U6P©tÍ4ÃS€G²z1â„z-ÎÉrƒ¶Áuˆãòìe“W -P©ºaÆkeòèd~â·„#€î}iXÊ"x²°ékµå£¡ ‰l o™Ù a‘Šñ‹Ð#¯<ô[•UÆš¥c*#n¢¼O:³ÀcC8ŽX3Å‘b¯ì?zlû@t %(c)ú¹Ä–UŠ]Wr¥ D;ø®Ð|qAá"8㣢rÏÌÖ[‹¢Ûm6œyBf¸ÎBOò^E{¤†t˜ÆJB€TÉ„M_+´D!“ -Á­diðÕë¢èœšË‘ ]°\Û ÷¸%> œBW¥•“ÅÎ[´2&'•KÁb¢øt§ˆZçèt¶ÎÖ˜0ü Ó%Ç©•ËymsL@e1N€Ý¾Ûø @T¦ÆPÆéSÖÖ^/âø6{i\ì[ärÑÈo—Ö<ÜE–ÀÈ…*ª@“R9¯üp‚Ž™Ç•&¸>“¡f¦×iñg<½ÐŒç>L²gCt÷ódŠŸÐ}vë';*äsÔzôkÓˆ‡aSÏ‘AµZK˜ 1ûÞõÓ&âÚp&à\¶b†ÛÀ=HiÓÝ}¸[M¨ær„£Â˜§zÓ.Œ³È,xbäâ)L&ºêow2F"ËVÌ_t)3O<îüµÏËÏ3·Fcô…Üh|àúœ†Ýg;qcŽžÞ ›±§OСn›‚ý ÔÛÓK¢Â¸‡H•†¤KŒ&]¿ÞÉžPh¾þ á„õ¥ÃîR<µbRª–OŽN‹;ÎG‡U©Ñrd‚Õ¯;Àð‘¸Ï‹ö³/d¥QmNhRÛø?øûÝøÅbù™ø•µu\¼VúáŒëµ/ª¬KÒu¹`ÔË}™Jý¬¢íZeë¶qLN‹Ex9Ü£ ²œýŽ« +$«|#–1„æð÷L­ð -Ÿ«@,?2Æ ðü5ì±÷xì£ÁA ZBÅ€ìKðB°0 •†I® Îv®oÚzv4è/|¸Ob¨«LÙæ–³£no–%™GU¶æüXáÁ)H_ü}Õ«Ïž åS‡fù²vþþÈt ïâ Ú ì¬™Ü1½4âæÈsÿ@ñ¢Q äØAèm.vý{ÌÚ7S_fÊ…Ò/nrÇdN›´§cÜë§g4O“ÁøœUóáâöò‚>Uæ+æº2Y]BÚ{v?néOÝWwìÿq³÷uö£»üh2J&cü ƒíÏ9 ×ó£?Žþhs—fendstream -endobj -1133 0 obj<>/XObject<<>>>>/Annots 499 0 R>>endobj -1134 0 obj<>stream -xÅW]oG}çW\ùÉšÏWòƒ'­¥Ú¤5VT©’5ì0βCffÁüûž;3 fƒª*RÕ$&à¹çž{îå[«KüíÒ¨Gý”²U«“t(MûxŒGxíáÇHšãÁxL‡³À‡ ÓA2ŠGûä_ŸíÀlR¿Ä³ƒn'¹üwfûîþè Mº'ÍþñKkÐï&Ê£^’†=†L†ÉŸôq*å÷ñÁ‰è†Ã}"ûœo¦­‹Oêvi:LéxDÓÜ'Ö¡iv>]JšIëH¯Ò%9M"Ç{R–ßËRÌ -I¶Z¯µq4׿ÊÌnídNkaíV›ÜÒv)°ÜHCb5|»²2OöñDùÓô¥Õ¡v·ŸôÀ¹[))Óå\-*#¼ïµ¶VÍT¡œ’Öûªýêù)·?³Í‹O—Ô„äÚJX²’îé‹*s½µô0%aI”$*·”¥SYph¥AÈÁÊ¢v!2Hb%ÝRç¤Ê.6 -×OŽui añ/æº(ôV• b®HcqÅ?³«YÂYÒ\2Ü¡KŽeï÷¨Ý&cüÿD„ßà{EJ[#¿=meVåvtE‡|éƹºZñŽŸ=Hws7y|.ô³ž?¾ýpvŒF»räƒõ°Ä‚’ÛjÚŠ‡Aå ë|Ç € @ŸRjG‚™`Ø*p ²S÷-mD¡òx:¡I)ù‚‡ºÎ8rÆÈu±°`á*2Æè \ç\^`‡Š4ê¼’ÖŠ…/Ñ>¼÷µÑ>Lïì¥B pxÒÄé\&Ñ{/Eã…Ä l*Ûƒ#&Nò‡c&só01DæðF„ÆÙÊHa™>¡U¶ª(PøÆ•FÆÍš šéEå{ë€hýËýaÎC Œ\i‡þõDG<ªðmmä‹ô¡y¬½©†çïK…èÐ@øW€ß%ðßÈ}ö±üu__ÔP¤½| Z@V!${rÃy¡³¯¤+Td_`P&訲Z͘Yh'¤Âu?nháœ\­£¯Y#mU@ÎJOCbÓ°l›Õ}‚bxò¼©iÃx®ÁJ#¿U -ŠÆÔÁ«†x">뀗09=•ê•D–éª Eg UÃŒƒéø¨‘oXagÆÁ!)X]ˆ)LzÁL™í(d*ß*[V( ÙœTÂ{ñUF¢ ¨Y ß±èãžœ¹^iðíØø'MôzˆÑááûN ÿ71<$rB 1¶¾.Œ®Ö,ƒ^›=`—¼ž¸UÓµî§+zw ÔI¹äú×àœ½;Ã0\T+..ê|Ö0yH› ¾cý(Å)ðB e˜K!@–g0vÐ `¶`npJ”‚ɱ€¾‰#ƒ a®¡²[J±éaÚl‹;”Õäð“ß38NDe ½å cQcJ)±àñ‹†qv|<ˆDã ©ýt‹Zï#„ª‡ÙjýäÄv×®ÕxrÊö÷àT–UŸ£x x\¬)9ăV"èàãŽm@ù6?Ðŧ,.TíQ2îR½ÔüÕKGtÌÿ|õƒ|uï‰×,Dô›*«W²; Í"ùŠ1îê aÍŸöO‘œÚ†0ŸŸ®ï?Rû…n'÷×wþcðx–»üüD<íÞ8é^pü¯uéätVljÁä­xü—Y x]Š%Š?“Sðñúþæš>íŽ[yéó‹ûl×7Ú£–âØÜ#|{KñµŽo÷R6úqÚú½õ7 =iCendstream -endobj -1135 0 obj<>/XObject<<>>>>>>endobj -1136 0 obj<>stream -xVkoÛ6ýž_q‘îCT’%9–Ü-Òç>4I·¸(†vhŠŽÙJ¤+Jqýïwøíxq‹.d%&ïóœsï—“”FøM©È(ŸoNFqYÒîÑÞâÏ&qNã²À{šgñµ‚8<Âõíc8<*ã4Îp!}Èn6)âi8Š×b8ûÙìlºá;fÓ³4³ùn}#ÚtœÅåa´Ïf'É«)¥cš-PŸI‰—Êe:¢ü\«…¼íaõ†5sFÌSÄún)T'9ë¤VdD{'ÚŸgŸ`jLiêMEYSgKi¨Ñ• ½8¼X‰†©ÊP·dnæ8§ì;½SòkòFªþ+™éDCsÝ-‰¹/Èt›Zã\÷ªCXÖûˆ¢43ëu-ê:kšùŠ³®!·ZèÖÙïvL³àið1XäH±ÔšÉ -û¥—-ÞQ­êµqàT(ÞnVÎ8‡º­h-ìÀYå<ß\>#^K„rPŒ8Ë&hè¶n¢[j¸Wwº¾¨}UIWrÔÒÖh¡ëZ¯¥º…Ç–5¢-ª©ÝwÈ;æh-d-žúîŒhj›ÌäEÙY\âÎ=¢U-˜Hs!PoÂ÷üí‹çôûõûÙ5ñ%Cz-ÕÌ>¥¢¡ Q0ÓÙvs„%¸ ÔV»Ñhl%:&ëmŸÂ·µž³úïC~BE·õ4tN‰C#Ãi#xßÊnƒC¶¹GlVºa½Ö·Z}ÛÞ/ë×7T‹;Q[øæ9 é ËVpÝ4BU¢:âJ›p÷WÙ,'¶V®^ÎÞ\¿¾¾:–ûŠíç”݈õ’µ"‘*±½L<Žøl«<@ÏiãKµce4t¾p@¨pŠnzZX®zÌkÝ~ÞòÍSp ‡ÂòV[ls¸´ ·ãKWü'–' ‡o†I/oè½T•^ºš%ÙZØà¾TÂór‡nÓµ=ï¬ ¹º{&:Æ8ñÚ*Né¹óÝw Ùem˜uáÜj‡Ÿ†mhÕê; b´DÉ©Ûy§¡f©ûºÚKõ0¼{*eAaUí Y4ºÍ -šé dÙ ‡\T6+[ WFKe+°^×B†ÇX;àþ‘KÚ@‘¡d˜Ì™YRTQb3IN-duJQCÃû]àáÎTÐÊïœ#z©¬¼µÊ -=¥_Wëß‚Ñâ;£; ŽØ÷B8nz×ë-Ž§Žïa‰.=ŒèÂ×ñ8 ÿ=Û›­¾;q_c¾…‘Ä9õ¶£‚x@W»ÖŠ&ÈŸÿQÌŠyÅDc‡JÐï‹áÿîï‚ÕÛ6¸w‰ê1dNuþQ˜§?þ4ø=ÖáèGîÜk …Ñ=oÖ•k&þCØì#vÌ@d°Eðº7ØèDáõÐÏšÀA[êE-¾Ê9†|#„Z£W¢…Ò@YâØ•‹Ü«o:Ð.bµV"¬$Ñ•&³\‚uÌO$ôÓª ë þcáÐAÆîiƒ‰iϨÍ2ÚÛ1@*¬=˜ «ëÙV>”èœpºã‘\˜'. Kï 7NçÂê|áßÌ› ‡à y ©ÙÐ;˜÷&1ö#È~Ã>»UÃëØö˜áo¬—" oXnP¤Ž:8Û»d“1Ûô_€-«^TÄeJùÔ÷ñ#6]·$¯Êp Í˸œæ4çq1uÛÍÍÅå³ zÛêOÐXz¡yAê¸2§Ø‘GeNQ1ÂÆâô#{è¸ÇÅë½½›ÖäËÙÉ'ÿX²ŒXendstream -endobj -1137 0 obj<>/XObject<<>>>>>>endobj -1138 0 obj<>stream -x1OÃ0…÷üŠË׎ƒíŽ)…­TK,,®ã@ªÄŽSàßsnʈ„,ßpwᄃ÷Q0 øÈ -¸;”P‚c­•ÄZáºb«‹õC Œîò®Pt ¸O)h»j<ìðÒû6|N𨓯uêÉÙ9öéÚ0šÞÃèÆ£‹äFŸð ½,%QÙ‹nW¯•°Lq—aÉ8©ò’Ì\ô&õg)€ù‹½[wÁ§†áŸXu5Ÿ"jÃß.àC³ß6ðÃÉÙ»`çÑù„.‚Ï~K&01Å¡”t“"¶ëßfŒï`Æ£3e§fNï(ëíEˆñij‹Y_ËšH¡–*•[÷ºx.~ ÆrPendstream -endobj -1139 0 obj<>/XObject<<>>>>>>endobj -1140 0 obj<>stream -x•WÛn7}÷W àU€du·ä}HÒø©\X}3àR»”ĆK*$ײòõ=Ã]j×òºMe@²¸s=sf†úv1¦þÆ´˜ÐôŠòòb”-—Ô¾¹-¾Œh2]d×4[.ðÿx>ËÆä$m <¢ùßš'³i6­Ÿ|\ñCØ>½ÁÒðæš&#Zmàòj±¤UŸã$|²f£¶•SfK·¾ÐÆ:*”N­« Â;åÒ'´>¾Yý}1¢w“L JaÄ¢ -;¨\e ‹°¿ñ¢ö÷n:Ë&,~'ʵ a -vSKÍh©Êµtd7ô§QOä>ÈÒÓý@nßÓ]eèÎjᔿ󖄧ƒÔš?=áõñî7ÚˆRécôõ»2ÕÓ[2ö@UPZ}—,Ùä1žÖ¡Ýêj»k-éó\è‹-*-Ù9b¾Ã9l„#K{gU! ¸œA€¸`Æ:õ="ãpÒÛÊåçžs d­&/ݣʥÏèÖ)Tö9!ÅO‹*g`DãTÈ\y>‚Xå‚AA:H°V®‘£½ðþ`]q–s!‚X (ßêb€`±ƒ¡ ù0jEáM*Ól¥ Pí[¥ÀDŽ1â£A€0|¤£‰­¨a؉pÂÍˬ ‰S©-wU¾C²ùΙƱ2V#Å×"yÏŠ'§Â¿¯œ§IÛ­jˆzÊíí¹P//¤Ý¡×Ú$¥<³ýÉU{‡;-æP€]‚J™ï„Q¾¬!BÿFæ!òEJ`µimœeiI•)¤ÓGôoã#¹}Þ—ÃçœTfãºܪœíò·q ­¥‚u0qçlµÝ‘5< --RãtΖ2cÕúY´Áý Óµà÷úH²P‡Ž2…B#UBGû KØ¥-F -"QæU§ç =Çy€6Vk{ˆ®€µ!ù$Êý¿$R ûøq‚¦îi†"£Õ˜%{;YºÛ=·«§µ”‘*“۲İä¬<s±sÄx -hä80ÊT DþÕFì‘3TµIŒç8rê„Àt ¿©4¤8©fPœ1isb¬ÑgïyfóPAwœäÀh-y p@ØBŒš1„­’,–‚|Êå>D -æ0ƒºÙçÔèä½åÃþP¬3ßÈ$Š bÁ†7#ºæE0ÎfÓ öË<[âëàògóÝ8¥Œ°!ã9 —‘´‰±mYâÜá”ÿŠ9ÿ’†ë¹‰³ïÜÔy53®HGœClC±I„Sl"úuccD/•/ãÆHž(Í×g¾ «Úÿ·nM?tSóâ¸K¡ôKÍ ¹©y°;´,æg°!ô<·• »›WAvÜUÊ÷Ïôú“µ…yý¥W_©ú5/A†®nXsuzðåi—ÖŽûÜæ«3U îøëô °´ ø3ÔÛMŒŽ¨e?Ñ(<¿Ñ…öàã«Øɽyœ)e}áyeùºð:ÄÀP¯Ças]P&×U!›ùZ_þDõ2CtýÉÓzz‘jùvðÀx17Iœ²¯Ï´*UHBqØwªÍJ&ß?0]£&8düó3¬³ÖUŸ•nqb,[ì¶n4lYãò§{ ²'£¶‹›ŒœµÁ~m“b+'ëé¨ÇJ!Mûœ5”÷wIB†Ïš¾mŽz¬ì¥rkt'«ÅXêö{ÝÊi´$¶j¥Ë×-±´]ôÖK=à[ ¿ÃÝüTÕ:– -wú6É+Ò<¶ÏÙ¯.D·D1£Ò†¢•ê±âD¡ªä:âR®¹ñNJ|Ʊ0?küz¬vRòÜŒ)µ‰‡mFõe¢=VpCwqõ%t™d5ÅXšÙÔ˜Þ,›kj÷ù2›Ž¦¼ÿ>ýŸ_m|xå—Úl1ËWøáÉF'×ýçÕÅÿkqÂendstream -endobj -1141 0 obj<>/XObject<<>>>>/Annots 502 0 R>>endobj -1142 0 obj<>stream -xÕXÛnÛF}÷W Pq‹º_ Òê"­Õ·íŠ\Š›\f—”¬~}Ïì’"Eˉš¢@›¾ˆËÙ¹œ9sÆŸ®Æ4Âÿ1-'4]P˜]‚ÕŠÚ/f‹_F4[-ƒ¹û:¢å -?I1ÎŽh:_Ó³O&ãq°Â“Up{ún Fõ—Úþí2XÔF&0ÚXïžüõÇ«Ù"ÓtL(£ñ|„{Ý/)=\½Z_ ßÌh<¦uŒ€«%­#wψÖáõ:¿:Mõ^å[’"+RþÄP‰'©Þªœ -£·Fd¸¼HE(­{TYI:v?~·þ€;,wÇu!²ß‹}´ ¬öOšÛ¯)ÓQóûD… Á‚3ŇF4Oáþ:º¶[ÊŒ -aí^›ˆ"QŠÀmï¯{ eݹ¨wÑ ;jéýEG·FWEïäûïh¯ÊÄ…ì9½¤§ÀföíLNç‘mD¦ê¼*÷¹¾W¡ÑVÇ%Ý¿ž‘ÌCs(JsÄ~tnO„M¤ h(ÛÚÅ϶Ô¯¡¤Hó$K•5ÃT‡"ZvjXµ¥Ö±ìŸäùÙ ¸Úx#ϾL@|9µqݾDÏ_L‘,d1huîJâÒØË„b4g©,Ž1¬º2ô[®‡?©¼z$7N–ì{òù*ÖXFZÑ;!±›C]Ì4ö¼A¢MáCŠœš€Þ–Šœ6’B*õl!C82ÔÈ'gÞô ŒÁAÇ5¢í1]p¬M&s2Už³%—œÖŸm:µÀ-VÛÊÔ÷µÖlhTQông@ -†,f>ŸuæO­ºþ¯kÞ÷Íç솬”®f‘«¶<ÀÂ1â3>ZT.”høcoõÍGÊÈ?4ÌäÂ&ÿ"EÊ–Fm*NOÐø|Ë´8fÓ &ó`…ïà o¾}ww?#>Æiï»ÏLð ó «…âIóÇš/¤Ù©Ðe´k¢gRT ”Î?#?U#j>ê„ *¡\G2‡¾‘0ÔU^6¿Âè˜AûÏŒi»6s¹'í”Bâ}=–î;êÁÍÙN)´pBŸ)ƒ5šR…U* =íóHÆ¢JÑ} â˜gQ‰fT'—àü@ûWaäØó+`t’òaª6C+Ãʨòàz§Ž„ò -Sÿc(òÑD…Œ<® m;+éžµÌ.´vó¤]h§1‹æ¾Ô Ë=ÅÛ[?RZÈ5ˆqŸ]£`΂¼Á²™ˆÀgšCæqâµÓWîpŽç¤Œ -ÉÕ¶IL-|˜ 0ªTè8% ‡ -"  ¹-žF$R°F†»“ ²K^…šÈ#Ú»ÓeRY¼y×Pk‡ô[7›\¢±œñ0ùTÙz õnø?⾎ö"½Pÿ-˜? ðªïûš*àO¿Ô?ëR¾t,ëÄòQ„âŠÁ]°R&2Êf5`h‡ÓBc¤l0+ÆØ©zذ•NSvPÉúJ@çžák™U&Pä[ˆoíŸËDzÙ&¼lpŽ:z—J^ŒŒ¡që7N¥§×}Nv¦F½†œQ‘„ß©…ù­0Nr zÙ†ÖE!6*Å\Ázƒ ‰Ç”sQ¹ Ó‰Tæ;etÎÝ®3Y*¾ó¨ŠšLzé‚÷…k’×[\š3«Æ1{¢ô4àØ z¯–54ŠÐí ‚˜ PÈΑR Åó¼h~ÎY&:"æMËáB&Ào;­O½Ñ¼gÞä¹@Ô1æ?”Z¡Ì"Ê眾£;(` ‰£m…b  -©Š™¢J7Nv÷{:ï%%y=5 öŽc Ѫyyñh/ ¶x&¿®$\ä'£¸2€†¡D¦E\ÁV;× zKcì㼘¦³`Æóu#SÁ¿w']æëÞL-¼2á?ÔòHز*e7 ÈÍ^!z#Eªþ„€2:ƒ³M´Ø;6*¯Å|ü·öŸïM»™à°=Y Óèôl§Œ=äái\×Xôy?Hʲx9º›—6Û¡ÛÂÕq¨‘D×oReîî8Ñ 4= Z¹À$»iÕ¿‡ÚðͪީƋe0ZMi±œË[W‚‡»ûWwôÎèX'èuwIa_Í+ƒåû×J6[΂å;â£S·Rü°¾úåê/E°7endstream -endobj -1143 0 obj<>/XObject<<>>>>/Annots 507 0 R>>endobj -1144 0 obj<>stream -xUM“â6½ó+ú¦*̇ ›ÊÉdrɤ6ª½Ì¥‘e¬,9’<,ÿ>O¶™&‡5ÔÈ­î~ïõkóÏ(¥>)åsZd$êÑ,™Q¶Ü$kZ®sü?ÇŸ“TÆ®¾ýõÛ(ÍÉ’V›<ɨ¦׳á¤i7º>×4Ÿm’ÅUôúŒh6K6×Ñ,KrZ¥kÔ¯i1›Ç>Ý)V¾>#ºJñ*zuF•o¢WgDóü¦r¼»\­>’ܦÏKJSÚ—Ð+[ç´/:5f´ãÖK7mØû“uøÀ^R¨8`C¬½¥ƒ$Ü+èpÆYÓçí ½Žåñý®LûíõøÄPºqöè¸öĦ n­eOh_)ÿ°ÿ:šÑ$]$s@³slŽ²–¦ïTñJ° J´š>ScC rñÆ&ðQz¶Æ 9©Pd‡‹lI/J8ëmh+‚B¡'å¤Öïºî¤{SBÿöiäÊ–ìˆ=ÜR´H·&–<©Bš1 ÎßÄ-:àëXQp\–J$±ÃôyC)”OKŒ £N¿XSªcëú”Ø­>$û¬ïƒ™Ì£ ‘µ¯$´TQE²M‡æ* CÑ؃„@\³Nu¨;ax«µ=)sŒEJgëN(k&ZI•Ô ®8<ü0’ïív_¶ûŸéæYOç ÈÓŽëcµæ±xäÉÁ/–¤áƒ–9|Û4Öˆ¬™PO»Úyp<™ÄéMþVƒñëêè®eC€ßÐ&8«8ÿœ*‰q8cÃÌW¶Õƒ:ÿ¨(„m£‹àI/½Ó­ÙÀNóŠÎ'pÌ ^!Knu€åáGeÝ]SU,CÇ3Ê(´„y‚ü†·þ°Žm‘¡ŽÆB&6x2BîG< ýÓCw{áYŸøì‡rþÄ]gø%› 'K#ܹ µ_sO?ÓùB÷$ûØ4:¸¶E«ã:_fÛ5¨¢±ÄS¸°Á¢ƒá­µåk,‘,àÛZƒÀŠðîy¾<¾½ Ç̺-Ãn]ÌøÔÏéSÌž>¯.Þúï½_cû›ëáfšá'b½ ù2¾¡±v»íËã–>;ûï z²¢þèÖ6fN. “|¶ù_˽̗Iž­ñB@õE‹üºý9ú™7 0endstream -endobj -1145 0 obj<>/XObject<<>>>>/Annots 514 0 R>>endobj -1146 0 obj<>stream -x­WßoÛ6~÷_q@æ¶bÉvìè€d×<ÃÅ0ï’h›­Dz"e×ÿý¾#%ÙÑ æN$ïÇwwß]þÄ4ÁOL‹„¦·”•ƒI4Á›îëןø ÍçqtK%ͦѬy(èipõXRÇÑüê0YL£˜f‹WJšNn»'¾zýŒÓÙ¾7MÆ›Ç$îÇÚ$%v -¤hQèLiÀ·UÛÖt›œ{©Y ×Âf>2‘W‚¢V‰G`ĺÏÄY¬d0Œ~l²%–«ÐˆÞQÕ'½ ]4¢ >ý@7¯[_[2à8˜ù=Ë…”1É…>Ë}%ŽJèS•'ÓJçÌ„wsv3™`X5™i-¼—•üŽyT㓨=tQ}hjµ™>x -N„†óºnVºã©‚É9M0šæÑ¿Ád¯h͸4Í⛶.0SYäУö^Só§§ÊXÒhGzKO÷î_õÄúƒ zîfMÂۛʷö%;ÚzK7`[S¹Hrs¾`éÒ„;7«–Æ Óe”‡ô”wSñL'€$AÂD#oÛ­×cýIÇþ1ú—¡ÞŒvþU8›Ó)v¢9V‘å_ ô¢hdÇm…ü‹6 &¸¬ás÷¾UkirZÌçÿ§«…¦±¥gsïÛyùÞƒÞlS-¦ßæô3ýž:õ£Ð1?t/¼¹4`ÔÕNy voê"o „‰æ «RY^OÂzü±@íÊÇ/GW•Jôûå…ýбuÆS»—ÑÅ™}¸žíÄʛ͌ÇmVIÌ°ÆY¹H~ÊÕöì™/4„˜>…5¤ „¼?øÆ’‚Áðwõìbc“scÚÀ -T¨R… Ì„¥1`ýG¬"¼ö’8ò­Î>BP!cÃ÷±‘”©ÂÌõáÒÍ…Xù¼ó¥¡®å¥y¦Øã§snÿ°–_Ö•Ùb-nñOkš&äëÁ/ƒ¿\àûïendstream -endobj -1147 0 obj<>/XObject<<>>>>>>endobj -1148 0 obj<>stream -xu”ÍnÛ0„ï~Š½Õ"Å’\K9&M}kÑ".zñ…&׋TI*‚Þ¾CIN[#µa€àÏîì·³þµÈh…oFeNņd³X¥+ÚäEº¦uUbã瘎ãÁÇ,Oó˃ûÝâf»¦,£Ý±6UI;Eˆ³ZÑN.·ÚˆÓi Ϻ–BÍä‡æ`OZÒI›OÁRkµ q ‡Þºòµpìi°õ„kF‘ÂzÍA¤W»çÅŠ’|µ;µüáÙy²†Ž>=“>/XObject<<>>>>/Annots 517 0 R>>endobj -1150 0 obj<>stream -xW]sÚ8}çWÜÉ! é¾¥™¤›™NÚmh»y¶ÚÊ’+Ùaù÷{®dc’N3€ìûyιW¿Sšàß”–3º\PV &ã ~iÿ|ý8˜-–ã÷4?/¨ ÙÕr¼l¾izt¿t9§Óîwœ.­%~nh¾¸‚Ý9¬Nh†ÿNÒ&\N¦|||ða5¸¸{O³ ­6ˆ{±¼¢UÂÅ/ÙðÛÃý_ôEºBy¯¬¡ªò$LN?”ÉíÎÓÊ®³Lzÿnõ÷`Bç³9ÞÞXS9«é“òU8aÓeôq~9Ïø©ïJî”yö²­0Ïü%x,[žjÏ?W[ _ÉÉdÜx™ÕNU{Ê•Ðö¹ñ4§é´ñ4[¢ðô w¤L0ò(ŠµàÂÀ„“Z -/Iùp$ÖJ³µuÝü2­¤AÚ•E,’ŸTŽŒ¨Ô‹¤6/« -q¦2L/cŠ10ZÛøõ$²-l®6ûà´6¹tzÿZêã”î"¦û`+v/*üAÈ)\|Ì„“›Z“±8³”Ù¢t= Ñ‚´›à2”xk}E±0àjc8kF!@_)­÷)»–{xÕ:Ù(-éÐ'XВˈèDcWä…2@€*š ƒHª~R÷¦y:¶„±%Ö¥åŽçr#j]ые¤&üR8QÈJ:â/îfM¿‡dà;Óäë²´®Š§ CÚ -Ok) ¬Éœ6¨Q|„MIÙn„ö²oµ=~aX¹ºÿÔˆ¼¥BUÖ(kø¡R>À­vàl ôÆ,CeúD 8ÿÃîZø„º·°ƒTm¿Žf>6 ¸C®è,óuˆ˜F¤hº–çøšý¤ª¶¡ìN=o+*,Ã}]W§GÔண™¹r2CW÷L«^0•Ì9xN…ÌEƒè^ýöpC¥¨¶cú±E3¸Í…45•¶ôçu9âØ â(æ³h;üÅYT²R²Çõ!¢ˆ&pA[]$À°ù»ÕŠ´vLYªË…±®:¦ú4~ma -¸±J] dÜ/@2dÀòJ¬A•«W‘Ê–À‡ûKuqwHï±´ã6Çts¨ âÆA”½­{É|qøÛåG'…;(jÏøÉ£×u®XËúϱ0ôÍ~ÞéüV•½‡OË}ÒÊ7Ü$À…¼2Á”À%°ôJ瀠ãF/DSæè”Æ!#"{Qa¾=GÅ€Œ½Þ˜¦›‰ò0ç›Úd,A¢/æ뉸A:"wð^¥ -‰)½X£÷<öxºDlØ{l÷o-/¯czw¹m„#ô‘‚Qí"Ì5U"ÙŽöšÂm€o ­f\›·e1íQ”^GbG‡â{-…³Ëg=0'Hä¢EAìRk6ظµdw&ÖîÂgB3¹7ÐM±—­Á(‹FºÍ€ÃþQÐïÇ%æ<š5àìñöë÷Û¯OO°OÃO¬2lçé]/òÎKÐZ,‚Ñf;0£¡~¶ †¿¬>Ü~ –SdQöРéF}kζB¤!Õî -~Ýmû¬lëÇ}ëH/ßp™KŸ9UÆ-­b¡'•Ø»ø3gØÔ/ê>p¹ÁüÊ›=‘­v”âãí J±Q,*ÝJáýκœrQÆ.ùôîH¬Oˆr£íéZÑP˜‡ ÄÝMˆLNJšºÅêÍ%è¿w ˜ÅÆìŠeK‹Ïðõu' èÃZ¬ú-ú”TRyè~R…NùÎn˜½5²Ða?;Ð$–Œ i%~Júü:»‡‰š­ÊDma*"Ǹè…^îñ ŠíCBNxÏ:/õ†ž†aóhB…ý±“Cp‘+_j Kc€€×m-°ê\5+HÇ­¬£}­ŒÃs`Ù*M'ìÇ,“ëP€Žß€J†j|͈o(aí\…ÇöúÄ6rMÓ›ûaHÄXoârŠŽ/a è¸/Bi±æuG@ 7öæ°¯8kOÖlN|L׸”ðÎÒT3ÛÀ< õps„Qµ°(ã­…¯€qï?ΠÇÅÔ8Nµ*‘ÊMm1ûµ=¬h\b¶Yv£ž…Žq%1øšisu¸\òuwÈÿ¦“ëï|9/W¸`ÃÐ场] þü ¦+@endstream -endobj -1151 0 obj<>/XObject<<>>>>>>endobj -1152 0 obj<>stream -x•XÁrÛ6½û+vt±2#Ë’íHN/;±;î$Ž«I¾@$h¡&-«_ß·)‘”“¶“ÄCàb÷íÛ· ÿu0¥ þLi~B§3JŠƒÉxB³ÓÙxFgçs<ŸàŸ•”……³É)^_Y˜¾}7>ï/\.Ž¯Ïh:¥E†CfçsZ¤„&Z$ÃÅJ°r$4Ý.(Y™µ¦Ä…Ð)ù•ð´VyNkcŸðäWt/Š¥Àî”Dž›5 ªœ´qí"-”VÎ[á¥Òªg•ËGùfñçÁ„Ž¦§ãœ=LŒÖ2ñö >áøŒ`éÆ„#kŒçõd%ô£„'’à™´n¥J2e°ìÈhZ8%(7‰ÈÁõ}\Ú8/ 2¶w¶•…ñ’ -Siv 쇫чË1-V€ƒy*Ë\²?¥°žÏ…#lòøzVC:¤{™äjÿ·zÈ`:™TVù aÙ -»¡5Þ¼„Ï›ž[¿" ņ.ò\9ÄÏ©½ZHQŒZÎdÖB(]ïÉ|INy9Ž^¼£)²Ìé>:=¬ý«’k¥8€…Re‘§Ji åœ2ÚucÀ×'sP_ƒ%8RÙ”–•÷ððl‘x»Ebp·³5èÖ_Žé}®’'vf`ÓÑÒâÍQU"©¹yDR_°ò9ð;8Çõy-"µ<„ÄúýöæÈ”EfJ'bÎpÍ&Ž#U®ÌÅlœl"3¶ Ÿ¢ûMlŒÅ,"9¸¿úòõêËÃCàýÃð£A,ZòáM/æÖGßB™E›' ^ÑP§-ÝJyóù>XnB‰4E2¢ž5vç;¶‚§ìbc( ëveø£ª(³Ü@•Þ;©ówŽL¥K¬*=*Š œo•JíU¶ágƹÆOnHɸW8+&¡çÓ/WïE¦džvB(…s¦”RáÅR8ä ”@ ù›P³\¿ˆßC\zÁhO"ÉÉUei¬%'ƒÅ¨tÒa&rW+Á®æUM¡À9Ö«(ŸK€”J¡Cvéjq¬‘ÈÁdpc´ì1j¸åy›ûA¡ÛGÀüຂl¿7Ú[“ú ,àCÛBD¶S ©Ê2¨’ö!36ªj8¾‘%݈œ¡›Cœó '8¼µ@6‚Ö½Œ -t]åeÊ:¿/(V¯i,¹k¶u·Ó–n–8ÙÜÔ‚J9 -0bKñãGkªò4yÀÄ’=47‰Fg­t¥Ñ)“r`¥H#°NK~/p<þ hÝ¢,¡#ËM-ËJ‡çWVJ’¹,'çþâýÇØ0¬C{8¢Ã5~°W‡/‡´TÞ5¶‚ lëÁ×u&[HG} ñÇ [km7Óô˜›ehž Šè¾Âʆ”]ø‡#T.1r ],4ËÎÁõ¨kÌMð­åkh-Uê˜êp%f—®ÛÃVí -TaöG¼úEœ!¶§ïƦ!…™*hš´P¯ÆÜËSÇíŒÒ–¡» ûuzÁ<Л¸ug “’}è™'ÐLž”0´!:p•ÞAÑ FuOo²9¬IÞOa¼Aœ»öä'TÇ×-{„¦5P²Ó;…µA#/U{†`’Û -eie¦^vdb}ßâ™À¬@I"Ûó³n壙ÀÉ>¼—Æ[3V\¸h{*6‹ ]+K›Ž‹aâ…gÌaFB•T¹¨ úY`±ô¨ ʾ‡ÐÏtƒ1Ϧh,Ì tOð -«ºh, …&+`Œ³€AŸÈH›¶²—Ç…xêkÇçfŽÞCuIx(¦lÇí»mcÍ^ôWž‘ãÅl{³!¯6À¯ ^7ê¨ -€£Ïþ‡öÊË Vkão -Ž–YöÆY¦i÷àêdžÀ?„¿M%ïúx3As;ßž‡Î¨a×!œz=Ž|{Iÿò­—õ–þ£’ßäÍõìQ‚6Η»V&ù"žd8>ǃ0(¡ÀyøüÃÊh;áàâ»DÙÅvÝ™êèû}µáLàJˆa£fm;)u½!Š|ËÚÚthí½QeXPˆèO@ú•”î!­4î#˜qÒàÃ; ŒÛOÐÃVþ-@p'ÄÞÜ"צÂxUÛ­ë༖§3üãü”fóp™¼¿øtyAwÖü‰fJLRñ\$< -Œ=j¶Í'ïþ×Õõl~6žÏÎqíÅ0xú–]-~;øÇIzendstream -endobj -1153 0 obj<>/XObject<<>>>>>>endobj -1154 0 obj<>stream -x}WMsÛ6½ûWìè¤Ìز¾"9½9u=ͤ±ÛFöà ‚"b`Ò´þ}Þ‚”DƒJ'c #»owß¾]}¿˜Ñÿf´žÓbE²¸˜N¦´Z-ð¹¼YãsŽ?§( /æ‹Ùd¿ø¸¹¸¾_ÒlF›¶V7kÚ$;Ó)mäø«(¶‚üÞT™òÚ+Oü H›L9]©„Jå -í½¶ÆSj=lh»‡ÓªvF› OÂð··¿þÁ—韇OÿõnQaõnóíbJW³Åd÷ã* 2ª¡T犤S‚}Áp ȘҞ|&^cëwvZ”ï»Âéñó[ÜcÚÖUeÍ„~·zQî’ Yœ°\ºU¨Y—ëÚ+‡„«¶´Å¹†OÚôåKHäÞFˆ´©”²µÒè* ø -Ç…KºBØA…ðÏÌ…OeÉaؔ¨*§6 …g ‚}Iä¶ÏÊ€|@J[›*Tuž¯Ú:J’R8Q(`¤63óC® ¸%sòuYZWÅicV©Šý·oÐ_¡7Æ)ð0§~³#ƒ˜ö„*Êp¯{%kôÇbQ£óœR¡ó(¤$ÏmãxP»ä-öB>‡ïÏL+k¤ -÷2&;T(‹¶Œ"òÚÑAÚ¢´Æô¹õíTî$Ñ·4ä¨GntI£fÚnô:¢­®ð:Åÿ{3zœ’Åù0þÚ×v_Ë y‰pîT…f!à]àñ•äas¡Î]5À ½3ÖáM Ù ºEE9Œº8¼ÙT¹b=ìÓw}X8`€·PÖpDÙ? ikyè°)ß6Ô6Ö—D¥¢Î1t:J‡Ñ†A€Íƃi,ÓÒ|D4 ]ï™(€2ñCQC…k#3Å49Óp+¬2žžý€½z…˜sV˜ƒu4÷AçŽý±Œ]ZÙm$ÃÖ´{\”¶e¿Çâ`;cæço’TI µøHå–&!#bOÜez—åø;N»ÞnyºÉ“$ð“ü±.RÒŽÅ ¢aMeNGðЖM¥’XééÙ`‰‰zá±1˜§™..O5ƒ ŸÖǶ›®ï{ Ããà.(yL†JB ÎîÆŸNË\ $§„¢]®ÝÂÃ×aŸóÈÇf}\µ~¾>/XObject<<>>>>/Annots 530 0 R>>endobj -1156 0 obj<>stream -xµXÛnÛ8}ÏW úH_%w}H±í¢Xt»»õc_h‰ŽÙH¢*Òq¼_¿gHÝ̤vZ` ÅÛÌ™9g†ùv1¡1~&”LiSZ\Œ£1¾t¿þùýb>DcŠ“i´¤‚æÉ ý(§Ï¼žâÅ›(ÆÜ4ŽæÍ€§¦Ëy4¡ÅrŒ¯ͦ³(iF<;cvÏ.¦ÑŒÓÄ<[.º‘Û;äùœ÷ºµ<;³ÁÉѬ·j>_z«& lô#wò` «âîÌƘ}Í2“dMá-Њ›ûvuqó~N“ ­6À;^&´ÊÌcZ¥£Oe*IÐÎÈšÒ\¥÷æõê+v,š#zõéWþ[{ʈ¬&QUùìVR%ëB£tiè³(Ö‚ -Q7u§dy´@•¼×ÝwsWë]u³×užñcºžÌàÂ*Õ7û›G²µªrIFÚ+eÆ'–´WyNéV¦÷î†t+Ê;™ݱÑ5®Ø(ìwB•Æº¥ke FªtcïÔ´uÔÈtW+{L)„¹ݯD- -ieÑmy w°Ý -K{YKçMr_>”Úº{áùåäÒ_¯ u§/ÊåÆ’Èu)[ûØÀ˜ÔQ3å2½3F–V‰ø%œÊŠ¶®3TÄ´¶,½wµ8SµL­®l¸"¡€aE/Ä_ —ÜG ;3iÒZ­¹ø¬õƒj‰|LeeQ8Í‘ÒA :Mq ÞŽ“rË EÆÅ.@òÔ6_Å‚ úîÞÀÒþ¸“$ø¾=/ˆl‘gò©3¯×Œçƒ×õáÙˆ]Ž\脵ålAí® -8}_Óý…ÑÀXΓÖvjÂ럪c%k»„kW`K_YÏ)Y³±%ánx(È}C@Y:ã}åœ{$Q¾E‡ªTÐ. -S*JN[ßï›-4ƒ«‘ÊM¨ -ÆrÃî:f+?4pk'¥œ4ƒû] åFÉõ­è¨…‰ŒÊtÐ;8Uº~ŽmÚUܦ²5p»Ýµ¦¹t³ã—ƒæV*g ë+åsFÀ=|Vµ{G@ÊðÒf²’n–2-MyiY§øI…wøbUºËEÝôÌè:\á -íŸï¡äû7š›:†¨£÷}¼ˆ£yó/¼æ ×5?¦XGphóe´øòÚ¯êßhîýÓÂè11•LÕF¥LÖYúÅojÛ]ˆy›2½2ñkàW×Yåí‚s¼0XÕÂt°óÌ‘Ïm~Ô¶öÞ -Æãæ3Ó7ÚŒïÕÆëeè$N¢ñrFq¼Äÿð”ú|ûñí-ýU므‰~Óé®ÀÓÊU&vîºÝpŒßðú®áæÐ9ÌÁ‘Þƒ>·Ý;ižàñqì›%|Ü»ÕÅßÿfdGüendstream -endobj -1157 0 obj<>/XObject<<>>>>>>endobj -1158 0 obj<>stream -x¥•_oÚ0ÅßùW}¢Rð§„>¶ëªi릦Úúâ8†¸Mlf;E|û; i÷PM‰`ûÞs÷\ç÷`J>SŠg4_/Ñ8¢Ë8/i±Šñ{†¯´ óËh<ë/Ü$ƒÉzFÓ)%ÄZ®bJ2Bœ(¢„¹Ì *™}9OžfËñ[†m¸ v]g¢·žI#¸ÓæðïÃ-ÍùÉzq”rÌ´(¡²"#©¬,#½!— Ú1ÃJᄱ”IË+ë÷äØ=öZ&ë+š¢_Öh¾¨Uß)lgÜI­h/]âXÇTÆLF¬Lmd!ˆ9gdZ…Úw;©¶uÈ®¼˜¢>T²%«KÑŠ»½èI¥³ô4´ωY:V”¡ŠÃÙÓ9Êr:yüv÷‹v”ÒZ(´>V­gLI.mƒx:G‘¹ {@|8S”B6q­6…äOn/„ªIcRPb…£WÉêꯌt0d…ÞX¼w¦—ÛGHaãû¼B:~¹W‚öÌŸ6¨µ¹ÞSµ#<ʶLÊGi - #ƹ°–à¶Kï•0$šWÔ†8% -ž=±Þ,Ç&ŸÊ?–¦ðM]ý˜r¹JÁöE£¶¡!<‡Ö <0çq;_ÖK Ê^z‰²Ú7ËgìÓùécÑøÆz.!àø´uåN”²´a{ÑZK} æÔSèÉ®;rá“*ú–4n€¯"4¸ §•èŒüÐaa™š®¥};3ó˜dü¿¢oo±ÕùŸÎ뱤vÑC¶ÁC˜çwUø¹ -t—ɇùv°6ž<誇3QÜ€a³”ˀŸ˜â¢xÓOÃP§Ÿ2ÆçäÈûíÊV¸zG1Ôº“á_xô«0Ff™PÁï“õªqÔt‰·ÓjNóÅ*\¡×_o®é»ÑÏxeЭæU)0Vþ–öÕÚí£8ºòûÿï_Ä‹q¼\áµ€Pó•Ïð9üüñNendstream -endobj -1159 0 obj<>/XObject<<>>>>/Annots 538 0 R>>endobj -1160 0 obj<>stream -x•WÉrÛ8½ë+úƒ]eQ¢$kÉÍY<“Ûq"¥r呈„‚”ì|ý¼Y–íÔLÅq™ zyýúuóg'¦>þÅ4ÐpLIÑéG}ÜÙÿúüGgG:ïÏ¢14èO£¡¿ÊiÞ‰GcÜM‡Ñ€ŸŽgQì¯ø)ìÐà|MùÞ™ù«ý³Ñ oŒ¦~ÿ+IëÎ(ãÏá– -8í.øЛE§w +}Z¬÷x2¥EêÂÅää¶RºVzCó¦,MU“Ò4ÅJÀú º;]|wÇãI{¼ »8ù ëʤMR+£Û—FÇþ¥Áâ¥7r£´fë;UgTgÒYå¨s)¬<ó®lëÛº7´¨ÕVÒW¥S³³t³ 2ÄXÈ$ZÙÂ’*Ê\R×2e÷}êÆ (œn• ëy÷óí[Zž¨HFÎêüöãÇ«ùœ´(dJ¥*åò4¢ÛJn•i,mee‘‰%³ö1ß“ '®„¾zÊ‘ÏDä¹üÍÁ8q ¤+ÒT1D"§u£Z"Wõ= ™­Jaxußf-wbô^QŠ$oRi_³ap­,‡Z­MEIçF¤Œ²Jâ^+Z«\S³ÇrvÞ›M{7‹Þ Ê&¹~–šÒhJe!têRè]&¾”ÝI4eº#™å`OÈþEx†,pàÆ!Ñ®I"­¥·†%"§+eA2Ôöí×Ö÷êfVßeRÛç\ÿ7Ê1AÌ=†1pÕ€õŸl$Ôªlò:«L³iu¨±’{-í(È šŠZ¬ JÖaiK°î‰¸|7«C€Ÿ‹ý7¬ê¦Q<£nn‘I,YVRj²¦àòA0MbôºaM"±2MM» õ‡Ì  ÊR!Ä -‹û%šiùÆ@a6ªr -Éé±+€Ô -…Óˆ»¶5<Pöêu03Ö S¥m¯°÷´_W¦Øw¶•ˆ.hÕlŽÜÊ;pæ͘>RPh™B¤‡ñX£|:H(0¥ÛeeÅBW‹²qÚ[¨ëñ@jèeÅçÑ‚ÄÏZÝÇ;hN à¡ôÙ>¿cñLÀ æÇ”(ÀQÊP4G'-ËÄcÐqEäñwIaFµâø'»°_ K&0¶*’w™Z)Ftuä7(íì.è>/XObject<<>>>>/Annots 550 0 R>>endobj -1162 0 obj<>stream -xW[oÛ6~ϯ8( -ÄbÅ’mÙ^P`½,CÚ]â¡š>Ðm+‘D—¤âØßwHQVܘ‹:¦HžËw¾sÑ·³˜FøÓ,¡qJYu6ŠFxÒ}ýùëY’D ¥óI”REÓq4i%ÝðiJgãhL“ù ¿ü×’ÖؘÏ!&|é ˤñdÍÚ£ñ<¦þp¼ˆ4Æ÷”5$Ý‚5ô–ͧöâ85ãQ -ýÅé&úß쯱»áTo··®(‰ÇѼ·;gQÉŒíÂÕxŠM¿r‚{kìŽGQÜßí­ywôzw{kìNÓNKž$ Ï«Š&ð}Þ®ÜnoÝ”±ôgy×…‰Îù*Ëõ wó¸ÀS¾çò^oYÑl@{½%Œ%pô¸ÉFBé(„¾ çÛå)‹þËkŽi¹æ;É(‰¦Ñ4Ó2wtÑ2™ÙBÕ¤Öd·…¡\eM%k½ZÞ]^/(ž°„a+b8@ã"ï´¶¨7ôe§‹Ú¾üêo#Ü™ñ¹®s©É*2Ín§´…*IÍ®T"gÐíDàL®‹üY¥4tP U±Xk|gª^›lî™­À¢•Ì;+œáPz93—PÅ':ý%¸ŠË9dæ¸\Ôt#ª•87øi¥®EiÈ(g§»Œã°ë@EÅö‹ÚÒíÀ»MØbwŒÔE&„žöÆ@úê@Ÿ‹:W{CŸ–ÞUw\j\Ux ŠZpÖJŸâ»5£uû*¸—¤  Ðý™­jÊœ*•ëCgŒÔðÆT«ˆaóxA™ÈswbSª•(i'4°Ç†DE‡Uº3kU–jÏâxœxæa¼ x™j´‘,À,‚éA” Ó4Ù–„¡ó°ÛsâÈ ½*¬À••·n¬$JÔ®Ûv{¢W쀠g#½hbÀ@M¦°òöÕOžˆ#Z0sãh¾ÏÛ/ÞuGWŽJ&Iø\Q%«ƒáÒı"¯@ŽVÍ®g Xñxt¿EØÓØcj¤íÂɦKm i‚Wnk¥,ó ,+‹¬°%€^œ^H -gÊù ×ôskv{4‰Q™àa?OOçàâecôe©2Q^N‡ËVòSÖnTKê×Oº³Ò ¼d¤ž=ªå¤j¸ùœ+ĴΘŽ€¥ËÜ®äL¨Nʳ¶¦=â&eþPW ç^ƒ%TÆžGDï¶2»÷lÇÉŒ•!HUa -£ËÐJÜwô0ÃÅÈÙ&2dÊB&jäÃîàRÆ]vÅ ´}ðUöIÓØAiA3æÕª::´‚[ß -Xˆ -¥H~‡OJ.ÿ‡:G0‚À› VÌRdÒÝʧ×U&i»Ìà(ìñåsÚUBvkŠç2l×h!ˆ†|%Ë=º­Àž—ŠÇÒpu>6“f—£ïÛrï:8åBêÑôõ,ÃÛÁôöUˆÔNl0:¡|T -,jü¬`÷C£o7¡zþ™Ó -Ì@hù­)´äÆÉâ¼ûÓ€ ý˜+Gd”ˬs ´ƒÒ-Àéjã¬yÄôaŒ êbY -å¦AýFq@©´ê | Ìl1q}jŒm)åè Ežs`}#Ûæ½?™…ú¦±[Åýå“ò8úÕ%Fé”KcÃLvR}§¨pkfw³×½kܹÅ~ -è¶E†€»~Š¥ïØìô°×p¹ ƒE·ƒÐnFšJ€7¾´·×w;ACv´Ûr”\JPˆ*‚ÞR0¿:uï˜ß©Új´I¨ìS³T†Û=L£Jô¨{OŒÀm¬,j3M1¢ßºÞz¢º핾÷IÖ…Vµ£ß~+ ONw<9íyV! "—bütEݵVÕà€ÒúÀ+^0ëp¢­KI×¥eÖ ‚Z:zÎ%Tß³ˆ0¥œ#âh+Xqè¬Â4º.¯ÕHK®€ü´V/î5½EÃø 1ö·Â¬‰ã>ôvDÙµˆê^–eDQÂ1‚´Ð45Rƒ9#ÆŒt9ÐÍB`̱£µue%‘×ZÑŽ6„* þ7›mDÃá€ÎÞóäC(W\cÄsS % Lì0í±* "ý™˜gɪ)m±C,³²@R°ê^mÑà2 _1uÁT7A·ciV9 -Uf•ÆâH s´xùÕ%YS``Ë@iP™Üp(ùÙèDmk?ÒÅ[…Ù®gj0Ï`WÔvnç˜WQôC„Zya®ý$¿£™gÑ`5æ[r¾’ÜE¬0Õ´Óí¬ìëwé°/̶‡t[ãž[8†ü ¾öz?‹ÿ?“¿ç)ÿn?Wô¢—îßçé ¾{y—J÷&§Ó(ò«†²僛7ß¾¡ßµºCXè}ûþåºßE5Åkþ|LÃÙí3ï]“^Mñj‡wº|0ñÅ_–gœýßôUendstream -endobj -1163 0 obj<>/XObject<<>>>>/Annots 553 0 R>>endobj -1164 0 obj<>stream -x¥XÛnãF}÷WT„ÆX´î—ÍÃB¾eز"i’]¬ƒE‹lI!Ù -›´FA>>§º›4¥d˜dŒ±-’]—S§NýËE›ZøjÓ°CÝ…ÉE+èí[¶Å‡ úí`L½Ñ¿÷A›2I<ÛÂéêÛ⻋îpt©?J¨×é}ÿ)¦åEý3îú0äžå»o†ìoÞs¯Ë¶œç¼[Ç7«‹ë‡iµ¡vÐëvh€Ðúƒ­"P‹Vá%ù¿5œÎz­ò#ÿü–?ª4ÒCãþõxÔx¿úù¢EÍ62‡úÑngò8ÿ0©N׎ÎV4‰÷;ñ¿É¿ç_´ð4/+uç°°èµZ­/žžÏoߟžëƒÌæ·öüõCŸÚmÆ¤Ó -†ƒ15;£`4èsB“Õê~¶š>Ͼ¡Åý÷§‹û;šß/ž¦Ë%..9ý뇞?Þd$A˦¤³Hf”k -‹,“iID Jå¢L½º»G]ÐR$kA;mò+Ò©$½¡ü€ƒ:T®tj()LŽâˆò¬ÿd× ^³3zéj'I„¡.Òœ -#ñ”=Ê0ç_sÜ~óá‰Wœ¡BEì®E/—*®dZ祱—÷.É°LrŒ˜ýpùÒ é{³Ùî¿Óš#Jd²4ŒÂv:Þÿå>SiŽ»"JTzêý’beòàkæZ·¹äÆç 0/2#¯¬oàÏÎ[[“«8¦½6F÷øPæênT,íŽÝëHe° 3…«k™J‘ï8@抇é¿6¥üÐBúÔó@àƒ­‘Ù‰ §ñŒ´å|—Iª¥ññ­É(b—y³Ó :­6RB1Ðâ(ÔsJb–í¸â!ÎrF_&)_De p½*<.RälŒ•}ø4‘+2*كαÞ"Š:¿Îrcs(VaTº-™õr©³¯©êËû -ýM¦˜)E:Ð Z×OÆ - Ðó^¦Ô˜I4Oöé,–™TÛÝÕÝi5ÐÔx:’–æ±@6ñu‰ƒTã‘Óƃ,cVXºT¯Îœ¦âUmñLÙ„¹ã¯ ‚ 1$" ÿ 8f§ t·‘ >©}/bËhÆÍà™r1;‘‡;fÊXö„#ÊY ‡JQb2²š øNS -Ðìb,0c–2ÏÙë)c‘¸ÿŒæâ‹eìçMýpº3,»þKÑ«ô Ôw¦2é¡÷—ekªARàP¦èeÔT[Î*×gé$ ›ª)®¥ÏQ˜ï”)Õ7‰¤ƒ0¾¯\FƒRjhöLóÅt¶º_ÐÝbú~L~˜L'7÷ôð¼ Õ‡©µföÏŸbsÐ#8zÁX5w"ÝÚ&D0¬4ûøøH&;¶öBëƒ -jŽ N ™o1M 3¾h…_EÆÅ=ƒa¶ºî`BúÆ0Mò\&{[@ø{UAuêì3½—YÎ*Å´à‡ -w¨3sRSXÖáÌ»­4 ¢Äð³#™e°›@)ÅÖ¯ë‡iæŽà;iå:Ç¡ -Ešba.DÊìcq”Q@+ØóD({Ôìe¨6 -–LA°|R¥&‡’ʈ+$Ë쵎evp-}û©¿;måó 0\ž7iÓòa¤úð¯Óš×rºUø ª¤§`Dhp(K-«séxà fHå òÝÿ«ÒÁ.b‹ƒ8"®³”\iPI¢eY |–°ï ¨¯™p@2zð -`Åj]ä9D¤€ÛdJ›Î`¶à^?ü••a)cÞXª ­às0{½/öV Y -«¢úäÀï©LTØò”7 -Q&þñoíÓ/‘AAÞpšºk7ŠˆÛIØv3GƒÖ3¤lDu¯ÖhL°Ï£Aãê©”ÑY%áЊ×d‰]Ñ \¬Ë ©Œ¢FbG-›rˆc -lM[ëÍ-Õ‚c¹vºûÕ¢±ÑÜ„b}$Ñ‘Ú}>âÜáùŽù˜Ü>b‡×£³wËS×kýù¡Ól cm7‰P' ZÄnOÐÊ -µGË»›)Ž„=Ùl¸vËáZh7d|Æò }çËšª3ç~pW3Ê -#/e,3vôBšÜ’iè(_NÄ'n&N;=måx²S’cfóVœÊ@ÎÆ;vÖaMØ1ÿÏñÒ€Vó&„<ÖÜæ vâ„wVû¦si’u€åvã.—o0—@90iíÊ-Ýø7*²)KÆÙ®"µuÌ‘Ùj›~IÛåÓM¥Ë6¦+‚š„­CãÏvUr«3w4dz¬,pM}`5×üòäͧes1¿emDˆÏ­ô¼Ï@.hxþ3§Ü¾ƒÝÌC®’÷{‘Ù^±oaƒ…UËd¢±ÜYßvuæéë¾~Tù™ EH¼Î9ÜG¾íþB0êÒ`Ø ºc·Mžn&àœþ™õðN‡ˆ<Í!(nÒãEÓi[xŸÿŠ­7ìá-¬àS½6r¿ºøþâwr%Cãendstream -endobj -1165 0 obj<>/XObject<<>>>>/Annots 564 0 R>>endobj -1166 0 obj<>stream -xµXïOÛHýÎ_1Šît©DŒí' qRôÊ©Ž¤íII?,ö&qk{}k‡Àýõ÷f×›˜H=©GUè²?æÍ›™7“þu? CêGç¾çS4Œ¼£!þ⯖´à Ý~»ûí ˆ/¢Èp8§0èã§]e49h¯±{<ò‚önkSßzýÖ®ïF°å¾é%¦~xÇVâ½—€¹Ã~è¸Ã·~„£Œå„Í‚ñ¶–9áȨµ×Zæ Ømû -_l¯± ÖÚWÛkвCRkÝpø RÀ¦ùx8;lV|·½Æîñäس¼Ë„ƒn`ÃipÀlú x#æ‰fo·d´'¸¿Ýk-±¾ wï|zpôt4] ¡¢Ñ¦‰IŸ¦qWTUº,dB÷Oô9-µ©èzJµ"A¥N‹ZjZ¦²¢z%©sË¿êP)užâ¦*ð{e·.¤~R…ìÐFfYï[¡6-µZ—Þ›éW€a ¢×@ç4éNÖe©t [™ÐKIÅ:¿‡Aµp¶+{u‡¿2þîM! Ö¶EM+Q‘Ði% JÖ€¸4ù 3U沨©ÄÉOD~/PVÎj‹Åñíg¶R©\n¦Ø|Ûm­‰'c=K«Ú£«å -5g -‡ìu˦ „À‘õÖP%rIí!¿e©Bª™PwI—qœ¥pX+Y7~Å*ÏE‘<çµK1 ßóë ²6ðšKȧ¢–æ^ Ù&­W„«iQÕ"ËpÙÞðhŠtY¨,S&,ÈG‘—™‰ÁJmð:~«u†Ô“$bà*AÆJ&§›O'œ-È”~H½ðØá'ðñ~wë•j©¨÷‘´RõÏ•Œ5°÷bêHd“ESuø -Ætñ*iq6»ß]_¿ÐÍälö±H¿ÐDjDÿl¶MÏï‰ ÙÓÿÒ¼²ÈàY+УÈm;¦RG6®Š…¢À¸ÖÂAüÕœ¸F8Oiöî–Þ#UõïðbàCÙ(EùÝNœàGX‘Êÿ¯…Á$=Âß¾àÁ -eS?4–.X&‹L,«Ó™ÿ8í¾ïè~v¦à Íæøº½ùíf>_•=ƒëÅɬb–5dòtfÏïß;¼¾¡‹»«O—w4þ4¾z?>IooîhúîjB·wW×ÓË»Ã_çBFqŸÎܮˋïbu>ß+‰_mY™ÊÙ©…óæóÎ뙉ÍYaŽñÉ:ŽeU-ÖYöÄ -F[4k[Ùô:¨½®Ók„¤á -É8IXš®å†šRªè!F÷Zµ gªÚM´iBçO”È…XgõaÓVÔb!5ZQ–¹FÕ -ª]ñÁ”ÛlZžÞb°:]å÷^¬ŠÅs#]>¹k¹xÕó¼+j"µGã¬RPT4£®… &OzÐ&#®ö¬ksm’ÄyŒžÿ7w¤¬fsÏÚ¤pª\±P«ì§Ñ^ÙÖÍúŽK…ŒÑ¸oh¶$î¡ð¦™¶B'e¼®!òÝ”²hȾ|œw¹pŠ;«ÜK’<-à–5Ú0»ÕkµÔÚCšÉ%wSOzFô -Ù²‡aÊ’jŠÌs{ÌÎß4©7§{ r ~FýçÌþÖsʇÎÈÆrxFOro^é&±I“W,cKº-³nÚé…ÍOv”_a6Ð?Ì=³áÜ›LáÈíSÏ0wƒvE“©–u37ì9Ûm¹¶—V¯Ìùºâì¶yþ ²5ÂÃYRjµÔ"§•RßÈœ­Ú…Íæ˜#Ç&@ò²zªj™7a¶t%ÓJˆ#YÇGæf,ʽ8sZˆֱхÈœ -y†éç»kpAHphÐO&i`ÚÀç¦ÍÝ4Æì/´ÊÁºQ4Æî»d1z€é)\¨ÚÖð¡E¾Ý  ÿšÐLQºRb†ì¥mʃGþM‹Çè+ac´,…æü±¤Û'ÏÝפ‰ó¨FtJ ‰Š23½ ©€–:«ÆQ3Úšp² B!ö B¿ 5LD#‡¬RkÄÃzgld„.d‘ʤà -ƒén­YIÈ–l®•Á€)ûen®=MrZÇ]áA|y^5ªm+LÍÁ=è]-kFÆFžËß¡qÃ¥K -ÑVx¶]õ~þLWÒ0 ó¯änŽ<Ûk"3 ×­¯“?–h™«îxÈÌŒ&©ýܶ×D¬ÏøHl$3ˆðŸ -#|ÖÞ(²ŸÎÆÎÇèê+Dž.T¼6yžá»=w¥7ô1ª粒Ápà #ü/_„üÒåôàƒR„óendstream -endobj -1167 0 obj<>/XObject<<>>>>/Annots 567 0 R>>endobj -1168 0 obj<>stream -x­WmOÛHþž_1Â5Õ%~K⤠…WtÀåÀÒ©ºØ q±wÝ]›$Òýø›YÛiä´À•)‰½;Ï<óâÇ_[.8øïÂ؃aÚr,ïl>®o¹ÞÄòÁŸø–)¸Ã‰5¬®¸im_§à9®åm­n_ãêhˆ%Ù:Öd‚¾êõ@ŽÁ ­1 'cü=rkŠÃ}“X½Ùó-·Úì¡Ùz´ì³!¸.÷?C™ Ân°@<™$r‹ˆ50|ÅÒ,áð>ø‚¶^eÛeQ™ŠE΄2M™ˆÊ5zt¨â,·à<Ü­!Gt–eJ¢Ë9p‘«˜ã}YZb€¯¾;ÀdQ×æyh7!ˬD†,iz¹í† &8³±`IßkY€à<º}1D|^(ñ@ òÞHÁßáæ8\P¤´™G½"l(ëåBbyÈ5ñ…¥TVÍú€’éZÃ}odMð©ïýbßÅÂÖ‹ -Ïs±Wè>ܘ¼L,4W˜ô¾Üd“Ò²Æ%\ßœˆa_ šh} ··A,å=(4ÆÄÊÔG¼,HüÄVwͽèÃFÙ5®KM+”$¸ˆE±Ú… ‰!}ßÁ°‘Bÿêë£PóXŠŠ;¹¢ -Dü)ÑsŒuÀêÑ­ŠÒ.¿Ø¿« VµeS“KöÈAù’SÎ ~ͤl¬k}ľÂEmâ7½Xs@z÷º:¿>¿ ->ÌæÓôðV%OfÁéôsDÏÄoûŸöÓý¨¿ÿqÿrÿæsób>M²Æ½ëÓ›`vLÛØJ&GIFý®s¦òvµw9üÁy†ýÊlÝÀ 3èÔœ¿ý²:D®±uføôoÕ€zycÜØÌÃ…„vþëßÑÑ {x‹¯àPGSû‰)[gR&6fÓîxϺy hºš:‡i‚zñ,X¦×€&ÙÔ.´²M/Úš¥wÌ07O†ÝY™‡ß’óȺ1rYà1Ø~­ bçiVÊx¬[xG¿ºªcÑ—:óÿ´f™>F±‚âì¸NecÖ/ï¬I¾´sÏtqÇ¥ð_‘¥£ÊÚ{“õàMÖÃ7YÞdíÿœu§:Ù~Îz®d^žé1Í ñ›)ß(OÙü;½ŸÄw¶Nï¬PŠû†Å^ó>UzƒNÂRlà)ûÄ’‡ð]‘Ã9°DÍÈH”8‡”3¡ŽØšMðò%¹Rçµà+Äpˆ‹}v€ú“tH¿"Ï7t.4¯ôÚ'´WÛZ°ï‘ìþ‹H.5\¶çà3dΠÙÂê'­ehÄ+çü2ÎÀÕ8¶ Xpœ Bª”%Érš­4+p”§4»/æ{Ø«3X ½^âM8;¿8Å/T}–eAÉ<-4J¤DK¬ffÄ¡aUBžåH÷¶¨E8ý‘,õàxMšIÞ)’Íä«|cf뽫gÔIíÒÿvÖÚÈmkt'zÐkó´&IÔTcÅMäUŠbRE¨yJ»%- Á(†)ÀZ’âFë¯E¬xŠ:¢« &1Þ)»Å>›TZÙõñe`2Œ/>vÖ{vy<ƒ¹’_x˜Ã‰ ‚2¢Š’Þ¯Múc•ë³ý1ã ‡o"´o8 óÓ õWë_§7µcendstream -endobj -1169 0 obj<>/XObject<<>>>>/Annots 574 0 R>>endobj -1170 0 obj<>stream -x¥WËrÛ8¼ë+¦rRj#ÚzX½lååĵÇ›0å=ø‘„„´¢|ýö„LÉrmÕ¦ü*‘fÐÓÝ3þÞÒ9¾†4ÑxJYÙ;OÎñdÿëÓ»Þx¶H&4Lñ»¤ÉxžÌÛO}æõ4“¿›âOø°5cÛd>ò~jI«Þht3..æxP"î–„OqÛÅhˆGÛ8Ôx1{|ž1%ÓS;FÃÉã¯ÒÞÙ儆CJW¸ÿt>£4÷×>§4ë_'Ém„£Ï¢\ -Ê´¤#ÛT•©ÞIÊŒÎdåȬèÙM­´“5ÝS(½~Fþ£E±#©°ºN(Ý(KøÞn¤&A…Y«LÏÓ¯½s Á4ïWíAX'¬Uk-sr†Ê¦pª*$qt~…V¦.9xaDNKQ!4™šVBdî´=}ĵÃéW+Ú™EøÞ(TÂßðè襤\®ÇE²¦”X/¬Ñ/ˆO;»]9Ÿ¸ŽÀTs$èÇn[]G¸ž¥A§è°öîyBWšìè»pŒD‡<匭ªª’ÞØ;Õp¢FÃ*¸…rm£¤ÚVªö* -JÀc®®/©}Ä`²3þ!i)Ùˆ–»`C©ô´=¤]« lx N¬äë¡òÜà1'–lÃá¤ã)ÅŽÛÖ÷FÂÜrºWh<7€äé}šÞP)³ÐÊ–6¡·"ÛU(2=„}Ã_piÃ3Ta­É”Çé˧¿|Á˜"s | FóxÀ{²`€´ 㧣ÈL)µV,Êú‡B8ýwº¹y×Jó¨)CIjÅ5ÀÅÛûè¸ðX E»çqÆa/,¥ÐÞìÙvÑôb5™÷cÑ%ö#L}Ù†wò`ËÀ~Óø¾–&—iÁ…éŒs14‰ŽpÐN™Á{;­ô(ò¾±vgoQGtÞJs8Åÿ|ó1Mgþ_Ï/?¼z‰)×|ÅlEoºã$GÄåƒÙù"öÇ=4|2›$³é>/XObject<<>>>>/Annots 577 0 R>>endobj -1172 0 obj<>stream -x•X]oÛ6}ϯ¸ë“ÄŠ¿?ú2¤kƒµ[·xè ´DÛl$Q#©8Á°ÿ¾sIÊvØÚÂŽ*‘¼çžsϽʟCàïæ#Ï(+/ÉbAdzÅÅ€¦³A2§ÉbŽŸ‡ÃA²$#iƒ‡X~øˆGóÃÃ#,8÷è¯.Æã9ö™Ï“)•4ñßþ£ »‹7«‹ë&8ŠVÄ7[Ìi•û“´Êz«¤µ°*#UY'ŠB8¥+ªÎ¤µ¤ð¯¢n Y'kK¢Ê©–¦ Lç’oï¨k™“0º©òËÕ77ÇõÈ–ë¬P²ráFG÷é>kêìì³Ixp@K†0L&ãõGÓdïUÞÛh#E¶£´g›ºÖÆù`²r2s gL´U²¢Üàˤ—¼å€úÈÿ‚÷ø«sMüg˜bzM¤#‡l®ÑµQÂIjêB‹œrep–6OtnÞ )åµF–ˬ4ˆâܳ#œyÈÙkú-ìÏKCä´Q…´çVŽŸG{km#™.ºÉó/FUNšw|/½¤Ïwý_¿¼íìów¼ “gerfËç;¾L»‘Ó$rˆè©³3§ MÀÎX=Ž‡:j³ß2;÷ ãüŸ+IzWèu!KK²Ê 3,ËûUeP˜ª¶þÑÛÒooŽ.jG{ [‰¹¯EÆÂõéYK·—²j£'^QÂ(ÝX:ê)è?ÊÊ&ô„%pE_U•ë½¥ŸV¨˜¬hrÎ~ËŸœÓ«›vû$ †¯j5t{‹å¿ÓÃt˜,^ùRkw]N)C^Qδc¹H}nP‚Qa{z¹á«xäh–L˜×•§À'”+x§÷LÝ}…ïýN8Šhö¸/àHS”;„’Š4&t¨Ö5`ç²WEÑÁ éËr{Ž`:ZlÈX(¾5ÌÅ)ä.W¢Ð[NñtLh O×ÐF<¿ÅÏIF,sÿlTvO…Ö÷ìds'ðTûg+ùVY‡Ñ«ØžƒgöÛÄ}üñÓç4½ó Òômc t÷VWÎèâN:üWø9M= 4}_=(£+–'‡u;¼§Ý”s…Ó¤(BnNò"Š½x²ÔX$„CGª"ÙìjÇm à ñ— |ãXìyQå`¡ ­›“gêz‘dVcCJè£Þ#lsEw¢\CëUÚÁ Ü1N¨€Þ+vŠ„V;T38E±3xÖ“nô̤6^³€ËG‰‚÷ä;˜Ì¿'·)Æ 0'.«P˜èdu° À)T©\èz¸B!Ä8‘ŽÒœä^l:<­µÛqÌà·[:DÔ‰†»ÜâŒn¿z÷ÆwÒP¾}úÞLºì=:‚†Ó´³Ãip7»lÂZñÀçgÖþ‰‰éL/½“HǸÄmÏ ö3Šï¢°l=¥ðó¶ÁPžÝï…²2]Bíj­ -åàtàË/Xwm†‡KT ×_`æÑQ)¾ëï¬Æ¦£0ÿ«Æf~Œ¥4´Íæ@Çó¡€'^¸¸‰´Óh4i/†æóÁ99é%+GfÚØT>Ëàe®×4ZO&sÌ€¸a˜ng$$^ൄ§JÞõHJ›)RÛ - † +xµŒŸg¾N íÕ« 3X Œ>/̶±ükÒÆËà¨1mÝÊ:uº°ÿ®ÐËþ²ô²0Ž„‰Éê¢á9ÞüD®¡Áµµ¥æpóå+WBK/oè@mW’ÇÒƒóúу{5\ÏfFÕgªÃVÀw¬ˆÃëM¸q¬þÿóJHw £<ôæzPL;¯cq®~}}Íí ‰³‰…&3ž6¶2©¤»æ Nùgñìø±þ,ù-·'ä·èúÓd¹XRvx‡¹Év®©¶ß°‹hïÃÉ¿ÑlŽ—ž%¿‘÷în>¿¹áø^%éÎqˆ=‹1õç¼ç½ÿÞê'óI2ŸáWþnÊ»½_]ürñÐAÄendstream -endobj -1173 0 obj<>/XObject<<>>>>>>endobj -1174 0 obj<>stream -x­SM›0½ó+æHxù†=nÔÓV­‚Ô ƒMâ­±©í„Ýß1U6½ôP¡ˆhð›yóÞóï Ÿª²ú1ˆI Ež òºÂÿ)þ ‡!Ø7Á×’šÒ”¤qe]¢¬¡a€¸8†¦›žÖRêY¨#ìš„á„Ú±#½VÃZ¾v a¢†ŽÜqcâ4‚P øŒ/ë¨”Ô œ±ÒH7v(@”–$÷°É…t€qÁ× $‡6üÚîVH¿A¢ŠÔ^BD´iYmë^.ߙܵlÃÃì&5ªƒ+!Él{?*b’=&¸:ÒÍͼ…'zá(1WàfÔ•»õˆ1¯çŽÅ„àã}´A„ó²Ùó4iã@ï‡bò -íÍÔ°Eø“z:ÑNHáÞÿGSB&,íP};i-ífÙ•|Øî–@øÑgëç…°im7ÿ, 2?…bz¶ð­yH}V{)¸rö»­G·f+¿öÚü®4Œ›ž–p-IfÜöFt˜QÔ ?Ãz„Ú°@ò#U(ì‘/[øèoë2èÞîH0>гtd_o LJ¼¥uIQ’º,|OÏû'ønô ïÞŠþ<â¢K<<6ºB¢*~ôçŸÅѬáñ&=~ð kÞáWÍ«œTxß—Àç¥/}n‚Áf;Úendstream -endobj -1175 0 obj<>/XObject<<>>>>>>endobj -1176 0 obj<>stream -x¥WÛnÛF}÷W M‹ºX•Þ€¦Ñ<uyHú°$—ÒÚK.½»”¿ï™]êÆÄI€Ú‚$’;3gÎÌžY=]Li‚ÿ)¥3ºYP^]L’å’Žov‹ Í'ÓdJóeŠï‹4IÉJ*±vB77éáÉlžÜŸÌæ“dÑÛÜ.’—‡'ˆ˜Lú·½ÿ4™õKgp¼¿Z]Œï^ÒlB«é’VE0ÅüÅï2k×kU¯éÞªÚÇ/&Ó²r߯‚é4¦£›9ܯŠojoMÑæ^™:.šÓtÚ/š¥€‹E«r„— ·1ÖS!]nUÃ6dJÚ˜yƒ»OÍ>tcchÚ)¿¡·¢ÊDBÁS4Ϥ;³äèMo"°sóƒ×Òš -8ÞþùŠr­dí92®Ù=9i·Ò^Smp{#ÉàÍÒNt$¬ië"¡;cÃ+±ÐIXH¾Ä–EÕhéƇ°…²2÷ÆvI¿t¶HæLÍ_×ä u¦Eœˆ&} -‹t,´tÿ3~QÖ1R®{¨¥,ØP΋º`ÖýFøÀ˜na@!ç*rß -­;*ÀEÝk ¼“º¼&åé¡E(,D¹•* -4†¨)“~'eÍÙžVη‘ÿ©ÕÇ£×f®s^VI_°$Õ°˜þRi¼qÁø -®ñQS#œ;]ê'?zik¡é2°7š› -H‹Ë„Þ‹žú›¸¥SmÃìõ°JLönc'š97ÜúZƒòÖqLhh<«ÉUY‚çe,Se@•Zn¹Âûe^ì6*ß„øØ­.Hó8€HðÇùï}“Þˆµüð=ÚRþÀã» ½äM7Mæ73Ín“%>Ñ_þÞ¯µÉ„þwïjt|HBØb„ÎFE¬A Ø5ê9p¡›§£1æˆÖÒS°¢§V¶ÈÀ ß)á}ú‰[{³Êl%P<˜ì³Ð߇j£×ŸÍL@;~¦ñVØq€2ÖM1v¼Û#o{µí™KƒA´Ð|¨¯ÙqqÁ4Õ*Gz¬!X"3­ÿ&ò)¦ßî²}׊½i\ŸAZâÖl}6ßÞ••®­N|¡Z^@W¿äk|÷|ª¯£^}c6ä>Û:;ÎT j-ðº¿jèêù:Ÿ6Ê™õS輯XŸvÉ™5€Ô`ýð%òÎëлp8æ»@A¾ÖbýÔ‰›ßa·X)œ©F.¦a)Z ¹-ãÈAï²Á¦ RÓËmOò]#¯)k= µrõw*,”ÝšŠ“оËJ¿OªŸ‘mÍUÄæ„h#°ßÐâtñȲƒ° @›â -I+Om…­ïÇcõKhÌJLevR¶(ƒx®‘¹*³Á¾¬E%Ý5“(oEiëÂ@Š0 z¹±<8éþ×Õ´º•n¨Íïx(ðôë ZÁDnñ%“ý+ÂÛ)­ç‘eƒ§1VØqšŽ"Ì_”ÛÃĆ„íQ«pÄ99d0ð£A8%¢˜¼¿H #V™BDLÙ\KQƒHä±ß8q2  •Uáœ>jx: þKLÁ˜-ºäGzS.¨J¦#Y•Zo<Ô@µ,=dÖ­ã CÎÑ”(¤3þ-ÉÅ"@÷p,A§C•)$àVªæ©*é’ W·U&í%šÂ©5säÍ l8fD bƒ¬‹Ý‡Ó°7Vð{õ‹–~ -~Y‰ÜwÉå Uthľ2V6ZäÎœ¢Á!¡„—}ïá€fZ>JÌ}‰3!‚ 0^9ž}u9uÇIrÏsŸñ÷8Ã!'T:’•C<Î7Ì9¯‚–~Ù× 6Ûz¤Íuõðœƒ3Æãa;±g..º´A£r˜ñÝòx¸¿]â'G8ÞåwÃ<'é?øÈ1OÙÑëÕÅßÿýE Fendstream -endobj -1177 0 obj<>/XObject<<>>>>>>endobj -1178 0 obj<>stream -x•VÛnÛF}÷WL‘¤v€ŠEêbvá EÜZEQÄyX‘+i#’Ëì.-»—ï™]R¶n-ÛâeîsæÌ~=ˆi„OL³1%SÊʃQ4ŸÓÝ?³Æ͈&É$šP:Ÿáz~%d$­ ;¢$žEÇí›xšâº{ÃѨýך§ tƒ™1”[ÑÇ<Æéq4ïì&Ѭ“Ñ4Æ]°¨îByÄß$‰â¾»7‹ƒáûcŠg´X!õé<¦EîCÑ";z+—Íz­ª5ÕFUN|ëe!Kûzñš)ÅP`ÍÁxM¡{ô±’´·ä4å¬4ƒ‰ JÊò[ë„q´¼E.u!2–pi%eº,E•ÓN¹ Ù, -²™QµƒÚF8ÈgÚä,ÌAÀuœDcv-̺)e9VÇ{˜BÐü@¯ü½Ï‚Vª“Ue]H’7Â{ĶUÐ7ÕÚR©ÖÄ)OBÊ#:æŒã(MÆÈzÍñ çÔþ]§4te=´âZ†¯jzå‹Ç%‹CÉXóÅwÃ¥ªî»Ô¾Îú ÚI*ÅV’m€_ <þZ’ñq6VšGt‡5ÞÊiPÓ™ -‘E>ªG¼3ÓTmCG¸¬œŠ(цJi­XË.¥øA¼¡³A¼«ˆï*÷F(¢ž‚p˜ X»Õ!{k,‰iŸDQà÷âeL/Ç4>;ûþÛ„îÐ9èš5óMC³Y±³N5†YêkÆ£rý©x^1*|Í9øÐ̯l$URæÑKtÆ麖9©Š€QÌ ]öÊ‚.†À5¯Þk¨Õ½|m›ô„þJÇÿÐ+’ÙFÓFµ=ݨ^á‚dÂ’¶\f…Â<ÐpXèLmÝ°Ø¥=‘ç>ÌûJd’T}Š¾ò'¥e&¬ënÇ“ U¥°ÛS\EÝߨgîBX»C5N¨÷â­.…ªN?_.Î]|¦—§Ÿ~«ÔÍgº”æZšÓO—¢\ -9F³Ï=e$sBWWgm+|ÿ¿I¾nœãFòćID¡„E¹ñl’¤tuÄ´½]íÕkÜÛhö,>åÕ·¯÷2¥Çž’– üWç«'¼?U& båžÈ;?aá}Ái^ŽNÀl9Âì)ü›?u&Z³2ÊÆcîÈåXñ™!£Ãç!"WƼåpžÎf‡fàça*=ù3B±X[È‚˜-•ÛBŠœë¡™ž”ºÚ=À#‹ôH/A†-[uô£Pt ¢ò…Ö[Âba‡y$'Ì0íxù°Œ‘¶)xËù”ë¯Ê¶EËðIª[@~ò -ôDè Ï“ ç˜/¢+l-ª¥æõ´aÂíÖnÐBjÏòmÒC鲡·”‰:Ä B­¥A½¬Òv`E×Â( ¾¹G_¡z÷ƒ$Å ƒ%焽¨4–rM|0?>lü½ÝßKÈêývµ©ì!'°6¢d>Ì62Û¶ÄxW—p¼¨D)=1óVk,¥â¿®ÔŸ`%à“B¿ðï‘l»Èðˆãå í‚ìR¥¥|˜ì·«$P{[K´°Ø7AUØi¥p¨>­Œ.»=ƒPÛÛ¶*aË° ‡õÃ[é¢Ð;N¿öPlw'yãŒÈœçí½×ÿ“ü@<גּ/Ø=ÿýñ#¾Ïÿ0”nÞžãé$šNbš¦i4û³âåùÏoÎéÂè/2sôVgþøæ ƺƒxŠ#ö<¡Ál„CWþÌq4¥ÑlŠó:‹¦s¶ðnqðËÁ¿mp…³endstream -endobj -1179 0 obj<>/XObject<<>>>>>>endobj -1180 0 obj<>stream -xWmoÚHþž_1ßH%py HýªÍµU[媻J‘N‹½À¦¶×ÙµCúãï™YÛ8$§žªB0»óòÌ3Ï ÷'#â߈æcšÌ(ÎN†ÑbA‡·Á‡!ÍGÑMsü=šDsršÖ8;Äíö¥>;žÛ³cœ¯¾dv4žE“gfß._°üúêœFsZ®îl1¢e"ž‡´ŒOotYš|CUA…3y«‚Tž„äµ{ÐοZÞ¼¾šÒwÙÈ`àDýù‰ÅéXü¹—l[hÒĨD:ýP‘® ìÀqZ‡RøR¹R'PÇ5 Dö'ú MµAEÁÍ'ÌèØ>Í9µŽ^Š.pbåâÚrS¡»Ÿ1AÜø -ém½´JÊm¶cŽUøB\:àóõ·V3çÙD/-bèºÓ*yÖüÐzc[‚3^XÍÌkÔ¾C¾†°/„)ROAÞû¤Ë8Âë£AÒl~«  -4T×.3ÞC"¡:K|ñ,ò# %x«ãŸÈe°î±èý.òï›È –9Íom•&˜—NÑÍÇ?>|¿&o6¹J öæ³àÌ$HRÀQN´mÝ!@ Ÿ4nÝ(‡@H9™†éöÉ®8‚²ŠVT¢M/Nz^¨>G&SbíÀ(©EÁ µÕ<ˆˆóäÅ@¢frñήú„|ÌÚ4Óíá1íвMp S¼~½V(Ú9U tP9‹™"6;u4Ù Ë\ŸVA£AV6Þ¦Hkg1­q¬Ö»c½âìƒØ(¶¨.÷ÞÓ¦àˆ¿½¿üüùžM½CÕ…sf³­Å4²íbnœÊ3bŠÞÞ¼Ãh¸³×5=0èù¢ñ•Ù/„)£)"ÀúÝgÁ¸?˜íq¼ÆLͺõ® -vpS›sé8JUt‚ñË]£Ö ò€Y<ßwÛ}½d¤nq¬ )‹…DÏt¯­7Mþã;”[`§˜ýöÀ'NeÇ›­Pµ^©A&ycg#ú‹W>¦ U˜ 96“ ¼õ–t”—J2“ã ú2ìÜB„£wb¥%‚PEÚNš^¦8$Å š9€ª0{k\9ü#×>/XObject<<>>>>>>endobj -1182 0 obj<>stream -x…WÛnÛF}÷W v‰ÖÍ’ì7'n€È¥‰Š¢€Q`E®¤É]†»´ÂÂß3CR¢%± ›âîÎåÌ™3ë/gcá{L‹ Mçgg£h¹¤ã¯b‹#šOçÑ”fËž§Wx,4m°w„Ó‡_ÍÞ«å27{'Øßl=ev6YF‹fëxŠÇÖ,M®çÑäÔÊ ‡“é,Z~ëiÍæÑìÔÂìÄW«³Ë73iµ$óå‚V‰d7¢U|±qE¦©8”*M+2þæåê3ŽŒèšOŒ£ÙtBÃÉU´ÄßUrAøŠº|TÅ¥ÏK/Ó<¹Ì cƒ.°ö‚ä-%¦ÐqpEEnC²LŸÝÚ³ñ Ç(Ek-õlóô× Ú›ðI<¤úÔq~OÉæv4gÕÎùPÇߦ¯‘@Ì@뼶µ7iJ±³ºxrFÁ‘j½ª–¢(M§yÚ›°«!Ò*C`À‘™nÏ´Ðöøõ½û).LDÒл:¹çTEôKW¤() äðšykâÂ}#u"z×ú«ÊòT¨´Ìû¿½¾êyÆá–)5¿~:¬>ÔƒÉ?5ôNeúéþâ£Ùî½NMüpÿòÔâk4¶!7/¹=Ý&ÌÂäégÜš‚gnïEp ÝñÎ9NoÀéסH‡wÂï<‡L¡Ö,îhˆ „ý€¨B³c}'r”¸a ˆZÊ\Åû&õâ’Ââ3Úc2¡ùèß;öǸÃ9S„¹ìˆJ ω(+OÇârdê2 ea3™ªzÎcU"M® ˤJE–Lüþ|ú¨öo¸ŠŽv/,‡ét„©‚{§%i$ zƒBœ¨Y}'aL›™1Xw»­; |3HêÁæ6½L¶:qÍC£VîF-ñÚ`.ñVÁ—-`¤ÉD—özÖÞ€ïj +Ö¡yêGÏq· ,ù(Y]“H[*:¿mÕŽ‰ïswRQduÎ=×õúýz´|'i•†h'KñÎá"ÒŠ3ñ• qзŒÑ†TˆqkbAcëYØjM”0 ¯Y(3âb´~©«Ä÷ Œ_š×‚G‰8ñ; ª×]Šþ¹s\ØÚ‚Š!y!×Ê£Ÿ*0ÒDù׿Úñ-7¬gŽq-„åžÛÚO=Bj=Õ¸ÿÈáHŠ&ô¦•„¡Ê!öí%F®×IoþãŽA.ÜŽh@ŽÃöœvo|b3.ß,›«üxŽZ–Sš_M£éµÜ«>ݾ}u‹ê¹Ï,Åw..3ˆ«@Íæ‡í‘áb„»ý/ˆ³Å,ZÌñ/o¼ñùßVgžýù?Lendstream -endobj -1183 0 obj<>/XObject<<>>>>>>endobj -1184 0 obj<>stream -xeÍnƒ0„ï<ÅÜšJÁÁ@1µ•z¨Ô6~~BìLU޾뒞*k%KóÍÎî~? #ÉPA$"dq!R¤¹âÌ5Úà ƒÝs© [¶d¹„nÀxA×›*/h¨š»®7ݽ>3B2äé0V"c~óÒÂee¿hÅáúë„Æš;‡]®[ åR;Ã5pÕÈћߜƒn6ÓÓ29àƲf]àHäÓ9S&"ö™ú&¹o·Ú{ÎëGª±ŽšßF•/'¼žÈ½÷¸=ìñ6Ú3ãx´õ>/XObject<<>>>>/Annots 584 0 R>>endobj -1186 0 obj<>stream -xuWÛnÛF}÷W ô°iëf)òÀIkŽÛX@¢¢X‘K‰ Éev—Väã{f–¤h:E€Ø4wçr朙á÷³ ]ãß„–SšÝP\œ]G«þ³;<\ÓbyÍh¾Zâ÷éY†ã—³y4Å…ñ]é­IêØg¦ ‡æ4™4‡¦Kd†CªØ*ruUëù=@1ynY¹#Sñ]üÕÈ‹]n¶*'Wl£Ø”)UʪB{mƒõkzÍÆßlJ—S¤Ÿpñ%Üû'œš†S×t9A‰ø½kòyfeLoè‹Û+«ÖNÛÍ8Ñ©ªs¿9ÿ™˜BeåO•¸Æd›Öeëz)!Àô_¹VNÕTÛ6‹.üB•HaÇ [ªÿ–•ø½Pœ5©2i¯$&® ]zº}¸{÷ñßû÷÷ïÞŠö¾È9hÎe0gSim£¥­Š¿í¬©a'Ñ^e¹#˜ ÑSaMmæ­ûç¬LÌÁ¡î äŸÚnµ5®=ß•‹C¯›C \6ç”á¦v±Í¶:AZR¿··—<|^?HäQúô„V©R[ó¤/hÔ9|ƒ0퓶#*´b2앧@«ÖŠó 5o3Ïþm]–Ì"xq %ômk?MžVy~D5œÓ@)M ϤjàXú,±ú{­û0(ŽŒû†C˜Œ%;ÇáÌŠ¬’$ã’ª!niÄ®Æ&M²ôf­L&iX þÂ:¹.ÿ€b%*ì‘e«»< -Ðá0ñëŽ×MdR¥\AvT´€#ŽWj›k GºŒí±ò¨z›ÒíFëR~n3ý¾!D¸7èB±)ªÚnX$€Íw´è7ŸV€È­í+oéñþ] ¦×9È‚54! å¼²¾®èÀt:±MÌŽèƒDˆ Í€üÁtmi$ý!´ÁÑ KVo G°Ñç}ï9ÄžÀ†zYk` ¾¤©Ž›NxPÇþ‡l†SLÁ;õÀyæÎÓˆî<ä‹Ó +%`cìQ«à€6c¡ñ‘vàŒ'ýÃê.ÇÔú}Æ -±ÔÂÛô­4Ù3=f9oU¹ƒŒ!6Æ2ED¬ÃCæ÷½Œ®wIU•5* ƒ²Áx)åÃ|±Gx`ó}¨¼K¤5b`¼ä9·ÇAþ'\/ä,?7®˜Ø¦ ̉^(ð¢žÐ)…Ì\ÂÃ^ã²Ë ã@ÐÌA'Ãv÷ -Û¦‡†ŽkRûgÓÌ: ðpSÜJ¶¿:}ʸÁ´ÓH1Wãá4ø;ätƒ¹‚Ž*7+•mcob“S©w†‘„‘¦[1˜˜iHMâ.1V¸V¢€„¼5ÊÊ Å±®<·«¿‚lð -fqjlðª5ÆÚÞfÜ;ØÿG‘ËAœ6A™…qS³=+ e‰VR¦÷ Â!ZàNÙ´uoQnŒS–•¹ sž»Ü+9Ér„»QHà*D?âi©Ê†¡Ý#Îò7vEï²\|õE’|èÛ6¦d<‰ˆŸñØ j¾T€òYÙdß‹DÌúԚ♥i°„íæäÿ. άCèv/¢â4Ã,ó²¯B·1Ò©KƒçÜ)`»׎ÃQKOæ#o5·jÁÕ¡°Ä Tï`8Kr­Ò’:ŸÌ™³àÃÈÌv{ÈB¸Î³Grx|™Q𓶌>^¨Tv•ƒ•8eÞšT;¿(­À¶—A CÁÉhç=€[zƒfƒ=æ}eÊ„åM;éæÀ{Að<°ÎšG×—¾,ºã®¿c ¼½•.W‚Š[-Ž®ªòv’d"ðÕÍy㪕Ä÷ (ö Ñ÷†$€ ŸÒó~õBtØBtB3,Ì4XॠÍû(Æ5O 1Ôֹ݄1ûú]³k>*7`² "¹ü‚ÃÀ D&*Øœ g»1 -ò„ŒièÇ[‚‚«©4"nšm·‚@äAÏ„ò;‡aw -Uº8ÄÒ®+Lt»f¹fÔ4öÞÊìäK‹{)\`ÕüF,SYº {MÓb‹1xÄ2Ð_ÜdGÉsš³é!ýüÔ#z4)<œ´E^ø í¶3 ÂED\Ø1»Uëp`ත#>/Ú ' 6ÂåP¼ç“7,"•ƒèŽAjšd™ý*ÏÅ{]ˆr¯>¬z­«h2[pG|ù <_âÃûþü~1å¸ß¯Ïþ>ûÀeQ®endstream -endobj -1187 0 obj<>/XObject<<>>>>>>endobj -1188 0 obj<>stream -x…VMoÛ8½ûW tjDñ×ÚΡ‡Ý=ØE  ôBK”ÅF"µ$×ÿ~ߌ>+[$ç½yóf¨g šãoAÛ%­6”Õ³y:§Õý=þ¯w[ü_âã5³‡ýìîqM‹í Ùì¶´Ï ÛçsÚgŸN¥Æ6ÉRÔí­ªõ]£B89ŸS,U·ÖÆRÛh2u~CÖElOB©ües’~ÞÿšÍév¹I×@ùô¤ì™²Êà`  m.gtÆYüŽm“~Õ–L GþU{¦b°Î±©Âz……¬õ&žSÚ—ú t_«ª:1_Ueò{±J—Œ=¤B‡6â ¥ô¬êƒ‚8ò Àܸ¸Š*"¹‚’Æê¡ÒãzHRú„m—Ø–U¢ÜiV3‰^kÊœµ:‹H9aU©œ‘].pœ>+ϸ"…dogŠ7Äá¯?9»¢­¨p~‚_:ÄÈ ²‹Î~~&ź£œdätÎ3LÂéKB¡>¤`Z`Ýj‘yTŒë½–²Rg/ýÙÖÛ ²:*c!¶þP»ïd©UÌJZ¸Ô$4séô#¾5)†‡ ™êÔaÆŠ’Þ:bd3úå;M\uí$†¥ Nè×½nœ‡O¥,#›ÎÿÒŒ)LÒ¾Û)×g"™ ^׶GR¹™7ª•G“øîð©¨^`%š 2‘õŒÜn0!×>F]7]f•;råÙy\£¡Ë; :t-eì‘ôo•E´Ø{l¼tÄtRD:b4ÞÕÑ)‘ -/JöZw.Þ»Ö¯#œeZø¾K{$ V(¬”O]v³æÒs¬)Ð`w!¯‹%À¨==?=ôv™è-ü@±©ÿq-—k+ÈÎŽ¸ºËfÍ1ß qT^& há© 7ÔÍaÞÑKuUu„{7¸c÷sQæö„ª±7ãœyƒgBÛt^×6óç†g“”KbWQ·ßc^Ó0±D{8ËÕèD¢½è3Æä© ̤É“;¿†BʤïY 0Ïê”XÄR½B8žzuc0»ZŸ>Á¼¤@Ú* kL7d(âR¡Ul½¾s߯1±">È'èFyÜm<…È0.#²-&¨!ž±x!>æeXˆîèUSâÎä»ÊÔãHäþƒ€¡b@é•Öšß°Å› |Ebßÿ@cÒª",w,Ù`¸2ùÚ | Êx¾$ ²µ²ê¨kÜÅ0Ék”í~=9HñÄj³sš^Ѐ“”!S8ÛL÷¸ëß(¼mìV´Ä»‡Ü»Ï_Ÿ¾Ò_ÞýÂDß\Ö2¤bqÀÛáÀív~Ï÷ôs?ª;GÞ³Þ®Óíf‡·¬ÿ±âGîgÏþœä endstream -endobj -1189 0 obj<>/XObject<<>>>>/Annots 591 0 R>>endobj -1190 0 obj<>stream -x•VaoÛ6ýî_qÀ0@bŲ;)ÚIÓ t«½}™÷’hK$z$Çÿ~ïHI¶åØ ­DÝÝ»wïîøÏ ¢~"ši2£¤ŒÂÞt¾þ2ˆ¦³pNÓhŽ©¤q4oš§‚ƒñü:œP4…SœN®F8õO|z3#šÂkœEÓœ¹>:zÄÙlÒ~ÈgwËÁåÏ74Ñr x³ù5-S‡ -o’ÀȤֹÝÓGJU)òŠð»e,h¾¾[~sÖÑÜ['S _¦Á¯*¯òjC¢¢§%Ý{Ë]n³Îvìm§EíxÎØöÖ˜º”´W5eâE’èl^ÉHý"59O‚ž¤½{ø² Jà{µ&ï;—Áâó×?£Ó0¥$´¤o'›ÜQ2=u3¢a4ñYÝyì¹» ]–'€àüíþÓ„Oø¸çÌa³;E±HžëmKx¢*«€iã½7i³õ8&Áô)@œ»ûOß%á4ËÀÙ«J@ae<ƒèPœ‡Š”NQ«…d3Ù½ u®%cÕ–@dS¶TÈRU Äëºr‰*K<¿?Å€dÚ0Z)ûƒ?šrN®Âù -¦Œ·Â˜]JÃoà4ÔüÓ?üÃ[¡O¼nÓR4V «ôÎ øZñ ½ï.:Š¹ƒîŽTrÈÒÅã\øG\+‘ Û–kð‰ªŠ=•"ÉòJúc–È­ÇI"ƒŒâ¨‚GA·” -+baäêå¦É/¤%œ{ôãÿ“bÀ>8@¡6è`×1È¢‡ ¥Ç%…ÞRUWöHä좒Œ_è=muþ’rƒ‰4m3æä\4ßW!=¬ñø5µK]½àÜð»º1’)“=±‘o«¤ÓÁ{â#Ó¶ƒîåÏm‰´…ô -E“Ò‚V©Ú…´hâvnWÁ5ȇRi Ž”RA©´"/L¿7P"Eù -ÁñøKå‹,Ô¶”à0Q©£‰fE3qx’©Úò¤cЖh) G@«]£¯Úb(×C=òX‰±„e†²²L€Ã…t”fj+Á84C/@/âB’Qp8ZJ£X‹*É0F\Åy†Î«k^Ú(|h3­êMv·Ú©)&ð·ÕʪDüuå›Á‹²’;ZVVïz©µ]tæÖwù}Ô솼b-b!?¤Æ<Þi®e‚°ç·~j£°]­A/òNÕEÊŒa¤i¨kH•Ò%FÛžÞåemôe¡°J.7—Ü$¨(ûþ® u¾:r×£…RφŠü™‘›&lÛúGªþÀ{öËãíÃ=Ý>~þɇëvaÓ­aðÁs¶ðûô Y€÷71CêýUž} ××ë[Û¢²Æ÷O#éób¢^hAÅÕá¢Ü¢„"V/ò@ -u5ñ»úí:ð p7€s`G´‘?æ(P“SOëXB¥Zn ‘ øÍcy©.yðatÜf´3㚥}fp‡ÒҚЦñ)¡ÁwûË+Ýën+X6jÇÓ-Þ/F÷@+üߤ®•q&ª=)è]S^ÀеíЖûÓ‰<,x21š£ýÓÝõ¸±Üˆ4{ceyáÌ)ß ¶ŒX’~®€/A&˜¤˜–XÎزŽÊ~ŽOjwÑŒ* ‡4´•Ü§^“í…÷AɃO¦¹õxz¢F󆸭WÁ•Ÿ‡þ -|y Éî*7>‹^â0ƒ²v&·<ô‘òcl€,;¬G’ÕuVkMýA»t1î7§úצP±(þƲKlŽ)Œë«§¼É‰ëÅÅm~Õ,û#é5À}¼ë׸ָKÛÙ—ŒÂ“Ý\â§ói8Ÿ]ûëÕÕ”=}^~ü =’×€endstream -endobj -1191 0 obj<>/XObject<<>>>>/Annots 600 0 R>>endobj -1192 0 obj<>stream -x­W]oÛ6}ϯ¸ËK½!Qý)ÛŠ!ëP`N»ÅE1,{ %Úf#‰*IÅñ¿ß¹¤äÈrÖ§¡­Sšäý8÷ÜÛogêãÏ€¦CÅ”ägý¨oþv6GCŠgqÔ§œãþa•ÑýY{ÝÉ(×gýîdM)îÇÑŒïÎgѼ^ùÝÖ:§a<>Þĸ;‰§ð‡»ñ<šÔ+·µÆÝÁäp–wÛkìÙo°Ä»ÈŽF£>dz)>‡øg$­ýÆ`8A°a„(Fc„9@0 ïëeÉ{óã½Ã{Óy4z¹w½<{û~Lƒ-×(A<›Ò2õÈ÷i™ôîä³£d+Š$·•ôãò+Îëó=Úió¸1º*é]ØjLõ(S…$Uøko2½Ù?deâ”Æ—¹Šôçpirð9ŒQºeÚk¦Û‹cã}:œ”%üåø -‘KÒkÿÿTçþw’pýªU¡ŠMÄ–Z÷ÿÒå•u$2«i+žBž¥0°ä¤éf,‹ÄìKG¥°1¦ö8²2tœ]øœöÀööòä BÃ}xXkC{]ª¬4HC“¨KáT"œ¬ãpé v9Ï»%}º½é&ó^"Ëö$Ò”z°›ëT­÷?’è&Ò$€€Í¢øŸëwbž«ˆùÇõíÍ þ9<†¯U˜åVÚP9η4*fO¢Hi%’G®.o¢ gt–1t÷"_ Ú©,#áœÌQ'àÅ'D☋ðï#쫵m98nÙ‘"ÙÖC„>°¶~AàÊI¹ØÓN>pݘº‰ÀÔLpÍ…ÓÛ’{ƒt…»È½ÅnLcOäºØ¼A—W8\§ž$óB­}h>,›¯Òšlh&¨C)“>çÖe×>P´Ómh¥6ÖH1y; ‡{qÀÂ7·ª\_Iúïþ?åÏOß¡ -¬¢[·:½ ÝV¡<;è‚bb¤U"SÆ:p"Åè,Ó»†/u&ò$œ·eÉ% Ÿ²9¾®“%0ÕÒF´ä”‚s’ -— ­ J”ë,Ç(Y´ß—w÷” -'V°5Åç¬Hý -›îøl! Vl nÖu ~#­Æe ɧB‚6þ6)fÙÞËO’)èמ•Ü ¸ÊB+›  Ú•QnÿC¨Àœx$øµ¸Ä[äÕ:Øg»_ C;ìã´é(÷ø4ŠYÌ¢ØS)u™É ½Â>¢ZFn„I9_ ä~óNÞ ü•Ê C™qUÉ'5P>uß Ô(hˆu9EáÄ -®aˆõ”¨d¾B kQ„׎ͺNº”=ƒá6Wψ¥Æ¢+¯Í{¶1#¨Ržh¤5 F7¯¤ÛI^ÉD™¤ÊQ¶"e˜t€â[¥pQй÷rîsšÃG‚š2äP<¼8¯<ÒÀ·Iu«¡3‰`/dwÊ%[ĉlÏC ÁXDW¯?!$¯ 4H!eÊ=µnÐîЭ…çLá]>×Zwh«`8¢k›µ¨2‡~|Éx…äÜ:u[•¥6'­(Ýõ‡÷‹»åçt«[h”2¯’=5d·\ ½áÌü¹6A˜°š`ëŒî+lYêÚä¾s8d˜}&dc£¦ð©Š®Ãl -Š†ËçD–~LCÉ= Ùáù}дb#Í9­Îy£w-(Yf‚wµïÂ[¸Âð‡ëŒNœÆ«úA¢ë@â—ž{N‹Å †—…JŒ¶zí(8d˜qª°:“˜gʬ‚NyPß¾E‘¾l÷a&D -è1žäIÆZFïêÿ%ˆZ3·¶Ôé¦2Nùݬ±?\IƒŒðP¼qÀBJÿÒyP0FzõÂì…6e¯+}.Ôóˬ Ñœ°é ågža0jÔ–ü„jzxtÄÜ×½X‡È7»Ã'F®‡D˜§Ú«°Öø‘Å4Fš<;Q…”C 5¨ÈbàïCbD7O†Å N;W¨š2)<(k•I»G;äun'R†uOVå*¨d‚uÆãsU]WßÓ*ó\Àá†Ã;]e©á~{Ùl9”€Î¬Ùø•¯?Q< /ÜÕâúŠ>ýÔÅáFéðè‚ï]6Ç/§ý9?mÁÑ÷^Ä1~£Æ3<£8>™°•_—gœý s’«ïendstream -endobj -1193 0 obj<>/XObject<<>>>>/Annots 607 0 R>>endobj -1194 0 obj<>stream -x}VMoã6½ûWÌÑù3²] ‡d½)4ÙtãEzè…–(‹‰ÔŠ”ô×÷ )ÛŠŠ-›„"9ófæÍþLi‚SZÎhSR&Ñ_Î?¾þ>X®£)Å‹8ZPIÓٿê çAwÝÅ2ºîìÎã8šÐ|¶ŽbÜ]Ìæ°V|^h> vg|1,x«³Ä½y´ììu–%­¦Ñº³×YÍt¿£Þß$Æ·Åj ß3ü¯%eƒÛí`|·ÀyÚfÈF¼ZÒ6õI˜Ð6ŠÆåR;•§ŒÆ•´Žœ!A/J§æhéqKVÖY“Ò„ãdE)é(ÞIØαõ5™ú|i½j/ý²ý>˜ÐÕtÍàyx4M‘FíÇ'Ÿ -)¬„÷ Nà›Àû¨>f0­4~–(° -²ïÖÉÒƒmœáDòj¯éÛãý_Ô¨ agÏ8ÓƒÓ‰q °A¬íÚ4•h›+K‰I%á·8Uˆ]…¦Tdaª¤]-t’KKF3äA”†÷F=§»ÆÑQíøÄA¦B-CÎv¬1ºŸ¨-lŠô ´{É·Rúª` HxÒÔʽ3N—·zfÔ?»S!qƒ¢û:÷Pw áÐקO”äBkø…Mù&‡¸?ÐÃcºC _}8 åÚ¼–RhKϢܡžže¶çW›#HP£¸ª.ä=”ÊÕ ¸ŠÄyNØ\Uö§XÎ$¶ìþï¡Šd4¢wÓP„"M†žï¬úŽ¨¥5MÈ6…žW¹8 \—­Ô&DÍjS‚­ýËO›OžººçS$‰i@¨P&±> î=`Å;‘\ÎÆw×m—/Dø­Ó„èR¿·YO…,2tTèó€_¥¬<1¨râõÁTÔð ÚG݉^ï[·¾ma«0øÄ6™”­¿BXwn.” ­¹û8‘§œqWɃJjcMæzÎÏÅõIz c uƒÈÐn&ëtîżüþBB‚O2:QnŽœÃ‘ìÙÛƒ¢dÝðÉk“ÆÕߢð^$XÔ:ÙA×"ÏÒZÚ0ß.) ciù‘&Θ©ØÏó%:F×xÌc…0ç.ûgJÚ>Ãn ˜™Ò¬¦pˆÚãn[/þ%7¾ÿ¡½;ˆùÇà]†&r`}3sAþ ½{¯eÅþ™] ½tÌ%鵚TÊ,;°î”°M’ÞµgŸï7Á^¡ &ë¥<Ú{Ñ¿XßAàõžÛaDÒ%Ý@·O„®#¯æȤ* Eèwùæ¤N¡–mî²Æ5˜ÊAMz¾K0T;Tx -AÎk]åÁF¢ª -…)ÃS#•A<^HôÎÑ7­ÞÚ1vš2g^yúô<Äþè^¢¬,²ÁƇÙéeŒvoUn'’× s|€Yvd†Š¶B}IïÔY¦#*Å+ÓE|¬2ÔWEƒ~xp p­8J}PµÑ+<±{‘žGêø.>?‰®N¯Ç/ÛÏ¿ò®R>0…YÉ¡žáo”?5Iãÿ-œ©|ªšx•_êý"wn/þQZÒJ7o/¦.Ò%ýP+ú 7Æ÷òøxÿ<%}}|‡ŽïV-ìiŒWÞjNóõo><¡žonoè©6ß!Õ´iÁùÁÈ!].\-'kÞO\Nìé 4›àu¼ñ“Õ×k±\DËx…G#Ì_Çlåóvðçà_“!Ÿ©endstream -endobj -1195 0 obj<>/XObject<<>>>>>>endobj -1196 0 obj<>stream -x¥WMoÛF½ûW zrP[±YrzK‚0Ð8n­ =ä²"—âÖä.Ã%Ũ¿¾ïí’M§(ÚÂ6l“»óñæÍ›Ñ׳¹\ák.ë…¼ZIRž]Í®äz~=[Êòf¿ø©µdáÅâj1[M_¼Ýœ½|ÿZW²É`kµ¾‘M*°s…'Éù'k2£SùÅíœõ²ÕM§µ•ÏƦ®ór·eSùtwûû‹ÍgWr¹XâþyëÝñÔù†>æëèãòÕr¶à©7[ßÔ*iâ¥ÌçýÅâÀ­mô®VqV\ÜLR;ï²fH“×®Ý墤íƒ.´äŠq#è˜T×HGɹ+ã¦ø¡}þ*†epG7ºv;mµk=.–UÛ0#m÷¦v¶Ô¶ñ’¹† -‡ç)õL>k©jíñ2f´ê3:—nŒÄèù®Ó¶³¸Â›\˃*·j‘oM£y BPµ*½ '%Þ )6.\}š7În ]"¬è\Z¯y‹ÅSVx·¸'„»'‰* -!÷E»Û)•7-BµIâõ.m $“¸S%2ÑõÞ$øÝ™&É$̸nT³‰ÓÔ• -à#ÎÚ‡ãU¥0†QWið@3ï<ƒÔû|J•äÆ¢›Üx©ŽKª}R›-’fH£€¦C­ýÁ7º¼ý­*à›5æᬵ ‘U…ib¿wbŽ ð^À§ÌìZð)&Þ¿é\ýèÅ€º5î‡Y$ÃSþ‡.½k <ÅC5ØHC_. -y´®C±sÕüC+äj¯%5Y²ƒY¥KuùZëž¡Ì” ÝIvè£ - €ße¬/+€Ã#“NrëÐ`𲎄ê!ïB)2ôwhÁR¥šÀ1,“´Eƒ -O3¶»5h:'±¼ÉHäG.UZb®pÑn¡ °ˆpÊ ,‰-H?An4bÇ¢9êèqzõÏåà8÷Ay¿#ãhò¢œŒ¶„‰<‚ -@0úïvÃ߯ÏC`7<¹ïÇãSÂŽ¦Øp0:é‡8³ñªW\J»Ú…åD¶¡Â® °Gõݺo¨MÈ?k‹by©Ë-ðC^Šj\+fòÑbi¸à;ÅÒu*8v\ò€¦oX€{ª -Ô˜Òa¨bP²¿£Íät,çÖà ˆò1ž˜¥!åx+[®H$W§8Ýð?0¾»}ø‘óäÄ!©‰»ô{é,æ×x?ji¤‘6TN_X æÉH d{ ¯¸_ræ1–± b†€ê|w1&ÊL -ç±4`÷ÆôšD ÚGÝãt½&¾¶3< ¾å¬G÷œ(·|”›RÞc¯A5âG“~kDét¡`´1²™¼Õ‰BpGÊæˆ8¬iqw~–çrßa\íu!_Î÷F…ØïžÃ ø$aì[\‡YVFðN -³­U}øòÿwŒEŒÆ°ö;ž9Ñb”+Ž²M1¬5j ±¾ÂlµMß•7§OLËë?¸ý‹Ïk¨î“,×ËÙzuçÏõš~ÞœýzöäÁÂœendstream -endobj -1197 0 obj<>/XObject<<>>>>>>endobj -1198 0 obj<>stream -x…WMsÓH½çWtq2U‰cçÃ1GC–Z Yb -¹´¤±4Dš3’µæ×ïëÉv”TmdÍt÷ë÷^·ŸÌi†_sº¹ Ë¥ÕÉl:£ëË9~^-oðóœ¢Møàr9›^¼õÁÅâzzõÖËåë×'矯h>§õÁËZg„À³­ÓÉw¯œ'k¨)}¿ÿò“*N m¥j½¢ûµüåˆMF¹³mM†+剽ÜQgÛ2 o¾3Üè­z/ oM߯Ìèl~‰ôÖÙd-'äú´°¡.q“·¸‰›x|¤2Jv;³ë‰$ëHm•¡ÒæxÖȹQê’¥kÍ(,Ç”~žýÐ&³yå½Få¨# é^,€rL•;²ÉVÛÖŽëUÔ2îKðŒ´§Di“ á¡ 7qkøY…¼7ÖU£î8æV3 -?Po²ÙN“2/#®ë²OÑÇ¦\s¢KÝìÀòr‹ðÂXÄñŠìY˜´pÖè?žš½ï¬Ë„MM§Àô˜%4¢£ôùè‘Šo,z 0^õ'r`RÚ§I/õWÍ~zúsþùÍA{ñŠ38ST»\5ôŠ‘ÒŽýäìBüdr$&¼,¸4jΨ*´OªÆ£‚·(ÁúWûFʶ ‹`æ˜c:¥M‹ÚB‡{ŠÁ7FÐvÚƒzè^‹ôĽܳoú€ ­p7Ýó«Ó€/HEºkå(ª©K» ×£_Þ馰‹‚¤ $!ÕˆO1ÂB+Ü Ò4µ­iPÆqU½ˆs§¸±x]B™1 -Ê ¬p|•,Ê)g›˜©D]{À-07¢{\æ+% , whÝ©Ø–ŽwB¨ˆ|§Ð¯Ö±‡å&jotÁBSHÕ±pÓ¡ó›˜S $ ¯B³`%â ŸDz 2”¡Ü¥vÈ*´Ò‡,ÝéÔYo7MÏ•Hc(´YÀ‹0У|G°¼â -Ž¬Då2‚ìE¢û´# åQ$éA*`”ÊU”Êß,ƒ~HVv$˜éb+]?9z‚iÂùt.ƒ1ea®Li©ìy$2c:7è´1¥”îcÖ° †ºîgýx„¹”½LaB« -E– •2!Á£áŒúAÙëÑÛôâïfX2 œúÝ‚&¡ìh)„1í?[Ê•Q"‚0żûÇÇÐS¸ç¨±H1ýLŒQŽy‰ÿ— 1çx*‡ÂXÙÀ t;zˆ–T…cCýÀ }S>u:Á+ 5æ"ëÆÀ<´rìzž}^Ðòƒ$–‰)}BFouVúú ì)ábjÒN±ó§¤6À LÄ×Ñ`åDhØr¶ìÂrñÈU´+©RU"ÛŠÊTj35¼4½H‹QdíÿäÙw÷øíáÓ~úõftà`@Rú\YTÐËkÓ©2tÖÖÒbhæ0­@¬W^Œ½ß%E\iÙf±¬ØpÚt*Ãvñbl F{#¨­-q¸_Šÿæî3…"@]6¨l…”¬,>˜×¼ûöÄØküÁéJö§Û¸^~Úo>£ÐØn¯MkÂöÄa–ƒH¡Y§²|b%–ØVeš1%6Ãθ¡Ð¹è£²ô¶)GÛ­[W[ÌÖ1Å>~h=…Þa{¥8eÚ*ˆlŸfÔQXã?ñ¢MÂhŠÔ2@U€bT-'2ÖdÉÅ"ÖÂÐã•H7Þ8¥¯€Ó½Èä¸0üÐÌðÝ¡·’CnM 6y(î°ÜLéãŽâΊî ÜN(Äâ°bhK0$¹8xGün‚a;ÔvºwŠë±×OZÏèá~”¦êèîÃ7šóÏËÞjç |y[^Òb>x\Ý}\‰[ü’‰ykS´‹¨Dª>^?»™}“àåzuus5½Y,±€á®ë¥ùk}òÏÉ@ÌÂ)endstream -endobj -1199 0 obj<>/XObject<<>>>>>>endobj -1200 0 obj<>stream -x•X]oÛ6}ϯ¸ÈS$Nœ¤IÚ·4]>$ËfÛÛ@K”­†U’Šçýú{IÚ²œ¢Š ŽLÞÏsÏ=Ê÷£)]àß”n/éꆊæèbrA—7W“kº¾»åÏøqšª£ó£óÏïizMó -Wnîð¡$¿¸ yqò¤M3í^ëÿ¯ëP¬~™ÕkšN㕳Ë[\9™¯4½qú”¬£§Ùì”jOŠ*­BÇa¥?éœöºÅÇ–ÕnèëÓ—¿ÈvÚ©P·Kòtã'ô%2Æ®={¿ ³éÕ䒽Ƹ^Y×àŽmÉ÷ÅŠ”§•õ¡Eøþ¦kƒûµòA´%õ^»½KÁÒB£"ÞšW]RålCe]UÚ!º±OÛ»B#¨ÏHMÿ£šÎèSäæL+c[ÓX[÷‚gT£6ÙzJjϽøƒíjDh+ªŒ»­jƒï|°"Ï€‚[(CòTjB÷ÔêÀžqh@U;:”´ „”S¾oD4JYâ8Cº¨""h©°­ï ÌÒÓ—•*¨ÊLèÇa•ñLѧ§'úŠð¡Ü¦‘ÇAG'é«ËÀ7#m6#Õu¦.b};g—N5 ƒ¦nƒv•`#dh]·‹šãµ;¼¯MÅ0AÕ¥Ÿ\õˆ¦GBkÎ8V= ZK‚3©ÉÒÙ¾6þL>ñ­G¡õmX±xƒGí"¨ºÍ(TlªòéižëÖ{öþ8ûãùœš}­K$ ¬I©¢°=FL·}#seÛ\Ѧ¨.T»µÂ#¬¥Ãq¢bÞŒKï7ªX! r}Û"ÚQŽ¹% #¯¥S‡Æ@ -@ÕœJ‹n©3=ûÚPp=h¡ÌÏÑÄ°²ýrÅ!mh™MƒÁ­3{LMzW«ÉÚ¶ÁÙ8ZSPó_9ÿ jò;9ס8o½bœ`ªx ³ã €ÀI5"¶Q/LF@Ó÷^c,ƒ•¨´øÖXûÒwRëÊ-ᇌ§ÿd£Ü—õªO‚3‹• T ¸˜ææÓ`Ãæ¥Puy*†õIpÇBÊã}#(Z"âp3xHñ)MŒ´Ê2YõÝ„æ<'\ÅzŒ Ùwº`~Œ¡×Ì» èY@XS¶ -s §á S2­°j)Ó‰š­yóXWj‡­RIð1öäXª3jEí?ľ¾l½ÄFñò‡HÂyì£û*s—P&Oή›ëÚ0ΘšUˆ“[ö†ÇÍÄmí œã¨û[ˆâ9»•|‚îð®Ä݆΢Á}Cƒ%Êæ²ÉÔÔC£Üƒ°Ë ú6fƒ×˜zfRxň~ªØúÌæHþÓÂ>èÛ‚×%Z\ƒ3ãŽËF@q|4X[œZÂä„~kº»'<­Û}ÎÏ·?ðα1‡ˆà]Æ®ðÛ`\3cæ> -R…¶Ë&ñ/Ï4vÛ†´ò #ì}ÞryÀò -ÓËË úklpÀA€Üj]2³â Kfcä]ÆIàH{ØÉ·˜ƒñ±¥..ZV–tœLÇ°ã¹ ÆP£Rqݪ ÁìØÖoLb`È +˜e‹0Ê–Ï#¥H£†Šöìjeóé—KµÀ`Ý÷l6díð(ã&{b7D<³¢kv ÛÜxK/­]£Zžžï“ÖMÚ”Û¯>8lcm«}ïˆT>`]ýoT6A«Ö»ó±¬·ì$³Du´õ¾æÜ ¡Éj³Ó¯c—†@ ‘\o%o–„ƒˆCi·•zåDàÊéÂ6„)ƒ?<>‘(R©zUõ๗[—ÚP§Ó娳wq|öJr(¼Eûª5›m5^xìz”'‹V‹¨¹¬}‘·Œ¦­¾NÜ%¯P&™Lˆ,ÒÓ:xcRKY¬Û0Ï([áÉã_ ”ƒE_YdÆBC%Ý‘œö³ÔÓUi¼°Ë ŸF"‡t1v9Ȇ×ó_OðWã%ÝyNbìSÔQ“ÞÜs[t̲T0V¬T»(Ö@ 4%ãxÂ`>Æb#]#×½"`l€êà¤w¬G‘J˜w‚Ô:ë¼äÊú[± Ìm%e\‰è|tf±.ØØXYvª™”¼Ì„2سYr1D˜–×#ò1@V¥¨Û>e1ŠÊ4 -ïÐ\ÜÁ‹Õ-,¾NSò0–‰¼:D*ò•K=ÈŸ‘Xj¼¦abYŠB’ Ö¼È >‘Öð~ŒÐ«Å‹îùj¬Ü]’fÓü}ãîŠnnïøeqvÿøñH²ß¸·Ÿl— $ùÞY>~v{ñžÏ?½ýëÛëÉíÍþB‚3ïÞóÕ_çG¿ýæGÊ£endstream -endobj -1201 0 obj<>/XObject<<>>>>/Annots 610 0 R>>endobj -1202 0 obj<>stream -xuW]SÛ8}çWÜ7è 1ùjžviYZv·¥ é°ÙQl%Ø’+É ù÷{®dcètÚ¡Xº_çÜs¯~hˆ?#ši2£´<&CšMfÉŒ¦‹9~㯕´¦ïÏ“é[&ãQ²xãŒ'ÃæŸÛOG£ñûäœÆ³s˜/izFºæU‰¶JP›ÝIyp—™´.QËXI®`iì«òH/Tá’÷9¦ÀÁd¡~ßqŸ¬©+º¾¤ Dáy™,23ê'÷@pÖ|^7á" H­ ™Ôd`83³sôuÉð(Ï`²]¤ -* r  v¶À c^¬®þ8¹½¾üñ.ò©WDØr…Úä¾ØS¦Ökiqaûþõú_Úå*Í)(-Y¡7’Ìš­¤m(Jîb½—ûŠÝ0(e¼Þw®ðw¸òw ]{N´êØуYq\`í )‡8UvˆŠ†À)'âêöÜ66Ù<¬­Õ¦¶H%Å/6¨¦JÀRe*xq7"û¯5ȵ§Ô+¿¡šÈÁy0«‹(›Gaöý:˜Çðu¦Ø"\&(‡·VÖ0UÊÓ˜B/Ùgšði-Ÿ|Ìɬ­)ƒ-ÓCRÀª²&•UU¡bïucic¼A‰£çžÏ¶À;ÁÉØXÂ3ÿï%ÕMûÀ»¦ÜoàGì:n›Yì5Žõ¨ ï"XÀyDC™3ªP[å¢À¤Èz×¾æjÛÜâ@¾C¨äÒ\Â2# "6{ wòg-5üDÑ WJe´Ú³’e¦¯Ú¤Ñý°%ôý¥*jоŒ -m¥¯­†;˜ôíòcègÄÕrPÓr§|ŽS½pz´…ãº<›å,`8 -gÿ2»S"ÍC#úìP{Ù‘ÜBG=U -І -÷Òáˆ,´èt7—DèùMM •Ã9±,!Üý=¸ ìF{㬘¤Á=À“æ!¾@ƒ¾Û˜P/ëL¹T`çA4Ð@ÌM´qøðÙe¨BÊ }1Š]a,c°ò^5˜L£T\#CˆOdûøØøM¼Ö®1a0ceÃhþÂèaÒaÖüirMK‹6‘=`9á~wZT`)ÀNPÔ ÌЭ -kWêóÍýò¦l$凗µì 5÷x4“.µj…˱À éÇ®°ã9.gbk­Yñp¬éèC”o|í,ˆØxÌôA³îMméo¥ë'Z™'œ -æxÛC—q@–ü …ÿp…šÿ4v;â EDJ¡«_¹3…°\€J¦ yú]Ýß±¹3~h.Ðc¼ÖB¥ÿä_‚wÒÆÑ.´W5ú™çÄV9TýyR´û2ÁTB'[™ ¡a÷í0ï™Výmïš7Tè(ãù2Ž@"¦PØáû°2+ÂÍÂ.aUîÂÜC0•{º•Ùg¬ïs<2¢ø÷³mª¥°+,ãèág:¾Í ~:´Üá½¢Õ±Ë Ï‘6h,¦¨¨†r÷IîŒÿ -2ÌŽ­ÜÔ@ûlt=…öc—„„¡g4øŒ­"å+ì‰Xó$0à‹‘Qí¥6½gRz„Åp%±«íðÀpB è8Öh²fªô8ŒŽ'&bÀ¢¹fÂÇ·B`º€jåPjˆn¬jó´— ß(K0–tZi––(\‹µÁó¿°pf’`äÇë: ž¸í;bÖ¼®ð^=,7÷ùž\nj,%×lÍã-ø[äXÚÌ“¿vÁ²ãÙ¼éŸEóu„·èâ|B³Ù"j`,í7kP ºì>wØî`4Ãëx1¡Á|xÎ6Ãèe…ùôöSf:Ÿ&óÙ"0²?–Gÿý¯Ôýendstream -endobj -1203 0 obj<>/XObject<<>>>>/Annots 613 0 R>>endobj -1204 0 obj<>stream -x¥X]oÛH|÷¯èÃ=¬H”(Ù’Œ{88Ùø6{òâ—!9gMr´3¤µú÷[ÝCÒ4“Üa±b[æ|tWUW7ýûEL ü‹i³¤ÕšÒòb-èj³ˆÖt¹Ýàç%þ;M{~€¥ý—Ïÿ¹Ø\G1].VÑ’JŠñýºýTЗ‹ág<½¼Š6çƒÏxº^GÛáÓÁg<½^D«ÁSŽpµˆñõÛqÔ*ºüöÁv‹Ð»/îÀyÐrÅáK’ë ¢“,ßîƉbõüö’â˜v{Æh½ÝÐ.$´K'»ÜxREaOžê\Ó—›»·7¤²ÒTÆ×NÕÖQmqzq&[ÉÕ`aU›TÕ¿*uš+,.}·àÓnþÕTËov¿],h3Ä»lòðó;Úóq¸ft†ÝSfKeø´2ÑÎGÔBÇgª,¶:hG•Ö‡”«gM^‚Ô|Õlp—JSÛTuRH '=kñâùíºe°ëknÉç¶)2J4rV™©ˆe6mJdýï°¹C”ï\®Áò(¹ÿº»'Þ ½9T•Sög_ëò5¬ÈñÞζ!îLy,4_À7†h­¢½)$¹A”! RUF'ãsÆâq²WÆ"­¼)ÎoÈTµ>02¤ÿ‘|êѽ³%_±Ž3#Ά¸M}†œöG´ËUM^™lJH•ÌÕ§áéÃÍ®?jWOÉ[ɵTgä„ÐÕè¦D×5ØÅ.Î?°11“ÀF͵×T+ÿä[Ó–ÃÙ&ÚÆ´^3 Ëõ†Kר\Öýl¹âkš]oSŸõïq·Í'ÓÉ2i©‘)$W&ŠR[íÍ¡ª¬{fˆ õŽÃ´q ‚†Æð()mBooÞ}¤;úïÃ?^ß;iµð"•‚åw„ZðŒê4ìî$<¡D¥OÔ™Á6÷e Íd®ët~Te”7eÀ EŸ9³‘ûD%µVýTÃ($**U†¦ÄÚš2㟾‰çîæãûQì÷ŸÞÓ§û¯£+õs§=ÃQ×5AÐßÁÜSªàê ESà ëåc±;aJØ)(þ‰õ]ª47•:ýÉÓ)ÃÊžTUó¾j‘ôYTS8 ÷Êa|<‹ûØŸ¨´ dí´¢Z.n™@ƒ÷ý†‰ÎD}#¸p!c`9˜Jäk.füêL'͆Q‘ öqÐ5í]#n ¿éá“Bæ<6,k’þ5{|Ó^õb\š -œîk‚=z7 9”þã¤ûÕ2Â?R°Ô=ۆa_y|3EÅŸPZ4p=6­¦J¹FðáT ê=£LéÒVR3{(Pîìµ{ Øæ, \Ò dp`¦ F,â¬a'L,¥…EAÔm¨¥qŽ½Ö'ö&S’Fá>0Â7³§ª°Ã£“àÀTCo™îbìñ q‡¤ŸC -‰ÙQ‰)LÝùôÛ†âs $ ¶ ?eÜNº(øûÑr­‰–ŠS2ú’IµxÑ›£³Ï&¥É9ä0i%8{}œ‹æpÉŽš*4Ùàn4ƒâ`a{]Ã#p,,™/¯äØ0}¹|€ \ha~§;FYó|¾pѵÍà—51«(§¶ˆ “8å *È•öý»CŸŒèôÁ›xágýÂíE:¨G§ÛDñ´çWU©fŠ—ZU~\t0‘Ù"Ú\ΖKNôeš„kÂjŠ©ÀQ̘†\Ç}S°:U6ƺy’]¦Ÿuaܸ¡Óô Rõ\šáª¾ò9Yú£PÂú®_A«¸*—† .äû¦~û§4¬·šŵr¼¡M…ÉN Ž3ègB,=„n÷{–´¤D…ÐU)ˆj*)ß–'‘(F'úØnç(RÅa!®«ÎìÈ—IÛqzŸkÛÄËšê;k¸jÆgu&ò:÷ g‡²á¦€‘·; ß²;KÃd¥C¹È¹3zé ¾f¼w”¯-³„i•)—IÁµ,óÈ‘u¢ÄN¹IsòÍ£Š„Óõá^ã>Ü£‚Úõá`XˆIàÌ•…ÐÕT[}bíHRL‚e¦Nlö£`î‚Bú7Ó¾áG°&>* údãݳîèž“nå ¶9ï)•ì ¼5!5Ï8áöˆðRÀ­€’ÆìGâæ(– @t³6·P*]=0~Cy)-Ç–7…"èìì0ÅÄ…7 æì?Ræ°—)•ç–ç‘HÚ©>G| Œ|Œ%þ}çôGÈóêÿeôùᎭE¼§…`~ ÇÙ‚m`ã];¥†y¤ËT0~Í*ïé_]¸ó §[ÖGئÝ~ @ã?:PwFY8ey ~¡¹Œç+4^ãÄøæºÑG‰éŒù€ùÁWÁà½W?3}Ô•¼k5GÎ)×àNÞxc_‹¸÷ÙØƳ›‰„˜á/2šCWÒ`DóÛ]óÜ]-‘åU´ÅwLõë? -qX²Zµ?C÷´ŒAÇ‹œ0“糯ßÿo¿øIŠÆ×BÃ_8Áuãn”bʸúTþÂ1Ѽ£RÓlÆã ¾HåýÔþÎÞN¶áŒm«Ùx…? \áµm»ŒÖ«ãœàÁÙßðb‚q+¼s‹yï,ÆŸ:ÛÍ6 ГMÆ/r—›Ëh³Æ_Køá:æ=ïw¿^ü «~Yendstream -endobj -1205 0 obj<>/XObject<<>>>>/Annots 628 0 R>>endobj -1206 0 obj<>stream -xW]oÛ6}ϯ¸@QÔEcÉ’¿‹m@º.CÚn‹÷´ %Q6IôD)®ýøK‰²ìØk;±MóòÜïs©¿¯á/ yHãÅùÕÈÑl6Æûd1Ç{ˆÿRRŠÅ‚o勧s/hEÇSoìdG€õÜ[+NglÖIYùß~¾ -Çà˹·¤œÂeàMÚUFw̯18˜,œႆ3o -  ya»b fs4±Zàê‚»èöcàäd·ì÷ngxs‹8õfdÝÖtdñ‚qƒì¢Û -—/&Ðe¼õfÅ!?‰– »Z¥ÈÍl1§Ub£9¢UŒª¡³ln-¼DžZ} -n™‘³ ¨+ƒâ0§²=g CS gè6K˜åÕú4±ˆÁÛ¬¦Ÿ+çV;²*•K®¬¼d*™ãÊ¡Ø@©Q]1!þ©ÀNI÷G\…‰.^0ѵìoOÜ¿lg"vù\.ŠšÍîòåFx7MÎ6¶o0}ç - éZ—rÛOß!Ê=¶7¦[sZtÇÝyñ(Tf‡-¢ê*Úö†Œ7ÚP$â„â"ðÿk±É£3-س÷N>ÊRd´¥È%â‹:Ço‡jËÊÅVkG†«Rg6›‘܈G¥KÐvãÔ'¯GÝM¡9Ñ—îãTžÆiµ‘˜lb"M\ªÈV"åÚþR!ˆn”¸ Þ( -Ô|\ãÞó”.é²$°†mèñM®•¶×UÄYœÎVGdmøþXg:ÙŸddÌ…®Ïs‡wjûñçy?œÛxpÎa…À Y¡™»„ ¶@^QQÕ†^¼zqÝðÙÛïoÞ}xå¶0œب ƒÔöÆ3 ïéKû¢–Ùž±"ªU‚&e¶Fxq„öKŠâhb6ž} §ŒÏŠ,ÂÐÿ/•ë¯Pi™ò¢N |ƒÎflÉ7p„š/หtæ³o‡qvQ%·™±ìí^Ú¯½yà0­ìÁƒžð¹,¬ÕãámC Ê(%ÚÛl$¸ü~  0¸kî”ûwOh_°Ì -Y‘ˆùÖxÿ’cÒO(y›qqm𑨮 |^û°¶¨üçoýç¿óAÿÏmö '/¼Ù4 ÙŸK~f4O1¿”úšÞöŸfl¦ƒžpcÎGh\ö¥áyK ÖbmècmGÇd>ñæ3<û²ÈÌÞ\~Z]ýzõ/•óa{endstream -endobj -1207 0 obj<>/XObject<<>>>>/Annots 631 0 R>>endobj -1208 0 obj<>stream -x­V]oã6|÷¯Ø^ââ,Y’mÉ P¹|Rà.×F‡C)‰¶™H¢JRv ôÇw—”GqRZ$“\îÎÌÎòÏQþ„D0‹!¯F¿\Âӵƈ—sóe‚ŸÃ™Ÿ€â°Â½ž~üóûÇQ´ôç¸9öc¨ æö(ýWÂÝp{:Y`<:Âý}dX`°ÅË…cé…‹à1Fœ¤…tÁã¨_øÉezÀ)¤+ fV‘ø‹x iaK ÍdžWMÉ ½áeùSz?ÃÏ0ÍD=͘ÞÐÓëSCŠãu¼èÔL‹ñ¯RÔ`6îÎ?}8ÍÕ–+0Ò~÷åò -Y1Q»8ó.N€‘b„Ï_Õ†öc€•,K¹õrYU¬.(JÅøËð÷ý¥OL`·á´»(ê._Þ~:¿ùüüö1mc֬ⴄé "JG®`/[ßD]Èî²Êfù¼¨D-´QÌHuäÖŸmLN†i`O§Ä–C£ÄV”|Í58é8ð|ujY8@OIi~t«‹¾d˜¶ZMK™³rªY•1KfÍ ¨& §ó¾ÂU\“"=’ ¢¸nd­‘GqÏ•Þȶ, ãgðŽ4Á‘><å -bw”•wßÉ ñ4€ËÅâµÃ¬W.CŒß¦ ´Íõ†R/ -(¯dm‰6\æ‡ë1ÍnymZV–û ©v¢,aÇjc+ ±Ú;é*M×ám:W¢±;Xk°'Œ@‚Ê=ò¾•ÆÉ ŠC}»N“¬‚Ãj@½vG×L k)ux#µY鈢Š$.Ý·øxé®Â]ʬ{%”6>¤Òå‹ð ow@Ù9×@ ^í\T:IóÌAøŸ„Ûƒò*7'°rÇöX3S¬–¢°4–‚`í,D·è VŽgHq‹¿jëMÇ÷¿³Ë ãð7¬oz<‹W³L7xå Y°¥Š6çÄLƒä¸„qßÄj˜¬Ë²#¥7ÏY-à‚3ûû,‹ƒöý,wX¬3Z*Hä0jO­Ñ´¬8Š7‘6©2R aF†R«¨Ñ9þZ±íV¼ömÄ:[á9úgÆò`‰y5Èê[gØ/rõáëæ1œs|7¶XªêqÞt ö# w¸GñÚÚçE ‰“mäâêöý ÷DÐC|iôëY«ŠnªV>¶ˆñÁ‰{ã1+¢Áþ•™õ±©¾¡>D{ÿŠ,=Óë“Núi}›m…l5× Î#œ@ä•TûÞ©O°®Û?ø ÷8L{ÓÐœíøØ;ybé@~ Eæ¬Æ¬šp&ák}‡H4ø×J¢Qjp¥de¡èþ…ƒQºWÏ,BÃÇGN1>:w×®Êî©äÙSÏX¼´/7*õκuÂÿeËøë²BèBL¯—Ý8ã…/Bˆ“Ä?­òœáQòžç.eÞVèŶi);/Ä÷b°œ—(Ýbœ¢Ôe´ z­á¶µ:š's?ÁÇ (žÑÉ«tôÛè(#Eendstream -endobj -1209 0 obj<>/XObject<<>>>>>>endobj -1210 0 obj<>stream -x½WmoÛ6þž_qÈŒÆÅbÉ’ß CÇ]±æe±aXö–èˆD:$×X÷ßwGJ‰ãØ]°·0,ñx¼{îyŽç»½ÚøÁ †N’b¯ ‡ðø¡oð¡ ýnDÐð{¯Œ@s˜£mw?|T¶ÝA÷Á6FûÊt›Û(¡i/ŽƒÄÑpÍ/à»6tG=\é ‚ž÷r<Ýrf8iæsˆ‚n'†>ÙëašºÐÚ0Mš'§ߎUÁ„„%­Vyεy=ý´×†V„Ù¢µ3:áÚÂe9˅ɶ[\%/¥…Û<œJËõB ÃwÛ¼Óª\À¥ÊE²‚Í™U.–²:1œt!Š(£–O©\jä4CàK™X¡$ÜpË¥=€„Ij 3¥á)X¸¥s˜5 æ0S6ƒ\%,&S¸Ÿ½6î醢2Lõ -lÆkt:ALèÌ3µòU¸û ö>T2î]2ÕJÙoüj¯ZmR<*,˜1ËÔ/ÖY®mýE•`2Uæ©K€¹Ð1f1lukðù–ÃJ•žß ¹MÂmÞ›Þ‡Á˜¹ì õtðé/â‚9 ’/É3ñ¢Ê¼©9„÷™©‚C*4O°d‚{àR>gen1pžç&¨¶×hPÅ Ãm6sèa©°L©’XH,»GêjtŸf·†Ð×Àu¾üÎÑZY†¾,ñ™r!… R0–i‹44‰ ë¨NF^It^×ïú dùÙû|R/*4¦æWËŒ ™ ™nT¸ )ã2Vrž¢§;ðx6G½P\›žL1{æi·i&·˜ùð8Øzt)%⎴VÀäî‚´MÅxPoUgËÌí!qËEIA*sO— ´HLŽ…fe,/Ð{ÆWî>/XObject<<>>>>>>endobj -1212 0 obj<>stream -x­VkoÛ6ýî_qj3D’%¿[C'@Ñ¥Ýfcûw¨,Ñ6ItD*^°õ¿÷’’?¢6fÃ2HÞǹs©ûš‹6}] &¹ÀE†„±J !_ñgG=ð%#ïn½hã£C“£´5®B®tMÈTÄòNÌ–íÕÓ’)¾â"Á¬µöÕJža#Ò»e*²õVBªz1ÓÚ„ª1¹¹$†*÷Ýô4¤šŒaIÌfÇ:O§ºå))ÙDÄE!_&{]/¡ï9"ú ò¹¾ÔÈ"{ÀâÄØg±0ƒ‡Ê[Άª|•ƒï8Uoߤƒ:D¬„,— ®¸à·Çº8Ú¨s=,¿ÛïÙýž‹þ``G=Ö&7—ø5_X 0A3š‘ºŸ´®åöé%jH7ã Ms1lM™4¯$S=<%>ffàt]{@ïBô¶ú=­y5­ýVû€ÖŸÈendstream -endobj -1213 0 obj<>/XObject<<>>>>>>endobj -1214 0 obj<>stream -x¥WÛnÛF}÷W Ò¹°HIÖÍ ‚"ij4@ƒ¤±Š¢€bE®¤H.³KZÚþ{Ïì.%Š܇:€#“s=s梯WCàßf#ºR’_ ¢ùœŽ¿Ì h:¼‹&4žÏðy6ÇG#iÙ´¿²ƒè.ÈŽ ߈Òd<‰n/½¸L¢Ùù‹KŒFã£q+çÑ(ÞÂÞÁït|ˆçøâíâBøñý€îh±¢a4¾ÑùN¦sZ¤.Ë-’mU–•F'´SÅRiz½ør5 þ°A–E^½ -ÏFÃhÊϾ¼>—’ÉFӋ߬XË—Ë*‰U¡ª(­È—"²ÒuífƒÇietÎÉw+rˆþT³´çÝ„Ø{ÎkÏ“ŽížèRy¦qÜ¡Ž¼²à©aû-P™²V&µQÕ>ÆFôÍ¿§Ï2ý}f÷ e~ãºÃ ¸]œ©eÜØy&C~Й0 -ýÃfà¾Pc¤ †ç,7$Z¤M\[óœß0—([5ºXí¤$®o˜.Ï:µ§ ^Ã:i9ùEõ·øÞHùöá]ß–2Q+•ðô;§h9<;ç:6µóT3°!Õ"⑈Ž‚|­Ñh)æŸ4TXŒÉMÒ ËמB}¶À>˜á&I¢kÌåÿoô¸Ïw:ƒy:ŠÀ>Pû=³ eñM#²ÌíÉkGl³x)Ý•À ‹€Ü>d.Úä"kò Ë5Әτ ÂØ Vc`>ö°Naöçnx[i-¶Ìã5šBf…¬Ð»PCð¾\Ue$*c&ÅÂF…ßïnÒ†p¬;4àŸ*¹ØcT¬ñfyF¸ °åŒg.4_^ßâIÏ÷ˆË¡!L{ëxy^ƒþíáz¼Žš‘2‹†Œ±í€åP”;j|â°3uRး9¬ÈD 6œÔ…T2øþÏDbq'8Fú4›†®ñš â]ÝGIºú<÷—û'”ë5ˆrª|Î×*Hœ\Ý­V<˜Ú{ Ÿãþ=¸Ö¢Æ·v7Ÿ:¥4ÙÞßUn‹ MÛ+±ÆA4w‹ášW¸‹j\Í’eÎðYÄE #Jjº5ŸH{xÃ=€F­Àt•8é` ÅÅÎaì°Å±vÊLTî„´–…4­Àin#œ$Þ½uN áßÉæ·ø®‚ ‚Š¤½‡7Þ¾¡OFá[øNê¹ɺýF¥?8ù.|¾$q´kKkw(gãh†/?øÖ“ö¦SÖüiqõëÕ¿‰;‚endstream -endobj -1215 0 obj<>/XObject<<>>>>>>endobj -1216 0 obj<>stream -xµXÛnÛF}÷W â>È€E‘º«€:m øÁh륀cE®¤I®²»´Ã~}Ï,©‹)ß*;2 XÖî\Îœ™9Ì÷£ˆBüD4êRoHqvã1mßÌB zÁ€ã(ÑhŒ_¤9ΆÔ{ADýñ¿GQL6_ÁpÖoµ™^—ïV‡»¸P[yÊc—¿¯O†“µÙÏSvڰܹèÃ5MçÈd8Ñ4ñžCšÆ­ÂJcš.¥•‹œf’¤°*-ÉJG…Uù‚ÜRÒÉôÛQç‚s`C-›Í‚XçóêÏkû-Z¤z&R’¹3eõÝ`}…œÌV©p’–:“‰2»©Ý}ÄØBLM¯éâÎJdAÒ™»Uã>ÍUºÉ!^Š|!ršDšêzPùLå á‰8–Ö’ÊIP&ò\²*S©0|ž³µ"›‰:ž¨t96ÐUy@PÂÒND©Öw”ª; _ÊþZåÒ„‘‚~¯ Áÿ­(Ü’ª—‘ß e¿:©šu¬Œ £\ɠܦÊ:¤Õ¤öeÌ­W±BYŸô\ƒXý¼‰W‚·NÄw0€xͽŠå™--rhsú‡]Ê4µO„Ǻð¹ÐÁ™mM|\f´T:çò¾Óè¶çÛkF<³^m¬T/T^QrÛÖOµV.…Á˜¨ÛEÒƒ(ºt”£Û˜áö'PÜó]:W>QÓmŸ\Ó7›(rõƒÉŠ&º+cÝíJX{8OùsíKùR[êŒÔÖÄ;‰Š­èç Cø  ·3úq-µéŽQ½rèX¬<~íÏdìH«±7ªÉøRW^æ~` [yJ—$’„÷×RV½¸]£~!ìnßéãq¼uÚBGæÒ¶ÑLεŸYá° ÁägÜqÒõþÛÔ„wM³wˆ™¾—Ø@§¼Me«l´v˜ .–ð=V-öl.*~‡¹±…ß¼‹mÊÛl×-VÇ´Ÿûó¹"ã@bîª0š¿Œgµ€62*!='è]²JJt1K}µv@[­œ% Mk~[¯t:“jããôZò\kheÛv%c……K,±Ô¢0‚IV…¹ÊþÚZ'm„_ª2±&Ä\-;áè¨Äêî–ÂQVÒ:D•*`!ˆRaÍ4ÔGªcÔ°oð?`½2›œLQÉ`ŠŠÎ5Ë-ÆC@½r+·8Äž.!¸ü£ ¯6ãÂ:©«“¬ì|~ÝÀî -õ)uá•â¨53È{Ê Fž¶€;”Ã-5+Y/ÿ˜æ±@J,õ8pÍ:ßa '$!¢O¥YÙ UŠèñ^kdª²•ÆnF=®àr]ÄçdÛñÚ@=ÜŽ$ÔÓ§ßnZÇ7'›T Š/êóð˜L:ᤠéúêòSóvó3ý®W¥Q‹¥£›V|sBÑd2lãmrJ×ENW*6ºJÈbšä±—1\ÇCçÈþ+[°ôêßÜËdïОÛ/çWû¤Ü5»wãK™«Øs˜õ¶XH.]ód㳀ŻÍìÁŒ-¬ÙoûÇ-»ÐÛÍüry}îut=Bð؆‡˜õî…ÿûL'J¤·œ«ö›2u.{ àÿ!òv3D šÊÙmàR=²øb©6ŸÃ¸a¹ Aâ*  s1®E£á "< GÁd蟲®Ï¯>ŸÓ£¿ÉØaÆSt3vÛÑðãµG!Óðp*­ã!7]âÝÒ_…§sÔFCüÿŽ8™?§Gý¹„_endstream -endobj -1217 0 obj<>/XObject<<>>>>>>endobj -1218 0 obj<>stream -xµWkoÛ6ýî_q C -Ô²e;²²oîºÁš ›½Ç‡-Ñ;ITùˆëßCJrRÅËp‘@‰-òÜsÏ}ðòË ¤1~BšOhQRÆAÓÃCeø0¦I4 BšÅsü?›Î‚sRœ6X<Æöý£]ÆqpÖ.ž`ƒ_úa5]ŒéœV -ƒÙtBÐ΢˜V©‡Ó*9MM!3Q³&Ǿ/V(žÑÈj5*Äz¤yb•0»ÑO—ËŨfå­Ä×@KÐ3jw·J›»šiýnõy0¦a_`âô¤÷Yé¸ôK*—Úè;ÇÍì!J“sÕ!j»ÙˆDðÊàîhoEµU - ç`~¨'´HiA±dËx ¶=2}Õšè@µvã#7½šOãô¬¯}8ﮆ{°gîdÁu÷烠MýǹÔÃìë°ÏÓãèЇ;ŠA¬Ã>ç£Cî(:=²'´äZ Y½¾”:ZºÝø¨Ô–¦'tƒN¸•*}=¯“Ž˜k¢~k¯ÈßXãOàzŽ>…{¹SÓ©öýAñ¬*‘´u-•¡Tô;Wk®¤¦¿ÏüI)f\ oOm•ÈÒ5M2’¬æûÕ·ï^2¢s²vx¬@ÔŸáÿŸZŸ½æ˜k»Ÿ×å¸È]?i{ó°Ð¦Ê@îsoÛÕ^ ×ßiÇöˆX]Vƒ×¾|ßv`ˆ]Ì( ÝÜ6l·ádî8LU—Ä --‰¥)Æ4ÖÛL…¨8±ÁX„ÙˆFžæ ª&㆔HInˆU•Ü‰*£TÚuÁ©V²¬veØ)? &n”ë<ÓAûb3÷âZn14jÃP½;i-Y¹fô³ãE‰¬*žgÁäJÚ,oÖ°º.ºš69ó;ÝâȬ;%0:ò˜c÷­·9º8§pî$Á„‰qØ[ÿ$Ja|oð³çƒlXÅ"ÇðŸf꣜iÈUÙÝÅ9_<ìuüÆœ«\oQ¼àLƒÈ=Wþ„ñ$·œrYs×y$^ q·qc H÷ôjô/î{LùÃN¯ŽØ[+v$+<Ø=sap]ÐùÿITö+Á¤‚‹ÐPï´áå{Äßä^L×3µçãçàýÊ™f¼Ç­ áÊ0áìÕ§'Ìt{Ú&9¾jñÖ Üë÷¿ÛóóúÊ­Cx!¢£‰Ø#§z6÷\ZÖŽ¥n»¼ÛtÍ Þ’«{‘àïV˜gUJ7…Í2¯Â3ÿ£Þ%S‹ñ³g¦u- UEñ»æˆ‹«”Î[87ùëå²Á_\Qöddô×õ忈v•JÕ¤øè"é*pÄ!MÏ›lºDsr$rÍ¿žMšKÏ -ΕHppÐN!<•[XÑŸ—}´¼1‘z¾•tW5[d·¬¼Da. FÊkPŒ¯‡žë˜0Èðd› ˆg+g9‹SQa‹¢ W7QלW´ÞíÛ]:«;¨E©p·&[øUA=¤¶ kãã÷"„m7x$BܪNã >ŸRÍ‚qä‹s¹¸ú° %?£ÐG™XwpûjuàÃ0ÂÕ6žÒp>Æ5=íól> 渫⒚žF±ÛòÛjðÇà_´Ð¼endstream -endobj -1219 0 obj<>/XObject<<>>>>>>endobj -1220 0 obj<>stream -xeSÁr›0¼û+ö˜Î|tÒf¦gÜ–N{èE‘Vz®$âúïûö¤ãŽí±@Oo÷í®~/rdüÉQ-q[B‹,ÍP«´FQW¼^òÏi´ÓÆ]Q§ËËûfqóX ÏÑ´±IYWh¸Q–¡‘WƒØïí<¨…3 -ðýéóOðò´Ó"ìÄô’lÆò ~g<ŒmÉ "²àGIÎû ÈAiµJ?4/‹$C’ß2ÁF]=ŒÎiúãÔø`ì³± -Ûõ©‘aiKA¼jaVBJmÀž¼7Ï\s ÷êà -øxO“fÐî4y9z';âYóW[xÀ3àS ƒÇSƒÑkç'Ò7ò$]R¥uŽó¿–e…só¸BΊ¶H–uš¯UZN3’•ýèt®;{ÀÄ–§’†U=ï>èášù9»Ý$ óˆ¶DñŸÄ ñM»7#ùÿ`‚Ü]cÛ]'¢ë‘‹l0r–c3©è¯Áº\ˆÁv;Ú;#‚ÆÆHGžÚ€¯ÛHÑ÷;ñ¦Á+:°‰#ëEàoFiVJ ½öÑô ;7C1¿÷6ï^ *85³°`—IJyèQviìC ‘@ç4»ä´'×pA¨£Çf24³”äÃÛÑNÌ}9ð”æ˜6ÖêSs²¶>Y›—|•ê[äw|#ÔÕ·õæ~­£->’–vš6N•œË“*[ýotQiUÖ|m¹U¹Š'>5‹/‹¿ê?0“endstream -endobj -1221 0 obj<>/XObject<<>>>>/Annots 640 0 R>>endobj -1222 0 obj<>stream -x¥WÛnÛ8}÷W ú² P+¶|ß·\Úm°mš6îv,hŠ¶ØJ¢–”âúï÷ )Ù²ÛÛAlK"93gÎœýÛÒCšÅ4š’Ì{ƒh€;û÷ôæÃ(¦ÉtÍ)§ád„ïp•ÑC/ £áþi<Ÿv®s gÑ¢³Vh2™às<Ÿá3Æ¿U´îÅÓa4¡ñ`†Ol›Ny‰¿b“£é<Óh1ŽFx:ŽÇÑ´¹â§Ýk<O±*¬õO;×x:]ÀÝÃÓ«eïâå‚â-×@e:›Ó2ñ`àŽ<{e¶Tº6ÅZojxú ò•€Û1 G‚î­Î…ÝÑÉ….ΗŸzêÇcœq†=•5Y¦,ßf#ÃY0Ò±Kî­²êßZ;])z¯D¢‹MX<¦á°YÏ,_©µ;S“ÄѺ¨ ó{HT¥Ú‘LEY)ûœÊL §(Ÿ9ö»JEå÷ -\H“ã¬J¬2E[]¥| öi%œ–M$ÃQpt­3åÈ)û¤%~ÀœËWï"Q$””TáOä;"Éu¡|¡R8·56!UH»++m ->ÀÑ2U'V[œK-݉åàîpJB”ŠB`°Gè¬õäñlòx~ŒÞ(J±QÞË*UôâàCƒ™uÀîÕÛË·È42&ÙÉ(œuœ6ŸÙ+!?o¬©‹$,™6®Ä Å`ˆü/¢ÁÈ'ø²®Rcstg*õû©sKNYbd«¢"üœ™•.„ ŽÝˆ'Е( -Sà”göÝß\“÷øÇÆ'ƒxmºšuwˆ—ôòòݳˆ® RÝÚƒ50ÁÕ¥²N%@wµ 8˜BùÐûûpfÑ<„óÖǘWJ«å -±*0Ž+# €·’‘¥XéLWšÓlHÈ*”ÎG]$f h–4F±³’Ú€µDgýñ<¢LÜ= Ñà9m‘gÄT"5‰7ØêB*¸»ÖRÄ[‚øöc×~ßU»Là˜øª¦Ìl8èµ5ùÉ.Ï«ö x•™F2›j+-Qd¦®2]0à ª¢tT(T’cí€3'v»å" bssÑ­gÊa7 MÅ"'Ùg.à°ƒ‹•«¯MΡ L4^ÂnƳk€ÅÌÈÖ–Ö^0üé…aвÌlÁ”CM\¾4?ÜÝþýÏíÝÃòòõë(­òì;*tbzf½²ÀYV°Viü´¥˜íh¤‰•J±HFt RlÙ“€|§ Ñ^p#N^X B›ÀêN•,Bˆ‰!9 -ž\jê,ñò¡`µ¯^ôË~pA¼*Þz¡®ÿ>—PE.@nÐ-,¾¸¿¥ÅäOeWÊšP5¼}£YÍŒÝ};èï‰Á)µîCŸoš¡®õh¯ -Üv±@ Ì€*‡/ž~¢e ÷?ÌŽÎ÷òЛöš–:ɧmÐa/7ÙÊH“y„Û¶zp¥)©† MõòÎm¨RõD¯×8“ד»åø„-Ç›™Z)R°RªØ7tÓØFõpPÎä€Eç{±o©rÛm]ÊJt?òŠÌwø…™Ë#d-¦Ä' =Û#Òm¨†ýØÌ ì #éc>õIF^ßq¹×ôk€ï9• ™b0%ŒÙHb`©m>LР]3Q°È²€Ê‘8èÇ“# ˜¡OB?O¢*¡3LòµL™Ï¾y´rúüTŸ“ªdE„· 4¼VÀ¼U´ôj‡ù–ÓáŠ+•Ô˜¹üv€…Mæiµó'AéDÅSÅ¡‰@– …W‚0Ï`$ª 3ölu–'dñ“ FׄLÁyD[ã›9Û òóÎ+Õ$š&Ü}ìý®#l~<G³é>/XObject<<>>>>/Annots 687 0 R>>endobj -1224 0 obj<>stream -x•W[sÚV~÷¯Ø—NOHÂ’h&Óq.NüPÛyéÄy8HP¢[¤ƒ ýõýv„¸éÔ™€V{¿/ßÏ\šàŸK¡G~@q~6q&D3gJÓ(ij‡ÿµ¦%#@ºÿøôáÌŸùÎ%Þ$9M'3'l¡ŒΆ0°—¾ã±ØpêD¬áNð.'¿X, ftõŠm¢™ëÌZƒ§aMb²çué³9Á›¨XŽÅyãºN@—ìqSxÇú&±@‹XrN.|æ@1Ô#CO„‚Œô¸ÀCkÌT€çÍD¨U(ÀçÏX….ÊB=2˜ö -}zœïŠ!Á`ó¢H„Fl²@{/|ž=ΟZ>&ñØã\d‚œ2‰z\4>‰¶+@ f½>W€‡Ä°óV¦=ν´|œAW€7¹”€Š®{ܬ G@žã ÷B”"í1JF½™7*o|=#7¤ù-lÈ<‘™Ð<>[Ëtµ©ÓbEf­éAå EïÊ\¥iê2Ëtýbþõl|=…ñVÐ::Ÿƒg™Ö¡ÆèŠÀ×Z§h[ÖßøÉ -½÷–Ò†LI›"Ñ`QE":+U«\¼¢BǺiT½cIM¾pbØçÐ mÓ,c#&4r¹d¡º( )ct^Zë‘þQel7;2ºÖh4Ík½#…ç¼Ä‡Y+ð'úûFí(.Ÿ@—°bæï”S®Š#Å•Zi‡®Ë<Å“.R]Äúå‰Võ¤i¡uAYZ|ƒàmjÖB¤b³QY¯!ÑM\§•IËÂiU¡~¦ìãG6ASé*¯2M6‡’ŠóÎNûºËÐ9-aI"ÀOˆþo댓ˆð=y¨|C×çUV.Tö¥5A†^þ^ÑÕ¤15ºFðeXpÔ×ô¨#.´Y¤%òˆ„2öœ^·{$ZÏïï>ÜØÁåé U\/«ºÜTϳÞ^}º½¹:`Yõò¹·u‹ì­ËM–pÚÄSbKšk.+c„?W¨Øšu¹…[,õÐx‘é'-UÇnS¦X[Õz©k.+ª3z§%0ÊV÷‘ í:ö¬ŸŽÑ¸f·Ï=žç´âáe‹}-ðã‹S;’Nóñó³ÚPäõ®2p·RMƒT%(+n,tÞ÷MZë\Æ–Û©¶V@ÏÞ©mö¬ÖfSUemºôeåª,ž©»6Â=š3ö3¹[ -áa «êr™fºùýÔv Ëͺ3ú¿Ü>>vL€6Œ{Ö «ûX4ýÚкÌ5%ˆZ ý˜J(KKÔVnjXØ †l.xxm -΂2ÿjgR§Oûöû(m?d}a†¾0lÛû§ž4•ŽÓ% ¦•.t™`ÅÙ fÓŸeâåqXÌaHÔ:âÀ¼¸xw÷pq!áåIÎã÷3&‰Hþ‚^F™±©‡ý9ÔÛ9"ïœ8OøÅQ&^ –‹ˆcÛÂÁ lºA°z;N-–ÃxÓÔciàqÃ+tœ¥‹qç³dbA&TÙ®3ûtblÑ׋£‘28¢…QIžÊb_ã²ä~âoï%9o‚ƒ2?²êsWɲc}à)¶,:rŒÅ3.LËt$ëÄâ<¢+Ŭšo]&ÁdrDÕ7Èah ûƒdć²l³P¶VÁÜn}P1V -6g¹¤ªL #7Ά5vÚßX¯vá«Þèr¡2ÛmŒ_£n¿fÊÄE_êB-2ØÃ@.ŒD•f Rvßre'\Üió#«o:Û“æýíÛOÝÏoînµÉ3¹Æ×q»ëG8e]êΟG/Ûݵ®9ÑÌÇ™‡ë,¸ä•úpõÇ›+º¯Ë¯˜4¸ëâ iñŽu\N"ŸFáE”üŸ{…~ç0_貸÷ó³?Ïþ£öÁbendstream -endobj -1225 0 obj<>/XObject<<>>>>/Annots 692 0 R>>endobj -1226 0 obj<>stream -xWÛnÛF}÷W Ü‘‹ºÙ’Ü7ÛiÚq’&*úPÅŠ\YLÈ]ewiYýúžÙ‹.ŒœI“KÎåÌ™3Ã/'êãÏ€&C)¯OúYw¶?>ürr1fC÷ÇÙ”jº¸œfýxUÑG~ž.¯FÙgÃIv/øhﲦËËìjïÌ¿6ÁäÅtCü3’ÞÞàjòõÁÍì¤÷ê‚š-8ÖñtB³Â‡Ú§YÞ™-%Yi¥¡º±Žl³Ziã¨Ðµ(UúA+KB$èlö Æ·7ÖùKIçÏÿÉK‡ìRnæñé.bcÔfEç~8žD[éØŒ€hÇ4—äf ©Ö!Ú¹ÑkNR›¿,´¡?KUà6åU)•#§‘@.\x?¦)ÇÖ§­Ã—·½¯¤°h.` /²ÇGaJÝXz+ÝZ›ÏtÃ>Kõ€Pò¦†áJ­B^5…,h]º%^,-¥u¦œ7þ‘µÒ‰²²Ù1Œ†ãì☺Ãi6¸¢îå…P×–>Šz.Àƒ!b’–”v¤œ‚ \׫J"ù’ÿß…«ô`t³¢Z¬VœÍéI©¶è½…|Ý[‘ÿ¡Ê§tzßñ¹"]#EUmèKSÂ÷[2ì)ŸVS ˜Áä²+‘Ëû³sÚè†o5Uq|(u˵(jØ¡ÛzžåZ-h%Œ¨‘d¨©€uª‚4sÄå8ÃÓ—Î×lž’u›J’ÈsÝ(—ÊpEôÆ$íŽ.B n“;‘/K%if¸I®ã‹¾/~Ó¥b·žs6r'Æ>ìCÁ(w"=ü ×Ǿ¨Ep༃ZKœn¹¥p|¿±^Ñ€©Êy¼¹èùÉÜ}ÇœƒÑKÁøã-s†[Ø2Û•B—dôzÇ  Ø4z}sè ÿŸ•^Ã"xz ¦5\ƒLvšÒ\žÁüJX‹.*ÀO¼“<ÌWä!ž÷"R@œPE绿6P;ð«n'ÌÍ{NÒâ½Î¾ÕÊ]UÒd4ãÆôˆzC¥ÛÐü`“ éÊÈGÖ ÀÔ(U›ò_@œÝú±à+ÂÍëwIñÅÂ躅ç§H -N$ÙsåÀ\A1¥õT‰‡\—^ v,´Íöû‘xØÇŒ õõåo¹L jÏ "´µtõ´5Ph‹Œ~•*—ç¨HÒÎí3Œ•(¬%0*©–õWzÑò,RŠs™ dB%ϨF+m-çúLÉ᩹%Tv‰Â+ݪûöTË3$ •7ž$õ¼Þæóþå-ú]Ä#ÑdÛ‚àÄêĵJ |¬à›Œ®c_ÀÌ9-õš9[Ñ|Çü$Æ¡$HtRb˜üÄ&0–»»¸CFDOEŠÏ“ÏÏ4æ>ì0qèPwÜÞ@Ú½m4ºDÖ÷´·« {ÛMð½>žú׊ðD’¨Îý÷M҆ŚÂ6»D–´‚þ3‚íŽÎ¸4éŸ]vpä±Û•V7Ž?[lÜfàÉã ìQ:L±Ó“.ïM-0¯ßþFúáo!&UE0(˸5°¹îPJÙõ£E¶W¢ç½ð7¥´ÙýYˆðp1ú iè®Â¬@9 XX°K ­ÅÆëHŒç¸|Å2°¥UœZet£ýæ²-4Êú<ðÞypXÐ|ƒÆUÅÑ2ÿ¿uïôê‚9ÝEµ9Ý iG»£Iy%oæ:Ï>æÀ^D±‡°.ýºW@WB±q;MJˆ‹u¨*ßBãÙ2ŠÝàãgŒä!$/}Ø>–º@]¹Q¸¶{ξa-6X¼¶Acâì¥ǵ/Qµ9 -lj½þÁö‚µq%‰;" `GŒ¥¾õ› 4Ó÷îè2h™:I ùKÁ/ã‹Òð§“+Ö¡Y¬³çDÕSóðùþW]ÝB.I ü…À¶ŸÏ÷Xñ9¤ÈûZÃëz0p™¾[è±\­³íà‚ÐÐÒ¢ð’f^øE#L§°r)Þ-™iP<^m[!ÇTr} Sä F|Ö0^AÖbÁk¹_l½)UóDs|{˜ïÜÅN¥7Z»Ú™õkzv^*ü" gÒ} Ö†nA½B>öTëæÓQ‚ä4µ֪ϼÓø®÷j‡Y×Rí.Deã§]z{ïÑÌ?l¢Ûá:•‘ù—ã™ɦnÕõû.¦1«ÁŸÈÓ/á»òãõÝÍ5½7ú“ÌöŽo8®›^èNúWLýÐ3¨Øñ†ñÃïøö¿·Œ^L.²Éx>}'Cvôóìä÷“ÿplendstream -endobj -1227 0 obj<>/XObject<<>>>>/Annots 697 0 R>>endobj -1228 0 obj<>stream -xWioÛFýî_1uRX,ê .;mØ®ÛuÒÆ*Š¢.Š¹’6!w.iYýõ}³Ü¥ÛAQuDîìoÞü|Ô£.þëѸOñˆ’ü¨M&´ýS,ðÐ¥QÜ‹†4˜Œñ»Gc*$Í!ÛÅíæχø !pF9FÑÈ?dt{(ìÇýQ4ñŠû¸ìôƃ ~öûÃh=±ST?±¢ÝgœÂ§±—u§;Ï9 zø²½» ÌýòNôú}HÕÑÅÃ(~2º ñ¡ÃÓ£Îõ€z=šÎçh2¦iêéÒ4iM—’^M?Bè9™VG–Ig%¬]§õI¸Ý"©ËbCk•e”)[R‰Û¹H–JKÒ"—8*—$èøå1‰ÕJêT¦§´6ú¤¤¥¸—8rŠMÁ¯Y ¿e+]j#7}øÖ¤+œØ¥Ä_¡SÒ†–ÊSUȤ4Å&¢kS|ù*c».¤t’šÕjs³U–z³ú?¹ãHm¦>IªìyÀ錡ìEƒ¸Oma‚ᶳúòüá|Øâÿžï“oyÿÖ*ùÄPí)kwRyßá¸Ï;3¥;s‘Y/Ðo‹cgßÌ̽<õ‘õCúž6´´(šf@Mo(•6)ÔªTÈŒKß°rN“L!øSR‘ŒNéBX™ãùÒ䫪”ETû,î ÖØnÜÚ3k2\Ï6”Wà|`SïdyñöýmmßÌwÌSiX裻R~`ñÔäB鈦ø –P'(Ü ·¾`ߊ|&j:jS¢Â³ÐêŸ:ë$ìÃÊ®Ib*]:T€ºÆ€ùðάᱨ‹$1E!íÊèTéý¦Õùk ¨E˜RSRHQr½pœZ>”dK¹"e9ŠúÐÕî†ëHÙ?|½N %F—€‹mòÛ5*ªýI›µ&¼,•ÈšÒq5>…"eœaßS&5(óÊzm5 †Mgiê×泺{ܵ&w¯j±- “ç\ÔˆÚ.Ù“¥,dSZ¡M5(Æ”/öMµ¨±@mAíÜW@ü¨±p'=k¶ûlí<ºÙry†žâ'v¹5!?¼½"Oa-×A´AH.¤–gù góÂä.E¿mU<Ï_€{Œˆ~·æC/ú 5ãÔyì©<—©‚Ùf?;\É£¨;2o„®D†juÔã¤oí>[%_.Ë¥IVòs¥îE†ÖÁ°<§çŠ@l£aðw¥S³ÖSúåêrK>:¾•Å½,^Š…,Ž1„¥Â¬@Ý­—*Y:‚Jelù’ mÂÝÜ^óàqB "÷uóq3)Y -½õëP-§´1U¤»¯2Nþ # ù@V˜¦UŠ ؼ{½Uì€îf+»aÁÎö½ax‚Sš)®K¤Ð勳“ÏdaGwÂq³Ø2¤dªF3Q,°\¯æ@~*n“‹R!7ÁVÉòÀf ™èSÕ£×µ¶µ(ÐÿbáÎõõÐ çà«çmܼ=~¯Ûˆ°}mŽé’û!›‚ù¿dL¹ÿÒ›ºãºlî.7¨fî”1BG—¹kq¯áŽÎó6r÷ŠÖb³GG_Ñ5H¡X-sØ*,@ÙÊ2×Î¥ªGw·MçÜá´”° &¢½sæ<£ úÉ©æÁ äVéD’DèÞê“ž":”¦ ²ö|Ë8e"ÕÅÉC^T%i©®ðÃ:ÜýÈØUð»²uS°Õj…%!}¸ðºñ¨ÏÕ¢Bó™ã°EšÖª× 2X9W¥kB„Ísg‘@‡XU-ÐL?¶]¦ž×.~ N̉¦ðú 8 ~lWn·ðõæ“ òp¢_H&¢Eí†åÓIdú#:Î ìÏJWd7˜Ý¹ïÓÝz û[³1þ¹ÈÌLdóØû™¾Dô‚¾‰¢¨¼ëpƒ@¬D²ÇöeqòÝã+‡KÊËÛ$/Ÿ·SjöLj/¨‡o¤¶¥íÆIíúºòS±©Sï8Ê”W^xÈã%ì—nU ôÊ­gûYã¡ÛÔåª0‰L+þ– Cãs÷ÔøÎt/ -^7¹µžV~0x„G~ôã;±ÙÂèèw»ÝÚ¡ÄKµ1'ùã‘ÜõGcîÄŸöâI49‹ñ8‰FC,ïiëöÍÍ:la>âûƒ®LRñ:ì(Κ14ññ9‰©=î:ùÿÑÆãA4áó–ícVûýôè×£ _—oendstream -endobj -1229 0 obj<>/XObject<<>>>>>>endobj -1230 0 obj<>stream -x­WÛnÛF}÷WLV -‹ºX–ähaËq!ÝXQ@/+r)mLr™]ÒŠþ¾gvI™bì4É /;3gÎ93ür4 >~h2¤³1…éQ?èÓèlŒi4àç!þIñÑÕâ¨w3¢Á€1?;žNhžï÷iv62£b#©´ÒLdXX*4}ÖÊ_%³‚/ Št*TvJ*‹ôÖRntšãùX‰0Ô%žYD¹°v«Môvñù¨OÝÁY0DÜN±)~S=©D®etÌè’îEº$¢TeÊFêIî,;*Á)2ª«»Ó7¶‚­‹çˆ–´¯Ì¿‹²Ÿ¤Y¾¥´´­$¡Zi×ÿþæ Ñ¹äðÚV% ÅB%¤b®ªL˜C¯µFÕ®‘|Ð0׸8ÌŠ nÖÏÙ.“ˆ3°²Æ[Å1²¤û×P¢Ë¾ÌZ*Q o¾Ó»;\Ë;=Y„=÷ºëÅ3:\©ÙºL¬ K£ŠH#¬ÎlÀ§tѸá8qã8w+­eåŽtì ùn›sIàO†P¡ÙåC~› ƒ* •­ù˜V1ûb« ©7*“TnQ…—‡óÅ[¾M2D5 ‰ÎºˆÒT«M+Z™Gî!tTáôïD;’_A;Cïf\Ù r- w-±&fsÑ+9˜:¿Td¥H\vžšó½Q± -=ífhúZZJeVz~¾€š×e"•§´* ¨•2?ÜÈðÑ5k¥¿ÒñÌaéÌ ÝT§ËJ=•à¯Èƒcšs. h(,Nü¶M"îàËâMxÊ¡¾÷Oj—P%÷ª!5Õ¾ N…½ÖÛŸ„ØO‚}µ80+3e ¥Œ¼PV.Çâ¨é5d›®ín§KïR¶Ìód÷l.Ù -UÛË–Þ¶Œ–oÀ{7aÅìî$˜ðó4˜²Ú—Ãñ¤2’ `bÄp‚i0¸€“ŸWVþ¤0ƒ;£W‰LYå½7Fg¿Ï¢ÁÐé'˜L8w2eLJ•…IÁÑéäÍ þ‡jn0«ìjQ5|è’Nšºw—b—C+P|ÜëñGü¯e/ÖQlª¬DžË,’Q@7FÊ«ûk>™õ]³e‡kÖh¦!Ü&»³øIluvéÕZsõq´—š2N­®ØF‰ U•:C«+mâòÚˆt/¬T<Âñ|eå: %€Œ Wxæï#F­41¦z² è^ïSjײÏPÃ9øDî —‡Ñóz¢Ð“Ê·þZÝ ‹RFˆÙHFDŽÎßù°€nMÚntRåíA¯Om KfÎ'ê¹Zm‰­†¯!-´©ÌÔ—RÒ'Þ]æ×ô‹ÏêÔC?Áœ®ýÜ‘¾;èŸ×ì\»É‹)|ü/bÔ³`#x÷ Pg€ä ˆj¹†Ê*ƒn ÑÏ<¹Ýîä½Íù&—í ]$NM9)+Ø$N¢kŽ™<@ JàìÅŸõr8ûrÀ*piã8my{a1þ¹”=MkeI1¶X£yöǨvˆF³wËåÃüÇÅrù»è™ô8ΑîW굩Æ7¥Aæê;ý€ËlµZÀóR™®@Yp*]]æ'¨ÚoÇ\½e7r–„E/xBµêå.2|Õ˜Œ+‘Š¤Ž|Óm¬ŽÖ<ÊSlpb-ò…;—Arñ}4ôÄêTbòi™`ô·BBä‘Æ2Â6žŠ‚7ˆ-ò>Åê¸Â¢­­af‰5>^ž3£sÿ9ðº&ϧ½Óù*4ÑkWh²ìÌ0 ûƒ‹+L4üòM«]©Ñ˜¹Cˆ·‘=’dË0q‰¹á&s1e‹õÎÅôÌäñ‰àV߃µ7Ô˜`sòè:—l*»Âú”ŽÜΪá”î,à¼êòxgÙX $[&W½ÙÔjJãCI›Ê+¸7ø<ã>¢©@Mûn4WÔ³B‡Xþ­7˜>÷pT[hþBÚZ4þ€ÃÚÜ{¸ýøןo?ÝxüþO¯Ð­®Æ‡!“ÈŸö¬@›®ZÊë( ¬«…þ•‘±ÖÐ5؈~kWX#v ÷a4V 1³›V±ñaþwfL«ñ7ÀWöôâŒÎ§ÕÔ¸¿üûê’× Ï a‰5½p‹;ÝŒñA>=£î¤Á;Ð÷÷¦ÑdLÆS|ÝãÑɈOx¿8úçè?í^ -Cendstream -endobj -1231 0 obj<>/XObject<<>>>>/Annots 700 0 R>>endobj -1232 0 obj<>stream -xWmOÛHþž_1ªZ5•ˆ;!/ýr¢´¨z -„T­í Ùb{S¯MÈ¿¿gv×ؤPU!ÎÎÎË33ÏŒõBá_H³ˆÆSJòÞ(˜Ï©ýUÞáû`DÑx,h2:ÄïhR)iá®?ý‚0(œM!0™Ïøþ¿$zõ¹7sZ°ÚœÂqŒÝCF×½Î#Φ‹ggí#Î`dѹ×>æE‡pÃ`Gœ!(oÜžµ8›‡Á¬s¯}ÄÙb„³ö1§qxLÛ³OËÞðtBaHËc;Ïh™Z´F´Lú±¬¶Rô K£taª`v@Ë‹Ï$Š”ªµ¤/'GÇ—¢HÖ”èTÒm¿ÐMtžË"•é퇀–ÔE¶£­ØQ¥?,öF4ÇAƒýD—¯¬¾M©ãLæ¤ ä ÆTÉaKºTwª¥:ª ë³c|‘\?8 dJ­JóÅ=c^ˆý/åO­Š€†§SCÇ/ö:ÉZÐ_Ö¦"‘$ºfÝ0\­á#¢ÜÔ•,I*˜*á›4ÄÈGyˆAˆŸqS£›·×à{Ñ4˜07k€}SŒ±o6pïñÝI‡QMâNÒ›®ƒÿ˵=,þì蛀nÖ¢zoh[êâî/¹ñvÉñwÒ•ˆÚÈ”b8ܾÿmã^‹UÜ‘ S«J ü— èlE;]“@¶kÃW Åe&ú=3"M!¼MRªMåäDû”Ëj­QŸš’RŠJ6yCM1Ä6s[]g)©"U KTˆ”TEkáòµÕå½Lm®:qR˜Ú—cSGiŽ49_v¦r•Ë—Bs»Aì(C¥¢R­ Ú€­—&__¨ßR¡’rQÔ"ƒ°÷[îà ªskºøRÔ¡m¡lgm:.Ÿ‹{ ð­×‘1¶*8Ilf×ÜõEýJ‚€™<Þc¶)­©myî•ÔµÈcÁÙo3š‚8€& >¿¢ ™*´7•§ÜPøê)÷ku¥2UíÇý~;·‘u-"—–B:|!«Og—×d϶hWåû·ïIl6–§¸\P·}RkÒŠMŸÿàÛoÉs@Í™bĆh,šÀ)ÖP>”U2ôp5dùÀ€®5ÜÜH½Éöò)*åF—•‹³HÀÁ`&7SÇØ æÞÀ¼ãiFÀáÖi?‘ôÅ’<)Z½®S÷g›Â·s@{UÍ1"ÞŽL‚6T¯›£t†=Å%¾q£!…‹9“Üm4‘k؆ríñ -C7< Š -Ý´ãiÊ4˜Ÿ?ß±–â],'Ûè+qÛ™ -ý¥‹ð(Ó¥8²±®Øn/ì†6cÉý—*Ãåú¾ÜOM¿N{(û£s • |¬ï¸g\>¢€G'Æ (Ó´Ð#¤ Ága@—Ü{ΙÐ9&+”Y]´ƒ„Ì1܇K @.ó˜IÑfß°r. ÏTvda%ÒY¦·vÏ–,KžV3TäqöÄ%œÆ¨äœ?ÉG|úáQ»íGÓùíŽû#}¿øzqysA'WW—W–L¾Ã‘{fÞ1U¾ó_6˜a¢ªÒ5’ô«ÑOv^p|ÉÛÄ4Bﲂáé¡/°~‡,’Zm -ûÀèÛq\æ–TS]ȃ=ÿ¶< ˜$›ÉQ4´õĬ×gæ{ÊÄ¥mé¡?°0Õu£Kðè€;g¥îšñáhF[ßç¾mîT¥Îh• ®&wŒõÕnlzòd“éÐ0ïë±|Éæ’olR†§#Zðæ“q„? æø‹%ÿãBIÿªU‰jõ?\Yæª -ŒÝåZ˜^ÙxDN™Ÿë[ÖPX×xy‹Er¿%.ÔU¥bËð,`ý·›æ#§ÝSEsÿ¶‘bÅÛŠÈœWÝ)¸Ñnùb ¯iݦñoñôíî -Þcî3L×h_T‘›Ý~S{Ea]¨ÇßÂIw¹2åo»€•s äý5™Ùß/ä¤W®Ø8½/rn4™óéáï.ðþÉDó \ð,âNêÚí0ßt¦^@˜Ó¿•š ˜çEÅ”8ÃÛêå¼Æòo}ÁÐ-0rËÁTÀ[¯[gUŽ)‡7‚Š^²q¥íšø}þdÉÈ>›î”»g4´#ƒŠA~ø3¦$¥'SLé‚VFa XVtƒÅOo ˆ“&xÿs -úoÖ–l±8Úôt̲±íZ@Š¨:kBb; J²?„°gJ<•Yb³Óë\%¥6zUÙü1¨þeà‹ìV^Ås_d M73¯oOWyk'7ï:ÆmNwtbw.»ÌOŸOh¼ô=›ÏsO4!ºy¾Ót5Õt}tþéˆcþÉ/nÇ:©9µ6í¶¦C¼:æcÌFà˜´ÿRÎÄøÂd6 fS¼Ö³ðì¿:Yöþéýø‚ë(endstream -endobj -1233 0 obj<>/XObject<<>>>>/Annots 705 0 R>>endobj -1234 0 obj<>stream -x¥XÛrÛ8}÷Wô›<[6uµ$çe*{×µ±“‰”Éì_ ’0&.ZÖßÏi€¤(&µ;S—/"ÀîÆéÓ§ùÏŘFøÓbBÓ9%ùÅ(áIûãËß/&ãi4¡Éd(§Ù|‰ßáSF«‹ñÍ2ZÒx9‹f¼:¶Ÿx†h¼˜Esš-ü¾KIÛ‹wë‹áýŒÆcZoÙó|¹ uêh\® %¥N’)I¦ÊÑOëßñ -ÌùW.µKŒÞª]T˜,,5Ö.éh*Ê+먲’Ü^ÒÓšV²|‘%}6™JŽt‹¦¼ -/Þ46 ¶ØW$_eßæa¯’=)ËϯGtíAY§—J'Y•Ê”Êí;Ž6• &æ­umoøfÊgë„SF÷œD´ÞKÀ£,‰óHÉh -€K‹"2¡ˉhÒXʲ®<Ò³<"&ñÝñÀ³Òц—%§““íd^d ’èæ Aƒ+¿¼UlK“û'’øÊJÓ^…ÊŽ$µ‡“àsÖ9(ç$¢qZâ´ë–¥B]QbòÜèH¤y/ï°úÝ›¥µûÁÞˆ|òÁþ©•ÔŽœ¡¤à»ƒaÛøþÆ6(IïÅ—¼‰cï)Ž•ÞöÃj8OOKv°QZ ¡Ì˜gO4,äTi iL†œãIyPVF½hž *ZdÖ ZÁ!ãGªJ™ ÌéÁ^¥©ÔƒæÅɺ‚2[ÃwÃ@$ªÎ,+ˆÎõÂ6Ïk‘Ãež©DÒg‘<Ó”âKFš¹PÆ?ùÐO6{‘Bí"º{u¥H´Âʶu’ ¼p¢E.iøÚCDdä;¨ëíôö“›Ùb.°ãõ¯ú(kÄh.¼N°‹®AòW”!a¬„µ&QÀ늩y_z2 =@~7’d€›…¥ƒÌ²š˜=}^ -c­bUS¡!:3‚“öJ´vÈêõi»Eæn¾8v(j*Žd¶Ý¶4¢üzÂzí83‰\¦ŠjöýoYz›æJ³ª„õB‘Ä‹PY«¢MÀA(URk¶Î»Þ7êÞ©¸÷ÐCÐ -:™šVd>g'®¡öƒöRéOµ+MU4 ì‘™ §`4Ø૯t -`Og'd2¢\Œ(>o^Òû(ˆà¶Ñ£N”qìŒÉl—Ò>+ÇZ:(…Òq\‹ÖyÄè M ç®Ck -ñ%™¤Í±Ç‚ÔTHÿ5–“gÔO_…¼Ax¾× >Ø9ßz°ï¸w1ªŒb6¨2Î,¶½s[¿€/ ¤z¡œÑW x]¥Á{½Ûs_…³1ÍS£áDwc…\${…Ç^½Ð›lHFÏ‘g6§ÿê¥6ãÛ^úØÍ î€ì°”‚²d«ÝNZüþ;Ž³[©/ÒøRúÆ÷M¬¡:[S´T«r:ø«:† äç²Ø•b³AUú~8”.zs5Ï“zŠ¹^DË1þ桲Oæ‹:›M%ø &¼Ž~ËUðÀ ÁWè= --v²øŒ X ;9âÓ,Ò)’´]ÂNÊ·ZNPu„™ÎÔÎks¸¢}×/ƒvæÛWT˜‚ìÀÏ=¤úaùêíDÓªš¤Ca&c -Žb1ÖÕÅÃ'×%aÒòµÂ¼Á +”|ìo3sCöh¡¾¶¡L£hkœ!ãù¦nt¾•`xn¥äÍf›¹ñ8M§˜ö}ÞnFuÞš±¹^nÛn²º€ýVï0´8úUɃôôÞÿÙø®q¹ÛÚß³šP˜LN}Å—ˆ(Q¡/LfŒx´uÅ›á?£¼UoÌbÃdÊê˯ëOŸ>¶§éà*¶~ßâªÆ×±ëÉ2ßâ×ø?°åi¡£îeV€Ï:”t¯«q…,p×Ã+€Œˆï\è#YS• Jr 7e¨ßB€§>q¼Ä›pAÉXïXœì}¹?Ÿš¤ÊA!ÿ~;uú6@»9`¤Xžš½ùFœÊ•«#´ãfâ¥}gLŠ¡´¬úXwRËRà"ûøÕ‡ŽÂ’Œk ð•×ñº)q5BÀµZ6ZØ­M¢¿ p\©;m¬c“¡®<¬þª6ËMÔ> —µÌìqQ 3yHÅÊÞcD/¯ÓÓVXÈ<ßæ½´Òû»¿T§õÛ)ÍñÛOÝ«·ïÞÒçÒüŽ >t±gw×ã9.õË)]/F·ÿ›(3üGÀb¾ -´˜³…»õÅ/C¯©endstream -endobj -1235 0 obj<>/XObject<<>>>>/Annots 710 0 R>>endobj -1236 0 obj<>stream -xÝX]oÛF}÷¯¸/…œB¢>(Kv_ -'Ž»ÆÆI7RÐˈJ“3,ghÅØÝÿ¾çÎM§(Ú>uD°HÎý8÷Üs/õëÙ”&ø7¥åŒâ%ÅÙ$šàÊñããg³å2šÓ|~‰Ï‚âËøø-§ÕY|1‹.h_D3Ü/æÑ¢ùÆw_¯ÏÆ·sšNi±ƒÅå’Ö©·?¡urþAK2¹½¤­´ŽR%vÚX§rÆä–2SQ*·õn§ôŽÊÊlsYXR–V¢Ø -RÎÊ<‹èSS"4ÕVzk£”Lé”ѯ֟Ï&4šÆˆož³½­q{²Å6%¡SÒü‡3dK™¨ì‰{áhà}R.e> \8ìU²çǪZG´’ÁK¥ØIKF{‹Cv7êøóÖÙ üE‰Ñ™Ï¨0•$¥L!8H>~Ê2n#Z–N >ÁJ褬2M{¹mÎÇTf¢ÎÝæG;Ðæ|ŠŠöpÖL•ÚÍ«¨12[ ¬èZYÑ^æeVçTH·73ëôa;1E©rIÖ¢¶\ e{ãÛ‹¦æç´KíÂÕ– ç”åbÇ ÂÔAå9ÀHò:õ‡;è…ä»@)È¢´¨pghEž›=ˆJ8'P©]ºåo *¦96_ñq¨7ˆ”H ˆïú*Èþ…!ÚŸoz¹¥2—Nú‘¨ŒLµGôÖ³Iä\,¯h[§vªVŠäÔ°ZeºžEò'­¾x6~R:žÑÃȽò‚‰Ü{¹)‚ó -Üq™{E‘/ú¥¼…]W‰$0Ÿ~^àÝ«¤2ÖdŽàÖ-eHïA@¨ -Ý­΂è""€^ ž>Cá«í}²{Ã# íV­¾¹ #ö~ò‰‰Æ§ eã77mG¢"+|„qÔ±S¡ÌBxì^•¬ë )ŸöúÜŒr‘QÀÛc« ýDÈÙÏ”bb‘³ŠŽ=ÑNï2oA”Œ† ª"«L$•˜o~Š *Ù~™0ËM/?£¡>|XóµààÁ÷Ö9ªÊš‹½¥‚„ƒ0ç&9O–fîòmÚ$Ðãcéý#=¶ÞÂrD¯!zá…p¶Tó_Š°·*in`s±IpF²õß.Únïðþ•©¡»c©mÀ2…à?F†âH˜«/œØ÷ýi½ƒ“V|î¬&À£M®Y3.!È¿Ö=Â×%Zš¥ÄɲÙ}2Ó­0Ü ?q©‡’@…èç96×(ž_ › ÝûžŠ§žxÉ{óƒòÅ3}7ÏAÁ±À¯v-Àl©sT[‘* SASÂFuä`vĹ/º_a{ÞüÔUõ+ëo FËeDƒ}æEw«øü‘¾NÝâŠgšŸU'ï u+ }¶ÐÚ¯éLñkì γ‡=¶2Ì8‡]óë© L¯œÀ<! Ç“ÌâÏ7˜‰•ÉéG¡eŽï-Eù¡êQauÃÅë4e{~¨­0Í“°©ý~Z~Tç*yàö|øç é±?;Qßx[l¨YÐŽI>Kþ/z$ÀýºØ3ÚºBð{¿ó`«‡ŽüA¿/G9;Åœ*±XÿM‡z}âŒûD~QX—¡Û¡xõ/Šç߬~Y­ßÞüðaýÍf³z‚&ñl³Ñan¾¾ 'Ú}å,;¾Ö]Å §A˜WÞä@æØ z>±,+»Ùô,…¤Ù^KìëØÓEõD7ïÞ Âhãó,Uá>·4ê(o³lð6È^‰(] 5|¯Å3u…7o)mý|Ë /ÎGÁí´ØA}_‡ýßkK§»ÙJÛ -]ÌûfiÚÜï?ü|Ç~‡M>æ¿G«7 ý?5x·&¹ËGñ,Z.—Obü¶ãß°´ò^6;/£Ë«˜â%ÿJ„gV×÷¯¯ñ:k>³ÄÞ˜¤.0ü[²'Öt±Œ&—1–“+~þï§_üªsÇ/Ò~ɘ/çÑrq^W–K¶ðv}ö¯³ÿg’ß?endstream -endobj -1237 0 obj<>/XObject<<>>>>/Annots 727 0 R>>endobj -1238 0 obj<>stream -x­XÛrÛF}×WtR’S"x/òË–.‘£ªÈvLf]®å> €!10Ã`Q܇ýöœî(Š²½©µKU’€™éËéîÓ=øó¨O=üôi2 á˜’â¨õðf÷ëÛ£þ¸h4žD*h0Gýæ)§ÙÑdõhÔ?‹ÎxqrÆ‹òÄ‹ýÞ$šÐÙtŠ=¼Ú‹†Í¯ú=ì>Ù)V‡½1ï•'9;>‡Ú3(ó*Ô¶Or¶7â糩èžOX’<Éêt c‡ç£pv܃†ð$«ƒ1N Gc±j8’UyâÕËùQ÷æŒú}š/“ñtBóT éÑ<9yë6”¸õ–ªLÓÒäÚÓ²t…<¾ÓL—º$céÇÙ§Ùüç»ïÞÍ\,f[_éb8X,¬® -g‹Ÿ¢Ÿ¨r¯æõ¨ÓÂàyzòw9+Ê>ºòÞWª2xV6%¯+Zë²0Þã•'åiëjJµ.”¨õºtëÒ¨ -¸’·•äM¥#ú„“çdµNI¥…±ÆW%´¢«ÏäŒ"öÕØU‹Nƒ„,;{¹®!Žä›”é|½¬súýïðÉà€eI¹±÷þ5‹Dî´AùÅÁw·¤™*b%q§¬ªÖ¯»]Ïo"W®"ú¨)Sˆ¹¢Â”%aµ’L¡X^÷&iJ¤ÓïG½á,‚x/£…õ¶„šå]†Ã‹°aÜ8¡ký s·.éçgO_Róû6é‚ÍÁ$ÓÄë\’ÆÈì8×ED·KòˆÜC±=£¸ŠT%!OƒºxÈ‘6(i* ÃKwÛ‚ýŠÇ-Þ3 ,‘ ³ÄUÝé²äó¦¨sdçãåõÅxÎøC‹›àl6›Èß›õz!E»ˆmýØõEÜìÊEYUäßnëE^e®^eZg •Y–©hxJÕ–©EÑûë«Sº†Í)]*k–ǽÖk5HÀ.Žé^Ö(iœ‡Ät±qžI3žŽtZGªÉH+ÇÉÎ,…bÉ@·´Õß!&wÆ'¡<¸H¯nof ª§ú=¬‡nb–¾’óÿM|ðåµ+J\ÜùݚǼÍ3€%q?J\Ñýo~Ÿä][¥øÿÛ´ÞÌ߇g]ž‚fw—ä×:ñ¯i)eßQa’Òy·„ ÐÙDÙMËU—Ñù[Vt†ƒh2™PÿlºÙb0ž4tÐVû$šöÑî&ÜÖA¿ .@‘·´B÷b{¢z…cÏçÿñœNmuZç²Udë"†ƒ;n+5WXJÏDEôœìZìwœwJIn’{fa&<í¥÷Y¸¡C&Yp¬Ý -Žv¤6«×kW¾ ´ÿ}NXù³–?Çàä°ÙÞ ÂÖ0YÚ¿H`üàj`ÍùÛ7(§=×…QX]§²+¦ý.Ýr¡{<+µH~B”/Û^êì1ff‡'½*vu4vX#Ô'%LZ9×CÀÚÐd¢õhïÁ,ÃYéY,JÒ:×Êã],ä!:žšãª6)o´`šýï"ߨ­‡{…–tùRxpym+®pÊâA{H2ëà±ç5Ü¢1bNàÐìqܪV¥â³l:ZRZ'œŸkUV&íc®Ðªª9i«çï+S` »°˜/ñ_ã+>ŽYZ!¾þ˜µíç$ÛÃ2wáJý…>ЖÌWzÖð<ÔeƒQÛZ7Ü)á&O–\^R4)6­ö¬˜}S(&¼ò2ôJÛÀŒhñê§Ú‚ÂÔéÑwò”ÁŠUœo%ÊU$²~˜p“Ú0@*Íle—2¤2”œÒÒrëpIø¯Uù¿!œÁ_.!–›ùP±ßÞ-fÜ452”4éß`‡y$$¸‹+J+”æƒQtõÏÙn”á4Oy<ß0ÅpEäpìЩ$ÓÉ=dŒGõwhŠó9Ž(êm–/mYƒåxüãŸ4zyŠ±™oKüµ+0§³\-̵í/”ž"xx{öX£¡6Ú¢BËA9WaçÑœ~@§ÜQ 6¤mâRHoÁÓâ¤A2Á ç¡AL\£t—Ž³ÇüÓ?Œfy‹Wß!Ê!’|ùÙ‘&²fYméøö¸àV’¹Ü`dòÇðùïŸ"Ê•£ÀD§oÏlûÌçü6+¬…°²~ƒ&÷¼§ñ©oRà<xa_ÜøÆ\Ž±+Éø¾ÁY),$×f6¦~üå¼ð ;)ÿ ×KmÁ™&“I8ð©=ƒ²•tdÔ rBCÒIfM¢òˆîÈp­2„—àʶ„FàëØ'¥‰™k1b'2„#$V³©Õ¶œ zP `bÜàÞ-+mYÃ>õz\¦X¸Ì¾,é©k±*º\ðP£!8ØëªBS­r¼å{'RLàº<I~ Z6ª …nezDu~!ƒG|ìøúUl,£×'°J¸ ›äuúâZ&ÝJålËÓ‘T<æqùî±) éÜÃR×Öø&%Ÿ"8-pC«‘:ø;èEô>tìÏe„ׂ•FW1c1RO[¹Œ@ÖŠãÎQBATúŒ·”Gܦ8L!jþ ˜¼¸¬µ“Ꙍ½IuÚŒpýá4šži0•³‹»Ë z_º?˜j®›{©ÜÔ%'úø@Ö›©3é3þ¹»„k¸ÌµÌS2æÊ(Ëß¹&ãi¸5O¦,áçùÑoGí„óXendstream -endobj -1239 0 obj<>/XObject<<>>>>/Annots 732 0 R>>endobj -1240 0 obj<>stream -xX]sÛÈ|ׯ˜‡TENQI‰_wWII¶ì¨*’‘w¾½,±€…w¤ùïÓ³» !Ä©ŠÏ¾‰ý˜ééîèÛÙ„ÆøoB‹)]Í)­ÎÆÉßœþ÷üél>N–4[Ž“kªh2›>•´>›^]'W4›/’)žNgód?ñSœC³É;®— ü<Å?#)?»Ýœ]~¼¦É„69ß=_.h“ù{Ç´IÏ_Ο´µj[_ÞÑ}NGÝR!ö’¥ºjJé$ÕÒUº&gD*éåœr£+r…$ÝÈZÕ;Ò¹ÿبF’ÓþgiŒ6ôòîÝæëÙŘ.&Wˆ{“óù©¨ÉÊ:ó ÿ–¼¿y¢\•¸ÒÒA–eÂ{.?¦1è‹É$_]QwÂËt6¦°¤Ë+®¸˜Î.y*¥°¥Põ+n32oËòH[™k€"œ)íc¦Ó¶’µã°•¬„*z¯k«2i¨ÖñBNÖÈRîEíøê^B0Î’ªcÞ[;<*i­ØÉ„6ØnEµÄçó¥²ØµV¸—Šv”Ûj‹+e#5€!¸!zˆãH¢,Q™ù5þ6 jÈVÛ$ÕuŽ`8`eb¦”)#S§Íñ?G¶ƒ­‡ì¼z¬æ º¸Z%s†öŸú€¸èžvÒ!ÖPø7YÅKºÚªîüÔòÑÖ¢bL+½G&žQâ'"F\ (©)™„Ì¢C,ô±Ô¤œ§N¯8Ÿ<À…sÍ/——óÄ×!Ñf7¢´Té+Ù! ¢XG•òÔŸõiUÀn9§uÛ4Úx:üPØ9Xäyý¿öõµ°ö”¯„o@ —už'ôd”¦…t$ÒH^ÓC7’>Óõ_5š3 ü³&ˆìÕ3ZCþ£¨±¾¶XãŸä0Š¼[*ÞØ)Qd³°„¶.ùW\mtÊrPûAF«Q¸ƒ8&I ¡'nXÖ„VÓ Û—)¨R_ÑF•ƒ<Ëd²‚€DK&à  j–¨3º$(š¾¨:ÓK«ï—wo‘›N“éx‚SVðo@¬Å\—¥>0 ÂP`tãp¬¥ªM‹N¿Ú¨ªEI>?ÜÜ?&î» FÕ¹WºµðU§e›!σrùŠIøÐ;²B©Â‘ÊÒ•1ý ›§sÏFôkȤS"×È”·ÞeŠcÑï–Sðw¾Íú|DÛ#=«´&ãGoX‡/郼8Áƒ2xn n0óXÐA›×ÑmCÉï"uHú¤FvØ÷i*˸¡WðÚTƒùe*d é"qOÁqõ¤šœFm['¶Ü -ZÜQ;• -_žLàk¶tìÖjàÀ’ñ˜³‰sÄ#Ï´E¤¥FåH¤ž‰Þcc` Ý”Vþëò䶠ò š;Ä°3ð}܇ƒZ+ ìÞûÞ‘lë—‡öÒ‹ ì˜N8¯Ã¡Ôؽ—fpûËùã&>ñö¡‘;ìüh¨'šüXdƒõHeGÜ63-Œ#î{.0‚6Ÿ¨Ö‡—wO6 ¬nÙØØB°BG×àfë_àXîˆßÁ:ªàë&?zNÑgûM·Ñº-Á Ó ›å‰8=¬X~ª†Ž¡ üœÐã€B”·µW©(•óí.„ÈñCQüÍkÊļ‘M‰º ”`Çíóç/ëûÇO¬ë„îÅÈQðZ£Ü£@ÔŽÉž¹Ú¡û"ã -®'ÔÌbiCQ†hß[Û¢8Ëc¹ˆ—ò"ìì4SéL–^hCÚZ¶ÄÉUîŒ*‰Å àÊ3÷ÙúcÁŒîà`jTã˜0ƒyÌV̓¼.ú°>)ìáÊë{OWF›í©7p ó[Ó.ÑI#gšcÂòÎð&pGÉ/;³­GK–oG©ƒ²¢>/XObject<<>>>>>>endobj -1242 0 obj<>stream -x•XioãÈýî_Qñ"ˆ°i]Ö |îXÛ“‘f'ô¥E6Í“l-›þ}^U³)™v2»3°!ñ¨ó½WÕþý¨O=üïÓd@Ã1ÅÅQ/êÑŰߣé¿ø©4¥rc6‰†ÝëW‹£ó»õû´HÙÆx:¡EB°ÓëÑ">YdšâÜ貦:Ó%%V;Rô¨ë//®VŸ®~µÏ¶„—ß7ÚÕ§´ÍLœák]ý ã5*U¡É¦òyƒWþæ(ç·>,¾õè¬?Œðzââʬ눯ž!¢py_•³Á8ñ“Ý°b[–:®áÍŠÄçÃr™BþªLÈiUÅJm…g ÒÀU“’© _R»ÁW¾«’V¨ä´ ž ‰ùgõwojÐj'~}©"ºLkí½œ\§Ä¸6Ò´²Å;±¾É~ôãì.“¦+ÜŸu}_¦6´$Ôw¾é -ñðßñß4$³è‘”«éáÛÜñd¯ûRJ!וMM®]DsSÆZ VÚ­méð¥mÆ{a ”J[JR+SR±‰³ŽÓ¢{Œ w‚ ®%Ž/¦œý»Aª£‡Ïó’t&ÑÃÁIŽ‰©[íÚRT]ìK=œEã?´7q½‡µ6ü&dàÃ1ìêMU:²›º‹³Ý ÝZÇ&õÐzÇ÷\:&übì®UEt„ëïªXçú”–øç[¿\¦•N–˨ ã>åzŸPKÕ–©#¼¶Z@tò¦~ã×ï]¼IíTªˆ6ýÖÝøsk_<ůŸïîŽ>>ýê)¸¶¹‰ óxèžÕ|Ô?mt€iï•áDƒ"M|¢çw3êCRÓF3׶LÍó¦Rµ0Þ—®®61vgáÜÚê…DG¿—_´aÀê+êV0#“¦ºÒL¬^Ô`Eo®%@E}b·Žfß½œ‚˜Lq&ÔAÈ°ÎT; ð­„~TÎ!”„`¾Ú­%V<Ê„d-IaÖÿt#í?¿‹›áq6‰¦<ÿr0žˆdïs“›­Ðï?¸mY›Xñ¾¶Îiç¨PqfJпڸšTC¡k÷§¼ž ¦Q¶Ïc£ÒÐÐBÑ\+_Í­ÉsR¹³ðOL«}„¯JÛx¿hr ¢AÇÒú†yP™zG……ö0% åx¬*tJW– õÆQo|Ñô‡ÿPª·ècÁL“©V¨Ñ2tŒ' ”Õ@VÖäX¶zÈ-Oˆ$GÊÅŠñ¢J‰^©à`tønœÛÈxÞfü¯òÁ0ðƒÑ¾°·)Ý”MŠtc¥À{]Ù<Ç›À¬;¬Ô-vY -<– @°¾Èîqòy~ûé5N$²e¾{mµÙ1¤m¨0*A\g¥‰U+Î1ýÝÖÕü—ËO·_Ò0¾vPœJ`{kàæéáòþ±k»Ýõtûé·7iylãBÍ‘äW:}S•ñÚù˜?\Éð£ÛTÞÖA€È‚Ñ,D—q½a¬u0è[Š‚ê8<`‘ù–´(QÌW]÷´(8lAò¨o³r§D ¬E) Ê­x®,€ ³%Ùµf,Ÿ=«n®#ú’A[…BD¡[ˆÞ˜úf…Û¯§:>•ƒ{y¢dÛBú§žfâÍH|à²j¢àÄ——0D×pôµ¦tƒ+,ÑËa0²º®Ÿ­ÅΘhÅ:Ñ0©]f7y‚&ºX19¡¶R8µÔ±ÒÏð)w4yìüÔ_ñ,¸ºšËvÌP7"‡Ó äÈxÇ”53(“_5Er3½ùQ©p3®ú¼Ÿ7Æeí4Á+â6ÃEl=\ù]B åéŠ%ÙÑÖø%o/üšÛñÑßÀLã$ õÑni¥bQ~¥U `I:¸·„b#}¨¢¨ªH -W¹¤ã–Eÿ–Ë`o´½“YfiT4øð\»h5ës­$@ÎZ½ý¦r“p™y[a#|ààßœ|œ¬%ÝñË,¤”'‹CÛû F¸ -e³,OøÛñ: hÒñò½”<îe)V+ì>©^éøõ}à¬#šÍþÎ_µ)0þ¤¥>ŠPø‚Ü=ˆ;uXOh™Dž]§Ò Ð¿x·špŒý´ÂQ©ÆiÔÅŸO‰å‹ÕòDN–*ç…m'óîN©2ÏYýÏå~© ¸«@‹‡CÌ­ì÷ XÍÔh‰´08Å¡/Ñ©)à€G®ß'¸ãîö:ÁÊÉâ…kæ´ßExÝoDDå[µ;À¨£e -Õh2HÕj®­YMöi³› a7¹~µ¾ÞK纙†p²ªàZ|fœlÎwœÉùݸ»÷L£‘ß{Ÿ·ñ…¿&œ´–Ú…۬׶H/¸†vãøÆŸM.ÓÆ]›õt: ñ¸MƲgÍ/®.9º¯`!ÝØxÛ’LMétŒ?L‡t6éÍxµú¹¿ÝÉG“Mý6;í±ÅÛÅÑ¿Žþ ’aœ endstream -endobj -1243 0 obj<>/XObject<<>>>>>>endobj -1244 0 obj<>stream -x­WïoÛ6ýž¿âV h -ت­8²]`šnÝtY׺؆º(h‰²¹H¢+RUóßï)ú‡ÜuÁ°Mlét|w÷îÝéÓÙ˜FøÓ4¦Ë„Òòlèj:ŠšÌ¦øã-)ÇÙŒö¿ê5¾Œh2ŸFWéø2šÛÜFáWg{9gƒ¹“i4{ Ûq’ìlÿm2ߘwXÀé°ãhÞÇz½8{úrBã1-rd-™Mi‘¹8G´H/®e®á1S&mŒQÕš6º%«)ÕU®Ö îÕZ”|c[ë\Ò HYR†#ó¦`[#¥{ìwUÍÿ Qe„O· J %+kž,þ:Ñ©Žqö…*·…,qƒìF”I -‹sLÔÙÅI4a;ï­ó3àVЭ´ïŒ¬’ö¦Ê5’ñ©‘ž4;ƒQýYÖüm-{Y?6;ìTèTX¥«ˆ~Ö­„ñ€ì!˜­®-ÓÒP¥-mÄgN„. é #·¢Vž:¦\É"®Š{‡©C°Ñ%ðmD-#Zl¾RŠÊÀBØÞé>îmÂÓØZ¥VfÛJr9Tuâ>SµL­®ï¿’Ê}9Rùöù/¯ôZWôæõ‹Ëµ•n˜V(@,Euï£âÒWiÑd|þA\Èœ™^$\’pÒù!ÞÞI2È4Û­®­Kt°bºe*ÏeÍ´áô¨æ~úr¾ãù0žíX”éÖâÑQÚ€¡6Æ0Ðn>wŽX̱»Þ¯ ½Åä1e*qd¦\EÜ1¸æy—ë¢Ð-çiyÁxåÁ´_>yæÑœrM.cÆWÑ Aú•c+솾§%þ…8fï¿2‘vßØ|¹<·\–hæî ¾xä0œ6u§â´ -”É\4…Ϫebê­‹ -Ÿøüó[ï¹ó: J”Ôæ{F”+á{n¹džó½*.­tv·ç칩?«´ßl8'­!à¶h¬.QT8aåûç=wŽál»§#ºÉé^7®/§X`"qè~N73/dnàÌ?–±{-Åt¶®1Éleª@æ,”ú «,’bUHǵ8ŽâÑ•ƒæûʽ/îÒ‚âD4ëyBCj¡‰¬,­BÃñ1&x(Ñb¸À$vÜ —Š -ݦ\ßÁ„ª:Šy}ë¡ße†ÉÀWÒ¶RVè¹5×çÿ؈“@·¿.8èÚKÿJ²Hº>ÖxbòD<}BS w1ÏCÌ!¨þi.<Ö…îkäÐŒ+É#Ÿ|®þ#à©A-+ëˆÞºZo s‹o®¾ Ã3@XzTɾ¤ÂçSiu}gZY7¯”ÅÐzÄÌBøVÿ ]‚b\ß#ƒÜê̺=ê=hÝ©okù9¤©| äã†ÂèrƒãDÙÃ0½n,µBÙï¸Ù˜ŒxVÜ9Ö3£àg×4§òô QC—Õ{ec^c›<ïAÖ¹Ÿ§¼u£µ)ø&¹HœËÛÆnGâ-Í«O[·-¸{”ßï -­Ñ#…‚>"‹½³÷:é&„+²“ÝÃ~ùæH>Z&Bó™Îa8J¹ƒWÓ·ÑÉúɃ¼wæì8 ‡H]’ü…^ ,ƒâI}¹ŸåÿK3ð^Œ”¯Ž~îž%÷ƒÛ¯,ñ(š&sL Y4K®ØÁ8¼¯¦™ÞA[.i`%u´t[-+æPuœ ‹ÔQ¬@Å®Š³n±O&x¥Š)IðwŽwŠì;äõsz]ë¿0«è6¼Ûïv¬á¯E£Ù% §#¬<ÙÅQµé¦ÂfÛ¸=Ê<£·]™š-½éÞ:ÞAÙ»{õà L¦Ž×:v6ó¥g¿ý  0xSendstream -endobj -1245 0 obj<>/XObject<<>>>>>>endobj -1246 0 obj<>stream -xXýoÛ8ý=ÅÀ¿8l7IóY`qHÓ.¶Ø&Í]ÝÛ[¬‹‚–h›DjIª‰ýãïÍP”½jwq8E?$rfÞ¼yó”ߎ鿎éâ„^œSQ¼š<ÿñŠŽi¾Â“óË š—t4;::¢yqø‹±¥{ tõº÷ne*Mtl›gó/8wÚŸ›žœÏNqò𗶤¨ ÚÓÊø©rë@Æ’³´»mBq£ñîãWg¯¯çd^«¨Ë ©@ÊãW•Ú}ˆÊGºÕ¶M8öM_ÌN8âèµÑ5£ ãÚ«:ŒHÙ’Fw:nœ+G3šotÐT¯‹è¼Ñ¸/ ã©p6j=šª¢¥¦Zûµ.ñϸ‘4+W¨jõ+Ò2Î -¸/£Àâåbñ˜ðZ,š„VX,¸>«jÍ„vôï-¢1,Æà Œ]KœÚ.dÈWÞÕ¤U±™Ñ¯®—D­FØè?9ýÛºrKU}"×DÉlÔxí¿j*Þù¶:0Haã€å÷&Ôäí m0ÑàðƒàÖ¤áøµ26â7¢4&ªŠ*#7 ÿ%¡ŠØâÊnÉ­$×ÜßY"“ÝÚÑBHÂ=B ´ -bê0ªãÀU¬´×¶ÐaFoW´u-úÐ7GÚ®œ/4ØtäÈ{/O€³4E(0¨°g¤„NûÙíõx Ö”…à\MÞDÜ_ zàˆqó!)ÖÅ{+Y÷pØŠ±zBkœstƒ½«è^Y]Ñø3„GçËDÔ +W®øˆÂó,"¨ZÎ0‘ütPƒäÁ5P¾DK¾âV@ઙn{PÌpçÿþç -ÛH¥£ÏÖÅÏ µ{”˜…«›=åD½^:¥À)T#OáñŒ8üÏÿ_3Æ%? ú›ÊÈ8O·¦ð.¸U¤îq ?8ÒtOPÀŽ ¿sk9¤|7§×Ži:!°P#´—¸Q Ô{ojå·„38‚&Žw pý6ܺC0É -nˆ#ÿ?A˜Y’ œžœÑôìdvÉâöÑò”íh3ÙµžõÚl+§J´Xƒ›þ§Zú¡Ø(Œò7¡³ƒòö -§;ÖT=îcíDä,o22ֶ›&ö":L “éóX•|žúL¡n|ÿ2Sg¤MßM'Kø‘ð?z@ú2<úÉ„˜”a©•Ç…ð '{5rò=T‹+m4/õ=|1]<.=—†”1ˆ ¬eJÓûƒÐñ¤*ìÖ¦ÁbꉋgY©@ŽÁiñºè@6í=º-8Iú¸¥† ­Hûª­ª-}U•)“;aD3¯z)OeÞ:µ,"I|<ÇËýµÖok`³ZjœÔc)p+È×òN yŒsA;åûG·hŒ=?þË -÷ò.’ÊBÝá‡Úùw†§LŽj"`‡·UɾH-a× §ú‰—H¬7O`%`— ×–B£ ³2¨´cä(5¯Qq3°T`[ÍŠ—m§Óû^ïï,áý÷}`ö$#-îç.4 –)ÛϬ*v6*1#x» ëcòm#¡G¶ÁüP:RÆvE‹Ã®Ÿœ€G(R9Ä §jlYUNE¥x K/§‹gâÍvÊ"ÒJÕÀƒ´×Àwþ.VlÊ^Œe¼Ã3¥>hšT+X*È^­ïôÞ˜öŒé&ä™î÷«kêAûž§Î@îYb«5$9×Á£¼+dg’Ùá [ø6©´´ša–bòEÏŦ…=œ»fî e·ï’§Ä"\ÃFjï¼m¿m¯ÎðuÆŽÙ‘(ÎIóßZÈ”…7 rÝ@ª0L; ÓŽâ·™8^×æ²CF¯T€ŽBˆúýÕ b³ŒwzÍj¶&ÍûoB qñ a>Zó”¾ÃíkÒG 'ý‡‹ß˜†¼Yol‡P—Ñ ònÒ3&ùÀ>¤×$\ ©»¯@v©2<]<ЖQ( hØÐç邬'ä:ÕÂ+(O U°Ä–>6ÎfC¾SůK\fÉê§þsUz¿í7YÄ !bÞ -Åî^³ž Ü’Oúâeë7’€ûŸ{ë{ïh+k,ðÝÞ/Â8±é:à;+¹ößøJ/÷Ìw®Ï·I¼Æv1q¦Ÿ„Küuœ”ªrìú˜íËO?¿ùõó»÷7×ï>ß^ßüôöîÍbÑ­ŒÅâ¦õølŠÿNß¾‹Å}úÈ}‡À×p>ùžÎÌ>ÿñ²ûÁñéÉìèòŸÍÎ9é×·¯®ÙÎ~áO›×®hkÜ­øÛ5]v~!¦GWüþ³+³n½¼Aoa†|[È—îKþ™DÂ4ô¯î ç#‘.A1¹§§³‹óË„Øå Çx3?øçÁ8¾°£endstream -endobj -1247 0 obj<>/XObject<<>>>>>>endobj -1248 0 obj<>stream -xXaoÛ6ýž_A–¶â؉gŸÒeÝ4AÖx†º(h‰¶XK¢JRvýï÷î(Ù²Òk‘6u$ÞÝ{ïÞûýìR ñûRLGb<q~6Œ†b<›áÏ«›)þáË*±:{??»øp%./Å|EÏNn¦bžU"6…Ç+Žžð©vb£öbqžéÊö±TïæßÎC1¸G#Ä>o‹¢™[,Êp*¾£@…ÌÕâ]ŸN.D¢2UG¡C[ñ9;ŠnÕ÷J[•p–BœÑ$º¢8Ÿÿø¡='iÕZ;”%T¢½±_øÉ‹“–Vn¯wŸžžþ¤“Ž°‹Ê"*䤋õOjÇ‘JŒó÷"C8d¥ ~®ùâœQP]ˆZYü„¤ÛÐٹЄ;àIåV¿½Ðyi¬—…¥™rÂ!#äb8mQ‚ÛxS -¬‹²†œ„'œ—Ö‹\UÔ&á”êv¹§ærCI±”ñ¦*)CÊ‹IRR°ÈJ%*Y¼ë²8'Q±B¹Bb]­VÀ™´*7Û†ŽÌÄ2ƒö¬’ÉÀ_ª“Br{°‘säÅ» •û»yÍŽ¶djEÙì ‰ zSü¨WÙë‹^¡|jLBßÁë¡ìDôpÞÚÊÜõ Ú,QÖq…tätb ÊŸ f£ ]§¤EóQRDê_ˆž_?ŠR:·36ÄhOªm¤ÖRÎIH¤n'íñaÉùÕ1x£‚̬.ë -Ès£ŠÙµˆ3N?}ûúíÛqªbÖfÇ”h-a!àÉ)%zˆeÒ'=Rflõb•K³e# [>@8DÄé²Æ?y¼{ -h´që‹Ÿ²1ŽC5Mí“PÐ`t-ãY4!ˆ `°¯2ùJ¹>àŽ!3üÛÉ|)AM¢–ÕÊÀ—ÚâÉ`}~§ ¿1 ár!¡œ ê<[h ¢`QVÆŒ餣FWA¤»¸Lªœ»bËM©*˜³a¥P—)kéxE”ÖrDB~¬"Ž•ã4aúOsd·äô[­óøÈ ô¯52'Õô¹cÈ„ùƒû§;œÃ¸¶íQnàN'c¨`Äü ³Ã(¡ïKH¹Š£¨[ g€¡šC€P:Ih—Jvùp‰†KXU JAþ¯³{`dle)òüœðŇÙq$ŒnB+¾Ö€Ð¯ÆnÐß^£Ü«hHS¢…ó+a(¹kk(“ã5øüç'2ô È(ô uø‰ %s˜AÍC§^2%N,ŸKø©Ù WªX¯4Àó©5Õ:e39é¹RBs³–¢Ñ64šF7cÖŸ³Mœ‰Ë¡¬Ö³)æ \t ´áãå~ƨ_à÷à ˆi±HM®ŽC>p–h£»i&ù@ -ä¶êT´T±ŒÉ {P<ë6—ºðø -ŽŒÑT`$/ȃXþÌ¡¿—2ù©F%ZøZÿ^f/&-b!)ˆ£¥ -mKPG#HtìœÏýó¶Ø_>Ö™>T‰ -ƒPeDÇÑ~Ó©²¦V¬¬ÉßfV•Á[^ œ£©©j -žøŒ¸—[8•\¢ŸÈ Ǧžë•ë¶qßÄê­ê‘¸ð®KM•%¤ jTÛKo{œq Ot”…}‚Þ®Ûñð.âñúb¾UE`æÐ…Ú5¡‰¥Þ±‚Æ6šU†…ô0 х輦_‹×W”î ÄÐ,x>U|C¦®›6’ -ÑëÇAÙ)“ÐÍœiº/(1…ï_`\X{N aˆ\"F1$ͬ!%Œž ->ÊzÙYe¶T6׎Þ#h÷ÌúªÊ²Nø:_ Ãã’fé(lG?;M ÎÛ–]qëÔ݆܄R¨W2:¡û€(w¦J¿©D -í´¡ª\¦ãžjݘm 9ÑâDs½ôÉá *”«r¨fYx:á‰E¯h‡&W þ.¢†Ä -£ ¥.-îŠÅþǼÄæúHú»Ùu_$fLp$\@¶htÐW¦ûNxé±/–¬þE'ño9GH¶} “`ÆbƒE¼€Ô~kx>ý8´vkj<„ÚÐ~  OS/äáDN·z‘$h -lf‘xð‡zwe™ézÜK/Ãj¨W±¸WÙNͽûp/ öé¸Î¾ð]àwz…{„uödo§²a^ß7€oèÃÖ(kÚ»Y¶p‹ä V–%ö]^FÈwÂ…ÜYÞ-,¨ L”•-áá1®,½‡«bï+š8ü‹¥‡Æ"¹ ù.¿ãîjM&že¡2¶)÷È:ì÷ xˆ†6¶zKª—WÐòWÇ[n‘[؃‹È’ -‘`½"ƒÀnEÙÄéã>s˜àuå?Í’÷$Þšø@fÕ ~ju@)¬r­íÅÕÿ¢íÙW¾ˆ™¼]ÂÅ£gÉ7[(šÑ½øpS¯J—ü‡ÃÍXL¦ãh2¹¦…ùåîñý]Ø¿Q]÷&F¯cZ“çP~ƒæ•Át8£çAÄJ¯+\é¡À]½â™ánÅK½h¬Oõ"ú fœ~¸J^M¯¢éäÿ%‚ÃnÆãùÙßgÿ€ô¥"endstream -endobj -1249 0 obj<>/XObject<<>>>>>>endobj -1250 0 obj<>stream -x}WkoÛ8üž_±0pw-+¶ãWôCÚ´@€ÆÉ%.ŠÃùг–HU¤âøßß,))Šúh µ(îîÌììúûÑø;¤ÙˆN§gGƒh@“Á0šÑx>Ãï#ü’6þÁx4ˆ&?{0L£Óîƒ÷Ë£“Oci¹¡Ñ( †4O¢ÉtNË„i0 eüæßt§4ˆòñlF}R¤S±$·ŽKújŠuÂ)£ÉÉ4µ”U•#e)1{‘(ýH‚òÂlTŠ” “‘x»üv4 þð4!蛚=¥Jï"Úo¥ÛÊQpþ‰Ø•"Mø@R,¬<&S´NIÀ€cÖ xlôF=–EÈIY[â´°tŽö[K½ÓÈï8T“‰´Ýš‚Þ=„ô)‘Ï×hYP&œãŒ ­e§°BZ“>É俨z0šFc®8 ;jоŠl-(QÒ:TSàõÜèDê˜ËF¼ÒâÔÆ”:Aa:ÁñhùÊ‹L&ÇUÕ¯Lª?:‹æ§Þ/¾* wñ{ïEË ¾¸ú¼î³%¼Ä·)7 -óB­39A4ds«ÍÁ”F.ÂmQ.ܦj‡š€5×–š8˜ -ázì_uæ “èQ¼ØPlÊ4©#…ÛùÂQ…t˜h¸¨x%0oty…¿¿~_õƒ÷´Ô°­²,‘/žuÂ"Gîe[æ¹)ÀöO¤é9|™A›sºßŠ‚A¹ žmA§ÛK©éëÙÄ»@ÇýÇÑ 0y=Vú£YÍØ­q,q¯mÈ ìsÉ)ím.v좲À`έi_Sê;f ¦vÏ+”ÍfÜ 4ôÚ<–h·5´¼O’§%2•H¹†t§b–——ËÕ[Žð"®&UЉ7¢Lx/^2+üùcŸ/÷K{OÁÈr´º¡¸¨Œ&è☥Þ!¨Ç—y?é®V+–™Œn/ï{¤6m¢TVa“ ˜ÿÍ =ï:þŲø ¢Ðup¬®vƒ5j ȸOB{9nù,²<l¿ ¼ZUÂîy„*a´æî/púM-Í•øé4òövÆ]Ê˲-áÓ°ýªÜÚ®Œ€OÓ^hOŽ…Âl’î(]K]Ò ]J»c`Ûf½ûžþ9.½ï:(ÿšÝ¦ž½^±¼˜· V¡_“Bì×"ÞÙs,^ALpj²[tsÌÓÄðÎ¥¥‹ä³ìýo%P#,ÂPQê0ëYFñùjµWZ;ð`q¦ÚÈ4 -MÕüŸ‘6ë'eJ œ±4€Ëg…-…m«S;ÜùlÒ7ç·ÆºæÒj8©Xñêë¶ÒQ™‡'vé¡ûfçËöº°ùiÂëOk¸ðôtXEQ¡§µRb'¹¦0/”f´4Ý_-fÍÐÄuÐ -ëů˜~© †Õ.¥½ëbD´†é1[ýZ¬ƒHÓIÇËÌ©Lž°%b É0RTð0¿é¡"¿p7sŒhé7µ¼òÑPuk‹!¿Or¬öªÁÐlTÖ8b¸7ìê±ÉUhz>ÃÓ.m/E͸zA/È©rlŸ®|­¡=Z¦[c˜ÁŽ#-êBh» €r_vETÞy™ÿÖ0ã/*OŸNê‘rys}qµxøp³XÞÝ|浒Ωµ\šL ¹œœIéÏ*+|Yòø=ïÚüÙɧÆÖY4‹Æ­±V1w7õ̺®ÆTxs^ ¼áxÍç#šÎ&ÑôÌï(÷×ï/x„~CAtiâ’÷.¿Eð»ýá_äæ§ÔŸ Îx¦!ÏÖ——+m]QÆ~a=§{édtÈÿêm·{Ýó…ãÙ8šá;¾¼%oæcþèãòèï£ÿRï¨Ûendstream -endobj -1251 0 obj<>/XObject<<>>>>>>endobj -1252 0 obj<>stream -xW]oÛF|÷¯X¢#ÉŽìæ¡€c'­ÛÚN-F½œÈ£y ÉcîŽVØ_ßÙ;Š¦ übñãvwvfvùõhAsü-ètIÇ+JÊ£wñÑë'´XPœÑr-ç Z½‰Þ¬Î(NiÍçsŠ“Iœ+K¢®e•ªo´–´QªEÑ’h\®LiÛÒï:¯è7Š¥©­3‚tF.—´åVàª(IT)á0U%E“â¥\I™6¯âÏG³9ÍÇѱ'µ¶NåÚˆï¼þ°ê²œuiΖ§ÑÙ±ôæ6~OoÃcûb&#.N(é§K] -UÑ…®œÑE!ÍO> dm%Y‡<œ&åð+“†ÿו$[ËDe*¡RâÙ”‹áZeåT"œÒ‡¤ìrá(5U* #SÑúú¥>~Dßåa©6Jûx÷ªJõÎÒMLki‘Äq´ ƒcuá±}x¸±£ ‰.kQ)‰þÙ­°¨EW|ð#ê"ùÍÉÊ"WËUq/þ<¿¡kQ‰ÄX"Fm´Ó‰."ä ª´Id: -w­£­ÎܬGg'Zð!£T¡åjÛ8U=øHEˆCÄ(Np’Ê”ty{}~u¹oŽ)€dEY(Eg£°¹Þu$b|kaÐUsh,ÞLŒäOhÛ'(l.˜ÿ‘Ù$—%Ç8ž…‡­|)hÖçמ’xl¹ŠN˜«Ã»¡yœå–“³áè–¤â$¨.˜Ž™*¤ïZU9VÜõÍäþöî_ïn?}¤6_ð>3 5Ž Ïo^qõ8\ìð$ÄR1Að v¹•fJ*…i÷Ï%½R¾ûN$_šúû'7¯"/9+JÔ ¶™Æëšnׯ—t/LÝ{J—°ÀB…Ë}?YUªBŒ‹GAFg§4™k»\%¹×Ú Ôg*…w@~ÀîqûbM¥¨Zª¥û¸ßð¶ë# $k,x=…©î%ز¤’B -(ÂÊŒO~–¶ƒÈd[¸Z‰ö¶kº™û^ùÀbjr‰¡¿Ì ‡À)蔵Ï]$•6}=@F9% -õO`“ª ·2üÏÂcT™P*ÁY› W#¿6pïO|ÿRÈF‚,=ÉLSydÁ/¼0Š>„¬•ÑU‰£Eú2D4Ÿ­ð#%Lœ¢³Zàž¹„ŒÖ³)ù –9Šš¶•(ñ¥B‹TlÑÏBm ¬³C‰s®’g5µ®"º‚Eâ¦|ë0Æ‹Õ± Kî´Ëƒõa €OáW)Zªd0_*Ø2‡Þ¥AÄ@ÌÕzœùÿÀ‘1•âanì=9 i\ŸY<@¾ 2’<˜5êåäð.Áö”}¿¬9Q̾¶Æ½n‚bAðëÀÀß.Þn6÷W77ñfó #þ´3Làú†^¬=­ï´v/6›ðãx¹Ù°lÔC×£½Yr!J5ߧá)¸ZÀ?:Õ[f;JD!?œë8S™äú ÓgòBOÔ£ôóŴКN‹žô­n`-v ­„¾2P®P0o3LQ~mß"vÿ· M&š ÍŽx»'7îw+’•IÓo?ƒV€«¢[(†(N©ÌC„ÍÃK,l>Ø8g§‘OƒÎ9s ¸QzÌ‘õû‹OwWñß]a®Çƒƒ¼?ž1†°Ï2@ãÃ=qÐ¥JÃÅïÕ fF4}ŽîÏ–ä ƒÄLhx¶wQyبԩ,BŠ–÷“>Ù§ø•iTjï‚eEvßÕÒÊâÊÛJ¸¦¿ÒzŽ‚b€˜RYÞ¶(ƒº<šOu;H“j¸Øw† ì[h<µRý(yB²ý„€‡£'FZàk÷€ ùËÞ Ô¸ÿ úð–ï Ÿ'|•×¶—cëËí˯ ¹Æ¬‡ÈÄiÓNéÁh¬a©°¹ª1¯‘̧kvV8¸„Dá»#ýýجÄxÜùÑ€þû Óh§@BO3å Û]Õ›øÁN»öÏ óĉ¢[Ô×{2u1 ¿n‡ ¤ -mã“÷vW´†{ ³Žg¦›ÛxÄ3΢Àó“ˆÇlÖ Œ~6öAB¯à²xðY>ïþi3 {X)» -ÇÈÆhê!WÀ’<•‚à1ôûjÏlvÿ|ûT¸wxIý¾Îâg¶Œj¨†¥0h™ß5>¡˜Š~Θ">ðèõÍDEø\€lð!µ÷¨ï7ŽþúÃY7¶«Óh~vL«ÓE´Z½áõ†öî;®þ ¢bsMÞEú/¸Ùþ•Ùéüg~þ­Ƅýè -;< C½Åëü÷ x~§aü©ZœîŸ“99=‰NñOçtrö†/½þ:úþá7Úendstream -endobj -1253 0 obj<>/XObject<<>>>>>>endobj -1254 0 obj<>stream -xmT]Oã0|ï¯Ø· Ò¤”6ðÖò!ñp…£9¡“xq’Mkˆã`;ôúïoì´GÕ;5•{wggvìAB1~ MGt1¡B â(¦Ëd¥4N§xáo˜ªÁ< ïÇ”$”UH™¤SÊJBxSVœˆÂIݠβ¡µ°ÈúèØ:.IZjÙ(éüÇFºµlÈ­™j‰5KºÂ—p!óBü”5¯Ø¾žF§ÙÛ ¦óÑ$î$CÖR¨\c¡óɈ×eW 2°¬¥Ûöå -ÑPÙ©6@½È¦ÔK‹Œ–³ï$§Éª¼ÖnJª´QÂ]“eÞ&ÑÈÞ-nž=e‹Èýv>¹}¸§‹ç«ŠhJ¶]>´¾Ãa» èÙêÎPÃÂ@Ž]ûJƒZ¨tèuÙш([CºJ=+¼Cܪ«)ï^£åL,¬¬·~¯$Ð’ª­Yq(05ÜÖ²a8Øìų[ÌEÙcu÷"y–/Ú¼¯ŒîZ{Fûõ«Ë3ò$÷ßÓ‡YÊÛ°·dóÉÆúö¨ÆÉB¶Â1T#qDõV+eËEgüÔú®úák¡gt]ƒU¾=Ä„ÁD0M°@ÎÜ Þ.”@f%WárÏp?ÎY­4fÀÈßRÙãod]÷Nz\ÜÑ“‘J`s×Ü; C¯'O·7°$=8ïè’­4"¯¹o˜E±>¬xÄ5´ ×–ƒm˜æ¢xïÚÿâÌή¡õÑ@ÖÛú‰§ŽŽ LP -'ra™¬>èöˆ¢lVGMÿ¼ô¥‹¾á%TíËZµ ¢Âáö§ÚðJZg¶aÃûtws$Ü*é%iÜiô7ŸAvý†áAŽ¢óÞ ŽòíœïΧñ•?‘˜Hnoé‡]¸{ì5-Ù9Ððý=k¡üëO¡z…+Åú‚ãé8šNR\a(–NüÒ]6ø1øl©yendstream -endobj -1255 0 obj<>/XObject<<>>>>/Annots 735 0 R>>endobj -1256 0 obj<>stream -x•W]oÓJ}ϯ‰—"%n¾Ú¤Hµ”^xzI¤^ ú°±7ÉÞÚ^w×nÈ¿çÌ~$©Óêê -Q°½;gÎœ™>vÔÇŸM†4:§´èô“>Þì~üø«3M“1M¦IŸ -ŽÏ’ixÊiÆçéì|š i<àÿCü5’–ø0ÂPüaVl×ÉE8::KFñì3§áìàb”LŽÍö ¡D;wWóÎéÍ û4_"£óÉ”æ™KoÒ“ÏzCµ¦Ë´&aIЕHšŠ®u!TIuYçÒžÄÛù¿>õ†c˜8¹mŒÌ·4ÅBìfá*e¿ƒ‰÷Û_3ÒÈÇFYUKú!E¦Ê•?<¦Á N’s>|%— muC)BQe#Œ»ÃÕke)]‹ª–¦KU.…•TˆIÁ᳨Ý]‡T°U‹E.i£ê5\ªUcà—Ù`äƒôIÝ^dP2iS£2ó.¥O¹‡¯½Ïßïæß“—ru1˜+£›2{5Ã;ŽYˆcÈ?Зð©éZ•!!>ÌI j¢´”&×+]—ÇFÚÚÒÒè‚6Ú<ØZÔJ—ö°v1Ã;UfzcéÛ<8Nèn-Kù{‚ëÍòUöCÇïö–»€hî_0¨¥Lßâ¤A—èò˜S¢Ìðƒ¥µBÄk kÆ™dÿ¥($2̨ÖÂG¶ûBõ¶òÕàòkcà1¡9Bñ.Z~Hld•+i=€«I/‘#˜Q8¬­nê§.á Éߢ¹ÜÛ*)RF þ™#µT½T8¡lË·­ÁßÌãä.›<'—<3|ü:¡K¼ut> éy‘y¨§L€È »7lu/hRDzÀg—_7¹eÏ!Uh(€„À¹ê¦À2Ç¥ávgrŒ¹q*`ÔóÇÞÑ%ÝU³=¾ØÊÿ× Úä×[WG Í‚;ú5™±ôëäŠoøzrrãC‹@)€U‹^Ç»jËqó«ƒ,#ÓvLßi6#!å - ¥äT¬þ;Ó% ¬cˆ™fîj4´”!V²hBvˆ QÏWSôÝþ¬¥Yk}ŽÂÉ[O—PÖv’`ø¿6bKÊ«DЦø–“m©‚ëµñAFSíõtDSVÍ8W¢+Ä“P9ËLB×^"…V¾µB‡–V‡pœVik™6ÊFx‡'KÚ£×%°™@ƒ–?ô¹TO>Öhɉ]¾Mö™*Ñ«P4 Ća¥—K•*øØbNT¦DÞ<$<åÒâRÖ;ùûõ(kÛE?¦yG×AËEö1¸òn™É@µ–¿yÄÚ¦€þpÀÁ# ›X2¦òÕ%λW;‘£¼ê¶±¨„Ám´…z6ýs•ë…Èï{Êȹ‡V±Å"á±3ŒÎ•õ;¶zzÓ§ ¿ƒd<B1°Îà_hë;O±ŠÞûcXbø{H$´æ{ÚÊQžŸàîNœÞÄ‘ß‹N'Î9ŒÎx‰œ4òᙀ)m)Wí‚~®‘¶½wøâ©”µ³|Ovͼ¹ÕŠ-ãŠìð¬1âÝÌÇ#–Xâ3RA¸cFaüCïÖ‡šÍþ(3Ì=®©‹É†ºnë9ZÞR ãž€šg:E¹Ëúõ ÁÿÇFäjÉsé…- ö²äB|ðµŠÀ±´‡]é|o‘wkU8–è]ò¡pŽuQÙŒ\)'±ŒÎ7Y_}ù>#_}æh (wõÍ õèò•»/ßf@Ý Æê8/P £EÁ¸õ™kL, -9íµÞ•.†àÚ¤å°)¶œ]`nŽ† /ám»s¼5ЛÁÂk> €‘.Ø,‚Òò÷œÛHcƒãÐ'ÂVÌB„åg êÏ å–ÊtØ.Ê­‡-r‹íÑ^Ñ•]Z„Uã«J¶zY·¼_{QR¼}0üŠâÖgÄ}¨"¡ùB€¡µÖ–©È „(Ï(vvz3ÝoÝÓ‹d2:ã–þ_¿Ðÿ&0žŒ“É9~íaãÓ {þ4ïüÝù­†Iendstream -endobj -1257 0 obj<>/XObject<<>>>>>>endobj -1258 0 obj<>stream -xWMoÛ8½çW °‡¶@¬ØŽc;½ùhКva/Šr¡%:V#‘®HÇuý¾GJŽ¢$ÝÅ¢j[ä|¼yófôã` }üÈd(ÇcI˃~Ò—“i?Êh:Áç!þ*-Ëð`tz’Œ^zp|2z~ã|~ptu*ƒ‘Ì—p2žâC&pÐïË<}ûÉn%³Ú‰’o¶ºw^ùÜYæ&“Ü;<+Un$µÆW¶(tõáÝü;,Žd0ˆ{à ,¾=“›¹l[&p˯tc`vöùü ?(/[e`XIaSUÈÆéJ¼•…µÁãóTyÉJ9þ"y4Dï}é Ž‘)¼>Æ%K[Ið’ȵ9ùUîd±Ã—ÜÜÁãöç×_fbT©åÇFW»p‹Öï*»YÇÁȃ”v:î”s›`…<´JWb—!ËŸsƒ'¹—;ô*½—eeËð˜¾r>eÞÏ °Seð¿ÛÂÞYÓñ\iØpÞ%2·b¬»ÖFœN7Uîw²²Ì/¬_í:Ð83tºÐ)½};ÿrùå½°ôˆÏ./$]Y§Íí»Žß‚mUI"0Q%r¶ô,%KL›í`9‹žXî7NÒJg,µ*âa™X“ŽoF¾䰔ݾ#h÷YD‡¢Ü= L¨õº²ªHh«MüÞñ]Ê|Çš¼¿"q£Jö­yZ? /™É‹PÒ•2wZzã!âÃך¸ tftÆ«P»=Ÿñ/t“nÃV7æ+´­yº`þ %þk. -×ã/_*Çò¤v½ëÀ\Sæ`§pì/•‚Ïu -‡‘cåÆoTQìž´l 1Ï5x4"ñXµ¨w<Š%¹÷gª\¨ rŽÞA3^Fé¹ø­ô$ãPÓÄG•µk˜ Ñ"1={ÐÔ&ä ]”O¼M-¸R8ÁžÚi@å†ÉååºÐ%hª³`¬ƒ[Œx®UI:±n,,oL†P<èd‡JÚXŠEDsºa¿Ôy -Ãèøsr·B“ç­d®@s8~Dóš*Š¶—Tr”YÉ9¿%X!øò·¦¢ fAå+­â§ý'Ç{Q=¨¼P‹¼€æ@—k’D™‹ðÔdG)VX<ù=È:Å!Z”}}xÈSE‹²'Û¦á£ã•M(¶5¯S,Î9¹n<©:òRëGZÍØù˜Q(¹«y‚ëÎ~Ï80¯÷ÀÇZf×—- .Ž3à65²ŒX$i„RóÎ[¤Ô#t™Ýœ×Uþ€)yôùìâÓõÍÇþj+>/XObject<<>>>>>>endobj -1260 0 obj<>stream -x•TMoÛF½ëW Ѓ bDJ¦èCØù@}hêÖz(rX‘Cqr—Þ]YÕ¿ï›%ÅØJ.…Y¤fÞ¼÷æãq–Ò)­3ZæTv³ERôýÃíð° <Ï’5­Š5¾/¯’%9¦± dOcìUQ$é›!þJ«å™ÈôÃíföæÓ‚®iSSš¬–å¨r•´©"ö‚6ååÁºo;g÷=½%¯º­zµù:[Ð<S^V¶SÚP§|`‡cÐÚ5GöñæÓŠÒTjχâólIx¡aúg×Ú­j¿Ì=—A[C¶Žï}·MJkêÓóí‡÷ míÁâûƒwdM{„;© ¢QÓÃÍï·7¿¤å‰ç2ÉDÈA‡&¦þ}÷ù<»'v#,¥ÞÙmË©¡Â ,Bˆ¢Ïnïþx Á¯äÇŽ• &sÆ¢[žrEÛ#uMCĆž²Ñ†…S¯è‹Ë?š~Aµuå3ñÆJ¹ ýLìèÁ–.‘¤hoôãž'‘>˜;Ž^TR úsït§Ü‘> oMp¶máÖÐ×kJWÒW É­o³ª,ݬou©‚hdB#{åýغåw/ÇéÙZ’ÿs^NÀ³Dñ׳ñ:è'xu¨‘Y‚»•ØxhØ0ÚI%ŒÝ‰I6Ö‡ ¤àw§*Žäe®ÇÎ|Dü‘öÐ~áa=XZWR0ƒúR)S=c0I®Neã¼>œÂ)N›ÝOÌ¡HÇÖT7Œ^{táD;˧o†á§8nקKDƒõõÞxJmÒº¬)Õ>qf«=ííjK×'cigŒà ù~¼Ï‘ -ŽÃÁ“³mxS;•BåùQ®Ð)ÇSï5ùb[)ïéf°ØÜPfrÑcMð?ÿÛT-{V)Ìù?GÚ+ì¡­ò&¡¦ÄŠ¯U™r‚mvá¤-±e¢«‡Ê´=|°î…œƒDD¯=¦Ä¥y®ÓˆÞ#üÂ_½@ …á»/Ì)‡šÖ¨QãT6וÌh?¤*× -v:ƒ%¤›óÙ<·öÅã¤øF´éhÊÐGÅ>Vº”(F´¯ëê_ãñápˆ,~ÍSUEÖíÆ|dü>i«=ZF+nyœÝLo—V;,Èâ¨+yÊU©ë“—Gzi83•ìˆ°Ë'ªÒQb‹ñ)kÿåÑtÅwçÀ~³µ%þøÃ'm!OÍ67]±ct5Bªí“b» Àˆ|>úZtŸ¦4PBqho’}[dv½Ô);‰Îêbv:T!U°o3ÒÊ18›¢ÐnˆžL¥Ü‹m ÖK*íºEô¶q ÊLêH•³¯âäVÓ^çUÖ䤜tc¿¤k”]¨`ôôðnÄÅýûãçõG*”)küö·GzÜ•*1–ÞÙ¦Òª¯þY™Ùàok*ÌYbNá¶ç†Èœ-èñáçû†RÀ[Ú!#Ü}þ”j§¥Ûšw¾pûYVœÙQ/µ!(Aëƒå`à{Y; xGff×¾LW¡l;ŠëÀ3oy쑯M›„£y p®[Gv}ú¢Nº‰à‹êjðA}°ì.Ç¥PPAwnwh¦ÍÀBÆ™’•,Û9ÌyÏ}¤”Pi9éf ˜.`Œˆ–ÜË…­ÔÁCÂæ†Z»ÍÍî"TÎt–‚ªÑÖÖu®aäE<@¦u§$ô™õ'J­SN+÷0 ê/û­{ª_‡MìF]D®Á” -jÛŠÓ%ÍxŒú;±YL1“ÉìÁ BJR&Êmò†‘P¼K·<›`rºÊMÂt­ÎcƒtœK3n)¡É²~XÒÅ°*Ú~`(ç:ÃPFý¹Åp‚o›û–Ô|h„E×ñäü±L6ƒxssÙ"çåfï÷ßÛJÇ’—œ¶¢#øe_´ÔüM‚ì©G]ïjqgFÆ.WðŒÉÍÖç¡ \(™&ÆÓdFèî^ rŠ,9 ¹Ð/ÐÚÓFU×(nÿH -Ãe¡Ï“Æ ŽÕô—Ê´ŠÄÌ6dăeXï?éR…&xL¹o3ó•ŽoŸZj¸Ääß$ªS’•÷ÜQó&—ô Y˜ÐRLh‰<ÈئÂøÌ2¯Z•B[ÝH†ásàÒ6Ðoä1¥fÕ1å˜ØR)jY—ïŸÛ F!ýp'ÁT!Ìnc¶ô>†¯Â– '!Ûö€.±WEºEyéL6ƒÊéWˆåò^èÙ*aÏqå8çáNÐA¦2ò–X£Nƒû»?ž©vZ3-Óc+”x‚M£ÙˆQáx˜mªÊº:Ðâ^‚§[•¼hàt3ÐÑ.jÇÔi×u£ËLjg\l¿l<à$üt¹¿N·_oÇóÂÿA'ˆØž¢¤“]Y:Ô|ƒoäPžùÕÆ”aÊ$ox -E¶¿mþ;¶<4­X †›è¸÷61 7¦:°œ= í—)cÝ2ôfÒ4ÎoÄÓl.ÅÁƒ)7õñ¬¢Çx…@áÀ§Ç6gt´M7®öÀ‚Œ¡å¡ÈšHzãEºúDÁ¯7DeŠJ°‰Á¼>Éu8x-“áÉA³X¶‘ÏÎU[}XÇcATå¹ÿîüÎÓù §õRѽ½þóå>/XObject<<>>>>/Annots 757 0 R>>endobj -1264 0 obj<>stream -x•X]sâ¸}ϯ臩 -© -ÌgöiÙ0™Í½I&7ÚÝ*^„-@ÛòZrþý=-Ù`ØÌTmÛR÷é¯Ó­ü}Ñ£.^=‡ÔQ”^tƒ.î>^¾\„½0èÓp4BJ©ß7ÕUBs^OÃÁÏ“1¾‡x’Öᨋmƒa xÛd„þŠ· ºƒ`tx:˜ôƒIã)  B^q*´L&@W†Já¸ôª¥ãI0ôz77@önp#Åš €ø« -wÓÎJҰǘOuþ¶¸èÜ ¨×£Å¾MÆ´ˆ‹º´ˆZ±ŽÊTfVX¥³àjñí¢Kípe‹¸µØJ8Cð›ÖrG¹V™5d5[HcH¬tii·–ìVoïÜ…•²V»½SvÛNb‘‘ú‡5’ÅZÊ´¥¼Ðï*–A=̦ÏdÊ<×…­ÐôúpÐr-‹BƬ_eN¡Ý*A ŽbU%e,a)HŽƒQSJ¥È é5m %ßU¶¡ÒÈ‚Dé2³¾ÖEê\BëB§$2úCe±Þ -»È°idÕ»¤™*ddu±'ì~—…ó_ç.ªÐÎP`_†£qåžÚîa»6îUžˆˆAu¤:¹0fÿ+ÑípônŽ&³cŒt“²2¥ö¬T˜›æ‰2[8uµ‡X©‹ÀÓ|£czž>Rªã2‘& ‡/Ï3 RÅù17ò,J‰Z^5µ½²BeÐà<ù<=Ð\¯íŽÓjÙÚZ›ÿÒéìv» qQgyÐïz'¡êÚ…9–‘8•0b­6e¤gŠÊEô&6ÐÎâWrÏ6ã ™Hç’c~’2•Wo¨‡ªàòh÷>õç>ÛùcîâkXe³šÚáUî+¥J]‘Æ+Št,9GÀÉg+  ÈŒb˜”Gì|k¥±øê½Î¿æ2sÚ˜…|F¹…Q¢P¡gæüìë&½Z³Õe‚x"¾«Dr±ìtñF\Šô$­‰D./M#w½m M4Ÿý÷3½qéd"Cßœ;agÑ´>\e€Ø÷š‘pž)€Aýê±ÁƒU¹AJ-8ƒ¨‚Ìd€Å[Q¸}kõ= ûõ™þ½.]l¡+œ3ëšòD -ÈÁfSB=”¢€‘apt’ 'l=|nZ‰vuãWwh°'#útû㽟䤥Âíy‘‰£ ³U9Ëç0¾ÜÝRØïŽA—F}ŸzNùaæÌQ•(e)Äd2Å -&¯oÍ„]§y‚,ó²ÑÇ·äwª–¦Ã¹Ôñ6z§ ZÎBä|ÍAËÖ“¶ðž§s0kSñ!‰Aj­¸`‹ˆW#¬ßsY(×F’š¼eÜ¿wqƒ||E„\àˆüYdÒÊ]¤Wß@­Qò# Ù€n3âväø¼s×¥®Ø^0è‡ ºa0Á_bsß²…çý  ñà=H¼èiúø™.›*/iþúŒæ4_¼¼Þ.^_¦5BôlNü3û<¿¥K¶ -íåGë_ç •*¦OTàsyõáºé_Äë¢ Ë’ô™é^#s?Qfù.~ÆÎ¥åez£³ép’[µ^ûeô¦¢7}¸‚´[‘ÝnE¶ ÂåciìáÁÞ%bc~*?VjÿÄÔó‰Lºú]»o[ü™Ü q7*T;@>PShNbõà±ôÛÐg°‹[ó 0ã‡`‚ •¢2¾ºÌïg¸ëMö>>rt»Î±Ë”Šª›EA®®éí;?óy©y¢ýz?{rwÑ;îjè›\>Rð°׶U“ øߔі9‘‘0S€«Ð 2”G^®|f¶#æ7[`@±øꪪÐï3âS.§Ù¼&À3µ¦\¥ÊOfÇ¢mp ` OŽ èŒþ*Yõ(ø¤aÛŠHû¡Ä»V¥˜¨X†Á0ÄÏ;‘÷Û*Î]"™ X%>d \Èm5†ÿ¤”Z„}Åþ=æÌ@hvx˜BO‰Ã!‚é€tPíÖ¾>Ýÿé|4ì4õ¢âfƒ.Oiâ˜r­òâ>eëYÈù‡y0VyËŠ°¸ž%—ïWÍÔð0„Äñ&±C@–-l&šåUåpå‰È}¦°š½èx×D™œÑ¹¸qq¢Ãrü"¹Q‹jó“Á}Fà(ŒÌ‡ s£åÀ~äWЛó;wYW(À uŒë`ö5» *m¢!W…ÝUo"–ù#ãÐó¡ÃÇJeþ€sœ+‘Ä\H@Ÿ~Lu˜|~ž)õ|p@xWÂí=e1·äg³=¢ž`j­Â³‘6ße"]¶–W×$m€Ù$ðfsq6û“Ô™nO.p.¢J©«Äyµ Xv¢yd¯« h’TÁîY—Î+:ã9-Ò8BE6ÙWAæDäy³Ü™Òf§â}‰³š6FUc¥/vŽ»Ç‡¦ñÓÜÏà®1îÙÊÑLÔ|" öè™ÎˆxºŸs^ó4 k3iÝD ¯9¢Ä˜ámCÂàœZs (Ð1‹2² -«qnRÑMÿèNú4Œ‚ÉhÈÝ}>}ümJÏ…æɃfÍS%Ãl×[Úã.f¬ÿáa0ãŽú¼ì¦Ç»?/.þwñ ý,Yendstream -endobj -1265 0 obj<>/XObject<<>>>>>>endobj -1266 0 obj<>stream -xVßo£F~Ï_1RB¤ìØÎcr×T‘Úܵqß,U ¬í½KØåÿ÷ýŒI¬öŽHŽñÎÎÏ׋€&ø hÒtNqv1ñ—K:~”[¼Lh:[úSš-øÜÎü€JIã5Xø·íÑ|æßuGÐìO܇ÓL–hô„¸\kyX]Œï(XÐjgæË€VI}wB«Øû¤óÚV¥Ê·ô"²HÐ^Ùýöùþëõê[suÖ\M'þ—½/…ÌY€bwYX¥óF|—x“‰·Ò¤ò8­I¦* -]ZÚè’ìïlï>Žu•[ÒÑ7[È’È©³¨¿êò@F–ßeyCU ËÅu°Ñ ‚©²±Z£oâÌ$SIV“IE‘\™So©Óì7Žs®[Çç>BN¼Rk{ٜ޺Sâ¢ñ»µ2–6kd$MD1nLßç©|–oö¦K'áÔúI§Z¼& $hx…ãó¹ƒ >­ÎdÂV¨ÜÝkÖ–*ª¬4|¿—ÍýNÅ;J$‚K¨*tN—Ô˯il\U*¹:*"epm£r™pAþÆÚàÄåoà2ŠŸ|P׫D™"‡g‘Éóv>H' =ÛB–FçgL2N|z@l¤7lÜHÊ*€,’m¥’Af" \?^¿mw ¶ÀŸMC…·þÿ¹ËKꤸ(N4$„d¿´öb¸Ô¢(åkö$¸¢Jíúº=ˆÍµÌ¤ã30_SiÜSí4ôÜÈ¥L`†YÝgôO› ƒùƒîž«úO¨êw”÷¡Wy¬³L¢}ÙRžÂ0© tE{Á¿¢û¸¦ÇXùóñS8,P«ç§—õµ+à Q(ì°,Ö$W¦è2|<¬süØ6ãQ‹³E7þ –!Ò¸Ïå³;akÇ34ndtÆHT, üõ{ÃÊ4øQ¹©ÒôÈ{sƒü×jjltšê=&K¡ëÒòMdE*oêô@š ú»(6C™À¨`sï§Cœ -c ²ö¸MÚ¥þ¢ÞÚ9‚“¹úø×RÈ0´—iº¾þ/Ò“‹lÒªu`DúëF&ï@9”onÀÕ!€mòÕ õˆÔB¥ˆþÞJ‹ø‹}.²µ÷mY!zT”ÒÜtZ[Æp—p,’Vm$Š}©’³ŠqÖSÜéìyÚÇ=·K‡yžhÐoy™8W”cözuƒJ…Â:àt³¹-Ø ¡——MJ‘ç*‹0’øé=߈mÿŸXœ÷¢>¯-“lñ/—£Æh½aÕkRKµiØRí݆ÅÁ¹ÉÄm%4ˆŽ1Tˆ³ÎbngU|*&fÕã,úë}­Ñ¶[ÊhÄ¿Žx%ŒN zhMœéz'Kêëmz?Ñ -…^æ6BÇ•¥S̱§.§4ŸOü»c,ñ^¯¥®W¸Ï:®¸'v[ᨽ2ZLjùw)9]:g‹™¿˜cQfÝw!{÷Ëêâ‹Ð_9endstream -endobj -1267 0 obj<>/XObject<<>>>>/Annots 772 0 R>>endobj -1268 0 obj<>stream -x¥WßoÚH~Ï_1 -º ‘‚Á@ œ”ª^Úžš\®ðvÜÃb/àÄx}»v)ÿý}3þA´§*‰¬wgæ›™ofÖÿ^øÔÿO£>  -·=¯‡'ÍÇ—ƒÀëQ0æÏ-ݽIµHhvq´ÜR0ñG{¥Ü¨ï9Y䪽ñÐ (höJ¹Û Öödq«öÆ·^Ÿ‚fïh¹¥É˜q6{¥Îaà ²8è¬öÆ š½Rn0€¡‹,rÕÞhâù4{¥\qlädq«öF·l¯Ùó}Žïíd Îû#ZËKö¼ñ¹©?ìšEý^àh8á÷ÈjZ&²:ì#0~u¸9ún~ѽ’ïÓ|Å4Æ#šG‚ÍÃv©ŒœK®çÏ8V;#oÌô™GíE?Q¹[«‘ÍŽÏ‘ÃRƒ¶_µ}£m㔢ôj\±ZÅßÞ¨d'ù›ÊŒÍG§ N¨Óg2#´óvšiÚx©#B„ò&·]z¡IW‹öí⚶*¥L­q6ÈÚÅIB©Éi©AƒL«’mµGÍN#U7¤È©m–hØ£&µbBÀ5c©†]œo œ>¿Ÿ>Q[æÆî)4E‘Ê`Á’r¥¯=š0Ù|o8è×[oŒoxÓjQ·p¶›˜P%]_ªn/»µÅª€ÿ½NÌR%ÿœ<&þs:,lœïéŽÑ ïØ…JRŽè4´û,GXœÛ9œÝkˆ£}U#r4Õù26ŽRµÕ85ŸÎ>Îÿðç9ÃÐô²¶¦ÈpîqúåñÓ´:õJa‹¤(¬N$ð™²Ð :µÞBrWqª%­ï)7eÄ7:¥eœFqºægœôCàá4’Xë{åx‹@›ÆmÉ`¾‰A5>™¹+™T‡Þ#ú¢`ÁR,„= f‹¶…69¯=2¬+ÈK|#êìª&Ñ/³ßFŠ¬Î³ǧ{_q¢}Å®ˆ}vè\„[=ÛXÚÕd]ÎË£¥Ðp?­$"—èºq\ÒW•M’OÂnTºÖî‚DÍ‹ªV4hR/ðÑ;í•-à2LïfLczP)ªÏÞ˜â.ÓEu…wÂpþaìúòn+tèr& p3*gBuÖÉàúÀÕñ0C1muZÍÎúÚÁm{T¶í©“¾±Ò~`H–‚¨ã-¤¢„û• :ÂyC{SÛÈôÚšˆ+Ÿèo±c¾×a¨n8Ò^°c•GnL"lŠ´JÊÉøÊÊsŒê"×®î"õ<PœtýØ2c¹Í¿Òö -ö3wá$~Ñ'îõ8Gó(²P!ì ¾ªæŸ£‰Aí(Ì—Õ -—„eµ&³!©'nE.S¡þí8v¨ºCLÐ2Üù²DÅ鳑vÈ]°@2DË´³ÈSÓ5¿/“Þyôbpb”/BñºथÇÙLøô4}‚Xž¡¨°Ö\ 7u«èê<ìr…É]Š;žè)óÌ Åõi?¥4“žé®¹´û^ßðPÑ¥SGü%·w¹ÞrmqˆÐU(3.þV¹ïaTco«ùÚ–oT^©Þª—Ó¸Ž¯wÈÛåcV{t^›š€A0 :5ô8ïc$â5¢C!*åE‹CÆqíÞ«·?À{ǘßûp± -äF:›>¼›Ò“5\óôÞ„שċe;µHgÔÃ%0jÿ}GCoà݇O¬å÷ùÅ_ÿ -(?·endstream -endobj -1269 0 obj<>/XObject<<>>>>/Annots 775 0 R>>endobj -1270 0 obj<>stream -x½XÛrÛF}×Wt)/ô ó&^\¥EŽ7©’e¯É”ZîÃc3ôÌ€4ÿ>§g’‚MöR¶,‰$ݧ»ÏénèóÕ€úøÐtH£ ¥åU?éÓd:I†4žMñzˆo+)ç 8zúñîïáèÍ`–Œ©¤É<™R|SÐâêâmIƒþ8™]\ì'³,5?ì†ÍÒp>Onj§ãI2ø¦×ÓÙ~2oüqyõüÕ˜Zæˆi2›Ò2 ˆû´L;…IEAkª[=Kž-?âøœ8ÅÇ{£1Yf…L+«ü‘„Îȉr-îÒÔTÚÇ;ÎzÃi2á;–[‰ |ûƒ!UîŒõB{Ú¥½#oJ)˵´tØJM™riåœÒò[I®qhò'þHjo•t¤4Ÿc÷€9¡4pš)+So챎dRŽ*ö†“Ê£ÜKûvXØê`á»(ß -çÆfd,iz'ÅN ),yùÅ“ü\)ä Ã%Ð&E¢Ö’1g\~PàH'gc¡ƒò[SyʤUûš ­«6Jƒµ®ê¢7.¡W(Xi@:¥scKáQÂvI/T¢åôðúù㲿 äÀl8ÞòúÓãý»ßÞ.yóHéV Ð–í°Ù«¡÷ó›÷Ë7½{S `Sy0³aÝ2ò=;†{re?s\9WÉn¸r]dbGÎ×äÊu’§¥d—™ÌEU4òA~YbšhÈWó®~Õ‰L»©yØiœÐ-’¯5¥î¬ž¡ k‡P­õðJ -r0/i-דð”…(zÏ¢Ž†€ðÍNjF ÷ÑxC—”'åàÂY „aF„œ4¿^X¿|XD‰bRgà’b¡cO ]!RÊ ‹„~ !^´ –!›©pÈúÑT¹àÑ›â:‘©¬ØDž¢1‰h x§¶ôoSšç_å4Èí‚&Ð^ø!§fA;k¼IMÁyÈä­ ÚȸÓåbbׄãÃû²ñu"úÙ¸Íu[ùf¾6¥ B­­°Gr^;ß« *vÕ.Tú ØL1ø·5È5ºqę̀{jÊ²Ò - Ydké%O ÅŠo9c#0õ3±&Ø4…rÁ1:6÷ G¹5%m¸‡p®Ý›øz 'ãÄÛ„–\ߺGeF³á†Ý9dmüîîþëË‹!ŒÕŽ+Ä. ZNZzÑœó<$ãÑ-á&™á7†À?Pìè %*?öõL_“HS ‘.aÞ€ úH\Ð#“…;µ'l l)æLñŒr·çÖ=ϯ&þúâkð]ß^§ú6ô1ºã¹Ò5ÕíNš]!»Yz 9)ýÑ„×Æn®é€M   1ö7.Q¸xÞ#zuࣛÀ3r'S%ÐOceé.׋À£Ëær¿xr’Ìú#ZoZ`(±€ÀNôn±MŸkxvw*O¬ãå–pN`»¤Q°w¯ïÏ,Lzë#Í“‚ÂÊH 2} -²¬h×C)'ѤÞ^¶ò ˜ªÃ-N´ •ç¯žîͲs±B4LŒ+D3sžVþœÅ΋C{RÄ_ÆOˆ[±ü?ðïÙƒp~![[&ðsÓÀ)7H¬W%¿©›˜Òhÿƒù´G‹+±ISç«•Öá?JãÅ@9SŠ¼ö‚„<ÞýÿV?ˆÚ¿*Ħ%„³ËÔsOãÞm±Ê‡©a»Ïïßèòé'‰¥áŸÿ:“›ìó -Oyãã""W¥[fð¯´êp‡]=ëÒûUKñ'ÌŸ|Xu4šs³Ê/;G1_äžÿr…<ÌÏìôxñ_²¹0£—¨u,ϹÇb¾G"„¥œð b¡2 òJy?uÚ^Áb<]ÁÙcžW—ŸTúé{û„Ìî…¾ß -½ù~¹…ÓוóßÙëÖ”ò%ž,¾ŽÓñ0ÊùÁ2¬|† -é¹qc¨¶ -rÀ‹Ë9øõñ´÷èõõ}OÒ`þÉ#è…¢¸ee—vKÄÏDgõþÊO.týá&mxˆþÀóŒ½Ö€ê‰EP ½«Ÿ]¾E÷oLŒY½» F³d6Ñd2M†“Þ%w¯¼£·Öð<¥—&­Êfj±ñÞGû³õ¦}¬5ò·ñtœL'øËŸœÙÀOË«\ýÔlH/endstream -endobj -1271 0 obj<>/XObject<<>>>>/Annots 778 0 R>>endobj -1272 0 obj<>stream -xµX[oÚH~ϯ8ŠT-•‚kƒ)H©ÙtªvµìÃ`àÄxX_Bòï÷;36‡v›î.(àxfÎå;ß¹˜¿N²ñvÈw©Õ¡`ub[6îl?>½ç;äùžÕ¥9¶gùå1Ýé5·k[.y]û\ü¥’æXèv!¦úH,“Ú=«]îtڞ嘽“ºVlwé‘ãÐdÎvuº>MBm–M“ ‘/%Æj¡ -ÓèQžÒZ¤b%s™R”/g«™¨d>m´§oi%lYÀ2•ÒJÁÄ(ÁåJä‘J¬·“û“w—€A볩é´àÑ$ldA­ó"_š-•I>MXÇv™Ö©ZË4¦l-ƒhÉL[±ÆQRs}]d2ý%#c¶9zFÖðf„Ïñ×ñ©”µì©·.šG±´Œº<’ðe&))âØÜ×J¢ `ÆðçQR®´ÂD楲¥H!ã“œŸr±„ÏØqZSü ”h6}«ëÛ±<têv|:„[¯7[=«Ã€#;|ò´Á°¥+%°åQÆ`<Š¸VB£E™ðŒ‚ˆ˜Ä,Sq‘ËÞçKŽö}þu¨Ux=õjÚ^ñ'¡ã¯ÔJ;³Kž’©K,Œ¢T¹JŸ„¬|€Âí NÎ*†Z“®æ„A¶‚ÛPózNZ-'(!"™ÌI$á^†“½Ë™{f¶oufKUÄ!S]Ç56÷’ƒÁßãÿªÈr³´ß¨ôa»*ÿ8ßiŠ|x”)¾9-¦Ó­—G™Ss”]+ytœìòë9q¤² Êo&PÛEFq„¾Àý,×µÍ?`C§EÀ…²ŒY™(EšÊ$Ÿ©H ",k⡨½ßIáªh¦QøB+s'Jr¹€ÞT®S™A™6°ŠN™ÄÛ…ØÁ…4¥iãÓõhúö_˜´N£•HŸß§ªX_ŽZ÷Å•‰¥Z°˜ê¦Î#ñû`U½£év-§Gͪ$r#Y‰{•Fè¦Udr×Ï2II%Ä…6K™ÐXÍç"É-AàŠ>Ž†|I¥V]pÚH÷ ->›¸—=ZBGšW·_&·º/†2QœA2qÃÕ•h´(`€Ñhô0idÔ U’§*Ž‘Qo•†9ÖÔ†­œ«55Gž¡èî9–¡*±k×tî«ìÞ T‘ä dE¦‡j²š“‰Jš¡œ‹"ÎM±Ïúì#¦…-´ñÇ¢cºQEå]ƒM„eè¼ëg?cƶŒ¾ÆŠ#<¯þGø-º|1ÁÈ'±ZÇ-7Ë -t”Éàîj2~KKP)ÉftÞÒ,Ü1™;E¾¹q¹]Nr|Òíé\Wó7¦Ó7…ÙVåXƒ6"ã[{ŒW¢,CfDyVBÕ¸X—c¦¯/œtBw?J0g†t:“ÁÃó©1³ž™¸LæiIne¸™ÄØ²GuƒåÓ @„sÛª°›Nµn‹Ð`u¶˜¾¿ -ɧ(ƒ‹å$¬¨Æi…çZÌ™*Î×RqÂà\g_¨tqÊ~l')\è¾@Wj#Ñ>ÏLJr ª2…Y(ä, aHjŠÙ`ÓqÊ©ø‡aÚ›I)U$×±0Ýš -µ‰ÐŸuµÜ  b†¾F³ VÍ°íP3À›ð2Cäʘ‚Lž†0†³ôªMÒZX:R7·¿—QÚ¶­9x†™ãa«ÙòÌ0<6ÉAF×—4F™ã§ž´ÄA4UÔÆy×7³òÚwÕ•#A<ø°Z䶞FIžtª¦µVYôTX5»Ç\ÄHQ]AùI¨Ç¦:–×r¡®muñÖ&}bâ, -™å.Fä}ê Qr¯4Àž -^<òÑOQYóÂ>uýî¨k;^Çî G·×ñýç/N«Ýºúµ£ëMxƒánÀ²O®ƒ‡Ñn«ã½ØwÐäû丶S¯vV´ÛnÏví–s1{Ð>µ.¼Vû¢íx¶7׎Š"ËïdÉ6Þ~Ïq½Ú&ä“h3íÚ’Ay¨Q~^.S%PÀ·Oàš„‡(xPó¹ÿMDä—±Xd}úãóWª^Ö„±¥ÿ( “œíÙv§v` ERED»º2›o|Íÿ%QÃPÓÛ™ò 'h;Cné¤:˜¸|‹±²âl·,´N¿Ct[Ôñ[V§ÓfîÝ n.ô1UÌsŒ-:Q9}²_ÍêHÓ·Áû°ñŠ¼äßEü~éàs½6‹ON~;ùIª:endstream -endobj -1273 0 obj<>/XObject<<>>>>/Annots 781 0 R>>endobj -1274 0 obj<>stream -x…T[oÓ0~ï¯8CZS;vn•&Ñë@bÖ €7qÓtIG£ þ;ÇYËDVF"Y¶ÎwÎwîßþ˜I9 NÂÓ¡3|à^àxÀÃï.'x×6&¨þç8‚yèDG0*œ‚Þ]\FœXäãY#‘^¬¬i`CÙõhhFKÄ g.øè–燧/âä,­ÆÐæéE–m¤>Õ^ÔRÕ…øÇïkÏ\ÛHýÖÏDïkókZ_¹rÞÝÿÀ´õr ÿP‚ç¢ë¶\K=†ˆ~ž,ß‹éUY^­¶²(Æ0ZçÕh-šmÁ–q³y¬£KyÀCæó Êòôè}æÅ}žÜÿßDý¾YIƒµ"ø¶vGÛLБnU)ç¹Ær*½Ç`ì{d0#35:;dœ‰j¶Uv¢GQzÕ6æ(þgè•yªe„óPî6Ÿ¸‘αU)óØrÖem´Œ€vì†s7d^7823U–²2z´ä@©ÅáL¹ãÛ™º-¤h$”"/@$\™Ði^e`¶yon>Æ7`ì¤Öû×]Ï:8¢ÄVœª¤íˆàA4€ýo ­SadŠ:Ç”3ǵ”Zn -L+Ú•°²½®ã: ;_œ/Ô{t7<¸K}\o!ær‡ûÜÚXM®¦¸ÕÊÎÌìÂ䪲ºÃ£Ê0 ¸þÎvœàZÂ}”žE¾Å/âÁûÁo\€›endstream -endobj -1275 0 obj<>/XObject<<>>>>>>endobj -1276 0 obj<>stream -x…WMoÛF½ûW |± È´üQËÉÍnÀ‡È)¬¢‡º(–äR܆ÜewIËú÷}3KÒ•¦+ÖrgæÍ{o†ÿ]Ò.iqE×·”ÕGódN7w·É-þ]àóþzM…|q9_$wÓ/VGŸ?ÐÕœVîº]ÜÑ*'Ü3Ço²ÓǺñîUç”z· Æ®ÉX -ªNÕÙêoyòrŸ<¿¾I®ðìéÓ«ö¯FoÈãSñð ]^ö‡¯È‡Ÿ¿<ÕíÆùo|93¹¤¨ÖY©¬ 5¥[Ú”&+)«Œ¶m LYRY¦Ÿ«Lh9T­²ÒX<ŠÕpçŒ$Ï9_^Çì‚;ÏTU¡¢c)IËÇ ­Jâe™³­26¼_Ù–ª% ½Vù–Z‡€…öT˜J“²ù…óHÝØ–׎ÌäL[jÏ•ï„³Ü˜éŽ ¹r -Òo)w¸Àº¥dU—ë÷D"ÈÄž´”uÚjK*EÈ*w’2kUø’Ið‚íM(¸ÔêÕà†.pqSU÷¤‡:¡Ÿ-̺óª5Î2ÎüíH†RJµ¶Ü8äPãTF…›V\­é™YÃ|˜!®Í2cž»¬«QÇíÕmrÃÔx·1Hjù´"f ™‚¬Âu^Wu’Uá]MKÝ><>=Ë—ÿãWRyŽchŽÍø¡ 4™–°Lè· ¹NE¿?.Ÿ<*³.Ž¹ùæ +ƒÀu'<<$óÂ9ÛMjxL1‰ñÐ ×Õ®Õˆ¾fh†v«R&ç±ø«Ý6dðÜôIË2aØR=‰Ù«,6ÜnÉ1Q!8Î#ù ¼Òöˆ]¥ïw(tMã<óu×¾'wá€u*º -`ö‚D}³Y=IÅlÂp$ÒÓÖi΂cêª*8b­z'z{]ÃÕ³L*æ…:Mp¼ˆª}9 úýw/§?½œ½œM))í vã`ƒŠjZ¶È_ ;×Þu$ÈUj*Ónå{ñLî߀UîjîcåÖÈx’.W2o˜*e¼Ô«2ë<¡g$þééËýã2ißZ¹½v0§]€{~Pè²¾¼þ¡¾°höf #Tƒi‰J3´B·lÊX—“ʪCø¸],$Ü«ƒ·î=ˆoKèöãóî˜Ù®.D€¯ì)pTˆPêí$|­Ð ÃüaZ¾zÆž‹Ï{ÊfÇO!ŒHhiéÖu~ŒÛ·ˆ)ÂKÖ¯€ƒç(”®«r‘cÐmï…¨: ïÃ>å“ÜÂV+4fó‰2§D_®è“ë#3ñÖqFuÇsÓB„›JìœÕm& hp„íW>› êõZù¼ây ûØ”yúÔåjÖWË"ÍF ‡÷ \ -ýÀ Mê‡êá?Þ!_`OÖ8O,8†(vÇÆg”vhµt›ç«Õ¼D(/#=4:3…áí@æáÐùÀpM'ÚÎ¥ -W÷ϲ”DÊ싱ۘ7d‡^qe€Jô.Ö¨í«ñβéO@F;1’X"÷,LîÇr—[ÌeÊŒNÂÞPËT-Êè ú:X–8§óH’÷Äþ7&ÓˆK’ù?Ѷ#»ü9méÊÑò¦û¥ }®Æê8q}gÇ »Ð©*vUüg83T~ì òÎ"m€Õ€ðØrZLð8–tœé5ƒ8¤¼pôï/q&¹Š›óÅç»÷׫ëy|ÛùñëÛÍâ&YÜÞáµëö‡ûËêè×£BÉÆNendstream -endobj -1277 0 obj<>/XObject<<>>>>>>endobj -1278 0 obj<>stream -x­WÛnÛF}÷W Œ•I%Y’óRøÄq][m^+r)mLrîR‚|Ï IY¢ã¶(ªØ/»;3gÎœ}? -h€M‡4šP˜ ú:ŒûϦ¸â·ÐË‹áø‡/f3ô›?Å -7ØÇ«#‚Á¤?«¹œó90¹ûƒå§ŸÆ4áÉd6¥y$ï4;wÖkòkåÉÄd7Ü<ÉNæߎÔ Fý!|èÄ&Ñ©ÊÔ -ëÅÀöuæq«²ˆö_×f#ãòD=‹¡Ä8O6&µQ&7ÜZÚõk+ÃIÌV-<ɵÍáhlpî²°[g²ÅØèD¨J'Î?#zŽ}­6U0«Ä.UBÇ«RØ -C[fþ1zŽYÑF%&jž7†›ðtªÓ¥Ät›Ûû«Ÿ(´Y¦Col†gxÁq8y]ùOƱ‚žØí -~]:É@ZÂñ°±/«ZØÖ¾6>5`\$Îâê#ü¸Oó5¢ô… Ÿ8\`™Á!΂ËU¨9)~«á£fs‹ ðíÎ<-:zõ‘zÑG;¯UĶ{ 'Ý–yÙüj…Ïé] -®½»Ú€ëÓÞÈëÄVÅA Nf·`KA©ÅMbžtx,â. -¤7B,ÔGѲ ®©(TL¸¤¬T¨®KÎÂuœŠ÷X„¸á@€I¦a¦u¤£v -ç ÖHÕŠšÕ™^0¢Ì,,2XõêBc~¤Ê=ªûöžjo8Û‚‹ŽËuhb£ÛYÜ¿–$.Ó˜suÜ$‘¸t) ^œ0§ŸÎ)€Ú°ìôFãª/›êSaa#W.ᎫֿÊTo8…B¢|¿6& h`ÄyyTéRQÐ?ïÓEG%ùZ°ZÚ^œÔ ÖП%³¨Ì#å5èc!/"ܸ2Ïm!@µòVè<1¡âÁ HgžKõÀqZB"Uð'´ˆdW´uU©ŠºrB…k£EbÌN®ÕÊpµ@DÚ……Y‚k0=fåáÚ‰µò%ÈXæÌ ÈıiD¼8øÍÚ‡ŒBˆ _oïaˆ{«ÃÁ ΰ㇮±Š›Òö—·¿>J›qoŠ=Iì–µl£·Gv¸•¹¤J0Þ “‰æ"ÀÈòVL¹¶é{©‹g&ª©í¥Úîu4$FŽÙµ;°ý~}Ù -Ÿ7S(Œ¦ìQëP,¨‘|† :XÏñª}Ó¨Ô6È\î컎U™x(<ºó¿Œ¾ñÛw9¿ -›Šw?#Ò¸Ö2-|M5ÐÄrxQ/“ÞÀ‰­8E[žXä÷fh MêNËó‚hîþ~… ,tÕ-ìEà"ºF•¯}ÕKò7¸+XJ1Ëžâtˆ:ïT½‚±q¨Ë®ÃgúŠ)#Ÿuw×wó6 ‘µJ§*V»Šû»Ñb‹ ×a~WfýOè‘r^AüÏW¨O©.ë6¢å–*i¡ÂíÕ¬J”+‹“þžŸ‰&á -Ž" -$ª[Wÿ}as]x(Y— iÀ DQAóyVËnëȦÈ'Lš²ªU3ø Uã“ö3Q‰'HŒÿ–ö'X´n W{íãu ¢R>/XObject<<>>>>>>endobj -1280 0 obj<>stream -x}X]Oã8}çWÜ7@j3¤-m‘V+QV£] - Œæiä&.õƬíÐe5?~ϵ4 eŠÒؾŸçÞ{ÒR:Á_J“ Ç”­N’锶ó„/'4¥IJ£é÷§ã䌌¤%öâèÙ°Y™L“Ó°2{àEˆn.ôéê„ÎèaIi2h i§ã)=ä~Û =dGÔúü$²Õ¢”Ž­§¸O‡Û§?~œP?…á1ý?ñԇ뭅wRa>íkü…6‹í›-ï,¾Ÿá:ó× œÄ—Ë­@šy?ò¦xÇýO/é¥õêöÿãÑ·/óûÇcÞúéjDiÊ©è‡\ôŸÄîB—VY§Ê'ÒKÆh[z|ö:ÜVûjlêЇ}…Àî3:ÊÙþ.`b¨Á€ž?þö¼±q'»ÖhU.¹ ŠÊ­´QN8dåÐ×lå±Ë(×±'fÐÒ«îMcÈ¡c!3Q!⎲"K?Ú>‚ Ë{'±£|]!™Û€ùÁQ{ö« -dt¹Uå³/èÐÈ‘ù¡GÝ!Ú²Z*±(#­®L&눧q„^·†ghÛuíAn(š½µüIaÐA˜æ´Y!aÎÄJBïiÏbä¾v›)Oú/Wˆ½+ÞB(k.PãÚƒ¹ã¬–ºìïf¶ö§™ \EÈÓ‹V~„×à‹#¯Ðú™[Ó3““2T=+iž¥7]arWEÎFñ<ÇS÷¥NòJ©žV mVZ礖þ,+‚Å8ˆ®ˆ2íV\gÖàœãÙ`ð²ÌéíN“)È/ÆÝ} @[†6 ƒ<~¢¿PMµY‘Ørº=²Ësñœ7tÎ=éö'$Û¯<=Î1ÓÒï3½ð×Kýe Òd¼µ¹ÅÇqÝ -c:‹“ ³þʲ¶¤cWJ‹¿û¡¹â)/N‚ïú+KË áü˜¹ÎAÂ=ÈÄÔM"ôöÐú¬Äƒê!UMÙㄯ|‘ ¶*Ê·ºéÆ£]dÎõ†ä¿b ªZÓ» ²šñaQàÁŒêñ¸·õQ ¯ÀjD=f ¨óË;Ô x–&ûVf+£Kõð ö×*OO¹úâ@À1<}¬ÿSIóëy‡ë=q¢ÀÛ#Ñ /·½"ÏÑqku¦»Üëð>Í[l¾ÝÜýùÇÝÍ×ÛßÓÙo±Í2 ¤ QÓÄðê€þEG×.ûAI3faóH¯p‡¦nã0²’À»Ùº)ÁšÄ\+ŒÖÚ©H#½é¨‡T'‹Â³!ßAî,{3‰øuœ àÁ[,âoe™søEä÷çe©+ØåßN^Dö ¦}½¼EÃ3ŽÒá}†|6¡¯Û¼nÍiÑeB9ú%kBrî=¡ÿ\VëÈAQĬ¯Ø•½¼ÎC ³ô¦ˆÂ«A õxîCÙqØ„|¼YxÞh:Qm†3o¹ötw_4 Ãf+™W`ì ק«i|{MÇøAb:¤ñd¤CߠίgçtkôŒx•á%l˜ßØÈ~}¢?9ÁOù‘ï¹>L¡æc¡óÞÑd”Lðû~˜ÈÎÎøÑ燃¿þVAVÁendstream -endobj -1281 0 obj<>/XObject<<>>>>>>endobj -1282 0 obj<>stream -xíWËŽâ8Ýów #H嚪ÕtiF4›’I IØÝqÕ|ýœkçAG5jºf5šÉqü8÷ع÷\û[/ ÿ€¦!E1%ÇžïÍfÔÅ/>M¢Ø›Òx6E=Ô I; ö)Œ#ï¾îšŒ½àª+D5 ‘ëY¬yÌ6ŒÜ=Ž)h½›x6¥ujû}Z'}óª’¬Ð*ÿK”¹V@ùv’¦¤RS™I2R¥² ½Ã›(é«H^déÑ|W¢u«ËŒ:†اZI;[è‹‘tÈMië/=ŸFAä… Ð?hý‚ŽI¿rÏÝ£O÷Ì1ðÆQH£pâÍðÄÀϧ­’%µ¿…ý$ ³ ú è58v—çŒì¯B®¡*ÑεÎg'h'=›eûF„÷ùË…-—¶\ÙòaH´ë‰oÖŸÂÍü¹ÿËóáfÑV—mue«2\#n÷#lAyzûž@v ¶džáfõÓü°Úš –ÜV~ÁÆñ~°yøgªQKî)Ú¬Ú7P,ÕÈni´aªÑ]°,β0tÉáo‚¬!Öá£GëqJ«‘8•™.òž|–¤ÄQ¡ZÿÕÎ5µNG™ÃÕ³ÜÐW«’N†í°gæjO¹bÎ ‚û]tñ‚g¾Ï¶ºÈ´N Áb¬g„¸.(¿Ã#Iàé¢ÇÇPŽ•aý ªpÖŠ*„’q´:¼Z°c¤/µu»B„U{cöŽ5G-–Ž¹ˆd•H^y–ª4à„ÖIr*dJ;p¶ž£ôÅ5ÛÆö::ºs1 ¨MRÔYÈsŸ¿ÚóÀ£?3©(/¯TAº÷ÙFª;Ü1(ö»ƒì%8[‘áñø4ð‚Že,«Èa¢å I¨KÕж9¬EËz`&Ì5ÅÔ±‚å¥|Î1b—ü;&¿[M#b•£}h˜“³F# îsiÁ·5–‘ÚàÜåÍ>/XObject<<>>>>>>endobj -1284 0 obj<>stream -xW]oÛF|÷¯Xø%NaÒ’,Ér°ãðC·ZMQœÈ£x ÉSyG»ê¯ïìò(ÑtŠ ™&û1»3»úóhL#üŒébBçsJÊ£Q¼XÐá£ÞàÍç“ø‚¦‹ \ŸÏâsª5e8;ÂÛûpvº˜Ä³pv‚órôfutv7¢KZe4Ž§çšÃØl¾ U*&F´JNè[ÿ–“?®?|÷éí)áòæpùîpy+—oWŸFMÆñ.Nuý¤kGÏÆç¤HŽÊ¼®Éçº$…(+[Eªñ¹­WÞ<áŽ*µ‹ÙÔÙÝ”ÆcŽ>jÃ&’ÛÞUI^ÛÊü·låh­ý³Ö[¦Ô–ÊTT*Ǿֵ}vø­ª” -›¨bð€, -JlåMÕhò–l’4õ)­RŸÇNÉçÆ‘ËmS¤ðˆ¤àA¥;üR^“3¾‘p$|FbOùµûŒ4@@µm8¦ŸÆdñ9¡L™ÂIЙ- -ûlªMŽ„ð=»Gì -²¢-·l T¤U’Ãyªù `*•$Ú9³.(±õÊjµ)uåC¾ŸQòø¯SÊŽrƒl ‹h”ã.-×î¦ÅCg´Òf“¯mSçÖ^ã|[»…ë@ÇĆqgŸÇµ÷ºÜ"€ à+x¾Dìný!Q©ã%…i£8äAe=W¤Ö¥}â|j[²ÓUèâ`dþKÜ“×q£¶ÚÃ|@]‘4ðgâY‚ûå~ùHh0ÖnßÐÁäÊuŒ¦F+™ïv§ ÀŽ2u.„Û½î ÄúmSص*Üïx#«»É·XÍ‚,öÂaj¶[[{úvZšè%¬AŒ~†jˆd¢¾-²ÛZ?ÛÇñeŒâåŠsD[oU ’±f¥:SM!<…ù˜À†$WmUíÈ)N±âël[_€oÕ{"‚,©Z¾5\³Ùhˆj*¶›í¦V5”#ÄÅÅ_ƒá§ÒÐÂåŽ -ÍÏ•Å­çC0ô¦²o¸( -š£Ð›P‘V¸z˜~h. °ã—ØŸ| ñ“ã–ñ_´æ†gidF±Û>?ºÁ3]#g™”ª<…0Y ¾j åú…•áÄù• s*0Á²ò|\¾‡nÑ¥˜n--?®:Üè$zˆ–ÊQ±F‚n‹¼†glF¶ºðŠ×Œ@ŸÁÒ•Z(fÈ»`OU“hŠðD·¶\ BImÒð”I-H¦S°@K/-¦¸h_O_Äp+2PydWëmaøˆ@f¯EyÔ¶àŒÄÀk‡ ¿i ƒôJfy¡ÿ -‚Nºz2`‡Óµ£&©­³™‡ã¬A¿ÂB—Cèà."oàv[[o‹£­âçI‰õ¦†}t¸áMb¶œN+AðгÇDŠnmØ'‚PeoÚzC^ÅWtÕºüz©‹ Ä©†°ð"»Åsn°Ë`Š–ývz9î’n ¨¾j,r½”… <ÆûMÙ±EäŒûéø5Á…=É>è -xÝ-º‡Î„<æˆmÍ{*³‚­ÒÉ`Ñ•;@ -è„©W$ a¢`½kô+<ö¶;Eá¡…M@vGÑõ=]tÝIyý"R¨ò`òžò@+º PÀ8îfÛýÃÞ_è–ã‡Ú” -:ÝcÓ1ìi,Òai=~‡ ¼¶ÅÀ惪t]Aí8Ûèê¡ëèèjõî!ºza05ª°Ç1v ¾œñ¨èþZ®dð‰|µkÁLÞؘXÔK#ÄØCí+kOhf'¿æøaŒíï–ƒA–¼*8’àìnæûxŽï~‹s|ÅÓùL–¨ë7× >óÊ|Û—2¶u¯D#|ïãï`ÿ¾tMç‹x>›à»(ŽGc6ð~uôãÑ?ˆþ§Áendstream -endobj -1285 0 obj<>/XObject<<>>>>>>endobj -1286 0 obj<>stream -xÍWÛnÛF}÷W òR'iÝ%m»¶ £ð¥1ƒ<4}X‘K‰ ¹«ì’Võ÷=³KR"-¥íS#4dîÎåÌ™3£¯'êãg@³!¦å'ý O“ÑÏñ|†çÿ¤/æsÚ=ÌðzØFÕÑñ4Ôgû4³W/®Bv—ÍvÎo'4P˜ ’é|FaìÞ÷)ŒN7©²d¥y‘†~¤Ÿ”È%iCwO$âØHkx~>9¿7ΆÓ` §›•Dà‡®PjI¦ÞtýðLÞpâ>¼Ã*Ÿ¹ˆV©r>ÓÂîù ØoŸoº¸- -<`>ãK÷žCzx éꆞoBJ•³oóEi•P’f°ì>‹|!j¯"*Rµ$a»ñTN£`È)"$™%Ý%´Õ%n´ÐÅÊÝzã©¡­,×km -@¹•¶ÜéÒë"ÕŠ„Š¿a¡U‹ú;ÀU‘Êq'âMše”ˆ4£B“-„)º@†®l¥+6šÖÚÚt˜l$•0©¶” þÈÔ!T®)28B¶\(ÎÞètÁ ð5¶ XðÇ,:x§`m‚Í6_å‚ÅEù˜ªNèbÒ#_4Æ«þëCHe¸v`'¢tÁ’tY£¬ŸkÀÀ<ûf®u>+q=þ»Lšì9ö*ò*Š*þŽ_ë½XW„óÛ  ý¸ÏFcßEÏ;Ô®*p™Çõñý¯¿¼üðÄFÛ 8 ¦ÌÎFMŽÕè( €ðƒË ÊBv|ö¦BKȵƒ’›iæƒÐèÈV—yÃNÖt/lMpyâ÷§Sn¿©Ñ×ïÐÎï:^Ù‚eaB¿ -z2i.̶B–~sŒÎ2iz$²b¥ËåÊ%£¨ßu›³PËÍ:[ë{—¥ýôÖ¡ã˜_yÞø2‚z.Ça$€x‘cïÂå!=C$ÔÉBÌ£sÊt$²ÎEëJƒFu™¹ÎêRÖq{%^tMxb§Qº®5+±ãöY]®›ÓÓQˆ:ÑV[ÀVì+áé¤[§%¡ÉuÃot™ÅÌ¡®æDcj|ö¨T‚Õñ€mkÏ>G|†^*¯PÒf:~…5fT¶‚»e*Ïô{.¾H{X”vbÆ&vav%ðŽ5x×`$ÕKj´Ê¥âé"Û 5îóbÇH´XÖy9‡¹ZeÛN‚¸Ä59œÕè4€º9 *6MÕvæ;à ^Ç'7%ç’€S~YOŸŠ7¿/3½Ùè^ CZ5'ÛÃó{¶º¿?4ó¸Äy·7»Ã£˜Zü™Å(22‘Æ€O[†™ƒ?Ôñ® 7jG+Äob Yè¼_H´‘ÛŽbëÕá_¡Ò§ óA0 ±¨L‚9~C—©úw"3Àž·²•gƒåƒFèÁJŠ¾u³>/XObject<<>>>>>>endobj -1288 0 obj<>stream -x½WMSãF½ó+:œ *hmË_›JR…ùÈr6‹S{9Œ¤HG3Âñ¿Ï뙑, ¼ÙS€’-©§»§ç½îÇßGCàwH³…SŠ‹£A0ŸÓîR=áf@“ñ4i<Ÿá;¾©’”Âv€Õí¥± gÁÌÛŽ`ïMßs†£Öô¿ÜgóàcßíbyôázLÃ!-Sìc:ŸÑ2±) hŸ,W’Žs‹œ -¡¬Ži-*QH|%‘çj£éA‘ £HĆ„&AÝU0’U@Ö׺’©¬*™´þbQk©O—ÏG:†Á œ”E”°ËTU±„Gï„d.c“©’ð§¨L½&Q”óTšrù*ónŽZš&ÃUö´"YªZa‰0”™^`½RužÐ&+áwû&®¼ýhŒ9Ñ›”¶ª¦•xEš%Ý-±¯x••’3ä¬t•Ò¸hl¹ÉôŠwIûú½Rñ‹Òºá2É´ˆrÙËÓ=­TO±*²òé@á)Úª`Ø‚Jß©5—RöÊ/þ|ÊU$ò¿`íkœòó^`]DA¬Ê”Ò,—ô¿ýp= ŒŸa0Gt6šs|¢:äUDq¢_¨TW¥k¸WŽoØõaô-Ÿ ,`3pé~¤!`žn.ápb?‘ðƒ/`µ`Ür™ -ty{~sç–ïèr6šÓ ¨*’„W¹ð_e¥-;èkV&L€äÒ¤=è¢ÖU1|RĘÞ[oYÕTÌ3d¿¤-É[Jd*êÜü'ˆŸ«¬Õ¶‰|¡JS  18Æt•à6e qn)Ò?}oå²a%{°tâÕˆ BÌ"ÏÁ$)^(Kû[«äSÆ5ÿÞV{Ñî¤YÜÜ?MõñÄ̯ÃÅϧeVôõæ"!eALŸ//úÔ½FÖŽš‚Û=8*(ð 7-Ÿ%gÖ-åå…eg!,³ø¼öOMÐù›û@5ÎJÇUÉíQ¡h/ÜìºÎp»Ç‰¦äŒNë›{¡p›þW6owm¾Gûwè|ظÃçé„÷¹` ¡AKîD»þÜt]ק÷+œb.¸b¶ÓÅÂÈ7r€Ãwr¦†oçÜÉ›ãçcÀìéUüÍ$BÏGßÊìSU9xpì‘Û½©=v©ªÆ€o›‡¥˜#·|ù] ãàmKÜšªºd<ÄÐ/ž$Ïý‘…–.x3Ž¯ï¿\ÜÜýFç·‹sZÞÓ⪷Ñå§+º=X^}9Æ(Âû<ëŽÈ‹ö·Å鲈¸xÊú‡êCh4LuÝ…‹Å+t‹Ý—¥—˜È7b«yÐú}³å›¹ê±`'©/|P8PåÛáo;FÕ™¹½ ï’µ3ñõÐô}Ÿ¡“V°5BÄW«3b÷Sz‡gxÚ!To@B‘…c't™˜‹£µçŒ ÈUØÑËšÁøuÅR‡Ñêüñ~3?æYÊ +1116 0 obj<>/XObject<<>>>>/Annots 300 0 R>>endobj +1117 0 obj<>stream +xY[SÛH~çWtÍË2U ¬»ÌË.M†*&a§Ø‡y‘í6(±$¯$‡ðïç;§¥î#Öb\©2ùøtî—n™ÿøj†¾J&jUžÌ¼~C>}üñéÄ÷C/Qñ<ñfªTŸzY¶êžWqàw¥J/ê¥Bz T~ì{¡Š—yŠ’ˆ¹Ð‡´D Xª(ô|Á s$îä,Õ<´H§€ðÅà‹”Øx:lx±Šâ™‰0"µ H-L°TYB®ZN@2é[-$(1Ø õR!*1ØhNîZŃM©Ž5î†)JÆ‚ œ»=gü³œ€äPBJ-)19xÈc›…Tˇ‚­18ÄÀ9ÔsÆË ¥³ò‘%%ëÏ)Žl“»Ž˜ÜM(»–5î¢\u—s·çŒ–Ê(–”lS†+0Ø8¦Vq¬À4~u™e%‹¬#–å`ÂyÆcÆÍj€ fàØ{Ç ‡f)’áH‰)˜¬À`“ê&XÁ¢wGš ¿çRV`„ͪÓlBÍ"7¦!jÏ™Ø,' L¢ Bå% “±d›$cV`°YLîZ³SUi¢‹]›©0õyˆ©yCFÄPŒæ¨c‹¢£:ŽìœÖ„`¦ Ó~u¬q*&g jœb$œØ0"§+0™QÙ+0ÌbJVb°!mY'+1¹œQ@V³Ä`ãdä•Ä`ç´¢œ¬i¨(†3ýÞ +¸†ê9ÓA–¡Î8ÿ–”,Ò“Ž,6>‚q¬À`qæ"ŽÁ1ue%ΩU+0Ø$y%1¥) F¶²&Ma V —¦ž3y±œ€6M–ìÓÔKÒFDG8V`ÈâÖ^s¬À`qò£‰+0‚ÁMÁXVb°‘?ÒlBåÕ>tjÏ™Ø,'  Õ’}¨½dªcM¨›fä®c†fØA"+0…RGXVb +5¡;V`°é|,+p )^|VVb°èZô©c‹w¬À¸üÍ|êDËJ 6àa·,¦•ÆEn>X´ òÈwChå‰CG IÄÍîZRb°1]++0 ¦ÓÃÉÎS‹ ¾»HÒL-Öü•~³:½Z¶]“¯º_ßð\‚¦4ÏCA€'Oïò¶S_wë¼Ó晨æT]ªÅó^]ퟰéѯ—QvÅêúfA£ÐÓ3uŽè#Ò³x.Zµ¬ëï +?sµª·[½êŠºRõFýöåqñ¿^¯õZuµzÈËe®Öõj_êªËÍc?t£ºg­^uÞ´žºU]óJëªÝ7TÞ©|»ííò$Ãnjµoè9SË}§ÚºÔ]Qê–•±3Û¼y‚òoõ’´À£J«nZ8·,óN•‡xµ*k$¤Ñ+(Tp©íCèßÓƒÿ¬d©Õ¦ÞWk•s®ù;#þà/Žš'uªž»nwyqñòòâµ”¯nž.X§ý–‰%øaøFÉøåF&éµËŸ´§î·:oµj5ìí¹vˆ¶«ì¢FC®¾é¦yý—µ=~Þšöú0G•b5µBV׫@ÂQQ„Ý×îÓç¯ê“®t“oÕý~¹-Vê®@*á쟧ŸîïþüÕæ4ðÔÚd÷J ‚P{«ƒ¯e1˜*ªÕvOóRtÏœÓ?m½oVÚy‚JYTW[’º:ߨùTiDŠD6í†+Ô{Ò^<í¶^÷óMy‡´‰Q¸~Öè›3Å馰.>¦bð†É—[M±_×U‡fãîè +ßTÄ6ÉPÙSõ[ýBr[µ&Cåh‡…Fû>\ýþáêpyñ½¦íß›VýÐéš]ª?tŽ‘¥¹@F©ûÌXgDüÎß`ÒcVë_ªûb».ª'Vý¡¨ò¦8Jsø¾æ€v +då®nºSÜ"”ÃÉ…ÇÝú}Õ᥺n4Ö$»Ü–K4oµ)žö™‰M±Õo4ÌMüæ!WMÎM„¨„¯hîÞ‚"ÕÜüãf:UžÜåMy8º‰fJÞw ¾T]ÞtCq)–:«Â÷^þÆB.LlšºÄ„ëníQ>Õ ïf£‰5°ítS¡2?ô% §À B§Ó:×e]¶u>Ž&}ßV‚rá˜ÚbÚ„=ãL‚•y±53^™j¶ºÁrØê(Âì}›©±‰tUtÄbˆìbÜWÅOµÚØ'GØ™¿o'û?;\¬\Ý|y8S›Ç'|Õü'ÿø¼àÁ÷3õåá"8Sº[yžw¼7¸g}v“ñHgÿí³h[uSWÿèÔcÝ|ÿçXb¸q ¡xº#oŠü©ª[Êâ}Sc%—Ç,8za˜ôö§šV·7G*š^i×ϵñŒö/¼ëj\«Ôþ¡Í-èý% §WÚ}ƒ;Í%ýúùö¿täêš{GÝ_Nì¨Ma`z™ÝÕ«ïÐœšé•ô{¾Û‘›_1€XIz”’é…•dG)™>.XÉü(%XãçÞÔØŸé‰"ãzãçÞª™èÚ‹Yç•ÌÍÛ«|MŽ2|’Ex™Æë%÷í¿'ÿ9ù «\>”endstream +endobj +1118 0 obj<>/XObject<<>>>>/Annots 352 0 R>>endobj +1119 0 obj<>stream +xZ]sÛÈ|ׯ؇<8¦ €ŸO)Ù>ç\e霓§*•ˆ„$œIB@Ëþ÷éž%v:B¦SW¥s«¹³3=³³ÔÏ7Ɖ›§.›¹Õöl<ã7ü‘ðÇï?›¦£©›-f£±Ûºy†ÿy°qWg·.OGs!ƒÂª°‹Qêfót´€ÕÙ˜S U˜q>Z +'6S8)¤b°³¬gV1ØÅ4xÀIo]šô§õ"L—£Ü],è’ŽôÜd6š“3@N ¦ÌÆ(ŠÁNRYÁ`!_¦¬`°HäŒc#˜t +ß"«ì4ë¹¼\RµŒax6 ˆñx2e*1 OÜÌP$Ç3Ëi²LhÖP §ËÌL“¢ñˆ¤I8…XABÈ™„—¤6Ð>IR1%cî8T1cÉ ¿°‚Á.'JXÁ¬‡¾EV1%œ@%ao] tÞ%šÎæ^à„ Ë# H0œš² … ‹*š%+˜.Ï‘ÈúiáS—øi É´ “p*²‚9mÆë ›ô 3¶‹©!3,ìdI뇦s+Š…Ò Œ¡S*°~h2±’IPá©›òC#ÆP4¨X_mãÄ07³8R &Kf.Ši–ÝKXÁ`)åcsép}EV1SgõÆ*‹e‰#+ì| +5… U­>+F¥NluËŠÁ.Ù ¢eÅ[7Á’Öyƒ&Ìm°l)˜ ‘²gK¤Ç¦@ SÀ'’ŠÁ¢ ΔÌpC’±‚!º—ZV 6!}q¬b°Ùu'¬`°Hu¦¬`ȘôçU {„F¤ì+†c¦9ŽU g õJ1«ªï•½€»q2™ÐeC&¤`°è—˜6²‚Á.Øî…Œ€¼a¬b°hp9²‚Áâ 1ëûIÆ®iÇF¢ËÏåʳxzÐ0b …0YÁ`±Èa8²‚é1w1aC +4/DÆz§ÐC}£å¦’²x°Óv˜Ór;V0XÄãXÁ`qï†S‘Ìü°Š#«ØשÎ˺í0X„‡€‚eÅæ' ÚÎM‹*{Bà"¤# O‹23«‡Pì$ݸ××g¯ÞqÕºë[œ‘ñm×Ü]¯íë´±»^½€v£¿^ÿñôK¶úνpWm¹Ù¸ûük¹»sm]ío6Eó·þ§qX;|ú%l¿ÄÃh +ë/²A“ïwmqWç--^\¹Ïån]=6nW´Uý¥qe{ï®òíM~|šþ,Éà<çwÅn=`c¬Ž¦ƒ&.ómá~/šj³oËjçÊËÝþ.ܧ]ùíÕ‡r·ÿæàõf}Š«xy¹þíÛLH÷ê‰åçÅ«¢]½º¯š¶é´S9¦òIé©Ækôu´ªv·?9Evêôÿÿ™`r껦A¬îOšäIa—¦åÛäñùηoŠµ•$rÿçjE —°_¤è–ƒ5v}_¸Ë¢}ýþ·+gó¿ÉW÷Åq«½Œc¡=kôÃů¿]]_¹Ûrsš¹a]~ÒÐp;y{yå>TÕ—ýÃINüüþ–žä|Ø¥_«GwS£±Ýîw+®ôÆ廵»ÕVn]¼¸?¥D¯J†×ï7un+ÕßeXŠ8<àÀP¯E²ª‹¼-К›/î!¯qÍÀ˜S›†vÊ´tÞ6 +Lÿð-Žç½§éð´k6(èÕþᡪ[Þ‘üî€ÇÛÑ·ã¶uÁãû“çbª«µïzÇ-INðÞ>h¨··Ô÷‰wµþçº«Ú ÷†ÉcÈÿ~`ðùOÿƒÝEí‰kÃÎ]­™{[—8C5¶ÿò í’s˜¾§ÔÃî)]vr·Éë»ÂíöÝéÊb8u‚ás¾^ÓÝK´ÆÎe4ÊÜú°n +?Ÿ¤Öð–£ÕÇñ#Ên`í<)âa}x {¿5-w]U›¦h;Ú¯“çnvŸïs,‡&Øx6éÕÉs—ºPw/÷1_}Á o@‚'æO”àÄó<¾Ëzf×1QqnÁ1ÔŸÁÞlJKëú$UÕvQÚë¶\ìÅ·uµ ýf<úÆß=Óx^½ã3ßÁøü=^ào——Ÿ«®Î/^Ÿ£r«?°/º·Õj¿…§æ5Ý}Ég:~üå<Å›ÙúÅù Žchò$'ü{1Á_¬óÝ‹¿ùåúìgÿšñiendstream +endobj +1120 0 obj<>/XObject<<>>>>/Annots 404 0 R>>endobj +1121 0 obj<>stream +x­Z]oÛF}÷¯ôa‘Ö +I‘U`±pœ´ë"v²¶‚ìÛ‚¦h›­$ºÇÿ~ϹCÍ\WŠŽç~Ï;£ü~›b3KÌ47Õú$šDø ¿ÄürýóI1IL^ä“ȬM6ŸÌ°27' +®Í|>™*NÁµ‰ÓÔI‘…É$3ù,™ÇIAž„ìœd”Nb“ "©1Øél’jVa°E“"™eT)@ìñö¤”êHnÝ,K%[éŒ2p‚Ȥ8å8«/$ävwf‚¸Ð’ÉÌgŽ°fÄiLŒÚñ¤Æ`gSÆÕ-Õ,j_ ÖU™$“™Z«1Ø,ëE1  ,F“ʈ3® ªö:NAÔól´NA‹zFÔÝBÁ¦^Uj 5GÝZìUd)Š%Õ¨@„HW*H¥Ü™žÔ, +rK5 ×P˜žU,:Üñ¬Âì9#áXÁNÙÒ=+î¤B #Ød¸ã!ÝáÉâIÁflRŠUìl¥ŠU˜ÅÁ`ÏZ“¤âÑq…@“sS“:Öï¡59’æî1X9…«0™3~­Â`¥´«0œ‘¬{Vc°)ÏÏƬŸÉåAšÎQ/ÐU¶ Ï)ƒ¤ÇyRc°y>«1Ø‚U­U˜Î$ šØG“4‹–€{Va°Ø7£µ +ƒEÐ4ksžÒÐjÁ  VËMy,Ãà˜Gp*È“h7¬_„ SQ“3J«Û-á9…¾!óÏ4e… +¢àXa¬…HœcÅÞé<“¤bÀÉŒb’‡4‰‰÷¤Æ› Š“¦HÛdŒã¡0‰I +ƒEG€Zù]afâ˜tÏjÌÄ#Ö†bšÏmü‘d¬dCá1ô"Œ°Ê³ +ƒEÒçšµevrq*`Æ$’†U˜s Ù±[›+Ç6§Ãøšp œ +É +3’Ì”b‹VkVaz$ùô’†U8’#½Öú‹aTæfd9d#é1õzDÖZ»$?µ‚d©ÂXjSäY…i²¤È³Ö¨È¸q.& ÉÂ&h­Ü_Lo†½K¤Ø™ýlSM +MÕb:ÄO± +ƒ-x7ñ¬¸›ävÀã€37Q°%Q6B +²ZQ' T³[àH@NA´[ΞS' KÒs +ÂÔd¼Pc°¨¸éTj Mp¦Y…ÁJRkF5EÙÈYkÜñ~­Æ`çÜñžµ”Žµh©0YDPašœR°cíRdÄ^ …ä2Ãm.Ž™)“MŸÛjQr¥*íïÚ¼±‘¸µH}ª×*ÌP°qúµƒE-Š‹c,\Ëæ¨6jU&aŒ©1X í#Va(•+²¬1Xìr¸ãÔj yN4«0XبõjŒ +‡^-Yc°èt”Ó«1Øœ· +ÏÚ®ã +''-JMLj†ÜÜ«0XÔ¬òk†G¸­Â*Çj V^«0lFCB™¸µƒÍ’cèESdAb³Â³§zVc°£ ·Vc°È ^\<«0Xôý«0lƸ€ ºµƒÍxq±ÃǾ¿v›ÈÝÒbx„í‡,xVafAlö¬ÂÌ7¶Z«0£Ákg5+ã§gÅøxj'Õ8âÎ" ³ÂP‹ˆäËï +«0XRäY…irÎô:Öª‡¹P @¹ˆ1ì8>ùÀ$GjL“8Ó(Va°x;ÛK¢`«íVž|86ÆÈa+í!ÊÈ“ƒ/«0Xt)(u‚5&+qP¬Ç`ñ†;V Æ“;·ä{‰‘C´‡g¼£‡€Šó­9Q&Ø4sµNÆX'…9å+ÞP×rCî8ÁáÆ¢9¹ý9ù¸uv'a+Êy# +Ðuök›Àf₇äXÊsádŠ§ 8ûVņ,.xH÷X~‡tåâ8ÁaàËÑ SAp˜iÔ:¹âÊQBÏá|OK<†1Ç úx/‚¼ùpsŒGÃû°c^´d ö3î +üžz\±ö¶Hma«ÉðnÇ:qÝC¸n‡¼=÷nqòö'4éØ,îðáC^ÌÌb)Ÿ9DfQ½)&_üúòsˆîÞ¼1ïëÛÝý}³¹7Ÿ»fÓÛoÚÛU½ÞŽ—à,ÁG§Rg‹%ÄÆAÁ›¾k—»ªoÚÍaI‘”y iaÝ™Çî5Gb§A±_Ê’DâÖ,[saÊoõ¿Ž°5 +½©{ áîÑŠ®ÊGSn–˜mÝ}«»@\GfgA ¿´·³éÿa6­iwýã®?ÂâüyÛ¾+7÷õñBgA¡×å“ùÜnû›ªk÷Q^ag¸NÏ–ßÊMU/]™!m6°.Wf¹/ýâNu¥‡EÝÔÕ®kúg³ª¿Õ«@rÇ¢þ¢Mƒ–tð²íjSµëÇUÝ×ðt+™ÀV4íêç“GîãÊ2’|) Ä û'6Ѻl6oÊõmi’É÷ñªC=¢Ãñø¥m6lIåÆ\-Ì{+ÿ©éœ†ä°µ›xÍ Zo åýÚl–íÓçúœÕHæXökæÙ4[Ó?àË-:WÿOTÄlGôœqÂAú²iîìŒí}»UOu½q!pôïËÕÅÍnËhÂÕ[x{8rºTqß«=»eǨþ¸ý@J8ê˜àý'˜Jièƒkèí·e”ÓW¼\”Ý}Ý›/Û¬—Y +ÿnŸö¡7_Ûî·ãŒÃE4èòeSuí¶½ëÍu½n±Ñá6zä{ÿ¼\…š‘®ßx‚©%(ÿª\×æ§VSá_ì»êáp@_Š géó +ãF‰ùÂœíúdMUrD0—V¡ ¿”2ÕI½ÿܵ8…/Þ›³Õªµ:Ž³=|ö^×ÛݪGh«l£ÃÒ^–CXÚÅfÛ#IÖ{îÐóvs×Üï:ùÉaé/6' ‚¹û³ wç ¬ëú÷]ÓÕk¤+P´ãáÙ3(kQoeDZ0†[ó)4¿¼ dx„ùج›^‚v”qá± ¨Vh‘¡ulR8\Üè}ëò‰­3‡‰)·¦ä³.»çýyµ•W«º;"éÉ+)ÿÜÕ3µmÐ +®ër¬R.|lLÖ»²úí)tXŒå„“¾/mž>ØõC@†óüü+ oýó®F@Ã¥lÐÚ,ºÝ¶7gUz{l?Pœ¯3ÓD{¬%G…ÿÕ~\nv,­!vÖ:lËaM/ çå‡O›SØ}úÓêù‡¿L]8}û¨1T6rÇîåv ·Âóv½F¸pzÉÅS2õ¡ëÚ#îJx w†›çm_¯qY5USÛ +€’»æ¨ƒÏÖÁ!ÃF‹xtæ¡^=š +sÝ…Á¤˜åÆ© _sÆ[Âܵ›ãæßß^~8\8£cŸ ¾Ò#ö;Ñ;<ƒ:{Gßþh®êþ sÉ0HVõÒ‘p¾¦IÝ“¯ÛrÍM+÷ëÉyYPáKÙûO—gWÿ;ÿtµ¸þôqÒïÍ.þ&1tó7Û{<ÖÞ$C×?«zÛåÙ;1Œ3Š&ÏûÎ i«ç¡v¬0Ä݉^Z?Þþ„PäшoßQç×ùOGonÎ.ßqGþZá÷mµãéïF“S¾Õò×Og ^˜–oôm Åÿù)ŠïP RFõÃâä?'ÿú¤“ endstream +endobj +1122 0 obj<>/XObject<<>>>>/Annots 456 0 R>>endobj +1123 0 obj<>stream +x•ZMsÛF½ëWÌÍÞƒ)|äiK–lGµ±¥•äò! IÐhÅùõû^ˆi0†[©RôüÐ=ý5==cÿ8 M€ÿB“E&žšbuLü „üq÷é,M3MñseÂ0™¤=ZšûžÌ¢É ä,á—È)Á(™L©1Ø8šÌ5«0Ø,œ„šUxe¢(˜ÄŠÕl<6Jc°i0‰´¬Â`çñت â×éžÐ£^[Dw5›Ì&™f›N©Y4‰¬ÂX7ŒäÕ˜Åô×± +ƒM¦cY…ÁÎœ\W㕉+½nhý…†„þÆ( 3$6+Læȱ +[a³cáïƒI~«0lF~aÕÀÚz„ÓŒÊæ\UmRjà HÁ¢ ‘Ç* Vþ\± +ƒÎƲ +Ãà ¥1ØéØ*ë|äö‚ãpUÝQpeæ)C6p +  dµ ¤Æ`Ãé˜U˜®ȯ’U˜¬Ô±Ó¬0XìÄ‘¬Â DÈ=ïdm=Séý~$õd÷ÓŽç …cƺIÊ8Va°³Œ‰w¬Â´J:ÂÀj ÖîDÇ* †0°Ø¨3“¢M°!`‡Ï{@Dbg³Jb„¹)ÛŒ#5;<Å* ƒ’ p¬Æt†ÉS¬Ât&Bˆ«0š’¥e5 ï´CRÅ錕„J›ÐYËM3Ù°aÈ®™ +rdÊ”ÀW60© ’ƒ§\Ó± +ƒ…õZÖ®Š.Ä“ ›œêU‚8Ò v 5¶j§šÅ2; v&©s² +#À{¢Ó¬1؈e£X…Á"ÀHì Yc„?d¤k2©C{F§‚$Šrf[ “Q1p×± +ƒ•N¦X…ÁÎYþŠ• B¿ÒÔ-’u†Cáœ9omny¥hìã!<@Y²²s]öEÇŠ» ö”-žYÅCÝ'Ö¬Â\v:–U˜&³lœf»l–Ø’bKpÕ¹ƒP‹ ÁÔ,ŠdªX«Ç›œ‚¹¨Vú†…ô…'±#5+½W± +sÑŒ& Š5†§~ÇZ“¤±y˜ôD€xêà`Ò@ö&õ’!–âŽU˜sTQ¬Â4˜qV¬Â48bœÍSNLIœÚb +Ùº,’Š`—N"ötiΪSÓ;ãDØI§ lÅ‚X^V¦'é˜UžDœœ¬ }Àò‡(6ØÜ$‚D±Â\–Ób‹ Š¬ÂX6ˆYK«1XÙ¬ŠU˜Á—8 ²brŒ¦*c±˜h‘3y`ÅDÅ*¼3Y±bòNÖšèXw&+VLdÓî:ÖšŒiXÎ+6’X-ž;“0 eŠ´‚SîlVÖ[,€‚ +Bá ©1XlN¨D­Zt–(j œ±ÇAªåÍÁ‘ƒMÙN«0Xt“™f¥}DzÀâÿ1vîIœÂ`e8p¬58²W!»c”T‚XÑHÁ⢃«0X¬¢Y»(š«d-f|H”„ Žx:S-w†c­Zlˆ>§àHØ;"d„‰Á‡YÈ)¥ð3Q¤Æ4(‰j ãk¨dÅ íÐõ‹Ä"Ù` O#ŒrüVX…éi†jq¬UŒfévj$H)Þ±¸cÜVø­° +Sq€?W¬Â`±—àÏ k—Å'ýnƒ¤êÅnÛA‚;À‘V0îGGë¸ eïŽÅåñw¬ÂPœqS,t!l¸óÉ!W‹D³Â4JÒ.ß +«05'̬cf›å€áXÁ&,DÅ* ššA³Æ`c-kC…¹Pæݹ 1vRl©1XªÕ˜¡`ÛrŠ5f(¸Õ+&…¸ °Ú0ÂÅä“vœ5Á‘C-jÏQƒ¨Æ`1ShÅ“å5RÉ*Ìø³µ:ÖŒACêTô +p÷\oà@j<ìXëÀNÖìX…ƒ+ô²œHC‰¢5g ;FÐ9 ƒ„ZÌûðt 5‹½;VaºÃݬX…i0'VÅ*Œc¢×š­Áò3Ðìñ5ØAÌ{¢#5‹³ jQÁf¼ÿ+Va˜„ÊGI ²èR€‰êeJ¶€1TjåPq¤Æ`‘Æi¯‡¢3Y…¬]4¶3ˆÓ&Q…é뜩s,O¤0äõÓ,ÏB (© ±Ñ5©1XéNTâÁOä:†á ¢‚¨WH<<Èt£F~·¶²‘fý¸*wIŽ›ös!Öã³e¿ÿ¹|aKÆÃÛqÒœQeô0Ä|Œ»èt≗“sœÜ²ç K€§ 8ô[¼{ìt*Çlì8‰ +¶ŠŒ ܦò;­œ ˆ°”á"ÇPÂ&Yü]„!„€çkO½8;ÿˆê +ÍÃ꧳Ì<,ä>0Å[4íhò¯‡?öŸï›ïæ­yŸ/ß›z»^Œ¿@W ¾Ì;ÊC!õÄ^=ßžóÎüØæËê©*[“›«z•WksY¯»¦^.ËÆÔkÓ=—f]v¯uóòïÃëÁþñ‚¡wÉßêW³¨e±oPØvyWa§j½0Uׂ ŠÁÏ’û.úƒõí¹\›ª7n¯.áJ¹(µïö\I¼Ž\æksŸ¯sóX"rLÉvó÷zÖ›ŸzW±á2צ-;ýy¿æû«Kæ=pºü³ò¦Ü,«"ïJ R»zÜämûº@V–¥g™wøû%—s˜î»º©Öß­ÙoZóµ-›óÏyñ\­KsQ(âÎT맺YÙJ@ù!²¿_]Üš«ª) Èÿ:¡ê’#~Þn›MÝ–‡µèL`ðöëš[b±-X®§hòïºûífS7]¹°^Þ—ÍϲiOÑy$ÌÅs¹Ê¹…¹+—Éö¹Ú˜®–”Þ}¼Ä¨dq¨þìÃ~ÊŠþÊDxª¾o]rÍkÕ=‹K‡ +ÝúHÂn6åZ*m@‡«ç‡7ƒ³ø°Âq @§÷*ìãˆÆ‰°B?Þ´f•¯óïåª\w‡µÍͼºï˱í~‰î–}æÿÈÚÌ«V¢Únʢʗ°»ëšêqÛ¡c½ÌIõ8÷®óáÏ|µY–(‡ëæ¶Ï®‘V9%FîÆŸÉ_cË9xY¯i­ãDú+ùkË%ΛdzÔñ6úÏrè@¦µ›vlÉö±Â¾^ãÀ[.¹OÕ¦ü±E[˜ N” ÑUùXåëÃ+éò9Vë'-tW.~ËO¨Sü5å±lpJØþ~ŠÍGzXÙá„ûUos^vÅùKó˜NØNQëOïeSîN¶¢^mPí¨B{ðV¼—Ícù¼­Û¶z„ûeÓÔ¾¾_‡þ†òP¶ NI +<õ·›ÃVŽ+ÁßH¨“õ&U£½XV'5'\Ö¼IÿR£e6kì¬ßÕëÕ¦©¢ô›úU6 ~Ùƒ‡õŽ’‚¯m7ˆÛϪ|5õÓ û°JAܬ½ßï,ì{Æ•c–ŽÕúwÎmS£rVhm½Üž6VànøÏfæEƒ²DÇzÄÔîIÓ^8MOÃĮա5¼߸·Œ“Þ—T©Œ¸ß®¿Ü£ô¹NÉœ¿È”Ö!‰œ/Í·›»ÿ|º»ùz{Š~ÿÞò꿺ù|qýååþMö±n +w0aÃ=ƒ‡Æ*oÑÂNÑí?ž?ç/J5”ö×®Óu9•ÙLþXo;VI¾(`°É zëkãMƒæ3öÏùŸ·Ë®âdQ­…§¼ði7¢#9”;ܺxYÐܶ[ŸÖQAãyíÄh²É›ª­×ž¨=Æk¸WÑÍfY/%{æàUϯ§ï‹ãÀî&˜}küöü^þ,—‘9jÖ¾6¼Y.Ì›§ü¥4µõó ~‘wfQnpÿÃÙíyåØÏ°•{D÷g«ÙʱÍþ6{Wæ ÓVy®“çù”ÇG¾ï3¼ˆÍc>ÄÜ_|~aÐôÿÀïÅ–£ëp±yâÐðs\¬ñ´x{ñØvM^Èx–à_ÞÌf Þu@¤Ìà‡‡³ÿžý[èEÝendstream +endobj +1124 0 obj<>/XObject<<>>>>/Annots 501 0 R>>endobj +1125 0 obj<>stream +x­ZÛnÛH}÷WôÛ$ÀD¯ŸŽ³¹ã7rÖûš¢lÎH¤—”ìäï÷œj’]4Ô†XPptX—®ª®®¦üŸ³ÀÌñ/0‹ÐD©)vgóÙßð#àÇ·OgÉr67é2ÅçÎ,糨[³:Spg‚y8>IÒ +.ÂÙ‚Y: M*ÀqI6K©4Å& J„Ò`A‹#i•Æ|dg‹YfRTÞÔ:’V0Šà,FäˆE)˜RëH¦Ñ,1iˆ˜PpIN€:HÁål¡H+m²þ99Ìä爃#E0É"š°`´8pAD厴‚H +ƒÃt@R%5Lj„c­hº°áYÀt"@l:Á0˜V0‰mxäIN°çD-2ÉHZÁxnÃÍ“  Ö>@Z¤rGZÁ¦ú‚LˆE±ÑsA3<#D„ø’á‘°€‚ +îPnH–ãD!NAxŠbEàÄ•jÌg\ÕÈJE&(SVd0gè-Q…)*Ù’gÉŠhŒbdM.2xd9©6CÐÉ"M¼``À† þ·HŒ*lÆš…›0sJVa°C¨X…w&D)$ŠÕl¼˜Èj v¹@fÁfl)ŠUxg"TÒ°®Wc° +ÛÉjL6›¬Wc°èlˆ³ÄU4+ ›p¢YaT"R­#©1ØÍÉiÖ˜U<õ¹Ï¯|;æWÊïÀÚ|:Vá1¿Žµùdm>«ð˜ß‘íóÛËöùt¬Í÷À& Ú–]}†æ;¿bFœC©îQ³Æ`ag®d5›ò„rš5fCÖ¤Ó¬0X¬Ùw¬ÂÈQ°bGVcæ7hÖ˜ù'Ñèó/æwNVͯÃ`ÑÓ°"Ç* Öjv¬Â`q@¡&«0²d»ƒ¥«Œ²3ƒ²«0ØŒ‡–³«1â±ù:Vc°q0ñYc°XßDVa°˜t¬4»LدFŸ5f~—Ù>GQ‚o™#‰† µ6ʨٱ +3ƒ²«03²®«03˜p§8VaÄ^iY™#JNVcDã +öѨYc°ÐŒ^çX…Á¢‹h¯4fœ9ì9Y{ÌaSó˜ã@—I È6r¬Â`<úµ¬4 + lö”@ +²)r²H; +DZ +ƒEiÀ+Ç*Œ@"TXîÈj 3&ŠÝ± +3 R#kËŠ­†sO€gÒxR#>+ M3ЬÂ`Ñ41ï‹&‘U,ŽÌ‰f…á‰TÉjl}žh–qƒÍSÚ È +» +Ó+Y‘c%gƒlˆM¯FVcØM9P8¶Ušõ[?dóë0즜°«0XÕ¼Q“È* »a†•9V +6Jì]ɬE"*;²H‚!Ï’µ¢±½-õ¢‚”èÀJK‰«0׃›š!5‰¬Â\3Å* ƒ7bád¹m",’%‡‚ÃÄaå^)“é¡784 +j 6ᬯX…Á¢4µQé.©dFrÙ£]aô©EäÂ?﯇¼EDÈ!å„MÜ"°š‘Ô,&ÌáY ¾Â\ÄÓÉÊöq¶Jƒ‹xÖ[$² +CÓi Y…ÁâjÖjFô¤ÁYM‚”浚«04ã¯Ë%„¸ƒ±$dÛY@½ +¢$xþ9N¢Jû‡R‰¾E´ddoŸxU È)HA¶yGZA¹ âj6g„ˆ ƒ”eŒ¤D{–Ë9û!{³Ý1ò®ÂBb>‹)‚AfoŸR™ øD4©1mòš¥X…©˜…¯X…Á"– Í* ñ†f´kZÚ›­ôõ@€øÄ„r¢cVaR, § –r-ò 9é,w´#å*ˆYT/§PÐ:ƒsBBË$ðújCk9ŒqrwhP€tçìSŽ´‚8¸yå…Q €‚Ü>|ù‚±ÄÜp^hK³9{svþ1EÌÍ]/®æf-¯·ææ¦xƒšHfooþ|ùÖ«½7oÌUþÓüÜUû)[P~—fïƒê¨%õjù£)þªêûS”,¼JV9Ö³kÖewŠ¢¥WÑͽٖOåö5™WÍmµ.ͶªOsûjjNÞ,JŒ¿•ùÚ´ùó”?cÜ¢¦95·mµ/OÖzõˆ;m¹®Š}ÕÔSs¯"¯¶«r×´¿Ì.|<±Ð¦6ÝWÛæÙ\n«²ÞŸTh°¯ªB%TõišüÅmý1ûC}êý5~õË|+»ÃÖ·¼wØ¿nËùK|•ïîr“×kÓìÊÖ\~ù¸2Åk{¡Ø_fWyQÕû¦{ôýmâc‚«¡7_WaŸÒãz^8†K‰WÕgTG‘×æ‹)šzSÝÐ/¾®ÎCs›·æ²©ë²Ø›¦U_Æ&ïLÞ/ÅlÀIèN\“U¯»™oêf?¸ôãíïÖ%Œ/¿ã'‡ˆ>†³Ÿÿ³?þmxP°Jů¾(ª®;”y~(kkþÇ’OeÛaßÿxkªÎºr­Ctb`ü[˜Y7HÑ}¹7-J å¹n+XÅ÷Ïõ¶A3|nZž²~I`_ºë/w…? ·U #(¾…‘û¶9é÷ÎíæÖ)‡î5N»qª÷ÀeŽ` ÊL³-xÒð2¹~ÍCrË’óß²å)q🃲pŽQgU¶OUQšk&5<®xê§løüõö櫹(Š²ël³1]sh¡½ÀhcžªÜ\þkuÜƤ$ñ;Š· ¿Ôû¶YN<Àq­÷j‚/ƒ³ûÆt6ížèýáÞ£K¯ªþO¹€&ÿ?•uÙæ[SÕ›fêú‘Cšü{üCywè‡`ÏòTà¡É¿éPie[é²m›ö$eþMw±GÛ|`ÜQk¹i5g* wË)Köi×ù¾xðÍê“Í‹75SS®0>ñ¼†Y#[yúè±Døz*Ëïªmµÿu\ͤÈ^ÛNŸ¯¿ÿû¸ +È×öÏêò«ù^W?OÑòJaýã‹Çó¸€Ë”÷ÙùÏ0ç ¸;®.®Þ_˜ë¶ù“óÙ‡¦8ì0áçÃíãß¾PàÝ"Äuýæâ®Û·y!jŒ÷RËeŒ«(ˆ”ÎÿýæìŸgÿ·TY™endstream +endobj +1126 0 obj<>/XObject<<>>>>/Annots 504 0 R>>endobj +1127 0 obj<>stream +x­VMoã6½ûWL·6bÚ²ìØÎ-)ºÛ=´‹n|é‘–(‹µDª$¯þø¾!åÄIÓmŠ †-~Ì›7oÞèQFSüe´œQ~EE;šŠ)žðGÆ_>Žfë…Èh1_‹µ”¯¯D>üjèŽ÷Ó"_‹9ÍWK|Ÿáß)ªâB–Ïqè……|&®ž?¿ÝŒ&Ö4›Ò¦¦«åŠ6e„‚'Åŵì‚r€E?ÙKŸŒ²iHš’6ʺ»ùùöæûÍïñžl™îG ›ò"8zTGÓkú¢dI¡VÔJCÜ)ŸÎÍ)ˆs³%0âÜæ|•Ú§·}P%t¨SP*¬ Rjlðd+꽪ú†´©,ÂÈ€½@Z«¦cä;èh{~‡‹}ªø7C˜Ò8ËA—Ö¼´7ȶN;Fý€˜ñ +îHÞ¶*ÔÚì¨Ñ{uRAR¹B}pãwi%VÖ"_€i,g«ŠÆ|µo·¥XÑŸÔZ§ž’2ŽƳá¶Ïˆï»w…ŠIs¶®•A[C"è¬6Ì2Þ#Ûw²ÝJ:¨-yÔeLø©àÜŽ.¨¡»žL‡ƒð|BX·{º7*{Y1ç•Žifb6T:»¦Û^7%SÃÕ¾ÕF:ýZ±-•\1í/©Ò¢r=8ÆÑÎÙ“mbd10xAb‚ÒWz×?'ëÅAŽSE°î(hƒëÉ׶oJ’}°LY%YFwI!ñvY&Žl§Î )ôAµ'Q-ïõ¦÷½lÈ(Uz†`¢ØZy„ +}Íå@R)‘D⬠ߦՓPò…XJ9Ë—ÆctÚzjœqÚû ’D"Bz¥èÀà;UhÀ³ ÅGl„§ŒÜ6ŠÙ`õU=gøa¶rÿ\¼Ï€Å†,ÐQAÅ2miúl +E:¼GúÒöèäX›¶Ó äÌË€Ñão@yDûz>7ì{2zº•ËÝKÐo*¯: q( þ§“èèÑEzÿ6šOa@àë¹À§ÿ¾üõ0¿ØXQ(MGWVÔwhÞhÜDݬîµí=Ý+çÙ¯à٩ɸº­ÞÕ!z)7KtàhâìM;bÓc,gÊ;NJJž¿U˜‡F¶§y!éÀï ñ  Ç~¬ÝF)‹=å‹þ’Î[(DÒÊ…×éH«4¦*ûà)Y†Ù'a7î›tËΛÎ;»æF&žÏºí¬ Ò õ1}ŸFu§9{Rªm’ÙtüŠ€2ó÷³Þ;+ž‹eçÖŽU·k(æ}±?^âaŒÓ` »:F“…YN‹“fcèɇ`@f¸Œ¦“Œ9Ük¼ĹŽâm“«Ç >ÏÓÿ7oAóÕT¬Vó4á— ðÇÍè×Ñ_Vì÷#endstream +endobj +1128 0 obj<>/XObject<<>>>>>>endobj +1129 0 obj<>stream +x•V]oÛ6}ϯ¸ëK]¬‘?ã8öÐvi MºÆÅ4Ã@I”ÄF"’Jê¿sIivÔ´À8v,ò~žsî½;˜Ò¿S:žÑ|IYs0I&4?:JV´Xãó /+©fG‹döÔƒ““o/¼^ŒßžÐô˜Ö|,WSZçû“ ­³Ñ4Y$tåå†æ§ôÆJá%ùJ’kRÊŒ.TÙZá•ÑT¨Z&/Ö_`nASXas‡³ãd ƒ£u%ŸÀˉfSË'.;R:Ø–_ÃG®MseeæÝöså¼UiË>:Ç™²”ÎÓÖ´¨€ÈÙBÃaÀùtŽ:Ày¿E[×[r&Ì„&'%Uæ!x46ç¨4äM)a²¿™W™Dp˜Ónpq#JTÚXu½;$Ï)/“E—29ÅÉ"¼ÖqOdM¦­sJQÓÀ³Ò%Õê–Ý)wë9¡“¾œ‹h›ºŸÏemRQÿÝ'T*«º2 ¤h €¥ÑõÐ’tKBo–ô |…Ï$²Ì´!D´8iï¥}‰ +sé$¡yø£,Õ¦Dµh$Û‡ÚaâYHõ zÈVÐép8¡›Ñ… @5`ã¤wõôž^‰&¤PaR¡òúãåŸWçïÿÕü2pré…ªÝÍ‹¾bþsÊßßu4v„ÒΣ>ñYO±Êjãûç$(`ŽÀÕ„¹:¼K× Ž–Ä1”E‚«@'ëd] Aýž#q-xÌ„Û´±(½‡ =SAtI›Z ª|Ömd¦ +G‘æƒ Ù04 òfļËe!Ú9¢[}5·|nâ\V„ Ó»ãÖÙqm2QP*ƵJÇ'7/†i¾…¹Æ K¥a¹‰ +'Rƒ|ÌZ«<´Dzȹ dÇrëx/œ +Æ#„…Ó0YÛH=Äħ‹ó¿þ¹:{óéãùúš1ÓéèN–çñ§ÉQ§Ç‹SZwÂg;]‰å<ñxH%|ĺ^Ïýsn³1Ö )€™ÛÄC¬÷¢V9çi +ïù –1†HFN¹bjJ+hv±ûÒ¶Ú :yù;»×ÜÍ킪ȞŽ©. +¸ï–êF“´–»'ƒP»Ã/ì³w‚?¡yl€Ípo? Œ5Ì-RL¬T +è«5è‚Îÿ¨KË®KG§˜žÖ¦`½IóàOãÃãÒíMËk4¢i‘wV>à>Eß]ïÅ– ÙðCâ…5]×wú¡´ôo£„~3ú9rÆl…ýÜPj|õEEËá¡Ù¾y‚hÁÇ“:Ãå­šƒ41ôòKÌS̾m,Äã}ÉÉ1BÃðÕövÙâíF×#”>3MpW#R¶õ„VHŸm–¹xÜ”k¸DâwZÞO£}'ƒxº%#¡5k(Ï •µµyY.Ђ~}¡ØŒbóÀ¨Äî3ïeË‚76Ê¡&H¡yI Ý“Ç RäBõ¬`Àef°±4¦E~Qà=äæßa“‹ƒ"1²‡Ç¾ú¨›ÕÌlwh‹ÔÌìb0×WS‚sää6(Á œVºz\­ÊÊcÉz}תìÿ œ€«ÒÊ+Ö®n¡€Ã;^`vÜÅ®6Õ9V]Þ°%Óž½b¾HßCy /_¿¸\ŸýBk¤V^f˜øAÇPó\ÐRAS¹³tq~ÅhÄÛχý~»'uèèÆu¯º©>]bï_Íi‰÷°ó]½zÿú}°æ V'p;Nš0¹¸r‡ý…Ãã6{Îóoö‹öËÕ{=î¯ØêÙúàƒã4ßendstream +endobj +1130 0 obj<>/XObject<<>>>>>>endobj +1131 0 obj<>stream +xWkS7ýί¸Ðu¦xýÀÃ72IZfBÁm&3™éÈ»2VØ•¶’ð¿ï¹Ò +?0%)a¥û8÷Üs¯ÿÙPß:Òјòj¯Ÿõix2ʆ4šœð{üZIó½·Ó½Þ‡ 4ãÊxrBÓ‚p¼ß§iÞùݘ;ž–¦±ôfú ‡a7îô¤Ï{NÚ{•KŸ%CŒ>/pM9*ä\iY°‘ÚXOƒ£ÓžÏëŒ.æ¤_(}»~Ì/¤&Qà<•¸‡—;ɶûÔ!üiÑÁwý žïÇÙˆŸjégʸ®s:ùÚŒ –ÒY§*U +[.in,NŸôš¢æ\É-LS´÷’„&©½]†X^w¬]²ô¢ßKùèIê?pEî¾Èr£ç›V:à ÿ`DŽœ©d’Ñ¢5|útëÚŽ"<´õµ—óVŠŠPTæA ©4~RUcDʽeæm£ +™µÿL$»ü4}F7¨QëƒD œ‹edS‹­‡Òµ`ý °¾vÐ\L¾VHërcå×7Eå;ûð‹i¶¢¬ö©˜“ðìúd×ñ0ñé“7T‰ÀJYøì”óÈy7JŸ4ë%jŠC• ­X‰%H¥ÆED”öÒ΄ç€Lí•áÚ0CËðQWË\Í—À‹+î+]©5)á^æ•pwL  r+Ó]7:æsœDÔœ›RÝnç)\ìÌPaôÏžîÐGôÀJÈuœY#Š\}è"+NðÿŒÞ‡äd-@n‚mO‘/H±¡ô„"‡m4yUÉCš5žæB•Ž ËýodDÐÉ< †ç^:Ï2ÌÎv›õÅ ļ’ÓL…)Líªîïï>¿¾¼¸üïè#—6öâ‚êŠ<—5B·§cª‚“ +q3d¹©@ˆ"Ýê¿H»Œ¦˜ŒÜ˜•h¬•¼s…˜Q®f"=)ûœrQlímS²îÙ¿ºî +r¹Uµ? Gq0°å9ž¡¹5U¬f*u'JÊV‰·a¼F`ø{®R-íBÔŽ¾q›; ð˜ôÛŸWaærüa¬) £eÉ£SPAëî=7“iÇÎ*ÎLäaÍSn¥ ŽÞ©²ŒRŽyeÙrý”×¼rtq4 ²q6ÌèÆËšŽg—`‚^ÝË3 +â!Ô… +!+£7ƒ±!ï/)ú?•X¤µ~k½ˆ9´:›ê¸k˜‚¬è©„+æ 6,-m=’¯-ø†mF×iS}(ÿ´gì"áùÂl}y2wß™æ˜~än˜¹íÝõµðiì‚Ú,ÑÐsJ>ʼñbVJzÀ8‰Ù®“/*hÆ/±Ïààbµ;ÛP( ƒu¨Ø¶¥ð¤ÏPmc aq—íR6ϳY–µ8@›ÀWäGÄ?ºÕ¢ä¡ÂÒP[µpiå]廫CݳdžKz ÆZqeÀ‚̽•fÞÍ_×#@¹ÚJs„aFFÌRÆý{a»¶s¼ÑbiKSU—Òõܽu²Mý ‘´k·Â…ÔCÑoxÿà ÀÓLGËíI;'c|ʘáóÄ îk7çßžÓ•5ß0xèɃ¤¢¹cwÓ…îÉ<ŠÎÿƒÑ|ŸŒ +0rÊy½Ÿîý±÷/Xlä¤endstream +endobj +1132 0 obj<>/XObject<<>>>>>>endobj +1133 0 obj<>stream +x­VïOãFýÎ_1=µjˆ'!?øЊ+G…t@¯I…ª¦6öÆY°wsÞ5!ÿ}ßìÚ®=µ™¬wæÍÌ{3óù(¦.~cõ¨?¤¤8êF]Ž'Ñ€ãž{ø+%-ýÁi/ŽÆoôOQï­ƒ¸?y}ãýì¨s9¡xD³%¼‡§xg–|w»4KZq4Šhê䚆g4+·”+ë”ÎÈ­$Ù•(¥%ñ(T.¹$£ikª’¬,ey<»‡uÄëíÞ(ÂzëÛp×'“¨ +ç8°Å"É•ÔŽÚ)¼Ô¯_j±á•±N‹B†£A}ÔöÚ½!R#¿› +ÈL•§”IG ‘<ð¸É,ÿ sDWKŽR£¿w¥&k +éV´²¤tbÊR&.ß"LW­#Ó¥vÜGÞáþÆ8‰{‚/ã}¾jRJ„&‘[C I••)9ƒë’6üb“GTw/—îKú(ôµÐ"ÃcHŽ¥yËVÉŠ„=ð}·¼ËæÇ ¢&!uDÉÊë½—”ËG™@R•ÊmC˜u!¶´Tð×T Î}®¤u¨3­…µS¦ˆbi€V9Ú¨<ÉØ8!.ðÖ§ËÓ¦ ´«ö~9[@¡á*×MI©t —4#äDâëÄ;G™l¼IâF!ß•Û»=À%Ò´¡°Y;Ö¶ûŽ+ÂvSÀ +ÃZF4ãúµA°¦|ÀnEÚèvHOງ(žÅÔî!¡ÔZC£ ¡Äh 1oŒÝVZ=Õõ †þnÂÝh¨ÓAÒvºéF«’¿Ðl»V‰ÈAp,öšª½4Ž¶Î÷X§,8~fÝ‚ê”á*mìË4ØcDýÝÎ(—àˆ·ÃhAŸlñ……f•ú½ç•x”`( *ý"À&Ý܃"hyÜRåÌ´@N‹¸ 1ªÐ0î+Äèí úc…–aÿdyz)¬5N^ ü‚»C _B òIktÙà˜2>µàèZUÄÄõðr“!<_.K„Ë™rÛµ<{…¨i_Ñ;ï®Ãvƒ†öu/~¦þ¤¦þøõ—¥) Ó‹Ûé qã§ғ§6ˆõºA=øòfæÏz't;íôNHº$Š¢=¹4„á›õ˜áZ¦Ò^h©²h"2ûrà?ÍçwW7·wÓùü‡W3£Æq4©‡”ÆPAõ)=£9~‚þ9ÓáùµºÂÝÝ|bXëRyXÿ+ |íâ70­É÷dß°°}ì+ã÷Ø1%rùÆ(>4)s¹(…“'[ z¢+ZTæÊÚ”î›}þ |Ï܉»Ýñ ÂC#Ö™¥ ?–ïЇ ߨ;ÞF³ö›6WP¡ë”Üç•~ w›•¡Mæ5T²FH¾c•Â®ÞqoÐtE¶Ê2Œ?/ŸC›w¡‰L@_óL×|mæ¿?™“ãÁÈšC+-°Nlô¡¦ÑØü¾D…ÊVù>/XObject<<>>>>>>endobj +1135 0 obj<>stream +x…W]oÛ8|ϯXä¥.`«–“Øi{Hœô` u}µz¹y¡$Úf#‘®HÙñ¿ï,)åCi¯(š8¹;š™2?Žbâ_L“Œ)+†ÑÆ£“è”NÏ'ø<ÂÿJÒÊ?8ŸáÇ_<8=F£_=ˆ'ñë—ÉÑ»§Ç”¬Ð}|>¡$'t)Éz{Sù^å²OÖP)©Ä‡R-IVÒFXÚ(GSW´­LZÈ’„Îý³“U†Õ¤\DßLM™©‹œDZ56»¤ÛÛÛ·É÷£! âàNòžU ÙLhJEvOÊÚZZ2+¿ÃŠ2ƒ\­¥uQ³w4KØ{»‘š±ÐJ=øÅ-¤ÅÍõÅòš¬4âw z› ‡ºèÅHr“Õ¥ÔN8e4ÝõL…eu•IÀÎåÝ[fÀm„ãÅÈZ>8ÚÊÊbã^Ú£h‘Â*Yy”ï>¾§ ™æÁIðÆQ<Œâˆ®”Xkc•^Ó"h¹Åsi#–¦7[ù÷ÛˆhÕÖ‰¢€›7Åë0k`5jÀT^ÞÞÕìâïùçål¹÷²~ϳPø›ÏŒ4%ÿÑ23[I³«ß¾U Ë×µüsž¦©’ý†±oŒ â£ñSÎB¼ô™Ó%i'ðC)¾›J¹§'W†)m"i¦É¹¬aha Ÿc;v2Y‰a^™:d†–™´V„Yä˜d>™É€·P¥ +ÅA +SîL‡\o$_·4–ÕJ%R©(søÊ!Ra¬=öZK…º—Xá‹=šÿù¬øUx¬[)£‹C§m%K¡4»Yä;L›XK&¦}nëÛ°×}›Ôf55L(‡çíêv u¥•ÕŽ“úd ÆVX‹±È}Æ<;.¼î¨Ûš¶«H.Gà´·îk>Œ­Yh¤3¬‹ +õCÜš‘¢à¿9ÖÚîäÝymqøÃòHôg8_ù¿ é×Ųž¥ñµ w7‘šÚ=^ê-¨{®ý+I|-o€ +vøŠ6&;o.€ñFœŸà–ÿž¯’Ë‹O—|3øŽ£®ž_¹Ú ]>˜ŒðÇ@ÞûÃeõtrMÆç¸ÞòÚ˜K\'Gÿý»¹ðendstream +endobj +1136 0 obj<>/XObject<<>>>>>>endobj +1137 0 obj<>stream +xmVÛnÛ8}ÏW ü² kmDZ݇>8M +›&ÝØÝ¢@° Z¢j6©’T]ÿýž!)ÇU‚¢ˆm‰s9—áü8ÓÿÆ4ŸÐÅŒòúd”h¶x“Miº˜ãóÿ­¤2<˜\\âë+Ƴ‹—'®Ö'¾Cã)­K$™ÍÙ‚Ö!ÅhDëütœGÙeF·&RúÛÙú;Li<Ž†“9^?½×’„•‚v[•oÉ™ZzUKG¹hþxkÚM%I9ªb Œ#h8™¡(DXo%Z@ ò;C~ßà”)»·S\-eAÞÐFR#milï›= Z}¼"'íOi3B(*•užÓ ¬Ì-º@ƒ”v|‘M8m¬WT•Ù9„É+%µç\&~°B“\ÈfïQ‘ÒøÍ4R#A%c*‡ºà\‰…Ô{ªM!Ý?zrÌU©dñ"=B‰Œpä>0¿Õ&k¡½Êµº–>kõ‹¢ó=ª,#:(­©¡‰ãÖÓ/Jh6£¤uÊh†¹WÕJÔ°„¸&´?Á‹Eý  ­já~/sí«ÇÓÇ3$@-nLA|Uñ˪n*YsIE{¶WT/óFú$ÏÄZ"/(z½E¯¹Ð¤g”mUí m¢WOE‹Ê 0¢B*áÐ`¢)TEÁD•"÷½ì‘.Jub@ Ø|ÒË!‰£m8çäß‹ ‹¿³é9Lð °Jº_…bzynÉ8€†\Û4Æzdó€ð.Ñ8£ úfãœb{¡ŽÇ=®ds„š­üÑJ×oYl (DñˆùlAHŒ5 ö;"réÎÞPx„<À¾R`º 6n_´‘5–Ž€5b’ƒ\O¨™Eâ%Š†8t,¸Ž‰ +:¯ö æ‘À2úP’èyÄJè9Ê1ü A7 Ž5Єª4>ñ‹Ñï£!#rN±-z`sC)ÁAº—;~ŒÈh‰Ðam à7á:–9FWh pïÄþˆp\îÊñx#·5mUP¾•Pph +ÜÊÊß³ð:ßY/BˆqÐd˜8ç[ø—!ß)¿åÞ{ý  #kïŒ}J°ûÀ¾ÃÈ 9j¼aÞZéâ´Mž1X +*•3pQmà?Q!4/-¡*'P¯p½äÉïqv²\tß‘I¦ê3–=-°aÆ/R\pY\\º;̳^ã©îZþô.N f1^.a‡dV!:/|{l‚ €™î"À‰ÍØ2£bºr%ã~äêM†Õ°ä;“=’Ç5ˆªr©ÕEÚ¤Ç3,ò‹ ºœ^†ütµüxµ¤OÖ|çÅæÚä-/QAAÜò°;0œO°§¯íéÓù4›ÏXëùù„ݬOþ>ùæ ³endstream +endobj +1138 0 obj<>/XObject<<>>>>>>endobj +1139 0 obj<>stream +x•VMsÛ6½ûWìøÒd&¡>kÙ™ÉA±åD3¶äšLÓLÓD‚j`Њþ}ßdê°é¡c{Æûñöí[üu2¡1~&´˜ÒìŒòúdœŒi~q‘œÓü|ÿ§ø³’Êp0™Ïþ}ð.;]_ÐtLY _g‹sÊ +‚Ÿ1¾É_\îE㥅#ºRâA§ôMkɉz'ÈIû$íËìÏàf²ˆn^ÏæÉŽ^L“IBkí­)ÚÜ+££åœ&“ÎrºHÎØ2Û+G¥ª$åF{¡´#A•ržLI^:ï8,åBS#milMÞГ¨T!¼Œ)¥ÏRBXO¢r—«*^>ì…'¿—ðû(«#ç2¦×“YÌ5­“!,kv•¬ I©’”§R(xúHF÷V0w^6±‚M#œ“0ª*Ž‚Ó˜7þ×ì¾Ø­ØUG:û()”Jˤûnz–̘ϨÚíM[TZÞÜ„ +‚çW¤tødl&Áê ‘ íÅb[% Æ(V–m… ùÞÎjÂLàl—£Ñ8Gýƒ„rшª”W¨ V%;í¢Ja+Õ{¦ D¸_Nê‚j àHÖ€´92…NGa¤Ó?ù€Å),Šp#$¯ 7Ue\Sƒ førY´ tÀùv@ñõšÓÚÆ*Ç—€E¿¸Š[6&rfú?çm}š€ñKçÚºaÖ:3ºþm×:´›9 +ÖÄ~¯ ø§.øÅÏ„ðý'øåÅ'_Œ2ÎQÓ ._^É•Å í¸€*ªU%l¨˜1) (‹ZrpT{7tñ=^Ü©Gm¡‹Z w¸ Ί'p .í1FÌü@WïèTɸæýîœL4u]75úº9Mè3"²˜‰¢þáËî"‹íŽ|ÂãVÆQŸ õ±ß°ãÑõ˜.z)GÅøþ裎¡ùP´¶®¹ÅoAÒº1VØc[GCËF€oi/Ã#+EýƒT¼¥£üÁTD)ÿ°JW›)-ÓôãíŠ@òt½ÝðB‚Üoïéf™÷ÛkÊ>¬(]Þ¾[Rúq­J·°¿ÜÞÞ.7WiŸ@'Ñé‡í§ ]­¯h³ÍhõÛ:Íh½¡ÕòórßGéoõ +zWIÙkÀIá=@`®AYi-YKçÄøÂ<àYƒ¨³Þg‚S€‡eäy—D.’ò¬í$Z4H¹Õ%„XÀŒwU* 9Ë÷2üæ‰Öw¨g¥3U²„ÓÜXdäqßIOm“|xC·$¾E9ÄIŸ‚—§ÀÒ¸W£0\xˆ7wWË  F~ÅÎË{Ë&J:ŒX_ƒ°]mÒî @"Ïb˜ÀaMlÀ³rz”ãW¼ÂHªèy³G9m…ô1§X_™†Ú`˜2¸Ûñ‚8 Ç¼ò:`~ƒÆ²67φÞï)ÇûõŸÁ'¿9¾™`+ðûèõŒù63~Ú°M¢ÕwÛm°¸ÎBqÿ æ ¹ö*ßG&à«nõ…J_±j†‹<²¼z 'VhÏFðt€^`-woHÓN²ø}Uª‡ÖFÍ O.€T +À{ ]Ÿÿó>›_DQù/Áùbž,ÎÎ@˜Ì8±UvòËÉßžgdÛendstream +endobj +1140 0 obj<>/XObject<<>>>>>>endobj +1141 0 obj<>stream +x½WÁNãH½ó%_–‘ˆCB”0#Íf…Ä2ì­4—¶Ý&=ØÝ™n›$¿¯ªm†Ùã!‚Ý®îz¯Þ«ò¯ƒ ã3¡Å”Næ”×Çé1ÍótJ³Ó¾Oñë5•rc¶˜¦óáóåÁøëŒ&Z–ˆ5?]в Ä9>¦e~xãý‰~¸ÖS¨³4w¶¤ÒTšjµ£LSårÕè‚ŒýD–? ç‘X‡cÝäñRþ¾ùwW¶Á9R5ªÎÔ¸2Y|ò#Mfñ`£“IŠ¯Åá4=I§)-uhhú:þ1¦|üÃï­¥f¥)wu­lAÉÚØ:¿úóîòû?—ß*½«eÅí½,8»¸¾º¼YîÝn­ÙRæ¶)]•´s-ÎþÑЃnxgì7ÁaxGEOª2Àkgƒæà–Ÿð´¼¸_ÝRpe³Q ò®ÁÙ¼×ySí€HhTUé"í‚Nç1UT#[oLU‘Õ»q„'|CŠ’ÂZ#›u“ÐÆØÂmÈÅä‘z@ÁÙcwù D©uêASP;*Y9€Ë‡,]k‹„Ø7µ©”ßËëËÍÝKRXÁ|ùÉ+$æ9Àé%ë ›v \díB0ʪ;±”òiV®mˆwÒ¶ñF#4vbjƒöOÚ yyep÷ˆ2,½"B[뎬Áî+õÄE!À¿‰èu­ ‚º’·`QdaˆÜ€Ya•×*êÍj'SmV@L™Š32R/žJü,c[¯7`ûº”Õ…T÷ÈõºR[>Âàø¾­€ ªÀš‰,oœD14GÁ¥_-ŽŒïG´Ö~¥Ö²a;‡Úx •ç`:V¿êÒmfîþ®myc>lŽÊ×ôd” oÖåF5WÞƒWuzÿW¿þF¯'^OâªÞ~¯WxMd•F×ûºíJûE–Œ]@‘T‹¥\”.TO BqI…T7Ì&SùãØW’ÐÞ£ÒzaÀ÷c(ŇZdœ«‚Ö(8•àŽHžQÉ°õŽ¤Þ4ªX*ütµ7€Vô"MÉQ”_ BÛH/‰ÖÒ¢äC‚Á˜oé=ùˆ%*W¸˜h(W¤Å2–)]¬tþ8Ø{ÓÙ‹§7O¶A’d¬•¯[£ëµóʤÅ8JÙ]f©´A +HHölÜ¥ƒs'ƾÉðê^‘“€ óä¢÷ºD(ÀÿÚz…¦:+z£à~ÅP guR|öôgÿ%òœp7El|o Ö…áî'-mñ™âj÷~|ž©P@Nôk)gRbÞ~X¨Ýa¢Ó½¬åüp²Ì¸0 +ïÐX·ñ¯¯î–—7Ü$Ð@:±˜ÿ§‘Jþ³ð“‹ˆÀŠ™ˆ£1¾’½À­·ž¯ÃS{>$k$‚V(<Ñ:âú½8€8Ó\h­-áð¶¨Põ²—A'y–R¦sžÅ×EV}Ñô=^t:Uµn i’à_”¡úö5ظTh¼²G¥ki7’ „ÞÜ&Û®ÙN ´"¥³*¸Ž0C†=6sØ‹ñþƒt©°ƒglIŒ$HðÁîÉ@Y¬Dó êr- ­"oœ´½ ,„û3¦#zÔ¾ÎèTžŽù³Ó£œ"Þ‡/åi>Ù¶Îb‹ ,¶ÔÍÊä+ÉR&»È-›J¡aÄp@øº.`é8kÍ“S€rvå A$Æ@”«`Ü?ØRŽ;,`ê;S]IJköŸ8O”»p:‹ƒu?qÚ`£¤Ïtv}ÝòPöz™xÖm·Ûtïw¼Ûýæ± ÓNj*ú&€ç}¦±™ìOÍ£éœ÷»Š-YepÅ#¸MttesN€N¬ÑjU`ìšHQ´\2 ¨¶q5Ú:†bìÚxeCÅjF÷¬ý‰»é³rnÍT¡Ö¨ü-`‡&S¼à3[…iï¬+®ù|¥,¿ÈÍÂù¿p—ãEŽ÷GÁò‹£›oK˜—Ž’÷ÈHÐ|;½c c@•R¿V UÿxNߪ»¬ ‚dS™f'ŽÑéíy ‘öÑÍÞÝ%/,bn3¥ÞÃmÈU­´&\âËq!_o}.Ô¿žvoI“9:=¡ùÇi|‘¸;ûëüŒn½û íÓ—c˜…p<>ï¨`´˜âíסÙb–.æ§x—ÃÝÉŒº\ü}ð/”“Dendstream +endobj +1142 0 obj<>/XObject<<>>>>>>endobj +1143 0 obj<>stream +x…WÛNI}ç+jý‚³‚Á7l²o@È +iÃzÁZi%$Ô3Ó¶;ôt;Ý=8þû=Õ=¾d DQ$c{êrêœSåoG}êá_Ÿ&Ž©¨ŽzYÎÏ'ÙˆF¼à¿“4ŒzãlüÖƒ‹A6hp5;:û<¢~Ÿfs$_LhVôz4+º…5FAYã3zìÞÙ ÿ °”ÔÉ•)I™ Ý\Ò“5zÓ¡•p¢’x“J9W…’¦ØÐz)Q +´VZ“±„ÖvMÁ)Xûaöõ¨G§ý! +•]mí*Å3‰²tÒû G§ê»,É[k?dÍCƒ1ðÀC—H€„ˆ^UÖP!j/ÉÎ9<^„µ%éœuž”§¥xQf@¨yɯ„vR”rµ1ü7¬¬ Ô~¤>¸É;öMÙ0e4“ÀaÄeÊðtÀ2ìÞ×)"S™áë ,4ñ\¯èôŠ®nÿ|¸¹ÿ÷æžžž.¿\]>=u2úÏÖä—¶Ö%-=*c@¶˜˜Q­¶Sc^ºè†×ÖÔm|ŒJkŽcHC¨$2}7`¡ ˜§µ,F^•Â@\ÌÅ(–ªÈ¨Pð½.W[•NÚ•ÿmÀ˜ä+gÁ]èѧ\€”kfqªj…O¤ Q˜¯ˆ +h3~kgkìsÓíH4dt;oU 7‰ÃðƒêP'K¢€¹ éY#OùIò…S+†l†¾ƒ†1¾S‹eØÛ)Ä€®¸øÕ½¯¼O°ó†`ç?!X +˜B‚ô­óftyÈ{º]^ÿu{s7£ãß_Gk¼÷ òM¯ý!#»€ÓðO(}ã²ó°fí7PO¯12žÇŽ_-°wjŒ.ª¾¨ƒ­`ˆº*–Â(_ÁéØ@žhj,¬f&òûJ: +úÝÊ¢³¿;dW|`ñ2¸RÒaƒÖ`µ5¦¶a'œ«ŸÈàôu²§T4Dƒo‹7ÀŒBàl›ÍbuÙEW‰4o 7“TÉk¥‘7VmS=ÞÄqIôK ã=‹¯ÂØÞ±¦„íz“Yb±^T"|\QZš¸[·Ô®‚ÝrgmòuÝÌžö{9‡ºPwsœñ¹Ò&g´§æŽ>û|ѸŒ_Cü"ÀÂÇH<1hêìW\côÉõnaòLO·œNøéPv_8£É(›Œ/páÓ~\I7³£Žþ’Å&Fendstream +endobj +1144 0 obj<>/XObject<<>>>>>>endobj +1145 0 obj<>stream +xuWÛnÛ8}ÏW ,Öj9v\Û-ºz]ضÙÆ»‹y¡%Êb#‘*)Ùñße§IÀ±È¹œ9sfôóbJ—øÒrFW JÊ‹Ëø’«—ñœæ«%>Ïðg%eþÁÕlùøÁ»õÅäÓKšÎiÁÖb±ŠW´N –./iŒfñU¼Œi-]MËgë8>§é´=>ž-qxô­ÑTç’S–B§í©áÔˆ\¹I +%uM“É»ë?o?~û÷ã·ÉúóÍ©¹QLßMC.7M‘²=MI•5eUË”2cIP%œÛ›ú³|ÿ’ÆÓ«xÆa„›“>šî(™Ìÿ/’Ä4â'¨f»…]¥kãŸ7Z=ÐÆ<Ð^ÕyL×™?¹¸Â'~BBgÏœwÖ}Ü"õ ÐøzhQÊ×dªZ€Õz”:í‚ ÐQ¡´ŒIn_= â™ßÉd£¶NÚ´“º¬àò‡Éujdk`X«Ê˜¾˜Z¾¢ëš”£Ê8§63ä*™¨ìpŠ(ŒÞ¶ys…­åLH8¤(ÌÞ=)Ê}ÛYä}¤¿9™XY?ðWH_ PHÚÓø¸˜¡î[‰B!Æ|{âôuLþÝ?×(¼¹'Ñ–Ö‚W¥tNlüuv¤ªÉ‰ƒ£Hé(TJZÖàß=1 +ûk©ÏP3B "F$A?X+“º8“uSjœ†å†ˆ£³88›…Ê€r½¿H{²üê^Â^"P Ç4öð£ûÇF$; XDjöÞÆÑÝ™:ƒâyþöÖÉ\-Ë»g´ijJUÊ@•/²kªÊØÚ7 ò-ñÇ=v^¹ñ]?†0tÝ8‰á›ah–¢Gf’‹àGgjÛXáû¸)Pó>p*”B…zcý>OA¥z@#'ß7=tÈs†¡à„¤àyÛ–Qª;YD][‚‚rµÍC]:WR›f›“?Ü…Õ=»:FÖUÀ“°Š?"ßÐÅPsæFŸcLïs™ÜsÕ½´°ÈT–Ÿûüè¡sʹw õ¹HØC«/ÃBZ)êVo?¿Ã-@ô÷2ÔùÄá‹ÖáxöâX:߃(–Ÿq™mfdYA:å bæØêäÓq¤ÊwiÕœ5ûˆd`Ȫ [Ç;¹,*z,¾n-v¢6bNòW**íjÛ$L'w2P¤×7Qp÷xÐë/øíT€lýÅs5lb7BýÆ ‚VoØ„ýaÏ*ÓÆ*i;Ó2cóaïrRL$fÓÖ_½ÅÈ.PwùO,צyÊ€ëUÚYêOðæžÃ)þ¿š‡4‚IÈýßõ­Ï•z†¨…¼ˆëBb®³ðå¥gÍŠ³Ùö»àx:¦“þ[‚ýp²Ÿ«åÑïGÿ¡Ên¿endstream -endobj -1289 0 obj<>/XObject<<>>>>>>endobj -1290 0 obj<>stream -x•WÑnã6|÷W,üÒ`ûlÇv’}HРõµˆ‹ À½ÐeñN"]’Šë¿ï,I%6ãCQ\.‰‰;»3;»ú{0£)þÍèfN×+*ÚÁt2¥Å|9YÐâö¿ÏñßJª›ÁÇO šÍhSá‘Õí mJÂíÓ)mŠ«{G|‘ÍLEs:˜®)©ß$)O[)<=WÏ;º¤g¥ï–#Úvž´ñ´ÞÜ?Mè>ü¤Ò´Bi*ŒöÖ4´Ô9™Žþ°ù:˜Òxv=™#úÕõ|’®ÌW@Œ+›Z"ä?ªíZêñr4_.³;+:šŽB{r¢Ý -ò†*c „$Yxe4áËya}·‘¯%>IÏ¿Ðpoe%­•œ£óÒiט­hÈìÓÈÁµÛ ò¨pt†|x”n8¡§ø š&^‹„'ר]íI”/@'v’Ì Ê`ÖÒÞx©½Bœ–¶Öœ´' ÄdqI_Ñe³‡&ô§“x%Ú +Z‰Dè |MN‘p¤b¡40Tç}¹:Ô2·c{Pºº[’±à2‹Œk¡Î_>pQ¹„ø(©1rqÝV£°[ä* \(18 -¥Kdì¥U¦T8¡‹U£tÇŸ³ðf¨ô{’A•±%2Çñ[YÀb|ÚyÅrÁ]”Ñ–I&!Ÿ??LÈѨ¹å`­Ô%TècIŠÆ™P„·ü³\â‘C†›ªÔm’”Òd¤dDßTçXXî!ÑCmˆ,mé×û5Ê‘…|ÆE(!Âæ£Jq±F̯‚FÌA³:EY A®i„G¢‘ëw… ÙçÔ`wŽÚu4Ë.ö(„ŽV€Ö ïe»G3žqv±è!Ѿ}àÞD6`ºRãá‘£nf@s‚PÄÅÃa\¸#6ç9Èðè̬¢'B»x.ÁKí‘–ÔBÐ^º é1â©Ðj§l §‘YY¢±R”G†Å½Œ›'v‡P ‡bG°æE•(ƒè~º£¦“ñõ"øoâ›Ò»”ýîÈÓ)4žßLV½ïŸÝ»ËíŽzb©'ÈÇóÁ5Ší Úo»Æ«=¤õé]z2ÜÈO ¦@®yfÒ$†`b ê/t1߆_dFhöè,#ڹתÌ1~"¤t®Ÿ*z8R)+àܘ']û9«F¯ù~L®1Dbrl8‰ÈõçM°§~^T=R`¸Ûo;kСDuJ ¹büð7\9ðõ†~Ã=‡ók Ù½¯‹“¯föÕçÌ¢üŒ,Ý!´6.$¬5̪V”yü®ÆÔˆ]ŒÞÔjQ•5íEsƒV  AÏE¾ÃàÁ…¸³0ÑøЗrÞŽº¨­Ñ ->}*¾¼ß)\3V9Ž¦GàØí$üëlxðÝ'+Y‚$ª‚p̨Lxk†1”T»×ýÇa@ñyéy›F©Ê§óGîpOÔ:>€‹ï.Ry¾obÄØæ$PÙdó_®”.š®|µ0Æ|£³I¹jçøAÏë§ô8çi%¦ˆ]Kÿðøù)Ë–•Šv‡?¤Sy‡2Úˆ‡‚«8‚s¼;3èu -dð¤Â6¥w.¶c°‹9,Öëqß~!ÇKÛEzŠóÑ"ÁàõY?÷K_\ÐRëÈx´1†=4Ë5í\§ëV bŒ¾…³ ñS¸ò -3_¤ÂP-ö{ q$²±4”lœ=¶ñÃâTÙQ;‚÷wxF×qt…t0ˆ°K&ƒŸìõÁS¸«G¯¾vV’žUÖxb6ºÐD?ÂŽú.»yÌn<_bÜÜŹñXâÀ&€×‘°}b‘–N5qAc‘öÿM0¯©É(΋°ÒÆ°˜1‚vW+wìrüº2 ‹XFqODï‚ÑdÒ>ϵ:iŽQLï’£r±šJ…Î ~ÀkÀž£²$ÊD€Fü.{nM)ö+ ½ô“Ä>~ºM¯’³^1o¯iµœEJžî{¸§ß­ùŠW0 Œ¢cÇÜ6: ˜­ð^ŠÆ7Ó;ýÿ½1,V·“ÕrŽ5·Ï¦ >æ—ÍàÁ¿AQ÷Öendstream -endobj -1291 0 obj<>/XObject<<>>>>>>endobj -1292 0 obj<>stream -xTÏoÚ0½óW<õR*4 è±ÕV©‡v›@꥓8à’ØÌvšõ¿ß³)-e;L‚òÙï{?>û× CÊO†YŽq²¤IŠbr•Ì1™Ïø?ç×JÔ±0-²dò¯Âd^$ùiáf9¸¼ Ë°¬z1ŸaYÒËrØo¤†@Ù(©=›”R½HÇ7•i…Ò£^U+kz'Ñ(ç¿@èŠåÎI á½lwÞÁˆ²”.lÜç¡4üFø·-Ê_,Ÿ££lLŠËjØ«¦Ai´¥çJ‰Ç»‡ˆùBX¢YéLó"céAú›»ï hÑJ˜zº$ÑëðŒíbïp¡ÝQ7+פ.­¬ Èö`¯ü&¶qþˆÆ—ø6êŒlWbÕ’!ÏÀŒò"‹¨çs¡¶‚û®ñ*ªÖŒ½ÍýÚÃI8rv!Ú• ‚nÏÜ¡åFiêŠÃÑÀÞ«wÐû\°Ö÷… >[|¢QKæÆqb–aÎ>öÁì¼2:dåÚU£ÂÁ7áÈÔjÝñ2à†6Á‚“x¨? §Ì4ÄSI/TãÞü™¿þ¬à]2#Ïâ\\ßß\ã‡5Ï’gð«)»–W€]ÏÑaùh–^ýßàNŠyRLsÞeØ,˜oËÁÏÁ ‡óendstream -endobj -1293 0 obj<>/XObject<<>>>>>>endobj -1294 0 obj<>stream -x}V]oÛF|÷¯Ø—"`1’¬ÈN>4A]híà¿É¥tõñŽ¹;ŠÕ¿ïìeÉLQŽeñ>fgfgùýbAsü[ÐÍ’®×TµóbN«å¼XÓêöŸ—øñLMz°XÜ«éƒÏ›‹wŸh9§Mƒ³Ö7·´© çÌñMuù¨ÚRQǾq¾U¶bÒ!ôÞoþNû7yßìzU,±óò‹k;åupv\³¢Åb\³¼0¬Ùì˜òÁýž=õm¾|£è(*ó’~cQe4ÛXÐf×Ò \O -õDÐv+«QC:1ؘ´2ì\ojA:§Ùâ:ãó¬Œ9P•`bo”S:ï¶^µâNEAƒLAµ,¢«œL­ „ªZã µWÚ¨Ò¤Ey?X¢Fã›è• ûÉí¯çK±RI;Âenô‰ƒR®éñÏÏ(NØ)Æ3–k¨ö¾feöÈ€¤¶J[ü®å¸nŒ~aRt¿‘㟚§íxšTf=ƒO;µXGµ©Ceg'èY'øoTFÎAÒƒ<4¸•ZuÈB” >Â5мպ3ö•\z¾ }µ#èžcɽ~~N¦ÚeÑ’·Ò pþ^]OYú-ûtÀÉV€4¶Î¿ñu  [Hé\ˆ&°WëŒ:溠¯ 8¹êh7úÞë¢'L•ðU£B„¤ÜÒýÝã)±w»ÃW:”=P+U×ܱ­¹¤ =`c;-葱C\ì:, W; )N6âÀÐ7—éÞíÑW‚ 9AÛû ê°É*TÁk!¯žT0¶<œ(r—0ÙiKɦÒ'Lƒó½ù•Bv*˜QêíV Ù¨*¨SDÊpöàþÌgŒU&³aãäöòõ ý!%Ô^£ô }Y IrÏã -™«PÐïXƒ¢²Ž`gÜŸo5«ØGô T.§ -‰uÄ)Rf’›øý ÚD‘¼<ϽԕqÕË)ñ¥äéìZÂ]û€öš)ôÃÝ›PLóöœnB.ú'……ä@ŽÁ@[N1×"‚5xh¼kÑVc†Â¸@ÃMU8"僎*b5(BpWOèFxÙ@6Á[(ýèºÎùØ[¢®ää´$˜ÏôgD"oã‘À¸[a,@Û„æÇ‘É ÙbRUU ÔÚ#´ ûR(©­—Å0.‚úTK­¢*èIDÉ>ÊX㡃‡åØ•dšÅžïöCe\˜ -NÐFú² [±[Œ<ñØùô++ŽÙ÷Ê •`ðlME®]¿(>‹[„!:a@³z^Aa¡O ƒñ)Ñ*!{o³éKä&7ª7ñê?˜ÐHÂãò¦‘>ØèžQy˜¥O„Ñ‚CqTàb`\cÐITýœÍùñlb3'Û"Ð/t§Læð­‰ÇuOBz©E e/Hú‚ðy<Èvn4C$‚ïŒ`€Ùj×*áÁ1 >Ë÷Ì­ØL”™ÖßaFÿ£[Å/Š®ç?‘nñÝžV|ÓÎШ9'Š…(IÖ-2õVB/®½2“ûÎÏ,±Y"ßùZR -·jkuìk&°PhÎx¡÷ ò–qfXϵWäÀ¬–MÓÿ›ç} -ºcDuÄ(>µòÛNÚîþßξ=uöê:“™):¸Ó þj}[¬?.1Æ0Àóµ”ùÛæ⯋T1endstream -endobj -1295 0 obj<>/XObject<<>>>>>>endobj -1296 0 obj<>stream -xWÁnÛF½û+ºÄ$Y’eI9ôà$N´®ÓZ‡P,É¥¸¹Ëî.­¨_ß7CJ–h(#—»óæÍ›7«¿/¦4Á¿)-gt½ ´º˜Œ'´˜]ç4_-ñ<ßהËÂ|u3^½¶0›½²ð~}qõ醦SZç²X-iL&´N/Ký¤Ë¹ºté6ÐO}£ß®¿cÓü¸i4[Ê:» …kÊŒB­uF©³i㽶‘Tšê(:ÊM©ñP(¼bë"¾«*gË=í¼‰Q[|6¤Ð¤©@ª®K“ªhœ¥ ý“± -¶1¡Ñôz<ãÐß.wKíùˆ•±Ýù4¾ûz×…=O÷&õ.¸<ÒCž›T·G|{ËÁ @–¥ÛJKƒ<8ƒ^X¯U6RÿG©J pµAŠ. -PÎxÜRöŽ¦à‰y]O[ÊÀ×›\mõã7xtG”éÚk$¯³—Œs™.U•(ĵÀ@îÉ1CJö´ñÊF¦Lu§Ó®Ð%õxÓæ„Ëx§ácúœÓÞ5¨Z¤³%ˆh¯Ã€O´ò !ê²ì€‰HP‚Jí{‘ÕõÊÜw¤ã,!š2•dƒÂ˜¶-õ ü Ñ;« ÕgI,ÑF(¨È±•™îIqJ[ëv´3u›èNà +÷®b&»$úÀ!(Š¦Ò’·œ4vSb6Tk2TÊB„¦ª½{Ò7”—{ÎÆK#„#·šsy\´N5Ü'¯õ -š«¦Œ¦Æ–ƒ Aî3þCÚ&&¸'0rµ(( ?ÂgÙmP\¡ù/Ç8Øß@Òå¯%tUBýKU³“d&lÅæÕ¸[h»³ãþlEŒ–+©*×°c7L/•DK"˜µ÷°ôuà) iu=ùxÿþà¾]v#øÅðøôUï9•Ä«.#¦ß›¥ò4Á–ŸTÙ°ùþÀÑ%zc,„‹ F¬ˆ]'E”*Ð:èÒg²sW8h®Fñ`2Îp^/㎫C›ÂIì î¡th“ ²;>/XObject<<>>>>>>endobj -1298 0 obj<>stream -xmWaOã8ýίõË•Õ6Û(å$>Àí"­´p{j¥ÓúÅMœÆ‹Ûiéýú{c'´„ - ‰gÞ¼yoƼœMhŒ¯ ]OébFiy6NÆ4›ß$—t9¿ÆïSüXIyxp5ž'³S.æãÓ&³q2=ub~…À½÷˳/74¹¦eT³ÙU2§eFÀ4Ó2>ŠWz-•?_þ›—4™Ä7GÓk¤_fÃ;OΠ뛚|!)ÕJVžD•‘“v+-Urc¼^’ A)^Uٔ䭨ÂÈ©ÿägÚ*-H+|äBþ˜LŽÓÂê= ­iñxÏ(Æ4š\ BäNMY"“KèÓP**äôáx—'„ñ…ð´åZÐN!ÐQãTµ Y(”ni@¦öÊT¤ª^BW®“ÔTyBO…À¾PŽðÍÕ¿K ô€ŒV¾4Ò1¬÷(DšÊÚ¦uã©2ï`÷³2m.IŸ"ÅŸb-1JBË÷+S©¶20Ì7Æ›–‰õ> >êW`¨—º0•i,‡¡=IûÆtÁ¢ß=e2æÆš]]AÕë½—ŽVÃ#NVç±TåKmœSkÝ–åLÙ)ÇÃ=ÕÒæÆ–´–ÞCB;å =h®„(ð°“5•ò Â[¡Á:+HKÇø!ŽéørÎɵz–ÐЦ¢q HB§’jk€¨t*¬¨4h`*"rImÁ]××ÜÞ(™pöØQ£‹ËÈÓ“>qÒG÷û·°Qª™A6†*kÀâæ9oUêIÇP…JÛX)²/;« È”² -í Ól -Û™Ê dT'·Ê4®Ç"*wº['ô=§=|$+Áé%[ £Y½Ïoi/Ý`uÎÄTá<70WA²Ñ5yŽN‰–鄶٢J%Œ²‚ ÜÞùí`¥÷[sÿ€|ÕÐœ°rëéaþ5•—`A 1lTcjñ—†é+8ƒ*ì¡éBƒL÷r²É‹B@H¥Édàùd£,öZ4õˆ&SËŠu²°Ð˜=9mvìmüo“{ [˨ZH›µ8p‡œJ‘óMf(Ö›^ y£ÁÎANAʃá]G¯óõ1ÿ‡à -ŽÎÜB¦ƒfèÄF|˜œ,åBÎ ·-–·DªM±p†!D)aØ  Õ'â„`F¥Qì"íLõ›'Ì -h‡å…áœú +QO‹n ‰PLjù 9³C‘îf/’TU…)jxóÞׯ÷ÿ ‰n% +|b®<®ÍN úðå–>ñ†uÀ×.:t~’ñ@z‡Ÿä‡ +X*Êܸìæ‰öDøAeOD/¬€¿Þ@Çh8«[R&¶ãu Eäq]UàV'¤{àIÛÍÔ3^ð6æñ_0Å«§Ø€|XP4„ÛÖ*iÐÏ©÷è¦Û¬O4jó?̾=Gñº9ÈC-f¶ÒÝ= ®»Ùõ¶pæ93š»†éî—%/•™Hxg‚hzd;ÜV £¯–•?ê“ã±Î“b°ë†$kç]Qœ¥-j¬!|˜î>& +7»òí‡ä>WIîE8lð†7xŸÿi¥Hr¿HGvÇXyôÈù”H·Á˨——*oóvx;¥ùÀpøⶠ1ön¤µ_…7 éïb«+¼\Íão3·o?¿{K7ÖüFôÁ$M‰ÕvÐÒáÂx9 ÛÏÙ;Ø|9—‹Uhügõq}ñ÷Åÿ®n’endstream +endobj +1146 0 obj<>/XObject<<>>>>/Annots 509 0 R>>endobj +1147 0 obj<>stream +xWÛRÛH}÷Wôú%NU–íØ*j—$â–gS[ËVj,ì ’FÑH8þû=Ý#ù"Ø F–fº{úœ>ÝúÞ iˆßf#O)ÊzÃ`HÓÉipB““®Gø+5%ò`òö4˜¼ô`< +_ÞžL‚Ñ ;à5Â1Ü}ꎰ* O`$£pÆÿý·”î{áË(¾ ¦x:šNƒYóŸJÀ/„õ~Þ;¾œÀ Íqz2£y,^‡4W mlMK]Qß:2‰Ñ1E6+êJ—då¶ÂÉ#mžL¾ÄÕ÷Z»ÊõÉ–äLfR…U¥]¨Eº¡L«ÜQµR>4­¬«+¯çßzC: +Ç8ã<D6¯TTa“¦'£¨Š +rº|2‘v}Xéè‘*‹[šLr`«¬óœcáëR….ÝRyÌ %ÇøF:¯Ê ™œ÷v|sT.Pij×”à4ÈCIQj°|¼z‘ëê é* +^³‰ãËS +'>“Gã$ÀAFÁ88 hŽ´Ð©_µË÷шó=¸«% Nl†@ýª· *‚ª¦ïè?ï¯>Ý_Üý~q÷ð0¿¾=49èæV¶NcZhÎ|VTÏ ¨Pέmó©sÁÖ/e+{ÙgÀõ›xðT³WGÀ%ušnú@Ó9µÔ'L„ÖhI·ê¤Z+TXbòÈ– I +˜ÜUÈ-ŒÙ²ãVrì²Eô“ƒ}eêQÃ=ìɪ¾€DR_еð„°Ó,)5¹f·´µÆ‘4AÛÑÔCtU½r°nÖ9ÔÛ2”9ÇfUþª"dî‘l &0 ))WV[ö›ã|’R†Î÷¸É `Ò °žuŽÍŒä§4õÅì}Æ7ç×}¶ÎOÿ¬²â/>ªŒÍÉ‚Ëm¢Ö886îv4ÞØÇ×q'Yp…Íc)o}K d—ªM¡cA•¿%µS­`41?U\æK''ÍÔì”`ëP–tÜÚ‚ž{ÊÌrºqþAX¶)°] ¬›ª³9Øãt;oTn„ÖmÜQr¸+õ$'>¾ÜUP³~KGgèrË7vZ8`òø[PU‘ÇA›ðÎJ€]—9ËÜBA•Cªä¨ÿ¨ á°…pxheøÿT![¤Ö>Ö]Óüâ~þéî×Ï]9S™ÛÇ-…¶àg›Y½,- qÊ9˜=%îU¶P"¿`<çù (a×eî€YjYníô°‚H:ØÃÕ-«n µ`ÞòL9n ‹VðâÔñ+èo#{Æß—bËU {^>uÚDU +Tgdþ¢Ùr´.F¨i¸ f«!Ï ÍáXö½M4µT&—R0ÝԸʤ©Øù>N«912Ô499$[öà+‡YŠà|§Q]ï‹Ü‹L.JhH©4‰=œš„žÑF»C> ø°:锹ùµ™ÂÑW¡B•Ëª.þƒµaËÚðÐË–µ—h8¾k¢•¡9 +H#BðX ú^T…/è£ûäjwmž<®ÍÎÔ#ðG(™ÚH¥Îléâ4óÌBQYvÃË^¾^Pâ#ãbmÍ]ÂÓ4Lí•Lǯ?Ž†oœm¤n…®ƒf°7F¡«šüI¥&ÞŠQŸ(º3JÕ·äX$Ù_sÛj§§ŽÛvÐA1ÞÌÅ»ç2R;æÛ.éÛâpYä̉®ˆBx µ0©©@|˜¤…²®w\§úI§ oT—¼6³1Œ¶ˆzkƒô\-U³¯ÅÛ]gxÊÍ•mï ïùÍGk§ß­Ê7;ž©w£G_oæ_¯U„þÔt€vÒ5Þ´.}ÃcªÎõçÙpt~9¿¸“é9AB™;uQز+<\½dàa åÊH0¹¼y ñü 1/bäÉûh>/XObject<<>>>>>>endobj +1149 0 obj<>stream +x­VÁnã6½ç+æèkÙ’ÛÉÍM7èMºíºØK.´D[l$R©$þû}CJŠìlÑí Xù8óÞÌþyÓ1­Z,)«.æÑœÒùu´¦t½ÂïÿI{ÿ!YÇï?ü°½˜Ý]S2§íXËÕš¶9gŽ7Ù䶵“ -"ú¤<4Â)} û/ôUéܼXÒÒ½˜æÉÒ‹rÅåö‹9M“ “/¢Ú ~ÃÄ«pÀt‘F ]DqD›ƒÔy·&¥8îÖ$«hÉk¶†T.µSû#¹BÒ“<Ò¾Õ™SF‹’*™B+[Y2ûïÄÄ‘:CR‹])=@.ëÒ+@òŽ!@„/BXÂ’°ÐS¾:È8Bç3Ӏ̺ÙÛYÂ|9Ä£MiǨ'by*¾JÐS–$_E¥´¼áÏPlštßD%mMÙrn¤4¢¨[H÷»V¯³Ÿ•n_i{ûyöé3ÒyVÑœÃLÁ¤Ê' “Ÿñ8$s‹äZ+s/Žx¯";ÁLÞcþd^h×@y&¡¤éœ +|ßd²ÎÓÎð†uf†­­$Ò@¥§1ŠÓʬm”;’©™¨“s3£÷êÀ¤yTÚC/+eUJkÁhW½FŸd˜¾?î¶ÃA©CŠ¾NHØw²m8IOEi´ÄYͳlúhÀ‰ªõ3ŠÝ@‘±À£~ ¸HÓ5¦,{ìQÈYÀŸ.–Ñ2^ÒUß@…]…×oíkM¦>/XObject<<>>>>>>endobj +1151 0 obj<>stream +xW]sÓ8}ﯸfˆ§™$eŸ +]f˜YØ.„Ù—¾(¶œˆÚRä¦ù÷{®d;Žf—¶t¿Î¹ç^ÿ¼JiŠŸ”–3º^PV]M“)ÍÓY2£ùj‰ÏðÇJ*‹Ùrž,.½Hg«—/Þ¯¯&甦´.àd±ZÒ:'8˜NiÌ +»Q^Ø#K¹r™•^Í”&-|meB·žüNReœ§p*£R>É’DY’–þ`ì#e¦ªj­2Á÷yñ(íK‘IªÒÛ7ëWS§×Hl>ß~ ‘çV:~™Ð7¥q²÷·«šýIÚ–fWG‚ýŸµ|KBç´•ZÚðÔÊJ(¸,Գ̩@"BîöÂz•Õ¥°ÈËK[ ®·!)¶º’Ú“)p“>Ý·Q’pR;ÔßšŠD—n%´ØÊpm/­ÛËÌ«'™ Ü~6(±ßÁªÑ²o9Ã#d#jØè'ŸÐ_8ßÔ§«c°·ªbtNQrÊ + €Ó­„àé œâÚj8Â|èöë=žíËcýl‘Ì£vR#åÚ!8®*œ› €ÑAh¦º„y¿Cý LZT.Û)¤C6Þd¦$UíËP²ÀBYÁ®aä!T¾öªµ¡E%_q¯vLÀø_$ˆ»¦|Bä7$&‚CRÇéÌhoMYâüæÈq *¶þp?AQq¬PÛÚÆ›K V)]Bk„Åÿ$¾;ùˆ¶ 5šHŸM8¸Ì©åF옑wu¶ 7/–˜³=áÉ4ä'¹t^¡ÑN'ÎÒN8`\r W¨q‰%ÎÐxH'_Wø|\¢Aº*ãU*Ñg^ëš°•(\Û,˜s­‡N·±yé+£P‡(ïm:6(\‹Ó5"Ï@4VÁ?«¤ßÄÇ(!RGßïîéaô9w'¼ØZQQkøá c~䜭„À£bw‘rÅ/à[Ô¦k_'·¡wƒ4…r³ô7ׯEB_qëgÑDp\U(,ópoR>W4£ËãïìN¡£º´®MY×ú¶m‹âÝùïHÁЬ´Ù#Šº¤žë¶@¡ï™ÉPÉ`¾'º|©+e‰>>•vÈÞ5be§ÿ«B々©uh <ð¾kõ<ùSéú™š>„ {@ÎHŒ8þ"¾®ê*jY“Ó m.`;¨ß<‡¾Ã²×sàÝ°,3hµ#v +5€Õ#†¥¤GÍÀ±Ø)ý+Ï­ü1\œ1KÆN–û ™\éFëjO¬aò‹³É + à¢ÆÅîâ‘!ŸU‰hÀ¡~aæQ£½±¥.˜ØHLiÎõI¨RlÊ8¯&o(…àóŠ0¾N£öcLã§A7mÞG¡‹º›°RFðOÆxÆÆ蔵—eGÑ0Rm¬€ +¸wl«Ï¸;̪pºBÃó©ÒAÑRX½md7kôx¼LV¼V!’‡ÙbÙ$ÑF^v{Hëìaä .ðÈũGŽÀ¸©K ´eíñ{ˆy„ ›í “Þ±ÇpÍXBoÿ¬E© +%óOº1øfA NúkzžK»5ý2—µë› yµ˜Ó]¬çæ×7iŸ°¾ÄL+q iºÇ(lXJ@´*‚ñb‚´"å­Ð.6*:Í<Öû‹p\H¡¥Ý»kzCã9ﶹw}™{\ºóÚ âFæu“¸w¨>LcT»Û¡*‰ÈÏZ z Ý-$‚©×Á¹Xž¢À²'ó„>…Åb8ä2«E«‹@_šÕ"6‡±9æ]'6Ã^aÏa÷ʃ ¨ÇqÏ,ðÊy[g¼±c쇮b]¾i{6Mͯè2,-o7Jw&+Æ =VÕ¥W˜¨‘•m)¹Þ*”‹,t§YP—Sô›fB÷¥X¢­,x%cÉÃçm%: šØ𿢶8/‰¡Uº0w~)SóËTÑÎA¥³Ý&tt9 ÕUäea Àq'êï PÞËšÎÇhßüEˆ¿ +Ðÿí'‘®ºÖQsøo¨^G.¾Hi¤¸^GœV¦ |A®®ùË/¢ÿíöóû[Þ§B€w&«y +S–oŽÛ ãå,èg3†½Àgçø].VQgÓ~ôÇúêï«œJ¸endstream +endobj +1152 0 obj<>/XObject<<>>>>>>endobj +1153 0 obj<>stream +xWïS7ýÎ_±ã|(LÁ?)LÚHCÊ4œÉf:òl+ÜI‡¤Ãø¿ï[éd›kÜ6…a°ï¤Ý·»oßJ{êãw@§CPVîõ»} úÝ!ŸâóVÒlïb²×»ìÓkšÌ°ãä rÂê~Ÿ&Ù>5?¯èZ”’î¤}Rþ/•Ï”=SóÚ +¯Œ¦™*d÷`òu¯OGðtC›ýÍóá {²ý¼Î-ó7É ,–•ð»ŒÐyá¥Õp÷$Ijo•t43–‚csµ_à…Ê"$aå›Æ^úŽžCŽ´rT䢢¥ÒS¥ó6ÜBäfùÑÏ­©«ÍÚ—¡¶ó²0λ­ÅœÛ+×nšW;ÓÃÖHs­t¦¨C¹þ17/ýGïðƒäüH R9åÓ&Žuºv¡ÓÒ/}XÅ)^Ûm"jgA¢˜v½ƒ‚÷°gG*k¼ÉL‘¶¬}ìXo«l+ÇÿnßEú'ó/ñô.i0ˆmt4 ,¿™!;µuò¤@¿˜!"'©”ÙB]éP‘ÇZ¡,x#<¿&Q!ŽÊ*áÑŸ"S…òÌs¡ó¨ž0êëÖÊÌ«à Ž¶K)óÔÓî1¿¹òä¦.ršJÒÆË<:®5'ÔÔ)à’Î÷J<s@®Á!ìqh¯Cš¼»í]ݦÅØ0Õ¾ -8Íj´XYë¦7±Ç¹ÖáÁêLU¢à ¹JŠ¥çdt±¢%Ún2FaWíhîD9ô’° »¬jKU$òœ>*]?“««ÊXdB>{©y)²mB®CS4)%UMé™ÎÛ:ó5‡Å+7šÔd¸ƳB!d}"9bZH6m¦^(½Ýml|G_ %féèZú‹«›»Ð“ ryžç “®KCsÞïjÝNßY­3n_V¬(Ư¥Ìƒ `Cr@ò‹TvŽt3Ú&öR<„õ%˜E÷û*Jeïò§†ÆûÄ+Z¥ÔÐkÖþ^¡¦øü'ÒuáU›Ø¿?@ 2ª ÏÅÄr‹&òçšÙ„Ý^Œ7„+)Âè +´ÏnZ¶)G»dÞÀçŽé0ŠN i%,óôÙäÄ`ÊÇêw¢Ìu€N3–`¬@ú¬—¢îrcµñ°"õܼдÊ(íIùĉ6*ãœjXRqb„^m3£„N0˜é +6~Ø0%=gÂ2' ÛQL–ôþ¹îJ·¼r’X}à âè— =šp„ß¹ÐGÉJJëaÓ«©d¿¡ {—¯ipÚèÝè8Ê˨;êÆ£Âö¤qT»†’HòÆlƒrØ›éAV^¦ç‰ái<7lö&íárÚ­ÌYYàFLM•4twPÞ„+ç8‡øÿ ÍRÓ“°ÊÔîojz¿ÏDA8”ƒ„@pïbòA>n¹:ð µéR'9cëü}WpØ<š*ð÷»ñE«dasS‚m ŠRŠHP "ƒ"Ïc“sås&«0Ö!4ìpc½©u†Ý˜,TQ°¤mô¯å8©-º`è°‹Ü”¬IŒ+6w„ÕYóªú±×á ´ÓJ4÷Š¾òì%ûg -ŸA¬"'ÙUJ *ƒ!a2…yÌÅKådòYð¤ι ô|\Ž›ÓhîëàÄ/Z>׋™>`+f;;Á€Ä÷ÀWäÈAg ë˜EÜ’ÈO¢¨9ûh:hy`œK3Ÿdç8’–Í™8&¯åz;ˆÆC˜3¹ÀcDºž)œ4†ôX ûœÛ´>Î6>`¤IæWUÙr 8[<)Ö@( ç:Ž°^߶çë f¦( j¯°Œ ‹5>Æ6óµ ¸¸âÀ…Ó÷ÖýâhØE:ñÖê M¹†¹¸é—ˆ´g|þî·«ë÷×çã÷oûý_èçp/Ðß5×.h­5cƱ`kyJGëvòMÃ#6üAjiUFãF–fe‚ËÑß|‡Õa€ûQè1Ú‘áu*ÚÿEýåæÓï>Ý|¾};˜2æ_c£Žq†õ ‹‡´ Æö û_J‚`§R5£wp‚kâÙˆo„QïÎÇçtkÍWL_8ÉÂi"Ðœ¥ G§C\óýï[rÎÖŽO»§'g¸‘ÂÒ°ÏÞOöþØû >"]endstream +endobj +1154 0 obj<>/XObject<<>>>>>>endobj +1155 0 obj<>stream +x•X]sÛ¶}÷¯Øñ“Ó‰dÉrm÷NÛ;qZÍõW-eÒ‡¼@$$"& %ûßß³ P’é™ô6¶‡÷ãìÙ³ ?ÓÇt~B“3ʪƒÑpD'“s|=½à¯'øï4-åƒÉdxÚ~5?8þ4¢_h¾„¥³ ü¬ŒF4ÏŽ¨÷çËýãÿx¼ÿüðëhò;ýFèZ;“Ѫ4ü¬ŒÚéœ/¤Ê’*]-´ód—´}óÝüÛÁˆãÑð®~àaœ±‡¶R¦¦¶Ζ%[;¦;J»²5Í´[ãÑÿo3g›76S%Ý*–®œÝøeC³i—kbêÚÛ²‹äøÓ)ÇÐÁÉg9 ä Û–@FSm +… +’¹šÞϨRYají·8âˆ6Žì¦¦øzRžDŒÇ¤v­‡4/Œ'þWÓét8L†'ì5cÐ𘂥ù‡‡ãéú€Ê¨`líiS Z„3¹áøàE¬û@S‘Ê+S£¤NëhcPÑ\#m<Õì’9Ö!;.¬¨²ëùOG>ÞÍ(WA-”×p‰´S:ð­¼·™Q ÈÆ„‚4@ Ä©òÜiï‡Éâɘ‹ŒîáxÙ:8vÔXS¦VV*g–&“¤ú8¿—(Ù Ó<–åhtü «×-M‰ j.&Üé̺ÜSn¹nÔ8»6¹î%ʇ»2rn^Fhi]£’jßÎè‹©sð 1]³\7Þ@eÔ¨/^†51€ÜÀ̵Éø™êW·R/Â&­sé²&ý¬ªñ㽈!pª)wäèM´QÌ.…|¹ïzyƦ㘴H½D:ÑWh‡Ý®†Ž’D„»(´ ¬à4eêΕÖ>µ }=ZEªç¿Ãxá¬Ê30ûë;«¤ë¶Ò`)8,ÞXzºnä µ~¥O ñ®P?ý +­‚pQéùtú{«ÑCè2¼U#°Hõ˜*âCN‡Âw Òņ'%z‰ãÛa£ý¾œ×€´ç9¥ÞsºgRàŒ'À‘dä8£]y@™7½3ïr>ÜX÷´r¶mѳtK}"•‚x,[ϦñE¨Ñ¾$ûBƒ"#oVµ´Ÿ°Ë^ ‡t%l#„@0k ŠtÀiõ>7¡®)«²Cû‘'ã‚È›Þàg*å^Pç}ûÉ((³6ÎÖWSâ/…¨Ön쀿£=9CP}³a,Û½T·tSHÊÕ@^ͽÈôD4IÇ»ÔߋƬxz +澺9žÒT@½e©ìˆì[ ô¢~£ýòTó Àˆ˜ýyùxM·÷¯·¿¾“*È4JÚNþYq_å›Ðé׻ᚆʦ°Ì žÆ{‰mó—)á tè…l#"œ©í6ŠƒO©6ÖG¨«ý<»~”ø{ïðy]½R²Ú·Üƒß[ã8‹žâ\lyV(}ôê’¶\Ì°N,4Hë°ˆw"Áór)_:y)@1”¡jkž®nRM™{¼ñGƒñÏ„ª ¼cLûË#BE +šô‹3¯¢(Ú²l}P·™‹qé$J\•â ÓI8Ò¤Ìr©yU=Pß.¾aõî=§ÁTz`9b]ªÏ õð?(¡ïgœ"b©7H¦=:Žã6ËpKxÂ2•¶ˆµ§çœï8q}Á•Bn—IŸ–û7"ÔÉ +5ÀU| &cé¡ …r*±çbl@„I²û3G {õ(y)°0åø–ăý-íõlm¿«ý@4ëEÀý6ƦŸ©jÑߘx3X«’/ñ1öÞ¯¸Ã¤*éÊ8>ÃoS.&tvþsü½Åìòöê’œ•"~´n 5\#T†tн08?±®ü£žŸÏÏ. _8}2f#×óƒ¿þF{Üëendstream +endobj +1156 0 obj<>/XObject<<>>>>>>endobj +1157 0 obj<>stream +xXmoã6þž_1p¾dÄk;A^E'qî $Þ\¬Þ¢€€‚–h›Dª¤Ç÷ëïRŠÜq·m[ì69/Ï<ÏÌ( i€‡t1¢ÓsÊʃëäàóÝ Ï(YâÍù%þ'§A0P’öOû£>%kI÷ÿü:Oæ´T…ü”üŽkg4†k'£ \;JÖÊù÷„¿׈¢ØRa2QËœ”¦‡9}S:7G³„Îú2–Fì +/ƒMçmÝ|IÓoÓÙ,IÓù¯ódòp:JÓÛ§é¿'Oó4$7ïc8"¡s~4 “!bæp2£k¡´£áOiœçV:Ç'ý£Rdk¥%iQJŽ u¶F¤•PÖ…¤?ÕbðÑ5CB•´KcK¤&ëëé×¹7û!¢Úp¢£U¥ô + (©Q¿==:ïsŽ¦5ÕÛJe-ŒæÙQ¡žå—.¨«ü³pžÚéÆT[«VëšÒ£,ýDë«KzP™5Î,k¼¶Uçl8è_²³·Ë]ÈŸƒ¨*þäDY!ã}F Ü@n±õÀî<¡ÜŽn +Ρ´ÈD=˜i)¹yü<}DЮÙ3ÓŽ4W—±›±ç!f_žwdh‘wd–{‘`Šaff¦¬šZZ&†‹Ú~˱ú“}¢ (EHÖnÉ­MSIϲªÉhð,ËÕ‹Ê¡ ”RËh¼âö¨²3V" jbV/ÁÔñM©UQ˜Í[¢gÆB•A,`ß~²ô?;ð‰¨Í]€NVÂzŃ ¢¦B +„h 3W!t–|-ÁSï°GÙÇ3ØÚçVRKëuày†2åR›Zzº(–`&B-ל /åkø•ÑñB.$`K?E‹ ì]¿c”D­ÆFÕë=¹Ýgô ´XÝ£þkËp*ʵqu<,¦mhVf¹”6´±Pc®›|­¥vœ˜oÜ÷>J6¸ûáãÓä'n¿>|ù)7%ºèÏ?8:ÝÜÿr;¡Ÿ8l–Ã.\Oþ1ý6¾O&O³qò£H&³Û?{6M¯Z£Ýh£O*«tíiÞÑŒ\SUÆÖé§XF±çtçÆÖ„Þ¶2ÇÜBìêÎ?½qÚQaîEA™{£Öùbh 7ÚFeÁK‘{±ã ¿ö“*C‘}ºÞBKÑõ±¿¦˜,6nrÙ™<¦ESóq ;ËÛhŒj±„ )ßÂÊ‚34 +4Ö-…*Ü_É>hm~^œOïpŸa=4†U@J8g2….ÂiG h½Y DE›‘™ZªÐ;ör¿áÙ%eµ£µÙ|×òÂbIÜ ³BöøéEeÀx!×âÅï aR!§eæ¾Ã[ƒéPŽ†Í™³ôÂo©æ¡o0$§cR5\-á× ÌÐ@ä9‰¨}fe?~ÊøiÒ!áGx±[× +¤DQc\­ÖìÑSl‰Ú7Ñî7š6kØ¿ã%[QSè¯3eî ·e}õÿ·Ÿ´"ÂB€)¹=Ýݼ-[Æ×I\ÒÄ{φù\0ž½Sv]Ë—Ü‹‚±Øx–ùiñŠ[ô÷Z£°Y‚~™Ýœ,댑:ܘ8¾DAΘܢPÿÁ¥vR„Õ  Ü’y¹Å[Þ,<=¥bNØ%ÓøþÛøWl¦û„ª¬ÁF"a£ÛGyåb|÷ö W<‰Ëâ€ZÐlùj`^WÁVyñ²ñѽÏÔ\YhR½|gš"Å<÷]ˆsèåhU³(TÖãÕŸÊ×°–úqNÞ€ +/£‘ß Ñ<ñŠ7•%õfMQÌ¡9´½9ûrÞ‰±9’dt²°Ñ¶¼6F Á;P±R„wõtMÆò^Âå¶ÅêYn¹Z†¿¨á4mݧ©ÛºZ–iš5XìtÍ«®5…“5^µm+M ¡K¡C¥Ò”w´R¢Ý»4ÕpíB¶ÙøJÒ"må +HY„;WøÀà@?z+G[æÒ ®ŽW7ša‚¢†5Á«òðÝ€µz»AIÐÔYM(xQ+þ,鈵‹}pq»æª @+kš +JªÍJr¬}c¾;ævõ—²¢Éã2Ø yOHo–]x§#Þ)ÍKï1ýÿUÆa£Ðœ€,2›B§b ªmðÙà@®7"Ðþ‡+ëæÆ)Þ0ù½†lÛ£løóÝeû­><¿è.Oéü +ŸîùÑ|üp=¦Gk~‡¬éÖd cí ñ½“îøÉÅ¿cÈ¿÷;†³‹³þÅù%~1s£_Ÿ$ÿ:ø/¿ä¿endstream +endobj +1158 0 obj<>/XObject<<>>>>>>endobj +1159 0 obj<>stream +x•WÛnÛ8}ÏW ’‡MD¾ÖN +ìC.î®ÄÍÆî,h‰ŽÙH¤*Jvò÷{†”|C´›&H`SäpæÌ™3£ŸGjã·CÃ.õ¥Gí Mý^;èRÿbˆÏ]üå’îA¯×}ûAç² O\ÏŽZŸÛtI³î\àCL°ßnÓ,:¥êç„°ý¢5iSˆBM…!›ÉH-^IÐR¾ÐJ$%\09¾k£Ï³\éBé'Š–"Q!óàÃìÇQ›Î;íà·l7­ÓlÉ“ĬÙ|i–HRIRÚ"…´$’„Ì‚Š¥´ +©-¼³ŸšL6­S§Ý >ö@t9tAçK¥M?<<ŽèäöËý'-‹µÉŸÙ!:ÁzÊM™ýféöæÆq Û<Y¦E*ÉáÚéo.Úùpâ a3Y™¯dþžº=¶‘™¬LD¾cÎÇ°·`M™Gòlw6‰‰DbóÕŽ-‡ÏÎw†FÆ2v„@vHé()cÙ@Ó:\þOþ¹º›'W³QóÆñäæîë툆aíafå>/XObject<<>>>>>>endobj +1161 0 obj<>stream +xXËnÛ8Ýç+.ºrG~ÄuÒf‘L4Àô1pÝdCI´ÅF"U‘Šã¿ŸsIJV&AÒÀ|Ü×9ç^ö×Ù‚æø^Ðå’.Ö”UgódNëÕ"YÑêê/ñÓHÚú…üÉè󛇳ÙÝœ>ÒÃ7­¯ðGN¸e>§‡lBñk¯´%ÛÖµiýI_Íû‡Ÿgs:_Ì“+í“ͳl°íåå%üð™ÙÝŠ‹`ì|¹æ³ûBÂ𸌋“Á1¾âõÑ )K®tÿDž7ÒZ2[ÿÉû¯²Þ$úH‹Ëhïb…¼ÀâE²Jè³ÙSÚ˜½UzGÛVgN)tN–œ¡\Ö¥9u"-%/ð…z9×`]êÜ/öµþº¨RñÚg>w™ø€¯‘J'œÌI¤æYNéˆ~(êDV(--Š¶SÖ!ˆS5ôUº›ûoÒ¢ÂâãD%2ùÃGOøÚš†$®ˆž..’%Ì Q™$w¨%)M¦–àxß“Ñì ÊÚÖ ]—ÖLIŒä\Ë‘9ª¤+LNéö…Ê +x€R°SÑápíȼOpº.\Àö\"® +QÆ{p%â„çÚ8Ò Y©¤v³PQ*àY*¥¦zÆoAƒrlF\Láç«ûÿþòùÛæaC¥1OmÍîHÍ%̧ìÚÒ-ÄifÁYS¶œ±W'¤Ë<ʸ¸ëŠ{íCÈ„•lÈæè|ÜÚ ý%Q–o3ZÚK,á_Ÿ×à(>Ç%¹Ñ’sÿïí÷Q¸ ÈaÔ%ôÀ%QðëkÓ»\s5K“‰ŒNµtSjuÉêrƒó­Eu°·{O;îǶcª¥MÑÛ°°Êµ`–<¨n̳Êá„x6@$Ë|‰´ QWâ€Js!2•–‡Q´Jÿ”Hé' Âbw!«Œ“Cj!Ò½iž@ž@RNû¸Mhm òÕ¢šÐÇ÷ãÒþð…|:F§jz·´W¨$6pÅeÅâ´öìÞ+Ç$’Cdtv;ön8£µÈž¤³” ͉iLëjåŠÖ†ã@kH¤ã°ä¾‘ȃJÇã1%¶³Øø¶mXÙ/¯ -úíIú{Ya,þüƒÂ/¥ˆ xc4†\¨¼2;À]eÛ•µÙß<Ò3î':ÜG>x«ëÔÓ²OÄÓŸËo¿Ó÷X]X$¼˜1Í»ÑËK*fG]h ´ß^A ×°¢Øn•²4 [%7Ÿz5d7ômþ>ðyè®Ia’”â9ì1ŠmÛ€©\`ÒÚ„’²¤G¼¼Áª,@P´[*<9ÿ~˜ 4²•šExrúµ;¦»§éî@XZÎÐ3:Sä1Èäºi£ñzáÑÌÛ>,rFyX6oë½Ù`;[S¼º­ŒÃDíf)Ý^Wsݸ¢ÝóŒ.ð 0ym\¶6˜¾»´òµÖóZ¾Âš—®–¢y{_žÌp±Ÿ_Ь»¹.îïïè§5¿àIújÒ†|ˆËÔº£ëñ ß²®á—3üKp5Åu&ã9ø¶<ûëì$¶ÿuendstream -endobj -1299 0 obj<>/XObject<<>>>>>>endobj -1300 0 obj<>stream -x½VÁnã6½ç+¾4 8®í¸vrÈ!A[`Ù¶‰ @.´D[\S¤BRVÕ¯ïRN%Ù=,P hÈyóæÍ>ÌhŠŸ­æt¾¤¬<™N¦´œ-'sZ\¬ðÿ¿NÒ6~X,.&Ë÷>œÏ§ï˜M§o¯ºYŸüüû%ÍV´Þ"ûòbFëœy:¥uvú rIZé?­¿"rA3päÙ|…4ëüt]H5]ÜÞÈVAYCÊ“± I#6Zæ´i)—[Që0¦MHm©µ5åÊówRO·ÖÑF† y™ÕN…öñ…Bš[Š–Q ÷ì• ·¯·[ ª¤ÃáR˜LR»”SÞêƒ2;Ú* ¥ôb°ýXm½g¤Zz/ `v° -q@U;šœ2‘áÔÕ u+ýhLM¡²âX*€kœ$º^ˆ=;_L ùNŠœœh¾Í§ë¢˜MéÄ‘Ð\zµc˜Á‚(&’]*/ó1iÛœi¤ÉÚX2@ªçóº«î¾Þ™ÖzÉ×È×UeXD¯ -ÛHœ™ YN÷¢ÜßKÿÄMõñ2X¡Á - &(7áE";UDÆXVËÄÓgCÞ–ì{$Ë´’&xÊ­ù)P,ÐL/+¶ÔH­#L‘…ZhÝÈ´ ä~ÓkÏ€€,à"–×PV|,qK3kH«pꇨïmRªÚȬö‘ÒlÏXé -"L/%$¸žª’Ʀ3áÈ@wÖí'ô9P™®â"ÆÐ ZM ]Ð(0 YHç{ÅNè"‚ô‹ÎP0zÅÜ°õ±L0|òû:mŽa?$ÔtËÿ£ÔWˆ¿)ÕÁ/ö¶éÐi —`ŸäáÂøaXF½T>©0 -ΰQiŠ_ÇìTÉDXèG›Ãìø‚§1ƒBwQ¡¢÷¬/¹ìÇ ¼ãᯜÌUÆU~h7i¤Y¹Mê~9Ä‚ŒCh·<&t{ƒi(a³9¼tJ) a”:Ÿ`S€O`ŠTÊ‚”‹ 8߬…É´0–|ŽIÁˆ7BEݲÉpœÁÑ> æH8§2 —°hþ•EJë†ÉŸj•í¡ÿ†ãžïŒ9|ª1(Ýo†{.°×w;«¿Ó&ô7–§O>}¯íL$Í~Ö+âí1”Ñ‹‰‹ôE0½xä´<Å5|žã…Ö1 [€!À=ð%ãÀáÍw¯µ@¾°µ†:„ *«µp¸»º¢D3o¯Ø#Ž¶ûˆM‹='<xâGT›®úeýœä õh ‡¶ÛA³£5{(^G€ÑåD,a3I±A清b9¢`ìÜƤ—£e“(mm°ª*™©­âͺ™Èöê_€ìf„mTèF´>!L)@ëlOm3üÅÕ¹p -/†47ïìñ[ P-¦½ª`¬)ì×Qª©[¨)?ûpêàAa™¾º‡Y²g£¼ýž]… êk­ãÁƒ¦Á6ØÚXcvPQÏÿǬ‹[¤‹mW7ïø\ñÓ ÜÆô`aó†GtLc[ð•×ˆè]Ø1rÑ=gK¼L/Îi¹êžd÷×·7×ô§³_yýj³ºÄòŒ/Fyv>/XObject<<>>>>>>endobj -1302 0 obj<>stream -x…VïoÚHýž¿bÄ—¦Rq1PBNê‡4!'¤p(ê]N§Å^c7¶×·»Æpý½YÛù᦭‘YïÎ̾yófþ=òi€?ŸN†4šP ¼Mü7¤ñôÏC|µ¤È½O‡?x1à½_ÖG/Çäû´Žàd2=¡uHp0Ð:8^+’¹Ø¤’ªtßXì$YÊŠoV"Ûª“%õ/îV³‹³%©Â&*'|øÅåÕÙï+J“\’ŠxåýúÛÑ€úþñ®Ãã…x” zÍúpâyýZYxŒ…¥LfJ(E‘ä[J L§* Ù ÆR!süÖRðbzø@"yo®l½uspñôÜ-ª^'XЂ#÷h—Æ];؇¡ïc@L’dÉÀ&À&‰Ü01·g/pÎQ?-ÐçŽß\õÜÝ?^ž’LòŸìQ–lcK"5Šb™¿`À•‚§À±$u{H0ni¦ [¯ÄÁPXºÒuÆTJ;Ї­M2éÑã(ïß$ŽZ€×H©W´gR¹“i·jª$M[* 5¸ªqRe=ú -í¨áv×l…ôî.Ï)ЇÂöZµHjµx¥oVD] d˾~\‘•9©© -¢BÌ2 -@q¤Þâr\ -K -\uqÑ·ÏLgPNîEV@éî!ª2Ž†÷J?nµ* ›Íu8¦œ[vQ²±• êåµ>_rb%yðÚ­¤ÓZÝDC¡ -j‡¡´"I žS!4rR‚ÚÀw'ɱȦ.3UjTË%ßé>ºß6È:Ö¼Ð[r?¿¾¸¹_Íÿœ9šce5û}1»^»%ÉÙF…ÞBÚ²d`©ýÉΘÉÐÚF³ÊX“ãçŒEª„Œ¾R¤ ‰2µ·Á®FÅå‚ÿk±BH£4AAx}³m¬¾®Ö³…7¿ž»@°”ݽ‘×Ñ]s ]f2n4g±b­UþÎÒcq­âC[´mëYHU9òûByIºÜ÷á6€Ïi+Ñ¥Ê n“ý§ºC¶PîDŠb|8ö'£é¸Ë]ã­!›tƒ,êW¾Vu‘\±X××5(]ŽÈ• ‹ ä`˜aÒ,>5‰Ž_TuþÜ3Ú’ µ*yA’ãy4ZØ ‚U¬úNóÔ€|êŸ 휥EmÐ#Jôì°‘ ¦† ¶è°‚ˆÕ œÉl…›Pñ{Ú¨ýó@Ò°]9°`«¡ -Oݤ.Á5:WA¬à> HrDµ<iÄP«ZH芘WyÀԃߵ`D*Ôü&Py¢¿«ÜüÖ ÚrhŽF! ®‡è2eáÉ=¦5žpUUyYhe °¡!⃠-, 4;ìòlîŒ - FñŸ#*m’&6‘Ýú®âDløþ³Š=Wy”lK´‹ÆÁé'V©ùdØ&Æbäjš£ké\M¯ø]ëŠ ƒh‚´n1.@ÓT†Ž-Öw«ålvá ¨#DÕ`2S‘› )—hkp¦ðÝ €·Tgöéªu~£D¤¥ÄÉC—3Ðqܶ÷Ú§»ßvãzܳ×#†ó퉻ßfr!öŸn1…îÜðÚÇØŒ19<ö=bwøù4ÍÞB[ßÚŠÒà­/§ÍÐí1¾OG½›9xu¶ørFK­¾ñxt¡‚’'+7òɾ?Áý“Á);ïN†ãÉÔ›|6‘ù>4[ýqô?Ö5ì…endstream -endobj -1303 0 obj<>/XObject<<>>>>>>endobj -1304 0 obj<>stream -x…V]sÛ6|÷¯¸>9™Z4)êË~óg£i”¨‘:I§îH‚"’`вúë»RŽÍd¦öØCQànwoßN" -ñÑtHñ„Òò$ BŠÇÁˆF³)ž‡ø3’rÿE_àcï‹ëõÉùýˆ¢ˆÖ9o2™Mi6 -CZ§oë?¯§o•Mõ£4„‘òíúëÉ‹“½‰âÏø8ˆâ`ȯ°ìºéî.ä­t2u?]9úqåZ•’ÖšÞ«GIw–½:mü?kôîãrEñðժɫ>ÜÎéF¤[I+õ¯¤ðUü´ Ç4N(Šš“3Jfô¨ŒkDQÿHçä°‡r²´TÊÊ)]!HUþu¦Ó†_’¨2ÿBWX‡ÚoUº¥Rd’e*Ï¥‘U*Éi칄ßáÜ ë[î¤#]ó!6 ¹#×>N7ŽæÄq‰tDé<§½r[þBT‡_ø§Ûõ¹¤( ²F L.WckÉ»¡&#*‹œÎxý”= -£tc±ku1¦´P(ËúºÝ~&†‹k²Ò°Røp½BR#êú@¯T—µp -ûmt‘ÑüöŽ2ÃÜ?¼ù]¢´‚EÄáÃÛ€ÖÀù˜á" -6RXí…B¹6…”+×A¯Úûù—Åß"W›ÆH¤nä%-ÏoÀt!ÿ¶(ŠotI©0Ù%†á`4 -w×ç–Æa8ÛçeÄù{ ^„÷ª/°8jŒð<îžo¿ŒÓ#„—OÃA©†¼Ó­ªäOÄÇ\6u{]ù<‡”Ýl¶A^úÏ2ï–rŠ¾6\=‹ lxŠÐuVÃ@:uö5pE•ÜiCÚ‚–qsµ,Ê·¶ÀKì¶`ÂY>›m“üD}]n‹öè^Úh]öðÁ{—ˆª};f4 Ã_}Æx·‘®Ÿè{­wŒ§pd¬ƒ¹_/„G»œ}_P¢Wh$¶9bÑÔà(³Ü8s²M]kÌ–EÂ¥ö ÿH0ê¼Ëzvk£Nu#@î*‡Ó°½Š¼=;ÚäûÆѦ)©–&×¥`KÛûðDÒ·6Ém6^[¾ìóû Š0urL“AJÿœÞP`èy£ã¶àO ¹´>W5™î¼CoáQÂÓóÂÝxÀ-¶Z#Ê«ÅMïÈ»¨ ¢ ÍWW Á’d+ Ïm…éÇŠÏÉ5¾秨%ãA²=2Á2hôOéãgUezßÝ;îïÅj}³üX¦‰–…•*ŸD Øs èl#Ï!÷$Shƒië'tï¼LYCÒ(±ß}s/m8ö& ¨Ìw#ÍÀûfKzªëêk£GGïrÊz@ÿàîÅÑ­{»lAëŸù1ç®2Vžq¨‘ÞC íÚFÅ nÛR˜_€ÇºÙãñh8ɵ®Om0E- ³½ÆÚ.¨¸‹'‰ -|úÀŒgNðôa}æsÝ_І[åqY ¡öâÐJÝûFÛ=­:s]­ëQÐOÐÃ7‡7<½Kùð–kˤûú¨&ð *ÍØPÁ¢DC\ q€¯ÌO±Èx*²Éç™opž™8Ptn3ën»ÑWäYLc\˜ý¥uuµ¸¾¢¥Ñ_ý}µ3 \PtÅ™£Ûƒixá/¹¯>/XObject<<>>>>/Annots 792 0 R>>endobj -1306 0 obj<>stream -x¥WÛn7}÷W ôbVÖź䥰]»_)q -¸+JbÌ%7K®½ôÛ{†\I¶( -C‚vÉáÌœ9s†þvÔ¡3üuhØ¥Þ€²üè,9£AoŒïþhˆï.>¥¤/`ëîëÃoGq2¦óÑ QNçã¤W?hš†cúƒŒsê ±xé|” ëÇœF]Xï×Ø{¿ßI0ëàäNý´;²×áýo#ëž÷`ÐëñQ9õ‡Ýä¼~Úš!¸ò¹œµoÆÔ=£Ù †#šÍC‚x“LEž -fNÖ¯dIW“›)eZIãÝéì+lûÔéDÛVw”ta}2[)GÙJ™5^(ƒÁªå -™©…ÊH™…-sá•5I]S‹œ”|쵺ƒèw¶’òÒyRžÄ’ðô¨Ìܮϛ»ßw³€Ž 8!!ä›H*UZù )ç*ŽëÂð#¯rIvAëRye–ÍÚk§ ᬅ#á Q:@Cä,épb2ü<#oã;ªŠ¹ð.H¼¥Eª‘.hQJIˆÔh+æx²yp¾Åf-Ó¿NᜧŽå.qdCù -%°t”JihYJáõ†¤Y “Éy3¤Kt‡À'­–­…úe2]Íåüé4”÷¸Ä0éÛZœZmì×6¯òBË$ ôpÏEW3¡Ÿ‰QvøMψ2,¼›|¦\d+#]ˆé0ÅÚ ·ð…å²Ì°ØÐu’ŠÒΫÌB­ÁŸ­ì²2Ø:PGe™Û¡(ÁËý«˜ pñöÀñžÁ@lkåWà'‰ù$°A¸ª(lé¡0ß*U2þ&Tlg뿃{€?ðz'ÀŠå¹ºxHèqVÅ~¶‹B¡ÛéŽÆul¨#ã ²g±D¢ac€@€Ò €øqë"ÆŸo›ÑW à½2Õw0l/$\¯V*’uçeîžN_õá¶#VÞïÚíõz€w.AåÚšû‚ZY+“¬|®9V±äã~Ú¥Øú»-ºVï,ÊÆï¨t& MX©jY÷Óv—EYЕ5Ffžùþe?¶Y4¦ãžP¢òÏ„Š/"„,Z¢í„qkô@ö,›ß ÌŠSŠ‰c+_C5™(­N¸Kª‘Ýþ[KY­ÛAÚk 9ì¹Ká‹Þ¦xm¸ËýŠ…‚#A@Ðßq˜¯Un˜ú\·‡ÀøZHŸNŽ'—·ô eyütÁÍêIÐ&#¨Hö©;R\ÝΉ°ØÚÖwvõО<€Çâ ÑS±þß±P²zàrr?%Ë‚5h^BuJvˆ7—×'ÿѹÎxу°BÌCÇ.T‰AÁêíR²,Æ~Ç/b¶“- [¬ý5í¹´‚R-Ìóö X ¿35RQ ˜Œ[–ÕÃ"¦:¡É"R•%ZhÈó|¥šgVsM¨²eÙ׺ÕË!lྶ%ÄaEø›I൯©Ôh€HuêAu}@ƒlú•[¦Ž¼1 íÁë«¢ÍcåÐÂÁ- 1ÖÓ\º¬T鞈E é× -H¡ˆã:kPŸÃDæ6«v&¡©àÛ‡Ù4¹þ|ÝäëFöÌŹÿãÕCzPkÄû‹‡i#xÜmmpK°L`vw= D¼ÿtýaGDÄvüPZo3«Ý1 <’ã8y wxá&µt|U•%”Õ(xS6±Ø egÓÃûÄ>²+Lë¥$Så©,cØ˜Ï ŠŒN¸#ÔW è6ŠÄh«ˆÁßaÍÀ;fuœ(<eùtÂ*^ Øa‚–¤-t´JA²(>,·¶ˆ³U $h€y=[ñ¢”Î…Ä>Üaí¢7ÀÄ¢ÉLß+çM–êxÇÄÉô8¹›†){~+ Á „|Ì$ằÄ}¸¹Â¥¯Ì•±Ú.7û›ËV®x¾™ |GÈî›AOíþÖ…ëû_WöbÉ1§PÒ%È8~H·$ ŠæÁò“Vïs©C7.of31u1&@‘‚'¡8í›Ñþ2>¿F!»Ÿßàù¿ŽÁy7êu§¸{=;úóèZß bendstream -endobj -1307 0 obj<>/XObject<<>>>>/Annots 801 0 R>>endobj -1308 0 obj<>stream -x­WÛnÛF}×W üR–"u±À(ìDnÄŠk©1Šº(VäJbBrY.iE/ýöžÙ]Z²£}h0¼ìÎœ9sffõW'¤>þ†tÑ`LqÞé‹>Þ<_îâ74ŽÆ¸æ ÏDäŸ2šw¢ñDŒŸ¿Çcqvðµ/&Øj/Õš Óhp.BNÎp?ã¶R´ê„ý·£~àç<#ÿÄ~ö€ì·4<ï‹so)‚5gh8ÄaÄNrŒÎÄÀ?yC48¾ßÆÈÂÁ^²g{W‹Np}Ná+P5žà&± õiŸþ¬·Ë‚n(ÖÅ*]7ñiDô «’ôxZèšÞé¢Pqýø¦ë>†"êRdº¢H|£•®Þ,¾túÔ Çb§s™/åü2¸R:ï½èŒ?þ¦ë´1Šê è«”¢Û4®´Ñ«š>^ÎèVr­ØzÓ»,UEÍ^œûU¥óÖßlÁäª.ß®"oíˆXçÁUcæ;8 &€éÛË™ø4AsxÝÔvc,+‰mZÑNý¿¿â4Àãµ¼xwÜÜ¡Éø«ëÛÏçÑ—*„7wˆåÍ íUÏQJp¸{"dÂc¥-`WÉ -„â2´A§Ï4¦ ¦0Æ31ñ¥Žñ£d2À!?Æ#q~y{u‰Ù®y:Ñ{79ŽÒö°Êqá¼î¶ôÎú8&ÿßï7Üìøò¯¬Q„DÁAØñtÑù¥ó¾Z,Hendstream -endobj -1309 0 obj<>/XObject<<>>>>/Annots 804 0 R>>endobj -1310 0 obj<>stream -x•W[oÚH~ϯ8êK©Ìý’Jû©¢&„ºR¤Õ`aÛãõŒüûýÎØ&)aVQÛ3çþïœþsÑ¢&~Z4hS§O~|ÑôšÔow¼.u‡<·ñ/“ºƒî íõÏtݳPî5Ë_óo­nßP§Õö†S»Ùòâ-¢…³Ð^áìœi¾{òýfyѸíR«EËQô‡ZÎb“–~íAù™6:´´ADRHH%~&c™XQžn2H²šìVªŒ–£YãnFvýFYzÚ)ÈÔ«ÌŒGË­¤HXil¥Ž|¨[Ë/Ë_Mª·:^.ÔB'é¤ÔÚ”Œ²’„%<{qå˜çëø’"íCg¯¨‘ÊL§æ`;•zgi¾Ž”ß°~ªÒÆ.ÜÙNÛ“{é|A]”91 wò4€>ÏîaMEˆl+qÓna=ÆÏÔZþHi¦×‘Œùg;¾ª½ <šÊ“5œª(GzVwÓÅãè»7¾¿¿<1¹œÜO'KoòsrI+w©3ì_ÒÓôf鹧Õ9-—óëÑd^^†Ôby]¾ˆ$8Ñ ùêØã£ÆíµºE­ë ŠTQVdÖKwQé±­Ì(Æìt¿ÉÆè=VêmÆJm®6häC  ¹9Ð/½¦²Û£”ýšQO—%âµÐIñáx‹‹-!ËœÙsÜXŒ5Äâð.—.û܈ñí…Æ (7%6uÕ_’|•èÚB«å#t¦ ¸pœNä©/€CBΔ‹Ñjt}t µI4/ŽVœƒt:+ç"Å"Ò®ãão¤“Pmrh‚‰7]]!onß8ªÄÝÒµ$’ó™Å TO1.Üp‹—üÂHe^è¹æþ Ÿ¿V·+êx @w`¤€¢ÄpŒ‡=¤§ä4ù9»žŽéúëóóõøán:ºý†Þý›Fø€.?®¿L˜öŽ  N k(UÂyñi†D|R‹‘ˆÌ>Ñ'°É'zIÎPEÐUÈ\0-(¶™Žh«wÄq¹ ÈЈJr ¤ubkVuûHø®¤õ—À“k碽rVÔÈH?Ï”=Ð ¹¬8>C/#ŒŒÂndýèM!ò¡²«‚·ñ•Î^6™ÎSN³ûPV2oåïZ"— Y4%WÌÍ!|ÉЃý`&9=?nXo*0c¾v«óÍÖ£ÑVú/®@&^cÔ$ás­ì¨6ca*©“ÓÌT¶(BÓE¿GYcïL*}hÇCL˜ œp:‡Œˆ×‚ \A·ÚìÀ’Ç$@ˆòÙ?¤õ­¹ÀÉ<ÈënÁ#U2?_õŸ¯†¿;Ã|3ÀÖÁ4ÎêrÃ%ªD®zô8y Å¼í2êŠÈŠéˆÎCÚÁ :Æ`úÂ%|Y8·ÑµdmÀFPJ5Ügn éãrÕȳ2Ø™/ç‚ã†àgG*:ñÝ”*ë[ëk ·Ëf}³S‘hÁìfÌ©$a²à:C¼Ä ŽðŸÝ÷è/lY(³ ŸK8½íB+¹.–nbt 'õÝꂶȠ)^…Š¸×ÞLk'+ |â­È¡(|—w—/,“Çið]f‰Œè‡[K¾Ò÷ùôþÇlÌûÛ®ƒ½°®µ–GüŽ×ã5ãܪýWšÝM¿jšcV¶ð<_ž“ë|”+÷¾JôénvN°ûQp.«Y|´û4ÏÏI÷ -éz»÷–žëÈèKn€ô˜Û{­_Ü2¼³©ÌÕµ¬¨1÷x?)m`¦îKnÅ“›²Æê´¨Vì(ñ”1ÃLÇLlN±ƒ˜=F%÷¸Ji×ü¬‚;•S<¥«Q.à:¯ -øF³c¤ªPa#¶ äé ¸\Û ß—Æõj"-V´ÌqµÙ®u¶Õ0ÊÄ}¦d…aIÙ­>þ72ìP¿×+vìÅõÃÍ5aòüâ6k?w =wC«R >h^ýÏE±Ûzý^»„e«Ëú&Ë‹?/þ¦bendstream -endobj -1311 0 obj<>/XObject<<>>>>/Annots 807 0 R>>endobj -1312 0 obj<>stream -x…V]Sã6}ϯ¸³/ 3ÁÄ&_ì ,-3» Ûd¦M[ÁZlɵl(ýõ=W’xËB†€eݯsÏ=Ò߃˜ÆøÄ4OètFi9Gc¬¾~ÿu0IâhFÓ©¤É|-ÂSAkì_,°¿ûªïؘ&É4Ši²˜ãÿÙ<šS-iß÷ö&“Itö&Øï¶^l'WgÏi³G‚³EL›Ìå5¦M:üCéÌ&ñj/p)Ëb!í&—äŒh×6î)ì -Y¢à¢ BÝKÔdÒ´­IíI5ìP›& ->“Y4áb®5™:ó儵Ø6‚vßpõ³Â¶CÜ“©Ð€Æ‡èvu¹=ý/Œe ðrñ }_§¡¯CÒ ‰´ ÛV•©:GÚ~K×ú!‰,“§Ä@0ðdsî¿ognÐSRmDÉÉt5EtÍè PÔrÔÆÚYw½òd¼MB'=Ä©)«-$±3h¿“®p´s=ç(„§ípéWR+™mz‘…Î(­¥h$•mѨ -žRS)Tƒ®£‰FS¦ì=­n¾,¯¿FÌ>Ìt<¢× Ɉd“FQ´=Š0GHhØr¥Fï·Ãé¡K¡©w€ÓÔT€™ÉF¨‘ ÀeªF0vYXÃå²OÐŽÞÁ~ó*Q‹R6àÜ£°®L0Aw…Ù‰¢Éón@]ËB -îmU+¤ Ý€Rñ'XvÔÞ07LQ˜Gî +˜1F`^–H>SÁGÇäŽÜF`Y#;ä?¬B¼àv¨Ž§#87 L]”Øž«+_PÅ„¾Á¤ìHÄX?¾¡=ïÒá] +ˆ=†zDn*É{íI`ÉUqg¯å¬6ðzŒT ŒjA¬Ì!wÀgþòÌhט’ñxE„ÃIË#›^Ø‚£¸@2vù2H-[õñŸÌäãd Àzö‰÷z)„nmSuL†¼ÛV'ù’BïøÌ5lR {Ùƒ€mü0Ê\(:V4^–2©ãü +ø]Õ%˜s$aYŽ¢í»›+ªEŠeˆ }ò&‹óÅB‹È_C|+d饩o#± 11² „°•1nÁ¸p-»&ˆÝ*,%?šˆ¬-Ô® t[;U¡“#ÿ04²^ì°R+¬‚FÎd¦$ÄiÁ!I:{hY¬¹¼w½?@ãIDÉû—o™è"ÊvÐud¹mY™|ØH+Kç”Ò–Yiýðƒá¦«xª©*ô£MzBxØ$šgÍŠñ<ØfÇ®oéÄçZ˜[µkÃ44-)¤âé­¸ß3äµ'-:´ËªŒÀmÊ~à@2Á!Ã)Ì/Xù_¸¦×H$ϳ Ö€Ž¾ÙtÀžxO‡\ß¼0b½‘ÒÐþâèÌío d¸ +Åæ6ö ³Âhe}ëä<Š³'µžxz»®·Å;øòA{ã1‹c«4álÓV•2rßg©ëÜ,êA‘üþSj4J#8Ý÷ß®éòX›ù«e¾ â +Q7}ØѹÝÌ@bÒFå;úw—o–Ì !#ãVrçraÂðm®ñ’†„ãtl÷]ß <6HBØCŸ +S¥˜ßò7@c™™<¹7PIø…i!X ôÜéýæÌÿ¦>ýÄ4ÈÕÈ°ÇË1stÎj €Ð9­ð¬ ÁsèÞKljvê_>~ÌG¹úñ7`- ˆ#³Þ!9Ó?œ€¯¨b†uÌ +h +Cf(TÈåI0rGR¶â,Ÿó“-ú¸3ë²ú …ÆÌ>/H¼†ýór2Ãp>+ ½–Ý?¾;'xß K8£½tÎîN>?$Ãá±ïøJ?z'vbÕé~÷> Ôç·„•²ò6ÔIîŽo¤ÙÝUtw±ÆÛüê‚Ök>/XObject<<>>>>/Annots 516 0 R>>endobj +1163 0 obj<>stream +xXQsã6~÷¯ÀôÉ;+¶ãØÎÍôas»¹vf³Û»¸³íL^h‰¶ÙH¤*Jq|¿þ>€¢ä(¹ig³ND‘|øøÏÑŒ¦ø7£Õœ®–”£i2Å +Ìøã?ÿͦódJ×óU²¤‚f‹erÓ>åô0:ÆÛ›5v…½ü‚h¾¼–“klºW׋d ¡+Þ1—‡øj±J´X¯ø þWšv£ÛÍèònA³mv°z¹^Ñ&c§´IÇ÷ôÝØÌ=¥¹Ñ¶öT¨5^“¶iu*kQ©¼?º*ó¤<ªšÜŽ¥•çÚê½¾¬´/Å!ÕÔH1©ª³T¸Lç6Œ¦4™]%sè?ŽUò”¨„¾n¾Ü?Ï?«HåÎê þ+͵ª¨Ö/5ùº2vïi‡eoŠ2×)´U–½V—ÐÏ8tpMžÑVãþ*7ÿÕÙ@}P5M} ˜J÷·TV®v©Ëe!^– ßÕ³÷¬a6[]ÃO¤qKÆR™+|Šµ0²sÙm›š¬«º·jù„yU¼ñW¥ÿltí“öØ|‰€ÂeßáÓ^xçÄ1F¬àˆn²q¿"µÕrªÖ6lO¢›a·?ÆÖÕÉÿƒÕÒ“¨÷£¥ûO và³Õ¿~ýùŸß>}Ž·B¬Ú ?OÖ-ã…}݈ ¹Öå]Ú¢q²JÖœKŒ‰ùrE¬½Çª¼ì@³”NħÎ"( ÎÚQS–¸U +D\²Xbw•*Ë8vˆ\ÕŽaëlOÔÚ·†«Ù^>3–‚XË2,×á _üë¯_¾0ú+•Â¹ˆtú275°âÑë%m±ôéó=é4¸èuRM?joÒh-:èYåf þÉkdÍ Ž-—l€µôEÙ{eÿ¿ccßñíd¾Nf74¹žƒJàþß]ó¦Ò;»c‡ˆ•¯¹­ÚÓ˜~iù€>Š@¦¿Þ*\([á%Pˆ¤JÍÈøéÛ÷Í7DÄ‘ +Cpn0Ît­Lî ¬Á·3Öêjà&Î=&„v9^ðŒÃn®‘Ìz?›”“>Ñì‚ÎvŠŽ‡Éž®’‰]»@ æ›ãW>ä0áÇ@Lq ŠCNú˜ç½Jl<3FRug¸#_üÙÙf÷o|àv>#ž¨‚w +ˆ2È™ÒÈóõ þ~¥°+«\Y2Ò"ËHáß–Q°](Åd bŽÛlJ…± ƒOÁܨ8²½PT˜GÕµ.JÎZ\—_°$YV(@^Û¯yL¬ÓÙ… W@rL´¯Õ67΀…EŸIk<_ EK¥hK]yrX4=âJL¿7iå¼ÛÕœðˆ‡°KôrtF؆°±/FŠ=ÅZY?ÜÌvõÁCÙÒS¡`*Ž82§ñÙJï hëÝ*ˆ$ø0çÄ+N— 2û僢‡¥‰£ @fˆ çY¨`¢UuWjAça¬4èÊd XÈ”\¡™L¸j¥ ‡W¯“bpkNWpDæ$ÔÌÎs]9íüyûÌ1P +^ì5µÎO"AÑÞ¹ŒL¦_ˆ".(îãÐi蔣.ú&=ĶhŽ B2—ãÚÅ‘'£ùº¥6I¿ *ׄº[}#|Û®›—VE_ÆX"§‹E|‡°æZ£=²¨L +SKFP„¿¥¹i+‘ IpÖa½K¸ã¿¼›ÒMh'óEèHØé )×Ï¡ÅÓm Ÿ‡ícck4‡Ââç2fÓPuâÿ¦ˆ¾ËŽå¥oÐ^Η\Én;¤UlU$øµm$…:Å­ÿZ8³Ûá¸Ü¹§¦ì6Æv WÜtrFå.UÃ’àOÜF*Mk´pt«SMÜ1ýÖ‡“9é™;dgÑ=ƒƒ,>°†âg!·³³k/ã1p/ïæmç4Ž7๋Eï™qMΓ +#"f<¯ÑÝ ýl@6^ô(CE–;„‚ëw5Nê©c˜Â¼0§²w:»ßKU‹:‘!L‰Ãˆ¯ÄÅ_uIŸˆJKå Õ†¶Eö_€ú]ÿÅ ú;þ+_sF{-ýsp¡^LÑd›bËVïúÜÕ@3Š\EǃI!lË6ܳIXŒ3Ù˜órtú.ÓÓ&SÿÀFlcÚË{`h…%Ð@f°¤ëŒm Ì“IîqüøA¼ÁNFt€ŠésñB°™úQÎ ŽöÐ4L€ÖÃò(PfFÏ“È®rE[ŽvD÷W=ó4w»,=4øµÇCmÀƒ>/XObject<<>>>>/Annots 521 0 R>>endobj +1165 0 obj<>stream +xÅW]oÚH}ϯ¸Ê[²R’¦ÝÔ„îBT­´R4Ø8µ=tf áßï¹3cÀNV•VÛ4à™ûqî¹ç^~œÅÔÃOLã> F”g½¨GÃËËhHÃɯûøÕ’–üGùOÌþüíl8ˆq,îp¤ á¸»œfÎP÷£ ?ðA÷æð¨7`OM7ó³‹ÏWi¾DX£ ^¤ÎiæIg]FqDFÒýŒ¾eeªv†æ$ ‰’Deײ´Y"l¦J2Ro¥þeþ ›ìÝÛìöÇ°Ù™¯3C…´k•RVnU¾•†pDšf|ÝZº–*ÏÕ.+W´ZàŠÔWÜ3S,¢D•KZf¹üÕ»êÑUíiˆ¬á‹Â?Y&z¿±°cÌNéÔÐúK¾Ö£nÜT'§L*Ù=3yã\m-œÂñóio§á>©åÓ×Ûç¯qy$ª+ðkwŠvbïòÎRÆq¹ç¬wk $5)M¥²$¨B8l§‡\ð"Ó¸oh+ò, §#š–’/8lëDQŸ]k¹É÷@r©tá+¶Ñj ×)×`Ûº­ÂÒ±rÑ*Á›÷®Ê…éœ=W‘"<©5âNT*£àluE™£Ö OÙ5ðè1#p’ßpQ³U¥}\xÀÔXŠÄâ…°„w¨–Â0_f¢XÚeyŽgð+­ŒÛ¥´P«Ê4­?<æ<2ÏE- ee]é¥ÈrD¦ÐŸÏÒ…æ°vÅiy~]*D‡ŽÁÿ„.‘çV²å¯ x¸¢ÀÆiDßÀ +€L†ìuÈ-ç¹J¾“ªP‘%|áF"µh¡²*Ì,ôRáº7;XX+‹eôQ‡¬–¦Ê-÷.–«,˜ FC<ľÅ%Q +& Dø&Žxî~©‚ºî2P±Á¢‡y»îPG —cn}0ÊÐ9Ë^¿ü¬¡RJÌ'<~V0ÎŽ›·Å¬ˆæÜÙa˜wBÍ=}Œ‘Ø3ºµ +Oß²ýœÊ°Ús37ÔÑ¥X!°°"èÜf§¶ <ÍÏtñ9 kAwMbŠCÐ÷GcjÁ=?Dý _ì{BspD_²²z!³7Ð*’/˜ +¶^.ƒùaQpI©« ãøéáúþuŸévz}÷àÞzÍ°ö¤7âéö'Q|uÄñ¿Ö;¦§gU-X±Ìd+&oÅc¿L<ÁëR¬Qü…äQs”vh"± ó¬Þän?Õ·½’¶þ¼®z· ’!S%k^3Œ´–¹éÄèV³–ážõ¾&Xyëí±æÈ…´É…/©?So˜‚&è}»¯›“åqcßw·®ÕjxÀ` cL=gƒÂ‡ÖDŸaž`Å°òfk?×+êðŠ¼À–ÜpŠµx›Éûø°Õ»ûîV²ÔÎ6¼ý>ý6ŸB« S ¯Æ¡yŽ{zc< "ú¶§ÃŒúÉõ<,c'Ôá½>•Æ3/ØÄÀ"ŒoLÛÐ<±/-¹À¨’n”»Ï2!Újµãƒ ña]9ƒpúáÏ$•Á oû&_ÝVµYÖû…ÛhU‰uñ¶ª¾àüaˆ¸M9©ó<»¿!¿œöѱ“@Ðx„¯l“®À×´3»¾¿¹¦¯Z¹õðV%n`¹5ŽƒèÖǻ㾚Ÿý~5£ñh‚olpÚ±íOó³?ÎþËnŒ”endstream +endobj +1166 0 obj<>/XObject<<>>>>>>endobj +1167 0 obj<>stream +xVÛnÛF|÷WØ}p”HE—´)àÄNúKnÍ (â¢X‘+“ ¹«p—’õ÷½P–d«—Ø°-˜Üs™33g¿ô©‡ï>bJ†”Õ'½°GƒIŽi0ásŒŸ†ÓÂ>H£çÄÉ ŒŸ;1š<=ð&=‰Þ ¨ß§täÃñˆÒœ¸×£4;O‹RQÍu!s*ÅJV+®ˆåy©K)H.H¨GV•\—âž–¬ax›7Š´´ÏT=3)´(+þêÇô Òõhâ²ñ  ßùÙ-+ÎG{ Þt‡oY=gtsù–~}Jg”l‰àT1ó»dâõ(è÷И £MÁ +â™-q!ª%@˹fe¥N|¾¯äœUü›üY³Yjô¥ÔZ6¹¢×ô? Ò½­xÖ6¥Þà¥VñæHÌ\Ö ¥Wò^ŠŽ÷1A³[ªøŠWì$¡®tÙðLÖ59Ϥ’ÊŸ}£þ¸ VŸ§Wé‡ÙûÙôXïK¦ t)YóuÁ•"2SŒÔFi^ÉÙp–“•Aaã Ú%XÛìpbˆf>vfžd  €þJŒ>Šò\*bY&[¡IpŽà9§ ™4ÏmβÂbþ‚˜¢5¯*ó×Ä6OºJÈ_ßÒ§Rär­hšF±az·JÁCJ÷è¬tÓfº{,ÜßÚ²áyhÂEï&[Íñر8 _†IØé#¦oIrй{íÂVºíIL£€ -¹*sŽÖ @N9’eZ6R…l«|§çÃ:?”¢ÝbeHÁD¾%©ï$½Y–³T2ºEÂŒç¦=ƒ”ÅÓˆ¤óxûVŸêµcü™m~@¢h‚Ì™*(È)2=D§Fe~JAMÝçn^³¡¬Èò{èJõßxI¾¢Ÿ—ë_|ÐŽÜAá?>nÀ¾?ôÁ¸ ‹Ü°ãöèD׎Itá{œ`ìÎL¥áŽXN5ë‚ rÆÒ¿ÜP™‘· x©nŒ½5!ýþÄ+xeà¼#íö صÁï˜ì‚U(ØŒ6ç«H´ÐØ©×Í_®zw÷C—ñØlƒÿsfot†@{ÙL*;,,³¹‚Än’$†ôVŠ¬jVÔ3øœÿ9ˆ½æ À‹Š?”óŠcÝ13LF.y‹þahÃV†u*¾ÕYÀ*)8æ+2 ©$µäY •1·0Ec[˜£„èŒÛA`ˆîükÏ TH;AM‡Ùn~~.‡h:K·v!¸¶ŽiŠ-¤Ì¸zaÛ0röþb m·«œéú²]Änx>š‡êGê¹óVcóbÀækö•Û`Öïým`Gîĺ(á΀¡’Æ|Ð:p8H¶sÈ4£43Û;rõy²fÞqÜ{ú”LÜïâáÈÞ½Ö>^ÆîRp!$š„Ñ7©íºöÒªy=‡¬±ö“á.”ŸÍÔ ™Xo(~„¥±ÒΦ)u¹/Ý%DíÔü_ÒŽ=ýdŽ' ã‰#ãíÅõ› ºiä¬ º”Y‹{ÃÐÄ úC\Ç £Ø¶âÌËèdQÞ›àÔ`Œ=´˜ÐØöåf` Fƒp4Cl@#™]¥'¿ü ï¯$yendstream +endobj +1168 0 obj<>/XObject<<>>>>>>endobj +1169 0 obj<>stream +x•W]oÛ6}ϯ¸@6ÌZù#n’ØCÚµO+Ð!Þ[€Œ–h‹‹DºüˆãþúKJ–¬¨[¦ICñ~œÃs量Íi†sºZÐÅ%åõÙ‡ÕÙôó;ZÌhµÁ›Ë«kZ4Ëf3¬ä“¥Øyii™ÑG£7j¬Ò[úzó…6ÆR¡œ·j¼,?_­þ>›Ñ›Å>&¹ÔÞŠª:P-´Øb‡¾Ä¢Ê…WFóf=¿J¡ß\,³.³yF·¢^ ºàXië’æófëâ*»ä­7¤C½F~fCjõDî༬ÝMäö=ÝM·¦V¹»W¯I8Ú˪âßH„žð|¸ý6¢VÈ’cý®txzMÚì)xU©ï’w6°æ)¿¯UØnź’tsˆ¾˜"T’ƒ#ç»WpœÃ‡?7´³æQ’@È€ä7ƪ˜‡•Î›#甚Šœ´*—.£¯VáàŸ)~[„œÙeFœS!såx Û‚C +YàP5â=`2NÌÑN8·7¶`.„kã»I: ˆ(Æd*}>VÑfú¹=¦ Ø›Pdå· l¤2ñ³A‚½4\Ô³¦¶Và })ü‘7'sHÏyuL܆¼ؼ4`¦ ¬ô£©1’?àƒ +÷>|Û¤ÊlU£Ö#¶×ÃM£ <Û…ìö£®P5­¼ÀgÖ \\f±”¸Ü9`¬e^ +­\(BBZæ>ê‡Ô’ÕÁÚXû%]H[PÄ&O‹szªI¥7V Ô¡­`%d‡„”#„-µ-¼C‰¥5a[’Ñ’6 +%’xª¥ÎØ4½k9íQp7éU-ô½>,”çΣt¡PHATÑ£uU}™(ýàC…y^ ©*³¡Àµ&ù$êÝ¿)¦cú8R“jš©ÈhU‚³Ö_)Ð!w³ãru´–2*£GCй©ktLFåø0×h;´'BŽ­Lyr^äŽûì3UÉ%ztl9 ”Ž¦á6¡Â.Õ4ŠX&GdƒŒ>9Ç;vsNº$GkÉ“€ÂàbÖÌ!|Õd‚ì\î|”`87s*î¨ïwûb¹fO+‘I<°éç½kÁ2UÈùÏä›y6k±Ì2d“s.£\[­v;ƒý+¢ý¥m«Cƒ¿¹2¨÷4Ý­h—8ûX€ÒûCÁ5½Ä\›˜Ñsãó8+ÚHÔvÖ“ØŽ)ìþÛ6 uÔ<œw-TõÜò%)7çEºÆô¬‹·Úzž› }.Òæ”—½ð^Õr$ü‰Ý8èž\z\;ˆ—_ûŒÕ¸å9Äз#«BGÄ9=Oøü8ESà±°¹EÉVŠ5ŽSôöðëÅ€°v¿ ùëÝ ‹xQ↲3{¯˜½Vî*‘Ç&R§{ 7(Ã÷ƒG¨ ¾u‚\êÍý@é¼ +…l†äóBü‰¦k¥§(ð)ÐMÛIô [}9po~<,¾gÕ¶pÓZ¥jåÛM±¯÷Ž—t¾»g}FK^°ÀàÝé&WjÌKÿ4b.[Œ±~6ì¹Âe76ò˜ä¢®lDÖo:PìÅs=.x)¤îÞ³…r.pY´ÌðZS¨ÍÒˆ—´`®±b‹~Kb³˜Kª·{9ö’Ö¢Ó|2Š¹<”¦Æ|¶1ÚX.©—w®Ä5üxª)—€ë{rÄ‹ÔÝ{Ž[¢DQm|ÑíñbE¡B:òR¯¹ÒŽF¼Æ¹°>#^ö¥”Ü(#¤Î¢Õa‡è>Ý ±uÄ .ã6N¹–ݽ°ºõÚ®Å\šfÔ¸©ožrÝÍ¥½cð'¸ã4ç‹uSùøNáWüA€nÀÿå y¶6{†ÕkŽ]Ð ¥†AûRáê ÑU2¿î>Ò..ÓGÚÿû†¤—|7.¯–ÙÕå5>X1ã×úÓêì³%œ’Ëendstream +endobj +1170 0 obj<>/XObject<<>>>>/Annots 524 0 R>>endobj +1171 0 obj<>stream +xÕXmoÛ6þž_qÀ0Ôb9vœ8)°)²–¡[¼o6Z¢,¶’¨’”ï×ï9R²d9)¼¶ ëx¼—çîžÓç³)]à{J‹]^S\œ]DøwzÍi~³Àß3üI)?€(ÿšò¯_<›_GSºšC  éÕEtþÉéñìÍòlòvE´L¡ÿúfAËÄŸ¾ e<²;ëdA•°v«MB‰pb%¬¤£ï–q”mࣣ‰tñÄË%áI«ttNωÚL$z{’èÚèºH~øŽ¶Êeä2I…Nê\^rAãée4ƒ3£J¿ÛbŶEVôÐ6SqFµ•ÖëzÅJtn†§±.PexP±ÑV§Žîç$ËØì*'“}Œø‚Þí™°™´-3e;½øÛ:mpL•$áˆ4GQª­™ä:ùIJQ“ʨprÒø²=Šó‹ð¹ J^éŠ}µ@™,ÉÔeÉš¼Y¯lm ¨À-UëÚ4÷uÚllTå"z ³   C‹Ï&ò‡ZûàÚbvNVJŸ³DÇu—`aïñ36Zd.–(ø}m Õ'ÊÈß‘N;LP8H‰²Î¨UÍá‰Z›oCÏæèj¨Üo¾}÷0FcÐEtã?÷Á3ä*„ªÒæqËé\¯Uù +},û**EfÒû2òs ’ö£ž£h"TêDæb7TǺ.]{íø+” 1\ÿ™’}ÃnÔœnIŒg×n®ÆTç¹Þ2zQcÞ/D_ §â:†Ž ;‘©¨s”›FËð­€»o‹v´ïj›¬Ž{÷¿„ßî¾71žäj5±2®r;_&TÖˆä§Aæ ‰±xN'êöZZÕm=\¨íy÷ u¢žÆÅ"¹ +InÊ1ì]Æä“àaÚ:°/LR´gôÑB$x¤yh{‰ýLëæ«Ü@Ž' ÈŠŠÉ§´GC ¸â1ŒTì{GD5xF{J9OHä¨v '+dìšÃ£fmDA¢Lhë¥]V[A¥°ÜàÂÎÌ6„¨$¯<ÎD¹F¯©m3h7ü¿€ÞøyR›<Aÿ-\;HøˆGÑ÷Ó +|)âO_@ýÏÚÉ×¾zÄ0#ñ'Fæ!:©Œe 0I0ô`ÌJcV¬¸P´‡Ì!!X1i•ž&öØS w]†Þ0'—d¯Á§µGx)Ÿ\뙶 ß[Ñû\ò`d +ÚÚœ8d¨”ú=ÕëÍ…f³x†&vçê×ÂxRÉ×&†ZŽE%V*ÇäeG¤xy•Ÿ!=Oe¹QF—ÌiPÞºÍ0â;÷D§d ÞÓ¯–ô +Å©9ž@mˆ\&\¨{_þ×¹lj¾%y~Ä¥DÆ0ÖˆœRP™—yðKÖH—鄸QZvÌw‡†¶І(½̸eìÜ(y²Ãµ÷…R­f‘ +„qž²ÑH-Ä^Ž¶F2…\¥Ü“Jç„&ìïý{”B|â•Ë —ušZðPÍû:펶,Š‡ð»ßÂ(­  a(“y•Ö°££ÃM˼¥)ZÞlÇ— ©œƒøÓ}K?ÑuïAH~D-¢= ÖÕNöcmB`¤ÈÕŸàIF°¸ %#ûÄJ• IOÿÖ^s¬é600èJŽV?žA‡²½:0vWƇ~°Àƒ÷ó‡ƒ×fM#Êœ«^O&þ`ä‡g¤Ízr(ßŃýà#‰F±Ê•Í¸Ì|;kïàR`Úw;À:1ÙMx™pðÒÁ£“·´v*CÎ/z BîFrý:T9Œ[©™Ò(LŒiQUy3ñ›ÜûÔ½,Æð,övóM™Øð¼oé,̯PMpJ$€ŽX¿0â&.N93´¦îUÁ]ìÝ·;QÈÆM³IN¯ñçæ’®o§añy¼{xsGïþˆŠîû‹Ÿ·Æ‹^Ó$£0=_Ì£Åõ *ò³[VóÃòì—³¿ê~¿¤endstream +endobj +1172 0 obj<>/XObject<<>>>>/Annots 529 0 R>>endobj +1173 0 obj<>stream +xTMÛ6½ûWÌ­^ R¬•¼)zðf›ž¶Hk¹ì…–FŠtIj]ÿû>JvVë ŠÀ° j¾Þ¼yà ­ðK¨L)+¨î«xEEYÄ)åëï)þ–© ¸†Gÿ±HŠ,ΩHs¸ô”À½8ŸmósOéê.ÎfÖùÖbßÍ­E—t›çñ™³UŠ:Ó)džŸa½ž¹uv†™_YggXËòUæà›¯Ó·ÍßW‹÷ŸrJªZðU¬Kªš‘UõrËöYÖLOËÍÃö醤&g¨–„{ÍP{i4™–Ž²a–iöGc¿‘|ÇÚËZŒ>ÞŠ¶•u|S}EÉ;JP)”Œ²P«f™ÇYLŸ7ôÑèVî;Å…’ý.®ñq +}A¥a2­:Æ(¥#,‡±Ü,Œj¡7!újÖvOK2;>ÑAôèÇy+ÇŽÜkç1,8Ç„RÔ¥ÌQê}(ÙZÓ:%£#%5SÇê‹rÊCQ’z}·ý²©~«P”_ÀmE¿Pg’‡®LÞk±S³›Èk¸ƒò´ãN>/XObject<<>>>>/Annots 536 0 R>>endobj +1175 0 obj<>stream +x­W]ÚF}çW\)%x1ß)•v“Òä!ªÚ¥ŠªÒ‡±=À$ö ±!üûž;cp’ª+••@öܹßçÜ»÷bá/¦Å˜&sJ‹Þ(á ÅüõÛÏü†f³8šSAÓI4­rzê]=Çq4»:/&QLÓÅW +šŒæí_½~Æét-jÙpºŒ–4ÝGc¾;]BGxò§WÏ8]Æ7§ëÞÝêžÆ#ZoÛ|±¤uæC›´ÿf/¥´4‹èq¥Ò;ôA¥Ö8³-é­r¥UIUÊŒV*—/ןz#Ž§PÒ:»RTZ)ÉhzE"X€íÅ‹`o8™ÂiÏ¢8¢÷ꪴTF» 9E¢jÉñI…äz/¿²Kµ­MßXz»u›—t°æ¨2éào!…vd¶ääAXá£(¡%7;•ŠœŽJžøx‹ ¯3Ê”•ii¬’Þ„O‚Ÿå^”T9i´IÚZƒ¡K¤eU‡ýÙy¹Iaq°b8IV:SÙ& ¾£ey2ö3â.Iä¹99ÚÂÿ½Úí¥­SÙØG¡r‘¨\•ç¹Âh°äà¤ØI’_ˆöˆJd”ˆ\è”Ë%Ë4¢ÔÆJR +ï‰ÄT(áÖ àÚÊJãÞö´Ý¡-Úð/¥ÏLZR—^×í=ÜëGuã9zΗN9j.²Ï¹PÈÐÞœ`?y`‡Úžô»V_¨é^iI›>çCqˆ&Í<€¸¡Ä"}u¯¢î$Ï·ÞWÎ’Z$¹¤§ÃD8ôðÛÕ“/¿0 Ôè­ÚUœ·’NªÜû²±ò»Õ¸îÌþpÈ'ÃÂeÛNÓöɸ"úE§’’Jåå¶H¸J,:ꈤBS"p†–ò©¨’3ú­l[w—”˜cr47ÝæßsòådHnëã…·šZÝ­¨õ‰ARH†½ +"Éy,ö]‘Dœšðº¹w )¢?LE ÚiQr4nÏ5ŒH®±E ‡jù¬†Ó\åsÂòyU·)ø×°"zh=ð×.ýÝÿÜ2–Ïœóò¹ÒŸ]“Æ‘ç”s‘˜\¥N=?ŒÒ%we R_[`(¿ˆâKôAÇ´»Vä+z·jSþ©Òž‡?úˆ_Õ¸7Ÿ·ø¶ýÆÉÔKP`)¤€aE µ 6¶ù¸—š:8%ýà#)ˆ,(j”ø X÷™¸ÒVÃÀRÁ&¶jÈ€ö¦º,›ÚàÓ tó²ñµ!ŽƒgŒ§U-bV x­~#+ôŽ¹Ñ³÷G¥3¦Þû»9F] 洛?ð`eùâ…YÐXê~næ\oÀ•íuq!ï›16 \ø‚Öœ‘J~ö¼j:b„qºü3 ü¯Îkª?‰2Ž4ÀJ¯ééáÃãÃwD=µ¬DÏíXó¦Â¦²­ûžƒñ½¦;ðµ±å$ºß±täÅÎ…[À“yî} –ŽÖvòžé„ìH0Ä05 V„u`Õ¦ìØ9°Ø4 +{ý"œÆ5•M°HÍ0ß4ûV„Eà û_µa¦é@qoÝ{®ÖÂd´˜ÍþOWsMCG7´òà‘Çtýà“^¯m =Ïéý­úAÉ›ö…7—„5ƒ¥kŽçŠÛ›*Ïšan9H[(Ç+PXá,i{…öñ ØUgý"{áA?‹\•ò€Ç~gt~f®FZ;ȲzûãIZ‰Ñ6À”Ë1.É/Y™Úž=Ù$ø©€“;CÚ@È×ó‡.É æ>èªc[¡´L‡øÛS® +v.¶oÄ€ÍI±Åð~MâhøÖž}„`?Î ßÇ2S$ +£Øg—vbåóÖ—š­–—­{2ap<ó߀fo(±]x¦‹i´˜/â&~jý´îýÚûþ +=endstream +endobj +1176 0 obj<>/XObject<<>>>>>>endobj +1177 0 obj<>stream +xu”AoÛ0 …ïù¼-j7¶³Ø=¶ërÛ°¡vÉE‘˜Zm,y’\Ãÿ~O¶ÓmA— €a‰äãÇÇüZd´Â7£2§bC²Y¬Òmò"]Óº*ñœã瘎ãÁÇ,Oó˃ûÝâf»¦,£Ý¹6UI;EȳZÑN.·ÚˆÓi Ϻ–BÍä‡æ`OZÒI›OÁRkµ ñ!½u/äkáØÓ`;ê… ×$Œ"„ ô(šƒH¯vÏ‹%ùjwjùóód =}"z“>/XObject<<>>>>/Annots 539 0 R>>endobj +1179 0 obj<>stream +x•WMoÛ8½ûW rrDñ×ÚéÞÒ é(Ònã¶{È…–h‹[ŠTI)^ÿû}CJ–¬$ ,Š±EÍç{o†¿FSšàß”V3š/)-F“d‚_øcÊ_?ŽfËUòžï§É’ +š]­’UóMÓã¨ÿ½ ùt‘L{Oûßñt¹¼L¦ }Wr¯Ì.Msavü%¸-n=Õž®rÙs8I‚K/ÓÚ©ê@™Úîw šNw³JwrOÊ#¢Ø.L8©¥ð’”ÄFi¶¶µ®—$¥ZIƒÜ+‹X$ŸTŽŒ¨Ô³¤c^Vâ ! $ÓyÌ3Fû¿þŒ„C¶…ÍÔöœÖ&“N^K=i뻌é>ØŠÝ‹ +¹ ¦ÂÉm­ÉX<³”Ú¢t ÑvAÚmpJœ[_Q, ¸ÚÁšó ¯”Öû6»‘xÕ:Ù*-©ë,hÉeDt¢±+²BÀÀ‰ +M…A$Õ0©{ÓœŽ-a€‰Ei¹ã™ÜŠZWô,t-© ¿N’Q<¥›ÛÑåݬAÀ˜ ¢I5ùº,­«NÏŽ†ó-bÆ” O) <ÊŒ¶¨#¿vy>·°j+²ÚËø´3úŸ¾0®\=ZN£f7T¹C€ÈF ÈG?Â:´¼À×ô'íU•‡þ8µË+*,óbSWçGbx ë™r2EûÌ¿6¼`*™q }®8f”‘ÐZ¼úíá†JQå ýÈÑÆC!MM¥-ýE]žslñ(æ³<6þ‹³(g¥ä@Æ.#š@"mtÑ"‹Í·øl{¼fªms›ê2Da¬+„Ž)‚gŸF„˜ëç\ŒX¥¾ÜÖîA,À ™ +2ƒJlÀ)%nP‘Ê–‰ûKuy×¥÷Ø(ßiÇ Ýt5AÜÁ8u°5Âc/™XŸ±]þüEá:éqôºÎ‹Þð+ÈÐì网Îçª~Yî­|ÃM ¸W*‚¸v€^éT` ‰¤k(ý¯Zz`ŽJ  Øį¨ëe.uÆ c|E´ƒBeš¢,¥p¤¢~ÂþŽoó[ Êu_êν¢ÅÃ>WiÎÇ0±Ï˜¡PQPž¼ždC^ˆ¦Ì! Ð (ÓHD¢Â ÜEÙ€–½^BÓÍh +y˜‹mmRÖ!1TýÀõ–¸A:"wð^¥ +‰q½X£<y El³÷Øîߎ¼¼Žé]Þu‚ÙGè#73Ý!E˜kªDC4…Ûß‚͸6ÿ¥ónÛˆÊô:{:ˆGâkyœ}6@t‹ËN3ŽPk€ÔšÍJæ–ìÞÄî ~&t”ñä) ¾HdäÜŒCl+ý~ZgΣYÎo¿~¿ýúôPû4þÄRÃvžÞ "ï½ÁÅm‡i44Ì–qÀÕ‡ûÏÁrYÔ>téYºó¡5ç [!Òja ¿îó!5õã¾Æåe÷IÎo¸Ì¤O*ãNW±Ú“ÊBliü7gØÔ/Š?À¹ÅËš­’­öäâãí J±U¬,ýJáýÞºŒ2eÆæùôîD±_°åFÛ— FÃZ7%4!Ò¹•Ó¶û÷Q±NW¦Þ‚ôr?ê3f±±1ÅbÙÚhüúâÓNéŽaG¬ú}j¥zÙu¿•†^ùÎn˜ƒ5rÐñ0;Ð$ÖÓZü”ôùuv[j¥& + S9Æ•/ô:p§UlêrÂ!œu^ê-=ÃúÑ(„Š»e·ø™ò¥бv°ðr®〫f àâ8°šõð¨åðX¶nG¶iÖÊM(@¯v• +ÔøëßgÂî¸ +ÇËÛ<ɵ)Øó»I cljk*¶8¾>„] çV< ¥Å†w>ž1ÜØ›niqÖ†2õ!Ɖ't+ /.M5C° ÌÃdçË&Ø ‹2ÞqøÂo § ¸Ø6ŽSm&K¤rS[Låam»=K Â6oÔ³Ð1®$¦_3r®º«Áœ/ã¸qÞü¯‹4½uy^¬Éjy…›:lÎçœÛízôçè_+Óéendstream +endobj +1180 0 obj<>/XObject<<>>>>>>endobj +1181 0 obj<>stream +x•XßSÛ8~ç¯ØÉ îLÒ@ïå(ÜpÓR®äÚ{àE±e¢b[>I&¤ý}+ÙñÐÞÝ”2’W»ß~ûí*ïMéÿ¦tzL'sŠó½£ÉÍOæ“9ÍÎNñ|ŒÿFRêfG'øøÊÂôí»ÉÙpáb±wx=£é”)™ŸÒ"!ptD‹8Z¬$ +K¢ ÛÅ+½.(Öy.Š„ÜJ8Z«,£µ6Oxr+ºùR`wB"ËôšUVš°vžäªPÖá´¡Ò¨g•ÉGùfñm'“cœź(dì$ìk¼ "ÂÉŒ`éÆ„%£µãõx%ŠG O$Á3iìJ•¤SJaÙ’.h©á” LÇ"C×÷aicÌI›ÁÙFæÚIÊuU°~?\ >$pXNh±ŒÈ³P™Xf’ý)…q|.a“‡×óÒˆîeœ©eøktÄ`ZWF¹ aÙ³¡5>9 Ÿ7·~Gò g™²ˆ)œS{µ"wœIÎ=¹PE½'u%Yåä$xñŽ¦È2§ûàdXú|2›Ð%תxôJ”A"4<+¥É•µJ¶LŸ‚‡0ªà\eZVÎÁM`´…ãíŽÑ]kkÔ7ÕoNè2Sñ»3°iiiðÉRU"—‰™~Df_°Z;8Ñõy6u<÷¬Äúóöæ¯@—J¦K/bNsM)Ž#Q¶ÌÄ”¦l"Õ&§_‚ûMlŒpd,F÷WŸ¿\}~xðäˆ>hÄRˆ\>¼ÄÜy髯µ`ó¸Á+â ¥[é.n>Ý{ËM(«¡RÆ4°ÆîüÀ–÷”]l y”Bñ®4¿ÔAµæ“ë©ö¡Ü'õbþÁ‘‰´±Q¥CYTó­Y8•nø™q®ñ+7ôdÜ+œ’0ðé·«K@‘*™%½Ja-ô)¡D8±9ðuÐAþÆ.1âwP˜A0…#gd«²Ôƽ•^ +¤Ú«i”ŠÌÖrÐ>¢ª)ä9Ç¢4t ¼¼BN8t(D›®Ç]A 7ºFE[žw¹ïeº{Ì®+h÷¥.œÑÙhÊ>t-d{Ũ4…4ÎgÆiõÇ7Ò¡¤“Õt³“B¾á‡·È&CÐ9cQÖÓV^ªŒu­‚¡Î‚‚M[›NèšMÞµÓO眜+ëÀ[bl™~øhtU‚-àY²¸ûF'ÑôŒ‘¶ÔEÂÜ)’јF¬Ù’ä ä?‰'XDç@\¹(KÈÉrSK´*|·s+#%ÉLæ@•)p~ù!4OÆlßìi_ìÕþË>-•³-oÛ(ö‡ÉàAæ|ü!èÎZ×ÍÆ4=fzé)y¨º¯³áfþhŒæ± DÎ!¡£ùÆÙ;¸Þ‘ ¹ñ¾u|õ­Þc°õ¢#N=S= +¡²üÓw;êÔY[§ +sˆ?âÕ7Â<±=½¡"ò/2UÐ;¡l¾4^y§žÛ¥-CÛ ‡åzÎ<(6akk S’èbß1O <5a€Ctà ¾…°Å’êÖÞd3ªI>Lá¼Q˜ÁvT( W‡×{)ôf5Pöê38…%¢@^*¯ú A’Ýêeidª^Z2±ÌïFqL`d ó8–ÖîøYwt€QkçäÞ‹ +£.O+.\t?z†—°ˆUèž‹~ú…gÌaáÇCW™¨ íÛšgO¡ô¨ Ê~€Ð¯tƒ‘Ï$è,Ì õOñ +‹»h, ¹†4+ïa #F»È´Hšî²“Ç…xjǧf¦ÞAuI8(†=IÑz¥À¡ˆ\ŠÂwóÂÓñáwÊHîž(Aæ_5H[?˜Aø€v%ž›yàv±ãö§ß ŠLûzT_Ãî-Ð`pŽue,:F5<áfãp5ÐOH9>ú.Sã>xÓaá„>jVépðw ¦i®ñœŒt¬”oè˜Mó}„ð +RøóFv<¡÷Ûáûî_»Y³Ý–'æpWÛ^vȆÛ`Dàk ž×m;ˆPé…µ@¾Ùò2cÖYÅ0<@„ƒf2ø½a²išÿðZ™¥cÐ(à§)趫7ó47÷íyhìZ„S¯‡p'÷Ÿ¿’ßi(hë6YscûID£›ó}¯ÓI¾ˆ˜çŽÏòXÌ‹¯sEÿÃè2ÞÎ;¸ /Q}¡k÷¨:ºÆþPt8¸%bæh i¡í&¥.;D‘mÉ[›ö£»7ˆ ‹êm +H¿’Ò¤UÛ FdxÔc‡¿qò²ØÀÊ_ xw|ìÍr­+LYµÝºÎêÑy:Ç×g'õ×ÑýùÇ‹sº3úz*½×qÅã‘p¨3vô Ù~pzŒo-þïmvv:›œÎÏpÆ«'3¶xµØûcïf…~dendstream +endobj +1182 0 obj<>/XObject<<>>>>>>endobj +1183 0 obj<>stream +x•WÁrã6 ½ç+0>yg'¶;í-Û4Óí&mãN{È…–(‹‰Ô’Rÿ}(ÚR¨äÐÙ‰Gk‘Àððÿ8™ÓþÍi½ åŠ’òäbvA«ÕŸ—×k|.ðg%eþÅb9Ÿ]Æ/>oNÎï.i>§M[«ë5mR‚‹ Ú$ÓGQn¹½®s锓ŽøA’Ò¹´ª–)UÒ–Ê9e´£ÌXºßÐv§ucµÒ;Ž„æoo~ù/Óß÷_þÜ¢Ò¤òÓæûÉÍ—³ÜOë\Ô$HË–2UHJ¬ì †;@FÔrärðZÓ)\&R½ÈÛ:¿û‰æˆ„C:[^"lX]Í®fôͤ*Û30o€S…›µ±û(×éór¶XÏVl$º/tú¾:„îTY!<%¹Ð;öË9H•« +±Ò§8*~) +³£­y=òÂÞ’B%ÏÁN‡ò*ToJ_ßâžÒ¶©k£gô›iå‹´§ì㬪Tµ¨}áBÂ'-².S”ÙÐçZ>i²SÔ0%Q8!Rº–V$•VÕ¹ÀÕ8.lªÕS„Jáž™)žªŠÃ0Ý><’¨k«€Ö3 Õg ‚}Iä¶ÏRƒ„| IL£k_v{±êŠý%óH*aE)‘ºÌ,¹Ò XRkªÊØ:NSKÖì¿{ƒ&ó 2̀ǃé›fÊŽ4bÚs²¬ü=¾îdÒ IÞ‹ZU” UD!ùä ÝùëK:¹IéÝJ­d:‰–x'véÑo@£LY(¹çŠ!mj´-÷/² ÄcGéØ|GŸ3 „¶Fk +¶Q:fŒC!B¥¡7HÿÓTÕÝ™‰B•Ö¢ïtXAaøV–Œ¸²&‘i&"$Ä`¥*å H¾"͵ŒSóôiFÖˆR +H“{o˜Ñdt±0•B«ª) 3œBá¬G8¾ó5MuÞ •é¹ì|fÔ¶Á1Ú¢æ=ôÉ‚ô?è%µ²ˆ+q€Kˆ*÷;gxoyð^76sáÞ¡¼\#4kÏÓT¢/ÑË)ù`N ð=}bRp²_JfMé!ê; 7Ä )ï*Ê ëßÕÔòžFu}øW)c¨,¸Ìé Üaù©ª¬gùœh3ˆÍM$ÔgÅ©TÎ-G¨< …I‚§¡;"ÙFå1|§‚–ðýûÍ8¦QHY!vLG©t DM¦&±E²$) +Ó:îÕ.}Ë°­Hžý÷ïL+£éïåMv¨ P–]Eä5Ð!1ee4"ŒésãºÑ$Ñu4ä¨'vrJ“vâÛnò:¡­ªñ:Ãÿƒzœ‘Áy¿µo ì®Irä%Â5¹•š…€tÃW O|˜óuÕ'ÔN‹7žd‚2„mEZŒº8¼ØT¹f=Òw}X8`€7PÖpD9< iëxh¿"I×5Ô6Ö—Tf¢)0t¥ýhà ÀzãÀ4–i i>"ñ„ö[šƒ…®å×L”V@™ø¡l ÂNrÉ4y§áþ’X3’xzBôòbÎYñ`FtöÖÑÜ;ö?Æ2>heØHÆ­1j÷¸(]Ë"~‡ÅÁcæo’îUIŒµøHåŽ&>#bOAîrµË ü§Ý`Áìoò$ñ|?ÖÅQJº±èEÔ¯  Loqx÷méÙTÉ+Ý(=,1Q/<´ó4WÕÈe_3z¿>vÝt~7XFwAÉc2dêkðÁ‚¼éúÎó’óBÑB×íã~™ ,xîc=>î[oÐ÷<Ö=ÕýÊÓõ,/Wì +|bÈLÛhK½A&Ú²¶¦ÀAôÄ`÷d1=LП»D6½ÁVtÔ$ÞBÀþ&CNûý’ÃFylÌÁ©ì¼w6X<¿»Ëä|…Ÿh×Kü`»š]sòo¾}¾¡?¬ùñ£[“4%TůèŒöìpál½À³ÿÿƒær}9[¯®ñ›——Wló×ÍÉŸ'ÿ뤈Cendstream +endobj +1184 0 obj<>/XObject<<>>>>/Annots 552 0 R>>endobj +1185 0 obj<>stream +x½XMoÜ6½ûW rñpäý”6zpФŠ4m³Ç\¸åe"‰ŠÈõzûë;3¤$.½vœ¢((æ÷Ìã{3Ãýv1ƒ)þ›A6‡E +y}1M¦ØCŸ}þúõb9Ç¿ ÍæÉjXf üßµ*øDó!]½NR›§ÉÒ7hh¾^&3X­§Ø[Ãb¾H2ߢѰ£«ôtt5O°šg¼ñb½Z¼6h£IË%­å¹4¶ÉàìdÔYµ\®U³ mt-Þ9h£UéÏ Fƒ6Ž¾NOF ŠY6Kæè-¢•úmûfsqýn ³lJÄ;]g°)æ)lòÉÇ&— `ody¥ò¯æåæ ®Xùxññ·®¯ßeVƒhÛêv'¡•]­ŒQº1ðIÔ[µh ݪ;ÙœLP ­åó®o;½o¯º« +:` +¯f taSLºëÃõ=ØNµ•#툦 8¨ª‚|'ó¯|B¾Í­,NÎ(u‡G” +׊[¡cyêVYC›j¸Ígžr®»…ëwóÞu#ó}§ì12®æëéZ&-¯!jE'jie—ÀMs>Üî„…ƒì$:àÌæ¶l¢s9»t&*Ã.@“*YZ•ndï9™\Gâ‡Xë[cdc•¨ªãü-;íÌ +ð8ã=Þ¦ów¤Ñ„ûðƒ~I¼&),^0ˆ:á«ËÞ]鈥<©—Là ¹K¶…[¢Uú€ÛX9ä°r ×J‚Ãî´¡ïp +bÓïáŽx_HËûù®,³øjlx´·Ák„;Qí‘MŽÕlßSÄÉ‘8¦ÇøyŒ(t`Ûé;UÄWšëºVmU…lDØÚ<¡wإ쎜´è€Rä~Zêët±Ïe‘ÀuHpõê€{­ UiÒ€q(Ùà,ºñŠ»rб-½ȱi†Á0¢ãïòÞzGXÐÝ^£+þ+Eã>îz]zè .ó¡’ƒ¨4ˆñû’Îu×IÓjŠZ^ežR«›só9èÅp¨÷\0 Äûˆ£¡Þož¡cYÖDÊt QÍíi@„A˜;Š ÕA]aÔ¸ÔÍeìáÿ£N‡M¯ÑgP`„á*ñŠ…gj4L—?*Ñ}$Ö¿’¨ d(¦ØÜræfz>”ít_Òc"Y°mÔ™TA™;šÿ#ìDê`p£jCqràXäb:ðm>¸d(8£rÕ]Ù׃֧Àw\ª“¹ÕÝч.*0à aõô5ö`Ø¥º\H“wjK‰n«ïd“ä}.[‹¹Ž¤€´.jTZ„Œv< !•0R”X£žZæ2f´ÀA?œY:nçeq>`i}d׃B$ð%>¾Ooç/ÃÇƮȖ1C/’ù…½ßSŽ…)Á P6l¼«‚}OB”+–±Ò(jÕ(Œ]% ¹hh¬:©qï³Ã˜AKU&Ž +ÆÒ‚+R+=|ðÔ!”i‚ó9ÍRÁÅ52VïA1‘1{õj¸v$›ö-•Äd :Œ«ùXã-÷ô’ÑT’UÂÆlzÎt»UÇï HMüfꙬ$B¡¥i.-Å)zâáõbU¾¯Dçës¬L¸Òàd|Eû;(éüRSqH 2£ú‘&ñm%?Ö¹¦Å7¨e9Sot±ü>/XObject<<>>>>>>endobj +1187 0 obj<>stream +x•OÓ0Åïý£žºÒ6ýKÓ=î²TB´EpØ‹ë¸ÙÄ.¶³U¿=ÏvÒ‡EU¥¦¶gÞüæós0£)>3Jç´X/ÓdJoÒi²¢å:Åï9¾FÐ>,,æ7ɺ¿p·L6sšÍh»G¬Õ:¥mFˆ3Ò–¸Ì *™}¾ÚþLi<_%Klíµá‚šu‰Þz&àN›ó¿w¶Ôç'›e+¥Ít(¡²"#©¬,#½'— :2ÃJᄱ”IË+ë÷äØx-“Í ÍP/k¼XFÕ«$Mè½ÂÆÔŠNÒå!˜uLeÌdôÈÊ£½,1çŒÜU®­m£”ìx”ê³t§ 61vY²ºÞû‡Çß!i'¥§‘­xNÌÒ¤Q™*Îç+TêtõõÓûït¦”ÖB¯õ±¢º„¶¹´5õÙ"™ûÌ¥`Ø8@Æ™¢Š ®Õ¾ÜáÉ„P^3*±ÂÑ‹d‘…à•‘î ¬¬Ð™¿éåövç°ñ’x…¶t,ô ˜?!mPks}¢êHx”M™”ŽÒ@FŒsa-Á€!—>)aH:´²(¨ qI<{b½Ú–_Ê?¶ÛÁJ±ú„¾*är•Â$µÚ „†@°!Z'ðÀœÇí¬—j”½ô!! +dµo–ÏاóÍÇjÑøÆz.!àø´±rž3u1[×(0+ +ÅÖÒŠâ{ºü* ûÅž4{ÙükâðÎs0Údó¦Ï > ýÉß#;"¤GþÞ~¡l…«'p„C;þ…×I¿cd– ü>Ù¬kGÍVxa­´Hoâ%ûxûñî–>ýïº×¼*ËßÚ¾¾qs`œÎñªÊFÿyµ7—“¹L—IºZã…x‹Ôÿõn;ø2øLŽS\endstream +endobj +1188 0 obj<>/XObject<<>>>>/Annots 560 0 R>>endobj +1189 0 obj<>stream +x•WÉrÛ8½ë+úƒ\e‘¢$kÉÍqâ™ÌØŽ)•Ã8ˆ„DdH‚!HÉÎ×ÏkÐf'5)/%‘D/¯_¿n~ïDÔÇOD“ Çç~ÐÇþñ¿Ot&Q0¡‹þ,SNƒþ4ºoÍ;ÑhŒë£é0ðÝñ,ˆÜ7¾ ;4¸˜S¾‡gfîÛîÞh†'FÓ ?‡¿JÒª3ŠÆø8ÁRN£ñ§í>ôfÑ ¯a¥O‹âO¦´Hl¸¸w¯RQÖ²¢I@÷•*jU¬iÞ”¥®jRÍE¾p4Ï߬¥hÒZêÁŶº“ +è}QW:iâZé¢}rDQäžL1ž|#ת(ØÅVÕ)Õ©´¦9‹L +#Ï?Ó`ì…¨ÕFÒU$zkènA¥4—q* +erC*/3™Ë¢– »ïS/b€át£ÝÎ{Ÿî¯è¡«X«óûnæs*D.*U)ιQº1´‘•A&†ôÊŤ‹ì‰\`8q#Š[QìB9ñ‹,3»8#dtE’(†Hd´j +‹–ÈTýCz£^>µYË-ùWÔ#ΚDš×lÜëy˾`+]@*2-FÙ…â&¬h¥2 LõËÙE8›†w‹pÐqãL?CM© Jd.ŠÄ¦^Ç®”½I0eú#™‡ÁxBGxí moî`ÿ\ú(áq €5áêõ2IZ"Ð/ꇨ”ëòþËÃ!+~ø}nÍp:##kvß;¨ôC·’+¯µEþ¸-«5u)­ëòu‚,L!ÝT±lk­Á}7ÛO| Ìh3=ÆÁì§P¼TNÄ1Ú‘Ò†ÂÕ²¤Å┄¡y-ªú­Žï9RYÓ»¢ÉÿÒKó€xÎIÖq€h.%£c3Þ“þvþöTˆn 4**,^ûô¬X¢’›¤rWÚèUÄ:qÜBL´\C{Tyë>\M‡ƒŸ5Æåýû‡³—ÀôXýÌ!«)ˆwÈuhÁeKcèJ³þdt£  â\Ý0q\ƒ‚zùMƵyÉõÿã3³OoР¾[;XÿÞÈF:F•MÖ¢Q§•nÖ­È5F²@/l-¹ûQ‹%$ÏX,M J?S®ozyðK±ÿ‚ƒ½Á4ˆfÔóÀ-R‰‚¥ ÖRÊ‚ŒÎ¹|P#DëbÕ°à‘Xꦦm*j‚†¡ ÊP.”r€ë%š¿¸ùþÞ¨ÊÊ/§cY³ç¢©U!+@Kvmjx ìÕ‰lª;ºJlïÀÞ5ɪÒùN6œbtIËf}âV>‚ 04ÅúHA¡Ár‘ªÏ±ºt¦j©ÑåÓ‰_/ã³G?DPFÈ`¤1Sv“=Ñ`೯ˆXàuÆM%[h4þ5xòò‰zò{ÝZÌ¢ëìûÝž“·Žžé`—nÕz/AûUw¯_Sÿ&ãUixDý!KÌï½ &£`2ž¶/CÃ)ônÑùØùð÷Jendstream +endobj +1190 0 obj<>/XObject<<>>>>/Annots 572 0 R>>endobj +1191 0 obj<>stream +xXYoÛF~÷¯¬-RwÍÑyHzØEZÄyX‘+‰6ÉUvI+úãûÍ,/)JQ9V´ÚÝ9¾ùæ ¿\„4ÂOHóˆÆ3Šó‹Q0Â7üòÛ¿\DQÑl1 f”ÓtLêEF·|šfóq0¦ÉbŽÏ~­¦õE¸ –4ÆÕ1_ŠÚ_ê-sZLöÂ0‚‚ñh„¸ÎÐêW|³¿Æîrñ½ÝÞ:§(‹Þî‚EE‹(˜³àpŠM¿Á½5vÇ#¨ïíöÖ¼» ýÝnÝé¬ÕÃ’'ÑF†óúršÀ÷E½’ÝÞ»³ ¬ógyW§KA~ÂrýBnvK<å{r÷zËœæsÚíõ–0vÁÑnóÕÝiü톮ßâ~Hwkb{F!Â? ¦³Ý%B”Ýŧã25Å󻇞¡$ Ȭ©Ü¦ŽW¹.Ê€^¿]R8aÁÃZòp xÆ$æL èµÕªL‹ }ÚÙ´(Ÿ}ö‹F¸:çãï +26Ñ–JC®ÚíŒ-¡QSµËŒJXL8“Øô ÿ­ÓL»+:˜ŠòÊ•X[¼Ç¦X§› +,Vr‚ÜVaQ¨\'­b?”ƒcbíTñ‰ÖQ ãr™ .§ݪ|¥.>–Ú*säŒØ)—qv(ÍÙ~U”t?ðn¶Ø§íSk¹Ó^9H_ècZ$fïèÃwUŽk‹«_˜§4„œµ±§xànÁhÝ?oÜ‹fàÐý¹­©²„r“¤ëCkŒ¶ðÆå«€aóxA™J9±ÉÌJe´SØÀcGªÀŽ¡˜ÃªåÌÚd™Ùs„8'žyï^l*ëôk`Ö`zRYÅÁtU¼%åèr§Êí%qä”]¥¥UÀ••×n¬4êÔ.S1Û§åöD¯Ú/@ÏFzÑÄ€*–\Zêûç?z"ŽhÉfN‚ð ª[…=¯_kÇ%»ë0Õ.Aeh€©{€´ÐM¢-\ +èVK‘;6S+i‹Má¼LïŸSŽØîÔÆËmýoœHÊ ‘(F9ì‡2ükèÚÔPOdwZÄZ«¿T©ÕÜ‚YÜy»®ßN¤éL~cYîDït‘ó Ûî¶dr$Ku0Wu‡ò›e„z¼©Ð&P‰P‘Ks‚­„ð4iP£,íj\YóWrŠ<Á‘b•®GÆ¥fÒˆæͤñ²*·†ÛØãcÚùÃelŒfS®oŒ§Hõ Y¡œ®™WÞÍ^ÿõ®qû9r‹ýTÐüÓ’¶¥ Øé!ë¬Åݼ¼4]Ma€Ê˜èûHÝß}S…ô}!ò–³3ãºu€B”,´°”Ûª{#bN@~mŠÒ¢CeŸì™Ù0Ü~N鹈`:“¡ÖØ{ª4Ùâ€U‰BɹƒÞЯm ?Q ]ŠöÆ>ú.¨‹§ÔšB(ºßj ÈÚh{‰`ƒÈu¥ƒH7kœjÅKfN´µI.ÀŽ+”ëCíAKÏ.…%éúž„aèG¯]ÁŠCk†ÑÕæG“çý|Ê`>×´Wð‚^¡_ý‰¨Ëi*@ÇK”5_fšaLù›ûÕ^gY@ïÑS0 ÕðUfc‡‘Óά•>/XObject<<>>>>/Annots 575 0 R>>endobj +1193 0 obj<>stream +x¥XïâFýÎ_Q‡"-+  LîCÄÌ@‚4Ã`“;Ýœ"c7ÐÛMÜö°DùãïUw IVJnW; ¶»~¼zõª¼¿Ô:ÔÆß |êö)Ljm¯+ü£Ã?ßÖºƒ;¯K·ß»¥„zþ->í·˜–µêwÜíßzÊ]¢^Oö†üîã_&hS»_ÕZ“6ÝÑjÿý!~‰ŒÛ6­Â¹?¿5œÎzíò+þ“ê?Ê4RMw·­»aýãêçZ›š¶7„êÑ®?zš7:®­hïwÁO£Í¿háy:_ž Tâ×n·¿xz>8¾:=W‘ÍÌùÖä–:ÆÂ÷=¿Ý¡¦?ðz]Ÿ­VãÙjú2û-Æßš.Æ4/ž§Ë%..9ýÖ¤çŽ7‰¾×îßòÑiJ*‹DF¹¢°È2‘æñ‘‚(¢€Rq (“ïöîQ´ ’u@;¥óR© µ¡ü€ƒ*d.Uª))tŽâˆò¬_³k¦é÷½»[ía¨Š4§B œ±àg¨»kÓkCzÂÕL©¼4öúÑ&–I¼!ó._ýþ€.!07›®gÐû1­9¢D$k@à löpÕÙ–ZßEÔØg2Íñ|%2½|Úœ3O—EjP,uîý•¤šþÐëÜ¡~Ù .E¦Å‰5b”y‰¿)•ÎeÓ^i-´æ[üJ062æ 秋u$3XP™ÄÕµHEïLà“ƒò?&ɯþëÑB8xò]€*Á[#½ 2œÆÒ”üC&T6h}¤Hl‚"¶™7+LZ¦¿¤¡ fâŽYâ,gÄñeâ—ñETÆÙ»ÄãAŠœµV¡4_&rCZ&{P>V[DQåàUnlå+´L·%û^*sÜúó:Ÿ[¯ñúñ„þ&S Ì”B­èyí–ÿFa,Ñ„½ìEJõ™@ƒeoW±Ì„ÜîÖ¨îN©¨Ž¦úó‘ܳ4”±n_gA¨)a”ÎÍXÆ*à\áõªù=>/XObject<<>>>>/Annots 588 0 R>>endobj +1195 0 obj<>stream +xµXmOÛHþί¡;]*c'Á Hœ½æÔGÒrRÒ‹½!nm¯Ïë¸_Ïìz'*•Z*¢nfwç™·gfùg/ ÿêw¨R”íùžOáàØëQoÐÇÿ;ø-%ÍY€­üðÇÍ{Ax!…A›3ê]¯S¯Rï5× ¼ )m¬3êú}¯Û2ˆnpŒÏÝ!ùVcØb»`…eFƒ7hÈËŒ‚ãÞl®!…ÙÍ£Í5ìða}ãls i§¿©;¼c +úœÉ¨‡³ýzÅ€›kHzÞQCÊ>°@µvÁƒ€ÝutŒ/÷(„³0²Í’ÑCãZÖXBmdAg§t;F_ÐÀ³0wn–ÖHÞÈ2v@½„ 6 rNv6Ù;| û{4™#˃2‰Mù4‰Z}¯ãu=/‹B• JEy/)_fw²$5§¢LòJ–úÍä ®êQØ«Ú>.j]å’­—’ª…¨h!4‰2Ñ2§x‰“÷øZR,dªŠLæØ"ùâ±Èî’»ƒófW.eL•"]c‰ËäbµÊS%bƒÀ§¶Irhž«’ßÿM7QzôQ;­·IŽ³š.'4¼¾e-ZerÅ0ÅêëJ”V›x2ÚÓDWæ”)ŒÉIå’­nè¬%-׊´È`£A{Àw™CÛµZÞÓá[ä–q^‹Ê"ŠÒîz-«ÚÒHe™Èãíã¦ÞÍqçûEwÇj‡ÉʘP_#´VQ"*ioÚxl•T ÂÑ$וHS¶'<š Hs•¦jÅ΃§ä£ÈŠÔÄi¡V¸ßEj™Æ¬WD@ZÀa ŸØ¼ðéØ¥3Âó ±¤µ¶” +u¯¨ý‘J¥ª_µŒJ nG´/‘k‡Þ7¦°o²´u®2‘ä§ÓËáÍåhø™®Æ§Óyòø™Æ²DnœN×Iäùm‘"·ºŸë;:Ì0À1m¤Áã tb§âÚ¦7ÛdåsE1ŠÃ^ã þ©w\"Ø'4}wMï‘È埰¢çƒ(‘š®ÇNƒð#4tè?WCoœâ÷ÃßÏXð]¡t|ñ#c¹‡y*îõÉÔÀí¾ïܽµ'ç Mgø¹¾úãj6[mƒëÙͱÔQ™U¢ò“©Ý¿{îàòŠÎoFŸ.nhøi8z?<{Ao¯nhòn4¦ë›ÑåäâæàÙÛ¹¨Qè'S'uyñ*¯Îf;%ñ»-+S9æpöÑl¶ÿrfBø3¢2^F‘Ôz¾LÓ'f3Z£™Ûʦ—Ayl`³Gµ» ÉØ4¦žGÃ8fJº”+ª IÓC" ß5*oïq$‰êµ êì íg.–iuP·5Ÿ£ŸÐ57Ò 0ºæIZLrãå÷èÿ–±uvçE*Ÿo+iñNnpû›çyṳ̂±,=Õ +LŠÆbX5w¡ä) Rµ{] lZÇÎbºMþån•åjîg«€5´ÊáûÄÀÃÙî„–„™×q(—º÷‹’5‰;0»i´ÀÉG-+{NW…Ìkƒ.g-.#œßÎÞ@+÷8Kr˜UŠ +-šÍjo7ɇ$•÷p謕xÒ3”Oh×Ö{˜£¬SMI’¹ndz³7ubDõî6f€\óŸu¾¹Î´GóafbÓ(sbí ã'¯:µ+ëÕSz’v¶X·ìçzî ñâIÆ¤Ò è0QÅ­5´Í´ÔÆdoÂ2ÂlQ"E8ÜOëx >&›8º»áaàb RQg³Œ™;¾éVÃüd|õì‘-5y€½®—‘.fζ¢T÷¥Èh¡ÔW2{u“ûÑņðR?éJfuºØLp¥×H¬CYE‡æd$Š|áô´CŽÑ‡æÈ@|Å<õêZž +L&Ê'“|Ì!u!Ý.0Ñn&>ŽÐ¼T|`縟±„;Ï&Å ¯`‚E)䪲\p`‘o†Ap‹™Ô6ùÒ²ÅíJ’=d¹Ìæ@ò7 ç86Ù¼ýPÊB”œcÖéöJççÖKǹV!:†LE©ŠØ½ )';­ÆP3>›p2‚iv ‚AY숚h˜mdY"vxì ѹÌï3SaF\–ÌÈ5dël.•Á€Iþyß8\;êä´†»Nçy×°827u óÀ›•|¬+Ù¦Ñc†K—ä+,Ëñl¼Ì«Ýü™,¤ñ' ÏÎ’gäÙ·K6–©„±ÎÑðn¨ï9¾âçQ)3õÀ½ÊÌtjr–­y¶aÕÞr9ÌÛVý.0[×|ùêm2 [üºwÃFx¡Å±}6‹Ú™Q)ÂAÝ‚'àÏ~¥ƒƒÇÃgC´OõÎU´4þæO¶Ýv¿c8û»^Á½~Ïë‡<§¡©ð…“½¿öþbüŒendstream +endobj +1196 0 obj<>/XObject<<>>>>>>endobj +1197 0 obj<>stream +x­VaOÛHýž_1œ6Õ;vB‚ +¨è€æÀÒ©ºx7—-ö®»»&DºßÙµ8§-\¹ b{=óæíÌdç}m…ÐÇ¿Æ Fd­¾ÃÈ`8ã}„ÿŠÁ¢u·‚S|B¼@—Ñd 14ï÷!Nº3I+.LBr?• IßÅ_ÐeX¹tᦛ,‰ø›YFÂÊ^ײÁ½yDPŒe +%4H¹` ðöX +öy²®1£°ÊèÃn8@¶1íš%C+™2È•L˜Ö.†Tw~ɤû%÷Ýhè­ÇÎoÁ-^VHQèÜ:\'ŠçŽ$š)ƒ|[!0n)`¨5à½,—þµgK©ïOPM±~/ìmPÉX +»!HéS¦]`~ÏÀ¾Ývz —+²í\“³olzàœ‹âab€ $néû†=  +㫼ßë­®áRTÜm¨’ü=O02Ç +`ÝìREi›Ã¨+.ö6X•É¦[.äŽ.pç+fsæðk&ø€­tÅè¼àKíöﺰ怹]èêüêì2~?›OнO*y<‹O¦Ÿ)1 ~ï|êdºÛùйè\n`žÏ§iÞX»:¹ŽgWñ´­är”æ¶Óµ!Ê´+ÛÍÎáÆrì·DæëN’ƒWs~¼ó=K®aº3JŸÖÀþ6Î c–,%´Ûð_?‡‡Ï@zÑ?^xpƒŸ—ƒ? +p é4¸'*й”i€Ù ¼è§a^š=LûYŠ_zùS°:M/MóiPh¸^ 4Én‰cî~·ççJ<&ç;ucYàØ~­ ˜,/cB©ïy¾ UÇ¢¯xçóÿ´f™ÝQ®`«8[¡3IaŒ£ãyËšäs–;®‹½ÐnÿYj0ª¼£Wy^å=|•÷Þ«¼G¿æíU'Û¯yïÀ¥4å™Îí¼Àá¾™ïò”Í¿Õû)¿ tvë'R,;ÍgøT) {–2OÙ{’8„o g@25#'N¸Œ¡‚x2 šàåj…J}œ× +€= Fßr N÷QYU +d€2ŠvÇ~äïùpmO§~敾˜ã|vÃêQ?aôÈJ®î_\P¹Òp‘_î$;Y˜BݤµL¸S¤œò+n–ÀÕ0ö!^2œŸBªŒ¤éŒ¬vZã Ïìä>ŸÇáA¯Î_¥®Þ¼ÀE8=;?Á ª=߯™g…F”j‰µÌ´°hX“„¡†B@»ö„ÅÙ¤`¹]ŽÖv<“"5="Ý̽*6浶uX=§M(´ËÌ=ÍZ¹=pá¤Àz­ Ëj¢T¢2°VÌí¼J EÅcdcÓŽ`Á )ÀJbôþZpÅ2TvwuA’”ãJÙ+Áé¤Ò½áeôd£Ñž­Þõìâhs%¿°ÄÀ±L + ã䔽[›ïŽ#ÔÕ/i‘áxèGÔäh>Œ,ÊIÜú³õ öegendstream +endobj +1198 0 obj<>/XObject<<>>>>/Annots 595 0 R>>endobj +1199 0 obj<>stream +x¥W]sÓ8}ϯ¸ÃS˜%Nã¤Iº/;|:,¥ fº}Ql%Ø’±ä–ðë÷\ÉJ´ð° %Ø’îÕ9çž{ûm0¡ü›Ð"¥éœòjp’œà Løãã›Átq–Ìh>›ã³¢Ùt™,»o%}âõ4ŸN“”ßÍñ+|Ù¿J§Ø6[.°,ÅÿFÒz¦§8ãôt‰âžbIø·¦¬8ÚÆ¡¦g‹‡çù“4™?¶#̾x‘ Æç3šL([ãþó傲Â_û„²|xiœ$·Ž>‰j%¨0Ò’6Žl[צqx')7:—µ#³¦'WÒN6teL©ôæ ù¯Z”厤Âê&¡l«,áçn+5 *ÍFå¢|š}œÐhÂfÅ°îÂ:a­ÚhY3Tµ¥Su)‰£ó+°6MÅÁK# +Z‰Rè¡É4´ª$s‹ Ýé)s‡Ó/Ö´3-HøÖ*0áoxtôJR!׊ã"YSI¬Öègħϡ ÛÐV« ¬Ããˆæ9Z+ùIú%Õlh|žÆC¤n+©.ÕDnªJèâp¿×¥ßín«ò-åBRomÀ+\ðP~/ ‚êÆlQ…Ko¤–p>ÅRYç[wè¦Ç•p|~F„•2šÎ”‹dÊ”Jº¨zŸû\‘U½ðù{œý‡7 >¤­sõŸã±ê®›XÓ6¹D€L´tãÇ™²VïdYòo„<Ê°0y[á®>GM^¶¼CÉøc4è£Q®µjùJ]EY™ó7ìA£Qp¤ qÕ(éåÙ«0TfcŠ6lêpXKáÚ$ œ"&÷Ô£tõ“{ê' ]³? NㆿaÞ]×4¨*Ë.ccØPhÁYXˆÌÌƼ0>yó(Vð•— ¯ÂQ®²‰ŠSÎ4; ¸g7/í)%Eg§ã³%P +–U4 +NAµÈ¿Š´áyWž£E²äùÞ¤óEç±øü˽uݧÆ7Ó2‡d†¼(‡‘øR;ÐÞOéðÿ½L`J[ +ËKÅ•<#(få„BÁ—nå2`AËŠ[BèÑ–î]»ð,lGm7€Õ>z‹èq=Há0^f£t™LÎh4ã¦ÔÙfÒ„^Fäbõ¿ +¬]°yñ¦-ÕÀ°´÷øÿrVóJî °`†lnjÉûw®Xªt3Ü{H”~â¾;‚`ÍQy?,讟öÊØ+£2hG=ñÞ¶öÀÐ<Ž*<’6-<¨HÍòð ùZAOjåv”oeþ•™Aã«R¿ʬ)ú{é-ë0î¾ÀßÕ ò‰¦ÏWß_ì1dœn1)r^!JðzM34 +ÙŒÞ~¸Î>$u‡Pôa¨–‡U¯b ìÚxÇã»tãéôKX£I3kw†õ5óý ácªb³ $a—t%Œ[y£j÷ªÌÞýY›§L “5FO(ß÷ѵÀxÒ¡ëÿ:v‚>8ar3+ƒÉró4Î?쌕Ú[?;Ã.Z`dó—p“)±Ia~Ì·¼“çdö«F¥ï›de +Y’LLoÔ‹¡H4†ƒËê NÜë¯G‘÷ݶ?Àx§:ê®Ë®B'sü™¹œâϹSî~Ÿž¿ñó²ù‚‹^õGMŽ4ŠËG‹ÔO8¿ég‹Y²˜/Ã,4›ò¯³Á?ƒÿË…Åýendstream +endobj +1200 0 obj<>/XObject<<>>>>/Annots 598 0 R>>endobj +1201 0 obj<>stream +x•W]oã¶}ϯ˜î“ÄŠ¿â})²Ý Ú½ÝÛøbû   %ÚâFU’Š\ô¿ß3$e;Š Üf³q‰äœ9gÎŒþ¼ÓÿÆ´˜ÐtNYu1JF4Ž’9Í– ü>Á#iË7ð(ÿóß>]L§‹dEËQ2£Šf‹Er.Jº¿x·¾¸þiFã1­·8`¾\Ð:÷ËG´ÎëBÒFX•‘ª­e)œÒ55FgÒZRø®i«[CÖÉÆ’¨sj¤))Ó¹äÛ{#šFæ$ŒnëürýÇÝÄãd«MV*Y»p£‹cÀûôŸ5MvöÙ$<8¢U€0œÌt¶ÚH‘”lÛ4Ú8FV('3×r®´!A;õ(kÊ >LzÉ›h8%KÞ㿽kâ¯qBtˆæ-}’Žò F7F '©mJ-rÊ•ÁYÚ<Ó¹}x/$“×Yi,³Ò ŠsÏNpæ![oé?a^"§­*¥=·rú2Ú;k[ÉDÑmž5ªvÒ|àé%}¹þöõ}oŸ¿âõd ¹!+³3[¾ÜñãSzÜœ&”C>Ͻ9hvÆ‚ìq<üЩ*‡쯵$½êM)+K²Î ,¬¹ûDªªÁ HJÕ;ÿè]åwµˆB—È°£½ÀN«E…”7"c¥ú¬l¤ÛKYwAN“ Ã}FéÖÒQFAˆõQM6¡Ÿ 'ù$8€+ú¦ê\ï-ýkÉÊ6ç¤wdñÉ9½¹mðhï°_DðÍ@¤†îî°üwz¼'Ë7¾¶º]W7”!(?g ’±\•>7¨¹¨ˆ°=½ÞðMÝò°‰ÕSÄÍ{X y€gNÀÕ•‡žÑ6øF‡?ÆÝùê †a“\næã<ÈÓMB߸Ác +Â8éàÑ z0•:ãùAÐ!¢^4Üøàgôýõ‡w¾§n…òÔw)`Ò `ïÑ4<§›"Nƒƒ¸yÎe+ÖêŒ'>?®OìôHgzé=-@:ξ¨ø#n{±ŸV|/¥eª„µ æñìa/ ”•é +jWU*Ï_~Á¦o8<]¢¹þ3OŽ*ñýXg5v3 3ðßjlX*Ñ“@C×vt¼xä…Ÿ›h@…FËI14ŸÎ9ÈI/Y9ê0ÔÆ>¥jðY/óp½¦Ñ„2™c„À Ãt…‘x‰7+y×#)]¦Híj´6¬àÚþ1~žù:%46Z¯6L[`50ú²0»ó·I›®‚£Æ´õ+ëÔéÂþÿw}€^®ð×¥—…Á$ÌNV—-¿Ãñæ'r ­®ë±…0‡Û¯ß¸:zyûC/êú“<–œ×!ܵáz63ª9S¾°¾cEÞoÂcõÿ“·Aºéå¡KÇЃbºÉÝÓÛ{U6;Pá\óöúš»òi ©f<ŽìdRKwíóvxÅö;`Ý©PØn<þMà¬J:œ¨¤KÃð&Y-W4œ£wOýëÇmV¸¶Þý²²Œ}`<›%Ëå„æ *>/XObject<<>>>>>>endobj +1203 0 obj<>stream +x­SM›0½ó+æHxù†7êÇi«VAê…‹Á&ñÖØÔvÂî¿ïÈ*›½ôP¡ˆhð›yóÞóŸ Ÿª²ú1ˆI Ež òºÂÿ)þ ‡!Ø7ÁÃ×’šÒ”¤qe]¢¬¡a€¸8†¦›žÖRêY¨#ìšg„á„Ú±#½VÃZ¾v a¢†ŽÜqcâ4‚P øŒ/ë¨”Ô œ±ÒH7v(@”–$÷°É…t€qÁ× $‡6üÖîVH¿A¢ŠÔ^BD´iYmë^.ߘܵlÃÃì&5ªƒ+!Él{?*b’}Jpu¤›-šy OôÂQb®Àͨ+*wëc^Ï;Š ÁÇû4hƒçe³çiÒÆÞÅä:Úÿž©a‹ð7&õt¢Â½"ÿ÷¦„LXÚ¡úvÒZÚͲ+ù°Ý-ð£ÏÖÎ !aÓÚnþY@e~ Åôlá{óú¬öRpåìlj™»­G·f+¿öÚü®4Œ›ž–p-IfÜöFt˜QÔ ?Ãz„Ú°@ò#U(ì‘/[øèoë2è^ïH0>гtd_o LJ¼¥uþ]—…Oâáñiÿ?Œ~æ½Ã[ÑŸG\t‰‡ÇFWHT¥Kr+’xG³&È;iôøÎ8¬y›_<>¯rRá¥_°yáK_šàgðsc<»endstream +endobj +1204 0 obj<>/XObject<<>>>>>>endobj +1205 0 obj<>stream +x¥W]o7|÷¯X0šöIrIéФ1š‡¢.¢"Ixw<‰6<“<É÷ï;KždéÇê8¶t"w‡3ËÙõÝÉ„Æø7¡ù%½šQQŸŒ³1½~-hº˜ãå%þ;IÕÉÛåÉèê ]ŽiYaÇl¾ eIX=Æ“âÅ»µh‚t´Èèw™·«•2+ºvÊ„ôÂæZÖþåò&F™ÌS”‹WÓìq^,²IFLp¶l‹ ¬I+§4™ô+/çÙŒW.×ʾùµuJé §ÞC¶¢µÝR°x + Ôìò7.姭 +kú(ê\d#¥í¹ôG;9û˜.&¯ºãíû¨•³5p|üó-ZI83ÞsxòÒm¤;'cñx-É⇣­èH8Ûš2£+ëâ'Nb¡—Ø!ùý ·¼u£¥íÓ–ÊÉ"X×eýÒËY6ejþº='o©³-ò$4qÓcX¡c¡£ëwÌVÎ3R–‹#)KÞ¨@„)™õ°a0·´ Ï*ŠÐ +­;*Á…é4PÁK]“ +tÓ"BE²Ve‰ê†r¶RÀÈv´rr~4ÈüQ÷ñ}›ûÎYg½`Iª `1ý•ÒøÁ‚ñ;„Æ/CðþpAÔOÞ£ÐtÙ$-l ¤åiFŸÀEJOýÃH\ )ÁTÛ0{@=T‰ÉÞ®-àD²c1–K_kPÞzVÀÆ‚Æg†|gø¼J2ÕÔ9©å†Þ-ûòb»VÅ:æǵhuIÚÚÛt@B<>ÿ.&1éXÉ//Q–òGÞ0ºӛݥ›¦Ê¢øõy¥m.ô¿»°c¸Ê.}H*øéjÒ‰Ä~$×7Gß+9¡›»=—)ì­d ¸‹îZÙ{¡NÂ7ôQWG¸[µÝH ¸±ùW¡Ž:£ÊŸ<™€küB£p£e¤›räùž'Æ}ªw)Tµ[VÔ’Q·tkàP"·mx†mJçmÔ®À"§Á68Mšà"é–Gz¾zÀ>”“¾­bAž `¡ßŠ5ºzt¶÷É‘ž…ŸP탾ֻQ® Èstï볆ΞVò°ŽvßÅÚzf÷aíÆ`1î¾ù[ÇÄ÷!|Â_¤JüïPà‰"êIºÏ×ÀIá­h¥hp•h5´J]5RÊ·-ºGï É)t<§¼ ì½Ê›ŒU(·±L}—Ÿ²yïÎÒ·½Ö°xè«ìúÑ[Ö E —·ì$HË´-à—p©Rq#öÉ«zé=wj¶$¡ÑþÐh9HÕ¢G òùFªR0ÁΈZúsîɱÊnÕÅ“`ÀÇ +ë¸ÒõoË?h#t+ýÐn?±ÏsCë­&À'HÜâE.û›TÆÖ´UZ#Ï-ûzIcpò4OÌ_rÐ}†7íP«8µÌ üÁ\€ Ž6ú"š)\-ѤS¶T ³ÐR‹H<ö÷%™=ŠÝCù¨ +§ØãðQ#z2@ð_ñ„¯%ªä'úPíßP%”ŽL'²jµZØ6€jYø§‹&;ú–§=(gü{—D€¿aÒÀ9ÝÊ”pke¸QJ:eáL[çÒ¢(¼Z1GÁÒÆÉ!9oÈ»T=©ë kc‰¸g¿jèçèÒ§µ(œõ§‰\n=e‡Bì•q²Ñ¢@Ú8FŠs!R‰ ûÚC_G±-y­\bÌC’Æ3ÏMÍC—Ãp|H®y®3~z^œ[¢Ò‰¬0²0ç¼ +úíXƒÜ¼'Ò#]*®³›§1žæ ÜhäÞQ,ª´A¡ršÑÕâa^ŸÍÒ¼þýLçÓl>[à ÓG|¿<ùûä?%Ìendstream +endobj +1206 0 obj<>/XObject<<>>>>>>endobj +1207 0 obj<>stream +xVmOãFþί˜êŽ†“'NLBʼn;é*UÐ&UUÖö$^b{Íîš@_þ{gví"„øeÞç™göþ „!ý†0ÁxIq0 †0ŠNè4›ò5}4Âʽ˜DÁ¤ûüóò`ðõÂ),Wdj2 a™™a™Í‚Q×ëµ,×PiYZÔô­â óiyGꄤÅêýÑ”\,Ó£Ëa+žÀ*HYÛkz^¤á·Æ +m!~¢(«\$,a34‰* +Q¦°•6“ažƒI´¬,©eÂ’|¢tʹÇÁˆ] ½® ,IŽÕé=™¢ ùZ¹{—¬dŽœƒ‘E•#à£pßN†bÛHÒö7åÚ@!×ʼn§>å!œ´GAÄn¡ùñÆÛèç0°E50âý‹Ã +]Ù¸X¡/k~øaËò»`›Ô0˜µÖ?À¡SSO]è‰p×ÚEXÔoèj£™B¿‚3E¸¨ÞPpÎt]6ô½à‚r*î!j­4hŒXc›Rø"^ßS/ÞVÄõ“»¢"¢"$QÂFÉÚ“ª5˜'c±x#¦]y¥¡OWCø8‚ÑÙÙ¯z‰K‡Êe†%ûðhá0àa¢…z`JÀ_$U€W WjŽÙ÷ð¾Æ¡DL„cjˆUU…)È”4 Œlì"“-x]B½­=@W_¢;ï…WÂ?Ñè?8L2™lš˜ÉN¥¼ä˜%M'¹$èÃ`«Dä™2vo£ŽŠHS<öJ$²šS#ù7‚8ƶ·£ãc( a6sº +ÚÏ°cîJ³¥:œBçÅ…*„,ç×ç‹åùïË[¸\̯ÿ(åã-,P? ž_/D f­`zÛQ¦dNáææ¬i‚kø«ä«ÚZn!·=*”0T®~8=Gpsʼnææݘ5Á— ¯y¸Ï«k\çe8ŒNÜØ›áw_­¯Žð.þD” æÀÊ‘/n¤üûœÓ D898%K)ÌŽÂ;lþÒšhÌbºÏÆ[îࣴ¬øöTAχף HeBãÜ°4Cž“ØR<ÒÓh ½30‰ùY†ü4H%êKKŒkr)—A1 I´‘7LÏ3JYŠ‰ôVjiFÕ–°Ð®€Ò]äJm€V;|É/~haËë…e4š:ç=¢qŸëûZ&›¼¡ ò ²]1nËñ’s„çˆÍ±çã.€Ëí%¨PñʘXÛÅêµ(¹có&éÚdà,%¢òqqV¨©^Fª’¶\ BKEóŒ¯|õžïúþ¸Y]³`ÀŸœµ“Gm UðÍEôóë¦7+¾­>mW­5ÝVº4=Îb­EÁ,˜d˜l:ü^Š(EŽŽy…Õ†+Cõâž.åßÄHGÝꥌ›}ý“3À( 8ö²'Ïe^›$¼¨äë4ÝÆð|Äæ×HÍ%0ìJ/KÚX…°TsXiU´ë„bkn›2øeÂ6,mÖJå¹Úr¾ äèaÛÞv{bÁG«EbIï¼¾/۾؟pç ²«Ð3Þ¿îØ@#½Ë¼çk5kN}á„š³1L¢c>©,Îý|WZÝabáB%î0æÊÄzýV¼?Ñ 3}Ï 3šFÁt2£ó%ÉGS6óeyðÛÁÿó—Yéendstream +endobj +1208 0 obj<>/XObject<<>>>>>>endobj +1209 0 obj<>stream +x•WïoÚHýž¿b¾‘JàBFê‡Tm®­Ú*×PÝUŠtZì6µ½Î®‚Ô?þÞÌÚÆ8ÑU§(!˜ÝùñæÍ›áþdLgøÓ|Bç3Š³“³èŒ&óWÑ”¦‹9ÿ_§i}òvyòòê5ç´\ãÊl1¦eB8~vFËøtM#ºÑeiò UÎäe¬ +RyÞ×îA;ÿbyKSÃ[MæÑ ¶NØŠ2µ§\ë„J‹ó%[ò6Ó­9Okëho+G7*[)ò{_êŒW^Gô±$ãÉ—Îæ›tÈc›e:OØâV•|“ýÃëø<š°W\ÃGÈPÅ&5¥ÑÎìƒá+«½|$¹/¬MµëDv_é +ÇÛ 9]“#ÀL•ÆæQíi2šðvú¾2×´[GªÍ\oœ’|àuø¸kš–[äÙ‚Üùˆ¶ÊsÔ½4CTü3zÝ`? ±å*Ó¿Tj”‡—IE¶àLÞ<¨´Òxîw‹'¥»Bè*ͬ/ñ’†¸˜¡:~x€ ØÕ€² +§WšP¡Âz msTÌ®a¡Øª¼Ê´31cR¡|ÎÇ4ü3èåo•Sq‰ 3¥v +Þr0vGÛ}±Õ¹§ÛÓÁhpû‚ÐN§iD—9N cæŒâÿa'Gí´À!\cnÎÚ ¹Ô=ÿrMìPNÓ*Ö`a"Ø•°?EƒÀÄr@je«²‹H„j(Î^A +Ð#ƒ=S›MÜÞ’*{þ9<ð›qKMŽcèýXò£6ræ%gUZš"Õá`Ÿ4ðUø•~Ó*ÃQÏv[–­ ž… £†Ö…£;.e ’ ÇAŽÐà†ät¿ÇÛ¶é +8vtIIêqt}òìõ/{ºf‰i¯L+”H +Úà^ƒ~dðü9ƒ~{|Ñ£@;‹ÄÙ*µM“78Q¿?²é{š! üÎÜs¶^[£É«Är¨DZûP‘nßïÀqZ‡RøR¹R'Ã5+Tõ'ú MµAEÁÍ#ftlHŸæœJG Å8±rqm¹©ÐÝO˜ n|‰Ö¶^Zéä6Û1ÇÀ*| +å­ƒ +ðùú[«ólb1„Üi•Œs i_­2SBSZLö˜xiÚsž[éèÏw¯ÿcåàÆ]×J>/XObject<<>>>>>>endobj +1211 0 obj<>stream +xVÛnÛF}÷W N™ºX•d¿9q ´@.MTŒ+r%mLî2Ü¥þøž™%%ZQƒ:1@ï’s9sæÌ|=ÓÿÆ4ŸÐåŒÒâl”Œh6ž'Sš.æxžà·Ò´–‹Éì*Yœº/Ƨ¿˜ŸøàÍòlx7¢+Z®á{¶ÀCFð;Ñ2}EøI3>ªjèKçòa^fò26è +w/IN)3•Nƒ«rk’kúâVþõòËÙˆ.Æ#ºÌÄZîÙæ韗´66ã/ñëSŸó9eë›Ñh\4[ç»ÞMi<Ž\Lfìê/W“ߺ:ϨPš| ÜÂVj\]Å‘¯ËÒUÁãÊxZ»ªÀ>õÞôº •Æ*…,i«<ëƒÊs‘êÒ¼L&ìû<€PÒy´µ3yN©³º +8A 9‘àHu^UYV_ª€KøèÇ™Ä,¯hC×…º$ïÖaÇPs\ª3ðÄ‹¸äÎVͳ +eëµJ^Ú;î:¦h‚­½&9ôHˤT´m1¬EGÚÖò´3a) :*’6àÈL¿I:hõÍú9­LD¿P¹mçTE4H_š(« DpÌÀ¼3iå>J‘º ÝÁµþ¦Š2ת-ýOc¯~>òŒ;¦D~]G:žbîÇ8üSû@ïU¡Ÿî_}2›m ·¹Iî_„šBlÆkÈÊKVO7Ù#ó/{ú² /Qu·ó")Pètëœ‰× ñÛPå·B貄¡¸¬áà?»„„7Bw`Ò q¿Ò8ÊÜ€07Dejâü„8l¸†°øŒç@è6úû–ý1ÐpÎœàG®3¢ƒÃs¦ªÅSÉÓ¡š¤¸ÎƒAØL¡š#穪‘&XW†…På"¼êýh Íú¤v=—­¼ˆ\>Ðí:`Õ¿×x‘´©AÎVT+® l;Ÿ1íbÛ8ÄYÇÛyç—[¥{°Åø‰kž Q [iıÁøáWdÖ±€É%Ó[šêY+x–7(4¬X‡–‰ÛÅ‘ã~UXÙQ ²:2I[–':¿é4ŽÛ‡w’[)+²:çNë{ýQQ u„'é•–r'ëñÞaóèt™xügÒV0äèýnL*lrýÄé¥T?bבíàÀŒ6ô¶©„¡)¡óÝÂ"+…ÁþèÍ?Ü;È…­ÈqØ#§ýOBlõx·h÷×ñ kþâ’f“«¸A}¾y÷æµs_Xƒo]ZPUš_t\Ì'XØÿÇ>8O“ùl]oO¯ØÈ/˳ßÏþêÉendstream +endobj +1212 0 obj<>/XObject<<>>>>>>endobj +1213 0 obj<>stream +xuËNÃ0E÷ùŠ»£H­§!v–­‰Pÿ@“4Uc—ÄAäD–%KsÎÜñ|F1 •`—¡ê£XÄÈ’\¤HµâwÂw 4ÑÁDÛçRÁ4¬dZÂÔ`<Žaª•¹ÀÔTNmÛÙöÞœYI!™ Ê&Q"ciõÒÀŸEé¾hÁá»ëˆÚÙ;]®ëXôÅ\f7ÁÕðåÀÑÙßœƒv²ãã>/XObject<<>>>>/Annots 605 0 R>>endobj +1215 0 obj<>stream +x…WMoÛF½ûW t‰ Ø´%K¶\ ‡¤NZ£pÜÆrˆŠbE.%Æ$—Ý]Zß7³$EÓn‹ ‚)îÎÇ›7oFMèÿ&t5¥‹KŠ‹£óèßðÇ„?>ÿÂßÐ|ÁŸÍ.¢ióÓÃÑÅ|Á/ç³ðr1&Í¿Ìa‚æÓ«èW§³y´hžø-œ],ðn¶¸ÂßSü·šÒ£÷Ë£³×4=§eŠØ.¯´L$$|ÞªÊkK×=踶™ßS®Ÿtßäæä*Ü<½˜!Úe2¾Ž&Ý–Þš¤Ž}fÊprF“IsRbÄÉU¬¹ºªŒõŽü™<7»¬Ü©ø.¾5òb“›µÊÉë(6eJ•²ªÐ-X?§ëÖø,šq_Ã?ù½ ,³ÝÐÙÇiwcr¨pÃ5 >³8¦·ôÕm•Õ?j§íjœèTÕ¹_ÿHL¡²ò‡JÜÀ‰x'ý¤/ÙÇï¹VNú 6©u9ªD^FÁRíø¯¬Äß…b(H•I{%1q]èÒ¿žÜ˜nîïÞÝ~úëîÃÝûŸ£­/òç'ÛÏétÂ$Cdì3­-Š`i­âÇ55&Ú«,wÿ!_*L¢©Å*¢%ªö%+³s`Hü›¶kmkÏ·GåbˆãàuÕ¡œäê˜2ÜÔ.¶ÙZ'ÈŸ«ÿ<ø¶†czwópúëý—åý¤8Žä6N/1îS!”Z›'}B£.¼·HÊ>i;¢B+&ÞVy +µºa¨¡8Ï€{ó6ó­­Ë’‹XGÌItDë:”笊}­ò|";§išžIÕȱôYêlõßµvìàæF*Ò7ÂdäÙ9gÆÀ•$3E Qîš…FìzglÒ$KoG!ÑÊd’Vè6«Ñkƒ°nË¿ XIÇ÷¨µÖ]MË ÐÆá0ñëŽBŸ–Md'R¥\±ú”š³ÇñJ­s äH—±ÝC›A“SjêܺÑ)?K\_¨D!®£iDw2›¢Ê!& ñDyØGǾäõ{šÅ½óŽîÞ·ˆz£_Pµ†+¸œWÖ×í˜SʉÙ=£‘tb‚âß™NG"BA|GƒTYC‚ň¾l³xË) è êEdu¬(H“¦:n¤w§öý38ŽÞ³N1 Ýx`uæÎSH¾GÇã4K ({,8 ÕX¸¼§ ˆãI÷à;zcjý>£†Xjá‡mz,ÍÇÁøLFO^Î[UnÐËè8Æ2EDÜŒ»Ìo{“ª*kT@eãY%åÃT³{xàNæûh%/ÙÅÈÁ<Ës<®÷ð¸žÈY~n\1»M ˜½PàE=A\…Ñ\ÂÝV㲕V–ÉÉ@ ÌN'C»}‹­NbXàšÔþÀÙ4³Î#$ä<\Æ·’ík§Y7˜v)æªs<|œ‡¼Cß`faHÊÍíʶ€±7±É©ÔÃHÂH#Y &'R“¸KÌq®•&逄¼5ÊÊ Å±®ì<ou!{öqqø•|ŸËÉÿüŸ]Í¢«ËEþù„Ãÿ°<úãèË b©endstream +endobj +1216 0 obj<>/XObject<<>>>>>>endobj +1217 0 obj<>stream +x…VMoã6½ûW tʉâ¯ÚΡ‡MÛ{Ð"Š{¡%ÊâF"U’Š×ÿ¾oFŽ•EàÀÉyoÞ¼êßÙ‚æø[ÐvI« eõlžÎiõð€ÿëÝÿ—øxMÅìq?»ZÓbAûG6»-ísÂöùœöÙÍ©ÔØf"™@ŠÚ ½Uµ¾oT'çsŠ¥êÖÚXjM¦¢ÎoɺˆíI(•¿lNÒ/û³9Ý-7é(7ÏÊž)«  +ÚærF‡`œÅïØ6 é7mÉÒxäß´g*ë›*¬WXÈZoâ9¥}©Ï@÷µªªóóMU&ﱫtÉØC*th#ÐQJ/ª>(ˆ“!¿\À›«¨2!’+(i¨*=®‡$¥¿¡ƒ°í›À²J”;Íj&ÑkM™³Vg)'¬³ª‚#•3²ëÀŽÓgåW¤ìñíLÑãã†8üõ;gW´ÎOðK‡¹AvÑy£Ã÷/¤Xw‚“ ’œÎY`†Iø!ýšP¨)˜X·Zdãz`¯¥¬ÔÙk¶õv‚¬ŽÊX‡­?Õî[Yj³’ƒ®5 Í\:=ňïÍFŠááB¦:uØ“±b„¤·ŽØÙŒ~ùÆFW];‰a)ˆúu¯çáS)ËȦó¿´$c +“´¯ÃvÊõ™Hfƒµí‘T®CæÍ‚jåÑ$¾;|E*ªWX &¨Lä“F}'#·LȵQ×M—YåŽ\yv×hèòN‚„]K{$ýSe-ö/1‘Ž …wµ@tJ¤„‹’½Ö]‡‹÷®õëg™¾Ò ƒ ++åS—Ý㬹ôk +4˜ÄDÈë¢C °ªCDO/Ͻ]&z‹?QlêÇ\‹ÁåÚ +²s£#®î2‡YsÌ7h•— ZxjÂ-us˜wôE]UáÞM'îÁØý\”¹=¡jìí8g>Á Å™Ð6×µÍü¹áÙ$%Â’ØUÔí÷Á˜×4L,ÑÄÎrõ:‘h¯úŒ1¹G*s#irÅäÀ¯¡2é{h̳:%±ToŽ§^ÝLà®Ö'€O0/)¶ +ÃÅ Š¸Th[¯oÅ\çwÁkL¬ˆò ºQwB!2ŒËˆl‹ jˆg,^ˆù@G¢„;zÕ”¸3ù®2õ8¹ÿ `¨Pz¥µæ'lñ.(_‘Ø÷?ÐØ…´ªËK6®L¾6_…2ž/I ƒl­¬:êw1LòeE»Ÿ@OR<±Úì܃¦W4à$eÈÎ6Çß?íú7ŠÅo»­óîÞ}ùúüø•þôî® úÝe-C*ö¼Üm—xÉo~+UÑz¸˜û©Ý™;ðöõvn7;¼¸`ë/K~ôÇ~ö×ì?ˆ öendstream +endobj +1218 0 obj<>/XObject<<>>>>/Annots 612 0 R>>endobj +1219 0 obj<>stream +x•WïoÛ6ýî¿â€a€ +IJe;vR´’¦2 éV{û2ï%Ñ–IôH*Žÿû½#%ÿ`E 'É»wïÞÝ1ÿö"â'¢ÙˆÆSJÊÞ0â Eüõõ×^4™†3šD³pD%¢QxÝ<4ïfWᘢá0œ`u|9ĪâÕëYÑt^a-š\cÍ=ðÒÑ#Ö¦ãv#¯Ý.zƒûk i±¼é슩C…7Ið)+5ü„ddRëÜîè#¥ªyEøÌE …¯ïßœ¥hæ-õÇD±HBúMåU^­ITô´ ;~›Ûloaä-L(Š £Y8e 7ÆÔ¥¤ª)/’ÄþÌ+@éàs–=I{ûðeN•À~µ"o;“Áüó׿¢S7¥$´¤o'›Q2=53¤~4ö±Ý}y옻 m–'€àüýîÓÿ„KØÜ1æ°Ù­¢X$Ïõ¦¥=Q•Õ +À´ñÖ›°ùô8&Át)€ŸÛ»Oß%á4ÊÀïìd% °ñ2šB†HÎCEJ§HUŽB²™l€^Ð*×Æ’±jC ²I[*d©*Ðâu]¹‰*K<¿?Å€`Z7Z)û“_štŽ/ÃÙ%4 ¦Œ7˜mJýoàÔ×ü‹éïÿéO¡r¼nÒR4V «ôÏîð›Zñõ½í½w$s Ý©ä¥óDZð+ö¸R #¶M×2àU;*E’å•ôË,‘- -.(DëèàYóÑ'8¦3Ö•8šœ&Жi´À_L…Ÿ?Cÿê„6¾|ßí«çœNä?Lß“`õŽQ×tÞžÓx6¿c©Z¦©Ÿ¨ 6ówmÞ,–¶7j3¯Ž?Náq‡ÔÜ!æu„a9ÒìZ}Ç–¿äžÖϳèíè)¡VªyólZ« -åGòÐ17á6AAi0Uû‰÷„ðRö‹¥õõj„ã sóÉA¼lò:k/Æˉ3¦¬Ó‚jॠ¼^~¹Xn·Náᣥê_˜xqÍÔ~s Š…¶°´«;íÕʨwÑoÏkÐ$}Ê‘9‘øÐ ‹sÂbNûl¿lÊŠ]Ád‡S¶:¹zKUýÛgA=LYÐj/qV8NÐw-@%¯­Œ¶NåB¨çã·VÖOëÐËÕs+›Zh Å´¡NÅA¨ƒoL´•ÐP`/ €´¼üÜç@83ÃŽ:¼_é´hÁ¡×ð…!z/û@®p¾Ñ%8T›Â}r5{qÉ6_o6Ÿè£?®™Ô™Aç݉çÎØ·ÈÍ·V§0Öè§iùà¤TÑr·”•» -¸‹„um=¹Z„bܱƋSšLÁõÙ”õÆ‘’nkóÛ7🵙 >îLŽçcZöÞj2[D³i‚ûöÆñ”}|Ú ¾ þ©q»endstream -endobj -1313 0 obj<>/XObject<<>>>>/Annots 814 0 R>>endobj -1314 0 obj<>stream -x­V]oÛ6}ϯ¸ÈKS –#ù#O뺥-´[ã6К¢,Ö’¨‘”5ÿûKJŽëÛ†À±d’÷ãœsïåŸg)]â/¥«ŒfK’õÙer‰_ÿ>½=Ë®³dF‹e–Ì©¦yv\ o=ð~Z,²dIóë+²EŠÿÅÇâûyu6½»¡ì’VòY^]Ó*iàyñîããê#½–R9G¢^ r¦³R‘4¹¢ôæËÃËÕ·`%½ŠV&3Ž~•_¼o¼5y'½6MÜ4§46eWˆ›¢Yí(W;U™Vå¤ á±!Õì´5M­ŸÐ/Ãë¨sŠ]Ó׋7¦‘µØ@_”up¥› =ìWõ×—ä {¾¤I:‹AËRÉ­nÎqVTÎж1=::—¦®µ?Ç©FõÇ™&1ùŽvÂjÓ¹à{mEcŽ$¢]+'Ä\NœŠÆ4ûz<Ø9Ñ— -™:o#@ €ºŠùûˆÈR´^Ùd0îæŒØŠ×r#;F…ð,¨6¹.4»Ž)~´_˜®ÉIx*½oo§SÇ„&ÆnâÓTî\RúºŠTÝÐ1ŸÁ1>ˆÁ:ûŸ¡v… k!Kݨ§Ýd»†Cn»u¥eµ`Óë*2jUkœöÆî©0vX!Ÿcõ!EAX>b¸r+6ʽ¼²êr;ûŠ¬Û7âÊé›ö€vÝmB˜¨<ï †üz±wŒa¤td‹ówÊÂ'™ñhwBsiœlqQ¥ÀŒ‹j2K#otCÕôjý pÌï¦ ’ŠÎÈ›ÏïQ…Tˆ¾´WôøøHkkzÇé°$ª -¯¼¡;²$Mã!Îî$xÝäz§óNTT@†ŽË5zDj6+c¶,¦¸e§¹ò®s¼1Vöm”§æGUuyÈškR¸mdŸ ë‚*˜eÖÊ÷ -]A4ûÀÕ vØ? u´>ÖÌgô Žôó§{ºý±äFOÖºá8ðòÏ bç¿Ñ‰½“]k—9Ô[m˜"YéÐây½üÌ]ÝÉÅ i2oÖTdX}¼„¦sB`n¨×¾|ž´c9„h:O}iPuC`Þ*xeæ¶Jµl¥¦߆rqÈOŸ¸f®qÒ êƒ9ãÖªB¡5çT+_šü©¢H! .:qèü¨vxoŒ§oóX±GiNGNWˆ ­»2"î*„‰c çÖ¯¨5}˜ÙÑÒ¨ÛïÔÐ÷}"÷ B&Hgš„`øu yäËÙ½xgzFg£‚ÏPi³MÂd@þÐD…ï9G4^ÐƧÞ~øLo»çრ-¦ê×— }0Ù—±¢|žïo+ÚRKà )*ÇK ­´Ö †Ô§]È^ÙB`j#ZŽÁð¡k°]#0î 8¼G"§­-u83: Üï0¶÷ïšz,®ïá<­Gp·áF;t¦P‡É ò€çX Ã,´p¯ZìC[/©¿DÝ©Ž3Ð9ÌCäúèH?ÃÒ´ûq6†‘p¬”Ѷ"Ïöxé© j 04rá’Åêº5z”ï‰\®Ð½ô'²&5¢V¼„«ãdTó{\еÁò`c ½Æ -geöìq?ákÑqcõÔHÍLØ}@}‚+nsùEš;Åëá2ô©‹s¨_^žÞ-Ž.iÕƒ-Orºmãø»ÅûO‡ùËmÓ”-z½¥2½¯ À1Åǽt¡»Çö<µÂ¹ÞXp·oUqz—1\ÀtŒj4xqH -·g¾®^dOy-ÕòÎJwïã`XÇÄf1‚éÝõö$[Ðd17Üÿ~‹ž/¯“å"èJ—ìñ×ÕÙïgìðHendstream -endobj -1315 0 obj<>/XObject<<>>>>>>endobj -1316 0 obj<>stream -xu”Mo›@†ïüŠW=90`;>ÕiåR%UPs‰­—Á&‚]gw±•ßÙ·ùP…@†¯÷™¿FR¾2,rÌ -È.J“糌Ÿóå‚Ÿ9߆PG—e4½™#ËPÖÞ¶X.PV`û4E)'å®±86m iH8‚@Õ’N›7HѶTÁŠn# µr¢QÚÂí-[7žYÝIlRž&MBI°¹½^_•/QŠ8›%9'ž8±ÝrHy°Ø¡äîé,A(BöÆr-§ÕüË,œ‘f¬§¢µzß±œ!J|è˜cçE2÷±ü~ƒ’…æ" |,CaCÐ_?'ß¼¡·'>Èô& Mb3|8!›@¨ŠS׃r%:V¸FÛ0]I¿* †ö”¿Ö=‡Ò*úvõOÍ7ìÅ–ë«ÃÉ@ûHØÆ…4Rw»zí=rn˜ÓŸ’ Ú‚ÿؘœyjIØ¡/'ʺo™¡ÒŠ>’¨uÛê£çâ²ìxzs>²yGÚ·/®°Ú[22+~ÿêN´Ù®¦üj´v±ÁÃúçåú9·aùÈ÷Ýh<îH1ƒ7Ýã(|—5:2Œ¦ Ò˜ÉP[îsÏúü<~©µÑ¶Û ÞŸˆ ˜ÿÎúj(ë?Zû}åwƒ%Ç÷ëy³fIáçož`8\ŽÄ²9ïár†,_ î~á Õ–½Ÿfá­¼gœ¼¼ì/Ò ñöî±¼ÃZJ²a ߯ڡà¡÷®ób™ç9ÿ+°[–-ü·ë2úýX—Eïendstream -endobj -1317 0 obj<>/XObject<<>>>>/Annots 817 0 R>>endobj -1318 0 obj<>stream -xuW]oÛ6}ϯ¸0,ù+vÜŶ¢kW`[k`(ÐZº’ØP¢FRqüïw.)9®’!±,[äý8÷Üsé/4Çß‚î–´ÚPÞ\̳9ÝÎï²[ºÝÞá~‰—c*å–ž.Ÿ?^,+<\-ÖÙ†Z¬ï²ÕðÉЗhh¹ÙdË熶[/®«ôz‹ÝÉåjÛèóÝnê«g^ÓrN»o+bXø&¿úÌuA·½ë+ÿj÷ýBV/îÒê›Õ-ÂÙWŸÚàlÑçAÛ6-º¥ÅbX´¼C>X´«™¸QÚ* -ÇÞSiíû -±‰OÚ“WÍ^ý¯™u•›ÓÍrü`â/ÃÊ3u ÌÝàba@øûKm˜ö ËLGÛ“ï÷¤Îüdô›ñöšºdÌ3“. ‹jå)¯U[qáÀ“&æé8îñׄ¥¦F±2m$¦§„䛆Ţö ©@ÞJ¸ˆ9{9/…¸¨°b¼éóZÞ%‡\µòî<›R²­ÙtœÊï±øÐŽ^3ú"à Š@¹ xI"G$_p¡s¸üŽùTÎöÙ’:¶€ƒµ¥kú60;±«qE¼×äïµ1žT[—@7øŒþaŸ³~•£F0OõÝÛ>¢¹ NÈ`â¹³Þë½Ap­?°ƒs­¬©”~­«a€9K”0––Ç8Šý(¥‹ufDÖ#@º,øíØM\–Nc‘9^ž•H" däÃæh/ ¦zo©µà‘÷½ÔPv ž‘‰$š -êÈmn›.ëœ 6·Æg¾ÙSË?À‘H CŒŽûa@€ò$ìÈm2ú4dÚûŽóˆmˆ´ 8Ún¤ð1ƘßP¤-uÕ;%yZˆ[)6€çAJmÉ ‚R3; @JÌ’âŽ!ÇÀ#Ô\áõíJppp ú|{Eë9ôÍÊ -@ËÎHhŸÚG!ú¯QÌ)ö_Ѳ4¶‡ÑÒû–Œµ÷°gûªŽ Ûð#ªÊå5؉v=ÔZú ‘nÁ„ äËsèxzÅ>š¤žÒ>ðž:U1Ø‘¡{3›*ÝÍdãT£d}ä–2¤Û2;ûð‚4¾K‚•Ä*Êí¹`¡½.04*§WŽÄÎY‡füSðÐI(N•0I¬Ý?h z7ÈUÒ˜$‹ؘØHñ\ýŒ>l´ %õ‚Æ‚²¢®`ìC§\#õûC%…Ï­Cq ~GhÒã´¸HÃÃ_2XC†‚ZU­õÚÿB;Qvü?°;’ndX¨öY‹ý¡ÛÜô£b.DÑ8¡î -uŠñI¤…<­ˆ¸ïÁ$¢Z4´Rz!nàG• YÒô)ôŠ'VpI¢Ü½„,Ò:I?£pž’G‚½ôˆÁˆË‹ zÏ­U&ð BòbQVÊSí1• - a Ä<™÷ ‰•`S*Œô'š£“c‹9.{/ë`b -åŒBc `“ôÅõçDÄ¢Ö ±ã|Œuƒ”½Éè=ÃZq×(_*šˆyJ݆ L«H·Åœ|mØö‚ëѨ'¾èœF1ëi#Ép%z'UÁ˜æ‰jE¤«M£§Ðþž|§òg£z'J™*[<FvK`³ëáàsu–ÍÛôh,ÛÕ©OÓ÷8/ƳÒæD& 7YžÑ×s,uê¨Ôg HJÓgÇ–iÆï=ÚÔ¶2¨¡xbÞ3w0‚ŽÞÃJÒ Æ’q]FHLŠ‡,x~3†þZNy‹ìvµÄ1mmñŽƒÚ)zK‹ù©ãÃxN{K³Þ»™±¹2ƒŽ½Çç*û©™lÛúöŒÐ ŸTöfŒ Gð›ð—rŒUäšHMc2C^Œêäa@.íyªé!ÎÂËáé¥è•´E«p^q?f4&™ˆŠ¢=¦FaÒ“2‚ÔÉ o4ú‡ž6 ª–Άáu”YÈTƒ3\ -ë>#aê–IP‰T¨¶Hn¸Ê{HÎ!?â`…!ô-ŠJ¡Ëê…žóÞé€@>pƒ¡‹.Œ A»ˆC.9RpâynÐÁíÓïüÈX¯ÖBœç¿Fn7Ûl³^â— /[±ùûîâï‹ÿ¼ºU6endstream -endobj -1319 0 obj<>/XObject<<>>>>>>endobj -1320 0 obj<>stream -x•WKo7¾ûWLu© IJä‡ìèÁAlÀ@㺎Z €/Ü]TI®eýû~3ܵ Ù>A€„Krf¾Ç õïÁŒ¦ø3£‹:SÙL'SšÏ¦“:»¼À¿Oð7hªåÃÉùÅäò½³óùû'æïø²88¾9£ÙŒ5‚Ï//hQO§´(Ç‹¥¦ÃÅOìAb²gÛbRzWçåá蘴Ka›χ½d}CV?iK¿ïï7‘âÖy·m}icÒ’¢½{M¥‹®ùàž´T‰–*R¡µ£.ꊌ#o+8䔎f§ÀcQŸtˆÆ»H¾¦ïª-)‡Í|Ò¸È&eŽ×>P¡ÊÕF…*RéÛµJ¦0Ö¤- ÚX'}“ù䌃\E.ãàð¤l§9 ãÊ ç¿õ±)•>T¤(šÆ™Ú”Ê%»vrÒd%5¼d -h‘²wCr7¨¬õ1½Úí×:ÈÞ(a[µ%ç9<W§Äw.M³Ô•)G§ºÓ* …A 0Âr¡) Æç©=쇋élú §X½V¡‡\Ñ?×?ȪÐhzò¶k5ÃͪTRRËñÍgšA¢¬Õ£Ó³ ù­K:8eI‡àCÌØÂľ“‹Éœ©¹­¥ÄF#=ÝÞ-®î®þ ë‡‡?FÔê"C<À?H\a˜LÂG݈Բr`„¢;§Ÿ×ºL()Rv¯ìÍ¡Ð9't›˜èuð…*?àÛ´P¼@µê,ß -­°TêÀ’ÄÎ_1Úœ`ÎáqÜ9(PˆÛ‹»TOè|ßÞ¤ 0“n)ú:ñÒãanP/ bX” -ÔÁãD[TüÉ1¢Í—*À£*Å%·‚ë.@ýåjCVŒzcÚKöû·// xmžò5sB‹¥x£ö òF -0ò–^w–ÑÙ±J+¿Áÿ?çf¥NZ[öÔ^DXÍv¸=ÝŒ,ÔèCL3`ònŒKßYæ%ú¾Zú %Ïg‚¯ºêßþD¦¦µÑ ÝKÔªïBìsïD]½•Í(!kQˆúú–•Z¯áC`… hþ ‚QìŠÊÊä<Ä©í6°²+¬´^‹Ú÷ð‰ÒÙy¹Çe$(²çÛDŸ=É{+Mó-@ z&‹ÁæÆVyÁà7y|3Œ -¶ißA›ªÈrã‚ò®×fîw©ªbÊAðë`Të*-‘ϧÙG‚(ã+¹Gõ8êVÌÍ òîW° oBi¬§-ªâyÄâÓnžT,:†”ÇRƒ¾Èåñ\ÐrÜ‘@<â\¨™žÐE©ÒÔ2|dª/Ë.€Ld–ŹVt3ˆµ…öÓ´rlå œuËmÆ*×tÜÚÏ1þKe"¾qß¡Ïkú8/zCÓ&ñœzÓÝ­)‚jÃ59„à28»˜%f+7=JÇcÌÖƇ!ÒϪäQ÷6!°wÆ«Én½_‰’Фôxý„Ê‘ SÎ8í ’„Ñ:9ÓcÍ-'½k{¬ôƒ/AywB]%ÐÕ4\£æs_¢¿Õx?°þæIž:qŠèÑŒ;gžud2ô’); Ìü{§Kdëži…‘¨m¼è -¢Ot®®]#ü®ƒÖ`RqÅO¨ýâ0íÔ™ -s+—9Py¤ ­øñPì-FÞp ("m–V?nõRhO³< ßǽè=8ðã6zé -÷·_G½,ø^žæXz™R0Zêbv®ørTŠñd…ÂñÒböi” -Àì…å„ +—5k®Ü»ó}?J•0åx×n„ƒ2+rË -Fó{qxæû‡Ì=ߣ?Öà -çÛ€ïN—2a`ýx‹àº6Ï¿ ½.j”Ž·6ú$‡éG#ƒ”3zñ³¢®é¨ËËCósÇ»²÷ѯk¦]ŽÇnÍÓý"}"pÂÆ M~­<Û 7¡o<0afV!OdHN5x ¨ÃUžü¶ïûßôª=D¼ç0 ™y ¹ÀFâþ]AQý¡ 9æy||sÙÿ”™áÇÓôò”æ§Óüèü~õíËÝÿc–¾úÏÕþ!ÇцGÓÏòø|ûH=›_Næç'xÊâq:›}æs׋ƒ¿þAÐ…eendstream -endobj -1321 0 obj<>/XObject<<>>>>>>endobj -1322 0 obj<>stream -x•WßoÛ6~Ï_që‹ÀVl9Nœ¼ ÛúcźtC=òBK´ÅD5’Šãÿ~ß‘b, Y·¡¨[K<ÞÝwßwwþëlN3ü™ÓuJ‹+ʪ³Y²ZÑñÃìð<™Ñb~Ìér¶Lnh¾H®ÉHÚâð æ/8Œ/ts,èruÿ¦øëOþ¸>»xCéŒÖ[8¼º^Ñ:÷¦x’?Ý6T‰¦QõŽ~þüuýù|ý“KšÏƒÉ4]%)ŒÆ_œ0Ží•+苨6‚ð#ʦ”NHP-÷´;¹rÛÖ™Sº&eI< UŠM)Z’²ÖY;ª¤+tN÷ãR=Êò@Ns3š"_ï8+D½“÷çxƒPk±“ä`ïY±wœé -osÊDYÊ<¤±ìÒ“­6Þ@æʦ8N:éUrɉrp[e¬#UU8/œ˜Â" DÐÚžûèðNÐoošp<®ŽCÆëJ(Ì+|úh‘Þ†' F„?¢€’L×ÝXŸ1û«5`×µÇ_a@•†öÂr¼9ǽSO!ðRY‡Gxn,•puµ+œ%N³Êt¨Dÿ{m­\L›ÐGç/·º’À`§2²®ÝnCêVU -Ép´iå*¯GŽ,œIz’/eYÒVBÙšR>“•®mì°Ÿ$„äsS2t2Upͱp w닯é/ί>?äâÙŠ\’Ø‹CB_ Öˆ¾,™ÀÁŠíÅ I¦r¸$èLdcô R8iÉçdÊ*&t§ø -Ãxô—Xá´±£p*áó¨…¸F -ž7þ®à 1êI•r‡¬ ­Ø¨R9V ]ø§9s”ov -hU¼~T@XÔ>“ÖBa w©™ÀZߟ0m]3:¡þ3*‘*0k˜ÒÈS(诒Õ0i&ÀðÜiê®h‡™T]H£ÜèÆH"bòm!¶Ñƒ–ÇBarÁF¢Œ€ÄéE5Èö´þ¹±N=I'ôÎË2@mu•|=Œç@ÙÓ2Æfò-FО…Yêݮǻ~PŸØ˜ÿÔ- Œ5îw{]ç  ãžºW -ñºDìÝBÕ0¢– Ô×sä2ü{Ì*áF–'@ :`|Á1¶§1°À>0®­Õs:ÔÖÚÖ› o±“‹÷±«/¤Ë.^÷ç*%»ã)Æ­Žy’Wl?ÅHÀÐÎÇóÄ߇¯/#RäžV®ËB5¸ú!mO­ªÅ8ÛH:M/¡÷h `:·`R7ôu eˆkò  tH4•J˜Ãd€“Gã­üä‡Ýi•Z?úŽvq¹á]cž\.R€ºLVø‰†ÜoŸo—³ô6F4áh‚]‚ÓyêM7É,X¦Gˆ–Ø"®–|ݯ¢Î€P¸7Å}÷›£Ú÷«ãJ4î 7Š-“ÁîÖ.¥¸x`‰$éo 4ÍèDâö MÛ^±î¸ìñŠEH Ñt™&¼Ë!Š4ñ9ñUÃG¯l^/œ/Šõ}×U4^þ)Ž˜·½ÖÓÑiŠ'kp¡ñCE˜ÂhCùÿ8r2äs·%„༕(mPè€E|ºgÛb4ï±sâÇu×6cg½õ~ŒÈâT7Ða>64µËX³½ª7ªÎYqœÛ^·eÞÙnY™›œeÒ8Æ0WFf˜ç~÷¶€}S(Ãqä W‹ K Wxëõ&H°]ÿG0`Nq #Óþ+»B' -÷M]· G¹ô8ëÃ;¡Ÿ¾OÂ(ÝvUÇríwA.ºÿ€5Cl0£â:¢:iü+ÛŸ‚`W½µv¶Jæ ¯Ë'¿^~„\^­’«eÚõ¼tÆW¼[Ÿý~ö7£"2cendstream -endobj -1323 0 obj<>/XObject<<>>>>>>endobj -1324 0 obj<>stream -x…VaoÛ6ýž_qÀÄdÅ’ÇÙ>mI³hq° óPÐes‘H•¤âúßï%'©šv âXâñîÝÝ»G~>Jh„ß„ÎSO)«ŽFñˆ¦éY<£ÉìßSüYIEX˜$³xúÚÂx4~mÇlF£øða7x€CöØú¾˜Æ“ÖùïKö(O°>½¾ tD˧ç3Zæao²ÁÂX/ÖªT~²ü÷èôzBIÒšÓYœÂxp+ªµ ±ŽŒ&|U¹$+ôF’)¨.…/Œ­­O~+Ii/m!2I¢,Ûg›ÚšGÞ®iãa°{Ç¡G4LÆmÀÌTµðj]ʘ–[Xf[QÃ%eF{¡´{Š9tµÌT¡2Äd ØÅ×HØ Ó:§Æñ7Ç©Äm¦”œw™Ž'( 2}»¸»ÿ¶ çèUX¼²{ÚXÓÔ0sI!E=tñ…Íi5DÚîRQ™(Ñ2áŒv«NS‚~gzå>©P¥„×Sé³Óö §K³Arù×PmÇ!*ªÜͯyCº©ÖÒº®Ü%®cD×z•V¾Md5X0Ì>°ö˜Þç©‹"òŠ;²ÛzÐf쬩¥ƒA…ò?¼„ =ĽЫÁ–KöåF:}ìóí¡^HÇóM­rÎlc˜p†¸‚\Êú™ %˜Cª…m9Ÿ6É„½iŽÑ6Ö}´´œªð¤˜`ÚÊ(*¢¯Ñ=Þñ(JÀš_E0SÙ–*)Pð‘MÛâðàôbþ=ŠctêÓûßîÿáL†î™'e5˜c+j‰nLGø¡¬±,,÷<‘oûûnTj+³²ÉQþaˆ?=;O"ŽÜ‹Ù¸<Öfmòý1ý¢„ÉÀ ¦,( ü¼ Tƒ¤ÎLÃ3Í 0|Ö`4«{à?“–KÂÅÚÆ -hAxÃ|.D;„¨Q¯3(™m0­LJ®"ô  úi¨vÊoÌ¯Ê ‰1;™·zÔO ¨ ç&kxjaŸ ôíð5W T«Ñè$9ùDüµæ «…s»|5˜€[ Õôḽ¼¡;­¾´/5´®’!_M¦Ìé)³XAB»˜¯Äž´Zæ·Ûªš…Z{Z^.Nç  òÙ°y,Z}†%Kt¯‚™O2ð$¦¿P>ÖÅÐ&Þ=…zn0Û7µ§\xAïŠgÕxVÏYr×Ù]ð@£àw7WãÙ]­žó¼²ŠS¦Ûw·1Í‘’#ñnp‰ -kªPh¤¯c—™#Q®½±ápzqBÀIÔ*"5&G$ Ý:<•ÞÆÔ±«óïK=/†Q²ãÌù@Ù(¡ã?oÚç áŒF‰•Fg˜û\ 4ñ›&A:º¶¼&¿hОv,¥,<“IÂm ¸.¡Žk+pØ°_g* IŸü×XÛ.w>/XObject<<>>>>>>endobj -1326 0 obj<>stream -xÅUMOÛ@½çWŒFŠ¯¿S© !JE­„„6ö&1¬½awÝŠÏì:NŠS‹c)¶wfÞ¼7Îë„B€_ -YQ -E= HžÃáG­ñ!€4¡dqžá}œ -ŠÃ -}ñ)›ï-4 -Ir0EAFò]Hv°„IŒŽÜÁr±°ˆÈgÿƒÙÏ®˜Ãb”ÄQ)RHÒ¥s `Qx°û<×[wWp¥¤:]¢¿œÌ†ÐÙŠ¶J–máÒî(uifRvçý€{Àšò_ókS|?¤F­VtÃy F+ñ²áHWo7· ª†÷›rywó¦’ È•óz`õ’Á-{ávü’­‚Ch?q ò§†5 ¤|-kŽ«ˆíÕ‹•^éO6¬CþêÊîî ÁÍÇÒï>²ëëíX(nÄ ±B?I>-Q$–ãîûÓÕÍåg¹VJÖyX¶.pßת)D[rM6!ßÍMñ žGøÖÎIšà{µôÎo/Îá^Égl\Ê¢­ycp ¥Sî÷!~8ÿ{© [V¢2o;N-Rˆ"ˆEÃО]-&?&ïu– endstream -endobj -1327 0 obj<>endobj -1328 0 obj<>endobj -1329 0 obj<>endobj -1330 0 obj<>endobj -1331 0 obj<>endobj -1332 0 obj<>endobj -1333 0 obj<>endobj -1334 0 obj<>endobj -1335 0 obj<>endobj -1336 0 obj<>endobj -1337 0 obj<>endobj -1338 0 obj<>endobj -1339 0 obj<>endobj -1340 0 obj<>endobj -1341 0 obj<>endobj -1342 0 obj<>endobj -1343 0 obj<>endobj -1344 0 obj<>endobj -1345 0 obj<>endobj -1346 0 obj<>endobj -1347 0 obj<>endobj -1348 0 obj<>endobj -1349 0 obj<>endobj -1350 0 obj<>endobj -1351 0 obj<>endobj -1352 0 obj<>endobj -1353 0 obj<>endobj -1354 0 obj<>endobj -1355 0 obj<>endobj -1356 0 obj<>endobj -1357 0 obj<>endobj -1358 0 obj<>endobj -1359 0 obj<>endobj -1360 0 obj<>endobj -1361 0 obj<>endobj -1362 0 obj<>endobj -1363 0 obj<>endobj -1364 0 obj<>endobj -1365 0 obj<>endobj -1366 0 obj<>endobj -1367 0 obj<>endobj -1368 0 obj<>endobj -1369 0 obj<>endobj -1370 0 obj<>endobj -1371 0 obj<>endobj -1372 0 obj<>endobj -1373 0 obj<>endobj -1374 0 obj<>endobj -1375 0 obj<>endobj -1376 0 obj<>endobj -1377 0 obj<>endobj -1378 0 obj<>endobj -1379 0 obj<>endobj -1380 0 obj<>endobj -1381 0 obj<>endobj -1382 0 obj<>endobj -1383 0 obj<>endobj -1384 0 obj<>endobj -1385 0 obj<>endobj -1386 0 obj<>endobj -1387 0 obj<>endobj -1388 0 obj<>endobj -1389 0 obj<>endobj -1390 0 obj<>endobj -1391 0 obj<>endobj -1392 0 obj<>endobj -1393 0 obj<>endobj -1394 0 obj<>endobj -1395 0 obj<>endobj -1396 0 obj<>endobj -1397 0 obj<>endobj -1398 0 obj<>endobj -1399 0 obj<>endobj -1400 0 obj<>endobj -1401 0 obj<>endobj -1402 0 obj<>endobj -1403 0 obj<>endobj -1404 0 obj<>endobj -1405 0 obj<>endobj -1406 0 obj<>endobj -1407 0 obj<>endobj -1408 0 obj<>endobj -1409 0 obj<>endobj -1410 0 obj<>endobj -1411 0 obj<>endobj -1412 0 obj<>endobj -1413 0 obj<>endobj -1414 0 obj<>endobj -1415 0 obj<>endobj -1416 0 obj<>endobj -1417 0 obj<>endobj -1418 0 obj<>endobj -1419 0 obj<>endobj -1420 0 obj<>endobj -1421 0 obj<>endobj -1422 0 obj<>endobj -1423 0 obj<>endobj -1424 0 obj<>endobj -1425 0 obj<>endobj -1426 0 obj<>endobj -1427 0 obj<>endobj -1428 0 obj<>endobj -1429 0 obj<>endobj -1430 0 obj<>endobj -1431 0 obj<>endobj -1432 0 obj<>endobj -1433 0 obj<>endobj -1434 0 obj<>endobj -1435 0 obj<>endobj -1436 0 obj<>endobj -1437 0 obj<>endobj -1438 0 obj<>endobj -1439 0 obj<>endobj -1440 0 obj<>endobj -1441 0 obj<>endobj -1442 0 obj<>endobj -1443 0 obj<>endobj -1444 0 obj<>endobj -1445 0 obj<>endobj -1446 0 obj<>endobj -1447 0 obj<>endobj -1448 0 obj<>endobj -1449 0 obj<>endobj -1450 0 obj<>endobj -1451 0 obj<>endobj -1452 0 obj<>endobj -1453 0 obj<>endobj -1454 0 obj<>endobj -1455 0 obj<>endobj -1456 0 obj<>endobj -1457 0 obj<>endobj -1458 0 obj<>endobj -1459 0 obj<>endobj -1460 0 obj<>endobj -1461 0 obj<>endobj -1462 0 obj<>endobj -1463 0 obj<>endobj -1464 0 obj<>endobj -1465 0 obj<>endobj -1466 0 obj<>endobj -1467 0 obj<>endobj -1468 0 obj<>endobj -1469 0 obj<>endobj -1470 0 obj<>endobj -1471 0 obj<>endobj -1472 0 obj<>endobj -1473 0 obj<>endobj -1474 0 obj<>endobj -1475 0 obj<>endobj -1476 0 obj<>endobj -1477 0 obj<>endobj -1478 0 obj<>endobj -1479 0 obj<>endobj -1480 0 obj<>endobj -1481 0 obj<>endobj -1482 0 obj<>endobj -1483 0 obj<>endobj -1484 0 obj<>endobj -1485 0 obj<>endobj -1486 0 obj<>endobj -1487 0 obj<>endobj -1488 0 obj<>endobj -1489 0 obj<>endobj -1490 0 obj<>endobj -1491 0 obj<>endobj -1492 0 obj<>endobj -1493 0 obj<>endobj -1494 0 obj<>endobj -1495 0 obj<>endobj -1496 0 obj<>endobj -1497 0 obj<>endobj -1498 0 obj<>endobj -1499 0 obj<>endobj -1500 0 obj<>endobj -1501 0 obj<>endobj -1502 0 obj<>endobj -1503 0 obj<>endobj -1504 0 obj<>endobj -1505 0 obj<>endobj -1506 0 obj<>endobj -1507 0 obj<>endobj -1508 0 obj<>endobj -1509 0 obj<>endobj -1510 0 obj<>endobj -1511 0 obj<>endobj -1512 0 obj<>endobj -1513 0 obj<>endobj -1514 0 obj<>endobj -1515 0 obj<>endobj -1516 0 obj<>endobj -1517 0 obj<>endobj -1518 0 obj<>endobj -1519 0 obj<>endobj -1520 0 obj<>endobj -1521 0 obj<>endobj -1522 0 obj<>endobj -1523 0 obj<>endobj -1524 0 obj<>endobj -1525 0 obj<>endobj -1526 0 obj<>endobj -1527 0 obj<>endobj -1528 0 obj<>endobj -1529 0 obj<>endobj -1530 0 obj<>endobj -1531 0 obj<>endobj -1532 0 obj<>endobj -1533 0 obj<>endobj -1534 0 obj<>endobj -1535 0 obj<>endobj -1536 0 obj<>endobj -1537 0 obj<>endobj -1538 0 obj<>endobj -1539 0 obj<>endobj -1540 0 obj<>endobj -1541 0 obj<>endobj -1542 0 obj<>endobj -1543 0 obj<>endobj -1544 0 obj<>endobj -1545 0 obj<>endobj -1546 0 obj<>endobj -1547 0 obj<>endobj -1548 0 obj<>endobj -1549 0 obj<>endobj -1550 0 obj<>endobj -1551 0 obj<>endobj -1552 0 obj<>endobj -1553 0 obj<>1<>7<>8<>13<>19<>24<>35<>38<>40<>45<>53<>58<>60<>63<>76<>93<>96<>103<>112<>118<>122<>124<>126<>127<>]>>>>endobj +†“DÅQœÌo)VÄÂÈå;ÊM_H ÷èG?bÀ6ØA¡Ö¨cW1ˆ¢ƒ ¥Ç…ÚRUWöHäl¢’Œ_èmtþ’r‰4m#æàœ7_W!=¬ðø˜Ú…¿ª‹Žs.ømÝÉ”I‚žXË·U²×Á{×pdÚæbpÂÜ·)>Ò‡+$MjHCpZ¥jÒÜûu°N›µ^S@{oËàjùît—ëëntM v– +J¥yaº•„Db„ÈWÈ“›e*_d¡6¥ã‰J©Ü¦ÐYšþÄ}OÕ–û"ɉ–’rtµjÓ5ª°MrסšuK(Wf‹ +8œK—€Lm$òÇPë Ћ¸dŒŽ–…„.)Ö¢J24W/Eq¡³êJÖ +m¦U½ÎNà¶@÷ÚK€ üm´²*QÅï®|éx WrKËÎÁJ“ˆCnkî̬¯S ò3¬™$yÅÊEçB|y4O&ò…‚Uœ®eù*Ê R(bõ"¤Ð>'~²¿îî¾p숶#òGìjrÊáÞK¨TËM!$¿¹¡,în!Õ·I4š»CGwÇ8gi—Ü»´´&´i|JhðÝúòÊEõºF€» F“ÚV°ïˆÇ¨{ þÄžÔ•2ÖDµ#½kªQ hѶÏrwÚ¿ûw&Fs4­ö÷C.,×PÍÎXY^8‡}ÊWƒm#Fªï+àKÉú.º%F9f²£²ã“Ú^4­ +è! íZ%ש×d{½àéQrã“in=ø¬‘î÷2G9‡¸]­–Áå[ ýPƒO56¹¿ÜÀ•´CN…¸@kÛ·[®ºÑá¾Í­n€BŒOLzGä[À÷õØÚ£§[Û1tŒºàÊ„)û{]¨XÿðåÞæèæ¸4ûÔ5LpÞY$M¡\6WŒ£8¸n‚cƒû«ÃN\¦ÜUñÇþ™˜Ì&álzå/x—c¶úyÑû£÷C‡÷aendstream +endobj +1220 0 obj<>/XObject<<>>>>/Annots 621 0 R>>endobj +1221 0 obj<>stream +xµW]oÛ6}ϯ¸ËKÝ!Qlù3Š!ËP`I»ÅE1,{ %Úf#‰*IÅÑ¿ß¹¤äØrÖîehêD&y?Î=÷ðêëÑ€úø7 iLà %ùQ?êãþðÇ¿MGQL“Ù$êSNƒQû”ÑýÑî3VÇÃhÔìõ«ã8šÒ¤?‰f|ö|7O~uç9§x2Ú_Lpv<™ÂÎNΣqóäÏî<ãì`¼ÝË«»ÏXÙo°Ä«ÈŽ†Ã!>G³)>cü7’–~alg!îÅp„0¦áÁûzyäµóýµí#Ö¦çÑðåÜåüèìfDƒÍ—(Ád6¥yê‘ïÓ<éÝÉgGÉZ+In-éíüK·6fEg7qc¡GmWFW%½Ûßì«é7·îz”©B’*¼é¿V™^ˆìo²2qJãK ¢ä”‹š6¢ð! gŒiŒÏˆÛ8$-¹ÇHW8‹ÜwÃ-˜i¬‰\«W è²æ"C/©'ÉÜQKšËæ‹´!$Ž zQÊÍ“³°k(Úò:´ä.ÖH1Á; ì‡{²ÅÂ7·¼_Húw9äÏß  +¬¢ë×:=¡ÍZ¡<è‹bb¤U"SÆ:p‚MÐCY¦7-_šLä3H8oËr”KYes|%\'K4iª¥hÎ)ç$Z”(ÖY¨£dÑ¢ŸßßÝS*œXÀÖŸ °T õ+lvºãsY°b‘´®[ð­Li0.¨OH>´A0ð·‚”1Ëj/QI¦ I^Ÿr…à* Ímƒ‚øWF¹ú‡PsàBâ›é÷žWý®þ¶eØúg¤ÄÇ} +<ä«`MXönEQS)u™É äÂ>¢fF®„I9 _½ä®ó©¼A •!&¢úª’w v`}è¾Å©ÕÚ–1ß@b×0Ä*âÔ3_ XÂkÇfS-]JƒÎAˆp›«gD‚‡vcy–­×övœƒˆ„©@R´Ó@£§Òm¤ wn¢LRå(^‘€8L=@ñµR8(èØ{9öÆ9Íø‘ © 9t÷ +ö«p‘Ñi›êZCmÁ^Èn”KÖˆÙ‡@ƒ±ˆ.^3~@K^h“BÊ”;kÙ¢Ý!+:ϙ»|noÛ\ÁpD—,9KQe]ù’ðÜ /ˆºu,í¶*KmRºË÷î=wóßnŸžÙ;=Ã@£”x•ÔÔRÞr%Pô–3çÏ ÂL×rzíÇ•î}íU¢©MîûÇ“§µüX¸Ë¥WAÖÉÒ†`SÏw±«˜|ñ˜š 6MAx2ÚbéƒÓAŒy<`B¶6 +jÉ6á&̶  h(°|Ndé‡>”ÜÓ߇M+VÒÓÒèœG–zׂbà ‘e&Xvu‡ÞÂFIŒk×`tâ4îÖO]_鼬pÙcº½½Â˜s«£­^: +fì*¬Î$&Ÿ2« VÔ³›×uiÑçuæL$‚Nãéù<Ôz]£wM§ÿnwi4êª2®ùm*°= ª6òŠû x〈”þÖóÐ`4õ†9z …Ê4nZúT¨ç—¡ˆA¯97 ÔÁÌÏ#<Ï`ìh,ù‰2Tv{ »¯:² ‘Ov‡UŒ_ˆ0ÝOµ×8`Åñã‹i´yv¢ +)‡N8j’%ÁŸ‡Ðˆnž ‹—Ý\¡m>H`ÈÔð ,U&m¦È›Ü lMVå*¨dšuÆãvUSW–`÷þ›+^xz‡Åßßؾõx¢àä‚鮲Կ2 `¼Q­ÖxÀrÖ¼ ðbÚŸ ñÞ6æëíþâöò‚>ýtÇeqG¡qmè‚϶ÛO§1^ïÒÞ½KGxûžNf¸†qh>/XObject<<>>>>/Annots 628 0 R>>endobj +1223 0 obj<>stream +x}VMoã6½ûWÌÑù3¶S ‡d½)t³éÆ‹ôÐ -Q67©%);é¯ïR¶e)‚Ø–HÎÇ›7oø³7¦þÆ´˜ÐtNiÙ%#¼á1|û½·¸IÆ4ŸÍ“•4žŒðŸ +z±:[$×­Õé|žŒh:¹Iæ8;›La)>ñYx¡é8ÚðÁøÀK­Gœ›&‹ÖZ뱤å8¹i­µÍx¿g£ÁßhŽw³å¾'ø·’òÞݺ7¼Ÿa?­s 1_.hF´Nû¢ö;©½J…WFãÈÏZ:OÞ ¥3spô¸&'í^ZRš°œ(%Ä; ×ÚvsMÆžÝ,›C¿¬ôFt5ž&xîL]dIórÂáåS!…“ðžÃ |ÃIØqY/»¥>Ûß .ªD%íå¦PÙ°)G J㳌i!3AîÝyY†Ôjox%EÁI8µÕôýñá/ªU†”`~Ë?¼éßBd €£2Í kêÊ%´Þ)G©É$á[ì…*ĦÀƒ¦LîeaªxÓÆ +î¤#£9 \KÃkƒŽÓMíé Š‚6¼c/3NÁÊÙÉŽ3Fwa]æÈöB{±•|* A_Ê“ÖVùwŽÓïš:|à¨?:S8ŠVt¢n¦oOŸ(Ý ­á6å›H=ò¾ SˆAèÝWà€”op-¥ÐŽžE¹A=']ǯ6p⸪>âKåm f¸À ·S•û0–å»ÿ»¯™ èÝÔ”"B‘e1†Žï&"X ýc¥3µMeaàÕNìQ ®Ëeã5`‚¨¹5%ØÚ=ü´ú¨«;>Ešš„Še"lë²à!¬¸¿ ’ß±…áýu£ ý3~kµìY4úºØ÷õLÈQÆŽŠª°ƒ áW)+žT9 jb* jœÛù¬íìõ¶qKܶ°U¼b›LÊÆ_!œ?5JYî>²åïˆw"ù¢RkœÉ}²SqCERÃ8P[#3´›É[{v€^þ¿X…ðQtûÚ™c8övBŠY²nðиšÃ;>ˆDt-p–Î Ô†ùv&TdKÓ ¤˜1S±ÿŽçsv]B`+Ô€9w^?QÒuv ÁÌ•f5…CÔg›ê„QQrã‡Ò^´w+b>Á9—±É£¸ÐÌ\ÿ†Þ>‚[Y±æD[ h+=sI­&•ñ¸Ë¯=%\î"ϫh¯PP“w ¶AôÏÖ7x½åvôiB·ÐmÏ¡í(¨9ЂTÅH‘:Ä]¾y©3¨eƒ]^û3<ªIÇwɆ“j† +O!ȹErÐUl$ªªP˜2<52™t DÂOÒ}†}ô]«·fŒ§Ì‰W>Ï1â°u+QVÙhãbvãÛ‰7*·ékÔ9ÞÀ,;0CES¡®¤·ê,³•â•é".« uGâUQc…¯®'À1®G©÷ÊÍC,<ÊÍMPá‰ÝÉô4R‡÷óÓêêxgyüºþü+Ÿh+å¦P$+yÔ3þFù3“Öað l¹²àSUoÀ«Ý¹Þ/rƒä¶â¥?¼þü¡týöbl‘…`O¤óÝ''æ Àâ;­ûØÊ„ÞCž‡ t¨ïÆCãï— ã9®šË)ÍF\>/XObject<<>>>>>>endobj +1225 0 obj<>stream +x¥WMoÛF½ûW zrÐX±dYrzK‚0Ð8n­ =ä²"—âÖä.Ã%Ũ¿¾ïí’M-ÚÂ6l“»óñæÍ›Ñ׳¹\âk.ë…\­$)Ï.g—r=¿ž-ey³Æß üÔZ²ðbq¹˜­¦/ÞnÎ^½-‹KÙd°µZßÈ&عēäü]®ªF×2ŸÏä“5™Ñ©üâvÎzÙê¦ÓÚÊgcS×y¹Û¼Øüqv)‹%Lœ+›Ê§»ÛߥõÆîxj‹ƒ“ùU ÎàŽ n§­v­ÇŲjæ¥íÞÔΖÚ6^2WÃPáð¼1¥žÉg-U­=^ÆŒV}FçÒñ=‰ë´í,®0Á&×ò Ê­šDä[Óh¨T­J/ÈI‰wÂBŠ WŸæ³ÛB—+:Gi4o…2™²Â;¸Àxâ¬}8^UZcu•4óîiÆ3H½Ï§TIn,j°É—JḤÚ'µÙ"i†4*X;ÔÚ|£Ë—¢¿U|³Æ<œµ6!²ª0ÍALCà÷àRÌ‘À ø”™] >ÅÄû7«½P·Æýâ0‹dxÚ¡iЋ™€ä5ð þâÑ ì®¡‚ÇN…H©¬Õu@˜`­ …V³¯JÐãØ"‘Wð–ªÃIÀɤÖô…â>£`bÁÞ*pIײÙakë°ì |Žú,Hã„®–ç}ŒzjIfÐX¼SÕ€@PvÏIyih É øžÒDÐ2YíJAdš¸»Nïu ’¢ýÓ”¥¡°AQ‹ý6$è5³Ímè(ú–TŽI’ÜaØÐR¨Q­RÞ£RœÇÛZm 7`«]n ‰²Rh…›,®M ÜÖüYÖËÖ“¼'žüJ2Fœ]‰!„tHÈÛÙÀètjØΡšßUÍp9ø9•Pfk­Å—hltÍëO 3ùÄÀmÓ«É@Š»Í±Ñ0u&­Åë¯Þ'ý¸¸XÏn8ëÁä/‹ÕZâÛAÂË£~…uxóÿÝð}_GIrewä áü?ö/7³ùëF·©¦¼ÉHäG.UZbºpÝn¡ °ŽpÖ ,‰-H?An4bÇ¢9êèq†õÏåàP÷Ay¿#ãhò¢œŒv…‰<‚ +@0úïvÃߎ°+lFàw>¹ïGåSÚŽfÙp0ºê:s±«×] +¼Ú…EE¶¡Î® àG Þºo”¨P@!k‹b|©Ë-PDv +;«Äc&-“†»¾S,`§²ÓhgÀ(€ú¶ħÚ@FMë F+Ɖ;ñ;ÚRNWÁun@Ì€Xã‰IP R¹²åºD*qŠ3ÿã»Û‡1ON’ ¸K¿ÎbŠwÕ©’La[å †Å`ž¼ä¨@¶²‹»&'c‹!& ϧq/cB‘§Ì¤pî«öpÌ°I” T?ÎØ—ÁÄ×Vc’Ä·œ`êžåöÏ¡‚¾c_ +ò{ì8hGü°Òo"®Œ6F6“·:QîHÙ‡•-îÑÏ’ò\ô; ­½.äËùÞ¨ûÝÃCØbØaŸ$Œ­‹«1ËÊÞIa¶µª_^ààŽáˆ–?bÇ3'ZŒrÅQ6+F¶Fm¡#ÖW˜°¶é{óæôéiy=ãǺ÷i.¼'-Aï›”Ù,×ËÙzu'ÒõŠ~Þœýzö´Ìùendstream +endobj +1226 0 obj<>/XObject<<>>>>>>endobj +1227 0 obj<>stream +x…WÁrÛ6½û+vrRflY’eY=*q3ÍÁŽ+“| ˆDL @ŠU¾¾o’’iw:Iœ„"°»oß{»úu6§~ÍéfAW+J˳ÙtF×Wsü\®oðs?NÑ.|pµžMo}°X]O—o}°^¿>ða{vùiIó9mw¾ZßÐVÏf´M'ß¼rž¬¡:Wôíþó*Ešk£(á¡¡Æ+ºßò_Ž„‘”9ÛTdD©< ÏÔÚ¦áÍwFÔz¯ÞÅËÂ[Ó÷ÛŸg3º˜_!½­œlù_Ÿæ¶5´Ónò7‰:^'>R’’Ç–¶:dÂÉ:R{e¨°žÕ|n”:gé3 ++bJ?.¾k#mK^y¯Q9j§út+ Ó@Ål²×¶ñ„ã:E•5¤Œû<#í)QÚdŒCø_(èMÜjñ¬BÞ;ëÊQž·_î6ŸïŸž†ƒýƒü”¶9á·Q)*îÀèšDQØÖÙ©jåJnfÈÄ)©Jcâ–Ä(nrjMílQ ÛÒ +S£¤ *áj6…pß>ƒŒt›ë4§Ú5žßìn°pj§œ2©’c\7RjÎy·´+g÷Z2µÐ™­5Á÷:íŠÉ‘·¢ëÿCÑd™H +E›‡F5ÞYÙ0Ûž&›»§÷äHºduqÇ1÷Z ð#ñ¦0ÂiR†ãIUUt)úØQÐTT"Ñ…®`y±Gxf,âxIv‡,Lš;kôofO%¼o­“̦ºU`zÌÑÀ‘û|òKÅ×½¯zŠ0)láÓ¤“ú«f?½ý¹üôÍA{öŠ 8SPÀ|>½šÎQ›p™ªé”Ã%žúÊÅ‚}er"…:¼ÌøÔl&P]h#WG¹Ø£Cêík.'‚…Ó3Èìœð UZ7¨1tº£ücq«=(ˆ.6H] >ûº ò2wàtÓg­ŒA2Ü XÜ(GVOUØC¸níôòV×¹EXÄe öªšýJ ,4#jTš¦¶15Ê8­ªs攨a0^— ÒNG†Œ‚ + %+\%‹rr%$ó'fÊÑ_×p Žèž–ùJ‘Æ èšw*¶¥&VD¾UèW `D¹‰ /Xi +É:Áuèü.惩Ø÷¡û™°a…O"=z9òp.S9dÚ ‡,ÝéÔYowuǵpc(´Y;À‹0Ò“|G°ö¼%œ!XŠÊd(Ù³T‡´# ùQ$éQ2`”ÌrÌrJaÌô’øιqð‘l¦«~È´ÝéL  +ÔA™ «”ð^F:ã1fu~@!SÚ@çà&Ÿb¨ënòO€J˜Ròe +’B•(µµ” žŒj|ÐÍN•Þ¦Ï°€VÀº‹ç‚S¿%ôD8r2­YRÃ'lR™2Š¥f:Cxÿø: /õ$É#@²Mò˜Ã1Ïq0 x^ôô9ÑÀ!7–·ð=—LV”*q¬¯˜¡{ʧN'xÔÆ”º1> }×ìGÖ}nPö'(Ù¢>"³·:Ìýý¹.ð4Qé „óç¤vÀà?LØíÑhåXvØ}öÂ…•ãQ”‰ -8J¥*ÞÙPœT©•ªi¢ð,T¬K‘Ãÿ“7&âÝãׇÃLì¬éÈÅ€(÷»´¨ Û(¦SEè°­¸ÕPÐq†AXº<Û|·a²ÔÒ¢‘Ì#±,…Yh×9w;Ç‹a΄Eìl¡²¶À=Ð@Ánœå¸ eªuÞc >°’²¼aŠkð,2(þÁé’·ªÛ¸t~ö¡Qh췌׮1a§aƒP¡Yç¼’ålˆVÛƒV…Ý%Vb“ÜQè\tU^…{e€£ W«,&í˜ê½Ÿß·žBï°Sƒ€\œ2MÄÖS3ê),‘ñŸxÑ&aPE 9 2@1ªV$<äxõÅzÖÀÞã•H7Þ8¥/€Ó½Èä´0†üØÌ𢳔cnµMsa²0^Üqå™Ò‡ÅMÝ…'¸SH°ÓŠ¡-Á˜øâà!ñ Fo_Ûù२ƞ¼i{:±ûcø€2ÂŒÝ}üžsùiÝYî|…¯të+Z-ðÝKN7w6ì?y~ÞÚ-šÀ*áª/ú×/n3~ÿ?–®åÍrz³Zc=Ã;×7|ôÏíÙßgÿawdžendstream +endobj +1228 0 obj<>/XObject<<>>>>>>endobj +1229 0 obj<>stream +x•XMoÛF½ûW |r›¶dÅvrsœÈÁ®[)hoÅŠ\JŒ—\fwiUýõ}3»”(ÊAPAjw>ß¼yÔ÷“ ]áÏ„n§t}Cy}r•]Ñôæ:›Ñìî–?ã¯ÓTž|\œ\~~O“-J\¹¹Ã‡‚püêŠùÙd’ͲiFOªÖ4×îµÊñï¦ +ùú—Å7\Ñd¯^Loqõl±Öo>'ëèi>?§Ê“¢R«Ð!€°VŸ´N{ÝàcCµj¶ôõéË_d[íT¨šù­ºö} ¤Œ±ÏÞ¯èbrMÙk<€ë¥u5î؆|—¯IyZ[„ïÏaº2¸_)¯DSPçµ;¸,-5*ã­yÕ•ÎÖTTe©¢û´Ë5‚úŒÔô?ªn>Gn>À´2¶Ñ1u/x&AÕjÛ[OI¸° ]…mI¥Qc·eeðÖ!@äPpcseH¾‘JetOì‡Æ”•ó¨c@IÛ@H9åûFD£”%¾3¤‹*"‚†rÛøÎÀ,=}™S¡‚Z¢Ì„~WÏ}zšs¢¯èêÛ4ò8èh–¾šÞÆ=ÒæsRmkª<Ö·uvåT]3hª&hW*6B†6U³¬8^»Ç[ðÚ” T]úÉUhúq$´áŒcÕØ“ •±$8“š¬œíZ`ãÏäßz +Pß…‹7HpäÐ.ƒªš…ŠM@>=-úºuž½?Îÿx~ ÀÀ§f_«I›AR*Ïm‡ÓMWË\Ù¦¯h?E_Å^į+bZ¦Z:å¶Ñ>¦¨ÎU³³Â#¬¥Ãq¢bÞŒKï×*_# r]Ó ÚQŽ}KF^K§Ž€ªÜPk:öµ¥à:ÐBÑ?GÃÚv«5‡´¥ f6 ·fÌì15é \µ®ª%kÛgãh LAaÌW|åò3(VÈïìR‡ü²ñ^ˆ1Ã(”ñ@ÏŽgC&ÕdˆØZ½0Mß;± vT¢Ââ[cíK×J­¨o ?d<ýïh$å¾lÖxœ™¯¡ZÀÅ4¶­7-…ª‹s1”¨O‚;mªPœAÁÐ×€›ÁË@ŠOib¤U–ɪk3Zðœp«1^$dßêœù1†^1ïÖ gaaMÙ*Ì-œ†&LÁ´Àª…L'j¶áÍc]¡¶J)ÁÇØ“c©Î¨•ÿûún°õÅË" ÷ëàØW=w eòä컹© ㌩ÙX…8©¶EgxÜŒAÜÑÖr@Á%þu ñg^³_ÉgèïJÜ]bXà,<44X¢l®7™šzl”»sv±EÁÁÆlcðSÏL +¯Xѯ@[c€ÙãÃÉÀZCØ]“óºD‹+pfÜq½P\ Ö§–0™Ño Cwÿ„§u·Ïùù®âGÞ96æ¼ËØþ7מ1û> +R…vË&ñ/Ï4vÛ–´ò #ì}Þrý:€å5¦——Aô1Ö:Øà€ƒ¹Ñº`fÅ @ÌÆÈ6Ú.Œ’À‘(ö¸“o1# âcG]\´¬(è4™:aÇs{@þŒ¡8F)¤â: ºUAƒÙ±­ß˜ÄÀV°—-Â(;>”"*Û‹kHY– "i¯3z6Ýj¥–°ûŽÍ‡^C<ÊØɾØÏ®èÛŸ]ÃV7ÞÒKc7¨š§çûǤy“Fe¨¥NãXßêÐ;òU‰XWýNÐùº±Æ®À€,/D.;éÙ¢ŠzÚz_qn€†Ðe¹ÝëرËZà †ÈF®wÒ·—†ƒQˆÃi»µzåDàÊéÜÖ-*ƒƒ?<ŽŠ#J Uꃞ•øîÈåŽÎ¥6Ô*‡ÆtF9j-d^£ƒ’ pÑÀ€,d`Å…†VƆÛB•€Ÿ"»åÉâÕ"j.+(@d.£j§³Eé+TÕ!\OKT`o8©—ã$E?ÔÄ#ß(Üò0ZÖÂ<IºÉ¦'Dij¼9©•¬BaØ]˜ƒçÒ‚UÁ5«Q(æ GQÁW/6c!„©’~‰HN{Zêé‡ê4^Øç…O#1Èú»dÃkz­Ç¯)x‘«ð2î<'Qö)êÀ‡¨Í oð…À-:fy*ËתY + ‡… šÆÒq:³Xll¬0[UgÅ?3¡ öm/½"GŒËkùŒ W§¨Û!õ¢•©Þ) #¸¸ƒ.†+'š[|¦äa„%,y…ˆzUd,—z?sG¡ñº†‰eI +i6X÷"‡øDZLJ1B·æ/x¸ç«±rwI¢Mnð{ÇÝ5~ÙxÏì?¿üx$ÙoÜÛO6ÇËP’Ž|ï¢?~q;Å i[üøÙí,»½¹Ã/'8ûîŽMüº8ùýä?ÒùÎôendstream +endobj +1230 0 obj<>/XObject<<>>>>/Annots 631 0 R>>endobj +1231 0 obj<>stream +xWMsÛ6½ûWìÍÎŒE[’-ɧ6‰ëÄmóÑX™ô™DB"`Ò²þ}ß.H‰¦ÝiÇÓ&1Ý}»oß.þ>Ó9~Æ4ŸÐtFiytžœÓl:Kft±˜ãïüç5­åÃÅåUrñÒ‡édœ,^øãÉ9ìóÿ¾¼;O.“+šÌ®`¾¤Ét‘ŒÛt'Æ‹óç®ß,În.h<¦åÑÎsZfbùœ–é‰ó™ö -sÈØZûµJ5•ê‡¤²ÌØ )²zKª©smk“ªÚ8KAûƒ“kçé›±+c3zÐ~GZ…Ý)©¢ :W5®ê,Píh¥_-ïÎi4ž&„p’9« ^ål?»` õ¤Rå_Ûh9 .~ìpœP鲦û©«ŒÎØÅÀÀYaVgA§7õîlh@!`öúùõJ­½+hm +À$>Ü ÕëB?([w¨‘”µ©2UGπ랥èÁ(êÐÖ{w™K›¹Œ™ä –Î?K®•)Bã¾¢ñE,àh:¿1þÄ}E)ˆÑ¼ó®©èöš^#šX¦§ hÂÕ?ù†J¢¬ ß„÷\D)R¯QcA +.kæ¶>.¹L¦æ¢²]@%€Àƒ ^Èj‘1?ÖW¿Ÿ|¹½þþ*òjLØ +…Ùäu±£Ì¬×Úã—ïëÇÛ?i››4§\!Åä•Ýhrkv¶Ò¾¥Š¤>ļ·.w%€vmQƒ*u¼>tn[ð·¿,øCB·5mKvèÞ­8.°Ì® „ɧÉöQ±Séœ +*!ÎîÀmk“ÍÃÚÚlH)~±Aî,U +•))¤8ð*nHö¡žj+×2ÏüJ6!Ô`X¿¢l9†Ù=ú5<ôj¨opÅÂe¢rxkã +fJ}! Àh§­~¬#"€Y{WŠ )-ÓC“Ôªò.ÕUUaböcébü„GÏŸ]‚·“+°±„)f*þ=Õ‡½ç]›îÞ7ð#v·Í,öÇ‹|4Eb±P?v$2‰Kš3ª[jð7h5ËmÙ„j¨• +šr]€܉u¶¢î×ÿÒ6Ú¦í¡"7B‹²ëf¨ËÚh«vÿ!"— }PôV¥9°prûC£•×5•V; +)°¶ÚC€¢pBaIåžYd¹ ç~4zléÀ¬¥#9ê­ó?Ð`Td +a{µëKnuT ¾%T +i®á€š›½ƒ¦ýw£-üDñ Ðµ2ZíXÑ2WªgíÒÎåkuõ Žô/£b{]7ÞÂL)ú|ýVúñÄ_u\T…ÃôÜš:Ç©A8úª"p^f G^fwÆB¬yˆDŸ=Šo!?šûDÙ¨‹{‰85=HÌc5Æ$…²p~a0ÔYõcePºSÉðGä9á E¯Ë95 ÂÀoêJ¨Ω JÀRÂ*0(W+…ý($°Î“,¸‡ò¤¹Ä'4º€¨3R…Ñ@ 1?ÑJ<Ö‘àCÁŸ Ë…”{/f\(vvvƒ1Ë{ÖhŠáÜŽiô×-pBŠ"ØÓÛv Èoâån¹‘1Eƒú× ’ý!“çW—[Zz4‹.¯†‡%Ñoè„î±Éð÷ŸƒUoiXïñ§ÇåŽgQ‡ø>Yõ8»ï?}[~jÅÀ±@ñÂ'Ÿ(!¾Å£™©7+teŽ%ùÛèzß­öÄÀ©eܾ±–ÕÇÚnƒ¦DéÇ×Þ’‰ýŠG”Ä}XÑà;×xúÝØæ‘Vî§Äïúnï2îÏßÐ……7¯±”óOk·'ìPS@’N |åÎÊs*¢1Ò§Œ°ÃmK]8«1ìä/íåú’Wã‘d*©kö{Ö“.Žn)¾i š' ~9ƒeß'³yÛG‹öëïÚÅÕ”fs~-ãLLígïî‘ ºî?Øîh<ÃK{1¥Ñ|"6ÿï³èb~‘Ìg‹ÈåÛúeyôÇÑ?y>/XObject<<>>>>/Annots 634 0 R>>endobj +1233 0 obj<>stream +x¥XMoÛF½ûWLÑC@¢DI‘dôP8iÜc7Q‘‹/+r%nLrÕ]Òªþ}ßÌ’4Í:Š"ˆm™û1óÞ›7CÿyÓ ÿbZÏi±¢¤¸˜E3z³žE+ZnÖøyŽÿNÓž`)‰ùËç_/Ö—QLËÙ"šSA1¾_6ŸrúrÑÿŒ§Ë7Ѻÿ´÷OW«hÓÚûŒ§—³hÑ{Ê.fâ…qÔ"Z¼Ý^L¯—Ç´Ýsš«Íš¶©$3£m2ÚfÆ“Ês{òTeš¾\ݼ½"•¦4¾rª²Ž* ò3ÙR–¨ ËÊ$ª2øU¡“LaqáÛŸ¶Ó¯¦œ|½ýv1£IÌ(mÓÑÝ/ïhÏÇášÁvO©-”áÓŠv>¢öª=>Si)·åA;*µN9¤L=jòú¨¤æ«&½»T’غ¬ºBZ8éQ»ˆO¯W (½]_3K>³užÒN#g•šò€xQj“º@Ö?‡Í-¢|ç|Ø‘Ÿ@ùÛí×í-ñíÍ¡D¨œ²?ûJÏaEŽöt¶5)ˆÌÇ\ó|cˆØ*Ú›\’ëE² U¦t2>c,îG{e(ÒÊ›ü|ÿšLYé#Cú/ɧÝ;[ðõŽ˜[â03à¬Û8 ÑeȉaDÛLUä•IÇôTÁ\}ÚžÞ]Ýàú£vÕ˜¼•\ uFN] nÚ骻ØÅ9à§V"&fØH¢™öš*å|ÃaÒp8YG›˜V+¦á~¾ZS`éÅǺŸÌ7Q|I“Ëu`*Ž£7Ñ<¢ÏúÏÚ8Ý?ç•iåB5‰Ø’,vŠ[îÍ¡º¬fÈ‚–ˤvL‚ŽÚø((nDo¯Þ}¤[úãî‡ç÷ŽMžƒÅ}ìSTXòvÚQ-7L {ˆ ÿƒ‰ÖL}¸p!c`9˜Råä+.jüêL'ÍÆQ’ 6rÐí]-® ßéà“BBæ=6,k’~šÜ¿n®z20M9N÷Á&=‹Æ,à~ÔþjŽÊ™“‚µîœîä ûËýë1*ÿ„€’¼†û±yÕeÂ5‚§§Ü¡îSJ•.l)%Ñ3µ»eÏž»Š!g‰îyçuzä¢:éÔq®Õ-•N-K­ƒH1–³† ± (É-ʧjŽ(ŒsìШ²£™Ö6w©=•¹mûúL4Ô™ê6£Mx÷Uú%t¶ÐǘKµ3¹©ZwƒÚ›P|~€äæâÇŒòIç9?Z®Lƒ#шq +BF73‰çê!ytöѤÀîò P5‚‹)ߎy}8ˆÀ­ +®q7ZH)qx]ÁQp,Œœ//åØ0]q}€h\Hdçî¨[þ¹Bø|á¢m¶Á]+b  øš’ÏÍÎ)g€PAF¨Ë—ïÝ5¢kÐ'ã…Ÿuú7%é»ýqÅãŽ_U&šå*®]hUúa‰Âr&³h½œÌçœèÓ5 +×ìX@«Î+¤ÿ1C2÷uÎZV9šë +äIv©~Ô¹=r»‡|“(Øs!‡«:Ÿà dé÷B ëÛ. ,â^ƒ[Àé&F.ÿÛºzž »®´¹·ÚÕ•r¼¡I‰IßA$gÈ€‰±ô`‚ÝïYÚ’JÆCøF[Û ¬.¥è¾Dª¼èc³£èI‡…¸Þ´I¾Ø5}ªsǦ¹<­)_XÃÕ3<«µžç¹8;”·Ò  <ö…ØžeO—6ËŠ‡‚‘sÛ¤ïø˜ñÞA>¼Z4ÍR¦eª\*…×°ÍÄTŠR;e&ÉÈ×G :NÛ½;- »w‡ +únÛ½ƒq!&Aª‡o°dB[[MJC@’b,7uâÑ: ¦6(Õ¡ëp î꾋⣢OAÖÞM1)î8iWöb›òžB‰ÑöÊŒPRûŒn¯Ü@hW›œ}I\½ëèMn¡dÚºaü~óT€:mº}/‘¹½%¦ë^|Z†Ñ N&f,ï +EÐÚÚ`Š‰ ïCëÙ‡¤Üa3c*Î Ï‘4ïâÛÁЇXòá/; ?@žWÿ›UÐ绶ñ ‚é5œC&¶Í3çˆ#z×L¹ažis–zÎ/ïî^¸ö§cVJئån Ààpt ñŒqʲ +LC}) +Ðï“Và4W>z´ý3æ f~d Ë÷^a|MõQ—òÎVa=§LƒEy§à]UâÞGckϾ&bb®¿Èh…IËL¯gtÉïœá2àã0êþòÃÃÅOfü®€Nj9û–Ù;‘ç“x†×|¬ù·ýâ) š`S Ííÿá×ÊQ‚ùT€ê’øÇDÓ–DM“ ’ø"Õ÷Rû?{[é†36nãÅ2Zm´ºä‘è†ntçì7¼Ð`ð +ïì¢<Þ9‰Wø»6LÖsaì{/‚Ëõ2Z¯6ÖÕŒ÷¾ß^ü~ñ7¤&åendstream +endobj +1234 0 obj<>/XObject<<>>>>/Annots 651 0 R>>endobj +1235 0 obj<>stream +x¥WmoÛ6þž_q@QÔEcÉ’¿Û€t]‡~h»-Þ§e(‰²ÙH¢'Jq ìÇï9J”å·uÙRÔ MÞÝsoÏ‘^4¿€f!§çW#oDÓ韓ù Ÿ!þ—’R»Þ,În@‡7‚þøåÇ«p<ñÆŽFÞœr +7iWÝ]…¬67›A0Ç¡fµß-¼’ó)»èöjê¶ìßÝÎt +½9áÂvÑmÝÜX}A¸€°]t[ã±Õcز‹n+ -þ`âˆ]ðÖ›å•ÿ°Z¦Ýt>£ebýÑ2,×ÊÐVeÙ5E;Jd*ꬺ&U˜Jd¿ýðæ+z¹ü =„Õ3ðkSú™ŽEæ‘G¢ÙvfÝIIÕZR. ÜhIt\粨D¥tA*¥®YnDCxÖ`+ŠŠ*}dÞè\n×i•™‘½¯,b™ÑÕ*K¬©­*"U$ É/2®+e’D‘P¦¢R”J¯A¹è‚1 çˆ"ìwãƒGßë"U«¶šÃó¸0f«ªxíÅ8q¨h`Í°·-„½Éæ ‹ < ¹F`q‰Ó0*¤L$¼ÐTÖ;ÓÈÝ8ãNqr¨o@‰9‚Y­K]¯Öä@Z…¬.’ëjtC¯*iSê,YQ/ðœJN‹¹&£#.×=Ð¥ÖÕ³chñ†<¯©ß躌¥ï`øðÿцÅCºø«C'zúß7)Mu´© +^ÄÒQîØ•\<4%•ê,ÓP¹"³Ë#©‘,^? vVÐÐX8Pž~í…‘ß 7­ÃXI:¥;¤Òè ¥gþ6Ûc*:BMûÛò‚Ã0Œƒ°Ü ¢;›?º³];^6³Gp˜ßcóá$ðæ£ðkæ÷êN*Æ"sjN‘™¿œ¡z{MÂÇ€™§k™ Òƒ6ðewUÜëx×È.Hð£ÞRmdiû…Üø©¦í½GeÓPZêü´­{ý縫Á±7Óô·GvO‡˜*Xδ~@{ØÖÓ‹´\výÓU墙 CŒ"KNÔþlH/ymW¬'…åX†Éèy(¢®Üy³‰ÞöÏ_8hcÕœ£Åýq¾¼È–˜W}Îm©gÓž¨+ƒÓ0¢²§ó¤R qgø5K˜ÖÕê8þ±ˆAÔl¦_*çM;­*•K.¥Dd*™ã⡺À¡Q]1!à©ÀNI÷žD\v‰.^0³µto%î_¶ã»,—‹¢fØ]‚ÜôîÆÇÙNö æŸï\¡á#ýE«RnúY; +®F@ÊüjŽ«ì°£#…ÊìœET] ÛfñZŠDü@‚BüÆøÿÕ<îÏ`“Ggº¯71îä£,EFQŠ\"Ò(qÌîvž¶„ì´ØRcÈuUêÌæ5’kñ¨t ÆnÜûêÐíl$z“Ò]dœÉãˆ-×Ã!&ÒÄ¥ŠlMR®í7ÂÙN´—ÔýMµ\Ñ ‹òý`~ÿòð=i¡~‘®J§¼q ™e‹­0VçþF–ëD¥íýAqV'ÇCØ1^ìßV™ŽDö;ó¢«ác’qÁ>—|ãyÞwç6žA-çºBÑÞ°É}Å\ ÿˆNµ¦¯^\7”÷öÓ‡Û÷_¹íÃpÙÛ?ÂÎöDÖÖ°3¢í5i@ßÒ«CYêa_زà3CµJÐúLúÁ?\sx^à…ÖgTM´ùræ¾V *ƒ±:‡VáÓ`­þ,KÍOÀÿ W3Ee§ÒÊ/\:§9FûéúX¬ÐÖ…•á¨íd#~šm{vïwÿp—šÊøJ=î¯þ6­ ½R‚–ÌZbÝtäH)eÞÙh­$³BV$b¾è7ô¹ +ŘÙd\þk<ŠÕ¨Ïkq+*ÿù[ÿù¯¶2ö¾vr’˘Ï#f}¾ŽüwxëÚ_0Aæcš.¦ÍK­yÒýTêÏhszÛÚ±®a0ųÃYh¯ží ‹–ÒðÕƒðî,V†>Õv¨Nfo67×Ä©½Âþ°¼úùêo߈‘endstream +endobj +1236 0 obj<>/XObject<<>>>>>>endobj +1237 0 obj<>stream +x­VÛnã6}ÏWL·v±–,Ë×ä¥ÈæR¸ÀnR¬‹>Rm3‘H•¤ìèÇw†”Gq ,ZÄ SœË9gÎ诋Dø7‚y ãdåEF0[\†˜,æø=ÆÍa妓8Œ»Ÿ’‹áý%ŒF¬0Öl> +䀑¢’¬?…ÓpNBø] vÃáëõçO×`¸Þr V¹ßoo W%ò—ä CN!ƒx†õ$yÿNZz¬TQ¨kÈTY2™S”’=ó·áŸÚ¤/ °ÛpìÊ'Š›DýÛ‡Ï×Ë/¯³÷AS²’ÓQÁhŒ(`9j{Ukø.d®v¦©¨šNäë¼R«™UúDÖÞ­,NÁ†`/·Ä–C¥ÅV|Í x;åxðBIm9 §•²?ûÓiÛ2 k£‡…ÊX14¬LÙ0r(¹]eà  rÁ78Ó¢Ò’” =•V6¢¹©”4HŠ§¸åÊlT]äò+ø@šàHÞò t±;ÉʇdxêÀåãñÚ`ö"â ^xÅ5Ú†ðÕ2m¡®\¥¨<Ä)Ï!g¼TÒQn¹± ìOáSêÝrikVûév¢(`ǤuÚU¹Xí½žL™‚¡t˜ÍdZTî V[œ+ªb +تFíb:m¢ÒýÌ)„XC…a  r›¤4Hk*¤^)cDZxʨ#…GO5~!†šTø”¶û^ ml‰òõ"<Ýì(7ê"ãfˆÁ»3Œš'‘^yÿ“„[PÞecÙ+;¶Çž™fR‰ÜÑX‚µ1S£K8izž Íþº–í' pÞ*ãð¬5¯Z<ów«L6˜²368\yqb¦Br|ÁøÜĪ[¬¯²!¥ÐqOáWˆ¢+÷yUÅÑ Q;l­Ö[.5$òX½'ˆÖhF•ň‘6iRR aF^†R“^Ôè!ÿ­8v+A}±Æ`x†Nš²ìÂDb^uªúÞX÷›ZC¸Ç¾ù߬¬ +>€¥k–º:lžÔv´^wï¥ß‡A<ñVrs÷ðñƒÒ6‰Ü¾ìÓyZëœEúèä·‘?ñû“ ˜“O'Ò³NíúÔ…Ä,iÑâ¿!?'`¤Íön…ª 9ÕW.²ÉÊ}kÒ=,·çóQ{´u Ãi²No¼ÞÇž›œ#½ý‰ž˜1‰œ|pq”š.²f7´ëÍ­µBg<ÝJ«Ò]B•½KÀÑþcg#5øŽ’÷O®Á]#¶µï/ò—wëm·îµÅïGs‚¤æœ?sì(>s~£Jœ÷³!n”´_N?tÃÌÇ:ÅQÀUà2 ïÍ«Àh†¯{‹1Ì.ãpFøñ¨ÕÏ,ܪ¬.Ñ»ÝS‹A{!˜ÇÂfUB‚B%²ÐºäÚÀCíT8™OÂùláÑžÅá.¹øãâ_è‹!endstream +endobj +1238 0 obj<>/XObject<<>>>>>>endobj +1239 0 obj<>stream +x½VmoÛ6þî_qÈŒÆÅbÉoµÅ4ÉV¬yY#l–} E:b#‘IÅ5Öý÷Ý‘Râ8VÛu/)RDâñøÜ=Ïsâm«=üׇɆcH‹V/êÁha4àßü5æ­Ã¤Ÿô`’9îOñÝëA’v^Ÿ{™f¢`pÀ ©ìóä}«Ý~/šb _?VN˜…‘V4Ç|ot¹€ Ët¯`N8_*a|Æødý~€ÐŒ)s’!ºR¥Nj»× åv!e +”^ÂL@i§— Tr.ñ1—ÖYÐs˜i—A®S–S.Ž^S¼±þéšÀس—‰º¤a4 ƒç:ÏõRªkHuQàî—@=ZC(Ôhí¾ «/ªÕáA¨°`Ö.yX|T\Øú«.ÁfºÌ¹/€y舆9„­o,>ßXéÒÀãã;±pi¼-{'äø±3_p]0©ªò—û‚5KJ,)3‘YU^Jn÷àÚÿŸéB—F¤È”¡q\ÌY™;.òÜFÕöÁ8”DŒY†Û\滇T!M\+$Ù]‡AÝÝÇÕ!š:ݧšës…ûk´L~?z £q'òU RIq°Ž‡:´©‘ W)o¿Ö~w0ÚØßà­Tå‡pÒ#+‰†•òQ73©øïàL¨c%·$Z +›£yãf&[ÌždA1n†©-aá0¤ nJ¥ »–¢¢è’€¼·ržcöfçQÈBs9"ÚèYÌkÓ®¬fÏÄÊŸGžs(>Ôq€ZÛ&è6cqaµîi)¢7kj|'ø˜…ìû©L¬˜±§¹àHÌ$SQE5UÃ8¯5ç)êN£Å¨5=hRËÂè…0p¬¸-…JE§« !…G‹t rØBâÞfÌ÷¨ê͸&iÍ.<ì°á¡ß¥5±1ºrÆbf©›¾ÖìÚé«ÊóùÊs +»žø݇I\µ(8h}TQï'eõ5¹w”ÏrÕ¹z:¸ú€@õó㛳£W;—§‡; "Í4t´w.ÉÅ4aÚ´ p¬ßÉTؗдµ2_¼¥!¤Dm<÷èü"ys~vÙpü»ãä烷¯Úß5¬¼†¥PÚÙÿ^ Úxî•6øµý¦^Sÿÿ#êÖ ±EQ±áW•õ´ÃvèŠ[¼uYýbðäÍ°zó;<{†s¦L3ˆï˜·ÞMlËŽHR|üWW ATë7DáJƒêaAÒsà +¬kÎ~p#ìB+NFÂû +]…𳔕¿ØË0kgùL·¨®%Ÿñº^ükVG<ÞêÓ—úýFæ9ÎðêñÛ¨Ž¯ÇßñóçñÇ'ÓêÓãÅ|:„ñþ$\®/NàÂè÷x ƒ#–2ÅèFL„wë ÝÉ/ë¼SÝ{ Ö7-¡{˜…óÒQøh2Š&ã)ªCÇCzuœ´~jý dendstream +endobj +1240 0 obj<>/XObject<<>>>>>>endobj +1241 0 obj<>stream +x•VkoÚHýί8Ô*¶±!@ZE«D$RµÛv[P÷CèªÆ‡ilㇶýï{glSu7ñ˜™û8÷qîø¾å¢Oocƒ‚¤Õ·û8÷톓1ý÷è“3D­Ëy˹îã óˆ4Fú‚¤û}̃ª×ã,ÒdÏ¿´ú°Ü¾=!á̇«ùÇ‹?¼óîo ,X‰†£ß_¿ž·ÿâé’§a»AHëÃJÑmÏV…R<½E(Ö´ÖÚ,à“/Ѥ¿ b]úùy ƒæ@nÐ-ƒ…Åî)k–_ox;ƒjçž?GžÀŠà<ø¹‹àΑÅR>JG&ËŸ…Ün +(gªÈ)þÌž‰ozí\ŸÕ¥µ¼‘®–ëÚ§öÀÙž™ˆýœËRp×-› ’|—B–'xRÆB(D„â1C` "U>Y§„%L­tgÆüŽ‘—/kOÅ,ohu@Ž>Ù"R§SâÜÊÚÎi%î¹ÄbÒçnð V™`âÓžEªQZSxû·cT(sŠªY¤Š5QýÃ՞͈ïá¨iµè-Žñï®}f’•ú ¥]&å¢ÇäâxÏn­˜ñðüs‘“Iâ¾6ÈìmÎ2XktÝ'*H‚DÖ¤ó7ðÂqŽªl½øÜàôí.lãÙ9Úmb›8õ!!±®Y3ÝûŽT"«³Á$Mâû‚ç„&yÕ«ß™³¥ø’‘w·]5ðÖÑ‘!ÍÑAZš W!Wº&d*æ)y'NË‚öˆäyÍ_q‘bÑË|µ’'X‹üî6Ev‚•ê½˜QmBÕ\˜½¹œî%†*÷#¢éQH5™Â’X,u¾œæ熡¤d£J¾Nö.ˆ·O¡/9"þåP¿ÕÈ"{ÀêöÃÔg‰0#‡Ê»uÉX%Æ;õÈ;LÕ«W{é ÙaƒPJk7Üî›c]œCG›ã_Àò¢ì çzRÝJ&ŒÎNËé8»xsy?sñ… +S £!«ÛRC°jkìÑ“Êæ^ÃœIód0×SXâ]aæ×p<´Ç£ ÝÕ$:j WóÖûÖ¥yPendstream +endobj +1242 0 obj<>/XObject<<>>>>>>endobj +1243 0 obj<>stream +x¥WÛnÛF}÷W Ò°HI¶%9AP$MH´QQ0P¬È•´ÉUvI+BÛH$­¦MÇ wçræ̜ᗋ1ðwL³ ]O)+/FɈ¦·3ü¼™óÏ þI+÷âönœÜœ{q};Næý¯éýˆîh±‚é¿äû£-²Él£éÙ¯V¬åsJe¥ªRu’§V”K‘Xi¥¡?ÉÖÂÔôþ×;úûÙåâóň†ã\.r6ôâEï™´"ãGéý]ô?œLùôxœÜ&×Éÿèé,«jíÏÞÐxìƒ ‡ß®è äï#¨7Ò¼ dËeÞ½<¸êŸ©Îœ!Q…{'[{U-U•÷íQ.d©+K¢¦z£,í´ªê+™Ýè¦Èi)I, Iµ¦LW•ÌpRã° —¡ºN&œ¼Ã•®)×¥P•²\êÏ­ Ï•Ï{/QyA…ÎDA ®%>µ»Nsâë,¡tµRë7óùpªôñÕû.Lˆj2õwÊñ(©¹$] ãÓÜVzt@ÄÈõé¸Úk³E‘õZ"m“P0º•ÃѳÿÁµ3úQÁ¯hp·ªU&j¥+ZiCš­9ÄT&ím¥Ü"‡·„I;Q2è.çpOÒR%eÎÆ—}Ç¢¨kN€Ý•ÓÖr—ÐÃàÊÛB5p¹[IK‘m›%íª‚˜ŒZ« +%ñˆ¢}k®ƒNò„A+Žè{ƤÒ`N®q œ<\†‡±2¿ƒü{U>ár-uÞxªÓS=öªÞ0ã𬋣҆kÎèšér‡  +¡­b&­*%Ijuc2™VÖÂG¶ñIÇVP® ø®Í–`ú¨=Pø(mÖ²³3Z×ßys§&tˆG_)Ðü#%±ºëºÅà•Ñ%'߯È1úîÍVОCþu qð-¯âbÒ©ñ3½Sži÷ª#ï‘,xjØ~ T¦¬•YcT}…± }À8`&æ?¡Ïì´,¯&«°Ï#ØA²‡“ŸFÈ,Êò¥A»åü;ÿé`âƒPf[´J™/=‘†l­3 ƒn‹,Ó ¦óÿ7šÞÇqÐA¯;‡@=ðú-S uð#ŠÂ ‹duãùEµ±êëë&T€œ,2‘+mJQÄ´‚ÆÙ |Â`5Úõa-„Á_ºÉm¥µ˜‡Kt„,*Y£qq Âb¹ªw?” ÆL‚ÈÊ˼³!ëö Æ5ÀK)˜jeÈSÀ‰3 +$9Ó]¼ƒ}Uˆ'*".‡È¶äøó¬þm,Æàá’w,7Ofɘ1¶=°ŠrOÑ'V<Ód5¶‡«£>fµá¤Î¤RÀ÷&’zˆ{Á1ÒÝlZºN‹A¥ûfˆ’ôïóÐú  +õé^;´/Žûñ±ÙŽw®3ì¾›Z$ÁtÖnâMf'Mqðk“[Q #t* *¹U «¦ÂÚÓ`‘ˆʬେË6CÍô«& +Þ€ð¹G²3!%66h±m£K;Š4TeWˆÚíª‚Ö²’¦X˂ûgðZeqÁ8É%2t(6 Œ/UÐ/5ævÀ§ƒ[zr†Ÿ´.ôÞ¹!¾N§Eà('€ø»u8¡qÕô#rñÔkk\Ÿ£ËxÈ!Ìg.£Iqq‘1'1-¸úÛ=öQU**ŸçR9ýêAÅ[BBïO”[ +Œ¯¬ Šå¾Q¡õ– +…E”×Õ ó°tŽ§øHœ_Óôn”¸ï«O¯Þ¿~EþÌ_!otÖ”€×í$á0^Î&ø <~ÑßX\=,‹ÕÚÒ‡Æ-¨7³›d6ãóG§·láÇÅÅÏÿGyendstream +endobj +1244 0 obj<>/XObject<<>>>>>>endobj +1245 0 obj<>stream +xµWÛnã6}÷W 6}p€XÇñ¥@€zÛðCÐíÚ/4EÙÜH¤—¤âU¿¾3’,ËrRgsI#†È¹ž9gô½B€¿!Œúp9žv/€Ax}ŒGøÿŒ€¸óyÑño˜À"ÆÃ1þžXð.ËÜÊ#¾gÒˆ¨øæ'ré[Á3#]îoXzŸHëb™ÏjN¤×™¬PV\GBå@¯}ḻ =´ •0æÚfœ /¾uè…7ÆšžmÇ’K¡ú>ö¼•j)U„ŽŸ7q"xë È1¬GÉŵÍ-æУô_ot-’Ä>ç:+rWg¶7ñ~™Ya­ÔŠúûF£þÍ°DT¯?¤v.Ö¨’„µòQ·ÀBÇ‹üD¯¤*ïnv Àg +–øš©bO f’Z³,°e¹3Jo!ÑúÁB">—ö×» +Ú½þÀ´u*O¸p.¢‰ûÁxu_l"Sò¡§æ>–ƺû ³öõÀü´+]4ñ‰Jí±úêJíMœêØËS£nµ!>{?£ï7C *lÕ‡#ÊÒ'¨keuÁÁ‡Ã„ÆÊ1œ©b6p¬¬¸€°(©Âq*Ï_íf +âoôëíîG¾‹#¨„fqpcmÐÏ2sÀð3î(×K”&䉺¤)…À4æ¯é„-õ£@¥¹§!’–% r€ÑÚ! › º<¢S(á°ÑHÍ(X;å}¶»Éªb:Îýùl†Hu»2Œ¶»CÙ:º‡Y­„##Ð10¥t.Õ +"-“¢[¢mŒN7ÎVv°¶^ép²“vD@Éaè]y—ÞÈë{0× 3ÒöìFp‰" ˆ X®2Ãg¥…#× ".¯É›.`…Ed©{ª¦jïX›è¸¤sÄ€[3iè”IEœ†›Ñ<¶ Õg©qãH4Ç~戡V+¶(©„,'ìªG‘Äš:Oµa¸ÐP¿K·xˆ<Í e‘ðþÑYá„gÖéTþ[ž$õ) å„ìn°W¹ÎLËm…ÊW{AhÆ<-JµÆ­µÝû\ +Î0%ÀÌ(ÄuÅ´!Ta+1úD0.9r˨D­åR¦zŒÍ.ꊸ®Zïjµ í®V«Ó™Ä… w¥O¿ÝuÏîÎë$B/sL&~0ñÃ!ÌogŸÚ·Ûßáw½É\­ÜuùÝ9„“É°‡“ ˜g +n%7ºLÅ"§(^JðÜÅSÌû+Y°ðUÐŽ%¢£CGn¿LoáØ4{tcŠŠŠ™K^ ¯ØJPÓÚ'[ß ÂÀ²¤W3lfÍñðn# —›ùe6Ÿ[sE$^Îä m/v¥·™Ž$Kî)#”ä“öÛ2U.G2ðsy¹™º"ÇÉÙ}à­VXüßVÕŸ«qËr»‘+kðƘùЀ-_ÕN£¸.͉b##Vs±—ÇŸ‹3Z‚3˜V«âáìû7ãj³ ‡øö;¾„áäªTÃùôöó¾ýMp‡¢Ä3"ŒZþz» ½Q߈£n¥ž°Ö‘è,Öøiᯬ ™Áhà†c|“Æ£Ã!AìÏEçïÎ&Žê8endstream +endobj +1246 0 obj<>/XObject<<>>>>>>endobj +1247 0 obj<>stream +xµWÛNãH}ç+Jbµb¤‰'! ûÆÌ,Ú±›ìå uìN܃íöô…Lþ~Nµí†VÊp ÈÝ]uêTÕéò׃˜øŽi:¤Ñ„’â` h8™âs<ãÏ!~¤UX8>‰fÝçý³ÐbK“þI VZ$G‡ï_Ô‹8¹Hr½V%‰$Ѿtdýj¥%ñoøê{kú¹Zö­L¼QnÛ¯Dq³QåR•idõ+æŒüê•UNÖÖ詹_Îç§Á¦Ñ¹´°Åô£F¦Í—ŒúR}{Öf—‡ÔÕL쉇®¹½ðð¬Ñ=ó ]& ˆÝ]s{ááY£{æáæÒZ¥K*D)Ö²@Gtʲ[B-,Û ±îÖ•°v£Múv\‡-°ª=Úiò§Mùb?1× ô©¹]ÿ°Sײ&¼Ë p ¦î-¶^I 2é«JG+mèi–ÒhKÿ»BZU"'úúÈ—‰.8Óä4y+w»¯ß½æÄ4òÁèuÅöDŽ6zÿ­Y×ÒäÌöf¥Œu7œ¡®§F¡/ûµÜêI££?ÁCS*?Ár{s}íz ñ]¦[´{´ÕVõ>píÚ÷£§ÕÕ?S×óAo8á1àœDn5‰4EÓ‰ÎÊU)I¬nt Ýßþõ +še-•’^‘(K½UåšRí—¹¤Êè¢r–»¯%| Ùiš…á$óÂ¥Þ@¬hÚ­ö†æ¢X +ú•qQ¢ËR&Ž=¸Ìh¿Îê=¢ªò¶•]&ÂIÞ¼RkÏR‚1‡ÁCÚ"~|öÏN(ž6LŒÆµ÷8Ž&}V…rABG>ælÖþ­Ç Ê„i¥/ -LA~–Ý*DáÉ°°™KaçNšp½¨I™®$ËŽÆTHòÁ•w€Þa­±`ã瘑Áw‹Fí¼å[Ò%>ÄP¹àd°2 ŸUé¿A¨¤Aˆ`Òn­“Å{TË¥,˜6àÁvÕî쀩Ï!zŒ¤‰4N(öWi\pÑüYŸdxÔØ[àå÷„¸©¨>‚¹¥H2Hd˜¨TVÇçKƒšQÚFâùÐ¥{siîT‚¿åà^”)]å~½,œ>þ zÌž7Mh-20ŠŸ¥D^˜¬Bs´¸)pi ó—óymÿô‚Ö `F`Úþ¾<ÿÙ.SmêBïŸ%Mûõ¦Ñ,¦ÑI]M×óÃè{_ka½w<¬gõ‚+PæÀ`™!$<ÕXÐ_çŸB¶‚3•¼¥vØž¢sóµÆèžhœËd¤²$˜ ]Ñ ãrŽH6™y¾d¯¨Y\‰G ­ÑwUu+eIËíN蜽nÁ¥Šß%|®SöPڜ֎·‡!±† Mm´¤êrX)”0š—ˬîÎL‰¢.ê+œK_ã+´À™BDŒÞÊ´éöÇÄ·óCâÛÌ|¬›Ôq}5òGWÈwJR'-1ßNÜrç"„v€n{0´ÝBÒ¨ÁÀ½Îä«¢Ë+ŸQP8]"§¬d ŸK¦ÚBi¹‹$?¤åÙãFiD8kj/Í¢ÙɈ&£I­ÆóÓ‹§teô¨+}Ò‰çI(àå„õb~ ¨7âM2=zV&ÇÓq4Ìð≓)ü}qðçÁw¶çendstream +endobj +1248 0 obj<>/XObject<<>>>>>>endobj +1249 0 obj<>stream +xmQMÓ0¼çWÌq‘Ú§UŽÝ$­ +W¯ýšxIìâþ=Ïí"¤Šb[ÉŒçÍÌÏB âG ­±i æ¢*+4Õ†×m×òZóë §â¾/Þ~|Ñ¢?1¥éz †Wzu'DÙ–xpVM)gßôÏŒßB0,ã×u[6̸ëGÂb쓱áwˆ4¯GïÒ0òNHàN×ãA΄Gò£x_LTã +Ç) ƒ|š»Äx’‘±w:MVVguÖ›²Îšò|öî쌄½QÞwŠør|€’Ó0Ê On!Í :0áb4!œùÖc# þ&Åóý»æ;qKÀ¡¥ªÝ,͆|(ñõðéû‹é9O!M&ðÏÁ“ŒüE'uõÃÔœ‡Ô³±&Ä,ÍS*bÎÇ'k˜7›_ôÚðUˆsà¡`).Îÿ(ot/ˆ†Ûí6UsËèq·¿ßáèÝ3©ˆ÷N¥™Ã½úÍÌõ_º­¹pýß·í¶l›Žëf@ÓeÞ‡¾ø\ü±“¼´endstream +endobj +1250 0 obj<>/XObject<<>>>>/Annots 660 0 R>>endobj +1251 0 obj<>stream +x¥WÛnÛF}×W òR°h‘º÷Í—¸1š8N¬4}0P¬È•¸ Ée—”ý}ÏÌ’º9šAdQ»³3söÌ™á¿úøÒ$¢Á˜â¼Óúø…?BþøøGgÆÃ`J9…£þú§Œî;Ñ Âíj4W÷žs„“`¶g /4ð9œNðá¿Ó´ìDã0Ñ°?Á'ÌÆcÞ"Oìr0žC̆Á«ÃhŒ›'^ÝÆêpŒ]~¯¬î=cuS*3­*M¹úª©âèëTÕb«ðÛgÕj‘iz2uÊJ–ðO U™¸I/øp—&ÓUÚ=š_à®Ê[‘*J=Vºù•ä¦0ƒYªªz².!]ÄnSÖÆ|€ÀÐ<ÕN¬Ÿ,Ð.M\yöá>§Äg©Iv’Ø­èì„̺mlÝÑÃÉáná½ìnT+-™Ô©>4A—^ïÂo`>ÜÙÝ%»ô·ñæýçù{°Lˆ9í€ Žé @¹ ]9».¿qÜ$aµ‚l³ ?úœ¯ëÔºß*ºµµþÝïÞ%4g*$6^纨 ßßøÂJÀGxWêÑ$ðW¶À)¯vܾ»º$‰ûã!R¯¥A³ïvÞ2ýúüÃ+ÄmA¡Ö¼aÕºÔ®Ò nm±ñhØB ½m:“`êÓù {OÅÈùPJg¬ãúsÚ3™ë.U .Ë­HF±*ÕÂd¦6LK*®¥0é³)ûhæ4„¬ÖæQB»J¥‡.R8 `l¶€ýSz7S‰«IÄ`[±F¸KƒtK¡ªŽü÷ªz“yNípL¼NdvÅI/ͬ„‹m"Q2g—YqÁð…ºÚÄ(^»®3S0)0¯uYQ¡Q¡«‚9Jw¿Ì}†,e„ĺ¦ì¬iª‘9¡x¿²0x ®êö‚L­a¢ñ§¹],fžÂmmài)B$§–AË2û¦ì’hòâ’—³žU{—>ÝÞüýÏÍíýüüíÛ ­óìpã¶_У¡ªNô ©±Ž¶ªŸà«s(ßlC /À A¬5Ku@çˆ?…ÉÊÚT­p +h!jü¢Ž¨‹ru´{½T úL[sìñb¸€¥*µë,‘ëâP1¢ èú½hŒ†ŠrD¼gl=;àctv7*ÔC¹ò0c¢ñDdøìºUY܆Yf*æՖ׳o …9´5HD™~Ô¨¯hñ󾜮ÑÞ]†žÃ*Â@mt"T”…™j8Ì"~·6ûvv;?Hý¢±ÉC×Y…¸z8ñÙ‚5ÒDþä6Z¯k^W¨Ú ês*m!ÒÒ<ÿïõ¢iÎvÜ8¤ViXGÊC’±rÑš"ÎÖ,ïžì25ZýŒuû‘£OÈŒT»uUÿP¼‡ »?‡‚+‘¶oj2Æì;‚ô?Ç*¨¼ t^z1c"ȸ²åÂíœoh¯â.°uƒAø*åGŠc”Û}±4Ú%ª÷‰ â* Nšˆýð9‡âr²¾·°Hq?¥ÅäOíÚY_5lñ¿2¬}Öm¾ŸôKbpL­;ßÃÁ›fm#Úª¼6Ä10·ê±ýTËî­˜w+™|ßkØ·kˆß‘KçU›{ j°¶±Íá¶eïBiJª!hÓœ¥p‹«5Z@b–KŒ¢˜ªDOnçÃ#¶3µR\ÁBëb;,à˜Æ7ª‡“ªlXLîÇ#~©hÔúf¿µîS6FÓ1]eÒ—æ9)FÈZD ˆOâçAd¿`äÙŽú ʶ8“&h¹T¼œð3·š~ ð…S¹ŠS $%Œ¹+Æ0T{Ú|±˜úA»fZa‘e•wå9íò…LßU¡Ÿ€'ѵ2Þ>ÖqÊ|–æÑÊé鱞’®ã ÷74wÊàM¨¥W;à˜LZÎ^¡W¥Ž æ9™ðv°°Ë¼q£6r”NÕ<±ìšd¹Ðxñ³ˆX—~^ƒÍ“É2°€3Þó(SÆâ„lÁ÷ˆ6¶Ä_FA®íìzº÷8 +&ƒwßxK=š~ÞL‡“a0OýgÝëyçCç?,xÞendstream +endobj +1252 0 obj<>/XObject<<>>>>/Annots 707 0 R>>endobj +1253 0 obj<>stream +x•WKsÚH¾ûWôek‰+$a 6•ÚrÞ9¬í¹lÅ9 ÒJôŠ4˜xý~Ý£A€¬íT€V¿ß­ï'>ñϧ8 0¢¤8{cŠ¦3oB“iŒßþ7š–Œ)øüñéýI8 ½3Š‚ H +šŒg^ÜA9]ŸìÃÀž…ž¿Ýƒ'Þt+Føc<+(à¯Hø^Dgá4ðeÄ (({ °ÃMfgxXPÄê,Ð㦑é§ðg"PŒC:ó™Q€b¨3 Ç…cj +°Ã…3VT±PŒÎz…¡=. Å‹˜IBv¸`ƱCd$²@‹g=_ @ #ËÇ Øáü™upÂj-Ðã¦\ ]´}z\ì÷ú|z\`·2èq~lù8ƒ¾=nÌvþùìpH.'~ÆÜò›1â +/‘†DŒF½šŸŒÞÍÈi¾DDˆò”æ©ù˜æÉÀ¼Ð£×U¹ÌV›&+WdÖš®U±Pô¦*TV2Ò4UžëæÙü+ÄM`°7”Ò›§ƒ9x–YÓj® LI£•aqŠ¶UóY¡Wo^SÖ’©hS¦,ªLEg­UhƒGTêD·­jîXR[,¼öyô‘¶Yž³c¢¢x2(+CÊ]Ô†…6z¨Ô9ÛÍŽì ]kô¸‚æµ¾#…ßE…³VàOõ÷2:¿£¤º] +Å¢çp 4+ˆXgÊÒõöÔj¥Y‘ Ì°zô®j ¡¼Õe¦ËD?¿g£ºÕ´Ðº¤<+¿ÁŒmfÖB¤³Qù.”ê6i²ÚdUéu ¸l‘ì(B¬JÒ?TQ皘bôcM7pæÛÇ.ŸZÂ<(’´Ÿ«?ëÌ¥œG´|^åÕBå_:å2¼ð˜ð÷‚^©6K¨Õ ‚‰/Ã"[¡¼PvCÇ^j³È*TJéô²3õÎ ®.ß_Û丹ÒVMµ©f½8ÿtññüÐ —ŽŽ(ZƒäsçÏVS»®6yÊá銈RÛ\¿y• 9…Bõ7´hª-\?Ô# Epè.<Íõ­–šfW£‰p¡šx#@}Ýè¥n¸ ­pçضáì);kþlßÒca»Ü¸ <‹V'æn—Wº´þNãa‡})ðͳDŽÁ19ƒXÒ!ß/-B+5wµAjÕ¶(‚ÅËÍŽið}“5ºÐ¥±ÅÍ%}(ùáÄt"{Î4øGÆjS×Uc\©äÕª*Õ]6{®Ž§éÞÊÀÃHl :ÉNÝTË,×퟉(GÌÚ9ƒ¿ß.nnœ@›CI¿Ì“µˆ'“Xó{KëªÐ”"C lÄTF+Y¢®Û2#âû*·ãeÁÃ{SrÆ•y‚/i“ÝîÆÊm¼Iº^³þ²Iûþ2lÙ½mkdK8E+]êóÐ*°sÛ–cžK$Ž{ÙziÖ•D«Ñ9–)VÃéé›ËëÓSI +o;^qŸ13EòÌ(”ýaB.ï}Kœ³òÌKŠôPÀO2úboI‹Zq¨+[¬¸½‹a/Ľ­‡J¶r¿ôF›¶Éðµ|œŒòl1rž‹°>‘8=RªÊüιæ§'Ùb‚i,ÙV +ìþ–)J‹ãÀ…âg»â…M€D‚›Ž÷èAÛÙùÙõ‘]¢»‘òˆhàÆÁ\a‘JÓ‰9’~/ +euD!7ZIµß\¤ÆÑx|DÕ·çaÜî¬î£ã +·>"Þd8y$ËXN°¢q•TKª«¬4r â€[ãjø§‹=ÝÔ§_Kr™¢þ»KïpCwê¼}`òË.„ХZä:µG—Üz©6*Ë[”Ï–û'åÊÚçXX³x"¾ï\r‰Ø;7ß^¼þôÏÕüãå…·6…=Fwô.9ÉFï’îàÆÞÔ'w±ÞQÜ5ÓŽÀÇËÞtR„÷Ùû×ç½:§«¦úŠÑˆC<Ùð“ °‰C?‹ë4¤aàŒOŸ~ÆóëhMñNîXrþv~ò÷ɲ + Dendstream +endobj +1254 0 obj<>/XObject<<>>>>/Annots 712 0 R>>endobj +1255 0 obj<>stream +xWÛnÛF}÷W Ü•‹ºX–ä¾ÙNÓ¦ˆ“4Qчº(VäÊbBî*»KËê×÷Ì^taä¤(’8æeçrfæÌáç“õñg@“!]Œ)¯OúYwøÇ€¼ÿùd4fC÷ÇÙ”j]N³~¼ªè¿O—WÙφ“ì2^ð£½Ëš./³«½gþØô&GÓ L ñÏHZx{ƒ«É—nf'½—# h¶àXÇÓ Í +jŸfyg¶”d¥y”†êÆ:²Íj¥£B×¢TTé­, U ³ÙGCŠÞXçO%þWx¼tÈ.…‘áfßî"6FmVtî‡ãI´•Žø‡ÝÁà í˜æ’ÂŒ!ÕÂ:D;7zÀ AjSà—…6ôG© +ܦ¼*¥rä4È… çcšépl}Ú:|q›Ñ»J ++æ¶p=> +SêÆÒéÖÚ|¢öYª„’75<Wj…òª)dAëÒ-q°´T”Ö™rÞø爬å°N”•ÍŽa4g£g`ê§ÙàŠº—C@][ú ê¹@ “´¤´#½àåº^UÉ—üÿ.\½ £›ÕbµâlæHOJµEïÍ,¼àëÞŠüwU>¥§÷Ÿ+Ò5RTÕ†>7%Üy¿%Ã^0òiUq+á¯@gpsÙ•ÈåýÙ9mt÷šª8Þû<œ(ó@Ø­ˆDQôÏèðœGÎÖó,×jA+aD HB·” +•©C JŽ,ãqú"4ÿ5[¶§dݦ’$ò\7Ê¥¢]Ñ“´@Kw/F¡bƒa6Êè6™¹ù²T’f†ë:÷³ô«.{ºõ}jcFÃ~°»/DÁÏv oà‡±/>ê8ï ÆG(‡ˆm‘n¹¥p|¿±¡$¢Aw+çkĦ%™»ï瘂¥àšá”¹?C)[Àó„„ö “•Ñ«]c€§Á›ó0ðÿIé5,r€§·èΆ+ÉN +±ÿg0¿Öbò +ô4Τó¹ƒAëÖOBC-güÚ€!Ñ“u£8aØ8§’vï±Á­VÎ誒&£³GÔ*݆è6‰*­Œ|džLbPµ)ÿÄ)Э‹®c¹yõö)¾X]·ðü›‚q\Ǽû€áá^A1¥Eš:=äºôÂ$ÇBÛl†ùð°mêëËßr™=@Ôžˆkkéêik ÐL0ý"U.ÏQ‘Ä·Ûw+P˜`TR-ë9®ô¢åY¤,æ2È„JÞ9‘ÁVÚZÎõ™’Ã3RsK0ó…W:,œmÝ·°[žA©¼ñIbÜëm>ï^ÜbêµA<C¶-èNÌh\«Â{ùÀ¬¿Éè:ÎÌœÓR¯óh°Í7̯ÑdÂ8”‰.ДX@?² ¬òî.î0†± ¢§"Åç›ÏïAî}ØáÆ¡×BÝñxIðývÐèYßw06½]mØÛnëïÍ XÕ+Âi—wîÏxn7Ä (Ö¶Ù%B°¤v#Øàè^LêàYù°ƒ#׈ݮ´*xpüÊÚbã6+Ðo+_`ÒaŠžtyïhj€yÙøñ7Ò  2©*‚AùXF¥Áæº{@)h×/Ù–QÏ{#àoJi³û³ᡘú + I(\\…]r€± ÊB†Öbãy$Æsœ¾è2tK#ª¸%µÊèF{µ³-4Êú<ðÞypXÐ|ƒÁUÅÑ2ÿ7‰xúVuÑ9ÝEµ9Ý i×vG“òLÞ8lwÞ}Ü{Å‚j\zíºW@W‚±q;mJ“u¨*ßDã»*4­ŠÝâãwŒä%$ Eh¥.PW®íž³¯`X‹ ÄÚ6hlœ½Tà¸ö%ª6GMã±7?Ð0š 0IÔ•ü]é…Ì £Xò[¯hÀØÂwGEMhÏÄHfÈ_^È/JßN®˜R„±f¼Öž#Wߢ‡ïÇ"|1Ý-åÀ_lûÉòü¬ÅUŸƒp¡¡Û–úÁÀeúæ¡Çrµ>̶ƒïÂ(€S…§6óƒaKé¥XirÇùX·BŽ£¨äú€®°ÐÑ ‘ø™ËXŠ(HjÁ’Þ A¯KÕ<Ñ_/Åó|ÀÜ©ŒÖî»vf½Æšž— +¿HÙthùÐ-¨WÈÇžj@tÝ>/XObject<<>>>>/Annots 717 0 R>>endobj +1257 0 obj<>stream +x¥WkoÛFüî_±uRX,J¢dIvÚvR·)ê¤UE]'ò$]BÞ)<Ò²úë;{½ŠÀvÈ{ìîìììòÓQºø×£QJý!eåQ7éâ ÿêñ¯÷?ð:ë “1•4&ÃðPЭ[ê§çɈ㶥ø©$ÍŽúƒ1?¦ã¤S}wÌ?ñ±Ýg¬âè(ìu«;Ï% zƒä|g•½é¥Ý¤whòjrÔ¹P¯G“BŽG4É]$]šd­ÉBÒ‹ÉìÁy·§Õ‘uÖY +kW¹_‰§[$u]­i¥Š‚ +ekªqºÙBiIZ”Kõ‚??&±\JËü”VFŸÔ´÷KîbSñk¾†ß²•.µ{ý$…o-AºÁŠ]Hü:'mhapy®*™Õ¦Z'tm*’¢\|ç® 9äf¹\ŸÀlSäÁ¬þÏAî8â£-ÔG‰@•½ˆ8{(Ûé °ÃÎÞ󋇋³î~zacJnc+x÷·VÙGiïšÖE'—÷Žø¢3Uº3… ["îp)²¡Ë©¹—§!”4æëó÷ÇÃ-Ê„¦)`ÒkÊ¥Í*µ¬Ráò5ŽœÄ¬Pˆö”T"“SºV–x~eÊeSË*ñ.G‹;mloâÚÚSk +/ÖT6 |`Soe}õæÝ­·of;æ©6¼éƒr~àí¹)…Ò MðÐê€+ñâH¶xê Fñ­(§ÂóO›¥™™¹Vÿø4“°;”ª+¸~`Td™itíPq¹ñ4xkVðXøªÈLUI»4:WzN¿iõ@ái¦Ô”URÔ\ §–5ÙZ.IYŽÂ/º%ïn<Ž”øÃÇ})3º\l“ß®PBíÚ¬4áe­D±©ØƧX•Œ3ìÊäuÝØp›³º/ƒÕœ:×gqÙ”°-§^@îZã»ûˆºƒ[ªd¦,¹ÒŒ]°· YÉM½EíBx¤+cêg|ëÖx‹66©-¨]†*é?ª’GLÝIáŠí>Y_N¶\®€s(ƒ»ÇnOÚ÷o^S ¹–«¸uƒ<ОK-+fÂA^g•)]Û^ñ4¯B‘Æl¤i’v{PŽQ2î;]ý uå® \Ù+0Re)s/ŠµG6f‡«}˜t‡g¬@7B7¢@E;z21¶ê»Ï¨HÄWÊzaòˆ•üÔ¨{Q@^–§î9€"’ßhü]éܬ€õ„~yýjKP:¾•Õ½¬^Š¹¬ŽÑ'"„µBAm®*[8â•ÊØ +e¥ÄÜ à±H¡N‘{/P®Qe ¡çÒ¿ŽuJkÓTq×#c÷MÁÉŸ¢!Pj…Ûä‚-0À»Ç=¨bt×pÙ v°ï’á9Ni¦¸®‘B—/ÎN9••Ý Ç5hË’ij-D5GÀr^I¼šyø©4©µBn‚m²ÅM™MèÓø~ìäo%*èüW¼¹s}N=ôÒøxÛO#o{i2HÒ„Žßé6"m_ëczÅÚÉ&áÆM˜@&¬ÕtéÕÙeuwòA%0ƒ'Œjs×bÍaõ÷yT¹{A+±Þ£e¨lV,ZË\¶ +ÓPDÖŠÂI¿ ÅAöH¤w%½d¥ÓRÂ&‰VÀ ÌÂÕŸí€Ô¨·Jg’$BV?ë)¢C¹¡!{OKÇ)Ê)¢©Ñtk•q¥æÒáÚË^[ƒßõâ`›åEþqáõÆ >SóZ2‡°ÝýºJ‹Dž{~ù‰e[ì!-2fÀ¥yÃvˆÝQÐ6ì7DUk…N·Õ&? 8´Ð’Ñ…$¤äåPCé€,×ÜÔTÃù¹eÑÕ$‡³Â•dÊT|œcôô^æ?B§†˜…Vºy »ÆTPuïú™’[V>ÿœf*Š¿¢á.>H@s"zFß$IRIžŸXPP)KQA&0ÑY¬|÷øÈèô-u[u,¦\ì¼ÞÎi3²R{N=|µ-m‡WjßÐ×M袱®±§Ï‹¼åª¹Ÿw£8¦¼rÓgÜ×nâÛO¼)ßee2™7üE¶FÁ÷® Bv/*úotIµ}¡h‡aRÀ÷ÞfЈ&ív»Þ¡,ìj£­òG""ºK‡£í8¬öúãd|ާ᨟à6Ý^Þ\A+óŸ0ôÚd Ø®øb´X|(ŽûÔ¥îÒÿ!zƒÑ  ÇÞ¹QÊ×?9úõè_Ïendstream +endobj +1258 0 obj<>/XObject<<>>>>>>endobj +1259 0 obj<>stream +x­WÛnÛF}÷WLf +‹ºØ–äha+q!ÝXQ@/+r)mLr™]ÒŠþ¾gvI™bœ4É /;3gÎ93ü|4¤~i2¢³1EÙÑ ÐùÙ4Óùt‚ŸGøk$%G׋£þÍ9 ‡´HøÙñtB‹˜ðü`@‹(xØȜʤÊJC2•Qi©ÔôI+=J•ÌK¾$(Ö™Pù)=¨<Ö[K…ÑYçmHä$¢HWxVä1ÂÚ­6ñëŧ£õ†gáqƒr#JRü¦zR©\Ëø ˜ÒÝ‹l%Hęʕ-(Õ“ÜX*”á)2ª«»Ó7Âv‚­Ë爖´¯Ì¿‹²Ÿ¤Y¾¦¬²%­$¡Zi×ÿþæ Ñ…äðÚV¥)%B¥¤®ª\˜C¯µAÕ®‘|Ò07¸8ÌÊ n6ÏÙ®Ò˜3°²Á[% ²¤û×P¢Ë¾ÌZ)Q"o¾Ó¿;\˃¾,£¾{Ýõâ™ Wjv§.+£Ê¨rÒ«sò)=4n4Ϲqœ»•Ö2 +rG:qÐ|·M‚¹$ð'G¨Èì +‡!¿Í„A•¥Ê×|L§˜}±uLD•K* ·¨ÆËÃùâ-ß&¡†Dç=Dé%)ªÕ¦­*b÷:ªpzŠwâÉ/ ‡¡3®Ál¹‘Àû…Ç»‘X³¹Çè9˜&¿Lä•H]vžšó½Q‰Š<ífhúZZÊd^y~¾€š×å"“§´ªJ¨•r?ÚÈèÑ5k¥¿ÐñÌaéÌ Ý +T§«Z=µàß:‘‡Ç4ç\@ÐHXœøu›DÜÁ— Ä›ð”C}ïŸÔ.¡ZîuCª}6œ ++úVozl`? 6öQ`ÔáÀ¬Í”=4’2öBYi¸‹£¡×ˆmº±»®¼KÙª(Òݳý¸d'Tc/[6zoØ2^¾vïßD5³{“p:ÄÏÓpÊj_ŽÆ“ÚH.iˆ‰‘À ¦áðN~Q[ùp^„Ì¢ –pgô*•k=¦wÆhãLøY:=½Ñó §ÏA©œ©©ò(­bø:¼:ÁÿðCæqc#­–]ÑIûA÷î2(wÁͽ*Ä;&Ãa å¦ÎJ…Ìc‡tc¤¼¾Ë'³Ê›‘¶ ¸f–Âm²;[‰?ÄVç'`£87b[G{Á)ã4ëŠm•¸àaáQå©s4¼V(.¯ÈöòÊÄ#ÌÏ׆®óHȪ…£a +?bàJ“`¶§»îõ>¥n-û 5üƒOä¾py¸á½hæ +=©bë¯5 +Xš2FÌV2"ƈt.χ…tkšèüÐv£Ó:ozsj `33?U(ÈÕj+ì6| i¡MU®>W’>ò3K¿ø¬©}9òs¬ÅìÆÕõ{ÃÁEÃε›¿˜ÅÇÿ"F36‚7ŠtžHžƒ¨–k¨ 3 á™îñÌ“ÛmPÞáœ{rÙÎÖEê´Ñæ´‚Yâô$UºæˆÁÉsˆĸäNÆŽQ|ñY/‡³ñ°/¬—6ŽÓ–wK—²§i£¬ƒ#)Á®çÊmn«ÒÊ”· ¸oµ¯Ø2á:D¡©˜bì€*AlAv#ÐÓeçw³W¸Ì]¿aܽùŸè4Õ[®=‚óppÞÉ:!ÌØHa”Ë’àƒµšgßxŒ‡ha4{³\>Ìß¿_,—¿û‡žIãé~¥~gjpSdn ¾ÃÐc¥­ x^&³( N¥k£«âUû™«·ìFÎ’°.ðO¨N½ÜE†¯6€q%bR±À‘oº½ÕÑšz†=N¬%ÌÛíî\ÉÅ÷ÑЫ3‰ù¤eŠ "5V¶ñL”¼Gl‘÷)ÈÖmìæh 3K¬ñÉðò´9¿ðßÖäÅ´µ}:_åÑႦzíJM–Á cr0¼¼Æ\Ã/ß´Æ•Z™;„x'Ù#I¶Š"à‘T˜nm S°Xï\LÏ\nq +n>X~# 6'®sɶ²k¬OéxÁíü¡Né.ÅÎ /yB²UZrÕØžÝI¦´>—´©½‚{ƒ4î#š +Ô´ïF{Q]0+t„Oë ¦…Ï=Õ–š¿ˆ†‡¶MÀŸqXžû·þúóÃíÇ»ÂðôŠÑx†¢ùEdEú£˜§µp9|‚ÏC&‘?íY6[u”¨J,­¥þµ‘±ÖÐ5؈~kWX#v ÷a4Vk1³ûV¹ñaþwfLëñ7Ä·öôòŒ..Ç~jÜ_ý}}ÅkÐ' Œ„¨Â²^ºõî Çø,ŸžQo2ÂwwüÈöt>9'ã)¾ôñÂäŒÏy·8úçè?òé eendstream +endobj +1260 0 obj<>/XObject<<>>>>/Annots 720 0 R>>endobj +1261 0 obj<>stream +xWmO9þž_1ªZ5•`“MÒ¼ôˉpE¡©ÐIH•w×!.»ëtí%äßß3¶—lÒR•ªÇö¼<3óÌøG'¦>þÅ4ÐpLiÑéGXNfшFÓ >ð¿’´ä å_1ÿºþ§3žDSŠû}ü.(¢aXåtÓi¯±;žíï¶ÖØ…¦Yûnk]Ð`ð>zßÚm¯±;?[ÁzÛkìNãhÒ¾ÛZcw6‹âönk]Ð0~[»Þùˆâ˜Kk<Ð"sôi‘vi7R–ô(+£tiºhrD‹ù?$ÊŒìJÒ§³“SJ*Q¦+Ju&é®[j €S]²Ìdv÷.¢Nê2ßÒFlÉêw‹ï>ÇÃh…ÝTW8o¼u¥“\¤ ÎAŒ±ÁbMºR÷ª9eºª¤›‹S|‡#…~ô'ÂFš+YZZVºà‹ÊÂ!¶¿’ßµ*#>Ð;0‡–]lu!Ò•*!¿ª%‘¦ºfÙPlW°^®k++’ +ª*Ø& 1òIá<Žá¯qS£à[Ð×à}ƒ1’8Ü®öT1FĶ9ǃÅt/=F$‰{I¯Úþ‘iXüÞÐWÝ®„}khSéòþ¯p¹±vÁþ·Â•ŠÚÈŒܾœþíü^‰GUÞ“ S++àþ¯èbI[]“@´kÃW ÅGfðsdD–áð6i¥ÖÖŸkíR!íJ#?5¥•V6qCN1Ä.r]ç©2S)Ÿ°ð””¥•ðñÚèêAf.V­Œ8+Mұɣ¬@˜¼-[c}æòe¸ÐÜn;É‘)¥°êQ¢ÔÎag¥ƒ)äò·RȤB”µÈq8Ø-·0ÙÎK¸4½òЕP¾u:[&_Š ðÕp‘1v"8H¬fÛÜ IýB€€™"Y c6-©]z¤Ô(ÁÑßE4 °MB|EI2S(oªv¹ ðÕsì[Új«re·G€ãá°œwžµ5”¢ŽBZ<—öãÅÕ ¹½ ÊIùöõ[ëµã)N$À]—Tä‹´…bSçßøök +œP ¦…¾Á‡&pJ4„÷¤M{®†,÷ŒèFÃ̵ÔëüÐ-¢J®uexœœe +«0¹™:)Á…0ê=O3”Hû™¤ç +¤èäúJ=œ+ŠPÎd $ø[60 :WƒlöÒ+—†Â=F[EWšM™äîã ù‚m(×mâØ·ƒ@ƒÂ¢šÖ`lDŽ +©dUâH8“ÝpùÄ‘ìиÙýRDUñ€"roN»ñ­µŸ·XÃKR7Yò“#]7®‚ê˜î 34*‰ãÛuÎ^X—êég0Ò_.¥Ì84m39[Ž¸´w‰ÏÂ9ë ’ÀdÌ„fpÒKŸ_Ñ_Òì`4> YæŸÀñ¬ +›7B 1T#ƒŒA|ø3#÷¡gUÌâ8Ý…âˆPÐ-f=½1àJá èFôjݬ¿bVtái©ee›¤€‘øΨýgcuO]ºh×Þ.UZi£—ÖE›C^ Ÿd;G1+n|ü>’š"oš,ÞwÏWy¬'ß[6¹ ØÒ™ÊÜ´ß;ßoáxî5p<–ÅÃi4 i<Á2ëÞœ\~endstream +endobj +1262 0 obj<>/XObject<<>>>>/Annots 725 0 R>>endobj +1263 0 obj<>stream +x¥XÛrÛ8}÷Wô›4[6e],ÉyÙÊÅÞumìd"e2»¥ˆ„$ŒI@C–õ÷{ºAR“šš©Iʲ%€ÝÓ§O7ôûÅ®ñH³§g×Ñ5>á—!¿|ù×Åh8ŽF4M¢kÊh2ãwx—Òâbx3æ4œO¢ ¯ŽÇÍ;^…!Î&Ñ”&ó?‡Ÿ\ÓæâÝòbp?¡á–ö<Ïh™ˆãkZÆý¥£8תÐärÒ‰)è§åoxæ䑾-bg7fí]–jk}:º’²ÒTzMÅNÓÓ’:Ñ9}v©‰t‹.¿ ÞÔ6 ¶ØW¤_u×æagâÏŸ_]Ó•€²LúÆÆi™è„¦Øµ­Ë"˜˜6Ö­+xÃ7—?ûBÆÙŽ“ˆ–; xŒ'u)9‹ž–O0L€{`¯/M¡Ö)l ±Ûn\¦Œ Œ–rÑè¾ÌZ~I*-v®ÜîÃoÆ&þoo:¡ÅÊÒZð:ƒGL¦Dn;ç„l\òA&Mù(t. ŠÈ„‰,ǪNc®·Æù‘žõ1©ïŽ¯ž×­yYs:9Ù…Îö)¨ä#ú·;hÐàR–7&…ƒMî2y{"‰„”—–vj¿7é‘´8 ’³ÖA9'ýŒ³§ X7,mê’b—eÎF*É:y‡Õïž<k‹ìèA’ö¿hk´-¨p´)øÄÅÁ±íV|ÿ`ŽŠ¤wâ‹ß¬Vâiµ2vÓ «æ<„–ì`m¬B¡Ô¹g!2*-Ðô&EÎñI~0^Ghž*Z¥Þ!ZÅ!ã%1¹ŽQGætog’DÛ^ýàh +]A™-á»f Ue–‹Dçza›çµÈá2ÏL¬é³ŠŸiL«>#Í\ÈW?Iè'›H¡vݽ¹Š´ÂÒ7u’ ¼ìáĪLÓൃ$ˆéHŽÛ«êíôôS1ñû©ÂŽ×<*QVˆ=ÐT‰N°‹¶AòW”!a¬”÷.6Ào«Š©x³ê ‹™‡ ¿kM:@ƒÍÊÓA§iEÌŒ’—½óÞ°*©Ð›:ÅŠÉN;%Z9dõú´Ù s·3)Ž-ŠZ¡€öGr›öƒ5[jQ~ =a½rœºX—©"B;ÿ§sGo“ÌXV•°þ(’zQ&mT´8Å£‰sçݦ—ƒûZÝ[÷zZA'׈ì?ÏÁ‰«©ý`E*åTÛÜ•û”2“âŒ|•J7 ö´vB&#úÈÅâƒñæ9½ÿ€‚nk=jE¹ZÎ¥~µÊµ6Åjeu¥0vµªDë¤äôM¬¡:´T«r:ø«HC +òsYlsµ^£*¥tÄ\Åó¸šb®fÑ|ˆ¿yèƒ,¯FÓY•ÍºdÆ£¯£ßr<ð¨÷:Fʪ­Î{’± tëCŽø4‹´Šdm×°€’VË *0ÓšºÀyë—´kûeÐÎ|KE…)È÷dè Õ Kª·M£h^ƒ™Œ)H8ŠÇXWiŸ\c‡IÈê×ó7¬PòAr°¿ÉÌ ù£‡úúš2µ¢-q†`Œç›ªÑI+ÁðÜHÉ9šÌ&sC ôã1¦}ÉÛÍu•·zl®–›Á¶¬6`Ïꆖ‚~1ú …žƒû?ß. ·`[à{V +“É©¯H‰¨úÂdƈ'¹=¿Õä[êӦؿ ðe¨cD, î©Yï>Þ-Ow¿~]Dw¿Þ[’K,µxÁYªs‰)…oLç”øþ°ˆ'Ú¦±ÿvË—R=qñÅ(>”Tðy¨r•ûk‡^|ùeùéÓÇ?8w+uApìŠÂ-n|ûÍ£á-~ oq—‡£hÑ7žÿB«ÞétB±A+:í’!žá‰1C‚ŸLÙ#yWæ1j}ÍÃåY¨©2|*Œà%Þ„›OÊBʪç/éËýû^è‰‹Ë Ü”ç› Žë +Ä4$ѧ)«l­N:ÀåÙ¼à.%=cë\‚i 7ô¬J¬[mu®pC~|‡²F«b­ÇýRII·¼®sܹp%õȶ‹^@”›Ç•µµÎl2ƃÀ*w(”‰^—¡$ᘺ-"Þç($°R±AË*p€šfUzšÒ ùç¯ D[šž€/ä¶>£_ÜŽi:¹ ãüâíã»·ô9w¿aô§mì…äÃ)¾-˜éj6½ú3t™à{†ÙtnvÃvî–?_üZ(}endstream +endobj +1264 0 obj<>/XObject<<>>>>/Annots 730 0 R>>endobj +1265 0 obj<>stream +xÝX]oÛF}÷¯¸/…œB¢>-Ù}Y8qÜ56Nº•Ú €^F䚘œa9C+Æîþ÷=w†”(º‹EÛ§],~ÜÏsν£_/¦4Á¿)­f4_R\\L¢ ®ðÇ”?~üþb¶ZE Z,®ñYÐüz~ü–Óúb~5‹®h1¿Šf¸»X.¢eóï¾Ý\Œï4Ò&eËëmoB›øò“–dRr{I;i%JdÚX§brÆä–RSQ"wu–)QY™]. KÊÒZ;AÊY™§ýbjŠ…¦ÚJom”)2úÍæËÅ„FÓ9âÛ$—logÜžl±KHè„4ÿá ÙRÆ*}¡Ã^8xŸ”Ëg™{ïù±ªÖ­eðRÀc)2iÉhoqÈîFÞ:»¿(6:õ¦’¤4‚)ɯŸ² Ûˆ6(K'Ÿ`%t&)­LAÓ^nÛK®c"SQçnû†£Nh{9E{uÖL•Ø훨12[¢­(ЭFudE{™—iS!ÝÞ ˜i'@T¶cS”*—d}#jË Â«lo|Õôü’²8¦Q®¶H¸¤4'S•ç(Fœ×‰¹S½|·PJ°(-*…ºsiEž›½ˆJ8'Щ,Ùñ7.:¦96ßñqè7€K‹?ô‚ª ûW†Ðhÿ~ó¢¯'®}ÜêødoãRUÅ™tÞsç[,Ä“‡M¯m@…–1à ¢*DÅÁÆ®ÊG"w£DæÒIŸgføNb¨AH-1…@Evæ+3ÂÖiªb%µCÓÙ\ +놌­¦-ʆ@*¤/ܘö!‹<™Ô²ìœ¬x¯ëbSÕÖÉäÎûµÑJŠÔÉjØO¹—&GêðŸ{nJ µ‰}~Œ;  ú"áÓcǹŸ×¾m(’´¶.î„ëùc<ìųÔG „@óü…ìÞT¸Ä´W ðËE05fm†"”È$â+»ÍÊ O¾!Z»ší±Û.ãÝKÉÁ"¨ jC_g–(†fƒRF/ªà”®eŸˆkƒÞ@Θ„b 'cÀž!™*ôtö‡µÐxü-ÝNKZ Hhƒ•Õ³¬þõûœŒf‹èf¹:‰ó­¦õã[’Z@å‚EëÅ".“º(åâY¨œð"È{#«Êè’öΕßLJÃ!òï–‘©²ñùÓþ=~:¢÷{"çÖzýóOž"Ë 4°ñ€dµJShKêOZ}õØý¬ô|F{Œ.;ô: Ü2Ss#¤Âz}îÜO×~¨ÐZP@䘽ÇO±6‘µ}¾G®q`>ý,‚zTqe¬I!8Äb¡VCúpC±èÑhåð.Hô$"BC £Á³ +ÿ¦tœìÞñx•«£ÕwwäÏÞO>1-À+dRÿî®e;º½Æ×Au½’wº‚ƒYˆšÝ«’gÀo{íoÖ„«Úd4ú…³ŸW5„Ê"gùÖneÞQr5|‘ X²JEÌÚ—BÙ¸6µ£‰Ùé'ô1Р  ¯f)ëåg4´È‡k¾<¸Ô:GWYϱUQ#ú¹‰EΓ‡eŸdWd1´þØzÿHÏŸ­w°Ñ[êAx‘E9[à‡ÝBŠ°*ÙoÊœcKáRŒ{ëuj|¿l•¤3TþŠ1œz8¶zðñmF@ÿù46 0GÀÜ|åÄþÂÑŸVG8iÿ`ÄÅj<Úäž5£bÿkÂA/Ðøº„\°L9Y6{Ujxk`+\ ærƒO\êUI Côó q4_Ü ›m$…}Å'^ã¯ù!ü꙾›ó¢àµ€¯våÀܪst—* A¶vÄ`z¬#j>/XObject<<>>>>/Annots 747 0 R>>endobj +1267 0 obj<>stream +x­XMsÛF½ëWt)Ñ) ü?”Ë–,ÅŽªV¶×dÖåZîa ‰‰€ˆâö·ïë€)ËI6.UIf¦§ûu÷ënüvÒ§~ú4ÐpLIqÒ‹zxÿúüëãÛ“þ¸h4žD*h0Gýæ)§ÙÉdõhÔ¿ˆ.xqrÁ‹òÄ‹ýÞ$šÐÅtŠ=¼Ú‹†Í¯ú=ì¾À™)V‡½1ï•'9;¾Äµ¸|Ì«¸¶}’³½?_LåÞáå„%É“¬NÇPvx9 +gÇ=Üždu0Æ©áh,Z G²*O¼úz~Ò}sAý>Í—ŒÉx:¡y*ôhžtÞ¹ %n½¥*Ó´4¹ö´,]!ïæ4Óåƒ.ÉXú~öy6ÿéîãû÷óï‹ÙÖWº ««ÂÙÅâ‡èªÜ«ù¯'=:ï¡ð<íü‘CÎÊeŸ\yï+U<+›’×­uYïñÊ“ò´u5¥ZG—¨õºtëÒ¨ +¸’·•äM¥#úŒ“çdµNI¥…±ÆW%nyÐTšUVyj±{„ TÖûÙª¨¹I†9s$ $¾“ |XÑ'cS·ñtù("Ú-Œ(äl`A˜© ›Zi[í~ròúæȬEg±ãʹÜïÐ~Ñ<Ó¥&`¨ÔؼG¹K€C +««Lp –PZÂä²ñpcòõ ™%Ãut³€e,°,‚?°?Cœ›ÔA¨ñ]!f±­Æ®Zt$Dˆ`yþ$6`Ü•çnÃ'ÄÎa•2¯—uN¿|ü;ìC08`YRnì½ÿ‘•E Ÿ·NùÙÁv·¤™*b%~s¿\Q‡²ªZÿØízÞ¹ru¸OX‚÷EôIS¦!Š +S–p›ÕJ⊾ã3Ý7I“Pç}ÐÊpÎAt,£…õ6ášå]>Àæ°aÜèÐ~й[ˆ‹Ã³€Ôü¾ Ñ`aPÉC5„/ñ:§Œ=ò ÎuÑí’¼;##"Ÿ`ÞžQœsª’IƒºÔˆ¨Ö…i*qÚssÛôþŠÅ­wfX"vf‰«*ºÓeÉéèMQçˆSŽÞ×7×kàm8?‚ÆÏœ÷ĆƋ›Í&ò÷f½ÞFñ.b£~ìú">Çm•‹²ªÈÏ}Øû7à|ìÃ?aÔU^e®^e„j–ÏÀM*/‚7S)`ó”ª-3–¢7×gtãRz­¬ªÂG÷Z¯ý »DÙ=s®Á8ÿ»XŽóLÑЄóu¤Ó:Ruˆñ징ãŒcªDÆfà|Úêoàê;ã“£Ì×·of`ˉ*#Õø‹IÙMÌÒww·®{‰4ñÀî7®P $±ûk¯x¦6ç\%q?J\Ñýo~Ÿä][¥øÿðì_WïÍüƒ0—(çòd7»{M~­“@xû0Þ+º6Ãï¨0Ié¼[BY(×$tÙMËU—Ýðª{>D“É„ú£P̓ñ¤!¸–¿&Ñ´ p[ +ü™ŽqK+Tofñ}©c<9ì˜ãýßÀ}_‚ìnù"”5&"E¶.b ±ãöR3g¤t *¢·¨I¡ñxF»<ù=Î?£$7É=3­0)¾ö’}OkVS¸$¡"ÙÝ¡`ÎhGê³z½v¥ß[Ù‘RöõsRþhç!bãÖä ²ù·*K³$m$b¨ówo‘÷¿”Ð*kq^ÙÉ‚§C·ÌvÔ J-wÃ7RVž·©³§èç˜"÷ZªØÕUÐïœõƒ²@‡Ýk ]šVE£¼Ä̱Ũq¸'ÈD¡ÖÞƒ2Y†³Ò°(9Hë\+w±P¥Ü±oë-®òÚz˜Wh Å—ŠæƒËk[iÔÐ3îG[‹ˆ¿ —-Úô`Â{¢_ÕªT|–UGOë„c­ÊÊ$(’èÙ´ªjNˆêð}e +´¸W½;þkLà‹OcÄ­ þ”o{Á¬ Ë88 +Wê*|›Ž_©ðÃËó Fm#²á¾fr×Ω+™'žbÕjϳ²Ï¡ÃGwˆW^ +©è¿-^áT[°bèè=Šož2X±Šó­xY¼Š°×ÃC +H>£17Ú¥4Àg %Ç„4@ǹu8Š ü×*Çù¿!œÁ_.!–+:ùß¼[Ìij¤…k¿ÁÝ[pWH¤VHä£èúŸ³]ãÇažòè³aBâŒÈaرQI¦“{È0h&ëoPëç%b^,Ô=º¸Ú´'r³Ì‹qiôò # OYKüµ+𬳜-Ìãí/å"…óðöÈí±FÜh“ +é\i¸Çúu}G-Üô‘¶‰K!½aO‹Nƒd‚¶×ã81q9”>º ºt=æ?˜¬ 4Ë[¼ú^žäÁrGNèÛÈšeµ¥ÓÛÓ‚ Oærƒ¾ÑŸÂZÄ¿ß{”3G‰ÎÞžÙú©ÏñmVX ;aeýô°^ò©çÔŸè~àÜqxa_ÌK<â2—£›L2žå8*……d¤cfcêÇ_Ž ²“ôÏ0ºk Î4˜LjÄ‘Mí±”¨ä\:° 'Ô)dÖ$*èN ×Ú!BH0ÂWÖ%_Ç>)MÌ\{ts!v"BØC¢5«Ê} ·íÛ*kÎâ@j¨SmÉÙ æe‘&Ætü~YiË7<¥^A•…ËÀ’öU‹¯b§ËðŒÝÁAÏXW<˜j•ã-Ïô0H1ëòL$ÙlÙ¨2$º•vÙùBøôõÁu,mÝg°JMò:}6ÄJµR2p=íwr‡1C¾)mJC :×°TÇ5Až;å3‡æÙ¡ƒ¿ƒ^DBÅþRDx-Xiäyeà3¾#Fèi+d­Øïì%$D¥ÁxKyÄìÉn +^ó/`ò,Ú.xˆxÆ“.xÚ4|ýá4š^ipÉ×:³«»×Wô¡t¿2ÕÜ4S¼|‘˜èããco:¤óÉ@æ—>úl$טð¡C:gf+i¤¥Yæ/‰“ñ4|i˜LXÎOó“œüäø:Üendstream +endobj +1268 0 obj<>/XObject<<>>>>/Annots 752 0 R>>endobj +1269 0 obj<>stream +x•XÑrÛ¸}÷W܇ÎTéÈ´$Û’¼í´cgÔ3µãµÔfô‘ ˆ˜$”¢¿ï¹(ÓÜô¡ÙlÆ àÞsÏ9÷BßϦ4ÁSZÌèrNiu6I&ø„ÿ™ò?/ŸÏæ“dI×ËIrEM¯¯O¿•´:›]^%—t=_$3<]Ï“IüŸbºž.°âj¹ÀÏ3üo$ågw볋OW4Ò:ç³çË­3î„Öéh3zÖÖªmyÜ| ‡œŽº¥Bì% JuÕ”ÒIª¥«tMΈTÒfD¹Ñ¹B’nd­êéÜÿÚ¨F’ÓþgiŒ6´ùðaýíì|BçÓKĽÎF¼*j²²Îü‹I>Þ>S®Jié Ë2á5ŸÒôùø\^R·Ãfv=¡ðJ—W|ã|6t8ä¹”Â"”BÕ¯8Íȼ-Ë#me®ŠpN¤x´CŽ™NÛJÖŽÃFT²ªL裮­Ê¤¡FXÇ/r²F–r/jÇG÷j„q–TóÞêìØáQIkÅN&´Ær+ª­ ÞŸ7,•Åª°Â¹T´; ÜV[ ,©üÁ ÑCGe‰’ÈÌ—¨ñ§UC¶Ú&©®sÃ+3¥L™:mŽÿø9²l=dçø³«äf¾ óË›dÎÐþS=ÐN:Ä +ÿ.«xHW@Õí¿ÖZ>ÚZTŒi¥÷ÈÄ3Jü£qĈ %5%“Ytˆe‚>–š”óÔéÓí3#ì+ö^mfG#*œk~¹¸ðµH|}mvïßöå·Ç”–*}%!Ä/Á+ë¨Ržé"й>½ ¾Ž8ŽhÕ66ž=o‚t^ÿk]h+O °P8 öòpV‡ø(¡/ ®4…h,„&ßgäÝ&ä/ÍàY—m¯hQK™®ÿì¨Ñœq µí¤ÎøA»¯^(*ëÊ:uRàë·ïø'9œñG¹ˆ-êïã{³‘e@ÖÂiÚºä\!p´Ñ)ÿ’CAXŽ[ >Ä1I’à3=Ï€Néfì`3ƒF74…ÿåàä2™ÞàLpsɼžÎ’eB¿jàZ³þÑ%Á.諪3}°tóãâñþ=гY2›L±× Ê» =×e© †…êøQ:lk©jÓ¢3mÔNÕ¢¤_¿<Þ><%î‡ .عWºµ0,U§e›!Ûƒryx†÷XñØÛ²3ŒÂ–ÊÒ˜1Y ž×JÏ£ôkȤ“9èÙÈ”—ÞgŠcÓ¿-§àÏ|Ÿ5”°=Ò‹J a2~Ô×Û +62ÈðŠๅux€™õ‚Ú¼îŒn‚”Hþ©CÒ'©³}ï¼™ISYÆ ˆ×ÐÖ "xœ5S9H%kø÷dW¥ 5jÛ:±å>ÓâŒÚ©Tøòds¿Àja­¬09wŽxì¹€‚¶ˆ´Ô¨‰ÔóÑx ,¡ÛÒêññA$a *_Àý¹ B;ƒ¦‚ó°Qk¥A/ñ¦z$Ûú×CïêÅŒvL'ì×ቈPj¬ÞK38}3zZÇ'Þl4rG¯8Z'ê‰&o/Ù`TRÙ1÷äLK㈛ª Œ õÓgªõaó¡ããÉã¡€ÕãÛ û3V˜Ð’¸ÓÅúØ–Ûí°Î…*øºIĆBôÙÄfÖ-´…nKpÈ4ÃN|"N+–Ÿª¡ch?'ô4 åmíU*Jå|/ !r|à@ÇPT³Àšr1¿‰ÇȦD]PJ°ãîåË×ÕÃÓgÖuBŽbä(x­Qîq jÇdÏ\íÐÚƒq×jf±´¡(C´¬mQœ®)àu/åyXÙi¦Ò™,½Ð †´µlˆ“«ÜU‹À•gî²õÛ‚ÝÆ1ÀÔ¨Æ1aó˜ ›§:86\ôqu2Rþµ‡+¿ß{zó{´Ùžz—00èý0r¦9Æ7ï ïÒˆw”ü +±3Ûz´dùv”:([ ÊÔ +Êh‘¥Ìv#¿`ˆ•£]1<3ƒùäÊà5]óà;ÊÈÕÄl¦$é›Þtö <g*<ˆiƒÆBa»f ËÂ`keäš¿È*…0ˆcšÃ,e'²)€B2óŒCaѯy¶ç©æG^]ÖµÊ0í#ãÔH×ÃÞõ%ì;#X è3€ïRyÜ P F^dŒI•mæí%°8•=D–!&§|êXRYYî ìçj•ªº ] +㮆™g$‘<€Áê3êÐ,}oRíšš-ßb•´Ô8–»í^ãôèüцŠ m¡¢_äýÀú1‡Ý¼¯~65Ñþ,#®rßÓ0Ž¥ì•ð|% ¨ý5,íˆnZðsPÛ­p ¿¿'˜Ðà°c”}'HVF–º‰ù5œŒ™"¶HÔ'“öÕi4]¼¾žèêv˜è]¸,•þq<‡ïj×ë஀½õʵwìd¨³+ V¯ÔšC´_•“ øq*Â4È“+6Xû…ŸãÎüv€šb9)•ÇÅßÃsOÀÝ0¯¨¶Ý¦¦ª¡Á-á_¾F±‚!A\¸²ú{" å5w_Väo1a‚ûÛ4ý;·ÉþãR¥ FN ¶GÞ5àîp +’¸µI°ç;Í‘ý#|1»hÅ¡q ˆ8x<;%·@¢6ø³ºùÏý‹/9®×Ô9å4ñc2>9Ý÷ÖoXãT?ËÖг÷Kß²Ç\*8q2„yÁû-2µ~ó; ºýd‹aÞÏÿŒ†/Þ‚w;¤}NAwßÌBП–ñ®5½Â·ËKš/–É|~ÍÓýêöñî–žþ†Ø1å‡K¿'0ù|Š¯UxÉùb†oEþŸÛÀÕâ*YÌ—øjËKÞí~}öÛÙºÉGendstream +endobj +1270 0 obj<>/XObject<<>>>>>>endobj +1271 0 obj<>stream +xXkoÛÊýî_1uQÔlÚzXEaÇö­k;”¦ôeE.ÍI®.—Œ¢ß3³\J¦Ý¦m‚8ó<ç̬;Ðþh:¤Ñ„ââè"º ËÑ?dz)~ñ¯Ò”Êù4õ¯_/ÎïÆ4Ð2e“Ù”– ÁÎÅ-ã“e¦)Î.kª3]Rbµ#EºþúâjõÅéêWûlKxù­Ñ®>¥mfâ _ëÊèïx¯Q© +M6•Ï ^ù££œßú°üvtAgƒQ4„×WfSG|õ …Ë£ˆø®œ 'јŸì‡Û²Ôq oVœ >–ËòWeBN«*ÎPj+¥þøÖ¯Vi¥“Õ*ê¸O¹ÞgäRu…eê/Ä;âм©ßäçõ{—oR;•*¢M?¥u?þÜÚOñOw÷¿DŸž~õÜØÜĆù¼FtÏj>ꟶ:À´÷ÊðN¢A‘¦>Ñó»9  G)„é’ÎÆc™Á0šEƒˆ>Ú25ÏM¥j¼/]]51vbÝÚê…D¥g±—a´cÈ*,*W03“¦ºÒL°5^ÔbEŸn>J ŠþÄnÍxYA™êL¬ƒi©š}Aè;)ý¤œC( Á|µÛH¬x”‰Éš²$°ëF`p~·CälÍx.!þÕp2éÞç&7;Áß~þpÛ±7±â}cÓÎQ¡âÌ”ªq5©8†R×îòz6DCæûœ1>*9z(Z¨bí«¹5yN*w^à‰éµðUi[ï—mÎÃa4¼àñ„ôF~”a.T¦ÞQa¡ALÍB9ž ë +ÒU¯åBÁIt1¹lûÎC‹ÿQª·ècÁŒ“éV¨Ñ4tŒ' Ö@^6äX¾~È.Oƒˆ$GÊÅšñÂâJ‰^«“à`ôxoœkdLo3 ¨2Â0ðÒ¾°·)Ý–MŠtc¥À{]Ù<Ç›À¬;¬TŽ-öÙ +<–-@°ÆÈròeqûù5N$²e¾{mµÝ5¤m¨0*A\g¥‰U+Î1Ó½ÝÎÕâ¯WŸo{¾¤a|í 8!•ÀúÎÀÍÓÃÕýcßw»ïéöóßߤ屌s|5G’ßèô]UÆkäcñp-CrlUyW" F»]ÅuÃ6Xó`зÕqxÀ> #s-é Q¢˜¯ºîiQp(؆äQßfä^‰ZX‹R •[ñ\YfK²Í2X>{VÝ|Œèkfl +…n!:xcê›5n¿BœêùlUt îÕ‰’­ éŸzš‰?4#ñËʉR€W_^ÆQ\ÃeÐךÒWX¢WÂD`dõ]?[‹Ý1ÑŠ#t6¢bb»Ì6y‚&ºX39¡¶R8µÔ±ÒÏð)w4yìü~°æYp}ÿ´-™¡nD§2È 1a)ëfP&¿rŠ6ä6fzó£Ráv,„'Z]õy?7ÆeÝ4Á+½â¶ÃEl=\ûB åéŠ%ÙÑÖøeo/üšÛñÑßÀLë$ õÑni­bQ~¥S `I:¸·„b#}¨¢¨ªH +W¹¤ãŽE–Ë€oµ½—YfiT4øð\»h5ës­$@Î:½ý®r“p™yka#|ðàßž€œ¬%ÝóË,¤”'‹CÛû F¸ +e»¬NøÛñ& hÒñê½”<îe9Vkì>©^éùõ}à¬#šÏÿÎaµ)0þ¤¥>ŠPø‚ÜZ=ˆ;uXOh™Dž]=§Ò Ð¿€wšpŒ=µÂ‘©ÆiÔÅŸO‹åËÕêDN˜=*çÅm'óîN©2ÏYý—Õ~© ¸ «@‡‡CÌ­í XíÔj‰´08Åá/Ñ©)à€G®ß'¸ãîözÁÊ â…kç´ßExíoEDå[µ;À¨£c +Õj2HÕi®­]Mö›i»›Œ°•úÝDöÓáÞOº¹†€¶ªàš|a¼jÏ{œÑùݤÚóËh6DMgÑØ»x|ZÞþÎ?~¹pÒêήÙll%d=.Û”f­·é NF4ÁÿÓ‰l[‹«‡ë+Ží¸H76nx_’Ù)ýLðËوΦCYLÿ¿ }<ÃáÌï¶Ó9[¾]ýíè_Š{ endstream +endobj +1272 0 obj<>/XObject<<>>>>>>endobj +1273 0 obj<>stream +x¥WkoÛFüî_± `Ä$F¢=ôCœ6­ÔMmÁ‘<Š“<…w ãßÙ;R”)·)Ú$ò»³3³«ÏgSšàoJËf Š‹³I0¡§ËI° ùj‰Ï!þW’R÷b¶^Oz1]†¿˜ONŸ_mΞ¼œÓtJ›—/VKÚ$„‹'ÚÄW2Õ¸1Q&®QåŽ2ÝÕë2U»ï*- +~±¯tªriF¤,)Cµ‘ióZ#¥Ûö»*×(§› Ź’¥5—›OgOgAˆ»/T±Ïed3i­÷˜ ].‚9¯ó§µgà+èFÚwFV?I{]¦`}®¥ÁIšâꋬøÛNºã9Èê±9ÄN¹Ž…Uº ègÝH,ñÆA„f¯K„–hi¨Ô–2ñ…Ð.„aä^TÂÊÓƒ)U2OF¤ËüÎÅÔFéñe¢’m2ÀWHQ¬vp»Ï»C›°i[©ØÊ„s‹$—C•'Ç'ª’±ÕÕÝPöå8‚òíó_^é.éÍë–#j2gL+B,Dyç³âÒ—q^'|ÿ.eFf —¤œtzo—Þ dêý^WÖÝ­bº%*MeÅ´á ¨æ~òr}àù8\yMÃ`„Á4à-‰n ‰-¹8èc‰Œ;nÀì6ìíd\.ïw¹ŽDþˆÆL*ÎÑQÀÚÁ3ÏÀTç¹n±íG.¿ +Àöò™¿xBk/Íq8÷!ç®${a3úž¶ø×ÁàØÝe2¾ñòíöüÝv[@Ðí~ø@z¬® j“ÈTÔ¹Ô2'õÞ¥O|íù?°=lD¥($XÍïŒ("áå¶Ý2ÅùÝ!®ªtënÎù €Q}QñPg¸'® ~ÐZÔV(G,rÜyé¼gц×íè:¥;];IÔά@BÄ­€ð_&]ØÈ-ÿXÔÆ~p³·Ò­uš$³—±“®¶GEˆ*ÐFŠ(—Žfa„“)Ãe°š9G{ŸßÆ9… QïÖ S;dÃ`WÕðÎc Ô…2vö‹BSNrX •-§¼µ ¢? Ãà#i)KÈmÍzüï/bèæ× ']y×$û£KÙÅÇöNÌ™àƒgM§§ñ!çu—s««°×¬ÿ¿è +ÛZ|µ\œËç‘/óà"«@2+«€Þºªg‚ݹAòÈ>/XObject<<>>>>>>endobj +1275 0 obj<>stream +xXïoÛFýî¿b /r‰±GvÇIÑ ±ã»(×+ª X‘+ic’Ëî.# èof¹”ʤÅáùArgæÍ›7oýûÉŒÎðkF—çôlNyuòjqòôÇ4›Ñb'ó«KZt–Ñ"?gWÙyv‘Ñ/¦.ìÎÓ‹ÿн³kSjú CÛALJ ¸~›N= e'ƒ‘ÿŸ L¬?NÏŸÓô9˜ÅícÍSv ÍäÐzÖGhs]ZU Å"Üô?ÕÒÅVa”¿y ”wT8ÝY°¦ìq‹hG"'y“€”±¶åÎ4¡Ñaj˜L—NüÀªäÒÔ' +uãû—™Ò8á mún:I‡ ˆ„§™£é hE+HmXa"! 7¹F5ÙluFù¬ŠTEê"Ô:bPcxÖX–}K&”qee ‰ÂýÆò3¡¦€ šÌÜý õA«‚súÒúá¼>ûªïͺË]÷ªZ±2îÍx$‰.O1e¢ÍxÑ¥GH_†G?¢2¬´r8pôä¨FN¾ç€jqdLÎKý_ŒG—KÏ¥!e âk™Òøþ tG<© +»µi°Ø°jÂòÉDD,cpZ¼.:P‡M{n N’þîc¥ác|+Ò¾nËrO_UiŠèNÑÄŽ”Dz oJ‘$>^àåþXë·5°ÙÀ­4¾Ôc)pËË×ÒNóiŒSAåûG·hŒ=?þË +òΣÊBÝá‡Úùw†§ˆŽj"`‡·eÁ¾H­`× §ú‘—H¬7O`%`— מ|£s³6¨´cä(6¯Qa;°T`[Íš—m§ÓÇ^ïï,áý÷}`ò$#-îç.4 –)ÙϤ*9v6*1#x» ëcôm#¡Û`~(G©c»¦åi×ON (R1Ä _Uزª˜ÚAVâ5jz9]>/ivP™.P¬¤u8¼óϘp±bSöb,ãž1õAÓ¤ZñÀRAòj}§Æ´gLÿ0Ò Ítï¸÷X…\SÚ÷Md="ש^Ay5¨‚%¶Òð±)p2rO¿.ApXMµ~쯫Òû}¿É ãØ€Ìð^h)v÷†õlá–|â—­ßH_ŽÖ÷ѧ­<®e°À{¿0 +ÀˆM×÷¬è:Øã¾^œ™ïTŸk£þ8íbB¦…K|;ŽJUZû€Ü_v}Lö姟ßüúùÝû›ëwŸo¯o~z{÷f¹ìVÆryÓ:\›Â¿ãÝw¹¼—Üwp| ç“ÎéÌìÓ¯ºŸÌ.㳫g4ŸÏ³9'ýáúöÕ5ÛÙ/|µymó¶ÂÙŠï®ñ°ù¥|0½>/XObject<<>>>>>>endobj +1277 0 obj<>stream +xX]oÛF|÷¯8(ê-ɶ>Ü'§nZáÖ*Œ" +‚y/"yÌÝQŠþ}g÷H‰¢óÐN…¼Ý™Ýó·‹‘â÷HLÇâz"âüb Åõ|Ž?ofSü9Æ—Ub}ñ~qqõáFŒFb±¦g'³©X$χb_L%ö:ËÄZ‰…P…·‡¾X+”ŒSQ9eû¬ų5k©géÓH<¯„O•ˆMáñŠ£'|ªØªƒX^fz«²ƒðF¬Ô»Å׋ÁP F×ѱ/ã»århfï–Ë2œŠï(P!sµ|ק“ ‘¨LÕQèÐV|ÎŽ¢[õ­ÒV%œeDg<‰n(Χ߾kÏIZµÑe •hoìg~òê䆥•ÛëýßOO¿ÓI'Ø.ÅerÒÅæµã?‘JŒó"C8d¥ ~®ùò’QP]ˆZYü„¤ÛÒٹЄ;àIåN¿ƒÐyi¬—…¥™rÂ!#äb8mQ‚ÛzS +¬‹²†œ„'œ—Ö‹\UÔ&áœêv¹çærKI±’ñ¶*)CÊ‹IRR°ÈJ%*Y¾ë²¸ Q±B¹Bb]­×À™´*7»†ŽÌÄ2ƒö¬’ÉÀ_ª“Br°‘säå» •‡ûEÍŽ¶djEžØì ‰ zSü¨WÙë‹^¡|jLBßžÀë¡ìDôpÞÆÊÜõ Ú,QÖq…tätâ:”>ÌÇA»NI‹æ£.¤ˆÔ?;=¿þ)JéÜÞØd£=©vB´‘ZK9g ‘º´?Ƈ$—7§à +2³¸¬+ Ï*æ·"Î4:ýüíÛ·oÇ©ŠY›oP¢A¶„…€'§”è!”IŸôH™±Õ+ˆU®ÌŽ€lùáw¦ËÿÏÇû§€F·¾ø ã8VÓÔ>  Æ·bp=&Ñ# öUæ _©3×Ü1d†;™¯$¨IÔªÚ@øR;<¬ÏïôwÍB !$”sEg« R¢A,ÊʘÑ!tÔè*È€t—I•s×Bl¹)"õ]…3c¶¬ê2e-¯È‚ÒZŽˆBÈïƒUırœ&Lÿi!€ìŽœr+¢uyþµF椳š>wª™0pÿàtÇs×–£}”[¸ÓYÁ*1ßéì0JèûRn£â(êNàD¨æ ”NÚ§’]¾\¢áV¨R¿ðëì;™Aʼ?'|õa~ ãYhÅÑ8šEãJ­{I¼»E§{Âo¢!Å>Í‹⯄¦äþ­A`Ž»ÕàóŸÈ$4p£ä£êá„$;Œ–H,` 5#ÊÉž8±Ì®à¬f/\©b½Ö€Ñ§ÖT›”må¬ûJ õaàZ†b<ŽÆCÒxÍ®ylʶq&FCYmæSLD àè@¨Ä7Ì¡¿Ä/îŒAÕr™š\Æ}`/Ñ.FŸÓtòDÈ Ö©h¥b ” +@¡xVp.uáñ¼CªÀp ^ñý‰C.e¤ •¨âKaü¸šq¼¢´ÔŠÕ¤ ŽV*40@½ Ñ©ƒp>wÒÛbúó¸Øô¡OT€ò(#:Ž6N•5µbmMþ6ó°´ Þò!à|MíUSðÄgĽÜÁ³ä +E¶H86­ô\/_w'VïTÄ…w]jª,!‘ Ú^z×ëäŒy¶£,lôvݘÇw!óµ*3Ç^,Ô¾ M,õN4Ò,s¨2¬¦Ç™ˆ.Dç5=ør\Á¾ tHh8†fÁó©Êà 7uÝ´ãTˆ˜ˆ<ÌN™„næLÓ}@‰yüð ÃìpJCäé4”!hf)aUpTÖËÞj¬µ¥²¹vôA¸gÖ×U–uÂ×ùœ4EHGaŸ89Ûy:XuÞ¶ìš[§î6lïä&”B½œÑ ØGD¹3UøM%Rh§ U岨0'ÌPëîÀlKȉV(šð¥NŒQP¡\•C5«*ÀÓ O,zEÛ4¹bpzA5$P](ueq«P,ö¯8&'î ¤¿ŸßöERaÚg@Âd‹F]p`zè„—›cÉêïPtÿŽs„hïÇÈ!<f,6XÉ Hí—†çóCk·¦Æc˜¦ íG +ú4ÿBNät©WJ‚¦ÀŽ‰G| w_–™®gÁƒô2,¤†z+Ìi©íÔÜ{7ÚfŸN‹í ß +>âVP/¶p°Øž #àíT¶&Ìë›ð }ØeM{7kËʲÄæËk ùN¸ºà’;Ë»…µ‚‰²²%<œ"Æ•ÅÈ÷Ð`Ulá}E§±‘±þÐX$¤3_ÂÕàWÜb­Éij,TÆÂ6åY‡M¿áÑÐæÁVïKõ ZþèxËrë{tY²B!,Zdز(›Ø }ÜlŽ¼®ü‡Y’¢±ÍáÆÄ»@“ßȬ:ÁÏ­(…¥®µ] ¸ú_´GûÊÂ1S‚W¢K¸xôL"ùŽ E3ºWfõÒ4šàG³küŒá&šLniu~¹ÿøþž®î_©®£×1­És(¿AóÊ`:æÛH½l ²Ö›Êwz,p{¯xv¸;ñR/íïz5ý‡4¢/—7Ó›h:™á‡$Hb6¦X¿-.þºødŽ¨mendstream +endobj +1278 0 obj<>/XObject<<>>>>>>endobj +1279 0 obj<>stream +x}WïoÛ6ýž¿â``[ ÄŒíøg€~H›°8Yã¡æ! %:æ,‘ªHÅñ¿w¤äjZ׶\›âݽ÷îÝùëÙø;¤Ùˆ.§”äg1 É`(f4žÏð~„W©h¾bò½/†ƒ©¸ì~ñ~uvñiLÃ!­¶4‰ÅhDÓùDL¦sZ¥„Hƒ­’7fû$£á@VÏ‹õI“±^'ŠüNzZ®è‹-÷ÎK¯­!¯²ÌQ^©=iG©=˜ÌÊT›g’T”v«3¤\ÚœäÛÕßgê/ÅA߸Ì(Óf/è°S~§JDÁø'_É,;âE‰têœlÙ:¥Ž9‹à‰5[ý\•1'í\…ÓÒÑQyØoE¬ÌÞ ¿óXM.÷ÊukzB +fÿOptN0¤D!_kBdI¹ôž3¶´QÂJålö¢Ò¿D“Àh*Æ\r„wt‚Wnù'ó¤T?+çQN‰ç kRe®+‡S[[™•™/à +¥—¹JÏ;¶jð4xy3£ÒšŽ:.î~Áõ•É”sÔs*©Jíô.„í…€=äR‹h ÏB:w°eêpø¨\Öoœb9€q¦ýãòÃç?V·÷Ká_ýú-“ØC×!šË(~Ú©èéBÈ46NÝŠ£­Êåêt”RAu€Æn9 §È¬UGeMAsœ¤ŒÌ)w‚T™$ ô409Vö¯×KÀÈgWCX› +Ü9¢ù­|xžÙk„Ðh_ÿ¢Lè#cË<¨½T_+]â¦Í±“ Ø/)É”,û^½úo¡¢ÆÀIGb“¦ƒs h›çæ`‰Ò&É §•\…\¹×€nxß4ïS”º{:ɹ©‚Ñ D?å•óO¬°…àú劫7×+p~²ç–1©ô¶<6AÏ›sw×ËXÈŧEmRýÚ¥ú£…˜_ÃŽÄ\ŒÄTÐm`4¡yƒ|ßoׂc[ Ë-ÃÔ[çmAйB%z{ ^e•ô;T£ã/3½Gu€«ÌlýØpeî—¦¨1ÄÀIt+ìh)±U–6‘âí|a. C:Ì9 UþKkÁó$òŠÍþx÷¾n`o™e‡e…"_|× ‹¹«]U¶ñßQi óà Ú<ÚT ôLÐãN– ÏC4rŠýA)C_“à ‘0ƒHŤ¦q8˜`¶Lq÷¬¡ñÁz~PMtùÆ>WèÁ ¾“/ŠG¥*SG{—ú¬–†ò +µ~ËúßIÌâÉ­¬2 <ƒ¢ Œž5þü´ÄëwÁ]Ô‹Ñi0ò`))ê¹)z;aýw¸êñeÁeú‘¶õš5fd®ÄÃÍcô¶-WÔÊ‚´÷÷qéµøx×AùÿÙ=ÕÓ£/^AÍ;«Ñºi)™ìÝÖ±(&ø7¹;ácy3Ê õªº›@„ˆw¨na©¬L\XFÉÕz}ÐÆxðèpN{’©ˆ]uú?#m7/ÚV8ca8®^5Vv°Ní0êŤo Îï¬óÿ™Vëá¤f%tj¨Û)OU¡ÄgÇì[ø>L°ØöâZF ïD­‰Ã# ÐaAE…ÖZ‰äN…¡L°–Žçm£ª·µÓ(ÅuÐ +ë%,žaՌƅ/ +¥½cZ´Fì9»þFn¢HSÛI'ÈÌë\]°%b, É0]t4±°þ¡¢°†Ÿ†+1*¬oEí£±êÖnCaÉäXíU˜¡Ùê¬qÄxoÜà[èØô|†_Ö^•N“ëzQ&Hc%õ¥äk-Ð2Ýã8öô”Zå°f—Ò¸-\蔇²kª°µò"Ìü·6ƒÿ|é7L]Nš‘‚µtsw}»|úp¿\}¾ÿ•WNºj¯ +76—Hñ§h³:3üŒ +«ùÏôÈk8zñ©™^£‘ †ÐÄB âò`ÓÌà}3¹îêaŸœ7so<ó9ÿÈšŠé"¬/×wï¯y’þ²èÆ&ïda­àgûCl<ƒù%õg#üKßÔS˜ómýÀ¹5ΗU–Ú+zTÞó|F¿|¶2ç·ÁÔ%t_<žÅ ¿óÂ¥óKþèãêì·³üÀ¯Éendstream +endobj +1280 0 obj<>/XObject<<>>>>>>endobj +1281 0 obj<>stream +xW]OÜH|çW´"EÙH¬a² N‚@î¸; Ç¡“öeÖ㠶Ǚ³ñýú«žñc8]Ä ëéîêªêö÷íãoFGs:XPRîœÅ;{_i6£8£ù<šïÏhqü)ú´8¦8¥ýhŸâdçÊ’¨kY¥êm„%mÔƒªDQ´$—k#SZ·ô»Î+úbijëŒ ‘Ë%-E¹¸*JUJ8LUIѤx)—FR¦ÍÇøÛÎtŸ¦³ƒhŽØ“Z['rmÄwö¾,º,§]šÓùQt|ཾ‰/è$<¶-fB1ââ„’ÞëR¨Š>ëÊ]Ò¼óY k+ÉÈB8äá4)‡_™4ü¿®$ÙZ&*S •Ϧ\ ×*+§á”®8ä e— G‰¨¨©Ri™Š–Wg”úø½ÊÃRm”öñîU•ê¥ë˜–Ò—ôJy÷L$MýúÉÕÇÈKΊuƒm¦ñº¦›åޜ;bïÒ9¬°ÐWár_£‡ÁãOV•ªãbÁQÑÙ]šÌµM®’ÜkmPê•ŠBƒŒ ?`÷¸}±¦RT-ÕRƒ}Üoø[‡õÐG’5¼Þ…©îز¤’B +(ÂÊŒO¾@KÛAd²-\­D^ö¶kº™û^ùÀbjr‰¡¿Ì ‡À)蔵Ï]$•6}=@F9% +õO`“ª ·2üÏÂcT™P*ÁY« W#¿7pï» +¾.d #A–žd¦©<²à^EHBVOÊèªÄQ"}¢šoÖø‘&NÑY-pÏÜBFëÙ|ËEMÛJ”xƒÇR¡E*Öèg¡ÖÖ١ĹWɳŒšZW]BŒ"q»|ë0Æ‹Õ± Kî´Ëƒõa €OáW)Zªd0l ™CïÒ b fˆj=ÎüàȘJñ07öŽžœ…Æ4 +®Ï, _ŠIÌõrrx—`{ʾ_Öœ(f_[ã^7A± øu`àoŸOV«ûËëëxµú…Þ&p}Cï—žÖ·Z»÷«Uøq0_­X6ê¡ëÑÖ,¹%ˆÇšïÓð\-àê5³%¢ŸÎuœ©Lrý"Ó7òBOÔ“ôóŴКN‹žô­n`-v ­„¾2P®P0o3LQ~mÛ"vÿÐ&MŠ…æîŽx»%7îw+’•IÓo?ƒV€«¢[(†(îR?˜‡›‡—XØ|°q¼œF>K :çÌ1àFé1G–Ÿïn/㿻 \;+x{ïþy3 {X)» +ÇÈÆhêK®€<$y*Ácè÷Õž&Øìöøö©pïð*’ú}ÅÏlÕ6P KaÐ2¿k¼ø„b*úq8eŠøÀ£×Wás²Á‡ ÔÞ£¾ÝX8úÞ—ãnlÍGÑþñ>cçÑbñ‰×sÚÙ)v\ý DÅæš4¼‹ô_pÓí+Ó£9¾vÓÉlGóˆ?1¾ö¤Kìòl8ü-u‚]ÖùïðýVc`´zˆÅ;?'uxtáKÚz|È—.â¿vþ\³9Kendstream +endobj +1282 0 obj<>/XObject<<>>>>>>endobj +1283 0 obj<>stream +xmT]Oã0|ï¯Ø·+¤M)Màò!ñp…£9¡“xq’Mkˆã`;ôúïoì´GÕ;5•{wggvìALcübJ&t>£B Æј.â$Jiš&xŸào˜ªÁ<Œî§Ç”UH™¥ e%!|<¦¬ŠÂIݠβ¡µ°ÈúèØ:.IZjÙ(éüÇFºµlÈ­™j‰5KºÂ—p!óBü”5¯Ø¾žD'ÙÛ`Lg“Y4Ü0CÖR¨\c¡óɈ×eW 2°¬¥Ûöå +ÑPÙ©6@½È¦ÔK‹Œ–×ßI6N“Uy+¬Ý”Ti£„»"˼ŒÏ£‰¼[Ü<ÿzÊ‘ûí| rûpOÏWÑ”4j»|d}‡£vвա†…»ö•4µPéÐë²£Q¶†t•(zVx‡¸UWSÞ9½F;Ê™XXYoý^I %U[³âP`j¸­e!Âp°Ù‹g·˜‹²ÇêîEò,_´y_ݵö”öë—§äIî¿!¦³.”·aoÉæ“õíQ+Œ“…l…c¨Fâˆê­VË–‹Îø©õ]õÃ×B7Î身|{ˆ ƒˆ`š`œ¹A¼1\8(ÌJ®:Ãåžá~œ×µÒ˜#Ke¿‘uÝ;éqqGOF*Í]s7û& ½Ÿno`IzpÞÑ%[iD^sß0‹b}Xñˆkh¯1,Û0ÍEñÞµÿÅ™œ]…Cë£ 2¬·õ?N;+˜ NäÂ2Y}ÐíEÙ¬Žšþ;?xéK% }ÃK¨Ú—/´jA)D…ÃíOµá•´ÎlÃF÷éîæˆg¸UÒsŠ/ãþH£¿ù5d×oä(:ïÝà(ßÎÙ>á,™à¢)‡ñ$J£ID˜Lroí‡X]¸ƒì-Ù9Ðñ}>k¡üëO-¥ÂÕb}ái2’YŠ« EÓ ¿t— ~ þW­ªêendstream +endobj +1284 0 obj<>/XObject<<>>>>/Annots 755 0 R>>endobj +1285 0 obj<>stream +xWMoÛ8½ûW °—°Ûqm§@Qä£ÙöÐ6[Èm´DÛÜH¢BRuýï÷ IÙ²’]A‚XrfÞ¼y3~êhˆŸÍÆt1¥´è “!žðŸÿùúgot1O&ôz6O†TÐxò:™ÇO9-Øž^Oçɘ&óþã×HZû£Ëi2}éÅ|„K:®—½ó»Ki¹FLÓÙœ–™OÒ³›­¨œ44ºHèƒÞ‘Ót•:–]‹ô±®èVB•¯–ÿô†4OpüìF—Îè<ÇAUÂò¾62ßÓB+A‡—Yë(Ç0š…$†kàt”н‘F>ÕÊ*'é«™*7ìíünB£Q<2ž!e¹–k öº¦A¨²–ÆŸáPÜVYJCN}ªr)¬¤B¤ºÀ]N¬rI;å¶|áZmjÿ$b¾чR»¿½ah2iS£V2 .¥·=­°ÙÐYÀc€Cƒ_–_NÍ<Ø, Éžâãafç‰/ÃÆèºÌ‚á ¨4¨<¨2Ó;KŸ—ÑqB[YÊŸ¸OPmõ|”ýPËüáxseAŽ¸¥LŸê¸ ll%ˆø3åÑÒV!â­ÄmÆ_ÉþKQHoQ ká#;¼!·¯B™2ÚxLh‰PNߤz`µFU®¤ ¤Α^#G°©ðXZ]»ƒ§>á É_¢!ýÓ*)RF á3Gj©2z­`¡l'gëÀù,àL×už“Ï ž>~œÐžúhƒô‘­\-6§L€ühp±ÕƒT ¥=ËÐéMâ‹«Ož¡ÜüSHš !pî!·ÓôXFàyi¼8ÀÝ„›­6L¹`ö†®Ðùªfÿü`'ÿïgè¡ï¯|5 4 VjQÂÒ÷³k>êÉ]Ëb¥V!,k^ª«=ÇÍZY6‰˜ßÓ­FB^Ê @k¥dô°†÷LG”4²Ž!fšù£ÍE+IÒé$‹&d‡õüÏC·Ÿ´4«tÈQxIèšÜM Ưؓ +*5)¾çd;ªà{­F|ÞT@¯Q甕6ÎÁ•è +ñS¨œe&¡Û «ŒB'_§Ð¡e«G¸œVik™6-eiFxmKÆ’Žèõ l&Рã}.ÕÏks“»|—ì U¢W¡h*ˆA<ŽcN¯×*Uð±Çl©*L ?*hPð”cHkˆKéòwõ(í£Ó¼nÆ]«å±+0äß3“ª“¿x8Ûº€þpÀÑ# ›X2¦òõìý£ƒÈ7C¼êw±¨„Ái´…z¾úÛ&×+‘ÿX(#ç[Å«„G%hÌ0z7Vº7|ëùÝ.›‘= jÁÊÎó«¢·!¶ÆýÛ +Ô$¦›ò-íå"§ž‹·D‹ÓÁ¯ ="'x`”[Êæ¿ o[äi„yAßJéü…?Èn™h"·Ê°g ‘>kì~1ÀGl¸‰+ÊÐD¥n‰;nÛiöG™a²q}L6r§XÀÑ#ð–jÝ,(r¦SÔ·tÿ»`_óSÿ©¹Zó8zaø7í€\¹ +ïB‰^X Þ#‚=²ïlÏ•ùA¬š'[#hFn”WVÆè³t׿,(”ž©ÙËýc”ŒùÈÃÇÏ `o #v´W¨‡Ñ"ƒ¼`ÊiÌ5ÅœŽï ؄໣ã°.–›C`~|Æ V/îöv¼,УU6Ìyî{#}°YJÇß)±‘Ææ%ÂêÌúƒG +XÀ<åNÊt\*Ê}x†µ*‹¥‹ÐQvÑŒ}ZÅ ã“J¶zí:Þoƒ)^:˜Ma3ñ›6ân‹Gì¼`ì舵åý©áÏ?”‰G;;¿›ôËqXÐo~÷ Ek^óbò;_"&³I2›Îñ5²1Ÿr ï—½¿zÿÖLÓendstream +endobj +1286 0 obj<>/XObject<<>>>>>>endobj +1287 0 obj<>stream +xWËnÛH¼û+ØCÀ¢%Y/çø#>ÄÉÂZ ø2"GcrFጬ(_¿U3¤LÓvv±ŒHâL?ª««›?ÒÇ¿L‡r<‘´<è'}ÏúÉPF³)>ñWiY†£“q2zéÁñxôüÆÙüàèòD#™/ád2ÇLà ß—yúvpœ'ƒD>Ù­dV;QòÍV÷Î+Ÿ[#ËÜd’{‡g¥Ê¤ÖøÊ…®>¼›‡å‘ Ñro8…å·§r=—mËnù•n Üœ~>;ÅÊËVVRØT²qºoe¡EmpÁø”ñÙŹ¤+ë´¹}×ñûB°­*IÄ&ªDN—ž¥d‰i³,gÑËýÆIZ錥V…C<,kÒñÍÈ×€–²Ûw$í>‹èP”»gɵ^WöA mµ w<@÷€2ùÃD¾k,m~F#¤ì5zó´~@~*26’!¥+eî´0…&ÖCØÄךÀ vftUí*ÔpÏkøæ…nòmøê}…¾5_Äô$ÁÍIa{üÅTKåX¦Ô®w¸k*Ãì}¦RðºNá0r­Üø*ŠÝ“Ö tæ¹#`B$Ká 6õŽGûÒŒ9G'ܨr¡‚&È: ­y…èü·B”LXáo9ÚµrT²a2ÚàYS÷ ¼Ó1#A4ªaº»ú|}õG–Ò›C ÝëPE×ï7_îȳ{`7ÂÙXjÝÖÜ"<Á"˜(úÂáúæï;dŠ¡RAV&P8j2Ýò1A.hÛScQ#8¬aðÉ+mXÒ`j•Cú"îÙs­Ï¨´.DÞX wD?!;j°¥}¥óJ()ꌾïøH"¦ÌG- + õ¹uºQ®§CÁß[œ­k¨5”ó’²ÅXÎy–à±8ÏæÉ›$Kè/»§ÂÒ @ÛZç*W&´UÞïC×üîyW¬äÛèó´9ŠÎž×A?@³›@•ÔÊT.DÎ}ņQVÊ!ðNIJ1>Ô ÝUp$!m=Vè#ì{ê Á™G ¥uÅ #ðØ°Oy2Å£ Ž”‹CØØ·w§-q°Óf÷‚8Ó±e`#Ñ £æÕ8¤=[Š_ Mz’¦&`HA¤–Y üoø͉ï;ý j6ÁÿI:PÓù€¾"d h6¹ëÛ€Vµ"£Ôn¯Ý3ͤ[· ï½ê…¬g8·Ê|䈡.m"Ò-Fv,ˆL/Øá ÂÇÃ.èZŒ³ïMž 7Ê•9ék1÷~lèà”ñ­u!‰ßtð\—â40Š9!„Êsn½–uñzDŽ®%(ÊV°]@ÃBw¨‰´C̵où$ut‡õ¸Ý²%¶ðzN³¥ìÕó8tëìO,7ÌRÞ5ÐXÉžÄéÁ|ºšaýþŸZ¬Éj¹Æ*‡ûz-¨7“¯“ÿ´Ðõ8endstream +endobj +1290 0 obj<>/XObject<<>>>>/Annots 768 0 R>>endobj +1291 0 obj<>stream +x¥XÛrÛF}×Wté%T ¼ˆÔVíƒÖŠU9±b1ñ>ðe ɉ 2ˆæßçt@@”ì¥RQ šKßNŸÓã?.b㿘šÞP’_Œ£1þÂ?bþñ釋ÛE4§ùdM(§I–º(Fbëu3» h_Uå?®¯‡Cd±9KUY·»~½_û¯ß' ,F‹hÉl#ëÉÍ‚xYµ•4™*tu +çHO!_ç•)å`„Ã>Q¥Ž›_Ÿ²þÿ¹8š,£ø¶KÕ϶Òš×× +íI¦>~÷I†âc½ÉŒGî^om“4`¶A©íj“ârÚ‘;âéè+Ó]š›Âx@‚C{“ìqè…NÅRét@Aªà­Ý’VŽ›£Îsí† •ñD0ÀÌÐ@`u°¤Ò¶“—DÞÖ.Ì‚É\©töEœÜhÚë¬ÜÖ)'lЇÔj¸ç+Xž=Þ¿1æF?~ü¼úø­åÊþG§nŽô°+Tb,½³u©U-1üoXƒ{ôóŠr³CN™™¤¸}·Îæ¯éJûpÿý݇¿^íª)L‚LÐÙff±”«Bí´0YèÔƒçÌN¾F_5BÚ™‘N¼·:"-*‡îE/ƒa¶fW¿z{M¯ÓZoaòåipØ—®3-÷ v$èâäËpwɺÔEâŽeEÂÀÖ¥žþIGí/¿•?DÛ*XðÄHË4Ž–.„w;ÂçÃW:!wwùì“iȸ—í…Êõ>üt ´îq?í…@Y1à/%{U z•ÉùÏL´­m3µƒž)4ÂFkI]¯Š,c½¥'Ia±ÕÐQD'`ÄPòz¡2HˆWé‹B+ìÐŒÂê¬a%š:Ä“™¦ÚÎ)Sn×Ê Œ¢Î7P2fVWOëL·ÕÞÖ¡úõ•@쬥‘r!W@{–Qfís]zÊk,€JíxºÀ•^ÿQc0,Ìý`^œVn›ø$‚/³ˆ?U{VÀör\Š‰B:"³;´ëz` Ö56<Ìd0ç=w2R@¥©¥Ë˜½`:‡1–@аäžÏl¥n,1Ma¶Z_ á.BåL·a)¨é bˆ&xH¹o·æÍ\±|z¸o¨á“‘¨V}ZTÞqGa¸¨³Š¹ÉÂÄšbbM TCÆXÆa`–y%תÚjŸáqÐ.mƒ yLé€Ù=ELFÕTŠÚK+ÿÝãC3ÑÀ(† ¸“`Êf 7‡g‡ô>†ÉÜ '©›ö€.±WyºAyé­3¬¥Ó/ËäÕ³+Tž%2òËq. +Îà/‚ + ä-±F2ï~{¢ÊiÍ´ ÕnƳ 4|:b&Mîë²´® +´x†—àéF%Ï8]t´‹ši|ÒvÝhÄò1âáÛÏ8 :ß_¥›·ÛñÜràÐ "¶y‰§—(iëd[–5ŸÃXÁ9”'~Ë2e˜"ÉjžŠ‘í¯›ÿ†»ª®, dKÖ‚a€Æz :î½M È©,gHûyÊXÇE÷ƒ ½š4îå|zkHqð€ÌLuìÔCô¯2(8ðô˜Äæ-mÝŽÏ=° chy(²&’^{‘®>QðkQ™¼lâ!^žˆä2¼”iòäॸ „!Ÿ!˦ú°Ž§Ž¨Êú ôßüƒÂl1‹7Ëð\Þ²ñïW¿\ü ßb‹®endstream +endobj +1292 0 obj<>/XObject<<>>>>/Annots 777 0 R>>endobj +1293 0 obj<>stream +x•X]sÚF}÷¯¸™1™1ܧR§nm×5xÒÎð²H l,iUíÊ„ßsw%ÄIÚ8`ÄîÞÏsϽëÎzÔÅOF!õ‡¥gÝ ‹oø­ÇoOÏÂ^ôér8 +BJ©ßWÕSB3ÞO—ƒÖã>‡x’Vgá°‹cƒË0ð±ñ þ‰ ºƒ`¸_ŒûÁ¸±ÊBƒw í]]ASØe-)…£1„û§Ú–¾“t|ê—ùYçf@½ÍWðv8ÑÞ¹ +e­v{«ì¦Ä"7"õ‹µ%-Šµ4”iKy¡_U,‚:º›NÉ”y® [YÓëÃmXSÈ•, +³~•9…v£ 5\8ˆUY””±ü‰¥ ½{§&”J‘Ò+äÊJ¾ªlM¥‘‰(Òef!}¥‹Ô…„V…NIdôIe±ÞDȘDV½JšªBFV;ÂéWY¸øun¢*íQ0fŒÁöE8Uá©#àÛµsGV剈بŽ´Q'Ælãÿ%ºŽƒÞÕÁe¬‘‘ÎbRV¦ÁŸ%’ +wÓ?Üþå xkT hâ›R- +ı™ "=¦‘$[G´ÆÓÖ“œ‹3d¬0°—o:Ãâz>Ìü}ÕÖ g@(9‰Ý@Ô0dÑ’Á:`"Z¼¯®±=¹‡Ǩ٥ŽìÃõõs¦mt8np\ðÿQ¨Uµþê^s›8 ÿ>éÜò9±oÅôçâΈ«(Ø ul×Þí T"DC ï:I»+ó:E,ó[Îaú€ŒAK•ùëÙaΈ¹â`5F)¼û!ÛÙäñy¢Ô;ðÆõæU w +ô•Å<ü\“ŸwÈz‚)ºJÏZÚ|›‰tyû‚¤ 0%¾GÂm® F³¿žèö,„à"«”ºJL€«sÝøÊŽZ±Ê`M’€S8<«2ÃmKg<1FÀÈ&»*É D¾`ªÌÏþ<ûoFäendstream +endobj +1294 0 obj<>/XObject<<>>>>/Annots 780 0 R>>endobj +1295 0 obj<>stream +xVMoÛ8½ûW C –-ÙñÇ1i7EÝ´Ûxo”DÛìJ¢"Ruüï÷(ɲmÄLòÍÌ›7Ãyø4ÁŸO‹€¦sŠÒÁÄë?óæ4[.ðà¿´ålå/Ÿ¿¾}Lç¼>÷f”ÒÝÌ[¹ç„ž§·”æ+ozZyXÆ+ò´ÞÂð|éÓ:®`'´Ž†0|çÑmÕ®,T¶£g‘†‚ÊîéÏ÷_oÖßÀÌŒ¦¸ºŽÝIߣ/¹Ìx#E5ˆ°JgîØ ‘ÕÇ8ךT%e,É”y® K[]ÝãíÞG‘.3K:ü.#‹½$²“…XøUG2²ø!‹[ÚªÂXXÎŒÁF'4ò§^ÀÆ*DÏD{™ +ìL$YM&y|mν¥ÙsŽsJÇ™o ZÛ+·zW¯)Êß•±´ÑXƒ‘$ùØ™¿å¢†|’¯ö¶%„I8·~Á9ÊЂúG8>sÑ;àÑúËØl…Ê Ùƒ&am¡ÂÒJÃç;lö*ÚS,\Le®3Ò𸠿ÆÙ¸.U|}"epl«2sB{þFÚ`¥æ¯ç2’¿“×ëX™<Ç'‘ÊËvÞ¡† ž]. £³ &Y'= 6Ò[6n$¥%DÊ&Sq™PBÃׯç¯UÛªÛ̉íêŠzR:K+Òø® ±³›Ú #8ÓèÔò¥DÝÄ9 ¢Lì榉`â-YÛMMÒéÓ3_Ѹ]#tÜȤŒa†ë¹[Ë¿mª§ –â/º{)ß¿Õí%oC/³H§©Dã²{PžÀ0©-uIÁ¿¢ïÔíŽUòíñC0,«§ÏÏ››:=¢Ø~ZÞÍI¦LGÊexø0æø±Û†«Þý­••á¼æ¬Ù½°•¿):w2:eÅÇ*’†PíÕ»+ J5 +¢4r[&É©ÐÍ-"ÿUµ°ÕI¢¸RšÀê¶,_Eš'ò¶b%‡hÐMÐÐEJî6÷ö:ˆa ¶l†ÜrmŒ +“#?¨×æâÀJÏ\µü©Ð0" d’ln.×}®#FÊ*ÀZ}HL·¦Úûwo'Ø“¯õ]V9ò’/õ¦Nå4ÚÈÃwÒ"òü‰t3|§NíõT§”Òܶ¨M‰p[¨—Ç l(òC¡â‹ÀXë·˜O»BçÎX‹\ ý´Vž.¥ãÄ^'#(™B!¥µdÚk¸IUЫ+G)x*Ó·ZGOÁ»m»ŸÛe¨/£¥’-þSsäŒV£U;ñhåæ¢à™Šc9¯E7¡!´¥B¹(p«YÜPĤŠB%"Ä虆ÕÅŽò€ì« ÍaÍ<2ñ¯#> ¢sƒC´"&ºš¾âêxÃn]˜è¹BïªgÀªHzCh±ã©uTÍ ˆ• ‘1IÔŽ«Õì?Fµc£…‡¹g<ÜóE=,ëUºô–«)×ÀÝiÏ÷=ÜÓ×BWCàG•Ü[Û¹räÏ1(/§4ZæO ±³ÅÌ[̗΋•Ï.ÿ±ü=øROm¨endstream +endobj +1296 0 obj<>/XObject<<>>>>/Annots 793 0 R>>endobj +1297 0 obj<>stream +x½WmsâF þίЄiCfÀ` :“Üär/sIÓƒo¥{ Nl¯»»>Ž_Ik›—r7mgzÉ„°Þ•ôHz$­ÿlù0À_&Cf­7À'ôáÓÇçw­Qà ˜Òg·coV-RX´Ž–LÇ^p´çä&CoÚÈñâ WíMo½!ÍÞÑ2ƒÙ”ì5{Nçí ÕXxqÐYíMGÞ‚fÏÉ|XËñâ WíMfžA³çäF#XËñâ WíMnÉ^³çû§AÀÎûŸ´òŠ$1¼0ÄCO'ôÿ´„¸õfy½þÃ|–1e(˜N`q‚° ;i$ +0R‘úfùr$Í)dé°’îM¼)¥{uVÃ`§ç9Û'ÖøxÏ'ßQ„ ‰(KrˆòSÑÿÅ”)ã8ùú ÅIjHð +¥íñçÿÞpêù3è ‰Ç˜“åV ©Iêd-#ÀüØ­<µSç¶&[{¡ÊãUçvusz¨Îb2‘C!6¨9À(Ø%i +¹²°–HÓB +‹v¶RKÞ«DêuA€Y‘:Ãশe$¸ÒP"â]b·¨>ÝÏŸ!J´ ­Ò{U™F +´ A‚×ÀŒ¨?@¯ÇÎëvú¥ÑýT…"í£Ùµè§Éº_Ûb·Âkƒôû&Uk‘þqöèÇÈ°Ô‰ÝÃártä#2õ¾°cvJGÏî%ƒ#L>v"4ÂGsi׉2‹Lâ©å|ñ~ùöݯ— £¦×VeçžæŸŸ>Ì«S' +ÛÀU§eÊ!/„FÍHÖ‹ÖÛH‚8É%¥îŸÀ*ë­ÌaäQ’oèíBî:G­¯{Ó¤Wã6çÎnCªñ“è`0kŽquè=€Ï-hHÕÏ‚Ù†¬4Ì##ñ߬k”çøFÐÛq_ê? ]Þ;˜"-m±£ø4lè\“+l¿aûßL‘Æb«Î¥uÏFk&$ÂýsD®NÚÛ|iÙ$ù,,áVäiº(ˆ¨yQU‰Ä€ 4®ôÑ»”ü[H€«0¿[áQäXwº«Ê»B*,§nÞ1Ãé‹Ò›«Ë4SÈ0‰÷ì W•Kìµ­2– ¹ê ?D™ZC©xh«êgÁc„Nâ[±ö…‡.#¸?po±øª°‰ÊaGäÃ~“c…_âߥè´aÕ¹Vq|ÝE^X¡-ØÔà{ǵʯq·òcuó=ð&EäüeÐGCÍ™âBí©bKGcÈ“Æ*G/ÀIL¾]ÆïÈdʯ¾ƒ’­ÞÁh:» ð8­k"òY]ì”á–#{\Ö—`¹”òP%Êý[†md.µHSG±*®=9TPØš¨7¨×KªfVC«ÎÏ«N™Dw?•˜ÊŽZ¿ K«ÖQ~â@È‘¡«¦}ÿa>Þ~xŒxâ*ð :hx^½£®jh†a%e2ç>t¡Ô³'®gÏ 7}s†ð NR'ˆE¼Õ%—¿2G »°W%˜-­LET~ôD~M ‘½ŽAuâ«îhÁ•a•J™J‘©ˆ'†„µ8ÏK+MÝBê¡ÿ((ãò°y´R?Ñvû…Zpš¼Ê3÷¦yb±s”Å™ Xä þ«:¿År  Gàp‰c¼äXNZJP1 q1Q2…å/DZÒ;3Dìty¤¶W¤"É_÷Bj à êÒN"ÏMËü¶yãÁGŒÁ™Qº%›)€NjxZ,˜OÏóG&ˆ¦ŠôGÊš’ +¡[÷‰¾´aŸÊ‹oVÔîXË3Ý{V7ç9üÂ>ŽvIu=ô†Þˆ&ŠtNñÌÞX™QaQ ˆ»Q¡LòµrßÃ9{™¤ÛšÝ +[©ÎÄëy\KC·:ÌÙaåcV{ð€6W;ƒÁ@Õ¹‚§eïj £ânY²³¸ò5­ÂZE¢ÿ0­ÞIüߦ#|­Á[^ÔYÌßÌáY+jp¯Â’*˜#IZ{õñÞdÈï1ÿ´þÇ“±7 ¦îåg6$]o—­ßZ?ÖLeendstream +endobj +1298 0 obj<>/XObject<<>>>>/Annots 796 0 R>>endobj +1299 0 obj<>stream +x½X]“Ó6}ß_qgû:‰ÉÇ’d™Ù‡íRÚÎ, %a ÓôA±åD`KA’òï{®dçÃ@‡N;»$‘¬ûuÎ=Wùx1 >þh2¤Ñ˜Òò¢Ÿôi<½N®èj:Áë!~¬¤œ°• ø×ë_ÂÖ'£A2¦’Æ×Ʉ⛂f'oKô¯’éÉ"›õù𖉟æŸ_Ó`Bó^ÇOðÜ< Vû4O;ƒ«d’ÐL¦•U~OBgäD¹·ij*íÍßã€+ â½áÎͳÎ|-ƒÀßRåÆX/´§QÚ;ò!–²\JK»µÔ”)—VÎ)½"¿–äƒ&?³GR{«¤#¥y›ïSo0J†l4SV¦ÞØ}ý×~!Ͻá Æž¹•öÜí|áS·p¶‹ò•pnglFÆ’ö‡wÂcײò’¶¢¨à„ÁQH UZêÔî7^ftÿìöÜG(F×n¤µ½I2åêËÅp<¡s'Ãâ!”/º)ŠÂìHÝY‰ TNÚË­’»çû7¹ÖÔµ7œ&ƒëcQ\'iÓdi->ÅN ),yùÉ“üX)ä Ã`“"QKÉ>g\~@Î-NÎ:ÇB;åצò”I«¶5Z56V­”˜r¨‹^¹„ž£`¥è”Î-…GÿØ@&½PŠ–Óý‹Çó¶ÿ]  ‡ð ÛƒÕsþÙjw(ÐÏw¯ÿx5ÿíå¥kÒP)^á‘dû3¦Mï×—oç/{w¦(€Ô"8¶ç<#Û‡gre?’A9WÉnX¹,2±!çŠKrå2IÎ¥„'ˆ5UÑð …`.j§Ai ÐVnÉ'5`;ºAãZƒ‰ÎâjÖðµ6z[ÏA¹Àk8æ"­y}`(‚²`OBo™ýñ xør#53¨å·Äø@—”'å` [ÀŽaè„œ4ÿϼ°~~?‹\¥Î:ÀEDÄæA›B¤2àg ýB<©±‘ÍT8d}oªq€ÍèU±-ËTV¬" ÑÁDph ÷ýëSšçŸå4ðò&ðCø!§fFk¼IMÁyÈä=$ʸ%æb Ô€ãÍÛ²ñy"úÕì¸v[ùf¼6¥ B-­°{r^ߪ twÕ&TD ¾™¬%àomk´íÐÂQ÷Ô”e¥œd6.¥ßI”<-·†–á /®‰9|™†¨Q‡{ÎE.|°Å±Ç©P.Fkçã(·¦¤µöœk71^oùÄÉ8à6¡9×·nf™Ñ|pƒî´6;~w{wÏõˆå…~yì¸Bl²ÀÕ¸pàÒÓfãu#£WQ­~øbÓg'"çcëÏô%‰4…Ît ’è=q)÷ì’,ÜAûAÑ;q3çˆeÌÝU®{”¸&òúâ?K ]ß\¦ú&t0ºeééšêf#ͦÝ,½‘”~oÂkcW—´Ã°Ðv 9ìG.NX<GsO?HÌ +þu!÷0œÏ#>哈\•®ÁohÑáƺxÔ¥·‹†æ."˜?y·èhôäfN”Ÿ6**0/r«¶ÀÌd3[<úoÙ(ÌÊè9jËsl­õ„0´.2,ƒ~Wžgqû9…Ú#zŒó-æùw5ùA¥¾·MÐìN軵Ыï—[}Q9ÿ­®M)ŸáæñyœŽÅ(ç‹g˜xÒsㆢîÖ +tÀ‹39oxópØ{ôúú¹@¸püÙõ„Qܲ²ÓsKÄϦãõØÊ7º|÷2.ÙïXÏØjíP­hñ°èTB¯ë» ýwb–Ÿ» ܉Ö/áws‹¨í5÷‹Eç fþSú3oÐâö]ë‹nôæD¦õD4M“éõß; ã ~vûâ§[ze ‹5=3iU6’<Œñ%ÆtD½É0ô¾ž¸šà+Œñ4Þ»¯G|ÌÏó‹ß/þ[1X…endstream +endobj +1300 0 obj<>/XObject<<>>>>/Annots 799 0 R>>endobj +1301 0 obj<>stream +xµXmOÛHþί!U—Jĵ÷H|I(Håè•Tíér6ö&18Þœ×nàßß3»v^LÚ½€ÆÞ™}æ™gÆüuâ‘‹o:>5Ú¬N\ÇÅþðøãÓ{¾CÍnŸ+òܦÓ)þŠéÎ<ó{ §‰{¬ðñ“JšŸ\LNÞ]†G“9[nw;4 a—&AMi´Î>Šlùvr¥Íbi­O“¥¤ÝcZ§j-Óì‰ôZÑ<’š2¬Xc+©¹¹ÎµLÑ«…JŠ­gä oFøŸ‘JÙ‹Ku¯áøˆ£æ\ &4béXwY% +DB3IIÇö¾qi)YôMR¦ŒÃDf…³¥Ha㓜˴|xºÇiÅñZ¤b%3¬ŽcJ¯fN ’ù´Öš¾¥"X‹T)­ Œ\®à]%Ž…*( ªwœ®G~àãDS¿Ý!» „Ý<¯7zN›G>ðQÈwÐ + lqÎØb+c0¾‰8—%V EÚxFIDLb¦UœgòÙé³%gë>ÿ:4®ŽƒÇÀŸâùëÀªxûÏ CŽ®ÔÊæS—x0ŠRd*}z Yy…Ûœhæ3CmHW9„E¶„ÛRózNÆmÊ”DF´ÌH$á^… +ÍÃXfàÚ™]¾õ©—*C¦ºÉ{¬ïƒ¿ÇÿU®3»´ß¨ôa›»²þ˜¡4ÅÎðM¦øÍe1nOy”9•ƒòÑ +çùõœøi•õñÝjùN— ˆ3ôÇ×™©Fÿ€ -.í"gE¡äi*“,~¢<‰ðhCPÂ¥j¥QøÌ+s'J2¹€ßT®S©áÌXf§(â­†E!V°¦4­}ºMßþ‹Öi´éÓûTåëëÑÑè~ภ±°B 6SÞ4a-J^¬²wÔý®ãõ¨^J"7’•¸Wi„îa[…æÆQˆŠ&”T™A^h³” ݉ÕLpM!“Ü®èãhÈûQTj% ÛÓZº'øb¥k¦ 4Õm³16ë0R¿ºý2¹=\ovb}ÍH~(3ÅQ¡d7ÜQ¸7D‹‘ÚÐl@uÙx†*ÉRÇ(½·Ç4dŽgjÃÇ™«â›A­gPç=4ä‹1ˆÐU™RšqÊ“ŒÀh[d›­aµÝ™¨¤ʹÈãÌvÝçáÝosp /K£m[%çw“Àk¨phÃ4ä]ãû'alõö5Q!$ø?ÂïÐå³QG>ŠÕ:–èÍZçh=“ÁÝÕdüþ–– R’Í$x¿¥Y¸£<·”l)2{äV9¡s–écçFöß|˜NßävYYŒ5ÚÍ·ö +\‰° %eº2­ÔÊI¨jÇŽi_¸:…i“”`„ +ét&ƒ‡§S†B;šÙ=3$¶–ü2p;—qÜU…`GÕ€åã ÀŒs+±›No‡Ð‰MµØa—Z’‘Æ‹!ÏPŒÓ< +Ï™3•Ÿ¯¥â$…Á¹©<¾Péâ”ϱ¹pa]©DŸ=³%ÉbUV4 +U(Ô,``H*Ž9`ÛšŠñùÅ0m¥“Òhf‘Éu,ŒÁV¡6¹‘Õ ”33üí´žm²*mÇ…Rpì¤owÀ£FædLÁ&M˜–Ùz©AÓštŽÉÔÍíÅïE–¶ý­G^Bæ,ͦš½¦ÓshlK„>Œ®/i ±ã— ÌÄZœJ‚Ê߱£õ1ì4–óA<'q¤ÆäVU£$ˆsQ¾ìqk¥£ÇRfÕìcd£PŽò T¯Ø/“>1q¹Ô™YzŸ:HC”Ü+C#°§„×µóK‚×-­Xاn§;êº^³í¶‡£ßkw:ƒfs|9ð­Æå°SÙºÞ„7˜‡|!ûä{ÍN³Ûh7Ÿ­;˜úäù®W1¯vQ´Z~Ïõ݆w1{ð>5.šÖEËkºÍñ¸²Q|:»“,»øîô<¿YYdŠ|­¦[ydñ|Ÿ%–eª +øöÉ\±ðj>·æ¿‹‚‚ì2 ݧ?>¥òëÏŠ1Žô§¶0òá°=×mWvŒ¡HÊŒ˜£î¦Qæ¦yé{ÎÌÄRÒ¶tæ8øžÎPR¦–?w€ïQT¾€¤HÍëÇÏXúî²[ˆ´×Æ¿º j÷<ß n.ô1U\wt°b¼e<êåòzÇ7Sá«ëDv:í.4Þz†LãÉÉo'Íâ) endstream +endobj +1302 0 obj<>/XObject<<>>>>/Annots 802 0 R>>endobj +1303 0 obj<>stream +x…TKoÓ@¾çW̱âì+~äDž‰ÒÒ6öÆqj{Íz­ÿY'¡Âê•-¯æ›÷|óu@à¡0à>$å€x„Ï<Dà?Ã×(Ø:B݇ºÏýõ€qâ (ñ”ÀIä…§[ëÎG¢ohF+Ä[tí‡ø“v† ÄÉU¡3]Åy©&@^Äû!:s•æM]ÈÃ[é„×ÊÈ"…¹4V™°(ïdÓ2*r_=Pöý+Š‡>/XObject<<>>>>>>endobj +1305 0 obj<>stream +x•U]oÛF|ׯX •Š&©OèƒcÙµ‘4N%Eʼn<’W‘wÌ‘”àßÙ#)EŽR´°ÙäÞîìÌìÞ—A@>~š‡4žQT |ϧÉ<ð¦4YÌñwˆ•”¸ãÙÄ /½ >w~âÍzpýpC¡OëEfó­cBO¢á]&ÊZZ +¦}ª”N©ÅVЙªÎè6ªÕ^.••QmìËÕúïO£p‚,ê)Kck~vý0¡ hkŒÂâý:SáWÐçûÕŸ´zþôë#¥Š%Õ†*Y×\°)©Î$EµR×´¾7{Yl*ôý`sE¥•#‘—™ ½´•2šLB{˜¢`ÜÖt wÒâ¼Aå©u­"Qó9‘ +¥«€þP:6‡ +|z»¼óh ¥5‘Œ++ÊUU˘2 Ú>¹ÚÉü…aG™Ð)V¯ +» Z‹å^榬¼ž«™çØú d„Ì/¦!-‘{+ƒÌüÿV¦JÿÌñ7‡àwî-ð P™ ¤YЧfž?›:)z:ÈXÊT +àß1ÄßžÖt¤§ƒZ0ï¹ÚZan†ʃæJä9%ÖN#±…4T™Ær'¨ÔT`‚JíD*7W-™TE,rng¯ôÊœ +’jSÓÁØÝe˜Ï¥Ôï–·z6Ï!º3lë`Ζu¬§=k°sàÑS‹ŸMÆ­[ù¥ãoE€–r«„f°çž{3&öYw'á`‚žN›˜<7.ÒñP]Výïìv:é3Nò¹ Ó¶8þµ±ð?6¶’ñ£¸0œ§ÆÚpƒ-¤Ð­9«Ì49¬/ µ€/¤¨êË9Ô¬!lâæk3dFwJ«zsu¹I°Àã¸\i„¦nÏ|/Ü9ñ[ 6O ÏcdŠR!AÚš³µd›¤wÃi†&?Ž•ƒñX4 Ö±°ñ™¿¤Þ+k4{­weØ ï{Scieà§ÙôÀÀ>æáíB¡;~"Ôpˆ ñÒÎ<ª§Òå(°Äº[†¯¼ŒOÚ…=ºsÊvá}צO ÷ýæ;MCe€WŽxsÓíDô£1E»rT9Š"£•b’)™º^ÏnÑŽF¼jGì_–O«×„Ý&|­°\¶Ñ«ÏUˆØ笎M¥£¼‰åuàeYó’fw¸=Œp6¨sàõƒO7ý%Ó±ôC,„Òãíçû¿Þ®ÞL)è‘ú_vó·T\Äù¸»a‹ª¦ØÈJÿèTúy¬b'9ª9UA6zÿjoÂÒNƒ<åé±GïŒÙ±]¹Á:2ÔrÛ +º8Ýc¬tÞjñÿ¾šÁêñ:žÌ'Þ|¶À…D73®r¿ü>ølN•6endstream +endobj +1306 0 obj<>/XObject<<>>>>>>endobj +1307 0 obj<>stream +xVkoÛ6ýž_q‘/K‹X~į0·q±¢M›Ù.†bÙJb,Ö©’T\cØß¹¤œ¤N:4AŒÈ"ïóœsï×£>õðۧɀÎÆ”UG½¤G£^ŸÃéŸüYI·áE:LÆϽ8'ƒÃï_­Žºo†ÔïÓê>ÆÓ ­r‚ý^VÙ‰i{Õ†Ùï%S“H䎜´wÒâÂÎ46ÙH›Jk\¿~rÃɬ±Êïp~v¹|òZêÌîjOµpnk,Ìît1Ú‡’¢RÀÒ[•ùrG®–bƒdO9Ê„&S©Xˆ˜ŽU¬äþ}(˜¦·×È!·Ò9T̆Ê=ä”Ð[¯P×L8¹õ gß¡[…®ˆÆ›N.½Ì‚K'ûÉmÊ ½ÔÆ¿$-eN‚;’d ”ò”Dé Ó¬ À¶Fÿâù†Ð;*„­"nCv…¸“d´ä`u‹ˆFz¢Hoè–¡“ŠlÃÚØJ”÷FûÚ†pþ¦ÌÑʬTR{‡ôI~«cV(ÃJ¤Þ­üÚ(‹4öÈbÿõÉ +¡×’œ1hG¤[Iké)•ÞÇȼ‚¥f2oìàôrm#5”¯ûæœú 3¨sÖ¢³?J† -¥oê7êJŸu76T?…ɬ„¢JiÅ™3üÕº‰®B×ïï“rÿC +?@¹¿÷éÞsžc àûÏ3'ÙÒ&Ï~–4Dÿ>M-&&Áw&^›¥;à†i/茘>-狳«ùoÂÇJU` ¹LìI‡2 ?™¬½Ì÷Á·¨‡y†ÁŸJXÍÞ]¾>Äú‡«ù­p(2/ÈS*©©ki™G‡˜¢t& +™Ô߸ÌD€5¨ TîòÃ’Jc6@ÅÁ<â° ±!.šÁèi8Áì?H$dí dº7Ü­Dí˜'!n©àÀ³ÑŒô©2Ž‚˜À;GèæDÉ$<Æùðv‹‹ zQ ¥| ïEVÈüæsh ø/­þï$í9QÒÁº¶ ¡¾‡ÕäÂc(ÆÅV [†Ú’¢Å€1iµ.<÷ï!€¨o`ÇïpÁƒ(DÍ@úq‰qù 3…ÛúQ• !Q´ò hÌÿGîaYI òÅ/ÚÒd ©´ÖØã(8„P¿Ú! gs‡/V:>¿:¤·G€z]‹ï Œ +Ç–bÜ·Q59oE( œ9/k¡‹[HÿÆ3ía  S ®à7íú‘´zÄ|DÏÿ&Jefí¹Ô׊Π·K¦G$;Ø êò6À³ š]ðsƒÉf.’jeYØT!UTuOzÎ,”6"úx–³`r= ÏÇAhmÌ¡ d…Q™¼y‘0åâ§î·p- 䯔sP÷½Ÿ8@k«î8ã‡Aps–TÙãÁÛèV•GíNu ãåã~ X&ÌlRqvôãfƒÙ1Jú ]„Á“1`¬]-Æ÷ÛÊÊã8®¸  ¡¼‹U¼®a€cb4:?þ¾Ø ;ýV"£ê)-Tyºt°Ël°Âñt£Åõ×`!óßÑ!·Î*‡öã­nãlw nªô)ÆèÃ^mا9mÃîŸaožaÕä5•·“ÙÕ«][ó…Ç÷¥Éš +¬þ9òNŒ:“vÒüä'ëp2L&ã)Æ1ΟOØÌ|uôÇÑÖó…’endstream +endobj +1308 0 obj<>/XObject<<>>>>>>endobj +1309 0 obj<>stream +x…UaÚFýίåK¹*¸s6ù݉ԗ¦:ªªÒiYñ{×Ù]‡Þ¿ÏÛµ¹‰T`ðÌ›7ïÍ,_')ÍñL©XP–“l'ódNy–'9-W®xY¦*Þ¸]®’ÅÏn,‹ q?ÉÈŠ4Y^߸ßL~û¸¤4¥MÊæ«‚6%¡ô|N9õ5S'|M½öª¡ÓScö¤4‰½Àûvj,™Žñ4ɳm•ÍöæfóÐù=ö,Í@ySNßÜ­ŸÈõ]g¬'mdŸi¡™K¥÷ä ´9‚`'œ;[&ô{õ”£J¨Æ!5Ù^_3=4 +*x%ìÝÜÖªŒ#¶G?bŒ¢ +Æphë=­ ;R×Ôj÷á*kiŽ/“©hýáiöpÿ0{\ßÒû¡âÉ$tvfQ1Xú‹Z¸v7(~IóÒ¢èç0˜£«°'èa±¸ˆ&FÿÆ´ócVïBÝ×’qÎNfÄÑ:sá/8}é`}/š·´ë=¹Ž¥ªÀ‚ÍØL¯L¤!kcwÂ$Ñ‹`„WÓ{)Ì*¡OÆó•]g:„‘Šk)k¡÷°¡ÄŸ­ðhö4"$>/XObject<<>>>>>>endobj +1311 0 obj<>stream +xWMSãF½ó+º¸UF؆`vo°›­â°fS8•CH¥FÒÈš¬4£ÌHxýïóºGFì&) +0h¦?^¿~ÝúûhAs|-hµ¤ËkÊê£y2§«›ëä?Wø¼Ä·×TȃÅ|•ÜLÜmŽ.>½£åœ6l]¯nh“ìÌñŸìôC©šV{Z\'t_7Þ=ëœRïvÁØ-KAÕ©:Ûü%V«håüò*YÂÎ)®-zxÖþÙè¹b¼¯\ÑbÑ_Y®5®<~¾#«Ûó_Ù»4¹¤¨ÖY©¬ 5¥{Ú•&+)«Œ¶m LYRY¦Ÿ«LhÙU­²ÒX\E˜j°9#‰vNç‹Ëcp癪*äu,‰i1pœÐ¦4!Ëœm•±áÅd[ª– õZå{jÀ©0•&eó 纱-Αə¶Ôž3?p?F¹3-Â%bå:„ßRî`Àº©dU—ë—@"ˆÄž´”uÚjO*Eˆ*w"kUø’‰ó œ$MH¸ÔêÙÀB¸Ò°TUÄ5é¡N胳…Ùv^µÆYÆ™ŸŽ”(U TkË…C 5NeT¸iÖÁÕš™;ìȇüÚ !3æ¹Ëºy Ñ.¯“+¦ÆÝÀ»APë‡ 1KÈdÌy\ÕIT…w5­u{wÿð(þû/¤òÇÐ!-:›ñ¥ 4™–°Lè× 9OE¿Ý¯<*³-Ž¹ñæ +ƒ_Àõ \‚yb‚?5q<†˜D(Ú æj×jxß24C9„U)“sôÀXüÙî ²x®ê$„å6aØR=ñÙwY,¸Ý“c¢¢á8à'ðJ]X5û]*„~_&4Ö)tMã<³öP'¾×ôÂëvTt í/‚J}ɹzªŠð„áH$©­ÓœÛŽ ¬ªàˆ;Ö;éjpØ5Œ Á$o®S¨ÓÇ‹Ø»O§A¿üïéô§§³§³)#q£è@DtDdè¥ZM Ò0G·ÞuÈUj*Óîå¹è'WqÀ*w5W³r[D< —3 ™7 $™2^êY™Š»=¡Gþñáóíý:i¿µb½v¨C€ ¯üKf £ÊúôúK}bR•· ö’i#„ƒtI¯f(…{YšqwN2«ÞÂÇåâv‚nÔð¡ÙÆDÈç}41²Ãî6|fe®¢5 ¥ÞOÜ× +Õ0Ìî@˦g¬¼øüª¿Y÷S´G$´”tï:?z„š½Š)Âkîb÷(”®«riÊ Û^‘u~ û”Ob…WhÌ(Ê|œ}½¡B¬÷ +hLÆ·°Îˆ#ª;žžM¨1¶©TÀÎY=Ðf€GF‚Ï&¨z½U>¯x*CDv¥Fœ¾u½™õÙr“Œ’#º…ï\ +ý2À EêGëáß_ ]à>žÜã<· Ò±b>£´C©¥ÚÊjòÆ»PæÕY°Žù†èP+Î PI¿‹4jûl¼³,ýQN &n‘[n̮ǹË%fŽ2eFG'áÕhËT%Êè ýõfeâ˜Î#I^ûOŸL#NI.òQ¶#‡ü1-éÆÑí1LÖKýœÕqîúÎŽ»Ð©*VUôg83d~>/XObject<<>>>>>>endobj +1313 0 obj<>stream +x­WÛnÛF}÷W Œ•Ie[²óRøÄq][m^+r)mLrîR‚|Î I™bâ¦(Ê8/»;3gÎœ}=h„MÇt2¡0= Gt6:Nèô|Šû1þšbù0>ýÁ‡«ÙÁñ‡S +šÅ8kr>¥YD8g4¢YØ»·^“_)O&&ã)²Úe¿zÚØâ™b[ÐÖ–},Ðß‘[Ù2‰Èy“$´Ð¤ ¶[òÛœÑät±Öe*ÅGGs\O·Ý>’ÉŽf_F4N†cøЋM¢S•©%Ö‹ìëÌãQeµ?×f#ãòDmÅPbœ'“Z+“ˆn¥ +통•ñdxÊVž,<ɵÍáhlpg²%ÅØèD¨J'Îo=ǾRë*˜eb*¡Ãe©aL…¡-3ˆ=Ǭh­5ïÃMx:ÕéBbºŒÍÝÃõ/Ú,Ó¡76Ã;|à8œ|®ü'ãØ AOìö ¿*d -áŠxØØ—Ulk_Ÿ0.gq%V°«al´ÔÞ3( ã=r½¨@Î ‹§Œ³·–­-åª@r‘%GƒFH)¾Dnci–.¢Ž?&Cþµ†?Òl…(}aÂgXfpˆ³àrjNŠßh¸Á¨Ù\Àbü¸3Oóž^¾§A4ÆÑÎk±íADãùQ¿c^6¿ZásW‚ëà¾6à†t¯7ò:ä±Uqƒ“Ù ØRPjñ˜g‹¸‹©Äƒ õQtì‚k* +“î)+E ªë“³p§â;!n8`’i˜i騛ÂC‚uRµ¤&Au&…Œ(3 ‹ V½ºÐ˜…©rÏ„ê¾{ ÚNĦ° À¼çršØèn7Ư$ ‡†Ë4æ\6 B$.]H‚çGŒÃñ‡ + 6,;ƒ“Óª”定Taa#W.à”«v½ŠÕ`<…Ò¡ˆ?7† h ÅÙyRéBQ0¼ÓyO%ùJ³ZصžÕ VP¡s©Ì#å5Hd!2"<¸2Ïm!pu²Wè<1¡úÁ çŸ vÏqZ@"UÈ°(´Òˆ”WäuUÁŠ€»rB…+£EhÌN´íúpµLDÚ……Y€+ð=fýá +Šµò%(YæÌ£Èıucû.‡àWaSñNâgD×:¦…¯©šX/êeÒ!8±§hÃSK}kr€Ú¤î·<5ˆò¶÷+l`¹«ÎèfEÑ;ª|µT/mÈßôã¾`)Å,{öˆÓ!½Óö +ÆÆ¡>»w¶ô³ º8ëïîïg]"k•NU¬v÷wF‹‹ ×~~—fÍPè‘r^AüרO©>«7^¢ñ–*é ÂMÖ,K”+ó“þ^œ‰&áŽ" +$ÿª6[WÿCas]x(YŸ iÀ DQAóyVÇnçȦÈ('}LZƲª%­– é#ÔÇOjg¤+N”8ñϳhÜ ®[mäu ¢SÏ`^™LJ1<¦vÍÏ9¿ã dVÏÈÁ'ÃÙØwÂuïóáV+ CȆ()‘)„Zä¹,àLMªj¢«x‘¨%÷'Ô{Ä™p<­¢ÿ+ø<Ø@eãWÓ,Uëƒ@HKì×Dc3*—þJ½%ó IËŽìÝaã“a¨¦€~•nC,K¬£÷UNFtQ'v\÷zúù5ïÝ|ºªÆVÐÑ𜳹·ï>øû²z»«æî¯ë{ÜÞ´^ß6Pýè0ziVRû¶}ßZA/ož5øo×›çí¹SËeðêëÞÝÛ^½ƒWïöÖ¾ù Kßtçå1&Òæñûó»«þ2Ƈ—Çñ?àô¿y´Ðwþt^¼SãËÞ·®úíÉë+9æøÃyýë9˜à'÷ù M.¦õoËËOW—ÉüÂC Ëã—¨.#;h6 ¦cüØŽz?~O'çÃÉÙ3¯ø”ÛÙÁß­¬Ôõendstream +endobj +1314 0 obj<>/XObject<<>>>>>>endobj +1315 0 obj<>stream +x}X]Oã8}çWÜ7@j3ý`;ÌjµR à +íRX`4/H#7q©‡4fl‡.«ýñ{®í¤©)¤´Mìûyî½Çü8ÒCú8¢ñ„òõÁìþàÃÅ€>Ñý/&§øRÐ  tŸõß½(\ï¾ï¼8¾ÿ~0 þpB<¤þç÷vïñQŠð²ûeûˆŸ¦2ç£oS"Ügþ~†5øqŽæšy.|Á¢øú OÏ)•Ú¼ì|>}½œß=óÒ'4†ØõGvîLWVY§ªGÒK“­•t–Ž†=õhüpL¹®*™;YÐâ•ÜF“ѵ“†ÝbÕíkúäVÒJ*4UÚѳ°–F‹"ÖÙŒî¼\6³«_ K¿ÐZä+UIKº"åzÑ¿>i_·/ÆÉ‹Œ¦ÖÖkIKmØZ뵬¾ +G¢,ƒm‰êV©0’]\ªÇÚÀG§i!IU^ºÑæé>?ÃaÖ`Õú¹T¹r +&[ñ$Ž3º +>Ð|øíŒýv•MwtÁ½s½Pv…0IC3£7ŸGJfˆmÌÏuY +'½E*VP‰¤ÙÖßÖÂK€§Dµ²]O¡±APø¢*š`‘FMxz"#aÖ`¡24—nvy}Gâea´[¥š]ŸŒ&Ù §~jmpg' ­lõsd à)`Ô»ºA +!þ|p@Ï¥È%‡]" ŒdF[);"¾[ÄxˆDí!wmöB•&Q/_…É«1õ¥0&õñ©Ò›ŠR碄ÿ>˜­gȈì³0Nåu)€;_CY0“KC@Bñ"*'±‰V˜Uq]c!GcŸ¢®Ÿ¼€D¬t>ÿÞ Î4‘×{¢Nh" JÛÛ¦6Tã›bÓË%`dW°±ŒE•{ øˆGè ð¥ 7^'™^oqnDdtÿ·=Pb‘z™Kõâ‹ Éj5s” z’Itc‡6Eƒ¶¥ÈcÇáh7B8[óDã[†\ü;ÈAôC¢¹‘á—ft¡Mb‚c9h±p -°Ûó+àÃ{aoÂmµ¯Æ¶}HÐQìN0#QÎö§`€‰¡#z~û{ØóÆÆ•ì>Z£U…ä6|(j·ÒF9á•C_ÿ±•Ç.£\bOÌ ¥%"ÜÛ4ÆCÇBæ¢F†EdEV~´½–÷Fb¢|]#™Û€ùÁÑxö³ +dt¹Uí³/èÐÈ‘Å¡GÝ!Ú²Z*±(#­®M.›ˆã½ê Ïж›ÚƒÜP4{kø“ ƒ,0Íi³B Âœ‰•„ÞÓŸÅÈ}I›)Oú¯Pˆ½+_C(.ÐàÚƒ¹ã¬Vºêïf¶ñ§ \EÈÓ³V~„7à‹#¯Ôú‰[Ó3““2T=+鞥W]cr×eÁFñ<ÇÓô¥$y•T«…6+­ RK¿—ÁblDWDˆn+n2k°Ïñl0xYf‡œöG'aÐÝê³åd³0ÂãÈ'ú uÔ9g`£Û-»ÄÏyA²'èn7y*²ýÉscŠi6ü6ó÷3?÷÷ÏQÖh˜yZd¶›SÝùͲÀ_ýeméÆ®”qg“ÖÎÅ;Apý¥`Eäª:+ö¨n!Òt…ÐÌC¯³s”©‡Ü´uŽ¾ÔEn4詨^›.·¦Pœë ÉÄÜ´ás#fd5ÂfÀ“M”Ópo¯„Oƈf®†©ß¤1Ös(:+MöµÊWFWê_t¯SžcetéÀ¸1-}Å€ÿ¨¥y¼CîŽ8? ê‘YÐåM¢WZ Âb­ÎbWxÞ§y‡ÞÑ×ëÛ?ÿ¸½þróûpö[ì«Ìûhƒ@4¼0œÐP…HtíÒÔ0CÆ1qô +wxé6Þ#+ 1ÍÖu +èqÊä*ÌÒÆ©È#ŸIÔCª“eééo™ +·’½™DügxpZAü­¬ +¿ˆ„~ZUº†]þ8ò,ò'P+8 èËù :œq4Ÿ¢±ð ŸMèÅÙa›÷@¦¹-RêS A²&$çÎ3øÏU½ ”eÌJðŠ]ÙKä<Ä`0Ko‹(œÇsÊÄa?12òñfáE8Â$Qm§1/¹òüv_4 Ãæ+YÔ%`œ2¬m ÀPrFà˜³¨ –ÊÑwôÉEOhÂ8]òÁda؉¤ …F=óþN=¥‡4?fJ…£Å¯ìý‡‹ÓxrN>fƒÓ1M>ùs7½šMéÆèï€sŽc(ø8[ËûúÍòþÇþEQ qúÉÂ1Ïg/´¢ØxÇÉä4›ü2Â7xõÀ˜?ßü}ð?†ðcRendstream +endobj +1316 0 obj<>/XObject<<>>>>>>endobj +1317 0 obj<>stream +xíWKoÛ0 ¾çW𘠱ëGçd»åÑž¶bÃìR P¥ÖšH›$'è~ýHÉŽR#ÃÚî2`u™VLò£D}¤ôRHð—Â(ƒ¼€r×›.z× ¼ƒÅÿ(Æ(¬!‰“$EÙÿR¯$·®©VÃá#3–kœþ Œ,¾õˆÒ$£r?rWP?ÑŒ8ORGÇûIƒÒMºœ…'|ž iœºqæƹ¯†Ð±vªxV¾É–“Ûþ›ÛÈ–Ó Î‚8wbc9Kã‚bó8³`”ÔÃâDËÞ¨ g¶œ?FÛ"ÁƒxÄ—.=>´Ÿ.¯~5ànòå<8cC‘:´Þ]`˜ðY_’ÑùňQ÷GÍeÉAm€ï¹´11 ª,kÍ×°AÌ.a¤:øIãæÈßV•l ;®Vî”é0ä@nû´Y·ƒ¾V\‚°`dYi%ÅOnÀ€-žÎfïÈÇZí®pÇ š¢t‘;ŽïÓÂ,fÇ3†¥º‹˜É5j(d†0Å0q‰â¯bæâÚgzž9å½(YD™ÆÈsÇå£h(U0°{Þäב»¢ìÒïÇOZǬoùôÔŸ•‰ +Z’A>â‘o(Ùˆ0›ùïø°-ng—ïtÒ¥¦´<™ºŸ¿a/.`ÿ2Ÿ·l|žÏ‘â;¼`j¹BÂ6Eä„zžBë¡”{eCXÕk™…¼Kð×B¢ó‡¡#ųDMÌîíaQBB¥¦bЀ@^vGÄëŠèˆxvQU}ìçÿj³ÁXö#vŽd ïioN:ÉW6ƾÏi›µ¯l>N)ó¬ü—%é¥}ï+Ï·}û¸éÛÓb'ãŠQÑ|M>N'ðI«o¼´0We½CúÁÆ_IÊô¨UˆF~C®û)¶É1L©¥%Æb¥V{AßÈ“Æe1Ž‹·~~ÒÛIFsW‹ÞçÞ/ø`¿µendstream +endobj +1318 0 obj<>/XObject<<>>>>>>endobj +1319 0 obj<>stream +xWMoÛF½ëW |‰ ˜´$[²S4œ&|ˆâÖB‹¢èaE.ÅMH.»»´«þú¾YîJí¢AaX¶Hî|¼™÷føçdFSüÌèjNKÊêÉ4Òâb†ÏËë+|Îñk$“÷ëÉùÝ%Íf´.pdy}EëœðøtJëìôq×d¥Ñú[8¥K鞥lÈ•’r] ÕP-¬“†6F?[üMN•ÎD5ºaéYUeºqªé$9M:Ë:sF›Î}·þ2™R2»HçðêJeÉ–º«rx$Að òþ'É*×ùpÒpl¾L/ùØ}AR!2CFwÓÏ3ÒøœS!Te}Ð…®*ý¬šmŽá{¶ ’hh%jiIˆ¶nÙ¾4$EVÂy.ù ‘eÒZµ©$5@F›¯T±­eãB¾ŸQrø•9GØQ¶•F4Âr©j@ã¤=ƒiï!m¤Ú–Ý™RkÀ«¬³>ù…‹ ÍRbø²ÏãÖ9Y·`øFfŽÿEìvý!Q_%Æ˦ÂÃáo4ÚqEŒ¬õçctÍN“£âÀø–¸ç/ãF!u³‡ù€(º"ëà/¼gܯ÷«GBã=I´’r¡¬MµóÕAÆ}Âc¾˜Ê½,7­í6¹ï¨³Ü&ý…DY]¡ùÐF‹i ƒôÂOôJþddó¤À1¥[KŸTf´Õ…ƒã¢C¿ÂBÌ!tpŒ´¹mv:ÓØ4ú + ~ž—Xr ì£#À §2Õr:½ÁÃÀÝS´Õa«BUt®ëë Eyõ¾’›Þ¥Ço`‘bL ž—j o"~Ãx.6Ì2ÐrØNÇ3`ä.‹[Y@õEË`¤ì™ÀÃ|Ø”‘-^θŸN^ÜKÀ@²ºÇcÞ,šG‰ï%bÛð¶ÊBm`¯t~°ÈÆ …NDa‰h˜(Ø üv‡qþ½í¨(<´°ø Òëúž.ÒD)7!R¨òhòžñ@«âèÁ9Ž³íþaï/tËɃQµ€NØt{ëtX]O~Änt5²ù Y%7P;Î6¹yˆܬ|HnŽ æJTzk9ÆÈà· ñÛjí7'‘È«] fúu‚ 7H#Ä8@í•5€'4³“φ9~ãAûãr0Ê’WK~'8¿û×ùÞ‡öŽnü~‡´þÀ_÷ÏÐ&ùê®qx;áy°ô†ûw‰a²±²ð‰5uà×·ýùÝuXIfK¼Ë]_ÐòjÑï~·ŸÞߊö…7ýCí刓x ¹šãõî[vÅËåuº\ÌñjÈO/ØÌÇõä§É?Ƥëendstream +endobj +1320 0 obj<>/XObject<<>>>>>>endobj +1321 0 obj<>stream +xÍWËnÛFÝë+.¼©È´$Û²\4ì棈“Æ ²hº‘C‰ 9£ÌQõ÷=w”ÄH)²jmøÉ™û<çÜË/ƒ1ð9¦ë ]L)«£dDW³‹dF—³kü>Á—‘T îÒÁùËK)-pe:»¦4'(ÍNt#©YŠßJKU©$½~ÿ˜ÒÛ”î^Ðã‹”J…‡’l=O2­ +*ÊJ’.Ü?E=d¥ù* ‰¬)Õ‚„u>Ü?<†'OÒOƒ/’ ¼Ÿ–•U‘Ð}AÝâLCsÝ,Ý­>{þò*D|º.•%Û®VÚ4ôŒ6Òú1¥ÓÒ«¦ÔŠ„Ê¿cÁGøŒ~U¢–¿³<©zž÷"^—UE…(+j4ÙF˜& '&Óä’sJ—õøjÖšVÚÚrŽ2ÙL*aJm©Ð†3ujW”AbsÅÙ½¶(]B0ƒúÛP.øÑÃwzF Ä… Ø\kó™Ð.QÜ”¥Êá„n®†ä›ÆõŠÿ}H©ÙÝçÞ œˆÒ [(ÊEkdŽ¶ö|®PÆØ5ó\×ðè±×óˤ˞c‘‡(Bü=¿Ö{±® ç/oh T3¼Ï..};ÆÓdšÐã¶vw¡ÄŒfüæÝï¯Þ½yÿ–MïòãlrL]?ÑgtæX§ŽÖ¹+#üà2à2—=ŸCWY¡Ž¥åH¡$JÎ`óAhðrkÞ0óÒׂ^ Û€ƒ.OüüxŠöíRì~ +R?íye ”`Ö +zkÊZ˜M´ùðctUI3$Q5KÝ.–.E]眅:­*±±žÑ¸,íÇ'=ÇüÈ£'$Pû’‘âEŽ¼ —‡ô8‘Ð(Û€NF×TéLT@®Ë<\´®5 «ËÌñ«\‡ð¥øŠ¤#ì‰Á\fåJ8‚Éc-ŒnW ÎéïhDLt°•;ì‡xzéÆ´$hi¿Öm•3>„BºšÍ©ó9¤V Ö‡>´‰ž}Žøª‰Ryž60ÓóËUXi¥²¡Ü{Q†¢ÏúZ|†”¦­¤±‰m˜}!¼g%ÞŒ¤úZ­j©xÆÈý"uîë’Ç•ØC9PçEjäNhUmz â÷äpV+T§+(±ôŠ©öy´3ìùdRr.Щ1¡qÜü¹¨ô\T½‰µ0-÷GèÏlu;ê ^q˜ìq`êíœMÖÔ°À—¨,’‘…4xÚp™9øCäqS +ã™ôZma…øMŽJ6ºW4r»Ã±¢Ø¸@üPUFt$}$ÂÇ‘âð~1ÂþƒYOîeØUñÀÁP°/hÉ÷c–WHºÂ62½ò-ŒËˆkKØŽ ²]öDóÛ¥iH¥ßŒüÒ–Fö‰ö ÿn†~òÅ1¨Ñ Ìo'3u^ã6À:ÌÍÀW¬nÿ{5‹¢Ê÷:ÏꈕÐ-´h»CP@ó9X®H@hKn™Š›ÇÍU ÆbfuCö¡WTýM b¸ûŒœkÌ74L#e]àä€ó²ùɺñj[謠…Ö9•¹¬¢-›dÃn"i8þÜW\Ù­@/ëXÿ +êª#àÿéϵ+wè¯Ó× ²ÑßZ …;p]á†l<$Öb1À‹†4¿W¬—%šùíhs»Žíµ,Ž”>]Rœ;Ùíí Ï|LÞšë¸ ³Hù.Ü6C'}Ñ8¡LaýÌo >p(c´E É*Î(-¿Q`[ì^a¢ÆìÆÐÅ—%ö0©Ü:Ð;—M¬„OnuèûËó,¼i§xoœ]à ñ‚ìñöõÝ-öAý abÌZžàØŽ´Û[Ïâñ³ë ^$óÓY¸/§³dz5Á¾ÎG—ø‹tðÇà˜„Éendstream +endobj +1322 0 obj<>/XObject<<>>>>>>endobj +1323 0 obj<>stream +x½WMSãF½ó+:>AÕZkËøƒT6U6  Y+Å!ä0’FX i„×ÿ>¯gFF°E.lk¦?ß{Ýüs4¤¾‡4õi4¡(?xŸ¼S:MñÚÇO))1üÑôõƒEpôùò”†C +ؚ̦Ä;ƒÑñUB;UÓZmñè­qhíc Î p".‘6kÆ˺bݾ栛‡wk^l³V×{‡Þã(Êû +&8ê&4eGÔ*’ZSmæ/º"â‹(tj®Ó‰ˆž ŠN·Ñ;*jÆÃkÏJL£u +{çx… uŠd,‹HÒýq˜ +Y"h­0•õZÕYl;» uü6a·‡¯Y­‘¿ hÇZÐvÃȪÖ5O +>Ô1«Â#o"T5~;F2ÓòšmEQ9whö¹¶-Æ¿±ÖÌ è–Õ£Ù-Ï- ÿý0€$•Dñl ßÍÖyU¡‚fÍ0<úÓô +»Ô֔ˌ²´2ñ0›_òSL'æÔÎM]½Ã¤ÎQwù=’›ªù”ש´=©º?q.ÌY›¼Ðn¿E(Ñã»ä«1ÊM:¢åå•kÌWÍÍßFƒDn=2=4Þ‰fä7Ui â¹øžæuþÂ1 Ý»i5s4Nð?ÇlD“)ÖeìðFkoKõˆq„(ªs‰åƒwoöÙoŽ÷§>þ׈?¼«žNfÞdìcËå[ÅEpôÇÑ¿Âz%endstream +endobj +1324 0 obj<>/XObject<<>>>>>>endobj +1325 0 obj<>stream +xWMoÛF½ûW t©HŒ$˲] mÓÂ*Œ¹¬È•Ä„Üe¹¤ýû¾™]ÊäJ.Ú"‰cQÜùzoÞÌþu1£)þÌèfNWKJË‹i2¥ÅÝ,YÐâö¿Ïñ¯Ö´ñ_,“eüüauññÓ‚f3Zm`jy{C«Œ`f:¥Uzù¸¡ƒmi¯LCN•kE¥­SMÊ.tÚäÖþºFÕM[©Ùi|Ò ÿB£ªÖ]×:£R¹F×#Úv­ +²•œÌñn¹NRk60ýaõíbJ“ÙU2G—£ƒv£„žÅñ>/ +o|§^áž\‘ow ©ìÑ©­&ûªk²p[Semš~¼[Z×vïtí`Aá jblCÇè"ÇÑ¡„þp'sG•ªU©‘íófG),I9Ê}¡$´foig]ãèëå~§% ü8ˆÛ}n2„Bw×dkzZEžñLêüõ•Kˆš +›"×® +»FŽRa áL‰‘”.€Qé:·Y b0¡ÚMnZþ¹—0¥Ò§ *[gÈæ×:µ‹ãó¡ +–³ó%˜ ÏÒhÍ Ž2[*Xž…Èó†Póš•Úd`‘ÀÇ”T…³R„·ü£\¼É‡ª¨U $=“%MfAHFÑÙX˜î’è~g L€®é×û'”#rù‚‡`‚›MK”êlß±{ÃìTYŠAº¶P õXŸR +RYçò5‚AjÜ9ù¶¡™v>3­®[RM£Ë +Í8ÀìýD»"tŽ»V\éM^#BoÜÁ$pÔVh4'eBœ5žÐ=ÞðÍ9 RŽ¾…U´G´³vI#Ó]S B7Ú%„H>ž ZÍÇ©€ËBß33KµVÙÃŽüžwÆÍã»Cå»bE¨íkž¡ ªmÀå&OAج5™2éaLngÛ‚ÃД¶BéÀvä7èmØ÷ñÓÍ Ê¬Î“«…ï§Ù2¹Kè³úž›mHŠœîKûd~ùG3®â7}¹ÊÏ*&|j ðͳa9‹: l‹&¯@@ÏRGèEéLy‘O¥6EÆq~ºÙk"e€ëOô2¿\ªï]cªÃJeDëw¼DéÆOÄ£‚r¹ëfKBÊôF!pnÏ^ïC„uë˜ßi×F‰OŽe'Àùôe%âóÜÍijÜçB*ÚÛúû¶¶è)Ñ.¤.bñöø $ªÌñ€¬WDãõ›êIvsŸÝd~¡sççÆãfŒ ö,ã°ƒŠ 1É¥>'ÎpÌÃþŸæe5Å€±p+–ÉŒ$Á°ºÖzË*Ç—ÉPÖ±âˆN½È„­žkÕkŽ±Oï =s± ê#!ü€Ë@ÅÞú(©,€_Be‡Ò|Aè¨ß£X‡®ædÁ/³Ã[üÿ´ò•êx‡/ãò= zÒñÏ$ãì;´ŽÔC§¸›~\¬kåÊÃnd|@â§Ò>-š S§ÃçKÙI•Õ?~º ·àÙ·æÛ+Z^-ý5ôùþóÃ=ýVÛo¸îb,§-ÏJlGÖH¡fK\µq`r3Ç¥9»ü·ÛÙby›,¯çXìøÐtÉÆ~Y]ü~ñ7»–?6endstream +endobj +1326 0 obj<>/XObject<<>>>>>>endobj +1327 0 obj<>stream +xRËnÛ0¼û+¾Ä9XeYr Ú=¤ha¹øBI+›±Hª$U5ßeÇ­ … ¸;3;³ßg)_e†UFÏÒ$E!Š$C¾)ù;ãÛº—ƒu.ø÷êྚ½ûô¢DÕ1V±¨Z0Nš¢jŒ%Ò_l ÈÚŽµ³²m¤mëÈ{ò·ÕƒäÜA–Y™ ³øÜáÙŽ†ÂdÝ#CbžÎQKOíß`Ø-:ë@?¥z‚ê È´Êpgº»E8‰°˜TßçŽ0¯XñäÌ;8[÷¤}‚GeZ;yDÐG–°wvØfÔd‚Œ¼QéòÜ°,3^䓹ÿµÈ93ëŒ×8v¥eDûX;Í~œÁendstream +endobj +1328 0 obj<>/XObject<<>>>>>>endobj +1329 0 obj<>stream +xWÑnÛ6}ÏWÜ—¡)«¶ã&é€=¬ÅRØÒ1—¼\I”Í…"U’²æ¿ß¹¤Ûê0 E×"/Ï=çÜCåûÅ‚æø³ Û%]ßPÕ^Ì‹9­–óâ†Vw·ø¼Ä_¯¨I‹Ûb5}ðq}ñîþ-ç´nPëæöŽÖ5¡ÎßT—Ÿ¶ÜEå [é‘Û’©S¾q¾e[)Ò!ô*¼]ÿ•j,nsÙõªX¢Ê%6- +úäÚŽ½ÎŽ+W´XŒ+—·€Š•ë­Ëåw8¯*ÐúÓ7ŠŽ"›—ô‹*£•­·} ÝÐÞõÄè0ú½¶Yp5¤ãi A“V†­ëM-xç4[\g”^±1{ªLìR¥ónã¹ · >( +Ü*y]匀PÔºA1×5xÇÚpiÒ¢¼\Q£ñMôlC£üäô×úÒ¬tÒÄŽ°‡­Ã‰>qPrP5=þñÍ ;ÅXcy=ÁÞ—ÌÃÀ6a +xÃÚâgp­Š[áÆèELk)ÿÔ& ÎNÐ+@âŸQ©=‚¤¯òlÐàNTjyŸ…(ø@Œc -x«uf ì+¹ô|újKèAÅRõúù-8™j—EKÞJ€4Bý]OYú¬¬òé8“­il5>sw  [Hé\ˆ&°çáUF +RuA_@qrÕÁnô½×DO˜*᫆ƒÌ$·ôpÿxEl"ön¶øJ‚²{j¥ëZuÊÖ\Ҍ6ô¨°ƒ v –„«…ljqPÐ7·éÁí0W‚ 9AÛ‡5ú°É*TÁk!¯žt0>œ(r—0ÙiKɦ2'Šçfó …ìT0£,Ô›²á*ÂèSDÊpvàþÌ5Æ.“Ù°qrú–}=È|H µ×h=È\ÖB’œ³CÆ8„Bæ*ôkÐTÖìŒûóÉ£f•òs•ËéB¢Š:¢Š´™ä¦~?C’(’ §é—¦é·,èkg\õrÌH<’œ]KHçŒ\JJ~EC;­iûÝýYDʲ±LÎ:¡Ó”¢CR!‡b J¡×"–5Xi¼k1dc¢ÂÆ@’£Ž+”H©ä *G¬aˆ‘Ãê ùˆ2¨'8 í`:]×9{«CÔ•T~Á€B‡,FF$b7yŒ³W”N˜1 +x"¢9¡^,ËU¥€Z"|„6 ²c_Š(ÞxY #¶½Ô¹ '‘(»*cûŽ–²#*I"ŒŽ=Ý ì»Ê¸0µÁ)Ak™Ò +,lÄÊâÇÞˆ%B¦Ñ1Û2":¡ ^…#׌3°(>‹;D#æbÀèzÉAc¡O ƒñ)Ñ*!{oó”HQÕpoâÕ¿0' ‘‹‡åM#S±1jFå~–>.E© b<ˆËמ×ÏÙœïOîïñʶô ݳÉž›x\÷$`²ZÄ[ö‚d1Ÿ‡@¶uƒd|÷`7˜­¶-{¼ + Np©‹Î¸>Ê÷¬Z±™(3í¿Ãý·n9Š_˜®ç?‘nñÝN¬x6ÜШ9GŠ…(ÉÙ öVB/®=›Éy§µKl–Èw¾–Ì‚ð-o¬Ž}­F,4š_(Çyƒ¼sœÖ«Z‹+r|Ö˦wÁ7¯v)þÀAN¸ÑW(ƒÐ@$Ó›†ñ +0òüdðÇNó“Ð_@Õ$j ¨x‘™4Zrõ‚HÆ=•.œ¨KmtÜËÛ¼ì¥ ×ñMŠéœûƒô‰NÐ3®Î_åæô¸?ûº"šcçÎÔ¨Šck=½ógŒN‚÷5Rùu(/¢÷wxÈ,Ïø‡`Mƒ™ÃËrñ4Y…9äŽÇvfà"z¾”÷<döȺƒ]10ã¨bŸ/O®t¡Z–ÞF®ÜO–fbß$xhË¢rV,b©ÏÉûc­pI™ðüZaàG—Œ¨8ÉÇ‘>Ÿh ýáìÿœð»ã„¯®3©ÿ÷ÕÍ]qó~‰+N.·ù´üÛúâÏ‹«§'hendstream +endobj +1330 0 obj<>/XObject<<>>>>>>endobj +1331 0 obj<>stream +x•WMoÛF½ûW t‰H´¾,+‡ìÄ)‚ÖuZëŠ%¹7"¹ìîÒŠúëûfHÉ­ŠÀˆ@jgÞ¼yófõ÷Å„Æø7¡›)Í””ãhL‹é,šÓ|yƒÏSü9M™¼˜/¯£å¹Óé™w«‹«Ï×4™Ð*C’Åò†V)!ÁxL«ä²Ð/º˜’­ ›l<ýDÁ5úýê;͇FÓ ¬ÒKŸÛ¦HÉ×Z§”Ø*iœÓU •$Ú{ +–2Sh|Èqe¾W–¶*v´u&]ákCòM’“ò¤êº0‰ +ÆVäµ{1Õš|Ž£žAŒi4™ESNý|itÔ½jã#P¦êâStÿí¾K?z O&qÖÛ,Ðc–™D·!žßsrEa·ž’ ® —Öi•ŽTÎÿQ¢’\#]mP¢Í€B{4…+ŽZÊ>Ð<1Ï£Ù¤¥lrM£YDàí]¦6zÏõ;|²G”êÚi Ó·Ìs».ŸT+䯀׃ä£0CŠw´vª +Lê¢Ó6×Zë𤭠õ¢¿™ud+¹Ê êGá ÑÙ¢@?ÏPT_ƾ–íñŽÓ"ú’ÑÎ6è^ “WÓNûG¬ä,ˆ ‹¢K³&bA+JµëeVkèÀ(tבXB8¥*(© 0]µ-ñ{­ÞW*–T}Ö™Äã„ÆŠ,[¹˜é> .iSÙ-m g`ýƺ:ÈÊœ-™É®ˆ>p‹‚)µÔ-¼ÆiŠÍšjíІRU£)kg_tÉC„ ÀÃWãd ü[͵€f‰í`a?hr TÃÝRŒJ`§ûÞxÌ–‡À“œ]Œ™Ç‚¸-Øömß±­¢œn´–ªtØZ·9GöIe¬¤¿~{ütÿëíŸì•ÜQyQ#æ¹”'5ó+ÌöZÛ(&ïˆvÝÒúЫ¬Ã1๯5¶°†1ÕÖq³x…¦)sÞ“ŒõÙ€RÛÀZ|²¨ŽF¢—R¤Õsê ‚–Bè$þQªj7ñÊÕ +ÎÍàÅx„Î!^·*\}ùJ>¨dÃ$yìS(½—×£¢ž¤¦Û¿íË3æ1èÞ·Þü#Óò_¾±·ÂÍßtÆÐõ +*(TÍ~’¿Ë÷Wât¾Ñ®'oÄt¹Ÿª´ Û2NcÙô +Šµ”ƒ½ë!s³Át{Þ¸X7™Ow{_ðô|Ù]–à^x!(†‡Oßd,ñœK‰Úâ‚búZ(·†Al$àúE Ë‘ïTÜÙ]¬×¦BptÁˆ7bݱF+eŽr fFC©œÜæÊ«ÑBØ„¬6ÄëUÜquädVø Š=Â=”9í!°’dOv‡ƒ—0£lŒ(fµqý½Ä‚‡øv`Á¶'7¹æRyª9ÔÌ÷Ÿ–¾«ÊuM4Àî·ÒÝZÅÓMi@ïuÏ‘Ä? +\WA‹–]ÓuŸI`g6&ÜÇ°¦^[’P©{‹Ÿ:SØÕ]+q~²˜-ç­=ž€ø¡Æ…W^1ÿa)çݱ»[CÒ’7Ë›·„E%Ã~掊„¼¡Iñ>&ôµÊ’‹Ë‹‚•JAr +[n“ßùÀþßÚª]D·]Ü Z\_ãg B×ÖT`Ð÷…ÌÉ%v¢°UåŽô|çK0•º´ÈÙT4ê½r¦Ø wWŸ—Ýo’É?‹–3Z|·×ˆ§Û‡»[úêìwÞŸlÒ¸âÊGû£›)~÷¤—ÿÿZ>_,£Åõw{>>þÀaïW¿_ü ¸¨€mendstream +endobj +1332 0 obj<>/XObject<<>>>>>>endobj +1333 0 obj<>stream +xuW]oÛ8|ϯXø圢VmÇ_= ͵ +\r=ÄÀá~¡%ÊbC‰*IÙqýÍ’Rì(.’‰%îÎÎÎÎ2?®&4Æׄ–SºYPZ^“1-Vï“ÍVKü>Å•”‡óñ*Y\zp³_~0YŒ“饫9÷RÜ®¯Þ}yO“%­s Z,æÉŠÖÓxLët8Y&ó„îÄ=•Ê_¯¿ãýM&ñýÑt ëløÑ“óÂú¦&_HJµ’•'Qeä¤ÝKK•Ü¯„—$hPŠ'U6%y+*‡°rê§|K‡B¥i…\ˆÃ“ÉqZX}$¡5=ÜÝ2Š1&7¨¹SS–Èäú×4”Š +9}8Þå a|!<=ˆr+è 脨qªÚ…Œ,Jh@¦öÊT¤ª^BWn“ÔTyB÷…À¾PŽðÍÕ¿H ô€Œ†þh¤cX/Qˆ4•µKÛÆSe^Àîge.Ú\’ÞDŠßÄZb”„Ö'î;V¦Ríe`˜:nŒ7-Ûc@|Ö¯ÀP/ua*ÓX.B{’öé²E¾zÊd.Í3´˜Ï¡ííÑKG›á'›ëXªòŒ¥6Ω­nËr¦ì”ãÀá‘jiscKÚJï!¡ƒò‰4WBxØI‰šJyaÜÓ½Ð`¤¥cüÇt<[qr­%4´©h’Щ¤Ú *Ý« ++* ˜ +‡ˆ\R[p×õ-·7J&œ=Ÿ«ÑÍ,ò„qZ$ô§IK¹8M·ÇçàQ°™AN–‡*k€ã:oUêIÇPJá±RdïVA—)Ëf(´/L³+œg*ƒœQ£Ü+Ó¸—¨ßAðnsÐלŽ˜&Y îO/ÙfGfÐûü¥l®™ž*œç6æ +6„Ë]“çè—hùîAh[.ªTRÀ(+È¿ÐÖ{ÿHnî"¡ÚÖbÝy@›ÊË ° ‰6j25ÎøÀ†é+8ƒ&*ì¡éBƒL÷eò«V/z(DUšL¶/¶û…_KƒÖž‘ejY±†NÚs$§ÍçãÛäø¶2*2g]Ü)ç€R¤†×É %{Ó+$o48:‰*ÈÚÀ$NÐ{tìä­¨:H"xAÞiáì̈uРý؉W.ÊbÐ/D ŠÛbyc¤ÚCŽ…³1†¥Äðm†8Ý‚‡1êb/é`ªß<Á7  Œ:#̷핲Dà–€Óî8g˜¡‘©˜™Èh®,f»àœGïò˜Â˜%ôÅXØU…õT×Z¥‚—Fð̛ᨠ+Ú;\Ð{ž£<ß »ìtQŽ(!‰œ#,a¶Ÿ0Læà^æÊ$0eTH±W@ ¡¿Ð@¯òƒ±!sj,–ƒÇfY`›"«…W+"zÐI˜áº6Öó¬h™cÏÇ÷:CµS úºF¨³ A;hdŒÎäne`6ðʺÆCN?IÞ'¸ X©%ÚÖjÌ@ ŽëâZà÷þSy>ú +ú¾v/ý­¬`Žßþ ðK)"Þ « •W渷ì»Ò#°6ûóŒô†wî&¯f«ëÔýºOÄý_ëÏ¿Ó×X]X*¼¤áéóŠÙQìöÛëäÖ[F¥, la¯áTo†< ý1ø<õW¦à$¥x ; ¤bó6`*ð[ û’¼œ%.€2Ì«²U@Ñîp¨ðW.¸â…·ƒRöR³/z`»oº››î„æ =¢?A$ƒLn›6¯¶iÞÿaµ3ÖÓây^5èÐûÚšúõeîl}œ|µsT.½½ÀæºqE»ù]`CÀm\¼°F¿»ÆòE\[>a@®a-Q«ö=Y࿺¡Åtï²ïn?Ò7k¾c2é“I^ö!.S7ꌖS\ϳ ×óÙÿ0̧¸Ìóãɘ}^_ý}õ?Ü0ûendstream +endobj +1334 0 obj<>/XObject<<>>>>>>endobj +1335 0 obj<>stream +x½VÁnã6½ç+¾4 8ªe»vöC‚¶À²m‹¹ÐmqM‰ +IYU¿¾oH9ÑÊÙôP ÐóæÍ›7|¾Hi†Ÿ”ÖsZ¬(+/fÉŒVé*™Óòzÿçøµ’váÃry¬Þú°˜ÏÞþÎfçWÝm.~üõ#¥kÚì}uÒ&'džÍh“]¦ëäcB_T.I«Jº›¯ˆ_RŠ0Ž¿š¯‘l“_n +I“¶;¸ ™Ú+S‘rT™–d%¶Zæ´í(—;Ñh?¥mãIí¨3 åÊñwRžž.wÆÒVz/-9™5VùîéùBV!¶£@îtzÛ5»‚ÕÒâp)ªLR»T¾œÑGUíi§4P”Ò%Ä`‡±Ú8ÇHµtNV€ÙÃ*ÄUí¥osÊD†S7£Ôt“)µ…ÊŠS©zª1‰t½Ò{µX&K† ^ÓYBRädEû>­¶bR¥'^séÔžÑz¾HTóR9™OI›öJ /«¬ •ƒ¤z9ŸÐ-ȵGÐvÎgVã$_[O®©kcA&ZV˜VâL‚d9=Šr+pü ÝK÷n2ÄË`…Eʃ! Ü‹W9Œøìňcu­"]Ÿ*r¦”h‚C²L+YyG¹©~ðT ¤3È +„µRëSd¾Zw„>2-(yØûÆ1 ó¸ˆU6V‹AÜÙÌTG$U8ucÔ& +Ví dV‡@©¶¬tŠ'¦“:\O]Ëʆ£a©‚üŒ=$ôÉS¯â"¦Ð ZM ]Ñ(0™çÅ&ô["¼tž‹ÎP0zÅÜx°õ¾ZSØFQþ»\ÛSØÒk¼åÿì7ˆßUìˆçW;;ï=äZÂ3Ø5yÆ0…˜™É •‹b º«Ø¶4…¯Sö­h)¬÷“éa„\ÁC™A¨{h©PÁŽF=÷ý>Î{ש­ÌUÆÅ~×|″JrµþzˆåFÒìxhèñþ³QÂ{sì›Í ¸”ŠF¥¾w ¶¸fzĨüË[A¹ð‚3ðÍZ8- C¬Ü`à[¡‚ŠÙr8®ÂÑ! ¦JX«Ž2Œ—°°jƒV”ÆŽ“?7*;`ZŽ{¹3ä´ò¹ÁØô7žúÍàÐ/²á¢KèOl8N]/¸`×[Jt‚S7Ä+e¬¦Ïƒè `ñÈix¦¸>3Æ[®g&{€—àK8Æã›Fr…i4z'¬WY£…ÅÝ…Ô5Ešy/8ÅŽq2á'¬_,?áhò…BM•Ãc?o°´£Š¡mà×f7jv0jáë0xž%ŒaF)¶ÈvR(GŒÛõr2p¥i*,®Zfj§xÇnF²ú ûQaSº‹Fc +Кh«M†¿¸:Váçæ;Ë}‘н¶³_×pÛýÆË)–ÖoÙƒÍ96ò¨°a¿¹‡uY²‘£¼_<†ý ÈlÉã1„ÞÁ%¶XåØmfTØ`)LY6·Z(+&ìs^ü¹âg^¸YÂçµè8Äv -o1¸°'æº$¦+¼]¯xZ.ãsíñöþî–~·æ+﨟M֔بáYÃ(¯N®Ös¼AÃ[éì º\áõûÓ/PHS>øËæâ‹_˜Üendstream +endobj +1336 0 obj<>/XObject<<>>>>>>endobj +1337 0 obj<>stream +x…VïOã8ýÎ_1ê—e¥mhÚRÊIû…²ªD¡G‹ÐÞq:¹‰ÓdIâœí4íýõ÷ÆIøQ`O´(uì™ñ›7o柟zøóé¤OƒÙAÏëÑÈïy}ŽOðÜÇWKŠÜ‹á¸ÿÁ‹ïÝ;ñmypt9$ߧe'£ñ -C‚ƒ^–ÁáR‘ÌÅ*•´S¥ûÆb#É*ø TV$x³ÙJP•Ø˜l,©{q·˜ü=›ÍI6Q9áÃ/.¯Î¾/(MrI*â•ÏËŸ=êúÄ» gâQF0è5ëý‘7äõkeá1–2™)½£LE’¯)10î¨42d'|K…Ìñ[KÁ‹éî ‰<ä½¹²õÖÕÎÅÓq[´¨:{À‚¹G˸4îÚ™ØÁ> ½1I’Q$››$rÂÄ8Üž½À9Gý´@_÷üæªãî~tyJ>òÀ é†5 +þ‰ç=Z¤ª¢ó4‘¹5|üeòºýoĈÝbÜÁ“X@Q(m‰ÑHk9NI¡•UJ9¡ç7·“ùÕÝ‚p÷XjÞœÓÕÙõììºOkκ P‹ È{›BÂz’ÁÜFf#­2ò{G†ûÇüôðy?·S2%N¶Ž-FšæçŸ ÎÆ#³õG´ÈîÃgª$Pæ‘C”&‡z(¬¨EÈ; +T™†IJòèÙ² “dI*ô»Q×gVH…f´ð¼H˜Óq$êdbKÛ,±ô•ú½á¸ó…’ÜXÇ´~E¾ÞG¶½pKò+…‹´›j&ùWv(KÖ±%‘E±L‹_á¸!•‚ÃyàÈ’º=$¾4S†Tbg(,]!;c*¥vƒØ&™ôèÎ1–w€vG -Àò@¤Ô)Ú3©ÜÈt¿†ª$M[F C¸±Re=ú%©Qw·mô…tî.Ï)лÂvZíHjíx¥ ÖÇÈkJƒl™ÃåÇY™#žš¸ -.£„,îÈÅ¢·¤ÀÕ+AûÌäåVdä猪*ãHy¯ôãZ«²ÕÙÜã”sË.J–(¶²B5¢Ø–çs®X¬d"ÞHàB:ÖM4ª vJ+’Ô€î9B#5%ˆþìw:K¤ê2S¥F²†òî£ûu°#Ï F ÷Óë‹›ûÅô‰#=V“ï³ÉõÒ-1HÎ6²)ôz—àëï/.pƼ†7BnTÆ +¥?g,R%´õ•>]ÈH”©½ 65Â(5üŸ³Bú … +&Â뻽dñc±œÌ¼éõÔu‚u ìî¼zh¥kˆ5sr• “¥µDë*ƒ¸Mö œê¶ÙB¹)jòáÐ ÆÃ}îèo ¥dQ¿ðµÆ‹|çjŽ Çº¾®AsD®AX\ +À “î`ñ©eìùEqçϤ-™P«‚‘!ùà1ž= …Í XÅ=Àu5 û§ýÿ‡vÊ +£Vhœ; +%yبÓ ˆ[tXAËê®Îd¶»Â ¨ø-­ÔöyJiØ®X°ÕP…GÇý¤ÎÁ5:WA¬à® HrDµP>–lÄP«J芘WyºÀ(„ßµ`D*Ôü&Py¢é«ÜüÖ ÚrhŠ¶! ®ûè9eáÉ-F8¨pUUyYhe °¡=⃠+, ´>ìòlîŒ + FñŸ#*m’&6‘ûõ]Å ˆØðýW{®ò(Y—èƒÓcV©édX'ÆbkZ¥kð\M¯ø]ëŠ Óh‚´®1<@ÓT†{›-ïóÉäÂAPGˆªÁ¸¦"7(R.Ñ7–à>/XObject<<>>>>>>endobj +1339 0 obj<>stream +x…V]sÛ6|÷¯¸>Ù™Z4)êË~óg£i”¨‘:I§îH‚"’`вúë»RŽÃd¦Ž¡¨p·»·‡¯'…øÑtHñ„Òò$ BŠÇ—ÁˆF³)ž‡ø3’rÿE_âcï‹›õÉÅÈ¢ˆÖ9o2™Mi6 +CZ§g‹õŸ×ÓwʦúIƒH +ùfýåd€EˆÉÎâ€ø3>¢8ò+,»)Dº{« y'LÝOWŽ~\¹V¥¤µ¦wêIÒ}Ňeß6þŸ5zûa¹¢xøݪɫÞßÍéV¤[I+õ¯¤ð»øi?Ži0œP5'g”ÌèI׈¢8þ#“ÃÊÉÒR)+§t… Uù×™N~I¢Êü ]a"h¿Ué–J‘I”©<—FV©$§± ç~ƒs/¬_luº“Žt͇؀æŽ\cø8Ý8šÇ%Ò9¥óœöÊmù Q~áŸn×—z¢4È%0¹\­%Œ¨,r:ç ÷RVô$ŒÒÅ®Õå˜ÒB¡,ëët÷y8˜Lh.nÈJÃJáÃIô +I¨ë½¿²¾R]ÖÂ)Pì·ÑEFó»{Ê sÿxö»Di‹8ˆÃÇ7­ó1/2ÂDl¤°Ú …rm( +)V®ƒ^µóÏ‹{¿E®6‘HÝÈ+ZŸß€é2BþmQßê’Ra²+ ÃÁhîn.,Ãp0¶Ïˈó÷¼ +ïU_bqÔ.áyÜ=ß} ¦G;0®(ž†ƒxÖFÇ1žÇþ¹WÆÜWçµd†´xìØ"·×”«‚«£Q0N>;ÿª£*:¾ä°S€ÑÌ¥©NöÏÀLeU&ª6½šXë[@³z´e"Hƒ¦ª‹TX”§|:S y§[UÉŸˆ¹lê $öº&òy)1ºÙl‚¼ô_*dÞ-å}i¸zØð¡ë¬†têìkàš*¹?Ò†´-ã8æj+X”om—ØmÁ„³|6Û&ù‰úº,Ü;íѽ´Ñ:»êá5ƒ÷.;UûvÌh†¿úŒñn#]?ÑwZïOáÈ:X'ò°^ +v9ÿ¾ D!®ÐHmsÄ¢©ÁQf¹qæd›ºÖ,˜-'Š„Kíþ‘`$Ôy—õìÖF;êF€ÜU§` zy{v´'È÷#Œ£MSR-M®KÁ–¶÷ቤ¯ l’+Úl¼¶|Ù—aêä˜&ƒxÔzm4 ðK‹}lÅÉ°~›TˆNƒ »òŠù®¥®á"{§…Z)Ù +ªš2‘ÆrE0Ù£jÇH({µG¸ÀÎ byÃ~Ð>³‰}fuø.ïÑzü§üÓ†â³ÏûwJÈ¥õ…ª¹Ötçz «ž¥W&ÇS¦™°ãQ¾ +\-n{GÞoMh¾º–$“YÖi«O?]|N®ñ 9?E-Ïpî‘Á$–¹@¿LŸ>©*ÓûŽïÞq/VëÛå?À2åiÃڃŔ T¥x«hÏ0ÀAQçø¾¡€Zöó08BôNUͳ¯L 7pxUrïTDŠ§—rÛêþÒ êD{ƒÚòåHt.Üü(Xù,JÈÀ^`NgyÕ'™2(@ ]?¨{çeÊ"ÊF‰ý&œ{…øwð Ee¾)iÆØ>[ÒS]P_=Š8zo”ãPÖÚW0ŽhÝ ¸f ZÿÌ97—±òœCôVZh×ö+6HpIØ–ÂìøF<†ÐÍG_ÀI~ºuíêhƒajéøàñ5ÖvAýýXÚîiÕ™ ìj]‚nŠ‚¾€<žñ/åãV¬-“î룚Àƒ¨4cC ‹ q-Äö2?Å"ãáÈ^wk¾Áy,dâ@AЙά»ôFÜ”g1§a{w]]/n®iiômíL÷]qæèÀvÁ`:ô×ߟZÕh2 &ãa{AŽ¢˜WÞ¯Oþ8ù9mšÞendstream +endobj +1340 0 obj<>/XObject<<>>>>/Annots 813 0 R>>endobj +1341 0 obj<>stream +x¥WÛn7}÷W ôbVÖź䥰]»šØn¤\ +(¸+JbÌ%7K®½ôÛ{†\I±œ +Âvyž9sÎèËI—Îð×¥QúCÊò“³äŒ†ý >ã>{ø/%-ySù£Ëï~;éN’ ‡É˜r:Ÿ$ýúAÓ,l3Ž±8§þCñ‡ÎÇɨ~ÌiÜÃêß>t“!–u±s·~ÚoÙïòüç‘õÎûXÐïóV9 F½ä¼~Ú-Cp/îs9?éÜL¨wFó% ŽÆ4_„ âMÖ¼Z‹ÂËQ$4y*H˜Y¿Æ»«éÍŒ2­¤ñîÕü3öP·÷i÷ÆI;5çkå(«wɬñB¼«Ú®™ZªŒ”YÚ2^Y“Ä­&ÔÕ[õÉ€·B Ý„ÞŠLoÝzwô//Ï,øKº°ÛQÎÊ5i¾®J—nyía8| ÃÆnh-ž$‰xÍ«0uh&Ë'Ü=ZËýzñášÚä¤ Q»7Œ±Î×rK^:OÊ“Xñ¥=}Tfa7Ž&ç­ý÷Ûy@Ôle6/Dª´ò[RÎU¸]xæäU.É.iS*¯ÌªUŸÚíG°C8áHxB”p2M6¾ž‘·ñUÅBx‰#H< ¥Eªq]<в”’©ÑV,ðdópx mdzt®SØç¡É"¥À!.qYÊJ:`é(•ÒЪ”Âë-I³&“‹V¸>V¢ºþÓjÕ^ª¯X¢L¦«…\<¼ŠI<€{¡AIž0­ÍW«ûÁ«¼Ð21¥ÇsQàÕ\èGb”>BÓ#¢ Ãïo§Ÿ(ÙÚHb:¾b½ ·8 9Êe™)l`1? ë$¥]T™„Zƒ?[[1Øee°u ŽÊ2—PQ‚ŇWñ6ÀÅÛ£ƒ|¯°bÛ(¿&cI, 5ÂUEaK…úR©’ñ7!cûµ1ÿ{x@±gðøpêsmC!œQ{Ç­[ 0ßó‰ûŠ9`öb“&]]ÜÿDz„>®AÖ(-v¹Ä éíl_õ•A†WdbüÂ<†÷ø7ÈgH «®~àóÅ­xV¤Ýeª¯ îAÓ˜íT8`è¶ÎËÜ=¼Ú—÷‹›}ÏÚûâu§³ÙlÜ% HGóöƒTo”IÖ>×ßGø{j×KènÖ£¨=¼4L„²R·ûgQå ‹=®ðßA¹Lš‚žf©Vˆz7ëôè£( º²ÆÈÌ°:¼„zßáÅՌڪ$¤å{úÊó."è¬WZ¢þ…q<ÒâYó¿@·˜ž!¦Öi+vŽ˜H6©0¥Õ ðrIõ$£;ÿh)«M'(dgƒ»üÉæ±T\ +§X«·­PŽ†ÅɯYß8n/¼ë5ÛÿV¼é†+–yq +µÖÿ‡æéôò-ÝKYž>¼Š)ÉjÓk’1÷€æ¡7QÝYbÜÓüê¾3½óN§†µLB +b ÿ¿m!À êåônF–}*Ô E ±,ù@¼¹¼~?ýÉsØÏ»“DSø`…¡YªþÆúâíJ²šG™Â7âj"[@nÙ²ê²b…”jawoÀùµÐ°JäHEcêîèY{\.L%tBÓe$6;‹Ðp•Å6: [mpçÌÄÇ´£46z rÖÃ!lྱ%<aEø[Éá±£S3©Q>‘꫇Öõ ²ég.°:òÆ,Èú_ LÖpÃcv^@Âk˜6@c¬§…tY©Ò<‹@ÓÏBÈá!uÖ ?ÇYجÚ#z:/àoïç³äúÓu‹{ªì‘“s÷Ç7 ¨G­(o.îgpâ~jƒK‚Eå³Ûëy â݇ëw{""¶ÓûÒz›YíNÙ—p9Ž“ûàn *O\¤–N¯ª²D²v…Óƒ™cMÌfÃ9xéqtˆ í«YI2UžÊ2†¶dA’ј…Ö¦îˆà Hn®~†óŽsÞ1«£c±¥Ëò¡É.Q' ØÁøKÒºZ¥ Yg[DËF–àß 0"¯[¼(¥sÁàø wœ»x`b‰åJKß(ç-öØNcgú8½…æ"ÖüN‚ò)“„óÆ÷îæ +½j™+cµ]m ×ÎûÙaŸ¹·6¹ØRÔS{hqź­ä.ë –s +%]1쀈㇢KÒè«4ÛÐwJ}À©ÕÈ=gï'¦.L)x’Ó¹~w 'ÑÅ~æ‡ ÿðž÷¢vw»æñõüäÏ“ЭB¶endstream +endobj +1342 0 obj<>/XObject<<>>>>/Annots 822 0 R>>endobj +1343 0 obj<>stream +x­WÛnÛF}×W üR—"u³…“È­ƒØq-5FQÅŠ\ILÈ]–KZÑK¿½gvIë8yi–vwvæÌ™3Ã:!õñÒ$¢Á˜â¼Ó}|Ã÷¿ð74ŽÆxæ '"j>e4ëDã31~^ŽÇb²·öCÒ¨?Àœ=ŨùÄgÙîð| Îhx6Áß~KEËN8<Ã%Ãp„gNƒÑD šOí±Áäœc{aᮣ…7óNpuNáæK;>É‹±Oó¸â6üЯfC±ÔtM±ÑËtUÙ³ ¢Y4 Ç®6½5Z«¸z|Õ󋡈z€j@¦|5ÿÜéÓi8FH󤉯´4%Íd¾?óbp5¤0ô^œFÞô‡©Ý¥µUT­}©ݤqi¬YVôáò–n¤–+UŸ(¦·Yªtåì:ß–¥Éݽ‡i+Wô4A\²¬Š×A€§È[Ë"6y𦶳­ ¼MಛË[ñq‡&`²+h¦Ôášc ¯Ñºr×IJ4™Ø¤ÚŠúI +ÿfJÕ› “:—Z¬«<;4ñlžÃrK;×sƒ,¤ ¹¬R£ ÿ×HTeð­­d–‘Ô yøRK±ÃGе&Iº®ìZeYT’Vß4Sôøˆ?MïaÂ}YSÝ›¤%²lÊ-™¥ÛãÐ^`#²¬Rç ß,“Ä­g©Vö5[ ®útÞ&y(˜l]:úõ/¬ªêB¨¯ODÜ÷´9ÚIتUµù‚`…ÝÚÖÏïî~J’vïç 5 +€*Ú‚|-ŠL¾¼ËÌš%FÿT5Èrâ¬NTB·Ó¨aHÊô ¤\¨X2ø€è/êÕj+hØØžßÚzÜq;Û7ñ2…»´cnœ€éŽµE½ŒFÅ”_¤ö%ºð”L„OÌNN¡ÏŒ«þ KàŸñ”Iç?‘­•¥ÍZi_ì]^DÜT||Å!#xÀ’lÃl öX¾Töl’áO xz;Ó§ëé4äï“+f*3ì®LQñ¾Hé^YS—±¢7¥ÙXUžôH/1„ìY.p«õ¨~¾æú€À- 3éW¸½ØâòBVñºó’Žü¸°- \“ß«m°Œð—mR”-¼h9uä(ªRR&+d š‹ÐÉ( +»" zº€:´º.6øœ¥Yd*·=²5âBfŠR12©^QfðXX-ó&±Gw›ÅgÔ= ƒI)W+ÀÄØ8>?€nE&þŒe…EˆiîMRc5¼`…wÞ—dó4H/]Ý” ’×#¨Qk*—]°{ÁU´ëõϸ¡žßÐÝ“öª¦qød §ËÔ—é¡ÅnKá#;=âë96æwÛ¹vqºoÒ2H||oLh`t»P7K“eИ¦§vÑ´`B•ö\8Nö¾:'‰zJQ/lóäo•X‰×ôë}¨Ð÷¨‡ÑºÀÐ3›Þ¿ŸÎÅáJãm{{;9­å“ë²*e𷃆²(²Ç€}Ã…¥c¤ÑÙ¶Ûw-GŸ½(v>/XObject<<>>>>/Annots 825 0 R>>endobj +1345 0 obj<>stream +x•WmoÚLýž_qÕ/M¥`ÂK©´R UÔ„°à–g¥H«Á›ilÏ̸À¿ßsÇ6´VV«UU‚=sßÏ=÷ò÷E®ñ¯G·}Œ(Ê/®ƒkº¹»ÅçpÌŸ}ü7’0Ž‚þ{ƒáøÝ(®¡Ÿ?–_/z¿¥þx )§þõ€ ø§ŒVÞB4ÀYËô—ð¢û0¤^ÂÞŽÆ·Æ^ó5…Ñe¸•$…ÉŽNÝÇY'¢7K[S¦%ЦLmð)üyqM>›ãËgmuâpÓ"ÈL ++c©"22—…•»ÔˆX’Óä¶R™ÆÈ ßù¢ý8L)6ê—46 ö$NZר£ê6²¶Ü K°œè²ˆIµÆÄíÈ*'I8Â÷ o "_!†:cxEÝ4zg¶»WE¬÷¶»+7™Šº.Ú©]wŸìÝ ȃô¾ nʶLÃrC_à°¦2D¶•¸é¶°Kµ‘–_ÒÎèM&s~ÀÙžo%ê ã€ærïe-§*+‘žõã|õ2ùLŸž®Z&ÃÙÓ|³¿fW´ö—ãÑý˜ ÿm½B᪯áò~2[Ö—!µ +ïëQÄ-½oŽ}i»wÔCe#A¯*ro éMQ^d8Øí³Ús‘8ih'¬ÝkS´Eê õ;Ö:}ÆÚå:Y§käE ¥=ÒO½¡½rÛ“”ÿšQWŸ-•à±ÒIùñt‹‹.!Ëœá²PÚèéêy1iÅÈ—¬HQn«Š”ak”Õ©bâ;¿Å˜ð› +##§Í±‚çb‚“,# k— Ü]:*´kYæP¼Aèb˜Ø+4PÀÂV#ŒT:ÒÀ=)wE"Ë4,¦tÔ%»†Þ©C,•&Éí|LüýX=n0Ærqü-—>ûÜùm†©´5FuŸÔ_‘ü%ѽ•VÇGèPAp¡œ.dÛ—À¡ oÊÇè4ºœ¢ÒBøâdÅ;˜¢ãY9')™N¹Žÿ‡ƒ€&ºHTZB#Lu|q†ü±Ÿïà/ô-ŠäÀ £AH9ˆ…qŽLRnùšO@@K¬ì½^ú?ã×OL ŠõÚˆÔXé + ©cBâqÇ]›¬f-îçSºÿüúz?}~œO¾¢—ÿM¼@×O_Ö«?NfLƒHK\Qi¨$€7”ÿRÂ{ñaDުɳ(D*Íúvù@ϲ(²º Ùƒ¬ ÅÎ茶zïãò)*°¡!•ä@H¬ekÑtýDD¾­¤‹¼—À•oëª7õ̹$+£Ò(w¤0ôLuüßèfˆ2c”`¬TEå쟼ªDÏÓ¬a˜ŠÏ½kmÞR£ËWƒñ#(«¹ñ{#‘SPƒ¬š”+ççÞôd@ß™YNFßC¬·˜= g·Õeº…ï[½q¡|ÒxtŸ‡¸I ÉÈ7˜LEòzyóúéÏKþ¦¿¤ +x˜ §P]TQŸóÙxFZ6û3'—‹ÝÉH%GÚóèQÚÓÌŠ|#ÈÂqôº3G–<¥ ²ÀaÄÑ ³Î­ F¯FÄð4"P±u]€w7Ýwã?]â­á6ùQÀJKË\׈ÜÝÐËì™V˾‡w¢2¬&-º¥ ë;EŒIÇðfå¾7’µWqCJÍ¢°ð; Í_ÂT#ÜÄ`lT«ž-ž«D’€ã=1é"òðk¬o®o$Ü®ýl§Y…бpˆÝÌV$LVÃ|i‰"Tþóí€þ¢®"K¤1x]Cð¼W­å¦Zl˜Ð½+Ôi¢CKèÉŠ_BeܧgÓšÃ15TD¼ay,%¿åÝç ‹ëi§û&M!3úîWœÏôm9ú¾˜òîÁ¶;`>¬Œñe/ ~ÆãÉ™×àA>Óâqþõ=!lm¡%Æic ß—á{r`ý¶\½¨6¢?ï •mÁ¥læùÉîåtùžôM%ÝéßœÓsŸY}ŲðóŠ^J÷¤õ›Ÿe–÷?e|PËf,0æ^žfµ ÌåCÍËøæ'µuzWU+÷tÚfÛÄèœÉ0å{(` :`Ür/€ß”ö-Á/ÁD¸Ó8Å“¾Y\ç5EßhyŒe•(l׎!"ãrÇ©BŸ6àòÍ/¢HZß«…tXóÞ° ¨t»Ñf«a”Éúª_݇qM÷½~ùŒ4ºëW=¿ºþrO˜Z?¹Í¦:*ýî¶Úi:·ý +^ÿÿÒ9ƒÑM¿†goÄzgáÅ?/þX}4½endstream +endobj +1346 0 obj<>/XObject<<>>>>/Annots 828 0 R>>endobj +1347 0 obj<>stream +xV]Sã6}ϯ¸³/ 3à$&qÂÎðÈÒ2³»°MfúÐôA±¬Å–\ˆÒ_ßs%9€[J§dÄ‘îÇ9çé÷Á„ÆxMhÓiBi9GcJgÑ”¦‹9þñ®%íù ,å_þõóƒi<‰šM§Ñ‚JšÎçøë?´vâÓ+z.6ƒÑÕMæ´Ù#w’Ì°o“¹ØcÚ¤ÃÉ"šEô‹Ò™y´‘m-ë•Jºé=ÅG›ï1¥Éć8‰çH³É†›\¢V·•² ­Í“Щ´ô¨š¼õ6ŽèFK2{zÌUš“Ñʼnª’¢Æ†\jj­Òw$h-ÊàÄc:™œF1§³¨JÖÔÊm°ªÚìUtxúº…Û˜ÒBIÝXR»o3S +¥#ÚäÊ’°¶-yw.Ÿ“øi/q)Ër¡ì&—äÓ®mÜg”°+d‰†‹‚ +u/Ñ“IÓ¶&µ'Õp@mš(ÄŒpf®5™:óí„ƽØ6‚vßõom‡4„'S€Æ‡èvu¹=:þGËàåâAz^g×!é†DZm«ÊÔ £l¿¤£~H"ËdÆ%1 <Ùœù÷tæœ0˜’j#J.¦ë)¢kFXx8€¢–Ç=œ±Q»ÝW^Œ&=Ä©)«’ØPÀÍï¤k4pm¡ç…ô´.ýÕÔJfÛ£^f¡3Jk)Ie[4ªB¤ÔT +Ý€uh4eÊÞ#ÐêæËòúkÄêÃ`NŽéõƒø˜d“FQ´=Š0G((w@÷æ¹¾£!Ùr¥Fï·ÃY¨è0ôn9½)4U⸛šJÔ3ÙU DF ¸šªQÒ^Ö0.œºŒ®Þ¢ºÏr%jQÊâ|–Ó•‚•(è®0;Qô°{^ NjYHÁ"¨j…2Á†›dø¿ÂÎn6,"Sæ‘éC‚ …ln¼¼>úÇtÖÐÔ…Ÿ_Ï¿u¥Ç »ï»¿•€'ÓHþÁ +…]ïlêt!@ÿ9“ñø ™ªeÚ˜ú‰Ê°gþîž7f飨5óú÷AŶ¸shP",ªq*ÙµëNlŒñ=­Ÿ§,²¯ÃÇTó©Ù´Vº +ä"7û$Áª¡jHS{/ð +ð&÷ƒ¥õõêEæ&—“xCåçìÊ>/XObject<<>>>>/Annots 835 0 R>>endobj +1349 0 obj<>stream +xW]oÛ6}ϯ¸ÈK] –cÙqœ†ðÄ’4µ‡Ú8ʳ téÎZQRõ:Î^–ö 1 `H5Ø,ÙBƒý–æ„%\ä1 ±o =7?$Àá!jNeá¶Q„tÈ©„Y&c­|§PLD½œõIûç®Ö‡Tû‚2ÃÁ|ùü@w!ðŸÉ¹Ñãµ®9szºŽ½ãYÞ¼H92ç„rØø?¾Cä±j³¯§¢gÒÕÆV ¦H–:”ÒÀöFïÀ“]µ²@¦™hkJ2,[^Bq;c<3Ôi_¼Ìò©~B¥5­§®0H×Þ1oneª·J5l¥¢ e¢d—Ÿ]ÍâÀI×ˊ别r…Q¥|a²c*’ÎCœ­âÐaP&p{m<}oÇ‚Žõ;äBé ‚~¡w>pKD÷ÝÿÛë„>P⋘° ">/—ÑM¡%`äºuæÀ¼†²kP"˜‚ã.`¥l.0]À[öÁ°§+h£‚cM :0þ€@Î+h<êpf¸002b‡f*¸MäÖTCs{Žòyºƒé ×ó¾ð…ì9tnæ›Çö57\(C§ðªïÑ{¸Â“úWT .Õ±3;‡.Ͳ‚œM€DΧiš=k6 p>w ¶¬ÛSÉk¬}!FŸ(m×®Q}HääF–È8üЩU˜ò0îŽíÀ€‚¦æpÇÁW :…ŽÊ*ìÙcjâá…»õ°‹#:–BQvPcÄŠQ1!–1ùsërŸí¼<¹¿>ûAˆ-3ºkb—½Ãó/‡1ãŽË¯5Hr´Rå8uŒy’í­<h   Í#Ã0GP#œëŒwûF'÷ÓÞ‡LG¯†1ftê:ÅøŽ¸PƇ¸ ~ñBTfqóä~Ùß0N¯1 \a¤ÇÉŸÒCõDÚðÍóþïqö(O—üîÕÅ_ÿyÕendstream +endobj +1350 0 obj<>/XObject<<>>>>>>endobj +1351 0 obj<>stream +xTËnâ@¼ó¥œÈÁ6ÆNK«\VÉ +ks‰ ã6vdÏ™1(¿=¶IH²‡Bò£§º«ºÊ¯£þE˜Ç˜¦ÍhN0›$aŠd1çë˜ÿ†PŒ®²ÑÅÏ¢YákÓÅY®ŸLɱÜ[9–;KfOfÉ÷?¬h6"Ôf»¼à[£µƒÔèžžg/Œ— xÁAœ† #Ž³²²8Tu iH8‚@^’N›7HQ×”÷Œ¥œ¨T¥¶p%¡æbë†wV·F—䄧qRØÕÜÝ®n|kîMÃØ÷sb»eH?ÿÆ%˧óݲ5†”«¹­æ+»Ó*·pºCš²09í©Ö»†‹à Qè¡O¹\ÿY d¡yH?ÓPØôÆÏÏÍ7ohí‘G/M>/XObject<<>>>>/Annots 838 0 R>>endobj +1353 0 obj<>stream +x}WïoÛ6ýž¿â`˜ ¤òÏ8ib[×µ°[k`(Ð/´t’ØP¢FRqüßï)9Žš‰e[:ïÞ½{Gÿ{±¤þ–t³¢õ–òæb‘-h³¸É6´¹½Áç^Ž©”0•ËR.?\,—k<\/¯³-5´¼¾ÉÖÃ7CŸ¢£Õv›­¦ŽÞî.æï_ÑjA»{ooniWDϸ“Ï~­UØáyF¹³.趢·}å_ì¾Æ•Ë›´òåzï»bÓeF´Á٢σ¶m2ÝÐr9˜®n$Lw57JREáØ{*­£}_!IÙË“öäU³W?Çkf]%Îôrµ(pñ—a噂ºÃî‚np±p  +ÜÀúR¦=Ã3ÓÑöäû}£©³}2úÅx{E]ræ™I—£ZyÊkÕV\ÀE80Çd°?ÐŽÙ:ŽküÁôÀÔ¨#,Ó"JbzLHî4,µoHòVÂEÌÙóy)ÄE…çMŸ×ò.9䪕wçÙ”’mͦ£àT~ãC;îšÑ'OPÊmÀK9"ù‚ «ÀÅ°ï˜Oålß‘-©c 8èP[º·¦oƒÈFãŠx¯Èßic<©¶ .nðýÃ>g}Ž*G`žê»·}DrœÁdçÎz¯÷ÁµþÀؘk­àM¥ôk]ÕCÌY¢„³dãP(öƒ”.Ö™Yé²à{6¶c7Ù²tFæxyV"‰0a‹£¿€d|˜Vè¥Ö‚GÞ÷RCY5ìŒL$ÑTxTG>æ¶é²ÎÙ`sk|æ›=µ|ðÜÙˆ”0Äè¸Ô(OÂŽÜÖM6dÚûŽóˆmˆ´ l´7ÜHácŒ1¿=* H[êªwJ:ódˆ[)€çÒñˆÛ ‚R3; @JÌ’âŽ!ÇÀ#Ô\áõe&88l ú|yA× H• @ËÎHhŸÚG!ú¯QÌ)öŸÑbÛÃhé}KÆÚ;ø³}UGÈ…‰mxŠªry v¢]µ–~B @äž[0!ùò:‚^±&©§´¼§NU vA$Bè^Ïç'…JŸæ²P¤õ\ £dA W}à–2¤Û2Â;ÿŒ@¾M²•$+Jï¹l¡/B0”5ê§cŽÄÎY‡–üSPÑI.Qõ0 ­Ýßk ’7ÈX’™¤KؘØNñ¶úÝØh?Òz"¥qE \Ø؇N¹Fª"ŸŸ†(z,:Ÿ[‡AP¦‡i‰—¶Ç~Éa YJeA>~®¢ZU­õ:eq2ˆ3R ~¢Lüß³;’ndÀ¨ö›¶zJ·¹é F•]ˆBsÂê”Ñ£° áZ~߃QH[µh<è«ôO\À*‚D($/hO/¬ ˜xG¹J +Á¤Ý’æF±=w$08{¹‡Åï±nÑ;–˜èá0ÁŸa ¿b)PµÇT^¤…Q³Im°gˆ³„ ´R1¥ƒDrÑÞ€›ÓqÙ{±ƒÈ04;²’ °M@­y*òU +’'k¬ä£ì¤oÅh£ð©è"æ)Õf7­#E— òµ=`Ù3[F%êp£s¥Ä)†”W¢$qÆŒÙj®™èÍQä ¹Ú4´ +íïÈw*ÿfÈïDcS}‹ÇÂÈj lþþz82Íβy“e›z;ÝÇ0ž²f˜0™4éÄ<£ÏçÚYê$ñ P©Ï” ¦)Î<ÒÀ_{´¶meÄCUñ.ô¼cîà}#쇗¤5 “Ñ.#$&Åãv~=†þj<nÒáåb d‘Éu6rÏæ½wscseí5zïUöC3Y4¶õwÖŒ  Ÿjr<² +a)ÇFr‰Å4F?ÿl0'ÇTiÍcql^O/E¦¤Z…£ø‹Ïc"ùsP‡($ÚcàQ¡œ¼aÕˆçÞNf~{¤qˆnÓ Léy€þ]E-†:58ž¡Ý7¬Kí1 *±å¥³Yci3DÈ8ƒáðY‹*R貄há«ç¼w: УÜ`>£íâYi+â‹2Žœ›ì<7ÈßíãOµüx[þÿ‡Ìf{›m¯WøÓå*Rí·ÝÅßÿSÑY+endstream +endobj +1354 0 obj<>/XObject<<>>>>>>endobj +1355 0 obj<>stream +x•WÁn7½û+¦ºTbY’eÙ-ЃƒÚ€&Mµ@_¸»Ü#.©’\Ëúû¾îZ†lŠ @Â%93oÞ{Cý{2£)þÌèrNçK*Û“édJËÙt2§ÅÕ%þ=Çß ©–ó‹ËÉÕ[fË·O,ß8ðiurv» ÙŒV5‚/¯.iUO§´*Ç«µ¦«؃ÄdÏ8¶Å¤ô®ÎËÃÑ1i—Â>/^ {Éú†¬~Ô–~;Þo"Žónßú.ÒΤ5%D{óšJ]óÎ=i­­U¤BkG]ÔGÞV:pÈ)ÎÎǪ?êw‘|MßT[(R›ù¤q MÊ8¯} B•› +U¤Ò·[•La¬I{>:@µ±:Nú óådÁA®#—ñ?pxT¶Óœ…qeЊóßû€X‹”J*RMãLmJå’Ý;9é +²ˆ^2´HÙ»!¹[TÖú˜^ìö[do”°­Ú“ó‰œFˆ«Sâ;צYë€Ê”£ó }Ñ* …Ñ`„åBS +@Ï%RGØ!ÓÙô#N%>° z«B¹¢nî¿“U¡Ñôèm×j†›)T©¤¤–³Û_hŠ2WOÏòùt²˜ÐK:8eI‡àCÌè‰ÝóËÉ’tWK¡F’4ºû²º¹ÿrýÝÜßÿy?¢VǨB‚D—>“Iø¨À!\æO¤PzçôÓV— …p£”=*~·S(tÎKdš¸ÝÛà U0Š@¹iÁ{iÕª³|+`´Ò«R&&væøŠ1çsã·Ҿ£¸kõ·àûöPH¨@h@ »˜tKÑ׉—>ôç"–â€E©Ð‰:xœh‹Š?9FCú\º©JÑŠ3À¡àº† P¹çP†y É1%ûíó§çà½6ùŽ9¡ÕZR{†y#ÈyÏz¯;Ëhù˜«•ßáÈŸs³R'm-+ë("g» +½F?úv3²à¤i΀Éwh2®}g¹/Ñ÷ÕÐÚï(y>|Õ•ÐÀ!ðG25m}ŒiLè«ä@­Úð.”Áj÷N8±ÑÕ[QY’²6 …°OÁ•x0­Ôv 5+ÔBó!ìˆbWTP&  $Ní°°ƒ µHa£õVØ~„Odýe§ËM Èžo~ö-HÞ[±Îתè çf1Ølo• ~åg·ÃÀ`™ö>ÚTE¦”w½s¿KU·¿ F%t]¥5²óù4ëH°BËøJvªGÝBŠÙ *ï~æ!¹ð&”Æ|ÚÓ¨*žFL>펰áyŤcHy85pG. ‚–ãŽâçÒ€Í,ôƒ¦Šµå𑪾,»€f² 9 +o²¶Ó1aú‚6ŽE ˜£nÙf¬rMÇÖ†xŽñY*ñ}4#øn¯éý¼èa N›ÄÓê•Ç[SÔ†kr Á)dp1%JLfnzø ŽÇ˜­B.¤ŸTÉïuB `!¯óÝz¿6$iC’¾sBÒWPàÍ#*Gþ™€ÜrÆé‘$ WèäL5[NnôÁŽºÒ¿,éÈ{sêbB× $w®T SPÂÅ_3½[óTOÅHô°äΙ'¹%¬É”†gþÆêYãº'Ú`0j2¼AX +ÿêÚ-Â|¸0“Š~N—ˆÉß U©0ºLƒÊ#1ä‡"r‘ÃðžC›"Òf‚õC‡±/ÅFûf+ÁƒÁàðý<ŠÞƒ…1n£goøz÷û¨'ßË3Kϳ +rK]ÌúuŽJQ#ž¯à9^]¬Ò>R˜£°œ$`åà²f À•{êï‡C©fï: r´Ì +é2aÏ:Ïý~ûQ³ÄÌàÛôû¬X!N¡ñ P>pT%Ä,£u¯ÍÓOƒïE ðú†gr˜~L2T9¯Á—ǘuM§]^ŒxÌ~—f¯©wÞÛÜ|9»-OVxGúH…e¾­\…›Ðgž¶ ®§5$§<’€8A+Ï~í÷ÞÆ7½°Šˆ·†5÷ß‚4“8ÁÁoPTÿsA‡ól>»½êÜÌðsjzuNËÅ,?C¿]þtM_ƒÿ‘K¿ûØþQÇÑO‡§—sü¶ªÆï>[Ë«ÉòbŽ'.vÍæ3>}³:ùëä?endstream +endobj +1356 0 obj<>/XObject<<>>>>>>endobj +1357 0 obj<>stream +x•WÛnÛF}÷WLó"h™¾Æ/EÇmÑÔiA¿¬È•¸6Éew—–õ÷=³—ˆ"Ü4…aÃ"wvfÎ9sÑßG§´ÀÏ)]åtvIEs´Èðq±Èr:¿¾Âÿ9~¤õÑË£“»·”/h¹†ÉåÕ5-KÂñžÓw•èœ4”Ÿfô“Ñ}Gè:Õnè矗—0?§ÓÓ`>ϯábYN?9aÛ*WÑ'ѬÁ§¨»JP>#A­ÜÒæàÊußNé–”%ñ,T-VµÌhYI*zcd먑®Ò%=Lkõ$ë9Í!,h~z•h7òáoj+6’ì½#ë/öŽ ÝàmI…¨kY†4.bS²ÍÊÈR¹Ã§Yô—_fçœ(·VÆ:RMƒóÂI+,²@½¸ÿÞ úýöÝŒãq•pâ8†R7Bá`Ùà¯f éuxfü $º?Sö×jÀ®[+>v€ +Š·Âr¼%ǽQÏ!ðZY‡Gxn,ÕpňŒÚTΧYIe"*ÉÿV›'ë“i3úÅùË­n$0ب‚¬ë×ëºUM"ÙŽV½£R•íÄ‘…3IÏÒ६kZkC ­«å YéúÎŽ¹ø Y $_ºš¡«©‚kŽ…½_ž|Îq~•ðù!ÿÏZ”’ÄVì2ú\I°EôuÍVl/FIr0=ÃA4Ñ€Jtà¤%Ÿw@%¤˜Ñ½vÐ7$ ãÉL3°6Âic'᪄σ ;r¼nü]ÁAgÔ³ªå¹6üµb¥jå¸J(Ô…Z²Fùf§€PÅë'„E»ãà i-*Œá®5 Xë‡ãQ¦o[F'ð•Ñˆ¢RAYã”&^B¡þÙ¬“fŒÏ¦îª~œùDµ•4ÊM¾bŒ$ßÅ6yÔrB ¦ô¬$hÎ ªQ¶‡ô|a'ÜZ¡nä‹(\äÒ¢ž(–^lÇšõrIeAÆéQJ_Œ‚B/˜QÙÝS>jeÞ›ÛÐ+^QÄy”º'£,ƒg"ñ4(éŒÞû² ¡¶"“¯‡1ò${Hcj&_Sm¹0k½Ù t7 *úIù/Ý“Àˆã~·Õm Ñ:î {#P!¾.ûN÷†ÀFÃ*õõÜF¹Œÿ³J¸‰å PC˜;O8†ð<ÔÅõ­z …ŽjëmïMзØÉÉ]êêÓ銓×ÀÃñŒjÉîxŠq«c” ÛÏ10ÀË)æ6ÆÇ/#R”^V®‚ÊÌ~HÛK«é1ÎV’ÓËè-JçLÊㆾŽ¡Œâš=ê +M¥f7áäÆøF+ÿùaw@ZµÖO¾£Ý$\Þ¦]ã<ŒàõÍËÍÅ"¿I±Ì8Ž`‘Æcrv•]2,ù–‹E¸æ7Ñ¡²€I¸/AÃö«ÃÙw¨ý4†«¥&ÉðÆ…#&‘V ,.IÃæµ}Có~@ïÞ'•®8 IÍó š_äorS”ÁU€9ó<áÏ€(_!œ/hr#ˆ¾‹¦Ë?¤¡r;h6Q@3®!¨°û#¬†ÿs¯r˜ûe€(#ç­DmCMŽtçö©&óg~@ÇF™zyê¦SD–æ¸Aå…bÇNƒ66r™8Ûªv¥Ú’kŒsÛê¾.ã`ë‘(ü ä¤¨Æ1†¥2²À÷#w0÷·N†ý/¡1NámÐPtµˆ?ÁH9ÄöJûVu…Þî›»¸þ¦2h2ñÃ[ Ÿ·ÏÂ(ÝGÖ±NûíI÷_ °Xˆ¦RZ@T,ÿTûs(ÔëÁ" YC½ßðõãüò:»¼Èc·Ës¾êýò裦)Zendstream +endobj +1358 0 obj<>/XObject<<>>>>>>endobj +1359 0 obj<>stream +x…VaoÛ6ýž_qÀÄE’ÇÙ>mI»X[q°¢óPÐe³‘H•¤âúßï%'©Ú¬-XÒ‘÷îÝ»G~>J)Áÿ”.2O)¯’8¡ivÏh2»Àï VR>LÒY<ýÞ‡q2þvÅïË£³×—”%´,‘dz1£eAHàM>ºÚŠÆKKYÓÂX/ÖªR~²ü„eJÓnÙi6‹3,ÝŠz-hgì½#£ ?U!É +½‘dJj*áKckGëÖ“ßJRÛ—"—$ª*¼yŠi¬yàåÊ‘6;±wœ:¡ÓtÜ%ÌMݯ֕Œi¹EdÞ#ÎöBi÷˜óÔ52W¥Ê‘“1`#\ á]P˜ÞеŽ9.%î*½¤ô¢¯t<‰'\)IcºYܽÿ–Œ 4!7‹cGªn*YK€ ù@‚k›Ã+»§5mƒ0‘´ +է΅°­FJÛ½G*š,œÑnuÂÅJ´\àÏïÌ€”°'•ª’ØõLúü¬{ÃÅ…ÇÊlP"gþ5pî8EMµ’»ùµ#oH·õZZ׳Á½bÖ#z7H¨´ò]!«Ñê„aØKÐo`éqžú,¢¨¹/»­¡{mv!ΚF:ÔhÂýsÈ2@¾ùíý¿¼’ÅÐ?ó¼¬Fs,—èƳœPÞZ V{žË›ÅéÝû~`+óª-@ÿiä?=?O"Î<ÈÙº<ÖfmŠý1ý¡„ùÀ8fÓn*æ% ’:7-O6ƒÀZƒ­#ì^Bÿ,Z¦„Å·p„ð†õ\ŠnÁÑ 3 Ì¶˜Y%³W@D„~ªòÛó+:a4f'‹Î•†äÂä-O-â°'½Y¾f±[­F'ÉÉGágàš'¬ÎíŠÕhm1<ö×ïÙ,õöêÝiõ¥ {…ô|†ª5™ª ÎÆ#9¬fx:ð^‹=i ̬r ÍÕ ›¶ö´¼ZœÍÀæó-Àópt^H¶ë¹Zr¨%¦¿A"{dh/S=µ™ãÛÆS!¼ ¿wå“w<9é3¥,¹÷¼]Ø-€íwï®Ç³sº2Z#=×ym—L·ÞÆ4GIŽÄ" (*­© pJßÄ.717¢B1zcÃAõì´À&Qç‹Ôš™Dü!ôìðTyøAßÆ1]¿¿lûü1Œ½8§ „©ÈVA½NøyÓ=;wP7ˆVýá9`NÐÊoZé›ó=+F›ö´c;¨déYø,n^Àu§\[ƒ‡÷u¦FÒp¨ á5>‡áí>÷jYï©¥h+´Z–*o]‹Üzûîã«ùõa^B:×w”îl&ÞöÆn Ý 0€â={Óàí@׊g7€P4»)”P +ÛiV)ª¨«‡}oƒÃijïÌã`Õfë‡e. ôðå«„HÜH £d';LfZÖ,9†V¶¾$à쥲ÕAªèZ]“D¿a¢¥ÔÇAØÚÒS/Àu8À°ªFÁ˜É0œC°MCÔÝ[ŸðÔyî‡á.6êU‡‹ÒÓmôË!îòpeë/2Ôÿ‹7\šèc¿Ãq‚K#.3‡×a©þýaymäg<ü4¹ˆŠd°øY2 (M’HüOT·Uévš¬F®YDâ¥@˜QR^¾°Ó:Ϥ?¿ð©P.­5–ƒÎ^Ïž]}ÇLÏÿ\”'S\ÈÏ3Ü®—fcÞáÕò诣ÿ¤Û«endstream +endobj +1360 0 obj<>/XObject<<>>>>>>endobj +1361 0 obj<>stream +xµT]oÚ0}çW\‰>¤ NH´‡2Š„4ºNð°I•*'1`pbj;›úïwíéò8xHbŸ{Îýð[/‚ÿƌȊÞtÝÎ ÜÃzƒÉ_r !Ö™Þ|º]ï{üÜòàôË„ö5'e´ÝÎcÚÝKq¬ ˜×ÀK|2ØpÁ Æ¢4‡õ43¬âyÐâ𜜠Á~ñ¥®`+dŠÊ^O -uÍr—­Bþboh«Öä¼÷CB´+g*2ÈÖŒS¡aŠ_<}|¹Ð. Qôhõï;˜Ò,ÓÞtö…#€Œ)%U ô_êL7†)È£†—[Wjšb~]Á5¼ËÊ®•@µfEŠ=€_TÁVÞp~wÙ9u™©†«ÖÀÎŒ’«­íÇ®¹™5 w²9•Ì«Ì…=IªÃ~hBY¯7ì-ó5¬ ÝÂ^…F¯ÖtÉXFÍñ±cH—¯‹éj ‚—¬ÙÓâÎ —%ÈC­h‘RXÒ³ƒÀOY)ø{´©ì(ˆì\üæBØc%) eÁpö°‚¬u®;Gªæüìî¬S/ÁåuRœQå4 va³ƒà”[gÑú9úAçOß^³ò’…£j'¦ÆŸ+ÇËLT9ÓÁ®Þ˜œ:)LÆ™Œ Ƨ»6VËé<+¹Ç$ÃLfUÁJƒ +?¿9à#¼sïËŽmWGQÏRšrÁÍ»'“ ¹‹ðE\ÅvíqÝûÞûǘqéendstream +endobj +1362 0 obj<>endobj +1363 0 obj<>endobj +1364 0 obj<>endobj +1365 0 obj<>endobj +1366 0 obj<>endobj +1367 0 obj<>endobj +1368 0 obj<>endobj +1369 0 obj<>endobj +1370 0 obj<>endobj +1371 0 obj<>endobj +1372 0 obj<>endobj +1373 0 obj<>endobj +1374 0 obj<>endobj +1375 0 obj<>endobj +1376 0 obj<>endobj +1377 0 obj<>endobj +1378 0 obj<>endobj +1379 0 obj<>endobj +1380 0 obj<>endobj +1381 0 obj<>endobj +1382 0 obj<>endobj +1383 0 obj<>endobj +1384 0 obj<>endobj +1385 0 obj<>endobj +1386 0 obj<>endobj +1387 0 obj<>endobj +1388 0 obj<>endobj +1389 0 obj<>endobj +1390 0 obj<>endobj +1391 0 obj<>endobj +1392 0 obj<>endobj +1393 0 obj<>endobj +1394 0 obj<>endobj +1395 0 obj<>endobj +1396 0 obj<>endobj +1397 0 obj<>endobj +1398 0 obj<>endobj +1399 0 obj<>endobj +1400 0 obj<>endobj +1401 0 obj<>endobj +1402 0 obj<>endobj +1403 0 obj<>endobj +1404 0 obj<>endobj +1405 0 obj<>endobj +1406 0 obj<>endobj +1407 0 obj<>endobj +1408 0 obj<>endobj +1409 0 obj<>endobj +1410 0 obj<>endobj +1411 0 obj<>endobj +1412 0 obj<>endobj +1413 0 obj<>endobj +1414 0 obj<>endobj +1415 0 obj<>endobj +1416 0 obj<>endobj +1417 0 obj<>endobj +1418 0 obj<>endobj +1419 0 obj<>endobj +1420 0 obj<>endobj +1421 0 obj<>endobj +1422 0 obj<>endobj +1423 0 obj<>endobj +1424 0 obj<>endobj +1425 0 obj<>endobj +1426 0 obj<>endobj +1427 0 obj<>endobj +1428 0 obj<>endobj +1429 0 obj<>endobj +1430 0 obj<>endobj +1431 0 obj<>endobj +1432 0 obj<>endobj +1433 0 obj<>endobj +1434 0 obj<>endobj +1435 0 obj<>endobj +1436 0 obj<>endobj +1437 0 obj<>endobj +1438 0 obj<>endobj +1439 0 obj<>endobj +1440 0 obj<>endobj +1441 0 obj<>endobj +1442 0 obj<>endobj +1443 0 obj<>endobj +1444 0 obj<>endobj +1445 0 obj<>endobj +1446 0 obj<>endobj +1447 0 obj<>endobj +1448 0 obj<>endobj +1449 0 obj<>endobj +1450 0 obj<>endobj +1451 0 obj<>endobj +1452 0 obj<>endobj +1453 0 obj<>endobj +1454 0 obj<>endobj +1455 0 obj<>endobj +1456 0 obj<>endobj +1457 0 obj<>endobj +1458 0 obj<>endobj +1459 0 obj<>endobj +1460 0 obj<>endobj +1461 0 obj<>endobj +1462 0 obj<>endobj +1463 0 obj<>endobj +1464 0 obj<>endobj +1465 0 obj<>endobj +1466 0 obj<>endobj +1467 0 obj<>endobj +1468 0 obj<>endobj +1469 0 obj<>endobj +1470 0 obj<>endobj +1471 0 obj<>endobj +1472 0 obj<>endobj +1473 0 obj<>endobj +1474 0 obj<>endobj +1475 0 obj<>endobj +1476 0 obj<>endobj +1477 0 obj<>endobj +1478 0 obj<>endobj +1479 0 obj<>endobj +1480 0 obj<>endobj +1481 0 obj<>endobj +1482 0 obj<>endobj +1483 0 obj<>endobj +1484 0 obj<>endobj +1485 0 obj<>endobj +1486 0 obj<>endobj +1487 0 obj<>endobj +1488 0 obj<>endobj +1489 0 obj<>endobj +1490 0 obj<>endobj +1491 0 obj<>endobj +1492 0 obj<>endobj +1493 0 obj<>endobj +1494 0 obj<>endobj +1495 0 obj<>endobj +1496 0 obj<>endobj +1497 0 obj<>endobj +1498 0 obj<>endobj +1499 0 obj<>endobj +1500 0 obj<>endobj +1501 0 obj<>endobj +1502 0 obj<>endobj +1503 0 obj<>endobj +1504 0 obj<>endobj +1505 0 obj<>endobj +1506 0 obj<>endobj +1507 0 obj<>endobj +1508 0 obj<>endobj +1509 0 obj<>endobj +1510 0 obj<>endobj +1511 0 obj<>endobj +1512 0 obj<>endobj +1513 0 obj<>endobj +1514 0 obj<>endobj +1515 0 obj<>endobj +1516 0 obj<>endobj +1517 0 obj<>endobj +1518 0 obj<>endobj +1519 0 obj<>endobj +1520 0 obj<>endobj +1521 0 obj<>endobj +1522 0 obj<>endobj +1523 0 obj<>endobj +1524 0 obj<>endobj +1525 0 obj<>endobj +1526 0 obj<>endobj +1527 0 obj<>endobj +1528 0 obj<>endobj +1529 0 obj<>endobj +1530 0 obj<>endobj +1531 0 obj<>endobj +1532 0 obj<>endobj +1533 0 obj<>endobj +1534 0 obj<>endobj +1535 0 obj<>endobj +1536 0 obj<>endobj +1537 0 obj<>endobj +1538 0 obj<>endobj +1539 0 obj<>endobj +1540 0 obj<>endobj +1541 0 obj<>endobj +1542 0 obj<>endobj +1543 0 obj<>endobj +1544 0 obj<>endobj +1545 0 obj<>endobj +1546 0 obj<>endobj +1547 0 obj<>endobj +1548 0 obj<>endobj +1549 0 obj<>endobj +1550 0 obj<>endobj +1551 0 obj<>endobj +1552 0 obj<>endobj +1553 0 obj<>endobj +1554 0 obj<>endobj +1555 0 obj<>endobj +1556 0 obj<>endobj +1557 0 obj<>endobj +1558 0 obj<>endobj +1559 0 obj<>endobj +1560 0 obj<>endobj +1561 0 obj<>endobj +1562 0 obj<>endobj +1563 0 obj<>endobj +1564 0 obj<>endobj +1565 0 obj<>endobj +1566 0 obj<>endobj +1567 0 obj<>endobj +1568 0 obj<>endobj +1569 0 obj<>endobj +1570 0 obj<>endobj +1571 0 obj<>endobj +1572 0 obj<>endobj +1573 0 obj<>endobj +1574 0 obj<>endobj +1575 0 obj<>endobj +1576 0 obj<>endobj +1577 0 obj<>endobj +1578 0 obj<>endobj +1579 0 obj<>endobj +1580 0 obj<>endobj +1581 0 obj<>endobj +1582 0 obj<>endobj +1583 0 obj<>endobj +1584 0 obj<>endobj +1585 0 obj<>endobj +1586 0 obj<>endobj +1587 0 obj<>endobj +1588 0 obj<>endobj +1589 0 obj<>endobj +1590 0 obj<>endobj +1591 0 obj<>endobj +1592 0 obj<>endobj +1593 0 obj<>endobj +1594 0 obj<>endobj +1595 0 obj<>endobj +1596 0 obj<>endobj +1597 0 obj<>endobj +1598 0 obj<>1<>7<>8<>13<>19<>24<>34<>37<>39<>44<>52<>57<>59<>62<>75<>92<>95<>102<>105<>114<>120<>124<>126<>128<>129<>]>>>>endobj xref -0 1554 +0 1599 0000000000 65535 f 0000000015 00000 n -0000000250 00000 n -0000001816 00000 n -0000001890 00000 n -0000001969 00000 n -0000002051 00000 n -0000002137 00000 n -0000002215 00000 n -0000002292 00000 n -0000002371 00000 n -0000002455 00000 n -0000002532 00000 n -0000002614 00000 n -0000002673 00000 n -0000002775 00000 n -0000002878 00000 n -0000002980 00000 n -0000003082 00000 n -0000003185 00000 n -0000003288 00000 n -0000003391 00000 n -0000003494 00000 n -0000003597 00000 n -0000003700 00000 n -0000003803 00000 n -0000003906 00000 n -0000004009 00000 n -0000004112 00000 n -0000004215 00000 n -0000004318 00000 n -0000004421 00000 n -0000004524 00000 n -0000004627 00000 n -0000004730 00000 n -0000004833 00000 n -0000004936 00000 n -0000005038 00000 n -0000005141 00000 n -0000005244 00000 n -0000005347 00000 n -0000005450 00000 n -0000005553 00000 n -0000005656 00000 n -0000005759 00000 n -0000005862 00000 n -0000005965 00000 n -0000006068 00000 n -0000006171 00000 n -0000006274 00000 n -0000006377 00000 n -0000006480 00000 n -0000006583 00000 n -0000006685 00000 n -0000006788 00000 n -0000006891 00000 n -0000006993 00000 n -0000007094 00000 n -0000007195 00000 n -0000007519 00000 n -0000007621 00000 n -0000007724 00000 n -0000007827 00000 n -0000007930 00000 n -0000008033 00000 n -0000008136 00000 n -0000008239 00000 n -0000008342 00000 n -0000008445 00000 n -0000008548 00000 n -0000008651 00000 n -0000008754 00000 n -0000008857 00000 n -0000008960 00000 n -0000009062 00000 n -0000009165 00000 n -0000009268 00000 n -0000009371 00000 n -0000009473 00000 n -0000009576 00000 n -0000009679 00000 n -0000009781 00000 n -0000009884 00000 n -0000009987 00000 n -0000010090 00000 n -0000010193 00000 n -0000010296 00000 n -0000010399 00000 n -0000010502 00000 n -0000010605 00000 n -0000010708 00000 n -0000010810 00000 n -0000010913 00000 n -0000011016 00000 n -0000011119 00000 n -0000011222 00000 n -0000011325 00000 n -0000011428 00000 n -0000011531 00000 n -0000011634 00000 n -0000011737 00000 n -0000011840 00000 n -0000011942 00000 n -0000012044 00000 n -0000012372 00000 n -0000012475 00000 n -0000012579 00000 n -0000012682 00000 n -0000012786 00000 n -0000012890 00000 n -0000012994 00000 n -0000013098 00000 n -0000013202 00000 n -0000013306 00000 n -0000013410 00000 n -0000013514 00000 n -0000013618 00000 n -0000013721 00000 n -0000013825 00000 n -0000013929 00000 n -0000014032 00000 n -0000014136 00000 n -0000014240 00000 n -0000014344 00000 n -0000014447 00000 n -0000014551 00000 n -0000014655 00000 n -0000014759 00000 n -0000014863 00000 n -0000014967 00000 n -0000015071 00000 n -0000015175 00000 n -0000015279 00000 n -0000015383 00000 n -0000015487 00000 n -0000015591 00000 n -0000015695 00000 n -0000015799 00000 n -0000015903 00000 n -0000016007 00000 n -0000016111 00000 n -0000016214 00000 n -0000016318 00000 n -0000016422 00000 n -0000016526 00000 n -0000016629 00000 n -0000016731 00000 n -0000016833 00000 n -0000017194 00000 n -0000017297 00000 n -0000017401 00000 n -0000017505 00000 n -0000017609 00000 n -0000017713 00000 n -0000017817 00000 n -0000017921 00000 n -0000018025 00000 n -0000018129 00000 n -0000018232 00000 n -0000018336 00000 n -0000018440 00000 n -0000018544 00000 n -0000018648 00000 n -0000018752 00000 n -0000018856 00000 n -0000018960 00000 n -0000019064 00000 n -0000019167 00000 n -0000019271 00000 n -0000019375 00000 n -0000019479 00000 n -0000019583 00000 n -0000019687 00000 n -0000019791 00000 n -0000019895 00000 n -0000019999 00000 n -0000020103 00000 n -0000020207 00000 n -0000020311 00000 n -0000020415 00000 n -0000020518 00000 n -0000020622 00000 n -0000020726 00000 n -0000020830 00000 n -0000020934 00000 n -0000021038 00000 n -0000021142 00000 n -0000021246 00000 n -0000021350 00000 n -0000021454 00000 n -0000021558 00000 n -0000021661 00000 n -0000021763 00000 n -0000022132 00000 n -0000022235 00000 n -0000022339 00000 n -0000022443 00000 n -0000022547 00000 n -0000022651 00000 n -0000022755 00000 n -0000022859 00000 n -0000022963 00000 n -0000023067 00000 n -0000023171 00000 n -0000023275 00000 n -0000023379 00000 n -0000023483 00000 n -0000023587 00000 n -0000023691 00000 n -0000023795 00000 n -0000023899 00000 n -0000024003 00000 n -0000024107 00000 n -0000024211 00000 n -0000024315 00000 n -0000024418 00000 n -0000024522 00000 n -0000024626 00000 n -0000024730 00000 n -0000024834 00000 n -0000024938 00000 n -0000025042 00000 n -0000025146 00000 n -0000025250 00000 n -0000025354 00000 n -0000025458 00000 n -0000025562 00000 n -0000025666 00000 n -0000025770 00000 n -0000025873 00000 n -0000025977 00000 n -0000026081 00000 n -0000026185 00000 n -0000026289 00000 n -0000026392 00000 n -0000026496 00000 n -0000026599 00000 n -0000026701 00000 n -0000026803 00000 n -0000027180 00000 n -0000027283 00000 n -0000027387 00000 n -0000027491 00000 n -0000027594 00000 n -0000027697 00000 n -0000027801 00000 n -0000027905 00000 n -0000028009 00000 n -0000028090 00000 n -0000028143 00000 n -0000028230 00000 n -0000028284 00000 n -0000028370 00000 n -0000028437 00000 n -0000028523 00000 n -0000028626 00000 n -0000028730 00000 n -0000028834 00000 n -0000028938 00000 n -0000029042 00000 n -0000029146 00000 n -0000029250 00000 n -0000029354 00000 n -0000029458 00000 n -0000029562 00000 n -0000029666 00000 n -0000029770 00000 n -0000029874 00000 n -0000029978 00000 n -0000030082 00000 n -0000030186 00000 n -0000030290 00000 n -0000030394 00000 n -0000030498 00000 n -0000030601 00000 n -0000030705 00000 n -0000030809 00000 n -0000030913 00000 n -0000031017 00000 n -0000031121 00000 n -0000031225 00000 n -0000031329 00000 n -0000031433 00000 n -0000031537 00000 n -0000031641 00000 n -0000031745 00000 n -0000031848 00000 n -0000031950 00000 n -0000032052 00000 n -0000032365 00000 n -0000032469 00000 n -0000032572 00000 n -0000032676 00000 n -0000032780 00000 n -0000032884 00000 n -0000032988 00000 n -0000033092 00000 n -0000033196 00000 n -0000033300 00000 n -0000033404 00000 n -0000033508 00000 n -0000033612 00000 n -0000033716 00000 n -0000033820 00000 n -0000033924 00000 n -0000034028 00000 n -0000034132 00000 n -0000034236 00000 n -0000034340 00000 n -0000034444 00000 n -0000034547 00000 n -0000034651 00000 n -0000034755 00000 n -0000034859 00000 n -0000034962 00000 n -0000035066 00000 n -0000035170 00000 n -0000035273 00000 n -0000035377 00000 n -0000035481 00000 n -0000035585 00000 n -0000035689 00000 n -0000035793 00000 n -0000035897 00000 n -0000036001 00000 n -0000036105 00000 n -0000036209 00000 n -0000036312 00000 n -0000036416 00000 n -0000036520 00000 n -0000036624 00000 n -0000036728 00000 n -0000036832 00000 n -0000036936 00000 n -0000037040 00000 n -0000037144 00000 n -0000037248 00000 n -0000037352 00000 n -0000037455 00000 n -0000037557 00000 n -0000037659 00000 n -0000038084 00000 n -0000038187 00000 n -0000038291 00000 n -0000038395 00000 n -0000038499 00000 n -0000038603 00000 n -0000038707 00000 n -0000038811 00000 n -0000038915 00000 n -0000039019 00000 n -0000039123 00000 n -0000039226 00000 n -0000039330 00000 n -0000039434 00000 n -0000039537 00000 n -0000039641 00000 n -0000039745 00000 n -0000039849 00000 n -0000039952 00000 n -0000040056 00000 n -0000040160 00000 n -0000040264 00000 n -0000040368 00000 n -0000040472 00000 n -0000040576 00000 n -0000040680 00000 n -0000040784 00000 n -0000040888 00000 n -0000040992 00000 n -0000041096 00000 n -0000041200 00000 n -0000041304 00000 n -0000041408 00000 n -0000041512 00000 n -0000041616 00000 n -0000041719 00000 n -0000041823 00000 n -0000041927 00000 n -0000042031 00000 n -0000042135 00000 n -0000042239 00000 n -0000042343 00000 n -0000042447 00000 n -0000042551 00000 n -0000042655 00000 n -0000042759 00000 n -0000042863 00000 n -0000042967 00000 n -0000043071 00000 n -0000043174 00000 n -0000043275 00000 n -0000043377 00000 n -0000043802 00000 n -0000043906 00000 n -0000044010 00000 n -0000044114 00000 n -0000044218 00000 n -0000044322 00000 n -0000044426 00000 n -0000044530 00000 n -0000044633 00000 n -0000044737 00000 n -0000044841 00000 n -0000044945 00000 n -0000045049 00000 n -0000045153 00000 n -0000045257 00000 n -0000045361 00000 n -0000045465 00000 n -0000045569 00000 n -0000045673 00000 n -0000045777 00000 n -0000045881 00000 n -0000045984 00000 n -0000046088 00000 n -0000046192 00000 n -0000046296 00000 n -0000046400 00000 n -0000046504 00000 n -0000046608 00000 n -0000046712 00000 n -0000046816 00000 n -0000046920 00000 n -0000047024 00000 n -0000047128 00000 n -0000047232 00000 n -0000047335 00000 n -0000047439 00000 n -0000047543 00000 n -0000047647 00000 n -0000047751 00000 n -0000047855 00000 n -0000047959 00000 n -0000048063 00000 n -0000048167 00000 n -0000048271 00000 n -0000048375 00000 n -0000048479 00000 n -0000048583 00000 n -0000048687 00000 n -0000048791 00000 n -0000048894 00000 n -0000048996 00000 n -0000049098 00000 n -0000049523 00000 n -0000049627 00000 n -0000049731 00000 n -0000049835 00000 n -0000049938 00000 n -0000050042 00000 n -0000050146 00000 n -0000050250 00000 n -0000050354 00000 n -0000050458 00000 n -0000050562 00000 n -0000050666 00000 n -0000050770 00000 n -0000050874 00000 n -0000050978 00000 n -0000051082 00000 n -0000051186 00000 n -0000051290 00000 n -0000051393 00000 n -0000051497 00000 n -0000051601 00000 n -0000051705 00000 n -0000051809 00000 n -0000051912 00000 n -0000052016 00000 n -0000052120 00000 n -0000052224 00000 n -0000052328 00000 n -0000052432 00000 n -0000052536 00000 n -0000052639 00000 n -0000052742 00000 n -0000052846 00000 n -0000052950 00000 n -0000053054 00000 n -0000053343 00000 n -0000053396 00000 n -0000053483 00000 n -0000053508 00000 n -0000053562 00000 n -0000053649 00000 n -0000053703 00000 n -0000053790 00000 n -0000053823 00000 n -0000053871 00000 n -0000053958 00000 n -0000054005 00000 n -0000054091 00000 n -0000054138 00000 n -0000054224 00000 n -0000054265 00000 n -0000054310 00000 n -0000054397 00000 n -0000054442 00000 n -0000054528 00000 n -0000054561 00000 n -0000054616 00000 n -0000054701 00000 n -0000054726 00000 n -0000054779 00000 n -0000054866 00000 n -0000054916 00000 n -0000055003 00000 n -0000055036 00000 n -0000055155 00000 n -0000055241 00000 n -0000055284 00000 n -0000055371 00000 n -0000055414 00000 n -0000055501 00000 n -0000055542 00000 n -0000055588 00000 n -0000055675 00000 n -0000055700 00000 n -0000055746 00000 n -0000055833 00000 n -0000055879 00000 n -0000055964 00000 n -0000056008 00000 n -0000056095 00000 n -0000056146 00000 n -0000056233 00000 n -0000056282 00000 n -0000056369 00000 n -0000056417 00000 n -0000056503 00000 n -0000056568 00000 n -0000056631 00000 n -0000056718 00000 n -0000056776 00000 n -0000056863 00000 n -0000056957 00000 n -0000057043 00000 n -0000057145 00000 n -0000057194 00000 n -0000057297 00000 n -0000057340 00000 n -0000057426 00000 n -0000057474 00000 n -0000057561 00000 n -0000057602 00000 n -0000057689 00000 n -0000057733 00000 n -0000057820 00000 n -0000057864 00000 n -0000057950 00000 n -0000058015 00000 n -0000058061 00000 n -0000058148 00000 n -0000058173 00000 n -0000058222 00000 n -0000058309 00000 n -0000058363 00000 n -0000058450 00000 n -0000058501 00000 n -0000058588 00000 n -0000058639 00000 n -0000058725 00000 n -0000058779 00000 n -0000058864 00000 n -0000058921 00000 n -0000058971 00000 n -0000059058 00000 n -0000059083 00000 n -0000059133 00000 n -0000059220 00000 n -0000059270 00000 n -0000059356 00000 n -0000059420 00000 n -0000059507 00000 n -0000059548 00000 n -0000059612 00000 n -0000059699 00000 n -0000059724 00000 n -0000059766 00000 n -0000059852 00000 n -0000059903 00000 n -0000059990 00000 n -0000060037 00000 n -0000060124 00000 n -0000060165 00000 n -0000060214 00000 n -0000060301 00000 n -0000060349 00000 n -0000060436 00000 n -0000060478 00000 n -0000060564 00000 n -0000060605 00000 n -0000060648 00000 n -0000060735 00000 n -0000060785 00000 n -0000060872 00000 n -0000060920 00000 n -0000061007 00000 n -0000061061 00000 n -0000061146 00000 n -0000061195 00000 n -0000061240 00000 n -0000061327 00000 n -0000061384 00000 n -0000061471 00000 n -0000061567 00000 n -0000061653 00000 n -0000061694 00000 n -0000061756 00000 n -0000061843 00000 n -0000061868 00000 n -0000061917 00000 n -0000062004 00000 n -0000062029 00000 n -0000062077 00000 n +0000000248 00000 n +0000001814 00000 n +0000001888 00000 n +0000001967 00000 n +0000002049 00000 n +0000002135 00000 n +0000002213 00000 n +0000002290 00000 n +0000002369 00000 n +0000002453 00000 n +0000002530 00000 n +0000002612 00000 n +0000002671 00000 n +0000002773 00000 n +0000002876 00000 n +0000002978 00000 n +0000003080 00000 n +0000003183 00000 n +0000003286 00000 n +0000003389 00000 n +0000003492 00000 n +0000003595 00000 n +0000003698 00000 n +0000003801 00000 n +0000003904 00000 n +0000004007 00000 n +0000004110 00000 n +0000004213 00000 n +0000004316 00000 n +0000004419 00000 n +0000004522 00000 n +0000004625 00000 n +0000004728 00000 n +0000004831 00000 n +0000004934 00000 n +0000005036 00000 n +0000005139 00000 n +0000005242 00000 n +0000005345 00000 n +0000005448 00000 n +0000005551 00000 n +0000005654 00000 n +0000005757 00000 n +0000005860 00000 n +0000005963 00000 n +0000006066 00000 n +0000006169 00000 n +0000006272 00000 n +0000006375 00000 n +0000006478 00000 n +0000006581 00000 n +0000006683 00000 n +0000006786 00000 n +0000006889 00000 n +0000006991 00000 n +0000007092 00000 n +0000007193 00000 n +0000007517 00000 n +0000007619 00000 n +0000007722 00000 n +0000007825 00000 n +0000007928 00000 n +0000008031 00000 n +0000008134 00000 n +0000008237 00000 n +0000008340 00000 n +0000008443 00000 n +0000008546 00000 n +0000008649 00000 n +0000008752 00000 n +0000008855 00000 n +0000008958 00000 n +0000009060 00000 n +0000009163 00000 n +0000009266 00000 n +0000009369 00000 n +0000009471 00000 n +0000009574 00000 n +0000009677 00000 n +0000009779 00000 n +0000009882 00000 n +0000009985 00000 n +0000010088 00000 n +0000010191 00000 n +0000010294 00000 n +0000010397 00000 n +0000010500 00000 n +0000010603 00000 n +0000010706 00000 n +0000010808 00000 n +0000010911 00000 n +0000011014 00000 n +0000011117 00000 n +0000011220 00000 n +0000011323 00000 n +0000011426 00000 n +0000011529 00000 n +0000011632 00000 n +0000011735 00000 n +0000011838 00000 n +0000011940 00000 n +0000012042 00000 n +0000012370 00000 n +0000012473 00000 n +0000012577 00000 n +0000012680 00000 n +0000012784 00000 n +0000012888 00000 n +0000012992 00000 n +0000013096 00000 n +0000013200 00000 n +0000013304 00000 n +0000013408 00000 n +0000013512 00000 n +0000013616 00000 n +0000013719 00000 n +0000013823 00000 n +0000013927 00000 n +0000014030 00000 n +0000014134 00000 n +0000014238 00000 n +0000014342 00000 n +0000014445 00000 n +0000014549 00000 n +0000014653 00000 n +0000014757 00000 n +0000014861 00000 n +0000014965 00000 n +0000015069 00000 n +0000015173 00000 n +0000015277 00000 n +0000015381 00000 n +0000015485 00000 n +0000015589 00000 n +0000015693 00000 n +0000015797 00000 n +0000015901 00000 n +0000016005 00000 n +0000016109 00000 n +0000016212 00000 n +0000016316 00000 n +0000016420 00000 n +0000016524 00000 n +0000016627 00000 n +0000016729 00000 n +0000016831 00000 n +0000017192 00000 n +0000017295 00000 n +0000017399 00000 n +0000017503 00000 n +0000017607 00000 n +0000017711 00000 n +0000017815 00000 n +0000017919 00000 n +0000018023 00000 n +0000018127 00000 n +0000018230 00000 n +0000018334 00000 n +0000018438 00000 n +0000018542 00000 n +0000018646 00000 n +0000018750 00000 n +0000018854 00000 n +0000018958 00000 n +0000019062 00000 n +0000019165 00000 n +0000019269 00000 n +0000019373 00000 n +0000019477 00000 n +0000019581 00000 n +0000019685 00000 n +0000019789 00000 n +0000019893 00000 n +0000019997 00000 n +0000020101 00000 n +0000020205 00000 n +0000020309 00000 n +0000020413 00000 n +0000020516 00000 n +0000020620 00000 n +0000020724 00000 n +0000020828 00000 n +0000020932 00000 n +0000021036 00000 n +0000021140 00000 n +0000021244 00000 n +0000021348 00000 n +0000021452 00000 n +0000021554 00000 n +0000021656 00000 n +0000021758 00000 n +0000022127 00000 n +0000022230 00000 n +0000022334 00000 n +0000022438 00000 n +0000022542 00000 n +0000022646 00000 n +0000022750 00000 n +0000022854 00000 n +0000022958 00000 n +0000023062 00000 n +0000023166 00000 n +0000023270 00000 n +0000023373 00000 n +0000023477 00000 n +0000023581 00000 n +0000023685 00000 n +0000023789 00000 n +0000023893 00000 n +0000023997 00000 n +0000024101 00000 n +0000024205 00000 n +0000024309 00000 n +0000024413 00000 n +0000024517 00000 n +0000024621 00000 n +0000024725 00000 n +0000024829 00000 n +0000024933 00000 n +0000025037 00000 n +0000025141 00000 n +0000025245 00000 n +0000025349 00000 n +0000025453 00000 n +0000025556 00000 n +0000025660 00000 n +0000025764 00000 n +0000025868 00000 n +0000025972 00000 n +0000026076 00000 n +0000026180 00000 n +0000026284 00000 n +0000026388 00000 n +0000026492 00000 n +0000026596 00000 n +0000026699 00000 n +0000026801 00000 n +0000026903 00000 n +0000027288 00000 n +0000027391 00000 n +0000027495 00000 n +0000027598 00000 n +0000027702 00000 n +0000027806 00000 n +0000027910 00000 n +0000028014 00000 n +0000028117 00000 n +0000028221 00000 n +0000028325 00000 n +0000028429 00000 n +0000028533 00000 n +0000028637 00000 n +0000028741 00000 n +0000028844 00000 n +0000028947 00000 n +0000029051 00000 n +0000029155 00000 n +0000029259 00000 n +0000029428 00000 n +0000029481 00000 n +0000029568 00000 n +0000029622 00000 n +0000029708 00000 n +0000029775 00000 n +0000029861 00000 n +0000029964 00000 n +0000030068 00000 n +0000030172 00000 n +0000030276 00000 n +0000030380 00000 n +0000030484 00000 n +0000030588 00000 n +0000030692 00000 n +0000030796 00000 n +0000030900 00000 n +0000031004 00000 n +0000031108 00000 n +0000031212 00000 n +0000031316 00000 n +0000031420 00000 n +0000031524 00000 n +0000031628 00000 n +0000031732 00000 n +0000031836 00000 n +0000031939 00000 n +0000032043 00000 n +0000032147 00000 n +0000032251 00000 n +0000032355 00000 n +0000032459 00000 n +0000032563 00000 n +0000032667 00000 n +0000032771 00000 n +0000032875 00000 n +0000032979 00000 n +0000033083 00000 n +0000033186 00000 n +0000033288 00000 n +0000033390 00000 n +0000033703 00000 n +0000033807 00000 n +0000033910 00000 n +0000034014 00000 n +0000034118 00000 n +0000034222 00000 n +0000034326 00000 n +0000034430 00000 n +0000034534 00000 n +0000034638 00000 n +0000034742 00000 n +0000034846 00000 n +0000034950 00000 n +0000035054 00000 n +0000035158 00000 n +0000035262 00000 n +0000035366 00000 n +0000035470 00000 n +0000035574 00000 n +0000035678 00000 n +0000035782 00000 n +0000035885 00000 n +0000035989 00000 n +0000036093 00000 n +0000036197 00000 n +0000036300 00000 n +0000036404 00000 n +0000036508 00000 n +0000036611 00000 n +0000036715 00000 n +0000036819 00000 n +0000036923 00000 n +0000037027 00000 n +0000037131 00000 n +0000037235 00000 n +0000037339 00000 n +0000037443 00000 n +0000037547 00000 n +0000037650 00000 n +0000037754 00000 n +0000037858 00000 n +0000037962 00000 n +0000038066 00000 n +0000038170 00000 n +0000038274 00000 n +0000038378 00000 n +0000038482 00000 n +0000038586 00000 n +0000038690 00000 n +0000038793 00000 n +0000038895 00000 n +0000038997 00000 n +0000039422 00000 n +0000039525 00000 n +0000039629 00000 n +0000039733 00000 n +0000039837 00000 n +0000039941 00000 n +0000040045 00000 n +0000040149 00000 n +0000040253 00000 n +0000040357 00000 n +0000040461 00000 n +0000040564 00000 n +0000040668 00000 n +0000040772 00000 n +0000040875 00000 n +0000040979 00000 n +0000041083 00000 n +0000041187 00000 n +0000041290 00000 n +0000041394 00000 n +0000041498 00000 n +0000041602 00000 n +0000041706 00000 n +0000041810 00000 n +0000041914 00000 n +0000042018 00000 n +0000042122 00000 n +0000042226 00000 n +0000042330 00000 n +0000042434 00000 n +0000042538 00000 n +0000042642 00000 n +0000042746 00000 n +0000042850 00000 n +0000042954 00000 n +0000043057 00000 n +0000043161 00000 n +0000043265 00000 n +0000043369 00000 n +0000043473 00000 n +0000043577 00000 n +0000043681 00000 n +0000043785 00000 n +0000043889 00000 n +0000043993 00000 n +0000044097 00000 n +0000044201 00000 n +0000044305 00000 n +0000044409 00000 n +0000044512 00000 n +0000044613 00000 n +0000044715 00000 n +0000045140 00000 n +0000045244 00000 n +0000045348 00000 n +0000045452 00000 n +0000045556 00000 n +0000045660 00000 n +0000045764 00000 n +0000045868 00000 n +0000045971 00000 n +0000046075 00000 n +0000046179 00000 n +0000046283 00000 n +0000046387 00000 n +0000046491 00000 n +0000046595 00000 n +0000046699 00000 n +0000046803 00000 n +0000046907 00000 n +0000047011 00000 n +0000047115 00000 n +0000047219 00000 n +0000047322 00000 n +0000047426 00000 n +0000047530 00000 n +0000047634 00000 n +0000047738 00000 n +0000047842 00000 n +0000047946 00000 n +0000048050 00000 n +0000048154 00000 n +0000048258 00000 n +0000048361 00000 n +0000048465 00000 n +0000048569 00000 n +0000048673 00000 n +0000048777 00000 n +0000048881 00000 n +0000048985 00000 n +0000049089 00000 n +0000049193 00000 n +0000049297 00000 n +0000049401 00000 n +0000049505 00000 n +0000049609 00000 n +0000049712 00000 n +0000049816 00000 n +0000049920 00000 n +0000050024 00000 n +0000050128 00000 n +0000050231 00000 n +0000050333 00000 n +0000050435 00000 n +0000050860 00000 n +0000050964 00000 n +0000051068 00000 n +0000051172 00000 n +0000051276 00000 n +0000051380 00000 n +0000051484 00000 n +0000051588 00000 n +0000051692 00000 n +0000051796 00000 n +0000051900 00000 n +0000052004 00000 n +0000052108 00000 n +0000052212 00000 n +0000052315 00000 n +0000052419 00000 n +0000052523 00000 n +0000052627 00000 n +0000052731 00000 n +0000052835 00000 n +0000052939 00000 n +0000053043 00000 n +0000053147 00000 n +0000053251 00000 n +0000053355 00000 n +0000053459 00000 n +0000053563 00000 n +0000053667 00000 n +0000053770 00000 n +0000053874 00000 n +0000053978 00000 n +0000054082 00000 n +0000054186 00000 n +0000054289 00000 n +0000054393 00000 n +0000054497 00000 n +0000054601 00000 n +0000054705 00000 n +0000054809 00000 n +0000054913 00000 n +0000055016 00000 n +0000055119 00000 n +0000055223 00000 n +0000055327 00000 n +0000055431 00000 n +0000055800 00000 n +0000055853 00000 n +0000055940 00000 n +0000055965 00000 n +0000056019 00000 n +0000056106 00000 n +0000056160 00000 n +0000056247 00000 n +0000056280 00000 n +0000056328 00000 n +0000056415 00000 n +0000056462 00000 n +0000056548 00000 n +0000056595 00000 n +0000056681 00000 n +0000056722 00000 n +0000056767 00000 n +0000056854 00000 n +0000056899 00000 n +0000056985 00000 n +0000057018 00000 n +0000057073 00000 n +0000057159 00000 n +0000057184 00000 n +0000057237 00000 n +0000057324 00000 n +0000057374 00000 n +0000057461 00000 n +0000057494 00000 n +0000057613 00000 n +0000057699 00000 n +0000057742 00000 n +0000057829 00000 n +0000057872 00000 n +0000057959 00000 n +0000058000 00000 n +0000058046 00000 n +0000058133 00000 n +0000058158 00000 n +0000058204 00000 n +0000058291 00000 n +0000058337 00000 n +0000058422 00000 n +0000058466 00000 n +0000058553 00000 n +0000058604 00000 n +0000058691 00000 n +0000058740 00000 n +0000058827 00000 n +0000058875 00000 n +0000058961 00000 n +0000059026 00000 n +0000059089 00000 n +0000059176 00000 n +0000059234 00000 n +0000059321 00000 n +0000059415 00000 n +0000059501 00000 n +0000059603 00000 n +0000059652 00000 n +0000059755 00000 n +0000059798 00000 n +0000059884 00000 n +0000059932 00000 n +0000060019 00000 n +0000060060 00000 n +0000060147 00000 n +0000060191 00000 n +0000060278 00000 n +0000060322 00000 n +0000060408 00000 n +0000060473 00000 n +0000060519 00000 n +0000060606 00000 n +0000060631 00000 n +0000060680 00000 n +0000060767 00000 n +0000060821 00000 n +0000060908 00000 n +0000060959 00000 n +0000061046 00000 n +0000061097 00000 n +0000061183 00000 n +0000061237 00000 n +0000061323 00000 n +0000061373 00000 n +0000061458 00000 n +0000061523 00000 n +0000061573 00000 n +0000061660 00000 n +0000061710 00000 n +0000061796 00000 n +0000061860 00000 n +0000061947 00000 n +0000061988 00000 n +0000062052 00000 n +0000062139 00000 n 0000062164 00000 n -0000062214 00000 n -0000062301 00000 n -0000062345 00000 n -0000062432 00000 n -0000062476 00000 n -0000062563 00000 n -0000062613 00000 n -0000062699 00000 n -0000062749 00000 n -0000062834 00000 n -0000062883 00000 n -0000062968 00000 n -0000063041 00000 n +0000062206 00000 n +0000062292 00000 n +0000062343 00000 n +0000062430 00000 n +0000062477 00000 n +0000062564 00000 n +0000062605 00000 n +0000062654 00000 n +0000062741 00000 n +0000062789 00000 n +0000062876 00000 n +0000062918 00000 n +0000063004 00000 n +0000063045 00000 n 0000063088 00000 n 0000063175 00000 n -0000063200 00000 n -0000063248 00000 n -0000063335 00000 n -0000063383 00000 n -0000063470 00000 n -0000063520 00000 n -0000063607 00000 n -0000063655 00000 n -0000063742 00000 n -0000063791 00000 n -0000063839 00000 n -0000063926 00000 n -0000063974 00000 n -0000064059 00000 n -0000064104 00000 n -0000064190 00000 n -0000064233 00000 n -0000064319 00000 n -0000064360 00000 n -0000064446 00000 n -0000064495 00000 n -0000064581 00000 n -0000064627 00000 n -0000064713 00000 n -0000064758 00000 n -0000064844 00000 n -0000064896 00000 n -0000064982 00000 n -0000065032 00000 n -0000065118 00000 n -0000065164 00000 n -0000065250 00000 n -0000065293 00000 n -0000065379 00000 n -0000065423 00000 n -0000065509 00000 n -0000065552 00000 n -0000065638 00000 n -0000065683 00000 n -0000065769 00000 n -0000065807 00000 n -0000065893 00000 n -0000065935 00000 n -0000066021 00000 n -0000066064 00000 n -0000066150 00000 n -0000066188 00000 n -0000066274 00000 n -0000066316 00000 n -0000066402 00000 n -0000066446 00000 n -0000066532 00000 n -0000066579 00000 n -0000066665 00000 n -0000066713 00000 n -0000066798 00000 n -0000066999 00000 n -0000067049 00000 n -0000067136 00000 n -0000067186 00000 n -0000067272 00000 n -0000067305 00000 n -0000067354 00000 n -0000067440 00000 n -0000067487 00000 n -0000067574 00000 n -0000067607 00000 n -0000067722 00000 n -0000067809 00000 n -0000067834 00000 n -0000067916 00000 n -0000068003 00000 n -0000068088 00000 n -0000068175 00000 n -0000068208 00000 n -0000068263 00000 n -0000068350 00000 n -0000068406 00000 n -0000068493 00000 n -0000068526 00000 n -0000068574 00000 n -0000068661 00000 n -0000068735 00000 n -0000068822 00000 n -0000068890 00000 n -0000068977 00000 n -0000069031 00000 n -0000069118 00000 n -0000069186 00000 n -0000069273 00000 n -0000069347 00000 n -0000069434 00000 n -0000069482 00000 n -0000069569 00000 n -0000069626 00000 n -0000069713 00000 n -0000069794 00000 n -0000069849 00000 n -0000069936 00000 n -0000070017 00000 n -0000070104 00000 n -0000070137 00000 n -0000070190 00000 n -0000070277 00000 n -0000070302 00000 n -0000070358 00000 n -0000070445 00000 n -0000070514 00000 n -0000070601 00000 n -0000070652 00000 n -0000070739 00000 n -0000070826 00000 n -0000070913 00000 n -0000070969 00000 n -0000071056 00000 n -0000071106 00000 n -0000071193 00000 n -0000071258 00000 n -0000071310 00000 n -0000071397 00000 n -0000071453 00000 n -0000071540 00000 n -0000071588 00000 n -0000071675 00000 n -0000071723 00000 n -0000071810 00000 n -0000071859 00000 n -0000071900 00000 n -0000071987 00000 n -0000072031 00000 n -0000072118 00000 n -0000072163 00000 n -0000072250 00000 n -0000072294 00000 n -0000072381 00000 n -0000072425 00000 n -0000072512 00000 n -0000072554 00000 n -0000072641 00000 n -0000072689 00000 n -0000072776 00000 n -0000072849 00000 n -0000072897 00000 n -0000072983 00000 n -0000073008 00000 n -0000073061 00000 n -0000073147 00000 n -0000073172 00000 n -0000073226 00000 n -0000073313 00000 n -0000073338 00000 n -0000073393 00000 n -0000073479 00000 n -0000073547 00000 n -0000073633 00000 n -0000073708 00000 n -0000073795 00000 n -0000073865 00000 n -0000073951 00000 n -0000074030 00000 n -0000074117 00000 n -0000074174 00000 n -0000074256 00000 n -0000074342 00000 n -0000074417 00000 n -0000074504 00000 n -0000074577 00000 n -0000074664 00000 n -0000074742 00000 n -0000074829 00000 n -0000074878 00000 n -0000074926 00000 n -0000075013 00000 n -0000075038 00000 n -0000075086 00000 n -0000075173 00000 n -0000075198 00000 n -0000075261 00000 n -0000075348 00000 n -0000075411 00000 n -0000075498 00000 n -0000075552 00000 n -0000075639 00000 n -0000075680 00000 n -0000075727 00000 n -0000075814 00000 n -0000075839 00000 n -0000075873 00000 n -0000075907 00000 n -0000080020 00000 n -0000080064 00000 n -0000080108 00000 n -0000080152 00000 n -0000080196 00000 n -0000080240 00000 n -0000080284 00000 n -0000080328 00000 n -0000080372 00000 n -0000080416 00000 n -0000080460 00000 n -0000080504 00000 n -0000080548 00000 n -0000080592 00000 n -0000080636 00000 n -0000080680 00000 n -0000080724 00000 n -0000080768 00000 n -0000080812 00000 n -0000080856 00000 n -0000080900 00000 n -0000080944 00000 n -0000080988 00000 n -0000081032 00000 n -0000081076 00000 n -0000081120 00000 n -0000081164 00000 n -0000081208 00000 n -0000081252 00000 n -0000081296 00000 n -0000081340 00000 n -0000081384 00000 n -0000081428 00000 n -0000081472 00000 n -0000081516 00000 n -0000081560 00000 n -0000081604 00000 n -0000081648 00000 n -0000081692 00000 n -0000081736 00000 n -0000081780 00000 n -0000081824 00000 n -0000081868 00000 n -0000081912 00000 n -0000081956 00000 n -0000082000 00000 n -0000082044 00000 n -0000082088 00000 n -0000082132 00000 n -0000082176 00000 n -0000082220 00000 n -0000082264 00000 n -0000082308 00000 n -0000082352 00000 n -0000082396 00000 n -0000082440 00000 n -0000082484 00000 n -0000082528 00000 n -0000082572 00000 n -0000082616 00000 n -0000082660 00000 n -0000082704 00000 n -0000082748 00000 n -0000082792 00000 n -0000082836 00000 n -0000082880 00000 n -0000082924 00000 n -0000082968 00000 n -0000083012 00000 n -0000083056 00000 n -0000083100 00000 n -0000083144 00000 n -0000083188 00000 n -0000083232 00000 n -0000083276 00000 n -0000083320 00000 n -0000083364 00000 n -0000083408 00000 n -0000083452 00000 n -0000083496 00000 n -0000083540 00000 n -0000083584 00000 n -0000083628 00000 n -0000083672 00000 n -0000083716 00000 n -0000083760 00000 n -0000083804 00000 n -0000083848 00000 n -0000083892 00000 n -0000083936 00000 n -0000083980 00000 n -0000084024 00000 n -0000084068 00000 n -0000084112 00000 n -0000084156 00000 n -0000084200 00000 n -0000084244 00000 n -0000084288 00000 n -0000084332 00000 n -0000084376 00000 n -0000084420 00000 n -0000084464 00000 n -0000084508 00000 n -0000084552 00000 n -0000084596 00000 n -0000084640 00000 n -0000084684 00000 n -0000084728 00000 n -0000084772 00000 n -0000084816 00000 n -0000084860 00000 n -0000084904 00000 n -0000084948 00000 n -0000084992 00000 n -0000085036 00000 n -0000085080 00000 n -0000085124 00000 n -0000085168 00000 n -0000085212 00000 n -0000085256 00000 n -0000085300 00000 n -0000085344 00000 n -0000085388 00000 n -0000085432 00000 n -0000085476 00000 n -0000085520 00000 n -0000085564 00000 n -0000085608 00000 n -0000085652 00000 n -0000085696 00000 n -0000085740 00000 n -0000085784 00000 n -0000085828 00000 n -0000085872 00000 n -0000085916 00000 n -0000085960 00000 n -0000086004 00000 n -0000086048 00000 n -0000086092 00000 n -0000086136 00000 n -0000086180 00000 n -0000086224 00000 n -0000086268 00000 n -0000086312 00000 n -0000086356 00000 n -0000086400 00000 n -0000086444 00000 n -0000086488 00000 n -0000086532 00000 n -0000086576 00000 n -0000086620 00000 n -0000086664 00000 n -0000086708 00000 n -0000086752 00000 n -0000086796 00000 n -0000086840 00000 n -0000086884 00000 n -0000086928 00000 n -0000086972 00000 n -0000087016 00000 n -0000087060 00000 n -0000087104 00000 n -0000087148 00000 n -0000087192 00000 n -0000087236 00000 n -0000087280 00000 n -0000087324 00000 n -0000087368 00000 n -0000087412 00000 n -0000087456 00000 n -0000087500 00000 n -0000087544 00000 n -0000087588 00000 n -0000087632 00000 n -0000087676 00000 n -0000087720 00000 n -0000087764 00000 n -0000087808 00000 n -0000087852 00000 n -0000087896 00000 n -0000087941 00000 n -0000087986 00000 n -0000088031 00000 n -0000088076 00000 n -0000088121 00000 n -0000088166 00000 n -0000088211 00000 n -0000088256 00000 n -0000088301 00000 n -0000088346 00000 n -0000088391 00000 n -0000088436 00000 n -0000088481 00000 n -0000088526 00000 n -0000088571 00000 n -0000088616 00000 n -0000088661 00000 n -0000088706 00000 n +0000063225 00000 n +0000063312 00000 n +0000063360 00000 n +0000063447 00000 n +0000063501 00000 n +0000063586 00000 n +0000063635 00000 n +0000063680 00000 n +0000063767 00000 n +0000063824 00000 n +0000063911 00000 n +0000064007 00000 n +0000064093 00000 n +0000064134 00000 n +0000064196 00000 n +0000064283 00000 n +0000064308 00000 n +0000064357 00000 n +0000064444 00000 n +0000064469 00000 n +0000064517 00000 n +0000064604 00000 n +0000064654 00000 n +0000064740 00000 n +0000064784 00000 n +0000064870 00000 n +0000064914 00000 n +0000065000 00000 n +0000065050 00000 n +0000065136 00000 n +0000065186 00000 n +0000065271 00000 n +0000065320 00000 n +0000065404 00000 n +0000065451 00000 n +0000065535 00000 n +0000065616 00000 n +0000065664 00000 n +0000065751 00000 n +0000065799 00000 n +0000065886 00000 n +0000065936 00000 n +0000066023 00000 n +0000066071 00000 n +0000066158 00000 n +0000066207 00000 n +0000066255 00000 n +0000066342 00000 n +0000066390 00000 n +0000066475 00000 n +0000066520 00000 n +0000066606 00000 n +0000066649 00000 n +0000066735 00000 n +0000066776 00000 n +0000066862 00000 n +0000066911 00000 n +0000066997 00000 n +0000067043 00000 n +0000067129 00000 n +0000067174 00000 n +0000067260 00000 n +0000067312 00000 n +0000067398 00000 n +0000067448 00000 n +0000067534 00000 n +0000067580 00000 n +0000067666 00000 n +0000067709 00000 n +0000067795 00000 n +0000067839 00000 n +0000067925 00000 n +0000067968 00000 n +0000068054 00000 n +0000068099 00000 n +0000068185 00000 n +0000068223 00000 n +0000068309 00000 n +0000068351 00000 n +0000068437 00000 n +0000068480 00000 n +0000068566 00000 n +0000068604 00000 n +0000068690 00000 n +0000068732 00000 n +0000068818 00000 n +0000068862 00000 n +0000068948 00000 n +0000068995 00000 n +0000069081 00000 n +0000069129 00000 n +0000069214 00000 n +0000069415 00000 n +0000069465 00000 n +0000069552 00000 n +0000069602 00000 n +0000069688 00000 n +0000069721 00000 n +0000069770 00000 n +0000069856 00000 n +0000069903 00000 n +0000069990 00000 n +0000070023 00000 n +0000070138 00000 n +0000070225 00000 n +0000070250 00000 n +0000070332 00000 n +0000070419 00000 n +0000070504 00000 n +0000070591 00000 n +0000070624 00000 n +0000070679 00000 n +0000070766 00000 n +0000070822 00000 n +0000070909 00000 n +0000070942 00000 n +0000070990 00000 n +0000071077 00000 n +0000071151 00000 n +0000071238 00000 n +0000071306 00000 n +0000071393 00000 n +0000071447 00000 n +0000071534 00000 n +0000071602 00000 n +0000071689 00000 n +0000071763 00000 n +0000071850 00000 n +0000071898 00000 n +0000071985 00000 n +0000072042 00000 n +0000072129 00000 n +0000072210 00000 n +0000072265 00000 n +0000072352 00000 n +0000072433 00000 n +0000072520 00000 n +0000072553 00000 n +0000072606 00000 n +0000072693 00000 n +0000072718 00000 n +0000072774 00000 n +0000072861 00000 n +0000072930 00000 n +0000073017 00000 n +0000073068 00000 n +0000073155 00000 n +0000073242 00000 n +0000073329 00000 n +0000073385 00000 n +0000073472 00000 n +0000073522 00000 n +0000073609 00000 n +0000073674 00000 n +0000073726 00000 n +0000073813 00000 n +0000073869 00000 n +0000073956 00000 n +0000074004 00000 n +0000074091 00000 n +0000074139 00000 n +0000074226 00000 n +0000074275 00000 n +0000074316 00000 n +0000074401 00000 n +0000074426 00000 n +0000074470 00000 n +0000074557 00000 n +0000074602 00000 n +0000074689 00000 n +0000074733 00000 n +0000074820 00000 n +0000074864 00000 n +0000074951 00000 n +0000074993 00000 n +0000075080 00000 n +0000075128 00000 n +0000075215 00000 n +0000075280 00000 n +0000075328 00000 n +0000075414 00000 n +0000075439 00000 n +0000075492 00000 n +0000075578 00000 n +0000075603 00000 n +0000075657 00000 n +0000075744 00000 n +0000075769 00000 n +0000075824 00000 n +0000075910 00000 n +0000075978 00000 n +0000076064 00000 n +0000076139 00000 n +0000076226 00000 n +0000076296 00000 n +0000076382 00000 n +0000076461 00000 n +0000076548 00000 n +0000076605 00000 n +0000076687 00000 n +0000076773 00000 n +0000076848 00000 n +0000076935 00000 n +0000077008 00000 n +0000077095 00000 n +0000077173 00000 n +0000077260 00000 n +0000077309 00000 n +0000077357 00000 n +0000077444 00000 n +0000077469 00000 n +0000077517 00000 n +0000077604 00000 n +0000077629 00000 n +0000077692 00000 n +0000077779 00000 n +0000077842 00000 n +0000077929 00000 n +0000077983 00000 n +0000078070 00000 n +0000078111 00000 n +0000078158 00000 n +0000078245 00000 n +0000078270 00000 n +0000078304 00000 n +0000078338 00000 n +0000082635 00000 n +0000082679 00000 n +0000082723 00000 n +0000082767 00000 n +0000082811 00000 n +0000082855 00000 n +0000082899 00000 n +0000082943 00000 n +0000082987 00000 n +0000083031 00000 n +0000083075 00000 n +0000083119 00000 n +0000083163 00000 n +0000083207 00000 n +0000083251 00000 n +0000083295 00000 n +0000083339 00000 n +0000083383 00000 n +0000083427 00000 n +0000083471 00000 n +0000083515 00000 n +0000083559 00000 n +0000083603 00000 n +0000083647 00000 n +0000083691 00000 n +0000083735 00000 n +0000083779 00000 n +0000083823 00000 n +0000083867 00000 n +0000083911 00000 n +0000083955 00000 n +0000083999 00000 n +0000084043 00000 n +0000084087 00000 n +0000084131 00000 n +0000084175 00000 n +0000084219 00000 n +0000084263 00000 n +0000084307 00000 n +0000084351 00000 n +0000084395 00000 n +0000084439 00000 n +0000084483 00000 n +0000084527 00000 n +0000084571 00000 n +0000084615 00000 n +0000084659 00000 n +0000084703 00000 n +0000084747 00000 n +0000084791 00000 n +0000084835 00000 n +0000084879 00000 n +0000084923 00000 n +0000084967 00000 n +0000085011 00000 n +0000085055 00000 n +0000085099 00000 n +0000085143 00000 n +0000085187 00000 n +0000085231 00000 n +0000085275 00000 n +0000085319 00000 n +0000085363 00000 n +0000085407 00000 n +0000085451 00000 n +0000085495 00000 n +0000085539 00000 n +0000085583 00000 n +0000085627 00000 n +0000085671 00000 n +0000085715 00000 n +0000085759 00000 n +0000085803 00000 n +0000085847 00000 n +0000085891 00000 n +0000085935 00000 n +0000085979 00000 n +0000086023 00000 n +0000086067 00000 n +0000086111 00000 n +0000086155 00000 n +0000086199 00000 n +0000086243 00000 n +0000086287 00000 n +0000086331 00000 n +0000086375 00000 n +0000086419 00000 n +0000086463 00000 n +0000086507 00000 n +0000086551 00000 n +0000086595 00000 n +0000086639 00000 n +0000086683 00000 n +0000086727 00000 n +0000086771 00000 n +0000086815 00000 n +0000086859 00000 n +0000086903 00000 n +0000086947 00000 n +0000086991 00000 n +0000087035 00000 n +0000087079 00000 n +0000087123 00000 n +0000087167 00000 n +0000087211 00000 n +0000087255 00000 n +0000087299 00000 n +0000087343 00000 n +0000087387 00000 n +0000087431 00000 n +0000087475 00000 n +0000087519 00000 n +0000087563 00000 n +0000087607 00000 n +0000087651 00000 n +0000087695 00000 n +0000087739 00000 n +0000087783 00000 n +0000087827 00000 n +0000087871 00000 n +0000087915 00000 n +0000087959 00000 n +0000088003 00000 n +0000088047 00000 n +0000088091 00000 n +0000088135 00000 n +0000088179 00000 n +0000088223 00000 n +0000088267 00000 n +0000088311 00000 n +0000088355 00000 n +0000088399 00000 n +0000088443 00000 n +0000088487 00000 n +0000088531 00000 n +0000088575 00000 n +0000088619 00000 n +0000088663 00000 n +0000088707 00000 n 0000088751 00000 n -0000088796 00000 n -0000088841 00000 n -0000088886 00000 n -0000088931 00000 n -0000088976 00000 n -0000089021 00000 n -0000089066 00000 n -0000089111 00000 n -0000089156 00000 n -0000089201 00000 n -0000089246 00000 n -0000089291 00000 n -0000089336 00000 n -0000089381 00000 n -0000089426 00000 n -0000089471 00000 n -0000089516 00000 n -0000089561 00000 n -0000089606 00000 n -0000089651 00000 n -0000089696 00000 n -0000089741 00000 n -0000089786 00000 n -0000089831 00000 n -0000089876 00000 n -0000089921 00000 n -0000089966 00000 n -0000090011 00000 n -0000090056 00000 n -0000090101 00000 n -0000090146 00000 n -0000090191 00000 n -0000090236 00000 n -0000090281 00000 n -0000090326 00000 n -0000090371 00000 n -0000090416 00000 n -0000090461 00000 n -0000090506 00000 n -0000090551 00000 n -0000090596 00000 n -0000090641 00000 n -0000090686 00000 n -0000090731 00000 n -0000090776 00000 n -0000090821 00000 n -0000090866 00000 n -0000090911 00000 n -0000090956 00000 n -0000092166 00000 n -0000092327 00000 n -0000092496 00000 n -0000092689 00000 n -0000095924 00000 n -0000096118 00000 n -0000100265 00000 n -0000100459 00000 n -0000104021 00000 n -0000104215 00000 n -0000108467 00000 n -0000108661 00000 n -0000112096 00000 n -0000112290 00000 n -0000112962 00000 n -0000113123 00000 n -0000113357 00000 n -0000113561 00000 n -0000115832 00000 n -0000116016 00000 n -0000119096 00000 n -0000119271 00000 n -0000122110 00000 n -0000122285 00000 n -0000124842 00000 n -0000125017 00000 n -0000127007 00000 n -0000127219 00000 n -0000128342 00000 n -0000128530 00000 n -0000130082 00000 n -0000130279 00000 n -0000131757 00000 n -0000131972 00000 n -0000133324 00000 n -0000133503 00000 n -0000135075 00000 n -0000135245 00000 n -0000136792 00000 n -0000136971 00000 n -0000138427 00000 n -0000138606 00000 n -0000140310 00000 n -0000140489 00000 n -0000142070 00000 n -0000142249 00000 n -0000143936 00000 n -0000144130 00000 n -0000145802 00000 n -0000146000 00000 n -0000147430 00000 n -0000147618 00000 n -0000149309 00000 n -0000149497 00000 n -0000151274 00000 n -0000151453 00000 n -0000153517 00000 n -0000153696 00000 n -0000155513 00000 n -0000155692 00000 n -0000157430 00000 n -0000157618 00000 n -0000159467 00000 n -0000159689 00000 n -0000161700 00000 n -0000161913 00000 n -0000163466 00000 n -0000163655 00000 n -0000165047 00000 n -0000165217 00000 n -0000165561 00000 n -0000165749 00000 n -0000167272 00000 n -0000167475 00000 n -0000169179 00000 n -0000169382 00000 n -0000170329 00000 n -0000170541 00000 n -0000172051 00000 n -0000172231 00000 n -0000172986 00000 n -0000173207 00000 n -0000174967 00000 n -0000175173 00000 n -0000177046 00000 n -0000177243 00000 n -0000178822 00000 n -0000179033 00000 n -0000180548 00000 n -0000180736 00000 n -0000181621 00000 n -0000181852 00000 n -0000183656 00000 n -0000183868 00000 n -0000185809 00000 n -0000186040 00000 n -0000188010 00000 n -0000188232 00000 n -0000190084 00000 n -0000190287 00000 n -0000191623 00000 n -0000191845 00000 n -0000193503 00000 n -0000193716 00000 n -0000195652 00000 n -0000195840 00000 n -0000196474 00000 n -0000196653 00000 n -0000198167 00000 n -0000198346 00000 n -0000199744 00000 n -0000199923 00000 n -0000201579 00000 n -0000201758 00000 n -0000203323 00000 n -0000203493 00000 n -0000203834 00000 n -0000204037 00000 n -0000205928 00000 n -0000206088 00000 n -0000207203 00000 n -0000207433 00000 n -0000208921 00000 n -0000209133 00000 n -0000210882 00000 n -0000211075 00000 n -0000212444 00000 n -0000212633 00000 n -0000214304 00000 n -0000214483 00000 n -0000216213 00000 n -0000216401 00000 n -0000218295 00000 n -0000218508 00000 n -0000220361 00000 n -0000220601 00000 n -0000222697 00000 n -0000222909 00000 n -0000224492 00000 n -0000224713 00000 n -0000225962 00000 n -0000226150 00000 n -0000227431 00000 n -0000227610 00000 n -0000228672 00000 n -0000228860 00000 n -0000230424 00000 n -0000230612 00000 n -0000232030 00000 n -0000232219 00000 n -0000233483 00000 n -0000233663 00000 n -0000234313 00000 n -0000234526 00000 n -0000236285 00000 n -0000236498 00000 n -0000238036 00000 n -0000238258 00000 n -0000240052 00000 n -0000240292 00000 n -0000242022 00000 n -0000242229 00000 n -0000244067 00000 n -0000244298 00000 n -0000246206 00000 n -0000246428 00000 n -0000248341 00000 n -0000248553 00000 n -0000250571 00000 n -0000250774 00000 n -0000253026 00000 n -0000253248 00000 n -0000255457 00000 n -0000255664 00000 n -0000257636 00000 n -0000257815 00000 n -0000259414 00000 n -0000259584 00000 n -0000261574 00000 n -0000261762 00000 n -0000263838 00000 n -0000264026 00000 n -0000265807 00000 n -0000265985 00000 n -0000267830 00000 n -0000267990 00000 n -0000268767 00000 n -0000268961 00000 n -0000270551 00000 n -0000270731 00000 n -0000272479 00000 n -0000272658 00000 n -0000273555 00000 n -0000273777 00000 n -0000275844 00000 n -0000276057 00000 n -0000278106 00000 n -0000278303 00000 n -0000279502 00000 n -0000279715 00000 n -0000281331 00000 n -0000281553 00000 n -0000283376 00000 n -0000283598 00000 n -0000285365 00000 n -0000285559 00000 n -0000286334 00000 n -0000286504 00000 n -0000288163 00000 n -0000288342 00000 n -0000290174 00000 n -0000290343 00000 n -0000292198 00000 n -0000292367 00000 n -0000293477 00000 n -0000293665 00000 n -0000295366 00000 n -0000295554 00000 n -0000297033 00000 n -0000297221 00000 n -0000298709 00000 n -0000298879 00000 n -0000300540 00000 n -0000300710 00000 n -0000301451 00000 n -0000301630 00000 n -0000303217 00000 n -0000303396 00000 n -0000305055 00000 n -0000305225 00000 n -0000306760 00000 n -0000306930 00000 n -0000308214 00000 n -0000308384 00000 n -0000309999 00000 n -0000310169 00000 n -0000311752 00000 n -0000311947 00000 n -0000313660 00000 n -0000313872 00000 n -0000315587 00000 n -0000315781 00000 n -0000317495 00000 n -0000317707 00000 n -0000318992 00000 n -0000319195 00000 n -0000320713 00000 n -0000320891 00000 n -0000321557 00000 n -0000321760 00000 n -0000323436 00000 n -0000323624 00000 n -0000325347 00000 n -0000325535 00000 n -0000327063 00000 n -0000327242 00000 n -0000328750 00000 n -0000328928 00000 n -0000329654 00000 n -0000329713 00000 n -0000329816 00000 n -0000329981 00000 n -0000330063 00000 n -0000330171 00000 n -0000330339 00000 n -0000330451 00000 n -0000330580 00000 n -0000330710 00000 n -0000330852 00000 n -0000330995 00000 n -0000331167 00000 n -0000331286 00000 n -0000331417 00000 n -0000331572 00000 n -0000331715 00000 n -0000331896 00000 n -0000332046 00000 n -0000332151 00000 n -0000332260 00000 n -0000332387 00000 n -0000332520 00000 n -0000332627 00000 n -0000332730 00000 n -0000332896 00000 n -0000332994 00000 n -0000333105 00000 n -0000333249 00000 n -0000333341 00000 n -0000333447 00000 n -0000333553 00000 n -0000333659 00000 n -0000333765 00000 n -0000333871 00000 n -0000333977 00000 n -0000334083 00000 n -0000334189 00000 n -0000334296 00000 n -0000334389 00000 n -0000334497 00000 n -0000334677 00000 n -0000334769 00000 n -0000334949 00000 n -0000335045 00000 n -0000335161 00000 n -0000335275 00000 n -0000335379 00000 n -0000335569 00000 n -0000335677 00000 n -0000335793 00000 n -0000335903 00000 n -0000336013 00000 n -0000336110 00000 n -0000336293 00000 n -0000336510 00000 n -0000336641 00000 n -0000336796 00000 n -0000336925 00000 n -0000337022 00000 n -0000337228 00000 n -0000337327 00000 n -0000337453 00000 n -0000337568 00000 n -0000337763 00000 n -0000337885 00000 n -0000337962 00000 n -0000338156 00000 n -0000338309 00000 n -0000338451 00000 n -0000338573 00000 n -0000338748 00000 n -0000338850 00000 n -0000338957 00000 n -0000339096 00000 n -0000339254 00000 n -0000339398 00000 n -0000339567 00000 n -0000339665 00000 n -0000339816 00000 n -0000339919 00000 n -0000340056 00000 n -0000340190 00000 n -0000340332 00000 n -0000340441 00000 n -0000340599 00000 n -0000340702 00000 n -0000340834 00000 n -0000340953 00000 n -0000341062 00000 n -0000341186 00000 n -0000341351 00000 n -0000341449 00000 n -0000341575 00000 n -0000341699 00000 n -0000341836 00000 n -0000341955 00000 n -0000342079 00000 n -0000342201 00000 n -0000342318 00000 n -0000342418 00000 n -0000342571 00000 n -0000342669 00000 n -0000342799 00000 n -0000342967 00000 n -0000343088 00000 n -0000343218 00000 n -0000343346 00000 n -0000343540 00000 n -0000343634 00000 n -0000343746 00000 n -0000343905 00000 n -0000343988 00000 n -0000344143 00000 n -0000344261 00000 n -0000344380 00000 n -0000344512 00000 n -0000344640 00000 n -0000344740 00000 n -0000344908 00000 n -0000345006 00000 n -0000345118 00000 n -0000345222 00000 n -0000345333 00000 n -0000345429 00000 n -0000345624 00000 n -0000345730 00000 n -0000345840 00000 n -0000345979 00000 n -0000346182 00000 n -0000346309 00000 n -0000346456 00000 n -0000346574 00000 n -0000346700 00000 n -0000346828 00000 n -0000346954 00000 n -0000347124 00000 n -0000347252 00000 n -0000347398 00000 n -0000347538 00000 n -0000347752 00000 n -0000347858 00000 n -0000347968 00000 n -0000348156 00000 n -0000348292 00000 n -0000348401 00000 n -0000348541 00000 n -0000348693 00000 n -0000348803 00000 n -0000349011 00000 n -0000349104 00000 n -0000349216 00000 n -0000349338 00000 n -0000349490 00000 n -0000349655 00000 n -0000349763 00000 n -0000349866 00000 n -0000349996 00000 n -0000350121 00000 n -0000350263 00000 n -0000350402 00000 n -0000350496 00000 n -0000350661 00000 n -0000350767 00000 n -0000350892 00000 n -0000351010 00000 n -0000351171 00000 n -0000351280 00000 n -0000351404 00000 n -0000351538 00000 n -0000351669 00000 n -0000351799 00000 n -0000351929 00000 n -0000352059 00000 n -0000352164 00000 n -0000352327 00000 n -0000352424 00000 n -0000352569 00000 n -0000352663 00000 n -0000352777 00000 n -0000352901 00000 n -0000353015 00000 n -0000353124 00000 n -0000353232 00000 n -0000353339 00000 n -0000353450 00000 n -0000353559 00000 n -0000353669 00000 n -0000353777 00000 n -0000353886 00000 n -0000354001 00000 n -0000354115 00000 n +0000088795 00000 n +0000088839 00000 n +0000088883 00000 n +0000088927 00000 n +0000088971 00000 n +0000089015 00000 n +0000089059 00000 n +0000089103 00000 n +0000089147 00000 n +0000089191 00000 n +0000089235 00000 n +0000089279 00000 n +0000089323 00000 n +0000089367 00000 n +0000089411 00000 n +0000089455 00000 n +0000089499 00000 n +0000089543 00000 n +0000089587 00000 n +0000089632 00000 n +0000089677 00000 n +0000089722 00000 n +0000089767 00000 n +0000089812 00000 n +0000089857 00000 n +0000089902 00000 n +0000089947 00000 n +0000089992 00000 n +0000090037 00000 n +0000090082 00000 n +0000090127 00000 n +0000090172 00000 n +0000090217 00000 n +0000090262 00000 n +0000090307 00000 n +0000090352 00000 n +0000090397 00000 n +0000090442 00000 n +0000090487 00000 n +0000090532 00000 n +0000090577 00000 n +0000090622 00000 n +0000090667 00000 n +0000090712 00000 n +0000090757 00000 n +0000090802 00000 n +0000090847 00000 n +0000090892 00000 n +0000090937 00000 n +0000090982 00000 n +0000091027 00000 n +0000091072 00000 n +0000091117 00000 n +0000091162 00000 n +0000091207 00000 n +0000091252 00000 n +0000091297 00000 n +0000091342 00000 n +0000091387 00000 n +0000091432 00000 n +0000091477 00000 n +0000091522 00000 n +0000091567 00000 n +0000091612 00000 n +0000091657 00000 n +0000091702 00000 n +0000091747 00000 n +0000091792 00000 n +0000091837 00000 n +0000091882 00000 n +0000091927 00000 n +0000091972 00000 n +0000092017 00000 n +0000092062 00000 n +0000092107 00000 n +0000092152 00000 n +0000092197 00000 n +0000092242 00000 n +0000092287 00000 n +0000092332 00000 n +0000092377 00000 n +0000092422 00000 n +0000092467 00000 n +0000092512 00000 n +0000092557 00000 n +0000092602 00000 n +0000092647 00000 n +0000092692 00000 n +0000092737 00000 n +0000092782 00000 n +0000092827 00000 n +0000092872 00000 n +0000092917 00000 n +0000092962 00000 n +0000093007 00000 n +0000093052 00000 n +0000093097 00000 n +0000093142 00000 n +0000093187 00000 n +0000093232 00000 n +0000093277 00000 n +0000093322 00000 n +0000093367 00000 n +0000093412 00000 n +0000093457 00000 n +0000093502 00000 n +0000093547 00000 n +0000093592 00000 n +0000093637 00000 n +0000093682 00000 n +0000093727 00000 n +0000093772 00000 n +0000093817 00000 n +0000093862 00000 n +0000093907 00000 n +0000093952 00000 n +0000093997 00000 n +0000094042 00000 n +0000095270 00000 n +0000095431 00000 n +0000095600 00000 n +0000095793 00000 n +0000099543 00000 n +0000099737 00000 n +0000104352 00000 n +0000104546 00000 n +0000108569 00000 n +0000108763 00000 n +0000113380 00000 n +0000113574 00000 n +0000117795 00000 n +0000117989 00000 n +0000119664 00000 n +0000119825 00000 n +0000120059 00000 n +0000120263 00000 n +0000122791 00000 n +0000122975 00000 n +0000126362 00000 n +0000126537 00000 n +0000129670 00000 n +0000129845 00000 n +0000132915 00000 n +0000133090 00000 n +0000135611 00000 n +0000135823 00000 n +0000136979 00000 n +0000137167 00000 n +0000138688 00000 n +0000138885 00000 n +0000140321 00000 n +0000140536 00000 n +0000141901 00000 n +0000142080 00000 n +0000143667 00000 n +0000143837 00000 n +0000145392 00000 n +0000145571 00000 n +0000147005 00000 n +0000147184 00000 n +0000148897 00000 n +0000149076 00000 n +0000150624 00000 n +0000150803 00000 n +0000152493 00000 n +0000152696 00000 n +0000154500 00000 n +0000154698 00000 n +0000156059 00000 n +0000156257 00000 n +0000157941 00000 n +0000158129 00000 n +0000159802 00000 n +0000159981 00000 n +0000162081 00000 n +0000162260 00000 n +0000164033 00000 n +0000164212 00000 n +0000165892 00000 n +0000166080 00000 n +0000167935 00000 n +0000168147 00000 n +0000170205 00000 n +0000170418 00000 n +0000171985 00000 n +0000172174 00000 n +0000173449 00000 n +0000173637 00000 n +0000175163 00000 n +0000175366 00000 n +0000177092 00000 n +0000177295 00000 n +0000178145 00000 n +0000178357 00000 n +0000179867 00000 n +0000180047 00000 n +0000180805 00000 n +0000181026 00000 n +0000182824 00000 n +0000183030 00000 n +0000184912 00000 n +0000185109 00000 n +0000186695 00000 n +0000186906 00000 n +0000188475 00000 n +0000188663 00000 n +0000189565 00000 n +0000189796 00000 n +0000191666 00000 n +0000191878 00000 n +0000193826 00000 n +0000194057 00000 n +0000196068 00000 n +0000196290 00000 n +0000198170 00000 n +0000198349 00000 n +0000199543 00000 n +0000199765 00000 n +0000201465 00000 n +0000201678 00000 n +0000203611 00000 n +0000203799 00000 n +0000204434 00000 n +0000204613 00000 n +0000206075 00000 n +0000206254 00000 n +0000207570 00000 n +0000207749 00000 n +0000209371 00000 n +0000209550 00000 n +0000211047 00000 n +0000211217 00000 n +0000211561 00000 n +0000211764 00000 n +0000213667 00000 n +0000213827 00000 n +0000214950 00000 n +0000215180 00000 n +0000216704 00000 n +0000216916 00000 n +0000218705 00000 n +0000218898 00000 n +0000220304 00000 n +0000220493 00000 n +0000222184 00000 n +0000222363 00000 n +0000224109 00000 n +0000224297 00000 n +0000226204 00000 n +0000226417 00000 n +0000228302 00000 n +0000228542 00000 n +0000230633 00000 n +0000230845 00000 n +0000232446 00000 n +0000232652 00000 n +0000233813 00000 n +0000234001 00000 n +0000235199 00000 n +0000235378 00000 n +0000236384 00000 n +0000236572 00000 n +0000238199 00000 n +0000238387 00000 n +0000239656 00000 n +0000239845 00000 n +0000241153 00000 n +0000241323 00000 n +0000241795 00000 n +0000242008 00000 n +0000243822 00000 n +0000244035 00000 n +0000245612 00000 n +0000245834 00000 n +0000247653 00000 n +0000247893 00000 n +0000249616 00000 n +0000249823 00000 n +0000251668 00000 n +0000251899 00000 n +0000253789 00000 n +0000254011 00000 n +0000255957 00000 n +0000256169 00000 n +0000258217 00000 n +0000258420 00000 n +0000260754 00000 n +0000260976 00000 n +0000263220 00000 n +0000263427 00000 n +0000265407 00000 n +0000265586 00000 n +0000267144 00000 n +0000267314 00000 n +0000269314 00000 n +0000269502 00000 n +0000271589 00000 n +0000271777 00000 n +0000273588 00000 n +0000273766 00000 n +0000275616 00000 n +0000275776 00000 n +0000276560 00000 n +0000276754 00000 n +0000278355 00000 n +0000278535 00000 n +0000280301 00000 n +0000280480 00000 n +0000281341 00000 n +0000281563 00000 n +0000283699 00000 n +0000283912 00000 n +0000285966 00000 n +0000286188 00000 n +0000287411 00000 n +0000287624 00000 n +0000289221 00000 n +0000289443 00000 n +0000291266 00000 n +0000291488 00000 n +0000293220 00000 n +0000293414 00000 n +0000294140 00000 n +0000294319 00000 n +0000295412 00000 n +0000295609 00000 n +0000297065 00000 n +0000297253 00000 n +0000298143 00000 n +0000298313 00000 n +0000299990 00000 n +0000300169 00000 n +0000301984 00000 n +0000302153 00000 n +0000303993 00000 n +0000304162 00000 n +0000305150 00000 n +0000305329 00000 n +0000306977 00000 n +0000307165 00000 n +0000308656 00000 n +0000308844 00000 n +0000310268 00000 n +0000310438 00000 n +0000312106 00000 n +0000312276 00000 n +0000312833 00000 n +0000313012 00000 n +0000314618 00000 n +0000314797 00000 n +0000316467 00000 n +0000316637 00000 n +0000318186 00000 n +0000318356 00000 n +0000319657 00000 n +0000319827 00000 n +0000321453 00000 n +0000321623 00000 n +0000323209 00000 n +0000323404 00000 n +0000325182 00000 n +0000325394 00000 n +0000327117 00000 n +0000327311 00000 n +0000329085 00000 n +0000329297 00000 n +0000330574 00000 n +0000330777 00000 n +0000332350 00000 n +0000332528 00000 n +0000333215 00000 n +0000333418 00000 n +0000335094 00000 n +0000335282 00000 n +0000337014 00000 n +0000337202 00000 n +0000338687 00000 n +0000338866 00000 n +0000340362 00000 n +0000340540 00000 n +0000341199 00000 n +0000341258 00000 n +0000341361 00000 n +0000341526 00000 n +0000341608 00000 n +0000341716 00000 n +0000341895 00000 n +0000342012 00000 n +0000342146 00000 n +0000342281 00000 n +0000342428 00000 n +0000342576 00000 n +0000342753 00000 n +0000342879 00000 n +0000343017 00000 n +0000343177 00000 n +0000343325 00000 n +0000343511 00000 n +0000343667 00000 n +0000343780 00000 n +0000343897 00000 n +0000344032 00000 n +0000344173 00000 n +0000344288 00000 n +0000344399 00000 n +0000344576 00000 n +0000344679 00000 n +0000344795 00000 n +0000344944 00000 n +0000345043 00000 n +0000345156 00000 n +0000345269 00000 n +0000345382 00000 n +0000345495 00000 n +0000345608 00000 n +0000345721 00000 n +0000345834 00000 n +0000345947 00000 n +0000346062 00000 n +0000346163 00000 n +0000346276 00000 n +0000346467 00000 n +0000346564 00000 n +0000346749 00000 n +0000346852 00000 n +0000346975 00000 n +0000347096 00000 n +0000347207 00000 n +0000347402 00000 n +0000347517 00000 n +0000347640 00000 n +0000347757 00000 n +0000347874 00000 n +0000347978 00000 n +0000348166 00000 n +0000348388 00000 n +0000348526 00000 n +0000348688 00000 n +0000348824 00000 n +0000348926 00000 n +0000349143 00000 n +0000349247 00000 n +0000349378 00000 n +0000349498 00000 n +0000349704 00000 n +0000349831 00000 n +0000349915 00000 n +0000350120 00000 n +0000350278 00000 n +0000350425 00000 n +0000350552 00000 n +0000350732 00000 n +0000350841 00000 n +0000350955 00000 n +0000351099 00000 n +0000351262 00000 n +0000351411 00000 n +0000351591 00000 n +0000351694 00000 n +0000351850 00000 n +0000351960 00000 n +0000352104 00000 n +0000352245 00000 n +0000352394 00000 n +0000352510 00000 n +0000352673 00000 n +0000352783 00000 n +0000352922 00000 n +0000353048 00000 n +0000353164 00000 n +0000353293 00000 n +0000353469 00000 n +0000353572 00000 n +0000353703 00000 n +0000353832 00000 n +0000353974 00000 n +0000354098 00000 n 0000354227 00000 n -0000354338 00000 n -0000354451 00000 n -0000354547 00000 n -0000354713 00000 n -0000354817 00000 n -0000354965 00000 n -0000355126 00000 n -0000355306 00000 n -0000355479 00000 n -0000355627 00000 n -0000355787 00000 n -0000355911 00000 n -0000356050 00000 n -0000356181 00000 n -0000356293 00000 n -0000356408 00000 n -0000356521 00000 n -0000356697 00000 n -0000356795 00000 n -0000356942 00000 n -0000357045 00000 n -0000357145 00000 n -0000357297 00000 n -0000357395 00000 n -0000357507 00000 n -0000357619 00000 n -0000357734 00000 n -0000357864 00000 n -0000357957 00000 n -0000358076 00000 n -0000358211 00000 n -0000358301 00000 n -0000358409 00000 n -0000358499 00000 n +0000354354 00000 n +0000354476 00000 n +0000354581 00000 n +0000354745 00000 n +0000354848 00000 n +0000354983 00000 n +0000355163 00000 n +0000355290 00000 n +0000355426 00000 n +0000355560 00000 n +0000355766 00000 n +0000355866 00000 n +0000355984 00000 n +0000356149 00000 n +0000356240 00000 n +0000356401 00000 n +0000356527 00000 n +0000356654 00000 n +0000356794 00000 n +0000356930 00000 n +0000357038 00000 n +0000357212 00000 n +0000357318 00000 n +0000357438 00000 n +0000357550 00000 n +0000357667 00000 n +0000357769 00000 n +0000357976 00000 n +0000358088 00000 n +0000358204 00000 n +0000358349 00000 n +0000358558 00000 n +0000358693 00000 n +0000358848 00000 n +0000358974 00000 n +0000359106 00000 n +0000359240 00000 n +0000359372 00000 n +0000359548 00000 n +0000359684 00000 n +0000359838 00000 n +0000359984 00000 n +0000360210 00000 n +0000360322 00000 n +0000360438 00000 n +0000360632 00000 n +0000360776 00000 n +0000360893 00000 n +0000361039 00000 n +0000361197 00000 n +0000361315 00000 n +0000361535 00000 n +0000361634 00000 n +0000361752 00000 n +0000361880 00000 n +0000362038 00000 n +0000362209 00000 n +0000362325 00000 n +0000362436 00000 n +0000362572 00000 n +0000362703 00000 n +0000362851 00000 n +0000362996 00000 n +0000363097 00000 n +0000363291 00000 n +0000363426 00000 n +0000363575 00000 n +0000363694 00000 n +0000363825 00000 n +0000363996 00000 n +0000364091 00000 n +0000364219 00000 n +0000364347 00000 n +0000364444 00000 n +0000364621 00000 n +0000364733 00000 n +0000364864 00000 n +0000364988 00000 n +0000365155 00000 n +0000365272 00000 n +0000365402 00000 n +0000365542 00000 n +0000365679 00000 n +0000365815 00000 n +0000365951 00000 n +0000366088 00000 n +0000366200 00000 n +0000366375 00000 n +0000366478 00000 n +0000366629 00000 n +0000366731 00000 n +0000366853 00000 n +0000366985 00000 n +0000367105 00000 n +0000367220 00000 n +0000367334 00000 n +0000367447 00000 n +0000367564 00000 n +0000367679 00000 n +0000367795 00000 n +0000367910 00000 n +0000368026 00000 n +0000368148 00000 n +0000368269 00000 n +0000368388 00000 n +0000368506 00000 n +0000368626 00000 n +0000368729 00000 n +0000368907 00000 n +0000369017 00000 n +0000369171 00000 n +0000369340 00000 n +0000369528 00000 n +0000369709 00000 n +0000369865 00000 n +0000370031 00000 n +0000370163 00000 n +0000370310 00000 n +0000370449 00000 n +0000370569 00000 n +0000370690 00000 n +0000370809 00000 n +0000370997 00000 n +0000371101 00000 n +0000371254 00000 n +0000371365 00000 n +0000371473 00000 n +0000371637 00000 n +0000371741 00000 n +0000371859 00000 n +0000371977 00000 n +0000372098 00000 n +0000372234 00000 n +0000372333 00000 n +0000372464 00000 n +0000372611 00000 n +0000372707 00000 n +0000372821 00000 n +0000372917 00000 n trailer -<<083f7815e9dd0cc7d4726f57cee6742e>]>> +<<5fb0ca5260e34d5c7c72807d3a63192d>]>> startxref -359159 +373598 %%EOF diff --git a/docs/docbook/projdoc/Portability.sgml b/docs/docbook/projdoc/Portability.sgml index f2fe66b9dd..88527cbe62 100644 --- a/docs/docbook/projdoc/Portability.sgml +++ b/docs/docbook/projdoc/Portability.sgml @@ -145,4 +145,27 @@ You should then remove the line: from the DNIX section of includes.h + + +RedHat Linux Rembrandt-II + + +By default RedHat Rembrandt-II during installation adds an +entry to /etc/hosts as follows: + + 127.0.0.1 loopback "hostname"."domainname" + + + + +This causes Samba to loop back onto the loopback interface. +The result is that Samba fails to communicate correctly with +the world and therefor may fail to correctly negotiate who +is the master browse list holder and who is the master browser. + + + +Corrective Action: Delete the entry after the word loopback + in the line starting 127.0.0.1 + diff --git a/docs/htmldocs/bugreport.html b/docs/htmldocs/bugreport.html index cfe9ac01c6..53f34c9f0a 100644 --- a/docs/htmldocs/bugreport.html +++ b/docs/htmldocs/bugreport.html @@ -5,11 +5,10 @@ >Reporting Bugs

    Chapter 19. Reporting Bugs

    Chapter 20. Reporting Bugs

    19.1. Introduction

    20.1. Introduction

    The email address for bug reports is samba@samba.org

    19.2. General info

    20.2. General info

    Before submitting a bug report check your config for silly errors. Look in your log files for obvious messages that tell you that @@ -129,7 +134,9 @@ CLASS="SECT1" >

    19.3. Debug levels

    20.3. Debug levels

    If the bug has anything to do with Samba behaving incorrectly as a server (like refusing to open a file) then the log files will probably @@ -197,7 +204,9 @@ CLASS="SECT1" >

    19.4. Internal errors

    20.4. Internal errors

    If you get a "INTERNAL ERROR" message in your log files it means that Samba got an unexpected signal while running. It is probably a @@ -239,7 +248,9 @@ CLASS="SECT1" >

    19.5. Attaching to a running process

    20.5. Attaching to a running process

    Unfortunately some unixes (in particular some recent linux kernels) refuse to dump a core file if the task has changed uid (which smbd @@ -254,7 +265,9 @@ CLASS="SECT1" >

    19.6. Patches

    20.6. Patches

    The best sort of bug report is one that includes a fix! If you send us patches please use HomeHOWTO Access Samba source code via CVS

    Chapter 18. HOWTO Access Samba source code via CVS

    Chapter 19. HOWTO Access Samba source code via CVS

    18.1. Introduction

    19.1. Introduction

    Samba is developed in an open environment. Developers use CVS (Concurrent Versioning System) to "checkin" (also known as @@ -96,7 +99,9 @@ CLASS="SECT1" >

    18.2. CVS Access to samba.org

    19.2. CVS Access to samba.org

    The machine samba.org runs a publicly accessible CVS repository for access to the source code of several packages, @@ -107,7 +112,9 @@ CLASS="SECT2" >

    18.2.1. Access via CVSweb

    19.2.1. Access via CVSweb

    You can access the source code via your favourite WWW browser. This allows you to access the contents of @@ -126,7 +133,9 @@ CLASS="SECT2" >

    18.2.2. Access via cvs

    19.2.2. Access via cvs

    You can also access the source code via a normal cvs client. This gives you much more control over you can @@ -253,7 +262,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeDiagnosing your samba server

    Chapter 2. Diagnosing your samba server

    Chapter 2. Diagnosing your samba server

    2.1. Introduction

    2.1. Introduction

    This file contains a list of tests you can perform to validate your Samba server. It also tells you what the likely cause of the problem @@ -96,7 +99,9 @@ CLASS="SECT1" >

    2.2. Assumptions

    2.2. Assumptions

    In all of the tests I assume you have a Samba server called BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the @@ -135,13 +140,17 @@ CLASS="SECT1" >

    2.3. Tests

    2.3. Tests

    2.3.1. Test 1

    2.3.1. Test 1

    In the directory in which you store your smb.conf file, run the command "testparm smb.conf". If it reports any errors then your smb.conf @@ -161,7 +170,9 @@ CLASS="SECT2" >

    2.3.2. Test 2

    2.3.2. Test 2

    Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from the unix box. If you don't get a valid response then your TCP/IP @@ -185,7 +196,9 @@ CLASS="SECT2" >

    2.3.3. Test 3

    2.3.3. Test 3

    Run the command "smbclient -L BIGSERVER" on the unix box. You should get a list of available shares back.

    2.3.4. Test 4

    2.3.4. Test 4

    Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the IP address of your Samba server back.

    2.3.5. Test 5

    2.3.5. Test 5

    run the command

    2.3.6. Test 6

    2.3.6. Test 6

    Run the command

    2.3.7. Test 7

    2.3.7. Test 7

    Run the command

    2.3.8. Test 8

    2.3.8. Test 8

    On the PC type the command

    2.3.9. Test 9

    2.3.9. Test 9

    Run the command

    It might also be the case that your client only sends encrypted passwords +and you have encrypt passwords = no in smb.conf. +Turn it back on to fix.

    2.3.10. Test 10

    2.3.10. Test 10

    Run the command

    2.3.11. Test 11

    2.3.11. Test 11

    From file manager try to browse the server. Your samba server should appear in the browse list of your local workgroup (or the one you @@ -541,7 +580,9 @@ CLASS="SECT1" >

    2.4. Still having troubles?

    2.4. Still having troubles?

    Try the mailing list or newsgroup, or use the ethereal utility to sniff the problem. The official samba mailing list can be reached at @@ -586,7 +627,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >Homesecurity = domain in Samba 2.x

    Chapter 10. security = domain in Samba 2.x

    Chapter 10. security = domain in Samba 2.x

    10.1. Joining an NT Domain with Samba 2.2

    10.1. Joining an NT Domain with Samba 2.2

    Assume you have a Samba 2.x server with a NetBIOS name of

    10.2. Samba and Windows 2000 Domains

    10.2. Samba and Windows 2000 Domains

    Many people have asked regarding the state of Samba's ability to participate in a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows @@ -328,7 +333,9 @@ CLASS="SECT1" >

    10.3. Why is this better than security = server?

    10.3. Why is this better than security = server?

    Currently, domain security in Samba doesn't free you from having to create local Unix users to represent the users attaching @@ -437,7 +444,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeGroup mapping HOWTO

    Chapter 20. Group mapping HOWTO

    Chapter 21. Group mapping HOWTO

    Starting with Samba 3.0 alpha 2, a new group mapping function is available. The @@ -190,7 +191,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeImproved browsing in sambaPrev

    Chapter 15. Improved browsing in samba

    Chapter 16. Improved browsing in samba

    15.1. Overview of browsing

    16.1. Overview of browsing

    SMB networking provides a mechanism by which clients can access a list of machines in a network, a so-called "browse list". This list @@ -98,7 +101,9 @@ CLASS="SECT1" >

    15.2. Browsing support in samba

    16.2. Browsing support in samba

    Samba now fully supports browsing. The browsing is supported by nmbd and is also controlled by options in the smb.conf file (see smb.conf(5)).

    15.3. Problem resolution

    16.3. Problem resolution

    If something doesn't work then hopefully the log.nmb file will help you track down the problem. Try a debug level of 2 or 3 for finding @@ -173,7 +180,9 @@ CLASS="SECT1" >

    15.4. Browsing across subnets

    16.4. Browsing across subnets

    With the release of Samba 1.9.17(alpha1 and above) Samba has been updated to enable it to support the replication of browse lists @@ -202,7 +211,9 @@ CLASS="SECT2" >

    15.4.1. How does cross subnet browsing work ?

    16.4.1. How does cross subnet browsing work ?

    Cross subnet browsing is a complicated dance, containing multiple moving parts. It has taken Microsoft several years to get the code @@ -412,7 +423,9 @@ CLASS="SECT1" >

    15.5. Setting up a WINS server

    16.5. Setting up a WINS server

    Either a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must @@ -493,7 +506,9 @@ CLASS="SECT1" >

    15.6. Setting up Browsing in a WORKGROUP

    16.6. Setting up Browsing in a WORKGROUP

    To set up cross subnet browsing on a network containing machines in up to be in a WORKGROUP, not an NT Domain you need to set up one @@ -575,7 +590,9 @@ CLASS="SECT1" >

    15.7. Setting up Browsing in a DOMAIN

    16.7. Setting up Browsing in a DOMAIN

    If you are adding Samba servers to a Windows NT Domain then you must not set up a Samba server as a domain master browser. @@ -624,7 +641,9 @@ CLASS="SECT1" >

    15.8. Forcing samba to be the master

    16.8. Forcing samba to be the master

    Who becomes the "master browser" is determined by an election process using broadcasts. Each election packet contains a number of parameters @@ -670,7 +689,9 @@ CLASS="SECT1" >

    15.9. Making samba the domain master

    16.9. Making samba the domain master

    The domain master is responsible for collating the browse lists of multiple subnets so that browsing can occur between subnets. You can @@ -741,7 +762,9 @@ CLASS="SECT1" >

    15.10. Note about broadcast addresses

    16.10. Note about broadcast addresses

    If your network uses a "0" based broadcast address (for example if it ends in a 0) then you will strike problems. Windows for Workgroups @@ -753,7 +776,9 @@ CLASS="SECT1" >

    15.11. Multiple interfaces

    16.11. Multiple interfaces

    Samba now supports machines with multiple network interfaces. If you have multiple interfaces then you will need to use the "interfaces" @@ -776,7 +801,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevHomeStoring Samba's User/Machine Account information in an LDAP DirectoryUsing samba 3.0 with ActiveDirectory supportHow to Install and Test SAMBAPrev

    Chapter 1. How to Install and Test SAMBA

    Chapter 1. How to Install and Test SAMBA

    1.1. Step 0: Read the man pages

    1.1. Step 0: Read the man pages

    The man pages distributed with SAMBA contain lots of useful info that will help to get you started. @@ -106,7 +109,9 @@ CLASS="SECT1" >

    1.2. Step 1: Building the Binaries

    1.2. Step 1: Building the Binaries

    To do this, first run the program

    1.3. Step 2: The all important step

    1.3. Step 2: The all important step

    At this stage you must fetch yourself a coffee or other drink you find stimulating. Getting the rest @@ -218,7 +225,9 @@ CLASS="SECT1" >

    1.4. Step 3: Create the smb configuration file.

    1.4. Step 3: Create the smb configuration file.

    There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them @@ -272,7 +281,9 @@ CLASS="SECT1" >

    1.5. Step 4: Test your config file with +NAME="AEN74" +>1.5. Step 4: Test your config file with testparm

    1.6. Step 5: Starting the smbd and nmbd

    1.6. Step 5: Starting the smbd and nmbd

    You must choose to start smbd and nmbd either as daemons or from

    1.6.1. Step 5a: Starting from inetd.conf

    1.6.1. Step 5a: Starting from inetd.conf

    NOTE; The following will be different if you use NIS or NIS+ to distributed services maps.

    1.6.2. Step 5b. Alternative: starting it as a daemon

    1.6.2. Step 5b. Alternative: starting it as a daemon

    To start the server as a daemon you should create a script something like this one, perhaps calling @@ -489,7 +506,9 @@ CLASS="SECT1" >

    1.7. Step 6: Try listing the shares available on your +NAME="AEN135" +>1.7. Step 6: Try listing the shares available on your server

    1.8. Step 7: Try connecting with the unix client

    1.8. Step 7: Try connecting with the unix client

    1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, +NAME="AEN160" +>1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client

    Try mounting disks. eg:

    1.10. What If Things Don't Work?

    1.10. What If Things Don't Work?

    If nothing works and you start to think "who wrote this pile of trash" then I suggest you do step 2 again (and @@ -657,7 +682,9 @@ CLASS="SECT2" >

    1.10.1. Diagnosing Problems

    1.10.1. Diagnosing Problems

    If you have installation problems then go to

    1.10.2. Scope IDs

    1.10.2. Scope IDs

    By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. @@ -685,7 +714,9 @@ CLASS="SECT2" >

    1.10.3. Choosing the Protocol Level

    1.10.3. Choosing the Protocol Level

    The SMB protocol has many dialects. Currently Samba supports 5, called CORE, COREPLUS, LANMAN1, @@ -724,7 +755,9 @@ CLASS="SECT2" >

    1.10.4. Printing from UNIX to a Client PC

    1.10.4. Printing from UNIX to a Client PC

    To use a printer that is available via a smb-based server from a unix host with LPR you will need to compile the @@ -743,7 +776,9 @@ CLASS="SECT2" >

    1.10.5. Locking

    1.10.5. Locking

    One area which sometimes causes trouble is locking.

    1.10.6. Mapping Usernames

    1.10.6. Mapping Usernames

    If you have different usernames on the PCs and the unix server then take a look at the "username map" option. @@ -825,7 +862,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevHomeIntegrating MS Windows networks with Samba

    Chapter 3. Integrating MS Windows networks with Samba

    Chapter 3. Integrating MS Windows networks with Samba

    3.1. Agenda

    3.1. Agenda

    To identify the key functional mechanisms of MS Windows networking to enable the deployment of Samba as a means of extending and/or @@ -142,7 +145,9 @@ CLASS="SECT1" >

    3.2. Name Resolution in a pure Unix/Linux world

    3.2. Name Resolution in a pure Unix/Linux world

    The key configuration files covered in this section are:

    3.2.1. 3.2.1. /etc/hosts

    3.2.2. 3.2.2. /etc/resolv.conf

    3.2.3. 3.2.3. /etc/host.conf

    3.2.4. 3.2.4. /etc/nsswitch.conf

    3.3. Name resolution as used within MS Windows networking

    3.3. Name resolution as used within MS Windows networking

    MS Windows networking is predicated about the name each machine is given. This name is known variously (and inconsistently) as @@ -474,7 +489,9 @@ CLASS="SECT2" >

    3.3.1. The NetBIOS Name Cache

    3.3.1. The NetBIOS Name Cache

    All MS Windows machines employ an in memory buffer in which is stored the NetBIOS names and IP addresses for all external @@ -499,7 +516,9 @@ CLASS="SECT2" >

    3.3.2. The LMHOSTS file

    3.3.2. The LMHOSTS file

    This file is usually located in MS Windows NT 4.0 or 2000 in

    3.3.3. HOSTS file

    3.3.3. HOSTS file

    This file is usually located in MS Windows NT 4.0 or 2000 in

    3.3.4. DNS Lookup

    3.3.4. DNS Lookup

    This capability is configured in the TCP/IP setup area in the network configuration facility. If enabled an elaborate name resolution sequence @@ -638,7 +661,9 @@ CLASS="SECT2" >

    3.3.5. WINS Lookup

    3.3.5. WINS Lookup

    A WINS (Windows Internet Name Server) service is the equivaent of the rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores @@ -679,7 +704,9 @@ CLASS="SECT1" >

    3.4. How browsing functions and how to deploy stable and +NAME="AEN495" +>3.4. How browsing functions and how to deploy stable and dependable browsing using Samba

    As stated above, MS Windows machines register their NetBIOS names @@ -744,7 +771,9 @@ CLASS="SECT1" >

    3.5. MS Windows security options and how to configure +NAME="AEN505" +>3.5. MS Windows security options and how to configure Samba for seemless integration

    MS Windows clients may use encrypted passwords as part of a @@ -879,7 +908,9 @@ CLASS="SECT2" >

    3.5.1. Use MS Windows NT as an authentication server

    3.5.1. Use MS Windows NT as an authentication server

    This method involves the additions of the following parameters in the smb.conf file:

    3.5.2. Make Samba a member of an MS Windows NT security domain

    3.5.2. Make Samba a member of an MS Windows NT security domain

    This method involves additon of the following paramters in the smb.conf file:

    3.5.3. Configure Samba as an authentication server

    3.5.3. Configure Samba as an authentication server

    This mode of authentication demands that there be on the Unix/Linux system both a Unix style account as well as an @@ -1009,7 +1044,9 @@ CLASS="SECT3" >

    3.5.3.1. Users

    3.5.3.1. Users

    A user account that may provide a home directory should be created. The following Linux system commands are typical of @@ -1030,7 +1067,9 @@ CLASS="SECT3" >

    3.5.3.2. MS Windows NT Machine Accounts

    3.5.3.2. MS Windows NT Machine Accounts

    These are required only when Samba is used as a domain controller. Refer to the Samba-PDC-HOWTO for more details.

    3.6. Conclusions

    3.6. Conclusions

    Samba provides a flexible means to operate as...

    HomeHosting a Microsoft Distributed File System tree on Samba

    Chapter 5. Hosting a Microsoft Distributed File System tree on Samba

    Chapter 5. Hosting a Microsoft Distributed File System tree on Samba

    5.1. Instructions

    5.1. Instructions

    The Distributed File System (or Dfs) provides a means of separating the logical view of files and directories that users @@ -223,7 +226,9 @@ CLASS="SECT2" >

    5.1.1. Notes

    5.1.1. Notes

      HomeSamba and other CIFS clients

    Chapter 17. Samba and other CIFS clients

    Chapter 18. Samba and other CIFS clients

    This chapter contains client-specific information.

    17.1. Macintosh clients?

    18.1. Macintosh clients?

    Yes.

    17.2. OS2 Client

    18.2. OS2 Client

    17.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN2964" +>18.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?

    A more complete answer to this question can be @@ -185,7 +192,9 @@ CLASS="SECT2" >

    17.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN2979" +>18.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?

    You can use the free Microsoft LAN Manager 2.2c Client @@ -227,7 +236,9 @@ CLASS="SECT2" >

    17.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN2988" +>18.2.3. Are there any other issues when OS/2 (any version) is used as a client?

    When you do a NET VIEW or use the "File and Print @@ -247,7 +258,9 @@ CLASS="SECT2" >

    17.2.4. How do I get printer driver download working +NAME="AEN2992" +>18.2.4. How do I get printer driver download working for OS/2 clients?

    First, create a share called [PRINTDRV] that is @@ -296,13 +309,17 @@ CLASS="SECT1" >

    17.3. Windows for Workgroups

    18.3. Windows for Workgroups

    17.3.1. Use latest TCP/IP stack from Microsoft

    18.3.1. Use latest TCP/IP stack from Microsoft

    Use the latest TCP/IP stack from microsoft if you use Windows for workgroups.

    17.3.2. Delete .pwl files after password change

    18.3.2. Delete .pwl files after password change

    WfWg does a lousy job with passwords. I find that if I change my password on either the unix box or the PC the safest thing to do is to @@ -340,7 +359,9 @@ CLASS="SECT2" >

    17.3.3. Configure WfW password handling

    18.3.3. Configure WfW password handling

    There is a program call admincfg.exe on the last disk (disk 8) of the WFW 3.11 disk set. To install it @@ -357,7 +378,9 @@ CLASS="SECT2" >

    17.3.4. Case handling of passwords

    18.3.4. Case handling of passwords

    Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the

    17.4. Windows '95/'98

    18.4. Windows '95/'98

    When using Windows 95 OEM SR2 the following updates are recommended where Samba is being used. Please NOTE that the above change will affect you once these @@ -420,7 +445,9 @@ CLASS="SECT1" >

    17.5. Windows 2000 Service Pack 2

    18.5. Windows 2000 Service Pack 2

    There are several annoyances with Windows 2000 SP2. One of which @@ -521,7 +548,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >Home

    Chapter 4. Configuring PAM for distributed but centrally +NAME="PAM" +>Chapter 4. Configuring PAM for distributed but centrally managed authentication

    4.1. Samba and PAM

    4.1. Samba and PAM

    A number of Unix systems (eg: Sun Solaris), as well as the xxxxBSD family and Linux, now utilize the Pluggable Authentication @@ -290,7 +293,9 @@ CLASS="SECT1" >

    4.2. Distributed Authentication

    4.2. Distributed Authentication

    The astute administrator will realize from this that the combination of

    4.3. PAM Configuration in smb.conf

    4.3. PAM Configuration in smb.conf

    There is an option in smb.conf called HomePortability

    Chapter 21. Portability

    Chapter 22. Portability

    Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -73,7 +74,9 @@ CLASS="SECT1" >

    21.1. HPUX

    22.1. HPUX

    HP's implementation of supplementary groups is, er, non-standard (for hysterical reasons). There are two group files, /etc/group and @@ -97,7 +100,9 @@ CLASS="SECT1" >

    21.2. SCO Unix

    22.2. SCO Unix

    If you run an old version of SCO Unix then you may need to get important @@ -112,7 +117,9 @@ CLASS="SECT1" >

    21.3. DNIX

    22.3. DNIX

    DNIX has a problem with seteuid() and setegid(). These routines are needed for Samba to work correctly, but they were left out of the DNIX @@ -212,6 +219,30 @@ CLASS="FILENAME" >includes.h

    22.4. RedHat Linux Rembrandt-II

    By default RedHat Rembrandt-II during installation adds an +entry to /etc/hosts as follows: +

    	127.0.0.1 loopback "hostname"."domainname"

    This causes Samba to loop back onto the loopback interface. +The result is that Samba fails to communicate correctly with +the world and therefor may fail to correctly negotiate who +is the master browse list holder and who is the master browser.

    Corrective Action: Delete the entry after the word loopback + in the line starting 127.0.0.1

    HomePrinting Support in Samba 2.2.x

    Chapter 7. Printing Support in Samba 2.2.x

    Chapter 7. Printing Support in Samba 2.2.x

    7.1. Introduction

    7.1. Introduction

    Beginning with the 2.2.0 release, Samba supports the native Windows NT printing mechanisms implemented via @@ -162,7 +165,9 @@ CLASS="SECT1" >

    7.2. Configuration

    7.2. Configuration

    Warning

    7.2.1. Creating [print$]

    7.2.1. Creating [print$]

    In order to support the uploading of printer driver files, you must first configure a file share named [print$]. @@ -319,7 +326,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" >NoteWarning

    7.2.2. Setting Drivers for Existing Printers

    7.2.2. Setting Drivers for Existing Printers

    The initial listing of printers in the Samba host's Printers folder will have no real printer driver assigned @@ -539,7 +548,9 @@ CLASS="SECT2" >

    7.2.3. Support a large number of printers

    7.2.3. Support a large number of printers

    One issue that has arisen during the development phase of Samba 2.2 is the need to support driver downloads for @@ -603,7 +614,9 @@ CLASS="SECT2" >

    7.2.4. Adding New Printers via the Windows NT APW

    7.2.4. Adding New Printers via the Windows NT APW

    By default, Samba offers all printer shares defined in

    7.2.5. Samba and Printer Ports

    7.2.5. Samba and Printer Ports

    Windows NT/2000 print servers associate a port with each printer. These normally take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the @@ -805,7 +820,9 @@ CLASS="SECT1" >

    7.3. The Imprints Toolset

    7.3. The Imprints Toolset

    The Imprints tool set provides a UNIX equivalent of the Windows NT Add Printer Wizard. For complete information, please @@ -821,7 +838,9 @@ CLASS="SECT2" >

    7.3.1. What is Imprints?

    7.3.1. What is Imprints?

    Imprints is a collection of tools for supporting the goals of

    7.3.2. Creating Printer Driver Packages

    7.3.2. Creating Printer Driver Packages

    The process of creating printer driver packages is beyond the scope of this document (refer to Imprints.txt also included @@ -865,7 +886,9 @@ CLASS="SECT2" >

    7.3.3. The Imprints server

    7.3.3. The Imprints server

    The Imprints server is really a database server that may be queried via standard HTTP mechanisms. Each printer @@ -887,7 +910,9 @@ CLASS="SECT2" >

    7.3.4. The Installation Client

    7.3.4. The Installation Client

    More information regarding the Imprints installation client is available in the

    7.4. 7.4. Migration to from Samba 2.0.x to 2.2.x

    WarningHomeDebugging Printing Problems

    Chapter 8. Debugging Printing Problems

    Chapter 8. Debugging Printing Problems

    8.1. Introduction

    8.1. Introduction

    This is a short description of how to debug printing problems with Samba. This describes how to debug problems with printing from a SMB @@ -149,7 +152,9 @@ CLASS="SECT1" >

    8.2. Debugging printer problems

    8.2. Debugging printer problems

    One way to debug printing problems is to start by replacing these command with shell scripts that record the arguments and the contents @@ -204,7 +209,9 @@ CLASS="SECT1" >

    8.3. What printers do I have?

    8.3. What printers do I have?

    You can use the 'testprns' program to check to see if the printer name you are using is recognized by Samba. For example, you can @@ -231,7 +238,9 @@ CLASS="SECT1" >

    8.4. Setting up printcap and print servers

    8.4. Setting up printcap and print servers

    You may need to set up some printcaps for your Samba system to use. It is strongly recommended that you use the facilities provided by @@ -313,7 +322,9 @@ CLASS="SECT1" >

    8.5. Job sent, no output

    8.5. Job sent, no output

    This is the most frustrating part of printing. You may have sent the job, verified that the job was forwarded, set up a wrapper around @@ -356,7 +367,9 @@ CLASS="SECT1" >

    8.6. Job sent, strange output

    8.6. Job sent, strange output

    Once you have the job printing, you can then start worrying about making it print nicely.

    8.7. Raw PostScript printed

    8.7. Raw PostScript printed

    This is a problem that is usually caused by either the print spooling system putting information at the start of the print job that makes @@ -413,7 +428,9 @@ CLASS="SECT1" >

    8.8. Advanced Printing

    8.8. Advanced Printing

    Note that you can do some pretty magic things by using your imagination with the "print command" option and some shell scripts. @@ -427,7 +444,9 @@ CLASS="SECT1" >

    8.9. Real debugging

    8.9. Real debugging

    If the above debug tips don't help, then maybe you need to bring in the bug guns, system tracing. See Tracing.txt in this directory.

    HomeHow to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

    Chapter 13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

    Chapter 13. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

    13.1. Prerequisite Reading

    13.1. Prerequisite Reading

    Before you continue reading in this chapter, please make sure that you are comfortable with configuring a Samba PDC @@ -91,7 +94,9 @@ CLASS="SECT1" >

    13.2. Background

    13.2. Background

    What is a Domain Controller? It is a machine that is able to answer logon requests from workstations in a Windows NT Domain. Whenever a @@ -134,7 +139,9 @@ CLASS="SECT1" >

    13.3. What qualifies a Domain Controller on the network?

    13.3. What qualifies a Domain Controller on the network?

    Every machine that is a Domain Controller for the domain SAMBA has to register the NetBIOS group name SAMBA#1c with the WINS server and/or @@ -149,7 +156,9 @@ CLASS="SECT2" >

    13.3.1. How does a Workstation find its domain controller?

    13.3.1. How does a Workstation find its domain controller?

    A NT workstation in the domain SAMBA that wants a local user to be authenticated has to find the domain controller for SAMBA. It does @@ -166,7 +175,9 @@ CLASS="SECT2" >

    13.3.2. When is the PDC needed?

    13.3.2. When is the PDC needed?

    Whenever a user wants to change his password, this has to be done on the PDC. To find the PDC, the workstation does a NetBIOS name query @@ -180,7 +191,9 @@ CLASS="SECT1" >

    13.4. Can Samba be a Backup Domain Controller?

    13.4. Can Samba be a Backup Domain Controller?

    With version 2.2, no. The native NT SAM replication protocols have not yet been fully implemented. The Samba Team is working on @@ -197,7 +210,9 @@ CLASS="SECT1" >

    13.5. How do I set up a Samba BDC?

    13.5. How do I set up a Samba BDC?

    Several things have to be done:

    13.5.1. How do I replicate the smbpasswd file?

    13.5.1. How do I replicate the smbpasswd file?

    Replication of the smbpasswd file is sensitive. It has to be done whenever changes to the SAM are made. Every user's password change is @@ -303,7 +320,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeStoring Samba's User/Machine Account information in an LDAP DirectoryNext

    Chapter 14. Storing Samba's User/Machine Account information in an LDAP Directory

    Chapter 14. Storing Samba's User/Machine Account information in an LDAP Directory

    14.1. Purpose

    14.1. Purpose

    This document describes how to use an LDAP directory for storing Samba user account information traditionally stored in the smbpasswd(5) file. It is @@ -142,7 +145,9 @@ CLASS="SECT1" >

    14.2. Introduction

    14.2. Introduction

    Traditionally, when configuring

    14.3. Supported LDAP Servers

    14.3. Supported LDAP Servers

    The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP 2.0 server and client libraries. The same code should be able to work with @@ -280,7 +287,9 @@ CLASS="SECT1" >

    14.4. Schema and Relationship to the RFC 2307 posixAccount

    14.4. Schema and Relationship to the RFC 2307 posixAccount

    Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in

    14.5. Configuring Samba with LDAP

    14.5. Configuring Samba with LDAP

    14.5.1. OpenLDAP configuration

    14.5.1. OpenLDAP configuration

    To include support for the sambaAccount object in an OpenLDAP directory server, first copy the samba.schema file to slapd's configuration directory.

    14.5.2. Configuring Samba

    14.5.2. Configuring Samba

    The following parameters are available in smb.conf only with

    14.6. Accounts and Groups management

    14.6. Accounts and Groups management

    As users accounts are managed thru the sambaAccount objectclass, you should modify you existing administration tools to deal with sambaAccount attributes.

    14.7. Security and sambaAccount

    14.7. Security and sambaAccount

    There are two important points to remember when discussing the security of sambaAccount entries in the directory.

    14.8. LDAP specials attributes for sambaAccounts

    14.8. LDAP specials attributes for sambaAccounts

    The sambaAccount objectclass is composed of the following attributes:

    14.9. Example LDIF Entries for a sambaAccount

    14.9. Example LDIF Entries for a sambaAccount

    The following is a working LDIF with the inclusion of the posixAccount objectclass:

    14.10. Comments

    14.10. Comments

    Please mail all comments regarding this HOWTO to HomeNextImproved browsing in sambaUsing samba 3.0 with ActiveDirectory support

    Security levels

    Chapter 9. Security levels

    Chapter 9. Security levels

    9.1. Introduction

    9.1. Introduction

    Samba supports the following options to the global smb.conf parameter

    9.2. More complete description of security levels

    9.2. More complete description of security levels

    A SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which @@ -233,7 +238,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeSamba performance issues

    Chapter 16. Samba performance issues

    Chapter 17. Samba performance issues

    16.1. Comparisons

    17.1. Comparisons

    The Samba server uses TCP to talk to the client. Thus if you are trying to see if it performs well you should really compare it to @@ -105,13 +108,17 @@ CLASS="SECT1" >

    16.2. Oplocks

    17.2. Oplocks

    16.2.1. Overview

    17.2.1. Overview

    Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock @@ -145,7 +152,9 @@ CLASS="SECT2" >

    16.2.2. Level2 Oplocks

    17.2.2. Level2 Oplocks

    With Samba 2.0.5 a new capability - level2 (read only) oplocks is supported (although the option is off by default - see the smb.conf @@ -167,7 +176,9 @@ CLASS="SECT2" >

    16.2.3. Old 'fake oplocks' option - deprecated

    17.2.3. Old 'fake oplocks' option - deprecated

    Samba can also fake oplocks, by granting a oplock whenever a client asks for one. This is controlled using the smb.conf option "fake @@ -186,7 +197,9 @@ CLASS="SECT1" >

    16.3. Socket options

    17.3. Socket options

    There are a number of socket options that can greatly affect the performance of a TCP based server like Samba.

    16.4. Read size

    17.4. Read size

    The option "read size" affects the overlap of disk reads/writes with network reads/writes. If the amount of data being transferred in @@ -236,7 +251,9 @@ CLASS="SECT1" >

    16.5. Max xmit

    17.5. Max xmit

    At startup the client and server negotiate a "maximum transmit" size, which limits the size of nearly all SMB commands. You can set the @@ -257,7 +274,9 @@ CLASS="SECT1" >

    16.6. Locking

    17.6. Locking

    By default Samba does not implement strict locking on each read/write call (although it did in previous versions). If you enable strict @@ -272,7 +291,9 @@ CLASS="SECT1" >

    16.7. Share modes

    17.7. Share modes

    Some people find that opening files is very slow. This is often because of the "share modes" code needed to fully implement the dos @@ -300,7 +321,9 @@ CLASS="SECT1" >

    16.8. Log level

    17.8. Log level

    If you set the log level (also known as "debug level") higher than 2 then you may suffer a large drop in performance. This is because the @@ -312,7 +335,9 @@ CLASS="SECT1" >

    16.9. Wide lines

    17.9. Wide lines

    The "wide links" option is now enabled by default, but if you disable it (for better security) then you may suffer a performance hit in @@ -324,7 +349,9 @@ CLASS="SECT1" >

    16.10. Read raw

    17.10. Read raw

    The "read raw" operation is designed to be an optimised, low-latency file read operation. A server may choose to not support it, @@ -344,7 +371,9 @@ CLASS="SECT1" >

    16.11. Write raw

    17.11. Write raw

    The "write raw" operation is designed to be an optimised, low-latency file write operation. A server may choose to not support it, @@ -359,7 +388,9 @@ CLASS="SECT1" >

    16.12. Read prediction

    17.12. Read prediction

    Samba can do read prediction on some of the SMB commands. Read prediction means that Samba reads some extra data on the last file it @@ -383,7 +414,9 @@ CLASS="SECT1" >

    16.13. Memory mapping

    17.13. Memory mapping

    Samba supports reading files via memory mapping them. One some machines this can give a large boost to performance, on others it @@ -402,7 +435,9 @@ CLASS="SECT1" >

    16.14. Slow Clients

    17.14. Slow Clients

    One person has reported that setting the protocol to COREPLUS rather than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).

    16.15. Slow Logins

    17.15. Slow Logins

    Slow logins are almost always due to the password checking time. Using the lowest practical "password level" will improve things a lot. You @@ -428,7 +465,9 @@ CLASS="SECT1" >

    16.16. Client tuning

    17.16. Client tuning

    Often a speed problem can be traced to the client. The client (for example Windows for Workgroups) can often be tuned for better TCP @@ -530,7 +569,9 @@ CLASS="SECT1" >

    16.17. My Results

    17.17. My Results

    Some people want to see real numbers in a document like this, so here they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b @@ -578,7 +619,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeUNIX Permission Bits and Windows NT Access Control Lists

    Chapter 6. UNIX Permission Bits and Windows NT Access Control Lists

    Chapter 6. UNIX Permission Bits and Windows NT Access Control Lists

    6.1. Viewing and changing UNIX permissions using the NT +NAME="AEN722" +>6.1. Viewing and changing UNIX permissions using the NT security dialogs

    New in the Samba 2.0.4 release is the ability for Windows @@ -113,7 +116,9 @@ CLASS="SECT1" >

    6.2. How to view file security on a Samba share

    6.2. How to view file security on a Samba share

    From an NT 4.0 client, single-click with the right mouse button on any file or directory in a Samba mounted @@ -181,7 +186,9 @@ CLASS="SECT1" >

    6.3. Viewing file ownership

    6.3. Viewing file ownership

    Clicking on the

    6.4. Viewing file or directory permissions

    6.4. Viewing file or directory permissions

    The third button is the

    6.4.1. File Permissions

    6.4.1. File Permissions

    The standard UNIX user/group/world triple and the corresponding "read", "write", "execute" permissions @@ -393,7 +404,9 @@ CLASS="SECT2" >

    6.4.2. Directory Permissions

    6.4.2. Directory Permissions

    Directories on an NT NTFS file system have two different sets of permissions. The first set of permissions @@ -423,7 +436,9 @@ CLASS="SECT1" >

    6.5. Modifying file or directory permissions

    6.5. Modifying file or directory permissions

    Modifying file and directory permissions is as simple as changing the displayed permissions in the dialog box, and @@ -519,7 +534,9 @@ CLASS="SECT1" >

    6.6. Interaction with the standard Samba create mask +NAME="AEN820" +>6.6. Interaction with the standard Samba create mask parameters

    Note that with Samba 2.0.5 there are four new parameters @@ -794,7 +811,9 @@ CLASS="SECT1" >

    6.7. Interaction with the standard Samba file attribute +NAME="AEN884" +>6.7. Interaction with the standard Samba file attribute mapping

    Samba maps some of the DOS attribute bits (such as "read @@ -860,7 +879,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >HomeUnified Logons between Windows NT and UNIX using Winbind

    Chapter 11. Unified Logons between Windows NT and UNIX using Winbind

    Chapter 11. Unified Logons between Windows NT and UNIX using Winbind

    11.1. Abstract

    11.1. Abstract

    Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous @@ -101,7 +104,9 @@ CLASS="SECT1" >

    11.2. Introduction

    11.2. Introduction

    It is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and @@ -153,7 +158,9 @@ CLASS="SECT1" >

    11.3. What Winbind Provides

    11.3. What Winbind Provides

    Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once @@ -193,7 +200,9 @@ CLASS="SECT2" >

    11.3.1. Target Uses

    11.3.1. Target Uses

    Winbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish @@ -215,7 +224,9 @@ CLASS="SECT1" >

    11.4. How Winbind Works

    11.4. How Winbind Works

    The winbind system is designed around a client/server architecture. A long running

    11.4.1. Microsoft Remote Procedure Calls

    11.4.1. Microsoft Remote Procedure Calls

    Over the last two years, efforts have been underway by various Samba Team members to decode various aspects of @@ -257,7 +270,9 @@ CLASS="SECT2" >

    11.4.2. Name Service Switch

    11.4.2. Name Service Switch

    The Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system @@ -335,7 +350,9 @@ CLASS="SECT2" >

    11.4.3. Pluggable Authentication Modules

    11.4.3. Pluggable Authentication Modules

    Pluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization @@ -382,7 +399,9 @@ CLASS="SECT2" >

    11.4.4. User and Group ID Allocation

    11.4.4. User and Group ID Allocation

    When a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is @@ -406,7 +425,9 @@ CLASS="SECT2" >

    11.4.5. Result Caching

    11.4.5. Result Caching

    An active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind @@ -427,7 +448,9 @@ CLASS="SECT1" >

    11.5. Installation and Configuration

    11.5. Installation and Configuration

    Many thanks to John Trostel

    11.5.1. Introduction

    11.5.1. Introduction

    This HOWTO describes the procedures used to get winbind up and running on my RedHat 7.1 system. Winbind is capable of providing access @@ -509,7 +534,9 @@ CLASS="SECT2" >

    11.5.2. Requirements

    11.5.2. Requirements

    If you have a samba configuration file that you are currently using...

    11.5.3. Testing Things Out

    11.5.3. Testing Things Out

    Before starting, it is probably best to kill off all the SAMBA related daemons running on your server. Kill off all

    11.5.3.1. Configure and compile SAMBA

    11.5.3.1. Configure and compile SAMBA

    The configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon @@ -684,7 +715,9 @@ CLASS="SECT3" >

    11.5.3.2. Configure 11.5.3.2. Configure nsswitch.conf and the @@ -787,7 +820,9 @@ CLASS="SECT3" >

    11.5.3.3. Configure smb.conf

    11.5.3.3. Configure smb.conf

    Several parameters are needed in the smb.conf file to control the behavior of

    11.5.3.4. Join the SAMBA server to the PDC domain

    11.5.3.4. Join the SAMBA server to the PDC domain

    Enter the following command to make the SAMBA server join the PDC domain, where

    11.5.3.5. Start up the winbindd daemon and test it!

    11.5.3.5. Start up the winbindd daemon and test it!

    Eventually, you will want to modify your smb startup script to automatically invoke the winbindd daemon when the other parts of @@ -1025,13 +1064,17 @@ CLASS="SECT3" >

    11.5.3.6. Fix the init.d startup scripts

    11.5.3.6. Fix the init.d startup scripts

    11.5.3.6.1. Linux

    11.5.3.6.1. Linux

    The

    11.5.3.6.2. Solaris

    11.5.3.6.2. Solaris

    On solaris, you need to modify the

    11.5.3.6.3. Restarting

    11.5.3.6.3. Restarting

    If you restart the

    11.5.3.7. Configure Winbind and PAM

    11.5.3.7. Configure Winbind and PAM

    If you have made it this far, you know that winbindd and samba are working together. If you want to use winbind to provide authentication for other @@ -1272,7 +1321,9 @@ CLASS="SECT4" >

    11.5.3.7.1. Linux/FreeBSD-specific PAM configuration

    11.5.3.7.1. Linux/FreeBSD-specific PAM configuration

    The

    11.5.3.7.2. Solaris-specific configuration

    11.5.3.7.2. Solaris-specific configuration

    The /etc/pam.conf needs to be changed. I changed this file so that my Domain users can logon both locally as well as telnet.The following are the changes @@ -1484,7 +1537,9 @@ CLASS="SECT1" >

    11.6. Limitations

    11.6. Limitations

    Winbind has a number of limitations in its current released version that we hope to overcome in future @@ -1523,7 +1578,9 @@ CLASS="SECT1" >

    11.7. Conclusion

    11.7. Conclusion

    The winbind system, through the use of the Name Service Switch, Pluggable Authentication Modules, and appropriate @@ -1558,7 +1615,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >Home Date: Fri, 4 Oct 2002 17:20:45 +0000 Subject: Move Recent-FAQ's to the new SGML FAQ (This used to be commit 8a15a8c195285550be55bac63f7508bf34b36411) --- docs/docbook/faq/errors.sgml | 85 ++++++++++++++++ docs/docbook/faq/sambafaq.sgml | 5 +- docs/faq/clientapp.html | 19 +++- docs/faq/errors.html | 222 +++++++++++++++++++++++++++++++++++++++++ docs/faq/samba-faq.html | 27 ++++- docs/textdocs/Recent-FAQs.txt | 63 ------------ 6 files changed, 352 insertions(+), 69 deletions(-) create mode 100644 docs/docbook/faq/errors.sgml create mode 100644 docs/faq/errors.html delete mode 100644 docs/textdocs/Recent-FAQs.txt (limited to 'docs') diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml new file mode 100644 index 0000000000..53e4d01e20 --- /dev/null +++ b/docs/docbook/faq/errors.sgml @@ -0,0 +1,85 @@ + + +Common errors + + +Not listening for calling name + + + +Session request failed (131,129) with myname=HOBBES destname=CALVIN +Not listening for calling name + + + + +If you get this when talking to a Samba box then it means that your +global "hosts allow" or "hosts deny" settings are causing the Samba +server to refuse the connection. + + + +Look carefully at your "hosts allow" and "hosts deny" lines in the +global section of smb.conf. + + + +It can also be a problem with reverse DNS lookups not functioning +correctly, leading to the remote host identity not being able to +be confirmed, but that is less likely. + + + + +System Error 1240 + + +System error 1240 means that the client is refusing to talk +to a non-encrypting server. Microsoft changed WinNT in service +pack 3 to refuse to connect to servers that do not support +SMB password encryption. + + +There are two main solutions: + +enable SMB password encryption in Samba. See the encryption part of +the samba HOWTO Collection + +disable this new behaviour in NT. See the section about +Windows NT in the chapter "Portability" of the samba HOWTO collection + + + + + + +smbclient ignores -N ! + + +When getting the list of shares available on a host using the command +smbclient -N -L +the program always prompts for the password if the server is a Samba server. +It also ignores the "-N" argument when querying some (but not all) of our +NT servers. + + + +No, it does not ignore -N, it is just that your server rejected the +null password in the connection, so smbclient prompts for a password +to try again. + + + +To get the behaviour that you probably want use smbclient -L host -U% + + + +This will set both the username and password to null, which is +an anonymous login for SMB. Using -N would only set the password +to null, and this is not accepted as an anonymous login for most +SMB servers. + + + + + diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml index db918e349f..b6d8016fc4 100644 --- a/docs/docbook/faq/sambafaq.sgml +++ b/docs/docbook/faq/sambafaq.sgml @@ -1,6 +1,7 @@ + ]> @@ -20,11 +21,13 @@ allows file and printer connections from clients such as Windows, OS/2, Linux and others. Current to version 3.0. Please send any corrections to the samba documentation mailinglist at samba-doc@samba.org. -This FAQ is based on the old Samba FAQ by Dan Shearer and Paul Blackman. +This FAQ was based on the old Samba FAQ by Dan Shearer and Paul Blackman, +and the old samba text documents which were mostly written by John Terpstra. &general; &install; &clientapp; +&errors; diff --git a/docs/faq/clientapp.html b/docs/faq/clientapp.html index 0081891331..fd120f90cd 100644 --- a/docs/faq/clientapp.html +++ b/docs/faq/clientapp.html @@ -11,7 +11,10 @@ TITLE="Samba FAQ" HREF="samba-faq.html"> Next

     Next Common errors
    +Common errors
    Samba FAQ
    Prev 

    Chapter 4. Common errors

    4.1. Not listening for calling name

    Session request failed (131,129) with myname=HOBBES destname=CALVIN
+Not listening for calling name

    If you get this when talking to a Samba box then it means that your +global "hosts allow" or "hosts deny" settings are causing the Samba +server to refuse the connection.

    Look carefully at your "hosts allow" and "hosts deny" lines in the +global section of smb.conf.

    It can also be a problem with reverse DNS lookups not functioning +correctly, leading to the remote host identity not being able to +be confirmed, but that is less likely.

    4.2. System Error 1240

    System error 1240 means that the client is refusing to talk +to a non-encrypting server. Microsoft changed WinNT in service +pack 3 to refuse to connect to servers that do not support +SMB password encryption.

    There are two main solutions: +

    enable SMB password encryption in Samba. See the encryption part of +the samba HOWTO Collection
    disable this new behaviour in NT. See the section about +Windows NT in the chapter "Portability" of the samba HOWTO collection

    4.3. smbclient ignores -N !

    "When getting the list of shares available on a host using the command +smbclient -N -L +the program always prompts for the password if the server is a Samba server. +It also ignores the "-N" argument when querying some (but not all) of our +NT servers."

    No, it does not ignore -N, it is just that your server rejected the +null password in the connection, so smbclient prompts for a password +to try again.

    To get the behaviour that you probably want use smbclient -L host -U%

    This will set both the username and password to null, which is +an anonymous login for SMB. Using -N would only set the password +to null, and this is not accepted as an anonymous login for most +SMB servers.

    PrevHome 
    Specific client application problems  
    \ No newline at end of file diff --git a/docs/faq/samba-faq.html b/docs/faq/samba-faq.html index 14b62edcc1..8efb6989de 100644 --- a/docs/faq/samba-faq.html +++ b/docs/faq/samba-faq.html @@ -52,7 +52,8 @@ HREF="mailto:samba-doc@samba.org" TARGET="_top" >samba-doc@samba.org. -This FAQ is based on the old Samba FAQ by Dan Shearer and Paul Blackman.

    4. Common errors
    4.1. Not listening for calling name
    4.2. System Error 1240
    4.3. smbclient ignores -N !
    Session request failed (131,129) with myname=HOBBES destname=CALVIN -> Not listening for calling name - -If you get this when talking to a Samba box then it means that your -global "hosts allow" or "hosts deny" settings are causing the Samba -server to refuse the connection. - -Look carefully at your "hosts allow" and "hosts deny" lines in the -global section of smb.conf. - -It can also be a problem with reverse DNS lookups not functioning -correctly, leading to the remote host identity not being able to -be confirmed, but that is less likely. -=============================================================================== - -System Error 1240 -================= -System error 1240 means that the client is refusing to talk -to a non-encrypting server. Microsoft changed WinNT in service -pack 3 to refuse to connect to servers that do not support -SMB password encryption. - -There are two main solutions: - -1) enable SMB password encryption in Samba. See ENCRYPTION.txt in the -Samba docs - -2) disable this new behaviour in NT. See WinNT.txt in the -Samba docs -=============================================================================== - -smbclient -N -============ -> When getting the list of shares available on a host using the command -> smbclient -N -L -> the program always prompts for the password if the server is a Samba server. -> It also ignores the "-N" argument when querying some (but not all) of our -> NT servers. - -No, it does not ignore -N, it is just that your server rejected the -null password in the connection, so smbclient prompts for a password -to try again. - -To get the behaviour that you probably want use - smbclient -L host -U% - -this will set both the username and password to null, which is -an anonymous login for SMB. Using -N would only set the password -to null, and this is not accepted as an anonymous login for most -SMB servers. -=============================================================================== - -- cgit From 7f58076bf7d723e2d65e642a4cdafa09bd9dc3f2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 4 Oct 2002 18:02:51 +0000 Subject: Convert README.Win32-Viruses DHCP-Server-Configuration and Faxing to SGML... (This used to be commit 68a18e1a9ea44d7f0d84de5a23eef9d9a7568cbc) --- docs/README.Win32-Viruses | 57 ------- docs/docbook/faq/sambafaq.sgml | 2 + docs/faq/errors.html | 19 ++- docs/faq/samba-faq.html | 53 ++++++ docs/textdocs/DHCP-Server-Configuration.txt | 240 ---------------------------- docs/textdocs/Faxing.txt | 220 ------------------------- 6 files changed, 70 insertions(+), 521 deletions(-) delete mode 100644 docs/README.Win32-Viruses delete mode 100644 docs/textdocs/DHCP-Server-Configuration.txt delete mode 100644 docs/textdocs/Faxing.txt (limited to 'docs') diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses deleted file mode 100644 index 4646da83cf..0000000000 --- a/docs/README.Win32-Viruses +++ /dev/null @@ -1,57 +0,0 @@ -While this article is specific to the Nimda worm, -the information can be applied to preventing the spread -of many Win32 viruses. Thanks to the Samba Users Group of Japan -(SUGJ) for this article. -=============================================================================== -Steps against Nimba Worm for Samba - -Author: HASEGAWA Yosuke -Translator: TAKAHASHI Motonobu - -The information in this article applies to - Samba 2.0.x - Samba 2.2.x - Windows 95/98/Me/NT/2000 - -SYMPTOMS - This article describes measures against Nimba Worm for Samba - server. - -DESCRIPTION - Nimba Worm is infected through shared disks on a network, as well as through - Microsoft IIS, Internet Explorer and mailer of Outlook series. - - At this time, the worm copies itself by the name *.nws and *.eml on - the shared disk, moreover, by the name of Riched20.dll in the folder - where *.doc file is included. - - To prevent infection through the shared disk offered by Samba, set - up as follows: - ------ -[global] - ... - # This can break Administration installations of Office2k. - # in that case, don't veto the riched20.dll - veto files = /*.eml/*.nws/riched20.dll/ ------ - - By setting the "veto files" parameter, matched files on the Samba - server are completely hidden from the clients and making it impossible - to access them at all. - - In addition to it, the following setting is also pointed out by the - samba-jp:09448 thread: when the - "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on - a Samba server, it is visible only as "readme.txt" and dangerous - code may be executed if this file is double-clicked. - - Setting the following, ------ - veto files = /*.{*}/ ------ - any files having CLSID in its file extension will be inaccessible from any - clients. - -This technical article is created based on the discussion of -samba-jp:09448 and samba-jp:10900 threads. diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml index b6d8016fc4..0e5e146b5a 100644 --- a/docs/docbook/faq/sambafaq.sgml +++ b/docs/docbook/faq/sambafaq.sgml @@ -3,6 +3,7 @@ + ]> @@ -30,4 +31,5 @@ and the old samba text documents which were mostly written by John Terpstra. &install; &clientapp; &errors; +&features; diff --git a/docs/faq/errors.html b/docs/faq/errors.html index 36aafdaa01..49f68e4991 100644 --- a/docs/faq/errors.html +++ b/docs/faq/errors.html @@ -11,7 +11,10 @@ TITLE="Samba FAQ" HREF="samba-faq.html"> Next
     Next Features
    5. Features
    5.1. How can I prevent my samba server from being used to distribute the Nimda worm?
    5.2. How can I use samba as a fax server?
    5.2.1. Tools for printing faxes
    5.2.2. Making the fax-server
    5.2.3. Installing the client drivers
    5.2.4. Example smb.conf
    5.3. Samba doesn't work well together with DHCP!
    5.4. How can I assign NetBIOS names to clients with DHCP?
    -Support: This is an unsupported document. Refer to documentation that is - supplied with the ISC DHCP Server. Do NOT email the contributor - for ANY assistance. -=============================================================================== - -Background: -=========== - -We wish to help those folks who wish to use the ISC DHCP Server and provide -sample configuration settings. Most operating systems today come ship with -the ISC DHCP Server. ISC DHCP is available from: - ftp://ftp.isc.org/isc/dhcp - -Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows -NT/2000) will lead to problems with browsing and with general network -operation. Windows 9X/ME users often report problems where the TCP/IP and related -network settings will inadvertantly become reset at machine start-up resulting -in loss of configuration settings. This results in increased maintenance -overheads as well as serious user frustration. - -In recent times users on one mailing list incorrectly attributed the cause of -network operating problems to incorrect configuration of Samba. - -One user insisted that the only way to provent Windows95 from periodically -performing a full system reset and hardware detection process on start-up was -to install the NetBEUI protocol in addition to TCP/IP. This assertion is not -correct. - -In the first place, there is NO need for NetBEUI. All Microsoft Windows clients -natively run NetBIOS over TCP/IP, and that is the only protocol that is -recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will -cause problems with browse list operation on most networks. Even Windows NT -networks experience these problems when incorrectly configured Windows95 -systems share the same name space. It is important that only those protocols -that are strictly needed for site specific reasons should EVER be installed. - -Secondly, and totally against common opinion, DHCP is NOT an evil design but is -an extension of the BOOTP protocol that has been in use in Unix environments -for many years without any of the melt-down problems that some sensationalists -would have us believe can be experienced with DHCP. In fact, DHCP in covered by -rfc1541 and is a very safe method of keeping an MS Windows desktop environment -under control and for ensuring stable network operation. - -Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95 -store all network configuration settings a registry. There are a few reports -from MS Windows network administrators that warrant mention here. It would appear -that when one sets certain MS TCP/IP protocol settings (either directly or via -DHCP) that these do get written to the registry. Even though a subsequent -change of setting may occur the old value may persist in the registry. This -has been known to create serious networking problems. - -An example of this occurs when a manual TCP/IP environment is configured to -include a NetBIOS Scope. In this event, when the administrator then changes the -configuration of the MS TCP/IP protocol stack, without first deleting the -current settings, by simply checking the box to configure the MS TCP/IP stack -via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be -applied to the resulting DHCP offered settings UNLESS the DHCP server also sets -a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS -Scope from your DHCP server. The can be done in the dhcpd.conf file with the -parameter: - option netbios-scope ""; - -While it is true that the Microsoft DHCP server that comes with Windows NT -Server provides only a sub-set of rfc1533 functionality this is hardly an issue -in those sites that already have a large investment and commitment to Unix -systems and technologies. The current state of the art of the DHCP Server -specification in covered in rfc2132. - -This document aims to provide enough background information so that the -majority of site can without too much hardship get the Internet Software -Consortium's (ISC) DHCP Server into operation. The key benefits of using DHCP -includes: - -1) Automated IP Address space management and maximised re-use of available IP -Addresses, - -2) Automated control of MS Windows client TCP/IP network configuration, - -3) Automatic recovery from start-up and run-time problems with Windows95. - - - -Client Configuration for SMB Networking: -======================================== -SMB network clients need to be configured so that all standard TCP/IP name to -address resolution works correctly. Once this has been achieved the SMB -environment provides additional tools and services that act as helper agents in -the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One -such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it -in their Windows NT Server implementation WINS (Windows Internet Name Server). - -A client needs to be configured so that it has a unique Machine (Computer) -Name. - -This can be done, but needs a few NT registry hacks and you need to be able to -speak UNICODE, which is of course no problem for a True Wizzard(tm) :) -Instructions on how to do this (including a small util for less capable -Wizzards) can be found at - - http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html - - -All remaining TCP/IP networking parameters can be assigned via DHCP. These include: - -a) IP Address, -b) Netmask, -c) Gateway (Router) Address, -d) DNS Domain Name, -e) DNS Server addresses, -f) WINS (NBNS) Server addresses, -g) IP Forwarding, -h) Timezone offset, -i) Node Type, -j) NetBIOS Scope - -Other assignments can be made from a DHCP server too, but the above cover the -major needs. - -Note: IF ever an entry has has been made to the NetBIOS Scope field of the -TCP/IP configuration panel on an MS Windows machine, and it has then been -committed, then that setting may become persistent. In such a c ase it is better -to configure the DHCP server with a NetBIOS Scope consisting of an empty string -(ie: A NULL scope). - - -DHCP Server Installation: -========================= -It is assumed that you will have obtained a copy of the GPL'd ISC DHCP server -source files from ftp://ftp.isc.org/isc/dhcp, it is also assumed that you have -compiled the sources and have installed the binary files. - -The following simply serves to provide sample configuration files to enable -dhcpd to operate. The sample files assume that your site is configured to use -private IP network address space using the Class B range of 172.16.1.0 - -172.16.1.255 and is using a netmask of 255.255.255.0 (ie:24 bits). It is -assumed that your router to the outside world is at 172.16.1.254 and that your -Internet Domain Name is bestnet.com.au. The IP Address range 172.16.1.100 to -172.16.1.240 has been set aside as your dynamically allocated range. In -addition, bestnet.com.au have two print servers that need to obtain settings -via BOOTP. The machine linux.bestnet.com.au has IP address 172.16.1.1 and is -you primary Samba server with WINS support enabled by adding the parameter to -the /etc/smb.conf file: [globals] wins support = yes. The dhcp lease time will -be set to 20 hours. - -Configuration Files: -==================== -Before dhcpd will run you need to install a file that speifies the -configuration settings, and another that holds the database of issued IP -addresses. On many systems these are stored in the /etc directory on the Unix -system. - -Example /etc/dhcpd.conf: -======================== -server-identifier linux.bestnet.com.au; - -subnet 172.16.1.0 netmask 255.255.255.0 { - range 172.16.1.100 172.16.1.240; - default-lease-time 72000; - max-lease-time 144000; - option subnet-mask 255.255.255.0; - option broadcast-address 172.16.1.255; - option routers 172.16.1.254; - option domain-name-servers 172.16.1.1, 172.16.1.2; - option domain-name "bestnet.com.au"; - option time-offset 39600; - option ip-forwarding off; - option netbios-name-servers 172.16.0.1, 172.16.0.1; - option netbios-dd-server 172.16.0.1; - option netbios-node-type 8; - option netbios-scope ""; -} - -; Note: The above netbios-scope is purposely an empty (NULL) string. - -group { - next-server 172.16.1.10; - option subnet-mask 255.255.255.0; - option domain-name "bestnet.com.au"; - option domain-name-servers 172.16.1.1, 172.16.0.2; - option netbios-name-servers 172.16.0.1, 172.16.0.1; - option netbios-dd-server 172.16.0.1; - option netbios-node-type 8; - option netbios-scope "SomeCrazyScope"; - option routers 172.16.1.240; - option time-offset 39600; - host lexmark1 { - hardware ethernet 06:07:08:09:0a:0b; - fixed-address 172.16.1.245; - } - host epson4 { - hardware ethernet 01:02:03:04:05:06; - fixed-address 172.16.1.242; - } -} - - -Creating the /etc/dhcpd.leases file: -==================================== -At a Unix shell create an empty dhcpd.leases file in the /etc directory. -You can do this by typing: cp /dev/null /etc/dhcpd.leases - - -Setting up a route table for all-ones addresses: -================================================ -Quoting from the README file that comes with the ISC DHCPD Server: - - BROADCAST - -In order for dhcpd to work correctly with picky DHCP clients (e.g., -Windows 95), it must be able to send packets with an IP destination -address of 255.255.255.255. Unfortunately, Linux insists on changing -255.255.255.255 into the local subnet broadcast address (here, that's -192.5.5.223). This results in a DHCP protocol violation, and while -many DHCP clients don't notice the problem, some (e.g., all Microsoft -DHCP clients) do. Clients that have this problem will appear not to -see DHCPOFFER messages from the server. - -It is possible to work around this problem on some versions of Linux -by creating a host route from your network interface address to -255.255.255.255. The command you need to use to do this on Linux -varies from version to version. The easiest version is: - - route add -host 255.255.255.255 dev eth0 - -On some older Linux systems, you will get an error if you try to do -this. On those systems, try adding the following entry to your -/etc/hosts file: - -255.255.255.255 all-ones - -Then, try: - - route add -host all-ones dev eth0 - - -For more information please refer to the ISC DHCPD Server documentation. diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt deleted file mode 100644 index 0703d75cc3..0000000000 --- a/docs/textdocs/Faxing.txt +++ /dev/null @@ -1,220 +0,0 @@ -Contributor: Gerhard Zuber -Date: August 5th 1997. -Status: Current - -Subject: F A X I N G with S A M B A -========================================================================== - -This text describes how to turn your SAMBA-server into a fax-server -for any environment, especially for Windows. - Author: Gerhard Zuber - Version: 1.4 - Date: 04. Aug. 1997 - -Requirements: - UNIX box (Linux preferred) with SAMBA and a faxmodem - ghostscript package - mgetty+sendfax package - pbm package (portable bitmap tools) - -FTP sites: - sunsite.unc.edu:/pub/Linux/system/Serial/mgetty+sendfax* - tsx-11.mit.edu:/pub/linux/sources/sbin/mgetty+sendfax - ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/mgetty1.1.6-May05.tar.gz - - pbm10dec91.tgz - ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/pbm10dec91.tgz - sunsite.unc.edu: ..../apps/graphics/convert/pbmplus-10dec91-bin.tar.gz - ftp.gwdg.de/pub/linux/grafik/pbmplus.src.tar.Z (this is 10dec91 source) - or ??? pbm10dec91.tgz pbmplus10dec91.tgz - - -making mgetty+sendfax running: -============================== - - go to source tree: /usr/src/mgetty+sendfax - cp policy.h-dist policy.h - - change your settings: valid tty ports, modem initstring, Station-Id - -#define MODEM_INIT_STRING "AT &F S0=0 &D3 &K3 &C1\\\\N2" - -#define FAX_STATION_ID "49 30 12345678" - -#define FAX_MODEM_TTYS "ttyS1:ttyS2:ttyS3" - - Modem initstring is for rockwell based modems - if you want to use mgetty+sendfax as PPP-dialin-server, - define AUTO_PPP in Makefile: - -CFLAGS=-O2 -Wall -pipe -DAUTO_PPP - - compile it and install the package. - edit your /etc/inittab and let mgetty running on your preferred - ports: - -s3:45:respawn:/usr/local/sbin/mgetty ttyS2 vt100 - - now issue a - kill -HUP 1 - and enjoy with the lightning LEDs on your modem - your now are ready to receive faxes ! - - - if you want a PPP dialin-server, edit - /usr/local/etc/mgetty+sendfax/login.config - -/AutoPPP/ - ppp /usr/sbin/pppd auth debug passive modem - - - Note: this package automatically decides between a fax call and - a modem call. In case of modem call you get a login prompt ! - -Tools for printing faxes: -========================= - - your incomed faxes are in: - /var/spool/fax/incoming - - print it with: - - for i in * - do - g3cat $i | g3tolj | lpr -P hp - done - - in case of low resolution use instead: - - g3cat $i | g3tolj -aspect 2 | lpr -P hp - - - g3cat is in the tools-section, g3tolj is in the contrib-section - for printing to HP lasers. - - If you want to produce files for displaying and printing with Windows, use - some tools from the pbm-package like follow - - g3cat $i | g3topbm - | ppmtopcx - >$i.pcx - - and view it with your favourite Windows tool (maybe paintbrush) - - -Now making the fax-server: -=========================== - - fetch the file - mgetty+sendfax/frontends/winword/faxfilter - - and place it in - - /usr/local/etc/mgetty+sendfax/ - - prepare your faxspool file as mentioned in this file - edit fax/faxspool.in and reinstall or change the final - /usr/local/bin/faxspool too. - - if [ "$user" = "root" -o "$user" = "fax" -o \ - "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ] - - find the first line and change the second. - - make sure you have pbmtext (from the pbm-package). This is - needed for creating the small header line on each page. - Notes on pbmplus: - Some peoples had problems with precompiled binaries (especially - at linux) with a shared lib libgr.so.x.x. The better way is - to fetch the source and compile it. One needs only pbmtext for - generating the small line on top of each page /faxheader). Install - only the individual programs you need. If you install the full - package then install pbmplus first and then mgetty+sendfax, because - this package has some changed programs by itself (but not pbmtext). - - make sure your ghostscript is functional. You need fonts ! - I prefer these from the OS/2 disks - - prepare your faxheader - /usr/local/etc/mgetty+sendfax/faxheader - - edit your /etc/printcap file: - -# FAX -lp3|fax:\ - :lp=/dev/null:\ - :sd=/usr/spool/lp3:\ - :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\ - :lf=/usr/spool/lp3/fax-log: - - - - - edit your /usr/local/samba/lib/smb.conf - - so you have a smb based printer named "fax" - - -The final step: -=============== - - Now you have a printer called "fax" which can be used via - TCP/IP-printing (lpd-system) or via SAMBA (windows printing). - - On every system you are able to produce postscript-files you - are ready to fax. - - On Windows 3.1 95 and NT: - - Install a printer wich produces postscript output, - e.g. apple laserwriter - - connect the "fax" to your printer - - - Now write your first fax. Use your favourite wordprocessor, - write, winword, notepad or whatever you want, and start - with the headerpage. - - Usually each fax has a header page. It carries your name, - your address, your phone/fax-number. - - It carries also the recipient, his address and his *** fax - number ***. Now here is the trick: - - Use the text: - Fax-Nr: 123456789 - as the recipients fax-number. Make sure this text does not - occur in regular text ! Make sure this text is not broken - by formatting information, e.g. format it as a single entity. - (Windows Write and Win95 Wordpad are functional, maybe newer - versions of Winword are breaking formatting information). - - The trick is that postscript output is human readable and - the faxfilter program scans the text for this pattern and - uses the found number as the fax-destination-number. - - Now print your fax through the fax-printer and it will be - queued for later transmission. Use faxrunq for sending the - queue out. - - Notes of SAMBA smb.conf: - Simply use fall through from the samba printer to the unix - printer. Sample: - - - printcap name = /etc/printcap - print command = /usr/bin/lpr -r -P %p %s - lpq command = /usr/bin/lpq -P %p - lprm command = /usr/bin/lprm -P %p %j - - -[fax] - comment = FAX (mgetty+sendfax) - path = /tmp - printable = yes - public = yes - writable = no - create mode = 0700 - browseable = yes - guest ok = no - - - -- cgit From 972336ebecd8690ea26830e08770507f5849311b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 4 Oct 2002 18:18:45 +0000 Subject: Convert even more text docs (This used to be commit cde5cd455ca48fde7eeb7cea84b061ef3be58e23) --- docs/docbook/faq/clientapp.sgml | 16 ++++++ docs/docbook/faq/errors.sgml | 77 ++++++++++++++++++++++++++++ docs/faq/clientapp.html | 38 ++++++++++++++ docs/faq/errors.html | 80 +++++++++++++++++++++++++++-- docs/faq/samba-faq.html | 42 +++++++++++---- docs/textdocs/HINTS.txt | 111 ---------------------------------------- docs/textdocs/UNIX_SECURITY.txt | 54 ------------------- 7 files changed, 239 insertions(+), 179 deletions(-) delete mode 100644 docs/textdocs/HINTS.txt delete mode 100644 docs/textdocs/UNIX_SECURITY.txt (limited to 'docs') diff --git a/docs/docbook/faq/clientapp.sgml b/docs/docbook/faq/clientapp.sgml index 2077b230ce..6d687bf772 100644 --- a/docs/docbook/faq/clientapp.sgml +++ b/docs/docbook/faq/clientapp.sgml @@ -81,5 +81,21 @@ workstation as follows: \\"Server_Name"\MSOP95\msoffice\setup + + + +Microsoft Access database opening errors + + +Here are some notes on running MS-Access on a Samba drive from Stefan Kjellberg + + + +Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open. +Make sure that you open the database as 'shared' and to 'lock modified records' +Of course locking must be enabled for the particular share (smb.conf) + + + diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml index 53e4d01e20..0a40011fbb 100644 --- a/docs/docbook/faq/errors.sgml +++ b/docs/docbook/faq/errors.sgml @@ -82,4 +82,81 @@ SMB servers. + +The data on the CD-Drive I've shared seems to be corrupted! + + +Some OSes (notably Linux) default to auto detection of file type on +cdroms and do cr/lf translation. This is a very bad idea when use with +Samba. It causes all sorts of stuff ups. + + + +To overcome this problem use conv=binary when mounting the cdrom +before exporting it with Samba. + + + + + +Why can users access home directories of other users? + + + +We are unable to keep individual users from mapping to any other user's +home directory once they have supplied a valid password! They only need +to enter their own password. I have not found *any* method that I can +use to configure samba to enforce that only a user may map their own +home directory. + + + + +User xyzzy can map his home directory. Once mapped user xyzzy can also map +*anyone* elses home directory! + + + +This is not a security flaw, it is by design. Samba allows +users to have *exactly* the same access to the UNIX filesystem +as they would if they were logged onto the UNIX box, except +that it only allows such views onto the file system as are +allowed by the defined shares. + + + +This means that if your UNIX home directories are set up +such that one user can happily cd into another users +directory and do an ls, the UNIX security solution is to +change the UNIX file permissions on the users home directories +such that the cd and ls would be denied. + + + +Samba tries very hard not to second guess the UNIX administrators +security policies, and trusts the UNIX admin to set +the policies and permissions he or she desires. + + + +Samba does allow the setup you require when you have set the +"only user = yes" option on the share, is that you have not set the +valid users list for the share. + + + +Note that only user works in conjunction with the users= list, +so to get the behavior you require, add the line : + +users = %S + +this is equivalent to: + +valid users = %S + +to the definition of the [homes] share, as recommended in +the smb.conf man page. + + + diff --git a/docs/faq/clientapp.html b/docs/faq/clientapp.html index fd120f90cd..3196fd285e 100644 --- a/docs/faq/clientapp.html +++ b/docs/faq/clientapp.html @@ -155,6 +155,44 @@ CLASS="COMMAND" >

    3.3. Microsoft Access database opening errors

    Here are some notes on running MS-Access on a Samba drive from Stefan Kjellberg

    Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.
    Make sure that you open the database as 'shared' and to 'lock modified records'
    Of course locking must be enabled for the particular share (smb.conf)

    4.1. Not listening for calling name

    4.2. System Error 1240

    4.3. smbclient ignores -N !

    4.4. The data on the CD-Drive I've shared seems to be corrupted!

    Some OSes (notably Linux) default to auto detection of file type on +cdroms and do cr/lf translation. This is a very bad idea when use with +Samba. It causes all sorts of stuff ups.

    To overcome this problem use conv=binary when mounting the cdrom +before exporting it with Samba.

    4.5. Why can users access home directories of other users?

    "We are unable to keep individual users from mapping to any other user's +home directory once they have supplied a valid password! They only need +to enter their own password. I have not found *any* method that I can +use to configure samba to enforce that only a user may map their own +home directory."

    "User xyzzy can map his home directory. Once mapped user xyzzy can also map +*anyone* elses home directory!"

    This is not a security flaw, it is by design. Samba allows +users to have *exactly* the same access to the UNIX filesystem +as they would if they were logged onto the UNIX box, except +that it only allows such views onto the file system as are +allowed by the defined shares.

    This means that if your UNIX home directories are set up +such that one user can happily cd into another users +directory and do an ls, the UNIX security solution is to +change the UNIX file permissions on the users home directories +such that the cd and ls would be denied.

    Samba tries very hard not to second guess the UNIX administrators +security policies, and trusts the UNIX admin to set +the policies and permissions he or she desires.

    Samba does allow the setup you require when you have set the +"only user = yes" option on the share, is that you have not set the +valid users list for the share.

    Note that only user works in conjunction with the users= list, +so to get the behavior you require, add the line : +

    users = %S
    +this is equivalent to: +
    valid users = %S
    +to the definition of the [homes] share, as recommended in +the smb.conf man page.

    How to use a Samba share as an administrative share for MS Office, etc.
    3.3. Microsoft Access database opening errors
    4.1. Not listening for calling name
    4.2. System Error 1240
    4.3. smbclient ignores -N !
    4.4. The data on the CD-Drive I've shared seems to be corrupted!
    4.5. Why can users access home directories of other users?
    5.1. How can I prevent my samba server from being used to distribute the Nimda worm?
    5.2. How can I use samba as a fax server?
    5.2.1. Tools for printing faxes
    5.2.2. Making the fax-server
    5.2.3. Installing the client drivers
    5.2.4. Example smb.conf
    5.3. Samba doesn't work well together with DHCP!
    5.4. How can I assign NetBIOS names to clients with DHCP?
    5.5. How do I convert between unix and dos text formats?
    - -1. Opening a database in 'exclusive' mode does NOT work. Samba ignores - r/w/share modes on file open. - -2. Make sure that you open the database as 'shared' and to 'lock modified - records' - -3. Of course locking must be enabled for the particular share (smb.conf) diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt deleted file mode 100644 index 38705f018a..0000000000 --- a/docs/textdocs/UNIX_SECURITY.txt +++ /dev/null @@ -1,54 +0,0 @@ -Contributor: John H Terpstra -Date: July 5, 1998 -Status: Current - -Subject: SETTING UNIX FILE SYSTEM SECURITY -=============================================================================== -The following excerpt from a bug report demonstrates the need to -understand Unix file system security and to manage it correctly. - -Quote: -====== -> We are unable to keep individual users from mapping to any other user's -> home directory once they have supplied a valid password! They only need -> to enter their own password. I have not found *any* method that I can -> use to configure samba to enforce that only a user may map their own -> home directory. -> -> User xyzzy can map his home directory. Once mapped user xyzzy can also map -> *anyone* elses home directory! - -ANSWER: -======= -This is not a security flaw, it is by design. Samba allows -users to have *exactly* the same access to the UNIX filesystem -as they would if they were logged onto the UNIX box, except -that it only allows such views onto the file system as are -allowed by the defined shares. - -This means that if your UNIX home directories are set up -such that one user can happily cd into another users -directory and do an ls, the UNIX security solution is to -change the UNIX file permissions on the users home directories -such that the cd and ls would be denied. - -Samba tries very hard not to second guess the UNIX administrators -security policies, and trusts the UNIX admin to set -the policies and permissions he or she desires. - -Samba does allow the setup you require when you have set the -"only user = yes" option on the share, is that you have not set the -valid users list for the share. - -Note that only user works in conjunction with the users= list, -so to get the behavior you require, add the line : - -users = %S - -this is equivalent to: - -valid users = %S - -to the definition of the [homes] share, as recommended in -the smb.conf man page. - -- cgit From ceaeb3ef90e088f8752b519d5e80e60ce79575a1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 4 Oct 2002 18:35:15 +0000 Subject: Remove README.DCEDFS as it doesn't contain useful info for developers nor users but only about the state DCE/DFS was in for samba 1.9.13 (This used to be commit 69c402f375818314e7e335abc52f566c037d16cb) --- docs/textdocs/README.DCEDFS | 78 --------------------------------------------- 1 file changed, 78 deletions(-) delete mode 100644 docs/textdocs/README.DCEDFS (limited to 'docs') diff --git a/docs/textdocs/README.DCEDFS b/docs/textdocs/README.DCEDFS deleted file mode 100644 index da9bb2197d..0000000000 --- a/docs/textdocs/README.DCEDFS +++ /dev/null @@ -1,78 +0,0 @@ -Contributor: Jim Doyle -Date: 06-02-95 -Status: Current but needs updating - -Subject: Basic DCE/DFS Support for SAMBA 1.9.13 -============================================================================= - -Functionality: --------------- - - Per-instance authentication for DCE/DFS. - -Missing Functionality in this Implementation: ---------------------------------------------- - - * No automatic refresh of credentials - - To do so would not be that hard.. One could simply - stash the clear-text key in memory, spawn a key management - thread to wake up right before credentials expire and - refresh the login context. - - * No UNIX Signals support (SIGCLD, SIGPIPE, SIGHUP, SIGBUS, SIGSEGV) - - - There is no support for signal processing in Samba daemons - that need to authenticate with DCE. The explanation for this - is that the smbd is linked against thread-safe libraries in - order to be able to use DCE authentication mechanisms. - Because smbd uses signal() and fork(), it represents the - worst case scenario for DCE portability. In order - to properly support signals in a forked server environment, - some rework of smbd is needed in order to properly - construct, shutdown and reconstruct asynchronous signal - handling threads and synchronous signal traps across the - parent and child. I have not had contiguous time to work - on it, I expect it to be a weeks worth of work to cleanly - integrate thread-safe signal handing into the code and - test it. Until I can get to this task, I will leave it up - to someone adventurous enough to engineer it and negotiate - with Andrew to integrate the changes into the mainline branch. - - The lack of full signal support means that you cannot - rely upon SIGHUP-ing the parent daemon to refresh - the configuration data. Likewise, you cannot take advantage - of the builtin SIGBUS/SIGSEGV traps to diagnose failures. - You will have to halt Samba in order to make changes - and then have them take effect. - - The SMBD server as it stands is suitable to use if you - already have experience with configuring and running - SAMBA. - -Tested Platforms: ------------------ - - HP-UX 9.05 / HP-UX DCE 1.2.1 - AIX 3.2.5 / AIX DCE/6000 1.3 - DEC OSF-1 3.0 / DEC DCE 1.3 - -Building: ---------- - - - Uncomment the the appropriate block in the Makefile - for the platform you wish to build on. - - - Samples of Samba server configuration files for our - DFS environment are included in samples.dcedfs/ - - - -Bugs, Suggestions, etc.. --------------------------- - - Please post them to the mailing list. - That way I will see them and they will become part of - the archives so others can share the knowledge. - -- cgit