From 705db2effac38df9aaefa9cc6baa9614207b26af Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 7 Apr 2003 13:51:11 +0000 Subject: - Add &author.mimir; entity - Several smaller layout and typo fixes (This used to be commit 96aa93ea4f56ef069c3127547296581f8e0ce3bd) --- docs/docbook/global.ent | 20 +++ docs/docbook/projdoc/ADS-HOWTO.sgml | 10 +- docs/docbook/projdoc/Browsing-Quickguide.sgml | 15 +- docs/docbook/projdoc/Browsing.sgml | 38 ++--- docs/docbook/projdoc/Bugs.sgml | 8 +- docs/docbook/projdoc/CUPS-printing.sgml | 22 +-- docs/docbook/projdoc/Compiling.sgml | 12 +- docs/docbook/projdoc/DOMAIN_MEMBER.sgml | 6 +- docs/docbook/projdoc/Diagnosis.sgml | 158 ++++++++++----------- docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml | 6 +- docs/docbook/projdoc/Integrating-with-Windows.sgml | 4 +- docs/docbook/projdoc/NT_Security.sgml | 3 +- docs/docbook/projdoc/ProfileMgmt.sgml | 26 ++-- docs/docbook/projdoc/UNIX_INSTALL.sgml | 53 ++++--- docs/docbook/projdoc/samba-doc.sgml | 9 +- docs/docbook/projdoc/securing-samba.sgml | 6 +- docs/docbook/projdoc/security_level.sgml | 8 +- docs/docbook/projdoc/unicode.sgml | 2 - docs/docbook/projdoc/upgrading-to-3.0.sgml | 2 +- 19 files changed, 209 insertions(+), 199 deletions(-) (limited to 'docs') diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent index 26c774820f..cfcd44e50a 100644 --- a/docs/docbook/global.ent +++ b/docs/docbook/global.ent @@ -74,6 +74,14 @@ '> + + RafalSzczesniak + + Samba Team +
mimir@samba.org
+
+'> @@ -358,3 +366,15 @@ an Active Directory environment. &stdarg.authfile; &stdarg.username; '> + + +smbd'> +nmbd'> +testparm'> +smb.conf'> +smbclient'> +winbindd'> +smbgroupedit'> + + + diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index 8146df0781..d08833b7fd 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -74,12 +74,12 @@ its netbios name. If you don't get this right then you will get a -If all you want is kerberos support in smbclient then you can skip -straight to Test with smbclient now. +If all you want is kerberos support in &smbclient; then you can skip +straight to Test with &smbclient; now. Creating a computer account and testing your servers is only needed if you want kerberos -support for smbd and winbindd. +support for &smbd; and &winbindd;. @@ -120,11 +120,11 @@ server? Does it have an encoding type of DES-CBC-MD5 ? -Testing with smbclient +Testing with &smbclient; On your Samba server try to login to a Win2000 server or your Samba -server using smbclient and kerberos. Use smbclient as usual, but +server using &smbclient; and kerberos. Use &smbclient; as usual, but specify the -k option to choose kerberos authentication. diff --git a/docs/docbook/projdoc/Browsing-Quickguide.sgml b/docs/docbook/projdoc/Browsing-Quickguide.sgml index a2b67983f8..ed5b9a61af 100644 --- a/docs/docbook/projdoc/Browsing-Quickguide.sgml +++ b/docs/docbook/projdoc/Browsing-Quickguide.sgml @@ -44,7 +44,7 @@ implements browse list collation using unicast UDP. Secondly, in those networks where Samba is the only SMB server technology -wherever possible nmbd should be configured on one (1) machine as the WINS +wherever possible &nmbd; should be configured on one (1) machine as the WINS server. This makes it easy to manage the browsing environment. If each network segment is configured with it's own Samba WINS server, then the only way to get cross segment browsing to work is by using the @@ -65,7 +65,7 @@ been committed, but it still needs maturation. Right now samba WINS does not support MS-WINS replication. This means that -when setting up Samba as a WINS server there must only be one nmbd configured +when setting up Samba as a WINS server there must only be one &nmbd; configured as a WINS server on the network. Some sites have used multiple Samba WINS servers for redundancy (one server per subnet) and then used remote browse sync and remote announce @@ -294,11 +294,12 @@ To configure Samba to register with a WINS server just add "wins server = a.b.c.d" to your smb.conf file [globals] section. - -DO NOT EVER use both "wins support = yes" together -with "wins server = a.b.c.d" particularly not using it's own IP address. -Specifying both will cause nmbd to refuse to start! - + +Never use both wins support = yes together +with wins server = a.b.c.d +particularly not using it's own IP address. +Specifying both will cause &nmbd; to refuse to start! + diff --git a/docs/docbook/projdoc/Browsing.sgml b/docs/docbook/projdoc/Browsing.sgml index 43cc498618..ca2f6dc57b 100644 --- a/docs/docbook/projdoc/Browsing.sgml +++ b/docs/docbook/projdoc/Browsing.sgml @@ -46,8 +46,8 @@ that can NOT be provided by any other means of name resolution. Browsing support in samba -Samba facilitates browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)). +Samba facilitates browsing. The browsing is supported by &nmbd; +and is also controlled by options in the &smb.conf; file. Samba can act as a local browse master for a workgroup and the ability for samba to support domain logons and scripts is now available. @@ -80,7 +80,7 @@ recommended that you use one and only one Samba server as your WINS server. To get browsing to work you need to run nmbd as usual, but will need -to use the workgroup option in smb.conf +to use the workgroup option in &smb.conf; to control what workgroup Samba becomes a part of. @@ -89,7 +89,7 @@ Samba also has a useful option for a Samba server to offer itself for browsing on another subnet. It is recommended that this option is only used for 'unusual' purposes: announcements over the internet, for example. See remote announce in the -smb.conf man page. +&smb.conf; man page. @@ -128,7 +128,7 @@ server resources. The other big problem people have is that their broadcast address, netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf) +in &smb.conf;) @@ -160,7 +160,7 @@ Remember, for browsing across subnets to work correctly, all machines, be they Windows 95, Windows NT, or Samba servers must have the IP address of a WINS server given to them by a DHCP server, or by manual configuration (for Win95 and WinNT, this is in the TCP/IP Properties, under Network -settings) for Samba this is in the smb.conf file. +settings) for Samba this is in the &smb.conf; file. @@ -412,7 +412,7 @@ If either router R1 or R2 fails the following will occur: Either a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : +add the following option to the &smb.conf; file on the selected machine : in the [globals] section add the line @@ -459,7 +459,7 @@ the Samba machine IP address in the "Primary WINS Server" field of the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs in Windows 95 or Windows NT. To tell a Samba server the IP address of the WINS server add the following line to the [global] section of -all smb.conf files : +all &smb.conf; files : @@ -472,7 +472,7 @@ machine or its IP address. -Note that this line MUST NOT BE SET in the smb.conf file of the Samba +Note that this line MUST NOT BE SET in the &smb.conf; file of the Samba server acting as the WINS server itself. If you set both the wins support = yes option and the wins server = <name> option then @@ -510,7 +510,7 @@ cross subnet browsing possible for a workgroup. In an WORKGROUP environment the domain master browser must be a Samba server, and there must only be one domain master browser per workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file : +set the following option in the [global] section of the &smb.conf; file : @@ -520,7 +520,7 @@ set the following option in the [global] section of the smb.conf file : The domain master browser should also preferrably be the local master browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file : +options in the [global] section of the &smb.conf; file : @@ -545,7 +545,7 @@ able to do this, as will Windows 9x machines (although these tend to get rebooted more often, so it's not such a good idea to use these). To make a Samba server a local master browser set the following options in the [global] section of the -smb.conf file : +&smb.conf; file : @@ -575,7 +575,7 @@ If you have an NT machine on the subnet that you wish to be the local master browser then you can disable Samba from becoming a local master browser by setting the following options in the [global] section of the -smb.conf file : +&smb.conf; file : @@ -607,7 +607,7 @@ For subnets other than the one containing the Windows NT PDC you may set up Samba servers as local master browsers as described. To make a Samba server a local master browser set the following options in the [global] section -of the smb.conf file : +of the &smb.conf; file : @@ -634,7 +634,7 @@ If you have Windows NT machines that are members of the domain on all subnets, and you are sure they will always be running then you can disable Samba from taking part in browser elections and ever becoming a local master browser by setting following options -in the [global] section of the smb.conf +in the [global] section of the &smb.conf; file : @@ -662,7 +662,7 @@ elections to just about anyone else. If you want Samba to win elections then just set the os level global -option in smb.conf to a higher number. It defaults to 0. Using 34 +option in &smb.conf; to a higher number. It defaults to 0. Using 34 would make it win all elections over every other system (except other samba systems!) @@ -676,7 +676,7 @@ NT/2K Server. A MS Windows NT/2K Server domain controller uses level 32. If you want samba to force an election on startup, then set the -preferred master global option in smb.conf to "yes". Samba will +preferred master global option in &smb.conf; to "yes". Samba will then have a slight advantage over other potential master browsers that are not preferred master browsers. Use this parameter with care, as if you have two hosts (whether they are windows 95 or NT or @@ -712,7 +712,7 @@ the current domain master browser fail. The domain master is responsible for collating the browse lists of multiple subnets so that browsing can occur between subnets. You can make samba act as the domain master by setting domain master = yes -in smb.conf. By default it will not be a domain master. +in &smb.conf;. By default it will not be a domain master. @@ -801,7 +801,7 @@ that browsing and name lookups won't work. Samba now supports machines with multiple network interfaces. If you have multiple interfaces then you will need to use the interfaces -option in smb.conf to configure them. See smb.conf(5) for details. +option in &smb.conf; to configure them. diff --git a/docs/docbook/projdoc/Bugs.sgml b/docs/docbook/projdoc/Bugs.sgml index 9c6be75c8d..d3525f5f95 100644 --- a/docs/docbook/projdoc/Bugs.sgml +++ b/docs/docbook/projdoc/Bugs.sgml @@ -87,7 +87,7 @@ detail, but may use too much disk space. To set the debug level use log level = in your -smb.conf. You may also find it useful to set the log +&smb.conf;. You may also find it useful to set the log level higher for just one machine and keep separate logs for each machine. To do this use: @@ -102,17 +102,17 @@ include = /usr/local/samba/lib/smb.conf.%m then create a file /usr/local/samba/lib/smb.conf.machine where machine is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example +put any &smb.conf; commands you want, for example log level= may be useful. This also allows you to experiment with different security systems, protocol levels etc on just one machine. -The smb.conf entry log level = +The &smb.conf; entry log level = is synonymous with the entry debuglevel = that has been used in older versions of Samba and is being retained for backwards -compatibility of smb.conf files. +compatibility of &smb.conf; files. diff --git a/docs/docbook/projdoc/CUPS-printing.sgml b/docs/docbook/projdoc/CUPS-printing.sgml index eb59695b04..fd954cc1c5 100644 --- a/docs/docbook/projdoc/CUPS-printing.sgml +++ b/docs/docbook/projdoc/CUPS-printing.sgml @@ -50,10 +50,10 @@ new features, which make it different from other, more traditional printing syst -Configuring <filename>smb.conf</filename> for CUPS +Configuring &smb.conf; for CUPS -Printing with CUPS in the most basic smb.conf +Printing with CUPS in the most basic &smb.conf; setup in Samba-3 only needs two settings: printing = cups and printcap = cups. While CUPS itself doesn't need a printcap anymore, the cupsd.conf configuration file knows two directives @@ -87,7 +87,7 @@ present on other OS platforms, or its function may be embodied by a different co The line "libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000)" shows there is CUPS support compiled into this version of Samba. If this is the case, and printing = cups is set, then any -otherwise manually set print command in smb.conf is ignored. +otherwise manually set print command in &smb.conf; is ignored. @@ -122,7 +122,7 @@ operation. Firstly, to enable CUPS based printing from Samba the following options must be -enabled in your smb.conf file [globals] section: +enabled in your &smb.conf; file [globals] section: printing = CUPS @@ -130,7 +130,7 @@ enabled in your smb.conf file [globals] section: printcap = CUPS -When these parameters are specified the print directives in smb.conf (as well as in +When these parameters are specified the print directives in &smb.conf; (as well as in samba itself) will be ignored because samba will directly interface with CUPS through it's application program interface (API) - so long as Samba has been compiled with CUPS library (libcups) support. If samba has NOT been compiled with CUPS support then @@ -402,7 +402,7 @@ promising... The cupsadsmb utility (shipped with all current CUPS versions) makes the sharing of any (or all) installed CUPS printers very -easy. Prior to using it, you need the following settings in smb.conf: +easy. Prior to using it, you need the following settings in &smb.conf;: [global] @@ -1661,8 +1661,8 @@ on the avarage and peak printing load the server should be able to handle. Samba print files pass thru two "spool" directories. One the incoming directory -managed by Samba, (set eg: in the "path = /var/spool/samba" directive in the [printers] -section of "smb.conf"). Second is the spool directory of your UNIX print subsystem. +managed by Samba, (set eg: in the path = /var/spool/samba directive in the [printers] +section of &smb.conf;). Second is the spool directory of your UNIX print subsystem. For CUPS it is normally "/var/spool/cups/", as set by the cupsd.conf directive "RequestRoot /var/spool/cups". @@ -1724,15 +1724,15 @@ For everything to work as announced, you need to have three things: - a Samba-smbd which is compiled against "libcups" (Check on Linux by running "ldd `which smbd`") + a Samba-&smbd; which is compiled against "libcups" (Check on Linux by running ldd `which smbd`) - a Samba-smb.conf setting of "printing = cups" + a Samba-&smb.conf; setting of printing = cups - another Samba-smb.conf setting of "printcap = cups" + another Samba-&smb.conf; setting of printcap = cups diff --git a/docs/docbook/projdoc/Compiling.sgml b/docs/docbook/projdoc/Compiling.sgml index 1578522139..868ed52b74 100644 --- a/docs/docbook/projdoc/Compiling.sgml +++ b/docs/docbook/projdoc/Compiling.sgml @@ -325,18 +325,18 @@ on this system just substitute the correct package name varies between unixes. Look at the other entries in inetd.conf for a guide. - NOTE: Some unixes already have entries like netbios_ns + Some unixes already have entries like netbios_ns (note the underscore) in /etc/services. You must either edit /etc/services or - /etc/inetd.conf to make them consistent. + /etc/inetd.conf to make them consistent. - NOTE: On many systems you may need to use the - "interfaces" option in smb.conf to specify the IP address + On many systems you may need to use the + interfaces option in &smb.conf; to specify the IP address and netmask of your interfaces. Run ifconfig as root if you don't know what the broadcast is for your - net. nmbd tries to determine it at run + net. &nmbd; tries to determine it at run time, but fails on some unixes. - + Many unixes only accept around 5 parameters on the command line in inetd.conf. diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index 1a97e6f5a8..dc5b7d6e8c 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -20,12 +20,12 @@ with NetBIOS names DOMBDC1 and DOMBDC2 . - Firstly, you must edit your smb.conf(5) - file to tell Samba it should now use domain security. + Firstly, you must edit your &smb.conf; file to tell Samba it should + now use domain security. Change (or add) your security = line in the [global] section - of your smb.conf to read: + of your &smb.conf; to read: security = domain diff --git a/docs/docbook/projdoc/Diagnosis.sgml b/docs/docbook/projdoc/Diagnosis.sgml index 2a771c23d1..d175eb15ba 100644 --- a/docs/docbook/projdoc/Diagnosis.sgml +++ b/docs/docbook/projdoc/Diagnosis.sgml @@ -45,8 +45,9 @@ The procedure is similar for other types of clients. It is also assumed you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf: +&smb.conf;. I will assume this share is called tmp. +You can add a tmp share like by adding the +following to &smb.conf;: @@ -59,22 +60,21 @@ smb.conf. I will assume this share is called "tmp". You can add a - -THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS - + +These tests assume version 3.0 or later of the samba suite. Some commands shown did not exist in earlier versions. + Please pay attention to the error messages you receive. If any error message reports that your server is being unfriendly you should first check that you -IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf file points to name servers that really do exist. Also, if you do not have DNS server access for name resolution please check -that the settings for your smb.conf file results in "dns proxy = no". The -best way to check this is with "testparm smb.conf" +that the settings for your &smb.conf; file results in dns proxy = no. The +best way to check this is with testparm smb.conf. @@ -86,20 +86,21 @@ best way to check this is with "testparm smb.conf" -In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf +In the directory in which you store your &smb.conf; file, run the command +testparm smb.conf. If it reports any errors then your &smb.conf; configuration file is faulty. - -Note: Your smb.conf file may be located in: /etc/samba - Or in: /usr/local/samba/lib - + +Your &smb.conf; file may be located in: /etc/samba +Or in: /usr/local/samba/lib + -Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from +Run the command ping BIGSERVER from the PC and +ping ACLIENT from the unix box. If you don't get a valid response then your TCP/IP software is not correctly installed. @@ -111,7 +112,8 @@ run ping. If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to +software or /etc/hosts file is not correctly setup. +It is possible to run samba without DNS entries for the server and client, but I assume you do have correct entries for the remainder of these tests. @@ -120,23 +122,23 @@ you do have correct entries for the remainder of these tests. Another reason why ping might fail is if your host is running firewall software. You will need to relax the rules to let in the workstation in question, perhaps by allowing access from another subnet (on Linux -this is done via the ipfwadm program.) +this is done via the ipfwadm program.) -Run the command "smbclient -L BIGSERVER" on the unix box. You +Run the command smbclient -L BIGSERVER on the unix box. You should get a list of available shares back. If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines. +you probably have either an incorrect hosts allow, +hosts deny or valid users line in your +&smb.conf;, or your guest account is not +valid. Check what your guest account is using &testparm; and +temporarily remove any hosts allow, hosts deny, valid users or invalid users lines. @@ -144,15 +146,15 @@ If you get a "connection refused" response then the smbd server may not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a". +state using netstat -a. If you get a "session request failed" then the server refused the connection. If it says "Your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" +its probably because you have invalid command line parameters to &smbd;, +or a similar fatal problem with the initial startup of &smbd;. Also +check your config file (&smb.conf;) for syntax errors with &testparm; and that the various directories where samba keeps its log and lock files exist. @@ -160,7 +162,7 @@ files exist. There are a number of reasons for which smbd may refuse or decline a session request. The most common of these involve one or more of -the following smb.conf file entries: +the following &smb.conf; file entries: @@ -181,26 +183,27 @@ To solve this problem change these lines to: -Do NOT use the "bind interfaces only" parameter where you may wish to -use the samba password change facility, or where smbclient may need to +Do NOT use the bind interfaces only parameter where you +may wish to +use the samba password change facility, or where &smbclient; may need to access local service for name resolution or for local resource -connections. (Note: the "bind interfaces only" parameter deficiency +connections. (Note: the bind interfaces only parameter deficiency where it will not allow connections to the loopback address will be fixed soon). Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration! +on port 139, such as Samba (ie: smbd is running from inetd already) or +something like Digital's Pathworks. Check your inetd.conf file before trying +to start &smbd; as a daemon, it can avoid a lot of frustration! -And yet another possible cause for failure of TEST 3 is when the subnet mask +And yet another possible cause for failure of this test is when the subnet mask and / or broadcast address settings are incorrect. Please check that the network interface IP Address / Broadcast Address / Subnet Mask settings are -correct and that Samba has correctly noted these in the log.nmb file. +correct and that Samba has correctly noted these in the log.nmb file. @@ -208,12 +211,12 @@ correct and that Samba has correctly noted these in the log.nmb file. -Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the +Run the command nmblookup -B BIGSERVER __SAMBA__. You should get the IP address of your Samba server back. -If you don't then nmbd is incorrectly installed. Check your inetd.conf +If you don't then nmbd is incorrectly installed. Check your inetd.conf if you run it from there, or that the daemon is running and listening to udp port 137. @@ -229,7 +232,7 @@ inetd. -run the command nmblookup -B ACLIENT '*' +run the command nmblookup -B ACLIENT '*' You should get the PCs IP address back. If you don't then the client @@ -247,7 +250,7 @@ client in the above test. -Run the command nmblookup -d 2 '*' +Run the command nmblookup -d 2 '*' @@ -263,13 +266,13 @@ hosts. If this doesn't give a similar result to the previous test then nmblookup isn't correctly getting your broadcast address through its automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP +interfaces option in &smb.conf; to manually configure your IP address, broadcast and netmask. If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs +use the -B option to set the broadcast address to the that of the PCs subnet. @@ -283,24 +286,24 @@ not correct. (Refer to TEST 3 notes above). -Run the command smbclient //BIGSERVER/TMP. You should +Run the command smbclient //BIGSERVER/TMP. You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with -another account then add the -U >accountname< option to the end of +another account then add the -U accountname option to the end of the command line. eg: -smbclient //bigserver/tmp -Ujohndoe +smbclient //bigserver/tmp -Ujohndoe - -Note: It is possible to specify the password along with the username + +It is possible to specify the password along with the username as follows: -smbclient //bigserver/tmp -Ujohndoe%secret - +smbclient //bigserver/tmp -Ujohndoe%secret + -Once you enter the password you should get the "smb>" prompt. If you +Once you enter the password you should get the smb> prompt. If you don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf. +name" then the service "tmp" is not correctly setup in your &smb.conf;. @@ -311,26 +314,26 @@ If it says "bad password" then the likely causes are: you have shadow passords (or some other password system) but didn't - compile in support for them in smbd + compile in support for them in &smbd; - your "valid users" configuration is incorrect + your valid users configuration is incorrect - you have a mixed case password and you haven't enabled the "password - level" option at a high enough level + you have a mixed case password and you haven't enabled the password + level option at a high enough level - the "path =" line in smb.conf is incorrect. Check it with testparm + the path = line in &smb.conf; is incorrect. Check it with &testparm; @@ -345,7 +348,7 @@ If it says "bad password" then the likely causes are: Once connected you should be able to use the commands dir get put etc. -Type help >command< for instructions. You should +Type help command for instructions. You should especially check that the amount of free disk space shown is correct when you type dir. @@ -355,7 +358,7 @@ when you type dir. -On the PC type the command net view \\BIGSERVER. You will +On the PC type the command net view \\BIGSERVER. You will need to do this from within a "dos prompt" window. You should get back a list of available shares on the server. @@ -369,11 +372,11 @@ to choose one of them): - fixup the nmbd installation + fixup the &nmbd; installation - add the IP address of BIGSERVER to the "wins server" box in the + add the IP address of BIGSERVER to the wins server box in the advanced tcp/ip setup on the PC. @@ -389,8 +392,8 @@ to choose one of them): If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man +same fixes apply as they did for the smbclient -L test above. In +particular, make sure your hosts allow line is correct (see the man pages) @@ -406,7 +409,7 @@ name and password. If you get "specified computer is not receiving requests" or similar it probably means that the host is not contactable via tcp services. Check to see if the host is running tcp wrappers, and if so add an entry in -the hosts.allow file for your client (or subnet, etc.) +the hosts.allow file for your client (or subnet, etc.) @@ -414,24 +417,25 @@ the hosts.allow file for your client (or subnet, etc.) -Run the command net use x: \\BIGSERVER\TMP. You should +Run the command net use x: \\BIGSERVER\TMP. You should be prompted for a password then you should get a "command completed successfully" message. If not then your PC software is incorrectly -installed or your smb.conf is incorrect. make sure your "hosts allow" -and other config lines in smb.conf are correct. +installed or your smb.conf is incorrect. make sure your hosts allow +and other config lines in &smb.conf; are correct. It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the +connect you as. To see if this is the problem add the line user = +username to the [tmp] section of +&smb.conf; where username is the username corresponding to the password you typed. If you find this fixes things you may need the username mapping option. It might also be the case that your client only sends encrypted passwords -and you have encrypt passwords = no in smb.conf. +and you have encrypt passwords = no in &smb.conf; Turn it back on to fix. @@ -440,8 +444,8 @@ Turn it back on to fix. -Run the command nmblookup -M TESTGROUP where -TESTGROUP is the name of the workgroup that your Samba server and +Run the command nmblookup -M testgroup where +testgroup is the name of the workgroup that your Samba server and Windows PCs belong to. You should get back the IP address of the master browser for that workgroup. @@ -449,7 +453,7 @@ master browser for that workgroup. If you don't then the election process has failed. Wait a minute to see if it is just being slow then try again. If it still fails after -that then look at the browsing options you have set in smb.conf. Make +that then look at the browsing options you have set in &smb.conf;. Make sure you have preferred master = yes to ensure that an election is held at startup. @@ -468,8 +472,8 @@ is refusing to browse a server that has no encrypted password capability and is in user level security mode. In this case either set security = server AND password server = Windows_NT_Machine in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile). +&smb.conf; file, or make sure encrypted passwords is +set to "yes". @@ -488,10 +492,6 @@ out the samba web page at http://samba.org/samba/ - -Also look at the other docs in the Samba package! - - diff --git a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml index 8aea87fe24..e037da4aeb 100644 --- a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml +++ b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml @@ -11,12 +11,12 @@ Starting with Samba 3.0 alpha 2, a new group mapping function is available. The current method (likely to change) to manage the groups is a new command called -smbgroupedit. +&smbgroupedit;. The first immediate reason to use the group mapping on a PDC, is that -the domain admin group of smb.conf is +the domain admin group of &smb.conf; is now gone. This parameter was used to give the listed users local admin rights on their workstations. It was some magic stuff that simply worked but didn't scale very well for complex setups. @@ -71,7 +71,7 @@ give access to a certain directory to some users who are member of a group on your samba PDC. Flag that group as a domain group by running: -smbgroupedit -a unixgroup -td +smbgroupedit -a unixgroup -td You can list the various groups in the mapping database like this smbgroupedit -v diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml index b48fc3b305..f6ac0be5a4 100644 --- a/docs/docbook/projdoc/Integrating-with-Windows.sgml +++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml @@ -517,7 +517,7 @@ if the TCP/IP setup has been given at least one WINS Server IP Address. To configure Samba to be a WINS server the following parameter needs -to be added to the smb.conf file: +to be added to the &smb.conf; file: @@ -526,7 +526,7 @@ to be added to the smb.conf file: To configure Samba to use a WINS server the following parameters are -needed in the smb.conf file: +needed in the &smb.conf; file: diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml index 65072ef4ff..9bff25337c 100644 --- a/docs/docbook/projdoc/NT_Security.sgml +++ b/docs/docbook/projdoc/NT_Security.sgml @@ -297,8 +297,7 @@ If you want to set up a share that allows users full control in modifying the permission bits on their files and directories and doesn't force any particular bits to be set 'on', then set the following - parameters in the smb.conf(5) - file in that share specific section : + parameters in the &smb.conf; file in that share specific section : security mask = 0777 force security mode = 0 diff --git a/docs/docbook/projdoc/ProfileMgmt.sgml b/docs/docbook/projdoc/ProfileMgmt.sgml index 94bc60b464..13ec698384 100644 --- a/docs/docbook/projdoc/ProfileMgmt.sgml +++ b/docs/docbook/projdoc/ProfileMgmt.sgml @@ -11,8 +11,7 @@ -NOTE! Roaming profiles support is different for Win9x / Me -and Windows NT4/200x. +Roaming profiles support is different for Win9x / Me and Windows NT4/200x. @@ -52,15 +51,14 @@ following (for example): logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath + This is typically implemented like: + logon path = \\%L\Profiles\%u - - where: - %L translates to the name of the Samba server - %u translates to the user name +where %L translates to the name of the Samba server and %u translates to the user name @@ -74,7 +72,7 @@ symantics of %L and %N, as well as %U and %u. MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the homes +between logons. It is recommended to NOT use the homes meta-service name as part of the profile share path. @@ -85,14 +83,14 @@ meta-service name as part of the profile share path. To support Windows 9x / Me clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter. +now been fixed so that net use /home now works as well, and it, too, relies +on the logon home By using the logon home parameter, you are restricted to putting Win9x / Me profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your smb.conf file: +can use. If you set the following in the [global] section of your &smb.conf; file: logon home = \\%L\%U\.profiles @@ -100,14 +98,14 @@ can use. If you set the following in the [global] section of your smb.conf file: then your Windows 9x / Me clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden). +of your home directory called .profiles (thus making them hidden). -Not only that, but 'net use/home' will also work, because of a feature in +Not only that, but net use/home will also work, because of a feature in Windows 9x / Me. It removes any directory stuff off the end of the home directory area and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home". +specified \\%L\%U for logon home. @@ -116,7 +114,7 @@ specified \\%L\%U for "logon home". You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example: +logon home and logon path parameters. For example: diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml index df038510af..6deb0c915e 100644 --- a/docs/docbook/projdoc/UNIX_INSTALL.sgml +++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml @@ -14,11 +14,11 @@ Binary packages of samba are included in almost any Linux or Unix distribution. There are also some packages available at - the samba homepage + the samba homepage. If you need to compile samba from source, check the - appropriate appendix chapter. + appropriate appendix chapter. @@ -32,7 +32,7 @@ is included with samba. - Editing the smb.conf file + Editing the <filename>smb.conf</filename> file There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them @@ -43,36 +43,33 @@ something like this: - [global] - workgroup = MYGROUP +[global] + workgroup = MYGROUP - [homes] - guest ok = no - read only = no +[homes] + guest ok = no + read only = no which would allow connections by anyone with an account on the server, using either their login name or - "homes" as the service name. (Note that I also set the + "homes" as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details) - Note that make install will not install - a smb.conf file. You need to create it - yourself. - - Make sure you put the smb.conf file in the same place + Make sure you put the smb.conf file in the same place you specified in theMakefile (the default is to look for it in /usr/local/samba/lib/). For more information about security settings for the - [homes] share please refer to the document UNIX_SECURITY.txt. + [homes] share please refer to the chapter + Securing Samba. Test your config file with <command>testparm</command> It's important that you test the validity of your - smb.conf file using the testparm program. + smb.conf file using the testparm program. If testparm runs OK then it will list the loaded services. If not it will give an error message. @@ -133,16 +130,17 @@ //yourhostname/aservice Typically the yourhostname - would be the name of the host where you installed - smbd. The aservice is - any service you have defined in the smb.conf - file. Try your user name if you just have a [homes] section - in smb.conf. + would be the name of the host where you installed &smbd;. + The aservice is + any service you have defined in the &smb.conf; + file. Try your user name if you just have a [homes] + section + in &smb.conf;. - For example if your unix host is bambi and your login - name is fred you would type: + For example if your unix host is bambi + and your login name is fred you would type: - $ smbclient //bambi/fred + $ smbclient //bambi/fred @@ -157,21 +155,18 @@ Try printing. eg: - - C:\WINDOWS\> net use lpt1: \\servername\spoolservice C:\WINDOWS\> print filename - - Celebrate, or send me a bug report! What If Things Don't Work? - Then you might read the file HOWTO chapter Diagnosis and the + Then you might read the file chapter + Diagnosis and the FAQ. If you are still stuck then try the mailing list or newsgroup (look in the README for details). Samba has been successfully installed at thousands of sites worldwide, so maybe diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index dc339db4aa..6ed6e1a717 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -47,13 +47,13 @@ &person.jelmer; &person.jerry; - Friday 4 April + Sunday 6 April This book is a collection of HOWTOs added to Samba documentation over the years. -I try to ensure that all are current, but sometimes the is a larger job -than one person can maintain. The most recent version of this document +Samba is always under development, and so is it's documentation. +The most recent version of this document can be found at http://www.samba.org/ on the "Documentation" page. Please send updates to jerry@samba.org or @@ -107,8 +107,7 @@ for various environments. Advanced Configuration Introduction -Samba has several features that you might want or might not want to use. The chapters in this -part each cover one specific feature. +Samba has several features that you might want or might not want to use. The chapters in this part each cover one specific feature. &NT-Security; &GROUP-MAPPING-HOWTO; diff --git a/docs/docbook/projdoc/securing-samba.sgml b/docs/docbook/projdoc/securing-samba.sgml index 03d0c3d9e7..88e216ac58 100644 --- a/docs/docbook/projdoc/securing-samba.sgml +++ b/docs/docbook/projdoc/securing-samba.sgml @@ -29,8 +29,8 @@ especially vulnerable. -One of the simplest fixes in this case is to use the 'hosts allow' and -'hosts deny' options in the Samba smb.conf configuration file to only +One of the simplest fixes in this case is to use the hosts allow and +hosts deny options in the Samba &smb.conf; configuration file to only allow access to your server from a specific range of hosts. An example might be: @@ -167,7 +167,7 @@ methods listed above for some reason. Upgrading Samba -Please check regularly on http://www.samba.org/ for updates and +Please check regularly on http://www.samba.org/ for updates and important announcements. Occasionally security releases are made and it is highly recommended to upgrade Samba when a security vulnerability is discovered. diff --git a/docs/docbook/projdoc/security_level.sgml b/docs/docbook/projdoc/security_level.sgml index 1c4c3f61ca..99f21aec5d 100644 --- a/docs/docbook/projdoc/security_level.sgml +++ b/docs/docbook/projdoc/security_level.sgml @@ -83,7 +83,7 @@ level security. They normally send a valid username but no password. Samba records this username in a list of "possible usernames". When the client then does a "tree connection" it also adds to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the "user =" smb.conf +home directories) and any users listed in the user = &smb.conf; line. The password is then checked in turn against these "possible usernames". If a match is found then the client is authenticated as that user. @@ -221,7 +221,7 @@ for support of encrypted passwords: Use MS Windows NT as an authentication server -This method involves the additions of the following parameters in the smb.conf file: +This method involves the additions of the following parameters in the &smb.conf; file: @@ -270,7 +270,7 @@ all authentication requests to be passed through to the domain controllers. Samba as a member of an MS Windows NT security domain -This method involves additon of the following paramters in the smb.conf file: +This method involves additon of the following paramters in the &smb.conf; file: @@ -281,7 +281,7 @@ This method involves additon of the following paramters in the smb.conf file: -The use of the "*" argument to "password server" will cause samba to locate the +The use of the "*" argument to password server will cause samba to locate the domain controller in a way analogous to the way this is done within MS Windows NT. This is the default behaviour. diff --git a/docs/docbook/projdoc/unicode.sgml b/docs/docbook/projdoc/unicode.sgml index 705a389e41..4d1fac0150 100644 --- a/docs/docbook/projdoc/unicode.sgml +++ b/docs/docbook/projdoc/unicode.sgml @@ -81,7 +81,5 @@ samba knows of three kinds of character sets: - - diff --git a/docs/docbook/projdoc/upgrading-to-3.0.sgml b/docs/docbook/projdoc/upgrading-to-3.0.sgml index ec4b29386a..3dc4816664 100644 --- a/docs/docbook/projdoc/upgrading-to-3.0.sgml +++ b/docs/docbook/projdoc/upgrading-to-3.0.sgml @@ -12,7 +12,7 @@ You might experience problems with special characters when communicating with old DOS clients. Codepage support has changed in samba 3.0. Read the chapter -Unicode support for details. +Unicode support for details. -- cgit