From 72b9b48904fb006112256d532445355499a51700 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 11 Nov 2002 13:29:46 +0000 Subject: Add note about error that happens when the loopback device doesn't work (This used to be commit 377631b3a07c0fb52e4374cc2484e7852d81a84e) --- docs/docbook/faq/errors.sgml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs') diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml index 2f378a3688..819462899e 100644 --- a/docs/docbook/faq/errors.sgml +++ b/docs/docbook/faq/errors.sgml @@ -167,4 +167,10 @@ A domain controller has to announce on the network who it is. This usually takes + +I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs +Your loopback device isn't working correctly. Make sure it's running. + + + -- cgit From 6ff60f301e48692087dd9ebd15ad784924868bb3 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 11 Nov 2002 19:20:23 +0000 Subject: fix typo(s/plaintext pass column/plain pass column/) (This used to be commit 411647ecfbfbb17e46ea2289a09e77a2fbb1162f) --- docs/docbook/projdoc/pdb_mysql.sgml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs') diff --git a/docs/docbook/projdoc/pdb_mysql.sgml b/docs/docbook/projdoc/pdb_mysql.sgml index 220f17caa1..05262ebe10 100644 --- a/docs/docbook/projdoc/pdb_mysql.sgml +++ b/docs/docbook/projdoc/pdb_mysql.sgml @@ -81,7 +81,7 @@ identifier:user sid column - varchar(255) - NT user SID identifier:group sid column - varchar(255) - NT group ID identifier:lanman pass column - varchar(255) - encrypted lanman password identifier:nt pass column - varchar(255) - encrypted nt passwd -identifier:plaintext pass column - varchar(255) - plaintext password +identifier:plain pass column - varchar(255) - plaintext password identifier:acct control column - int(9) - nt user data identifier:unknown 3 column - int(9) - unknown identifier:logon divs column - int(9) - ? @@ -107,11 +107,11 @@ I strongly discourage the use of plaintext passwords, however, you can use them: -If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plaintext pass column' to the name of the column containing the plaintext passwords. +If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. -If you use encrypted passwords, set the 'identifier:plaintext pass column' to 'NULL' (without the quotes). This is the default. +If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default. -- cgit From d77a6ea8a429bd9e27a646935ef98e1a4ec0b645 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 13 Nov 2002 13:04:16 +0000 Subject: Move VFS documentation to SGML (This used to be commit cf9c1c2584743a059c2d266158d4e8280aaeba8a) --- docs/docbook/projdoc/VFS.sgml | 195 ++++++++++++++++++++++++++++++++++++ docs/docbook/projdoc/samba-doc.sgml | 2 + 2 files changed, 197 insertions(+) create mode 100644 docs/docbook/projdoc/VFS.sgml (limited to 'docs') diff --git a/docs/docbook/projdoc/VFS.sgml b/docs/docbook/projdoc/VFS.sgml new file mode 100644 index 0000000000..4c228dfa87 --- /dev/null +++ b/docs/docbook/projdoc/VFS.sgml @@ -0,0 +1,195 @@ + + + JelmerVernooij + AlexanderBokovoy + TimPotter + SimoSorce + +Stackable VFS modules + + +Introduction and configuration + + +Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. +Samba passes each request to access the unix file system thru the loaded VFS modules. +This chapter covers all the modules that come with the samba source and references to +some external modules. + + + +You may have problems to compile these modules, as shared libraries are +compiled and linked in different ways on different systems. +I currently tested them against GNU/linux and IRIX. + + + +To use the VFS modules, create a share similar to the one below. The +important parameter is the vfs object parameter which must point to +the exact pathname of the shared library object. For example, to use audit.so: + + + [audit] + comment = Audited /data directory + path = /data + vfs object = /path/to/audit.so + writeable = yes + browseable = yes + + + + +Further documentation on writing VFS modules for Samba can be found in +docs directory of the Samba source distribution. + + + + + +Included modules + + +audit +A simple module to audit file access to the syslog +facility. The following operations are logged: + +share +connect/disconnect +directory opens/create/remove +file open/close/rename/unlink/chmod + + + + + +recycle + +A recycle-bin like modules. When used any unlink call +will be intercepted and files moved to the recycle +directory instead of beeing deleted. + + +Supported options: + + + vfs_recycle_bin:repository + FIXME + + + + vfs_recycle_bin:keeptree + FIXME + + + + vfs_recycle_bin:versions + FIXME + + + + vfs_recycle_bin:touch + FIXME + + + + vfs_recycle_bin:maxsize + FIXME + + + + vfs_recycle_bin:exclude + FIXME + + + + vfs_recycle_bin:exclude_dir + FIXME + + + + vfs_recycle_bin:noversions + FIXME + + + + + + + +netatalk + +A netatalk module, that will ease co-existence of samba and +netatalk file sharing services. + + +Advantages compared to the old netatalk module: + +it doesn't care about creating of .AppleDouble forks, just keeps ones in sync +if share in smb.conf doesn't contain .AppleDouble item in hide or veto list, it will be added automatically + + + + + + + + +VFS modules available elsewhere + + +This section contains a listing of various other VFS modules that +have been posted but don't currently reside in the Samba CVS +tree for one reason ot another (e.g. it is easy for the maintainer +to have his or her own CVS tree). + + + +No statemets about the stability or functionality any module +should be implied due to its presence here. + + + +DatabaseFS + + +URL: http://www.css.tayloru.edu/~elorimer/databasefs/index.php + + +By Eric Lorimer. + + +I have created a VFS module which implements a fairly complete read-only +filesystem. It presents information from a database as a filesystem in +a modular and generic way to allow different databases to be used +(originally designed for organizing MP3s under directories such as +"Artists," "Song Keywords," etc... I have since applied it to a student +roster database very easily). The directory structure is stored in the +database itself and the module makes no assumptions about the database +structure beyond the table it requires to run. + + + +Any feedback would be appreciated: comments, suggestions, patches, +etc... If nothing else, hopefully it might prove useful for someone +else who wishes to create a virtual filesystem. + + + + + +vscan +URL: http://www.openantivirus.org/ + + +samba-vscan is a proof-of-concept module for Samba, which +uses the VFS (virtual file system) features of Samba 2.2.x/3.0 +alphaX. Of couse, Samba has to be compiled with VFS support. +samba-vscan supports various virus scanners and is maintained +by Rainer Link. + + + + + + + diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index f00dfd9db6..52fb0e7bfa 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -25,6 +25,7 @@ + ]> @@ -113,6 +114,7 @@ part each cover one specific feature. &WINBIND; &pdb-mysql; &pdb-xml; +&VFS; &Samba-LDAP; &CVS-Access; &GROUP-MAPPING-HOWTO; -- cgit From 2e2a5d50eb0fcbfdab14e56d6150a1bd35d57f28 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 13 Nov 2002 15:34:49 +0000 Subject: Some more doc updates: - make - update status of docs document - move security_level to 'type of installation' part (This used to be commit 11ad39398e077c3901e63f31bcc6efb223854357) --- docs/docbook/projdoc/samba-doc.sgml | 22 +- docs/docbook/projdoc/security_level.sgml | 46 +- docs/docs-status | 5 +- docs/htmldocs/ads.html | 42 +- docs/htmldocs/appendixes.html | 391 ++++++++++++ docs/htmldocs/browsing-quick.html | 16 +- docs/htmldocs/bugreport.html | 30 +- docs/htmldocs/cvs-access.html | 22 +- docs/htmldocs/diagnosis.html | 66 +-- docs/htmldocs/domain-security.html | 24 +- docs/htmldocs/groupmapping.html | 6 +- docs/htmldocs/improved-browsing.html | 28 +- docs/htmldocs/install.html | 46 +- docs/htmldocs/integrate-ms-networks.html | 92 +-- docs/htmldocs/introduction.html | 438 ++++++++++++++ docs/htmldocs/msdfs.html | 14 +- docs/htmldocs/oplocks.html | 6 +- docs/htmldocs/optional.html | 955 ++++++++++++++++++++++++++++++ docs/htmldocs/other-clients.html | 58 +- docs/htmldocs/pam.html | 18 +- docs/htmldocs/pdb-mysql.html | 18 +- docs/htmldocs/pdb-xml.html | 18 +- docs/htmldocs/portability.html | 28 +- docs/htmldocs/printing.html | 104 ++-- docs/htmldocs/pwencrypt.html | 20 +- docs/htmldocs/samba-bdc.html | 38 +- docs/htmldocs/samba-howto-collection.html | 561 +++++++++--------- docs/htmldocs/samba-ldap-howto.html | 64 +- docs/htmldocs/samba-pdc.html | 100 ++-- docs/htmldocs/securitylevels.html | 92 +-- docs/htmldocs/speed.html | 92 +-- docs/htmldocs/type.html | 392 ++++++++++++ docs/htmldocs/unix-permissions.html | 42 +- docs/htmldocs/vfs.html | 403 +++++++++++++ docs/htmldocs/winbind.html | 70 +-- 35 files changed, 3446 insertions(+), 921 deletions(-) create mode 100644 docs/htmldocs/appendixes.html create mode 100644 docs/htmldocs/introduction.html create mode 100644 docs/htmldocs/optional.html create mode 100644 docs/htmldocs/type.html create mode 100644 docs/htmldocs/vfs.html (limited to 'docs') diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index 52fb0e7bfa..ce16405d54 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -43,7 +43,7 @@ Abstract -Last Update : Thu Aug 15 12:48:45 CDT 2002 +Last Update : $Date: 2002/11/13 15:34:49 $ @@ -52,7 +52,8 @@ I try to ensure that all are current, but sometimes the is a larger job than one person can maintain. The most recent version of this document can be found at http://www.samba.org/ on the "Documentation" page. Please send updates to jerry@samba.org. +url="mailto:jerry@samba.org">jerry@samba.org or +jelmer@samba.org. @@ -69,7 +70,7 @@ Cheers, jerry - + General installation Introduction @@ -84,21 +85,23 @@ PLEASE read this. &ENCRYPTION; - + Type of installation Introduction -This part contains information on using samba in a (NT 4 or ADS) domain. -If you wish to run samba as a domain member or DC, read the appropriate chapter in -this part. + +Samba can operate in various SMB networks. This part contains information on configuring samba +for various environments. + +&SECURITY-LEVEL; &Samba-PDC-HOWTO; &Samba-BDC-HOWTO; &ADS-HOWTO; &DOMAIN-MEMBER; - + Optional configuration Introduction @@ -110,7 +113,6 @@ part each cover one specific feature. &Samba-PAM; &MS-Dfs-Setup; &PRINTER-DRIVER2; -&SECURITY-LEVEL; &WINBIND; &pdb-mysql; &pdb-xml; @@ -121,7 +123,7 @@ part each cover one specific feature. &SPEED; - + Appendixes &Portability; &Other-Clients; diff --git a/docs/docbook/projdoc/security_level.sgml b/docs/docbook/projdoc/security_level.sgml index 2f9a92d872..e2d9cfbbaa 100644 --- a/docs/docbook/projdoc/security_level.sgml +++ b/docs/docbook/projdoc/security_level.sgml @@ -9,40 +9,7 @@ -Security levels - - -Introduction - - -Samba supports the following options to the global smb.conf parameter - - - -[global] -security = [share|user(default)|server|domain|ads] - - - -Please refer to the smb.conf man page for usage information and to the document -DOMAIN_MEMBER.html for further background details -on domain mode security. The Windows 2000 Kerberos domain security model -(security = ads) is described in the ADS-HOWTO.html. - - - -Of the above, "security = server" means that Samba reports to clients that -it is running in "user mode" but actually passes off all authentication -requests to another "user mode" server. This requires an additional -parameter "password server =" that points to the real authentication server. -That real authentication server can be another Samba server or can be a -Windows NT server, the later natively capable of encrypted password support. - - - - - -More complete description of security levels +User and Share security level (for servers not in a domain) A SMB server tells the client at startup what "security level" it is @@ -136,5 +103,14 @@ cryptographically impossible to translate from unix style encryption to SMB style encryption, although there are some fairly simple management schemes by which the two could be kept in sync. - + + +"security = server" means that Samba reports to clients that +it is running in "user mode" but actually passes off all authentication +requests to another "user mode" server. This requires an additional +parameter "password server =" that points to the real authentication server. +That real authentication server can be another Samba server or can be a +Windows NT server, the later natively capable of encrypted password support. + + diff --git a/docs/docs-status b/docs/docs-status index 9dfcd841d6..23a0127c3b 100644 --- a/docs/docs-status +++ b/docs/docs-status @@ -23,7 +23,6 @@ docs/docbook/projdoc/Samba-PDC-HOWTO.sgml - Needs update to 3.0 docs/docbook/projdoc/Speed.sgml - contains outdated and invalid information docs/docbook/projdoc/UNIX_INSTALL.sgml - Needs a lot of updating (swat, etc) docs/docbook/projdoc/printer_driver2.sgml - still up to date? -docs/docbook/projdoc/security_level.sgml - information about ads and domain should be added (currently only contains pointers to the ads and domain_member docs) docs/docbook/projdoc/winbind.sgml - needs documentation for ADS docs/textdocs/CUPS-PrintingInfo.txt - needs to be converted to sgml - Kurt Pfeifle docs/textdocs/PROFILES.txt - needs to be converted to sgml @@ -51,6 +50,8 @@ Merge the various docs about wins and browsing Windows NT 4.0 Style Trust Relationship One Time Migration script from a Windows NT 4.0 PDC to a Samba PDC ldap passwd sync -merge the various pdb docs +merge the various pdb docs and the doc about encryption +UNICODE support +Winbind with samba PDC http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html diff --git a/docs/htmldocs/ads.html b/docs/htmldocs/ads.html index fc6b78b32c..49345be2c0 100644 --- a/docs/htmldocs/ads.html +++ b/docs/htmldocs/ads.html @@ -11,7 +11,7 @@ TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html">Chapter 8. Samba as a ADS domain memberChapter 9. Samba as a ADS domain member

This is a VERY ROUGH guide to setting up the current (November 2001) pre-alpha version of Samba 3.0 with kerberos authentication against a @@ -113,9 +113,9 @@ CLASS="SECT1" >

8.1. Installing the required packages for Debian

9.1. Installing the required packages for Debian

On Debian you need to install the following packages:

8.2. Installing the required packages for RedHat

9.2. Installing the required packages for RedHat

On RedHat this means you should have at least:

8.3. Compile Samba

9.3. Compile Samba

If your kerberos libraries are in a non-standard location then remember to add the configure option --with-krb5=DIR.

8.4. Setup your /etc/krb5.conf

9.4. Setup your /etc/krb5.conf

The minimal configuration for krb5.conf is:

8.5. Create the computer account

9.5. Create the computer account

Do a "kinit" as a user that has authority to change arbitrary passwords on the KDC ("Administrator" is a good choice). Then as a @@ -281,9 +281,9 @@ CLASS="SECT2" >

8.5.1. Possible errors

9.5.1. Possible errors

8.6. Test your server setup

9.6. Test your server setup

On a Windows 2000 client try

8.7. Testing with smbclient

9.7. Testing with smbclient

On your Samba server try to login to a Win2000 server or your Samba server using smbclient and kerberos. Use smbclient as usual, but @@ -345,9 +345,9 @@ CLASS="SECT1" >

8.8. Notes

9.8. Notes

You must change administrator password at least once after DC install, to create the right encoding types

Up +Appendixes
SAMBA Project Documentation
PrevNext

IV. Appendixes

Table of Contents
24. Portability
24.1. HPUX
24.2. SCO Unix
24.3. DNIX
24.4. RedHat Linux Rembrandt-II
25. Samba and other CIFS clients
25.1. Macintosh clients?
25.2. OS2 Client
25.2.1. How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?
25.2.2. How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?
25.2.3. Are there any other issues when OS/2 (any version) + is used as a client?
25.2.4. How do I get printer driver download working + for OS/2 clients?
25.3. Windows for Workgroups
25.3.1. Use latest TCP/IP stack from Microsoft
25.3.2. Delete .pwl files after password change
25.3.3. Configure WfW password handling
25.3.4. Case handling of passwords
25.4. Windows '95/'98
25.5. Windows 2000 Service Pack 2
26. Reporting Bugs
26.1. Introduction
26.2. General info
26.3. Debug levels
26.4. Internal errors
26.5. Attaching to a running process
26.6. Patches
27. Diagnosing your samba server
27.1. Introduction
27.2. Assumptions
27.3. Tests
27.3.1. Test 1
27.3.2. Test 2
27.3.3. Test 3
27.3.4. Test 4
27.3.5. Test 5
27.3.6. Test 6
27.3.7. Test 7
27.3.8. Test 8
27.3.9. Test 9
27.3.10. Test 10
27.3.11. Test 11
27.4. Still having troubles?
PrevHomeNext
Samba performance issues Portability
\ No newline at end of file diff --git a/docs/htmldocs/browsing-quick.html b/docs/htmldocs/browsing-quick.html index d2546f74b2..cc703d217f 100644 --- a/docs/htmldocs/browsing-quick.html +++ b/docs/htmldocs/browsing-quick.html @@ -11,7 +11,7 @@ TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html">

4.1. Discussion

4.2. Use of the "Remote Announce" parameter

4.3. Use of the "Remote Browse Sync" parameter

4.4. Use of WINS

4.5. Do NOT use more than one (1) protocol on MS Windows machines

4.6. Name Resolution Order

UpChapter 25. Reporting BugsChapter 26. Reporting Bugs

25.1. Introduction

26.1. Introduction

The email address for bug reports for stable releases is

25.2. General info

26.2. General info

Before submitting a bug report check your config for silly errors. Look in your log files for obvious messages that tell you that @@ -150,9 +150,9 @@ CLASS="SECT1" >

25.3. Debug levels

26.3. Debug levels

If the bug has anything to do with Samba behaving incorrectly as a server (like refusing to open a file) then the log files will probably @@ -220,9 +220,9 @@ CLASS="SECT1" >

25.4. Internal errors

26.4. Internal errors

If you get a "INTERNAL ERROR" message in your log files it means that Samba got an unexpected signal while running. It is probably a @@ -264,9 +264,9 @@ CLASS="SECT1" >

25.5. Attaching to a running process

26.5. Attaching to a running process

Unfortunately some unixes (in particular some recent linux kernels) refuse to dump a core file if the task has changed uid (which smbd @@ -281,9 +281,9 @@ CLASS="SECT1" >

25.6. Patches

26.6. Patches

The best sort of bug report is one that includes a fix! If you send us patches please use UpChapter 20. HOWTO Access Samba source code via CVSChapter 21. HOWTO Access Samba source code via CVS

20.1. Introduction

21.1. Introduction

Samba is developed in an open environment. Developers use CVS (Concurrent Versioning System) to "checkin" (also known as @@ -102,9 +102,9 @@ CLASS="SECT1" >

20.2. CVS Access to samba.org

21.2. CVS Access to samba.org

The machine samba.org runs a publicly accessible CVS repository for access to the source code of several packages, @@ -115,9 +115,9 @@ CLASS="SECT2" >

20.2.1. Access via CVSweb

21.2.1. Access via CVSweb

You can access the source code via your favourite WWW browser. This allows you to access the contents of @@ -136,9 +136,9 @@ CLASS="SECT2" >

20.2.2. Access via cvs

21.2.2. Access via cvs

You can also access the source code via a normal cvs client. This gives you much more control over you can @@ -290,7 +290,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >UpChapter 26. Diagnosing your samba serverChapter 27. Diagnosing your samba server

26.1. Introduction

27.1. Introduction

This file contains a list of tests you can perform to validate your Samba server. It also tells you what the likely cause of the problem @@ -95,9 +95,9 @@ CLASS="SECT1" >

26.2. Assumptions

27.2. Assumptions

In all of the tests it is assumed you have a Samba server called BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.

26.3. Tests

27.3. Tests

26.3.1. Test 1

27.3.1. Test 1

In the directory in which you store your smb.conf file, run the command "testparm smb.conf". If it reports any errors then your smb.conf @@ -163,9 +163,9 @@ CLASS="SECT2" >

26.3.2. Test 2

27.3.2. Test 2

Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from the unix box. If you don't get a valid response then your TCP/IP @@ -189,9 +189,9 @@ CLASS="SECT2" >

26.3.3. Test 3

27.3.3. Test 3

Run the command "smbclient -L BIGSERVER" on the unix box. You should get a list of available shares back.

26.3.4. Test 4

27.3.4. Test 4

Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the IP address of your Samba server back.

26.3.5. Test 5

27.3.5. Test 5

run the command

26.3.6. Test 6

27.3.6. Test 6

Run the command

26.3.7. Test 7

27.3.7. Test 7

Run the command

26.3.8. Test 8

27.3.8. Test 8

On the PC type the command

26.3.9. Test 9

27.3.9. Test 9

Run the command

26.3.10. Test 10

27.3.10. Test 10

Run the command

26.3.11. Test 11

27.3.11. Test 11

From file manager try to browse the server. Your samba server should appear in the browse list of your local workgroup (or the one you @@ -573,9 +573,9 @@ CLASS="SECT1" >

26.4. Still having troubles?

27.4. Still having troubles?

Try the mailing list or newsgroup, or use the ethereal utility to sniff the problem. The official samba mailing list can be reached at @@ -641,7 +641,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >UpNextChapter 9. Samba as a NT4 domain memberChapter 10. Samba as a NT4 domain member

9.1. Joining an NT Domain with Samba 2.2

10.1. Joining an NT Domain with Samba 2.2

Assume you have a Samba 2.x server with a NetBIOS name of

9.2. Samba and Windows 2000 Domains

10.2. Samba and Windows 2000 Domains

Many people have asked regarding the state of Samba's ability to participate in a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows @@ -336,9 +336,9 @@ CLASS="SECT1" >

9.3. Why is this better than security = server?

10.3. Why is this better than security = server?

Currently, domain security in Samba doesn't free you from having to create local Unix users to represent the users attaching @@ -456,7 +456,7 @@ WIDTH="33%" ALIGN="right" VALIGN="top" >NextUpChapter 21. Group mapping HOWTOChapter 22. Group mapping HOWTO

Starting with Samba 3.0 alpha 2, a new group mapping function is available. The @@ -219,7 +219,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >Up

2.1. Overview of browsing

2.2. Browsing support in samba

2.3. Problem resolution

2.4. Browsing across subnets

2.4.1. How does cross subnet browsing work ?

2.5. Setting up a WINS server

2.6. Setting up Browsing in a WORKGROUP

2.7. Setting up Browsing in a DOMAIN

2.8. Forcing samba to be the master

2.9. Making samba the domain master

2.10. Note about broadcast addresses

2.11. Multiple interfaces

UpPrev

1.1. Read the man pages

1.2. Building the Binaries

1.3. The all important step

1.4. Create the smb configuration file.

1.5. Test your config file with

1.6. Starting the smbd and nmbd

1.6.1. Starting from inetd.conf

1.6.2. Alternative: starting it as a daemon

1.7. Try listing the shares available on your server

1.8. Try connecting with the unix client

1.9. Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client

1.10. What If Things Don't Work?

1.10.1. Diagnosing Problems

1.10.2. Scope IDs

1.10.3. Choosing the Protocol Level

1.10.4. Printing from UNIX to a Client PC

1.10.5. Locking

1.10.6. Mapping Usernames

PrevUpPrevChapter 10. Integrating MS Windows networks with Samba

Chapter 11. Integrating MS Windows networks with Samba

10.1. Agenda

11.1. Agenda

To identify the key functional mechanisms of MS Windows networking to enable the deployment of Samba as a means of extending and/or @@ -147,9 +147,9 @@ CLASS="SECT1" >

10.2. Name Resolution in a pure Unix/Linux world

11.2. Name Resolution in a pure Unix/Linux world

The key configuration files covered in this section are:

10.2.1. 11.2.1. /etc/hosts

10.2.2. 11.2.2. /etc/resolv.conf

10.2.3. 11.2.3. /etc/host.conf

10.2.4. 11.2.4. /etc/nsswitch.conf

10.3. Name resolution as used within MS Windows networking

11.3. Name resolution as used within MS Windows networking

MS Windows networking is predicated about the name each machine is given. This name is known variously (and inconsistently) as @@ -491,9 +491,9 @@ CLASS="SECT2" >

10.3.1. The NetBIOS Name Cache

11.3.1. The NetBIOS Name Cache

All MS Windows machines employ an in memory buffer in which is stored the NetBIOS names and IP addresses for all external @@ -518,9 +518,9 @@ CLASS="SECT2" >

10.3.2. The LMHOSTS file

11.3.2. The LMHOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in

10.3.3. HOSTS file

11.3.3. HOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in

10.3.4. DNS Lookup

11.3.4. DNS Lookup

This capability is configured in the TCP/IP setup area in the network configuration facility. If enabled an elaborate name resolution sequence @@ -663,9 +663,9 @@ CLASS="SECT2" >

10.3.5. WINS Lookup

11.3.5. WINS Lookup

A WINS (Windows Internet Name Server) service is the equivaent of the rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores @@ -706,9 +706,9 @@ CLASS="SECT1" >

10.4. How browsing functions and how to deploy stable and +>11.4. How browsing functions and how to deploy stable and dependable browsing using Samba

As stated above, MS Windows machines register their NetBIOS names @@ -773,9 +773,9 @@ CLASS="SECT1" >

10.5. MS Windows security options and how to configure +>11.5. MS Windows security options and how to configure Samba for seemless integration

MS Windows clients may use encrypted passwords as part of a @@ -910,9 +910,9 @@ CLASS="SECT2" >

10.5.1. Use MS Windows NT as an authentication server

11.5.1. Use MS Windows NT as an authentication server

This method involves the additions of the following parameters in the smb.conf file:

10.5.2. Make Samba a member of an MS Windows NT security domain

11.5.2. Make Samba a member of an MS Windows NT security domain

This method involves additon of the following paramters in the smb.conf file:

10.5.3. Configure Samba as an authentication server

11.5.3. Configure Samba as an authentication server

This mode of authentication demands that there be on the Unix/Linux system both a Unix style account as well as an @@ -1046,9 +1046,9 @@ CLASS="SECT3" >

10.5.3.1. Users

11.5.3.1. Users

A user account that may provide a home directory should be created. The following Linux system commands are typical of @@ -1069,9 +1069,9 @@ CLASS="SECT3" >

10.5.3.2. MS Windows NT Machine Accounts

11.5.3.2. MS Windows NT Machine Accounts

These are required only when Samba is used as a domain controller. Refer to the Samba-PDC-HOWTO for more details.

10.6. Conclusions

11.6. Conclusions

Samba provides a flexible means to operate as...

PrevUp +General installation

SAMBA Project Documentation
PrevNext

I. General installation

Introduction

This part contains general info on how to install samba +and how to configure the parts of samba you will most likely need. +PLEASE read this.

Table of Contents
1. How to Install and Test SAMBA
1.1. Read the man pages
1.2. Building the Binaries
1.3. The all important step
1.4. Create the smb configuration file.
1.5. Test your config file with + testparm
1.6. Starting the smbd and nmbd
1.6.1. Starting from inetd.conf
1.6.2. Alternative: starting it as a daemon
1.7. Try listing the shares available on your + server
1.8. Try connecting with the unix client
1.9. Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client
1.10. What If Things Don't Work?
1.10.1. Diagnosing Problems
1.10.2. Scope IDs
1.10.3. Choosing the Protocol Level
1.10.4. Printing from UNIX to a Client PC
1.10.5. Locking
1.10.6. Mapping Usernames
2. Improved browsing in samba
2.1. Overview of browsing
2.2. Browsing support in samba
2.3. Problem resolution
2.4. Browsing across subnets
2.4.1. How does cross subnet browsing work ?
2.5. Setting up a WINS server
2.6. Setting up Browsing in a WORKGROUP
2.7. Setting up Browsing in a DOMAIN
2.8. Forcing samba to be the master
2.9. Making samba the domain master
2.10. Note about broadcast addresses
2.11. Multiple interfaces
3. Oplocks
3.1. What are oplocks?
4. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide
4.1. Discussion
4.2. Use of the "Remote Announce" parameter
4.3. Use of the "Remote Browse Sync" parameter
4.4. Use of WINS
4.5. Do NOT use more than one (1) protocol on MS Windows machines
4.6. Name Resolution Order
5. LanMan and NT Password Encryption in Samba
5.1. Introduction
5.2. Important Notes About Security
5.2.1. Advantages of SMB Encryption
5.2.2. Advantages of non-encrypted passwords
5.3. The smbpasswd Command
PrevHomeNext
SAMBA Project Documentation How to Install and Test SAMBA
\ No newline at end of file diff --git a/docs/htmldocs/msdfs.html b/docs/htmldocs/msdfs.html index 95902f7217..832187d19f 100644 --- a/docs/htmldocs/msdfs.html +++ b/docs/htmldocs/msdfs.html @@ -11,7 +11,7 @@ TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html">Chapter 13. Hosting a Microsoft Distributed File System tree on SambaChapter 14. Hosting a Microsoft Distributed File System tree on Samba

13.1. Instructions

14.1. Instructions

The Distributed File System (or Dfs) provides a means of separating the logical view of files and directories that users @@ -229,9 +229,9 @@ CLASS="SECT2" >

13.1.1. Notes

14.1.1. Notes

    Up

    3.1. What are oplocks?

    Up +Optional configuration

    SAMBA Project Documentation
    PrevNext

    III. Optional configuration

    Introduction

    Samba has several features that you might want or might not want to use. The chapters in this +part each cover one specific feature.

    Table of Contents
    11. Integrating MS Windows networks with Samba
    11.1. Agenda
    11.2. Name Resolution in a pure Unix/Linux world
    11.2.1. /etc/hosts
    11.2.2. /etc/resolv.conf
    11.2.3. /etc/host.conf
    11.2.4. /etc/nsswitch.conf
    11.3. Name resolution as used within MS Windows networking
    11.3.1. The NetBIOS Name Cache
    11.3.2. The LMHOSTS file
    11.3.3. HOSTS file
    11.3.4. DNS Lookup
    11.3.5. WINS Lookup
    11.4. How browsing functions and how to deploy stable and +dependable browsing using Samba
    11.5. MS Windows security options and how to configure +Samba for seemless integration
    11.5.1. Use MS Windows NT as an authentication server
    11.5.2. Make Samba a member of an MS Windows NT security domain
    11.5.3. Configure Samba as an authentication server
    11.6. Conclusions
    12. UNIX Permission Bits and Windows NT Access Control Lists
    12.1. Viewing and changing UNIX permissions using the NT + security dialogs
    12.2. How to view file security on a Samba share
    12.3. Viewing file ownership
    12.4. Viewing file or directory permissions
    12.4.1. File Permissions
    12.4.2. Directory Permissions
    12.5. Modifying file or directory permissions
    12.6. Interaction with the standard Samba create mask + parameters
    12.7. Interaction with the standard Samba file attribute + mapping
    13. Configuring PAM for distributed but centrally +managed authentication
    13.1. Samba and PAM
    13.2. Distributed Authentication
    13.3. PAM Configuration in smb.conf
    14. Hosting a Microsoft Distributed File System tree on Samba
    14.1. Instructions
    14.1.1. Notes
    15. Printing Support
    15.1. Introduction
    15.2. Configuration
    15.2.1. Creating [print$]
    15.2.2. Setting Drivers for Existing Printers
    15.2.3. Support a large number of printers
    15.2.4. Adding New Printers via the Windows NT APW
    15.2.5. Samba and Printer Ports
    15.3. The Imprints Toolset
    15.3.1. What is Imprints?
    15.3.2. Creating Printer Driver Packages
    15.3.3. The Imprints server
    15.3.4. The Installation Client
    15.4. Diagnosis
    15.4.1. Introduction
    15.4.2. Debugging printer problems
    15.4.3. What printers do I have?
    15.4.4. Setting up printcap and print servers
    15.4.5. Job sent, no output
    15.4.6. Job sent, strange output
    15.4.7. Raw PostScript printed
    15.4.8. Advanced Printing
    15.4.9. Real debugging
    16. Unified Logons between Windows NT and UNIX using Winbind
    16.1. Abstract
    16.2. Introduction
    16.3. What Winbind Provides
    16.3.1. Target Uses
    16.4. How Winbind Works
    16.4.1. Microsoft Remote Procedure Calls
    16.4.2. Name Service Switch
    16.4.3. Pluggable Authentication Modules
    16.4.4. User and Group ID Allocation
    16.4.5. Result Caching
    16.5. Installation and Configuration
    16.5.1. Introduction
    16.5.2. Requirements
    16.5.3. Testing Things Out
    16.6. Limitations
    16.7. Conclusion
    17. Passdb MySQL plugin
    17.1. Building
    17.2. Configuring
    17.3. Using plaintext passwords or encrypted password
    17.4. Getting non-column data from the table
    18. Passdb XML plugin
    18.1. Building
    18.2. Usage
    19. Stackable VFS modules
    19.1. Introduction and configuration
    19.2. Included modules
    19.2.1. audit
    19.2.2. recycle
    19.2.3. netatalk
    19.3. VFS modules available elsewhere
    19.3.1. DatabaseFS
    19.3.2. vscan
    20. Storing Samba's User/Machine Account information in an LDAP Directory
    20.1. Purpose
    20.2. Introduction
    20.3. Supported LDAP Servers
    20.4. Schema and Relationship to the RFC 2307 posixAccount
    20.5. Configuring Samba with LDAP
    20.5.1. OpenLDAP configuration
    20.5.2. Configuring Samba
    20.6. Accounts and Groups management
    20.7. Security and sambaAccount
    20.8. LDAP specials attributes for sambaAccounts
    20.9. Example LDIF Entries for a sambaAccount
    20.10. Comments
    21. HOWTO Access Samba source code via CVS
    21.1. Introduction
    21.2. CVS Access to samba.org
    21.2.1. Access via CVSweb
    21.2.2. Access via cvs
    22. Group mapping HOWTO
    23. Samba performance issues
    23.1. Comparisons
    23.2. Oplocks
    23.2.1. Overview
    23.2.2. Level2 Oplocks
    23.2.3. Old 'fake oplocks' option - deprecated
    23.3. Socket options
    23.4. Read size
    23.5. Max xmit
    23.6. Locking
    23.7. Share modes
    23.8. Log level
    23.9. Wide lines
    23.10. Read raw
    23.11. Write raw
    23.12. Read prediction
    23.13. Memory mapping
    23.14. Slow Clients
    23.15. Slow Logins
    23.16. Client tuning
    23.17. My Results
    PrevHomeNext
    Samba as a NT4 domain member Integrating MS Windows networks with Samba
    \ No newline at end of file diff --git a/docs/htmldocs/other-clients.html b/docs/htmldocs/other-clients.html index 38dfc04a64..892509a591 100644 --- a/docs/htmldocs/other-clients.html +++ b/docs/htmldocs/other-clients.html @@ -11,7 +11,7 @@ TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html">Chapter 24. Samba and other CIFS clientsChapter 25. Samba and other CIFS clients

    This chapter contains client-specific information.

    24.1. Macintosh clients?

    25.1. Macintosh clients?

    Yes.

    24.2. OS2 Client

    25.2. OS2 Client

    24.2.1. How can I configure OS/2 Warp Connect or +>25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?

    A more complete answer to this question can be @@ -195,9 +195,9 @@ CLASS="SECT2" >

    24.2.2. How can I configure OS/2 Warp 3 (not Connect), +>25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?

    You can use the free Microsoft LAN Manager 2.2c Client @@ -239,9 +239,9 @@ CLASS="SECT2" >

    24.2.3. Are there any other issues when OS/2 (any version) +>25.2.3. Are there any other issues when OS/2 (any version) is used as a client?

    When you do a NET VIEW or use the "File and Print @@ -261,9 +261,9 @@ CLASS="SECT2" >

    24.2.4. How do I get printer driver download working +>25.2.4. How do I get printer driver download working for OS/2 clients?

    First, create a share called [PRINTDRV] that is @@ -312,17 +312,17 @@ CLASS="SECT1" >

    24.3. Windows for Workgroups

    25.3. Windows for Workgroups

    24.3.1. Use latest TCP/IP stack from Microsoft

    25.3.1. Use latest TCP/IP stack from Microsoft

    Use the latest TCP/IP stack from microsoft if you use Windows for workgroups.

    24.3.2. Delete .pwl files after password change

    25.3.2. Delete .pwl files after password change

    WfWg does a lousy job with passwords. I find that if I change my password on either the unix box or the PC the safest thing to do is to @@ -362,9 +362,9 @@ CLASS="SECT2" >

    24.3.3. Configure WfW password handling

    25.3.3. Configure WfW password handling

    There is a program call admincfg.exe on the last disk (disk 8) of the WFW 3.11 disk set. To install it @@ -381,9 +381,9 @@ CLASS="SECT2" >

    24.3.4. Case handling of passwords

    25.3.4. Case handling of passwords

    Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the

    24.4. Windows '95/'98

    25.4. Windows '95/'98

    When using Windows 95 OEM SR2 the following updates are recommended where Samba is being used. Please NOTE that the above change will affect you once these @@ -448,9 +448,9 @@ CLASS="SECT1" >

    24.5. Windows 2000 Service Pack 2

    25.5. Windows 2000 Service Pack 2

    There are several annoyances with Windows 2000 SP2. One of which @@ -576,7 +576,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >UpChapter 12. Configuring PAM for distributed but centrally +>Chapter 13. Configuring PAM for distributed but centrally managed authentication

    12.1. Samba and PAM

    13.1. Samba and PAM

    A number of Unix systems (eg: Sun Solaris), as well as the xxxxBSD family and Linux, now utilize the Pluggable Authentication @@ -296,9 +296,9 @@ CLASS="SECT1" >

    12.2. Distributed Authentication

    13.2. Distributed Authentication

    The astute administrator will realize from this that the combination of

    12.3. PAM Configuration in smb.conf

    13.3. PAM Configuration in smb.conf

    There is an option in smb.conf called Up

    17.1. Building

    17.2. Configuring

    17.3. Using plaintext passwords or encrypted password

    I strongly discourage the use of plaintext passwords, however, you can use them:

    If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plaintext pass column' to the name of the column containing the plaintext passwords.

    If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords.

    If you use encrypted passwords, set the 'identifier:plaintext pass column' to 'NULL' (without the quotes). This is the default.

    If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.

    17.4. Getting non-column data from the table

    UpNext

    18.1. Building

    18.2. Usage

    NextUpStoring Samba's User/Machine Account information in an LDAP DirectoryStackable VFS modules

    PrevChapter 23. PortabilityChapter 24. Portability

    Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -84,9 +84,9 @@ CLASS="SECT1" >

    23.1. HPUX

    24.1. HPUX

    HP's implementation of supplementary groups is, er, non-standard (for hysterical reasons). There are two group files, /etc/group and @@ -114,9 +114,9 @@ CLASS="SECT1" >

    23.2. SCO Unix

    24.2. SCO Unix

    If you run an old version of SCO Unix then you may need to get important @@ -131,9 +131,9 @@ CLASS="SECT1" >

    23.3. DNIX

    24.3. DNIX

    DNIX has a problem with seteuid() and setegid(). These routines are needed for Samba to work correctly, but they were left out of the DNIX @@ -238,9 +238,9 @@ CLASS="SECT1" >

    23.4. RedHat Linux Rembrandt-II

    24.4. RedHat Linux Rembrandt-II

    By default RedHat Rembrandt-II during installation adds an entry to /etc/hosts as follows: @@ -274,7 +274,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevUpNextChapter 14. Printing SupportChapter 15. Printing Support

    14.1. Introduction

    15.1. Introduction

    Beginning with the 2.2.0 release, Samba supports the native Windows NT printing mechanisms implemented via @@ -163,9 +163,9 @@ CLASS="SECT1" >

    14.2. Configuration

    15.2. Configuration

    14.2.1. Creating [print$]

    15.2.1. Creating [print$]

    In order to support the uploading of printer driver files, you must first configure a file share named [print$]. @@ -452,9 +452,9 @@ CLASS="SECT2" >

    14.2.2. Setting Drivers for Existing Printers

    15.2.2. Setting Drivers for Existing Printers

    The initial listing of printers in the Samba host's Printers folder will have no real printer driver assigned @@ -524,9 +524,9 @@ CLASS="SECT2" >

    14.2.3. Support a large number of printers

    15.2.3. Support a large number of printers

    One issue that has arisen during the development phase of Samba 2.2 is the need to support driver downloads for @@ -590,9 +590,9 @@ CLASS="SECT2" >

    14.2.4. Adding New Printers via the Windows NT APW

    15.2.4. Adding New Printers via the Windows NT APW

    By default, Samba offers all printer shares defined in

    14.2.5. Samba and Printer Ports

    15.2.5. Samba and Printer Ports

    Windows NT/2000 print servers associate a port with each printer. These normally take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the @@ -796,9 +796,9 @@ CLASS="SECT1" >

    14.3. The Imprints Toolset

    15.3. The Imprints Toolset

    The Imprints tool set provides a UNIX equivalent of the Windows NT Add Printer Wizard. For complete information, please @@ -814,9 +814,9 @@ CLASS="SECT2" >

    14.3.1. What is Imprints?

    15.3.1. What is Imprints?

    Imprints is a collection of tools for supporting the goals of

    14.3.2. Creating Printer Driver Packages

    15.3.2. Creating Printer Driver Packages

    The process of creating printer driver packages is beyond the scope of this document (refer to Imprints.txt also included @@ -862,9 +862,9 @@ CLASS="SECT2" >

    14.3.3. The Imprints server

    15.3.3. The Imprints server

    The Imprints server is really a database server that may be queried via standard HTTP mechanisms. Each printer @@ -886,9 +886,9 @@ CLASS="SECT2" >

    14.3.4. The Installation Client

    15.3.4. The Installation Client

    More information regarding the Imprints installation client is available in the

    14.4. Diagnosis

    15.4. Diagnosis

    14.4.1. Introduction

    15.4.1. Introduction

    This is a short description of how to debug printing problems with Samba. This describes how to debug problems with printing from a SMB @@ -1063,9 +1063,9 @@ CLASS="SECT2" >

    14.4.2. Debugging printer problems

    15.4.2. Debugging printer problems

    One way to debug printing problems is to start by replacing these command with shell scripts that record the arguments and the contents @@ -1120,9 +1120,9 @@ CLASS="SECT2" >

    14.4.3. What printers do I have?

    15.4.3. What printers do I have?

    You can use the 'testprns' program to check to see if the printer name you are using is recognized by Samba. For example, you can @@ -1149,9 +1149,9 @@ CLASS="SECT2" >

    14.4.4. Setting up printcap and print servers

    15.4.4. Setting up printcap and print servers

    You may need to set up some printcaps for your Samba system to use. It is strongly recommended that you use the facilities provided by @@ -1233,9 +1233,9 @@ CLASS="SECT2" >

    14.4.5. Job sent, no output

    15.4.5. Job sent, no output

    This is the most frustrating part of printing. You may have sent the job, verified that the job was forwarded, set up a wrapper around @@ -1278,9 +1278,9 @@ CLASS="SECT2" >

    14.4.6. Job sent, strange output

    15.4.6. Job sent, strange output

    Once you have the job printing, you can then start worrying about making it print nicely.

    14.4.7. Raw PostScript printed

    15.4.7. Raw PostScript printed

    This is a problem that is usually caused by either the print spooling system putting information at the start of the print job that makes @@ -1339,9 +1339,9 @@ CLASS="SECT2" >

    14.4.8. Advanced Printing

    15.4.8. Advanced Printing

    Note that you can do some pretty magic things by using your imagination with the "print command" option and some shell scripts. @@ -1355,9 +1355,9 @@ CLASS="SECT2" >

    14.4.9. Real debugging

    15.4.9. Real debugging

    If the above debug tips don't help, then maybe you need to bring in the bug guns, system tracing. See Tracing.txt in this directory.

    NextUpSecurity levelsUnified Logons between Windows NT and UNIX using Winbind
    Next

    5.1. Introduction

    5.2. Important Notes About Security

    5.2.1. Advantages of SMB Encryption

    5.2.2. Advantages of non-encrypted passwords

    5.3. The smbpasswd Command

    NextUpChapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled DomainChapter 8. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

    7.1. Prerequisite Reading

    8.1. Prerequisite Reading

    Before you continue reading in this chapter, please make sure that you are comfortable with configuring a Samba PDC @@ -97,9 +97,9 @@ CLASS="SECT1" >

    7.2. Background

    8.2. Background

    What is a Domain Controller? It is a machine that is able to answer logon requests from workstations in a Windows NT Domain. Whenever a @@ -142,9 +142,9 @@ CLASS="SECT1" >

    7.3. What qualifies a Domain Controller on the network?

    8.3. What qualifies a Domain Controller on the network?

    Every machine that is a Domain Controller for the domain SAMBA has to register the NetBIOS group name SAMBA#1c with the WINS server and/or @@ -159,9 +159,9 @@ CLASS="SECT2" >

    7.3.1. How does a Workstation find its domain controller?

    8.3.1. How does a Workstation find its domain controller?

    A NT workstation in the domain SAMBA that wants a local user to be authenticated has to find the domain controller for SAMBA. It does @@ -178,9 +178,9 @@ CLASS="SECT2" >

    7.3.2. When is the PDC needed?

    8.3.2. When is the PDC needed?

    Whenever a user wants to change his password, this has to be done on the PDC. To find the PDC, the workstation does a NetBIOS name query @@ -194,9 +194,9 @@ CLASS="SECT1" >

    7.4. Can Samba be a Backup Domain Controller?

    8.4. Can Samba be a Backup Domain Controller?

    With version 2.2, no. The native NT SAM replication protocols have not yet been fully implemented. The Samba Team is working on @@ -213,9 +213,9 @@ CLASS="SECT1" >

    7.5. How do I set up a Samba BDC?

    8.5. How do I set up a Samba BDC?

    Several things have to be done:

    7.5.1. How do I replicate the smbpasswd file?

    8.5.1. How do I replicate the smbpasswd file?

    Replication of the smbpasswd file is sensitive. It has to be done whenever changes to the SAM are made. Every user's password change is @@ -348,7 +348,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >UpLast Update : Thu Aug 15 12:48:45 CDT 2002

    : $Date: 2002/11/13 15:34:49 $

    This book is a collection of HOWTOs added to Samba documentation over the years. I try to ensure that all are current, but sometimes the is a larger job @@ -62,6 +62,11 @@ on the "Documentation" page. Please send updates to jerry@samba.org or +jelmer@samba.org.

    This documentation is distributed under the GNU General Public License (GPL) @@ -82,7 +87,7 @@ CLASS="TOC" >

    I. General installation
    1.1. Read the man pages
    1.2. Building the Binaries
    1.3. The all important step
    1.4. Create the smb configuration file.
    1.5. Test your config file with
    1.6. Starting the smbd and nmbd
    1.7. Try listing the shares available on your server
    1.8. Try connecting with the unix client
    1.9. Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client
    1.10. What If Things Don't Work?
    2.1. Overview of browsing
    2.2. Browsing support in samba
    2.3. Problem resolution
    2.4. Browsing across subnets
    2.5. Setting up a WINS server
    2.6. Setting up Browsing in a WORKGROUP
    2.7. Setting up Browsing in a DOMAIN
    2.8. Forcing samba to be the master
    2.9. Making samba the domain master
    2.10. Note about broadcast addresses
    2.11. Multiple interfaces
    3.1. What are oplocks?
    4.1. Discussion
    4.2. Use of the "Remote Announce" parameter
    4.3. Use of the "Remote Browse Sync" parameter
    4.4. Use of WINS
    4.5. Do NOT use more than one (1) protocol on MS Windows machines
    4.6. Name Resolution Order
    5.1. Introduction
    5.2. Important Notes About Security
    5.3. The smbpasswd Command
    II. Type of installation
    6. User and Share security level (for servers not in a domain)
    7. How to Configure Samba as a NT4 Primary Domain Controller
    6.1. 7.1. Prerequisite Reading
    6.2. 7.2. Background
    6.3. 7.3. Configuring the Samba Domain Controller
    6.4. 7.4. Creating Machine Trust Accounts and Joining Clients to the Domain
    6.5. 7.5. Common Problems and Errors
    6.6. 7.6. System Policies and Profiles
    6.7. 7.7. What other help can I get?
    6.8. 7.8. Domain Control for Windows 9x/ME
    6.9. 7.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
    7. 8. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
    7.1. 8.1. Prerequisite Reading
    7.2. 8.2. Background
    7.3. 8.3. What qualifies a Domain Controller on the network?
    7.4. 8.4. Can Samba be a Backup Domain Controller?
    7.5. 8.5. How do I set up a Samba BDC?
    8. 9. Samba as a ADS domain member
    8.1. 9.1. Installing the required packages for Debian
    8.2. 9.2. Installing the required packages for RedHat
    8.3. 9.3. Compile Samba
    8.4. 9.4. Setup your /etc/krb5.conf
    8.5. 9.5. Create the computer account
    8.6. 9.6. Test your server setup
    8.7. 9.7. Testing with smbclient
    8.8. 9.8. Notes
    9. 10. Samba as a NT4 domain member
    9.1. 10.1. Joining an NT Domain with Samba 2.2
    9.2. 10.2. Samba and Windows 2000 Domains
    9.3. 10.3. Why is this better than security = server?
    III. Optional configuration
    10. 11. Integrating MS Windows networks with Samba
    10.1. 11.1. Agenda
    10.2. 11.2. Name Resolution in a pure Unix/Linux world
    10.3. 11.3. Name resolution as used within MS Windows networking
    10.4. 11.4. How browsing functions and how to deploy stable and dependable browsing using Samba
    10.5. 11.5. MS Windows security options and how to configure Samba for seemless integration
    10.6. 11.6. Conclusions
    11. 12. UNIX Permission Bits and Windows NT Access Control Lists
    11.1. 12.1. Viewing and changing UNIX permissions using the NT security dialogs
    11.2. 12.2. How to view file security on a Samba share
    11.3. 12.3. Viewing file ownership
    11.4. 12.4. Viewing file or directory permissions
    11.5. 12.5. Modifying file or directory permissions
    11.6. 12.6. Interaction with the standard Samba create mask parameters
    11.7. 12.7. Interaction with the standard Samba file attribute mapping
    12. 13. Configuring PAM for distributed but centrally managed authentication
    12.1. 13.1. Samba and PAM
    12.2. 13.2. Distributed Authentication
    12.3. 13.3. PAM Configuration in smb.conf
    13. 14. Hosting a Microsoft Distributed File System tree on Samba
    13.1. 14.1. Instructions
    14. 15. Printing Support
    14.1. 15.1. Introduction
    14.2. 15.2. Configuration
    14.3. 15.3. The Imprints Toolset
    14.4. 15.4. Diagnosis
    15. Security levels
    15.1. Introduction
    15.2. More complete description of security levels
    16. Unified Logons between Windows NT and UNIX using Winbind
    16.1. Abstract
    16.2. Introduction
    16.3. What Winbind Provides
    16.4. How Winbind Works
    16.5. Installation and Configuration
    16.6. Limitations
    16.7. Conclusion
    17.1. Building
    17.2. Configuring
    17.3. Using plaintext passwords or encrypted password
    17.4. Getting non-column data from the table
    18.1. Building
    18.2. Usage
    19. Stackable VFS modules
    19.1. Introduction and configuration
    19.2. Included modules
    19.3. VFS modules available elsewhere
    20. Storing Samba's User/Machine Account information in an LDAP Directory
    19.1. 20.1. Purpose
    19.2. 20.2. Introduction
    19.3. 20.3. Supported LDAP Servers
    19.4. 20.4. Schema and Relationship to the RFC 2307 posixAccount
    19.5. 20.5. Configuring Samba with LDAP
    19.6. 20.6. Accounts and Groups management
    19.7. 20.7. Security and sambaAccount
    19.8. 20.8. LDAP specials attributes for sambaAccounts
    19.9. 20.9. Example LDIF Entries for a sambaAccount
    19.10. 20.10. Comments
    20. 21. HOWTO Access Samba source code via CVS
    20.1. 21.1. Introduction
    20.2. 21.2. CVS Access to samba.org
    21. 22. Group mapping HOWTO
    22. 23. Samba performance issues
    22.1. 23.1. Comparisons
    22.2. 23.2. Oplocks
    22.3. 23.3. Socket options
    22.4. 23.4. Read size
    22.5. 23.5. Max xmit
    22.6. 23.6. Locking
    22.7. 23.7. Share modes
    22.8. 23.8. Log level
    22.9. 23.9. Wide lines
    22.10. 23.10. Read raw
    22.11. 23.11. Write raw
    22.12. 23.12. Read prediction
    22.13. 23.13. Memory mapping
    22.14. 23.14. Slow Clients
    22.15. 23.15. Slow Logins
    22.16. 23.16. Client tuning
    22.17. 23.17. My Results
    IV. Appendixes
    23. 24. Portability
    23.1. 24.1. HPUX
    23.2. 24.2. SCO Unix
    23.3. 24.3. DNIX
    23.4. 24.4. RedHat Linux Rembrandt-II
    24. 25. Samba and other CIFS clients
    24.1. 25.1. Macintosh clients?
    24.2. 25.2. OS2 Client
    24.3. 25.3. Windows for Workgroups
    24.4. 25.4. Windows '95/'98
    24.5. 25.5. Windows 2000 Service Pack 2
    25. 26. Reporting Bugs
    25.1. 26.1. Introduction
    25.2. 26.2. General info
    25.3. 26.3. Debug levels
    25.4. 26.4. Internal errors
    25.5. 26.5. Attaching to a running process
    25.6. 26.6. Patches
    26. 27. Diagnosing your samba server
    26.1. 27.1. Introduction
    26.2. 27.2. Assumptions
    26.3. 27.3. Tests
    26.4. 27.4. Still having troubles?
    NextPrevChapter 19. Storing Samba's User/Machine Account information in an LDAP DirectoryChapter 20. Storing Samba's User/Machine Account information in an LDAP Directory

    19.1. Purpose

    20.1. Purpose

    This document describes how to use an LDAP directory for storing Samba user account information traditionally stored in the smbpasswd(5) file. It is @@ -148,9 +148,9 @@ CLASS="SECT1" >

    19.2. Introduction

    20.2. Introduction

    Traditionally, when configuring

    19.3. Supported LDAP Servers

    20.3. Supported LDAP Servers

    The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP 2.0 server and client libraries. The same code should be able to work with @@ -290,9 +290,9 @@ CLASS="SECT1" >

    19.4. Schema and Relationship to the RFC 2307 posixAccount

    20.4. Schema and Relationship to the RFC 2307 posixAccount

    Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in

    19.5. Configuring Samba with LDAP

    20.5. Configuring Samba with LDAP

    19.5.1. OpenLDAP configuration

    20.5.1. OpenLDAP configuration

    To include support for the sambaAccount object in an OpenLDAP directory server, first copy the samba.schema file to slapd's configuration directory.

    19.5.2. Configuring Samba

    20.5.2. Configuring Samba

    The following parameters are available in smb.conf only with

    19.6. Accounts and Groups management

    20.6. Accounts and Groups management

    As users accounts are managed thru the sambaAccount objectclass, you should modify you existing administration tools to deal with sambaAccount attributes.

    19.7. Security and sambaAccount

    20.7. Security and sambaAccount

    There are two important points to remember when discussing the security of sambaAccount entries in the directory.

    19.8. LDAP specials attributes for sambaAccounts

    20.8. LDAP specials attributes for sambaAccounts

    The sambaAccount objectclass is composed of the following attributes:

    19.9. Example LDIF Entries for a sambaAccount

    20.9. Example LDIF Entries for a sambaAccount

    The following is a working LDIF with the inclusion of the posixAccount objectclass:

    19.10. Comments

    20.10. Comments

    Please mail all comments regarding this HOWTO to PrevPassdb XML pluginStackable VFS modulesUpPrevChapter 6. How to Configure Samba as a NT4 Primary Domain ControllerChapter 7. How to Configure Samba as a NT4 Primary Domain Controller

    6.1. Prerequisite Reading

    7.1. Prerequisite Reading

    Before you continue reading in this chapter, please make sure that you are comfortable with configuring basic files services @@ -108,9 +108,9 @@ CLASS="SECT1" >

    6.2. Background

    7.2. Background

    6.3. Configuring the Samba Domain Controller

    7.3. Configuring the Samba Domain Controller

    The first step in creating a working Samba PDC is to understand the parameters necessary in smb.conf. I will not @@ -472,9 +472,9 @@ CLASS="SECT1" >

    6.4. Creating Machine Trust Accounts and Joining Clients to the +>7.4. Creating Machine Trust Accounts and Joining Clients to the Domain

    A machine trust account is a Samba account that is used to @@ -546,9 +546,9 @@ CLASS="SECT2" >

    6.4.1. Manual Creation of Machine Trust Accounts

    7.4.1. Manual Creation of Machine Trust Accounts

    The first step in manually creating a machine trust account is to manually create the corresponding Unix account in @@ -736,9 +736,9 @@ CLASS="SECT2" >

    6.4.2. "On-the-Fly" Creation of Machine Trust Accounts

    7.4.2. "On-the-Fly" Creation of Machine Trust Accounts

    The second (and recommended) way of creating machine trust accounts is simply to allow the Samba server to create them as needed when the client @@ -773,9 +773,9 @@ CLASS="SECT2" >

    6.4.3. Joining the Client to the Domain

    7.4.3. Joining the Client to the Domain

    The procedure for joining a client to the domain varies with the version of Windows.

    6.5. Common Problems and Errors

    7.5. Common Problems and Errors

    6.6. System Policies and Profiles

    7.6. System Policies and Profiles

    Much of the information necessary to implement System Policies and Roving User Profiles in a Samba domain is the same as that for @@ -1228,9 +1228,9 @@ CLASS="SECT1" >

    6.7. What other help can I get?

    7.7. What other help can I get?

    There are many sources of information available in the form of mailing lists, RFC's and documentation. The docs that come @@ -1648,9 +1648,9 @@ CLASS="SECT1" >

    6.8. Domain Control for Windows 9x/ME

    7.8. Domain Control for Windows 9x/ME

    6.8.1. Configuration Instructions: Network Logons

    7.8.1. Configuration Instructions: Network Logons

    The main difference between a PDC and a Windows 9x logon server configuration is that

    6.8.2. Configuration Instructions: Setting up Roaming User Profiles

    7.8.2. Configuration Instructions: Setting up Roaming User Profiles

    6.8.2.1. Windows NT Configuration

    7.8.2.1. Windows NT Configuration

    To support WinNT clients, in the [global] section of smb.conf set the following (for example):

    6.8.2.2. Windows 9X Configuration

    7.8.2.2. Windows 9X Configuration

    To support Win9X clients, you must use the "logon home" parameter. Samba has now been fixed so that "net use/home" now works as well, and it, too, relies @@ -2023,9 +2023,9 @@ CLASS="SECT3" >

    6.8.2.3. Win9X and WinNT Configuration

    7.8.2.3. Win9X and WinNT Configuration

    You can support profiles for both Win9X and WinNT clients by setting both the "logon home" and "logon path" parameters. For example:

    6.8.2.4. Windows 9X Profile Setup

    7.8.2.4. Windows 9X Profile Setup

    When a user first logs in on Windows 9X, the file user.DAT is created, as are folders "Start Menu", "Desktop", "Programs" and "Nethood". @@ -2228,9 +2228,9 @@ CLASS="SECT3" >

    6.8.2.5. Windows NT Workstation 4.0

    7.8.2.5. Windows NT Workstation 4.0

    When a user first logs in to a Windows NT Workstation, the profile NTuser.DAT is created. The profile location can be now specified @@ -2342,9 +2342,9 @@ CLASS="SECT3" >

    6.8.2.6. Windows NT Server

    7.8.2.6. Windows NT Server

    There is nothing to stop you specifying any path that you like for the location of users' profiles. Therefore, you could specify that the @@ -2356,9 +2356,9 @@ CLASS="SECT3" >

    6.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0

    7.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0

    6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

    7.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

    PrevType of installationUser and Share security level (for servers not in a domain)UpSecurity levelsUser and Share security level (for servers not in a domain)PrevNextChapter 15. Security levels

    15.1. Introduction

    Samba supports the following options to the global smb.conf parameter

    [global]
-security = [share|user(default)|server|domain|ads]

    Please refer to the smb.conf man page for usage information and to the document -DOMAIN_MEMBER.html for further background details -on domain mode security. The Windows 2000 Kerberos domain security model -(security = ads) is described in the ADS-HOWTO.html.

    Of the above, "security = server" means that Samba reports to clients that -it is running in "user mode" but actually passes off all authentication -requests to another "user mode" server. This requires an additional -parameter "password server =" that points to the real authentication server. -That real authentication server can be another Samba server or can be a -Windows NT server, the later natively capable of encrypted password support.

    15.2. More complete description of security levels

    Chapter 6. User and Share security level (for servers not in a domain)

    A SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which @@ -214,7 +160,13 @@ smbpasswd file with SMB style encrypted passwords. It is cryptographically impossible to translate from unix style encryption to SMB style encryption, although there are some fairly simple management schemes by which the two could be kept in sync.

    "security = server" means that Samba reports to clients that +it is running in "user mode" but actually passes off all authentication +requests to another "user mode" server. This requires an additional +parameter "password server =" that points to the real authentication server. +That real authentication server can be another Samba server or can be a +Windows NT server, the later natively capable of encrypted password support.

    PrevNextPrinting SupportType of installationUpUnified Logons between Windows NT and UNIX using WinbindHow to Configure Samba as a NT4 Primary Domain Controller
    NextChapter 22. Samba performance issuesChapter 23. Samba performance issues

    22.1. Comparisons

    23.1. Comparisons

    The Samba server uses TCP to talk to the client. Thus if you are trying to see if it performs well you should really compare it to @@ -111,17 +111,17 @@ CLASS="SECT1" >

    22.2. Oplocks

    23.2. Oplocks

    22.2.1. Overview

    23.2.1. Overview

    Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock @@ -155,9 +155,9 @@ CLASS="SECT2" >

    22.2.2. Level2 Oplocks

    23.2.2. Level2 Oplocks

    With Samba 2.0.5 a new capability - level2 (read only) oplocks is supported (although the option is off by default - see the smb.conf @@ -179,9 +179,9 @@ CLASS="SECT2" >

    22.2.3. Old 'fake oplocks' option - deprecated

    23.2.3. Old 'fake oplocks' option - deprecated

    Samba can also fake oplocks, by granting a oplock whenever a client asks for one. This is controlled using the smb.conf option "fake @@ -200,9 +200,9 @@ CLASS="SECT1" >

    22.3. Socket options

    23.3. Socket options

    There are a number of socket options that can greatly affect the performance of a TCP based server like Samba.

    22.4. Read size

    23.4. Read size

    The option "read size" affects the overlap of disk reads/writes with network reads/writes. If the amount of data being transferred in @@ -254,9 +254,9 @@ CLASS="SECT1" >

    22.5. Max xmit

    23.5. Max xmit

    At startup the client and server negotiate a "maximum transmit" size, which limits the size of nearly all SMB commands. You can set the @@ -277,9 +277,9 @@ CLASS="SECT1" >

    22.6. Locking

    23.6. Locking

    By default Samba does not implement strict locking on each read/write call (although it did in previous versions). If you enable strict @@ -294,9 +294,9 @@ CLASS="SECT1" >

    22.7. Share modes

    23.7. Share modes

    Some people find that opening files is very slow. This is often because of the "share modes" code needed to fully implement the dos @@ -324,9 +324,9 @@ CLASS="SECT1" >

    22.8. Log level

    23.8. Log level

    If you set the log level (also known as "debug level") higher than 2 then you may suffer a large drop in performance. This is because the @@ -338,9 +338,9 @@ CLASS="SECT1" >

    22.9. Wide lines

    23.9. Wide lines

    The "wide links" option is now enabled by default, but if you disable it (for better security) then you may suffer a performance hit in @@ -352,9 +352,9 @@ CLASS="SECT1" >

    22.10. Read raw

    23.10. Read raw

    The "read raw" operation is designed to be an optimised, low-latency file read operation. A server may choose to not support it, @@ -374,9 +374,9 @@ CLASS="SECT1" >

    22.11. Write raw

    23.11. Write raw

    The "write raw" operation is designed to be an optimised, low-latency file write operation. A server may choose to not support it, @@ -391,9 +391,9 @@ CLASS="SECT1" >

    22.12. Read prediction

    23.12. Read prediction

    Samba can do read prediction on some of the SMB commands. Read prediction means that Samba reads some extra data on the last file it @@ -417,9 +417,9 @@ CLASS="SECT1" >

    22.13. Memory mapping

    23.13. Memory mapping

    Samba supports reading files via memory mapping them. One some machines this can give a large boost to performance, on others it @@ -438,9 +438,9 @@ CLASS="SECT1" >

    22.14. Slow Clients

    23.14. Slow Clients

    One person has reported that setting the protocol to COREPLUS rather than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).

    22.15. Slow Logins

    23.15. Slow Logins

    Slow logins are almost always due to the password checking time. Using the lowest practical "password level" will improve things a lot. You @@ -468,9 +468,9 @@ CLASS="SECT1" >

    22.16. Client tuning

    23.16. Client tuning

    Often a speed problem can be traced to the client. The client (for example Windows for Workgroups) can often be tuned for better TCP @@ -572,9 +572,9 @@ CLASS="SECT1" >

    22.17. My Results

    23.17. My Results

    Some people want to see real numbers in a document like this, so here they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b @@ -631,7 +631,7 @@ WIDTH="33%" ALIGN="right" VALIGN="top" >NextUp +Type of installation

    SAMBA Project Documentation
    PrevNext

    II. Type of installation

    Introduction

    Samba can operate in various SMB networks. This part contains information on configuring samba +for various environments.

    Table of Contents
    6. User and Share security level (for servers not in a domain)
    7. How to Configure Samba as a NT4 Primary Domain Controller
    7.1. Prerequisite Reading
    7.2. Background
    7.3. Configuring the Samba Domain Controller
    7.4. Creating Machine Trust Accounts and Joining Clients to the +Domain
    7.4.1. Manual Creation of Machine Trust Accounts
    7.4.2. "On-the-Fly" Creation of Machine Trust Accounts
    7.4.3. Joining the Client to the Domain
    7.5. Common Problems and Errors
    7.6. System Policies and Profiles
    7.7. What other help can I get?
    7.8. Domain Control for Windows 9x/ME
    7.8.1. Configuration Instructions: Network Logons
    7.8.2. Configuration Instructions: Setting up Roaming User Profiles
    7.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
    8. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
    8.1. Prerequisite Reading
    8.2. Background
    8.3. What qualifies a Domain Controller on the network?
    8.3.1. How does a Workstation find its domain controller?
    8.3.2. When is the PDC needed?
    8.4. Can Samba be a Backup Domain Controller?
    8.5. How do I set up a Samba BDC?
    8.5.1. How do I replicate the smbpasswd file?
    9. Samba as a ADS domain member
    9.1. Installing the required packages for Debian
    9.2. Installing the required packages for RedHat
    9.3. Compile Samba
    9.4. Setup your /etc/krb5.conf
    9.5. Create the computer account
    9.5.1. Possible errors
    9.6. Test your server setup
    9.7. Testing with smbclient
    9.8. Notes
    10. Samba as a NT4 domain member
    10.1. Joining an NT Domain with Samba 2.2
    10.2. Samba and Windows 2000 Domains
    10.3. Why is this better than security = server?
    PrevHomeNext
    LanMan and NT Password Encryption in Samba User and Share security level (for servers not in a domain)
    \ No newline at end of file diff --git a/docs/htmldocs/unix-permissions.html b/docs/htmldocs/unix-permissions.html index 153a0e82bc..864fedea7b 100644 --- a/docs/htmldocs/unix-permissions.html +++ b/docs/htmldocs/unix-permissions.html @@ -11,7 +11,7 @@ TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html">Chapter 11. UNIX Permission Bits and Windows NT Access Control ListsChapter 12. UNIX Permission Bits and Windows NT Access Control Lists

    11.1. Viewing and changing UNIX permissions using the NT +>12.1. Viewing and changing UNIX permissions using the NT security dialogs

    New in the Samba 2.0.4 release is the ability for Windows @@ -120,9 +120,9 @@ CLASS="SECT1" >

    11.2. How to view file security on a Samba share

    12.2. How to view file security on a Samba share

    From an NT 4.0 client, single-click with the right mouse button on any file or directory in a Samba mounted @@ -190,9 +190,9 @@ CLASS="SECT1" >

    11.3. Viewing file ownership

    12.3. Viewing file ownership

    Clicking on the

    11.4. Viewing file or directory permissions

    12.4. Viewing file or directory permissions

    The third button is the

    11.4.1. File Permissions

    12.4.1. File Permissions

    The standard UNIX user/group/world triple and the corresponding "read", "write", "execute" permissions @@ -408,9 +408,9 @@ CLASS="SECT2" >

    11.4.2. Directory Permissions

    12.4.2. Directory Permissions

    Directories on an NT NTFS file system have two different sets of permissions. The first set of permissions @@ -440,9 +440,9 @@ CLASS="SECT1" >

    11.5. Modifying file or directory permissions

    12.5. Modifying file or directory permissions

    Modifying file and directory permissions is as simple as changing the displayed permissions in the dialog box, and @@ -538,9 +538,9 @@ CLASS="SECT1" >

    11.6. Interaction with the standard Samba create mask +>12.6. Interaction with the standard Samba create mask parameters

    Note that with Samba 2.0.5 there are four new parameters @@ -815,9 +815,9 @@ CLASS="SECT1" >

    11.7. Interaction with the standard Samba file attribute +>12.7. Interaction with the standard Samba file attribute mapping

    Samba maps some of the DOS attribute bits (such as "read @@ -908,7 +908,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" >Up +Stackable VFS modules

    SAMBA Project Documentation
    PrevNext

    Chapter 19. Stackable VFS modules

    19.1. Introduction and configuration

    Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. +Samba passes each request to access the unix file system thru the loaded VFS modules. +This chapter covers all the modules that come with the samba source and references to +some external modules.

    You may have problems to compile these modules, as shared libraries are +compiled and linked in different ways on different systems. +I currently tested them against GNU/linux and IRIX.

    To use the VFS modules, create a share similar to the one below. The +important parameter is the vfs object parameter which must point to +the exact pathname of the shared library object. For example, to use audit.so: + +

           [audit]
+                comment = Audited /data directory
+                path = /data
+                vfs object = /path/to/audit.so
+                writeable = yes
+                browseable = yes

    Further documentation on writing VFS modules for Samba can be found in +docs directory of the Samba source distribution.

    19.2. Included modules

    19.2.1. audit

    A simple module to audit file access to the syslog +facility. The following operations are logged: +

    share
    connect/disconnect
    directory opens/create/remove
    file open/close/rename/unlink/chmod

    19.2.2. recycle

    A recycle-bin like modules. When used any unlink call +will be intercepted and files moved to the recycle +directory instead of beeing deleted.

    Supported options: +

    vfs_recycle_bin:repository

    FIXME

    vfs_recycle_bin:keeptree

    FIXME

    vfs_recycle_bin:versions

    FIXME

    vfs_recycle_bin:touch

    FIXME

    vfs_recycle_bin:maxsize

    FIXME

    vfs_recycle_bin:exclude

    FIXME

    vfs_recycle_bin:exclude_dir

    FIXME

    vfs_recycle_bin:noversions

    FIXME

    19.2.3. netatalk

    A netatalk module, that will ease co-existence of samba and +netatalk file sharing services.

    Advantages compared to the old netatalk module: +

    it doesn't care about creating of .AppleDouble forks, just keeps ones in sync
    if share in smb.conf doesn't contain .AppleDouble item in hide or veto list, it will be added automatically

    19.3. VFS modules available elsewhere

    This section contains a listing of various other VFS modules that +have been posted but don't currently reside in the Samba CVS +tree for one reason ot another (e.g. it is easy for the maintainer +to have his or her own CVS tree).

    No statemets about the stability or functionality any module +should be implied due to its presence here.

    19.3.1. DatabaseFS

    URL: http://www.css.tayloru.edu/~elorimer/databasefs/index.php

    By Eric Lorimer.

    I have created a VFS module which implements a fairly complete read-only +filesystem. It presents information from a database as a filesystem in +a modular and generic way to allow different databases to be used +(originally designed for organizing MP3s under directories such as +"Artists," "Song Keywords," etc... I have since applied it to a student +roster database very easily). The directory structure is stored in the +database itself and the module makes no assumptions about the database +structure beyond the table it requires to run.

    Any feedback would be appreciated: comments, suggestions, patches, +etc... If nothing else, hopefully it might prove useful for someone +else who wishes to create a virtual filesystem.

    19.3.2. vscan

    URL: http://www.openantivirus.org/

    samba-vscan is a proof-of-concept module for Samba, which +uses the VFS (virtual file system) features of Samba 2.2.x/3.0 +alphaX. Of couse, Samba has to be compiled with VFS support. +samba-vscan supports various virus scanners and is maintained +by Rainer Link.

    PrevHomeNext
    Passdb XML pluginUpStoring Samba's User/Machine Account information in an LDAP Directory
    \ No newline at end of file diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html index 016d77cac1..df5a59f771 100644 --- a/docs/htmldocs/winbind.html +++ b/docs/htmldocs/winbind.html @@ -11,10 +11,10 @@ TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html">Prev

    16.1. Abstract

    16.2. Introduction

    16.3. What Winbind Provides

    16.3.1. Target Uses

    16.4. How Winbind Works

    16.4.1. Microsoft Remote Procedure Calls

    16.4.2. Name Service Switch

    16.4.3. Pluggable Authentication Modules

    16.4.4. User and Group ID Allocation

    16.4.5. Result Caching

    16.5. Installation and Configuration

    16.5.1. Introduction

    16.5.2. Requirements

    16.5.3. Testing Things Out

    16.5.3.1. Configure and compile SAMBA

    16.5.3.2. Configure

    16.5.3.3. Configure smb.conf

    16.5.3.4. Join the SAMBA server to the PDC domain

    16.5.3.5. Start up the winbindd daemon and test it!

    16.5.3.6. Fix the init.d startup scripts

    16.5.3.6.1. Linux

    16.5.3.6.2. Solaris

    16.5.3.6.3. Restarting

    16.5.3.7. Configure Winbind and PAM

    16.5.3.7.1. Linux/FreeBSD-specific PAM configuration

    16.5.3.7.2. Solaris-specific configuration

    16.6. Limitations

    16.7. Conclusion

    PrevSecurity levelsPrinting SupportUp Date: Thu, 14 Nov 2002 17:37:44 +0000 Subject: Update documentation to cover cascaded VFS modules (This used to be commit 218395ac7e5963a773691fb5a0539cce9e3b92f2) --- docs/docbook/manpages/smb.conf.5.sgml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'docs') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 0cdf2bbcd6..ca4de18cfd 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -2300,7 +2300,7 @@ domain logons (G) If set to yes, the Samba server will serve Windows 95/98 Domain logons for the - workgroup it is in. Samba 2.2 also + workgroup it is in. Samba 2.2 has limited capability to act as a domain controller for Windows NT 4 Domains. For more details on setting up this feature see the Samba-PDC-HOWTO included in the htmldocs/ @@ -3791,7 +3791,7 @@ The value of the parameter (a astring) allows the debug level (logging level) to be specified in the smb.conf file. This parameter has been - extended since 2.2.x series, now it allow to specify the debug + extended since the 2.2.x series, now it allow to specify the debug level for multiple debug classes. This is to give greater flexibility in the configuration of the system. @@ -8055,11 +8055,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ vfs object (S) - This parameter specifies a shared object file that - is used for Samba VFS I/O operations. By default, normal + This parameter specifies a shared object files that + are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded - with a VFS object. The Samba VFS layer is new to Samba 2.2 and - must be enabled at compile time with --with-vfs. + with one or more VFS objects. Default : no value @@ -8071,9 +8070,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ vfs options (S) This parameter allows parameters to be passed - to the vfs layer at initialization time. The Samba VFS layer - is new to Samba 2.2 and must be enabled at compile time - with --with-vfs. See also + to the vfs layer at initialization time. + See also vfs object. Default : no value -- cgit From b75212077de08670a449d1f2192aded400559c6e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 14 Nov 2002 21:04:12 +0000 Subject: Update testparm for 3.0 (This used to be commit f01fad02d75975f25235eeeba8262bf11657e54a) --- docs/docbook/manpages/testparm.1.sgml | 12 +++++++++--- docs/docs-status | 3 --- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.sgml index 350683eb57..254ede7265 100644 --- a/docs/docbook/manpages/testparm.1.sgml +++ b/docs/docbook/manpages/testparm.1.sgml @@ -20,8 +20,9 @@ -h -v -L <servername> + -t <encoding> config filename - hostname hostIP + hostname hostIP @@ -86,6 +87,12 @@ their defaults. + + -t encoding + + Output data in specified encoding. + + configfilename This is the name of the configuration file @@ -144,7 +151,7 @@ VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. @@ -173,4 +180,3 @@ - diff --git a/docs/docs-status b/docs/docs-status index 23a0127c3b..7dc301e9ec 100644 --- a/docs/docs-status +++ b/docs/docs-status @@ -40,13 +40,10 @@ docs/docbook/manpages/smbstatus.1.sgml docs/docbook/manpages/smbtar.1.sgml docs/docbook/manpages/smbumount.8.sgml docs/docbook/manpages/swat.8.sgml -docs/docbook/manpages/testparm.1.sgml docs/docbook/manpages/testprns.1.sgml Stuff that needs to be documented: Doc for package maintainers -Some kind of introduction to the various terms used (locking, wins, browsing, domain, ... ) -Merge the various docs about wins and browsing Windows NT 4.0 Style Trust Relationship One Time Migration script from a Windows NT 4.0 PDC to a Samba PDC ldap passwd sync -- cgit From 77f45f5e530600d01f57a7fedbaa272ecd2f8c65 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 14 Nov 2002 21:18:22 +0000 Subject: Add more info about stackable VFS objects (This used to be commit 2dcb295d8eceea7e92e7e8f2e2ffc3583db833fd) --- docs/docbook/projdoc/VFS.sgml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/docbook/projdoc/VFS.sgml b/docs/docbook/projdoc/VFS.sgml index 4c228dfa87..66b9be1dbd 100644 --- a/docs/docbook/projdoc/VFS.sgml +++ b/docs/docbook/projdoc/VFS.sgml @@ -11,7 +11,7 @@ Introduction and configuration -Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. +Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. Samba passes each request to access the unix file system thru the loaded VFS modules. This chapter covers all the modules that come with the samba source and references to some external modules. @@ -20,27 +20,32 @@ some external modules. You may have problems to compile these modules, as shared libraries are compiled and linked in different ways on different systems. -I currently tested them against GNU/linux and IRIX. +They currently have been tested against GNU/linux and IRIX. To use the VFS modules, create a share similar to the one below. The important parameter is the vfs object parameter which must point to -the exact pathname of the shared library object. For example, to use audit.so: +the exact pathname of the shared library objects. For example, to log all access +to files and use a recycle bin: [audit] comment = Audited /data directory path = /data - vfs object = /path/to/audit.so + vfs object = /path/to/audit.so /path/to/recycle.so writeable = yes browseable = yes + +The modules are used in the order they are specified. + + Further documentation on writing VFS modules for Samba can be found in -docs directory of the Samba source distribution. +the Samba Developers Guide. -- cgit From 2b799b56f4d37d2baec44088c096a5a34ac8a968 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 14 Nov 2002 21:36:46 +0000 Subject: Remove some obsolete info (This used to be commit ffd2d3a0ba56f967112aaa63efd4221fad2cee70) --- docs/docbook/projdoc/Speed.sgml | 238 +--------------------------------------- 1 file changed, 2 insertions(+), 236 deletions(-) (limited to 'docs') diff --git a/docs/docbook/projdoc/Speed.sgml b/docs/docbook/projdoc/Speed.sgml index 17adf10429..55d8b9492b 100644 --- a/docs/docbook/projdoc/Speed.sgml +++ b/docs/docbook/projdoc/Speed.sgml @@ -53,92 +53,6 @@ systems. - -Oplocks - - -Overview - - -Oplocks are the way that SMB clients get permission from a server to -locally cache file operations. If a server grants an oplock -(opportunistic lock) then the client is free to assume that it is the -only one accessing the file and it will agressively cache file -data. With some oplock types the client may even cache file open/close -operations. This can give enormous performance benefits. - - - -With the release of Samba 1.9.18 we now correctly support opportunistic -locks. This is turned on by default, and can be turned off on a share- -by-share basis by setting the parameter : - - - -oplocks = False - - - -We recommend that you leave oplocks on however, as current benchmark -tests with NetBench seem to give approximately a 30% improvement in -speed with them on. This is on average however, and the actual -improvement seen can be orders of magnitude greater, depending on -what the client redirector is doing. - - - -Previous to Samba 1.9.18 there was a 'fake oplocks' option. This -option has been left in the code for backwards compatibility reasons -but it's use is now deprecated. A short summary of what the old -code did follows. - - - - - -Level2 Oplocks - - -With Samba 2.0.5 a new capability - level2 (read only) oplocks is -supported (although the option is off by default - see the smb.conf -man page for details). Turning on level2 oplocks (on a share-by-share basis) -by setting the parameter : - - - -level2 oplocks = true - - - -should speed concurrent access to files that are not commonly written -to, such as application serving shares (ie. shares that contain common -.EXE files - such as a Microsoft Office share) as it allows clients to -read-ahread cache copies of these files. - - - - - -Old 'fake oplocks' option - deprecated - - -Samba can also fake oplocks, by granting a oplock whenever a client -asks for one. This is controlled using the smb.conf option "fake -oplocks". If you set "fake oplocks = yes" then you are telling the -client that it may agressively cache the file data for all opens. - - - -Enabling 'fake oplocks' on all read-only shares or shares that you know -will only be accessed from one client at a time you will see a big -performance improvement on many operations. If you enable this option -on shares where multiple clients may be accessing the files read-write -at the same time you can get data corruption. - - - - - Socket options @@ -226,55 +140,6 @@ In most cases the default is the best option. - -Locking - - -By default Samba does not implement strict locking on each read/write -call (although it did in previous versions). If you enable strict -locking (using "strict locking = yes") then you may find that you -suffer a severe performance hit on some systems. - - - -The performance hit will probably be greater on NFS mounted -filesystems, but could be quite high even on local disks. - - - - - -Share modes - - -Some people find that opening files is very slow. This is often -because of the "share modes" code needed to fully implement the dos -share modes stuff. You can disable this code using "share modes = -no". This will gain you a lot in opening and closing files but will -mean that (in some cases) the system won't force a second user of a -file to open the file read-only if the first has it open -read-write. For many applications that do their own locking this -doesn't matter, but for some it may. Most Windows applications -depend heavily on "share modes" working correctly and it is -recommended that the Samba share mode support be left at the -default of "on". - - - -The share mode code in Samba has been re-written in the 1.9.17 -release following tests with the Ziff-Davis NetBench PC Benchmarking -tool. It is now believed that Samba 1.9.17 implements share modes -similarly to Windows NT. - - - -NOTE: In the most recent versions of Samba there is an option to use -shared memory via mmap() to implement the share modes. This makes -things much faster. See the Makefile for how to enable this. - - - - Log level @@ -286,18 +151,6 @@ expensive. - -Wide lines - - -The "wide links" option is now enabled by default, but if you disable -it (for better security) then you may suffer a performance hit in -resolving filenames. The performance loss is lessened if you have -"getwd cache = yes", which is now the default. - - - - Read raw @@ -339,61 +192,6 @@ case you may wish to change this option. - -Read prediction - - -Samba can do read prediction on some of the SMB commands. Read -prediction means that Samba reads some extra data on the last file it -read while waiting for the next SMB command to arrive. It can then -respond more quickly when the next read request arrives. - - - -This is disabled by default. You can enable it by using "read -prediction = yes". - - - -Note that read prediction is only used on files that were opened read -only. - - - -Read prediction should particularly help for those silly clients (such -as "Write" under NT) which do lots of very small reads on a file. - - - -Samba will not read ahead more data than the amount specified in the -"read size" option. It always reads ahead on 1k block boundaries. - - - - - -Memory mapping - - -Samba supports reading files via memory mapping them. One some -machines this can give a large boost to performance, on others it -makes not difference at all, and on some it may reduce performance. - - - -To enable you you have to recompile Samba with the -DUSE_MMAP option -on the FLAGS line of the Makefile. - - - -Note that memory mapping is only used on files opened read only, and -is not used by the "read raw" operation. Thus you may find memory -mapping is more effective if you disable "read raw" using "read raw = -no". - - - - Slow Clients @@ -510,11 +308,12 @@ drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT. -FIXME + The figures are: Put Get P166 client 3Com card: 420-440kB/s 500-520kB/s P100 client 3Com card: 390-410kB/s 490-510kB/s DX4-75 client NE2000: 370-380kB/s 330-350kB/s + @@ -541,38 +340,5 @@ if it could get up to the rate of FTP the perfomance would be quite staggering. - - - -My Results - - -Some people want to see real numbers in a document like this, so here -they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b -tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC -Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to -set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My -server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC -Elite-16 card. You can see my server config in the examples/tridge/ -subdirectory of the distribution. - - - -I get 490k/s on reading a 8Mb file with copy. -I get 441k/s writing the same file to the samba server. - - - -Of course, there's a lot more to benchmarks than 2 raw throughput -figures, but it gives you a ballpark figure. - - - -I've also tested Win95 and WinNT, and found WinNT gave me the best -speed as a samba client. The fastest client of all (for me) is -smbclient running on another linux box. Maybe I'll add those results -here someday ... - - -- cgit From ae23dfd427bc69b747e20f2217163cb863aa2c71 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 14 Nov 2002 22:54:23 +0000 Subject: Some small updates - 'ads server' is no longer required for example (This used to be commit b8f9930f62db8b997a0d6126e79212a113f8b29c) --- docs/docbook/projdoc/ADS-HOWTO.sgml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'docs') diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index 83bb2dc85d..3e34d53c0a 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -10,10 +10,8 @@ Samba as a ADS domain member -This is a VERY ROUGH guide to setting up the current (November 2001) -pre-alpha version of Samba 3.0 with kerberos authentication against a -Windows2000 KDC. The procedures listed here are likely to change as -the code develops. +This is a rough guide to setting up Samba 3.0 with kerberos authentication against a +Windows2000 KDC. Pieces you need before you begin: @@ -76,13 +74,17 @@ to get them off CD2. realm = YOUR.KERBEROS.REALM - ads server = your.kerberos.server security = ADS encrypt passwords = yes -Strictly speaking, you can omit the realm name and you can use an IP - address for the ads server. In that case Samba will auto-detect these. + +In case samba can't figure out your ads server using your realm name, use the +ads server option in smb.conf: + + ads server = your.kerberos.server + + You do *not* need a smbpasswd file, although it won't do any harm and if you have one then Samba will be able to fall back to normal -- cgit