<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�38.�Samba and Other CIFS Clients</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part�VI.�Appendixes"><link rel="previous" href="Portability.html" title="Chapter�37.�Portability"><link rel="next" href="speed.html" title="Chapter�39.�Samba Performance Tuning"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�38.�Samba and Other CIFS Clients</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Portability.html">Prev</a>�</td><th width="60%" align="center">Part�VI.�Appendixes</th><td width="20%" align="right">�<a accesskey="n" href="speed.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Other-Clients"></a>Chapter�38.�Samba and Other CIFS Clients</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Dan</span> <span class="surname">Shearer</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:dan@samba.org">dan@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jim</span> <span class="surname">McDonough</span></h3><span class="contrib">OS/2</span><div class="affiliation"><span class="orgname">IBM<br></span><div class="address"><p><tt class="email"><<a href="mailto:jmcd@us.ibm.com">jmcd@us.ibm.com</a>></tt></p></div></div></div></div><div><p class="pubdate">5 Mar 2001</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="Other-Clients.html#id2975129">Macintosh Clients</a></dt><dt><a href="Other-Clients.html#id2975206">OS2 Client</a></dt><dd><dl><dt><a href="Other-Clients.html#id2975213">Configuring OS/2 Warp Connect or OS/2 Warp 4</a></dt><dt><a href="Other-Clients.html#id2975348">Configuring Other Versions of OS/2</a></dt><dt><a href="Other-Clients.html#id2975411">Printer Driver Download for OS/2 Clients</a></dt></dl></dd><dt><a href="Other-Clients.html#id2975516">Windows for Workgroups</a></dt><dd><dl><dt><a href="Other-Clients.html#id2975524">Latest TCP/IP Stack from Microsoft</a></dt><dt><a href="Other-Clients.html#id2975610">Delete .pwl Files After Password Change</a></dt><dt><a href="Other-Clients.html#id2975641">Configuring Windows for Workgroups Password Handling</a></dt><dt><a href="Other-Clients.html#id2975701">Password Case Sensitivity</a></dt><dt><a href="Other-Clients.html#id2975739">Use TCP/IP as Default Protocol</a></dt><dt><a href="Other-Clients.html#id2975757">Speed Improvement</a></dt></dl></dd><dt><a href="Other-Clients.html#id2975803">Windows 95/98</a></dt><dd><dl><dt><a href="Other-Clients.html#id2975876">Speed Improvement</a></dt></dl></dd><dt><a href="Other-Clients.html#id2975901">Windows 2000 Service Pack 2</a></dt><dt><a href="Other-Clients.html#id2976103">Windows NT 3.1</a></dt></dl></div><p>This chapter contains client-specific information.</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2975129"></a>Macintosh Clients</h2></div></div><div></div></div><p> Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> has a CIFS Client/Server called <ulink url="http://www.thursby.com/products/dave.html">DAVE.</ulink> They test it against Windows 95, Windows NT /200x/XP and Samba for compatibility issues. At the time of this writing, DAVE was at version 4.1. Please refer to Thursby's Web site for more information regarding this product. </p><p> Alternatives There are two free implementations of AppleTalk for several kinds of UNIX machines and several more commercial ones. These products allow you to run file services and print services natively to Macintosh users, with no additional support required on the Macintosh. The two free implementations are <ulink url="http://www.umich.edu/~rsug/netatalk/">Netatalk,</ulink> and <ulink url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP.</ulink> What Samba offers MS Windows users, these packages offer to Macs. For more info on these packages, Samba, and Linux (and other UNIX-based systems), see <ulink url="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html.</ulink> </p><p>Newer versions of the Macintosh (Mac OS X) include Samba.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2975206"></a>OS2 Client</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975213"></a>Configuring OS/2 Warp Connect or OS/2 Warp 4</h3></div></div><div></div></div><p>Basically, you need three components:</p><div class="itemizedlist"><ul type="disc"><li>The File and Print Client (IBM Peer)</li><li>TCP/IP (Internet support) </li><li>The “<span class="quote">NetBIOS over TCP/IP</span>” driver (TCPBEUI)</li></ul></div><p>Installing the first two together with the base operating system on a blank system is explained in the Warp manual. If Warp has already been installed, but you now want to install the networking support, use the “<span class="quote">Selective Install for Networking</span>” object in the “<span class="quote">System Setup</span>” folder.</p><p>Adding the “<span class="quote">NetBIOS over TCP/IP</span>” driver is not described in the manual and just barely in the online documentation. Start <b class="command">MPTS.EXE</b>, click on <span class="guiicon">OK</span>, click on <span class="guimenu">Configure LAPS</span> and click on <span class="guimenu">IBM OS/2 NETBIOS OVER TCP/IP</span> in <span class="guilabel">Protocols</span>. This line is then moved to <span class="guilabel">Current Configuration</span>. Select that line, click on <span class="guimenuitem">Change number</span> and increase it from 0 to 1. Save this configuration.</p><p>If the Samba server is not on your local subnet, you can optionally add IP names and addresses of these servers to the <span class="guimenu">Names List</span>, or specify a WINS server (NetBIOS Nameserver in IBM and RFC terminology). For Warp Connect, you may need to download an update for <tt class="constant">IBM Peer</tt> to bring it on the same level as Warp 4. See the Web page mentioned above.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975348"></a>Configuring Other Versions of OS/2</h3></div></div><div></div></div><p>This sections deals with configuring OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x.</p><p>You can use the free Microsoft LAN Manager 2.2c Client for OS/2 that is available from <ulink url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/"> ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>. In a nutshell, edit the file <tt class="filename">\OS2VER</tt> in the root directory of the OS/2 boot partition and add the lines:</p><pre class="programlisting"> 20=setup.exe 20=netwksta.sys 20=netvdd.sys </pre><p>before you install the client. Also, do not use the included NE2000 driver because it is buggy. Try the NE2000 or NS2000 driver from <ulink url="ftp://ftp.cdrom.com/pub/os2/network/ndis/"> ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead. </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975411"></a>Printer Driver Download for OS/2 Clients</h3></div></div><div></div></div><p>Create a share called <i class="parameter"><tt>[PRINTDRV]</tt></i> that is world-readable. Copy your OS/2 driver files there. The <tt class="filename">.EA_</tt> files must still be separate, so you will need to use the original install files and not copy an installed driver from an OS/2 system.</p><p>Install the NT driver first for that printer. Then, add to your <tt class="filename">smb.conf</tt> a parameter, <a class="indexterm" name="id2975450"></a><i class="parameter"><tt>os2 driver map</tt></i> = filename. Next, in the file specified by <i class="replaceable"><tt>filename</tt></i>, map the name of the NT driver name to the OS/2 driver name as follows:</p><p><i class="parameter"><tt><i class="replaceable"><tt>nt driver name</tt></i> = <i class="replaceable"><tt>os2 driver name</tt></i>.<i class="replaceable"><tt>device name</tt></i></tt></i>, e.g.</p><p><i class="parameter"><tt> HP LaserJet 5L = LASERJET.HP LaserJet 5L</tt></i></p><p>You can have multiple drivers mapped in this file.</p><p>If you only specify the OS/2 driver name, and not the device name, the first attempt to download the driver will actually download the files, but the OS/2 client will tell you the driver is not available. On the second attempt, it will work. This is fixed simply by adding the device name to the mapping, after which it will work on the first attempt. </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2975516"></a>Windows for Workgroups</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975524"></a>Latest TCP/IP Stack from Microsoft</h3></div></div><div></div></div><p>Use the latest TCP/IP stack from Microsoft if you use Windows for Workgroups. The early TCP/IP stacks had lots of bugs.</p><p> Microsoft has released an incremental upgrade to their TCP/IP 32-bit VxD drivers. The latest release can be found on their ftp site at ftp.microsoft.com, located in <tt class="filename">/peropsys/windows/public/tcpip/wfwt32.exe</tt>. There is an update.txt file there that describes the problems that were fixed. New files include <tt class="filename">WINSOCK.DLL</tt>, <tt class="filename">TELNET.EXE</tt>, <tt class="filename">WSOCK.386</tt>, <tt class="filename">VNBT.386</tt>, <tt class="filename">WSTCP.386</tt>, <tt class="filename">TRACERT.EXE</tt>, <tt class="filename">NETSTAT.EXE</tt>, and <tt class="filename">NBTSTAT.EXE</tt>. </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975610"></a>Delete .pwl Files After Password Change</h3></div></div><div></div></div><p> Windows for Workgroups does a lousy job with passwords. When you change passwords on either the UNIX box or the PC, the safest thing to do is to delete the .pwl files in the Windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password. </p><p> If you do not do this, you may find that Windows for Workgroups remembers and uses the old password, even if you told it a new one. </p><p> Often Windows for Workgroups will totally ignore a password you give it in a dialog box. </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975641"></a>Configuring Windows for Workgroups Password Handling</h3></div></div><div></div></div><p> There is a program call <tt class="filename">admincfg.exe</tt> on the last disk (disk 8) of the WFW 3.11 disk set. To install it, type <b class="userinput"><tt>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</tt></b>. Then add an icon for it via the <span class="application">Program Manager</span> <span class="guimenu">New</span> Menu. This program allows you to control how WFW handles passwords, i.e., Disable Password Caching and so on. for use with <a class="indexterm" name="id2975686"></a><i class="parameter"><tt>security</tt></i> = user. </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975701"></a>Password Case Sensitivity</h3></div></div><div></div></div><p>Windows for Workgroups uppercases the password before sending it to the server. UNIX passwords can be case-sensitive though. Check the <tt class="filename">smb.conf</tt> information on <a class="indexterm" name="id2975721"></a><i class="parameter"><tt>password level</tt></i> to specify what characters Samba should try to uppercase when checking.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975739"></a>Use TCP/IP as Default Protocol</h3></div></div><div></div></div><p>To support print queue reporting, you may find that you have to use TCP/IP as the default protocol under Windows for Workgroups. For some reason, if you leave NetBEUI as the default, it may break the print queue reporting on some systems. It is presumably a Windows for Workgroups bug.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975757"></a>Speed Improvement</h3></div></div><div></div></div><p> Note that some people have found that setting <i class="parameter"><tt>DefaultRcvWindow</tt></i> in the <i class="parameter"><tt>[MSTCP]</tt></i> section of the <tt class="filename">SYSTEM.INI</tt> file under Windows for Workgroups to 3072 gives a big improvement. </p><p> My own experience with DefaultRcvWindow is that I get a much better performance with a large value (16384 or larger). Other people have reported that anything over 3072 slows things down enormously. One person even reported a speed drop of a factor of 30 when he went from 3072 to 8192. </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2975803"></a>Windows 95/98</h2></div></div><div></div></div><p> When using Windows 95 OEM SR2, the following updates are recommended where Samba is being used. Please note that the above change will effect you once these updates have been installed. </p><p> There are more updates than the ones mentioned here. You are referred to the Microsoft Web site for all currently available updates to your specific version of Windows 95. </p><table class="simplelist" border="0" summary="Simple list"><tr><td>Kernel Update: KRNLUPD.EXE</td></tr><tr><td>Ping Fix: PINGUPD.EXE</td></tr><tr><td>RPC Update: RPCRTUPD.EXE</td></tr><tr><td>TCP/IP Update: VIPUPD.EXE</td></tr><tr><td>Redirector Update: VRDRUPD.EXE</td></tr></table><p> Also, if using <span class="application">MS Outlook,</span> it is desirable to install the <b class="command">OLEUPD.EXE</b> fix. This fix may stop your machine from hanging for an extended period when exiting Outlook and you may notice a significant speedup when accessing network neighborhood services. </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975876"></a>Speed Improvement</h3></div></div><div></div></div><p> Configure the Windows 95 TCP/IP registry settings to give better performance. I use a program called <b class="command">MTUSPEED.exe</b> that I got off the Internet. There are various other utilities of this type freely available. </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2975901"></a>Windows 2000 Service Pack 2</h2></div></div><div></div></div><p> There are several annoyances with Windows 2000 SP2. One of which only appears when using a Samba server to host user profiles to Windows 2000 SP2 clients in a Windows domain. This assumes that Samba is a member of the domain, but the problem will most likely occur if it is not. </p><p> In order to serve profiles successfully to Windows 2000 SP2 clients (when not operating as a PDC), Samba must have <a class="indexterm" name="id2975922"></a><i class="parameter"><tt>nt acl support</tt></i> = no added to the file share which houses the roaming profiles. If this is not done, then the Windows 2000 SP2 client will complain about not being able to access the profile (Access Denied) and create multiple copies of it on disk (DOMAIN.user.001, DOMAIN.user.002, and so on). See the <tt class="filename">smb.conf</tt> man page for more details on this option. Also note that the <a class="indexterm" name="id2975950"></a><i class="parameter"><tt>nt acl support</tt></i> parameter was formally a global parameter in releases prior to Samba 2.2.2. </p><p> <link linkend="minimalprofile"> provides a minimal profile share. </p><div class="example"><a name="minimalprofile"></a><p class="title"><b>Example�38.1.�Minimal profile share</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><i class="parameter"><tt>[profile]</tt></i></td></tr><tr><td><i class="parameter"><tt>path = /export/profile</tt></i></td></tr><tr><td><i class="parameter"><tt>create mask = 0600</tt></i></td></tr><tr><td><i class="parameter"><tt>directory mask = 0700</tt></i></td></tr><tr><td><i class="parameter"><tt>nt acl support = no</tt></i></td></tr><tr><td><i class="parameter"><tt>read only = no</tt></i></td></tr></table></div><p> The reason for this bug is that the Windows 200x SP2 client copies the security descriptor for the profile that contains the Samba server's SID, and not the domain SID. The client compares the SID for SAMBA\user and realizes it is different from the one assigned to DOMAIN\user. Hence, the reason for the <span class="errorname">access denied</span> message. </p><p> By disabling the <a class="indexterm" name="id2976065"></a><i class="parameter"><tt>nt acl support</tt></i> parameter, Samba will send the Windows 200x client a response to the QuerySecurityDescriptor trans2 call, which causes the client to set a default ACL for the profile. This default ACL includes: </p><p><span class="emphasis"><em>DOMAIN\user “<span class="quote">Full Control</span>”</em></span>></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This bug does not occur when using Winbind to create accounts on the Samba host for Domain users.</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2976103"></a>Windows NT 3.1</h2></div></div><div></div></div><p>If you have problems communicating across routers with Windows NT 3.1 workstations, read <ulink url="http://support.microsoft.com/default.aspx?scid=kb;Q103765">this Microsoft Knowledge Base article.</ulink> </p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Portability.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="Appendixes.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="speed.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�37.�Portability�</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�39.�Samba Performance Tuning</td></tr></table></div></body></html>