1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
|
<chapter id="Other-Clients">
<chapterinfo>
&author.jelmer;
&author.jht;
&author.danshearer;
<author>&person.jmcd;<contrib>OS/2</contrib></author>
<pubdate>5 Mar 2001</pubdate>
</chapterinfo>
<title>Samba and Other CIFS Clients</title>
<para>This chapter contains client-specific information.</para>
<sect1>
<title>Macintosh Clients</title>
<para>
Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> has a CIFS Client/Server called <ulink url="http://www.thursby.com/products/dave.html">DAVE.</ulink>
They test it against Windows 95, Windows NT /200x/XP and Samba for
compatibility issues. At the time of this writing, DAVE was at version
4.1. Please refer to Thursby's Web site for more information regarding this
product.
</para>
<para>
Alternatives &smbmdash; There are two free implementations of AppleTalk for
several kinds of UNIX machines and several more commercial ones.
These products allow you to run file services and print services
natively to Macintosh users, with no additional support required on
the Macintosh. The two free implementations are
<ulink url="http://www.umich.edu/~rsug/netatalk/">Netatalk,</ulink> and
<ulink url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP.</ulink>
What Samba offers MS Windows users, these packages offer to Macs.
For more info on these packages, Samba, and Linux (and other UNIX-based systems), see
<ulink noescape="1" url="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html.</ulink>
</para>
<para>Newer versions of the Macintosh (Mac OS X) include Samba.</para>
</sect1>
<sect1>
<title>OS2 Client</title>
<sect2>
<title>Configuring OS/2 Warp Connect or OS/2 Warp 4</title>
<para>Basically, you need three components:</para>
<itemizedlist>
<listitem>The File and Print Client (IBM Peer)</listitem>
<listitem>TCP/IP (Internet support) </listitem>
<listitem>The <quote>NetBIOS over TCP/IP</quote> driver (TCPBEUI)</listitem>
</itemizedlist>
<para>Installing the first two together with the base operating
system on a blank system is explained in the Warp manual. If Warp
has already been installed, but you now want to install the
networking support, use the <quote>Selective Install for Networking</quote>
object in the <quote>System Setup</quote> folder.</para>
<para>Adding the <quote>NetBIOS over TCP/IP</quote> driver is not described
in the manual and just barely in the online documentation. Start
<command>MPTS.EXE</command>, click on <guiicon>OK</guiicon>, click on <guimenu>Configure LAPS</guimenu> and click
on <guimenu>IBM OS/2 NETBIOS OVER TCP/IP</guimenu> in <guilabel>Protocols</guilabel>. This line
is then moved to <guilabel>Current Configuration</guilabel>. Select that line,
click on <guimenuitem>Change number</guimenuitem> and increase it from 0 to 1. Save this
configuration.</para>
<para>If the Samba server is not on your local subnet, you
can optionally add IP names and addresses of these servers
to the <guimenu>Names List</guimenu>, or specify a WINS server (NetBIOS
Nameserver in IBM and RFC terminology). For Warp Connect, you
may need to download an update for <constant>IBM Peer</constant> to bring it on
the same level as Warp 4. See the Web page mentioned above.</para>
</sect2>
<sect2>
<title>Configuring Other Versions of OS/2</title>
<para>This sections deals with configuring OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x.</para>
<para>You can use the free Microsoft LAN Manager 2.2c Client for OS/2 that is
available from
<ulink noescape="1" url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/">
ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>. In a nutshell, edit
the file <filename>\OS2VER</filename> in the root directory of the OS/2 boot partition and add the lines:</para>
<para><programlisting>
20=setup.exe
20=netwksta.sys
20=netvdd.sys
</programlisting></para>
<para>before you install the client. Also, do not use the included NE2000 driver because it is buggy.
Try the NE2000 or NS2000 driver from <ulink noescape="1" url="ftp://ftp.cdrom.com/pub/os2/network/ndis/">
ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead.
</para>
</sect2>
<sect2>
<title>Printer Driver Download for OS/2 Clients</title>
<para>Create a share called <smbconfsection>[PRINTDRV]</smbconfsection> that is
world-readable. Copy your OS/2 driver files there. The <filename>.EA_</filename>
files must still be separate, so you will need to use the original install files
and not copy an installed driver from an OS/2 system.</para>
<para>Install the NT driver first for that printer. Then, add to your &smb.conf; a parameter,
<smbconfoption><name>os2 driver map</name><value><replaceable>filename</replaceable></value></smbconfoption>.
Next, in the file specified by <replaceable>filename</replaceable>, map the
name of the NT driver name to the OS/2 driver name as follows:</para>
<para><parameter><replaceable>nt driver name</replaceable> = <replaceable>os2 driver name</replaceable>.<replaceable>device name</replaceable></parameter>, e.g.</para>
<para><parameter>
HP LaserJet 5L = LASERJET.HP LaserJet 5L</parameter></para>
<para>You can have multiple drivers mapped in this file.</para>
<para>If you only specify the OS/2 driver name, and not the
device name, the first attempt to download the driver will
actually download the files, but the OS/2 client will tell
you the driver is not available. On the second attempt, it
will work. This is fixed simply by adding the device name
to the mapping, after which it will work on the first attempt.
</para>
</sect2>
</sect1>
<sect1>
<title>Windows for Workgroups</title>
<sect2>
<title>Latest TCP/IP Stack from Microsoft</title>
<para>Use the latest TCP/IP stack from Microsoft if you use Windows
for Workgroups. The early TCP/IP stacks had lots of bugs.</para>
<para>
Microsoft has released an incremental upgrade to their TCP/IP 32-bit
VxD drivers. The latest release can be found on their ftp site at
ftp.microsoft.com, located in <filename>/peropsys/windows/public/tcpip/wfwt32.exe</filename>.
There is an update.txt file there that describes the problems that were
fixed. New files include <filename>WINSOCK.DLL</filename>,
<filename>TELNET.EXE</filename>,
<filename>WSOCK.386</filename>,
<filename>VNBT.386</filename>,
<filename>WSTCP.386</filename>,
<filename>TRACERT.EXE</filename>,
<filename>NETSTAT.EXE</filename>, and
<filename>NBTSTAT.EXE</filename>.
</para>
</sect2>
<sect2>
<title>Delete .pwl Files After Password Change</title>
<para>
Windows for Workgroups does a lousy job with passwords. When you change passwords on either
the UNIX box or the PC, the safest thing to do is to delete the .pwl files in the Windows
directory. The PC will complain about not finding the files, but will soon get over it,
allowing you to enter the new password.
</para>
<para>
If you do not do this, you may find that Windows for Workgroups remembers and uses the old
password, even if you told it a new one.
</para>
<para>
Often Windows for Workgroups will totally ignore a password you give it in a dialog box.
</para>
</sect2>
<sect2>
<title>Configuring Windows for Workgroups Password Handling</title>
<para>
There is a program call <filename>admincfg.exe</filename>
on the last disk (disk 8) of the WFW 3.11 disk set. To install it,
type <userinput>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</userinput>.
Then add an icon for it via the <application>Program Manager</application> <guimenu>New</guimenu> Menu.
This program allows you to control how WFW handles passwords, i.e.,
Disable Password Caching and so on.
for use with <smbconfoption><name>security</name><value>user</value></smbconfoption>.
</para>
</sect2>
<sect2>
<title>Password Case Sensitivity</title>
<para>Windows for Workgroups uppercases the password before sending it to the server.
UNIX passwords can be case-sensitive though. Check the &smb.conf; information on
<smbconfoption><name>password level</name></smbconfoption> to specify what characters
Samba should try to uppercase when checking.</para>
</sect2>
<sect2>
<title>Use TCP/IP as Default Protocol</title>
<para>To support print queue reporting, you may find
that you have to use TCP/IP as the default protocol under
Windows for Workgroups. For some reason, if you leave NetBEUI as the default,
it may break the print queue reporting on some systems.
It is presumably a Windows for Workgroups bug.</para>
</sect2>
<sect2>
<title>Speed Improvement</title>
<para>
Note that some people have found that setting <parameter>DefaultRcvWindow</parameter> in
the <smbconfsection>[MSTCP]</smbconfsection> section of the
<filename>SYSTEM.INI</filename> file under Windows for Workgroups to 3072 gives a
big improvement.
</para>
<para>
My own experience with DefaultRcvWindow is that I get a much better
performance with a large value (16384 or larger). Other people have
reported that anything over 3072 slows things down enormously. One
person even reported a speed drop of a factor of 30 when he went from
3072 to 8192.
</para>
</sect2>
</sect1>
<sect1>
<title>Windows 95/98</title>
<para>
When using Windows 95 OEM SR2, the following updates are recommended where Samba
is being used. Please note that the above change will effect you once these
updates have been installed.
</para>
<para>
There are more updates than the ones mentioned here. You are referred to the
Microsoft Web site for all currently available updates to your specific version
of Windows 95.
</para>
<simplelist>
<member>Kernel Update: KRNLUPD.EXE</member>
<member>Ping Fix: PINGUPD.EXE</member>
<member>RPC Update: RPCRTUPD.EXE</member>
<member>TCP/IP Update: VIPUPD.EXE</member>
<member>Redirector Update: VRDRUPD.EXE</member>
</simplelist>
<para>
Also, if using <application>MS Outlook,</application> it is desirable to
install the <command>OLEUPD.EXE</command> fix. This
fix may stop your machine from hanging for an extended period when exiting
Outlook and you may notice a significant speedup when accessing network
neighborhood services.
</para>
<sect2>
<title>Speed Improvement</title>
<para>
Configure the Windows 95 TCP/IP registry settings to give better
performance. I use a program called <command>MTUSPEED.exe</command> that I got off the
Internet. There are various other utilities of this type freely available.
</para>
</sect2>
</sect1>
<sect1>
<title>Windows 2000 Service Pack 2</title>
<para>
There are several annoyances with Windows 2000 SP2. One of which
only appears when using a Samba server to host user profiles
to Windows 2000 SP2 clients in a Windows domain. This assumes
that Samba is a member of the domain, but the problem will
most likely occur if it is not.
</para>
<para>
In order to serve profiles successfully to Windows 2000 SP2
clients (when not operating as a PDC), Samba must have
<smbconfoption><name>nt acl support</name><value>no</value></smbconfoption>
added to the file share which houses the roaming profiles.
If this is not done, then the Windows 2000 SP2 client will
complain about not being able to access the profile (Access
Denied) and create multiple copies of it on disk (DOMAIN.user.001,
DOMAIN.user.002, and so on). See the &smb.conf; man page
for more details on this option. Also note that the
<smbconfoption><name>nt acl support</name></smbconfoption> parameter was formally a global parameter in
releases prior to Samba 2.2.2.
</para>
<para>
<link linkend="minimalprofile"/> provides a minimal profile share.
</para>
<para><smbconfexample id="minimalprofile">
<title>Minimal profile share</title>
<smbconfsection>[profile]</smbconfsection>
<smbconfoption><name>path</name><value>/export/profile</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0600</value></smbconfoption>
<smbconfoption><name>directory mask</name><value>0700</value></smbconfoption>
<smbconfoption><name>nt acl support</name><value>no</value></smbconfoption>
<smbconfoption><name>read only</name><value>no</value></smbconfoption>
</smbconfexample></para>
<para>
The reason for this bug is that the Windows 200x SP2 client copies
the security descriptor for the profile that contains
the Samba server's SID, and not the domain SID. The client
compares the SID for SAMBA\user and realizes it is
different from the one assigned to DOMAIN\user. Hence, the reason
for the <errorname>access denied</errorname> message.
</para>
<para>
By disabling the <smbconfoption><name>nt acl support</name></smbconfoption> parameter, Samba will send
the Windows 200x client a response to the QuerySecurityDescriptor trans2 call, which causes the client
to set a default ACL for the profile. This default ACL includes:
</para>
<para><emphasis>DOMAIN\user <quote>Full Control</quote></emphasis>></para>
<note><para>This bug does not occur when using Winbind to
create accounts on the Samba host for Domain users.</para></note>
</sect1>
<sect1>
<title>Windows NT 3.1</title>
<para>If you have problems communicating across routers with Windows
NT 3.1 workstations, read <ulink url="http://support.microsoft.com/default.aspx?scid=kb;Q103765">this Microsoft Knowledge Base article.</ulink>
</para>
</sect1>
</chapter>
|