summaryrefslogtreecommitdiff
path: root/docs/faq/Samba-meta-FAQ.txt
blob: 967dceac8de7194c90c5a0996abc619aa56b5eb8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
  Samba meta FAQ
  Dan Shearer & Paul Blackman, ictinus@lake.canberra.edu.au
  v 0.1, 23 Aug '97

  This is the meta-Frequently Asked Questions (FAQ) document for Samba,
  the free and very popular SMB and CIFS server product. It contains
  overview information for the Samba suite of programs, a quick-start
  guide, and pointers to all other Samba documentation. Other FAQs exist
  for specific client and server issues, and HOWTO documents for more
  extended topics to do with Samba software. Current to version Samba
  1.9.17. Please send any corrections to the author.
  ______________________________________________________________________

  Table of Contents:

  1.      Quick Reference Guides to Samba Documentation

  1.1.    Samba for the Impatient

  1.2.    All Samba Documentation

  2.      General Information

  2.1.    What is Samba?

  2.2.    What is the current version of Samba?

  2.3.    Where can I get it?

  2.4.    What do the version numbers mean?

  2.5.    Where can I go for further information?

  2.6.    How do I subscribe to the Samba Mailing Lists?

  2.7.    Something's gone wrong - what should I do?

  2.8.    How do I submit patches or bug reports?

  2.9.    What if I have an URGENT message for the developers?

  2.10.   What if I need paid-for support?

  2.11.   Pizza supply details

  3.      About CIFS and SMB

  3.1.    What is the Server Message Block (SMB) Protocol?

  3.2.    What is the Common Internet Filesystem (CIFS)?

  3.3.    What is Browsing?

  4.      Designing A SMB and CIFS Network

  4.1.    Workgroups, Browsing Domains and Authentication Domains

  4.1.1.  Defining the Terms

  4.1.2.  Sharelevel (Workgroup) Security Services

  4.1.3.  Authentication Domain Mode Services

  4.2.    Authentication Schemes

  4.2.1.  Workgroup Mode Services

  4.2.2.  Windows NT-Style Domain

  4.2.3.  NIS

  4.2.4.  Kerberos

  4.2.5.  FTP

  4.2.6.  Default Server Method

  4.2.7.  Client-side Database Only

  4.3.    Post-Authentication: Netlogon, Logon Scripts, Profiles

  5.      Cross-Protocol File Sharing

  6.      Miscellaneous

  6.1.    Is Samba Year 2000 compliant?
  ______________________________________________________________________

  11..  QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn

  We are endeavouring to provide links here to every major class of
  information about Samba or things related to Samba. We cannot list
  every document, but we are aiming for all documents to be at most two
  referrals from those listed here. This needs constant maintaining, so
  please send the author your feedback.

  11..11..  SSaammbbaa ffoorr tthhee IImmppaattiieenntt

  You know you should read the documentation but can't wait to start?
  What you need to do then is follow the instructions in the following
  documents, in order. This should be enough to get a _s_i_m_p_l_e site going
  quickly. If you have any problems at all, refer back to this section
  and do some more reading.

  1. Getting Samba: ``Download Instructions''

  2. Installing Samba: making sure the binaries are in place and work.
     At the moment there are two kinds of Samba server installs: Unix or
     close relative <INSTALL.txt> and Others <Samba-Server-
     FAQ.html#PortInfo>. Do not forget to

  3. Debug sequence: If you think you have completed the previous step
     and things aren't working properly work through the diagnosis
     recipe. <DIAGNOSIS.txt>

  4. Exporting files to SMB clients: You should read the manual pages
     for smb.conf, but here is a quick answer guide. <Samba-Server-
     FAQ.html#Exporting>

  5. Controlling user access: the quickest and dirtiest way of sharing
     resources is to use ``share level security.'' If you want to spend
     more time and have a proper username and password database you must
     read the paragraph on ``domain mode security.'' If you want
     encryption (eg you are using Windows NT clients) follow the SMB
     encryption instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps>
  6. Browsing: if you are happy to type in "\samba-serverrename" at the
     client end then do not read any further. Otherwise you need to
     understand the ``browsing terminoligy'' and read  <BROWSING.txt>.

  7. Printing: See the printing quick answer guide. <Samba-Server-
     FAQ.html#Printing>

  If you have got everything working to this point, you can expect Samba
  to be stable and secure: these are its greatest strengths. However
  Samba has a great deal to offer and to go further you must do some
  more reading. Speed and security optimisations, printer accounting,
  network logons, roving profiles, browsing across multiple subnets and
  so on are all covered either in this document or in those it refers
  to.

  11..22..  AAllll SSaammbbaa DDooccuummeennttaattiioonn

  +o  Meta-FAQ. This is the mother of all documents, and is the one you
     are reading now. The latest version is always at
     <http://samba.anu.edu.au/[.....]> but there is probably a much
     nearer mirror site <../MIRRORS> which you should use instead.

  +o  <Samba-Server-FAQ.html> is the best starting point for information
     about server-side issues. Includes configuration tips and pointers
     for Samba on particular operating systems (with 40 to choose
     from...)

  +o  <Samba-Client-FAQ.html> is the best starting point for information
     about client-side issues, includes a list of all clients that work
     with Samba.

  +o  <samba-man-index.html> contains descriptions of and links to all
     the Samba manual pages, in Unix man and postscript format.

  +o  <samba-txt-index.html> has descriptions of and links to a large
     number of text files have been contributed to samba covering many
     topics. These are gradually being absorbed into the FAQs and HOWTOS
     but in the meantime you might find helpful answers here.

  +o

  22..  GGeenneerraall IInnffoorrmmaattiioonn

  All about Samba - what it is, how to get it, related sources of
  information, how to understand the version numbering scheme, pizza
  details

  22..11..  WWhhaatt iiss SSaammbbaa??

  Samba is a suite of programs which work together to allow clients to
  access to a server's filespace and printers via the SMB (Server
  Message Block) and CIFS (Common Internet Filesystem) protocols.
  Initially written for Unix, Samba now also runs on Netware, OS/2, VMS,
  StratOS and Amigas. Ports to BeOS and other operating systems are
  underway. Samba gives the capability for these operating systems to
  behave much like a LAN Server, Windows NT Server or Pathworks machine,
  only with added functionality and flexibility designed to make life
  easier for administrators.
  This means that using Samba you can share a server's disks and
  printers to many sorts of network clients, including Lan Manager,
  Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is
  also a generic client program supplied as part of the Samba suite
  which gives a user on the server an ftp-like interface to access
  filespace and printers on any other SMB/CIFS servers.

  Many users report that compared to other SMB implementations Samba is
  more stable, faster, and compatible with more clients. Administrators
  of some large installations say that Samba is the only SMB server
  available which will scale to many tens of thousands of users without
  crashing.  The easy way to test these claims is to download it and try
  it for yourself!

  The suite is supplied with full source code under the GNU Public
  License <../COPYING>. The GPL means that you can use Samba for
  whatever purpose you wish (including changing the source or selling it
  for money) but under all circumstances the source code must be made
  freely available. A copy of the GPL must always be included in any
  copy of the package.

  The primary creator of the Samba suite is Andrew Tridgell. Later
  versions incorporate much effort by many net.helpers. The man pages
  and this FAQ were originally written by Karl Auer.

  22..22..  WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa??

  At time of writing, the current version was 1.9.17. If you want to be
  sure check the bottom of the change-log file.
  <ftp://samba.anu.edu.au/pub/samba/alpha/change-log>

  For more information see ``What do the version numbers mean?''

  22..33..  WWhheerree ccaann II ggeett iitt??

  The Samba suite is available via anonymous ftp from samba.anu.edu.au
  and many mirror <../MIRRORS> sites. You will get much faster
  performance if you use a mirror site. The latest and greatest versions
  of the suite are in the directory:

  /pub/samba/

  Development (read "alpha") versions, which are NOT necessarily stable
  and which do NOT necessarily have accurate documentation, are
  available in the directory:

  /pub/samba/alpha

  Note that binaries are NOT included in any of the above. Samba is
  distributed ONLY in source form, though binaries may be available from
  other sites. Most Linux distributions, for example, do contain Samba
  binaries for that platform. The VMS, OS/2, Netware and Amiga and other
  ports typically have binaries made available.

  22..44..  WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann??

  It is not recommended that you run a version of Samba with the word
  "alpha" in its name unless you know what you are doing and are willing
  to do some debugging. Many, many people just get the latest
  recommended stable release version and are happy. If you are brave, by
  all means take the plunge and help with the testing and development -
  but don't install it on your departmental server. Samba is typically
  very stable and safe, and this is mostly due to the policy of many
  public releases.

  How the scheme works:

  1. When major changes are made the version number is increased. For
     example, the transition from 1.9.16 to 1.9.17. However, this
     version number will not appear immediately and people should
     continue to use 1.9.15 for production systems (see next point.)

  2. Just after major changes are made the software is considered
     unstable, and a series of alpha releases are distributed, for
     example 1.9.16alpha1. These are for testing by those who know what
     they are doing.  The "alpha" in the filename will hopefully scare
     off those who are just looking for the latest version to install.

  3. When Andrew thinks that the alphas have stabilised to the point
     where he would recommend new users install it, he renames it to the
     same version number without the alpha, for example 1.9.17.

  4. Inevitably bugs are found in the "stable" releases and minor patch
     levels are released which give us the pXX series, for example
     1.9.17p2.

  So the progression goes:

                  1.9.16p10       (production)
                  1.9.16p11       (production)
                  1.9.17alpha1    (test sites only)
                    :
                  1.9.17alpha20   (test sites only)
                  1.9.17          (production)
                  1.9.17p1        (production)

  The above system means that whenever someone looks at the samba ftp
  site they will be able to grab the highest numbered release without an
  alpha in the name and be sure of getting the current recommended
  version.

  22..55..  WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn??

  There are a number of places to look for more information on Samba,
  including:

  +o  Two mailing lists devoted to discussion of Samba-related matters.
     See below for subscription information.

  +o  The newsgroup comp.protocols.smb, which has a great deal of
     discussion about Samba.

  +o  The WWW site 'SAMBA Web Pages' at
     <http://samba.canberra.edu.au/pub/samba/samba.html> includes:

  +o  Links to man pages and documentation, including this FAQ

  +o  A comprehensive survey of Samba users

  +o  A searchable hypertext archive of the Samba mailing list

  +o  Links to Samba source code, binaries, and mirrors of both

  +o  This FAQ and the rest in its family

  22..66..  HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss??

  Send email to listproc@samba.anu.edu.au. Make sure the subject line is
  blank, and include the following two lines in the body of the message:

       subscribe samba Firstname Lastname
       subscribe samba-announce Firstname Lastname

  Obviously you should substitute YOUR first name for "Firstname" and
  YOUR last name for "Lastname"! Try not to send any signature, it
  sometimes confuses the list processor.

  The samba list is a digest list - every eight hours or so it sends a
  single message containing all the messages that have been received by
  the list since the last time and sends a copy of this message to all
  subscribers. There are thousands of people on this list.

  If you stop being interested in Samba, please send another email to
  listproc@samba.anu.edu.au. Make sure the subject line is blank, and
  include the following two lines in the body of the message:

       unsubscribe samba
       unsubscribe samba-announce

  The FFrroomm:: line in your message _M_U_S_T be the same address you used when
  you subscribed.

  22..77..  SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo??

  ## ****** IIMMPPOORRTTAANNTT!! ****** ##

  DO NOT post messages on mailing lists or in newsgroups until you have
  carried out the first three steps given here!

  1. See if there are any likely looking entries in this FAQ! If you
     have just installed Samba, have you run through the checklist in
     DIAGNOSIS.txt <ftp://samba.anu.edu.au/pub/samba/DIAGNOSIS.txt>? It
     can save you a lot of time and effort.  DIAGNOSIS.txt can also be
     found in the docs directory of the Samba distribution.

  2. Read the man pages for smbd, nmbd and smb.conf, looking for topics
     that relate to what you are trying to do.

  3. If there is no obvious solution to hand, try to get a look at the
     log files for smbd and/or nmbd for the period during which you were
     having problems. You may need to reconfigure the servers to provide
     more extensive debugging information - usually level 2 or level 3
     provide ample debugging info. Inspect these logs closely, looking
     particularly for the string "Error:".

  4. If you need urgent help and are willing to pay for it see ``Paid
     Support''.

  If you still haven't got anywhere, ask the mailing list or newsgroup.
  In general nobody minds answering questions provided you have followed
  the preceding steps. It might be a good idea to scan the archives of
  the mailing list, which are available through the Samba web site
  described in the previous section. When you post be sure to include a
  good description of your environment and your problem.

  If you successfully solve a problem, please mail the FAQ maintainer a
  succinct description of the symptom, the problem and the solution, so
  that an explanation can be incorporated into the next version.

  22..88..  HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss??

  If you make changes to the source code, _p_l_e_a_s_e submit these patches so
  that everyone else gets the benefit of your work. This is one of the
  most important aspects to the maintainence of Samba. Send all patches
  to samba-bugs@samba.anu.edu.au. Do not send patches to Andrew Tridgell
  or any other individual, they may be lost if you do.

  Patch format ------------

  If you are sending a patch to fix a problem then please don't just use
  standard diff format. As an example, samba-bugs received this patch
  from someone:

  382a #endif 381a #if !defined(NEWS61)

  How are we supposed to work out what this does and where it goes?
  These sort of patches only work if we both have identical files in the
  first place. The Samba sources are constantly changing at the hands of
  multiple developers, so it doesn't work.

  Please use either context diffs or (even better) unified diffs. You
  get these using "diff -c4" or "diff -u". If you don't have a diff that
  can generate these then please send manualy commented patches to I
  know what is being changed and where. Most patches are applied by hand
  so the info must be clear.

  This is a basic guideline that will assist us with assessing your
  problem more efficiently :

  Machine Arch: Machine OS: OS Version: Kernel:

  Compiler: Libc Version:

  Samba Version:

  Network Layout (description):

  What else is on machine (services, etc):

  Some extras :

  +o  what you did and what happened

  +o  relevant parts of a debugging output file with debuglevel higher.
     If you can't find the relevant parts, please ask before mailing
     huge files.

  +o  anything else you think is useful to trace down the bug

  22..99..  WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss??

  If you have spotted something very serious and believe that it is
  important to contact the developers quickly send a message to samba-
  urgent@samba.anu.edu.au. This will be processed more quickly than mail
  to samba-bugs. Please think carefully before using this address. An
  example of its use might be to report a security hole.

  Examples of things _n_o_t to send to samba-urgent include problems
  getting Samba to work at all and bugs that cannot potentially cause
  damage.

  22..1100..  WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt??

  Samba has a large network of consultants who provide Samba support on
  a commercial basis. The list is included in the package in
  Support.txt, and the latest version will always be on the main samba
  ftp site.  Any company in the world can request that the samba team
  include their details in Support.txt so we can give no guarantee of
  their services.

  22..1111..  PPiizzzzaa ssuuppppllyy ddeettaaiillss

  Those who have registered in the Samba survey as "Pizza Factory" will
  already know this, but the rest may need some help. Andrew doesn't ask
  for payment, but he does appreciate it when people give him pizza.
  This calls for a little organisation when the pizza donor is twenty
  thousand kilometres away, but it has been done.

  1. Ring up your local branch of an international pizza chain and see
     if they honour their vouchers internationally. Pizza Hut do, which
     is how the entire Canberra Linux Users Group got to eat pizza one
     night, courtesy of someone in the US.

  2. Ring up a local pizza shop in Canberra and quote a credit card
     number for a certain amount, and tell them that Andrew will be
     collecting it (don't forget to tell him.) One kind soul from
     Germany did this.

  3. Purchase a pizza voucher from your local pizza shop that has no
     international affiliations and send it to Andrew. It is completely
     useless but he can hang it on the wall next to the one he already
     has from Germany :-)

  4. Air freight him a pizza with your favourite regional flavours. It
     will probably get stuck in customs or torn apart by hungry sniffer
     dogs but it will have been a noble gesture.

  33..  AAbboouutt CCIIFFSS aanndd SSMMBB

  33..11..  WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll??

  SMB is a filesharing protocol that has had several maintainers and
  contributors over the years including Xerox, 3Com and most recently
  Microsoft. Names for this protocol include LAN Manager and Microsoft
  Networking. Parts of the specification has been made public at several
  versions including in an X/Open document, as listed at
  <ftp://ftp.microsoft.com/developr/drg/CIFS/>. No specification
  releases were made between 1992 and 1996, and during that period
  Microsoft became the SMB implementor with the largest market share.
  Microsoft developed the specification further for its products but for
  various reasons connected with developer's workload rather than market
  strategy did not make the changes public. This culminated with the
  "Windows NT 0.12" version released with NT 3.5 in 1995 which had
  significant improvements and bugs. Because Microsoft client systems
  are so popular, it is fair to say that what Microsoft with Windows
  affects all suppliers of SMB server products.

  From 1994 Andrew Tridgell began doing some serious work on his
  Smbserver (now Samba) product and with some helpers started to
  implement more and more of these protocols. Samba began to take a
  significant share of the SMB server market.

  33..22..  WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))??

  The initial pressure for Microsoft to document their current SMB
  implementation came from the Samba team, who kept coming across things
  on the wire that Microsoft either didn't know about or hadn't
  documented anywhere (even in the sourcecode to Windows NT.) Then Sun
  Microsystems came out with their WebNFS initiative, designed to
  replace FTP for file transfers on the Internet. There are many
  drawbacks to WebNFS (including its scope - it aims to replace HTTP as
  well!) but the concept was attractive. FTP is not very clever, and why
  should it be harder to get files from across the world than across the
  room?

  Some hasty revisions were made and an Internet Draft for the Common
  Internet Filesystem (CIFS) was released. Note that CIFS is not an
  Internet standard and is a very long way from becoming one, BUT the
  protocol specification is in the public domain and ongoing discussions
  concerning the spec take place on a public mailing list according to
  the rules of the Internet Engineering Task Force. For more information
  and pointers see  <http://samba.anu.edu.au/cifs/>

  The following is taken from  <http://www.microsoft.com/intdev/cifs/>

      CIFS defines a standard remote file system access protocol for use
      over the Internet, enabling groups of users to work together and
      share documents across the Internet or within their corporate
      intranets. CIFS is an open, cross-platform technology based on the
      native file-sharing protocols built into Microsoft Windows and
      other popular PC operating systems, and supported on dozens of
      other platforms, including UNIX. With CIFS, millions of computer
      users can open and share remote files on the Internet without having
      to install new software or change the way they work."

  If you consider CIFS as a backwardsly-compatible refinement of SMB
  that will work reasonably efficiently over the Internet you won't be
  too far wrong.

  The net effect is that Microsoft is now documenting large parts of
  their Windows NT fileserver protocols. The security concepts embodied
  in Windows NT are part of the specification, which is why Samba
  documentation often talks in terms of Windows NT. However there is no
  reason why a site shouldn't conduct all its file and printer sharing
  with CIFS and yet have no Microsoft products at all.

  33..33..  WWhhaatt iiss BBrroowwssiinngg??

  The term "Browsing" causes a lot of confusion. It is the part of the
  SMB/CIFS protocol which allows for resource discovery. For example, in
  the Windows NT Explorer it is possible to see a "Network
  Neighbourhood" of computers in the same SMB workgroup. Clicking on the
  name of one of these machines brings up a list of file and printer
  resources for connecting to. In this way you can cruise the network,
  seeing what things are available. How this scales to the Internet is a
  subject for debate. Look at the CIFS list archives to see what the
  experts think.

  44..  DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk

  The big issues for installing any network of LAN or WAN file and print
  servers are

  +o  How and where usernames, passwords and other security information
     is stored

  +o  What method can be used for locating the resources that users have
     permission to use

  +o  What protocols the clients can converse with

  If you buy Netware, Windows NT or just about any other LAN fileserver
  product you are expected to lock yourself into the product's preferred
  answers to these questions. This tendancy is restrictive and often
  very expensive for a site where there is only one kind of client or
  server, and for sites with a mixture of operating systems it often
  makes it impossible to share resources between some sets of users.

  The Samba philosophy is to make things as easy as possible for
  administators, which means allowing as many combinations of clients,
  servers, operating systems and protocols as possible.

  44..11..  WWoorrkkggrroouuppss,, BBrroowwssiinngg DDoommaaiinnss aanndd AAuutthheennttiiccaattiioonn DDoommaaiinnss

  The concepts of a Workgroup and a Domain are fundamental to SMB
  networking. Although Microsoft integrates Workgroups and Domains
  tightly with their authentication procedures there is no reason why
  this has to be so in an SMB network. Groups of SMB machines can work
  together just as well with Unix or OS/2 Samba servers as they can with
  Windows NT servers, even though the password storage and access
  methods are totally different.

  44..11..11..  DDeeffiinniinngg tthhee TTeerrmmss

  A Workgroup (or Browsing Domain) is collection of machines that
  maintain a common database contianing information about their shared
  resources.  They do not necessarily have any security information in
  common. The database is dynamic, modified as servers come and go on
  the network and as resources are added or deleted. The term "browsing"
  refers to a user accessing the database via whatever interface the
  client provides. SMB servers agree between themselves as to which ones
  will maintain the browsing database. Workgroups can be anywhere on a
  connected TCP/IP network, including on different subnets or anywhere
  on the Interet. This is a very tricky part of SMB to implement.

  Due to the convoluted history of SMB there is now conflicting
  terminology describing Domains and Workgroups. "Domain" is used in the
  browsing specifications to define that group of servers and clients
  who share a common name and a common browsing database. The following
  are used exclusively in the context of Workgroup browsing:

  +o  Domain Master Browser

  +o  Local Master Browser

  Alternative terms include confusing variations such as "Browse
  Master", and "Master Browser" which we are trying to eliminate from
  the Samba documentation. We are moving to the use of "Browsing Domain"
  wherever the word "Domain" occurs in a workgroup context. Ideally
  "Workgroup" would also be replaced by Browsing Domain but it is very
  widely used terminology.

  Unfortunately the group of machines which use the the Microsoft method
  of sharing authentication information (but not any of the many other
  methods) is also called a Domain. As explained elsewhere Microsoft are
  not making this protocol public and The following are used exclusively
  in the context of Microsoft Authentication domains:

  +o  Primary Domain Controller

  +o  Backup Domain Controller

  +o  Domain Logon

  These terms can be very confusing, and so in the Samba documentation
  we are moving to the term "Authentication Domain" wherever Domain is
  used in this sense. As a final touch of irony, all Authentication
  Domains are also Browsing Domains.

  44..11..22..  SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess

  With the Samba setting "security = SHARE", all shared resources
  information about what password is associated with them but only hints
  as to what usernames might be valid (the hint can be 'all users', in
  which case any username will work. This is usually a bad idea, but
  reflects both the initial implementations of SMB in the mid-80s and
  its reincarnation with Windows for Workgroups in 1992. The idea behind
  workgroup security was that small independant groups of people could
  share information on an ad-hoc basis without there being an
  authentication infrastructure present or requiring them to do more
  than fill in a dialogue box.

  44..11..33..  AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess

  With the Samba settings "security = USER" or "security = SERVER"
  accesses to all resources are checked for username/password pair
  matches in a more rigorous manner. This has the effect of emulating a
  Microsoft Authentication Domain. Whether or not an Authentication
  Domain is involved depends on how the network has been designed.

  44..22..  AAuutthheennttiiccaattiioonn SScchheemmeess

  In the simple case authentication information is stored on a single
  server and the user types a password on connecting for the first time.
  However client operating systems often require a password before they
  can be used at all, and in addition users usually want access to more
  than one server. Asking users to remember many different passwords in
  different contexts just does not work. Some kind of distributed
  authentication database is needed. It must cope with password changes
  and provide for assigning groups of users the same level of access
  permissions.

  Authentication decisions are some of the biggest in designing a
  network.  Are you going to use a scheme native to the client operating
  system, native to the server operating system, or newly installed on
  both? A list of options relevant to Samba (ie that make sense in the
  context of the SMB protocol) follows. Any experiences with other
  setups would be appreciated. refer to server FAQ for "passwd chat"
  passwd program password server etc etc...

  44..22..11..  WWoorrkkggrroouupp MMooddee SSeerrvviicceess

  etc etc

  44..22..22..  WWiinnddoowwss NNTT--SSttyyllee DDoommaaiinn

  Samba compiled with libdes - enabling encrypted passwords security =
  server

  44..22..33..  NNIISS

  44..22..44..  KKeerrbbeerrooss

  44..22..55..  FFTTPP

  44..22..66..  DDeeffaauulltt SSeerrvveerr MMeetthhoodd

  44..22..77..  CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy

  44..33..  PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess

  55..  CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg

  Samba is an important tool for...

  It is possible to...

  File protocol gateways...

  "Setting up a Linux File Server"
  http://vetrec.mit.edu/people/narf/linux.html

  Two free implementations of Appletalk for Unix are Netatalk,
  <http://www.umich.edu/~rsug/netatalk/>, and CAP,
  <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS
  Windows users, these packages offer to Macs. For more info on these
  packages, Samba, and Linux (and other UNIX-based systems) see
  <http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework

  66..  MMiisscceellllaanneeoouuss

  66..11..  IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt??

  The CIFS protocol that Samba implements negotiates times in various
  formats, all of which are able to cope with dates beyond 2000.