1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Features</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Samba FAQ"
HREF="samba-faq.html"><LINK
REL="PREVIOUS"
TITLE="Common errors"
HREF="faq-errors.html"><LINK
REL="NEXT"
TITLE="Printing problems"
HREF="faq-printing.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Samba FAQ</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="faq-errors.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="faq-printing.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="FAQ-FEATURES"
></A
>Chapter 6. Features</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN257"
>6.1. How can I prevent my samba server from being used to distribute the Nimda worm?</A
></H1
><P
>Author: HASEGAWA Yosuke (translated by <A
HREF="monyo@samba.gr.jp"
TARGET="_top"
>TAKAHASHI Motonobu</A
>)</P
><P
>Nimba Worm is infected through shared disks on a network, as well as through
Microsoft IIS, Internet Explorer and mailer of Outlook series.</P
><P
>At this time, the worm copies itself by the name *.nws and *.eml on
the shared disk, moreover, by the name of Riched20.dll in the folder
where *.doc file is included.</P
><P
>To prevent infection through the shared disk offered by Samba, set
up as follows:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>[global]
...
# This can break Administration installations of Office2k.
# in that case, don't veto the riched20.dll
veto files = /*.eml/*.nws/riched20.dll/</PRE
></P
><P
>By setting the "veto files" parameter, matched files on the Samba
server are completely hidden from the clients and making it impossible
to access them at all.</P
><P
>In addition to it, the following setting is also pointed out by the
samba-jp:09448 thread: when the
"readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on
a Samba server, it is visible only as "readme.txt" and dangerous
code may be executed if this file is double-clicked.</P
><P
>Setting the following,
<PRE
CLASS="PROGRAMLISTING"
> veto files = /*.{*}/</PRE
>
any files having CLSID in its file extension will be inaccessible from any
clients.</P
><P
>This technical article is created based on the discussion of
samba-jp:09448 and samba-jp:10900 threads.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN271"
>6.2. How can I use samba as a fax server?</A
></H1
><P
>Contributor: <A
HREF="mailto:zuber@berlin.snafu.de"
TARGET="_top"
>Gerhard Zuber</A
></P
><P
>Requirements:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>UNIX box (Linux preferred) with SAMBA and a faxmodem</TD
></TR
><TR
><TD
>ghostscript package</TD
></TR
><TR
><TD
>mgetty+sendfax package</TD
></TR
><TR
><TD
>pbm package (portable bitmap tools)</TD
></TR
></TBODY
></TABLE
><P
></P
></P
><P
>First, install and configure the required packages. Be sure to read the mgetty+sendfax
manual carefully.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN282"
>6.2.1. Tools for printing faxes</A
></H2
><P
>Your incomed faxes are in:
<TT
CLASS="FILENAME"
>/var/spool/fax/incoming</TT
>. Print it with:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>for i in *
do
g3cat $i | g3tolj | lpr -P hp
done</PRE
></P
><P
>g3cat is in the tools-section, g3tolj is in the contrib-section
for printing to HP lasers.</P
><P
>If you want to produce files for displaying and printing with Windows, use
some tools from the pbm-package like the following command: <B
CLASS="COMMAND"
>g3cat $i | g3topbm - | ppmtopcx - >$i.pcx</B
>
and view it with your favourite Windows tool (maybe paintbrush)</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN291"
>6.2.2. Making the fax-server</A
></H2
><P
>fetch the file <TT
CLASS="FILENAME"
>mgetty+sendfax/frontends/winword/faxfilter</TT
> and place it in <TT
CLASS="FILENAME"
>/usr/local/etc/mgetty+sendfax/</TT
>(replace /usr/local/ with whatever place you installed mgetty+sendfax)</P
><P
>prepare your faxspool file as mentioned in this file
edit fax/faxspool.in and reinstall or change the final
/usr/local/bin/faxspool too.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>if [ "$user" = "root" -o "$user" = "fax" -o \
"$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ]</PRE
></P
><P
>find the first line and change it to the second.</P
><P
>make sure you have pbmtext (from the pbm-package). This is
needed for creating the small header line on each page.</P
><P
>Prepare your faxheader <TT
CLASS="FILENAME"
>/usr/local/etc/mgetty+sendfax/faxheader</TT
></P
><P
>Edit your /etc/printcap file:
<PRE
CLASS="PROGRAMLISTING"
># FAX
lp3|fax:\
:lp=/dev/null:\
:sd=/usr/spool/lp3:\
:if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\
:lf=/usr/spool/lp3/fax-log:</PRE
></P
><P
>Now, edit your <TT
CLASS="FILENAME"
>smb.conf</TT
> so you have a smb based printer named "fax"</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN307"
>6.2.3. Installing the client drivers</A
></H2
><P
>Now you have a printer called "fax" which can be used via
TCP/IP-printing (lpd-system) or via SAMBA (windows printing).</P
><P
>On every system you are able to produce postscript-files you
are ready to fax.</P
><P
>On Windows 3.1 95 and NT:</P
><P
>Install a printer wich produces postscript output,
e.g. apple laserwriter</P
><P
>Connect the "fax" to your printer.</P
><P
>Now write your first fax. Use your favourite wordprocessor,
write, winword, notepad or whatever you want, and start
with the headerpage.</P
><P
>Usually each fax has a header page. It carries your name,
your address, your phone/fax-number.</P
><P
>It carries also the recipient, his address and his *** fax
number ***. Now here is the trick:</P
><P
>Use the text:
<PRE
CLASS="PROGRAMLISTING"
>Fax-Nr: 123456789</PRE
>
as the recipients fax-number. Make sure this text does not
occur in regular text ! Make sure this text is not broken
by formatting information, e.g. format it as a single entity.
(Windows Write and Win95 Wordpad are functional, maybe newer
versions of Winword are breaking formatting information).</P
><P
>The trick is that postscript output is human readable and
the faxfilter program scans the text for this pattern and
uses the found number as the fax-destination-number.</P
><P
>Now print your fax through the fax-printer and it will be
queued for later transmission. Use faxrunq for sending the
queue out.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN321"
>6.2.4. Example smb.conf</A
></H2
><P
><PRE
CLASS="PROGRAMLISTING"
>[global]
printcap name = /etc/printcap
print command = /usr/bin/lpr -r -P %p %s
lpq command = /usr/bin/lpq -P %p
lprm command = /usr/bin/lprm -P %p %j
[fax]
comment = FAX (mgetty+sendfax)
path = /tmp
printable = yes
public = yes
writable = no
create mode = 0700
browseable = yes
guest ok = no</PRE
></P
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN325"
>6.3. Samba doesn't work well together with DHCP!</A
></H1
><P
>We wish to help those folks who wish to use the ISC DHCP Server and provide
sample configuration settings. Most operating systems today come ship with
the ISC DHCP Server. ISC DHCP is available from:
<A
HREF="ftp://ftp.isc.org/isc/dhcp"
TARGET="_top"
>ftp://ftp.isc.org/isc/dhcp</A
></P
><P
>Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows
NT/2000) will lead to problems with browsing and with general network
operation. Windows 9X/ME users often report problems where the TCP/IP and related
network settings will inadvertantly become reset at machine start-up resulting
in loss of configuration settings. This results in increased maintenance
overheads as well as serious user frustration.</P
><P
>In recent times users on one mailing list incorrectly attributed the cause of
network operating problems to incorrect configuration of Samba.</P
><P
>One user insisted that the only way to provent Windows95 from periodically
performing a full system reset and hardware detection process on start-up was
to install the NetBEUI protocol in addition to TCP/IP. This assertion is not
correct.</P
><P
>In the first place, there is NO need for NetBEUI. All Microsoft Windows clients
natively run NetBIOS over TCP/IP, and that is the only protocol that is
recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will
cause problems with browse list operation on most networks. Even Windows NT
networks experience these problems when incorrectly configured Windows95
systems share the same name space. It is important that only those protocols
that are strictly needed for site specific reasons should EVER be installed.</P
><P
>Secondly, and totally against common opinion, DHCP is NOT an evil design but is
an extension of the BOOTP protocol that has been in use in Unix environments
for many years without any of the melt-down problems that some sensationalists
would have us believe can be experienced with DHCP. In fact, DHCP in covered by
rfc1541 and is a very safe method of keeping an MS Windows desktop environment
under control and for ensuring stable network operation.</P
><P
>Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95
store all network configuration settings a registry. There are a few reports
from MS Windows network administrators that warrant mention here. It would appear
that when one sets certain MS TCP/IP protocol settings (either directly or via
DHCP) that these do get written to the registry. Even though a subsequent
change of setting may occur the old value may persist in the registry. This
has been known to create serious networking problems.</P
><P
>An example of this occurs when a manual TCP/IP environment is configured to
include a NetBIOS Scope. In this event, when the administrator then changes the
configuration of the MS TCP/IP protocol stack, without first deleting the
current settings, by simply checking the box to configure the MS TCP/IP stack
via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be
applied to the resulting DHCP offered settings UNLESS the DHCP server also sets
a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS
Scope from your DHCP server. The can be done in the dhcpd.conf file with the
parameter:
<B
CLASS="COMMAND"
>option netbios-scope "";</B
></P
><P
>While it is true that the Microsoft DHCP server that comes with Windows NT
Server provides only a sub-set of rfc1533 functionality this is hardly an issue
in those sites that already have a large investment and commitment to Unix
systems and technologies. The current state of the art of the DHCP Server
specification in covered in rfc2132.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN338"
>6.4. How can I assign NetBIOS names to clients with DHCP?</A
></H1
><P
>SMB network clients need to be configured so that all standard TCP/IP name to
address resolution works correctly. Once this has been achieved the SMB
environment provides additional tools and services that act as helper agents in
the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One
such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it
in their Windows NT Server implementation WINS (Windows Internet Name Server).</P
><P
>A client needs to be configured so that it has a unique Machine (Computer)
Name.</P
><P
>This can be done, but needs a few NT registry hacks and you need to be able to
speak UNICODE, which is of course no problem for a True Wizzard(tm) :)
Instructions on how to do this (including a small util for less capable
Wizzards) can be found at</P
><P
><A
HREF="http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html"
TARGET="_top"
>http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html</A
></P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN345"
>6.5. How do I convert between unix and dos text formats?</A
></H1
><P
>Jim barry has written an <A
HREF="ftp://samba.org/pub/samba/contributed/fixcrlf.zip"
TARGET="_top"
>excellent drag-and-drop cr/lf converter for
windows</A
>. Just drag your file onto the icon and it converts the file.</P
><P
>The utilities unix2dos and dos2unix(in the mtools package) should do
the job under unix.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN350"
>6.6. Does samba have wins replication support?</A
></H1
><P
>At the time of writing there is currently being worked on a wins replication implementation(wrepld).</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="faq-errors.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-faq.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="faq-printing.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Common errors</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
> </TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Printing problems</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
|