sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Code

Regenerate docs

Browse Source 
(This used to be commit 381f75134a)
This commit is contained in:
Jelmer Vernooij 2003-04-17 19:23:06 +00:00
parent cdd3fa410a
commit 065cf3eac5
45 changed files with 11037 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

555
docs/htmldocs/advancednetworkmanagement.html Normal file
View File

@ -0,0 +1,555 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Advanced Network Manangement</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Unified Logons between Windows NT and UNIX using Winbind"
HREF="winbind.html"><LINK
REL="NEXT"
TITLE="System and Account Policies"
HREF="policymgmt.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="winbind.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="policymgmt.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="ADVANCEDNETWORKMANAGEMENT"
></A
>Chapter 16. Advanced Network Manangement</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>16.1. <A
HREF="advancednetworkmanagement.html#AEN2870"
>Configuring Samba Share Access Controls</A
></DT
><DT
>16.2. <A
HREF="advancednetworkmanagement.html#AEN2908"
>Remote Server Administration</A
></DT
><DT
>16.3. <A
HREF="advancednetworkmanagement.html#AEN2925"
>Network Logon Script Magic</A
></DT
></DL
></DIV
><P
>This section attempts to document peripheral issues that are of great importance to network
administrators who want to improve network resource access control, to automate the user
environment, and to make their lives a little easier.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2870"
>16.1. Configuring Samba Share Access Controls</A
></H1
><P
>This section deals with how to configure Samba per share access control restrictions.
By default samba sets no restrictions on the share itself. Restrictions on the share itself
can be set on MS Windows NT4/200x/XP shares. This can be a very effective way to limit who can
connect to a share. In the absence of specific restrictions the default setting is to allow
the global user <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Everyone</I
></SPAN
> Full Control (ie: Full control, Change and Read).</P
><P
>At this time Samba does NOT provide a tool for configuring access control setting on the Share
itself. Samba does have the capacity to store and act on access control settings, but the only
way to create those settings is to use either the NT4 Server Manager or the Windows 200x MMC for
Computer Management.</P
><P
>Samba stores the per share access control settings in a file called <TT
CLASS="FILENAME"
>share_info.tdb</TT
>.
The location of this file on your system will depend on how samba was compiled. The default location
for samba's tdb files is under <TT
CLASS="FILENAME"
>/usr/local/samba/var</TT
>. If the <TT
CLASS="FILENAME"
>tdbdump</TT
>
utility has been compiled and installed on your system then you can examine the contents of this file
by: <KBD
CLASS="USERINPUT"
>tdbdump share_info.tdb</KBD
>.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2880"
>16.1.1. Share Permissions Management</A
></H2
><P
>The best tool for the task is platform dependant. Choose the best tool for your environmemt.</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2883"
>16.1.1.1. Windows NT4 Workstation/Server</A
></H3
><P
>The tool you need to use to manage share permissions on a Samba server is the NT Server Manager.
Server Manager is shipped with Windows NT4 Server products but not with Windows NT4 Workstation.
You can obtain the NT Server Manager for MS Windows NT4 Workstation from Microsoft - see details below.</P
><DIV
CLASS="PROCEDURE"
><P
><B
>Instructions</B
></P
><OL
TYPE="1"
><LI
><P
>Launch the NT4 Server Manager, click on the Samba server you want to administer, then from the menu
select Computer, then click on the Shared Directories entry.</P
></LI
><LI
><P
> Now click on the share that you wish to manage, then click on the Properties tab, next click on
the Permissions tab. Now you can Add or change access control settings as you wish.</P
></LI
></OL
></DIV
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2892"
>16.1.1.2. Windows 200x/XP</A
></H3
><P
>On MS Windows NT4/200x/XP system access control lists on the share itself are set using native
tools, usually from filemanager. For example, in Windows 200x: right click on the shared folder,
then select 'Sharing', then click on 'Permissions'. The default Windows NT4/200x permission allows
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Everyone</I
></SPAN
> Full Control on the Share.</P
><P
>MS Windows 200x and later all comes with a tool called the 'Computer Management' snap-in for the
Microsoft Management Console (MMC). This tool is located by clicking on <TT
CLASS="FILENAME"
>Control Panel -&#62;
Administrative Tools -&#62; Computer Management</TT
>.</P
><DIV
CLASS="PROCEDURE"
><P
><B
>Instructions</B
></P
><OL
TYPE="1"
><LI
><P
> After launching the MMC with the Computer Management snap-in, click on the menu item 'Action',
select 'Connect to another computer'. If you are not logged onto a domain you will be prompted
to enter a domain login user identifier and a password. This will authenticate you to the domain.
If you where already logged in with administrative privilidge this step is not offered.</P
></LI
><LI
><P
>If the Samba server is not shown in the Select Computer box, then type in the name of the target
Samba server in the field 'Name:'. Now click on the [+] next to 'System Tools', then on the [+]
next to 'Shared Folders' in the left panel.</P
></LI
><LI
><P
>Now in the right panel, double-click on the share you wish to set access control permissions on.
Then click on the tab 'Share Permissions'. It is now possible to add access control entities
to the shared folder. Do NOT forget to set what type of access (full control, change, read) you
wish to assign for each entry.</P
></LI
></OL
></DIV
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Be careful. If you take away all permissions from the Everyone user without removing this user
then effectively no user will be able to access the share. This is a result of what is known as
ACL precidence. ie: Everyone with NO ACCESS means that MaryK who is part of the group Everyone
will have no access even if this user is given explicit full control access.</P
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2908"
>16.2. Remote Server Administration</A
></H1
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>How do I get 'User Manager' and 'Server Manager'?</I
></SPAN
></P
><P
>Since I don't need to buy an NT4 Server, how do I get the 'User Manager for Domains',
the 'Server Manager'?</P
><P
>Microsoft distributes a version of these tools called nexus for installation on Windows 9x / Me
systems. The tools set includes:</P
><P
></P
><UL
><LI
><P
>Server Manager</P
></LI
><LI
><P
>User Manager for Domains</P
></LI
><LI
><P
>Event Viewer</P
></LI
></UL
><P
>Click here to download the archived file <A
HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE"
TARGET="_top"
>ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A
></P
><P
>The Windows NT 4.0 version of the 'User Manager for
Domains' and 'Server Manager' are available from Microsoft via ftp
from <A
HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE"
TARGET="_top"
>ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A
></P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2925"
>16.3. Network Logon Script Magic</A
></H1
><P
>This section needs work. Volunteer contributions most welcome. Please send your patches or updates
to <A
HREF="mailto:jht@samba.org"
TARGET="_top"
>John Terpstra</A
>.</P
><P
>There are several opportunities for creating a custom network startup configuration environment.</P
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>No Logon Script</TD
></TR
><TR
><TD
>Simple universal Logon Script that applies to all users</TD
></TR
><TR
><TD
>Use of a conditional Logon Script that applies per user or per group attirbutes</TD
></TR
><TR
><TD
>Use of Samba's Preexec and Postexec functions on access to the NETLOGON share to create
a custom Logon Script and then execute it.</TD
></TR
><TR
><TD
>User of a tool such as KixStart</TD
></TR
></TBODY
></TABLE
><P
></P
><P
>The Samba source code tree includes two logon script generation/execution tools. See <TT
CLASS="FILENAME"
>examples</TT
> directory <TT
CLASS="FILENAME"
>genlogon</TT
> and <TT
CLASS="FILENAME"
>ntlogon</TT
> subdirectories.</P
><P
>The following listings are from the genlogon directory.</P
><P
>This is the genlogon.pl file:
<PRE
CLASS="PROGRAMLISTING"
> #!/usr/bin/perl
#
# genlogon.pl
#
# Perl script to generate user logon scripts on the fly, when users
# connect from a Windows client. This script should be called from smb.conf
# with the %U, %G and %L parameters. I.e:
#
# root preexec = genlogon.pl %U %G %L
#
# The script generated will perform
# the following:
#
# 1. Log the user connection to /var/log/samba/netlogon.log
# 2. Set the PC's time to the Linux server time (which is maintained
# daily to the National Institute of Standard's Atomic clock on the
# internet.
# 3. Connect the user's home drive to H: (H for Home).
# 4. Connect common drives that everyone uses.
# 5. Connect group-specific drives for certain user groups.
# 6. Connect user-specific drives for certain users.
# 7. Connect network printers.
# Log client connection
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, "&#62;&#62;/var/log/samba/netlogon.log";
print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] logged into $ARGV[1]\n";
close LOG;
# Start generating logon script
open LOGON, "&#62;/shared/netlogon/$ARGV[0].bat";
print LOGON "\@ECHO OFF\r\n";
# Connect shares just use by Software Development group
if ($ARGV[1] eq "SOFTDEV" || $ARGV[0] eq "softdev")
{
print LOGON "NET USE M: \\\\$ARGV[2]\\SOURCE\r\n";
}
# Connect shares just use by Technical Support staff
if ($ARGV[1] eq "SUPPORT" || $ARGV[0] eq "support")
{
print LOGON "NET USE S: \\\\$ARGV[2]\\SUPPORT\r\n";
}
# Connect shares just used by Administration staff
If ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
{
print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n";
print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n";
}
# Now connect Printers. We handle just two or three users a little
# differently, because they are the exceptions that have desktop
# printers on LPT1: - all other user's go to the LaserJet on the
# server.
if ($ARGV[0] eq 'jim'
|| $ARGV[0] eq 'yvonne')
{
print LOGON "NET USE LPT2: \\\\$ARGV[2]\\LJET3\r\n";
print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
}
else
{
print LOGON "NET USE LPT1: \\\\$ARGV[2]\\LJET3\r\n";
print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
}
# All done! Close the output file.
close LOGON;</PRE
></P
><P
>Those wishing to use more elaborate or capable logon processing system should check out the following sites:</P
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>http://www.craigelachie.org/rhacer/ntlogon</TD
></TR
><TR
><TD
>http://www.kixtart.org</TD
></TR
></TBODY
></TABLE
><P
></P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="winbind.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="policymgmt.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Unified Logons between Windows NT and UNIX using Winbind</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>System and Account Policies</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

2773
docs/htmldocs/cups-printing.html Normal file
View File

File diff suppressed because it is too large Load Diff

446
docs/htmldocs/domain-member.html Normal file
View File

@ -0,0 +1,446 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Samba as a NT4 or Win2k domain member</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Type of installation"
HREF="type.html"><LINK
REL="PREVIOUS"
TITLE="Samba as a ADS domain member"
HREF="ads.html"><LINK
REL="NEXT"
TITLE="Advanced Configuration"
HREF="optional.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="ads.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="optional.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="DOMAIN-MEMBER"
></A
>Chapter 10. Samba as a NT4 or Win2k domain member</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>10.1. <A
HREF="domain-member.html#AEN1448"
>Joining an NT Domain with Samba 3.0</A
></DT
><DT
>10.2. <A
HREF="domain-member.html#AEN1502"
>Why is this better than security = server?</A
></DT
></DL
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1448"
>10.1. Joining an NT Domain with Samba 3.0</A
></H1
><P
>Assume you have a Samba 3.0 server with a NetBIOS name of
<CODE
CLASS="CONSTANT"
>SERV1</CODE
> and are joining an or Win2k NT domain called
<CODE
CLASS="CONSTANT"
>DOM</CODE
>, which has a PDC with a NetBIOS name
of <CODE
CLASS="CONSTANT"
>DOMPDC</CODE
> and two backup domain controllers
with NetBIOS names <CODE
CLASS="CONSTANT"
>DOMBDC1</CODE
> and <CODE
CLASS="CONSTANT"
>DOMBDC2
</CODE
>.</P
><P
>Firstly, you must edit your <TT
CLASS="FILENAME"
>smb.conf</TT
> file to tell Samba it should
now use domain security.</P
><P
>Change (or add) your <A
HREF="smb.conf.5.html#SECURITY"
TARGET="_top"
> <VAR
CLASS="PARAMETER"
>security =</VAR
></A
> line in the [global] section
of your <TT
CLASS="FILENAME"
>smb.conf</TT
> to read:</P
><P
><B
CLASS="COMMAND"
>security = domain</B
></P
><P
>Next change the <A
HREF="smb.conf.5.html#WORKGROUP"
TARGET="_top"
><VAR
CLASS="PARAMETER"
> workgroup =</VAR
></A
> line in the [global] section to read: </P
><P
><B
CLASS="COMMAND"
>workgroup = DOM</B
></P
><P
>as this is the name of the domain we are joining. </P
><P
>You must also have the parameter <A
HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
TARGET="_top"
> <VAR
CLASS="PARAMETER"
>encrypt passwords</VAR
></A
> set to <CODE
CLASS="CONSTANT"
>yes
</CODE
> in order for your users to authenticate to the NT PDC.</P
><P
>Finally, add (or modify) a <A
HREF="smb.conf.5.html#PASSWORDSERVER"
TARGET="_top"
> <VAR
CLASS="PARAMETER"
>password server =</VAR
></A
> line in the [global]
section to read: </P
><P
><B
CLASS="COMMAND"
>password server = DOMPDC DOMBDC1 DOMBDC2</B
></P
><P
>These are the primary and backup domain controllers Samba
will attempt to contact in order to authenticate users. Samba will
try to contact each of these servers in order, so you may want to
rearrange this list in order to spread out the authentication load
among domain controllers.</P
><P
>Alternatively, if you want smbd to automatically determine
the list of Domain controllers to use for authentication, you may
set this line to be :</P
><P
><B
CLASS="COMMAND"
>password server = *</B
></P
><P
>This method, allows Samba to use exactly the same
mechanism that NT does. This
method either broadcasts or uses a WINS database in order to
find domain controllers to authenticate against.</P
><P
>In order to actually join the domain, you must run this
command:</P
><P
><SAMP
CLASS="PROMPT"
>root# </SAMP
><KBD
CLASS="USERINPUT"
>net rpc join -S DOMPDC
-U<VAR
CLASS="REPLACEABLE"
>Administrator%password</VAR
></KBD
></P
><P
>as we are joining the domain DOM and the PDC for that domain
(the only machine that has write access to the domain SAM database)
is DOMPDC. The <VAR
CLASS="REPLACEABLE"
>Administrator%password</VAR
> is
the login name and password for an account which has the necessary
privilege to add machines to the domain. If this is successful
you will see the message:</P
><P
><SAMP
CLASS="COMPUTEROUTPUT"
>Joined domain DOM.</SAMP
>
or <SAMP
CLASS="COMPUTEROUTPUT"
>Joined 'SERV1' to realm 'MYREALM'</SAMP
>
</P
><P
>in your terminal window. See the <A
HREF="net.8.html"
TARGET="_top"
> net(8)</A
> man page for more details.</P
><P
>This process joins the server to thedomain
without having to create the machine trust account on the PDC
beforehand.</P
><P
>This command goes through the machine account password
change protocol, then writes the new (random) machine account
password for this Samba server into a file in the same directory
in which an smbpasswd file would be stored - normally :</P
><P
><TT
CLASS="FILENAME"
>/usr/local/samba/private/secrets.tdb</TT
></P
><P
>This file is created and owned by root and is not
readable by any other user. It is the key to the domain-level
security for your system, and should be treated as carefully
as a shadow password file.</P
><P
>Finally, restart your Samba daemons and get ready for
clients to begin using domain security!</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1502"
>10.2. Why is this better than security = server?</A
></H1
><P
>Currently, domain security in Samba doesn't free you from
having to create local Unix users to represent the users attaching
to your server. This means that if domain user <CODE
CLASS="CONSTANT"
>DOM\fred
</CODE
> attaches to your domain security Samba server, there needs
to be a local Unix user fred to represent that user in the Unix
filesystem. This is very similar to the older Samba security mode
<A
HREF="smb.conf.5.html#SECURITYEQUALSSERVER"
TARGET="_top"
>security = server</A
>,
where Samba would pass through the authentication request to a Windows
NT server in the same way as a Windows 95 or Windows 98 server would.
</P
><P
>Please refer to the <A
HREF="winbind.html"
TARGET="_top"
>Winbind
paper</A
> for information on a system to automatically
assign UNIX uids and gids to Windows NT Domain users and groups.
This code is available in development branches only at the moment,
but will be moved to release branches soon.</P
><P
>The advantage to domain-level security is that the
authentication in domain-level security is passed down the authenticated
RPC channel in exactly the same way that an NT server would do it. This
means Samba servers now participate in domain trust relationships in
exactly the same way NT servers do (i.e., you can add Samba servers into
a resource domain and have the authentication passed on from a resource
domain PDC to an account domain PDC.</P
><P
>In addition, with <B
CLASS="COMMAND"
>security = server</B
> every Samba
daemon on a server has to keep a connection open to the
authenticating server for as long as that daemon lasts. This can drain
the connection resources on a Microsoft NT server and cause it to run
out of available connections. With <B
CLASS="COMMAND"
>security = domain</B
>,
however, the Samba daemons connect to the PDC/BDC only for as long
as is necessary to authenticate the user, and then drop the connection,
thus conserving PDC connection resources.</P
><P
>And finally, acting in the same manner as an NT server
authenticating to a PDC means that as part of the authentication
reply, the Samba server gets the user identification information such
as the user SID, the list of NT groups the user belongs to, etc. </P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> Much of the text of this document
was first published in the Web magazine <A
HREF="http://www.linuxworld.com"
TARGET="_top"
>
LinuxWorld</A
> as the article <A
HREF="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"
TARGET="_top"
>Doing
the NIS/NT Samba</A
>.</P
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="ads.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Samba as a ADS domain member</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="type.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Advanced Configuration</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

142
docs/htmldocs/editreg.1.html Normal file
View File

@ -0,0 +1,142 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>editreg</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="EDITREG.1"
></A
>editreg</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>editreg&nbsp;--&nbsp;A utility to report and change SIDs in registry files
</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>editreg</B
> [-v] [-c file] {file}</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN14"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>Samba</SPAN
>(7)</SPAN
> suite.</P
><P
><B
CLASS="COMMAND"
>editreg</B
> is a utility that
can visualize windows registry files (currently only NT4) and apply
so-called commandfiles to them.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN22"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>registry_file</DT
><DD
><P
>Registry file to view or edit. </P
></DD
><DT
>-v,--verbose</DT
><DD
><P
>Increases verbosity of messages.
</P
></DD
><DT
>-c commandfile</DT
><DD
><P
>Read commands to execute on <TT
CLASS="FILENAME"
>registry_file</TT
> from <TT
CLASS="FILENAME"
>commandfile</TT
>. Currently not yet supported!
</P
></DD
><DT
>-h|--help</DT
><DD
><P
>Print a summary of command line options.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN43"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of the Samba
suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN46"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The editreg man page was written by Jelmer Vernooij. </P
></DIV
></BODY
></HTML
>

451
docs/htmldocs/interdomaintrusts.html Normal file
View File

@ -0,0 +1,451 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Interdomain Trust Relationships</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Desktop Profile Management"
HREF="profilemgmt.html"><LINK
REL="NEXT"
TITLE="PAM Configuration for Centrally Managed Authentication"
HREF="pam.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="profilemgmt.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="pam.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="INTERDOMAINTRUSTS"
></A
>Chapter 19. Interdomain Trust Relationships</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>19.1. <A
HREF="interdomaintrusts.html#AEN3447"
>Trust Relationship Background</A
></DT
><DT
>19.2. <A
HREF="interdomaintrusts.html#AEN3456"
>Native MS Windows NT4 Trusts Configuration</A
></DT
><DD
><DL
><DT
>19.2.1. <A
HREF="interdomaintrusts.html#AEN3459"
>NT4 as the Trusting Domain (ie. creating the trusted account)</A
></DT
><DT
>19.2.2. <A
HREF="interdomaintrusts.html#AEN3462"
>NT4 as the Trusted Domain (ie. creating trusted account's password)</A
></DT
></DL
></DD
><DT
>19.3. <A
HREF="interdomaintrusts.html#AEN3465"
>Configuring Samba NT-style Domain Trusts</A
></DT
><DD
><DL
><DT
>19.3.1. <A
HREF="interdomaintrusts.html#AEN3469"
>Samba-3 as the Trusting Domain</A
></DT
><DT
>19.3.2. <A
HREF="interdomaintrusts.html#AEN3481"
>Samba-3 as the Trusted Domain</A
></DT
></DL
></DD
></DL
></DIV
><P
>Samba-3 supports NT4 style domain trust relationships. This is feature that many sites
will want to use if they migrate to Samba-3 from and NT4 style domain and do NOT want to
adopt Active Directory or an LDAP based authentication back end. This section explains
some background information regarding trust relationships and how to create them. It is now
possible for Samba-3 to NT4 trust (and vice versa), as well as Samba3 to Samba3 trusts.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3447"
>19.1. Trust Relationship Background</A
></H1
><P
>MS Windows NT3.x/4.0 type security domains employ a non-hierarchical security structure.
The limitations of this architecture as it affects the scalability of MS Windows networking
in large organisations is well known. Additionally, the flat-name space that results from
this design significantly impacts the delegation of administrative responsibilities in
large and diverse organisations.</P
><P
>Microsoft developed Active Directory Service (ADS), based on Kerberos and LDAP, as a means
of circumventing the limitations of the older technologies. Not every organisation is ready
or willing to embrace ADS. For small companies the older NT4 style domain security paradigm
is quite adequate, there thus remains an entrenched user base for whom there is no direct
desire to go through a disruptive change to adopt ADS.</P
><P
>Microsoft introduced with MS Windows NT the ability to allow differing security domains
to affect a mechanism so that users from one domain may be given access rights and privileges
in another domain. The language that describes this capability is couched in terms of
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Trusts</I
></SPAN
>. Specifically, one domain will <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>trust</I
></SPAN
> the users
from another domain. The domain from which users are available to another security domain is
said to be a trusted domain. The domain in which those users have assigned rights and privileges
is the trusting domain. With NT3.x/4.0 all trust relationships are always in one direction only,
thus if users in both domains are to have privileges and rights in each others' domain, then it is
necessary to establish two (2) relationships, one in each direction.</P
><P
>In an NT4 style MS security domain, all trusts are non-transitive. This means that if there
are three (3) domains (let's call them RED, WHITE, and BLUE) where RED and WHITE have a trust
relationship, and WHITE and BLUE have a trust relationship, then it holds that there is no
implied trust between the RED and BLUE domains. ie: Relationships are explicit and not
transitive.</P
><P
>New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way
by default. Also, all inter-ADS domain trusts are transitive. In the case of the RED, WHITE and BLUE
domains above, with Windows 2000 and ADS the RED and BLUE domains CAN trust each other. This is
an inherent feature of ADS domains. Samba-3 implements MS Windows NT4
style Interdomain trusts and interoperates with MS Windows 200x ADS
security domains in similar manner to MS Windows NT4 style domains.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3456"
>19.2. Native MS Windows NT4 Trusts Configuration</A
></H1
><P
>There are two steps to creating an interdomain trust relationship.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3459"
>19.2.1. NT4 as the Trusting Domain (ie. creating the trusted account)</A
></H2
><P
>For MS Windows NT4, all domain trust relationships are configured using the Domain User Manager.
To affect a two way trust relationship it is necessary for each domain administrator to make
available (for use by an external domain) it's security resources. This is done from the Domain
User Manager Policies entry on the menu bar. From the Policy menu, select Trust Relationships, then
next to the lower box that is labelled "Permitted to Trust this Domain" are two buttons, "Add" and
"Remove". The "Add" button will open a panel in which needs to be entered the remote domain that
will be able to assign user rights to your domain. In addition it is necessary to enter a password
that is specific to this trust relationship. The password needs to be
typed twice (for standard confirmation).</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3462"
>19.2.2. NT4 as the Trusted Domain (ie. creating trusted account's password)</A
></H2
><P
>A trust relationship will work only when the other (trusting) domain makes the appropriate connections
with the trusted domain. To consumate the trust relationship the administrator will launch the
Domain User Manager, from the menu select Policies, then select Trust Relationships, then click on the
"Add" button that is next to the box that is labelled "Trusted Domains". A panel will open in
which must be entered the name of the remote domain as well as the password assigned to that trust.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3465"
>19.3. Configuring Samba NT-style Domain Trusts</A
></H1
><P
>This description is meant to be a fairly short introduction about how to set up a Samba server so
that it could participate in interdomain trust relationships. Trust relationship support in Samba
is in its early stage, so lot of things don't work yet.</P
><P
>Each of the procedures described below is treated as they were performed with Windows NT4 Server on
one end. The remote end could just as well be another Samba-3 domain. It can be clearly seen, after
reading this document, that combining Samba-specific parts of what's written below leads to trust
between domains in purely Samba environment.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3469"
>19.3.1. Samba-3 as the Trusting Domain</A
></H2
><P
>In order to set Samba PDC to be trusted party of the relationship first you need
to create special account for the domain that will be the trusting party. To do that,
you can use the 'smbpasswd' utility. Creating the trusted domain account is very
similiar to creating a trusted machine account. Suppose, your domain is
called SAMBA, and the remote domain is called RUMBA. The first step
will be to issue this command from your favourite shell:</P
><P
><PRE
CLASS="SCREEN"
> &nbsp;<SAMP
CLASS="PROMPT"
>deity#</SAMP
> <KBD
CLASS="USERINPUT"
>smbpasswd -a -i rumba</KBD
>
&nbsp; New SMB password: XXXXXXXX
&nbsp; Retype SMB password: XXXXXXXX
&nbsp; Added user rumba$</PRE
>
where <VAR
CLASS="PARAMETER"
>-a</VAR
> means to add a new account into the
passdb database and <VAR
CLASS="PARAMETER"
>-i</VAR
> means: ''create this
account with the InterDomain trust flag''</P
><P
>The account name will be 'rumba$' (the name of the remote domain)</P
><P
>After issuing this command you'll be asked to enter the password for
the account. You can use any password you want, but be aware that Windows NT will
not change this password until 7 days following account creation.
After the command returns successfully, you can look at the entry for new account
(in the way depending on your configuration) and see that account's name is
really RUMBA$ and it has 'I' flag in the flags field. Now you're ready to confirm
the trust by establishing it from Windows NT Server.</P
><P
>Open 'User Manager for Domains' and from menu 'Policies' select 'Trust Relationships...'.
Right beside 'Trusted domains' list box press 'Add...' button. You will be prompted for
the trusted domain name and the relationship password. Type in SAMBA, as this is
your domain name, and the password used at the time of account creation.
Press OK and, if everything went without incident, you will see 'Trusted domain relationship
successfully established' message.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3481"
>19.3.2. Samba-3 as the Trusted Domain</A
></H2
><P
>This time activities are somewhat reversed. Again, we'll assume that your domain
controlled by the Samba PDC is called SAMBA and NT-controlled domain is called RUMBA.</P
><P
>The very first thing requirement is to add an account for the SAMBA domain on RUMBA's PDC.</P
><P
>Launch the Domain User Manager, then from the menu select 'Policies', 'Trust Relationships'.
Now, next to 'Trusted Domains' box press the 'Add' button, and type in the name of the trusted
domain (SAMBA) and password securing the relationship.</P
><P
>The password can be arbitrarily chosen. It is easy to change it the password
from Samba server whenever you want. After confirming the password your account is
ready for use. Now it's Samba's turn.</P
><P
>Using your favourite shell while being logged in as root, issue this command:</P
><P
><SAMP
CLASS="PROMPT"
>deity# </SAMP
><KBD
CLASS="USERINPUT"
>net rpc trustdom establish rumba</KBD
></P
><P
>You will be prompted for the password you just typed on your Windows NT4 Server box.
Don not worry if you see an error message that mentions a returned code of
<SPAN
CLASS="ERRORNAME"
>NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT</SPAN
>. It means the
password you gave is correct and the NT4 Server says the account is
ready for interdomain connection and not for ordinary
connection. After that, be patient it can take a while (especially
in large networks), you should see the 'Success' message. Congratulations! Your trust
relationship has just been established.</P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Note that you have to run this command as root because you must have write access to
the <TT
CLASS="FILENAME"
>secrets.tdb</TT
> file.</P
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="profilemgmt.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="pam.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Desktop Profile Management</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>PAM Configuration for Centrally Managed Authentication</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

659
docs/htmldocs/introsmb.html Normal file
View File

@ -0,0 +1,659 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Introduction to Samba</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="General installation"
HREF="introduction.html"><LINK
REL="PREVIOUS"
TITLE="General installation"
HREF="introduction.html"><LINK
REL="NEXT"
TITLE="How to Install and Test SAMBA"
HREF="install.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="introduction.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="install.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="INTROSMB"
></A
>Chapter 1. Introduction to Samba</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>1.1. <A
HREF="introsmb.html#AEN61"
>Background</A
></DT
><DT
>1.2. <A
HREF="introsmb.html#AEN67"
>Terminology</A
></DT
><DT
>1.3. <A
HREF="introsmb.html#AEN91"
>Related Projects</A
></DT
><DT
>1.4. <A
HREF="introsmb.html#AEN100"
>SMB Methodology</A
></DT
><DT
>1.5. <A
HREF="introsmb.html#AEN115"
>Additional Resources</A
></DT
><DT
>1.6. <A
HREF="introsmb.html#AEN151"
>Epilogue</A
></DT
><DT
>1.7. <A
HREF="introsmb.html#AEN162"
>Miscellaneous</A
></DT
></DL
></DIV
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>"If you understand what you're doing, you're not learning anything."
-- Anonymous</I
></SPAN
></P
><P
>Samba is a file and print server for Windows-based clients using TCP/IP as the underlying
transport protocol. In fact, it can support any SMB/CIFS-enabled client. One of Samba's big
strengths is that you can use it to blend your mix of Windows and Linux machines together
without requiring a separate Windows NT/2000/2003 Server. Samba is actively being developed
by a global team of about 30 active programmers and was originally developed by Andrew Tridgell.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN61"
>1.1. Background</A
></H1
><P
>Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed
Computing Environment/Remote Procedure Calls and conceptually was a good idea. It was
originally developed by Apollo/HP as NCA 1.0 (Network Computing Architecture) and only
ran over UDP. When there was a need to run it over TCP so that it would be compatible
with DECnet 3.0, it was redesigned, submitted to The Open Group, and officially became
known as DCE/RPC. Microsoft came along and decided, rather than pay $20 per seat to
license this technology, to reimplement DCE/RPC themselves as MSRPC. From this, the
concept continued in the form of SMB (Server Message Block, or the "what") using the
NetBIOS (Network Basic Input/Output System, or the "how") compatibility layer. You can
run SMB (i.e., transport) over several different protocols; many different implementations
arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and NBT
(NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form
of implementation until the advance of "Direct-Hosted TCP" -- the Microsoft marketing
term for eliminating NetBIOS entirely and running SMB by itself across TCP port 445
only. As of yet, direct-hosted TCP has yet to catch on.</P
><P
>Perhaps the best summary of the origins of SMB are voiced in the 1997 article titled, CIFS:
Common Insecurities Fail Scrutiny:</P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba
stuff, a few MS knowledge-base articles, strings extracted from binaries, and packet dumps have
been dutifully waded through during the information-gathering stages of this project, and there
are *still* many missing pieces... While often tedious, at least the way has been generously
littered with occurrences of clapping hand to forehead and muttering 'crikey, what are they
thinking?</I
></SPAN
></P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN67"
>1.2. Terminology</A
></H1
><P
></P
><UL
><LI
><P
> SMB: Acronym for "Server Message Block". This is Microsoft's file and printer sharing protocol.
</P
></LI
><LI
><P
> CIFS: Acronym for "Common Internet File System". Around 1996, Microsoft apparently
decided that SMB needed the word "Internet" in it, so they changed it to CIFS.
</P
></LI
><LI
><P
> Direct-Hosted: A method of providing file/printer sharing services over port 445/tcp
only using DNS for name resolution instead of WINS.
</P
></LI
><LI
><P
> IPC: Acronym for "Inter-Process Communication". A method to communicate specific
information between programs.
</P
></LI
><LI
><P
> Marshalling: - A method of serializing (i.e., sequential ordering of) variable data
suitable for transmission via a network connection or storing in a file. The source
data can be re-created using a similar process called unmarshalling.
</P
></LI
><LI
><P
> NetBIOS: Acronym for "Network Basic Input/Output System". This is not a protocol;
it is a method of communication across an existing protocol. This is a standard which
was originally developed for IBM by Sytek in 1983. To exaggerate the analogy a bit,
it can help to think of this in comparison your computer's BIOS -- it controls the
essential functions of your input/output hardware -- whereas NetBIOS controls the
essential functions of your input/output traffic via the network. Again, this is a bit
of an exaggeration but it should help that paradigm shift. What is important to realize
is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically
brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second
thought; this will cause no end (and no doubt) of confusion.
</P
></LI
><LI
><P
> NetBEUI: Acronym for the "NetBIOS Extended User Interface". Unlike NetBIOS, NetBEUI
is a protocol, not a standard. It is also not routable, so traffic on one side of a
router will be unable to communicate with the other side. Understanding NetBEUI is
not essential to deciphering SMB; however it helps to point out that it is not the
same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally
referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver".
It is not often heard from these days.
</P
></LI
><LI
><P
> NBT: Acronym for "NetBIOS over TCP"; also known as "NetBT". Allows the continued use
of NetBIOS traffic proxied over TCP/IP. As a result, NetBIOS names are made
to IP addresses and NetBIOS name types are conceptually equivalent to TCP/IP ports.
This is how file and printer sharing are accomplished in Windows 95/98/ME. They
traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port 137,
NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service
(nbsession) via TCP port 139. All name resolution is done via WINS, NetBIOS broadcasts,
and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002
(Detailed specifications).
</P
></LI
><LI
><P
> W2K: Acronym for Windows 2000 Professional or Server
</P
></LI
><LI
><P
> W3K: Acronym for Windows 2003 Server
</P
></LI
></UL
><P
>If you plan on getting help, make sure to subscribe to the Samba Mailing List (available at
http://www.samba.org). Optionally, you could just search mailing.unix.samba at http://groups.google.com</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN91"
>1.3. Related Projects</A
></H1
><P
>Currently, there are two projects that are directly related to Samba: SMBFS and CIFS network
client file systems for Linux, both available in the Linux kernel itself.</P
><P
></P
><UL
><LI
><P
> SMBFS (Server Message Block File System) allows you to mount SMB shares (the protocol
that Microsoft Windows and OS/2 Lan Manager use to share files and printers
over local networks) and access them just like any other Unix directory. This is useful
if you just want to mount such filesystems without being a SMBFS server.
</P
></LI
><LI
><P
> CIFS (Common Internet File System) is the successor to SMB, and is actively being worked
on in the upcoming version of the Linux kernel. The intent of this module is to
provide advanced network file system functionality including support for dfs (heirarchical
name space), secure per-user session establishment, safe distributed caching (oplock),
optional packet signing, Unicode and other internationalization improvements, and optional
Winbind (nsswitch) integration.
</P
></LI
></UL
><P
>Again, it's important to note that these are implementations for client filesystems, and have
nothing to do with acting as a file and print server for SMB/CIFS clients.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN100"
>1.4. SMB Methodology</A
></H1
><P
>Traditionally, SMB uses UDP port 137 (NetBIOS name service, or netbios-ns),
UDP port 138 (NetBIOS datagram service, or netbios-dgm), and TCP port 139 (NetBIOS
session service, or netbios-ssn). Anyone looking at their network with a good
packet sniffer will be amazed at the amount of traffic generated by just opening
up a single file. In general, SMB sessions are established in the following order:</P
><P
></P
><UL
><LI
><P
> "TCP Connection" - establish 3-way handshake (connection) to port 139/tcp
or 445/tcp.
</P
></LI
><LI
><P
> "NetBIOS Session Request" - using the following "Calling Names": The local
machine's NetBIOS name plus the 16th character 0x00; The server's NetBIOS
name plus the 16th character 0x20
</P
></LI
><LI
><P
> "SMB Negotiate Protocol" - determine the protocol dialect to use, which will
be one of the following: PC Network Program 1.0 (Core) - share level security
mode only; Microsoft Networks 1.03 (Core Plus) - share level security
mode only; Lanman1.0 (LAN Manager 1.0) - uses Challenge/Response
Authentication; Lanman2.1 (LAN Manager 2.1) - uses Challenge/Response
Authentication; NT LM 0.12 (NT LM 0.12) - uses Challenge/Response
Authentication
</P
></LI
><LI
><P
> SMB Session Startup. Passwords are encrypted (or not) according to one of
the following methods: Null (no encryption); Cleartext (no encryption); LM
and NTLM; NTLM; NTLMv2
</P
></LI
><LI
><P
> SMB Tree Connect: Connect to a share name (e.g., \\servername\share); Connect
to a service type (e.g., IPC$ named pipe)
</P
></LI
></UL
><P
>A good way to examine this process in depth is to try out SecurityFriday's SWB program
at http://www.securityfriday.com/ToolDownload/SWB/swb_doc.html. It allows you to
walk through the establishment of a SMB/CIFS session step by step.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN115"
>1.5. Additional Resources</A
></H1
><P
></P
><UL
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>CIFS: Common Insecurities Fail Scrutiny</I
></SPAN
> by "Hobbit",
http://hr.uoregon.edu/davidrl/cifs.txt
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Doing the Samba on Windows</I
></SPAN
> by Financial Review,
http://afr.com/it/2002/10/01/FFXDF43AP6D.html
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Implementing CIFS</I
></SPAN
> by Christopher R. Hertel,
http://ubiqx.org/cifs/
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Just What Is SMB?</I
></SPAN
> by Richard Sharpe,
http://samba.anu.edu.au/cifs/docs/what-is-smb.html
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Opening Windows Everywhere</I
></SPAN
> by Mike Warfield,
http://www.linux-mag.com/1999-05/samba_01.html
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SMB HOWTO</I
></SPAN
> by David Wood,
http://www.tldp.org/HOWTO/SMB-HOWTO.html
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SMB/CIFS by The Root</I
></SPAN
> by "ledin",
http://www.phrack.org/phrack/60/p60-0x0b.txt
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>The Story of Samba</I
></SPAN
> by Christopher R. Hertel,
http://www.linux-mag.com/1999-09/samba_01.html
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>The Unofficial Samba HOWTO</I
></SPAN
> by David Lechnyr,
http://hr.uoregon.edu/davidrl/samba/
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Understanding the Network Neighborhood</I
></SPAN
> by Christopher R. Hertel,
http://www.linux-mag.com/2001-05/smb_01.html
</P
></LI
><LI
><P
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Using Samba as a PDC</I
></SPAN
> by Andrew Bartlett,
http://www.linux-mag.com/2002-02/samba_01.html
</P
></LI
></UL
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN151"
>1.6. Epilogue</A
></H1
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>"What's fundamentally wrong is that nobody ever had any taste when they
did it. Microsoft has been very much into making the user interface look good,
but internally it's just a complete mess. And even people who program for Microsoft
and who have had years of experience, just don't know how it works internally.
Worse, nobody dares change it. Nobody dares to fix bugs because it's such a
mess that fixing one bug might just break a hundred programs that depend on
that bug. And Microsoft isn't interested in anyone fixing bugs -- they're interested
in making money. They don't have anybody who takes pride in Windows 95 as an
operating system.</I
></SPAN
></P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>People inside Microsoft know it's a bad operating system and they still
continue obviously working on it because they want to get the next version out
because they want to have all these new features to sell more copies of the
system.</I
></SPAN
></P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>The problem with that is that over time, when you have this kind of approach,
and because nobody understands it, because nobody REALLY fixes bugs (other than
when they're really obvious), the end result is really messy. You can't trust
it because under certain circumstances it just spontaneously reboots or just
halts in the middle of something that shouldn't be strange. Normally it works
fine and then once in a blue moon for some completely unknown reason, it's dead,
and nobody knows why. Not Microsoft, not the experienced user and certainly
not the completely clueless user who probably sits there shivering thinking
"What did I do wrong?" when they didn't do anything wrong at all.</I
></SPAN
></P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>That's what's really irritating to me."</I
></SPAN
></P
><P
>-- Linus Torvalds, from an interview with BOOT Magazine, Sept 1998
(http://hr.uoregon.edu/davidrl/boot.txt)</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN162"
>1.7. Miscellaneous</A
></H1
><P
>This chapter was lovingly handcrafted on a Dell Latitude C400 laptop running Slackware Linux 9.0,
in case anyone asks.</P
><P
>This chapter is Copyright © 2003 David Lechnyr (david at lechnyr dot com).
Permission is granted to copy, distribute and/or modify this document under the terms
of the GNU Free Documentation License, Version 1.2 or any later version published by the Free
Software Foundation. A copy of the license is available at http://www.gnu.org/licenses/fdl.txt.</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="introduction.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="install.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>General installation</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="introduction.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>How to Install and Test SAMBA</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

356
docs/htmldocs/nt4migration.html Normal file
View File

@ -0,0 +1,356 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Migration from NT4 PDC to Samba-3 PDC</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="PREVIOUS"
TITLE="How to compile SAMBA"
HREF="compiling.html"><LINK
REL="NEXT"
TITLE="Portability"
HREF="portability.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="compiling.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="portability.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="NT4MIGRATION"
></A
>Chapter 28. Migration from NT4 PDC to Samba-3 PDC</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>28.1. <A
HREF="nt4migration.html#AEN4375"
>Planning and Getting Started</A
></DT
><DD
><DL
><DT
>28.1.1. <A
HREF="nt4migration.html#AEN4379"
>Objectives</A
></DT
><DT
>28.1.2. <A
HREF="nt4migration.html#AEN4405"
>Steps In Migration Process</A
></DT
></DL
></DD
><DT
>28.2. <A
HREF="nt4migration.html#AEN4408"
>Managing Samba-3 Domain Control</A
></DT
></DL
></DIV
><P
>This is a rough guide to assist those wishing to migrate from NT4 domain control to
Samba-3 based domain control.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4375"
>28.1. Planning and Getting Started</A
></H1
><P
>In the IT world there is often a saying that all problems are encountered because of
poor planning. The corrollary to this saying is that not all problems can be anticpated
and planned for. Then again, good planning will anticpate most show stopper type situations.</P
><P
>Those wishing to migrate from MS Windows NT4 domain control to a Samba-3 domain control
environment would do well to develop a detailed migration plan. So here are a few pointers to
help migration get under way.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4379"
>28.1.1. Objectives</A
></H2
><P
>The key objective for most organisations will be to make the migration from MS Windows NT4
to Samba-3 domain control as painless as possible. One of the challenges you may experience
in your migration process may well be one of convincing management that the new environment
should remain in place. Many who have introduced open source technologies have experienced
pressure to return to a Microsoft based platform solution at the first sign of trouble. </P
><P
>It is strongly advised that before attempting a migration to a Samba-3 controlled network
that every possible effort be made to gain all-round commitment to the change. Firstly, you
should know precisely <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>why</I
></SPAN
> the change is important for the organisation.
Possible motivations to make a change include:</P
><P
></P
><UL
><LI
><P
>Improve network manageability</P
></LI
><LI
><P
>Obtain better user level functionality</P
></LI
><LI
><P
>Reduce network operating costs</P
></LI
><LI
><P
>Reduce exposure caused by Microsoft withdrawal of NT4 support</P
></LI
><LI
><P
>Avoid MS License 6 implications</P
></LI
><LI
><P
>Reduce organisation's dependency on Microsoft</P
></LI
></UL
><P
>It is vital that oit be well recognised that Samba-3 is NOT MS Windows NT4. Samba-3 offers
an alternative solution that is both different from MS Windows NT4 and that offers some
advantages compared with it. It should also be recognised that Samba-3 lacks many of the
features that Microsoft has promoted as core values in migration from MS Windows NT4 to
MS Windows 2000 and beyond (with or without Active Directory services).</P
><P
>What are the features the Samba-3 can NOT provide?</P
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>Active Directory Server</TD
></TR
><TR
><TD
>Group Policy Objects (in Active Direcrtory)</TD
></TR
><TR
><TD
>Machine Policy objects</TD
></TR
><TR
><TD
>Logon Scripts in Active Directorty</TD
></TR
><TR
><TD
>Software Application and Access Controls in Active Directory</TD
></TR
></TBODY
></TABLE
><P
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4405"
>28.1.2. Steps In Migration Process</A
></H2
><P
>This is not a definitive ste-by-step process yet - just a place holder so the info
is not lost.
1. You will have an NT4 PDC that has the users, groups, policies and profiles to be migrated
2. Samba-3 set up as a DC with netlogon share, profile share, etc.
3. Process:
a. Create a BDC account for the samba server using NT Server Manager
- Samba must NOT be running
b. rpcclient NT4PDC -U Administrator%passwd
lsaquery
Note the SID returned by step b.
c. net getsid -S NT4PDC -w DOMNAME -U Administrator%passwd
Note the SID in step c.
d. net getlocalsid
Note the SID, now check that all three SIDS reported are the same!
e. net rpc join -S NT4PDC -w DOMNAME -U Administrator%passwd
f. net rpc vampire -S NT4PDC -U administrator%passwd
g. pdbedit -l
Note - did the users migrate?
h. initGrps.sh DOMNAME
i. smbgroupedit -v
Now check that all groups are recognised
j. net rpc campire -S NT4PDC -U administrator%passwd
k. pdbedit -lv
Note - check that all group membership has been migrated.
Now it is time to migrate all the profiles, then migrate all policy files.
Moe later.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4408"
>28.2. Managing Samba-3 Domain Control</A
></H1
><P
>Lots of blah blah here.</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="compiling.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="portability.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>How to compile SAMBA</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="appendixes.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Portability</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

261
docs/htmldocs/ntlm_auth.1.html Normal file
View File

@ -0,0 +1,261 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>ntlm_auth</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="NTLM-AUTH.1"
></A
>ntlm_auth</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>ntlm_auth&nbsp;--&nbsp;tool to allow external access to Winbind's NTLM authentication function</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>ntlm_auth</B
> [-d debuglevel] [-l logfile] [-s &#60;smb config file&#62;]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN14"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>Samba</SPAN
>(7)</SPAN
> suite.</P
><P
><B
CLASS="COMMAND"
>ntlm_auth</B
> is a helper utility that authenticates
users using NT/LM authentication. It returns 0 if the users is authenticated
successfully and 1 if access was denied. ntlm_auth uses winbind to access
the user and authentication data for a domain. This utility
is only to be used by other programs (currently squid).
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN22"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>--helper-protocol=PROTO</DT
><DD
><P
> Operate as a stdio-based helper
</P
></DD
><DT
>--username=USERNAME</DT
><DD
><P
> Specify username of user to authenticate
</P
></DD
><DT
>--domain=DOMAIN</DT
><DD
><P
> Specify domain of user to authenticate
</P
></DD
><DT
>--workstation=WORKSTATION</DT
><DD
><P
> Specify the workstation the user authenticated from
</P
></DD
><DT
>--challenge=STRING</DT
><DD
><P
>challenge (HEX encoded)</P
></DD
><DT
>--lm-response=RESPONSE</DT
><DD
><P
>LM Response to the challenge (HEX encoded)</P
></DD
><DT
>--nt-response=RESPONSE</DT
><DD
><P
>NT or NTLMv2 Response to the challenge (HEX encoded)</P
></DD
><DT
>--password=PASSWORD</DT
><DD
><P
>User's plaintext password</P
></DD
><DT
>--request-lm-key</DT
><DD
><P
>Retreive LM session key</P
></DD
><DT
>--request-nt-key</DT
><DD
><P
>Request NT key</P
></DD
><DT
>-V</DT
><DD
><P
>Prints the version number for
<B
CLASS="COMMAND"
>smbd</B
>.</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
><DD
><P
>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> for more information.
The default configuration file name is determined at
compile time.</P
></DD
><DT
>-d|--debug=debuglevel</DT
><DD
><P
><VAR
CLASS="REPLACEABLE"
>debuglevel</VAR
> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</P
><P
>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</P
><P
>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</P
><P
>Note that specifying this parameter here will
override the <A
HREF="smb.conf.5.html#loglevel"
TARGET="_top"
>log
level</A
> parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-l|--logfile=logbasename</DT
><DD
><P
>File name for log/debug files. The extension
<CODE
CLASS="CONSTANT"
>".client"</CODE
> will be appended. The log file is
never removed by the client.</P
></DD
><DT
>-h|--help</DT
><DD
><P
>Print a summary of command line options.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN96"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of the Samba
suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN99"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The ntlm_auth manpage was written by Jelmer Vernooij.</P
></DIV
></BODY
></HTML
>

758
docs/htmldocs/policymgmt.html Normal file
View File

@ -0,0 +1,758 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>System and Account Policies</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Advanced Network Manangement"
HREF="advancednetworkmanagement.html"><LINK
REL="NEXT"
TITLE="Desktop Profile Management"
HREF="profilemgmt.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="advancednetworkmanagement.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="profilemgmt.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="POLICYMGMT"
></A
>Chapter 17. System and Account Policies</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>17.1. <A
HREF="policymgmt.html#AEN2959"
>Creating and Managing System Policies</A
></DT
><DD
><DL
><DT
>17.1.1. <A
HREF="policymgmt.html#AEN2973"
>Windows 9x/Me Policies</A
></DT
><DT
>17.1.2. <A
HREF="policymgmt.html#AEN2985"
>Windows NT4 Style Policy Files</A
></DT
><DT
>17.1.3. <A
HREF="policymgmt.html#AEN3003"
>MS Windows 200x / XP Professional Policies</A
></DT
></DL
></DD
><DT
>17.2. <A
HREF="policymgmt.html#AEN3031"
>Managing Account/User Policies</A
></DT
><DD
><DL
><DT
>17.2.1. <A
HREF="policymgmt.html#AEN3046"
>With Windows NT4/200x</A
></DT
><DT
>17.2.2. <A
HREF="policymgmt.html#AEN3049"
>With a Samba PDC</A
></DT
></DL
></DD
><DT
>17.3. <A
HREF="policymgmt.html#AEN3053"
>System Startup and Logon Processing Overview</A
></DT
></DL
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2959"
>17.1. Creating and Managing System Policies</A
></H1
><P
>Under MS Windows platforms, particularly those following the release of MS Windows
NT4 and MS Windows 95) it is possible to create a type of file that would be placed
in the NETLOGON share of a domain controller. As the client logs onto the network
this file is read and the contents initiate changes to the registry of the client
machine. This file allows changes to be made to those parts of the registry that
affect users, groups of users, or machines.</P
><P
>For MS Windows 9x/Me this file must be called <TT
CLASS="FILENAME"
>Config.POL</TT
> and may
be generated using a tool called <TT
CLASS="FILENAME"
>poledit.exe</TT
>, better known as the
Policy Editor. The policy editor was provided on the Windows 98 installation CD, but
dissappeared again with the introduction of MS Windows Me (Millenium Edition). From
comments from MS Windows network administrators it would appear that this tool became
a part of the MS Windows Me Resource Kit.</P
><P
>MS Windows NT4 Server products include the <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>System Policy Editor</I
></SPAN
>
under the <TT
CLASS="FILENAME"
>Start -&#62; Programs -&#62; Administrative Tools</TT
> menu item.
For MS Windows NT4 and later clients this file must be called <TT
CLASS="FILENAME"
>NTConfig.POL</TT
>.</P
><P
>New with the introduction of MS Windows 2000 was the Microsoft Management Console
or MMC. This tool is the new wave in the ever changing landscape of Microsoft
methods for management of network access and security. Every new Microsoft product
or technology seems to obsolete the old rules and to introduce newer and more
complex tools and methods. To Microsoft's credit though, the MMC does appear to
be a step forward, but improved functionality comes at a great price.</P
><P
>Before embarking on the configuration of network and system policies it is highly
advisable to read the documentation available from Microsoft's web site regarding
<A
HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp"
TARGET="_top"
>Implementing Profiles and Policies in Windows NT 4.0 from http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp</A
> available from Microsoft.
There are a large number of documents in addition to this old one that should also
be read and understood. Try searching on the Microsoft web site for "Group Policies".</P
><P
>What follows is a very brief discussion with some helpful notes. The information provided
here is incomplete - you are warned.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2973"
>17.1.1. Windows 9x/Me Policies</A
></H2
><P
>You need the Win98 Group Policy Editor to set Group Profiles up under Windows 9x/Me.
It can be found on the Original full product Win98 installation CD under
<TT
CLASS="FILENAME"
>tools/reskit/netadmin/poledit</TT
>. Install this using the
Add/Remove Programs facility and then click on the 'Have Disk' tab.</P
><P
>Use the Group Policy Editor to create a policy file that specifies the location of
user profiles and/or the <TT
CLASS="FILENAME"
>My Documents</TT
> etc. stuff. Then
save these settings in a file called <TT
CLASS="FILENAME"
>Config.POL</TT
> that needs to
be placed in the root of the [NETLOGON] share. If Win98 is configured to log onto
the Samba Domain, it will automatically read this file and update the Win9x/Me registry
of the machine as it logs on.</P
><P
>Further details are covered in the Win98 Resource Kit documentation.</P
><P
>If you do not take the right steps, then every so often Win9x/Me will check the
integrity of the registry and will restore it's settings from the back-up
copy of the registry it stores on each Win9x/Me machine. Hence, you will
occasionally notice things changing back to the original settings.</P
><P
>Install the group policy handler for Win9x to pick up group policies. Look on the
Win98 CD in <TT
CLASS="FILENAME"
>\tools\reskit\netadmin\poledit</TT
>.
Install group policies on a Win9x client by double-clicking
<TT
CLASS="FILENAME"
>grouppol.inf</TT
>. Log off and on again a couple of times and see
if Win98 picks up group policies. Unfortunately this needs to be done on every
Win9x/Me machine that uses group policies.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2985"
>17.1.2. Windows NT4 Style Policy Files</A
></H2
><P
>To create or edit <TT
CLASS="FILENAME"
>ntconfig.pol</TT
> you must use the NT Server
Policy Editor, <B
CLASS="COMMAND"
>poledit.exe</B
> which is included with NT4 Server
but <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>not NT Workstation</I
></SPAN
>. There is a Policy Editor on a NT4
Workstation but it is not suitable for creating <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Domain Policies</I
></SPAN
>.
Further, although the Windows 95 Policy Editor can be installed on an NT4
Workstation/Server, it will not work with NT clients. However, the files from
the NT Server will run happily enough on an NT4 Workstation.</P
><P
>You need <TT
CLASS="FILENAME"
>poledit.exe, common.adm</TT
> and <TT
CLASS="FILENAME"
>winnt.adm</TT
>.
It is convenient to put the two *.adm files in the <TT
CLASS="FILENAME"
>c:\winnt\inf</TT
>
directory which is where the binary will look for them unless told otherwise. Note also that that
directory is normally 'hidden'.</P
><P
>The Windows NT policy editor is also included with the Service Pack 3 (and
later) for Windows NT 4.0. Extract the files using <B
CLASS="COMMAND"
>servicepackname /x</B
>,
i.e. that's <B
CLASS="COMMAND"
>Nt4sp6ai.exe /x</B
> for service pack 6a. The policy editor,
<B
CLASS="COMMAND"
>poledit.exe</B
> and the associated template files (*.adm) should
be extracted as well. It is also possible to downloaded the policy template
files for Office97 and get a copy of the policy editor. Another possible
location is with the Zero Administration Kit available for download from Microsoft.</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN3000"
>17.1.2.1. Registry Tattoos</A
></H3
><P
> With NT4 style registry based policy changes, a large number of settings are not
automatically reversed as the user logs off. Since the settings that were in the
NTConfig.POL file were applied to the client machine registry and that apply to the
hive key HKEY_LOCAL_MACHINE are permanent until explicitly reversed. This is known
as tattooing. It can have serious consequences down-stream and the administrator must
be extremely careful not to lock out the ability to manage the machine at a later date.
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3003"
>17.1.3. MS Windows 200x / XP Professional Policies</A
></H2
><P
>Windows NT4 System policies allows setting of registry parameters specific to
users, groups and computers (client workstations) that are members of the NT4
style domain. Such policy file will work with MS Windows 2000 / XP clients also.</P
><P
>New to MS Windows 2000 Microsoft introduced a new style of group policy that confers
a superset of capabilities compared with NT4 style policies. Obviously, the tool used
to create them is different, and the mechanism for implementing them is much changed.</P
><P
>The older NT4 style registry based policies are known as <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Administrative Templates</I
></SPAN
>
in MS Windows 2000/XP Group Policy Objects (GPOs). The later includes ability to set various security
configurations, enforce Internet Explorer browser settings, change and redirect aspects of the
users' desktop (including: the location of <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>My Documents</I
></SPAN
> files (directory), as
well as intrinsics of where menu items will appear in the Start menu). An additional new
feature is the ability to make available particular software Windows applications to particular
users and/or groups.</P
><P
>Remember: NT4 policy files are named <TT
CLASS="FILENAME"
>NTConfig.POL</TT
> and are stored in the root
of the NETLOGON share on the domain controllers. A Windows NT4 user enters a username, a password
and selects the domain name to which the logon will attempt to take place. During the logon
process the client machine reads the NTConfig.POL file from the NETLOGON share on the authenticating
server, modifies the local registry values according to the settings in this file.</P
><P
>Windows 2K GPOs are very feature rich. They are NOT stored in the NETLOGON share, rather part of
a Windows 200x policy file is stored in the Active Directory itself and the other part is stored
in a shared (and replicated) volume called the SYSVOL folder. This folder is present on all Active
Directory domain controllers. The part that is stored in the Active Directory itself is called the
group policy container (GPC), and the part that is stored in the replicated share called SYSVOL is
known as the group policy template (GPT).</P
><P
>With NT4 clients the policy file is read and executed upon only aas each user log onto the network.
MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine
startup (machine specific part) and when the user logs onto the network the user specific part
is applied. In MS Windows 200x style policy management each machine and/or user may be subject
to any number of concurently applicable (and applied) policy sets (GPOs). Active Directory allows
the administrator to also set filters over the policy settings. No such equivalent capability
exists with NT4 style policy files.</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN3014"
>17.1.3.1. Administration of Win2K / XP Policies</A
></H3
><DIV
CLASS="PROCEDURE"
><P
><B
>Instructions</B
></P
><P
>Instead of using the tool called "The System Policy Editor", commonly called Poledit (from the
executable name poledit.exe), GPOs are created and managed using a Microsoft Management Console
(MMC) snap-in as follows:</P
><OL
TYPE="1"
><LI
><P
>Go to the Windows 200x / XP menu <TT
CLASS="FILENAME"
>Start-&#62;Programs-&#62;Administrative Tools</TT
>
and select the MMC snap-in called "Active Directory Users and Computers"</P
></LI
><LI
><P
>Select the domain or organizational unit (OU) that you wish to manage, then right click
to open the context menu for that object, select the properties item.</P
></LI
><LI
><P
>Now left click on the Group Policy tab, then left click on the New tab. Type a name
for the new policy you will create.</P
></LI
><LI
><P
>Now left click on the Edit tab to commence the steps needed to create the GPO.</P
></LI
></OL
></DIV
><P
>All policy configuration options are controlled through the use of policy administrative
templates. These files have a .adm extension, both in NT4 as well as in Windows 200x / XP.
Beware however, since the .adm files are NOT interchangible across NT4 and Windows 200x.
The later introduces many new features as well as extended definition capabilities. It is
well beyond the scope of this documentation to explain how to program .adm files, for that
the adminsitrator is referred to the Microsoft Windows Resource Kit for your particular
version of MS Windows.</P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>The MS Windows 2000 Resource Kit contains a tool called gpolmig.exe. This tool can be used
to migrate an NT4 NTConfig.POL file into a Windows 200x style GPO. Be VERY careful how you
use this powerful tool. Please refer to the resource kit manuals for specific usage information.</P
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3031"
>17.2. Managing Account/User Policies</A
></H1
><P
>Policies can define a specific user's settings or the settings for a group of users. The resulting
policy file contains the registry settings for all users, groups, and computers that will be using
the policy file. Separate policy files for each user, group, or computer are not not necessary.</P
><P
>If you create a policy that will be automatically downloaded from validating domain controllers,
you should name the file NTconfig.POL. As system administrator, you have the option of renaming the
policy file and, by modifying the Windows NT-based workstation, directing the computer to update
the policy from a manual path. You can do this by either manually changing the registry or by using
the System Policy Editor. This path can even be a local path such that each machine has its own policy file,
but if a change is necessary to all machines, this change must be made individually to each workstation.</P
><P
>When a Windows NT4/200x/XP machine logs onto the network the NETLOGON share on the authenticating domain
controller for the presence of the NTConfig.POL file. If one exists it is downloaded, parsed and then
applied to the user's part of the registry.</P
><P
>MS Windows 200x/XP clients that log onto an MS Windows Active Directory security domain may additionally,
acquire policy settings through Group Policy Objects (GPOs) that are defined and stored in Active Directory
itself. The key benefit of using AS GPOs is that they impose no registry <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>tatooing</I
></SPAN
> effect.
This has considerable advanage compared with the use of NTConfig.POL (NT4) style policy updates.</P
><P
>Inaddition to user access controls that may be imposed or applied via system and/or group policies
in a manner that works in conjunction with user profiles, the user management environment under
MS Windows NT4/200x/XP allows per domain as well as per user account restrictions to be applied.
Common restrictions that are frequently used includes:</P
><P
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>Logon Hours</TD
></TR
><TR
><TD
>Password Aging</TD
></TR
><TR
><TD
>Permitted Logon from certain machines only</TD
></TR
><TR
><TD
>Account type (Local or Global)</TD
></TR
><TR
><TD
>User Rights</TD
></TR
></TBODY
></TABLE
><P
></P
></P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3046"
>17.2.1. With Windows NT4/200x</A
></H2
><P
>The tools that may be used to configure these types of controls from the MS Windows environment are:
The NT4 User Manager for domains, the NT4 System and Group Policy Editor, the registry editor (regedt32.exe).
Under MS Windows 200x/XP this is done using the Microsoft Managment Console (MMC) with approapriate
"snap-ins", the registry editor, and potentially also the NT4 System and Group Policy Editor.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3049"
>17.2.2. With a Samba PDC</A
></H2
><P
>With a Samba Domain Controller, the new tools for managing of user account and policy information includes:
<TT
CLASS="FILENAME"
>smbpasswd, pdbedit, smbgroupedit, net, rpcclient.</TT
>. The administrator should read the
man pages for these tools and become familiar with their use.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3053"
>17.3. System Startup and Logon Processing Overview</A
></H1
><P
>The following attempts to document the order of processing of system and user policies following a system
reboot and as part of the user logon:</P
><P
></P
><OL
TYPE="1"
><LI
><P
> Network starts, then Remote Procedure Call System Service (RPCSS) and Multiple Universal Naming
Convention Provider (MUP) start
</P
></LI
><LI
><P
> Where Active Directory is involved, an ordered list of Group Policy Objects (GPOs) is downloaded
and applied. The list may include GPOs that:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>Apply to the location of machines in a Directory</TD
></TR
><TR
><TD
>Apply only when settings have changed</TD
></TR
><TR
><TD
>Depend on configuration of scope of applicability: local, site, domain, organizational unit, etc.</TD
></TR
></TBODY
></TABLE
><P
></P
>
No desktop user interface is presented until the above have been processed.
</P
></LI
><LI
><P
> Execution of start-up scripts (hidden and synchronous by defaut).
</P
></LI
><LI
><P
> A keyboard action to affect start of logon (Ctrl-Alt-Del).
</P
></LI
><LI
><P
> User credentials are validated, User profile is loaded (depends on policy settings).
</P
></LI
><LI
><P
> An ordered list of User GPOs is obtained. The list contents depends on what is configured in respsect of:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>Is user a domain member, thus subject to particular policies</TD
></TR
><TR
><TD
>Loopback enablement, and the state of the loopback policy (Merge or Replace)</TD
></TR
><TR
><TD
>Location of the Active Directory itself</TD
></TR
><TR
><TD
>Has the list of GPOs changed. No processing is needed if not changed.</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
></LI
><LI
><P
> User Policies are applied from Active Directory. Note: There are several types.
</P
></LI
><LI
><P
> Logon scripts are run. New to Win2K and Active Directory, logon scripts may be obtained based on Group
Policy objects (hidden and executed synchronously). NT4 style logon scripts are then run in a normal
window.
</P
></LI
><LI
><P
> The User Interface as determined from the GPOs is presented. Note: In a Samba domain (like and NT4
Domain) machine (system) policies are applied at start-up, User policies are applied at logon.
</P
></LI
></OL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="advancednetworkmanagement.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="profilemgmt.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Advanced Network Manangement</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Desktop Profile Management</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

560
docs/htmldocs/problems.html Normal file
View File

@ -0,0 +1,560 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Analysing and solving samba problems</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="PREVIOUS"
TITLE="The samba checklist"
HREF="diagnosis.html"><LINK
REL="NEXT"
TITLE="Reporting Bugs"
HREF="bugreport.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="diagnosis.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="bugreport.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="PROBLEMS"
></A
>Chapter 34. Analysing and solving samba problems</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>34.1. <A
HREF="problems.html#AEN4983"
>Diagnostics tools</A
></DT
><DT
>34.2. <A
HREF="problems.html#AEN4998"
>Installing 'Network Monitor' on an NT Workstation or a Windows 9x box</A
></DT
><DT
>34.3. <A
HREF="problems.html#AEN5027"
>Useful URL's</A
></DT
><DT
>34.4. <A
HREF="problems.html#AEN5051"
>Getting help from the mailing lists</A
></DT
><DT
>34.5. <A
HREF="problems.html#AEN5081"
>How to get off the mailinglists</A
></DT
></DL
></DIV
><P
>There are many sources of information available in the form
of mailing lists, RFC's and documentation. The docs that come
with the samba distribution contain very good explanations of
general SMB topics such as browsing.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4983"
>34.1. Diagnostics tools</A
></H1
><P
>One of the best diagnostic tools for debugging problems is Samba itself.
You can use the -d option for both smbd and nmbd to specify what
'debug level' at which to run. See the man pages on smbd, nmbd and
smb.conf for more information on debugging options. The debug
level can range from 1 (the default) to 10 (100 for debugging passwords).</P
><P
>Another helpful method of debugging is to compile samba using the
<B
CLASS="COMMAND"
>gcc -g </B
> flag. This will include debug
information in the binaries and allow you to attach gdb to the
running smbd / nmbd process. In order to attach gdb to an smbd
process for an NT workstation, first get the workstation to make the
connection. Pressing ctrl-alt-delete and going down to the domain box
is sufficient (at least, on the first time you join the domain) to
generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation
maintains an open connection, and therefore there will be an smbd
process running (assuming that you haven't set a really short smbd
idle timeout) So, in between pressing ctrl alt delete, and actually
typing in your password, you can gdb attach and continue.</P
><P
>Some useful samba commands worth investigating:</P
><P
></P
><UL
><LI
><P
>testparam | more</P
></LI
><LI
><P
>smbclient -L //{netbios name of server}</P
></LI
></UL
><P
>An SMB enabled version of tcpdump is available from
<A
HREF="http://www.tcpdump.org/"
TARGET="_top"
>http://www.tcpdup.org/</A
>.
Ethereal, another good packet sniffer for Unix and Win32
hosts, can be downloaded from <A
HREF="http://www.ethereal.com/"
TARGET="_top"
>http://www.ethereal.com</A
>.</P
><P
>For tracing things on the Microsoft Windows NT, Network Monitor
(aka. netmon) is available on the Microsoft Developer Network CD's,
the Windows NT Server install CD and the SMS CD's. The version of
netmon that ships with SMS allows for dumping packets between any two
computers (i.e. placing the network interface in promiscuous mode).
The version on the NT Server install CD will only allow monitoring
of network traffic directed to the local NT box and broadcasts on the
local subnet. Be aware that Ethereal can read and write netmon
formatted files.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4998"
>34.2. Installing 'Network Monitor' on an NT Workstation or a Windows 9x box</A
></H1
><P
>Installing netmon on an NT workstation requires a couple
of steps. The following are for installing Netmon V4.00.349, which comes
with Microsoft Windows NT Server 4.0, on Microsoft Windows NT
Workstation 4.0. The process should be similar for other version of
Windows NT / Netmon. You will need both the Microsoft Windows
NT Server 4.0 Install CD and the Workstation 4.0 Install CD.</P
><P
>Initially you will need to install 'Network Monitor Tools and Agent'
on the NT Server. To do this </P
><P
></P
><UL
><LI
><P
>Goto Start - Settings - Control Panel -
Network - Services - Add </P
></LI
><LI
><P
>Select the 'Network Monitor Tools and Agent' and
click on 'OK'.</P
></LI
><LI
><P
>Click 'OK' on the Network Control Panel.
</P
></LI
><LI
><P
>Insert the Windows NT Server 4.0 install CD
when prompted.</P
></LI
></UL
><P
>At this point the Netmon files should exist in
<TT
CLASS="FILENAME"
>%SYSTEMROOT%\System32\netmon\*.*</TT
>.
Two subdirectories exist as well, <TT
CLASS="FILENAME"
>parsers\</TT
>
which contains the necessary DLL's for parsing the netmon packet
dump, and <TT
CLASS="FILENAME"
>captures\</TT
>.</P
><P
>In order to install the Netmon tools on an NT Workstation, you will
first need to install the 'Network Monitor Agent' from the Workstation
install CD.</P
><P
></P
><UL
><LI
><P
>Goto Start - Settings - Control Panel -
Network - Services - Add</P
></LI
><LI
><P
>Select the 'Network Monitor Agent' and click
on 'OK'.</P
></LI
><LI
><P
>Click 'OK' on the Network Control Panel.
</P
></LI
><LI
><P
>Insert the Windows NT Workstation 4.0 install
CD when prompted.</P
></LI
></UL
><P
>Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.*
to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set
permissions as you deem appropriate for your site. You will need
administrative rights on the NT box to run netmon.</P
><P
>To install Netmon on a Windows 9x box install the network monitor agent
from the Windows 9x CD (\admin\nettools\netmon). There is a readme
file located with the netmon driver files on the CD if you need
information on how to do this. Copy the files from a working
Netmon installation.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN5027"
>34.3. Useful URL's</A
></H1
><P
></P
><UL
><LI
><P
>Home of Samba site <A
HREF="http://samba.org"
TARGET="_top"
> http://samba.org</A
>. We have a mirror near you !</P
></LI
><LI
><P
> The <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Development</I
></SPAN
> document
on the Samba mirrors might mention your problem. If so,
it might mean that the developers are working on it.</P
></LI
><LI
><P
>See how Scott Merrill simulates a BDC behavior at
<A
HREF="http://www.skippy.net/linux/smb-howto.html"
TARGET="_top"
> http://www.skippy.net/linux/smb-howto.html</A
>. </P
></LI
><LI
><P
>Although 2.0.7 has almost had its day as a PDC, David Bannon will
keep the 2.0.7 PDC pages at <A
HREF="http://bioserve.latrobe.edu.au/samba"
TARGET="_top"
> http://bioserve.latrobe.edu.au/samba</A
> going for a while yet.</P
></LI
><LI
><P
>Misc links to CIFS information
<A
HREF="http://samba.org/cifs/"
TARGET="_top"
>http://samba.org/cifs/</A
></P
></LI
><LI
><P
>NT Domains for Unix <A
HREF="http://mailhost.cb1.com/~lkcl/ntdom/"
TARGET="_top"
> http://mailhost.cb1.com/~lkcl/ntdom/</A
></P
></LI
><LI
><P
>FTP site for older SMB specs:
<A
HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/"
TARGET="_top"
> ftp://ftp.microsoft.com/developr/drg/CIFS/</A
></P
></LI
></UL
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN5051"
>34.4. Getting help from the mailing lists</A
></H1
><P
>There are a number of Samba related mailing lists. Go to <A
HREF="http://samba.org"
TARGET="_top"
>http://samba.org</A
>, click on your nearest mirror
and then click on <B
CLASS="COMMAND"
>Support</B
> and then click on <B
CLASS="COMMAND"
>Samba related mailing lists</B
>.</P
><P
>For questions relating to Samba TNG go to
<A
HREF="http://www.samba-tng.org/"
TARGET="_top"
>http://www.samba-tng.org/</A
>
It has been requested that you don't post questions about Samba-TNG to the
main stream Samba lists.</P
><P
>If you post a message to one of the lists please observe the following guide lines :</P
><P
></P
><UL
><LI
><P
> Always remember that the developers are volunteers, they are
not paid and they never guarantee to produce a particular feature at
a particular time. Any time lines are 'best guess' and nothing more.</P
></LI
><LI
><P
> Always mention what version of samba you are using and what
operating system its running under. You should probably list the
relevant sections of your <TT
CLASS="FILENAME"
>smb.conf</TT
> file, at least the options
in [global] that affect PDC support.</P
></LI
><LI
><P
>In addition to the version, if you obtained Samba via
CVS mention the date when you last checked it out.</P
></LI
><LI
><P
> Try and make your question clear and brief, lots of long,
convoluted questions get deleted before they are completely read !
Don't post html encoded messages (if you can select colour or font
size its html).</P
></LI
><LI
><P
> If you run one of those nifty 'I'm on holidays' things when
you are away, make sure its configured to not answer mailing lists.</P
></LI
><LI
><P
> Don't cross post. Work out which is the best list to post to
and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
Many people active on the lists subscribe to more
than one list and get annoyed to see the same message two or more times.
Often someone will see a message and thinking it would be better dealt
with on another, will forward it on for you.</P
></LI
><LI
><P
>You might include <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>partial</I
></SPAN
>
log files written at a debug level set to as much as 20.
Please don't send the entire log but enough to give the context of the
error messages.</P
></LI
><LI
><P
>(Possibly) If you have a complete netmon trace ( from the opening of
the pipe to the error ) you can send the *.CAP file as well.</P
></LI
><LI
><P
>Please think carefully before attaching a document to an email.
Consider pasting the relevant parts into the body of the message. The samba
mailing lists go to a huge number of people, do they all need a copy of your
smb.conf in their attach directory?</P
></LI
></UL
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN5081"
>34.5. How to get off the mailinglists</A
></H1
><P
>To have your name removed from a samba mailing list, go to the
same place you went to to get on it. Go to <A
HREF="http://lists.samba.org/"
TARGET="_top"
>http://lists.samba.org</A
>,
click on your nearest mirror and then click on <B
CLASS="COMMAND"
>Support</B
> and
then click on <B
CLASS="COMMAND"
> Samba related mailing lists</B
>. Or perhaps see
<A
HREF="http://lists.samba.org/mailman/roster/samba-ntdom"
TARGET="_top"
>here</A
></P
><P
>Please don't post messages to the list asking to be removed, you will just
be referred to the above address (unless that process failed in some way...)</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="diagnosis.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="bugreport.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>The samba checklist</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="appendixes.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Reporting Bugs</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

1753
docs/htmldocs/profilemgmt.html Normal file
View File

File diff suppressed because it is too large Load Diff

139
docs/htmldocs/profiles.1.html Normal file
View File

@ -0,0 +1,139 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>profiles</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="PROFILES.1"
></A
>profiles</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>profiles&nbsp;--&nbsp;A utility to report and change SIDs in registry files
</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>profiles</B
> [-v] [-c SID] [-n SID] {file}</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN15"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>Samba</SPAN
>(7)</SPAN
> suite.</P
><P
><B
CLASS="COMMAND"
>profiles</B
> is a utility that
reports and changes SIDs in windows registry files. It currently only
supports NT.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN23"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>file</DT
><DD
><P
>Registry file to view or edit. </P
></DD
><DT
>-v,--verbose</DT
><DD
><P
>Increases verbosity of messages.
</P
></DD
><DT
>-c SID1 -n SID2</DT
><DD
><P
>Change all occurences of SID1 in <TT
CLASS="FILENAME"
>file</TT
> by SID2.
</P
></DD
><DT
>-h|--help</DT
><DD
><P
>Print a summary of command line options.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN43"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of the Samba
suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN46"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The profiles man page was written by Jelmer Vernooij. </P
></DIV
></BODY
></HTML
>

368
docs/htmldocs/servertype.html Normal file
View File

@ -0,0 +1,368 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Nomenclature of Server Types</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Type of installation"
HREF="type.html"><LINK
REL="PREVIOUS"
TITLE="Type of installation"
HREF="type.html"><LINK
REL="NEXT"
TITLE="Samba as Stand-Alone Server"
HREF="securitylevels.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="type.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="securitylevels.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="SERVERTYPE"
></A
>Chapter 5. Nomenclature of Server Types</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>5.1. <A
HREF="servertype.html#AEN847"
>Stand Alone Server</A
></DT
><DT
>5.2. <A
HREF="servertype.html#AEN854"
>Domain Member Server</A
></DT
><DT
>5.3. <A
HREF="servertype.html#AEN860"
>Domain Controller</A
></DT
></DL
></DIV
><P
>Adminstrators of Microsoft networks often refer to there being three
different type of servers:</P
><P
></P
><UL
><LI
><P
>Stand Alone Server</P
></LI
><LI
><P
>Domain Member Server</P
></LI
><LI
><P
>Domain Controller</P
><P
></P
><UL
><LI
><P
>Primary Domain Controller</P
></LI
><LI
><P
>Backup Domain Controller</P
></LI
><LI
><P
>ADS Domain Controller</P
></LI
></UL
></LI
></UL
><P
>A network administrator who is familiar with these terms and who
wishes to migrate to or use Samba will want to know what these terms mean
within a Samba context.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN847"
>5.1. Stand Alone Server</A
></H1
><P
>The term <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>stand alone server</I
></SPAN
> means that the server
will provide local authentication and access control for all resources
that are available from it. In general this means that there will be a
local user database. In more technical terms, it means that resources
on the machine will either be made available in either SHARE mode or in
USER mode. SHARE mode and USER mode security are documented under
discussions regarding "security mode". The smb.conf configuration parameters
that control security mode are: "security = user" and "security = share".</P
><P
>No special action is needed other than to create user accounts. Stand-alone
servers do NOT provide network logon services, meaning that machines that
use this server do NOT perform a domain logon but instead make use only of
the MS Windows logon which is local to the MS Windows workstation/server.</P
><P
>Samba tends to blur the distinction a little in respect of what is
a stand alone server. This is because the authentication database may be
local or on a remote server, even if from the samba protocol perspective
the samba server is NOT a member of a domain security context.</P
><P
>Through the use of PAM (Pluggable Authentication Modules) and nsswitch
(the name service switcher) the source of authentication may reside on
another server. We would be inclined to call this the authentication server.
This means that the samba server may use the local Unix/Linux system
password database (/etc/passwd or /etc/shadow), may use a local smbpasswd
file (/etc/samba/smbpasswd or /usr/local/samba/lib/private/smbpasswd), or
may use an LDAP back end, or even via PAM and Winbind another CIFS/SMB
server for authentication.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN854"
>5.2. Domain Member Server</A
></H1
><P
>This mode of server operation involves the samba machine being made a member
of a domain security context. This means by definition that all user authentication
will be done from a centrally defined authentication regime. The authentication
regime may come from an NT3/4 style (old domain technology) server, or it may be
provided from an Active Directory server (ADS) running on MS Windows 2000 or later.</P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Of course it should be clear that the authentication back end itself could be from any
distributed directory architecture server that is supported by Samba. This can be
LDAP (from OpenLDAP), or Sun's iPlanet, of NetWare Directory Server, etc.</I
></SPAN
></P
><P
>Please refer to the section on Howto configure Samba as a Primary Domain Controller
and for more information regarding how to create a domain machine account for a
domain member server as well as for information regading how to enable the samba
domain member machine to join the domain and to be fully trusted by it.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN860"
>5.3. Domain Controller</A
></H1
><P
>Over the years public perceptions of what Domain Control really is has taken on an
almost mystical nature. Before we branch into a brief overview of what Domain Control
is the following types of controller are known:</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN863"
>5.3.1. Domain Controller Types</A
></H2
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>Primary Domain Controller</TD
></TR
><TR
><TD
>Backup Domain Controller</TD
></TR
><TR
><TD
>ADS Domain Controller</TD
></TR
></TBODY
></TABLE
><P
></P
><P
>The <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Primary Domain Controller</I
></SPAN
> or PDC plays an important role in the MS
Windows NT3 and NT4 Domain Control architecture, but not in the manner that so many
expect. The PDC seeds the Domain Control database (a part of the Windows registry) and
it plays a key part in synchronisation of the domain authentication database. </P
><P
>New to Samba-3.0.0 is the ability to use a back-end file that holds the same type of data as
the NT4 style SAM (Security Account Manager) database (one of the registry files).
The samba-3.0.0 SAM can be specified via the smb.conf file parameter "passwd backend" and
valid options include <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
> smbpasswd tdbsam ldapsam nisplussam plugin unixsam</I
></SPAN
>.
The smbpasswd, tdbsam and ldapsam options can have a "_nua" suffix to indicate that No Unix
Accounts need to be created. In other words, the Samba SAM will be independant of Unix/Linux
system accounts, provided a uid range is defined from which SAM accounts can be created.</P
><P
>The <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Backup Domain Controller</I
></SPAN
> or BDC plays a key role in servicing network
authentication requests. The BDC is biased to answer logon requests so that on a network segment
that has a BDC and a PDC the BDC will be most likely to service network logon requests. The PDC will
answer network logon requests when the BDC is too busy (high load). A BDC can be promoted to
a PDC. If the PDC is on line at the time that the BDC is promoted to PDC the previous PDC is
automatically demoted to a BDC.</P
><P
>At this time Samba is NOT capable of acting as an <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>ADS Domain Controller</I
></SPAN
>.</P
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="type.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="securitylevels.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Type of installation</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="type.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Samba as Stand-Alone Server</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

391
docs/htmldocs/smbcquotas.1.html Normal file
View File

@ -0,0 +1,391 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbcquotas</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBCQUOTAS.1"
></A
>smbcquotas</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbcquotas&nbsp;--&nbsp;Set or get QUOTAs of NTFS 5 shares</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbcquotas</B
> {//server/share} [-u user] [-L] [-F] [-S QUOTA_SET_COMMAND] [-n] [-t] [-v] [-d debuglevel] [-s configfile] [-l logfilebase] [-V] [-U username] [-N] [-k] [-A]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN27"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>Samba</SPAN
>(7)</SPAN
> suite.</P
><P
>The <B
CLASS="COMMAND"
>smbcquotas</B
> program manipulates NT Quotas on SMB file shares. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN35"
></A
><H2
>OPTIONS</H2
><P
>The following options are available to the <B
CLASS="COMMAND"
>smbcquotas</B
> program. </P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-u user</DT
><DD
><P
> Specifies the user of whom the quotas are get or set.
By default the current user's username will be used.</P
></DD
><DT
>-L</DT
><DD
><P
>Lists all quota records of the share.</P
></DD
><DT
>-F</DT
><DD
><P
>Show the share quota status and default limits.</P
></DD
><DT
>-S QUOTA_SET_COMMAND</DT
><DD
><P
>This command set/modify quotas for a user or on the share,
depending on the QUOTA_SET_COMMAND parameter witch is described later</P
></DD
><DT
>-n</DT
><DD
><P
>This option displays all QUOTA information in numeric
format. The default is to convert SIDs to names and QUOTA limits
to a readable string format. </P
></DD
><DT
>-t</DT
><DD
><P
> Don't actually do anything, only validate the correctness of
the arguments.
</P
></DD
><DT
>-v</DT
><DD
><P
> Be verbose.
</P
></DD
><DT
>-h|--help</DT
><DD
><P
>Print a summary of command line options.</P
></DD
><DT
>-V</DT
><DD
><P
>Prints the version number for
<B
CLASS="COMMAND"
>smbd</B
>.</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
><DD
><P
>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> for more information.
The default configuration file name is determined at
compile time.</P
></DD
><DT
>-d|--debug=debuglevel</DT
><DD
><P
><VAR
CLASS="REPLACEABLE"
>debuglevel</VAR
> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</P
><P
>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</P
><P
>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</P
><P
>Note that specifying this parameter here will
override the <A
HREF="smb.conf.5.html#loglevel"
TARGET="_top"
>log
level</A
> parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-l|--logfile=logbasename</DT
><DD
><P
>File name for log/debug files. The extension
<CODE
CLASS="CONSTANT"
>".client"</CODE
> will be appended. The log file is
never removed by the client.</P
></DD
><DT
>-N</DT
><DD
><P
>If specified, this parameter suppresses the normal
password prompt from the client to the user. This is useful when
accessing a service that does not require a password. </P
><P
>Unless a password is specified on the command line or
this parameter is specified, the client will request a
password.</P
></DD
><DT
>-k</DT
><DD
><P
>Try to authenticate with kerberos. Only useful in
an Active Directory environment.</P
></DD
><DT
>-A|--authfile=filename</DT
><DD
><P
>This option allows
you to specify a file from which to read the username and
password used in the connection. The format of the file is</P
><P
><PRE
CLASS="PROGRAMLISTING"
>username = &#60;value&#62;
password = &#60;value&#62;
domain = &#60;value&#62;</PRE
></P
><P
>Make certain that the permissions on the file restrict
access from unwanted users. </P
></DD
><DT
>-U|--user=username[%password]</DT
><DD
><P
>Sets the SMB username or username and password. </P
><P
>If %password is not specified, the user will be prompted. The
client will first check the <VAR
CLASS="ENVAR"
>USER</VAR
> environment variable, then the
<VAR
CLASS="ENVAR"
>LOGNAME</VAR
> variable and if either exists, the
string is uppercased. If these environmental variables are not
found, the username <CODE
CLASS="CONSTANT"
>GUEST</CODE
> is used. </P
><P
>A third option is to use a credentials file which
contains the plaintext of the username and password. This
option is mainly provided for scripts where the admin does not
wish to pass the credentials on the command line or via environment
variables. If this method is used, make certain that the permissions
on the file restrict access from unwanted users. See the
<VAR
CLASS="PARAMETER"
>-A</VAR
> for more details. </P
><P
>Be cautious about including passwords in scripts. Also, on
many systems the command line of a running process may be seen
via the <B
CLASS="COMMAND"
>ps</B
> command. To be safe always allow
<B
CLASS="COMMAND"
>rpcclient</B
> to prompt for a password and type
it in directly. </P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN128"
></A
><H2
>QUOTA_SET_COMAND</H2
><P
>The format of an ACL is one or more ACL entries separated by
either commas or newlines. An ACL entry is one of the following: </P
><P
> for user setting quotas for the specified by -u or the current username:
</P
><P
><KBD
CLASS="USERINPUT"
> UQLIM:&#60;username&#62;&#60;softlimit&#62;&#60;hardlimit&#62;
</KBD
></P
><P
> for setting the share quota defaults limits:
</P
><P
><KBD
CLASS="USERINPUT"
> FSQLIM:&#60;softlimit&#62;&#60;hardlimit&#62;
</KBD
></P
><P
> for changing the share quota settings:
</P
><P
><KBD
CLASS="USERINPUT"
> FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT
</KBD
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN140"
></A
><H2
>EXIT STATUS</H2
><P
>The <B
CLASS="COMMAND"
>smbcquotas</B
> program sets the exit status
depending on the success or otherwise of the operations performed.
The exit status may be one of the following values. </P
><P
>If the operation succeeded, smbcquotas returns an exit
status of 0. If <B
CLASS="COMMAND"
>smbcquotas</B
> couldn't connect to the specified server,
or when there was an error getting or setting the quota(s), an exit status
of 1 is returned. If there was an error parsing any command line
arguments, an exit status of 2 is returned. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN146"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN149"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
><B
CLASS="COMMAND"
>smbcacls</B
> was written by Stefan Metzmacher.</P
></DIV
></BODY
></HTML
>

304
docs/htmldocs/smbtree.1.html Normal file
View File

@ -0,0 +1,304 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbtree</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBTREE.1"
></A
>smbtree</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbtree&nbsp;--&nbsp;A text based smb network browser
</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbtree</B
> [-b] [-D] [-S]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN14"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>Samba</SPAN
>(7)</SPAN
> suite.</P
><P
><B
CLASS="COMMAND"
>smbtree</B
> is a smb browser program
in text mode. It is similar to the "Network Neighborhood" found
on Windows computers. It prints a tree with all
the known domains, the servers in those domains and
the shares on the servers.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN22"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-b</DT
><DD
><P
>Query network nodes by sending requests
as broadcasts instead of querying the (domain) master browser.
</P
></DD
><DT
>-D</DT
><DD
><P
>Only print a list of all
the domains known on broadcast or by the
master browser</P
></DD
><DT
>-S</DT
><DD
><P
>Only print a list of
all the domains and servers responding on broadcast or
known by the master browser.
</P
></DD
><DT
>-V</DT
><DD
><P
>Prints the version number for
<B
CLASS="COMMAND"
>smbd</B
>.</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
><DD
><P
>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> for more information.
The default configuration file name is determined at
compile time.</P
></DD
><DT
>-d|--debug=debuglevel</DT
><DD
><P
><VAR
CLASS="REPLACEABLE"
>debuglevel</VAR
> is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.</P
><P
>The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.</P
><P
>Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</P
><P
>Note that specifying this parameter here will
override the <A
HREF="smb.conf.5.html#loglevel"
TARGET="_top"
>log
level</A
> parameter in the <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-l|--logfile=logbasename</DT
><DD
><P
>File name for log/debug files. The extension
<CODE
CLASS="CONSTANT"
>".client"</CODE
> will be appended. The log file is
never removed by the client.</P
></DD
><DT
>-N</DT
><DD
><P
>If specified, this parameter suppresses the normal
password prompt from the client to the user. This is useful when
accessing a service that does not require a password. </P
><P
>Unless a password is specified on the command line or
this parameter is specified, the client will request a
password.</P
></DD
><DT
>-k</DT
><DD
><P
>Try to authenticate with kerberos. Only useful in
an Active Directory environment.</P
></DD
><DT
>-A|--authfile=filename</DT
><DD
><P
>This option allows
you to specify a file from which to read the username and
password used in the connection. The format of the file is</P
><P
><PRE
CLASS="PROGRAMLISTING"
>username = &#60;value&#62;
password = &#60;value&#62;
domain = &#60;value&#62;</PRE
></P
><P
>Make certain that the permissions on the file restrict
access from unwanted users. </P
></DD
><DT
>-U|--user=username[%password]</DT
><DD
><P
>Sets the SMB username or username and password. </P
><P
>If %password is not specified, the user will be prompted. The
client will first check the <VAR
CLASS="ENVAR"
>USER</VAR
> environment variable, then the
<VAR
CLASS="ENVAR"
>LOGNAME</VAR
> variable and if either exists, the
string is uppercased. If these environmental variables are not
found, the username <CODE
CLASS="CONSTANT"
>GUEST</CODE
> is used. </P
><P
>A third option is to use a credentials file which
contains the plaintext of the username and password. This
option is mainly provided for scripts where the admin does not
wish to pass the credentials on the command line or via environment
variables. If this method is used, make certain that the permissions
on the file restrict access from unwanted users. See the
<VAR
CLASS="PARAMETER"
>-A</VAR
> for more details. </P
><P
>Be cautious about including passwords in scripts. Also, on
many systems the command line of a running process may be seen
via the <B
CLASS="COMMAND"
>ps</B
> command. To be safe always allow
<B
CLASS="COMMAND"
>rpcclient</B
> to prompt for a password and type
it in directly. </P
></DD
><DT
>-h|--help</DT
><DD
><P
>Print a summary of command line options.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN97"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 3.0 of the Samba
suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN100"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The smbtree man page was written by Jelmer Vernooij. </P
></DIV
></BODY
></HTML
>

233
docs/htmldocs/swat.html Normal file
View File

@ -0,0 +1,233 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>SWAT - The Samba Web Admininistration Tool</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="PREVIOUS"
TITLE="Samba and other CIFS clients"
HREF="other-clients.html"><LINK
REL="NEXT"
TITLE="Samba performance issues"
HREF="speed.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="other-clients.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="speed.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="SWAT"
></A
>Chapter 31. SWAT - The Samba Web Admininistration Tool</H1
><P
>This is a rough guide to SWAT.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4624"
>31.1. SWAT Features and Benefits</A
></H1
><P
>You must use at least the following ...</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4627"
>31.1.1. The SWAT Home Page</A
></H2
><P
>Blah blah here.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4630"
>31.1.2. Global Settings</A
></H2
><P
>Document steps right here!</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4633"
>31.1.3. The SWAT Wizard</A
></H2
><P
>Lots of blah blah here.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4636"
>31.1.4. Share Settings</A
></H2
><P
>Document steps right here!</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4639"
>31.1.5. Printing Settings</A
></H2
><P
>Document steps right here!</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4642"
>31.1.6. The Status Page</A
></H2
><P
>Document steps right here!</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4645"
>31.1.7. The Password Change Page</A
></H2
><P
>Document steps right here!</P
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="other-clients.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="speed.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Samba and other CIFS clients</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="appendixes.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Samba performance issues</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

301
docs/htmldocs/unicode.html Normal file
View File

@ -0,0 +1,301 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Unicode/Charsets</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Securing Samba"
HREF="securing-samba.html"><LINK
REL="NEXT"
TITLE="Appendixes"
HREF="appendixes.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="securing-samba.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="appendixes.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="UNICODE"
></A
>Chapter 26. Unicode/Charsets</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>26.1. <A
HREF="unicode.html#AEN4127"
>What are charsets and unicode?</A
></DT
><DT
>26.2. <A
HREF="unicode.html#AEN4136"
>Samba and charsets</A
></DT
><DT
>26.3. <A
HREF="unicode.html#AEN4155"
>Conversion from old names</A
></DT
></DL
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4127"
>26.1. What are charsets and unicode?</A
></H1
><P
>Computers communicate in numbers. In texts, each number will be
translated to a corresponding letter. The meaning that will be assigned
to a certain number depends on the <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>character set(charset)</I
></SPAN
> that is used.
A charset can be seen as a table that is used to translate numbers to
letters. Not all computers use the same charset (there are charsets
with German umlauts, Japanese characters, etc). Usually a charset contains
256 characters, which means that storing a character with it takes
exactly one byte. </P
><P
>There are also charsets that support even more characters,
but those need twice(or even more) as much storage space. These
charsets can contain <B
CLASS="COMMAND"
>256 * 256 = 65536</B
> characters, which
is more then all possible characters one could think of. They are called
multibyte charsets (because they use more then one byte to
store one character). </P
><P
>A standardised multibyte charset is unicode, info available at
<A
HREF="http://www.unicode.org/"
TARGET="_top"
>www.unicode.org</A
>.
Big advantage of using a multibyte charset is that you only need one; no
need to make sure two computers use the same charset when they are
communicating.</P
><P
>Old windows clients used to use single-byte charsets, named
'codepages' by microsoft. However, there is no support for
negotiating the charset to be used in the smb protocol. Thus, you
have to make sure you are using the same charset when talking to an old client.
Newer clients (Windows NT, 2K, XP) talk unicode over the wire.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4136"
>26.2. Samba and charsets</A
></H1
><P
>As of samba 3.0, samba can (and will) talk unicode over the wire. Internally,
samba knows of three kinds of character sets: </P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>unix charset</DT
><DD
><P
> This is the charset used internally by your operating system.
The default is <CODE
CLASS="CONSTANT"
>ASCII</CODE
>, which is fine for most
systems.
</P
></DD
><DT
>display charset</DT
><DD
><P
>This is the charset samba will use to print messages
on your screen. It should generally be the same as the <B
CLASS="COMMAND"
>unix charset</B
>.
</P
></DD
><DT
>dos charset</DT
><DD
><P
>This is the charset samba uses when communicating with
DOS and Windows 9x clients. It will talk unicode to all newer clients.
The default depends on the charsets you have installed on your system.
Run <B
CLASS="COMMAND"
>testparm -v | grep "dos charset"</B
> to see
what the default is on your system.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4155"
>26.3. Conversion from old names</A
></H1
><P
>Because previous samba versions did not do any charset conversion,
characters in filenames are usually not correct in the unix charset but only
for the local charset used by the DOS/Windows clients.</P
><P
>The following script from Steve Langasek converts all
filenames from CP850 to the iso8859-15 charset.</P
><P
><SAMP
CLASS="PROMPT"
>#</SAMP
><KBD
CLASS="USERINPUT"
>find <VAR
CLASS="REPLACEABLE"
>/path/to/share</VAR
> -type f -exec bash -c 'CP="{}"; ISO=`echo -n "$CP" | iconv -f cp850 \
-t iso8859-15`; if [ "$CP" != "$ISO" ]; then mv "$CP" "$ISO"; fi' \;</KBD
></P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="securing-samba.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="appendixes.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Securing Samba</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Appendixes</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

45
docs/manpages/editreg.1 Normal file
View File

@ -0,0 +1,45 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "EDITREG" "1" "17 April 2003" "" ""
.SH NAME
editreg \- A utility to report and change SIDs in registry files
.SH SYNOPSIS
\fBeditreg\fR [ \fB-v\fR ] [ \fB-c file\fR ] \fBfile\fR
.SH "DESCRIPTION"
.PP
This tool is part of the \fBSamba\fR(7) suite.
.PP
\fBeditreg\fR is a utility that
can visualize windows registry files (currently only NT4) and apply
so-called commandfiles to them.
.SH "OPTIONS"
.TP
\fBregistry_file\fR
Registry file to view or edit.
.TP
\fB-v,--verbose\fR
Increases verbosity of messages.
.TP
\fB-c commandfile\fR
Read commands to execute on \fIregistry_file\fR from \fIcommandfile\fR. Currently not yet supported!
.TP
\fB-h|--help\fR
Print a summary of command line options.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of the Samba
suite.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
The editreg man page was written by Jelmer Vernooij.

0
docs/manpages/manpage.links Normal file
View File

39
docs/manpages/manpage.refs Normal file
View File

@ -0,0 +1,39 @@
{
'' => '',
'refentry:SMBGROUPEDIT.8' => 'smbgroupedit(8)',
'refentry:NET.8' => 'net(8)',
'refentry:SAMBA.7' => 'samba(7)',
'refentry:SMBSTATUS.1' => 'smbstatus(1)',
'refentry:SMBCACLS.1' => 'smbcacls(1)',
'refentry:WBINFO.1' => 'wbinfo(1)',
'refentry:NTLM-AUTH.1' => 'ntlm_auth(1)',
'refentry:SMBPASSWD.8' => 'smbpasswd(8)',
'refentry:SMB.CONF.5' => 'smb.conf(5)',
'refentry:FINDSMB.1' => 'findsmb(1)',
'refentry:SMBCONTROL.1' => 'smbcontrol(1)',
'refentry:TESTPRNS.1' => 'testprns(1)',
'refentry:SMBPASSWD.5' => 'smbpasswd(5)',
'refentry:SMBD.8' => 'smbd(8)',
'refentry:SMBTREE.1' => 'smbtree(1)',
'refentry:EDITREG.1' => 'editreg(1)',
'refentry:SMBCLIENT.1' => 'smbclient(1)',
'refentry:WINBINDD.8' => 'winbindd(8)',
'refentry:NMBLOOKUP' => 'nmblookup(1)',
'refentry:SMBMOUNT.8' => 'smbmount(8)',
'refentry:SMBCQUOTAS.1' => 'smbcquotas(1)',
'refentry:PDBEDIT.8' => 'pdbedit(8)',
'refentry:NTLM_AUTH.1' => 'ntlm_auth(1)',
'refentry:SWAT.8' => 'swat(8)',
'refentry:PROFILES.1' => 'profiles(1)',
'refentry:LMHOSTS.5' => 'lmhosts(5)',
'refentry:SMBMNT.8' => 'smbmnt(8)',
'refentry:SMBSH.1' => 'smbsh(1)',
'refentry:SMBSPOOL.8' => 'smbspool(8)',
'refentry:RPCCLIENT.1' => 'rpcclient(1)',
'refentry:VFSTEST.1' => 'vfstest(1)',
'refentry:NMBD.8' => 'nmbd(8)',
'refentry:TESTPARM.1' => 'testparm(1)',
'refentry:SMBUMOUNT.8' => 'smbumount(8)',
'refentry:SMBTAR.1' => 'smbtar(1)',
'' => ''
}

109
docs/manpages/ntlm_auth.1 Normal file
View File

@ -0,0 +1,109 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "NTLM_AUTH" "1" "17 April 2003" "" ""
.SH NAME
ntlm_auth \- tool to allow external access to Winbind's NTLM authentication function
.SH SYNOPSIS
\fBntlm_auth\fR [ \fB-d debuglevel\fR ] [ \fB-l logfile\fR ] [ \fB-s <smb config file>\fR ]
.SH "DESCRIPTION"
.PP
This tool is part of the \fBSamba\fR(7) suite.
.PP
\fBntlm_auth\fR is a helper utility that authenticates
users using NT/LM authentication. It returns 0 if the users is authenticated
successfully and 1 if access was denied. ntlm_auth uses winbind to access
the user and authentication data for a domain. This utility
is only to be used by other programs (currently squid).
.SH "OPTIONS"
.TP
\fB--helper-protocol=PROTO\fR
Operate as a stdio-based helper
.TP
\fB--username=USERNAME\fR
Specify username of user to authenticate
.TP
\fB--domain=DOMAIN\fR
Specify domain of user to authenticate
.TP
\fB--workstation=WORKSTATION\fR
Specify the workstation the user authenticated from
.TP
\fB--challenge=STRING\fR
challenge (HEX encoded)
.TP
\fB--lm-response=RESPONSE\fR
LM Response to the challenge (HEX encoded)
.TP
\fB--nt-response=RESPONSE\fR
NT or NTLMv2 Response to the challenge (HEX encoded)
.TP
\fB--password=PASSWORD\fR
User's plaintext password
.TP
\fB--request-lm-key\fR
Retreive LM session key
.TP
\fB--request-nt-key\fR
Request NT key
.TP
\fB-V\fR
Prints the version number for
\fBsmbd\fR.
.TP
\fB-s <configuration file>\fR
The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See \fIsmb.conf(5)\fR for more information.
The default configuration file name is determined at
compile time.
.TP
\fB-d|--debug=debuglevel\fR
\fIdebuglevel\fR is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will
override the log
level file.
.TP
\fB-l|--logfile=logbasename\fR
File name for log/debug files. The extension
".client" will be appended. The log file is
never removed by the client.
.TP
\fB-h|--help\fR
Print a summary of command line options.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of the Samba
suite.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
The ntlm_auth manpage was written by Jelmer Vernooij.

45
docs/manpages/profiles.1 Normal file
View File

@ -0,0 +1,45 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "PROFILES" "1" "17 April 2003" "" ""
.SH NAME
profiles \- A utility to report and change SIDs in registry files
.SH SYNOPSIS
\fBprofiles\fR [ \fB-v\fR ] [ \fB-c SID\fR ] [ \fB-n SID\fR ] \fBfile\fR
.SH "DESCRIPTION"
.PP
This tool is part of the \fBSamba\fR(7) suite.
.PP
\fBprofiles\fR is a utility that
reports and changes SIDs in windows registry files. It currently only
supports NT.
.SH "OPTIONS"
.TP
\fBfile\fR
Registry file to view or edit.
.TP
\fB-v,--verbose\fR
Increases verbosity of messages.
.TP
\fB-c SID1 -n SID2\fR
Change all occurences of SID1 in \fIfile\fR by SID2.
.TP
\fB-h|--help\fR
Print a summary of command line options.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of the Samba
suite.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
The profiles man page was written by Jelmer Vernooij.

5
docs/manpages/smb.conf.5
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMB.CONF" "5" "07 april 2003" "" ""
.TH "SMB.CONF" "5" "17 April 2003" "" ""
.SH NAME
smb.conf \- The configuration file for the Samba suite
@ -2591,8 +2591,7 @@ This boolean controls whether encrypted passwords
will be negotiated with the client. Note that Windows NT 4.0 SP3 and
above and also Windows 98 will by default expect encrypted passwords
unless a registry entry is changed. To use encrypted passwords in
Samba see the file ENCRYPTION.txt in the Samba documentation
directory \fIdocs/\fR shipped with the source code.
Samba see the chapter User Database in the Samba HOWTO Collection.
In order for encrypted passwords to work correctly
\fBsmbd\fR(8) must either

2
docs/manpages/smbcacls.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBCACLS" "1" "07 april 2003" "" ""
.TH "SMBCACLS" "1" "17 April 2003" "" ""
.SH NAME
smbcacls \- Set or get ACLs on an NT file or directory names

2
docs/manpages/smbclient.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBCLIENT" "1" "07 april 2003" "" ""
.TH "SMBCLIENT" "1" "17 April 2003" "" ""
.SH NAME
smbclient \- ftp-like client to access SMB/CIFS resources on servers

2
docs/manpages/smbcontrol.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBCONTROL" "1" "07 april 2003" "" ""
.TH "SMBCONTROL" "1" "17 April 2003" "" ""
.SH NAME
smbcontrol \- send messages to smbd, nmbd or winbindd processes

183
docs/manpages/smbcquotas.1 Normal file
View File

@ -0,0 +1,183 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBCQUOTAS" "1" "17 April 2003" "" ""
.SH NAME
smbcquotas \- Set or get QUOTAs of NTFS 5 shares
.SH SYNOPSIS
\fBsmbcquotas\fR \fB//server/share\fR [ \fB-u user\fR ] [ \fB-L\fR ] [ \fB-F\fR ] [ \fB-S QUOTA_SET_COMMAND\fR ] [ \fB-n\fR ] [ \fB-t\fR ] [ \fB-v\fR ] [ \fB-d debuglevel\fR ] [ \fB-s configfile\fR ] [ \fB-l logfilebase\fR ] [ \fB-V\fR ] [ \fB-U username\fR ] [ \fB-N\fR ] [ \fB-k\fR ] [ \fB-A\fR ]
.SH "DESCRIPTION"
.PP
This tool is part of the \fBSamba\fR(7) suite.
.PP
The \fBsmbcquotas\fR program manipulates NT Quotas on SMB file shares.
.SH "OPTIONS"
.PP
The following options are available to the \fBsmbcquotas\fR program.
.TP
\fB-u user\fR
Specifies the user of whom the quotas are get or set.
By default the current user's username will be used.
.TP
\fB-L\fR
Lists all quota records of the share.
.TP
\fB-F\fR
Show the share quota status and default limits.
.TP
\fB-S QUOTA_SET_COMMAND\fR
This command set/modify quotas for a user or on the share,
depending on the QUOTA_SET_COMMAND parameter witch is described later
.TP
\fB-n\fR
This option displays all QUOTA information in numeric
format. The default is to convert SIDs to names and QUOTA limits
to a readable string format.
.TP
\fB-t\fR
Don't actually do anything, only validate the correctness of
the arguments.
.TP
\fB-v\fR
Be verbose.
.TP
\fB-h|--help\fR
Print a summary of command line options.
.TP
\fB-V\fR
Prints the version number for
\fBsmbd\fR.
.TP
\fB-s <configuration file>\fR
The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See \fIsmb.conf(5)\fR for more information.
The default configuration file name is determined at
compile time.
.TP
\fB-d|--debug=debuglevel\fR
\fIdebuglevel\fR is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will
override the log
level file.
.TP
\fB-l|--logfile=logbasename\fR
File name for log/debug files. The extension
".client" will be appended. The log file is
never removed by the client.
.TP
\fB-N\fR
If specified, this parameter suppresses the normal
password prompt from the client to the user. This is useful when
accessing a service that does not require a password.
Unless a password is specified on the command line or
this parameter is specified, the client will request a
password.
.TP
\fB-k\fR
Try to authenticate with kerberos. Only useful in
an Active Directory environment.
.TP
\fB-A|--authfile=filename\fR
This option allows
you to specify a file from which to read the username and
password used in the connection. The format of the file is
.nf
username = <value>
password = <value>
domain = <value>
.fi
Make certain that the permissions on the file restrict
access from unwanted users.
.TP
\fB-U|--user=username[%password]\fR
Sets the SMB username or username and password.
If %password is not specified, the user will be prompted. The
client will first check the \fBUSER\fR environment variable, then the
\fBLOGNAME\fR variable and if either exists, the
string is uppercased. If these environmental variables are not
found, the username GUEST is used.
A third option is to use a credentials file which
contains the plaintext of the username and password. This
option is mainly provided for scripts where the admin does not
wish to pass the credentials on the command line or via environment
variables. If this method is used, make certain that the permissions
on the file restrict access from unwanted users. See the
\fI-A\fR for more details.
Be cautious about including passwords in scripts. Also, on
many systems the command line of a running process may be seen
via the \fBps\fR command. To be safe always allow
\fBrpcclient\fR to prompt for a password and type
it in directly.
.SH "QUOTA_SET_COMAND"
.PP
The format of an ACL is one or more ACL entries separated by
either commas or newlines. An ACL entry is one of the following:
.PP
for user setting quotas for the specified by -u or the current username:
.PP
\fB UQLIM:<username><softlimit><hardlimit>
\fR
.PP
for setting the share quota defaults limits:
.PP
\fB FSQLIM:<softlimit><hardlimit>
\fR
.PP
for changing the share quota settings:
.PP
\fB FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT
\fR
.SH "EXIT STATUS"
.PP
The \fBsmbcquotas\fR program sets the exit status
depending on the success or otherwise of the operations performed.
The exit status may be one of the following values.
.PP
If the operation succeeded, smbcquotas returns an exit
status of 0. If \fBsmbcquotas\fR couldn't connect to the specified server,
or when there was an error getting or setting the quota(s), an exit status
of 1 is returned. If there was an error parsing any command line
arguments, an exit status of 2 is returned.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of the Samba suite.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
\fBsmbcacls\fR was written by Stefan Metzmacher.

2
docs/manpages/smbd.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBD" "8" "07 april 2003" "" ""
.TH "SMBD" "8" "17 April 2003" "" ""
.SH NAME
smbd \- server to provide SMB/CIFS services to clients

2
docs/manpages/smbgroupedit.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBGROUPEDIT" "8" "07 april 2003" "" ""
.TH "SMBGROUPEDIT" "8" "17 April 2003" "" ""
.SH NAME
smbgroupedit \- Query/set/change UNIX - Windows NT group mapping

2
docs/manpages/smbmnt.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBMNT" "8" "07 april 2003" "" ""
.TH "SMBMNT" "8" "17 April 2003" "" ""
.SH NAME
smbmnt \- helper utility for mounting SMB filesystems

2
docs/manpages/smbmount.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBMOUNT" "8" "07 april 2003" "" ""
.TH "SMBMOUNT" "8" "17 April 2003" "" ""
.SH NAME
smbmount \- mount an smbfs filesystem

2
docs/manpages/smbpasswd.5
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBPASSWD" "5" "07 april 2003" "" ""
.TH "SMBPASSWD" "5" "17 April 2003" "" ""
.SH NAME
smbpasswd \- The Samba encrypted password file

2
docs/manpages/smbpasswd.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBPASSWD" "8" "07 april 2003" "" ""
.TH "SMBPASSWD" "8" "17 April 2003" "" ""
.SH NAME
smbpasswd \- change a user's SMB password

2
docs/manpages/smbsh.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBSH" "1" "07 april 2003" "" ""
.TH "SMBSH" "1" "17 April 2003" "" ""
.SH NAME
smbsh \- Allows access to Windows NT filesystem using UNIX commands

2
docs/manpages/smbspool.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBSPOOL" "8" "07 april 2003" "" ""
.TH "SMBSPOOL" "8" "17 April 2003" "" ""
.SH NAME
smbspool \- send a print file to an SMB printer

2
docs/manpages/smbstatus.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBSTATUS" "1" "07 april 2003" "" ""
.TH "SMBSTATUS" "1" "17 April 2003" "" ""
.SH NAME
smbstatus \- report on current Samba connections

2
docs/manpages/smbtar.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBTAR" "1" "07 april 2003" "" ""
.TH "SMBTAR" "1" "17 April 2003" "" ""
.SH NAME
smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives

144
docs/manpages/smbtree.1 Normal file
View File

@ -0,0 +1,144 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBTREE" "1" "17 April 2003" "" ""
.SH NAME
smbtree \- A text based smb network browser
.SH SYNOPSIS
\fBsmbtree\fR [ \fB-b\fR ] [ \fB-D\fR ] [ \fB-S\fR ]
.SH "DESCRIPTION"
.PP
This tool is part of the \fBSamba\fR(7) suite.
.PP
\fBsmbtree\fR is a smb browser program
in text mode. It is similar to the "Network Neighborhood" found
on Windows computers. It prints a tree with all
the known domains, the servers in those domains and
the shares on the servers.
.SH "OPTIONS"
.TP
\fB-b\fR
Query network nodes by sending requests
as broadcasts instead of querying the (domain) master browser.
.TP
\fB-D\fR
Only print a list of all
the domains known on broadcast or by the
master browser
.TP
\fB-S\fR
Only print a list of
all the domains and servers responding on broadcast or
known by the master browser.
.TP
\fB-V\fR
Prints the version number for
\fBsmbd\fR.
.TP
\fB-s <configuration file>\fR
The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See \fIsmb.conf(5)\fR for more information.
The default configuration file name is determined at
compile time.
.TP
\fB-d|--debug=debuglevel\fR
\fIdebuglevel\fR is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day to day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will
override the log
level file.
.TP
\fB-l|--logfile=logbasename\fR
File name for log/debug files. The extension
".client" will be appended. The log file is
never removed by the client.
.TP
\fB-N\fR
If specified, this parameter suppresses the normal
password prompt from the client to the user. This is useful when
accessing a service that does not require a password.
Unless a password is specified on the command line or
this parameter is specified, the client will request a
password.
.TP
\fB-k\fR
Try to authenticate with kerberos. Only useful in
an Active Directory environment.
.TP
\fB-A|--authfile=filename\fR
This option allows
you to specify a file from which to read the username and
password used in the connection. The format of the file is
.nf
username = <value>
password = <value>
domain = <value>
.fi
Make certain that the permissions on the file restrict
access from unwanted users.
.TP
\fB-U|--user=username[%password]\fR
Sets the SMB username or username and password.
If %password is not specified, the user will be prompted. The
client will first check the \fBUSER\fR environment variable, then the
\fBLOGNAME\fR variable and if either exists, the
string is uppercased. If these environmental variables are not
found, the username GUEST is used.
A third option is to use a credentials file which
contains the plaintext of the username and password. This
option is mainly provided for scripts where the admin does not
wish to pass the credentials on the command line or via environment
variables. If this method is used, make certain that the permissions
on the file restrict access from unwanted users. See the
\fI-A\fR for more details.
Be cautious about including passwords in scripts. Also, on
many systems the command line of a running process may be seen
via the \fBps\fR command. To be safe always allow
\fBrpcclient\fR to prompt for a password and type
it in directly.
.TP
\fB-h|--help\fR
Print a summary of command line options.
.SH "VERSION"
.PP
This man page is correct for version 3.0 of the Samba
suite.
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
The smbtree man page was written by Jelmer Vernooij.

2
docs/manpages/smbumount.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBUMOUNT" "8" "07 april 2003" "" ""
.TH "SMBUMOUNT" "8" "17 April 2003" "" ""
.SH NAME
smbumount \- smbfs umount for normal users

2
docs/manpages/swat.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SWAT" "8" "07 april 2003" "" ""
.TH "SWAT" "8" "17 April 2003" "" ""
.SH NAME
swat \- Samba Web Administration Tool

2
docs/manpages/testparm.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "TESTPARM" "1" "07 april 2003" "" ""
.TH "TESTPARM" "1" "17 April 2003" "" ""
.SH NAME
testparm \- check an smb.conf configuration file for internal correctness

2
docs/manpages/testprns.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "TESTPRNS" "1" "07 april 2003" "" ""
.TH "TESTPRNS" "1" "17 April 2003" "" ""
.SH NAME
testprns \- check printer name for validity with smbd

2
docs/manpages/vfstest.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "VFSTEST" "1" "07 april 2003" "" ""
.TH "VFSTEST" "1" "17 April 2003" "" ""
.SH NAME
vfstest \- tool for testing samba VFS modules

2
docs/manpages/wbinfo.1
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "WBINFO" "1" "07 april 2003" "" ""
.TH "WBINFO" "1" "17 April 2003" "" ""
.SH NAME
wbinfo \- Query information from winbind daemon

2
docs/manpages/winbindd.8
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "WINBINDD" "8" "07 april 2003" "" ""
.TH "WINBINDD" "8" "17 April 2003" "" ""
.SH NAME
winbindd \- Name Service Switch daemon for resolving names from NT servers