1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

Adding new series of text-to-sgml converted files.

Removed OS2-Client-HOWTO and put it into Other-Clients.sgml
(This used to be commit 076f34af8e5af7fb2d07b724522ef77f33559c82)
This commit is contained in:
Jelmer Vernooij 2002-08-28 08:43:04 +00:00
parent 772e9b2ac8
commit 147e2a8253
10 changed files with 773 additions and 149 deletions

View File

@ -50,7 +50,8 @@ all:
@echo "manpages - Build manpages"
@echo "ps - Build PostScript version of HOWTO Collection"
@echo "pdf - Build PDF version of HOWTO Collection"
@echo "html-single - Build single HTML version of HOWTO Collection"
@echo -n "html-single - Build single file HTML version of HOWTO Collection"
@echo "and developers guide"
@echo "html - Build HTML version of HOWTO Collection and manpages"
@echo "txt - Build plain text version of HOWTO Collection"
@ -58,8 +59,8 @@ manpages: $(MANPAGES)
pdf: ../Samba-HOWTO-Collection.pdf
ps: ../Samba-HOWTO-Collection.ps
txt: ../Samba-HOWTO-Collection.txt
html: $(HTMLDIR)/samba-doc.html
html-single: ../Samba-HOWTO-Collection.html $(MANPAGES_HTML)
html: $(HTMLDIR)/samba-doc.html $(MANPAGES_HTML)
html-single: ../Samba-HOWTO-Collection.html ../Samba-Developers-Guide.html
../Samba-HOWTO-Collection.txt: $(SGMLDIR)/samba-doc.sgml
$(DOCBOOK2TXT) -o .. $<
@ -76,6 +77,10 @@ html-single: ../Samba-HOWTO-Collection.html $(MANPAGES_HTML)
$(DOCBOOK2HTML) -u -o .. $<
mv ../samba-doc.html $@
../Samba-Developers-Guide.html: devdoc/dev-doc.sgml
$(DOCBOOK2HTML) -u -o .. $<
mv ../dev-doc.html $@
$(HTMLDIR)/samba-doc.html: $(SGMLDIR)/samba-doc.sgml
$(DOCBOOK2HTML) -o $(HTMLDIR) $<

View File

@ -0,0 +1,154 @@
<chapter id="netbios">
<chapterinfo>
<author>
<firstname>Luke</firstname><surname>Leighton</surname>
</author>
<pubdate>12 June 1997</pubdate>
</chapterinfo>
<title>Definition of NetBIOS Protocol and Name Resolution Modes</title>
<sect1>
<title>NETBIOS</title>
<para>
NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX.
Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS
Session Service NetBIOS Datagram Service, and NetBIOS Names, see
rfc1001.txt and rfc1002.txt.
</para>
<para>
NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS
datagrams to be sent out over the 'wire' embedded within LLC frames.
NetBEUI is not required when using NetBIOS over TCP/IP protocols and it
is preferable NOT to install NetBEUI if it can be avoided.
</para>
<para>
IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is
preferable NOT to install the IPX/SPX transport unless you are using Novell
servers. At the very least, it is recommended that you do not install
'NetBIOS over IPX/SPX'.
</para>
<para>
[When installing Windows 95, you will find that NetBEUI and IPX/SPX are
installed as the default protocols. This is because they are the simplest
to manage: no Windows 95 user-configuration is required].
</para>
<para>
NetBIOS applications (such as samba) offer their services (for example,
SMB file and print sharing) on a NetBIOS name. They must claim this name
on the network before doing so. The NetBIOS session service will then
accept connections on the application's behalf (on the NetBIOS name
claimed by the application). A NetBIOS session between the application
and the client can then commence.
</para>
<para>
NetBIOS names consist of 15 characters plus a 'type' character. This is
similar, in concept, to an IP address and a TCP port number, respectively.
A NetBIOS-aware application on a host will offer different services under
different NetBIOS name types, just as a host will offer different TCP/IP
services on different port numbers.
</para>
<para>
NetBIOS names must be claimed on a network, and must be defended. The use
of NetBIOS names is most suitable on a single subnet; a Local Area Network
or a Wide Area Network.
</para>
<para>
NetBIOS names are either UNIQUE or GROUP. Only one application can claim a
UNIQUE NetBIOS name on a network.
</para>
<para>
There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point.
</para>
</sect1>
<sect1>
<title>BROADCAST NetBIOS</title>
<para>
Clients can claim names, and therefore offer services on successfully claimed
names, on their broadcast-isolated subnet. One way to get NetBIOS services
(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make
your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
</para>
<para>
This, however, is not recommended. If you have a large LAN or WAN, you will
find that some of your hosts spend 95 percent of their time dealing with
broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find
that this is already happening: a packet analyzer will show, roughly
every twelve minutes, great swathes of broadcast traffic!].
</para>
</sect1>
<sect1>
<title>NBNS NetBIOS</title>
<para>
rfc1001.txt describes, amongst other things, the implementation and use
of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service'
which is fully rfc1001/2 compliant, but has had to take specific action
with certain NetBIOS names in order to make it useful. (for example, it
deals with the registration of <1c> <1d> <1e> names all in different ways.
I recommend the reading of the Microsoft WINS Server Help files for full
details).
</para>
<para>
The use of a WINS server cuts down on broadcast network traffic for
NetBIOS name resolution. It has the effect of pulling all the broadcast
isolated subnets together into a single NetBIOS scope, across your LAN
or WAN, while avoiding the use of TCP/IP broadcast packets.
</para>
<para>
When you have a WINS server on your LAN, WINS clients will be able to
contact the WINS server to resolve NetBIOS names. Note that only those
WINS clients that have registered with the same WINS server will be
visible. The WINS server _can_ have static NetBIOS entries added to its
database (usually for security reasons you might want to consider putting
your domain controllers or other important servers as static entries,
but you should not rely on this as your sole means of security), but for
the most part, NetBIOS names are registered dynamically.
</para>
<para>
This provides some confusion for lots of people, and is worth mentioning
here: a Browse Server is NOT a WINS Server, even if these services are
implemented in the same application. A Browse Server _needs_ a WINS server
because a Browse Server is a WINS client, which is _not_ the same thing].
</para>
<para>
Clients can claim names, and therefore offer services on successfully claimed
names, on their broadcast-isolated subnet. One way to get NetBIOS services
(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make
your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
You will find, however, if you do this on a large LAN or a WAN, that your
network is completely swamped by NetBIOS and browsing packets, which is why
WINS was developed to minimise the necessity of broadcast traffic.
</para>
<para>
WINS Clients therefore claim names from the WINS server. If the WINS
server allows them to register a name, the client's NetBIOS session service
can then offer services on this name. Other WINS clients will then
contact the WINS server to resolve a NetBIOS name.
</para>
</sect1>
</chapter>

View File

@ -0,0 +1,44 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
<!ENTITY NetBIOS SYSTEM "NetBIOS.sgml">
]>
<book id="Samba-Developer-Documentation">
<title>SAMBA Deverlopers Guide</title>
<bookinfo>
<author>
<surname>SAMBA Team</surname>
</author>
<address><email>samba@samba.org</email></address>
</bookinfo>
<dedication>
<title>Abstract</title>
<para>
<emphasis>Last Update</emphasis> : Mon aug 26 12:41:19 CEST 2002
</para>
<para>
This book is a collection of documents that might be useful for
people developing samba or those interested in doing so.
than one person can maintain. The most recent version of this document
can be found at <ulink url="http://www.samba.org/">http://www.samba.org/</ulink>
on the "Documentation" page. Please send updates to <ulink
url="mailto:jerry@samba.org">jerry@samba.org</ulink>.
</para>
<para>
This documentation is distributed under the GNU General Public License (GPL)
version 2. A copy of the license is included with the Samba source
distribution. A copy can be found on-line at <ulink
url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</ulink>
</para>
</dedication>
<!-- Chapters -->
&NetBIOS;
</book>

View File

@ -190,7 +190,7 @@
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>

View File

@ -52,7 +52,8 @@
<term>-d|--debug=debuglevel</term>
<listitem><para>set the debuglevel. Debug level 0 is the lowest
and 100 being the highest. This should be set to 100 if you are
planning on submitting a bug report to the Samba team (see <filename>BUGS.txt</filename>).
planning on submitting a bug report to the Samba team (see
<filename>BUGS.txt</filename>).
</para></listitem>
</varlistentry>

View File

@ -0,0 +1,78 @@
<chapter id="groupmapping">
<chapterinfo>
<author>
<firstname>Jean François</firstname><surname>Micouleau</surname>
</author>
</chapterinfo>
<title>Group mapping HOWTO</title>
<para>
Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
current method (likely to change) to manage the groups is a new command called
<command>smbgroupedit</command>.
</para>
<para>
The first immediate reason to use the group mapping on a PDC, is that
the <command>domain admin group</command> of <filename>smb.conf</filename> is
now gone. This parameter was used to give the listed users local admin rights
on their workstations. It was some magic stuff that simply worked but didn't
scale very well for complex setups.
</para>
<para>
Let me explain how it works on NT/W2K, to have this magic fade away.
When installing NT/W2K on a computer, the installer program creates some users
and groups. Notably the 'Administrators' group, and gives to that group some
privileges like the ability to change the date and time or to kill any process
(or close too) running on the local machine. The 'Administrator' user is a
member of the 'Administrators' group, and thus 'inherit' the 'Administrators'
group privileges. If a 'joe' user is created and become a member of the
'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.
</para>
<para>
When a NT/W2K machine is joined to a domain, during that phase, the "Domain
Administrators' group of the PDC is added to the 'Administrators' group of the
workstation. Every members of the 'Domain Administrators' group 'inherit' the
rights of the 'Administrators' group when logging on the workstation.
</para>
<para>
You are now wondering how to make some of your samba PDC users members of the
'Domain Administrators' ? That's really easy.
</para>
<orderedlist>
<listitem><para>create a unix group (usually in <filename>/etc/group</filename>), let's call it domadm</para></listitem>
<listitem><para>add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in <filename>/etc/group</filename> will look like:</para>
<para><programlisting>
domadm:x:502:joe,john,mary
</programlisting></para>
</listitem>
<listitem><para>Map this domadm group to the <command>domain admins</command> group by running the command:</para>
<para><command>smbgroupedit -c "Domain Admins" -u domadm</command></para></listitem>
</orderedlist>
<para>You're set, joe, john and mary are domain administrators !</para>
<para>
Like the Domain Admins group, you can map any arbitrary Unix group to any NT
group. You can also make any Unix group a domain group. For example, on a domain
member machine (an NT/W2K or a samba server running winbind), you would like to
give access to a certain directory to some users who are member of a group on
your samba PDC. Flag that group as a domain group by running:
</para>
<para><command>smbgroupedit -a unixgroup -td</command></para>
<para>You can list the various groups in the mapping database like this</para>
<para><command>smbgroupedit -v</command></para>
</chapter>

View File

@ -1,142 +0,0 @@
<chapter id="os2">
<chapterinfo>
<author>
<firstname>Jim</firstname><surname>McDonough</surname>
<affiliation>
<orgname>IBM</orgname>
<address>
<email>jerry@samba.org</email>
</address>
</affiliation>
</author>
<pubdate>5 Mar 2001</pubdate>
</chapterinfo>
<title>OS2 Client HOWTO</title>
<sect1>
<title>FAQs</title>
<sect2>
<title>How can I configure OS/2 Warp Connect or
OS/2 Warp 4 as a client for Samba?</title>
<para>A more complete answer to this question can be
found on <ulink url="http://carol.wins.uva.nl/~leeuw/samba/warp.html">
http://carol.wins.uva.nl/~leeuw/samba/warp.html</ulink>.</para>
<para>Basically, you need three components:</para>
<itemizedlist>
<listitem><para>The File and Print Client ('IBM Peer')
</para></listitem>
<listitem><para>TCP/IP ('Internet support')
</para></listitem>
<listitem><para>The "NetBIOS over TCP/IP" driver ('TCPBEUI')
</para></listitem>
</itemizedlist>
<para>Installing the first two together with the base operating
system on a blank system is explained in the Warp manual. If Warp
has already been installed, but you now want to install the
networking support, use the "Selective Install for Networking"
object in the "System Setup" folder.</para>
<para>Adding the "NetBIOS over TCP/IP" driver is not described
in the manual and just barely in the online documentation. Start
MPTS.EXE, click on OK, click on "Configure LAPS" and click
on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line
is then moved to 'Current Configuration'. Select that line,
click on "Change number" and increase it from 0 to 1. Save this
configuration.</para>
<para>If the Samba server(s) is not on your local subnet, you
can optionally add IP names and addresses of these servers
to the "Names List", or specify a WINS server ('NetBIOS
Nameserver' in IBM and RFC terminology). For Warp Connect you
may need to download an update for 'IBM Peer' to bring it on
the same level as Warp 4. See the webpage mentioned above.</para>
</sect2>
<sect2>
<title>How can I configure OS/2 Warp 3 (not Connect),
OS/2 1.2, 1.3 or 2.x for Samba?</title>
<para>You can use the free Microsoft LAN Manager 2.2c Client
for OS/2 from
<ulink url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/">
ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>.
See <ulink url="http://carol.wins.uva.nl/~leeuw/lanman.html">
http://carol.wins.uva.nl/~leeuw/lanman.html</ulink> for
more information on how to install and use this client. In
a nutshell, edit the file \OS2VER in the root directory of
the OS/2 boot partition and add the lines:</para>
<para><programlisting>
20=setup.exe
20=netwksta.sys
20=netvdd.sys
</programlisting></para>
<para>before you install the client. Also, don't use the
included NE2000 driver because it is buggy. Try the NE2000
or NS2000 driver from
<ulink url="ftp://ftp.cdrom.com/pub/os2/network/ndis/">
ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead.
</para>
</sect2>
<sect2>
<title>Are there any other issues when OS/2 (any version)
is used as a client?</title>
<para>When you do a NET VIEW or use the "File and Print
Client Resource Browser", no Samba servers show up. This can
be fixed by a patch from <ulink
url="http://carol.wins.uva.nl/~leeuw/samba/fix.html">
http://carol.wins.uva.nl/~leeuw/samba/fix.html</ulink>.
The patch will be included in a later version of Samba. It also
fixes a couple of other problems, such as preserving long
filenames when objects are dragged from the Workplace Shell
to the Samba server. </para>
</sect2>
<sect2>
<title>How do I get printer driver download working
for OS/2 clients?</title>
<para>First, create a share called [PRINTDRV] that is
world-readable. Copy your OS/2 driver files there. Note
that the .EA_ files must still be separate, so you will need
to use the original install files, and not copy an installed
driver from an OS/2 system.</para>
<para>Install the NT driver first for that printer. Then,
add to your smb.conf a parameter, "os2 driver map =
<replaceable>filename</replaceable>". Then, in the file
specified by <replaceable>filename</replaceable>, map the
name of the NT driver name to the OS/2 driver name as
follows:</para>
<para>&lt;nt driver name&gt; = &lt;os2 driver
name&gt;.&lt;device name&gt;, e.g.:
HP LaserJet 5L = LASERJET.HP LaserJet 5L</para>
<para>You can have multiple drivers mapped in this file.</para>
<para>If you only specify the OS/2 driver name, and not the
device name, the first attempt to download the driver will
actually download the files, but the OS/2 client will tell
you the driver is not available. On the second attempt, it
will work. This is fixed simply by adding the device name
to the mapping, after which it will work on the first attempt.
</para>
</sect2>
</sect1>
</chapter>

View File

@ -0,0 +1,332 @@
<chapter id="Other-Clients">
<chapterinfo>
<author>
<firstname>Jim</firstname><surname>McDonough</surname>
<affiliation>
<orgname>IBM</orgname>
</affiliation>
<firstname>Jelmer</firstname><surname>Vernooij</surname>
<affiliation>
<orgname>Samba Team</orgname>
<address>jelmer@samba.org</address>
</affiliation>
</author>
<pubdate>5 Mar 2001</pubdate>
</chapterinfo>
<title>Samba and other CIFS clients</title>
<para>This chapter contains client-specific information.</para>
<sect1>
<title>Macintosh clients?</title>
<para>
Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> now have a CIFS Client / Server called DAVE - see
</para>
<para>
They test it against Windows 95, Windows NT and samba for
compatibility issues. At the time of writing, DAVE was at version
1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from
the Thursby web site (the speed of finder copies has been greatly
enhanced, and there are bug-fixes included).
</para>
<para>
Alternatives - There are two free implementations of AppleTalk for
several kinds of UNIX machnes, and several more commercial ones.
These products allow you to run file services and print services
natively to Macintosh users, with no additional support required on
the Macintosh. The two free omplementations are
<ulink url="http://www.umich.edu/~rsug/netatalk/">Netatalk</ulink>, and
<ulink url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP</ulink>.
What Samba offers MS
Windows users, these packages offer to Macs. For more info on these
packages, Samba, and Linux (and other UNIX-based systems) see
<ulink url="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html</ulink>
</para>
</sect1>
<sect1>
<title>OS2 Client</title>
<sect2>
<title>How can I configure OS/2 Warp Connect or
OS/2 Warp 4 as a client for Samba?</title>
<para>A more complete answer to this question can be
found on <ulink url="http://carol.wins.uva.nl/~leeuw/samba/warp.html">
http://carol.wins.uva.nl/~leeuw/samba/warp.html</ulink>.</para>
<para>Basically, you need three components:</para>
<itemizedlist>
<listitem><para>The File and Print Client ('IBM Peer')
</para></listitem>
<listitem><para>TCP/IP ('Internet support')
</para></listitem>
<listitem><para>The "NetBIOS over TCP/IP" driver ('TCPBEUI')
</para></listitem>
</itemizedlist>
<para>Installing the first two together with the base operating
system on a blank system is explained in the Warp manual. If Warp
has already been installed, but you now want to install the
networking support, use the "Selective Install for Networking"
object in the "System Setup" folder.</para>
<para>Adding the "NetBIOS over TCP/IP" driver is not described
in the manual and just barely in the online documentation. Start
MPTS.EXE, click on OK, click on "Configure LAPS" and click
on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line
is then moved to 'Current Configuration'. Select that line,
click on "Change number" and increase it from 0 to 1. Save this
configuration.</para>
<para>If the Samba server(s) is not on your local subnet, you
can optionally add IP names and addresses of these servers
to the "Names List", or specify a WINS server ('NetBIOS
Nameserver' in IBM and RFC terminology). For Warp Connect you
may need to download an update for 'IBM Peer' to bring it on
the same level as Warp 4. See the webpage mentioned above.</para>
</sect2>
<sect2>
<title>How can I configure OS/2 Warp 3 (not Connect),
OS/2 1.2, 1.3 or 2.x for Samba?</title>
<para>You can use the free Microsoft LAN Manager 2.2c Client
for OS/2 from
<ulink url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/">
ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>.
See <ulink url="http://carol.wins.uva.nl/~leeuw/lanman.html">
http://carol.wins.uva.nl/~leeuw/lanman.html</ulink> for
more information on how to install and use this client. In
a nutshell, edit the file \OS2VER in the root directory of
the OS/2 boot partition and add the lines:</para>
<para><programlisting>
20=setup.exe
20=netwksta.sys
20=netvdd.sys
</programlisting></para>
<para>before you install the client. Also, don't use the
included NE2000 driver because it is buggy. Try the NE2000
or NS2000 driver from
<ulink url="ftp://ftp.cdrom.com/pub/os2/network/ndis/">
ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead.
</para>
</sect2>
<sect2>
<title>Are there any other issues when OS/2 (any version)
is used as a client?</title>
<para>When you do a NET VIEW or use the "File and Print
Client Resource Browser", no Samba servers show up. This can
be fixed by a patch from <ulink
url="http://carol.wins.uva.nl/~leeuw/samba/fix.html">
http://carol.wins.uva.nl/~leeuw/samba/fix.html</ulink>.
The patch will be included in a later version of Samba. It also
fixes a couple of other problems, such as preserving long
filenames when objects are dragged from the Workplace Shell
to the Samba server. </para>
</sect2>
<sect2>
<title>How do I get printer driver download working
for OS/2 clients?</title>
<para>First, create a share called [PRINTDRV] that is
world-readable. Copy your OS/2 driver files there. Note
that the .EA_ files must still be separate, so you will need
to use the original install files, and not copy an installed
driver from an OS/2 system.</para>
<para>Install the NT driver first for that printer. Then,
add to your smb.conf a parameter, os2 driver map =
<replaceable>filename</replaceable>". Then, in the file
specified by <replaceable>filename</replaceable>, map the
name of the NT driver name to the OS/2 driver name as
follows:</para>
<para><command>nt driver name = os2 "driver
name"."device name"</command>, e.g.:
HP LaserJet 5L = LASERJET.HP LaserJet 5L</para>
<para>You can have multiple drivers mapped in this file.</para>
<para>If you only specify the OS/2 driver name, and not the
device name, the first attempt to download the driver will
actually download the files, but the OS/2 client will tell
you the driver is not available. On the second attempt, it
will work. This is fixed simply by adding the device name
to the mapping, after which it will work on the first attempt.
</para>
</sect2>
</sect1>
<sect1>
<title>Windows for Workgroups</title>
<sect2>
<title>Use latest TCP/IP stack from Microsoft</title>
<para>Use the latest TCP/IP stack from microsoft if you use Windows
for workgroups.</para>
<para>The early TCP/IP stacks had lots of bugs.</para>
<para>
Microsoft has released an incremental upgrade to their TCP/IP 32-Bit
VxD drivers. The latest release can be found on their ftp site at
ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe.
There is an update.txt file there that describes the problems that were
fixed. New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386,
WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE.
</para>
</sect2>
<sect2>
<title>Delete .pwl files after password change</title>
<para>
WfWg does a lousy job with passwords. I find that if I change my
password on either the unix box or the PC the safest thing to do is to
delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password.
</para>
<para>
If you don't do this you may find that WfWg remembers and uses the old
password, even if you told it a new one.
</para>
<para>
Often WfWg will totally ignore a password you give it in a dialog box.
</para>
</sect2>
<sect2>
<title>Configure WfW password handling</title>
<para>
There is a program call admincfg.exe
on the last disk (disk 8) of the WFW 3.11 disk set. To install it
type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon
for it via the "Progam Manager" "New" Menu. This program allows you
to control how WFW handles passwords. ie disable Password Caching etc
for use with <command>security = user</command>
</para>
</sect2>
<sect2>
<title>Case handling of passwords</title>
<para>Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> information on <command>password level</command> to specify what characters samba should try to uppercase when checking.</para>
</sect2>
</sect1>
<sect1>
<title>Windows '95/'98</title>
<para>
When using Windows 95 OEM SR2 the following updates are recommended where Samba
is being used. Please NOTE that the above change will affect you once these
updates have been installed.
</para>
<para>
There are more updates than the ones mentioned here. You are referred to the
Microsoft Web site for all currently available updates to your specific version
of Windows 95.
</para>
<orderedlist>
<listitem><para>Kernel Update: KRNLUPD.EXE</para></listitem>
<listitem><para>Ping Fix: PINGUPD.EXE</para></listitem>
<listitem><para>RPC Update: RPCRTUPD.EXE</para></listitem>
<listitem><para>TCP/IP Update: VIPUPD.EXE</para></listitem>
<listitem><para>Redirector Update: VRDRUPD.EXE</para></listitem>
</orderedlist>
<para>
Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This
fix may stop your machine from hanging for an extended period when exiting
OutLook and you may also notice a significant speedup when accessing network
neighborhood services.
</para>
</sect1>
<sect1>
<title>Windows 2000 Service Pack 2</title>
<para>
There are several annoyances with Windows 2000 SP2. One of which
only appears when using a Samba server to host user profiles
to Windows 2000 SP2 clients in a Windows domain. This assumes
that Samba is a member of the domain, but the problem will
likely occur if it is not.
</para>
<para>
In order to server profiles successfully to Windows 2000 SP2
clients (when not operating as a PDC), Samba must have
<command>nt acl support = no</command>
added to the file share which houses the roaming profiles.
If this is not done, then the Windows 2000 SP2 client will
complain about not being able to access the profile (Access
Denied) and create multiple copies of it on disk (DOMAIN.user.001,
DOMAIN.user.002, etc...). See the
<ulink url="smb.conf.5.html">smb.conf(5)</ulink> man page
for more details on this option. Also note that the
<command>nt acl support</command> parameter was formally a global parameter in
releases prior to Samba 2.2.2.
</para>
<para>
The following is a minimal profile share:
</para>
<para><programlisting>
[profile]
path = /export/profile
create mask = 0600
directory mask = 0700
nt acl support = no
read only = no
</programlisting></para>
<para>
The reason for this bug is that the Win2k SP2 client copies
the security descriptor for the profile which contains
the Samba server's SID, and not the domain SID. The client
compares the SID for SAMBA\user and realizes it is
different that the one assigned to DOMAIN\user. Hence the reason
for the "access denied" message.
</para>
<para>
By disabling the <command>nt acl support</command> parameter, Samba will send
the Win2k client a response to the QuerySecurityDescriptor
trans2 call which causes the client to set a default ACL
for the profile. This default ACL includes
</para>
<para><command>DOMAIN\user "Full Control"</command></para>
<para><emphasis>NOTE : This bug does not occur when using winbind to
create accounts on the Samba host for Domain users.</emphasis></para>
</sect1>
</chapter>

View File

@ -0,0 +1,148 @@
<chapter id="Portability">
<chapterinfo>
<author>
<firstname>Jelmer</firstname><surname>Vernooij</surname>
</author>
</chapterinfo>
<title>Portability</title>
<para>Samba works on a wide range of platforms but the interface all the
platforms provide is not always compatible. This chapter contains
platform-specific information about compiling and using samba.</para>
<sect1>
<title>HPUX</title>
<para>
HP's implementation of supplementary groups is, er, non-standard (for
hysterical reasons). There are two group files, /etc/group and
/etc/logingroup; the system maps UIDs to numbers using the former, but
initgroups() reads the latter. Most system admins who know the ropes
symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons
too stupid to go into here). initgroups() will complain if one of the
groups you're in in /etc/logingroup has what it considers to be an invalid
ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think)
60000 currently on HP-UX. This precludes -2 and 65534, the usual 'nobody'
GIDs.
</para>
<para>
If you encounter this problem, make sure that the programs that are failing
to initgroups() be run as users not in any groups with GIDs outside the
allowed range.
</para>
<para>This is documented in the HP manual pages under setgroups(2) and passwd(4).
</para>
</sect1>
<sect1>
<title>SCO Unix</title>
<para>
If you run an old version of SCO Unix then you may need to get important
TCP/IP patches for Samba to work correctly. Without the patch, you may
encounter corrupt data transfers using samba.
</para>
<para>
The patch you need is UOD385 Connection Drivers SLS. It is available from
SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z).
</para>
</sect1>
<sect1>
<title>DNIX</title>
<para>
DNIX has a problem with seteuid() and setegid(). These routines are
needed for Samba to work correctly, but they were left out of the DNIX
C library for some reason.
</para>
<para>
For this reason Samba by default defines the macro NO_EID in the DNIX
section of includes.h. This works around the problem in a limited way,
but it is far from ideal, some things still won't work right.
</para>
<para>
To fix the problem properly you need to assemble the following two
functions and then either add them to your C library or link them into
Samba.
</para>
<para>
put this in the file <filename>setegid.s</filename>:
</para>
<para><programlisting>
.globl _setegid
_setegid:
moveq #47,d0
movl #100,a0
moveq #1,d1
movl 4(sp),a1
trap #9
bccs 1$
jmp cerror
1$:
clrl d0
rts
</programlisting></para>
<para>
put this in the file <filename>seteuid.s</filename>:
</para>
<para><programlisting>
.globl _seteuid
_seteuid:
moveq #47,d0
movl #100,a0
moveq #0,d1
movl 4(sp),a1
trap #9
bccs 1$
jmp cerror
1$:
clrl d0
rts
</programlisting></para>
<para>
after creating the above files you then assemble them using
</para>
<para><command>as seteuid.s</command></para>
<para><command>as setegid.s</command></para>
<para>
that should produce the files <filename>seteuid.o</filename> and
<filename>setegid.o</filename>
</para>
<para>
then you need to add these to the LIBSM line in the DNIX section of
the Samba Makefile. Your LIBSM line will then look something like this:
</para>
<para><programlisting>
LIBSM = setegid.o seteuid.o -ln
</programlisting></para>
<para>
You should then remove the line:
</para>
<para><programlisting>
#define NO_EID
</programlisting></para>
<para>from the DNIX section of <filename>includes.h</filename></para>
</sect1>
</chapter>

View File

@ -6,7 +6,6 @@
<!ENTITY DOMAIN-MEMBER SYSTEM "DOMAIN_MEMBER.sgml">
<!ENTITY WINBIND SYSTEM "winbind.sgml">
<!ENTITY NT-Security SYSTEM "NT_Security.sgml">
<!ENTITY OS2-Client SYSTEM "OS2-Client-HOWTO.sgml">
<!ENTITY Samba-PDC-HOWTO SYSTEM "Samba-PDC-HOWTO.sgml">
<!ENTITY Samba-BDC-HOWTO SYSTEM "Samba-BDC-HOWTO.sgml">
<!ENTITY CVS-Access SYSTEM "CVS-Access.sgml">
@ -19,6 +18,9 @@
<!ENTITY SECURITY-LEVEL SYSTEM "security_level.sgml">
<!ENTITY SPEED SYSTEM "Speed.sgml">
<!ENTITY BROWSING SYSTEM "Browsing.sgml">
<!ENTITY GROUP-MAPPING-HOWTO "GROUP-MAPPING-HOWTO.sgml">
<!ENTITY Portability "Portability.sgml">
<!ENTITY Other-Clients "Other-Clients.sgml">
]>
<book id="Samba-Project-Documentation">
@ -78,8 +80,10 @@ Cheers, jerry
&Samba-LDAP;
&BROWSING;
&SPEED;
&OS2-Client;
&Other-Clients;
&CVS-Access;
&BUGS;
&GROUP-MAPPING-HOWTO;
&Portability;
</book>