mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
parent
4a090ba06a
commit
1caa6b23e4
1
docs/docbook/devdoc/.cvsignore
Normal file
1
docs/docbook/devdoc/.cvsignore
Normal file
@ -0,0 +1 @@
|
|||||||
|
attributions.xml
|
797
docs/docbook/devdoc/vfs.xml
Normal file
797
docs/docbook/devdoc/vfs.xml
Normal file
@ -0,0 +1,797 @@
|
|||||||
|
<chapter id="vfs">
|
||||||
|
<chapterinfo>
|
||||||
|
<author>
|
||||||
|
<firstname>Alexander</firstname><surname>Bokovoy</surname>
|
||||||
|
<affiliation>
|
||||||
|
<address><email>ab@samba.org</email></address>
|
||||||
|
</affiliation>
|
||||||
|
</author>
|
||||||
|
<author>
|
||||||
|
<firstname>Stefan</firstname><surname>Metzmacher</surname>
|
||||||
|
<affiliation>
|
||||||
|
<address><email>metze@metzemix.de</email></address>
|
||||||
|
</affiliation>
|
||||||
|
</author>
|
||||||
|
<pubdate> 27 May 2003 </pubdate>
|
||||||
|
</chapterinfo>
|
||||||
|
|
||||||
|
<title>VFS Modules</title>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>The Samba (Posix) VFS layer</title>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>The general interface</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Each VFS operation has a vfs_op_type, a function pointer and a handle pointer in the
|
||||||
|
struct vfs_ops and tree macros to make it easier to call the operations.
|
||||||
|
(Take a look at <filename>include/vfs.h</filename> and <filename>include/vfs_macros.h</filename>.)
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para><programlisting>
|
||||||
|
typedef enum _vfs_op_type {
|
||||||
|
SMB_VFS_OP_NOOP = -1,
|
||||||
|
|
||||||
|
...
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
|
||||||
|
SMB_VFS_OP_OPEN,
|
||||||
|
SMB_VFS_OP_CLOSE,
|
||||||
|
SMB_VFS_OP_READ,
|
||||||
|
SMB_VFS_OP_WRITE,
|
||||||
|
SMB_VFS_OP_LSEEK,
|
||||||
|
SMB_VFS_OP_SENDFILE,
|
||||||
|
|
||||||
|
...
|
||||||
|
|
||||||
|
SMB_VFS_OP_LAST
|
||||||
|
} vfs_op_type;
|
||||||
|
</programlisting></para>
|
||||||
|
|
||||||
|
<para>This struct contains the function and handle pointers for all operations.<programlisting>
|
||||||
|
struct vfs_ops {
|
||||||
|
struct vfs_fn_pointers {
|
||||||
|
...
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
|
||||||
|
int (*open)(struct vfs_handle_struct *handle,
|
||||||
|
struct connection_struct *conn,
|
||||||
|
const char *fname, int flags, mode_t mode);
|
||||||
|
int (*close)(struct vfs_handle_struct *handle,
|
||||||
|
struct files_struct *fsp, int fd);
|
||||||
|
ssize_t (*read)(struct vfs_handle_struct *handle,
|
||||||
|
struct files_struct *fsp, int fd, void *data, size_t n);
|
||||||
|
ssize_t (*write)(struct vfs_handle_struct *handle,
|
||||||
|
struct files_struct *fsp, int fd,
|
||||||
|
const void *data, size_t n);
|
||||||
|
SMB_OFF_T (*lseek)(struct vfs_handle_struct *handle,
|
||||||
|
struct files_struct *fsp, int fd,
|
||||||
|
SMB_OFF_T offset, int whence);
|
||||||
|
ssize_t (*sendfile)(struct vfs_handle_struct *handle,
|
||||||
|
int tofd, files_struct *fsp, int fromfd,
|
||||||
|
const DATA_BLOB *header, SMB_OFF_T offset, size_t count);
|
||||||
|
|
||||||
|
...
|
||||||
|
} ops;
|
||||||
|
|
||||||
|
struct vfs_handles_pointers {
|
||||||
|
...
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
|
||||||
|
struct vfs_handle_struct *open;
|
||||||
|
struct vfs_handle_struct *close;
|
||||||
|
struct vfs_handle_struct *read;
|
||||||
|
struct vfs_handle_struct *write;
|
||||||
|
struct vfs_handle_struct *lseek;
|
||||||
|
struct vfs_handle_struct *sendfile;
|
||||||
|
|
||||||
|
...
|
||||||
|
} handles;
|
||||||
|
};
|
||||||
|
</programlisting></para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This macros SHOULD be used to call any vfs operation.
|
||||||
|
DO NOT ACCESS conn->vfs.ops.* directly !!!
|
||||||
|
<programlisting>
|
||||||
|
...
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
#define SMB_VFS_OPEN(conn, fname, flags, mode) \
|
||||||
|
((conn)->vfs.ops.open((conn)->vfs.handles.open,\
|
||||||
|
(conn), (fname), (flags), (mode)))
|
||||||
|
#define SMB_VFS_CLOSE(fsp, fd) \
|
||||||
|
((fsp)->conn->vfs.ops.close(\
|
||||||
|
(fsp)->conn->vfs.handles.close, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_READ(fsp, fd, data, n) \
|
||||||
|
((fsp)->conn->vfs.ops.read(\
|
||||||
|
(fsp)->conn->vfs.handles.read,\
|
||||||
|
(fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_WRITE(fsp, fd, data, n) \
|
||||||
|
((fsp)->conn->vfs.ops.write(\
|
||||||
|
(fsp)->conn->vfs.handles.write,\
|
||||||
|
(fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_LSEEK(fsp, fd, offset, whence) \
|
||||||
|
((fsp)->conn->vfs.ops.lseek(\
|
||||||
|
(fsp)->conn->vfs.handles.lseek,\
|
||||||
|
(fsp), (fd), (offset), (whence)))
|
||||||
|
#define SMB_VFS_SENDFILE(tofd, fsp, fromfd, header, offset, count) \
|
||||||
|
((fsp)->conn->vfs.ops.sendfile(\
|
||||||
|
(fsp)->conn->vfs.handles.sendfile,\
|
||||||
|
(tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||||
|
|
||||||
|
...
|
||||||
|
</programlisting></para>
|
||||||
|
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>Possible VFS operation layers</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
These values are used by the VFS subsystem when building the conn->vfs
|
||||||
|
and conn->vfs_opaque structs for a connection with multiple VFS modules.
|
||||||
|
Internally, Samba differentiates only opaque and transparent layers at this process.
|
||||||
|
Other types are used for providing better diagnosing facilities.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Most modules will provide transparent layers. Opaque layer is for modules
|
||||||
|
which implement actual file system calls (like DB-based VFS). For example,
|
||||||
|
default POSIX VFS which is built in into Samba is an opaque VFS module.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Other layer types (logger, splitter, scanner) were designed to provide different
|
||||||
|
degree of transparency and for diagnosing VFS module behaviour.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Each module can implement several layers at the same time provided that only
|
||||||
|
one layer is used per each operation.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para><programlisting>
|
||||||
|
typedef enum _vfs_op_layer {
|
||||||
|
SMB_VFS_LAYER_NOOP = -1, /* - For using in VFS module to indicate end of array */
|
||||||
|
/* of operations description */
|
||||||
|
SMB_VFS_LAYER_OPAQUE = 0, /* - Final level, does not call anything beyond itself */
|
||||||
|
SMB_VFS_LAYER_TRANSPARENT, /* - Normal operation, calls underlying layer after */
|
||||||
|
/* possibly changing passed data */
|
||||||
|
SMB_VFS_LAYER_LOGGER, /* - Logs data, calls underlying layer, logging may not */
|
||||||
|
/* use Samba VFS */
|
||||||
|
SMB_VFS_LAYER_SPLITTER, /* - Splits operation, calls underlying layer _and_ own facility, */
|
||||||
|
/* then combines result */
|
||||||
|
SMB_VFS_LAYER_SCANNER /* - Checks data and possibly initiates additional */
|
||||||
|
/* file activity like logging to files _inside_ samba VFS */
|
||||||
|
} vfs_op_layer;
|
||||||
|
</programlisting></para>
|
||||||
|
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>The Interaction between the Samba VFS subsystem and the modules</title>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>Initialization and registration</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
As each Samba module a VFS module should have a
|
||||||
|
<programlisting>NTSTATUS vfs_example_init(void);</programlisting> function if it's staticly linked to samba or
|
||||||
|
<programlisting>NTSTATUS init_module(void);</programlisting> function if it's a shared module.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This should be the only non static function inside the module.
|
||||||
|
Global variables should also be static!
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The module should register its functions via the
|
||||||
|
<programlisting>
|
||||||
|
NTSTATUS smb_register_vfs(int version, const char *name, vfs_op_tuple *vfs_op_tuples);
|
||||||
|
</programlisting> function.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
|
||||||
|
<varlistentry><term>version</term>
|
||||||
|
<listitem><para>should be filled with SMB_VFS_INTERFACE_VERSION</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry><term>name</term>
|
||||||
|
<listitem><para>this is the name witch can be listed in the
|
||||||
|
<command>vfs objects</command> parameter to use this module.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry><term>vfs_op_tuples</term>
|
||||||
|
<listitem><para>
|
||||||
|
this is an array of vfs_op_tuple's.
|
||||||
|
(vfs_op_tuples is descripted in details below.)
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
For each operation the module wants to provide it has a entry in the
|
||||||
|
vfs_op_tuple array.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
typedef struct _vfs_op_tuple {
|
||||||
|
void* op;
|
||||||
|
vfs_op_type type;
|
||||||
|
vfs_op_layer layer;
|
||||||
|
} vfs_op_tuple;
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
|
||||||
|
<varlistentry><term>op</term>
|
||||||
|
<listitem><para>the function pointer to the specified function.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry><term>type</term>
|
||||||
|
<listitem><para>the vfs_op_type of the function to specified witch operation the function provides.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry><term>layer</term>
|
||||||
|
<listitem><para>the vfs_op_layer in whitch the function operates.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
<para>A simple example:</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
static vfs_op_tuple example_op_tuples[] = {
|
||||||
|
{SMB_VFS_OP(example_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(example_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
{SMB_VFS_OP(example_rename), SMB_VFS_OP_RENAME, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
|
||||||
|
/* This indicates the end of the array */
|
||||||
|
{SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
|
||||||
|
};
|
||||||
|
|
||||||
|
NTSTATUS init_module(void)
|
||||||
|
{
|
||||||
|
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "example", example_op_tuples);
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>How the Modules handle per connection data</title>
|
||||||
|
|
||||||
|
<para>Each VFS function has as first parameter a pointer to the modules vfs_handle_struct.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
typedef struct vfs_handle_struct {
|
||||||
|
struct vfs_handle_struct *next, *prev;
|
||||||
|
const char *param;
|
||||||
|
struct vfs_ops vfs_next;
|
||||||
|
struct connection_struct *conn;
|
||||||
|
void *data;
|
||||||
|
void (*free_data)(void **data);
|
||||||
|
} vfs_handle_struct;
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
|
||||||
|
<varlistentry><term>param</term>
|
||||||
|
<listitem><para>this is the module parameter specified in the <command>vfs objects</command> parameter.</para>
|
||||||
|
<para>e.g. for 'vfs objects = example:test' param would be "test".</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry><term>vfs_next</term>
|
||||||
|
<listitem><para>This vfs_ops struct contains the information for calling the next module operations.
|
||||||
|
Use the SMB_VFS_NEXT_* macros to call a next module operations and
|
||||||
|
don't access handle->vfs_next.ops.* directly!</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry><term>conn</term>
|
||||||
|
<listitem><para>This is a pointer back to the connection_struct to witch the handle belongs.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry><term>data</term>
|
||||||
|
<listitem><para>This is a pointer for holding module private data.
|
||||||
|
You can alloc data with connection life time on the handle->conn->mem_ctx TALLOC_CTX.
|
||||||
|
But you can also manage the memory allocation yourself.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry><term>free_data</term>
|
||||||
|
<listitem><para>This is a function pointer to a function that free's the module private data.
|
||||||
|
If you talloc your private data on the TALLOC_CTX handle->conn->mem_ctx,
|
||||||
|
you can set this function pointer to NULL.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
<para>Some useful MACROS for handle private data.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
#define SMB_VFS_HANDLE_GET_DATA(handle, datap, type, ret) { \
|
||||||
|
if (!(handle)||((datap=(type *)(handle)->data)==NULL)) { \
|
||||||
|
DEBUG(0,("%s() failed to get vfs_handle->data!\n",FUNCTION_MACRO)); \
|
||||||
|
ret; \
|
||||||
|
} \
|
||||||
|
}
|
||||||
|
|
||||||
|
#define SMB_VFS_HANDLE_SET_DATA(handle, datap, free_fn, type, ret) { \
|
||||||
|
if (!(handle)) { \
|
||||||
|
DEBUG(0,("%s() failed to set handle->data!\n",FUNCTION_MACRO)); \
|
||||||
|
ret; \
|
||||||
|
} else { \
|
||||||
|
if ((handle)->free_data) { \
|
||||||
|
(handle)->free_data(&(handle)->data); \
|
||||||
|
} \
|
||||||
|
(handle)->data = (void *)datap; \
|
||||||
|
(handle)->free_data = free_fn; \
|
||||||
|
} \
|
||||||
|
}
|
||||||
|
|
||||||
|
#define SMB_VFS_HANDLE_FREE_DATA(handle) { \
|
||||||
|
if ((handle) && (handle)->free_data) { \
|
||||||
|
(handle)->free_data(&(handle)->data); \
|
||||||
|
} \
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
<para>How SMB_VFS_LAYER_TRANSPARENT functions can call the SMB_VFS_LAYER_OPAQUE functions.</para>
|
||||||
|
|
||||||
|
<para>The easiest way to do this is to use the SMB_VFS_OPAQUE_* macros.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
...
|
||||||
|
/* File operations */
|
||||||
|
#define SMB_VFS_OPAQUE_OPEN(conn, fname, flags, mode) \
|
||||||
|
((conn)->vfs_opaque.ops.open(\
|
||||||
|
(conn)->vfs_opaque.handles.open,\
|
||||||
|
(conn), (fname), (flags), (mode)))
|
||||||
|
#define SMB_VFS_OPAQUE_CLOSE(fsp, fd) \
|
||||||
|
((fsp)->conn->vfs_opaque.ops.close(\
|
||||||
|
(fsp)->conn->vfs_opaque.handles.close,\
|
||||||
|
(fsp), (fd)))
|
||||||
|
#define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) \
|
||||||
|
((fsp)->conn->vfs_opaque.ops.read(\
|
||||||
|
(fsp)->conn->vfs_opaque.handles.read,\
|
||||||
|
(fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_OPAQUE_WRITE(fsp, fd, data, n) \
|
||||||
|
((fsp)->conn->vfs_opaque.ops.write(\
|
||||||
|
(fsp)->conn->vfs_opaque.handles.write,\
|
||||||
|
(fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_OPAQUE_LSEEK(fsp, fd, offset, whence) \
|
||||||
|
((fsp)->conn->vfs_opaque.ops.lseek(\
|
||||||
|
(fsp)->conn->vfs_opaque.handles.lseek,\
|
||||||
|
(fsp), (fd), (offset), (whence)))
|
||||||
|
#define SMB_VFS_OPAQUE_SENDFILE(tofd, fsp, fromfd, header, offset, count) \
|
||||||
|
((fsp)->conn->vfs_opaque.ops.sendfile(\
|
||||||
|
(fsp)->conn->vfs_opaque.handles.sendfile,\
|
||||||
|
(tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||||
|
...
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
<para>How SMB_VFS_LAYER_TRANSPARENT functions can call the next modules functions.</para>
|
||||||
|
|
||||||
|
<para>The easiest way to do this is to use the SMB_VFS_NEXT_* macros.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
...
|
||||||
|
/* File operations */
|
||||||
|
#define SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode) \
|
||||||
|
((handle)->vfs_next.ops.open(\
|
||||||
|
(handle)->vfs_next.handles.open,\
|
||||||
|
(conn), (fname), (flags), (mode)))
|
||||||
|
#define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) \
|
||||||
|
((handle)->vfs_next.ops.close(\
|
||||||
|
(handle)->vfs_next.handles.close,\
|
||||||
|
(fsp), (fd)))
|
||||||
|
#define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) \
|
||||||
|
((handle)->vfs_next.ops.read(\
|
||||||
|
(handle)->vfs_next.handles.read,\
|
||||||
|
(fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n) \
|
||||||
|
((handle)->vfs_next.ops.write(\
|
||||||
|
(handle)->vfs_next.handles.write,\
|
||||||
|
(fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_NEXT_LSEEK(handle, fsp, fd, offset, whence) \
|
||||||
|
((handle)->vfs_next.ops.lseek(\
|
||||||
|
(handle)->vfs_next.handles.lseek,\
|
||||||
|
(fsp), (fd), (offset), (whence)))
|
||||||
|
#define SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, header, offset, count) \
|
||||||
|
((handle)->vfs_next.ops.sendfile(\
|
||||||
|
(handle)->vfs_next.handles.sendfile,\
|
||||||
|
(tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||||
|
...
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Upgrading to the New VFS Interface</title>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>Upgrading from 2.2.* and 3.0aplha modules</title>
|
||||||
|
|
||||||
|
<orderedlist>
|
||||||
|
<listitem><para>
|
||||||
|
Add "vfs_handle_struct *handle, " as first parameter to all vfs operation functions.
|
||||||
|
e.g. example_connect(connection_struct *conn, const char *service, const char *user);
|
||||||
|
-> example_connect(vfs_handle_struct *handle, connection_struct *conn, const char *service, const char *user);
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Replace "default_vfs_ops." with "smb_vfs_next_".
|
||||||
|
e.g. default_vfs_ops.connect(conn, service, user);
|
||||||
|
-> smb_vfs_next_connect(conn, service, user);
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Uppercase all "smb_vfs_next_*" functions.
|
||||||
|
e.g. smb_vfs_next_connect(conn, service, user);
|
||||||
|
-> SMB_VFS_NEXT_CONNECT(conn, service, user);
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Add "handle, " as first parameter to all SMB_VFS_NEXT_*() calls.
|
||||||
|
e.g. SMB_VFS_NEXT_CONNECT(conn, service, user);
|
||||||
|
-> SMB_VFS_NEXT_CONNECT(handle, conn, service, user);
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
(Only for 2.2.* modules)
|
||||||
|
Convert the old struct vfs_ops example_ops to
|
||||||
|
a vfs_op_tuple example_op_tuples[] array.
|
||||||
|
e.g.
|
||||||
|
<programlisting>
|
||||||
|
struct vfs_ops example_ops = {
|
||||||
|
/* Disk operations */
|
||||||
|
example_connect, /* connect */
|
||||||
|
example_disconnect, /* disconnect */
|
||||||
|
NULL, /* disk free *
|
||||||
|
/* Directory operations */
|
||||||
|
NULL, /* opendir */
|
||||||
|
NULL, /* readdir */
|
||||||
|
NULL, /* mkdir */
|
||||||
|
NULL, /* rmdir */
|
||||||
|
NULL, /* closedir */
|
||||||
|
/* File operations */
|
||||||
|
NULL, /* open */
|
||||||
|
NULL, /* close */
|
||||||
|
NULL, /* read */
|
||||||
|
NULL, /* write */
|
||||||
|
NULL, /* lseek */
|
||||||
|
NULL, /* sendfile */
|
||||||
|
NULL, /* rename */
|
||||||
|
NULL, /* fsync */
|
||||||
|
example_stat, /* stat */
|
||||||
|
example_fstat, /* fstat */
|
||||||
|
example_lstat, /* lstat */
|
||||||
|
NULL, /* unlink */
|
||||||
|
NULL, /* chmod */
|
||||||
|
NULL, /* fchmod */
|
||||||
|
NULL, /* chown */
|
||||||
|
NULL, /* fchown */
|
||||||
|
NULL, /* chdir */
|
||||||
|
NULL, /* getwd */
|
||||||
|
NULL, /* utime */
|
||||||
|
NULL, /* ftruncate */
|
||||||
|
NULL, /* lock */
|
||||||
|
NULL, /* symlink */
|
||||||
|
NULL, /* readlink */
|
||||||
|
NULL, /* link */
|
||||||
|
NULL, /* mknod */
|
||||||
|
NULL, /* realpath */
|
||||||
|
NULL, /* fget_nt_acl */
|
||||||
|
NULL, /* get_nt_acl */
|
||||||
|
NULL, /* fset_nt_acl */
|
||||||
|
NULL, /* set_nt_acl */
|
||||||
|
|
||||||
|
NULL, /* chmod_acl */
|
||||||
|
NULL, /* fchmod_acl */
|
||||||
|
|
||||||
|
NULL, /* sys_acl_get_entry */
|
||||||
|
NULL, /* sys_acl_get_tag_type */
|
||||||
|
NULL, /* sys_acl_get_permset */
|
||||||
|
NULL, /* sys_acl_get_qualifier */
|
||||||
|
NULL, /* sys_acl_get_file */
|
||||||
|
NULL, /* sys_acl_get_fd */
|
||||||
|
NULL, /* sys_acl_clear_perms */
|
||||||
|
NULL, /* sys_acl_add_perm */
|
||||||
|
NULL, /* sys_acl_to_text */
|
||||||
|
NULL, /* sys_acl_init */
|
||||||
|
NULL, /* sys_acl_create_entry */
|
||||||
|
NULL, /* sys_acl_set_tag_type */
|
||||||
|
NULL, /* sys_acl_set_qualifier */
|
||||||
|
NULL, /* sys_acl_set_permset */
|
||||||
|
NULL, /* sys_acl_valid */
|
||||||
|
NULL, /* sys_acl_set_file */
|
||||||
|
NULL, /* sys_acl_set_fd */
|
||||||
|
NULL, /* sys_acl_delete_def_file */
|
||||||
|
NULL, /* sys_acl_get_perm */
|
||||||
|
NULL, /* sys_acl_free_text */
|
||||||
|
NULL, /* sys_acl_free_acl */
|
||||||
|
NULL /* sys_acl_free_qualifier */
|
||||||
|
};
|
||||||
|
</programlisting>
|
||||||
|
->
|
||||||
|
<programlisting>
|
||||||
|
static vfs_op_tuple example_op_tuples[] = {
|
||||||
|
{SMB_VFS_OP(example_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(example_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
{SMB_VFS_OP(example_fstat), SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(example_stat), SMB_VFS_OP_STAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(example_lstat), SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
{SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
|
||||||
|
};
|
||||||
|
</programlisting>
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Move the example_op_tuples[] array to the end of the file.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Add the init_module() function at the end of the file.
|
||||||
|
e.g.
|
||||||
|
<programlisting>
|
||||||
|
NTSTATUS init_module(void)
|
||||||
|
{
|
||||||
|
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,"example",example_op_tuples);
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Check if your vfs_init() function does more then just prepare the vfs_ops structs or
|
||||||
|
remember the struct smb_vfs_handle_struct.
|
||||||
|
<simplelist>
|
||||||
|
<member>If NOT you can remove the vfs_init() function.</member>
|
||||||
|
<member>If YES decide if you want to move the code to the example_connect() operation or to the init_module(). And then remove vfs_init().
|
||||||
|
e.g. a debug class registration should go into init_module() and the allocation of private data should go to example_connect().</member>
|
||||||
|
</simplelist>
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
(Only for 3.0alpha* modules)
|
||||||
|
Check if your vfs_done() function contains needed code.
|
||||||
|
<simplelist>
|
||||||
|
<member>If NOT you can remove the vfs_done() function.</member>
|
||||||
|
<member>If YES decide if you can move the code to the example_disconnect() operation. Otherwise register a SMB_EXIT_EVENT with smb_register_exit_event(); (Described in the <link linkend="modules">modules section</link>) And then remove vfs_done(). e.g. the freeing of private data should go to example_disconnect().
|
||||||
|
</member>
|
||||||
|
</simplelist>
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Check if you have any global variables left.
|
||||||
|
Decide if it wouldn't be better to have this data on a connection basis.
|
||||||
|
<simplelist>
|
||||||
|
<member>If NOT leave them as they are. (e.g. this could be the variable for the private debug class.)</member>
|
||||||
|
<member>If YES pack all this data into a struct. You can use handle->data to point to such a struct on a per connection basis.</member>
|
||||||
|
</simplelist>
|
||||||
|
|
||||||
|
e.g. if you have such a struct:
|
||||||
|
<programlisting>
|
||||||
|
struct example_privates {
|
||||||
|
char *some_string;
|
||||||
|
int db_connection;
|
||||||
|
};
|
||||||
|
</programlisting>
|
||||||
|
first way of doing it:
|
||||||
|
<programlisting>
|
||||||
|
static int example_connect(vfs_handle_struct *handle,
|
||||||
|
connection_struct *conn, const char *service,
|
||||||
|
const char* user)
|
||||||
|
{
|
||||||
|
struct example_privates *data = NULL;
|
||||||
|
|
||||||
|
/* alloc our private data */
|
||||||
|
data = (struct example_privates *)talloc_zero(conn->mem_ctx, sizeof(struct example_privates));
|
||||||
|
if (!data) {
|
||||||
|
DEBUG(0,("talloc_zero() failed\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* init out private data */
|
||||||
|
data->some_string = talloc_strdup(conn->mem_ctx,"test");
|
||||||
|
if (!data->some_string) {
|
||||||
|
DEBUG(0,("talloc_strdup() failed\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
data->db_connection = open_db_conn();
|
||||||
|
|
||||||
|
/* and now store the private data pointer in handle->data
|
||||||
|
* we don't need to specify a free_function here because
|
||||||
|
* we use the connection TALLOC context.
|
||||||
|
* (return -1 if something failed.)
|
||||||
|
*/
|
||||||
|
VFS_HANDLE_SET_DATA(handle, data, NULL, struct example_privates, return -1);
|
||||||
|
|
||||||
|
return SMB_VFS_NEXT_CONNECT(handle,conn,service,user);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
struct example_privates *data = NULL;
|
||||||
|
|
||||||
|
/* get the pointer to our private data
|
||||||
|
* return -1 if something failed
|
||||||
|
*/
|
||||||
|
SMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates, return -1);
|
||||||
|
|
||||||
|
/* do something here...*/
|
||||||
|
DEBUG(0,("some_string: %s\n",data->some_string));
|
||||||
|
|
||||||
|
return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
second way of doing it:
|
||||||
|
<programlisting>
|
||||||
|
static void free_example_privates(void **datap)
|
||||||
|
{
|
||||||
|
struct example_privates *data = (struct example_privates *)*datap;
|
||||||
|
|
||||||
|
SAFE_FREE(data->some_string);
|
||||||
|
SAFE_FREE(data);
|
||||||
|
|
||||||
|
*datap = NULL;
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int example_connect(vfs_handle_struct *handle,
|
||||||
|
connection_struct *conn, const char *service,
|
||||||
|
const char* user)
|
||||||
|
{
|
||||||
|
struct example_privates *data = NULL;
|
||||||
|
|
||||||
|
/* alloc our private data */
|
||||||
|
data = (struct example_privates *)malloc(sizeof(struct example_privates));
|
||||||
|
if (!data) {
|
||||||
|
DEBUG(0,("malloc() failed\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* init out private data */
|
||||||
|
data->some_string = strdup("test");
|
||||||
|
if (!data->some_string) {
|
||||||
|
DEBUG(0,("strdup() failed\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
data->db_connection = open_db_conn();
|
||||||
|
|
||||||
|
/* and now store the private data pointer in handle->data
|
||||||
|
* we need to specify a free_function because we used malloc() and strdup().
|
||||||
|
* (return -1 if something failed.)
|
||||||
|
*/
|
||||||
|
SMB_VFS_HANDLE_SET_DATA(handle, data, free_example_privates, struct example_privates, return -1);
|
||||||
|
|
||||||
|
return SMB_VFS_NEXT_CONNECT(handle,conn,service,user);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
struct example_privates *data = NULL;
|
||||||
|
|
||||||
|
/* get the pointer to our private data
|
||||||
|
* return -1 if something failed
|
||||||
|
*/
|
||||||
|
SMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates, return -1);
|
||||||
|
|
||||||
|
/* do something here...*/
|
||||||
|
DEBUG(0,("some_string: %s\n",data->some_string));
|
||||||
|
|
||||||
|
return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
To make it easy to build 3rd party modules it would be usefull to provide
|
||||||
|
configure.in, (configure), install.sh and Makefile.in with the module.
|
||||||
|
(Take a look at the example in <filename>examples/VFS</filename>.)
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The configure script accepts <option>--with-samba-source</option> to specify
|
||||||
|
the path to the samba source tree.
|
||||||
|
It also accept <option>--enable-developer</option> which lets the compiler
|
||||||
|
give you more warnings.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The idea is that you can extend this
|
||||||
|
<filename>configure.in</filename> and <filename>Makefile.in</filename> scripts
|
||||||
|
for your module.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
Compiling & Testing...
|
||||||
|
<simplelist>
|
||||||
|
<member><userinput>./configure <option>--enable-developer</option></userinput> ...</member>
|
||||||
|
<member><userinput>make</userinput></member>
|
||||||
|
<member>Try to fix all compiler warnings</member>
|
||||||
|
<member><userinput>make</userinput></member>
|
||||||
|
<member>Testing, Testing, Testing ...</member>
|
||||||
|
</simplelist>
|
||||||
|
</para></listitem>
|
||||||
|
</orderedlist>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Some Notes</title>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>Implement TRANSPARENT functions</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Avoid writing functions like this:
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
Overload only the functions you really need to!
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>Implement OPAQUE functions</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
If you want to just implement a better version of a
|
||||||
|
default samba opaque function
|
||||||
|
(e.g. like a disk_free() function for a special filesystem)
|
||||||
|
it's ok to just overload that specific function.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
If you want to implement a database filesystem or
|
||||||
|
something different from a posix filesystem.
|
||||||
|
Make sure that you overload every vfs operation!!!
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Functions your FS does not support should be overloaded by something like this:
|
||||||
|
e.g. for a readonly filesystem.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
static int example_rename(vfs_handle_struct *handle, connection_struct *conn,
|
||||||
|
char *oldname, char *newname)
|
||||||
|
{
|
||||||
|
DEBUG(10,("function rename() not allowed on vfs 'example'\n"));
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
</chapter>
|
19
docs/docbook/devdoc/windows-debug.xml
Normal file
19
docs/docbook/devdoc/windows-debug.xml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
<chapter id="windows-debug">
|
||||||
|
<chapterinfo>
|
||||||
|
&author.jelmer;
|
||||||
|
&author.tridge;
|
||||||
|
</chapterinfo>
|
||||||
|
|
||||||
|
<title>Finding useful information on windows</title>
|
||||||
|
|
||||||
|
<sect1><title>Netlogon debugging output</title>
|
||||||
|
|
||||||
|
<procedure>
|
||||||
|
<step><para>stop netlogon service on PDC</para></step>
|
||||||
|
<step><para>rename original netlogon.dll to netlogon.dll.original</para></step>
|
||||||
|
<step><para>copy checked version of netlogon.dll to system32 directory</para></step>
|
||||||
|
<step><para>set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag to 0x20000004</para></step>
|
||||||
|
<step><para>start netlogon service on PDC</para></step>
|
||||||
|
</procedure>
|
||||||
|
</sect1>
|
||||||
|
</chapter>
|
86
docs/docbook/manpages/profiles.1.sgml
Normal file
86
docs/docbook/manpages/profiles.1.sgml
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
|
||||||
|
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
|
||||||
|
]>
|
||||||
|
<refentry id="profiles.1">
|
||||||
|
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>profiles</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>profiles</refname>
|
||||||
|
<refpurpose>A utility to report and change SIDs in registry files
|
||||||
|
</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsynopsisdiv>
|
||||||
|
<cmdsynopsis>
|
||||||
|
<command>profiles</command>
|
||||||
|
<arg choice="opt">-v</arg>
|
||||||
|
<arg choice="opt">-c SID</arg>
|
||||||
|
<arg choice="opt">-n SID</arg>
|
||||||
|
<arg choice="req">file</arg>
|
||||||
|
</cmdsynopsis>
|
||||||
|
</refsynopsisdiv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>DESCRIPTION</title>
|
||||||
|
|
||||||
|
<para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
|
||||||
|
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
||||||
|
|
||||||
|
<para><command>profiles</command> is a utility that
|
||||||
|
reports and changes SIDs in windows registry files. It currently only
|
||||||
|
supports NT.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>OPTIONS</title>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>file</term>
|
||||||
|
<listitem><para>Registry file to view or edit. </para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>-v,--verbose</term>
|
||||||
|
<listitem><para>Increases verbosity of messages.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>-c SID1 -n SID2</term>
|
||||||
|
<listitem><para>Change all occurences of SID1 in <filename>file</filename> by SID2.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
&stdarg.help;
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>VERSION</title>
|
||||||
|
|
||||||
|
<para>This man page is correct for version 3.0 of the Samba
|
||||||
|
suite.</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>AUTHOR</title>
|
||||||
|
|
||||||
|
<para>The original Samba software and related utilities
|
||||||
|
were created by Andrew Tridgell. Samba is now developed
|
||||||
|
by the Samba Team as an Open Source project similar
|
||||||
|
to the way the Linux kernel is developed.</para>
|
||||||
|
|
||||||
|
<para>The profiles man page was written by Jelmer Vernooij. </para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
1
docs/docbook/projdoc/.cvsignore
Normal file
1
docs/docbook/projdoc/.cvsignore
Normal file
@ -0,0 +1 @@
|
|||||||
|
attributions.xml
|
36
docs/docbook/projdoc/Backup.xml
Normal file
36
docs/docbook/projdoc/Backup.xml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
<chapter id="Backup">
|
||||||
|
<chapterinfo>
|
||||||
|
&author.jht;
|
||||||
|
</chapterinfo>
|
||||||
|
|
||||||
|
<title>Samba Backup Techniques</title>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Note</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
If you have something to contribute for this section please email it to
|
||||||
|
<link url="mail://jht@samba.org">jht@samba.org</link>/
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Features and Benefits</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
We need feedback from people who are backing up samba servers.
|
||||||
|
We would like to know what software tools you are using to backup
|
||||||
|
your samba server/s.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
In particular, if you have any success and / or failure stories you could
|
||||||
|
share with other users this would be appreciated.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
</chapter>
|
17
docs/docbook/projdoc/DNS-DHCP-Configuration.xml
Normal file
17
docs/docbook/projdoc/DNS-DHCP-Configuration.xml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
<chapter id="DNSDHCP">
|
||||||
|
<chapterinfo>
|
||||||
|
&author.jht;
|
||||||
|
</chapterinfo>
|
||||||
|
|
||||||
|
<title>DNS and DHCP Configuration Guide</title>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Note</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
</chapter>
|
17
docs/docbook/projdoc/FastStart.xml
Normal file
17
docs/docbook/projdoc/FastStart.xml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
<chapter id="FastStart">
|
||||||
|
<chapterinfo>
|
||||||
|
&author.jht;
|
||||||
|
</chapterinfo>
|
||||||
|
|
||||||
|
<title>Fast Start for the Impatient</title>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Note</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
</chapter>
|
17
docs/docbook/projdoc/HighAvailability.xml
Normal file
17
docs/docbook/projdoc/HighAvailability.xml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
<chapter id="SambaHA">
|
||||||
|
<chapterinfo>
|
||||||
|
&author.jht;
|
||||||
|
</chapterinfo>
|
||||||
|
|
||||||
|
<title>High Availability Options</title>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Note</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
</chapter>
|
17
docs/docbook/projdoc/WindowsClientConfig.xml
Normal file
17
docs/docbook/projdoc/WindowsClientConfig.xml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
<chapter id="ClientConfig">
|
||||||
|
<chapterinfo>
|
||||||
|
&author.jht;
|
||||||
|
</chapterinfo>
|
||||||
|
|
||||||
|
<title>MS Windows Network Configuration Guide</title>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Note</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</sect1>
|
||||||
|
</chapter>
|
18
docs/docbook/smbdotconf/misc/valid.xml
Normal file
18
docs/docbook/smbdotconf/misc/valid.xml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
<samba:parameter name="-valid"
|
||||||
|
context="S"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para> This parameter indicates whether a share is
|
||||||
|
valid and thus can be used. When this parameter is set to false,
|
||||||
|
the share will be in no way visible nor accessible.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This option should not be
|
||||||
|
used by regular users but might be of help to developers.
|
||||||
|
Samba uses this option internally to mark shares as deleted.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <emphasis>True</emphasis></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
22
docs/docbook/smbdotconf/printing/totalprintjobs.xml
Normal file
22
docs/docbook/smbdotconf/printing/totalprintjobs.xml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
<samba:parameter name="total print jobs"
|
||||||
|
context="G"
|
||||||
|
print="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This parameter accepts an integer value which defines
|
||||||
|
a limit on the maximum number of print jobs that will be accepted
|
||||||
|
system wide at any given time. If a print job is submitted
|
||||||
|
by a client which will exceed this number, then <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||||
|
<manvolnum>8</manvolnum></citerefentry> will return an
|
||||||
|
error indicating that no space is available on the server. The
|
||||||
|
default value of 0 means that no such limit exists. This parameter
|
||||||
|
can be used to prevent a server from exceeding its capacity and is
|
||||||
|
designed as a printing throttle. See also <link linkend="MAXPRINTJOBS">
|
||||||
|
<parameter moreinfo="none">max print jobs</parameter></link>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">total print jobs = 0</command></para>
|
||||||
|
|
||||||
|
<para>Example: <command moreinfo="none">total print jobs = 5000</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
13
docs/docbook/smbdotconf/protocol/clientusespnego.xml
Normal file
13
docs/docbook/smbdotconf/protocol/clientusespnego.xml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
<samba:parameter name="client use spnego"
|
||||||
|
context="G"
|
||||||
|
developer="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para> This variable controls controls whether samba clients will try
|
||||||
|
to use Simple and Protected NEGOciation (as specified by rfc2478) with
|
||||||
|
WindowsXP and Windows2000 servers to agree upon an authentication mechanism.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <emphasis>client use spnego = yes</emphasis></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
17
docs/docbook/smbdotconf/protocol/mapaclinherit.xml
Normal file
17
docs/docbook/smbdotconf/protocol/mapaclinherit.xml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
<samba:parameter name="map acl inherit"
|
||||||
|
context="S"
|
||||||
|
advanced="1" wizard="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||||
|
<manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected'
|
||||||
|
access control entry flags stored in Windows ACLs into an extended attribute
|
||||||
|
called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
|
||||||
|
on a platform that supports extended attributes (Linux and IRIX so far) and
|
||||||
|
allows the Windows 2000 ACL editor to correctly use inheritance with the Samba
|
||||||
|
POSIX ACL mapping code.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">map acl inherit = no</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
33
docs/docbook/smbdotconf/protocol/profileacls.xml
Normal file
33
docs/docbook/smbdotconf/protocol/profileacls.xml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
<samba:parameter name="profile acls"
|
||||||
|
context="S"
|
||||||
|
advanced="1" wizard="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
|
||||||
|
<manvolnum>8</manvolnum></citerefentry>
|
||||||
|
This boolean parameter was added to fix the problems that people have been
|
||||||
|
having with storing user profiles on Samba shares from Windows 2000 or
|
||||||
|
Windows XP clients. New versions of Windows 2000 or Windows XP service
|
||||||
|
packs do security ACL checking on the owner and ability to write of the
|
||||||
|
profile directory stored on a local workstation when copied from a Samba
|
||||||
|
share. When not in domain mode with winbindd then the security info copied
|
||||||
|
onto the local workstation has no meaning to the logged in user (SID) on
|
||||||
|
that workstation so the profile storing fails. Adding this parameter
|
||||||
|
onto a share used for profile storage changes two things about the
|
||||||
|
returned Windows ACL. Firstly it changes the owner and group owner
|
||||||
|
of all reported files and directories to be BUILTIN\\Administrators,
|
||||||
|
BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
|
||||||
|
it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
|
||||||
|
every returned ACL. This will allow any Windows 2000 or XP workstation
|
||||||
|
user to access the profile. Note that if you have multiple users logging
|
||||||
|
on to a workstation then in order to prevent them from being able to access
|
||||||
|
each others profiles you must remove the "Bypass traverse checking" advanced
|
||||||
|
user right. This will prevent access to other users profile directories as
|
||||||
|
the top level profile directory (named after the user) is created by the
|
||||||
|
workstation profile code and has an ACL restricting entry to the directory
|
||||||
|
tree to the owning user.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">profile acls = no</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
28
docs/docbook/smbdotconf/security/clientlanmanauth.xml
Normal file
28
docs/docbook/smbdotconf/security/clientlanmanauth.xml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
<samba:parameter name="client lanman auth"
|
||||||
|
context="G"
|
||||||
|
advanced="1" developer="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle>
|
||||||
|
<manvolnum>8</manvolnum></citerefentry> and other samba client
|
||||||
|
tools will attempt to authenticate itself to servers using the
|
||||||
|
weaker LANMAN password hash. If disabled, only server which support NT
|
||||||
|
password hashes (e.g. Windows NT/2000, Samba, etc... but not
|
||||||
|
Windows 95/98) will be able to be connected from the Samba client.</para>
|
||||||
|
|
||||||
|
<para>The LANMAN encrypted response is easily broken, due to it's
|
||||||
|
case-insensitive nature, and the choice of algorithm. Clients
|
||||||
|
without Windows 95/98 servers are advised to disable
|
||||||
|
this option. </para>
|
||||||
|
|
||||||
|
<para>Disabling this option will also disable the <command
|
||||||
|
moreinfo="none">client plaintext auth</command> option</para>
|
||||||
|
|
||||||
|
<para>Likewise, if the <command moreinfo="none">client ntlmv2
|
||||||
|
auth</command> parameter is enabled, then only NTLMv2 logins will be
|
||||||
|
attempted. Not all servers support NTLMv2, and most will require
|
||||||
|
special configuration to us it.</para>
|
||||||
|
|
||||||
|
<para>Default : <command moreinfo="none">client lanman auth = yes</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
26
docs/docbook/smbdotconf/security/clientntlmv2auth.xml
Normal file
26
docs/docbook/smbdotconf/security/clientntlmv2auth.xml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<samba:parameter name="client ntlmv2 auth"
|
||||||
|
context="G"
|
||||||
|
advanced="1" developer="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle>
|
||||||
|
<manvolnum>8</manvolnum></citerefentry> will attempt to
|
||||||
|
authenticate itself to servers using the NTLMv2 encrypted password
|
||||||
|
response.</para>
|
||||||
|
|
||||||
|
<para>If enabled, only an NTLMv2 and LMv2 response (both much more
|
||||||
|
secure than earlier versions) will be sent. Many servers
|
||||||
|
(including NT4 < SP4, Win9x and Samba 2.2) are not compatible with
|
||||||
|
NTLMv2. </para>
|
||||||
|
|
||||||
|
<para>If disabled, an NTLM response (and possibly a LANMAN response)
|
||||||
|
will be sent by the client, depending on the value of <command
|
||||||
|
moreinfo="none">client lanman auth</command>. </para>
|
||||||
|
|
||||||
|
<para>Note that some sites (particularly
|
||||||
|
those following 'best practice' security polices) only allow NTLMv2
|
||||||
|
responses, and not the weaker LM or NTLM.</para>
|
||||||
|
|
||||||
|
<para>Default : <command moreinfo="none">client ntlmv2 auth = no</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
14
docs/docbook/smbdotconf/vfs/vfsobjects.xml
Normal file
14
docs/docbook/smbdotconf/vfs/vfsobjects.xml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
<samba:parameter name="vfs objects"
|
||||||
|
context="S"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This parameter specifies the backend names which
|
||||||
|
are used for Samba VFS I/O operations. By default, normal
|
||||||
|
disk I/O operations are used but these can be overloaded
|
||||||
|
with one or more VFS objects. </para>
|
||||||
|
|
||||||
|
<para>Default: <emphasis>no value</emphasis></para>
|
||||||
|
|
||||||
|
<para>Example: <command moreinfo="none">vfs objects = extd_audit recycle</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
17
docs/docbook/smbdotconf/winbind/enableridalgorithm.xml
Normal file
17
docs/docbook/smbdotconf/winbind/enableridalgorithm.xml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
<samba:parameter name="enable rid algorithm"
|
||||||
|
context="G"
|
||||||
|
advanced="1" developer="1" hide="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This option is used to control whether or not smbd in Samba 3.0 should fallback
|
||||||
|
to the algorithm used by Samba 2.2 to generate user and group RIDs. The longterm
|
||||||
|
development goal is to remove the algorithmic mappings of RIDs altogether, but
|
||||||
|
this has proved to be difficult. This parameter is mainly provided so that
|
||||||
|
developers can turn the algorithm on and off and see what breaks. This parameter
|
||||||
|
should not be disabled by non-developers because certain features in Samba will fail
|
||||||
|
to work without it.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">enable rid algorithm = <yes></command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
18
docs/docbook/smbdotconf/winbind/idmapgid.xml
Normal file
18
docs/docbook/smbdotconf/winbind/idmapgid.xml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
<samba:parameter name="idmap gid"
|
||||||
|
context="G"
|
||||||
|
advanced="1" developer="1" hide="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
|
||||||
|
<para>The idmap gid parameter specifies the range of group ids that are allocated for
|
||||||
|
the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no
|
||||||
|
existing local or NIS groups within it as strange conflicts can occur otherwise.</para>
|
||||||
|
|
||||||
|
<para>The availability of an idmap gid range is essential for correct operation of
|
||||||
|
all group mapping.</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">idmap gid = <empty string></command></para>
|
||||||
|
|
||||||
|
<para>Example: <command moreinfo="none">idmap gid = 10000-20000</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
14
docs/docbook/smbdotconf/winbind/idmapuid.xml
Normal file
14
docs/docbook/smbdotconf/winbind/idmapuid.xml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
<samba:parameter name="idmap uid"
|
||||||
|
context="G"
|
||||||
|
advanced="1" developer="1" hide="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>The idmap uid parameter specifies the range of user ids that are allocated for use
|
||||||
|
in mapping UNIX users to NT user SIDs. This range of ids should have no existing local
|
||||||
|
or NIS users within it as strange conflicts can occur otherwise.</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">idmap uid = <empty string></command></para>
|
||||||
|
|
||||||
|
<para>Example: <command moreinfo="none">idmap uid = 10000-20000</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
14
docs/docbook/smbdotconf/winbind/templateprimarygroup.xml
Normal file
14
docs/docbook/smbdotconf/winbind/templateprimarygroup.xml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
<samba:parameter name="template primary group"
|
||||||
|
context="G"
|
||||||
|
advanced="1" developer="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This option defines the default primary group for
|
||||||
|
each user created by <citerefentry><refentrytitle>winbindd</refentrytitle>
|
||||||
|
<manvolnum>8</manvolnum></citerefentry>'s local account management
|
||||||
|
functions (similar to the 'add user script').
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">template primary group = nobody</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
@ -0,0 +1,16 @@
|
|||||||
|
<samba:parameter name="winbind enable local accounts"
|
||||||
|
context="G"
|
||||||
|
advanced="1" developer="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This parameter controls whether or not winbindd
|
||||||
|
will act as a stand in replacement for the various account
|
||||||
|
management hooks in smb.conf (e.g. 'add user script').
|
||||||
|
If enabled, winbindd will support the creation of local
|
||||||
|
users and groups as another source of UNIX account information
|
||||||
|
available via getpwnam() or getgrgid(), etc...
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">winbind enable local accounts = yes</command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
@ -0,0 +1,16 @@
|
|||||||
|
<samba:parameter name="winbind trusted domains only"
|
||||||
|
context="G"
|
||||||
|
advanced="1" developer="1"
|
||||||
|
xmlns:samba="http://samba.org/common">
|
||||||
|
<listitem>
|
||||||
|
<para>This parameter is designed to allow Samba servers that
|
||||||
|
are members of a Samba controlled domain to use UNIX accounts
|
||||||
|
distributed vi NIS, rsync, or LDAP as the uid's for winbindd users
|
||||||
|
in the hosts primary domain. Therefore, the user 'SAMBA\user1' would
|
||||||
|
be mapped to the account 'user1' in /etc/passwd instead of allocating
|
||||||
|
a new uid for him or her.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Default: <command moreinfo="none">winbind trusted domains only = <no></command></para>
|
||||||
|
</listitem>
|
||||||
|
</samba:parameter>
|
67
docs/docbook/xslt/generate-attributions.xsl
Normal file
67
docs/docbook/xslt/generate-attributions.xsl
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
<?xml version='1.0'?>
|
||||||
|
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||||
|
xmlns:exsl="http://exslt.org/common"
|
||||||
|
xmlns:samba="http://samba.org/common"
|
||||||
|
version="1.1"
|
||||||
|
extension-element-prefixes="exsl">
|
||||||
|
|
||||||
|
<xsl:output method="xml" omit-xml-declaration="yes"/>
|
||||||
|
|
||||||
|
<!-- Remove all character data -->
|
||||||
|
<xsl:template match="@*|node()">
|
||||||
|
<xsl:apply-templates select="@*|node()"/>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
<xsl:template match="book">
|
||||||
|
<xsl:element name="variablelist">
|
||||||
|
<xsl:apply-templates/>
|
||||||
|
</xsl:element>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
<xsl:template match="chapter">
|
||||||
|
<xsl:element name="varlistentry">
|
||||||
|
<xsl:element name="term">
|
||||||
|
<xsl:element name="link">
|
||||||
|
<xsl:attribute name="linkend"><xsl:value-of select="@id"/></xsl:attribute>
|
||||||
|
<xsl:value-of select="title"/>
|
||||||
|
</xsl:element>
|
||||||
|
</xsl:element>
|
||||||
|
<xsl:element name="listitem">
|
||||||
|
<xsl:element name="para">
|
||||||
|
<xsl:element name="itemizedlist">
|
||||||
|
<xsl:apply-templates/>
|
||||||
|
</xsl:element>
|
||||||
|
</xsl:element>
|
||||||
|
</xsl:element>
|
||||||
|
</xsl:element>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
<xsl:template match="author">
|
||||||
|
<xsl:element name="listitem">
|
||||||
|
<xsl:element name="para">
|
||||||
|
<xsl:value-of select="firstname"/><xsl:text> </xsl:text><xsl:value-of select="surname"/>
|
||||||
|
<xsl:choose>
|
||||||
|
<xsl:when test="affiliation/address/email != ''">
|
||||||
|
<xsl:text> <</xsl:text>
|
||||||
|
<xsl:element name="ulink">
|
||||||
|
<xsl:attribute name="url">
|
||||||
|
<xsl:text>mailto:</xsl:text>
|
||||||
|
<xsl:value-of select="affiliation/address/email"/>
|
||||||
|
</xsl:attribute>
|
||||||
|
<xsl:value-of select="affiliation/address/email"/>
|
||||||
|
</xsl:element>
|
||||||
|
<xsl:text>></xsl:text>
|
||||||
|
</xsl:when>
|
||||||
|
</xsl:choose>
|
||||||
|
<xsl:choose>
|
||||||
|
<xsl:when test="contrib != ''">
|
||||||
|
<xsl:text> (</xsl:text>
|
||||||
|
<xsl:value-of select="contrib"/>
|
||||||
|
<xsl:text>) </xsl:text>
|
||||||
|
</xsl:when>
|
||||||
|
</xsl:choose>
|
||||||
|
</xsl:element>
|
||||||
|
</xsl:element>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
</xsl:stylesheet>
|
660
docs/htmldocs/AccessControls.html
Normal file
660
docs/htmldocs/AccessControls.html
Normal file
@ -0,0 +1,660 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 13. File, Directory and Share Access Controls</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="groupmapping.html" title="Chapter 12. Mapping MS Windows and Unix Groups"><link rel="next" href="locking.html" title="Chapter 14. File and Record Locking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 13. File, Directory and Share Access Controls</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="groupmapping.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="locking.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="AccessControls"></a>Chapter 13. File, Directory and Share Access Controls</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jeremy</span> <span class="surname">Allison</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jra@samba.org">jra@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">May 10, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="AccessControls.html#id2920271">Features and Benefits</a></dt><dt><a href="AccessControls.html#id2920308">File System Access Controls</a></dt><dd><dl><dt><a href="AccessControls.html#id2920326">MS Windows NTFS Comparison with Unix File Systems</a></dt><dt><a href="AccessControls.html#id2920583">Managing Directories</a></dt><dt><a href="AccessControls.html#id2920678">File and Directory Access Control</a></dt></dl></dd><dt><a href="AccessControls.html#id2920894">Share Definition Access Controls</a></dt><dd><dl><dt><a href="AccessControls.html#id2922074">User and Group Based Controls</a></dt><dt><a href="AccessControls.html#id2922346">File and Directory Permissions Based Controls</a></dt><dt><a href="AccessControls.html#id2922591">Miscellaneous Controls</a></dt></dl></dd><dt><a href="AccessControls.html#id2922807">Access Controls on Shares</a></dt><dd><dl><dt><a href="AccessControls.html#id2922879">Share Permissions Management</a></dt></dl></dd><dt><a href="AccessControls.html#id2923178">MS Windows Access Control Lists and Unix Interoperability</a></dt><dd><dl><dt><a href="AccessControls.html#id2923186">Managing UNIX permissions Using NT Security Dialogs</a></dt><dt><a href="AccessControls.html#id2923224">Viewing File Security on a Samba Share</a></dt><dt><a href="AccessControls.html#id2923303">Viewing file ownership</a></dt><dt><a href="AccessControls.html#id2923425">Viewing File or Directory Permissions</a></dt><dt><a href="AccessControls.html#id2923653">Modifying file or directory permissions</a></dt><dt><a href="AccessControls.html#id2923805">Interaction with the standard Samba create mask
|
||||||
|
parameters</a></dt><dt><a href="AccessControls.html#id2924134">Interaction with the standard Samba file attribute
|
||||||
|
mapping</a></dt></dl></dd><dt><a href="AccessControls.html#id2924210">Common Errors</a></dt><dd><dl><dt><a href="AccessControls.html#id2924224">Users can not write to a public share</a></dt><dt><a href="AccessControls.html#id2924604">I have set force user and Samba still makes root the owner of all the files
|
||||||
|
I touch!</a></dt></dl></dd></dl></div><p>
|
||||||
|
Advanced MS Windows users are frequently perplexed when file, directory and share manipulation of
|
||||||
|
resources shared via Samba do not behave in the manner they might expect. MS Windows network
|
||||||
|
administrators are often confused regarding network access controls and what is the best way to
|
||||||
|
provide users with the type of access they need while protecting resources from the consequences
|
||||||
|
of untoward access capabilities.
|
||||||
|
</p><p>
|
||||||
|
Unix administrators frequently are not familiar with the MS Windows environment and in particular
|
||||||
|
have difficulty in visualizing what the MS Windows user wishes to achieve in attempts to set file
|
||||||
|
and directory access permissions.
|
||||||
|
</p><p>
|
||||||
|
The problem lies in the differences in how file and directory permissions and controls work
|
||||||
|
between the two environments. This difference is one that Samba can not completely hide, even
|
||||||
|
though it does try to make the chasm transparent.
|
||||||
|
</p><p>
|
||||||
|
POSIX Access Control List technology has been available (along with Extended Attributes)
|
||||||
|
for Unix for many years, yet there is little evidence today of any significant use. This
|
||||||
|
explains to some extent the slow adoption of ACLs into commercial Linux products. MS Windows
|
||||||
|
administrators are astounded at this given that ACLs were a foundational capability of the now
|
||||||
|
decade old MS Windows NT operating system.
|
||||||
|
</p><p>
|
||||||
|
The purpose of this chapter is to present each of the points of control that are possible with
|
||||||
|
Samba-3 in the hope that this will help the network administrator to find the optimum method
|
||||||
|
for delivering the best environment for MS Windows desktop users.
|
||||||
|
</p><p>
|
||||||
|
This is an opportune point to mention that it should be borne in mind that Samba was created to
|
||||||
|
provide a means of interoperability and interchange of data between two operating environments
|
||||||
|
that are quite different. It was never the intent to make Unix/Linux like MS Windows NT. Instead
|
||||||
|
the purpose was an is to provide a sufficient level of exchange of data between the two environments.
|
||||||
|
What is available today extends well beyond early plans and expectations, yet the gap continues to
|
||||||
|
shrink.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2920271"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Samba offers a lot of flexibility in file system access management. These are the key access control
|
||||||
|
facilities present in Samba today:
|
||||||
|
</p><div class="itemizedlist"><p class="title"><b>Samba Access Control Facilities</b></p><ul type="disc"><li><p>
|
||||||
|
<span class="emphasis"><em>Unix File and Directory Permissions</em></span>
|
||||||
|
</p><p>
|
||||||
|
Samba honours and implements Unix file system access controls. Users
|
||||||
|
who access a Samba server will do so as a particular MS Windows user.
|
||||||
|
This information is passed to the Samba server as part of the logon or
|
||||||
|
connection setup process. Samba uses this user identity to validate
|
||||||
|
whether or not the user should be given access to file system resources
|
||||||
|
(files and directories). This chapter provides an overview for those
|
||||||
|
to whom the Unix permissions and controls are a little strange or unknown.
|
||||||
|
</p></li><li><p>
|
||||||
|
<span class="emphasis"><em>Samba Share Definitions</em></span>
|
||||||
|
</p><p>
|
||||||
|
In configuring share settings and controls in the <tt class="filename">smb.conf</tt> file
|
||||||
|
the network administrator can exercise over-rides to native file
|
||||||
|
system permissions and behaviours. This can be handy and convenient
|
||||||
|
to affect behaviour that is more like what MS Windows NT users expect
|
||||||
|
but it is seldom the <span class="emphasis"><em>best</em></span> way to achieve this.
|
||||||
|
The basic options and techniques are described herein.
|
||||||
|
</p></li><li><p>
|
||||||
|
<span class="emphasis"><em>Samba Share ACLs</em></span>
|
||||||
|
</p><p>
|
||||||
|
Just like it is possible in MS Windows NT to set ACLs on shares
|
||||||
|
themselves, so it is possible to do this in Samba.
|
||||||
|
Very few people make use of this facility, yet it remains on of the
|
||||||
|
easiest ways to affect access controls (restrictions) and can often
|
||||||
|
do so with minimum invasiveness compared with other methods.
|
||||||
|
</p></li><li><p>
|
||||||
|
<span class="emphasis"><em>MS Windows ACLs through Unix POSIX ACLs</em></span>
|
||||||
|
</p><p>
|
||||||
|
The use of POSIX ACLs on Unix/Linux is possible ONLY if the underlying
|
||||||
|
operating system supports them. If not, then this option will not be
|
||||||
|
available to you. Current Unix technology platforms have native support
|
||||||
|
for POSIX ACLs. There are patches for the Linux kernel that provide
|
||||||
|
this also. Sadly, few Linux platforms ship today with native ACLs and
|
||||||
|
Extended Attributes enabled. This chapter has pertinent information
|
||||||
|
for users of platforms that support them.
|
||||||
|
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2920308"></a>File System Access Controls</h2></div></div><div></div></div><p>
|
||||||
|
Perhaps the most important recognition to be made is the simple fact that MS Windows NT4 / 200x / XP
|
||||||
|
implement a totally divergent file system technology from what is provided in the Unix operating system
|
||||||
|
environment. Firstly we should consider what the most significant differences are, then we shall look
|
||||||
|
at how Samba helps to bridge the differences.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2920326"></a>MS Windows NTFS Comparison with Unix File Systems</h3></div></div><div></div></div><p>
|
||||||
|
Samba operates on top of the Unix file system. This means it is subject to Unix file system conventions
|
||||||
|
and permissions. It also means that if the MS Windows networking environment requires file system
|
||||||
|
behaviour that differs from unix file system behaviour then somehow Samba is responsible for emulating
|
||||||
|
that in a transparent and consistent manner.
|
||||||
|
</p><p>
|
||||||
|
It is good news that Samba does this to a very large extent and on top of that provides a high degree
|
||||||
|
of optional configuration to over-ride the default behaviour. We will look at some of these over-rides,
|
||||||
|
but for the greater part we will stay within the bounds of default behaviour. Those wishing to explore
|
||||||
|
to depths of control ability should review the <tt class="filename">smb.conf</tt> man page.
|
||||||
|
</p><div class="variablelist"><p class="title"><b>File System Feature Comparison</b></p><dl><dt><span class="term">Name Space</span></dt><dd><p>
|
||||||
|
MS Windows NT4 / 200x/ XP files names may be up to 254 characters long, Unix file names
|
||||||
|
may be 1023 characters long. In MS Windows file extensions indicate particular file types,
|
||||||
|
in Unix this is not so rigorously observed as all names are considered arbitrary.
|
||||||
|
</p><p>
|
||||||
|
What MS Windows calls a Folder, Unix calls a directory,
|
||||||
|
</p></dd><dt><span class="term">Case Sensitivity</span></dt><dd><p>
|
||||||
|
MS Windows file names are generally Upper Case if made up of 8.3 (ie: 8 character file name
|
||||||
|
and 3 character extension. If longer than 8.3 file names are Case Preserving, and Case
|
||||||
|
Insensitive.
|
||||||
|
</p><p>
|
||||||
|
Unix file and directory names are Case Sensitive and Case Preserving. Samba implements the
|
||||||
|
MS Windows file name behaviour, but it does so as a user application. The Unix file system
|
||||||
|
provides no mechanism to perform case insensitive file name lookups. MS Windows does this
|
||||||
|
by default. This means that Samba has to carry the processing overhead to provide features
|
||||||
|
that are NOT native to the Unix operating system environment.
|
||||||
|
</p><p>
|
||||||
|
Consider the following, all are unique Unix names but one single MS Windows file name:
|
||||||
|
<tt class="computeroutput">
|
||||||
|
MYFILE.TXT
|
||||||
|
MyFile.txt
|
||||||
|
myfile.txt
|
||||||
|
</tt>
|
||||||
|
So clearly, In an MS Windows file name space these three files CAN NOT co-exist! But in Unix
|
||||||
|
they can. So what should Samba do if all three are present? Answer, the one that is lexically
|
||||||
|
first will be accessible to MS Windows users, the others are invisible and unaccessible - any
|
||||||
|
other solution would be suicidal.
|
||||||
|
</p></dd><dt><span class="term">Directory Separators</span></dt><dd><p>
|
||||||
|
MS Windows and DOS uses the back-slash '\' as a directory delimiter, Unix uses the forward-slash '/'
|
||||||
|
as it's directory delimiter. This is transparently handled by Samba.
|
||||||
|
</p></dd><dt><span class="term">Drive Identification</span></dt><dd><p>
|
||||||
|
MS Windows products support a notion of drive letters, like <b class="command">C:</b> to represent
|
||||||
|
disk partitions. Unix has NO concept if separate identifiers for file partitions since each
|
||||||
|
such file system is <tt class="filename">mounted</tt> to become part of the over-all directory tree.
|
||||||
|
The Unix directory tree begins at '/', just like the root of a DOS drive is specified like
|
||||||
|
<b class="command">C:\</b>.
|
||||||
|
</p></dd><dt><span class="term">File Naming Conventions</span></dt><dd><p>
|
||||||
|
MS Windows generally never experiences file names that begin with a '.', while in Unix these
|
||||||
|
are commonly found in a user's home directory. Files that begin with a '.' are typically
|
||||||
|
either start up files for various Unix applications, or they may be files that contain
|
||||||
|
start-up configuration data.
|
||||||
|
</p></dd><dt><span class="term">Links and Short-Cuts</span></dt><dd><p>
|
||||||
|
MS Windows make use of "links and Short-Cuts" that are actually special types of files that will
|
||||||
|
redirect an attempt to execute the file to the real location of the file. Unix knows of file and directory
|
||||||
|
links, but they are entirely different from what MS Windows users are used to.
|
||||||
|
</p><p>
|
||||||
|
Symbolic links are files in Unix that contain the actual location of the data (file OR directory). An
|
||||||
|
operation (like read or write) will operate directly on the file referenced. Symbolic links are also
|
||||||
|
referred to as 'soft links'. A hard link is something that MS Windows is NOT familiar with. It allows
|
||||||
|
one physical file to be known simultaneously by more than one file name.
|
||||||
|
</p></dd></dl></div><p>
|
||||||
|
There are many other subtle differences that may cause the MS Windows administrator some temporary discomfort
|
||||||
|
in the process of becoming familiar with Unix/Linux. These are best left for a text that is dedicated to the
|
||||||
|
purpose of Unix/Linux training/education.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2920583"></a>Managing Directories</h3></div></div><div></div></div><p>
|
||||||
|
There are three basic operations for managing directories, <b class="command">create, delete, rename</b>.
|
||||||
|
</p><div class="table"><a name="id2920603"></a><p class="title"><b>Table 13.1. Managing directories with unix and windows</b></p><table summary="Managing directories with unix and windows" border="1"><colgroup><col><col><col></colgroup><thead><tr><th align="center">Action</th><th align="center">MS Windows Command</th><th align="center">Unix Command</th></tr></thead><tbody><tr><td align="center">create</td><td align="center">md folder</td><td align="center">mkdir folder</td></tr><tr><td align="center">delete</td><td align="center">rd folder</td><td align="center">rmdir folder</td></tr><tr><td align="center">rename</td><td align="center">rename oldname newname</td><td align="center">mv oldname newname</td></tr></tbody></table></div><p>
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2920678"></a>File and Directory Access Control</h3></div></div><div></div></div><p>
|
||||||
|
The network administrator is strongly advised to read foundational training manuals and reference materials
|
||||||
|
regarding file and directory permissions maintenance. Much can be achieved with the basic Unix permissions
|
||||||
|
without having to resort to more complex facilities like POSIX Access Control Lists (ACLs) or Extended
|
||||||
|
Attributes (EAs).
|
||||||
|
</p><p>
|
||||||
|
Unix/Linux file and directory access permissions involves setting three (3) primary sets of data and one (1) control set.
|
||||||
|
A Unix file listing looks as follows:-
|
||||||
|
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">jht@frodo:~/stuff> </tt><b class="userinput"><tt>ls -la</tt></b>
|
||||||
|
total 632
|
||||||
|
drwxr-xr-x 13 jht users 816 2003-05-12 22:56 .
|
||||||
|
drwxr-xr-x 37 jht users 3800 2003-05-12 22:29 ..
|
||||||
|
d--------- 2 jht users 48 2003-05-12 22:29 muchado00
|
||||||
|
d--x--x--x 2 jht users 48 2003-05-12 22:29 muchado01
|
||||||
|
dr-xr-xr-x 2 jht users 48 2003-05-12 22:29 muchado02
|
||||||
|
drwxrwxrwx 2 jht users 48 2003-05-12 22:29 muchado03
|
||||||
|
drw-rw-rw- 2 jht users 48 2003-05-12 22:29 muchado04
|
||||||
|
d-w--w--w- 2 jht users 48 2003-05-12 22:29 muchado05
|
||||||
|
dr--r--r-- 2 jht users 48 2003-05-12 22:29 muchado06
|
||||||
|
drwxrwxrwt 2 jht users 48 2003-05-12 22:29 muchado07
|
||||||
|
drwsrwsrwx 2 jht users 48 2003-05-12 22:29 muchado08
|
||||||
|
---------- 1 jht users 1242 2003-05-12 22:31 mydata00.lst
|
||||||
|
---x--x--x 1 jht users 1674 2003-05-12 22:33 mydata01.lst
|
||||||
|
--w--w--w- 1 jht users 7754 2003-05-12 22:33 mydata02.lst
|
||||||
|
--wx-wx-wx 1 jht users 260179 2003-05-12 22:33 mydata03.lst
|
||||||
|
-r--r--r-- 1 jht users 21017 2003-05-12 22:32 mydata04.lst
|
||||||
|
-r-xr-xr-x 1 jht users 206339 2003-05-12 22:32 mydata05.lst
|
||||||
|
-rw-rw-rw- 1 jht users 41105 2003-05-12 22:32 mydata06.lst
|
||||||
|
-rwxrwxrwx 1 jht users 19312 2003-05-12 22:32 mydata07.lst
|
||||||
|
<tt class="prompt">jht@frodo:~/stuff></tt>
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
The columns above represent (from left to right): permissions, no blocks used, owner, group, size (bytes), access date, access time, file name.
|
||||||
|
</p><p>
|
||||||
|
The permissions field is made up of:
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
<i><span class="comment"> JRV: Put this into a diagram of some sort</span></i>
|
||||||
|
[ type ] [ users ] [ group ] [ others ] [File, Directory Permissions]
|
||||||
|
[ d | l ] [ r w x ] [ r w x ] [ r w x ]
|
||||||
|
| | | | | | | | | | |
|
||||||
|
| | | | | | | | | | |-----> Can Execute, List files
|
||||||
|
| | | | | | | | | |-------> Can Write, Create files
|
||||||
|
| | | | | | | | |---------> Can Read, Read files
|
||||||
|
| | | | | | | |---------------> Can Execute, List files
|
||||||
|
| | | | | | |-----------------> Can Write, Create files
|
||||||
|
| | | | | |-------------------> Can Read, Read files
|
||||||
|
| | | | |-------------------------> Can Execute, List files
|
||||||
|
| | | |---------------------------> Can Write, Create files
|
||||||
|
| | |-----------------------------> Can Read, Read files
|
||||||
|
| |-----------------------------------> Is a symbolic Link
|
||||||
|
|---------------------------------------> Is a directory
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
Any bit flag may be unset. An unset bit flag is the equivalent of 'Can NOT' and is represented as a '-' character.
|
||||||
|
|
||||||
|
</p><div class="example"><a name="id2920816"></a><p class="title"><b>Example 13.1. Example File</b></p><pre class="programlisting">
|
||||||
|
-rwxr-x--- Means: The owner (user) can read, write, execute
|
||||||
|
the group can read and execute
|
||||||
|
everyone else can NOT do anything with it
|
||||||
|
</pre></div><p>
|
||||||
|
|
||||||
|
</p><p>
|
||||||
|
Additional possibilities in the [type] field are: c = character device, b = block device, p = pipe device, s = Unix Domain Socket.
|
||||||
|
</p><p>
|
||||||
|
The letters `rwxXst' set permissions for the user, group and others as: read (r), write (w), execute (or access for directories) (x),
|
||||||
|
execute only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s),
|
||||||
|
sticky (t).
|
||||||
|
</p><p>
|
||||||
|
When the sticky bit is set on a directory, files in that directory may be unlinked (deleted) or renamed only by root or their owner.
|
||||||
|
Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on
|
||||||
|
directories, such as /tmp, that are world-writable.
|
||||||
|
</p><p>
|
||||||
|
When the set user or group ID bit (s) is set on a directory, then all files created within it will be owned by the user and/or
|
||||||
|
group whose 'set user or group' bit is set. This can be very helpful in setting up directories that for which it is desired that
|
||||||
|
all users who are in a group should be able to write to and read from a file, particularly when it is undesirable for that file
|
||||||
|
to be exclusively owned by a user who's primary group is not the group that all such users belong to.
|
||||||
|
</p><p>
|
||||||
|
When a directory is set <tt class="constant">drw-r-----</tt> this means that the owner can read and create (write) files in it, but because
|
||||||
|
the (x) execute flags are not set files can not be listed (seen) in the directory by anyone. The group can read files in the
|
||||||
|
directory but can NOT create new files. NOTE: If files in the directory are set to be readable and writable for the group, then
|
||||||
|
group members will be able to write to (or delete) them.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2920894"></a>Share Definition Access Controls</h2></div></div><div></div></div><p>
|
||||||
|
The following parameters in the <tt class="filename">smb.conf</tt> file sections that define a share control or affect access controls.
|
||||||
|
Before using any of the following options please refer to the man page for <tt class="filename">smb.conf</tt>.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2922074"></a>User and Group Based Controls</h3></div></div><div></div></div><p>
|
||||||
|
User and group based controls can prove very useful. In some situations it is distinctly desirable to affect all
|
||||||
|
file system operations as if a single user is doing this, the use of the <i class="parameter"><tt>force user</tt></i> and
|
||||||
|
<i class="parameter"><tt>force group</tt></i> behaviour will achieve this. In other situations it may be necessary to affect a
|
||||||
|
paranoia level of control to ensure that only particular authorised persons will be able to access a share or
|
||||||
|
it's contents, here the use of the <i class="parameter"><tt>valid users</tt></i> or the <i class="parameter"><tt>invalid users</tt></i> may
|
||||||
|
be most useful.
|
||||||
|
</p><p>
|
||||||
|
As always, it is highly advisable to use the least difficult to maintain and the least ambiguous method for
|
||||||
|
controlling access. Remember, that when you leave the scene someone else will need to provide assistance and
|
||||||
|
if that person finds too great a mess, or if they do not understand what you have done then there is risk of
|
||||||
|
Samba being removed and an alternative solution being adopted.
|
||||||
|
</p><div class="table"><a name="id2922134"></a><p class="title"><b>Table 13.2. User and Group Based Controls</b></p><table summary="User and Group Based Controls" border="1"><colgroup><col><col></colgroup><thead><tr><th align="center">Control Parameter</th><th align="center">Description - Action - Notes</th></tr></thead><tbody><tr><td>admin users</td><td><p>
|
||||||
|
List of users who will be granted administrative privileges on the share.
|
||||||
|
They will do all file operations as the super-user (root).
|
||||||
|
Any user in this list will be able to do anything they like on the share,
|
||||||
|
irrespective of file permissions.
|
||||||
|
</p></td></tr><tr><td>force group</td><td><p>
|
||||||
|
Specifies a UNIX group name that will be assigned as the default primary group
|
||||||
|
for all users connecting to this service.
|
||||||
|
</p></td></tr><tr><td>force user</td><td><p>
|
||||||
|
Specifies a UNIX user name that will be assigned as the default user for all users connecting to this service.
|
||||||
|
This is useful for sharing files. Incorrect use can cause security problems.
|
||||||
|
</p></td></tr><tr><td>guest ok</td><td><p>
|
||||||
|
If this parameter is set for a service, then no password is required to connect to the service. Privileges will be
|
||||||
|
those of the guest account.
|
||||||
|
</p></td></tr><tr><td>invalid users</td><td><p>
|
||||||
|
List of users that should not be allowed to login to this service.
|
||||||
|
</p></td></tr><tr><td>only user</td><td><p>
|
||||||
|
Controls whether connections with usernames not in the user list will be allowed.
|
||||||
|
</p></td></tr><tr><td>read list</td><td><p>
|
||||||
|
List of users that are given read-only access to a service. Users in this list
|
||||||
|
will not be given write access, no matter what the read only option is set to.
|
||||||
|
</p></td></tr><tr><td>username</td><td><p>
|
||||||
|
Refer to the <tt class="filename">smb.conf</tt> man page for more information - this is a complex and potentially misused parameter.
|
||||||
|
</p></td></tr><tr><td>valid users</td><td><p>
|
||||||
|
List of users that should be allowed to login to this service.
|
||||||
|
</p></td></tr><tr><td>write list</td><td><p>
|
||||||
|
List of users that are given read-write access to a service.
|
||||||
|
</p></td></tr></tbody></table></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2922346"></a>File and Directory Permissions Based Controls</h3></div></div><div></div></div><p>
|
||||||
|
The following file and directory permission based controls, if misused, can result in considerable difficulty to
|
||||||
|
diagnose the cause of mis-configuration. Use them sparingly and carefully. By gradually introducing each one by one
|
||||||
|
undesirable side-effects may be detected. In the event of a problem, always comment all of them out and then gradually
|
||||||
|
re-introduce them in a controlled fashion.
|
||||||
|
</p><div class="table"><a name="id2922367"></a><p class="title"><b>Table 13.3. File and Directory Permission Based Controls</b></p><table summary="File and Directory Permission Based Controls" border="1"><colgroup><col><col></colgroup><thead><tr><th align="center">Control Parameter</th><th align="center">Description - Action - Notes</th></tr></thead><tbody><tr><td>create mask</td><td><p>
|
||||||
|
Refer to the <tt class="filename">smb.conf</tt> man page.
|
||||||
|
</p></td></tr><tr><td>directory mask</td><td><p>
|
||||||
|
The octal modes used when converting DOS modes to UNIX modes when creating UNIX directories.
|
||||||
|
See also: directory security mask.
|
||||||
|
</p></td></tr><tr><td>dos filemode</td><td><p>
|
||||||
|
Enabling this parameter allows a user who has write access to the file to modify the permissions on it.
|
||||||
|
</p></td></tr><tr><td>force create mode</td><td><p>
|
||||||
|
This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba.
|
||||||
|
</p></td></tr><tr><td>force directory mode</td><td><p>
|
||||||
|
This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba.
|
||||||
|
</p></td></tr><tr><td>force directory security mode</td><td><p>
|
||||||
|
Controls UNIX permission bits modified when a Windows NT client is manipulating UNIX permissions on a directory
|
||||||
|
</p></td></tr><tr><td>force security mode</td><td><p>
|
||||||
|
Controls UNIX permission bits modified when a Windows NT client manipulates UNIX permissions.
|
||||||
|
</p></td></tr><tr><td>hide unreadable</td><td><p>
|
||||||
|
Prevents clients from seeing the existence of files that cannot be read.
|
||||||
|
</p></td></tr><tr><td>hide unwriteable files</td><td><p>
|
||||||
|
Prevents clients from seeing the existence of files that cannot be written to. Unwriteable directories are shown as usual.
|
||||||
|
</p></td></tr><tr><td>nt acl support</td><td><p>
|
||||||
|
This parameter controls whether smbd will attempt to map UNIX permissions into Windows NT access control lists.
|
||||||
|
</p></td></tr><tr><td>security mask</td><td><p>
|
||||||
|
Controls UNIX permission bits modified when a Windows NT client is manipulating the UNIX permissions on a file.
|
||||||
|
</p></td></tr></tbody></table></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2922591"></a>Miscellaneous Controls</h3></div></div><div></div></div><p>
|
||||||
|
The following are documented because of the prevalence of administrators creating inadvertant barriers to file
|
||||||
|
access by not understanding the full implications of <tt class="filename">smb.conf</tt> file settings.
|
||||||
|
</p><div class="table"><a name="id2922614"></a><p class="title"><b>Table 13.4. Other Controls</b></p><table summary="Other Controls" border="1"><colgroup><col><col></colgroup><thead><tr><th align="center">Control Parameter</th><th align="center">Description - Action - Notes</th></tr></thead><tbody><tr><td>case sensitive, default case, short preserve case</td><td><p>
|
||||||
|
This means that all file name lookup will be done in a case sensitive manner.
|
||||||
|
Files will be created with the precise filename Samba received from the MS Windows client.
|
||||||
|
</p></td></tr><tr><td>csc policy</td><td><p>
|
||||||
|
Client Side Caching Policy - parallels MS Windows client side file caching capabilities.
|
||||||
|
</p></td></tr><tr><td>dont descend</td><td><p>
|
||||||
|
Allows to specify a comma-delimited list of directories that the server should always show as empty.
|
||||||
|
</p></td></tr><tr><td>dos filetime resolution</td><td><p>
|
||||||
|
This option is mainly used as a compatibility option for Visual C++ when used against Samba shares.
|
||||||
|
</p></td></tr><tr><td>dos filetimes</td><td><p>
|
||||||
|
DOS and Windows allows users to change file time stamps if they can write to the file. POSIX semantics prevent this.
|
||||||
|
This options allows DOS and Windows behaviour.
|
||||||
|
</p></td></tr><tr><td>fake oplocks</td><td><p>
|
||||||
|
Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an
|
||||||
|
oplock then the client is free to assume that it is the only one accessing the file and it will aggressively cache file data.
|
||||||
|
</p></td></tr><tr><td>hide dot files, hide files, veto files</td><td><p>
|
||||||
|
Note: MS Windows Explorer allows over-ride of files marked as hidden so they will still be visible.
|
||||||
|
</p></td></tr><tr><td>read only</td><td><p>
|
||||||
|
If this parameter is yes, then users of a service may not create or modify files in the service's directory.
|
||||||
|
</p></td></tr><tr><td>veto files</td><td><p>
|
||||||
|
List of files and directories that are neither visible nor accessible.
|
||||||
|
</p></td></tr></tbody></table></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2922807"></a>Access Controls on Shares</h2></div></div><div></div></div><p>
|
||||||
|
This section deals with how to configure Samba per share access control restrictions.
|
||||||
|
By default, Samba sets no restrictions on the share itself. Restrictions on the share itself
|
||||||
|
can be set on MS Windows NT4/200x/XP shares. This can be a very effective way to limit who can
|
||||||
|
connect to a share. In the absence of specific restrictions the default setting is to allow
|
||||||
|
the global user <tt class="constant">Everyone</tt> Full Control (ie: Full control, Change and Read).
|
||||||
|
</p><p>
|
||||||
|
At this time Samba does NOT provide a tool for configuring access control setting on the Share
|
||||||
|
itself. Samba does have the capacity to store and act on access control settings, but the only
|
||||||
|
way to create those settings is to use either the NT4 Server Manager or the Windows 200x MMC for
|
||||||
|
Computer Management.
|
||||||
|
</p><p>
|
||||||
|
Samba stores the per share access control settings in a file called <tt class="filename">share_info.tdb</tt>.
|
||||||
|
The location of this file on your system will depend on how samba was compiled. The default location
|
||||||
|
for Samba's tdb files is under <tt class="filename">/usr/local/samba/var</tt>. If the <tt class="filename">tdbdump</tt>
|
||||||
|
utility has been compiled and installed on your system, then you can examine the contents of this file
|
||||||
|
by: <b class="userinput"><tt>tdbdump share_info.tdb</tt></b>.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2922879"></a>Share Permissions Management</h3></div></div><div></div></div><p>
|
||||||
|
The best tool for the task is platform dependant. Choose the best tool for your environment.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2922892"></a>Windows NT4 Workstation/Server</h4></div></div><div></div></div><p>
|
||||||
|
The tool you need to use to manage share permissions on a Samba server is the NT Server Manager.
|
||||||
|
Server Manager is shipped with Windows NT4 Server products but not with Windows NT4 Workstation.
|
||||||
|
You can obtain the NT Server Manager for MS Windows NT4 Workstation from Microsoft - see details below.
|
||||||
|
</p><div class="procedure"><p class="title"><b>Procedure 13.1. Instructions</b></p><ol type="1"><li><p>
|
||||||
|
Launch the <span class="application">NT4 Server Manager</span>, click on the Samba server you want to administer, then from the menu
|
||||||
|
select <span class="guimenu">Computer</span>, then click on the <span class="guimenuitem">Shared Directories</span> entry.
|
||||||
|
</p></li><li><p>
|
||||||
|
Now click on the share that you wish to manage, then click on the <span class="guilabel">Properties</span> tab, next click on
|
||||||
|
the <span class="guilabel">Permissions</span> tab. Now you can add or change access control settings as you wish.
|
||||||
|
</p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2922975"></a>Windows 200x/XP</h4></div></div><div></div></div><p>
|
||||||
|
On <span class="application">MS Windows NT4/200x/XP</span> system access control lists on the share itself are set using native
|
||||||
|
tools, usually from filemanager. For example, in Windows 200x: right click on the shared folder,
|
||||||
|
then select <span class="guimenuitem">Sharing</span>, then click on <span class="guilabel">Permissions</span>. The default
|
||||||
|
Windows NT4/200x permission allows <span class="emphasis"><em>Everyone</em></span> Full Control on the Share.
|
||||||
|
</p><p>
|
||||||
|
MS Windows 200x and later all comes with a tool called the <span class="application">Computer Management</span> snap-in for the
|
||||||
|
Microsoft Management Console (MMC). This tool is located by clicking on <tt class="filename">Control Panel ->
|
||||||
|
Administrative Tools -> Computer Management</tt>.
|
||||||
|
</p><div class="procedure"><p class="title"><b>Procedure 13.2. Instructions</b></p><ol type="1"><li><p>
|
||||||
|
After launching the MMC with the Computer Management snap-in, click on the menu item <span class="guimenuitem">Action</span>,
|
||||||
|
select <span class="guilabel">Connect to another computer</span>. If you are not logged onto a domain you will be prompted
|
||||||
|
to enter a domain login user identifier and a password. This will authenticate you to the domain.
|
||||||
|
If you where already logged in with administrative privilege this step is not offered.
|
||||||
|
</p></li><li><p>
|
||||||
|
If the Samba server is not shown in the <span class="guilabel">Select Computer</span> box, then type in the name of the target
|
||||||
|
Samba server in the field <span class="guilabel">Name:</span>. Now click on the <span class="guibutton">[+]</span> next to
|
||||||
|
<span class="guilabel">System Tools</span>, then on the <span class="guibutton">[+]</span> next to <span class="guilabel">Shared Folders</span> in the
|
||||||
|
left panel.
|
||||||
|
</p></li><li><p>
|
||||||
|
Now in the right panel, double-click on the share you wish to set access control permissions on.
|
||||||
|
Then click on the tab <span class="guilabel">Share Permissions</span>. It is now possible to add access control entities
|
||||||
|
to the shared folder. Do NOT forget to set what type of access (full control, change, read) you
|
||||||
|
wish to assign for each entry.
|
||||||
|
</p></li></ol></div><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
|
||||||
|
Be careful. If you take away all permissions from the <tt class="constant">Everyone</tt> user without removing this user
|
||||||
|
then effectively no user will be able to access the share. This is a result of what is known as
|
||||||
|
ACL precedence. ie: Everyone with <span class="emphasis"><em>no access</em></span> means that MaryK who is part of the group
|
||||||
|
<tt class="constant">Everyone</tt> will have no access even if this user is given explicit full control access.
|
||||||
|
</p></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2923178"></a>MS Windows Access Control Lists and Unix Interoperability</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2923186"></a>Managing UNIX permissions Using NT Security Dialogs</h3></div></div><div></div></div><p>Windows NT clients can use their native security settings
|
||||||
|
dialog box to view and modify the underlying UNIX permissions.</p><p>Note that this ability is careful not to compromise
|
||||||
|
the security of the UNIX host Samba is running on, and
|
||||||
|
still obeys all the file permission rules that a Samba
|
||||||
|
administrator can set.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
All access to Unix/Linux system file via Samba is controlled at
|
||||||
|
the operating system file access control level. When trying to
|
||||||
|
figure out file access problems it is vitally important to identify
|
||||||
|
the identity of the Windows user as it is presented by Samba at
|
||||||
|
the point of file access. This can best be determined from the
|
||||||
|
Samba log files.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2923224"></a>Viewing File Security on a Samba Share</h3></div></div><div></div></div><p>From an NT4/2000/XP client, single-click with the right
|
||||||
|
mouse button on any file or directory in a Samba mounted
|
||||||
|
drive letter or UNC path. When the menu pops-up, click
|
||||||
|
on the <span class="guilabel">Properties</span> entry at the bottom of
|
||||||
|
the menu. This brings up the file properties dialog
|
||||||
|
box. Click on the tab <span class="guilabel">Security</span> and you
|
||||||
|
will see three buttons, <span class="guibutton">Permissions</span>,
|
||||||
|
<span class="guibutton">Auditing</span>, and <span class="guibutton">Ownership</span>.
|
||||||
|
The <span class="guibutton">Auditing</span> button will cause either
|
||||||
|
an error message <span class="errorname">A requested privilege is not held
|
||||||
|
by the client</span> to appear if the user is not the
|
||||||
|
NT Administrator, or a dialog which is intended to allow an
|
||||||
|
Administrator to add auditing requirements to a file if the
|
||||||
|
user is logged on as the NT Administrator. This dialog is
|
||||||
|
non-functional with a Samba share at this time, as the only
|
||||||
|
useful button, the <span class="guibutton">Add</span> button will not currently
|
||||||
|
allow a list of users to be seen.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2923303"></a>Viewing file ownership</h3></div></div><div></div></div><p>Clicking on the <span class="guibutton">Ownership</span> button
|
||||||
|
brings up a dialog box telling you who owns the given file. The
|
||||||
|
owner name will be of the form :</p><p><b class="command">"SERVER\user (Long name)"</b></p><p>Where <i class="replaceable"><tt>SERVER</tt></i> is the NetBIOS name of
|
||||||
|
the Samba server, <i class="replaceable"><tt>user</tt></i> is the user name of
|
||||||
|
the UNIX user who owns the file, and <i class="replaceable"><tt>(Long name)</tt></i>
|
||||||
|
is the descriptive string identifying the user (normally found in the
|
||||||
|
GECOS field of the UNIX password database). Click on the
|
||||||
|
<span class="guibutton">Close </span> button to remove this dialog.</p><p>If the parameter <i class="parameter"><tt>nt acl support</tt></i>
|
||||||
|
is set to <tt class="constant">false</tt> then the file owner will
|
||||||
|
be shown as the NT user <tt class="constant">"Everyone"</tt>.</p><p>The <span class="guibutton">Take Ownership</span> button will not allow
|
||||||
|
you to change the ownership of this file to yourself (clicking on
|
||||||
|
it will display a dialog box complaining that the user you are
|
||||||
|
currently logged onto the NT client cannot be found). The reason
|
||||||
|
for this is that changing the ownership of a file is a privileged
|
||||||
|
operation in UNIX, available only to the <span class="emphasis"><em>root</em></span>
|
||||||
|
user. As clicking on this button causes NT to attempt to change
|
||||||
|
the ownership of a file to the current user logged into the NT
|
||||||
|
client this will not work with Samba at this time.</p><p>There is an NT chown command that will work with Samba
|
||||||
|
and allow a user with Administrator privilege connected
|
||||||
|
to a Samba server as root to change the ownership of
|
||||||
|
files on both a local NTFS filesystem or remote mounted NTFS
|
||||||
|
or Samba drive. This is available as part of the <span class="application">Seclib
|
||||||
|
</span> NT security library written by Jeremy Allison of
|
||||||
|
the Samba Team, available from the main Samba ftp site.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2923425"></a>Viewing File or Directory Permissions</h3></div></div><div></div></div><p>The third button is the <span class="guibutton">Permissions</span>
|
||||||
|
button. Clicking on this brings up a dialog box that shows both
|
||||||
|
the permissions and the UNIX owner of the file or directory.
|
||||||
|
The owner is displayed in the form :</p><p><b class="command">"<i class="replaceable"><tt>SERVER</tt></i>\
|
||||||
|
<i class="replaceable"><tt>user</tt></i>
|
||||||
|
<i class="replaceable"><tt>(Long name)</tt></i>"</b></p><p>Where <i class="replaceable"><tt>SERVER</tt></i> is the NetBIOS name of
|
||||||
|
the Samba server, <i class="replaceable"><tt>user</tt></i> is the user name of
|
||||||
|
the UNIX user who owns the file, and <i class="replaceable"><tt>(Long name)</tt></i>
|
||||||
|
is the descriptive string identifying the user (normally found in the
|
||||||
|
GECOS field of the UNIX password database).</p><p>If the parameter <i class="parameter"><tt>nt acl support</tt></i>
|
||||||
|
is set to <tt class="constant">false</tt> then the file owner will
|
||||||
|
be shown as the NT user <tt class="constant">"Everyone"</tt> and the
|
||||||
|
permissions will be shown as NT "Full Control".</p><p>The permissions field is displayed differently for files
|
||||||
|
and directories, so I'll describe the way file permissions
|
||||||
|
are displayed first.</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2923516"></a>File Permissions</h4></div></div><div></div></div><p>The standard UNIX user/group/world triplet and
|
||||||
|
the corresponding "read", "write", "execute" permissions
|
||||||
|
triplets are mapped by Samba into a three element NT ACL
|
||||||
|
with the 'r', 'w', and 'x' bits mapped into the corresponding
|
||||||
|
NT permissions. The UNIX world permissions are mapped into
|
||||||
|
the global NT group <tt class="constant">Everyone</tt>, followed
|
||||||
|
by the list of permissions allowed for UNIX world. The UNIX
|
||||||
|
owner and group permissions are displayed as an NT
|
||||||
|
<span class="guiicon">user</span> icon and an NT <span class="guiicon">local
|
||||||
|
group</span> icon respectively followed by the list
|
||||||
|
of permissions allowed for the UNIX user and group.</p><p>As many UNIX permission sets don't map into common
|
||||||
|
NT names such as <tt class="constant">read</tt>, <tt class="constant">
|
||||||
|
"change"</tt> or <tt class="constant">full control</tt> then
|
||||||
|
usually the permissions will be prefixed by the words <tt class="constant">
|
||||||
|
"Special Access"</tt> in the NT display list.</p><p>But what happens if the file has no permissions allowed
|
||||||
|
for a particular UNIX user group or world component ? In order
|
||||||
|
to allow "no permissions" to be seen and modified then Samba
|
||||||
|
overloads the NT <b class="command">"Take Ownership"</b> ACL attribute
|
||||||
|
(which has no meaning in UNIX) and reports a component with
|
||||||
|
no permissions as having the NT <b class="command">"O"</b> bit set.
|
||||||
|
This was chosen of course to make it look like a zero, meaning
|
||||||
|
zero permissions. More details on the decision behind this will
|
||||||
|
be given below.</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2923608"></a>Directory Permissions</h4></div></div><div></div></div><p>Directories on an NT NTFS file system have two
|
||||||
|
different sets of permissions. The first set of permissions
|
||||||
|
is the ACL set on the directory itself, this is usually displayed
|
||||||
|
in the first set of parentheses in the normal <tt class="constant">"RW"</tt>
|
||||||
|
NT style. This first set of permissions is created by Samba in
|
||||||
|
exactly the same way as normal file permissions are, described
|
||||||
|
above, and is displayed in the same way.</p><p>The second set of directory permissions has no real meaning
|
||||||
|
in the UNIX permissions world and represents the <tt class="constant">
|
||||||
|
inherited</tt> permissions that any file created within
|
||||||
|
this directory would inherit.</p><p>Samba synthesises these inherited permissions for NT by
|
||||||
|
returning as an NT ACL the UNIX permission mode that a new file
|
||||||
|
created by Samba on this share would receive.</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2923653"></a>Modifying file or directory permissions</h3></div></div><div></div></div><p>Modifying file and directory permissions is as simple
|
||||||
|
as changing the displayed permissions in the dialog box, and
|
||||||
|
clicking the <span class="guibutton">OK</span> button. However, there are
|
||||||
|
limitations that a user needs to be aware of, and also interactions
|
||||||
|
with the standard Samba permission masks and mapping of DOS
|
||||||
|
attributes that need to also be taken into account.</p><p>If the parameter <i class="parameter"><tt>nt acl support</tt></i>
|
||||||
|
is set to <tt class="constant">false</tt> then any attempt to set
|
||||||
|
security permissions will fail with an <span class="errorname">"Access Denied"
|
||||||
|
</span> message.</p><p>The first thing to note is that the <span class="guibutton">"Add"</span>
|
||||||
|
button will not return a list of users in Samba (it will give
|
||||||
|
an error message of <span class="errorname">The remote procedure call failed
|
||||||
|
and did not execute</span>). This means that you can only
|
||||||
|
manipulate the current user/group/world permissions listed in
|
||||||
|
the dialog box. This actually works quite well as these are the
|
||||||
|
only permissions that UNIX actually has.</p><p>If a permission triplet (either user, group, or world)
|
||||||
|
is removed from the list of permissions in the NT dialog box,
|
||||||
|
then when the <span class="guibutton">OK</span> button is pressed it will
|
||||||
|
be applied as "no permissions" on the UNIX side. If you then
|
||||||
|
view the permissions again the "no permissions" entry will appear
|
||||||
|
as the NT <b class="command">"O"</b> flag, as described above. This
|
||||||
|
allows you to add permissions back to a file or directory once
|
||||||
|
you have removed them from a triplet component.</p><p>As UNIX supports only the "r", "w" and "x" bits of
|
||||||
|
an NT ACL then if other NT security attributes such as "Delete
|
||||||
|
access" are selected then they will be ignored when applied on
|
||||||
|
the Samba server.</p><p>When setting permissions on a directory the second
|
||||||
|
set of permissions (in the second set of parentheses) is
|
||||||
|
by default applied to all files within that directory. If this
|
||||||
|
is not what you want you must uncheck the <span class="guilabel">Replace
|
||||||
|
permissions on existing files</span> checkbox in the NT
|
||||||
|
dialog before clicking <span class="guibutton">OK</span>.</p><p>If you wish to remove all permissions from a
|
||||||
|
user/group/world component then you may either highlight the
|
||||||
|
component and click the <span class="guibutton">Remove</span> button,
|
||||||
|
or set the component to only have the special <tt class="constant">Take
|
||||||
|
Ownership</tt> permission (displayed as <b class="command">"O"
|
||||||
|
</b>) highlighted.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2923805"></a>Interaction with the standard Samba create mask
|
||||||
|
parameters</h3></div></div><div></div></div><p>There are four parameters
|
||||||
|
to control interaction with the standard Samba create mask parameters.
|
||||||
|
These are :
|
||||||
|
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td><i class="parameter"><tt>security mask</tt></i></td></tr><tr><td><i class="parameter"><tt>force security mode</tt></i></td></tr><tr><td><i class="parameter"><tt>directory security mask</tt></i></td></tr><tr><td><i class="parameter"><tt>force directory security mode</tt></i></td></tr></table><p>
|
||||||
|
|
||||||
|
</p><p>Once a user clicks <span class="guibutton">OK</span> to apply the
|
||||||
|
permissions Samba maps the given permissions into a user/group/world
|
||||||
|
r/w/x triplet set, and then will check the changed permissions for a
|
||||||
|
file against the bits set in the <a href="smb.conf.5.html#SECURITYMASK" target="_top">
|
||||||
|
<i class="parameter"><tt>security mask</tt></i></a> parameter. Any bits that
|
||||||
|
were changed that are not set to '1' in this parameter are left alone
|
||||||
|
in the file permissions.</p><p>Essentially, zero bits in the <i class="parameter"><tt>security mask</tt></i>
|
||||||
|
mask may be treated as a set of bits the user is <span class="emphasis"><em>not</em></span>
|
||||||
|
allowed to change, and one bits are those the user is allowed to change.
|
||||||
|
</p><p>If not set explicitly this parameter is set to the same value as
|
||||||
|
the <a href="smb.conf.5.html#CREATEMASK" target="_top"><i class="parameter"><tt>create mask
|
||||||
|
</tt></i></a> parameter. To allow a user to modify all the
|
||||||
|
user/group/world permissions on a file, set this parameter
|
||||||
|
to 0777.</p><p>Next Samba checks the changed permissions for a file against
|
||||||
|
the bits set in the <a href="smb.conf.5.html#FORCESECURITYMODE" target="_top">
|
||||||
|
<i class="parameter"><tt>force security mode</tt></i></a> parameter. Any bits
|
||||||
|
that were changed that correspond to bits set to '1' in this parameter
|
||||||
|
are forced to be set.</p><p>Essentially, bits set in the <i class="parameter"><tt>force security mode
|
||||||
|
</tt></i> parameter may be treated as a set of bits that, when
|
||||||
|
modifying security on a file, the user has always set to be 'on'.</p><p>If not set explicitly this parameter is set to the same value
|
||||||
|
as the <a href="smb.conf.5.html#FORCECREATEMODE" target="_top"><i class="parameter"><tt>force
|
||||||
|
create mode</tt></i></a> parameter.
|
||||||
|
To allow a user to modify all the user/group/world permissions on a file
|
||||||
|
with no restrictions set this parameter to 000.</p><p>The <i class="parameter"><tt>security mask</tt></i> and <i class="parameter"><tt>force
|
||||||
|
security mode</tt></i> parameters are applied to the change
|
||||||
|
request in that order.</p><p>For a directory Samba will perform the same operations as
|
||||||
|
described above for a file except using the parameter <i class="parameter"><tt>
|
||||||
|
directory security mask</tt></i> instead of <i class="parameter"><tt>security
|
||||||
|
mask</tt></i>, and <i class="parameter"><tt>force directory security mode
|
||||||
|
</tt></i> parameter instead of <i class="parameter"><tt>force security mode
|
||||||
|
</tt></i>.</p><p>The <i class="parameter"><tt>directory security mask</tt></i> parameter
|
||||||
|
by default is set to the same value as the <i class="parameter"><tt>directory mask
|
||||||
|
</tt></i> parameter and the <i class="parameter"><tt>force directory security
|
||||||
|
mode</tt></i> parameter by default is set to the same value as
|
||||||
|
the <i class="parameter"><tt>force directory mode</tt></i> parameter. </p><p>In this way Samba enforces the permission restrictions that
|
||||||
|
an administrator can set on a Samba share, whilst still allowing users
|
||||||
|
to modify the permission bits within that restriction.</p><p>If you want to set up a share that allows users full control
|
||||||
|
in modifying the permission bits on their files and directories and
|
||||||
|
doesn't force any particular bits to be set 'on', then set the following
|
||||||
|
parameters in the <tt class="filename">smb.conf</tt> file in that share specific section :
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td><i class="parameter"><tt>security mask = 0777</tt></i></td></tr><tr><td><i class="parameter"><tt>force security mode = 0</tt></i></td></tr><tr><td><i class="parameter"><tt>directory security mask = 0777</tt></i></td></tr><tr><td><i class="parameter"><tt>force directory security mode = 0</tt></i></td></tr></table></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2924134"></a>Interaction with the standard Samba file attribute
|
||||||
|
mapping</h3></div></div><div></div></div><p>Samba maps some of the DOS attribute bits (such as "read
|
||||||
|
only") into the UNIX permissions of a file. This means there can
|
||||||
|
be a conflict between the permission bits set via the security
|
||||||
|
dialog and the permission bits set by the file attribute mapping.
|
||||||
|
</p><p>One way this can show up is if a file has no UNIX read access
|
||||||
|
for the owner it will show up as "read only" in the standard
|
||||||
|
file attributes tabbed dialog. Unfortunately this dialog is
|
||||||
|
the same one that contains the security info in another tab.</p><p>What this can mean is that if the owner changes the permissions
|
||||||
|
to allow themselves read access using the security dialog, clicks
|
||||||
|
<span class="guibutton">OK</span> to get back to the standard attributes tab
|
||||||
|
dialog, and then clicks <span class="guibutton">OK</span> on that dialog, then
|
||||||
|
NT will set the file permissions back to read-only (as that is what
|
||||||
|
the attributes still say in the dialog). This means that after setting
|
||||||
|
permissions and clicking <span class="guibutton">OK</span> to get back to the
|
||||||
|
attributes dialog you should always hit <span class="guibutton">Cancel</span>
|
||||||
|
rather than <span class="guibutton">OK</span> to ensure that your changes
|
||||||
|
are not overridden.</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2924210"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
File, Directory and Share access problems are very common on the mailing list. The following
|
||||||
|
are examples taken from the mailing list in recent times.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2924224"></a>Users can not write to a public share</h3></div></div><div></div></div><p>
|
||||||
|
“<span class="quote">
|
||||||
|
We are facing some troubles with file / directory permissions. I can log on the domain as admin user(root),
|
||||||
|
and there's a public share, on which everyone needs to have permission to create / modify files, but only
|
||||||
|
root can change the file, no one else can. We need to constantly go to server to
|
||||||
|
<b class="userinput"><tt>chgrp -R users *</tt></b> and <b class="userinput"><tt>chown -R nobody *</tt></b> to allow others users to change the file.
|
||||||
|
</span>”
|
||||||
|
</p><p>
|
||||||
|
There are many ways to solve this problem, here are a few hints:
|
||||||
|
</p><div class="procedure"><p class="title"><b>Procedure 13.3. Example Solution:</b></p><ol type="1"><li><p>
|
||||||
|
Go to the top of the directory that is shared
|
||||||
|
</p></li><li><p>
|
||||||
|
Set the ownership to what ever public owner and group you want
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
find 'directory_name' -type d -exec chown user.group {}\;
|
||||||
|
find 'directory_name' -type d -exec chmod 6775 'directory_name'
|
||||||
|
find 'directory_name' -type f -exec chmod 0775 {} \;
|
||||||
|
find 'directory_name' -type f -exec chown user.group {}\;
|
||||||
|
</pre><p>
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
The above will set the 'sticky bit' on all directories. Read your
|
||||||
|
Unix/Linux man page on what that does. It causes the OS to assign
|
||||||
|
to all files created in the directories the ownership of the
|
||||||
|
directory.
|
||||||
|
</p></div></li><li><p>
|
||||||
|
|
||||||
|
Directory is: <i class="replaceable"><tt>/foodbar</tt></i>
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>chown jack.engr /foodbar</tt></b>
|
||||||
|
</pre><p>
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
</p><p>This is the same as doing:</p><p>
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>chown jack /foodbar</tt></b>
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>chgrp engr /foodbar</tt></b>
|
||||||
|
</pre><p>
|
||||||
|
</p></div></li><li><p>Now do:
|
||||||
|
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>chmod 6775 /foodbar</tt></b>
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>ls -al /foodbar/..</tt></b>
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
</p><p>You should see:
|
||||||
|
</p><pre class="screen">
|
||||||
|
drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
|
||||||
|
</pre><p>
|
||||||
|
</p></li><li><p>Now do:
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>su - jill</tt></b>
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>cd /foodbar</tt></b>
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>touch Afile</tt></b>
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>ls -al</tt></b>
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
You should see that the file <tt class="filename">Afile</tt> created by Jill will have ownership
|
||||||
|
and permissions of Jack, as follows:
|
||||||
|
</p><pre class="screen">
|
||||||
|
-rw-r--r-- 1 jack engr 0 2003-02-04 09:57 Afile
|
||||||
|
</pre><p>
|
||||||
|
</p></li><li><p>
|
||||||
|
Now in your <tt class="filename">smb.conf</tt> for the share add:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
force create mode = 0775
|
||||||
|
force directory mode = 6775
|
||||||
|
</pre><p>
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
The above are only needed <span class="emphasis"><em>if</em></span> your users are <span class="emphasis"><em>not</em></span> members of the group
|
||||||
|
you have used. ie: Within the OS do not have write permission on the directory.
|
||||||
|
</p></div><p>
|
||||||
|
An alternative is to set in the <tt class="filename">smb.conf</tt> entry for the share:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
force user = jack
|
||||||
|
force group = engr
|
||||||
|
</pre><p>
|
||||||
|
</p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2924604"></a>I have set force user and Samba still makes <span class="emphasis"><em>root</em></span> the owner of all the files
|
||||||
|
I touch!</h3></div></div><div></div></div><p>
|
||||||
|
When you have a user in 'admin users', Samba will always do file operations for
|
||||||
|
this user as <span class="emphasis"><em>root</em></span>, even if <i class="parameter"><tt>force user</tt></i> has been set.
|
||||||
|
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="groupmapping.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="locking.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 12. Mapping MS Windows and Unix Groups </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 14. File and Record Locking</td></tr></table></div></body></html>
|
224
docs/htmldocs/AdvancedNetworkManagement.html
Normal file
224
docs/htmldocs/AdvancedNetworkManagement.html
Normal file
@ -0,0 +1,224 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 22. Advanced Network Management</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="winbind.html" title="Chapter 21. Integrated Logon Support using Winbind"><link rel="next" href="PolicyMgmt.html" title="Chapter 23. System and Account Policies"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 22. Advanced Network Management</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="winbind.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="PolicyMgmt.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="AdvancedNetworkManagement"></a>Chapter 22. Advanced Network Management</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">April 3 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="AdvancedNetworkManagement.html#id2984570">Features and Benefits</a></dt><dt><a href="AdvancedNetworkManagement.html#id2984759">Remote Server Administration</a></dt><dt><a href="AdvancedNetworkManagement.html#id2984858">Remote Desktop Management</a></dt><dd><dl><dt><a href="AdvancedNetworkManagement.html#id2984876">Remote Management from NoMachines.Com</a></dt></dl></dd><dt><a href="AdvancedNetworkManagement.html#id2985087">Network Logon Script Magic</a></dt><dd><dl><dt><a href="AdvancedNetworkManagement.html#id2985283">Adding printers without user intervention</a></dt></dl></dd><dt><a href="AdvancedNetworkManagement.html#id2985316">Common Errors</a></dt></dl></div><p>
|
||||||
|
This section documents peripheral issues that are of great importance to network
|
||||||
|
administrators who want to improve network resource access control, to automate the user
|
||||||
|
environment, and to make their lives a little easier.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2984570"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Often the difference between a working network environment and a well appreciated one can
|
||||||
|
best be measured by the <span class="emphasis"><em>little things</em></span> that makes everything work more
|
||||||
|
harmoniously. A key part of every network environment solution is the ability to remotely
|
||||||
|
manage MS Windows workstations, to remotely access the Samba server, to provide customised
|
||||||
|
logon scripts, as well as other house keeping activities that help to sustain more reliable
|
||||||
|
network operations.
|
||||||
|
</p><p>
|
||||||
|
This chapter presents information on each of these area. They are placed here, and not in
|
||||||
|
other chapters, for ease of reference.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2984759"></a>Remote Server Administration</h2></div></div><div></div></div><p>
|
||||||
|
<span class="emphasis"><em>How do I get 'User Manager' and 'Server Manager'?</em></span>
|
||||||
|
</p><p>
|
||||||
|
Since I don't need to buy an <span class="application">NT4 Server</span>, how do I get the 'User Manager for Domains',
|
||||||
|
the 'Server Manager'?
|
||||||
|
</p><p>
|
||||||
|
Microsoft distributes a version of these tools called nexus for installation
|
||||||
|
on <span class="application">Windows 9x / Me</span> systems. The tools set includes:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Server Manager</td></tr><tr><td>User Manager for Domains</td></tr><tr><td>Event Viewer</td></tr></table><p>
|
||||||
|
Click here to download the archived file <a href="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE" target="_top">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</a>
|
||||||
|
</p><p>
|
||||||
|
The <span class="application">Windows NT 4.0</span> version of the 'User Manager for
|
||||||
|
Domains' and 'Server Manager' are available from Microsoft via ftp
|
||||||
|
from <a href="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" target="_top">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</a>
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2984858"></a>Remote Desktop Management</h2></div></div><div></div></div><p>
|
||||||
|
There are a number of possible remote desktop management solutions that range from free
|
||||||
|
through costly. Do not let that put you off. Sometimes the most costly solutions is the
|
||||||
|
most cost effective. In any case, you will need to draw your own conclusions as to which
|
||||||
|
is the best tool in your network environment.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2984876"></a>Remote Management from NoMachines.Com</h3></div></div><div></div></div><p>
|
||||||
|
The following information was posted to the Samba mailing list at Apr 3 23:33:50 GMT 2003.
|
||||||
|
It is presented in slightly edited form (with author details omitted for privacy reasons).
|
||||||
|
The entire answer is reproduced below with some comments removed.
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="screen">
|
||||||
|
> I have a wonderful linux/samba server running as PDC for a network.
|
||||||
|
> Now I would like to add remote desktop capabilities so that
|
||||||
|
> users outside could login to the system and get their desktop up from
|
||||||
|
> home or another country..
|
||||||
|
>
|
||||||
|
> Is there a way to accomplish this? Do I need a windows terminal server?
|
||||||
|
> Do I need to configure it so that it is a member of the domain or a
|
||||||
|
> BDC,PDC? Are there any hacks for MS Windows XP to enable remote login
|
||||||
|
> even if the computer is in a domain?
|
||||||
|
>
|
||||||
|
> Any ideas/experience would be appreciated :)
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
Answer provided: Check out the new offer from NoMachine, "NX" software:
|
||||||
|
<a href="http://www.nomachine.com/" target="_top">http://www.nomachine.com/</a>.
|
||||||
|
</p><p>
|
||||||
|
It implements a very easy-to-use interface to the remote X protocol as
|
||||||
|
well as incorporating VNC/RFB and rdesktop/RDP into it, but at a speed
|
||||||
|
performance much better than anything you may have ever seen...
|
||||||
|
</p><p>
|
||||||
|
Remote X is not new at all -- but what they did achieve successfully is
|
||||||
|
a new way of compression and caching technologies which makes the thing
|
||||||
|
fast enough to run even over slow modem/ISDN connections.
|
||||||
|
</p><p>
|
||||||
|
I could test drive their (public) RedHat machine in Italy, over a loaded
|
||||||
|
internet connection, with enabled thumbnail previews in KDE konqueror
|
||||||
|
which popped up immediately on "mouse-over". From inside that (remote X)
|
||||||
|
session I started a rdesktop session on another, a Windows XP machine.
|
||||||
|
To test the performance, I played Pinball. I am proud to announce here
|
||||||
|
that my score was 631750 points at first try...
|
||||||
|
</p><p>
|
||||||
|
NX performs better on my local LAN than any of the other "pure"
|
||||||
|
connection methods I am using from time to time: TightVNC, rdesktop or
|
||||||
|
remote X. It is even faster than a direct crosslink connection between
|
||||||
|
two nodes.
|
||||||
|
</p><p>
|
||||||
|
I even got sound playing from the remote X app to my local boxes, and
|
||||||
|
had a working "copy'n'paste" from an NX window (running a KDE session
|
||||||
|
in Italy) to my Mozilla mailing agent... These guys are certainly doing
|
||||||
|
something right!
|
||||||
|
</p><p>
|
||||||
|
I recommend to test drive NX to anybody with a only a remote interest
|
||||||
|
in remote computing
|
||||||
|
<a href="http://www.nomachine.com/testdrive.php" target="_top">http://www.nomachine.com/testdrive.php</a>.
|
||||||
|
</p><p>
|
||||||
|
Just download the free of charge client software (available for RedHat,
|
||||||
|
SuSE, Debian and Windows) and be up and running within 5 minutes (they
|
||||||
|
need to send you your account data, though, because you are assigned
|
||||||
|
a real Unix account on their testdrive.nomachine.com box...
|
||||||
|
</p><p>
|
||||||
|
They plan to get to the point were you can have NX application servers
|
||||||
|
running as a cluster of nodes, and users simply start an NX session locally,
|
||||||
|
and can select applications to run transparently (apps may even run on
|
||||||
|
another NX node, but pretend to be on the same as used for initial login,
|
||||||
|
because it displays in the same window.... well, you also can run it
|
||||||
|
fullscreen, and after a short time you forget that it is a remote session
|
||||||
|
at all).
|
||||||
|
</p><p>
|
||||||
|
Now the best thing at the end: all the core compression and caching
|
||||||
|
technologies are released under the GPL and available as source code
|
||||||
|
to anybody who wants to build on it! These technologies are working,
|
||||||
|
albeit started from the command line only (and very inconvenient to
|
||||||
|
use in order to get a fully running remote X session up and running....)
|
||||||
|
</p><p>
|
||||||
|
To answer your questions:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
You don't need to install a terminal server; XP has RDP support built in.
|
||||||
|
</p></li><li><p>
|
||||||
|
NX is much cheaper than Citrix -- and comparable in performance, probably faster
|
||||||
|
</p></li><li><p>
|
||||||
|
You don't need to hack XP -- it just works
|
||||||
|
</p></li><li><p>
|
||||||
|
You log into the XP box from remote transparently (and I think there is no
|
||||||
|
need to change anything to get a connection, even if authentication is against a domain)
|
||||||
|
</p></li><li><p>
|
||||||
|
The NX core technologies are all Open Source and released under the GPL --
|
||||||
|
you can today use a (very inconvenient) commandline to use it at no cost,
|
||||||
|
but you can buy a comfortable (proprietary) NX GUI frontend for money
|
||||||
|
</p></li><li><p>
|
||||||
|
NoMachine are encouraging and offering help to OSS/Free Software implementations
|
||||||
|
for such a frontend too, even if it means competition to them (they have written
|
||||||
|
to this effect even to the LTSP, KDE and GNOME developer mailing lists)
|
||||||
|
</p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2985087"></a>Network Logon Script Magic</h2></div></div><div></div></div><p>
|
||||||
|
This section needs work. Volunteer contributions most welcome. Please send your patches or updates
|
||||||
|
to <a href="mailto:jht@samba.org" target="_top">John Terpstra</a>.
|
||||||
|
</p><p>
|
||||||
|
There are several opportunities for creating a custom network startup configuration environment.
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>No Logon Script</td></tr><tr><td>Simple universal Logon Script that applies to all users</td></tr><tr><td>Use of a conditional Logon Script that applies per user or per group attributes</td></tr><tr><td>Use of Samba's Preexec and Postexec functions on access to the NETLOGON share to create
|
||||||
|
a custom Logon Script and then execute it.</td></tr><tr><td>User of a tool such as KixStart</td></tr></table><p>
|
||||||
|
The Samba source code tree includes two logon script generation/execution tools.
|
||||||
|
See <tt class="filename">examples</tt> directory <tt class="filename">genlogon</tt> and
|
||||||
|
<tt class="filename">ntlogon</tt> subdirectories.
|
||||||
|
</p><p>
|
||||||
|
The following listings are from the genlogon directory.
|
||||||
|
</p><p>
|
||||||
|
This is the <tt class="filename">genlogon.pl</tt> file:
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
#!/usr/bin/perl
|
||||||
|
#
|
||||||
|
# genlogon.pl
|
||||||
|
#
|
||||||
|
# Perl script to generate user logon scripts on the fly, when users
|
||||||
|
# connect from a Windows client. This script should be called from smb.conf
|
||||||
|
# with the %U, %G and %L parameters. I.e:
|
||||||
|
#
|
||||||
|
# root preexec = genlogon.pl %U %G %L
|
||||||
|
#
|
||||||
|
# The script generated will perform
|
||||||
|
# the following:
|
||||||
|
#
|
||||||
|
# 1. Log the user connection to /var/log/samba/netlogon.log
|
||||||
|
# 2. Set the PC's time to the Linux server time (which is maintained
|
||||||
|
# daily to the National Institute of Standard's Atomic clock on the
|
||||||
|
# internet.
|
||||||
|
# 3. Connect the user's home drive to H: (H for Home).
|
||||||
|
# 4. Connect common drives that everyone uses.
|
||||||
|
# 5. Connect group-specific drives for certain user groups.
|
||||||
|
# 6. Connect user-specific drives for certain users.
|
||||||
|
# 7. Connect network printers.
|
||||||
|
|
||||||
|
# Log client connection
|
||||||
|
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
|
||||||
|
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
|
||||||
|
open LOG, ">>/var/log/samba/netlogon.log";
|
||||||
|
print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] logged into $ARGV[1]\n";
|
||||||
|
close LOG;
|
||||||
|
|
||||||
|
# Start generating logon script
|
||||||
|
open LOGON, ">/shared/netlogon/$ARGV[0].bat";
|
||||||
|
print LOGON "\@ECHO OFF\r\n";
|
||||||
|
|
||||||
|
# Connect shares just use by Software Development group
|
||||||
|
if ($ARGV[1] eq "SOFTDEV" || $ARGV[0] eq "softdev")
|
||||||
|
{
|
||||||
|
print LOGON "NET USE M: \\\\$ARGV[2]\\SOURCE\r\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Connect shares just use by Technical Support staff
|
||||||
|
if ($ARGV[1] eq "SUPPORT" || $ARGV[0] eq "support")
|
||||||
|
{
|
||||||
|
print LOGON "NET USE S: \\\\$ARGV[2]\\SUPPORT\r\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Connect shares just used by Administration staff
|
||||||
|
If ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
|
||||||
|
{
|
||||||
|
print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n";
|
||||||
|
print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Now connect Printers. We handle just two or three users a little
|
||||||
|
# differently, because they are the exceptions that have desktop
|
||||||
|
# printers on LPT1: - all other user's go to the LaserJet on the
|
||||||
|
# server.
|
||||||
|
if ($ARGV[0] eq 'jim'
|
||||||
|
|| $ARGV[0] eq 'yvonne')
|
||||||
|
{
|
||||||
|
print LOGON "NET USE LPT2: \\\\$ARGV[2]\\LJET3\r\n";
|
||||||
|
print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print LOGON "NET USE LPT1: \\\\$ARGV[2]\\LJET3\r\n";
|
||||||
|
print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# All done! Close the output file.
|
||||||
|
close LOGON;
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
Those wishing to use more elaborate or capable logon processing system should check out the following sites:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td><a href="http://www.craigelachie.org/rhacer/ntlogon" target="_top">http://www.craigelachie.org/rhacer/ntlogon</a></td></tr><tr><td><a href="http://www.kixtart.org" target="_top">http://www.kixtart.org</a></td></tr><tr><td><a href="http://support.microsoft.com/default.asp?scid=kb;en-us;189105" target="_top">http://support.microsoft.com/default.asp?scid=kb;en-us;189105</a></td></tr></table><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2985283"></a>Adding printers without user intervention</h3></div></div><div></div></div><p>
|
||||||
|
Printers may be added automatically during logon script processing through the use of:
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
rundll32 printui.dll,PrintUIEntry /?
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
See the documentation in the <a href="http://support.microsoft.com/default.asp?scid=kb;en-us;189105" target="_top">Microsoft knowledgebase article no: 189105</a>.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2985316"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
The information provided in this chapter has been reproduced from postings on the samba@samba.org
|
||||||
|
mailing list. No implied endorsement or recommendation is offered. Administrators should conduct
|
||||||
|
their own evaluation of alternatives and are encouraged to draw their own conclusions.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="winbind.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="PolicyMgmt.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 21. Integrated Logon Support using Winbind </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 23. System and Account Policies</td></tr></table></div></body></html>
|
4
docs/htmldocs/Appendixes.html
Normal file
4
docs/htmldocs/Appendixes.html
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part VI. Appendixes</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="bugreport.html" title="Chapter 35. Reporting Bugs"><link rel="next" href="compiling.html" title="Chapter 36. How to compile SAMBA"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part VI. Appendixes</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="bugreport.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="compiling.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="Appendixes"></a>Appendixes</h1></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt>36. <a href="compiling.html">How to compile SAMBA</a></dt><dd><dl><dt><a href="compiling.html#id3012145">Access Samba source code via CVS</a></dt><dd><dl><dt><a href="compiling.html#id3012152">Introduction</a></dt><dt><a href="compiling.html#id3012182">CVS Access to samba.org</a></dt></dl></dd><dt><a href="compiling.html#id3013701">Accessing the samba sources via rsync and ftp</a></dt><dt><a href="compiling.html#id3013750">Verifying Samba's PGP signature</a></dt><dt><a href="compiling.html#id3013886">Building the Binaries</a></dt><dd><dl><dt><a href="compiling.html#id3014023">Compiling samba with Active Directory support</a></dt></dl></dd><dt><a href="compiling.html#id3014188">Starting the smbd and nmbd</a></dt><dd><dl><dt><a href="compiling.html#id3014280">Starting from inetd.conf</a></dt><dt><a href="compiling.html#id3014484">Alternative: starting it as a daemon</a></dt></dl></dd><dt><a href="compiling.html#id3014579">Common Errors</a></dt></dl></dd><dt>37. <a href="Portability.html">Portability</a></dt><dd><dl><dt><a href="Portability.html#id3013478">HPUX</a></dt><dt><a href="Portability.html#id3016009">SCO Unix</a></dt><dt><a href="Portability.html#id3016039">DNIX</a></dt><dt><a href="Portability.html#id3016210">RedHat Linux Rembrandt-II</a></dt><dt><a href="Portability.html#id3016254">AIX</a></dt><dd><dl><dt><a href="Portability.html#id3016261">Sequential Read Ahead</a></dt></dl></dd><dt><a href="Portability.html#id3016287">Solaris</a></dt><dd><dl><dt><a href="Portability.html#id3016294">Locking improvements</a></dt><dt><a href="Portability.html#winbind-solaris9">Winbind on Solaris 9</a></dt></dl></dd></dl></dd><dt>38. <a href="Other-Clients.html">Samba and other CIFS clients</a></dt><dd><dl><dt><a href="Other-Clients.html#id3015663">Macintosh clients?</a></dt><dt><a href="Other-Clients.html#id3017016">OS2 Client</a></dt><dd><dl><dt><a href="Other-Clients.html#id3017023">How can I configure OS/2 Warp Connect or
|
||||||
|
OS/2 Warp 4 as a client for Samba?</a></dt><dt><a href="Other-Clients.html#id3017102">How can I configure OS/2 Warp 3 (not Connect),
|
||||||
|
OS/2 1.2, 1.3 or 2.x for Samba?</a></dt><dt><a href="Other-Clients.html#id3017164">How do I get printer driver download working
|
||||||
|
for OS/2 clients?</a></dt></dl></dd><dt><a href="Other-Clients.html#id3017260">Windows for Workgroups</a></dt><dd><dl><dt><a href="Other-Clients.html#id3017268">Use latest TCP/IP stack from Microsoft</a></dt><dt><a href="Other-Clients.html#id3017357">Delete .pwl files after password change</a></dt><dt><a href="Other-Clients.html#id3017388">Configure WfW password handling</a></dt><dt><a href="Other-Clients.html#id3017433">Case handling of passwords</a></dt><dt><a href="Other-Clients.html#id3017464">Use TCP/IP as default protocol</a></dt><dt><a href="Other-Clients.html#id3017481">Speed improvement</a></dt></dl></dd><dt><a href="Other-Clients.html#id3017528">Windows '95/'98</a></dt><dd><dl><dt><a href="Other-Clients.html#id3017601">Speed improvement</a></dt></dl></dd><dt><a href="Other-Clients.html#id3017625">Windows 2000 Service Pack 2</a></dt><dt><a href="Other-Clients.html#id3017736">Windows NT 3.1</a></dt></dl></dd><dt>39. <a href="speed.html">Samba Performance Tuning</a></dt><dd><dl><dt><a href="speed.html#id3018768">Comparisons</a></dt><dt><a href="speed.html#id3018812">Socket options</a></dt><dt><a href="speed.html#id3018887">Read size</a></dt><dt><a href="speed.html#id3018931">Max xmit</a></dt><dt><a href="speed.html#id3018984">Log level</a></dt><dt><a href="speed.html#id3019007">Read raw</a></dt><dt><a href="speed.html#id3019064">Write raw</a></dt><dt><a href="speed.html#id3019106">Slow Logins</a></dt><dt><a href="speed.html#id3019127">Client tuning</a></dt><dt><a href="speed.html#id3019154">Samba performance problem due changing kernel</a></dt><dt><a href="speed.html#id3019185">Corrupt tdb Files</a></dt></dl></dd><dt>40. <a href="DNSDHCP.html">DNS and DHCP Configuration Guide</a></dt><dd><dl><dt><a href="DNSDHCP.html#id3018605">Note</a></dt></dl></dd><dt>41. <a href="Further-Resources.html">Further Resources</a></dt><dd><dl><dt><a href="Further-Resources.html#id3018765">Websites</a></dt><dt><a href="Further-Resources.html#id3020416">Related updates from Microsoft</a></dt><dt><a href="Further-Resources.html#id3020431">Books</a></dt></dl></dd></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="bugreport.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="compiling.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 35. Reporting Bugs </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 36. How to compile SAMBA</td></tr></table></div></body></html>
|
13
docs/htmldocs/Backup.html
Normal file
13
docs/htmldocs/Backup.html
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 28. Samba Backup Techniques</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="unicode.html" title="Chapter 27. Unicode/Charsets"><link rel="next" href="SambaHA.html" title="Chapter 29. High Availability Options"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 28. Samba Backup Techniques</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unicode.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="SambaHA.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Backup"></a>Chapter 28. Samba Backup Techniques</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="Backup.html#id3001533">Note</a></dt><dt><a href="Backup.html#id3001557">Features and Benefits</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3001533"></a>Note</h2></div></div><div></div></div><p>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
If you have something to contribute for this section please email it to
|
||||||
|
<a href="">jht@samba.org</a>/
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3001557"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
We need feedback from people who are backing up samba servers.
|
||||||
|
We would like to know what software tools you are using to backup
|
||||||
|
your samba server/s.
|
||||||
|
</p><p>
|
||||||
|
In particular, if you have any success and / or failure stories you could
|
||||||
|
share with other users this would be appreciated.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="unicode.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="SambaHA.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 27. Unicode/Charsets </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 29. High Availability Options</td></tr></table></div></body></html>
|
3733
docs/htmldocs/CUPS-printing.html
Normal file
3733
docs/htmldocs/CUPS-printing.html
Normal file
File diff suppressed because it is too large
Load Diff
4
docs/htmldocs/ClientConfig.html
Normal file
4
docs/htmldocs/ClientConfig.html
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. MS Windows Network Configuration Guide</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part II. Server Configuration Basics"><link rel="previous" href="StandAloneServer.html" title="Chapter 8. Stand-Alone Servers"><link rel="next" href="optional.html" title="Part III. Advanced Configuration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. MS Windows Network Configuration Guide</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="StandAloneServer.html">Prev</a> </td><th width="60%" align="center">Part II. Server Configuration Basics</th><td width="20%" align="right"> <a accesskey="n" href="optional.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ClientConfig"></a>Chapter 9. MS Windows Network Configuration Guide</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="ClientConfig.html#id2901966">Note</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2901966"></a>Note</h2></div></div><div></div></div><p>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="StandAloneServer.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="type.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="optional.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 8. Stand-Alone Servers </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Part III. Advanced Configuration</td></tr></table></div></body></html>
|
4
docs/htmldocs/DNSDHCP.html
Normal file
4
docs/htmldocs/DNSDHCP.html
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 40. DNS and DHCP Configuration Guide</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part VI. Appendixes"><link rel="previous" href="speed.html" title="Chapter 39. Samba Performance Tuning"><link rel="next" href="Further-Resources.html" title="Chapter 41. Further Resources"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 40. DNS and DHCP Configuration Guide</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="speed.html">Prev</a> </td><th width="60%" align="center">Part VI. Appendixes</th><td width="20%" align="right"> <a accesskey="n" href="Further-Resources.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="DNSDHCP"></a>Chapter 40. DNS and DHCP Configuration Guide</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="DNSDHCP.html#id3018605">Note</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018605"></a>Note</h2></div></div><div></div></div><p>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="speed.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Appendixes.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Further-Resources.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 39. Samba Performance Tuning </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 41. Further Resources</td></tr></table></div></body></html>
|
4
docs/htmldocs/FastStart.html
Normal file
4
docs/htmldocs/FastStart.html
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Fast Start for the Impatient</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="introduction.html" title="Part I. General Installation"><link rel="previous" href="install.html" title="Chapter 2. How to Install and Test SAMBA"><link rel="next" href="type.html" title="Part II. Server Configuration Basics"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Fast Start for the Impatient</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="install.html">Prev</a> </td><th width="60%" align="center">Part I. General Installation</th><td width="20%" align="right"> <a accesskey="n" href="type.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="FastStart"></a>Chapter 3. Fast Start for the Impatient</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="FastStart.html#id2886744">Note</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2886744"></a>Note</h2></div></div><div></div></div><p>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="install.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="introduction.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="type.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. How to Install and Test SAMBA </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Part II. Server Configuration Basics</td></tr></table></div></body></html>
|
100
docs/htmldocs/Further-Resources.html
Normal file
100
docs/htmldocs/Further-Resources.html
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 41. Further Resources</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part VI. Appendixes"><link rel="previous" href="DNSDHCP.html" title="Chapter 40. DNS and DHCP Configuration Guide"><link rel="next" href="ix01.html" title="Index"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 41. Further Resources</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DNSDHCP.html">Prev</a> </td><th width="60%" align="center">Part VI. Appendixes</th><td width="20%" align="right"> <a accesskey="n" href="ix01.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Further-Resources"></a>Chapter 41. Further Resources</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Lechnyr</span></h3><div class="affiliation"><span class="orgname">Unofficial HOWTO<br></span><div class="address"><p><tt class="email"><<a href="mailto:david@lechnyr.com">david@lechnyr.com</a>></tt></p></div></div></div></div><div><p class="pubdate">May 1, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="Further-Resources.html#id3018765">Websites</a></dt><dt><a href="Further-Resources.html#id3020416">Related updates from Microsoft</a></dt><dt><a href="Further-Resources.html#id3020431">Books</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018765"></a>Websites</h2></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
<a href="http://hr.uoregon.edu/davidrl/cifs.txt" target="_top">
|
||||||
|
<span class="emphasis"><em>CIFS: Common Insecurities Fail Scrutiny</em></span> by "Hobbit"</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://afr.com/it/2002/10/01/FFXDF43AP6D.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Doing the Samba on Windows</em></span> by Financial Review
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://ubiqx.org/cifs/" target="_top">
|
||||||
|
<span class="emphasis"><em>Implementing CIFS</em></span> by Christopher R. Hertel
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://samba.anu.edu.au/cifs/docs/what-is-smb.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Just What Is SMB?</em></span> by Richard Sharpe
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.linux-mag.com/1999-05/samba_01.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Opening Windows Everywhere</em></span> by Mike Warfield
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.tldp.org/HOWTO/SMB-HOWTO.html" target="_top">
|
||||||
|
<span class="emphasis"><em>SMB HOWTO</em></span> by David Wood
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.phrack.org/phrack/60/p60-0x0b.txt" target="_top">
|
||||||
|
<span class="emphasis"><em>SMB/CIFS by The Root</em></span> by "ledin"
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.linux-mag.com/1999-09/samba_01.html" target="_top">
|
||||||
|
<span class="emphasis"><em>The Story of Samba</em></span> by Christopher R. Hertel
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://hr.uoregon.edu/davidrl/samba/" target="_top">
|
||||||
|
<span class="emphasis"><em>The Unofficial Samba HOWTO</em></span> by David Lechnyr
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.linux-mag.com/2001-05/smb_01.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Understanding the Network Neighborhood</em></span> by Christopher R. Hertel
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.linux-mag.com/2002-02/samba_01.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Using Samba as a PDC</em></span> by Andrew Bartlett
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://ru.samba.org/samba/ftp/docs/Samba24Hc13.pdf" target="_top">
|
||||||
|
<span class="emphasis"><em>PDF version of the Troubleshooting Techniques chapter</em></span>
|
||||||
|
from the second edition of Sam's Teach Yourself Samba in 24 Hours
|
||||||
|
(publishing date of Dec. 12, 2001)</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://ru.samba.org/samba/ftp/slides/" target="_top">
|
||||||
|
<span class="emphasis"><em>Slide presentations</em></span> by Samba Team members
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.atmarkit.co.jp/flinux/special/samba3/samba3a.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Introduction to Samba 3.0</em></span> by Motonobu Takahashi
|
||||||
|
(written in Japanese). </a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.linux-mag.com/2001-05/smb_01.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Understanding the Network Neighborhood</em></span>, by team member
|
||||||
|
Chris Hertel. This article appeared in the May 2001 issue of
|
||||||
|
Linux Magazine.
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="ftp://ftp.stratus.com/pub/vos/customers/samba/" target="_top">
|
||||||
|
<span class="emphasis"><em>Samba 2.0.x Troubleshooting guide</em></span> from Paul Green
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://samba.org/samba/docs/10years.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Ten Years of Samba</em></span>
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://tldp.org/HOWTO/Samba-Authenticated-Gateway-HOWTO.html" target="_top">
|
||||||
|
<span class="emphasis"><em>Samba Authenticated Gateway HOWTO</em></span>
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://samba.org/samba/docs/SambaIntro.html" target="_top">
|
||||||
|
<span class="emphasis"><em>An Introduction to Samba</em></span>
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://www.samba.org/cifs/" target="_top">
|
||||||
|
<span class="emphasis"><em>What is CIFS?</em></span>
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://support.microsoft.com/support/kb/articles/q92/5/88.asp" target="_top">
|
||||||
|
<span class="emphasis"><em>WFWG: Password Caching and How It Affects LAN Manager
|
||||||
|
Security</em></span> at Microsoft Knowledge Base
|
||||||
|
</a>
|
||||||
|
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3020416"></a>Related updates from Microsoft</h2></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
<a href="http://support.microsoft.com/support/kb/articles/q92/5/88.asp" target="_top">
|
||||||
|
<span class="emphasis"><em>Enhanced Encryption for Windows 95 Password Cache</em></span>
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://support.microsoft.com/support/kb/articles/q136/4/18.asp" target="_top">
|
||||||
|
<span class="emphasis"><em>Windows '95 File Sharing Updates</em></span>
|
||||||
|
</a>
|
||||||
|
</p></li><li><p>
|
||||||
|
<a href="http://support.microsoft.com/support/kb/articles/q136/4/18.asp" target="_top">
|
||||||
|
<span class="emphasis"><em>Windows for Workgroups Sharing Updates</em></span>
|
||||||
|
</a>
|
||||||
|
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3020431"></a>Books</h2></div></div><div></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="DNSDHCP.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Appendixes.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ix01.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 40. DNS and DHCP Configuration Guide </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Index</td></tr></table></div></body></html>
|
175
docs/htmldocs/InterdomainTrusts.html
Normal file
175
docs/htmldocs/InterdomainTrusts.html
Normal file
@ -0,0 +1,175 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 16. Interdomain Trust Relationships</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="securing-samba.html" title="Chapter 15. Securing Samba"><link rel="next" href="msdfs.html" title="Chapter 17. Hosting a Microsoft Distributed File System tree on Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 16. Interdomain Trust Relationships</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="securing-samba.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="msdfs.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="InterdomainTrusts"></a>Chapter 16. Interdomain Trust Relationships</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Rafal</span> <span class="surname">Szczesniak</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:mimir@samba.org">mimir@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">April 3, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="InterdomainTrusts.html#id2933376">Features and Benefits</a></dt><dt><a href="InterdomainTrusts.html#id2933404">Trust Relationship Background</a></dt><dt><a href="InterdomainTrusts.html#id2933488">Native MS Windows NT4 Trusts Configuration</a></dt><dd><dl><dt><a href="InterdomainTrusts.html#id2933501">NT4 as the Trusting Domain (ie. creating the trusted account)</a></dt><dt><a href="InterdomainTrusts.html#id2933586">NT4 as the Trusted Domain (ie. creating trusted account's password)</a></dt></dl></dd><dt><a href="InterdomainTrusts.html#id2933622">Configuring Samba NT-style Domain Trusts</a></dt><dd><dl><dt><a href="InterdomainTrusts.html#id2933649">Samba-3 as the Trusting Domain</a></dt><dt><a href="InterdomainTrusts.html#id2933790">Samba-3 as the Trusted Domain</a></dt></dl></dd><dt><a href="InterdomainTrusts.html#id2933922">Common Errors</a></dt><dd><dl><dt><a href="InterdomainTrusts.html#id2933937">Tell me about Trust Relationships using Samba</a></dt></dl></dd></dl></div><p>
|
||||||
|
Samba-3 supports NT4 style domain trust relationships. This is feature that many sites
|
||||||
|
will want to use if they migrate to Samba-3 from and NT4 style domain and do NOT want to
|
||||||
|
adopt Active Directory or an LDAP based authentication back end. This section explains
|
||||||
|
some background information regarding trust relationships and how to create them. It is now
|
||||||
|
possible for Samba-3 to NT4 trust (and vice versa), as well as Samba3 to Samba3 trusts.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2933376"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Samba-3 can participate in Samba-to-Samba as well as in Samba-to-MS Windows NT4 style
|
||||||
|
trust relationships. This imparts to Samba similar scalability as is possible with
|
||||||
|
MS Windows NT4.
|
||||||
|
</p><p>
|
||||||
|
Given that Samba-3 has the capability to function with a scalable backend authentication
|
||||||
|
database such as LDAP, and given it's ability to run in Primary as well as Backup Domain control
|
||||||
|
modes, the administrator would be well advised to consider alternatives to the use of
|
||||||
|
Interdomain trusts simply because by the very nature of how this works it is fragile.
|
||||||
|
That was, after all, a key reason for the development and adoption of Microsoft Active Directory.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2933404"></a>Trust Relationship Background</h2></div></div><div></div></div><p>
|
||||||
|
MS Windows NT3.x/4.0 type security domains employ a non-hierarchical security structure.
|
||||||
|
The limitations of this architecture as it affects the scalability of MS Windows networking
|
||||||
|
in large organisations is well known. Additionally, the flat-name space that results from
|
||||||
|
this design significantly impacts the delegation of administrative responsibilities in
|
||||||
|
large and diverse organisations.
|
||||||
|
</p><p>
|
||||||
|
Microsoft developed Active Directory Service (ADS), based on Kerberos and LDAP, as a means
|
||||||
|
of circumventing the limitations of the older technologies. Not every organisation is ready
|
||||||
|
or willing to embrace ADS. For small companies the older NT4 style domain security paradigm
|
||||||
|
is quite adequate, there thus remains an entrenched user base for whom there is no direct
|
||||||
|
desire to go through a disruptive change to adopt ADS.
|
||||||
|
</p><p>
|
||||||
|
Microsoft introduced with MS Windows NT the ability to allow differing security domains
|
||||||
|
to affect a mechanism so that users from one domain may be given access rights and privileges
|
||||||
|
in another domain. The language that describes this capability is couched in terms of
|
||||||
|
<span class="emphasis"><em>Trusts</em></span>. Specifically, one domain will <span class="emphasis"><em>trust</em></span> the users
|
||||||
|
from another domain. The domain from which users are available to another security domain is
|
||||||
|
said to be a trusted domain. The domain in which those users have assigned rights and privileges
|
||||||
|
is the trusting domain. With NT3.x/4.0 all trust relationships are always in one direction only,
|
||||||
|
thus if users in both domains are to have privileges and rights in each others' domain, then it is
|
||||||
|
necessary to establish two (2) relationships, one in each direction.
|
||||||
|
</p><p>
|
||||||
|
In an NT4 style MS security domain, all trusts are non-transitive. This means that if there
|
||||||
|
are three (3) domains (let's call them RED, WHITE, and BLUE) where RED and WHITE have a trust
|
||||||
|
relationship, and WHITE and BLUE have a trust relationship, then it holds that there is no
|
||||||
|
implied trust between the RED and BLUE domains. ie: Relationships are explicit and not
|
||||||
|
transitive.
|
||||||
|
</p><p>
|
||||||
|
New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way
|
||||||
|
by default. Also, all inter-ADS domain trusts are transitive. In the case of the RED, WHITE and BLUE
|
||||||
|
domains above, with Windows 2000 and ADS the RED and BLUE domains CAN trust each other. This is
|
||||||
|
an inherent feature of ADS domains. Samba-3 implements MS Windows NT4
|
||||||
|
style Interdomain trusts and interoperates with MS Windows 200x ADS
|
||||||
|
security domains in similar manner to MS Windows NT4 style domains.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2933488"></a>Native MS Windows NT4 Trusts Configuration</h2></div></div><div></div></div><p>
|
||||||
|
There are two steps to creating an interdomain trust relationship.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2933501"></a>NT4 as the Trusting Domain (ie. creating the trusted account)</h3></div></div><div></div></div><p>
|
||||||
|
For MS Windows NT4, all domain trust relationships are configured using the
|
||||||
|
<span class="application">Domain User Manager</span>. To affect a two way trust relationship it is
|
||||||
|
necessary for each domain administrator to make available (for use by an external domain) it's
|
||||||
|
security resources. This is done from the Domain User Manager Policies entry on the menu bar.
|
||||||
|
From the <span class="guimenu">Policy</span> menu, select <span class="guimenuitem">Trust Relationships</span>, then
|
||||||
|
next to the lower box that is labelled <span class="guilabel">Permitted to Trust this Domain</span> are two
|
||||||
|
buttons, <span class="guibutton">Add</span> and <span class="guibutton">Remove</span>. The <span class="guibutton">Add</span>
|
||||||
|
button will open a panel in which needs to be entered the remote domain that will be able to assign
|
||||||
|
user rights to your domain. In addition it is necessary to enter a password
|
||||||
|
that is specific to this trust relationship. The password needs to be
|
||||||
|
typed twice (for standard confirmation).
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2933586"></a>NT4 as the Trusted Domain (ie. creating trusted account's password)</h3></div></div><div></div></div><p>
|
||||||
|
A trust relationship will work only when the other (trusting) domain makes the appropriate connections
|
||||||
|
with the trusted domain. To consummate the trust relationship the administrator will launch the
|
||||||
|
Domain User Manager, from the menu select Policies, then select Trust Relationships, then click on the
|
||||||
|
<span class="guibutton">Add</span> button that is next to the box that is labelled
|
||||||
|
<span class="guilabel">Trusted Domains</span>. A panel will open in which must be entered the name of the remote
|
||||||
|
domain as well as the password assigned to that trust.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2933622"></a>Configuring Samba NT-style Domain Trusts</h2></div></div><div></div></div><p>
|
||||||
|
This description is meant to be a fairly short introduction about how to set up a Samba server so
|
||||||
|
that it could participate in interdomain trust relationships. Trust relationship support in Samba
|
||||||
|
is in its early stage, so lot of things don't work yet.
|
||||||
|
</p><p>
|
||||||
|
Each of the procedures described below is treated as they were performed with Windows NT4 Server on
|
||||||
|
one end. The remote end could just as well be another Samba-3 domain. It can be clearly seen, after
|
||||||
|
reading this document, that combining Samba-specific parts of what's written below leads to trust
|
||||||
|
between domains in purely Samba environment.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2933649"></a>Samba-3 as the Trusting Domain</h3></div></div><div></div></div><p>
|
||||||
|
In order to set the Samba PDC to be the trusted party of the relationship first you need
|
||||||
|
to create special account for the domain that will be the trusting party. To do that,
|
||||||
|
you can use the 'smbpasswd' utility. Creating the trusted domain account is very
|
||||||
|
similar to creating a trusted machine account. Suppose, your domain is
|
||||||
|
called SAMBA, and the remote domain is called RUMBA. The first step
|
||||||
|
will be to issue this command from your favourite shell:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">root# </tt> <b class="userinput"><tt>smbpasswd -a -i rumba</tt></b>
|
||||||
|
New SMB password: XXXXXXXX
|
||||||
|
Retype SMB password: XXXXXXXX
|
||||||
|
Added user rumba$
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
where <tt class="option">-a</tt> means to add a new account into the
|
||||||
|
passdb database and <tt class="option">-i</tt> means: ''create this
|
||||||
|
account with the InterDomain trust flag''
|
||||||
|
</p><p>
|
||||||
|
The account name will be 'rumba$' (the name of the remote domain)
|
||||||
|
</p><p>
|
||||||
|
After issuing this command you'll be asked to enter the password for
|
||||||
|
the account. You can use any password you want, but be aware that Windows NT will
|
||||||
|
not change this password until 7 days following account creation.
|
||||||
|
After the command returns successfully, you can look at the entry for the new account
|
||||||
|
(in the standard way depending on your configuration) and see that account's name is
|
||||||
|
really RUMBA$ and it has 'I' flag in the flags field. Now you're ready to confirm
|
||||||
|
the trust by establishing it from Windows NT Server.
|
||||||
|
</p><p>
|
||||||
|
Open <span class="application">User Manager for Domains</span> and from menu
|
||||||
|
<span class="guimenu">Policies</span> select <span class="guimenuitem">Trust Relationships...</span>.
|
||||||
|
Right beside <span class="guilabel">Trusted domains</span> list box press the
|
||||||
|
<span class="guimenu">Add...</span> button. You will be prompted for
|
||||||
|
the trusted domain name and the relationship password. Type in SAMBA, as this is
|
||||||
|
your domain name, and the password used at the time of account creation.
|
||||||
|
Press OK and, if everything went without incident, you will see
|
||||||
|
<tt class="computeroutput">Trusted domain relationship successfully
|
||||||
|
established</tt> message.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2933790"></a>Samba-3 as the Trusted Domain</h3></div></div><div></div></div><p>
|
||||||
|
This time activities are somewhat reversed. Again, we'll assume that your domain
|
||||||
|
controlled by the Samba PDC is called SAMBA and NT-controlled domain is called RUMBA.
|
||||||
|
</p><p>
|
||||||
|
The very first thing requirement is to add an account for the SAMBA domain on RUMBA's PDC.
|
||||||
|
</p><p>
|
||||||
|
Launch the <span class="application">Domain User Manager</span>, then from the menu select
|
||||||
|
<span class="guimenu">Policies</span>, <span class="guimenuitem">Trust Relationships</span>.
|
||||||
|
Now, next to <span class="guilabel">Trusted Domains</span> box press the <span class="guibutton">Add</span>
|
||||||
|
button, and type in the name of the trusted domain (SAMBA) and password securing
|
||||||
|
the relationship.
|
||||||
|
</p><p>
|
||||||
|
The password can be arbitrarily chosen. It is easy to change the password
|
||||||
|
from the Samba server whenever you want. After confirming the password your account is
|
||||||
|
ready for use. Now it's Samba's turn.
|
||||||
|
</p><p>
|
||||||
|
Using your favourite shell while being logged in as root, issue this command:
|
||||||
|
</p><p>
|
||||||
|
<tt class="prompt">root# </tt><b class="userinput"><tt>net rpc trustdom establish rumba</tt></b>
|
||||||
|
</p><p>
|
||||||
|
You will be prompted for the password you just typed on your Windows NT4 Server box.
|
||||||
|
Do not worry if you see an error message that mentions a returned code of
|
||||||
|
<span class="errorname">NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT</span>. It means the
|
||||||
|
password you gave is correct and the NT4 Server says the account is
|
||||||
|
ready for interdomain connection and not for ordinary
|
||||||
|
connection. After that, be patient it can take a while (especially
|
||||||
|
in large networks), you should see the <tt class="computeroutput">Success</tt> message.
|
||||||
|
Congratulations! Your trust relationship has just been established.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
Note that you have to run this command as root because you must have write access to
|
||||||
|
the <tt class="filename">secrets.tdb</tt> file.
|
||||||
|
</p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2933922"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
Interdomain trust relationships should NOT be attempted on networks that are unstable
|
||||||
|
or that suffer regular outages. Network stability and integrity are key concerns with
|
||||||
|
distributed trusted domains.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2933937"></a>Tell me about Trust Relationships using Samba</h3></div></div><div></div></div><p>
|
||||||
|
Like many, I administer multiple LANs connected together using NT trust
|
||||||
|
relationships. This was implemented about 4 years ago. I now have the
|
||||||
|
occasion to consider performing this same task again, but this time, I
|
||||||
|
would like to implement it solely through samba - no Microsoft PDCs
|
||||||
|
anywhere.
|
||||||
|
</p><p>
|
||||||
|
I have read documentation on samba.org regarding NT-style trust
|
||||||
|
relationships and am now wondering, can I do what I want to? I already
|
||||||
|
have successfully implemented 2 samba servers, but they are not PDCs.
|
||||||
|
They merely act as file servers. I seem to remember, and it appears to
|
||||||
|
be true (according to samba.org) that trust relationships are a
|
||||||
|
challenge.
|
||||||
|
</p><p>
|
||||||
|
Please provide any helpful feedback that you may have.
|
||||||
|
</p><p>
|
||||||
|
These are almost complete in Samba 3.0 snapshots. The main catch
|
||||||
|
is getting winbindd to be able to allocate UID/GIDs for trusted
|
||||||
|
users/groups. See the updated Samba HOWTO collection for more
|
||||||
|
details.
|
||||||
|
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="securing-samba.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="msdfs.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 15. Securing Samba </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 17. Hosting a Microsoft Distributed File System tree on Samba</td></tr></table></div></body></html>
|
174
docs/htmldocs/IntroSMB.html
Normal file
174
docs/htmldocs/IntroSMB.html
Normal file
@ -0,0 +1,174 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 1. Introduction to Samba</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="introduction.html" title="Part I. General Installation"><link rel="previous" href="introduction.html" title="Part I. General Installation"><link rel="next" href="install.html" title="Chapter 2. How to Install and Test SAMBA"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 1. Introduction to Samba</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="introduction.html">Prev</a> </td><th width="60%" align="center">Part I. General Installation</th><td width="20%" align="right"> <a accesskey="n" href="install.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="IntroSMB"></a>Chapter 1. Introduction to Samba</h2></div><div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Lechnyr</span></h3><div class="affiliation"><span class="orgname">Unofficial HOWTO<br></span><div class="address"><p><tt class="email"><<a href="mailto:david@lechnyr.com">david@lechnyr.com</a>></tt></p></div></div></div></div><div><p class="pubdate">April 14, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="IntroSMB.html#id2885613">Background</a></dt><dt><a href="IntroSMB.html#id2885824">Terminology</a></dt><dt><a href="IntroSMB.html#id2885978">Related Projects</a></dt><dt><a href="IntroSMB.html#id2886047">SMB Methodology</a></dt><dt><a href="IntroSMB.html#id2886135">Epilogue</a></dt><dt><a href="IntroSMB.html#id2886209">Miscellaneous</a></dt></dl></div><p>“<span class="quote">
|
||||||
|
"If you understand what you're doing, you're not learning anything."
|
||||||
|
-- Anonymous
|
||||||
|
</span>”</p><p>
|
||||||
|
Samba is a file and print server for Windows-based clients using TCP/IP as the underlying
|
||||||
|
transport protocol. In fact, it can support any SMB/CIFS-enabled client. One of Samba's big
|
||||||
|
strengths is that you can use it to blend your mix of Windows and Linux machines together
|
||||||
|
without requiring a separate Windows NT/2000/2003 Server. Samba is actively being developed
|
||||||
|
by a global team of about 30 active programmers and was originally developed by Andrew Tridgell.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2885613"></a>Background</h2></div></div><div></div></div><p>
|
||||||
|
Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed
|
||||||
|
Computing Environment/Remote Procedure Calls and conceptually was a good idea. It was
|
||||||
|
originally developed by Apollo/HP as NCA 1.0 (Network Computing Architecture) and only
|
||||||
|
ran over UDP. When there was a need to run it over TCP so that it would be compatible
|
||||||
|
with DECnet 3.0, it was redesigned, submitted to The Open Group, and officially became
|
||||||
|
known as DCE/RPC. Microsoft came along and decided, rather than pay $20 per seat to
|
||||||
|
license this technology, to reimplement DCE/RPC themselves as MSRPC. From this, the
|
||||||
|
concept continued in the form of SMB (Server Message Block, or the "what") using the
|
||||||
|
NetBIOS (Network Basic Input/Output System, or the "how") compatibility layer. You can
|
||||||
|
run SMB (i.e., transport) over several different protocols; many different implementations
|
||||||
|
arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and NBT
|
||||||
|
(NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form
|
||||||
|
of implementation until the advance of "Direct-Hosted TCP" -- the Microsoft marketing
|
||||||
|
term for eliminating NetBIOS entirely and running SMB by itself across TCP port 445
|
||||||
|
only. As of yet, direct-hosted TCP has yet to catch on.
|
||||||
|
</p><p>
|
||||||
|
Perhaps the best summary of the origins of SMB are voiced in the 1997 article titled, CIFS:
|
||||||
|
Common Insecurities Fail Scrutiny:
|
||||||
|
</p><p><span class="emphasis"><em>
|
||||||
|
Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba
|
||||||
|
stuff, a few MS knowledge-base articles, strings extracted from binaries, and packet dumps have
|
||||||
|
been dutifully waded through during the information-gathering stages of this project, and there
|
||||||
|
are *still* many missing pieces... While often tedious, at least the way has been generously
|
||||||
|
littered with occurrences of clapping hand to forehead and muttering 'crikey, what are they
|
||||||
|
thinking?
|
||||||
|
</em></span></p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2885824"></a>Terminology</h2></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
SMB: Acronym for "Server Message Block". This is Microsoft's file and printer sharing protocol.
|
||||||
|
</p></li><li><p>
|
||||||
|
CIFS: Acronym for "Common Internet File System". Around 1996, Microsoft apparently
|
||||||
|
decided that SMB needed the word "Internet" in it, so they changed it to CIFS.
|
||||||
|
</p></li><li><p>
|
||||||
|
Direct-Hosted: A method of providing file/printer sharing services over port 445/tcp
|
||||||
|
only using DNS for name resolution instead of WINS.
|
||||||
|
</p></li><li><p>
|
||||||
|
IPC: Acronym for "Inter-Process Communication". A method to communicate specific
|
||||||
|
information between programs.
|
||||||
|
</p></li><li><p>
|
||||||
|
Marshalling: - A method of serializing (i.e., sequential ordering of) variable data
|
||||||
|
suitable for transmission via a network connection or storing in a file. The source
|
||||||
|
data can be re-created using a similar process called unmarshalling.
|
||||||
|
</p></li><li><p>
|
||||||
|
NetBIOS: Acronym for "Network Basic Input/Output System". This is not a protocol;
|
||||||
|
it is a method of communication across an existing protocol. This is a standard which
|
||||||
|
was originally developed for IBM by Sytek in 1983. To exaggerate the analogy a bit,
|
||||||
|
it can help to think of this in comparison your computer's BIOS -- it controls the
|
||||||
|
essential functions of your input/output hardware -- whereas NetBIOS controls the
|
||||||
|
essential functions of your input/output traffic via the network. Again, this is a bit
|
||||||
|
of an exaggeration but it should help that paradigm shift. What is important to realize
|
||||||
|
is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically
|
||||||
|
brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second
|
||||||
|
thought; this will cause no end (and no doubt) of confusion.
|
||||||
|
</p></li><li><p>
|
||||||
|
NetBEUI: Acronym for the "NetBIOS Extended User Interface". Unlike NetBIOS, NetBEUI
|
||||||
|
is a protocol, not a standard. It is also not routable, so traffic on one side of a
|
||||||
|
router will be unable to communicate with the other side. Understanding NetBEUI is
|
||||||
|
not essential to deciphering SMB; however it helps to point out that it is not the
|
||||||
|
same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally
|
||||||
|
referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver".
|
||||||
|
It is not often heard from these days.
|
||||||
|
</p></li><li><p>
|
||||||
|
NBT: Acronym for "NetBIOS over TCP"; also known as "NetBT". Allows the continued use
|
||||||
|
of NetBIOS traffic proxied over TCP/IP. As a result, NetBIOS names are made
|
||||||
|
to IP addresses and NetBIOS name types are conceptually equivalent to TCP/IP ports.
|
||||||
|
This is how file and printer sharing are accomplished in Windows 95/98/ME. They
|
||||||
|
traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port 137,
|
||||||
|
NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service
|
||||||
|
(nbsession) via TCP port 139. All name resolution is done via WINS, NetBIOS broadcasts,
|
||||||
|
and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002
|
||||||
|
(Detailed specifications).
|
||||||
|
</p></li><li><p>
|
||||||
|
W2K: Acronym for Windows 2000 Professional or Server
|
||||||
|
</p></li><li><p>
|
||||||
|
W3K: Acronym for Windows 2003 Server
|
||||||
|
</p></li></ul></div><p>If you plan on getting help, make sure to subscribe to the Samba Mailing List (available at
|
||||||
|
<a href="http://www.samba.org/" target="_top">http://www.samba.org</a>).
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2885978"></a>Related Projects</h2></div></div><div></div></div><p>
|
||||||
|
There are currently two network filesystem client projects for Linux that are directly
|
||||||
|
related to Samba: SMBFS and CIFS VFS. These are both available in the Linux kernel itself.
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
SMBFS (Server Message Block File System) allows you to mount SMB shares (the protocol
|
||||||
|
that Microsoft Windows and OS/2 Lan Manager use to share files and printers
|
||||||
|
over local networks) and access them just like any other Unix directory. This is useful
|
||||||
|
if you just want to mount such filesystems without being a SMBFS server.
|
||||||
|
</p></li><li><p>
|
||||||
|
CIFS VFS (Common Internet File System Virtual File System) is the successor to SMBFS, and
|
||||||
|
is being actively developed for the upcoming version of the Linux kernel. The intent of this module
|
||||||
|
is to provide advanced network file system functionality including support for dfs (hierarchical
|
||||||
|
name space), secure per-user session establishment, safe distributed caching (oplock),
|
||||||
|
optional packet signing, Unicode and other internationalization improvements, and optional
|
||||||
|
Winbind (nsswitch) integration.
|
||||||
|
</p></li></ul></div><p>
|
||||||
|
Again, it's important to note that these are implementations for client filesystems, and have
|
||||||
|
nothing to do with acting as a file and print server for SMB/CIFS clients.
|
||||||
|
</p><p>
|
||||||
|
There are other Open Source CIFS client implementations, such as the
|
||||||
|
<a href="http://jcifs.samba.org/" target="_top">jCIFS project</a>
|
||||||
|
which provides an SMB client toolkit written in Java.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2886047"></a>SMB Methodology</h2></div></div><div></div></div><p>
|
||||||
|
Traditionally, SMB uses UDP port 137 (NetBIOS name service, or netbios-ns),
|
||||||
|
UDP port 138 (NetBIOS datagram service, or netbios-dgm), and TCP port 139 (NetBIOS
|
||||||
|
session service, or netbios-ssn). Anyone looking at their network with a good
|
||||||
|
packet sniffer will be amazed at the amount of traffic generated by just opening
|
||||||
|
up a single file. In general, SMB sessions are established in the following order:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
"TCP Connection" - establish 3-way handshake (connection) to port 139/tcp
|
||||||
|
or 445/tcp.
|
||||||
|
</p></li><li><p>
|
||||||
|
"NetBIOS Session Request" - using the following "Calling Names": The local
|
||||||
|
machine's NetBIOS name plus the 16th character 0x00; The server's NetBIOS
|
||||||
|
name plus the 16th character 0x20
|
||||||
|
</p></li><li><p>
|
||||||
|
"SMB Negotiate Protocol" - determine the protocol dialect to use, which will
|
||||||
|
be one of the following: PC Network Program 1.0 (Core) - share level security
|
||||||
|
mode only; Microsoft Networks 1.03 (Core Plus) - share level security
|
||||||
|
mode only; Lanman1.0 (LAN Manager 1.0) - uses Challenge/Response
|
||||||
|
Authentication; Lanman2.1 (LAN Manager 2.1) - uses Challenge/Response
|
||||||
|
Authentication; NT LM 0.12 (NT LM 0.12) - uses Challenge/Response
|
||||||
|
Authentication
|
||||||
|
</p></li><li><p>
|
||||||
|
SMB Session Startup. Passwords are encrypted (or not) according to one of
|
||||||
|
the following methods: Null (no encryption); Cleartext (no encryption); LM
|
||||||
|
and NTLM; NTLM; NTLMv2
|
||||||
|
</p></li><li><p>
|
||||||
|
SMB Tree Connect: Connect to a share name (e.g., \\servername\share); Connect
|
||||||
|
to a service type (e.g., IPC$ named pipe)
|
||||||
|
</p></li></ul></div><p>
|
||||||
|
A good way to examine this process in depth is to try out
|
||||||
|
<a href="http://www.securityfriday.com/ToolDownload/SWB/swb_doc.html" target="_top">SecurityFriday's SWB program</a>.
|
||||||
|
It allows you to walk through the establishment of a SMB/CIFS session step by step.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2886135"></a>Epilogue</h2></div></div><div></div></div><p>“<span class="quote">
|
||||||
|
What's fundamentally wrong is that nobody ever had any taste when they
|
||||||
|
did it. Microsoft has been very much into making the user interface look good,
|
||||||
|
but internally it's just a complete mess. And even people who program for Microsoft
|
||||||
|
and who have had years of experience, just don't know how it works internally.
|
||||||
|
Worse, nobody dares change it. Nobody dares to fix bugs because it's such a
|
||||||
|
mess that fixing one bug might just break a hundred programs that depend on
|
||||||
|
that bug. And Microsoft isn't interested in anyone fixing bugs -- they're interested
|
||||||
|
in making money. They don't have anybody who takes pride in Windows 95 as an
|
||||||
|
operating system.
|
||||||
|
</span>”</p><p>“<span class="quote">
|
||||||
|
People inside Microsoft know it's a bad operating system and they still
|
||||||
|
continue obviously working on it because they want to get the next version out
|
||||||
|
because they want to have all these new features to sell more copies of the
|
||||||
|
system.
|
||||||
|
</span>”</p><p>“<span class="quote">
|
||||||
|
The problem with that is that over time, when you have this kind of approach,
|
||||||
|
and because nobody understands it, because nobody REALLY fixes bugs (other than
|
||||||
|
when they're really obvious), the end result is really messy. You can't trust
|
||||||
|
it because under certain circumstances it just spontaneously reboots or just
|
||||||
|
halts in the middle of something that shouldn't be strange. Normally it works
|
||||||
|
fine and then once in a blue moon for some completely unknown reason, it's dead,
|
||||||
|
and nobody knows why. Not Microsoft, not the experienced user and certainly
|
||||||
|
not the completely clueless user who probably sits there shivering thinking
|
||||||
|
"What did I do wrong?" when they didn't do anything wrong at all.
|
||||||
|
</span>”</p><p>“<span class="quote">
|
||||||
|
That's what's really irritating to me."
|
||||||
|
</span>”</p><p>--
|
||||||
|
<a href="http://hr.uoregon.edu/davidrl/boot.txt" target="_top">Linus Torvalds, from an interview with BOOT Magazine, Sept 1998</a>
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2886209"></a>Miscellaneous</h2></div></div><div></div></div><p>
|
||||||
|
This chapter is Copyright 2003 David Lechnyr (david at lechnyr dot com).
|
||||||
|
Permission is granted to copy, distribute and/or modify this document under the terms
|
||||||
|
of the GNU Free Documentation License, Version 1.2 or any later version published by the Free
|
||||||
|
Software Foundation. A copy of the license is available at http://www.gnu.org/licenses/fdl.txt.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="introduction.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="introduction.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="install.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part I. General Installation </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 2. How to Install and Test SAMBA</td></tr></table></div></body></html>
|
202
docs/htmldocs/NT4Migration.html
Normal file
202
docs/htmldocs/NT4Migration.html
Normal file
@ -0,0 +1,202 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 31. Migration from NT4 PDC to Samba-3 PDC</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="migration.html" title="Part IV. Migration and Updating"><link rel="previous" href="upgrading-to-3.0.html" title="Chapter 30. Upgrading from Samba-2.x to Samba-3.0.0"><link rel="next" href="SWAT.html" title="Chapter 32. SWAT - The Samba Web Administration Tool"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 31. Migration from NT4 PDC to Samba-3 PDC</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="upgrading-to-3.0.html">Prev</a> </td><th width="60%" align="center">Part IV. Migration and Updating</th><td width="20%" align="right"> <a accesskey="n" href="SWAT.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="NT4Migration"></a>Chapter 31. Migration from NT4 PDC to Samba-3 PDC</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">April 3, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="NT4Migration.html#id3001339">Planning and Getting Started</a></dt><dd><dl><dt><a href="NT4Migration.html#id3001368">Objectives</a></dt><dt><a href="NT4Migration.html#id3004043">Steps In Migration Process</a></dt></dl></dd><dt><a href="NT4Migration.html#id3004381">Migration Options</a></dt><dd><dl><dt><a href="NT4Migration.html#id3004462">Planning for Success</a></dt><dt><a href="NT4Migration.html#id3004704">Samba Implementation Choices</a></dt></dl></dd></dl></div><p>
|
||||||
|
This is a rough guide to assist those wishing to migrate from NT4 domain control to
|
||||||
|
Samba-3 based domain control.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3001339"></a>Planning and Getting Started</h2></div></div><div></div></div><p>
|
||||||
|
In the IT world there is often a saying that all problems are encountered because of
|
||||||
|
poor planning. The corollary to this saying is that not all problems can be anticipated
|
||||||
|
and planned for. Then again, good planning will anticipate most show stopper type situations.
|
||||||
|
</p><p>
|
||||||
|
Those wishing to migrate from MS Windows NT4 domain control to a Samba-3 domain control
|
||||||
|
environment would do well to develop a detailed migration plan. So here are a few pointers to
|
||||||
|
help migration get under way.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3001368"></a>Objectives</h3></div></div><div></div></div><p>
|
||||||
|
The key objective for most organisations will be to make the migration from MS Windows NT4
|
||||||
|
to Samba-3 domain control as painless as possible. One of the challenges you may experience
|
||||||
|
in your migration process may well be one of convincing management that the new environment
|
||||||
|
should remain in place. Many who have introduced open source technologies have experienced
|
||||||
|
pressure to return to a Microsoft based platform solution at the first sign of trouble.
|
||||||
|
</p><p>
|
||||||
|
It is strongly advised that before attempting a migration to a Samba-3 controlled network
|
||||||
|
that every possible effort be made to gain all-round commitment to the change. Firstly, you
|
||||||
|
should know precisely <span class="emphasis"><em>why</em></span> the change is important for the organisation.
|
||||||
|
Possible motivations to make a change include:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Improve network manageability</td></tr><tr><td>Obtain better user level functionality</td></tr><tr><td>Reduce network operating costs</td></tr><tr><td>Reduce exposure caused by Microsoft withdrawal of NT4 support</td></tr><tr><td>Avoid MS License 6 implications</td></tr><tr><td>Reduce organisation's dependency on Microsoft</td></tr></table><p>
|
||||||
|
It is vital that it be well recognised that Samba-3 is NOT MS Windows NT4. Samba-3 offers
|
||||||
|
an alternative solution that is both different from MS Windows NT4 and that offers some
|
||||||
|
advantages compared with it. It should also be recognised that Samba-3 lacks many of the
|
||||||
|
features that Microsoft has promoted as core values in migration from MS Windows NT4 to
|
||||||
|
MS Windows 2000 and beyond (with or without Active Directory services).
|
||||||
|
</p><p>
|
||||||
|
What are the features that Samba-3 can NOT provide?
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Active Directory Server</td></tr><tr><td>Group Policy Objects (in Active Directory)</td></tr><tr><td>Machine Policy objects</td></tr><tr><td>Logon Scripts in Active Directory</td></tr><tr><td>Software Application and Access Controls in Active Directory</td></tr></table><p>
|
||||||
|
The features that Samba-3 DOES provide and that may be of compelling interest to your site
|
||||||
|
includes:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Lower Cost of Ownership</td></tr><tr><td>Global availability of support with no strings attached</td></tr><tr><td>Dynamic SMB Servers (ie:Can run more than one server per Unix/Linux system)</td></tr><tr><td>Creation of on-the-fly logon scripts</td></tr><tr><td>Creation of on-the-fly Policy Files</td></tr><tr><td>Greater Stability, Reliability, Performance and Availability</td></tr><tr><td>Manageability via an ssh connection</td></tr><tr><td>Flexible choices of back-end authentication technologies (tdbsam, ldapsam, mysqlsam)</td></tr><tr><td>Ability to implement a full single-sign-on architecture</td></tr><tr><td>Ability to distribute authentication systems for absolute minimum wide area network bandwidth demand</td></tr></table><p>
|
||||||
|
Before migrating a network from MS Windows NT4 to Samba-3 it is vital that all necessary factors are
|
||||||
|
considered. Users should be educated about changes they may experience so that the change will be a
|
||||||
|
welcome one and not become an obstacle to the work they need to do. The following are some of the
|
||||||
|
factors that will go into a successful migration:
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id3002882"></a>Domain Layout</h4></div></div><div></div></div><p>
|
||||||
|
Samba-3 can be configured as a domain controller, a back-up domain controller (probably best called
|
||||||
|
a secondary controller), a domain member, or as a stand-alone server. The Windows network security
|
||||||
|
domain context should be sized and scoped before implementation. Particular attention needs to be
|
||||||
|
paid to the location of the primary domain controller (PDC) as well as backup controllers (BDCs).
|
||||||
|
It should be noted that one way in which Samba-3 differs from Microsoft technology is that if one
|
||||||
|
chooses to use an LDAP authentication backend then the same database can be used by several different
|
||||||
|
domains. This means that in a complex organisation there can be a single LDAP database, that itself
|
||||||
|
can be distributed, that can simultaneously serve multiple domains (that can also be widely distributed).
|
||||||
|
</p><p>
|
||||||
|
It is recommended that from a design perspective, the number of users per server, as well as the number
|
||||||
|
of servers, per domain should be scaled according to needs and should also consider server capacity
|
||||||
|
and network bandwidth.
|
||||||
|
</p><p>
|
||||||
|
A physical network segment may house several domains, each of which may span multiple network segments.
|
||||||
|
Where domains span routed network segments it is most advisable to consider and test the performance
|
||||||
|
implications of the design and layout of a network. A Centrally located domain controller that is being
|
||||||
|
designed to serve multiple routed network segments may result in severe performance problems if the
|
||||||
|
response time (eg: ping timing) between the remote segment and the PDC is more than 100 ms. In situations
|
||||||
|
where the delay is too long it is highly recommended to locate a backup controller (BDC) to serve as
|
||||||
|
the local authentication and access control server.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id3002935"></a>Server Share and Directory Layout</h4></div></div><div></div></div><p>
|
||||||
|
There are few cardinal rules to effective network design that can be broken with impunity.
|
||||||
|
The most important rule of effective network management is that simplicity is king in every
|
||||||
|
well controlled network. Every part of the infrastructure must be managed, the more complex
|
||||||
|
it is, the greater will be the demand of keeping systems secure and functional.
|
||||||
|
</p><p>
|
||||||
|
The nature of the data that must be stored needs to be born in mind when deciding how many
|
||||||
|
shares must be created. The physical disk space layout should also be taken into account
|
||||||
|
when designing where share points will be created. Keep in mind that all data needs to be
|
||||||
|
backed up, thus the simpler the disk layout the easier it will be to keep track of what must
|
||||||
|
be backed up to tape or other off-line storage medium. Always plan and implement for minimum
|
||||||
|
maintenance. Leave nothing to chance in your design, above all, do not leave backups to chance:
|
||||||
|
Backup and test, validate every backup, create a disaster recovery plan and prove that it works.
|
||||||
|
</p><p>
|
||||||
|
Users should be grouped according to data access control needs. File and directory access
|
||||||
|
is best controlled via group permissions and the use of the "sticky bit" on group controlled
|
||||||
|
directories may substantially avoid file access complaints from samba share users.
|
||||||
|
</p><p>
|
||||||
|
Many network administrators who are new to the game will attempt to use elaborate techniques
|
||||||
|
to set access controls, on files, directories, shares, as well as in share definitions.
|
||||||
|
There is the ever present danger that that administrator's successor will not understand the
|
||||||
|
complex mess that has been inherited. Remember, apparent job security through complex design
|
||||||
|
and implementation may ultimately cause loss of operations and downtime to users as the new
|
||||||
|
administrator learns to untangle your web. Keep access controls simple and effective and
|
||||||
|
make sure that users will never be interrupted by the stupidity of complexity.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id3002997"></a>Logon Scripts</h4></div></div><div></div></div><p>
|
||||||
|
Please refer to the section of this document on Advanced Network Administration for information
|
||||||
|
regarding the network logon script options for Samba-3. Logon scripts can help to ensure that
|
||||||
|
all users gain share and printer connections they need.
|
||||||
|
</p><p>
|
||||||
|
Logon scripts can be created on-the-fly so that all commands executed are specific to the
|
||||||
|
rights and privileges granted to the user. The preferred controls should be affected through
|
||||||
|
group membership so that group information can be used to custom create a logon script using
|
||||||
|
the <i class="parameter"><tt>root preexec</tt></i> parameters to the <tt class="filename">NETLOGON</tt> share.
|
||||||
|
</p><p>
|
||||||
|
Some sites prefer to use a tool such as <b class="command">kixstart</b> to establish a controlled
|
||||||
|
user environment. In any case you may wish to do a google search for logon script process controls.
|
||||||
|
In particular, you may wish to explore the use of the Microsoft knowledgebase article KB189105 that
|
||||||
|
deals with how to add printers without user intervention via the logon script process.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id3003055"></a>Profile Migration/Creation</h4></div></div><div></div></div><p>
|
||||||
|
User and Group Profiles may be migrated using the tools described in the section titled Desktop Profile
|
||||||
|
Management.
|
||||||
|
</p><p>
|
||||||
|
Profiles may also be managed using the Samba-3 tool <b class="command">profiles</b>. This tool allows
|
||||||
|
the MS Windows NT style security identifiers (SIDs) that are stored inside the profile NTuser.DAT file
|
||||||
|
to be changed to the SID of the Samba-3 domain.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id3004018"></a>User and Group Accounts</h4></div></div><div></div></div><p>
|
||||||
|
It is possible to migrate all account settings from an MS Windows NT4 domain to Samba-3. Before
|
||||||
|
attempting to migrate user and group accounts it is STRONGLY advised to create in Samba-3 the
|
||||||
|
groups that are present on the MS Windows NT4 domain <span class="emphasis"><em>AND</em></span> to connect these to
|
||||||
|
suitable Unix/Linux groups. Following this simple advice will mean that all user and group attributes
|
||||||
|
should migrate painlessly.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3004043"></a>Steps In Migration Process</h3></div></div><div></div></div><p>
|
||||||
|
The approximate migration process is described below.
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
You will have an NT4 PDC that has the users, groups, policies and profiles to be migrated
|
||||||
|
</p></li><li><p>
|
||||||
|
Samba-3 set up as a DC with netlogon share, profile share, etc.
|
||||||
|
</p></li></ul></div><div class="procedure"><p class="title"><b>Procedure 31.1. The Account Migration Process</b></p><ol type="1"><li><p>Create a BDC account for the samba server using NT Server Manager</p><ol type="a"><li><p>Samba must NOT be running</p></li></ol></li><li><p><b class="userinput"><tt>rpcclient <i class="replaceable"><tt>NT4PDC</tt></i> -U Administrator%<i class="replaceable"><tt>passwd</tt></i></tt></b></p><ol type="a"><li><p>lsaquery</p></li><li><p>Note the SID returned</p></li></ol></li><li><p><b class="userinput"><tt>net getsid -S <i class="replaceable"><tt>NT4PDC</tt></i> -w <i class="replaceable"><tt>DOMNAME</tt></i> -U Administrator%<i class="replaceable"><tt>passwd</tt></i></tt></b></p><ol type="a"><li><p>Note the SID</p></li></ol></li><li><p><b class="userinput"><tt>net getlocalsid</tt></b></p><ol type="a"><li><p>Note the SID, now check that all three SIDS reported are the same!</p></li></ol></li><li><p><b class="userinput"><tt>net rpc join -S <i class="replaceable"><tt>NT4PDC</tt></i> -w <i class="replaceable"><tt>DOMNAME</tt></i> -U Administrator%<i class="replaceable"><tt>passwd</tt></i></tt></b></p></li><li><p><b class="userinput"><tt>net rpc vampire -S <i class="replaceable"><tt>NT4PDC</tt></i> -U administrator%<i class="replaceable"><tt>passwd</tt></i></tt></b></p></li><li><p><b class="userinput"><tt>pdbedit -L</tt></b></p><ol type="a"><li><p>Note - did the users migrate?</p></li></ol></li><li><p><b class="userinput"><tt>initGrps.sh <i class="replaceable"><tt>DOMNAME</tt></i></tt></b></p></li><li><p><b class="userinput"><tt>net groupmap list</tt></b></p><ol type="a"><li><p>Now check that all groups are recognised</p></li></ol></li><li><p><b class="userinput"><tt>net rpc vampire -S <i class="replaceable"><tt>NT4PDC</tt></i> -U administrator%<i class="replaceable"><tt>passwd</tt></i></tt></b></p></li><li><p><b class="userinput"><tt>pdbedit -Lv</tt></b></p><ol type="a"><li><p>Note - check that all group membership has been migrated</p></li></ol></li></ol></div><p>
|
||||||
|
Now it is time to migrate all the profiles, then migrate all policy files.
|
||||||
|
More later.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3004381"></a>Migration Options</h2></div></div><div></div></div><p>
|
||||||
|
Based on feedback from many sites as well as from actual installation and maintenance
|
||||||
|
experience sites that wish to migrate from MS Windows NT4 Domain Control to a Samba
|
||||||
|
based solution fit into three basic categories.
|
||||||
|
</p><div class="table"><a name="id3004398"></a><p class="title"><b>Table 31.1. The 3 Major Site Types</b></p><table summary="The 3 Major Site Types" border="1"><colgroup><col><col></colgroup><thead><tr><th>Number of Users</th><th>Description</th></tr></thead><tbody><tr><td>< 50</td><td><p>Want simple conversion with NO pain</p></td></tr><tr><td>50 - 250</td><td><p>Want new features, can manage some in-house complexity</p></td></tr><tr><td>> 250</td><td><p>Solution/Implementation MUST scale well, complex needs. Cross departmental decision process. Local expertise in most areas</p></td></tr></tbody></table></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3004462"></a>Planning for Success</h3></div></div><div></div></div><p>
|
||||||
|
There are three basic choices for sites that intend to migrate from MS Windows NT4
|
||||||
|
to Samba-3.
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
Simple Conversion (total replacement)
|
||||||
|
</p></li><li><p>
|
||||||
|
Upgraded Conversion (could be one of integration)
|
||||||
|
</p></li><li><p>
|
||||||
|
Complete Redesign (completely new solution)
|
||||||
|
</p></li></ul></div><p>
|
||||||
|
No matter what choice you make, the following rules will minimise down-stream problems:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
Take sufficient time
|
||||||
|
</p></li><li><p>
|
||||||
|
Avoid Panic
|
||||||
|
</p></li><li><p>
|
||||||
|
Test ALL assumptions
|
||||||
|
</p></li><li><p>
|
||||||
|
Test full roll-out program, including workstation deployment
|
||||||
|
</p></li></ul></div><div class="table"><a name="id3004535"></a><p class="title"><b>Table 31.2. Nature of the Conversion Choices</b></p><table summary="Nature of the Conversion Choices" border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Simple</th><th>Upgraded</th><th>Redesign</th></tr></thead><tbody><tr><td><p>Make use of minimal OS specific features</p></td><td><p>Translate NT4 features to new host OS features</p></td><td><p>Decide:</p></td></tr><tr><td><p>Suck all accounts from NT4 into Samba-3</p></td><td><p>Copy and improve:</p></td><td><p>Authentication Regime (database location and access)</p></td></tr><tr><td><p>Make least number of operational changes</p></td><td><p>Make progressive improvements</p></td><td><p>Desktop Management Methods</p></td></tr><tr><td><p>Take least amount of time to migrate</p></td><td><p>Minimise user impact</p></td><td><p>Better Control of Desktops / Users</p></td></tr><tr><td><p>Live versus Isolated Conversion</p></td><td><p>Maximise functionality</p></td><td><p>Identify Needs for: Manageability, Scalability, Security, Availability</p></td></tr><tr><td><p>Integrate Samba-3 then migrate while users are active, then Change of control (ie: swap out)</p></td><td><p>Take advantage of lower maintenance opportunity</p></td><td><p></p></td></tr></tbody></table></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3004704"></a>Samba Implementation Choices</h3></div></div><div></div></div><pre class="programlisting">
|
||||||
|
Authentication database back end
|
||||||
|
Winbind (external Samba or NT4/200x server)
|
||||||
|
Can use pam_mkhomedir.so to auto-create home dirs
|
||||||
|
External server could use Active Directory or NT4 Domain
|
||||||
|
|
||||||
|
Database type
|
||||||
|
smbpasswd, tdbsam, ldapsam, mysqlsam
|
||||||
|
|
||||||
|
Access Control Points
|
||||||
|
On the Share itself (Use NT4 Server Manager)
|
||||||
|
On the file system
|
||||||
|
Unix permissions on files and directories
|
||||||
|
Enable Posix ACLs in file system?
|
||||||
|
Through Samba share parameters
|
||||||
|
Not recommended - except as only resort
|
||||||
|
|
||||||
|
Policies (migrate or create new ones)
|
||||||
|
Group Policy Editor (NT4)
|
||||||
|
Watch out for Tattoo effect
|
||||||
|
|
||||||
|
User and Group Profiles
|
||||||
|
Platform specific so use platform tool to change from a Local
|
||||||
|
to a Roaming profile Can use new profiles tool to change SIDs
|
||||||
|
(NTUser.DAT)
|
||||||
|
|
||||||
|
Logon Scripts (Know how they work)
|
||||||
|
|
||||||
|
User and Group mapping to Unix/Linux
|
||||||
|
username map facility may be needed
|
||||||
|
Use 'net groupmap' to connect NT4 groups to Unix groups
|
||||||
|
Use pdbedit to set/change user configuration
|
||||||
|
NOTE:
|
||||||
|
If migrating to LDAP back end it may be easier to dump initial LDAP database
|
||||||
|
to LDIF, then edit, then reload into LDAP
|
||||||
|
|
||||||
|
OS specific scripts / programs may be needed
|
||||||
|
Add / delete Users
|
||||||
|
Note OS limits on size of name (Linux 8 chars)
|
||||||
|
NT4 up to 254 chars
|
||||||
|
Add / delete machines
|
||||||
|
Applied only to domain members (note up to 16 chars)
|
||||||
|
Add / delete Groups
|
||||||
|
Note OS limits on size and nature
|
||||||
|
Linux limit is 16 char,
|
||||||
|
no spaces and no upper case chars (groupadd)
|
||||||
|
|
||||||
|
Migration Tools
|
||||||
|
Domain Control (NT4 Style)
|
||||||
|
Profiles, Policies, Access Controls, Security
|
||||||
|
|
||||||
|
Migration Tools
|
||||||
|
Samba: net, rpcclient, smbpasswd, pdbedit, profiles
|
||||||
|
Windows: NT4 Domain User Manager, Server Manager (NEXUS)
|
||||||
|
|
||||||
|
Authentication
|
||||||
|
New SAM back end (smbpasswd, tdbsam, ldapsam, mysqlsam)
|
||||||
|
</pre><p>
|
||||||
|
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="upgrading-to-3.0.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="migration.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="SWAT.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 30. Upgrading from Samba-2.x to Samba-3.0.0 </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 32. SWAT - The Samba Web Administration Tool</td></tr></table></div></body></html>
|
957
docs/htmldocs/NetworkBrowsing.html
Normal file
957
docs/htmldocs/NetworkBrowsing.html
Normal file
@ -0,0 +1,957 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 10. Samba / MS Windows Network Browsing Guide</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="optional.html" title="Part III. Advanced Configuration"><link rel="next" href="passdb.html" title="Chapter 11. Account Information Databases"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Samba / MS Windows Network Browsing Guide</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="optional.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="passdb.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="NetworkBrowsing"></a>Chapter 10. Samba / MS Windows Network Browsing Guide</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">July 5, 1998</p></div><div><p class="pubdate">Updated: April 21, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="NetworkBrowsing.html#id2903558">Features and Benefits</a></dt><dt><a href="NetworkBrowsing.html#id2903637">What is Browsing?</a></dt><dt><a href="NetworkBrowsing.html#id2903747">Discussion</a></dt><dd><dl><dt><a href="NetworkBrowsing.html#id2903764">NetBIOS over TCP/IP</a></dt><dt><a href="NetworkBrowsing.html#id2903926">TCP/IP - without NetBIOS</a></dt><dt><a href="NetworkBrowsing.html#id2904058">DNS and Active Directory</a></dt></dl></dd><dt><a href="NetworkBrowsing.html#id2904194">How Browsing Functions</a></dt><dd><dl><dt><a href="NetworkBrowsing.html#id2904320">Setting up WORKGROUP Browsing</a></dt><dt><a href="NetworkBrowsing.html#id2904541">Setting up DOMAIN Browsing</a></dt><dt><a href="NetworkBrowsing.html#browse-force-master">Forcing Samba to be the master</a></dt><dt><a href="NetworkBrowsing.html#id2904811">Making Samba the domain master</a></dt><dt><a href="NetworkBrowsing.html#id2904967">Note about broadcast addresses</a></dt><dt><a href="NetworkBrowsing.html#id2904984">Multiple interfaces</a></dt><dt><a href="NetworkBrowsing.html#id2905013">Use of the Remote Announce parameter</a></dt><dt><a href="NetworkBrowsing.html#id2905122">Use of the Remote Browse Sync parameter</a></dt></dl></dd><dt><a href="NetworkBrowsing.html#id2905183">WINS - The Windows Internetworking Name Server</a></dt><dd><dl><dt><a href="NetworkBrowsing.html#id2905341">Setting up a WINS server</a></dt><dt><a href="NetworkBrowsing.html#id2905540">WINS Replication</a></dt><dt><a href="NetworkBrowsing.html#id2905565">Static WINS Entries</a></dt></dl></dd><dt><a href="NetworkBrowsing.html#id2905650">Helpful Hints</a></dt><dd><dl><dt><a href="NetworkBrowsing.html#id2905663">Windows Networking Protocols</a></dt><dt><a href="NetworkBrowsing.html#id2905730">Name Resolution Order</a></dt></dl></dd><dt><a href="NetworkBrowsing.html#id2905867">Technical Overview of browsing</a></dt><dd><dl><dt><a href="NetworkBrowsing.html#id2905914">Browsing support in Samba</a></dt><dt><a href="NetworkBrowsing.html#id2906021">Problem resolution</a></dt><dt><a href="NetworkBrowsing.html#id2906100">Browsing across subnets</a></dt></dl></dd><dt><a href="NetworkBrowsing.html#id2906720">Common Errors</a></dt><dd><dl><dt><a href="NetworkBrowsing.html#id2906735">How can one flush the Samba NetBIOS name cache without restarting Samba?</a></dt><dt><a href="NetworkBrowsing.html#id2906764">My client reports "This server is not configured to list shared resources"</a></dt></dl></dd></dl></div><p>
|
||||||
|
This document contains detailed information as well as a fast track guide to
|
||||||
|
implementing browsing across subnets and / or across workgroups (or domains).
|
||||||
|
WINS is the best tool for resolution of NetBIOS names to IP addresses. WINS is
|
||||||
|
NOT involved in browse list handling except by way of name to address resolution.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
MS Windows 2000 and later can be configured to operate with NO NetBIOS
|
||||||
|
over TCP/IP. Samba-3 and later also supports this mode of operation.
|
||||||
|
When the use of NetBIOS over TCP/IP has been disabled then the primary
|
||||||
|
means for resolution of MS Windows machine names is via DNS and Active Directory.
|
||||||
|
The following information assumes that your site is running NetBIOS over TCP/IP.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2903558"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Someone once referred to the past in terms of: <span class="emphasis"><em>They were the worst of times,
|
||||||
|
they were the best of times. The more we look back, them more we long for what was and
|
||||||
|
hope it never returns!</em></span>.
|
||||||
|
</p><p>
|
||||||
|
For many MS Windows network administrators, that statement sums up their feelings about
|
||||||
|
NetBIOS networking precisely. For those who mastered NetBIOS networking, its fickle
|
||||||
|
nature was just par for the course. For those who never quite managed to tame its
|
||||||
|
lusty features, NetBIOS is like Paterson's Curse.
|
||||||
|
</p><p>
|
||||||
|
For those not familiar with botanical problems in Australia: Paterson's curse,
|
||||||
|
Echium plantagineum, was introduced to Australia from Europe during the mid-nineteenth
|
||||||
|
century. Since then it has spread rapidly. The high seed production, with densities of
|
||||||
|
thousands of seeds per square metre, a seed longevity of more than seven years, and an
|
||||||
|
ability to germinate at any time of year, given the right conditions, are some of the
|
||||||
|
features which make it such a persistent weed.
|
||||||
|
</p><p>
|
||||||
|
In this chapter we explore vital aspects of SMB (Server Message Block) networking with
|
||||||
|
a particular focus on SMB as implemented through running NetBIOS (Network Basic
|
||||||
|
Input / Output System) over TCP/IP. Since Samba does NOT implement SMB or NetBIOS over
|
||||||
|
any other protocols we need to know how to configure our network environment and simply
|
||||||
|
remember to use nothing but TCP/IP on all our MS Windows network clients.
|
||||||
|
</p><p>
|
||||||
|
Samba provides the ability to implement a WINS (Windows Internetworking Name Server)
|
||||||
|
and implements extensions to Microsoft's implementation of WINS. These extensions
|
||||||
|
help Samba to affect stable WINS operations beyond the normal scope of MS WINS.
|
||||||
|
</p><p>
|
||||||
|
Please note that WINS is exclusively a service that applies only to those systems
|
||||||
|
that run NetBIOS over TCP/IP. MS Windows 200x / XP have the capacity to turn off
|
||||||
|
support for NetBIOS, in which case WINS is of no relevance. Samba-3 supports this also.
|
||||||
|
</p><p>
|
||||||
|
For those networks on which NetBIOS has been disabled (ie: WINS is NOT required)
|
||||||
|
the use of DNS is necessary for host name resolution.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2903637"></a>What is Browsing?</h2></div></div><div></div></div><p>
|
||||||
|
To most people browsing means that they can see the MS Windows and Samba servers
|
||||||
|
in the Network Neighborhood, and when the computer icon for a particular server is
|
||||||
|
clicked, it opens up and shows the shares and printers available on the target server.
|
||||||
|
</p><p>
|
||||||
|
What seems so simple is in fact a very complex interaction of different technologies.
|
||||||
|
The technologies (or methods) employed in making all of this work includes:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>MS Windows machines register their presence to the network</td></tr><tr><td>Machines announce themselves to other machines on the network</td></tr><tr><td>One or more machine on the network collates the local announcements</td></tr><tr><td>The client machine finds the machine that has the collated list of machines</td></tr><tr><td>The client machine is able to resolve the machine names to IP addresses</td></tr><tr><td>The client machine is able to connect to a target machine</td></tr></table><p>
|
||||||
|
The Samba application that controls browse list management and name resolution is
|
||||||
|
called <tt class="filename">nmbd</tt>. The configuration parameters involved in nmbd's operation are:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
|
||||||
|
Browsing options:
|
||||||
|
-----------------
|
||||||
|
* os level
|
||||||
|
lm announce
|
||||||
|
lm interval
|
||||||
|
* preferred master
|
||||||
|
* local master
|
||||||
|
* domain master
|
||||||
|
browse list
|
||||||
|
enhanced browsing
|
||||||
|
|
||||||
|
Name Resolution Method:
|
||||||
|
-----------------------
|
||||||
|
* name resolve order
|
||||||
|
|
||||||
|
WINS options:
|
||||||
|
-------------
|
||||||
|
dns proxy
|
||||||
|
wins proxy
|
||||||
|
* wins server
|
||||||
|
* wins support
|
||||||
|
wins hook
|
||||||
|
</pre><p>
|
||||||
|
For Samba, the WINS Server and WINS Support are mutually exclusive options. Those marked with
|
||||||
|
an '*' are the only options that commonly MAY need to be modified. Even if not one of these
|
||||||
|
parameters is set <tt class="filename">nmbd</tt> will still do it's job.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2903747"></a>Discussion</h2></div></div><div></div></div><p>
|
||||||
|
Firstly, all MS Windows networking uses SMB (Server Message Block) based messaging.
|
||||||
|
SMB messaging may be implemented with or without NetBIOS. MS Windows 200x supports
|
||||||
|
NetBIOS over TCP/IP for backwards compatibility. Microsoft is intent on phasing out NetBIOS
|
||||||
|
support.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2903764"></a>NetBIOS over TCP/IP</h3></div></div><div></div></div><p>
|
||||||
|
Samba implements NetBIOS, as does MS Windows NT / 200x / XP, by encapsulating it over TCP/IP.
|
||||||
|
MS Windows products can do likewise. NetBIOS based networking uses broadcast messaging to
|
||||||
|
affect browse list management. When running NetBIOS over TCP/IP, this uses UDP based messaging.
|
||||||
|
UDP messages can be broadcast or unicast.
|
||||||
|
</p><p>
|
||||||
|
Normally, only unicast UDP messaging can be forwarded by routers. The
|
||||||
|
<b class="command">remote announce</b> parameter to smb.conf helps to project browse announcements
|
||||||
|
to remote network segments via unicast UDP. Similarly, the
|
||||||
|
<b class="command">remote browse sync</b> parameter of <tt class="filename">smb.conf</tt>
|
||||||
|
implements browse list collation using unicast UDP.
|
||||||
|
</p><p>
|
||||||
|
Secondly, in those networks where Samba is the only SMB server technology,
|
||||||
|
wherever possible <tt class="filename">nmbd</tt> should be configured on one (1) machine as the WINS
|
||||||
|
server. This makes it easy to manage the browsing environment. If each network
|
||||||
|
segment is configured with it's own Samba WINS server, then the only way to
|
||||||
|
get cross segment browsing to work is by using the
|
||||||
|
<b class="command">remote announce</b> and the <b class="command">remote browse sync</b>
|
||||||
|
parameters to your <tt class="filename">smb.conf</tt> file.
|
||||||
|
</p><p>
|
||||||
|
If only one WINS server is used for an entire multi-segment network then
|
||||||
|
the use of the <b class="command">remote announce</b> and the
|
||||||
|
<b class="command">remote browse sync</b> parameters should NOT be necessary.
|
||||||
|
</p><p>
|
||||||
|
As of Samba 3 WINS replication is being worked on. The bulk of the code has
|
||||||
|
been committed, but it still needs maturation. This is NOT a supported feature
|
||||||
|
of the Samba-3.0.0 release. Hopefully, this will become a supported feature
|
||||||
|
of one of the Samba-3 release series.
|
||||||
|
</p><p>
|
||||||
|
Right now Samba WINS does not support MS-WINS replication. This means that
|
||||||
|
when setting up Samba as a WINS server there must only be one <tt class="filename">nmbd</tt>
|
||||||
|
configured as a WINS server on the network. Some sites have used multiple Samba WINS
|
||||||
|
servers for redundancy (one server per subnet) and then used
|
||||||
|
<b class="command">remote browse sync</b> and <b class="command">remote announce</b>
|
||||||
|
to affect browse list collation across all segments. Note that this means clients
|
||||||
|
will only resolve local names, and must be configured to use DNS to resolve names
|
||||||
|
on other subnets in order to resolve the IP addresses of the servers they can see
|
||||||
|
on other subnets. This setup is not recommended, but is mentioned as a practical
|
||||||
|
consideration (ie: an 'if all else fails' scenario).
|
||||||
|
</p><p>
|
||||||
|
Lastly, take note that browse lists are a collection of unreliable broadcast
|
||||||
|
messages that are repeated at intervals of not more than 15 minutes. This means
|
||||||
|
that it will take time to establish a browse list and it can take up to 45
|
||||||
|
minutes to stabilise, particularly across network segments.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2903926"></a>TCP/IP - without NetBIOS</h3></div></div><div></div></div><p>
|
||||||
|
All TCP/IP using systems use various forms of host name resolution. The primary
|
||||||
|
methods for TCP/IP hostname resolutions involves either a static file (<tt class="filename">/etc/hosts
|
||||||
|
</tt>) or DNS (the Domain Name System). DNS is the technology that makes
|
||||||
|
the Internet usable. DNS based host name resolution is supported by nearly all TCP/IP
|
||||||
|
enabled systems. Only a few embedded TCP/IP systems do not support DNS.
|
||||||
|
</p><p>
|
||||||
|
When an MS Windows 200x / XP system attempts to resolve a host name to an IP address
|
||||||
|
it follows a defined path:
|
||||||
|
</p><div class="orderedlist"><ol type="1"><li><p>
|
||||||
|
Checks the <tt class="filename">hosts</tt> file. It is located in
|
||||||
|
<tt class="filename">C:\WinNT\System32\Drivers\etc</tt>.
|
||||||
|
</p></li><li><p>
|
||||||
|
Does a DNS lookup
|
||||||
|
</p></li><li><p>
|
||||||
|
Checks the NetBIOS name cache
|
||||||
|
</p></li><li><p>
|
||||||
|
Queries the WINS server
|
||||||
|
</p></li><li><p>
|
||||||
|
Does a broadcast name lookup over UDP
|
||||||
|
</p></li><li><p>
|
||||||
|
Looks up entries in LMHOSTS. It is located in
|
||||||
|
<tt class="filename">C:\WinNT\System32\Drivers\etc</tt>.
|
||||||
|
</p></li></ol></div><p>
|
||||||
|
Windows 200x / XP can register it's host name with a Dynamic DNS server. You can
|
||||||
|
force register with a Dynamic DNS server in Windows 200x / XP using:
|
||||||
|
<b class="command">ipconfig /registerdns</b>
|
||||||
|
</p><p>
|
||||||
|
With Active Directory (ADS), a correctly functioning DNS server is absolutely
|
||||||
|
essential. In the absence of a working DNS server that has been correctly configured,
|
||||||
|
MS Windows clients and servers will be totally unable to locate each other,
|
||||||
|
consequently network services will be severely impaired.
|
||||||
|
</p><p>
|
||||||
|
The use of Dynamic DNS is highly recommended with Active Directory, in which case
|
||||||
|
the use of BIND9 is preferred for it's ability to adequately support the SRV (service)
|
||||||
|
records that are needed for Active Directory.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2904058"></a>DNS and Active Directory</h3></div></div><div></div></div><p>
|
||||||
|
Occasionally we hear from Unix network administrators who want to use a Unix based Dynamic
|
||||||
|
DNS server in place of the Microsoft DNS server. While this might be desirable to some, the
|
||||||
|
MS Windows 200x DNS server is auto-configured to work with Active Directory. It is possible
|
||||||
|
to use BIND version 8 or 9, but it will almost certainly be necessary to create service records
|
||||||
|
so that MS Active Directory clients can resolve host names to locate essential network services.
|
||||||
|
The following are some of the default service records that Active Directory requires:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>_ldap._tcp.pdc.ms-dcs.<span class="emphasis"><em>Domain</em></span></p><p>
|
||||||
|
This provides the address of the Windows NT PDC for the Domain.
|
||||||
|
</p></li><li><p>_ldap._tcp.pdc.ms-dcs.<span class="emphasis"><em>DomainTree</em></span></p><p>
|
||||||
|
Resolves the addresses of Global Catalog servers in the domain.
|
||||||
|
</p></li><li><p>_ldap._tcp.<span class="emphasis"><em>site</em></span>.sites.writable.ms-dcs.<span class="emphasis"><em>Domain</em></span></p><p>
|
||||||
|
Provides list of domain controllers based on sites.
|
||||||
|
</p></li><li><p>_ldap._tcp.writable.ms-dcs.<span class="emphasis"><em>Domain</em></span></p><p>
|
||||||
|
Enumerates list of domain controllers that have the writable
|
||||||
|
copies of the Active Directory data store.
|
||||||
|
</p></li><li><p>_ldap._tcp.<span class="emphasis"><em>GUID</em></span>.domains.ms-dcs.<span class="emphasis"><em>DomainTree</em></span></p><p>
|
||||||
|
Entry used by MS Windows clients to locate machines using the
|
||||||
|
Global Unique Identifier.
|
||||||
|
</p></li><li><p>_ldap._tcp.<span class="emphasis"><em>Site</em></span>.gc.ms-dcs.<span class="emphasis"><em>DomainTree</em></span></p><p>
|
||||||
|
Used by MS Windows clients to locate site configuration dependent
|
||||||
|
Global Catalog server.
|
||||||
|
</p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2904194"></a>How Browsing Functions</h2></div></div><div></div></div><p>
|
||||||
|
MS Windows machines register their NetBIOS names
|
||||||
|
(ie: the machine name for each service type in operation) on start
|
||||||
|
up. The exact method by which this name registration
|
||||||
|
takes place is determined by whether or not the MS Windows client/server
|
||||||
|
has been given a WINS server address, whether or not LMHOSTS lookup
|
||||||
|
is enabled, or if DNS for NetBIOS name resolution is enabled, etc.
|
||||||
|
</p><p>
|
||||||
|
In the case where there is no WINS server, all name registrations as
|
||||||
|
well as name lookups are done by UDP broadcast. This isolates name
|
||||||
|
resolution to the local subnet, unless LMHOSTS is used to list all
|
||||||
|
names and IP addresses. In such situations Samba provides a means by
|
||||||
|
which the Samba server name may be forcibly injected into the browse
|
||||||
|
list of a remote MS Windows network (using the
|
||||||
|
<b class="command">remote announce</b> parameter).
|
||||||
|
</p><p>
|
||||||
|
Where a WINS server is used, the MS Windows client will use UDP
|
||||||
|
unicast to register with the WINS server. Such packets can be routed
|
||||||
|
and thus WINS allows name resolution to function across routed networks.
|
||||||
|
</p><p>
|
||||||
|
During the startup process an election will take place to create a
|
||||||
|
local master browser if one does not already exist. On each NetBIOS network
|
||||||
|
one machine will be elected to function as the domain master browser. This
|
||||||
|
domain browsing has nothing to do with MS security domain control.
|
||||||
|
Instead, the domain master browser serves the role of contacting each local
|
||||||
|
master browser (found by asking WINS or from LMHOSTS) and exchanging browse
|
||||||
|
list contents. This way every master browser will eventually obtain a complete
|
||||||
|
list of all machines that are on the network. Every 11-15 minutes an election
|
||||||
|
is held to determine which machine will be the master browser. By the nature of
|
||||||
|
the election criteria used, the machine with the highest uptime, or the
|
||||||
|
most senior protocol version, or other criteria, will win the election
|
||||||
|
as domain master browser.
|
||||||
|
</p><p>
|
||||||
|
Clients wishing to browse the network make use of this list, but also depend
|
||||||
|
on the availability of correct name resolution to the respective IP
|
||||||
|
address/addresses.
|
||||||
|
</p><p>
|
||||||
|
Any configuration that breaks name resolution and/or browsing intrinsics
|
||||||
|
will annoy users because they will have to put up with protracted
|
||||||
|
inability to use the network services.
|
||||||
|
</p><p>
|
||||||
|
Samba supports a feature that allows forced synchronisation
|
||||||
|
of browse lists across routed networks using the <b class="command">remote
|
||||||
|
browse sync</b> parameter in the <tt class="filename">smb.conf</tt> file.
|
||||||
|
This causes Samba to contact the local master browser on a remote network and
|
||||||
|
to request browse list synchronisation. This effectively bridges
|
||||||
|
two networks that are separated by routers. The two remote
|
||||||
|
networks may use either broadcast based name resolution or WINS
|
||||||
|
based name resolution, but it should be noted that the <b class="command">remote
|
||||||
|
browse sync</b> parameter provides browse list synchronisation - and
|
||||||
|
that is distinct from name to address resolution, in other
|
||||||
|
words, for cross subnet browsing to function correctly it is
|
||||||
|
essential that a name to address resolution mechanism be provided.
|
||||||
|
This mechanism could be via DNS, <tt class="filename">/etc/hosts</tt>,
|
||||||
|
and so on.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2904320"></a>Setting up WORKGROUP Browsing</h3></div></div><div></div></div><p>
|
||||||
|
To set up cross subnet browsing on a network containing machines
|
||||||
|
in up to be in a WORKGROUP, not an NT Domain you need to set up one
|
||||||
|
Samba server to be the Domain Master Browser (note that this is *NOT*
|
||||||
|
the same as a Primary Domain Controller, although in an NT Domain the
|
||||||
|
same machine plays both roles). The role of a Domain master browser is
|
||||||
|
to collate the browse lists from local master browsers on all the
|
||||||
|
subnets that have a machine participating in the workgroup. Without
|
||||||
|
one machine configured as a domain master browser each subnet would
|
||||||
|
be an isolated workgroup, unable to see any machines on any other
|
||||||
|
subnet. It is the presence of a domain master browser that makes
|
||||||
|
cross subnet browsing possible for a workgroup.
|
||||||
|
</p><p>
|
||||||
|
In an WORKGROUP environment the domain master browser must be a
|
||||||
|
Samba server, and there must only be one domain master browser per
|
||||||
|
workgroup name. To set up a Samba server as a domain master browser,
|
||||||
|
set the following option in the <i class="parameter"><tt>[global]</tt></i> section
|
||||||
|
of the <tt class="filename">smb.conf</tt> file :
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
domain master = yes
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
The domain master browser should also preferrably be the local master
|
||||||
|
browser for its own subnet. In order to achieve this set the following
|
||||||
|
options in the <i class="parameter"><tt>[global]</tt></i> section of the <tt class="filename">smb.conf</tt> file :
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
domain master = yes
|
||||||
|
local master = yes
|
||||||
|
preferred master = yes
|
||||||
|
os level = 65
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
The domain master browser may be the same machine as the WINS
|
||||||
|
server, if you require.
|
||||||
|
</p><p>
|
||||||
|
Next, you should ensure that each of the subnets contains a
|
||||||
|
machine that can act as a local master browser for the
|
||||||
|
workgroup. Any MS Windows NT/2K/XP/2003 machine should be
|
||||||
|
able to do this, as will Windows 9x machines (although these
|
||||||
|
tend to get rebooted more often, so it's not such a good idea
|
||||||
|
to use these). To make a Samba server a local master browser
|
||||||
|
set the following options in the <i class="parameter"><tt>[global]</tt></i> section of the
|
||||||
|
<tt class="filename">smb.conf</tt> file :
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
domain master = no
|
||||||
|
local master = yes
|
||||||
|
preferred master = yes
|
||||||
|
os level = 65
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
Do not do this for more than one Samba server on each subnet,
|
||||||
|
or they will war with each other over which is to be the local
|
||||||
|
master browser.
|
||||||
|
</p><p>
|
||||||
|
The <i class="parameter"><tt>local master</tt></i> parameter allows Samba to act as a
|
||||||
|
local master browser. The <i class="parameter"><tt>preferred master</tt></i> causes nmbd
|
||||||
|
to force a browser election on startup and the <i class="parameter"><tt>os level</tt></i>
|
||||||
|
parameter sets Samba high enough so that it should win any browser elections.
|
||||||
|
</p><p>
|
||||||
|
If you have an NT machine on the subnet that you wish to
|
||||||
|
be the local master browser then you can disable Samba from
|
||||||
|
becoming a local master browser by setting the following
|
||||||
|
options in the <i class="parameter"><tt>[global]</tt></i> section of the
|
||||||
|
<tt class="filename">smb.conf</tt> file :
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
domain master = no
|
||||||
|
local master = no
|
||||||
|
preferred master = no
|
||||||
|
os level = 0
|
||||||
|
</pre><p>
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2904541"></a>Setting up DOMAIN Browsing</h3></div></div><div></div></div><p>
|
||||||
|
If you are adding Samba servers to a Windows NT Domain then
|
||||||
|
you must not set up a Samba server as a domain master browser.
|
||||||
|
By default, a Windows NT Primary Domain Controller for a domain
|
||||||
|
is also the Domain master browser for that domain, and many
|
||||||
|
things will break if a Samba server registers the Domain master
|
||||||
|
browser NetBIOS name (<i class="replaceable"><tt>DOMAIN</tt></i><1B>)
|
||||||
|
with WINS instead of the PDC.
|
||||||
|
</p><p>
|
||||||
|
For subnets other than the one containing the Windows NT PDC
|
||||||
|
you may set up Samba servers as local master browsers as
|
||||||
|
described. To make a Samba server a local master browser set
|
||||||
|
the following options in the <b class="command">[global]</b> section
|
||||||
|
of the <tt class="filename">smb.conf</tt> file :
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
domain master = no
|
||||||
|
local master = yes
|
||||||
|
preferred master = yes
|
||||||
|
os level = 65
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
If you wish to have a Samba server fight the election with machines
|
||||||
|
on the same subnet you may set the <i class="parameter"><tt>os level</tt></i> parameter
|
||||||
|
to lower levels. By doing this you can tune the order of machines that
|
||||||
|
will become local master browsers if they are running. For
|
||||||
|
more details on this see the section <a href="NetworkBrowsing.html#browse-force-master" title="Forcing Samba to be the master">
|
||||||
|
Forcing Samba to be the master browser</a>
|
||||||
|
below.
|
||||||
|
</p><p>
|
||||||
|
If you have Windows NT machines that are members of the domain
|
||||||
|
on all subnets, and you are sure they will always be running then
|
||||||
|
you can disable Samba from taking part in browser elections and
|
||||||
|
ever becoming a local master browser by setting following options
|
||||||
|
in the <i class="parameter"><tt>[global]</tt></i> section of the <tt class="filename">smb.conf</tt>
|
||||||
|
file :
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
domain master = no
|
||||||
|
local master = no
|
||||||
|
preferred master = no
|
||||||
|
os level = 0
|
||||||
|
</pre><p>
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="browse-force-master"></a>Forcing Samba to be the master</h3></div></div><div></div></div><p>
|
||||||
|
Who becomes the <i class="parameter"><tt>master browser</tt></i> is determined by an election
|
||||||
|
process using broadcasts. Each election packet contains a number of parameters
|
||||||
|
which determine what precedence (bias) a host should have in the
|
||||||
|
election. By default Samba uses a very low precedence and thus loses
|
||||||
|
elections to just about anyone else.
|
||||||
|
</p><p>
|
||||||
|
If you want Samba to win elections then just set the <i class="parameter"><tt>os level</tt></i> global
|
||||||
|
option in <tt class="filename">smb.conf</tt> to a higher number. It defaults to 0. Using 34
|
||||||
|
would make it win all elections over every other system (except other
|
||||||
|
samba systems!)
|
||||||
|
</p><p>
|
||||||
|
A <i class="parameter"><tt>os level</tt></i> of 2 would make it beat WfWg and Win95, but not MS Windows
|
||||||
|
NT/2K Server. A MS Windows NT/2K Server domain controller uses level 32.
|
||||||
|
</p><p>The maximum os level is 255</p><p>
|
||||||
|
If you want Samba to force an election on startup, then set the
|
||||||
|
<i class="parameter"><tt>preferred master</tt></i> global option in <tt class="filename">smb.conf</tt> to <tt class="constant">yes</tt>. Samba will
|
||||||
|
then have a slight advantage over other potential master browsers
|
||||||
|
that are not preferred master browsers. Use this parameter with
|
||||||
|
care, as if you have two hosts (whether they are Windows 95 or NT or
|
||||||
|
Samba) on the same local subnet both set with <i class="parameter"><tt>preferred master</tt></i> to
|
||||||
|
<tt class="constant">yes</tt>, then periodically and continually they will force an election
|
||||||
|
in order to become the local master browser.
|
||||||
|
</p><p>
|
||||||
|
If you want Samba to be a <i class="parameter"><tt>domain master browser</tt></i>, then it is
|
||||||
|
recommended that you also set <i class="parameter"><tt>preferred master</tt></i> to <tt class="constant">yes</tt>, because
|
||||||
|
Samba will not become a domain master browser for the whole of your
|
||||||
|
LAN or WAN if it is not also a local master browser on its own
|
||||||
|
broadcast isolated subnet.
|
||||||
|
</p><p>
|
||||||
|
It is possible to configure two Samba servers to attempt to become
|
||||||
|
the domain master browser for a domain. The first server that comes
|
||||||
|
up will be the domain master browser. All other Samba servers will
|
||||||
|
attempt to become the domain master browser every 5 minutes. They
|
||||||
|
will find that another Samba server is already the domain master
|
||||||
|
browser and will fail. This provides automatic redundancy, should
|
||||||
|
the current domain master browser fail.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2904811"></a>Making Samba the domain master</h3></div></div><div></div></div><p>
|
||||||
|
The domain master is responsible for collating the browse lists of
|
||||||
|
multiple subnets so that browsing can occur between subnets. You can
|
||||||
|
make Samba act as the domain master by setting <i class="parameter"><tt>domain master = yes</tt></i>
|
||||||
|
in <tt class="filename">smb.conf</tt>. By default it will not be a domain master.
|
||||||
|
</p><p>
|
||||||
|
Note that you should <span class="emphasis"><em>not</em></span> set Samba to be the domain master for a
|
||||||
|
workgroup that has the same name as an NT Domain.
|
||||||
|
</p><p>
|
||||||
|
When Samba is the domain master and the master browser, it will listen
|
||||||
|
for master announcements (made roughly every twelve minutes) from local
|
||||||
|
master browsers on other subnets and then contact them to synchronise
|
||||||
|
browse lists.
|
||||||
|
</p><p>
|
||||||
|
If you want Samba to be the domain master then I suggest you also set
|
||||||
|
the <i class="parameter"><tt>os level</tt></i> high enough to make sure it wins elections, and set
|
||||||
|
<i class="parameter"><tt>preferred master</tt></i> to <tt class="constant">yes</tt>, to get Samba to force an election on
|
||||||
|
startup.
|
||||||
|
</p><p>
|
||||||
|
Note that all your servers (including Samba) and clients should be
|
||||||
|
using a WINS server to resolve NetBIOS names. If your clients are only
|
||||||
|
using broadcasting to resolve NetBIOS names, then two things will occur:
|
||||||
|
</p><div class="orderedlist"><ol type="1"><li><p>
|
||||||
|
your local master browsers will be unable to find a domain master
|
||||||
|
browser, as it will only be looking on the local subnet.
|
||||||
|
</p></li><li><p>
|
||||||
|
if a client happens to get hold of a domain-wide browse list, and
|
||||||
|
a user attempts to access a host in that list, it will be unable to
|
||||||
|
resolve the NetBIOS name of that host.
|
||||||
|
</p></li></ol></div><p>
|
||||||
|
If, however, both Samba and your clients are using a WINS server, then:
|
||||||
|
</p><div class="orderedlist"><ol type="1"><li><p>
|
||||||
|
your local master browsers will contact the WINS server and, as long as
|
||||||
|
Samba has registered that it is a domain master browser with the WINS
|
||||||
|
server, your local master browser will receive Samba's IP address
|
||||||
|
as its domain master browser.
|
||||||
|
</p></li><li><p>
|
||||||
|
when a client receives a domain-wide browse list, and a user attempts
|
||||||
|
to access a host in that list, it will contact the WINS server to
|
||||||
|
resolve the NetBIOS name of that host. as long as that host has
|
||||||
|
registered its NetBIOS name with the same WINS server, the user will
|
||||||
|
be able to see that host.
|
||||||
|
</p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2904967"></a>Note about broadcast addresses</h3></div></div><div></div></div><p>
|
||||||
|
If your network uses a "0" based broadcast address (for example if it
|
||||||
|
ends in a 0) then you will strike problems. Windows for Workgroups
|
||||||
|
does not seem to support a 0's broadcast and you will probably find
|
||||||
|
that browsing and name lookups won't work.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2904984"></a>Multiple interfaces</h3></div></div><div></div></div><p>
|
||||||
|
Samba now supports machines with multiple network interfaces. If you
|
||||||
|
have multiple interfaces then you will need to use the <b class="command">interfaces</b>
|
||||||
|
option in <tt class="filename">smb.conf</tt> to configure them.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2905013"></a>Use of the Remote Announce parameter</h3></div></div><div></div></div><p>
|
||||||
|
The <i class="parameter"><tt>remote announce</tt></i> parameter of
|
||||||
|
<tt class="filename">smb.conf</tt> can be used to forcibly ensure
|
||||||
|
that all the NetBIOS names on a network get announced to a remote network.
|
||||||
|
The syntax of the <i class="parameter"><tt>remote announce</tt></i> parameter is:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
remote announce = a.b.c.d [e.f.g.h] ...
|
||||||
|
</pre><p>
|
||||||
|
<span class="emphasis"><em>or</em></span>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
where:
|
||||||
|
</p><div class="variablelist"><dl><dt><span class="term"><i class="replaceable"><tt>a.b.c.d</tt></i> and
|
||||||
|
<i class="replaceable"><tt>e.f.g.h</tt></i></span></dt><dd><p>is either the LMB (Local Master Browser) IP address
|
||||||
|
or the broadcast address of the remote network.
|
||||||
|
ie: the LMB is at 192.168.1.10, or the address
|
||||||
|
could be given as 192.168.1.255 where the netmask
|
||||||
|
is assumed to be 24 bits (255.255.255.0).
|
||||||
|
When the remote announcement is made to the broadcast
|
||||||
|
address of the remote network, every host will receive
|
||||||
|
our announcements. This is noisy and therefore
|
||||||
|
undesirable but may be necessary if we do NOT know
|
||||||
|
the IP address of the remote LMB.</p></dd><dt><span class="term"><i class="replaceable"><tt>WORKGROUP</tt></i></span></dt><dd><p>is optional and can be either our own workgroup
|
||||||
|
or that of the remote network. If you use the
|
||||||
|
workgroup name of the remote network then our
|
||||||
|
NetBIOS machine names will end up looking like
|
||||||
|
they belong to that workgroup, this may cause
|
||||||
|
name resolution problems and should be avoided.
|
||||||
|
</p></dd></dl></div><p>
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2905122"></a>Use of the Remote Browse Sync parameter</h3></div></div><div></div></div><p>
|
||||||
|
The <i class="parameter"><tt>remote browse sync</tt></i> parameter of
|
||||||
|
<tt class="filename">smb.conf</tt> is used to announce to
|
||||||
|
another LMB that it must synchronise its NetBIOS name list with our
|
||||||
|
Samba LMB. It works ONLY if the Samba server that has this option is
|
||||||
|
simultaneously the LMB on its network segment.
|
||||||
|
</p><p>
|
||||||
|
The syntax of the <i class="parameter"><tt>remote browse sync</tt></i> parameter is:
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
remote browse sync = <i class="replaceable"><tt>a.b.c.d</tt></i>
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
where <i class="replaceable"><tt>a.b.c.d</tt></i> is either the IP address of the
|
||||||
|
remote LMB or else is the network broadcast address of the remote segment.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2905183"></a>WINS - The Windows Internetworking Name Server</h2></div></div><div></div></div><p>
|
||||||
|
Use of WINS (either Samba WINS <span class="emphasis"><em>or</em></span> MS Windows NT Server WINS) is highly
|
||||||
|
recommended. Every NetBIOS machine registers its name together with a
|
||||||
|
name_type value for each of several types of service it has available.
|
||||||
|
eg: It registers its name directly as a unique (the type 0x03) name.
|
||||||
|
It also registers its name if it is running the LanManager compatible
|
||||||
|
server service (used to make shares and printers available to other users)
|
||||||
|
by registering the server (the type 0x20) name.
|
||||||
|
</p><p>
|
||||||
|
All NetBIOS names are up to 15 characters in length. The name_type variable
|
||||||
|
is added to the end of the name - thus creating a 16 character name. Any
|
||||||
|
name that is shorter than 15 characters is padded with spaces to the 15th
|
||||||
|
character. ie: All NetBIOS names are 16 characters long (including the
|
||||||
|
name_type information).
|
||||||
|
</p><p>
|
||||||
|
WINS can store these 16 character names as they get registered. A client
|
||||||
|
that wants to log onto the network can ask the WINS server for a list
|
||||||
|
of all names that have registered the NetLogon service name_type. This saves
|
||||||
|
broadcast traffic and greatly expedites logon processing. Since broadcast
|
||||||
|
name resolution can not be used across network segments this type of
|
||||||
|
information can only be provided via WINS <span class="emphasis"><em>or</em></span> via statically configured
|
||||||
|
<tt class="filename">lmhosts</tt> files that must reside on all clients in the
|
||||||
|
absence of WINS.
|
||||||
|
</p><p>
|
||||||
|
WINS also serves the purpose of forcing browse list synchronisation by all
|
||||||
|
LMB's. LMB's must synchronise their browse list with the DMB (domain master
|
||||||
|
browser) and WINS helps the LMB to identify it's DMB. By definition this
|
||||||
|
will work only within a single workgroup. Note that the domain master browser
|
||||||
|
has NOTHING to do with what is referred to as an MS Windows NT Domain. The
|
||||||
|
later is a reference to a security environment while the DMB refers to the
|
||||||
|
master controller for browse list information only.
|
||||||
|
</p><p>
|
||||||
|
Use of WINS will work correctly only if EVERY client TCP/IP protocol stack
|
||||||
|
has been configured to use the WINS server/s. Any client that has not been
|
||||||
|
configured to use the WINS server will continue to use only broadcast based
|
||||||
|
name registration so that WINS may NEVER get to know about it. In any case,
|
||||||
|
machines that have not registered with a WINS server will fail name to address
|
||||||
|
lookup attempts by other clients and will therefore cause workstation access
|
||||||
|
errors.
|
||||||
|
</p><p>
|
||||||
|
To configure Samba as a WINS server just add
|
||||||
|
<i class="parameter"><tt>wins support = yes</tt></i> to the <tt class="filename">smb.conf</tt>
|
||||||
|
file [globals] section.
|
||||||
|
</p><p>
|
||||||
|
To configure Samba to register with a WINS server just add
|
||||||
|
<i class="parameter"><tt>wins server = a.b.c.d</tt></i> to your <tt class="filename">smb.conf</tt> file <i class="parameter"><tt>[globals]</tt></i> section.
|
||||||
|
</p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>
|
||||||
|
Never use both <i class="parameter"><tt>wins support = yes</tt></i> together
|
||||||
|
with <i class="parameter"><tt>wins server = a.b.c.d</tt></i>
|
||||||
|
particularly not using it's own IP address.
|
||||||
|
Specifying both will cause <span class="application">nmbd</span> to refuse to start!
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2905341"></a>Setting up a WINS server</h3></div></div><div></div></div><p>
|
||||||
|
Either a Samba machine or a Windows NT Server machine may be set up
|
||||||
|
as a WINS server. To set a Samba machine to be a WINS server you must
|
||||||
|
add the following option to the <tt class="filename">smb.conf</tt> file on the selected machine :
|
||||||
|
in the <i class="parameter"><tt>[globals]</tt></i> section add the line
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
wins support = yes
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
Versions of Samba prior to 1.9.17 had this parameter default to
|
||||||
|
yes. If you have any older versions of Samba on your network it is
|
||||||
|
strongly suggested you upgrade to a recent version, or at the very
|
||||||
|
least set the parameter to 'no' on all these machines.
|
||||||
|
</p><p>
|
||||||
|
Machines with <i class="parameter"><tt>wins support = yes</tt></i> will keep a list of
|
||||||
|
all NetBIOS names registered with them, acting as a DNS for NetBIOS names.
|
||||||
|
</p><p>
|
||||||
|
You should set up only ONE WINS server. Do NOT set the
|
||||||
|
<i class="parameter"><tt>wins support = yes</tt></i> option on more than one Samba
|
||||||
|
server.
|
||||||
|
</p><p>
|
||||||
|
To set up a Windows NT Server as a WINS server you need to set up
|
||||||
|
the WINS service - see your NT documentation for details. Note that
|
||||||
|
Windows NT WINS Servers can replicate to each other, allowing more
|
||||||
|
than one to be set up in a complex subnet environment. As Microsoft
|
||||||
|
refuses to document these replication protocols, Samba cannot currently
|
||||||
|
participate in these replications. It is possible in the future that
|
||||||
|
a Samba->Samba WINS replication protocol may be defined, in which
|
||||||
|
case more than one Samba machine could be set up as a WINS server
|
||||||
|
but currently only one Samba server should have the
|
||||||
|
<i class="parameter"><tt>wins support = yes</tt></i> parameter set.
|
||||||
|
</p><p>
|
||||||
|
After the WINS server has been configured you must ensure that all
|
||||||
|
machines participating on the network are configured with the address
|
||||||
|
of this WINS server. If your WINS server is a Samba machine, fill in
|
||||||
|
the Samba machine IP address in the <span class="guilabel">Primary WINS Server</span> field of
|
||||||
|
the <span class="guilabel">Control Panel->Network->Protocols->TCP->WINS Server</span> dialogs
|
||||||
|
in Windows 95 or Windows NT. To tell a Samba server the IP address
|
||||||
|
of the WINS server add the following line to the <i class="parameter"><tt>[global]</tt></i> section of
|
||||||
|
all <tt class="filename">smb.conf</tt> files :
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
wins server = <name or IP address>
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
where <name or IP address> is either the DNS name of the WINS server
|
||||||
|
machine or its IP address.
|
||||||
|
</p><p>
|
||||||
|
Note that this line MUST NOT BE SET in the <tt class="filename">smb.conf</tt> file of the Samba
|
||||||
|
server acting as the WINS server itself. If you set both the
|
||||||
|
<i class="parameter"><tt>wins support = yes</tt></i> option and the
|
||||||
|
<i class="parameter"><tt>wins server = <name></tt></i> option then
|
||||||
|
nmbd will fail to start.
|
||||||
|
</p><p>
|
||||||
|
There are two possible scenarios for setting up cross subnet browsing.
|
||||||
|
The first details setting up cross subnet browsing on a network containing
|
||||||
|
Windows 95, Samba and Windows NT machines that are not configured as
|
||||||
|
part of a Windows NT Domain. The second details setting up cross subnet
|
||||||
|
browsing on networks that contain NT Domains.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2905540"></a>WINS Replication</h3></div></div><div></div></div><p>
|
||||||
|
Samba-3 permits WINS replication through the use of the <tt class="filename">wrepld</tt> utility.
|
||||||
|
This tool is not currently capable of being used as it is still in active development.
|
||||||
|
As soon as this tool becomes moderately functional we will prepare man pages and enhance this
|
||||||
|
section of the documentation to provide usage and technical details.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2905565"></a>Static WINS Entries</h3></div></div><div></div></div><p>
|
||||||
|
Adding static entries to your Samba-3 WINS server is actually fairly easy.
|
||||||
|
All you have to do is add a line to <tt class="filename">wins.dat</tt>, typically
|
||||||
|
located in <tt class="filename">/usr/local/samba/var/locks</tt>.
|
||||||
|
</p><p>
|
||||||
|
Entries in <tt class="filename">wins.dat</tt> take the form of
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
"NAME#TYPE" TTL ADDRESS+ FLAGS
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
where NAME is the NetBIOS name, TYPE is the NetBIOS type, TTL is the
|
||||||
|
time-to-live as an absolute time in seconds, ADDRESS+ is one or more
|
||||||
|
addresses corresponding to the registration and FLAGS are the NetBIOS
|
||||||
|
flags for the registration.
|
||||||
|
</p><p>
|
||||||
|
A typical dynamic entry looks like:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
"MADMAN#03" 1055298378 192.168.1.2 66R
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
To make it static, all that has to be done is set the TTL to 0:
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
"MADMAN#03" 0 192.168.1.2 66R
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
Though this method works with early Samba-3 versions, there's a
|
||||||
|
possibility that it may change in future versions if WINS replication
|
||||||
|
is added.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2905650"></a>Helpful Hints</h2></div></div><div></div></div><p>
|
||||||
|
The following hints should be carefully considered as they are stumbling points
|
||||||
|
for many new network administrators.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2905663"></a>Windows Networking Protocols</h3></div></div><div></div></div><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
|
||||||
|
Do NOT use more than one (1) protocol on MS Windows machines
|
||||||
|
</p></div><p>
|
||||||
|
A very common cause of browsing problems results from installing more than
|
||||||
|
one protocol on an MS Windows machine.
|
||||||
|
</p><p>
|
||||||
|
Every NetBIOS machine takes part in a process of electing the LMB (and DMB)
|
||||||
|
every 15 minutes. A set of election criteria is used to determine the order
|
||||||
|
of precedence for winning this election process. A machine running Samba or
|
||||||
|
Windows NT will be biased so that the most suitable machine will predictably
|
||||||
|
win and thus retain it's role.
|
||||||
|
</p><p>
|
||||||
|
The election process is "fought out" so to speak over every NetBIOS network
|
||||||
|
interface. In the case of a Windows 9x machine that has both TCP/IP and IPX
|
||||||
|
installed and has NetBIOS enabled over both protocols the election will be
|
||||||
|
decided over both protocols. As often happens, if the Windows 9x machine is
|
||||||
|
the only one with both protocols then the LMB may be won on the NetBIOS
|
||||||
|
interface over the IPX protocol. Samba will then lose the LMB role as Windows
|
||||||
|
9x will insist it knows who the LMB is. Samba will then cease to function
|
||||||
|
as an LMB and thus browse list operation on all TCP/IP only machines will
|
||||||
|
fail.
|
||||||
|
</p><p><span class="emphasis"><em>
|
||||||
|
Windows 95, 98, 98se, Me are referred to generically as Windows 9x.
|
||||||
|
The Windows NT4, 2000, XP and 2003 use common protocols. These are roughly
|
||||||
|
referred to as the WinNT family, but it should be recognised that 2000 and
|
||||||
|
XP/2003 introduce new protocol extensions that cause them to behave
|
||||||
|
differently from MS Windows NT4. Generally, where a server does NOT support
|
||||||
|
the newer or extended protocol, these will fall back to the NT4 protocols.
|
||||||
|
</em></span></p><p>
|
||||||
|
The safest rule of all to follow it this - USE ONLY ONE PROTOCOL!
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2905730"></a>Name Resolution Order</h3></div></div><div></div></div><p>
|
||||||
|
Resolution of NetBIOS names to IP addresses can take place using a number
|
||||||
|
of methods. The only ones that can provide NetBIOS name_type information
|
||||||
|
are:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>WINS: the best tool!</td></tr><tr><td>LMHOSTS: is static and hard to maintain.</td></tr><tr><td>Broadcast: uses UDP and can not resolve names across remote segments.</td></tr></table><p>
|
||||||
|
Alternative means of name resolution includes:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td><tt class="filename">/etc/hosts</tt>: is static, hard to maintain, and lacks name_type info</td></tr><tr><td>DNS: is a good choice but lacks essential name_type info.</td></tr></table><p>
|
||||||
|
Many sites want to restrict DNS lookups and want to avoid broadcast name
|
||||||
|
resolution traffic. The <i class="parameter"><tt>name resolve order</tt></i> parameter is
|
||||||
|
of great help here. The syntax of the <i class="parameter"><tt>name resolve order</tt></i>
|
||||||
|
parameter is:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
name resolve order = wins lmhosts bcast host
|
||||||
|
</pre><p>
|
||||||
|
<span class="emphasis"><em>or</em></span>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
name resolve order = wins lmhosts (eliminates bcast and host)
|
||||||
|
</pre><p>
|
||||||
|
The default is:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
name resolve order = host lmhost wins bcast
|
||||||
|
</pre><p>
|
||||||
|
where "host" refers the the native methods used by the Unix system
|
||||||
|
to implement the gethostbyname() function call. This is normally
|
||||||
|
controlled by <tt class="filename">/etc/host.conf</tt>, <tt class="filename">/etc/nsswitch.conf</tt> and <tt class="filename">/etc/resolv.conf</tt>.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2905867"></a>Technical Overview of browsing</h2></div></div><div></div></div><p>
|
||||||
|
SMB networking provides a mechanism by which clients can access a list
|
||||||
|
of machines in a network, a so-called <i class="parameter"><tt>browse list</tt></i>. This list
|
||||||
|
contains machines that are ready to offer file and/or print services
|
||||||
|
to other machines within the network. Thus it does not include
|
||||||
|
machines which aren't currently able to do server tasks. The browse
|
||||||
|
list is heavily used by all SMB clients. Configuration of SMB
|
||||||
|
browsing has been problematic for some Samba users, hence this
|
||||||
|
document.
|
||||||
|
</p><p>
|
||||||
|
MS Windows 2000 and later, as with Samba 3 and later, can be
|
||||||
|
configured to not use NetBIOS over TCP/IP. When configured this way,
|
||||||
|
it is imperative that name resolution (using DNS/LDAP/ADS) be correctly
|
||||||
|
configured and operative. Browsing will NOT work if name resolution
|
||||||
|
from SMB machine names to IP addresses does not function correctly.
|
||||||
|
</p><p>
|
||||||
|
Where NetBIOS over TCP/IP is enabled use of a WINS server is highly
|
||||||
|
recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
|
||||||
|
WINS allows remote segment clients to obtain NetBIOS name_type information
|
||||||
|
that can NOT be provided by any other means of name resolution.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2905914"></a>Browsing support in Samba</h3></div></div><div></div></div><p>
|
||||||
|
Samba facilitates browsing. The browsing is supported by <span class="application">nmbd</span>
|
||||||
|
and is also controlled by options in the <tt class="filename">smb.conf</tt> file.
|
||||||
|
Samba can act as a local browse master for a workgroup and the ability
|
||||||
|
to support domain logons and scripts is now available.
|
||||||
|
</p><p>
|
||||||
|
Samba can also act as a domain master browser for a workgroup. This
|
||||||
|
means that it will collate lists from local browse masters into a
|
||||||
|
wide area network server list. In order for browse clients to
|
||||||
|
resolve the names they may find in this list, it is recommended that
|
||||||
|
both Samba and your clients use a WINS server.
|
||||||
|
</p><p>
|
||||||
|
Note that you should NOT set Samba to be the domain master for a
|
||||||
|
workgroup that has the same name as an NT Domain: on each wide area
|
||||||
|
network, you must only ever have one domain master browser per workgroup,
|
||||||
|
regardless of whether it is NT, Samba or any other type of domain master
|
||||||
|
that is providing this service.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
Nmbd can be configured as a WINS server, but it is not
|
||||||
|
necessary to specifically use Samba as your WINS server. MS Windows
|
||||||
|
NT4, Server or Advanced Server 2000 or 2003 can be configured as
|
||||||
|
your WINS server. In a mixed NT/2000/2003 server and Samba environment on
|
||||||
|
a Wide Area Network, it is recommended that you use the Microsoft
|
||||||
|
WINS server capabilities. In a Samba-only environment, it is
|
||||||
|
recommended that you use one and only one Samba server as your WINS server.
|
||||||
|
</p></div><p>
|
||||||
|
To get browsing to work you need to run nmbd as usual, but will need
|
||||||
|
to use the <i class="parameter"><tt>workgroup</tt></i> option in <tt class="filename">smb.conf</tt>
|
||||||
|
to control what workgroup Samba becomes a part of.
|
||||||
|
</p><p>
|
||||||
|
Samba also has a useful option for a Samba server to offer itself for
|
||||||
|
browsing on another subnet. It is recommended that this option is only
|
||||||
|
used for 'unusual' purposes: announcements over the internet, for
|
||||||
|
example. See <i class="parameter"><tt>remote announce</tt></i> in the
|
||||||
|
<tt class="filename">smb.conf</tt> man page.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2906021"></a>Problem resolution</h3></div></div><div></div></div><p>
|
||||||
|
If something doesn't work then hopefully the log.nmbd file will help
|
||||||
|
you track down the problem. Try a debug level of 2 or 3 for finding
|
||||||
|
problems. Also note that the current browse list usually gets stored
|
||||||
|
in text form in a file called <tt class="filename">browse.dat</tt>.
|
||||||
|
</p><p>
|
||||||
|
Note that if it doesn't work for you, then you should still be able to
|
||||||
|
type the server name as <tt class="filename">\\SERVER</tt> in filemanager then
|
||||||
|
hit enter and filemanager should display the list of available shares.
|
||||||
|
</p><p>
|
||||||
|
Some people find browsing fails because they don't have the global
|
||||||
|
<i class="parameter"><tt>guest account</tt></i> set to a valid account. Remember that the
|
||||||
|
IPC$ connection that lists the shares is done as guest, and thus you must
|
||||||
|
have a valid guest account.
|
||||||
|
</p><p><span class="emphasis"><em>
|
||||||
|
MS Windows 2000 and upwards (as with Samba) can be configured to disallow
|
||||||
|
anonymous (ie: Guest account) access to the IPC$ share. In that case, the
|
||||||
|
MS Windows 2000/XP/2003 machine acting as an SMB/CIFS client will use the
|
||||||
|
name of the currently logged in user to query the IPC$ share. MS Windows
|
||||||
|
9X clients are not able to do this and thus will NOT be able to browse
|
||||||
|
server resources.
|
||||||
|
</em></span></p><p>
|
||||||
|
The other big problem people have is that their broadcast address,
|
||||||
|
netmask or IP address is wrong (specified with the "interfaces" option
|
||||||
|
in <tt class="filename">smb.conf</tt>)
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2906100"></a>Browsing across subnets</h3></div></div><div></div></div><p>
|
||||||
|
Since the release of Samba 1.9.17(alpha1), Samba has supported the
|
||||||
|
replication of browse lists across subnet boundaries. This section
|
||||||
|
describes how to set this feature up in different settings.
|
||||||
|
</p><p>
|
||||||
|
To see browse lists that span TCP/IP subnets (ie. networks separated
|
||||||
|
by routers that don't pass broadcast traffic), you must set up at least
|
||||||
|
one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing
|
||||||
|
NetBIOS name to IP address translation to be done by doing a direct
|
||||||
|
query of the WINS server. This is done via a directed UDP packet on
|
||||||
|
port 137 to the WINS server machine. The reason for a WINS server is
|
||||||
|
that by default, all NetBIOS name to IP address translation is done
|
||||||
|
by broadcasts from the querying machine. This means that machines
|
||||||
|
on one subnet will not be able to resolve the names of machines on
|
||||||
|
another subnet without using a WINS server.
|
||||||
|
</p><p>
|
||||||
|
Remember, for browsing across subnets to work correctly, all machines,
|
||||||
|
be they Windows 95, Windows NT, or Samba servers must have the IP address
|
||||||
|
of a WINS server given to them by a DHCP server, or by manual configuration
|
||||||
|
(for Win95 and WinNT, this is in the TCP/IP Properties, under Network
|
||||||
|
settings) for Samba this is in the <tt class="filename">smb.conf</tt> file.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2906150"></a>How does cross subnet browsing work ?</h4></div></div><div></div></div><p>
|
||||||
|
Cross subnet browsing is a complicated dance, containing multiple
|
||||||
|
moving parts. It has taken Microsoft several years to get the code
|
||||||
|
that achieves this correct, and Samba lags behind in some areas.
|
||||||
|
Samba is capable of cross subnet browsing when configured correctly.
|
||||||
|
</p><p>
|
||||||
|
Consider a network set up as follows :
|
||||||
|
</p><p>
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
(DMB)
|
||||||
|
N1_A N1_B N1_C N1_D N1_E
|
||||||
|
| | | | |
|
||||||
|
-------------------------------------------------------
|
||||||
|
| subnet 1 |
|
||||||
|
+---+ +---+
|
||||||
|
|R1 | Router 1 Router 2 |R2 |
|
||||||
|
+---+ +---+
|
||||||
|
| |
|
||||||
|
| subnet 2 subnet 3 |
|
||||||
|
-------------------------- ------------------------------------
|
||||||
|
| | | | | | | |
|
||||||
|
N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D
|
||||||
|
(WINS)
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
Consisting of 3 subnets (1, 2, 3) connected by two routers
|
||||||
|
(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines
|
||||||
|
on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume
|
||||||
|
for the moment that all these machines are configured to be in the
|
||||||
|
same workgroup (for simplicity's sake). Machine N1_C on subnet 1
|
||||||
|
is configured as Domain Master Browser (ie. it will collate the
|
||||||
|
browse lists for the workgroup). Machine N2_D is configured as
|
||||||
|
WINS server and all the other machines are configured to register
|
||||||
|
their NetBIOS names with it.
|
||||||
|
</p><p>
|
||||||
|
As all these machines are booted up, elections for master browsers
|
||||||
|
will take place on each of the three subnets. Assume that machine
|
||||||
|
N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
|
||||||
|
subnet 3 - these machines are known as local master browsers for
|
||||||
|
their particular subnet. N1_C has an advantage in winning as the
|
||||||
|
local master browser on subnet 1 as it is set up as Domain Master
|
||||||
|
Browser.
|
||||||
|
</p><p>
|
||||||
|
On each of the three networks, machines that are configured to
|
||||||
|
offer sharing services will broadcast that they are offering
|
||||||
|
these services. The local master browser on each subnet will
|
||||||
|
receive these broadcasts and keep a record of the fact that
|
||||||
|
the machine is offering a service. This list of records is
|
||||||
|
the basis of the browse list. For this case, assume that
|
||||||
|
all the machines are configured to offer services so all machines
|
||||||
|
will be on the browse list.
|
||||||
|
</p><p>
|
||||||
|
For each network, the local master browser on that network is
|
||||||
|
considered 'authoritative' for all the names it receives via
|
||||||
|
local broadcast. This is because a machine seen by the local
|
||||||
|
master browser via a local broadcast must be on the same
|
||||||
|
network as the local master browser and thus is a 'trusted'
|
||||||
|
and 'verifiable' resource. Machines on other networks that
|
||||||
|
the local master browsers learn about when collating their
|
||||||
|
browse lists have not been directly seen - these records are
|
||||||
|
called 'non-authoritative'.
|
||||||
|
</p><p>
|
||||||
|
At this point the browse lists look as follows (these are
|
||||||
|
the machines you would see in your network neighborhood if
|
||||||
|
you looked in it on a particular network right now).
|
||||||
|
</p><p>
|
||||||
|
</p><div class="table"><a name="id2906267"></a><p class="title"><b>Table 10.1. Browse subnet example 1</b></p><table summary="Browse subnet example 1" border="1"><colgroup><col><col><col></colgroup><thead><tr><th align="left">Subnet</th><th align="left">Browse Master</th><th align="left">List</th></tr></thead><tbody><tr><td align="left">Subnet1</td><td align="left">N1_C</td><td align="left">N1_A, N1_B, N1_C, N1_D, N1_E</td></tr><tr><td align="left">Subnet2</td><td align="left">N2_B</td><td align="left">N2_A, N2_B, N2_C, N2_D</td></tr><tr><td align="left">Subnet3</td><td align="left">N3_D</td><td align="left">N3_A, N3_B, N3_C, N3_D</td></tr></tbody></table></div><p>
|
||||||
|
</p><p>
|
||||||
|
Note that at this point all the subnets are separate, no
|
||||||
|
machine is seen across any of the subnets.
|
||||||
|
</p><p>
|
||||||
|
Now examine subnet 2. As soon as N2_B has become the local
|
||||||
|
master browser it looks for a Domain master browser to synchronize
|
||||||
|
its browse list with. It does this by querying the WINS server
|
||||||
|
(N2_D) for the IP address associated with the NetBIOS name
|
||||||
|
WORKGROUP<1B>. This name was registered by the Domain master
|
||||||
|
browser (N1_C) with the WINS server as soon as it was booted.
|
||||||
|
</p><p>
|
||||||
|
Once N2_B knows the address of the Domain master browser it
|
||||||
|
tells it that is the local master browser for subnet 2 by
|
||||||
|
sending a MasterAnnouncement packet as a UDP port 138 packet.
|
||||||
|
It then synchronizes with it by doing a NetServerEnum2 call. This
|
||||||
|
tells the Domain Master Browser to send it all the server
|
||||||
|
names it knows about. Once the domain master browser receives
|
||||||
|
the MasterAnnouncement packet it schedules a synchronization
|
||||||
|
request to the sender of that packet. After both synchronizations
|
||||||
|
are done the browse lists look like :
|
||||||
|
</p><p>
|
||||||
|
</p><div class="table"><a name="id2906382"></a><p class="title"><b>Table 10.2. Browse subnet example 2</b></p><table summary="Browse subnet example 2" border="1"><colgroup><col><col><col></colgroup><thead><tr><th align="left">Subnet</th><th align="left">Browse Master</th><th align="left">List</th></tr></thead><tbody><tr><td align="left">Subnet1</td><td align="left">N1_C</td><td align="left">N1_A, N1_B, N1_C, N1_D, N1_E, N2_A(*), N2_B(*), N2_C(*), N2_D(*)</td></tr><tr><td align="left">Subnet2</td><td align="left">N2_B</td><td align="left">N2_A, N2_B, N2_C, N2_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)</td></tr><tr><td align="left">Subnet3</td><td align="left">N3_D</td><td align="left">N3_A, N3_B, N3_C, N3_D</td></tr></tbody></table></div><p>
|
||||||
|
|
||||||
|
Servers with a (*) after them are non-authoritative names.
|
||||||
|
</p><p>
|
||||||
|
At this point users looking in their network neighborhood on
|
||||||
|
subnets 1 or 2 will see all the servers on both, users on
|
||||||
|
subnet 3 will still only see the servers on their own subnet.
|
||||||
|
</p><p>
|
||||||
|
The same sequence of events that occured for N2_B now occurs
|
||||||
|
for the local master browser on subnet 3 (N3_D). When it
|
||||||
|
synchronizes browse lists with the domain master browser (N1_A)
|
||||||
|
it gets both the server entries on subnet 1, and those on
|
||||||
|
subnet 2. After N3_D has synchronized with N1_C and vica-versa
|
||||||
|
the browse lists look like.
|
||||||
|
</p><p>
|
||||||
|
</p><div class="table"><a name="id2906481"></a><p class="title"><b>Table 10.3. Browse subnet example 3</b></p><table summary="Browse subnet example 3" border="1"><colgroup><col><col><col></colgroup><thead><tr><th align="left">Subnet</th><th align="left">Browse Master</th><th align="left">List</th></tr></thead><tbody><tr><td align="left">Subnet1</td><td align="left">N1_C</td><td align="left">N1_A, N1_B, N1_C, N1_D, N1_E, N2_A(*), N2_B(*), N2_C(*), N2_D(*), N3_A(*), N3_B(*), N3_C(*), N3_D(*)</td></tr><tr><td align="left">Subnet2</td><td align="left">N2_B</td><td align="left">N2_A, N2_B, N2_C, N2_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)</td></tr><tr><td align="left">Subnet3</td><td align="left">N3_D</td><td align="left">N3_A, N3_B, N3_C, N3_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), N2_A(*), N2_B(*), N2_C(*), N2_D(*)</td></tr></tbody></table></div><p>
|
||||||
|
|
||||||
|
Servers with a (*) after them are non-authoritative names.
|
||||||
|
</p><p>
|
||||||
|
At this point users looking in their network neighborhood on
|
||||||
|
subnets 1 or 3 will see all the servers on all subnets, users on
|
||||||
|
subnet 2 will still only see the servers on subnets 1 and 2, but not 3.
|
||||||
|
</p><p>
|
||||||
|
Finally, the local master browser for subnet 2 (N2_B) will sync again
|
||||||
|
with the domain master browser (N1_C) and will receive the missing
|
||||||
|
server entries. Finally - and as a steady state (if no machines
|
||||||
|
are removed or shut off) the browse lists will look like :
|
||||||
|
</p><p>
|
||||||
|
</p><div class="table"><a name="id2906581"></a><p class="title"><b>Table 10.4. Browse subnet example 4</b></p><table summary="Browse subnet example 4" border="1"><colgroup><col><col><col></colgroup><thead><tr><th align="left">Subnet</th><th align="left">Browse Master</th><th align="left">List</th></tr></thead><tbody><tr><td align="left">Subnet1</td><td align="left">N1_C</td><td align="left">N1_A, N1_B, N1_C, N1_D, N1_E, N2_A(*), N2_B(*), N2_C(*), N2_D(*), N3_A(*), N3_B(*), N3_C(*), N3_D(*)</td></tr><tr><td align="left">Subnet2</td><td align="left">N2_B</td><td align="left">N2_A, N2_B, N2_C, N2_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), N3_A(*), N3_B(*), N3_C(*), N3_D(*)</td></tr><tr><td align="left">Subnet3</td><td align="left">N3_D</td><td align="left">N3_A, N3_B, N3_C, N3_D, N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), N2_A(*), N2_B(*), N2_C(*), N2_D(*)</td></tr></tbody></table></div><p>
|
||||||
|
|
||||||
|
Servers with a (*) after them are non-authoritative names.
|
||||||
|
</p><p>
|
||||||
|
Synchronizations between the domain master browser and local
|
||||||
|
master browsers will continue to occur, but this should be a
|
||||||
|
steady state situation.
|
||||||
|
</p><p>
|
||||||
|
If either router R1 or R2 fails the following will occur:
|
||||||
|
</p><div class="orderedlist"><ol type="1"><li><p>
|
||||||
|
Names of computers on each side of the inaccessible network fragments
|
||||||
|
will be maintained for as long as 36 minutes, in the network neighbourhood
|
||||||
|
lists.
|
||||||
|
</p></li><li><p>
|
||||||
|
Attempts to connect to these inaccessible computers will fail, but the
|
||||||
|
names will not be removed from the network neighbourhood lists.
|
||||||
|
</p></li><li><p>
|
||||||
|
If one of the fragments is cut off from the WINS server, it will only
|
||||||
|
be able to access servers on its local subnet, by using subnet-isolated
|
||||||
|
broadcast NetBIOS name resolution. The effects are similar to that of
|
||||||
|
losing access to a DNS server.
|
||||||
|
</p></li></ol></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2906720"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
Many questions are asked on the mailing lists regarding browsing. The majority of browsing
|
||||||
|
problems originate out of incorrect configuration of NetBIOS name resolution. Some are of
|
||||||
|
particular note.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2906735"></a>How can one flush the Samba NetBIOS name cache without restarting Samba?</h3></div></div><div></div></div><p>
|
||||||
|
Samba's nmbd process controls all browse list handling. Under normal circumstances it is
|
||||||
|
safe to restart nmbd. This will effectively flush the Samba NetBIOS name cache and cause it
|
||||||
|
to be rebuilt. Note that this does NOT make certain that a rogue machine name will not re-appear
|
||||||
|
in the browse list. When nmbd is taken out of service another machine on the network will
|
||||||
|
become the browse master. This new list may still have the rogue entry in it. If you really
|
||||||
|
want to clear a rogue machine from the list then every machine on the network will need to be
|
||||||
|
shut down and restarted at after all machines are down. Failing a complete restart, the only
|
||||||
|
other thing you can do is wait until the entry times out and is then flushed from the list.
|
||||||
|
This may take a long time on some networks (months).
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2906764"></a>My client reports "This server is not configured to list shared resources"</h3></div></div><div></div></div><p>
|
||||||
|
Your guest account is probably invalid for some reason. Samba uses the
|
||||||
|
guest account for browsing in smbd. Check that your guest account is
|
||||||
|
valid.
|
||||||
|
</p><p>See also <i class="parameter"><tt>guest account</tt></i> in the <tt class="filename">smb.conf</tt> man page.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="optional.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="passdb.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part III. Advanced Configuration </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 11. Account Information Databases</td></tr></table></div></body></html>
|
186
docs/htmldocs/Other-Clients.html
Normal file
186
docs/htmldocs/Other-Clients.html
Normal file
@ -0,0 +1,186 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 38. Samba and other CIFS clients</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part VI. Appendixes"><link rel="previous" href="Portability.html" title="Chapter 37. Portability"><link rel="next" href="speed.html" title="Chapter 39. Samba Performance Tuning"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 38. Samba and other CIFS clients</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Portability.html">Prev</a> </td><th width="60%" align="center">Part VI. Appendixes</th><td width="20%" align="right"> <a accesskey="n" href="speed.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Other-Clients"></a>Chapter 38. Samba and other CIFS clients</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jim</span> <span class="surname">McDonough</span></h3><div class="affiliation"><span class="orgname">IBM<br></span><div class="address"><p><tt class="email"><<a href="mailto:jmcd@us.ibm.com">jmcd@us.ibm.com</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">5 Mar 2001</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="Other-Clients.html#id3015663">Macintosh clients?</a></dt><dt><a href="Other-Clients.html#id3017016">OS2 Client</a></dt><dd><dl><dt><a href="Other-Clients.html#id3017023">How can I configure OS/2 Warp Connect or
|
||||||
|
OS/2 Warp 4 as a client for Samba?</a></dt><dt><a href="Other-Clients.html#id3017102">How can I configure OS/2 Warp 3 (not Connect),
|
||||||
|
OS/2 1.2, 1.3 or 2.x for Samba?</a></dt><dt><a href="Other-Clients.html#id3017164">How do I get printer driver download working
|
||||||
|
for OS/2 clients?</a></dt></dl></dd><dt><a href="Other-Clients.html#id3017260">Windows for Workgroups</a></dt><dd><dl><dt><a href="Other-Clients.html#id3017268">Use latest TCP/IP stack from Microsoft</a></dt><dt><a href="Other-Clients.html#id3017357">Delete .pwl files after password change</a></dt><dt><a href="Other-Clients.html#id3017388">Configure WfW password handling</a></dt><dt><a href="Other-Clients.html#id3017433">Case handling of passwords</a></dt><dt><a href="Other-Clients.html#id3017464">Use TCP/IP as default protocol</a></dt><dt><a href="Other-Clients.html#id3017481">Speed improvement</a></dt></dl></dd><dt><a href="Other-Clients.html#id3017528">Windows '95/'98</a></dt><dd><dl><dt><a href="Other-Clients.html#id3017601">Speed improvement</a></dt></dl></dd><dt><a href="Other-Clients.html#id3017625">Windows 2000 Service Pack 2</a></dt><dt><a href="Other-Clients.html#id3017736">Windows NT 3.1</a></dt></dl></div><p>This chapter contains client-specific information.</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3015663"></a>Macintosh clients?</h2></div></div><div></div></div><p>
|
||||||
|
Yes. <a href="http://www.thursby.com/" target="_top">Thursby</a> now has a CIFS Client / Server called <a href="http://www.thursby.com/products/dave.html" target="_top">DAVE</a>
|
||||||
|
</p><p>
|
||||||
|
They test it against Windows 95, Windows NT and samba for
|
||||||
|
compatibility issues. At the time of writing, DAVE was at version
|
||||||
|
1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from
|
||||||
|
the Thursby web site (the speed of finder copies has been greatly
|
||||||
|
enhanced, and there are bug-fixes included).
|
||||||
|
</p><p>
|
||||||
|
Alternatives - There are two free implementations of AppleTalk for
|
||||||
|
several kinds of UNIX machines, and several more commercial ones.
|
||||||
|
These products allow you to run file services and print services
|
||||||
|
natively to Macintosh users, with no additional support required on
|
||||||
|
the Macintosh. The two free implementations are
|
||||||
|
<a href="http://www.umich.edu/~rsug/netatalk/" target="_top">Netatalk</a>, and
|
||||||
|
<a href="http://www.cs.mu.oz.au/appletalk/atalk.html" target="_top">CAP</a>.
|
||||||
|
What Samba offers MS
|
||||||
|
Windows users, these packages offer to Macs. For more info on these
|
||||||
|
packages, Samba, and Linux (and other UNIX-based systems) see
|
||||||
|
<a href="http://www.eats.com/linux_mac_win.html" target="_top">http://www.eats.com/linux_mac_win.html</a>
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3017016"></a>OS2 Client</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017023"></a>How can I configure OS/2 Warp Connect or
|
||||||
|
OS/2 Warp 4 as a client for Samba?</h3></div></div><div></div></div><p>A more complete answer to this question can be
|
||||||
|
found on <a href="http://carol.wins.uva.nl/~leeuw/samba/warp.html" target="_top">
|
||||||
|
http://carol.wins.uva.nl/~leeuw/samba/warp.html</a>.</p><p>Basically, you need three components:</p><table class="simplelist" border="0" summary="Simple list"><tr><td>The File and Print Client ('IBM Peer')</td></tr><tr><td>TCP/IP ('Internet support') </td></tr><tr><td>The "NetBIOS over TCP/IP" driver ('TCPBEUI')</td></tr></table><p>Installing the first two together with the base operating
|
||||||
|
system on a blank system is explained in the Warp manual. If Warp
|
||||||
|
has already been installed, but you now want to install the
|
||||||
|
networking support, use the "Selective Install for Networking"
|
||||||
|
object in the "System Setup" folder.</p><p>Adding the "NetBIOS over TCP/IP" driver is not described
|
||||||
|
in the manual and just barely in the online documentation. Start
|
||||||
|
MPTS.EXE, click on OK, click on "Configure LAPS" and click
|
||||||
|
on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line
|
||||||
|
is then moved to 'Current Configuration'. Select that line,
|
||||||
|
click on "Change number" and increase it from 0 to 1. Save this
|
||||||
|
configuration.</p><p>If the Samba server(s) is not on your local subnet, you
|
||||||
|
can optionally add IP names and addresses of these servers
|
||||||
|
to the "Names List", or specify a WINS server ('NetBIOS
|
||||||
|
Nameserver' in IBM and RFC terminology). For Warp Connect you
|
||||||
|
may need to download an update for 'IBM Peer' to bring it on
|
||||||
|
the same level as Warp 4. See the webpage mentioned above.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017102"></a>How can I configure OS/2 Warp 3 (not Connect),
|
||||||
|
OS/2 1.2, 1.3 or 2.x for Samba?</h3></div></div><div></div></div><p>You can use the free Microsoft LAN Manager 2.2c Client
|
||||||
|
for OS/2 from
|
||||||
|
<a href="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/" target="_top">
|
||||||
|
ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</a>.
|
||||||
|
See <a href="http://carol.wins.uva.nl/~leeuw/lanman.html" target="_top">
|
||||||
|
http://carol.wins.uva.nl/~leeuw/lanman.html</a> for
|
||||||
|
more information on how to install and use this client. In
|
||||||
|
a nutshell, edit the file \OS2VER in the root directory of
|
||||||
|
the OS/2 boot partition and add the lines:</p><pre class="programlisting">
|
||||||
|
20=setup.exe
|
||||||
|
20=netwksta.sys
|
||||||
|
20=netvdd.sys
|
||||||
|
</pre><p>before you install the client. Also, don't use the
|
||||||
|
included NE2000 driver because it is buggy. Try the NE2000
|
||||||
|
or NS2000 driver from
|
||||||
|
<a href="ftp://ftp.cdrom.com/pub/os2/network/ndis/" target="_top">
|
||||||
|
ftp://ftp.cdrom.com/pub/os2/network/ndis/</a> instead.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017164"></a>How do I get printer driver download working
|
||||||
|
for OS/2 clients?</h3></div></div><div></div></div><p>First, create a share called <i class="parameter"><tt>[PRINTDRV]</tt></i> that is
|
||||||
|
world-readable. Copy your OS/2 driver files there. Note
|
||||||
|
that the .EA_ files must still be separate, so you will need
|
||||||
|
to use the original install files, and not copy an installed
|
||||||
|
driver from an OS/2 system.</p><p>Install the NT driver first for that printer. Then,
|
||||||
|
add to your <tt class="filename">smb.conf</tt> a parameter, <i class="parameter"><tt>os2 driver map =
|
||||||
|
<i class="replaceable"><tt>filename</tt></i></tt></i>. Then, in the file
|
||||||
|
specified by <i class="replaceable"><tt>filename</tt></i>, map the
|
||||||
|
name of the NT driver name to the OS/2 driver name as
|
||||||
|
follows:</p><p><i class="parameter"><tt><i class="replaceable"><tt>nt driver name</tt></i> = <i class="replaceable"><tt>os2 driver name</tt></i>.<i class="replaceable"><tt>device name</tt></i></tt></i>, e.g.:</p><p><i class="parameter"><tt>
|
||||||
|
HP LaserJet 5L = LASERJET.HP LaserJet 5L</tt></i></p><p>You can have multiple drivers mapped in this file.</p><p>If you only specify the OS/2 driver name, and not the
|
||||||
|
device name, the first attempt to download the driver will
|
||||||
|
actually download the files, but the OS/2 client will tell
|
||||||
|
you the driver is not available. On the second attempt, it
|
||||||
|
will work. This is fixed simply by adding the device name
|
||||||
|
to the mapping, after which it will work on the first attempt.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3017260"></a>Windows for Workgroups</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017268"></a>Use latest TCP/IP stack from Microsoft</h3></div></div><div></div></div><p>Use the latest TCP/IP stack from Microsoft if you use Windows
|
||||||
|
for Workgroups.
|
||||||
|
</p><p>The early TCP/IP stacks had lots of bugs.</p><p>
|
||||||
|
Microsoft has released an incremental upgrade to their TCP/IP 32-Bit
|
||||||
|
VxD drivers. The latest release can be found on their ftp site at
|
||||||
|
ftp.microsoft.com, located in <tt class="filename">/peropsys/windows/public/tcpip/wfwt32.exe</tt>.
|
||||||
|
There is an update.txt file there that describes the problems that were
|
||||||
|
fixed. New files include <tt class="filename">WINSOCK.DLL</tt>,
|
||||||
|
<tt class="filename">TELNET.EXE</tt>,
|
||||||
|
<tt class="filename">WSOCK.386</tt>,
|
||||||
|
<tt class="filename">VNBT.386</tt>,
|
||||||
|
<tt class="filename">WSTCP.386</tt>,
|
||||||
|
<tt class="filename">TRACERT.EXE</tt>,
|
||||||
|
<tt class="filename">NETSTAT.EXE</tt>, and
|
||||||
|
<tt class="filename">NBTSTAT.EXE</tt>.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017357"></a>Delete .pwl files after password change</h3></div></div><div></div></div><p>
|
||||||
|
WfWg does a lousy job with passwords. I find that if I change my
|
||||||
|
password on either the unix box or the PC the safest thing to do is to
|
||||||
|
delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password.
|
||||||
|
</p><p>
|
||||||
|
If you don't do this you may find that WfWg remembers and uses the old
|
||||||
|
password, even if you told it a new one.
|
||||||
|
</p><p>
|
||||||
|
Often WfWg will totally ignore a password you give it in a dialog box.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017388"></a>Configure WfW password handling</h3></div></div><div></div></div><p>
|
||||||
|
There is a program call admincfg.exe
|
||||||
|
on the last disk (disk 8) of the WFW 3.11 disk set. To install it
|
||||||
|
type <b class="userinput"><tt>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</tt></b>.
|
||||||
|
Then add an icon
|
||||||
|
for it via the <span class="application">Program Manager</span> <span class="guimenu">New</span> Menu.
|
||||||
|
This program allows you to control how WFW handles passwords. ie disable Password Caching etc
|
||||||
|
for use with <i class="parameter"><tt>security = user</tt></i>
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017433"></a>Case handling of passwords</h3></div></div><div></div></div><p>Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <a href="smb.conf.5.html" target="_top">smb.conf(5)</a> information on <i class="parameter"><tt>password level</tt></i> to specify what characters samba should try to uppercase when checking.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017464"></a>Use TCP/IP as default protocol</h3></div></div><div></div></div><p>To support print queue reporting you may find
|
||||||
|
that you have to use TCP/IP as the default protocol under
|
||||||
|
WfWg. For some reason if you leave NetBEUI as the default
|
||||||
|
it may break the print queue reporting on some systems.
|
||||||
|
It is presumably a WfWg bug.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017481"></a>Speed improvement</h3></div></div><div></div></div><p>
|
||||||
|
Note that some people have found that setting <i class="parameter"><tt>DefaultRcvWindow</tt></i> in
|
||||||
|
the <i class="parameter"><tt>[MSTCP]</tt></i> section of the
|
||||||
|
<tt class="filename">SYSTEM.INI</tt> file under WfWg to 3072 gives a
|
||||||
|
big improvement. I don't know why.
|
||||||
|
</p><p>
|
||||||
|
My own experience with DefaultRcvWindow is that I get much better
|
||||||
|
performance with a large value (16384 or larger). Other people have
|
||||||
|
reported that anything over 3072 slows things down enormously. One
|
||||||
|
person even reported a speed drop of a factor of 30 when he went from
|
||||||
|
3072 to 8192. I don't know why.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3017528"></a>Windows '95/'98</h2></div></div><div></div></div><p>
|
||||||
|
When using Windows 95 OEM SR2 the following updates are recommended where Samba
|
||||||
|
is being used. Please NOTE that the above change will affect you once these
|
||||||
|
updates have been installed.
|
||||||
|
</p><p>
|
||||||
|
There are more updates than the ones mentioned here. You are referred to the
|
||||||
|
Microsoft Web site for all currently available updates to your specific version
|
||||||
|
of Windows 95.
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Kernel Update: KRNLUPD.EXE</td></tr><tr><td>Ping Fix: PINGUPD.EXE</td></tr><tr><td>RPC Update: RPCRTUPD.EXE</td></tr><tr><td>TCP/IP Update: VIPUPD.EXE</td></tr><tr><td>Redirector Update: VRDRUPD.EXE</td></tr></table><p>
|
||||||
|
Also, if using <span class="application">MS Outlook</span> it is desirable to
|
||||||
|
install the <b class="command">OLEUPD.EXE</b> fix. This
|
||||||
|
fix may stop your machine from hanging for an extended period when exiting
|
||||||
|
Outlook and you may also notice a significant speedup when accessing network
|
||||||
|
neighborhood services.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3017601"></a>Speed improvement</h3></div></div><div></div></div><p>
|
||||||
|
Configure the win95 TCPIP registry settings to give better
|
||||||
|
performance. I use a program called <b class="command">MTUSPEED.exe</b> which I got off the
|
||||||
|
net. There are various other utilities of this type freely available.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3017625"></a>Windows 2000 Service Pack 2</h2></div></div><div></div></div><p>
|
||||||
|
There are several annoyances with Windows 2000 SP2. One of which
|
||||||
|
only appears when using a Samba server to host user profiles
|
||||||
|
to Windows 2000 SP2 clients in a Windows domain. This assumes
|
||||||
|
that Samba is a member of the domain, but the problem will
|
||||||
|
likely occur if it is not.
|
||||||
|
</p><p>
|
||||||
|
In order to serve profiles successfully to Windows 2000 SP2
|
||||||
|
clients (when not operating as a PDC), Samba must have
|
||||||
|
<i class="parameter"><tt>nt acl support = no</tt></i>
|
||||||
|
added to the file share which houses the roaming profiles.
|
||||||
|
If this is not done, then the Windows 2000 SP2 client will
|
||||||
|
complain about not being able to access the profile (Access
|
||||||
|
Denied) and create multiple copies of it on disk (DOMAIN.user.001,
|
||||||
|
DOMAIN.user.002, etc...). See the
|
||||||
|
<a href="smb.conf.5.html" target="_top">smb.conf(5)</a> man page
|
||||||
|
for more details on this option. Also note that the
|
||||||
|
<i class="parameter"><tt>nt acl support</tt></i> parameter was formally a global parameter in
|
||||||
|
releases prior to Samba 2.2.2.
|
||||||
|
</p><p>
|
||||||
|
The following is a minimal profile share:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
[profile]
|
||||||
|
path = /export/profile
|
||||||
|
create mask = 0600
|
||||||
|
directory mask = 0700
|
||||||
|
nt acl support = no
|
||||||
|
read only = no
|
||||||
|
</pre><p>
|
||||||
|
The reason for this bug is that the Win2k SP2 client copies
|
||||||
|
the security descriptor for the profile which contains
|
||||||
|
the Samba server's SID, and not the domain SID. The client
|
||||||
|
compares the SID for SAMBA\user and realizes it is
|
||||||
|
different that the one assigned to DOMAIN\user. Hence the reason
|
||||||
|
for the <span class="errorname">access denied</span> message.
|
||||||
|
</p><p>
|
||||||
|
By disabling the <i class="parameter"><tt>nt acl support</tt></i> parameter, Samba will send
|
||||||
|
the Win2k client a response to the QuerySecurityDescriptor
|
||||||
|
trans2 call which causes the client to set a default ACL
|
||||||
|
for the profile. This default ACL includes
|
||||||
|
</p><p><span class="emphasis"><em>DOMAIN\user "Full Control"</em></span>></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This bug does not occur when using winbind to
|
||||||
|
create accounts on the Samba host for Domain users.</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3017736"></a>Windows NT 3.1</h2></div></div><div></div></div><p>If you have problems communicating across routers with Windows
|
||||||
|
NT 3.1 workstations, read <a href="http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q103765" target="_top">this Microsoft Knowledge Base article</a>.
|
||||||
|
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Portability.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Appendixes.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="speed.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 37. Portability </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 39. Samba Performance Tuning</td></tr></table></div></body></html>
|
260
docs/htmldocs/PolicyMgmt.html
Normal file
260
docs/htmldocs/PolicyMgmt.html
Normal file
@ -0,0 +1,260 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 23. System and Account Policies</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="AdvancedNetworkManagement.html" title="Chapter 22. Advanced Network Management"><link rel="next" href="ProfileMgmt.html" title="Chapter 24. Desktop Profile Management"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 23. System and Account Policies</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="AdvancedNetworkManagement.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="ProfileMgmt.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="PolicyMgmt"></a>Chapter 23. System and Account Policies</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">April 3 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="PolicyMgmt.html#id2984380">Features and Benefits</a></dt><dt><a href="PolicyMgmt.html#id2984435">Creating and Managing System Policies</a></dt><dd><dl><dt><a href="PolicyMgmt.html#id2986217">Windows 9x/Me Policies</a></dt><dt><a href="PolicyMgmt.html#id2986312">Windows NT4 Style Policy Files</a></dt><dt><a href="PolicyMgmt.html#id2986445">MS Windows 200x / XP Professional Policies</a></dt></dl></dd><dt><a href="PolicyMgmt.html#id2986697">Managing Account/User Policies</a></dt><dd><dl><dt><a href="PolicyMgmt.html#id2986798">Samba Editreg Toolset</a></dt><dt><a href="PolicyMgmt.html#id2986819">Windows NT4/200x</a></dt><dt><a href="PolicyMgmt.html#id2986839">Samba PDC</a></dt></dl></dd><dt><a href="PolicyMgmt.html#id2986883">System Startup and Logon Processing Overview</a></dt><dt><a href="PolicyMgmt.html#id2987030">Common Errors</a></dt><dd><dl><dt><a href="PolicyMgmt.html#id2987044">Policy Does Not Work</a></dt></dl></dd></dl></div><p>
|
||||||
|
This chapter summarises the current state of knowledge derived from personal
|
||||||
|
practice and knowledge from samba mailing list subscribers. Before reproduction
|
||||||
|
of posted information effort has been made to validate the information provided.
|
||||||
|
Where additional information was uncovered through this validation it is provided
|
||||||
|
also.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2984380"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
When MS Windows NT3.5 was introduced the hot new topic was the ability to implement
|
||||||
|
Group Policies for users and group. Then along came MS Windows NT4 and a few sites
|
||||||
|
started to adopt this capability. How do we know that? By way of the number of "booboos"
|
||||||
|
(or mistakes) administrators made and then requested help to resolve.
|
||||||
|
</p><p>
|
||||||
|
By the time that MS Windows 2000 and Active Directory was released, administrators
|
||||||
|
got the message: Group Policies are a good thing! They can help reduce administrative
|
||||||
|
costs and actually can help to create happier users. But adoption of the true
|
||||||
|
potential of MS Windows 200x Active Directory and Group Policy Objects (GPOs) for users
|
||||||
|
and machines were picked up on rather slowly. This was very obvious from the samba
|
||||||
|
mailing list as in 2000 and 2001 there were very few postings regarding GPOs and
|
||||||
|
how to replicate them in a Samba environment.
|
||||||
|
</p><p>
|
||||||
|
Judging by the traffic volume since mid 2002, GPOs have become a standard part of
|
||||||
|
the deployment in many sites. This chapter reviews techniques and methods that can
|
||||||
|
be used to exploit opportunities for automation of control over user desktops and
|
||||||
|
network client workstations.
|
||||||
|
</p><p>
|
||||||
|
A tool new to Samba-3 may become an important part of the future Samba Administrators'
|
||||||
|
arsenal. The <b class="command">editreg</b> tool is described in this document.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2984435"></a>Creating and Managing System Policies</h2></div></div><div></div></div><p>
|
||||||
|
Under MS Windows platforms, particularly those following the release of MS Windows
|
||||||
|
NT4 and MS Windows 95) it is possible to create a type of file that would be placed
|
||||||
|
in the NETLOGON share of a domain controller. As the client logs onto the network
|
||||||
|
this file is read and the contents initiate changes to the registry of the client
|
||||||
|
machine. This file allows changes to be made to those parts of the registry that
|
||||||
|
affect users, groups of users, or machines.
|
||||||
|
</p><p>
|
||||||
|
For MS Windows 9x/Me this file must be called <tt class="filename">Config.POL</tt> and may
|
||||||
|
be generated using a tool called <tt class="filename">poledit.exe</tt>, better known as the
|
||||||
|
Policy Editor. The policy editor was provided on the Windows 98 installation CD, but
|
||||||
|
disappeared again with the introduction of MS Windows Me (Millennium Edition). From
|
||||||
|
comments from MS Windows network administrators it would appear that this tool became
|
||||||
|
a part of the MS Windows Me Resource Kit.
|
||||||
|
</p><p>
|
||||||
|
MS Windows NT4 Server products include the <span class="emphasis"><em>System Policy Editor</em></span>
|
||||||
|
under the <tt class="filename">Start -> Programs -> Administrative Tools</tt> menu item.
|
||||||
|
For MS Windows NT4 and later clients this file must be called <tt class="filename">NTConfig.POL</tt>.
|
||||||
|
</p><p>
|
||||||
|
New with the introduction of MS Windows 2000 was the Microsoft Management Console
|
||||||
|
or MMC. This tool is the new wave in the ever changing landscape of Microsoft
|
||||||
|
methods for management of network access and security. Every new Microsoft product
|
||||||
|
or technology seems to obsolete the old rules and to introduce newer and more
|
||||||
|
complex tools and methods. To Microsoft's credit though, the MMC does appear to
|
||||||
|
be a step forward, but improved functionality comes at a great price.
|
||||||
|
</p><p>
|
||||||
|
Before embarking on the configuration of network and system policies it is highly
|
||||||
|
advisable to read the documentation available from Microsoft's web site regarding
|
||||||
|
<a href="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp" target="_top">
|
||||||
|
Implementing Profiles and Policies in Windows NT 4.0 from http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp</a> available from Microsoft.
|
||||||
|
There are a large number of documents in addition to this old one that should also
|
||||||
|
be read and understood. Try searching on the Microsoft web site for "Group Policies".
|
||||||
|
</p><p>
|
||||||
|
What follows is a very brief discussion with some helpful notes. The information provided
|
||||||
|
here is incomplete - you are warned.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2986217"></a>Windows 9x/Me Policies</h3></div></div><div></div></div><p>
|
||||||
|
You need the Win98 Group Policy Editor to set Group Profiles up under Windows 9x/Me.
|
||||||
|
It can be found on the Original full product Win98 installation CD under
|
||||||
|
<tt class="filename">tools/reskit/netadmin/poledit</tt>. Install this using the
|
||||||
|
Add/Remove Programs facility and then click on the 'Have Disk' tab.
|
||||||
|
</p><p>
|
||||||
|
Use the Group Policy Editor to create a policy file that specifies the location of
|
||||||
|
user profiles and/or the <tt class="filename">My Documents</tt> etc. Then save these
|
||||||
|
settings in a file called <tt class="filename">Config.POL</tt> that needs to be placed in the
|
||||||
|
root of the <i class="parameter"><tt>[NETLOGON]</tt></i> share. If Win98 is configured to log onto
|
||||||
|
the Samba Domain, it will automatically read this file and update the Win9x/Me registry
|
||||||
|
of the machine as it logs on.
|
||||||
|
</p><p>
|
||||||
|
Further details are covered in the Win98 Resource Kit documentation.
|
||||||
|
</p><p>
|
||||||
|
If you do not take the right steps, then every so often Win9x/Me will check the
|
||||||
|
integrity of the registry and will restore it's settings from the back-up
|
||||||
|
copy of the registry it stores on each Win9x/Me machine. Hence, you will
|
||||||
|
occasionally notice things changing back to the original settings.
|
||||||
|
</p><p>
|
||||||
|
Install the group policy handler for Win9x to pick up group policies. Look on the
|
||||||
|
Win98 CD in <tt class="filename">\tools\reskit\netadmin\poledit</tt>.
|
||||||
|
Install group policies on a Win9x client by double-clicking
|
||||||
|
<tt class="filename">grouppol.inf</tt>. Log off and on again a couple of times and see
|
||||||
|
if Win98 picks up group policies. Unfortunately this needs to be done on every
|
||||||
|
Win9x/Me machine that uses group policies.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2986312"></a>Windows NT4 Style Policy Files</h3></div></div><div></div></div><p>
|
||||||
|
To create or edit <tt class="filename">ntconfig.pol</tt> you must use the NT Server
|
||||||
|
Policy Editor, <b class="command">poledit.exe</b> which is included with NT4 Server
|
||||||
|
but <span class="emphasis"><em>not NT Workstation</em></span>. There is a Policy Editor on a NT4
|
||||||
|
Workstation but it is not suitable for creating <span class="emphasis"><em>Domain Policies</em></span>.
|
||||||
|
Further, although the Windows 95 Policy Editor can be installed on an NT4
|
||||||
|
Workstation/Server, it will not work with NT clients. However, the files from
|
||||||
|
the NT Server will run happily enough on an NT4 Workstation.
|
||||||
|
</p><p>
|
||||||
|
You need <tt class="filename">poledit.exe</tt>, <tt class="filename">common.adm</tt> and <tt class="filename">winnt.adm</tt>.
|
||||||
|
It is convenient to put the two *.adm files in the <tt class="filename">c:\winnt\inf</tt>
|
||||||
|
directory which is where the binary will look for them unless told otherwise. Note also that that
|
||||||
|
directory is normally 'hidden'.
|
||||||
|
</p><p>
|
||||||
|
The Windows NT policy editor is also included with the Service Pack 3 (and
|
||||||
|
later) for Windows NT 4.0. Extract the files using <b class="command">servicepackname /x</b>,
|
||||||
|
i.e. that's <b class="command">Nt4sp6ai.exe /x</b> for service pack 6a. The policy editor,
|
||||||
|
<b class="command">poledit.exe</b> and the associated template files (*.adm) should
|
||||||
|
be extracted as well. It is also possible to downloaded the policy template
|
||||||
|
files for Office97 and get a copy of the policy editor. Another possible
|
||||||
|
location is with the Zero Administration Kit available for download from Microsoft.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2986421"></a>Registry Spoiling</h4></div></div><div></div></div><p>
|
||||||
|
With NT4 style registry based policy changes, a large number of settings are not
|
||||||
|
automatically reversed as the user logs off. Since the settings that were in the
|
||||||
|
NTConfig.POL file were applied to the client machine registry and that apply to the
|
||||||
|
hive key HKEY_LOCAL_MACHINE are permanent until explicitly reversed. This is known
|
||||||
|
as tattooing. It can have serious consequences down-stream and the administrator must
|
||||||
|
be extremely careful not to lock out the ability to manage the machine at a later date.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2986445"></a>MS Windows 200x / XP Professional Policies</h3></div></div><div></div></div><p>
|
||||||
|
Windows NT4 System policies allows setting of registry parameters specific to
|
||||||
|
users, groups and computers (client workstations) that are members of the NT4
|
||||||
|
style domain. Such policy file will work with MS Windows 2000 / XP clients also.
|
||||||
|
</p><p>
|
||||||
|
New to MS Windows 2000 Microsoft introduced a new style of group policy that confers
|
||||||
|
a superset of capabilities compared with NT4 style policies. Obviously, the tool used
|
||||||
|
to create them is different, and the mechanism for implementing them is much changed.
|
||||||
|
</p><p>
|
||||||
|
The older NT4 style registry based policies are known as <span class="emphasis"><em>Administrative Templates</em></span>
|
||||||
|
in MS Windows 2000/XP Group Policy Objects (GPOs). The later includes ability to set various security
|
||||||
|
configurations, enforce Internet Explorer browser settings, change and redirect aspects of the
|
||||||
|
users' desktop (including: the location of <tt class="filename">My Documents</tt> files (directory), as
|
||||||
|
well as intrinsics of where menu items will appear in the Start menu). An additional new
|
||||||
|
feature is the ability to make available particular software Windows applications to particular
|
||||||
|
users and/or groups.
|
||||||
|
</p><p>
|
||||||
|
Remember: NT4 policy files are named <tt class="filename">NTConfig.POL</tt> and are stored in the root
|
||||||
|
of the NETLOGON share on the domain controllers. A Windows NT4 user enters a username, a password
|
||||||
|
and selects the domain name to which the logon will attempt to take place. During the logon
|
||||||
|
process the client machine reads the NTConfig.POL file from the NETLOGON share on the authenticating
|
||||||
|
server, modifies the local registry values according to the settings in this file.
|
||||||
|
</p><p>
|
||||||
|
Windows 2K GPOs are very feature rich. They are NOT stored in the NETLOGON share, rather part of
|
||||||
|
a Windows 200x policy file is stored in the Active Directory itself and the other part is stored
|
||||||
|
in a shared (and replicated) volume called the SYSVOL folder. This folder is present on all Active
|
||||||
|
Directory domain controllers. The part that is stored in the Active Directory itself is called the
|
||||||
|
group policy container (GPC), and the part that is stored in the replicated share called SYSVOL is
|
||||||
|
known as the group policy template (GPT).
|
||||||
|
</p><p>
|
||||||
|
With NT4 clients the policy file is read and executed upon only as each user logs onto the network.
|
||||||
|
MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine
|
||||||
|
startup (machine specific part) and when the user logs onto the network the user specific part
|
||||||
|
is applied. In MS Windows 200x style policy management each machine and/or user may be subject
|
||||||
|
to any number of concurrently applicable (and applied) policy sets (GPOs). Active Directory allows
|
||||||
|
the administrator to also set filters over the policy settings. No such equivalent capability
|
||||||
|
exists with NT4 style policy files.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2986546"></a>Administration of Win2K / XP Policies</h4></div></div><div></div></div><p>
|
||||||
|
Instead of using the tool called <span class="application">The System Policy Editor</span>, commonly called Poledit (from the
|
||||||
|
executable name <b class="command">poledit.exe</b>), <span class="acronym">GPOs</span> are created and managed using a
|
||||||
|
<span class="application">Microsoft Management Console</span> <span class="acronym">(MMC)</span> snap-in as follows:</p><div class="procedure"><ol type="1"><li><p>
|
||||||
|
Go to the Windows 200x / XP menu <span class="guimenu">Start->Programs->Administrative Tools</span>
|
||||||
|
and select the MMC snap-in called <span class="guimenuitem">Active Directory Users and Computers</span>
|
||||||
|
</p></li><li><p>
|
||||||
|
Select the domain or organizational unit (OU) that you wish to manage, then right click
|
||||||
|
to open the context menu for that object, select the properties item.
|
||||||
|
</p></li><li><p>
|
||||||
|
Now left click on the <span class="guilabel">Group Policy</span> tab, then left click on the New tab. Type a name
|
||||||
|
for the new policy you will create.
|
||||||
|
</p></li><li><p>
|
||||||
|
Now left click on the <span class="guilabel">Edit</span> tab to commence the steps needed to create the GPO.
|
||||||
|
</p></li></ol></div><p>
|
||||||
|
All policy configuration options are controlled through the use of policy administrative
|
||||||
|
templates. These files have a .adm extension, both in NT4 as well as in Windows 200x / XP.
|
||||||
|
Beware however, since the .adm files are NOT interchangeable across NT4 and Windows 200x.
|
||||||
|
The later introduces many new features as well as extended definition capabilities. It is
|
||||||
|
well beyond the scope of this documentation to explain how to program .adm files, for that
|
||||||
|
the administrator is referred to the Microsoft Windows Resource Kit for your particular
|
||||||
|
version of MS Windows.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
The MS Windows 2000 Resource Kit contains a tool called gpolmig.exe. This tool can be used
|
||||||
|
to migrate an NT4 NTConfig.POL file into a Windows 200x style GPO. Be VERY careful how you
|
||||||
|
use this powerful tool. Please refer to the resource kit manuals for specific usage information.
|
||||||
|
</p></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2986697"></a>Managing Account/User Policies</h2></div></div><div></div></div><p>
|
||||||
|
Policies can define a specific user's settings or the settings for a group of users. The resulting
|
||||||
|
policy file contains the registry settings for all users, groups, and computers that will be using
|
||||||
|
the policy file. Separate policy files for each user, group, or computer are not not necessary.
|
||||||
|
</p><p>
|
||||||
|
If you create a policy that will be automatically downloaded from validating domain controllers,
|
||||||
|
you should name the file NTconfig.POL. As system administrator, you have the option of renaming the
|
||||||
|
policy file and, by modifying the Windows NT-based workstation, directing the computer to update
|
||||||
|
the policy from a manual path. You can do this by either manually changing the registry or by using
|
||||||
|
the System Policy Editor. This path can even be a local path such that each machine has its own policy file,
|
||||||
|
but if a change is necessary to all machines, this change must be made individually to each workstation.
|
||||||
|
</p><p>
|
||||||
|
When a Windows NT4/200x/XP machine logs onto the network the NETLOGON share on the authenticating domain
|
||||||
|
controller for the presence of the NTConfig.POL file. If one exists it is downloaded, parsed and then
|
||||||
|
applied to the user's part of the registry.
|
||||||
|
</p><p>
|
||||||
|
MS Windows 200x/XP clients that log onto an MS Windows Active Directory security domain may additionally,
|
||||||
|
acquire policy settings through Group Policy Objects (GPOs) that are defined and stored in Active Directory
|
||||||
|
itself. The key benefit of using AS GPOs is that they impose no registry <span class="emphasis"><em>spoiling</em></span> effect.
|
||||||
|
This has considerable advantage compared with the use of NTConfig.POL (NT4) style policy updates.
|
||||||
|
</p><p>
|
||||||
|
In addition to user access controls that may be imposed or applied via system and/or group policies
|
||||||
|
in a manner that works in conjunction with user profiles, the user management environment under
|
||||||
|
MS Windows NT4/200x/XP allows per domain as well as per user account restrictions to be applied.
|
||||||
|
Common restrictions that are frequently used includes:
|
||||||
|
</p><p>
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Logon Hours</td></tr><tr><td>Password Aging</td></tr><tr><td>Permitted Logon from certain machines only</td></tr><tr><td>Account type (Local or Global)</td></tr><tr><td>User Rights</td></tr></table><p>
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2986798"></a>Samba Editreg Toolset</h3></div></div><div></div></div><p>
|
||||||
|
Describe in detail the benefits of <b class="command">editreg</b> and how to use it.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2986819"></a>Windows NT4/200x</h3></div></div><div></div></div><p>
|
||||||
|
The tools that may be used to configure these types of controls from the MS Windows environment are:
|
||||||
|
The NT4 User Manager for domains, the NT4 System and Group Policy Editor, the registry editor (regedt32.exe).
|
||||||
|
Under MS Windows 200x/XP this is done using the Microsoft Management Console (MMC) with appropriate
|
||||||
|
"snap-ins", the registry editor, and potentially also the NT4 System and Group Policy Editor.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2986839"></a>Samba PDC</h3></div></div><div></div></div><p>
|
||||||
|
With a Samba Domain Controller, the new tools for managing of user account and policy information includes:
|
||||||
|
<b class="command">smbpasswd</b>, <b class="command">pdbedit</b>, <b class="command">net</b>, <b class="command">rpcclient</b>.
|
||||||
|
The administrator should read the
|
||||||
|
man pages for these tools and become familiar with their use.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2986883"></a>System Startup and Logon Processing Overview</h2></div></div><div></div></div><p>
|
||||||
|
The following attempts to document the order of processing of system and user policies following a system
|
||||||
|
reboot and as part of the user logon:
|
||||||
|
</p><div class="orderedlist"><ol type="1"><li><p>
|
||||||
|
Network starts, then Remote Procedure Call System Service (RPCSS) and Multiple Universal Naming
|
||||||
|
Convention Provider (MUP) start
|
||||||
|
</p></li><li><p>
|
||||||
|
Where Active Directory is involved, an ordered list of Group Policy Objects (GPOs) is downloaded
|
||||||
|
and applied. The list may include GPOs that:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Apply to the location of machines in a Directory</td></tr><tr><td>Apply only when settings have changed</td></tr><tr><td>Depend on configuration of scope of applicability: local, site, domain, organizational unit, etc.</td></tr></table><p>
|
||||||
|
No desktop user interface is presented until the above have been processed.
|
||||||
|
</p></li><li><p>
|
||||||
|
Execution of start-up scripts (hidden and synchronous by default).
|
||||||
|
</p></li><li><p>
|
||||||
|
A keyboard action to affect start of logon (Ctrl-Alt-Del).
|
||||||
|
</p></li><li><p>
|
||||||
|
User credentials are validated, User profile is loaded (depends on policy settings).
|
||||||
|
</p></li><li><p>
|
||||||
|
An ordered list of User GPOs is obtained. The list contents depends on what is configured in respect of:
|
||||||
|
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Is user a domain member, thus subject to particular policies</td></tr><tr><td>Loopback enablement, and the state of the loopback policy (Merge or Replace)</td></tr><tr><td>Location of the Active Directory itself</td></tr><tr><td>Has the list of GPOs changed. No processing is needed if not changed.</td></tr></table><p>
|
||||||
|
</p></li><li><p>
|
||||||
|
User Policies are applied from Active Directory. Note: There are several types.
|
||||||
|
</p></li><li><p>
|
||||||
|
Logon scripts are run. New to Win2K and Active Directory, logon scripts may be obtained based on Group
|
||||||
|
Policy objects (hidden and executed synchronously). NT4 style logon scripts are then run in a normal
|
||||||
|
window.
|
||||||
|
</p></li><li><p>
|
||||||
|
The User Interface as determined from the GPOs is presented. Note: In a Samba domain (like and NT4
|
||||||
|
Domain) machine (system) policies are applied at start-up, User policies are applied at logon.
|
||||||
|
</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2987030"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
Policy related problems can be very difficult to diagnose and even more difficult to rectify. The following
|
||||||
|
collection demonstrates only basic issues.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2987044"></a>Policy Does Not Work</h3></div></div><div></div></div><p>
|
||||||
|
Question: We have created the <tt class="filename">config.pol</tt> file and put it in the <span class="emphasis"><em>NETLOGON</em></span> share.
|
||||||
|
It has made no difference to our Win XP Pro machines, they just don't see it. IT worked fine with Win 98 but does not
|
||||||
|
work any longer since we upgraded to Win XP Pro. Any hints?
|
||||||
|
</p><p>
|
||||||
|
<span class="emphasis"><em>ANSWER:</em></span> Policy files are NOT portable between Windows 9x / Me and MS Windows NT4 / 200x / XP based
|
||||||
|
platforms. You need to use the NT4 Group Policy Editor to create a file called <tt class="filename">NTConfig.POL</tt> so that
|
||||||
|
it is in the correct format for your MS Windows XP Pro clients.
|
||||||
|
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="AdvancedNetworkManagement.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ProfileMgmt.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 22. Advanced Network Management </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 24. Desktop Profile Management</td></tr></table></div></body></html>
|
128
docs/htmldocs/Portability.html
Normal file
128
docs/htmldocs/Portability.html
Normal file
@ -0,0 +1,128 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 37. Portability</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part VI. Appendixes"><link rel="previous" href="compiling.html" title="Chapter 36. How to compile SAMBA"><link rel="next" href="Other-Clients.html" title="Chapter 38. Samba and other CIFS clients"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 37. Portability</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="compiling.html">Prev</a> </td><th width="60%" align="center">Part VI. Appendixes</th><td width="20%" align="right"> <a accesskey="n" href="Other-Clients.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Portability"></a>Chapter 37. Portability</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="Portability.html#id3013478">HPUX</a></dt><dt><a href="Portability.html#id3016009">SCO Unix</a></dt><dt><a href="Portability.html#id3016039">DNIX</a></dt><dt><a href="Portability.html#id3016210">RedHat Linux Rembrandt-II</a></dt><dt><a href="Portability.html#id3016254">AIX</a></dt><dd><dl><dt><a href="Portability.html#id3016261">Sequential Read Ahead</a></dt></dl></dd><dt><a href="Portability.html#id3016287">Solaris</a></dt><dd><dl><dt><a href="Portability.html#id3016294">Locking improvements</a></dt><dt><a href="Portability.html#winbind-solaris9">Winbind on Solaris 9</a></dt></dl></dd></dl></div><p>Samba works on a wide range of platforms but the interface all the
|
||||||
|
platforms provide is not always compatible. This chapter contains
|
||||||
|
platform-specific information about compiling and using samba.</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3013478"></a>HPUX</h2></div></div><div></div></div><p>
|
||||||
|
HP's implementation of supplementary groups is, er, non-standard (for
|
||||||
|
hysterical reasons). There are two group files, <tt class="filename">/etc/group</tt> and
|
||||||
|
<tt class="filename">/etc/logingroup</tt>; the system maps UIDs to numbers using the former, but
|
||||||
|
initgroups() reads the latter. Most system admins who know the ropes
|
||||||
|
symlink <tt class="filename">/etc/group</tt> to <tt class="filename">/etc/logingroup</tt>
|
||||||
|
(hard link doesn't work for reasons too stupid to go into here). initgroups() will complain if one of the
|
||||||
|
groups you're in in <tt class="filename">/etc/logingroup</tt> has what it considers to be an invalid
|
||||||
|
ID, which means outside the range <tt class="constant">[0..UID_MAX]</tt>, where <tt class="constant">UID_MAX</tt> is (I think)
|
||||||
|
60000 currently on HP-UX. This precludes -2 and 65534, the usual <tt class="constant">nobody</tt>
|
||||||
|
GIDs.
|
||||||
|
</p><p>
|
||||||
|
If you encounter this problem, make sure that the programs that are failing
|
||||||
|
to initgroups() be run as users not in any groups with GIDs outside the
|
||||||
|
allowed range.
|
||||||
|
</p><p>This is documented in the HP manual pages under setgroups(2) and passwd(4).
|
||||||
|
</p><p>
|
||||||
|
On HPUX you must use gcc or the HP ANSI compiler. The free compiler
|
||||||
|
that comes with HP-UX is not ANSI compliant and cannot compile
|
||||||
|
Samba.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3016009"></a>SCO Unix</h2></div></div><div></div></div><p>
|
||||||
|
If you run an old version of SCO Unix then you may need to get important
|
||||||
|
TCP/IP patches for Samba to work correctly. Without the patch, you may
|
||||||
|
encounter corrupt data transfers using samba.
|
||||||
|
</p><p>
|
||||||
|
The patch you need is UOD385 Connection Drivers SLS. It is available from
|
||||||
|
SCO (<a href="ftp://ftp.sco.com/" target="_top">ftp.sco.com</a>, directory SLS,
|
||||||
|
files uod385a.Z and uod385a.ltr.Z).
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3016039"></a>DNIX</h2></div></div><div></div></div><p>
|
||||||
|
DNIX has a problem with seteuid() and setegid(). These routines are
|
||||||
|
needed for Samba to work correctly, but they were left out of the DNIX
|
||||||
|
C library for some reason.
|
||||||
|
</p><p>
|
||||||
|
For this reason Samba by default defines the macro NO_EID in the DNIX
|
||||||
|
section of includes.h. This works around the problem in a limited way,
|
||||||
|
but it is far from ideal, some things still won't work right.
|
||||||
|
</p><p>
|
||||||
|
To fix the problem properly you need to assemble the following two
|
||||||
|
functions and then either add them to your C library or link them into
|
||||||
|
Samba.
|
||||||
|
</p><p>
|
||||||
|
put this in the file <tt class="filename">setegid.s</tt>:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
.globl _setegid
|
||||||
|
_setegid:
|
||||||
|
moveq #47,d0
|
||||||
|
movl #100,a0
|
||||||
|
moveq #1,d1
|
||||||
|
movl 4(sp),a1
|
||||||
|
trap #9
|
||||||
|
bccs 1$
|
||||||
|
jmp cerror
|
||||||
|
1$:
|
||||||
|
clrl d0
|
||||||
|
rts
|
||||||
|
</pre><p>
|
||||||
|
put this in the file <tt class="filename">seteuid.s</tt>:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
.globl _seteuid
|
||||||
|
_seteuid:
|
||||||
|
moveq #47,d0
|
||||||
|
movl #100,a0
|
||||||
|
moveq #0,d1
|
||||||
|
movl 4(sp),a1
|
||||||
|
trap #9
|
||||||
|
bccs 1$
|
||||||
|
jmp cerror
|
||||||
|
1$:
|
||||||
|
clrl d0
|
||||||
|
rts
|
||||||
|
</pre><p>
|
||||||
|
after creating the above files you then assemble them using
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>as seteuid.s</tt></b>
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>as setegid.s</tt></b>
|
||||||
|
</pre><p>
|
||||||
|
that should produce the files <tt class="filename">seteuid.o</tt> and
|
||||||
|
<tt class="filename">setegid.o</tt>
|
||||||
|
</p><p>
|
||||||
|
then you need to add these to the LIBSM line in the DNIX section of
|
||||||
|
the Samba Makefile. Your LIBSM line will then look something like this:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
LIBSM = setegid.o seteuid.o -ln
|
||||||
|
</pre><p>
|
||||||
|
You should then remove the line:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
#define NO_EID
|
||||||
|
</pre><p>from the DNIX section of <tt class="filename">includes.h</tt></p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3016210"></a>RedHat Linux Rembrandt-II</h2></div></div><div></div></div><p>
|
||||||
|
By default RedHat Rembrandt-II during installation adds an
|
||||||
|
entry to <tt class="filename">/etc/hosts</tt> as follows:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
127.0.0.1 loopback "hostname"."domainname"
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
This causes Samba to loop back onto the loopback interface.
|
||||||
|
The result is that Samba fails to communicate correctly with
|
||||||
|
the world and therefor may fail to correctly negotiate who
|
||||||
|
is the master browse list holder and who is the master browser.
|
||||||
|
</p><p>
|
||||||
|
Corrective Action: Delete the entry after the word loopback
|
||||||
|
in the line starting 127.0.0.1
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3016254"></a>AIX</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3016261"></a>Sequential Read Ahead</h3></div></div><div></div></div><p>
|
||||||
|
Disabling Sequential Read Ahead using <b class="userinput"><tt>vmtune -r 0</tt></b> improves
|
||||||
|
Samba performance significantly.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3016287"></a>Solaris</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3016294"></a>Locking improvements</h3></div></div><div></div></div><p>Some people have been experiencing problems with F_SETLKW64/fcntl
|
||||||
|
when running Samba on Solaris. The built in file locking mechanism was
|
||||||
|
not scalable. Performance would degrade to the point where processes would
|
||||||
|
get into loops of trying to lock a file. It would try a lock, then fail,
|
||||||
|
then try again. The lock attempt was failing before the grant was
|
||||||
|
occurring. So the visible manifestation of this would be a handful of
|
||||||
|
processes stealing all of the CPU, and when they were trussed they would
|
||||||
|
be stuck if F_SETLKW64 loops.
|
||||||
|
</p><p>
|
||||||
|
Sun released patches for Solaris 2.6, 8, and 9. The patch for Solaris 7
|
||||||
|
has not been released yet.
|
||||||
|
</p><p>
|
||||||
|
The patch revision for 2.6 is 105181-34
|
||||||
|
for 8 is 108528-19 and for 9 is 112233-04
|
||||||
|
</p><p>
|
||||||
|
After the install of these patches it is recommended to reconfigure
|
||||||
|
and rebuild samba.
|
||||||
|
</p><p>Thanks to Joe Meslovich for reporting</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="winbind-solaris9"></a>Winbind on Solaris 9</h3></div></div><div></div></div><p>
|
||||||
|
Nsswitch on Solaris 9 refuses to use the winbind nss module. This behavior
|
||||||
|
is fixed by Sun in patch 113476-05 which as of March 2003 is not in any
|
||||||
|
roll-up packages.
|
||||||
|
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="compiling.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Appendixes.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Other-Clients.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 36. How to compile SAMBA </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 38. Samba and other CIFS clients</td></tr></table></div></body></html>
|
680
docs/htmldocs/ProfileMgmt.html
Normal file
680
docs/htmldocs/ProfileMgmt.html
Normal file
@ -0,0 +1,680 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 24. Desktop Profile Management</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="PolicyMgmt.html" title="Chapter 23. System and Account Policies"><link rel="next" href="pam.html" title="Chapter 25. PAM based Distributed Authentication"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 24. Desktop Profile Management</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="PolicyMgmt.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="pam.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ProfileMgmt"></a>Chapter 24. Desktop Profile Management</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">April 3 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="ProfileMgmt.html#id2988251">Features and Benefits</a></dt><dt><a href="ProfileMgmt.html#id2988285">Roaming Profiles</a></dt><dd><dl><dt><a href="ProfileMgmt.html#id2988326">Samba Configuration for Profile Handling</a></dt><dt><a href="ProfileMgmt.html#id2988731">Windows Client Profile Configuration Information</a></dt><dt><a href="ProfileMgmt.html#id2989902">Sharing Profiles between W9x/Me and NT4/200x/XP workstations</a></dt><dt><a href="ProfileMgmt.html#id2989967">Profile Migration from Windows NT4/200x Server to Samba</a></dt></dl></dd><dt><a href="ProfileMgmt.html#id2990232">Mandatory profiles</a></dt><dt><a href="ProfileMgmt.html#id2990290">Creating/Managing Group Profiles</a></dt><dt><a href="ProfileMgmt.html#id2990336">Default Profile for Windows Users</a></dt><dd><dl><dt><a href="ProfileMgmt.html#id2990356">MS Windows 9x/Me</a></dt><dt><a href="ProfileMgmt.html#id2990504">MS Windows NT4 Workstation</a></dt><dt><a href="ProfileMgmt.html#id2991058">MS Windows 200x/XP</a></dt></dl></dd><dt><a href="ProfileMgmt.html#id2991562">Common Errors</a></dt><dd><dl><dt><a href="ProfileMgmt.html#id2991575">How does one set up roaming profiles for just one (or a few) user/s or group/s?</a></dt><dt><a href="ProfileMgmt.html#id2991638">Can NOT use Roaming Profiles</a></dt><dt><a href="ProfileMgmt.html#id2991859">Changing the default profile</a></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2988251"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Roaming Profiles are feared by some, hated by a few, loved by many, and a Godsend for
|
||||||
|
some administrators.
|
||||||
|
</p><p>
|
||||||
|
Roaming Profiles allow an administrator to make available a consistent user desktop
|
||||||
|
as the user moves from one machine to another. This chapter provides much information
|
||||||
|
regarding how to configure and manage Roaming Profiles.
|
||||||
|
</p><p>
|
||||||
|
While Roaming Profiles might sound like nirvana to some, they are a real and tangible
|
||||||
|
problem to others. In particular, users of mobile computing tools, where often there may not
|
||||||
|
be a sustained network connection, are often better served by purely Local Profiles.
|
||||||
|
This chapter provides information to help the Samba administrator to deal with those
|
||||||
|
situations also.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2988285"></a>Roaming Profiles</h2></div></div><div></div></div><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
|
||||||
|
Roaming profiles support is different for Win9x / Me and Windows NT4/200x.
|
||||||
|
</p></div><p>
|
||||||
|
Before discussing how to configure roaming profiles, it is useful to see how
|
||||||
|
Windows 9x / Me and Windows NT4/200x clients implement these features.
|
||||||
|
</p><p>
|
||||||
|
Windows 9x / Me clients send a NetUserGetInfo request to the server to get the user's
|
||||||
|
profiles location. However, the response does not have room for a separate
|
||||||
|
profiles location field, only the user's home share. This means that Win9X/Me
|
||||||
|
profiles are restricted to being stored in the user's home directory.
|
||||||
|
</p><p>
|
||||||
|
Windows NT4/200x clients send a NetSAMLogon RPC request, which contains many fields,
|
||||||
|
including a separate field for the location of the user's profiles.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2988326"></a>Samba Configuration for Profile Handling</h3></div></div><div></div></div><p>
|
||||||
|
This section documents how to configure Samba for MS Windows client profile support.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2988340"></a>NT4/200x User Profiles</h4></div></div><div></div></div><p>
|
||||||
|
To support Windows NT4/200x clients, in the [global] section of smb.conf set the
|
||||||
|
following (for example):
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
This is typically implemented like:
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
logon path = \\%L\Profiles\%u
|
||||||
|
</pre><p>
|
||||||
|
where %L translates to the name of the Samba server and %u translates to the user name
|
||||||
|
</p><p>
|
||||||
|
The default for this option is <tt class="filename">\\%N\%U\profile</tt>,
|
||||||
|
namely <tt class="filename">\\sambaserver\username\profile</tt>.
|
||||||
|
The <tt class="filename">\\N%\%U</tt> service is created automatically by the [homes] service. If you are using
|
||||||
|
a samba server for the profiles, you _must_ make the share specified in the logon path
|
||||||
|
browseable. Please refer to the man page for <tt class="filename">smb.conf</tt> in respect of the different
|
||||||
|
semantics of %L and %N, as well as %U and %u.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
MS Windows NT/2K clients at times do not disconnect a connection to a server
|
||||||
|
between logons. It is recommended to NOT use the <i class="parameter"><tt>homes</tt></i>
|
||||||
|
meta-service name as part of the profile share path.
|
||||||
|
</p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2988432"></a>Windows 9x / Me User Profiles</h4></div></div><div></div></div><p>
|
||||||
|
To support Windows 9x / Me clients, you must use the <i class="parameter"><tt>logon home</tt></i> parameter. Samba has
|
||||||
|
now been fixed so that <b class="userinput"><tt>net use /home</tt></b> now works as well, and it, too, relies
|
||||||
|
on the <b class="command">logon home</b> parameter.
|
||||||
|
</p><p>
|
||||||
|
By using the logon home parameter, you are restricted to putting Win9x / Me
|
||||||
|
profiles in the user's home directory. But wait! There is a trick you
|
||||||
|
can use. If you set the following in the <i class="parameter"><tt>[global]</tt></i> section of your <tt class="filename">smb.conf</tt> file:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
logon home = \\%L\%U\.profiles
|
||||||
|
</pre><p>
|
||||||
|
then your Windows 9x / Me clients will dutifully put their clients in a subdirectory
|
||||||
|
of your home directory called <tt class="filename">.profiles</tt> (thus making them hidden).
|
||||||
|
</p><p>
|
||||||
|
Not only that, but <b class="userinput"><tt>net use /home</tt></b> will also work, because of a feature in
|
||||||
|
Windows 9x / Me. It removes any directory stuff off the end of the home directory area
|
||||||
|
and only uses the server and share portion. That is, it looks like you
|
||||||
|
specified <tt class="filename">\\%L\%U</tt> for <i class="parameter"><tt>logon home</tt></i>.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2988541"></a>Mixed Windows 9x / Me and Windows NT4/200x User Profiles</h4></div></div><div></div></div><p>
|
||||||
|
You can support profiles for both Win9X and WinNT clients by setting both the
|
||||||
|
<i class="parameter"><tt>logon home</tt></i> and <i class="parameter"><tt>logon path</tt></i> parameters. For example:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
logon home = \\%L\%u\.profiles
|
||||||
|
logon path = \\%L\profiles\%u
|
||||||
|
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2988580"></a>Disabling Roaming Profile Support</h4></div></div><div></div></div><p>
|
||||||
|
A question often asked is “<span class="quote">How may I enforce use of local profiles?</span>” or
|
||||||
|
“<span class="quote">How do I disable Roaming Profiles?</span>”
|
||||||
|
</p><p>
|
||||||
|
There are three ways of doing this:
|
||||||
|
</p><div class="variablelist"><dl><dt><span class="term">In <tt class="filename">smb.conf</tt></span></dt><dd><p>
|
||||||
|
Affect the following settings and ALL clients
|
||||||
|
will be forced to use a local profile:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
logon home =
|
||||||
|
logon path =
|
||||||
|
</pre><p>
|
||||||
|
</p></dd><dt><span class="term">MS Windows Registry:</span></dt><dd><p>
|
||||||
|
By using the Microsoft Management Console gpedit.msc to instruct your MS Windows XP machine to use only a local profile. This of course modifies registry settings. The full path to the option is:
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
Local Computer Policy\
|
||||||
|
Computer Configuration\
|
||||||
|
Administrative Templates\
|
||||||
|
System\
|
||||||
|
User Profiles\
|
||||||
|
|
||||||
|
Disable: Only Allow Local User Profiles
|
||||||
|
Disable: Prevent Roaming Profile Change from Propagating to the Server
|
||||||
|
</pre><p>
|
||||||
|
</p></dd><dt><span class="term">Change of Profile Type:</span></dt><dd><p>
|
||||||
|
From the start menu right click on the
|
||||||
|
My Computer icon, select <span class="guimenuitem">Properties</span>, click on the <span class="guilabel">User Profiles</span>
|
||||||
|
tab, select the profile you wish to change from Roaming type to Local, click <span class="guibutton">Change Type</span>.
|
||||||
|
</p></dd></dl></div><p>
|
||||||
|
Consult the MS Windows registry guide for your particular MS Windows version for more
|
||||||
|
information about which registry keys to change to enforce use of only local user
|
||||||
|
profiles.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
The specifics of how to convert a local profile to a roaming profile, or a roaming profile
|
||||||
|
to a local one vary according to the version of MS Windows you are running. Consult the
|
||||||
|
Microsoft MS Windows Resource Kit for your version of Windows for specific information.
|
||||||
|
</p></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2988731"></a>Windows Client Profile Configuration Information</h3></div></div><div></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2988739"></a>Windows 9x / Me Profile Setup</h4></div></div><div></div></div><p>
|
||||||
|
When a user first logs in on Windows 9X, the file user.DAT is created,
|
||||||
|
as are folders <tt class="filename">Start Menu</tt>, <tt class="filename">Desktop</tt>,
|
||||||
|
<tt class="filename">Programs</tt> and <tt class="filename">Nethood</tt>.
|
||||||
|
These directories and their contents will be merged with the local
|
||||||
|
versions stored in <tt class="filename">c:\windows\profiles\username</tt> on subsequent logins,
|
||||||
|
taking the most recent from each. You will need to use the <i class="parameter"><tt>[global]</tt></i>
|
||||||
|
options <i class="parameter"><tt>preserve case = yes</tt></i>, <i class="parameter"><tt>short preserve case = yes</tt></i> and
|
||||||
|
<i class="parameter"><tt>case sensitive = no</tt></i> in order to maintain capital letters in shortcuts
|
||||||
|
in any of the profile folders.
|
||||||
|
</p><p>
|
||||||
|
The user.DAT file contains all the user's preferences. If you wish to
|
||||||
|
enforce a set of preferences, rename their user.DAT file to user.MAN,
|
||||||
|
and deny them write access to this file.
|
||||||
|
</p><div class="orderedlist"><ol type="1"><li><p>
|
||||||
|
On the Windows 9x / Me machine, go to <span class="guimenu">Control Panel</span> -> <span class="guimenuitem">Passwords</span> and
|
||||||
|
select the <span class="guilabel">User Profiles</span> tab. Select the required level of
|
||||||
|
roaming preferences. Press <span class="guibutton">OK</span>, but do _not_ allow the computer
|
||||||
|
to reboot.
|
||||||
|
</p></li><li><p>
|
||||||
|
On the Windows 9x / Me machine, go to <span class="guimenu">Control Panel</span> -> <span class="guimenuitem">Network</span> ->
|
||||||
|
<span class="guimenuitem">Client for Microsoft Networks</span> -> <span class="guilabel">Preferences</span>. Select <span class="guilabel">Log on to
|
||||||
|
NT Domain</span>. Then, ensure that the Primary Logon is <span class="guilabel">Client for
|
||||||
|
Microsoft Networks</span>. Press <span class="guibutton">OK</span>, and this time allow the computer
|
||||||
|
to reboot.
|
||||||
|
</p></li></ol></div><p>
|
||||||
|
Under Windows 9x / Me Profiles are downloaded from the Primary Logon.
|
||||||
|
If you have the Primary Logon as 'Client for Novell Networks', then
|
||||||
|
the profiles and logon script will be downloaded from your Novell
|
||||||
|
Server. If you have the Primary Logon as 'Windows Logon', then the
|
||||||
|
profiles will be loaded from the local machine - a bit against the
|
||||||
|
concept of roaming profiles, it would seem!
|
||||||
|
</p><p>
|
||||||
|
You will now find that the Microsoft Networks Login box contains
|
||||||
|
[user, password, domain] instead of just [user, password]. Type in
|
||||||
|
the samba server's domain name (or any other domain known to exist,
|
||||||
|
but bear in mind that the user will be authenticated against this
|
||||||
|
domain and profiles downloaded from it, if that domain logon server
|
||||||
|
supports it), user name and user's password.
|
||||||
|
</p><p>
|
||||||
|
Once the user has been successfully validated, the Windows 9x / Me machine
|
||||||
|
will inform you that <tt class="computeroutput">The user has not logged on before' and asks you
|
||||||
|
if you wish to save the user's preferences?</tt> Select <span class="guibutton">yes</span>.
|
||||||
|
</p><p>
|
||||||
|
Once the Windows 9x / Me client comes up with the desktop, you should be able
|
||||||
|
to examine the contents of the directory specified in the <i class="parameter"><tt>logon path</tt></i>
|
||||||
|
on the samba server and verify that the <tt class="filename">Desktop</tt>, <tt class="filename">Start Menu</tt>,
|
||||||
|
<tt class="filename">Programs</tt> and <tt class="filename">Nethood</tt> folders have been created.
|
||||||
|
</p><p>
|
||||||
|
These folders will be cached locally on the client, and updated when
|
||||||
|
the user logs off (if you haven't made them read-only by then).
|
||||||
|
You will find that if the user creates further folders or short-cuts,
|
||||||
|
that the client will merge the profile contents downloaded with the
|
||||||
|
contents of the profile directory already on the local client, taking
|
||||||
|
the newest folders and short-cuts from each set.
|
||||||
|
</p><p>
|
||||||
|
If you have made the folders / files read-only on the samba server,
|
||||||
|
then you will get errors from the Windows 9x / Me machine on logon and logout, as
|
||||||
|
it attempts to merge the local and the remote profile. Basically, if
|
||||||
|
you have any errors reported by the Windows 9x / Me machine, check the Unix file
|
||||||
|
permissions and ownership rights on the profile directory contents,
|
||||||
|
on the samba server.
|
||||||
|
</p><p>
|
||||||
|
If you have problems creating user profiles, you can reset the user's
|
||||||
|
local desktop cache, as shown below. When this user then next logs in,
|
||||||
|
they will be told that they are logging in "for the first time".
|
||||||
|
</p><div class="orderedlist"><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
|
||||||
|
Before deleting the contents of the
|
||||||
|
directory listed in the ProfilePath (this is likely to be
|
||||||
|
<tt class="filename">c:\windows\profiles\username)</tt>, ask them if they
|
||||||
|
have any important files stored on their desktop or in their start menu.
|
||||||
|
Delete the contents of the directory ProfilePath (making a backup if any
|
||||||
|
of the files are needed).
|
||||||
|
</p><p>
|
||||||
|
This will have the effect of removing the local (read-only hidden
|
||||||
|
system file) user.DAT in their profile directory, as well as the
|
||||||
|
local "desktop", "nethood", "start menu" and "programs" folders.
|
||||||
|
</p></div><ol type="1"><li><p>
|
||||||
|
instead of logging in under the [user, password, domain] dialog,
|
||||||
|
press <span class="guibutton">escape</span>.
|
||||||
|
</p></li><li><p>
|
||||||
|
run the <b class="command">regedit.exe</b> program, and look in:
|
||||||
|
</p><p>
|
||||||
|
<tt class="filename">HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList</tt>
|
||||||
|
</p><p>
|
||||||
|
you will find an entry, for each user, of ProfilePath. Note the
|
||||||
|
contents of this key (likely to be <tt class="filename">c:\windows\profiles\username</tt>),
|
||||||
|
then delete the key ProfilePath for the required user.
|
||||||
|
</p><p>[Exit the registry editor].</p></li><li><p>
|
||||||
|
search for the user's .PWL password-caching file in the <tt class="filename">c:\windows</tt>
|
||||||
|
directory, and delete it.
|
||||||
|
</p></li><li><p>
|
||||||
|
log off the windows 9x / Me client.
|
||||||
|
</p></li><li><p>
|
||||||
|
check the contents of the profile path (see <i class="parameter"><tt>logon path</tt></i> described
|
||||||
|
above), and delete the <tt class="filename">user.DAT</tt> or <tt class="filename">user.MAN</tt> file for the user,
|
||||||
|
making a backup if required.
|
||||||
|
</p></li></ol></div><p>
|
||||||
|
If all else fails, increase samba's debug log levels to between 3 and 10,
|
||||||
|
and / or run a packet trace program such as ethereal or <b class="command">netmon.exe</b>, and
|
||||||
|
look for error messages.
|
||||||
|
</p><p>
|
||||||
|
If you have access to an Windows NT4/200x server, then first set up roaming profiles
|
||||||
|
and / or netlogons on the Windows NT4/200x server. Make a packet trace, or examine
|
||||||
|
the example packet traces provided with Windows NT4/200x server, and see what the
|
||||||
|
differences are with the equivalent samba trace.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2989233"></a>Windows NT4 Workstation</h4></div></div><div></div></div><p>
|
||||||
|
When a user first logs in to a Windows NT Workstation, the profile
|
||||||
|
NTuser.DAT is created. The profile location can be now specified
|
||||||
|
through the <i class="parameter"><tt>logon path</tt></i> parameter.
|
||||||
|
</p><p>
|
||||||
|
There is a parameter that is now available for use with NT Profiles:
|
||||||
|
<i class="parameter"><tt>logon drive</tt></i>. This should be set to <tt class="filename">H:</tt> or any other drive, and
|
||||||
|
should be used in conjunction with the new "logon home" parameter.
|
||||||
|
</p><p>
|
||||||
|
The entry for the NT4 profile is a _directory_ not a file. The NT
|
||||||
|
help on profiles mentions that a directory is also created with a .PDS
|
||||||
|
extension. The user, while logging in, must have write permission to
|
||||||
|
create the full profile path (and the folder with the .PDS extension
|
||||||
|
for those situations where it might be created.)
|
||||||
|
</p><p>
|
||||||
|
In the profile directory, Windows NT4 creates more folders than Windows 9x / Me.
|
||||||
|
It creates <tt class="filename">Application Data</tt> and others, as well as <tt class="filename">Desktop</tt>, <tt class="filename">Nethood</tt>,
|
||||||
|
<tt class="filename">Start Menu</tt> and <tt class="filename">Programs</tt>. The profile itself is stored in a file
|
||||||
|
<tt class="filename">NTuser.DAT</tt>. Nothing appears to be stored in the .PDS directory, and
|
||||||
|
its purpose is currently unknown.
|
||||||
|
</p><p>
|
||||||
|
You can use the <span class="application">System Control Panel</span> to copy a local profile onto
|
||||||
|
a samba server (see NT Help on profiles: it is also capable of firing
|
||||||
|
up the correct location in the <span class="application">System Control Panel</span> for you). The
|
||||||
|
NT Help file also mentions that renaming <tt class="filename">NTuser.DAT</tt> to <tt class="filename">NTuser.MAN</tt>
|
||||||
|
turns a profile into a mandatory one.
|
||||||
|
</p><p>
|
||||||
|
The case of the profile is significant. The file must be called
|
||||||
|
<tt class="filename">NTuser.DAT</tt> or, for a mandatory profile, <tt class="filename">NTuser.MAN</tt>.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2989391"></a>Windows 2000/XP Professional</h4></div></div><div></div></div><p>
|
||||||
|
You must first convert the profile from a local profile to a domain
|
||||||
|
profile on the MS Windows workstation as follows:
|
||||||
|
</p><div class="procedure"><ol type="1"><li><p>
|
||||||
|
Log on as the <span class="emphasis"><em>LOCAL</em></span> workstation administrator.
|
||||||
|
</p></li><li><p>
|
||||||
|
Right click on the <span class="guiicon">My Computer</span> Icon, select <span class="guimenuitem">Properties</span>
|
||||||
|
</p></li><li><p>
|
||||||
|
Click on the <span class="guilabel">User Profiles</span> tab
|
||||||
|
</p></li><li><p>
|
||||||
|
Select the profile you wish to convert (click on it once)
|
||||||
|
</p></li><li><p>
|
||||||
|
Click on the button <span class="guibutton">Copy To</span>
|
||||||
|
</p></li><li><p>
|
||||||
|
In the <span class="guilabel">Permitted to use</span> box, click on the <span class="guibutton">Change</span> button.
|
||||||
|
</p></li><li><p>
|
||||||
|
Click on the 'Look in" area that lists the machine name, when you click
|
||||||
|
here it will open up a selection box. Click on the domain to which the
|
||||||
|
profile must be accessible.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You will need to log on if a logon box opens up. Eg: In the connect
|
||||||
|
as: <i class="replaceable"><tt>MIDEARTH</tt></i>\root, password: <i class="replaceable"><tt>mypassword</tt></i>.</p></div></li><li><p>
|
||||||
|
To make the profile capable of being used by anyone select 'Everyone'
|
||||||
|
</p></li><li><p>
|
||||||
|
Click <span class="guibutton">OK</span>. The Selection box will close.
|
||||||
|
</p></li><li><p>
|
||||||
|
Now click on the <span class="guibutton">Ok</span> button to create the profile in the path you
|
||||||
|
nominated.
|
||||||
|
</p></li></ol></div><p>
|
||||||
|
Done. You now have a profile that can be edited using the samba-3.0.0
|
||||||
|
<b class="command">profiles</b> tool.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
Under NT/2K the use of mandatory profiles forces the use of MS Exchange
|
||||||
|
storage of mail data. That keeps desktop profiles usable.
|
||||||
|
</p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><div class="procedure"><ol type="1"><li><p>
|
||||||
|
This is a security check new to Windows XP (or maybe only
|
||||||
|
Windows XP service pack 1). It can be disabled via a group policy in
|
||||||
|
Active Directory. The policy is:</p><p><tt class="filename">Computer Configuration\Administrative Templates\System\User
|
||||||
|
Profiles\Do not check for user ownership of Roaming Profile Folders</tt></p><p>...and it should be set to <tt class="constant">Enabled</tt>.
|
||||||
|
Does the new version of samba have an Active Directory analogue? If so,
|
||||||
|
then you may be able to set the policy through this.
|
||||||
|
</p><p>
|
||||||
|
If you cannot set group policies in samba, then you may be able to set
|
||||||
|
the policy locally on each machine. If you want to try this, then do
|
||||||
|
the following (N.B. I don't know for sure that this will work in the
|
||||||
|
same way as a domain group policy):
|
||||||
|
</p></li><li><p>
|
||||||
|
On the XP workstation log in with an Administrator account.
|
||||||
|
</p></li><li><p>Click: <span class="guimenu">Start</span>, <span class="guimenuitem">Run</span></p></li><li><p>Type: <b class="userinput"><tt>mmc</tt></b></p></li><li><p>Click: <span class="guibutton">OK</span></p></li><li><p>A Microsoft Management Console should appear.</p></li><li><p>Click: <span class="guimenu">File</span>, <span class="guimenuitem">Add/Remove Snap-in...</span>, <span class="guimenuitem">Add</span></p></li><li><p>Double-Click: <span class="guiicon">Group Policy</span></p></li><li><p>Click: <span class="guibutton">Finish</span>, <span class="guibutton">Close</span></p></li><li><p>Click: <span class="guibutton">OK</span></p></li><li><p>In the "Console Root" window:</p></li><li><p>Expand: <span class="guiicon">Local Computer Policy</span>, <span class="guiicon">Computer Configuration</span>,
|
||||||
|
<span class="guiicon">Administrative Templates</span>, <span class="guiicon">System</span>, <span class="guiicon">User Profiles</span></p></li><li><p>Double-Click: <span class="guilabel">Do not check for user ownership of Roaming Profile Folders</span></p></li><li><p>Select: <span class="guilabel">Enabled</span></p></li><li><p>Click: <span class="guibutton">OK</span></p></li><li><p>Close the whole console. You do not need to save the settings (this
|
||||||
|
refers to the console settings rather than the policies you have
|
||||||
|
changed).</p></li><li><p>Reboot</p></li></ol></div></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2989902"></a>Sharing Profiles between W9x/Me and NT4/200x/XP workstations</h3></div></div><div></div></div><p>
|
||||||
|
Sharing of desktop profiles between Windows versions is NOT recommended.
|
||||||
|
Desktop profiles are an evolving phenomenon and profiles for later versions
|
||||||
|
of MS Windows clients add features that may interfere with earlier versions
|
||||||
|
of MS Windows clients. Probably the more salient reason to NOT mix profiles
|
||||||
|
is that when logging off an earlier version of MS Windows the older format
|
||||||
|
of profile contents may overwrite information that belongs to the newer
|
||||||
|
version resulting in loss of profile information content when that user logs
|
||||||
|
on again with the newer version of MS Windows.
|
||||||
|
</p><p>
|
||||||
|
If you then want to share the same Start Menu / Desktop with W9x/Me, you will
|
||||||
|
need to specify a common location for the profiles. The smb.conf parameters
|
||||||
|
that need to be common are <i class="parameter"><tt>logon path</tt></i> and
|
||||||
|
<i class="parameter"><tt>logon home</tt></i>.
|
||||||
|
</p><p>
|
||||||
|
If you have this set up correctly, you will find separate <tt class="filename">user.DAT</tt> and
|
||||||
|
<tt class="filename">NTuser.DAT</tt> files in the same profile directory.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2989967"></a>Profile Migration from Windows NT4/200x Server to Samba</h3></div></div><div></div></div><p>
|
||||||
|
There is nothing to stop you specifying any path that you like for the
|
||||||
|
location of users' profiles. Therefore, you could specify that the
|
||||||
|
profile be stored on a samba server, or any other SMB server, as long as
|
||||||
|
that SMB server supports encrypted passwords.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2989984"></a>Windows NT4 Profile Management Tools</h4></div></div><div></div></div><p>
|
||||||
|
Unfortunately, the Resource Kit information is specific to the version of MS Windows
|
||||||
|
NT4/200x. The correct resource kit is required for each platform.
|
||||||
|
</p><p>
|
||||||
|
Here is a quick guide:
|
||||||
|
</p><div class="procedure"><ol type="1"><li><p>
|
||||||
|
On your NT4 Domain Controller, right click on <span class="guiicon">My Computer</span>, then
|
||||||
|
select the tab labelled <span class="guilabel">User Profiles</span>.
|
||||||
|
</p></li><li><p>
|
||||||
|
Select a user profile you want to migrate and click on it.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>I am using the term "migrate" loosely. You can copy a profile to
|
||||||
|
create a group profile. You can give the user 'Everyone' rights to the
|
||||||
|
profile you copy this to. That is what you need to do, since your samba
|
||||||
|
domain is not a member of a trust relationship with your NT4 PDC.</p></div></li><li><p>Click the <span class="guibutton">Copy To</span> button.</p></li><li><p>In the box labelled <span class="guilabel">Copy Profile to</span> add your new path, eg:
|
||||||
|
<tt class="filename">c:\temp\foobar</tt></p></li><li><p>Click on the button <span class="guibutton">Change</span> in the <span class="guilabel">Permitted to use</span> box.</p></li><li><p>Click on the group 'Everyone' and then click <span class="guibutton">OK</span>. This closes the
|
||||||
|
'choose user' box.</p></li><li><p>Now click <span class="guibutton">OK</span>.</p></li></ol></div><p>
|
||||||
|
Follow the above for every profile you need to migrate.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2990153"></a>Side bar Notes</h4></div></div><div></div></div><p>
|
||||||
|
You should obtain the SID of your NT4 domain. You can use smbpasswd to do
|
||||||
|
this. Read the man page.</p><p>
|
||||||
|
With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
|
||||||
|
using the net samsync method. This way you can retain your profile
|
||||||
|
settings as well as all your users.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2990175"></a>moveuser.exe</h4></div></div><div></div></div><p>
|
||||||
|
The W2K professional resource kit has moveuser.exe. moveuser.exe changes
|
||||||
|
the security of a profile from one user to another. This allows the account
|
||||||
|
domain to change, and/or the user name to change.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2990191"></a>Get SID</h4></div></div><div></div></div><p>
|
||||||
|
You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
|
||||||
|
Resource Kit.
|
||||||
|
</p><p>
|
||||||
|
Windows NT 4.0 stores the local profile information in the registry under
|
||||||
|
the following key:
|
||||||
|
<tt class="filename">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</tt>
|
||||||
|
</p><p>
|
||||||
|
Under the ProfileList key, there will be subkeys named with the SIDs of the
|
||||||
|
users who have logged on to this computer. (To find the profile information
|
||||||
|
for the user whose locally cached profile you want to move, find the SID for
|
||||||
|
the user with the GetSID.exe utility.) Inside of the appropriate user's
|
||||||
|
subkey, you will see a string value named ProfileImagePath.
|
||||||
|
</p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2990232"></a>Mandatory profiles</h2></div></div><div></div></div><p>
|
||||||
|
A Mandatory Profile is a profile that the user does NOT have the ability to overwrite.
|
||||||
|
During the user's session it may be possible to change the desktop environment, but
|
||||||
|
as the user logs out all changes made will be lost. If it is desired to NOT allow the
|
||||||
|
user any ability to change the desktop environment then this must be done through
|
||||||
|
policy settings. See previous chapter.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
Under NO circumstances should the profile directory (or it's contents) be made read-only
|
||||||
|
as this may render the profile un-usable.
|
||||||
|
</p></div><p>
|
||||||
|
For MS Windows NT4/200x/XP the above method can be used to create mandatory profiles
|
||||||
|
also. To convert a group profile into a mandatory profile simply locate the NTUser.DAT
|
||||||
|
file in the copied profile and rename it to NTUser.MAN.
|
||||||
|
</p><p>
|
||||||
|
For MS Windows 9x / Me it is the <tt class="filename">User.DAT</tt> file that must be renamed to <tt class="filename">User.MAN</tt> to
|
||||||
|
affect a mandatory profile.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2990290"></a>Creating/Managing Group Profiles</h2></div></div><div></div></div><p>
|
||||||
|
Most organisations are arranged into departments. There is a nice benefit in
|
||||||
|
this fact since usually most users in a department will require the same desktop
|
||||||
|
applications and the same desktop layout. MS Windows NT4/200x/XP will allow the
|
||||||
|
use of Group Profiles. A Group Profile is a profile that is created firstly using
|
||||||
|
a template (example) user. Then using the profile migration tool (see above) the
|
||||||
|
profile is assigned access rights for the user group that needs to be given access
|
||||||
|
to the group profile.
|
||||||
|
</p><p>
|
||||||
|
The next step is rather important. <span class="emphasis"><em>Please note:</em></span> Instead of assigning a group profile
|
||||||
|
to users (ie: Using User Manager) on a "per user" basis, the group itself is assigned
|
||||||
|
the now modified profile.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
Be careful with group profiles, if the user who is a member of a group also
|
||||||
|
has a personal profile, then the result will be a fusion (merge) of the two.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2990336"></a>Default Profile for Windows Users</h2></div></div><div></div></div><p>
|
||||||
|
MS Windows 9x / Me and NT4/200x/XP will use a default profile for any user for whom
|
||||||
|
a profile does not already exist. Armed with a knowledge of where the default profile
|
||||||
|
is located on the Windows workstation, and knowing which registry keys affect the path
|
||||||
|
from which the default profile is created, it is possible to modify the default profile
|
||||||
|
to one that has been optimised for the site. This has significant administrative
|
||||||
|
advantages.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2990356"></a>MS Windows 9x/Me</h3></div></div><div></div></div><p>
|
||||||
|
To enable default per use profiles in Windows 9x / Me you can either use the <span class="application">Windows 98 System
|
||||||
|
Policy Editor</span> or change the registry directly.
|
||||||
|
</p><p>
|
||||||
|
To enable default per user profiles in Windows 9x / Me, launch the <span class="application">System Policy Editor</span>, then
|
||||||
|
select <span class="guimenu">File</span> -> <span class="guimenuitem">Open Registry</span>, then click on the
|
||||||
|
<span class="guiicon">Local Computer</span> icon, click on <span class="guilabel">Windows 98 System</span>,
|
||||||
|
select <span class="guilabel">User Profiles</span>, click on the enable box. Do not forget to save the registry changes.
|
||||||
|
</p><p>
|
||||||
|
To modify the registry directly, launch the <span class="application">Registry Editor</span> (<b class="command">regedit.exe</b>), select the hive
|
||||||
|
<tt class="filename">HKEY_LOCAL_MACHINE\Network\Logon</tt>. Now add a DWORD type key with the name
|
||||||
|
"User Profiles", to enable user profiles set the value to 1, to disable user profiles set it to 0.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2990454"></a>How User Profiles Are Handled in Windows 9x / Me?</h4></div></div><div></div></div><p>
|
||||||
|
When a user logs on to a Windows 9x / Me machine, the local profile path,
|
||||||
|
<tt class="filename">HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProfileList</tt>, is checked
|
||||||
|
for an existing entry for that user:
|
||||||
|
</p><p>
|
||||||
|
If the user has an entry in this registry location, Windows 9x / Me checks for a locally cached
|
||||||
|
version of the user profile. Windows 9x / Me also checks the user's home directory (or other
|
||||||
|
specified directory if the location has been modified) on the server for the User Profile.
|
||||||
|
If a profile exists in both locations, the newer of the two is used. If the User Profile exists
|
||||||
|
on the server, but does not exist on the local machine, the profile on the server is downloaded
|
||||||
|
and used. If the User Profile only exists on the local machine, that copy is used.
|
||||||
|
</p><p>
|
||||||
|
If a User Profile is not found in either location, the Default User Profile from the Windows 9x / Me
|
||||||
|
machine is used and is copied to a newly created folder for the logged on user. At log off, any
|
||||||
|
changes that the user made are written to the user's local profile. If the user has a roaming
|
||||||
|
profile, the changes are written to the user's profile on the server.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2990504"></a>MS Windows NT4 Workstation</h3></div></div><div></div></div><p>
|
||||||
|
On MS Windows NT4 the default user profile is obtained from the location
|
||||||
|
<tt class="filename">%SystemRoot%\Profiles</tt> which in a default installation will translate to
|
||||||
|
<tt class="filename">C:\WinNT\Profiles</tt>. Under this directory on a clean install there will be
|
||||||
|
three (3) directories: <tt class="filename">Administrator</tt>, <tt class="filename">All Users</tt>, <tt class="filename">Default User</tt>.
|
||||||
|
</p><p>
|
||||||
|
The <tt class="filename">All Users</tt> directory contains menu settings that are common across all
|
||||||
|
system users. The <tt class="filename">Default User</tt> directory contains menu entries that are
|
||||||
|
customisable per user depending on the profile settings chosen/created.
|
||||||
|
</p><p>
|
||||||
|
When a new user first logs onto an MS Windows NT4 machine a new profile is created from:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>All Users settings</td></tr><tr><td>Default User settings (contains the default NTUser.DAT file)</td></tr></table><p>
|
||||||
|
When a user logs onto an MS Windows NT4 machine that is a member of a Microsoft security domain
|
||||||
|
the following steps are followed in respect of profile handling:
|
||||||
|
</p><div class="procedure"><ol type="1"><li><p>
|
||||||
|
The users' account information which is obtained during the logon process contains
|
||||||
|
the location of the users' desktop profile. The profile path may be local to the
|
||||||
|
machine or it may be located on a network share. If there exists a profile at the location
|
||||||
|
of the path from the user account, then this profile is copied to the location
|
||||||
|
<tt class="filename">%SystemRoot%\Profiles\%USERNAME%</tt>. This profile then inherits the
|
||||||
|
settings in the <tt class="filename">All Users</tt> profile in the <tt class="filename">%SystemRoot%\Profiles</tt>
|
||||||
|
location.
|
||||||
|
</p></li><li><p>
|
||||||
|
If the user account has a profile path, but at it's location a profile does not exist,
|
||||||
|
then a new profile is created in the <tt class="filename">%SystemRoot%\Profiles\%USERNAME%</tt>
|
||||||
|
directory from reading the <tt class="filename">Default User</tt> profile.
|
||||||
|
</p></li><li><p>
|
||||||
|
If the NETLOGON share on the authenticating server (logon server) contains a policy file
|
||||||
|
(<tt class="filename">NTConfig.POL</tt>) then it's contents are applied to the <tt class="filename">NTUser.DAT</tt>
|
||||||
|
which is applied to the <tt class="filename">HKEY_CURRENT_USER</tt> part of the registry.
|
||||||
|
</p></li><li><p>
|
||||||
|
When the user logs out, if the profile is set to be a roaming profile it will be written
|
||||||
|
out to the location of the profile. The <tt class="filename">NTuser.DAT</tt> file is then
|
||||||
|
re-created from the contents of the <tt class="filename">HKEY_CURRENT_USER</tt> contents.
|
||||||
|
Thus, should there not exist in the NETLOGON share an <tt class="filename">NTConfig.POL</tt> at the
|
||||||
|
next logon, the effect of the previous <tt class="filename">NTConfig.POL</tt> will still be held
|
||||||
|
in the profile. The effect of this is known as <span class="emphasis"><em>tatooing</em></span>.
|
||||||
|
</p></li></ol></div><p>
|
||||||
|
MS Windows NT4 profiles may be <span class="emphasis"><em>Local</em></span> or <span class="emphasis"><em>Roaming</em></span>. A Local profile
|
||||||
|
will stored in the <tt class="filename">%SystemRoot%\Profiles\%USERNAME%</tt> location. A roaming profile will
|
||||||
|
also remain stored in the same way, unless the following registry key is created:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon\
|
||||||
|
"DeleteRoamingCache"=dword:00000001
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
In which case, the local copy (in <tt class="filename">%SystemRoot%\Profiles\%USERNAME%</tt>) will be
|
||||||
|
deleted on logout.
|
||||||
|
</p><p>
|
||||||
|
Under MS Windows NT4 default locations for common resources (like <tt class="filename">My Documents</tt>
|
||||||
|
may be redirected to a network share by modifying the following registry keys. These changes may be affected
|
||||||
|
via use of the System Policy Editor (to do so may require that you create your owns template extension
|
||||||
|
for the policy editor to allow this to be done through the GUI. Another way to do this is by way of first
|
||||||
|
creating a default user profile, then while logged in as that user, run regedt32 to edit the key settings.
|
||||||
|
</p><p>
|
||||||
|
The Registry Hive key that affects the behaviour of folders that are part of the default user profile
|
||||||
|
are controlled by entries on Windows NT4 is:
|
||||||
|
</p><p>
|
||||||
|
<tt class="filename">HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\</tt>
|
||||||
|
</p><p>
|
||||||
|
The above hive key contains a list of automatically managed folders. The default entries are:
|
||||||
|
</p><p>
|
||||||
|
</p><div class="table"><a name="id2990854"></a><p class="title"><b>Table 24.1. User Shell Folder registry keys default values</b></p><table summary="User Shell Folder registry keys default values" border="1"><colgroup><col><col></colgroup><thead><tr><th>Name</th><th>Default Value</th></tr></thead><tbody><tr><td>AppData</td><td>%USERPROFILE%\Application Data</td></tr><tr><td>Desktop</td><td>%USERPROFILE%\Desktop</td></tr><tr><td>Favorites</td><td>%USERPROFILE%\Favorites</td></tr><tr><td>NetHood</td><td>%USERPROFILE%\NetHood</td></tr><tr><td>PrintHood</td><td>%USERPROFILE%\PrintHood</td></tr><tr><td>Programs</td><td>%USERPROFILE%\Start Menu\Programs</td></tr><tr><td>Recent</td><td>%USERPROFILE%\Recent</td></tr><tr><td>SendTo</td><td>%USERPROFILE%\SendTo</td></tr><tr><td>Start Menu </td><td>%USERPROFILE%\Start Menu</td></tr><tr><td>Startup</td><td>%USERPROFILE%\Start Menu\Programs\Startup</td></tr></tbody></table></div><p>
|
||||||
|
</p><p>
|
||||||
|
The registry key that contains the location of the default profile settings is:
|
||||||
|
</p><p>
|
||||||
|
<tt class="filename">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders</tt>
|
||||||
|
</p><p>
|
||||||
|
The default entries are:
|
||||||
|
|
||||||
|
</p><div class="table"><a name="id2990998"></a><p class="title"><b>Table 24.2. Defaults of profile settings registry keys</b></p><table summary="Defaults of profile settings registry keys" border="1"><colgroup><col><col></colgroup><tbody><tr><td>Common Desktop</td><td>%SystemRoot%\Profiles\All Users\Desktop</td></tr><tr><td>Common Programs</td><td>%SystemRoot%\Profiles\All Users\Programs</td></tr><tr><td>Common Start Menu</td><td>%SystemRoot%\Profiles\All Users\Start Menu</td></tr><tr><td>Common Startup</td><td>%SystemRoot%\Profiles\All Users\Start Menu\Programs\Startup</td></tr></tbody></table></div><p>
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2991058"></a>MS Windows 200x/XP</h3></div></div><div></div></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
MS Windows XP Home Edition does use default per user profiles, but can not participate
|
||||||
|
in domain security, can not log onto an NT/ADS style domain, and thus can obtain the profile
|
||||||
|
only from itself. While there are benefits in doing this the beauty of those MS Windows
|
||||||
|
clients that CAN participate in domain logon processes allows the administrator to create
|
||||||
|
a global default profile and to enforce it through the use of Group Policy Objects (GPOs).
|
||||||
|
</p></div><p>
|
||||||
|
When a new user first logs onto MS Windows 200x/XP machine the default profile is obtained from
|
||||||
|
<tt class="filename">C:\Documents and Settings\Default User</tt>. The administrator can modify (or change
|
||||||
|
the contents of this location and MS Windows 200x/XP will gladly use it. This is far from the optimum
|
||||||
|
arrangement since it will involve copying a new default profile to every MS Windows 200x/XP client
|
||||||
|
workstation.
|
||||||
|
</p><p>
|
||||||
|
When MS Windows 200x/XP participate in a domain security context, and if the default user
|
||||||
|
profile is not found, then the client will search for a default profile in the NETLOGON share
|
||||||
|
of the authenticating server. ie: In MS Windows parlance:
|
||||||
|
<tt class="filename">%LOGONSERVER%\NETLOGON\Default User</tt> and if one exits there it will copy this
|
||||||
|
to the workstation to the <tt class="filename">C:\Documents and Settings\</tt> under the Windows
|
||||||
|
login name of the user.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
This path translates, in Samba parlance, to the <tt class="filename">smb.conf</tt> <i class="parameter"><tt>[NETLOGON]</tt></i> share. The directory
|
||||||
|
should be created at the root of this share and must be called <tt class="filename">Default Profile</tt>.
|
||||||
|
</p></div><p>
|
||||||
|
If a default profile does not exist in this location then MS Windows 200x/XP will use the local
|
||||||
|
default profile.
|
||||||
|
</p><p>
|
||||||
|
On logging out, the users' desktop profile will be stored to the location specified in the registry
|
||||||
|
settings that pertain to the user. If no specific policies have been created, or passed to the client
|
||||||
|
during the login process (as Samba does automatically), then the user's profile will be written to
|
||||||
|
the local machine only under the path <tt class="filename">C:\Documents and Settings\%USERNAME%</tt>.
|
||||||
|
</p><p>
|
||||||
|
Those wishing to modify the default behaviour can do so through three methods:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
Modify the registry keys on the local machine manually and place the new default profile in the
|
||||||
|
NETLOGON share root - NOT recommended as it is maintenance intensive.
|
||||||
|
</p></li><li><p>
|
||||||
|
Create an NT4 style NTConfig.POL file that specified this behaviour and locate this file
|
||||||
|
in the root of the NETLOGON share along with the new default profile.
|
||||||
|
</p></li><li><p>
|
||||||
|
Create a GPO that enforces this through Active Directory, and place the new default profile
|
||||||
|
in the NETLOGON share.
|
||||||
|
</p></li></ul></div><p>
|
||||||
|
The Registry Hive key that affects the behaviour of folders that are part of the default user profile
|
||||||
|
are controlled by entries on Windows 200x/XP is:
|
||||||
|
</p><p>
|
||||||
|
<tt class="filename">HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\</tt>
|
||||||
|
</p><p>
|
||||||
|
The above hive key contains a list of automatically managed folders. The default entries are:
|
||||||
|
</p><p>
|
||||||
|
</p><div class="table"><a name="id2991253"></a><p class="title"><b>Table 24.3. Defaults of default user profile paths registry keys</b></p><table summary="Defaults of default user profile paths registry keys" border="1"><colgroup><col><col></colgroup><thead><tr><th>Name</th><th>Default Value</th></tr></thead><tbody><tr><td>AppData</td><td>%USERPROFILE%\Application Data</td></tr><tr><td>Cache</td><td>%USERPROFILE%\Local Settings\Temporary Internet Files</td></tr><tr><td>Cookies</td><td>%USERPROFILE%\Cookies</td></tr><tr><td>Desktop</td><td>%USERPROFILE%\Desktop</td></tr><tr><td>Favorites</td><td>%USERPROFILE%\Favorites</td></tr><tr><td>History</td><td>%USERPROFILE%\Local Settings\History</td></tr><tr><td>Local AppData</td><td>%USERPROFILE%\Local Settings\Application Data</td></tr><tr><td>Local Settings</td><td>%USERPROFILE%\Local Settings</td></tr><tr><td>My Pictures</td><td>%USERPROFILE%\My Documents\My Pictures</td></tr><tr><td>NetHood</td><td>%USERPROFILE%\NetHood</td></tr><tr><td>Personal</td><td>%USERPROFILE%\My Documents</td></tr><tr><td>PrintHood</td><td>%USERPROFILE%\PrintHood</td></tr><tr><td>Programs</td><td>%USERPROFILE%\Start Menu\Programs</td></tr><tr><td>Recent</td><td>%USERPROFILE%\Recent</td></tr><tr><td>SendTo</td><td>%USERPROFILE%\SendTo</td></tr><tr><td>Start Menu</td><td>%USERPROFILE%\Start Menu</td></tr><tr><td>Startup</td><td>%USERPROFILE%\Start Menu\Programs\Startup</td></tr><tr><td>Templates</td><td>%USERPROFILE%\Templates</td></tr></tbody></table></div><p>
|
||||||
|
</p><p>
|
||||||
|
There is also an entry called "Default" that has no value set. The default entry is of type <tt class="constant">REG_SZ</tt>, all
|
||||||
|
the others are of type <tt class="constant">REG_EXPAND_SZ</tt>.
|
||||||
|
</p><p>
|
||||||
|
It makes a huge difference to the speed of handling roaming user profiles if all the folders are
|
||||||
|
stored on a dedicated location on a network server. This means that it will NOT be necessary to
|
||||||
|
write the Outlook PST file over the network for every login and logout.
|
||||||
|
</p><p>
|
||||||
|
To set this to a network location you could use the following examples:
|
||||||
|
</p><p><tt class="filename">%LOGONSERVER%\%USERNAME%\Default Folders</tt></p><p>
|
||||||
|
This would store the folders in the user's home directory under a directory called <tt class="filename">Default Folders</tt>
|
||||||
|
You could also use:
|
||||||
|
</p><p><tt class="filename">\\<i class="replaceable"><tt>SambaServer</tt></i>\<i class="replaceable"><tt>FolderShare</tt></i>\%USERNAME%</tt></p><p>
|
||||||
|
in which case the default folders will be stored in the server named <i class="replaceable"><tt>SambaServer</tt></i>
|
||||||
|
in the share called <i class="replaceable"><tt>FolderShare</tt></i> under a directory that has the name of the MS Windows
|
||||||
|
user as seen by the Linux/Unix file system.
|
||||||
|
</p><p>
|
||||||
|
Please note that once you have created a default profile share, you MUST migrate a user's profile
|
||||||
|
(default or custom) to it.
|
||||||
|
</p><p>
|
||||||
|
MS Windows 200x/XP profiles may be <span class="emphasis"><em>Local</em></span> or <span class="emphasis"><em>Roaming</em></span>.
|
||||||
|
A roaming profile will be cached locally unless the following registry key is created:
|
||||||
|
</p><p><tt class="filename">HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon\"DeleteRoamingCache"=dword:00000001</tt></p><p>
|
||||||
|
In which case, the local cache copy will be deleted on logout.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2991562"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
The following are some typical errors/problems/questions that have been asked.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2991575"></a>How does one set up roaming profiles for just one (or a few) user/s or group/s?</h3></div></div><div></div></div><p>
|
||||||
|
With samba-2.2.x the choice you have is to enable or disable roaming
|
||||||
|
profiles support. It is a global only setting. The default is to have
|
||||||
|
roaming profiles and the default path will locate them in the user's home
|
||||||
|
directory.
|
||||||
|
</p><p>
|
||||||
|
If disabled globally then no-one will have roaming profile ability.
|
||||||
|
If enabled and you want it to apply only to certain machines, then on
|
||||||
|
those machines on which roaming profile support is NOT wanted it is then
|
||||||
|
necessary to disable roaming profile handling in the registry of each such
|
||||||
|
machine.
|
||||||
|
</p><p>
|
||||||
|
With samba-3.0.0 (soon to be released) you can have a global profile
|
||||||
|
setting in smb.conf _AND_ you can over-ride this by per-user settings
|
||||||
|
using the Domain User Manager (as with MS Windows NT4/ Win 2Kx).
|
||||||
|
</p><p>
|
||||||
|
In any case, you can configure only one profile per user. That profile can
|
||||||
|
be either:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>A profile unique to that user</td></tr><tr><td>A mandatory profile (one the user can not change)</td></tr><tr><td>A group profile (really should be mandatory ie:unchangable)</td></tr></table></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2991638"></a>Can NOT use Roaming Profiles</h3></div></div><div></div></div><p>
|
||||||
|
“<span class="quote">
|
||||||
|
I dont want Roaming profile to be implemented, I just want to give users
|
||||||
|
local profiles only.
|
||||||
|
...
|
||||||
|
Please help me I am totally lost with this error from past two days I tried
|
||||||
|
everything and googled around quite a bit but of no help. Please help me.
|
||||||
|
</span>”</p><p>
|
||||||
|
Your choices are:
|
||||||
|
|
||||||
|
|
||||||
|
</p><div class="variablelist"><dl><dt><span class="term">Local profiles</span></dt><dd><p>
|
||||||
|
I know of no registry keys that will allow auto-deletion of LOCAL profiles on log out
|
||||||
|
</p></dd><dt><span class="term">Roaming profiles</span></dt><dd><p>
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>can use auto-delete on logout option</td></tr><tr><td>requires a registry key change on workstation</td></tr></table><p>
|
||||||
|
|
||||||
|
Your choices are:
|
||||||
|
|
||||||
|
</p><div class="variablelist"><dl><dt><span class="term">Personal Roaming profiles</span></dt><dd><p>
|
||||||
|
- should be preserved on a central server
|
||||||
|
- workstations 'cache' (store) a local copy
|
||||||
|
- used in case the profile can not be downloaded
|
||||||
|
at next logon
|
||||||
|
</p></dd><dt><span class="term">Group profiles</span></dt><dd><p>- loaded from a central place</p></dd><dt><span class="term">Mandatory profiles</span></dt><dd><p>
|
||||||
|
- can be personal or group
|
||||||
|
- can NOT be changed (except by an administrator
|
||||||
|
</p></dd></dl></div><p>
|
||||||
|
</p></dd></dl></div><p>
|
||||||
|
|
||||||
|
</p><p>
|
||||||
|
A WinNT4/2K/XP profile can vary in size from 130KB to off the scale.
|
||||||
|
Outlook PST files are most often part of the profile and can be many GB in
|
||||||
|
size. On average (in a well controlled environment) roaming profile size of
|
||||||
|
2MB is a good rule of thumb to use for planning purposes. In an
|
||||||
|
undisciplined environment I have seen up to 2GB profiles. Users tend to
|
||||||
|
complain when it take an hour to log onto a workstation but they harvest
|
||||||
|
the fruits of folly (and ignorance).
|
||||||
|
</p><p>
|
||||||
|
The point of all the above is to show that roaming profiles and good
|
||||||
|
controls of how they can be changed as well as good discipline make up for
|
||||||
|
a problem free site.
|
||||||
|
</p><p>
|
||||||
|
Microsoft's answer to the PST problem is to store all email in an MS
|
||||||
|
Exchange Server back-end. But this is another story ...!
|
||||||
|
</p><p>
|
||||||
|
So, having LOCAL profiles means:
|
||||||
|
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>If lots of users user each machine - lot's of local disk storage needed for local profiles</td></tr><tr><td>Every workstation the user logs into has it's own profile - can be very different from machine to machine</td></tr></table><p>
|
||||||
|
|
||||||
|
On the other hand, having roaming profiles means:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>The network administrator can control EVERY aspect of user profiles</td></tr><tr><td>With the use of mandatory profiles - a drastic reduction in network management overheads</td></tr><tr><td>User unhappiness about not being able to change their profiles soon fades as they get used to being able to work reliably</td></tr></table><p>
|
||||||
|
|
||||||
|
</p><p>
|
||||||
|
I have managed and installed MANY NT/2K networks and have NEVER found one
|
||||||
|
where users who move from machine to machine are happy with local
|
||||||
|
profiles. In the long run local profiles bite them.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2991859"></a>Changing the default profile</h3></div></div><div></div></div><p>“<span class="quote">
|
||||||
|
When the client tries to logon to the PDC it looks for a profile to download
|
||||||
|
where do I put this default profile.
|
||||||
|
</span>”</p><p>
|
||||||
|
Firstly, your samba server need to be configured as a domain controller.
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
server = user
|
||||||
|
os level = 32 (or more)
|
||||||
|
domain logons = Yes
|
||||||
|
</pre><p>
|
||||||
|
Plus you need to have a <i class="parameter"><tt>[netlogon]</tt></i> share that is world readable.
|
||||||
|
It is a good idea to add a logon script to pre-set printer and
|
||||||
|
drive connections. There is also a facility for automatically
|
||||||
|
synchronizing the workstation time clock with that of the logon
|
||||||
|
server (another good thing to do).
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
To invoke auto-deletion of roaming profile from the local
|
||||||
|
workstation cache (disk storage) you need to use the <span class="application">Group Policy Editor</span>
|
||||||
|
to create a file called <tt class="filename">NTConfig.POL</tt> with the appropriate entries. This
|
||||||
|
file needs to be located in the <i class="parameter"><tt>netlogon</tt></i> share root directory.</p></div><p>
|
||||||
|
Oh, of course the windows clients need to be members of the domain.
|
||||||
|
Workgroup machines do NOT do network logons - so they never see domain
|
||||||
|
profiles.
|
||||||
|
</p><p>
|
||||||
|
Secondly, for roaming profiles you need:
|
||||||
|
|
||||||
|
logon path = \\%N\profiles\%U (with some such path)
|
||||||
|
logon drive = H: (Z: is the default)
|
||||||
|
|
||||||
|
Plus you need a PROFILES share that is world writable.
|
||||||
|
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="PolicyMgmt.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="pam.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 23. System and Account Policies </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 25. PAM based Distributed Authentication</td></tr></table></div></body></html>
|
200
docs/htmldocs/SWAT.html
Normal file
200
docs/htmldocs/SWAT.html
Normal file
@ -0,0 +1,200 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 32. SWAT - The Samba Web Administration Tool</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="migration.html" title="Part IV. Migration and Updating"><link rel="previous" href="NT4Migration.html" title="Chapter 31. Migration from NT4 PDC to Samba-3 PDC"><link rel="next" href="troubleshooting.html" title="Part V. Troubleshooting"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 32. SWAT - The Samba Web Administration Tool</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="NT4Migration.html">Prev</a> </td><th width="60%" align="center">Part IV. Migration and Updating</th><td width="20%" align="right"> <a accesskey="n" href="troubleshooting.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="SWAT"></a>Chapter 32. SWAT - The Samba Web Administration Tool</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">April 21, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="SWAT.html#id3003929">Features and Benefits</a></dt><dd><dl><dt><a href="SWAT.html#id3003963">Enabling SWAT for use</a></dt><dt><a href="SWAT.html#id3006322">Securing SWAT through SSL</a></dt><dt><a href="SWAT.html#id3006435">The SWAT Home Page</a></dt><dt><a href="SWAT.html#id3006499">Global Settings</a></dt><dt><a href="SWAT.html#id3006604">Share Settings</a></dt><dt><a href="SWAT.html#id3006669">Printers Settings</a></dt><dt><a href="SWAT.html#id3006733">The SWAT Wizard</a></dt><dt><a href="SWAT.html#id3006781">The Status Page</a></dt><dt><a href="SWAT.html#id3006833">The View Page</a></dt><dt><a href="SWAT.html#id3006856">The Password Change Page</a></dt></dl></dd></dl></div><p>
|
||||||
|
There are many and varied opinions regarding the usefulness or otherwise of SWAT.
|
||||||
|
No matter how hard one tries to produce the perfect configuration tool it remains
|
||||||
|
an object of personal taste. SWAT is a tool that will allow web based configuration
|
||||||
|
of samba. It has a wizard that may help to get samba configured quickly, it has context
|
||||||
|
sensitive help on each smb.conf parameter, it provides for monitoring of current state
|
||||||
|
of connection information, and it allows network wide MS Windows network password
|
||||||
|
management.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003929"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
There are network administrators who believe that it is a good idea to write systems
|
||||||
|
documentation inside configuration files, for them SWAT will aways be a nasty tool. SWAT
|
||||||
|
does not store the configuration file in any intermediate form, rather, it stores only the
|
||||||
|
parameter settings, so when SWAT writes the smb.conf file to disk it will write only
|
||||||
|
those parameters that are at other than the default settings. The result is that all comments
|
||||||
|
will be lost from the <tt class="filename">smb.conf</tt> file. Additionally, the parameters will be written back in
|
||||||
|
internal ordering.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
So before using SWAT please be warned - SWAT will completely replace your smb.conf with
|
||||||
|
a fully optimised file that has been stripped of all comments you might have placed there
|
||||||
|
and only non-default settings will be written to the file.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3003963"></a>Enabling SWAT for use</h3></div></div><div></div></div><p>
|
||||||
|
SWAT should be installed to run via the network super daemon. Depending on which system
|
||||||
|
your Unix/Linux system has you will have either an <b class="command">inetd</b> or
|
||||||
|
<b class="command">xinetd</b> based system.
|
||||||
|
</p><p>
|
||||||
|
The nature and location of the network super-daemon varies with the operating system
|
||||||
|
implementation. The control file (or files) can be located in the file
|
||||||
|
<tt class="filename">/etc/inetd.conf</tt> or in the directory <tt class="filename">/etc/[x]inet.d</tt>
|
||||||
|
or similar.
|
||||||
|
</p><p>
|
||||||
|
The control entry for the older style file might be:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
# swat is the Samba Web Administration Tool
|
||||||
|
swat stream tcp nowait.400 root /usr/sbin/swat swat
|
||||||
|
</pre><p>
|
||||||
|
A control file for the newer style xinetd could be:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
# default: off
|
||||||
|
# description: SWAT is the Samba Web Admin Tool. Use swat \
|
||||||
|
# to configure your Samba server. To use SWAT, \
|
||||||
|
# connect to port 901 with your favorite web browser.
|
||||||
|
service swat
|
||||||
|
{
|
||||||
|
port = 901
|
||||||
|
socket_type = stream
|
||||||
|
wait = no
|
||||||
|
only_from = localhost
|
||||||
|
user = root
|
||||||
|
server = /usr/sbin/swat
|
||||||
|
log_on_failure += USERID
|
||||||
|
disable = yes
|
||||||
|
}
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
</p><p>
|
||||||
|
Both the above examples assume that the <b class="command">swat</b> binary has been
|
||||||
|
located in the <tt class="filename">/usr/sbin</tt> directory. In addition to the above
|
||||||
|
SWAT will use a directory access point from which it will load it's help files
|
||||||
|
as well as other control information. The default location for this on most Linux
|
||||||
|
systems is in the directory <tt class="filename">/usr/share/samba/swat</tt>. The default
|
||||||
|
location using samba defaults will be <tt class="filename">/usr/local/samba/swat</tt>.
|
||||||
|
</p><p>
|
||||||
|
Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user
|
||||||
|
the only permission allowed is to view certain aspects of configuration as well as
|
||||||
|
access to the password change facility. The buttons that will be exposed to the non-root
|
||||||
|
user are: <span class="guibutton">HOME</span>, <span class="guibutton">STATUS</span>, <span class="guibutton">VIEW</span>,
|
||||||
|
<span class="guibutton">PASSWORD</span>. The only page that allows
|
||||||
|
change capability in this case is <span class="guibutton">PASSWORD</span>.
|
||||||
|
</p><p>
|
||||||
|
So long as you log onto SWAT as the user <span class="emphasis"><em>root</em></span> you should obtain
|
||||||
|
full change and commit ability. The buttons that will be exposed includes:
|
||||||
|
<span class="guibutton">HOME</span>, <span class="guibutton">GLOBALS</span>, <span class="guibutton">SHARES</span>, <span class="guibutton">PRINTERS</span>,
|
||||||
|
<span class="guibutton">WIZARD</span>, <span class="guibutton">STATUS</span>, <span class="guibutton">VIEW</span>, <span class="guibutton">PASSWORD</span>.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006322"></a>Securing SWAT through SSL</h3></div></div><div></div></div><p>
|
||||||
|
Lots of people have asked about how to setup SWAT with SSL to allow for secure remote
|
||||||
|
administration of Samba. Here is a method that works, courtesy of Markus Krieger
|
||||||
|
</p><p>
|
||||||
|
Modifications to the swat setup are as following:
|
||||||
|
</p><div class="procedure"><ol type="1"><li><p>
|
||||||
|
install OpenSSL
|
||||||
|
</p></li><li><p>
|
||||||
|
generate certificate and private key
|
||||||
|
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">root# </tt><b class="userinput"><tt>/usr/bin/openssl req -new -x509 -days 365 -nodes -config \
|
||||||
|
/usr/share/doc/packages/stunnel/stunnel.cnf \
|
||||||
|
-out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem</tt></b>
|
||||||
|
</pre></li><li><p>
|
||||||
|
remove swat-entry from [x]inetd
|
||||||
|
</p></li><li><p>
|
||||||
|
start stunnel
|
||||||
|
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">root# </tt><b class="userinput"><tt>stunnel -p /etc/stunnel/stunnel.pem -d 901 \
|
||||||
|
-l /usr/local/samba/bin/swat swat </tt></b>
|
||||||
|
</pre></li></ol></div><p>
|
||||||
|
afterwords simply contact to swat by using the URL <a href="https://myhost:901" target="_top">https://myhost:901</a>, accept the certificate
|
||||||
|
and the SSL connection is up.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006435"></a>The SWAT Home Page</h3></div></div><div></div></div><p>
|
||||||
|
The SWAT title page provides access to the latest Samba documentation. The manual page for
|
||||||
|
each samba component is accessible from this page as are the Samba-HOWTO-Collection (this
|
||||||
|
document) as well as the O'Reilly book "Using Samba".
|
||||||
|
</p><p>
|
||||||
|
Administrators who wish to validate their samba configuration may obtain useful information
|
||||||
|
from the man pages for the diagnostic utilities. These are available from the SWAT home page
|
||||||
|
also. One diagnostic tool that is NOT mentioned on this page, but that is particularly
|
||||||
|
useful is <b class="command">ethereal</b>, available from <a href="http://www.ethereal.com" target="_top">
|
||||||
|
http://www.ethereal.com</a>.
|
||||||
|
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
|
||||||
|
SWAT can be configured to run in <span class="emphasis"><em>demo</em></span> mode. This is NOT recommended
|
||||||
|
as it runs SWAT without authentication and with full administrative ability. ie: Allows
|
||||||
|
changes to smb.conf as well as general operation with root privileges. The option that
|
||||||
|
creates this ability is the <tt class="option">-a</tt> flag to swat. <span class="emphasis"><em>Do not use this in any
|
||||||
|
production environment.</em></span>
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006499"></a>Global Settings</h3></div></div><div></div></div><p>
|
||||||
|
The Globals button will expose a page that allows configuration of the global parameters
|
||||||
|
in smb.conf. There are three levels of exposure of the parameters:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
<span class="emphasis"><em>Basic</em></span> - exposes common configuration options.
|
||||||
|
</p></li><li><p>
|
||||||
|
<span class="emphasis"><em>Advanced</em></span> - exposes configuration options needed in more
|
||||||
|
complex environments.
|
||||||
|
</p></li><li><p>
|
||||||
|
<span class="emphasis"><em>Developer</em></span> - exposes configuration options that only the brave
|
||||||
|
will want to tamper with.
|
||||||
|
</p></li></ul></div><p>
|
||||||
|
To switch to other than <span class="emphasis"><em>Basic</em></span> editing ability click on either the
|
||||||
|
<span class="emphasis"><em>Advanced</em></span> or the <span class="emphasis"><em>Developer</em></span> dial, then click the
|
||||||
|
<span class="guibutton">Commit Changes</span> button.
|
||||||
|
</p><p>
|
||||||
|
After making any changes to configuration parameters make sure that you click on the
|
||||||
|
<span class="guibutton">Commit Changes</span> button before moving to another area otherwise
|
||||||
|
your changes will be immediately lost.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
SWAT has context sensitive help. To find out what each parameter is for simply click the
|
||||||
|
<span class="guibutton">Help</span> link to the left of the configuration parameter.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006604"></a>Share Settings</h3></div></div><div></div></div><p>
|
||||||
|
To affect a currently configured share, simply click on the pull down button between the
|
||||||
|
<span class="guibutton">Choose Share</span> and the <span class="guibutton">Delete Share</span> buttons,
|
||||||
|
select the share you wish to operate on, then to edit the settings click on the
|
||||||
|
<span class="guibutton">Choose Share</span> button, to delete the share simply press the
|
||||||
|
<span class="guibutton">Delete Share</span> button.
|
||||||
|
</p><p>
|
||||||
|
To create a new share, next to the button labelled <span class="guibutton">Create Share</span> enter
|
||||||
|
into the text field the name of the share to be created, then click on the
|
||||||
|
<span class="guibutton">Create Share</span> button.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006669"></a>Printers Settings</h3></div></div><div></div></div><p>
|
||||||
|
To affect a currently configured printer, simply click on the pull down button between the
|
||||||
|
<span class="guibutton">Choose Printer</span> and the <span class="guibutton">Delete Printer</span> buttons,
|
||||||
|
select the printer you wish to operate on, then to edit the settings click on the
|
||||||
|
<span class="guibutton">Choose Printer</span> button, to delete the share simply press the
|
||||||
|
<span class="guibutton">Delete Printer</span> button.
|
||||||
|
</p><p>
|
||||||
|
To create a new printer, next to the button labelled <span class="guibutton">Create Printer</span> enter
|
||||||
|
into the text field the name of the share to be created, then click on the
|
||||||
|
<span class="guibutton">Create Printer</span> button.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006733"></a>The SWAT Wizard</h3></div></div><div></div></div><p>
|
||||||
|
The purpose if the SWAT Wizard is to help the Microsoft knowledgeable network administrator
|
||||||
|
to configure Samba with a minimum of effort.
|
||||||
|
</p><p>
|
||||||
|
The Wizard page provides a tool for rewriting the smb.conf file in fully optimised format.
|
||||||
|
This will also happen if you press the commit button. The two differ in the the rewrite button
|
||||||
|
ignores any changes that may have been made, while the Commit button causes all changes to be
|
||||||
|
affected.
|
||||||
|
</p><p>
|
||||||
|
The <span class="guibutton">Edit</span> button permits the editing (setting) of the minimal set of
|
||||||
|
options that may be necessary to create a working Samba server.
|
||||||
|
</p><p>
|
||||||
|
Finally, there are a limited set of options that will determine what type of server Samba
|
||||||
|
will be configured for, whether it will be a WINS server, participate as a WINS client, or
|
||||||
|
operate with no WINS support. By clicking on one button you can elect to expose (or not) user
|
||||||
|
home directories.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006781"></a>The Status Page</h3></div></div><div></div></div><p>
|
||||||
|
The status page serves a limited purpose. Firstly, it allows control of the samba daemons.
|
||||||
|
The key daemons that create the samba server environment are: <span class="application">smbd</span>, <span class="application">nmbd</span>, <span class="application">winbindd</span>.
|
||||||
|
</p><p>
|
||||||
|
The daemons may be controlled individually or as a total group. Additionally, you may set
|
||||||
|
an automatic screen refresh timing. As MS Windows clients interact with Samba new smbd processes
|
||||||
|
will be continually spawned. The auto-refresh facility will allow you to track the changing
|
||||||
|
conditions with minimal effort.
|
||||||
|
</p><p>
|
||||||
|
Lastly, the Status page may be used to terminate specific smbd client connections in order to
|
||||||
|
free files that may be locked.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006833"></a>The View Page</h3></div></div><div></div></div><p>
|
||||||
|
This page allows the administrator to view the optimised <tt class="filename">smb.conf</tt> file and, if you are
|
||||||
|
particularly masochistic, will permit you also to see all possible global configuration
|
||||||
|
parameters and their settings.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3006856"></a>The Password Change Page</h3></div></div><div></div></div><p>
|
||||||
|
The Password Change page is a popular tool. This tool allows the creation, deletion, deactivation
|
||||||
|
and reactivation of MS Windows networking users on the local machine. Alternatively, you can use
|
||||||
|
this tool to change a local password for a user account.
|
||||||
|
</p><p>
|
||||||
|
When logged in as a non-root account the user will have to provide the old password as well as
|
||||||
|
the new password (twice). When logged in as <span class="emphasis"><em>root</em></span> only the new password is
|
||||||
|
required.
|
||||||
|
</p><p>
|
||||||
|
One popular use for this tool is to change user passwords across a range of remote MS Windows
|
||||||
|
servers.
|
||||||
|
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="NT4Migration.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="migration.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="troubleshooting.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 31. Migration from NT4 PDC to Samba-3 PDC </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Part V. Troubleshooting</td></tr></table></div></body></html>
|
4
docs/htmldocs/SambaHA.html
Normal file
4
docs/htmldocs/SambaHA.html
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 29. High Availability Options</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="Backup.html" title="Chapter 28. Samba Backup Techniques"><link rel="next" href="migration.html" title="Part IV. Migration and Updating"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 29. High Availability Options</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Backup.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="migration.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="SambaHA"></a>Chapter 29. High Availability Options</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="SambaHA.html#id3003099">Note</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003099"></a>Note</h2></div></div><div></div></div><p>
|
||||||
|
This chapter did not make it into this release.
|
||||||
|
It is planned for the published release of this document.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Backup.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="migration.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 28. Samba Backup Techniques </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Part IV. Migration and Updating</td></tr></table></div></body></html>
|
343
docs/htmldocs/ServerType.html
Normal file
343
docs/htmldocs/ServerType.html
Normal file
@ -0,0 +1,343 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. Server Types and Security Modes</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part II. Server Configuration Basics"><link rel="previous" href="type.html" title="Part II. Server Configuration Basics"><link rel="next" href="samba-pdc.html" title="Chapter 5. Domain Control"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. Server Types and Security Modes</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="type.html">Prev</a> </td><th width="60%" align="center">Part II. Server Configuration Basics</th><td width="20%" align="right"> <a accesskey="n" href="samba-pdc.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ServerType"></a>Chapter 4. Server Types and Security Modes</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:tridge@samba.org">tridge@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="ServerType.html#id2888767">Features and Benefits</a></dt><dt><a href="ServerType.html#id2888862">Server Types</a></dt><dt><a href="ServerType.html#id2888947">Samba Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2889062">User Level Security</a></dt><dt><a href="ServerType.html#id2889195">Share Level Security</a></dt><dt><a href="ServerType.html#id2889317">Domain Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2889568">ADS Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2889655">Server Security (User Level Security)</a></dt></dl></dd><dt><a href="ServerType.html#id2889880">Seamless Windows Network Integration</a></dt><dt><a href="ServerType.html#id2890056">Common Errors</a></dt><dd><dl><dt><a href="ServerType.html#id2890084">What makes Samba a SERVER?</a></dt><dt><a href="ServerType.html#id2890117">What makes Samba a Domain Controller?</a></dt><dt><a href="ServerType.html#id2890146">What makes Samba a Domain Member?</a></dt><dt><a href="ServerType.html#id2890179">Constantly Losing Connections to Password Server</a></dt></dl></dd></dl></div><p>
|
||||||
|
This chapter provides information regarding the types of server that Samba may be
|
||||||
|
configured to be. A Microsoft network administrator who wishes to migrate to or to
|
||||||
|
use Samba will want to know what, within a Samba context, terms familiar to MS Windows
|
||||||
|
administrator mean. This means that it is essential also to define how critical security
|
||||||
|
modes function BEFORE we get into the details of how to configure the server itself.
|
||||||
|
</p><p>
|
||||||
|
The chapter provides an overview of the security modes of which Samba is capable
|
||||||
|
and how these relate to MS Windows servers and clients.
|
||||||
|
</p><p>
|
||||||
|
Firstly we should recognise the question so often asked, "Why would I want to use Samba?"
|
||||||
|
So, in those chapters where the answer may be important you will see a section that highlights
|
||||||
|
features and benefits. These may be for or against Samba.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2888767"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Two men were walking down a dusty road, when one suddenly kicked up a small red stone. It
|
||||||
|
hurt his toe and lodged in his sandal. He took the stone out and cursed it with a passion
|
||||||
|
and fury fitting his anguish. The other looked at the stone and said, that is a garnet - I
|
||||||
|
can turn that into a precious gem and some day it will make a princess very happy!
|
||||||
|
</p><p>
|
||||||
|
The moral of this tale: Two men, two very different perspectives regarding the same stone.
|
||||||
|
Like it or not, Samba is like that stone. Treat it the right way and it can bring great
|
||||||
|
pleasure, but if you are forced upon it and have no time for its secrets then it can be
|
||||||
|
a source of discomfort.
|
||||||
|
</p><p>
|
||||||
|
Samba started out as a project that sought to provide interoperability for MS Windows 3.x
|
||||||
|
clients with a Unix server. It has grown up a lot since its humble beginnings and now provides
|
||||||
|
features and functionality fit for large scale deployment. It also has some warts. In sections
|
||||||
|
like this one we will tell of both.
|
||||||
|
</p><p>
|
||||||
|
So now, what are the benefits of features mentioned in this chapter?
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
Samba-3 can replace an MS Windows NT4 Domain Controller
|
||||||
|
</p></li><li><p>
|
||||||
|
Samba-3 offers excellent interoperability with MS Windows NT4
|
||||||
|
style domains as well as natively with Microsoft Active
|
||||||
|
Directory domains.
|
||||||
|
</p></li><li><p>
|
||||||
|
Samba-3 permits full NT4 style Interdomain Trusts
|
||||||
|
</p></li><li><p>
|
||||||
|
Samba has security modes that permit more flexible
|
||||||
|
authentication than is possible with MS Windows NT4 Domain Controllers.
|
||||||
|
</p></li><li><p>
|
||||||
|
Samba-3 permits use of multiple account database backends
|
||||||
|
</p></li><li><p>
|
||||||
|
The account (password) database backends can be distributed
|
||||||
|
and replicated using multiple methods. This gives Samba-3
|
||||||
|
greater flexibility than MS Windows NT4 and in many cases a
|
||||||
|
significantly higher utility than Active Directory domains
|
||||||
|
with MS Windows 200x.
|
||||||
|
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2888862"></a>Server Types</h2></div></div><div></div></div><p>Administrators of Microsoft networks often refer to three
|
||||||
|
different type of servers:</p><div class="itemizedlist"><ul type="disc"><li><p>Domain Controller</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Primary Domain Controller</td></tr><tr><td>Backup Domain Controller</td></tr><tr><td>ADS Domain Controller</td></tr></table></li><li><p>Domain Member Server</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Active Directory Member Server</td></tr><tr><td>NT4 Style Domain Member Server</td></tr></table></li><li><p>Stand Alone Server</p></li></ul></div><p>
|
||||||
|
The chapters covering Domain Control, Backup Domain Control and Domain Membership provide
|
||||||
|
pertinent information regarding Samba-3 configuration for each of these server roles.
|
||||||
|
The reader is strongly encouraged to become intimately familiar with the information
|
||||||
|
presented.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2888947"></a>Samba Security Modes</h2></div></div><div></div></div><p>
|
||||||
|
In this section the function and purpose of Samba's <i class="parameter"><tt>security</tt></i>
|
||||||
|
modes are described. An accurate understanding of how Samba implements each security
|
||||||
|
mode as well as how to configure MS Windows clients for each mode will significantly
|
||||||
|
reduce user complaints and administrator heartache.
|
||||||
|
</p><p>
|
||||||
|
In the SMB/CIFS networking world, there are only two types of security: <span class="emphasis"><em>USER Level</em></span>
|
||||||
|
and <span class="emphasis"><em>SHARE Level</em></span>. We refer to these collectively as <span class="emphasis"><em>security levels</em></span>. In implementing these two <span class="emphasis"><em>security levels</em></span> Samba provides flexibilities
|
||||||
|
that are not available with Microsoft Windows NT4 / 200x servers. Samba knows of five (5)
|
||||||
|
ways that allow the security levels to be implemented. In actual fact, Samba implements
|
||||||
|
<span class="emphasis"><em>SHARE Level</em></span> security only one way, but has four ways of implementing
|
||||||
|
<span class="emphasis"><em>USER Level</em></span> security. Collectively, we call the Samba implementations
|
||||||
|
<span class="emphasis"><em>Security Modes</em></span>. These are: <span class="emphasis"><em>SHARE</em></span>, <span class="emphasis"><em>USER</em></span>, <span class="emphasis"><em>DOMAIN</em></span>,
|
||||||
|
<span class="emphasis"><em>ADS</em></span>, and <span class="emphasis"><em>SERVER</em></span>
|
||||||
|
modes. They are documented in this chapter.
|
||||||
|
</p><p>
|
||||||
|
A SMB server tells the client at startup what <i class="parameter"><tt>security level</tt></i>
|
||||||
|
it is running. There are two options: <span class="emphasis"><em>share level</em></span> and
|
||||||
|
<span class="emphasis"><em>user level</em></span>. Which of these two the client receives affects
|
||||||
|
the way the client then tries to authenticate itself. It does not directly affect
|
||||||
|
(to any great extent) the way the Samba server does security. This may sound strange,
|
||||||
|
but it fits in with the client/server approach of SMB. In SMB everything is initiated
|
||||||
|
and controlled by the client, and the server can only tell the client what is
|
||||||
|
available and whether an action is allowed.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2889062"></a>User Level Security</h3></div></div><div></div></div><p>
|
||||||
|
We will describe <i class="parameter"><tt>user level</tt></i> security first, as it's simpler.
|
||||||
|
In <span class="emphasis"><em>user level</em></span> security, the client will send a
|
||||||
|
<span class="emphasis"><em>session setup</em></span> command directly after the protocol negotiation.
|
||||||
|
This contains a username and password. The server can either accept or reject that
|
||||||
|
username/password combination. Note that at this stage the server has no idea what
|
||||||
|
share the client will eventually try to connect to, so it can't base the
|
||||||
|
<span class="emphasis"><em>accept/reject</em></span> on anything other than:
|
||||||
|
</p><div class="orderedlist"><ol type="1"><li><p>The username/password</p></li><li><p>The name of the client machine</p></li></ol></div><p>
|
||||||
|
If the server accepts the username/password then the client expects to be able to
|
||||||
|
mount shares (using a <span class="emphasis"><em>tree connection</em></span>) without specifying a
|
||||||
|
password. It expects that all access rights will be as the username/password
|
||||||
|
specified in the <span class="emphasis"><em>session setup</em></span>.
|
||||||
|
</p><p>
|
||||||
|
It is also possible for a client to send multiple <span class="emphasis"><em>session setup</em></span>
|
||||||
|
requests. When the server responds, it gives the client a <span class="emphasis"><em>uid</em></span> to use
|
||||||
|
as an authentication tag for that username/password. The client can maintain multiple
|
||||||
|
authentication contexts in this way (WinDD is an example of an application that does this).
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2889156"></a>Example Configuration</h4></div></div><div></div></div><p>
|
||||||
|
The <tt class="filename">smb.conf</tt> parameter that sets <span class="emphasis"><em>User Level Security</em></span> is:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
security = user
|
||||||
|
</pre><p>
|
||||||
|
This is the default setting since samba-2.2.x.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2889195"></a>Share Level Security</h3></div></div><div></div></div><p>
|
||||||
|
Ok, now for share level security. In share level security, the client authenticates
|
||||||
|
itself separately for each share. It will send a password along with each
|
||||||
|
<span class="emphasis"><em>tree connection</em></span> (share mount). It does not explicitly send a
|
||||||
|
username with this operation. The client expects a password to be associated
|
||||||
|
with each share, independent of the user. This means that Samba has to work out what
|
||||||
|
username the client probably wants to use. It is never explicitly sent the username.
|
||||||
|
Some commercial SMB servers such as NT actually associate passwords directly with
|
||||||
|
shares in share level security, but Samba always uses the unix authentication scheme
|
||||||
|
where it is a username/password pair that is authenticated, not a share/password pair.
|
||||||
|
</p><p>
|
||||||
|
To gain understanding of the MS Windows networking parallels to this, one should think
|
||||||
|
in terms of MS Windows 9x/Me where one can create a shared folder that provides read-only
|
||||||
|
or full access, with or without a password.
|
||||||
|
</p><p>
|
||||||
|
Many clients send a <span class="emphasis"><em>session setup</em></span> even if the server is in share
|
||||||
|
level security. They normally send a valid username but no password. Samba records
|
||||||
|
this username in a list of <span class="emphasis"><em>possible usernames</em></span>. When the client
|
||||||
|
then does a <span class="emphasis"><em>tree connection</em></span> it also adds to this list the name
|
||||||
|
of the share they try to connect to (useful for home directories) and any users
|
||||||
|
listed in the <i class="parameter"><tt>user =</tt></i> <tt class="filename">smb.conf</tt> line. The password is then checked
|
||||||
|
in turn against these <span class="emphasis"><em>possible usernames</em></span>. If a match is found
|
||||||
|
then the client is authenticated as that user.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2889275"></a>Example Configuration</h4></div></div><div></div></div><p>
|
||||||
|
The <tt class="filename">smb.conf</tt> parameter that sets <span class="emphasis"><em>Share Level Security</em></span> is:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
security = share
|
||||||
|
</pre><p>
|
||||||
|
Please note that there are reports that recent MS Windows clients do not like to work
|
||||||
|
with share mode security servers. You are strongly discouraged from using share level security.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2889317"></a>Domain Security Mode (User Level Security)</h3></div></div><div></div></div><p>
|
||||||
|
When Samba is operating in <i class="parameter"><tt>security = domain</tt></i> mode,
|
||||||
|
the Samba server has a domain security trust account (a machine account) and will cause
|
||||||
|
all authentication requests to be passed through to the domain controllers.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2889339"></a>Example Configuration</h4></div></div><div></div></div><p><span class="emphasis"><em>
|
||||||
|
Samba as a Domain Member Server
|
||||||
|
</em></span></p><p>
|
||||||
|
This method involves addition of the following parameters in the <tt class="filename">smb.conf</tt> file:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
security = domain
|
||||||
|
workgroup = "name_of_NT_domain"
|
||||||
|
</pre><p>
|
||||||
|
In order for this method to work, the Samba server needs to join the MS Windows NT
|
||||||
|
security domain. This is done as follows:
|
||||||
|
</p><div class="procedure"><ol type="1"><li><p>On the MS Windows NT domain controller, using
|
||||||
|
the Server Manager, add a machine account for the Samba server.
|
||||||
|
</p></li><li><p>Next, on the Unix/Linux system execute:</p><p><tt class="prompt">root# </tt><b class="userinput"><tt>smbpasswd -j DOMAIN_NAME -r PDC_NAME</tt></b> (samba-2.x)</p><p><tt class="prompt">root# </tt><b class="userinput"><tt>net join -U administrator%password</tt></b> (samba-3)</p></li></ol></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
As of Samba-2.2.4 the Samba 2.2.x series can auto-join a Windows NT4 style Domain just
|
||||||
|
by executing:
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">root# </tt><b class="userinput"><tt>smbpasswd -j <i class="replaceable"><tt>DOMAIN_NAME</tt></i> -r <i class="replaceable"><tt>PDC_NAME</tt></i> -U Administrator%<i class="replaceable"><tt>password</tt></i></tt></b>
|
||||||
|
</pre><p>
|
||||||
|
|
||||||
|
As of Samba-3 the same can be done by executing:
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">root# </tt><b class="userinput"><tt>net join -U Administrator%<i class="replaceable"><tt>password</tt></i></tt></b>
|
||||||
|
</pre><p>
|
||||||
|
It is not necessary with Samba-3 to specify the <i class="replaceable"><tt>DOMAIN_NAME</tt></i> or the <i class="replaceable"><tt>PDC_NAME</tt></i> as it
|
||||||
|
figures this out from the <tt class="filename">smb.conf</tt> file settings.
|
||||||
|
</p></div><p>
|
||||||
|
Use of this mode of authentication does require there to be a standard Unix account
|
||||||
|
for each user in order to assign a uid once the account has been authenticated by
|
||||||
|
the remote Windows DC. This account can be blocked to prevent logons by clients other than
|
||||||
|
MS Windows through things such as setting an invalid shell in the
|
||||||
|
<tt class="filename">/etc/passwd</tt> entry.
|
||||||
|
</p><p>
|
||||||
|
An alternative to assigning UIDs to Windows users on a Samba member server is
|
||||||
|
presented in the <a href="winbind.html" title="Chapter 21. Integrated Logon Support using Winbind">Winbind Overview</a> chapter
|
||||||
|
in this HOWTO collection.
|
||||||
|
</p><p>
|
||||||
|
For more information of being a domain member, see the <a href="domain-member.html" title="Chapter 7. Domain Membership">Domain
|
||||||
|
Member</a> section of this Howto.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2889568"></a>ADS Security Mode (User Level Security)</h3></div></div><div></div></div><p>
|
||||||
|
Both Samba 2.2 and 3.0 can join an Active Directory domain. This is
|
||||||
|
possible even if the domain is run in native mode. Active Directory in
|
||||||
|
native mode perfectly allows NT4-style domain members, contrary to
|
||||||
|
popular belief. The only thing that Active Directory in native mode
|
||||||
|
prohibits is Backup Domain Controllers running NT4.
|
||||||
|
</p><p>
|
||||||
|
If you are running Active Directory starting with Samba 3.0 you can
|
||||||
|
however join as a native AD member. Why would you want to do that?
|
||||||
|
Your security policy might prohibit the use of NT-compatible
|
||||||
|
authentication protocols. All your machines are running Windows 2000
|
||||||
|
and above and all use full Kerberos. In this case Samba as a NT4-style
|
||||||
|
domain would still require NT-compatible authentication data. Samba in
|
||||||
|
AD-member mode can accept Kerberos.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2889598"></a>Example Configuration</h4></div></div><div></div></div><pre class="programlisting">
|
||||||
|
realm = your.kerberos.REALM
|
||||||
|
security = ADS
|
||||||
|
</pre><p>
|
||||||
|
The following parameter may be required:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
ads server = your.kerberos.server
|
||||||
|
</pre><p>
|
||||||
|
Please refer to the <a href="domain-member.html" title="Chapter 7. Domain Membership">Domain Membership</a> and <a href="domain-member.html#ads-member" title="Samba ADS Domain Membership">Active Directory
|
||||||
|
Membership</a> sections for more information regarding this configuration option.
|
||||||
|
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2889655"></a>Server Security (User Level Security)</h3></div></div><div></div></div><p>
|
||||||
|
Server security mode is a left over from the time when Samba was not capable of acting
|
||||||
|
as a domain member server. It is highly recommended NOT to use this feature. Server
|
||||||
|
security mode has many draw backs. The draw backs include:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>Potential Account Lockout on MS Windows NT4/200x password servers</td></tr><tr><td>Lack of assurance that the password server is the one specified</td></tr><tr><td>Does not work with Winbind, particularly needed when storing profiles remotely</td></tr><tr><td>This mode may open connections to the password server, and keep them open for extended periods.</td></tr><tr><td>Security on the Samba server breaks badly when the remote password server suddenly shuts down</td></tr><tr><td>With this mode there is NO security account in the domain that the password server belongs to for the Samba server.</td></tr></table><p>
|
||||||
|
In server security mode the Samba server reports to the client that it is in user level
|
||||||
|
security. The client then does a <span class="emphasis"><em>session setup</em></span> as described earlier.
|
||||||
|
The Samba server takes the username/password that the client sends and attempts to login to the
|
||||||
|
<i class="parameter"><tt>password server</tt></i> by sending exactly the same username/password that
|
||||||
|
it got from the client. If that server is in user level security and accepts the password,
|
||||||
|
then Samba accepts the clients connection. This allows the Samba server to use another SMB
|
||||||
|
server as the <i class="parameter"><tt>password server</tt></i>.
|
||||||
|
</p><p>
|
||||||
|
You should also note that at the very start of all this, where the server tells the client
|
||||||
|
what security level it is in, it also tells the client if it supports encryption. If it
|
||||||
|
does then it supplies the client with a random cryptkey. The client will then send all
|
||||||
|
passwords in encrypted form. Samba supports this type of encryption by default.
|
||||||
|
</p><p>
|
||||||
|
The parameter <i class="parameter"><tt>security = server</tt></i> means that Samba reports to clients that
|
||||||
|
it is running in <span class="emphasis"><em>user mode</em></span> but actually passes off all authentication
|
||||||
|
requests to another <span class="emphasis"><em>user mode</em></span> server. This requires an additional
|
||||||
|
parameter <i class="parameter"><tt>password server</tt></i> that points to the real authentication server.
|
||||||
|
That real authentication server can be another Samba server or can be a Windows NT server,
|
||||||
|
the later natively capable of encrypted password support.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
When Samba is running in <span class="emphasis"><em>server security mode</em></span> it is essential that
|
||||||
|
the parameter <span class="emphasis"><em>password server</em></span> is set to the precise NetBIOS machine
|
||||||
|
name of the target authentication server. Samba can NOT determine this from NetBIOS name
|
||||||
|
lookups because the choice of the target authentication server is arbitrary and can not
|
||||||
|
be determined from a domain name. In essence, a Samba server that is in
|
||||||
|
<span class="emphasis"><em>server security mode</em></span> is operating in what used to be known as
|
||||||
|
workgroup mode.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2889811"></a>Example Configuration</h4></div></div><div></div></div><p><span class="emphasis"><em>
|
||||||
|
Using MS Windows NT as an authentication server
|
||||||
|
</em></span></p><p>
|
||||||
|
This method involves the additions of the following parameters in the <tt class="filename">smb.conf</tt> file:
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
encrypt passwords = Yes
|
||||||
|
security = server
|
||||||
|
password server = "NetBIOS_name_of_a_DC"
|
||||||
|
</pre><p>
|
||||||
|
There are two ways of identifying whether or not a username and password pair was valid
|
||||||
|
or not. One uses the reply information provided as part of the authentication messaging
|
||||||
|
process, the other uses just an error code.
|
||||||
|
</p><p>
|
||||||
|
The down-side of this mode of configuration is the fact that for security reasons Samba
|
||||||
|
will send the password server a bogus username and a bogus password and if the remote
|
||||||
|
server fails to reject the username and password pair then an alternative mode of
|
||||||
|
identification of validation is used. Where a site uses password lock out after a
|
||||||
|
certain number of failed authentication attempts this will result in user lockouts.
|
||||||
|
</p><p>
|
||||||
|
Use of this mode of authentication does require there to be a standard Unix account
|
||||||
|
for the user, though this account can be blocked to prevent logons by non-SMB/CIFS clients.
|
||||||
|
</p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2889880"></a>Seamless Windows Network Integration</h2></div></div><div></div></div><p>
|
||||||
|
MS Windows clients may use encrypted passwords as part of a challenge/response
|
||||||
|
authentication model (a.k.a. NTLMv1 and NTLMv2) or alone, or clear text strings for simple
|
||||||
|
password based authentication. It should be realized that with the SMB protocol,
|
||||||
|
the password is passed over the network either in plain text or encrypted, but
|
||||||
|
not both in the same authentication request.
|
||||||
|
</p><p>
|
||||||
|
When encrypted passwords are used, a password that has been entered by the user
|
||||||
|
is encrypted in two ways:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>An MD4 hash of the UNICODE of the password
|
||||||
|
string. This is known as the NT hash.
|
||||||
|
</p></li><li><p>The password is converted to upper case,
|
||||||
|
and then padded or truncated to 14 bytes. This string is
|
||||||
|
then appended with 5 bytes of NULL characters and split to
|
||||||
|
form two 56 bit DES keys to encrypt a "magic" 8 byte value.
|
||||||
|
The resulting 16 bytes form the LanMan hash.
|
||||||
|
</p></li></ul></div><p>
|
||||||
|
MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x and version 4.0
|
||||||
|
pre-service pack 3 will use either mode of password authentication. All
|
||||||
|
versions of MS Windows that follow these versions no longer support plain
|
||||||
|
text passwords by default.
|
||||||
|
</p><p>
|
||||||
|
MS Windows clients have a habit of dropping network mappings that have been idle
|
||||||
|
for 10 minutes or longer. When the user attempts to use the mapped drive
|
||||||
|
connection that has been dropped, the client re-establishes the connection using
|
||||||
|
a cached copy of the password.
|
||||||
|
</p><p>
|
||||||
|
When Microsoft changed the default password mode, support was dropped for caching
|
||||||
|
of the plain text password. This means that when the registry parameter is changed
|
||||||
|
to re-enable use of plain text passwords it appears to work, but when a dropped
|
||||||
|
service connection mapping attempts to revalidate it will fail if the remote
|
||||||
|
authentication server does not support encrypted passwords. This means that it
|
||||||
|
is definitely not a good idea to re-enable plain text password support in such clients.
|
||||||
|
</p><p>
|
||||||
|
The following parameters can be used to work around the issue of Windows 9x clients
|
||||||
|
upper casing usernames and password before transmitting them to the SMB server
|
||||||
|
when using clear text authentication.
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
<a href="smb.conf.5.html#PASSWORDLEVEL" target="_top">password level</a> = <i class="replaceable"><tt>integer</tt></i>
|
||||||
|
<a href="smb.conf.5.html#USERNAMELEVEL" target="_top">username level</a> = <i class="replaceable"><tt>integer</tt></i>
|
||||||
|
</pre><p>
|
||||||
|
By default Samba will lower case the username before attempting to lookup the user
|
||||||
|
in the database of local system accounts. Because UNIX usernames conventionally
|
||||||
|
only contain lower case character, the <i class="parameter"><tt>username level</tt></i> parameter
|
||||||
|
is rarely needed.
|
||||||
|
</p><p>
|
||||||
|
However, passwords on UNIX systems often make use of mixed case characters.
|
||||||
|
This means that in order for a user on a Windows 9x client to connect to a Samba
|
||||||
|
server using clear text authentication, the <i class="parameter"><tt>password level</tt></i>
|
||||||
|
must be set to the maximum number of upper case letter which <span class="emphasis"><em>could</em></span>
|
||||||
|
appear is a password. Note that the server OS uses the traditional DES version
|
||||||
|
of crypt(), a <i class="parameter"><tt>password level</tt></i> of 8 will result in case
|
||||||
|
insensitive passwords as seen from Windows users. This will also result in longer
|
||||||
|
login times as Samba has to compute the permutations of the password string and
|
||||||
|
try them one by one until a match is located (or all combinations fail).
|
||||||
|
</p><p>
|
||||||
|
The best option to adopt is to enable support for encrypted passwords where ever
|
||||||
|
Samba is used. Most attempts to apply the registry change to re-enable plain text
|
||||||
|
passwords will eventually lead to user complaints and unhappiness.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2890056"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
We all make mistakes. It is Ok to make mistakes, so long as they are made in the right places
|
||||||
|
and at the right time. A mistake that causes lost productivity is seldom tolerated. A mistake
|
||||||
|
made in a developmental test lab is expected.
|
||||||
|
</p><p>
|
||||||
|
Here we look at common mistakes and misapprehensions that have been the subject of discussions
|
||||||
|
on the Samba mailing lists. Many of these are avoidable by doing you homework before attempting
|
||||||
|
a Samba implementation. Some are the result of misunderstanding of the English language. The
|
||||||
|
English language has many turns of phrase that are potentially vague and may be highly confusing
|
||||||
|
to those for whom English is not their native tongue.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2890084"></a>What makes Samba a SERVER?</h3></div></div><div></div></div><p>
|
||||||
|
To some the nature of the Samba <span class="emphasis"><em>security</em></span> mode is very obvious, but entirely
|
||||||
|
wrong all the same. It is assumed that <i class="parameter"><tt>security = server</tt></i> means that Samba
|
||||||
|
will act as a server. Not so! See above - this setting means that Samba will <span class="emphasis"><em>try</em></span>
|
||||||
|
to use another SMB server as its source of user authentication alone.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2890117"></a>What makes Samba a Domain Controller?</h3></div></div><div></div></div><p>
|
||||||
|
The <tt class="filename">smb.conf</tt> parameter <i class="parameter"><tt>security = domain</tt></i> does NOT really make Samba behave
|
||||||
|
as a Domain Controller! This setting means we want Samba to be a domain member!
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2890146"></a>What makes Samba a Domain Member?</h3></div></div><div></div></div><p>
|
||||||
|
Guess! So many others do. But whatever you do, do NOT think that <i class="parameter"><tt>security = user</tt></i>
|
||||||
|
makes Samba act as a domain member. Read the manufacturers manual before the warranty expires! See
|
||||||
|
the <a href="domain-member.html" title="Chapter 7. Domain Membership">Domain Member</a> section of this Howto for more information.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2890179"></a>Constantly Losing Connections to Password Server</h3></div></div><div></div></div><p>
|
||||||
|
Why does server_validate() simply give up rather than re-establishing its connection to the
|
||||||
|
password server? Though I am not fluent in the SMB protocol, perhaps the cluster server
|
||||||
|
process passes along to its client workstation the session key it receives from the password
|
||||||
|
server, which means the password hashes submitted by the client would not work on a subsequent
|
||||||
|
connection, whose session key would be different. So server_validate() must give up.
|
||||||
|
</p><p>
|
||||||
|
Indeed. That's why security = server is at best a nasty hack. Please use security = domain.
|
||||||
|
<i class="parameter"><tt>security = server</tt></i> mode is also known as pass-through authentication.
|
||||||
|
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="type.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="type.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="samba-pdc.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part II. Server Configuration Basics </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 5. Domain Control</td></tr></table></div></body></html>
|
143
docs/htmldocs/StandAloneServer.html
Normal file
143
docs/htmldocs/StandAloneServer.html
Normal file
@ -0,0 +1,143 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Stand-Alone Servers</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part II. Server Configuration Basics"><link rel="previous" href="domain-member.html" title="Chapter 7. Domain Membership"><link rel="next" href="ClientConfig.html" title="Chapter 9. MS Windows Network Configuration Guide"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Stand-Alone Servers</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="domain-member.html">Prev</a> </td><th width="60%" align="center">Part II. Server Configuration Basics</th><td width="20%" align="right"> <a accesskey="n" href="ClientConfig.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="StandAloneServer"></a>Chapter 8. Stand-Alone Servers</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="StandAloneServer.html#id2902304">Features and Benefits</a></dt><dt><a href="StandAloneServer.html#id2902501">Background</a></dt><dt><a href="StandAloneServer.html#id2902573">Example Configuration</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2902588">Reference Documentation Server</a></dt><dt><a href="StandAloneServer.html#id2902638">Central Print Serving</a></dt></dl></dd><dt><a href="StandAloneServer.html#id2902852">Common Errors</a></dt></dl></div><p>
|
||||||
|
Stand-Alone servers are independent of Domain Controllers on the network.
|
||||||
|
They are NOT domain members and function more like workgroup servers. In many
|
||||||
|
cases a stand-alone server is configured with a minimum of security control
|
||||||
|
with the intent that all data served will be readily accessible to all users.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2902304"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Stand-Alone servers can be as secure or as insecure as needs dictate. They can
|
||||||
|
have simple or complex configurations. Above all, despite the hoopla about
|
||||||
|
Domain security they remain a very common installation.
|
||||||
|
</p><p>
|
||||||
|
If all that is needed is a server for read-only files, or for
|
||||||
|
printers alone, it may not make sense to affect a complex installation.
|
||||||
|
For example: A drafting office needs to store old drawings and reference
|
||||||
|
standards. No-one can write files to the server as it is legislatively
|
||||||
|
important that all documents remain unaltered. A share mode read-only stand-alone
|
||||||
|
server is an ideal solution.
|
||||||
|
</p><p>
|
||||||
|
Another situation that warrants simplicity is an office that has many printers
|
||||||
|
that are queued off a single central server. Everyone needs to be able to print
|
||||||
|
to the printers, there is no need to affect any access controls and no files will
|
||||||
|
be served from the print server. Again a share mode stand-alone server makes
|
||||||
|
a great solution.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2902501"></a>Background</h2></div></div><div></div></div><p>
|
||||||
|
The term <span class="emphasis"><em>stand-alone server</em></span> means that the server
|
||||||
|
will provide local authentication and access control for all resources
|
||||||
|
that are available from it. In general this means that there will be a
|
||||||
|
local user database. In more technical terms, it means that resources
|
||||||
|
on the machine will be made available in either SHARE mode or in
|
||||||
|
USER mode.
|
||||||
|
</p><p>
|
||||||
|
No special action is needed other than to create user accounts. Stand-alone
|
||||||
|
servers do NOT provide network logon services. This means that machines that
|
||||||
|
use this server do NOT perform a domain logon to it. Whatever logon facility
|
||||||
|
the workstations are subject to is independent of this machine. It is however
|
||||||
|
necessary to accommodate any network user so that the logon name they use will
|
||||||
|
be translated (mapped) locally on the stand-alone server to a locally known
|
||||||
|
user name. There are several ways this can be done.
|
||||||
|
</p><p>
|
||||||
|
Samba tends to blur the distinction a little in respect of what is
|
||||||
|
a stand-alone server. This is because the authentication database may be
|
||||||
|
local or on a remote server, even if from the Samba protocol perspective
|
||||||
|
the Samba server is NOT a member of a domain security context.
|
||||||
|
</p><p>
|
||||||
|
Through the use of PAM (Pluggable Authentication Modules) and nsswitch
|
||||||
|
(the name service switcher) the source of authentication may reside on
|
||||||
|
another server. We would be inclined to call this the authentication server.
|
||||||
|
This means that the Samba server may use the local Unix/Linux system password database
|
||||||
|
(<tt class="filename">/etc/passwd</tt> or <tt class="filename">/etc/shadow</tt>), may use a
|
||||||
|
local smbpasswd file, or may use
|
||||||
|
an LDAP back end, or even via PAM and Winbind another CIFS/SMB server
|
||||||
|
for authentication.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2902573"></a>Example Configuration</h2></div></div><div></div></div><p>
|
||||||
|
The following examples are designed to inspire simplicity. It is too easy to
|
||||||
|
attempt a high level of creativity and to introduce too much complexity in
|
||||||
|
server and network design.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2902588"></a>Reference Documentation Server</h3></div></div><div></div></div><p>
|
||||||
|
Configuration of a read-only data server that EVERYONE can access is very simple.
|
||||||
|
Here is the smb.conf file that will do this. Assume that all the reference documents
|
||||||
|
are stored in the directory /export, that the documents are owned by a user other than
|
||||||
|
nobody. No home directories are shared, that are no users in the <tt class="filename">/etc/passwd</tt>
|
||||||
|
Unix system database. This is a very simple system to administer.
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
# Global parameters
|
||||||
|
[global]
|
||||||
|
workgroup = MYGROUP
|
||||||
|
netbios name = REFDOCS
|
||||||
|
security = SHARE
|
||||||
|
passdb backend = guest
|
||||||
|
wins server = 192.168.1.1
|
||||||
|
|
||||||
|
[data]
|
||||||
|
comment = Data
|
||||||
|
path = /export
|
||||||
|
guest only = Yes
|
||||||
|
</pre><p>
|
||||||
|
In the above example the machine name is set to REFDOCS, the workgroup is set to the name
|
||||||
|
of the local workgroup so that the machine will appear in with systems users are familiar
|
||||||
|
with. The only password backend required is the "guest" backend so as to allow default
|
||||||
|
unprivileged account names to be used. Given that there is a WINS server on this network
|
||||||
|
we do use it.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2902638"></a>Central Print Serving</h3></div></div><div></div></div><p>
|
||||||
|
Configuration of a simple print server is very simple if you have all the right tools
|
||||||
|
on your system.
|
||||||
|
</p><div class="orderedlist"><p class="title"><b> Assumptions:</b></p><ol type="1"><li><p>
|
||||||
|
The print server must require no administration
|
||||||
|
</p></li><li><p>
|
||||||
|
The print spooling and processing system on our print server will be CUPS.
|
||||||
|
(Please refer to the <a href="CUPS-printing.html" title="Chapter 19. CUPS Printing Support in Samba 3.0">CUPS Printing</a> chapter for more information).
|
||||||
|
</p></li><li><p>
|
||||||
|
All printers that the print server will service will be network
|
||||||
|
printers. They will be correctly configured, by the administrator,
|
||||||
|
in the CUPS environment.
|
||||||
|
</p></li><li><p>
|
||||||
|
All workstations will be installed using postscript drivers. The printer
|
||||||
|
of choice is the Apple Color LaserWriter.
|
||||||
|
</p></li></ol></div><p>
|
||||||
|
In this example our print server will spool all incoming print jobs to
|
||||||
|
<tt class="filename">/var/spool/samba</tt> until the job is ready to be submitted by
|
||||||
|
Samba to the CUPS print processor. Since all incoming connections will be as
|
||||||
|
the anonymous (guest) user, two things will be required:
|
||||||
|
</p><div class="itemizedlist"><p class="title"><b>Enabling Anonymous Printing</b></p><ul type="disc"><li><p>
|
||||||
|
The Unix/Linux system must have a <b class="command">guest</b> account.
|
||||||
|
The default for this is usually the account <b class="command">nobody</b>.
|
||||||
|
To find the correct name to use for your version of Samba do the
|
||||||
|
following:
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">$ </tt><b class="userinput"><tt>testparm -s -v | grep "guest account"</tt></b>
|
||||||
|
</pre><p>
|
||||||
|
Then make sure that this account exists in your system password
|
||||||
|
database (<tt class="filename">/etc/passwd</tt>).
|
||||||
|
</p></li><li><p>
|
||||||
|
The directory into which Samba will spool the file must have write
|
||||||
|
access for the guest account. The following commands will ensure that
|
||||||
|
this directory is available for use:
|
||||||
|
</p><pre class="screen">
|
||||||
|
<tt class="prompt">root# </tt><b class="userinput"><tt>mkdir /var/spool/samba</tt></b>
|
||||||
|
<tt class="prompt">root# </tt><b class="userinput"><tt>chown nobody.nobody /var/spool/samba</tt></b>
|
||||||
|
<tt class="prompt">root# </tt><b class="userinput"><tt>chmod a+rwt /var/spool/samba</tt></b>
|
||||||
|
</pre><p>
|
||||||
|
</p></li></ul></div><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
# Global parameters
|
||||||
|
[global]
|
||||||
|
workgroup = MYGROUP
|
||||||
|
netbios name = PTRSVR1
|
||||||
|
security = SHARE
|
||||||
|
passdb backend = guest
|
||||||
|
wins server = 192.168.1.1
|
||||||
|
|
||||||
|
[printers]
|
||||||
|
comment = All Printers
|
||||||
|
path = /var/spool/samba
|
||||||
|
printer admin = root
|
||||||
|
guest ok = Yes
|
||||||
|
printable = Yes
|
||||||
|
printing = cups
|
||||||
|
use client driver = Yes
|
||||||
|
browseable = No
|
||||||
|
</pre><p>
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2902852"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
The greatest mistake so often made is to make a network configuration too complex.
|
||||||
|
It pays to use the simplest solution that will meet the needs of the moment.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="domain-member.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="type.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ClientConfig.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 7. Domain Membership </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 9. MS Windows Network Configuration Guide</td></tr></table></div></body></html>
|
105
docs/htmldocs/VFS.html
Normal file
105
docs/htmldocs/VFS.html
Normal file
@ -0,0 +1,105 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 20. Stackable VFS modules</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="CUPS-printing.html" title="Chapter 19. CUPS Printing Support in Samba 3.0"><link rel="next" href="winbind.html" title="Chapter 21. Integrated Logon Support using Winbind"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 20. Stackable VFS modules</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="CUPS-printing.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="winbind.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="VFS"></a>Chapter 20. Stackable VFS modules</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Tim</span> <span class="surname">Potter</span></h3></div></div><div><div class="author"><h3 class="author"><span class="firstname">Simo</span> <span class="surname">Sorce</span></h3><span class="contrib">original vfs_skel README</span></div></div><div><div class="author"><h3 class="author"><span class="firstname">Alexander</span> <span class="surname">Bokovoy</span></h3><span class="contrib">original vfs_netatalk docs</span></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stefan</span> <span class="surname">Metzmacher</span></h3><span class="contrib">Update for multiple modules</span></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="VFS.html#id2978211">Features and Benefits</a></dt><dt><a href="VFS.html#id2978229">Discussion</a></dt><dt><a href="VFS.html#id2978320">Included modules</a></dt><dd><dl><dt><a href="VFS.html#id2978327">audit</a></dt><dt><a href="VFS.html#id2978365">extd_audit</a></dt><dt><a href="VFS.html#id2978489">fake_perms</a></dt><dt><a href="VFS.html#id2978508">recycle</a></dt><dt><a href="VFS.html#id2978645">netatalk</a></dt></dl></dd><dt><a href="VFS.html#id2978690">VFS modules available elsewhere</a></dt><dd><dl><dt><a href="VFS.html#id2978712">DatabaseFS</a></dt><dt><a href="VFS.html#id2978768">vscan</a></dt></dl></dd><dt><a href="VFS.html#id2978797">Common Errors</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2978211"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Since Samba-3, there is support for stackable VFS(Virtual File System) modules.
|
||||||
|
Samba passes each request to access the unix file system thru the loaded VFS modules.
|
||||||
|
This chapter covers all the modules that come with the samba source and references to
|
||||||
|
some external modules.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2978229"></a>Discussion</h2></div></div><div></div></div><p>
|
||||||
|
If not supplied with your platform distribution binary Samba package you may have problems
|
||||||
|
to compile these modules, as shared libraries are compiled and linked in different ways
|
||||||
|
on different systems. They currently have been tested against GNU/Linux and IRIX.
|
||||||
|
</p><p>
|
||||||
|
To use the VFS modules, create a share similar to the one below. The
|
||||||
|
important parameter is the <b class="command">vfs objects</b> parameter where
|
||||||
|
you can list one or more VFS modules by name. For example, to log all access
|
||||||
|
to files and put deleted files in a recycle bin:
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
[audit]
|
||||||
|
comment = Audited /data directory
|
||||||
|
path = /data
|
||||||
|
vfs objects = audit recycle
|
||||||
|
writeable = yes
|
||||||
|
browseable = yes
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
The modules are used in the order in which they are specified.
|
||||||
|
</p><p>
|
||||||
|
Samba will attempt to load modules from the <span class="emphasis"><em>lib</em></span>
|
||||||
|
directory in the root directory of the samba installation (usually
|
||||||
|
<tt class="filename">/usr/lib/samba/vfs</tt> or <tt class="filename">/usr/local/samba/lib/vfs
|
||||||
|
</tt>).
|
||||||
|
</p><p>
|
||||||
|
Some modules can be used twice for the same share.
|
||||||
|
This can be done using a configuration similar to the one below.
|
||||||
|
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
[test]
|
||||||
|
comment = VFS TEST
|
||||||
|
path = /data
|
||||||
|
writeable = yes
|
||||||
|
browseable = yes
|
||||||
|
vfs objects = example:example1 example example:test
|
||||||
|
example1: parameter = 1
|
||||||
|
example: parameter = 5
|
||||||
|
test: parameter = 7
|
||||||
|
</pre><p>
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2978320"></a>Included modules</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2978327"></a>audit</h3></div></div><div></div></div><p>
|
||||||
|
A simple module to audit file access to the syslog
|
||||||
|
facility. The following operations are logged:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>share</td></tr><tr><td>connect/disconnect</td></tr><tr><td>directory opens/create/remove</td></tr><tr><td>file open/close/rename/unlink/chmod</td></tr></table><p>
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2978365"></a>extd_audit</h3></div></div><div></div></div><p>
|
||||||
|
This module is identical with the <span class="emphasis"><em>audit</em></span> module above except
|
||||||
|
that it sends audit logs to both syslog as well as the smbd log file/s. The
|
||||||
|
loglevel for this module is set in the smb.conf file.
|
||||||
|
</p><p>
|
||||||
|
The logging information that will be written to the smbd log file is controlled by
|
||||||
|
the <i class="parameter"><tt>log level</tt></i> parameter in <tt class="filename">smb.conf</tt>. The
|
||||||
|
following information will be recorded:
|
||||||
|
</p><div class="table"><a name="id2978406"></a><p class="title"><b>Table 20.1. Extended Auditing Log Information</b></p><table summary="Extended Auditing Log Information" border="1"><colgroup><col><col></colgroup><thead><tr><th align="center">Log Level</th><th align="center">Log Details - File and Directory Operations</th></tr></thead><tbody><tr><td align="center">0</td><td align="left">Creation / Deletion</td></tr><tr><td align="center">1</td><td align="left">Create / Delete / Rename / Permission Changes</td></tr><tr><td align="center">2</td><td align="left">Create / Delete / Rename / Perm Change / Open / Close</td></tr></tbody></table></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2978489"></a>fake_perms</h3></div></div><div></div></div><p>
|
||||||
|
This module was created to allow Roaming Profile files and directories to be set (on the Samba server
|
||||||
|
under Unix) as read only. This module will if installed on the Profiles share will report to the client
|
||||||
|
that the Profile files and directories are writable. This satisfies the client even though the files
|
||||||
|
will never be overwritten as the client logs out or shuts down.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2978508"></a>recycle</h3></div></div><div></div></div><p>
|
||||||
|
A recycle-bin like module. When used any unlink call
|
||||||
|
will be intercepted and files moved to the recycle
|
||||||
|
directory instead of being deleted.
|
||||||
|
</p><p>Supported options:
|
||||||
|
</p><div class="variablelist"><dl><dt><span class="term">recycle:repository</span></dt><dd><p>FIXME</p></dd><dt><span class="term">recycle:keeptree</span></dt><dd><p>FIXME</p></dd><dt><span class="term">recycle:versions</span></dt><dd><p>FIXME</p></dd><dt><span class="term">recycle:touch</span></dt><dd><p>FIXME</p></dd><dt><span class="term">recycle:maxsize</span></dt><dd><p>FIXME</p></dd><dt><span class="term">recycle:exclude</span></dt><dd><p>FIXME</p></dd><dt><span class="term">recycle:exclude_dir</span></dt><dd><p>FIXME</p></dd><dt><span class="term">recycle:noversions</span></dt><dd><p>FIXME</p></dd></dl></div><p>
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2978645"></a>netatalk</h3></div></div><div></div></div><p>
|
||||||
|
A netatalk module, that will ease co-existence of samba and
|
||||||
|
netatalk file sharing services.
|
||||||
|
</p><p>Advantages compared to the old netatalk module:
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>it doesn't care about creating of .AppleDouble forks, just keeps them in sync</td></tr><tr><td>if a share in <tt class="filename">smb.conf</tt> doesn't contain .AppleDouble item in hide or veto list, it will be added automatically</td></tr></table><p>
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2978690"></a>VFS modules available elsewhere</h2></div></div><div></div></div><p>
|
||||||
|
This section contains a listing of various other VFS modules that
|
||||||
|
have been posted but don't currently reside in the Samba CVS
|
||||||
|
tree for one reason or another (e.g. it is easy for the maintainer
|
||||||
|
to have his or her own CVS tree).
|
||||||
|
</p><p>
|
||||||
|
No statements about the stability or functionality of any module
|
||||||
|
should be implied due to its presence here.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2978712"></a>DatabaseFS</h3></div></div><div></div></div><p>
|
||||||
|
URL: <a href="http://www.css.tayloru.edu/~elorimer/databasefs/index.php" target="_top">http://www.css.tayloru.edu/~elorimer/databasefs/index.php</a>
|
||||||
|
</p><p>By <a href="mailto:elorimer@css.tayloru.edu" target="_top">Eric Lorimer</a>.</p><p>
|
||||||
|
I have created a VFS module which implements a fairly complete read-only
|
||||||
|
filesystem. It presents information from a database as a filesystem in
|
||||||
|
a modular and generic way to allow different databases to be used
|
||||||
|
(originally designed for organizing MP3s under directories such as
|
||||||
|
"Artists," "Song Keywords," etc... I have since applied it to a student
|
||||||
|
roster database very easily). The directory structure is stored in the
|
||||||
|
database itself and the module makes no assumptions about the database
|
||||||
|
structure beyond the table it requires to run.
|
||||||
|
</p><p>
|
||||||
|
Any feedback would be appreciated: comments, suggestions, patches,
|
||||||
|
etc... If nothing else, hopefully it might prove useful for someone
|
||||||
|
else who wishes to create a virtual filesystem.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2978768"></a>vscan</h3></div></div><div></div></div><p>URL: <a href="http://www.openantivirus.org/" target="_top">http://www.openantivirus.org/</a></p><p>
|
||||||
|
samba-vscan is a proof-of-concept module for Samba, which
|
||||||
|
uses the VFS (virtual file system) features of Samba 2.2.x/3.0
|
||||||
|
alphaX. Of course, Samba has to be compiled with VFS support.
|
||||||
|
samba-vscan supports various virus scanners and is maintained
|
||||||
|
by Rainer Link.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2978797"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
There must be some gotchas we should record here! Jelmer???
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="CUPS-printing.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="winbind.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 19. CUPS Printing Support in Samba 3.0 </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 21. Integrated Logon Support using Winbind</td></tr></table></div></body></html>
|
76
docs/htmldocs/index.html
Executable file
76
docs/htmldocs/index.html
Executable file
File diff suppressed because one or more lines are too long
1
docs/htmldocs/ix01.html
Normal file
1
docs/htmldocs/ix01.html
Normal file
@ -0,0 +1 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Index</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="Further-Resources.html" title="Chapter 41. Further Resources"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Index</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Further-Resources.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> </td></tr></table><hr></div><div class="index"><div class="titlepage"><div><div><h2 class="title"><a name="id3018533"></a>Index</h2></div></div><div></div></div><div class="index"></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Further-Resources.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> </td></tr><tr><td width="40%" align="left" valign="top">Chapter 41. Further Resources </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></body></html>
|
656
docs/htmldocs/locking.html
Normal file
656
docs/htmldocs/locking.html
Normal file
@ -0,0 +1,656 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 14. File and Record Locking</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="AccessControls.html" title="Chapter 13. File, Directory and Share Access Controls"><link rel="next" href="securing-samba.html" title="Chapter 15. Securing Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 14. File and Record Locking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="AccessControls.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="securing-samba.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="locking"></a>Chapter 14. File and Record Locking</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jeremy</span> <span class="surname">Allison</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jra@samba.org">jra@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Roseme</span></h3><div class="affiliation"><span class="orgname">HP Oplocks Usage Recommendations Whitepaper<br></span><div class="address"><p><tt class="email"><<a href="mailto:eric.roseme@hp.com">eric.roseme@hp.com</a>></tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="locking.html#id2928216">Features and Benefits</a></dt><dt><a href="locking.html#id2928272">Discussion</a></dt><dd><dl><dt><a href="locking.html#id2928403">Opportunistic Locking Overview</a></dt></dl></dd><dt><a href="locking.html#id2929049">Samba Opportunistic Locking Control</a></dt><dd><dl><dt><a href="locking.html#id2929159">Example Configuration</a></dt></dl></dd><dt><a href="locking.html#id2929419">MS Windows Opportunistic Locking and Caching Controls</a></dt><dd><dl><dt><a href="locking.html#id2929649">Workstation Service Entries</a></dt><dt><a href="locking.html#id2929676">Server Service Entries</a></dt></dl></dd><dt><a href="locking.html#id2929755">Persistent Data Corruption</a></dt><dt><a href="locking.html#id2929785">Common Errors</a></dt><dd><dl><dt><a href="locking.html#id2929859">locking.tdb error messages</a></dt></dl></dd><dt><a href="locking.html#id2929890">Additional Reading</a></dt></dl></div><p>
|
||||||
|
One area which causes trouble for many network administrators is locking.
|
||||||
|
The extent of the problem is readily evident from searches over the internet.
|
||||||
|
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2928216"></a>Features and Benefits</h2></div></div><div></div></div><p>
|
||||||
|
Samba provides all the same locking semantics that MS Windows clients expect
|
||||||
|
and that MS Windows NT4 / 200x servers provide also.
|
||||||
|
</p><p>
|
||||||
|
The term <span class="emphasis"><em>locking</em></span> has exceptionally broad meaning and covers
|
||||||
|
a range of functions that are all categorized under this one term.
|
||||||
|
</p><p>
|
||||||
|
Opportunistic locking is a desirable feature when it can enhance the
|
||||||
|
perceived performance of applications on a networked client. However, the
|
||||||
|
opportunistic locking protocol is not robust, and therefore can
|
||||||
|
encounter problems when invoked beyond a simplistic configuration, or
|
||||||
|
on extended, slow, or faulty networks. In these cases, operating
|
||||||
|
system management of opportunistic locking and/or recovering from
|
||||||
|
repetitive errors can offset the perceived performance advantage that
|
||||||
|
it is intended to provide.
|
||||||
|
</p><p>
|
||||||
|
The MS Windows network administrator needs to be aware that file and record
|
||||||
|
locking semantics (behaviour) can be controlled either in Samba or by way of registry
|
||||||
|
settings on the MS Windows client.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
Sometimes it is necessary to disable locking control settings BOTH on the Samba
|
||||||
|
server as well as on each MS Windows client!
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2928272"></a>Discussion</h2></div></div><div></div></div><p>
|
||||||
|
There are two types of locking which need to be performed by a SMB server.
|
||||||
|
The first is <span class="emphasis"><em>record locking</em></span> which allows a client to lock
|
||||||
|
a range of bytes in a open file. The second is the <span class="emphasis"><em>deny modes</em></span>
|
||||||
|
that are specified when a file is open.
|
||||||
|
</p><p>
|
||||||
|
Record locking semantics under Unix is very different from record locking under
|
||||||
|
Windows. Versions of Samba before 2.2 have tried to use the native fcntl() unix
|
||||||
|
system call to implement proper record locking between different Samba clients.
|
||||||
|
This can not be fully correct due to several reasons. The simplest is the fact
|
||||||
|
that a Windows client is allowed to lock a byte range up to 2^32 or 2^64,
|
||||||
|
depending on the client OS. The unix locking only supports byte ranges up to 2^31.
|
||||||
|
So it is not possible to correctly satisfy a lock request above 2^31. There are
|
||||||
|
many more differences, too many to be listed here.
|
||||||
|
</p><p>
|
||||||
|
Samba 2.2 and above implements record locking completely independent of the
|
||||||
|
underlying unix system. If a byte range lock that the client requests happens
|
||||||
|
to fall into the range 0-2^31, Samba hands this request down to the Unix system.
|
||||||
|
All other locks can not be seen by unix anyway.
|
||||||
|
</p><p>
|
||||||
|
Strictly a SMB server should check for locks before every read and write call on
|
||||||
|
a file. Unfortunately with the way fcntl() works this can be slow and may overstress
|
||||||
|
the <b class="command">rpc.lockd</b>. It is also almost always unnecessary as clients are supposed to
|
||||||
|
independently make locking calls before reads and writes anyway if locking is
|
||||||
|
important to them. By default Samba only makes locking calls when explicitly asked
|
||||||
|
to by a client, but if you set <i class="parameter"><tt>strict locking = yes</tt></i> then it
|
||||||
|
will make lock checking calls on every read and write.
|
||||||
|
</p><p>
|
||||||
|
You can also disable by range locking completely using <i class="parameter"><tt>locking = no</tt></i>.
|
||||||
|
This is useful for those shares that don't support locking or don't need it
|
||||||
|
(such as cdroms). In this case Samba fakes the return codes of locking calls to
|
||||||
|
tell clients that everything is OK.
|
||||||
|
</p><p>
|
||||||
|
The second class of locking is the <i class="parameter"><tt>deny modes</tt></i>. These
|
||||||
|
are set by an application when it opens a file to determine what types of
|
||||||
|
access should be allowed simultaneously with its open. A client may ask for
|
||||||
|
<tt class="constant">DENY_NONE</tt>, <tt class="constant">DENY_READ</tt>,
|
||||||
|
<tt class="constant">DENY_WRITE</tt> or <tt class="constant">DENY_ALL</tt>. There are also special compatibility
|
||||||
|
modes called <tt class="constant">DENY_FCB</tt> and <tt class="constant">DENY_DOS</tt>.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2928403"></a>Opportunistic Locking Overview</h3></div></div><div></div></div><p>
|
||||||
|
Opportunistic locking (Oplocks) is invoked by the Windows file system
|
||||||
|
(as opposed to an API) via registry entries (on the server AND client)
|
||||||
|
for the purpose of enhancing network performance when accessing a file
|
||||||
|
residing on a server. Performance is enhanced by caching the file
|
||||||
|
locally on the client which allows:
|
||||||
|
</p><div class="variablelist"><dl><dt><span class="term">Read-ahead:</span></dt><dd><p>
|
||||||
|
The client reads the local copy of the file, eliminating network latency
|
||||||
|
</p></dd><dt><span class="term">Write caching:</span></dt><dd><p>
|
||||||
|
The client writes to the local copy of the file, eliminating network latency
|
||||||
|
</p></dd><dt><span class="term">Lock caching:</span></dt><dd><p>
|
||||||
|
The client caches application locks locally, eliminating network latency
|
||||||
|
</p></dd></dl></div><p>
|
||||||
|
The performance enhancement of oplocks is due to the opportunity of
|
||||||
|
exclusive access to the file - even if it is opened with deny-none -
|
||||||
|
because Windows monitors the file's status for concurrent access from
|
||||||
|
other processes.
|
||||||
|
</p><div class="variablelist"><p class="title"><b>Windows defines 4 kinds of Oplocks:</b></p><dl><dt><span class="term">Level1 Oplock:</span></dt><dd><p>
|
||||||
|
The redirector sees that the file was opened with deny
|
||||||
|
none (allowing concurrent access), verifies that no
|
||||||
|
other process is accessing the file, checks that
|
||||||
|
oplocks are enabled, then grants deny-all/read-write/exclusive
|
||||||
|
access to the file. The client now performs
|
||||||
|
operations on the cached local file.
|
||||||
|
</p><p>
|
||||||
|
If a second process attempts to open the file, the open
|
||||||
|
is deferred while the redirector "breaks" the original
|
||||||
|
oplock. The oplock break signals the caching client to
|
||||||
|
write the local file back to the server, flush the
|
||||||
|
local locks, and discard read-ahead data. The break is
|
||||||
|
then complete, the deferred open is granted, and the
|
||||||
|
multiple processes can enjoy concurrent file access as
|
||||||
|
dictated by mandatory or byte-range locking options.
|
||||||
|
However, if the original opening process opened the
|
||||||
|
file with a share mode other than deny-none, then the
|
||||||
|
second process is granted limited or no access, despite
|
||||||
|
the oplock break.
|
||||||
|
</p></dd><dt><span class="term">Level2 Oplock:</span></dt><dd><p>
|
||||||
|
Performs like a level1 oplock, except caching is only
|
||||||
|
operative for reads. All other operations are performed
|
||||||
|
on the server disk copy of the file.
|
||||||
|
</p></dd><dt><span class="term">Filter Oplock:</span></dt><dd><p>
|
||||||
|
Does not allow write or delete file access
|
||||||
|
</p></dd><dt><span class="term">Batch Oplock:</span></dt><dd><p>
|
||||||
|
Manipulates file openings and closings - allows caching
|
||||||
|
of file attributes
|
||||||
|
</p></dd></dl></div><p>
|
||||||
|
An important detail is that oplocks are invoked by the file system, not
|
||||||
|
an application API. Therefore, an application can close an oplocked
|
||||||
|
file, but the file system does not relinquish the oplock. When the
|
||||||
|
oplock break is issued, the file system then simply closes the file in
|
||||||
|
preparation for the subsequent open by the second process.
|
||||||
|
</p><p>
|
||||||
|
<span class="emphasis"><em>Opportunistic Locking</em></span> is actually an improper name for this feature.
|
||||||
|
The true benefit of this feature is client-side data caching, and
|
||||||
|
oplocks is merely a notification mechanism for writing data back to the
|
||||||
|
networked storage disk. The limitation of opportunistic locking is the
|
||||||
|
reliability of the mechanism to process an oplock break (notification)
|
||||||
|
between the server and the caching client. If this exchange is faulty
|
||||||
|
(usually due to timing out for any number of reasons) then the
|
||||||
|
client-side caching benefit is negated.
|
||||||
|
</p><p>
|
||||||
|
The actual decision that a user or administrator should consider is
|
||||||
|
whether it is sensible to share amongst multiple users data that will
|
||||||
|
be cached locally on a client. In many cases the answer is no.
|
||||||
|
Deciding when to cache or not cache data is the real question, and thus
|
||||||
|
"opportunistic locking" should be treated as a toggle for client-side
|
||||||
|
caching. Turn it "ON" when client-side caching is desirable and
|
||||||
|
reliable. Turn it "OFF" when client-side caching is redundant,
|
||||||
|
unreliable, or counter-productive.
|
||||||
|
</p><p>
|
||||||
|
Opportunistic locking is by default set to "on" by Samba on all
|
||||||
|
configured shares, so careful attention should be given to each case to
|
||||||
|
determine if the potential benefit is worth the potential for delays.
|
||||||
|
The following recommendations will help to characterize the environment
|
||||||
|
where opportunistic locking may be effectively configured.
|
||||||
|
</p><p>
|
||||||
|
Windows Opportunistic Locking is a lightweight performance-enhancing
|
||||||
|
feature. It is not a robust and reliable protocol. Every
|
||||||
|
implementation of Opportunistic Locking should be evaluated as a
|
||||||
|
tradeoff between perceived performance and reliability. Reliability
|
||||||
|
decreases as each successive rule above is not enforced. Consider a
|
||||||
|
share with oplocks enabled, over a wide area network, to a client on a
|
||||||
|
South Pacific atoll, on a high-availability server, serving a
|
||||||
|
mission-critical multi-user corporate database, during a tropical
|
||||||
|
storm. This configuration will likely encounter problems with oplocks.
|
||||||
|
</p><p>
|
||||||
|
Oplocks can be beneficial to perceived client performance when treated
|
||||||
|
as a configuration toggle for client-side data caching. If the data
|
||||||
|
caching is likely to be interrupted, then oplock usage should be
|
||||||
|
reviewed. Samba enables opportunistic locking by default on all
|
||||||
|
shares. Careful attention should be given to the client usage of
|
||||||
|
shared data on the server, the server network reliability, and the
|
||||||
|
opportunistic locking configuration of each share.
|
||||||
|
n mission critical high availability environments, data integrity is
|
||||||
|
often a priority. Complex and expensive configurations are implemented
|
||||||
|
to ensure that if a client loses connectivity with a file server, a
|
||||||
|
failover replacement will be available immediately to provide
|
||||||
|
continuous data availability.
|
||||||
|
</p><p>
|
||||||
|
Windows client failover behavior is more at risk of application
|
||||||
|
interruption than other platforms because it is dependant upon an
|
||||||
|
established TCP transport connection. If the connection is interrupted
|
||||||
|
- as in a file server failover - a new session must be established.
|
||||||
|
It is rare for Windows client applications to be coded to recover
|
||||||
|
correctly from a transport connection loss, therefore most applications
|
||||||
|
will experience some sort of interruption - at worst, abort and
|
||||||
|
require restarting.
|
||||||
|
</p><p>
|
||||||
|
If a client session has been caching writes and reads locally due to
|
||||||
|
opportunistic locking, it is likely that the data will be lost when the
|
||||||
|
application restarts, or recovers from the TCP interrupt. When the TCP
|
||||||
|
connection drops, the client state is lost. When the file server
|
||||||
|
recovers, an oplock break is not sent to the client. In this case, the
|
||||||
|
work from the prior session is lost. Observing this scenario with
|
||||||
|
oplocks disabled, and the client was writing data to the file server
|
||||||
|
real-time, then the failover will provide the data on disk as it
|
||||||
|
existed at the time of the disconnect.
|
||||||
|
</p><p>
|
||||||
|
In mission critical high availability environments, careful attention
|
||||||
|
should be given to opportunistic locking. Ideally, comprehensive
|
||||||
|
testing should be done with all affected applications with oplocks
|
||||||
|
enabled and disabled.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928695"></a>Exclusively Accessed Shares</h4></div></div><div></div></div><p>
|
||||||
|
Opportunistic locking is most effective when it is confined to shares
|
||||||
|
that are exclusively accessed by a single user, or by only one user at
|
||||||
|
a time. Because the true value of opportunistic locking is the local
|
||||||
|
client caching of data, any operation that interrupts the caching
|
||||||
|
mechanism will cause a delay.
|
||||||
|
</p><p>
|
||||||
|
Home directories are the most obvious examples of where the performance
|
||||||
|
benefit of opportunistic locking can be safely realized.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928719"></a>Multiple-Accessed Shares or Files</h4></div></div><div></div></div><p>
|
||||||
|
As each additional user accesses a file in a share with opportunistic
|
||||||
|
locking enabled, the potential for delays and resulting perceived poor
|
||||||
|
performance increases. When multiple users are accessing a file on a
|
||||||
|
share that has oplocks enabled, the management impact of sending and
|
||||||
|
receiving oplock breaks, and the resulting latency while other clients
|
||||||
|
wait for the caching client to flush data, offset the performance gains
|
||||||
|
of the caching user.
|
||||||
|
</p><p>
|
||||||
|
As each additional client attempts to access a file with oplocks set,
|
||||||
|
the potential performance improvement is negated and eventually results
|
||||||
|
in a performance bottleneck.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928748"></a>Unix or NFS Client Accessed Files</h4></div></div><div></div></div><p>
|
||||||
|
Local Unix and NFS clients access files without a mandatory
|
||||||
|
file locking mechanism. Thus, these client platforms are incapable of
|
||||||
|
initiating an oplock break request from the server to a Windows client
|
||||||
|
that has a file cached. Local Unix or NFS file access can therefore
|
||||||
|
write to a file that has been cached by a Windows client, which
|
||||||
|
exposes the file to likely data corruption.
|
||||||
|
</p><p>
|
||||||
|
If files are shared between Windows clients, and either local Unix
|
||||||
|
or NFS users, then turn opportunistic locking off.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928775"></a>Slow and/or Unreliable Networks</h4></div></div><div></div></div><p>
|
||||||
|
The biggest potential performance improvement for opportunistic locking
|
||||||
|
occurs when the client-side caching of reads and writes delivers the
|
||||||
|
most differential over sending those reads and writes over the wire.
|
||||||
|
This is most likely to occur when the network is extremely slow,
|
||||||
|
congested, or distributed (as in a WAN). However, network latency also
|
||||||
|
has a very high impact on the reliability of the oplock break
|
||||||
|
mechanism, and thus increases the likelihood of encountering oplock
|
||||||
|
problems that more than offset the potential perceived performance
|
||||||
|
gain. Of course, if an oplock break never has to be sent, then this is
|
||||||
|
the most advantageous scenario to utilize opportunistic locking.
|
||||||
|
</p><p>
|
||||||
|
If the network is slow, unreliable, or a WAN, then do not configure
|
||||||
|
opportunistic locking if there is any chance of multiple users
|
||||||
|
regularly opening the same file.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928808"></a>Multi-User Databases</h4></div></div><div></div></div><p>
|
||||||
|
Multi-user databases clearly pose a risk due to their very nature -
|
||||||
|
they are typically heavily accessed by numerous users at random
|
||||||
|
intervals. Placing a multi-user database on a share with opportunistic
|
||||||
|
locking enabled will likely result in a locking management bottleneck
|
||||||
|
on the Samba server. Whether the database application is developed
|
||||||
|
in-house or a commercially available product, ensure that the share
|
||||||
|
has opportunistic locking disabled.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928829"></a>PDM Data Shares</h4></div></div><div></div></div><p>
|
||||||
|
Process Data Management (PDM) applications such as IMAN, Enovia, and
|
||||||
|
Clearcase, are increasing in usage with Windows client platforms, and
|
||||||
|
therefore SMB data stores. PDM applications manage multi-user
|
||||||
|
environments for critical data security and access. The typical PDM
|
||||||
|
environment is usually associated with sophisticated client design
|
||||||
|
applications that will load data locally as demanded. In addition, the
|
||||||
|
PDM application will usually monitor the data-state of each client.
|
||||||
|
In this case, client-side data caching is best left to the local
|
||||||
|
application and PDM server to negotiate and maintain. It is
|
||||||
|
appropriate to eliminate the client OS from any caching tasks, and the
|
||||||
|
server from any oplock management, by disabling opportunistic locking on
|
||||||
|
the share.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928870"></a>Beware of Force User</h4></div></div><div></div></div><p>
|
||||||
|
Samba includes an <tt class="filename">smb.conf</tt> parameter called <i class="parameter"><tt>force user</tt></i> that changes
|
||||||
|
the user accessing a share from the incoming user to whatever user is
|
||||||
|
defined by the smb.conf variable. If opportunistic locking is enabled
|
||||||
|
on a share, the change in user access causes an oplock break to be sent
|
||||||
|
to the client, even if the user has not explicitly loaded a file. In
|
||||||
|
cases where the network is slow or unreliable, an oplock break can
|
||||||
|
become lost without the user even accessing a file. This can cause
|
||||||
|
apparent performance degradation as the client continually reconnects
|
||||||
|
to overcome the lost oplock break.
|
||||||
|
</p><p>
|
||||||
|
Avoid the combination of the following:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
<i class="parameter"><tt>force user</tt></i> in the <tt class="filename">smb.conf</tt> share configuration.
|
||||||
|
</p></li><li><p>
|
||||||
|
Slow or unreliable networks
|
||||||
|
</p></li><li><p>
|
||||||
|
Opportunistic Locking Enabled
|
||||||
|
</p></li></ul></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928948"></a>Advanced Samba Opportunistic Locking Parameters</h4></div></div><div></div></div><p>
|
||||||
|
Samba provides opportunistic locking parameters that allow the
|
||||||
|
administrator to adjust various properties of the oplock mechanism to
|
||||||
|
account for timing and usage levels. These parameters provide good
|
||||||
|
versatility for implementing oplocks in environments where they would
|
||||||
|
likely cause problems. The parameters are:
|
||||||
|
<i class="parameter"><tt>oplock break wait time</tt></i>,
|
||||||
|
<i class="parameter"><tt>oplock contention limit</tt></i>.
|
||||||
|
</p><p>
|
||||||
|
For most users, administrators, and environments, if these parameters
|
||||||
|
are required, then the better option is to simply turn oplocks off.
|
||||||
|
The samba SWAT help text for both parameters reads "DO NOT CHANGE THIS
|
||||||
|
PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE."
|
||||||
|
This is good advice.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2928991"></a>Mission Critical High Availability</h4></div></div><div></div></div><p>
|
||||||
|
In mission critical high availability environments, data integrity is
|
||||||
|
often a priority. Complex and expensive configurations are implemented
|
||||||
|
to ensure that if a client loses connectivity with a file server, a
|
||||||
|
failover replacement will be available immediately to provide
|
||||||
|
continuous data availability.
|
||||||
|
</p><p>
|
||||||
|
Windows client failover behavior is more at risk of application
|
||||||
|
interruption than other platforms because it is dependant upon an
|
||||||
|
established TCP transport connection. If the connection is interrupted
|
||||||
|
- as in a file server failover - a new session must be established.
|
||||||
|
It is rare for Windows client applications to be coded to recover
|
||||||
|
correctly from a transport connection loss, therefore most applications
|
||||||
|
will experience some sort of interruption - at worst, abort and
|
||||||
|
require restarting.
|
||||||
|
</p><p>
|
||||||
|
If a client session has been caching writes and reads locally due to
|
||||||
|
opportunistic locking, it is likely that the data will be lost when the
|
||||||
|
application restarts, or recovers from the TCP interrupt. When the TCP
|
||||||
|
connection drops, the client state is lost. When the file server
|
||||||
|
recovers, an oplock break is not sent to the client. In this case, the
|
||||||
|
work from the prior session is lost. Observing this scenario with
|
||||||
|
oplocks disabled, and the client was writing data to the file server
|
||||||
|
real-time, then the failover will provide the data on disk as it
|
||||||
|
existed at the time of the disconnect.
|
||||||
|
</p><p>
|
||||||
|
In mission critical high availability environments, careful attention
|
||||||
|
should be given to opportunistic locking. Ideally, comprehensive
|
||||||
|
testing should be done with all affected applications with oplocks
|
||||||
|
enabled and disabled.
|
||||||
|
</p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2929049"></a>Samba Opportunistic Locking Control</h2></div></div><div></div></div><p>
|
||||||
|
Opportunistic Locking is a unique Windows file locking feature. It is
|
||||||
|
not really file locking, but is included in most discussions of Windows
|
||||||
|
file locking, so is considered a defacto locking feature.
|
||||||
|
Opportunistic Locking is actually part of the Windows client file
|
||||||
|
caching mechanism. It is not a particularly robust or reliable feature
|
||||||
|
when implemented on the variety of customized networks that exist in
|
||||||
|
enterprise computing.
|
||||||
|
</p><p>
|
||||||
|
Like Windows, Samba implements Opportunistic Locking as a server-side
|
||||||
|
component of the client caching mechanism. Because of the lightweight
|
||||||
|
nature of the Windows feature design, effective configuration of
|
||||||
|
Opportunistic Locking requires a good understanding of its limitations,
|
||||||
|
and then applying that understanding when configuring data access for
|
||||||
|
each particular customized network and client usage state.
|
||||||
|
</p><p>
|
||||||
|
Opportunistic locking essentially means that the client is allowed to download and cache
|
||||||
|
a file on their hard drive while making changes; if a second client wants to access the
|
||||||
|
file, the first client receives a break and must synchronise the file back to the server.
|
||||||
|
This can give significant performance gains in some cases; some programs insist on
|
||||||
|
synchronising the contents of the entire file back to the server for a single change.
|
||||||
|
</p><p>
|
||||||
|
Level1 Oplocks (aka just plain "oplocks") is another term for opportunistic locking.
|
||||||
|
</p><p>
|
||||||
|
Level2 Oplocks provides opportunistic locking for a file that will be treated as
|
||||||
|
<span class="emphasis"><em>read only</em></span>. Typically this is used on files that are read-only or
|
||||||
|
on files that the client has no initial intention to write to at time of opening the file.
|
||||||
|
</p><p>
|
||||||
|
Kernel Oplocks are essentially a method that allows the Linux kernel to co-exist with
|
||||||
|
Samba's oplocked files, although this has provided better integration of MS Windows network
|
||||||
|
file locking with the under lying OS, SGI IRIX and Linux are the only two OS's that are
|
||||||
|
oplock aware at this time.
|
||||||
|
</p><p>
|
||||||
|
Unless your system supports kernel oplocks, you should disable oplocks if you are
|
||||||
|
accessing the same files from both Unix/Linux and SMB clients. Regardless, oplocks should
|
||||||
|
always be disabled if you are sharing a database file (e.g., Microsoft Access) between
|
||||||
|
multiple clients, as any break the first client receives will affect synchronisation of
|
||||||
|
the entire file (not just the single record), which will result in a noticeable performance
|
||||||
|
impairment and, more likely, problems accessing the database in the first place. Notably,
|
||||||
|
Microsoft Outlook's personal folders (*.pst) react very badly to oplocks. If in doubt,
|
||||||
|
disable oplocks and tune your system from that point.
|
||||||
|
</p><p>
|
||||||
|
If client-side caching is desirable and reliable on your network, you will benefit from
|
||||||
|
turning on oplocks. If your network is slow and/or unreliable, or you are sharing your
|
||||||
|
files among other file sharing mechanisms (e.g., NFS) or across a WAN, or multiple people
|
||||||
|
will be accessing the same files frequently, you probably will not benefit from the overhead
|
||||||
|
of your client sending oplock breaks and will instead want to disable oplocks for the share.
|
||||||
|
</p><p>
|
||||||
|
Another factor to consider is the perceived performance of file access. If oplocks provide no
|
||||||
|
measurable speed benefit on your network, it might not be worth the hassle of dealing with them.
|
||||||
|
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2929159"></a>Example Configuration</h3></div></div><div></div></div><p>
|
||||||
|
In the following we examine two distinct aspects of Samba locking controls.
|
||||||
|
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2929172"></a>Disabling Oplocks</h4></div></div><div></div></div><p>
|
||||||
|
You can disable oplocks on a per-share basis with the following:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
[acctdata]
|
||||||
|
oplocks = False
|
||||||
|
level2 oplocks = False
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
The default oplock type is Level1. Level2 Oplocks are enabled on a per-share basis
|
||||||
|
in the <tt class="filename">smb.conf</tt> file.
|
||||||
|
</p><p>
|
||||||
|
Alternately, you could disable oplocks on a per-file basis within the share:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
If you are experiencing problems with oplocks as apparent from Samba's log entries,
|
||||||
|
you may want to play it safe and disable oplocks and level2 oplocks.
|
||||||
|
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2929235"></a>Disabling Kernel OpLocks</h4></div></div><div></div></div><p>
|
||||||
|
Kernel OpLocks is an <tt class="filename">smb.conf</tt> parameter that notifies Samba (if
|
||||||
|
the UNIX kernel has the capability to send a Windows client an oplock
|
||||||
|
break) when a UNIX process is attempting to open the file that is
|
||||||
|
cached. This parameter addresses sharing files between UNIX and
|
||||||
|
Windows with Oplocks enabled on the Samba server: the UNIX process
|
||||||
|
can open the file that is Oplocked (cached) by the Windows client and
|
||||||
|
the smbd process will not send an oplock break, which exposes the file
|
||||||
|
to the risk of data corruption. If the UNIX kernel has the ability to
|
||||||
|
send an oplock break, then the kernel oplocks parameter enables Samba
|
||||||
|
to send the oplock break. Kernel oplocks are enabled on a per-server
|
||||||
|
basis in the <tt class="filename">smb.conf</tt> file.
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
[global]
|
||||||
|
kernel oplocks = yes
|
||||||
|
</pre><p>
|
||||||
|
The default is "no".
|
||||||
|
</p><p>
|
||||||
|
Veto OpLocks is an <tt class="filename">smb.conf</tt> parameter that identifies specific files for
|
||||||
|
which Oplocks are disabled. When a Windows client opens a file that
|
||||||
|
has been configured for veto oplocks, the client will not be granted
|
||||||
|
the oplock, and all operations will be executed on the original file on
|
||||||
|
disk instead of a client-cached file copy. By explicitly identifying
|
||||||
|
files that are shared with UNIX processes, and disabling oplocks for
|
||||||
|
those files, the server-wide Oplock configuration can be enabled to
|
||||||
|
allow Windows clients to utilize the performance benefit of file
|
||||||
|
caching without the risk of data corruption. Veto Oplocks can be
|
||||||
|
enabled on a per-share basis, or globally for the entire server, in the
|
||||||
|
<tt class="filename">smb.conf</tt> file:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting"><font color="red"><title>Example Veto OpLock Settings</title></font>
|
||||||
|
[global]
|
||||||
|
veto oplock files = /filename.htm/*.txt/
|
||||||
|
|
||||||
|
[share_name]
|
||||||
|
veto oplock files = /*.exe/filename.ext/
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
<span class="emphasis"><em>Oplock break wait time</em></span> is an <tt class="filename">smb.conf</tt> parameter that adjusts the time
|
||||||
|
interval for Samba to reply to an oplock break request. Samba
|
||||||
|
recommends "DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND
|
||||||
|
UNDERSTOOD THE SAMBA OPLOCK CODE." Oplock Break Wait Time can only be
|
||||||
|
configured globally in the <tt class="filename">smb.conf</tt> file:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
[global]
|
||||||
|
oplock break wait time = 0 (default)
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
<span class="emphasis"><em>Oplock break contention limit</em></span> is an <tt class="filename">smb.conf</tt> parameter that limits the
|
||||||
|
response of the Samba server to grant an oplock if the configured
|
||||||
|
number of contending clients reaches the limit specified by the
|
||||||
|
parameter. Samba recommends "DO NOT CHANGE THIS PARAMETER UNLESS YOU
|
||||||
|
HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE." Oplock Break
|
||||||
|
Contention Limit can be enable on a per-share basis, or globally for
|
||||||
|
the entire server, in the <tt class="filename">smb.conf</tt> file:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
[global]
|
||||||
|
oplock break contention limit = 2 (default)
|
||||||
|
|
||||||
|
[share_name]
|
||||||
|
oplock break contention limit = 2 (default)
|
||||||
|
</pre><p>
|
||||||
|
</p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2929419"></a>MS Windows Opportunistic Locking and Caching Controls</h2></div></div><div></div></div><p>
|
||||||
|
There is a known issue when running applications (like Norton Anti-Virus) on a Windows 2000/ XP
|
||||||
|
workstation computer that can affect any application attempting to access shared database files
|
||||||
|
across a network. This is a result of a default setting configured in the Windows 2000/XP
|
||||||
|
operating system known as <span class="emphasis"><em>Opportunistic Locking</em></span>. When a workstation
|
||||||
|
attempts to access shared data files located on another Windows 2000/XP computer,
|
||||||
|
the Windows 2000/XP operating system will attempt to increase performance by locking the
|
||||||
|
files and caching information locally. When this occurs, the application is unable to
|
||||||
|
properly function, which results in an <span class="errorname">Access Denied</span>
|
||||||
|
error message being displayed during network operations.
|
||||||
|
</p><p>
|
||||||
|
All Windows operating systems in the NT family that act as database servers for data files
|
||||||
|
(meaning that data files are stored there and accessed by other Windows PCs) may need to
|
||||||
|
have opportunistic locking disabled in order to minimize the risk of data file corruption.
|
||||||
|
This includes Windows 9x/Me, Windows NT, Windows 200x and Windows XP.
|
||||||
|
</p><p>
|
||||||
|
If you are using a Windows NT family workstation in place of a server, you must also
|
||||||
|
disable opportunistic locking (oplocks) on that workstation. For example, if you use a
|
||||||
|
PC with the Windows NT Workstation operating system instead of Windows NT Server, and you
|
||||||
|
have data files located on it that are accessed from other Windows PCs, you may need to
|
||||||
|
disable oplocks on that system.
|
||||||
|
</p><p>
|
||||||
|
The major difference is the location in the Windows registry where the values for disabling
|
||||||
|
oplocks are entered. Instead of the LanManServer location, the LanManWorkstation location
|
||||||
|
may be used.
|
||||||
|
</p><p>
|
||||||
|
You can verify (or change or add, if necessary) this Registry value using the Windows
|
||||||
|
Registry Editor. When you change this registry value, you will have to reboot the PC
|
||||||
|
to ensure that the new setting goes into effect.
|
||||||
|
</p><p>
|
||||||
|
The location of the client registry entry for opportunistic locking has changed in
|
||||||
|
Windows 2000 from the earlier location in Microsoft Windows NT.
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
Windows 2000 will still respect the EnableOplocks registry value used to disable oplocks
|
||||||
|
in earlier versions of Windows.
|
||||||
|
</p></div><p>
|
||||||
|
You can also deny the granting of opportunistic locks by changing the following registry entries:
|
||||||
|
</p><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
HKEY_LOCAL_MACHINE\System\
|
||||||
|
CurrentControlSet\Services\MRXSmb\Parameters\
|
||||||
|
|
||||||
|
OplocksDisabled REG_DWORD 0 or 1
|
||||||
|
Default: 0 (not disabled)
|
||||||
|
</pre><p>
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
The OplocksDisabled registry value configures Windows clients to either request or not
|
||||||
|
request opportunistic locks on a remote file. To disable oplocks, the value of
|
||||||
|
OplocksDisabled must be set to 1.
|
||||||
|
</p></div><p>
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
HKEY_LOCAL_MACHINE\System\
|
||||||
|
CurrentControlSet\Services\LanmanServer\Parameters
|
||||||
|
|
||||||
|
EnableOplocks REG_DWORD 0 or 1
|
||||||
|
Default: 1 (Enabled by Default)
|
||||||
|
|
||||||
|
EnableOpLockForceClose REG_DWORD 0 or 1
|
||||||
|
Default: 0 (Disabled by Default)
|
||||||
|
</pre><p>
|
||||||
|
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
|
||||||
|
The EnableOplocks value configures Windows-based servers (including Workstations sharing
|
||||||
|
files) to allow or deny opportunistic locks on local files.
|
||||||
|
</p></div><p>
|
||||||
|
To force closure of open oplocks on close or program exit EnableOpLockForceClose must be set to 1.
|
||||||
|
</p><p>
|
||||||
|
An illustration of how level II oplocks work:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
Station 1 opens the file, requesting oplock.
|
||||||
|
</p></li><li><p>
|
||||||
|
Since no other station has the file open, the server grants station 1 exclusive oplock.
|
||||||
|
</p></li><li><p>
|
||||||
|
Station 2 opens the file, requesting oplock.
|
||||||
|
</p></li><li><p>
|
||||||
|
Since station 1 has not yet written to the file, the server asks station 1 to Break
|
||||||
|
to Level II Oplock.
|
||||||
|
</p></li><li><p>
|
||||||
|
Station 1 complies by flushing locally buffered lock information to the server.
|
||||||
|
</p></li><li><p>
|
||||||
|
Station 1 informs the server that it has Broken to Level II Oplock (alternatively,
|
||||||
|
station 1 could have closed the file).
|
||||||
|
</p></li><li><p>
|
||||||
|
The server responds to station 2's open request, granting it level II oplock.
|
||||||
|
Other stations can likewise open the file and obtain level II oplock.
|
||||||
|
</p></li><li><p>
|
||||||
|
Station 2 (or any station that has the file open) sends a write request SMB.
|
||||||
|
The server returns the write response.
|
||||||
|
</p></li><li><p>
|
||||||
|
The server asks all stations that have the file open to Break to None, meaning no
|
||||||
|
station holds any oplock on the file. Because the workstations can have no cached
|
||||||
|
writes or locks at this point, they need not respond to the break-to-none advisory;
|
||||||
|
all they need do is invalidate locally cashed read-ahead data.
|
||||||
|
</p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2929649"></a>Workstation Service Entries</h3></div></div><div></div></div><pre class="programlisting">
|
||||||
|
\HKEY_LOCAL_MACHINE\System\
|
||||||
|
CurrentControlSet\Services\LanmanWorkstation\Parameters
|
||||||
|
|
||||||
|
UseOpportunisticLocking REG_DWORD 0 or 1
|
||||||
|
Default: 1 (true)
|
||||||
|
</pre><p>
|
||||||
|
Indicates whether the redirector should use opportunistic-locking (oplock) performance
|
||||||
|
enhancement. This parameter should be disabled only to isolate problems.
|
||||||
|
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2929676"></a>Server Service Entries</h3></div></div><div></div></div><pre class="programlisting">
|
||||||
|
\HKEY_LOCAL_MACHINE\System\
|
||||||
|
CurrentControlSet\Services\LanmanServer\Parameters
|
||||||
|
|
||||||
|
EnableOplocks REG_DWORD 0 or 1
|
||||||
|
Default: 1 (true)
|
||||||
|
</pre><p>
|
||||||
|
Specifies whether the server allows clients to use oplocks on files. Oplocks are a
|
||||||
|
significant performance enhancement, but have the potential to cause lost cached
|
||||||
|
data on some networks, particularly wide-area networks.
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
MinLinkThroughput REG_DWORD 0 to infinite bytes per second
|
||||||
|
Default: 0
|
||||||
|
</pre><p>
|
||||||
|
Specifies the minimum link throughput allowed by the server before it disables
|
||||||
|
raw and opportunistic locks for this connection.
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
MaxLinkDelay REG_DWORD 0 to 100,000 seconds
|
||||||
|
Default: 60
|
||||||
|
</pre><p>
|
||||||
|
Specifies the maximum time allowed for a link delay. If delays exceed this number,
|
||||||
|
the server disables raw I/O and opportunistic locking for this connection.
|
||||||
|
</p><pre class="programlisting">
|
||||||
|
OplockBreakWait REG_DWORD 10 to 180 seconds
|
||||||
|
Default: 35
|
||||||
|
</pre><p>
|
||||||
|
Specifies the time that the server waits for a client to respond to an oplock break
|
||||||
|
request. Smaller values can allow detection of crashed clients more quickly but can
|
||||||
|
potentially cause loss of cached data.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2929755"></a>Persistent Data Corruption</h2></div></div><div></div></div><p>
|
||||||
|
If you have applied all of the settings discussed in this paper but data corruption problems
|
||||||
|
and other symptoms persist, here are some additional things to check out:
|
||||||
|
</p><p>
|
||||||
|
We have credible reports from developers that faulty network hardware, such as a single
|
||||||
|
faulty network card, can cause symptoms similar to read caching and data corruption.
|
||||||
|
If you see persistent data corruption even after repeated reindexing, you may have to
|
||||||
|
rebuild the data files in question. This involves creating a new data file with the
|
||||||
|
same definition as the file to be rebuilt and transferring the data from the old file
|
||||||
|
to the new one. There are several known methods for doing this that can be found in
|
||||||
|
our Knowledge Base.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2929785"></a>Common Errors</h2></div></div><div></div></div><p>
|
||||||
|
In some sites locking problems surface as soon as a server is installed, in other sites
|
||||||
|
locking problems may not surface for a long time. Almost without exception, when a locking
|
||||||
|
problem does surface it will cause embarrassment and potential data corruption.
|
||||||
|
</p><p>
|
||||||
|
Over the past few years there have been a number of complaints on the samba mailing lists
|
||||||
|
that have claimed that samba caused data corruption. Three causes have been identified
|
||||||
|
so far:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
Incorrect configuration of opportunistic locking (incompatible with the application
|
||||||
|
being used. This is a VERY common problem even where MS Windows NT4 or MS Windows 200x
|
||||||
|
based servers were in use. It is imperative that the software application vendors'
|
||||||
|
instructions for configuration of file locking should be followed. If in doubt,
|
||||||
|
disable oplocks on both the server and the client. Disabling of all forms of file
|
||||||
|
caching on the MS Windows client may be necessary also.
|
||||||
|
</p></li><li><p>
|
||||||
|
Defective network cards, cables, or HUBs / Switched. This is generally a more
|
||||||
|
prevalent factor with low cost networking hardware, though occasionally there
|
||||||
|
have been problems with incompatibilities in more up market hardware also.
|
||||||
|
</p></li><li><p>
|
||||||
|
There have been some random reports of samba log files being written over data
|
||||||
|
files. This has been reported by very few sites (about 5 in the past 3 years)
|
||||||
|
and all attempts to reproduce the problem have failed. The Samba-Team has been
|
||||||
|
unable to catch this happening and thus has NOT been able to isolate any particular
|
||||||
|
cause. Considering the millions of systems that use samba, for the sites that have
|
||||||
|
been affected by this as well as for the Samba-Team this is a frustrating and
|
||||||
|
a vexing challenge. If you see this type of thing happening please create a bug
|
||||||
|
report on https://bugzilla.samba.org without delay. Make sure that you give as much
|
||||||
|
information as you possibly can to help isolate the cause and to allow reproduction
|
||||||
|
of the problem (an essential step in problem isolation and correction).
|
||||||
|
</p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2929859"></a>locking.tdb error messages</h3></div></div><div></div></div><p>
|
||||||
|
</p><pre class="screen">
|
||||||
|
> We are seeing lots of errors in the samba logs like:
|
||||||
|
>
|
||||||
|
> tdb(/usr/local/samba_2.2.7/var/locks/locking.tdb): rec_read bad magic
|
||||||
|
> 0x4d6f4b61 at offset=36116
|
||||||
|
>
|
||||||
|
> What do these mean?
|
||||||
|
</pre><p>
|
||||||
|
</p><p>
|
||||||
|
Corrupted tdb. Stop all instances of smbd, delete locking.tdb, restart smbd.
|
||||||
|
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2929890"></a>Additional Reading</h2></div></div><div></div></div><p>
|
||||||
|
You may want to check for an updated version of this white paper on our Web site from
|
||||||
|
time to time. Many of our white papers are updated as information changes. For those papers,
|
||||||
|
the Last Edited date is always at the top of the paper.
|
||||||
|
</p><p>
|
||||||
|
Section of the Microsoft MSDN Library on opportunistic locking:
|
||||||
|
</p><p>
|
||||||
|
Opportunistic Locks, Microsoft Developer Network (MSDN), Windows Development >
|
||||||
|
Windows Base Services > Files and I/O > SDK Documentation > File Storage > File Systems
|
||||||
|
> About File Systems > Opportunistic Locks, Microsoft Corporation.
|
||||||
|
<a href="http://msdn.microsoft.com/library/en-us/fileio/storage_5yk3.asp" target="_top">http://msdn.microsoft.com/library/en-us/fileio/storage_5yk3.asp</a>
|
||||||
|
</p><p>
|
||||||
|
Microsoft Knowledge Base Article Q224992 "Maintaining Transactional Integrity with OPLOCKS",
|
||||||
|
Microsoft Corporation, April 1999, <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q224992" target="_top">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q224992</a>.
|
||||||
|
</p><p>
|
||||||
|
Microsoft Knowledge Base Article Q296264 "Configuring Opportunistic Locking in Windows 2000",
|
||||||
|
Microsoft Corporation, April 2001, <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q296264" target="_top">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q296264</a>.
|
||||||
|
</p><p>
|
||||||
|
Microsoft Knowledge Base Article Q129202 "PC Ext: Explanation of Opportunistic Locking on Windows NT",
|
||||||
|
Microsoft Corporation, April 1995, <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q129202" target="_top">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q129202</a>.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="AccessControls.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="securing-samba.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 13. File, Directory and Share Access Controls </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 15. Securing Samba</td></tr></table></div></body></html>
|
1
docs/htmldocs/migration.html
Normal file
1
docs/htmldocs/migration.html
Normal file
@ -0,0 +1 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part IV. Migration and Updating</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="SambaHA.html" title="Chapter 29. High Availability Options"><link rel="next" href="upgrading-to-3.0.html" title="Chapter 30. Upgrading from Samba-2.x to Samba-3.0.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part IV. Migration and Updating</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="SambaHA.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="upgrading-to-3.0.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="migration"></a>Migration and Updating</h1></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt>30. <a href="upgrading-to-3.0.html">Upgrading from Samba-2.x to Samba-3.0.0</a></dt><dd><dl><dt><a href="upgrading-to-3.0.html#id3001684">Charsets</a></dt><dt><a href="upgrading-to-3.0.html#id3001709">Obsolete configuration options</a></dt><dt><a href="upgrading-to-3.0.html#id3003319">Password Backend</a></dt></dl></dd><dt>31. <a href="NT4Migration.html">Migration from NT4 PDC to Samba-3 PDC</a></dt><dd><dl><dt><a href="NT4Migration.html#id3001339">Planning and Getting Started</a></dt><dd><dl><dt><a href="NT4Migration.html#id3001368">Objectives</a></dt><dt><a href="NT4Migration.html#id3004043">Steps In Migration Process</a></dt></dl></dd><dt><a href="NT4Migration.html#id3004381">Migration Options</a></dt><dd><dl><dt><a href="NT4Migration.html#id3004462">Planning for Success</a></dt><dt><a href="NT4Migration.html#id3004704">Samba Implementation Choices</a></dt></dl></dd></dl></dd><dt>32. <a href="SWAT.html">SWAT - The Samba Web Administration Tool</a></dt><dd><dl><dt><a href="SWAT.html#id3003929">Features and Benefits</a></dt><dd><dl><dt><a href="SWAT.html#id3003963">Enabling SWAT for use</a></dt><dt><a href="SWAT.html#id3006322">Securing SWAT through SSL</a></dt><dt><a href="SWAT.html#id3006435">The SWAT Home Page</a></dt><dt><a href="SWAT.html#id3006499">Global Settings</a></dt><dt><a href="SWAT.html#id3006604">Share Settings</a></dt><dt><a href="SWAT.html#id3006669">Printers Settings</a></dt><dt><a href="SWAT.html#id3006733">The SWAT Wizard</a></dt><dt><a href="SWAT.html#id3006781">The Status Page</a></dt><dt><a href="SWAT.html#id3006833">The View Page</a></dt><dt><a href="SWAT.html#id3006856">The Password Change Page</a></dt></dl></dd></dl></dd></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="SambaHA.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="upgrading-to-3.0.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 29. High Availability Options </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 30. Upgrading from Samba-2.x to Samba-3.0.0</td></tr></table></div></body></html>
|
35
docs/htmldocs/tdbbackup.8.html
Normal file
35
docs/htmldocs/tdbbackup.8.html
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>tdbbackup</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="tdbbackup.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>tdbbackup — tool for backing up and for validating the integrity of samba .tdb files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">tdbbackup</tt> [-s suffix] [-v] [-h]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.1.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(1)</span></a> suite.</p><p><b class="command">tdbbackup</b> is a tool that may be used to backup samba .tdb
|
||||||
|
files. This tool may also be used to verify the integrity of the .tdb files prior
|
||||||
|
to samba startup, in which case, if it find file damage and it finds a prior backup
|
||||||
|
it will restore the backup file.
|
||||||
|
</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-h</span></dt><dd><p>
|
||||||
|
Get help information.
|
||||||
|
</p></dd><dt><span class="term">-s suffix</span></dt><dd><p>
|
||||||
|
The <b class="command">-s</b> option allows the adminisistrator to specify a file
|
||||||
|
backup extension. This way it is possible to keep a history of tdb backup
|
||||||
|
files by using a new suffix for each backup.
|
||||||
|
</p></dd><dt><span class="term">-v</span></dt><dd><p>
|
||||||
|
The <b class="command">-v</b> will check the database for damages (currupt data)
|
||||||
|
which if detected causes the backup to be restored.
|
||||||
|
</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMMANDS</h2><p><span class="emphasis"><em>GENERAL INFORMATION</em></span></p><p>
|
||||||
|
The <b class="command">tdbbackup</b> utility should be run as soon as samba has shut down.
|
||||||
|
Do NOT run this command on a live database. Typical usage for the command will be:
|
||||||
|
</p><p>tdbbackup [-s suffix] *.tdb</p><p>
|
||||||
|
Before restarting samba the following command may be run to validate .tdb files:
|
||||||
|
</p><p>tdbbackup -v [-s suffix] *.tdb</p><p>
|
||||||
|
Samba .tdb files are stored in various locations, be sure to run backup all
|
||||||
|
.tdb file on the system. Imporatant files includes:
|
||||||
|
</p><div class="itemizedlist"><ul type="disc"><li><p>
|
||||||
|
<b class="command">secrets.tdb</b> - usual location is in the /usr/local/samba/private
|
||||||
|
directory, or on some systems in /etc/samba.
|
||||||
|
</p></li><li><p>
|
||||||
|
<b class="command">passdb.tdb</b> - usual location is in the /usr/local/samba/private
|
||||||
|
directory, or on some systems in /etc/samba.
|
||||||
|
</p></li><li><p>
|
||||||
|
<b class="command">*.tdb</b> located in the /usr/local/samba/var directory or on some
|
||||||
|
systems in the /var/cache or /var/lib/samba directories.
|
||||||
|
</p></li></ul></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>
|
||||||
|
The original Samba software and related utilities were created by Andrew Tridgell.
|
||||||
|
Samba is now developed by the Samba Team as an Open Source project similar to the way
|
||||||
|
the Linux kernel is developed.
|
||||||
|
</p><p>The tdbbackup man page was written by John H Terpstra.</p></div></div></body></html>
|
1
docs/htmldocs/troubleshooting.html
Normal file
1
docs/htmldocs/troubleshooting.html
Normal file
@ -0,0 +1 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part V. Troubleshooting</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="SWAT.html" title="Chapter 32. SWAT - The Samba Web Administration Tool"><link rel="next" href="diagnosis.html" title="Chapter 33. The Samba checklist"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part V. Troubleshooting</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="SWAT.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="diagnosis.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="troubleshooting"></a>Troubleshooting</h1></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt>33. <a href="diagnosis.html">The Samba checklist</a></dt><dd><dl><dt><a href="diagnosis.html#id3006072">Introduction</a></dt><dt><a href="diagnosis.html#id3007931">Assumptions</a></dt><dt><a href="diagnosis.html#id3008108">The tests</a></dt><dt><a href="diagnosis.html#id3009283">Still having troubles?</a></dt></dl></dd><dt>34. <a href="problems.html">Analysing and solving samba problems</a></dt><dd><dl><dt><a href="problems.html#id3010907">Diagnostics tools</a></dt><dt><a href="problems.html#id3011048">Installing 'Network Monitor' on an NT Workstation or a Windows 9x box</a></dt><dt><a href="problems.html#id3011333">Useful URLs</a></dt><dt><a href="problems.html#id3011378">Getting help from the mailing lists</a></dt><dt><a href="problems.html#id3011530">How to get off the mailing lists</a></dt></dl></dd><dt>35. <a href="bugreport.html">Reporting Bugs</a></dt><dd><dl><dt><a href="bugreport.html#id3012269">Introduction</a></dt><dt><a href="bugreport.html#id3012491">General info</a></dt><dt><a href="bugreport.html#id3012528">Debug levels</a></dt><dt><a href="bugreport.html#id3012670">Internal errors</a></dt><dt><a href="bugreport.html#id3012778">Attaching to a running process</a></dt><dt><a href="bugreport.html#id3012825">Patches</a></dt></dl></dd></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="SWAT.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="diagnosis.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 32. SWAT - The Samba Web Administration Tool </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 33. The Samba checklist</td></tr></table></div></body></html>
|
19
docs/htmldocs/upgrading-to-3.0.html
Normal file
19
docs/htmldocs/upgrading-to-3.0.html
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 30. Upgrading from Samba-2.x to Samba-3.0.0</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="migration.html" title="Part IV. Migration and Updating"><link rel="previous" href="migration.html" title="Part IV. Migration and Updating"><link rel="next" href="NT4Migration.html" title="Chapter 31. Migration from NT4 PDC to Samba-3 PDC"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 30. Upgrading from Samba-2.x to Samba-3.0.0</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="migration.html">Prev</a> </td><th width="60%" align="center">Part IV. Migration and Updating</th><td width="20%" align="right"> <a accesskey="n" href="NT4Migration.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="upgrading-to-3.0"></a>Chapter 30. Upgrading from Samba-2.x to Samba-3.0.0</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">25 October 2002</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="upgrading-to-3.0.html#id3001684">Charsets</a></dt><dt><a href="upgrading-to-3.0.html#id3001709">Obsolete configuration options</a></dt><dt><a href="upgrading-to-3.0.html#id3003319">Password Backend</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3001684"></a>Charsets</h2></div></div><div></div></div><p>You might experience problems with special characters
|
||||||
|
when communicating with old DOS clients. Codepage
|
||||||
|
support has changed in samba 3.0. Read the chapter
|
||||||
|
<a href="unicode.html" title="Chapter 27. Unicode/Charsets">Unicode support</a> for details.
|
||||||
|
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3001709"></a>Obsolete configuration options</h2></div></div><div></div></div><p>
|
||||||
|
In 3.0, the following configuration options have been removed.
|
||||||
|
</p><table class="simplelist" border="0" summary="Simple list"><tr><td>printer driver (replaced by new driver procedures) </td></tr><tr><td>printer driver file (replaced by new driver procedures)</td></tr><tr><td>printer driver location (replaced by new driver procedures)</td></tr><tr><td>use rhosts</td></tr><tr><td>postscript</td></tr><tr><td>client code page (replaced by dos charset)</td></tr><tr><td>vfs path</td></tr><tr><td>vfs options</td></tr></table></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003319"></a>Password Backend</h2></div></div><div></div></div><p>
|
||||||
|
Effective with the release of samba-3 it is now imperative that the password backend
|
||||||
|
be correctly defined in smb.conf.
|
||||||
|
</p><p>
|
||||||
|
Those migrating from samba-2.x with plaintext password support need the following:
|
||||||
|
<span class="emphasis"><em>passdb backend = guest</em></span>.
|
||||||
|
</p><p>
|
||||||
|
Those migrating from samba-2.x with encrypted password support should add to smb.conf
|
||||||
|
<span class="emphasis"><em>passdb backend = smbpasswd, guest</em></span>.
|
||||||
|
</p><p>
|
||||||
|
LDAP using Samba-2.x systems can continue to operate with the following entry
|
||||||
|
<span class="emphasis"><em>passdb backend = ldapsam_compat, guest</em></span>.
|
||||||
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="migration.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="migration.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="NT4Migration.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part IV. Migration and Updating </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 31. Migration from NT4 PDC to Samba-3 PDC</td></tr></table></div></body></html>
|
221
docs/manpages/Samba.7
Normal file
221
docs/manpages/Samba.7
Normal file
@ -0,0 +1,221 @@
|
|||||||
|
.\"Generated by db2man.xsl. Don't modify this, modify the source.
|
||||||
|
.de Sh \" Subsection
|
||||||
|
.br
|
||||||
|
.if t .Sp
|
||||||
|
.ne 5
|
||||||
|
.PP
|
||||||
|
\fB\\$1\fR
|
||||||
|
.PP
|
||||||
|
..
|
||||||
|
.de Sp \" Vertical space (when we can't use .PP)
|
||||||
|
.if t .sp .5v
|
||||||
|
.if n .sp
|
||||||
|
..
|
||||||
|
.de Ip \" List item
|
||||||
|
.br
|
||||||
|
.ie \\n(.$>=3 .ne \\$3
|
||||||
|
.el .ne 3
|
||||||
|
.IP "\\$1" \\$2
|
||||||
|
..
|
||||||
|
.TH "SAMBA" 7 "" "" ""
|
||||||
|
.SH NAME
|
||||||
|
Samba \- A Windows SMB/CIFS fileserver for UNIX
|
||||||
|
.SH "SYNOPSIS"
|
||||||
|
|
||||||
|
.nf
|
||||||
|
\fBSamba\fR
|
||||||
|
.fi
|
||||||
|
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems\&. This protocol is sometimes also referred to as the Common Internet File System (CIFS)\&. For a more thorough description, see http://www\&.ubiqx\&.org/cifs/\&. Samba also implements the NetBIOS protocol in nmbd\&.
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbd\fR(8)
|
||||||
|
The \fBsmbd\fR daemon provides the file and print services to SMB clients, such as Windows 95/98, Windows NT, Windows for Workgroups or LanManager\&. The configuration file for this daemon is described in \fBsmb.conf\fR(5)
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBnmbd\fR(8)
|
||||||
|
The \fBnmbd\fR daemon provides NetBIOS nameservice and browsing support\&. The configuration file for this daemon is described in \fBsmb.conf\fR(5)
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbclient\fR(1)
|
||||||
|
The \fBsmbclient\fR program implements a simple ftp-like client\&. This is useful for accessing SMB shares on other compatible servers (such as Windows NT), and can also be used to allow a UNIX box to print to a printer attached to any SMB server (such as a PC running Windows NT)\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBtestparm\fR(1)
|
||||||
|
The \fBtestparm\fR utility is a simple syntax checker for Samba's \fBsmb.conf\fR(5) configuration file\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBtestprns\fR(1)
|
||||||
|
The \fBtestprns\fR utility supports testing printer names defined in your \fIprintcap\fR file used by Samba\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbstatus\fR(1)
|
||||||
|
The \fBsmbstatus\fR tool provides access to information about the current connections to \fBsmbd\fR\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBnmblookup\fR(1)
|
||||||
|
The \fBnmblookup\fR tools allows NetBIOS name queries to be made from a UNIX host\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbgroupedit\fR(8)
|
||||||
|
The \fBsmbgroupedit\fR tool allows for mapping unix groups to NT Builtin, Domain, or Local groups\&. Also it allows setting priviledges for that group, such as saAddUser, etc\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbpasswd\fR(8)
|
||||||
|
The \fBsmbpasswd\fR command is a tool for changing LanMan and Windows NT password hashes on Samba and Windows NT servers\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbcacls\fR(1)
|
||||||
|
The \fBsmbcacls\fR command is a tool to set ACL's on remote CIFS servers\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbsh\fR(1)
|
||||||
|
The \fBsmbsh\fR command is a program that allows you to run a unix shell with with an overloaded VFS\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbtree\fR(1)
|
||||||
|
The \fBsmbtree\fR command is a text-based network neighborhood tool\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbtar\fR(1)
|
||||||
|
The \fBsmbtar\fR can make backups of data on CIFS/SMB servers\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbspool\fR(8)
|
||||||
|
\fBsmbspool\fR is a helper utility for printing on printers connected to CIFS servers\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbcontrol\fR(1)
|
||||||
|
\fBsmbcontrol\fR is a utility that can change the behaviour of running samba daemons\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBrpcclient\fR(1)
|
||||||
|
\fBrpcclient\fR is a utility that can be used to execute RPC commands on remote CIFS servers\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBpdbedit\fR(8)
|
||||||
|
The \fBpdbedit\fR command can be used to maintain the local user database on a samba server\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBfindsmb\fR(1)
|
||||||
|
The \fBfindsmb\fR command can be used to find SMB servers on the local network\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBnet\fR(8)
|
||||||
|
The \fBnet\fR command is supposed to work similar to the DOS/Windows NET\&.EXE command\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBswat\fR(8)
|
||||||
|
\fBswat\fR is a web-based interface to configuring \fIsmb\&.conf\fR\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBwinbindd\fR(8)
|
||||||
|
\fBwinbindd\fR is a daemon that is used for integrating authentication and the user database into unix\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBwbinfo\fR(1)
|
||||||
|
\fBwbinfo\fR is a utility that retrieves and stores information related to winbind\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBeditreg\fR(1)
|
||||||
|
\fBeditreg\fR is a command-line utility that can edit windows registry files\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBprofiles\fR(1)
|
||||||
|
\fBprofiles\fR is a command-line utility that can be used to replace all occurences of a certain SID with another SID\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBvfstest\fR(1)
|
||||||
|
\fBvfstest\fR is a utility that can be used to test vfs modules\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBntlm_auth\fR(1)
|
||||||
|
\fBntlm_auth\fR is a helper-utility for external programs wanting to do NTLM-authentication\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbmount\fR(8), \fBsmbumount\fR(8), \fBsmbmount\fR(8)
|
||||||
|
\fBsmbmount\fR,\fBsmbmnt\fR and \fBsmbmnt\fR are commands that can be used to mount CIFS/SMB shares on Linux\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBsmbcquotas\fR(1)
|
||||||
|
\fBsmbcquotas\fR is a tool that can set remote QUOTA's on server with NTFS 5\&.
|
||||||
|
|
||||||
|
|
||||||
|
.SH "COMPONENTS"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The Samba suite is made up of several components\&. Each component is described in a separate manual page\&. It is strongly recommended that you read the documentation that comes with Samba and the manual pages of those components that you use\&. If the manual pages and documents aren't clear enough then please visithttp://devel\&.samba\&.org for information on how to file a bug report or submit a patch\&.
|
||||||
|
|
||||||
|
.PP
|
||||||
|
If you require help, visit the Samba webpage athttp://www\&.samba\&.org/ and explore the many option available to you\&.
|
||||||
|
|
||||||
|
.SH "AVAILABILITY"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The Samba software suite is licensed under the GNU Public License(GPL)\&. A copy of that license should have come with the package in the file COPYING\&. You are encouraged to distribute copies of the Samba suite, but please obey the terms of this license\&.
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The latest version of the Samba suite can be obtained via anonymous ftp from samba\&.org in the directory pub/samba/\&. It is also available on several mirror sites worldwide\&.
|
||||||
|
|
||||||
|
.PP
|
||||||
|
You may also find useful information about Samba on the newsgroup comp\&.protocol\&.smb and the Samba mailing list\&. Details on how to join the mailing list are given in the README file that comes with Samba\&.
|
||||||
|
|
||||||
|
.PP
|
||||||
|
If you have access to a WWW viewer (such as Mozilla or Konqueror) then you will also find lots of useful information, including back issues of the Samba mailing list, athttp://lists\&.samba\&.org\&.
|
||||||
|
|
||||||
|
.SH "VERSION"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
This man page is correct for version 3\&.0 of the Samba suite\&.
|
||||||
|
|
||||||
|
.SH "CONTRIBUTIONS"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
If you wish to contribute to the Samba project, then I suggest you join the Samba mailing list athttp://lists\&.samba\&.org\&.
|
||||||
|
|
||||||
|
.PP
|
||||||
|
If you have patches to submit, visithttp://devel\&.samba\&.org/ for information on how to do it properly\&. We prefer patches in \fBdiff -u\fR format\&.
|
||||||
|
|
||||||
|
.SH "CONTRIBUTORS"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users\&. To see a full list, look at the\fIchange-log\fR in the source package for the pre-CVS changes and at http://cvs\&.samba\&.org/ for the contributors to Samba post-CVS\&. CVS is the Open Source source code control system used by the Samba Team to develop Samba\&. The project would have been unmanageable without it\&.
|
||||||
|
|
||||||
|
.SH "AUTHOR"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
|
||||||
|
|
100
docs/manpages/tdbbackup.8
Normal file
100
docs/manpages/tdbbackup.8
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
.\"Generated by db2man.xsl. Don't modify this, modify the source.
|
||||||
|
.de Sh \" Subsection
|
||||||
|
.br
|
||||||
|
.if t .Sp
|
||||||
|
.ne 5
|
||||||
|
.PP
|
||||||
|
\fB\\$1\fR
|
||||||
|
.PP
|
||||||
|
..
|
||||||
|
.de Sp \" Vertical space (when we can't use .PP)
|
||||||
|
.if t .sp .5v
|
||||||
|
.if n .sp
|
||||||
|
..
|
||||||
|
.de Ip \" List item
|
||||||
|
.br
|
||||||
|
.ie \\n(.$>=3 .ne \\$3
|
||||||
|
.el .ne 3
|
||||||
|
.IP "\\$1" \\$2
|
||||||
|
..
|
||||||
|
.TH "TDBBACKUP" 8 "" "" ""
|
||||||
|
.SH NAME
|
||||||
|
tdbbackup \- tool for backing up and for validating the integrity of samba .tdb files
|
||||||
|
.SH "SYNOPSIS"
|
||||||
|
|
||||||
|
.nf
|
||||||
|
\fBtdbbackup\fR [-s suffix] [-v] [-h]
|
||||||
|
.fi
|
||||||
|
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
This tool is part of the \fBSamba\fR(1) suite\&.
|
||||||
|
|
||||||
|
.PP
|
||||||
|
\fBtdbbackup\fR is a tool that may be used to backup samba \&.tdb files\&. This tool may also be used to verify the integrity of the \&.tdb files prior to samba startup, in which case, if it find file damage and it finds a prior backup it will restore the backup file\&.
|
||||||
|
|
||||||
|
.SH "OPTIONS"
|
||||||
|
|
||||||
|
.TP
|
||||||
|
-h
|
||||||
|
Get help information\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
-s suffix
|
||||||
|
The \fB-s\fR option allows the adminisistrator to specify a file backup extension\&. This way it is possible to keep a history of tdb backup files by using a new suffix for each backup\&.
|
||||||
|
|
||||||
|
|
||||||
|
.TP
|
||||||
|
-v
|
||||||
|
The \fB-v\fR will check the database for damages (currupt data) which if detected causes the backup to be restored\&.
|
||||||
|
|
||||||
|
|
||||||
|
.SH "COMMANDS"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
\fBGENERAL INFORMATION\fR
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The \fBtdbbackup\fR utility should be run as soon as samba has shut down\&. Do NOT run this command on a live database\&. Typical usage for the command will be:
|
||||||
|
|
||||||
|
.PP
|
||||||
|
tdbbackup [-s suffix] *\&.tdb
|
||||||
|
|
||||||
|
.PP
|
||||||
|
Before restarting samba the following command may be run to validate \&.tdb files:
|
||||||
|
|
||||||
|
.PP
|
||||||
|
tdbbackup -v [-s suffix] *\&.tdb
|
||||||
|
|
||||||
|
.PP
|
||||||
|
Samba \&.tdb files are stored in various locations, be sure to run backup all \&.tdb file on the system\&. Imporatant files includes:
|
||||||
|
|
||||||
|
.TP 3
|
||||||
|
\(bu
|
||||||
|
\fBsecrets.tdb\fR - usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\(bu
|
||||||
|
\fBpassdb.tdb\fR - usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\(bu
|
||||||
|
\fB*.tdb\fR located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\&.
|
||||||
|
|
||||||
|
.LP
|
||||||
|
|
||||||
|
.SH "VERSION"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
This man page is correct for version 3\&.0 of the Samba suite\&.
|
||||||
|
|
||||||
|
.SH "AUTHOR"
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
|
||||||
|
|
||||||
|
.PP
|
||||||
|
The tdbbackup man page was written by John H Terpstra\&.
|
||||||
|
|
149
docs/textdocs/README.jis
Normal file
149
docs/textdocs/README.jis
Normal file
@ -0,0 +1,149 @@
|
|||||||
|
$B!|(B samba $BF|K\8lBP1~$K$D$$$F(B
|
||||||
|
|
||||||
|
1. $BL\E*(B
|
||||||
|
|
||||||
|
$BF|K\8lBP1~$O!"(B
|
||||||
|
|
||||||
|
(1) MS-Windows $B>e$G!"4A;z%U%!%$%kL>$r$I$&$7$F$b07$&I,MW$N$"$k%"%W%j%1!<%7%g%s$,$A$c(B
|
||||||
|
$B$s$HF0:n$9$k!#Nc$($P!"(BMS-WORD 5 $B$J$I$O!"%$%s%9%H!<%k;~$K4A;z$N%U%!%$%kL>$r>!<j(B
|
||||||
|
$B$K$D$1$F$7$^$$$^$9!#$3$&$$$C$?>l9g$K$A$c$s$HBP1~$G$-$k$h$&$K$9$k!#(B
|
||||||
|
|
||||||
|
(2) UNIX $B$O!":G6a$G$O$[$H$s$I$N$b$N$,(B 8 bits $B$N%U%!%$%kL>$r%5%]!<%H$7$F$$$^$9$,!"(B
|
||||||
|
$BCf$K$O!"$3$l$r%5%]!<%H$7$F$$$J$$$b$N$b$"$j$^$9!#$3$N$h$&$J>l9g$G$b!"(B(1)$B$NL\E*(B
|
||||||
|
$B$,K~B-$G$-$k$h$&$K$9$k!#(B
|
||||||
|
|
||||||
|
$B$rL\E*$H$7$F$$$^$9!#$=$N$?$a!"F|K\8lBP1~$O!"I,MW:G>.8B$7$+9T$J$C$F$*$j$^$;$s!#(B
|
||||||
|
|
||||||
|
$BF|K\8lBP1~$7$?(B samba $B$rMxMQ$9$k$?$a$K$O!"%3%s%Q%$%k$9$k;~$K!"I,$:!"(BKANJI $B$NDj5A$rDI(B
|
||||||
|
$B2C$7$F$/$@$5$$!#$3$N%*%W%7%g%s$r;XDj$7$F$$$J$$>l9g$O!"F|K\8l$N%U%!%$%kL>$r@5$7$/07(B
|
||||||
|
$B$&$3$H$O$G$-$^$;$s!#!J%3%s%Q%$%k$K$D$$$F$O!"2<5-(B 3. $B$r;2>H$7$F2<$5$$!K(B
|
||||||
|
|
||||||
|
2. $BMxMQJ}K!(B
|
||||||
|
|
||||||
|
(1) $BDI2C$7$?%Q%i%a!<%?(B
|
||||||
|
|
||||||
|
smb.conf $B%U%!%$%k$N(B global $B%;%/%7%g%s$K0J2<$N%Q%i%a!<%?$r@_Dj$G$-$k$h$&$K$7$^$7$?!#(B
|
||||||
|
|
||||||
|
[global]
|
||||||
|
....
|
||||||
|
coding system = <$B%3!<%I7O(B>
|
||||||
|
|
||||||
|
$B$3$3$G;XDj$5$l$?%3!<%I7O$,(B UNIX $B>e$N%U%!%$%k%7%9%F%`$N%U%!%$%kL>$N%3!<%I$K$J$j$^$9!#(B
|
||||||
|
$B@_Dj$G$-$k$b$N$O!"<!$N$h$&$K$J$C$F$$$^$9!#(B
|
||||||
|
|
||||||
|
sjis: SHIFT JIS (MS $B4A;z%3!<%I(B)
|
||||||
|
euc: EUC $B%3!<%I(B
|
||||||
|
hex: 7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$G$9!#Nc$($P!"(B
|
||||||
|
'$B%*%U%#%9(B' $B$H$$$&L>A0$O!"(B':83:49:83:74:83:42:83:58' $B$N$h$&$K!"(B':' $B$N8e$K#27e(B
|
||||||
|
$B$N(B16$B?J?t$rB3$1$k7A<0$K$J$j$^$9!#(B
|
||||||
|
$B$3$3$G!"(B':' $B$rB>$NJ8;z$KJQ99$7$?$$>l9g$O!"(Bhex $B$N8e$m$K$=$NJ8;z$r;XDj$7$^$9!#(B
|
||||||
|
$BNc$($P!"(B@$B$rJQ$o$j$K;H$$$?$$>l9g$O!"(B'hex@'$B$N$h$&$K;XDj$7$^$9!#(B
|
||||||
|
cap: 7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$H$$$&E@$G$O(B
|
||||||
|
hex$B$HF1MM$G$9$,!"(BCAP (The Columbia AppleTalk Package)$B$H8_49@-$r;}$DJQ49(B
|
||||||
|
$BJ}<0$H$J$C$F$$$^$9!#(Bhex$B$H$N0c$$$O(B0x80$B0J>e$N%3!<%I$N$_(B':80'$B$N$h$&$KJQ49(B
|
||||||
|
$B$5$l!"$=$NB>$O(BASCII$B%3!<%I$G8=$5$l$^$9!#(B
|
||||||
|
$BNc$($P!"(B'$B%*%U%#%9(B'$B$H$$$&L>A0$O!"(B':83I:83t:83B:83X'$B$H$J$j$^$9!#(B
|
||||||
|
|
||||||
|
JIS $B%3!<%I$K$D$$$F$O!"0J2<$NI=$r;2>H$7$F2<$5$$!#(B
|
||||||
|
$B(#(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(!(!(!(!(!($(B
|
||||||
|
$B(";XDj(B $B("4A;z3+;O("4A;z=*N;("%+%J3+;O("%+%J=*N;("1Q?t3+;O("Hw9M(B $B("(B
|
||||||
|
$B('(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(!(!(!(!(!()(B
|
||||||
|
$B("(Bjis7 $B("(B\E$B $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(Bjis 7$BC10LId9f(B $B("(B
|
||||||
|
$B("(Bjunet $B("(B\E$B $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(B7bits $B%3!<%I(B $B("(B
|
||||||
|
$B("(Bjis8 $B("(B\E$B $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(Bjis 8$BC10LId9f(B $B("(B
|
||||||
|
$B("(Bj7bb $B("(B\E$B $B("(B\E(B $B("(B0x0e $B("(B0x0f $B("(B\E(B $B("(B $B("(B
|
||||||
|
$B("(Bj7bj $B("(B\E$B $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(Bjis7$B$HF1$8(B $B("(B
|
||||||
|
$B("(Bj7bh $B("(B\E$B $B("(B\E(H $B("(B0x0e $B("(B0x0f $B("(B\E(H $B("(B $B("(B
|
||||||
|
$B("(Bj7@b $B("(B\E$@ $B("(B\E(B $B("(B0x0e $B("(B0x0f $B("(B\E(B $B("(B $B("(B
|
||||||
|
$B("(Bj7@j $B("(B\E$@ $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(B $B("(B
|
||||||
|
$B("(Bj7@h $B("(B\E$@ $B("(B\E(H $B("(B0x0e $B("(B0x0f $B("(B\E(H $B("(B $B("(B
|
||||||
|
$B("(Bj8bb $B("(B\E$B $B("(B\E(B $B("(B-- $B("(B-- $B("(B\E(B $B("(B $B("(B
|
||||||
|
$B("(Bj8bj $B("(B\E$B $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(Bjis8$B$HF1$8(B $B("(B
|
||||||
|
$B("(Bj8bh $B("(B\E$B $B("(B\E(H $B("(B-- $B("(B-- $B("(B\E(H $B("(B $B("(B
|
||||||
|
$B("(Bj8@b $B("(B\E@@ $B("(B\E(B $B("(B-- $B("(B-- $B("(B\E(B $B("(B $B("(B
|
||||||
|
$B("(Bj8@j $B("(B\E$@ $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(B $B("(B
|
||||||
|
$B("(Bj8@h $B("(B\E$@ $B("(B\E(H $B("(B-- $B("(B-- $B("(B\E(H $B("(B $B("(B
|
||||||
|
$B("(Bjubb $B("(B\E$B $B("(B\E(B $B("(B\E(I $B("(B\E(B $B("(B\E(B $B("(B $B("(B
|
||||||
|
$B("(Bjubj $B("(B\E$B $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(Bjunet$B$HF1$8(B $B("(B
|
||||||
|
$B("(Bjubh $B("(B\E$B $B("(B\E(H $B("(B\E(I $B("(B\E(H $B("(B\E(H $B("(B $B("(B
|
||||||
|
$B("(Bju@b $B("(B\E$@ $B("(B\E(B $B("(B\E(I $B("(B\E(B $B("(B\E(B $B("(B $B("(B
|
||||||
|
$B("(Bju@j $B("(B\E$@ $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(B $B("(B
|
||||||
|
$B("(Bju@h $B("(B\E$@ $B("(B\E(H $B("(B\E(I $B("(B\E(H $B("(B\E(H $B("(B $B("(B
|
||||||
|
$B(&(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(!(!(!(!(!(%(B
|
||||||
|
|
||||||
|
$B$$$:$l$N>l9g$b!"$9$G$KB8:_$7$F$$$kL>A0$KBP$7$F$O!"4A;z$N3+;O=*N;%7!<%1%s%9$O!"0J2<(B
|
||||||
|
$B$N$b$N$rG'<1$7$^$9!#(B
|
||||||
|
$B4A;z$N;O$^$j(B: \E$B $B$+(B \E$@
|
||||||
|
$B4A;z$N=*$j(B: \E(J $B$+(B \E(B $B$+(B \E(H
|
||||||
|
|
||||||
|
(2) smbclient $B$N%*%W%7%g%s(B
|
||||||
|
|
||||||
|
$B%/%i%$%"%s%H%W%m%0%i%`$G$b!"4A;z$d2>L>$r4^$s$@%U%!%$%k$r07$($k$h$&$K!"<!$N%*%W%7%g%s(B
|
||||||
|
$B$rDI2C$7$^$7$?!#(B
|
||||||
|
|
||||||
|
-t <$B%?!<%_%J%k%3!<%I7O(B>
|
||||||
|
|
||||||
|
$B$3$3$G!"(B<$B%?!<%_%J%k%3!<%I7O(B>$B$K;XDj$G$-$k$b$N$O!">e$N(B<$B%3!<%I7O(B>$B$HF1$8$b$N$G$9!#(B
|
||||||
|
|
||||||
|
(3) $B%G%U%)%k%H(B
|
||||||
|
|
||||||
|
$B%G%U%)%k%H$N%3!<%I7O$O!"%3%s%Q%$%k;~$K7h$^$j$^$9!#(B
|
||||||
|
|
||||||
|
3. $B%3%s%Q%$%k;~$N@_Dj(B
|
||||||
|
|
||||||
|
Makefile $B$K@_Dj$9$k9`L\$r0J2<$K<($7$^$9!#(B
|
||||||
|
|
||||||
|
(1) KANJI $B%U%i%0(B
|
||||||
|
|
||||||
|
$B%3%s%Q%$%k%*%W%7%g%s$K(B -DKANJI=\"$B%3!<%I7O(B\" $B$r;XDj$7$^$9!#$3$N%3!<%I7O$O(B 2. $B$G;X(B
|
||||||
|
$BDj$9$k$b$N$HF1$8$G$9!#Nc$($P!"(B-DKANJI=\"euc\" $B$r(BFLAGSM $B$K@_Dj$9$k$H(B UNIX $B>e$N%U%!(B
|
||||||
|
$B%$%kL>$O!"(BEUC $B%3!<%I$K$J$j$^$9!#$3$3$G;XDj$7$?%3!<%I7O$O!"%5!<%P5Z$S%/%i%$%"%s%H(B
|
||||||
|
$B%W%m%0%i%`$N%G%U%)%k%H$KCM$J$j$^$9!#(B
|
||||||
|
|
||||||
|
$B>0!"%*%W%7%g%sCf$N(B \ $B$d(B " $B$bK:$l$:$K;XDj$7$F2<$5$$!#(B
|
||||||
|
|
||||||
|
3. $B@)8B;v9`(B
|
||||||
|
|
||||||
|
(1) $B4A;z%3!<%I(B
|
||||||
|
smbd $B$rF0:n$5$;$k%[%9%H$N(B UNIX $B$,%5%]!<%H$7$F$$$J$$4A;z%3!<%I$O!"MxMQ$G$-$J$$$3$H$,(B
|
||||||
|
$B$"$j$^$9!#JQ$JF0:n$r$9$k$h$&$J$i(B hex $B$N;XDj$r$9$k$N$,NI$$$G$7$g$&!#(B
|
||||||
|
|
||||||
|
(2) smbclient $B%3%^%s%I(B
|
||||||
|
$B%7%U%H%3!<%I$J$I$N4X78$G!"4A;z$d2>L>$r4^$s$@%U%!%$%kL>$N(B ls $B$NI=<($,Mp$l$k$3$H$,$"$j(B
|
||||||
|
$B$^$9!#(B
|
||||||
|
|
||||||
|
(3) $B%o%$%k%I%+!<%I$K$D$$$F(B
|
||||||
|
$B$A$c$s$H$7$?%9%Z%C%/$,$h$/$o$+$i$J$+$C$?$N$G$9$,!"0l1~!"(BDOS/V $B$NF0:n$HF1$8F0:n$r9T$J(B
|
||||||
|
$B$&$h$&$K$J$C$F$$$^$9!#(B
|
||||||
|
|
||||||
|
(4) $B%m%s%0%U%!%$%kL>$K$D$$$F(B
|
||||||
|
Windows NT/95 $B$G$O!"%m%s%0%U%!%$%kL>$,07$($^$9!#%m%s%0%U%!%$%kL>$r(B 8.3 $B%U%)!<%^%C%H(B
|
||||||
|
$B$G07$&$?$a$K!"(Bmangling $B$7$F$$$^$9$,!"$3$NJ}K!$O!"(BNT $B$d(B 95 $B$,9T$J$C$F$$$k(B mangling $B$H(B
|
||||||
|
$B$O0[$J$j$^$9$N$GCm0U$7$F2<$5$$!#(B
|
||||||
|
|
||||||
|
4. $B>c32Ey$N%l%]!<%H$K$D$$$F(B
|
||||||
|
|
||||||
|
$BF|K\8l$N%U%!%$%kL>$K4X$7$F!"J8;z2=$1Ey$N>c32$,$"$l$P!";d$K%l%]!<%H$7$FD:$1$l$P9,$$$G(B
|
||||||
|
$B$9!#$?$@$7!"%*%j%8%J%k$+$i$NLdBjE@$d<ALd$K$D$$$F$O!"%*%j%8%J%k$N:n<T$XD>@\Ld$$9g$o$;$k(B
|
||||||
|
$B$+!"$b$7$/$O%a!<%j%s%0%j%9%H$J$I$X%l%]!<%H$9$k$h$&$K$7$F2<$5$$!#(B
|
||||||
|
|
||||||
|
$B%l%]!<%H$5$l$k>l9g!"MxMQ$5$l$F$$$k4D6-(B(UNIX $B5Z$S(B PC $BB&$N(BOS$B$J$I(B)$B$H$G$-$^$7$?$i@_Dj%U%!(B
|
||||||
|
$B%$%k$d%m%0$J$I$rE:IU$7$FD:$1$k$H9,$$$G$9!#(B
|
||||||
|
|
||||||
|
5. $B$=$NB>(B
|
||||||
|
|
||||||
|
$B%3!<%IJQ49$O0J2<$NJ}!9$,:n$i$l$?%W%m%0%i%`$rMxMQ$7$F$$$^$9!#(B
|
||||||
|
|
||||||
|
hex $B7A<0(B $BBgLZ!wBgDM!&C^GH(B <ohki@gssm.otsuka.tsukuba.ac.jp>$B;a(B
|
||||||
|
cap $B7A<0(B $BI%ED(B $BF;O:(B (michiro@po.iijnet.or.jp)(michiro@dms.toppan.co.jp)$B;a(B
|
||||||
|
|
||||||
|
$B$=$NB>!"$?$/$5$s$NJ}!9$+$i$$$m$$$m$H8f65<($$$?$@$-$"$j$,$H$&$4$6$$$^$7$?!#:#8e$H$b$h(B
|
||||||
|
$B$m$7$/$*4j$$CW$7$^$9!#(B
|
||||||
|
|
||||||
|
1994$BG/(B10$B7n(B28$BF|(B $BBh#1HG(B
|
||||||
|
1995$BG/(B 8$B7n(B16$BF|(B $BBh#2HG(B
|
||||||
|
1995$BG/(B11$B7n(B24$BF|(B $BBh#3HG(B
|
||||||
|
1996$BG/(B 5$B7n(B13$BF|(B $BBh#4HG(B
|
||||||
|
|
||||||
|
$BF#ED(B $B?r(B fujita@ainix.isac.co.jp
|
||||||
|
|
64
examples/LDAP/export_smbpasswd.pl
Normal file
64
examples/LDAP/export_smbpasswd.pl
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
##
|
||||||
|
## Example script to export ldap entries into an smbpasswd file format
|
||||||
|
## using the Mozilla PerLDAP module.
|
||||||
|
##
|
||||||
|
## writen by jerry@samba.org
|
||||||
|
##
|
||||||
|
## ported to Net::LDAP by dkrovich@slackworks.com
|
||||||
|
|
||||||
|
use Net::LDAP;
|
||||||
|
|
||||||
|
######################################################
|
||||||
|
## Set these values to whatever you need for your site
|
||||||
|
##
|
||||||
|
|
||||||
|
$DN="dc=samba,dc=my-domain,dc=com";
|
||||||
|
$ROOTDN="cn=Manager,dc=my-domain,dc=com";
|
||||||
|
$rootpw = "secret";
|
||||||
|
$LDAPSERVER="localhost";
|
||||||
|
|
||||||
|
##
|
||||||
|
## end local site variables
|
||||||
|
######################################################
|
||||||
|
|
||||||
|
$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
|
||||||
|
|
||||||
|
print "##\n";
|
||||||
|
print "## Autogenerated smbpasswd file via ldapsearch\n";
|
||||||
|
print "## from $LDAPSERVER ($DN)\n";
|
||||||
|
print "##\n";
|
||||||
|
|
||||||
|
## scheck for the existence of the posixAccount first
|
||||||
|
$result = $ldap->search ( base => "$DN",
|
||||||
|
scope => "sub",
|
||||||
|
filter => "(objectclass=sambaAccount)"
|
||||||
|
);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## loop over the entries we found
|
||||||
|
while ( $entry = $result->shift_entry() ) {
|
||||||
|
|
||||||
|
@uid = $entry->get_value("uid");
|
||||||
|
@uidNumber = $entry->get_value("uidNumber");
|
||||||
|
@lm_pw = $entry->get_value("lmpassword");
|
||||||
|
@nt_pw = $entry->get_value("ntpassword");
|
||||||
|
@acct = $entry->get_value("acctFlags");
|
||||||
|
@pwdLastSet = $entry->get_value("pwdLastSet");
|
||||||
|
|
||||||
|
if (($#uid+1) && ($#uidNumber+1)) {
|
||||||
|
|
||||||
|
$lm_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#lm_pw+1));
|
||||||
|
$nt_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#nt_pw+1));
|
||||||
|
$acct[0] = "[DU ]" if (! ($#acct+1));
|
||||||
|
$pwdLastSet[0] = "FFFFFFFF" if (! ($#pwdLastSet+1));
|
||||||
|
|
||||||
|
print "$uid[0]:$uidNumber[0]:$lm_pw[0]:$nt_pw[0]:$acct[0]:LCT-$pwdLastSet[0]\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
$ldap->unbind();
|
||||||
|
exit 0;
|
||||||
|
|
119
examples/LDAP/import_smbpasswd.pl
Normal file
119
examples/LDAP/import_smbpasswd.pl
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
##
|
||||||
|
## Example script of how you could import a smbpasswd file into an LDAP
|
||||||
|
## directory using the Mozilla PerLDAP module.
|
||||||
|
##
|
||||||
|
## writen by jerry@samba.org
|
||||||
|
##
|
||||||
|
## ported to Net::LDAP by dkrovich@slackworks.com
|
||||||
|
|
||||||
|
use Net::LDAP;
|
||||||
|
|
||||||
|
#################################################
|
||||||
|
## set these to a value appropriate for your site
|
||||||
|
##
|
||||||
|
|
||||||
|
$DN="ou=people,dc=plainjoe,dc=org";
|
||||||
|
$ROOTDN="cn=Manager,dc=plainjoe,dc=org";
|
||||||
|
# If you use perl special character in your
|
||||||
|
# rootpw, escape them:
|
||||||
|
# $rootpw = "secr\@t" instead of $rootpw = "secr@t"
|
||||||
|
$rootpw = "n0pass";
|
||||||
|
$LDAPSERVER="scooby";
|
||||||
|
|
||||||
|
##
|
||||||
|
## end local site variables
|
||||||
|
#################################################
|
||||||
|
|
||||||
|
$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
|
||||||
|
|
||||||
|
## Bind as $ROOTDN so you can do updates
|
||||||
|
$mesg = $ldap->bind($ROOTDN, password => $rootpw);
|
||||||
|
$mesg->error() if $mesg->code();
|
||||||
|
|
||||||
|
while ( $string = <STDIN> ) {
|
||||||
|
chomp ($string);
|
||||||
|
|
||||||
|
## Get the account info from the smbpasswd file
|
||||||
|
@smbentry = split (/:/, $string);
|
||||||
|
|
||||||
|
## Check for the existence of a system account
|
||||||
|
@getpwinfo = getpwnam($smbentry[0]);
|
||||||
|
if (! @getpwinfo ) {
|
||||||
|
print STDERR "**$smbentry[0] does not have a system account... \n";
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
## Calculate RID = uid*2 +1000
|
||||||
|
$rid=@getpwinfo[2]*2+1000;
|
||||||
|
|
||||||
|
## check and see if account info already exists in LDAP.
|
||||||
|
$result = $ldap->search ( base => "$DN",
|
||||||
|
scope => "sub",
|
||||||
|
filter => "(uid=$smbentry[0])"
|
||||||
|
);
|
||||||
|
|
||||||
|
## If no LDAP entry exists, create one.
|
||||||
|
if ( $result->count == 0 ) {
|
||||||
|
$new_entry = Net::LDAP::Entry->new();
|
||||||
|
$new_entry->add( dn => "uid=$smbentry[0],$DN",
|
||||||
|
uid => $smbentry[0],
|
||||||
|
rid => $rid,
|
||||||
|
lmPassword => $smbentry[2],
|
||||||
|
ntPassword => $smbentry[3],
|
||||||
|
acctFlags => $smbentry[4],
|
||||||
|
cn => $smbentry[0],
|
||||||
|
pwdLastSet => hex(substr($smbentry[5],4)),
|
||||||
|
objectclass => 'sambaAccount' );
|
||||||
|
|
||||||
|
$result = $ldap->add( $new_entry );
|
||||||
|
$result->error() if $result->code();
|
||||||
|
print "Adding [uid=" . $smbentry[0] . "," . $DN . "]\n";
|
||||||
|
|
||||||
|
## Otherwise, supplement/update the existing entry.
|
||||||
|
}
|
||||||
|
elsif ($result->count == 1)
|
||||||
|
{
|
||||||
|
# Put the search results into an entry object
|
||||||
|
$entry = $result->entry(0);
|
||||||
|
|
||||||
|
print "Updating [" . $entry->dn . "]\n";
|
||||||
|
|
||||||
|
## Add the objectclass: sambaAccount attribute if it's not there
|
||||||
|
@values = $entry->get_value( "objectclass" );
|
||||||
|
$flag = 1;
|
||||||
|
foreach $item (@values) {
|
||||||
|
print "$item\n";
|
||||||
|
if ( "$item" eq "sambaAccount" ) {
|
||||||
|
$flag = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ( $flag ) {
|
||||||
|
## Adding sambaAccount objectclass requires adding at least rid:
|
||||||
|
## uid attribute already exists we know since we searched on it
|
||||||
|
$entry->add(objectclass => "sambaAccount",
|
||||||
|
rid => $rid );
|
||||||
|
}
|
||||||
|
|
||||||
|
## Set the other attribute values
|
||||||
|
$entry->replace(rid => $rid,
|
||||||
|
lmPassword => $smbentry[2],
|
||||||
|
ntPassword => $smbentry[3],
|
||||||
|
acctFlags => $smbentry[4],
|
||||||
|
pwdLastSet => hex(substr($smbentry[5],4)));
|
||||||
|
|
||||||
|
## Apply changes to the LDAP server
|
||||||
|
$updatemesg = $entry->update($ldap);
|
||||||
|
$updatemesg->error() if $updatemesg->code();
|
||||||
|
|
||||||
|
## If we get here, the LDAP search returned more than one value
|
||||||
|
## which shouldn't happen under normal circumstances.
|
||||||
|
} else {
|
||||||
|
print STDERR "LDAP search returned more than one entry for $smbentry[0]... skipping!\n";
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$ldap->unbind();
|
||||||
|
exit 0;
|
||||||
|
|
||||||
|
|
43
examples/VFS/Makefile.in
Normal file
43
examples/VFS/Makefile.in
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
CC = @CC@
|
||||||
|
CFLAGS = @CFLAGS@
|
||||||
|
CPPFLAGS = @CPPFLAGS@
|
||||||
|
LDFLAGS = @LDFLAGS@
|
||||||
|
LDSHFLAGS = @LDSHFLAGS@
|
||||||
|
INSTALLCMD = @INSTALL@
|
||||||
|
SAMBA_SOURCE = @SAMBA_SOURCE@
|
||||||
|
SHLIBEXT = @SHLIBEXT@
|
||||||
|
OBJEXT = @OBJEXT@
|
||||||
|
FLAGS = $(CFLAGS) -Iinclude -I$(SAMBA_SOURCE)/include -I$(SAMBA_SOURCE)/ubiqx -I$(SAMBA_SOURCE)/smbwrapper -I. $(CPPFLAGS) -I$(SAMBA_SOURCE)
|
||||||
|
|
||||||
|
|
||||||
|
prefix = @prefix@
|
||||||
|
libdir = @libdir@
|
||||||
|
|
||||||
|
VFS_LIBDIR = $(libdir)/vfs
|
||||||
|
|
||||||
|
# Auto target
|
||||||
|
default: $(patsubst %.c,%.$(SHLIBEXT),$(wildcard *.c))
|
||||||
|
|
||||||
|
# Pattern rules
|
||||||
|
|
||||||
|
%.$(SHLIBEXT): %.$(OBJEXT)
|
||||||
|
@echo "Linking $@"
|
||||||
|
@$(CC) $(LDSHFLAGS) $(LDFLAGS) -o $@ $<
|
||||||
|
|
||||||
|
%.$(OBJEXT): %.c
|
||||||
|
@echo "Compiling $<"
|
||||||
|
@$(CC) $(FLAGS) -c $<
|
||||||
|
|
||||||
|
|
||||||
|
install: default
|
||||||
|
$(INSTALLCMD) -d $(VFS_LIBDIR)
|
||||||
|
$(INSTALLCMD) -m 755 *.$(SHLIBEXT) $(VFS_LIBDIR)
|
||||||
|
|
||||||
|
# Misc targets
|
||||||
|
clean:
|
||||||
|
rm -rf .libs
|
||||||
|
rm -f core *~ *% *.bak *.o *.$(SHLIBEXT)
|
||||||
|
|
||||||
|
distclean: clean
|
||||||
|
rm config.* Makefile
|
||||||
|
|
60
examples/VFS/autogen.sh
Executable file
60
examples/VFS/autogen.sh
Executable file
@ -0,0 +1,60 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Run this script to build samba from CVS.
|
||||||
|
|
||||||
|
## insert all possible names (only works with
|
||||||
|
## autoconf 2.x
|
||||||
|
#TESTAUTOHEADER="autoheader autoheader-2.53"
|
||||||
|
TESTAUTOCONF="autoconf autoconf-2.53"
|
||||||
|
|
||||||
|
#AUTOHEADERFOUND="0"
|
||||||
|
AUTOCONFFOUND="0"
|
||||||
|
|
||||||
|
|
||||||
|
##
|
||||||
|
## Look for autoheader
|
||||||
|
##
|
||||||
|
#for i in $TESTAUTOHEADER; do
|
||||||
|
# if which $i > /dev/null 2>&1; then
|
||||||
|
# if [ `$i --version | head -n 1 | cut -d. -f 2` -ge 53 ]; then
|
||||||
|
# AUTOHEADER=$i
|
||||||
|
# AUTOHEADERFOUND="1"
|
||||||
|
# break
|
||||||
|
# fi
|
||||||
|
# fi
|
||||||
|
#done
|
||||||
|
|
||||||
|
##
|
||||||
|
## Look for autoconf
|
||||||
|
##
|
||||||
|
|
||||||
|
for i in $TESTAUTOCONF; do
|
||||||
|
if which $i > /dev/null 2>&1; then
|
||||||
|
if [ `$i --version | head -n 1 | cut -d. -f 2` -ge 53 ]; then
|
||||||
|
AUTOCONF=$i
|
||||||
|
AUTOCONFFOUND="1"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
##
|
||||||
|
## do we have it?
|
||||||
|
##
|
||||||
|
if [ "$AUTOCONFFOUND" = "0" -o "$AUTOHEADERFOUND" = "0" ]; then
|
||||||
|
echo "$0: need autoconf 2.53 or later to build samba from CVS" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#echo "$0: running $AUTOHEADER"
|
||||||
|
#$AUTOHEADER || exit 1
|
||||||
|
|
||||||
|
echo "$0: running $AUTOCONF"
|
||||||
|
$AUTOCONF || exit 1
|
||||||
|
|
||||||
|
echo "Now run ./configure and then make."
|
||||||
|
exit 0
|
||||||
|
|
353
examples/VFS/configure.in
Normal file
353
examples/VFS/configure.in
Normal file
@ -0,0 +1,353 @@
|
|||||||
|
dnl -*- mode: m4-mode -*-
|
||||||
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
|
|
||||||
|
dnl We must use autotools 2.53 or above
|
||||||
|
AC_PREREQ(2.53)
|
||||||
|
AC_INIT(Makefile.in)
|
||||||
|
|
||||||
|
#dnl Uncomment this if you want to use your own define's too
|
||||||
|
#AC_CONFIG_HEADER(module_config.h)
|
||||||
|
#dnl To make sure that didn't get #define PACKAGE_* in modules_config.h
|
||||||
|
#echo "" > confdefs.h
|
||||||
|
|
||||||
|
dnl Checks for programs.
|
||||||
|
AC_PROG_CC
|
||||||
|
AC_PROG_INSTALL
|
||||||
|
|
||||||
|
#################################################
|
||||||
|
# Directory handling stuff to support both the
|
||||||
|
# legacy SAMBA directories and FHS compliant
|
||||||
|
# ones...
|
||||||
|
AC_PREFIX_DEFAULT(/usr/local/samba)
|
||||||
|
|
||||||
|
AC_ARG_WITH(fhs,
|
||||||
|
[ --with-fhs Use FHS-compliant paths (default=no)],
|
||||||
|
libdir="\${prefix}/lib/samba",
|
||||||
|
libdir="\${prefix}/lib")
|
||||||
|
|
||||||
|
AC_SUBST(libdir)
|
||||||
|
|
||||||
|
SAMBA_SOURCE="../../source"
|
||||||
|
####################################################
|
||||||
|
# set the location location of the samba source tree
|
||||||
|
AC_ARG_WITH(samba-source,
|
||||||
|
[ --with-samba-source=DIR Where is the samba source tree (../../source)],
|
||||||
|
[ case "$withval" in
|
||||||
|
yes|no)
|
||||||
|
#
|
||||||
|
# Just in case anybody calls it without argument
|
||||||
|
#
|
||||||
|
AC_MSG_WARN([--with-samba-source called without argument - will use default])
|
||||||
|
;;
|
||||||
|
* )
|
||||||
|
SAMBA_SOURCE="$withval"
|
||||||
|
;;
|
||||||
|
esac])
|
||||||
|
|
||||||
|
AC_SUBST(SAMBA_SOURCE)
|
||||||
|
|
||||||
|
dnl Unique-to-Samba variables we'll be playing with.
|
||||||
|
AC_SUBST(CC)
|
||||||
|
AC_SUBST(SHELL)
|
||||||
|
AC_SUBST(LDSHFLAGS)
|
||||||
|
AC_SUBST(SONAMEFLAG)
|
||||||
|
AC_SUBST(SHLD)
|
||||||
|
AC_SUBST(HOST_OS)
|
||||||
|
AC_SUBST(PICFLAG)
|
||||||
|
AC_SUBST(PICSUFFIX)
|
||||||
|
AC_SUBST(POBAD_CC)
|
||||||
|
AC_SUBST(SHLIBEXT)
|
||||||
|
AC_SUBST(INSTALLCLIENTCMD_SH)
|
||||||
|
AC_SUBST(INSTALLCLIENTCMD_A)
|
||||||
|
AC_SUBST(SHLIB_PROGS)
|
||||||
|
AC_SUBST(EXTRA_BIN_PROGS)
|
||||||
|
AC_SUBST(EXTRA_SBIN_PROGS)
|
||||||
|
AC_SUBST(EXTRA_ALL_TARGETS)
|
||||||
|
|
||||||
|
AC_ARG_ENABLE(debug,
|
||||||
|
[ --enable-debug Turn on compiler debugging information (default=no)],
|
||||||
|
[if eval "test x$enable_debug = xyes"; then
|
||||||
|
CFLAGS="${CFLAGS} -g"
|
||||||
|
fi])
|
||||||
|
|
||||||
|
AC_ARG_ENABLE(developer, [ --enable-developer Turn on developer warnings and debugging (default=no)],
|
||||||
|
[if eval "test x$enable_developer = xyes"; then
|
||||||
|
developer=yes
|
||||||
|
CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER"
|
||||||
|
fi])
|
||||||
|
|
||||||
|
# compile with optimization and without debugging by default, but
|
||||||
|
# allow people to set their own preference.
|
||||||
|
if test "x$CFLAGS" = x
|
||||||
|
then
|
||||||
|
CFLAGS="-O ${CFLAGS}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#################################################
|
||||||
|
# check for krb5-config from recent MIT and Heimdal kerberos 5
|
||||||
|
AC_PATH_PROG(KRB5_CONFIG, krb5-config)
|
||||||
|
AC_MSG_CHECKING(for working krb5-config)
|
||||||
|
if test -x "$KRB5_CONFIG"; then
|
||||||
|
CFLAGS="$CFLAGS `$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`"
|
||||||
|
CPPFLAGS="$CPPFLAGS `$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`"
|
||||||
|
FOUND_KRB5=yes
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT(no. Fallback to previous krb5 detection strategy)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test x$FOUND_KRB5 = x"no"; then
|
||||||
|
#################################################
|
||||||
|
# check for location of Kerberos 5 install
|
||||||
|
AC_MSG_CHECKING(for kerberos 5 install path)
|
||||||
|
AC_ARG_WITH(krb5,
|
||||||
|
[ --with-krb5=base-dir Locate Kerberos 5 support (default=/usr)],
|
||||||
|
[ case "$withval" in
|
||||||
|
no)
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
CFLAGS="$CFLAGS -I$withval/include"
|
||||||
|
CPPFLAGS="$CPPFLAGS -I$withval/include"
|
||||||
|
FOUND_KRB5=yes
|
||||||
|
;;
|
||||||
|
esac ],
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test x$FOUND_KRB5 = x"no"; then
|
||||||
|
#################################################
|
||||||
|
# see if this box has the SuSE location for the heimdal kerberos implementation
|
||||||
|
AC_MSG_CHECKING(for /usr/include/heimdal)
|
||||||
|
if test -d /usr/include/heimdal; then
|
||||||
|
if test -f /usr/lib/heimdal/lib/libkrb5.a; then
|
||||||
|
CFLAGS="$CFLAGS -I/usr/include/heimdal"
|
||||||
|
CPPFLAGS="$CPPFLAGS -I/usr/include/heimdal"
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
else
|
||||||
|
CFLAGS="$CFLAGS -I/usr/include/heimdal"
|
||||||
|
CPPFLAGS="$CPPFLAGS -I/usr/include/heimdal"
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if test x$FOUND_KRB5 = x"no"; then
|
||||||
|
#################################################
|
||||||
|
# see if this box has the RedHat location for kerberos
|
||||||
|
AC_MSG_CHECKING(for /usr/kerberos)
|
||||||
|
if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then
|
||||||
|
LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
|
||||||
|
CFLAGS="$CFLAGS -I/usr/kerberos/include"
|
||||||
|
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# now check for krb5.h. Some systems have the libraries without the headers!
|
||||||
|
# note that this check is done here to allow for different kerberos
|
||||||
|
# include paths
|
||||||
|
AC_CHECK_HEADERS(krb5.h)
|
||||||
|
|
||||||
|
# now check for gssapi headers. This is also done here to allow for
|
||||||
|
# different kerberos include paths
|
||||||
|
AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h com_err.h)
|
||||||
|
|
||||||
|
#dnl Check if we use GNU ld
|
||||||
|
#LD=ld
|
||||||
|
#AC_PROG_LD_GNU
|
||||||
|
|
||||||
|
#dnl look for executable suffix
|
||||||
|
#AC_EXEEXT
|
||||||
|
|
||||||
|
builddir=`pwd`
|
||||||
|
AC_SUBST(builddir)
|
||||||
|
|
||||||
|
# Assume non-shared by default and override below
|
||||||
|
BLDSHARED="false"
|
||||||
|
|
||||||
|
# these are the defaults, good for lots of systems
|
||||||
|
HOST_OS="$host_os"
|
||||||
|
LDSHFLAGS="-shared"
|
||||||
|
SONAMEFLAG="#"
|
||||||
|
SHLD="\${CC}"
|
||||||
|
PICFLAG=""
|
||||||
|
PICSUFFIX="po"
|
||||||
|
POBAD_CC="#"
|
||||||
|
SHLIBEXT="so"
|
||||||
|
|
||||||
|
if test "$enable_shared" = "yes"; then
|
||||||
|
# this bit needs to be modified for each OS that is suported by
|
||||||
|
# smbwrapper. You need to specify how to created a shared library and
|
||||||
|
# how to compile C code to produce PIC object files
|
||||||
|
|
||||||
|
AC_MSG_CHECKING([ability to build shared libraries])
|
||||||
|
|
||||||
|
# and these are for particular systems
|
||||||
|
case "$host_os" in
|
||||||
|
*linux*)
|
||||||
|
BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-shared"
|
||||||
|
DYNEXP="-Wl,--export-dynamic"
|
||||||
|
PICFLAG="-fPIC"
|
||||||
|
SONAMEFLAG="-Wl,-soname="
|
||||||
|
;;
|
||||||
|
*solaris*)
|
||||||
|
BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-G"
|
||||||
|
SONAMEFLAG="-h "
|
||||||
|
if test "${GCC}" = "yes"; then
|
||||||
|
PICFLAG="-fPIC"
|
||||||
|
if test "${ac_cv_prog_gnu_ld}" = "yes"; then
|
||||||
|
DYNEXP="-Wl,-E"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
PICFLAG="-KPIC"
|
||||||
|
## ${CFLAGS} added for building 64-bit shared
|
||||||
|
## libs using Sun's Compiler
|
||||||
|
LDSHFLAGS="-G \${CFLAGS}"
|
||||||
|
POBAD_CC=""
|
||||||
|
PICSUFFIX="po.o"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*sunos*)
|
||||||
|
BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-G"
|
||||||
|
SONAMEFLAG="-Wl,-h,"
|
||||||
|
PICFLAG="-KPIC" # Is this correct for SunOS
|
||||||
|
;;
|
||||||
|
*netbsd* | *freebsd*) BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-shared"
|
||||||
|
DYNEXP="-Wl,--export-dynamic"
|
||||||
|
SONAMEFLAG="-Wl,-soname,"
|
||||||
|
PICFLAG="-fPIC -DPIC"
|
||||||
|
;;
|
||||||
|
*openbsd*) BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-shared"
|
||||||
|
DYNEXP="-Wl,-Bdynamic"
|
||||||
|
SONAMEFLAG="-Wl,-soname,"
|
||||||
|
PICFLAG="-fPIC"
|
||||||
|
;;
|
||||||
|
*irix*)
|
||||||
|
case "$host_os" in
|
||||||
|
*irix6*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
ATTEMPT_WRAP32_BUILD=yes
|
||||||
|
BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-set_version sgi1.0 -shared"
|
||||||
|
SONAMEFLAG="-soname "
|
||||||
|
SHLD="\${LD}"
|
||||||
|
if test "${GCC}" = "yes"; then
|
||||||
|
PICFLAG="-fPIC"
|
||||||
|
else
|
||||||
|
PICFLAG="-KPIC"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*aix*)
|
||||||
|
BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry,-berok"
|
||||||
|
DYNEXP="-Wl,-brtl,-bexpall"
|
||||||
|
PICFLAG="-O2"
|
||||||
|
if test "${GCC}" != "yes"; then
|
||||||
|
## for funky AIX compiler using strncpy()
|
||||||
|
CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT -qmaxmem=32000"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*hpux*)
|
||||||
|
SHLIBEXT="sl"
|
||||||
|
# Use special PIC flags for the native HP-UX compiler.
|
||||||
|
if test $ac_cv_prog_cc_Ae = yes; then
|
||||||
|
BLDSHARED="true"
|
||||||
|
SHLD="/usr/bin/ld"
|
||||||
|
LDSHFLAGS="-B symbolic -b -z"
|
||||||
|
SONAMEFLAG="+h "
|
||||||
|
PICFLAG="+z"
|
||||||
|
fi
|
||||||
|
DYNEXP="-Wl,-E"
|
||||||
|
;;
|
||||||
|
*qnx*)
|
||||||
|
;;
|
||||||
|
*osf*)
|
||||||
|
BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-shared"
|
||||||
|
SONAMEFLAG="-Wl,-soname,"
|
||||||
|
PICFLAG="-fPIC"
|
||||||
|
;;
|
||||||
|
*sco*)
|
||||||
|
;;
|
||||||
|
*unixware*)
|
||||||
|
BLDSHARED="true"
|
||||||
|
LDSHFLAGS="-shared"
|
||||||
|
SONAMEFLAG="-Wl,-soname,"
|
||||||
|
PICFLAG="-KPIC"
|
||||||
|
;;
|
||||||
|
*next2*)
|
||||||
|
;;
|
||||||
|
*dgux*) AC_CHECK_PROG( ROFF, groff, [groff -etpsR -Tascii -man])
|
||||||
|
;;
|
||||||
|
*sysv4*)
|
||||||
|
case "$host" in
|
||||||
|
*-univel-*)
|
||||||
|
LDSHFLAGS="-G"
|
||||||
|
DYNEXP="-Bexport"
|
||||||
|
;;
|
||||||
|
*mips-sni-sysv4*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
|
||||||
|
*sysv5*)
|
||||||
|
LDSHFLAGS="-G"
|
||||||
|
;;
|
||||||
|
*vos*)
|
||||||
|
BLDSHARED="false"
|
||||||
|
LDSHFLAGS=""
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
AC_SUBST(DYNEXP)
|
||||||
|
AC_MSG_RESULT($BLDSHARED)
|
||||||
|
AC_MSG_CHECKING([linker flags for shared libraries])
|
||||||
|
AC_MSG_RESULT([$LDSHFLAGS])
|
||||||
|
AC_MSG_CHECKING([compiler flags for position-independent code])
|
||||||
|
AC_MSG_RESULT([$PICFLAGS])
|
||||||
|
fi
|
||||||
|
|
||||||
|
#######################################################
|
||||||
|
# test whether building a shared library actually works
|
||||||
|
if test $BLDSHARED = true; then
|
||||||
|
AC_CACHE_CHECK([whether building shared libraries actually works],
|
||||||
|
[ac_cv_shlib_works],[
|
||||||
|
ac_cv_shlib_works=no
|
||||||
|
# try building a trivial shared library
|
||||||
|
if test "$PICSUFFIX" = "po"; then
|
||||||
|
$CC $CPPFLAGS $CFLAGS $PICFLAG -c -o shlib.po ${srcdir-.}/tests/shlib.c &&
|
||||||
|
$CC $CPPFLAGS $CFLAGS `eval echo $LDSHFLAGS` -o "shlib.$SHLIBEXT" shlib.po &&
|
||||||
|
ac_cv_shlib_works=yes
|
||||||
|
else
|
||||||
|
$CC $CPPFLAGS $CFLAGS $PICFLAG -c -o shlib.$PICSUFFIX ${srcdir-.}/tests/shlib.c &&
|
||||||
|
mv shlib.$PICSUFFIX shlib.po &&
|
||||||
|
$CC $CPPFLAGS $CFLAGS `eval echo $LDSHFLAGS` -o "shlib.$SHLIBEXT" shlib.po &&
|
||||||
|
ac_cv_shlib_works=yes
|
||||||
|
fi
|
||||||
|
rm -f "shlib.$SHLIBEXT" shlib.po
|
||||||
|
])
|
||||||
|
if test $ac_cv_shlib_works = no; then
|
||||||
|
BLDSHARED=false
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
AC_OUTPUT(Makefile)
|
238
examples/VFS/install-sh
Normal file
238
examples/VFS/install-sh
Normal file
@ -0,0 +1,238 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# install - install a program, script, or datafile
|
||||||
|
# This comes from X11R5.
|
||||||
|
#
|
||||||
|
# Calling this script install-sh is preferred over install.sh, to prevent
|
||||||
|
# `make' implicit rules from creating a file called install from it
|
||||||
|
# when there is no Makefile.
|
||||||
|
#
|
||||||
|
# This script is compatible with the BSD install script, but was written
|
||||||
|
# from scratch.
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
# set DOITPROG to echo to test this script
|
||||||
|
|
||||||
|
# Don't use :- since 4.3BSD and earlier shells don't like it.
|
||||||
|
doit="${DOITPROG-}"
|
||||||
|
|
||||||
|
|
||||||
|
# put in absolute paths if you don't have them in your path; or use env. vars.
|
||||||
|
|
||||||
|
mvprog="${MVPROG-mv}"
|
||||||
|
cpprog="${CPPROG-cp}"
|
||||||
|
chmodprog="${CHMODPROG-chmod}"
|
||||||
|
chownprog="${CHOWNPROG-chown}"
|
||||||
|
chgrpprog="${CHGRPPROG-chgrp}"
|
||||||
|
stripprog="${STRIPPROG-strip}"
|
||||||
|
rmprog="${RMPROG-rm}"
|
||||||
|
mkdirprog="${MKDIRPROG-mkdir}"
|
||||||
|
|
||||||
|
transformbasename=""
|
||||||
|
transform_arg=""
|
||||||
|
instcmd="$mvprog"
|
||||||
|
chmodcmd="$chmodprog 0755"
|
||||||
|
chowncmd=""
|
||||||
|
chgrpcmd=""
|
||||||
|
stripcmd=""
|
||||||
|
rmcmd="$rmprog -f"
|
||||||
|
mvcmd="$mvprog"
|
||||||
|
src=""
|
||||||
|
dst=""
|
||||||
|
dir_arg=""
|
||||||
|
|
||||||
|
while [ x"$1" != x ]; do
|
||||||
|
case $1 in
|
||||||
|
-c) instcmd="$cpprog"
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
|
||||||
|
-d) dir_arg=true
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
|
||||||
|
-m) chmodcmd="$chmodprog $2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
|
||||||
|
-o) chowncmd="$chownprog $2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
|
||||||
|
-g) chgrpcmd="$chgrpprog $2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
|
||||||
|
-s) stripcmd="$stripprog"
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
|
||||||
|
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
|
||||||
|
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
|
||||||
|
*) if [ x"$src" = x ]
|
||||||
|
then
|
||||||
|
src=$1
|
||||||
|
else
|
||||||
|
# this colon is to work around a 386BSD /bin/sh bug
|
||||||
|
:
|
||||||
|
dst=$1
|
||||||
|
fi
|
||||||
|
shift
|
||||||
|
continue;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ x"$src" = x ]
|
||||||
|
then
|
||||||
|
echo "install: no input file specified"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
true
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ x"$dir_arg" != x ]; then
|
||||||
|
dst=$src
|
||||||
|
src=""
|
||||||
|
|
||||||
|
if [ -d $dst ]; then
|
||||||
|
instcmd=:
|
||||||
|
else
|
||||||
|
instcmd=mkdir
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
|
||||||
|
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
|
||||||
|
# might cause directories to be created, which would be especially bad
|
||||||
|
# if $src (and thus $dsttmp) contains '*'.
|
||||||
|
|
||||||
|
if [ -f $src -o -d $src ]
|
||||||
|
then
|
||||||
|
true
|
||||||
|
else
|
||||||
|
echo "install: $src does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ x"$dst" = x ]
|
||||||
|
then
|
||||||
|
echo "install: no destination specified"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
true
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If destination is a directory, append the input filename; if your system
|
||||||
|
# does not like double slashes in filenames, you may need to add some logic
|
||||||
|
|
||||||
|
if [ -d $dst ]
|
||||||
|
then
|
||||||
|
dst="$dst"/`basename $src`
|
||||||
|
else
|
||||||
|
true
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
## this sed command emulates the dirname command
|
||||||
|
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
|
||||||
|
|
||||||
|
# Make sure that the destination directory exists.
|
||||||
|
# this part is taken from Noah Friedman's mkinstalldirs script
|
||||||
|
|
||||||
|
# Skip lots of stat calls in the usual case.
|
||||||
|
if [ ! -d "$dstdir" ]; then
|
||||||
|
defaultIFS='
|
||||||
|
'
|
||||||
|
IFS="${IFS-${defaultIFS}}"
|
||||||
|
|
||||||
|
oIFS="${IFS}"
|
||||||
|
# Some sh's can't handle IFS=/ for some reason.
|
||||||
|
IFS='%'
|
||||||
|
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
|
||||||
|
IFS="${oIFS}"
|
||||||
|
|
||||||
|
pathcomp=''
|
||||||
|
|
||||||
|
while [ $# -ne 0 ] ; do
|
||||||
|
pathcomp="${pathcomp}${1}"
|
||||||
|
shift
|
||||||
|
|
||||||
|
if [ ! -d "${pathcomp}" ] ;
|
||||||
|
then
|
||||||
|
$mkdirprog "${pathcomp}"
|
||||||
|
else
|
||||||
|
true
|
||||||
|
fi
|
||||||
|
|
||||||
|
pathcomp="${pathcomp}/"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ x"$dir_arg" != x ]
|
||||||
|
then
|
||||||
|
$doit $instcmd $dst &&
|
||||||
|
|
||||||
|
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
|
||||||
|
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
|
||||||
|
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
|
||||||
|
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
|
||||||
|
else
|
||||||
|
|
||||||
|
# If we're going to rename the final executable, determine the name now.
|
||||||
|
|
||||||
|
if [ x"$transformarg" = x ]
|
||||||
|
then
|
||||||
|
dstfile=`basename $dst`
|
||||||
|
else
|
||||||
|
dstfile=`basename $dst $transformbasename |
|
||||||
|
sed $transformarg`$transformbasename
|
||||||
|
fi
|
||||||
|
|
||||||
|
# don't allow the sed command to completely eliminate the filename
|
||||||
|
|
||||||
|
if [ x"$dstfile" = x ]
|
||||||
|
then
|
||||||
|
dstfile=`basename $dst`
|
||||||
|
else
|
||||||
|
true
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Make a temp file name in the proper directory.
|
||||||
|
|
||||||
|
dsttmp=$dstdir/#inst.$$#
|
||||||
|
|
||||||
|
# Move or copy the file name to the temp name
|
||||||
|
|
||||||
|
$doit $instcmd $src $dsttmp &&
|
||||||
|
|
||||||
|
trap "rm -f ${dsttmp}" 0 &&
|
||||||
|
|
||||||
|
# and set any options; do chmod last to preserve setuid bits
|
||||||
|
|
||||||
|
# If any of these fail, we abort the whole thing. If we want to
|
||||||
|
# ignore errors from any of these, just make sure not to ignore
|
||||||
|
# errors from the above "$doit $instcmd $src $dsttmp" command.
|
||||||
|
|
||||||
|
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
|
||||||
|
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
|
||||||
|
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
|
||||||
|
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
|
||||||
|
|
||||||
|
# Now rename the file to the real destination.
|
||||||
|
|
||||||
|
$doit $rmcmd -f $dstdir/$dstfile &&
|
||||||
|
$doit $mvcmd $dsttmp $dstdir/$dstfile
|
||||||
|
|
||||||
|
fi &&
|
||||||
|
|
||||||
|
|
||||||
|
exit 0
|
563
examples/VFS/skel_opaque.c
Normal file
563
examples/VFS/skel_opaque.c
Normal file
@ -0,0 +1,563 @@
|
|||||||
|
/*
|
||||||
|
* Skeleton VFS module. Implements passthrough operation of all VFS
|
||||||
|
* calls to disk functions.
|
||||||
|
*
|
||||||
|
* Copyright (C) Tim Potter, 1999-2000
|
||||||
|
* Copyright (C) Alexander Bokovoy, 2002
|
||||||
|
* Copyright (C) Stefan (metze) Metzmacher, 2003
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
/* PLEASE,PLEASE READ THE VFS MODULES CHAPTER OF THE
|
||||||
|
SAMBA DEVELOPERS GUIDE!!!!!!
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* If you take this file as template for your module
|
||||||
|
* please make sure that you remove all vfswrap_* functions and
|
||||||
|
* implement your own function!!
|
||||||
|
*
|
||||||
|
* for functions you didn't want to provide implement dummy functions
|
||||||
|
* witch return ERROR and errno = ENOSYS; !
|
||||||
|
*
|
||||||
|
* --metze
|
||||||
|
*/
|
||||||
|
|
||||||
|
static int skel_connect(vfs_handle_struct *handle, connection_struct *conn, const char *service, const char *user)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void skel_disconnect(vfs_handle_struct *handle, connection_struct *conn)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_BIG_UINT skel_disk_free(vfs_handle_struct *handle, connection_struct *conn, const char *path,
|
||||||
|
BOOL small_query, SMB_BIG_UINT *bsize,
|
||||||
|
SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
|
||||||
|
{
|
||||||
|
return vfswrap_disk_free(NULL, conn, path, small_query, bsize,
|
||||||
|
dfree, dsize);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_get_quota(vfs_handle_struct *handle, connection_struct *conn, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dq)
|
||||||
|
{
|
||||||
|
return vfswrap_get_quota(NULL, conn, qtype, id, dq);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_set_quota(vfs_handle_struct *handle, connection_struct *conn, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dq)
|
||||||
|
{
|
||||||
|
return vfswrap_set_quota(NULL, conn, qtype, id, dq);
|
||||||
|
}
|
||||||
|
|
||||||
|
static DIR *skel_opendir(vfs_handle_struct *handle, connection_struct *conn, const char *fname)
|
||||||
|
{
|
||||||
|
return vfswrap_opendir(NULL, conn, fname);
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct dirent *skel_readdir(vfs_handle_struct *handle, connection_struct *conn, DIR *dirp)
|
||||||
|
{
|
||||||
|
return vfswrap_readdir(NULL, conn, dirp);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_mkdir(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode)
|
||||||
|
{
|
||||||
|
return vfswrap_mkdir(NULL, conn, path, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_rmdir(vfs_handle_struct *handle, connection_struct *conn, const char *path)
|
||||||
|
{
|
||||||
|
return vfswrap_rmdir(NULL, conn, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_closedir(vfs_handle_struct *handle, connection_struct *conn, DIR *dir)
|
||||||
|
{
|
||||||
|
return vfswrap_closedir(NULL, conn, dir);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_open(vfs_handle_struct *handle, connection_struct *conn, const char *fname, int flags, mode_t mode)
|
||||||
|
{
|
||||||
|
return vfswrap_open(NULL, conn, fname, flags, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
return vfswrap_close(NULL, fsp, fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_read(vfs_handle_struct *handle, files_struct *fsp, int fd, void *data, size_t n)
|
||||||
|
{
|
||||||
|
return vfswrap_read(NULL, fsp, fd, data, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_write(vfs_handle_struct *handle, files_struct *fsp, int fd, const void *data, size_t n)
|
||||||
|
{
|
||||||
|
return vfswrap_write(NULL, fsp, fd, data, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_OFF_T skel_lseek(vfs_handle_struct *handle, files_struct *fsp, int filedes, SMB_OFF_T offset, int whence)
|
||||||
|
{
|
||||||
|
return vfswrap_lseek(NULL, fsp, filedes, offset, whence);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_rename(vfs_handle_struct *handle, connection_struct *conn, const char *old, const char *new)
|
||||||
|
{
|
||||||
|
return vfswrap_rename(NULL, conn, old, new);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
return vfswrap_fsync(NULL, fsp, fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_stat(vfs_handle_struct *handle, connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf)
|
||||||
|
{
|
||||||
|
return vfswrap_stat(NULL, conn, fname, sbuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_STRUCT_STAT *sbuf)
|
||||||
|
{
|
||||||
|
return vfswrap_fstat(NULL, fsp, fd, sbuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_lstat(vfs_handle_struct *handle, connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf)
|
||||||
|
{
|
||||||
|
return vfswrap_lstat(NULL, conn, path, sbuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_unlink(vfs_handle_struct *handle, connection_struct *conn, const char *path)
|
||||||
|
{
|
||||||
|
return vfswrap_unlink(NULL, conn, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_chmod(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode)
|
||||||
|
{
|
||||||
|
return vfswrap_chmod(NULL, conn, path, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode)
|
||||||
|
{
|
||||||
|
return vfswrap_fchmod(NULL, fsp, fd, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_chown(vfs_handle_struct *handle, connection_struct *conn, const char *path, uid_t uid, gid_t gid)
|
||||||
|
{
|
||||||
|
return vfswrap_chown(NULL, conn, path, uid, gid);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd, uid_t uid, gid_t gid)
|
||||||
|
{
|
||||||
|
return vfswrap_fchown(NULL, fsp, fd, uid, gid);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_chdir(vfs_handle_struct *handle, connection_struct *conn, const char *path)
|
||||||
|
{
|
||||||
|
return vfswrap_chdir(NULL, conn, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *skel_getwd(vfs_handle_struct *handle, connection_struct *conn, char *buf)
|
||||||
|
{
|
||||||
|
return vfswrap_getwd(NULL, conn, buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_utime(vfs_handle_struct *handle, connection_struct *conn, const char *path, struct utimbuf *times)
|
||||||
|
{
|
||||||
|
return vfswrap_utime(NULL, conn, path, times);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_ftruncate(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_OFF_T offset)
|
||||||
|
{
|
||||||
|
return vfswrap_ftruncate(NULL, fsp, fd, offset);
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_lock(vfs_handle_struct *handle, files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
|
||||||
|
{
|
||||||
|
return vfswrap_lock(NULL, fsp, fd, op, offset, count, type);
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_symlink(vfs_handle_struct *handle, connection_struct *conn, const char *oldpath, const char *newpath)
|
||||||
|
{
|
||||||
|
return vfswrap_symlink(NULL, conn, oldpath, newpath);
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_readlink(vfs_handle_struct *handle, connection_struct *conn, const char *path, char *buf, size_t bufsiz)
|
||||||
|
{
|
||||||
|
return vfswrap_readlink(NULL, conn, path, buf, bufsiz);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_link(vfs_handle_struct *handle, connection_struct *conn, const char *oldpath, const char *newpath)
|
||||||
|
{
|
||||||
|
return vfswrap_link(NULL, conn, oldpath, newpath);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_mknod(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode, SMB_DEV_T dev)
|
||||||
|
{
|
||||||
|
return vfswrap_mknod(NULL, conn, path, mode, dev);
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *skel_realpath(vfs_handle_struct *handle, connection_struct *conn, const char *path, char *resolved_path)
|
||||||
|
{
|
||||||
|
return vfswrap_realpath(NULL, conn, path, resolved_path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static size_t skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, struct security_descriptor_info **ppdesc)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static size_t skel_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor_info **ppdesc)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor_info *psd)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, const char *name, mode_t mode)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_get_entry(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_get_tag_type(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_get_permset(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void *skel_sys_acl_get_qualifier(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle, connection_struct *conn, const char *path_p, SMB_ACL_TYPE_T type)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_clear_perms(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_add_perm(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *skel_sys_acl_to_text(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl, ssize_t *plen)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_ACL_T skel_sys_acl_init(vfs_handle_struct *handle, connection_struct *conn, int count)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_create_entry(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_tag_type(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_qualifier(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, void *qual)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_permset(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_valid(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl )
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_file(vfs_handle_struct *handle, connection_struct *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_ACL_T theacl)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_delete_def_file(vfs_handle_struct *handle, connection_struct *conn, const char *path)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_get_perm(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_free_text(vfs_handle_struct *handle, connection_struct *conn, char *text)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_free_acl(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T posix_acl)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_free_qualifier(vfs_handle_struct *handle, connection_struct *conn, void *qualifier, SMB_ACL_TAG_T tagtype)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_getxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name, void *value, size_t size)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_lgetxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name, void *value, size_t
|
||||||
|
size)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_fgetxattr(vfs_handle_struct *handle, struct files_struct *fsp,int fd, const char *name, void *value, size_t size)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_listxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, char *list, size_t size)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_llistxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, char *list, size_t size)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_flistxattr(vfs_handle_struct *handle, struct files_struct *fsp,int fd, char *list, size_t size)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_removexattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_lremovexattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fremovexattr(vfs_handle_struct *handle, struct files_struct *fsp,int fd, const char *name)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_setxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name, const void *value, size_t size, int flags)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_lsetxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name, const void *value, size_t size, int flags)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fsetxattr(vfs_handle_struct *handle, struct files_struct *fsp,int fd, const char *name, const void *value, size_t size, int flags)
|
||||||
|
{
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* VFS operations structure */
|
||||||
|
|
||||||
|
static vfs_op_tuple skel_op_tuples[] = {
|
||||||
|
|
||||||
|
/* Disk operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_disk_free), SMB_VFS_OP_DISK_FREE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_get_quota), SMB_VFS_OP_GET_QUOTA, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_set_quota), SMB_VFS_OP_SET_QUOTA, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
|
||||||
|
/* Directory operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_opendir), SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_readdir), SMB_VFS_OP_READDIR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_mkdir), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_rmdir), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_closedir), SMB_VFS_OP_CLOSEDIR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_close), SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_read), SMB_VFS_OP_READ, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_write), SMB_VFS_OP_WRITE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_lseek), SMB_VFS_OP_LSEEK, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_rename), SMB_VFS_OP_RENAME, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fsync), SMB_VFS_OP_FSYNC, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_stat), SMB_VFS_OP_STAT, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fstat), SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_lstat), SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_chmod), SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fchmod), SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_chown), SMB_VFS_OP_CHOWN, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fchown), SMB_VFS_OP_FCHOWN, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_chdir), SMB_VFS_OP_CHDIR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_getwd), SMB_VFS_OP_GETWD, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_utime), SMB_VFS_OP_UTIME, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_ftruncate), SMB_VFS_OP_FTRUNCATE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_lock), SMB_VFS_OP_LOCK, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_symlink), SMB_VFS_OP_SYMLINK, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_readlink), SMB_VFS_OP_READLINK, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_link), SMB_VFS_OP_LINK, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_mknod), SMB_VFS_OP_MKNOD, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_realpath), SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
|
||||||
|
/* NT File ACL operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
|
||||||
|
/* POSIX ACL operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_chmod_acl), SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
|
||||||
|
/* EA operations. */
|
||||||
|
{SMB_VFS_OP(skel_getxattr), SMB_VFS_OP_GETXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_lgetxattr), SMB_VFS_OP_LGETXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fgetxattr), SMB_VFS_OP_FGETXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_listxattr), SMB_VFS_OP_LISTXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_llistxattr), SMB_VFS_OP_LLISTXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_flistxattr), SMB_VFS_OP_FLISTXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_removexattr), SMB_VFS_OP_REMOVEXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_lremovexattr), SMB_VFS_OP_LREMOVEXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fremovexattr), SMB_VFS_OP_FREMOVEXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_setxattr), SMB_VFS_OP_SETXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_lsetxattr), SMB_VFS_OP_LSETXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
{SMB_VFS_OP(skel_fsetxattr), SMB_VFS_OP_FSETXATTR, SMB_VFS_LAYER_OPAQUE},
|
||||||
|
|
||||||
|
{NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
|
||||||
|
};
|
||||||
|
|
||||||
|
NTSTATUS init_module(void)
|
||||||
|
{
|
||||||
|
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "skel_opaque", skel_op_tuples);
|
||||||
|
}
|
532
examples/VFS/skel_transparent.c
Normal file
532
examples/VFS/skel_transparent.c
Normal file
@ -0,0 +1,532 @@
|
|||||||
|
/*
|
||||||
|
* Skeleton VFS module. Implements passthrough operation of all VFS
|
||||||
|
* calls to disk functions.
|
||||||
|
*
|
||||||
|
* Copyright (C) Tim Potter, 1999-2000
|
||||||
|
* Copyright (C) Alexander Bokovoy, 2002
|
||||||
|
* Copyright (C) Stefan (metze) Metzmacher, 2003
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
/* PLEASE,PLEASE READ THE VFS MODULES CHAPTER OF THE
|
||||||
|
SAMBA DEVELOPERS GUIDE!!!!!!
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* If you take this file as template for your module
|
||||||
|
* please make sure that you remove all functions you didn't
|
||||||
|
* want to implement!!
|
||||||
|
*
|
||||||
|
* This passthrough operations are useless in reall vfs modules!
|
||||||
|
*
|
||||||
|
* --metze
|
||||||
|
*/
|
||||||
|
|
||||||
|
static int skel_connect(vfs_handle_struct *handle, connection_struct *conn, const char *service, const char *user)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_CONNECT(handle, conn, service, user);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void skel_disconnect(vfs_handle_struct *handle, connection_struct *conn)
|
||||||
|
{
|
||||||
|
SMB_VFS_NEXT_DISCONNECT(handle, conn);
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_BIG_UINT skel_disk_free(vfs_handle_struct *handle, connection_struct *conn, const char *path,
|
||||||
|
BOOL small_query, SMB_BIG_UINT *bsize,
|
||||||
|
SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_DISK_FREE(handle, conn, path, small_query, bsize,
|
||||||
|
dfree, dsize);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_get_quota(vfs_handle_struct *handle, connection_struct *conn, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dq)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_GET_QUOTA(handle, conn, qtype, id, dq);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_set_quota(vfs_handle_struct *handle, connection_struct *conn, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dq)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SET_QUOTA(handle, conn, qtype, id, dq);
|
||||||
|
}
|
||||||
|
|
||||||
|
static DIR *skel_opendir(vfs_handle_struct *handle, connection_struct *conn, const char *fname)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_OPENDIR(handle, conn, fname);
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct dirent *skel_readdir(vfs_handle_struct *handle, connection_struct *conn, DIR *dirp)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_READDIR(handle, conn, dirp);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_mkdir(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_MKDIR(handle, conn, path, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_rmdir(vfs_handle_struct *handle, connection_struct *conn, const char *path)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_RMDIR(handle, conn, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_closedir(vfs_handle_struct *handle, connection_struct *conn, DIR *dir)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_CLOSEDIR(handle, conn, dir);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_open(vfs_handle_struct *handle, connection_struct *conn, const char *fname, int flags, mode_t mode)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_read(vfs_handle_struct *handle, files_struct *fsp, int fd, void *data, size_t n)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_READ(handle, fsp, fd, data, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_write(vfs_handle_struct *handle, files_struct *fsp, int fd, const void *data, size_t n)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_OFF_T skel_lseek(vfs_handle_struct *handle, files_struct *fsp, int filedes, SMB_OFF_T offset, int whence)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LSEEK(handle, fsp, filedes, offset, whence);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_rename(vfs_handle_struct *handle, connection_struct *conn, const char *old, const char *new)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_RENAME(handle, conn, old, new);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FSYNC(handle, fsp, fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_stat(vfs_handle_struct *handle, connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_STAT(handle, conn, fname, sbuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_STRUCT_STAT *sbuf)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_lstat(vfs_handle_struct *handle, connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LSTAT(handle, conn, path, sbuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_unlink(vfs_handle_struct *handle, connection_struct *conn, const char *path)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_UNLINK(handle, conn, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_chmod(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_chown(vfs_handle_struct *handle, connection_struct *conn, const char *path, uid_t uid, gid_t gid)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_CHOWN(handle, conn, path, uid, gid);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd, uid_t uid, gid_t gid)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_chdir(vfs_handle_struct *handle, connection_struct *conn, const char *path)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_CHDIR(handle, conn, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *skel_getwd(vfs_handle_struct *handle, connection_struct *conn, char *buf)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_GETWD(handle, conn, buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_utime(vfs_handle_struct *handle, connection_struct *conn, const char *path, struct utimbuf *times)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_UTIME(handle, conn, path, times);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_ftruncate(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_OFF_T offset)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, offset);
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_lock(vfs_handle_struct *handle, files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type);
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_symlink(vfs_handle_struct *handle, connection_struct *conn, const char *oldpath, const char *newpath)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYMLINK(handle, conn, oldpath, newpath);
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_readlink(vfs_handle_struct *handle, connection_struct *conn, const char *path, char *buf, size_t bufsiz)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_READLINK(handle, conn, path, buf, bufsiz);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_link(vfs_handle_struct *handle, connection_struct *conn, const char *oldpath, const char *newpath)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LINK(handle, conn, oldpath, newpath);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_mknod(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode, SMB_DEV_T dev)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_MKNOD(handle, conn, path, mode, dev);
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *skel_realpath(vfs_handle_struct *handle, connection_struct *conn, const char *path, char *resolved_path)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_REALPATH(handle, conn, path, resolved_path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static size_t skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, struct security_descriptor_info **ppdesc)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info, ppdesc);
|
||||||
|
}
|
||||||
|
|
||||||
|
static size_t skel_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor_info **ppdesc)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, ppdesc);
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor_info *psd)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent, psd);
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL skel_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, psd);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, const char *name, mode_t mode)
|
||||||
|
{
|
||||||
|
/* If the underlying VFS doesn't have ACL support... */
|
||||||
|
if (!handle->vfs_next.ops.chmod_acl) {
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
return SMB_VFS_NEXT_CHMOD_ACL(handle, conn, name, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode)
|
||||||
|
{
|
||||||
|
/* If the underlying VFS doesn't have ACL support... */
|
||||||
|
if (!handle->vfs_next.ops.fchmod_acl) {
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
return SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_get_entry(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, conn, theacl, entry_id, entry_p);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_get_tag_type(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, conn, entry_d, tag_type_p);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_get_permset(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, conn, entry_d, permset_p);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void *skel_sys_acl_get_qualifier(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, conn, entry_d);
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle, connection_struct *conn, const char *path_p, SMB_ACL_TYPE_T type)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, conn, path_p, type);
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_clear_perms(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, conn, permset);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_add_perm(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, conn, permset, perm);
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *skel_sys_acl_to_text(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl, ssize_t *plen)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, conn, theacl, plen);
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_ACL_T skel_sys_acl_init(vfs_handle_struct *handle, connection_struct *conn, int count)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_INIT(handle, conn, count);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_create_entry(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, conn, pacl, pentry);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_tag_type(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, conn, entry, tagtype);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_qualifier(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, void *qual)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, conn, entry, qual);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_permset(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, conn, entry, permset);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_valid(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl )
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_VALID(handle, conn, theacl);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_file(vfs_handle_struct *handle, connection_struct *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, conn, name, acltype, theacl);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_ACL_T theacl)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_delete_def_file(vfs_handle_struct *handle, connection_struct *conn, const char *path)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, conn, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_get_perm(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, conn, permset, perm);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_free_text(vfs_handle_struct *handle, connection_struct *conn, char *text)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, conn, text);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_free_acl(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T posix_acl)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, conn, posix_acl);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_sys_acl_free_qualifier(vfs_handle_struct *handle, connection_struct *conn, void *qualifier, SMB_ACL_TAG_T tagtype)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, conn, qualifier, tagtype);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_getxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name, void *value, size_t size)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_GETXATTR(handle, conn, path, name, value, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_lgetxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name, void *value, size_t
|
||||||
|
size)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LGETXATTR(handle, conn, path, name, value, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_fgetxattr(vfs_handle_struct *handle, struct files_struct *fsp,int fd, const char *name, void *value, size_t size)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FGETXATTR(handle, fsp, fd, name, value, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_listxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, char *list, size_t size)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LISTXATTR(handle, conn, path, list, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_llistxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, char *list, size_t size)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LLISTXATTR(handle, conn, path, list, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t skel_flistxattr(vfs_handle_struct *handle, struct files_struct *fsp,int fd, char *list, size_t size)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FLISTXATTR(handle, fsp, fd, list, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_removexattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_REMOVEXATTR(handle, conn, path, name);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_lremovexattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LREMOVEXATTR(handle, conn, path, name);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fremovexattr(vfs_handle_struct *handle, struct files_struct *fsp,int fd, const char *name)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, fd, name);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_setxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name, const void *value, size_t size, int flags)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_SETXATTR(handle, conn, path, name, value, size, flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_lsetxattr(vfs_handle_struct *handle, struct connection_struct *conn,const char *path, const char *name, const void *value, size_t size, int flags)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_LSETXATTR(handle, conn, path, name, value, size, flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int skel_fsetxattr(vfs_handle_struct *handle, struct files_struct *fsp,int fd, const char *name, const void *value, size_t size, int flags)
|
||||||
|
{
|
||||||
|
return SMB_VFS_NEXT_FSETXATTR(handle, fsp, fd, name, value, size, flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* VFS operations structure */
|
||||||
|
|
||||||
|
static vfs_op_tuple skel_op_tuples[] = {
|
||||||
|
|
||||||
|
/* Disk operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_disk_free), SMB_VFS_OP_DISK_FREE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_get_quota), SMB_VFS_OP_GET_QUOTA, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_set_quota), SMB_VFS_OP_SET_QUOTA, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
/* Directory operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_opendir), SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_readdir), SMB_VFS_OP_READDIR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_mkdir), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_rmdir), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_closedir), SMB_VFS_OP_CLOSEDIR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_close), SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_read), SMB_VFS_OP_READ, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_write), SMB_VFS_OP_WRITE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_lseek), SMB_VFS_OP_LSEEK, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_rename), SMB_VFS_OP_RENAME, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fsync), SMB_VFS_OP_FSYNC, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_stat), SMB_VFS_OP_STAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fstat), SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_lstat), SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_chmod), SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fchmod), SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_chown), SMB_VFS_OP_CHOWN, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fchown), SMB_VFS_OP_FCHOWN, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_chdir), SMB_VFS_OP_CHDIR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_getwd), SMB_VFS_OP_GETWD, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_utime), SMB_VFS_OP_UTIME, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_ftruncate), SMB_VFS_OP_FTRUNCATE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_lock), SMB_VFS_OP_LOCK, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_symlink), SMB_VFS_OP_SYMLINK, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_readlink), SMB_VFS_OP_READLINK, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_link), SMB_VFS_OP_LINK, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_mknod), SMB_VFS_OP_MKNOD, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_realpath), SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
/* NT File ACL operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
/* POSIX ACL operations */
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_chmod_acl), SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
/* EA operations. */
|
||||||
|
{SMB_VFS_OP(skel_getxattr), SMB_VFS_OP_GETXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_lgetxattr), SMB_VFS_OP_LGETXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fgetxattr), SMB_VFS_OP_FGETXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_listxattr), SMB_VFS_OP_LISTXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_llistxattr), SMB_VFS_OP_LLISTXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_flistxattr), SMB_VFS_OP_FLISTXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_removexattr), SMB_VFS_OP_REMOVEXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_lremovexattr), SMB_VFS_OP_LREMOVEXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fremovexattr), SMB_VFS_OP_FREMOVEXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_setxattr), SMB_VFS_OP_SETXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_lsetxattr), SMB_VFS_OP_LSETXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
{SMB_VFS_OP(skel_fsetxattr), SMB_VFS_OP_FSETXATTR, SMB_VFS_LAYER_TRANSPARENT},
|
||||||
|
|
||||||
|
{NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
|
||||||
|
};
|
||||||
|
|
||||||
|
NTSTATUS init_module(void)
|
||||||
|
{
|
||||||
|
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "skel_transparent", skel_op_tuples);
|
||||||
|
}
|
46
examples/pdb/sambapdb.dtd
Normal file
46
examples/pdb/sambapdb.dtd
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
<!ELEMENT samba:crypt (#PCDATA)* >
|
||||||
|
<!ATTLIST samba:crypt type CDATA #REQUIRED >
|
||||||
|
|
||||||
|
<!ELEMENT samba:password (samba:crypt*) >
|
||||||
|
<!ATTLIST samba:password last_set CDATA #IMPLIED
|
||||||
|
must_change CDATA #IMPLIED
|
||||||
|
can_change CDATA #IMPLIED>
|
||||||
|
|
||||||
|
<!ELEMENT samba:group (#PCDATA)* >
|
||||||
|
<!ATTLIST samba:group sid CDATA #REQUIRED
|
||||||
|
gid CDATA #IMPLIED >
|
||||||
|
|
||||||
|
<!ELEMENT samba:domain (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:fullname (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:nt_username (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:logon_script (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:profile_path (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:logon_time (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:logoff_time (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:kickoff_time (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:logon_divs (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:hours_len (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:unknown_3 (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:unknown_5 (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:unknown_6 (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:homedir (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:unknown_str (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:dir_drive (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:munged_dial (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:acct_desc (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:acct_ctrl (#PCDATA)* >
|
||||||
|
<!ELEMENT samba:workstations (#PCDATA)* >
|
||||||
|
|
||||||
|
<!ELEMENT samba:user ( samba:group?, samba:domain?, samba:nt_username?, samba:fullname?, samba:homedir?, samba:dir_drive?, samba:logon_script?, samba:profile_path?, samba:password?, samba:acct_ctrl?,samba:unknown_3?, samba:logon_divs?, samba:hours_len?, samba:logon_time?, samba:logoff_time?, samba:kickoff_time?, samba:unknown_5?, samba:unknown_6?, samba:unknown_str?, samba:munged_dial?, samba:acct_desc?, samba:workstations? ) >
|
||||||
|
|
||||||
|
<!ATTLIST samba:user sid CDATA #REQUIRED
|
||||||
|
uid CDATA #IMPLIED
|
||||||
|
name CDATA #REQUIRED>
|
||||||
|
|
||||||
|
<!ELEMENT samba:users (samba:user*) >
|
||||||
|
|
||||||
|
<!ELEMENT samba (samba:users?) >
|
||||||
|
|
||||||
|
<!ATTLIST samba
|
||||||
|
xmlns CDATA #FIXED 'http://samba.org/~jelmer/sambapdb.dtd'>
|
||||||
|
|
685
packaging/Debian/debian/patches/krb5-vars.patch
Normal file
685
packaging/Debian/debian/patches/krb5-vars.patch
Normal file
@ -0,0 +1,685 @@
|
|||||||
|
--- samba_3_0/source/Makefile.in.orig 2003-07-15 12:26:55.000000000 -0400
|
||||||
|
+++ samba_3_0/source/Makefile.in 2003-07-15 12:26:57.000000000 -0400
|
||||||
|
@@ -32,7 +32,6 @@
|
||||||
|
ACLLIBS=@ACLLIBS@
|
||||||
|
PASSDBLIBS=@PASSDBLIBS@
|
||||||
|
IDMAP_LIBS=@IDMAP_LIBS@
|
||||||
|
-ADSLIBS=@ADSLIBS@
|
||||||
|
KRB5LIBS=@KRB5_LIBS@
|
||||||
|
LDAPLIBS=@LDAP_LIBS@
|
||||||
|
|
||||||
|
@@ -735,12 +734,12 @@
|
||||||
|
|
||||||
|
bin/smbd@EXEEXT@: $(SMBD_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
- @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(ADSLIBS) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \
|
||||||
|
+ @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(KRB5LIBS) $(LDAPLIBS) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \
|
||||||
|
$(AUTHLIBS) $(ACLLIBS) $(PASSDBLIBS) $(LIBS) @POPTLIBS@
|
||||||
|
|
||||||
|
bin/nmbd@EXEEXT@: $(NMBD_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
- @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS)
|
||||||
|
+ @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
|
||||||
|
|
||||||
|
bin/wrepld@EXEEXT@: $(WREPL_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
@@ -749,19 +748,19 @@
|
||||||
|
bin/swat@EXEEXT@: $(SWAT_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \
|
||||||
|
- $(AUTHLIBS) $(LIBS) $(PASSDBLIBS) @POPTLIBS@ $(KRB5LIBS)
|
||||||
|
+ $(AUTHLIBS) $(LIBS) $(PASSDBLIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
|
||||||
|
|
||||||
|
bin/rpcclient@EXEEXT@: $(RPCCLIENT_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
- @$(CC) $(FLAGS) -o $@ $(PASSDBLIBS) $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(ADSLIBS)
|
||||||
|
+ @$(CC) $(FLAGS) -o $@ $(PASSDBLIBS) $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
|
||||||
|
|
||||||
|
bin/smbclient@EXEEXT@: $(CLIENT_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
- @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(ADSLIBS)
|
||||||
|
+ @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS)
|
||||||
|
|
||||||
|
bin/net@EXEEXT@: $(NET_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
- @$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(ADSLIBS) $(PASSDBLIBS)
|
||||||
|
+ @$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAPLIBS) $(PASSDBLIBS)
|
||||||
|
|
||||||
|
bin/profiles@EXEEXT@: $(PROFILES_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
@@ -809,7 +808,7 @@
|
||||||
|
|
||||||
|
bin/smbpasswd@EXEEXT@: $(SMBPASSWD_OBJ) bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
- @$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(PASSDBLIBS) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS)
|
||||||
|
+ @$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(PASSDBLIBS) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAPLIBS)
|
||||||
|
|
||||||
|
bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
@@ -881,7 +880,7 @@
|
||||||
|
|
||||||
|
bin/smbw_sample@EXEEXT@: $(SMBW_OBJ) utils/smbw_sample.o bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
- @$(CC) $(FLAGS) -o $@ $(SMBW_OBJ) utils/smbw_sample.o $(LDFLAGS) $(LIBS) $(KRB5LIBS)
|
||||||
|
+ @$(CC) $(FLAGS) -o $@ $(SMBW_OBJ) utils/smbw_sample.o $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAPLIBS)
|
||||||
|
|
||||||
|
bin/smbsh@EXEEXT@: $(SMBSH_OBJ) bin/.dummy
|
||||||
|
@echo Linking $@
|
||||||
|
@@ -890,12 +889,14 @@
|
||||||
|
bin/smbwrapper.@SHLIBEXT@: $(PICOBJS) bin/.dummy
|
||||||
|
@echo Linking shared library $@
|
||||||
|
@$(SHLD) $(LDSHFLAGS) -o $@ $(PICOBJS) $(LIBS) \
|
||||||
|
- @SONAMEFLAG@`basename $@` $(KRB5LIBS)
|
||||||
|
+ $(KRB5LIBS) $(LDAPLIBS) \
|
||||||
|
+ @SONAMEFLAG@`basename $@`
|
||||||
|
|
||||||
|
bin/libsmbclient.@SHLIBEXT@: $(LIBSMBCLIENT_PICOBJS)
|
||||||
|
@echo Linking libsmbclient shared library $@
|
||||||
|
@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_PICOBJS) $(LDFLAGS) $(LIBS) \
|
||||||
|
- $(KRB5LIBS) @SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR)
|
||||||
|
+ $(KRB5LIBS) $(LDAPLIBS) \
|
||||||
|
+ @SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR)
|
||||||
|
|
||||||
|
bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS)
|
||||||
|
@echo Linking libsmbclient non-shared library $@
|
||||||
|
@@ -905,7 +906,8 @@
|
||||||
|
bin/libbigballofmud.@SHLIBEXT@: $(LIBBIGBALLOFMUD_PICOBJS)
|
||||||
|
@echo Linking bigballofmud shared library $@
|
||||||
|
@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBBIGBALLOFMUD_PICOBJS) $(LIBS) \
|
||||||
|
- @SONAMEFLAG@`basename $@`.$(LIBBIGBALLOFMUD_MAJOR) $(PASSDBLIBS) $(IDMAP_LIBS) $(ADSLIBS)
|
||||||
|
+ $(PASSDBLIBS) $(IDMAP_LIBS) $(KRB5LIBS) $(LDAPLIBS) \
|
||||||
|
+ @SONAMEFLAG@`basename $@`.$(LIBBIGBALLOFMUD_MAJOR)
|
||||||
|
ln -snf libbigballofmud.so bin/libbigballofmud.so.0
|
||||||
|
|
||||||
|
# It would be nice to build a static bigballofmud too, but when I try
|
||||||
|
diff -uNr samba-3.0.0beta2.orig/source/aclocal.m4 samba-3.0.0beta2/source/aclocal.m4
|
||||||
|
--- samba-3.0.0beta2.orig/source/aclocal.m4 2003-07-01 15:44:25.000000000 -0500
|
||||||
|
+++ samba-3.0.0beta2/source/aclocal.m4 2003-07-05 16:22:30.000000000 -0500
|
||||||
|
@@ -111,6 +111,113 @@
|
||||||
|
esac
|
||||||
|
])
|
||||||
|
|
||||||
|
+# AC_CHECK_LIB_EXT(LIBRARY, [EXT_LIBS], [FUNCTION],
|
||||||
|
+# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND],
|
||||||
|
+# [ADD-ACTION-IF-FOUND],[OTHER-LIBRARIES])
|
||||||
|
+# ------------------------------------------------------
|
||||||
|
+#
|
||||||
|
+# Use a cache variable name containing both the library and function name,
|
||||||
|
+# because the test really is for library $1 defining function $3, not
|
||||||
|
+# just for library $1. Separate tests with the same $1 and different $3s
|
||||||
|
+# may have different results.
|
||||||
|
+#
|
||||||
|
+# Note that using directly AS_VAR_PUSHDEF([ac_Lib], [ac_cv_lib_$1_$3])
|
||||||
|
+# is asking for troubles, since AC_CHECK_LIB($lib, fun) would give
|
||||||
|
+# ac_cv_lib_$lib_fun, which is definitely not what was meant. Hence
|
||||||
|
+# the AS_LITERAL_IF indirection.
|
||||||
|
+#
|
||||||
|
+# FIXME: This macro is extremely suspicious. It DEFINEs unconditionnally,
|
||||||
|
+# whatever the FUNCTION, in addition to not being a *S macro. Note
|
||||||
|
+# that the cache does depend upon the function we are looking for.
|
||||||
|
+#
|
||||||
|
+# It is on purpose we used `ac_check_lib_ext_save_LIBS' and not just
|
||||||
|
+# `ac_save_LIBS': there are many macros which don't want to see `LIBS'
|
||||||
|
+# changed but still want to use AC_CHECK_LIB_EXT, so they save `LIBS'.
|
||||||
|
+# And ``ac_save_LIBS' is too tempting a name, so let's leave them some
|
||||||
|
+# freedom.
|
||||||
|
+AC_DEFUN([AC_CHECK_LIB_EXT],
|
||||||
|
+[
|
||||||
|
+AH_CHECK_LIB_EXT([$1])
|
||||||
|
+ac_check_lib_ext_save_LIBS=$LIBS
|
||||||
|
+LIBS="-l$1 $$2 $7 $LIBS"
|
||||||
|
+AS_LITERAL_IF([$1],
|
||||||
|
+ [AS_VAR_PUSHDEF([ac_Lib_ext], [ac_cv_lib_ext_$1])],
|
||||||
|
+ [AS_VAR_PUSHDEF([ac_Lib_ext], [ac_cv_lib_ext_$1''])])dnl
|
||||||
|
+
|
||||||
|
+m4_ifval([$3],
|
||||||
|
+ [
|
||||||
|
+ AH_CHECK_FUNC_EXT([$3])
|
||||||
|
+ AS_LITERAL_IF([$1],
|
||||||
|
+ [AS_VAR_PUSHDEF([ac_Lib_func], [ac_cv_lib_ext_$1_$3])],
|
||||||
|
+ [AS_VAR_PUSHDEF([ac_Lib_func], [ac_cv_lib_ext_$1''_$3])])dnl
|
||||||
|
+ AC_CACHE_CHECK([for $3 in -l$1], ac_Lib_func,
|
||||||
|
+ [AC_TRY_LINK_FUNC($3,
|
||||||
|
+ [AS_VAR_SET(ac_Lib_func, yes);
|
||||||
|
+ AS_VAR_SET(ac_Lib_ext, yes)],
|
||||||
|
+ [AS_VAR_SET(ac_Lib_func, no);
|
||||||
|
+ AS_VAR_SET(ac_Lib_ext, no)])
|
||||||
|
+ ])
|
||||||
|
+ AS_IF([test AS_VAR_GET(ac_Lib_func) = yes],
|
||||||
|
+ [AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_$3))])dnl
|
||||||
|
+ AS_VAR_POPDEF([ac_Lib_func])dnl
|
||||||
|
+ ],[
|
||||||
|
+ AC_CACHE_CHECK([for -l$1], ac_Lib_ext,
|
||||||
|
+ [AC_TRY_LINK_FUNC([main],
|
||||||
|
+ [AS_VAR_SET(ac_Lib_ext, yes)],
|
||||||
|
+ [AS_VAR_SET(ac_Lib_ext, no)])
|
||||||
|
+ ])
|
||||||
|
+ ])
|
||||||
|
+LIBS=$ac_check_lib_ext_save_LIBS
|
||||||
|
+
|
||||||
|
+AS_IF([test AS_VAR_GET(ac_Lib_ext) = yes],
|
||||||
|
+ [m4_default([$4],
|
||||||
|
+ [AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_LIB$1))
|
||||||
|
+ case "$$2" in
|
||||||
|
+ *-l$1*)
|
||||||
|
+ ;;
|
||||||
|
+ *)
|
||||||
|
+ $2="$$2 -l$1"
|
||||||
|
+ ;;
|
||||||
|
+ esac])
|
||||||
|
+ [$6]
|
||||||
|
+ ],
|
||||||
|
+ [$5])dnl
|
||||||
|
+AS_VAR_POPDEF([ac_Lib_ext])dnl
|
||||||
|
+])# AC_CHECK_LIB_EXT
|
||||||
|
+
|
||||||
|
+# AH_CHECK_LIB_EXT(LIBNAME)
|
||||||
|
+# ---------------------
|
||||||
|
+m4_define([AH_CHECK_LIB_EXT],
|
||||||
|
+[AH_TEMPLATE(AS_TR_CPP(HAVE_LIB$1),
|
||||||
|
+ [Define to 1 if you have the `]$1[' library (-l]$1[).])])
|
||||||
|
+
|
||||||
|
+# AC_CHECK_FUNCS_EXT(FUNCTION, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
|
||||||
|
+# -----------------------------------------------------------------
|
||||||
|
+dnl check for a function in a $LIBS and $OTHER_LIBS libraries variable.
|
||||||
|
+dnl AC_CHECK_FUNC_EXT(func,OTHER_LIBS,IF-TRUE,IF-FALSE)
|
||||||
|
+AC_DEFUN([AC_CHECK_FUNC_EXT],
|
||||||
|
+[
|
||||||
|
+ AH_CHECK_FUNC_EXT($1)
|
||||||
|
+ ac_check_func_ext_save_LIBS=$LIBS
|
||||||
|
+ LIBS="$2 $LIBS"
|
||||||
|
+ AS_VAR_PUSHDEF([ac_var], [ac_cv_func_ext_$1])dnl
|
||||||
|
+ AC_CACHE_CHECK([for $1], ac_var,
|
||||||
|
+ [AC_LINK_IFELSE([AC_LANG_FUNC_LINK_TRY([$1])],
|
||||||
|
+ [AS_VAR_SET(ac_var, yes)],
|
||||||
|
+ [AS_VAR_SET(ac_var, no)])])
|
||||||
|
+ LIBS=$ac_check_func_ext_save_LIBS
|
||||||
|
+ AS_IF([test AS_VAR_GET(ac_var) = yes],
|
||||||
|
+ [AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$1])) $3],
|
||||||
|
+ [$4])dnl
|
||||||
|
+AS_VAR_POPDEF([ac_var])dnl
|
||||||
|
+])# AC_CHECK_FUNC
|
||||||
|
+
|
||||||
|
+# AH_CHECK_FUNC_EXT(FUNCNAME)
|
||||||
|
+# ---------------------
|
||||||
|
+m4_define([AH_CHECK_FUNC_EXT],
|
||||||
|
+[AH_TEMPLATE(AS_TR_CPP(HAVE_$1),
|
||||||
|
+ [Define to 1 if you have the `]$1[' function.])])
|
||||||
|
+
|
||||||
|
dnl Define an AC_DEFINE with ifndef guard.
|
||||||
|
dnl AC_N_DEFINE(VARIABLE [, VALUE])
|
||||||
|
define(AC_N_DEFINE,
|
||||||
|
diff -uNr samba-3.0.0beta2.orig/source/configure.in samba-3.0.0beta2/source/configure.in
|
||||||
|
--- samba-3.0.0beta2.orig/source/configure.in 2003-07-05 16:22:00.000000000 -0500
|
||||||
|
+++ samba-3.0.0beta2/source/configure.in 2003-07-05 16:23:53.000000000 -0500
|
||||||
|
@@ -162,12 +162,10 @@
|
||||||
|
AC_SUBST(PRINTLIBS)
|
||||||
|
AC_SUBST(AUTHLIBS)
|
||||||
|
AC_SUBST(ACLLIBS)
|
||||||
|
-AC_SUBST(ADSLIBS)
|
||||||
|
AC_SUBST(PASSDBLIBS)
|
||||||
|
AC_SUBST(IDMAP_LIBS)
|
||||||
|
AC_SUBST(KRB5_LIBS)
|
||||||
|
AC_SUBST(LDAP_LIBS)
|
||||||
|
-AC_SUBST(LDAP_OBJ)
|
||||||
|
AC_SUBST(SHLIB_PROGS)
|
||||||
|
AC_SUBST(SMBWRAPPER)
|
||||||
|
AC_SUBST(EXTRA_BIN_PROGS)
|
||||||
|
@@ -2105,14 +2103,107 @@
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
)
|
||||||
|
|
||||||
|
+########################################################
|
||||||
|
+# Compile with LDAP support?
|
||||||
|
+
|
||||||
|
+with_ldap_support=auto
|
||||||
|
+AC_MSG_CHECKING([for LDAP support])
|
||||||
|
+
|
||||||
|
+AC_ARG_WITH(ldap,
|
||||||
|
+[ --with-ldap LDAP support (default yes)],
|
||||||
|
+[ case "$withval" in
|
||||||
|
+ yes|no)
|
||||||
|
+ with_ldap_support=$withval
|
||||||
|
+ ;;
|
||||||
|
+ esac ])
|
||||||
|
+
|
||||||
|
+AC_MSG_RESULT($with_ldap_support)
|
||||||
|
+
|
||||||
|
+SMBLDAP=""
|
||||||
|
+SMBLDAP_PROTO=""
|
||||||
|
+AC_SUBST(SMBLDAP)
|
||||||
|
+AC_SUBST(SMBLDAP_PROTO)
|
||||||
|
+if test x"$with_ldap_support" != x"no"; then
|
||||||
|
+
|
||||||
|
+ ##################################################################
|
||||||
|
+ # first test for ldap.h and lber.h
|
||||||
|
+ # (ldap.h is required for this test)
|
||||||
|
+ AC_CHECK_HEADERS(ldap.h lber.h)
|
||||||
|
+
|
||||||
|
+ if test x"$ac_cv_header_ldap_h" != x"yes"; then
|
||||||
|
+ if test x"$with_ldap_support" = x"yes"; then
|
||||||
|
+ AC_MSG_ERROR(ldap.h is needed for LDAP support)
|
||||||
|
+ else
|
||||||
|
+ AC_MSG_WARN(ldap.h is needed for LDAP support)
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
+ with_ldap_support=no
|
||||||
|
+ fi
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+if test x"$with_ldap_support" != x"no"; then
|
||||||
|
+ ac_save_LIBS=$LIBS
|
||||||
|
+
|
||||||
|
+ ##################################################################
|
||||||
|
+ # we might need the lber lib on some systems. To avoid link errors
|
||||||
|
+ # this test must be before the libldap test
|
||||||
|
+ AC_CHECK_LIB_EXT(lber, LDAP_LIBS, ber_scanf)
|
||||||
|
+
|
||||||
|
+ ########################################################
|
||||||
|
+ # now see if we can find the ldap libs in standard paths
|
||||||
|
+ AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init)
|
||||||
|
+
|
||||||
|
+ AC_CHECK_FUNC_EXT(ldap_domain2hostlist,$LDAP_LIBS)
|
||||||
|
+
|
||||||
|
+ ########################################################
|
||||||
|
+ # If we have LDAP, does it's rebind procedure take 2 or 3 arguments?
|
||||||
|
+ # Check found in pam_ldap 145.
|
||||||
|
+ AC_CHECK_FUNC_EXT(ldap_set_rebind_proc,$LDAP_LIBS)
|
||||||
|
+
|
||||||
|
+ LIBS="$LIBS $LDAP_LIBS"
|
||||||
|
+ AC_CACHE_CHECK(whether ldap_set_rebind_proc takes 3 arguments, smb_ldap_cv_ldap_set_rebind_proc, [
|
||||||
|
+ AC_TRY_COMPILE([
|
||||||
|
+ #include <lber.h>
|
||||||
|
+ #include <ldap.h>],
|
||||||
|
+ [ldap_set_rebind_proc(0, 0, 0);],
|
||||||
|
+ [smb_ldap_cv_ldap_set_rebind_proc=3],
|
||||||
|
+ [smb_ldap_cv_ldap_set_rebind_proc=2]
|
||||||
|
+ )
|
||||||
|
+ ])
|
||||||
|
+
|
||||||
|
+ AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $smb_ldap_cv_ldap_set_rebind_proc, [Number of arguments to ldap_set_rebind_proc])
|
||||||
|
+
|
||||||
|
+ AC_CHECK_FUNC_EXT(ldap_initialize,$LDAP_LIBS)
|
||||||
|
+
|
||||||
|
+ if test x"$ac_cv_lib_ext_ldap_ldap_init" = x"yes" -a x"$ac_cv_func_ext_ldap_domain2hostlist" = x"yes"; then
|
||||||
|
+ AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])
|
||||||
|
+ default_static_modules="$default_static_modules pdb_ldap idmap_ldap";
|
||||||
|
+ SMBLDAP="lib/smbldap.o"
|
||||||
|
+ with_ldap_support=yes
|
||||||
|
+ AC_MSG_CHECKING(whether LDAP support is used)
|
||||||
|
+ AC_MSG_RESULT(yes)
|
||||||
|
+ else
|
||||||
|
+ if test x"$with_ldap_support" = x"yes"; then
|
||||||
|
+ AC_MSG_ERROR(libldap is needed for LDAP support)
|
||||||
|
+ else
|
||||||
|
+ AC_MSG_WARN(libldap is needed for LDAP support)
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
+ LDAP_LIBS=""
|
||||||
|
+ with_ldap_support=no
|
||||||
|
+ fi
|
||||||
|
+ LIBS=$ac_save_LIBS
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+
|
||||||
|
#################################################
|
||||||
|
# active directory support
|
||||||
|
|
||||||
|
with_ads_support=auto
|
||||||
|
-AC_MSG_CHECKING([whether to use Active Directory])
|
||||||
|
+AC_MSG_CHECKING([for Active Directory and krb5 support])
|
||||||
|
|
||||||
|
AC_ARG_WITH(ads,
|
||||||
|
-[ --with-ads Active Directory support (default yes)],
|
||||||
|
+[ --with-ads Active Directory support (default auto)],
|
||||||
|
[ case "$withval" in
|
||||||
|
yes|no)
|
||||||
|
with_ads_support="$withval"
|
||||||
|
@@ -2124,22 +2215,28 @@
|
||||||
|
FOUND_KRB5=no
|
||||||
|
KRB5_LIBS=""
|
||||||
|
|
||||||
|
+if test x"$with_ldap_support" != x"yes"; then
|
||||||
|
+ if test x"$with_ads_support" = x"yes"; then
|
||||||
|
+ AC_MSG_ERROR(Active Directory Support requires LDAP support)
|
||||||
|
+ elif test x"$with_ads_support" != x"no"; then
|
||||||
|
+ AC_MSG_WARN(Active Directory Support requires LDAP support)
|
||||||
|
+ fi
|
||||||
|
+ with_ads_support=no
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
if test x"$with_ads_support" != x"no"; then
|
||||||
|
|
||||||
|
# Do no harm to the values of CFLAGS and LIBS while testing for
|
||||||
|
# Kerberos support.
|
||||||
|
|
||||||
|
- ac_save_CFLAGS="$CFLAGS"
|
||||||
|
- ac_save_LIBS="$LIBS"
|
||||||
|
-
|
||||||
|
#################################################
|
||||||
|
# check for krb5-config from recent MIT and Heimdal kerberos 5
|
||||||
|
AC_PATH_PROG(KRB5_CONFIG, krb5-config)
|
||||||
|
AC_MSG_CHECKING(for working krb5-config)
|
||||||
|
if test -x "$KRB5_CONFIG"; then
|
||||||
|
- LIBS="$LIBS `$KRB5_CONFIG --libs`"
|
||||||
|
- CFLAGS="$CFLAGS `$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`"
|
||||||
|
- CPPFLAGS="$CPPFLAGS `$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`"
|
||||||
|
+ KRB5_LIBS="`CFLAGS='' $KRB5_CONFIG --libs gssapi`"
|
||||||
|
+ KRB5_CFLAGS="`$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`"
|
||||||
|
+ KRB5_CPPFLAGS="`$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`"
|
||||||
|
FOUND_KRB5=yes
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
else
|
||||||
|
@@ -2154,18 +2251,23 @@
|
||||||
|
[ --with-krb5=base-dir Locate Kerberos 5 support (default=/usr)],
|
||||||
|
[ case "$withval" in
|
||||||
|
no)
|
||||||
|
- AC_MSG_RESULT(no)
|
||||||
|
+ AC_MSG_RESULT(no krb5-path given)
|
||||||
|
+ ;;
|
||||||
|
+ yes)
|
||||||
|
+ AC_MSG_RESULT(/usr)
|
||||||
|
+ KRB5_LIBS="-lkrb5"
|
||||||
|
+ FOUND_KRB5=yes
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
- AC_MSG_RESULT(yes)
|
||||||
|
- LIBS="$LIBS -lkrb5"
|
||||||
|
- CFLAGS="$CFLAGS -I$withval/include"
|
||||||
|
- CPPFLAGS="$CPPFLAGS -I$withval/include"
|
||||||
|
- LDFLAGS="$LDFLAGS -L$withval/lib"
|
||||||
|
+ AC_MSG_RESULT($withval)
|
||||||
|
+ KRB5_LIBS="-lkrb5"
|
||||||
|
+ KRB5_CFLAGS="-I$withval/include"
|
||||||
|
+ KRB5_CPPFLAGS="-I$withval/include"
|
||||||
|
+ KRB5_LDFLAGS="-L$withval/lib"
|
||||||
|
FOUND_KRB5=yes
|
||||||
|
;;
|
||||||
|
esac ],
|
||||||
|
- AC_MSG_RESULT(no)
|
||||||
|
+ AC_MSG_RESULT(no krb5-path given)
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
|
@@ -2175,15 +2277,15 @@
|
||||||
|
AC_MSG_CHECKING(for /usr/include/heimdal)
|
||||||
|
if test -d /usr/include/heimdal; then
|
||||||
|
if test -f /usr/lib/heimdal/lib/libkrb5.a; then
|
||||||
|
- LIBS="$LIBS -lkrb5"
|
||||||
|
- CFLAGS="$CFLAGS -I/usr/include/heimdal"
|
||||||
|
- CPPFLAGS="$CPPFLAGS -I/usr/include/heimdal"
|
||||||
|
- LDFLAGS="$LDFLAGS -L/usr/lib/heimdal/lib"
|
||||||
|
+ KRB5_LIBS="-lkrb5"
|
||||||
|
+ KRB5_CFLAGS="-I/usr/include/heimdal"
|
||||||
|
+ KRB5_CPPFLAGS="-I/usr/include/heimdal"
|
||||||
|
+ KRB5_LDFLAGS="-L/usr/lib/heimdal/lib"
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
else
|
||||||
|
- LIBS="$LIBS -lkrb5"
|
||||||
|
- CFLAGS="$CFLAGS -I/usr/include/heimdal"
|
||||||
|
- CPPFLAGS="$CPPFLAGS -I/usr/include/heimdal"
|
||||||
|
+ KRB5_LIBS="-lkrb5"
|
||||||
|
+ KRB5_CFLAGS="-I/usr/include/heimdal"
|
||||||
|
+ KRB5_CPPFLAGS="-I/usr/include/heimdal"
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
@@ -2196,16 +2298,26 @@
|
||||||
|
# see if this box has the RedHat location for kerberos
|
||||||
|
AC_MSG_CHECKING(for /usr/kerberos)
|
||||||
|
if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then
|
||||||
|
- LIBS="$LIBS -lkrb5"
|
||||||
|
- LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
|
||||||
|
- CFLAGS="$CFLAGS -I/usr/kerberos/include"
|
||||||
|
- CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
|
||||||
|
+ KRB5_LIBS="-lkrb5"
|
||||||
|
+ KRB5_LDFLAGS="-L/usr/kerberos/lib"
|
||||||
|
+ KRB5_CFLAGS="-I/usr/kerberos/include"
|
||||||
|
+ KRB5_CPPFLAGS="-I/usr/kerberos/include"
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
+ ac_save_CFLAGS=$CFLAGS
|
||||||
|
+ ac_save_CPPFLAGS=$CPPFLAGS
|
||||||
|
+ ac_save_LDFLAGS=$LDFLAGS
|
||||||
|
+
|
||||||
|
+ CFLAGS="$CFLAGS $KRB5_CFLAGS"
|
||||||
|
+ CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
|
||||||
|
+ LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
|
||||||
|
+
|
||||||
|
+ KRB5_LIBS="$KRB5_LDFLAGS $KRB5_LIBS"
|
||||||
|
+
|
||||||
|
# now check for krb5.h. Some systems have the libraries without the headers!
|
||||||
|
# note that this check is done here to allow for different kerberos
|
||||||
|
# include paths
|
||||||
|
@@ -2225,24 +2337,17 @@
|
||||||
|
# Turn off AD support and restore CFLAGS and LIBS variables
|
||||||
|
|
||||||
|
with_ads_support="no"
|
||||||
|
-
|
||||||
|
- CFLAGS="$ac_save_CFLAGS"
|
||||||
|
- LIBS="$ac_save_LIBS"
|
||||||
|
-
|
||||||
|
- else
|
||||||
|
-
|
||||||
|
- # Get rid of case where $with_ads_support=auto
|
||||||
|
-
|
||||||
|
- with_ads_support="yes"
|
||||||
|
-
|
||||||
|
+
|
||||||
|
+ CFLAGS=$ac_save_CFLAGS
|
||||||
|
+ CPPFLAGS=$ac_save_CPPFLAGS
|
||||||
|
+ LDFLAGS=$ac_save_LDFLAGS
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Now we have determined whether we really want ADS support
|
||||||
|
|
||||||
|
-if test x"$with_ads_support" = x"yes"; then
|
||||||
|
-
|
||||||
|
- AC_DEFINE(WITH_ADS,1,[Whether to include Active Directory support])
|
||||||
|
+if test x"$with_ads_support" != x"no"; then
|
||||||
|
+ ac_save_LIBS=$LIBS
|
||||||
|
|
||||||
|
# now check for gssapi headers. This is also done here to allow for
|
||||||
|
# different kerberos include paths
|
||||||
|
@@ -2250,62 +2355,45 @@
|
||||||
|
|
||||||
|
##################################################################
|
||||||
|
# we might need the k5crypto and com_err libraries on some systems
|
||||||
|
- AC_CHECK_LIB(com_err, _et_list)
|
||||||
|
- AC_CHECK_LIB(k5crypto, krb5_encrypt_data)
|
||||||
|
+ AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list)
|
||||||
|
+ AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data)
|
||||||
|
|
||||||
|
# Heimdal checks.
|
||||||
|
- AC_CHECK_LIB(crypto, des_set_key)
|
||||||
|
- AC_CHECK_LIB(asn1, copy_Authenticator)
|
||||||
|
- AC_CHECK_LIB(roken, roken_getaddrinfo_hostspec)
|
||||||
|
+ AC_CHECK_LIB_EXT(crypto, KRB5_LIBS, des_set_key)
|
||||||
|
+ AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator)
|
||||||
|
+ AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec)
|
||||||
|
|
||||||
|
# Heimdal checks. On static Heimdal gssapi must be linked before krb5.
|
||||||
|
- AC_CHECK_LIB(gssapi, gss_display_status, [LIBS="$LIBS -lgssapi -lkrb5";
|
||||||
|
- AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
|
||||||
|
+ AC_CHECK_LIB_EXT(gssapi, KRB5_LIBS, gss_display_status, [KRB5_LIBS="$KRB5_LIBS -lgssapi -lkrb5";
|
||||||
|
+ AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
|
||||||
|
+
|
||||||
|
+ ########################################################
|
||||||
|
+ # now see if we can find the krb5 libs in standard paths
|
||||||
|
+ # or as specified above
|
||||||
|
+ AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_mk_req_extended)
|
||||||
|
+
|
||||||
|
+ ########################################################
|
||||||
|
+ # now see if we can find the gssapi libs in standard paths
|
||||||
|
+ AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],
|
||||||
|
+ AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
|
||||||
|
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_set_real_time,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_SET_REAL_TIME,1,
|
||||||
|
- [Whether krb5_set_real_time is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_set_default_in_tkt_etypes,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES,1,
|
||||||
|
- [Whether krb5_set_default_in_tkt_etypes, is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_set_default_tgs_ktypes,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES,1,
|
||||||
|
- [Whether krb5_set_default_tgs_ktypes is available])])
|
||||||
|
-
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_principal2salt,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_PRINCIPAL2SALT,1,
|
||||||
|
- [Whether krb5_principal2salt is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_use_enctype,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_USE_ENCTYPE,1,
|
||||||
|
- [Whether krb5_use_enctype is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_string_to_key,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_STRING_TO_KEY,1,
|
||||||
|
- [Whether krb5_string_to_key is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_get_pw_salt,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_GET_PW_SALT,1,
|
||||||
|
- [Whether krb5_get_pw_salt is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_string_to_key_salt,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_STRING_TO_KEY_SALT,1,
|
||||||
|
- [Whether krb5_string_to_key_salt is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_auth_con_setkey,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_AUTH_CON_SETKEY,1,
|
||||||
|
- [Whether krb5_auth_con_setkey is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_auth_con_setuseruserkey,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY,1,
|
||||||
|
- [Whether krb5_auth_con_setuseruserkey is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_locate_kdc,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_LOCATE_KDC,1,
|
||||||
|
- [Whether krb5_locate_kdc is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_get_permitted_enctypes,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_GET_PERMITTED_ENCTYPES,1,
|
||||||
|
- [Whether krb5_get_permitted_enctypes is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_get_default_in_tkt_etypes,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES,1,
|
||||||
|
- [Whether krb5_get_default_in_tkt_etypes is available])])
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_free_ktypes,
|
||||||
|
- [AC_DEFINE(HAVE_KRB5_FREE_KTYPES,1,
|
||||||
|
- [Whether krb5_free_ktypes is available])])
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_set_default_tgs_ktypes, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_principal2salt, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_use_enctype, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_string_to_key, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_get_pw_salt, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS)
|
||||||
|
+ AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS)
|
||||||
|
|
||||||
|
+ LIBS="$LIBS $KRB5_LIBS"
|
||||||
|
+
|
||||||
|
AC_CACHE_CHECK([for addrtype in krb5_address],
|
||||||
|
samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
|
||||||
|
AC_TRY_COMPILE([#include <krb5.h>],
|
||||||
|
@@ -2365,87 +2453,21 @@
|
||||||
|
[Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
|
||||||
|
fi
|
||||||
|
|
||||||
|
- ########################################################
|
||||||
|
- # now see if we can find the krb5 libs in standard paths
|
||||||
|
- # or as specified above
|
||||||
|
- AC_CHECK_LIB(krb5, krb5_mk_req_extended, [KRB5_LIBS="$LIBS -lkrb5";
|
||||||
|
- KRB5_CFLAGS="$CFLAGS";
|
||||||
|
- AC_DEFINE(HAVE_KRB5,1,[Whether KRB5 is available])])
|
||||||
|
-
|
||||||
|
- ########################################################
|
||||||
|
- # now see if we can find the gssapi libs in standard paths
|
||||||
|
- AC_CHECK_LIB(gssapi_krb5, gss_display_status,
|
||||||
|
- [KRB5_LIBS="$KRB5_LIBS -lgssapi_krb5";
|
||||||
|
- AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
|
||||||
|
-
|
||||||
|
- CFLAGS="$ac_save_CFLAGS"
|
||||||
|
- LIBS="$ac_save_LIBS"
|
||||||
|
-fi
|
||||||
|
-
|
||||||
|
-########################################################
|
||||||
|
-# Compile with LDAP support?
|
||||||
|
-
|
||||||
|
-LDAP_OBJ=""
|
||||||
|
-with_ldap_support=yes
|
||||||
|
-AC_MSG_CHECKING([whether to use LDAP])
|
||||||
|
-
|
||||||
|
-AC_ARG_WITH(ldap,
|
||||||
|
-[ --with-ldap LDAP support (default yes)],
|
||||||
|
-[ case "$withval" in
|
||||||
|
- no)
|
||||||
|
- with_ldap_support=no
|
||||||
|
- ;;
|
||||||
|
- esac ])
|
||||||
|
-
|
||||||
|
-AC_MSG_RESULT($with_ldap_support)
|
||||||
|
-
|
||||||
|
-SMBLDAP=""
|
||||||
|
-if test x"$with_ldap_support" = x"yes"; then
|
||||||
|
- ac_save_LIBS="$LIBS"
|
||||||
|
- LIBS=""
|
||||||
|
-
|
||||||
|
- ##################################################################
|
||||||
|
- # we might need the lber lib on some systems. To avoid link errors
|
||||||
|
- # this test must be before the libldap test
|
||||||
|
- AC_CHECK_LIB(lber, ber_scanf)
|
||||||
|
-
|
||||||
|
- ########################################################
|
||||||
|
- # now see if we can find the ldap libs in standard paths
|
||||||
|
- if test x$have_ldap != xyes; then
|
||||||
|
- AC_CHECK_LIB(ldap, ldap_init, [
|
||||||
|
- LIBS="$LIBS -lldap";
|
||||||
|
- AC_CHECK_LIB(ldap, ldap_domain2hostlist, [
|
||||||
|
- AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])
|
||||||
|
- AC_CHECK_HEADERS([ldap.h lber.h],
|
||||||
|
- [default_static_modules="$default_static_modules pdb_ldap idmap_ldap";
|
||||||
|
- SMBLDAP="lib/smbldap.o"])
|
||||||
|
- ])
|
||||||
|
- ])
|
||||||
|
-
|
||||||
|
- ########################################################
|
||||||
|
- # If we have LDAP, does it's rebind procedure take 2 or 3 arguments?
|
||||||
|
- # Check found in pam_ldap 145.
|
||||||
|
- AC_CHECK_FUNCS(ldap_set_rebind_proc)
|
||||||
|
- AC_CACHE_CHECK(whether ldap_set_rebind_proc takes 3 arguments, pam_ldap_cv_ldap_set_rebind_proc, [
|
||||||
|
- AC_TRY_COMPILE([
|
||||||
|
- #include <lber.h>
|
||||||
|
- #include <ldap.h>], [ldap_set_rebind_proc(0, 0, 0);], [pam_ldap_cv_ldap_set_rebind_proc=3], [pam_ldap_cv_ldap_set_rebind_proc=2]) ])
|
||||||
|
- AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $pam_ldap_cv_ldap_set_rebind_proc, [Number of arguments to ldap_set_rebind_proc])
|
||||||
|
- AC_CHECK_FUNCS(ldap_initialize)
|
||||||
|
- fi
|
||||||
|
-
|
||||||
|
- AC_SUBST(SMBLDAP)
|
||||||
|
- LDAP_LIBS="$LIBS";
|
||||||
|
- LIBS="$ac_save_LIBS";
|
||||||
|
-else
|
||||||
|
- # Can't have ADS support without LDAP
|
||||||
|
+ if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then
|
||||||
|
+ AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support])
|
||||||
|
+ AC_DEFINE(WITH_ADS,1,[Whether to include Active Directory support])
|
||||||
|
+ AC_MSG_CHECKING(whether Active Directory and krb5 support is used)
|
||||||
|
+ AC_MSG_RESULT(yes)
|
||||||
|
+ else
|
||||||
|
if test x"$with_ads_support" = x"yes"; then
|
||||||
|
- AC_MSG_ERROR(Active directory support requires LDAP)
|
||||||
|
+ AC_MSG_ERROR(libkrb5 is needed for Active Directory support)
|
||||||
|
+ else
|
||||||
|
+ AC_MSG_WARN(libkrb5 is needed for Active Directory support)
|
||||||
|
fi
|
||||||
|
-fi
|
||||||
|
-
|
||||||
|
-if test x"$with_ads_support" = x"yes"; then
|
||||||
|
- ADSLIBS="$LDAP_LIBS $KRB5_LIBS"
|
||||||
|
+ KRB5_LIBS=""
|
||||||
|
+ with_ads_support=no
|
||||||
|
+ fi
|
||||||
|
+ LIBS="$ac_save_LIBS"
|
||||||
|
fi
|
||||||
|
|
||||||
|
########################################################
|
24
packaging/Debian/debian/patches/pam_smbpass_linkage.patch
Normal file
24
packaging/Debian/debian/patches/pam_smbpass_linkage.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -uNr samba-3.0.0beta2.orig/source/Makefile.in samba-3.0.0beta2/source/Makefile.in
|
||||||
|
--- samba-3.0.0beta2.orig/source/Makefile.in 2003-07-05 16:24:34.000000000 -0500
|
||||||
|
+++ samba-3.0.0beta2/source/Makefile.in 2003-07-05 16:24:54.000000000 -0500
|
||||||
|
@@ -579,8 +579,8 @@
|
||||||
|
PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
|
||||||
|
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \
|
||||||
|
libsmb/smbencrypt.o libsmb/smbdes.o libsmb/nterr.o \
|
||||||
|
- $(PARAM_OBJ) $(LIB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
|
||||||
|
- $(SECRETS_OBJ) $(UBIQX_OBJ)
|
||||||
|
+ $(LIBSAMBA_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(PASSDB_OBJ) \
|
||||||
|
+ $(GROUPDB_OBJ) $(SECRETS_OBJ) $(UBIQX_OBJ) $(SMBLDAP_OBJ)
|
||||||
|
|
||||||
|
PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.po)
|
||||||
|
|
||||||
|
@@ -1076,7 +1076,8 @@
|
||||||
|
|
||||||
|
bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ)
|
||||||
|
@echo "Linking shared library $@"
|
||||||
|
- @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) -lc
|
||||||
|
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) \
|
||||||
|
+ $(PASSDBLIBS) $(LIBS) -lc
|
||||||
|
|
||||||
|
bin/libmsrpc.a: $(LIBMSRPC_PICOBJ)
|
||||||
|
@-$(AR) -rc $@ $(LIBMSRPC_PICOBJ)
|
43
packaging/Debian/debian/patches/smbclient-tar.patch
Normal file
43
packaging/Debian/debian/patches/smbclient-tar.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
diff -uNr samba-3.0.0beta2.orig/source/client/client.c samba-3.0.0beta2/source/client/client.c
|
||||||
|
--- samba-3.0.0beta2.orig/source/client/client.c 2003-07-01 22:36:24.000000000 -0500
|
||||||
|
+++ samba-3.0.0beta2/source/client/client.c 2003-07-06 15:17:36.000000000 -0500
|
||||||
|
@@ -2731,6 +2731,7 @@
|
||||||
|
int opt;
|
||||||
|
pstring query_host;
|
||||||
|
BOOL message = False;
|
||||||
|
+ char* tar_args = NULL;
|
||||||
|
extern char tar_type;
|
||||||
|
pstring term_code;
|
||||||
|
static const char *new_name_resolve_order = NULL;
|
||||||
|
@@ -2816,7 +2817,7 @@
|
||||||
|
max_protocol = interpret_protocol(poptGetOptArg(pc), max_protocol);
|
||||||
|
break;
|
||||||
|
case 'T':
|
||||||
|
- if (!tar_parseargs(argc, argv, poptGetOptArg(pc), optind)) {
|
||||||
|
+ if (!(tar_args = poptGetOptArg(pc))) {
|
||||||
|
poptPrintUsage(pc, stderr, 0);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
@@ -2848,6 +2849,22 @@
|
||||||
|
pstrcpy(cmdline_auth_info.password,poptGetArg(pc));
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* The tar command may take a number of string options; pass
|
||||||
|
+ everything we have left to tar_parseargs(). */
|
||||||
|
+ if (tar_args) {
|
||||||
|
+ const char **argv2 = poptGetArgs(pc);
|
||||||
|
+ int argc2 = 0;
|
||||||
|
+
|
||||||
|
+ if (argv2) {
|
||||||
|
+ while (argv2[argc2]) argc2++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!tar_parseargs(argc2, argv2, tar_args, 0)) {
|
||||||
|
+ poptPrintUsage(pc, stderr, 0);
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
init_names();
|
||||||
|
|
||||||
|
if(new_name_resolve_order)
|
BIN
packaging/Mandrake/swat_16.png.bz2
Normal file
BIN
packaging/Mandrake/swat_16.png.bz2
Normal file
Binary file not shown.
BIN
packaging/Mandrake/swat_32.png.bz2
Normal file
BIN
packaging/Mandrake/swat_32.png.bz2
Normal file
Binary file not shown.
BIN
packaging/Mandrake/swat_48.png.bz2
Normal file
BIN
packaging/Mandrake/swat_48.png.bz2
Normal file
Binary file not shown.
440
packaging/RedHat/samba.spec.tmpl
Normal file
440
packaging/RedHat/samba.spec.tmpl
Normal file
@ -0,0 +1,440 @@
|
|||||||
|
Summary: Samba SMB client and server
|
||||||
|
Name: samba
|
||||||
|
Version: PVERSION
|
||||||
|
Release: PRELEASE
|
||||||
|
License: GNU GPL version 2
|
||||||
|
Group: Networking
|
||||||
|
Source: http://download.samba.org/samba/ftp/samba-%{version}.tar.bz2
|
||||||
|
Packager: Gerald Carter [Samba-Team] <jerry@samba.org>
|
||||||
|
Requires: pam >= 0.72 kernel >= 2.2.1 glibc >= 2.1.2
|
||||||
|
Prereq: chkconfig fileutils
|
||||||
|
Provides: samba = %{version}
|
||||||
|
Obsoletes: samba-common, samba-client, samba-swat
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||||
|
Prefix: /usr
|
||||||
|
|
||||||
|
%description
|
||||||
|
Samba provides an SMB/CIFS server which can be used to provide
|
||||||
|
network file and print services to SMB/CIFS clients, including
|
||||||
|
various versions of MS Windows, OS/2, and other Linux machines.
|
||||||
|
Samba also provides some SMB clients, which complement the
|
||||||
|
built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP
|
||||||
|
(NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS
|
||||||
|
frame) protocol.
|
||||||
|
|
||||||
|
Samba 3.0 also introduces UNICODE support and kerberos/ldap
|
||||||
|
integration as a member server in a Windows 2000 domain.
|
||||||
|
|
||||||
|
Please refer to the WHATSNEW.txt document for fixup information.
|
||||||
|
docs directory for implementation details.
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Nov 18 2002 Gerald Carter <jerry@samba.org>
|
||||||
|
- removed change log entries since history
|
||||||
|
is being maintained in CVS
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup
|
||||||
|
|
||||||
|
%build
|
||||||
|
## Build main Samba source
|
||||||
|
cd source
|
||||||
|
|
||||||
|
%ifarch ia64
|
||||||
|
libtoolize --copy --force # get it to recognize IA-64
|
||||||
|
autoheader
|
||||||
|
autoconf
|
||||||
|
EXTRA="-D_LARGEFILE64_SOURCE"
|
||||||
|
%endif
|
||||||
|
NUMCPU=`grep processor /proc/cpuinfo | wc -l`
|
||||||
|
if [ ! -f "configure" ]; then
|
||||||
|
./autogen.sh
|
||||||
|
fi
|
||||||
|
CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \
|
||||||
|
--prefix=%{prefix} \
|
||||||
|
--localstatedir=/var \
|
||||||
|
--with-configdir=/etc/samba \
|
||||||
|
--with-privatedir=/etc/samba \
|
||||||
|
--with-fhs \
|
||||||
|
--with-quotas \
|
||||||
|
--with-smbmount \
|
||||||
|
--with-pam \
|
||||||
|
--with-pam_smbpass \
|
||||||
|
--with-syslog \
|
||||||
|
--with-utmp \
|
||||||
|
--with-sambabook=%{prefix}/share/swat/using_samba \
|
||||||
|
--with-swatdir=%{prefix}/share/swat \
|
||||||
|
--with-libsmbclient
|
||||||
|
make -j${NUMCPU} proto
|
||||||
|
make -j${NUMCPU} all nsswitch/libnss_wins.so modules
|
||||||
|
make -j${NUMCPU} debug2html
|
||||||
|
make -j${NUMCPU} bin/smbspool
|
||||||
|
|
||||||
|
# Remove some permission bits to avoid to many dependencies
|
||||||
|
find examples docs -type f | xargs -r chmod -x
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
mkdir -p $RPM_BUILD_ROOT
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/sbin
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/etc/samba
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,samba}
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{prefix}/{bin,sbin}
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include,using_samba}
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/{figs,gifs}
|
||||||
|
mkdir -p $RPM_BUILD_ROOTMANDIR_MACRO
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/var/cache/samba
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/var/{log,run}/samba
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/var/spool/samba
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/lib/security
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{prefix}/lib/samba/vfs
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{prefix}/{lib,include}
|
||||||
|
|
||||||
|
# Install standard binary files
|
||||||
|
for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \
|
||||||
|
rpcclient smbspool smbcacls smbcontrol wbinfo smbmnt net \
|
||||||
|
smbcacls pdbedit tdbbackup smbtree
|
||||||
|
do
|
||||||
|
install -m755 source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin
|
||||||
|
done
|
||||||
|
|
||||||
|
for i in mksmbpasswd.sh smbtar findsmb
|
||||||
|
do
|
||||||
|
install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin
|
||||||
|
done
|
||||||
|
|
||||||
|
# Install secure binary files
|
||||||
|
for i in smbd nmbd swat smbmount smbumount debug2html winbindd
|
||||||
|
do
|
||||||
|
install -m755 source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin
|
||||||
|
done
|
||||||
|
|
||||||
|
# we need a symlink for mount to recognise the smb and smbfs filesystem types
|
||||||
|
ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs
|
||||||
|
ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb
|
||||||
|
|
||||||
|
# This allows us to get away without duplicating code that
|
||||||
|
# sombody else can maintain for us.
|
||||||
|
cd source
|
||||||
|
make DESTDIR=$RPM_BUILD_ROOT \
|
||||||
|
BASEDIR=/usr \
|
||||||
|
CONFIGDIR=/etc/samba \
|
||||||
|
LIBDIR=%{prefix}/lib/samba \
|
||||||
|
VARDIR=/var \
|
||||||
|
SBINDIR=%{prefix}/sbin \
|
||||||
|
BINDIR=$%{prefix}/bin \
|
||||||
|
MANDIR=MANDIR_MACRO \
|
||||||
|
SWATDIR=%{prefix}/share/swat \
|
||||||
|
SAMBABOOK=%{prefix}/share/swat/using_samba \
|
||||||
|
installman installswat installdat installmodules
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
# Install the nsswitch wins library
|
||||||
|
install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib
|
||||||
|
( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_wins.so libnss_wins.so.2; )
|
||||||
|
|
||||||
|
# Install winbind shared libraries
|
||||||
|
install -m755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/lib
|
||||||
|
( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_winbind.so libnss_winbind.so.2; )
|
||||||
|
install -m755 source/nsswitch/pam_winbind.so $RPM_BUILD_ROOT/lib/security
|
||||||
|
|
||||||
|
# Install pam_smbpass.so
|
||||||
|
install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security
|
||||||
|
|
||||||
|
# libsmbclient
|
||||||
|
install -m 755 source/bin/libsmbclient.so $RPM_BUILD_ROOT%{prefix}/lib/
|
||||||
|
install -m 755 source/bin/libsmbclient.a $RPM_BUILD_ROOT%{prefix}/lib/
|
||||||
|
install -m 644 source/include/libsmbclient.h $RPM_BUILD_ROOT%{prefix}/include/
|
||||||
|
|
||||||
|
# Install SWAT helper files
|
||||||
|
#for i in swat/help/*.html docs/htmldocs/*.html
|
||||||
|
#do
|
||||||
|
# install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help
|
||||||
|
#done
|
||||||
|
#for i in swat/images/*.gif
|
||||||
|
#do
|
||||||
|
# install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images
|
||||||
|
#done
|
||||||
|
#for i in swat/include/*.html
|
||||||
|
#do
|
||||||
|
# install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include
|
||||||
|
#done
|
||||||
|
|
||||||
|
# Install the miscellany
|
||||||
|
install -m755 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat/README
|
||||||
|
install -m755 packaging/RedHat/smbprint $RPM_BUILD_ROOT%{prefix}/bin
|
||||||
|
install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb
|
||||||
|
install -m755 packaging/RedHat/winbind.init $RPM_BUILD_ROOT/etc/rc.d/init.d/winbind
|
||||||
|
install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT%{prefix}/sbin/samba
|
||||||
|
install -m644 packaging/RedHat/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba
|
||||||
|
install -m644 packaging/RedHat/smb.conf $RPM_BUILD_ROOT/etc/samba/smb.conf
|
||||||
|
install -m644 packaging/RedHat/smbusers $RPM_BUILD_ROOT/etc/samba/smbusers
|
||||||
|
install -m644 packaging/RedHat/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba
|
||||||
|
install -m644 packaging/RedHat/samba.pamd.stack $RPM_BUILD_ROOT/etc/samba/samba.stack
|
||||||
|
install -m644 packaging/RedHat/samba.xinetd $RPM_BUILD_ROOT/etc/samba/samba.xinetd
|
||||||
|
echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/samba/lmhosts
|
||||||
|
|
||||||
|
# Remove "*.old" files
|
||||||
|
find $RPM_BUILD_ROOT -name "*.old" -exec rm -f {} \;
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%post
|
||||||
|
if [ "$1" -eq "1" ]; then
|
||||||
|
/sbin/chkconfig --add smb
|
||||||
|
/sbin/chkconfig --add winbind
|
||||||
|
/sbin/chkconfig smb off
|
||||||
|
/sbin/chkconfig winbind off
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Looking for old /etc/smb.conf..."
|
||||||
|
if [ -f /etc/smb.conf -a ! -f /etc/samba/smb.conf ]; then
|
||||||
|
echo "Moving old /etc/smb.conf to /etc/samba/smb.conf"
|
||||||
|
mv /etc/smb.conf /etc/samba/smb.conf
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Looking for old /etc/smbusers..."
|
||||||
|
if [ -f /etc/smbusers -a ! -f /etc/samba/smbusers ]; then
|
||||||
|
echo "Moving old /etc/smbusers to /etc/samba/smbusers"
|
||||||
|
mv /etc/smbusers /etc/samba/smbusers
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Looking for old /etc/lmhosts..."
|
||||||
|
if [ -f /etc/lmhosts -a ! -f /etc/samba/lmhosts ]; then
|
||||||
|
echo "Moving old /etc/lmhosts to /etc/samba/lmhosts"
|
||||||
|
mv /etc/lmhosts /etc/samba/lmhosts
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Looking for old /etc/MACHINE.SID..."
|
||||||
|
if [ -f /etc/MACHINE.SID -a ! -f /etc/samba/MACHINE.SID ]; then
|
||||||
|
echo "Moving old /etc/MACHINE.SID to /etc/samba/MACHINE.SID"
|
||||||
|
mv /etc/MACHINE.SID /etc/samba/MACHINE.SID
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Looking for old /etc/smbpasswd..."
|
||||||
|
if [ -f /etc/smbpasswd -a ! -f /etc/samba/smbpasswd ]; then
|
||||||
|
echo "Moving old /etc/smbpasswd to /etc/samba/smbpasswd"
|
||||||
|
mv /etc/smbpasswd /etc/samba/smbpasswd
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# For 2.2.1 we move the tdb files from /var/lock/samba to /var/cache/samba
|
||||||
|
# to preserve across reboots.
|
||||||
|
#
|
||||||
|
echo "Moving tdb files in /var/lock/samba/*.tdb to /var/cache/samba/*.tdb"
|
||||||
|
for i in /var/lock/samba/*.tdb
|
||||||
|
do
|
||||||
|
if [ -f $i ]; then
|
||||||
|
newname=`echo $i | sed -e's|var\/lock\/samba|var\/cache\/samba|'`
|
||||||
|
echo "Moving $i to $newname"
|
||||||
|
mv $i $newname
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Remove the transient tdb files.
|
||||||
|
if [ -e /var/cache/samba/brlock.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/brlock.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /var/cache/samba/unexpected.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/unexpected.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /var/cache/samba/connections.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/connections.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /var/cache/samba/locking.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/locking.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /var/cache/samba/messages.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/messages.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d /var/lock/samba ]; then
|
||||||
|
rm -rf /var/lock/samba
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Add swat entry to /etc/services if not already there.
|
||||||
|
if !( grep ^[:space:]*swat /etc/services > /dev/null ) then
|
||||||
|
echo 'swat 901/tcp # Add swat service used via inetd' >> /etc/services
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Add swat entry to /etc/inetd.conf if needed.
|
||||||
|
if [ -f /etc/inetd.conf ]; then
|
||||||
|
if !( grep ^[:space:]*swat /etc/inetd.conf > /dev/null ) then
|
||||||
|
echo 'swat stream tcp nowait.400 root %{prefix}/sbin/swat swat' >> /etc/inetd.conf
|
||||||
|
killall -1 inetd || :
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Add swat entry to xinetd.d if needed.
|
||||||
|
if [ -d $RPM_BUILD_ROOT/etc/xinetd.d -a ! -f /etc/xinetd.d/swat ]; then
|
||||||
|
mv /etc/samba/samba.xinetd /etc/xinetd.d/swat
|
||||||
|
else
|
||||||
|
rm -f /etc/samba/samba.xinetd
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Install the correct version of the samba pam file, depending on pam version.
|
||||||
|
if [ -f /lib/security/pam_stack.so ]; then
|
||||||
|
echo "Installing stack version of /etc/pam.d/samba..."
|
||||||
|
mv /etc/samba/samba.stack /etc/pam.d/samba
|
||||||
|
else
|
||||||
|
echo "Installing non-stack version of /etc/pam.d/samba..."
|
||||||
|
rm -f /etc/samba/samba.stack
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create winbind nss client symlink
|
||||||
|
|
||||||
|
if [ -e /lib/libnss_winbind.so ]; then
|
||||||
|
ln -sf /lib/libnss_winbind.so /lib/libnss_winbind.so.2
|
||||||
|
fi
|
||||||
|
|
||||||
|
%preun
|
||||||
|
if [ $1 = 0 ] ; then
|
||||||
|
/sbin/chkconfig --del smb
|
||||||
|
|
||||||
|
# We want to remove the browse.dat and wins.dat files so they can not interfer with a new version of samba!
|
||||||
|
if [ -e /var/cache/samba/browse.dat ]; then
|
||||||
|
rm -f /var/cache/samba/browse.dat
|
||||||
|
fi
|
||||||
|
if [ -e /var/cache/samba/wins.dat ]; then
|
||||||
|
rm -f /var/cache/samba/wins.dat
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove the transient tdb files.
|
||||||
|
if [ -e /var/cache/samba/brlock.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/brlock.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /var/cache/samba/unexpected.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/unexpected.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /var/cache/samba/connections.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/connections.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /var/cache/samba/locking.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/locking.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /var/cache/samba/messages.tdb ]; then
|
||||||
|
rm -f /var/cache/samba/messages.tdb
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove winbind nss client symlink
|
||||||
|
|
||||||
|
if [ -L /lib/libnss_winbind.so.2 ]; then
|
||||||
|
rm -f /lib/libnss_winbind.so.2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
%postun
|
||||||
|
# Only delete remnants of samba if this is the final deletion.
|
||||||
|
if [ $1 = 0 ] ; then
|
||||||
|
if [ -x /etc/pam.d/samba ]; then
|
||||||
|
rm -f /etc/pam.d/samba
|
||||||
|
fi
|
||||||
|
if [ -e /var/log/samba ]; then
|
||||||
|
rm -rf /var/log/samba
|
||||||
|
fi
|
||||||
|
if [ -e /var/cache/samba ]; then
|
||||||
|
rm -rf /var/cache/samba
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove swat entries from /etc/inetd.conf and /etc/services
|
||||||
|
cd /etc
|
||||||
|
tmpfile=/etc/tmp.$$
|
||||||
|
if [ -f /etc/inetd.conf ]; then
|
||||||
|
# preserve inetd.conf permissions.
|
||||||
|
cp -p /etc/inetd.conf $tmpfile
|
||||||
|
sed -e '/^[:space:]*swat.*$/d' /etc/inetd.conf > $tmpfile
|
||||||
|
mv $tmpfile inetd.conf
|
||||||
|
fi
|
||||||
|
# preserve services permissions.
|
||||||
|
cp -p /etc/services $tmpfile
|
||||||
|
sed -e '/^[:space:]*swat.*$/d' /etc/services > $tmpfile
|
||||||
|
mv $tmpfile /etc/services
|
||||||
|
|
||||||
|
# Remove swat entry from /etc/xinetd.d
|
||||||
|
if [ -f /etc/xinetd.d/swat ]; then
|
||||||
|
rm -r /etc/xinetd.d/swat
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%doc README COPYING Manifest Read-Manifest-Now
|
||||||
|
%doc WHATSNEW.txt Roadmap
|
||||||
|
%doc docs
|
||||||
|
%doc swat/README
|
||||||
|
%doc examples
|
||||||
|
%{prefix}/sbin/smbd
|
||||||
|
%{prefix}/sbin/nmbd
|
||||||
|
%{prefix}/sbin/swat
|
||||||
|
%{prefix}/bin/smbmnt
|
||||||
|
%{prefix}/sbin/smbmount
|
||||||
|
%{prefix}/sbin/smbumount
|
||||||
|
%{prefix}/sbin/winbindd
|
||||||
|
%{prefix}/sbin/samba
|
||||||
|
%{prefix}/sbin/debug2html
|
||||||
|
/sbin/mount.smbfs
|
||||||
|
/sbin/mount.smb
|
||||||
|
%{prefix}/bin/mksmbpasswd.sh
|
||||||
|
%{prefix}/bin/smbclient
|
||||||
|
%{prefix}/bin/smbspool
|
||||||
|
%{prefix}/bin/rpcclient
|
||||||
|
%{prefix}/bin/testparm
|
||||||
|
%{prefix}/bin/testprns
|
||||||
|
%{prefix}/bin/findsmb
|
||||||
|
%{prefix}/bin/smbstatus
|
||||||
|
%{prefix}/bin/nmblookup
|
||||||
|
%{prefix}/bin/smbpasswd
|
||||||
|
%{prefix}/bin/smbtar
|
||||||
|
%{prefix}/bin/smbprint
|
||||||
|
%{prefix}/bin/smbcontrol
|
||||||
|
%{prefix}/bin/wbinfo
|
||||||
|
%{prefix}/bin/net
|
||||||
|
%{prefix}/bin/smbcacls
|
||||||
|
%{prefix}/bin/pdbedit
|
||||||
|
%{prefix}/bin/tdbbackup
|
||||||
|
%{prefix}/bin/smbtree
|
||||||
|
%attr(755,root,root) /lib/libnss_wins.s*
|
||||||
|
%attr(755,root,root) %{prefix}/lib/samba/vfs/*.so
|
||||||
|
#%attr(755,root,root) %{prefix}/lib/samba/pdb/*.so
|
||||||
|
%attr(755,root,root) %{prefix}/lib/samba/*.dat
|
||||||
|
%{prefix}/include/libsmbclient.h
|
||||||
|
%{prefix}/lib/libsmbclient.a
|
||||||
|
%{prefix}/lib/libsmbclient.so
|
||||||
|
%{prefix}/share/swat/help/*
|
||||||
|
%{prefix}/share/swat/images/*
|
||||||
|
%{prefix}/share/swat/include/*.html
|
||||||
|
%{prefix}/share/swat/lang/*/help/*
|
||||||
|
%{prefix}/share/swat/lang/*/images/*
|
||||||
|
%{prefix}/share/swat/lang/*/include/*.html
|
||||||
|
%{prefix}/share/swat/using_samba/*
|
||||||
|
%{prefix}/share/swat/README
|
||||||
|
%config(noreplace) /etc/samba/lmhosts
|
||||||
|
%config(noreplace) /etc/samba/smb.conf
|
||||||
|
%config(noreplace) /etc/samba/smbusers
|
||||||
|
/etc/samba/samba.stack
|
||||||
|
/etc/samba/samba.xinetd
|
||||||
|
/etc/rc.d/init.d/smb
|
||||||
|
/etc/rc.d/init.d/winbind
|
||||||
|
/etc/logrotate.d/samba
|
||||||
|
%config(noreplace) /etc/pam.d/samba
|
||||||
|
MANDIR_MACRO/man1/*
|
||||||
|
MANDIR_MACRO/man5/*
|
||||||
|
MANDIR_MACRO/man7/*
|
||||||
|
MANDIR_MACRO/man8/*
|
||||||
|
%attr(755,root,root) %dir /var/cache/samba
|
||||||
|
%dir /var/log/samba
|
||||||
|
%dir /var/run/samba
|
||||||
|
%attr(1777,root,root) %dir /var/spool/samba
|
||||||
|
%attr(-,root,root) /lib/libnss_winbind.so
|
||||||
|
%attr(-,root,root) /lib/security/pam_winbind.so
|
||||||
|
%attr(-,root,root) /lib/security/pam_smbpass.so
|
4
packaging/Solaris/.cvsignore
Normal file
4
packaging/Solaris/.cvsignore
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
inetd.conf
|
||||||
|
pkginfo
|
||||||
|
prototype
|
||||||
|
samba.server
|
18
packaging/SuSE/README
Normal file
18
packaging/SuSE/README
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
Date: March 29, 2003
|
||||||
|
|
||||||
|
Note: The current packaging files are NOT officially supported files.
|
||||||
|
---------------------------------------------------------------------
|
||||||
|
|
||||||
|
While the SPEC file shows who the original author was, these files imply no warranty of
|
||||||
|
fitness what so ever. These files are NOT official SuSE files and are NOT supported by
|
||||||
|
them. If you have ANY problems with the use of these files then please email jht@samba.org
|
||||||
|
and NOT SuSE support.
|
||||||
|
|
||||||
|
|
||||||
|
These files may be used to build Samba-3.0 packages for SuSE Linux 8.1 and/or for
|
||||||
|
UnitedLinux 1.0 systems.
|
||||||
|
|
||||||
|
Note2: You most likely will need to update to heimdal-0.5.1 or later if you intend to
|
||||||
|
use any Kerberos functionality.
|
||||||
|
|
||||||
|
- John T.
|
97
packaging/SuSE/samba-3.0.0-msdfs.diff
Normal file
97
packaging/SuSE/samba-3.0.0-msdfs.diff
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
--- source/param/loadparm.c Wed Oct 9 21:17:05 2002
|
||||||
|
+++ source/param/loadparm.c Mon Oct 14 16:33:08 2002
|
||||||
|
@@ -386,6 +386,8 @@
|
||||||
|
BOOL bInheritPerms;
|
||||||
|
BOOL bInheritACLS;
|
||||||
|
BOOL bMSDfsRoot;
|
||||||
|
+ BOOL bMSDfsProxy;
|
||||||
|
+ char *bMSDfsLinkName;
|
||||||
|
BOOL bUseClientDriver;
|
||||||
|
BOOL bDefaultDevmode;
|
||||||
|
BOOL bNTAclSupport;
|
||||||
|
@@ -508,6 +510,8 @@
|
||||||
|
False, /* bInheritPerms */
|
||||||
|
False, /* bInheritACLS */
|
||||||
|
False, /* bMSDfsRoot */
|
||||||
|
+ False, /* bMSDfsProxy */
|
||||||
|
+ NULL, /* bMSDfsLinkName */
|
||||||
|
False, /* bUseClientDriver */
|
||||||
|
False, /* bDefaultDevmode */
|
||||||
|
True, /* bNTAclSupport */
|
||||||
|
@@ -1079,6 +1083,8 @@
|
||||||
|
|
||||||
|
|
||||||
|
{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE},
|
||||||
|
+ {"msdfs proxy", P_BOOL, P_LOCAL, &sDefault.bMSDfsProxy, NULL, NULL, FLAG_SHARE},
|
||||||
|
+ {"msdfs link name", P_STRING, P_LOCAL, &sDefault.bMSDfsLinkName, NULL, NULL, FLAG_SHARE},
|
||||||
|
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||||
|
|
||||||
|
{"Winbind options", P_SEP, P_SEPARATOR},
|
||||||
|
@@ -1730,6 +1736,8 @@
|
||||||
|
FN_LOCAL_STRING(lp_veto_oplocks, szVetoOplockFiles)
|
||||||
|
FN_LOCAL_STRING(lp_driverlocation, szPrinterDriverLocation)
|
||||||
|
FN_LOCAL_BOOL(lp_msdfs_root, bMSDfsRoot)
|
||||||
|
+FN_LOCAL_BOOL(lp_msdfs_proxy, bMSDfsProxy)
|
||||||
|
+FN_LOCAL_STRING(lp_msdfs_link_name, bMSDfsLinkName)
|
||||||
|
FN_LOCAL_BOOL(lp_autoloaded, autoloaded)
|
||||||
|
FN_LOCAL_BOOL(lp_preexec_close, bPreexecClose)
|
||||||
|
FN_LOCAL_BOOL(lp_rootpreexec_close, bRootpreexecClose)
|
||||||
|
--- source/msdfs/msdfs.c Tue Jul 2 08:34:24 2002
|
||||||
|
+++ source/msdfs/msdfs.c Mon Oct 14 16:49:57 2002
|
||||||
|
@@ -600,12 +600,38 @@
|
||||||
|
int reply_size = 0;
|
||||||
|
char *pathnamep = pathname;
|
||||||
|
|
||||||
|
+ struct connection_struct conns;
|
||||||
|
+ struct connection_struct* conn = &conns;
|
||||||
|
+ int snum;
|
||||||
|
+ pstring conn_path;
|
||||||
|
+ struct dfs_path dpi;
|
||||||
|
+
|
||||||
|
+ struct junction_map junction2;
|
||||||
|
+ parse_dfs_path(pathname, &dpi);
|
||||||
|
+ pstrcpy(junction2.service_name, dpi.servicename);
|
||||||
|
+ snum = lp_servicenumber(junction2.service_name);
|
||||||
|
+ create_conn_struct(conn, snum, conn_path);
|
||||||
|
+
|
||||||
|
+
|
||||||
|
ZERO_STRUCT(junction);
|
||||||
|
|
||||||
|
/* get the junction entry */
|
||||||
|
if (!pathnamep)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
+ if (lp_msdfs_proxy(SNUM(conn))) {
|
||||||
|
+ DEBUG(10,("running in proxy mode\n"));
|
||||||
|
+ pstrcpy(pathnamep, "\\");
|
||||||
|
+ pstrcat(pathnamep, dpi.hostname);
|
||||||
|
+ pstrcat(pathnamep, "\\");
|
||||||
|
+ pstrcat(pathnamep, dpi.servicename);
|
||||||
|
+ pstrcat(pathnamep, "\\");
|
||||||
|
+ pstrcat(pathnamep, (char *) lp_msdfs_link_name(SNUM(conn)));
|
||||||
|
+ } else {
|
||||||
|
+ DEBUG(10,("running in normal mode\n"));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/* Trim pathname sent by client so it begins with only one backslash.
|
||||||
|
Two backslashes confuse some dfs clients
|
||||||
|
*/
|
||||||
|
@@ -631,6 +657,17 @@
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if ( lp_msdfs_proxy(SNUM(conn)) ) {
|
||||||
|
+ DEBUG(10,("running in proxy mode\n"));
|
||||||
|
+ pstrcpy ( pathnamep, "\\" );
|
||||||
|
+ pstrcat ( pathnamep, dpi.hostname);
|
||||||
|
+ pstrcat ( pathnamep, "\\" );
|
||||||
|
+ pstrcat ( pathnamep, dpi.servicename);
|
||||||
|
+ } else {
|
||||||
|
+ DEBUG(10,("running in normal mode\n"));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/* create the referral depeding on version */
|
||||||
|
DEBUG(10,("max_referral_level :%d\n",max_referral_level));
|
||||||
|
if(max_referral_level<2 || max_referral_level>3)
|
140
packaging/SuSE/samba-3.0.0-net_ads.diff
Normal file
140
packaging/SuSE/samba-3.0.0-net_ads.diff
Normal file
@ -0,0 +1,140 @@
|
|||||||
|
diff -Nur source/utils/net.c source/utils/net.c
|
||||||
|
--- source/utils/net.c Fri Sep 27 09:42:34 2002
|
||||||
|
+++ source/utils/net.c Tue Oct 1 12:22:00 2002
|
||||||
|
@@ -68,6 +68,7 @@
|
||||||
|
int opt_port = 0;
|
||||||
|
int opt_maxusers = -1;
|
||||||
|
char *opt_comment = "";
|
||||||
|
+char *opt_container = "cn=Users";
|
||||||
|
int opt_flags = -1;
|
||||||
|
int opt_jobid = 0;
|
||||||
|
int opt_timeout = 0;
|
||||||
|
@@ -459,6 +460,7 @@
|
||||||
|
{"myname", 'n', POPT_ARG_STRING, &opt_requester_name},
|
||||||
|
{"conf", 's', POPT_ARG_STRING, &servicesf},
|
||||||
|
{"server", 'S', POPT_ARG_STRING, &opt_host},
|
||||||
|
+ {"container", 'c', POPT_ARG_STRING, &opt_container},
|
||||||
|
{"comment", 'C', POPT_ARG_STRING, &opt_comment},
|
||||||
|
{"maxusers", 'M', POPT_ARG_INT, &opt_maxusers},
|
||||||
|
{"flags", 'F', POPT_ARG_INT, &opt_flags},
|
||||||
|
diff -Nur source/utils/net.h source/utils/net.h
|
||||||
|
--- source/utils/net.h Tue Jun 25 04:29:09 2002
|
||||||
|
+++ source/utils/net.h Tue Oct 1 12:19:51 2002
|
||||||
|
@@ -38,10 +38,8 @@
|
||||||
|
|
||||||
|
extern int opt_maxusers;
|
||||||
|
extern char *opt_comment;
|
||||||
|
+extern char *opt_container;
|
||||||
|
extern int opt_flags;
|
||||||
|
-
|
||||||
|
-extern char *opt_comment;
|
||||||
|
-
|
||||||
|
extern char *opt_target_workgroup;
|
||||||
|
extern int opt_long_list_entries;
|
||||||
|
extern int opt_reboot;
|
||||||
|
diff -Nur source/utils/net_ads.c source/utils/net_ads.c
|
||||||
|
--- source/utils/net_ads.c Tue Sep 17 14:15:52 2002
|
||||||
|
+++ source/utils/net_ads.c Tue Oct 1 12:33:44 2002
|
||||||
|
@@ -255,7 +255,7 @@
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- status = ads_add_user_acct(ads, argv[0], opt_comment);
|
||||||
|
+ status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment);
|
||||||
|
|
||||||
|
if (!ADS_ERR_OK(status)) {
|
||||||
|
d_printf("Could not add user %s: %s\n", argv[0],
|
||||||
|
@@ -431,7 +431,7 @@
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- status = ads_add_group_acct(ads, argv[0], opt_comment);
|
||||||
|
+ status = ads_add_group_acct(ads, argv[0], opt_container, opt_comment);
|
||||||
|
|
||||||
|
if (ADS_ERR_OK(status)) {
|
||||||
|
d_printf("Group %s added\n", argv[0]);
|
||||||
|
diff -Nur source/utils/net_help.c source/utils/net_help.c
|
||||||
|
--- source/utils/net_help.c Tue Sep 24 20:10:30 2002
|
||||||
|
+++ source/utils/net_help.c Tue Oct 1 13:01:50 2002
|
||||||
|
@@ -69,14 +69,14 @@
|
||||||
|
"\n\tDelete specified user\n");
|
||||||
|
d_printf("\nnet [<method>] user INFO <name> [misc. options] [targets]"\
|
||||||
|
"\n\tList the domain groups of the specified user\n");
|
||||||
|
- d_printf("\nnet [<method>] user ADD <name> [password] "\
|
||||||
|
+ d_printf("\nnet [<method>] user ADD <name> [password] [-c container] "\
|
||||||
|
"[-F user flags] [misc. options]"\
|
||||||
|
" [targets]\n\tAdd specified user\n");
|
||||||
|
|
||||||
|
net_common_methods_usage(argc, argv);
|
||||||
|
net_common_flags_usage(argc, argv);
|
||||||
|
- d_printf(
|
||||||
|
- "\t-C or --comment=<comment>\tdescriptive comment (for add only)\n");
|
||||||
|
+ d_printf("\t-C or --comment=<comment>\tdescriptive comment (for add only)\n");
|
||||||
|
+ d_printf("\t-c or --container=<container>\tLDAP container, defaults to cn=Users (for add in ADS only)\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -85,12 +85,12 @@
|
||||||
|
"\n\tList user groups\n\n");
|
||||||
|
d_printf("net [<method>] group DELETE <name> [misc. options] [targets]"\
|
||||||
|
"\n\tDelete specified group\n");
|
||||||
|
- d_printf("\nnet [<method>] group ADD <name> [-C comment]"\
|
||||||
|
+ d_printf("\nnet [<method>] group ADD <name> [-C comment] [-c container]"\
|
||||||
|
" [misc. options] [targets]\n\tCreate specified group\n");
|
||||||
|
net_common_methods_usage(argc, argv);
|
||||||
|
net_common_flags_usage(argc, argv);
|
||||||
|
- d_printf(
|
||||||
|
- "\t-C or --comment=<comment>\tdescriptive comment (for add only)\n");
|
||||||
|
+ d_printf("\t-C or --comment=<comment>\tdescriptive comment (for add only)\n");
|
||||||
|
+ d_printf("\t-c or --container=<container>\tLDAP container, defaults to cn=Users (for add in ADS only)\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -Nur source/libads/ldap_user.c source/libads/ldap_user.c
|
||||||
|
--- source/libads/ldap_user.c Wed Aug 7 12:33:22 2002
|
||||||
|
+++ source/libads/ldap_user.c Tue Oct 1 12:46:08 2002
|
||||||
|
@@ -38,7 +38,7 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
|
||||||
|
- const char *fullname)
|
||||||
|
+ const char *container, const char *fullname)
|
||||||
|
{
|
||||||
|
TALLOC_CTX *ctx;
|
||||||
|
ADS_MODLIST mods;
|
||||||
|
@@ -57,7 +60,7 @@
|
||||||
|
|
||||||
|
if (!(upn = talloc_asprintf(ctx, "%s@%s", user, ads->config.realm)))
|
||||||
|
goto done;
|
||||||
|
- if (!(new_dn = talloc_asprintf(ctx, "cn=%s,cn=Users,%s", name,
|
||||||
|
+ if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name, container,
|
||||||
|
ads->config.bind_path)))
|
||||||
|
goto done;
|
||||||
|
if (!(controlstr = talloc_asprintf(ctx, "%u", UF_NORMAL_ACCOUNT)))
|
||||||
|
@@ -80,7 +83,7 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
|
||||||
|
- const char *comment)
|
||||||
|
+ const char *container, const char *comment)
|
||||||
|
{
|
||||||
|
TALLOC_CTX *ctx;
|
||||||
|
ADS_MODLIST mods;
|
||||||
|
@@ -93,7 +96,7 @@
|
||||||
|
|
||||||
|
status = ADS_ERROR(LDAP_NO_MEMORY);
|
||||||
|
|
||||||
|
- if (!(new_dn = talloc_asprintf(ctx, "cn=%s,cn=Users,%s", group,
|
||||||
|
+ if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", group, container,
|
||||||
|
ads->config.bind_path)))
|
||||||
|
goto done;
|
||||||
|
if (!(mods = ads_init_mods(ctx)))
|
||||||
|
@@ -102,7 +105,7 @@
|
||||||
|
ads_mod_str(ctx, &mods, "cn", group);
|
||||||
|
ads_mod_strlist(ctx, &mods, "objectClass",objectClass);
|
||||||
|
ads_mod_str(ctx, &mods, "name", group);
|
||||||
|
- if (comment)
|
||||||
|
+ if (comment && *comment)
|
||||||
|
ads_mod_str(ctx, &mods, "description", comment);
|
||||||
|
ads_mod_str(ctx, &mods, "sAMAccountName", group);
|
||||||
|
status = ads_gen_add(ads, new_dn, mods);
|
11
packaging/SuSE/samba-3.0.0-pdb.diff
Normal file
11
packaging/SuSE/samba-3.0.0-pdb.diff
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- examples/pdb/Makefile Thu Sep 5 02:11:41 2002
|
||||||
|
+++ examples/pdb/Makefile Thu Sep 5 02:11:59 2002
|
||||||
|
@@ -8,7 +8,7 @@
|
||||||
|
SAMBA_INCL = ../../source/include
|
||||||
|
UBIQX_SRC = ../../source/ubiqx
|
||||||
|
SMBWR_SRC = ../../source/smbwrapper
|
||||||
|
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g
|
||||||
|
+CFLAGS = -I/usr/include/heimdal -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g
|
||||||
|
PDB_OBJS = pdb_test.so
|
||||||
|
|
||||||
|
# Default target
|
44
packaging/SuSE/samba-3.0.0-python.diff
Normal file
44
packaging/SuSE/samba-3.0.0-python.diff
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
--- source/python/py_common.c 2002-12-22 03:07:40.000000000 +0100
|
||||||
|
+++ source/python/py_common.c 2002-11-29 11:50:22.000000000 +0100
|
||||||
|
@@ -45,9 +45,6 @@
|
||||||
|
|
||||||
|
void py_samba_init(void)
|
||||||
|
{
|
||||||
|
- extern pstring global_myname;
|
||||||
|
- char *p;
|
||||||
|
-
|
||||||
|
if (initialised)
|
||||||
|
return;
|
||||||
|
|
||||||
|
@@ -59,11 +56,7 @@
|
||||||
|
/* Misc other stuff */
|
||||||
|
|
||||||
|
load_interfaces();
|
||||||
|
-
|
||||||
|
- fstrcpy(global_myname, myhostname());
|
||||||
|
- p = strchr(global_myname, '.');
|
||||||
|
- if (p)
|
||||||
|
- *p = 0;
|
||||||
|
+ init_names();
|
||||||
|
|
||||||
|
initialised = True;
|
||||||
|
}
|
||||||
|
--- source/python/py_smb.c 2002-11-27 03:54:20.000000000 +0100
|
||||||
|
+++ source/python/py_smb.c 2002-11-29 11:50:22.000000000 +0100
|
||||||
|
@@ -61,7 +61,6 @@
|
||||||
|
static char *kwlist[] = { "called", "calling", NULL };
|
||||||
|
char *calling_name = NULL, *called_name;
|
||||||
|
struct nmb_name calling, called;
|
||||||
|
- extern pstring global_myname;
|
||||||
|
BOOL result;
|
||||||
|
|
||||||
|
if (!PyArg_ParseTupleAndKeywords(args, kw, "s|s", kwlist, &called_name,
|
||||||
|
@@ -69,7 +68,7 @@
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
if (!calling_name)
|
||||||
|
- calling_name = global_myname;
|
||||||
|
+ calling_name = global_myname();
|
||||||
|
|
||||||
|
make_nmb_name(&calling, calling_name, 0x00);
|
||||||
|
make_nmb_name(&called, called_name, 0x20);
|
80
packaging/SuSE/samba-3.0.0-vscan.diff
Normal file
80
packaging/SuSE/samba-3.0.0-vscan.diff
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
--- examples/VFS/samba-vscan-0.3.1/fprot/Makefile 2002-11-26 15:20:17.000000000 +0100
|
||||||
|
+++ examples/VFS/samba-vscan-0.3.1/fprot/Makefile 2002-12-19 13:26:19.000000000 +0100
|
||||||
|
@@ -14,7 +14,7 @@
|
||||||
|
SMBWR_SRC = ../../../../source/smbwrapper
|
||||||
|
SMBVS_INCL = ../include
|
||||||
|
SMBVS_GLB = ../global
|
||||||
|
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
|
||||||
|
+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/heimdal
|
||||||
|
VFS_OBJS = vscan-fprotd.so
|
||||||
|
SOURCES = $(SMBVS_GLB)/vscan-functions.c $(SMBVS_GLB)/vscan-message.c $(SMBVS_GLB)/vscan-quarantine.c vscan-fprotd.c vscan-fprotd_core.c vscan-fprotd.h vscan-fprotd_core.h
|
||||||
|
OBJS = vscan-functions.lo vscan-message.lo vscan-quarantine.lo vscan-fprotd.lo vscan-fprotd_core.lo
|
||||||
|
--- examples/VFS/samba-vscan-0.3.1/include/vscan-global.h 2002-11-25 16:48:10.000000000 +0100
|
||||||
|
+++ examples/VFS/samba-vscan-0.3.1/include/vscan-global.h 2002-12-19 13:26:34.000000000 +0100
|
||||||
|
@@ -93,7 +93,7 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef SAMBA_VERSION_MAJOR
|
||||||
|
-# define SAMBA_VERSION_MAJOR 2
|
||||||
|
+# define SAMBA_VERSION_MAJOR 3
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef SAMBA_VERSION_MINOR
|
||||||
|
--- examples/VFS/samba-vscan-0.3.1/kaspersky/Makefile 2002-11-28 17:40:35.000000000 +0100
|
||||||
|
+++ examples/VFS/samba-vscan-0.3.1/kaspersky/Makefile 2002-12-19 13:27:23.000000000 +0100
|
||||||
|
@@ -23,9 +23,9 @@
|
||||||
|
VFS_OBJS = vscan-kavp.so
|
||||||
|
|
||||||
|
ifdef USE_DEBUG
|
||||||
|
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
|
||||||
|
+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/heimdal
|
||||||
|
else
|
||||||
|
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
|
||||||
|
+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/heimdal
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifndef USE_KAVPSHAREDLIB
|
||||||
|
--- examples/VFS/samba-vscan-0.3.1/mks/Makefile 2002-11-26 16:29:55.000000000 +0100
|
||||||
|
+++ examples/VFS/samba-vscan-0.3.1/mks/Makefile 2002-12-19 13:27:53.000000000 +0100
|
||||||
|
@@ -13,7 +13,7 @@
|
||||||
|
SMBWR_SRC = ../../../../source/smbwrapper
|
||||||
|
SMBVS_INCL = ../include
|
||||||
|
SMBVS_GLB = ../global
|
||||||
|
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
|
||||||
|
+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/heimdal
|
||||||
|
VFS_OBJS = vscan-mksd.so
|
||||||
|
SOURCES = $(SMBVS_GLB)/vscan-functions.c $(SMBVS_GLB)/vscan-message.c $(SMBVS_GLB)/vscan-quarantine.c vscan-mksd.c vscan-mksd_core.c vscan-mksd.h vscan-mksd_core.h mks.h mks_c.c
|
||||||
|
OBJS = vscan-functions.lo vscan-message.lo vscan-quarantine.lo vscan-mksd.lo vscan-mksd_core.lo mks_c.lo
|
||||||
|
--- examples/VFS/samba-vscan-0.3.1/openantivirus/Makefile 2002-11-27 19:24:03.000000000 +0100
|
||||||
|
+++ examples/VFS/samba-vscan-0.3.1/openantivirus/Makefile 2002-12-19 13:28:10.000000000 +0100
|
||||||
|
@@ -15,7 +15,7 @@
|
||||||
|
SMBWR_SRC = ../../../../source/smbwrapper
|
||||||
|
SMBVS_INCL = ../include
|
||||||
|
SMBVS_GLB = ../global
|
||||||
|
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
|
||||||
|
+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/heimdal
|
||||||
|
VFS_OBJS = vscan-oav.so
|
||||||
|
SOURCES = $(SMBVS_GLB)/vscan-functions.c $(SMBVS_GLB)/vscan-message.c $(SMBVS_GLB)/vscan-quarantine.c vscan-oav.c vscan-oav_core.c vscan-oav.h vscan-oav_core.h
|
||||||
|
OBJS = vscan-functions.lo vscan-message.lo vscan-quarantine.lo vscan-oav.lo vscan-oav_core.lo
|
||||||
|
--- examples/VFS/samba-vscan-0.3.1/sophos/Makefile 2002-11-27 19:24:03.000000000 +0100
|
||||||
|
+++ examples/VFS/samba-vscan-0.3.1/sophos/Makefile 2002-12-19 13:29:20.000000000 +0100
|
||||||
|
@@ -15,7 +15,7 @@
|
||||||
|
SMBWR_SRC = ../../../../source/smbwrapper
|
||||||
|
SMBVS_INCL = ../include
|
||||||
|
SMBVS_GLB = ../global
|
||||||
|
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
|
||||||
|
+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/heimdal
|
||||||
|
VFS_OBJS = vscan-sophos.so
|
||||||
|
SOURCES = $(SMBVS_GLB)/vscan-functions.c $(SMBVS_GLB)/vscan-message.c $(SMBVS_GLB)/vscan-quarantine.c vscan-sophos.c vscan-sophos_core.c vscan-sophos.h vscan-sophos_core.h
|
||||||
|
OBJS = vscan-functions.lo vscan-message.lo vscan-quarantine.lo vscan-sophos.lo vscan-sophos_core.lo
|
||||||
|
--- examples/VFS/samba-vscan-0.3.1/trend/Makefile 2002-11-27 19:24:03.000000000 +0100
|
||||||
|
+++ examples/VFS/samba-vscan-0.3.1/trend/Makefile 2002-12-19 13:29:31.000000000 +0100
|
||||||
|
@@ -15,7 +15,7 @@
|
||||||
|
SMBWR_SRC = ../../../../source/smbwrapper
|
||||||
|
SMBVS_INCL = ../include
|
||||||
|
SMBVS_GLB = ../global
|
||||||
|
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
|
||||||
|
+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -I$(SMBVS_INCL) -Wall -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/heimdal
|
||||||
|
VFS_OBJS = vscan-trend.so
|
||||||
|
SOURCES = $(SMBVS_GLB)/vscan-functions.c $(SMBVS_GLB)/vscan-message.c $(SMBVS_GLB)/vscan-quarantine.c vscan-trend.c vscan-trend_core.c vscan-trend.h vscan-trend_core.h
|
||||||
|
OBJS = vscan-functions.lo vscan-message.lo vscan-quarantine.lo vscan-trend.lo vscan-trend_core.lo
|
BIN
packaging/SuSE/samba-3.0.0.files.tar.bz2
Normal file
BIN
packaging/SuSE/samba-3.0.0.files.tar.bz2
Normal file
Binary file not shown.
BIN
packaging/SuSE/samba-vscan-0.3.1.tar.bz2
Normal file
BIN
packaging/SuSE/samba-vscan-0.3.1.tar.bz2
Normal file
Binary file not shown.
764
packaging/SuSE/samba3.spec
Normal file
764
packaging/SuSE/samba3.spec
Normal file
@ -0,0 +1,764 @@
|
|||||||
|
#
|
||||||
|
# spec file for package samba (Version HEAD) CVS
|
||||||
|
#
|
||||||
|
# Copyright (c) 2002 SuSE Linux AG, Nuernberg, Germany.
|
||||||
|
# This file and all modifications and additions to the pristine
|
||||||
|
# package are under the same license as the package itself.
|
||||||
|
#
|
||||||
|
# packaged by Guenther Deschner <gd@suse.de> - work is not finished yet !
|
||||||
|
|
||||||
|
# neededforbuild acl acl-devel attr attr-devel autoconf automake heimdal-devel heimdal-lib libxml2 libxml2-devel mysql-devel mysql-shared openldap2 openldap2-client openldap2-devel openssl openssl-devel popt popt-devel python python-devel readline readline-devel
|
||||||
|
# usedforbuild aaa_base aaa_version acl attr bash bind9-utils bison cpio cpp cyrus-sasl db devs diffutils e2fsprogs file filesystem fileutils fillup findutils flex gawk gdbm-devel glibc glibc-devel glibc-locale gpm grep groff gzip kbd less libgcc libstdc++ libxcrypt m4 make man mktemp modutils ncurses ncurses-devel net-tools netcfg pam pam-devel pam-modules patch permissions ps rcs readline sed sendmail sh-utils shadow strace syslogd sysvinit tar texinfo textutils timezone unzip util-linux vim zlib-devel acl-devel attr-devel autoconf automake binutils bzip2 cracklib gcc gdbm gettext heimdal-devel heimdal-lib libtool libxml2 libxml2-devel mysql-devel mysql-shared openldap2 openldap2-client openldap2-devel openssl openssl-devel perl popt popt-devel python python-devel readline-devel rpm zlib
|
||||||
|
|
||||||
|
|
||||||
|
Vendor: SuSE Linux AG, GS Berlin, Germany
|
||||||
|
Distribution: SuSE Linux 8.1 (i386)
|
||||||
|
Name: samba
|
||||||
|
Packager: gd@suse.de
|
||||||
|
License: GPL
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
Url: http://www.samba.org
|
||||||
|
Provides: samba smbfs
|
||||||
|
Obsoletes: samba-classic samba-ldap
|
||||||
|
Autoreqprov: on
|
||||||
|
%define smbwrap 0
|
||||||
|
%define mit_kerberos 0
|
||||||
|
%define heimdal_kerberos 1
|
||||||
|
%define devel 0
|
||||||
|
%define head 0
|
||||||
|
%define python 1
|
||||||
|
%define netatalk 0
|
||||||
|
%define newsam 0
|
||||||
|
%define samba_ver 3.0.0
|
||||||
|
Requires: samba-client = %{samba_ver}
|
||||||
|
Version: 3.0.0
|
||||||
|
Release: %(date +%%j)
|
||||||
|
Summary: An SMB file server for Unix
|
||||||
|
Source: %{name}-%{version}.tar.bz2
|
||||||
|
Source10: %{name}-%{version}.files.tar.bz2
|
||||||
|
Source50: http://prdownloads.sourceforge.net/openantivirus/samba-vscan-%{vscan_ver}.tar.bz2
|
||||||
|
Patch1: %{name}-%{version}-pdb.diff
|
||||||
|
Patch10: %{name}-%{version}-net_ads.diff
|
||||||
|
Patch22: %{name}-%{version}-msdfs.diff
|
||||||
|
Patch30: %{name}-%{version}-python.diff
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||||
|
%define DOCDIR %{_defaultdocdir}/%{name}
|
||||||
|
%define SWATDIR %{_datadir}/samba/swat
|
||||||
|
%define vscan_ver 0.3.1
|
||||||
|
%define vscan_modules fprot kaspersky mks openantivirus sophos trend
|
||||||
|
Patch51: %{name}-%{version}-vscan.diff
|
||||||
|
|
||||||
|
%package client
|
||||||
|
Summary: Samba client utilities
|
||||||
|
Autoreqprov: on
|
||||||
|
Requires: cups-libs
|
||||||
|
Obsoletes: smbclnt samba-classic-client samba-ldap-client
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
|
||||||
|
%package winbind
|
||||||
|
Requires: samba-client samba
|
||||||
|
Summary: Samba Winbind-package
|
||||||
|
Autoreqprov: on
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
|
||||||
|
%package utils
|
||||||
|
Summary: Samba Testing Utilities
|
||||||
|
Autoreqprov: on
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: Samba Documentation
|
||||||
|
Autoreqprov: on
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
|
||||||
|
%package pdb
|
||||||
|
Summary: Samba PDB-Modules
|
||||||
|
Autoreqprov: on
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
|
||||||
|
%package vfs
|
||||||
|
Summary: Samba VFS-Modules
|
||||||
|
Autoreqprov: on
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
|
||||||
|
%if %{newsam} > 0
|
||||||
|
%package sam
|
||||||
|
Summary: Samba SAM-Modules
|
||||||
|
Autoreqprov: on
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%package vscan
|
||||||
|
Summary: Samba VFS-Modules for Virusscanners
|
||||||
|
Autoreqprov: on
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
Version: 0.3.1
|
||||||
|
|
||||||
|
%package python
|
||||||
|
Summary: Samba Python-Modules
|
||||||
|
Autoreqprov: on
|
||||||
|
Group: Productivity/Networking/Samba
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Sat Nov 3 2001 - gd@suse.de
|
||||||
|
- start
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
[ $RPM_BUILD_ROOT = "/" ] && (echo "your buildroot is /" && exit 0) || rm -rf $RPM_BUILD_ROOT
|
||||||
|
mkdir $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%setup -n %{name}-%{samba_ver}
|
||||||
|
%setup -T -D -a 50
|
||||||
|
cp -ar samba-vscan-%{vscan_ver} examples/VFS/
|
||||||
|
|
||||||
|
# untar my configs
|
||||||
|
%setup -T -D -a 10
|
||||||
|
|
||||||
|
%if %{heimdal_kerberos} > 0
|
||||||
|
%patch1
|
||||||
|
%patch51
|
||||||
|
%endif
|
||||||
|
#%patch10
|
||||||
|
#%patch22
|
||||||
|
#%patch30
|
||||||
|
|
||||||
|
find . -name CVS -print | xargs rm -rf
|
||||||
|
find . -name ".cvsignore" -print | xargs rm -rf
|
||||||
|
find . -name "'*.gd'" -print | xargs rm -rvf
|
||||||
|
find . -name "'*.orig'" -print | xargs rm -rvf
|
||||||
|
|
||||||
|
%build %{name}-%{samba_ver}
|
||||||
|
%{?suse_update_config:%{suse_update_config -f}}
|
||||||
|
cd source
|
||||||
|
./autogen.sh
|
||||||
|
libtoolize --force --copy
|
||||||
|
autoconf
|
||||||
|
export CFLAGS="$RPM_OPT_FLAGS -Wall -O -D_GNU_SOURCE -D_LARGEFILE64_SOURCE"
|
||||||
|
%ifarch ppc64
|
||||||
|
export CFLAGS="$CFLAGS -mminimal-toc"
|
||||||
|
%endif
|
||||||
|
CONF_OPTS_BASIC="\
|
||||||
|
--prefix=/usr \
|
||||||
|
--libdir=/etc/samba \
|
||||||
|
--localstatedir=/var/lib/samba \
|
||||||
|
--mandir=%{_mandir} \
|
||||||
|
--sbindir=/usr/sbin \
|
||||||
|
--with-privatedir=/etc/samba \
|
||||||
|
--with-piddir=/var/run/samba \
|
||||||
|
--with-codepagedir=/usr/share/samba/codepages \
|
||||||
|
--with-swatdir=/usr/share/samba/swat \
|
||||||
|
--with-smbmount \
|
||||||
|
--with-automount \
|
||||||
|
--enable-cups \
|
||||||
|
--with-msdfs \
|
||||||
|
--with-vfs \
|
||||||
|
--with-pam \
|
||||||
|
--with-pam_smbpass \
|
||||||
|
--with-utmp \
|
||||||
|
--with-winbind \
|
||||||
|
--with-tdbsam \
|
||||||
|
--with-ldapsam \
|
||||||
|
%if %{smbwrap}
|
||||||
|
--with-smbwrapper \
|
||||||
|
%endif
|
||||||
|
--with-quotas \
|
||||||
|
--with-acl-support \
|
||||||
|
--with-python=python2.2 \
|
||||||
|
--with-syslog \
|
||||||
|
"
|
||||||
|
CONF_OPTS_HEAD="\
|
||||||
|
--with-sam \
|
||||||
|
"
|
||||||
|
CONF_OPTS_HEIMDAL_KERBEROS="\
|
||||||
|
--with-krb5impl=heimdal \
|
||||||
|
"
|
||||||
|
CONF_OPTS_HEIMDAL_51_KERBEROS="\
|
||||||
|
--with-krb5impl=heimdal \
|
||||||
|
--with-krb5includes=/opt/heimdal-0.5.1/include \
|
||||||
|
--with-krb5libs=/opt/heimdal-0.5.1/lib \
|
||||||
|
"
|
||||||
|
CONF_OPTS_MIT_KERBEROS="\
|
||||||
|
--with-krb5impl=mit \
|
||||||
|
--with-krb5includes=/usr/kerberos/include \
|
||||||
|
--with-krb5libs=/usr/kerberos/lib \
|
||||||
|
"
|
||||||
|
CONF_OPTS_DEVEL="\
|
||||||
|
--enable-developer \
|
||||||
|
--enable-krb5developer \
|
||||||
|
--with-profiling-data \
|
||||||
|
"
|
||||||
|
CONF_OPTS="$CONF_OPTS_BASIC"
|
||||||
|
%if %{head} > 0
|
||||||
|
CONF_OPTS="$CONF_OPTS $CONF_OPTS_HEAD"
|
||||||
|
%endif
|
||||||
|
%if %{heimdal_kerberos} > 0
|
||||||
|
CONF_OPTS="$CONF_OPTS $CONF_OPTS_HEIMDAL_KERBEROS"
|
||||||
|
%endif
|
||||||
|
%if %{mit_kerberos} > 0
|
||||||
|
CONF_OPTS="$CONF_OPTS $CONF_OPTS_MIT_KERBEROS"
|
||||||
|
%endif
|
||||||
|
%if %{devel} > 0
|
||||||
|
CONF_OPTS="$CONF_OPTS $CONF_OPTS_DEVEL"
|
||||||
|
%endif
|
||||||
|
|
||||||
|
./configure $CONF_OPTS
|
||||||
|
|
||||||
|
### --with-ldapsam is now standard!
|
||||||
|
### --with-sendfile-support ---default now
|
||||||
|
# --with-nisplussam \
|
||||||
|
# --with-nisplus_home \
|
||||||
|
|
||||||
|
# with the new passdb-code we can finaly compile several passdb-backends
|
||||||
|
# and make our choice at runtime.
|
||||||
|
# HEAD and thus alpha21 no longer need this
|
||||||
|
#make proto
|
||||||
|
|
||||||
|
make \
|
||||||
|
LOCKDIR=/var/lib/samba \
|
||||||
|
LOGFILEBASE=/var/log/samba \
|
||||||
|
SBINDIR=/usr/sbin \
|
||||||
|
all \
|
||||||
|
torture \
|
||||||
|
nsswitch/libnss_wins.so \
|
||||||
|
debug2html \
|
||||||
|
libsmbclient \
|
||||||
|
bin/profiles \
|
||||||
|
everything
|
||||||
|
|
||||||
|
# everything = nsswitch smbwrapper smbtorture debug2html smbfilter nsswitch/libnss_wins.so
|
||||||
|
|
||||||
|
%if %{newsam} > 0
|
||||||
|
make bin/samtest
|
||||||
|
%endif
|
||||||
|
make modules
|
||||||
|
|
||||||
|
make -C tdb tdbdump tdbtest tdbtool tdbtorture
|
||||||
|
# tdbbackup is now in main Makefile
|
||||||
|
|
||||||
|
make talloctort
|
||||||
|
|
||||||
|
# VFS,PDB and SAM
|
||||||
|
EXAMPLEDIRS="pdb"
|
||||||
|
for i in $EXAMPLEDIRS; do make -C ../examples/$i; done
|
||||||
|
|
||||||
|
export USE_KAVPSHAREDLIB=0
|
||||||
|
for module in %{vscan_modules}; do
|
||||||
|
make -C ../examples/VFS/%{name}-vscan-%{vscan_ver}/${module};
|
||||||
|
done
|
||||||
|
|
||||||
|
# tim potters python
|
||||||
|
%if %{python} > 0
|
||||||
|
make python_ext
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
|
||||||
|
mkdir -p \
|
||||||
|
$RPM_BUILD_ROOT/usr/{bin,sbin} \
|
||||||
|
$RPM_BUILD_ROOT/usr/share/{man,samba/{scripts,swat}} \
|
||||||
|
$RPM_BUILD_ROOT/usr/lib/samba/{vfs,pdb,sam,vscan} \
|
||||||
|
$RPM_BUILD_ROOT/usr/lib/python2.2/lib-dynload \
|
||||||
|
$RPM_BUILD_ROOT/usr/include \
|
||||||
|
$RPM_BUILD_ROOT/etc/{pam.d,init.d,samba} \
|
||||||
|
$RPM_BUILD_ROOT/var/adm \
|
||||||
|
$RPM_BUILD_ROOT/sbin \
|
||||||
|
$RPM_BUILD_ROOT/lib/security \
|
||||||
|
$RPM_BUILD_ROOT/%{DOCDIR} \
|
||||||
|
$RPM_BUILD_ROOT/%{DOCDIR}-vscan \
|
||||||
|
$RPM_BUILD_ROOT/var/spool/samba \
|
||||||
|
$RPM_BUILD_ROOT/var/log/samba \
|
||||||
|
$RPM_BUILD_ROOT/var/run/samba \
|
||||||
|
$RPM_BUILD_ROOT/var/lib/samba/{netlogon,drivers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC},profiles}
|
||||||
|
|
||||||
|
cd source/
|
||||||
|
make install \
|
||||||
|
LIBDIR=$RPM_BUILD_ROOT/etc/samba \
|
||||||
|
LOGFILEBASE=$RPM_BUILD_ROOT/var/log/samba \
|
||||||
|
CONFIGFILE=$RPM_BUILD_ROOT/etc/samba/smb.conf \
|
||||||
|
LMHOSTSFILE=$RPM_BUILD_ROOT/etc/samba/lmhosts \
|
||||||
|
SWATDIR=$RPM_BUILD_ROOT/usr/share/samba/swat \
|
||||||
|
SBINDIR=$RPM_BUILD_ROOT/usr/sbin \
|
||||||
|
LOCKDIR=$RPM_BUILD_ROOT/var/lock/samba \
|
||||||
|
CODEPAGEDIR=$RPM_BUILD_ROOT/usr/share/samba/codepages \
|
||||||
|
DRIVERFILE=$RPM_BUILD_ROOT/etc/samba/printers.def \
|
||||||
|
BINDIR=$RPM_BUILD_ROOT/usr/bin \
|
||||||
|
SMB_PASSWD_FILE=$RPM_BUILD_ROOT/etc/samba/smbpasswd \
|
||||||
|
TDB_PASSWD_FILE=$RPM_BUILD_ROOT/etc/samba/smbpasswd.tdb \
|
||||||
|
MANDIR=$RPM_BUILD_ROOT/usr/share/man
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
# utility scripts
|
||||||
|
%if %{head} > 0
|
||||||
|
scripts="creategroup cvslog.pl scancvslog.pl"
|
||||||
|
%else
|
||||||
|
scripts="scancvslog.pl"
|
||||||
|
%endif
|
||||||
|
for i in $scripts; do
|
||||||
|
cp -a source/script/$i $RPM_BUILD_ROOT/usr/share/samba/scripts/
|
||||||
|
done
|
||||||
|
|
||||||
|
# move the man-pages (ugly lang thing, fixed in alpha16)
|
||||||
|
#mv $RPM_BUILD_ROOT/usr/share/man/lang/* $RPM_BUILD_ROOT/usr/share/man/
|
||||||
|
|
||||||
|
# configuration files
|
||||||
|
install -m 644 smb.conf* $RPM_BUILD_ROOT/etc/samba/
|
||||||
|
install -m 644 shares.conf $RPM_BUILD_ROOT/etc/samba/
|
||||||
|
install -m 644 lmhosts $RPM_BUILD_ROOT/etc/samba/
|
||||||
|
install -m 600 smbpasswd -o root -g root $RPM_BUILD_ROOT/etc/samba/
|
||||||
|
|
||||||
|
# pam
|
||||||
|
install -m 644 samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba
|
||||||
|
|
||||||
|
# sambamount
|
||||||
|
ln -sf /usr/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs
|
||||||
|
|
||||||
|
# start scripts
|
||||||
|
install rc.smb $RPM_BUILD_ROOT/etc/init.d/smb
|
||||||
|
ln -sf ../../etc/init.d/smb $RPM_BUILD_ROOT/usr/sbin/rcsmb
|
||||||
|
install rc.smbfs $RPM_BUILD_ROOT/etc/init.d/smbfs
|
||||||
|
ln -sf ../../etc/init.d/smbfs $RPM_BUILD_ROOT/usr/sbin/rcsmbfs
|
||||||
|
install rc.winbind $RPM_BUILD_ROOT/etc/init.d/winbind
|
||||||
|
ln -sf ../../etc/init.d/winbind $RPM_BUILD_ROOT/usr/sbin/rcwinbind
|
||||||
|
install rc.wrepl $RPM_BUILD_ROOT/etc/init.d/wrepl
|
||||||
|
ln -sf ../../etc/init.d/wrepl $RPM_BUILD_ROOT/usr/sbin/rcwrepl
|
||||||
|
|
||||||
|
#### disabled for 8.0
|
||||||
|
### rc.config fragment
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||||
|
cp rc.config.samba $RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||||
|
cp rc.config.winbind $RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||||
|
cp rc.config.wrepl $RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||||
|
|
||||||
|
# libnss_wins.so
|
||||||
|
cp source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib/libnss_wins.so
|
||||||
|
ln -sf /lib/libnss_wins.so $RPM_BUILD_ROOT/lib/libnss_wins.so.2
|
||||||
|
|
||||||
|
# winbind stuff
|
||||||
|
cp -a source/nsswitch/pam_winbind.so $RPM_BUILD_ROOT/lib/security/
|
||||||
|
cp -a source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/lib/
|
||||||
|
cp -a source/bin/winbindd $RPM_BUILD_ROOT/usr/sbin/
|
||||||
|
ln -sf /lib/libnss_winbind.so $RPM_BUILD_ROOT/lib/libnss_winbind.so.2
|
||||||
|
|
||||||
|
# pam_smbpass
|
||||||
|
cp -a source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security/
|
||||||
|
|
||||||
|
# smbfilter
|
||||||
|
cp -a source/bin/smbfilter $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
|
||||||
|
|
||||||
|
%{?suse_check}
|
||||||
|
|
||||||
|
## install libsmbclient
|
||||||
|
install -m0755 source/bin/{libsmbclient.so,libsmbclient.a} $RPM_BUILD_ROOT/%{_libdir}
|
||||||
|
ln -s /usr/lib/libsmbclient.so $RPM_BUILD_ROOT/%{_libdir}/libsmbclient.so.0
|
||||||
|
install -m0644 source/include/libsmbclient.h $RPM_BUILD_ROOT/%{_includedir}
|
||||||
|
|
||||||
|
# install smbtorture and other test-programs
|
||||||
|
install -m0755 source/bin/smbtorture $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
install -m0755 source/bin/talloctort $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
install -m0755 source/bin/{msgtest,masktest,locktest*} $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
install -m0755 source/bin/{vfstest,nsstest} $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
%if %{head} > 0
|
||||||
|
%if %{newsam} > 0
|
||||||
|
install -m0755 source/bin/samtest $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# install tdb tools
|
||||||
|
install -m0755 source/tdb/{tdbdump,tdbtest,tdbtool,tdbtorture} $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
|
||||||
|
|
||||||
|
# install VFS-modules
|
||||||
|
%if %{head} > 0
|
||||||
|
install -m0755 source/bin/developer.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
#install -m0755 examples/VFS/block/block.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
#install -m0755 examples/VFS/skel.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
%else
|
||||||
|
#install -m0755 examples/VFS/block/block.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
#install -m0755 examples/VFS/skel.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
%endif
|
||||||
|
install -m0755 source/bin/vfs_audit.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
install -m0755 source/bin/vfs_extd_audit.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
install -m0755 source/bin/vfs_recycle.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
%if %{netatalk}
|
||||||
|
install -m0755 source/bin/vfs_netatalk.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs/
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# install PDB-modules
|
||||||
|
%if %{head} > 0
|
||||||
|
install -m0755 source/bin/xml.so $RPM_BUILD_ROOT/%{_libdir}/samba/pdb/
|
||||||
|
install -m0755 source/bin/mysql.so $RPM_BUILD_ROOT/%{_libdir}/samba/pdb/
|
||||||
|
%else
|
||||||
|
install -m0755 source/bin/pdb_xml.so $RPM_BUILD_ROOT/%{_libdir}/samba/pdb/
|
||||||
|
install -m0755 source/bin/pdb_mysql.so $RPM_BUILD_ROOT/%{_libdir}/samba/pdb/
|
||||||
|
%endif
|
||||||
|
install -m0755 examples/pdb/pdb_test.so $RPM_BUILD_ROOT/%{_libdir}/samba/pdb/
|
||||||
|
|
||||||
|
# install SAM-modules
|
||||||
|
%if %{head} > 0
|
||||||
|
%if %{newsam} > 0
|
||||||
|
install -m0755 examples/sam/sam_skel.so $RPM_BUILD_ROOT/%{_libdir}/samba/sam/
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# install VSCAN-vfs-modules
|
||||||
|
install -m0755 examples/VFS/%{name}-vscan-%{vscan_ver}/*/*.so $RPM_BUILD_ROOT/%{_libdir}/samba/vscan/
|
||||||
|
|
||||||
|
# make examples clean
|
||||||
|
VFS="$RPM_BUILD_DIR/%{name}-%{samba_ver}/examples/VFS"
|
||||||
|
VSCAN="$VFS/%{name}-vscan-%{vscan_ver}"
|
||||||
|
PDB="$RPM_BUILD_DIR/%{name}-%{samba_ver}/examples/pdb"
|
||||||
|
%if %{head} > 0
|
||||||
|
%if %{newsam} > 0
|
||||||
|
SAM="$RPM_BUILD_DIR/%{name}-%{samba_ver}/examples/sam"
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
dirs="$PDB $SAM"
|
||||||
|
(for i in $dirs; do make -C $i clean; done)
|
||||||
|
(for i in %{vscan_modules}; do make -C $VSCAN/$i clean; done)
|
||||||
|
|
||||||
|
%if %{python} > 0
|
||||||
|
# install python
|
||||||
|
cp -a source/build/lib.*/samba $RPM_BUILD_ROOT/usr/lib/python2.2/lib-dynload/
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# whats this ?
|
||||||
|
install -m0755 source/bin/debug2html $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
|
||||||
|
%if %{smbwrap}
|
||||||
|
# install smbwrapper
|
||||||
|
install -m0755 source/bin/smbwrapper.so $RPM_BUILD_ROOT/%{_libdir}/samba/
|
||||||
|
install -m0755 source/bin/smbsh $RPM_BUILD_ROOT/usr/bin/
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# finally obsolete with alpha17 makefile
|
||||||
|
# install unicode-codepages
|
||||||
|
#install -m0755 source/codepages/{lowcase,upcase,valid}.dat $RPM_BUILD_ROOT/etc/samba/
|
||||||
|
|
||||||
|
# cleanup docs
|
||||||
|
rm -rf docs/*.[0-9]
|
||||||
|
chmod 644 `find docs examples -type f`
|
||||||
|
chmod 755 `find docs examples -type d`
|
||||||
|
mv COPYING Manifest README Read-Manifest-Now Roadmap WHATSNEW.txt $RPM_BUILD_ROOT/%{DOCDIR}/
|
||||||
|
cp source/msdfs/README $RPM_BUILD_ROOT/%{DOCDIR}/README.msdfs
|
||||||
|
#cp source/nsswitch/README $RPM_BUILD_ROOT/%{DOCDIR}/README.nsswitch
|
||||||
|
cp source/smbwrapper/README $RPM_BUILD_ROOT/%{DOCDIR}/README.smbwrapper
|
||||||
|
cp -a docs/* $RPM_BUILD_ROOT/%{DOCDIR}
|
||||||
|
cp -a examples/ $RPM_BUILD_ROOT/%{DOCDIR}
|
||||||
|
# save space...
|
||||||
|
rm -r \
|
||||||
|
$RPM_BUILD_ROOT/%{SWATDIR}/using_samba
|
||||||
|
ln -s %{DOCDIR}/htmldocs/using_samba $RPM_BUILD_ROOT/%{SWATDIR}
|
||||||
|
|
||||||
|
|
||||||
|
%post
|
||||||
|
###### disabled for 8.1
|
||||||
|
###echo "Updating etc/rc.config..."
|
||||||
|
##if [ -x bin/fillup ] ; then
|
||||||
|
## bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.samba
|
||||||
|
## bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.winbind
|
||||||
|
##else
|
||||||
|
## echo "ERROR: fillup not found. This should not happen. Please compare"
|
||||||
|
## echo "etc/rc.config and var/adm/fillup-templates/rc.config.samba and"
|
||||||
|
## echo "var/adm/fillup-templates/rc.config.winbind and update by hand."
|
||||||
|
##fi
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/var/adm/notify/messages
|
||||||
|
cat << EOF > var/adm/notify/messages/samba-notify
|
||||||
|
Achtung!
|
||||||
|
|
||||||
|
This is %{name}-%{samba_ver}. Please do not run on production systems.
|
||||||
|
|
||||||
|
You have been warned.
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Initialize runlevel links
|
||||||
|
#
|
||||||
|
%{fillup_and_insserv smb}
|
||||||
|
#sbin/insserv /etc/init.d/smb
|
||||||
|
|
||||||
|
%post client
|
||||||
|
#sbin/insserv /etc/init.d/smbfs
|
||||||
|
%{fillup_and_insserv -fpy smbfs}
|
||||||
|
%{fillup_only -ans samba client}
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%{insserv_cleanup}
|
||||||
|
#sbin/insserv /etc/init.d/
|
||||||
|
|
||||||
|
%postun client
|
||||||
|
%{insserv_cleanup}
|
||||||
|
#sbin/insserv /etc/init.d/
|
||||||
|
|
||||||
|
%post winbind
|
||||||
|
%{fillup_and_insserv winbind}
|
||||||
|
#sbin/insserv /etc/init.d/winbind
|
||||||
|
|
||||||
|
%postun winbind
|
||||||
|
%{insserv_cleanup}
|
||||||
|
#sbin/insserv /etc/init.d/
|
||||||
|
|
||||||
|
%clean
|
||||||
|
#make -C source realclean
|
||||||
|
|
||||||
|
%files
|
||||||
|
%config(noreplace) /etc/samba/smbpasswd
|
||||||
|
%config /etc/pam.d/samba
|
||||||
|
%config /etc/init.d/smb
|
||||||
|
%config /etc/init.d/wrepl
|
||||||
|
#/usr/bin/make_printerdef
|
||||||
|
/usr/bin/addtosmbpass
|
||||||
|
/usr/bin/convert_smbpasswd
|
||||||
|
/usr/bin/ntlm_auth
|
||||||
|
/usr/bin/profiles
|
||||||
|
/usr/bin/smbfilter
|
||||||
|
/usr/bin/smbpasswd
|
||||||
|
/usr/bin/smbstatus
|
||||||
|
/usr/bin/testparm
|
||||||
|
/usr/bin/testprns
|
||||||
|
#%doc %{_mandir}/man1/smbrun.1.gz
|
||||||
|
%doc %{_mandir}/man1/smbsh.1.gz
|
||||||
|
%doc %{_mandir}/man1/smbstatus.1.gz
|
||||||
|
%doc %{_mandir}/man1/testparm.1.gz
|
||||||
|
%doc %{_mandir}/man1/testprns.1.gz
|
||||||
|
%doc %{_mandir}/man5/smbpasswd.5.gz
|
||||||
|
%doc %{_mandir}/man7/samba.7.gz
|
||||||
|
%doc %{_mandir}/man8/nmbd.8.gz
|
||||||
|
%doc %{_mandir}/man8/smbd.8.gz
|
||||||
|
%doc %{_mandir}/man8/smbpasswd.8.gz
|
||||||
|
%doc %{_mandir}/man8/swat.8.gz
|
||||||
|
/usr/sbin/nmbd
|
||||||
|
/usr/sbin/smbd
|
||||||
|
/usr/sbin/swat
|
||||||
|
/usr/sbin/wrepld
|
||||||
|
/usr/sbin/rcsmb
|
||||||
|
/usr/sbin/rcwrepl
|
||||||
|
#/var/adm/fillup-templates/rc.config.samba
|
||||||
|
/var/log/samba
|
||||||
|
/var/spool/samba
|
||||||
|
/var/run/samba
|
||||||
|
/var/lib/samba
|
||||||
|
/usr/share/samba
|
||||||
|
/lib/security/pam_smbpass.so
|
||||||
|
|
||||||
|
%files client
|
||||||
|
%config(noreplace) /etc/samba/smb.conf
|
||||||
|
%config(noreplace) /etc/samba/lmhosts
|
||||||
|
/etc/samba/lowcase.dat
|
||||||
|
/etc/samba/upcase.dat
|
||||||
|
/etc/samba/valid.dat
|
||||||
|
%config /etc/init.d/smbfs
|
||||||
|
/usr/sbin/rcsmbfs
|
||||||
|
/sbin/mount.smbfs
|
||||||
|
/usr/bin/findsmb
|
||||||
|
/usr/bin/net
|
||||||
|
/usr/bin/nmblookup
|
||||||
|
/usr/bin/pdbedit
|
||||||
|
/usr/bin/rpcclient
|
||||||
|
/usr/bin/smbcacls
|
||||||
|
/usr/bin/smbcontrol
|
||||||
|
/usr/bin/smbclient
|
||||||
|
/usr/bin/smbmnt
|
||||||
|
/usr/bin/smbmount
|
||||||
|
%if %{smbwrap}
|
||||||
|
/usr/bin/smbsh
|
||||||
|
%endif
|
||||||
|
/usr/bin/smbumount
|
||||||
|
/usr/bin/smbspool
|
||||||
|
/usr/bin/smbtar
|
||||||
|
/usr/bin/smbtree
|
||||||
|
%doc %{_mandir}/man1/nmblookup.1.gz
|
||||||
|
%doc %{_mandir}/man1/rpcclient.1.gz
|
||||||
|
%doc %{_mandir}/man1/smbclient.1.gz
|
||||||
|
%doc %{_mandir}/man1/smbcacls.1.gz
|
||||||
|
%doc %{_mandir}/man1/smbcontrol.1.gz
|
||||||
|
%doc %{_mandir}/man1/smbtar.1.gz
|
||||||
|
%doc %{_mandir}/man5/lmhosts.5.gz
|
||||||
|
%doc %{_mandir}/man5/smb.conf.5.gz
|
||||||
|
%doc %{_mandir}/man8/net.8.gz
|
||||||
|
%doc %{_mandir}/man8/pdbedit.8.gz
|
||||||
|
%doc %{_mandir}/man8/smbmnt.8.gz
|
||||||
|
%doc %{_mandir}/man8/smbmount.8.gz
|
||||||
|
%doc %{_mandir}/man8/smbspool.8.gz
|
||||||
|
%doc %{_mandir}/man8/smbumount.8.gz
|
||||||
|
/usr/include/libsmbclient.h
|
||||||
|
%if %{smbwrap}
|
||||||
|
/usr/lib/samba/smbwrapper.so
|
||||||
|
%endif
|
||||||
|
/usr/lib/libsmbclient.a
|
||||||
|
/usr/lib/libsmbclient.so
|
||||||
|
/usr/lib/libsmbclient.so.0
|
||||||
|
|
||||||
|
%files winbind
|
||||||
|
%config(noreplace) /etc/samba/smb.conf.winbind
|
||||||
|
%config /etc/init.d/winbind
|
||||||
|
%doc %{_mandir}/man1/wbinfo.1.gz
|
||||||
|
%doc %{_mandir}/man8/winbindd.8.gz
|
||||||
|
/usr/bin/wbinfo
|
||||||
|
%if %{head} > 0
|
||||||
|
/usr/bin/ntlm_auth
|
||||||
|
%endif
|
||||||
|
/usr/sbin/winbindd
|
||||||
|
/usr/sbin/rcwinbind
|
||||||
|
#/var/adm/fillup-templates/rc.config.winbind
|
||||||
|
/lib/security/pam_winbind.so
|
||||||
|
/lib/libnss_winbind.so
|
||||||
|
/lib/libnss_winbind.so.2
|
||||||
|
/lib/libnss_wins.so
|
||||||
|
/lib/libnss_wins.so.2
|
||||||
|
|
||||||
|
%files utils
|
||||||
|
/usr/bin/smbtorture
|
||||||
|
/usr/bin/msgtest
|
||||||
|
/usr/bin/masktest
|
||||||
|
/usr/bin/locktest
|
||||||
|
/usr/bin/locktest2
|
||||||
|
/usr/bin/debug2html
|
||||||
|
/usr/bin/talloctort
|
||||||
|
/usr/bin/tdbbackup
|
||||||
|
/usr/bin/tdbdump
|
||||||
|
/usr/bin/tdbtest
|
||||||
|
/usr/bin/tdbtool
|
||||||
|
/usr/bin/tdbtorture
|
||||||
|
/usr/bin/vfstest
|
||||||
|
/usr/bin/nsstest
|
||||||
|
%if %{head} > 0
|
||||||
|
%if %{newsam} > 0
|
||||||
|
/usr/bin/samtest
|
||||||
|
%endif
|
||||||
|
/usr/bin/profiles
|
||||||
|
/usr/bin/editreg
|
||||||
|
%endif
|
||||||
|
%doc %{_mandir}/man1/vfstest.1.gz
|
||||||
|
|
||||||
|
%files doc
|
||||||
|
%docdir %{DOCDIR}
|
||||||
|
%{DOCDIR}
|
||||||
|
|
||||||
|
%files pdb
|
||||||
|
/usr/lib/samba/pdb
|
||||||
|
%doc examples/pdb/*
|
||||||
|
|
||||||
|
%files vfs
|
||||||
|
/usr/lib/samba/vfs
|
||||||
|
%doc examples/VFS/README*
|
||||||
|
%doc examples/VFS/Makefile*
|
||||||
|
#doc examples/VFS/audit*
|
||||||
|
#%doc examples/VFS/block*
|
||||||
|
#doc examples/VFS/netatalk*
|
||||||
|
#doc examples/VFS/recycle*
|
||||||
|
%doc examples/VFS/skel*
|
||||||
|
|
||||||
|
%if %{newsam} > 0
|
||||||
|
%files sam
|
||||||
|
/usr/lib/samba/sam
|
||||||
|
%if %{head} > 0
|
||||||
|
%doc examples/sam/*
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%files vscan
|
||||||
|
/usr/lib/samba/vscan
|
||||||
|
%doc %{name}-vscan-%{vscan_ver}/{AUTHORS,COPYING,ChangeLog,FAQ,NEWS,README,TODO}
|
||||||
|
|
||||||
|
|
||||||
|
%files python
|
||||||
|
%doc source/python/README
|
||||||
|
%if %{python} > 0
|
||||||
|
/usr/lib/python2.2/lib-dynload/samba
|
||||||
|
%doc source/python/examples
|
||||||
|
%doc source/python/gprinterdata
|
||||||
|
%doc source/python/gtdbtool
|
||||||
|
%doc source/python/gtkdictbrowser.py
|
||||||
|
%if %{head} > 0
|
||||||
|
%doc source/python/gtkdictbrowser.pyc
|
||||||
|
%doc source/python/printerdata.pyc
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description
|
||||||
|
Samba is a suite of programs which work together to allow clients to
|
||||||
|
access Unix filespace and printers via the SMB protocol (Server Message
|
||||||
|
Block).
|
||||||
|
In practice, this means that you can redirect disks and printers to
|
||||||
|
Unix disks and printers from LAN Manager clients, Windows for
|
||||||
|
Workgroups 3.11 clients, Windows'95 clients, Windows NT clients
|
||||||
|
and OS/2 clients. There is
|
||||||
|
also a Unix client program supplied as part of the suite which allows
|
||||||
|
Unix users to use an ftp-like interface to access filespace and
|
||||||
|
printers on any other SMB server.
|
||||||
|
Samba includes the following programs (in summary):
|
||||||
|
* smbd, the SMB server. This handles actual connections from clients.
|
||||||
|
* nmbd, the Netbios name server, which helps clients locate servers.
|
||||||
|
* smbclient, the Unix-hosted client program.
|
||||||
|
* smbrun, a little 'glue' program to help the server run external
|
||||||
|
programs.
|
||||||
|
* testprns, a program to test server access to printers.
|
||||||
|
* testparm, a program to test the Samba configuration file for correctness.
|
||||||
|
* smb.conf, the Samba configuration file.
|
||||||
|
* smbprint, a sample script to allow a Unix host to use smbclient
|
||||||
|
to print to an SMB server.
|
||||||
|
The suite is supplied with full source and is GPLed.
|
||||||
|
This package expects its config file under /etc/smb.conf .
|
||||||
|
|
||||||
|
Authors:
|
||||||
|
--------
|
||||||
|
Andrew Tridgell <Andrew.Tridgell@anu.edu.au>
|
||||||
|
Karl Auer <Karl.Auer@anu.edu.au>
|
||||||
|
Jeremy Allison <jeremy@netcom.com>
|
||||||
|
|
||||||
|
SuSE series: n
|
||||||
|
|
||||||
|
|
||||||
|
%description client
|
||||||
|
This package contains all programs, that are needed to act as a samba
|
||||||
|
client. This includes also smbmount, of course.
|
||||||
|
|
||||||
|
Authors:
|
||||||
|
--------
|
||||||
|
Andrew Tridgell <Andrew.Tridgell@anu.edu.au>
|
||||||
|
Karl Auer <Karl.Auer@anu.edu.au>
|
||||||
|
Jeremy Allison <jeremy@netcom.com>
|
||||||
|
|
||||||
|
SuSE series: n
|
||||||
|
|
||||||
|
|
||||||
|
%description winbind
|
||||||
|
This is the winbind-daemon and the wbinfo-tool.
|
||||||
|
|
||||||
|
%description utils
|
||||||
|
Some of the debug-tools for developpers.
|
||||||
|
Contains:
|
||||||
|
- debug2html
|
||||||
|
- locktest
|
||||||
|
- locktest2
|
||||||
|
- masktest
|
||||||
|
- msgtest
|
||||||
|
- smbtorture
|
||||||
|
- talloctort
|
||||||
|
- several tdb-tools
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
The Samba Documentation.
|
||||||
|
|
||||||
|
%description vfs
|
||||||
|
The Samba VFS-Modules.
|
||||||
|
|
||||||
|
%description pdb
|
||||||
|
The Samba PDB-Modules.
|
||||||
|
|
||||||
|
%if %{newsam} > 0
|
||||||
|
%description sam
|
||||||
|
The Samba SAM-Modules.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description vscan
|
||||||
|
The Samba VFS-Modules for Virusscanners.
|
||||||
|
|
||||||
|
%description python
|
||||||
|
The Samba python-Modules.
|
36
source3/build-me
Executable file
36
source3/build-me
Executable file
@ -0,0 +1,36 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
umask 022
|
||||||
|
|
||||||
|
## Build options
|
||||||
|
CONFIGUREOPT="--enable-debug --enable-developer --with-pam --with-libsmbclient=no --with-static-modules"
|
||||||
|
export CONFIGUREOPT
|
||||||
|
|
||||||
|
./autogen.sh
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
dmalloc)
|
||||||
|
env CFLAGS="-Wall" ./configure \
|
||||||
|
--enable-dmalloc \
|
||||||
|
$CONFIGUREOPT
|
||||||
|
;;
|
||||||
|
insure)
|
||||||
|
env CFLAGS="-g" CC="insure" ./configure \
|
||||||
|
$CONFIGUREOPT
|
||||||
|
;;
|
||||||
|
ccache)
|
||||||
|
env CFLAGS="-Wall" CC="ccache gcc" ./configure \
|
||||||
|
$CONFIGUREOPT
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
env CFLAGS="-Wall" ./configure \
|
||||||
|
$CONFIGUREOPT
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
## disable optimization
|
||||||
|
sed 's/-O //g' Makefile | sed 's/-O2 //g' > Makefile.new; /bin/mv -f Makefile.new Makefile
|
||||||
|
|
||||||
|
## build
|
||||||
|
make proto
|
||||||
|
make all modules
|
142
source3/include/smbldap.h
Normal file
142
source3/include/smbldap.h
Normal file
@ -0,0 +1,142 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS mplementation.
|
||||||
|
LDAP protocol helper functions for SAMBA
|
||||||
|
Copyright (C) Gerald Carter 2001-2003
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _SMBLDAP_H
|
||||||
|
#define _SMBLDAP_H
|
||||||
|
|
||||||
|
#ifdef HAVE_LDAP
|
||||||
|
|
||||||
|
/* specify schema versions between 2.2. and 3.0 */
|
||||||
|
|
||||||
|
#define SCHEMAVER_SAMBAACCOUNT 1
|
||||||
|
#define SCHEMAVER_SAMBASAMACCOUNT 2
|
||||||
|
|
||||||
|
/* objectclass names */
|
||||||
|
|
||||||
|
#define LDAP_OBJ_SAMBASAMACCOUNT "sambaSamAccount"
|
||||||
|
#define LDAP_OBJ_SAMBAACCOUNT "sambaAccount"
|
||||||
|
#define LDAP_OBJ_GROUPMAP "sambaGroupMapping"
|
||||||
|
#define LDAP_OBJ_DOMINFO "sambaDomain"
|
||||||
|
#define LDAP_OBJ_IDPOOL "sambaUnixIdPool"
|
||||||
|
#define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry"
|
||||||
|
#define LDAP_OBJ_SID_ENTRY "sambaSidEntry"
|
||||||
|
|
||||||
|
#define LDAP_OBJ_ACCOUNT "account"
|
||||||
|
#define LDAP_OBJ_POSIXACCOUNT "posixAccount"
|
||||||
|
#define LDAP_OBJ_POSIXGROUP "posixGroup"
|
||||||
|
#define LDAP_OBJ_OU "organizationalUnit"
|
||||||
|
|
||||||
|
/* some generic attributes that get reused a lot */
|
||||||
|
|
||||||
|
#define LDAP_ATTRIBUTE_SID "sambaSID"
|
||||||
|
#define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber"
|
||||||
|
#define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber"
|
||||||
|
|
||||||
|
/* attribute map table indexes */
|
||||||
|
|
||||||
|
#define LDAP_ATTR_LIST_END 0
|
||||||
|
#define LDAP_ATTR_UID 1
|
||||||
|
#define LDAP_ATTR_UIDNUMBER 2
|
||||||
|
#define LDAP_ATTR_GIDNUMBER 3
|
||||||
|
#define LDAP_ATTR_UNIX_HOME 4
|
||||||
|
#define LDAP_ATTR_PWD_LAST_SET 5
|
||||||
|
#define LDAP_ATTR_PWD_CAN_CHANGE 6
|
||||||
|
#define LDAP_ATTR_PWD_MUST_CHANGE 7
|
||||||
|
#define LDAP_ATTR_LOGON_TIME 8
|
||||||
|
#define LDAP_ATTR_LOGOFF_TIME 9
|
||||||
|
#define LDAP_ATTR_KICKOFF_TIME 10
|
||||||
|
#define LDAP_ATTR_CN 11
|
||||||
|
#define LDAP_ATTR_DISPLAY_NAME 12
|
||||||
|
#define LDAP_ATTR_HOME_PATH 13
|
||||||
|
#define LDAP_ATTR_LOGON_SCRIPT 14
|
||||||
|
#define LDAP_ATTR_PROFILE_PATH 15
|
||||||
|
#define LDAP_ATTR_DESC 16
|
||||||
|
#define LDAP_ATTR_USER_WKS 17
|
||||||
|
#define LDAP_ATTR_USER_SID 18
|
||||||
|
#define LDAP_ATTR_USER_RID 18
|
||||||
|
#define LDAP_ATTR_PRIMARY_GROUP_SID 19
|
||||||
|
#define LDAP_ATTR_PRIMARY_GROUP_RID 20
|
||||||
|
#define LDAP_ATTR_LMPW 21
|
||||||
|
#define LDAP_ATTR_NTPW 22
|
||||||
|
#define LDAP_ATTR_DOMAIN 23
|
||||||
|
#define LDAP_ATTR_OBJCLASS 24
|
||||||
|
#define LDAP_ATTR_ACB_INFO 25
|
||||||
|
#define LDAP_ATTR_NEXT_USERRID 26
|
||||||
|
#define LDAP_ATTR_NEXT_GROUPRID 27
|
||||||
|
#define LDAP_ATTR_DOM_SID 28
|
||||||
|
#define LDAP_ATTR_HOME_DRIVE 29
|
||||||
|
#define LDAP_ATTR_GROUP_SID 30
|
||||||
|
#define LDAP_ATTR_GROUP_TYPE 31
|
||||||
|
#define LDAP_ATTR_SID 32
|
||||||
|
#define LDAP_ATTR_ALGORITHMIC_RID_BASE 33
|
||||||
|
#define LDAP_ATTR_NEXT_RID 34
|
||||||
|
|
||||||
|
typedef struct _attrib_map_entry {
|
||||||
|
int attrib;
|
||||||
|
const char *name;
|
||||||
|
} ATTRIB_MAP_ENTRY;
|
||||||
|
|
||||||
|
|
||||||
|
/* structures */
|
||||||
|
|
||||||
|
extern ATTRIB_MAP_ENTRY attrib_map_v22[];
|
||||||
|
extern ATTRIB_MAP_ENTRY attrib_map_v30[];
|
||||||
|
extern ATTRIB_MAP_ENTRY dominfo_attr_list[];
|
||||||
|
extern ATTRIB_MAP_ENTRY groupmap_attr_list[];
|
||||||
|
extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[];
|
||||||
|
extern ATTRIB_MAP_ENTRY idpool_attr_list[];
|
||||||
|
extern ATTRIB_MAP_ENTRY sidmap_attr_list[];
|
||||||
|
|
||||||
|
/* Function declarations -- not included in proto.h so we don't
|
||||||
|
have to worry about LDAP structure types */
|
||||||
|
|
||||||
|
const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key );
|
||||||
|
char** get_attr_list( ATTRIB_MAP_ENTRY table[] );
|
||||||
|
void free_attr_list( char **list );
|
||||||
|
void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value);
|
||||||
|
void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing,
|
||||||
|
LDAPMod ***mods,
|
||||||
|
const char *attribute, const char *newval);
|
||||||
|
BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
|
||||||
|
const char *attribute, pstring value);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Struct to keep the state for all the ldap stuff
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
struct smbldap_state {
|
||||||
|
LDAP *ldap_struct;
|
||||||
|
time_t last_ping;
|
||||||
|
/* retrive-once info */
|
||||||
|
const char *uri;
|
||||||
|
char *bind_dn;
|
||||||
|
char *bind_secret;
|
||||||
|
|
||||||
|
unsigned int num_failures;
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif /* HAVE_LDAP */
|
||||||
|
|
||||||
|
struct smbldap_state;
|
||||||
|
|
||||||
|
#endif /* _SMBLDAP_H */
|
||||||
|
|
204
source3/include/sysquotas.h
Normal file
204
source3/include/sysquotas.h
Normal file
@ -0,0 +1,204 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
SYS QUOTA code constants
|
||||||
|
Copyright (C) Stefan (metze) Metzmacher 2003
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _SYSQUOTAS_H
|
||||||
|
#define _SYSQUOTAS_H
|
||||||
|
|
||||||
|
#ifdef HAVE_SYS_QUOTAS
|
||||||
|
|
||||||
|
/* Sometimes we need this on linux for linux/quota.h */
|
||||||
|
#ifdef HAVE_SYS_TYPES_H
|
||||||
|
#include <sys/types.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_ASM_TYPES_H
|
||||||
|
#include <asm/types.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This shouldn't be neccessary - it should be /usr/include/sys/quota.h
|
||||||
|
* Unfortunately, RH7.1 ships with a different quota system using struct mem_dqblk
|
||||||
|
* rather than the struct dqblk defined in /usr/include/sys/quota.h.
|
||||||
|
* This means we must include linux/quota.h to have a hope of working on
|
||||||
|
* RH7.1 systems. And it also means this breaks if the kernel is upgraded
|
||||||
|
* to a Linus 2.4.x (where x > the minor number shipped with RH7.1) until
|
||||||
|
* Linus synchronises with the AC patches. Sometimes I *hate* Linux :-). JRA.
|
||||||
|
*/
|
||||||
|
#ifdef HAVE_LINUX_QUOTA_H
|
||||||
|
#include <linux/quota.h>
|
||||||
|
#elif defined(HAVE_SYS_QUOTA_H)
|
||||||
|
#include <sys/quota.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(HAVE_STRUCT_IF_DQBLK)
|
||||||
|
# define SYS_DQBLK if_dqblk
|
||||||
|
# define dqb_curblocks dqb_curspace/bsize
|
||||||
|
#elif defined(HAVE_STRUCT_MEM_DQBLK)
|
||||||
|
# define SYS_DQBLK mem_dqblk
|
||||||
|
# define dqb_curblocks dqb_curspace/bsize
|
||||||
|
#else /* STRUCT_DQBLK */
|
||||||
|
# define SYS_DQBLK dqblk
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef Q_SETQLIM
|
||||||
|
#define Q_SETQLIM Q_SETQUOTA
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*********************************************
|
||||||
|
check for XFS QUOTA MANAGER
|
||||||
|
*********************************************/
|
||||||
|
/* on linux */
|
||||||
|
#ifdef HAVE_LINUX_XQM_H
|
||||||
|
# include <linux/xqm.h>
|
||||||
|
# define HAVE_XFS_QUOTA
|
||||||
|
#else
|
||||||
|
# ifdef HAVE_XFS_XQM_H
|
||||||
|
# include <xfs/xqm.h>
|
||||||
|
# define HAVE_XFS_QUOTA
|
||||||
|
# else
|
||||||
|
# ifdef HAVE_LINUX_DQBLK_XFS_H
|
||||||
|
# include <linux/dqblk_xfs.h>
|
||||||
|
# define HAVE_XFS_QUOTA
|
||||||
|
# endif
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
/* on IRIX */
|
||||||
|
#ifdef Q_XGETQUOTA
|
||||||
|
# ifndef HAVE_XFS_QUOTA
|
||||||
|
# define HAVE_XFS_QUOTA
|
||||||
|
# ifndef Q_XQUOTAON
|
||||||
|
# define Q_XQUOTAON Q_QUOTAON
|
||||||
|
# endif /* Q_XQUOTAON */
|
||||||
|
# ifndef Q_XQUOTAOFF
|
||||||
|
# define Q_XQUOTAOFF Q_QUOTAOFF
|
||||||
|
# endif /* Q_XQUOTAOFF */
|
||||||
|
# ifndef Q_XGETQSTAT
|
||||||
|
# define Q_XGETQSTAT Q_GETQSTAT
|
||||||
|
# endif /* Q_XGETQSTAT */
|
||||||
|
# endif /* HAVE_XFS_QUOTA */
|
||||||
|
#endif /* Q_XGETQUOTA */
|
||||||
|
|
||||||
|
#ifdef HAVE_XFS_QUOTA
|
||||||
|
/* Linux has BBSIZE in <linux/xfs_fs.h>
|
||||||
|
* or <xfs/xfs_fs.h>
|
||||||
|
* IRIX has BBSIZE in <sys/param.h>
|
||||||
|
*/
|
||||||
|
#ifdef HAVE_LINUX_XFS_FS_H
|
||||||
|
#include <linux/xfs_fs.h>
|
||||||
|
#elif defined(HAVE_XFS_XFS_FS_H)
|
||||||
|
#include <xfs/xfs_fs.h>
|
||||||
|
#endif /* *_XFS_FS_H */
|
||||||
|
|
||||||
|
#ifndef BBSHIFT
|
||||||
|
#define BBSHIFT 9
|
||||||
|
#endif /* BBSHIFT */
|
||||||
|
#ifndef BBSIZE
|
||||||
|
#define BBSIZE (1<<BBSHIFT)
|
||||||
|
#endif /* BBSIZE */
|
||||||
|
|
||||||
|
#endif /* HAVE_XFS_QUOTA */
|
||||||
|
|
||||||
|
#ifdef LINUX
|
||||||
|
# ifndef QUOTABLOCK_SIZE
|
||||||
|
# define QUOTABLOCK_SIZE 1024
|
||||||
|
# endif
|
||||||
|
/* end LINUX */
|
||||||
|
#elif defined(IRIX6)
|
||||||
|
# ifndef QUOTABLOCK_SIZE
|
||||||
|
# define QUOTABLOCK_SIZE BBSIZE
|
||||||
|
# endif
|
||||||
|
/* end IRIX6 */
|
||||||
|
#else /* HPUP,... */
|
||||||
|
# ifndef QUOTABLOCK_SIZE
|
||||||
|
# define QUOTABLOCK_SIZE DEV_BSIZE
|
||||||
|
# endif
|
||||||
|
#endif /* HPUP,... */
|
||||||
|
|
||||||
|
#if !defined(QUOTAFILENAME) && defined(QFILENAME)
|
||||||
|
#define QUOTAFILENAME QFILENAME
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef INITQFNAMES
|
||||||
|
#define USERQUOTAFILE_EXTENSION ".user"
|
||||||
|
#else
|
||||||
|
#define USERQUOTAFILE_EXTENSION ""
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* this check should be before the QCMD fake! */
|
||||||
|
#if defined(QCMD)&&defined(GRPQUOTA)
|
||||||
|
#define HAVE_GROUP_QUOTA
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* on some systems we have to fake this up ...*/
|
||||||
|
#ifndef QCMD
|
||||||
|
#define QCMD(cmd,type) (cmd)
|
||||||
|
#endif /* QCMD */
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef HAVE_DQB_FSOFTLIMIT
|
||||||
|
#define dqb_isoftlimit dqb_fsoftlimit
|
||||||
|
#define dqb_ihardlimit dqb_fhardlimit
|
||||||
|
#define dqb_curinodes dqb_curfiles
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* maybe we can add a configure test for HAVE_CADDR_T,
|
||||||
|
* but it's not needed
|
||||||
|
*/
|
||||||
|
#ifdef HAVE_CADDR_T
|
||||||
|
#define CADDR_T caddr_t
|
||||||
|
#else /* CADDR_T */
|
||||||
|
#define CADDR_T void*
|
||||||
|
#endif /* CADDR_T */
|
||||||
|
|
||||||
|
#if defined(HAVE_MNTENT_H)&&defined(HAVE_SETMNTENT)&&defined(HAVE_GETMNTENT)&&defined(HAVE_ENDMNTENT)
|
||||||
|
#include <mntent.h>
|
||||||
|
#define HAVE_MNTENT 1
|
||||||
|
/*#endif defined(HAVE_MNTENT_H)&&defined(HAVE_SETMNTENT)&&defined(HAVE_GETMNTENT)&&defined(HAVE_ENDMNTENT) */
|
||||||
|
#elif defined(HAVE_DEVNM_H)&&defined(HAVE_DEVNM)
|
||||||
|
#include <devnm.h>
|
||||||
|
#endif /* defined(HAVE_DEVNM_H)&&defined(HAVE_DEVNM) */
|
||||||
|
|
||||||
|
#endif /* HAVE_SYS_QUOTAS */
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef QUOTABLOCK_SIZE
|
||||||
|
#define QUOTABLOCK_SIZE 1024
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**************************************************
|
||||||
|
Some stuff for the sys_quota api.
|
||||||
|
**************************************************/
|
||||||
|
|
||||||
|
#define SMB_QUOTAS_NO_LIMIT ((SMB_BIG_UINT)(0))
|
||||||
|
#define SMB_QUOTAS_NO_SPACE ((SMB_BIG_UINT)(1))
|
||||||
|
|
||||||
|
typedef struct _SMB_DISK_QUOTA {
|
||||||
|
enum SMB_QUOTA_TYPE qtype;
|
||||||
|
SMB_BIG_UINT bsize;
|
||||||
|
SMB_BIG_UINT hardlimit; /* In bsize units. */
|
||||||
|
SMB_BIG_UINT softlimit; /* In bsize units. */
|
||||||
|
SMB_BIG_UINT curblocks; /* In bsize units. */
|
||||||
|
SMB_BIG_UINT ihardlimit; /* inode hard limit. */
|
||||||
|
SMB_BIG_UINT isoftlimit; /* inode soft limit. */
|
||||||
|
SMB_BIG_UINT curinodes; /* Current used inodes. */
|
||||||
|
uint32 qflags;
|
||||||
|
} SMB_DISK_QUOTA;
|
||||||
|
|
||||||
|
#endif /*_SYSQUOTAS_H */
|
309
source3/include/vfs_macros.h
Normal file
309
source3/include/vfs_macros.h
Normal file
@ -0,0 +1,309 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
VFS wrapper macros
|
||||||
|
Copyright (C) Stefan (metze) Metzmacher 2003
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _VFS_MACROS_H
|
||||||
|
#define _VFS_MACROS_H
|
||||||
|
|
||||||
|
/*******************************************************************
|
||||||
|
Don't access conn->vfs.ops.* directly!!!
|
||||||
|
Use this macros!
|
||||||
|
(Fixes should go also into the vfs_opaque_* and vfs_next_* macros!)
|
||||||
|
********************************************************************/
|
||||||
|
|
||||||
|
/* Disk operations */
|
||||||
|
#define SMB_VFS_CONNECT(conn, service, user) ((conn)->vfs.ops.connect((conn)->vfs.handles.connect, (conn), (service), (user)))
|
||||||
|
#define SMB_VFS_DISCONNECT(conn) ((conn)->vfs.ops.disconnect((conn)->vfs.handles.disconnect, (conn)))
|
||||||
|
#define SMB_VFS_DISK_FREE(conn, path, small_query, bsize, dfree ,dsize) ((conn)->vfs.ops.disk_free((conn)->vfs.handles.disk_free, (conn), (path), (small_query), (bsize), (dfree), (dsize)))
|
||||||
|
#define SMB_VFS_GET_QUOTA(conn, qtype, id, qt) ((conn)->vfs.ops.get_quota((conn)->vfs.handles.get_quota, (conn), (qtype), (id), (qt)))
|
||||||
|
#define SMB_VFS_SET_QUOTA(conn, qtype, id, qt) ((conn)->vfs.ops.set_quota((conn)->vfs.handles.set_quota, (conn), (qtype), (id), (qt)))
|
||||||
|
|
||||||
|
/* Directory operations */
|
||||||
|
#define SMB_VFS_OPENDIR(conn, fname) ((conn)->vfs.ops.opendir((conn)->vfs.handles.opendir, (conn), (fname)))
|
||||||
|
#define SMB_VFS_READDIR(conn, dirp) ((conn)->vfs.ops.readdir((conn)->vfs.handles.readdir, (conn), (dirp)))
|
||||||
|
#define SMB_VFS_MKDIR(conn, path, mode) ((conn)->vfs.ops.mkdir((conn)->vfs.handles.mkdir,(conn), (path), (mode)))
|
||||||
|
#define SMB_VFS_RMDIR(conn, path) ((conn)->vfs.ops.rmdir((conn)->vfs.handles.rmdir, (conn), (path)))
|
||||||
|
#define SMB_VFS_CLOSEDIR(conn, dir) ((conn)->vfs.ops.closedir((conn)->vfs.handles.closedir, (conn), dir))
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
#define SMB_VFS_OPEN(conn, fname, flags, mode) ((conn)->vfs.ops.open((conn)->vfs.handles.open, (conn), (fname), (flags), (mode)))
|
||||||
|
#define SMB_VFS_CLOSE(fsp, fd) ((fsp)->conn->vfs.ops.close((fsp)->conn->vfs.handles.close, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_READ(fsp, fd, data, n) ((fsp)->conn->vfs.ops.read((fsp)->conn->vfs.handles.read, (fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_WRITE(fsp, fd, data, n) ((fsp)->conn->vfs.ops.write((fsp)->conn->vfs.handles.write, (fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_LSEEK(fsp, fd, offset, whence) ((fsp)->conn->vfs.ops.lseek((fsp)->conn->vfs.handles.lseek, (fsp), (fd), (offset), (whence)))
|
||||||
|
#define SMB_VFS_SENDFILE(tofd, fsp, fromfd, header, offset, count) ((fsp)->conn->vfs.ops.sendfile((fsp)->conn->vfs.handles.sendfile, (tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||||
|
#define SMB_VFS_RENAME(conn, old, new) ((conn)->vfs.ops.rename((conn)->vfs.handles.rename, (conn), (old), (new)))
|
||||||
|
#define SMB_VFS_FSYNC(fsp, fd) ((fsp)->conn->vfs.ops.fsync((fsp)->conn->vfs.handles.fsync, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_STAT(conn, fname, sbuf) ((conn)->vfs.ops.stat((conn)->vfs.handles.stat, (conn), (fname), (sbuf)))
|
||||||
|
#define SMB_VFS_FSTAT(fsp, fd, sbuf) ((fsp)->conn->vfs.ops.fstat((fsp)->conn->vfs.handles.fstat, (fsp) ,(fd) ,(sbuf)))
|
||||||
|
#define SMB_VFS_LSTAT(conn, path, sbuf) ((conn)->vfs.ops.lstat((conn)->vfs.handles.lstat, (conn), (path), (sbuf)))
|
||||||
|
#define SMB_VFS_UNLINK(conn, path) ((conn)->vfs.ops.unlink((conn)->vfs.handles.unlink, (conn), (path)))
|
||||||
|
#define SMB_VFS_CHMOD(conn, path, mode) ((conn)->vfs.ops.chmod((conn)->vfs.handles.chmod, (conn), (path), (mode)))
|
||||||
|
#define SMB_VFS_FCHMOD(fsp, fd, mode) ((fsp)->conn->vfs.ops.fchmod((fsp)->conn->vfs.handles.fchmod, (fsp), (fd), (mode)))
|
||||||
|
#define SMB_VFS_CHOWN(conn, path, uid, gid) ((conn)->vfs.ops.chown((conn)->vfs.handles.chown, (conn), (path), (uid), (gid)))
|
||||||
|
#define SMB_VFS_FCHOWN(fsp, fd, uid, gid) ((fsp)->conn->vfs.ops.fchown((fsp)->conn->vfs.handles.fchown, (fsp), (fd), (uid), (gid)))
|
||||||
|
#define SMB_VFS_CHDIR(conn, path) ((conn)->vfs.ops.chdir((conn)->vfs.handles.chdir, (conn), (path)))
|
||||||
|
#define SMB_VFS_GETWD(conn, buf) ((conn)->vfs.ops.getwd((conn)->vfs.handles.getwd, (conn), (buf)))
|
||||||
|
#define SMB_VFS_UTIME(conn, path, times) ((conn)->vfs.ops.utime((conn)->vfs.handles.utime, (conn), (path), (times)))
|
||||||
|
#define SMB_VFS_FTRUNCATE(fsp, fd, offset) ((fsp)->conn->vfs.ops.ftruncate((fsp)->conn->vfs.handles.ftruncate, (fsp), (fd), (offset)))
|
||||||
|
#define SMB_VFS_LOCK(fsp, fd, op, offset, count, type) ((fsp)->conn->vfs.ops.lock((fsp)->conn->vfs.handles.lock, (fsp), (fd) ,(op), (offset), (count), (type)))
|
||||||
|
#define SMB_VFS_SYMLINK(conn, oldpath, newpath) ((conn)->vfs.ops.symlink((conn)->vfs.handles.symlink, (conn), (oldpath), (newpath)))
|
||||||
|
#define SMB_VFS_READLINK(conn, path, buf, bufsiz) ((conn)->vfs.ops.readlink((conn)->vfs.handles.readlink, (conn), (path), (buf), (bufsiz)))
|
||||||
|
#define SMB_VFS_LINK(conn, oldpath, newpath) ((conn)->vfs.ops.link((conn)->vfs.handles.link, (conn), (oldpath), (newpath)))
|
||||||
|
#define SMB_VFS_MKNOD(conn, path, mode, dev) ((conn)->vfs.ops.mknod((conn)->vfs.handles.mknod, (conn), (path), (mode), (dev)))
|
||||||
|
#define SMB_VFS_REALPATH(conn, path, resolved_path) ((conn)->vfs.ops.realpath((conn)->vfs.handles.realpath, (conn), (path), (resolved_path)))
|
||||||
|
|
||||||
|
/* NT ACL operations. */
|
||||||
|
#define SMB_VFS_FGET_NT_ACL(fsp, fd, security_info, ppdesc) ((fsp)->conn->vfs.ops.fget_nt_acl((fsp)->conn->vfs.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
|
||||||
|
#define SMB_VFS_GET_NT_ACL(fsp, name, security_info, ppdesc) ((fsp)->conn->vfs.ops.get_nt_acl((fsp)->conn->vfs.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
|
||||||
|
#define SMB_VFS_FSET_NT_ACL(fsp, fd, security_info_sent, psd) ((fsp)->conn->vfs.ops.fset_nt_acl((fsp)->conn->vfs.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
|
||||||
|
#define SMB_VFS_SET_NT_ACL(fsp, name, security_info_sent, psd) ((fsp)->conn->vfs.ops.set_nt_acl((fsp)->conn->vfs.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
|
||||||
|
|
||||||
|
/* POSIX ACL operations. */
|
||||||
|
#define SMB_VFS_CHMOD_ACL(conn, name, mode) ((conn)->vfs.ops.chmod_acl((conn)->vfs.handles.chmod_acl, (conn), (name), (mode)))
|
||||||
|
#define SMB_VFS_FCHMOD_ACL(fsp, fd, mode) ((fsp)->conn->vfs.ops.fchmod_acl((fsp)->conn->vfs.handles.chmod_acl, (fsp), (fd), (mode)))
|
||||||
|
|
||||||
|
#define SMB_VFS_SYS_ACL_GET_ENTRY(conn, theacl, entry_id, entry_p) ((conn)->vfs.ops.sys_acl_get_entry((conn)->vfs.handles.sys_acl_get_entry, (conn), (theacl), (entry_id), (entry_p)))
|
||||||
|
#define SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry_d, tag_type_p) ((conn)->vfs.ops.sys_acl_get_tag_type((conn)->vfs.handles.sys_acl_get_tag_type, (conn), (entry_d), (tag_type_p)))
|
||||||
|
#define SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry_d, permset_p) ((conn)->vfs.ops.sys_acl_get_permset((conn)->vfs.handles.sys_acl_get_permset, (conn), (entry_d), (permset_p)))
|
||||||
|
#define SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry_d) ((conn)->vfs.ops.sys_acl_get_qualifier((conn)->vfs.handles.sys_acl_get_qualifier, (conn), (entry_d)))
|
||||||
|
#define SMB_VFS_SYS_ACL_GET_FILE(conn, path_p, type) ((conn)->vfs.ops.sys_acl_get_file((conn)->vfs.handles.sys_acl_get_file, (conn), (path_p), (type)))
|
||||||
|
#define SMB_VFS_SYS_ACL_GET_FD(fsp, fd) ((fsp)->conn->vfs.ops.sys_acl_get_fd((fsp)->conn->vfs.handles.sys_acl_get_fd, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_SYS_ACL_CLEAR_PERMS(conn, permset) ((conn)->vfs.ops.sys_acl_clear_perms((conn)->vfs.handles.sys_acl_clear_perms, (conn), (permset)))
|
||||||
|
#define SMB_VFS_SYS_ACL_ADD_PERM(conn, permset, perm) ((conn)->vfs.ops.sys_acl_add_perm((conn)->vfs.handles.sys_acl_add_perm, (conn), (permset), (perm)))
|
||||||
|
#define SMB_VFS_SYS_ACL_TO_TEXT(conn, theacl, plen) ((conn)->vfs.ops.sys_acl_to_text((conn)->vfs.handles.sys_acl_to_text, (conn), (theacl), (plen)))
|
||||||
|
#define SMB_VFS_SYS_ACL_INIT(conn, count) ((conn)->vfs.ops.sys_acl_init((conn)->vfs.handles.sys_acl_init, (conn), (count)))
|
||||||
|
#define SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, pacl, pentry) ((conn)->vfs.ops.sys_acl_create_entry((conn)->vfs.handles.sys_acl_create_entry, (conn), (pacl), (pentry)))
|
||||||
|
#define SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, entry, tagtype) ((conn)->vfs.ops.sys_acl_set_tag_type((conn)->vfs.handles.sys_acl_set_tag_type, (conn), (entry), (tagtype)))
|
||||||
|
#define SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, entry, qual) ((conn)->vfs.ops.sys_acl_set_qualifier((conn)->vfs.handles.sys_acl_set_qualifier, (conn), (entry), (qual)))
|
||||||
|
#define SMB_VFS_SYS_ACL_SET_PERMSET(conn, entry, permset) ((conn)->vfs.ops.sys_acl_set_permset((conn)->vfs.handles.sys_acl_set_permset, (conn), (entry), (permset)))
|
||||||
|
#define SMB_VFS_SYS_ACL_VALID(conn, theacl) ((conn)->vfs.ops.sys_acl_valid((conn)->vfs.handles.sys_acl_valid, (conn), (theacl)))
|
||||||
|
#define SMB_VFS_SYS_ACL_SET_FILE(conn, name, acltype, theacl) ((conn)->vfs.ops.sys_acl_set_file((conn)->vfs.handles.sys_acl_set_file, (conn), (name), (acltype), (theacl)))
|
||||||
|
#define SMB_VFS_SYS_ACL_SET_FD(fsp, fd, theacl) ((fsp)->conn->vfs.ops.sys_acl_set_fd((fsp)->conn->vfs.handles.sys_acl_set_fd, (fsp), (fd), (theacl)))
|
||||||
|
#define SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, path) ((conn)->vfs.ops.sys_acl_delete_def_file((conn)->vfs.handles.sys_acl_delete_def_file, (conn), (path)))
|
||||||
|
#define SMB_VFS_SYS_ACL_GET_PERM(conn, permset, perm) ((conn)->vfs.ops.sys_acl_get_perm((conn)->vfs.handles.sys_acl_get_perm, (conn), (permset), (perm)))
|
||||||
|
#define SMB_VFS_SYS_ACL_FREE_TEXT(conn, text) ((conn)->vfs.ops.sys_acl_free_text((conn)->vfs.handles.sys_acl_free_text, (conn), (text)))
|
||||||
|
#define SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl) ((conn)->vfs.ops.sys_acl_free_acl((conn)->vfs.handles.sys_acl_free_acl, (conn), (posix_acl)))
|
||||||
|
#define SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, qualifier, tagtype) ((conn)->vfs.ops.sys_acl_free_qualifier((conn)->vfs.handles.sys_acl_free_qualifier, (conn), (qualifier), (tagtype)))
|
||||||
|
|
||||||
|
/* EA operations. */
|
||||||
|
#define SMB_VFS_GETXATTR(conn,path,name,value,size) ((conn)->vfs.ops.getxattr((conn)->vfs.handles.getxattr,(conn),(path),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_LGETXATTR(conn,path,name,value,size) ((conn)->vfs.ops.lgetxattr((conn)->vfs.handles.lgetxattr,(conn),(path),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_FGETXATTR(fsp,fd,name,value,size) ((fsp)->conn->vfs.ops.fgetxattr((fsp)->conn->vfs.handles.fgetxattr,(fsp),(fd),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_LISTXATTR(conn,path,list,size) ((conn)->vfs.ops.listxattr((conn)->vfs.handles.listxattr,(conn),(path),(list),(size)))
|
||||||
|
#define SMB_VFS_LLISTXATTR(conn,path,list,size) ((conn)->vfs.ops.llistxattr((conn)->vfs.handles.llistxattr,(conn),(path),(list),(size)))
|
||||||
|
#define SMB_VFS_FLISTXATTR(fsp,fd,list,size) ((fsp)->conn->vfs.ops.flistxattr((fsp)->conn->vfs.handles.flistxattr,(fsp),(fd),(list),(size)))
|
||||||
|
#define SMB_VFS_REMOVEXATTR(conn,path,name) ((conn)->vfs.ops.removexattr((conn)->vfs.handles.removexattr,(conn),(path),(name)))
|
||||||
|
#define SMB_VFS_LREMOVEXATTR(conn,path,name) ((conn)->vfs.ops.lremovexattr((conn)->vfs.handles.lremovexattr,(conn),(path),(name)))
|
||||||
|
#define SMB_VFS_FREMOVEXATTR(fsp,fd,name) ((fsp)->conn->vfs.ops.fremovexattr((fsp)->conn->vfs.handles.fremovexattr,(fsp),(fd),(name)))
|
||||||
|
#define SMB_VFS_SETXATTR(conn,path,name,value,size,flags) ((conn)->vfs.ops.setxattr((conn)->vfs.handles.setxattr,(conn),(path),(name),(value),(size),(flags)))
|
||||||
|
#define SMB_VFS_LSETXATTR(conn,path,name,value,size,flags) ((conn)->vfs.ops.lsetxattr((conn)->vfs.handles.lsetxattr,(conn),(path),(name),(value),(size),(flags)))
|
||||||
|
#define SMB_VFS_FSETXATTR(fsp,fd,name,value,size,flags) ((fsp)->conn->vfs.ops.fsetxattr((fsp)->conn->vfs.handles.fsetxattr,(fsp),(fd),(name),(value),(size),(flags)))
|
||||||
|
|
||||||
|
/*******************************************************************
|
||||||
|
Don't access conn->vfs_opaque.ops directly!!!
|
||||||
|
Use this macros!
|
||||||
|
(Fixes should also go into the vfs_* and vfs_next_* macros!)
|
||||||
|
********************************************************************/
|
||||||
|
|
||||||
|
/* Disk operations */
|
||||||
|
#define SMB_VFS_OPAQUE_CONNECT(conn, service, user) ((conn)->vfs_opaque.ops.connect((conn)->vfs_opaque.handles.connect, (conn), (service), (user)))
|
||||||
|
#define SMB_VFS_OPAQUE_DISCONNECT(conn) ((conn)->vfs_opaque.ops.disconnect((conn)->vfs_opaque.handles.disconnect, (conn)))
|
||||||
|
#define SMB_VFS_OPAQUE_DISK_FREE(conn, path, small_query, bsize, dfree ,dsize) ((conn)->vfs_opaque.ops.disk_free((conn)->vfs_opaque.handles.disk_free, (conn), (path), (small_query), (bsize), (dfree), (dsize)))
|
||||||
|
#define SMB_VFS_OPAQUE_GET_QUOTA(conn, qtype, id, qt) ((conn)->vfs_opaque.ops.get_quota((conn)->vfs_opaque.handles.get_quota, (conn), (qtype), (id), (qt)))
|
||||||
|
#define SMB_VFS_OPAQUE_SET_QUOTA(conn, qtype, id, qt) ((conn)->vfs_opaque.ops.set_quota((conn)->vfs_opaque.handles.set_quota, (conn), (qtype), (id), (qt)))
|
||||||
|
|
||||||
|
/* Directory operations */
|
||||||
|
#define SMB_VFS_OPAQUE_OPENDIR(conn, fname) ((conn)->vfs_opaque.ops.opendir((conn)->vfs_opaque.handles.opendir, (conn), (fname)))
|
||||||
|
#define SMB_VFS_OPAQUE_READDIR(conn, dirp) ((conn)->vfs_opaque.ops.readdir((conn)->vfs_opaque.handles.readdir, (conn), (dirp)))
|
||||||
|
#define SMB_VFS_OPAQUE_MKDIR(conn, path, mode) ((conn)->vfs_opaque.ops.mkdir((conn)->vfs_opaque.handles.mkdir,(conn), (path), (mode)))
|
||||||
|
#define SMB_VFS_OPAQUE_RMDIR(conn, path) ((conn)->vfs_opaque.ops.rmdir((conn)->vfs_opaque.handles.rmdir, (conn), (path)))
|
||||||
|
#define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)->vfs_opaque.ops.closedir((conn)->vfs_opaque.handles.closedir, (conn), dir))
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
#define SMB_VFS_OPAQUE_OPEN(conn, fname, flags, mode) ((conn)->vfs_opaque.ops.open((conn)->vfs_opaque.handles.open, (conn), (fname), (flags), (mode)))
|
||||||
|
#define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)->conn->vfs_opaque.ops.close((fsp)->conn->vfs_opaque.handles.close, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) ((fsp)->conn->vfs_opaque.ops.read((fsp)->conn->vfs_opaque.handles.read, (fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_OPAQUE_WRITE(fsp, fd, data, n) ((fsp)->conn->vfs_opaque.ops.write((fsp)->conn->vfs_opaque.handles.write, (fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_OPAQUE_LSEEK(fsp, fd, offset, whence) ((fsp)->conn->vfs_opaque.ops.lseek((fsp)->conn->vfs_opaque.handles.lseek, (fsp), (fd), (offset), (whence)))
|
||||||
|
#define SMB_VFS_OPAQUE_SENDFILE(tofd, fsp, fromfd, header, offset, count) ((fsp)->conn->vfs_opaque.ops.sendfile((fsp)->conn->vfs_opaque.handles.sendfile, (tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||||
|
#define SMB_VFS_OPAQUE_RENAME(conn, old, new) ((conn)->vfs_opaque.ops.rename((conn)->vfs_opaque.handles.rename, (conn), (old), (new)))
|
||||||
|
#define SMB_VFS_OPAQUE_FSYNC(fsp, fd) ((fsp)->conn->vfs_opaque.ops.fsync((fsp)->conn->vfs_opaque.handles.fsync, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_OPAQUE_STAT(conn, fname, sbuf) ((conn)->vfs_opaque.ops.stat((conn)->vfs_opaque.handles.stat, (conn), (fname), (sbuf)))
|
||||||
|
#define SMB_VFS_OPAQUE_FSTAT(fsp, fd, sbuf) ((fsp)->conn->vfs_opaque.ops.fstat((fsp)->conn->vfs_opaque.handles.fstat, (fsp) ,(fd) ,(sbuf)))
|
||||||
|
#define SMB_VFS_OPAQUE_LSTAT(conn, path, sbuf) ((conn)->vfs_opaque.ops.lstat((conn)->vfs_opaque.handles.lstat, (conn), (path), (sbuf)))
|
||||||
|
#define SMB_VFS_OPAQUE_UNLINK(conn, path) ((conn)->vfs_opaque.ops.unlink((conn)->vfs_opaque.handles.unlink, (conn), (path)))
|
||||||
|
#define SMB_VFS_OPAQUE_CHMOD(conn, path, mode) ((conn)->vfs_opaque.ops.chmod((conn)->vfs_opaque.handles.chmod, (conn), (path), (mode)))
|
||||||
|
#define SMB_VFS_OPAQUE_FCHMOD(fsp, fd, mode) ((fsp)->conn->vfs_opaque.ops.fchmod((fsp)->conn->vfs_opaque.handles.fchmod, (fsp), (fd), (mode)))
|
||||||
|
#define SMB_VFS_OPAQUE_CHOWN(conn, path, uid, gid) ((conn)->vfs_opaque.ops.chown((conn)->vfs_opaque.handles.chown, (conn), (path), (uid), (gid)))
|
||||||
|
#define SMB_VFS_OPAQUE_FCHOWN(fsp, fd, uid, gid) ((fsp)->conn->vfs_opaque.ops.fchown((fsp)->conn->vfs_opaque.handles.fchown, (fsp), (fd), (uid), (gid)))
|
||||||
|
#define SMB_VFS_OPAQUE_CHDIR(conn, path) ((conn)->vfs_opaque.ops.chdir((conn)->vfs_opaque.handles.chdir, (conn), (path)))
|
||||||
|
#define SMB_VFS_OPAQUE_GETWD(conn, buf) ((conn)->vfs_opaque.ops.getwd((conn)->vfs_opaque.handles.getwd, (conn), (buf)))
|
||||||
|
#define SMB_VFS_OPAQUE_UTIME(conn, path, times) ((conn)->vfs_opaque.ops.utime((conn)->vfs_opaque.handles.utime, (conn), (path), (times)))
|
||||||
|
#define SMB_VFS_OPAQUE_FTRUNCATE(fsp, fd, offset) ((fsp)->conn->vfs_opaque.ops.ftruncate((fsp)->conn->vfs_opaque.handles.ftruncate, (fsp), (fd), (offset)))
|
||||||
|
#define SMB_VFS_OPAQUE_LOCK(fsp, fd, op, offset, count, type) ((fsp)->conn->vfs_opaque.ops.lock((fsp)->conn->vfs_opaque.handles.lock, (fsp), (fd) ,(op), (offset), (count), (type)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYMLINK(conn, oldpath, newpath) ((conn)->vfs_opaque.ops.symlink((conn)->vfs_opaque.handles.symlink, (conn), (oldpath), (newpath)))
|
||||||
|
#define SMB_VFS_OPAQUE_READLINK(conn, path, buf, bufsiz) ((conn)->vfs_opaque.ops.readlink((conn)->vfs_opaque.handles.readlink, (conn), (path), (buf), (bufsiz)))
|
||||||
|
#define SMB_VFS_OPAQUE_LINK(conn, oldpath, newpath) ((conn)->vfs_opaque.ops.link((conn)->vfs_opaque.handles.link, (conn), (oldpath), (newpath)))
|
||||||
|
#define SMB_VFS_OPAQUE_MKNOD(conn, path, mode, dev) ((conn)->vfs_opaque.ops.mknod((conn)->vfs_opaque.handles.mknod, (conn), (path), (mode), (dev)))
|
||||||
|
#define SMB_VFS_OPAQUE_REALPATH(conn, path, resolved_path) ((conn)->vfs_opaque.ops.realpath((conn)->vfs_opaque.handles.realpath, (conn), (path), (resolved_path)))
|
||||||
|
|
||||||
|
/* NT ACL operations. */
|
||||||
|
#define SMB_VFS_OPAQUE_FGET_NT_ACL(fsp, fd, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.fget_nt_acl((fsp)->conn->vfs_opaque.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
|
||||||
|
#define SMB_VFS_OPAQUE_GET_NT_ACL(fsp, name, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.get_nt_acl((fsp)->conn->vfs_opaque.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
|
||||||
|
#define SMB_VFS_OPAQUE_FSET_NT_ACL(fsp, fd, security_info_sent, psd) ((fsp)->conn->vfs_opaque.ops.fset_nt_acl((fsp)->conn->vfs_opaque.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
|
||||||
|
#define SMB_VFS_OPAQUE_SET_NT_ACL(fsp, name, security_info_sent, psd) ((fsp)->conn->vfs_opaque.ops.set_nt_acl((fsp)->conn->vfs_opaque.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
|
||||||
|
|
||||||
|
/* POSIX ACL operations. */
|
||||||
|
#define SMB_VFS_OPAQUE_CHMOD_ACL(conn, name, mode) ((conn)->vfs_opaque.ops.chmod_acl((conn)->vfs_opaque.handles.chmod_acl, (conn), (name), (mode)))
|
||||||
|
#define SMB_VFS_OPAQUE_FCHMOD_ACL(fsp, fd, mode) ((fsp)->conn->vfs_opaque.ops.fchmod_acl((fsp)->conn->vfs_opaque.handles.chmod_acl, (fsp), (fd), (mode)))
|
||||||
|
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_GET_ENTRY(conn, theacl, entry_id, entry_p) ((conn)->vfs_opaque.ops.sys_acl_get_entry((conn)->vfs_opaque.handles.sys_acl_get_entry, (conn), (theacl), (entry_id), (entry_p)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_GET_TAG_TYPE(conn, entry_d, tag_type_p) ((conn)->vfs_opaque.ops.sys_acl_get_tag_type((conn)->vfs_opaque.handles.sys_acl_get_tag_type, (conn), (entry_d), (tag_type_p)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_GET_PERMSET(conn, entry_d, permset_p) ((conn)->vfs_opaque.ops.sys_acl_get_permset((conn)->vfs_opaque.handles.sys_acl_get_permset, (conn), (entry_d), (permset_p)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_GET_QUALIFIER(conn, entry_d) ((conn)->vfs_opaque.ops.sys_acl_get_qualifier((conn)->vfs_opaque.handles.sys_acl_get_qualifier, (conn), (entry_d)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_GET_FILE(conn, path_p, type) ((conn)->vfs_opaque.ops.sys_acl_get_file((conn)->vfs_opaque.handles.sys_acl_get_file, (conn), (path_p), (type)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_GET_FD(fsp, fd) ((fsp)->conn->vfs_opaque.ops.sys_acl_get_fd((fsp)->conn->vfs_opaque.handles.sys_acl_get_fd, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_CLEAR_PERMS(conn, permset) ((conn)->vfs_opaque.ops.sys_acl_clear_perms((conn)->vfs_opaque.handles.sys_acl_clear_perms, (conn), (permset)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_ADD_PERM(conn, permset, perm) ((conn)->vfs_opaque.ops.sys_acl_add_perm((conn)->vfs_opaque.handles.sys_acl_add_perm, (conn), (permset), (perm)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_TO_TEXT(conn, theacl, plen) ((conn)->vfs_opaque.ops.sys_acl_to_text((conn)->vfs_opaque.handles.sys_acl_to_text, (conn), (theacl), (plen)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_INIT(conn, count) ((conn)->vfs_opaque.ops.sys_acl_init((conn)->vfs_opaque.handles.sys_acl_init, (conn), (count)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_CREATE_ENTRY(conn, pacl, pentry) ((conn)->vfs_opaque.ops.sys_acl_create_entry((conn)->vfs_opaque.handles.sys_acl_create_entry, (conn), (pacl), (pentry)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_SET_TAG_TYPE(conn, entry, tagtype) ((conn)->vfs_opaque.ops.sys_acl_set_tag_type((conn)->vfs_opaque.handles.sys_acl_set_tag_type, (conn), (entry), (tagtype)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_SET_QUALIFIER(conn, entry, qual) ((conn)->vfs_opaque.ops.sys_acl_set_qualifier((conn)->vfs_opaque.handles.sys_acl_set_qualifier, (conn), (entry), (qual)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_SET_PERMSET(conn, entry, permset) ((conn)->vfs_opaque.ops.sys_acl_set_permset((conn)->vfs_opaque.handles.sys_acl_set_permset, (conn), (entry), (permset)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_VALID(conn, theacl) ((conn)->vfs_opaque.ops.sys_acl_valid((conn)->vfs_opaque.handles.sys_acl_valid, (conn), (theacl)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_SET_FILE(conn, name, acltype, theacl) ((conn)->vfs_opaque.ops.sys_acl_set_file((conn)->vfs_opaque.handles.sys_acl_set_file, (conn), (name), (acltype), (theacl)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_SET_FD(fsp, fd, theacl) ((fsp)->conn->vfs_opaque.ops.sys_acl_set_fd((fsp)->conn->vfs_opaque.handles.sys_acl_set_fd, (fsp), (fd), (theacl)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_DELETE_DEF_FILE(conn, path) ((conn)->vfs_opaque.ops.sys_acl_delete_def_file((conn)->vfs_opaque.handles.sys_acl_delete_def_file, (conn), (path)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_GET_PERM(conn, permset, perm) ((conn)->vfs_opaque.ops.sys_acl_get_perm((conn)->vfs_opaque.handles.sys_acl_get_perm, (conn), (permset), (perm)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_FREE_TEXT(conn, text) ((conn)->vfs_opaque.ops.sys_acl_free_text((conn)->vfs_opaque.handles.sys_acl_free_text, (conn), (text)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_FREE_ACL(conn, posix_acl) ((conn)->vfs_opaque.ops.sys_acl_free_acl((conn)->vfs_opaque.handles.sys_acl_free_acl, (conn), (posix_acl)))
|
||||||
|
#define SMB_VFS_OPAQUE_SYS_ACL_FREE_QUALIFIER(conn, qualifier, tagtype) ((conn)->vfs_opaque.ops.sys_acl_free_qualifier((conn)->vfs_opaque.handles.sys_acl_free_qualifier, (conn), (qualifier), (tagtype)))
|
||||||
|
|
||||||
|
/* EA operations. */
|
||||||
|
#define SMB_VFS_OPAQUE_GETXATTR(conn,path,name,value,size) ((conn)->vfs_opaque.ops.getxattr((conn)->vfs_opaque.handles.getxattr,(conn),(path),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_OPAQUE_LGETXATTR(conn,path,name,value,size) ((conn)->vfs_opaque.ops.lgetxattr((conn)->vfs_opaque.handles.lgetxattr,(conn),(path),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_OPAQUE_FGETXATTR(fsp,fd,name,value,size) ((fsp)->conn->vfs_opaque.ops.fgetxattr((fsp)->conn->vfs_opaque.handles.fgetxattr,(fsp),(fd),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_OPAQUE_LISTXATTR(conn,path,list,size) ((conn)->vfs_opaque.ops.listxattr((conn)->vfs_opaque.handles.listxattr,(conn),(path),(list),(size)))
|
||||||
|
#define SMB_VFS_OPAQUE_LLISTXATTR(conn,path,list,size) ((conn)->vfs_opaque.ops.llistxattr((conn)->vfs_opaque.handles.llistxattr,(conn),(path),(list),(size)))
|
||||||
|
#define SMB_VFS_OPAQUE_FLISTXATTR(fsp,fd,list,size) ((fsp)->conn->vfs_opaque.ops.flistxattr((fsp)->conn->vfs_opaque.handles.flistxattr,(fsp),(fd),(list),(size)))
|
||||||
|
#define SMB_VFS_OPAQUE_REMOVEXATTR(conn,path,name) ((conn)->vfs_opaque.ops.removexattr((conn)->vfs_opaque.handles.removexattr,(conn),(path),(name)))
|
||||||
|
#define SMB_VFS_OPAQUE_LREMOVEXATTR(conn,path,name) ((conn)->vfs_opaque.ops.lremovexattr((conn)->vfs_opaque.handles.lremovexattr,(conn),(path),(name)))
|
||||||
|
#define SMB_VFS_OPAQUE_FREMOVEXATTR(fsp,fd,name) ((fsp)->conn->vfs_opaque.ops.fremovexattr((fsp)->conn->vfs_opaque.handles.fremovexattr,(fsp),(fd),(name)))
|
||||||
|
#define SMB_VFS_OPAQUE_SETXATTR(conn,path,name,value,size,flags) ((conn)->vfs_opaque.ops.setxattr((conn)->vfs_opaque.handles.setxattr,(conn),(path),(name),(value),(size),(flags)))
|
||||||
|
#define SMB_VFS_OPAQUE_LSETXATTR(conn,path,name,value,size,flags) ((conn)->vfs_opaque.ops.lsetxattr((conn)->vfs_opaque.handles.lsetxattr,(conn),(path),(name),(value),(size),(flags)))
|
||||||
|
#define SMB_VFS_OPAQUE_FSETXATTR(fsp,fd,name,value,size,flags) ((fsp)->conn->vfs_opaque.ops.fsetxattr((fsp)->conn->vfs_opaque.handles.fsetxattr,(fsp),(fd),(name),(value),(size),(flags)))
|
||||||
|
|
||||||
|
/*******************************************************************
|
||||||
|
Don't access handle->vfs_next.ops.* directly!!!
|
||||||
|
Use this macros!
|
||||||
|
(Fixes should go also into the vfs_* and vfs_opaque_* macros!)
|
||||||
|
********************************************************************/
|
||||||
|
|
||||||
|
/* Disk operations */
|
||||||
|
#define SMB_VFS_NEXT_CONNECT(handle, conn, service, user) ((handle)->vfs_next.ops.connect((handle)->vfs_next.handles.connect, (conn), (service), (user)))
|
||||||
|
#define SMB_VFS_NEXT_DISCONNECT(handle, conn) ((handle)->vfs_next.ops.disconnect((handle)->vfs_next.handles.disconnect, (conn)))
|
||||||
|
#define SMB_VFS_NEXT_DISK_FREE(handle, conn, path, small_query, bsize, dfree ,dsize) ((handle)->vfs_next.ops.disk_free((handle)->vfs_next.handles.disk_free, (conn), (path), (small_query), (bsize), (dfree), (dsize)))
|
||||||
|
#define SMB_VFS_NEXT_GET_QUOTA(handle, conn, qtype, id, qt) ((handle)->vfs_next.ops.get_quota((handle)->vfs_next.handles.get_quota, (conn), (qtype), (id), (qt)))
|
||||||
|
#define SMB_VFS_NEXT_SET_QUOTA(handle, conn, qtype, id, qt) ((handle)->vfs_next.ops.set_quota((handle)->vfs_next.handles.set_quota, (conn), (qtype), (id), (qt)))
|
||||||
|
|
||||||
|
/* Directory operations */
|
||||||
|
#define SMB_VFS_NEXT_OPENDIR(handle, conn, fname) ((handle)->vfs_next.ops.opendir((handle)->vfs_next.handles.opendir, (conn), (fname)))
|
||||||
|
#define SMB_VFS_NEXT_READDIR(handle, conn, dirp) ((handle)->vfs_next.ops.readdir((handle)->vfs_next.handles.readdir, (conn), (dirp)))
|
||||||
|
#define SMB_VFS_NEXT_MKDIR(handle, conn, path, mode) ((handle)->vfs_next.ops.mkdir((handle)->vfs_next.handles.mkdir,(conn), (path), (mode)))
|
||||||
|
#define SMB_VFS_NEXT_RMDIR(handle, conn, path) ((handle)->vfs_next.ops.rmdir((handle)->vfs_next.handles.rmdir, (conn), (path)))
|
||||||
|
#define SMB_VFS_NEXT_CLOSEDIR(handle, conn, dir) ((handle)->vfs_next.ops.closedir((handle)->vfs_next.handles.closedir, (conn), dir))
|
||||||
|
|
||||||
|
/* File operations */
|
||||||
|
#define SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode) ((handle)->vfs_next.ops.open((handle)->vfs_next.handles.open, (conn), (fname), (flags), (mode)))
|
||||||
|
#define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)->vfs_next.ops.close((handle)->vfs_next.handles.close, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) ((handle)->vfs_next.ops.read((handle)->vfs_next.handles.read, (fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n) ((handle)->vfs_next.ops.write((handle)->vfs_next.handles.write, (fsp), (fd), (data), (n)))
|
||||||
|
#define SMB_VFS_NEXT_LSEEK(handle, fsp, fd, offset, whence) ((handle)->vfs_next.ops.lseek((handle)->vfs_next.handles.lseek, (fsp), (fd), (offset), (whence)))
|
||||||
|
#define SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, header, offset, count) ((handle)->vfs_next.ops.sendfile((handle)->vfs_next.handles.sendfile, (tofd), (fsp), (fromfd), (header), (offset), (count)))
|
||||||
|
#define SMB_VFS_NEXT_RENAME(handle, conn, old, new) ((handle)->vfs_next.ops.rename((handle)->vfs_next.handles.rename, (conn), (old), (new)))
|
||||||
|
#define SMB_VFS_NEXT_FSYNC(handle, fsp, fd) ((handle)->vfs_next.ops.fsync((handle)->vfs_next.handles.fsync, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_NEXT_STAT(handle, conn, fname, sbuf) ((handle)->vfs_next.ops.stat((handle)->vfs_next.handles.stat, (conn), (fname), (sbuf)))
|
||||||
|
#define SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf) ((handle)->vfs_next.ops.fstat((handle)->vfs_next.handles.fstat, (fsp) ,(fd) ,(sbuf)))
|
||||||
|
#define SMB_VFS_NEXT_LSTAT(handle, conn, path, sbuf) ((handle)->vfs_next.ops.lstat((handle)->vfs_next.handles.lstat, (conn), (path), (sbuf)))
|
||||||
|
#define SMB_VFS_NEXT_UNLINK(handle, conn, path) ((handle)->vfs_next.ops.unlink((handle)->vfs_next.handles.unlink, (conn), (path)))
|
||||||
|
#define SMB_VFS_NEXT_CHMOD(handle, conn, path, mode) ((handle)->vfs_next.ops.chmod((handle)->vfs_next.handles.chmod, (conn), (path), (mode)))
|
||||||
|
#define SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode) ((handle)->vfs_next.ops.fchmod((handle)->vfs_next.handles.fchmod, (fsp), (fd), (mode)))
|
||||||
|
#define SMB_VFS_NEXT_CHOWN(handle, conn, path, uid, gid) ((handle)->vfs_next.ops.chown((handle)->vfs_next.handles.chown, (conn), (path), (uid), (gid)))
|
||||||
|
#define SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid) ((handle)->vfs_next.ops.fchown((handle)->vfs_next.handles.fchown, (fsp), (fd), (uid), (gid)))
|
||||||
|
#define SMB_VFS_NEXT_CHDIR(handle, conn, path) ((handle)->vfs_next.ops.chdir((handle)->vfs_next.handles.chdir, (conn), (path)))
|
||||||
|
#define SMB_VFS_NEXT_GETWD(handle, conn, buf) ((handle)->vfs_next.ops.getwd((handle)->vfs_next.handles.getwd, (conn), (buf)))
|
||||||
|
#define SMB_VFS_NEXT_UTIME(handle, conn, path, times) ((handle)->vfs_next.ops.utime((handle)->vfs_next.handles.utime, (conn), (path), (times)))
|
||||||
|
#define SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, offset) ((handle)->vfs_next.ops.ftruncate((handle)->vfs_next.handles.ftruncate, (fsp), (fd), (offset)))
|
||||||
|
#define SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type) ((handle)->vfs_next.ops.lock((handle)->vfs_next.handles.lock, (fsp), (fd) ,(op), (offset), (count), (type)))
|
||||||
|
#define SMB_VFS_NEXT_SYMLINK(handle, conn, oldpath, newpath) ((handle)->vfs_next.ops.symlink((handle)->vfs_next.handles.symlink, (conn), (oldpath), (newpath)))
|
||||||
|
#define SMB_VFS_NEXT_READLINK(handle, conn, path, buf, bufsiz) ((handle)->vfs_next.ops.readlink((handle)->vfs_next.handles.readlink, (conn), (path), (buf), (bufsiz)))
|
||||||
|
#define SMB_VFS_NEXT_LINK(handle, conn, oldpath, newpath) ((handle)->vfs_next.ops.link((handle)->vfs_next.handles.link, (conn), (oldpath), (newpath)))
|
||||||
|
#define SMB_VFS_NEXT_MKNOD(handle, conn, path, mode, dev) ((handle)->vfs_next.ops.mknod((handle)->vfs_next.handles.mknod, (conn), (path), (mode), (dev)))
|
||||||
|
#define SMB_VFS_NEXT_REALPATH(handle, conn, path, resolved_path) ((handle)->vfs_next.ops.realpath((handle)->vfs_next.handles.realpath, (conn), (path), (resolved_path)))
|
||||||
|
|
||||||
|
/* NT ACL operations. */
|
||||||
|
#define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info, ppdesc) ((handle)->vfs_next.ops.fget_nt_acl((handle)->vfs_next.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
|
||||||
|
#define SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, ppdesc) ((handle)->vfs_next.ops.get_nt_acl((handle)->vfs_next.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
|
||||||
|
#define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent, psd) ((handle)->vfs_next.ops.fset_nt_acl((handle)->vfs_next.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
|
||||||
|
#define SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, psd) ((handle)->vfs_next.ops.set_nt_acl((handle)->vfs_next.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
|
||||||
|
|
||||||
|
/* POSIX ACL operations. */
|
||||||
|
#define SMB_VFS_NEXT_CHMOD_ACL(handle, conn, name, mode) ((handle)->vfs_next.ops.chmod_acl((handle)->vfs_next.handles.chmod_acl, (conn), (name), (mode)))
|
||||||
|
#define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode) ((handle)->vfs_next.ops.fchmod_acl((handle)->vfs_next.handles.chmod_acl, (fsp), (fd), (mode)))
|
||||||
|
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, conn, theacl, entry_id, entry_p) ((handle)->vfs_next.ops.sys_acl_get_entry((handle)->vfs_next.handles.sys_acl_get_entry, (conn), (theacl), (entry_id), (entry_p)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, conn, entry_d, tag_type_p) ((handle)->vfs_next.ops.sys_acl_get_tag_type((handle)->vfs_next.handles.sys_acl_get_tag_type, (conn), (entry_d), (tag_type_p)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, conn, entry_d, permset_p) ((handle)->vfs_next.ops.sys_acl_get_permset((handle)->vfs_next.handles.sys_acl_get_permset, (conn), (entry_d), (permset_p)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, conn, entry_d) ((handle)->vfs_next.ops.sys_acl_get_qualifier((handle)->vfs_next.handles.sys_acl_get_qualifier, (conn), (entry_d)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, conn, path_p, type) ((handle)->vfs_next.ops.sys_acl_get_file((handle)->vfs_next.handles.sys_acl_get_file, (conn), (path_p), (type)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd) ((handle)->vfs_next.ops.sys_acl_get_fd((handle)->vfs_next.handles.sys_acl_get_fd, (fsp), (fd)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, conn, permset) ((handle)->vfs_next.ops.sys_acl_clear_perms((handle)->vfs_next.handles.sys_acl_clear_perms, (conn), (permset)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, conn, permset, perm) ((handle)->vfs_next.ops.sys_acl_add_perm((handle)->vfs_next.handles.sys_acl_add_perm, (conn), (permset), (perm)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, conn, theacl, plen) ((handle)->vfs_next.ops.sys_acl_to_text((handle)->vfs_next.handles.sys_acl_to_text, (conn), (theacl), (plen)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_INIT(handle, conn, count) ((handle)->vfs_next.ops.sys_acl_init((handle)->vfs_next.handles.sys_acl_init, (conn), (count)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, conn, pacl, pentry) ((handle)->vfs_next.ops.sys_acl_create_entry((handle)->vfs_next.handles.sys_acl_create_entry, (conn), (pacl), (pentry)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, conn, entry, tagtype) ((handle)->vfs_next.ops.sys_acl_set_tag_type((handle)->vfs_next.handles.sys_acl_set_tag_type, (conn), (entry), (tagtype)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, conn, entry, qual) ((handle)->vfs_next.ops.sys_acl_set_qualifier((handle)->vfs_next.handles.sys_acl_set_qualifier, (conn), (entry), (qual)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, conn, entry, permset) ((handle)->vfs_next.ops.sys_acl_set_permset((handle)->vfs_next.handles.sys_acl_set_permset, (conn), (entry), (permset)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_VALID(handle, conn, theacl) ((handle)->vfs_next.ops.sys_acl_valid((handle)->vfs_next.handles.sys_acl_valid, (conn), (theacl)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, conn, name, acltype, theacl) ((handle)->vfs_next.ops.sys_acl_set_file((handle)->vfs_next.handles.sys_acl_set_file, (conn), (name), (acltype), (theacl)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl) ((handle)->vfs_next.ops.sys_acl_set_fd((handle)->vfs_next.handles.sys_acl_set_fd, (fsp), (fd), (theacl)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, conn, path) ((handle)->vfs_next.ops.sys_acl_delete_def_file((handle)->vfs_next.handles.sys_acl_delete_def_file, (conn), (path)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, conn, permset, perm) ((handle)->vfs_next.ops.sys_acl_get_perm((handle)->vfs_next.handles.sys_acl_get_perm, (conn), (permset), (perm)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, conn, text) ((handle)->vfs_next.ops.sys_acl_free_text((handle)->vfs_next.handles.sys_acl_free_text, (conn), (text)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, conn, posix_acl) ((handle)->vfs_next.ops.sys_acl_free_acl((handle)->vfs_next.handles.sys_acl_free_acl, (conn), (posix_acl)))
|
||||||
|
#define SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, conn, qualifier, tagtype) ((handle)->vfs_next.ops.sys_acl_free_qualifier((handle)->vfs_next.handles.sys_acl_free_qualifier, (conn), (qualifier), (tagtype)))
|
||||||
|
|
||||||
|
/* EA operations. */
|
||||||
|
#define SMB_VFS_NEXT_GETXATTR(handle,conn,path,name,value,size) ((handle)->vfs_next.ops.getxattr((handle)->vfs_next.handles.getxattr,(conn),(path),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_NEXT_LGETXATTR(handle,conn,path,name,value,size) ((handle)->vfs_next.ops.lgetxattr((handle)->vfs_next.handles.lgetxattr,(conn),(path),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_NEXT_FGETXATTR(handle,fsp,fd,name,value,size) ((handle)->vfs_next.ops.fgetxattr((handle)->vfs_next.handles.fgetxattr,(fsp),(fd),(name),(value),(size)))
|
||||||
|
#define SMB_VFS_NEXT_LISTXATTR(handle,conn,path,list,size) ((handle)->vfs_next.ops.listxattr((handle)->vfs_next.handles.listxattr,(conn),(path),(list),(size)))
|
||||||
|
#define SMB_VFS_NEXT_LLISTXATTR(handle,conn,path,list,size) ((handle)->vfs_next.ops.llistxattr((handle)->vfs_next.handles.llistxattr,(conn),(path),(list),(size)))
|
||||||
|
#define SMB_VFS_NEXT_FLISTXATTR(handle,fsp,fd,list,size) ((handle)->vfs_next.ops.flistxattr((handle)->vfs_next.handles.flistxattr,(fsp),(fd),(list),(size)))
|
||||||
|
#define SMB_VFS_NEXT_REMOVEXATTR(handle,conn,path,name) ((handle)->vfs_next.ops.removexattr((handle)->vfs_next.handles.removexattr,(conn),(path),(name)))
|
||||||
|
#define SMB_VFS_NEXT_LREMOVEXATTR(handle,conn,path,name) ((handle)->vfs_next.ops.lremovexattr((handle)->vfs_next.handles.lremovexattr,(conn),(path),(name)))
|
||||||
|
#define SMB_VFS_NEXT_FREMOVEXATTR(handle,fsp,fd,name) ((handle)->vfs_next.ops.fremovexattr((handle)->vfs_next.handles.fremovexattr,(fsp),(fd),(name)))
|
||||||
|
#define SMB_VFS_NEXT_SETXATTR(handle,conn,path,name,value,size,flags) ((handle)->vfs_next.ops.setxattr((handle)->vfs_next.handles.setxattr,(conn),(path),(name),(value),(size),(flags)))
|
||||||
|
#define SMB_VFS_NEXT_LSETXATTR(handle,conn,path,name,value,size,flags) ((handle)->vfs_next.ops.lsetxattr((handle)->vfs_next.handles.lsetxattr,(conn),(path),(name),(value),(size),(flags)))
|
||||||
|
#define SMB_VFS_NEXT_FSETXATTR(handle,fsp,fd,name,value,size,flags) ((handle)->vfs_next.ops.fsetxattr((handle)->vfs_next.handles.fsetxattr,(fsp),(fd),(name),(value),(size),(flags)))
|
||||||
|
|
||||||
|
#endif /* _VFS_MACROS_H */
|
0
source3/intl/libgettext.h
Normal file
0
source3/intl/libgettext.h
Normal file
1262
source3/lib/smbldap.c
Normal file
1262
source3/lib/smbldap.c
Normal file
File diff suppressed because it is too large
Load Diff
963
source3/lib/sysquotas.c
Normal file
963
source3/lib/sysquotas.c
Normal file
@ -0,0 +1,963 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
System QUOTA function wrappers
|
||||||
|
Copyright (C) Stefan (metze) Metzmacher 2003
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef AUTOCONF_TEST
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
#ifdef HAVE_SYS_QUOTAS
|
||||||
|
|
||||||
|
#if defined(HAVE_QUOTACTL_4A)
|
||||||
|
/* long quotactl(int cmd, char *special, qid_t id, caddr_t addr) */
|
||||||
|
/* this is used by: linux,HPUX,IRIX */
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
Abstract out the old and new Linux quota get calls.
|
||||||
|
****************************************************************************/
|
||||||
|
static int sys_get_vfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
uint32 qflags = 0;
|
||||||
|
struct SYS_DQBLK D;
|
||||||
|
SMB_BIG_UINT bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
|
||||||
|
|
||||||
|
if (!path||!bdev||!dp)
|
||||||
|
smb_panic("sys_get_vfs_quota: called with NULL pointer");
|
||||||
|
|
||||||
|
ZERO_STRUCT(D);
|
||||||
|
ZERO_STRUCT(*dp);
|
||||||
|
dp->qtype = qtype;
|
||||||
|
|
||||||
|
switch (qtype) {
|
||||||
|
case SMB_USER_QUOTA_TYPE:
|
||||||
|
/* we use id.uid == 0 for default quotas */
|
||||||
|
if (id.uid == 0) {
|
||||||
|
ret = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), bdev, id.uid, (CADDR_T)&D))) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((D.dqb_curblocks==0)&&
|
||||||
|
(D.dqb_bsoftlimit==0)&&
|
||||||
|
(D.dqb_bhardlimit==0)) {
|
||||||
|
/* the upper layer functions don't want empty quota records...*/
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
#ifdef HAVE_GROUP_QUOTA
|
||||||
|
case SMB_GROUP_QUOTA_TYPE:
|
||||||
|
if ((ret = quotactl(QCMD(Q_GETQUOTA,GRPQUOTA), bdev, id.gid, (CADDR_T)&D))) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((D.dqb_curblocks==0)&&
|
||||||
|
(D.dqb_bsoftlimit==0)&&
|
||||||
|
(D.dqb_bhardlimit==0)) {
|
||||||
|
/* the upper layer functions don't want empty quota records...*/
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
#endif /* HAVE_GROUP_QUOTA */
|
||||||
|
case SMB_USER_FS_QUOTA_TYPE:
|
||||||
|
id.uid = getuid();
|
||||||
|
|
||||||
|
if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), bdev, id.uid, (CADDR_T)&D))==0) {
|
||||||
|
qflags |= QUOTAS_DENY_DISK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* get the default quotas stored in the root's (uid =0) record */
|
||||||
|
if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), bdev, 0, (CADDR_T)&D))) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
dp->bsize = bsize;
|
||||||
|
dp->softlimit = (SMB_BIG_UINT)D.dqb_bsoftlimit;
|
||||||
|
dp->hardlimit = (SMB_BIG_UINT)D.dqb_bhardlimit;
|
||||||
|
dp->ihardlimit = (SMB_BIG_UINT)D.dqb_ihardlimit;
|
||||||
|
dp->isoftlimit = (SMB_BIG_UINT)D.dqb_isoftlimit;
|
||||||
|
dp->curinodes = (SMB_BIG_UINT)D.dqb_curinodes;
|
||||||
|
dp->curblocks = (SMB_BIG_UINT)D.dqb_curblocks;
|
||||||
|
|
||||||
|
|
||||||
|
dp->qflags = qflags;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
Abstract out the old and new Linux quota set calls.
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
|
static int sys_set_vfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
uint32 qflags = 0;
|
||||||
|
struct SYS_DQBLK D;
|
||||||
|
SMB_BIG_UINT bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
|
||||||
|
|
||||||
|
if (!path||!bdev||!dp)
|
||||||
|
smb_panic("sys_set_vfs_quota: called with NULL pointer");
|
||||||
|
|
||||||
|
ZERO_STRUCT(D);
|
||||||
|
|
||||||
|
if (bsize == dp->bsize) {
|
||||||
|
D.dqb_bsoftlimit = dp->softlimit;
|
||||||
|
D.dqb_bhardlimit = dp->hardlimit;
|
||||||
|
D.dqb_ihardlimit = dp->ihardlimit;
|
||||||
|
D.dqb_isoftlimit = dp->isoftlimit;
|
||||||
|
} else {
|
||||||
|
D.dqb_bsoftlimit = (dp->softlimit*dp->bsize)/bsize;
|
||||||
|
D.dqb_bhardlimit = (dp->hardlimit*dp->bsize)/bsize;
|
||||||
|
D.dqb_ihardlimit = (dp->ihardlimit*dp->bsize)/bsize;
|
||||||
|
D.dqb_isoftlimit = (dp->isoftlimit*dp->bsize)/bsize;
|
||||||
|
}
|
||||||
|
|
||||||
|
qflags = dp->qflags;
|
||||||
|
|
||||||
|
switch (qtype) {
|
||||||
|
case SMB_USER_QUOTA_TYPE:
|
||||||
|
/* we use id.uid == 0 for default quotas */
|
||||||
|
if (id.uid>0) {
|
||||||
|
ret = quotactl(QCMD(Q_SETQLIM,USRQUOTA), bdev, id.uid, (CADDR_T)&D);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
#ifdef HAVE_GROUP_QUOTA
|
||||||
|
case SMB_GROUP_QUOTA_TYPE:
|
||||||
|
ret = quotactl(QCMD(Q_SETQLIM,GRPQUOTA), bdev, id.gid, (CADDR_T)&D);
|
||||||
|
break;
|
||||||
|
#endif /* HAVE_GROUP_QUOTA */
|
||||||
|
case SMB_USER_FS_QUOTA_TYPE:
|
||||||
|
/* this stuff didn't work as it should:
|
||||||
|
* switching on/off quota via quotactl()
|
||||||
|
* didn't work!
|
||||||
|
* So we only set the default limits
|
||||||
|
* --metze
|
||||||
|
*
|
||||||
|
* On HPUX we didn't have the mount path,
|
||||||
|
* we need to fix sys_path_to_bdev()
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#if 0
|
||||||
|
uid = getuid();
|
||||||
|
|
||||||
|
ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), bdev, uid, (CADDR_T)&D);
|
||||||
|
|
||||||
|
if ((qflags"AS_DENY_DISK)||(qflags"AS_ENABLED)) {
|
||||||
|
if (ret == 0) {
|
||||||
|
char *quota_file = NULL;
|
||||||
|
|
||||||
|
asprintf("a_file,"/%s/%s%s",path, QUOTAFILENAME,USERQUOTAFILE_EXTENSION);
|
||||||
|
if (quota_file == NULL) {
|
||||||
|
DEBUG(0,("asprintf() failed!\n"));
|
||||||
|
errno = ENOMEM;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = quotactl(QCMD(Q_QUOTAON,USRQUOTA), bdev, -1,(CADDR_T)quota_file);
|
||||||
|
} else {
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (ret != 0) {
|
||||||
|
/* turn off */
|
||||||
|
ret = quotactl(QCMD(Q_QUOTAOFF,USRQUOTA), bdev, -1, (CADDR_T)0);
|
||||||
|
} else {
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
DEBUG(0,("vfs_fs_quota: ret(%d) errno(%d)[%s] uid(%d) bdev[%s]\n",
|
||||||
|
ret,errno,strerror(errno),uid,bdev));
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* we use uid == 0 for default quotas */
|
||||||
|
ret = quotactl(QCMD(Q_SETQLIM,USRQUOTA), bdev, 0, (CADDR_T)&D);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*#endif HAVE_QUOTACTL_4A */
|
||||||
|
#elif defined(HAVE_QUOTACTL_4B)
|
||||||
|
|
||||||
|
#error HAVE_QUOTACTL_4B not implemeted
|
||||||
|
|
||||||
|
/*#endif HAVE_QUOTACTL_4B */
|
||||||
|
#elif defined(HAVE_QUOTACTL_3)
|
||||||
|
|
||||||
|
#error HAVE_QUOTACTL_3 not implemented
|
||||||
|
|
||||||
|
/* #endif HAVE_QUOTACTL_3 */
|
||||||
|
#else /* NO_QUOTACTL_USED */
|
||||||
|
|
||||||
|
static int sys_get_vfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if (!path||!bdev||!dp)
|
||||||
|
smb_panic("sys_get_vfs_quota: called with NULL pointer");
|
||||||
|
|
||||||
|
errno = ENOSYS;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int sys_set_vfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if (!path||!bdev||!dp)
|
||||||
|
smb_panic("sys_set_vfs_quota: called with NULL pointer");
|
||||||
|
|
||||||
|
errno = ENOSYS;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* NO_QUOTACTL_USED */
|
||||||
|
|
||||||
|
#ifdef HAVE_MNTENT
|
||||||
|
static int sys_path_to_bdev(const char *path, char **mntpath, char **bdev, char **fs)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
SMB_STRUCT_STAT S;
|
||||||
|
FILE *fp;
|
||||||
|
struct mntent *mnt;
|
||||||
|
SMB_DEV_T devno;
|
||||||
|
|
||||||
|
/* find the block device file */
|
||||||
|
|
||||||
|
if (!path||!mntpath||!bdev||!fs)
|
||||||
|
smb_panic("sys_path_to_bdev: called with NULL pointer");
|
||||||
|
|
||||||
|
(*mntpath) = NULL;
|
||||||
|
(*bdev) = NULL;
|
||||||
|
(*fs) = NULL;
|
||||||
|
|
||||||
|
if ( sys_stat(path, &S) == -1 )
|
||||||
|
return (-1);
|
||||||
|
|
||||||
|
devno = S.st_dev ;
|
||||||
|
|
||||||
|
fp = setmntent(MOUNTED,"r");
|
||||||
|
|
||||||
|
while ((mnt = getmntent(fp))) {
|
||||||
|
if ( sys_stat(mnt->mnt_dir,&S) == -1 )
|
||||||
|
continue ;
|
||||||
|
|
||||||
|
if (S.st_dev == devno) {
|
||||||
|
(*mntpath) = strdup(mnt->mnt_dir);
|
||||||
|
(*bdev) = strdup(mnt->mnt_fsname);
|
||||||
|
(*fs) = strdup(mnt->mnt_type);
|
||||||
|
if ((*mntpath)&&(*bdev)&&(*fs)) {
|
||||||
|
ret = 0;
|
||||||
|
} else {
|
||||||
|
SAFE_FREE(*mntpath);
|
||||||
|
SAFE_FREE(*bdev);
|
||||||
|
SAFE_FREE(*fs);
|
||||||
|
ret = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
endmntent(fp) ;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
/* #endif HAVE_MNTENT */
|
||||||
|
#elif defined(HAVE_DEVNM)
|
||||||
|
|
||||||
|
/* we have this on HPUX, ... */
|
||||||
|
static int sys_path_to_bdev(const char *path, char **mntpath, char **bdev, char **fs)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
char dev_disk[256];
|
||||||
|
SMB_STRUCT_STAT S;
|
||||||
|
|
||||||
|
if (!path||!mntpath||!bdev||!fs)
|
||||||
|
smb_panic("sys_path_to_bdev: called with NULL pointer");
|
||||||
|
|
||||||
|
(*mntpath) = NULL;
|
||||||
|
(*bdev) = NULL;
|
||||||
|
(*fs) = NULL;
|
||||||
|
|
||||||
|
/* find the block device file */
|
||||||
|
|
||||||
|
if ((ret=sys_stat(path, &S))!=0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((ret=devnm(S_IFBLK, S.st_dev, dev_disk, 256, 1))!=0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* we should get the mntpath right...
|
||||||
|
* but I don't know how
|
||||||
|
* --metze
|
||||||
|
*/
|
||||||
|
(*mntpath) = strdup(path);
|
||||||
|
(*bdev) = strdup(dev_disk);
|
||||||
|
if ((*mntpath)&&(*bdev)) {
|
||||||
|
ret = 0;
|
||||||
|
} else {
|
||||||
|
SAFE_FREE(*mntpath);
|
||||||
|
SAFE_FREE(*bdev);
|
||||||
|
ret = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* #endif HAVE_DEVNM */
|
||||||
|
#else
|
||||||
|
/* we should fake this up...*/
|
||||||
|
static int sys_path_to_bdev(const char *path, char **mntpath, char **bdev, char **fs)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if (!path||!mntpath||!bdev||!fs)
|
||||||
|
smb_panic("sys_path_to_bdev: called with NULL pointer");
|
||||||
|
|
||||||
|
(*mntpath) = NULL;
|
||||||
|
(*bdev) = NULL;
|
||||||
|
(*fs) = NULL;
|
||||||
|
|
||||||
|
(*mntpath) = strdup(path);
|
||||||
|
if (*mntpath) {
|
||||||
|
ret = 0;
|
||||||
|
} else {
|
||||||
|
SAFE_FREE(*mntpath);
|
||||||
|
ret = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/*********************************************************
|
||||||
|
if we have XFS QUOTAS we should use them
|
||||||
|
*********************************************************/
|
||||||
|
#ifdef HAVE_XFS_QUOTA
|
||||||
|
/****************************************************************************
|
||||||
|
Abstract out the XFS Quota Manager quota get call.
|
||||||
|
****************************************************************************/
|
||||||
|
static int sys_get_xfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
uint32 qflags = 0;
|
||||||
|
SMB_BIG_UINT bsize = (SMB_BIG_UINT)BBSIZE;
|
||||||
|
struct fs_disk_quota D;
|
||||||
|
struct fs_quota_stat F;
|
||||||
|
ZERO_STRUCT(D);
|
||||||
|
ZERO_STRUCT(F);
|
||||||
|
|
||||||
|
if (!bdev||!dp)
|
||||||
|
smb_panic("sys_get_xfs_quota: called with NULL pointer");
|
||||||
|
|
||||||
|
ZERO_STRUCT(*dp);
|
||||||
|
dp->qtype = qtype;
|
||||||
|
|
||||||
|
switch (qtype) {
|
||||||
|
case SMB_USER_QUOTA_TYPE:
|
||||||
|
/* we use id.uid == 0 for default quotas */
|
||||||
|
if (id.uid == 0) {
|
||||||
|
ret = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if ((ret=quotactl(QCMD(Q_XGETQUOTA,USRQUOTA), bdev, id.uid, (CADDR_T)&D)))
|
||||||
|
return ret;
|
||||||
|
break;
|
||||||
|
#ifdef HAVE_GROUP_QUOTA
|
||||||
|
case SMB_GROUP_QUOTA_TYPE:
|
||||||
|
if ((ret=quotactl(QCMD(Q_XGETQUOTA,GRPQUOTA), bdev, id.gid, (CADDR_T)&D)))
|
||||||
|
return ret;
|
||||||
|
break;
|
||||||
|
#endif /* HAVE_GROUP_QUOTA */
|
||||||
|
case SMB_USER_FS_QUOTA_TYPE:
|
||||||
|
/* TODO: get quota status from quotactl() ... */
|
||||||
|
if ((ret = quotactl(QCMD(Q_XGETQSTAT,USRQUOTA), bdev, -1, (CADDR_T)&F)))
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
if (F.qs_flags & XFS_QUOTA_UDQ_ENFD) {
|
||||||
|
qflags |= QUOTAS_DENY_DISK;
|
||||||
|
}
|
||||||
|
else if (F.qs_flags & XFS_QUOTA_UDQ_ACCT) {
|
||||||
|
qflags |= QUOTAS_ENABLED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* we use uid == 0 for default quotas */
|
||||||
|
if ((ret=quotactl(QCMD(Q_XGETQUOTA,USRQUOTA), bdev, 0, (CADDR_T)&D)))
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
dp->bsize = bsize;
|
||||||
|
dp->softlimit = (SMB_BIG_UINT)D.d_blk_softlimit;
|
||||||
|
dp->hardlimit = (SMB_BIG_UINT)D.d_blk_hardlimit;
|
||||||
|
dp->ihardlimit = (SMB_BIG_UINT)D.d_ino_hardlimit;
|
||||||
|
dp->isoftlimit = (SMB_BIG_UINT)D.d_ino_softlimit;
|
||||||
|
dp->curinodes = (SMB_BIG_UINT)D.d_icount;
|
||||||
|
dp->curblocks = (SMB_BIG_UINT)D.d_bcount;
|
||||||
|
dp->qflags = qflags;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
Abstract out the XFS Quota Manager quota set call.
|
||||||
|
****************************************************************************/
|
||||||
|
static int sys_set_xfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
uint32 qflags = 0;
|
||||||
|
SMB_BIG_UINT bsize = (SMB_BIG_UINT)BBSIZE;
|
||||||
|
struct fs_disk_quota D;
|
||||||
|
struct fs_quota_stat F;
|
||||||
|
int q_on = 0;
|
||||||
|
int q_off = 0;
|
||||||
|
ZERO_STRUCT(D);
|
||||||
|
ZERO_STRUCT(F);
|
||||||
|
|
||||||
|
if (!bdev||!dp)
|
||||||
|
smb_panic("sys_set_xfs_quota: called with NULL pointer");
|
||||||
|
|
||||||
|
if (bsize == dp->bsize) {
|
||||||
|
D.d_blk_softlimit = dp->softlimit;
|
||||||
|
D.d_blk_hardlimit = dp->hardlimit;
|
||||||
|
D.d_ino_hardlimit = dp->ihardlimit;
|
||||||
|
D.d_ino_softlimit = dp->isoftlimit;
|
||||||
|
} else {
|
||||||
|
D.d_blk_softlimit = (dp->softlimit*dp->bsize)/bsize;
|
||||||
|
D.d_blk_hardlimit = (dp->hardlimit*dp->bsize)/bsize;
|
||||||
|
D.d_ino_hardlimit = (dp->ihardlimit*dp->bsize)/bsize;
|
||||||
|
D.d_ino_softlimit = (dp->isoftlimit*dp->bsize)/bsize;
|
||||||
|
}
|
||||||
|
|
||||||
|
qflags = dp->qflags;
|
||||||
|
|
||||||
|
switch (qtype) {
|
||||||
|
case SMB_USER_QUOTA_TYPE:
|
||||||
|
/* we use uid == 0 for default quotas */
|
||||||
|
if (id.uid>0) {
|
||||||
|
D.d_fieldmask |= FS_DQ_LIMIT_MASK;
|
||||||
|
ret = quotactl(QCMD(Q_XSETQLIM,USRQUOTA), bdev, id.uid, (CADDR_T)&D);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
#ifdef HAVE_GROUP_QUOTA
|
||||||
|
case SMB_GROUP_QUOTA_TYPE:
|
||||||
|
D.d_fieldmask |= FS_DQ_LIMIT_MASK;
|
||||||
|
ret = quotactl(QCMD(Q_XSETQLIM,GRPQUOTA), bdev, id.gid, (CADDR_T)&D);
|
||||||
|
break;
|
||||||
|
#endif /* HAVE_GROUP_QUOTA */
|
||||||
|
case SMB_USER_FS_QUOTA_TYPE:
|
||||||
|
/* TODO */
|
||||||
|
quotactl(QCMD(Q_XGETQSTAT,USRQUOTA), bdev, -1, (CADDR_T)&F);
|
||||||
|
|
||||||
|
if (qflags & QUOTAS_DENY_DISK) {
|
||||||
|
if (!(F.qs_flags & XFS_QUOTA_UDQ_ENFD))
|
||||||
|
q_on |= XFS_QUOTA_UDQ_ENFD;
|
||||||
|
if (!(F.qs_flags & XFS_QUOTA_UDQ_ACCT))
|
||||||
|
q_on |= XFS_QUOTA_UDQ_ACCT;
|
||||||
|
|
||||||
|
if (q_on != 0) {
|
||||||
|
ret = quotactl(QCMD(Q_XQUOTAON,USRQUOTA),bdev, -1, (CADDR_T)&q_on);
|
||||||
|
}
|
||||||
|
|
||||||
|
} else if (qflags & QUOTAS_ENABLED) {
|
||||||
|
if (F.qs_flags & XFS_QUOTA_UDQ_ENFD)
|
||||||
|
q_off |= XFS_QUOTA_UDQ_ENFD;
|
||||||
|
|
||||||
|
if (q_off != 0) {
|
||||||
|
ret = quotactl(QCMD(Q_XQUOTAOFF,USRQUOTA),bdev, -1, (CADDR_T)&q_off);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!(F.qs_flags & XFS_QUOTA_UDQ_ACCT))
|
||||||
|
q_on |= XFS_QUOTA_UDQ_ACCT;
|
||||||
|
|
||||||
|
if (q_on != 0) {
|
||||||
|
ret = quotactl(QCMD(Q_XQUOTAON,USRQUOTA),bdev, -1, (CADDR_T)&q_on);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
#if 0
|
||||||
|
/* Switch on XFS_QUOTA_UDQ_ACCT didn't work!
|
||||||
|
* only swittching off XFS_QUOTA_UDQ_ACCT work
|
||||||
|
*/
|
||||||
|
if (F.qs_flags & XFS_QUOTA_UDQ_ENFD)
|
||||||
|
q_off |= XFS_QUOTA_UDQ_ENFD;
|
||||||
|
if (F.qs_flags & XFS_QUOTA_UDQ_ACCT)
|
||||||
|
q_off |= XFS_QUOTA_UDQ_ACCT;
|
||||||
|
|
||||||
|
if (q_off !=0) {
|
||||||
|
ret = quotactl(QCMD(Q_XQUOTAOFF,USRQUOTA),bdev, -1, (CADDR_T)&q_off);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
/* we use uid == 0 for default quotas */
|
||||||
|
D.d_fieldmask |= FS_DQ_LIMIT_MASK;
|
||||||
|
ret = quotactl(QCMD(Q_XSETQLIM,USRQUOTA), bdev, 0, (CADDR_T)&D);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#endif /* HAVE_XFS_QUOTA */
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/*********************************************************************
|
||||||
|
Now the list of all filesystem specific quota systems we have found
|
||||||
|
**********************************************************************/
|
||||||
|
static struct {
|
||||||
|
const char *name;
|
||||||
|
int (*get_quota)(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp);
|
||||||
|
int (*set_quota)(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp);
|
||||||
|
} sys_quota_backends[] = {
|
||||||
|
#ifdef HAVE_XFS_QUOTA
|
||||||
|
{"xfs", sys_get_xfs_quota, sys_set_xfs_quota},
|
||||||
|
#endif /* HAVE_XFS_QUOTA */
|
||||||
|
{NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
static int command_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
const char *get_quota_command;
|
||||||
|
|
||||||
|
get_quota_command = lp_get_quota_command();
|
||||||
|
if (get_quota_command && *get_quota_command) {
|
||||||
|
const char *p;
|
||||||
|
char *p2;
|
||||||
|
char **lines;
|
||||||
|
pstring syscmd;
|
||||||
|
int _id = -1;
|
||||||
|
|
||||||
|
switch(qtype) {
|
||||||
|
case SMB_USER_QUOTA_TYPE:
|
||||||
|
case SMB_USER_FS_QUOTA_TYPE:
|
||||||
|
_id = id.uid;
|
||||||
|
break;
|
||||||
|
case SMB_GROUP_QUOTA_TYPE:
|
||||||
|
case SMB_GROUP_FS_QUOTA_TYPE:
|
||||||
|
_id = id.gid;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
DEBUG(0,("invalid quota type.\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
slprintf(syscmd, sizeof(syscmd)-1,
|
||||||
|
"%s \"%s\" %d %d",
|
||||||
|
get_quota_command, path, qtype, _id);
|
||||||
|
|
||||||
|
DEBUG (3, ("get_quota: Running command %s\n", syscmd));
|
||||||
|
|
||||||
|
lines = file_lines_pload(syscmd, NULL);
|
||||||
|
if (lines) {
|
||||||
|
char *line = lines[0];
|
||||||
|
|
||||||
|
DEBUG (3, ("Read output from get_quota, \"r%s\"\n", line));
|
||||||
|
|
||||||
|
/* we need to deal with long long unsigned here, if supported */
|
||||||
|
|
||||||
|
dp->qflags = (enum SMB_QUOTA_TYPE)strtoul(line, &p2, 10);
|
||||||
|
p = p2;
|
||||||
|
while (p && *p && isspace(*p))
|
||||||
|
p++;
|
||||||
|
if (p && *p)
|
||||||
|
dp->curblocks = STR_TO_SMB_BIG_UINT(p, &p);
|
||||||
|
else
|
||||||
|
goto invalid_param;
|
||||||
|
while (p && *p && isspace(*p))
|
||||||
|
p++;
|
||||||
|
if (p && *p)
|
||||||
|
dp->softlimit = STR_TO_SMB_BIG_UINT(p, &p);
|
||||||
|
else
|
||||||
|
goto invalid_param;
|
||||||
|
while (p && *p && isspace(*p))
|
||||||
|
p++;
|
||||||
|
if (p && *p)
|
||||||
|
dp->hardlimit = STR_TO_SMB_BIG_UINT(p, &p);
|
||||||
|
else
|
||||||
|
goto invalid_param;
|
||||||
|
while (p && *p && isspace(*p))
|
||||||
|
p++;
|
||||||
|
if (p && *p)
|
||||||
|
dp->curinodes = STR_TO_SMB_BIG_UINT(p, &p);
|
||||||
|
else
|
||||||
|
goto invalid_param;
|
||||||
|
while (p && *p && isspace(*p))
|
||||||
|
p++;
|
||||||
|
if (p && *p)
|
||||||
|
dp->isoftlimit = STR_TO_SMB_BIG_UINT(p, &p);
|
||||||
|
else
|
||||||
|
goto invalid_param;
|
||||||
|
while (p && *p && isspace(*p))
|
||||||
|
p++;
|
||||||
|
if (p && *p)
|
||||||
|
dp->ihardlimit = STR_TO_SMB_BIG_UINT(p, &p);
|
||||||
|
else
|
||||||
|
goto invalid_param;
|
||||||
|
while (p && *p && isspace(*p))
|
||||||
|
p++;
|
||||||
|
if (p && *p)
|
||||||
|
dp->bsize = STR_TO_SMB_BIG_UINT(p, NULL);
|
||||||
|
else
|
||||||
|
dp->bsize = 1024;
|
||||||
|
file_lines_free(lines);
|
||||||
|
DEBUG (3, ("Parsed output of get_quota, ...\n"));
|
||||||
|
|
||||||
|
#ifdef LARGE_SMB_OFF_T
|
||||||
|
DEBUGADD (5,(
|
||||||
|
"qflags:%u curblocks:%llu softlimit:%llu hardlimit:%llu\n"
|
||||||
|
"curinodes:%llu isoftlimit:%llu ihardlimit:%llu bsize:%llu\n",
|
||||||
|
dp->qflags,(long long unsigned)dp->curblocks,
|
||||||
|
(long long unsigned)dp->softlimit,(long long unsigned)dp->hardlimit,
|
||||||
|
(long long unsigned)dp->curinodes,
|
||||||
|
(long long unsigned)dp->isoftlimit,(long long unsigned)dp->ihardlimit,
|
||||||
|
(long long unsigned)dp->bsize));
|
||||||
|
#else /* LARGE_SMB_OFF_T */
|
||||||
|
DEBUGADD (5,(
|
||||||
|
"qflags:%u curblocks:%lu softlimit:%lu hardlimit:%lu\n"
|
||||||
|
"curinodes:%lu isoftlimit:%lu ihardlimit:%lu bsize:%lu\n",
|
||||||
|
dp->qflags,(long unsigned)dp->curblocks,
|
||||||
|
(long unsigned)dp->softlimit,(long unsigned)dp->hardlimit,
|
||||||
|
(long unsigned)dp->curinodes,
|
||||||
|
(long unsigned)dp->isoftlimit,(long unsigned)dp->ihardlimit,
|
||||||
|
(long unsigned)dp->bsize));
|
||||||
|
#endif /* LARGE_SMB_OFF_T */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
DEBUG (0, ("get_quota_command failed!\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
invalid_param:
|
||||||
|
DEBUG(0,("The output of get_quota_command is invalid!\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int command_set_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
const char *set_quota_command;
|
||||||
|
|
||||||
|
set_quota_command = lp_set_quota_command();
|
||||||
|
if (set_quota_command && *set_quota_command) {
|
||||||
|
char **lines;
|
||||||
|
pstring syscmd;
|
||||||
|
int _id = -1;
|
||||||
|
|
||||||
|
switch(qtype) {
|
||||||
|
case SMB_USER_QUOTA_TYPE:
|
||||||
|
case SMB_USER_FS_QUOTA_TYPE:
|
||||||
|
_id = id.uid;
|
||||||
|
break;
|
||||||
|
case SMB_GROUP_QUOTA_TYPE:
|
||||||
|
case SMB_GROUP_FS_QUOTA_TYPE:
|
||||||
|
_id = id.gid;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef LARGE_SMB_OFF_T
|
||||||
|
slprintf(syscmd, sizeof(syscmd)-1,
|
||||||
|
"%s \"%s\" %d %d "
|
||||||
|
"%u %llu %llu "
|
||||||
|
"%llu %llu %llu ",
|
||||||
|
set_quota_command, path, qtype, _id, dp->qflags,
|
||||||
|
(long long unsigned)dp->softlimit,(long long unsigned)dp->hardlimit,
|
||||||
|
(long long unsigned)dp->isoftlimit,(long long unsigned)dp->ihardlimit,
|
||||||
|
(long long unsigned)dp->bsize);
|
||||||
|
#else /* LARGE_SMB_OFF_T */
|
||||||
|
slprintf(syscmd, sizeof(syscmd)-1,
|
||||||
|
"%s \"%s\" %d %d "
|
||||||
|
"%u %lu %lu "
|
||||||
|
"%lu %lu %lu ",
|
||||||
|
set_quota_command, path, qtype, _id, dp->qflags,
|
||||||
|
(long unsigned)dp->softlimit,(long unsigned)dp->hardlimit,
|
||||||
|
(long unsigned)dp->isoftlimit,(long unsigned)dp->ihardlimit,
|
||||||
|
(long unsigned)dp->bsize);
|
||||||
|
#endif /* LARGE_SMB_OFF_T */
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
DEBUG (3, ("get_quota: Running command %s\n", syscmd));
|
||||||
|
|
||||||
|
lines = file_lines_pload(syscmd, NULL);
|
||||||
|
if (lines) {
|
||||||
|
char *line = lines[0];
|
||||||
|
|
||||||
|
DEBUG (3, ("Read output from set_quota, \"%s\"\n", line));
|
||||||
|
|
||||||
|
file_lines_free(lines);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
DEBUG (0, ("set_quota_command failed!\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int sys_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
int i;
|
||||||
|
BOOL ready = False;
|
||||||
|
char *mntpath = NULL;
|
||||||
|
char *bdev = NULL;
|
||||||
|
char *fs = NULL;
|
||||||
|
|
||||||
|
if (!path||!dp)
|
||||||
|
smb_panic("sys_get_quota: called with NULL pointer");
|
||||||
|
|
||||||
|
if (command_get_quota(path, qtype, id, dp)==0) {
|
||||||
|
return 0;
|
||||||
|
} else if (errno != ENOSYS) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((ret=sys_path_to_bdev(path,&mntpath,&bdev,&fs))!=0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0;(fs && sys_quota_backends[i].name && sys_quota_backends[i].get_quota);i++) {
|
||||||
|
if (strcmp(fs,sys_quota_backends[i].name)==0) {
|
||||||
|
ret = sys_quota_backends[i].get_quota(mntpath, bdev, qtype, id, dp);
|
||||||
|
ready = True;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!ready) {
|
||||||
|
/* use the default vfs quota functions */
|
||||||
|
ret = sys_get_vfs_quota(mntpath, bdev, qtype, id, dp);
|
||||||
|
}
|
||||||
|
|
||||||
|
SAFE_FREE(mntpath);
|
||||||
|
SAFE_FREE(bdev);
|
||||||
|
SAFE_FREE(fs);
|
||||||
|
|
||||||
|
if ((ret!=0)&& (errno == EDQUOT)) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int sys_set_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
int i;
|
||||||
|
BOOL ready = False;
|
||||||
|
char *mntpath = NULL;
|
||||||
|
char *bdev = NULL;
|
||||||
|
char *fs = NULL;
|
||||||
|
|
||||||
|
/* find the block device file */
|
||||||
|
|
||||||
|
if (!path||!dp)
|
||||||
|
smb_panic("get_smb_quota: called with NULL pointer");
|
||||||
|
|
||||||
|
if (command_set_quota(path, qtype, id, dp)==0) {
|
||||||
|
return 0;
|
||||||
|
} else if (errno != ENOSYS) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((ret=sys_path_to_bdev(path,&mntpath,&bdev,&fs))!=0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0;(fs && sys_quota_backends[i].name && sys_quota_backends[i].set_quota);i++) {
|
||||||
|
if (strcmp(fs,sys_quota_backends[i].name)==0) {
|
||||||
|
ret = sys_quota_backends[i].set_quota(mntpath, bdev, qtype, id, dp);
|
||||||
|
ready = True;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!ready) {
|
||||||
|
/* use the default vfs quota functions */
|
||||||
|
ret=sys_set_vfs_quota(mntpath, bdev, qtype, id, dp);
|
||||||
|
}
|
||||||
|
|
||||||
|
SAFE_FREE(mntpath);
|
||||||
|
SAFE_FREE(bdev);
|
||||||
|
SAFE_FREE(fs);
|
||||||
|
|
||||||
|
if ((ret!=0)&& (errno == EDQUOT)) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
#else /* HAVE_SYS_QUOTAS */
|
||||||
|
void dummy_sysquotas_c(void)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
#endif /* HAVE_SYS_QUOTAS */
|
||||||
|
|
||||||
|
#else /* ! AUTOCONF_TEST */
|
||||||
|
/* this is the autoconf driver to test witch quota system we should use */
|
||||||
|
|
||||||
|
#if defined(HAVE_QUOTACTL_4A)
|
||||||
|
/* long quotactl(int cmd, char *special, qid_t id, caddr_t addr) */
|
||||||
|
|
||||||
|
#ifdef HAVE_SYS_TYPES_H
|
||||||
|
#include <sys/types.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_ASM_TYPES_H
|
||||||
|
#include <asm/types.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(HAVE_LINUX_QUOTA_H)
|
||||||
|
# include <linux/quota.h>
|
||||||
|
# if defined(HAVE_STRUCT_IF_DQBLK)
|
||||||
|
# define SYS_DQBLK if_dqblk
|
||||||
|
# elif defined(HAVE_STRUCT_MEM_DQBLK)
|
||||||
|
# define SYS_DQBLK mem_dqblk
|
||||||
|
# endif
|
||||||
|
#elif defined(HAVE_SYS_QUOTA_H)
|
||||||
|
# include <sys/quota.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef SYS_DQBLK
|
||||||
|
#define SYS_DQBLK dqblk
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int autoconf_quota(void)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
struct SYS_DQBLK D;
|
||||||
|
|
||||||
|
ret = quotactl(Q_GETQUOTA,"/dev/hda1",0,(void *)&D);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
#elif defined(HAVE_QUOTACTL_4B)
|
||||||
|
/* int quotactl(const char *path, int cmd, int id, char *addr); */
|
||||||
|
|
||||||
|
#ifdef HAVE_SYS_QUOTA_H
|
||||||
|
#include <sys/quota.h>
|
||||||
|
#else /* *BSD */
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <ufs/ufs/quota.h>
|
||||||
|
#include <machine/param.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int autoconf_quota(void)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
struct dqblk D;
|
||||||
|
|
||||||
|
ret = quotactl("/",Q_GETQUOTA,0,(char *) &D);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
#elif defined(HAVE_QUOTACTL_3)
|
||||||
|
/* int quotactl (char *spec, int request, char *arg); */
|
||||||
|
|
||||||
|
#ifdef HAVE_SYS_TYPES_H
|
||||||
|
#include <sys/types.h>
|
||||||
|
#endif
|
||||||
|
#ifdef HAVE_SYS_QUOTA_H
|
||||||
|
#include <sys/quota.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int autoconf_quota(void)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
struct q_request request;
|
||||||
|
|
||||||
|
ret = quotactl("/", Q_GETQUOTA, &request);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
#elif defined(HAVE_QUOTACTL_2)
|
||||||
|
|
||||||
|
#error HAVE_QUOTACTL_2 not implemented
|
||||||
|
|
||||||
|
#else
|
||||||
|
|
||||||
|
#error Unknow QUOTACTL prototype
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int main(void)
|
||||||
|
{
|
||||||
|
autoconf_quota();
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif /* AUTOCONF_TEST */
|
158
source3/libsmb/conncache.c
Normal file
158
source3/libsmb/conncache.c
Normal file
@ -0,0 +1,158 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
|
||||||
|
Winbind daemon connection manager
|
||||||
|
|
||||||
|
Copyright (C) Tim Potter 2001
|
||||||
|
Copyright (C) Andrew Bartlett 2002
|
||||||
|
Copyright (C) Gerald (Jerry) Carter 2003
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
#define FAILED_CONNECTION_CACHE_TIMEOUT 30 /* Seconds between attempts */
|
||||||
|
|
||||||
|
#define CONNCACHE_ADDR 1
|
||||||
|
#define CONNCACHE_NAME 2
|
||||||
|
|
||||||
|
/* cache entry contains either a server name **or** and IP address as
|
||||||
|
the key. This means that a server could have two entries (one for each key) */
|
||||||
|
|
||||||
|
struct failed_connection_cache {
|
||||||
|
fstring domain_name;
|
||||||
|
fstring controller;
|
||||||
|
time_t lookup_time;
|
||||||
|
NTSTATUS nt_status;
|
||||||
|
struct failed_connection_cache *prev, *next;
|
||||||
|
};
|
||||||
|
|
||||||
|
static struct failed_connection_cache *failed_connection_cache;
|
||||||
|
|
||||||
|
/**********************************************************************
|
||||||
|
Check for a previously failed connection
|
||||||
|
**********************************************************************/
|
||||||
|
|
||||||
|
NTSTATUS check_negative_conn_cache( const char *domain, const char *server )
|
||||||
|
{
|
||||||
|
struct failed_connection_cache *fcc;
|
||||||
|
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||||
|
|
||||||
|
/* can't check if we don't have strings */
|
||||||
|
|
||||||
|
if ( !domain || !server )
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
|
||||||
|
for (fcc = failed_connection_cache; fcc; fcc = fcc->next) {
|
||||||
|
|
||||||
|
if ( !(strequal(domain, fcc->domain_name) && strequal(server, fcc->controller)) )
|
||||||
|
continue; /* no match; check the next entry */
|
||||||
|
|
||||||
|
/* we have a match so see if it is still current */
|
||||||
|
|
||||||
|
if ((time(NULL) - fcc->lookup_time) > FAILED_CONNECTION_CACHE_TIMEOUT)
|
||||||
|
{
|
||||||
|
/* Cache entry has expired, delete it */
|
||||||
|
|
||||||
|
DEBUG(10, ("check_negative_conn_cache: cache entry expired for %s, %s\n",
|
||||||
|
domain, server ));
|
||||||
|
|
||||||
|
DLIST_REMOVE(failed_connection_cache, fcc);
|
||||||
|
SAFE_FREE(fcc);
|
||||||
|
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* The timeout hasn't expired yet so return false */
|
||||||
|
|
||||||
|
DEBUG(10, ("check_negative_conn_cache: returning negative entry for %s, %s\n",
|
||||||
|
domain, server ));
|
||||||
|
|
||||||
|
result = fcc->nt_status;
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* end of function means no cache entry */
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**********************************************************************
|
||||||
|
Add an entry to the failed conneciton cache (aither a name of dotted
|
||||||
|
decimal IP
|
||||||
|
**********************************************************************/
|
||||||
|
|
||||||
|
void add_failed_connection_entry(const char *domain, const char *server, NTSTATUS result)
|
||||||
|
{
|
||||||
|
struct failed_connection_cache *fcc;
|
||||||
|
|
||||||
|
SMB_ASSERT(!NT_STATUS_IS_OK(result));
|
||||||
|
|
||||||
|
/* Check we already aren't in the cache. We always have to have
|
||||||
|
a domain, but maybe not a specific DC name. */
|
||||||
|
|
||||||
|
for (fcc = failed_connection_cache; fcc; fcc = fcc->next) {
|
||||||
|
if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) )
|
||||||
|
{
|
||||||
|
DEBUG(10, ("add_failed_connection_entry: domain %s (%s) already tried and failed\n",
|
||||||
|
domain, server ));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Create negative lookup cache entry for this domain and controller */
|
||||||
|
|
||||||
|
if ( !(fcc = (struct failed_connection_cache *)malloc(sizeof(struct failed_connection_cache))) )
|
||||||
|
{
|
||||||
|
DEBUG(0, ("malloc failed in add_failed_connection_entry!\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
ZERO_STRUCTP(fcc);
|
||||||
|
|
||||||
|
fstrcpy( fcc->domain_name, domain );
|
||||||
|
fstrcpy( fcc->controller, server );
|
||||||
|
fcc->lookup_time = time(NULL);
|
||||||
|
fcc->nt_status = result;
|
||||||
|
|
||||||
|
DEBUG(10,("add_failed_connection_entry: added domain %s (%s) to failed conn cache\n",
|
||||||
|
domain, server ));
|
||||||
|
|
||||||
|
DLIST_ADD(failed_connection_cache, fcc);
|
||||||
|
}
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
|
void flush_negative_conn_cache( void )
|
||||||
|
{
|
||||||
|
struct failed_connection_cache *fcc;
|
||||||
|
|
||||||
|
fcc = failed_connection_cache;
|
||||||
|
|
||||||
|
while (fcc) {
|
||||||
|
struct failed_connection_cache *fcc_next;
|
||||||
|
|
||||||
|
fcc_next = fcc->next;
|
||||||
|
DLIST_REMOVE(failed_connection_cache, fcc);
|
||||||
|
free(fcc);
|
||||||
|
|
||||||
|
fcc = fcc_next;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
238
source3/libsmb/samlogon_cache.c
Normal file
238
source3/libsmb/samlogon_cache.c
Normal file
@ -0,0 +1,238 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
Net_sam_logon info3 helpers
|
||||||
|
Copyright (C) Alexander Bokovoy 2002.
|
||||||
|
Copyright (C) Andrew Bartlett 2002.
|
||||||
|
Copyright (C) Gerald Carter 2003.
|
||||||
|
Copyright (C) Tim Potter 2003.
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
#define NETSAMLOGON_TDB "netsamlogon_cache.tdb"
|
||||||
|
|
||||||
|
static TDB_CONTEXT *netsamlogon_tdb = NULL;
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
open the tdb
|
||||||
|
***********************************************************************/
|
||||||
|
|
||||||
|
BOOL netsamlogon_cache_init(void)
|
||||||
|
{
|
||||||
|
if (!netsamlogon_tdb) {
|
||||||
|
netsamlogon_tdb = tdb_open_log(lock_path(NETSAMLOGON_TDB), 0,
|
||||||
|
TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
|
||||||
|
}
|
||||||
|
|
||||||
|
return (netsamlogon_tdb != NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
Shutdown samlogon_cache database
|
||||||
|
***********************************************************************/
|
||||||
|
|
||||||
|
BOOL netsamlogon_cache_shutdown(void)
|
||||||
|
{
|
||||||
|
if(netsamlogon_tdb)
|
||||||
|
return (tdb_close(netsamlogon_tdb) == 0);
|
||||||
|
|
||||||
|
return True;
|
||||||
|
}
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
Clear cache getpwnam and getgroups entries from the winbindd cache
|
||||||
|
***********************************************************************/
|
||||||
|
void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user)
|
||||||
|
{
|
||||||
|
fstring domain;
|
||||||
|
TDB_DATA key;
|
||||||
|
BOOL got_tdb = False;
|
||||||
|
|
||||||
|
/* We may need to call this function from smbd which will not have
|
||||||
|
winbindd_cache.tdb open. Open the tdb if a NULL is passed. */
|
||||||
|
|
||||||
|
if (!tdb) {
|
||||||
|
tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
|
||||||
|
TDB_DEFAULT, O_RDWR, 0600);
|
||||||
|
if (!tdb) {
|
||||||
|
DEBUG(5, ("netsamlogon_clear_cached_user: failed to open cache\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
got_tdb = True;
|
||||||
|
}
|
||||||
|
|
||||||
|
unistr2_to_ascii(domain, &user->uni_logon_dom, sizeof(domain) - 1);
|
||||||
|
|
||||||
|
/* Clear U/DOMAIN/RID cache entry */
|
||||||
|
|
||||||
|
asprintf(&key.dptr, "U/%s/%d", domain, user->user_rid);
|
||||||
|
key.dsize = strlen(key.dptr) - 1; /* keys are not NULL terminated */
|
||||||
|
|
||||||
|
DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key.dptr));
|
||||||
|
|
||||||
|
tdb_delete(tdb, key);
|
||||||
|
|
||||||
|
SAFE_FREE(key.dptr);
|
||||||
|
|
||||||
|
/* Clear UG/DOMAIN/RID cache entry */
|
||||||
|
|
||||||
|
asprintf(&key.dptr, "UG/%s/%d", domain, user->user_rid);
|
||||||
|
key.dsize = strlen(key.dptr) - 1; /* keys are not NULL terminated */
|
||||||
|
|
||||||
|
DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key.dptr));
|
||||||
|
|
||||||
|
tdb_delete(tdb, key);
|
||||||
|
|
||||||
|
SAFE_FREE(key.dptr);
|
||||||
|
|
||||||
|
if (got_tdb)
|
||||||
|
tdb_close(tdb);
|
||||||
|
}
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
Store a NET_USER_INFO_3 structure in a tdb for later user
|
||||||
|
***********************************************************************/
|
||||||
|
|
||||||
|
BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
|
||||||
|
{
|
||||||
|
TDB_DATA data;
|
||||||
|
fstring keystr;
|
||||||
|
prs_struct ps;
|
||||||
|
BOOL result = False;
|
||||||
|
DOM_SID user_sid;
|
||||||
|
time_t t = time(NULL);
|
||||||
|
|
||||||
|
|
||||||
|
if (!netsamlogon_cache_init()) {
|
||||||
|
DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB));
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
sid_copy( &user_sid, &user->dom_sid.sid );
|
||||||
|
sid_append_rid( &user_sid, user->user_rid );
|
||||||
|
|
||||||
|
/* Prepare key as DOMAIN-SID/USER-RID string */
|
||||||
|
slprintf(keystr, sizeof(keystr), "%s", sid_string_static(&user_sid));
|
||||||
|
|
||||||
|
DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
|
||||||
|
|
||||||
|
/* Prepare data */
|
||||||
|
|
||||||
|
prs_init( &ps,MAX_PDU_FRAG_LEN , mem_ctx, MARSHALL);
|
||||||
|
|
||||||
|
if ( !prs_uint32( "timestamp", &ps, 0, (uint32*)&t ) )
|
||||||
|
return False;
|
||||||
|
|
||||||
|
if ( net_io_user_info3("", user, &ps, 0, 3) )
|
||||||
|
{
|
||||||
|
data.dsize = prs_offset( &ps );
|
||||||
|
data.dptr = prs_data_p( &ps );
|
||||||
|
|
||||||
|
if (tdb_store_bystring(netsamlogon_tdb, keystr, data, TDB_REPLACE) != -1)
|
||||||
|
result = True;
|
||||||
|
|
||||||
|
prs_mem_free( &ps );
|
||||||
|
}
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
Retrieves a NET_USER_INFO_3 structure from a tdb. Caller must
|
||||||
|
free the user_info struct (malloc()'d memory)
|
||||||
|
***********************************************************************/
|
||||||
|
|
||||||
|
NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
|
||||||
|
{
|
||||||
|
NET_USER_INFO_3 *user = NULL;
|
||||||
|
TDB_DATA data, key;
|
||||||
|
prs_struct ps;
|
||||||
|
fstring keystr;
|
||||||
|
uint32 t;
|
||||||
|
|
||||||
|
if (!netsamlogon_cache_init()) {
|
||||||
|
DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB));
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Prepare key as DOMAIN-SID/USER-RID string */
|
||||||
|
slprintf(keystr, sizeof(keystr), "%s", sid_string_static(user_sid));
|
||||||
|
DEBUG(10,("netsamlogon_cache_get: SID [%s]\n", keystr));
|
||||||
|
key.dptr = keystr;
|
||||||
|
key.dsize = strlen(keystr)+1;
|
||||||
|
data = tdb_fetch( netsamlogon_tdb, key );
|
||||||
|
|
||||||
|
if ( data.dptr ) {
|
||||||
|
|
||||||
|
if ( (user = (NET_USER_INFO_3*)malloc(sizeof(NET_USER_INFO_3))) == NULL )
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
prs_init( &ps, 0, mem_ctx, UNMARSHALL );
|
||||||
|
prs_give_memory( &ps, data.dptr, data.dsize, True );
|
||||||
|
|
||||||
|
if ( !prs_uint32( "timestamp", &ps, 0, &t ) ) {
|
||||||
|
prs_mem_free( &ps );
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( !net_io_user_info3("", user, &ps, 0, 3) ) {
|
||||||
|
SAFE_FREE( user );
|
||||||
|
}
|
||||||
|
|
||||||
|
prs_mem_free( &ps );
|
||||||
|
|
||||||
|
#if 0 /* The netsamlogon cache needs to hang around. Something about
|
||||||
|
this feels wrong, but it is the only way we can get all of the
|
||||||
|
groups. The old universal groups cache didn't expire either.
|
||||||
|
--jerry */
|
||||||
|
{
|
||||||
|
time_t now = time(NULL);
|
||||||
|
uint32 time_diff;
|
||||||
|
|
||||||
|
/* is the entry expired? */
|
||||||
|
time_diff = now - t;
|
||||||
|
|
||||||
|
if ( (time_diff < 0 ) || (time_diff > lp_winbind_cache_time()) ) {
|
||||||
|
DEBUG(10,("netsamlogon_cache_get: cache entry expired \n"));
|
||||||
|
tdb_delete( netsamlogon_tdb, key );
|
||||||
|
SAFE_FREE( user );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
return user;
|
||||||
|
}
|
||||||
|
|
||||||
|
BOOL netsamlogon_cache_have(DOM_SID *user_sid)
|
||||||
|
{
|
||||||
|
TALLOC_CTX *mem_ctx = talloc_init("netsamlogon_cache_have");
|
||||||
|
NET_USER_INFO_3 *user = NULL;
|
||||||
|
BOOL result;
|
||||||
|
|
||||||
|
if (!mem_ctx)
|
||||||
|
return False;
|
||||||
|
|
||||||
|
user = netsamlogon_cache_get(mem_ctx, user_sid);
|
||||||
|
|
||||||
|
result = (user != NULL);
|
||||||
|
|
||||||
|
talloc_destroy(mem_ctx);
|
||||||
|
SAFE_FREE(user);
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
7
source3/mainpage.dox
Normal file
7
source3/mainpage.dox
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
/**
|
||||||
|
|
||||||
|
@mainpage
|
||||||
|
|
||||||
|
@li \ref CodingSuggestions
|
||||||
|
|
||||||
|
**/
|
131
source3/modules/weird.c
Normal file
131
source3/modules/weird.c
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
Samba module with developer tools
|
||||||
|
Copyright (C) Andrew Tridgell 2001
|
||||||
|
Copyright (C) Jelmer Vernooij 2002
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
static struct {
|
||||||
|
char from;
|
||||||
|
char *to;
|
||||||
|
int len;
|
||||||
|
} weird_table[] = {
|
||||||
|
{'q', "^q^", 3},
|
||||||
|
{'Q', "^Q^", 3},
|
||||||
|
{0, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
static size_t weird_pull(void *cd, char **inbuf, size_t *inbytesleft,
|
||||||
|
char **outbuf, size_t *outbytesleft)
|
||||||
|
{
|
||||||
|
while (*inbytesleft >= 1 && *outbytesleft >= 2) {
|
||||||
|
int i;
|
||||||
|
int done = 0;
|
||||||
|
for (i=0;weird_table[i].from;i++) {
|
||||||
|
if (strncmp((*inbuf),
|
||||||
|
weird_table[i].to,
|
||||||
|
weird_table[i].len) == 0) {
|
||||||
|
if (*inbytesleft < weird_table[i].len) {
|
||||||
|
DEBUG(0,("ERROR: truncated weird string\n"));
|
||||||
|
/* smb_panic("weird_pull"); */
|
||||||
|
|
||||||
|
} else {
|
||||||
|
(*outbuf)[0] = weird_table[i].from;
|
||||||
|
(*outbuf)[1] = 0;
|
||||||
|
(*inbytesleft) -= weird_table[i].len;
|
||||||
|
(*outbytesleft) -= 2;
|
||||||
|
(*inbuf) += weird_table[i].len;
|
||||||
|
(*outbuf) += 2;
|
||||||
|
done = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (done) continue;
|
||||||
|
(*outbuf)[0] = (*inbuf)[0];
|
||||||
|
(*outbuf)[1] = 0;
|
||||||
|
(*inbytesleft) -= 1;
|
||||||
|
(*outbytesleft) -= 2;
|
||||||
|
(*inbuf) += 1;
|
||||||
|
(*outbuf) += 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (*inbytesleft > 0) {
|
||||||
|
errno = E2BIG;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft,
|
||||||
|
char **outbuf, size_t *outbytesleft)
|
||||||
|
{
|
||||||
|
int ir_count=0;
|
||||||
|
|
||||||
|
while (*inbytesleft >= 2 && *outbytesleft >= 1) {
|
||||||
|
int i;
|
||||||
|
int done=0;
|
||||||
|
for (i=0;weird_table[i].from;i++) {
|
||||||
|
if ((*inbuf)[0] == weird_table[i].from &&
|
||||||
|
(*inbuf)[1] == 0) {
|
||||||
|
if (*outbytesleft < weird_table[i].len) {
|
||||||
|
DEBUG(0,("No room for weird character\n"));
|
||||||
|
/* smb_panic("weird_push"); */
|
||||||
|
} else {
|
||||||
|
memcpy(*outbuf, weird_table[i].to,
|
||||||
|
weird_table[i].len);
|
||||||
|
(*inbytesleft) -= 2;
|
||||||
|
(*outbytesleft) -= weird_table[i].len;
|
||||||
|
(*inbuf) += 2;
|
||||||
|
(*outbuf) += weird_table[i].len;
|
||||||
|
done = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (done) continue;
|
||||||
|
|
||||||
|
(*outbuf)[0] = (*inbuf)[0];
|
||||||
|
if ((*inbuf)[1]) ir_count++;
|
||||||
|
(*inbytesleft) -= 2;
|
||||||
|
(*outbytesleft) -= 1;
|
||||||
|
(*inbuf) += 2;
|
||||||
|
(*outbuf) += 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (*inbytesleft == 1) {
|
||||||
|
errno = EINVAL;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (*inbytesleft > 1) {
|
||||||
|
errno = E2BIG;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ir_count;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push};
|
||||||
|
|
||||||
|
NTSTATUS charset_weird_init(void)
|
||||||
|
{
|
||||||
|
return smb_register_charset(&weird_functions);
|
||||||
|
}
|
1209
source3/nsswitch/winbindd_acct.c
Normal file
1209
source3/nsswitch/winbindd_acct.c
Normal file
File diff suppressed because it is too large
Load Diff
1
source3/pam_smbpass/.cvsignore
Normal file
1
source3/pam_smbpass/.cvsignore
Normal file
@ -0,0 +1 @@
|
|||||||
|
*.po
|
78
source3/passdb/pdb_plugin.c
Normal file
78
source3/passdb/pdb_plugin.c
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
Loadable passdb module interface.
|
||||||
|
Copyright (C) Jelmer Vernooij 2002
|
||||||
|
Copyright (C) Andrew Bartlett 2002
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
#undef DBGC_CLASS
|
||||||
|
#define DBGC_CLASS DBGC_PASSDB
|
||||||
|
|
||||||
|
NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
|
||||||
|
{
|
||||||
|
void * dl_handle;
|
||||||
|
char *plugin_location, *plugin_name, *p;
|
||||||
|
pdb_init_function plugin_init;
|
||||||
|
int (*plugin_version)(void);
|
||||||
|
|
||||||
|
if (location == NULL) {
|
||||||
|
DEBUG(0, ("The plugin module needs an argument!\n"));
|
||||||
|
return NT_STATUS_UNSUCCESSFUL;
|
||||||
|
}
|
||||||
|
|
||||||
|
plugin_name = smb_xstrdup(location);
|
||||||
|
p = strchr(plugin_name, ':');
|
||||||
|
if (p) {
|
||||||
|
*p = 0;
|
||||||
|
plugin_location = p+1;
|
||||||
|
trim_string(plugin_location, " ", " ");
|
||||||
|
} else plugin_location = NULL;
|
||||||
|
trim_string(plugin_name, " ", " ");
|
||||||
|
|
||||||
|
DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name));
|
||||||
|
dl_handle = sys_dlopen(plugin_name, RTLD_NOW );
|
||||||
|
if (!dl_handle) {
|
||||||
|
DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
|
||||||
|
return NT_STATUS_UNSUCCESSFUL;
|
||||||
|
}
|
||||||
|
|
||||||
|
plugin_version = sys_dlsym(dl_handle, "pdb_version");
|
||||||
|
if (!plugin_version) {
|
||||||
|
sys_dlclose(dl_handle);
|
||||||
|
DEBUG(0, ("Failed to find function 'pdb_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
|
||||||
|
return NT_STATUS_UNSUCCESSFUL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (plugin_version() != PASSDB_INTERFACE_VERSION) {
|
||||||
|
sys_dlclose(dl_handle);
|
||||||
|
DEBUG(0, ("Wrong PASSDB_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n",
|
||||||
|
plugin_version(),PASSDB_INTERFACE_VERSION));
|
||||||
|
return NT_STATUS_UNSUCCESSFUL;
|
||||||
|
}
|
||||||
|
|
||||||
|
plugin_init = sys_dlsym(dl_handle, "pdb_init");
|
||||||
|
if (!plugin_init) {
|
||||||
|
sys_dlclose(dl_handle);
|
||||||
|
DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
|
||||||
|
return NT_STATUS_UNSUCCESSFUL;
|
||||||
|
}
|
||||||
|
|
||||||
|
DEBUG(5, ("Starting sam plugin %s with location %s\n", plugin_name, plugin_location));
|
||||||
|
return plugin_init(pdb_context, pdb_method, plugin_location);
|
||||||
|
}
|
262
source3/script/mkbuildoptions.awk
Normal file
262
source3/script/mkbuildoptions.awk
Normal file
@ -0,0 +1,262 @@
|
|||||||
|
BEGIN {
|
||||||
|
print "/* ";
|
||||||
|
print " Unix SMB/CIFS implementation.";
|
||||||
|
print " Build Options for Samba Suite";
|
||||||
|
print " Copyright (C) Vance Lankhaar <vlankhaar@linux.ca> 2003";
|
||||||
|
print " Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001";
|
||||||
|
print " ";
|
||||||
|
print " This program is free software; you can redistribute it and/or modify";
|
||||||
|
print " it under the terms of the GNU General Public License as published by";
|
||||||
|
print " the Free Software Foundation; either version 2 of the License, or";
|
||||||
|
print " (at your option) any later version.";
|
||||||
|
print " ";
|
||||||
|
print " This program is distributed in the hope that it will be useful,";
|
||||||
|
print " but WITHOUT ANY WARRANTY; without even the implied warranty of";
|
||||||
|
print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the";
|
||||||
|
print " GNU General Public License for more details.";
|
||||||
|
print " ";
|
||||||
|
print " You should have received a copy of the GNU General Public License";
|
||||||
|
print " along with this program; if not, write to the Free Software";
|
||||||
|
print " Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.";
|
||||||
|
print "*/";
|
||||||
|
print "";
|
||||||
|
print "#include \"includes.h\"";
|
||||||
|
print "#include \"build_env.h\"";
|
||||||
|
print "#include \"dynconfig.h\"";
|
||||||
|
print "";
|
||||||
|
print "static void output(BOOL screen, const char *format, ...) PRINTF_ATTRIBUTE(2,3);";
|
||||||
|
print "";
|
||||||
|
print "";
|
||||||
|
print "/****************************************************************************";
|
||||||
|
print "helper function for build_options";
|
||||||
|
print "****************************************************************************/";
|
||||||
|
print "static void output(BOOL screen, const char *format, ...)";
|
||||||
|
print "{";
|
||||||
|
print " char *ptr;";
|
||||||
|
print " va_list ap;";
|
||||||
|
print " ";
|
||||||
|
print " va_start(ap, format);";
|
||||||
|
print " vasprintf(&ptr,format,ap);";
|
||||||
|
print " va_end(ap);";
|
||||||
|
print "";
|
||||||
|
print " if (screen) {";
|
||||||
|
print " d_printf(\"%s\", ptr);";
|
||||||
|
print " } else {";
|
||||||
|
print " DEBUG(4,(\"%s\", ptr));";
|
||||||
|
print " }";
|
||||||
|
print " ";
|
||||||
|
print " SAFE_FREE(ptr);";
|
||||||
|
print "}";
|
||||||
|
print "";
|
||||||
|
print "/****************************************************************************";
|
||||||
|
print "options set at build time for the samba suite";
|
||||||
|
print "****************************************************************************/";
|
||||||
|
print "void build_options(BOOL screen)";
|
||||||
|
print "{";
|
||||||
|
print " if ((DEBUGLEVEL < 4) && (!screen)) {";
|
||||||
|
print " return;";
|
||||||
|
print " }";
|
||||||
|
print "";
|
||||||
|
print "#ifdef _BUILD_ENV_H";
|
||||||
|
print " /* Output information about the build environment */";
|
||||||
|
print " output(screen,\"Build environment:\\n\");";
|
||||||
|
print " output(screen,\" Built by: %s@%s\\n\",BUILD_ENV_USER,BUILD_ENV_HOST);";
|
||||||
|
print " output(screen,\" Built on: %s\\n\",BUILD_ENV_DATE);";
|
||||||
|
print "";
|
||||||
|
print " output(screen,\" Built using: %s\\n\",BUILD_ENV_COMPILER);";
|
||||||
|
print " output(screen,\" Build host: %s\\n\",BUILD_ENV_UNAME);";
|
||||||
|
print " output(screen,\" SRCDIR: %s\\n\",BUILD_ENV_SRCDIR);";
|
||||||
|
print " output(screen,\" BUILDDIR: %s\\n\",BUILD_ENV_BUILDDIR);";
|
||||||
|
print "";
|
||||||
|
print " ";
|
||||||
|
print "#endif";
|
||||||
|
print "";
|
||||||
|
|
||||||
|
print " /* Output various paths to files and directories */";
|
||||||
|
print " output(screen,\"\\nPaths:\\n\");";
|
||||||
|
|
||||||
|
print " output(screen,\" SBINDIR: %s\\n\", dyn_SBINDIR);";
|
||||||
|
print " output(screen,\" BINDIR: %s\\n\", dyn_BINDIR);";
|
||||||
|
print " output(screen,\" SWATDIR: %s\\n\", dyn_SWATDIR);";
|
||||||
|
|
||||||
|
print " output(screen,\" CONFIGFILE: %s\\n\", dyn_CONFIGFILE);";
|
||||||
|
print " output(screen,\" LOGFILEBASE: %s\\n\", dyn_LOGFILEBASE);";
|
||||||
|
print " output(screen,\" LMHOSTSFILE: %s\\n\",dyn_LMHOSTSFILE);";
|
||||||
|
|
||||||
|
print " output(screen,\" LIBDIR: %s\\n\",dyn_LIBDIR);";
|
||||||
|
print " output(screen,\" SHLIBEXT: %s\\n\",dyn_SHLIBEXT);";
|
||||||
|
|
||||||
|
print " output(screen,\" LOCKDIR: %s\\n\",dyn_LOCKDIR);";
|
||||||
|
print " output(screen,\" PIDDIR: %s\\n\", dyn_PIDDIR);";
|
||||||
|
|
||||||
|
print " output(screen,\" SMB_PASSWD_FILE: %s\\n\",dyn_SMB_PASSWD_FILE);";
|
||||||
|
print " output(screen,\" PRIVATE_DIR: %s\\n\",dyn_PRIVATE_DIR);";
|
||||||
|
print "";
|
||||||
|
|
||||||
|
|
||||||
|
##################################################
|
||||||
|
# predefine first element of *_ary
|
||||||
|
# predefine *_i (num of elements in *_ary)
|
||||||
|
with_ary[0]="";
|
||||||
|
with_i=0;
|
||||||
|
have_ary[0]="";
|
||||||
|
have_i=0;
|
||||||
|
utmp_ary[0]="";
|
||||||
|
utmp_i=0;
|
||||||
|
misc_ary[0]="";
|
||||||
|
misc_i=0;
|
||||||
|
sys_ary[0]="";
|
||||||
|
sys_i=0;
|
||||||
|
headers_ary[0]="";
|
||||||
|
headers_i=0;
|
||||||
|
in_comment = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
# capture single line comments
|
||||||
|
/^\/\* (.*?)\*\// {
|
||||||
|
last_comment = $0;
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
# end capture multi-line comments
|
||||||
|
/(.*?)\*\// {
|
||||||
|
last_comment = last_comment $0;
|
||||||
|
in_comment = 0;
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
# capture middle lines of multi-line comments
|
||||||
|
in_comment {
|
||||||
|
last_comment = last_comment $0;
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
# begin capture multi-line comments
|
||||||
|
/^\/\* (.*?)/ {
|
||||||
|
last_comment = $0;
|
||||||
|
in_comment = 1;
|
||||||
|
next
|
||||||
|
}
|
||||||
|
|
||||||
|
##################################################
|
||||||
|
# if we have an #undef and a last_comment, store it
|
||||||
|
/^\#undef/ {
|
||||||
|
split($0,a);
|
||||||
|
comments_ary[a[2]] = last_comment;
|
||||||
|
last_comment = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
##################################################
|
||||||
|
# for each line, sort into appropriate section
|
||||||
|
# then move on
|
||||||
|
|
||||||
|
/^\#undef WITH/ {
|
||||||
|
with_ary[with_i++] = a[2];
|
||||||
|
# we want (I think) to allow --with to show up in more than one place, so no next
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/^\#undef HAVE_UT_UT_/ || /^\#undef .*UTMP/ {
|
||||||
|
utmp_ary[utmp_i++] = a[2];
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
/^\#undef HAVE_SYS_.*?_H$/ {
|
||||||
|
sys_ary[sys_i++] = a[2];
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
/^\#undef HAVE_.*?_H$/ {
|
||||||
|
headers_ary[headers_i++] = a[2];
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
/^\#undef HAVE_/ {
|
||||||
|
have_ary[have_i++] = a[2];
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
/^\#undef/ {
|
||||||
|
misc_ary[misc_i++] = a[2];
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
##################################################
|
||||||
|
# simple sort function
|
||||||
|
function sort(ARRAY, ELEMENTS) {
|
||||||
|
for (i = 1; i <= ELEMENTS; ++i) {
|
||||||
|
for (j = i; (j-1) in ARRAY && (j) in ARRAY && ARRAY[j-1] > ARRAY[j]; --j) {
|
||||||
|
temp = ARRAY[j];
|
||||||
|
ARRAY[j] = ARRAY[j-1];
|
||||||
|
ARRAY[j-1] = temp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
##################################################
|
||||||
|
# output code from list of defined
|
||||||
|
# expects: ARRAY an array of things defined
|
||||||
|
# ELEMENTS number of elements in ARRAY
|
||||||
|
# TITLE title for section
|
||||||
|
# returns: nothing
|
||||||
|
function output(ARRAY, ELEMENTS, TITLE) {
|
||||||
|
|
||||||
|
# add section header
|
||||||
|
print "\n\t/* Show " TITLE " */";
|
||||||
|
print "\toutput(screen, \"\\n " TITLE ":\\n\");\n";
|
||||||
|
|
||||||
|
|
||||||
|
# sort element using bubble sort (slow, but easy)
|
||||||
|
sort(ARRAY, ELEMENTS);
|
||||||
|
|
||||||
|
# loop through array of defines, outputting code
|
||||||
|
for (i = 0; i < ELEMENTS; i++) {
|
||||||
|
print "#ifdef " ARRAY[i];
|
||||||
|
|
||||||
|
# I don't know which one to use....
|
||||||
|
|
||||||
|
print "\toutput(screen, \" " ARRAY[i] "\\n\");";
|
||||||
|
#printf "\toutput(screen, \" %s\\n %s\\n\\n\");\n", comments_ary[ARRAY[i]], ARRAY[i];
|
||||||
|
#printf "\toutput(screen, \" %-35s %s\\n\");\n", ARRAY[i], comments_ary[ARRAY[i]];
|
||||||
|
|
||||||
|
print "#endif";
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
END {
|
||||||
|
##################################################
|
||||||
|
# add code to show various options
|
||||||
|
print "/* Output various other options (as gleaned from include/config.h.in) */";
|
||||||
|
output(sys_ary, sys_i, "System Headers");
|
||||||
|
output(headers_ary, headers_i, "Headers");
|
||||||
|
output(utmp_ary, utmp_i, "UTMP Options");
|
||||||
|
output(have_ary, have_i, "HAVE_* Defines");
|
||||||
|
output(with_ary, with_i, "--with Options");
|
||||||
|
output(misc_ary, misc_i, "Build Options");
|
||||||
|
|
||||||
|
##################################################
|
||||||
|
# add code to display the various type sizes
|
||||||
|
print " /* Output the sizes of the various types */";
|
||||||
|
print " output(screen, \"\\nType sizes:\\n\");";
|
||||||
|
print " output(screen, \" sizeof(char): %u\\n\",sizeof(char));";
|
||||||
|
print " output(screen, \" sizeof(int): %u\\n\",sizeof(int));";
|
||||||
|
print " output(screen, \" sizeof(long): %u\\n\",sizeof(long));";
|
||||||
|
print " output(screen, \" sizeof(uint8): %u\\n\",sizeof(uint8));";
|
||||||
|
print " output(screen, \" sizeof(uint16): %u\\n\",sizeof(uint16));";
|
||||||
|
print " output(screen, \" sizeof(uint32): %u\\n\",sizeof(uint32));";
|
||||||
|
print " output(screen, \" sizeof(short): %u\\n\",sizeof(short));";
|
||||||
|
print " output(screen, \" sizeof(void*): %u\\n\",sizeof(void*));";
|
||||||
|
|
||||||
|
##################################################
|
||||||
|
# add code to give information about modules
|
||||||
|
print " output(screen, \"\\nBuiltin modules:\\n\");";
|
||||||
|
print " output(screen, \" %s\\n\", STRING_STATIC_MODULES);";
|
||||||
|
|
||||||
|
print "}";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
166
source3/smbd/fake_file.c
Normal file
166
source3/smbd/fake_file.c
Normal file
@ -0,0 +1,166 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
FAKE FILE suppport, for faking up special files windows want access to
|
||||||
|
Copyright (C) Stefan (metze) Metzmacher 2003
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
Open a file with a share mode.
|
||||||
|
****************************************************************************/
|
||||||
|
files_struct *open_fake_file_shared1(enum FAKE_FILE_TYPE fake_file_type, connection_struct *conn,char *fname,
|
||||||
|
SMB_STRUCT_STAT *psbuf,
|
||||||
|
uint32 desired_access,
|
||||||
|
int share_mode,int ofun, mode_t mode,int oplock_request,
|
||||||
|
int *Access,int *action)
|
||||||
|
{
|
||||||
|
extern struct current_user current_user;
|
||||||
|
int flags=0;
|
||||||
|
files_struct *fsp = NULL;
|
||||||
|
|
||||||
|
if (fake_file_type == 0) {
|
||||||
|
return open_file_shared1(conn,fname,psbuf,desired_access,
|
||||||
|
share_mode,ofun,mode,
|
||||||
|
oplock_request,Access,action);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* access check */
|
||||||
|
if (conn->admin_user != True) {
|
||||||
|
DEBUG(1,("access_denied to service[%s] file[%s] user[%s]\n",
|
||||||
|
lp_servicename(SNUM(conn)),fname,conn->user));
|
||||||
|
errno = EACCES;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
fsp = file_new(conn);
|
||||||
|
if(!fsp)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
DEBUG(5,("open_fake_file_shared1: fname = %s, FID = %d, share_mode = %x, ofun = %x, mode = %o, oplock request = %d\n",
|
||||||
|
fname, fsp->fnum, share_mode, ofun, (int)mode, oplock_request ));
|
||||||
|
|
||||||
|
if (!check_name(fname,conn)) {
|
||||||
|
file_free(fsp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
fsp->fd = -1;
|
||||||
|
fsp->mode = psbuf->st_mode;
|
||||||
|
fsp->inode = psbuf->st_ino;
|
||||||
|
fsp->dev = psbuf->st_dev;
|
||||||
|
fsp->vuid = current_user.vuid;
|
||||||
|
fsp->size = psbuf->st_size;
|
||||||
|
fsp->pos = -1;
|
||||||
|
fsp->can_lock = True;
|
||||||
|
fsp->can_read = ((flags & O_WRONLY)==0);
|
||||||
|
fsp->can_write = ((flags & (O_WRONLY|O_RDWR))!=0);
|
||||||
|
fsp->share_mode = 0;
|
||||||
|
fsp->desired_access = desired_access;
|
||||||
|
fsp->print_file = False;
|
||||||
|
fsp->modified = False;
|
||||||
|
fsp->oplock_type = NO_OPLOCK;
|
||||||
|
fsp->sent_oplock_break = NO_BREAK_SENT;
|
||||||
|
fsp->is_directory = False;
|
||||||
|
fsp->is_stat = False;
|
||||||
|
fsp->directory_delete_on_close = False;
|
||||||
|
fsp->conn = conn;
|
||||||
|
string_set(&fsp->fsp_name,fname);
|
||||||
|
fsp->wcp = NULL; /* Write cache pointer. */
|
||||||
|
|
||||||
|
fsp->fake_file_handle = init_fake_file_handle(fake_file_type);
|
||||||
|
|
||||||
|
if (fsp->fake_file_handle==NULL) {
|
||||||
|
file_free(fsp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
conn->num_files_open++;
|
||||||
|
return fsp;
|
||||||
|
}
|
||||||
|
|
||||||
|
static FAKE_FILE fake_files[] = {
|
||||||
|
#ifdef WITH_QUOTAS
|
||||||
|
{FAKE_FILE_NAME_QUOTA, FAKE_FILE_TYPE_QUOTA, init_quota_handle, destroy_quota_handle},
|
||||||
|
#endif /* WITH_QUOTAS */
|
||||||
|
{NULL, FAKE_FILE_TYPE_NONE, NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
int is_fake_file(char *fname)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
if (!fname)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
for (i=0;fake_files[i].name!=NULL;i++) {
|
||||||
|
if (strncmp(fname,fake_files[i].name,strlen(fake_files[i].name))==0) {
|
||||||
|
DEBUG(5,("is_fake_file: [%s] is a fake file\n",fname));
|
||||||
|
return fake_files[i].type;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return FAKE_FILE_TYPE_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct _FAKE_FILE_HANDLE *init_fake_file_handle(enum FAKE_FILE_TYPE type)
|
||||||
|
{
|
||||||
|
TALLOC_CTX *mem_ctx = NULL;
|
||||||
|
FAKE_FILE_HANDLE *fh = NULL;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for (i=0;fake_files[i].name!=NULL;i++) {
|
||||||
|
if (fake_files[i].type==type) {
|
||||||
|
DEBUG(5,("init_fake_file_handle: for [%s]\n",fake_files[i].name));
|
||||||
|
|
||||||
|
if ((mem_ctx=talloc_init("fake_file_handle"))==NULL) {
|
||||||
|
DEBUG(0,("talloc_init(fake_file_handle) failed.\n"));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((fh =(FAKE_FILE_HANDLE *)talloc_zero(mem_ctx, sizeof(FAKE_FILE_HANDLE)))==NULL) {
|
||||||
|
DEBUG(0,("talloc_zero() failed.\n"));
|
||||||
|
talloc_destroy(mem_ctx);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
fh->type = type;
|
||||||
|
fh->mem_ctx = mem_ctx;
|
||||||
|
|
||||||
|
if (fake_files[i].init_pd)
|
||||||
|
fh->pd = fake_files[i].init_pd(fh->mem_ctx);
|
||||||
|
|
||||||
|
fh->free_pd = fake_files[i].free_pd;
|
||||||
|
|
||||||
|
return fh;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
void destroy_fake_file_handle(FAKE_FILE_HANDLE **fh)
|
||||||
|
{
|
||||||
|
if (!fh||!(*fh))
|
||||||
|
return ;
|
||||||
|
|
||||||
|
if ((*fh)->free_pd)
|
||||||
|
(*fh)->free_pd(&(*fh)->pd);
|
||||||
|
|
||||||
|
talloc_destroy((*fh)->mem_ctx);
|
||||||
|
(*fh) = NULL;
|
||||||
|
}
|
259
source3/smbd/ntquotas.c
Normal file
259
source3/smbd/ntquotas.c
Normal file
@ -0,0 +1,259 @@
|
|||||||
|
/*
|
||||||
|
Unix SMB/CIFS implementation.
|
||||||
|
NT QUOTA suppport
|
||||||
|
Copyright (C) Stefan (metze) Metzmacher 2003
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
static SMB_BIG_UINT limit_nt2unix(SMB_BIG_UINT in, SMB_BIG_UINT bsize)
|
||||||
|
{
|
||||||
|
SMB_BIG_UINT ret = (SMB_BIG_UINT)0;
|
||||||
|
|
||||||
|
ret = (SMB_BIG_UINT)(in/bsize);
|
||||||
|
if (in>0 && ret==0) {
|
||||||
|
/* we have to make sure that a overflow didn't set NO_LIMIT */
|
||||||
|
ret = (SMB_BIG_UINT)1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (in == SMB_NTQUOTAS_NO_LIMIT)
|
||||||
|
ret = SMB_QUOTAS_NO_LIMIT;
|
||||||
|
else if (in == SMB_NTQUOTAS_NO_SPACE)
|
||||||
|
ret = SMB_QUOTAS_NO_SPACE;
|
||||||
|
else if (in == SMB_NTQUOTAS_NO_ENTRY)
|
||||||
|
ret = SMB_QUOTAS_NO_LIMIT;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_BIG_UINT limit_unix2nt(SMB_BIG_UINT in, SMB_BIG_UINT bsize)
|
||||||
|
{
|
||||||
|
SMB_BIG_UINT ret = (SMB_BIG_UINT)0;
|
||||||
|
|
||||||
|
ret = (SMB_BIG_UINT)(in*bsize);
|
||||||
|
|
||||||
|
if (ret < in) {
|
||||||
|
/* we overflow */
|
||||||
|
ret = SMB_NTQUOTAS_NO_LIMIT;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (in == SMB_QUOTAS_NO_LIMIT)
|
||||||
|
ret = SMB_NTQUOTAS_NO_LIMIT;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
static SMB_BIG_UINT limit_blk2inodes(SMB_BIG_UINT in)
|
||||||
|
{
|
||||||
|
SMB_BIG_UINT ret = (SMB_BIG_UINT)0;
|
||||||
|
|
||||||
|
ret = (SMB_BIG_UINT)(in/2);
|
||||||
|
|
||||||
|
if (ret == 0 && in != 0)
|
||||||
|
ret = (SMB_BIG_UINT)1;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int vfs_get_ntquota(files_struct *fsp, enum SMB_QUOTA_TYPE qtype, DOM_SID *psid, SMB_NTQUOTA_STRUCT *qt)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
SMB_DISK_QUOTA D;
|
||||||
|
unid_t id;
|
||||||
|
|
||||||
|
ZERO_STRUCT(D);
|
||||||
|
|
||||||
|
if (!fsp||!fsp->conn||!qt)
|
||||||
|
return (-1);
|
||||||
|
|
||||||
|
ZERO_STRUCT(*qt);
|
||||||
|
|
||||||
|
id.uid = -1;
|
||||||
|
|
||||||
|
if (psid && !NT_STATUS_IS_OK(sid_to_uid(psid, &id.uid))) {
|
||||||
|
DEBUG(0,("sid_to_uid: failed, SID[%s]\n",
|
||||||
|
sid_string_static(psid)));
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = SMB_VFS_GET_QUOTA(fsp->conn, qtype, id, &D);
|
||||||
|
|
||||||
|
if (psid)
|
||||||
|
qt->sid = *psid;
|
||||||
|
|
||||||
|
if (ret!=0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
qt->usedspace = (SMB_BIG_UINT)D.curblocks*D.bsize;
|
||||||
|
qt->softlim = limit_unix2nt(D.softlimit, D.bsize);
|
||||||
|
qt->hardlim = limit_unix2nt(D.hardlimit, D.bsize);
|
||||||
|
qt->qflags = D.qflags;
|
||||||
|
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int vfs_set_ntquota(files_struct *fsp, enum SMB_QUOTA_TYPE qtype, DOM_SID *psid, SMB_NTQUOTA_STRUCT *qt)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
SMB_DISK_QUOTA D;
|
||||||
|
unid_t id;
|
||||||
|
ZERO_STRUCT(D);
|
||||||
|
|
||||||
|
if (!fsp||!fsp->conn||!qt)
|
||||||
|
return (-1);
|
||||||
|
|
||||||
|
id.uid = -1;
|
||||||
|
|
||||||
|
D.bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
|
||||||
|
|
||||||
|
D.softlimit = limit_nt2unix(qt->softlim,D.bsize);
|
||||||
|
D.hardlimit = limit_nt2unix(qt->hardlim,D.bsize);
|
||||||
|
D.qflags = qt->qflags;
|
||||||
|
|
||||||
|
D.isoftlimit = limit_blk2inodes(D.softlimit);
|
||||||
|
D.ihardlimit = limit_blk2inodes(D.hardlimit);
|
||||||
|
|
||||||
|
if (psid && !NT_STATUS_IS_OK(sid_to_uid(psid, &id.uid))) {
|
||||||
|
DEBUG(0,("sid_to_uid: failed, SID[%s]\n",
|
||||||
|
sid_string_static(psid)));
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = SMB_VFS_SET_QUOTA(fsp->conn, qtype, id, &D);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
static BOOL allready_in_quota_list(SMB_NTQUOTA_LIST *qt_list, uid_t uid)
|
||||||
|
{
|
||||||
|
SMB_NTQUOTA_LIST *tmp_list = NULL;
|
||||||
|
|
||||||
|
if (!qt_list)
|
||||||
|
return False;
|
||||||
|
|
||||||
|
for (tmp_list=qt_list;tmp_list!=NULL;tmp_list=tmp_list->next) {
|
||||||
|
if (tmp_list->uid == uid) {
|
||||||
|
return True;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list)
|
||||||
|
{
|
||||||
|
struct passwd *usr;
|
||||||
|
TALLOC_CTX *mem_ctx = NULL;
|
||||||
|
|
||||||
|
if (!fsp||!fsp->conn||!qt_list)
|
||||||
|
return (-1);
|
||||||
|
|
||||||
|
*qt_list = NULL;
|
||||||
|
|
||||||
|
if ((mem_ctx=talloc_init("SMB_USER_QUOTA_LIST"))==NULL) {
|
||||||
|
DEBUG(0,("talloc_init() failed\n"));
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
sys_setpwent();
|
||||||
|
while ((usr = sys_getpwent()) != NULL) {
|
||||||
|
SMB_NTQUOTA_STRUCT tmp_qt;
|
||||||
|
SMB_NTQUOTA_LIST *tmp_list_ent;
|
||||||
|
DOM_SID sid;
|
||||||
|
|
||||||
|
ZERO_STRUCT(tmp_qt);
|
||||||
|
|
||||||
|
if (allready_in_quota_list((*qt_list),usr->pw_uid)) {
|
||||||
|
DEBUG(5,("record for uid[%ld] allready in the list\n",(long)usr->pw_uid));
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!NT_STATUS_IS_OK(uid_to_sid(&sid, usr->pw_uid))) {
|
||||||
|
DEBUG(0,("uid_to_sid failed for %ld\n",(long)usr->pw_uid));
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &tmp_qt)!=0) {
|
||||||
|
DEBUG(1,("no quota entry for sid[%s] path[%s]\n",
|
||||||
|
sid_string_static(&sid),fsp->conn->connectpath));
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
DEBUG(15,("quota entry for id[%s] path[%s]\n",
|
||||||
|
sid_string_static(&sid),fsp->conn->connectpath));
|
||||||
|
|
||||||
|
if ((tmp_list_ent=(SMB_NTQUOTA_LIST *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_LIST)))==NULL) {
|
||||||
|
DEBUG(0,("talloc_zero() failed\n"));
|
||||||
|
*qt_list = NULL;
|
||||||
|
talloc_destroy(mem_ctx);
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((tmp_list_ent->quotas=(SMB_NTQUOTA_STRUCT *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_STRUCT)))==NULL) {
|
||||||
|
DEBUG(0,("talloc_zero() failed\n"));
|
||||||
|
*qt_list = NULL;
|
||||||
|
talloc_destroy(mem_ctx);
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
tmp_list_ent->uid = usr->pw_uid;
|
||||||
|
memcpy(tmp_list_ent->quotas,&tmp_qt,sizeof(tmp_qt));
|
||||||
|
tmp_list_ent->mem_ctx = mem_ctx;
|
||||||
|
|
||||||
|
DLIST_ADD((*qt_list),tmp_list_ent);
|
||||||
|
|
||||||
|
}
|
||||||
|
sys_endpwent();
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void *init_quota_handle(TALLOC_CTX *mem_ctx)
|
||||||
|
{
|
||||||
|
SMB_NTQUOTA_HANDLE *qt_handle;
|
||||||
|
|
||||||
|
if (!mem_ctx)
|
||||||
|
return False;
|
||||||
|
|
||||||
|
qt_handle = (SMB_NTQUOTA_HANDLE *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_HANDLE));
|
||||||
|
if (qt_handle==NULL) {
|
||||||
|
DEBUG(0,("talloc_zero() failed\n"));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
return (void *)qt_handle;
|
||||||
|
}
|
||||||
|
|
||||||
|
void destroy_quota_handle(void **pqt_handle)
|
||||||
|
{
|
||||||
|
SMB_NTQUOTA_HANDLE *qt_handle = NULL;
|
||||||
|
if (!pqt_handle||!(*pqt_handle))
|
||||||
|
return;
|
||||||
|
|
||||||
|
qt_handle = (*pqt_handle);
|
||||||
|
|
||||||
|
|
||||||
|
if (qt_handle->quota_list)
|
||||||
|
free_ntquota_list(&qt_handle->quota_list);
|
||||||
|
|
||||||
|
qt_handle->quota_list = NULL;
|
||||||
|
qt_handle->tmp_list = NULL;
|
||||||
|
qt_handle = NULL;
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user