mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
Final Addition. Copy layout is next.
This commit is contained in:
parent
4c0b3bcf97
commit
6e81f1b339
@ -1976,7 +1976,7 @@ net groupmap add ntgroup="Insurance Group" unixgroup=piops type=d
|
||||
|
||||
<para>
|
||||
Oh, I did not think you would notice that. It is there so that it can be used. This is more fully discussed
|
||||
in <emphasis>TOSHARG</emphasis>, which has a full chapter dedicated to the subject. While we are on the
|
||||
in <emphasis>TOSHARG2</emphasis>, which has a full chapter dedicated to the subject. While we are on the
|
||||
subject, it should be noted that you should definitely not use SWAT on any system that makes use
|
||||
of &smb.conf; <parameter>include</parameter> files because SWAT optimizes them out into an aggregated
|
||||
file but leaves in place a broken reference to the top-layer include file. SWAT was not designed to
|
||||
|
@ -1855,7 +1855,7 @@ administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash
|
||||
In the case of an NT4 or Samba-3-style domain the <parameter>realm</parameter> is not used, and the
|
||||
command used to join the domain is <command>net rpc join</command>. The above example also demonstrates
|
||||
advanced error reporting techniques that are documented in the chapter called "Reporting Bugs" in
|
||||
<quote>The Official Samba-3 HOWTO and Reference Guide</quote> (TOSHARG).
|
||||
<quote>The Official Samba-3 HOWTO and Reference Guide, Second Edition</quote> (TOSHARG2).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
@ -1605,7 +1605,7 @@ REGEDIT4
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Comprehensive coverage of file and record-locking controls is provided in TOSHARG, Chapter 13.
|
||||
Comprehensive coverage of file and record-locking controls is provided in TOSHARG2, Chapter 13.
|
||||
The information in that chapter was obtained from a wide variety of sources.
|
||||
</para>
|
||||
|
||||
|
@ -118,9 +118,9 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Recommended preparatory reading: <emphasis>The Official Samba-3 HOWTO and Reference Guide</emphasis> (TOSHARG)
|
||||
Chapter 9, <quote>Network Browsing,</quote> and Chapter 3, <quote>Server Types and
|
||||
Security Modes.</quote>
|
||||
Recommended preparatory reading: <emphasis>The Official Samba-3 HOWTO and Reference Guide, Second
|
||||
Edition</emphasis> (TOSHARG2) Chapter 9, <quote>Network Browsing,</quote> and Chapter 3,
|
||||
<quote>Server Types and Security Modes.</quote>
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
@ -686,7 +686,7 @@
|
||||
|
||||
<para>
|
||||
<indexterm><primary>IPC$</primary></indexterm>
|
||||
The <constant>IPC$</constant> share serves a vital purpose<footnote><para>TOSHARG, Sect 4.5.1</para></footnote>
|
||||
The <constant>IPC$</constant> share serves a vital purpose<footnote><para>TOSHARG2, Sect 4.5.1</para></footnote>
|
||||
in SMB/CIFS-based networking. A Windows client connects to this resource to obtain the list of
|
||||
resources that are available on the server. The server responds with the shares and print queues that
|
||||
are available. In most but not all cases, the connection is made with a <constant>NULL</constant>
|
||||
@ -947,7 +947,7 @@
|
||||
database and thus must be stored elsewhere on the UNIX system in a manner that Samba can
|
||||
use. Samba-2.x permitted such encrypted passwords to be stored in the <constant>smbpasswd</constant>
|
||||
file or in an LDAP database. Samba-3 permits use of multiple <parameter>passdb backend</parameter>
|
||||
databases in concurrent deployment. Refer to <emphasis>TOSHARG</emphasis>, Chapter 10, <quote>Account Information Databases.</quote>
|
||||
databases in concurrent deployment. Refer to <emphasis>TOSHARG2</emphasis>, Chapter 10, <quote>Account Information Databases.</quote>
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
@ -1010,7 +1010,7 @@
|
||||
<indexterm><primary>DMB</primary></indexterm>
|
||||
This is a broadcast announcement by which the Windows machine is attempting to
|
||||
locate a Domain Master Browser (DMB) in the event that it might exist on the network.
|
||||
Refer to <emphasis>TOSHARG,</emphasis> Chapter 9, Section 9.7, <quote>Technical Overview of Browsing,</quote>
|
||||
Refer to <emphasis>TOSHARG2,</emphasis> Chapter 9, Section 9.7, <quote>Technical Overview of Browsing,</quote>
|
||||
for details regarding the function of the DMB and its role in network browsing.
|
||||
</para>
|
||||
|
||||
@ -1151,10 +1151,10 @@
|
||||
<para>
|
||||
<indexterm><primary>WINS</primary></indexterm>
|
||||
<indexterm><primary>NetBIOS</primary></indexterm>
|
||||
Yes, there are two ways to do this. The first involves use of WINS (See <emphasis>TOSHARG</emphasis>, Chapter 9,
|
||||
Yes, there are two ways to do this. The first involves use of WINS (See <emphasis>TOSHARG2</emphasis>, Chapter 9,
|
||||
Section 9.5, <quote>WINS &smbmdash; The Windows Inter-networking Name Server</quote>); the
|
||||
alternate method involves disabling the use of NetBIOS over TCP/IP. This second method requires
|
||||
a correctly configured DNS server (see <emphasis>TOSHARG</emphasis>, Chapter 9, Section 9.3, <quote>Discussion</quote>).
|
||||
a correctly configured DNS server (see <emphasis>TOSHARG2</emphasis>, Chapter 9, Section 9.3, <quote>Discussion</quote>).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
@ -531,7 +531,7 @@ cannot be set in the smb.conf file. nmbd will abort with this setting.
|
||||
<indexterm><primary>distributed</primary></indexterm>
|
||||
Microsoft DFS (distributed file system) technology has been implemented in Samba. MSDFS permits
|
||||
data to be accessed from a single share and yet to actually be distributed across multiple actual
|
||||
servers. Refer to <emphasis>TOSHARG</emphasis>, Chapter 19, for information regarding
|
||||
servers. Refer to <emphasis>TOSHARG2</emphasis>, Chapter 19, for information regarding
|
||||
implementation of an MSDFS installation.
|
||||
</para>
|
||||
|
||||
|
@ -3492,7 +3492,7 @@ structuralObjectClass: organizationalUnit
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You should research the options for logon script implementation by referring to <emphasis>TOSHARG</emphasis>, Chapter 24,
|
||||
You should research the options for logon script implementation by referring to <emphasis>TOSHARG2</emphasis>, Chapter 24,
|
||||
Section 24.4. A quick Web search will bring up a host of options. One of the most popular logon
|
||||
facilities in use today is called <ulink url="http://www.kixtart.org">KiXtart</ulink>.
|
||||
</para>
|
||||
@ -4248,7 +4248,7 @@ HKEY_LOCAL_MACHINE\Default\Software\Microsoft\Windows\
|
||||
<para>
|
||||
There are people in the Linux and open source community who feel that SWAT is dangerous
|
||||
and insecure. Many will not touch it with a barge-pole. By not introducing SWAT, I
|
||||
hope to have brought their interests on board. SWAT is well covered is <emphasis>TOSHARG</emphasis>.
|
||||
hope to have brought their interests on board. SWAT is well covered is <emphasis>TOSHARG2</emphasis>.
|
||||
</para>
|
||||
|
||||
</answer>
|
||||
|
@ -520,9 +520,9 @@ Given 500 Users and 2 years:
|
||||
<listitem><para>
|
||||
<indexterm><primary>User Mode</primary></indexterm>
|
||||
The &smb.conf; file specifies that the Samba server will operate in (default) <parameter>
|
||||
security = user</parameter> mode<footnote><para>See <emphasis>TOSHARG</emphasis>, Chapter 3.
|
||||
security = user</parameter> mode<footnote><para>See <emphasis>TOSHARG2</emphasis>, Chapter 3.
|
||||
This is necessary so that Samba can act as a Domain Controller (PDC); see
|
||||
<emphasis>TOSHARG</emphasis>, Chapter 4, for additional information.</para></footnote>
|
||||
<emphasis>TOSHARG2</emphasis>, Chapter 4, for additional information.</para></footnote>
|
||||
(User Mode).
|
||||
</para></listitem>
|
||||
|
||||
@ -1908,7 +1908,7 @@ $rootprompt; ps ax | grep winbind
|
||||
14295 ? S 0:00 /usr/sbin/winbindd -B
|
||||
</screen>
|
||||
The <command>winbindd</command> daemon is running in split mode (normal), so there are also
|
||||
two instances<footnote><para>For more information regarding winbindd, see <emphasis>TOSHARG</emphasis>,
|
||||
two instances<footnote><para>For more information regarding winbindd, see <emphasis>TOSHARG2</emphasis>,
|
||||
Chapter 23, Section 23.3. The single instance of <command>smbd</command> is normal. One additional
|
||||
<command>smbd</command> slave process is spawned for each SMB/CIFS client
|
||||
connection.</para></footnote> of it.
|
||||
@ -2452,7 +2452,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The guideline provided in <emphasis>TOSHARG</emphasis>, Chapter 10, Section 10.1.2,
|
||||
The guideline provided in <emphasis>TOSHARG2</emphasis>, Chapter 10, Section 10.1.2,
|
||||
is to limit the number of accounts in the tdbsam backend to 250. This is the point
|
||||
at which most networks tend to want backup domain controllers (BDCs). Samba-3 does
|
||||
not provide a mechanism for replicating tdbsam data so it can be used by a BDC. The
|
||||
@ -2630,7 +2630,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
|
||||
expression that may be up to 1024 characters in length and that represents an IP address.
|
||||
A NetBIOS name is always 16 characters long. The 16<superscript>th</superscript> character
|
||||
is a name type indicator. A specific name type is registered<footnote><para>
|
||||
See <emphasis>TOSHARG</emphasis>, Chapter 9, for more information.</para></footnote> for each
|
||||
See <emphasis>TOSHARG2</emphasis>, Chapter 9, for more information.</para></footnote> for each
|
||||
type of service that is provided by the Windows server or client and that may be registered
|
||||
where a WINS server is in use.
|
||||
</para>
|
||||
@ -2651,7 +2651,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
|
||||
|
||||
<para>
|
||||
Windows 200x Active Directory requires the registration in the DNS zone for the domain it
|
||||
controls of service locator<footnote><para>See TOSHARG, Chapter 9, Section 9.3.3.</para></footnote> records
|
||||
controls of service locator<footnote><para>See TOSHARG2, Chapter 9, Section 9.3.3.</para></footnote> records
|
||||
that Windows clients and servers will use to locate Kerberos and LDAP services. ADS also
|
||||
requires the registration of special records that are called global catalog (GC) entries
|
||||
and site entries by which domain controllers and other essential ADS servers may be located.
|
||||
|
@ -18,8 +18,8 @@
|
||||
This chapter lays the groundwork for understanding the basics of Samba operation.
|
||||
Instead of a bland technical discussion, each principle is demonstrated by way of a
|
||||
real-world scenario for which a working solution<footnote><para>The examples given mirror those documented
|
||||
in The Official Samba-3 HOWTO and Reference Guide (TOSHARG) Chapter 2, Section 2.3.1. You may gain additional
|
||||
insight from the standalone server configurations covered in TOSHARG, sections 2.3.1.2 through 2.3.1.4.
|
||||
in The Official Samba-3 HOWTO and Reference Guide, Second Edition (TOSHARG2) Chapter 2, Section 2.3.1. You may gain additional
|
||||
insight from the standalone server configurations covered in TOSHARG2, sections 2.3.1.2 through 2.3.1.4.
|
||||
</para></footnote> is fully described.
|
||||
</para>
|
||||
|
||||
@ -548,7 +548,7 @@ Password changed
|
||||
/data/officefiles/invitations
|
||||
/data/officefiles/misc
|
||||
</programlisting>
|
||||
<indexterm><primary>TOSHARG</primary></indexterm>
|
||||
<indexterm><primary>TOSHARG2</primary></indexterm>
|
||||
The <command>chown</command> operation sets the owner to the user <constant>abmas</constant>
|
||||
and the group to <constant>office</constant> on all directories just created. It recursively
|
||||
sets the permissions so that the owner and group have SUID/SGID with read, write, and execute
|
||||
@ -556,7 +556,7 @@ Password changed
|
||||
directories are created with the same owner and group as the directory in which they are
|
||||
created. Any new directories created still have the same owner, group, and permissions as the
|
||||
directory they are in. This should eliminate all permissions-based file access problems. For
|
||||
more information on this subject, refer to TOSHARG<footnote>The Official Samba-3 HOWTO and
|
||||
more information on this subject, refer to TOSHARG2<footnote>The Official Samba-3 HOWTO and
|
||||
Reference Guide, Chapter 15, File, Directory and Share Access Controls.</footnote> or refer
|
||||
to the UNIX man page for the <command>chmod</command> and the <command>chown</command> commands.
|
||||
</para></step>
|
||||
|
@ -224,7 +224,7 @@
|
||||
of this package may have been patched to resolve this bug. If your operating
|
||||
platform has this bug, it means that attempts to add a Windows Domain Group that
|
||||
has either a space or uppercase characters in it will fail. See
|
||||
<emphasis>TOSHARG</emphasis>, Chapter 11, Section 11.3.1, Example 11.1, for
|
||||
<emphasis>TOSHARG2</emphasis>, Chapter 11, Section 11.3.1, Example 11.1, for
|
||||
more information.
|
||||
</para>
|
||||
|
||||
@ -772,8 +772,9 @@ $rootprompt; ps ax | grep winbind
|
||||
14295 ? S 0:00 /usr/sbin/winbindd -B
|
||||
</screen>
|
||||
The <command>winbindd</command> daemon is running in split mode (normal), so there are also
|
||||
two instances of it. For more information regarding <command>winbindd</command>, see <emphasis>TOSHARG</emphasis>,
|
||||
Chapter 23, Section 23.3. The single instance of <command>smbd</command> is normal.
|
||||
two instances of it. For more information regarding <command>winbindd</command>, see
|
||||
<emphasis>TOSHARG2</emphasis>, Chapter 23, Section 23.3. The single instance of
|
||||
<command>smbd</command> is normal.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
|
@ -227,13 +227,13 @@
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>The Official Samba-3 HOWTO and Reference Guide</glossterm>
|
||||
<acronym>TOSHARG</acronym>
|
||||
<glossterm>The Official Samba-3 HOWTO and Reference Guide, Second Edition</glossterm>
|
||||
<acronym>TOSHARG2</acronym>
|
||||
<glossdef><para>
|
||||
This book makes repeated reference to <quote>The Official Samba-3 HOWTO and Reference Guide</quote>
|
||||
by John H. Terpstra and Jelmer R. Vernooij. This publication is available from
|
||||
Amazon.com. Publisher: Prentice Hall PTR (October 2003),
|
||||
ISBN: 0131453556.
|
||||
This book makes repeated reference to <quote>The Official Samba-3 HOWTO and Reference Guide, Second
|
||||
Edition</quote> by John H. Terpstra and Jelmer R. Vernooij. This publication is available from
|
||||
Amazon.com. Publisher: Prentice Hall PTR (August 2005),
|
||||
ISBN: 013122282.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
|
@ -11,9 +11,16 @@
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
TOSHARG is used as an abbreviation for the book, <emphasis>The Official Samba-3
|
||||
HOWTO and Reference Guide,</emphasis> Editors: John H. Terpstra and Jelmer R. Vernooij,
|
||||
Publisher: Prentice Hall PTR, www.phptr.com/perens.
|
||||
TOSHARG2 is used as an abbreviation for the book, <quote>The Official Samba-3
|
||||
HOWTO and Reference Guide, Second Edition</quote> Editors: John H. Terpstra and Jelmer R. Vernooij,
|
||||
Publisher: Prentice Hall, ISBN: 0131882228.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
S3bE2 is used as an abbreviation for the book, <quote>Samba-3 by Example, Second Edition</quote>
|
||||
Editors: John H. Terpstra, Publisher: Prentice Hall, ISBN: 013188221X.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
|
322
docs/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml
Normal file
322
docs/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml
Normal file
@ -0,0 +1,322 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
<chapter id="cfgsmarts">
|
||||
<chapterinfo>
|
||||
&author.jht;
|
||||
<pubdate>June 30, 2005</pubdate>
|
||||
</chapterinfo>
|
||||
<title>Advanced Configuration Techniques</title>
|
||||
|
||||
<para>
|
||||
Since the release of the first edition of this book there have been repeated requests to better document
|
||||
configuration techniques that may help a network administrator to get more out of Samba. Some users have asked
|
||||
for documentation regarding the use of the <smbconfoption name="include">file-name</smbconfoption> parameter.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Commencing around mid-2004 there has been increasing interest in the ability to host multiple Samba servers on
|
||||
one machine. There has also been an interest in the hosting of multiple Samba server personalities on one
|
||||
server.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Feedback from technical reviewers made the inclusion of this chapter a necessity. So finally, here is an attempt
|
||||
to answer the questions that have to date not been adequately addressed. Additional user input is welcome as
|
||||
it will help this chapter to mature. What is presented here is just a small beginning.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are a number of ways in which multiple servers can be hosted on a single Samba server. Multiple server
|
||||
hosting makes it possible to host multiple domain controllers on one machine. Each such machine is
|
||||
independent, and each can be stopped or started without affecting another.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Sometimes it is desirable to host multiple servers, each with its own security mode. For example, a single
|
||||
UNIX/Linux host may be a domain member server (DMS) as well as a generic anonymous print server. In this case,
|
||||
only domain member machines and domain users can access the DMS, but even guest users can access the generic
|
||||
print server. Another example of a situation where it may be beneficial to host a generic (anonymous) server
|
||||
is to host a CDROM server.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Some environments dictate the need to have separate servers, each with their own resources, each of which are
|
||||
accessible only by certain users or groups. This is one of the simple, but highly effective, capabilities
|
||||
</para>
|
||||
|
||||
<sect1>
|
||||
<title>Implementation</title>
|
||||
|
||||
<para>
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Multiple Server Hosting</title>
|
||||
|
||||
<para>
|
||||
The use of multiple server hosting involves running multiple separate instances of Samba, each with it's own
|
||||
configuration file. This method is complicated by the fact that each instance of &nmbd;, &smbd; and &winbindd;
|
||||
must have write access to entirely separate TDB files. The ability to keep separate the TDB files used by
|
||||
&nmbd;, &smbd; and &winbindd; can be enabled either by recompiling Samba for each server hosted so each has its
|
||||
own default TDB directories, or by configuring these in the &smb.conf; file, in which case each instance of
|
||||
&nmbd;, &smbd; and &winbindd; must be told to start up with its own &smb.conf; configuration file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Each instance should operate on its own IP address (that independent IP address can be an IP Alias).
|
||||
Each instance of &nmbd;, &smbd; and &winbindd; should listen only on its own IP socket. This can be secured
|
||||
using the <smbconfoption name="socket address"/> parameter. Each instance of the Samba server will have its
|
||||
own SID also, this means that the servers are discrete and independent of each other.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The user of multiple server hosting is non-trivial, and requires careful configuration of each aspect of
|
||||
process management and start up. The &smb.conf; parameters that must be carefully configured includes:
|
||||
<smbconfoption name="private dir"/>, <smbconfoption name="pid directory"/>,<smbconfoption name="lock
|
||||
directory"/>, <smbconfoption name="interfaces"/>, <smbconfoption name="bind interfaces only"/>, <smbconfoption
|
||||
name="netbios name"/>, <smbconfoption name="workgroup"/>, <smbconfoption name="socket address"/>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Those who elect to use this method of creating multiple Samba servers must have the ability to read and follow
|
||||
the Samba source code, and to modify it as needed. This mode of deployment is considered beyond the scope of
|
||||
this book. However, if someone will contribute more comprehensive documentation we will gladly review it, and
|
||||
if it is suitable extend this section of this chapter. Until such documentation becomes available the hosting
|
||||
of multiple samba servers on a single host is considered not supported for Samba-3 by the Samba Team.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Multiple Virtual Server Personalities</title>
|
||||
|
||||
<para>
|
||||
Samba has the ability to host multiple virtual servers, each of which have their own personality. This is
|
||||
achieved by configuring an &smb.conf; file that is common to all personalities hosted. Each server
|
||||
personality is hosted using its own <smbconfoption name="netbios alias"/> name, and each has its own distinct
|
||||
<smbconfoption name="[global]"/> section. Each server may have its own stanzas for services and meta-services.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When hosting multiple virtual servers, each with their own personality, each can be in a different workgroup.
|
||||
Only the primary server can be a domain member or a domain controller. The personality is defined by the
|
||||
combination of the <smbconfoption name="security"/> mode it is operating in, the <smbconfoption name="netbios
|
||||
alias"/> it has, and the <smbconfoption name="workgroup"/> that is defined for it.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This configuration style can be used either with NetBIOS names, or using NetBIOS-less SMB over TCP services.
|
||||
If run using NetBIOS mode (the most common method) it is important that the parameter <smbconfoption name="smb
|
||||
ports">139</smbconfoption> should be specified in the primary &smb.conf; file. Failure to do this will result
|
||||
in Samba operating over TCP port 445 and problematic operation at best, and at worst only being able to obtain
|
||||
the functionality that is specified in the primary &smb.conf; file. The use of NetBIOS over TCP/IP using only
|
||||
TCP port 139 means that the use of the <literal>%L</literal> macro is fully enabled. If the <smbconfoption
|
||||
name="smb ports">139</smbconfoption> is not specified (the default is <parameter>445 139</parameter>, or if
|
||||
the value of this parameter is set at <parameter>139 445</parameter> then the <literal>%L</literal> parameter
|
||||
is not serviceable.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It is possible to host multiple servers, each with their own personality, using port 445 (the NetBIOS-less SMB
|
||||
port), in which case the <literal>%i</literal> parameter can be used to provide separate server identities (by
|
||||
IP Address). Each can have its own <smbconfoption name="security"/> mode. It will be necessary to use the
|
||||
<smbconfoption name="interfaces"/>, <smbconfoption name="bind interfaces only"/> and IP aliases in addition to
|
||||
the <smbconfoption name="netbios name"/> parameters to create the virtual servers. This method is considerably
|
||||
more complex than that using NetBIOS names only using TCP port 139.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Consider an example environment that consists of a standalone, user-mode security Samba server and a read-only
|
||||
Windows 95 file server that has to be replaced. Instead of replacing the Windows 95 machine with a new PC, it
|
||||
is possible to add this server as a read-only anonymous file server that is hosted on the Samba server. Here
|
||||
are some parameters:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The Samba server is called <literal>ELASTIC</literal>, its workgroup name is <literal>ROBINSNEST</literal>.
|
||||
The CDROM server is called <literal>CDSERVER</literal> and its workgroup is <literal>ARTSDEPT</literal>. A
|
||||
possible implementation is shown here:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The &smb.conf; file for the master server is shown in <link linkend="elastic">Elastic smb.conf File</link>.
|
||||
This file is placed in the <filename>/etc/samba</filename> directory. Only the &nmbd; and the &smbd; daemons
|
||||
are needed. When started the server will appear in Windows Network Neighborhood as the machine
|
||||
<literal>ELASTIC</literal> under the workgroup <literal>ROBINSNEST</literal>. It is helpful if the Windows
|
||||
clients that must access this server are also in the workgroup <literal>ROBINSNEST</literal> as this will make
|
||||
browsing much more reliable.
|
||||
</para>
|
||||
|
||||
<example id="elastic">
|
||||
<title>Elastic smb.conf File</title>
|
||||
<smbconfblock>
|
||||
<smbconfcomment>Global parameters</smbconfcomment>
|
||||
<smbconfsection name="[global]"/>
|
||||
<smbconfoption name="workgroup">ROBINSNEST</smbconfoption>
|
||||
<smbconfoption name="netbios name">ELASTIC</smbconfoption>
|
||||
<smbconfoption name="netbios aliases">CDSERVER</smbconfoption>
|
||||
<smbconfoption name="smb ports">139</smbconfoption>
|
||||
<smbconfoption name="printcap name">cups</smbconfoption>
|
||||
<smbconfoption name="disable spoolss">Yes</smbconfoption>
|
||||
<smbconfoption name="show add printer wizard">No</smbconfoption>
|
||||
<smbconfoption name="printing">cups</smbconfoption>
|
||||
<smbconfoption name="include">/etc/samba/smb-%L.conf</smbconfoption>
|
||||
|
||||
<smbconfsection name="[homes]"/>
|
||||
<smbconfoption name="comment">Home Directories</smbconfoption>
|
||||
<smbconfoption name="valid users">%S</smbconfoption>
|
||||
<smbconfoption name="read only">No</smbconfoption>
|
||||
<smbconfoption name="browseable">No</smbconfoption>
|
||||
|
||||
<smbconfsection name="[office]"/>
|
||||
<smbconfoption name="comment">Data</smbconfoption>
|
||||
<smbconfoption name="path">/data</smbconfoption>
|
||||
<smbconfoption name="read only">No</smbconfoption>
|
||||
|
||||
<smbconfsection name="[printers]"/>
|
||||
<smbconfoption name="comment">All Printers</smbconfoption>
|
||||
<smbconfoption name="path">/var/spool/samba</smbconfoption>
|
||||
<smbconfoption name="create mask">0600</smbconfoption>
|
||||
<smbconfoption name="guest ok">Yes</smbconfoption>
|
||||
<smbconfoption name="printable">Yes</smbconfoption>
|
||||
<smbconfoption name="use client driver">Yes</smbconfoption>
|
||||
<smbconfoption name="browseable">No</smbconfoption>
|
||||
</smbconfblock>
|
||||
</example>
|
||||
|
||||
<para>
|
||||
The configuration file for the CDROM server is listed in <link linkend="cdserver">CDROM Server
|
||||
smb-cdserver.conf file</link>. This file is called <filename>smb-cdserver.conf</filename> and it should be
|
||||
located in the <filename>/etc/samba</filename> directory. Machines that are in the workgroup
|
||||
<literal>ARTSDEPT</literal> will be able to browse this server freely.
|
||||
</para>
|
||||
|
||||
<example id="cdserver">
|
||||
<title>CDROM Server smb-cdserver.conf file</title>
|
||||
<smbconfblock>
|
||||
<smbconfcomment>Global parameters</smbconfcomment>
|
||||
<smbconfsection name="[global]"/>
|
||||
<smbconfoption name="workgroup">ARTSDEPT</smbconfoption>
|
||||
<smbconfoption name="netbios name">CDSERVER</smbconfoption>
|
||||
<smbconfoption name="map to guest">Bad User</smbconfoption>
|
||||
<smbconfoption name="guest ok">Yes</smbconfoption>
|
||||
|
||||
<smbconfsection name="[carousel]"/>
|
||||
<smbconfoption name="comment">CDROM Share</smbconfoption>
|
||||
<smbconfoption name="path">/export/cddata</smbconfoption>
|
||||
<smbconfoption name="read only">Yes</smbconfoption>
|
||||
<smbconfoption name="guest ok">Yes</smbconfoption>
|
||||
</smbconfblock>
|
||||
</example>
|
||||
|
||||
<para>
|
||||
The two servers have different resources and are in separate workgroups. The server <literal>ELASTIC</literal>
|
||||
can only be accessed by uses who have an appropriate account on the host server. All users will be able to
|
||||
access the CDROM data that is stored in the <filename>/export/cddata</filename> directory. File system
|
||||
permissions should set so that the <literal>others</literal> user has read-only access to the directory and its
|
||||
contents. The files can be owned by root (any user other than the nobody account).
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Multiple Virtual Server Hosting</title>
|
||||
|
||||
<para>
|
||||
In this example, the requirement is for a primary domain controller for the domain called
|
||||
<literal>MIDEARTH</literal>. The PDC will be called <literal>MERLIN</literal>. An extra machine called
|
||||
<literal>SAURON</literal> is required. Each machine will have only its own shares. Both machines belong to the
|
||||
same domain/workgroup.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The master &smb.conf; file is shown in <link linkend="mastersmbc">the Master smb.conf File Global Section</link>.
|
||||
The two files that specify the share information for each server are shown in <link linkend="merlinsmbc">the
|
||||
smb-merlin.conf File Share Section</link>, and <link linkend="sauronsmbc">the smb-sauron.conf File Share
|
||||
Section</link>. All three files are locate in the <filename>/etc/samba</filename> directory.
|
||||
</para>
|
||||
|
||||
<example id="mastersmbc">
|
||||
<title>Master smb.conf File Global Section</title>
|
||||
<smbconfblock>
|
||||
<smbconfcomment>Global parameters</smbconfcomment>
|
||||
<smbconfsection name="[global]"/>
|
||||
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
|
||||
<smbconfoption name="netbios name">MERLIN</smbconfoption>
|
||||
<smbconfoption name="netbios aliases">SAURON</smbconfoption>
|
||||
<smbconfoption name="passdb backend">tdbsam</smbconfoption>
|
||||
<smbconfoption name="smb ports">139</smbconfoption>
|
||||
<smbconfoption name="syslog">0</smbconfoption>
|
||||
<smbconfoption name="printcap name">CUPS</smbconfoption>
|
||||
<smbconfoption name="show add printer wizard">No</smbconfoption>
|
||||
<smbconfoption name="add user script">/usr/sbin/useradd -m '%u'</smbconfoption>
|
||||
<smbconfoption name="delete user script">/usr/sbin/userdel -r '%u'</smbconfoption>
|
||||
<smbconfoption name="add group script">/usr/sbin/groupadd '%g'</smbconfoption>
|
||||
<smbconfoption name="delete group script">/usr/sbin/groupdel '%g'</smbconfoption>
|
||||
<smbconfoption name="add user to group script">/usr/sbin/usermod -G '%g' '%u'</smbconfoption>
|
||||
<smbconfoption name="add machine script">/usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</smbconfoption>
|
||||
<smbconfoption name="logon script">scripts\login.bat</smbconfoption>
|
||||
<smbconfoption name="logon path"> </smbconfoption>
|
||||
<smbconfoption name="logon drive">X:</smbconfoption>
|
||||
<smbconfoption name="domain logons">Yes</smbconfoption>
|
||||
<smbconfoption name="preferred master">Yes</smbconfoption>
|
||||
<smbconfoption name="wins support">Yes</smbconfoption>
|
||||
<smbconfoption name="printing">CUPS</smbconfoption>
|
||||
<smbconfoption name="include">/etc/samba/smb-%L.conf</smbconfoption>
|
||||
</smbconfblock>
|
||||
</example>
|
||||
|
||||
<example id="merlinsmbc">
|
||||
<title>MERLIN smb-merlin.conf File Share Section</title>
|
||||
<smbconfblock>
|
||||
<smbconfcomment>Global parameters</smbconfcomment>
|
||||
<smbconfsection name="[global]"/>
|
||||
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
|
||||
<smbconfoption name="netbios name">MERLIN</smbconfoption>
|
||||
|
||||
<smbconfsection name="[homes]"/>
|
||||
<smbconfoption name="comment">Home Directories</smbconfoption>
|
||||
<smbconfoption name="valid users">%S</smbconfoption>
|
||||
<smbconfoption name="read only">No</smbconfoption>
|
||||
<smbconfoption name="browseable">No</smbconfoption>
|
||||
|
||||
<smbconfsection name="[office]"/>
|
||||
<smbconfoption name="comment">Data</smbconfoption>
|
||||
<smbconfoption name="path">/data</smbconfoption>
|
||||
<smbconfoption name="read only">No</smbconfoption>
|
||||
|
||||
<smbconfsection name="[netlogon]"/>
|
||||
<smbconfoption name="comment">NETLOGON</smbconfoption>
|
||||
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
|
||||
<smbconfoption name="read only">Yes</smbconfoption>
|
||||
<smbconfoption name="browseable">No</smbconfoption>
|
||||
|
||||
<smbconfsection name="[printers]"/>
|
||||
<smbconfoption name="comment">All Printers</smbconfoption>
|
||||
<smbconfoption name="path">/var/spool/samba</smbconfoption>
|
||||
<smbconfoption name="printable">Yes</smbconfoption>
|
||||
<smbconfoption name="use client driver">Yes</smbconfoption>
|
||||
<smbconfoption name="browseable">No</smbconfoption>
|
||||
</smbconfblock>
|
||||
</example>
|
||||
|
||||
<example id="sauronsmbc">
|
||||
<title>SAURON smb-sauron.conf File Share Section</title>
|
||||
<smbconfblock>
|
||||
<smbconfcomment>Global parameters</smbconfcomment>
|
||||
<smbconfsection name="[global]"/>
|
||||
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
|
||||
<smbconfoption name="netbios name">SAURON</smbconfoption>
|
||||
|
||||
<smbconfsection name="[www]"/>
|
||||
<smbconfoption name="comment">Web Pages</smbconfoption>
|
||||
<smbconfoption name="path">/srv/www/htdocs</smbconfoption>
|
||||
<smbconfoption name="read only">No</smbconfoption>
|
||||
</smbconfblock>
|
||||
</example>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
@ -11,9 +11,16 @@
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
TOSHARG is used as an abbreviation for the book, <quote>The Official Samba-3
|
||||
HOWTO and Reference Guide,</quote> Editors: John H. Terpstra and Jelmer R. Vernooij,
|
||||
Publisher: Prentice Hall, ISBN: 0131453556.
|
||||
TOSHARG2 is used as an abbreviation for the book, <quote>The Official Samba-3
|
||||
HOWTO and Reference Guide, Second Edition</quote> Editors: John H. Terpstra and Jelmer R. Vernooij,
|
||||
Publisher: Prentice Hall, ISBN: 0131882228.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
S3bE2 is used as an abbreviation for the book, <quote>Samba-3 by Example, Second Edition</quote>
|
||||
Editors: John H. Terpstra, Publisher: Prentice Hall, ISBN: 013188221X.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
|
@ -128,7 +128,7 @@ The chapters in this part each cover specific Samba features.
|
||||
<xi:include href="TOSHARG-Backup.xml"/>
|
||||
<xi:include href="TOSHARG-HighAvailability.xml"/>
|
||||
<xi:include href="TOSHARG-LargeFile.xml"/>
|
||||
<!-- <xi:include href="TOSHARG-SecureLDAP.xml"/> -->
|
||||
<xi:include href="TOSHARG-ConfigSmarts.xml"/>
|
||||
|
||||
</part>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user