1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

Adding more docs.

This commit is contained in:
John Terpstra 0001-01-01 00:00:00 +00:00
parent c37467651b
commit 8b75c925b9
3 changed files with 272 additions and 34 deletions

View File

@ -83,6 +83,15 @@
</affiliation>
</author>'>
<!ENTITY author.dlechnyr '
<author>
<firstname>David</firstname><surname>Lechnyr</surname>
<affiliation>
<orgname>Unofficial HOWTO</orgname>
<address><email>david@lechnyr.com</email></address>
</affiliation>
</author>'>
<!-- URL's -->
<!ENTITY url.samba.cvsinfo 'http://pserver.samba.org/samba/cvs.html'>
<!ENTITY url.pdc-howto.local 'samba-pdc-howto.html'>
@ -440,42 +449,43 @@ an Active Directory environment.
<!ENTITY MAN-WINBINDD SYSTEM "manpages/winbindd.8.sgml">
<!ENTITY UNIX-INSTALL SYSTEM "projdoc/UNIX_INSTALL.sgml">
<!ENTITY ENCRYPTION SYSTEM "projdoc/ENCRYPTION.sgml">
<!ENTITY MS-Dfs-Setup SYSTEM "projdoc/msdfs_setup.sgml">
<!ENTITY PRINTER-DRIVER2 SYSTEM "projdoc/printer_driver2.sgml">
<!ENTITY DOMAIN-MEMBER SYSTEM "projdoc/DOMAIN_MEMBER.sgml">
<!ENTITY WINBIND SYSTEM "projdoc/winbind.sgml">
<!ENTITY NT-Security SYSTEM "projdoc/NT_Security.sgml">
<!ENTITY Samba-PDC-HOWTO SYSTEM "projdoc/Samba-PDC-HOWTO.sgml">
<!ENTITY Samba-BDC-HOWTO SYSTEM "projdoc/Samba-BDC-HOWTO.sgml">
<!ENTITY CVS-Access SYSTEM "projdoc/CVS-Access.sgml">
<!ENTITY IntegratingWithWindows SYSTEM "projdoc/Integrating-with-Windows.sgml">
<!ENTITY Samba-PAM SYSTEM "projdoc/PAM-Authentication-And-Samba.sgml">
<!ENTITY Samba-LDAP SYSTEM "projdoc/Samba-LDAP-HOWTO.sgml">
<!ENTITY Diagnosis SYSTEM "projdoc/Diagnosis.sgml">
<!ENTITY BUGS SYSTEM "projdoc/Bugs.sgml">
<!ENTITY SECURITY-LEVEL SYSTEM "projdoc/security_level.sgml">
<!ENTITY SPEED SYSTEM "projdoc/Speed.sgml">
<!ENTITY ADS-HOWTO SYSTEM "projdoc/ADS-HOWTO.sgml">
<!ENTITY AdvancedNetworkAdmin SYSTEM "projdoc/AdvancedNetworkAdmin.sgml">
<!ENTITY BROWSING SYSTEM "projdoc/Browsing.sgml">
<!ENTITY BROWSING-Quick SYSTEM "projdoc/Browsing-Quickguide.sgml">
<!ENTITY BUGS SYSTEM "projdoc/Bugs.sgml">
<!ENTITY CUPS SYSTEM "projdoc/CUPS-printing.sgml">
<!ENTITY CVS-Access SYSTEM "projdoc/CVS-Access.sgml">
<!ENTITY Compiling SYSTEM "projdoc/Compiling.sgml">
<!ENTITY DOMAIN-MEMBER SYSTEM "projdoc/DOMAIN_MEMBER.sgml">
<!ENTITY Diagnosis SYSTEM "projdoc/Diagnosis.sgml">
<!ENTITY ENCRYPTION SYSTEM "projdoc/ENCRYPTION.sgml">
<!ENTITY GROUP-MAPPING-HOWTO SYSTEM "projdoc/GROUP-MAPPING-HOWTO.sgml">
<!ENTITY Portability SYSTEM "projdoc/Portability.sgml">
<!ENTITY IntegratingWithWindows SYSTEM "projdoc/Integrating-with-Windows.sgml">
<!ENTITY IntroSMB SYSTEM "projdoc/IntroSMB.sgml">
<!ENTITY MS-Dfs-Setup SYSTEM "projdoc/msdfs_setup.sgml">
<!ENTITY NT-Security SYSTEM "projdoc/NT_Security.sgml">
<!ENTITY NT4Migration SYSTEM "projdoc/NT4Migration.sgml">
<!ENTITY Other-Clients SYSTEM "projdoc/Other-Clients.sgml">
<!ENTITY ADS-HOWTO SYSTEM "projdoc/ADS-HOWTO.sgml">
<!ENTITY PRINTER-DRIVER2 SYSTEM "projdoc/printer_driver2.sgml">
<!ENTITY Passdb SYSTEM "projdoc/passdb.sgml">
<!ENTITY PolicyMgmt SYSTEM "projdoc/PolicyMgmt.sgml">
<!ENTITY Portability SYSTEM "projdoc/Portability.sgml">
<!ENTITY ProfileMgmt SYSTEM "projdoc/ProfileMgmt.sgml">
<!ENTITY SECURITY-LEVEL SYSTEM "projdoc/security_level.sgml">
<!ENTITY SPEED SYSTEM "projdoc/Speed.sgml">
<!ENTITY SWAT SYSTEM "projdoc/SWAT.sgml">
<!ENTITY Samba-BDC-HOWTO SYSTEM "projdoc/Samba-BDC-HOWTO.sgml">
<!ENTITY Samba-LDAP SYSTEM "projdoc/Samba-LDAP-HOWTO.sgml">
<!ENTITY Samba-PAM SYSTEM "projdoc/PAM-Authentication-And-Samba.sgml">
<!ENTITY Samba-PDC-HOWTO SYSTEM "projdoc/Samba-PDC-HOWTO.sgml">
<!ENTITY SecuringSamba SYSTEM "projdoc/securing-samba.sgml">
<!ENTITY ServerType SYSTEM "projdoc/ServerType.sgml">
<!ENTITY Trusts SYSTEM "projdoc/InterdomainTrusts.sgml">
<!ENTITY UNIX-INSTALL SYSTEM "projdoc/UNIX_INSTALL.sgml">
<!ENTITY VFS SYSTEM "projdoc/VFS.sgml">
<!ENTITY WINBIND SYSTEM "projdoc/winbind.sgml">
<!ENTITY pdb-mysql SYSTEM "projdoc/pdb_mysql.sgml">
<!ENTITY pdb.sgml SYSTEM "projdoc/pdb.sgml.sgml">
<!ENTITY VFS SYSTEM "projdoc/VFS.sgml">
<!ENTITY Passdb SYSTEM "projdoc/passdb.sgml">
<!ENTITY ServerType SYSTEM "projdoc/ServerType.sgml">
<!ENTITY SecuringSamba SYSTEM "projdoc/securing-samba.sgml">
<!ENTITY Compiling SYSTEM "projdoc/Compiling.sgml">
<!ENTITY unicode SYSTEM "projdoc/unicode.sgml">
<!ENTITY CUPS SYSTEM "projdoc/CUPS-printing.sgml">
<!ENTITY AdvancedNetworkAdmin SYSTEM "projdoc/AdvancedNetworkAdmin.sgml">
<!ENTITY PolicyMgmt SYSTEM "projdoc/PolicyMgmt.sgml">
<!ENTITY ProfileMgmt SYSTEM "projdoc/ProfileMgmt.sgml">
<!ENTITY NT4Migration SYSTEM "projdoc/NT4Migration.sgml">
<!ENTITY SWAT SYSTEM "projdoc/SWAT.sgml">
<!ENTITY Trusts SYSTEM "projdoc/InterdomainTrusts.sgml">
<!ENTITY problems SYSTEM "projdoc/Problems.sgml">
<!ENTITY unicode SYSTEM "projdoc/unicode.sgml">

View File

@ -13,8 +13,10 @@
<title>How to compile SAMBA</title>
<para>You can obtain the samba source from the <ulink url="http://samba.org/">samba website</ulink>. To obtain a development version,
you can download samba from CVS or using rsync. </para>
<para>
You can obtain the samba source from the <ulink url="http://samba.org/">samba website</ulink>. To obtain a development version,
you can download samba from CVS or using rsync.
</para>
<sect1>
<title>Access Samba source code via CVS</title>
@ -177,6 +179,57 @@ on this system just substitute the correct package name
</para>
</sect1>
<sect1>
<title>Verifying Samba's PGP signature</title>
<para>
In these days of insecurity, it's strongly recommended that you verify the PGP signature for any
source file before installing it. According to Jerry Carter of the Samba Team, only about 22% of
all Samba downloads have had a corresponding PGP signature download (a very low percentage, which
should be considered a bad thing). Even if you're not downloading from a mirror site, verifying PGP
signatures should be a standard reflex.
</para>
<para>
With that said, go ahead and download the following files:
</para>
<para><programlisting>
$ wget http://us1.samba.org/samba/ftp/samba-2.2.8a.tar.asc
$ wget http://us1.samba.org/samba/ftp/samba-pubkey.asc
</programlisting></para>
<para>
The first file is the PGP signature for the Samba source file; the other is the Samba public
PGP key itself. Import the public PGP key with:
</para>
<programlisting>
$ gpg --import samba-pubkey.asc
</programlisting>
<para>
And verify the Samba source code integrity with:
</para>
<programlisting>
$ gzip -d samba-2.2.8a.tar.gz
$ gpg --verify samba-2.2.8a.tar.asc
</programlisting>
<para>
If you receive a message like, "Good signature from Samba Distribution Verification Key..."
then all is well. The warnings about trust relationships can be ignored. An example of what
you would not want to see would be:
</para>
<programlisting>
gpg: BAD signature from "Samba Distribution Verification Key"
</programlisting>
</sect1>
<sect1>
<title>Building the Binaries</title>

View File

@ -0,0 +1,175 @@
<chapter id="IntroSMB">
<chapterinfo>
&author.dlechnyr;
<pubdate>April 13, 2003</pubdate>
</chapterinfo>
<title>Introduction to Samba</title>
<para>
Samba provides MS Windows file and print services over TCP/IP and provides compatible support for
all SMB/CIFS enabled clients. Samba can be used to provide seemless interoperability between unix
/ Linux systems and MS Windows clients and servers. A global team of about 30 active programmers
is responsible for the development of Samba, a marvelous tool that was originally developed by
Andrew Tridgell. That team of developers is known as the Samba-Team.
</para>
<sect1>
<title>Background</title>
<para>
Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed Computing
Environment/Remote Procedure Calls and conceptually was a good idea. It was originally developed
by Apollo/HP as NCA 1.0 (Network Computing Architecture) and only ran over UDP. When there was
a need to run it over TCP so that it would be compatible with DECnet 3.0, it was redesigned,
submitted to The Open Group, and officially became known as DCE/RPC. Microsoft came along and
decided, rather than pay $20 per seat to license this technology, to reimplement DCE/RPC
themselves as MSRPC. From this, the concept continued in the form of SMB (Server Message Block,
or the "what") using the NetBIOS (Network Basic Input/Output System, or the "how") compatibility
layer. You can run SMB (i.e., transport) over several different protocols; many different
implementations arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and
NBT (NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form of
implementation until the advance of "Direct-Hosted TCP" -- the Microsoft marketing term for
eliminating NetBIOS entirely and running SMB by itself across TCP port 445 only. As of yet,
direct-hosted TCP has yet to catch on. And so the story goes.
</para>
<para>
Perhaps the best summary of the origins of SMB are voiced in the 1997 article titled, CIFS:
Common Insecurities Fail Scrutiny:
</para>
<para><emphasis>
Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba
stuff, a few MS knowledge-base articles, strings extracted from binaries, and packet dumps have
been dutifully waded through during the information-gathering stages of this project, and there
are *still* many missing pieces... While often tedious, at least the way has been generously
littered with occurrences of clapping hand to forehead and muttering 'crikey, what are they
thinking?
</emphasis></para>
<sect2>
<title>Terminology</title>
<itemizedlist>
<listitem><para>
SMB: Acronym for "Server Message Block". This is a Microsoft's file and printer
sharing protocol.
</para></listitem>
<listitem><para>
CIFS: Acronym for the "Common Internet File System". Around 1996, Microsoft apparently
decided that SMB needed the word "Internet" in it, so they changed it to CIFS.
</para></listitem>
<listitem><para>
Direct-Hosted: A method of providing file/printer sharing services over port 445/tcp
only, using DNS for name resolution instead of WINS.
</para></listitem>
<listitem><para>
IPC: Acronym for "Inter-process Communication". A method to communicate specific
information between programs.
</para></listitem>
<listitem><para>
Marshalling: - A method of serializing (i.e., sequential ordering of) variable data
suitable for transmission via a network connection or storing in a file. The source
data can be re-created using a similar process called unmarshalling.
</para></listitem>
<listitem><para>
NetBIOS: Acronym for "Network Basic Input/Output System". This is not a protocol;
it is a method of communication across an existing protocol. This is a standard which
was originally developed for IBM by Sytek in 1983. To exaggerate the analogy a bit,
it can help to think of this in comparison your computer's BIOS -- it controlls the
essential functions of your input/output hardware -- whereas NetBIOS controlls the
essential functions of your input/output traffic via the network. Again, this is a bit
of an exaggeration but it should help that paradigm shift. What is important to realize
is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically
brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second
thought; this will cause no end (and no doubt) of confusion.
</para></listitem>
<listitem><para>
NetBEUI: Acronym for the "NetBIOS Extended User Interface". Unlike NetBIOS, NetBEUI
is a protocol, not a standard. It is also not routable, so traffic on one side of a
router will be unable to communicate with the other side. Understanding NetBEUI is
not essential to deciphering SMB; however it helps to point out that it is not the
same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally
referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver".
It is not often heard from these days.
</para></listitem>
<listitem><para>
NBT: Acronym for "NetBIOS over TCP"; also known as "NetBT". Allows the continued use
of NetBIOS traffic proxied over TCP/IP. As a result, NetBIOS names are made equivilant
to IP addresses and NetBIOS name types are conceptually equivilant to TCP/IP ports.
This is how file and printer sharing are accomplished in Windows 95/98/ME. They
traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port 137,
NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service
(nbsession) via TCP port 139. All name resolution is done via WINS, NetBIOS broadcasts,
and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002
(Detailed specifications).
</para></listitem>
<listitem><para>
W2K: Acronym for Windows 2000 Professional or Server
</para></listitem>
<listitem><para>
W3K: Acronym for Windows 2003 Server
</para></listitem>
</itemizedlist>
</sect2>
<sect2>
<title>Related Projects>
<para>
Currently, there are two projects that are directly related to Samba: SMBFS and CIFS network
client file systems for Linux, both available in the Linux kernel itself.
</para>
<itemizedlist>
<listitem><para>
SMBFS (Server Message Block File System) allows you to mount SMB shares (the protocol
Windows 95/98/ME, Windows NT/2000/XP and OS/2 Lan Manager use to share files and printers
over local networks) and access them just like any other Unix directory. This is useful
if you just want to mount such filesystems without being a SMBFS server.
</para></listitem>
<listitem><para>
CIFS (Common Internet File System) is the successor to SMB, and is actively being worked
on in the upcoming version of the Linux kernel (2.5/2.6). The intent of this module is to
provide advanced network file system functionality including support for dfs (heirarchical
name space), secure per-user session establishment, safe distributed caching (oplock),
optional packet signing, Unicode and other internationalization improvements, and optional
Winbind (nsswitch) integration. If you enable CONFIG_CIFS in the Linux kernel, be aware
that it is currently in an early development stage and may not be as stable as the existing
CONFIG_SMB_FS option.
</para></listitem>
</itemizedlist>
<para>
Again, it's important to note that these are implementations for client filesystems, and have
nothing to do with acting as a file and print server for SMB/CIFS clients.
</para>
</sect2>
<sect2>
<title>Miscellaneous</title>
<para>
This chapter is Copyright © 2003 David Lechnyr. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation. A copy of the license is available at http://www.gnu.org/licenses/fdl.txt.
</para>
</sect2>
</sect1>
</chapter>