mirror of
https://github.com/samba-team/samba.git
synced 2025-02-15 05:57:49 +03:00
updating documentation a bit. claiming NetBIOS.txt, adding copyright message.
lkcl (This used to be commit 390fd486d7aa0de98fc900eacb962e7f46caf18c)
This commit is contained in:
parent
9a8c54f51b
commit
9bd1614769
docs/textdocs
@ -24,16 +24,22 @@ Configuration Instructions: Network Logons
|
||||
|
||||
To use domain logons and profiles you need to do the following:
|
||||
|
||||
1) Setup nmbd and smbd and configure the smb.conf so that Samba is
|
||||
acting as the master browser. See INSTALL.txt and BROWSING.txt for
|
||||
details.
|
||||
|
||||
2) create a share called [netlogon] in your smb.conf. This share should
|
||||
be readable by all users, and probably should not be writeable. This
|
||||
share will hold your network logon scripts, and the CONFIG.POL file
|
||||
(Note: for details on the CONFIG.POL file, refer to the Microsoft
|
||||
Windows NT Administration documentation. The format of these files
|
||||
is not known, so you will need to use Microsoft tools.)
|
||||
1) Setup nmbd and smbd by configuring smb.conf so that Samba is
|
||||
acting as the master browser. See INSTALL.txt and BROWSING.txt
|
||||
for details.
|
||||
|
||||
2) Setup a WINS server (see NetBIOS.txt) and configure all your clients
|
||||
to use that WINS service. [lkcl 12jul97 - problems occur where
|
||||
clients do not pick up the profiles properly unless they are using a
|
||||
WINS server. this is still under investigation].
|
||||
|
||||
3) create a share called [netlogon] in your smb.conf. This share should
|
||||
be readable by all users, and probably should not be writeable. This
|
||||
share will hold your network logon scripts, and the CONFIG.POL file
|
||||
(Note: for details on the CONFIG.POL file, refer to the Microsoft
|
||||
Windows NT Administration documentation. The format of these files
|
||||
is not known, so you will need to use Microsoft tools.)
|
||||
|
||||
For example I have used:
|
||||
|
||||
@ -47,7 +53,7 @@ users, in a secure environment: ordinary users should not be allowed
|
||||
to modify or add files that another user's computer would then download
|
||||
when they log in.
|
||||
|
||||
3) in the [global] section of smb.conf set the following:
|
||||
4) in the [global] section of smb.conf set the following:
|
||||
|
||||
domain logons = yes
|
||||
logon script = %U.bat
|
||||
@ -56,25 +62,25 @@ the choice of batch file is, of course, up to you. The above would
|
||||
give each user a separate batch file as the %U will be changed to
|
||||
their username automatically. The other standard % macros may also be
|
||||
used. You can make the batch files come from a subdirectory by using
|
||||
soemthing like:
|
||||
something like:
|
||||
|
||||
logon script = scripts\%U.bat
|
||||
|
||||
4) create the batch files to be run when the user logs in. If the batch
|
||||
file doesn't exist then no batch file will be run.
|
||||
5) create the batch files to be run when the user logs in. If the batch
|
||||
file doesn't exist then no batch file will be run.
|
||||
|
||||
In the batch files you need to be careful to use DOS style cr/lf line
|
||||
endings. If you don't then DOS may get confused. I suggest you use a
|
||||
DOS editor to remotely edit the files if you don't know how to produce
|
||||
DOS style files under unix.
|
||||
|
||||
5) Use smbclient with the -U option for some users to make sure that
|
||||
the \\server\NETLOGON share is available, the batch files are visible
|
||||
and they are readable by the users.
|
||||
6) Use smbclient with the -U option for some users to make sure that
|
||||
the \\server\NETLOGON share is available, the batch files are
|
||||
visible and they are readable by the users.
|
||||
|
||||
6) you will probabaly find that your clients automatically mount the
|
||||
\\SERVER\NETLOGON share as drive z: while logging in. You can put some
|
||||
useful programs there to execute from the batch files.
|
||||
7) you will probabaly find that your clients automatically mount the
|
||||
\\SERVER\NETLOGON share as drive z: while logging in. You can put
|
||||
some useful programs there to execute from the batch files.
|
||||
|
||||
NOTE: You must be using "security = user" or "security = server" for
|
||||
domain logons to work correctly. Share level security won't work
|
||||
@ -102,7 +108,10 @@ When a user first logs in on Windows 95, the file user.dat is created,
|
||||
as are folders "start menu", "desktop", "programs" and "nethood".
|
||||
These directories and their contents will be merged with the local
|
||||
versions stored in c:\windows\profiles\username on subsequent logins,
|
||||
taking the most recent from each.
|
||||
taking the most recent from each. You will need to use the [global]
|
||||
options "preserve case = yes", "short case preserve = yes" and
|
||||
"case sensitive = no" in order to maintain capital letters in shortcuts
|
||||
in any of the profile folders.
|
||||
|
||||
The user.dat file contains all the user's preferences. If you wish to
|
||||
enforce a set of preferences, rename their user.dat file to user.man,
|
||||
@ -115,7 +124,15 @@ and deny them write access to the file.
|
||||
|
||||
3) On the Windows 95 machine, go to Control Panel | Network |
|
||||
Client for Microsoft Networks | Preferences. Select 'Log on to
|
||||
NT Domain'. Press OK, and this time allow the computer to reboot.
|
||||
NT Domain'. Then, ensure that the Primary Logon is 'Client for
|
||||
Microsoft Networks'. Press OK, and this time allow the computer
|
||||
to reboot.
|
||||
|
||||
[If you have the Primary Logon as 'Client for Novell Networks', then
|
||||
the profiles and logon script will be downloaded from your Novell
|
||||
Server. If you have the Primary Logon as 'Windows Logon', then the
|
||||
profiles will be loaded from the local machine - a bit against the
|
||||
concept of roaming profiles, if you ask me].
|
||||
|
||||
You will now find that the Microsoft Networks Login box contains
|
||||
[user, password, domain] instead of just [user, password]. Type in
|
||||
@ -133,6 +150,11 @@ to examine the contents of the directory specified in the "logon path"
|
||||
|
||||
These folders will be cached locally on the client, and updated when
|
||||
the user logs off (if you haven't made them read-only by then :-).
|
||||
If you make the folders read-only, then you will find that if the user
|
||||
creates further folders or short-cuts, that the client will merge the
|
||||
profile contents downloaded with the contents of the profile directory
|
||||
already on the local client, taking the newest folders and short-cuts
|
||||
from each set.
|
||||
|
||||
|
||||
If you have problems creating user profiles, you can reset the user's
|
||||
@ -170,10 +192,15 @@ they will be told that they are logging in "for the first time".
|
||||
|
||||
6) check the contents of the profile path (see "logon path" described
|
||||
above), and delete the user.dat or user.man file for the user,
|
||||
making a backup if required.
|
||||
making a backup if required.
|
||||
|
||||
|
||||
If all else fails, increase samba's debug log levels to between 3 and 10,
|
||||
and / or run a packet trace program such as tcpdump or netmon.exe, and
|
||||
look for any error reports.
|
||||
|
||||
If you have access to an NT server, then first set up roaming profiles
|
||||
and / or netlogons on the NT server. Make a packet trace, or examine
|
||||
the example packet traces provided with NT server, and see what the
|
||||
differences are with the equivalent samba trace.
|
||||
|
||||
|
@ -35,7 +35,7 @@ software where to find dynamically loadable libraries that they depend upon.
|
||||
In fact, the registry contains entries that describes everything that anything
|
||||
may need to know to interact with the rest of the system.
|
||||
|
||||
The registry files will can be located on any Windows NT machine by opening a
|
||||
The registry files can be located on any Windows NT machine by opening a
|
||||
command prompt and typing:
|
||||
dir %SystemRoot%\System32\config
|
||||
|
||||
@ -58,16 +58,16 @@ The Windows NT User database also resides within the registry. This part of
|
||||
the registry contains the user's security identifier, home directory, group
|
||||
memberships, desktop profile, and so on.
|
||||
|
||||
Every Windows NT system (workstation as well as server) will have it's own
|
||||
Every Windows NT system (workstation as well as server) will have its own
|
||||
registry. Windows NT Servers that participate in Domain Security control
|
||||
have a database that they share in common - thus they do NOT own an
|
||||
independant full registry database of their own, as do Workstations and
|
||||
independent full registry database of their own, as do Workstations and
|
||||
plain Servers.
|
||||
|
||||
The User database is called the SAM (Security Access Manager) database and
|
||||
is used for all user authentication as well as for authentication of inter-
|
||||
process authentication (ie: to ensure that the service action a user has
|
||||
requested is permitted within the limits of that user's privilidges).
|
||||
requested is permitted within the limits of that user's privileges).
|
||||
|
||||
Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers
|
||||
can participate in a Domain security system that is controlled by Windows NT
|
||||
|
@ -1,6 +1,6 @@
|
||||
Contributor: Unknown
|
||||
Date: Unknown
|
||||
Status: Current
|
||||
Contributor: lkcl - Copyright Luke Kenneth Casson Leighton 1997
|
||||
Date: March 1997
|
||||
Status: Current
|
||||
|
||||
Subject: Definition of NetBIOS Protocol and Name Resolution Modes
|
||||
=============================================================================
|
||||
@ -17,7 +17,17 @@ rfc1001.txt and rfc1002.txt.
|
||||
NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS
|
||||
datagrams to be sent out over the 'wire' embedded within LLC frames.
|
||||
NetBEUI is not required when using NetBIOS over TCP/IP protocols and it
|
||||
is preferrable NOT to install NetBEUI if it can be avoided.
|
||||
is preferable NOT to install NetBEUI if it can be avoided.
|
||||
|
||||
IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is
|
||||
preferable NOT to install the IPX/SPX transport unless you are using Novell
|
||||
servers. At the very least, it is recommended that you do not install
|
||||
'NetBIOS over IPX/SPX'.
|
||||
|
||||
[When installing Windows 95, you will find that NetBEUI and IPX/SPX are
|
||||
installed as the default protocols. This is because they are the simplest
|
||||
to manage: no Windows 95 user-configuration is required].
|
||||
|
||||
|
||||
NetBIOS applications (such as samba) offer their services (for example,
|
||||
SMB file and print sharing) on a NetBIOS name. They must claim this name
|
||||
@ -41,6 +51,7 @@ UNIQUE NetBIOS name on a network.
|
||||
|
||||
There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point.
|
||||
|
||||
|
||||
=================
|
||||
BROADCAST NetBIOS
|
||||
=================
|
||||
@ -102,14 +113,22 @@ because a Browse Server is a WINS client, which is _not_ the same thing].
|
||||
Clients can claim names, and therefore offer services on successfully claimed
|
||||
names, on their broadcast-isolated subnet. One way to get NetBIOS services
|
||||
(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
|
||||
SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make
|
||||
SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make
|
||||
your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
|
||||
You will find, however, if you do this on a large LAN or a WAN, that your
|
||||
network is completely swamped by NetBIOS and browsing packets, which is why
|
||||
WINS was developed to minimise the necessity of broadcast traffic.
|
||||
|
||||
WINS Clients therefore claim names from the WINS server. If the WINS
|
||||
server allows them to register a name, the client's NetBIOS session service
|
||||
can then offer services on this name. Other WINS clients will then
|
||||
contact the WINS server to resolve a NetBIOS name.
|
||||
|
||||
|
||||
=======================
|
||||
Samba WINS Capabilities
|
||||
=======================
|
||||
|
||||
To configure samba as a WINS server, you must add "wins support = yes" to
|
||||
the [global] section of your smb.conf file. This will enable WINS server
|
||||
capabilities in nmbd.
|
||||
|
Loading…
x
Reference in New Issue
Block a user