1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Merge Samba3 and Samba4 together

This commit is contained in:
Stefan Metzmacher 2008-09-14 23:07:26 +02:00
commit 9d3d332092
7582 changed files with 2280432 additions and 0 deletions

301
.gitignore vendored Normal file
View File

@ -0,0 +1,301 @@
*~
*.1
*.3
*.8
*_asn1_files
*_asn1.h
autom4te.cache
config.cache
config.h
config.h.in
config.log
config.status
configure
*.d
*_err.c
*_err.h
examples/libsmbclient/Makefile.internal
examples/libsmbclient/smbwrapper/smbsh
examples/libsmbclient/smbwrapper/smbwrapper.so
examples/libsmbclient/testacl
examples/libsmbclient/testacl2
examples/libsmbclient/testacl3
examples/libsmbclient/testbrowse
examples/libsmbclient/testbrowse2
examples/libsmbclient/testchmod
examples/libsmbclient/testread
examples/libsmbclient/testsmbc
examples/libsmbclient/teststat
examples/libsmbclient/teststat2
examples/libsmbclient/teststat3
examples/libsmbclient/testtruncate
examples/libsmbclient/testutime
examples/libsmbclient/testwrite
examples/libsmbclient/tree
examples/VFS/config.log
examples/VFS/config.status
examples/VFS/configure
examples/VFS/Makefile
examples/VFS/module_config.h
examples/VFS/module_config.h.in
examples/VFS/shadow_copy_test.so
examples/VFS/skel_opaque.so
examples/VFS/skel_transparent.so
*.gcda
*.gcno
*.hd
*.ho
*.o
*.patch
*.pc
*.po
*.pyc
semantic.cache
source3/bin/*
source3/config.cache
source3/config.log
source3/config.status
source3/configure
source3/cscope.out
source3/exports/libnetapi.syms
source3/exports/libsmbclient.syms
source3/exports/libsmbsharemodes.syms
source3/exports/libtalloc.syms
source3/exports/libtdb.syms
source3/exports/libwbclient.syms
source3/include/build_env.h
source3/include/config.h
source3/include/config.h.in
source3/include/includes.h.gch
source3/include/stamp-h
source3/include/version.h
source3/lib/netapi/examples/Makefile
source3/lib/netapi/tests/Makefile
source3/library-versions
source3/librpc/gen_ndr/cli_krb5pac.*
source3/librpc/gen_ndr/cli_libnetapi.c
source3/librpc/gen_ndr/cli_libnetapi.h
source3/librpc/gen_ndr/cli_messaging.*
source3/librpc/gen_ndr/cli_misc.*
source3/librpc/gen_ndr/cli_nbt.c
source3/librpc/gen_ndr/cli_nbt.h
source3/librpc/gen_ndr/cli_notify.*
source3/librpc/gen_ndr/cli_security.*
source3/librpc/gen_ndr/cli_xattr.*
source3/librpc/gen_ndr/srv_drsuapi.c
source3/librpc/gen_ndr/srv_drsuapi.h
source3/librpc/gen_ndr/srv_krb5pac.*
source3/librpc/gen_ndr/srv_libnetapi.c
source3/librpc/gen_ndr/srv_libnetapi.h
source3/librpc/gen_ndr/srv_messaging.*
source3/librpc/gen_ndr/srv_misc.*
source3/librpc/gen_ndr/srv_nbt.c
source3/librpc/gen_ndr/srv_nbt.h
source3/librpc/gen_ndr/srv_notify.*
source3/librpc/gen_ndr/srv_security.*
source3/librpc/gen_ndr/srv_xattr.*
source3/Makefile
source3/nsswitch/*.so
source3/pkgconfig/*.pc
source3/proto_exists
source3/script/findsmb
source3/script/gen-8bit-gap.sh
source3/script/installbin.sh
source3/script/uninstallbin.sh
source3/smbadduser
source3/smbd/build_options.c
source3/st
source3/tags
source3/TAGS
source3/torture.tdb
source4/apidocs
source4/auth/auth_proto.h
source4/auth/auth_sam.h
source4/auth/auth_sam_reply.h
source4/auth/credentials/credentials_krb5_proto.h
source4/auth/credentials/credentials_proto.h
source4/auth/gensec/gensec_proto.h
source4/auth/gensec/schannel_proto.h
source4/auth/gensec/schannel_state.h
source4/auth/gensec/spnego_proto.h
source4/auth/kerberos/proto.h
source4/auth/ntlmssp/msrpc_parse.h
source4/auth/ntlmssp/proto.h
source4/auth/session_proto.h
source4/auth/system_session_proto.h
source4/bin/*
source4/bin/modules/*
source4/bin/shared/*.so*
source4/build/smb_build/config.pm
source4/cldap_server/proto.h
source4/config.mk
source4/coverage
source4/data.mk
source4/dsdb/common/proto.h
source4/dsdb/repl/drepl_service_proto.h
source4/dsdb/samdb/samdb_proto.h
source4/dsdb/schema/proto.h
source4/extra_cflags.txt
source4/foo.tdb
source4/gentest_seeds.dat
source4/heimdal/kdc/kdc-private.h
source4/heimdal/kdc/kdc-protos.h
source4/heimdal/lib/asn1/asn1_*
source4/heimdal/lib/asn1/der-protos.h
source4/heimdal/lib/asn1/krb5_asn1_files
source4/heimdal/lib/asn1/krb5_asn1.h
source4/heimdal/lib/des/hcrypto
source4/heimdal/lib/gssapi/asn1_*.c
source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h
source4/heimdal/lib/gssapi/spnego_asn1_files
source4/heimdal/lib/gssapi/spnego_asn1.h
source4/heimdal/lib/gssapi/spnego/spnego-private.h
source4/heimdal/lib/hdb/asn1_*.c
source4/heimdal/lib/hdb/hdb_asn1_files
source4/heimdal/lib/hdb/hdb_asn1.h
source4/heimdal/lib/hdb/hdb_err.?
source4/heimdal/lib/hdb/hdb-private.h
source4/heimdal/lib/hdb/hdb-protos.h
source4/heimdal/lib/hx509/asn1_*.c
source4/heimdal/lib/hx509/hx509-private.h
source4/heimdal/lib/hx509/hx509-protos.h
source4/heimdal/lib/krb5/heim_err.?
source4/heimdal/lib/krb5/k524_err.?
source4/heimdal/lib/krb5/krb5_err.?
source4/heimdal/lib/krb5/krb5-private.h
source4/heimdal/lib/krb5/krb5-protos.h
source4/heimdal/lib/ntlm/heimntlm-protos.h
source4/heimdal/lib/roken/err.h
source4/heimdal/lib/roken/vis.h
source4/heimdal/lib/wind/*_table.?
source4/include/build.h
source4/include/config_tmp.h
source4/include/config_tmp.h.in
source4/kdc/pac_glue.h
source4/ldap_server/proto.h
source4/lib/charset/charset_proto.h
source4/libcli/auth/proto.h
source4/libcli/composite/proto.h
source4/libcli/finddcs.h
source4/libcli/ldap/ldap_proto.h
source4/libcli/libcli_proto.h
source4/libcli/nbt/nbtname.h
source4/libcli/nbt/nbt_proto.h
source4/libcli/ndr_netlogon_proto.h
source4/libcli/netlogon_proto.h
source4/libcli/raw/raw_proto.h
source4/libcli/resolve/lp_proto.h
source4/libcli/resolve/proto.h
source4/libcli/security/proto.h
source4/libcli/smb2/smb2_proto.h
source4/libcli/smb_composite/proto.h
source4/libcli/util/clilsa.h
source4/libcli/util/proto.h
source4/libcli/wrepl/winsrepl_proto.h
source4/lib/cmdline/credentials.h
source4/lib/cmdline/popt_credentials.h
source4/lib/crypto/test_proto.h
source4/lib/db_wrap_proto.h
source4/lib/ldb/bin
source4/lib/ldb/examples/ldbreader
source4/lib/ldb/examples/ldifreader
source4/lib/ldb/lib
source4/lib/ldb/man/*.html
source4/lib/ldb-samba/ldif_handlers.h
source4/lib/ldb/samba/ldif_handlers_proto.h
source4/lib/ldb/tests/tmp
source4/libnet/libnet_proto.h
source4/lib/registry/regf.h
source4/lib/registry/tdr_regf.c
source4/lib/registry/tdr_regf.h
source4/lib/registry/tests/proto.h
source4/lib/registry/tools/common.h
source4/librpc/gen_ndr
source4/librpc/idl-deps
source4/librpc/ndr/libndr_proto.h
source4/librpc/ndr/ndr_compression.h
source4/librpc/ndr/ndr_spoolss_buf.h
source4/librpc/ndr/ndr_table.h
source4/librpc/rpc/dcerpc_proto.h
source4/librpc/rpc/dcerpc_table.h
source4/lib/samba3/samba3_proto.h
source4/lib/samba3/samba3_smbpasswd_proto.h
source4/lib/socket/netif_proto.h
source4/lib/talloc/talloc.3.html
source4/lib/talloc/testsuite
source4/lib/tdb/bin/tdbbackup
source4/lib/tdb/bin/tdbdump
source4/lib/tdb/bin/tdbtool
source4/lib/tdb/bin/tdbtorture
source4/lib/tdr/tdr_proto.h
source4/lib/util/apidocs
source4/lib/util/asn1_proto.h
source4/lib/util/pidfile.h
source4/lib/util/unix_privs.h
source4/lib/util/util_proto.h
source4/lib/util/util_tdb.h
source4/mkconfig.mk
source4/nbt_server/dgram/proto.h
source4/nbt_server/nbt_server_proto.h
source4/nbt_server/wins/winsdb_proto.h
source4/nbt_server/wins/winsserver_proto.h
source4/ntptr/ntptr_proto.h
source4/ntvfs/cifs_posix_cli/proto.h
source4/ntvfs/common/proto.h
source4/ntvfs/ipc/proto.h
source4/ntvfs/ntvfs_proto.h
source4/ntvfs/posix/vfs_posix_proto.h
source4/ntvfs/simple/proto.h
source4/param/proto.h
source4/param/secrets_proto.h
source4/param/share_proto.h
source4/passdb/proto.h
source4/pidl/blib
source4/pidl/cover_db
source4/pidl/Makefile
source4/pidl/pm_to_blib
source4/rpc_server/common/proto.h
source4/rpc_server/dcerpc_server_proto.h
source4/rpc_server/lsa/proto.h
source4/rpc_server/samr/proto.h
source4/rpc_server/srvsvc/proto.h
source4/samba.info
source4/scripting/ejs/ejsnet/proto.h
source4/scripting/ejs/proto.h
source4/smbd/pidfile.h
source4/smbd/process_model_proto.h
source4/smbd/service_proto.h
source4/smb_server/service_smb_proto.h
source4/smb_server/smb2/smb2_proto.h
source4/smb_server/smb_server_proto.h
source4/smb_server/smb/smb_proto.h
source4/st
source4/templates.ldb
source4/test-results
source4/tests
source4/torture/auth/proto.h
source4/torture/basic/proto.h
source4/torture/ldap/proto.h
source4/torture/libnet/proto.h
source4/torture/local/proto.h
source4/torture/nbench/proto.h
source4/torture/nbt/proto.h
source4/torture/ndr/proto.h
source4/torture/proto.h
source4/torture/rap/proto.h
source4/torture/raw/proto.h
source4/torture/rpc/proto.h
source4/torture/smb2/proto.h
source4/torture.tdb
source4/torture/unix/proto.h
source4/torture/winbind/proto.h
source4/utils/net/net_proto.h
source4/version.h
source4/web_server/proto.h
source4/winbind/idmap_proto.h
source4/winbind/wb_helper.h
source4/winbind/wb_proto.h
source4/wrepl_server/wrepl_server_proto.h
*.swp
tags
*.x

24
BUGS4.txt Normal file
View File

@ -0,0 +1,24 @@
Samba4 alpha4 is not a final Samba release. That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.
For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller, and it is
in this role where it has seen deployment into production.
Samba4 is subjected to an awesome battery of tests on an
automated basis, we have found Samba4 to be very stable in it's
behaviour. We have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage, because there may be the features on
which you may rely that are not present, or the mapping of
your configuration and user database may not be complete.
If you are upgrading, or looking to develop, test or deploy Samba4, you should
backup all configuration and data.
We welcome your testing, please file bug reports at
https://bugzilla.samba.org/, product: Samba4. Please include as much
information as possible, such as GIT revision number and backtraces.

674
COPYING Normal file
View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

40
MAINTAINERS Normal file
View File

@ -0,0 +1,40 @@
##
## List of current Samba Maintainers
##
This file contains a list of developers responsible for
portions of the Samba 3.0 code. It also lists developers
responsible for 3rd party projects that work with Samba
(e.g. vfs modules).
Note that this list is for your benefit, but please do not
abuse it by constantly emailing a stream of help questions
to the maintainers. Some are more open to direct
communication than others and some struggle with enormous
amounts of email every day.
All bug reports for code that is maintained *within* the
Samba subversion tree should be filed at https://bugzilla.samba.org/.
Feature/Function Developer
---------------- ---------
documentation John Terpstra <jht@samba.org>
libmsrpc Chris Nichols <skel@samba.org>
libsmbclient Derrell Lipman <derrell@samba.org>
pdb_*sql Wilco Baan Hofman <synnack@users.sf.net>
Florian Effenberger <floeff@users.sf.net>
http://pdbsql.sourceforge.net/
printing Gerald (Jerry) Carter <jerry@samba.org>
samba-vscan Rainer Link <rainer@openantivirus.org>
--
Please report any errors in this file to <samba-technical@samba.org>

78
Manifest Normal file
View File

@ -0,0 +1,78 @@
Copyright (C) 1997-2003 - Samba-Team
The Samba package you have just unpacked contains the following:
Directory Notes:
========= ======
docs (Samba Documentation):
---- ----------------------
All the Samba documentation for the 3.0 release have been converted to
docbook format. Because of this the man pages are now available
in both traditional man page format (in the docs/manpages directory)
and in HTML format (in the docs/htmldocs directory).
The Samba HOWTO Collection has undergone some rather large changes
and covers all parts of configuration now. It is available
as PDF (docs/Samba3-HOWTO.pdf) or in HTML format (in
the docs/htmldocs directory). Those with the docbook utilities installed
can generate PostScript and text versions of the HOWTO as well.
The Samba FAQ is still a work in progress, but can be found in
HTML format in docs/htmldocs.
examples (Example configuration files):
-------- ------------------------------
Please pay close attention to the reference smb.conf file
smb.conf.default that has now been included as the master guide.
Do read the smb.conf manual page in considering what settings are
appropriate for your site.
packaging (Only for those wishing to build binary distributions):
--------- -------------------------------------------------------
Currently support is included for the following Linux Distributions :
RedHat and SuSE.
In addition, packaging support is available for SGI and Solaris systems.
We hope that other Unix OS vendors will contribute their binary
distribution packaging control files - and we hope to make their binary
packages available on the master ftp site under:
ftp://samba.org/pub/samba/Binary_Packages/"OS_Vendor"
source (The official Samba source files - expect more of these!):
------ ----------------------------------------------------------
To build your own binary files you will need a suitable ansi C
compiler.
Samba uses the GNU autoconf system. In
order to build a default Samba for your platform cd into
the source/ directory and then type :
./configure
followed by :
make
To install the binaries built by the above type :
make install
then set up your configuration files.
NOTE: OS Vendors who provide Samba binary packages will generally
integrate all Samba files into their preferred directory locations.
These may differ from the default location ALWAYS used by the Samba
sources. Please be careful when upgrading a vendor provided binary
distribution from files you have built yourself.

508
NEWS4 Normal file
View File

@ -0,0 +1,508 @@
This file aims to document the major changes since the latest released version
of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems
and uses a different internal format for most data. Since this
file is an initial draft, please update missing items.
One of the main goals of Samba 4 was Active Directory Domain Controller
support. This means Samba now implements several protocols that are required
by AD such as Kerberos and DNS.
An (experimental) upgrade script that performs a one-way upgrade
from Samba 3 is available in source/setup/upgrade.
Removal of nmbd and introduction of process models
==================================================
smbd now implements several network protocols other than just CIFS and
DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports
various 'process models' that specify how concurrent connections are
handled (when to fork, use threads, etc).
Introduction of LDB
===================
Samba now stores most of its persistent data in a LDAP-like database
called LDB (see ldb(7) for more info).
Removed SWAT
==================
Unlike previous versions, Samba4 does not provide a web interface at this time.
Built-in KDC
============
Samba4 ships with an integrated KDC (Kerberos Key Distribution
Center). Backed directly onto our main internal database, and
integrated with custom code to handle the PAC, Samba4's KDC is an
integral part of our support for AD logon protocols.
Built-in LDAP Server
====================
Like the situation with the KDC, Samba4 ships with it's own LDAP
server, included to provide simple, built-in LDAP services in an AD
(rather than distinctly standards) matching manner. The database is
LDB, and it shares that in common with the rest of Samba.
Changed configuration options
=============================
Several configuration options have been removed in Samba4 while others have
been introduced. This section contains a summary of changes to smb.conf and
where these settings moved. Configuration options that have disappeared may be
re-added later when the functionality that uses them gets reimplemented in
Samba 4.
The 'security' parameter has been split up. It is now only used to choose
between the 'user' and 'share' security levels (the latter is not supported
in Samba 4 yet). The other values of this option and the 'domain master' and
'domain logons' parameters have been merged into a 'server role' parameter
that can be either 'domain controller', 'member server' or 'standalone'. Note that
member server support does not work yet.
The following parameters have been removed:
- passdb backend: accounts are now stored in a LDB-based SAM database,
see 'sam database' below.
- update encrypted
- public
- guest ok
- client schannel
- server schannel
- allow trusted domains
- hosts equiv
- map to guest
- smb passwd file
- algorithmic rid base
- root directory
- root dir
- root
- guest account
- enable privileges
- pam password change
- passwd program
- passwd chat debug
- passwd chat timeout
- check password script
- username map
- username level
- unix password sync
- restrict anonymous
- username
- user
- users
- invalid users
- valid users
- admin users
- read list
- write list
- printer admin
- force user
- force group
- group
- write ok
- writeable
- writable
- acl check permissions
- acl group control
- acl map full control
- create mask
- create mode
- force create mode
- security mask
- force security mode
- directory mask
- directory mode
- force directory mode
- directory security mask
- force directory security mode
- force unknown acl user
- inherit permissions
- inherit acls
- inherit owner
- guest only
- only guest
- only user
- allow hosts
- deny hosts
- preload modules
- use kerberos keytab
- syslog
- syslog only
- max log size
- debug timestamp
- timestamp logs
- debug hires timestamp
- debug pid
- debug uid
- allocation roundup size
- aio read size
- aio write size
- aio write behind
- large readwrite
- protocol
- read bmpx
- reset on zero vc
- acl compatibility
- defer sharing violations
- ea support
- nt acl support
- nt pipe support
- profile acls
- map acl inherit
- afs share
- max ttl
- client use spnego
- enable asu support
- svcctl list
- block size
- change notify timeout
- deadtime
- getwd cache
- keepalive
- kernel change notify
- lpq cache time
- max smbd processes
- max disk size
- max open files
- min print space
- strict allocate
- sync always
- use mmap
- use sendfile
- hostname lookups
- write cache size
- name cache timeout
- max reported print jobs
- load printers
- printcap cache time
- printcap name
- printcap
- printing
- cups options
- cups server
- iprint server
- print command
- disable spoolss
- enable spoolss
- lpq command
- lprm command
- lppause command
- lpresume command
- queuepause command
- queueresume command
- enumports command
- addprinter command
- deleteprinter command
- show add printer wizard
- os2 driver map
- use client driver
- default devmode
- force printername
- mangling method
- mangle prefix
- default case
- case sensitive
- casesignames
- preserve case
- short preserve case
- mangling char
- hide dot files
- hide special files
- hide unreadable
- hide unwriteable files
- delete veto files
- veto files
- hide files
- veto oplock files
- map readonly
- mangled names
- mangled map
- max stat cache size
- stat cache
- store dos attributes
- machine password timeout
- add user script
- rename user script
- delete user script
- add group script
- delete group script
- add user to group script
- delete user from group script
- set primary group script
- add machine script
- shutdown script
- abort shutdown script
- username map script
- logon script
- logon path
- logon drive
- logon home
- domain logons
- os level
- lm announce
- lm interval
- domain master
- browse list
- enhanced browsing
- wins proxy
- wins hook
- wins partners
- blocking locks
- fake oplocks
- kernel oplocks
- locking
- lock spin count
- lock spin time
- level2 oplocks
- oplock break wait time
- oplock contention limit
- posix locking
- share modes
- ldap server
- ldap port
- ldap admin dn
- ldap delete dn
- ldap group suffix
- ldap idmap suffix
- ldap machine suffix
- ldap passwd sync
- ldap password sync
- ldap replication sleep
- ldap suffix
- ldap ssl
- ldap timeout
- ldap page size
- ldap user suffix
- add share command
- change share command
- delete share command
- eventlog list
- utmp directory
- wtmp directory
- utmp
- default service
- default
- message command
- dfree cache time
- dfree command
- get quota command
- set quota command
- remote announce
- remote browse sync
- homedir map
- afs username map
- afs token lifetime
- log nt token command
- time offset
- NIS homedir
- preexec
- exec
- preexec close
- postexec
- root preexec
- root preexec close
- root postexec
- set directory
- wide links
- follow symlinks
- dont descend
- magic script
- magic output
- delete readonly
- dos filemode
- dos filetimes
- dos filetime resolution
- fake directory create times
- panic action
- vfs objects
- vfs object
- msdfs root
- msdfs proxy
- host msdfs
- enable rid algorithm
- passdb expand explicit
- idmap backend
- idmap uid
- winbind uid
- idmap gid
- winbind gid
- template homedir
- template shell
- winbind separator
- winbind cache time
- winbind enum users
- winbind enum groups
- winbind use default domain
- winbind trusted domains only
- winbind nested groups
- winbind max idle children
- winbind nss info
The following parameters have been added:
+ rpc big endian (G)
Make Samba fake it is running on a bigendian machine when using DCE/RPC.
Useful for debugging.
Default: no
+ case insensitive filesystem (S)
Set to true if this share is located on a case-insensitive filesystem.
This disables looking for a filename by trying all possible combinations of
uppercase/lowercase characters and thus speeds up operations when a
file cannot be found.
Default: no
+ js include (G)
Path to JavaScript library.
Default: Set at compile-time
+ setup directory
Path to data used by provisioning script.
Default: Set at compile-time
+ ncalrpc dir
Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport.
Default: Set at compile-time
+ ntvfs handler
Backend to the NT VFS to use (more than one can be specified). Available
backends include:
- posix:
Maps POSIX FS semantics to NT semantics
- simple:
Very simple backend (original testing backend).
- unixuid:
Sets up user credentials based on POSIX gid/uid.
- cifs:
Proxies a remote CIFS FS. Mainly useful for testing.
- nbench:
Filter module that saves data useful to the nbench benchmark suite.
- ipc:
Allows using SMB for inter process communication. Only used for
the IPC$ share.
- print:
Allows printing over SMB. This is LANMAN-style printing (?), not
the be confused with the spoolss DCE/RPC interface used by later
versions of Windows.
Default: unixuid default
+ ntptr providor
FIXME
+ dcerpc endpoint servers
What DCE/RPC servers to start.
Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
+ server services
Services Samba should provide.
Default: smb rpc nbt wrepl ldap cldap web kdc
+ sam database
Location of the SAM (account database) database. This should be a
LDB URL.
Default: set at compile-time
+ spoolss database
Spoolss (printer) DCE/RPC server database. This should be a LDB URL.
Default: set at compile-time
+ wins config database
WINS configuration database location. This should be a LDB URL.
Default: set at compile-time
+ wins database
WINS database location. This should be a LDB URL.
Default: set at compile-time
+ client use spnego principal
Tells the client to use the Kerberos service principal specified by the
server during the security protocol negotation rather than
looking up the principal itself (cifs/hostname).
Default: false
+ nbt port
TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation.
Default: 137
+ dgram port
UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation.
Default: 138
+ cldap port
UDP/IP port used by the CLDAP protocol.
Default: 389
+ krb5 port
IP port used by the kerberos KDC.
Default: 88
+ kpasswd port
IP port used by the kerberos password change protocol.
Default: 464
+ web port
TCP/IP port SWAT should listen on.
Default: 901
+ tls enabled
Enable TLS support for SWAT
Default: true
+ tls keyfile
Path to TLS key file (PEM format) to be used by SWAT. If no
path is specified, Samba will create a key.
Default: none
+ tls certfile
Path to TLS certificate file (PEM format) to be used by SWAT. If no
path is specified, Samba will create a certificate.
Default: none
+ tls cafile
Path to CA authority file Samba will use to sign TLS keys it generates. If
no path is specified, Samba will create a self-signed CA certificate.
Default: none
+ tls crlfile
Path to TLS certificate revocation lists file.
Default: none
+ swat directory
SWAT data directory.
Default: set at compile-time
+ large readwrite
Indicate the CIFS server is able to do large reads/writes.
Default: true
+ unicode
Enable/disable unicode support in the protocol.
Default: true

7
PFIF.txt Normal file
View File

@ -0,0 +1,7 @@
This code was developed in participation with the Protocol Freedom
Information Foundation.
Please see
http://protocolfreedom.org/ and
http://samba.org/samba/PFIF/
for more details.

225
README Normal file
View File

@ -0,0 +1,225 @@
This is the release version of Samba, the free SMB and CIFS client and
server for UNIX and other operating systems. Samba is maintained by
the Samba Team, who support the original author, Andrew Tridgell.
>>>> Please read THE WHOLE of this file as it gives important information
>>>> about the configuration and use of Samba.
NOTE: Installation instructions may be found in
docs/htmldocs/Samba3-HOWTO/install.html
This software is freely distributable under the GNU public license, a
copy of which you should have received with this software (in a file
called COPYING).
WHAT IS SMB/CIFS?
=================
This is a big question.
The very short answer is that it is the protocol by which a lot of
PC-related machines share files and printers and other information
such as lists of available files and printers. Operating systems that
support this natively include Windows 9x, Windows NT (and derivatives),
OS/2, Mac OS X and Linux. Add on packages that achieve the same
thing are available for DOS, Windows 3.1, VMS, Unix of all kinds,
MVS, and more. Some Web Browsers can speak this protocol as well
(smb://). Alternatives to SMB include Netware, NFS, Appletalk,
Banyan Vines, Decnet etc; many of these have advantages but none are
both public specifications and widely implemented in desktop machines
by default.
The Common Internet File system (CIFS) is what the new SMB initiative
is called. For details watch http://samba.org/cifs.
WHY DO PEOPLE WANT TO USE SMB?
==============================
1. Many people want to integrate their Microsoft desktop clients
with their Unix servers.
2. Others want to integrate their Microsoft (etc) servers with Unix
servers. This is a different problem to integrating desktop
clients.
3. Others want to replace protocols like NFS, DecNet and Novell NCP,
especially when used with PCs.
WHAT CAN SAMBA DO?
==================
Please refer to the WHATSNEW.txt included with this README for
a list of features in the latest Samba release.
Here is a very short list of what samba includes, and what it does.
For many networks this can be simply summarized by "Samba provides
a complete replacement for Windows NT, Warp, NFS or Netware servers."
- a SMB server, to provide Windows NT and LAN Manager-style file and print
services to SMB clients such as Windows 95, Warp Server, smbfs and others.
- a Windows NT 4.0 Domain Controller replacement.
- a file/print server that can act as a member of a Windows NT 4.0
or Active Directory domain.
- a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives
browsing support. Samba can be the master browser on your LAN if you wish.
- a ftp-like SMB client so you can access PC resources (disks and
printers) from UNIX, Netware, and other operating systems
- a tar extension to the client for backing up PCs
- limited command-line tool that supports some of the NT administrative
functionality, which can be used on Samba, NT workstation and NT server.
For a much better overview have a look at the web site at
http://samba.org/samba, and browse the user survey.
Related packages include:
- smbfs, a Linux-only filesystem allowing you to mount remote SMB
filesystems from PCs on your Linux box. This is included as standard with
Linux 2.0 and later.
- cifsvfs, a more advanced Linux-only filesystem allowing you to mount
remote SMB filesystems from PCs on your Linux box. This is included
as standard with Linux 2.5 and later.
CONTRIBUTIONS
=============
If you want to contribute to the development of the software then
please join the mailing list. The Samba team accepts patches
(preferably in "diff -u" format, see http://samba.org/samba/devel/
for more details) and are always glad to receive feedback or
suggestions to the address samba@lists.samba.org. More information
on the various Samba mailing lists can be found at http://lists.samba.org/.
You can also get the Samba sourcecode straight from the git repository - see
http://wiki.samba.org/index.php/Using_Git_for_Samba_Development.
You could also send hardware/software/money/jewelry or pre-paid pizza
vouchers directly to Andrew. The pizza vouchers would be especially
welcome, in fact there is a special field in the survey for people who
have paid up their pizza :-)
If you like a particular feature then look through the git change-log
(on the web at http://gitweb.samba.org/?p=samba.git;a=summary) and see
who added it, then send them an email.
Remember that free software of this kind lives or dies by the response
we get. If no one tells us they like it then we'll probably move onto
something else. However, as you can see from the user survey quite a lot of
people do seem to like it at the moment :-)
MORE INFO
=========
DOCUMENTATION
-------------
There is quite a bit of documentation included with the package,
including man pages, and lots of .html files with hints and useful
info. This is also available from the web page. There is a growing
collection of information under docs/.
A list of Samba documentation in languages other than English is
available on the web page.
If you would like to help with the documentation, please coodinate
on the samba@samba.org mailing list. See the next section for details
on subscribing to samba mailing lists.
MAILING LIST
------------
Please do NOT send subscription/unsubscription requests to the lists!
There is a mailing list for discussion of Samba. For details go to
<http://lists.samba.org/> or send mail to <samba-subscribe@lists.samba.org>
There is also an announcement mailing list where new versions are
announced. To subscribe go to <http://lists.samba.org/> or send mail
to <samba-announce-subscribe@lists.samba.org>. All announcements also
go to the samba list, so you only need to be on one.
For details of other Samba mailing lists and for access to archives, see
<http://lists.samba.org/>
MAILING LIST ETIQUETTE
----------------------
A few tips when submitting to this or any mailing list.
1. Make your subject short and descriptive. Avoid the words "help" or
"Samba" in the subject. The readers of this list already know that
a) you need help, and b) you are writing about samba (of course,
you may need to distinguish between Samba PDC and other file
sharing software). Avoid phrases such as "what is" and "how do
i". Some good subject lines might look like "Slow response with
Excel files" or "Migrating from Samba PDC to NT PDC".
2. If you include the original message in your reply, trim it so that
only the relevant lines, enough to establish context, are
included. Chances are (since this is a mailing list) we've already
read the original message.
3. Trim irrelevant headers from the original message in your
reply. All we need to see is a) From, b) Date, and c) Subject. We
don't even really need the Subject, if you haven't changed
it. Better yet is to just preface the original message with "On
[date] [someone] wrote:".
4. Please don't reply to or argue about spam, spam filters or viruses
on any Samba lists. We do have a spam filtering system that is
working quite well thank you very much but occasionally unwanted
messages slip through. Deal with it.
5. Never say "Me too." It doesn't help anyone solve the
problem. Instead, if you ARE having the same problem, give more
information. Have you seen something that the other writer hasn't
mentioned, which may be helpful?
6. If you ask about a problem, then come up with the solution on your
own or through another source, by all means post it. Someone else
may have the same problem and is waiting for an answer, but never
hears of it.
7. Give as much *relevant* information as possible such as Samba
release number, OS, kernel version, etc...
8. RTFM. Google. groups.google.com.
NEWS GROUP
----------
You might also like to look at the usenet news group comp.protocols.smb
as it often contains lots of useful info and is frequented by lots of
Samba users. The newsgroup was initially setup by people on the Samba
mailing list. It is not, however, exclusive to Samba, it is a forum for
discussing the SMB protocol (which Samba implements). The samba list
is gatewayed to this newsgroup.
WEB SITE
--------
A Samba WWW site has been setup with lots of useful info. Connect to:
http://samba.org/samba/
As well as general information and documentation, this also has searchable
archives of the mailing list and a user survey that shows who else is using
this package. Have you registered with the survey yet? :-)

236
README.Coding Normal file
View File

@ -0,0 +1,236 @@
##
## Coding conventions in the Samba 3 tree
##
===========
Quick Start
===========
Coding style guidelines are about reducing the number of unnecessary
reformatting patches and making things easier for developers to work together.
You don't have to like them or even agree with them, but once put in place
we all have to abide by them (or vote to change them). However, coding
style should never outweigh coding itself and so the the guidelines
described here are hopefully easy enough to follow as they are very
common and supported by tools and editors.
The basic style, also mentioned in the SAMBA_4_0/prog_guide.txt is the
Linux kernel coding style (See Documentation/CodingStyle in the kernel
source tree). The closely matches what most Samba developers use already
anyways.
But to save you the trouble of reading the Linux kernel style guide, here
are the highlights.
* Maximum Line Width is 80 Characters
The reason is not for people with low-res screens but rather sticking
to 80 columns prevents you from easily nesting more than one level of
if statements or other code blocks. Use source/script/count_80_col.pl
to check your changes.
* Use 8 Space Tabs to Indent
No whitespace filler.
* No Trailing Whitespace
Use source/script/strip_trail_ws.pl to clean you files before committing.
* Follow the K&R guidelines. We won't go throw them all here. You have
a copy of "The C Programming Language" anyways right? You can also use
the format_indent.sh script found in source/script/ if all else fails.
============
Editor Hints
============
Emacs
-----
Add the follow to your $HOME/.emacs file:
(add-hook 'c-mode-hook
(lambda ()
(c-set-style "linux")
(c-toggle-auto-state)))
Vi
--
(Thanks to SATOH Fumiyasu <fumiyas@osstech.jp> for these hints):
For the basic vi editor including with all variants of *nix, add the
following to $HOME/.exrc:
set tabstop=8
set shiftwidth=8
For Vim, the following settings in $HOME/.vimrc will also deal with
displaying trailing whitespace:
if has("syntax") && (&t_Co > 2 || has("gui_running"))
syntax on
function! ActivateInvisibleCharIndicator()
syntax match TrailingSpace "[ \t]\+$" display containedin=ALL
highlight TrailingSpace ctermbg=Red
endf
autocmd BufNewFile,BufRead * call ActivateInvisibleCharIndicator()
endif
" Show tabs, trailing whitespace, and continued lines visually
set list listchars=tab:»·,trail:·,extends:…
" highlight overly long lines same as TODOs.
set textwidth=80
autocmd BufNewFile,BufRead *.c,*.h exec 'match Todo /\%>' . &textwidth . 'v.\+/'
=========================
FAQ & Statement Reference
=========================
Comments
--------
Comments should always use the standard C syntax. I.e. /* ... */. C++
style comments are not currently allowed.
Indention & Whitespace & 80 columns
-----------------------------------
To avoid confusion, indentations are to be 8 character with tab (not
8 ' ' characters. When wrapping parameters for function calls,
alignment parameter list with the first parameter on the previous line.
Use tabs to get as close as possible and then fill in the final 7
characters or less with whitespace. For example,
var1 = foo(arg1, arg2,
arg3);
The previous example is intended to illustrate alignment of function
parameters across lines and not as encourage for gratuitous line
splitting. Never split a line before columns 70 - 79 unless you
have a really good reason. Be smart about formatting.
If, switch, & Code blocks
-------------------------
Always follow an 'if' keyword with a space but don't include additional
spaces following or preceding the parentheses in the conditional.
This is good:
if (x == 1)
This is bad:
if ( x == 1 )
Yes we have a lot of code that uses the second form and we are trying
to clean it up without being overly intrusive.
Note that this is a rule about parentheses following keywords and not
functions. Don't insert a space between the name and left parentheses when
invoking functions.
Braces for code blocks used by for, if, switch, while, do..while, etc...
should begin on the same line as the statement keyword and end on a line
of their own. NOTE: Functions are different and the beginning left brace
should begin on a line of its own.
If the beginning statement has to be broken across lines due to length,
the beginning brace should be on a line of its own.
The exception to the ending rule is when the closing brace is followed by
another language keyword such as else or the closing while in a do..while
loop.
Good examples:
if (x == 1) {
printf("good\n");
}
for (x=1;
x<10;
x++)
{
print("%d\n", x);
}
do {
printf("also good\n");
} while (1);
Bad examples:
while (1)
{
print("I'm in a loop!\n"); }
Goto
----
While many people have been academically taught that goto's are fundamentally
evil, then can greatly enhance readability and reduce memory leaks when used
as the single exit point from a function. But in no Samba world what so ever
is a goto outside of a function or block of code a good idea.
Good Examples:
int function foo(int y)
{
int *z = NULL;
int ret = 0;
if ( y < 10 ) {
z = malloc(sizeof(int)*y);
if (!z) {
ret = 1;
goto done;
}
}
print("Allocated %d elements.\n", y);
done:
if (z)
free(z);
return ret;
}
Checking Pointer Values
-----------------------
When invoking functions that return pointer values, either of the following
are acceptable. Use you best judgement and choose the more readable option.
Remember that many other people will review it.
if ((x = malloc(sizeof(short)*10)) == NULL ) {
fprintf(stderr, "Unable to alloc memory!\n");
}
or
x = malloc(sizeof(short)*10);
if (!x) {
fprintf(stderr, "Unable to alloc memory!\n");
}
Primitive Data Types
--------------------
Samba has large amounts of historical code which makes use of data types
commonly supported by the C99 standard. However, at the time such types
as boolean and exact width integers did not exist and Samba developers
were forced to provide their own. Now that these types are guaranteed to
be available either as part of the compiler C99 support or from lib/replace/,
new code should adhere to the following conventions:
* Booleans are of type "bool" (not BOOL)
* Boolean values are "true" and "false" (not True or False)
* Exact width integers are of type [u]int[8|16|32|64]_t

0
Read-Manifest-Now Normal file
View File

29
Roadmap Normal file
View File

@ -0,0 +1,29 @@
Copyright (C) 1997-2008 Samba-Team
The Samba-Team are committed to an aggressive program to deliver quality
controlled software to a well defined roadmap.
Please also look at the Samba3 and Samba4 pages of wiki.samba.org for more
information.
The following development objectives for future releases
are in progress:
----------------------------------------------------------------------------
Samba-3.0.x This release turned into maintenance mode since we
released 3.2.
Samba-3.2.x This is the current stable Samba 3 release intended
for all Samba production server.
Samba-4 Danger Will Robinson, a big code clean up with major
system redesign. More will be announced as this work
starts to take shape.
Note that it is a given that the Samba-Team will continue to track
Windows (NT/200x) update releases, ensuring that Samba will work
well with whatever "Beta" releases Redmond throws our way :-).
You may also note that the release numbers get fuzzier the
further into the future the objectives get. This is intentional
as we cannot commit to exact timeframes.

278
TODO4 Normal file
View File

@ -0,0 +1,278 @@
source/build/smb_build/TODO
source/lib/registry/TODO
source/lib/tdr/TODO
source/pidl/TODO
- seperate adminlog mechanism (as opposed to the current DEBUG log,
which is not really aimed at administrators but more at developers)
Perhaps similar to eventlog so we can also use eventlog to retrieve the data?
- testsuite for the 'net' tool
- and a lot of other stuff
Configuration options
=====================
The following options don't exist in Samba4 yet
or are not converted by the upgrade script
or will be removed:
- update encrypted
- public
- guest ok
- client schannel
- server schannel
- allow trusted domains
- hosts equiv
- map to guest
- algorithmic rid base
- root directory
- root dir
- root
- guest account
- enable privileges
- pam password change
- passwd program
- passwd chat debug
- passwd chat timeout
- check password script
- username map
- username level
- unix password sync
- restrict anonymous
- username
- user
- users
- invalid users
- valid users
- admin users
- read list
- write list
- printer admin
- force user
- force group
- group
- write ok
- writeable
- writable
- acl check permissions
- acl group control
- acl map full control
- create mask
- create mode
- force create mode
- security mask
- force security mode
- directory mask
- directory mode
- force directory mode
- directory security mask
- force directory security mode
- force unknown acl user
- inherit permissions
- inherit acls
- inherit owner
- guest only
- only guest
- only user
- allow hosts
- deny hosts
- preload modules
- use kerberos keytab
- syslog
- syslog only
- max log size
- debug timestamp
- timestamp logs
- debug hires timestamp
- debug pid
- debug uid
- allocation roundup size
- aio read size
- aio write size
- aio write behind
- large readwrite
- protocol
- read bmpx
- reset on zero vc
- acl compatibility
- defer sharing violations
- ea support
- nt acl support
- nt pipe support
- profile acls
- map acl inherit
- afs share
- max ttl
- client use spnego
- enable asu support
- svcctl list
- block size
- change notify timeout
- deadtime
- getwd cache
- keepalive
- kernel change notify
- lpq cache time
- max smbd processes
- max disk size
- max open files
- min print space
- strict allocate
- sync always
- use mmap
- use sendfile
- hostname lookups
- write cache size
- name cache timeout
- max reported print jobs
- load printers
- printcap cache time
- printcap name
- printcap
- printing
- cups options
- cups server
- iprint server
- print command
- disable spoolss
- enable spoolss
- lpq command
- lprm command
- lppause command
- lpresume command
- queuepause command
- queueresume command
- enumports command
- addprinter command
- deleteprinter command
- show add printer wizard
- os2 driver map
- use client driver
- default devmode
- force printername
- mangling method
- mangle prefix
- default case
- case sensitive
- casesignames
- preserve case
- short preserve case
- mangling char
- hide dot files
- hide special files
- hide unreadable
- hide unwriteable files
- delete veto files
- veto files
- hide files
- veto oplock files
- map readonly
- mangled names
- mangled map
- max stat cache size
- stat cache
- store dos attributes
- machine password timeout
- add user script
- rename user script
- delete user script
- add group script
- delete group script
- add user to group script
- delete user from group script
- set primary group script
- add machine script
- shutdown script
- abort shutdown script
- username map script
- logon script
- logon path
- logon drive
- logon home
- domain logons
- os level
- lm announce
- lm interval
- domain master
- browse list
- enhanced browsing
- wins proxy
- blocking locks
- fake oplocks
- kernel oplocks
- locking
- lock spin count
- lock spin time
- oplocks
- level2 oplocks
- oplock break wait time
- oplock contention limit
- posix locking
- share modes
- add share command
- change share command
- delete share command
- eventlog list
- utmp directory
- wtmp directory
- utmp
- default service
- default
- message command
- dfree cache time
- dfree command
- get quota command
- set quota command
- remote announce
- remote browse sync
- homedir map
- afs username map
- afs token lifetime
- log nt token command
- time offset
- NIS homedir
- preexec
- exec
- preexec close
- postexec
- root preexec
- root preexec close
- root postexec
- set directory
- wide links
- follow symlinks
- dont descend
- magic script
- magic output
- delete readonly
- dos filemode
- dos filetimes
- dos filetime resolution
- fake directory create times
- panic action
- vfs objects
- vfs object
- msdfs root
- msdfs proxy
- host msdfs
- enable rid algorithm
- passdb expand explicit
- idmap backend
- idmap uid
- winbind uid
- idmap gid
- winbind gid
- template homedir
- template shell
- winbind separator
- winbind cache time
- winbind enum users
- winbind enum groups
- winbind use default domain
- winbind trusted domains only
- winbind nested groups
- winbind max idle children
- winbind nss info

34
WHATSNEW.txt Normal file
View File

@ -0,0 +1,34 @@
=================================
Release Notes for Samba 3.4.0pre1
=================================
This is the first preview release of Samba 3.4. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Major enhancements in Samba 3.4.0 include:
o
######################################################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.4 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================

146
WHATSNEW4.txt Normal file
View File

@ -0,0 +1,146 @@
What's new in Samba 4 alpha5
============================
Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.
Samba4 alpha5 follows on from the alpha release series we have been
publishing since September 2007
WARNINGS
========
Samba4 alpha5 is not a final Samba release. That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.
For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller, and it is
in this role where it has seen deployment into production.
Samba4 is subjected to an awesome battery of tests on an
automated basis, we have found Samba4 to be very stable in it's
behaviour. We have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage, because there may be the features on
which you may rely that are not present, or the mapping of
your configuration and user database may not be complete.
If you are upgrading, or looking to develop, test or deploy Samba4, you should
backup all configuration and data.
NEW FEATURES
============
Samba4 supports the server-side of the Active Directory logon environment
used by Windows 2000 and later, so we can do full domain join
and domain logon operations with these clients.
Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS. We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.
The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations. This includes file
annotation information (in streams) and NT ACLs in particular. The
VFS is backed with an extensive automated test suite.
A new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals.
The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends. One of the backends supports
standards compliant LDAP servers (including OpenLDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large
directories.
CHANGES SINCE Alpha4
=====================
In the time since Samba4 Alpha4 was released in June 2008, Samba has
continued to evolve, but you may particularly notice these areas:
LDAP backend support restored (issues preventing the use of the LDAP
backend in alpha4 have been addressed).
SMB2 Support: The SMB2 server, while still disabled, has improved,
and now supports SMB2 signing.
OpenChange support: Updates have been made since alpha4 to better
support OpenChange's use of Samba4's libraries.
Faster ldb loading: A fix to avoid calling 'init_module' (which was
not defined by Samba modules, but was by the C library) will fix
some of the slowness in authentication.
SWAT Remains Disabled: Due to a lack of developer time and without a
long-term web developer to maintain it, the SWAT web UI remains been
disabled (and would need to be rewritten in python in any case).
GNU Make: To try and simplfy our build system, we rely on GNU Make
to avoid autogenerating a massive single makefile.
These are just some of the highlights of the work done in the past few
months. More details can be found in our GIT history.
CHANGES
=======
Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.
KNOWN ISSUES
============
- Domain member support is in it's infancy, and is not comparable to
the support found in Samba3.
- There is no printing support in the current release.
- There is no NetBIOS browsing support in the current release
- The Samba4 port of the CTDB clustering support is not yet complete
- Clock Synchronisation is critical. Many 'wrong password' errors are
actually due to Kerberos objecting to a clock skew between client
and server. (The NTP work in the previous alpha is partly to assist
with this problem).
- Samba4 alpha5 is currently only portable to recent Linux
distributions. Work to return support for other Unix varients is
expected during the next alpha cycle
- Samba4 alpha5 is incompatible with GnuTLS 2.0, found in Fedora 9 and
recent Ubuntu releases. GnuTLS use may be disabled using the
--disable-gnutls argument to ./configure. (otherwise 'make test' and
LDAPS operations will hang).
RUNNING Samba4
==============
A short guide to setting up Samba 4 can be found in the howto.txt file
in root of the tarball.
DEVELOPMENT and FEEDBACK
========================
Bugs can be filed at https://bugzilla.samba.org/ but please be aware
that many features are simply not expected to work at this stage.
The Samba Wiki at http://wiki.samba.org should detail some of these
development plans.
Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for
details).

41
docs-xml/.gitignore vendored Normal file
View File

@ -0,0 +1,41 @@
Makefile.settings
Samba3-Developers-Guide-attributions.xml
Samba3-HOWTO-attributions.xml
Samba3-HOWTO.d
Samba4-HOWTO.d
Samba4-HOWTO-attributions.xml
autom4te.cache
config.log
config.status
configure
test.d
tmp
smbdotconf/parameters.all.xml
smbdotconf/parameters.global.xml
smbdotconf/parameters.service.xml
*.d
output/manpages-3
Samba3-ByExample.tex
Samba3-Developers-Guide.tex
xslt/figures/*.pdf
output/*.pdf
*.lof
*.out
*.log
*.aux
*.ind
*.ilg
*.tpt
*.idx
*.glo
*.loe
*.lot
*.toc
Samba3-ByExample.pdf
Samba3-Developers-Guide.pdf
Samba3-HOWTO.pdf
Samba3-HOWTO.tex
Samba4-HOWTO.pdf
Samba4-HOWTO.tex
test.pdf
test.tex

330
docs-xml/Makefile Normal file
View File

@ -0,0 +1,330 @@
#################################################################
# Makefile for Samba Documentation
# Authors:
# James Moore <jmoore@php.net>
# Gerald Carter <jerry@samba.org>
# Jelmer Vernooij <jelmer@samba.org>
include Makefile.settings
# Docs to build
MAIN_DOCS = $(patsubst %/index.xml,%,$(wildcard */index.xml))
MANPAGES3 = $(wildcard $(MANPAGEDIR3)/*.?.xml)
export TEXINPUTS=xslt/latex:.:
# Lists of files to process
LATEX_FIGURES = xslt/figures/caution.pdf xslt/figures/important.pdf xslt/figures/note.pdf xslt/figures/tip.pdf xslt/figures/warning.pdf
MANPAGES_PLUCKER = $(patsubst $(MANPAGEDIR3)/%.xml,$(PLUCKERDIR)/%.pdb,$(MANPAGES3))
DATETIME := $(shell date +%Y%m%d%H%M%S)
ifeq ($(PROFILE), Y)
XSLTPROC += --profile --load-trace --timing
endif
ifndef OUTPUTDIR
Makefile.settings: configure
@echo Makefile.settings not present, trying to run configure...
./configure
configure: configure.ac
@echo configure not present, trying to regenerate it...
autoreconf
endif
help:
@echo "Supported make targets:"
@echo " release - Build the docs needed for a Samba release"
@echo " all - Build all docs that can be build using the utilities found by configure"
@echo " everything - Build all of the above"
@echo " pdf,tex,dvi,ps,manpages3,txt,pearson,fo,htmlhelp - Build specific output format"
@echo " html - Build multi-file HTML versions"
@echo " html-single - Build single-file HTML versions"
@echo " htmlman3 - Build HTML version of manpages"
@echo " undocumented - Output list of undocumented smb.conf options"
@echo " samples - Extract examples"
$(DOCBOOKDIR)/Samba3-ByExample.xml: $(filter-out Samba3-ByExample/index.xml,$(wildcard Samba3-ByExample/*.xml))
$(DOCBOOKDIR)/Samba3-HOWTO.xml: $(filter-out Samba3-HOWTO/index.xml,$(wildcard Samba3-HOWTO/*.xml)) Samba3-HOWTO-attributions.xml
Samba3-HOWTO/manpages.xml: $(MANPAGEDIR3)/smb.conf.5.xml
$(DOCBOOKDIR)/Samba3-Developers-Guide.xml: $(filter-out Samba3-Developers-Guide/index.xml,$(wildcard Samba3-Developers-Guide/*.xml)) Samba3-Developers-Guide-attributions.xml
$(DOCBOOKDIR)/Samba4-HOWTO.xml: $(filter-out Samba4-HOWTO/index.xml,$(wildcard Samba4-HOWTO/*.xml)) Samba4-HOWTO-attributions.xml
# Pseudo targets
all:: $(TARGETS)
everything:: manpages3 pdf html-single html htmlman3 txt ps fo htmlhelp pearson
release:: manpages3 htmlman3 html pdf
clean::
@echo "Cleaning up..."
rm -rf $(OUTPUTDIR)/* $(DOCBOOKDIR)
rm -f $(patsubst %.svg,%.png,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-dia))) \
$(patsubst %.svg,%.pdf,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) \
$(patsubst %.svg,%.eps,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg)))
rm -f *-attributions.xml *.d *.tpt *.tex *.loc *.toc *.lof *.glo *.idx *.aux
rm -f *-images-html*
rm -f *-images-latex-* $(LATEX_FIGURES)
rm -f xslt/figures/*pdf
rm -f $(SMBDOTCONFDOC)/parameters.*.xml
rm -f $(addsuffix .*,$(MAIN_DOCS))
# Output format targets
pdf:: $(patsubst %,$(PDFDIR)/%.pdf,$(MAIN_DOCS))
dvi:: $(patsubst %,$(DVIDIR)/%.dvi,$(MAIN_DOCS))
ps:: $(patsubst %,$(PSDIR)/%.ps,$(MAIN_DOCS))
txt:: $(patsubst %,$(TXTDIR)/%.txt,$(MAIN_DOCS))
txt-chunks:: $(addsuffix -txt-chunks,$(MAIN_DOCS))
fo:: $(patsubst %,$(FODIR)/%.fo,$(MAIN_DOCS))
fo-pdf:: $(patsubst %,$(FOPDFDIR)/%.pdf,$(MAIN_DOCS))
tex:: $(addsuffix .tex,$(MAIN_DOCS))
texi:: $(patsubst %,$(TEXINFODIR)/%.texi,$(MAIN_DOCS))
texiinfo:: $(patsubst %,$(TEXINFODIR)/%.info,$(MAIN_DOCS))
manpages3:: $(patsubst $(MANPAGEDIR3)/%.xml,$(OUTPUTDIR)/manpages-3/%,$(MANPAGES3))
pearson:: $(PEARSONDIR)/Samba3-HOWTO.xml
pearson-verify:: $(PEARSONDIR)/Samba3-HOWTO.report.html
plucker:: $(patsubst %,$(PLUCKERDIR)/%.pdb,$(MAIN_DOCS))
htmlman3:: $(patsubst $(MANPAGEDIR3)/%.xml,$(HTMLDIR)/manpages-3/%.html,$(MANPAGES3)) $(HTMLDIR)/manpages-3/index.html
html-single:: $(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS))
html:: $(patsubst %,$(HTMLDIR)/%/index.html,$(MAIN_DOCS)) $(HTMLDIR)/index.html
htmlhelp:: $(addprefix $(HTMLHELPDIR)/,$(MAIN_DOCS))
validate:: $(addsuffix -validate,$(MAIN_DOCS))
test:: validate
check:: validate
.PHONY: test check validate
# Intermediate docbook docs
#
$(DOCBOOKDIR)/%.xml: %/index.xml xslt/expand-sambadoc.xsl
@echo "Converting Samba-specific tags for $*..."
@mkdir -p $(@D)
@$(XSLTPROC) --stringparam latex.imagebasedir "$*/" --stringparam noreference 0 --xinclude --output $@ xslt/expand-sambadoc.xsl $<
$(DOCBOOKDIR)/manpages-3/%.xml: $(MANPAGEDIR3)/%.xml xslt/expand-sambadoc.xsl
@mkdir -p $(@D)
$(XSLTPROC) --xinclude --stringparam noreference 0 --output $@ xslt/expand-sambadoc.xsl $<
$(DOCBOOKDIR)/manpages-3/index.xml: $(MANPAGES3) xslt/manpage-summary.xsl
@mkdir -p $(@D)
echo "<article><variablelist>" > $@
$(XSLTPROC) xslt/manpage-summary.xsl $(MANPAGES3) >> $@
@echo "</variablelist></article>" >> $@
# HTML docs
$(HTMLDIR)/index.html: htmldocs.html
@mkdir -p $(@D)
cp $< $@
$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl %-images-html-chunks
@mkdir -p $(@D)
$(XSLTPROC) --stringparam base.dir "$(HTMLDIR)/$*/" xslt/html-chunk.xsl $<
# Single large HTML files
$(OUTPUTDIR)/%/samba.css: xslt/html/samba.css
@mkdir -p $(@D)
cp $< $@
$(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)): $(HTMLDIR)/%.html: %-images-html-single
$(HTMLDIR)/%.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/samba.css xslt/html.xsl
$(XSLTPROC) --output $@ xslt/html.xsl $<
# Attributions
%-attributions.xml:
@echo "Generating attributions file $@ from $*/"
@cp -f templates/attributions.xml $@
@$(XSLTPROC) --xinclude -o $@ xslt/generate-attributions.xsl $*/index.xml
# Text files
$(TXTDIR)/%.txt: $(HTMLDIR)/%.html
@mkdir -p $(@D)
$(HTML2TEXT) -nobs -style pretty -o $@ $<
# Tex files
%.tex: %/index.xml xslt/latex.xsl
@echo "Generating $@..."
@mkdir -p $(@D)
@$(XSLTPROC) $(DB2LATEX_ARGS) --stringparam latex.imagebasedir "$*/" --xinclude --output $@ xslt/latex.xsl $<
$(PDFDIR)/%.pdf: %.pdf
@mkdir -p $(@D)
cp $< $@
%.idx: %.tex $(LATEX_FIGURES)
-$(PDFLATEX) $<
%.ind: %.idx
$(MAKEINDEX) $<
# Dependency files
%.d: $(DOCBOOKDIR)/%.xml xslt/generate-dependencies.xsl
@echo "Generating dependency file for $*"
@$(XSLTPROC) --novalid \
--stringparam txtbasedir "$(TXTDIR)/$*/" \
--stringparam target "$*" \
-o $@ xslt/generate-dependencies.xsl $<
@echo "$*-images-latex-svg = \$$(wildcard \$$(addsuffix .svg, \$$($*-images-latex)))" >> $@
@echo "$*-images-latex-eps: \$$(addsuffix .eps, \$$($*-images-latex))" >> $@
@echo "$*-images-latex-pdf: \$$(patsubst %.svg, %.pdf, \$$($*-images-latex-svg))" >> $@
@echo "$*-images-latex-png: \$$(filter-out \$$(patsubst %.svg,%.png,\$$($*-images-latex-svg)), \$$(addsuffix .png, \$$($*-images-latex)))" >> $@
@echo >> $@
@echo "\$$(HTMLDIR)/%: $*/%" >> $@
@echo " @mkdir -p \$$(@D)" >> $@
@echo " @cp \$$< \$$@" >> $@
@echo >> $@
@echo "\$$(HTMLDIR)/$*/%: $*/%" >> $@
@echo " @mkdir -p \$$(@D)" >> $@
@echo " @cp \$$< \$$@" >> $@
@echo >> $@
@echo "\$$(HTMLHELPDIR)/$*/%: $*/%" >> $@
@echo " @mkdir -p \$$(@D)" >> $@
@echo " @cp \$$< \$$@" >> $@
@echo >> $@
@echo "$*-images-html-single: \$$(addprefix \$$(HTMLDIR)/, \$$($*-images-html))" >> $@
@echo "$*-images-html-chunks: \$$(addprefix \$$(HTMLDIR)/$*/, \$$($*-images-html))" >> $@
@echo "$*-images-htmlhelp: \$$(addprefix \$$(HTMLHELPDIR)/$*/, \$$($*-images-html))" >> $@
ifdef OUTPUTDIR
ifneq ($(MAKECMDGOALS),clobber)
-include $(addsuffix .d,$(MAIN_DOCS))
endif
endif
# Adobe PDF files
%.pdf: %.tex %.ind $(LATEX_FIGURES) %-images-latex-png %-images-latex-pdf
-$(PDFLATEX) $<
-$(PDFLATEX) $<
-$(PDFLATEX) $<
-$(PDFLATEX) $<
$(THUMBPDF) --quiet $*.pdf
-$(PDFLATEX) $<
# DVI files
$(DVIDIR)/%.dvi: %.dvi
@mkdir -p $(@D)
cp $< $@
%.dvi: %.tex %.idx %-images-latex-eps
-$(LATEX) $<
%.eps: %.svg
$(INKSCAPE) -z -f $< --export-eps=$@
%.png: %.svg
$(INKSCAPE) -z -f $< --export-png=$@
#%.pdf: %.svg
# $(INKSCAPE) -z -f $< --export-pdf=$@
%.pdf: %.eps
$(EPSTOPDF) $<
%.eps: %.png
$(PNGTOPNM) $< | $(PNMTOPS) > $@
# PostScript files
$(PSDIR)/%.ps: $(DVIDIR)/%.dvi
@mkdir -p $(@D)
$(DVIPS) -o $@ $<
# Fo
$(FODIR)/%.fo: $(DOCBOOKDIR)/%.xml
@mkdir -p $(@D)
$(XSLTPROC) --output $@ xslt/fo.xsl $<
# PDF thru Fo
$(FOPDFDIR)/%.pdf: $(FODIR)/%.fo
@mkdir -p $(@D)
JAVA_OPTS=-Xmx250m $(FOP) -q -d $< -pdf $@
$(HTMLHELPDIR)/%: $(DOCBOOKDIR)/%.xml %-images-htmlhelp
$(XSLTPROC) --stringparam htmlhelp.chm $*.chm \
--stringparam manifest.in.base.dir "$@/" \
--stringparam base.dir "$@/" \
http://docbook.sourceforge.net/release/xsl/current/htmlhelp/htmlhelp.xsl $<
# Plucker docs
$(PLUCKERDIR)/%.pdb: $(HTMLDIR)/%.html
@mkdir -p $(@D)
$(PLUCKERBUILD) -v -V 2 --stayonhost --zlib-compression -f $* -p $(PLUCKERDIR) file:$<
# Texinfo docs
$(TEXINFODIR)/%.texi: $(DOCBOOKDIR)/%.xml
@mkdir -p $(@D)
cd $(@D) && $(DB2TEXI) $(shell pwd)/$<
$(TEXINFODIR)/%.info: $(TEXINFODIR)/%.texi
$(MAKEINFO) --no-validate --force -o $@ "$<"
# Manpages
$(MANPAGEDIR3)/smb.conf.5.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/parameters.service.xml $(SMBDOTCONFDOC)/parameters.global.xml
$(SMBDOTCONFDOC)/parameters.all.xml: $(wildcard $(SMBDOTCONFDOC)/*/*.xml) $(SMBDOTCONFDOC)/generate-file-list.sh
$(SMBDOTCONFDOC)/generate-file-list.sh $(SMBDOTCONFDOC) > $@
$(SMBDOTCONFDOC)/parameters.global.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/generate-context.xsl
@echo "Generating list of global smb.conf options"
$(XSLTPROC) --xinclude --param smb.context "'G'" --output $(SMBDOTCONFDOC)/parameters.global.xml $(SMBDOTCONFDOC)/generate-context.xsl $<
$(SMBDOTCONFDOC)/parameters.service.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/generate-context.xsl
@echo "Generating list of share-mode smb.conf options"
$(XSLTPROC) --xinclude --param smb.context "'S'" --output $(SMBDOTCONFDOC)/parameters.service.xml $(SMBDOTCONFDOC)/generate-context.xsl $<
$(OUTPUTDIR)/%: $(DOCBOOKDIR)/%.xml xslt/man.xsl
@mkdir -p $(@D)
$(XSLTPROC) --output $@ xslt/man.xsl $<
# Individual smb.conf parameters
smb.conf-chunks: $(patsubst $(SMBDOTCONFDOC)/%.xml,$(HTMLDIR)/smb.conf/%.html,$(wildcard $(SMBDOTCONFDOC)/*/*.xml))
$(HTMLDIR)/smb.conf/%.html: $(SMBDOTCONFDOC)/%.xml
@mkdir -p $(@D)
$(XSLTPROC) --output $@ xslt/smb.conf-html.xsl $<
# Pearson compatible XML
$(PEARSONDIR)/%.xml: %/index.xml xslt/pearson.xsl
@mkdir -p $(@D)
$(XSLTPROC) --xinclude --output $@ xslt/sambadoc2pearson.xsl $<
$(PEARSONDIR)/%.report.html: $(PEARSONDIR)/%.xml
@mkdir -p $(@D)
-$(XMLLINT) --valid --noout $< 2> $@
# Validation verification
%-validate: %/index.xml
cd $(<D) && $(XMLLINT) --xinclude --noent --postvalid --noout $(<F)
# Find undocumented parameters
undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc.pl scripts/find_missing_manpages.pl
$(PERL) scripts/find_missing_doc.pl $(SRCDIR)
$(PERL) scripts/find_missing_manpages.pl $(SRCDIR)
samples: $(DOCBOOKDIR)/Samba3-HOWTO.xml xslt/extract-examples.xsl scripts/indent-smb.conf.pl
@mkdir -p $(EXAMPLESDIR)
$(XSLTPROC) --xinclude xslt/extract-examples.xsl $< > /dev/null 2> examples/README
for I in examples/*.conf; do { ./scripts/indent-smb.conf.pl < $$I > $$I.tmp; mv $$I.tmp $$I; } done
# Archiving
archive: pdf
@mkdir -p $(ARCHIVEDIR)
cp $(PDFDIR)/Samba3-HOWTO.pdf $(ARCHIVEDIR)/TOSHARG-$(DATETIME).pdf
cp $(PDFDIR)/Samba3-ByExample.pdf $(ARCHIVEDIR)/S3bE-$(DATETIME).pdf
# XSL scripts
xslt/html.xsl: xslt/html-common.xsl
xslt/html-chunk.xsl: xslt/html-common.xsl
xslt/latex.xsl:
xslt/expand-sambadoc.xsl:
xslt/generate-attributions.xsl:
xslt/man.xsl:
xslt/pearson.xsl:
distclean clobber:: clean
rm Makefile.settings config.status config.log configure
rm -rf autom4te.cache
# Always keep intermediate files if we can
.SECONDARY:
.PHONY: clean clobber archive release everything all

View File

@ -0,0 +1,50 @@
# Programs
XSLTPROC = @XSLTPROC@
XMLLINT = @XMLLINT@
DVIPS = @DVIPS@
PNGTOPNM = @PNGTOPNM@
EPSTOPNM = @EPSTOPNM@
PNMTOPNG = @PNMTOPNG@
DIA = @DIA@
INKSCAPE = @INKSCAPE@
PNMTOPS = @PNMTOPS@
HTML2TEXT = @HTML2TEXT@
DB2TEXI = @DB2TEXI@
MAKEINFO = @MAKEINFO@
PLUCKERBUILD = @PLUCKERBUILD@
COPY_IMAGES = ./scripts/copy-images.sh
THUMBPDF = @THUMBPDF@
PDFLATEX = @PDFLATEX@ --file-line-error-style
LATEX = @LATEX@ --file-line-error-style
FOP = @FOP@
RM = @RM@
PERL = @PERL@
ifndef DEBUG_LATEX
PDFLATEX += --interaction nonstopmode
LATEX += --interaction nonstopmode
endif
# Paths
OUTPUTDIR = output
ARCHIVEDIR = archive
TEXINFODIR = $(OUTPUTDIR)/texi
SRCDIR = @SAMBASOURCEDIR@
EPSTOPDF = @EPSTOPDF@
MANPAGEDIR3 = manpages-3
MAKEINDEX = @MAKEINDEX@
EXAMPLESDIR = $(OUTPUTDIR)/examples
SMBDOTCONFDOC = smbdotconf
DOCBOOKDIR = tmp
PSDIR = $(OUTPUTDIR)
FOPDFDIR = $(OUTPUTDIR)/fo-pdf
PDFDIR = $(OUTPUTDIR)
DVIDIR = $(OUTPUTDIR)
FODIR = $(OUTPUTDIR)
HTMLHELPDIR = $(OUTPUTDIR)/htmlhelp
PEARSONDIR = $(OUTPUTDIR)/pearson
TXTDIR = $(OUTPUTDIR)/textdocs
HTMLDIR=$(OUTPUTDIR)/htmldocs
PLUCKERDIR=$(OUTPUTDIR)/plucker
DB2LATEX_ARGS = --stringparam latex.documentclass.book @LATEX_DOCUMENTCLASS_OPTIONS@
TARGETS = @TARGETS@

125
docs-xml/README Normal file
View File

@ -0,0 +1,125 @@
!==
!== docbook.txt for Samba 3.0
!==
!== Author: David Bannon, D.Bannon@latrobe.edu.au November, 2000
!== Updates: Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001
!== Updates: Jelmer Vernooij, jelmer@samba.org, Aug, 2002
!== Updates: Jelmer Vernooij, jelmer@samba.org, Jun, 2003
!== Updates: Jelmer Vernooij, jelmer@samba.org, May, 2004
!== Updates: Jelmer Vernooij, jelmer@samba.org, May, 2005
Quick start
-----------
Run:
make all
What are DocBook documents doing in the Samba Distribution ?
-----------------------------------------------------------
We have converted all samba docs to XML/DocBook V4.2
in order to make them easier to maintain and produce a nicer looking
product.
This short note (strange isn't it how it always starts out as a short note
and becomes a long one ?) will explain very briefly how and why we have
done this.
The format
----------
If you are new to xml, regard an xml file as 'source code'. You don't
read it directly, but use it to create other formats (like the txt and html
included in ../txtdocs and ../htmldocs).
Docbook is a particular XML style, particularly suited to producing
technical manuals.
For more information on DocBook tags and format, see "DocBook: The
Definitive Guide" by Walsh and Muellner, (c) O'Reilly Publishing.
This book covers DocBook V4.2 and is available on-line
at http://www.docbook.org/
The Output
----------
The current Samba Subversion tree contains the XML/DocBook source files.
A regularly generated version can be found at http://samba.org/samba/docs/.
The Tools
---------
To generate the docs, you need to have the following packages installed:
* GNU Make
* GNU autoconf
* docbook-utils
* xsltproc
* pngtopnm and pnmtops (from the netpbm utilities)
* inkscape
For generating PDF (thru LaTeX):
* db2latex (from http://db2latex.sf.net/). Make sure to get CVS version
dated 20030622 -- it works best. Versions previous to 20030425 are known
to have problems, as well as current (as of 20031210) snapshots.
* pdflatex
* thumbpdf
For generating PDF (thru FO):
* fop (http://xml.apache.org/fop/)
For generating PostScript (thru LaTeX):
* db2latex
* latex
* dvips
For generating ASCII:
* html2text
For generating Palm-viewable docs:
* plucker-build
For generating texi files:
* docbook2x-texi
* makeinfo
For validating:
* xmllint
This directory now contains a ./configure script and Makefile to
support the automated building of man pages (including HTML versions), and
the building of the Samba-HOWTO-Collection and the
Samba Developers Guide (HTML,DVI,TeX,PDF,PS,Text versions).
The configure script detects which of the required utilities are installed
and builds as much docs as it can using these tools.
Help! Building the docs generates a lot of HTTP traffic...
-------------
To be able to build the docs without an internet connection (or faster with
a slow internet connection), you need to set up "catalogs".
A catalog contains a list of mappings to locally cached documents. E.g. :
http://db2latex.sf.net/xsl/ -> /usr/share/sgml/docbook/db2latex/xsl/
Add the following two lines to /etc/xml/catalog for db2latex:
<rewriteURI uriStartString="http://db2latex.sourceforge.net/xsl/" rewritePrefix="/export/user/me/source/docbook/db2latex/xsl/"/>
<rewriteURI uriStartString="http://docbook.sourceforge.net/release/xsl/current/" rewritePrefix="/export/user/me/source/docbook/docbook-xsl/"/>
For the Pearson DTD, add something like:
<public publicId="-//Pearson//DTD Books//DE" uri="file:///home/jelmer/Xml_dtd_1.1/pearson.dtd"/>
For the Samba DTD's, add something like:
<rewriteURI uriStartString="http://www.samba.org/samba/DTD" rewritePrefix="file:///home/jelmer/samba-web/DTD"/>
(of course, adapt /export/user/me/source/ to whatever path db2latex is
installed in...)
catalog entries for the other DTD's and XSL scripts should be present on your
system already.
Windows Help files
----------
http://htmlhelp.berlios.de/howto/mshh4wine.php

View File

@ -0,0 +1,130 @@
##
## Samba-EventLog-HOWTO.txt
## Brian Moran <bmoran@centeris.com>
##
## Feature Introduced in Samba 3.0.21
##
Samba and Eventlogs
===================
Samba servers now support event logs -- this means that if
Samba is configured correctly, the usual administration tools
like event viewer will work against a Samba server.
To minimally configure Samba to publish event logs, the
eventlogs to list must be specified in smb.conf, and
eventlog entries must be written to those eventlogs.
Optionally, a message file can be registered for each
of the eventlog 'sources' to pretty-print the eventlog
messages in the eventlog viewer.
Configuring smb.conf
====================
To specify the list of eventlogs the eventlog list
command is used. An example which will show four
eventlogs is
eventlog list = Application System Security SyslogLinux
When Samba initially starts, it looks to see if the
eventlog directory, and a particular log exists; if not,
the directory and file are created under LOCK_DIR
Writing EventLog Records
========================
The eventlogadm command is used to write records
into a particular eventlog. Eventlogadm expects records
to be on STDIN in the following format
LEN: 0
RS1: 1699505740
RCN: 0
TMG: 1128631322
TMW: 1128631322
EID: 1000
ETP: INFO
ECT: 0
RS2: 0
CRN: 0
USL: 0
SRC: cron
SRN: dmlinux
STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
DAT:
These fields closely mirror the eventlog structures
used by the APIs. The definitions of the fields are
- LEN: <integer> The length field is calculated by the
eventlogadm program based on the rest of the information
in the record. Zero works well here.
- RS1: 1699505740 A "magic number", the primary purpose of
which seems to be to be able to find eventlog records in a
sea of binary data
- TMG: <integer> The time the eventlog record was generated;
format is the number of seconds since 00:00:00 January 1,
1970, UTC
- TMW: <integer> The time the eventlog record was written;
format is the number of seconds since 00:00:00 January 1,
1970, UTC
- EID: <integer> The eventlog ID -- used as a index to a
message string in a message DLSamba and Eventlogs
- ETP: <string> The event type -- one of INFO, ERROR,
WARNING, AUDIT SUCCESS, AUDIT FAILURE
- ECT: <integer> The event category; this depends on the
message file -- primarily used as a means of filtering in
the eventlog viewer
- RS2: 0 Another reserved field
- CRN: 0 Yet another reserved field
- USL: <integer> Typically would contain the length of the
SID of the user object associated with this event. This is
not supported now, so leave this zero.
- SRC: <string> The source name associated with the event
log, e.g. "cron" or "smbd". If a message file is used with an
event log, there will be a registry entry for associating
this source name with a message file DLL
- SRN: <string> The name of the machine on which the
eventlog was generated. This is typically the host name
- STR: <string> The text associated with the eventlog. Note
that there may be more than one strings in a record
- DAT: <string> Eventlog records can have binary information
associated with them. DAT only supports ASCII strings however
Typically, one would set up a program to gather events, format
them into records, and pipe them into eventlogadm for a
particular eventlog:
# tail -f /var/log/messages |\
my_program_to_parse_into_eventlog_records |\
eventlogadm SyslogLinux
Note that individual records are separated on the input by one
or more blank lines. In this manner, eventlogadm will just wait
for more input, writing to the underlying log files as necessary.
Deciphering EventLog entries on the Client
==========================================
To set up an eventlog source (which is used by the eventlog viewer
program to pretty-print eventlog records), create a message file
DLL, then use the eventlogadm program to write the appropriate
eventlog registry entries:
# eventlogadm -o addsource Application MyApplication \
%SystemRoot%/system32/MyApplication.dll
This will add the key
[HKLM/System/CurrentControlSet/services/Eventlog/Application/MyApplication]
and to that key add value "MyApplication/EventLogMessageFile"
with a string of %SystemRoot%/system32/MyApplication.dll
If there happens to be a share called [C$] on your samba server,
and in that share there's a Windows/system32/MyApplication.dll
file, it will be read by the eventlog viewer application when
displaying eventlog records to pretty-print your eventlog entries.

16
docs-xml/Samba.desktop Normal file
View File

@ -0,0 +1,16 @@
[Desktop Entry]
Name=Samba
Name[cz]=Samba
Name[de]=Samba
Name[nl]=Samba
Name[sk]=Samba
Comment=The file and print service to SMB/ CIFS clients
Comment[cz]=Souborové a tiskové služby pre klienty SMB/ CIFS
Comment[de]=SMB/ CIFS Datei- und Druck-Server
Comment[nl]=SMB/CIFS Bestand en Print-Server
Comment[pl]=Usługa plików i drukarek dla klientów SMB/CIFS
Comment[sk]=Súborové a tlačové služby pre klientov SMB/ CIFS
DocPath=/usr/share/doc/packages/samba/htmldocs/index.html
X-DOC-SearchMethod=htdig
X-DOC-SearchEnabledDefault=true
X-DOC-Weight=-5000

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,918 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<chapter id="DomApps">
<title>Integrating Additional Services</title>
<para>
<indexterm><primary>authentication</primary></indexterm>
<indexterm><primary>backends</primary></indexterm>
<indexterm><primary>smbpasswd</primary></indexterm>
<indexterm><primary>ldapsam</primary></indexterm>
<indexterm><primary>Active Directory</primary></indexterm>
You've come a long way now. You have pretty much mastered Samba-3 for
most uses it can be put to. Up until now, you have cast Samba-3 in the leading
role, and where authentication was required, you have used one or another of
Samba's many authentication backends (from flat text files with smbpasswd
to LDAP directory integration with ldapsam). Now you can design a
solution for a new Abmas business. This business is running Windows Server
2003 and Active Directory, and these are to stay. It's time to master
implementing Samba and Samba-supported services in a domain controlled by
the latest Windows authentication technologies. Let's get started &smbmdash; this is
leading edge.
</para>
<sect1>
<title>Introduction</title>
<para>
Abmas has continued its miraculous growth; indeed, nothing seems to be able
to stop its diversification into multiple (and seemingly unrelated) fields.
Its latest acquisition is Abmas Snack Foods, a big player in the snack-food
business.
</para>
<para>
With this acquisition comes new challenges for you and your team. Abmas Snack
Foods is a well-developed business with a huge and heterogeneous network. It
already has Windows, NetWare, and Proprietary UNIX, but as yet no Samba or Linux.
The network is mature and well-established, and there is no question of its chosen
user authentication scheme being changed for now. You need to take a wise new
approach.
</para>
<para>
You have decided to set the ball rolling by introducing Samba-3 into the network
gradually, taking over key services and easing the way to a full migration and,
therefore, integration into Abmas's existing business later.
</para>
<sect2>
<title>Assignment Tasks</title>
<para>
<indexterm><primary>web</primary><secondary>proxying</secondary></indexterm>
<indexterm><primary>web</primary><secondary>caching</secondary></indexterm>
You've promised the skeptical Abmas Snack Foods management team
that you can show them how Samba can ease itself and other Open Source
technologies into their existing infrastructure and deliver sound business
advantages. Cost cutting is high on their agenda (a major promise of the
acquisition). You have chosen Web proxying and caching as your proving ground.
</para>
<para>
<indexterm><primary>bandwidth</primary></indexterm>
<indexterm><primary>Microsoft ISA</primary></indexterm>
Abmas Snack Foods has several thousand users housed at its head office
and multiple regional offices, plants, and warehouses. A high proportion of
the business's work is done online, so Internet access for most of these
users is essential. All Internet access, including for all regional offices,
is funneled through the head office and is the job of the (now your) networking
team. The bandwidth requirements were horrific (comparable to a small ISP), and
the team soon discovered proxying and caching. In fact, they became one of
the earliest commercial users of Microsoft ISA.
</para>
<para>
<indexterm><primary>Active Directory</primary></indexterm>
<indexterm><primary>authenticated</primary></indexterm>
<indexterm><primary>proxy</primary></indexterm>
The team is not happy with ISA. Because it never lived up to its marketing promises,
it underperformed and had reliability problems. You have pounced on the opportunity
to show what Open Source can do. The one thing they do like, however, is ISA's
integration with Active Directory. They like that their users, once logged on,
are automatically authenticated against the proxy. If your alternative to ISA
can operate completely seamlessly in their Active Directory domain, it will be
approved.
</para>
<para>
This is a hands-on exercise. You build software applications so
that you obtain the functionality Abmas needs.
</para>
</sect2>
</sect1>
<sect1>
<title>Dissection and Discussion</title>
<para>
The key requirements in this business example are straightforward. You are not required
to do anything new, just to replicate an existing system, not lose any existing features,
and improve performance. The key points are:
</para>
<itemizedlist>
<listitem><para>
Internet access for most employees
</para></listitem>
<listitem><para>
Distributed system to accommodate load and geographical distribution of users
</para></listitem>
<listitem><para>
Seamless and transparent interoperability with the existing Active Directory domain
</para></listitem>
</itemizedlist>
<sect2>
<title>Technical Issues</title>
<para>
<indexterm><primary>browsing</primary></indexterm>
<indexterm><primary>Squid proxy</primary></indexterm>
<indexterm><primary>proxy</primary></indexterm>
<indexterm><primary>authentication</primary></indexterm>
<indexterm><primary>Internet Explorer</primary></indexterm>
<indexterm><primary>winbind</primary></indexterm>
<indexterm><primary>NTLM</primary></indexterm>
<indexterm><primary>NTLM authentication daemon</primary></indexterm>
<indexterm><primary>authentication</primary></indexterm>
<indexterm><primary>daemon</primary></indexterm>
<indexterm><primary>Active Directory</primary></indexterm>
<indexterm><primary>domain</primary><secondary>Active Directory</secondary></indexterm>
<indexterm><primary>Kerberos</primary></indexterm><indexterm><primary>token</primary></indexterm>
Functionally, the user's Internet Explorer requests a browsing session with the
Squid proxy, for which it offers its AD authentication token. Squid hands off
the authentication request to the Samba-3 authentication helper application
called <command>ntlm_auth</command>. This helper is a hook into winbind, the
Samba-3 NTLM authentication daemon. Winbind enables UNIX services to authenticate
against Microsoft Windows domains, including Active Directory domains. As Active
Directory authentication is a modified Kerberos authentication, winbind is assisted
in this by local Kerberos 5 libraries configured to check passwords with the Active
Directory server. Once the token has been checked, a browsing session is established.
This process is entirely transparent and seamless to the user.
</para>
<para>
Enabling this consists of:
</para>
<itemizedlist>
<listitem><para>
Preparing the necessary environment using preconfigured packages
</para></listitem>
<listitem><para>
Setting up raw Kerberos authentication against the Active Directory domain
</para></listitem>
<listitem><para>
Configuring, compiling, and then installing the supporting Samba-3 components
</para></listitem>
<listitem><para>
Tying it all together
</para></listitem>
</itemizedlist>
</sect2>
<sect2>
<title>Political Issues</title>
<para>
You are a stranger in a strange land, and all eyes are upon you. Some would even like to see
you fail. For you to gain the trust of your newly acquired IT people, it is essential that your
solution does everything the old one did, but does it better in every way. Only then
will the entrenched positions consider taking up your new way of doing things on a
wider scale.
</para>
</sect2>
</sect1>
<sect1>
<title>Implementation</title>
<para>
<indexterm><primary>Squid</primary></indexterm>
First, your system needs to be prepared and in a known good state to proceed. This consists
of making sure that everything the system depends on is present and that everything that could
interfere or conflict with the system is removed. You will be configuring the Squid and Samba-3
packages and updating them if necessary. If conflicting packages of these programs are installed,
they must be removed.
</para>
<para>
<indexterm><primary>Red Hat Linux</primary></indexterm>
The following packages should be available on your Red Hat Linux system:
</para>
<itemizedlist>
<listitem><para>
<indexterm><primary>krb5</primary></indexterm>
<indexterm><primary>Kerberos</primary></indexterm>
krb5-libs
</para></listitem>
<listitem><para>
krb5-devel
</para></listitem>
<listitem><para>
krb5-workstation
</para></listitem>
<listitem><para>
krb5-server
</para></listitem>
<listitem><para>
pam_krb5
</para></listitem>
</itemizedlist>
<para>
<indexterm><primary>SUSE Linux</primary></indexterm>
In the case of SUSE Linux, these packages are called:
</para>
<itemizedlist>
<listitem><para>
heimdal-lib
</para></listitem>
<listitem><para>
heimdal-devel
</para></listitem>
<listitem><para>
<indexterm><primary>Heimdal</primary></indexterm>
heimdal
</para></listitem>
<listitem><para>
pam_krb5
</para></listitem>
</itemizedlist>
<para>
If the required packages are not present on your system, you must install
them from the vendor's installation media. Follow the administrative guide
for your Linux system to ensure that the packages are correctly updated.
</para>
<note><para>
<indexterm><primary>MS Windows Server 2003</primary></indexterm>
<indexterm><primary>Kerberos</primary></indexterm>
<indexterm><primary>MIT</primary></indexterm>
If the requirement is for interoperation with MS Windows Server 2003, it
will be necessary to ensure that you are using MIT Kerberos version 1.3.1
or later. Red Hat Linux 9 ships with MIT Kerberos 1.2.7 and thus requires
updating.
</para>
<para>
<indexterm><primary>Heimdal</primary></indexterm>
<indexterm><primary>SUSE Enterprise Linux Server</primary></indexterm>
Heimdal 0.6 or later is required in the case of SUSE Linux. SUSE Enterprise
Linux Server 8 ships with Heimdal 0.4. SUSE 9 ships with the necessary version.
</para></note>
<sect2 id="ch10-one">
<title>Removal of Pre-Existing Conflicting RPMs</title>
<para>
<indexterm><primary>Squid</primary></indexterm>
If Samba and/or Squid RPMs are installed, they should be updated. You can
build both from source.
</para>
<para>
<indexterm><primary>rpm</primary></indexterm>
<indexterm><primary>samba</primary></indexterm>
<indexterm><primary>squid</primary></indexterm>
Locating the packages to be un-installed can be achieved by running:
<screen>
&rootprompt; rpm -qa | grep -i samba
&rootprompt; rpm -qa | grep -i squid
</screen>
The identified packages may be removed using:
<screen>
&rootprompt; rpm -e samba-common
</screen>
</para>
<sect2>
<title>Kerberos Configuration</title>
<para>
<indexterm><primary>Kerberos</primary></indexterm>
<indexterm><primary>Active Directory</primary><secondary>server</secondary></indexterm>
<indexterm><primary>ADS</primary></indexterm>
<indexterm><primary>KDC</primary></indexterm>
The systems Kerberos installation must be configured to communicate with
your primary Active Directory server (ADS KDC).
</para>
<para>
Strictly speaking, MIT Kerberos version 1.3.4 currently gives the best results,
although the current default Red Hat MIT version 1.2.7 gives acceptable results
unless you are using Windows 2003 servers.
</para>
<para>
<indexterm><primary>MIT</primary></indexterm>
<indexterm><primary>Heimdal</primary></indexterm>
<indexterm><primary>Kerberos</primary></indexterm>
<indexterm><primary>/etc/krb5.conf</primary></indexterm>
<indexterm><primary>DNS</primary><secondary>SRV records</secondary></indexterm>
<indexterm><primary>KDC</primary></indexterm>
<indexterm><primary>DNS</primary><secondary>lookup</secondary></indexterm>
Officially, neither MIT (1.3.4) nor Heimdal (0.63) Kerberos needs an <filename>/etc/krb5.conf</filename>
file in order to work correctly. All ADS domains automatically create SRV records in the
DNS zone <constant>Kerberos.REALM.NAME</constant> for each KDC in the realm. Since both
MIT and Heimdal, KRB5 libraries default to checking for these records, so they
automatically find the KDCs. In addition, <filename>krb5.conf</filename> allows
specifying only a single KDC, even if there is more than one. Using the DNS lookup
allows the KRB5 libraries to use whichever KDCs are available.
</para>
<procedure>
<title>Kerberos Configuration Steps</title>
<step><para>
<indexterm><primary>krb5.conf</primary></indexterm>
If you find the need to manually configure the <filename>krb5.conf</filename>, you should edit it
to have the contents shown in <link linkend="ch10-krb5conf"/>. The final fully qualified path for this file
should be <filename>/etc/krb5.conf</filename>.
</para></step>
<step><para>
<indexterm><primary>Kerberos</primary></indexterm>
<indexterm><primary>realm</primary></indexterm>
<indexterm><primary>case-sensitive</primary></indexterm>
<indexterm><primary>KDC</primary></indexterm>
<indexterm><primary>synchronization</primary></indexterm>
<indexterm><primary>initial credentials</primary></indexterm>
<indexterm><primary>Clock skew</primary></indexterm>
<indexterm><primary>NTP</primary></indexterm>
<indexterm><primary>DNS</primary><secondary>lookup</secondary></indexterm>
<indexterm><primary>reverse DNS</primary></indexterm>
<indexterm><primary>NetBIOS name </primary></indexterm>
<indexterm><primary>/etc/hosts</primary></indexterm>
<indexterm><primary>mapping</primary></indexterm>
The following gotchas often catch people out. Kerberos is case sensitive. Your realm must
be in UPPERCASE, or you will get an error: <quote>Cannot find KDC for requested realm while getting
initial credentials</quote>. Kerberos is picky about time synchronization. The time
according to your participating servers must be within 5 minutes or you get an error:
<quote>kinit(v5): Clock skew too great while getting initial credentials</quote>.
Clock skew limits are, in fact, configurable in the Kerberos protocols (the default is
5 minutes). A better solution is to implement NTP throughout your server network.
Kerberos needs to be able to do a reverse DNS lookup on the IP address of your KDC.
Also, the name that this reverse lookup maps to must either be the NetBIOS name of
the KDC (i.e., the hostname with no domain attached) or the
NetBIOS name followed by the realm. If all else fails, you can add a
<filename>/etc/hosts</filename> entry mapping the IP address of your KDC to its
NetBIOS name. If Kerberos cannot do this reverse lookup, you will get a local error
when you try to join the realm.
</para></step>
<step><para>
<indexterm><primary>kinit</primary></indexterm>
You are now ready to test your installation by issuing the command:
<screen>
&rootprompt; kinit [USERNAME@REALM]
</screen>
You are asked for your password, which you should enter. The following
is a typical console sequence:
<screen>
&rootprompt; kinit ADMINISTRATOR@LONDON.ABMAS.BIZ
Password for ADMINISTRATOR@LONDON.ABMAS.BIZ:
</screen>
Make sure that your password is accepted by the Active Directory KDC.
</para></step>
</procedure>
<example id="ch10-krb5conf">
<title>Kerberos Configuration &smbmdash; File: <filename>/etc/krb5.conf</filename></title>
<screen>
[libdefaults]
default_realm = LONDON.ABMAS.BIZ
[realms]
LONDON.ABMAS.BIZ = {
kdc = w2k3s.london.abmas.biz
}
</screen>
</example>
<para><indexterm>
<primary>klist</primary>
</indexterm>
The command
<screen>
&rootprompt; klist -e
</screen>
shows the Kerberos tickets cached by the system.
</para>
<sect3>
<title>Samba Configuration</title>
<para>
<indexterm><primary>Active Directory</primary></indexterm>
Samba must be configured to correctly use Active Directory. Samba-3 must be used, since it
has the necessary components to interface with Active Directory.
</para>
<procedure>
<title>Securing Samba-3 With ADS Support Steps</title>
<step><para>
<indexterm><primary>Red Hat Linux</primary></indexterm>
<indexterm><primary>Samba Tea</primary></indexterm>
<indexterm><primary>Red Hat Fedora Linux</primary></indexterm>
<indexterm><primary>MIT KRB5</primary></indexterm>
<indexterm><primary>ntlm_auth</primary></indexterm>
Download the latest stable Samba-3 for Red Hat Linux from the official Samba Team
<ulink url="http://ftp.samba.org">FTP site.</ulink> The official Samba Team
RPMs for Red Hat Fedora Linux contain the <command>ntlm_auth</command> tool
needed, and are linked against MIT KRB5 version 1.3.1 and therefore are ready for use.
</para>
<para>
<indexterm><primary>SerNet</primary></indexterm>
<indexterm><primary>RPMs</primary></indexterm>
The necessary, validated RPM packages for SUSE Linux may be obtained from
the <ulink url="ftp://ftp.sernet.de/pub/samba">SerNet</ulink> FTP site that
is located in Germany. All SerNet RPMs are validated, have the necessary
<command>ntlm_auth</command> tool, and are statically linked
against suitably patched Heimdal 0.6 libraries.
</para></step>
<step><para>
Using your favorite editor, change the <filename>/etc/samba/smb.conf</filename>
file so it has contents similar to the example shown in <link linkend="ch10-smbconf"/>.
</para></step>
<step><para>
<indexterm><primary>computer account</primary></indexterm>
<indexterm><primary>Active Directory</primary></indexterm>
<indexterm><primary>net</primary><secondary>ads</secondary><tertiary>join</tertiary></indexterm>i
<indexterm><primary>Kerberos ticket</primary></indexterm>
<indexterm><primary>ticket</primary></indexterm>
Next you need to create a computer account in the Active Directory.
This sets up the trust relationship needed for other clients to
authenticate to the Samba server with an Active Directory Kerberos ticket.
This is done with the <quote>net ads join -U [Administrator%Password]</quote>
command, as follows:
<screen>
&rootprompt; net ads join -U administrator%vulcon
</screen>
</para></step>
<step><para>
<indexterm><primary>smbd</primary></indexterm>
<indexterm><primary>nmbd</primary></indexterm>
<indexterm><primary>winbindd</primary></indexterm>
<indexterm><primary>Active Directory</primary></indexterm>
<indexterm><primary>Samba</primary></indexterm>
Your new Samba binaries must be started in the standard manner as is applicable
to the platform you are running on. Alternatively, start your Active Directory-enabled Samba with the following commands:
<screen>
&rootprompt; smbd -D
&rootprompt; nmbd -D
&rootprompt; winbindd -B
</screen>
</para></step>
<step><para>
<indexterm><primary>winbind</primary></indexterm>
<indexterm><primary>Active Directory</primary><secondary>domain</secondary></indexterm>
<indexterm><primary>wbinfo</primary></indexterm>
<indexterm><primary>enumerating</primary></indexterm>
<indexterm><primary>Active Directory</primary><secondary>tree</secondary></indexterm>
We now need to test that Samba is communicating with the Active
Directory domain; most specifically, we want to see whether winbind
is enumerating users and groups. Issue the following commands:
<screen>
&rootprompt; wbinfo -t
checking the trust secret via RPC calls succeeded
</screen>
This tests whether we are authenticating against Active Directory:
<screen>
&rootprompt; wbinfo -u
LONDON+Administrator
LONDON+Guest
LONDON+SUPPORT_388945a0
LONDON+krbtgt
LONDON+jht
LONDON+xjht
</screen>
This enumerates all the users in your Active Directory tree:
<screen>
&rootprompt; wbinfo -g
LONDON+Domain Computers
LONDON+Domain Controllers
LONDON+Schema Admins
LONDON+Enterprise Admins
LONDON+Domain Admins
LONDON+Domain Users
LONDON+Domain Guests
LONDON+Group Policy Creator Owners
LONDON+DnsUpdateProxy
</screen>
This enumerates all the groups in your Active Directory tree.
</para></step>
<step><para>
<indexterm><primary>Squid</primary></indexterm>
<indexterm><primary>ntlm_auth</primary></indexterm>
Squid uses the <command>ntlm_auth</command> helper build with Samba-3.
You may test <command>ntlm_auth</command> with the command:
<screen>
&rootprompt; /usr/bin/ntlm_auth --username=jht
password: XXXXXXXX
</screen>
You are asked for your password, which you should enter. You are rewarded with:
<screen>
&rootprompt; NT_STATUS_OK: Success (0x0)
</screen>
</para></step>
<step><para>
<indexterm><primary>ntlm_auth</primary></indexterm>
<indexterm><primary>authenticate</primary></indexterm>
<indexterm><primary>winbind</primary></indexterm>
<indexterm><primary>privileged pipe</primary></indexterm>
<indexterm><primary>squid</primary></indexterm>
<indexterm><primary>chgrp</primary></indexterm>
<indexterm><primary>chmod</primary></indexterm>
<indexterm><primary>failure</primary></indexterm>
The <command>ntlm_auth</command> helper, when run from a command line as the user
<quote>root</quote>, authenticates against your Active Directory domain (with
the aid of winbind). It manages this by reading from the winbind privileged pipe.
Squid is running with the permissions of user <quote>squid</quote> and group
<quote>squid</quote> and is not able to do this unless we make a vital change.
Squid cannot read from the winbind privilege pipe unless you change the
permissions of its directory. This is the single biggest cause of failure in the
whole process. Remember to issue the following command (for Red Hat Linux):
<screen>
&rootprompt; chgrp squid /var/cache/samba/winbindd_privileged
&rootprompt; chmod 750 /var/cache/samba/winbindd_privileged
</screen>
For SUSE Linux 9, execute the following:
<screen>
&rootprompt; chgrp squid /var/lib/samba/winbindd_privileged
&rootprompt; chmod 750 /var/lib/samba/winbindd_privileged
</screen>
</para></step>
</procedure>
</sect3>
<sect3>
<title>NSS Configuration</title>
<para>
<indexterm><primary>NSS</primary></indexterm>
<indexterm><primary>winbind</primary></indexterm>
<indexterm><primary>authentication</primary></indexterm>
For Squid to benefit from Samba-3, NSS must be updated to allow winbind as a valid route to user authentication.
</para>
<para>
Edit your <filename>/etc/nsswitch.conf</filename> file so it has the parameters shown
in <link linkend="ch10-etcnsscfg"/>.
</para>
<example id="ch10-smbconf">
<title>Samba Configuration &smbmdash; File: <filename>/etc/samba/smb.conf</filename></title>
<smbconfblock>
<smbconfsection name="[global]"/>
<smbconfoption name="workgroup">LONDON</smbconfoption>
<smbconfoption name="netbios name">W2K3S</smbconfoption>
<smbconfoption name="realm">LONDON.ABMAS.BIZ</smbconfoption>
<smbconfoption name="security">ads</smbconfoption>
<smbconfoption name="encrypt passwords">yes</smbconfoption>
<smbconfoption name="password server">w2k3s.london.abmas.biz</smbconfoption>
<smbconfcomment>separate domain and username with '/', like DOMAIN/username</smbconfcomment>
<smbconfoption name="winbind separator">/</smbconfoption>
<smbconfcomment>use UIDs from 10000 to 20000 for domain users</smbconfcomment>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfcomment>use GIDs from 10000 to 20000 for domain groups</smbconfcomment>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfcomment>allow enumeration of winbind users and groups</smbconfcomment>
<smbconfoption name="winbind enum users">yes</smbconfoption>
<smbconfoption name="winbind enum groups">yes</smbconfoption>
<smbconfoption name="winbind user default domain">yes</smbconfoption>
</smbconfblock>
</example>
<example id="ch10-etcnsscfg">
<title>NSS Configuration File Extract &smbmdash; File: <filename>/etc/nsswitch.conf</filename></title>
<screen>
passwd: files winbind
shadow: files
group: files winbind
</screen>
</example>
</sect3>
<sect3>
<title>Squid Configuration</title>
<para>
<indexterm><primary>Squid</primary></indexterm>
<indexterm><primary>Active Directory</primary><secondary>authentication</secondary></indexterm>
Squid must be configured correctly to interact with the Samba-3
components that handle Active Directory authentication.
</para>
</sect3>
</sect2>
<sect2>
<title>Configuration</title></sect2>
<procedure>
<title>Squid Configuration Steps</title>
<step><para>
<indexterm><primary>SUSE Linux</primary></indexterm>
<indexterm><primary>Squid</primary> </indexterm>
<indexterm><primary>helper agent</primary></indexterm>
If your Linux distribution is SUSE Linux 9, the version of Squid
supplied is already enabled to use the winbind helper agent. You
can therefore omit the steps that would build the Squid binary
programs.
</para></step>
<step><para>
<indexterm><primary>nobody</primary></indexterm>
<indexterm><primary>squid</primary></indexterm>
<indexterm><primary>rpms</primary></indexterm>
<indexterm><primary>/etc/passwd</primary></indexterm>
<indexterm><primary>/etc/group</primary></indexterm>
Squid, by default, runs as the user <constant>nobody</constant>. You need to
add a system user <constant>squid</constant> and a system group
<constant>squid</constant> if they are not set up already (if the default
Red Hat squid rpms were installed, they will be). Set up a
<constant>squid</constant> user in <filename>/etc/passwd</filename>
and a <constant>squid</constant> group in <filename>/etc/group</filename> if these aren't there already.
</para></step>
<step><para>
<indexterm><primary>permissions</primary></indexterm>
<indexterm><primary>chown</primary></indexterm>
You now need to change the permissions on Squid's <constant>var</constant>
directory. Enter the following command:
<screen>
&rootprompt; chown -R squid /var/cache/squid
</screen>
</para></step>
<step><para>
<indexterm><primary>logging</primary></indexterm>
<indexterm><primary>Squid</primary></indexterm>
Squid must also have control over its logging. Enter the following commands:
<screen>
&rootprompt; chown -R chown squid:squid /var/log/squid
&rootprompt; chmod 770 /var/log/squid
</screen>
</para></step>
<step><para>
Finally, Squid must be able to write to its disk cache!
Enter the following commands:
<screen>
&rootprompt; chown -R chown squid:squid /var/cache/squid
&rootprompt; chmod 770 /var/cache/squid
</screen>
</para></step>
<step><para>
<indexterm><primary>/etc/squid/squid.conf</primary></indexterm>
The <filename>/etc/squid/squid.conf</filename> file must be edited to include the lines from
<link linkend="etcsquidcfg"/> and <link linkend="etcsquid2"/>.
</para></step>
<step><para>
<indexterm><primary>cache directories</primary></indexterm>
You must create Squid's cache directories before it may be run. Enter the following command:
<screen>
&rootprompt; squid -z
</screen>
</para></step>
<step><para>
Finally, start Squid and enjoy transparent Active Directory authentication.
Enter the following command:
<screen>
&rootprompt; squid
</screen>
</para></step>
</procedure>
<example id="etcsquidcfg">
<title>Squid Configuration File Extract &smbmdash; <filename>/etc/squid.conf</filename> [ADMINISTRATIVE PARAMETERS Section]</title>
<screen>
cache_effective_user squid
cache_effective_group squid
</screen>
</example>
<example id="etcsquid2">
<title>Squid Configuration File extract &smbmdash; File: <filename>/etc/squid.conf</filename> [AUTHENTICATION PARAMETERS Section]</title>
<screen>
auth_param ntlm program /usr/bin/ntlm_auth \
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth \
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers
</screen>
</example>
</sect2>
<sect2>
<title>Key Points Learned</title>
<para>
<indexterm><primary>Web browsers</primary></indexterm>
<indexterm><primary>services</primary></indexterm>
<indexterm><primary>authentication protocols</primary></indexterm>
<indexterm><primary>Web</primary><secondary>proxy</secondary><tertiary>access</tertiary></indexterm>
<indexterm><primary>NTLMSSP</primary></indexterm>
Microsoft Windows networking protocols permeate the spectrum of technologies that Microsoft
Windows clients use, even when accessing traditional services such as Web browsers. Depending
on whom you discuss this with, this is either good or bad. No matter how you might evaluate this,
the use of NTLMSSP as the authentication protocol for Web proxy access has some advantages over
the cookie-based authentication regime used by all competing browsers. It is Samba's implementation
of NTLMSSP that makes it attractive to implement the solution that has been demonstrated in this chapter.
</para>
</sect2>
</sect1>
<sect1>
<title>Questions and Answers</title>
<para>
<indexterm><primary>ntlm_auth</primary></indexterm>
<indexterm><primary>SambaXP conference</primary></indexterm>
<indexterm><primary>Goettingen</primary></indexterm>
<indexterm><primary>Italian</primary></indexterm>
The development of the <command>ntlm_auth</command> module was first discussed in many Open Source circles
in 2002. At the SambaXP conference in Goettingen, Germany, Mr. Francesco Chemolli demonstrated the use of
<command>ntlm_auth</command> during one of the late developer meetings that took place. Since that time, the
adoption of <command>ntlm_auth</command> has spread considerably.
</para>
<para>
The largest report from a site that uses Squid with <command>ntlm_auth</command>-based authentication
support uses a dual processor server that has 2 GB of memory. It provides Web and FTP proxy services for 10,000
users. Approximately 2,000 of these users make heavy use of the proxy services. According to the source, who
wishes to remain anonymous, the sustained transaction load on this server hovers around 140 hits/sec. The following
comments were made with respect to questions regarding the performance of this installation:
</para>
<blockquote><para>
[In our] EXTREMELY optimized environment . . . [the] performance impact is almost [nothing]. The <quote>almost</quote>
part is due to the brain damage of the ntlm-over-http protocol definition. Suffice to say that its worst-case
scenario triples the number of hits needed to perform the same transactions versus basic or digest auth[entication].
</para></blockquote>
<para>
You would be well-advised to recognize that all cache-intensive proxying solutions demand a lot of memory.
Make certain that your Squid proxy server is equipped with sufficient memory to permit all proxy operations to run
out of memory without invoking the overheads involved in the use of memory that has to be swapped to disk.
</para>
<qandaset defaultlabel="chap10bqa" type="number">
<qandaentry>
<question>
<para>
What does Samba have to do with Web proxy serving?
</para>
</question>
<answer>
<para>
<indexterm><secondary>transparent inter-operability</secondary></indexterm>
<indexterm><primary>Windows clients</primary></indexterm>
<indexterm><primary>network</primary><secondary>services</secondary></indexterm>
<indexterm><primary>authentication</primary></indexterm>
<indexterm><primary>wrapper</primary></indexterm>
To provide transparent interoperability between Windows clients and the network services
that are used from them, Samba had to develop tools and facilities that deliver that feature. The benefit
of Open Source software is that it can readily be reused. The current <command>ntlm_auth</command>
module is basically a wrapper around authentication code from the core of the Samba project.
</para>
<para>
<indexterm><primary>plain-text</primary></indexterm>
<indexterm><primary>authentication</primary><secondary>plain-text</secondary></indexterm>
<indexterm><primary>Web</primary><secondary>proxy</secondary></indexterm>
<indexterm><primary>FTP</primary><secondary>proxy</secondary></indexterm>
<indexterm><primary>NTLMSSP</primary></indexterm>
<indexterm><primary>logon credentials</primary></indexterm>
<indexterm><primary>Windows explorer</primary></indexterm>
<indexterm><primary>Internet Information Server</primary></indexterm>
<indexterm><primary>Apache Web server</primary></indexterm>
The <command>ntlm_auth</command> module supports basic plain-text authentication and NTLMSSP
protocols. This module makes it possible for Web and FTP proxy requests to be authenticated without
the user being interrupted via his or her Windows logon credentials. This facility is available with
MS Windows Explorer and is one of the key benefits claimed for Microsoft Internet Information Server.
There are a few open source initiatives to provide support for these protocols in the Apache Web server
also.
</para>
<para>
<indexterm><primary>wrapper</primary></indexterm>
The short answer is that by adding a wrapper around key authentication components of Samba, other
projects (like Squid) can benefit from the labors expended in meeting user interoperability needs.
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
What other services does Samba provide?
</para>
</question>
<answer>
<para>
<indexterm><primary>winbindd</primary></indexterm>
<indexterm><primary>Identity resolver</primary></indexterm>
<indexterm><primary>daemon</primary></indexterm>
<indexterm><primary>smbd</primary></indexterm>
<indexterm><primary>file and print server</primary></indexterm>
Samba-3 is a file and print server. The core components that provide this functionality are <command>smbd</command>,
<command>nmbd</command>, and the identity resolver daemon, <command>winbindd</command>.
</para>
<para>
<indexterm><primary>SMB/CIFS</primary></indexterm>
<indexterm><primary>smbclient</primary></indexterm>
Samba-3 is an SMB/CIFS client. The core component that provides this is called <command>smbclient</command>.
</para>
<para>
<indexterm><primary>modules</primary></indexterm>
<indexterm><primary>utilities</primary></indexterm>
<indexterm><primary>validation</primary></indexterm>
<indexterm><primary>inter-operability</primary></indexterm>
<indexterm><primary>authentication</primary></indexterm>
Samba-3 includes a number of helper tools, plug-in modules, utilities, and test and validation facilities.
Samba-3 includes glue modules that help provide interoperability between MS Windows clients and UNIX/Linux
servers and clients. It includes Winbind agents that make it possible to authenticate UNIX/Linux access attempts
as well as logins to an SMB/CIFS authentication server backend. Samba-3 includes name service switch (NSS) modules
to permit identity resolution via SMB/CIFS servers (Windows NT4/200x, Samba, and a host of other commercial
server products).
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
Does use of Samba (<command>ntlm_auth</command>) improve the performance of Squid?
</para>
</question>
<answer>
<para>
Not really. Samba's <command>ntlm_auth</command> module handles only authentication. It requires that
Squid make an external call to <command>ntlm_auth</command> and therefore actually incurs a
little more overhead. Compared with the benefit obtained, that overhead is well worth enduring. Since
Squid is a proxy server, and proxy servers tend to require lots of memory, it is good advice to provide
sufficient memory when using Squid. Just add a little more to accommodate <command>ntlm_auth</command>.
</para>
</answer>
</qandaentry>
</qandaset>
</sect1>
</chapter>

View File

@ -0,0 +1,701 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<chapter id="HA">
<title>Performance, Reliability, and Availability</title>
<para>
<indexterm><primary>performance</primary></indexterm>
<indexterm><primary>reliability</primary></indexterm>
<indexterm><primary>availability</primary></indexterm>
Well, you have reached one of the last chapters of this book. It is customary to attempt
to wrap up the theme and contents of a book in what is generally regarded as the
chapter that should draw conclusions. This book is a suspense thriller, and since
the plot of the stories told mostly lead you to bigger, better Samba-3 networking
solutions, it is perhaps appropriate to close this book with a few pertinent comments
regarding some of the things everyone can do to deliver a reliable Samba-3 network.
</para>
<blockquote><attribution>Anonymous</attribution><para>
In a world so full of noise, how can the sparrow be heard?
</para></blockquote>
<sect1>
<title>Introduction</title>
<para>
<indexterm><primary>clustering</primary></indexterm>
The sparrow is a small bird whose sounds are drowned out by the noise of the busy
world it lives in. Likewise, the simple steps that can be taken to improve the
reliability and availability of a Samba network are often drowned out by the volume
of discussions about grandiose Samba clustering designs. This is not intended to
suggest that clustering is not important, because clearly it is. This chapter does not devote
itself to discussion of clustering because each clustering methodology uses its own
custom tools and methods. Only passing comments are offered concerning these methods.
</para>
<para>
<indexterm><primary>cluster</primary></indexterm>
<indexterm><primary>samba cluster</primary></indexterm>
<indexterm><primary>scalability</primary></indexterm>
<ulink url="http://www.google.com/search?hl=en&amp;lr=&amp;ie=ISO-8859-1&amp;q=samba+cluster&amp;btnG=Google+Search">A search</ulink>
for <quote>samba cluster</quote> produced 71,600 hits. And a search for <quote>highly available samba</quote>
and <quote>highly available windows</quote> produced an amazing number of references.
It is clear from the resources on the Internet that Windows file and print services
availability, reliability, and scalability are of vital interest to corporate network users.
</para>
<para>
<indexterm><primary>performance</primary></indexterm>
So without further background, you can review a checklist of simple steps that
can be taken to ensure acceptable network performance while keeping costs of ownership
well under control.
</para>
</sect1>
<sect1>
<title>Dissection and Discussion</title>
<para>
<indexterm><primary>simple</primary></indexterm>
<indexterm><primary>complexities</primary></indexterm>
If it is your purpose to get the best mileage out of your Samba servers, there is one rule that
must be obeyed. If you want the best, keep your implementation as simple as possible. You may
well be forced to introduce some complexities, but you should do so only as a last resort.
</para>
<para>
Simple solutions are likely to be easier to get right than are complex ones. They certainly
make life easier for your successor. Simple implementations can be more readily audited than can
complex ones.
</para>
<para>
<indexterm><primary>broken behavior</primary></indexterm>
<indexterm><primary>poor performance</primary></indexterm>
Problems reported by users fall into three categories: configurations that do not work, those
that have broken behavior, and poor performance. The term <emphasis>broken behavior</emphasis>
means that the function of a particular Samba component appears to work sometimes, but not at
others. The resulting intermittent operation is clearly unacceptable. An example of
<emphasis>broken behavior</emphasis> known to many Windows networking users occurs when the
list of Windows machines in MS Explorer changes, sometimes listing machines that are running
and at other times not listing them even though the machines are in use on the network.
</para>
<para>
<indexterm><primary>smbfs</primary></indexterm>
<indexterm><primary>smbmnt</primary></indexterm>
<indexterm><primary>smbmount</primary></indexterm>
<indexterm><primary>smbumnt</primary></indexterm>
<indexterm><primary>smbumount</primary></indexterm>
<indexterm><primary>front-end</primary></indexterm>
A significant number of reports concern problems with the <command>smbfs</command> file system
driver that is part of the Linux kernel, not part of Samba. Users continue to interpret that
<command>smbfs</command> is part of Samba, simply because Samba includes the front-end tools
that are used to manage <command>smbfs</command>-based file service connections. So, just
for the record, the tools <command>smbmnt</command>, <command>smbmount</command>,
<command>smbumount</command>, and <command>smbumnt</command> are front-end
facilities to core drivers that are supplied as part of the Linux kernel. These tools share a
common infrastructure with some Samba components, but they are not maintained as part of
Samba and are really foreign to it.
</para>
<para>
<indexterm><primary>cifsfs</primary></indexterm>
The new project, <command>cifsfs</command>, is destined to replace <command>smbfs</command>.
It, too, is not part of Samba, even though one of the Samba Team members is a prime mover in
this project.
</para>
<para>
Table 13.1 lists typical causes of:
</para>
<itemizedlist>
<listitem><para>Not Working (NW)</para></listitem>
<listitem><para>Broken Behavior (BB)</para></listitem>
<listitem><para>Poor Performance (PP)</para></listitem>
</itemizedlist>
<table id="ProbList">
<title>Effect of Common Problems</title>
<tgroup cols="4">
<colspec align="left"/>
<colspec align="center"/>
<colspec align="center"/>
<colspec align="center"/>
<thead>
<row>
<entry><para>Problem</para></entry>
<entry><para>NW</para></entry>
<entry><para>BB</para></entry>
<entry><para>PP</para></entry>
</row>
</thead>
<tbody>
<row>
<entry><para>File locking</para></entry>
<entry><para>-</para></entry>
<entry><para>X</para></entry>
<entry><para>-</para></entry>
</row>
<row>
<entry><para>Hardware problems</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
</row>
<row>
<entry><para>Incorrect authentication</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
<entry><para>-</para></entry>
</row>
<row>
<entry><para>Incorrect configuration</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
</row>
<row>
<entry><para>LDAP problems</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
<entry><para>-</para></entry>
</row>
<row>
<entry><para>Name resolution</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
</row>
<row>
<entry><para>Printing problems</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
<entry><para>-</para></entry>
</row>
<row>
<entry><para>Slow file transfer</para></entry>
<entry><para>-</para></entry>
<entry><para>-</para></entry>
<entry><para>X</para></entry>
</row>
<row>
<entry><para>Winbind problems</para></entry>
<entry><para>X</para></entry>
<entry><para>X</para></entry>
<entry><para>-</para></entry>
</row>
</tbody>
</tgroup>
</table>
<para>
<indexterm><primary>network hygiene</primary></indexterm>
It is obvious to all that the first requirement (as a matter of network hygiene) is to eliminate
problems that affect basic network operation. This book has provided sufficient working examples
to help you to avoid all these problems.
</para>
</sect1>
<sect1>
<title>Guidelines for Reliable Samba Operation</title>
<para>
<indexterm><primary>resilient</primary></indexterm>
<indexterm><primary>extreme demand</primary></indexterm>
Your objective is to provide a network that works correctly, can grow at all times, is resilient
at times of extreme demand, and can scale to meet future needs. The following subject areas provide
pointers that can help you today.
</para>
<sect2>
<title>Name Resolution</title>
<para>
There are three basic current problem areas: bad hostnames, routed networks, and network collisions.
These are covered in the following discussion.
</para>
<sect3>
<title>Bad Hostnames</title>
<para>
<indexterm><primary>DHCP</primary><secondary>client</secondary></indexterm>
<indexterm><primary>netbios name</primary></indexterm>
<indexterm><primary>localhost</primary></indexterm>
<indexterm><primary>/etc/hosts</primary></indexterm>
<indexterm><primary>NetBIOS</primary></indexterm>
When configured as a DHCP client, a number of Linux distributions set the system hostname
to <constant>localhost</constant>. If the parameter <parameter>netbios name</parameter> is not
specified to something other than <constant>localhost</constant>, the Samba server appears
in the Windows Explorer as <constant>LOCALHOST</constant>. Moreover, the entry in the <filename>/etc/hosts</filename>
on the Linux server points to IP address <constant>127.0.0.1</constant>. This means that
when the Windows client obtains the IP address of the Samba server called <constant>LOCALHOST</constant>,
it obtains the IP address <constant>127.0.0.1</constant> and then proceeds to attempt to
set up a NetBIOS over TCP/IP connection to it. This cannot work, because that IP address is
the local Windows machine itself. Hostnames must be valid for Windows networking to function
correctly.
</para>
<para>
<indexterm><primary>digits</primary></indexterm>
A few sites have tried to name Windows clients and Samba servers with a name that begins
with the digits 1-9. This does not work either because it may result in the client or
server attempting to use that name as an IP address.
</para>
<para>
<indexterm><primary>DNS</primary><secondary>name lookup</secondary></indexterm>
<indexterm><primary>resolve</primary></indexterm>
A Samba server called <constant>FRED</constant> in a NetBIOS domain called <constant>COLLISION</constant>
in a network environment that is part of the fully-qualified Internet domain namespace known
as <constant>parrots.com</constant>, results in DNS name lookups for <constant>fred.parrots.com</constant>
and <constant>collision.parrots.com</constant>. It is therefore a mistake to name the domain
(workgroup) <constant>collision.parrots.com</constant>, since this results in DNS lookup
attempts to resolve <constant>fred.parrots.com.parrots.com</constant>, which most likely
fails given that you probably do not have this in your DNS namespace.
</para>
<note><para>
<indexterm><primary>Active Directory</primary><secondary>realm</secondary></indexterm>
<indexterm><primary>ADS</primary></indexterm>
<indexterm><primary>DNS</primary></indexterm>
An Active Directory realm called <constant>collision.parrots.com</constant> is perfectly okay,
although it too must be capable of being resolved via DNS, something that functions correctly
if Windows 200x ADS has been properly installed and configured.
</para></note>
</sect3>
<sect3>
<title>Routed Networks</title>
<para>
<indexterm><primary>NetBIOS</primary></indexterm>
<indexterm><primary>UDP</primary><secondary>broadcast</secondary></indexterm>
<indexterm><primary>broadcast</primary></indexterm>
NetBIOS networks (Windows networking with NetBIOS over TCP/IP enabled) makes extensive use
of UDP-based broadcast traffic, as you saw during the exercises in <link linkend="primer"/>.
</para>
<para>
<indexterm><primary>routers</primary></indexterm>
<indexterm><primary>forwarded</primary></indexterm>
<indexterm><primary>multi-subnet</primary></indexterm>
UDP broadcast traffic is not forwarded by routers. This means that NetBIOS broadcast-based
networking cannot function across routed networks (i.e., multi-subnet networks) unless
special provisions are made:
</para>
<itemizedlist>
<listitem><para>
<indexterm><primary>LMHOSTS</primary></indexterm>
<indexterm><primary>remote announce</primary></indexterm>
<indexterm><primary>remote browse sync</primary></indexterm>
Either install on every Windows client an LMHOSTS file (located in the directory
<filename>C:\windows\system32\drivers\etc</filename>). It is also necessary to
add to the Samba server &smb.conf; file the parameters <parameter>remote announce</parameter>
and <parameter>remote browse sync</parameter>. For more information, refer to the online
manual page for the &smb.conf; file.
</para></listitem>
<listitem><para>
<indexterm><primary>WINS</primary><secondary>server</secondary></indexterm>
Or configure Samba as a WINS server, and configure all network clients to use that
WINS server in their TCP/IP configuration.
</para></listitem>
</itemizedlist>
<note><para>
<indexterm><primary>WINS</primary><secondary>name resolution</secondary></indexterm>
<indexterm><primary>DNS</primary></indexterm>
The use of DNS is not an acceptable substitute for WINS. DNS does not store specific
information regarding NetBIOS networking particulars that get stored in the WINS
name resolution database and that Windows clients require and depend on.
</para></note>
</sect3>
<sect3>
<title>Network Collisions</title>
<para>
<indexterm><primary>network</primary><secondary>collisions</secondary></indexterm>
<indexterm><primary>network</primary><secondary>timeouts</secondary></indexterm>
<indexterm><primary>collision rates</primary></indexterm>
<indexterm><primary>network</primary><secondary>load</secondary></indexterm>
Excessive network activity causes NetBIOS network timeouts. Timeouts may result in
blue screen of death (BSOD) experiences. High collision rates may be caused by excessive
UDP broadcast activity, by defective networking hardware, or through excessive network
loads (another way of saying that the network is poorly designed).
</para>
<para>
The use of WINS is highly recommended to reduce network broadcast traffic, as outlined
in <link linkend="primer"/>.
</para>
<para>
<indexterm><primary>netbios forwarding</primary></indexterm>
<indexterm><primary>broadcast storms</primary></indexterm>
<indexterm><primary>performance</primary></indexterm>
Under no circumstances should the facility be supported by many routers, known as <constant>NetBIOS
forwarding</constant>, unless you know exactly what you are doing. Inappropriate use of this
facility can result in UDP broadcast storms. In one case in 1999, a university network became
unusable due to NetBIOS forwarding being enabled on all routers. The problem was discovered during performance
testing of a Samba server. The maximum throughput on a 100-Base-T (100 MB/sec) network was
less than 15 KB/sec. After the NetBIOS forwarding was turned off, file transfer performance
immediately returned to 11 MB/sec.
</para>
</sect3>
</sect2>
<sect2>
<title>Samba Configuration</title>
<para>
As a general rule, the contents of the &smb.conf; file should be kept as simple as possible.
No parameter should be specified unless you know it is essential to operation.
</para>
<para>
<indexterm><primary>document the settings</primary></indexterm>
<indexterm><primary>documented</primary></indexterm>
<indexterm><primary>optimized</primary></indexterm>
Many UNIX administrators like to fully document the settings in the &smb.conf; file. This is a
bad idea because it adds content to the file. The &smb.conf; file is re-read by every <command>smbd</command>
process every time the file timestamp changes (or, on systems where this does not work, every 20 seconds or so).
</para>
<para>
As the size of the &smb.conf; file grows, the risk of introducing parsing errors also increases.
It is recommended to keep a fully documented &smb.conf; file on hand, and then to operate Samba only
with an optimized file.
</para>
<para><indexterm>
<primary>testparm</primary>
</indexterm>
The preferred way to maintain a documented file is to call it something like <filename>smb.conf.master</filename>.
You can generate the optimized file by executing:
<screen>
&rootprompt; testparm -s smb.conf.master > smb.conf
</screen>
You should carefully observe all warnings issued. It is also a good practice to execute the following
command to confirm correct interpretation of the &smb.conf; file contents:
<screen>
&rootprompt; testparm
Load smb config files from /etc/samba/smb.conf
Can't find include file /etc/samba/machine.
Processing section "[homes]"
Processing section "[print$]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[media]"
Processing section "[data]"
Processing section "[cdr]"
Processing section "[apps]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
</screen>
<indexterm><primary>fatal problem</primary></indexterm>
You now, of course, press the enter key to complete the command, or else abort it by pressing Ctrl-C.
The important thing to note is the noted Server role, as well as warning messages. Noted configuration
conflicts must be remedied before proceeding. For example, the following error message represents a
common fatal problem:
<screen>
ERROR: both 'wins support = true' and 'wins server = &lt;server list&gt;'
cannot be set in the smb.conf file. nmbd will abort with this setting.
</screen>
</para>
<para>
<indexterm><primary>performance degradation</primary></indexterm>
<indexterm><primary>socket options</primary></indexterm>
<indexterm><primary>socket address</primary></indexterm>
There are two parameters that can cause severe network performance degradation: <parameter>socket options</parameter>
and <parameter>socket address</parameter>. The <parameter>socket options</parameter> parameter was often necessary
when Samba was used with the Linux 2.2.x kernels. Later kernels are largely self-tuning and seldom benefit from
this parameter being set. Do not use either parameter unless it has been proven necessary to use them.
</para>
<para>
<indexterm><primary>strict sync</primary></indexterm>
<indexterm><primary>sync always</primary></indexterm>
<indexterm><primary>severely degrade</primary></indexterm>
<indexterm><primary>network</primary><secondary>performance</secondary></indexterm>
Another &smb.conf; parameter that may cause severe network performance degradation is the
<parameter>strict sync</parameter> parameter. Do not use this at all. There is no good reason
to use this with any modern Windows client. The <parameter>strict sync</parameter> is often
used with the <parameter>sync always</parameter> parameter. This, too, can severely
degrade network performance, so do not set it; if you must, do so with caution.
</para>
<para>
<indexterm><primary>opportunistic locking</primary></indexterm>
<indexterm><primary>file caching</primary></indexterm>
<indexterm><primary>caching</primary></indexterm>
<indexterm><primary>oplocks</primary></indexterm>
Finally, many network administrators deliberately disable opportunistic locking support. While this
does not degrade Samba performance, it significantly degrades Windows client performance because
this disables local file caching on Windows clients and forces every file read and written to
invoke a network read or write call. If for any reason you must disable oplocks (opportunistic locking)
support, do so only on the share on which it is required. That way, all other shares can provide
oplock support for operations that are tolerant of it. See <link linkend="ch12dblck"/> for more
information.
</para>
</sect2>
<sect2>
<title>Use and Location of BDCs</title>
<para>
<indexterm><primary>BDC</primary></indexterm>
<indexterm><primary>PDC</primary></indexterm>
<indexterm><primary>routed network</primary></indexterm>
<indexterm><primary>wide-area network</primary></indexterm>
<indexterm><primary>network segment</primary></indexterm>
On a network segment where there is a PDC and a BDC, the BDC carries the bulk of the network logon
processing. If the BDC is a heavily loaded server, the PDC carries a greater proportion of
authentication and logon processing. When a sole BDC on a routed network segment gets heavily
loaded, it is possible that network logon requests and authentication requests may be directed
to a BDC on a distant network segment. This significantly hinders WAN operations
and is undesirable.
</para>
<para>
<indexterm><primary>Domain Member</primary></indexterm>
<indexterm><primary>Domain Controller</primary></indexterm>
As a general guide, instead of adding domain member servers to a network, you would be better advised
to add BDCs until there are fewer than 30 Windows clients per BDC. Beyond that ratio, you should add
domain member servers. This practice ensures that there are always sufficient domain controllers
to handle logon requests and authentication traffic.
</para>
</sect2>
<sect2>
<title>Use One Consistent Version of MS Windows Client</title>
<para>
Every network client has its own peculiarities. From a management perspective, it is easier to deal
with one version of MS Windows that is maintained to a consistent update level than it is to deal
with a mixture of clients.
</para>
<para>
On a number of occasions, particular Microsoft service pack updates of a Windows server or client
have necessitated special handling from the Samba server end. If you want to remain sane, keep you
client workstation configurations consistent.
</para>
</sect2>
<sect2>
<title>For Scalability, Use SAN-Based Storage on Samba Servers</title>
<para>
<indexterm><primary>SAN</primary></indexterm>
<indexterm><primary>synchronization</primary></indexterm>
Many SAN-based storage systems permit more than one server to share a common data store.
Use of a shared SAN data store means that you do not need to use time- and resource-hungry data
synchronization techniques.
</para>
<para>
<indexterm><primary>load distribution</primary></indexterm>
<indexterm><primary>clustering</primary></indexterm>
The use of a collection of relatively low-cost front-end Samba servers that are coupled to
a shared backend SAN data store permits load distribution while containing costs below that
of installing and managing a complex clustering facility.
</para>
</sect2>
<sect2>
<title>Distribute Network Load with MSDFS</title>
<para>
<indexterm><primary>MSDFS</primary></indexterm>
<indexterm><primary>distributed</primary></indexterm>
Microsoft DFS (distributed file system) technology has been implemented in Samba. MSDFS permits
data to be accessed from a single share and yet to actually be distributed across multiple actual
servers. Refer to <emphasis>TOSHARG2</emphasis>, Chapter 19, for information regarding
implementation of an MSDFS installation.
</para>
<para>
<indexterm><primary>front-end</primary><secondary>server</secondary></indexterm>
<indexterm><primary>MSDFS</primary></indexterm>
The combination of multiple backend servers together with a front-end server and use of MSDFS
can achieve almost the same as you would obtain with a clustered Samba server.
</para>
</sect2>
<sect2>
<title>Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</title>
<para>
<indexterm><primary>replicate</primary></indexterm>
<indexterm><primary>rsync</primary></indexterm>
<indexterm><primary>wide-area network</primary></indexterm>
Consider using <command>rsync</command> to replicate data across the WAN during times
of low utilization. Users can then access the replicated data store rather than needing to do so
across the WAN. This works best for read-only data, but with careful planning can be
implemented so that modified files get replicated back to the point of origin. Be careful with your
implementation if you choose to permit modification and return replication of the modified file;
otherwise, you may inadvertently overwrite important data.
</para>
</sect2>
<sect2>
<title>Hardware Problems</title>
<para>
<indexterm><primary>hardware prices</primary></indexterm>
<indexterm><primary>hardware problems</primary></indexterm>
<indexterm><primary>NICs</primary></indexterm>
<indexterm><primary>defective</primary><secondary>HUBs</secondary></indexterm>
<indexterm><primary>defective</primary><secondary>switches</secondary></indexterm>
<indexterm><primary>defective</primary><secondary>cables</secondary></indexterm>
Networking hardware prices have fallen sharply over the past 5 years. A surprising number
of Samba networking problems over this time have been traced to defective network interface
cards (NICs) or defective HUBs, switches, and cables.
</para>
<para>
<indexterm><primary>corrective action</primary></indexterm>
Not surprising is the fact that network administrators do not like to be shown to have made
a bad decision. Money saved in buying low-cost hardware may result in high costs incurred
in corrective action.
</para>
<para>
<indexterm><primary>intermittent</primary></indexterm>
<indexterm><primary>data corruption</primary></indexterm>
<indexterm><primary>slow network</primary></indexterm>
<indexterm><primary>low performance</primary></indexterm>
<indexterm><primary>data integrity</primary></indexterm>
Defective NICs, HUBs, and switches may appear as intermittent network access problems, intermittent
or persistent data corruption, slow network throughput, low performance, or even as BSOD
problems with MS Windows clients. In one case, a company updated several workstations with newer, faster
Windows client machines that triggered problems during logon as well as data integrity problems on
an older PC that was unaffected so long as the new machines were kept shut down.
</para>
<para>
Defective hardware problems may take patience and persistence before the real cause can be discovered.
</para>
<para>
<indexterm><primary>RAID controllers</primary></indexterm>
Networking hardware defects can significantly impact perceived Samba performance, but defective
RAID controllers as well as SCSI and IDE hard disk controllers have also been known to impair Samba server
operations. One business came to this realization only after replacing a Samba installation with MS
Windows Server 2000 running on the same hardware. The root of the problem completely eluded the network
administrator until the entire server was replaced. While you may well think that this would never
happen to you, experience shows that given the right (unfortunate) circumstances, this can happen to anyone.
</para>
</sect2>
<sect2>
<title>Large Directories</title>
<para>
There exist applications that create or manage directories containing many thousands of files. Such
applications typically generate many small files (less than 100 KB). At the best of times, under UNIX,
listing of the files in a directory that contains many files is slow. By default, Windows NT, 200x,
and XP Pro cause network file system directory lookups on a Samba server to be performed for both
the case preserving file name as well as for the mangled (8.3) file name. This incurs a huge overhead
on the Samba server that may slow down the system dramatically.
</para>
<para>
In an extreme case, the performance impact was dramatic. File transfer from the Samba server to a Windows
XP Professional workstation over 1 Gigabit Ethernet for 250-500 KB files was measured at approximately
30 MB/sec. But when tranferring a directory containing 120,000 files, all from 50KB to 60KB in size, the
transfer rate to the same workstation was measured at approximately 1.5 KB/sec. The net transfer was
on the order of a factor of 20-fold slower.
</para>
<para>
The symptoms that will be observed on the Samba server when a large directory is accessed will be that
aggregate I/O (typically blocks read) will be relatively low, yet the wait I/O times will be incredibly
long while at the same time the read queue is large. Close observation will show that the hard drive
that the file system is on will be thrashing wildly.
</para>
<para>
Samba-3.0.12 and later, includes new code that radically improves Samba perfomance. The secret to this is
really in the <smbconfoption name="case sensitive">True</smbconfoption> line. This tells smbd never to scan
for case-insensitive versions of names. So if an application asks for a file called <filename>FOO</filename>,
and it can not be found by a simple stat call, then smbd will return "file not found" immediately without
scanning the containing directory for a version of a different case.
</para>
<para>
Canonicalize all the files in the directory to have one case, upper or lower - either will do. Then set up
a new custom share for the application as follows:
<screen>
[bigshare]
path = /data/xrayfiles/neurosurgeons/
read only = no
case sensitive = True
default case = upper
preserve case = no
short preserve case = no
</screen>
</para>
<para>
All files and directories under the <parameter>path</parameter> directory must be in the same case
as specified in the &smb.conf; stanza. This means that smbd will not be able to find lower case
filenames with these settings. Note, this is done on a per-share basis.
</para>
</sect2>
</sect1>
<sect1>
<title>Key Points Learned</title>
<para>
This chapter has touched in broad sweeps on a number of simple steps that can be taken
to ensure that your Samba network is resilient, scalable, and reliable, and that it
performs well.
</para>
<para>
Always keep in mind that someone is responsible to maintain and manage your design.
In the long term, that may not be you. Spare a thought for your successor and give him or
her an even break.
</para>
<para>
<indexterm><primary>assumptions</primary></indexterm>
Last, but not least, you should not only keep the network design simple, but also be sure it is
well documented. This book may serve as your pattern for documenting every
aspect of your design, its implementation, and particularly the objects and assumptions
that underlie it.
</para>
</sect1>
</chapter>

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,163 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<chapter lang="en-US">
<title>Samba Support</title>
<para>
<indexterm><primary>support</primary></indexterm>
One of the most difficult to answer questions in the information technology industry is, <quote>What is
support?</quote>. That question irritates some folks, as much as common answers may annoy others.
</para>
<para>
<indexterm><primary>customers</primary></indexterm>
The most aggravating situation pertaining to support is typified when, as a Linux user, a call is made to
an Internet service provider who, instead of listening to the problem to find a solution, blandly replies:
<quote>Oh, Linux? We do not support Linux!</quote>. It has happened to me, and similar situations happen
through-out the IT industry. Answers like that are designed to inform us that there are some customers
that a business just does not want to deal with, and well may we feel the anguish of the rejection that
is dished out.
</para>
<para>
One way to consider support is to view it as consisting of the right answer, in the right place,
at the right time, no matter the situation. Support is all that it takes to take away pain, disruption,
inconvenience, loss of productivity, disorientation, uncertainty, and real or perceived risk.
</para>
<para>
<indexterm><primary>provided services</primary></indexterm>
<indexterm><primary>services provided</primary></indexterm>
<indexterm><primary>customer expected</primary></indexterm>
One of the forces that has become a driving force for the adoption of open source software is the fact that
many IT businesses have provided services that have perhaps failed to deliver what the customer expected, or
that have been found wanting for other reasons.
</para>
<para>
<indexterm><primary>consumer expects</primary></indexterm>
<indexterm><primary>problem resolution</primary></indexterm>
In recognition of the need for needs satisfaction as the primary experience an information technology user or
consumer expects, the information provided in this chapter may help someone to avoid an unpleasant experience
in respect of problem resolution.
</para>
<para>
<indexterm><primary>free support</primary></indexterm>
<indexterm><primary>paid-for support</primary></indexterm>
<indexterm><primary>commercial support</primary></indexterm>
In the open source software arena there are two support options: free support and paid-for (commercial)
support.
</para>
<sect1>
<title>Free Support</title>
<para>
<indexterm><primary>user groups</primary></indexterm>
<indexterm><primary>mailing lists</primary></indexterm>
<indexterm><primary>interactive help</primary></indexterm>
<indexterm><primary>help</primary></indexterm>
<indexterm><primary>mutual assistance</primary></indexterm>
<indexterm><primary>assistance</primary></indexterm>
Free support may be obtained from friends, colleagues, user groups, mailing lists, and interactive help
facilities. An example of an interactive dacility is the Internet relay chat (IRC) channels that host user
supported mutual assistance.
</para>
<para>
<indexterm><primary>mailing list</primary></indexterm>
<indexterm><primary>deployment</primary></indexterm>
<indexterm><primary>subscription</primary></indexterm>
<indexterm><primary>IRC</primary></indexterm>
<indexterm><primary>project</primary></indexterm>
The Samba project maintains a mailing list that is commonly used to discuss solutions to Samba deployments.
Information regarding subscription to the Samba mailing list can be found on the Samba <ulink
url="https://lists.samba.org/mailman/">web</ulink> site. The public mailing list that can be used to obtain
free, user contributed, support is called the <literal>samba</literal> list. The email address for this list
is at <literal>mail:samba@samba.org</literal>. Information regarding the Samba IRC channels may be found on
the Samba <ulink url="http://www.samba.org/samba.irc.html">IRC</ulink> web page.
</para>
<para>
<indexterm><primary>free support</primary></indexterm>
<indexterm><primary>qualified problem</primary></indexterm>
<indexterm><primary>requesting payment</primary></indexterm>
<indexterm><primary>professional support</primary></indexterm>
As a general rule, it is considered poor net behavior to contact a Samba Team member directly
for free support. Most active members of the Samba Team work exceptionally long hours to assist
users who have demonstrated a qualified problem. Some team members may respond to direct email
or telephone contact, with requests for assistance, by requesting payment. A few of the Samba
Team members actually provide professional paid-for Samba support and it is therefore wise
to show appropriate discretion and reservation in all direct contact.
</para>
<para>
<indexterm><primary>bug report</primary></indexterm>
<indexterm><primary>problem report</primary></indexterm>
<indexterm><primary>code maintainer</primary></indexterm>
When you stumble across a Samba bug, often the quickest way to get it resolved is by posting
a bug <ulink url="https://bugzilla.samba.org/">report</ulink>. All such reports are mailed to
the responsible code maintainer for action. The better the report, and the more serious it is,
the sooner it will be dealt with. On the other hand, if the responsible person can not duplicate
the reported bug it is likely to be rejected. It is up to you to provide sufficient information
that will permit the problem to be reproduced.
</para>
<para>
<indexterm><primary>purchase support</primary></indexterm>
We all recognize that sometimes free support does not provide the answer that is sought within
the time-frame required. At other times the problem is elusive and you may lack the experience
necessary to isolate the problem and thus to resolve it. This is a situation where is may be
prudent to purchase paid-for support.
</para>
</sect1>
<sect1>
<title>Commercial Support</title>
<para>
There are six basic support oriented services that are most commonly sought by Samba sites:
</para>
<itemizedlist>
<listitem><para>Assistance with network design</para></listitem>
<listitem><para>Staff Training</para></listitem>
<listitem><para>Assistance with Samba network deployment and installation</para></listitem>
<listitem><para>Priority telephone or email Samba configuration assistance</para></listitem>
<listitem><para>Trouble-shooting and diagnostic assistance</para></listitem>
<listitem><para>Provision of quality assured ready-to-install Samba binary packages</para></listitem>
</itemizedlist>
<para>
<indexterm><primary>commercial support</primary></indexterm>
<indexterm><primary>country of origin</primary></indexterm>
Information regarding companies that provide professional Samba support can be obtained by performing a Google
search, as well as by reference to the Samba <ulink
url="http://www.samba.org/samba/support.html">Support</ulink> web page. Companies who notify the Samba Team
that they provide commercial support are given a free listing that is sorted by the country of origin.
Multiple listings are permitted, however no guarantee is offered. It is left to you to qualify a support
provider and to satisfy yourself that both the company and its staff are able to deliver what is required of
them.
</para>
<para>
<indexterm><primary>commercial support</primary></indexterm>
The policy within the Samba Team is to treat all commercial support providers equally and to show no
preference. As a result, Samba Team members who provide commercial support are lumped in with everyone else.
You are encouraged to obtain the services needed from a company in your local area. The open source movement
is pro-community; so do what you can to help a local business to prosper.
</para>
<para>
<indexterm><primary>unsupported software</primary></indexterm>
Open source software support can be found in any quality, at any price and in any place you can
to obtain it. Over 180 companies around the world provide Samba support, there is no excuse for
suffering in the mistaken belief that Samba is unsupported software &smbmdash; it is supported.
</para>
</sect1>
</chapter>

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<preface lang="en-US">
<title>Acknowledgments</title>
<para>
<emphasis>Samba-3 by Example</emphasis> would not have been written except
as a result of feedback provided by reviewers and readers of the book <emphasis>The
Official Samba-3 HOWTO and Reference Guide.</emphasis> This second edition
was made possible by generous feedback from Samba users. I hope this book
more than answers the challenge and needs of many more networks that are
languishing for a better networking solution.
</para>
<para>
I am deeply indebted to a large group of diligent people. Space prevents
me from listing all of them, but a few stand out as worthy of mention.
Jelmer Vernooij made the notable contribution of building the XML production
environment and thereby made possible the typesetting of this book.
</para>
<para>
Samba would not have come into existence if Andrew Tridgell had not taken
the first steps. He continues to lead the project. Under the shadow of his
mantle are some great folks who never give up and are always ready to help.
Thank you to: Jeremy Allison, Jerry Carter, Andrew Bartlett, Jelmer Vernooij,
Alexander Bokovoy, Volker Lendecke, and other team members who answered my
continuous stream of questions &smbmdash; all of which resulted in improved content
in this book.
</para>
<para>
My heartfelt thanks go out also to a small set of reviewers (alphabetically
listed) who gave substantial feedback and significant suggestions for improvement:
Tony Earnshaw, William Enestvedt, Eric Hines, Roland Gruber, Gavin Henry,
Steven Henry, Luke Howard, Tarjei Huse, Jon Johnston, Alan Munter, Mike MacIsaac,
Scott Mann, Ed Riddle, Geoff Scott, Santos Soler, Misty Stanley-Jones, Mark Taylor,
and Jérôme Tournier.
</para>
<para>
My appreciation is extended to a team of more than 30 additional reviewers who
helped me to find my way around dark corners.
</para>
<para>
Particular mention is due to Lyndell, Amos, and Melissa who gave me the
latitude necessary to spend nearly an entire year writing Samba documentation,
and then gave more so this second edition could be created.
</para>
</preface>

View File

@ -0,0 +1,88 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<preface lang="en-US">
<title>Foreword</title>
<sect1><title>By John M. Weathersby, Executive Director, OSSI</title>
<blockquote>
<para>
The Open Source Software Institute (OSSI) is comprised of representatives from a broad spectrum of business and
non-business organizations that share a common interest in the promotion of development and implementation
of open source software solutions globally, and in particular within the United States of America.
</para>
<para>
The OSSI has global affiliations with like-minded organizations. Our affiliate in the United Kingdom is the
Open Source Consortium (OSC). Both the OSSI and the OSC share a common objective to expand the use of open source
software in federal, state, and municipal government agencies; and in academic institutions. We represent
businesses that provide professional support services that answer the needs of our target organizational
information technology consumers in an effective and cost-efficient manner.
</para>
<para>
Open source software has matured greatly over the past five years with the result that an increasing number of
people who hold key decisionmaking positions want to know how the business model works. They
want to understand how problems get resolved, how questions get answered, and how the development model
is sustained. Information and communications technology directors in defense organizations, and in other
government agencies that deal with sensitive information, want to become familiar with development road-maps
and, in particular, seek to evaluate the track record of the mainstream open source project teams.
</para>
<para>
Wherever the OSSI gains entrance to new opportunities we find that Microsoft Windows technologies are the
benchmark against which open source software solutions are measured. Two open source software projects
are key to our ability to present a structured and convincing proposition that there are alternatives
to the incumbent proprietary means of meeting information technology needs. They are the Apache Web Server
and Samba.
</para>
<para>
Just as the Apache Web Server is the standard in web serving technology, Samba is the definitive standard
for providing interoperability with UNIX systems and other non-Microsoft operating system platforms. Both
open source applications have a truly remarkable track record that extends for more than a decade. Both have
demonstrated the unique capacity to innovate and maintain a level of development that has not only kept
pace with demands, but, in many areas, each project has also proven to be an industry leader.
</para>
<para>
One of the areas in which the Samba project has demonstrated key leadership is in documentation. The OSSI
was delighted when we saw the Samba Team, and John H. Terpstra in particular, release two amazingly
well-written books to help Samba software users deploy, maintain, and troubleshoot Windows networking
installations. We were concerned that, given the large volume of documentation, the challenge to maintain
it and keep it current might prove difficult.
</para>
<para>
This second edition of the book, <emphasis>Samba-3 by Example</emphasis>, barely one year following the release
of the first edition, has removed all concerns and is proof that open source solutions are a compelling choice.
The first edition was released shortly following the release of Samba version 3.0 itself, and has become
the authoritative instrument for training and for guiding deployment.
</para>
<para>
I am personally aware of how much effort has gone into this second edition. John Terpstra has worked with
government bodies and with large organizations that have deployed Samba-3 since it was released. He also
worked to ensure that this book gained community following. He asked those who have worked at the coalface
of large and small organizations alike, to contribute their experiences. He has captured that in this book
and has succeeded yet again. His recipe is persistence, intuition, and a high level of respect for the people
who use Samba.
</para>
<para>
This book is the first source you should turn to before you deploy Samba and as you are mastering its
deployment. I am proud and excited to be associated in a small way with such a useful tool. This book has
reached maturity that is demonstrated by reiteration that every step in deployment must be validated.
This book makes it easy to succeed, and difficult to fail, to gain a stable network environment.
</para>
<para>
I recommend this book for use by all IT managers and network administrators.
</para>
</blockquote>
</sect1>
</preface>

View File

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<preface lang="en-US">
<title>Front Matter</title>
<para>
Just a place holder.
</para>
</preface>

View File

@ -0,0 +1,258 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE glossary PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<glossary>
<title>Glossary</title>
<glossentry>
<glossterm>Access Control List</glossterm>
<acronym>ACL</acronym>
<glossdef><para>
A detailed list of permissions granted to users or groups with respect to file and network
resource access.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Active Directory Service</glossterm>
<acronym>ADS</acronym>
<glossdef><para>
A service unique to Microsoft Windows 200x servers that provides a centrally managed
directory for management of user identities and computer objects, as well as the
permissions each user or computer may be granted to access distributed network resources.
ADS uses Kerberos-based authentication and LDAP over Kerberos for directory access.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Common Internet File System</glossterm>
<acronym>CIFS</acronym>
<glossdef><para>
The new name for SMB. Microsoft renamed the SMB protocol to CIFS during
the Internet hype in the 1990s. At about the time that the SMB protocol was renamed
to CIFS, an additional dialect of the SMB protocol was in development. The need for the
deployment of the NetBIOS layer was also removed, thus paving the way for use of the SMB
protocol natively over TCP/IP (known as NetBIOS-less SMB or <quote>naked</quote> TCP
transport).
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Common UNIX Printing System</glossterm>
<acronym>CUPS</acronym>
<glossdef><para>
A recent implementation of a high-capability printing system for UNIX developed by
<ulink url="http://www.easysw.com/">Easy Software Inc.</ulink>. The design objective
of CUPS was to provide a rich print processing system that has built-in intelligence
that is capable of correctly rendering (processing) a file that is submitted for
printing even if it was formatted for an entirely different printer.
</para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>Domain Master Browser</glossterm>
<acronym>DMB</acronym>
<glossdef><para>
The Domain Master Browser maintains a list of all the servers that
have announced their services within a given workgroup or NT domain.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Domain Name Service</glossterm>
<acronym>DNS</acronym>
<glossdef><para>
A protocol by which computer hostnames may be resolved to the matching IP address/es.
DNS is implemented by the Berkeley Internet Name Daemon. There exists a recent version
of DNS that allows dynamic name registration by network clients or by a DHCP server.
This recent protocol is known as dynamic DNS (DDNS).
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Dynamic Host Configuration Protocol</glossterm>
<acronym>DHCP</acronym>
<glossdef><para>
A protocol that was based on the BOOTP protocol that may be used to dynamically assign
an IP address, from a reserved pool of addresses, to a network client or device.
Additionally, DHCP may assign all network configuration settings and may be used to
register a computer name and its address with a dynamic DNS server.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Group IDentifier</glossterm>
<acronym>GID</acronym>
<glossdef><para>
The UNIX system group identifier; on older systems, a 32-bit unsigned integer, and on
newer systems, an unsigned 64-bit integer. The GID is used in UNIX-like operating systems
for all group-level access control.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Key Distribution Center</glossterm>
<acronym>KDC</acronym>
<glossdef><para>
The Kerberos authentication protocol makes use of security keys (also called a ticket)
by which access to network resources is controlled. The issuing of Kerberos tickets
is effected by a KDC.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Lightweight Directory Access Protocol</glossterm>
<acronym>LDAP</acronym>
<glossdef>
<para>
The Lightweight Directory Access Protocol is a technology that
originated from the development of X.500 protocol specifications and
implementations. LDAP was designed as a means of rapidly searching
through X.500 information. Later LDAP was adapted as an engine that
could drive its own directory database. LDAP is not a database per
se; rather it is a technology that enables high-volume search and
locate activity from clients that wish to obtain simply defined
information about a subset of records that are stored in a
database. LDAP does not have a particularly efficient mechanism for
storing records in the database, and it has no concept of transaction
processing nor of mechanisms for preserving data consistency. LDAP is
premised around the notion that the search and read activity far
outweigh any need to add, delete, or modify records. LDAP does
provide a means for replication of the database to keep slave
servers up to date with a master. It also has built-in capability to
handle external references and deferral.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Local Master Browser</glossterm>
<acronym>LMB</acronym>
<glossdef><para>
The Local Master Browser maintains a list of all servers that have announced themselves
within a given workgroup or NT domain on a particular broadcast isolated subnet.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Media Access Control</glossterm>
<acronym>MAC</acronym>
<glossdef><para>
The hard-coded address of the physical-layer device that is attached to the network.
All network interface controllers must have a hard-coded and unique MAC address. The
MAC address is 48 bits long.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>NetBIOS Extended User Interface</glossterm>
<acronym>NetBEUI</acronym>
<glossdef><para>
Very simple network protocol invented by IBM and Microsoft. It is used to do NetBIOS
over Ethernet with low overhead. NetBEUI is a non-routable protocol.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Network Address Translation</glossterm>
<acronym>NAT</acronym>
<glossdef><para>
Network address translation is a form of IP address masquerading. It ensures that internal
private (RFC1918) network addresses from packets inside the network are rewritten so
that TCP/IP packets that leave the server over a public connection are seen to come only
from the external network address.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Network Basic Input/Output System</glossterm>
<acronym>NetBIOS</acronym>
<glossdef><para>
NetBIOS is a simple application programming interface (API) invented in the 1980s
that allows programs to send data to certain network names. NetBIOS is always run over
another network protocol such as IPX/SPX, TCP/IP, or Logical Link Control (LLC).
NetBIOS run over LLC is best known as NetBEUI (the NetBIOS Extended User Interface
&smbmdash; a complete misnomer!).
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>NetBT</glossterm>
<acronym>NBT</acronym>
<glossdef><para>
Protocol for transporting NetBIOS frames over TCP/IP. Uses ports 137, 138, and 139.
NetBT is a fully routable protocol.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>NT/LanManager Security Support Provider</glossterm>
<acronym>NTLMSSP</acronym>
<glossdef><para>
The NTLM Security Support Provider (NTLMSSP) service in Windows NT4/200x/XP is responsible for
handling all NTLM authentication requests. It is the front end for protocols such as SPNEGO,
Schannel, and other technologies. The generic protocol family supported by NTLMSSP is known as
GSSAPI, the Generic Security Service Application Program Interface specified in RFC2078.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Server Message Block</glossterm>
<acronym>SMB</acronym>
<glossdef><para>
SMB was the original name of the protocol spoken by Samba. It was invented in the 1980s
by IBM and adopted and extended further by Microsoft. Microsoft renamed the protocol to
CIFS during the Internet hype in the 1990s.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>The Simple and Protected GSS-API Negotiation</glossterm>
<acronym>SPNEGO</acronym>
<glossdef><para>
The purpose of SPNEGO is to allow a client and server to negotiate a security mechanism for
authentication. The protocol is specified in RFC2478 and uses tokens as built via ASN.1 DER.
DER refers to Distinguished Encoding Rules. These are a set of common rules for creating
binary encodings in a platform-independent manner. Samba has support for SPNEGO.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>The Official Samba-3 HOWTO and Reference Guide, Second Edition</glossterm>
<acronym>TOSHARG2</acronym>
<glossdef><para>
This book makes repeated reference to <quote>The Official Samba-3 HOWTO and Reference Guide, Second
Edition</quote> by John H. Terpstra and Jelmer R. Vernooij. This publication is available from
Amazon.com. Publisher: Prentice Hall PTR (August 2005),
ISBN: 013122282.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>User IDentifier</glossterm>
<acronym>UID</acronym>
<glossdef><para>
The UNIX system user identifier; on older systems, a 32-bit unsigned integer, and on newer systems,
an unsigned 64-bit integer. The UID is used in UNIX-like operating systems for all user-level access
control.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Universal Naming Convention</glossterm>
<acronym>UNC</acronym>
<glossdef><para>A syntax for specifying the location of network resources (such as file shares).
The UNC syntax was developed in the early days of MS DOS 3.x and is used internally by the SMB protocol.
</para></glossdef>
</glossentry>
<glossentry>
<glossterm>Wireshark</glossterm>
<acronym>wireshark</acronym>
<glossdef><para>
A network analyzer, also known as a network sniffer or a protocol analyzer. Formerly known as Ethereal, Wireshark is
freely available for UNIX/Linux and Microsoft Windows systems from
<ulink url="http://www.wireshark.org">the Wireshark Web site</ulink>.
</para></glossdef>
</glossentry>
</glossary>

View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<preface lang="en-US">
<title>About the Cover Artwork</title>
<para>
The cover artwork of this book continues the freedom theme of the first
edition of <quote>Samba-3 by Example</quote>. The history of civilization
demonstrates the fragile nature of freedom. It can be lost in a moment,
and once lost, the cost of recovering liberty can be incredible. The last
edition cover featured Alfred the Great who liberated England from the
constant assault of Vikings and Norsemen. Events in England that
finally liberated the common people came about in small steps, but
the result should not be under-estimated. Today, as always, freedom and
liberty are seldom appreciated until they are lost. If we can not quantify
what is the value of freedom, we shall be little motivated to protect it.
</para>
<para>
<emphasis>Samba-3 by Example Cover Artwork:</emphasis> The British houses
of parliament are a symbol of the Westminster system of government. This form
of government permits the people to govern themselves at the lowest level, yet
it provides for courts of appeal that are designed to protect freedom and to
hold back all forces of tyranny. The clock is a pertinent symbol of the
importance of time and place.
</para>
<para>
The information technology industry is being challenged by the imposition of
new laws, hostile litigation, and the imposition of significant constraint
of practice that threatens to remove the freedom to develop and deploy open
source software solutions. Samba is a software solution that epitomizes freedom
of choice in network interoperability for Microsoft Windows clients.
</para>
<para>
I hope you will take the time needed to deploy it well, and that you may realize
the greatest benefits that may be obtained. You are free to use it in ways never
considered, but in doing so there may be some obstacles. Every obstacle that is
overcome adds to the freedom you can enjoy. Use Samba well, and it will serve
you well.
</para>
</preface>

View File

@ -0,0 +1,609 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<preface id="preface">
<title>Preface</title>
<para>
Network administrators live busy lives. We face distractions and pressures
that drive us to seek proven, working case scenarios that can be easily
implemented. Often this approach lands us in trouble. There is a
saying that, geometrically speaking, the shortest distance between two
points is a straight line, but practically we find that the quickest
route to a stable network solution is the long way around.
</para>
<para>
This book is your means to the straight path. It provides step-by-step,
proven, working examples of Samba deployments. If you want to deploy
Samba-3 with the least effort, or if you want to become an expert at deploying
Samba-3 without having to search through lots of documentation, this
book is the ticket to your destination.
</para>
<para>
Samba is software that can be run on a platform other than Microsoft Windows,
for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems.
Samba uses the TCP/IP protocol that is installed on the host server. When
correctly configured, it allows that host to interact with a Microsoft Windows
client or server as if it is a Windows file and print server. This book
will help you to implement Windows-compatible file and print services.
</para>
<para>
The examples presented in this book are typical of various businesses and
reflect the problems and challenges they face. Care has been taken to preserve
attitudes, perceptions, practices, and demands from real network case studies.
The maximum benefit may be obtained from this book by working carefully through
each exercise. You may be in a hurry to satisfy a specific need, so feel
free to locate the example that most closely matches your need, copy it, and
innovate as much as you like. Above all, enjoy the process of learning the
secrets of MS Windows networking that is truly liberated by Samba.
</para>
<para>
The focus of attention in this book is Samba-3. Specific notes are made in
respect of how Samba may be made secure. This book does not attempt to provide
detailed information regarding secure operation and configuration of peripheral
services and applications such as OpenLDAP, DNS and DHCP, the need for which
can be met from other resources that are dedicated to the subject.
</para>
<sect1>
<title>Why Is This Book Necessary?</title>
<para>
This book is the result of observations and feedback. The feedback from
the Samba-HOWTO-Collection has been positive and complimentary. There
have been requests for far more worked examples, a
<quote>Samba Cookbook,</quote> and for training materials to
help kick-start the process of mastering Samba.
</para>
<para>
The Samba mailing lists users have asked for sample configuration files
that work. It is natural to question one's own ability to correctly
configure a complex tool such as Samba until a minimum necessary
knowledge level has been attained.
</para>
<para>
The Samba-HOWTO-Collection &smbmdash; as does <emphasis>The Official Samba-3 HOWTO and
Reference Guide</emphasis> &smbmdash; documents Samba features and functionality in
a topical context. This book takes a completely different approach. It
walks through Samba network configurations that are working within particular
environmental contexts, providing documented step-by-step implementations.
All example case configuration files, scripts, and other tools are provided
on the CD-ROM. This book is descriptive, provides detailed diagrams, and
makes deployment of Samba-3 a breeze.
</para>
<sect2>
<title>Samba 3.0.20 Update Edition</title>
<para>
The Samba 3.0.x series has been remarkably popular. At the time this book first
went to print samba-3.0.2 was being released. There have been significant modifications
and enhancements between samba-3.0.2 and samba-3.0.14 (the current release) that
necessitate this documentation update. This update has the specific intent to
refocus this book so that its guidance can be followed for samba-3.0.20
and beyond. Further changes are expected as Samba-3 matures further and will
be reflected in future updates.
</para>
<para>
The changes shown in <link linkend="pref-new"/> are incorporated in this update.
</para>
<table id="pref-new">
<title>Samba Changes &smbmdash; 3.0.2 to 3.0.20</title>
<tgroup cols="2">
<colspec align="left"/>
<colspec align="justify"/>
<thead>
<row>
<entry align="left">
<para>
New Feature
</para>
</entry>
<entry align="left">
<para>
Description
</para>
</entry>
</row>
</thead>
<tbody>
<row>
<entry>
<para>
Winbind Case Handling
</para>
</entry>
<entry>
<para>
User and group names returned by <command>winbindd</command> are now converted to lower case
for better consistency. Samba implementations that depend on the case of information returned
by winbind (such as %u and %U) must now convert the dependency to expecting lower case values.
This affects mail spool files, home directories, valid user lines in the &smb.conf; file, etc.
</para>
</entry>
</row>
<row>
<entry>
<para>
Schema Changes
</para>
</entry>
<entry>
<para>
Addition of code to handle password aging, password uniqueness controls, bad
password instances at logon time, have made necessary extensions to the SambaSAM
schema. This change affects all sites that use LDAP and means that the directory
schema must be updated.
</para>
</entry>
</row>
<row>
<entry>
<para>
Username Map Handling
</para>
</entry>
<entry>
<para>
Samba-3.0.8 redefined the behavior: Local authentication results in a username map file
lookup before authenticating the connection. All authentication via an external domain
controller will result in the use of the fully qualified name (i.e.: DOMAIN\username)
after the user has been successfully authenticated.
</para>
</entry>
</row>
<row>
<entry>
<para>
UNIX Extension Handling
</para>
</entry>
<entry>
<para>
Symbolically linked files and directories on the UNIX host to absolute paths will
now be followed. This can be turned off using <quote>wide links = No</quote> in
the share stanza in the &smb.conf; file. Turning off <quote>wide links</quote>
support will degrade server performance because each path must be checked.
</para>
</entry>
</row>
<row>
<entry>
<para>
Privileges Support
</para>
</entry>
<entry>
<para>
Versions of Samba prior to samba-3.0.11 required the use of the UNIX <constant>root</constant>
account from network Windows clients. The new <quote>enable privileges = Yes</quote> capability
means that functions such as adding machines to the domain, managing printers, etc. can now
be delegated to normal user accounts or to groups of users.
</para>
</entry>
</row>
</tbody>
</tgroup>
</table>
</sect2>
</sect1>
<sect1>
<title>Prerequisites</title>
<para>
This book is not a tutorial on UNIX or Linux administration. UNIX and Linux
training is best obtained from books dedicated to the subject. This book
assumes that you have at least the basic skill necessary to use these operating
systems, and that you can use a basic system editor to edit and configure files.
It has been written with the assumption that you have experience with Samba,
have read <emphasis>The Official Samba-3 HOWTO and Reference Guide</emphasis> and
the Samba-HOWTO-Collection, or that you have familiarity with Microsoft Windows.
</para>
<para>
If you do not have this experience, you can follow the examples in this book but may
find yourself at times intimidated by assumptions made. In this situation, you
may need to refer to administrative guides or manuals for your operating system
platform to find what is the best method to achieve what the text of this book describes.
</para>
</sect1>
<sect1>
<title>Approach</title>
<para>
The first chapter deals with some rather thorny network analysis issues. Do not be
put off by this. The information you glean, even without a detailed understanding
of network protocol analysis, can help you understand how Windows networking functions.
</para>
<para>
Each following chapter of this book opens with the description of a networking solution
sought by a hypothetical site. Bob Jordan is a hypothetical decision maker
for an imaginary company, <constant>Abmas Biz NL</constant>. We will use the
non-existent domain name <constant>abmas.biz</constant>. All <emphasis>facts</emphasis>
presented regarding this company are fictitious and have been drawn from a variety of real
business scenarios over many years. Not one of these reveal the identify of the
real-world company from which the scenario originated.
</para>
<para>
In any case, Mr. Jordan likes to give all his staff nasty little assignments.
Stanley Saroka is one of his proteges; Christine Roberson is the network administrator
Bob trusts. Jordan is inclined to treat other departments well because they finance
Abmas IT operations.
</para>
<para>
Each chapter presents a summary of the network solution we have chosen to
demonstrate together with a rationale to help you to understand the
thought process that drove that solution. The chapter then documents in precise
detail all configuration files and steps that must be taken to implement the
example solution. Anyone wishing to gain serious value from this book will
do well to take note of the implications of points made, so watch out for the
<emphasis>this means that</emphasis> notations.
</para>
<para>
Each chapter has a set of questions and answers to help you to
to understand and digest key attributes of the solutions presented.
</para>
</sect1>
<sect1>
<title>Summary of Topics</title>
<para>
The contents of this second edition of <emphasis>Samba-3 by Example</emphasis>
have been rearranged based on feedback from purchasers of the first edition.
</para>
<para>
Clearly the first edition contained most of what was needed and that was missing
from other books that cover this difficult subject. The new arrangement adds
additional material to meet consumer requests and includes changes that originated
as suggestions for improvement.
</para>
<para>
Chapter 1 now dives directly into the heart of the implementation of Windows
file and print server networks that use Samba at the heart.
</para>
<variablelist>
<varlistentry>
<term>Chapter 1 &smbmdash; No Frills Samba Servers.</term><listitem>
<para>
Here you design a solution for three different business scenarios, each for a
company called Abmas. There are two simple networking problems and one slightly
more complex networking challenge. In the first two cases, Abmas has a small
simple office, and they want to replace a Windows 9x peer-to-peer network. The
third example business uses Windows 2000 Professional. This must be simple,
so let's see how far we can get. If successful, Abmas grows quickly and
soon needs to replace all servers and workstations.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; This chapter demands:
<itemizedlist>
<listitem><para>Case 1: The simplest &smb.conf; file that may
reasonably be used. Works with Samba-2.x also. This
configuration uses Share Mode security. Encrypted
passwords are not used, so there is no
<filename>smbpasswd</filename> file.
</para></listitem>
<listitem><para>Case 2: Another simple &smb.conf; file that adds
WINS support and printing support. This case deals with
a special requirement that demonstrates how to deal with
purpose-built software that has a particular requirement
for certain share names and printing demands. This
configuration uses Share Mode security and also works with
Samba-2.x. Encrypted passwords are not used, so there is no
<filename>smbpasswd</filename> file.
</para></listitem>
<listitem><para>Case 3: This &smb.conf; configuration uses User Mode
security. The file share configuration demonstrates
the ability to provide master access to an administrator
while restricting all staff to their own work areas.
Encrypted passwords are used, so there is an implicit
<filename>smbpasswd</filename> file.
</para></listitem>
</itemizedlist>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 2 &smbmdash; Small Office Networking.</term><listitem>
<para>
Abmas is a successful company now. They have 50 network users
and want a little more varoom from the network. This is a typical
small office and they want better systems to help them to grow. This is
your chance to really give advanced users a bit more functionality and usefulness.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file
makes use of encrypted passwords, so there is an <filename>smbpasswd</filename>
file. It also demonstrates use of the <parameter>valid users</parameter> and
<parameter>valid groups</parameter> to restrict share access. The Windows
clients access the server as Domain members. Mobile users log onto
the Domain while in the office, but use a local machine account while on the
road. The result is an environment that answers mobile computing user needs.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 3 &smbmdash; Secure Office Networking.</term><listitem>
<para>
Abmas is growing rapidly now. Money is a little tight, but with 130
network users, security has become a concern. They have many new machines
to install and the old equipment will be retired. This time they want the
new network to scale and grow for at least two years. Start with a sufficient
system and allow room for growth. You are now implementing an Internet
connection and have a few reservations about user expectations.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file
makes use of encrypted passwords, and you can use a <filename>tdbsam</filename>
password backend. Domain logons are introduced. Applications are served from the central
server. Roaming profiles are mandated. Access to the server is tightened up
so that only domain members can access server resources. Mobile computing
needs still are catered to.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 4 &smbmdash; The 500 User Office.</term><listitem>
<para>
The two-year projections were met. Congratulations, you are a star.
Now Abmas needs to replace the network. Into the existing user base, they
need to merge a 280-user company they just acquired. It is time to build a serious
network. There are now three buildings on one campus and your assignment is
to keep everyone working while a new network is rolled out. Oh, isn't it nice
to roll out brand new clients and servers! Money is no longer tight, you get
to buy and install what you ask for. You will install routers and a firewall.
This is exciting!
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file
makes use of encrypted passwords, and a <filename>tdbsam</filename>
password backend is used. You are not ready to launch into LDAP yet, so you
accept the limitation of having one central Domain Controller with a Domain
Member server in two buildings on your campus. A number of clever techniques
are used to demonstrate some of the smart options built into Samba.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 5 &smbmdash; Making Happy Users.</term><listitem>
<para>
Congratulations again. Abmas is happy with your services and you have been given another raise.
Your users are becoming much more capable and are complaining about little
things that need to be fixed. Are you up to the task? Mary says it takes her 20 minutes
to log onto the network and it is killing her productivity. Email is a bit <emphasis>
unreliable</emphasis> &smbmdash; have you been sleeping on the job? We do not discuss the
technology of email but when the use of mail clients breaks because of networking
problems, you had better get on top of it. It's time for a change.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file
makes use of encrypted passwords; a distributed <filename>ldapsam</filename>
password backend is used. Roaming profiles are enabled. Desktop profile controls
are introduced. Check out the techniques that can improve the user experience
of network performance. As a special bonus, this chapter documents how to configure
smart downloading of printer drivers for drag-and-drop printing support. And, yes,
the secret of configuring CUPS is clearly documented. Go for it; this one will
tease you, too.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 6 &smbmdash; A Distributed 2000 User Network.</term><listitem>
<para>
Only eight months have passed, and Abmas has acquired another company. You now need to expand
the network further. You have to deal with a network that spans several countries.
There are three new networks in addition to the original three buildings at the head-office
campus. The head office is in New York and you have branch offices in Washington, Los Angeles, and
London. Your desktop standard is Windows XP Professional. In many ways, everything has changed
and yet it must remain the same. Your team is primed for another roll-out. You know there are
further challenges ahead.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; Slave LDAP servers are introduced. Samba is
configured to use multiple LDAP backends. This is a brief chapter; it assumes that the
technology has been mastered and gets right down to concepts and how to deploy them.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 7 &smbmdash; Adding UNIX/Linux Servers and Clients.</term><listitem>
<para>
Well done, Bob, your team has achieved much. Now help Abmas integrate the entire network.
You want central control and central support and you need to cut costs. How can you reduce administrative
overheads and yet get better control of the network?
</para>
<para>
This chapter has been contributed by Mark Taylor <email>mark.taylor@siriusit.co.uk</email>
and is based on a live site. For further information regarding this example case,
please contact Mark directly.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; It is time to consider how to add Samba servers
and UNIX and Linux network clients. Users who convert to Linux want to be able to log on
using Windows network accounts. You explore nss_ldap, pam_ldap, winbind, and a few neat
techniques for taking control. Are you ready for this?
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 8 &smbmdash; Updating Samba-3.</term><listitem>
<para>
This chapter is the result of repeated requests for better documentation of the steps
that must be followed when updating or upgrading a Samba server. It attempts to cover
the entire subject in broad-brush but at the same time provides detailed background
information that is not covered elsewhere in the Samba documentation.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; Samba stores a lot of essential network
information in a large and growing collection of files. This chapter documents the
essentials of where those files may be located and how to find them. It also provides
an insight into inter-related matters that affect a Samba installation.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 9 &smbmdash; Migrating NT4 Domain to Samba-3.</term><listitem>
<para>
Another six months have passed. Abmas has acquired yet another company. You will find a
way to migrate all users off the old network onto the existing network without loss
of passwords and will effect the change-over during one weekend. May the force (and caffeine) be with
you, may you keep your back to the wind and may the sun shine on your face.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; This chapter demonstrates the use of
the <command>net rpc migrate</command> facility using an LDAP ldapsam backend, and also
using a tdbsam passdb backend. Both are much-asked-for examples of NT4 Domain migration.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 10 &smbmdash; Migrating NetWare 4.11 Server to Samba.</term><listitem>
<para>
Misty Stanley-Jones has contributed information that summarizes her experience at migration
from a NetWare server to Samba-3.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; The documentation provided demonstrates
how one site migrated from NetWare to Samba. Some alternatives tools are mentioned. These
could be used to provide another pathway to a successful migration.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 11 &smbmdash; Active Directory, Kerberos and Security.</term><listitem>
<para>
Abmas has acquired another company that has just migrated to running Windows Server 2003 and
Active Directory. One of your staff makes offhand comments that land you in hot water.
A network security auditor is hired by the head of the new business and files a damning
report, and you must address the <emphasis>defects</emphasis> reported. You have hired new
network engineers who want to replace Microsoft Active Directory with a pure Kerberos
solution. How will you handle this?
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; This chapter is your answer. Learn about
share access controls, proper use of UNIX/Linux file system access controls, and Windows
200x Access Control Lists. Follow these steps to beat the critics.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 12 &smbmdash; Integrating Additional Services.</term><listitem>
<para>
The battle is almost over, Samba-3 has won the day. Your team are delighted and now you
find yourself at yet another cross-roads. Abmas have acquired a snack food business, you
made promises you must keep. IT costs must be reduced, you have new resistance, but you
will win again. This time you choose to install the Squid proxy server to validate the
fact that Samba is far more than just a file and print server. SPNEGO authentication
support means that your Microsoft Windows clients gain transparent proxy access.
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; Samba provides the <command>ntlm_auth</command>
module that makes it possible for MS Windows Internet Explorer to connect via the Squid Web
and FTP proxy server. You will configure Samba-3 as well as Squid to deliver authenticated
access control using the Active Directory Domain user security credentials.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 13 &smbmdash; Performance, Reliability and Availability.</term><listitem>
<para>
Bob, are you sure the new Samba server is up to the load? Your network is serving many
users who risk becoming unproductive. What can you do to keep ahead of demand? Can you
keep the cost under control also? What can go wrong?
</para>
<para><emphasis>TechInfo</emphasis> &smbmdash; Hot tips that put chili into your
network. Avoid name resolution problems, identify potential causes of network collisions,
avoid Samba configuration options that will weigh the server down. MS distributed file
services to make your network fly and much more. This chapter contains a good deal of
<quote>Did I tell you about this...?</quote> type of hints to help keep your name on the top
performers list.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 14 &smbmdash; Samba Support.</term><listitem>
<para>
This chapter has been added specifically to help those who are seeking professional
paid support for Samba. The critics of Open Source Software often assert that
there is no support for free software. Some critics argue that free software
undermines the service that proprietary commercial software vendors depend on.
This chapter explains what are the support options for Samba and the fact that
a growing number of businesses make money by providing commercial paid-for
Samba support.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 15 &smbmdash; A Collection of Useful Tid-bits.</term><listitem>
<para>
Sometimes it seems that there is not a good place for certain odds and ends that
impact Samba deployment. Some readers would argue that everyone can be expected
to know this information, or at least be able to find it easily. So to avoid
offending a reader's sensitivities, the tid-bits have been placed in this chapter.
Do check out the contents, you may find something of value among the loose ends.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Chapter 16 &smbmdash; Windows Networking Primer.</term><listitem>
<para>
Here we cover practical exercises to help us to understand how MS Windows
network protocols function. A network protocol analyzer helps you to
appreciate the fact that Windows networking is highly dependent on broadcast
messaging. Additionally, you can look into network packets that a Windows
client sends to a network server to set up a network connection. On completion,
you should have a basic understanding of how network browsing functions and
have seen some of the information a Windows client sends to
a file and print server to create a connection over which file and print
operations may take place.
</para>
</listitem>
</varlistentry>
</variablelist>
</sect1>
<!-- the conventions used in this book -->
<xi:include href="conventions.xml" xmlns:xi="http://www.w3.org/2003/XInclude" />
</preface>

View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<sect1>
<title>Conventions Used</title>
<para>
The following notation conventions are used throughout this book:
</para>
<itemizedlist>
<listitem>
<para>
TOSHARG2 is used as an abbreviation for the book, <quote>The Official Samba-3
HOWTO and Reference Guide, Second Edition</quote> Editors: John H. Terpstra and Jelmer R. Vernooij,
Publisher: Prentice Hall, ISBN: 0131882228.
</para>
</listitem>
<listitem>
<para>
S3bE2 is used as an abbreviation for the book, <quote>Samba-3 by Example, Second Edition</quote>
Editors: John H. Terpstra, Publisher: Prentice Hall, ISBN: 013188221X.
</para>
</listitem>
<listitem>
<para>
Directories and filenames appear in mono-font. For example,
<filename>/etc/pam.conf</filename>.
</para>
</listitem>
<listitem>
<para>
Executable names are bolded. For example, <command>smbd</command>.
</para>
</listitem>
<listitem>
<para>
Menu items and buttons appear in bold. For example, click <guibutton>Next</guibutton>.
</para>
</listitem>
<listitem>
<para>
Selecting a menu item is indicated as:
<menuchoice>
<guimenu>Start</guimenu>
<guimenuitem>Control Panel</guimenuitem>
<guimenuitem>Administrative Tools</guimenuitem>
<guimenuitem>Active Directory Users and Computers</guimenuitem>
</menuchoice>
</para>
</listitem>
</itemizedlist>
</sect1>

View File

@ -0,0 +1,836 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<appendix>
<title>
<acronym>GNU</acronym> General Public License version 3
</title>
<para>
Version 3, 29 June 2007
</para>
<para>
Copyright &copy; 2007 Free Software Foundation, Inc.
<ulink url="http://fsf.org/">http://fsf.org/</ulink>
</para>
<para>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
</para>
<bridgehead renderas="sect1">
Preamble
</bridgehead>
<para>
The <acronym>GNU</acronym> General Public License is a free, copyleft
license for software and other kinds of works.
</para>
<para>
The licenses for most software and other practical works are designed to
take away your freedom to share and change the works. By contrast, the
<acronym>GNU</acronym> General Public License is intended to guarantee your
freedom to share and change all versions of a program&mdash;to make sure it
remains free software for all its users. We, the Free Software Foundation,
use the <acronym>GNU</acronym> General Public License for most of our
software; it applies also to any other work released this way by its
authors. You can apply it to your programs, too.
</para>
<para>
When we speak of free software, we are referring to freedom, not price. Our
General Public Licenses are designed to make sure that you have the freedom
to distribute copies of free software (and charge for them if you wish),
that you receive source code or can get it if you want it, that you can
change the software or use pieces of it in new free programs, and that you
know you can do these things.
</para>
<para>
To protect your rights, we need to prevent others from denying you these
rights or asking you to surrender the rights. Therefore, you have certain
responsibilities if you distribute copies of the software, or if you modify
it: responsibilities to respect the freedom of others.
</para>
<para>
For example, if you distribute copies of such a program, whether gratis or
for a fee, you must pass on to the recipients the same freedoms that you
received. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
</para>
<para>
Developers that use the <acronym>GNU</acronym> <acronym>GPL</acronym>
protect your rights with two steps: (1) assert copyright on the software,
and (2) offer you this License giving you legal permission to copy,
distribute and/or modify it.
</para>
<para>
For the developers&rsquo; and authors&rsquo; protection, the
<acronym>GPL</acronym> clearly explains that there is no warranty for this
free software. For both users&rsquo; and authors&rsquo; sake, the
<acronym>GPL</acronym> requires that modified versions be marked as changed,
so that their problems will not be attributed erroneously to authors of
previous versions.
</para>
<para>
Some devices are designed to deny users access to install or run modified
versions of the software inside them, although the manufacturer can do so.
This is fundamentally incompatible with the aim of protecting users&rsquo;
freedom to change the software. The systematic pattern of such abuse occurs
in the area of products for individuals to use, which is precisely where it
is most unacceptable. Therefore, we have designed this version of the
<acronym>GPL</acronym> to prohibit the practice for those products. If such
problems arise substantially in other domains, we stand ready to extend this
provision to those domains in future versions of the <acronym>GPL</acronym>,
as needed to protect the freedom of users.
</para>
<para>
Finally, every program is threatened constantly by software patents. States
should not allow patents to restrict development and use of software on
general-purpose computers, but in those that do, we wish to avoid the
special danger that patents applied to a free program could make it
effectively proprietary. To prevent this, the <acronym>GPL</acronym>
assures that patents cannot be used to render the program non-free.
</para>
<para>
The precise terms and conditions for copying, distribution and modification
follow.
</para>
<bridgehead>
TERMS AND CONDITIONS
</bridgehead>
<bridgehead renderas="sect1">
0. Definitions.
</bridgehead>
<para>
&ldquo;This License&rdquo; refers to version 3 of the <acronym>GNU</acronym>
General Public License.
</para>
<para>
&ldquo;Copyright&rdquo; also means copyright-like laws that apply to other
kinds of works, such as semiconductor masks.
</para>
<para>
&ldquo;The Program&rdquo; refers to any copyrightable work licensed under
this License. Each licensee is addressed as &ldquo;you&rdquo;.
&ldquo;Licensees&rdquo; and &ldquo;recipients&rdquo; may be individuals or
organizations.
</para>
<para>
To &ldquo;modify&rdquo; a work means to copy from or adapt all or part of
the work in a fashion requiring copyright permission, other than the making
of an exact copy. The resulting work is called a &ldquo;modified
version&rdquo; of the earlier work or a work &ldquo;based on&rdquo; the
earlier work.
</para>
<para>
A &ldquo;covered work&rdquo; means either the unmodified Program or a work
based on the Program.
</para>
<para>
To &ldquo;propagate&rdquo; a work means to do anything with it that, without
permission, would make you directly or secondarily liable for infringement
under applicable copyright law, except executing it on a computer or
modifying a private copy. Propagation includes copying, distribution (with
or without modification), making available to the public, and in some
countries other activities as well.
</para>
<para>
To &ldquo;convey&rdquo; a work means any kind of propagation that enables
other parties to make or receive copies. Mere interaction with a user
through a computer network, with no transfer of a copy, is not conveying.
</para>
<para>
An interactive user interface displays &ldquo;Appropriate Legal
Notices&rdquo; to the extent that it includes a convenient and prominently
visible feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the extent
that warranties are provided), that licensees may convey the work under this
License, and how to view a copy of this License. If the interface presents
a list of user commands or options, such as a menu, a prominent item in the
list meets this criterion.
</para>
<bridgehead renderas="sect1">
1. Source Code.
</bridgehead>
<para>
The &ldquo;source code&rdquo; for a work means the preferred form of the
work for making modifications to it. &ldquo;Object code&rdquo; means any
non-source form of a work.
</para>
<para>
A &ldquo;Standard Interface&rdquo; means an interface that either is an
official standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that is
widely used among developers working in that language.
</para>
<para>
The &ldquo;System Libraries&rdquo; of an executable work include anything,
other than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major Component,
and (b) serves only to enable use of the work with that Major Component, or
to implement a Standard Interface for which an implementation is available
to the public in source code form. A &ldquo;Major Component&rdquo;, in this
context, means a major essential component (kernel, window system, and so
on) of the specific operating system (if any) on which the executable work
runs, or a compiler used to produce the work, or an object code interpreter
used to run it.
</para>
<para>
The &ldquo;Corresponding Source&rdquo; for a work in object code form means
all the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work&rsquo;s
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but which
are not part of the work. For example, Corresponding Source includes
interface definition files associated with source files for the work, and
the source code for shared libraries and dynamically linked subprograms that
the work is specifically designed to require, such as by intimate data
communication or control flow between those subprograms and other parts of
the work.
</para>
<para>
The Corresponding Source need not include anything that users can regenerate
automatically from other parts of the Corresponding Source.
</para>
<para>
The Corresponding Source for a work in source code form is that same work.
</para>
<bridgehead renderas="sect1">
2. Basic Permissions.
</bridgehead>
<para>
All rights granted under this License are granted for the term of copyright
on the Program, and are irrevocable provided the stated conditions are met.
This License explicitly affirms your unlimited permission to run the
unmodified Program. The output from running a covered work is covered by
this License only if the output, given its content, constitutes a covered
work. This License acknowledges your rights of fair use or other
equivalent, as provided by copyright law.
</para>
<para>
You may make, run and propagate covered works that you do not convey,
without conditions so long as your license otherwise remains in force. You
may convey covered works to others for the sole purpose of having them make
modifications exclusively for you, or provide you with facilities for
running those works, provided that you comply with the terms of this License
in conveying all material for which you do not control copyright. Those
thus making or running the covered works for you must do so exclusively on
your behalf, under your direction and control, on terms that prohibit them
from making any copies of your copyrighted material outside their
relationship with you.
</para>
<para>
Conveying under any other circumstances is permitted solely under the
conditions stated below. Sublicensing is not allowed; section 10 makes it
unnecessary.
</para>
<bridgehead renderas="sect1">
3. Protecting Users&rsquo; Legal Rights From Anti-Circumvention Law.
</bridgehead>
<para>
No covered work shall be deemed part of an effective technological measure
under any applicable law fulfilling obligations under article 11 of the WIPO
copyright treaty adopted on 20 December 1996, or similar laws prohibiting or
restricting circumvention of such measures.
</para>
<para>
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention is
effected by exercising rights under this License with respect to the covered
work, and you disclaim any intention to limit operation or modification of
the work as a means of enforcing, against the work&rsquo;s users, your or
third parties&rsquo; legal rights to forbid circumvention of technological
measures.
</para>
<bridgehead renderas="sect1">
4. Conveying Verbatim Copies.
</bridgehead>
<para>
You may convey verbatim copies of the Program&rsquo;s source code as you
receive it, in any medium, provided that you conspicuously and appropriately
publish on each copy an appropriate copyright notice; keep intact all
notices stating that this License and any non-permissive terms added in
accord with section 7 apply to the code; keep intact all notices of the
absence of any warranty; and give all recipients a copy of this License
along with the Program.
</para>
<para>
You may charge any price or no price for each copy that you convey, and you
may offer support or warranty protection for a fee.
</para>
<bridgehead renderas="sect1">
5. Conveying Modified Source Versions.
</bridgehead>
<para>
You may convey a work based on the Program, or the modifications to produce
it from the Program, in the form of source code under the terms of section
4, provided that you also meet all of these conditions:
</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>
The work must carry prominent notices stating that you modified it, and
giving a relevant date.
</para>
</listitem>
<listitem>
<para>
The work must carry prominent notices stating that it is released under
this License and any conditions added under section 7. This requirement
modifies the requirement in section 4 to &ldquo;keep intact all
notices&rdquo;.
</para>
</listitem>
<listitem>
<para>
You must license the entire work, as a whole, under this License to
anyone who comes into possession of a copy. This License will therefore
apply, along with any applicable section 7 additional terms, to the
whole of the work, and all its parts, regardless of how they are
packaged. This License gives no permission to license the work in any
other way, but it does not invalidate such permission if you have
separately received it.
</para>
</listitem>
<listitem>
<para>
If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your work need
not make them do so.
</para>
</listitem>
</orderedlist>
<para>
A compilation of a covered work with other separate and independent works,
which are not by their nature extensions of the covered work, and which are
not combined with it such as to form a larger program, in or on a volume of
a storage or distribution medium, is called an &ldquo;aggregate&rdquo; if
the compilation and its resulting copyright are not used to limit the access
or legal rights of the compilation&rsquo;s users beyond what the individual works
permit. Inclusion of a covered work in an aggregate does not cause
this License to apply to the other parts of the aggregate.
</para>
<bridgehead renderas="sect1">
6. Conveying Non-Source Forms.
</bridgehead>
<para>
You may convey a covered work in object code form under the terms of
sections 4 and 5, provided that you also convey the machine-readable
Corresponding Source under the terms of this License, in one of these ways:
</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>
Convey the object code in, or embodied in, a physical product (including
a physical distribution medium), accompanied by the Corresponding Source
fixed on a durable physical medium customarily used for software
interchange.
</para>
</listitem>
<listitem>
<para>
Convey the object code in, or embodied in, a physical product (including
a physical distribution medium), accompanied by a written offer, valid
for at least three years and valid for as long as you offer spare parts
or customer support for that product model, to give anyone who possesses
the object code either (1) a copy of the Corresponding Source for all
the software in the product that is covered by this License, on a
durable physical medium customarily used for software interchange, for a
price no more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the Corresponding Source from
a network server at no charge.
</para>
</listitem>
<listitem>
<para>
Convey individual copies of the object code with a copy of the written
offer to provide the Corresponding Source. This alternative is allowed
only occasionally and noncommercially, and only if you received the
object code with such an offer, in accord with subsection 6b.
</para>
</listitem>
<listitem>
<para>
Convey the object code by offering access from a designated place
(gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to copy
the object code is a network server, the Corresponding Source may be on
a different server (operated by you or a third party) that supports
equivalent copying facilities, provided you maintain clear directions
next to the object code saying where to find the Corresponding Source.
Regardless of what server hosts the Corresponding Source, you remain
obligated to ensure that it is available for as long as needed to
satisfy these requirements.
</para>
</listitem>
<listitem>
<para>
Convey the object code using peer-to-peer transmission, provided you
inform other peers where the object code and Corresponding Source of the
work are being offered to the general public at no charge under
subsection 6d.
</para>
</listitem>
</orderedlist>
<para>
A separable portion of the object code, whose source code is excluded from
the Corresponding Source as a System Library, need not be included in
conveying the object code work.
</para>
<para>
A &ldquo;User Product&rdquo; is either (1) a &ldquo;consumer product&rdquo;,
which means any tangible personal property which is normally used for
personal, family, or household purposes, or (2) anything designed or sold
for incorporation into a dwelling. In determining whether a product is a
consumer product, doubtful cases shall be resolved in favor of coverage.
For a particular product received by a particular user, &ldquo;normally
used&rdquo; refers to a typical or common use of that class of product,
regardless of the status of the particular user or of the way in which the
particular user actually uses, or expects or is expected to use, the
product. A product is a consumer product regardless of whether the product
has substantial commercial, industrial or non-consumer uses, unless such
uses represent the only significant mode of use of the product.
</para>
<para>
&ldquo;Installation Information&rdquo; for a User Product means any methods,
procedures, authorization keys, or other information required to install and
execute modified versions of a covered work in that User Product from a
modified version of its Corresponding Source. The information must suffice
to ensure that the continued functioning of the modified object code is in
no case prevented or interfered with solely because modification has been
made.
</para>
<para>
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as part of
a transaction in which the right of possession and use of the User Product
is transferred to the recipient in perpetuity or for a fixed term
(regardless of how the transaction is characterized), the Corresponding
Source conveyed under this section must be accompanied by the Installation
Information. But this requirement does not apply if neither you nor any
third party retains the ability to install modified object code on the User
Product (for example, the work has been installed in
<acronym>ROM</acronym>).
</para>
<para>
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates for
a work that has been modified or installed by the recipient, or for the User
Product in which it has been modified or installed. Access to a network may
be denied when the modification itself materially and adversely affects the
operation of the network or violates the rules and protocols for
communication across the network.
</para>
<para>
Corresponding Source conveyed, and Installation Information provided, in
accord with this section must be in a format that is publicly documented
(and with an implementation available to the public in source code form),
and must require no special password or key for unpacking, reading or
copying.
</para>
<bridgehead renderas="sect1">
7. Additional Terms.
</bridgehead>
<para>
&ldquo;Additional permissions&rdquo; are terms that supplement the terms of
this License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall be
treated as though they were included in this License, to the extent that
they are valid under applicable law. If additional permissions apply only
to part of the Program, that part may be used separately under those
permissions, but the entire Program remains governed by this License
without regard to the additional permissions.
</para>
<para>
When you convey a copy of a covered work, you may at your option remove any
additional permissions from that copy, or from any part of it. (Additional
permissions may be written to require their own removal in certain cases
when you modify the work.) You may place additional permissions on
material, added by you to a covered work, for which you have or can give
appropriate copyright permission.
</para>
<para>
Notwithstanding any other provision of this License, for material you add
to a covered work, you may (if authorized by the copyright holders of that
material) supplement the terms of this License with terms:
</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>
Disclaiming warranty or limiting liability differently from the terms
of sections 15 and 16 of this License; or
</para>
</listitem>
<listitem>
<para>
Requiring preservation of specified reasonable legal notices or author
attributions in that material or in the Appropriate Legal Notices
displayed by works containing it; or
</para>
</listitem>
<listitem>
<para>
Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
</para>
</listitem>
<listitem>
<para>
Limiting the use for publicity purposes of names of licensors or
authors of the material; or
</para>
</listitem>
<listitem>
<para>
Declining to grant rights under trademark law for use of some trade
names, trademarks, or service marks; or
</para>
</listitem>
<listitem>
<para>
Requiring indemnification of licensors and authors of that material by
anyone who conveys the material (or modified versions of it) with
contractual assumptions of liability to the recipient, for any
liability that these contractual assumptions directly impose on those
licensors and authors.
</para>
</listitem>
</orderedlist>
<para>
All other non-permissive additional terms are considered &ldquo;further
restrictions&rdquo; within the meaning of section 10. If the Program as
you received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further restriction,
you may remove that term. If a license document contains a further
restriction but permits relicensing or conveying under this License, you
may add to a covered work material governed by the terms of that license
document, provided that the further restriction does not survive such
relicensing or conveying.
</para>
<para>
If you add terms to a covered work in accord with this section, you must
place, in the relevant source files, a statement of the additional terms
that apply to those files, or a notice indicating where to find the
applicable terms.
</para>
<para>
Additional terms, permissive or non-permissive, may be stated in the form
of a separately written license, or stated as exceptions; the above
requirements apply either way.
</para>
<bridgehead renderas="sect1">
8. Termination.
</bridgehead>
<para>
You may not propagate or modify a covered work except as expressly provided
under this License. Any attempt otherwise to propagate or modify it is
void, and will automatically terminate your rights under this License
(including any patent licenses granted under the third paragraph of section
11).
</para>
<para>
However, if you cease all violation of this License, then your license from
a particular copyright holder is reinstated (a) provisionally, unless and
until the copyright holder explicitly and finally terminates your license,
and (b) permanently, if the copyright holder fails to notify you of the
violation by some reasonable means prior to 60 days after the cessation.
</para>
<para>
Moreover, your license from a particular copyright holder is reinstated
permanently if the copyright holder notifies you of the violation by some
reasonable means, this is the first time you have received notice of
violation of this License (for any work) from that copyright holder, and
you cure the violation prior to 30 days after your receipt of the notice.
</para>
<para>
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under this
License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
</para>
<bridgehead renderas="sect1">
9. Acceptance Not Required for Having Copies.
</bridgehead>
<para>
You are not required to accept this License in order to receive or run a
copy of the Program. Ancillary propagation of a covered work occurring
solely as a consequence of using peer-to-peer transmission to receive a
copy likewise does not require acceptance. However, nothing other than
this License grants you permission to propagate or modify any covered work.
These actions infringe copyright if you do not accept this License.
Therefore, by modifying or propagating a covered work, you indicate your
acceptance of this License to do so.
</para>
<bridgehead renderas="sect1">
10. Automatic Licensing of Downstream Recipients.
</bridgehead>
<para>
Each time you convey a covered work, the recipient automatically receives a
license from the original licensors, to run, modify and propagate that
work, subject to this License. You are not responsible for enforcing
compliance by third parties with this License.
</para>
<para>
An &ldquo;entity transaction&rdquo; is a transaction transferring control
of an organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered work
results from an entity transaction, each party to that transaction who
receives a copy of the work also receives whatever licenses to the work the
party&rsquo;s predecessor in interest had or could give under the previous
paragraph, plus a right to possession of the Corresponding Source of the
work from the predecessor in interest, if the predecessor has it or can get
it with reasonable efforts.
</para>
<para>
You may not impose any further restrictions on the exercise of the rights
granted or affirmed under this License. For example, you may not impose a
license fee, royalty, or other charge for exercise of rights granted under
this License, and you may not initiate litigation (including a cross-claim
or counterclaim in a lawsuit) alleging that any patent claim is infringed
by making, using, selling, offering for sale, or importing the Program or
any portion of it.
</para>
<bridgehead renderas="sect1">
11. Patents.
</bridgehead>
<para>
A &ldquo;contributor&rdquo; is a copyright holder who authorizes use under
this License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor&rsquo;s &ldquo;contributor
version&rdquo;.
</para>
<para>
A contributor&rsquo;s &ldquo;essential patent claims&rdquo; are all patent
claims owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted by
this License, of making, using, or selling its contributor version, but do
not include claims that would be infringed only as a consequence of further
modification of the contributor version. For purposes of this definition,
&ldquo;control&rdquo; includes the right to grant patent sublicenses in a
manner consistent with the requirements of this License.
</para>
<para>
Each contributor grants you a non-exclusive, worldwide, royalty-free patent
license under the contributor&rsquo;s essential patent claims, to make, use,
sell, offer for sale, import and otherwise run, modify and propagate the
contents of its contributor version.
</para>
<para>
In the following three paragraphs, a &ldquo;patent license&rdquo; is any
express agreement or commitment, however denominated, not to enforce a
patent (such as an express permission to practice a patent or covenant not
to sue for patent infringement). To &ldquo;grant&rdquo; such a patent
license to a party means to make such an agreement or commitment not to
enforce a patent against the party.
</para>
<para>
If you convey a covered work, knowingly relying on a patent license, and the
Corresponding Source of the work is not available for anyone to copy, free
of charge and under the terms of this License, through a publicly available
network server or other readily accessible means, then you must either (1)
cause the Corresponding Source to be so available, or (2) arrange to deprive
yourself of the benefit of the patent license for this particular work, or
(3) arrange, in a manner consistent with the requirements of this License,
to extend the patent license to downstream recipients. &ldquo;Knowingly
relying&rdquo; means you have actual knowledge that, but for the patent
license, your conveying the covered work in a country, or your
recipient&rsquo;s use of the covered work in a country, would infringe one
or more identifiable patents in that country that you have reason to believe
are valid.
</para>
<para>
If, pursuant to or in connection with a single transaction or arrangement,
you convey, or propagate by procuring conveyance of, a covered work, and
grant a patent license to some of the parties receiving the covered work
authorizing them to use, propagate, modify or convey a specific copy of the
covered work, then the patent license you grant is automatically extended to
all recipients of the covered work and works based on it.
</para>
<para>
A patent license is &ldquo;discriminatory&rdquo; if it does not include
within the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered work
if you are a party to an arrangement with a third party that is in the
business of distributing software, under which you make payment to the third
party based on the extent of your activity of conveying the work, and under
which the third party grants, to any of the parties who would receive the
covered work from you, a discriminatory patent license (a) in connection
with copies of the covered work conveyed by you (or copies made from those
copies), or (b) primarily for and in connection with specific products or
compilations that contain the covered work, unless you entered into that
arrangement, or that patent license was granted, prior to 28 March 2007.
</para>
<para>
Nothing in this License shall be construed as excluding or limiting any
implied license or other defenses to infringement that may otherwise be
available to you under applicable patent law.
</para>
<bridgehead renderas="sect1">
12. No Surrender of Others&rsquo; Freedom.
</bridgehead>
<para>
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey the
Program, the only way you could satisfy both those terms and this License
would be to refrain entirely from conveying the Program.
</para>
<bridgehead renderas="sect1">
13. Use with the <acronym>GNU</acronym> Affero General Public License.
</bridgehead>
<para>
Notwithstanding any other provision of this License, you have permission to
link or combine any covered work with a work licensed under version 3 of the
<acronym>GNU</acronym> Affero General Public License into a single combined
work, and to convey the resulting work. The terms of this License will
continue to apply to the part which is the covered work, but the special
requirements of the <acronym>GNU</acronym> Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
</para>
<bridgehead renderas="sect1">
14. Revised Versions of this License.
</bridgehead>
<para>
The Free Software Foundation may publish revised and/or new versions of the
<acronym>GNU</acronym> General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may differ in
detail to address new problems or concerns.
</para>
<para>
Each version is given a distinguishing version number. If the Program
specifies that a certain numbered version of the <acronym>GNU</acronym>
General Public License &ldquo;or any later version&rdquo; applies to it, you
have the option of following the terms and conditions either of that
numbered version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
<acronym>GNU</acronym> General Public License, you may choose any version
ever published by the Free Software Foundation.
</para>
<para>
If the Program specifies that a proxy can decide which future versions of
the <acronym>GNU</acronym> General Public License can be used, that
proxy&rsquo;s public statement of acceptance of a version permanently
authorizes you to choose that version for the Program.
</para>
<para>
Later license versions may give you additional or different permissions.
However, no additional obligations are imposed on any author or copyright
holder as a result of your choosing to follow a later version.
</para>
<bridgehead renderas="sect1">
15. Disclaimer of Warranty.
</bridgehead>
<para>
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE PROGRAM &ldquo;AS IS&rdquo; WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH
YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
NECESSARY SERVICING, REPAIR OR CORRECTION.
</para>
<bridgehead renderas="sect1">
16. Limitation of Liability.
</bridgehead>
<para>
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE
OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA
OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
</para>
<bridgehead renderas="sect1">
17. Interpretation of Sections 15 and 16.
</bridgehead>
<para>
If the disclaimer of warranty and limitation of liability provided above
cannot be given local legal effect according to their terms, reviewing
courts shall apply local law that most closely approximates an absolute
waiver of all civil liability in connection with the Program, unless a
warranty or assumption of liability accompanies a copy of the Program in
return for a fee.
</para>
<bridgehead>
END OF TERMS AND CONDITIONS
</bridgehead>
<bridgehead renderas="sect1">
How to Apply These Terms to Your New Programs
</bridgehead>
<para>
If you develop a new program, and you want it to be of the greatest possible
use to the public, the best way to achieve this is to make it free software
which everyone can redistribute and change under these terms.
</para>
<para>
To do so, attach the following notices to the program. It is safest to
attach them to the start of each source file to most effectively state the
exclusion of warranty; and each file should have at least the
&ldquo;copyright&rdquo; line and a pointer to where the full notice is
found.
</para>
<screen>
<replaceable>one line to give the program&rsquo;s name and a brief idea of what it does.</replaceable>
Copyright (C) <replaceable>year</replaceable> <replaceable>name of author</replaceable>
This program is free software: you can redistribute it and/or modify
it under the terms of the <acronym>GNU</acronym> General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
<acronym>GNU</acronym> General Public License for more details.
You should have received a copy of the <acronym>GNU</acronym> General Public License
along with this program. If not, see <ulink url="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</ulink>.
</screen>
<para>
Also add information on how to contact you by electronic and paper mail.
</para>
<para>
If the program does terminal interaction, make it output a short notice like
this when it starts in an interactive mode:
</para>
<screen>
<replaceable>program</replaceable> Copyright (C) <replaceable>year</replaceable> <replaceable>name of author</replaceable>
This program comes with ABSOLUTELY NO WARRANTY; for details type &lsquo;<literal>show w</literal>&rsquo;.
This is free software, and you are welcome to redistribute it
under certain conditions; type &lsquo;<literal>show c</literal>&rsquo; for details.
</screen>
<para>
The hypothetical commands &lsquo;<literal>show w</literal>&rsquo; and
&lsquo;<literal>show c</literal>&rsquo; should show the appropriate parts of
the General Public License. Of course, your program&rsquo;s commands might be
different; for a GUI interface, you would use an &ldquo;about box&rdquo;.
</para>
<para>
You should also get your employer (if you work as a programmer) or school,
if any, to sign a &ldquo;copyright disclaimer&rdquo; for the program, if
necessary. For more information on this, and how to apply and follow the
<acronym>GNU</acronym> <acronym>GPL</acronym>, see <ulink
url="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</ulink>.
</para>
<para>
The <acronym>GNU</acronym> General Public License does not permit
incorporating your program into proprietary programs. If your program is a
subroutine library, you may consider it more useful to permit linking
proprietary applications with the library. If this is what you want to do,
use the <acronym>GNU</acronym> Lesser General Public License instead of this
License. But first, please read <ulink
url="http://www.gnu.org/philosophy/why-not-lgpl.html">http://www.gnu.org/philosophy/why-not-lgpl.html</ulink>.
</para>
</appendix>

View File

@ -0,0 +1,425 @@
<?xml version="1.0"?>
<!DOCTYPE appendix PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<appendix>
<appendixinfo>
<title>GNU General Public License</title>
<pubdate>Version 2, June 1991</pubdate>
<copyright>
<year>1989, 1991</year>
<holder>Free Software Foundation, Inc.</holder>
</copyright>
<legalnotice>
<para>
<address>Free Software Foundation, Inc.
<street>59 Temple Place, Suite 330</street>,
<city>Boston</city>,
<state>MA</state>
<postcode>02111-1307</postcode>
<country>USA</country>
</address>.
</para>
<para> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
</para>
</legalnotice>
<releaseinfo> Version 2, June 1991</releaseinfo>
</appendixinfo>
<title>GNU General Public License</title>
<sect1>
<title>Preamble</title>
<para> The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public License is
intended to guarantee your freedom to share and change
free software - to make sure the software is free for all its users.
This General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit
to using it. (Some other Free Software Foundation software is covered
by the GNU Library General Public License instead.) You can apply it
to your programs, too.
</para>
<para> When we speak of free software, we are referring to freedom, not price.
Our General Public Licenses are designed to make sure that you have the
freedom to distribute copies of free software (and charge for this
service if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new free
programs; and that you know you can do these things.
</para>
<para> To protect your rights, we need to make restrictions that forbid anyone
to deny you these rights or to ask you to surrender the rights. These
restrictions translate to certain responsibilities for you if you distribute
copies of the software, or if you modify it.
</para>
<para> For example, if you distribute copies of such a program, whether gratis or
for a fee, you must give the recipients all the rights that you have. You
must make sure that they, too, receive or can get the source code. And you
must show them these terms so they know their rights.
</para>
<para> We protect your rights with two steps:
<orderedlist>
<listitem>
<para> copyright the software, and
</para>
</listitem>
<listitem>
<para> offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
</para>
</listitem>
</orderedlist>
</para>
<para> Also, for each author's protection and ours, we want to make certain that
everyone understands that there is no warranty for this free software. If
the software is modified by someone else and passed on, we want its
recipients to know that what they have is not the original, so that any
problems introduced by others will not reflect on the original authors'
reputations.
</para>
<para> Finally, any free program is threatened constantly by software patents.
We wish to avoid the danger that redistributors of a free program will
individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent must be
licensed for everyone's free use or not licensed at all.
</para>
<para> The precise terms and conditions for copying, distribution and modification
follow.
</para>
</sect1>
<sect1>
<title>TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION</title>
<sect2>
<title>Section 0</title>
<para> This License applies to any program or other work which contains a notice
placed by the copyright holder saying it may be distributed under the terms
of this General Public License. The "Program", below, refers to any such
program or work, and a
<quote>work based on the Program
</quote> means either
the Program or any derivative work under copyright law: that is to say, a
work containing the Program or a portion of it, either verbatim or with
modifications and/or translated into another language. (Hereinafter, translation
is included without limitation in the term
<quote>modification
</quote>.) Each licensee is addressed as <quote>you</quote>.
</para>
<para> Activities other than copying, distribution and modification are not covered by
this License; they are outside its scope. The act of running the Program is not
restricted, and the output from the Program is covered only if its contents
constitute a work based on the Program (independent of having been made by running
the Program). Whether that is true depends on what the Program does.
</para>
</sect2>
<sect2 id="sect1">
<title>Section 1</title>
<para> You may copy and distribute verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and appropriately
publish on each copy an appropriate copyright notice and disclaimer of warranty;
keep intact all the notices that refer to this License and to the absence of any
warranty; and give any other recipients of the Program a copy of this License
along with the Program.
</para>
<para> You may charge a fee for the physical act of transferring a copy, and you may at
your option offer warranty protection in exchange for a fee.
</para>
</sect2>
<sect2 id="sect2">
<title>Section 2</title>
<para> You may modify your copy or copies of the Program or any portion of it, thus
forming a work based on the Program, and copy and distribute such modifications
or work under the terms of
<link linkend="sect1">Section 1
</link> above, provided
that you also meet all of these conditions:
<orderedlist>
<listitem>
<para> You must cause the modified files to carry prominent notices stating that
you changed the files and the date of any change.
</para>
</listitem>
<listitem>
<para> You must cause any work that you distribute or publish, that in whole or
in part contains or is derived from the Program or any part thereof, to be
licensed as a whole at no charge to all third parties under the terms of
this License.
</para>
</listitem>
<listitem>
<para> If the modified program normally reads commands interactively when run, you
must cause it, when started running for such interactive use in the most
ordinary way, to print or display an announcement including an appropriate
copyright notice and a notice that there is no warranty (or else, saying
that you provide a warranty) and that users may redistribute the program
under these conditions, and telling the user how to view a copy of this
License.
<note>
<title>Exception:
</title>
<para> If the Program itself is interactive but does not normally print such an
announcement, your work based on the Program is not required to print an
announcement.)
</para>
</note>
</para>
</listitem>
</orderedlist>
</para>
<para> These requirements apply to the modified work as a whole. If identifiable sections
of that work are not derived from the Program, and can be reasonably considered
independent and separate works in themselves, then this License, and its terms,
do not apply to those sections when you distribute them as separate works. But when
you distribute the same sections as part of a whole which is a work based on the
Program, the distribution of the whole must be on the terms of this License, whose
permissions for other licensees extend to the entire whole, and thus to each and
every part regardless of who wrote it.
</para>
<para> Thus, it is not the intent of this section to claim rights or contest your rights
to work written entirely by you; rather, the intent is to exercise the right to control
the distribution of derivative or collective works based on the Program.
</para>
<para> In addition, mere aggregation of another work not based on the Program with the Program
(or with a work based on the Program) on a volume of a storage or distribution medium
does not bring the other work under the scope of this License.
</para>
</sect2>
<sect2>
<title>Section 3
</title>
<para> You may copy and distribute the Program (or a work based on it, under
<link linkend="sect2">Section 2
</link> in object code or executable form under the terms of
<link linkend="sect1">Sections 1
</link> and
<link linkend="sect2">2
</link> above provided that you also do one of the following:
<orderedlist>
<listitem>
<para> Accompany it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
</para>
</listitem>
<listitem>
<para> Accompany it with a written offer, valid for at least three years, to give any
third party, for a charge no more than your cost of physically performing source
distribution, a complete machine-readable copy of the corresponding source code,
to be distributed under the terms of Sections 1 and 2 above on a medium customarily
used for software interchange; or,
</para>
</listitem>
<listitem>
<para> Accompany it with the information you received as to the offer to distribute
corresponding source code. (This alternative is allowed only for noncommercial
distribution and only if you received the program in object code or executable form
with such an offer, in accord with Subsection b above.)
</para>
</listitem>
</orderedlist>
</para>
<para> The source code for a work means the preferred form of the work for making modifications
to it. For an executable work, complete source code means all the source code for all modules
it contains, plus any associated interface definition files, plus the scripts used to control
compilation and installation of the executable. However, as a special exception, the source
code distributed need not include anything that is normally distributed (in either source or
binary form) with the major components (compiler, kernel, and so on) of the operating system
on which the executable runs, unless that component itself accompanies the executable.
</para>
<para> If distribution of executable or object code is made by offering access to copy from a
designated place, then offering equivalent access to copy the source code from the same place
counts as distribution of the source code, even though third parties are not compelled to
copy the source along with the object code.
</para>
</sect2>
<sect2>
<title>Section 4
</title>
<para> You may not copy, modify, sublicense, or distribute the Program except as expressly provided
under this License. Any attempt otherwise to copy, modify, sublicense or distribute the
Program is void, and will automatically terminate your rights under this License. However,
parties who have received copies, or rights, from you under this License will not have their
licenses terminated so long as such parties remain in full compliance.
</para>
</sect2>
<sect2>
<title>Section 5
</title>
<para> You are not required to accept this License, since you have not signed it. However, nothing
else grants you permission to modify or distribute the Program or its derivative works.
These actions are prohibited by law if you do not accept this License. Therefore, by modifying
or distributing the Program (or any work based on the Program), you indicate your acceptance
of this License to do so, and all its terms and conditions for copying, distributing or
modifying the Program or works based on it.
</para>
</sect2>
<sect2>
<title>Section 6
</title>
<para> Each time you redistribute the Program (or any work based on the Program), the recipient
automatically receives a license from the original licensor to copy, distribute or modify
the Program subject to these terms and conditions. You may not impose any further restrictions
on the recipients' exercise of the rights granted herein. You are not responsible for enforcing
compliance by third parties to this License.
</para>
</sect2>
<sect2>
<title>Section 7
</title>
<para> If, as a consequence of a court judgment or allegation of patent infringement or for any other
reason (not limited to patent issues), conditions are imposed on you (whether by court order,
agreement or otherwise) that contradict the conditions of this License, they do not excuse you
from the conditions of this License. If you cannot distribute so as to satisfy simultaneously
your obligations under this License and any other pertinent obligations, then as a consequence
you may not distribute the Program at all. For example, if a patent license would not permit
royalty-free redistribution of the Program by all those who receive copies directly or
indirectly through you, then the only way you could satisfy both it and this License would be
to refrain entirely from distribution of the Program.
</para>
<para> If any portion of this section is held invalid or unenforceable under any particular circumstance,
the balance of the section is intended to apply and the section as a whole is intended to apply
in other circumstances.
</para>
<para> It is not the purpose of this section to induce you to infringe any patents or other property
right claims or to contest validity of any such claims; this section has the sole purpose of
protecting the integrity of the free software distribution system, which is implemented by public
license practices. Many people have made generous contributions to the wide range of software
distributed through that system in reliance on consistent application of that system; it is up
to the author/donor to decide if he or she is willing to distribute software through any other
system and a licensee cannot impose that choice.
</para>
<para> This section is intended to make thoroughly clear what is believed to be a consequence of the
rest of this License.
</para>
</sect2>
<sect2>
<title>Section 8
</title>
<para> If the distribution and/or use of the Program is restricted in certain countries either by patents
or by copyrighted interfaces, the original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding those countries, so that
distribution is permitted only in or among countries not thus excluded. In such case, this License
incorporates the limitation as if written in the body of this License.
</para>
</sect2>
<sect2>
<title>Section 9
</title>
<para> The Free Software Foundation may publish revised and/or new versions of the General Public License
from time to time. Such new versions will be similar in spirit to the present version, but may differ
in detail to address new problems or concerns.
</para>
<para> Each version is given a distinguishing version number. If the Program specifies a version number of
this License which applies to it and "any later version", you have the option of following the terms
and conditions either of that version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of this License, you may choose any
version ever published by the Free Software Foundation.
</para>
</sect2>
<sect2>
<title>Section 10
</title>
<para> If you wish to incorporate parts of the Program into other free programs whose distribution
conditions are different, write to the author to ask for permission. For software which is copyrighted
by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions
for this. Our decision will be guided by the two goals of preserving the free status of all
derivatives of our free software and of promoting the sharing and reuse of software generally.
</para>
</sect2>
<sect2>
<title>NO WARRANTY Section 11
</title>
<para> BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT
PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
</para>
</sect2>
<sect2>
<title>Section 12
</title>
<para> IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR
ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH
ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
</para>
<para>END OF TERMS AND CONDITIONS
</para>
</sect2>
</sect1>
<sect1>
<title>How to Apply These Terms to Your New Programs
</title>
<para>
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
</para>
<para>
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
</para>
<para>
&lt;one line to give the program's name and a brief idea of what it does.&gt;
Copyright (C) &lt;year&gt; &lt;name of author&gt;
</para>
<para>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
</para>
<para>
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
</para>
<para>
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</para>
<para>
Also add information on how to contact you by electronic and paper mail.
</para>
<para>
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
</para>
<para>
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
</para>
<para>
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
</para>
<para>
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
</para>
<para>
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
</para>
<para>
&lt;signature of Ty Coon&gt;, 1 April 1989
Ty Coon, President of Vice
</para>
<para>
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.
</para>
</sect1>
</appendix>

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 37 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 28 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

View File

@ -0,0 +1,312 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
version="1.0"
width="22.440001cm"
height="13.923cm"
viewBox="2.2 5.38 24.64 19.302"
id="svg2">
<defs
id="defs95" />
<rect
width="7.625"
height="11.175"
x="9.3500004"
y="6.2750001"
id="rect4"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<line
x1="13.162"
y1="6.2750001"
x2="13.162"
y2="17.450001"
stroke="#000000"
stroke-width="0.100"
id="line6"
style="stroke:#000000;stroke-width:0.1" />
<line
x1="9.3500004"
y1="8.8500004"
x2="16.975"
y2="8.8500004"
stroke="#000000"
stroke-width="0.100"
id="line8"
style="stroke:#000000;stroke-width:0.1" />
<line
x1="9.3400002"
y1="11.68"
x2="16.975"
y2="11.725"
stroke="#000000"
stroke-width="0.100"
id="line10"
style="stroke:#000000;stroke-width:0.1" />
<line
x1="9.3149996"
y1="14.655"
x2="16.950001"
y2="14.65"
stroke="#000000"
stroke-width="0.100"
id="line12"
style="stroke:#000000;stroke-width:0.1" />
<text
x="10.404"
y="5.9749999"
id="text14"
style="font-size:1px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Posix</text>
<text
x="14.161"
y="5.9650002"
id="text16"
style="font-size:1px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
<text
x="10.277"
y="7.7399998"
id="text18"
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">People</text>
<text
x="14.52"
y="7.375"
id="text20"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">User</text>
<text
x="14.043"
y="8.1750002"
id="text22"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Accounts</text>
<text
x="10.328"
y="16.25"
id="text24"
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">uid/gids</text>
<text
x="14.086"
y="13.125"
id="text26"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Windows</text>
<text
x="14.27"
y="13.925"
id="text28"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Groups</text>
<text
x="10.306"
y="13.334"
id="text30"
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Groups</text>
<text
x="10.285"
y="10.459"
id="text32"
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">People</text>
<text
x="14.193"
y="9.7340002"
id="text34"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Domain</text>
<text
x="14.138"
y="10.534"
id="text36"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Member</text>
<text
x="13.99"
y="11.334"
id="text38"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Machines</text>
<text
x="14.257"
y="16.284"
id="text40"
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">SIDs</text>
<rect
width="4.3499999"
height="1.625"
x="2.25"
y="9.4499998"
id="rect42"
style="fill:#c6c6c6;stroke:none;stroke-width:0" />
<rect
width="4.3499999"
height="1.625"
x="2.25"
y="9.4499998"
id="rect44"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<line
x1="9.3500004"
y1="6.2750001"
x2="6.5999999"
y2="9.4499998"
stroke="#000000"
stroke-width="0.050"
stroke-dasharray="0.10,0.10"
id="line46"
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
<line
x1="6.5999999"
y1="11.075"
x2="9.3249998"
y2="14.65"
stroke="#000000"
stroke-width="0.050"
stroke-dasharray="0.10,0.10"
id="line48"
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
<text
x="3.313"
y="10.5"
id="text50"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NSS_LDAP</text>
<rect
width="5.0999999"
height="1.625"
x="2.2750001"
y="15.225"
id="rect52"
style="fill:#b9b9b9;stroke:none;stroke-width:0" />
<rect
width="5.0999999"
height="1.625"
x="2.2750001"
y="15.225"
id="rect54"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="3.415"
y="16.247"
id="text56"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Winbind (NSS)</text>
<line
x1="9.3500004"
y1="14.725"
x2="7.375"
y2="15.225"
stroke="#000000"
stroke-width="0.050"
stroke-dasharray="0.10,0.10"
id="line58"
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
<line
x1="7.375"
y1="16.85"
x2="9.3500004"
y2="17.450001"
stroke="#000000"
stroke-width="0.050"
stroke-dasharray="0.10,0.10"
id="line60"
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
<rect
width="5.25"
height="2.2249999"
x="19.325001"
y="9.1499996"
id="rect62"
style="fill:#adadad;stroke:none;stroke-width:0" />
<rect
width="5.25"
height="2.2249999"
x="19.325001"
y="9.1499996"
id="rect64"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="20.535"
y="10.522"
id="text66"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">smbd + winbind</text>
<line
x1="16.975"
y1="6.2750001"
x2="19.325001"
y2="9.1499996"
stroke="#000000"
stroke-width="0.050"
stroke-dasharray="0.10,0.10"
id="line68"
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
<line
x1="19.325001"
y1="11.375"
x2="16.975"
y2="14.675"
stroke="#000000"
stroke-width="0.050"
stroke-dasharray="0.10,0.10"
id="line70"
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
<rect
width="5.25"
height="2.1300001"
x="19.34"
y="14.925"
id="rect72"
style="fill:#adadad;stroke:none;stroke-width:0" />
<rect
width="5.25"
height="2.1300001"
x="19.34"
y="14.925"
id="rect74"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="21.211"
y="15.875"
id="text76"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">winbind</text>
<text
x="21.121"
y="16.575001"
id="text78"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">(IDMAP)</text>
<line
x1="19.34"
y1="14.925"
x2="16.975"
y2="14.6"
stroke="#000000"
stroke-width="0.050"
stroke-dasharray="0.10,0.10"
id="line80"
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
<line
x1="19.34"
y1="17.055"
x2="17.049999"
y2="17.375"
stroke="#000000"
stroke-width="0.050"
stroke-dasharray="0.10,0.10"
id="line82"
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
<text
x="3.2219999"
y="6.375"
id="text84"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">UNIX Interface</text>
<text
x="3.8310001"
y="7.0749998"
id="text86"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">to LDAP</text>
<text
x="20.378"
y="6.3000002"
id="text88"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba Interface</text>
<text
x="21.156"
y="7"
id="text90"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">to LDAP</text>
<text
x="11.024"
y="18.74"
id="text92"
style="font-size:1px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP Database</text>
</svg>

After

Width:  |  Height:  |  Size: 9.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 30 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 56 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 50 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.3 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 23 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 50 KiB

View File

@ -0,0 +1,143 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
version="1.0"
width="14.175cm"
height="7.1500001cm"
viewBox="4.175 2.15 18.35 9.3"
id="svg2">
<defs
id="defs47" />
<rect
width="4.2249999"
height="1.825"
x="4.2249999"
y="4.4749999"
id="rect4"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="4.2249999"
height="1.825"
x="4.2249999"
y="4.4749999"
id="rect6"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="6.1750002"
height="2.825"
x="12.1"
y="2.2"
id="rect8"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="6.1750002"
height="2.825"
x="12.1"
y="2.2"
id="rect10"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="5.4169998"
y="5.5999999"
id="text12"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
<text
x="14.296"
y="3.0250001"
id="text14"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master</text>
<text
x="13.676"
y="3.825"
id="text16"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
<text
x="13.84"
y="4.625"
id="text18"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Directory A</text>
<line
x1="9"
y1="5.3790002"
x2="10.9"
y2="5.3499999"
stroke="#000000"
stroke-width="0.100"
id="line20"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="8.996,5.129 8.5,5.387 9.004,5.629 8.996,5.129 "
id="polygon22"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<rect
width="6.1750002"
height="2.605"
x="12.125"
y="6.52"
id="rect24"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="6.1750002"
height="2.605"
x="12.125"
y="6.52"
id="rect26"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="14.575"
y="7.25"
id="text28"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">slave</text>
<text
x="13.776"
y="8.0500002"
id="text30"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
<text
x="13.941"
y="8.8500004"
id="text32"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Directory B</text>
<line
x1="11.55"
y1="3.618"
x2="10.925"
y2="3.625"
stroke="#000000"
stroke-width="0.100"
id="line34"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="11.553,3.868 12.05,3.613 11.547,3.368 11.553,3.868 "
id="polygon36"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="10.95"
y1="3.575"
x2="10.925"
y2="7.8499999"
stroke="#000000"
stroke-width="0.100"
id="line38"
style="stroke:#000000;stroke-width:0.1" />
<line
x1="11.575"
y1="7.8239999"
x2="10.95"
y2="7.8249998"
stroke="#000000"
stroke-width="0.100"
id="line40"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="11.576,8.074 12.075,7.823 11.574,7.574 11.576,8.074 "
id="polygon42"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<text
x="14.331"
y="5.9749999"
id="text44"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">additive</text>
</svg>

After

Width:  |  Height:  |  Size: 4.0 KiB

View File

@ -0,0 +1,153 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
version="1.0"
width="13.05cm"
height="7.987cm"
viewBox="4.175 2.9 17.225 10.887"
id="svg2">
<defs
id="defs51" />
<rect
width="4.2249999"
height="1.825"
x="4.2249999"
y="4.4749999"
id="rect4"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="4.2249999"
height="1.825"
x="4.2249999"
y="4.4749999"
id="rect6"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="5.1750002"
height="1.9"
x="12"
y="2.95"
id="rect8"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="5.1750002"
height="1.9"
x="12"
y="2.95"
id="rect10"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="5.4169998"
y="5.5500002"
id="text12"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
<text
x="13.846"
y="3.7249999"
id="text14"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master</text>
<text
x="13.226"
y="4.5250001"
id="text16"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
<line
x1="9"
y1="5.3790002"
x2="10.9"
y2="5.3499999"
stroke="#000000"
stroke-width="0.100"
id="line18"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="8.996,5.129 8.5,5.387 9.004,5.629 8.996,5.129 "
id="polygon20"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<rect
width="5.1750002"
height="1.9"
x="11.998"
y="5.9450002"
id="rect22"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="5.1750002"
height="1.9"
x="11.998"
y="5.9450002"
id="rect24"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="14.15"
y="6.7249999"
id="text26"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">slave</text>
<text
x="13.351"
y="7.5250001"
id="text28"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
<line
x1="11.45"
y1="3.9119999"
x2="10.9"
y2="3.925"
stroke="#000000"
stroke-width="0.100"
id="line30"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="11.456,4.162 11.95,3.901 11.444,3.663 11.456,4.162 "
id="polygon32"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="10.925"
y1="3.925"
x2="10.95"
y2="6.9499998"
stroke="#000000"
stroke-width="0.100"
id="line34"
style="stroke:#000000;stroke-width:0.1" />
<line
x1="11.448"
y1="6.9099998"
x2="10.9"
y2="6.9250002"
stroke="#000000"
stroke-width="0.100"
id="line36"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="11.455,7.16 11.948,6.896 11.441,6.66 11.455,7.16 "
id="polygon38"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<text
x="13.659"
y="5.5749998"
id="text40"
style="font-size:0.5px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">additive</text>
<text
x="8.6809998"
y="8.75"
id="text42"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">The LDAP backend consists of a</text>
<text
x="7.9250002"
y="9.3500004"
id="text44"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master and a slave for the same database.</text>
<text
x="8.7819996"
y="9.9499998"
id="text46"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">This is a broken implementation</text>
<text
x="9.0249996"
y="10.55"
id="text48"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">- accounts will be duplicated.</text>
</svg>

After

Width:  |  Height:  |  Size: 4.4 KiB

View File

@ -0,0 +1,120 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
version="1.0"
width="13.098cm"
height="4.9000001cm"
viewBox="4.175 2.9 17.273 7.8"
id="svg2">
<defs
id="defs41" />
<rect
width="4.2249999"
height="1.825"
x="4.2249999"
y="4.4749999"
id="rect4"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="4.2249999"
height="1.825"
x="4.2249999"
y="4.4749999"
id="rect6"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="5.1750002"
height="1.9"
x="12"
y="2.95"
id="rect8"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="5.1750002"
height="1.9"
x="12"
y="2.95"
id="rect10"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="5.4169998"
y="5.5500002"
id="text12"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
<text
x="13.846"
y="3.7249999"
id="text14"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master</text>
<text
x="13.226"
y="4.5250001"
id="text16"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
<line
x1="8.9820004"
y1="4.875"
x2="11.518"
y2="3.813"
stroke="#000000"
stroke-width="0.100"
id="line18"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="8.886,4.644 8.521,5.068 9.079,5.106 8.886,4.644 "
id="polygon20"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="11.614,4.043 11.979,3.619 11.421,3.582 11.614,4.043 "
id="polygon22"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<rect
width="5.1750002"
height="1.9"
x="12.047"
y="5.7449999"
id="rect24"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="5.1750002"
height="1.9"
x="12.047"
y="5.7449999"
id="rect26"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="14.1"
y="6.5500002"
id="text28"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">slave</text>
<text
x="13.301"
y="7.3499999"
id="text30"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
<line
x1="8.993"
y1="5.8610001"
x2="11.43"
y2="6.7340002"
stroke="#000000"
stroke-width="0.100"
stroke-dasharray="0.10,0.10"
id="line32"
style="stroke:#000000;stroke-width:0.1;stroke-dasharray:0.1, 0.1" />
<polygon
points="9.077,5.625 8.522,5.692 8.908,6.096 9.077,5.625 "
id="polygon34"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="11.345,6.97 11.9,6.903 11.514,6.499 11.345,6.97 "
id="polygon36"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<text
x="10.245"
y="6"
id="text38"
style="font-size:0.5px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">fail-over</text>
</svg>

After

Width:  |  Height:  |  Size: 3.4 KiB

View File

@ -0,0 +1,73 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
version="1.0"
width="12.75cm"
height="2.075cm"
viewBox="4.175 4.425 16.925 6.5"
id="svg2">
<defs
id="defs25" />
<rect
width="4.2249999"
height="1.825"
x="4.2249999"
y="4.4749999"
id="rect4"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="4.2249999"
height="1.825"
x="4.2249999"
y="4.4749999"
id="rect6"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="5.1750002"
height="1.9"
x="11.7"
y="4.4749999"
id="rect8"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="5.1750002"
height="1.9"
x="11.7"
y="4.4749999"
id="rect10"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="5.4169998"
y="5.5500002"
id="text12"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
<text
x="13.621"
y="5.25"
id="text14"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master</text>
<text
x="13.001"
y="6.0500002"
id="text16"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
<line
x1="9"
y1="5.3899999"
x2="11.05"
y2="5.3979998"
stroke="#000000"
stroke-width="0.100"
id="line18"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="9.001,5.14 8.5,5.388 8.999,5.64 9.001,5.14 "
id="polygon20"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="11.049,5.648 11.55,5.4 11.051,5.148 11.049,5.648 "
id="polygon22"
style="fill:#000000;stroke:none;stroke-width:0.1" />
</svg>

After

Width:  |  Height:  |  Size: 2.0 KiB

View File

@ -0,0 +1,767 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
version="1.0"
width="16.389cm"
height="11.635cm"
viewBox="3.227 3.533 19.617 15.168"
id="svg2">
<defs
id="defs221" />
<polyline
fill="none"
stroke="#000000"
stroke-width="0.100"
points="4.746,10.964 4.746,12.225 18.667,12.225 18.667,11.050 "
id="polyline4"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2.0599999"
height="4.8070002"
x="3.648"
y="5.744"
id="rect6"
style="fill:#b3b3b3;stroke:none;stroke-width:0" />
<rect
width="2.0599999"
height="4.8070002"
x="3.648"
y="5.744"
id="rect8"
style="fill:none;stroke:#000000;stroke-width:0.08" />
<rect
width="1.648"
height="0.54900002"
x="3.8540001"
y="6.033"
id="rect10"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="1.648"
height="0.54900002"
x="3.8540001"
y="6.5819998"
id="rect12"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="1.648"
height="0.54900002"
x="3.8540001"
y="7.132"
id="rect14"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="1.648"
height="0.54900002"
x="3.8540001"
y="7.6810002"
id="rect16"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="1.03"
height="0.33000001"
x="3.8540001"
y="8.3400002"
id="rect18"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<ellipse
cx="5.3990002"
cy="8.3950005"
rx="0.071999997"
ry="0.071999997"
id="ellipse20"
style="fill:#00ff00;stroke:none" />
<ellipse
cx="5.3990002"
cy="8.3950005"
rx="0.071999997"
ry="0.071999997"
id="ellipse22"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<ellipse
cx="5.3990002"
cy="8.6149998"
rx="0.071999997"
ry="0.071999997"
id="ellipse24"
style="fill:#ffff00;stroke:none" />
<ellipse
cx="5.3990002"
cy="8.6149998"
rx="0.071999997"
ry="0.071999997"
id="ellipse26"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="0.24699999"
height="0.22"
x="4.987"
y="8.4499998"
id="rect28"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="0.24699999"
height="0.22"
x="4.987"
y="8.4499998"
id="rect30"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<path
d="M 3.991,9.109 L 3.991,10.311"
id="path32"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<path
d="M 4.334,9.109 L 4.334,10.311"
id="path34"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<path
d="M 4.678,9.109 L 4.678,10.311"
id="path36"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<path
d="M 5.021,9.109 L 5.021,10.311"
id="path38"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<path
d="M 5.364,9.109 L 5.364,10.311"
id="path40"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<path
d="M 5.708,9.109 L 5.708,10.311"
id="path42"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<polygon
points="3.236,10.964 3.648,10.14 3.648,10.552 5.708,10.552 5.708,10.14 6.257,10.964 3.236,10.964 "
id="polygon44"
style="fill:#999999;stroke:none;stroke-width:0.01" />
<polygon
points="3.236,10.964 3.648,10.14 3.648,10.552 5.708,10.552 5.708,10.14 6.257,10.964 3.236,10.964 "
id="polygon46"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="1.8"
height="5.4000001"
x="17.767"
y="5.6500001"
id="rect48"
style="fill:#d9d9cd;stroke:none;stroke-width:0" />
<rect
width="1.8"
height="5.4000001"
x="17.767"
y="5.6500001"
id="rect50"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="1.8"
height="5.4000001"
x="17.767"
y="5.6500001"
id="rect52"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="1.4400001"
height="2.1600001"
x="17.947001"
y="5.8299999"
id="rect54"
style="fill:#d9d9cd;stroke:none;stroke-width:0" />
<rect
width="1.4400001"
height="2.1600001"
x="17.947001"
y="5.8299999"
id="rect56"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="1.4400001"
height="2.1600001"
x="17.947001"
y="5.8299999"
id="rect58"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<line
x1="17.947001"
y1="6.1900001"
x2="19.386999"
y2="6.1900001"
stroke="#000000"
stroke-width="0.010"
id="line60"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.386999"
y1="6.5500002"
x2="17.947001"
y2="6.5500002"
stroke="#000000"
stroke-width="0.010"
id="line62"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.947001"
y1="6.9099998"
x2="19.386999"
y2="6.9099998"
stroke="#000000"
stroke-width="0.010"
id="line64"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.947001"
y1="7.27"
x2="19.386999"
y2="7.27"
stroke="#000000"
stroke-width="0.010"
id="line66"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.386999"
y1="7.6300001"
x2="17.947001"
y2="7.6300001"
stroke="#000000"
stroke-width="0.010"
id="line68"
style="stroke:#000000;stroke-width:0.01" />
<rect
width="0.99000001"
height="0.54000002"
x="17.947001"
y="8.1700001"
id="rect70"
style="fill:#d9d9cd;stroke:none;stroke-width:0" />
<rect
width="0.99000001"
height="0.54000002"
x="17.947001"
y="8.1700001"
id="rect72"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="0.99000001"
height="0.54000002"
x="17.947001"
y="8.1700001"
id="rect74"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<line
x1="17.767"
y1="9.0699997"
x2="19.566999"
y2="9.0699997"
stroke="#000000"
stroke-width="0.010"
id="line76"
style="stroke:#000000;stroke-width:0.01" />
<rect
width="0.090000004"
height="0.090000004"
x="18.577"
y="9.25"
id="rect78"
style="fill:#00cd00;stroke:none;stroke-width:0" />
<rect
width="0.090000004"
height="0.090000004"
x="18.577"
y="9.25"
id="rect80"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="0.090000004"
height="0.090000004"
x="18.577"
y="9.25"
id="rect82"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="0.090000004"
height="0.090000004"
x="18.937"
y="9.25"
id="rect84"
style="fill:#cdcd00;stroke:none;stroke-width:0" />
<rect
width="0.090000004"
height="0.090000004"
x="18.937"
y="9.25"
id="rect86"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="0.090000004"
height="0.090000004"
x="18.937"
y="9.25"
id="rect88"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="0.090000004"
height="0.090000004"
x="19.297001"
y="9.25"
id="rect90"
style="fill:#cd0000;stroke:none;stroke-width:0" />
<rect
width="0.090000004"
height="0.090000004"
x="19.297001"
y="9.25"
id="rect92"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="0.090000004"
height="0.090000004"
x="19.297001"
y="9.25"
id="rect94"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="0.18000001"
height="0.18000001"
x="19.207001"
y="8.71"
id="rect96"
style="fill:#cdcdbd;stroke:none;stroke-width:0" />
<rect
width="0.18000001"
height="0.18000001"
x="19.207001"
y="8.71"
id="rect98"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="0.18000001"
height="0.18000001"
x="19.207001"
y="8.71"
id="rect100"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<line
x1="17.947001"
y1="8.4399996"
x2="18.937"
y2="8.4399996"
stroke="#000000"
stroke-width="0.010"
id="line102"
style="stroke:#000000;stroke-width:0.01" />
<rect
width="0.27000001"
height="0.27000001"
x="17.947001"
y="9.1599998"
id="rect104"
style="fill:#cdcdbd;stroke:none;stroke-width:0" />
<rect
width="0.27000001"
height="0.27000001"
x="17.947001"
y="9.1599998"
id="rect106"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="0.27000001"
height="0.27000001"
x="17.947001"
y="9.1599998"
id="rect108"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<rect
width="1.26"
height="0.090000004"
x="18.037001"
y="7.7199998"
id="rect110"
style="fill:#cdcdc1;stroke:none;stroke-width:0" />
<rect
width="1.26"
height="0.090000004"
x="18.037001"
y="7.7199998"
id="rect112"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="1.26"
height="0.090000004"
x="18.037001"
y="7.7199998"
id="rect114"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<line
x1="18.037001"
y1="8.2600002"
x2="18.847"
y2="8.2600002"
stroke="#000000"
stroke-width="0.010"
id="line116"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="18.847"
y1="8.3500004"
x2="18.757"
y2="8.3500004"
stroke="#000000"
stroke-width="0.010"
id="line118"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="18.037001"
y1="8.3500004"
x2="18.127001"
y2="8.3500004"
stroke="#000000"
stroke-width="0.010"
id="line120"
style="stroke:#000000;stroke-width:0.01" />
<rect
width="0.44999999"
height="0.090000004"
x="18.216999"
y="8.2600002"
id="rect122"
style="fill:#cdcdc1;stroke:none;stroke-width:0" />
<rect
width="0.44999999"
height="0.090000004"
x="18.216999"
y="8.2600002"
id="rect124"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="0.44999999"
height="0.090000004"
x="18.216999"
y="8.2600002"
id="rect126"
style="fill:none;stroke:#000000;stroke-width:0.01" />
<line
x1="18.037001"
y1="7.9000001"
x2="18.127001"
y2="7.9000001"
stroke="#000000"
stroke-width="0.010"
id="line128"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="18.216999"
y1="7.9000001"
x2="18.306999"
y2="7.9000001"
stroke="#000000"
stroke-width="0.010"
id="line130"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.117001"
y1="7.9000001"
x2="19.297001"
y2="7.9000001"
stroke="#000000"
stroke-width="0.010"
id="line132"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.857"
y1="10.96"
x2="19.476999"
y2="10.96"
stroke="#000000"
stroke-width="0.010"
id="line134"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.476999"
y1="10.87"
x2="17.857"
y2="10.87"
stroke="#000000"
stroke-width="0.010"
id="line136"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.857"
y1="10.78"
x2="19.476999"
y2="10.78"
stroke="#000000"
stroke-width="0.010"
id="line138"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.476999"
y1="10.69"
x2="17.857"
y2="10.69"
stroke="#000000"
stroke-width="0.010"
id="line140"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.857"
y1="10.6"
x2="19.476999"
y2="10.6"
stroke="#000000"
stroke-width="0.010"
id="line142"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.476999"
y1="10.51"
x2="17.857"
y2="10.51"
stroke="#000000"
stroke-width="0.010"
id="line144"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.857"
y1="10.42"
x2="19.476999"
y2="10.42"
stroke="#000000"
stroke-width="0.010"
id="line146"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.476999"
y1="10.33"
x2="17.857"
y2="10.33"
stroke="#000000"
stroke-width="0.010"
id="line148"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.857"
y1="10.24"
x2="19.476999"
y2="10.24"
stroke="#000000"
stroke-width="0.010"
id="line150"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.476999"
y1="10.15"
x2="17.857"
y2="10.15"
stroke="#000000"
stroke-width="0.010"
id="line152"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.857"
y1="10.06"
x2="19.476999"
y2="10.06"
stroke="#000000"
stroke-width="0.010"
id="line154"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.476999"
y1="9.9700003"
x2="17.857"
y2="9.9700003"
stroke="#000000"
stroke-width="0.010"
id="line156"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="17.857"
y1="9.8800001"
x2="19.476999"
y2="9.8800001"
stroke="#000000"
stroke-width="0.010"
id="line158"
style="stroke:#000000;stroke-width:0.01" />
<line
x1="19.476999"
y1="9.79"
x2="17.857"
y2="9.79"
stroke="#000000"
stroke-width="0.010"
id="line160"
style="stroke:#000000;stroke-width:0.01" />
<rect
width="2.7190001"
height="2.3989999"
x="6.5500002"
y="6.1869998"
id="rect162"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<ellipse
cx="7.9089999"
cy="8.585"
rx="1.359"
ry="0.40000001"
id="ellipse164"
style="fill:#ffffff;stroke:none" />
<ellipse
cx="7.9089999"
cy="6.1869998"
rx="1.359"
ry="0.40000001"
id="ellipse166"
style="fill:#ffffff;stroke:none" />
<ellipse
cx="7.9089999"
cy="6.1869998"
rx="1.359"
ry="0.40000001"
id="ellipse168"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<path
d="M 9.269,6.187 L 9.269,8.585 C 9.269,8.806 8.66,8.985 7.909,8.985 C 7.159,8.985 6.55,8.806 6.55,8.585 L 6.55,6.187"
id="path170"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2.7190001"
height="2.3989999"
x="14.112"
y="6.1999998"
id="rect172"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<ellipse
cx="15.472"
cy="8.599"
rx="1.359"
ry="0.40000001"
id="ellipse174"
style="fill:#ffffff;stroke:none" />
<ellipse
cx="15.472"
cy="6.1999998"
rx="1.359"
ry="0.40000001"
id="ellipse176"
style="fill:#ffffff;stroke:none" />
<ellipse
cx="15.472"
cy="6.1999998"
rx="1.359"
ry="0.40000001"
id="ellipse178"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<path
d="M 16.831,6.2 L 16.831,8.599 C 16.831,8.82 16.223,8.999 15.472,8.999 C 14.721,8.999 14.112,8.82 14.112,8.599 L 14.112,6.2"
id="path180"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<line
x1="5.7249999"
y1="7.3499999"
x2="6.5250001"
y2="7.3499999"
stroke="#000000"
stroke-width="0.100"
id="line182"
style="stroke:#000000;stroke-width:0.1" />
<line
x1="16.825001"
y1="7.4000001"
x2="17.75"
y2="7.375"
stroke="#000000"
stroke-width="0.100"
id="line184"
style="stroke:#000000;stroke-width:0.1" />
<path
d="M 8.65,9.2 C 9.0031969,10.514524 10.174957,11.443114 11.535409,11.486614 C 12.89586,11.530113 14.124549,10.678275 14.561,9.389"
id="path186"
style="fill:none;stroke:#000000;stroke-width:0.1;stroke-dasharray:0.1, 0.1" />
<polyline
fill="none"
stroke="#000000"
stroke-width="0.100"
points="14.713,9.830 14.597,9.283 14.229,9.704 "
id="polyline188"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="7.02"
y="4.9749999"
id="text190"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NT4 Registry</text>
<text
x="7.691"
y="5.5749998"
id="text192"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">SAM</text>
<text
x="13.871"
y="4.9250002"
id="text194"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba SAM</text>
<text
x="13.221"
y="5.5250001"
id="text196"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">(ldapsam or tdbsam)</text>
<text
x="4.2259998"
y="4.0250001"
id="text198"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NT4</text>
<text
x="4.1719999"
y="4.8249998"
id="text200"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">PDC</text>
<text
x="17.992001"
y="4"
id="text202"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
<text
x="18.407"
y="4.8000002"
id="text204"
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">DC</text>
<text
x="5.8540001"
y="13.625"
id="text206"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">net rpc vampire</text>
<text
x="5.5139999"
y="14.325"
id="text208"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Migration migrates:</text>
<text
x="14.664"
y="13.375"
id="text210"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">User Accounts</text>
<text
x="14.557"
y="14.075"
id="text212"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Domain Groups</text>
<text
x="14.311"
y="14.775"
id="text214"
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Machine Accounts</text>
<line
x1="10.725"
y1="13.8"
x2="12.25"
y2="13.818"
stroke="#000000"
stroke-width="0.100"
id="line216"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="12.247,14.068 12.75,13.824 12.253,13.568 12.247,14.068 "
id="polygon218"
style="fill:#000000;stroke:none;stroke-width:0.1" />
</svg>

After

Width:  |  Height:  |  Size: 19 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 60 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 96 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 97 KiB

View File

@ -0,0 +1,514 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
version="1.0"
width="17.290001cm"
height="13.335cm"
viewBox="23.46 19.665 40.75 33"
id="svg2">
<defs
id="defs177" />
<rect
width="2"
height="2"
x="29.1"
y="23"
id="rect4"
style="fill:#fff4db;stroke:none;stroke-width:0" />
<rect
width="2"
height="2"
x="29.1"
y="23"
id="rect6"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2"
height="2"
x="32.035"
y="27.59"
id="rect8"
style="fill:#d8d8d8;stroke:none;stroke-width:0" />
<rect
width="2"
height="2"
x="32.035"
y="27.59"
id="rect10"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2"
height="2.04"
x="29.184999"
y="27.549999"
id="rect12"
style="fill:#d0d0d0;stroke:none;stroke-width:0" />
<rect
width="2"
height="2.04"
x="29.184999"
y="27.549999"
id="rect14"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2.8399999"
height="1.735"
x="23.51"
y="23.139999"
id="rect16"
style="fill:#a9d8cb;stroke:none;stroke-width:0" />
<rect
width="2.8399999"
height="1.735"
x="23.51"
y="23.139999"
id="rect18"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2.825"
height="1.885"
x="32.674999"
y="20.940001"
id="rect20"
style="fill:#dedede;stroke:none;stroke-width:0" />
<rect
width="2.825"
height="1.885"
x="32.674999"
y="20.940001"
id="rect22"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2.6500001"
height="2.01"
x="37.799999"
y="19.715"
id="rect24"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="2.6500001"
height="2.01"
x="37.799999"
y="19.715"
id="rect26"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2.3"
height="2.0150001"
x="38.025002"
y="22.1"
id="rect28"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="2.3"
height="2.0150001"
x="38.025002"
y="22.1"
id="rect30"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<rect
width="2.25"
height="2.0599999"
x="35.150002"
y="27.565001"
id="rect32"
style="fill:#d8d8d8;stroke:none;stroke-width:0" />
<rect
width="2.25"
height="2.0599999"
x="35.150002"
y="27.565001"
id="rect34"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="24.200001"
y="23.9"
id="text36"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Windows</text>
<text
x="24.462999"
y="24.5"
id="text38"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Client</text>
<text
x="29.659"
y="24.15"
id="text40"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">smbd</text>
<text
x="33.388"
y="22.051001"
id="text42"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">winbindd</text>
<text
x="29.76"
y="28.676001"
id="text44"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NSS</text>
<text
x="32.653999"
y="28.775999"
id="text46"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">PAM</text>
<text
x="35.763"
y="28.700001"
id="text48"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP</text>
<text
x="38.696999"
y="23"
id="text50"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">W2Kx</text>
<text
x="38.805"
y="23.6"
id="text52"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">ADS</text>
<text
x="38.759998"
y="20.6"
id="text54"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NT4</text>
<text
x="38.477001"
y="21.200001"
id="text56"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Domain</text>
<line
x1="26.9"
y1="24.006001"
x2="28.549999"
y2="24.000999"
stroke="#000000"
stroke-width="0.100"
id="line58"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="26.899,23.756 26.4,24.007 26.901,24.256 26.899,23.756 "
id="polygon60"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="28.551,24.251 29.05,24 28.549,23.752 28.551,24.251 "
id="polygon62"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="29.52"
y1="25.575001"
x2="29.504999"
y2="27"
stroke="#000000"
stroke-width="0.100"
id="line64"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="29.77,25.577 29.525,25.075 29.27,25.572 29.77,25.577 "
id="polygon66"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="29.255,26.998 29.5,27.5 29.755,27.003 29.255,26.998 "
id="polygon68"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="31.393999"
y1="25.190001"
x2="32.605999"
y2="27.110001"
stroke="#000000"
stroke-width="0.100"
id="line70"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="31.605,25.057 31.127,24.767 31.182,25.324 31.605,25.057 "
id="polygon72"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="32.395,27.243 32.873,27.533 32.818,26.976 32.395,27.243 "
id="polygon74"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="31.481001"
y1="23.128"
x2="32.293999"
y2="22.278999"
stroke="#000000"
stroke-width="0.100"
id="line76"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="31.3,22.955 31.135,23.489 31.661,23.301 31.3,22.955 "
id="polygon78"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="32.475,22.453 32.64,21.919 32.114,22.106 32.475,22.453 "
id="polygon80"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="31.552999"
y1="24.312"
x2="35.821999"
y2="27.253"
stroke="#000000"
stroke-width="0.100"
id="line82"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="31.695,24.106 31.141,24.028 31.411,24.518 31.695,24.106 "
id="polygon84"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="35.68,27.459 36.234,27.537 35.964,27.047 35.68,27.459 "
id="polygon86"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="36.066002"
y1="21.360001"
x2="37.284"
y2="20.91"
stroke="#000000"
stroke-width="0.100"
id="line88"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="35.979,21.125 35.597,21.533 36.153,21.594 35.979,21.125 "
id="polygon90"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="37.371,21.145 37.753,20.737 37.197,20.676 37.371,21.145 "
id="polygon92"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="36.013"
y1="22.323999"
x2="37.512001"
y2="22.908001"
stroke="#000000"
stroke-width="0.100"
id="line94"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="36.103,22.091 35.547,22.143 35.922,22.557 36.103,22.091 "
id="polygon96"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="37.422,23.141 37.978,23.089 37.603,22.675 37.422,23.141 "
id="polygon98"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<rect
width="2.95"
height="2.01"
x="37.75"
y="24.565001"
id="rect100"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="2.95"
height="2.01"
x="37.75"
y="24.565001"
id="rect102"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="38.654999"
y="25.424999"
id="text104"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
<text
x="38.414001"
y="26.025"
id="text106"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">PDC/BDC</text>
<line
x1="34.959"
y1="23.228001"
x2="37.328999"
y2="25.216999"
stroke="#000000"
stroke-width="0.100"
id="line108"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="35.12,23.037 34.576,22.907 34.798,23.42 35.12,23.037 "
id="polygon110"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="37.168,25.408 37.712,25.538 37.489,25.025 37.168,25.408 "
id="polygon112"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<rect
width="3.915"
height="1.76"
x="29.01"
y="31.190001"
id="rect114"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="3.915"
height="1.76"
x="29.01"
y="31.190001"
id="rect116"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<line
x1="30.181999"
y1="30.139999"
x2="30.177999"
y2="30.65"
stroke="#000000"
stroke-width="0.100"
id="line118"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="30.432,30.142 30.185,29.64 29.932,30.138 30.432,30.142 "
id="polygon120"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="29.928,30.648 30.175,31.15 30.428,30.652 29.928,30.648 "
id="polygon122"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="31.402"
y1="30.853001"
x2="32.599998"
y2="29.927"
stroke="#000000"
stroke-width="0.100"
id="line124"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="31.249,30.656 31.007,31.159 31.555,31.051 31.249,30.656 "
id="polygon126"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="32.753,30.124 32.995,29.621 32.447,29.729 32.753,30.124 "
id="polygon128"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="34.584999"
y1="28.591999"
x2="34.599998"
y2="28.593"
stroke="#000000"
stroke-width="0.100"
id="line130"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="34.586,28.342 34.085,28.59 34.584,28.842 34.586,28.342 "
id="polygon132"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="34.599,28.843 35.1,28.595 34.601,28.343 34.599,28.843 "
id="polygon134"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<text
x="30.027"
y="31.975"
id="text136"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">/etc/passwd</text>
<text
x="30.179001"
y="32.575001"
id="text138"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">/etc/group</text>
<rect
width="2.0650001"
height="1.76"
x="33.535"
y="31.190001"
id="rect140"
style="fill:#ffffff;stroke:none;stroke-width:0" />
<rect
width="2.0650001"
height="1.76"
x="33.535"
y="31.190001"
id="rect142"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<text
x="34.049"
y="32.25"
id="text144"
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NIS[+]</text>
<line
x1="34.515999"
y1="30.754"
x2="33.839001"
y2="29.987"
stroke="#000000"
stroke-width="0.100"
id="line146"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="34.329,30.919 34.847,31.129 34.704,30.588 34.329,30.919 "
id="polygon148"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="34.027,29.822 33.508,29.612 33.652,30.153 34.027,29.822 "
id="polygon150"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="33.080002"
y1="30.879999"
x2="31.639999"
y2="29.9"
stroke="#000000"
stroke-width="0.100"
id="line152"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="32.94,31.087 33.494,31.162 33.221,30.674 32.94,31.087 "
id="polygon154"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="31.78,29.693 31.226,29.618 31.499,30.106 31.78,29.693 "
id="polygon156"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<path
d="M 34.773,27.172 C 33.554243,26.096992 31.732941,26.07362 30.487,27.117"
id="path158"
style="fill:none;stroke:#000000;stroke-width:0.1" />
<polygon
points="30.268,26.92 30.133,27.462 30.648,27.245 30.268,26.92 "
id="polygon160"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="34.609,27.296 35.118,27.526 34.997,26.98 34.609,27.296 "
id="polygon162"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="33.568001"
y1="27.028999"
x2="34.02"
y2="23.371"
stroke="#000000"
stroke-width="0.100"
id="line164"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="33.319,26.998 33.506,27.525 33.816,27.06 33.319,26.998 "
id="polygon166"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="34.268,23.402 34.081,22.875 33.772,23.34 34.268,23.402 "
id="polygon168"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<line
x1="31.264999"
y1="27.030001"
x2="33.073002"
y2="23.292"
stroke="#000000"
stroke-width="0.100"
id="line170"
style="stroke:#000000;stroke-width:0.1" />
<polygon
points="31.039,26.921 31.047,27.48 31.49,27.139 31.039,26.921 "
id="polygon172"
style="fill:#000000;stroke:none;stroke-width:0.1" />
<polygon
points="33.298,23.401 33.291,22.842 32.848,23.183 33.298,23.401 "
id="polygon174"
style="fill:#000000;stroke:none;stroke-width:0.1" />
</svg>

After

Width:  |  Height:  |  Size: 15 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 244 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 96 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 233 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 236 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 98 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 236 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 94 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 82 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 35 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 89 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 72 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 81 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 92 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 85 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 84 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 100 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 18 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 31 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 29 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 29 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.5 KiB

View File

@ -0,0 +1,153 @@
<?xml version="1.0"?>
<!DOCTYPE book PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<book id="S3bE"
xmlns:xi="http://www.w3.org/2003/XInclude">
<title>Samba-3 by Example</title>
<subtitle>Practical Exercises in Successful Samba Deployment</subtitle>
<bookinfo>
<authorgroup>
<author>&person.jht;</author>
</authorgroup>
<pubdate>July, 2006</pubdate>
</bookinfo>
<?latex \clearpage ?>
<?latex \setcounter{page}{7} ?>
<xi:include href="SBE-inside-cover.xml"/>
<xi:include href="SBE-acknowledgements.xml"/>
<?latex \cleardoublepage ?>
<toc/>
<?latex \cleardoublepage ?>
<?latex \listofexamples ?>
<?latex \cleardoublepage ?>
<lot/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-foreword.xml"/>
<xi:include href="SBE-preface.xml"/>
<!-- Chapters -->
<part id="ExNetworks">
<title>Example Network Configurations</title>
<partintro>
<title>Example Network Configurations</title>
<?latex \pagenumbering{arabic} ?>
<para>
This section of <emphasis>Samba-3 by Example</emphasis> provides example network
configurations that can be copied, or modified as needed, and deployed as-is.
The contents have been marginally updated to reflect changes made in Samba=3.0.23.
</para>
<para>
Best use can be made of this book by finding in this section the network design and
layout that best approximates your estimated needs. It is recommended that you will
implement the design pattern exactly as it appears, then after the installation has
been proven to work make any changes or modifications needed at your site.
</para>
<para>
The examples have been tested with Red Hat Fedora Core 2, Novell SUSE Linux Professional
9.3 and Novell SUSE Linux Enterprise Server (SLES) 9. The principals of implementation
apply to all Linux and UNIX systems in general, though some system files and tools will
be different and the location of some Samba file locations will be different since these
are determined by the person who packages Samba for each platform.
</para>
<para>
If you are deploying Samba is a mission-critical environment, or if you simply want
to save time and get your Samba network operational with minimal fuss, there is the
option to purchase commercial, professional, Samba support. Information regarding
commercial support options may be obtained from the commercial
<ulink url="http://www.samba.org/samba/support/">support</ulink> pages from
the Samba web site.
</para>
</partintro>
<?latex \cleardoublepage ?>
<xi:include href="SBE-SimpleOfficeServer.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-TheSmallOffice.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-SecureOfficeServer.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-500UserNetwork.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-MakingHappyUsers.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-2000UserNetwork.xml"/>
<?latex \cleardoublepage ?>
</part>
<part id="DMSMig">
<title>Domain Members, Updating Samba and Migration</title>
<partintro>
<title>Domain Members, Updating Samba and Migration</title>
<para>
This section <emphasis>Samba-3 by Example</emphasis> covers two main topics: How to add
Samba Domain Member Servers and Samba Domain Member Clients to a Samba domain, the other
subject is that of how to migrate from and NT4 Domain, a NetWare server, or from an earlier
Samba version to environments that use the most recent Samba-3 release.
</para>
<para>
Those who are making use of the chapter on Adding UNIX clients and servers running Samba
to a Samba or a Windows networking domain may also benefit by referring to the book
<emphasis>The Official Samba-3 HOWTO and Reference Guide.</emphasis>
</para>
</partintro>
<?latex \cleardoublepage ?>
<xi:include href="SBE-AddingUNIXClients.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-UpgradingSamba.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-MigrateNT4Samba3.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-MigrateNW4Samba3.xml"/>
<?latex \cleardoublepage ?>
</part>
<part id="RefSection">
<title>Reference Section</title>
<partintro>
<title>Reference Section</title>
<para>
This section <emphasis>Samba-3 by Example</emphasis> provides important reference material
that may help you to solve network performance issues, to answer some of the critiques
published regarding Samba, or just to gain a more broad understanding of how Samba can
play in a Windows networking world.
</para>
</partintro>
<?latex \cleardoublepage ?>
<xi:include href="SBE-KerberosFastStart.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-DomainAppsSupport.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-HighAvailability.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-Support.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-Appendix1.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="SBE-Appendix2.xml"/>
<?latex \cleardoublepage ?>
<xi:include href="gpl-3.0.xml"/>
<?latex \cleardoublepage ?>
</part>
<xi:include href="SBE-glossary.xml"/>
<?latex \cleardoublepage ?>
<index/>
</book>

Some files were not shown because too many files have changed in this diff Show More