Merge Samba3 and Samba4 together
301
.gitignore
vendored
Normal file
@ -0,0 +1,301 @@
|
||||
*~
|
||||
*.1
|
||||
*.3
|
||||
*.8
|
||||
*_asn1_files
|
||||
*_asn1.h
|
||||
autom4te.cache
|
||||
config.cache
|
||||
config.h
|
||||
config.h.in
|
||||
config.log
|
||||
config.status
|
||||
configure
|
||||
*.d
|
||||
*_err.c
|
||||
*_err.h
|
||||
examples/libsmbclient/Makefile.internal
|
||||
examples/libsmbclient/smbwrapper/smbsh
|
||||
examples/libsmbclient/smbwrapper/smbwrapper.so
|
||||
examples/libsmbclient/testacl
|
||||
examples/libsmbclient/testacl2
|
||||
examples/libsmbclient/testacl3
|
||||
examples/libsmbclient/testbrowse
|
||||
examples/libsmbclient/testbrowse2
|
||||
examples/libsmbclient/testchmod
|
||||
examples/libsmbclient/testread
|
||||
examples/libsmbclient/testsmbc
|
||||
examples/libsmbclient/teststat
|
||||
examples/libsmbclient/teststat2
|
||||
examples/libsmbclient/teststat3
|
||||
examples/libsmbclient/testtruncate
|
||||
examples/libsmbclient/testutime
|
||||
examples/libsmbclient/testwrite
|
||||
examples/libsmbclient/tree
|
||||
examples/VFS/config.log
|
||||
examples/VFS/config.status
|
||||
examples/VFS/configure
|
||||
examples/VFS/Makefile
|
||||
examples/VFS/module_config.h
|
||||
examples/VFS/module_config.h.in
|
||||
examples/VFS/shadow_copy_test.so
|
||||
examples/VFS/skel_opaque.so
|
||||
examples/VFS/skel_transparent.so
|
||||
*.gcda
|
||||
*.gcno
|
||||
*.hd
|
||||
*.ho
|
||||
*.o
|
||||
*.patch
|
||||
*.pc
|
||||
*.po
|
||||
*.pyc
|
||||
semantic.cache
|
||||
source3/bin/*
|
||||
source3/config.cache
|
||||
source3/config.log
|
||||
source3/config.status
|
||||
source3/configure
|
||||
source3/cscope.out
|
||||
source3/exports/libnetapi.syms
|
||||
source3/exports/libsmbclient.syms
|
||||
source3/exports/libsmbsharemodes.syms
|
||||
source3/exports/libtalloc.syms
|
||||
source3/exports/libtdb.syms
|
||||
source3/exports/libwbclient.syms
|
||||
source3/include/build_env.h
|
||||
source3/include/config.h
|
||||
source3/include/config.h.in
|
||||
source3/include/includes.h.gch
|
||||
source3/include/stamp-h
|
||||
source3/include/version.h
|
||||
source3/lib/netapi/examples/Makefile
|
||||
source3/lib/netapi/tests/Makefile
|
||||
source3/library-versions
|
||||
source3/librpc/gen_ndr/cli_krb5pac.*
|
||||
source3/librpc/gen_ndr/cli_libnetapi.c
|
||||
source3/librpc/gen_ndr/cli_libnetapi.h
|
||||
source3/librpc/gen_ndr/cli_messaging.*
|
||||
source3/librpc/gen_ndr/cli_misc.*
|
||||
source3/librpc/gen_ndr/cli_nbt.c
|
||||
source3/librpc/gen_ndr/cli_nbt.h
|
||||
source3/librpc/gen_ndr/cli_notify.*
|
||||
source3/librpc/gen_ndr/cli_security.*
|
||||
source3/librpc/gen_ndr/cli_xattr.*
|
||||
source3/librpc/gen_ndr/srv_drsuapi.c
|
||||
source3/librpc/gen_ndr/srv_drsuapi.h
|
||||
source3/librpc/gen_ndr/srv_krb5pac.*
|
||||
source3/librpc/gen_ndr/srv_libnetapi.c
|
||||
source3/librpc/gen_ndr/srv_libnetapi.h
|
||||
source3/librpc/gen_ndr/srv_messaging.*
|
||||
source3/librpc/gen_ndr/srv_misc.*
|
||||
source3/librpc/gen_ndr/srv_nbt.c
|
||||
source3/librpc/gen_ndr/srv_nbt.h
|
||||
source3/librpc/gen_ndr/srv_notify.*
|
||||
source3/librpc/gen_ndr/srv_security.*
|
||||
source3/librpc/gen_ndr/srv_xattr.*
|
||||
source3/Makefile
|
||||
source3/nsswitch/*.so
|
||||
source3/pkgconfig/*.pc
|
||||
source3/proto_exists
|
||||
source3/script/findsmb
|
||||
source3/script/gen-8bit-gap.sh
|
||||
source3/script/installbin.sh
|
||||
source3/script/uninstallbin.sh
|
||||
source3/smbadduser
|
||||
source3/smbd/build_options.c
|
||||
source3/st
|
||||
source3/tags
|
||||
source3/TAGS
|
||||
source3/torture.tdb
|
||||
source4/apidocs
|
||||
source4/auth/auth_proto.h
|
||||
source4/auth/auth_sam.h
|
||||
source4/auth/auth_sam_reply.h
|
||||
source4/auth/credentials/credentials_krb5_proto.h
|
||||
source4/auth/credentials/credentials_proto.h
|
||||
source4/auth/gensec/gensec_proto.h
|
||||
source4/auth/gensec/schannel_proto.h
|
||||
source4/auth/gensec/schannel_state.h
|
||||
source4/auth/gensec/spnego_proto.h
|
||||
source4/auth/kerberos/proto.h
|
||||
source4/auth/ntlmssp/msrpc_parse.h
|
||||
source4/auth/ntlmssp/proto.h
|
||||
source4/auth/session_proto.h
|
||||
source4/auth/system_session_proto.h
|
||||
source4/bin/*
|
||||
source4/bin/modules/*
|
||||
source4/bin/shared/*.so*
|
||||
source4/build/smb_build/config.pm
|
||||
source4/cldap_server/proto.h
|
||||
source4/config.mk
|
||||
source4/coverage
|
||||
source4/data.mk
|
||||
source4/dsdb/common/proto.h
|
||||
source4/dsdb/repl/drepl_service_proto.h
|
||||
source4/dsdb/samdb/samdb_proto.h
|
||||
source4/dsdb/schema/proto.h
|
||||
source4/extra_cflags.txt
|
||||
source4/foo.tdb
|
||||
source4/gentest_seeds.dat
|
||||
source4/heimdal/kdc/kdc-private.h
|
||||
source4/heimdal/kdc/kdc-protos.h
|
||||
source4/heimdal/lib/asn1/asn1_*
|
||||
source4/heimdal/lib/asn1/der-protos.h
|
||||
source4/heimdal/lib/asn1/krb5_asn1_files
|
||||
source4/heimdal/lib/asn1/krb5_asn1.h
|
||||
source4/heimdal/lib/des/hcrypto
|
||||
source4/heimdal/lib/gssapi/asn1_*.c
|
||||
source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h
|
||||
source4/heimdal/lib/gssapi/spnego_asn1_files
|
||||
source4/heimdal/lib/gssapi/spnego_asn1.h
|
||||
source4/heimdal/lib/gssapi/spnego/spnego-private.h
|
||||
source4/heimdal/lib/hdb/asn1_*.c
|
||||
source4/heimdal/lib/hdb/hdb_asn1_files
|
||||
source4/heimdal/lib/hdb/hdb_asn1.h
|
||||
source4/heimdal/lib/hdb/hdb_err.?
|
||||
source4/heimdal/lib/hdb/hdb-private.h
|
||||
source4/heimdal/lib/hdb/hdb-protos.h
|
||||
source4/heimdal/lib/hx509/asn1_*.c
|
||||
source4/heimdal/lib/hx509/hx509-private.h
|
||||
source4/heimdal/lib/hx509/hx509-protos.h
|
||||
source4/heimdal/lib/krb5/heim_err.?
|
||||
source4/heimdal/lib/krb5/k524_err.?
|
||||
source4/heimdal/lib/krb5/krb5_err.?
|
||||
source4/heimdal/lib/krb5/krb5-private.h
|
||||
source4/heimdal/lib/krb5/krb5-protos.h
|
||||
source4/heimdal/lib/ntlm/heimntlm-protos.h
|
||||
source4/heimdal/lib/roken/err.h
|
||||
source4/heimdal/lib/roken/vis.h
|
||||
source4/heimdal/lib/wind/*_table.?
|
||||
source4/include/build.h
|
||||
source4/include/config_tmp.h
|
||||
source4/include/config_tmp.h.in
|
||||
source4/kdc/pac_glue.h
|
||||
source4/ldap_server/proto.h
|
||||
source4/lib/charset/charset_proto.h
|
||||
source4/libcli/auth/proto.h
|
||||
source4/libcli/composite/proto.h
|
||||
source4/libcli/finddcs.h
|
||||
source4/libcli/ldap/ldap_proto.h
|
||||
source4/libcli/libcli_proto.h
|
||||
source4/libcli/nbt/nbtname.h
|
||||
source4/libcli/nbt/nbt_proto.h
|
||||
source4/libcli/ndr_netlogon_proto.h
|
||||
source4/libcli/netlogon_proto.h
|
||||
source4/libcli/raw/raw_proto.h
|
||||
source4/libcli/resolve/lp_proto.h
|
||||
source4/libcli/resolve/proto.h
|
||||
source4/libcli/security/proto.h
|
||||
source4/libcli/smb2/smb2_proto.h
|
||||
source4/libcli/smb_composite/proto.h
|
||||
source4/libcli/util/clilsa.h
|
||||
source4/libcli/util/proto.h
|
||||
source4/libcli/wrepl/winsrepl_proto.h
|
||||
source4/lib/cmdline/credentials.h
|
||||
source4/lib/cmdline/popt_credentials.h
|
||||
source4/lib/crypto/test_proto.h
|
||||
source4/lib/db_wrap_proto.h
|
||||
source4/lib/ldb/bin
|
||||
source4/lib/ldb/examples/ldbreader
|
||||
source4/lib/ldb/examples/ldifreader
|
||||
source4/lib/ldb/lib
|
||||
source4/lib/ldb/man/*.html
|
||||
source4/lib/ldb-samba/ldif_handlers.h
|
||||
source4/lib/ldb/samba/ldif_handlers_proto.h
|
||||
source4/lib/ldb/tests/tmp
|
||||
source4/libnet/libnet_proto.h
|
||||
source4/lib/registry/regf.h
|
||||
source4/lib/registry/tdr_regf.c
|
||||
source4/lib/registry/tdr_regf.h
|
||||
source4/lib/registry/tests/proto.h
|
||||
source4/lib/registry/tools/common.h
|
||||
source4/librpc/gen_ndr
|
||||
source4/librpc/idl-deps
|
||||
source4/librpc/ndr/libndr_proto.h
|
||||
source4/librpc/ndr/ndr_compression.h
|
||||
source4/librpc/ndr/ndr_spoolss_buf.h
|
||||
source4/librpc/ndr/ndr_table.h
|
||||
source4/librpc/rpc/dcerpc_proto.h
|
||||
source4/librpc/rpc/dcerpc_table.h
|
||||
source4/lib/samba3/samba3_proto.h
|
||||
source4/lib/samba3/samba3_smbpasswd_proto.h
|
||||
source4/lib/socket/netif_proto.h
|
||||
source4/lib/talloc/talloc.3.html
|
||||
source4/lib/talloc/testsuite
|
||||
source4/lib/tdb/bin/tdbbackup
|
||||
source4/lib/tdb/bin/tdbdump
|
||||
source4/lib/tdb/bin/tdbtool
|
||||
source4/lib/tdb/bin/tdbtorture
|
||||
source4/lib/tdr/tdr_proto.h
|
||||
source4/lib/util/apidocs
|
||||
source4/lib/util/asn1_proto.h
|
||||
source4/lib/util/pidfile.h
|
||||
source4/lib/util/unix_privs.h
|
||||
source4/lib/util/util_proto.h
|
||||
source4/lib/util/util_tdb.h
|
||||
source4/mkconfig.mk
|
||||
source4/nbt_server/dgram/proto.h
|
||||
source4/nbt_server/nbt_server_proto.h
|
||||
source4/nbt_server/wins/winsdb_proto.h
|
||||
source4/nbt_server/wins/winsserver_proto.h
|
||||
source4/ntptr/ntptr_proto.h
|
||||
source4/ntvfs/cifs_posix_cli/proto.h
|
||||
source4/ntvfs/common/proto.h
|
||||
source4/ntvfs/ipc/proto.h
|
||||
source4/ntvfs/ntvfs_proto.h
|
||||
source4/ntvfs/posix/vfs_posix_proto.h
|
||||
source4/ntvfs/simple/proto.h
|
||||
source4/param/proto.h
|
||||
source4/param/secrets_proto.h
|
||||
source4/param/share_proto.h
|
||||
source4/passdb/proto.h
|
||||
source4/pidl/blib
|
||||
source4/pidl/cover_db
|
||||
source4/pidl/Makefile
|
||||
source4/pidl/pm_to_blib
|
||||
source4/rpc_server/common/proto.h
|
||||
source4/rpc_server/dcerpc_server_proto.h
|
||||
source4/rpc_server/lsa/proto.h
|
||||
source4/rpc_server/samr/proto.h
|
||||
source4/rpc_server/srvsvc/proto.h
|
||||
source4/samba.info
|
||||
source4/scripting/ejs/ejsnet/proto.h
|
||||
source4/scripting/ejs/proto.h
|
||||
source4/smbd/pidfile.h
|
||||
source4/smbd/process_model_proto.h
|
||||
source4/smbd/service_proto.h
|
||||
source4/smb_server/service_smb_proto.h
|
||||
source4/smb_server/smb2/smb2_proto.h
|
||||
source4/smb_server/smb_server_proto.h
|
||||
source4/smb_server/smb/smb_proto.h
|
||||
source4/st
|
||||
source4/templates.ldb
|
||||
source4/test-results
|
||||
source4/tests
|
||||
source4/torture/auth/proto.h
|
||||
source4/torture/basic/proto.h
|
||||
source4/torture/ldap/proto.h
|
||||
source4/torture/libnet/proto.h
|
||||
source4/torture/local/proto.h
|
||||
source4/torture/nbench/proto.h
|
||||
source4/torture/nbt/proto.h
|
||||
source4/torture/ndr/proto.h
|
||||
source4/torture/proto.h
|
||||
source4/torture/rap/proto.h
|
||||
source4/torture/raw/proto.h
|
||||
source4/torture/rpc/proto.h
|
||||
source4/torture/smb2/proto.h
|
||||
source4/torture.tdb
|
||||
source4/torture/unix/proto.h
|
||||
source4/torture/winbind/proto.h
|
||||
source4/utils/net/net_proto.h
|
||||
source4/version.h
|
||||
source4/web_server/proto.h
|
||||
source4/winbind/idmap_proto.h
|
||||
source4/winbind/wb_helper.h
|
||||
source4/winbind/wb_proto.h
|
||||
source4/wrepl_server/wrepl_server_proto.h
|
||||
*.swp
|
||||
tags
|
||||
*.x
|
24
BUGS4.txt
Normal file
@ -0,0 +1,24 @@
|
||||
Samba4 alpha4 is not a final Samba release. That is more a reference
|
||||
to Samba4's lack of the features we expect you will need than a
|
||||
statement of code quality, but clearly it hasn't seen a broad
|
||||
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
|
||||
Samba4, you would find many things work, but that other key features
|
||||
you may have relied on simply are not there yet.
|
||||
|
||||
For example, while Samba 3.0 is an excellent member of a Active
|
||||
Directory domain, Samba4 is happier as a domain controller, and it is
|
||||
in this role where it has seen deployment into production.
|
||||
|
||||
Samba4 is subjected to an awesome battery of tests on an
|
||||
automated basis, we have found Samba4 to be very stable in it's
|
||||
behaviour. We have to recommend against upgrading production servers
|
||||
from Samba 3 to Samba 4 at this stage, because there may be the features on
|
||||
which you may rely that are not present, or the mapping of
|
||||
your configuration and user database may not be complete.
|
||||
|
||||
If you are upgrading, or looking to develop, test or deploy Samba4, you should
|
||||
backup all configuration and data.
|
||||
|
||||
We welcome your testing, please file bug reports at
|
||||
https://bugzilla.samba.org/, product: Samba4. Please include as much
|
||||
information as possible, such as GIT revision number and backtraces.
|
674
COPYING
Normal file
@ -0,0 +1,674 @@
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The GNU General Public License is a free, copyleft license for
|
||||
software and other kinds of works.
|
||||
|
||||
The licenses for most software and other practical works are designed
|
||||
to take away your freedom to share and change the works. By contrast,
|
||||
the GNU General Public License is intended to guarantee your freedom to
|
||||
share and change all versions of a program--to make sure it remains free
|
||||
software for all its users. We, the Free Software Foundation, use the
|
||||
GNU General Public License for most of our software; it applies also to
|
||||
any other work released this way by its authors. You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
them if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new
|
||||
free programs, and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to prevent others from denying you
|
||||
these rights or asking you to surrender the rights. Therefore, you have
|
||||
certain responsibilities if you distribute copies of the software, or if
|
||||
you modify it: responsibilities to respect the freedom of others.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must pass on to the recipients the same
|
||||
freedoms that you received. You must make sure that they, too, receive
|
||||
or can get the source code. And you must show them these terms so they
|
||||
know their rights.
|
||||
|
||||
Developers that use the GNU GPL protect your rights with two steps:
|
||||
(1) assert copyright on the software, and (2) offer you this License
|
||||
giving you legal permission to copy, distribute and/or modify it.
|
||||
|
||||
For the developers' and authors' protection, the GPL clearly explains
|
||||
that there is no warranty for this free software. For both users' and
|
||||
authors' sake, the GPL requires that modified versions be marked as
|
||||
changed, so that their problems will not be attributed erroneously to
|
||||
authors of previous versions.
|
||||
|
||||
Some devices are designed to deny users access to install or run
|
||||
modified versions of the software inside them, although the manufacturer
|
||||
can do so. This is fundamentally incompatible with the aim of
|
||||
protecting users' freedom to change the software. The systematic
|
||||
pattern of such abuse occurs in the area of products for individuals to
|
||||
use, which is precisely where it is most unacceptable. Therefore, we
|
||||
have designed this version of the GPL to prohibit the practice for those
|
||||
products. If such problems arise substantially in other domains, we
|
||||
stand ready to extend this provision to those domains in future versions
|
||||
of the GPL, as needed to protect the freedom of users.
|
||||
|
||||
Finally, every program is threatened constantly by software patents.
|
||||
States should not allow patents to restrict development and use of
|
||||
software on general-purpose computers, but in those that do, we wish to
|
||||
avoid the special danger that patents applied to a free program could
|
||||
make it effectively proprietary. To prevent this, the GPL assures that
|
||||
patents cannot be used to render the program non-free.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
TERMS AND CONDITIONS
|
||||
|
||||
0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU General Public License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||
works, such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this
|
||||
License. Each licensee is addressed as "you". "Licensees" and
|
||||
"recipients" may be individuals or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work
|
||||
in a fashion requiring copyright permission, other than the making of an
|
||||
exact copy. The resulting work is called a "modified version" of the
|
||||
earlier work or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based
|
||||
on the Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for
|
||||
infringement under applicable copyright law, except executing it on a
|
||||
computer or modifying a private copy. Propagation includes copying,
|
||||
distribution (with or without modification), making available to the
|
||||
public, and in some countries other activities as well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other
|
||||
parties to make or receive copies. Mere interaction with a user through
|
||||
a computer network, with no transfer of a copy, is not conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices"
|
||||
to the extent that it includes a convenient and prominently visible
|
||||
feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the
|
||||
extent that warranties are provided), that licensees may convey the
|
||||
work under this License, and how to view a copy of this License. If
|
||||
the interface presents a list of user commands or options, such as a
|
||||
menu, a prominent item in the list meets this criterion.
|
||||
|
||||
1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work
|
||||
for making modifications to it. "Object code" means any non-source
|
||||
form of a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official
|
||||
standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that
|
||||
is widely used among developers working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other
|
||||
than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major
|
||||
Component, and (b) serves only to enable use of the work with that
|
||||
Major Component, or to implement a Standard Interface for which an
|
||||
implementation is available to the public in source code form. A
|
||||
"Major Component", in this context, means a major essential component
|
||||
(kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to
|
||||
produce the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all
|
||||
the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work's
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but
|
||||
which are not part of the work. For example, Corresponding Source
|
||||
includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically
|
||||
linked subprograms that the work is specifically designed to require,
|
||||
such as by intimate data communication or control flow between those
|
||||
subprograms and other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users
|
||||
can regenerate automatically from other parts of the Corresponding
|
||||
Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that
|
||||
same work.
|
||||
|
||||
2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of
|
||||
copyright on the Program, and are irrevocable provided the stated
|
||||
conditions are met. This License explicitly affirms your unlimited
|
||||
permission to run the unmodified Program. The output from running a
|
||||
covered work is covered by this License only if the output, given its
|
||||
content, constitutes a covered work. This License acknowledges your
|
||||
rights of fair use or other equivalent, as provided by copyright law.
|
||||
|
||||
You may make, run and propagate covered works that you do not
|
||||
convey, without conditions so long as your license otherwise remains
|
||||
in force. You may convey covered works to others for the sole purpose
|
||||
of having them make modifications exclusively for you, or provide you
|
||||
with facilities for running those works, provided that you comply with
|
||||
the terms of this License in conveying all material for which you do
|
||||
not control copyright. Those thus making or running the covered works
|
||||
for you must do so exclusively on your behalf, under your direction
|
||||
and control, on terms that prohibit them from making any copies of
|
||||
your copyrighted material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under
|
||||
the conditions stated below. Sublicensing is not allowed; section 10
|
||||
makes it unnecessary.
|
||||
|
||||
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological
|
||||
measure under any applicable law fulfilling obligations under article
|
||||
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||
similar laws prohibiting or restricting circumvention of such
|
||||
measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such circumvention
|
||||
is effected by exercising rights under this License with respect to
|
||||
the covered work, and you disclaim any intention to limit operation or
|
||||
modification of the work as a means of enforcing, against the work's
|
||||
users, your or third parties' legal rights to forbid circumvention of
|
||||
technological measures.
|
||||
|
||||
4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and
|
||||
appropriately publish on each copy an appropriate copyright notice;
|
||||
keep intact all notices stating that this License and any
|
||||
non-permissive terms added in accord with section 7 apply to the code;
|
||||
keep intact all notices of the absence of any warranty; and give all
|
||||
recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey,
|
||||
and you may offer support or warranty protection for a fee.
|
||||
|
||||
5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to
|
||||
produce it from the Program, in the form of source code under the
|
||||
terms of section 4, provided that you also meet all of these conditions:
|
||||
|
||||
a) The work must carry prominent notices stating that you modified
|
||||
it, and giving a relevant date.
|
||||
|
||||
b) The work must carry prominent notices stating that it is
|
||||
released under this License and any conditions added under section
|
||||
7. This requirement modifies the requirement in section 4 to
|
||||
"keep intact all notices".
|
||||
|
||||
c) You must license the entire work, as a whole, under this
|
||||
License to anyone who comes into possession of a copy. This
|
||||
License will therefore apply, along with any applicable section 7
|
||||
additional terms, to the whole of the work, and all its parts,
|
||||
regardless of how they are packaged. This License gives no
|
||||
permission to license the work in any other way, but it does not
|
||||
invalidate such permission if you have separately received it.
|
||||
|
||||
d) If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your
|
||||
work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent
|
||||
works, which are not by their nature extensions of the covered work,
|
||||
and which are not combined with it such as to form a larger program,
|
||||
in or on a volume of a storage or distribution medium, is called an
|
||||
"aggregate" if the compilation and its resulting copyright are not
|
||||
used to limit the access or legal rights of the compilation's users
|
||||
beyond what the individual works permit. Inclusion of a covered work
|
||||
in an aggregate does not cause this License to apply to the other
|
||||
parts of the aggregate.
|
||||
|
||||
6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms
|
||||
of sections 4 and 5, provided that you also convey the
|
||||
machine-readable Corresponding Source under the terms of this License,
|
||||
in one of these ways:
|
||||
|
||||
a) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by the
|
||||
Corresponding Source fixed on a durable physical medium
|
||||
customarily used for software interchange.
|
||||
|
||||
b) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by a
|
||||
written offer, valid for at least three years and valid for as
|
||||
long as you offer spare parts or customer support for that product
|
||||
model, to give anyone who possesses the object code either (1) a
|
||||
copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical
|
||||
medium customarily used for software interchange, for a price no
|
||||
more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the
|
||||
Corresponding Source from a network server at no charge.
|
||||
|
||||
c) Convey individual copies of the object code with a copy of the
|
||||
written offer to provide the Corresponding Source. This
|
||||
alternative is allowed only occasionally and noncommercially, and
|
||||
only if you received the object code with such an offer, in accord
|
||||
with subsection 6b.
|
||||
|
||||
d) Convey the object code by offering access from a designated
|
||||
place (gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to
|
||||
copy the object code is a network server, the Corresponding Source
|
||||
may be on a different server (operated by you or a third party)
|
||||
that supports equivalent copying facilities, provided you maintain
|
||||
clear directions next to the object code saying where to find the
|
||||
Corresponding Source. Regardless of what server hosts the
|
||||
Corresponding Source, you remain obligated to ensure that it is
|
||||
available for as long as needed to satisfy these requirements.
|
||||
|
||||
e) Convey the object code using peer-to-peer transmission, provided
|
||||
you inform other peers where the object code and Corresponding
|
||||
Source of the work are being offered to the general public at no
|
||||
charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded
|
||||
from the Corresponding Source as a System Library, need not be
|
||||
included in conveying the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any
|
||||
tangible personal property which is normally used for personal, family,
|
||||
or household purposes, or (2) anything designed or sold for incorporation
|
||||
into a dwelling. In determining whether a product is a consumer product,
|
||||
doubtful cases shall be resolved in favor of coverage. For a particular
|
||||
product received by a particular user, "normally used" refers to a
|
||||
typical or common use of that class of product, regardless of the status
|
||||
of the particular user or of the way in which the particular user
|
||||
actually uses, or expects or is expected to use, the product. A product
|
||||
is a consumer product regardless of whether the product has substantial
|
||||
commercial, industrial or non-consumer uses, unless such uses represent
|
||||
the only significant mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to install
|
||||
and execute modified versions of a covered work in that User Product from
|
||||
a modified version of its Corresponding Source. The information must
|
||||
suffice to ensure that the continued functioning of the modified object
|
||||
code is in no case prevented or interfered with solely because
|
||||
modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as
|
||||
part of a transaction in which the right of possession and use of the
|
||||
User Product is transferred to the recipient in perpetuity or for a
|
||||
fixed term (regardless of how the transaction is characterized), the
|
||||
Corresponding Source conveyed under this section must be accompanied
|
||||
by the Installation Information. But this requirement does not apply
|
||||
if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has
|
||||
been installed in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or updates
|
||||
for a work that has been modified or installed by the recipient, or for
|
||||
the User Product in which it has been modified or installed. Access to a
|
||||
network may be denied when the modification itself materially and
|
||||
adversely affects the operation of the network or violates the rules and
|
||||
protocols for communication across the network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided,
|
||||
in accord with this section must be in a format that is publicly
|
||||
documented (and with an implementation available to the public in
|
||||
source code form), and must require no special password or key for
|
||||
unpacking, reading or copying.
|
||||
|
||||
7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this
|
||||
License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall
|
||||
be treated as though they were included in this License, to the extent
|
||||
that they are valid under applicable law. If additional permissions
|
||||
apply only to part of the Program, that part may be used separately
|
||||
under those permissions, but the entire Program remains governed by
|
||||
this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option
|
||||
remove any additional permissions from that copy, or from any part of
|
||||
it. (Additional permissions may be written to require their own
|
||||
removal in certain cases when you modify the work.) You may place
|
||||
additional permissions on material, added by you to a covered work,
|
||||
for which you have or can give appropriate copyright permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you
|
||||
add to a covered work, you may (if authorized by the copyright holders of
|
||||
that material) supplement the terms of this License with terms:
|
||||
|
||||
a) Disclaiming warranty or limiting liability differently from the
|
||||
terms of sections 15 and 16 of this License; or
|
||||
|
||||
b) Requiring preservation of specified reasonable legal notices or
|
||||
author attributions in that material or in the Appropriate Legal
|
||||
Notices displayed by works containing it; or
|
||||
|
||||
c) Prohibiting misrepresentation of the origin of that material, or
|
||||
requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
|
||||
d) Limiting the use for publicity purposes of names of licensors or
|
||||
authors of the material; or
|
||||
|
||||
e) Declining to grant rights under trademark law for use of some
|
||||
trade names, trademarks, or service marks; or
|
||||
|
||||
f) Requiring indemnification of licensors and authors of that
|
||||
material by anyone who conveys the material (or modified versions of
|
||||
it) with contractual assumptions of liability to the recipient, for
|
||||
any liability that these contractual assumptions directly impose on
|
||||
those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further
|
||||
restrictions" within the meaning of section 10. If the Program as you
|
||||
received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further
|
||||
restriction, you may remove that term. If a license document contains
|
||||
a further restriction but permits relicensing or conveying under this
|
||||
License, you may add to a covered work material governed by the terms
|
||||
of that license document, provided that the further restriction does
|
||||
not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you
|
||||
must place, in the relevant source files, a statement of the
|
||||
additional terms that apply to those files, or a notice indicating
|
||||
where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the
|
||||
form of a separately written license, or stated as exceptions;
|
||||
the above requirements apply either way.
|
||||
|
||||
8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly
|
||||
provided under this License. Any attempt otherwise to propagate or
|
||||
modify it is void, and will automatically terminate your rights under
|
||||
this License (including any patent licenses granted under the third
|
||||
paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your
|
||||
license from a particular copyright holder is reinstated (a)
|
||||
provisionally, unless and until the copyright holder explicitly and
|
||||
finally terminates your license, and (b) permanently, if the copyright
|
||||
holder fails to notify you of the violation by some reasonable means
|
||||
prior to 60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is
|
||||
reinstated permanently if the copyright holder notifies you of the
|
||||
violation by some reasonable means, this is the first time you have
|
||||
received notice of violation of this License (for any work) from that
|
||||
copyright holder, and you cure the violation prior to 30 days after
|
||||
your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under
|
||||
this License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
|
||||
9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or
|
||||
run a copy of the Program. Ancillary propagation of a covered work
|
||||
occurring solely as a consequence of using peer-to-peer transmission
|
||||
to receive a copy likewise does not require acceptance. However,
|
||||
nothing other than this License grants you permission to propagate or
|
||||
modify any covered work. These actions infringe copyright if you do
|
||||
not accept this License. Therefore, by modifying or propagating a
|
||||
covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically
|
||||
receives a license from the original licensors, to run, modify and
|
||||
propagate that work, subject to this License. You are not responsible
|
||||
for enforcing compliance by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an
|
||||
organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered
|
||||
work results from an entity transaction, each party to that
|
||||
transaction who receives a copy of the work also receives whatever
|
||||
licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the
|
||||
Corresponding Source of the work from the predecessor in interest, if
|
||||
the predecessor has it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the
|
||||
rights granted or affirmed under this License. For example, you may
|
||||
not impose a license fee, royalty, or other charge for exercise of
|
||||
rights granted under this License, and you may not initiate litigation
|
||||
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||
any patent claim is infringed by making, using, selling, offering for
|
||||
sale, or importing the Program or any portion of it.
|
||||
|
||||
11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this
|
||||
License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims
|
||||
owned or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted
|
||||
by this License, of making, using, or selling its contributor version,
|
||||
but do not include claims that would be infringed only as a
|
||||
consequence of further modification of the contributor version. For
|
||||
purposes of this definition, "control" includes the right to grant
|
||||
patent sublicenses in a manner consistent with the requirements of
|
||||
this License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||
patent license under the contributor's essential patent claims, to
|
||||
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||
propagate the contents of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express
|
||||
agreement or commitment, however denominated, not to enforce a patent
|
||||
(such as an express permission to practice a patent or covenant not to
|
||||
sue for patent infringement). To "grant" such a patent license to a
|
||||
party means to make such an agreement or commitment not to enforce a
|
||||
patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license,
|
||||
and the Corresponding Source of the work is not available for anyone
|
||||
to copy, free of charge and under the terms of this License, through a
|
||||
publicly available network server or other readily accessible means,
|
||||
then you must either (1) cause the Corresponding Source to be so
|
||||
available, or (2) arrange to deprive yourself of the benefit of the
|
||||
patent license for this particular work, or (3) arrange, in a manner
|
||||
consistent with the requirements of this License, to extend the patent
|
||||
license to downstream recipients. "Knowingly relying" means you have
|
||||
actual knowledge that, but for the patent license, your conveying the
|
||||
covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that
|
||||
country that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or
|
||||
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||
covered work, and grant a patent license to some of the parties
|
||||
receiving the covered work authorizing them to use, propagate, modify
|
||||
or convey a specific copy of the covered work, then the patent license
|
||||
you grant is automatically extended to all recipients of the covered
|
||||
work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within
|
||||
the scope of its coverage, prohibits the exercise of, or is
|
||||
conditioned on the non-exercise of one or more of the rights that are
|
||||
specifically granted under this License. You may not convey a covered
|
||||
work if you are a party to an arrangement with a third party that is
|
||||
in the business of distributing software, under which you make payment
|
||||
to the third party based on the extent of your activity of conveying
|
||||
the work, and under which the third party grants, to any of the
|
||||
parties who would receive the covered work from you, a discriminatory
|
||||
patent license (a) in connection with copies of the covered work
|
||||
conveyed by you (or copies made from those copies), or (b) primarily
|
||||
for and in connection with specific products or compilations that
|
||||
contain the covered work, unless you entered into that arrangement,
|
||||
or that patent license was granted, prior to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting
|
||||
any implied license or other defenses to infringement that may
|
||||
otherwise be available to you under applicable patent law.
|
||||
|
||||
12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you may
|
||||
not convey it at all. For example, if you agree to terms that obligate you
|
||||
to collect a royalty for further conveying from those to whom you convey
|
||||
the Program, the only way you could satisfy both those terms and this
|
||||
License would be to refrain entirely from conveying the Program.
|
||||
|
||||
13. Use with the GNU Affero General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, you have
|
||||
permission to link or combine any covered work with a work licensed
|
||||
under version 3 of the GNU Affero General Public License into a single
|
||||
combined work, and to convey the resulting work. The terms of this
|
||||
License will continue to apply to the part which is the covered work,
|
||||
but the special requirements of the GNU Affero General Public License,
|
||||
section 13, concerning interaction through a network will apply to the
|
||||
combination as such.
|
||||
|
||||
14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions of
|
||||
the GNU General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Program specifies that a certain numbered version of the GNU General
|
||||
Public License "or any later version" applies to it, you have the
|
||||
option of following the terms and conditions either of that numbered
|
||||
version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
GNU General Public License, you may choose any version ever published
|
||||
by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future
|
||||
versions of the GNU General Public License can be used, that proxy's
|
||||
public statement of acceptance of a version permanently authorizes you
|
||||
to choose that version for the Program.
|
||||
|
||||
Later license versions may give you additional or different
|
||||
permissions. However, no additional obligations are imposed on any
|
||||
author or copyright holder as a result of your choosing to follow a
|
||||
later version.
|
||||
|
||||
15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
||||
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
||||
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||
|
||||
16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
||||
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
||||
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGES.
|
||||
|
||||
17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided
|
||||
above cannot be given local legal effect according to their terms,
|
||||
reviewing courts shall apply local law that most closely approximates
|
||||
an absolute waiver of all civil liability in connection with the
|
||||
Program, unless a warranty or assumption of liability accompanies a
|
||||
copy of the Program in return for a fee.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
state the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program does terminal interaction, make it output a short
|
||||
notice like this when it starts in an interactive mode:
|
||||
|
||||
<program> Copyright (C) <year> <name of author>
|
||||
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, your program's commands
|
||||
might be different; for a GUI interface, you would use an "about box".
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||
For more information on this, and how to apply and follow the GNU GPL, see
|
||||
<http://www.gnu.org/licenses/>.
|
||||
|
||||
The GNU General Public License does not permit incorporating your program
|
||||
into proprietary programs. If your program is a subroutine library, you
|
||||
may consider it more useful to permit linking proprietary applications with
|
||||
the library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License. But first, please read
|
||||
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
40
MAINTAINERS
Normal file
@ -0,0 +1,40 @@
|
||||
##
|
||||
## List of current Samba Maintainers
|
||||
##
|
||||
|
||||
This file contains a list of developers responsible for
|
||||
portions of the Samba 3.0 code. It also lists developers
|
||||
responsible for 3rd party projects that work with Samba
|
||||
(e.g. vfs modules).
|
||||
|
||||
Note that this list is for your benefit, but please do not
|
||||
abuse it by constantly emailing a stream of help questions
|
||||
to the maintainers. Some are more open to direct
|
||||
communication than others and some struggle with enormous
|
||||
amounts of email every day.
|
||||
|
||||
All bug reports for code that is maintained *within* the
|
||||
Samba subversion tree should be filed at https://bugzilla.samba.org/.
|
||||
|
||||
|
||||
Feature/Function Developer
|
||||
---------------- ---------
|
||||
|
||||
documentation John Terpstra <jht@samba.org>
|
||||
|
||||
libmsrpc Chris Nichols <skel@samba.org>
|
||||
|
||||
libsmbclient Derrell Lipman <derrell@samba.org>
|
||||
|
||||
pdb_*sql Wilco Baan Hofman <synnack@users.sf.net>
|
||||
Florian Effenberger <floeff@users.sf.net>
|
||||
|
||||
http://pdbsql.sourceforge.net/
|
||||
|
||||
printing Gerald (Jerry) Carter <jerry@samba.org>
|
||||
|
||||
samba-vscan Rainer Link <rainer@openantivirus.org>
|
||||
|
||||
|
||||
--
|
||||
Please report any errors in this file to <samba-technical@samba.org>
|
78
Manifest
Normal file
@ -0,0 +1,78 @@
|
||||
Copyright (C) 1997-2003 - Samba-Team
|
||||
|
||||
The Samba package you have just unpacked contains the following:
|
||||
|
||||
Directory Notes:
|
||||
========= ======
|
||||
|
||||
docs (Samba Documentation):
|
||||
---- ----------------------
|
||||
|
||||
All the Samba documentation for the 3.0 release have been converted to
|
||||
docbook format. Because of this the man pages are now available
|
||||
in both traditional man page format (in the docs/manpages directory)
|
||||
and in HTML format (in the docs/htmldocs directory).
|
||||
|
||||
The Samba HOWTO Collection has undergone some rather large changes
|
||||
and covers all parts of configuration now. It is available
|
||||
as PDF (docs/Samba3-HOWTO.pdf) or in HTML format (in
|
||||
the docs/htmldocs directory). Those with the docbook utilities installed
|
||||
can generate PostScript and text versions of the HOWTO as well.
|
||||
|
||||
The Samba FAQ is still a work in progress, but can be found in
|
||||
HTML format in docs/htmldocs.
|
||||
|
||||
|
||||
examples (Example configuration files):
|
||||
-------- ------------------------------
|
||||
|
||||
Please pay close attention to the reference smb.conf file
|
||||
smb.conf.default that has now been included as the master guide.
|
||||
|
||||
Do read the smb.conf manual page in considering what settings are
|
||||
appropriate for your site.
|
||||
|
||||
|
||||
packaging (Only for those wishing to build binary distributions):
|
||||
--------- -------------------------------------------------------
|
||||
|
||||
Currently support is included for the following Linux Distributions :
|
||||
|
||||
RedHat and SuSE.
|
||||
|
||||
In addition, packaging support is available for SGI and Solaris systems.
|
||||
We hope that other Unix OS vendors will contribute their binary
|
||||
distribution packaging control files - and we hope to make their binary
|
||||
packages available on the master ftp site under:
|
||||
|
||||
ftp://samba.org/pub/samba/Binary_Packages/"OS_Vendor"
|
||||
|
||||
|
||||
source (The official Samba source files - expect more of these!):
|
||||
------ ----------------------------------------------------------
|
||||
|
||||
To build your own binary files you will need a suitable ansi C
|
||||
compiler.
|
||||
|
||||
Samba uses the GNU autoconf system. In
|
||||
order to build a default Samba for your platform cd into
|
||||
the source/ directory and then type :
|
||||
|
||||
./configure
|
||||
|
||||
followed by :
|
||||
|
||||
make
|
||||
|
||||
To install the binaries built by the above type :
|
||||
|
||||
make install
|
||||
|
||||
then set up your configuration files.
|
||||
|
||||
NOTE: OS Vendors who provide Samba binary packages will generally
|
||||
integrate all Samba files into their preferred directory locations.
|
||||
These may differ from the default location ALWAYS used by the Samba
|
||||
sources. Please be careful when upgrading a vendor provided binary
|
||||
distribution from files you have built yourself.
|
||||
|
508
NEWS4
Normal file
@ -0,0 +1,508 @@
|
||||
This file aims to document the major changes since the latest released version
|
||||
of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems
|
||||
and uses a different internal format for most data. Since this
|
||||
file is an initial draft, please update missing items.
|
||||
|
||||
One of the main goals of Samba 4 was Active Directory Domain Controller
|
||||
support. This means Samba now implements several protocols that are required
|
||||
by AD such as Kerberos and DNS.
|
||||
|
||||
An (experimental) upgrade script that performs a one-way upgrade
|
||||
from Samba 3 is available in source/setup/upgrade.
|
||||
|
||||
Removal of nmbd and introduction of process models
|
||||
==================================================
|
||||
smbd now implements several network protocols other than just CIFS and
|
||||
DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports
|
||||
various 'process models' that specify how concurrent connections are
|
||||
handled (when to fork, use threads, etc).
|
||||
|
||||
Introduction of LDB
|
||||
===================
|
||||
Samba now stores most of its persistent data in a LDAP-like database
|
||||
called LDB (see ldb(7) for more info).
|
||||
|
||||
Removed SWAT
|
||||
==================
|
||||
Unlike previous versions, Samba4 does not provide a web interface at this time.
|
||||
|
||||
Built-in KDC
|
||||
============
|
||||
Samba4 ships with an integrated KDC (Kerberos Key Distribution
|
||||
Center). Backed directly onto our main internal database, and
|
||||
integrated with custom code to handle the PAC, Samba4's KDC is an
|
||||
integral part of our support for AD logon protocols.
|
||||
|
||||
Built-in LDAP Server
|
||||
====================
|
||||
Like the situation with the KDC, Samba4 ships with it's own LDAP
|
||||
server, included to provide simple, built-in LDAP services in an AD
|
||||
(rather than distinctly standards) matching manner. The database is
|
||||
LDB, and it shares that in common with the rest of Samba.
|
||||
|
||||
Changed configuration options
|
||||
=============================
|
||||
Several configuration options have been removed in Samba4 while others have
|
||||
been introduced. This section contains a summary of changes to smb.conf and
|
||||
where these settings moved. Configuration options that have disappeared may be
|
||||
re-added later when the functionality that uses them gets reimplemented in
|
||||
Samba 4.
|
||||
|
||||
The 'security' parameter has been split up. It is now only used to choose
|
||||
between the 'user' and 'share' security levels (the latter is not supported
|
||||
in Samba 4 yet). The other values of this option and the 'domain master' and
|
||||
'domain logons' parameters have been merged into a 'server role' parameter
|
||||
that can be either 'domain controller', 'member server' or 'standalone'. Note that
|
||||
member server support does not work yet.
|
||||
|
||||
The following parameters have been removed:
|
||||
- passdb backend: accounts are now stored in a LDB-based SAM database,
|
||||
see 'sam database' below.
|
||||
- update encrypted
|
||||
- public
|
||||
- guest ok
|
||||
- client schannel
|
||||
- server schannel
|
||||
- allow trusted domains
|
||||
- hosts equiv
|
||||
- map to guest
|
||||
- smb passwd file
|
||||
- algorithmic rid base
|
||||
- root directory
|
||||
- root dir
|
||||
- root
|
||||
- guest account
|
||||
- enable privileges
|
||||
- pam password change
|
||||
- passwd program
|
||||
- passwd chat debug
|
||||
- passwd chat timeout
|
||||
- check password script
|
||||
- username map
|
||||
- username level
|
||||
- unix password sync
|
||||
- restrict anonymous
|
||||
- username
|
||||
- user
|
||||
- users
|
||||
- invalid users
|
||||
- valid users
|
||||
- admin users
|
||||
- read list
|
||||
- write list
|
||||
- printer admin
|
||||
- force user
|
||||
- force group
|
||||
- group
|
||||
- write ok
|
||||
- writeable
|
||||
- writable
|
||||
- acl check permissions
|
||||
- acl group control
|
||||
- acl map full control
|
||||
- create mask
|
||||
- create mode
|
||||
- force create mode
|
||||
- security mask
|
||||
- force security mode
|
||||
- directory mask
|
||||
- directory mode
|
||||
- force directory mode
|
||||
- directory security mask
|
||||
- force directory security mode
|
||||
- force unknown acl user
|
||||
- inherit permissions
|
||||
- inherit acls
|
||||
- inherit owner
|
||||
- guest only
|
||||
- only guest
|
||||
- only user
|
||||
- allow hosts
|
||||
- deny hosts
|
||||
- preload modules
|
||||
- use kerberos keytab
|
||||
- syslog
|
||||
- syslog only
|
||||
- max log size
|
||||
- debug timestamp
|
||||
- timestamp logs
|
||||
- debug hires timestamp
|
||||
- debug pid
|
||||
- debug uid
|
||||
- allocation roundup size
|
||||
- aio read size
|
||||
- aio write size
|
||||
- aio write behind
|
||||
- large readwrite
|
||||
- protocol
|
||||
- read bmpx
|
||||
- reset on zero vc
|
||||
- acl compatibility
|
||||
- defer sharing violations
|
||||
- ea support
|
||||
- nt acl support
|
||||
- nt pipe support
|
||||
- profile acls
|
||||
- map acl inherit
|
||||
- afs share
|
||||
- max ttl
|
||||
- client use spnego
|
||||
- enable asu support
|
||||
- svcctl list
|
||||
- block size
|
||||
- change notify timeout
|
||||
- deadtime
|
||||
- getwd cache
|
||||
- keepalive
|
||||
- kernel change notify
|
||||
- lpq cache time
|
||||
- max smbd processes
|
||||
- max disk size
|
||||
- max open files
|
||||
- min print space
|
||||
- strict allocate
|
||||
- sync always
|
||||
- use mmap
|
||||
- use sendfile
|
||||
- hostname lookups
|
||||
- write cache size
|
||||
- name cache timeout
|
||||
- max reported print jobs
|
||||
- load printers
|
||||
- printcap cache time
|
||||
- printcap name
|
||||
- printcap
|
||||
- printing
|
||||
- cups options
|
||||
- cups server
|
||||
- iprint server
|
||||
- print command
|
||||
- disable spoolss
|
||||
- enable spoolss
|
||||
- lpq command
|
||||
- lprm command
|
||||
- lppause command
|
||||
- lpresume command
|
||||
- queuepause command
|
||||
- queueresume command
|
||||
- enumports command
|
||||
- addprinter command
|
||||
- deleteprinter command
|
||||
- show add printer wizard
|
||||
- os2 driver map
|
||||
- use client driver
|
||||
- default devmode
|
||||
- force printername
|
||||
- mangling method
|
||||
- mangle prefix
|
||||
- default case
|
||||
- case sensitive
|
||||
- casesignames
|
||||
- preserve case
|
||||
- short preserve case
|
||||
- mangling char
|
||||
- hide dot files
|
||||
- hide special files
|
||||
- hide unreadable
|
||||
- hide unwriteable files
|
||||
- delete veto files
|
||||
- veto files
|
||||
- hide files
|
||||
- veto oplock files
|
||||
- map readonly
|
||||
- mangled names
|
||||
- mangled map
|
||||
- max stat cache size
|
||||
- stat cache
|
||||
- store dos attributes
|
||||
- machine password timeout
|
||||
- add user script
|
||||
- rename user script
|
||||
- delete user script
|
||||
- add group script
|
||||
- delete group script
|
||||
- add user to group script
|
||||
- delete user from group script
|
||||
- set primary group script
|
||||
- add machine script
|
||||
- shutdown script
|
||||
- abort shutdown script
|
||||
- username map script
|
||||
- logon script
|
||||
- logon path
|
||||
- logon drive
|
||||
- logon home
|
||||
- domain logons
|
||||
- os level
|
||||
- lm announce
|
||||
- lm interval
|
||||
- domain master
|
||||
- browse list
|
||||
- enhanced browsing
|
||||
- wins proxy
|
||||
- wins hook
|
||||
- wins partners
|
||||
- blocking locks
|
||||
- fake oplocks
|
||||
- kernel oplocks
|
||||
- locking
|
||||
- lock spin count
|
||||
- lock spin time
|
||||
- level2 oplocks
|
||||
- oplock break wait time
|
||||
- oplock contention limit
|
||||
- posix locking
|
||||
- share modes
|
||||
- ldap server
|
||||
- ldap port
|
||||
- ldap admin dn
|
||||
- ldap delete dn
|
||||
- ldap group suffix
|
||||
- ldap idmap suffix
|
||||
- ldap machine suffix
|
||||
- ldap passwd sync
|
||||
- ldap password sync
|
||||
- ldap replication sleep
|
||||
- ldap suffix
|
||||
- ldap ssl
|
||||
- ldap timeout
|
||||
- ldap page size
|
||||
- ldap user suffix
|
||||
- add share command
|
||||
- change share command
|
||||
- delete share command
|
||||
- eventlog list
|
||||
- utmp directory
|
||||
- wtmp directory
|
||||
- utmp
|
||||
- default service
|
||||
- default
|
||||
- message command
|
||||
- dfree cache time
|
||||
- dfree command
|
||||
- get quota command
|
||||
- set quota command
|
||||
- remote announce
|
||||
- remote browse sync
|
||||
- homedir map
|
||||
- afs username map
|
||||
- afs token lifetime
|
||||
- log nt token command
|
||||
- time offset
|
||||
- NIS homedir
|
||||
- preexec
|
||||
- exec
|
||||
- preexec close
|
||||
- postexec
|
||||
- root preexec
|
||||
- root preexec close
|
||||
- root postexec
|
||||
- set directory
|
||||
- wide links
|
||||
- follow symlinks
|
||||
- dont descend
|
||||
- magic script
|
||||
- magic output
|
||||
- delete readonly
|
||||
- dos filemode
|
||||
- dos filetimes
|
||||
- dos filetime resolution
|
||||
- fake directory create times
|
||||
- panic action
|
||||
- vfs objects
|
||||
- vfs object
|
||||
- msdfs root
|
||||
- msdfs proxy
|
||||
- host msdfs
|
||||
- enable rid algorithm
|
||||
- passdb expand explicit
|
||||
- idmap backend
|
||||
- idmap uid
|
||||
- winbind uid
|
||||
- idmap gid
|
||||
- winbind gid
|
||||
- template homedir
|
||||
- template shell
|
||||
- winbind separator
|
||||
- winbind cache time
|
||||
- winbind enum users
|
||||
- winbind enum groups
|
||||
- winbind use default domain
|
||||
- winbind trusted domains only
|
||||
- winbind nested groups
|
||||
- winbind max idle children
|
||||
- winbind nss info
|
||||
|
||||
The following parameters have been added:
|
||||
+ rpc big endian (G)
|
||||
Make Samba fake it is running on a bigendian machine when using DCE/RPC.
|
||||
Useful for debugging.
|
||||
|
||||
Default: no
|
||||
|
||||
+ case insensitive filesystem (S)
|
||||
Set to true if this share is located on a case-insensitive filesystem.
|
||||
This disables looking for a filename by trying all possible combinations of
|
||||
uppercase/lowercase characters and thus speeds up operations when a
|
||||
file cannot be found.
|
||||
|
||||
Default: no
|
||||
|
||||
+ js include (G)
|
||||
Path to JavaScript library.
|
||||
|
||||
Default: Set at compile-time
|
||||
|
||||
+ setup directory
|
||||
Path to data used by provisioning script.
|
||||
|
||||
Default: Set at compile-time
|
||||
|
||||
+ ncalrpc dir
|
||||
Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport.
|
||||
|
||||
Default: Set at compile-time
|
||||
|
||||
+ ntvfs handler
|
||||
Backend to the NT VFS to use (more than one can be specified). Available
|
||||
backends include:
|
||||
|
||||
- posix:
|
||||
Maps POSIX FS semantics to NT semantics
|
||||
|
||||
- simple:
|
||||
Very simple backend (original testing backend).
|
||||
|
||||
- unixuid:
|
||||
Sets up user credentials based on POSIX gid/uid.
|
||||
|
||||
- cifs:
|
||||
Proxies a remote CIFS FS. Mainly useful for testing.
|
||||
|
||||
- nbench:
|
||||
Filter module that saves data useful to the nbench benchmark suite.
|
||||
|
||||
- ipc:
|
||||
Allows using SMB for inter process communication. Only used for
|
||||
the IPC$ share.
|
||||
|
||||
- print:
|
||||
Allows printing over SMB. This is LANMAN-style printing (?), not
|
||||
the be confused with the spoolss DCE/RPC interface used by later
|
||||
versions of Windows.
|
||||
|
||||
Default: unixuid default
|
||||
|
||||
+ ntptr providor
|
||||
FIXME
|
||||
|
||||
+ dcerpc endpoint servers
|
||||
What DCE/RPC servers to start.
|
||||
|
||||
Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
|
||||
|
||||
+ server services
|
||||
Services Samba should provide.
|
||||
|
||||
Default: smb rpc nbt wrepl ldap cldap web kdc
|
||||
|
||||
+ sam database
|
||||
Location of the SAM (account database) database. This should be a
|
||||
LDB URL.
|
||||
|
||||
Default: set at compile-time
|
||||
|
||||
+ spoolss database
|
||||
Spoolss (printer) DCE/RPC server database. This should be a LDB URL.
|
||||
|
||||
Default: set at compile-time
|
||||
|
||||
+ wins config database
|
||||
WINS configuration database location. This should be a LDB URL.
|
||||
|
||||
Default: set at compile-time
|
||||
|
||||
+ wins database
|
||||
WINS database location. This should be a LDB URL.
|
||||
|
||||
Default: set at compile-time
|
||||
|
||||
+ client use spnego principal
|
||||
Tells the client to use the Kerberos service principal specified by the
|
||||
server during the security protocol negotation rather than
|
||||
looking up the principal itself (cifs/hostname).
|
||||
|
||||
Default: false
|
||||
|
||||
+ nbt port
|
||||
TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation.
|
||||
|
||||
Default: 137
|
||||
|
||||
+ dgram port
|
||||
UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation.
|
||||
|
||||
Default: 138
|
||||
|
||||
+ cldap port
|
||||
UDP/IP port used by the CLDAP protocol.
|
||||
|
||||
Default: 389
|
||||
|
||||
+ krb5 port
|
||||
IP port used by the kerberos KDC.
|
||||
|
||||
Default: 88
|
||||
|
||||
+ kpasswd port
|
||||
IP port used by the kerberos password change protocol.
|
||||
|
||||
Default: 464
|
||||
|
||||
+ web port
|
||||
TCP/IP port SWAT should listen on.
|
||||
|
||||
Default: 901
|
||||
|
||||
+ tls enabled
|
||||
Enable TLS support for SWAT
|
||||
|
||||
Default: true
|
||||
|
||||
+ tls keyfile
|
||||
Path to TLS key file (PEM format) to be used by SWAT. If no
|
||||
path is specified, Samba will create a key.
|
||||
|
||||
Default: none
|
||||
|
||||
+ tls certfile
|
||||
Path to TLS certificate file (PEM format) to be used by SWAT. If no
|
||||
path is specified, Samba will create a certificate.
|
||||
|
||||
Default: none
|
||||
|
||||
+ tls cafile
|
||||
Path to CA authority file Samba will use to sign TLS keys it generates. If
|
||||
no path is specified, Samba will create a self-signed CA certificate.
|
||||
|
||||
Default: none
|
||||
|
||||
+ tls crlfile
|
||||
Path to TLS certificate revocation lists file.
|
||||
|
||||
Default: none
|
||||
|
||||
+ swat directory
|
||||
SWAT data directory.
|
||||
|
||||
Default: set at compile-time
|
||||
|
||||
+ large readwrite
|
||||
Indicate the CIFS server is able to do large reads/writes.
|
||||
|
||||
Default: true
|
||||
|
||||
+ unicode
|
||||
Enable/disable unicode support in the protocol.
|
||||
|
||||
Default: true
|
7
PFIF.txt
Normal file
@ -0,0 +1,7 @@
|
||||
This code was developed in participation with the Protocol Freedom
|
||||
Information Foundation.
|
||||
|
||||
Please see
|
||||
http://protocolfreedom.org/ and
|
||||
http://samba.org/samba/PFIF/
|
||||
for more details.
|
225
README
Normal file
@ -0,0 +1,225 @@
|
||||
This is the release version of Samba, the free SMB and CIFS client and
|
||||
server for UNIX and other operating systems. Samba is maintained by
|
||||
the Samba Team, who support the original author, Andrew Tridgell.
|
||||
|
||||
>>>> Please read THE WHOLE of this file as it gives important information
|
||||
>>>> about the configuration and use of Samba.
|
||||
|
||||
NOTE: Installation instructions may be found in
|
||||
docs/htmldocs/Samba3-HOWTO/install.html
|
||||
|
||||
This software is freely distributable under the GNU public license, a
|
||||
copy of which you should have received with this software (in a file
|
||||
called COPYING).
|
||||
|
||||
|
||||
WHAT IS SMB/CIFS?
|
||||
=================
|
||||
|
||||
This is a big question.
|
||||
|
||||
The very short answer is that it is the protocol by which a lot of
|
||||
PC-related machines share files and printers and other information
|
||||
such as lists of available files and printers. Operating systems that
|
||||
support this natively include Windows 9x, Windows NT (and derivatives),
|
||||
OS/2, Mac OS X and Linux. Add on packages that achieve the same
|
||||
thing are available for DOS, Windows 3.1, VMS, Unix of all kinds,
|
||||
MVS, and more. Some Web Browsers can speak this protocol as well
|
||||
(smb://). Alternatives to SMB include Netware, NFS, Appletalk,
|
||||
Banyan Vines, Decnet etc; many of these have advantages but none are
|
||||
both public specifications and widely implemented in desktop machines
|
||||
by default.
|
||||
|
||||
The Common Internet File system (CIFS) is what the new SMB initiative
|
||||
is called. For details watch http://samba.org/cifs.
|
||||
|
||||
|
||||
WHY DO PEOPLE WANT TO USE SMB?
|
||||
==============================
|
||||
|
||||
1. Many people want to integrate their Microsoft desktop clients
|
||||
with their Unix servers.
|
||||
|
||||
2. Others want to integrate their Microsoft (etc) servers with Unix
|
||||
servers. This is a different problem to integrating desktop
|
||||
clients.
|
||||
|
||||
3. Others want to replace protocols like NFS, DecNet and Novell NCP,
|
||||
especially when used with PCs.
|
||||
|
||||
|
||||
WHAT CAN SAMBA DO?
|
||||
==================
|
||||
|
||||
Please refer to the WHATSNEW.txt included with this README for
|
||||
a list of features in the latest Samba release.
|
||||
|
||||
Here is a very short list of what samba includes, and what it does.
|
||||
For many networks this can be simply summarized by "Samba provides
|
||||
a complete replacement for Windows NT, Warp, NFS or Netware servers."
|
||||
|
||||
- a SMB server, to provide Windows NT and LAN Manager-style file and print
|
||||
services to SMB clients such as Windows 95, Warp Server, smbfs and others.
|
||||
|
||||
- a Windows NT 4.0 Domain Controller replacement.
|
||||
|
||||
- a file/print server that can act as a member of a Windows NT 4.0
|
||||
or Active Directory domain.
|
||||
|
||||
- a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives
|
||||
browsing support. Samba can be the master browser on your LAN if you wish.
|
||||
|
||||
- a ftp-like SMB client so you can access PC resources (disks and
|
||||
printers) from UNIX, Netware, and other operating systems
|
||||
|
||||
- a tar extension to the client for backing up PCs
|
||||
|
||||
- limited command-line tool that supports some of the NT administrative
|
||||
functionality, which can be used on Samba, NT workstation and NT server.
|
||||
|
||||
For a much better overview have a look at the web site at
|
||||
http://samba.org/samba, and browse the user survey.
|
||||
|
||||
Related packages include:
|
||||
|
||||
- smbfs, a Linux-only filesystem allowing you to mount remote SMB
|
||||
filesystems from PCs on your Linux box. This is included as standard with
|
||||
Linux 2.0 and later.
|
||||
|
||||
- cifsvfs, a more advanced Linux-only filesystem allowing you to mount
|
||||
remote SMB filesystems from PCs on your Linux box. This is included
|
||||
as standard with Linux 2.5 and later.
|
||||
|
||||
|
||||
|
||||
CONTRIBUTIONS
|
||||
=============
|
||||
|
||||
If you want to contribute to the development of the software then
|
||||
please join the mailing list. The Samba team accepts patches
|
||||
(preferably in "diff -u" format, see http://samba.org/samba/devel/
|
||||
for more details) and are always glad to receive feedback or
|
||||
suggestions to the address samba@lists.samba.org. More information
|
||||
on the various Samba mailing lists can be found at http://lists.samba.org/.
|
||||
|
||||
You can also get the Samba sourcecode straight from the git repository - see
|
||||
http://wiki.samba.org/index.php/Using_Git_for_Samba_Development.
|
||||
|
||||
You could also send hardware/software/money/jewelry or pre-paid pizza
|
||||
vouchers directly to Andrew. The pizza vouchers would be especially
|
||||
welcome, in fact there is a special field in the survey for people who
|
||||
have paid up their pizza :-)
|
||||
|
||||
If you like a particular feature then look through the git change-log
|
||||
(on the web at http://gitweb.samba.org/?p=samba.git;a=summary) and see
|
||||
who added it, then send them an email.
|
||||
|
||||
Remember that free software of this kind lives or dies by the response
|
||||
we get. If no one tells us they like it then we'll probably move onto
|
||||
something else. However, as you can see from the user survey quite a lot of
|
||||
people do seem to like it at the moment :-)
|
||||
|
||||
|
||||
MORE INFO
|
||||
=========
|
||||
|
||||
DOCUMENTATION
|
||||
-------------
|
||||
|
||||
There is quite a bit of documentation included with the package,
|
||||
including man pages, and lots of .html files with hints and useful
|
||||
info. This is also available from the web page. There is a growing
|
||||
collection of information under docs/.
|
||||
|
||||
A list of Samba documentation in languages other than English is
|
||||
available on the web page.
|
||||
|
||||
If you would like to help with the documentation, please coodinate
|
||||
on the samba@samba.org mailing list. See the next section for details
|
||||
on subscribing to samba mailing lists.
|
||||
|
||||
|
||||
MAILING LIST
|
||||
------------
|
||||
|
||||
Please do NOT send subscription/unsubscription requests to the lists!
|
||||
|
||||
There is a mailing list for discussion of Samba. For details go to
|
||||
<http://lists.samba.org/> or send mail to <samba-subscribe@lists.samba.org>
|
||||
|
||||
There is also an announcement mailing list where new versions are
|
||||
announced. To subscribe go to <http://lists.samba.org/> or send mail
|
||||
to <samba-announce-subscribe@lists.samba.org>. All announcements also
|
||||
go to the samba list, so you only need to be on one.
|
||||
|
||||
For details of other Samba mailing lists and for access to archives, see
|
||||
<http://lists.samba.org/>
|
||||
|
||||
|
||||
MAILING LIST ETIQUETTE
|
||||
----------------------
|
||||
|
||||
A few tips when submitting to this or any mailing list.
|
||||
|
||||
1. Make your subject short and descriptive. Avoid the words "help" or
|
||||
"Samba" in the subject. The readers of this list already know that
|
||||
a) you need help, and b) you are writing about samba (of course,
|
||||
you may need to distinguish between Samba PDC and other file
|
||||
sharing software). Avoid phrases such as "what is" and "how do
|
||||
i". Some good subject lines might look like "Slow response with
|
||||
Excel files" or "Migrating from Samba PDC to NT PDC".
|
||||
|
||||
2. If you include the original message in your reply, trim it so that
|
||||
only the relevant lines, enough to establish context, are
|
||||
included. Chances are (since this is a mailing list) we've already
|
||||
read the original message.
|
||||
|
||||
3. Trim irrelevant headers from the original message in your
|
||||
reply. All we need to see is a) From, b) Date, and c) Subject. We
|
||||
don't even really need the Subject, if you haven't changed
|
||||
it. Better yet is to just preface the original message with "On
|
||||
[date] [someone] wrote:".
|
||||
|
||||
4. Please don't reply to or argue about spam, spam filters or viruses
|
||||
on any Samba lists. We do have a spam filtering system that is
|
||||
working quite well thank you very much but occasionally unwanted
|
||||
messages slip through. Deal with it.
|
||||
|
||||
5. Never say "Me too." It doesn't help anyone solve the
|
||||
problem. Instead, if you ARE having the same problem, give more
|
||||
information. Have you seen something that the other writer hasn't
|
||||
mentioned, which may be helpful?
|
||||
|
||||
6. If you ask about a problem, then come up with the solution on your
|
||||
own or through another source, by all means post it. Someone else
|
||||
may have the same problem and is waiting for an answer, but never
|
||||
hears of it.
|
||||
|
||||
7. Give as much *relevant* information as possible such as Samba
|
||||
release number, OS, kernel version, etc...
|
||||
|
||||
8. RTFM. Google. groups.google.com.
|
||||
|
||||
|
||||
NEWS GROUP
|
||||
----------
|
||||
|
||||
You might also like to look at the usenet news group comp.protocols.smb
|
||||
as it often contains lots of useful info and is frequented by lots of
|
||||
Samba users. The newsgroup was initially setup by people on the Samba
|
||||
mailing list. It is not, however, exclusive to Samba, it is a forum for
|
||||
discussing the SMB protocol (which Samba implements). The samba list
|
||||
is gatewayed to this newsgroup.
|
||||
|
||||
|
||||
WEB SITE
|
||||
--------
|
||||
|
||||
A Samba WWW site has been setup with lots of useful info. Connect to:
|
||||
|
||||
http://samba.org/samba/
|
||||
|
||||
As well as general information and documentation, this also has searchable
|
||||
archives of the mailing list and a user survey that shows who else is using
|
||||
this package. Have you registered with the survey yet? :-)
|
||||
|
236
README.Coding
Normal file
@ -0,0 +1,236 @@
|
||||
##
|
||||
## Coding conventions in the Samba 3 tree
|
||||
##
|
||||
|
||||
===========
|
||||
Quick Start
|
||||
===========
|
||||
|
||||
Coding style guidelines are about reducing the number of unnecessary
|
||||
reformatting patches and making things easier for developers to work together.
|
||||
You don't have to like them or even agree with them, but once put in place
|
||||
we all have to abide by them (or vote to change them). However, coding
|
||||
style should never outweigh coding itself and so the the guidelines
|
||||
described here are hopefully easy enough to follow as they are very
|
||||
common and supported by tools and editors.
|
||||
|
||||
The basic style, also mentioned in the SAMBA_4_0/prog_guide.txt is the
|
||||
Linux kernel coding style (See Documentation/CodingStyle in the kernel
|
||||
source tree). The closely matches what most Samba developers use already
|
||||
anyways.
|
||||
|
||||
But to save you the trouble of reading the Linux kernel style guide, here
|
||||
are the highlights.
|
||||
|
||||
|
||||
* Maximum Line Width is 80 Characters
|
||||
The reason is not for people with low-res screens but rather sticking
|
||||
to 80 columns prevents you from easily nesting more than one level of
|
||||
if statements or other code blocks. Use source/script/count_80_col.pl
|
||||
to check your changes.
|
||||
|
||||
* Use 8 Space Tabs to Indent
|
||||
No whitespace filler.
|
||||
|
||||
* No Trailing Whitespace
|
||||
Use source/script/strip_trail_ws.pl to clean you files before committing.
|
||||
|
||||
* Follow the K&R guidelines. We won't go throw them all here. You have
|
||||
a copy of "The C Programming Language" anyways right? You can also use
|
||||
the format_indent.sh script found in source/script/ if all else fails.
|
||||
|
||||
|
||||
|
||||
============
|
||||
Editor Hints
|
||||
============
|
||||
|
||||
Emacs
|
||||
-----
|
||||
Add the follow to your $HOME/.emacs file:
|
||||
|
||||
(add-hook 'c-mode-hook
|
||||
(lambda ()
|
||||
(c-set-style "linux")
|
||||
(c-toggle-auto-state)))
|
||||
|
||||
|
||||
Vi
|
||||
--
|
||||
(Thanks to SATOH Fumiyasu <fumiyas@osstech.jp> for these hints):
|
||||
|
||||
For the basic vi editor including with all variants of *nix, add the
|
||||
following to $HOME/.exrc:
|
||||
|
||||
set tabstop=8
|
||||
set shiftwidth=8
|
||||
|
||||
For Vim, the following settings in $HOME/.vimrc will also deal with
|
||||
displaying trailing whitespace:
|
||||
|
||||
if has("syntax") && (&t_Co > 2 || has("gui_running"))
|
||||
syntax on
|
||||
function! ActivateInvisibleCharIndicator()
|
||||
syntax match TrailingSpace "[ \t]\+$" display containedin=ALL
|
||||
highlight TrailingSpace ctermbg=Red
|
||||
endf
|
||||
autocmd BufNewFile,BufRead * call ActivateInvisibleCharIndicator()
|
||||
endif
|
||||
" Show tabs, trailing whitespace, and continued lines visually
|
||||
set list listchars=tab:»·,trail:·,extends:…
|
||||
|
||||
" highlight overly long lines same as TODOs.
|
||||
set textwidth=80
|
||||
autocmd BufNewFile,BufRead *.c,*.h exec 'match Todo /\%>' . &textwidth . 'v.\+/'
|
||||
|
||||
|
||||
=========================
|
||||
FAQ & Statement Reference
|
||||
=========================
|
||||
|
||||
Comments
|
||||
--------
|
||||
|
||||
Comments should always use the standard C syntax. I.e. /* ... */. C++
|
||||
style comments are not currently allowed.
|
||||
|
||||
|
||||
Indention & Whitespace & 80 columns
|
||||
-----------------------------------
|
||||
|
||||
To avoid confusion, indentations are to be 8 character with tab (not
|
||||
8 ' ' characters. When wrapping parameters for function calls,
|
||||
alignment parameter list with the first parameter on the previous line.
|
||||
Use tabs to get as close as possible and then fill in the final 7
|
||||
characters or less with whitespace. For example,
|
||||
|
||||
var1 = foo(arg1, arg2,
|
||||
arg3);
|
||||
|
||||
The previous example is intended to illustrate alignment of function
|
||||
parameters across lines and not as encourage for gratuitous line
|
||||
splitting. Never split a line before columns 70 - 79 unless you
|
||||
have a really good reason. Be smart about formatting.
|
||||
|
||||
|
||||
If, switch, & Code blocks
|
||||
-------------------------
|
||||
|
||||
Always follow an 'if' keyword with a space but don't include additional
|
||||
spaces following or preceding the parentheses in the conditional.
|
||||
This is good:
|
||||
|
||||
if (x == 1)
|
||||
|
||||
This is bad:
|
||||
|
||||
if ( x == 1 )
|
||||
|
||||
Yes we have a lot of code that uses the second form and we are trying
|
||||
to clean it up without being overly intrusive.
|
||||
|
||||
Note that this is a rule about parentheses following keywords and not
|
||||
functions. Don't insert a space between the name and left parentheses when
|
||||
invoking functions.
|
||||
|
||||
Braces for code blocks used by for, if, switch, while, do..while, etc...
|
||||
should begin on the same line as the statement keyword and end on a line
|
||||
of their own. NOTE: Functions are different and the beginning left brace
|
||||
should begin on a line of its own.
|
||||
|
||||
If the beginning statement has to be broken across lines due to length,
|
||||
the beginning brace should be on a line of its own.
|
||||
|
||||
The exception to the ending rule is when the closing brace is followed by
|
||||
another language keyword such as else or the closing while in a do..while
|
||||
loop.
|
||||
|
||||
Good examples:
|
||||
|
||||
if (x == 1) {
|
||||
printf("good\n");
|
||||
}
|
||||
|
||||
for (x=1;
|
||||
x<10;
|
||||
x++)
|
||||
{
|
||||
print("%d\n", x);
|
||||
}
|
||||
|
||||
do {
|
||||
printf("also good\n");
|
||||
} while (1);
|
||||
|
||||
Bad examples:
|
||||
|
||||
while (1)
|
||||
{
|
||||
print("I'm in a loop!\n"); }
|
||||
|
||||
|
||||
Goto
|
||||
----
|
||||
|
||||
While many people have been academically taught that goto's are fundamentally
|
||||
evil, then can greatly enhance readability and reduce memory leaks when used
|
||||
as the single exit point from a function. But in no Samba world what so ever
|
||||
is a goto outside of a function or block of code a good idea.
|
||||
|
||||
Good Examples:
|
||||
|
||||
int function foo(int y)
|
||||
{
|
||||
int *z = NULL;
|
||||
int ret = 0;
|
||||
|
||||
if ( y < 10 ) {
|
||||
z = malloc(sizeof(int)*y);
|
||||
if (!z) {
|
||||
ret = 1;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
print("Allocated %d elements.\n", y);
|
||||
|
||||
done:
|
||||
if (z)
|
||||
free(z);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
Checking Pointer Values
|
||||
-----------------------
|
||||
|
||||
When invoking functions that return pointer values, either of the following
|
||||
are acceptable. Use you best judgement and choose the more readable option.
|
||||
Remember that many other people will review it.
|
||||
|
||||
if ((x = malloc(sizeof(short)*10)) == NULL ) {
|
||||
fprintf(stderr, "Unable to alloc memory!\n");
|
||||
}
|
||||
|
||||
or
|
||||
|
||||
x = malloc(sizeof(short)*10);
|
||||
if (!x) {
|
||||
fprintf(stderr, "Unable to alloc memory!\n");
|
||||
}
|
||||
|
||||
|
||||
Primitive Data Types
|
||||
--------------------
|
||||
|
||||
Samba has large amounts of historical code which makes use of data types
|
||||
commonly supported by the C99 standard. However, at the time such types
|
||||
as boolean and exact width integers did not exist and Samba developers
|
||||
were forced to provide their own. Now that these types are guaranteed to
|
||||
be available either as part of the compiler C99 support or from lib/replace/,
|
||||
new code should adhere to the following conventions:
|
||||
|
||||
* Booleans are of type "bool" (not BOOL)
|
||||
* Boolean values are "true" and "false" (not True or False)
|
||||
* Exact width integers are of type [u]int[8|16|32|64]_t
|
0
Read-Manifest-Now
Normal file
29
Roadmap
Normal file
@ -0,0 +1,29 @@
|
||||
Copyright (C) 1997-2008 Samba-Team
|
||||
|
||||
The Samba-Team are committed to an aggressive program to deliver quality
|
||||
controlled software to a well defined roadmap.
|
||||
|
||||
Please also look at the Samba3 and Samba4 pages of wiki.samba.org for more
|
||||
information.
|
||||
|
||||
The following development objectives for future releases
|
||||
are in progress:
|
||||
----------------------------------------------------------------------------
|
||||
Samba-3.0.x This release turned into maintenance mode since we
|
||||
released 3.2.
|
||||
|
||||
Samba-3.2.x This is the current stable Samba 3 release intended
|
||||
for all Samba production server.
|
||||
|
||||
Samba-4 Danger Will Robinson, a big code clean up with major
|
||||
system redesign. More will be announced as this work
|
||||
starts to take shape.
|
||||
|
||||
|
||||
Note that it is a given that the Samba-Team will continue to track
|
||||
Windows (NT/200x) update releases, ensuring that Samba will work
|
||||
well with whatever "Beta" releases Redmond throws our way :-).
|
||||
|
||||
You may also note that the release numbers get fuzzier the
|
||||
further into the future the objectives get. This is intentional
|
||||
as we cannot commit to exact timeframes.
|
278
TODO4
Normal file
@ -0,0 +1,278 @@
|
||||
source/build/smb_build/TODO
|
||||
source/lib/registry/TODO
|
||||
source/lib/tdr/TODO
|
||||
source/pidl/TODO
|
||||
|
||||
- seperate adminlog mechanism (as opposed to the current DEBUG log,
|
||||
which is not really aimed at administrators but more at developers)
|
||||
Perhaps similar to eventlog so we can also use eventlog to retrieve the data?
|
||||
|
||||
- testsuite for the 'net' tool
|
||||
|
||||
- and a lot of other stuff
|
||||
|
||||
Configuration options
|
||||
=====================
|
||||
|
||||
The following options don't exist in Samba4 yet
|
||||
or are not converted by the upgrade script
|
||||
or will be removed:
|
||||
|
||||
- update encrypted
|
||||
- public
|
||||
- guest ok
|
||||
- client schannel
|
||||
- server schannel
|
||||
- allow trusted domains
|
||||
- hosts equiv
|
||||
- map to guest
|
||||
- algorithmic rid base
|
||||
- root directory
|
||||
- root dir
|
||||
- root
|
||||
- guest account
|
||||
- enable privileges
|
||||
- pam password change
|
||||
- passwd program
|
||||
- passwd chat debug
|
||||
- passwd chat timeout
|
||||
- check password script
|
||||
- username map
|
||||
- username level
|
||||
- unix password sync
|
||||
- restrict anonymous
|
||||
- username
|
||||
- user
|
||||
- users
|
||||
- invalid users
|
||||
- valid users
|
||||
- admin users
|
||||
- read list
|
||||
- write list
|
||||
- printer admin
|
||||
- force user
|
||||
- force group
|
||||
- group
|
||||
- write ok
|
||||
- writeable
|
||||
- writable
|
||||
- acl check permissions
|
||||
- acl group control
|
||||
- acl map full control
|
||||
- create mask
|
||||
- create mode
|
||||
- force create mode
|
||||
- security mask
|
||||
- force security mode
|
||||
- directory mask
|
||||
- directory mode
|
||||
- force directory mode
|
||||
- directory security mask
|
||||
- force directory security mode
|
||||
- force unknown acl user
|
||||
- inherit permissions
|
||||
- inherit acls
|
||||
- inherit owner
|
||||
- guest only
|
||||
- only guest
|
||||
- only user
|
||||
- allow hosts
|
||||
- deny hosts
|
||||
- preload modules
|
||||
- use kerberos keytab
|
||||
- syslog
|
||||
- syslog only
|
||||
- max log size
|
||||
- debug timestamp
|
||||
- timestamp logs
|
||||
- debug hires timestamp
|
||||
- debug pid
|
||||
- debug uid
|
||||
- allocation roundup size
|
||||
- aio read size
|
||||
- aio write size
|
||||
- aio write behind
|
||||
- large readwrite
|
||||
- protocol
|
||||
- read bmpx
|
||||
- reset on zero vc
|
||||
- acl compatibility
|
||||
- defer sharing violations
|
||||
- ea support
|
||||
- nt acl support
|
||||
- nt pipe support
|
||||
- profile acls
|
||||
- map acl inherit
|
||||
- afs share
|
||||
- max ttl
|
||||
- client use spnego
|
||||
- enable asu support
|
||||
- svcctl list
|
||||
- block size
|
||||
- change notify timeout
|
||||
- deadtime
|
||||
- getwd cache
|
||||
- keepalive
|
||||
- kernel change notify
|
||||
- lpq cache time
|
||||
- max smbd processes
|
||||
- max disk size
|
||||
- max open files
|
||||
- min print space
|
||||
- strict allocate
|
||||
- sync always
|
||||
- use mmap
|
||||
- use sendfile
|
||||
- hostname lookups
|
||||
- write cache size
|
||||
- name cache timeout
|
||||
- max reported print jobs
|
||||
- load printers
|
||||
- printcap cache time
|
||||
- printcap name
|
||||
- printcap
|
||||
- printing
|
||||
- cups options
|
||||
- cups server
|
||||
- iprint server
|
||||
- print command
|
||||
- disable spoolss
|
||||
- enable spoolss
|
||||
- lpq command
|
||||
- lprm command
|
||||
- lppause command
|
||||
- lpresume command
|
||||
- queuepause command
|
||||
- queueresume command
|
||||
- enumports command
|
||||
- addprinter command
|
||||
- deleteprinter command
|
||||
- show add printer wizard
|
||||
- os2 driver map
|
||||
- use client driver
|
||||
- default devmode
|
||||
- force printername
|
||||
- mangling method
|
||||
- mangle prefix
|
||||
- default case
|
||||
- case sensitive
|
||||
- casesignames
|
||||
- preserve case
|
||||
- short preserve case
|
||||
- mangling char
|
||||
- hide dot files
|
||||
- hide special files
|
||||
- hide unreadable
|
||||
- hide unwriteable files
|
||||
- delete veto files
|
||||
- veto files
|
||||
- hide files
|
||||
- veto oplock files
|
||||
- map readonly
|
||||
- mangled names
|
||||
- mangled map
|
||||
- max stat cache size
|
||||
- stat cache
|
||||
- store dos attributes
|
||||
- machine password timeout
|
||||
- add user script
|
||||
- rename user script
|
||||
- delete user script
|
||||
- add group script
|
||||
- delete group script
|
||||
- add user to group script
|
||||
- delete user from group script
|
||||
- set primary group script
|
||||
- add machine script
|
||||
- shutdown script
|
||||
- abort shutdown script
|
||||
- username map script
|
||||
- logon script
|
||||
- logon path
|
||||
- logon drive
|
||||
- logon home
|
||||
- domain logons
|
||||
- os level
|
||||
- lm announce
|
||||
- lm interval
|
||||
- domain master
|
||||
- browse list
|
||||
- enhanced browsing
|
||||
- wins proxy
|
||||
- blocking locks
|
||||
- fake oplocks
|
||||
- kernel oplocks
|
||||
- locking
|
||||
- lock spin count
|
||||
- lock spin time
|
||||
- oplocks
|
||||
- level2 oplocks
|
||||
- oplock break wait time
|
||||
- oplock contention limit
|
||||
- posix locking
|
||||
- share modes
|
||||
- add share command
|
||||
- change share command
|
||||
- delete share command
|
||||
- eventlog list
|
||||
- utmp directory
|
||||
- wtmp directory
|
||||
- utmp
|
||||
- default service
|
||||
- default
|
||||
- message command
|
||||
- dfree cache time
|
||||
- dfree command
|
||||
- get quota command
|
||||
- set quota command
|
||||
- remote announce
|
||||
- remote browse sync
|
||||
- homedir map
|
||||
- afs username map
|
||||
- afs token lifetime
|
||||
- log nt token command
|
||||
- time offset
|
||||
- NIS homedir
|
||||
- preexec
|
||||
- exec
|
||||
- preexec close
|
||||
- postexec
|
||||
- root preexec
|
||||
- root preexec close
|
||||
- root postexec
|
||||
- set directory
|
||||
- wide links
|
||||
- follow symlinks
|
||||
- dont descend
|
||||
- magic script
|
||||
- magic output
|
||||
- delete readonly
|
||||
- dos filemode
|
||||
- dos filetimes
|
||||
- dos filetime resolution
|
||||
- fake directory create times
|
||||
- panic action
|
||||
- vfs objects
|
||||
- vfs object
|
||||
- msdfs root
|
||||
- msdfs proxy
|
||||
- host msdfs
|
||||
- enable rid algorithm
|
||||
- passdb expand explicit
|
||||
- idmap backend
|
||||
- idmap uid
|
||||
- winbind uid
|
||||
- idmap gid
|
||||
- winbind gid
|
||||
- template homedir
|
||||
- template shell
|
||||
- winbind separator
|
||||
- winbind cache time
|
||||
- winbind enum users
|
||||
- winbind enum groups
|
||||
- winbind use default domain
|
||||
- winbind trusted domains only
|
||||
- winbind nested groups
|
||||
- winbind max idle children
|
||||
- winbind nss info
|
||||
|
34
WHATSNEW.txt
Normal file
@ -0,0 +1,34 @@
|
||||
=================================
|
||||
Release Notes for Samba 3.4.0pre1
|
||||
|
||||
=================================
|
||||
|
||||
This is the first preview release of Samba 3.4. This is *not*
|
||||
intended for production environments and is designed for testing
|
||||
purposes only. Please report any defects via the Samba bug reporting
|
||||
system at https://bugzilla.samba.org/.
|
||||
|
||||
Major enhancements in Samba 3.4.0 include:
|
||||
|
||||
o
|
||||
|
||||
|
||||
######################################################################
|
||||
Reporting bugs & Development Discussion
|
||||
#######################################
|
||||
|
||||
Please discuss this release on the samba-technical mailing list or by
|
||||
joining the #samba-technical IRC channel on irc.freenode.net.
|
||||
|
||||
If you do report problems then please try to send high quality
|
||||
feedback. If you don't provide vital information to help us track down
|
||||
the problem then you will probably be ignored. All bug reports should
|
||||
be filed under the Samba 3.4 product in the project's Bugzilla
|
||||
database (https://bugzilla.samba.org/).
|
||||
|
||||
|
||||
======================================================================
|
||||
== Our Code, Our Bugs, Our Responsibility.
|
||||
== The Samba Team
|
||||
======================================================================
|
||||
|
146
WHATSNEW4.txt
Normal file
@ -0,0 +1,146 @@
|
||||
What's new in Samba 4 alpha5
|
||||
============================
|
||||
|
||||
Samba 4 is the ambitious next version of the Samba suite that is being
|
||||
developed in parallel to the stable 3.0 series. The main emphasis in
|
||||
this branch is support for the Active Directory logon protocols used
|
||||
by Windows 2000 and above.
|
||||
|
||||
Samba4 alpha5 follows on from the alpha release series we have been
|
||||
publishing since September 2007
|
||||
|
||||
WARNINGS
|
||||
========
|
||||
|
||||
Samba4 alpha5 is not a final Samba release. That is more a reference
|
||||
to Samba4's lack of the features we expect you will need than a
|
||||
statement of code quality, but clearly it hasn't seen a broad
|
||||
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
|
||||
Samba4, you would find many things work, but that other key features
|
||||
you may have relied on simply are not there yet.
|
||||
|
||||
For example, while Samba 3.0 is an excellent member of a Active
|
||||
Directory domain, Samba4 is happier as a domain controller, and it is
|
||||
in this role where it has seen deployment into production.
|
||||
|
||||
Samba4 is subjected to an awesome battery of tests on an
|
||||
automated basis, we have found Samba4 to be very stable in it's
|
||||
behaviour. We have to recommend against upgrading production servers
|
||||
from Samba 3 to Samba 4 at this stage, because there may be the features on
|
||||
which you may rely that are not present, or the mapping of
|
||||
your configuration and user database may not be complete.
|
||||
|
||||
If you are upgrading, or looking to develop, test or deploy Samba4, you should
|
||||
backup all configuration and data.
|
||||
|
||||
NEW FEATURES
|
||||
============
|
||||
|
||||
Samba4 supports the server-side of the Active Directory logon environment
|
||||
used by Windows 2000 and later, so we can do full domain join
|
||||
and domain logon operations with these clients.
|
||||
|
||||
Our Domain Controller (DC) implementation includes our own built-in
|
||||
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
|
||||
Samba3-like logon services provided over CIFS. We correctly generate
|
||||
the infamous Kerberos PAC, and include it with the Kerberos tickets we
|
||||
issue.
|
||||
|
||||
The new VFS features in Samba 4 adapts the filesystem on the server to
|
||||
match the Windows client semantics, allowing Samba 4 to better match
|
||||
windows behaviour and application expectations. This includes file
|
||||
annotation information (in streams) and NT ACLs in particular. The
|
||||
VFS is backed with an extensive automated test suite.
|
||||
|
||||
A new scripting interface has been added to Samba 4, allowing
|
||||
Python programs to interface to Samba's internals.
|
||||
|
||||
The Samba 4 architecture is based around an LDAP-like database that
|
||||
can use a range of modular backends. One of the backends supports
|
||||
standards compliant LDAP servers (including OpenLDAP), and we are
|
||||
working on modules to map between AD-like behaviours and this backend.
|
||||
We are aiming for Samba 4 to be powerful frontend to large
|
||||
directories.
|
||||
|
||||
CHANGES SINCE Alpha4
|
||||
=====================
|
||||
|
||||
In the time since Samba4 Alpha4 was released in June 2008, Samba has
|
||||
continued to evolve, but you may particularly notice these areas:
|
||||
|
||||
LDAP backend support restored (issues preventing the use of the LDAP
|
||||
backend in alpha4 have been addressed).
|
||||
|
||||
SMB2 Support: The SMB2 server, while still disabled, has improved,
|
||||
and now supports SMB2 signing.
|
||||
|
||||
OpenChange support: Updates have been made since alpha4 to better
|
||||
support OpenChange's use of Samba4's libraries.
|
||||
|
||||
Faster ldb loading: A fix to avoid calling 'init_module' (which was
|
||||
not defined by Samba modules, but was by the C library) will fix
|
||||
some of the slowness in authentication.
|
||||
|
||||
SWAT Remains Disabled: Due to a lack of developer time and without a
|
||||
long-term web developer to maintain it, the SWAT web UI remains been
|
||||
disabled (and would need to be rewritten in python in any case).
|
||||
|
||||
GNU Make: To try and simplfy our build system, we rely on GNU Make
|
||||
to avoid autogenerating a massive single makefile.
|
||||
|
||||
|
||||
These are just some of the highlights of the work done in the past few
|
||||
months. More details can be found in our GIT history.
|
||||
|
||||
|
||||
CHANGES
|
||||
=======
|
||||
|
||||
Those familiar with Samba 3 can find a list of user-visible changes
|
||||
since that release series in the NEWS file.
|
||||
|
||||
KNOWN ISSUES
|
||||
============
|
||||
|
||||
- Domain member support is in it's infancy, and is not comparable to
|
||||
the support found in Samba3.
|
||||
|
||||
- There is no printing support in the current release.
|
||||
|
||||
- There is no NetBIOS browsing support in the current release
|
||||
|
||||
- The Samba4 port of the CTDB clustering support is not yet complete
|
||||
|
||||
- Clock Synchronisation is critical. Many 'wrong password' errors are
|
||||
actually due to Kerberos objecting to a clock skew between client
|
||||
and server. (The NTP work in the previous alpha is partly to assist
|
||||
with this problem).
|
||||
|
||||
- Samba4 alpha5 is currently only portable to recent Linux
|
||||
distributions. Work to return support for other Unix varients is
|
||||
expected during the next alpha cycle
|
||||
|
||||
- Samba4 alpha5 is incompatible with GnuTLS 2.0, found in Fedora 9 and
|
||||
recent Ubuntu releases. GnuTLS use may be disabled using the
|
||||
--disable-gnutls argument to ./configure. (otherwise 'make test' and
|
||||
LDAPS operations will hang).
|
||||
|
||||
RUNNING Samba4
|
||||
==============
|
||||
|
||||
A short guide to setting up Samba 4 can be found in the howto.txt file
|
||||
in root of the tarball.
|
||||
|
||||
DEVELOPMENT and FEEDBACK
|
||||
========================
|
||||
Bugs can be filed at https://bugzilla.samba.org/ but please be aware
|
||||
that many features are simply not expected to work at this stage.
|
||||
|
||||
The Samba Wiki at http://wiki.samba.org should detail some of these
|
||||
development plans.
|
||||
|
||||
Development and general discussion about Samba 4 happens mainly on
|
||||
the #samba-technical IRC channel (on irc.freenode.net) and
|
||||
the samba-technical mailing list (see http://lists.samba.org/ for
|
||||
details).
|
||||
|
41
docs-xml/.gitignore
vendored
Normal file
@ -0,0 +1,41 @@
|
||||
Makefile.settings
|
||||
Samba3-Developers-Guide-attributions.xml
|
||||
Samba3-HOWTO-attributions.xml
|
||||
Samba3-HOWTO.d
|
||||
Samba4-HOWTO.d
|
||||
Samba4-HOWTO-attributions.xml
|
||||
autom4te.cache
|
||||
config.log
|
||||
config.status
|
||||
configure
|
||||
test.d
|
||||
tmp
|
||||
smbdotconf/parameters.all.xml
|
||||
smbdotconf/parameters.global.xml
|
||||
smbdotconf/parameters.service.xml
|
||||
*.d
|
||||
output/manpages-3
|
||||
Samba3-ByExample.tex
|
||||
Samba3-Developers-Guide.tex
|
||||
xslt/figures/*.pdf
|
||||
output/*.pdf
|
||||
*.lof
|
||||
*.out
|
||||
*.log
|
||||
*.aux
|
||||
*.ind
|
||||
*.ilg
|
||||
*.tpt
|
||||
*.idx
|
||||
*.glo
|
||||
*.loe
|
||||
*.lot
|
||||
*.toc
|
||||
Samba3-ByExample.pdf
|
||||
Samba3-Developers-Guide.pdf
|
||||
Samba3-HOWTO.pdf
|
||||
Samba3-HOWTO.tex
|
||||
Samba4-HOWTO.pdf
|
||||
Samba4-HOWTO.tex
|
||||
test.pdf
|
||||
test.tex
|
330
docs-xml/Makefile
Normal file
@ -0,0 +1,330 @@
|
||||
#################################################################
|
||||
# Makefile for Samba Documentation
|
||||
# Authors:
|
||||
# James Moore <jmoore@php.net>
|
||||
# Gerald Carter <jerry@samba.org>
|
||||
# Jelmer Vernooij <jelmer@samba.org>
|
||||
include Makefile.settings
|
||||
|
||||
# Docs to build
|
||||
MAIN_DOCS = $(patsubst %/index.xml,%,$(wildcard */index.xml))
|
||||
MANPAGES3 = $(wildcard $(MANPAGEDIR3)/*.?.xml)
|
||||
export TEXINPUTS=xslt/latex:.:
|
||||
|
||||
# Lists of files to process
|
||||
LATEX_FIGURES = xslt/figures/caution.pdf xslt/figures/important.pdf xslt/figures/note.pdf xslt/figures/tip.pdf xslt/figures/warning.pdf
|
||||
MANPAGES_PLUCKER = $(patsubst $(MANPAGEDIR3)/%.xml,$(PLUCKERDIR)/%.pdb,$(MANPAGES3))
|
||||
|
||||
DATETIME := $(shell date +%Y%m%d%H%M%S)
|
||||
|
||||
ifeq ($(PROFILE), Y)
|
||||
XSLTPROC += --profile --load-trace --timing
|
||||
endif
|
||||
|
||||
ifndef OUTPUTDIR
|
||||
Makefile.settings: configure
|
||||
@echo Makefile.settings not present, trying to run configure...
|
||||
./configure
|
||||
|
||||
configure: configure.ac
|
||||
@echo configure not present, trying to regenerate it...
|
||||
autoreconf
|
||||
endif
|
||||
|
||||
help:
|
||||
@echo "Supported make targets:"
|
||||
@echo " release - Build the docs needed for a Samba release"
|
||||
@echo " all - Build all docs that can be build using the utilities found by configure"
|
||||
@echo " everything - Build all of the above"
|
||||
@echo " pdf,tex,dvi,ps,manpages3,txt,pearson,fo,htmlhelp - Build specific output format"
|
||||
@echo " html - Build multi-file HTML versions"
|
||||
@echo " html-single - Build single-file HTML versions"
|
||||
@echo " htmlman3 - Build HTML version of manpages"
|
||||
@echo " undocumented - Output list of undocumented smb.conf options"
|
||||
@echo " samples - Extract examples"
|
||||
|
||||
$(DOCBOOKDIR)/Samba3-ByExample.xml: $(filter-out Samba3-ByExample/index.xml,$(wildcard Samba3-ByExample/*.xml))
|
||||
$(DOCBOOKDIR)/Samba3-HOWTO.xml: $(filter-out Samba3-HOWTO/index.xml,$(wildcard Samba3-HOWTO/*.xml)) Samba3-HOWTO-attributions.xml
|
||||
Samba3-HOWTO/manpages.xml: $(MANPAGEDIR3)/smb.conf.5.xml
|
||||
$(DOCBOOKDIR)/Samba3-Developers-Guide.xml: $(filter-out Samba3-Developers-Guide/index.xml,$(wildcard Samba3-Developers-Guide/*.xml)) Samba3-Developers-Guide-attributions.xml
|
||||
$(DOCBOOKDIR)/Samba4-HOWTO.xml: $(filter-out Samba4-HOWTO/index.xml,$(wildcard Samba4-HOWTO/*.xml)) Samba4-HOWTO-attributions.xml
|
||||
|
||||
# Pseudo targets
|
||||
all:: $(TARGETS)
|
||||
everything:: manpages3 pdf html-single html htmlman3 txt ps fo htmlhelp pearson
|
||||
release:: manpages3 htmlman3 html pdf
|
||||
clean::
|
||||
@echo "Cleaning up..."
|
||||
rm -rf $(OUTPUTDIR)/* $(DOCBOOKDIR)
|
||||
rm -f $(patsubst %.svg,%.png,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-dia))) \
|
||||
$(patsubst %.svg,%.pdf,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) \
|
||||
$(patsubst %.svg,%.eps,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg)))
|
||||
rm -f *-attributions.xml *.d *.tpt *.tex *.loc *.toc *.lof *.glo *.idx *.aux
|
||||
rm -f *-images-html*
|
||||
rm -f *-images-latex-* $(LATEX_FIGURES)
|
||||
rm -f xslt/figures/*pdf
|
||||
rm -f $(SMBDOTCONFDOC)/parameters.*.xml
|
||||
rm -f $(addsuffix .*,$(MAIN_DOCS))
|
||||
|
||||
# Output format targets
|
||||
pdf:: $(patsubst %,$(PDFDIR)/%.pdf,$(MAIN_DOCS))
|
||||
dvi:: $(patsubst %,$(DVIDIR)/%.dvi,$(MAIN_DOCS))
|
||||
ps:: $(patsubst %,$(PSDIR)/%.ps,$(MAIN_DOCS))
|
||||
txt:: $(patsubst %,$(TXTDIR)/%.txt,$(MAIN_DOCS))
|
||||
txt-chunks:: $(addsuffix -txt-chunks,$(MAIN_DOCS))
|
||||
fo:: $(patsubst %,$(FODIR)/%.fo,$(MAIN_DOCS))
|
||||
fo-pdf:: $(patsubst %,$(FOPDFDIR)/%.pdf,$(MAIN_DOCS))
|
||||
tex:: $(addsuffix .tex,$(MAIN_DOCS))
|
||||
texi:: $(patsubst %,$(TEXINFODIR)/%.texi,$(MAIN_DOCS))
|
||||
texiinfo:: $(patsubst %,$(TEXINFODIR)/%.info,$(MAIN_DOCS))
|
||||
manpages3:: $(patsubst $(MANPAGEDIR3)/%.xml,$(OUTPUTDIR)/manpages-3/%,$(MANPAGES3))
|
||||
pearson:: $(PEARSONDIR)/Samba3-HOWTO.xml
|
||||
pearson-verify:: $(PEARSONDIR)/Samba3-HOWTO.report.html
|
||||
plucker:: $(patsubst %,$(PLUCKERDIR)/%.pdb,$(MAIN_DOCS))
|
||||
htmlman3:: $(patsubst $(MANPAGEDIR3)/%.xml,$(HTMLDIR)/manpages-3/%.html,$(MANPAGES3)) $(HTMLDIR)/manpages-3/index.html
|
||||
html-single:: $(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS))
|
||||
html:: $(patsubst %,$(HTMLDIR)/%/index.html,$(MAIN_DOCS)) $(HTMLDIR)/index.html
|
||||
htmlhelp:: $(addprefix $(HTMLHELPDIR)/,$(MAIN_DOCS))
|
||||
validate:: $(addsuffix -validate,$(MAIN_DOCS))
|
||||
|
||||
test:: validate
|
||||
check:: validate
|
||||
|
||||
.PHONY: test check validate
|
||||
|
||||
# Intermediate docbook docs
|
||||
#
|
||||
$(DOCBOOKDIR)/%.xml: %/index.xml xslt/expand-sambadoc.xsl
|
||||
@echo "Converting Samba-specific tags for $*..."
|
||||
@mkdir -p $(@D)
|
||||
@$(XSLTPROC) --stringparam latex.imagebasedir "$*/" --stringparam noreference 0 --xinclude --output $@ xslt/expand-sambadoc.xsl $<
|
||||
|
||||
$(DOCBOOKDIR)/manpages-3/%.xml: $(MANPAGEDIR3)/%.xml xslt/expand-sambadoc.xsl
|
||||
@mkdir -p $(@D)
|
||||
$(XSLTPROC) --xinclude --stringparam noreference 0 --output $@ xslt/expand-sambadoc.xsl $<
|
||||
|
||||
$(DOCBOOKDIR)/manpages-3/index.xml: $(MANPAGES3) xslt/manpage-summary.xsl
|
||||
@mkdir -p $(@D)
|
||||
echo "<article><variablelist>" > $@
|
||||
$(XSLTPROC) xslt/manpage-summary.xsl $(MANPAGES3) >> $@
|
||||
@echo "</variablelist></article>" >> $@
|
||||
|
||||
# HTML docs
|
||||
$(HTMLDIR)/index.html: htmldocs.html
|
||||
@mkdir -p $(@D)
|
||||
cp $< $@
|
||||
|
||||
$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl %-images-html-chunks
|
||||
@mkdir -p $(@D)
|
||||
$(XSLTPROC) --stringparam base.dir "$(HTMLDIR)/$*/" xslt/html-chunk.xsl $<
|
||||
|
||||
# Single large HTML files
|
||||
$(OUTPUTDIR)/%/samba.css: xslt/html/samba.css
|
||||
@mkdir -p $(@D)
|
||||
cp $< $@
|
||||
|
||||
$(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)): $(HTMLDIR)/%.html: %-images-html-single
|
||||
|
||||
$(HTMLDIR)/%.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/samba.css xslt/html.xsl
|
||||
$(XSLTPROC) --output $@ xslt/html.xsl $<
|
||||
|
||||
# Attributions
|
||||
%-attributions.xml:
|
||||
@echo "Generating attributions file $@ from $*/"
|
||||
@cp -f templates/attributions.xml $@
|
||||
@$(XSLTPROC) --xinclude -o $@ xslt/generate-attributions.xsl $*/index.xml
|
||||
|
||||
# Text files
|
||||
$(TXTDIR)/%.txt: $(HTMLDIR)/%.html
|
||||
@mkdir -p $(@D)
|
||||
$(HTML2TEXT) -nobs -style pretty -o $@ $<
|
||||
|
||||
# Tex files
|
||||
%.tex: %/index.xml xslt/latex.xsl
|
||||
@echo "Generating $@..."
|
||||
@mkdir -p $(@D)
|
||||
@$(XSLTPROC) $(DB2LATEX_ARGS) --stringparam latex.imagebasedir "$*/" --xinclude --output $@ xslt/latex.xsl $<
|
||||
|
||||
$(PDFDIR)/%.pdf: %.pdf
|
||||
@mkdir -p $(@D)
|
||||
cp $< $@
|
||||
|
||||
%.idx: %.tex $(LATEX_FIGURES)
|
||||
-$(PDFLATEX) $<
|
||||
|
||||
%.ind: %.idx
|
||||
$(MAKEINDEX) $<
|
||||
|
||||
# Dependency files
|
||||
%.d: $(DOCBOOKDIR)/%.xml xslt/generate-dependencies.xsl
|
||||
@echo "Generating dependency file for $*"
|
||||
@$(XSLTPROC) --novalid \
|
||||
--stringparam txtbasedir "$(TXTDIR)/$*/" \
|
||||
--stringparam target "$*" \
|
||||
-o $@ xslt/generate-dependencies.xsl $<
|
||||
@echo "$*-images-latex-svg = \$$(wildcard \$$(addsuffix .svg, \$$($*-images-latex)))" >> $@
|
||||
@echo "$*-images-latex-eps: \$$(addsuffix .eps, \$$($*-images-latex))" >> $@
|
||||
@echo "$*-images-latex-pdf: \$$(patsubst %.svg, %.pdf, \$$($*-images-latex-svg))" >> $@
|
||||
@echo "$*-images-latex-png: \$$(filter-out \$$(patsubst %.svg,%.png,\$$($*-images-latex-svg)), \$$(addsuffix .png, \$$($*-images-latex)))" >> $@
|
||||
|
||||
@echo >> $@
|
||||
@echo "\$$(HTMLDIR)/%: $*/%" >> $@
|
||||
@echo " @mkdir -p \$$(@D)" >> $@
|
||||
@echo " @cp \$$< \$$@" >> $@
|
||||
@echo >> $@
|
||||
@echo "\$$(HTMLDIR)/$*/%: $*/%" >> $@
|
||||
@echo " @mkdir -p \$$(@D)" >> $@
|
||||
@echo " @cp \$$< \$$@" >> $@
|
||||
@echo >> $@
|
||||
@echo "\$$(HTMLHELPDIR)/$*/%: $*/%" >> $@
|
||||
@echo " @mkdir -p \$$(@D)" >> $@
|
||||
@echo " @cp \$$< \$$@" >> $@
|
||||
@echo >> $@
|
||||
@echo "$*-images-html-single: \$$(addprefix \$$(HTMLDIR)/, \$$($*-images-html))" >> $@
|
||||
@echo "$*-images-html-chunks: \$$(addprefix \$$(HTMLDIR)/$*/, \$$($*-images-html))" >> $@
|
||||
@echo "$*-images-htmlhelp: \$$(addprefix \$$(HTMLHELPDIR)/$*/, \$$($*-images-html))" >> $@
|
||||
|
||||
ifdef OUTPUTDIR
|
||||
ifneq ($(MAKECMDGOALS),clobber)
|
||||
-include $(addsuffix .d,$(MAIN_DOCS))
|
||||
endif
|
||||
endif
|
||||
|
||||
# Adobe PDF files
|
||||
%.pdf: %.tex %.ind $(LATEX_FIGURES) %-images-latex-png %-images-latex-pdf
|
||||
-$(PDFLATEX) $<
|
||||
-$(PDFLATEX) $<
|
||||
-$(PDFLATEX) $<
|
||||
-$(PDFLATEX) $<
|
||||
$(THUMBPDF) --quiet $*.pdf
|
||||
-$(PDFLATEX) $<
|
||||
|
||||
# DVI files
|
||||
$(DVIDIR)/%.dvi: %.dvi
|
||||
@mkdir -p $(@D)
|
||||
cp $< $@
|
||||
|
||||
%.dvi: %.tex %.idx %-images-latex-eps
|
||||
-$(LATEX) $<
|
||||
|
||||
%.eps: %.svg
|
||||
$(INKSCAPE) -z -f $< --export-eps=$@
|
||||
|
||||
%.png: %.svg
|
||||
$(INKSCAPE) -z -f $< --export-png=$@
|
||||
|
||||
#%.pdf: %.svg
|
||||
# $(INKSCAPE) -z -f $< --export-pdf=$@
|
||||
|
||||
%.pdf: %.eps
|
||||
$(EPSTOPDF) $<
|
||||
|
||||
%.eps: %.png
|
||||
$(PNGTOPNM) $< | $(PNMTOPS) > $@
|
||||
|
||||
# PostScript files
|
||||
$(PSDIR)/%.ps: $(DVIDIR)/%.dvi
|
||||
@mkdir -p $(@D)
|
||||
$(DVIPS) -o $@ $<
|
||||
|
||||
# Fo
|
||||
$(FODIR)/%.fo: $(DOCBOOKDIR)/%.xml
|
||||
@mkdir -p $(@D)
|
||||
$(XSLTPROC) --output $@ xslt/fo.xsl $<
|
||||
|
||||
# PDF thru Fo
|
||||
$(FOPDFDIR)/%.pdf: $(FODIR)/%.fo
|
||||
@mkdir -p $(@D)
|
||||
JAVA_OPTS=-Xmx250m $(FOP) -q -d $< -pdf $@
|
||||
|
||||
$(HTMLHELPDIR)/%: $(DOCBOOKDIR)/%.xml %-images-htmlhelp
|
||||
$(XSLTPROC) --stringparam htmlhelp.chm $*.chm \
|
||||
--stringparam manifest.in.base.dir "$@/" \
|
||||
--stringparam base.dir "$@/" \
|
||||
http://docbook.sourceforge.net/release/xsl/current/htmlhelp/htmlhelp.xsl $<
|
||||
|
||||
# Plucker docs
|
||||
$(PLUCKERDIR)/%.pdb: $(HTMLDIR)/%.html
|
||||
@mkdir -p $(@D)
|
||||
$(PLUCKERBUILD) -v -V 2 --stayonhost --zlib-compression -f $* -p $(PLUCKERDIR) file:$<
|
||||
|
||||
# Texinfo docs
|
||||
$(TEXINFODIR)/%.texi: $(DOCBOOKDIR)/%.xml
|
||||
@mkdir -p $(@D)
|
||||
cd $(@D) && $(DB2TEXI) $(shell pwd)/$<
|
||||
|
||||
$(TEXINFODIR)/%.info: $(TEXINFODIR)/%.texi
|
||||
$(MAKEINFO) --no-validate --force -o $@ "$<"
|
||||
|
||||
# Manpages
|
||||
$(MANPAGEDIR3)/smb.conf.5.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/parameters.service.xml $(SMBDOTCONFDOC)/parameters.global.xml
|
||||
|
||||
$(SMBDOTCONFDOC)/parameters.all.xml: $(wildcard $(SMBDOTCONFDOC)/*/*.xml) $(SMBDOTCONFDOC)/generate-file-list.sh
|
||||
$(SMBDOTCONFDOC)/generate-file-list.sh $(SMBDOTCONFDOC) > $@
|
||||
|
||||
$(SMBDOTCONFDOC)/parameters.global.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/generate-context.xsl
|
||||
@echo "Generating list of global smb.conf options"
|
||||
$(XSLTPROC) --xinclude --param smb.context "'G'" --output $(SMBDOTCONFDOC)/parameters.global.xml $(SMBDOTCONFDOC)/generate-context.xsl $<
|
||||
|
||||
$(SMBDOTCONFDOC)/parameters.service.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/generate-context.xsl
|
||||
@echo "Generating list of share-mode smb.conf options"
|
||||
$(XSLTPROC) --xinclude --param smb.context "'S'" --output $(SMBDOTCONFDOC)/parameters.service.xml $(SMBDOTCONFDOC)/generate-context.xsl $<
|
||||
|
||||
$(OUTPUTDIR)/%: $(DOCBOOKDIR)/%.xml xslt/man.xsl
|
||||
@mkdir -p $(@D)
|
||||
$(XSLTPROC) --output $@ xslt/man.xsl $<
|
||||
|
||||
# Individual smb.conf parameters
|
||||
smb.conf-chunks: $(patsubst $(SMBDOTCONFDOC)/%.xml,$(HTMLDIR)/smb.conf/%.html,$(wildcard $(SMBDOTCONFDOC)/*/*.xml))
|
||||
|
||||
$(HTMLDIR)/smb.conf/%.html: $(SMBDOTCONFDOC)/%.xml
|
||||
@mkdir -p $(@D)
|
||||
$(XSLTPROC) --output $@ xslt/smb.conf-html.xsl $<
|
||||
|
||||
# Pearson compatible XML
|
||||
$(PEARSONDIR)/%.xml: %/index.xml xslt/pearson.xsl
|
||||
@mkdir -p $(@D)
|
||||
$(XSLTPROC) --xinclude --output $@ xslt/sambadoc2pearson.xsl $<
|
||||
|
||||
$(PEARSONDIR)/%.report.html: $(PEARSONDIR)/%.xml
|
||||
@mkdir -p $(@D)
|
||||
-$(XMLLINT) --valid --noout $< 2> $@
|
||||
|
||||
# Validation verification
|
||||
%-validate: %/index.xml
|
||||
cd $(<D) && $(XMLLINT) --xinclude --noent --postvalid --noout $(<F)
|
||||
|
||||
# Find undocumented parameters
|
||||
undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc.pl scripts/find_missing_manpages.pl
|
||||
$(PERL) scripts/find_missing_doc.pl $(SRCDIR)
|
||||
$(PERL) scripts/find_missing_manpages.pl $(SRCDIR)
|
||||
|
||||
samples: $(DOCBOOKDIR)/Samba3-HOWTO.xml xslt/extract-examples.xsl scripts/indent-smb.conf.pl
|
||||
@mkdir -p $(EXAMPLESDIR)
|
||||
$(XSLTPROC) --xinclude xslt/extract-examples.xsl $< > /dev/null 2> examples/README
|
||||
for I in examples/*.conf; do { ./scripts/indent-smb.conf.pl < $$I > $$I.tmp; mv $$I.tmp $$I; } done
|
||||
|
||||
# Archiving
|
||||
archive: pdf
|
||||
@mkdir -p $(ARCHIVEDIR)
|
||||
cp $(PDFDIR)/Samba3-HOWTO.pdf $(ARCHIVEDIR)/TOSHARG-$(DATETIME).pdf
|
||||
cp $(PDFDIR)/Samba3-ByExample.pdf $(ARCHIVEDIR)/S3bE-$(DATETIME).pdf
|
||||
|
||||
# XSL scripts
|
||||
xslt/html.xsl: xslt/html-common.xsl
|
||||
xslt/html-chunk.xsl: xslt/html-common.xsl
|
||||
xslt/latex.xsl:
|
||||
xslt/expand-sambadoc.xsl:
|
||||
xslt/generate-attributions.xsl:
|
||||
xslt/man.xsl:
|
||||
xslt/pearson.xsl:
|
||||
|
||||
distclean clobber:: clean
|
||||
rm Makefile.settings config.status config.log configure
|
||||
rm -rf autom4te.cache
|
||||
|
||||
|
||||
# Always keep intermediate files if we can
|
||||
.SECONDARY:
|
||||
.PHONY: clean clobber archive release everything all
|
||||
|
50
docs-xml/Makefile.settings.in
Normal file
@ -0,0 +1,50 @@
|
||||
# Programs
|
||||
XSLTPROC = @XSLTPROC@
|
||||
XMLLINT = @XMLLINT@
|
||||
DVIPS = @DVIPS@
|
||||
PNGTOPNM = @PNGTOPNM@
|
||||
EPSTOPNM = @EPSTOPNM@
|
||||
PNMTOPNG = @PNMTOPNG@
|
||||
DIA = @DIA@
|
||||
INKSCAPE = @INKSCAPE@
|
||||
PNMTOPS = @PNMTOPS@
|
||||
HTML2TEXT = @HTML2TEXT@
|
||||
DB2TEXI = @DB2TEXI@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
PLUCKERBUILD = @PLUCKERBUILD@
|
||||
COPY_IMAGES = ./scripts/copy-images.sh
|
||||
THUMBPDF = @THUMBPDF@
|
||||
PDFLATEX = @PDFLATEX@ --file-line-error-style
|
||||
LATEX = @LATEX@ --file-line-error-style
|
||||
FOP = @FOP@
|
||||
RM = @RM@
|
||||
PERL = @PERL@
|
||||
ifndef DEBUG_LATEX
|
||||
PDFLATEX += --interaction nonstopmode
|
||||
LATEX += --interaction nonstopmode
|
||||
endif
|
||||
|
||||
# Paths
|
||||
OUTPUTDIR = output
|
||||
ARCHIVEDIR = archive
|
||||
TEXINFODIR = $(OUTPUTDIR)/texi
|
||||
SRCDIR = @SAMBASOURCEDIR@
|
||||
EPSTOPDF = @EPSTOPDF@
|
||||
MANPAGEDIR3 = manpages-3
|
||||
MAKEINDEX = @MAKEINDEX@
|
||||
EXAMPLESDIR = $(OUTPUTDIR)/examples
|
||||
SMBDOTCONFDOC = smbdotconf
|
||||
DOCBOOKDIR = tmp
|
||||
PSDIR = $(OUTPUTDIR)
|
||||
FOPDFDIR = $(OUTPUTDIR)/fo-pdf
|
||||
PDFDIR = $(OUTPUTDIR)
|
||||
DVIDIR = $(OUTPUTDIR)
|
||||
FODIR = $(OUTPUTDIR)
|
||||
HTMLHELPDIR = $(OUTPUTDIR)/htmlhelp
|
||||
PEARSONDIR = $(OUTPUTDIR)/pearson
|
||||
TXTDIR = $(OUTPUTDIR)/textdocs
|
||||
HTMLDIR=$(OUTPUTDIR)/htmldocs
|
||||
PLUCKERDIR=$(OUTPUTDIR)/plucker
|
||||
DB2LATEX_ARGS = --stringparam latex.documentclass.book @LATEX_DOCUMENTCLASS_OPTIONS@
|
||||
|
||||
TARGETS = @TARGETS@
|
125
docs-xml/README
Normal file
@ -0,0 +1,125 @@
|
||||
!==
|
||||
!== docbook.txt for Samba 3.0
|
||||
!==
|
||||
!== Author: David Bannon, D.Bannon@latrobe.edu.au November, 2000
|
||||
!== Updates: Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001
|
||||
!== Updates: Jelmer Vernooij, jelmer@samba.org, Aug, 2002
|
||||
!== Updates: Jelmer Vernooij, jelmer@samba.org, Jun, 2003
|
||||
!== Updates: Jelmer Vernooij, jelmer@samba.org, May, 2004
|
||||
!== Updates: Jelmer Vernooij, jelmer@samba.org, May, 2005
|
||||
|
||||
Quick start
|
||||
-----------
|
||||
|
||||
Run:
|
||||
|
||||
make all
|
||||
|
||||
What are DocBook documents doing in the Samba Distribution ?
|
||||
-----------------------------------------------------------
|
||||
|
||||
We have converted all samba docs to XML/DocBook V4.2
|
||||
in order to make them easier to maintain and produce a nicer looking
|
||||
product.
|
||||
|
||||
This short note (strange isn't it how it always starts out as a short note
|
||||
and becomes a long one ?) will explain very briefly how and why we have
|
||||
done this.
|
||||
|
||||
|
||||
The format
|
||||
----------
|
||||
If you are new to xml, regard an xml file as 'source code'. You don't
|
||||
read it directly, but use it to create other formats (like the txt and html
|
||||
included in ../txtdocs and ../htmldocs).
|
||||
|
||||
Docbook is a particular XML style, particularly suited to producing
|
||||
technical manuals.
|
||||
|
||||
For more information on DocBook tags and format, see "DocBook: The
|
||||
Definitive Guide" by Walsh and Muellner, (c) O'Reilly Publishing.
|
||||
This book covers DocBook V4.2 and is available on-line
|
||||
at http://www.docbook.org/
|
||||
|
||||
The Output
|
||||
----------
|
||||
The current Samba Subversion tree contains the XML/DocBook source files.
|
||||
|
||||
A regularly generated version can be found at http://samba.org/samba/docs/.
|
||||
|
||||
The Tools
|
||||
---------
|
||||
|
||||
To generate the docs, you need to have the following packages installed:
|
||||
|
||||
* GNU Make
|
||||
* GNU autoconf
|
||||
* docbook-utils
|
||||
* xsltproc
|
||||
* pngtopnm and pnmtops (from the netpbm utilities)
|
||||
* inkscape
|
||||
|
||||
For generating PDF (thru LaTeX):
|
||||
* db2latex (from http://db2latex.sf.net/). Make sure to get CVS version
|
||||
dated 20030622 -- it works best. Versions previous to 20030425 are known
|
||||
to have problems, as well as current (as of 20031210) snapshots.
|
||||
* pdflatex
|
||||
* thumbpdf
|
||||
|
||||
For generating PDF (thru FO):
|
||||
* fop (http://xml.apache.org/fop/)
|
||||
|
||||
For generating PostScript (thru LaTeX):
|
||||
* db2latex
|
||||
* latex
|
||||
* dvips
|
||||
|
||||
For generating ASCII:
|
||||
* html2text
|
||||
|
||||
For generating Palm-viewable docs:
|
||||
* plucker-build
|
||||
|
||||
For generating texi files:
|
||||
* docbook2x-texi
|
||||
* makeinfo
|
||||
|
||||
For validating:
|
||||
* xmllint
|
||||
|
||||
This directory now contains a ./configure script and Makefile to
|
||||
support the automated building of man pages (including HTML versions), and
|
||||
the building of the Samba-HOWTO-Collection and the
|
||||
Samba Developers Guide (HTML,DVI,TeX,PDF,PS,Text versions).
|
||||
|
||||
The configure script detects which of the required utilities are installed
|
||||
and builds as much docs as it can using these tools.
|
||||
|
||||
Help! Building the docs generates a lot of HTTP traffic...
|
||||
-------------
|
||||
To be able to build the docs without an internet connection (or faster with
|
||||
a slow internet connection), you need to set up "catalogs".
|
||||
|
||||
A catalog contains a list of mappings to locally cached documents. E.g. :
|
||||
http://db2latex.sf.net/xsl/ -> /usr/share/sgml/docbook/db2latex/xsl/
|
||||
|
||||
Add the following two lines to /etc/xml/catalog for db2latex:
|
||||
<rewriteURI uriStartString="http://db2latex.sourceforge.net/xsl/" rewritePrefix="/export/user/me/source/docbook/db2latex/xsl/"/>
|
||||
<rewriteURI uriStartString="http://docbook.sourceforge.net/release/xsl/current/" rewritePrefix="/export/user/me/source/docbook/docbook-xsl/"/>
|
||||
|
||||
For the Pearson DTD, add something like:
|
||||
|
||||
<public publicId="-//Pearson//DTD Books//DE" uri="file:///home/jelmer/Xml_dtd_1.1/pearson.dtd"/>
|
||||
|
||||
For the Samba DTD's, add something like:
|
||||
<rewriteURI uriStartString="http://www.samba.org/samba/DTD" rewritePrefix="file:///home/jelmer/samba-web/DTD"/>
|
||||
|
||||
(of course, adapt /export/user/me/source/ to whatever path db2latex is
|
||||
installed in...)
|
||||
|
||||
catalog entries for the other DTD's and XSL scripts should be present on your
|
||||
system already.
|
||||
|
||||
Windows Help files
|
||||
----------
|
||||
http://htmlhelp.berlios.de/howto/mshh4wine.php
|
130
docs-xml/Samba-EventLog-HOWTO.txt
Normal file
@ -0,0 +1,130 @@
|
||||
##
|
||||
## Samba-EventLog-HOWTO.txt
|
||||
## Brian Moran <bmoran@centeris.com>
|
||||
##
|
||||
## Feature Introduced in Samba 3.0.21
|
||||
##
|
||||
|
||||
Samba and Eventlogs
|
||||
===================
|
||||
|
||||
Samba servers now support event logs -- this means that if
|
||||
Samba is configured correctly, the usual administration tools
|
||||
like event viewer will work against a Samba server.
|
||||
|
||||
To minimally configure Samba to publish event logs, the
|
||||
eventlogs to list must be specified in smb.conf, and
|
||||
eventlog entries must be written to those eventlogs.
|
||||
|
||||
Optionally, a message file can be registered for each
|
||||
of the eventlog 'sources' to pretty-print the eventlog
|
||||
messages in the eventlog viewer.
|
||||
|
||||
Configuring smb.conf
|
||||
====================
|
||||
|
||||
To specify the list of eventlogs the eventlog list
|
||||
command is used. An example which will show four
|
||||
eventlogs is
|
||||
|
||||
eventlog list = Application System Security SyslogLinux
|
||||
|
||||
When Samba initially starts, it looks to see if the
|
||||
eventlog directory, and a particular log exists; if not,
|
||||
the directory and file are created under LOCK_DIR
|
||||
|
||||
Writing EventLog Records
|
||||
========================
|
||||
|
||||
The eventlogadm command is used to write records
|
||||
into a particular eventlog. Eventlogadm expects records
|
||||
to be on STDIN in the following format
|
||||
|
||||
LEN: 0
|
||||
RS1: 1699505740
|
||||
RCN: 0
|
||||
TMG: 1128631322
|
||||
TMW: 1128631322
|
||||
EID: 1000
|
||||
ETP: INFO
|
||||
ECT: 0
|
||||
RS2: 0
|
||||
CRN: 0
|
||||
USL: 0
|
||||
SRC: cron
|
||||
SRN: dmlinux
|
||||
STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
|
||||
DAT:
|
||||
|
||||
These fields closely mirror the eventlog structures
|
||||
used by the APIs. The definitions of the fields are
|
||||
|
||||
- LEN: <integer> The length field is calculated by the
|
||||
eventlogadm program based on the rest of the information
|
||||
in the record. Zero works well here.
|
||||
- RS1: 1699505740 A "magic number", the primary purpose of
|
||||
which seems to be to be able to find eventlog records in a
|
||||
sea of binary data
|
||||
- TMG: <integer> The time the eventlog record was generated;
|
||||
format is the number of seconds since 00:00:00 January 1,
|
||||
1970, UTC
|
||||
- TMW: <integer> The time the eventlog record was written;
|
||||
format is the number of seconds since 00:00:00 January 1,
|
||||
1970, UTC
|
||||
- EID: <integer> The eventlog ID -- used as a index to a
|
||||
message string in a message DLSamba and Eventlogs
|
||||
- ETP: <string> The event type -- one of INFO, ERROR,
|
||||
WARNING, AUDIT SUCCESS, AUDIT FAILURE
|
||||
- ECT: <integer> The event category; this depends on the
|
||||
message file -- primarily used as a means of filtering in
|
||||
the eventlog viewer
|
||||
- RS2: 0 Another reserved field
|
||||
- CRN: 0 Yet another reserved field
|
||||
- USL: <integer> Typically would contain the length of the
|
||||
SID of the user object associated with this event. This is
|
||||
not supported now, so leave this zero.
|
||||
- SRC: <string> The source name associated with the event
|
||||
log, e.g. "cron" or "smbd". If a message file is used with an
|
||||
event log, there will be a registry entry for associating
|
||||
this source name with a message file DLL
|
||||
- SRN: <string> The name of the machine on which the
|
||||
eventlog was generated. This is typically the host name
|
||||
- STR: <string> The text associated with the eventlog. Note
|
||||
that there may be more than one strings in a record
|
||||
- DAT: <string> Eventlog records can have binary information
|
||||
associated with them. DAT only supports ASCII strings however
|
||||
|
||||
Typically, one would set up a program to gather events, format
|
||||
them into records, and pipe them into eventlogadm for a
|
||||
particular eventlog:
|
||||
|
||||
# tail -f /var/log/messages |\
|
||||
my_program_to_parse_into_eventlog_records |\
|
||||
eventlogadm SyslogLinux
|
||||
|
||||
Note that individual records are separated on the input by one
|
||||
or more blank lines. In this manner, eventlogadm will just wait
|
||||
for more input, writing to the underlying log files as necessary.
|
||||
|
||||
|
||||
Deciphering EventLog entries on the Client
|
||||
==========================================
|
||||
|
||||
To set up an eventlog source (which is used by the eventlog viewer
|
||||
program to pretty-print eventlog records), create a message file
|
||||
DLL, then use the eventlogadm program to write the appropriate
|
||||
eventlog registry entries:
|
||||
|
||||
# eventlogadm -o addsource Application MyApplication \
|
||||
%SystemRoot%/system32/MyApplication.dll
|
||||
|
||||
This will add the key
|
||||
[HKLM/System/CurrentControlSet/services/Eventlog/Application/MyApplication]
|
||||
and to that key add value "MyApplication/EventLogMessageFile"
|
||||
with a string of %SystemRoot%/system32/MyApplication.dll
|
||||
|
||||
If there happens to be a share called [C$] on your samba server,
|
||||
and in that share there's a Windows/system32/MyApplication.dll
|
||||
file, it will be read by the eventlog viewer application when
|
||||
displaying eventlog records to pretty-print your eventlog entries.
|
||||
|
16
docs-xml/Samba.desktop
Normal file
@ -0,0 +1,16 @@
|
||||
[Desktop Entry]
|
||||
Name=Samba
|
||||
Name[cz]=Samba
|
||||
Name[de]=Samba
|
||||
Name[nl]=Samba
|
||||
Name[sk]=Samba
|
||||
Comment=The file and print service to SMB/ CIFS clients
|
||||
Comment[cz]=Souborové a tiskové služby pre klienty SMB/ CIFS
|
||||
Comment[de]=SMB/ CIFS Datei- und Druck-Server
|
||||
Comment[nl]=SMB/CIFS Bestand en Print-Server
|
||||
Comment[pl]=Usługa plików i drukarek dla klientów SMB/CIFS
|
||||
Comment[sk]=Súborové a tlačové služby pre klientov SMB/ CIFS
|
||||
DocPath=/usr/share/doc/packages/samba/htmldocs/index.html
|
||||
X-DOC-SearchMethod=htdig
|
||||
X-DOC-SearchEnabledDefault=true
|
||||
X-DOC-Weight=-5000
|
1636
docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml
Normal file
2011
docs-xml/Samba3-ByExample/SBE-500UserNetwork.xml
Normal file
2870
docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml
Normal file
1622
docs-xml/Samba3-ByExample/SBE-Appendix1.xml
Normal file
1283
docs-xml/Samba3-ByExample/SBE-Appendix2.xml
Normal file
918
docs-xml/Samba3-ByExample/SBE-DomainAppsSupport.xml
Normal file
@ -0,0 +1,918 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
|
||||
<chapter id="DomApps">
|
||||
<title>Integrating Additional Services</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>authentication</primary></indexterm>
|
||||
<indexterm><primary>backends</primary></indexterm>
|
||||
<indexterm><primary>smbpasswd</primary></indexterm>
|
||||
<indexterm><primary>ldapsam</primary></indexterm>
|
||||
<indexterm><primary>Active Directory</primary></indexterm>
|
||||
You've come a long way now. You have pretty much mastered Samba-3 for
|
||||
most uses it can be put to. Up until now, you have cast Samba-3 in the leading
|
||||
role, and where authentication was required, you have used one or another of
|
||||
Samba's many authentication backends (from flat text files with smbpasswd
|
||||
to LDAP directory integration with ldapsam). Now you can design a
|
||||
solution for a new Abmas business. This business is running Windows Server
|
||||
2003 and Active Directory, and these are to stay. It's time to master
|
||||
implementing Samba and Samba-supported services in a domain controlled by
|
||||
the latest Windows authentication technologies. Let's get started &smbmdash; this is
|
||||
leading edge.
|
||||
</para>
|
||||
|
||||
<sect1>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>
|
||||
Abmas has continued its miraculous growth; indeed, nothing seems to be able
|
||||
to stop its diversification into multiple (and seemingly unrelated) fields.
|
||||
Its latest acquisition is Abmas Snack Foods, a big player in the snack-food
|
||||
business.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
With this acquisition comes new challenges for you and your team. Abmas Snack
|
||||
Foods is a well-developed business with a huge and heterogeneous network. It
|
||||
already has Windows, NetWare, and Proprietary UNIX, but as yet no Samba or Linux.
|
||||
The network is mature and well-established, and there is no question of its chosen
|
||||
user authentication scheme being changed for now. You need to take a wise new
|
||||
approach.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You have decided to set the ball rolling by introducing Samba-3 into the network
|
||||
gradually, taking over key services and easing the way to a full migration and,
|
||||
therefore, integration into Abmas's existing business later.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Assignment Tasks</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>web</primary><secondary>proxying</secondary></indexterm>
|
||||
<indexterm><primary>web</primary><secondary>caching</secondary></indexterm>
|
||||
You've promised the skeptical Abmas Snack Foods management team
|
||||
that you can show them how Samba can ease itself and other Open Source
|
||||
technologies into their existing infrastructure and deliver sound business
|
||||
advantages. Cost cutting is high on their agenda (a major promise of the
|
||||
acquisition). You have chosen Web proxying and caching as your proving ground.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>bandwidth</primary></indexterm>
|
||||
<indexterm><primary>Microsoft ISA</primary></indexterm>
|
||||
Abmas Snack Foods has several thousand users housed at its head office
|
||||
and multiple regional offices, plants, and warehouses. A high proportion of
|
||||
the business's work is done online, so Internet access for most of these
|
||||
users is essential. All Internet access, including for all regional offices,
|
||||
is funneled through the head office and is the job of the (now your) networking
|
||||
team. The bandwidth requirements were horrific (comparable to a small ISP), and
|
||||
the team soon discovered proxying and caching. In fact, they became one of
|
||||
the earliest commercial users of Microsoft ISA.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Active Directory</primary></indexterm>
|
||||
<indexterm><primary>authenticated</primary></indexterm>
|
||||
<indexterm><primary>proxy</primary></indexterm>
|
||||
The team is not happy with ISA. Because it never lived up to its marketing promises,
|
||||
it underperformed and had reliability problems. You have pounced on the opportunity
|
||||
to show what Open Source can do. The one thing they do like, however, is ISA's
|
||||
integration with Active Directory. They like that their users, once logged on,
|
||||
are automatically authenticated against the proxy. If your alternative to ISA
|
||||
can operate completely seamlessly in their Active Directory domain, it will be
|
||||
approved.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This is a hands-on exercise. You build software applications so
|
||||
that you obtain the functionality Abmas needs.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Dissection and Discussion</title>
|
||||
|
||||
<para>
|
||||
The key requirements in this business example are straightforward. You are not required
|
||||
to do anything new, just to replicate an existing system, not lose any existing features,
|
||||
and improve performance. The key points are:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
Internet access for most employees
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Distributed system to accommodate load and geographical distribution of users
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Seamless and transparent interoperability with the existing Active Directory domain
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
||||
<sect2>
|
||||
<title>Technical Issues</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>browsing</primary></indexterm>
|
||||
<indexterm><primary>Squid proxy</primary></indexterm>
|
||||
<indexterm><primary>proxy</primary></indexterm>
|
||||
<indexterm><primary>authentication</primary></indexterm>
|
||||
<indexterm><primary>Internet Explorer</primary></indexterm>
|
||||
<indexterm><primary>winbind</primary></indexterm>
|
||||
<indexterm><primary>NTLM</primary></indexterm>
|
||||
<indexterm><primary>NTLM authentication daemon</primary></indexterm>
|
||||
<indexterm><primary>authentication</primary></indexterm>
|
||||
<indexterm><primary>daemon</primary></indexterm>
|
||||
<indexterm><primary>Active Directory</primary></indexterm>
|
||||
<indexterm><primary>domain</primary><secondary>Active Directory</secondary></indexterm>
|
||||
<indexterm><primary>Kerberos</primary></indexterm><indexterm><primary>token</primary></indexterm>
|
||||
Functionally, the user's Internet Explorer requests a browsing session with the
|
||||
Squid proxy, for which it offers its AD authentication token. Squid hands off
|
||||
the authentication request to the Samba-3 authentication helper application
|
||||
called <command>ntlm_auth</command>. This helper is a hook into winbind, the
|
||||
Samba-3 NTLM authentication daemon. Winbind enables UNIX services to authenticate
|
||||
against Microsoft Windows domains, including Active Directory domains. As Active
|
||||
Directory authentication is a modified Kerberos authentication, winbind is assisted
|
||||
in this by local Kerberos 5 libraries configured to check passwords with the Active
|
||||
Directory server. Once the token has been checked, a browsing session is established.
|
||||
This process is entirely transparent and seamless to the user.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Enabling this consists of:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
Preparing the necessary environment using preconfigured packages
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Setting up raw Kerberos authentication against the Active Directory domain
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Configuring, compiling, and then installing the supporting Samba-3 components
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Tying it all together
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect2>
|
||||
|
||||
|
||||
<sect2>
|
||||
<title>Political Issues</title>
|
||||
|
||||
<para>
|
||||
You are a stranger in a strange land, and all eyes are upon you. Some would even like to see
|
||||
you fail. For you to gain the trust of your newly acquired IT people, it is essential that your
|
||||
solution does everything the old one did, but does it better in every way. Only then
|
||||
will the entrenched positions consider taking up your new way of doing things on a
|
||||
wider scale.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Implementation</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Squid</primary></indexterm>
|
||||
First, your system needs to be prepared and in a known good state to proceed. This consists
|
||||
of making sure that everything the system depends on is present and that everything that could
|
||||
interfere or conflict with the system is removed. You will be configuring the Squid and Samba-3
|
||||
packages and updating them if necessary. If conflicting packages of these programs are installed,
|
||||
they must be removed.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Red Hat Linux</primary></indexterm>
|
||||
The following packages should be available on your Red Hat Linux system:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<indexterm><primary>krb5</primary></indexterm>
|
||||
<indexterm><primary>Kerberos</primary></indexterm>
|
||||
krb5-libs
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
krb5-devel
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
krb5-workstation
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
krb5-server
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
pam_krb5
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>SUSE Linux</primary></indexterm>
|
||||
In the case of SUSE Linux, these packages are called:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
heimdal-lib
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
heimdal-devel
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<indexterm><primary>Heimdal</primary></indexterm>
|
||||
heimdal
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
pam_krb5
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
If the required packages are not present on your system, you must install
|
||||
them from the vendor's installation media. Follow the administrative guide
|
||||
for your Linux system to ensure that the packages are correctly updated.
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
<indexterm><primary>MS Windows Server 2003</primary></indexterm>
|
||||
<indexterm><primary>Kerberos</primary></indexterm>
|
||||
<indexterm><primary>MIT</primary></indexterm>
|
||||
If the requirement is for interoperation with MS Windows Server 2003, it
|
||||
will be necessary to ensure that you are using MIT Kerberos version 1.3.1
|
||||
or later. Red Hat Linux 9 ships with MIT Kerberos 1.2.7 and thus requires
|
||||
updating.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Heimdal</primary></indexterm>
|
||||
<indexterm><primary>SUSE Enterprise Linux Server</primary></indexterm>
|
||||
Heimdal 0.6 or later is required in the case of SUSE Linux. SUSE Enterprise
|
||||
Linux Server 8 ships with Heimdal 0.4. SUSE 9 ships with the necessary version.
|
||||
</para></note>
|
||||
|
||||
<sect2 id="ch10-one">
|
||||
<title>Removal of Pre-Existing Conflicting RPMs</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Squid</primary></indexterm>
|
||||
If Samba and/or Squid RPMs are installed, they should be updated. You can
|
||||
build both from source.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>rpm</primary></indexterm>
|
||||
<indexterm><primary>samba</primary></indexterm>
|
||||
<indexterm><primary>squid</primary></indexterm>
|
||||
Locating the packages to be un-installed can be achieved by running:
|
||||
<screen>
|
||||
&rootprompt; rpm -qa | grep -i samba
|
||||
&rootprompt; rpm -qa | grep -i squid
|
||||
</screen>
|
||||
The identified packages may be removed using:
|
||||
<screen>
|
||||
&rootprompt; rpm -e samba-common
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Kerberos Configuration</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Kerberos</primary></indexterm>
|
||||
<indexterm><primary>Active Directory</primary><secondary>server</secondary></indexterm>
|
||||
<indexterm><primary>ADS</primary></indexterm>
|
||||
<indexterm><primary>KDC</primary></indexterm>
|
||||
The systems Kerberos installation must be configured to communicate with
|
||||
your primary Active Directory server (ADS KDC).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Strictly speaking, MIT Kerberos version 1.3.4 currently gives the best results,
|
||||
although the current default Red Hat MIT version 1.2.7 gives acceptable results
|
||||
unless you are using Windows 2003 servers.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>MIT</primary></indexterm>
|
||||
<indexterm><primary>Heimdal</primary></indexterm>
|
||||
<indexterm><primary>Kerberos</primary></indexterm>
|
||||
<indexterm><primary>/etc/krb5.conf</primary></indexterm>
|
||||
<indexterm><primary>DNS</primary><secondary>SRV records</secondary></indexterm>
|
||||
<indexterm><primary>KDC</primary></indexterm>
|
||||
<indexterm><primary>DNS</primary><secondary>lookup</secondary></indexterm>
|
||||
Officially, neither MIT (1.3.4) nor Heimdal (0.63) Kerberos needs an <filename>/etc/krb5.conf</filename>
|
||||
file in order to work correctly. All ADS domains automatically create SRV records in the
|
||||
DNS zone <constant>Kerberos.REALM.NAME</constant> for each KDC in the realm. Since both
|
||||
MIT and Heimdal, KRB5 libraries default to checking for these records, so they
|
||||
automatically find the KDCs. In addition, <filename>krb5.conf</filename> allows
|
||||
specifying only a single KDC, even if there is more than one. Using the DNS lookup
|
||||
allows the KRB5 libraries to use whichever KDCs are available.
|
||||
</para>
|
||||
|
||||
<procedure>
|
||||
<title>Kerberos Configuration Steps</title>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>krb5.conf</primary></indexterm>
|
||||
If you find the need to manually configure the <filename>krb5.conf</filename>, you should edit it
|
||||
to have the contents shown in <link linkend="ch10-krb5conf"/>. The final fully qualified path for this file
|
||||
should be <filename>/etc/krb5.conf</filename>.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>Kerberos</primary></indexterm>
|
||||
<indexterm><primary>realm</primary></indexterm>
|
||||
<indexterm><primary>case-sensitive</primary></indexterm>
|
||||
<indexterm><primary>KDC</primary></indexterm>
|
||||
<indexterm><primary>synchronization</primary></indexterm>
|
||||
<indexterm><primary>initial credentials</primary></indexterm>
|
||||
<indexterm><primary>Clock skew</primary></indexterm>
|
||||
<indexterm><primary>NTP</primary></indexterm>
|
||||
<indexterm><primary>DNS</primary><secondary>lookup</secondary></indexterm>
|
||||
<indexterm><primary>reverse DNS</primary></indexterm>
|
||||
<indexterm><primary>NetBIOS name </primary></indexterm>
|
||||
<indexterm><primary>/etc/hosts</primary></indexterm>
|
||||
<indexterm><primary>mapping</primary></indexterm>
|
||||
The following gotchas often catch people out. Kerberos is case sensitive. Your realm must
|
||||
be in UPPERCASE, or you will get an error: <quote>Cannot find KDC for requested realm while getting
|
||||
initial credentials</quote>. Kerberos is picky about time synchronization. The time
|
||||
according to your participating servers must be within 5 minutes or you get an error:
|
||||
<quote>kinit(v5): Clock skew too great while getting initial credentials</quote>.
|
||||
Clock skew limits are, in fact, configurable in the Kerberos protocols (the default is
|
||||
5 minutes). A better solution is to implement NTP throughout your server network.
|
||||
Kerberos needs to be able to do a reverse DNS lookup on the IP address of your KDC.
|
||||
Also, the name that this reverse lookup maps to must either be the NetBIOS name of
|
||||
the KDC (i.e., the hostname with no domain attached) or the
|
||||
NetBIOS name followed by the realm. If all else fails, you can add a
|
||||
<filename>/etc/hosts</filename> entry mapping the IP address of your KDC to its
|
||||
NetBIOS name. If Kerberos cannot do this reverse lookup, you will get a local error
|
||||
when you try to join the realm.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>kinit</primary></indexterm>
|
||||
You are now ready to test your installation by issuing the command:
|
||||
<screen>
|
||||
&rootprompt; kinit [USERNAME@REALM]
|
||||
</screen>
|
||||
You are asked for your password, which you should enter. The following
|
||||
is a typical console sequence:
|
||||
<screen>
|
||||
&rootprompt; kinit ADMINISTRATOR@LONDON.ABMAS.BIZ
|
||||
Password for ADMINISTRATOR@LONDON.ABMAS.BIZ:
|
||||
</screen>
|
||||
Make sure that your password is accepted by the Active Directory KDC.
|
||||
</para></step>
|
||||
</procedure>
|
||||
|
||||
<example id="ch10-krb5conf">
|
||||
<title>Kerberos Configuration &smbmdash; File: <filename>/etc/krb5.conf</filename></title>
|
||||
<screen>
|
||||
[libdefaults]
|
||||
default_realm = LONDON.ABMAS.BIZ
|
||||
|
||||
[realms]
|
||||
LONDON.ABMAS.BIZ = {
|
||||
kdc = w2k3s.london.abmas.biz
|
||||
}
|
||||
</screen>
|
||||
</example>
|
||||
|
||||
<para><indexterm>
|
||||
<primary>klist</primary>
|
||||
</indexterm>
|
||||
The command
|
||||
<screen>
|
||||
&rootprompt; klist -e
|
||||
</screen>
|
||||
shows the Kerberos tickets cached by the system.
|
||||
</para>
|
||||
|
||||
<sect3>
|
||||
<title>Samba Configuration</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Active Directory</primary></indexterm>
|
||||
Samba must be configured to correctly use Active Directory. Samba-3 must be used, since it
|
||||
has the necessary components to interface with Active Directory.
|
||||
</para>
|
||||
|
||||
<procedure>
|
||||
<title>Securing Samba-3 With ADS Support Steps</title>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>Red Hat Linux</primary></indexterm>
|
||||
<indexterm><primary>Samba Tea</primary></indexterm>
|
||||
<indexterm><primary>Red Hat Fedora Linux</primary></indexterm>
|
||||
<indexterm><primary>MIT KRB5</primary></indexterm>
|
||||
<indexterm><primary>ntlm_auth</primary></indexterm>
|
||||
Download the latest stable Samba-3 for Red Hat Linux from the official Samba Team
|
||||
<ulink url="http://ftp.samba.org">FTP site.</ulink> The official Samba Team
|
||||
RPMs for Red Hat Fedora Linux contain the <command>ntlm_auth</command> tool
|
||||
needed, and are linked against MIT KRB5 version 1.3.1 and therefore are ready for use.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>SerNet</primary></indexterm>
|
||||
<indexterm><primary>RPMs</primary></indexterm>
|
||||
The necessary, validated RPM packages for SUSE Linux may be obtained from
|
||||
the <ulink url="ftp://ftp.sernet.de/pub/samba">SerNet</ulink> FTP site that
|
||||
is located in Germany. All SerNet RPMs are validated, have the necessary
|
||||
<command>ntlm_auth</command> tool, and are statically linked
|
||||
against suitably patched Heimdal 0.6 libraries.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Using your favorite editor, change the <filename>/etc/samba/smb.conf</filename>
|
||||
file so it has contents similar to the example shown in <link linkend="ch10-smbconf"/>.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>computer account</primary></indexterm>
|
||||
<indexterm><primary>Active Directory</primary></indexterm>
|
||||
<indexterm><primary>net</primary><secondary>ads</secondary><tertiary>join</tertiary></indexterm>i
|
||||
<indexterm><primary>Kerberos ticket</primary></indexterm>
|
||||
<indexterm><primary>ticket</primary></indexterm>
|
||||
Next you need to create a computer account in the Active Directory.
|
||||
This sets up the trust relationship needed for other clients to
|
||||
authenticate to the Samba server with an Active Directory Kerberos ticket.
|
||||
This is done with the <quote>net ads join -U [Administrator%Password]</quote>
|
||||
command, as follows:
|
||||
<screen>
|
||||
&rootprompt; net ads join -U administrator%vulcon
|
||||
</screen>
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>smbd</primary></indexterm>
|
||||
<indexterm><primary>nmbd</primary></indexterm>
|
||||
<indexterm><primary>winbindd</primary></indexterm>
|
||||
<indexterm><primary>Active Directory</primary></indexterm>
|
||||
<indexterm><primary>Samba</primary></indexterm>
|
||||
Your new Samba binaries must be started in the standard manner as is applicable
|
||||
to the platform you are running on. Alternatively, start your Active Directory-enabled Samba with the following commands:
|
||||
<screen>
|
||||
&rootprompt; smbd -D
|
||||
&rootprompt; nmbd -D
|
||||
&rootprompt; winbindd -B
|
||||
</screen>
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>winbind</primary></indexterm>
|
||||
<indexterm><primary>Active Directory</primary><secondary>domain</secondary></indexterm>
|
||||
<indexterm><primary>wbinfo</primary></indexterm>
|
||||
<indexterm><primary>enumerating</primary></indexterm>
|
||||
<indexterm><primary>Active Directory</primary><secondary>tree</secondary></indexterm>
|
||||
We now need to test that Samba is communicating with the Active
|
||||
Directory domain; most specifically, we want to see whether winbind
|
||||
is enumerating users and groups. Issue the following commands:
|
||||
<screen>
|
||||
&rootprompt; wbinfo -t
|
||||
checking the trust secret via RPC calls succeeded
|
||||
</screen>
|
||||
This tests whether we are authenticating against Active Directory:
|
||||
<screen>
|
||||
&rootprompt; wbinfo -u
|
||||
LONDON+Administrator
|
||||
LONDON+Guest
|
||||
LONDON+SUPPORT_388945a0
|
||||
LONDON+krbtgt
|
||||
LONDON+jht
|
||||
LONDON+xjht
|
||||
</screen>
|
||||
This enumerates all the users in your Active Directory tree:
|
||||
<screen>
|
||||
&rootprompt; wbinfo -g
|
||||
LONDON+Domain Computers
|
||||
LONDON+Domain Controllers
|
||||
LONDON+Schema Admins
|
||||
LONDON+Enterprise Admins
|
||||
LONDON+Domain Admins
|
||||
LONDON+Domain Users
|
||||
LONDON+Domain Guests
|
||||
LONDON+Group Policy Creator Owners
|
||||
LONDON+DnsUpdateProxy
|
||||
</screen>
|
||||
This enumerates all the groups in your Active Directory tree.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>Squid</primary></indexterm>
|
||||
<indexterm><primary>ntlm_auth</primary></indexterm>
|
||||
Squid uses the <command>ntlm_auth</command> helper build with Samba-3.
|
||||
You may test <command>ntlm_auth</command> with the command:
|
||||
<screen>
|
||||
&rootprompt; /usr/bin/ntlm_auth --username=jht
|
||||
password: XXXXXXXX
|
||||
</screen>
|
||||
You are asked for your password, which you should enter. You are rewarded with:
|
||||
<screen>
|
||||
&rootprompt; NT_STATUS_OK: Success (0x0)
|
||||
</screen>
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>ntlm_auth</primary></indexterm>
|
||||
<indexterm><primary>authenticate</primary></indexterm>
|
||||
<indexterm><primary>winbind</primary></indexterm>
|
||||
<indexterm><primary>privileged pipe</primary></indexterm>
|
||||
<indexterm><primary>squid</primary></indexterm>
|
||||
<indexterm><primary>chgrp</primary></indexterm>
|
||||
<indexterm><primary>chmod</primary></indexterm>
|
||||
<indexterm><primary>failure</primary></indexterm>
|
||||
The <command>ntlm_auth</command> helper, when run from a command line as the user
|
||||
<quote>root</quote>, authenticates against your Active Directory domain (with
|
||||
the aid of winbind). It manages this by reading from the winbind privileged pipe.
|
||||
Squid is running with the permissions of user <quote>squid</quote> and group
|
||||
<quote>squid</quote> and is not able to do this unless we make a vital change.
|
||||
Squid cannot read from the winbind privilege pipe unless you change the
|
||||
permissions of its directory. This is the single biggest cause of failure in the
|
||||
whole process. Remember to issue the following command (for Red Hat Linux):
|
||||
<screen>
|
||||
&rootprompt; chgrp squid /var/cache/samba/winbindd_privileged
|
||||
&rootprompt; chmod 750 /var/cache/samba/winbindd_privileged
|
||||
</screen>
|
||||
For SUSE Linux 9, execute the following:
|
||||
<screen>
|
||||
&rootprompt; chgrp squid /var/lib/samba/winbindd_privileged
|
||||
&rootprompt; chmod 750 /var/lib/samba/winbindd_privileged
|
||||
</screen>
|
||||
</para></step>
|
||||
|
||||
</procedure>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>NSS Configuration</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>NSS</primary></indexterm>
|
||||
<indexterm><primary>winbind</primary></indexterm>
|
||||
<indexterm><primary>authentication</primary></indexterm>
|
||||
For Squid to benefit from Samba-3, NSS must be updated to allow winbind as a valid route to user authentication.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Edit your <filename>/etc/nsswitch.conf</filename> file so it has the parameters shown
|
||||
in <link linkend="ch10-etcnsscfg"/>.
|
||||
</para>
|
||||
|
||||
<example id="ch10-smbconf">
|
||||
<title>Samba Configuration &smbmdash; File: <filename>/etc/samba/smb.conf</filename></title>
|
||||
<smbconfblock>
|
||||
<smbconfsection name="[global]"/>
|
||||
<smbconfoption name="workgroup">LONDON</smbconfoption>
|
||||
<smbconfoption name="netbios name">W2K3S</smbconfoption>
|
||||
<smbconfoption name="realm">LONDON.ABMAS.BIZ</smbconfoption>
|
||||
<smbconfoption name="security">ads</smbconfoption>
|
||||
<smbconfoption name="encrypt passwords">yes</smbconfoption>
|
||||
<smbconfoption name="password server">w2k3s.london.abmas.biz</smbconfoption>
|
||||
|
||||
<smbconfcomment>separate domain and username with '/', like DOMAIN/username</smbconfcomment>
|
||||
<smbconfoption name="winbind separator">/</smbconfoption>
|
||||
|
||||
<smbconfcomment>use UIDs from 10000 to 20000 for domain users</smbconfcomment>
|
||||
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
|
||||
<smbconfcomment>use GIDs from 10000 to 20000 for domain groups</smbconfcomment>
|
||||
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
|
||||
|
||||
<smbconfcomment>allow enumeration of winbind users and groups</smbconfcomment>
|
||||
<smbconfoption name="winbind enum users">yes</smbconfoption>
|
||||
<smbconfoption name="winbind enum groups">yes</smbconfoption>
|
||||
<smbconfoption name="winbind user default domain">yes</smbconfoption>
|
||||
</smbconfblock>
|
||||
</example>
|
||||
|
||||
<example id="ch10-etcnsscfg">
|
||||
<title>NSS Configuration File Extract &smbmdash; File: <filename>/etc/nsswitch.conf</filename></title>
|
||||
<screen>
|
||||
passwd: files winbind
|
||||
shadow: files
|
||||
group: files winbind
|
||||
</screen>
|
||||
</example>
|
||||
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>Squid Configuration</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Squid</primary></indexterm>
|
||||
<indexterm><primary>Active Directory</primary><secondary>authentication</secondary></indexterm>
|
||||
Squid must be configured correctly to interact with the Samba-3
|
||||
components that handle Active Directory authentication.
|
||||
</para>
|
||||
|
||||
</sect3>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Configuration</title></sect2>
|
||||
|
||||
<procedure>
|
||||
<title>Squid Configuration Steps</title>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>SUSE Linux</primary></indexterm>
|
||||
<indexterm><primary>Squid</primary> </indexterm>
|
||||
<indexterm><primary>helper agent</primary></indexterm>
|
||||
If your Linux distribution is SUSE Linux 9, the version of Squid
|
||||
supplied is already enabled to use the winbind helper agent. You
|
||||
can therefore omit the steps that would build the Squid binary
|
||||
programs.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>nobody</primary></indexterm>
|
||||
<indexterm><primary>squid</primary></indexterm>
|
||||
<indexterm><primary>rpms</primary></indexterm>
|
||||
<indexterm><primary>/etc/passwd</primary></indexterm>
|
||||
<indexterm><primary>/etc/group</primary></indexterm>
|
||||
Squid, by default, runs as the user <constant>nobody</constant>. You need to
|
||||
add a system user <constant>squid</constant> and a system group
|
||||
<constant>squid</constant> if they are not set up already (if the default
|
||||
Red Hat squid rpms were installed, they will be). Set up a
|
||||
<constant>squid</constant> user in <filename>/etc/passwd</filename>
|
||||
and a <constant>squid</constant> group in <filename>/etc/group</filename> if these aren't there already.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>permissions</primary></indexterm>
|
||||
<indexterm><primary>chown</primary></indexterm>
|
||||
You now need to change the permissions on Squid's <constant>var</constant>
|
||||
directory. Enter the following command:
|
||||
<screen>
|
||||
&rootprompt; chown -R squid /var/cache/squid
|
||||
</screen>
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>logging</primary></indexterm>
|
||||
<indexterm><primary>Squid</primary></indexterm>
|
||||
Squid must also have control over its logging. Enter the following commands:
|
||||
<screen>
|
||||
&rootprompt; chown -R chown squid:squid /var/log/squid
|
||||
&rootprompt; chmod 770 /var/log/squid
|
||||
</screen>
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Finally, Squid must be able to write to its disk cache!
|
||||
Enter the following commands:
|
||||
<screen>
|
||||
&rootprompt; chown -R chown squid:squid /var/cache/squid
|
||||
&rootprompt; chmod 770 /var/cache/squid
|
||||
</screen>
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>/etc/squid/squid.conf</primary></indexterm>
|
||||
The <filename>/etc/squid/squid.conf</filename> file must be edited to include the lines from
|
||||
<link linkend="etcsquidcfg"/> and <link linkend="etcsquid2"/>.
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
<indexterm><primary>cache directories</primary></indexterm>
|
||||
You must create Squid's cache directories before it may be run. Enter the following command:
|
||||
<screen>
|
||||
&rootprompt; squid -z
|
||||
</screen>
|
||||
</para></step>
|
||||
|
||||
<step><para>
|
||||
Finally, start Squid and enjoy transparent Active Directory authentication.
|
||||
Enter the following command:
|
||||
<screen>
|
||||
&rootprompt; squid
|
||||
</screen>
|
||||
</para></step>
|
||||
</procedure>
|
||||
|
||||
<example id="etcsquidcfg">
|
||||
<title>Squid Configuration File Extract &smbmdash; <filename>/etc/squid.conf</filename> [ADMINISTRATIVE PARAMETERS Section]</title>
|
||||
<screen>
|
||||
cache_effective_user squid
|
||||
cache_effective_group squid
|
||||
</screen>
|
||||
</example>
|
||||
|
||||
<example id="etcsquid2">
|
||||
<title>Squid Configuration File extract &smbmdash; File: <filename>/etc/squid.conf</filename> [AUTHENTICATION PARAMETERS Section]</title>
|
||||
<screen>
|
||||
auth_param ntlm program /usr/bin/ntlm_auth \
|
||||
--helper-protocol=squid-2.5-ntlmssp
|
||||
auth_param ntlm children 5
|
||||
auth_param ntlm max_challenge_reuses 0
|
||||
auth_param ntlm max_challenge_lifetime 2 minutes
|
||||
auth_param basic program /usr/bin/ntlm_auth \
|
||||
--helper-protocol=squid-2.5-basic
|
||||
auth_param basic children 5
|
||||
auth_param basic realm Squid proxy-caching web server
|
||||
auth_param basic credentialsttl 2 hours
|
||||
acl AuthorizedUsers proxy_auth REQUIRED
|
||||
http_access allow all AuthorizedUsers
|
||||
</screen>
|
||||
</example>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Key Points Learned</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Web browsers</primary></indexterm>
|
||||
<indexterm><primary>services</primary></indexterm>
|
||||
<indexterm><primary>authentication protocols</primary></indexterm>
|
||||
<indexterm><primary>Web</primary><secondary>proxy</secondary><tertiary>access</tertiary></indexterm>
|
||||
<indexterm><primary>NTLMSSP</primary></indexterm>
|
||||
Microsoft Windows networking protocols permeate the spectrum of technologies that Microsoft
|
||||
Windows clients use, even when accessing traditional services such as Web browsers. Depending
|
||||
on whom you discuss this with, this is either good or bad. No matter how you might evaluate this,
|
||||
the use of NTLMSSP as the authentication protocol for Web proxy access has some advantages over
|
||||
the cookie-based authentication regime used by all competing browsers. It is Samba's implementation
|
||||
of NTLMSSP that makes it attractive to implement the solution that has been demonstrated in this chapter.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Questions and Answers</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>ntlm_auth</primary></indexterm>
|
||||
<indexterm><primary>SambaXP conference</primary></indexterm>
|
||||
<indexterm><primary>Goettingen</primary></indexterm>
|
||||
<indexterm><primary>Italian</primary></indexterm>
|
||||
The development of the <command>ntlm_auth</command> module was first discussed in many Open Source circles
|
||||
in 2002. At the SambaXP conference in Goettingen, Germany, Mr. Francesco Chemolli demonstrated the use of
|
||||
<command>ntlm_auth</command> during one of the late developer meetings that took place. Since that time, the
|
||||
adoption of <command>ntlm_auth</command> has spread considerably.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The largest report from a site that uses Squid with <command>ntlm_auth</command>-based authentication
|
||||
support uses a dual processor server that has 2 GB of memory. It provides Web and FTP proxy services for 10,000
|
||||
users. Approximately 2,000 of these users make heavy use of the proxy services. According to the source, who
|
||||
wishes to remain anonymous, the sustained transaction load on this server hovers around 140 hits/sec. The following
|
||||
comments were made with respect to questions regarding the performance of this installation:
|
||||
</para>
|
||||
|
||||
<blockquote><para>
|
||||
[In our] EXTREMELY optimized environment . . . [the] performance impact is almost [nothing]. The <quote>almost</quote>
|
||||
part is due to the brain damage of the ntlm-over-http protocol definition. Suffice to say that its worst-case
|
||||
scenario triples the number of hits needed to perform the same transactions versus basic or digest auth[entication].
|
||||
</para></blockquote>
|
||||
|
||||
<para>
|
||||
You would be well-advised to recognize that all cache-intensive proxying solutions demand a lot of memory.
|
||||
Make certain that your Squid proxy server is equipped with sufficient memory to permit all proxy operations to run
|
||||
out of memory without invoking the overheads involved in the use of memory that has to be swapped to disk.
|
||||
</para>
|
||||
|
||||
<qandaset defaultlabel="chap10bqa" type="number">
|
||||
<qandaentry>
|
||||
<question>
|
||||
|
||||
<para>
|
||||
What does Samba have to do with Web proxy serving?
|
||||
</para>
|
||||
|
||||
</question>
|
||||
<answer>
|
||||
|
||||
<para>
|
||||
<indexterm><secondary>transparent inter-operability</secondary></indexterm>
|
||||
<indexterm><primary>Windows clients</primary></indexterm>
|
||||
<indexterm><primary>network</primary><secondary>services</secondary></indexterm>
|
||||
<indexterm><primary>authentication</primary></indexterm>
|
||||
<indexterm><primary>wrapper</primary></indexterm>
|
||||
To provide transparent interoperability between Windows clients and the network services
|
||||
that are used from them, Samba had to develop tools and facilities that deliver that feature. The benefit
|
||||
of Open Source software is that it can readily be reused. The current <command>ntlm_auth</command>
|
||||
module is basically a wrapper around authentication code from the core of the Samba project.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>plain-text</primary></indexterm>
|
||||
<indexterm><primary>authentication</primary><secondary>plain-text</secondary></indexterm>
|
||||
<indexterm><primary>Web</primary><secondary>proxy</secondary></indexterm>
|
||||
<indexterm><primary>FTP</primary><secondary>proxy</secondary></indexterm>
|
||||
<indexterm><primary>NTLMSSP</primary></indexterm>
|
||||
<indexterm><primary>logon credentials</primary></indexterm>
|
||||
<indexterm><primary>Windows explorer</primary></indexterm>
|
||||
<indexterm><primary>Internet Information Server</primary></indexterm>
|
||||
<indexterm><primary>Apache Web server</primary></indexterm>
|
||||
The <command>ntlm_auth</command> module supports basic plain-text authentication and NTLMSSP
|
||||
protocols. This module makes it possible for Web and FTP proxy requests to be authenticated without
|
||||
the user being interrupted via his or her Windows logon credentials. This facility is available with
|
||||
MS Windows Explorer and is one of the key benefits claimed for Microsoft Internet Information Server.
|
||||
There are a few open source initiatives to provide support for these protocols in the Apache Web server
|
||||
also.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>wrapper</primary></indexterm>
|
||||
The short answer is that by adding a wrapper around key authentication components of Samba, other
|
||||
projects (like Squid) can benefit from the labors expended in meeting user interoperability needs.
|
||||
</para>
|
||||
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
|
||||
<para>
|
||||
What other services does Samba provide?
|
||||
</para>
|
||||
|
||||
</question>
|
||||
<answer>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>winbindd</primary></indexterm>
|
||||
<indexterm><primary>Identity resolver</primary></indexterm>
|
||||
<indexterm><primary>daemon</primary></indexterm>
|
||||
<indexterm><primary>smbd</primary></indexterm>
|
||||
<indexterm><primary>file and print server</primary></indexterm>
|
||||
Samba-3 is a file and print server. The core components that provide this functionality are <command>smbd</command>,
|
||||
<command>nmbd</command>, and the identity resolver daemon, <command>winbindd</command>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>SMB/CIFS</primary></indexterm>
|
||||
<indexterm><primary>smbclient</primary></indexterm>
|
||||
Samba-3 is an SMB/CIFS client. The core component that provides this is called <command>smbclient</command>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>modules</primary></indexterm>
|
||||
<indexterm><primary>utilities</primary></indexterm>
|
||||
<indexterm><primary>validation</primary></indexterm>
|
||||
<indexterm><primary>inter-operability</primary></indexterm>
|
||||
<indexterm><primary>authentication</primary></indexterm>
|
||||
Samba-3 includes a number of helper tools, plug-in modules, utilities, and test and validation facilities.
|
||||
Samba-3 includes glue modules that help provide interoperability between MS Windows clients and UNIX/Linux
|
||||
servers and clients. It includes Winbind agents that make it possible to authenticate UNIX/Linux access attempts
|
||||
as well as logins to an SMB/CIFS authentication server backend. Samba-3 includes name service switch (NSS) modules
|
||||
to permit identity resolution via SMB/CIFS servers (Windows NT4/200x, Samba, and a host of other commercial
|
||||
server products).
|
||||
</para>
|
||||
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
|
||||
<para>
|
||||
Does use of Samba (<command>ntlm_auth</command>) improve the performance of Squid?
|
||||
</para>
|
||||
|
||||
</question>
|
||||
<answer>
|
||||
|
||||
<para>
|
||||
Not really. Samba's <command>ntlm_auth</command> module handles only authentication. It requires that
|
||||
Squid make an external call to <command>ntlm_auth</command> and therefore actually incurs a
|
||||
little more overhead. Compared with the benefit obtained, that overhead is well worth enduring. Since
|
||||
Squid is a proxy server, and proxy servers tend to require lots of memory, it is good advice to provide
|
||||
sufficient memory when using Squid. Just add a little more to accommodate <command>ntlm_auth</command>.
|
||||
</para>
|
||||
|
||||
</answer>
|
||||
</qandaentry>
|
||||
</qandaset>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
||||
|
701
docs-xml/Samba3-ByExample/SBE-HighAvailability.xml
Normal file
@ -0,0 +1,701 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
|
||||
<chapter id="HA">
|
||||
<title>Performance, Reliability, and Availability</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>performance</primary></indexterm>
|
||||
<indexterm><primary>reliability</primary></indexterm>
|
||||
<indexterm><primary>availability</primary></indexterm>
|
||||
Well, you have reached one of the last chapters of this book. It is customary to attempt
|
||||
to wrap up the theme and contents of a book in what is generally regarded as the
|
||||
chapter that should draw conclusions. This book is a suspense thriller, and since
|
||||
the plot of the stories told mostly lead you to bigger, better Samba-3 networking
|
||||
solutions, it is perhaps appropriate to close this book with a few pertinent comments
|
||||
regarding some of the things everyone can do to deliver a reliable Samba-3 network.
|
||||
</para>
|
||||
|
||||
<blockquote><attribution>Anonymous</attribution><para>
|
||||
In a world so full of noise, how can the sparrow be heard?
|
||||
</para></blockquote>
|
||||
|
||||
<sect1>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>clustering</primary></indexterm>
|
||||
The sparrow is a small bird whose sounds are drowned out by the noise of the busy
|
||||
world it lives in. Likewise, the simple steps that can be taken to improve the
|
||||
reliability and availability of a Samba network are often drowned out by the volume
|
||||
of discussions about grandiose Samba clustering designs. This is not intended to
|
||||
suggest that clustering is not important, because clearly it is. This chapter does not devote
|
||||
itself to discussion of clustering because each clustering methodology uses its own
|
||||
custom tools and methods. Only passing comments are offered concerning these methods.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>cluster</primary></indexterm>
|
||||
<indexterm><primary>samba cluster</primary></indexterm>
|
||||
<indexterm><primary>scalability</primary></indexterm>
|
||||
<ulink url="http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=samba+cluster&btnG=Google+Search">A search</ulink>
|
||||
for <quote>samba cluster</quote> produced 71,600 hits. And a search for <quote>highly available samba</quote>
|
||||
and <quote>highly available windows</quote> produced an amazing number of references.
|
||||
It is clear from the resources on the Internet that Windows file and print services
|
||||
availability, reliability, and scalability are of vital interest to corporate network users.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>performance</primary></indexterm>
|
||||
So without further background, you can review a checklist of simple steps that
|
||||
can be taken to ensure acceptable network performance while keeping costs of ownership
|
||||
well under control.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Dissection and Discussion</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>simple</primary></indexterm>
|
||||
<indexterm><primary>complexities</primary></indexterm>
|
||||
If it is your purpose to get the best mileage out of your Samba servers, there is one rule that
|
||||
must be obeyed. If you want the best, keep your implementation as simple as possible. You may
|
||||
well be forced to introduce some complexities, but you should do so only as a last resort.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Simple solutions are likely to be easier to get right than are complex ones. They certainly
|
||||
make life easier for your successor. Simple implementations can be more readily audited than can
|
||||
complex ones.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>broken behavior</primary></indexterm>
|
||||
<indexterm><primary>poor performance</primary></indexterm>
|
||||
Problems reported by users fall into three categories: configurations that do not work, those
|
||||
that have broken behavior, and poor performance. The term <emphasis>broken behavior</emphasis>
|
||||
means that the function of a particular Samba component appears to work sometimes, but not at
|
||||
others. The resulting intermittent operation is clearly unacceptable. An example of
|
||||
<emphasis>broken behavior</emphasis> known to many Windows networking users occurs when the
|
||||
list of Windows machines in MS Explorer changes, sometimes listing machines that are running
|
||||
and at other times not listing them even though the machines are in use on the network.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>smbfs</primary></indexterm>
|
||||
<indexterm><primary>smbmnt</primary></indexterm>
|
||||
<indexterm><primary>smbmount</primary></indexterm>
|
||||
<indexterm><primary>smbumnt</primary></indexterm>
|
||||
<indexterm><primary>smbumount</primary></indexterm>
|
||||
<indexterm><primary>front-end</primary></indexterm>
|
||||
A significant number of reports concern problems with the <command>smbfs</command> file system
|
||||
driver that is part of the Linux kernel, not part of Samba. Users continue to interpret that
|
||||
<command>smbfs</command> is part of Samba, simply because Samba includes the front-end tools
|
||||
that are used to manage <command>smbfs</command>-based file service connections. So, just
|
||||
for the record, the tools <command>smbmnt</command>, <command>smbmount</command>,
|
||||
<command>smbumount</command>, and <command>smbumnt</command> are front-end
|
||||
facilities to core drivers that are supplied as part of the Linux kernel. These tools share a
|
||||
common infrastructure with some Samba components, but they are not maintained as part of
|
||||
Samba and are really foreign to it.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>cifsfs</primary></indexterm>
|
||||
The new project, <command>cifsfs</command>, is destined to replace <command>smbfs</command>.
|
||||
It, too, is not part of Samba, even though one of the Samba Team members is a prime mover in
|
||||
this project.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Table 13.1 lists typical causes of:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>Not Working (NW)</para></listitem>
|
||||
<listitem><para>Broken Behavior (BB)</para></listitem>
|
||||
<listitem><para>Poor Performance (PP)</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
||||
<table id="ProbList">
|
||||
<title>Effect of Common Problems</title>
|
||||
<tgroup cols="4">
|
||||
<colspec align="left"/>
|
||||
<colspec align="center"/>
|
||||
<colspec align="center"/>
|
||||
<colspec align="center"/>
|
||||
<thead>
|
||||
<row>
|
||||
<entry><para>Problem</para></entry>
|
||||
<entry><para>NW</para></entry>
|
||||
<entry><para>BB</para></entry>
|
||||
<entry><para>PP</para></entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><para>File locking</para></entry>
|
||||
<entry><para>-</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>-</para></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><para>Hardware problems</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><para>Incorrect authentication</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>-</para></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><para>Incorrect configuration</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><para>LDAP problems</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>-</para></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><para>Name resolution</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><para>Printing problems</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>-</para></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><para>Slow file transfer</para></entry>
|
||||
<entry><para>-</para></entry>
|
||||
<entry><para>-</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><para>Winbind problems</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>X</para></entry>
|
||||
<entry><para>-</para></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>network hygiene</primary></indexterm>
|
||||
It is obvious to all that the first requirement (as a matter of network hygiene) is to eliminate
|
||||
problems that affect basic network operation. This book has provided sufficient working examples
|
||||
to help you to avoid all these problems.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Guidelines for Reliable Samba Operation</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>resilient</primary></indexterm>
|
||||
<indexterm><primary>extreme demand</primary></indexterm>
|
||||
Your objective is to provide a network that works correctly, can grow at all times, is resilient
|
||||
at times of extreme demand, and can scale to meet future needs. The following subject areas provide
|
||||
pointers that can help you today.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Name Resolution</title>
|
||||
|
||||
<para>
|
||||
There are three basic current problem areas: bad hostnames, routed networks, and network collisions.
|
||||
These are covered in the following discussion.
|
||||
</para>
|
||||
|
||||
<sect3>
|
||||
<title>Bad Hostnames</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>DHCP</primary><secondary>client</secondary></indexterm>
|
||||
<indexterm><primary>netbios name</primary></indexterm>
|
||||
<indexterm><primary>localhost</primary></indexterm>
|
||||
<indexterm><primary>/etc/hosts</primary></indexterm>
|
||||
<indexterm><primary>NetBIOS</primary></indexterm>
|
||||
When configured as a DHCP client, a number of Linux distributions set the system hostname
|
||||
to <constant>localhost</constant>. If the parameter <parameter>netbios name</parameter> is not
|
||||
specified to something other than <constant>localhost</constant>, the Samba server appears
|
||||
in the Windows Explorer as <constant>LOCALHOST</constant>. Moreover, the entry in the <filename>/etc/hosts</filename>
|
||||
on the Linux server points to IP address <constant>127.0.0.1</constant>. This means that
|
||||
when the Windows client obtains the IP address of the Samba server called <constant>LOCALHOST</constant>,
|
||||
it obtains the IP address <constant>127.0.0.1</constant> and then proceeds to attempt to
|
||||
set up a NetBIOS over TCP/IP connection to it. This cannot work, because that IP address is
|
||||
the local Windows machine itself. Hostnames must be valid for Windows networking to function
|
||||
correctly.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>digits</primary></indexterm>
|
||||
A few sites have tried to name Windows clients and Samba servers with a name that begins
|
||||
with the digits 1-9. This does not work either because it may result in the client or
|
||||
server attempting to use that name as an IP address.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>DNS</primary><secondary>name lookup</secondary></indexterm>
|
||||
<indexterm><primary>resolve</primary></indexterm>
|
||||
A Samba server called <constant>FRED</constant> in a NetBIOS domain called <constant>COLLISION</constant>
|
||||
in a network environment that is part of the fully-qualified Internet domain namespace known
|
||||
as <constant>parrots.com</constant>, results in DNS name lookups for <constant>fred.parrots.com</constant>
|
||||
and <constant>collision.parrots.com</constant>. It is therefore a mistake to name the domain
|
||||
(workgroup) <constant>collision.parrots.com</constant>, since this results in DNS lookup
|
||||
attempts to resolve <constant>fred.parrots.com.parrots.com</constant>, which most likely
|
||||
fails given that you probably do not have this in your DNS namespace.
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
<indexterm><primary>Active Directory</primary><secondary>realm</secondary></indexterm>
|
||||
<indexterm><primary>ADS</primary></indexterm>
|
||||
<indexterm><primary>DNS</primary></indexterm>
|
||||
An Active Directory realm called <constant>collision.parrots.com</constant> is perfectly okay,
|
||||
although it too must be capable of being resolved via DNS, something that functions correctly
|
||||
if Windows 200x ADS has been properly installed and configured.
|
||||
</para></note>
|
||||
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>Routed Networks</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>NetBIOS</primary></indexterm>
|
||||
<indexterm><primary>UDP</primary><secondary>broadcast</secondary></indexterm>
|
||||
<indexterm><primary>broadcast</primary></indexterm>
|
||||
NetBIOS networks (Windows networking with NetBIOS over TCP/IP enabled) makes extensive use
|
||||
of UDP-based broadcast traffic, as you saw during the exercises in <link linkend="primer"/>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>routers</primary></indexterm>
|
||||
<indexterm><primary>forwarded</primary></indexterm>
|
||||
<indexterm><primary>multi-subnet</primary></indexterm>
|
||||
UDP broadcast traffic is not forwarded by routers. This means that NetBIOS broadcast-based
|
||||
networking cannot function across routed networks (i.e., multi-subnet networks) unless
|
||||
special provisions are made:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<indexterm><primary>LMHOSTS</primary></indexterm>
|
||||
<indexterm><primary>remote announce</primary></indexterm>
|
||||
<indexterm><primary>remote browse sync</primary></indexterm>
|
||||
Either install on every Windows client an LMHOSTS file (located in the directory
|
||||
<filename>C:\windows\system32\drivers\etc</filename>). It is also necessary to
|
||||
add to the Samba server &smb.conf; file the parameters <parameter>remote announce</parameter>
|
||||
and <parameter>remote browse sync</parameter>. For more information, refer to the online
|
||||
manual page for the &smb.conf; file.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<indexterm><primary>WINS</primary><secondary>server</secondary></indexterm>
|
||||
Or configure Samba as a WINS server, and configure all network clients to use that
|
||||
WINS server in their TCP/IP configuration.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<note><para>
|
||||
<indexterm><primary>WINS</primary><secondary>name resolution</secondary></indexterm>
|
||||
<indexterm><primary>DNS</primary></indexterm>
|
||||
The use of DNS is not an acceptable substitute for WINS. DNS does not store specific
|
||||
information regarding NetBIOS networking particulars that get stored in the WINS
|
||||
name resolution database and that Windows clients require and depend on.
|
||||
</para></note>
|
||||
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>Network Collisions</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>network</primary><secondary>collisions</secondary></indexterm>
|
||||
<indexterm><primary>network</primary><secondary>timeouts</secondary></indexterm>
|
||||
<indexterm><primary>collision rates</primary></indexterm>
|
||||
<indexterm><primary>network</primary><secondary>load</secondary></indexterm>
|
||||
Excessive network activity causes NetBIOS network timeouts. Timeouts may result in
|
||||
blue screen of death (BSOD) experiences. High collision rates may be caused by excessive
|
||||
UDP broadcast activity, by defective networking hardware, or through excessive network
|
||||
loads (another way of saying that the network is poorly designed).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The use of WINS is highly recommended to reduce network broadcast traffic, as outlined
|
||||
in <link linkend="primer"/>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>netbios forwarding</primary></indexterm>
|
||||
<indexterm><primary>broadcast storms</primary></indexterm>
|
||||
<indexterm><primary>performance</primary></indexterm>
|
||||
Under no circumstances should the facility be supported by many routers, known as <constant>NetBIOS
|
||||
forwarding</constant>, unless you know exactly what you are doing. Inappropriate use of this
|
||||
facility can result in UDP broadcast storms. In one case in 1999, a university network became
|
||||
unusable due to NetBIOS forwarding being enabled on all routers. The problem was discovered during performance
|
||||
testing of a Samba server. The maximum throughput on a 100-Base-T (100 MB/sec) network was
|
||||
less than 15 KB/sec. After the NetBIOS forwarding was turned off, file transfer performance
|
||||
immediately returned to 11 MB/sec.
|
||||
</para>
|
||||
|
||||
</sect3>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Samba Configuration</title>
|
||||
|
||||
<para>
|
||||
As a general rule, the contents of the &smb.conf; file should be kept as simple as possible.
|
||||
No parameter should be specified unless you know it is essential to operation.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>document the settings</primary></indexterm>
|
||||
<indexterm><primary>documented</primary></indexterm>
|
||||
<indexterm><primary>optimized</primary></indexterm>
|
||||
Many UNIX administrators like to fully document the settings in the &smb.conf; file. This is a
|
||||
bad idea because it adds content to the file. The &smb.conf; file is re-read by every <command>smbd</command>
|
||||
process every time the file timestamp changes (or, on systems where this does not work, every 20 seconds or so).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
As the size of the &smb.conf; file grows, the risk of introducing parsing errors also increases.
|
||||
It is recommended to keep a fully documented &smb.conf; file on hand, and then to operate Samba only
|
||||
with an optimized file.
|
||||
</para>
|
||||
|
||||
<para><indexterm>
|
||||
<primary>testparm</primary>
|
||||
</indexterm>
|
||||
The preferred way to maintain a documented file is to call it something like <filename>smb.conf.master</filename>.
|
||||
You can generate the optimized file by executing:
|
||||
<screen>
|
||||
&rootprompt; testparm -s smb.conf.master > smb.conf
|
||||
</screen>
|
||||
You should carefully observe all warnings issued. It is also a good practice to execute the following
|
||||
command to confirm correct interpretation of the &smb.conf; file contents:
|
||||
<screen>
|
||||
&rootprompt; testparm
|
||||
Load smb config files from /etc/samba/smb.conf
|
||||
Can't find include file /etc/samba/machine.
|
||||
Processing section "[homes]"
|
||||
Processing section "[print$]"
|
||||
Processing section "[netlogon]"
|
||||
Processing section "[Profiles]"
|
||||
Processing section "[printers]"
|
||||
Processing section "[media]"
|
||||
Processing section "[data]"
|
||||
Processing section "[cdr]"
|
||||
Processing section "[apps]"
|
||||
Loaded services file OK.
|
||||
'winbind separator = +' might cause problems with group membership.
|
||||
Server role: ROLE_DOMAIN_PDC
|
||||
Press enter to see a dump of your service definitions
|
||||
</screen>
|
||||
<indexterm><primary>fatal problem</primary></indexterm>
|
||||
You now, of course, press the enter key to complete the command, or else abort it by pressing Ctrl-C.
|
||||
The important thing to note is the noted Server role, as well as warning messages. Noted configuration
|
||||
conflicts must be remedied before proceeding. For example, the following error message represents a
|
||||
common fatal problem:
|
||||
<screen>
|
||||
ERROR: both 'wins support = true' and 'wins server = <server list>'
|
||||
cannot be set in the smb.conf file. nmbd will abort with this setting.
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>performance degradation</primary></indexterm>
|
||||
<indexterm><primary>socket options</primary></indexterm>
|
||||
<indexterm><primary>socket address</primary></indexterm>
|
||||
There are two parameters that can cause severe network performance degradation: <parameter>socket options</parameter>
|
||||
and <parameter>socket address</parameter>. The <parameter>socket options</parameter> parameter was often necessary
|
||||
when Samba was used with the Linux 2.2.x kernels. Later kernels are largely self-tuning and seldom benefit from
|
||||
this parameter being set. Do not use either parameter unless it has been proven necessary to use them.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>strict sync</primary></indexterm>
|
||||
<indexterm><primary>sync always</primary></indexterm>
|
||||
<indexterm><primary>severely degrade</primary></indexterm>
|
||||
<indexterm><primary>network</primary><secondary>performance</secondary></indexterm>
|
||||
Another &smb.conf; parameter that may cause severe network performance degradation is the
|
||||
<parameter>strict sync</parameter> parameter. Do not use this at all. There is no good reason
|
||||
to use this with any modern Windows client. The <parameter>strict sync</parameter> is often
|
||||
used with the <parameter>sync always</parameter> parameter. This, too, can severely
|
||||
degrade network performance, so do not set it; if you must, do so with caution.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>opportunistic locking</primary></indexterm>
|
||||
<indexterm><primary>file caching</primary></indexterm>
|
||||
<indexterm><primary>caching</primary></indexterm>
|
||||
<indexterm><primary>oplocks</primary></indexterm>
|
||||
Finally, many network administrators deliberately disable opportunistic locking support. While this
|
||||
does not degrade Samba performance, it significantly degrades Windows client performance because
|
||||
this disables local file caching on Windows clients and forces every file read and written to
|
||||
invoke a network read or write call. If for any reason you must disable oplocks (opportunistic locking)
|
||||
support, do so only on the share on which it is required. That way, all other shares can provide
|
||||
oplock support for operations that are tolerant of it. See <link linkend="ch12dblck"/> for more
|
||||
information.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Use and Location of BDCs</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>BDC</primary></indexterm>
|
||||
<indexterm><primary>PDC</primary></indexterm>
|
||||
<indexterm><primary>routed network</primary></indexterm>
|
||||
<indexterm><primary>wide-area network</primary></indexterm>
|
||||
<indexterm><primary>network segment</primary></indexterm>
|
||||
On a network segment where there is a PDC and a BDC, the BDC carries the bulk of the network logon
|
||||
processing. If the BDC is a heavily loaded server, the PDC carries a greater proportion of
|
||||
authentication and logon processing. When a sole BDC on a routed network segment gets heavily
|
||||
loaded, it is possible that network logon requests and authentication requests may be directed
|
||||
to a BDC on a distant network segment. This significantly hinders WAN operations
|
||||
and is undesirable.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>Domain Member</primary></indexterm>
|
||||
<indexterm><primary>Domain Controller</primary></indexterm>
|
||||
As a general guide, instead of adding domain member servers to a network, you would be better advised
|
||||
to add BDCs until there are fewer than 30 Windows clients per BDC. Beyond that ratio, you should add
|
||||
domain member servers. This practice ensures that there are always sufficient domain controllers
|
||||
to handle logon requests and authentication traffic.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Use One Consistent Version of MS Windows Client</title>
|
||||
|
||||
<para>
|
||||
Every network client has its own peculiarities. From a management perspective, it is easier to deal
|
||||
with one version of MS Windows that is maintained to a consistent update level than it is to deal
|
||||
with a mixture of clients.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
On a number of occasions, particular Microsoft service pack updates of a Windows server or client
|
||||
have necessitated special handling from the Samba server end. If you want to remain sane, keep you
|
||||
client workstation configurations consistent.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>For Scalability, Use SAN-Based Storage on Samba Servers</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>SAN</primary></indexterm>
|
||||
<indexterm><primary>synchronization</primary></indexterm>
|
||||
Many SAN-based storage systems permit more than one server to share a common data store.
|
||||
Use of a shared SAN data store means that you do not need to use time- and resource-hungry data
|
||||
synchronization techniques.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>load distribution</primary></indexterm>
|
||||
<indexterm><primary>clustering</primary></indexterm>
|
||||
The use of a collection of relatively low-cost front-end Samba servers that are coupled to
|
||||
a shared backend SAN data store permits load distribution while containing costs below that
|
||||
of installing and managing a complex clustering facility.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Distribute Network Load with MSDFS</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>MSDFS</primary></indexterm>
|
||||
<indexterm><primary>distributed</primary></indexterm>
|
||||
Microsoft DFS (distributed file system) technology has been implemented in Samba. MSDFS permits
|
||||
data to be accessed from a single share and yet to actually be distributed across multiple actual
|
||||
servers. Refer to <emphasis>TOSHARG2</emphasis>, Chapter 19, for information regarding
|
||||
implementation of an MSDFS installation.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>front-end</primary><secondary>server</secondary></indexterm>
|
||||
<indexterm><primary>MSDFS</primary></indexterm>
|
||||
The combination of multiple backend servers together with a front-end server and use of MSDFS
|
||||
can achieve almost the same as you would obtain with a clustered Samba server.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>replicate</primary></indexterm>
|
||||
<indexterm><primary>rsync</primary></indexterm>
|
||||
<indexterm><primary>wide-area network</primary></indexterm>
|
||||
Consider using <command>rsync</command> to replicate data across the WAN during times
|
||||
of low utilization. Users can then access the replicated data store rather than needing to do so
|
||||
across the WAN. This works best for read-only data, but with careful planning can be
|
||||
implemented so that modified files get replicated back to the point of origin. Be careful with your
|
||||
implementation if you choose to permit modification and return replication of the modified file;
|
||||
otherwise, you may inadvertently overwrite important data.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Hardware Problems</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>hardware prices</primary></indexterm>
|
||||
<indexterm><primary>hardware problems</primary></indexterm>
|
||||
<indexterm><primary>NICs</primary></indexterm>
|
||||
<indexterm><primary>defective</primary><secondary>HUBs</secondary></indexterm>
|
||||
<indexterm><primary>defective</primary><secondary>switches</secondary></indexterm>
|
||||
<indexterm><primary>defective</primary><secondary>cables</secondary></indexterm>
|
||||
Networking hardware prices have fallen sharply over the past 5 years. A surprising number
|
||||
of Samba networking problems over this time have been traced to defective network interface
|
||||
cards (NICs) or defective HUBs, switches, and cables.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>corrective action</primary></indexterm>
|
||||
Not surprising is the fact that network administrators do not like to be shown to have made
|
||||
a bad decision. Money saved in buying low-cost hardware may result in high costs incurred
|
||||
in corrective action.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>intermittent</primary></indexterm>
|
||||
<indexterm><primary>data corruption</primary></indexterm>
|
||||
<indexterm><primary>slow network</primary></indexterm>
|
||||
<indexterm><primary>low performance</primary></indexterm>
|
||||
<indexterm><primary>data integrity</primary></indexterm>
|
||||
Defective NICs, HUBs, and switches may appear as intermittent network access problems, intermittent
|
||||
or persistent data corruption, slow network throughput, low performance, or even as BSOD
|
||||
problems with MS Windows clients. In one case, a company updated several workstations with newer, faster
|
||||
Windows client machines that triggered problems during logon as well as data integrity problems on
|
||||
an older PC that was unaffected so long as the new machines were kept shut down.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Defective hardware problems may take patience and persistence before the real cause can be discovered.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>RAID controllers</primary></indexterm>
|
||||
Networking hardware defects can significantly impact perceived Samba performance, but defective
|
||||
RAID controllers as well as SCSI and IDE hard disk controllers have also been known to impair Samba server
|
||||
operations. One business came to this realization only after replacing a Samba installation with MS
|
||||
Windows Server 2000 running on the same hardware. The root of the problem completely eluded the network
|
||||
administrator until the entire server was replaced. While you may well think that this would never
|
||||
happen to you, experience shows that given the right (unfortunate) circumstances, this can happen to anyone.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Large Directories</title>
|
||||
|
||||
<para>
|
||||
There exist applications that create or manage directories containing many thousands of files. Such
|
||||
applications typically generate many small files (less than 100 KB). At the best of times, under UNIX,
|
||||
listing of the files in a directory that contains many files is slow. By default, Windows NT, 200x,
|
||||
and XP Pro cause network file system directory lookups on a Samba server to be performed for both
|
||||
the case preserving file name as well as for the mangled (8.3) file name. This incurs a huge overhead
|
||||
on the Samba server that may slow down the system dramatically.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In an extreme case, the performance impact was dramatic. File transfer from the Samba server to a Windows
|
||||
XP Professional workstation over 1 Gigabit Ethernet for 250-500 KB files was measured at approximately
|
||||
30 MB/sec. But when tranferring a directory containing 120,000 files, all from 50KB to 60KB in size, the
|
||||
transfer rate to the same workstation was measured at approximately 1.5 KB/sec. The net transfer was
|
||||
on the order of a factor of 20-fold slower.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The symptoms that will be observed on the Samba server when a large directory is accessed will be that
|
||||
aggregate I/O (typically blocks read) will be relatively low, yet the wait I/O times will be incredibly
|
||||
long while at the same time the read queue is large. Close observation will show that the hard drive
|
||||
that the file system is on will be thrashing wildly.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Samba-3.0.12 and later, includes new code that radically improves Samba perfomance. The secret to this is
|
||||
really in the <smbconfoption name="case sensitive">True</smbconfoption> line. This tells smbd never to scan
|
||||
for case-insensitive versions of names. So if an application asks for a file called <filename>FOO</filename>,
|
||||
and it can not be found by a simple stat call, then smbd will return "file not found" immediately without
|
||||
scanning the containing directory for a version of a different case.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Canonicalize all the files in the directory to have one case, upper or lower - either will do. Then set up
|
||||
a new custom share for the application as follows:
|
||||
<screen>
|
||||
[bigshare]
|
||||
path = /data/xrayfiles/neurosurgeons/
|
||||
read only = no
|
||||
case sensitive = True
|
||||
default case = upper
|
||||
preserve case = no
|
||||
short preserve case = no
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
All files and directories under the <parameter>path</parameter> directory must be in the same case
|
||||
as specified in the &smb.conf; stanza. This means that smbd will not be able to find lower case
|
||||
filenames with these settings. Note, this is done on a per-share basis.
|
||||
</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Key Points Learned</title>
|
||||
|
||||
<para>
|
||||
This chapter has touched in broad sweeps on a number of simple steps that can be taken
|
||||
to ensure that your Samba network is resilient, scalable, and reliable, and that it
|
||||
performs well.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Always keep in mind that someone is responsible to maintain and manage your design.
|
||||
In the long term, that may not be you. Spare a thought for your successor and give him or
|
||||
her an even break.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>assumptions</primary></indexterm>
|
||||
Last, but not least, you should not only keep the network design simple, but also be sure it is
|
||||
well documented. This book may serve as your pattern for documenting every
|
||||
aspect of your design, its implementation, and particularly the objects and assumptions
|
||||
that underlie it.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
</chapter>
|
||||
|
2071
docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml
Normal file
4518
docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml
Normal file
1787
docs-xml/Samba3-ByExample/SBE-MigrateNT4Samba3.xml
Normal file
1798
docs-xml/Samba3-ByExample/SBE-MigrateNW4Samba3.xml
Normal file
2693
docs-xml/Samba3-ByExample/SBE-SecureOfficeServer.xml
Normal file
1591
docs-xml/Samba3-ByExample/SBE-SimpleOfficeServer.xml
Normal file
163
docs-xml/Samba3-ByExample/SBE-Support.xml
Normal file
@ -0,0 +1,163 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
|
||||
<chapter lang="en-US">
|
||||
<title>Samba Support</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>support</primary></indexterm>
|
||||
One of the most difficult to answer questions in the information technology industry is, <quote>What is
|
||||
support?</quote>. That question irritates some folks, as much as common answers may annoy others.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>customers</primary></indexterm>
|
||||
The most aggravating situation pertaining to support is typified when, as a Linux user, a call is made to
|
||||
an Internet service provider who, instead of listening to the problem to find a solution, blandly replies:
|
||||
<quote>Oh, Linux? We do not support Linux!</quote>. It has happened to me, and similar situations happen
|
||||
through-out the IT industry. Answers like that are designed to inform us that there are some customers
|
||||
that a business just does not want to deal with, and well may we feel the anguish of the rejection that
|
||||
is dished out.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
One way to consider support is to view it as consisting of the right answer, in the right place,
|
||||
at the right time, no matter the situation. Support is all that it takes to take away pain, disruption,
|
||||
inconvenience, loss of productivity, disorientation, uncertainty, and real or perceived risk.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>provided services</primary></indexterm>
|
||||
<indexterm><primary>services provided</primary></indexterm>
|
||||
<indexterm><primary>customer expected</primary></indexterm>
|
||||
One of the forces that has become a driving force for the adoption of open source software is the fact that
|
||||
many IT businesses have provided services that have perhaps failed to deliver what the customer expected, or
|
||||
that have been found wanting for other reasons.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>consumer expects</primary></indexterm>
|
||||
<indexterm><primary>problem resolution</primary></indexterm>
|
||||
In recognition of the need for needs satisfaction as the primary experience an information technology user or
|
||||
consumer expects, the information provided in this chapter may help someone to avoid an unpleasant experience
|
||||
in respect of problem resolution.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>free support</primary></indexterm>
|
||||
<indexterm><primary>paid-for support</primary></indexterm>
|
||||
<indexterm><primary>commercial support</primary></indexterm>
|
||||
In the open source software arena there are two support options: free support and paid-for (commercial)
|
||||
support.
|
||||
</para>
|
||||
|
||||
<sect1>
|
||||
<title>Free Support</title>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>user groups</primary></indexterm>
|
||||
<indexterm><primary>mailing lists</primary></indexterm>
|
||||
<indexterm><primary>interactive help</primary></indexterm>
|
||||
<indexterm><primary>help</primary></indexterm>
|
||||
<indexterm><primary>mutual assistance</primary></indexterm>
|
||||
<indexterm><primary>assistance</primary></indexterm>
|
||||
Free support may be obtained from friends, colleagues, user groups, mailing lists, and interactive help
|
||||
facilities. An example of an interactive dacility is the Internet relay chat (IRC) channels that host user
|
||||
supported mutual assistance.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>mailing list</primary></indexterm>
|
||||
<indexterm><primary>deployment</primary></indexterm>
|
||||
<indexterm><primary>subscription</primary></indexterm>
|
||||
<indexterm><primary>IRC</primary></indexterm>
|
||||
<indexterm><primary>project</primary></indexterm>
|
||||
The Samba project maintains a mailing list that is commonly used to discuss solutions to Samba deployments.
|
||||
Information regarding subscription to the Samba mailing list can be found on the Samba <ulink
|
||||
url="https://lists.samba.org/mailman/">web</ulink> site. The public mailing list that can be used to obtain
|
||||
free, user contributed, support is called the <literal>samba</literal> list. The email address for this list
|
||||
is at <literal>mail:samba@samba.org</literal>. Information regarding the Samba IRC channels may be found on
|
||||
the Samba <ulink url="http://www.samba.org/samba.irc.html">IRC</ulink> web page.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>free support</primary></indexterm>
|
||||
<indexterm><primary>qualified problem</primary></indexterm>
|
||||
<indexterm><primary>requesting payment</primary></indexterm>
|
||||
<indexterm><primary>professional support</primary></indexterm>
|
||||
As a general rule, it is considered poor net behavior to contact a Samba Team member directly
|
||||
for free support. Most active members of the Samba Team work exceptionally long hours to assist
|
||||
users who have demonstrated a qualified problem. Some team members may respond to direct email
|
||||
or telephone contact, with requests for assistance, by requesting payment. A few of the Samba
|
||||
Team members actually provide professional paid-for Samba support and it is therefore wise
|
||||
to show appropriate discretion and reservation in all direct contact.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>bug report</primary></indexterm>
|
||||
<indexterm><primary>problem report</primary></indexterm>
|
||||
<indexterm><primary>code maintainer</primary></indexterm>
|
||||
When you stumble across a Samba bug, often the quickest way to get it resolved is by posting
|
||||
a bug <ulink url="https://bugzilla.samba.org/">report</ulink>. All such reports are mailed to
|
||||
the responsible code maintainer for action. The better the report, and the more serious it is,
|
||||
the sooner it will be dealt with. On the other hand, if the responsible person can not duplicate
|
||||
the reported bug it is likely to be rejected. It is up to you to provide sufficient information
|
||||
that will permit the problem to be reproduced.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>purchase support</primary></indexterm>
|
||||
We all recognize that sometimes free support does not provide the answer that is sought within
|
||||
the time-frame required. At other times the problem is elusive and you may lack the experience
|
||||
necessary to isolate the problem and thus to resolve it. This is a situation where is may be
|
||||
prudent to purchase paid-for support.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Commercial Support</title>
|
||||
|
||||
<para>
|
||||
There are six basic support oriented services that are most commonly sought by Samba sites:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>Assistance with network design</para></listitem>
|
||||
<listitem><para>Staff Training</para></listitem>
|
||||
<listitem><para>Assistance with Samba network deployment and installation</para></listitem>
|
||||
<listitem><para>Priority telephone or email Samba configuration assistance</para></listitem>
|
||||
<listitem><para>Trouble-shooting and diagnostic assistance</para></listitem>
|
||||
<listitem><para>Provision of quality assured ready-to-install Samba binary packages</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>commercial support</primary></indexterm>
|
||||
<indexterm><primary>country of origin</primary></indexterm>
|
||||
Information regarding companies that provide professional Samba support can be obtained by performing a Google
|
||||
search, as well as by reference to the Samba <ulink
|
||||
url="http://www.samba.org/samba/support.html">Support</ulink> web page. Companies who notify the Samba Team
|
||||
that they provide commercial support are given a free listing that is sorted by the country of origin.
|
||||
Multiple listings are permitted, however no guarantee is offered. It is left to you to qualify a support
|
||||
provider and to satisfy yourself that both the company and its staff are able to deliver what is required of
|
||||
them.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>commercial support</primary></indexterm>
|
||||
The policy within the Samba Team is to treat all commercial support providers equally and to show no
|
||||
preference. As a result, Samba Team members who provide commercial support are lumped in with everyone else.
|
||||
You are encouraged to obtain the services needed from a company in your local area. The open source movement
|
||||
is pro-community; so do what you can to help a local business to prosper.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<indexterm><primary>unsupported software</primary></indexterm>
|
||||
Open source software support can be found in any quality, at any price and in any place you can
|
||||
to obtain it. Over 180 companies around the world provide Samba support, there is no excuse for
|
||||
suffering in the mistaken belief that Samba is unsupported software &smbmdash; it is supported.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
</chapter>
|
1258
docs-xml/Samba3-ByExample/SBE-TheSmallOffice.xml
Normal file
1311
docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml
Normal file
53
docs-xml/Samba3-ByExample/SBE-acknowledgements.xml
Normal file
@ -0,0 +1,53 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
|
||||
<preface lang="en-US">
|
||||
<title>Acknowledgments</title>
|
||||
|
||||
<para>
|
||||
<emphasis>Samba-3 by Example</emphasis> would not have been written except
|
||||
as a result of feedback provided by reviewers and readers of the book <emphasis>The
|
||||
Official Samba-3 HOWTO and Reference Guide.</emphasis> This second edition
|
||||
was made possible by generous feedback from Samba users. I hope this book
|
||||
more than answers the challenge and needs of many more networks that are
|
||||
languishing for a better networking solution.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
I am deeply indebted to a large group of diligent people. Space prevents
|
||||
me from listing all of them, but a few stand out as worthy of mention.
|
||||
Jelmer Vernooij made the notable contribution of building the XML production
|
||||
environment and thereby made possible the typesetting of this book.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Samba would not have come into existence if Andrew Tridgell had not taken
|
||||
the first steps. He continues to lead the project. Under the shadow of his
|
||||
mantle are some great folks who never give up and are always ready to help.
|
||||
Thank you to: Jeremy Allison, Jerry Carter, Andrew Bartlett, Jelmer Vernooij,
|
||||
Alexander Bokovoy, Volker Lendecke, and other team members who answered my
|
||||
continuous stream of questions &smbmdash; all of which resulted in improved content
|
||||
in this book.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
My heartfelt thanks go out also to a small set of reviewers (alphabetically
|
||||
listed) who gave substantial feedback and significant suggestions for improvement:
|
||||
Tony Earnshaw, William Enestvedt, Eric Hines, Roland Gruber, Gavin Henry,
|
||||
Steven Henry, Luke Howard, Tarjei Huse, Jon Johnston, Alan Munter, Mike MacIsaac,
|
||||
Scott Mann, Ed Riddle, Geoff Scott, Santos Soler, Misty Stanley-Jones, Mark Taylor,
|
||||
and Jérôme Tournier.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
My appreciation is extended to a team of more than 30 additional reviewers who
|
||||
helped me to find my way around dark corners.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Particular mention is due to Lyndell, Amos, and Melissa who gave me the
|
||||
latitude necessary to spend nearly an entire year writing Samba documentation,
|
||||
and then gave more so this second edition could be created.
|
||||
</para>
|
||||
|
||||
</preface>
|
88
docs-xml/Samba3-ByExample/SBE-foreword.xml
Normal file
@ -0,0 +1,88 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
|
||||
<preface lang="en-US">
|
||||
<title>Foreword</title>
|
||||
|
||||
<sect1><title>By John M. Weathersby, Executive Director, OSSI</title>
|
||||
<blockquote>
|
||||
|
||||
<para>
|
||||
The Open Source Software Institute (OSSI) is comprised of representatives from a broad spectrum of business and
|
||||
non-business organizations that share a common interest in the promotion of development and implementation
|
||||
of open source software solutions globally, and in particular within the United States of America.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The OSSI has global affiliations with like-minded organizations. Our affiliate in the United Kingdom is the
|
||||
Open Source Consortium (OSC). Both the OSSI and the OSC share a common objective to expand the use of open source
|
||||
software in federal, state, and municipal government agencies; and in academic institutions. We represent
|
||||
businesses that provide professional support services that answer the needs of our target organizational
|
||||
information technology consumers in an effective and cost-efficient manner.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Open source software has matured greatly over the past five years with the result that an increasing number of
|
||||
people who hold key decisionmaking positions want to know how the business model works. They
|
||||
want to understand how problems get resolved, how questions get answered, and how the development model
|
||||
is sustained. Information and communications technology directors in defense organizations, and in other
|
||||
government agencies that deal with sensitive information, want to become familiar with development road-maps
|
||||
and, in particular, seek to evaluate the track record of the mainstream open source project teams.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Wherever the OSSI gains entrance to new opportunities we find that Microsoft Windows technologies are the
|
||||
benchmark against which open source software solutions are measured. Two open source software projects
|
||||
are key to our ability to present a structured and convincing proposition that there are alternatives
|
||||
to the incumbent proprietary means of meeting information technology needs. They are the Apache Web Server
|
||||
and Samba.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Just as the Apache Web Server is the standard in web serving technology, Samba is the definitive standard
|
||||
for providing interoperability with UNIX systems and other non-Microsoft operating system platforms. Both
|
||||
open source applications have a truly remarkable track record that extends for more than a decade. Both have
|
||||
demonstrated the unique capacity to innovate and maintain a level of development that has not only kept
|
||||
pace with demands, but, in many areas, each project has also proven to be an industry leader.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
One of the areas in which the Samba project has demonstrated key leadership is in documentation. The OSSI
|
||||
was delighted when we saw the Samba Team, and John H. Terpstra in particular, release two amazingly
|
||||
well-written books to help Samba software users deploy, maintain, and troubleshoot Windows networking
|
||||
installations. We were concerned that, given the large volume of documentation, the challenge to maintain
|
||||
it and keep it current might prove difficult.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This second edition of the book, <emphasis>Samba-3 by Example</emphasis>, barely one year following the release
|
||||
of the first edition, has removed all concerns and is proof that open source solutions are a compelling choice.
|
||||
The first edition was released shortly following the release of Samba version 3.0 itself, and has become
|
||||
the authoritative instrument for training and for guiding deployment.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
I am personally aware of how much effort has gone into this second edition. John Terpstra has worked with
|
||||
government bodies and with large organizations that have deployed Samba-3 since it was released. He also
|
||||
worked to ensure that this book gained community following. He asked those who have worked at the coalface
|
||||
of large and small organizations alike, to contribute their experiences. He has captured that in this book
|
||||
and has succeeded yet again. His recipe is persistence, intuition, and a high level of respect for the people
|
||||
who use Samba.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This book is the first source you should turn to before you deploy Samba and as you are mastering its
|
||||
deployment. I am proud and excited to be associated in a small way with such a useful tool. This book has
|
||||
reached maturity that is demonstrated by reiteration that every step in deployment must be validated.
|
||||
This book makes it easy to succeed, and difficult to fail, to gain a stable network environment.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
I recommend this book for use by all IT managers and network administrators.
|
||||
</para>
|
||||
|
||||
</blockquote>
|
||||
|
||||
</sect1>
|
||||
|
||||
</preface>
|
11
docs-xml/Samba3-ByExample/SBE-front-matter.xml
Normal file
@ -0,0 +1,11 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
|
||||
<preface lang="en-US">
|
||||
<title>Front Matter</title>
|
||||
|
||||
<para>
|
||||
Just a place holder.
|
||||
</para>
|
||||
|
||||
</preface>
|
258
docs-xml/Samba3-ByExample/SBE-glossary.xml
Normal file
@ -0,0 +1,258 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE glossary PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
<glossary>
|
||||
<title>Glossary</title>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Access Control List</glossterm>
|
||||
<acronym>ACL</acronym>
|
||||
<glossdef><para>
|
||||
A detailed list of permissions granted to users or groups with respect to file and network
|
||||
resource access.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Active Directory Service</glossterm>
|
||||
<acronym>ADS</acronym>
|
||||
<glossdef><para>
|
||||
A service unique to Microsoft Windows 200x servers that provides a centrally managed
|
||||
directory for management of user identities and computer objects, as well as the
|
||||
permissions each user or computer may be granted to access distributed network resources.
|
||||
ADS uses Kerberos-based authentication and LDAP over Kerberos for directory access.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Common Internet File System</glossterm>
|
||||
<acronym>CIFS</acronym>
|
||||
<glossdef><para>
|
||||
The new name for SMB. Microsoft renamed the SMB protocol to CIFS during
|
||||
the Internet hype in the 1990s. At about the time that the SMB protocol was renamed
|
||||
to CIFS, an additional dialect of the SMB protocol was in development. The need for the
|
||||
deployment of the NetBIOS layer was also removed, thus paving the way for use of the SMB
|
||||
protocol natively over TCP/IP (known as NetBIOS-less SMB or <quote>naked</quote> TCP
|
||||
transport).
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Common UNIX Printing System</glossterm>
|
||||
<acronym>CUPS</acronym>
|
||||
<glossdef><para>
|
||||
A recent implementation of a high-capability printing system for UNIX developed by
|
||||
<ulink url="http://www.easysw.com/">Easy Software Inc.</ulink>. The design objective
|
||||
of CUPS was to provide a rich print processing system that has built-in intelligence
|
||||
that is capable of correctly rendering (processing) a file that is submitted for
|
||||
printing even if it was formatted for an entirely different printer.
|
||||
</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Domain Master Browser</glossterm>
|
||||
<acronym>DMB</acronym>
|
||||
<glossdef><para>
|
||||
The Domain Master Browser maintains a list of all the servers that
|
||||
have announced their services within a given workgroup or NT domain.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Domain Name Service</glossterm>
|
||||
<acronym>DNS</acronym>
|
||||
<glossdef><para>
|
||||
A protocol by which computer hostnames may be resolved to the matching IP address/es.
|
||||
DNS is implemented by the Berkeley Internet Name Daemon. There exists a recent version
|
||||
of DNS that allows dynamic name registration by network clients or by a DHCP server.
|
||||
This recent protocol is known as dynamic DNS (DDNS).
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Dynamic Host Configuration Protocol</glossterm>
|
||||
<acronym>DHCP</acronym>
|
||||
<glossdef><para>
|
||||
A protocol that was based on the BOOTP protocol that may be used to dynamically assign
|
||||
an IP address, from a reserved pool of addresses, to a network client or device.
|
||||
Additionally, DHCP may assign all network configuration settings and may be used to
|
||||
register a computer name and its address with a dynamic DNS server.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Group IDentifier</glossterm>
|
||||
<acronym>GID</acronym>
|
||||
<glossdef><para>
|
||||
The UNIX system group identifier; on older systems, a 32-bit unsigned integer, and on
|
||||
newer systems, an unsigned 64-bit integer. The GID is used in UNIX-like operating systems
|
||||
for all group-level access control.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Key Distribution Center</glossterm>
|
||||
<acronym>KDC</acronym>
|
||||
<glossdef><para>
|
||||
The Kerberos authentication protocol makes use of security keys (also called a ticket)
|
||||
by which access to network resources is controlled. The issuing of Kerberos tickets
|
||||
is effected by a KDC.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Lightweight Directory Access Protocol</glossterm>
|
||||
<acronym>LDAP</acronym>
|
||||
<glossdef>
|
||||
<para>
|
||||
The Lightweight Directory Access Protocol is a technology that
|
||||
originated from the development of X.500 protocol specifications and
|
||||
implementations. LDAP was designed as a means of rapidly searching
|
||||
through X.500 information. Later LDAP was adapted as an engine that
|
||||
could drive its own directory database. LDAP is not a database per
|
||||
se; rather it is a technology that enables high-volume search and
|
||||
locate activity from clients that wish to obtain simply defined
|
||||
information about a subset of records that are stored in a
|
||||
database. LDAP does not have a particularly efficient mechanism for
|
||||
storing records in the database, and it has no concept of transaction
|
||||
processing nor of mechanisms for preserving data consistency. LDAP is
|
||||
premised around the notion that the search and read activity far
|
||||
outweigh any need to add, delete, or modify records. LDAP does
|
||||
provide a means for replication of the database to keep slave
|
||||
servers up to date with a master. It also has built-in capability to
|
||||
handle external references and deferral.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Local Master Browser</glossterm>
|
||||
<acronym>LMB</acronym>
|
||||
<glossdef><para>
|
||||
The Local Master Browser maintains a list of all servers that have announced themselves
|
||||
within a given workgroup or NT domain on a particular broadcast isolated subnet.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Media Access Control</glossterm>
|
||||
<acronym>MAC</acronym>
|
||||
<glossdef><para>
|
||||
The hard-coded address of the physical-layer device that is attached to the network.
|
||||
All network interface controllers must have a hard-coded and unique MAC address. The
|
||||
MAC address is 48 bits long.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>NetBIOS Extended User Interface</glossterm>
|
||||
<acronym>NetBEUI</acronym>
|
||||
<glossdef><para>
|
||||
Very simple network protocol invented by IBM and Microsoft. It is used to do NetBIOS
|
||||
over Ethernet with low overhead. NetBEUI is a non-routable protocol.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Network Address Translation</glossterm>
|
||||
<acronym>NAT</acronym>
|
||||
<glossdef><para>
|
||||
Network address translation is a form of IP address masquerading. It ensures that internal
|
||||
private (RFC1918) network addresses from packets inside the network are rewritten so
|
||||
that TCP/IP packets that leave the server over a public connection are seen to come only
|
||||
from the external network address.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Network Basic Input/Output System</glossterm>
|
||||
<acronym>NetBIOS</acronym>
|
||||
<glossdef><para>
|
||||
NetBIOS is a simple application programming interface (API) invented in the 1980s
|
||||
that allows programs to send data to certain network names. NetBIOS is always run over
|
||||
another network protocol such as IPX/SPX, TCP/IP, or Logical Link Control (LLC).
|
||||
NetBIOS run over LLC is best known as NetBEUI (the NetBIOS Extended User Interface
|
||||
&smbmdash; a complete misnomer!).
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>NetBT</glossterm>
|
||||
<acronym>NBT</acronym>
|
||||
<glossdef><para>
|
||||
Protocol for transporting NetBIOS frames over TCP/IP. Uses ports 137, 138, and 139.
|
||||
NetBT is a fully routable protocol.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>NT/LanManager Security Support Provider</glossterm>
|
||||
<acronym>NTLMSSP</acronym>
|
||||
<glossdef><para>
|
||||
The NTLM Security Support Provider (NTLMSSP) service in Windows NT4/200x/XP is responsible for
|
||||
handling all NTLM authentication requests. It is the front end for protocols such as SPNEGO,
|
||||
Schannel, and other technologies. The generic protocol family supported by NTLMSSP is known as
|
||||
GSSAPI, the Generic Security Service Application Program Interface specified in RFC2078.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Server Message Block</glossterm>
|
||||
<acronym>SMB</acronym>
|
||||
<glossdef><para>
|
||||
SMB was the original name of the protocol spoken by Samba. It was invented in the 1980s
|
||||
by IBM and adopted and extended further by Microsoft. Microsoft renamed the protocol to
|
||||
CIFS during the Internet hype in the 1990s.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>The Simple and Protected GSS-API Negotiation</glossterm>
|
||||
<acronym>SPNEGO</acronym>
|
||||
<glossdef><para>
|
||||
The purpose of SPNEGO is to allow a client and server to negotiate a security mechanism for
|
||||
authentication. The protocol is specified in RFC2478 and uses tokens as built via ASN.1 DER.
|
||||
DER refers to Distinguished Encoding Rules. These are a set of common rules for creating
|
||||
binary encodings in a platform-independent manner. Samba has support for SPNEGO.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>The Official Samba-3 HOWTO and Reference Guide, Second Edition</glossterm>
|
||||
<acronym>TOSHARG2</acronym>
|
||||
<glossdef><para>
|
||||
This book makes repeated reference to <quote>The Official Samba-3 HOWTO and Reference Guide, Second
|
||||
Edition</quote> by John H. Terpstra and Jelmer R. Vernooij. This publication is available from
|
||||
Amazon.com. Publisher: Prentice Hall PTR (August 2005),
|
||||
ISBN: 013122282.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>User IDentifier</glossterm>
|
||||
<acronym>UID</acronym>
|
||||
<glossdef><para>
|
||||
The UNIX system user identifier; on older systems, a 32-bit unsigned integer, and on newer systems,
|
||||
an unsigned 64-bit integer. The UID is used in UNIX-like operating systems for all user-level access
|
||||
control.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Universal Naming Convention</glossterm>
|
||||
<acronym>UNC</acronym>
|
||||
<glossdef><para>A syntax for specifying the location of network resources (such as file shares).
|
||||
The UNC syntax was developed in the early days of MS DOS 3.x and is used internally by the SMB protocol.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
<glossentry>
|
||||
<glossterm>Wireshark</glossterm>
|
||||
<acronym>wireshark</acronym>
|
||||
<glossdef><para>
|
||||
A network analyzer, also known as a network sniffer or a protocol analyzer. Formerly known as Ethereal, Wireshark is
|
||||
freely available for UNIX/Linux and Microsoft Windows systems from
|
||||
<ulink url="http://www.wireshark.org">the Wireshark Web site</ulink>.
|
||||
</para></glossdef>
|
||||
</glossentry>
|
||||
|
||||
</glossary>
|
44
docs-xml/Samba3-ByExample/SBE-inside-cover.xml
Normal file
@ -0,0 +1,44 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
<preface lang="en-US">
|
||||
<title>About the Cover Artwork</title>
|
||||
|
||||
<para>
|
||||
The cover artwork of this book continues the freedom theme of the first
|
||||
edition of <quote>Samba-3 by Example</quote>. The history of civilization
|
||||
demonstrates the fragile nature of freedom. It can be lost in a moment,
|
||||
and once lost, the cost of recovering liberty can be incredible. The last
|
||||
edition cover featured Alfred the Great who liberated England from the
|
||||
constant assault of Vikings and Norsemen. Events in England that
|
||||
finally liberated the common people came about in small steps, but
|
||||
the result should not be under-estimated. Today, as always, freedom and
|
||||
liberty are seldom appreciated until they are lost. If we can not quantify
|
||||
what is the value of freedom, we shall be little motivated to protect it.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<emphasis>Samba-3 by Example Cover Artwork:</emphasis> The British houses
|
||||
of parliament are a symbol of the Westminster system of government. This form
|
||||
of government permits the people to govern themselves at the lowest level, yet
|
||||
it provides for courts of appeal that are designed to protect freedom and to
|
||||
hold back all forces of tyranny. The clock is a pertinent symbol of the
|
||||
importance of time and place.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The information technology industry is being challenged by the imposition of
|
||||
new laws, hostile litigation, and the imposition of significant constraint
|
||||
of practice that threatens to remove the freedom to develop and deploy open
|
||||
source software solutions. Samba is a software solution that epitomizes freedom
|
||||
of choice in network interoperability for Microsoft Windows clients.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
I hope you will take the time needed to deploy it well, and that you may realize
|
||||
the greatest benefits that may be obtained. You are free to use it in ways never
|
||||
considered, but in doing so there may be some obstacles. Every obstacle that is
|
||||
overcome adds to the freedom you can enjoy. Use Samba well, and it will serve
|
||||
you well.
|
||||
</para>
|
||||
|
||||
</preface>
|
609
docs-xml/Samba3-ByExample/SBE-preface.xml
Normal file
@ -0,0 +1,609 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
<preface id="preface">
|
||||
<title>Preface</title>
|
||||
|
||||
<para>
|
||||
Network administrators live busy lives. We face distractions and pressures
|
||||
that drive us to seek proven, working case scenarios that can be easily
|
||||
implemented. Often this approach lands us in trouble. There is a
|
||||
saying that, geometrically speaking, the shortest distance between two
|
||||
points is a straight line, but practically we find that the quickest
|
||||
route to a stable network solution is the long way around.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This book is your means to the straight path. It provides step-by-step,
|
||||
proven, working examples of Samba deployments. If you want to deploy
|
||||
Samba-3 with the least effort, or if you want to become an expert at deploying
|
||||
Samba-3 without having to search through lots of documentation, this
|
||||
book is the ticket to your destination.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Samba is software that can be run on a platform other than Microsoft Windows,
|
||||
for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems.
|
||||
Samba uses the TCP/IP protocol that is installed on the host server. When
|
||||
correctly configured, it allows that host to interact with a Microsoft Windows
|
||||
client or server as if it is a Windows file and print server. This book
|
||||
will help you to implement Windows-compatible file and print services.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The examples presented in this book are typical of various businesses and
|
||||
reflect the problems and challenges they face. Care has been taken to preserve
|
||||
attitudes, perceptions, practices, and demands from real network case studies.
|
||||
The maximum benefit may be obtained from this book by working carefully through
|
||||
each exercise. You may be in a hurry to satisfy a specific need, so feel
|
||||
free to locate the example that most closely matches your need, copy it, and
|
||||
innovate as much as you like. Above all, enjoy the process of learning the
|
||||
secrets of MS Windows networking that is truly liberated by Samba.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The focus of attention in this book is Samba-3. Specific notes are made in
|
||||
respect of how Samba may be made secure. This book does not attempt to provide
|
||||
detailed information regarding secure operation and configuration of peripheral
|
||||
services and applications such as OpenLDAP, DNS and DHCP, the need for which
|
||||
can be met from other resources that are dedicated to the subject.
|
||||
</para>
|
||||
|
||||
<sect1>
|
||||
<title>Why Is This Book Necessary?</title>
|
||||
|
||||
<para>
|
||||
This book is the result of observations and feedback. The feedback from
|
||||
the Samba-HOWTO-Collection has been positive and complimentary. There
|
||||
have been requests for far more worked examples, a
|
||||
<quote>Samba Cookbook,</quote> and for training materials to
|
||||
help kick-start the process of mastering Samba.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The Samba mailing lists users have asked for sample configuration files
|
||||
that work. It is natural to question one's own ability to correctly
|
||||
configure a complex tool such as Samba until a minimum necessary
|
||||
knowledge level has been attained.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The Samba-HOWTO-Collection &smbmdash; as does <emphasis>The Official Samba-3 HOWTO and
|
||||
Reference Guide</emphasis> &smbmdash; documents Samba features and functionality in
|
||||
a topical context. This book takes a completely different approach. It
|
||||
walks through Samba network configurations that are working within particular
|
||||
environmental contexts, providing documented step-by-step implementations.
|
||||
All example case configuration files, scripts, and other tools are provided
|
||||
on the CD-ROM. This book is descriptive, provides detailed diagrams, and
|
||||
makes deployment of Samba-3 a breeze.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
<title>Samba 3.0.20 Update Edition</title>
|
||||
|
||||
<para>
|
||||
The Samba 3.0.x series has been remarkably popular. At the time this book first
|
||||
went to print samba-3.0.2 was being released. There have been significant modifications
|
||||
and enhancements between samba-3.0.2 and samba-3.0.14 (the current release) that
|
||||
necessitate this documentation update. This update has the specific intent to
|
||||
refocus this book so that its guidance can be followed for samba-3.0.20
|
||||
and beyond. Further changes are expected as Samba-3 matures further and will
|
||||
be reflected in future updates.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The changes shown in <link linkend="pref-new"/> are incorporated in this update.
|
||||
</para>
|
||||
|
||||
<table id="pref-new">
|
||||
<title>Samba Changes &smbmdash; 3.0.2 to 3.0.20</title>
|
||||
<tgroup cols="2">
|
||||
<colspec align="left"/>
|
||||
<colspec align="justify"/>
|
||||
<thead>
|
||||
<row>
|
||||
<entry align="left">
|
||||
<para>
|
||||
New Feature
|
||||
</para>
|
||||
</entry>
|
||||
<entry align="left">
|
||||
<para>
|
||||
Description
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>
|
||||
<para>
|
||||
Winbind Case Handling
|
||||
</para>
|
||||
</entry>
|
||||
<entry>
|
||||
<para>
|
||||
User and group names returned by <command>winbindd</command> are now converted to lower case
|
||||
for better consistency. Samba implementations that depend on the case of information returned
|
||||
by winbind (such as %u and %U) must now convert the dependency to expecting lower case values.
|
||||
This affects mail spool files, home directories, valid user lines in the &smb.conf; file, etc.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<para>
|
||||
Schema Changes
|
||||
</para>
|
||||
</entry>
|
||||
<entry>
|
||||
<para>
|
||||
Addition of code to handle password aging, password uniqueness controls, bad
|
||||
password instances at logon time, have made necessary extensions to the SambaSAM
|
||||
schema. This change affects all sites that use LDAP and means that the directory
|
||||
schema must be updated.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<para>
|
||||
Username Map Handling
|
||||
</para>
|
||||
</entry>
|
||||
<entry>
|
||||
<para>
|
||||
Samba-3.0.8 redefined the behavior: Local authentication results in a username map file
|
||||
lookup before authenticating the connection. All authentication via an external domain
|
||||
controller will result in the use of the fully qualified name (i.e.: DOMAIN\username)
|
||||
after the user has been successfully authenticated.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<para>
|
||||
UNIX Extension Handling
|
||||
</para>
|
||||
</entry>
|
||||
<entry>
|
||||
<para>
|
||||
Symbolically linked files and directories on the UNIX host to absolute paths will
|
||||
now be followed. This can be turned off using <quote>wide links = No</quote> in
|
||||
the share stanza in the &smb.conf; file. Turning off <quote>wide links</quote>
|
||||
support will degrade server performance because each path must be checked.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<para>
|
||||
Privileges Support
|
||||
</para>
|
||||
</entry>
|
||||
<entry>
|
||||
<para>
|
||||
Versions of Samba prior to samba-3.0.11 required the use of the UNIX <constant>root</constant>
|
||||
account from network Windows clients. The new <quote>enable privileges = Yes</quote> capability
|
||||
means that functions such as adding machines to the domain, managing printers, etc. can now
|
||||
be delegated to normal user accounts or to groups of users.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Prerequisites</title>
|
||||
|
||||
<para>
|
||||
This book is not a tutorial on UNIX or Linux administration. UNIX and Linux
|
||||
training is best obtained from books dedicated to the subject. This book
|
||||
assumes that you have at least the basic skill necessary to use these operating
|
||||
systems, and that you can use a basic system editor to edit and configure files.
|
||||
It has been written with the assumption that you have experience with Samba,
|
||||
have read <emphasis>The Official Samba-3 HOWTO and Reference Guide</emphasis> and
|
||||
the Samba-HOWTO-Collection, or that you have familiarity with Microsoft Windows.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you do not have this experience, you can follow the examples in this book but may
|
||||
find yourself at times intimidated by assumptions made. In this situation, you
|
||||
may need to refer to administrative guides or manuals for your operating system
|
||||
platform to find what is the best method to achieve what the text of this book describes.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Approach</title>
|
||||
|
||||
<para>
|
||||
The first chapter deals with some rather thorny network analysis issues. Do not be
|
||||
put off by this. The information you glean, even without a detailed understanding
|
||||
of network protocol analysis, can help you understand how Windows networking functions.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Each following chapter of this book opens with the description of a networking solution
|
||||
sought by a hypothetical site. Bob Jordan is a hypothetical decision maker
|
||||
for an imaginary company, <constant>Abmas Biz NL</constant>. We will use the
|
||||
non-existent domain name <constant>abmas.biz</constant>. All <emphasis>facts</emphasis>
|
||||
presented regarding this company are fictitious and have been drawn from a variety of real
|
||||
business scenarios over many years. Not one of these reveal the identify of the
|
||||
real-world company from which the scenario originated.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In any case, Mr. Jordan likes to give all his staff nasty little assignments.
|
||||
Stanley Saroka is one of his proteges; Christine Roberson is the network administrator
|
||||
Bob trusts. Jordan is inclined to treat other departments well because they finance
|
||||
Abmas IT operations.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Each chapter presents a summary of the network solution we have chosen to
|
||||
demonstrate together with a rationale to help you to understand the
|
||||
thought process that drove that solution. The chapter then documents in precise
|
||||
detail all configuration files and steps that must be taken to implement the
|
||||
example solution. Anyone wishing to gain serious value from this book will
|
||||
do well to take note of the implications of points made, so watch out for the
|
||||
<emphasis>this means that</emphasis> notations.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Each chapter has a set of questions and answers to help you to
|
||||
to understand and digest key attributes of the solutions presented.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Summary of Topics</title>
|
||||
|
||||
<para>
|
||||
The contents of this second edition of <emphasis>Samba-3 by Example</emphasis>
|
||||
have been rearranged based on feedback from purchasers of the first edition.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Clearly the first edition contained most of what was needed and that was missing
|
||||
from other books that cover this difficult subject. The new arrangement adds
|
||||
additional material to meet consumer requests and includes changes that originated
|
||||
as suggestions for improvement.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Chapter 1 now dives directly into the heart of the implementation of Windows
|
||||
file and print server networks that use Samba at the heart.
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>Chapter 1 &smbmdash; No Frills Samba Servers.</term><listitem>
|
||||
<para>
|
||||
Here you design a solution for three different business scenarios, each for a
|
||||
company called Abmas. There are two simple networking problems and one slightly
|
||||
more complex networking challenge. In the first two cases, Abmas has a small
|
||||
simple office, and they want to replace a Windows 9x peer-to-peer network. The
|
||||
third example business uses Windows 2000 Professional. This must be simple,
|
||||
so let's see how far we can get. If successful, Abmas grows quickly and
|
||||
soon needs to replace all servers and workstations.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; This chapter demands:
|
||||
<itemizedlist>
|
||||
<listitem><para>Case 1: The simplest &smb.conf; file that may
|
||||
reasonably be used. Works with Samba-2.x also. This
|
||||
configuration uses Share Mode security. Encrypted
|
||||
passwords are not used, so there is no
|
||||
<filename>smbpasswd</filename> file.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>Case 2: Another simple &smb.conf; file that adds
|
||||
WINS support and printing support. This case deals with
|
||||
a special requirement that demonstrates how to deal with
|
||||
purpose-built software that has a particular requirement
|
||||
for certain share names and printing demands. This
|
||||
configuration uses Share Mode security and also works with
|
||||
Samba-2.x. Encrypted passwords are not used, so there is no
|
||||
<filename>smbpasswd</filename> file.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>Case 3: This &smb.conf; configuration uses User Mode
|
||||
security. The file share configuration demonstrates
|
||||
the ability to provide master access to an administrator
|
||||
while restricting all staff to their own work areas.
|
||||
Encrypted passwords are used, so there is an implicit
|
||||
<filename>smbpasswd</filename> file.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 2 &smbmdash; Small Office Networking.</term><listitem>
|
||||
<para>
|
||||
Abmas is a successful company now. They have 50 network users
|
||||
and want a little more varoom from the network. This is a typical
|
||||
small office and they want better systems to help them to grow. This is
|
||||
your chance to really give advanced users a bit more functionality and usefulness.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file
|
||||
makes use of encrypted passwords, so there is an <filename>smbpasswd</filename>
|
||||
file. It also demonstrates use of the <parameter>valid users</parameter> and
|
||||
<parameter>valid groups</parameter> to restrict share access. The Windows
|
||||
clients access the server as Domain members. Mobile users log onto
|
||||
the Domain while in the office, but use a local machine account while on the
|
||||
road. The result is an environment that answers mobile computing user needs.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 3 &smbmdash; Secure Office Networking.</term><listitem>
|
||||
<para>
|
||||
Abmas is growing rapidly now. Money is a little tight, but with 130
|
||||
network users, security has become a concern. They have many new machines
|
||||
to install and the old equipment will be retired. This time they want the
|
||||
new network to scale and grow for at least two years. Start with a sufficient
|
||||
system and allow room for growth. You are now implementing an Internet
|
||||
connection and have a few reservations about user expectations.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file
|
||||
makes use of encrypted passwords, and you can use a <filename>tdbsam</filename>
|
||||
password backend. Domain logons are introduced. Applications are served from the central
|
||||
server. Roaming profiles are mandated. Access to the server is tightened up
|
||||
so that only domain members can access server resources. Mobile computing
|
||||
needs still are catered to.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 4 &smbmdash; The 500 User Office.</term><listitem>
|
||||
<para>
|
||||
The two-year projections were met. Congratulations, you are a star.
|
||||
Now Abmas needs to replace the network. Into the existing user base, they
|
||||
need to merge a 280-user company they just acquired. It is time to build a serious
|
||||
network. There are now three buildings on one campus and your assignment is
|
||||
to keep everyone working while a new network is rolled out. Oh, isn't it nice
|
||||
to roll out brand new clients and servers! Money is no longer tight, you get
|
||||
to buy and install what you ask for. You will install routers and a firewall.
|
||||
This is exciting!
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file
|
||||
makes use of encrypted passwords, and a <filename>tdbsam</filename>
|
||||
password backend is used. You are not ready to launch into LDAP yet, so you
|
||||
accept the limitation of having one central Domain Controller with a Domain
|
||||
Member server in two buildings on your campus. A number of clever techniques
|
||||
are used to demonstrate some of the smart options built into Samba.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 5 &smbmdash; Making Happy Users.</term><listitem>
|
||||
<para>
|
||||
Congratulations again. Abmas is happy with your services and you have been given another raise.
|
||||
Your users are becoming much more capable and are complaining about little
|
||||
things that need to be fixed. Are you up to the task? Mary says it takes her 20 minutes
|
||||
to log onto the network and it is killing her productivity. Email is a bit <emphasis>
|
||||
unreliable</emphasis> &smbmdash; have you been sleeping on the job? We do not discuss the
|
||||
technology of email but when the use of mail clients breaks because of networking
|
||||
problems, you had better get on top of it. It's time for a change.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file
|
||||
makes use of encrypted passwords; a distributed <filename>ldapsam</filename>
|
||||
password backend is used. Roaming profiles are enabled. Desktop profile controls
|
||||
are introduced. Check out the techniques that can improve the user experience
|
||||
of network performance. As a special bonus, this chapter documents how to configure
|
||||
smart downloading of printer drivers for drag-and-drop printing support. And, yes,
|
||||
the secret of configuring CUPS is clearly documented. Go for it; this one will
|
||||
tease you, too.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 6 &smbmdash; A Distributed 2000 User Network.</term><listitem>
|
||||
<para>
|
||||
Only eight months have passed, and Abmas has acquired another company. You now need to expand
|
||||
the network further. You have to deal with a network that spans several countries.
|
||||
There are three new networks in addition to the original three buildings at the head-office
|
||||
campus. The head office is in New York and you have branch offices in Washington, Los Angeles, and
|
||||
London. Your desktop standard is Windows XP Professional. In many ways, everything has changed
|
||||
and yet it must remain the same. Your team is primed for another roll-out. You know there are
|
||||
further challenges ahead.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; Slave LDAP servers are introduced. Samba is
|
||||
configured to use multiple LDAP backends. This is a brief chapter; it assumes that the
|
||||
technology has been mastered and gets right down to concepts and how to deploy them.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 7 &smbmdash; Adding UNIX/Linux Servers and Clients.</term><listitem>
|
||||
<para>
|
||||
Well done, Bob, your team has achieved much. Now help Abmas integrate the entire network.
|
||||
You want central control and central support and you need to cut costs. How can you reduce administrative
|
||||
overheads and yet get better control of the network?
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This chapter has been contributed by Mark Taylor <email>mark.taylor@siriusit.co.uk</email>
|
||||
and is based on a live site. For further information regarding this example case,
|
||||
please contact Mark directly.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; It is time to consider how to add Samba servers
|
||||
and UNIX and Linux network clients. Users who convert to Linux want to be able to log on
|
||||
using Windows network accounts. You explore nss_ldap, pam_ldap, winbind, and a few neat
|
||||
techniques for taking control. Are you ready for this?
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 8 &smbmdash; Updating Samba-3.</term><listitem>
|
||||
<para>
|
||||
This chapter is the result of repeated requests for better documentation of the steps
|
||||
that must be followed when updating or upgrading a Samba server. It attempts to cover
|
||||
the entire subject in broad-brush but at the same time provides detailed background
|
||||
information that is not covered elsewhere in the Samba documentation.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; Samba stores a lot of essential network
|
||||
information in a large and growing collection of files. This chapter documents the
|
||||
essentials of where those files may be located and how to find them. It also provides
|
||||
an insight into inter-related matters that affect a Samba installation.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 9 &smbmdash; Migrating NT4 Domain to Samba-3.</term><listitem>
|
||||
<para>
|
||||
Another six months have passed. Abmas has acquired yet another company. You will find a
|
||||
way to migrate all users off the old network onto the existing network without loss
|
||||
of passwords and will effect the change-over during one weekend. May the force (and caffeine) be with
|
||||
you, may you keep your back to the wind and may the sun shine on your face.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; This chapter demonstrates the use of
|
||||
the <command>net rpc migrate</command> facility using an LDAP ldapsam backend, and also
|
||||
using a tdbsam passdb backend. Both are much-asked-for examples of NT4 Domain migration.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 10 &smbmdash; Migrating NetWare 4.11 Server to Samba.</term><listitem>
|
||||
<para>
|
||||
Misty Stanley-Jones has contributed information that summarizes her experience at migration
|
||||
from a NetWare server to Samba-3.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; The documentation provided demonstrates
|
||||
how one site migrated from NetWare to Samba. Some alternatives tools are mentioned. These
|
||||
could be used to provide another pathway to a successful migration.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 11 &smbmdash; Active Directory, Kerberos and Security.</term><listitem>
|
||||
<para>
|
||||
Abmas has acquired another company that has just migrated to running Windows Server 2003 and
|
||||
Active Directory. One of your staff makes offhand comments that land you in hot water.
|
||||
A network security auditor is hired by the head of the new business and files a damning
|
||||
report, and you must address the <emphasis>defects</emphasis> reported. You have hired new
|
||||
network engineers who want to replace Microsoft Active Directory with a pure Kerberos
|
||||
solution. How will you handle this?
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; This chapter is your answer. Learn about
|
||||
share access controls, proper use of UNIX/Linux file system access controls, and Windows
|
||||
200x Access Control Lists. Follow these steps to beat the critics.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 12 &smbmdash; Integrating Additional Services.</term><listitem>
|
||||
<para>
|
||||
The battle is almost over, Samba-3 has won the day. Your team are delighted and now you
|
||||
find yourself at yet another cross-roads. Abmas have acquired a snack food business, you
|
||||
made promises you must keep. IT costs must be reduced, you have new resistance, but you
|
||||
will win again. This time you choose to install the Squid proxy server to validate the
|
||||
fact that Samba is far more than just a file and print server. SPNEGO authentication
|
||||
support means that your Microsoft Windows clients gain transparent proxy access.
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; Samba provides the <command>ntlm_auth</command>
|
||||
module that makes it possible for MS Windows Internet Explorer to connect via the Squid Web
|
||||
and FTP proxy server. You will configure Samba-3 as well as Squid to deliver authenticated
|
||||
access control using the Active Directory Domain user security credentials.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 13 &smbmdash; Performance, Reliability and Availability.</term><listitem>
|
||||
<para>
|
||||
Bob, are you sure the new Samba server is up to the load? Your network is serving many
|
||||
users who risk becoming unproductive. What can you do to keep ahead of demand? Can you
|
||||
keep the cost under control also? What can go wrong?
|
||||
</para>
|
||||
|
||||
<para><emphasis>TechInfo</emphasis> &smbmdash; Hot tips that put chili into your
|
||||
network. Avoid name resolution problems, identify potential causes of network collisions,
|
||||
avoid Samba configuration options that will weigh the server down. MS distributed file
|
||||
services to make your network fly and much more. This chapter contains a good deal of
|
||||
<quote>Did I tell you about this...?</quote> type of hints to help keep your name on the top
|
||||
performers list.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 14 &smbmdash; Samba Support.</term><listitem>
|
||||
<para>
|
||||
This chapter has been added specifically to help those who are seeking professional
|
||||
paid support for Samba. The critics of Open Source Software often assert that
|
||||
there is no support for free software. Some critics argue that free software
|
||||
undermines the service that proprietary commercial software vendors depend on.
|
||||
This chapter explains what are the support options for Samba and the fact that
|
||||
a growing number of businesses make money by providing commercial paid-for
|
||||
Samba support.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 15 &smbmdash; A Collection of Useful Tid-bits.</term><listitem>
|
||||
<para>
|
||||
Sometimes it seems that there is not a good place for certain odds and ends that
|
||||
impact Samba deployment. Some readers would argue that everyone can be expected
|
||||
to know this information, or at least be able to find it easily. So to avoid
|
||||
offending a reader's sensitivities, the tid-bits have been placed in this chapter.
|
||||
Do check out the contents, you may find something of value among the loose ends.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Chapter 16 &smbmdash; Windows Networking Primer.</term><listitem>
|
||||
<para>
|
||||
Here we cover practical exercises to help us to understand how MS Windows
|
||||
network protocols function. A network protocol analyzer helps you to
|
||||
appreciate the fact that Windows networking is highly dependent on broadcast
|
||||
messaging. Additionally, you can look into network packets that a Windows
|
||||
client sends to a network server to set up a network connection. On completion,
|
||||
you should have a basic understanding of how network browsing functions and
|
||||
have seen some of the information a Windows client sends to
|
||||
a file and print server to create a connection over which file and print
|
||||
operations may take place.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</sect1>
|
||||
|
||||
<!-- the conventions used in this book -->
|
||||
<xi:include href="conventions.xml" xmlns:xi="http://www.w3.org/2003/XInclude" />
|
||||
|
||||
</preface>
|
||||
|
60
docs-xml/Samba3-ByExample/conventions.xml
Normal file
@ -0,0 +1,60 @@
|
||||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!DOCTYPE sect1 PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
|
||||
<sect1>
|
||||
<title>Conventions Used</title>
|
||||
|
||||
<para>
|
||||
The following notation conventions are used throughout this book:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
TOSHARG2 is used as an abbreviation for the book, <quote>The Official Samba-3
|
||||
HOWTO and Reference Guide, Second Edition</quote> Editors: John H. Terpstra and Jelmer R. Vernooij,
|
||||
Publisher: Prentice Hall, ISBN: 0131882228.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
S3bE2 is used as an abbreviation for the book, <quote>Samba-3 by Example, Second Edition</quote>
|
||||
Editors: John H. Terpstra, Publisher: Prentice Hall, ISBN: 013188221X.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Directories and filenames appear in mono-font. For example,
|
||||
<filename>/etc/pam.conf</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Executable names are bolded. For example, <command>smbd</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Menu items and buttons appear in bold. For example, click <guibutton>Next</guibutton>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Selecting a menu item is indicated as:
|
||||
<menuchoice>
|
||||
<guimenu>Start</guimenu>
|
||||
<guimenuitem>Control Panel</guimenuitem>
|
||||
<guimenuitem>Administrative Tools</guimenuitem>
|
||||
<guimenuitem>Active Directory Users and Computers</guimenuitem>
|
||||
</menuchoice>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
</sect1>
|
||||
|
836
docs-xml/Samba3-ByExample/gpl-3.0.xml
Normal file
@ -0,0 +1,836 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
||||
<appendix>
|
||||
<title>
|
||||
<acronym>GNU</acronym> General Public License version 3
|
||||
</title>
|
||||
<para>
|
||||
Version 3, 29 June 2007
|
||||
</para>
|
||||
<para>
|
||||
Copyright © 2007 Free Software Foundation, Inc.
|
||||
<ulink url="http://fsf.org/">http://fsf.org/</ulink>
|
||||
</para>
|
||||
<para>
|
||||
Everyone is permitted to copy and distribute verbatim copies of this license
|
||||
document, but changing it is not allowed.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
Preamble
|
||||
</bridgehead>
|
||||
<para>
|
||||
The <acronym>GNU</acronym> General Public License is a free, copyleft
|
||||
license for software and other kinds of works.
|
||||
</para>
|
||||
<para>
|
||||
The licenses for most software and other practical works are designed to
|
||||
take away your freedom to share and change the works. By contrast, the
|
||||
<acronym>GNU</acronym> General Public License is intended to guarantee your
|
||||
freedom to share and change all versions of a program—to make sure it
|
||||
remains free software for all its users. We, the Free Software Foundation,
|
||||
use the <acronym>GNU</acronym> General Public License for most of our
|
||||
software; it applies also to any other work released this way by its
|
||||
authors. You can apply it to your programs, too.
|
||||
</para>
|
||||
<para>
|
||||
When we speak of free software, we are referring to freedom, not price. Our
|
||||
General Public Licenses are designed to make sure that you have the freedom
|
||||
to distribute copies of free software (and charge for them if you wish),
|
||||
that you receive source code or can get it if you want it, that you can
|
||||
change the software or use pieces of it in new free programs, and that you
|
||||
know you can do these things.
|
||||
</para>
|
||||
<para>
|
||||
To protect your rights, we need to prevent others from denying you these
|
||||
rights or asking you to surrender the rights. Therefore, you have certain
|
||||
responsibilities if you distribute copies of the software, or if you modify
|
||||
it: responsibilities to respect the freedom of others.
|
||||
</para>
|
||||
<para>
|
||||
For example, if you distribute copies of such a program, whether gratis or
|
||||
for a fee, you must pass on to the recipients the same freedoms that you
|
||||
received. You must make sure that they, too, receive or can get the source
|
||||
code. And you must show them these terms so they know their rights.
|
||||
</para>
|
||||
<para>
|
||||
Developers that use the <acronym>GNU</acronym> <acronym>GPL</acronym>
|
||||
protect your rights with two steps: (1) assert copyright on the software,
|
||||
and (2) offer you this License giving you legal permission to copy,
|
||||
distribute and/or modify it.
|
||||
</para>
|
||||
<para>
|
||||
For the developers’ and authors’ protection, the
|
||||
<acronym>GPL</acronym> clearly explains that there is no warranty for this
|
||||
free software. For both users’ and authors’ sake, the
|
||||
<acronym>GPL</acronym> requires that modified versions be marked as changed,
|
||||
so that their problems will not be attributed erroneously to authors of
|
||||
previous versions.
|
||||
</para>
|
||||
<para>
|
||||
Some devices are designed to deny users access to install or run modified
|
||||
versions of the software inside them, although the manufacturer can do so.
|
||||
This is fundamentally incompatible with the aim of protecting users’
|
||||
freedom to change the software. The systematic pattern of such abuse occurs
|
||||
in the area of products for individuals to use, which is precisely where it
|
||||
is most unacceptable. Therefore, we have designed this version of the
|
||||
<acronym>GPL</acronym> to prohibit the practice for those products. If such
|
||||
problems arise substantially in other domains, we stand ready to extend this
|
||||
provision to those domains in future versions of the <acronym>GPL</acronym>,
|
||||
as needed to protect the freedom of users.
|
||||
</para>
|
||||
<para>
|
||||
Finally, every program is threatened constantly by software patents. States
|
||||
should not allow patents to restrict development and use of software on
|
||||
general-purpose computers, but in those that do, we wish to avoid the
|
||||
special danger that patents applied to a free program could make it
|
||||
effectively proprietary. To prevent this, the <acronym>GPL</acronym>
|
||||
assures that patents cannot be used to render the program non-free.
|
||||
</para>
|
||||
<para>
|
||||
The precise terms and conditions for copying, distribution and modification
|
||||
follow.
|
||||
</para>
|
||||
<bridgehead>
|
||||
TERMS AND CONDITIONS
|
||||
</bridgehead>
|
||||
<bridgehead renderas="sect1">
|
||||
0. Definitions.
|
||||
</bridgehead>
|
||||
<para>
|
||||
“This License” refers to version 3 of the <acronym>GNU</acronym>
|
||||
General Public License.
|
||||
</para>
|
||||
<para>
|
||||
“Copyright” also means copyright-like laws that apply to other
|
||||
kinds of works, such as semiconductor masks.
|
||||
</para>
|
||||
<para>
|
||||
“The Program” refers to any copyrightable work licensed under
|
||||
this License. Each licensee is addressed as “you”.
|
||||
“Licensees” and “recipients” may be individuals or
|
||||
organizations.
|
||||
</para>
|
||||
<para>
|
||||
To “modify” a work means to copy from or adapt all or part of
|
||||
the work in a fashion requiring copyright permission, other than the making
|
||||
of an exact copy. The resulting work is called a “modified
|
||||
version” of the earlier work or a work “based on” the
|
||||
earlier work.
|
||||
</para>
|
||||
<para>
|
||||
A “covered work” means either the unmodified Program or a work
|
||||
based on the Program.
|
||||
</para>
|
||||
<para>
|
||||
To “propagate” a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for infringement
|
||||
under applicable copyright law, except executing it on a computer or
|
||||
modifying a private copy. Propagation includes copying, distribution (with
|
||||
or without modification), making available to the public, and in some
|
||||
countries other activities as well.
|
||||
</para>
|
||||
<para>
|
||||
To “convey” a work means any kind of propagation that enables
|
||||
other parties to make or receive copies. Mere interaction with a user
|
||||
through a computer network, with no transfer of a copy, is not conveying.
|
||||
</para>
|
||||
<para>
|
||||
An interactive user interface displays “Appropriate Legal
|
||||
Notices” to the extent that it includes a convenient and prominently
|
||||
visible feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the extent
|
||||
that warranties are provided), that licensees may convey the work under this
|
||||
License, and how to view a copy of this License. If the interface presents
|
||||
a list of user commands or options, such as a menu, a prominent item in the
|
||||
list meets this criterion.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
1. Source Code.
|
||||
</bridgehead>
|
||||
<para>
|
||||
The “source code” for a work means the preferred form of the
|
||||
work for making modifications to it. “Object code” means any
|
||||
non-source form of a work.
|
||||
</para>
|
||||
<para>
|
||||
A “Standard Interface” means an interface that either is an
|
||||
official standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that is
|
||||
widely used among developers working in that language.
|
||||
</para>
|
||||
<para>
|
||||
The “System Libraries” of an executable work include anything,
|
||||
other than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major Component,
|
||||
and (b) serves only to enable use of the work with that Major Component, or
|
||||
to implement a Standard Interface for which an implementation is available
|
||||
to the public in source code form. A “Major Component”, in this
|
||||
context, means a major essential component (kernel, window system, and so
|
||||
on) of the specific operating system (if any) on which the executable work
|
||||
runs, or a compiler used to produce the work, or an object code interpreter
|
||||
used to run it.
|
||||
</para>
|
||||
<para>
|
||||
The “Corresponding Source” for a work in object code form means
|
||||
all the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work’s
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but which
|
||||
are not part of the work. For example, Corresponding Source includes
|
||||
interface definition files associated with source files for the work, and
|
||||
the source code for shared libraries and dynamically linked subprograms that
|
||||
the work is specifically designed to require, such as by intimate data
|
||||
communication or control flow between those subprograms and other parts of
|
||||
the work.
|
||||
</para>
|
||||
<para>
|
||||
The Corresponding Source need not include anything that users can regenerate
|
||||
automatically from other parts of the Corresponding Source.
|
||||
</para>
|
||||
<para>
|
||||
The Corresponding Source for a work in source code form is that same work.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
2. Basic Permissions.
|
||||
</bridgehead>
|
||||
<para>
|
||||
All rights granted under this License are granted for the term of copyright
|
||||
on the Program, and are irrevocable provided the stated conditions are met.
|
||||
This License explicitly affirms your unlimited permission to run the
|
||||
unmodified Program. The output from running a covered work is covered by
|
||||
this License only if the output, given its content, constitutes a covered
|
||||
work. This License acknowledges your rights of fair use or other
|
||||
equivalent, as provided by copyright law.
|
||||
</para>
|
||||
<para>
|
||||
You may make, run and propagate covered works that you do not convey,
|
||||
without conditions so long as your license otherwise remains in force. You
|
||||
may convey covered works to others for the sole purpose of having them make
|
||||
modifications exclusively for you, or provide you with facilities for
|
||||
running those works, provided that you comply with the terms of this License
|
||||
in conveying all material for which you do not control copyright. Those
|
||||
thus making or running the covered works for you must do so exclusively on
|
||||
your behalf, under your direction and control, on terms that prohibit them
|
||||
from making any copies of your copyrighted material outside their
|
||||
relationship with you.
|
||||
</para>
|
||||
<para>
|
||||
Conveying under any other circumstances is permitted solely under the
|
||||
conditions stated below. Sublicensing is not allowed; section 10 makes it
|
||||
unnecessary.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
3. Protecting Users’ Legal Rights From Anti-Circumvention Law.
|
||||
</bridgehead>
|
||||
<para>
|
||||
No covered work shall be deemed part of an effective technological measure
|
||||
under any applicable law fulfilling obligations under article 11 of the WIPO
|
||||
copyright treaty adopted on 20 December 1996, or similar laws prohibiting or
|
||||
restricting circumvention of such measures.
|
||||
</para>
|
||||
<para>
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such circumvention is
|
||||
effected by exercising rights under this License with respect to the covered
|
||||
work, and you disclaim any intention to limit operation or modification of
|
||||
the work as a means of enforcing, against the work’s users, your or
|
||||
third parties’ legal rights to forbid circumvention of technological
|
||||
measures.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
4. Conveying Verbatim Copies.
|
||||
</bridgehead>
|
||||
<para>
|
||||
You may convey verbatim copies of the Program’s source code as you
|
||||
receive it, in any medium, provided that you conspicuously and appropriately
|
||||
publish on each copy an appropriate copyright notice; keep intact all
|
||||
notices stating that this License and any non-permissive terms added in
|
||||
accord with section 7 apply to the code; keep intact all notices of the
|
||||
absence of any warranty; and give all recipients a copy of this License
|
||||
along with the Program.
|
||||
</para>
|
||||
<para>
|
||||
You may charge any price or no price for each copy that you convey, and you
|
||||
may offer support or warranty protection for a fee.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
5. Conveying Modified Source Versions.
|
||||
</bridgehead>
|
||||
<para>
|
||||
You may convey a work based on the Program, or the modifications to produce
|
||||
it from the Program, in the form of source code under the terms of section
|
||||
4, provided that you also meet all of these conditions:
|
||||
</para>
|
||||
<orderedlist numeration="loweralpha">
|
||||
<listitem>
|
||||
<para>
|
||||
The work must carry prominent notices stating that you modified it, and
|
||||
giving a relevant date.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The work must carry prominent notices stating that it is released under
|
||||
this License and any conditions added under section 7. This requirement
|
||||
modifies the requirement in section 4 to “keep intact all
|
||||
notices”.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
You must license the entire work, as a whole, under this License to
|
||||
anyone who comes into possession of a copy. This License will therefore
|
||||
apply, along with any applicable section 7 additional terms, to the
|
||||
whole of the work, and all its parts, regardless of how they are
|
||||
packaged. This License gives no permission to license the work in any
|
||||
other way, but it does not invalidate such permission if you have
|
||||
separately received it.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your work need
|
||||
not make them do so.
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
<para>
|
||||
A compilation of a covered work with other separate and independent works,
|
||||
which are not by their nature extensions of the covered work, and which are
|
||||
not combined with it such as to form a larger program, in or on a volume of
|
||||
a storage or distribution medium, is called an “aggregate” if
|
||||
the compilation and its resulting copyright are not used to limit the access
|
||||
or legal rights of the compilation’s users beyond what the individual works
|
||||
permit. Inclusion of a covered work in an aggregate does not cause
|
||||
this License to apply to the other parts of the aggregate.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
6. Conveying Non-Source Forms.
|
||||
</bridgehead>
|
||||
<para>
|
||||
You may convey a covered work in object code form under the terms of
|
||||
sections 4 and 5, provided that you also convey the machine-readable
|
||||
Corresponding Source under the terms of this License, in one of these ways:
|
||||
</para>
|
||||
<orderedlist numeration="loweralpha">
|
||||
<listitem>
|
||||
<para>
|
||||
Convey the object code in, or embodied in, a physical product (including
|
||||
a physical distribution medium), accompanied by the Corresponding Source
|
||||
fixed on a durable physical medium customarily used for software
|
||||
interchange.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Convey the object code in, or embodied in, a physical product (including
|
||||
a physical distribution medium), accompanied by a written offer, valid
|
||||
for at least three years and valid for as long as you offer spare parts
|
||||
or customer support for that product model, to give anyone who possesses
|
||||
the object code either (1) a copy of the Corresponding Source for all
|
||||
the software in the product that is covered by this License, on a
|
||||
durable physical medium customarily used for software interchange, for a
|
||||
price no more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the Corresponding Source from
|
||||
a network server at no charge.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Convey individual copies of the object code with a copy of the written
|
||||
offer to provide the Corresponding Source. This alternative is allowed
|
||||
only occasionally and noncommercially, and only if you received the
|
||||
object code with such an offer, in accord with subsection 6b.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Convey the object code by offering access from a designated place
|
||||
(gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to copy
|
||||
the object code is a network server, the Corresponding Source may be on
|
||||
a different server (operated by you or a third party) that supports
|
||||
equivalent copying facilities, provided you maintain clear directions
|
||||
next to the object code saying where to find the Corresponding Source.
|
||||
Regardless of what server hosts the Corresponding Source, you remain
|
||||
obligated to ensure that it is available for as long as needed to
|
||||
satisfy these requirements.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Convey the object code using peer-to-peer transmission, provided you
|
||||
inform other peers where the object code and Corresponding Source of the
|
||||
work are being offered to the general public at no charge under
|
||||
subsection 6d.
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
<para>
|
||||
A separable portion of the object code, whose source code is excluded from
|
||||
the Corresponding Source as a System Library, need not be included in
|
||||
conveying the object code work.
|
||||
</para>
|
||||
<para>
|
||||
A “User Product” is either (1) a “consumer product”,
|
||||
which means any tangible personal property which is normally used for
|
||||
personal, family, or household purposes, or (2) anything designed or sold
|
||||
for incorporation into a dwelling. In determining whether a product is a
|
||||
consumer product, doubtful cases shall be resolved in favor of coverage.
|
||||
For a particular product received by a particular user, “normally
|
||||
used” refers to a typical or common use of that class of product,
|
||||
regardless of the status of the particular user or of the way in which the
|
||||
particular user actually uses, or expects or is expected to use, the
|
||||
product. A product is a consumer product regardless of whether the product
|
||||
has substantial commercial, industrial or non-consumer uses, unless such
|
||||
uses represent the only significant mode of use of the product.
|
||||
</para>
|
||||
<para>
|
||||
“Installation Information” for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to install and
|
||||
execute modified versions of a covered work in that User Product from a
|
||||
modified version of its Corresponding Source. The information must suffice
|
||||
to ensure that the continued functioning of the modified object code is in
|
||||
no case prevented or interfered with solely because modification has been
|
||||
made.
|
||||
</para>
|
||||
<para>
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as part of
|
||||
a transaction in which the right of possession and use of the User Product
|
||||
is transferred to the recipient in perpetuity or for a fixed term
|
||||
(regardless of how the transaction is characterized), the Corresponding
|
||||
Source conveyed under this section must be accompanied by the Installation
|
||||
Information. But this requirement does not apply if neither you nor any
|
||||
third party retains the ability to install modified object code on the User
|
||||
Product (for example, the work has been installed in
|
||||
<acronym>ROM</acronym>).
|
||||
</para>
|
||||
<para>
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or updates for
|
||||
a work that has been modified or installed by the recipient, or for the User
|
||||
Product in which it has been modified or installed. Access to a network may
|
||||
be denied when the modification itself materially and adversely affects the
|
||||
operation of the network or violates the rules and protocols for
|
||||
communication across the network.
|
||||
</para>
|
||||
<para>
|
||||
Corresponding Source conveyed, and Installation Information provided, in
|
||||
accord with this section must be in a format that is publicly documented
|
||||
(and with an implementation available to the public in source code form),
|
||||
and must require no special password or key for unpacking, reading or
|
||||
copying.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
7. Additional Terms.
|
||||
</bridgehead>
|
||||
<para>
|
||||
“Additional permissions” are terms that supplement the terms of
|
||||
this License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall be
|
||||
treated as though they were included in this License, to the extent that
|
||||
they are valid under applicable law. If additional permissions apply only
|
||||
to part of the Program, that part may be used separately under those
|
||||
permissions, but the entire Program remains governed by this License
|
||||
without regard to the additional permissions.
|
||||
</para>
|
||||
<para>
|
||||
When you convey a copy of a covered work, you may at your option remove any
|
||||
additional permissions from that copy, or from any part of it. (Additional
|
||||
permissions may be written to require their own removal in certain cases
|
||||
when you modify the work.) You may place additional permissions on
|
||||
material, added by you to a covered work, for which you have or can give
|
||||
appropriate copyright permission.
|
||||
</para>
|
||||
<para>
|
||||
Notwithstanding any other provision of this License, for material you add
|
||||
to a covered work, you may (if authorized by the copyright holders of that
|
||||
material) supplement the terms of this License with terms:
|
||||
</para>
|
||||
<orderedlist numeration="loweralpha">
|
||||
<listitem>
|
||||
<para>
|
||||
Disclaiming warranty or limiting liability differently from the terms
|
||||
of sections 15 and 16 of this License; or
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Requiring preservation of specified reasonable legal notices or author
|
||||
attributions in that material or in the Appropriate Legal Notices
|
||||
displayed by works containing it; or
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Prohibiting misrepresentation of the origin of that material, or
|
||||
requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Limiting the use for publicity purposes of names of licensors or
|
||||
authors of the material; or
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Declining to grant rights under trademark law for use of some trade
|
||||
names, trademarks, or service marks; or
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Requiring indemnification of licensors and authors of that material by
|
||||
anyone who conveys the material (or modified versions of it) with
|
||||
contractual assumptions of liability to the recipient, for any
|
||||
liability that these contractual assumptions directly impose on those
|
||||
licensors and authors.
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
<para>
|
||||
All other non-permissive additional terms are considered “further
|
||||
restrictions” within the meaning of section 10. If the Program as
|
||||
you received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further restriction,
|
||||
you may remove that term. If a license document contains a further
|
||||
restriction but permits relicensing or conveying under this License, you
|
||||
may add to a covered work material governed by the terms of that license
|
||||
document, provided that the further restriction does not survive such
|
||||
relicensing or conveying.
|
||||
</para>
|
||||
<para>
|
||||
If you add terms to a covered work in accord with this section, you must
|
||||
place, in the relevant source files, a statement of the additional terms
|
||||
that apply to those files, or a notice indicating where to find the
|
||||
applicable terms.
|
||||
</para>
|
||||
<para>
|
||||
Additional terms, permissive or non-permissive, may be stated in the form
|
||||
of a separately written license, or stated as exceptions; the above
|
||||
requirements apply either way.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
8. Termination.
|
||||
</bridgehead>
|
||||
<para>
|
||||
You may not propagate or modify a covered work except as expressly provided
|
||||
under this License. Any attempt otherwise to propagate or modify it is
|
||||
void, and will automatically terminate your rights under this License
|
||||
(including any patent licenses granted under the third paragraph of section
|
||||
11).
|
||||
</para>
|
||||
<para>
|
||||
However, if you cease all violation of this License, then your license from
|
||||
a particular copyright holder is reinstated (a) provisionally, unless and
|
||||
until the copyright holder explicitly and finally terminates your license,
|
||||
and (b) permanently, if the copyright holder fails to notify you of the
|
||||
violation by some reasonable means prior to 60 days after the cessation.
|
||||
</para>
|
||||
<para>
|
||||
Moreover, your license from a particular copyright holder is reinstated
|
||||
permanently if the copyright holder notifies you of the violation by some
|
||||
reasonable means, this is the first time you have received notice of
|
||||
violation of this License (for any work) from that copyright holder, and
|
||||
you cure the violation prior to 30 days after your receipt of the notice.
|
||||
</para>
|
||||
<para>
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under this
|
||||
License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
9. Acceptance Not Required for Having Copies.
|
||||
</bridgehead>
|
||||
<para>
|
||||
You are not required to accept this License in order to receive or run a
|
||||
copy of the Program. Ancillary propagation of a covered work occurring
|
||||
solely as a consequence of using peer-to-peer transmission to receive a
|
||||
copy likewise does not require acceptance. However, nothing other than
|
||||
this License grants you permission to propagate or modify any covered work.
|
||||
These actions infringe copyright if you do not accept this License.
|
||||
Therefore, by modifying or propagating a covered work, you indicate your
|
||||
acceptance of this License to do so.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
10. Automatic Licensing of Downstream Recipients.
|
||||
</bridgehead>
|
||||
<para>
|
||||
Each time you convey a covered work, the recipient automatically receives a
|
||||
license from the original licensors, to run, modify and propagate that
|
||||
work, subject to this License. You are not responsible for enforcing
|
||||
compliance by third parties with this License.
|
||||
</para>
|
||||
<para>
|
||||
An “entity transaction” is a transaction transferring control
|
||||
of an organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered work
|
||||
results from an entity transaction, each party to that transaction who
|
||||
receives a copy of the work also receives whatever licenses to the work the
|
||||
party’s predecessor in interest had or could give under the previous
|
||||
paragraph, plus a right to possession of the Corresponding Source of the
|
||||
work from the predecessor in interest, if the predecessor has it or can get
|
||||
it with reasonable efforts.
|
||||
</para>
|
||||
<para>
|
||||
You may not impose any further restrictions on the exercise of the rights
|
||||
granted or affirmed under this License. For example, you may not impose a
|
||||
license fee, royalty, or other charge for exercise of rights granted under
|
||||
this License, and you may not initiate litigation (including a cross-claim
|
||||
or counterclaim in a lawsuit) alleging that any patent claim is infringed
|
||||
by making, using, selling, offering for sale, or importing the Program or
|
||||
any portion of it.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
11. Patents.
|
||||
</bridgehead>
|
||||
<para>
|
||||
A “contributor” is a copyright holder who authorizes use under
|
||||
this License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor’s “contributor
|
||||
version”.
|
||||
</para>
|
||||
<para>
|
||||
A contributor’s “essential patent claims” are all patent
|
||||
claims owned or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted by
|
||||
this License, of making, using, or selling its contributor version, but do
|
||||
not include claims that would be infringed only as a consequence of further
|
||||
modification of the contributor version. For purposes of this definition,
|
||||
“control” includes the right to grant patent sublicenses in a
|
||||
manner consistent with the requirements of this License.
|
||||
</para>
|
||||
<para>
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free patent
|
||||
license under the contributor’s essential patent claims, to make, use,
|
||||
sell, offer for sale, import and otherwise run, modify and propagate the
|
||||
contents of its contributor version.
|
||||
</para>
|
||||
<para>
|
||||
In the following three paragraphs, a “patent license” is any
|
||||
express agreement or commitment, however denominated, not to enforce a
|
||||
patent (such as an express permission to practice a patent or covenant not
|
||||
to sue for patent infringement). To “grant” such a patent
|
||||
license to a party means to make such an agreement or commitment not to
|
||||
enforce a patent against the party.
|
||||
</para>
|
||||
<para>
|
||||
If you convey a covered work, knowingly relying on a patent license, and the
|
||||
Corresponding Source of the work is not available for anyone to copy, free
|
||||
of charge and under the terms of this License, through a publicly available
|
||||
network server or other readily accessible means, then you must either (1)
|
||||
cause the Corresponding Source to be so available, or (2) arrange to deprive
|
||||
yourself of the benefit of the patent license for this particular work, or
|
||||
(3) arrange, in a manner consistent with the requirements of this License,
|
||||
to extend the patent license to downstream recipients. “Knowingly
|
||||
relying” means you have actual knowledge that, but for the patent
|
||||
license, your conveying the covered work in a country, or your
|
||||
recipient’s use of the covered work in a country, would infringe one
|
||||
or more identifiable patents in that country that you have reason to believe
|
||||
are valid.
|
||||
</para>
|
||||
<para>
|
||||
If, pursuant to or in connection with a single transaction or arrangement,
|
||||
you convey, or propagate by procuring conveyance of, a covered work, and
|
||||
grant a patent license to some of the parties receiving the covered work
|
||||
authorizing them to use, propagate, modify or convey a specific copy of the
|
||||
covered work, then the patent license you grant is automatically extended to
|
||||
all recipients of the covered work and works based on it.
|
||||
</para>
|
||||
<para>
|
||||
A patent license is “discriminatory” if it does not include
|
||||
within the scope of its coverage, prohibits the exercise of, or is
|
||||
conditioned on the non-exercise of one or more of the rights that are
|
||||
specifically granted under this License. You may not convey a covered work
|
||||
if you are a party to an arrangement with a third party that is in the
|
||||
business of distributing software, under which you make payment to the third
|
||||
party based on the extent of your activity of conveying the work, and under
|
||||
which the third party grants, to any of the parties who would receive the
|
||||
covered work from you, a discriminatory patent license (a) in connection
|
||||
with copies of the covered work conveyed by you (or copies made from those
|
||||
copies), or (b) primarily for and in connection with specific products or
|
||||
compilations that contain the covered work, unless you entered into that
|
||||
arrangement, or that patent license was granted, prior to 28 March 2007.
|
||||
</para>
|
||||
<para>
|
||||
Nothing in this License shall be construed as excluding or limiting any
|
||||
implied license or other defenses to infringement that may otherwise be
|
||||
available to you under applicable patent law.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
12. No Surrender of Others’ Freedom.
|
||||
</bridgehead>
|
||||
<para>
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you may
|
||||
not convey it at all. For example, if you agree to terms that obligate you
|
||||
to collect a royalty for further conveying from those to whom you convey the
|
||||
Program, the only way you could satisfy both those terms and this License
|
||||
would be to refrain entirely from conveying the Program.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
13. Use with the <acronym>GNU</acronym> Affero General Public License.
|
||||
</bridgehead>
|
||||
<para>
|
||||
Notwithstanding any other provision of this License, you have permission to
|
||||
link or combine any covered work with a work licensed under version 3 of the
|
||||
<acronym>GNU</acronym> Affero General Public License into a single combined
|
||||
work, and to convey the resulting work. The terms of this License will
|
||||
continue to apply to the part which is the covered work, but the special
|
||||
requirements of the <acronym>GNU</acronym> Affero General Public License,
|
||||
section 13, concerning interaction through a network will apply to the
|
||||
combination as such.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
14. Revised Versions of this License.
|
||||
</bridgehead>
|
||||
<para>
|
||||
The Free Software Foundation may publish revised and/or new versions of the
|
||||
<acronym>GNU</acronym> General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may differ in
|
||||
detail to address new problems or concerns.
|
||||
</para>
|
||||
<para>
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies that a certain numbered version of the <acronym>GNU</acronym>
|
||||
General Public License “or any later version” applies to it, you
|
||||
have the option of following the terms and conditions either of that
|
||||
numbered version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
<acronym>GNU</acronym> General Public License, you may choose any version
|
||||
ever published by the Free Software Foundation.
|
||||
</para>
|
||||
<para>
|
||||
If the Program specifies that a proxy can decide which future versions of
|
||||
the <acronym>GNU</acronym> General Public License can be used, that
|
||||
proxy’s public statement of acceptance of a version permanently
|
||||
authorizes you to choose that version for the Program.
|
||||
</para>
|
||||
<para>
|
||||
Later license versions may give you additional or different permissions.
|
||||
However, no additional obligations are imposed on any author or copyright
|
||||
holder as a result of your choosing to follow a later version.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
15. Disclaimer of Warranty.
|
||||
</bridgehead>
|
||||
<para>
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
|
||||
LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
||||
OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF
|
||||
ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH
|
||||
YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
|
||||
NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
16. Limitation of Liability.
|
||||
</bridgehead>
|
||||
<para>
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
|
||||
ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE
|
||||
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE
|
||||
OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA
|
||||
OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGES.
|
||||
</para>
|
||||
<bridgehead renderas="sect1">
|
||||
17. Interpretation of Sections 15 and 16.
|
||||
</bridgehead>
|
||||
<para>
|
||||
If the disclaimer of warranty and limitation of liability provided above
|
||||
cannot be given local legal effect according to their terms, reviewing
|
||||
courts shall apply local law that most closely approximates an absolute
|
||||
waiver of all civil liability in connection with the Program, unless a
|
||||
warranty or assumption of liability accompanies a copy of the Program in
|
||||
return for a fee.
|
||||
</para>
|
||||
<bridgehead>
|
||||
END OF TERMS AND CONDITIONS
|
||||
</bridgehead>
|
||||
<bridgehead renderas="sect1">
|
||||
How to Apply These Terms to Your New Programs
|
||||
</bridgehead>
|
||||
<para>
|
||||
If you develop a new program, and you want it to be of the greatest possible
|
||||
use to the public, the best way to achieve this is to make it free software
|
||||
which everyone can redistribute and change under these terms.
|
||||
</para>
|
||||
<para>
|
||||
To do so, attach the following notices to the program. It is safest to
|
||||
attach them to the start of each source file to most effectively state the
|
||||
exclusion of warranty; and each file should have at least the
|
||||
“copyright” line and a pointer to where the full notice is
|
||||
found.
|
||||
</para>
|
||||
<screen>
|
||||
<replaceable>one line to give the program’s name and a brief idea of what it does.</replaceable>
|
||||
Copyright (C) <replaceable>year</replaceable> <replaceable>name of author</replaceable>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the <acronym>GNU</acronym> General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
<acronym>GNU</acronym> General Public License for more details.
|
||||
|
||||
You should have received a copy of the <acronym>GNU</acronym> General Public License
|
||||
along with this program. If not, see <ulink url="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</ulink>.
|
||||
</screen>
|
||||
<para>
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
</para>
|
||||
<para>
|
||||
If the program does terminal interaction, make it output a short notice like
|
||||
this when it starts in an interactive mode:
|
||||
</para>
|
||||
<screen>
|
||||
<replaceable>program</replaceable> Copyright (C) <replaceable>year</replaceable> <replaceable>name of author</replaceable>
|
||||
This program comes with ABSOLUTELY NO WARRANTY; for details type ‘<literal>show w</literal>’.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type ‘<literal>show c</literal>’ for details.
|
||||
</screen>
|
||||
<para>
|
||||
The hypothetical commands ‘<literal>show w</literal>’ and
|
||||
‘<literal>show c</literal>’ should show the appropriate parts of
|
||||
the General Public License. Of course, your program’s commands might be
|
||||
different; for a GUI interface, you would use an “about box”.
|
||||
</para>
|
||||
<para>
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a “copyright disclaimer” for the program, if
|
||||
necessary. For more information on this, and how to apply and follow the
|
||||
<acronym>GNU</acronym> <acronym>GPL</acronym>, see <ulink
|
||||
url="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</ulink>.
|
||||
</para>
|
||||
<para>
|
||||
The <acronym>GNU</acronym> General Public License does not permit
|
||||
incorporating your program into proprietary programs. If your program is a
|
||||
subroutine library, you may consider it more useful to permit linking
|
||||
proprietary applications with the library. If this is what you want to do,
|
||||
use the <acronym>GNU</acronym> Lesser General Public License instead of this
|
||||
License. But first, please read <ulink
|
||||
url="http://www.gnu.org/philosophy/why-not-lgpl.html">http://www.gnu.org/philosophy/why-not-lgpl.html</ulink>.
|
||||
</para>
|
||||
</appendix>
|
425
docs-xml/Samba3-ByExample/gpl.xml
Normal file
@ -0,0 +1,425 @@
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE appendix PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
<appendix>
|
||||
<appendixinfo>
|
||||
<title>GNU General Public License</title>
|
||||
<pubdate>Version 2, June 1991</pubdate>
|
||||
<copyright>
|
||||
<year>1989, 1991</year>
|
||||
<holder>Free Software Foundation, Inc.</holder>
|
||||
</copyright>
|
||||
<legalnotice>
|
||||
<para>
|
||||
<address>Free Software Foundation, Inc.
|
||||
<street>59 Temple Place, Suite 330</street>,
|
||||
<city>Boston</city>,
|
||||
<state>MA</state>
|
||||
<postcode>02111-1307</postcode>
|
||||
<country>USA</country>
|
||||
</address>.
|
||||
</para>
|
||||
<para> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
|
||||
</para>
|
||||
</legalnotice>
|
||||
<releaseinfo> Version 2, June 1991</releaseinfo>
|
||||
</appendixinfo>
|
||||
<title>GNU General Public License</title>
|
||||
<sect1>
|
||||
<title>Preamble</title>
|
||||
<para> The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public License is
|
||||
intended to guarantee your freedom to share and change
|
||||
free software - to make sure the software is free for all its users.
|
||||
This General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit
|
||||
to using it. (Some other Free Software Foundation software is covered
|
||||
by the GNU Library General Public License instead.) You can apply it
|
||||
to your programs, too.
|
||||
</para>
|
||||
<para> When we speak of free software, we are referring to freedom, not price.
|
||||
Our General Public Licenses are designed to make sure that you have the
|
||||
freedom to distribute copies of free software (and charge for this
|
||||
service if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new free
|
||||
programs; and that you know you can do these things.
|
||||
</para>
|
||||
<para> To protect your rights, we need to make restrictions that forbid anyone
|
||||
to deny you these rights or to ask you to surrender the rights. These
|
||||
restrictions translate to certain responsibilities for you if you distribute
|
||||
copies of the software, or if you modify it.
|
||||
</para>
|
||||
<para> For example, if you distribute copies of such a program, whether gratis or
|
||||
for a fee, you must give the recipients all the rights that you have. You
|
||||
must make sure that they, too, receive or can get the source code. And you
|
||||
must show them these terms so they know their rights.
|
||||
</para>
|
||||
<para> We protect your rights with two steps:
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para> copyright the software, and
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para> offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</para>
|
||||
<para> Also, for each author's protection and ours, we want to make certain that
|
||||
everyone understands that there is no warranty for this free software. If
|
||||
the software is modified by someone else and passed on, we want its
|
||||
recipients to know that what they have is not the original, so that any
|
||||
problems introduced by others will not reflect on the original authors'
|
||||
reputations.
|
||||
</para>
|
||||
<para> Finally, any free program is threatened constantly by software patents.
|
||||
We wish to avoid the danger that redistributors of a free program will
|
||||
individually obtain patent licenses, in effect making the program
|
||||
proprietary. To prevent this, we have made it clear that any patent must be
|
||||
licensed for everyone's free use or not licensed at all.
|
||||
</para>
|
||||
<para> The precise terms and conditions for copying, distribution and modification
|
||||
follow.
|
||||
</para>
|
||||
</sect1>
|
||||
<sect1>
|
||||
<title>TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION</title>
|
||||
<sect2>
|
||||
<title>Section 0</title>
|
||||
<para> This License applies to any program or other work which contains a notice
|
||||
placed by the copyright holder saying it may be distributed under the terms
|
||||
of this General Public License. The "Program", below, refers to any such
|
||||
program or work, and a
|
||||
<quote>work based on the Program
|
||||
</quote> means either
|
||||
the Program or any derivative work under copyright law: that is to say, a
|
||||
work containing the Program or a portion of it, either verbatim or with
|
||||
modifications and/or translated into another language. (Hereinafter, translation
|
||||
is included without limitation in the term
|
||||
<quote>modification
|
||||
</quote>.) Each licensee is addressed as <quote>you</quote>.
|
||||
</para>
|
||||
<para> Activities other than copying, distribution and modification are not covered by
|
||||
this License; they are outside its scope. The act of running the Program is not
|
||||
restricted, and the output from the Program is covered only if its contents
|
||||
constitute a work based on the Program (independent of having been made by running
|
||||
the Program). Whether that is true depends on what the Program does.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2 id="sect1">
|
||||
<title>Section 1</title>
|
||||
<para> You may copy and distribute verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and appropriately
|
||||
publish on each copy an appropriate copyright notice and disclaimer of warranty;
|
||||
keep intact all the notices that refer to this License and to the absence of any
|
||||
warranty; and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
</para>
|
||||
<para> You may charge a fee for the physical act of transferring a copy, and you may at
|
||||
your option offer warranty protection in exchange for a fee.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2 id="sect2">
|
||||
<title>Section 2</title>
|
||||
<para> You may modify your copy or copies of the Program or any portion of it, thus
|
||||
forming a work based on the Program, and copy and distribute such modifications
|
||||
or work under the terms of
|
||||
<link linkend="sect1">Section 1
|
||||
</link> above, provided
|
||||
that you also meet all of these conditions:
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para> You must cause the modified files to carry prominent notices stating that
|
||||
you changed the files and the date of any change.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para> You must cause any work that you distribute or publish, that in whole or
|
||||
in part contains or is derived from the Program or any part thereof, to be
|
||||
licensed as a whole at no charge to all third parties under the terms of
|
||||
this License.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para> If the modified program normally reads commands interactively when run, you
|
||||
must cause it, when started running for such interactive use in the most
|
||||
ordinary way, to print or display an announcement including an appropriate
|
||||
copyright notice and a notice that there is no warranty (or else, saying
|
||||
that you provide a warranty) and that users may redistribute the program
|
||||
under these conditions, and telling the user how to view a copy of this
|
||||
License.
|
||||
<note>
|
||||
<title>Exception:
|
||||
</title>
|
||||
<para> If the Program itself is interactive but does not normally print such an
|
||||
announcement, your work based on the Program is not required to print an
|
||||
announcement.)
|
||||
</para>
|
||||
</note>
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</para>
|
||||
<para> These requirements apply to the modified work as a whole. If identifiable sections
|
||||
of that work are not derived from the Program, and can be reasonably considered
|
||||
independent and separate works in themselves, then this License, and its terms,
|
||||
do not apply to those sections when you distribute them as separate works. But when
|
||||
you distribute the same sections as part of a whole which is a work based on the
|
||||
Program, the distribution of the whole must be on the terms of this License, whose
|
||||
permissions for other licensees extend to the entire whole, and thus to each and
|
||||
every part regardless of who wrote it.
|
||||
</para>
|
||||
<para> Thus, it is not the intent of this section to claim rights or contest your rights
|
||||
to work written entirely by you; rather, the intent is to exercise the right to control
|
||||
the distribution of derivative or collective works based on the Program.
|
||||
</para>
|
||||
<para> In addition, mere aggregation of another work not based on the Program with the Program
|
||||
(or with a work based on the Program) on a volume of a storage or distribution medium
|
||||
does not bring the other work under the scope of this License.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 3
|
||||
</title>
|
||||
<para> You may copy and distribute the Program (or a work based on it, under
|
||||
<link linkend="sect2">Section 2
|
||||
</link> in object code or executable form under the terms of
|
||||
<link linkend="sect1">Sections 1
|
||||
</link> and
|
||||
<link linkend="sect2">2
|
||||
</link> above provided that you also do one of the following:
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para> Accompany it with the complete corresponding machine-readable source code, which
|
||||
must be distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para> Accompany it with a written offer, valid for at least three years, to give any
|
||||
third party, for a charge no more than your cost of physically performing source
|
||||
distribution, a complete machine-readable copy of the corresponding source code,
|
||||
to be distributed under the terms of Sections 1 and 2 above on a medium customarily
|
||||
used for software interchange; or,
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para> Accompany it with the information you received as to the offer to distribute
|
||||
corresponding source code. (This alternative is allowed only for noncommercial
|
||||
distribution and only if you received the program in object code or executable form
|
||||
with such an offer, in accord with Subsection b above.)
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</para>
|
||||
<para> The source code for a work means the preferred form of the work for making modifications
|
||||
to it. For an executable work, complete source code means all the source code for all modules
|
||||
it contains, plus any associated interface definition files, plus the scripts used to control
|
||||
compilation and installation of the executable. However, as a special exception, the source
|
||||
code distributed need not include anything that is normally distributed (in either source or
|
||||
binary form) with the major components (compiler, kernel, and so on) of the operating system
|
||||
on which the executable runs, unless that component itself accompanies the executable.
|
||||
</para>
|
||||
<para> If distribution of executable or object code is made by offering access to copy from a
|
||||
designated place, then offering equivalent access to copy the source code from the same place
|
||||
counts as distribution of the source code, even though third parties are not compelled to
|
||||
copy the source along with the object code.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 4
|
||||
</title>
|
||||
<para> You may not copy, modify, sublicense, or distribute the Program except as expressly provided
|
||||
under this License. Any attempt otherwise to copy, modify, sublicense or distribute the
|
||||
Program is void, and will automatically terminate your rights under this License. However,
|
||||
parties who have received copies, or rights, from you under this License will not have their
|
||||
licenses terminated so long as such parties remain in full compliance.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 5
|
||||
</title>
|
||||
<para> You are not required to accept this License, since you have not signed it. However, nothing
|
||||
else grants you permission to modify or distribute the Program or its derivative works.
|
||||
These actions are prohibited by law if you do not accept this License. Therefore, by modifying
|
||||
or distributing the Program (or any work based on the Program), you indicate your acceptance
|
||||
of this License to do so, and all its terms and conditions for copying, distributing or
|
||||
modifying the Program or works based on it.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 6
|
||||
</title>
|
||||
<para> Each time you redistribute the Program (or any work based on the Program), the recipient
|
||||
automatically receives a license from the original licensor to copy, distribute or modify
|
||||
the Program subject to these terms and conditions. You may not impose any further restrictions
|
||||
on the recipients' exercise of the rights granted herein. You are not responsible for enforcing
|
||||
compliance by third parties to this License.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 7
|
||||
</title>
|
||||
<para> If, as a consequence of a court judgment or allegation of patent infringement or for any other
|
||||
reason (not limited to patent issues), conditions are imposed on you (whether by court order,
|
||||
agreement or otherwise) that contradict the conditions of this License, they do not excuse you
|
||||
from the conditions of this License. If you cannot distribute so as to satisfy simultaneously
|
||||
your obligations under this License and any other pertinent obligations, then as a consequence
|
||||
you may not distribute the Program at all. For example, if a patent license would not permit
|
||||
royalty-free redistribution of the Program by all those who receive copies directly or
|
||||
indirectly through you, then the only way you could satisfy both it and this License would be
|
||||
to refrain entirely from distribution of the Program.
|
||||
</para>
|
||||
<para> If any portion of this section is held invalid or unenforceable under any particular circumstance,
|
||||
the balance of the section is intended to apply and the section as a whole is intended to apply
|
||||
in other circumstances.
|
||||
</para>
|
||||
<para> It is not the purpose of this section to induce you to infringe any patents or other property
|
||||
right claims or to contest validity of any such claims; this section has the sole purpose of
|
||||
protecting the integrity of the free software distribution system, which is implemented by public
|
||||
license practices. Many people have made generous contributions to the wide range of software
|
||||
distributed through that system in reliance on consistent application of that system; it is up
|
||||
to the author/donor to decide if he or she is willing to distribute software through any other
|
||||
system and a licensee cannot impose that choice.
|
||||
</para>
|
||||
<para> This section is intended to make thoroughly clear what is believed to be a consequence of the
|
||||
rest of this License.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 8
|
||||
</title>
|
||||
<para> If the distribution and/or use of the Program is restricted in certain countries either by patents
|
||||
or by copyrighted interfaces, the original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding those countries, so that
|
||||
distribution is permitted only in or among countries not thus excluded. In such case, this License
|
||||
incorporates the limitation as if written in the body of this License.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 9
|
||||
</title>
|
||||
<para> The Free Software Foundation may publish revised and/or new versions of the General Public License
|
||||
from time to time. Such new versions will be similar in spirit to the present version, but may differ
|
||||
in detail to address new problems or concerns.
|
||||
</para>
|
||||
<para> Each version is given a distinguishing version number. If the Program specifies a version number of
|
||||
this License which applies to it and "any later version", you have the option of following the terms
|
||||
and conditions either of that version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of this License, you may choose any
|
||||
version ever published by the Free Software Foundation.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 10
|
||||
</title>
|
||||
<para> If you wish to incorporate parts of the Program into other free programs whose distribution
|
||||
conditions are different, write to the author to ask for permission. For software which is copyrighted
|
||||
by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions
|
||||
for this. Our decision will be guided by the two goals of preserving the free status of all
|
||||
derivatives of our free software and of promoting the sharing and reuse of software generally.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>NO WARRANTY Section 11
|
||||
</title>
|
||||
<para> BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT
|
||||
PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
||||
OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
|
||||
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||
</para>
|
||||
</sect2>
|
||||
<sect2>
|
||||
<title>Section 12
|
||||
</title>
|
||||
<para> IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR
|
||||
ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU
|
||||
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
|
||||
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH
|
||||
ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
|
||||
DAMAGES.
|
||||
</para>
|
||||
<para>END OF TERMS AND CONDITIONS
|
||||
</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
<sect1>
|
||||
<title>How to Apply These Terms to Your New Programs
|
||||
</title>
|
||||
<para>
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
</para>
|
||||
<para>
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
</para>
|
||||
<para>
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
</para>
|
||||
<para>
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
</para>
|
||||
<para>
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
</para>
|
||||
<para>
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
</para>
|
||||
<para>
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
</para>
|
||||
<para>
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
</para>
|
||||
<para>
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
</para>
|
||||
<para>
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
</para>
|
||||
<para>
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
</para>
|
||||
<para>
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
</para>
|
||||
<para>
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
</para>
|
||||
<para>
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Library General
|
||||
Public License instead of this License.
|
||||
</para>
|
||||
</sect1>
|
||||
</appendix>
|
1588
docs-xml/Samba3-ByExample/images/AccountingNetwork.svg
Normal file
After Width: | Height: | Size: 37 KiB |
1039
docs-xml/Samba3-ByExample/images/Charity-Network.svg
Normal file
After Width: | Height: | Size: 28 KiB |
After Width: | Height: | Size: 37 KiB |
BIN
docs-xml/Samba3-ByExample/images/HostAnnouncment.png
Normal file
After Width: | Height: | Size: 37 KiB |
BIN
docs-xml/Samba3-ByExample/images/LocalMasterAnnouncement.png
Normal file
After Width: | Height: | Size: 38 KiB |
BIN
docs-xml/Samba3-ByExample/images/NullConnect.png
Normal file
After Width: | Height: | Size: 21 KiB |
312
docs-xml/Samba3-ByExample/images/UNIX-Samba-and-LDAP.svg
Normal file
@ -0,0 +1,312 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
<svg
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
version="1.0"
|
||||
width="22.440001cm"
|
||||
height="13.923cm"
|
||||
viewBox="2.2 5.38 24.64 19.302"
|
||||
id="svg2">
|
||||
<defs
|
||||
id="defs95" />
|
||||
<rect
|
||||
width="7.625"
|
||||
height="11.175"
|
||||
x="9.3500004"
|
||||
y="6.2750001"
|
||||
id="rect4"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="13.162"
|
||||
y1="6.2750001"
|
||||
x2="13.162"
|
||||
y2="17.450001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line6"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="9.3500004"
|
||||
y1="8.8500004"
|
||||
x2="16.975"
|
||||
y2="8.8500004"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line8"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="9.3400002"
|
||||
y1="11.68"
|
||||
x2="16.975"
|
||||
y2="11.725"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line10"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="9.3149996"
|
||||
y1="14.655"
|
||||
x2="16.950001"
|
||||
y2="14.65"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line12"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="10.404"
|
||||
y="5.9749999"
|
||||
id="text14"
|
||||
style="font-size:1px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Posix</text>
|
||||
<text
|
||||
x="14.161"
|
||||
y="5.9650002"
|
||||
id="text16"
|
||||
style="font-size:1px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
|
||||
<text
|
||||
x="10.277"
|
||||
y="7.7399998"
|
||||
id="text18"
|
||||
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">People</text>
|
||||
<text
|
||||
x="14.52"
|
||||
y="7.375"
|
||||
id="text20"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">User</text>
|
||||
<text
|
||||
x="14.043"
|
||||
y="8.1750002"
|
||||
id="text22"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Accounts</text>
|
||||
<text
|
||||
x="10.328"
|
||||
y="16.25"
|
||||
id="text24"
|
||||
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">uid/gids</text>
|
||||
<text
|
||||
x="14.086"
|
||||
y="13.125"
|
||||
id="text26"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Windows</text>
|
||||
<text
|
||||
x="14.27"
|
||||
y="13.925"
|
||||
id="text28"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Groups</text>
|
||||
<text
|
||||
x="10.306"
|
||||
y="13.334"
|
||||
id="text30"
|
||||
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Groups</text>
|
||||
<text
|
||||
x="10.285"
|
||||
y="10.459"
|
||||
id="text32"
|
||||
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">People</text>
|
||||
<text
|
||||
x="14.193"
|
||||
y="9.7340002"
|
||||
id="text34"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Domain</text>
|
||||
<text
|
||||
x="14.138"
|
||||
y="10.534"
|
||||
id="text36"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Member</text>
|
||||
<text
|
||||
x="13.99"
|
||||
y="11.334"
|
||||
id="text38"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Machines</text>
|
||||
<text
|
||||
x="14.257"
|
||||
y="16.284"
|
||||
id="text40"
|
||||
style="font-size:0.89999998px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">SIDs</text>
|
||||
<rect
|
||||
width="4.3499999"
|
||||
height="1.625"
|
||||
x="2.25"
|
||||
y="9.4499998"
|
||||
id="rect42"
|
||||
style="fill:#c6c6c6;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="4.3499999"
|
||||
height="1.625"
|
||||
x="2.25"
|
||||
y="9.4499998"
|
||||
id="rect44"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="9.3500004"
|
||||
y1="6.2750001"
|
||||
x2="6.5999999"
|
||||
y2="9.4499998"
|
||||
stroke="#000000"
|
||||
stroke-width="0.050"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line46"
|
||||
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
|
||||
<line
|
||||
x1="6.5999999"
|
||||
y1="11.075"
|
||||
x2="9.3249998"
|
||||
y2="14.65"
|
||||
stroke="#000000"
|
||||
stroke-width="0.050"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line48"
|
||||
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
|
||||
<text
|
||||
x="3.313"
|
||||
y="10.5"
|
||||
id="text50"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NSS_LDAP</text>
|
||||
<rect
|
||||
width="5.0999999"
|
||||
height="1.625"
|
||||
x="2.2750001"
|
||||
y="15.225"
|
||||
id="rect52"
|
||||
style="fill:#b9b9b9;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="5.0999999"
|
||||
height="1.625"
|
||||
x="2.2750001"
|
||||
y="15.225"
|
||||
id="rect54"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="3.415"
|
||||
y="16.247"
|
||||
id="text56"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Winbind (NSS)</text>
|
||||
<line
|
||||
x1="9.3500004"
|
||||
y1="14.725"
|
||||
x2="7.375"
|
||||
y2="15.225"
|
||||
stroke="#000000"
|
||||
stroke-width="0.050"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line58"
|
||||
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
|
||||
<line
|
||||
x1="7.375"
|
||||
y1="16.85"
|
||||
x2="9.3500004"
|
||||
y2="17.450001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.050"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line60"
|
||||
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
|
||||
<rect
|
||||
width="5.25"
|
||||
height="2.2249999"
|
||||
x="19.325001"
|
||||
y="9.1499996"
|
||||
id="rect62"
|
||||
style="fill:#adadad;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="5.25"
|
||||
height="2.2249999"
|
||||
x="19.325001"
|
||||
y="9.1499996"
|
||||
id="rect64"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="20.535"
|
||||
y="10.522"
|
||||
id="text66"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">smbd + winbind</text>
|
||||
<line
|
||||
x1="16.975"
|
||||
y1="6.2750001"
|
||||
x2="19.325001"
|
||||
y2="9.1499996"
|
||||
stroke="#000000"
|
||||
stroke-width="0.050"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line68"
|
||||
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
|
||||
<line
|
||||
x1="19.325001"
|
||||
y1="11.375"
|
||||
x2="16.975"
|
||||
y2="14.675"
|
||||
stroke="#000000"
|
||||
stroke-width="0.050"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line70"
|
||||
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
|
||||
<rect
|
||||
width="5.25"
|
||||
height="2.1300001"
|
||||
x="19.34"
|
||||
y="14.925"
|
||||
id="rect72"
|
||||
style="fill:#adadad;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="5.25"
|
||||
height="2.1300001"
|
||||
x="19.34"
|
||||
y="14.925"
|
||||
id="rect74"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="21.211"
|
||||
y="15.875"
|
||||
id="text76"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">winbind</text>
|
||||
<text
|
||||
x="21.121"
|
||||
y="16.575001"
|
||||
id="text78"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">(IDMAP)</text>
|
||||
<line
|
||||
x1="19.34"
|
||||
y1="14.925"
|
||||
x2="16.975"
|
||||
y2="14.6"
|
||||
stroke="#000000"
|
||||
stroke-width="0.050"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line80"
|
||||
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
|
||||
<line
|
||||
x1="19.34"
|
||||
y1="17.055"
|
||||
x2="17.049999"
|
||||
y2="17.375"
|
||||
stroke="#000000"
|
||||
stroke-width="0.050"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line82"
|
||||
style="stroke:#000000;stroke-width:0.05;stroke-dasharray:0.1, 0.1" />
|
||||
<text
|
||||
x="3.2219999"
|
||||
y="6.375"
|
||||
id="text84"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">UNIX Interface</text>
|
||||
<text
|
||||
x="3.8310001"
|
||||
y="7.0749998"
|
||||
id="text86"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">to LDAP</text>
|
||||
<text
|
||||
x="20.378"
|
||||
y="6.3000002"
|
||||
id="text88"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba Interface</text>
|
||||
<text
|
||||
x="21.156"
|
||||
y="7"
|
||||
id="text90"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">to LDAP</text>
|
||||
<text
|
||||
x="11.024"
|
||||
y="18.74"
|
||||
id="text92"
|
||||
style="font-size:1px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP Database</text>
|
||||
</svg>
|
After Width: | Height: | Size: 9.0 KiB |
BIN
docs-xml/Samba3-ByExample/images/UserConnect.png
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
docs-xml/Samba3-ByExample/images/UserMgrNT4.png
Normal file
After Width: | Height: | Size: 30 KiB |
BIN
docs-xml/Samba3-ByExample/images/WINREPRESSME-Capture.png
Normal file
After Width: | Height: | Size: 56 KiB |
BIN
docs-xml/Samba3-ByExample/images/WINREPRESSME-Capture2.png
Normal file
After Width: | Height: | Size: 50 KiB |
After Width: | Height: | Size: 6.3 KiB |
After Width: | Height: | Size: 7.8 KiB |
BIN
docs-xml/Samba3-ByExample/images/WindowsXP-NullConnection.png
Normal file
After Width: | Height: | Size: 23 KiB |
BIN
docs-xml/Samba3-ByExample/images/WindowsXP-UserConnection.png
Normal file
After Width: | Height: | Size: 24 KiB |
BIN
docs-xml/Samba3-ByExample/images/XP-screen001.png
Normal file
After Width: | Height: | Size: 14 KiB |
1901
docs-xml/Samba3-ByExample/images/acct2net.svg
Normal file
After Width: | Height: | Size: 50 KiB |
143
docs-xml/Samba3-ByExample/images/ch7-dual-additive-LDAP-Ok.svg
Normal file
@ -0,0 +1,143 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
<svg
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
version="1.0"
|
||||
width="14.175cm"
|
||||
height="7.1500001cm"
|
||||
viewBox="4.175 2.15 18.35 9.3"
|
||||
id="svg2">
|
||||
<defs
|
||||
id="defs47" />
|
||||
<rect
|
||||
width="4.2249999"
|
||||
height="1.825"
|
||||
x="4.2249999"
|
||||
y="4.4749999"
|
||||
id="rect4"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="4.2249999"
|
||||
height="1.825"
|
||||
x="4.2249999"
|
||||
y="4.4749999"
|
||||
id="rect6"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="6.1750002"
|
||||
height="2.825"
|
||||
x="12.1"
|
||||
y="2.2"
|
||||
id="rect8"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="6.1750002"
|
||||
height="2.825"
|
||||
x="12.1"
|
||||
y="2.2"
|
||||
id="rect10"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="5.4169998"
|
||||
y="5.5999999"
|
||||
id="text12"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
|
||||
<text
|
||||
x="14.296"
|
||||
y="3.0250001"
|
||||
id="text14"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master</text>
|
||||
<text
|
||||
x="13.676"
|
||||
y="3.825"
|
||||
id="text16"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
|
||||
<text
|
||||
x="13.84"
|
||||
y="4.625"
|
||||
id="text18"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Directory A</text>
|
||||
<line
|
||||
x1="9"
|
||||
y1="5.3790002"
|
||||
x2="10.9"
|
||||
y2="5.3499999"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line20"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="8.996,5.129 8.5,5.387 9.004,5.629 8.996,5.129 "
|
||||
id="polygon22"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<rect
|
||||
width="6.1750002"
|
||||
height="2.605"
|
||||
x="12.125"
|
||||
y="6.52"
|
||||
id="rect24"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="6.1750002"
|
||||
height="2.605"
|
||||
x="12.125"
|
||||
y="6.52"
|
||||
id="rect26"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="14.575"
|
||||
y="7.25"
|
||||
id="text28"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">slave</text>
|
||||
<text
|
||||
x="13.776"
|
||||
y="8.0500002"
|
||||
id="text30"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
|
||||
<text
|
||||
x="13.941"
|
||||
y="8.8500004"
|
||||
id="text32"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Directory B</text>
|
||||
<line
|
||||
x1="11.55"
|
||||
y1="3.618"
|
||||
x2="10.925"
|
||||
y2="3.625"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line34"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="11.553,3.868 12.05,3.613 11.547,3.368 11.553,3.868 "
|
||||
id="polygon36"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="10.95"
|
||||
y1="3.575"
|
||||
x2="10.925"
|
||||
y2="7.8499999"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line38"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="11.575"
|
||||
y1="7.8239999"
|
||||
x2="10.95"
|
||||
y2="7.8249998"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line40"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="11.576,8.074 12.075,7.823 11.574,7.574 11.576,8.074 "
|
||||
id="polygon42"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<text
|
||||
x="14.331"
|
||||
y="5.9749999"
|
||||
id="text44"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">additive</text>
|
||||
</svg>
|
After Width: | Height: | Size: 4.0 KiB |
153
docs-xml/Samba3-ByExample/images/ch7-dual-additive-LDAP.svg
Normal file
@ -0,0 +1,153 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
<svg
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
version="1.0"
|
||||
width="13.05cm"
|
||||
height="7.987cm"
|
||||
viewBox="4.175 2.9 17.225 10.887"
|
||||
id="svg2">
|
||||
<defs
|
||||
id="defs51" />
|
||||
<rect
|
||||
width="4.2249999"
|
||||
height="1.825"
|
||||
x="4.2249999"
|
||||
y="4.4749999"
|
||||
id="rect4"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="4.2249999"
|
||||
height="1.825"
|
||||
x="4.2249999"
|
||||
y="4.4749999"
|
||||
id="rect6"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="12"
|
||||
y="2.95"
|
||||
id="rect8"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="12"
|
||||
y="2.95"
|
||||
id="rect10"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="5.4169998"
|
||||
y="5.5500002"
|
||||
id="text12"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
|
||||
<text
|
||||
x="13.846"
|
||||
y="3.7249999"
|
||||
id="text14"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master</text>
|
||||
<text
|
||||
x="13.226"
|
||||
y="4.5250001"
|
||||
id="text16"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
|
||||
<line
|
||||
x1="9"
|
||||
y1="5.3790002"
|
||||
x2="10.9"
|
||||
y2="5.3499999"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line18"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="8.996,5.129 8.5,5.387 9.004,5.629 8.996,5.129 "
|
||||
id="polygon20"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="11.998"
|
||||
y="5.9450002"
|
||||
id="rect22"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="11.998"
|
||||
y="5.9450002"
|
||||
id="rect24"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="14.15"
|
||||
y="6.7249999"
|
||||
id="text26"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">slave</text>
|
||||
<text
|
||||
x="13.351"
|
||||
y="7.5250001"
|
||||
id="text28"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
|
||||
<line
|
||||
x1="11.45"
|
||||
y1="3.9119999"
|
||||
x2="10.9"
|
||||
y2="3.925"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line30"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="11.456,4.162 11.95,3.901 11.444,3.663 11.456,4.162 "
|
||||
id="polygon32"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="10.925"
|
||||
y1="3.925"
|
||||
x2="10.95"
|
||||
y2="6.9499998"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line34"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="11.448"
|
||||
y1="6.9099998"
|
||||
x2="10.9"
|
||||
y2="6.9250002"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line36"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="11.455,7.16 11.948,6.896 11.441,6.66 11.455,7.16 "
|
||||
id="polygon38"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<text
|
||||
x="13.659"
|
||||
y="5.5749998"
|
||||
id="text40"
|
||||
style="font-size:0.5px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">additive</text>
|
||||
<text
|
||||
x="8.6809998"
|
||||
y="8.75"
|
||||
id="text42"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">The LDAP backend consists of a</text>
|
||||
<text
|
||||
x="7.9250002"
|
||||
y="9.3500004"
|
||||
id="text44"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master and a slave for the same database.</text>
|
||||
<text
|
||||
x="8.7819996"
|
||||
y="9.9499998"
|
||||
id="text46"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">This is a broken implementation</text>
|
||||
<text
|
||||
x="9.0249996"
|
||||
y="10.55"
|
||||
id="text48"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">- accounts will be duplicated.</text>
|
||||
</svg>
|
After Width: | Height: | Size: 4.4 KiB |
120
docs-xml/Samba3-ByExample/images/ch7-fail-overLDAP.svg
Normal file
@ -0,0 +1,120 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
<svg
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
version="1.0"
|
||||
width="13.098cm"
|
||||
height="4.9000001cm"
|
||||
viewBox="4.175 2.9 17.273 7.8"
|
||||
id="svg2">
|
||||
<defs
|
||||
id="defs41" />
|
||||
<rect
|
||||
width="4.2249999"
|
||||
height="1.825"
|
||||
x="4.2249999"
|
||||
y="4.4749999"
|
||||
id="rect4"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="4.2249999"
|
||||
height="1.825"
|
||||
x="4.2249999"
|
||||
y="4.4749999"
|
||||
id="rect6"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="12"
|
||||
y="2.95"
|
||||
id="rect8"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="12"
|
||||
y="2.95"
|
||||
id="rect10"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="5.4169998"
|
||||
y="5.5500002"
|
||||
id="text12"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
|
||||
<text
|
||||
x="13.846"
|
||||
y="3.7249999"
|
||||
id="text14"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master</text>
|
||||
<text
|
||||
x="13.226"
|
||||
y="4.5250001"
|
||||
id="text16"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
|
||||
<line
|
||||
x1="8.9820004"
|
||||
y1="4.875"
|
||||
x2="11.518"
|
||||
y2="3.813"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line18"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="8.886,4.644 8.521,5.068 9.079,5.106 8.886,4.644 "
|
||||
id="polygon20"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="11.614,4.043 11.979,3.619 11.421,3.582 11.614,4.043 "
|
||||
id="polygon22"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="12.047"
|
||||
y="5.7449999"
|
||||
id="rect24"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="12.047"
|
||||
y="5.7449999"
|
||||
id="rect26"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="14.1"
|
||||
y="6.5500002"
|
||||
id="text28"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">slave</text>
|
||||
<text
|
||||
x="13.301"
|
||||
y="7.3499999"
|
||||
id="text30"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
|
||||
<line
|
||||
x1="8.993"
|
||||
y1="5.8610001"
|
||||
x2="11.43"
|
||||
y2="6.7340002"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
stroke-dasharray="0.10,0.10"
|
||||
id="line32"
|
||||
style="stroke:#000000;stroke-width:0.1;stroke-dasharray:0.1, 0.1" />
|
||||
<polygon
|
||||
points="9.077,5.625 8.522,5.692 8.908,6.096 9.077,5.625 "
|
||||
id="polygon34"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="11.345,6.97 11.9,6.903 11.514,6.499 11.345,6.97 "
|
||||
id="polygon36"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<text
|
||||
x="10.245"
|
||||
y="6"
|
||||
id="text38"
|
||||
style="font-size:0.5px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">fail-over</text>
|
||||
</svg>
|
After Width: | Height: | Size: 3.4 KiB |
73
docs-xml/Samba3-ByExample/images/ch7-singleLDAP.svg
Normal file
@ -0,0 +1,73 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
<svg
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
version="1.0"
|
||||
width="12.75cm"
|
||||
height="2.075cm"
|
||||
viewBox="4.175 4.425 16.925 6.5"
|
||||
id="svg2">
|
||||
<defs
|
||||
id="defs25" />
|
||||
<rect
|
||||
width="4.2249999"
|
||||
height="1.825"
|
||||
x="4.2249999"
|
||||
y="4.4749999"
|
||||
id="rect4"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="4.2249999"
|
||||
height="1.825"
|
||||
x="4.2249999"
|
||||
y="4.4749999"
|
||||
id="rect6"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="11.7"
|
||||
y="4.4749999"
|
||||
id="rect8"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="5.1750002"
|
||||
height="1.9"
|
||||
x="11.7"
|
||||
y="4.4749999"
|
||||
id="rect10"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="5.4169998"
|
||||
y="5.5500002"
|
||||
id="text12"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
|
||||
<text
|
||||
x="13.621"
|
||||
y="5.25"
|
||||
id="text14"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">master</text>
|
||||
<text
|
||||
x="13.001"
|
||||
y="6.0500002"
|
||||
id="text16"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP server</text>
|
||||
<line
|
||||
x1="9"
|
||||
y1="5.3899999"
|
||||
x2="11.05"
|
||||
y2="5.3979998"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line18"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="9.001,5.14 8.5,5.388 8.999,5.64 9.001,5.14 "
|
||||
id="polygon20"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="11.049,5.648 11.55,5.4 11.051,5.148 11.049,5.648 "
|
||||
id="polygon22"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
</svg>
|
After Width: | Height: | Size: 2.0 KiB |
767
docs-xml/Samba3-ByExample/images/ch8-migration.svg
Normal file
@ -0,0 +1,767 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
<svg
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
version="1.0"
|
||||
width="16.389cm"
|
||||
height="11.635cm"
|
||||
viewBox="3.227 3.533 19.617 15.168"
|
||||
id="svg2">
|
||||
<defs
|
||||
id="defs221" />
|
||||
<polyline
|
||||
fill="none"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
points="4.746,10.964 4.746,12.225 18.667,12.225 18.667,11.050 "
|
||||
id="polyline4"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2.0599999"
|
||||
height="4.8070002"
|
||||
x="3.648"
|
||||
y="5.744"
|
||||
id="rect6"
|
||||
style="fill:#b3b3b3;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2.0599999"
|
||||
height="4.8070002"
|
||||
x="3.648"
|
||||
y="5.744"
|
||||
id="rect8"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.08" />
|
||||
<rect
|
||||
width="1.648"
|
||||
height="0.54900002"
|
||||
x="3.8540001"
|
||||
y="6.033"
|
||||
id="rect10"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="1.648"
|
||||
height="0.54900002"
|
||||
x="3.8540001"
|
||||
y="6.5819998"
|
||||
id="rect12"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="1.648"
|
||||
height="0.54900002"
|
||||
x="3.8540001"
|
||||
y="7.132"
|
||||
id="rect14"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="1.648"
|
||||
height="0.54900002"
|
||||
x="3.8540001"
|
||||
y="7.6810002"
|
||||
id="rect16"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="1.03"
|
||||
height="0.33000001"
|
||||
x="3.8540001"
|
||||
y="8.3400002"
|
||||
id="rect18"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<ellipse
|
||||
cx="5.3990002"
|
||||
cy="8.3950005"
|
||||
rx="0.071999997"
|
||||
ry="0.071999997"
|
||||
id="ellipse20"
|
||||
style="fill:#00ff00;stroke:none" />
|
||||
<ellipse
|
||||
cx="5.3990002"
|
||||
cy="8.3950005"
|
||||
rx="0.071999997"
|
||||
ry="0.071999997"
|
||||
id="ellipse22"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<ellipse
|
||||
cx="5.3990002"
|
||||
cy="8.6149998"
|
||||
rx="0.071999997"
|
||||
ry="0.071999997"
|
||||
id="ellipse24"
|
||||
style="fill:#ffff00;stroke:none" />
|
||||
<ellipse
|
||||
cx="5.3990002"
|
||||
cy="8.6149998"
|
||||
rx="0.071999997"
|
||||
ry="0.071999997"
|
||||
id="ellipse26"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="0.24699999"
|
||||
height="0.22"
|
||||
x="4.987"
|
||||
y="8.4499998"
|
||||
id="rect28"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="0.24699999"
|
||||
height="0.22"
|
||||
x="4.987"
|
||||
y="8.4499998"
|
||||
id="rect30"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<path
|
||||
d="M 3.991,9.109 L 3.991,10.311"
|
||||
id="path32"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<path
|
||||
d="M 4.334,9.109 L 4.334,10.311"
|
||||
id="path34"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<path
|
||||
d="M 4.678,9.109 L 4.678,10.311"
|
||||
id="path36"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<path
|
||||
d="M 5.021,9.109 L 5.021,10.311"
|
||||
id="path38"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<path
|
||||
d="M 5.364,9.109 L 5.364,10.311"
|
||||
id="path40"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<path
|
||||
d="M 5.708,9.109 L 5.708,10.311"
|
||||
id="path42"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<polygon
|
||||
points="3.236,10.964 3.648,10.14 3.648,10.552 5.708,10.552 5.708,10.14 6.257,10.964 3.236,10.964 "
|
||||
id="polygon44"
|
||||
style="fill:#999999;stroke:none;stroke-width:0.01" />
|
||||
<polygon
|
||||
points="3.236,10.964 3.648,10.14 3.648,10.552 5.708,10.552 5.708,10.14 6.257,10.964 3.236,10.964 "
|
||||
id="polygon46"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="1.8"
|
||||
height="5.4000001"
|
||||
x="17.767"
|
||||
y="5.6500001"
|
||||
id="rect48"
|
||||
style="fill:#d9d9cd;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="1.8"
|
||||
height="5.4000001"
|
||||
x="17.767"
|
||||
y="5.6500001"
|
||||
id="rect50"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="1.8"
|
||||
height="5.4000001"
|
||||
x="17.767"
|
||||
y="5.6500001"
|
||||
id="rect52"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="1.4400001"
|
||||
height="2.1600001"
|
||||
x="17.947001"
|
||||
y="5.8299999"
|
||||
id="rect54"
|
||||
style="fill:#d9d9cd;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="1.4400001"
|
||||
height="2.1600001"
|
||||
x="17.947001"
|
||||
y="5.8299999"
|
||||
id="rect56"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="1.4400001"
|
||||
height="2.1600001"
|
||||
x="17.947001"
|
||||
y="5.8299999"
|
||||
id="rect58"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.947001"
|
||||
y1="6.1900001"
|
||||
x2="19.386999"
|
||||
y2="6.1900001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line60"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.386999"
|
||||
y1="6.5500002"
|
||||
x2="17.947001"
|
||||
y2="6.5500002"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line62"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.947001"
|
||||
y1="6.9099998"
|
||||
x2="19.386999"
|
||||
y2="6.9099998"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line64"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.947001"
|
||||
y1="7.27"
|
||||
x2="19.386999"
|
||||
y2="7.27"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line66"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.386999"
|
||||
y1="7.6300001"
|
||||
x2="17.947001"
|
||||
y2="7.6300001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line68"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="0.99000001"
|
||||
height="0.54000002"
|
||||
x="17.947001"
|
||||
y="8.1700001"
|
||||
id="rect70"
|
||||
style="fill:#d9d9cd;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="0.99000001"
|
||||
height="0.54000002"
|
||||
x="17.947001"
|
||||
y="8.1700001"
|
||||
id="rect72"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="0.99000001"
|
||||
height="0.54000002"
|
||||
x="17.947001"
|
||||
y="8.1700001"
|
||||
id="rect74"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.767"
|
||||
y1="9.0699997"
|
||||
x2="19.566999"
|
||||
y2="9.0699997"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line76"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="18.577"
|
||||
y="9.25"
|
||||
id="rect78"
|
||||
style="fill:#00cd00;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="18.577"
|
||||
y="9.25"
|
||||
id="rect80"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="18.577"
|
||||
y="9.25"
|
||||
id="rect82"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="18.937"
|
||||
y="9.25"
|
||||
id="rect84"
|
||||
style="fill:#cdcd00;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="18.937"
|
||||
y="9.25"
|
||||
id="rect86"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="18.937"
|
||||
y="9.25"
|
||||
id="rect88"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="19.297001"
|
||||
y="9.25"
|
||||
id="rect90"
|
||||
style="fill:#cd0000;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="19.297001"
|
||||
y="9.25"
|
||||
id="rect92"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="0.090000004"
|
||||
height="0.090000004"
|
||||
x="19.297001"
|
||||
y="9.25"
|
||||
id="rect94"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="0.18000001"
|
||||
height="0.18000001"
|
||||
x="19.207001"
|
||||
y="8.71"
|
||||
id="rect96"
|
||||
style="fill:#cdcdbd;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="0.18000001"
|
||||
height="0.18000001"
|
||||
x="19.207001"
|
||||
y="8.71"
|
||||
id="rect98"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="0.18000001"
|
||||
height="0.18000001"
|
||||
x="19.207001"
|
||||
y="8.71"
|
||||
id="rect100"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.947001"
|
||||
y1="8.4399996"
|
||||
x2="18.937"
|
||||
y2="8.4399996"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line102"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="0.27000001"
|
||||
height="0.27000001"
|
||||
x="17.947001"
|
||||
y="9.1599998"
|
||||
id="rect104"
|
||||
style="fill:#cdcdbd;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="0.27000001"
|
||||
height="0.27000001"
|
||||
x="17.947001"
|
||||
y="9.1599998"
|
||||
id="rect106"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="0.27000001"
|
||||
height="0.27000001"
|
||||
x="17.947001"
|
||||
y="9.1599998"
|
||||
id="rect108"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="1.26"
|
||||
height="0.090000004"
|
||||
x="18.037001"
|
||||
y="7.7199998"
|
||||
id="rect110"
|
||||
style="fill:#cdcdc1;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="1.26"
|
||||
height="0.090000004"
|
||||
x="18.037001"
|
||||
y="7.7199998"
|
||||
id="rect112"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="1.26"
|
||||
height="0.090000004"
|
||||
x="18.037001"
|
||||
y="7.7199998"
|
||||
id="rect114"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="18.037001"
|
||||
y1="8.2600002"
|
||||
x2="18.847"
|
||||
y2="8.2600002"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line116"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="18.847"
|
||||
y1="8.3500004"
|
||||
x2="18.757"
|
||||
y2="8.3500004"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line118"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="18.037001"
|
||||
y1="8.3500004"
|
||||
x2="18.127001"
|
||||
y2="8.3500004"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line120"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="0.44999999"
|
||||
height="0.090000004"
|
||||
x="18.216999"
|
||||
y="8.2600002"
|
||||
id="rect122"
|
||||
style="fill:#cdcdc1;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="0.44999999"
|
||||
height="0.090000004"
|
||||
x="18.216999"
|
||||
y="8.2600002"
|
||||
id="rect124"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="0.44999999"
|
||||
height="0.090000004"
|
||||
x="18.216999"
|
||||
y="8.2600002"
|
||||
id="rect126"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="18.037001"
|
||||
y1="7.9000001"
|
||||
x2="18.127001"
|
||||
y2="7.9000001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line128"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="18.216999"
|
||||
y1="7.9000001"
|
||||
x2="18.306999"
|
||||
y2="7.9000001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line130"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.117001"
|
||||
y1="7.9000001"
|
||||
x2="19.297001"
|
||||
y2="7.9000001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line132"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.857"
|
||||
y1="10.96"
|
||||
x2="19.476999"
|
||||
y2="10.96"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line134"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.476999"
|
||||
y1="10.87"
|
||||
x2="17.857"
|
||||
y2="10.87"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line136"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.857"
|
||||
y1="10.78"
|
||||
x2="19.476999"
|
||||
y2="10.78"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line138"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.476999"
|
||||
y1="10.69"
|
||||
x2="17.857"
|
||||
y2="10.69"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line140"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.857"
|
||||
y1="10.6"
|
||||
x2="19.476999"
|
||||
y2="10.6"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line142"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.476999"
|
||||
y1="10.51"
|
||||
x2="17.857"
|
||||
y2="10.51"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line144"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.857"
|
||||
y1="10.42"
|
||||
x2="19.476999"
|
||||
y2="10.42"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line146"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.476999"
|
||||
y1="10.33"
|
||||
x2="17.857"
|
||||
y2="10.33"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line148"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.857"
|
||||
y1="10.24"
|
||||
x2="19.476999"
|
||||
y2="10.24"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line150"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.476999"
|
||||
y1="10.15"
|
||||
x2="17.857"
|
||||
y2="10.15"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line152"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.857"
|
||||
y1="10.06"
|
||||
x2="19.476999"
|
||||
y2="10.06"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line154"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.476999"
|
||||
y1="9.9700003"
|
||||
x2="17.857"
|
||||
y2="9.9700003"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line156"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="17.857"
|
||||
y1="9.8800001"
|
||||
x2="19.476999"
|
||||
y2="9.8800001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line158"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<line
|
||||
x1="19.476999"
|
||||
y1="9.79"
|
||||
x2="17.857"
|
||||
y2="9.79"
|
||||
stroke="#000000"
|
||||
stroke-width="0.010"
|
||||
id="line160"
|
||||
style="stroke:#000000;stroke-width:0.01" />
|
||||
<rect
|
||||
width="2.7190001"
|
||||
height="2.3989999"
|
||||
x="6.5500002"
|
||||
y="6.1869998"
|
||||
id="rect162"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<ellipse
|
||||
cx="7.9089999"
|
||||
cy="8.585"
|
||||
rx="1.359"
|
||||
ry="0.40000001"
|
||||
id="ellipse164"
|
||||
style="fill:#ffffff;stroke:none" />
|
||||
<ellipse
|
||||
cx="7.9089999"
|
||||
cy="6.1869998"
|
||||
rx="1.359"
|
||||
ry="0.40000001"
|
||||
id="ellipse166"
|
||||
style="fill:#ffffff;stroke:none" />
|
||||
<ellipse
|
||||
cx="7.9089999"
|
||||
cy="6.1869998"
|
||||
rx="1.359"
|
||||
ry="0.40000001"
|
||||
id="ellipse168"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<path
|
||||
d="M 9.269,6.187 L 9.269,8.585 C 9.269,8.806 8.66,8.985 7.909,8.985 C 7.159,8.985 6.55,8.806 6.55,8.585 L 6.55,6.187"
|
||||
id="path170"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2.7190001"
|
||||
height="2.3989999"
|
||||
x="14.112"
|
||||
y="6.1999998"
|
||||
id="rect172"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<ellipse
|
||||
cx="15.472"
|
||||
cy="8.599"
|
||||
rx="1.359"
|
||||
ry="0.40000001"
|
||||
id="ellipse174"
|
||||
style="fill:#ffffff;stroke:none" />
|
||||
<ellipse
|
||||
cx="15.472"
|
||||
cy="6.1999998"
|
||||
rx="1.359"
|
||||
ry="0.40000001"
|
||||
id="ellipse176"
|
||||
style="fill:#ffffff;stroke:none" />
|
||||
<ellipse
|
||||
cx="15.472"
|
||||
cy="6.1999998"
|
||||
rx="1.359"
|
||||
ry="0.40000001"
|
||||
id="ellipse178"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<path
|
||||
d="M 16.831,6.2 L 16.831,8.599 C 16.831,8.82 16.223,8.999 15.472,8.999 C 14.721,8.999 14.112,8.82 14.112,8.599 L 14.112,6.2"
|
||||
id="path180"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="5.7249999"
|
||||
y1="7.3499999"
|
||||
x2="6.5250001"
|
||||
y2="7.3499999"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line182"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="16.825001"
|
||||
y1="7.4000001"
|
||||
x2="17.75"
|
||||
y2="7.375"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line184"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<path
|
||||
d="M 8.65,9.2 C 9.0031969,10.514524 10.174957,11.443114 11.535409,11.486614 C 12.89586,11.530113 14.124549,10.678275 14.561,9.389"
|
||||
id="path186"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1;stroke-dasharray:0.1, 0.1" />
|
||||
<polyline
|
||||
fill="none"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
points="14.713,9.830 14.597,9.283 14.229,9.704 "
|
||||
id="polyline188"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="7.02"
|
||||
y="4.9749999"
|
||||
id="text190"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NT4 Registry</text>
|
||||
<text
|
||||
x="7.691"
|
||||
y="5.5749998"
|
||||
id="text192"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">SAM</text>
|
||||
<text
|
||||
x="13.871"
|
||||
y="4.9250002"
|
||||
id="text194"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba SAM</text>
|
||||
<text
|
||||
x="13.221"
|
||||
y="5.5250001"
|
||||
id="text196"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">(ldapsam or tdbsam)</text>
|
||||
<text
|
||||
x="4.2259998"
|
||||
y="4.0250001"
|
||||
id="text198"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NT4</text>
|
||||
<text
|
||||
x="4.1719999"
|
||||
y="4.8249998"
|
||||
id="text200"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">PDC</text>
|
||||
<text
|
||||
x="17.992001"
|
||||
y="4"
|
||||
id="text202"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
|
||||
<text
|
||||
x="18.407"
|
||||
y="4.8000002"
|
||||
id="text204"
|
||||
style="font-size:0.80000001px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">DC</text>
|
||||
<text
|
||||
x="5.8540001"
|
||||
y="13.625"
|
||||
id="text206"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">net rpc vampire</text>
|
||||
<text
|
||||
x="5.5139999"
|
||||
y="14.325"
|
||||
id="text208"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Migration migrates:</text>
|
||||
<text
|
||||
x="14.664"
|
||||
y="13.375"
|
||||
id="text210"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">User Accounts</text>
|
||||
<text
|
||||
x="14.557"
|
||||
y="14.075"
|
||||
id="text212"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Domain Groups</text>
|
||||
<text
|
||||
x="14.311"
|
||||
y="14.775"
|
||||
id="text214"
|
||||
style="font-size:0.69999999px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Machine Accounts</text>
|
||||
<line
|
||||
x1="10.725"
|
||||
y1="13.8"
|
||||
x2="12.25"
|
||||
y2="13.818"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line216"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="12.247,14.068 12.75,13.824 12.253,13.568 12.247,14.068 "
|
||||
id="polygon218"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
</svg>
|
After Width: | Height: | Size: 19 KiB |
2148
docs-xml/Samba3-ByExample/images/chap4-net.svg
Normal file
After Width: | Height: | Size: 60 KiB |
3668
docs-xml/Samba3-ByExample/images/chap5-net.svg
Normal file
After Width: | Height: | Size: 96 KiB |
3714
docs-xml/Samba3-ByExample/images/chap6-net.svg
Normal file
After Width: | Height: | Size: 97 KiB |
514
docs-xml/Samba3-ByExample/images/chap7-idresol.svg
Normal file
@ -0,0 +1,514 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
<svg
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
version="1.0"
|
||||
width="17.290001cm"
|
||||
height="13.335cm"
|
||||
viewBox="23.46 19.665 40.75 33"
|
||||
id="svg2">
|
||||
<defs
|
||||
id="defs177" />
|
||||
<rect
|
||||
width="2"
|
||||
height="2"
|
||||
x="29.1"
|
||||
y="23"
|
||||
id="rect4"
|
||||
style="fill:#fff4db;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2"
|
||||
height="2"
|
||||
x="29.1"
|
||||
y="23"
|
||||
id="rect6"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2"
|
||||
height="2"
|
||||
x="32.035"
|
||||
y="27.59"
|
||||
id="rect8"
|
||||
style="fill:#d8d8d8;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2"
|
||||
height="2"
|
||||
x="32.035"
|
||||
y="27.59"
|
||||
id="rect10"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2"
|
||||
height="2.04"
|
||||
x="29.184999"
|
||||
y="27.549999"
|
||||
id="rect12"
|
||||
style="fill:#d0d0d0;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2"
|
||||
height="2.04"
|
||||
x="29.184999"
|
||||
y="27.549999"
|
||||
id="rect14"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2.8399999"
|
||||
height="1.735"
|
||||
x="23.51"
|
||||
y="23.139999"
|
||||
id="rect16"
|
||||
style="fill:#a9d8cb;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2.8399999"
|
||||
height="1.735"
|
||||
x="23.51"
|
||||
y="23.139999"
|
||||
id="rect18"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2.825"
|
||||
height="1.885"
|
||||
x="32.674999"
|
||||
y="20.940001"
|
||||
id="rect20"
|
||||
style="fill:#dedede;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2.825"
|
||||
height="1.885"
|
||||
x="32.674999"
|
||||
y="20.940001"
|
||||
id="rect22"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2.6500001"
|
||||
height="2.01"
|
||||
x="37.799999"
|
||||
y="19.715"
|
||||
id="rect24"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2.6500001"
|
||||
height="2.01"
|
||||
x="37.799999"
|
||||
y="19.715"
|
||||
id="rect26"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2.3"
|
||||
height="2.0150001"
|
||||
x="38.025002"
|
||||
y="22.1"
|
||||
id="rect28"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2.3"
|
||||
height="2.0150001"
|
||||
x="38.025002"
|
||||
y="22.1"
|
||||
id="rect30"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2.25"
|
||||
height="2.0599999"
|
||||
x="35.150002"
|
||||
y="27.565001"
|
||||
id="rect32"
|
||||
style="fill:#d8d8d8;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2.25"
|
||||
height="2.0599999"
|
||||
x="35.150002"
|
||||
y="27.565001"
|
||||
id="rect34"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="24.200001"
|
||||
y="23.9"
|
||||
id="text36"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Windows</text>
|
||||
<text
|
||||
x="24.462999"
|
||||
y="24.5"
|
||||
id="text38"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Client</text>
|
||||
<text
|
||||
x="29.659"
|
||||
y="24.15"
|
||||
id="text40"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">smbd</text>
|
||||
<text
|
||||
x="33.388"
|
||||
y="22.051001"
|
||||
id="text42"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">winbindd</text>
|
||||
<text
|
||||
x="29.76"
|
||||
y="28.676001"
|
||||
id="text44"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NSS</text>
|
||||
<text
|
||||
x="32.653999"
|
||||
y="28.775999"
|
||||
id="text46"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">PAM</text>
|
||||
<text
|
||||
x="35.763"
|
||||
y="28.700001"
|
||||
id="text48"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">LDAP</text>
|
||||
<text
|
||||
x="38.696999"
|
||||
y="23"
|
||||
id="text50"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">W2Kx</text>
|
||||
<text
|
||||
x="38.805"
|
||||
y="23.6"
|
||||
id="text52"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">ADS</text>
|
||||
<text
|
||||
x="38.759998"
|
||||
y="20.6"
|
||||
id="text54"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NT4</text>
|
||||
<text
|
||||
x="38.477001"
|
||||
y="21.200001"
|
||||
id="text56"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Domain</text>
|
||||
<line
|
||||
x1="26.9"
|
||||
y1="24.006001"
|
||||
x2="28.549999"
|
||||
y2="24.000999"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line58"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="26.899,23.756 26.4,24.007 26.901,24.256 26.899,23.756 "
|
||||
id="polygon60"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="28.551,24.251 29.05,24 28.549,23.752 28.551,24.251 "
|
||||
id="polygon62"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="29.52"
|
||||
y1="25.575001"
|
||||
x2="29.504999"
|
||||
y2="27"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line64"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="29.77,25.577 29.525,25.075 29.27,25.572 29.77,25.577 "
|
||||
id="polygon66"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="29.255,26.998 29.5,27.5 29.755,27.003 29.255,26.998 "
|
||||
id="polygon68"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="31.393999"
|
||||
y1="25.190001"
|
||||
x2="32.605999"
|
||||
y2="27.110001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line70"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="31.605,25.057 31.127,24.767 31.182,25.324 31.605,25.057 "
|
||||
id="polygon72"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="32.395,27.243 32.873,27.533 32.818,26.976 32.395,27.243 "
|
||||
id="polygon74"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="31.481001"
|
||||
y1="23.128"
|
||||
x2="32.293999"
|
||||
y2="22.278999"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line76"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="31.3,22.955 31.135,23.489 31.661,23.301 31.3,22.955 "
|
||||
id="polygon78"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="32.475,22.453 32.64,21.919 32.114,22.106 32.475,22.453 "
|
||||
id="polygon80"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="31.552999"
|
||||
y1="24.312"
|
||||
x2="35.821999"
|
||||
y2="27.253"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line82"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="31.695,24.106 31.141,24.028 31.411,24.518 31.695,24.106 "
|
||||
id="polygon84"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="35.68,27.459 36.234,27.537 35.964,27.047 35.68,27.459 "
|
||||
id="polygon86"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="36.066002"
|
||||
y1="21.360001"
|
||||
x2="37.284"
|
||||
y2="20.91"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line88"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="35.979,21.125 35.597,21.533 36.153,21.594 35.979,21.125 "
|
||||
id="polygon90"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="37.371,21.145 37.753,20.737 37.197,20.676 37.371,21.145 "
|
||||
id="polygon92"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="36.013"
|
||||
y1="22.323999"
|
||||
x2="37.512001"
|
||||
y2="22.908001"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line94"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="36.103,22.091 35.547,22.143 35.922,22.557 36.103,22.091 "
|
||||
id="polygon96"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="37.422,23.141 37.978,23.089 37.603,22.675 37.422,23.141 "
|
||||
id="polygon98"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<rect
|
||||
width="2.95"
|
||||
height="2.01"
|
||||
x="37.75"
|
||||
y="24.565001"
|
||||
id="rect100"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2.95"
|
||||
height="2.01"
|
||||
x="37.75"
|
||||
y="24.565001"
|
||||
id="rect102"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="38.654999"
|
||||
y="25.424999"
|
||||
id="text104"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">Samba</text>
|
||||
<text
|
||||
x="38.414001"
|
||||
y="26.025"
|
||||
id="text106"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">PDC/BDC</text>
|
||||
<line
|
||||
x1="34.959"
|
||||
y1="23.228001"
|
||||
x2="37.328999"
|
||||
y2="25.216999"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line108"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="35.12,23.037 34.576,22.907 34.798,23.42 35.12,23.037 "
|
||||
id="polygon110"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="37.168,25.408 37.712,25.538 37.489,25.025 37.168,25.408 "
|
||||
id="polygon112"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<rect
|
||||
width="3.915"
|
||||
height="1.76"
|
||||
x="29.01"
|
||||
y="31.190001"
|
||||
id="rect114"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="3.915"
|
||||
height="1.76"
|
||||
x="29.01"
|
||||
y="31.190001"
|
||||
id="rect116"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<line
|
||||
x1="30.181999"
|
||||
y1="30.139999"
|
||||
x2="30.177999"
|
||||
y2="30.65"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line118"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="30.432,30.142 30.185,29.64 29.932,30.138 30.432,30.142 "
|
||||
id="polygon120"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="29.928,30.648 30.175,31.15 30.428,30.652 29.928,30.648 "
|
||||
id="polygon122"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="31.402"
|
||||
y1="30.853001"
|
||||
x2="32.599998"
|
||||
y2="29.927"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line124"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="31.249,30.656 31.007,31.159 31.555,31.051 31.249,30.656 "
|
||||
id="polygon126"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="32.753,30.124 32.995,29.621 32.447,29.729 32.753,30.124 "
|
||||
id="polygon128"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="34.584999"
|
||||
y1="28.591999"
|
||||
x2="34.599998"
|
||||
y2="28.593"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line130"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="34.586,28.342 34.085,28.59 34.584,28.842 34.586,28.342 "
|
||||
id="polygon132"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="34.599,28.843 35.1,28.595 34.601,28.343 34.599,28.843 "
|
||||
id="polygon134"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<text
|
||||
x="30.027"
|
||||
y="31.975"
|
||||
id="text136"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">/etc/passwd</text>
|
||||
<text
|
||||
x="30.179001"
|
||||
y="32.575001"
|
||||
id="text138"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">/etc/group</text>
|
||||
<rect
|
||||
width="2.0650001"
|
||||
height="1.76"
|
||||
x="33.535"
|
||||
y="31.190001"
|
||||
id="rect140"
|
||||
style="fill:#ffffff;stroke:none;stroke-width:0" />
|
||||
<rect
|
||||
width="2.0650001"
|
||||
height="1.76"
|
||||
x="33.535"
|
||||
y="31.190001"
|
||||
id="rect142"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<text
|
||||
x="34.049"
|
||||
y="32.25"
|
||||
id="text144"
|
||||
style="font-size:0.60000002px;font-style:normal;font-weight:400;text-anchor:start;fill:#000000;font-family:arial">NIS[+]</text>
|
||||
<line
|
||||
x1="34.515999"
|
||||
y1="30.754"
|
||||
x2="33.839001"
|
||||
y2="29.987"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line146"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="34.329,30.919 34.847,31.129 34.704,30.588 34.329,30.919 "
|
||||
id="polygon148"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="34.027,29.822 33.508,29.612 33.652,30.153 34.027,29.822 "
|
||||
id="polygon150"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="33.080002"
|
||||
y1="30.879999"
|
||||
x2="31.639999"
|
||||
y2="29.9"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line152"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="32.94,31.087 33.494,31.162 33.221,30.674 32.94,31.087 "
|
||||
id="polygon154"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="31.78,29.693 31.226,29.618 31.499,30.106 31.78,29.693 "
|
||||
id="polygon156"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<path
|
||||
d="M 34.773,27.172 C 33.554243,26.096992 31.732941,26.07362 30.487,27.117"
|
||||
id="path158"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="30.268,26.92 30.133,27.462 30.648,27.245 30.268,26.92 "
|
||||
id="polygon160"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="34.609,27.296 35.118,27.526 34.997,26.98 34.609,27.296 "
|
||||
id="polygon162"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="33.568001"
|
||||
y1="27.028999"
|
||||
x2="34.02"
|
||||
y2="23.371"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line164"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="33.319,26.998 33.506,27.525 33.816,27.06 33.319,26.998 "
|
||||
id="polygon166"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="34.268,23.402 34.081,22.875 33.772,23.34 34.268,23.402 "
|
||||
id="polygon168"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<line
|
||||
x1="31.264999"
|
||||
y1="27.030001"
|
||||
x2="33.073002"
|
||||
y2="23.292"
|
||||
stroke="#000000"
|
||||
stroke-width="0.100"
|
||||
id="line170"
|
||||
style="stroke:#000000;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="31.039,26.921 31.047,27.48 31.49,27.139 31.039,26.921 "
|
||||
id="polygon172"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
<polygon
|
||||
points="33.298,23.401 33.291,22.842 32.848,23.183 33.298,23.401 "
|
||||
id="polygon174"
|
||||
style="fill:#000000;stroke:none;stroke-width:0.1" />
|
||||
</svg>
|
After Width: | Height: | Size: 15 KiB |
9436
docs-xml/Samba3-ByExample/images/chap7-net-A.svg
Normal file
After Width: | Height: | Size: 244 KiB |
BIN
docs-xml/Samba3-ByExample/images/chap7-net-Ar.png
Normal file
After Width: | Height: | Size: 96 KiB |
9010
docs-xml/Samba3-ByExample/images/chap7-net.svg
Normal file
After Width: | Height: | Size: 233 KiB |
9085
docs-xml/Samba3-ByExample/images/chap7-net2-B.svg
Normal file
After Width: | Height: | Size: 236 KiB |
BIN
docs-xml/Samba3-ByExample/images/chap7-net2-Br.png
Normal file
After Width: | Height: | Size: 98 KiB |
9075
docs-xml/Samba3-ByExample/images/chap7-net2.svg
Normal file
After Width: | Height: | Size: 236 KiB |
BIN
docs-xml/Samba3-ByExample/images/chap7-net2r.png
Normal file
After Width: | Height: | Size: 94 KiB |
BIN
docs-xml/Samba3-ByExample/images/chap7-netr.png
Normal file
After Width: | Height: | Size: 82 KiB |
1321
docs-xml/Samba3-ByExample/images/chap9-ADSDC.svg
Normal file
After Width: | Height: | Size: 35 KiB |
1443
docs-xml/Samba3-ByExample/images/chap9-SambaDC.svg
Normal file
After Width: | Height: | Size: 37 KiB |
BIN
docs-xml/Samba3-ByExample/images/imc-usermanager2.png
Normal file
After Width: | Height: | Size: 89 KiB |
BIN
docs-xml/Samba3-ByExample/images/lam-config.png
Normal file
After Width: | Height: | Size: 72 KiB |
BIN
docs-xml/Samba3-ByExample/images/lam-group-members.png
Normal file
After Width: | Height: | Size: 81 KiB |
BIN
docs-xml/Samba3-ByExample/images/lam-groups.png
Normal file
After Width: | Height: | Size: 92 KiB |
BIN
docs-xml/Samba3-ByExample/images/lam-hosts.png
Normal file
After Width: | Height: | Size: 85 KiB |
BIN
docs-xml/Samba3-ByExample/images/lam-login.png
Normal file
After Width: | Height: | Size: 84 KiB |
BIN
docs-xml/Samba3-ByExample/images/lam-users.png
Normal file
After Width: | Height: | Size: 100 KiB |
BIN
docs-xml/Samba3-ByExample/images/openmag.png
Normal file
After Width: | Height: | Size: 18 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp001.png
Normal file
After Width: | Height: | Size: 31 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp004.png
Normal file
After Width: | Height: | Size: 29 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp006.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp007.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp008.png
Normal file
After Width: | Height: | Size: 19 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp010.png
Normal file
After Width: | Height: | Size: 19 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp011.png
Normal file
After Width: | Height: | Size: 8.4 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp012.png
Normal file
After Width: | Height: | Size: 8.7 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp013.png
Normal file
After Width: | Height: | Size: 29 KiB |
BIN
docs-xml/Samba3-ByExample/images/wxpp015.png
Normal file
After Width: | Height: | Size: 9.5 KiB |
153
docs-xml/Samba3-ByExample/index.xml
Normal file
@ -0,0 +1,153 @@
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE book PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
||||
|
||||
<book id="S3bE"
|
||||
xmlns:xi="http://www.w3.org/2003/XInclude">
|
||||
<title>Samba-3 by Example</title>
|
||||
<subtitle>Practical Exercises in Successful Samba Deployment</subtitle>
|
||||
<bookinfo>
|
||||
<authorgroup>
|
||||
<author>&person.jht;</author>
|
||||
</authorgroup>
|
||||
<pubdate>July, 2006</pubdate>
|
||||
</bookinfo>
|
||||
|
||||
<?latex \clearpage ?>
|
||||
<?latex \setcounter{page}{7} ?>
|
||||
|
||||
<xi:include href="SBE-inside-cover.xml"/>
|
||||
<xi:include href="SBE-acknowledgements.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
|
||||
<toc/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<?latex \listofexamples ?>
|
||||
<?latex \cleardoublepage ?>
|
||||
<lot/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-foreword.xml"/>
|
||||
<xi:include href="SBE-preface.xml"/>
|
||||
<!-- Chapters -->
|
||||
|
||||
<part id="ExNetworks">
|
||||
<title>Example Network Configurations</title>
|
||||
<partintro>
|
||||
<title>Example Network Configurations</title>
|
||||
|
||||
<?latex \pagenumbering{arabic} ?>
|
||||
|
||||
<para>
|
||||
This section of <emphasis>Samba-3 by Example</emphasis> provides example network
|
||||
configurations that can be copied, or modified as needed, and deployed as-is.
|
||||
The contents have been marginally updated to reflect changes made in Samba=3.0.23.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Best use can be made of this book by finding in this section the network design and
|
||||
layout that best approximates your estimated needs. It is recommended that you will
|
||||
implement the design pattern exactly as it appears, then after the installation has
|
||||
been proven to work make any changes or modifications needed at your site.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The examples have been tested with Red Hat Fedora Core 2, Novell SUSE Linux Professional
|
||||
9.3 and Novell SUSE Linux Enterprise Server (SLES) 9. The principals of implementation
|
||||
apply to all Linux and UNIX systems in general, though some system files and tools will
|
||||
be different and the location of some Samba file locations will be different since these
|
||||
are determined by the person who packages Samba for each platform.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you are deploying Samba is a mission-critical environment, or if you simply want
|
||||
to save time and get your Samba network operational with minimal fuss, there is the
|
||||
option to purchase commercial, professional, Samba support. Information regarding
|
||||
commercial support options may be obtained from the commercial
|
||||
<ulink url="http://www.samba.org/samba/support/">support</ulink> pages from
|
||||
the Samba web site.
|
||||
</para>
|
||||
|
||||
</partintro>
|
||||
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-SimpleOfficeServer.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-TheSmallOffice.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-SecureOfficeServer.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-500UserNetwork.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-MakingHappyUsers.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-2000UserNetwork.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
|
||||
</part>
|
||||
|
||||
<part id="DMSMig">
|
||||
<title>Domain Members, Updating Samba and Migration</title>
|
||||
<partintro>
|
||||
<title>Domain Members, Updating Samba and Migration</title>
|
||||
|
||||
<para>
|
||||
This section <emphasis>Samba-3 by Example</emphasis> covers two main topics: How to add
|
||||
Samba Domain Member Servers and Samba Domain Member Clients to a Samba domain, the other
|
||||
subject is that of how to migrate from and NT4 Domain, a NetWare server, or from an earlier
|
||||
Samba version to environments that use the most recent Samba-3 release.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Those who are making use of the chapter on Adding UNIX clients and servers running Samba
|
||||
to a Samba or a Windows networking domain may also benefit by referring to the book
|
||||
<emphasis>The Official Samba-3 HOWTO and Reference Guide.</emphasis>
|
||||
</para>
|
||||
|
||||
</partintro>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-AddingUNIXClients.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-UpgradingSamba.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-MigrateNT4Samba3.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-MigrateNW4Samba3.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
</part>
|
||||
|
||||
<part id="RefSection">
|
||||
<title>Reference Section</title>
|
||||
<partintro>
|
||||
<title>Reference Section</title>
|
||||
|
||||
<para>
|
||||
This section <emphasis>Samba-3 by Example</emphasis> provides important reference material
|
||||
that may help you to solve network performance issues, to answer some of the critiques
|
||||
published regarding Samba, or just to gain a more broad understanding of how Samba can
|
||||
play in a Windows networking world.
|
||||
</para>
|
||||
|
||||
</partintro>
|
||||
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-KerberosFastStart.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-DomainAppsSupport.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-HighAvailability.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-Support.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-Appendix1.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="SBE-Appendix2.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<xi:include href="gpl-3.0.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
|
||||
</part>
|
||||
|
||||
<xi:include href="SBE-glossary.xml"/>
|
||||
<?latex \cleardoublepage ?>
|
||||
<index/>
|
||||
|
||||
</book>
|