sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code

Updating html stuff.

Browse Source
This commit is contained in:
John Terpstra 0001-01-01 00:00:00 +00:00
parent f65370b5c4
commit ab1f2fe4a8
17 changed files with 3433 additions and 542 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

342
docs/htmldocs/Samba-Developers-Guide.html
View File

File diff suppressed because one or more lines are too long

13
docs/htmldocs/bugreport.html
View File

@ -1,4 +1,5 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 35. Reporting Bugs</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="previous" href="problems.html" title="Chapter 34. Analysing and solving samba problems"><link rel="next" href="Appendixes.html" title="Part VI. Appendixes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 35. Reporting Bugs</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="problems.html">Prev</a> </td><th width="60%" align="center">Part V. Troubleshooting</th><td width="20%" align="right"> <a accesskey="n" href="Appendixes.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="bugreport"></a>Chapter 35. Reporting Bugs</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="surname">Someone; Tridge or Karl Auer perhaps?</span></h3></div></div><div><p class="pubdate"> 27 June 1997 </p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="bugreport.html#id3011690">Introduction</a></dt><dt><a href="bugreport.html#id3011912">General info</a></dt><dt><a href="bugreport.html#id3011949">Debug levels</a></dt><dt><a href="bugreport.html#id3012091">Internal errors</a></dt><dt><a href="bugreport.html#id3012199">Attaching to a running process</a></dt><dt><a href="bugreport.html#id3012246">Patches</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011690"></a>Introduction</h2></div></div><div></div></div><p>Please report bugs using
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 35. Reporting Bugs</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="previous" href="problems.html" title="Chapter 34. Analysing and solving samba problems"><link rel="next" href="Appendixes.html" title="Part VI. Appendixes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 35. Reporting Bugs</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="problems.html">Prev</a> </td><th width="60%" align="center">Part V. Troubleshooting</th><td width="20%" align="right"> <a accesskey="n" href="Appendixes.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="bugreport"></a>Chapter 35. Reporting Bugs</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="surname">Someone; Tridge or Karl Auer perhaps?</span></h3></div></div><div><p class="pubdate"> 27 June 1997 </p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="bugreport.html#id3009871">Introduction</a></dt><dt><a href="bugreport.html#id3009931">General info</a></dt><dt><a href="bugreport.html#id3009966">Debug levels</a></dt><dt><a href="bugreport.html#id3008063">Internal errors</a></dt><dt><a href="bugreport.html#id3008171">Attaching to a running process</a></dt><dt><a href="bugreport.html#id3007672">Patches</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3009871"></a>Introduction</h2></div></div><div></div></div><p>Please report bugs using
<a href="https://bugzilla.samba.org/" target="_top">bugzilla</a>.</p><p>
Please take the time to read this file before you submit a bug
report. Also, please see if it has changed between releases, as we
@ -20,7 +21,7 @@ that list that may be able to help you.
You may also like to look though the recent mailing list archives,
which are conveniently accessible on the Samba web pages
at <a href="http://samba.org/samba/" target="_top">http://samba.org/samba/</a>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011912"></a>General info</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3009931"></a>General info</h2></div></div><div></div></div><p>
Before submitting a bug report check your config for silly
errors. Look in your log files for obvious messages that tell you that
you've misconfigured something and run testparm to test your config
@ -32,7 +33,7 @@ This is very important.
If you include part of a log file with your bug report then be sure to
annotate it with exactly what you were doing on the client at the
time, and exactly what the results were.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011949"></a>Debug levels</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3009966"></a>Debug levels</h2></div></div><div></div></div><p>
If the bug has anything to do with Samba behaving incorrectly as a
server (like refusing to open a file) then the log files will probably
be very useful. Depending on the problem a log level of between 3 and
@ -67,7 +68,7 @@ debugging operations you may not need a setting higher than
<tt class="constant">3</tt>. Nearly
all bugs can be tracked at a setting of <tt class="constant">10</tt>, but be
prepared for a VERY large volume of log data.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012091"></a>Internal errors</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3008063"></a>Internal errors</h2></div></div><div></div></div><p>
If you get a <span class="errorname">INTERNAL ERROR</span> message in your log files
it means that Samba got an unexpected signal while running. It is probably a
segmentation fault and almost certainly means a bug in Samba (unless
@ -100,7 +101,7 @@ disassemble the routine that called it) and try to work out exactly
where the problem is by looking at the surrounding code. Even if you
don't know assembly then incuding this info in the bug report can be
useful.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012199"></a>Attaching to a running process</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3008171"></a>Attaching to a running process</h2></div></div><div></div></div><p>
Unfortunately some unixes (in particular some recent linux kernels)
refuse to dump a core file if the task has changed uid (which smbd
does often). To debug with this sort of system you could try to attach
@ -110,7 +111,7 @@ to the running process using
Then use <b class="command">c</b> to continue and try to cause the core dump
using the client. The debugger should catch the fault and tell you
where it occurred.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012246"></a>Patches</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3007672"></a>Patches</h2></div></div><div></div></div><p>
The best sort of bug report is one that includes a fix! If you send us
patches please use <b class="userinput"><tt>diff -u</tt></b> format if your version of
diff supports it, otherwise use <b class="userinput"><tt>diff -c4</tt></b>. Make sure

13
docs/htmldocs/diagnosis.html
View File

@ -1,4 +1,5 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 33. The samba checklist</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="previous" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="next" href="problems.html" title="Chapter 34. Analysing and solving samba problems"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 33. The samba checklist</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><th width="60%" align="center">Part V. Troubleshooting</th><td width="20%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="diagnosis"></a>Chapter 33. The samba checklist</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">Wed Jan 15</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="diagnosis.html#id3005492">Introduction</a></dt><dt><a href="diagnosis.html#id3007352">Assumptions</a></dt><dt><a href="diagnosis.html#id3007529">The tests</a></dt><dt><a href="diagnosis.html#id3008704">Still having troubles?</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3005492"></a>Introduction</h2></div></div><div></div></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 33. The samba checklist</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="previous" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="next" href="problems.html" title="Chapter 34. Analysing and solving samba problems"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 33. The samba checklist</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><th width="60%" align="center">Part V. Troubleshooting</th><td width="20%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="diagnosis"></a>Chapter 33. The samba checklist</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">Wed Jan 15</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="diagnosis.html#id3003201">Introduction</a></dt><dt><a href="diagnosis.html#id3003235">Assumptions</a></dt><dt><a href="diagnosis.html#id3003407">The tests</a></dt><dt><a href="diagnosis.html#id3006959">Still having troubles?</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003201"></a>Introduction</h2></div></div><div></div></div><p>
This file contains a list of tests you can perform to validate your
Samba server. It also tells you what the likely cause of the problem
is if it fails any one of these steps. If it passes all these tests
@ -13,7 +14,7 @@ to solve a problem.
If you send one of the samba mailing lists an email saying &quot;it doesn't work&quot;
and you have not followed this test procedure then you should not be surprised
if your email is ignored.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3007352"></a>Assumptions</h2></div></div><div></div></div><p>
</p></div><div xmlns:ns98="" class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003235"></a>Assumptions</h2></div></div><div></div></div><p>
In all of the tests it is assumed you have a Samba server called
BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.
</p><p>
@ -30,8 +31,8 @@ following to <tt class="filename">smb.conf</tt>:
path = /tmp
read only = yes
</pre><p>
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
</pre><ns98:p>
</ns98:p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
These tests assume version 3.0 or later of the samba suite.
Some commands shown did not exist in earlier versions.
</p></div><p>
@ -54,7 +55,7 @@ depending on how or if you specified logging in your <tt class="filename">smb.co
</p><p>
If you make changes to your <tt class="filename">smb.conf</tt> file while going through these test,
don't forget to restart <span class="application">smbd</span> and <span class="application">nmbd</span>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3007529"></a>The tests</h2></div></div><div></div></div><div class="procedure"><p class="title"><b>Procedure 33.1. Diagnosing your samba server</b></p><ol type="1"><li><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003407"></a>The tests</h2></div></div><div></div></div><div class="procedure"><p class="title"><b>Procedure 33.1. Diagnosing your samba server</b></p><ol type="1"><li><p>
In the directory in which you store your <tt class="filename">smb.conf</tt> file, run the command
<b class="userinput"><tt>testparm smb.conf</tt></b>. If it reports any errors then your <tt class="filename">smb.conf</tt>
configuration file is faulty.
@ -297,6 +298,6 @@ capability and is in user level security mode. In this case either set
<i class="parameter"><tt>password server = Windows_NT_Machine</tt></i> in your
<tt class="filename">smb.conf</tt> file, or make sure <i class="parameter"><tt>encrypted passwords</tt></i> is
set to &quot;yes&quot;.
</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3008704"></a>Still having troubles?</h2></div></div><div></div></div><p>Read the chapter on
</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3006959"></a>Still having troubles?</h2></div></div><div></div></div><p>Read the chapter on
<a href="problems.html" title="Chapter 34. Analysing and solving samba problems">Analysing and Solving Problems</a>.
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="troubleshooting.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part V. Troubleshooting </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 34. Analysing and solving samba problems</td></tr></table></div></body></html>

71
docs/htmldocs/groupmapping.html
View File

@ -1,4 +1,5 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 12. Mapping MS Windows and Unix Groups</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="passdb.html" title="Chapter 11. Account Information Databases"><link rel="next" href="AccessControls.html" title="Chapter 13. File, Directory and Share Access Controls"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Mapping MS Windows and Unix Groups</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="passdb.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="AccessControls.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="groupmapping"></a>Chapter 12. Mapping MS Windows and Unix Groups</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jean François</span> <span class="surname">Micouleau</span></h3></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jerry@samba.org">jerry@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="groupmapping.html#id2921059">Features and Benefits</a></dt><dt><a href="groupmapping.html#id2921161">Discussion</a></dt><dd><dl><dt><a href="groupmapping.html#id2921352">Example Configuration</a></dt></dl></dd><dt><a href="groupmapping.html#id2921416">Configuration Scripts</a></dt><dd><dl><dt><a href="groupmapping.html#id2921430">Sample smb.conf add group script</a></dt><dt><a href="groupmapping.html#id2921498">Script to configure Group Mapping</a></dt></dl></dd><dt><a href="groupmapping.html#id2921590">Common Errors</a></dt><dd><dl><dt><a href="groupmapping.html#id2921606">Adding Groups Fails</a></dt><dt><a href="groupmapping.html#id2921666">Adding MS Windows Groups to MS Windows Groups Fails</a></dt></dl></dd></dl></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 12. Mapping MS Windows and Unix Groups</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="passdb.html" title="Chapter 11. Account Information Databases"><link rel="next" href="AccessControls.html" title="Chapter 13. File, Directory and Share Access Controls"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Mapping MS Windows and Unix Groups</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="passdb.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="AccessControls.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="groupmapping"></a>Chapter 12. Mapping MS Windows and Unix Groups</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jean François</span> <span class="surname">Micouleau</span></h3></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jerry@samba.org">jerry@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="groupmapping.html#id2916109">Features and Benefits</a></dt><dt><a href="groupmapping.html#id2916209">Discussion</a></dt><dd><dl><dt><a href="groupmapping.html#id2916398">Example Configuration</a></dt></dl></dd><dt><a href="groupmapping.html#id2916463">Configuration Scripts</a></dt><dd><dl><dt><a href="groupmapping.html#id2916477">Sample smb.conf add group script</a></dt><dt><a href="groupmapping.html#id2916544">Script to configure Group Mapping</a></dt></dl></dd><dt><a href="groupmapping.html#id2916618">Common Errors</a></dt><dd><dl><dt><a href="groupmapping.html#id2916633">Adding Groups Fails</a></dt><dt><a href="groupmapping.html#id2916694">Adding MS Windows Groups to MS Windows Groups Fails</a></dt></dl></dd></dl></div><p>
Starting with Samba-3, new group mapping functionality is available to create associations
between Windows group SIDs and UNIX groups. The <i class="parameter"><tt>groupmap</tt></i> subcommand
included with the <span class="application">net</span> tool can be used to manage these associations.
@ -8,7 +9,7 @@
be specified in <tt class="filename">smb.conf</tt>. This parameter was used to give the listed users membership
in the <tt class="constant">Domain Admins</tt> Windows group which gave local admin rights on their workstations
(in default configurations).
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921059"></a>Features and Benefits</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2916109"></a>Features and Benefits</h2></div></div><div></div></div><p>
Samba allows the administrator to create MS Windows NT4 / 200x group accounts and to
arbitrarily associate them with Unix/Linux group accounts.
</p><p>
@ -31,7 +32,7 @@
Another work-around is to manually create a Unix/Linux group, then manually create the
MS Windows NT4 / 200x group on the Samba server and then use the <b class="command">net groupmap</b>
tool to connect the two to each other.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921161"></a>Discussion</h2></div></div><div></div></div><p>
</p></div><div xmlns:ns26="" class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2916209"></a>Discussion</h2></div></div><div></div></div><p>
When installing <span class="application">MS Windows NT4 / 200x</span> on a computer, the installation
program creates default users and groups. Notably the <tt class="constant">Administrators</tt> group,
and gives to that group privileges necessary privilidges to perform essential system tasks.
@ -50,19 +51,19 @@
The following steps describe how to make samba PDC users members of the 'Domain Admins' group?
</p><div class="orderedlist"><ol type="1"><li><p>
create a unix group (usually in <tt class="filename">/etc/group</tt>), let's call it domadm
</p></li><li><p>add to this group the users that must be Administrators. For example
</p></li><li xmlns:ns24=""><p>add to this group the users that must be Administrators. For example
if you want joe,john and mary, your entry in <tt class="filename">/etc/group</tt> will
look like:
</p><pre class="programlisting">
domadm:x:502:joe,john,mary
</pre><p>
</p></li><li><p>
</pre><ns24:p>
</ns24:p></li><li xmlns:ns25=""><p>
Map this domadm group to the &quot;Domain Admins&quot; group by running the command:
</p><p>
</p><pre class="screen">
</p><ns25:p>
</ns25:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>net groupmap add ntgroup=&quot;Domain Admins&quot; unixgroup=domadm</tt></b>
</pre><p>
</p><p>
</pre><ns25:p>
</ns25:p><p>
The quotes around &quot;Domain Admins&quot; are necessary due to the space in the group name.
Also make sure to leave no whitespace surrounding the equal character (=).
</p></li></ol></div><p>
@ -72,36 +73,36 @@
making any UNIX group a Windows domain group. For example, if you wanted to include a
UNIX group (e.g. acct) in a ACL on a local file or printer on a domain member machine,
you would flag that group as a domain group by running the following on the Samba PDC:
</p><p>
</p><pre class="screen">
</p><ns26:p>
</ns26:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>net groupmap add rid=1000 ntgroup=&quot;Accounting&quot; unixgroup=acct</tt></b>
</pre><p>
</p><p>
</pre><ns26:p>
</ns26:p><p>
Be aware that the RID parmeter is a unsigned 32 bit integer that should
normally start at 1000. However, this rid must not overlap with any RID assigned
to a user. Verifying this is done differently depending on on the passdb backend
you are using. Future versions of the tools may perform the verification automatically,
but for now the burden is on you.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921352"></a>Example Configuration</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2916398"></a>Example Configuration</h3></div></div><div></div></div><p>
You can list the various groups in the mapping database by executing
<b class="command">net groupmap list</b>. Here is an example:
</p><p>
</p><pre class="screen">
</p><ns26:p>
</ns26:p><pre class="screen">
<tt class="prompt">root# </tt> <b class="userinput"><tt>net groupmap list</tt></b>
System Administrators (S-1-5-21-2547222302-1596225915-2414751004-1002) -&gt; sysadmin
Domain Admins (S-1-5-21-2547222302-1596225915-2414751004-512) -&gt; domadmin
Domain Users (S-1-5-21-2547222302-1596225915-2414751004-513) -&gt; domuser
Domain Guests (S-1-5-21-2547222302-1596225915-2414751004-514) -&gt; domguest
</pre><p>
</p><p>
</pre><ns26:p>
</ns26:p><p>
For complete details on <b class="command">net groupmap</b>, refer to the net(8) man page.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921416"></a>Configuration Scripts</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2916463"></a>Configuration Scripts</h2></div></div><div></div></div><p>
Everyone needs tools. Some of us like to create our own, others prefer to use canned tools
(ie: prepared by someone else for general use).
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921430"></a>Sample <tt class="filename">smb.conf</tt> add group script</h3></div></div><div></div></div><p>
</p><div xmlns:ns27="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2916477"></a>Sample <tt class="filename">smb.conf</tt> add group script</h3></div></div><div></div></div><p>
A script to great complying group names for use by the samba group interfaces:
</p><p>
</p><div class="example"><a name="id2921453"></a><p class="title"><b>Example 12.1. smbgrpadd.sh</b></p><pre class="programlisting">
</p><ns27:p>
</ns27:p><div class="example"><a name="id2916499"></a><p class="title"><b>Example 12.1. smbgrpadd.sh</b></p><pre class="programlisting">
#!/bin/bash
@ -116,17 +117,17 @@ cat /etc/group | sed s/smbtmpgrp00/$1/g &gt; /etc/group
# Now return the GID as would normally happen.
echo $thegid
exit 0
</pre></div><p>
</p><p>
</pre></div><ns27:p>
</ns27:p><ns27:p>
The <tt class="filename">smb.conf</tt> entry for the above script would look like:
</p><pre class="programlisting">
</ns27:p><pre class="programlisting">
add group script = /path_to_tool/smbgrpadd.sh %g
</pre><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921498"></a>Script to configure Group Mapping</h3></div></div><div></div></div><p>
</pre><ns27:p>
</ns27:p></div><div xmlns:ns28="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2916544"></a>Script to configure Group Mapping</h3></div></div><div></div></div><p>
In our example we have created a Unix/Linux group called <i class="parameter"><tt>ntadmin</tt></i>.
Our script will create the additional groups <i class="parameter"><tt>Engineers, Marketoids, Gnomes</tt></i>:
</p><p>
</p><pre class="programlisting">
</p><ns28:p>
</ns28:p><pre class="programlisting">
#!/bin/bash
net groupmap modify ntgroup=&quot;Domain Admins&quot; unixgroup=ntadmin
@ -149,16 +150,16 @@ net groupmap modify ntgroup=&quot;Power Users&quot; unixgroup=sys
#net groupmap add ntgroup=&quot;Engineers&quot; unixgroup=Engineers type=d
#net groupmap add ntgroup=&quot;Marketoids&quot; unixgroup=Marketoids type=d
#net groupmap add ntgroup=&quot;Gnomes&quot; unixgroup=Gnomes type=d
</pre><p>
</p><p>
</pre><ns28:p>
</ns28:p><p>
Of course it is expected that the admininstrator will modify this to suit local needs.
For information regarding the use of the <b class="command">net groupmap</b> tool please
refer to the man page.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921590"></a>Common Errors</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2916618"></a>Common Errors</h2></div></div><div></div></div><p>
At this time there are many little surprises for the unwary administrator. In a real sense
it is imperative that every step of automated control scripts must be carefully tested
manually before putting them into active service.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921606"></a>Adding Groups Fails</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2916633"></a>Adding Groups Fails</h3></div></div><div></div></div><p>
This is a common problem when the <b class="command">groupadd</b> is called directly
by the samba interface script for the <i class="parameter"><tt>add group script</tt></i> in
the <tt class="filename">smb.conf</tt> file.
@ -172,6 +173,6 @@ manually before putting them into active service.
third option is to manually create a Unix/Linux group account that can substitute
for the MS Windows group name, then use the procedure listed above to map that group
to the MS Windows group.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921666"></a>Adding MS Windows Groups to MS Windows Groups Fails</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2916694"></a>Adding MS Windows Groups to MS Windows Groups Fails</h3></div></div><div></div></div><p>
Samba-3 does NOT support nested groups from the MS Windows control environment.
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="passdb.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="AccessControls.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 11. Account Information Databases </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 13. File, Directory and Share Access Controls</td></tr></table></div></body></html>

45
docs/htmldocs/install.html
View File

@ -1,6 +1,7 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 2. How to Install and Test SAMBA</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="introduction.html" title="Part I. General Installation"><link rel="previous" href="IntroSMB.html" title="Chapter 1. Introduction to Samba"><link rel="next" href="FastStart.html" title="Chapter 3. FastStart for the Impatient"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 2. How to Install and Test SAMBA</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="IntroSMB.html">Prev</a> </td><th width="60%" align="center">Part I. General Installation</th><td width="20%" align="right"> <a accesskey="n" href="FastStart.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="install"></a>Chapter 2. How to Install and Test SAMBA</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Karl</span> <span class="surname">Auer</span></h3></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="install.html#id2886809">Obtaining and installing samba</a></dt><dt><a href="install.html#id2886850">Configuring samba (smb.conf)</a></dt><dd><dl><dt><a href="install.html#id2886887">Example Configuration</a></dt><dt><a href="install.html#id2887037">SWAT</a></dt></dl></dd><dt><a href="install.html#id2887081">Try listing the shares available on your
server</a></dt><dt><a href="install.html#id2887132">Try connecting with the unix client</a></dt><dt><a href="install.html#id2887232">Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</a></dt><dt><a href="install.html#id2887296">What If Things Don't Work?</a></dt><dt><a href="install.html#id2887329">Common Errors</a></dt><dd><dl><dt><a href="install.html#id2887342">Why are so many smbd processes eating memory?</a></dt><dt><a href="install.html#id2887558">I'm getting &quot;open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested&quot; in the logs</a></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2886809"></a>Obtaining and installing samba</h2></div></div><div></div></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 2. How to Install and Test SAMBA</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="introduction.html" title="Part I. General Installation"><link rel="previous" href="IntroSMB.html" title="Chapter 1. Introduction to Samba"><link rel="next" href="FastStart.html" title="Chapter 3. FastStart for the Impatient"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 2. How to Install and Test SAMBA</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="IntroSMB.html">Prev</a> </td><th width="60%" align="center">Part I. General Installation</th><td width="20%" align="right"> <a accesskey="n" href="FastStart.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="install"></a>Chapter 2. How to Install and Test SAMBA</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Karl</span> <span class="surname">Auer</span></h3></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="install.html#id2885029">Obtaining and installing samba</a></dt><dt><a href="install.html#id2885071">Configuring samba (smb.conf)</a></dt><dd><dl><dt><a href="install.html#id2884644">Example Configuration</a></dt><dt><a href="install.html#id2884788">SWAT</a></dt></dl></dd><dt><a href="install.html#id2884832">Try listing the shares available on your
server</a></dt><dt><a href="install.html#id2884338">Try connecting with the unix client</a></dt><dt><a href="install.html#id2884440">Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</a></dt><dt><a href="install.html#id2884501">What If Things Don't Work?</a></dt><dt><a href="install.html#id2884530">Common Errors</a></dt><dd><dl><dt><a href="install.html#id2884543">Why are so many smbd processes eating memory?</a></dt><dt><a href="install.html#id2885918">I'm getting &quot;open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested&quot; in the logs</a></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2885029"></a>Obtaining and installing samba</h2></div></div><div></div></div><p>
Binary packages of samba are included in almost any Linux or
Unix distribution. There are also some packages available at
<a href="http://samba.org/" target="_top">the samba homepage</a>.
@ -8,29 +9,29 @@
<a href="compiling.html" title="Chapter 36. How to compile SAMBA">appropriate appendix chapter</a>.</p><p>If you have already installed samba, or if your operating system
was pre-installed with samba, then you may not need to bother with this
chapter. On the other hand, you may want to read this chapter anyhow
for information about updating samba.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2886850"></a>Configuring samba (smb.conf)</h2></div></div><div></div></div><p>
for information about updating samba.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2885071"></a>Configuring samba (smb.conf)</h2></div></div><div></div></div><p>
Samba's configuration is stored in the <tt class="filename">smb.conf</tt> file,
that usually resides in <tt class="filename">/etc/samba/smb.conf</tt>
or <tt class="filename">/usr/local/samba/lib/smb.conf</tt>. You can either
edit this file yourself or do it using one of the many graphical
tools that are available, such as the web-based interface swat, that
is included with samba.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2886887"></a>Example Configuration</h3></div></div><div></div></div><p>
</p><div xmlns:ns2="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2884644"></a>Example Configuration</h3></div></div><div></div></div><p>
There are sample configuration files in the examples subdirectory in the
distribution. I suggest you read them carefully so you can see how the options
go together in practice. See the man page for all the options.
</p><p>
The simplest useful configuration file would be something like this:
</p><p>
</p><pre class="programlisting">
</p><ns2:p>
</ns2:p><pre class="programlisting">
[global]
workgroup = MYGROUP
[homes]
guest ok = no
read only = no
</pre><p>
</p><p>
</pre><ns2:p>
</ns2:p><p>
This will allow connections by anyone with an account on the server, using either
their login name or &quot;<i class="parameter"><tt>homes</tt></i>&quot; as the service name.
(Note that the workgroup that Samba must also be set.)
@ -42,7 +43,7 @@
For more information about security settings for the
<i class="parameter"><tt>[homes]</tt></i> share please refer to the chapter
<a href="securing-samba.html" title="Chapter 15. Securing Samba">Securing Samba</a>.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2886982"></a>Test your config file with <b class="command">testparm</b></h4></div></div><div></div></div><p>
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2884735"></a>Test your config file with <b class="command">testparm</b></h4></div></div><div></div></div><p>
It's important that you test the validity of your <tt class="filename">smb.conf</tt>
file using the <span class="application">testparm</span> program. If testparm runs OK
then it will list the loaded services. If not it will give an error message.
@ -50,7 +51,7 @@
Make sure it runs OK and that the services look reasonable before proceeding.
</p><p>
Always run testparm again when you change <tt class="filename">smb.conf</tt>!
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2887037"></a>SWAT</h3></div></div><div></div></div><p>
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2884788"></a>SWAT</h3></div></div><div></div></div><p>
SWAT is a web-based interface that helps you configure samba.
SWAT might not be available in the samba package on your platform,
but in a separate package. Please read the swat manpage
@ -66,7 +67,7 @@
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be sent
in the clear over the wire.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2887081"></a>Try listing the shares available on your
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2884832"></a>Try listing the shares available on your
server</h2></div></div><div></div></div><p><tt class="prompt">$ </tt><b class="userinput"><tt>smbclient -L
<i class="replaceable"><tt>yourhostname</tt></i></tt></b></p><p>You should get back a list of shares available on
your server. If you don't then something is incorrectly setup.
@ -76,7 +77,7 @@
See the <b class="command">smbclient</b> man page for details. (you
can force it to list the shares without a password by
adding the option -U% to the command line. This will not work
with non-Samba servers)</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2887132"></a>Try connecting with the unix client</h2></div></div><div></div></div><p><tt class="prompt">$ </tt><b class="userinput"><tt>smbclient <i class="replaceable"><tt>
with non-Samba servers)</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2884338"></a>Try connecting with the unix client</h2></div></div><div></div></div><p><tt class="prompt">$ </tt><b class="userinput"><tt>smbclient <i class="replaceable"><tt>
//yourhostname/aservice</tt></i></tt></b></p><p>Typically the <i class="replaceable"><tt>yourhostname</tt></i>
would be the name of the host where you installed <span class="application">smbd</span>.
The <i class="replaceable"><tt>aservice</tt></i> is
@ -85,18 +86,18 @@
section
in <tt class="filename">smb.conf</tt>.</p><p>For example if your unix host is <i class="replaceable"><tt>bambi</tt></i>
and your login name is <i class="replaceable"><tt>fred</tt></i> you would type:</p><p><tt class="prompt">$ </tt><b class="userinput"><tt>smbclient //<i class="replaceable"><tt>bambi</tt></i>/<i class="replaceable"><tt>fred</tt></i>
</tt></b></p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2887232"></a>Try connecting from a DOS, WfWg, Win9x, WinNT,
</tt></b></p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2884440"></a>Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</h2></div></div><div></div></div><p>Try mounting disks. eg:</p><p><tt class="prompt">C:\WINDOWS\&gt; </tt><b class="userinput"><tt>net use d: \\servername\service
</tt></b></p><p>Try printing. eg:</p><p><tt class="prompt">C:\WINDOWS\&gt; </tt><b class="userinput"><tt>net use lpt1:
\\servername\spoolservice</tt></b></p><p><tt class="prompt">C:\WINDOWS\&gt; </tt><b class="userinput"><tt>print filename
</tt></b></p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2887296"></a>What If Things Don't Work?</h2></div></div><div></div></div><p>Then you might read the file chapter
</tt></b></p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2884501"></a>What If Things Don't Work?</h2></div></div><div></div></div><p>Then you might read the file chapter
<a href="diagnosis.html" title="Chapter 33. The samba checklist">Diagnosis</a> and the
FAQ. If you are still stuck then try to follow
the <a href="problems.html" title="Chapter 34. Analysing and solving samba problems">Analysing and Solving Problems chapter</a>
Samba has been successfully installed at thousands of sites worldwide,
so maybe someone else has hit your problem and has overcome it. </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2887329"></a>Common Errors</h2></div></div><div></div></div><p>
so maybe someone else has hit your problem and has overcome it. </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2884530"></a>Common Errors</h2></div></div><div></div></div><p>
The following questions and issues get raised on the samba mailing list over and over again.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2887342"></a>Why are so many smbd processes eating memory?</h3></div></div><div></div></div><p>
</p><div xmlns:ns3="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2884543"></a>Why are so many smbd processes eating memory?</h3></div></div><div></div></div><p>
&#8220;<span class="quote">
Site that is running Samba on an AIX box. They are sharing out about 2 terabytes using samba.
Samba was installed using smitty and the binaries. We seem to be experiencing a memory problem
@ -108,8 +109,8 @@ processes of smbd running:
Is samba suppose to start this many different smbd processes? Or does it run as one smbd process? Also
is it normal for it to be taking up this much memory?
</span>&#8221;
</p><p>
</p><pre class="screen">
</p><ns3:p>
</ns3:p><pre class="screen">
Inuse * 4096 = amount of memory being used by this process
Pid Command Inuse Pin Pgsp Virtual 64-bit Mthrd
@ -136,8 +137,8 @@ Inuse * 4096 = amount of memory being used by this process
19110 smbd 8404 1906 181 4862 N N
Total memory used: 841,592,832 bytes
</pre><p>
</p><p>
</pre><ns3:p>
</ns3:p><p>
Samba consists on three core programs:
<span class="application">nmbd</span>, <span class="application">smbd</span>, <span class="application">winbindd</span>. <span class="application">nmbd</span> is the name server message daemon,
<span class="application">smbd</span> is the server message daemon, <span class="application">winbindd</span> is the daemon that
@ -152,4 +153,4 @@ connection made. That is why you are seeing so many of them, one (1) per client
</p><p>
<span class="application">winbindd</span> will run as one or two daemons, depending on whether or not it is being
run in &quot;split mode&quot; (in which case there will be two instances).
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2887558"></a>I'm getting &quot;open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested&quot; in the logs</h3></div></div><div></div></div><p>Your loopback device isn't working correctly. Make sure it's running. </p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="IntroSMB.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="introduction.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="FastStart.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 1. Introduction to Samba </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 3. FastStart for the Impatient</td></tr></table></div></body></html>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2885918"></a>I'm getting &quot;open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested&quot; in the logs</h3></div></div><div></div></div><p>Your loopback device isn't working correctly. Make sure it's running. </p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="IntroSMB.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="introduction.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="FastStart.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 1. Introduction to Samba </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 3. FastStart for the Impatient</td></tr></table></div></body></html>

45
docs/htmldocs/integrate-ms-networks.html
View File

@ -1,4 +1,5 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 26. Integrating MS Windows networks with Samba</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="pam.html" title="Chapter 25. PAM based Distributed Authentication"><link rel="next" href="unicode.html" title="Chapter 27. Unicode/Charsets"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 26. Integrating MS Windows networks with Samba</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pam.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="unicode.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="integrate-ms-networks"></a>Chapter 26. Integrating MS Windows networks with Samba</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate"> (Jan 01 2001) </p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="integrate-ms-networks.html#id2999128">Features and Benefits</a></dt><dt><a href="integrate-ms-networks.html#id2999152">Background Information</a></dt><dt><a href="integrate-ms-networks.html#id2999197">Name Resolution in a pure Unix/Linux world</a></dt><dd><dl><dt><a href="integrate-ms-networks.html#id2999254">/etc/hosts</a></dt><dt><a href="integrate-ms-networks.html#id2999378">/etc/resolv.conf</a></dt><dt><a href="integrate-ms-networks.html#id2999422">/etc/host.conf</a></dt><dt><a href="integrate-ms-networks.html#id2999464">/etc/nsswitch.conf</a></dt></dl></dd><dt><a href="integrate-ms-networks.html#id2999552">Name resolution as used within MS Windows networking</a></dt><dd><dl><dt><a href="integrate-ms-networks.html#id2999700">The NetBIOS Name Cache</a></dt><dt><a href="integrate-ms-networks.html#id2999745">The LMHOSTS file</a></dt><dt><a href="integrate-ms-networks.html#id2999989">HOSTS file</a></dt><dt><a href="integrate-ms-networks.html#id3000021">DNS Lookup</a></dt><dt><a href="integrate-ms-networks.html#id3000046">WINS Lookup</a></dt></dl></dd><dt><a href="integrate-ms-networks.html#id3000117">Common Errors</a></dt><dd><dl><dt><a href="integrate-ms-networks.html#id3000133">My Boomerang Won't Come Back</a></dt><dt><a href="integrate-ms-networks.html#id3000164">Very Slow Network Connections</a></dt><dt><a href="integrate-ms-networks.html#id3000216">Samba server name change problem</a></dt></dl></dd></dl></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 26. Integrating MS Windows networks with Samba</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="pam.html" title="Chapter 25. PAM based Distributed Authentication"><link rel="next" href="unicode.html" title="Chapter 27. Unicode/Charsets"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 26. Integrating MS Windows networks with Samba</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pam.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="unicode.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="integrate-ms-networks"></a>Chapter 26. Integrating MS Windows networks with Samba</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate"> (Jan 01 2001) </p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="integrate-ms-networks.html#id2997481">Features and Benefits</a></dt><dt><a href="integrate-ms-networks.html#id2997505">Background Information</a></dt><dt><a href="integrate-ms-networks.html#id2997550">Name Resolution in a pure Unix/Linux world</a></dt><dd><dl><dt><a href="integrate-ms-networks.html#id2997602">/etc/hosts</a></dt><dt><a href="integrate-ms-networks.html#id2997726">/etc/resolv.conf</a></dt><dt><a href="integrate-ms-networks.html#id2995876">/etc/host.conf</a></dt><dt><a href="integrate-ms-networks.html#id2995919">/etc/nsswitch.conf</a></dt></dl></dd><dt><a href="integrate-ms-networks.html#id2996007">Name resolution as used within MS Windows networking</a></dt><dd><dl><dt><a href="integrate-ms-networks.html#id2996132">The NetBIOS Name Cache</a></dt><dt><a href="integrate-ms-networks.html#id2996176">The LMHOSTS file</a></dt><dt><a href="integrate-ms-networks.html#id2996290">HOSTS file</a></dt><dt><a href="integrate-ms-networks.html#id2996322">DNS Lookup</a></dt><dt><a href="integrate-ms-networks.html#id2996347">WINS Lookup</a></dt></dl></dd><dt><a href="integrate-ms-networks.html#id2996418">Common Errors</a></dt><dd><dl><dt><a href="integrate-ms-networks.html#id2996434">My Boomerang Won't Come Back</a></dt><dt><a href="integrate-ms-networks.html#id2996465">Very Slow Network Connections</a></dt><dt><a href="integrate-ms-networks.html#id2996517">Samba server name change problem</a></dt></dl></dd></dl></div><p>
This section deals with NetBIOS over TCP/IP name to IP address resolution. If
your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this
section does not apply to your installation. If your installation involves use of
@ -9,7 +10,7 @@ NetBIOS over TCP/IP then this section may help you to resolve networking problem
to NOT run NetBEUI at all. Note also that there is NO such thing as
NetBEUI over TCP/IP - the existence of such a protocol is a complete
and utter mis-apprehension.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2999128"></a>Features and Benefits</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2997481"></a>Features and Benefits</h2></div></div><div></div></div><p>
Many MS Windows network administrators have never been exposed to basic TCP/IP
networking as it is implemented in a Unix/Linux operating system. Likewise, many Unix and
Linux adminsitrators have not been exposed to the intricacies of MS Windows TCP/IP based
@ -17,7 +18,7 @@ networking (and may have no desire to be either).
</p><p>
This chapter gives a short introduction to the basics of how a name can be resolved to
it's IP address for each operating system environment.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2999152"></a>Background Information</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2997505"></a>Background Information</h2></div></div><div></div></div><p>
Since the introduction of MS Windows 2000 it is possible to run MS Windows networking
without the use of NetBIOS over TCP/IP. NetBIOS over TCP/IP uses UDP port 137 for NetBIOS
name resolution and uses TCP port 139 for NetBIOS session services. When NetBIOS over
@ -33,9 +34,9 @@ disable NetBIOS over TCP/IP today use MS Active Directory Service (ADS). ADS req
Dynamic DNS with Service Resource Records (SRV RR) and with Incremental Zone Transfers (IXFR).
Use of DHCP with ADS is recommended as a further means of maintaining central control
over client workstation network configuration.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2999197"></a>Name Resolution in a pure Unix/Linux world</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2997550"></a>Name Resolution in a pure Unix/Linux world</h2></div></div><div></div></div><p>
The key configuration files covered in this section are:
</p><div class="itemizedlist"><ul type="disc"><li><p><tt class="filename">/etc/hosts</tt></p></li><li><p><tt class="filename">/etc/resolv.conf</tt></p></li><li><p><tt class="filename">/etc/host.conf</tt></p></li><li><p><tt class="filename">/etc/nsswitch.conf</tt></p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2999254"></a><tt class="filename">/etc/hosts</tt></h3></div></div><div></div></div><p>
</p><div class="itemizedlist"><ul type="disc"><li><p><tt class="filename">/etc/hosts</tt></p></li><li><p><tt class="filename">/etc/resolv.conf</tt></p></li><li><p><tt class="filename">/etc/host.conf</tt></p></li><li><p><tt class="filename">/etc/nsswitch.conf</tt></p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2997602"></a><tt class="filename">/etc/hosts</tt></h3></div></div><div></div></div><p>
Contains a static list of IP Addresses and names.
eg:
</p><pre class="screen">
@ -92,7 +93,7 @@ primary names by which they are known within the local machine.
This file helps to prime the pump so that a basic level of name
resolution can exist before any other method of name resolution
becomes available.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2999378"></a><tt class="filename">/etc/resolv.conf</tt></h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2997726"></a><tt class="filename">/etc/resolv.conf</tt></h3></div></div><div></div></div><p>
This file tells the name resolution libraries:
</p><div class="itemizedlist"><ul type="disc"><li><p>The name of the domain to which the machine
belongs
@ -102,7 +103,7 @@ This file tells the name resolution libraries:
</p></li><li><p>The name or IP address of available Domain
Name Servers that may be asked to perform name to address
translation lookups
</p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2999422"></a><tt class="filename">/etc/host.conf</tt></h3></div></div><div></div></div><p>
</p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995876"></a><tt class="filename">/etc/host.conf</tt></h3></div></div><div></div></div><p>
<tt class="filename">/etc/host.conf</tt> is the primary means by
which the setting in /etc/resolv.conf may be affected. It is a
critical configuration file. This file controls the order by
@ -113,7 +114,7 @@ which name resolution may procede. The typical structure is:
</pre><p>
then both addresses should be returned. Please refer to the
man page for host.conf for further details.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2999464"></a><tt class="filename">/etc/nsswitch.conf</tt></h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995919"></a><tt class="filename">/etc/nsswitch.conf</tt></h3></div></div><div></div></div><p>
This file controls the actual name resolution targets. The
file typically has resolver object specifications as follows:
</p><pre class="screen">
@ -157,7 +158,7 @@ the <tt class="filename">/etc/nsswitch.conf</tt> file. At this point it
will be possible to ping any MS Windows machine by it's NetBIOS
machine name, so long as that machine is within the workgroup to
which both the samba machine and the MS Windows machine belong.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2999552"></a>Name resolution as used within MS Windows networking</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2996007"></a>Name resolution as used within MS Windows networking</h2></div></div><div></div></div><p>
MS Windows networking is predicated about the name each machine
is given. This name is known variously (and inconsistently) as
the &quot;computer name&quot;, &quot;machine name&quot;, &quot;networking name&quot;, &quot;netbios name&quot;,
@ -228,7 +229,7 @@ NBT or NetBT, the NetBIOS over TCP/IP.
MS Windows machines use a complex array of name resolution mechanisms.
Since we are primarily concerned with TCP/IP this demonstration is
limited to this area.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2999700"></a>The NetBIOS Name Cache</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996132"></a>The NetBIOS Name Cache</h3></div></div><div></div></div><p>
All MS Windows machines employ an in memory buffer in which is
stored the NetBIOS names and IP addresses for all external
machines that that machine has communicated with over the
@ -246,7 +247,7 @@ frustrating for users - but it is a characteristic of the protocol.
The MS Windows utility that allows examination of the NetBIOS
name cache is called &quot;nbtstat&quot;. The Samba equivalent of this
is called <b class="command">nmblookup</b>.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2999745"></a>The LMHOSTS file</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996176"></a>The LMHOSTS file</h3></div></div><div></div></div><p>
This file is usually located in MS Windows NT 4.0 or
2000 in <tt class="filename">C:\WINNT\SYSTEM32\DRIVERS\ETC</tt> and contains
the IP Address and the machine name in matched pairs. The
@ -331,14 +332,14 @@ It typically looks like:
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.
</pre></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2999989"></a>HOSTS file</h3></div></div><div></div></div><p>
</pre></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996290"></a>HOSTS file</h3></div></div><div></div></div><p>
This file is usually located in MS Windows NT 4.0 or 2000 in
<tt class="filename">C:\WINNT\SYSTEM32\DRIVERS\ETC</tt> and contains
the IP Address and the IP hostname in matched pairs. It can be
used by the name resolution infrastructure in MS Windows, depending
on how the TCP/IP environment is configured. This file is in
every way the equivalent of the Unix/Linux <tt class="filename">/etc/hosts</tt> file.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3000021"></a>DNS Lookup</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996322"></a>DNS Lookup</h3></div></div><div></div></div><p>
This capability is configured in the TCP/IP setup area in the network
configuration facility. If enabled an elaborate name resolution sequence
is followed the precise nature of which is dependant on what the NetBIOS
@ -349,7 +350,7 @@ cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to
Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the
WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast
lookup is used.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3000046"></a>WINS Lookup</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996347"></a>WINS Lookup</h3></div></div><div></div></div><p>
A WINS (Windows Internet Name Server) service is the equivaent of the
rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores
the names and IP addresses that are registered by a Windows client
@ -368,11 +369,11 @@ needed in the <tt class="filename">smb.conf</tt> file:
</pre><p>
where <i class="replaceable"><tt>xxx.xxx.xxx.xxx</tt></i> is the IP address
of the WINS server.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3000117"></a>Common Errors</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2996418"></a>Common Errors</h2></div></div><div></div></div><p>
TCP/IP network configuration problems find every network administrator sooner or later.
The cause can be anything from keybaord mishaps, forgetfulness, simple mistakes, and
carelessness. Of course, noone is every deliberately careless!
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3000133"></a>My Boomerang Won't Come Back</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996434"></a>My Boomerang Won't Come Back</h3></div></div><div></div></div><p>
Well, the real complaint said, &quot;I can ping my samba server from Windows, but I can
not ping my Windows machine from the samba server.&quot;
</p><p>
@ -382,9 +383,9 @@ carelessness. Of course, noone is every deliberately careless!
</p><p>
Due to inconsistent netmasks, the Windows machine was on network 192.168.1.0/24, while
the Samba server was on network 192.168.1.128/25 - logically a different network.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3000164"></a>Very Slow Network Connections</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996465"></a>Very Slow Network Connections</h3></div></div><div></div></div><p>
A common causes of slow network response includes:
</p><div class="itemizedlist"><ul type="disc"><li><p>Client is configured to use DNS and DNS server is down</p></li><li><p>Client is configured to use remote DNS server, but remote connection is down</p></li><li><p>Client is configured to use a WINS server, but there is no WINS server</p></li><li><p>Client is NOT configured to use a WINS server, but there is a WINS server</p></li><li><p>Firewall is filtering our DNS or WINS traffic</p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3000216"></a>Samba server name change problem</h3></div></div><div></div></div><p>
</p><div class="itemizedlist"><ul type="disc"><li><p>Client is configured to use DNS and DNS server is down</p></li><li><p>Client is configured to use remote DNS server, but remote connection is down</p></li><li><p>Client is configured to use a WINS server, but there is no WINS server</p></li><li><p>Client is NOT configured to use a WINS server, but there is a WINS server</p></li><li><p>Firewall is filtering our DNS or WINS traffic</p></li></ul></div></div><div xmlns:ns93="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996517"></a>Samba server name change problem</h3></div></div><div></div></div><p>
The name of the samba server was changed, samba was restarted, samba server can not be
pinged by new name from MS Windows NT4 Workstation, but it does still respond to ping using
the old name. Why?
@ -393,8 +394,8 @@ carelessness. Of course, noone is every deliberately careless!
</p><div class="itemizedlist"><ul type="disc"><li><p>WINS is NOT in use, only broadcast based name resolution is used</p></li><li><p>The samba server was renamed and restarted within the last 10-15 minutes</p></li><li><p>The old samba server name is still in the NetBIOS name cache on the MS Windows NT4 Workstation</p></li></ul></div><p>
To find what names are present in the NetBIOS name cache on the MS Windows NT4 machine,
open a cmd shell, then:
</p><p>
</p><pre class="screen">
</p><ns93:p>
</ns93:p><pre class="screen">
C:\temp\&gt;nbtstat -n
NetBIOS Local Name Table
@ -418,8 +419,8 @@ carelessness. Of course, noone is every deliberately careless!
FRODO &lt;20&gt; UNIQUE 192.168.1.1 240
C:\Temp\&gt;
</pre><p>
</p><p>
</pre><ns93:p>
</ns93:p><p>
In the above example, FRODO is the Samba server and SLACK is the MS Windows NT4 Workstation.
The first listing shows the contents of the Local Name Table (ie: Identity information on
the MS Windows workstation), the second shows the NetBIOS name in the NetBIOS name cache.

9
docs/htmldocs/introduction.html
View File

@ -1,5 +1,6 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part I. General Installation</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="index.html" title="SAMBA Project Documentation"><link rel="next" href="IntroSMB.html" title="Chapter 1. Introduction to Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part I. General Installation</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="IntroSMB.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="introduction"></a>General Installation</h1></div></div><div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2884272"></a>Preparing Samba for Configuration</h1></div></div><div></div></div><p>This section of the Samba-HOWTO-Collection contains general info on how to install samba
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part I. General Installation</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="index.html" title="SAMBA Project Documentation"><link rel="next" href="IntroSMB.html" title="Chapter 1. Introduction to Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part I. General Installation</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="IntroSMB.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="introduction"></a>General Installation</h1></div></div><div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2883915"></a>Preparing Samba for Configuration</h1></div></div><div></div></div><p>This section of the Samba-HOWTO-Collection contains general info on how to install samba
and how to configure the parts of samba you will most likely need.
PLEASE read this.</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt>1. <a href="IntroSMB.html">Introduction to Samba</a></dt><dd><dl><dt><a href="IntroSMB.html#id2885554">Background</a></dt><dt><a href="IntroSMB.html#id2885765">Terminology</a></dt><dt><a href="IntroSMB.html#id2885920">Related Projects</a></dt><dt><a href="IntroSMB.html#id2885988">SMB Methodology</a></dt><dt><a href="IntroSMB.html#id2886076">Epilogue</a></dt><dt><a href="IntroSMB.html#id2886150">Miscellaneous</a></dt></dl></dd><dt>2. <a href="install.html">How to Install and Test SAMBA</a></dt><dd><dl><dt><a href="install.html#id2886809">Obtaining and installing samba</a></dt><dt><a href="install.html#id2886850">Configuring samba (smb.conf)</a></dt><dd><dl><dt><a href="install.html#id2886887">Example Configuration</a></dt><dt><a href="install.html#id2887037">SWAT</a></dt></dl></dd><dt><a href="install.html#id2887081">Try listing the shares available on your
server</a></dt><dt><a href="install.html#id2887132">Try connecting with the unix client</a></dt><dt><a href="install.html#id2887232">Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</a></dt><dt><a href="install.html#id2887296">What If Things Don't Work?</a></dt><dt><a href="install.html#id2887329">Common Errors</a></dt><dd><dl><dt><a href="install.html#id2887342">Why are so many smbd processes eating memory?</a></dt><dt><a href="install.html#id2887558">I'm getting &quot;open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested&quot; in the logs</a></dt></dl></dd></dl></dd><dt>3. <a href="FastStart.html">FastStart for the Impatient</a></dt><dd><dl><dt><a href="FastStart.html#id2886685">Note</a></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="IntroSMB.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">SAMBA Project Documentation </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 1. Introduction to Samba</td></tr></table></div></body></html>
PLEASE read this.</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt>1. <a href="IntroSMB.html">Introduction to Samba</a></dt><dd><dl><dt><a href="IntroSMB.html#id2885255">Background</a></dt><dt><a href="IntroSMB.html#id2885309">Terminology</a></dt><dt><a href="IntroSMB.html#id2884034">Related Projects</a></dt><dt><a href="IntroSMB.html#id2884102">SMB Methodology</a></dt><dt><a href="IntroSMB.html#id2884189">Epilogue</a></dt><dt><a href="IntroSMB.html#id2884263">Miscellaneous</a></dt></dl></dd><dt>2. <a href="install.html">How to Install and Test SAMBA</a></dt><dd><dl><dt><a href="install.html#id2885029">Obtaining and installing samba</a></dt><dt><a href="install.html#id2885071">Configuring samba (smb.conf)</a></dt><dd><dl><dt><a href="install.html#id2884644">Example Configuration</a></dt><dt><a href="install.html#id2884788">SWAT</a></dt></dl></dd><dt><a href="install.html#id2884832">Try listing the shares available on your
server</a></dt><dt><a href="install.html#id2884338">Try connecting with the unix client</a></dt><dt><a href="install.html#id2884440">Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</a></dt><dt><a href="install.html#id2884501">What If Things Don't Work?</a></dt><dt><a href="install.html#id2884530">Common Errors</a></dt><dd><dl><dt><a href="install.html#id2884543">Why are so many smbd processes eating memory?</a></dt><dt><a href="install.html#id2885918">I'm getting &quot;open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested&quot; in the logs</a></dt></dl></dd></dl></dd><dt>3. <a href="FastStart.html">FastStart for the Impatient</a></dt><dd><dl><dt><a href="FastStart.html#id2886367">Note</a></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="IntroSMB.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">SAMBA Project Documentation </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 1. Introduction to Samba</td></tr></table></div></body></html>

5
docs/htmldocs/msdfs.html
View File

@ -1,6 +1,7 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 17. Hosting a Microsoft Distributed File System tree on Samba</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="InterdomainTrusts.html" title="Chapter 16. Interdomain Trust Relationships"><link rel="next" href="printing.html" title="Chapter 18. Classical Printing Support"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 17. Hosting a Microsoft Distributed File System tree on Samba</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="InterdomainTrusts.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="printing.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="msdfs"></a>Chapter 17. Hosting a Microsoft Distributed File System tree on Samba</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Shirish</span> <span class="surname">Kalele</span></h3><div class="affiliation"><span class="orgname">Samba Team &amp; Veritas Software<br></span><div class="address"><p><br>
<tt class="email">&lt;<a href="mailto:samba@samba.org">samba@samba.org</a>&gt;</tt><br>
</p></div></div></div></div><div><p class="pubdate">12 Jul 2000</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="msdfs.html#id2932887">Features and Benefits</a></dt><dt><a href="msdfs.html#id2934539">Common Errors</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2932887"></a>Features and Benefits</h2></div></div><div></div></div><p>
</p></div></div></div></div><div><p class="pubdate">12 Jul 2000</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="msdfs.html#id2928926">Features and Benefits</a></dt><dt><a href="msdfs.html#id2930336">Common Errors</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2928926"></a>Features and Benefits</h2></div></div><div></div></div><p>
The Distributed File System (or DFS) provides a means of separating the logical
view of files and directories that users see from the actual physical locations
of these resources on the network. It allows for higher availability, smoother
@ -52,7 +53,7 @@
network shares you want, and start Samba.</p><p>Users on DFS-aware clients can now browse the DFS tree
on the Samba server at \\samba\dfs. Accessing
links linka or linkb (which appear as directories to the client)
takes users directly to the appropriate shares on the network.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2934539"></a>Common Errors</h2></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>Windows clients need to be rebooted
takes users directly to the appropriate shares on the network.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2930336"></a>Common Errors</h2></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>Windows clients need to be rebooted
if a previously mounted non-dfs share is made a dfs
root or vice versa. A better way is to introduce a
new share and make it the dfs root.</p></li><li><p>Currently there's a restriction that msdfs

51
docs/htmldocs/optional.html
View File

File diff suppressed because one or more lines are too long

81
docs/htmldocs/pam.html
View File

@ -1,4 +1,5 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 25. PAM based Distributed Authentication</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="ProfileMgmt.html" title="Chapter 24. Desktop Profile Management"><link rel="next" href="integrate-ms-networks.html" title="Chapter 26. Integrating MS Windows networks with Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 25. PAM based Distributed Authentication</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ProfileMgmt.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="integrate-ms-networks.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="pam"></a>Chapter 25. PAM based Distributed Authentication</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><tt class="email">&lt;<a href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">May 31, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="pam.html#id2995226">Features and Benefits</a></dt><dt><a href="pam.html#id2995494">Technical Discussion</a></dt><dd><dl><dt><a href="pam.html#id2995512">PAM Configuration Syntax</a></dt><dt><a href="pam.html#id2996183">Example System Configurations</a></dt><dt><a href="pam.html#id2996484">smb.conf PAM Configuration</a></dt><dt><a href="pam.html#id2996541">Remote CIFS Authentication using winbindd.so</a></dt><dt><a href="pam.html#id2996625">Password Synchronization using pam_smbpass.so</a></dt></dl></dd><dt><a href="pam.html#id2996992">Common Errors</a></dt><dd><dl><dt><a href="pam.html#id2997005">pam_winbind problem</a></dt></dl></dd></dl></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 25. PAM based Distributed Authentication</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="ProfileMgmt.html" title="Chapter 24. Desktop Profile Management"><link rel="next" href="integrate-ms-networks.html" title="Chapter 26. Integrating MS Windows networks with Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 25. PAM based Distributed Authentication</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ProfileMgmt.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="integrate-ms-networks.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="pam"></a>Chapter 25. PAM based Distributed Authentication</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><tt class="email">&lt;<a href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">May 31, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="pam.html#id2993246">Features and Benefits</a></dt><dt><a href="pam.html#id2992101">Technical Discussion</a></dt><dd><dl><dt><a href="pam.html#id2992118">PAM Configuration Syntax</a></dt><dt><a href="pam.html#id2992783">Example System Configurations</a></dt><dt><a href="pam.html#id2995216">smb.conf PAM Configuration</a></dt><dt><a href="pam.html#id2995273">Remote CIFS Authentication using winbindd.so</a></dt><dt><a href="pam.html#id2995357">Password Synchronization using pam_smbpass.so</a></dt></dl></dd><dt><a href="pam.html#id2995723">Common Errors</a></dt><dd><dl><dt><a href="pam.html#id2995737">pam_winbind problem</a></dt></dl></dd></dl></div><p>
This chapter you should help you to deploy winbind based authentication on any PAM enabled
Unix/Linux system. Winbind can be used to enable user level application access authentication
from any MS Windows NT Domain, MS Windows 200x Active Directory based domain, or any Samba
@ -9,7 +10,7 @@ In addition to knowing how to configure winbind into PAM, you will learn generic
possibilities and in particular how to deploy tools like pam_smbpass.so to your adavantage.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
The use of Winbind require more than PAM configuration alone. Please refer to <a href="winbind.html" title="Chapter 21. Integrated Logon Support using Winbind">the Winbind chapter</a>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2995226"></a>Features and Benefits</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2993246"></a>Features and Benefits</h2></div></div><div></div></div><p>
A number of Unix systems (eg: Sun Solaris), as well as the xxxxBSD family and Linux,
now utilize the Pluggable Authentication Modules (PAM) facility to provide all authentication,
authorization and resource control services. Prior to the introduction of PAM, a decision
@ -67,12 +68,12 @@ of distributed samba domain controllers that can provide wide are network bandwi
efficient authentication services for PAM capable systems. In effect, this allows the
deployment of centrally managed and maintained distributed authentication from a single
user account database.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2995494"></a>Technical Discussion</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2992101"></a>Technical Discussion</h2></div></div><div></div></div><p>
PAM is designed to provide the system administrator with a great deal of flexibility in
configuration of the privilege granting applications of their system. The local
configuration of system security controlled by PAM is contained in one of two places:
either the single system file, /etc/pam.conf; or the /etc/pam.d/ directory.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995512"></a>PAM Configuration Syntax</h3></div></div><div></div></div><p>
</p><div xmlns:ns89="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2992118"></a>PAM Configuration Syntax</h3></div></div><div></div></div><p>
In this section we discuss the correct syntax of and generic options respected by entries to these files.
PAM specific tokens in the configuration file are case insensitive. The module paths, however, are case
sensitive since they indicate a file's name and reflect the case dependence of typical file-systems.
@ -86,22 +87,22 @@ If the PAM authentication module (loadable link library file) is located in the
default location then it is not necessary to specify the path. In the case of
Linux, the default location is <tt class="filename">/lib/security</tt>. If the module
is located outside the default then the path must be specified as:
</p><p>
</p><pre class="screen">
</p><ns89:p>
</ns89:p><pre class="screen">
auth required /other_path/pam_strange_module.so
</pre><p>
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2995568"></a>Anatomy of <tt class="filename">/etc/pam.d</tt> Entries</h4></div></div><div></div></div><p>
</pre><ns89:p>
</ns89:p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2992174"></a>Anatomy of <tt class="filename">/etc/pam.d</tt> Entries</h4></div></div><div></div></div><p>
The remaining information in this subsection was taken from the documentation of the Linux-PAM
project. For more information on PAM, see
<a href="http://ftp.kernel.org/pub/linux/libs/pam/" target="_top">
http://ftp.kernel.org/pub/linux/libs/pam</a> The Official Linux-PAM home page.
</p><p>
A general configuration line of the /etc/pam.conf file has the following form:
</p><p>
</p><pre class="screen">
</p><ns89:p>
</ns89:p><pre class="screen">
service-name module-type control-flag module-path args
</pre><p>
</p><p>
</pre><ns89:p>
</ns89:p><p>
Below, we explain the meaning of each of these tokens. The second (and more recently adopted)
way of configuring Linux-PAM is via the contents of the <tt class="filename">/etc/pam.d/</tt> directory.
Once we have explained the meaning of the above tokens, we will describe this method.
@ -218,8 +219,8 @@ Once we have explained the meaning of the above tokens, we will describe this me
</p></li></ul></div><p>
Each of the four keywords: required; requisite; sufficient; and optional, have an equivalent expression in
terms of the [...] syntax. They are as follows:
</p><p>
</p><div class="itemizedlist"><ul type="disc"><li><p>
</p><ns89:p>
</ns89:p><div class="itemizedlist"><ul type="disc"><li><p>
required is equivalent to [success=ok new_authtok_reqd=ok ignore=ignore default=bad]
</p></li><li><p>
requisite is equivalent to [success=ok new_authtok_reqd=ok ignore=ignore default=die]
@ -227,8 +228,8 @@ Once we have explained the meaning of the above tokens, we will describe this me
sufficient is equivalent to [success=done new_authtok_reqd=done default=ignore]
</p></li><li><p>
optional is equivalent to [success=ok new_authtok_reqd=ok default=ignore]
</p></li></ul></div><p>
</p><p>
</p></li></ul></div><ns89:p>
</ns89:p><p>
Just to get a feel for the power of this new syntax, here is a taste of what you can do with it. With Linux-PAM-0.63,
the notion of client plug-in agents was introduced. This is something that makes it possible for PAM to support
machine-machine authentication using the transport protocol inherent to the client/server application. With the
@ -260,13 +261,13 @@ squid auth required pam_mysql.so user=passwd_query passwd=mada \
Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the
side of caution) to make the authentication process fail. A corresponding error is written to the system log files
with a call to syslog(3).
</p></dd></dl></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996183"></a>Example System Configurations</h3></div></div><div></div></div><p>
</p></dd></dl></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2992783"></a>Example System Configurations</h3></div></div><div></div></div><p>
The following is an example <tt class="filename">/etc/pam.d/login</tt> configuration file.
This example had all options been uncommented is probably not usable
as it stacks many conditions before allowing successful completion
of the login process. Essentially all conditions can be disabled
by commenting them out except the calls to <tt class="filename">pam_pwdb.so</tt>.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996213"></a>PAM: original login config</h4></div></div><div></div></div><pre class="screen">
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2992814"></a>PAM: original login config</h4></div></div><div></div></div><pre class="screen">
#%PAM-1.0
# The PAM configuration file for the `login' service
#
@ -281,10 +282,10 @@ session required pam_pwdb.so
# session optional pam_lastlog.so
# password required pam_cracklib.so retry=3
password required pam_pwdb.so shadow md5
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996239"></a>PAM: login using pam_smbpass</h4></div></div><div></div></div><p>
</pre></div><div xmlns:ns90="" class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2992841"></a>PAM: login using pam_smbpass</h4></div></div><div></div></div><p>
PAM allows use of replacable modules. Those available on a sample system include:
</p><p><tt class="prompt">$</tt><b class="userinput"><tt>/bin/ls /lib/security</tt></b>
</p><pre class="screen">
</p><ns90:p><tt class="prompt">$</tt><b class="userinput"><tt>/bin/ls /lib/security</tt></b>
</ns90:p><pre class="screen">
pam_access.so pam_ftp.so pam_limits.so
pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so
pam_cracklib.so pam_group.so pam_listfile.so
@ -360,7 +361,7 @@ authentication to be configured in a single central file. The
on the basis that it allows for easier administration. As with all issues in
life though, every decision makes trade-offs, so you may want examine the
PAM documentation for further helpful information.
</p></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996484"></a>smb.conf PAM Configuration</h3></div></div><div></div></div><p>
</p></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995216"></a>smb.conf PAM Configuration</h3></div></div><div></div></div><p>
There is an option in smb.conf called <a href="smb.conf.5.html#OBEYPAMRESTRICTIONS" target="_top">obey pam restrictions</a>.
The following is from the on-line help for this option in SWAT;
</p><p>
@ -375,7 +376,7 @@ ignores PAM for authentication in the case of
The reason is that PAM modules cannot support the challenge/response
authentication mechanism needed in the presence of SMB
password encryption.
</p><p>Default: <i class="parameter"><tt>obey pam restrictions = no</tt></i></p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996541"></a>Remote CIFS Authentication using winbindd.so</h3></div></div><div></div></div><p>
</p><p>Default: <i class="parameter"><tt>obey pam restrictions = no</tt></i></p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995273"></a>Remote CIFS Authentication using winbindd.so</h3></div></div><div></div></div><p>
All operating systems depend on the provision of users credentials accecptable to the platform.
Unix requires the provision of a user identifier (UID) as well as a group identifier (GID).
These are both simple integer type numbers that are obtained from a password backend such
@ -401,7 +402,7 @@ Microsoft Active Directory Service (ADS) in so far as reduction of wide area net
The rid to unix id database is the only location where the user and group mappings are
stored by winbindd. If this file is deleted or corrupted, there is no way for winbindd
to determine which user and group ids correspond to Windows NT user and group rids.
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996625"></a>Password Synchronization using pam_smbpass.so</h3></div></div><div></div></div><p>
</p></div></div><div xmlns:ns91="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995357"></a>Password Synchronization using pam_smbpass.so</h3></div></div><div></div></div><p>
pam_smbpass is a PAM module which can be used on conforming systems to
keep the smbpasswd (Samba password) database in sync with the unix
password file. PAM (Pluggable Authentication Modules) is an API supported
@ -412,21 +413,21 @@ This module authenticates a local smbpasswd user database. If you require
support for authenticating against a remote SMB server, or if you're
concerned about the presence of suid root binaries on your system, it is
recommended that you use pam_winbind instead.
</p><p>
</p><ns91:p>
Options recognized by this module are as follows:
</p><div class="table"><a name="id2996658"></a><p class="title"><b>Table 25.1. Options recognized by pam_smbpass</b></p><table summary="Options recognized by pam_smbpass" border="1"><colgroup><col><col></colgroup><tbody><tr><td align="left">debug</td><td align="left">log more debugging info</td></tr><tr><td align="left">audit</td><td align="left">like debug, but also logs unknown usernames</td></tr><tr><td align="left">use_first_pass</td><td align="left">don't prompt the user for passwords; take them from PAM_ items instead</td></tr><tr><td align="left">try_first_pass</td><td align="left">try to get the password from a previous PAM module, fall back to prompting the user</td></tr><tr><td align="left">use_authtok</td><td align="left">like try_first_pass, but *fail* if the new PAM_AUTHTOK has not been previously set. (intended for stacking password modules only)</td></tr><tr><td align="left">not_set_pass</td><td align="left">don't make passwords used by this module available to other modules.</td></tr><tr><td align="left">nodelay</td><td align="left">don't insert ~1 second delays on authentication failure.</td></tr><tr><td align="left">nullok</td><td align="left">null passwords are allowed.</td></tr><tr><td align="left">nonull</td><td align="left">null passwords are not allowed. Used to override the Samba configuration.</td></tr><tr><td align="left">migrate</td><td align="left">only meaningful in an &quot;auth&quot; context; used to update smbpasswd file with a password used for successful authentication.</td></tr><tr><td align="left">smbconf=<i class="replaceable"><tt>file</tt></i></td><td align="left">specify an alternate path to the <tt class="filename">smb.conf</tt> file.</td></tr></tbody></table></div><p>
</p><p>
</ns91:p><div class="table"><a name="id2995388"></a><p class="title"><b>Table 25.1. Options recognized by pam_smbpass</b></p><table summary="Options recognized by pam_smbpass" border="1"><colgroup><col><col></colgroup><tbody><tr><td align="left">debug</td><td align="left">log more debugging info</td></tr><tr><td align="left">audit</td><td align="left">like debug, but also logs unknown usernames</td></tr><tr><td align="left">use_first_pass</td><td align="left">don't prompt the user for passwords; take them from PAM_ items instead</td></tr><tr><td align="left">try_first_pass</td><td align="left">try to get the password from a previous PAM module, fall back to prompting the user</td></tr><tr><td align="left">use_authtok</td><td align="left">like try_first_pass, but *fail* if the new PAM_AUTHTOK has not been previously set. (intended for stacking password modules only)</td></tr><tr><td align="left">not_set_pass</td><td align="left">don't make passwords used by this module available to other modules.</td></tr><tr><td align="left">nodelay</td><td align="left">don't insert ~1 second delays on authentication failure.</td></tr><tr><td align="left">nullok</td><td align="left">null passwords are allowed.</td></tr><tr><td align="left">nonull</td><td align="left">null passwords are not allowed. Used to override the Samba configuration.</td></tr><tr><td align="left">migrate</td><td align="left">only meaningful in an &quot;auth&quot; context; used to update smbpasswd file with a password used for successful authentication.</td></tr><tr><td align="left">smbconf=<i class="replaceable"><tt>file</tt></i></td><td align="left">specify an alternate path to the <tt class="filename">smb.conf</tt> file.</td></tr></tbody></table></div><ns91:p>
</ns91:p><ns91:p>
Thanks go to the following people:
</p><table class="simplelist" border="0" summary="Simple list"><tr><td><a href="mailto:morgan@transmeta.com" target="_top">Andrew Morgan</a>, for providing the Linux-PAM
</ns91:p><table class="simplelist" border="0" summary="Simple list"><tr><td><a href="mailto:morgan@transmeta.com" target="_top">Andrew Morgan</a>, for providing the Linux-PAM
framework, without which none of this would have happened</td></tr><tr><td><a href="gafton@redhat.com" target="_top">Christian Gafton</a> and Andrew Morgan again, for the
pam_pwdb module upon which pam_smbpass was originally based</td></tr><tr><td><a href="lkcl@switchboard.net" target="_top">Luke Leighton</a> for being receptive to the idea,
and for the occasional good-natured complaint about the project's status
that keep me working on it :)</td></tr></table><p>.
</p><p>
that keep me working on it :)</td></tr></table><ns91:p>.
</ns91:p><p>
The following are examples of the use of pam_smbpass.so in the format of Linux
<tt class="filename">/etc/pam.d/</tt> files structure. Those wishing to implement this
tool on other platforms will need to adapt this appropriately.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996858"></a>Password Synchronisation Configuration</h4></div></div><div></div></div><p>
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2995589"></a>Password Synchronisation Configuration</h4></div></div><div></div></div><p>
A sample PAM configuration that shows the use of pam_smbpass to make
sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
is changed. Useful when an expired password might be changed by an
@ -442,7 +443,7 @@ password requisite pam_cracklib.so retry=3
password requisite pam_unix.so shadow md5 use_authtok try_first_pass
password required pam_smbpass.so nullok use_authtok try_first_pass
session required pam_unix.so
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996891"></a>Password Migration Configuration</h4></div></div><div></div></div><p>
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2995621"></a>Password Migration Configuration</h4></div></div><div></div></div><p>
A sample PAM configuration that shows the use of pam_smbpass to migrate
from plaintext to encrypted passwords for Samba. Unlike other methods,
this can be used for users who have never connected to Samba shares:
@ -461,7 +462,7 @@ password requisite pam_cracklib.so retry=3
password requisite pam_unix.so shadow md5 use_authtok try_first_pass
password optional pam_smbpass.so nullok use_authtok try_first_pass
session required pam_unix.so
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996926"></a>Mature Password Configuration</h4></div></div><div></div></div><p>
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2995657"></a>Mature Password Configuration</h4></div></div><div></div></div><p>
A sample PAM configuration for a 'mature' smbpasswd installation.
private/smbpasswd is fully populated, and we consider it an error if
the smbpasswd doesn't exist or doesn't match the Unix password.
@ -476,7 +477,7 @@ password requisite pam_cracklib.so retry=3
password requisite pam_unix.so shadow md5 use_authtok try_first_pass
password required pam_smbpass.so use_authtok use_first_pass
session required pam_unix.so
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996958"></a>Kerberos Password Integration Configuration</h4></div></div><div></div></div><p>
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2995689"></a>Kerberos Password Integration Configuration</h4></div></div><div></div></div><p>
A sample PAM configuration that shows pam_smbpass used together with
pam_krb5. This could be useful on a Samba PDC that is also a member of
a Kerberos realm.
@ -492,13 +493,13 @@ password requisite pam_cracklib.so retry=3
password optional pam_smbpass.so nullok use_authtok try_first_pass
password required pam_krb5.so use_authtok try_first_pass
session required pam_krb5.so
</pre></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2996992"></a>Common Errors</h2></div></div><div></div></div><p>
</pre></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2995723"></a>Common Errors</h2></div></div><div></div></div><p>
PAM can be a very fickle and sensitive to configuration glitches. Here we look at a few cases from
the Samba mailing list.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2997005"></a>pam_winbind problem</h3></div></div><div></div></div><p>
</p><div xmlns:ns92="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995737"></a>pam_winbind problem</h3></div></div><div></div></div><p>
I have the following PAM configuration:
</p><p>
</p><pre class="screen">
</p><ns92:p>
</ns92:p><pre class="screen">
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass nullok
@ -507,8 +508,8 @@ auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
</pre><p>
</p><p>
</pre><ns92:p>
</ns92:p><p>
When I open a new console with [ctrl][alt][F1], then I cant log in with my user &quot;pitie&quot;.
I've tried with user &quot;scienceu+pitie&quot; also.
</p><p>

199
docs/htmldocs/printing.html
View File

@ -1,7 +1,8 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 18. Classical Printing Support</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="msdfs.html" title="Chapter 17. Hosting a Microsoft Distributed File System tree on Samba"><link rel="next" href="CUPS-printing.html" title="Chapter 19. CUPS Printing Support in Samba 3.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 18. Classical Printing Support</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="msdfs.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="CUPS-printing.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="printing"></a>Chapter 18. Classical Printing Support</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Kurt</span> <span class="surname">Pfeifle</span></h3><div class="affiliation"><span class="orgname"> Danka Deutschland GmbH <br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:kpfeifle@danka.de">kpfeifle@danka.de</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">May 32, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="printing.html#id2934100">Features and Benefits</a></dt><dt><a href="printing.html#id2934168">Technical Introduction</a></dt><dd><dl><dt><a href="printing.html#id2934206">What happens if you send a Job from a Client</a></dt><dt><a href="printing.html#id2934276">Printing Related Configuration Parameters</a></dt><dt><a href="printing.html#id2934356">Parameters Recommended for Use</a></dt><dt><a href="printing.html#id2935524">Parameters for Backwards Compatibility</a></dt><dt><a href="printing.html#id2935632">Parameters no longer in use</a></dt></dl></dd><dt><a href="printing.html#id2935725">A simple Configuration to Print with Samba-3</a></dt><dd><dl><dt><a href="printing.html#id2935795">Verification of &quot;Settings in Use&quot; with testparm</a></dt><dt><a href="printing.html#id2935884">A little Experiment to warn you</a></dt></dl></dd><dt><a href="printing.html#id2936190">Extended Sample Configuration to Print with Samba-3</a></dt><dt><a href="printing.html#id2936293">Detailed Explanation of the Example's Settings</a></dt><dd><dl><dt><a href="printing.html#id2936306">The [global] Section</a></dt><dt><a href="printing.html#id2936689">The [printers] Section</a></dt><dt><a href="printing.html#id2937018">Any [my_printer_name] Section</a></dt><dt><a href="printing.html#id2937239">Print Commands</a></dt><dt><a href="printing.html#id2937289">Default Print Commands for various Unix Print Subsystems</a></dt><dt><a href="printing.html#id2937815">Setting up your own Print Commands</a></dt></dl></dd><dt><a href="printing.html#id2938094">Innovations in Samba Printing since 2.2</a></dt><dd><dl><dt><a href="printing.html#id2938259">Client Drivers on Samba Server for Point'n'Print</a></dt><dt><a href="printing.html#id2938411">The [printer$] Section is removed from Samba-3</a></dt><dt><a href="printing.html#id2938524">Creating the [print$] Share</a></dt><dt><a href="printing.html#id2938595">Parameters in the [print$] Section</a></dt><dt><a href="printing.html#id2938826">Subdirectory Structure in [print$]</a></dt></dl></dd><dt><a href="printing.html#id2938986">Installing Drivers into [print$]</a></dt><dd><dl><dt><a href="printing.html#id2939081">Setting Drivers for existing Printers with a Client GUI</a></dt><dt><a href="printing.html#id2939264">Setting Drivers for existing Printers with
rpcclient</a></dt></dl></dd><dt><a href="printing.html#id2940985">&quot;The Proof of the Pudding lies in the Eating&quot; (Client Driver Insta
Procedure)</a></dt><dd><dl><dt><a href="printing.html#id2941006">The first Client Driver Installation</a></dt><dt><a href="printing.html#id2941204">IMPORTANT! Setting Device Modes on new Printers</a></dt><dt><a href="printing.html#id2941493">Further Client Driver Install Procedures</a></dt><dt><a href="printing.html#id2941588">Always make first Client Connection as root or &quot;printer admin&quot;</a></dt></dl></dd><dt><a href="printing.html#id2941730">Other Gotchas</a></dt><dd><dl><dt><a href="printing.html#id2941763">Setting Default Print Options for the Client Drivers</a></dt><dt><a href="printing.html#id2942200">Supporting large Numbers of Printers</a></dt><dt><a href="printing.html#id2942503">Adding new Printers with the Windows NT APW</a></dt><dt><a href="printing.html#id2942746">Weird Error Message Cannot connect under a
different Name</a></dt><dt><a href="printing.html#id2942844">Be careful when assembling Driver Files</a></dt><dt><a href="printing.html#id2943191">Samba and Printer Ports</a></dt><dt><a href="printing.html#id2943261">Avoiding the most common Misconfigurations of the Client Driver</a></dt></dl></dd><dt><a href="printing.html#id2943283">The Imprints Toolset</a></dt><dd><dl><dt><a href="printing.html#id2943329">What is Imprints?</a></dt><dt><a href="printing.html#id2943370">Creating Printer Driver Packages</a></dt><dt><a href="printing.html#id2943389">The Imprints Server</a></dt><dt><a href="printing.html#id2943413">The Installation Client</a></dt></dl></dd><dt><a href="printing.html#id2943566">Add Network Printers at Logon without User Interaction</a></dt><dt><a href="printing.html#id2943895">The addprinter command</a></dt><dt><a href="printing.html#id2943940">Migration of &quot;Classical&quot; printing to Samba-3</a></dt><dt><a href="printing.html#id2944110">Publishing Printer Information in Active Directory or LDAP</a></dt><dt><a href="printing.html#id2944124">Common Errors and Problems</a></dt><dd><dl><dt><a href="printing.html#id2944137">I give my root password but I don't get access</a></dt><dt><a href="printing.html#id2944170">My printjobs get spooled into the spooling directory, but then get lost</a></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2934100"></a>Features and Benefits</h2></div></div><div></div></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 18. Classical Printing Support</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="msdfs.html" title="Chapter 17. Hosting a Microsoft Distributed File System tree on Samba"><link rel="next" href="CUPS-printing.html" title="Chapter 19. CUPS Printing Support in Samba 3.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 18. Classical Printing Support</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="msdfs.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="CUPS-printing.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="printing"></a>Chapter 18. Classical Printing Support</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Kurt</span> <span class="surname">Pfeifle</span></h3><div class="affiliation"><span class="orgname"> Danka Deutschland GmbH <br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:kpfeifle@danka.de">kpfeifle@danka.de</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jerry@samba.org">jerry@samba.org</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">May 32, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="printing.html#id2931857">Features and Benefits</a></dt><dt><a href="printing.html#id2931921">Technical Introduction</a></dt><dd><dl><dt><a href="printing.html#id2931958">What happens if you send a Job from a Client</a></dt><dt><a href="printing.html#id2932028">Printing Related Configuration Parameters</a></dt><dt><a href="printing.html#id2935137">Parameters Recommended for Use</a></dt><dt><a href="printing.html#id2930497">Parameters for Backwards Compatibility</a></dt><dt><a href="printing.html#id2930606">Parameters no longer in use</a></dt></dl></dd><dt><a href="printing.html#id2930699">A simple Configuration to Print with Samba-3</a></dt><dd><dl><dt><a href="printing.html#id2932704">Verification of &quot;Settings in Use&quot; with testparm</a></dt><dt><a href="printing.html#id2932787">A little Experiment to warn you</a></dt></dl></dd><dt><a href="printing.html#id2933095">Extended Sample Configuration to Print with Samba-3</a></dt><dt><a href="printing.html#id2933186">Detailed Explanation of the Example's Settings</a></dt><dd><dl><dt><a href="printing.html#id2933200">The [global] Section</a></dt><dt><a href="printing.html#id2942661">The [printers] Section</a></dt><dt><a href="printing.html#id2942990">Any [my_printer_name] Section</a></dt><dt><a href="printing.html#id2943210">Print Commands</a></dt><dt><a href="printing.html#id2943262">Default Print Commands for various Unix Print Subsystems</a></dt><dt><a href="printing.html#id2943787">Setting up your own Print Commands</a></dt></dl></dd><dt><a href="printing.html#id2944064">Innovations in Samba Printing since 2.2</a></dt><dd><dl><dt><a href="printing.html#id2944219">Client Drivers on Samba Server for Point'n'Print</a></dt><dt><a href="printing.html#id2944370">The [printer$] Section is removed from Samba-3</a></dt><dt><a href="printing.html#id2944483">Creating the [print$] Share</a></dt><dt><a href="printing.html#id2944553">Parameters in the [print$] Section</a></dt><dt><a href="printing.html#id2944774">Subdirectory Structure in [print$]</a></dt></dl></dd><dt><a href="printing.html#id2944935">Installing Drivers into [print$]</a></dt><dd><dl><dt><a href="printing.html#id2945029">Setting Drivers for existing Printers with a Client GUI</a></dt><dt><a href="printing.html#id2945213">Setting Drivers for existing Printers with
rpcclient</a></dt></dl></dd><dt><a href="printing.html#id2946811">&quot;The Proof of the Pudding lies in the Eating&quot; (Client Driver Insta
Procedure)</a></dt><dd><dl><dt><a href="printing.html#id2946832">The first Client Driver Installation</a></dt><dt><a href="printing.html#id2947030">IMPORTANT! Setting Device Modes on new Printers</a></dt><dt><a href="printing.html#id2947319">Further Client Driver Install Procedures</a></dt><dt><a href="printing.html#id2947414">Always make first Client Connection as root or &quot;printer admin&quot;</a></dt></dl></dd><dt><a href="printing.html#id2947556">Other Gotchas</a></dt><dd><dl><dt><a href="printing.html#id2947589">Setting Default Print Options for the Client Drivers</a></dt><dt><a href="printing.html#id2948023">Supporting large Numbers of Printers</a></dt><dt><a href="printing.html#id2948326">Adding new Printers with the Windows NT APW</a></dt><dt><a href="printing.html#id2948569">Weird Error Message Cannot connect under a
different Name</a></dt><dt><a href="printing.html#id2948667">Be careful when assembling Driver Files</a></dt><dt><a href="printing.html#id2948938">Samba and Printer Ports</a></dt><dt><a href="printing.html#id2949009">Avoiding the most common Misconfigurations of the Client Driver</a></dt></dl></dd><dt><a href="printing.html#id2949031">The Imprints Toolset</a></dt><dd><dl><dt><a href="printing.html#id2949076">What is Imprints?</a></dt><dt><a href="printing.html#id2949118">Creating Printer Driver Packages</a></dt><dt><a href="printing.html#id2949137">The Imprints Server</a></dt><dt><a href="printing.html#id2949161">The Installation Client</a></dt></dl></dd><dt><a href="printing.html#id2949313">Add Network Printers at Logon without User Interaction</a></dt><dt><a href="printing.html#id2949643">The addprinter command</a></dt><dt><a href="printing.html#id2949688">Migration of &quot;Classical&quot; printing to Samba-3</a></dt><dt><a href="printing.html#id2949856">Publishing Printer Information in Active Directory or LDAP</a></dt><dt><a href="printing.html#id2949870">Common Errors and Problems</a></dt><dd><dl><dt><a href="printing.html#id2949884">I give my root password but I don't get access</a></dt><dt><a href="printing.html#id2949917">My printjobs get spooled into the spooling directory, but then get lost</a></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2931857"></a>Features and Benefits</h2></div></div><div></div></div><p>
Printing is often a mission-critical service for the users. Samba can
provide this service reliably and seamlessly for a client network
consisting of Windows workstations.
@ -37,7 +38,7 @@ Professional clients. Where this document describes the responses to
commands given, bear in mind that Windows 2000 clients are very
similar, but may differ in details. Windows NT is somewhat different
again.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2934168"></a>Technical Introduction</h2></div></div><div></div></div><p>
</p></div></div><div xmlns:ns44="" class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2931921"></a>Technical Introduction</h2></div></div><div></div></div><ns44:p>
Samba's printing support always relies on the installed print
subsystem of the Unix OS it runs on. Samba is a &quot;middleman&quot;. It takes
printfiles from Windows (or other SMB) clients and passes them to the
@ -52,10 +53,10 @@ the next chapter covers in great detail the more modern
<span class="emphasis"><em>Common UNIX Printing System</em></span>
(CUPS).
</p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>CUPS users, be warned: don't just jump on to the next
</ns44:p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>CUPS users, be warned: don't just jump on to the next
chapter. You might miss important information contained only
here!</p></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2934206"></a>What happens if you send a Job from a Client</h3></div></div><div></div></div><p>
here!</p></div><ns44:p>
</ns44:p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2931958"></a>What happens if you send a Job from a Client</h3></div></div><div></div></div><p>
To successfully print a job from a Windows client via a Samba
print server to a UNIX printer, there are 6 (potentially 7)
stages:
@ -63,7 +64,7 @@ stages:
into Samba's spooling area</p></li><li><p>Windows closes the connection again</p></li><li><p>Samba invokes the print command to hand the file over
to the UNIX print subsystem's spooling area</p></li><li><p>The Unix print subsystem processes the print
job</p></li><li><p>The printfile may need to be explicitely deleted
from the Samba spooling area.</p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2934276"></a>Printing Related Configuration Parameters</h3></div></div><div></div></div><p>
from the Samba spooling area.</p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2932028"></a>Printing Related Configuration Parameters</h3></div></div><div></div></div><p>
There are a number of configuration parameters in
controlling Samba's printing
behaviour. Please also refer to the man page for smb.conf to
@ -77,20 +78,20 @@ behaviour of all individual or service level shares (provided those
don't have a different setting defined for the same parameter, thus
overriding the global default).</p></dd><dt><span class="term">Global Parameters</span></dt><dd><p>These <span class="emphasis"><em>may not</em></span> go into individual
shares. If they go in by error, the &quot;testparm&quot; utility can discover
this (if you run it) and tell you so.</p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2934356"></a>Parameters Recommended for Use</h3></div></div><div></div></div><p>The following <tt class="filename">smb.conf</tt> parameters directly
this (if you run it) and tell you so.</p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2935137"></a>Parameters Recommended for Use</h3></div></div><div></div></div><p>The following <tt class="filename">smb.conf</tt> parameters directly
related to printing are used in Samba-3. See also the
<tt class="filename">smb.conf</tt> man page for detailed explanations:
</p><p><b>List of printing related parameters in Samba-3. </b>
</p><div class="itemizedlist"><p class="title"><b>Global level parameters:</b></p><ul type="disc"><li><p><i class="parameter"><tt>addprinter command (G)</tt></i></p></li><li><p><i class="parameter"><tt>deleteprinter command (G)</tt></i></p></li><li><p><i class="parameter"><tt>disable spoolss (G)</tt></i></p></li><li><p><i class="parameter"><tt>enumports command (G)</tt></i></p></li><li><p><i class="parameter"><tt>load printers (G)</tt></i></p></li><li><p><i class="parameter"><tt>lpq cache time (G)</tt></i></p></li><li><p><i class="parameter"><tt>os2 driver map (G)</tt></i></p></li><li><p><i class="parameter"><tt>printcap name (G), printcap (G)</tt></i></p></li><li><p><i class="parameter"><tt>show add printer wizard (G)</tt></i></p></li><li><p><i class="parameter"><tt>total print jobs (G)</tt></i></p></li><li><p><i class="parameter"><tt>use client driver (G)</tt></i></p></li></ul></div><p>
</p><ns44:p><b>List of printing related parameters in Samba-3. </b>
</ns44:p><div class="itemizedlist"><p class="title"><b>Global level parameters:</b></p><ul type="disc"><li><p><i class="parameter"><tt>addprinter command (G)</tt></i></p></li><li><p><i class="parameter"><tt>deleteprinter command (G)</tt></i></p></li><li><p><i class="parameter"><tt>disable spoolss (G)</tt></i></p></li><li><p><i class="parameter"><tt>enumports command (G)</tt></i></p></li><li><p><i class="parameter"><tt>load printers (G)</tt></i></p></li><li><p><i class="parameter"><tt>lpq cache time (G)</tt></i></p></li><li><p><i class="parameter"><tt>os2 driver map (G)</tt></i></p></li><li><p><i class="parameter"><tt>printcap name (G), printcap (G)</tt></i></p></li><li><p><i class="parameter"><tt>show add printer wizard (G)</tt></i></p></li><li><p><i class="parameter"><tt>total print jobs (G)</tt></i></p></li><li><p><i class="parameter"><tt>use client driver (G)</tt></i></p></li></ul></div><ns44:p>
</p><div class="itemizedlist"><p class="title"><b>Service level parameters:</b></p><ul type="disc"><li><p><i class="parameter"><tt>hosts allow (S)</tt></i></p></li><li><p><i class="parameter"><tt>hosts deny (S)</tt></i></p></li><li><p><i class="parameter"><tt>lppause command (S)</tt></i></p></li><li><p><i class="parameter"><tt>lpq command (S)</tt></i></p></li><li><p><i class="parameter"><tt>lpresume command (S)</tt></i></p></li><li><p><i class="parameter"><tt>lprm command (S)</tt></i></p></li><li><p><i class="parameter"><tt>max print jobs (S)</tt></i></p></li><li><p><i class="parameter"><tt>min print space (S)</tt></i></p></li><li><p><i class="parameter"><tt>print command (S)</tt></i></p></li><li><p><i class="parameter"><tt>printable (S), print ok (S)</tt></i></p></li><li><p><i class="parameter"><tt>printer name (S), printer (S)</tt></i></p></li><li><p><i class="parameter"><tt>printer admin (S)</tt></i></p></li><li><p><i class="parameter"><tt>printing = [cups|bsd|lprng...] (S)</tt></i></p></li><li><p><i class="parameter"><tt>queuepause command (S)</tt></i></p></li><li><p><i class="parameter"><tt>queueresume command (S)</tt></i></p></li><li><p><i class="parameter"><tt>total print jobs (S)</tt></i></p></li></ul></div><p>
</p><p>
</ns44:p><div class="itemizedlist"><p class="title"><b>Service level parameters:</b></p><ul type="disc"><li><p><i class="parameter"><tt>hosts allow (S)</tt></i></p></li><li><p><i class="parameter"><tt>hosts deny (S)</tt></i></p></li><li><p><i class="parameter"><tt>lppause command (S)</tt></i></p></li><li><p><i class="parameter"><tt>lpq command (S)</tt></i></p></li><li><p><i class="parameter"><tt>lpresume command (S)</tt></i></p></li><li><p><i class="parameter"><tt>lprm command (S)</tt></i></p></li><li><p><i class="parameter"><tt>max print jobs (S)</tt></i></p></li><li><p><i class="parameter"><tt>min print space (S)</tt></i></p></li><li><p><i class="parameter"><tt>print command (S)</tt></i></p></li><li><p><i class="parameter"><tt>printable (S), print ok (S)</tt></i></p></li><li><p><i class="parameter"><tt>printer name (S), printer (S)</tt></i></p></li><li><p><i class="parameter"><tt>printer admin (S)</tt></i></p></li><li><p><i class="parameter"><tt>printing = [cups|bsd|lprng...] (S)</tt></i></p></li><li><p><i class="parameter"><tt>queuepause command (S)</tt></i></p></li><li><p><i class="parameter"><tt>queueresume command (S)</tt></i></p></li><li><p><i class="parameter"><tt>total print jobs (S)</tt></i></p></li></ul></div><ns44:p>
</ns44:p><p>
Samba's printing support implements the Microsoft Remote Procedure
Calls (MS-RPC) methods for printing. These are used by Windows NT (and
later) print servers. The old &quot;LanMan&quot; protocol is still supported as
a fallback resort, and for older clients to use. More details will
follow further beneath.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2935524"></a>Parameters for Backwards Compatibility</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2930497"></a>Parameters for Backwards Compatibility</h3></div></div><div></div></div><p>
Two new parameters that were added in Samba 2.2.2, are still present
in Samba-3.0. Both of these options are described in the
<tt class="filename">smb.conf</tt> man page and are disabled by
@ -100,19 +101,19 @@ provided for better support of Samba 2.0.x backwards capability. It
will disable Samba's support for MS-RPC printing and yield identical
printing behaviour to Samba 2.0.x.</p></dd><dt><span class="term"><i class="parameter"><tt>use client driver (G)</tt></i></span></dt><dd><p> was provided
for using local printer drivers on Windows NT/2000 clients. It does
not apply to Windows 95/98/ME clients.</p></dd></dl></div><p><b>Parameters &quot;for backward compatibility only&quot;, use with caution. </b>
</p><div class="itemizedlist"><ul type="disc"><li><p><i class="parameter"><tt>disable spoolss (G)</tt></i></p></li><li><p><i class="parameter"><tt>use client driver (S)</tt></i></p></li></ul></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2935632"></a>Parameters no longer in use</h3></div></div><div></div></div><p>
not apply to Windows 95/98/ME clients.</p></dd></dl></div><ns44:p><b>Parameters &quot;for backward compatibility only&quot;, use with caution. </b>
</ns44:p><div class="itemizedlist"><ul type="disc"><li><p><i class="parameter"><tt>disable spoolss (G)</tt></i></p></li><li><p><i class="parameter"><tt>use client driver (S)</tt></i></p></li></ul></div><ns44:p>
</ns44:p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2930606"></a>Parameters no longer in use</h3></div></div><div></div></div><p>
Samba users upgrading from 2.2.x to 3.0 need to be aware that some
previously available settings are no longer supported (as was
announced some time ago). Here is a list of them:
</p><p><b>&quot;old&quot; parameters, removed in Samba-3. </b>
</p><ns44:p><b>&quot;old&quot; parameters, removed in Samba-3. </b>
The following <tt class="filename">smb.conf</tt> parameters have been
deprecated already in Samba 2.2 and are now completely removed from
Samba-3. You cannot use them in new 3.0 installations:
</p><div class="itemizedlist"><ul type="disc"><li><p><i class="parameter"><tt>printer driver file (G)</tt></i></p></li><li><p><i class="parameter"><tt>total print jobs (G)</tt></i></p></li><li><p><i class="parameter"><tt>postscript (S)</tt></i></p></li><li><p><i class="parameter"><tt>printer driver (S)</tt></i></p></li><li><p><i class="parameter"><tt>printer driver location (S)</tt></i></p></li></ul></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2935725"></a>A simple Configuration to Print with Samba-3</h2></div></div><div></div></div><p>
</ns44:p><div class="itemizedlist"><ul type="disc"><li><p><i class="parameter"><tt>printer driver file (G)</tt></i></p></li><li><p><i class="parameter"><tt>total print jobs (G)</tt></i></p></li><li><p><i class="parameter"><tt>postscript (S)</tt></i></p></li><li><p><i class="parameter"><tt>printer driver (S)</tt></i></p></li><li><p><i class="parameter"><tt>printer driver location (S)</tt></i></p></li></ul></div><ns44:p>
</ns44:p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2930699"></a>A simple Configuration to Print with Samba-3</h2></div></div><div></div></div><p>
Here is a very simple example configuration for print related settings
in the file. If you compare it with your
own system's , you probably find some
@ -147,7 +148,7 @@ reminder: It even tolerates some spelling errors (like &quot;browsable&quot;
instead of &quot;browseable&quot;). Most spelling is case-insensitive. Also, you
can use &quot;Yes|No&quot; or &quot;True|False&quot; for boolean settings. Lists of names
may be separated by commas, spaces or tabs.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2935795"></a>Verification of &quot;Settings in Use&quot; with <b class="command">testparm</b></h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2932704"></a>Verification of &quot;Settings in Use&quot; with <b class="command">testparm</b></h3></div></div><div></div></div><p>
To see all (or at least most) printing related settings in Samba,
including the implicitly used ones, try the command outlined below
(hit &quot;ENTER&quot; twice!). It greps for all occurrences of &quot;lp&quot;, &quot;print&quot;,
@ -201,7 +202,7 @@ be important in your future dealings with Samba.</em></span>
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> testparm in Samba-3.0 behaves differently from 2.2.x: used
without the &quot;-v&quot; switch it only shows you the settings actually
written into ! To see the complete
configuration used, add the &quot;-v&quot; parameter to testparm.</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2935884"></a>A little Experiment to warn you</h3></div></div><div></div></div><p>
configuration used, add the &quot;-v&quot; parameter to testparm.</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2932787"></a>A little Experiment to warn you</h3></div></div><div></div></div><p>
Should you need to troubleshoot at any stage, please always come back
to this point first and verify if &quot;testparm&quot; shows the parameters you
expect! To give you an example from personal experience as a warning,
@ -310,7 +311,7 @@ printing =lprng #This defines LPRng as the printing system&quot;
will regard the whole of the string after the &quot;=&quot;
sign as the value you want to define. And this is an invalid value
that will be ignored, and a default value used instead.]
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2936190"></a>Extended Sample Configuration to Print with Samba-3</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2933095"></a>Extended Sample Configuration to Print with Samba-3</h2></div></div><div></div></div><p>
Here we show a more verbose example configuration for print related
settings in an . Below is a discussion
and explanation of the various parameters. We chose to use BSD-style
@ -368,9 +369,9 @@ default, because these have been compiled in. To see all settings, let
root use the <b class="command">testparm</b>
utility. <b class="command">testparm</b> also gives warnings if you have
mis-configured certain things..
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2936293"></a>Detailed Explanation of the Example's Settings</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2933186"></a>Detailed Explanation of the Example's Settings</h2></div></div><div></div></div><p>
Following is a discussion of the settings from above shown example.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2936306"></a>The [global] Section</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2933200"></a>The [global] Section</h3></div></div><div></div></div><p>
The <i class="parameter"><tt>[global]</tt></i> section is one of 4 special
sections (along with [<i class="parameter"><tt>[homes]</tt></i>,
<i class="parameter"><tt>[printers]</tt></i> and
@ -444,7 +445,7 @@ It must <span class="emphasis"><em>not</em></span> be enabled on print shares
(with a <tt class="constant">yes</tt> or <tt class="constant">true</tt> setting) which
have valid drivers installed on the Samba server! For more detailed
explanations see the man page of <tt class="filename">smb.conf</tt>.
</p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2936689"></a>The [printers] Section</h3></div></div><div></div></div><p>
</p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2942661"></a>The [printers] Section</h3></div></div><div></div></div><p>
This is the second special section. If a section with this name
appears in the <tt class="filename">smb.conf</tt>, users are able to
connect to any printer specified in the Samba host's printcap file,
@ -504,7 +505,7 @@ write to the directory (if user privileges allow the connection), but
only via print spooling operations. &quot;Normal&quot; write operations are not
allowed. </p></dd><dt><span class="term"><i class="parameter"><tt>writeable = no</tt></i></span></dt><dd><p>
synonym for <i class="parameter"><tt>read only = yes</tt></i>
</p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2937018"></a>Any [my_printer_name] Section</h3></div></div><div></div></div><p>
</p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2942990"></a>Any [my_printer_name] Section</h3></div></div><div></div></div><p>
If a section appears in the , which is
tagged as <i class="parameter"><tt>printable = yes</tt></i>, Samba presents it as
a printer share to its clients. Note, that Win95/98/ME clients may
@ -539,7 +540,7 @@ belong to the &quot;allowed subnets&quot;). As you can see, you could name IP
addresses as well as NetBIOS hostnames
here.
</p></dd><dt><span class="term"><i class="parameter"><tt>guest ok = no</tt></i></span></dt><dd><p>this printer is not open for the guest account!
</p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2937239"></a>Print Commands</h3></div></div><div></div></div><p>
</p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943210"></a>Print Commands</h3></div></div><div></div></div><p>
In each section defining a printer (or in the
<i class="parameter"><tt>[printers]</tt></i> section), a <i class="parameter"><tt>print
command</tt></i> parameter may be defined. It sets a command to
@ -557,7 +558,7 @@ your own print commands (or even develop print command shell scripts),
make sure you pay attention to the need to remove the files from the
Samba spool directory. Otherwise your hard disk may soon suffer from
shortage of free space.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2937289"></a>Default Print Commands for various Unix Print Subsystems</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943262"></a>Default Print Commands for various Unix Print Subsystems</h3></div></div><div></div></div><p>
You learned earlier on, that Samba in most cases uses its built-in
settings for many parameters if it can not find an explicitly stated
one in its configuration file. The same is true for the
@ -597,7 +598,7 @@ check which command takes effect. Then check that this command is
adequate and actually works for your installed print subsystem. It is
always a good idea to explicitly set up your configuration files the
way you want them to work and not rely on any built-in defaults.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2937815"></a>Setting up your own Print Commands</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943787"></a>Setting up your own Print Commands</h3></div></div><div></div></div><p>
After a print job has finished spooling to a service, the
<i class="parameter"><tt>print command</tt></i> will be used by Samba via a
<span class="emphasis"><em>system()</em></span> call to process the spool file. Usually
@ -667,7 +668,7 @@ for the <i class="parameter"><tt>print command</tt></i> parameter varies dependi
the <i class="parameter"><tt>printing</tt></i> parameter. Another example is:
</p><pre class="programlisting">
print command = /usr/local/samba/bin/myprintscript %p %s
</pre></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2938094"></a>Innovations in Samba Printing since 2.2</h2></div></div><div></div></div><p>
</pre></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2944064"></a>Innovations in Samba Printing since 2.2</h2></div></div><div></div></div><p>
Before version 2.2.0, Samba's print server support for Windows clients
was limited to the level of <span class="emphasis"><em>LanMan</em></span> printing
calls. This is the same protocol level as Windows 9x PCs offer when
@ -708,7 +709,7 @@ default permissions assigned by Windows NT to a printer gives the
&quot;Print&quot; permissions to the well-known <span class="emphasis"><em>Everyone</em></span>
group. (The older clients of type Win9x can only print to &quot;shared&quot;
printers).
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2938259"></a>Client Drivers on Samba Server for <span class="emphasis"><em>Point'n'Print</em></span></h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2944219"></a>Client Drivers on Samba Server for <span class="emphasis"><em>Point'n'Print</em></span></h3></div></div><div></div></div><p>
There is still confusion about what all this means: <span class="emphasis"><em>Is it or
is it not a requirement for printer drivers to be installed on a Samba
host in order to support printing from Windows clients?</em></span> The
@ -746,7 +747,7 @@ by Samba. The clients use these drivers to generate print files in the
format the printer (or the Unix print system) requires. Print files
received by Samba are handed over to the Unix printing system, which
is responsible for all further processing, if needed.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2938411"></a>The [printer$] Section is removed from Samba-3</h3></div></div><div></div></div><p><b>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2944370"></a>The [printer$] Section is removed from Samba-3</h3></div></div><div></div></div><p><b>
<i class="parameter"><tt>[print$]</tt></i> vs. <i class="parameter"><tt>[printer$]</tt></i>
. </b>
Versions of Samba prior to 2.2 made it possible to use a share
@ -772,7 +773,7 @@ access (in the context of its ACLs) in order to support printer driver
down- and uploads. Don't fear -- this does not mean Windows 9x
clients are thrown aside now. They can use Samba's
<i class="parameter"><tt>[print$]</tt></i> share support just fine.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2938524"></a>Creating the [print$] Share</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2944483"></a>Creating the [print$] Share</h3></div></div><div></div></div><p>
In order to support the up- and downloading of printer driver files,
you must first configure a file share named
<i class="parameter"><tt>[print$]</tt></i>. The &quot;public&quot; name of this share is
@ -806,7 +807,7 @@ with appropriate values for your site):
</pre><p>
Of course, you also need to ensure that the directory named by the
<i class="parameter"><tt>path</tt></i> parameter exists on the Unix file system.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2938595"></a>Parameters in the [print$] Section</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2944553"></a>Parameters in the [print$] Section</h3></div></div><div></div></div><p>
<i class="parameter"><tt>[print$]</tt></i> is a special section in
. It contains settings relevant to
potential printer driver download and local installation by clients.
@ -851,7 +852,7 @@ sure these accounts can copy files to the share. If this is a non-root
account, then the account should also be mentioned in the global
<i class="parameter"><tt>printer admin </tt></i> parameter. See the
man page for more information on
configuring file shares. </p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2938826"></a>Subdirectory Structure in [print$]</h3></div></div><div></div></div><p>
configuring file shares. </p></dd></dl></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2944774"></a>Subdirectory Structure in [print$]</h3></div></div><div></div></div><p>
In order for a Windows NT print server to support the downloading of
driver files by multiple client architectures, you must create several
subdirectories within the <i class="parameter"><tt>[print$]</tt></i> service
@ -890,7 +891,7 @@ client workstation. Open <span class="guiicon">Network Neighbourhood</span> or
Once you have located the server, navigate to its <span class="guiicon">Printers and
Faxes</span> folder. You should see an initial listing of printers
that matches the printer shares defined on your Samba host.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2938986"></a>Installing Drivers into [print$]</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2944935"></a>Installing Drivers into [print$]</h2></div></div><div></div></div><p>
You have successfully created the <i class="parameter"><tt>[print$]</tt></i>
share in ? And Samba has re-read its
configuration? Good. But you are not yet ready to take off. The
@ -908,7 +909,7 @@ Properties</em></span> and <span class="emphasis"><em>Add Printer Wizard</em></s
from any Windows NT/2k/XP client workstation.</p></li></ul></div><p>
The latter option is probably the easier one (even if the only
entrance to this realm seems a little bit weird at first).
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2939081"></a>Setting Drivers for existing Printers with a Client GUI</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2945029"></a>Setting Drivers for existing Printers with a Client GUI</h3></div></div><div></div></div><p>
The initial listing of printers in the Samba host's
<span class="guiicon">Printers</span> folder accessed from a client's Explorer
will have no real printer driver assigned to them. By default, in
@ -954,7 +955,7 @@ Assuming you have connected with an administrative (or root) account
you will also be able to modify other printer properties such as ACLs
and default device settings using this dialog. For the default device
settings, please consider the advice given further below.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2939264"></a>Setting Drivers for existing Printers with
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2945213"></a>Setting Drivers for existing Printers with
<b class="command">rpcclient</b></h3></div></div><div></div></div><p>
The second way to install printer drivers into
<i class="parameter"><tt>[print$]</tt></i> and set them up in a valid way can be
@ -969,7 +970,7 @@ time with the <b class="command">setdriver</b>
subcommand.</p></li></ol></div><p>
We will provide detailed hints for each of these steps in the next few
paragraphs.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2939373"></a>Identifying the Driver Files</h4></div></div><div></div></div><p>
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2945322"></a>Identifying the Driver Files</h4></div></div><div></div></div><p>
To find out about the driver files, you have two options: you could
investigate the driver CD which comes with your printer. Study the
<tt class="filename">*.inf</tt> file on the CD, if it is contained. This
@ -1072,7 +1073,7 @@ Windows 2000 changed this. While it still can use the Kernel Mode
drivers (if this is enabled by the Admin), its native mode for printer
drivers is User Mode execution. This requires drivers designed for
this. These type of drivers install into the &quot;3&quot; subdirectory.
</p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2939701"></a>Collecting the Driver Files from a Windows Host's
</p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2945650"></a>Collecting the Driver Files from a Windows Host's
[print$] Share</h4></div></div><div></div></div><p>
Now we need to collect all the driver files we identified. in our
previous step. Where do we get them from? Well, why not retrieve them
@ -1108,7 +1109,7 @@ files for these architectures are in the WIN40/0/ subdir. Once we are
complete, we can run <b class="command">smbclient ... put</b> to store
the collected files on the Samba server's
<i class="parameter"><tt>[print$]</tt></i> share.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2939854"></a>Depositing the Driver Files into [print$]</h4></div></div><div></div></div><p>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2945802"></a>Depositing the Driver Files into [print$]</h4></div></div><div></div></div><p>
So, now we are going to put the driver files into the
<i class="parameter"><tt>[print$]</tt></i> share. Remember, the UNIX path to this
share has been defined previously in your
@ -1169,7 +1170,7 @@ re-location will automatically be done by the
don't forget to also put the files for the Win95/98/ME architecture
into the <tt class="filename">WIN40/</tt> subdirectory should you need
them).
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2940090"></a>Check if the Driver Files are there (with smbclient)</h4></div></div><div></div></div><p>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2946005"></a>Check if the Driver Files are there (with smbclient)</h4></div></div><div></div></div><p>
For now we verify that our files are there. This can be done with
<b class="command">smbclient</b> too (but of course you can log in via SSH
also and do this through a standard UNIX shell access too):
@ -1222,7 +1223,7 @@ Point'n'Print. The reason is: Samba doesn't know yet that these files
are something special, namely <span class="emphasis"><em>printer driver
files</em></span> and it doesn't know yet to which print queue(s) these
driver files belong.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2940250"></a>Running <b class="command">rpcclient</b> with
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2946121"></a>Running <b class="command">rpcclient</b> with
<b class="command">adddriver</b></h4></div></div><div></div></div><p>
So, next you must tell Samba about the special category of the files
you just uploaded into the <i class="parameter"><tt>[print$]</tt></i> share. This
@ -1257,7 +1258,7 @@ files successfully, but render the driver unworkable. So take care!
Hints about the syntax of the adddriver command are in the man
page. The CUPS printing chapter of this HOWTO collection provides a
more detailed description, if you should need it.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2940351"></a>Check how Driver Files have been moved after
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2946221"></a>Check how Driver Files have been moved after
<b class="command">adddriver</b> finished</h4></div></div><div></div></div><p>
One indication for Samba's recognition of the files as driver files is
the <tt class="computeroutput">successfully installed</tt> message.
@ -1305,7 +1306,7 @@ subdirectory. You can check this again with
</pre><p>
Another verification is that the timestamp of the printing TDB files
is now updated (and possibly their filesize has increased).
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2940519"></a>Check if the Driver is recognized by Samba</h4></div></div><div></div></div><p>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2946345"></a>Check if the Driver is recognized by Samba</h4></div></div><div></div></div><p>
Now the driver should be registered with Samba. We can easily verify
this, and will do so in a moment. However, this driver is
<span class="emphasis"><em>not yet</em></span> associated with a particular
@ -1349,7 +1350,7 @@ time. Our new driver only shows up for
<span class="application">Windows NT 4.0 or 2000</span>. To
have it present for <span class="application">Windows 95, 98 and ME</span> you'll
have to repeat the whole procedure with the WIN40 architecture and subdirectory.
</p></li></ul></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2940723"></a>A sidenote: you are not bound to specific driver names</h4></div></div><div></div></div><p>
</p></li></ul></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2946548"></a>A sidenote: you are not bound to specific driver names</h4></div></div><div></div></div><p>
You can name the driver as you like. If you repeat the
<b class="command">adddriver</b> step, with the same files as before, but
with a different driver name, it will work the same:
@ -1383,7 +1384,7 @@ repeatedly. Each run &quot;consumes&quot; the files you had put into the
respective subdirectories. So you <span class="emphasis"><em>must</em></span> precede an
<b class="command">smbclient ... put</b> command before each
<b class="command">rpcclient ... addriver</b>&quot; command.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2940834"></a>La Grande Finale: Running <b class="command">rpcclient</b> with
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2946660"></a>La Grande Finale: Running <b class="command">rpcclient</b> with
<b class="command">setdriver</b></h4></div></div><div></div></div><p>
Samba still needs to know <span class="emphasis"><em>which</em></span> printer's driver
this is. It needs to create a mapping of the driver to a printer, and
@ -1413,13 +1414,13 @@ known to
Samba already. A bug in 2.2.x prevented Samba from recognizing freshly
installed printers. You had to restart Samba, or at least send a HUP
signal to all running smbd processes to work around this:
<b class="userinput"><tt>kill -HUP `pidof smbd`</tt></b>. </p></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2940985"></a>&quot;The Proof of the Pudding lies in the Eating&quot; (Client Driver Insta
<b class="userinput"><tt>kill -HUP `pidof smbd`</tt></b>. </p></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2946811"></a>&quot;The Proof of the Pudding lies in the Eating&quot; (Client Driver Insta
Procedure)</h2></div></div><div></div></div><p>
A famous philosopher said once: &#8220;<span class="quote">The Proof of the Pudding lies
in the Eating</span>&#8221;. The proof for our setup lies in the printing.
So let's install the printer driver onto the client PCs. This is not
as straightforward as it may seem. Read on.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2941006"></a>The first Client Driver Installation</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2946832"></a>The first Client Driver Installation</h3></div></div><div></div></div><p>
Especially important is the installation onto the first client PC (for
each architectural platform separately). Once this is done correctly,
all further clients are easy to setup and shouldn't need further
@ -1462,7 +1463,7 @@ Data&quot; set is still incomplete.
</p><p>
You must now make sure that a valid &quot;Device Mode&quot; is set for the
driver. Don't fear -- we will explain now what that means.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2941204"></a>IMPORTANT! Setting Device Modes on new Printers</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2947030"></a>IMPORTANT! Setting Device Modes on new Printers</h3></div></div><div></div></div><p>
In order for a printer to be truly usable by a Windows NT/2K/XP
client, it must possess:
</p><div class="itemizedlist"><ul type="disc"><li><p>a valid <span class="emphasis"><em>Device Mode</em></span> generated by
@ -1534,7 +1535,7 @@ properties. Others may crash the client's spooler service. So use this
parameter with caution. It is always better to have the client
generate a valid device mode for the printer and store it on the
server for you.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2941493"></a>Further Client Driver Install Procedures</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2947319"></a>Further Client Driver Install Procedures</h3></div></div><div></div></div><p>
Every further driver may be done by any user, along the lines
described above: Browse network, open printers folder on Samba server,
right-click printer and choose <span class="guimenuitem">Connect...</span>. Once
@ -1554,7 +1555,7 @@ rundll32 shell32.dll,Control_RunDLL MAIN.CPL @2
You can enter the commands either inside a <span class="guilabel">DOS box</span> window
or in the <span class="guimenuitem">Run command...</span> field from the
<span class="guimenu">Start</span> menu.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2941588"></a>Always make first Client Connection as root or &quot;printer admin&quot;</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2947414"></a>Always make first Client Connection as root or &quot;printer admin&quot;</h3></div></div><div></div></div><p>
After you installed the driver on the Samba server (in its
<i class="parameter"><tt>[print$]</tt></i> share, you should always make sure
that your first client installation completes correctly. Make it a habit for
@ -1586,7 +1587,7 @@ the same way (called <span class="emphasis"><em>Point'n'Print</em></span>) will
have the same defaults set for them. If you miss this step you'll
get a lot of helpdesk calls from your users. But maybe you like to
talk to people.... ;-)
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2941730"></a>Other Gotchas</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2947556"></a>Other Gotchas</h2></div></div><div></div></div><p>
Your driver is installed. It is ready for
<span class="emphasis"><em>Point'n'Print</em></span> installation by the clients
now. You <span class="emphasis"><em>may</em></span> have tried to download and use it
@ -1596,7 +1597,7 @@ example, suppose you didn't manage to &quot;set the defaults&quot; on the
printer, as advised in the preceeding paragraphs? And your users
complain about various issues (such as &#8220;<span class="quote">We need to set the paper
size for each job from Letter to A4 and it won't store it!</span>&#8221;)
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2941763"></a>Setting Default Print Options for the Client Drivers</h3></div></div><div></div></div><p>
</p><div xmlns:ns48="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2947589"></a>Setting Default Print Options for the Client Drivers</h3></div></div><div></div></div><p>
The last sentence might be viewed with mixed feelings by some users and
admins. They have struggled for hours and hours and couldn't arrive at
a point were their settings seemed to be saved. It is not their
@ -1606,7 +1607,7 @@ up when you right-click the printer name and select
looking dialogs, each claiming that they help you to set printer options,
in three different ways. Here is the definite answer to the &quot;Samba
Default Driver Setting FAQ&quot;:
</p><p><b>&#8220;<span class="quote">I can't set and save default print options
</p><ns48:p><b>&#8220;<span class="quote">I can't set and save default print options
for all users on Win2K/XP! Why not?</span>&#8221; </b>
How are you doing it? I bet the wrong way.... (it is not very
easy to find out, though). There are 3 different ways to bring you to
@ -1617,34 +1618,34 @@ dialogs <span class="emphasis"><em>look</em></span> the same. Only one of them
Administrator to do this for all users. Here is how I reproduce it in
on XP Professional:
</p><div class="orderedlist"><ol type="A"><li><p>The first &quot;wrong&quot; way:
</ns48:p><div class="orderedlist"><ol type="A"><li xmlns:ns45=""><ns45:p>The first &quot;wrong&quot; way:
</p><div class="orderedlist"><ol type="1"><li><p>Open the <span class="guiicon">Printers</span>
</ns45:p><div class="orderedlist"><ol type="1"><li><p>Open the <span class="guiicon">Printers</span>
folder.</p></li><li><p>Right-click on the printer
(<span class="emphasis"><em>remoteprinter on cupshost</em></span>) and
select in context menu <span class="guimenu">Printing
Preferences...</span></p></li><li><p>Look at this dialog closely and remember what it looks
like.</p></li></ol></div><p>
</p></li><li><p>The second &quot;wrong&quot; way:
like.</p></li></ol></div><ns45:p>
</ns45:p></li><li xmlns:ns46=""><ns46:p>The second &quot;wrong&quot; way:
</p><div class="orderedlist"><ol type="1"><li><p>Open the <span class="guimenu">Printers</span>
</ns46:p><div class="orderedlist"><ol type="1"><li><p>Open the <span class="guimenu">Printers</span>
folder.</p></li><li><p>Right-click on the printer (<span class="emphasis"><em>remoteprinter on
cupshost</em></span>) and select in the context menu
<span class="guimenuitem">Properties</span></p></li><li><p>Click on the <span class="guilabel">General</span>
tab</p></li><li><p>Click on the button <span class="guibutton">Printing
Preferences...</span></p></li><li><p>A new dialog opens. Keep this dialog open and go back
to the parent dialog.</p></li></ol></div><p>
</p></li><li><p>The third, the &quot;correct&quot; way: (should you do
to the parent dialog.</p></li></ol></div><ns46:p>
</ns46:p></li><li xmlns:ns47=""><ns47:p>The third, the &quot;correct&quot; way: (should you do
this from the beginning, just carry out steps 1. and 2. from second
&quot;way&quot; above)
</p><div class="orderedlist"><ol type="1"><li><p>Click on the <span class="guilabel">Advanced</span>
</ns47:p><div class="orderedlist"><ol type="1"><li><p>Click on the <span class="guilabel">Advanced</span>
tab. (Hmmm... if everything is &quot;Grayed Out&quot;, then you are not logged
in as a user with enough privileges).</p></li><li><p>Click on the <span class="guibutton">Printing
Defaults...</span> button.</p></li><li><p>On any of the two new tabs, click on the
<span class="guilabel">Advanced...</span> button.</p></li><li><p>A new dialog opens. Compare this one to the other,
identical looking one from &quot;B.5&quot; or A.3&quot;.</p></li></ol></div><p>
</p></li></ol></div><p>
identical looking one from &quot;B.5&quot; or A.3&quot;.</p></li></ol></div><ns47:p>
</ns47:p></li></ol></div><ns48:p>
Do you see any difference in the two settings dialogs? I don't
either. However, only the last one, which you arrived at with steps
@ -1671,7 +1672,7 @@ try the same way with Win2k or WinXP. You wouldn't dream
that there is now a different &quot;clicking path&quot; to arrive at an
identically looking, but functionally different dialog to set defaults
for all users!
</p><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Tip</h3><p>Try (on Win2000 and WinXP) to run this command (as a user
</ns48:p><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Tip</h3><p>Try (on Win2000 and WinXP) to run this command (as a user
with the right privileges):
</p><p><b class="userinput"><tt>
rundll32 printui.dll,PrintUIEntry /p /t3 /n\\<i class="replaceable"><tt>SAMBA-SERVER</tt></i>\<i class="replaceable"><tt>printersharename</tt></i>
@ -1685,7 +1686,7 @@ to see the tab with the <span class="guilabel">Printing Preferences...</span>
button (the one which doesn't set system-wide defaults). You can
start the commands from inside a DOS box&quot; or from the <span class="guimenu">Start</span>
-- <span class="guimenuitem">Run...</span> menu.
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2942200"></a>Supporting large Numbers of Printers</h3></div></div><div></div></div><p>
</p></div></div><div xmlns:ns49="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2948023"></a>Supporting large Numbers of Printers</h3></div></div><div></div></div><p>
One issue that has arisen during the recent development phase of Samba
is the need to support driver downloads for 100's of printers. Using
Windows NT APW here is somewhat awkward (to say the least). If you
@ -1722,9 +1723,9 @@ following is an example of how this could be accomplished:
Driver Name: [myphantasydrivername]
[....]
</pre><p>
</pre><ns49:p>
</p><pre class="screen">
</ns49:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>rpcclient <i class="replaceable"><tt>SAMBA-CUPS</tt></i> -U root%<i class="replaceable"><tt>secret</tt></i> -c 'enumprinters'</tt></b>
cmd = enumprinters
flags:[0x800000]
@ -1732,15 +1733,15 @@ following is an example of how this could be accomplished:
description:[\\SAMBA-CUPS\dm9110,,110ppm HiVolume DANKA Stuttgart]
comment:[110 ppm HiVolume DANKA Stuttgart]
[....]
</pre><p>
</pre><ns49:p>
</p><pre class="screen">
</ns49:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>rpcclient <i class="replaceable"><tt>SAMBA-CUPS</tt></i> -U root%<i class="replaceable"><tt>secret</tt></i> -c 'setdriver <i class="replaceable"><tt>dm9110</tt></i> &quot;<i class="replaceable"><tt>Heidelberg Digimaster 9110 (PS)</tt></i>&quot;'</tt></b>
cmd = setdriver dm9110 Heidelberg Digimaster 9110 (PPD)
Successfully set dm9110 to driver Heidelberg Digimaster 9110 (PS).
</pre><p>
</pre><ns49:p>
</p><pre class="screen">
</ns49:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>rpcclient <i class="replaceable"><tt>SAMBA-CUPS</tt></i> -U root%<i class="replaceable"><tt>secret</tt></i> -c 'enumprinters'</tt></b>
cmd = enumprinters
flags:[0x800000]
@ -1748,15 +1749,15 @@ following is an example of how this could be accomplished:
description:[\\SAMBA-CUPS\dm9110,Heidelberg Digimaster 9110 (PS),110ppm HiVolume DANKA Stuttgart]
comment:[110ppm HiVolume DANKA Stuttgart]
[....]
</pre><p>
</pre><ns49:p>
</p><pre class="screen">
</ns49:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>rpcclient <i class="replaceable"><tt>SAMBA-CUPS</tt></i> -U root%<i class="replaceable"><tt>secret</tt></i> -c 'setdriver <i class="replaceable"><tt>dm9110</tt></i> <i class="replaceable"><tt>myphantasydrivername</tt></i>'</tt></b>
cmd = setdriver dm9110 myphantasydrivername
Successfully set dm9110 to myphantasydrivername.
</pre><p>
</pre><ns49:p>
</p><pre class="screen">
</ns49:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>rpcclient <i class="replaceable"><tt>SAMBA-CUPS</tt></i> -U root%<i class="replaceable"><tt>secret</tt></i> -c 'enumprinters'</tt></b>
cmd = enumprinters
flags:[0x800000]
@ -1772,7 +1773,7 @@ commas in the &quot;description&quot; field). After the
<b class="command">setdriver</b> command succeeded, all is well. (The
CUPS Printing chapter has more info about the installation of printer
drivers with the help of <b class="command">rpccclient</b>).
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2942503"></a>Adding new Printers with the Windows NT APW</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2948326"></a>Adding new Printers with the Windows NT APW</h3></div></div><div></div></div><p>
By default, Samba exhibits all printer shares defined in
<tt class="filename">smb.conf</tt> in the
<span class="guiicon">Printers...</span> folder. Also located in this folder
@ -1818,7 +1819,7 @@ user, not necessarily a root account. A <i class="parameter"><tt>map to guest =
user</tt></i> may have connected you unwittingly under the wrong
privilege; you should check it by using the
<b class="command">smbstatus</b> command.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2942746"></a>Weird Error Message <span class="errorname">Cannot connect under a
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2948569"></a>Weird Error Message <span class="errorname">Cannot connect under a
different Name</span></h3></div></div><div></div></div><p>
Once you are connected with the wrong credentials, there is no means
to reverse the situation other than to close all Explorer windows, and
@ -1848,7 +1849,7 @@ message. You close all Explorer Windows and start it again. You try to
connect - and this times it works! Windows seems to cache connection
info somewhere and doesn't keep it up to date (if you are unlucky you
might need to reboot to get rid of the error message).
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2942844"></a>Be careful when assembling Driver Files</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2948667"></a>Be careful when assembling Driver Files</h3></div></div><div></div></div><p>
You need to be very careful when you take notes about the files and
belonging to a particular driver. Don't confuse the files for driver
version &quot;0&quot; (for Win95/98/ME, going into
@ -1989,7 +1990,7 @@ In my example were even more differences than shown here. Conclusion:
you must be very careful to select the correct driver files for each
driver version. Don't rely on the names alone. Don't interchange files
belonging to different driver versions.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943191"></a>Samba and Printer Ports</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2948938"></a>Samba and Printer Ports</h3></div></div><div></div></div><p>
Windows NT/2000 print servers associate a port with each
printer. These normally take the form of <tt class="filename">LPT1:</tt>,
<tt class="filename">COM1:</tt>, <tt class="filename">FILE:</tt>, etc. Samba
@ -2010,14 +2011,14 @@ another (&#8220;<span class="quote">My users and my Boss should not know that th
working with Samba</span>&#8221;), possesses a
<i class="parameter"><tt>enumports command</tt></i> which can be used to define
an external program that generates a listing of ports on a system.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943261"></a>Avoiding the most common Misconfigurations of the Client Driver</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2949009"></a>Avoiding the most common Misconfigurations of the Client Driver</h3></div></div><div></div></div><p>
So - printing works, but there are still problems. Most jobs print
well, some don't print at all. Some jobs have problems with fonts,
which don't look good at all. Some jobs print fast, and some are
dead-slow. We can't cover it all; but we want to encourage you to read
the little paragraph about &quot;Avoiding the wrong PostScript Driver
Settings&quot; in the CUPS Printing part of this document.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2943283"></a>The Imprints Toolset</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2949031"></a>The Imprints Toolset</h2></div></div><div></div></div><p>
The Imprints tool set provides a UNIX equivalent of the
Windows NT Add Printer Wizard. For complete information, please
refer to the Imprints web site
@ -2034,20 +2035,20 @@ coordinate your efforts on the samba-technical mailing list. The
toolset is still in usable form; but only for a series of older
printer models, where there are prepared packages to use. Packages for
more up to date print devices are needed if Imprints should have a
future.</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943329"></a>What is Imprints?</h3></div></div><div></div></div><p>
future.</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2949076"></a>What is Imprints?</h3></div></div><div></div></div><p>
Imprints is a collection of tools for supporting these goals:
</p><div class="itemizedlist"><ul type="disc"><li><p>Providing a central repository information regarding
Windows NT and 95/98 printer driver packages</p></li><li><p>Providing the tools necessary for creating the
Imprints printer driver packages.</p></li><li><p>Providing an installation client which will obtain
printer drivers from a central internet (or intranet) Imprints Server
repository and install them on remote Samba and Windows NT4 print
servers.</p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943370"></a>Creating Printer Driver Packages</h3></div></div><div></div></div><p>
servers.</p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2949118"></a>Creating Printer Driver Packages</h3></div></div><div></div></div><p>
The process of creating printer driver packages is beyond the scope of
this document (refer to Imprints.txt also included with the Samba
distribution for more information). In short, an Imprints driver
package is a gzipped tarball containing the driver files, related INF
files, and a control file needed by the installation client.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943389"></a>The Imprints Server</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2949137"></a>The Imprints Server</h3></div></div><div></div></div><p>
The Imprints server is really a database server that may be queried
via standard HTTP mechanisms. Each printer entry in the database has
an associated URL for the actual downloading of the package. Each
@ -2055,7 +2056,7 @@ package is digitally signed via GnuPG which can be used to verify that
package downloaded is actually the one referred in the Imprints
database. It is strongly recommended that this security check
<span class="emphasis"><em>not</em></span> be disabled.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2943413"></a>The Installation Client</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2949161"></a>The Installation Client</h3></div></div><div></div></div><p>
More information regarding the Imprints installation client is
available in the <tt class="filename">Imprints-Client-HOWTO.ps</tt> file
included with the imprints source package.
@ -2070,10 +2071,10 @@ remote Samba and Windows NT print servers.
</p><p>
The basic installation process is in four steps and perl code is
wrapped around smbclient and rpcclient
</p><div class="itemizedlist"><ul type="disc"><li><p>
</p><div class="itemizedlist"><ul type="disc"><li xmlns:ns50=""><ns50:p>
foreach (supported architecture for a given driver)
</p><div class="orderedlist"><ol type="1"><li><p>rpcclient: Get the appropriate upload directory on the remote server</p></li><li><p>smbclient: Upload the driver files</p></li><li><p>rpcclient: Issues an AddPrinterDriver() MS-RPC</p></li></ol></div><p>
</p></li><li><p>rpcclient: Issue an AddPrinterEx() MS-RPC to actually create the printer</p></li></ul></div><p>
</ns50:p><div class="orderedlist"><ol type="1"><li><p>rpcclient: Get the appropriate upload directory on the remote server</p></li><li><p>smbclient: Upload the driver files</p></li><li><p>rpcclient: Issues an AddPrinterDriver() MS-RPC</p></li></ol></div><ns50:p>
</ns50:p></li><li><p>rpcclient: Issue an AddPrinterEx() MS-RPC to actually create the printer</p></li></ul></div><p>
One of the problems encountered when implementing the Imprints tool
set was the name space issues between various supported client
architectures. For example, Windows NT includes a driver named &quot;Apple
@ -2096,7 +2097,7 @@ if is has not already been installed?
The way of sidestepping this limitation is to require that all
Imprints printer driver packages include both the Intel Windows NT and
95/98 printer drivers and that NT driver is installed first.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2943566"></a>Add Network Printers at Logon without User Interaction</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2949313"></a>Add Network Printers at Logon without User Interaction</h2></div></div><div></div></div><p>
The following MS Knowledge Base article may be of some help if you
need to handle Windows 2000 clients: <span class="emphasis"><em>How to Add Printers
with No User Interaction in Windows 2000.</em></span> ( <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;189105" target="_top">http://support.microsoft.com/default.aspx?scid=kb;en-us;189105</a>
@ -2171,7 +2172,7 @@ at logon time will not really be noticeable. Printers can be centrally
added, changed, and deleted at will on the server with no user
intervention required on the clients (you just need to keep the logon
scripts up to date).
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2943895"></a>The <b class="command">addprinter</b> command</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2949643"></a>The <b class="command">addprinter</b> command</h2></div></div><div></div></div><p>
The <b class="command">addprinter</b> command can be configured to be a
shell script or program executed by Samba. It is triggered by running
the APW from a client against the Samba print server. The APW asks the
@ -2183,7 +2184,7 @@ on legacy systems, or execute the <b class="command">lpadmin</b> command
on more modern systems) and create the associated share in
, then the APW will in effect really
create a new printer on Samba and the UNIX print subsystem!
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2943940"></a>Migration of &quot;Classical&quot; printing to Samba-3</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2949688"></a>Migration of &quot;Classical&quot; printing to Samba-3</h2></div></div><div></div></div><p>
The basic &quot;NT-style&quot; printer driver management has not changed
considerably in 3.0 over the 2.2.x releases (apart from many small
improvements). Here migration should be quite easy, especially if you
@ -2220,12 +2221,12 @@ rpcclient. See the Imprints installation client at:
<a href="http://imprints.sourceforge.net/" target="_top"><span class="emphasis"><em>http://imprints.sourceforge.net/</em></span></a>
</p><p>
for an example. See also the discussion of rpcclient usage in the
&quot;CUPS Printing&quot; section.</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2944110"></a>Publishing Printer Information in Active Directory or LDAP</h2></div></div><div></div></div><p>
&quot;CUPS Printing&quot; section.</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2949856"></a>Publishing Printer Information in Active Directory or LDAP</h2></div></div><div></div></div><p>
We will publish an update to this section shortly.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2944124"></a>Common Errors and Problems</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2949870"></a>Common Errors and Problems</h2></div></div><div></div></div><p>
Here are a few typical errors and problems people have
encountered. You can avoid them. Read on.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2944137"></a>I give my root password but I don't get access</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2949884"></a>I give my root password but I don't get access</h3></div></div><div></div></div><p>
Don't confuse the root password which is valid for the Unix system
(and in most cases stored in the form of a one-way hash in a file
named <tt class="filename">/etc/shadow</tt>) with the password used to
@ -2233,7 +2234,7 @@ authenticate against Samba!. Samba doesn't know the UNIX password; for
root to access Samba resources via Samba-type access, a Samba account
for root must be created first. This is often done with the
<b class="command">smbpasswd</b> command.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2944170"></a>My printjobs get spooled into the spooling directory, but then get lost</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2949917"></a>My printjobs get spooled into the spooling directory, but then get lost</h3></div></div><div></div></div><p>
Don't use the existing Unix print system spool directory for the Samba
spool directory. It may seem convenient and a saving of space, but it
only leads to problems. The two <span class="emphasis"><em>must</em></span> be separate.

31
docs/htmldocs/samba-bdc.html
View File

@ -1,8 +1,9 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. Backup Domain Control</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part II. Server Configuration Basics"><link rel="previous" href="samba-pdc.html" title="Chapter 5. Domain Control"><link rel="next" href="domain-member.html" title="Chapter 7. Domain Membership"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. Backup Domain Control</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="samba-pdc.html">Prev</a> </td><th width="60%" align="center">Part II. Server Configuration Basics</th><td width="20%" align="right"> <a accesskey="n" href="domain-member.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="samba-bdc"></a>Chapter 6. Backup Domain Control</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Volker</span> <span class="surname">Lendecke</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:Volker.Lendecke@SerNet.DE">Volker.Lendecke@SerNet.DE</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="samba-bdc.html#id2895956">Features And Benefits</a></dt><dt><a href="samba-bdc.html#id2896128">Essential Background Information</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896156">MS Windows NT4 Style Domain Control</a></dt><dt><a href="samba-bdc.html#id2896368">Active Directory Domain Control</a></dt><dt><a href="samba-bdc.html#id2896390">What qualifies a Domain Controller on the network?</a></dt><dt><a href="samba-bdc.html#id2896416">How does a Workstation find its domain controller?</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896462">Backup Domain Controller Configuration</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896532">Example Configuration</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896591">Common Errors</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896605">Machine Accounts keep expiring, what can I do?</a></dt><dt><a href="samba-bdc.html#id2896630">Can Samba be a Backup Domain Controller to an NT4 PDC?</a></dt><dt><a href="samba-bdc.html#id2896663">How do I replicate the smbpasswd file?</a></dt><dt><a href="samba-bdc.html#id2896692">Can I do this all with LDAP?</a></dt></dl></dd></dl></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. Backup Domain Control</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part II. Server Configuration Basics"><link rel="previous" href="samba-pdc.html" title="Chapter 5. Domain Control"><link rel="next" href="domain-member.html" title="Chapter 7. Domain Membership"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. Backup Domain Control</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="samba-pdc.html">Prev</a> </td><th width="60%" align="center">Part II. Server Configuration Basics</th><td width="20%" align="right"> <a accesskey="n" href="domain-member.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="samba-bdc"></a>Chapter 6. Backup Domain Control</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Volker</span> <span class="surname">Lendecke</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:Volker.Lendecke@SerNet.DE">Volker.Lendecke@SerNet.DE</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="samba-bdc.html#id2896177">Features And Benefits</a></dt><dt><a href="samba-bdc.html#id2896342">Essential Background Information</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896370">MS Windows NT4 Style Domain Control</a></dt><dt><a href="samba-bdc.html#id2894331">Active Directory Domain Control</a></dt><dt><a href="samba-bdc.html#id2894352">What qualifies a Domain Controller on the network?</a></dt><dt><a href="samba-bdc.html#id2894375">How does a Workstation find its domain controller?</a></dt></dl></dd><dt><a href="samba-bdc.html#id2894401">Backup Domain Controller Configuration</a></dt><dd><dl><dt><a href="samba-bdc.html#id2894471">Example Configuration</a></dt></dl></dd><dt><a href="samba-bdc.html#id2894521">Common Errors</a></dt><dd><dl><dt><a href="samba-bdc.html#id2894535">Machine Accounts keep expiring, what can I do?</a></dt><dt><a href="samba-bdc.html#id2894560">Can Samba be a Backup Domain Controller to an NT4 PDC?</a></dt><dt><a href="samba-bdc.html#id2894593">How do I replicate the smbpasswd file?</a></dt><dt><a href="samba-bdc.html#id2894621">Can I do this all with LDAP?</a></dt></dl></dd></dl></div><p>
Before you continue reading in this section, please make sure that you are comfortable
with configuring a Samba Domain Controller as described in the
<a href="Samba-PDC-HOWTO.html" target="_top">Domain Control Chapter</a>.
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2895956"></a>Features And Benefits</h2></div></div><div></div></div><p>
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896177"></a>Features And Benefits</h2></div></div><div></div></div><p>
This is one of the most difficult chapters to summarise. It matters not what we say here
for someone will still draw conclusions and / or approach the Samba-Team with expectations
that are either not yet capable of being delivered, or that can be achieved for more
@ -63,7 +64,7 @@ lets consider each possible option and look at the pro's and con's for each theo
Arguments Against: All machine trust accounts and user accounts will be locally
maintained. Domain users will NOT be able to roam from office to office. This is
a broken and flawed solution. Do NOT do this.
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896128"></a>Essential Background Information</h2></div></div><div></div></div><p>
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896342"></a>Essential Background Information</h2></div></div><div></div></div><p>
A Domain Controller is a machine that is able to answer logon requests from network
workstations. Microsoft LanManager and IBM LanServer were two early products that
provided this capability. The technology has become known as the LanMan Netlogon service.
@ -73,7 +74,7 @@ and with it a new form of the network logon service that has extended functional
This service became known as the NT NetLogon Service. The nature of this service has
changed with the evolution of MS Windows NT and today provides a very complex array of
services that are implemented over a complex spectrum of technologies.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896156"></a>MS Windows NT4 Style Domain Control</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896370"></a>MS Windows NT4 Style Domain Control</h3></div></div><div></div></div><p>
Whenever a user logs into a Windows NT4 / 200x / XP Profresional Workstation,
the workstation connects to a Domain Controller (authentication server) to validate
the username and password that the user entered are valid. If the information entered
@ -131,7 +132,7 @@ one of the BDCs can be promoted to a PDC. If this happens while the original PDC
line then it is automatically demoted to a BDC. This is an important aspect of Domain
Controller management. The tool that is used to affect a promotion or a demotion is the
Server Manager for Domains.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2896305"></a>Example PDC Configuration</h4></div></div><div></div></div><p>
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2894268"></a>Example PDC Configuration</h4></div></div><div></div></div><p>
Since version 2.2 Samba officially supports domain logons for all current Windows Clients,
including Windows NT4, 2003 and XP Professional. For samba to be enabled as a PDC some
parameters in the <i class="parameter"><tt>[global]</tt></i>-section of the <tt class="filename">smb.conf</tt> have to be set:
@ -143,20 +144,20 @@ parameters in the <i class="parameter"><tt>[global]</tt></i>-section of the <tt
Several other things like a <i class="parameter"><tt>[homes]</tt></i> and a <i class="parameter"><tt>[netlogon]</tt></i> share also need to be set along with
settings for the profile path, the users home drive, etc.. This will not be covered in this
chapter, for more information please refer to the chapter on Domain Control.
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896368"></a>Active Directory Domain Control</h3></div></div><div></div></div><p>
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894331"></a>Active Directory Domain Control</h3></div></div><div></div></div><p>
As of the release of MS Windows 2000 and Active Directory, this information is now stored
in a directory that can be replicated and for which partial or full administrative control
can be delegated. Samba-3 is NOT able to be a Domain Controller within an Active Directory
tree, and it can not be an Active Directory server. This means that Samba-3 also can NOT
act as a Backup Domain Contoller to an Active Directory Domain Controller.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896390"></a>What qualifies a Domain Controller on the network?</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894352"></a>What qualifies a Domain Controller on the network?</h3></div></div><div></div></div><p>
Every machine that is a Domain Controller for the domain SAMBA has to register the NetBIOS
group name SAMBA&lt;#1c&gt; with the WINS server and/or by broadcast on the local network.
The PDC also registers the unique NetBIOS name SAMBA&lt;#1b&gt; with the WINS server.
The name type &lt;#1b&gt; name is normally reserved for the Domain Master Browser, a role
that has nothing to do with anything related to authentication, but the Microsoft Domain
implementation requires the domain master browser to be on the same machine as the PDC.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896416"></a>How does a Workstation find its domain controller?</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894375"></a>How does a Workstation find its domain controller?</h3></div></div><div></div></div><p>
An MS Windows NT4 / 200x / XP Professional workstation in the domain SAMBA that wants a
local user to be authenticated has to find the domain controller for SAMBA. It does this
by doing a NetBIOS name query for the group name SAMBA&lt;#1c&gt;. It assumes that each
@ -164,7 +165,7 @@ of the machines it gets back from the queries is a domain controller and can ans
requests. To not open security holes both the workstation and the selected domain controller
authenticate each other. After that the workstation sends the user's credentials (name and
password) to the local Domain Controller, for valdation.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896462"></a>Backup Domain Controller Configuration</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2894401"></a>Backup Domain Controller Configuration</h2></div></div><div></div></div><p>
Several things have to be done:
</p><div class="itemizedlist"><ul type="disc"><li><p>
The domain SID has to be the same on the PDC and the BDC. This used to
@ -193,7 +194,7 @@ Several things have to be done:
BDC. This can be done manually whenever login scripts are changed,
or it can be done automatically together with the smbpasswd
synchronization.
</p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896532"></a>Example Configuration</h3></div></div><div></div></div><p>
</p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894471"></a>Example Configuration</h3></div></div><div></div></div><p>
Finally, the BDC has to be found by the workstations. This can be done by setting:
</p><pre class="programlisting">
workgroup = SAMBA
@ -206,10 +207,10 @@ problem as the name SAMBA&lt;#1c&gt; is a NetBIOS group name that is meant to
be registered by more than one machine. The parameter 'domain master =
no' forces the BDC not to register SAMBA&lt;#1b&gt; which as a unique NetBIOS
name is reserved for the Primary Domain Controller.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896591"></a>Common Errors</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2894521"></a>Common Errors</h2></div></div><div></div></div><p>
As this is a rather new area for Samba there are not many examples that we may refer to. Keep
watching for updates to this section.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896605"></a>Machine Accounts keep expiring, what can I do?</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894535"></a>Machine Accounts keep expiring, what can I do?</h3></div></div><div></div></div><p>
This problem will occur when occur when the passdb (SAM) files are copied from a central
server but the local Backup Domain Controllers. Local machine trust account password updates
are not copied back to the central server. The newer machine account password is then over
@ -217,7 +218,7 @@ written when the SAM is copied from the PDC. The result is that the Domain membe
on start up will find that it's passwords does not match the one now in the database and
since the startup security check will now fail, this machine will not allow logon attempts
to procede and the account expiry error will be reported.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896630"></a>Can Samba be a Backup Domain Controller to an NT4 PDC?</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894560"></a>Can Samba be a Backup Domain Controller to an NT4 PDC?</h3></div></div><div></div></div><p>
With version 2.2, no. The native NT4 SAM replication protocols have not yet been fully
implemented. The Samba Team is working on understanding and implementing the protocols,
but this work has not been finished for version 2.2.
@ -228,7 +229,7 @@ mechanism has progressed, and some form of NT4 BDC support is expected soon.
Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a
BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to
service logon requests whenever the PDC is down.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896663"></a>How do I replicate the smbpasswd file?</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894593"></a>How do I replicate the smbpasswd file?</h3></div></div><div></div></div><p>
Replication of the smbpasswd file is sensitive. It has to be done whenever changes
to the SAM are made. Every user's password change is done in the smbpasswd file and
has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary.
@ -238,7 +239,7 @@ sent unencrypted over the wire. The best way to set up smbpasswd replication fro
the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport.
Ssh itself can be set up to accept *only* rsync transfer without requiring the user
to type a password.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896692"></a>Can I do this all with LDAP?</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894621"></a>Can I do this all with LDAP?</h3></div></div><div></div></div><p>
The simple answer is YES. Samba's pdb_ldap code supports binding to a replica
LDAP server, and will also follow referrals and rebind to the master if it ever
needs to make a modification to the database. (Normally BDCs are read only, so

59
docs/htmldocs/samba-pdc.html
View File

@ -1,8 +1,9 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 5. Domain Control</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part II. Server Configuration Basics"><link rel="previous" href="ServerType.html" title="Chapter 4. Server Types and Security Modes"><link rel="next" href="samba-bdc.html" title="Chapter 6. Backup Domain Control"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 5. Domain Control</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ServerType.html">Prev</a> </td><th width="60%" align="center">Part II. Server Configuration Basics</th><td width="20%" align="right"> <a accesskey="n" href="samba-bdc.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="samba-pdc"></a>Chapter 5. Domain Control</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jerry@samba.org">jerry@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Bannon</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:dbannon@samba.org">dbannon@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="samba-pdc.html#id2891927">Features and Benefits</a></dt><dt><a href="samba-pdc.html#id2892230">Basics of Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2892246">Domain Controller Types</a></dt><dt><a href="samba-pdc.html#id2892458">Preparing for Domain Control</a></dt></dl></dd><dt><a href="samba-pdc.html#id2892778">Domain Control - Example Configuration</a></dt><dt><a href="samba-pdc.html#id2893076">Samba ADS Domain Control</a></dt><dt><a href="samba-pdc.html#id2893098">Domain and Network Logon Configuration</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893113">Domain Network Logon Service</a></dt><dt><a href="samba-pdc.html#id2893441">Security Mode and Master Browsers</a></dt></dl></dd><dt><a href="samba-pdc.html#id2893548">Common Problems and Errors</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893555">I cannot include a '$' in a machine name</a></dt><dt><a href="samba-pdc.html#id2893594">I get told &quot;You already have a connection to the Domain....&quot;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 5. Domain Control</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part II. Server Configuration Basics"><link rel="previous" href="ServerType.html" title="Chapter 4. Server Types and Security Modes"><link rel="next" href="samba-bdc.html" title="Chapter 6. Backup Domain Control"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 5. Domain Control</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ServerType.html">Prev</a> </td><th width="60%" align="center">Part II. Server Configuration Basics</th><td width="20%" align="right"> <a accesskey="n" href="samba-bdc.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="samba-pdc"></a>Chapter 5. Domain Control</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jerry@samba.org">jerry@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Bannon</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:dbannon@samba.org">dbannon@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="samba-pdc.html#id2892606">Features and Benefits</a></dt><dt><a href="samba-pdc.html#id2890204">Basics of Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2890219">Domain Controller Types</a></dt><dt><a href="samba-pdc.html#id2890419">Preparing for Domain Control</a></dt></dl></dd><dt><a href="samba-pdc.html#id2890733">Domain Control - Example Configuration</a></dt><dt><a href="samba-pdc.html#id2891029">Samba ADS Domain Control</a></dt><dt><a href="samba-pdc.html#id2891052">Domain and Network Logon Configuration</a></dt><dd><dl><dt><a href="samba-pdc.html#id2891067">Domain Network Logon Service</a></dt><dt><a href="samba-pdc.html#id2893786">Security Mode and Master Browsers</a></dt></dl></dd><dt><a href="samba-pdc.html#id2893891">Common Problems and Errors</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893898">I cannot include a '$' in a machine name</a></dt><dt><a href="samba-pdc.html#id2893936">I get told &quot;You already have a connection to the Domain....&quot;
or &quot;Cannot join domain, the credentials supplied conflict with an
existing set..&quot; when creating a machine trust account.</a></dt><dt><a href="samba-pdc.html#id2893643">The system can not log you on (C000019B)....</a></dt><dt><a href="samba-pdc.html#id2893714">The machine trust account for this computer either does not
exist or is not accessible.</a></dt><dt><a href="samba-pdc.html#id2893771">When I attempt to login to a Samba Domain from a NT4/W2K workstation,
I get a message about my account being disabled.</a></dt><dt><a href="samba-pdc.html#id2893798">Until a few minutes after Samba has started, clients get the error &quot;Domain Controller Unavailable&quot;</a></dt></dl></dd></dl></div><p><b><span class="emphasis"><em>The Essence of Learning:</em></span> </b>
existing set..&quot; when creating a machine trust account.</a></dt><dt><a href="samba-pdc.html#id2893986">The system can not log you on (C000019B)....</a></dt><dt><a href="samba-pdc.html#id2894057">The machine trust account for this computer either does not
exist or is not accessible.</a></dt><dt><a href="samba-pdc.html#id2894114">When I attempt to login to a Samba Domain from a NT4/W2K workstation,
I get a message about my account being disabled.</a></dt><dt><a href="samba-pdc.html#id2894140">Until a few minutes after Samba has started, clients get the error &quot;Domain Controller Unavailable&quot;</a></dt></dl></dd></dl></div><p><b><span class="emphasis"><em>The Essence of Learning:</em></span> </b>
There are many who approach MS Windows networking with incredible misconceptions.
That's OK, because it gives the rest of us plenty of opportunity to be of assistance.
Those who really want help would be well advised to become familiar with information
@ -32,7 +33,7 @@ burden on an organisation.
Where is the right place to make mistakes? Only out of harm's way! If you are going to
make mistakes, then please do this on a test network, away from users and in such a way as
to not inflict pain on others. Do your learning on a test network.
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2891927"></a>Features and Benefits</h2></div></div><div></div></div><p>
</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2892606"></a>Features and Benefits</h2></div></div><div></div></div><p>
<span class="emphasis"><em>What is the key benefit of Microsoft Domain security?</em></span>
</p><p>
In a word, <span class="emphasis"><em>Single Sign On</em></span>, or SSO for short. To many, this is the holy
@ -130,11 +131,11 @@ per user settings for many parameters, over-riding global settings given in the
Thus, with samba-3 it is possible to have a default system configuration for profiles,
and on a per user basis to over-ride this for those users who should not be subject
to the default configuration.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2892230"></a>Basics of Domain Control</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2890204"></a>Basics of Domain Control</h2></div></div><div></div></div><p>
Over the years, public perceptions of what Domain Control really is has taken on an
almost mystical nature. Before we branch into a brief overview of Domain Control,
there are three basic types of domain controllers:
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2892246"></a>Domain Controller Types</h3></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>Primary Domain Controller</p></li><li><p>Backup Domain Controller</p></li><li><p>ADS Domain Controller</p></li></ul></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2890219"></a>Domain Controller Types</h3></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>Primary Domain Controller</p></li><li><p>Backup Domain Controller</p></li><li><p>ADS Domain Controller</p></li></ul></div><p>
The <span class="emphasis"><em>Primary Domain Controller</em></span> or PDC plays an important role in the MS
Windows NT4 and Windows 200x Domain Control architecture, but not in the manner that so many
expect. There is folk lore that dictates that because of it's role in the MS Windows
@ -186,7 +187,7 @@ At this time any appearance that Samba-3 is capable of acting as an
This functionality should not be used until the Samba-Team offers formal support for it.
At such a time, the documentation will be revised to duly reflect all configuration and
management requirements.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2892458"></a>Preparing for Domain Control</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2890419"></a>Preparing for Domain Control</h3></div></div><div></div></div><p>
There are two ways that MS Windows machines may interact with each other, with other servers,
and with Domain Controllers: Either as <span class="emphasis"><em>Stand-Alone</em></span> systems, more commonly
called <span class="emphasis"><em>Workgroup</em></span> members, or as full participants in a security system,
@ -247,7 +248,7 @@ domain/workgroup. Local master browsers in the same domain/workgroup on broadcas
then ask for a complete copy of the browse list for the whole wide area network. Browser clients
will then contact their local master browser, and will receive the domain-wide browse list,
instead of just the list for their broadcast-isolated subnet.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2892778"></a>Domain Control - Example Configuration</h2></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2890733"></a>Domain Control - Example Configuration</h2></div></div><div></div></div><p>
The first step in creating a working Samba PDC is to understand the parameters necessary
in <tt class="filename">smb.conf</tt>. Here we attempt to explain the parameters that are covered in
the <tt class="filename">smb.conf</tt> man page.
@ -301,20 +302,20 @@ Here is an example <tt class="filename">smb.conf</tt> for acting as a PDC:
<a href="smb.conf.5.html#READONLY" target="_top">read only</a> = no
<a href="smb.conf.5.html#CREATEMASK" target="_top">create mask</a> = 0600
<a href="smb.conf.5.html#DIRECTORYMASK" target="_top">directory mask</a> = 0700
</pre><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
</pre><div xmlns:ns5="" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><ns5:p>
The above parameters make for a full set of parameters that may define the server's mode
of operation. The following parameters are the essentials alone:
</p><pre class="programlisting">
</ns5:p><pre class="programlisting">
workgroup = NARNIA
domain logons = Yes
domain master = Yes
security = User
</pre><p>
</pre><ns5:p>
The additional parameters shown in the longer listing above just makes for a
more complete environment.
</p></div><p>
</ns5:p></div><p>
There are a couple of points to emphasize in the above configuration.
</p><div class="itemizedlist"><ul type="disc"><li><p>
Encrypted passwords must be enabled. For more details on how
@ -327,22 +328,22 @@ There are a couple of points to emphasize in the above configuration.
client to locate the server as a DC. Please refer to the various
Network Browsing documentation included with this distribution for
details.
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2893076"></a>Samba ADS Domain Control</h2></div></div><div></div></div><p>
</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2891029"></a>Samba ADS Domain Control</h2></div></div><div></div></div><p>
Samba-3 is not and can not act as an Active Directory Server. It can not truly function as
an Active Directory Primary Domain Controller. The protocols for some of the functionality
the Active Directory Domain Controllers is have been partially implemented on an experimental
only basis. Please do NOT expect Samba-3 to support these protocols - nor should you depend
on any such functionality either now or in the future. The Samba-Team may well remove such
experiemental features or may change their behaviour.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2893098"></a>Domain and Network Logon Configuration</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2891052"></a>Domain and Network Logon Configuration</h2></div></div><div></div></div><p>
The subject of Network or Domain Logons is discussed here because it rightly forms
an integral part of the essential functionality that is provided by a Domain Controller.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893113"></a>Domain Network Logon Service</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2891067"></a>Domain Network Logon Service</h3></div></div><div></div></div><p>
All Domain Controllers must run the netlogon service (<span class="emphasis"><em>domain logons</em></span>
in Samba). One Domain Controller must be configured with <i class="parameter"><tt>domain master = Yes</tt></i>
(the Primary Domain Controller); on ALL Backup Domain Controllers <i class="parameter"><tt>domain master = No</tt></i>
must be set.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2893146"></a>Example Configuration</h4></div></div><div></div></div><pre class="programlisting">
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2891100"></a>Example Configuration</h4></div></div><div></div></div><pre class="programlisting">
[globals]
domain logons = Yes
domain master = (Yes on PDC, No on BDCs)
@ -352,7 +353,7 @@ must be set.
path = /var/lib/samba/netlogon
guest ok = Yes
browseable = No
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2893167"></a>The Special Case of MS Windows XP Home Edition</h4></div></div><div></div></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2891119"></a>The Special Case of MS Windows XP Home Edition</h4></div></div><div></div></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
MS Windows XP Home Edition does not have the ability to join any type of Domain
security facility. Unlike, MS Windows 9x / Me, MS Windows XP Home Edition also completely
lacks the ability to log onto a network.
@ -364,7 +365,7 @@ MS Windows XP Professional.
</p><p>
Now that this has been said, please do NOT ask the mailing list, or email any of the
Samba-Team members with your questions asking how to make this work. It can't be done.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2893201"></a>The Special Case of Windows 9x / Me</h4></div></div><div></div></div><p>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2891154"></a>The Special Case of Windows 9x / Me</h4></div></div><div></div></div><p>
A domain and a workgroup are exactly the same thing in terms of network
browsing. The difference is that a distributable authentication
database is associated with a domain, for secure login access to a
@ -444,7 +445,7 @@ The main difference between a PDC and a Windows 9x logon server configuration is
</p></li></ul></div><p>
A Samba PDC will act as a Windows 9x logon server; after all, it does provide the
network logon services that MS Windows 9x / Me expect to find.
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893441"></a>Security Mode and Master Browsers</h3></div></div><div></div></div><p>
</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893786"></a>Security Mode and Master Browsers</h3></div></div><div></div></div><p>
There are a few comments to make in order to tie up some
loose ends. There has been much debate over the issue of whether
or not it is ok to configure Samba as a Domain Controller in security
@ -478,7 +479,7 @@ Configuring a Samba box as a DC for a domain that already by definition has a
PDC is asking for trouble. Therefore, you should always configure the Samba DC
to be the DMB for its domain and set <i class="parameter"><tt>security = user</tt></i>.
This is the only officially supported mode of operation.
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2893548"></a>Common Problems and Errors</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893555"></a>I cannot include a '$' in a machine name</h3></div></div><div></div></div><p>
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2893891"></a>Common Problems and Errors</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893898"></a>I cannot include a '$' in a machine name</h3></div></div><div></div></div><p>
A 'machine account', (typically) stored in <tt class="filename">/etc/passwd</tt>,
takes the form of the machine name with a '$' appended. FreeBSD (and other BSD
systems?) won't create a user with a '$' in their name.
@ -486,7 +487,7 @@ systems?) won't create a user with a '$' in their name.
The problem is only in the program used to make the entry. Once made, it works perfectly.
Create a user without the '$'. Then use <b class="command">vipw</b> to edit the entry, adding
the '$'. Or create the whole entry with vipw if you like; make sure you use a unique User ID!
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893594"></a>I get told &quot;You already have a connection to the Domain....&quot;
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893936"></a>I get told &quot;You already have a connection to the Domain....&quot;
or &quot;Cannot join domain, the credentials supplied conflict with an
existing set..&quot; when creating a machine trust account.</h3></div></div><div></div></div><p>
This happens if you try to create a machine trust account from the
@ -500,7 +501,7 @@ Further, if the machine is already a 'member of a workgroup' that
is the same name as the domain you are joining (bad idea) you will
get this message. Change the workgroup name to something else, it
does not matter what, reboot, and try again.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893643"></a>The system can not log you on (C000019B)....</h3></div></div><div></div></div><p>I joined the domain successfully but after upgrading
</p></div><div xmlns:ns6="" class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893986"></a>The system can not log you on (C000019B)....</h3></div></div><div></div></div><p>I joined the domain successfully but after upgrading
to a newer version of the Samba code I get the message, <span class="errorname">The system
can not log you on (C000019B), Please try again or consult your
system administrator</span> when attempting to logon.
@ -511,14 +512,14 @@ the domain name and/or the server name (NetBIOS name) is changed.
The only way to correct the problem is to restore the original domain
SID or remove the domain client from the domain and rejoin. The domain
SID may be reset using either the net or rpcclient utilities.
</p><p>
</p><ns6:p>
The reset or change the domain SID you can use the net command as follows:
</p><pre class="screen">
</ns6:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>net getlocalsid 'OLDNAME'</tt></b>
<tt class="prompt">root# </tt><b class="userinput"><tt>net setlocalsid 'SID'</tt></b>
</pre><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893714"></a>The machine trust account for this computer either does not
</pre><ns6:p>
</ns6:p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894057"></a>The machine trust account for this computer either does not
exist or is not accessible.</h3></div></div><div></div></div><p>
When I try to join the domain I get the message <span class="errorname">The machine account
for this computer either does not exist or is not accessible</span>. What's
@ -541,10 +542,10 @@ Some people have also reported
that inconsistent subnet masks between the Samba server and the NT
client can cause this problem. Make sure that these are consistent
for both client and server.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893771"></a>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894114"></a>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
I get a message about my account being disabled.</h3></div></div><div></div></div><p>
Enable the user accounts with <b class="userinput"><tt>smbpasswd -e <i class="replaceable"><tt>username</tt></i>
</tt></b>, this is normally done as an account is created.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2893798"></a>Until a few minutes after Samba has started, clients get the error &quot;Domain Controller Unavailable&quot;</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2894140"></a>Until a few minutes after Samba has started, clients get the error &quot;Domain Controller Unavailable&quot;</h3></div></div><div></div></div><p>
A domain controller has to announce on the network who it is. This usually takes a while.
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ServerType.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="type.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="samba-bdc.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 4. Server Types and Security Modes </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 6. Backup Domain Control</td></tr></table></div></body></html>

2880
docs/htmldocs/smb.conf.5.html
View File

File diff suppressed because one or more lines are too long

25
docs/htmldocs/speed.html
View File

@ -1,4 +1,5 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 39. Samba Performance Tuning</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part VI. Appendixes"><link rel="previous" href="Other-Clients.html" title="Chapter 38. Samba and other CIFS clients"><link rel="next" href="DNSDHCP.html" title="Chapter 40. DNS and DHCP Configuration Guide"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 39. Samba Performance Tuning</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Other-Clients.html">Prev</a> </td><th width="60%" align="center">Part VI. Appendixes</th><td width="20%" align="right"> <a accesskey="n" href="DNSDHCP.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="speed"></a>Chapter 39. Samba Performance Tuning</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Paul</span> <span class="surname">Cochrane</span></h3><div class="affiliation"><span class="orgname">Dundee Limb Fitting Centre<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:paulc@dth.scot.nhs.uk">paulc@dth.scot.nhs.uk</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="speed.html#id3018190">Comparisons</a></dt><dt><a href="speed.html#id3018235">Socket options</a></dt><dt><a href="speed.html#id3018310">Read size</a></dt><dt><a href="speed.html#id3018354">Max xmit</a></dt><dt><a href="speed.html#id3018407">Log level</a></dt><dt><a href="speed.html#id3018430">Read raw</a></dt><dt><a href="speed.html#id3018486">Write raw</a></dt><dt><a href="speed.html#id3018528">Slow Logins</a></dt><dt><a href="speed.html#id3018550">LDAP</a></dt><dt><a href="speed.html#id3018575">Client tuning</a></dt><dt><a href="speed.html#id3018601">Samba performance problem due changing kernel</a></dt><dt><a href="speed.html#id3018632">Corrupt tdb Files</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018190"></a>Comparisons</h2></div></div><div></div></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 39. Samba Performance Tuning</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part VI. Appendixes"><link rel="previous" href="Other-Clients.html" title="Chapter 38. Samba and other CIFS clients"><link rel="next" href="DNSDHCP.html" title="Chapter 40. DNS and DHCP Configuration Guide"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 39. Samba Performance Tuning</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Other-Clients.html">Prev</a> </td><th width="60%" align="center">Part VI. Appendixes</th><td width="20%" align="right"> <a accesskey="n" href="DNSDHCP.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="speed"></a>Chapter 39. Samba Performance Tuning</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Paul</span> <span class="surname">Cochrane</span></h3><div class="affiliation"><span class="orgname">Dundee Limb Fitting Centre<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:paulc@dth.scot.nhs.uk">paulc@dth.scot.nhs.uk</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="speed.html#id3014177">Comparisons</a></dt><dt><a href="speed.html#id3014222">Socket options</a></dt><dt><a href="speed.html#id3014295">Read size</a></dt><dt><a href="speed.html#id3014339">Max xmit</a></dt><dt><a href="speed.html#id3014392">Log level</a></dt><dt><a href="speed.html#id3014415">Read raw</a></dt><dt><a href="speed.html#id3015357">Write raw</a></dt><dt><a href="speed.html#id3015399">Slow Logins</a></dt><dt><a href="speed.html#id3015420">LDAP</a></dt><dt><a href="speed.html#id3015445">Client tuning</a></dt><dt><a href="speed.html#id3015468">Samba performance problem due changing kernel</a></dt><dt><a href="speed.html#id3015501">Corrupt tdb Files</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3014177"></a>Comparisons</h2></div></div><div></div></div><p>
The Samba server uses TCP to talk to the client. Thus if you are
trying to see if it performs well you should really compare it to
programs that use the same protocol. The most readily available
@ -20,7 +21,7 @@ suspect the biggest factor is not Samba vs some other system but the
hardware and drivers used on the various systems. Given similar
hardware Samba should certainly be competitive in speed with other
systems.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018235"></a>Socket options</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3014222"></a>Socket options</h2></div></div><div></div></div><p>
There are a number of socket options that can greatly affect the
performance of a TCP based server like Samba.
</p><p>
@ -39,7 +40,7 @@ biggest single difference for most networks. Many people report that
adding <i class="parameter"><tt>socket options = TCP_NODELAY</tt></i> doubles the read
performance of a Samba drive. The best explanation I have seen for this is
that the Microsoft TCP/IP stack is slow in sending tcp ACKs.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018310"></a>Read size</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3014295"></a>Read size</h2></div></div><div></div></div><p>
The option <i class="parameter"><tt>read size</tt></i> affects the overlap of disk
reads/writes with network reads/writes. If the amount of data being
transferred in several of the SMB commands (currently SMBwrite, SMBwriteX and
@ -56,7 +57,7 @@ The default value is 16384, but very little experimentation has been
done yet to determine the optimal value, and it is likely that the best
value will vary greatly between systems anyway. A value over 65536 is
pointless and will cause you to allocate memory unnecessarily.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018354"></a>Max xmit</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3014339"></a>Max xmit</h2></div></div><div></div></div><p>
At startup the client and server negotiate a <i class="parameter"><tt>maximum transmit</tt></i> size,
which limits the size of nearly all SMB commands. You can set the
maximum size that Samba will negotiate using the <i class="parameter"><tt>max xmit = </tt></i> option
@ -70,12 +71,12 @@ clients may perform better with a smaller transmit unit. Trying values
of less than 2048 is likely to cause severe problems.
</p><p>
In most cases the default is the best option.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018407"></a>Log level</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3014392"></a>Log level</h2></div></div><div></div></div><p>
If you set the log level (also known as <i class="parameter"><tt>debug level</tt></i>) higher than 2
then you may suffer a large drop in performance. This is because the
server flushes the log file after each operation, which can be very
expensive.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018430"></a>Read raw</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3014415"></a>Read raw</h2></div></div><div></div></div><p>
The <i class="parameter"><tt>read raw</tt></i> operation is designed to be an optimised, low-latency
file read operation. A server may choose to not support it,
however. and Samba makes support for <i class="parameter"><tt>read raw</tt></i> optional, with it
@ -88,7 +89,7 @@ read operations.
So you might like to try <i class="parameter"><tt>read raw = no</tt></i> and see what happens on your
network. It might lower, raise or not affect your performance. Only
testing can really tell.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018486"></a>Write raw</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3015357"></a>Write raw</h2></div></div><div></div></div><p>
The <i class="parameter"><tt>write raw</tt></i> operation is designed to be an optimised, low-latency
file write operation. A server may choose to not support it,
however. and Samba makes support for <i class="parameter"><tt>write raw</tt></i> optional, with it
@ -96,18 +97,18 @@ being enabled by default.
</p><p>
Some machines may find <i class="parameter"><tt>write raw</tt></i> slower than normal write, in which
case you may wish to change this option.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018528"></a>Slow Logins</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3015399"></a>Slow Logins</h2></div></div><div></div></div><p>
Slow logins are almost always due to the password checking time. Using
the lowest practical <i class="parameter"><tt>password level</tt></i> will improve things.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018550"></a>LDAP</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3015420"></a>LDAP</h2></div></div><div></div></div><p>
LDAP can be vastly improved by using the
<a href="smb.conf.5.html#LDAPTRUSTIDS" target="_top"><i class="parameter"><tt>ldap trust ids</tt></i></a> parameter.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018575"></a>Client tuning</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3015445"></a>Client tuning</h2></div></div><div></div></div><p>
Often a speed problem can be traced to the client. The client (for
example Windows for Workgroups) can often be tuned for better TCP
performance. Check the sections on the various clients in
<a href="Other-Clients.html" title="Chapter 38. Samba and other CIFS clients">Samba and Other Clients</a>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018601"></a>Samba performance problem due changing kernel</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3015468"></a>Samba performance problem due changing kernel</h2></div></div><div></div></div><p>
Hi everyone. I am running Gentoo on my server and samba 2.2.8a. Recently
I changed kernel version from linux-2.4.19-gentoo-r10 to
linux-2.4.20-wolk4.0s. And now I have performance issue with samba. Ok
@ -122,7 +123,7 @@ Grab mii-tool and check the duplex settings on the NIC.
My guess is that it is a link layer issue, not an application
layer problem. Also run ifconfig and verify that the framing
error, collisions, etc... look normal for ethernet.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018632"></a>Corrupt tdb Files</h2></div></div><div></div></div><p>
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3015501"></a>Corrupt tdb Files</h2></div></div><div></div></div><p>
Well today it happend, our first major problem using samba.
Our samba PDC server has been hosting 3 TB of data to our 500+ users
[Windows NT/XP] for the last 3 years using samba, no problem.

11
docs/htmldocs/type.html
View File

@ -1,9 +1,10 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part II. Server Configuration Basics</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="FastStart.html" title="Chapter 3. FastStart for the Impatient"><link rel="next" href="ServerType.html" title="Chapter 4. Server Types and Security Modes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part II. Server Configuration Basics</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="FastStart.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ServerType.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="type"></a>Server Configuration Basics</h1></div></div><div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2886752"></a>First Steps in Server Configuration</h1></div></div><div></div></div><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part II. Server Configuration Basics</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="FastStart.html" title="Chapter 3. FastStart for the Impatient"><link rel="next" href="ServerType.html" title="Chapter 4. Server Types and Security Modes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part II. Server Configuration Basics</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="FastStart.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ServerType.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="type"></a>Server Configuration Basics</h1></div></div><div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2886394"></a>First Steps in Server Configuration</h1></div></div><div></div></div><p>
Samba can operate in various modes within SMB networks. This HOWTO section contains information on
configuring samba to function as the type of server your network requires. Please read this
section carefully.
</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt>4. <a href="ServerType.html">Server Types and Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2888708">Features and Benefits</a></dt><dt><a href="ServerType.html#id2888804">Server Types</a></dt><dt><a href="ServerType.html#id2888887">Samba Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2889003">User Level Security</a></dt><dt><a href="ServerType.html#id2889136">Share Level Security</a></dt><dt><a href="ServerType.html#id2889257">Domain Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2889510">ADS Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2889596">Server Security (User Level Security)</a></dt></dl></dd><dt><a href="ServerType.html#id2889820">Seamless Windows Network Integration</a></dt><dt><a href="ServerType.html#id2889997">Common Errors</a></dt><dd><dl><dt><a href="ServerType.html#id2890025">What makes Samba a SERVER?</a></dt><dt><a href="ServerType.html#id2890058">What makes Samba a Domain Controller?</a></dt><dt><a href="ServerType.html#id2890086">What makes Samba a Domain Member?</a></dt><dt><a href="ServerType.html#id2890120">Constantly Losing Connections to Password Server</a></dt></dl></dd></dl></dd><dt>5. <a href="samba-pdc.html">Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2891927">Features and Benefits</a></dt><dt><a href="samba-pdc.html#id2892230">Basics of Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2892246">Domain Controller Types</a></dt><dt><a href="samba-pdc.html#id2892458">Preparing for Domain Control</a></dt></dl></dd><dt><a href="samba-pdc.html#id2892778">Domain Control - Example Configuration</a></dt><dt><a href="samba-pdc.html#id2893076">Samba ADS Domain Control</a></dt><dt><a href="samba-pdc.html#id2893098">Domain and Network Logon Configuration</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893113">Domain Network Logon Service</a></dt><dt><a href="samba-pdc.html#id2893441">Security Mode and Master Browsers</a></dt></dl></dd><dt><a href="samba-pdc.html#id2893548">Common Problems and Errors</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893555">I cannot include a '$' in a machine name</a></dt><dt><a href="samba-pdc.html#id2893594">I get told &quot;You already have a connection to the Domain....&quot;
</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt>4. <a href="ServerType.html">Server Types and Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2889441">Features and Benefits</a></dt><dt><a href="ServerType.html#id2889533">Server Types</a></dt><dt><a href="ServerType.html#id2889614">Samba Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2886042">User Level Security</a></dt><dt><a href="ServerType.html#id2886175">Share Level Security</a></dt><dt><a href="ServerType.html#id2887246">Domain Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2887488">ADS Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2887572">Server Security (User Level Security)</a></dt></dl></dd><dt><a href="ServerType.html#id2887797">Seamless Windows Network Integration</a></dt><dt><a href="ServerType.html#id2887974">Common Errors</a></dt><dd><dl><dt><a href="ServerType.html#id2888002">What makes Samba a SERVER?</a></dt><dt><a href="ServerType.html#id2888035">What makes Samba a Domain Controller?</a></dt><dt><a href="ServerType.html#id2888063">What makes Samba a Domain Member?</a></dt><dt><a href="ServerType.html#id2889975">Constantly Losing Connections to Password Server</a></dt></dl></dd></dl></dd><dt>5. <a href="samba-pdc.html">Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2892606">Features and Benefits</a></dt><dt><a href="samba-pdc.html#id2890204">Basics of Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2890219">Domain Controller Types</a></dt><dt><a href="samba-pdc.html#id2890419">Preparing for Domain Control</a></dt></dl></dd><dt><a href="samba-pdc.html#id2890733">Domain Control - Example Configuration</a></dt><dt><a href="samba-pdc.html#id2891029">Samba ADS Domain Control</a></dt><dt><a href="samba-pdc.html#id2891052">Domain and Network Logon Configuration</a></dt><dd><dl><dt><a href="samba-pdc.html#id2891067">Domain Network Logon Service</a></dt><dt><a href="samba-pdc.html#id2893786">Security Mode and Master Browsers</a></dt></dl></dd><dt><a href="samba-pdc.html#id2893891">Common Problems and Errors</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893898">I cannot include a '$' in a machine name</a></dt><dt><a href="samba-pdc.html#id2893936">I get told &quot;You already have a connection to the Domain....&quot;
or &quot;Cannot join domain, the credentials supplied conflict with an
existing set..&quot; when creating a machine trust account.</a></dt><dt><a href="samba-pdc.html#id2893643">The system can not log you on (C000019B)....</a></dt><dt><a href="samba-pdc.html#id2893714">The machine trust account for this computer either does not
exist or is not accessible.</a></dt><dt><a href="samba-pdc.html#id2893771">When I attempt to login to a Samba Domain from a NT4/W2K workstation,
I get a message about my account being disabled.</a></dt><dt><a href="samba-pdc.html#id2893798">Until a few minutes after Samba has started, clients get the error &quot;Domain Controller Unavailable&quot;</a></dt></dl></dd></dl></dd><dt>6. <a href="samba-bdc.html">Backup Domain Control</a></dt><dd><dl><dt><a href="samba-bdc.html#id2895956">Features And Benefits</a></dt><dt><a href="samba-bdc.html#id2896128">Essential Background Information</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896156">MS Windows NT4 Style Domain Control</a></dt><dt><a href="samba-bdc.html#id2896368">Active Directory Domain Control</a></dt><dt><a href="samba-bdc.html#id2896390">What qualifies a Domain Controller on the network?</a></dt><dt><a href="samba-bdc.html#id2896416">How does a Workstation find its domain controller?</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896462">Backup Domain Controller Configuration</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896532">Example Configuration</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896591">Common Errors</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896605">Machine Accounts keep expiring, what can I do?</a></dt><dt><a href="samba-bdc.html#id2896630">Can Samba be a Backup Domain Controller to an NT4 PDC?</a></dt><dt><a href="samba-bdc.html#id2896663">How do I replicate the smbpasswd file?</a></dt><dt><a href="samba-bdc.html#id2896692">Can I do this all with LDAP?</a></dt></dl></dd></dl></dd><dt>7. <a href="domain-member.html">Domain Membership</a></dt><dd><dl><dt><a href="domain-member.html#id2897692">Features and Benefits</a></dt><dt><a href="domain-member.html#id2897816">MS Windows Workstation/Server Machine Trust Accounts</a></dt><dd><dl><dt><a href="domain-member.html#id2897991">Manual Creation of Machine Trust Accounts</a></dt><dt><a href="domain-member.html#id2898243">Using NT4 Server Manager to Add Machine Accounts to the Domain</a></dt><dt><a href="domain-member.html#id2898440">&quot;On-the-Fly&quot; Creation of Machine Trust Accounts</a></dt><dt><a href="domain-member.html#id2898502">Making an MS Windows Workstation or Server a Domain Member</a></dt></dl></dd><dt><a href="domain-member.html#id2898648">Domain Member Server</a></dt><dd><dl><dt><a href="domain-member.html#id2898697">Joining an NT4 type Domain with Samba-3</a></dt><dt><a href="domain-member.html#id2899075">Why is this better than security = server?</a></dt></dl></dd><dt><a href="domain-member.html#ads-member">Samba ADS Domain Membership</a></dt><dd><dl><dt><a href="domain-member.html#id2899216">Setup your smb.conf</a></dt><dt><a href="domain-member.html#id2899298">Setup your /etc/krb5.conf</a></dt><dt><a href="domain-member.html#ads-create-machine-account">Create the computer account</a></dt><dt><a href="domain-member.html#ads-test-server">Test your server setup</a></dt><dt><a href="domain-member.html#ads-test-smbclient">Testing with smbclient</a></dt><dt><a href="domain-member.html#id2899656">Notes</a></dt></dl></dd><dt><a href="domain-member.html#id2899678">Common Errors</a></dt><dd><dl><dt><a href="domain-member.html#id2899712">Can Not Add Machine Back to Domain</a></dt><dt><a href="domain-member.html#id2899742">Adding Machine to Domain Fails</a></dt></dl></dd></dl></dd><dt>8. <a href="StandAloneServer.html">Stand-Alone Servers</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2902078">Features and Benefits</a></dt><dt><a href="StandAloneServer.html#id2902275">Background</a></dt><dt><a href="StandAloneServer.html#id2902347">Example Configuration</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2902362">Reference Documentation Server</a></dt><dt><a href="StandAloneServer.html#id2902411">Central Print Serving</a></dt></dl></dd><dt><a href="StandAloneServer.html#id2902618">Common Errors</a></dt></dl></dd><dt>9. <a href="ClientConfig.html">MS Windows Network Configuration Guide</a></dt><dd><dl><dt><a href="ClientConfig.html#id2901732">Note</a></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="FastStart.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ServerType.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 3. FastStart for the Impatient </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. Server Types and Security Modes</td></tr></table></div></body></html>
existing set..&quot; when creating a machine trust account.</a></dt><dt><a href="samba-pdc.html#id2893986">The system can not log you on (C000019B)....</a></dt><dt><a href="samba-pdc.html#id2894057">The machine trust account for this computer either does not
exist or is not accessible.</a></dt><dt><a href="samba-pdc.html#id2894114">When I attempt to login to a Samba Domain from a NT4/W2K workstation,
I get a message about my account being disabled.</a></dt><dt><a href="samba-pdc.html#id2894140">Until a few minutes after Samba has started, clients get the error &quot;Domain Controller Unavailable&quot;</a></dt></dl></dd></dl></dd><dt>6. <a href="samba-bdc.html">Backup Domain Control</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896177">Features And Benefits</a></dt><dt><a href="samba-bdc.html#id2896342">Essential Background Information</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896370">MS Windows NT4 Style Domain Control</a></dt><dt><a href="samba-bdc.html#id2894331">Active Directory Domain Control</a></dt><dt><a href="samba-bdc.html#id2894352">What qualifies a Domain Controller on the network?</a></dt><dt><a href="samba-bdc.html#id2894375">How does a Workstation find its domain controller?</a></dt></dl></dd><dt><a href="samba-bdc.html#id2894401">Backup Domain Controller Configuration</a></dt><dd><dl><dt><a href="samba-bdc.html#id2894471">Example Configuration</a></dt></dl></dd><dt><a href="samba-bdc.html#id2894521">Common Errors</a></dt><dd><dl><dt><a href="samba-bdc.html#id2894535">Machine Accounts keep expiring, what can I do?</a></dt><dt><a href="samba-bdc.html#id2894560">Can Samba be a Backup Domain Controller to an NT4 PDC?</a></dt><dt><a href="samba-bdc.html#id2894593">How do I replicate the smbpasswd file?</a></dt><dt><a href="samba-bdc.html#id2894621">Can I do this all with LDAP?</a></dt></dl></dd></dl></dd><dt>7. <a href="domain-member.html">Domain Membership</a></dt><dd><dl><dt><a href="domain-member.html#id2895146">Features and Benefits</a></dt><dt><a href="domain-member.html#id2894718">MS Windows Workstation/Server Machine Trust Accounts</a></dt><dd><dl><dt><a href="domain-member.html#id2894878">Manual Creation of Machine Trust Accounts</a></dt><dt><a href="domain-member.html#id2896660">Using NT4 Server Manager to Add Machine Accounts to the Domain</a></dt><dt><a href="domain-member.html#id2896857">&quot;On-the-Fly&quot; Creation of Machine Trust Accounts</a></dt><dt><a href="domain-member.html#id2896912">Making an MS Windows Workstation or Server a Domain Member</a></dt></dl></dd><dt><a href="domain-member.html#id2897057">Domain Member Server</a></dt><dd><dl><dt><a href="domain-member.html#id2897105">Joining an NT4 type Domain with Samba-3</a></dt><dt><a href="domain-member.html#id2899703">Why is this better than security = server?</a></dt></dl></dd><dt><a href="domain-member.html#ads-member">Samba ADS Domain Membership</a></dt><dd><dl><dt><a href="domain-member.html#id2899841">Setup your smb.conf</a></dt><dt><a href="domain-member.html#id2899924">Setup your /etc/krb5.conf</a></dt><dt><a href="domain-member.html#ads-create-machine-account">Create the computer account</a></dt><dt><a href="domain-member.html#ads-test-server">Test your server setup</a></dt><dt><a href="domain-member.html#ads-test-smbclient">Testing with smbclient</a></dt><dt><a href="domain-member.html#id2900266">Notes</a></dt></dl></dd><dt><a href="domain-member.html#id2900288">Common Errors</a></dt><dd><dl><dt><a href="domain-member.html#id2900310">Can Not Add Machine Back to Domain</a></dt><dt><a href="domain-member.html#id2900342">Adding Machine to Domain Fails</a></dt></dl></dd></dl></dd><dt>8. <a href="StandAloneServer.html">Stand-Alone Servers</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2901785">Features and Benefits</a></dt><dt><a href="StandAloneServer.html#id2901823">Background</a></dt><dt><a href="StandAloneServer.html#id2901891">Example Configuration</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2900494">Reference Documentation Server</a></dt><dt><a href="StandAloneServer.html#id2900541">Central Print Serving</a></dt></dl></dd><dt><a href="StandAloneServer.html#id2900747">Common Errors</a></dt></dl></dd><dt>9. <a href="ClientConfig.html">MS Windows Network Configuration Guide</a></dt><dd><dl><dt><a href="ClientConfig.html#id2901115">Note</a></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="FastStart.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ServerType.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 3. FastStart for the Impatient </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. Server Types and Security Modes</td></tr></table></div></body></html>

95
docs/htmldocs/winbind.html
View File

@ -1,4 +1,5 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 21. Integrated Logon Support using Winbind</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="VFS.html" title="Chapter 20. Stackable VFS modules"><link rel="next" href="AdvancedNetworkManagement.html" title="Chapter 22. Advanced Network Manangement"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 21. Integrated Logon Support using Winbind</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="VFS.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="AdvancedNetworkManagement.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="winbind"></a>Chapter 21. Integrated Logon Support using Winbind</h2></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Tim</span> <span class="surname">Potter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tpot@linuxcare.com.au">tpot@linuxcare.com.au</a>&gt;</tt></p></div></div></div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div><div class="author"><h3 class="author"><span class="firstname">Naag</span> <span class="surname">Mummaneni</span></h3><div class="affiliation"><div class="address"><p><tt class="email">&lt;<a href="mailto:getnag@rediffmail.com">getnag@rediffmail.com</a>&gt;</tt></p></div></div></div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div><p class="pubdate">27 June 2002</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="winbind.html#id2979118">Features and Benefits</a></dt><dt><a href="winbind.html#id2979146">Introduction</a></dt><dt><a href="winbind.html#id2979218">What Winbind Provides</a></dt><dd><dl><dt><a href="winbind.html#id2979278">Target Uses</a></dt></dl></dd><dt><a href="winbind.html#id2979309">How Winbind Works</a></dt><dd><dl><dt><a href="winbind.html#id2979337">Microsoft Remote Procedure Calls</a></dt><dt><a href="winbind.html#id2979371">Microsoft Active Directory Services</a></dt><dt><a href="winbind.html#id2979394">Name Service Switch</a></dt><dt><a href="winbind.html#id2979530">Pluggable Authentication Modules</a></dt><dt><a href="winbind.html#id2979602">User and Group ID Allocation</a></dt><dt><a href="winbind.html#id2979637">Result Caching</a></dt></dl></dd><dt><a href="winbind.html#id2979664">Installation and Configuration</a></dt><dd><dl><dt><a href="winbind.html#id2979692">Introduction</a></dt><dt><a href="winbind.html#id2979768">Requirements</a></dt><dt><a href="winbind.html#id2979861">Testing Things Out</a></dt></dl></dd><dt><a href="winbind.html#id2981479">Conclusion</a></dt><dt><a href="winbind.html#id2981498">Common Errors</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2979118"></a>Features and Benefits</h2></div></div><div></div></div><p>Integration of UNIX and Microsoft Windows NT through
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 21. Integrated Logon Support using Winbind</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="previous" href="VFS.html" title="Chapter 20. Stackable VFS modules"><link rel="next" href="AdvancedNetworkManagement.html" title="Chapter 22. Advanced Network Manangement"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 21. Integrated Logon Support using Winbind</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="VFS.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="AdvancedNetworkManagement.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="winbind"></a>Chapter 21. Integrated Logon Support using Winbind</h2></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Tim</span> <span class="surname">Potter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tpot@linuxcare.com.au">tpot@linuxcare.com.au</a>&gt;</tt></p></div></div></div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div><div class="author"><h3 class="author"><span class="firstname">Naag</span> <span class="surname">Mummaneni</span></h3><div class="affiliation"><div class="address"><p><tt class="email">&lt;<a href="mailto:getnag@rediffmail.com">getnag@rediffmail.com</a>&gt;</tt></p></div></div></div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div><p class="pubdate">27 June 2002</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="winbind.html#id2975375">Features and Benefits</a></dt><dt><a href="winbind.html#id2975403">Introduction</a></dt><dt><a href="winbind.html#id2977384">What Winbind Provides</a></dt><dd><dl><dt><a href="winbind.html#id2977444">Target Uses</a></dt></dl></dd><dt><a href="winbind.html#id2977475">How Winbind Works</a></dt><dd><dl><dt><a href="winbind.html#id2977502">Microsoft Remote Procedure Calls</a></dt><dt><a href="winbind.html#id2977536">Microsoft Active Directory Services</a></dt><dt><a href="winbind.html#id2977558">Name Service Switch</a></dt><dt><a href="winbind.html#id2974921">Pluggable Authentication Modules</a></dt><dt><a href="winbind.html#id2974992">User and Group ID Allocation</a></dt><dt><a href="winbind.html#id2975027">Result Caching</a></dt></dl></dd><dt><a href="winbind.html#id2975055">Installation and Configuration</a></dt><dd><dl><dt><a href="winbind.html#id2975083">Introduction</a></dt><dt><a href="winbind.html#id2975158">Requirements</a></dt><dt><a href="winbind.html#id2976434">Testing Things Out</a></dt></dl></dd><dt><a href="winbind.html#id2980783">Conclusion</a></dt><dt><a href="winbind.html#id2980802">Common Errors</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2975375"></a>Features and Benefits</h2></div></div><div></div></div><p>Integration of UNIX and Microsoft Windows NT through
a unified logon has been considered a &quot;holy grail&quot; in heterogeneous
computing environments for a long time. We present
<span class="emphasis"><em>winbind</em></span>, a component of the Samba suite
@ -8,7 +9,7 @@
Service Switch to allow Windows NT domain users to appear and operate
as UNIX users on a UNIX machine. This paper describes the winbind
system, explaining the functionality it provides, how it is configured,
and how it works internally.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2979146"></a>Introduction</h2></div></div><div></div></div><p>It is well known that UNIX and Microsoft Windows NT have
and how it works internally.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2975403"></a>Introduction</h2></div></div><div></div></div><p>It is well known that UNIX and Microsoft Windows NT have
different models for representing user and group information and
use different technologies for implementing them. This fact has
made it difficult to integrate the two systems in a satisfactory
@ -29,7 +30,7 @@
tasks for the system administrator when maintaining users and
groups on either system. The winbind system provides a simple
and elegant solution to all three components of the unified logon
problem.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2979218"></a>What Winbind Provides</h2></div></div><div></div></div><p>Winbind unifies UNIX and Windows NT account management by
problem.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2977384"></a>What Winbind Provides</h2></div></div><div></div></div><p>Winbind unifies UNIX and Windows NT account management by
allowing a UNIX box to become a full member of a NT domain. Once
this is done the UNIX box will see NT users and groups as if
they were native UNIX users and groups, allowing the NT domain
@ -53,7 +54,7 @@
to provide authentication via a NT domain to any PAM enabled
applications. This capability solves the problem of synchronizing
passwords between systems since all passwords are stored in a single
location (on the domain controller).</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979278"></a>Target Uses</h3></div></div><div></div></div><p>Winbind is targeted at organizations that have an
location (on the domain controller).</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2977444"></a>Target Uses</h3></div></div><div></div></div><p>Winbind is targeted at organizations that have an
existing NT based domain infrastructure into which they wish
to put UNIX workstations or servers. Winbind will allow these
organizations to deploy UNIX workstations without having to
@ -63,12 +64,12 @@
be used is as a central part of UNIX based appliances. Appliances
that provide file and print services to Microsoft based networks
will be able to use Winbind to provide seamless integration of
the appliance into the domain.</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2979309"></a>How Winbind Works</h2></div></div><div></div></div><p>The winbind system is designed around a client/server
the appliance into the domain.</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2977475"></a>How Winbind Works</h2></div></div><div></div></div><p>The winbind system is designed around a client/server
architecture. A long running <b class="command">winbindd</b> daemon
listens on a UNIX domain socket waiting for requests
to arrive. These requests are generated by the NSS and PAM
clients and processed sequentially.</p><p>The technologies used to implement winbind are described
in detail below.</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979337"></a>Microsoft Remote Procedure Calls</h3></div></div><div></div></div><p>Over the last few years, efforts have been underway
in detail below.</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2977502"></a>Microsoft Remote Procedure Calls</h3></div></div><div></div></div><p>Over the last few years, efforts have been underway
by various Samba Team members to decode various aspects of
the Microsoft Remote Procedure Call (MSRPC) system. This
system is used for most network related operations between
@ -81,7 +82,7 @@
users or groups. Other MSRPC calls can be used to authenticate
NT domain users and to change user passwords. By directly querying
a Windows PDC for user and group information, winbind maps the
NT account information onto UNIX user and group names.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979371"></a>Microsoft Active Directory Services</h3></div></div><div></div></div><p>
NT account information onto UNIX user and group names.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2977536"></a>Microsoft Active Directory Services</h3></div></div><div></div></div><p>
Since late 2001, Samba has gained the ability to
interact with Microsoft Windows 2000 using its 'Native
Mode' protocols, rather than the NT4 RPC services.
@ -90,7 +91,7 @@
same way as a Win2k client would, and in so doing
provide a much more efficient and
effective winbind implementation.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979394"></a>Name Service Switch</h3></div></div><div></div></div><p>The Name Service Switch, or NSS, is a feature that is
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2977558"></a>Name Service Switch</h3></div></div><div></div></div><p>The Name Service Switch, or NSS, is a feature that is
present in many UNIX operating systems. It allows system
information such as hostnames, mail aliases and user information
to be resolved from different sources. For example, a standalone
@ -127,7 +128,7 @@ passwd: files example
is to put <tt class="filename">libnss_winbind.so</tt> in <tt class="filename">/lib/</tt>
then add &quot;winbind&quot; into <tt class="filename">/etc/nsswitch.conf</tt> at
the appropriate place. The C library will then call Winbind to
resolve user and group names.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979530"></a>Pluggable Authentication Modules</h3></div></div><div></div></div><p>Pluggable Authentication Modules, also known as PAM,
resolve user and group names.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2974921"></a>Pluggable Authentication Modules</h3></div></div><div></div></div><p>Pluggable Authentication Modules, also known as PAM,
is a system for abstracting authentication and authorization
technologies. With a PAM module it is possible to specify different
authentication methods for different system applications without
@ -152,7 +153,7 @@ passwd: files example
is copied to <tt class="filename">/lib/security/</tt> and the PAM
control files for relevant services are updated to allow
authentication via winbind. See the PAM documentation
for more details.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979602"></a>User and Group ID Allocation</h3></div></div><div></div></div><p>When a user or group is created under Windows NT
for more details.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2974992"></a>User and Group ID Allocation</h3></div></div><div></div></div><p>When a user or group is created under Windows NT
is it allocated a numerical relative identifier (RID). This is
slightly different to UNIX which has a range of numbers that are
used to identify users, and the same range in which to identify
@ -165,7 +166,7 @@ passwd: files example
time, winbind will have mapped all Windows NT users and groups
to UNIX user ids and group ids.</p><p>The results of this mapping are stored persistently in
an ID mapping database held in a tdb database). This ensures that
RIDs are mapped to UNIX IDs in a consistent way.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979637"></a>Result Caching</h3></div></div><div></div></div><p>An active system can generate a lot of user and group
RIDs are mapped to UNIX IDs in a consistent way.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975027"></a>Result Caching</h3></div></div><div></div></div><p>An active system can generate a lot of user and group
name lookups. To reduce the network cost of these lookups winbind
uses a caching scheme based on the SAM sequence number supplied
by NT domain controllers. User or group information returned
@ -176,14 +177,14 @@ passwd: files example
the PDC and compared against the sequence number of the cached entry.
If the sequence numbers do not match, then the cached information
is discarded and up to date information is requested directly
from the PDC.</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2979664"></a>Installation and Configuration</h2></div></div><div></div></div><p>
from the PDC.</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2975055"></a>Installation and Configuration</h2></div></div><div></div></div><p>
Many thanks to John Trostel <a href="mailto:jtrostel@snapserver.com" target="_top">jtrostel@snapserver.com</a>
for providing the HOWTO for this section.
</p><p>
This HOWTO describes how to get winbind services up and running
to control access and authenticate users on your Linux box using
the winbind services which come with SAMBA 3.0.
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979692"></a>Introduction</h3></div></div><div></div></div><p>
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975083"></a>Introduction</h3></div></div><div></div></div><p>
This section describes the procedures used to get winbind up and
running on a RedHat 7.1 system. Winbind is capable of providing access
and authentication control for Windows Domain users through an NT
@ -208,7 +209,7 @@ somewhat to fit the way your distribution works.
SAMBA server, this HOWTO is for you. That said, I am no NT or PAM
expert, so you may find a better or easier way to accomplish
these tasks.
</p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979768"></a>Requirements</h3></div></div><div></div></div><p>
</p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2975158"></a>Requirements</h3></div></div><div></div></div><p>
If you have a samba configuration file that you are currently
using... <span class="emphasis"><em>BACK IT UP!</em></span> If your system already uses PAM,
<span class="emphasis"><em>back up the <tt class="filename">/etc/pam.d</tt> directory
@ -235,7 +236,7 @@ winbind modules, you should have at least the pam libraries resident
on your system. For recent RedHat systems (7.1, for instance), that
means <tt class="filename">pam-0.74-22</tt>. For best results, it is helpful to also
install the development packages in <tt class="filename">pam-devel-0.74-22</tt>.
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2979861"></a>Testing Things Out</h3></div></div><div></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2976434"></a>Testing Things Out</h3></div></div><div></div></div><p>
Before starting, it is probably best to kill off all the SAMBA
related daemons running on your server. Kill off all <span class="application">smbd</span>,
<span class="application">nmbd</span>, and <span class="application">winbindd</span> processes that may
@ -246,7 +247,7 @@ services, several pam libraries, and the <tt class="filename">/usr/doc</tt>
and <tt class="filename">/usr/man</tt> entries for pam. Winbind built better
in SAMBA if the pam-devel package was also installed. This package includes
the header files needed to compile pam-aware applications.
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2979923"></a>Configure and compile SAMBA</h4></div></div><div></div></div><p>
</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2976496"></a>Configure and compile SAMBA</h4></div></div><div></div></div><p>
The configuration and compilation of SAMBA is pretty straightforward.
The first three steps may not be necessary depending upon
whether or not you have previously built the Samba binaries.
@ -261,15 +262,15 @@ whether or not you have previously built the Samba binaries.
This will, by default, install SAMBA in <tt class="filename">/usr/local/samba</tt>.
See the main SAMBA documentation if you want to install SAMBA somewhere else.
It will also build the winbindd executable and libraries.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2980035"></a>Configure <tt class="filename">nsswitch.conf</tt> and the
</p></div><div xmlns:ns73="" class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2976608"></a>Configure <tt class="filename">nsswitch.conf</tt> and the
winbind libraries on Linux and Solaris</h4></div></div><div></div></div><p>
The libraries needed to run the <span class="application">winbindd</span> daemon
through nsswitch need to be copied to their proper locations, so
</p><p>
</p><pre class="screen">
</p><ns73:p>
</ns73:p><pre class="screen">
<tt class="prompt">root# </tt><b class="userinput"><tt>cp ../samba/source/nsswitch/libnss_winbind.so /lib</tt></b>
</pre><p>
</p><p>
</pre><ns73:p>
</ns73:p><p>
I also found it necessary to make the following symbolic link:
</p><p>
<tt class="prompt">root# </tt> <b class="userinput"><tt>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</tt></b>
@ -296,7 +297,7 @@ is faster (and you don't need to reboot) if you do it manually:
</p><p>
This makes <tt class="filename">libnss_winbind</tt> available to winbindd
and echos back a check to you.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2980242"></a>NSS Winbind on AIX</h4></div></div><div></div></div><p>(This section is only for those running AIX)</p><p>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2976815"></a>NSS Winbind on AIX</h4></div></div><div></div></div><p>(This section is only for those running AIX)</p><p>
The winbind AIX identification module gets built as libnss_winbind.so in the
nsswitch directory of the samba source. This file can be copied to
/usr/lib/security, and the AIX naming convention would indicate that it
@ -316,7 +317,7 @@ Programming Concepts for AIX&quot;: <a href="http://publibn.boulder.ibm.com/doc_
Chapter 18. Loadable Authentication Module Programming Interface</a>
and more information on administering the modules at <a href="http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/baseadmn/iandaadmin.htm" target="_top">
&quot;System Management Guide: Operating System and Devices&quot;</a>.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2980323"></a>Configure smb.conf</h4></div></div><div></div></div><p>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2976887"></a>Configure smb.conf</h4></div></div><div></div></div><p>
Several parameters are needed in the smb.conf file to control
the behavior of <span class="application">winbindd</span>. Configure
<tt class="filename">smb.conf</tt> These are described in more detail in
@ -338,7 +339,7 @@ include the following entries in the [global] section:
# give winbind users a real shell (only needed if they have telnet access)
<a href="winbindd.8.html#TEMPLATEHOMEDIR" target="_top">template homedir</a> = /home/winnt/%D/%U
<a href="winbindd.8.html#TEMPLATESHELL" target="_top">template shell</a> = /bin/bash
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2980439"></a>Join the SAMBA server to the PDC domain</h4></div></div><div></div></div><p>
</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2977000"></a>Join the SAMBA server to the PDC domain</h4></div></div><div></div></div><p>
Enter the following command to make the SAMBA server join the
PDC domain, where <i class="replaceable"><tt>DOMAIN</tt></i> is the name of
your Windows domain and <i class="replaceable"><tt>Administrator</tt></i> is
@ -349,7 +350,7 @@ a domain user who has administrative privileges in the domain.
The proper response to the command should be: &quot;Joined the domain
<i class="replaceable"><tt>DOMAIN</tt></i>&quot; where <i class="replaceable"><tt>DOMAIN</tt></i>
is your DOMAIN name.
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2980493"></a>Start up the winbindd daemon and test it!</h4></div></div><div></div></div><p>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2979843"></a>Start up the winbindd daemon and test it!</h4></div></div><div></div></div><p>
Eventually, you will want to modify your smb startup script to
automatically invoke the winbindd daemon when the other parts of
SAMBA start, but it is possible to test out just the winbind
@ -421,7 +422,7 @@ directories and default shells.
The same thing can be done for groups with the command
</p><p>
<tt class="prompt">root# </tt><b class="userinput"><tt>getent group</tt></b>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2980734"></a>Fix the init.d startup scripts</h4></div></div><div></div></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2980741"></a>Linux</h5></div></div><div></div></div><p>
</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2980083"></a>Fix the init.d startup scripts</h4></div></div><div></div></div><div xmlns:ns74="" class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2980091"></a>Linux</h5></div></div><div></div></div><p>
The <span class="application">winbindd</span> daemon needs to start up after the
<span class="application">smbd</span> and <span class="application">nmbd</span> daemons are running.
To accomplish this task, you need to modify the startup scripts of your system.
@ -452,18 +453,18 @@ start() {
touch /var/lock/subsys/smb || RETVAL=1
return $RETVAL
}
</pre><p>If you would like to run winbindd in dual daemon mode, replace
</pre><ns74:p>If you would like to run winbindd in dual daemon mode, replace
the line
</p><pre class="programlisting">
</ns74:p><pre class="programlisting">
daemon /usr/local/samba/bin/winbindd
</pre><p>
</pre><ns74:p>
in the example above with:
</p><pre class="programlisting">
</ns74:p><pre class="programlisting">
daemon /usr/local/samba/bin/winbindd -B
</pre><p>.
</p><p>
</pre><ns74:p>.
</ns74:p><p>
The 'stop' function has a corresponding entry to shut down the
services and looks like this:
</p><pre class="programlisting">
@ -487,7 +488,7 @@ stop() {
echo &quot;&quot;
return $RETVAL
}
</pre></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2980903"></a>Solaris</h5></div></div><div></div></div><p>Winbind doesn't work on solaris 9, see the <a href="Portability.html#winbind-solaris9" title="Winbind on Solaris 9">Portability</a> chapter for details.</p><p>On solaris, you need to modify the
</pre></div><div xmlns:ns75="" class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2980236"></a>Solaris</h5></div></div><div></div></div><p>Winbind doesn't work on solaris 9, see the <a href="Portability.html#winbind-solaris9" title="Winbind on Solaris 9">Portability</a> chapter for details.</p><p>On solaris, you need to modify the
<tt class="filename">/etc/init.d/samba.server</tt> startup script. It usually
only starts smbd and nmbd but should now start winbindd too. If you
have samba installed in <tt class="filename">/usr/local/samba/bin</tt>,
@ -539,22 +540,22 @@ the file could contains something like this:
echo &quot;Usage: /etc/init.d/samba.server { start | stop }&quot;
;;
esac
</pre><p>
</pre><ns75:p>
Again, if you would like to run samba in dual daemon mode, replace
</p><pre class="programlisting">
</ns75:p><pre class="programlisting">
/usr/local/samba/bin/winbindd
</pre><p>
</pre><ns75:p>
in the script above with:
</p><pre class="programlisting">
</ns75:p><pre class="programlisting">
/usr/local/samba/bin/winbindd -B
</pre><p>
</p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2981021"></a>Restarting</h5></div></div><div></div></div><p>
</pre><ns75:p>
</ns75:p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2980325"></a>Restarting</h5></div></div><div></div></div><p>
If you restart the <span class="application">smbd</span>, <span class="application">nmbd</span>, and <span class="application">winbindd</span> daemons at this point, you
should be able to connect to the samba server as a domain member just as
if you were a local user.
</p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2981058"></a>Configure Winbind and PAM</h4></div></div><div></div></div><p>
</p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2980361"></a>Configure Winbind and PAM</h4></div></div><div></div></div><p>
If you have made it this far, you know that winbindd and samba are working
together. If you want to use winbind to provide authentication for other
services, keep reading. The pam configuration files need to be altered in
@ -574,7 +575,7 @@ your other pam security modules. On my RedHat system, this was the
modules reside in <tt class="filename">/usr/lib/security</tt>.
</p><p>
<tt class="prompt">root# </tt><b class="userinput"><tt>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</tt></b>
</p><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2981164"></a>Linux/FreeBSD-specific PAM configuration</h5></div></div><div></div></div><p>
</p><div xmlns:ns76="" class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2980468"></a>Linux/FreeBSD-specific PAM configuration</h5></div></div><div></div></div><p>
The <tt class="filename">/etc/pam.d/samba</tt> file does not need to be changed. I
just left this fileas it was:
</p><pre class="programlisting">
@ -630,14 +631,14 @@ same way. It now looks like this:
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
</pre><p>
In this case, I added the </p><pre class="programlisting">auth sufficient /lib/security/pam_winbind.so</pre><p>
lines as before, but also added the </p><pre class="programlisting">required pam_securetty.so</pre><p>
</pre><ns76:p>
In this case, I added the </ns76:p><pre class="programlisting">auth sufficient /lib/security/pam_winbind.so</pre><ns76:p>
lines as before, but also added the </ns76:p><pre class="programlisting">required pam_securetty.so</pre><ns76:p>
above it, to disallow root logins over the network. I also added a
<b class="command">sufficient /lib/security/pam_unix.so use_first_pass</b>
line after the <b class="command">winbind.so</b> line to get rid of annoying
double prompts for passwords.
</p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2981388"></a>Solaris-specific configuration</h5></div></div><div></div></div><p>
</ns76:p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2980691"></a>Solaris-specific configuration</h5></div></div><div></div></div><p>
The /etc/pam.conf needs to be changed. I changed this file so that my Domain
users can logon both locally as well as telnet.The following are the changes
that I made.You can customize the pam.conf file as per your requirements,but
@ -709,12 +710,12 @@ annoying double prompts for passwords.
</p><p>
Now restart your Samba and try connecting through your application that you
configured in the pam.conf.
</p></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2981479"></a>Conclusion</h2></div></div><div></div></div><p>The winbind system, through the use of the Name Service
</p></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2980783"></a>Conclusion</h2></div></div><div></div></div><p>The winbind system, through the use of the Name Service
Switch, Pluggable Authentication Modules, and appropriate
Microsoft RPC calls have allowed us to provide seamless
integration of Microsoft Windows NT domain users on a
UNIX system. The result is a great reduction in the administrative
cost of running a mixed UNIX and NT network.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2981498"></a>Common Errors</h2></div></div><div></div></div><p>Winbind has a number of limitations in its current
cost of running a mixed UNIX and NT network.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2980802"></a>Common Errors</h2></div></div><div></div></div><p>Winbind has a number of limitations in its current
released version that we hope to overcome in future
releases:</p><div class="itemizedlist"><ul type="disc"><li><p>Winbind is currently only available for
the Linux, Solaris and IRIX operating systems, although ports to other operating