sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

sync from HEAD

Browse Source 
(This used to be commit 2eb7f0acd7)
This commit is contained in:
Gerald Carter
2002-10-25 15:15:32 +00:00
parent 48216962c4
commit ad0e01e750
105 changed files with 4769 additions and 29673 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
docs/README.Win32-Viruses
View File

@ -1,57 +0,0 @@
While this article is specific to the Nimda worm,
the information can be applied to preventing the spread
of many Win32 viruses. Thanks to the Samba Users Group of Japan
(SUGJ) for this article.
===============================================================================
Steps against Nimba Worm for Samba
Author: HASEGAWA Yosuke
Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>
The information in this article applies to
Samba 2.0.x
Samba 2.2.x
Windows 95/98/Me/NT/2000
SYMPTOMS
This article describes measures against Nimba Worm for Samba
server.
DESCRIPTION
Nimba Worm is infected through shared disks on a network, as well as through
Microsoft IIS, Internet Explorer and mailer of Outlook series.
At this time, the worm copies itself by the name *.nws and *.eml on
the shared disk, moreover, by the name of Riched20.dll in the folder
where *.doc file is included.
To prevent infection through the shared disk offered by Samba, set
up as follows:
-----
[global]
...
# This can break Administration installations of Office2k.
# in that case, don't veto the riched20.dll
veto files = /*.eml/*.nws/riched20.dll/
-----
By setting the "veto files" parameter, matched files on the Samba
server are completely hidden from the clients and making it impossible
to access them at all.
In addition to it, the following setting is also pointed out by the
samba-jp:09448 thread: when the
"readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on
a Samba server, it is visible only as "readme.txt" and dangerous
code may be executed if this file is double-clicked.
Setting the following,
-----
veto files = /*.{*}/
-----
any files having CLSID in its file extension will be inaccessible from any
clients.
This technical article is created based on the discussion of
samba-jp:09448 and samba-jp:10900 threads.

8355
docs/Samba-Developers-Guide.html
View File

File diff suppressed because it is too large Load Diff

BIN
docs/Samba-HOWTO-Collection.pdf
View File

Binary file not shown.

87
docs/docbook/Makefile.in
View File

@ -38,9 +38,15 @@ HTMLDOC = @HTMLDOC@
SRCDIR = @srcdir@
MANDIR=../manpages
HTMLDIR=../htmldocs
MANSGMLDIR = manpages/
SGMLDIR = projdoc/
MANPROJDOC = manpages/
PROJDOC = projdoc/
DEVDOC = devdoc/
PERL = @PERL@
PSDIR = ..
PDFDIR = ..
TXTDIR = ../textdocs
FAQPROJDOC = faq/
FAQDIR = ../faq
MANPAGES=$(patsubst %,$(MANDIR)/%,$(MANPAGES_NAMES))
MANPAGES_HTML=$(patsubst %,$(HTMLDIR)/%.html,$(MANPAGES_NAMES))
@ -55,55 +61,70 @@ all:
@echo "html - Build HTML version of HOWTO Collection"
@echo "htmlman - Build html version of manpages"
@echo "txt - Build plain text version of HOWTO Collection"
@echo "htmlfaq - Build html version of the FAQ"
@echo "everything - Build all of the above"
everything: manpages ps pdf html-single html htmlman txt htmlfaq
# Global rules
manpages: $(MANPAGES)
pdf: ../Samba-HOWTO-Collection.pdf ../Samba-Developers-Guide.pdf
ps: ../Samba-HOWTO-Collection.ps ../Samba-Developers-Guide.ps
txt: ../textdocs/Samba-HOWTO-Collection.txt ../textdocs/Samba-Developers-Guide.txt
pdf: $(PDFDIR)/Samba-HOWTO-Collection.pdf ../Samba-Developers-Guide.pdf
ps: $(PSDIR)/Samba-HOWTO-Collection.ps ../Samba-Developers-Guide.ps
txt: $(TXTDIR)/Samba-HOWTO-Collection.txt $(TXTDIR)/Samba-Developers-Guide.txt
htmlman: $(MANPAGES_HTML)
html-single: ../$(HTMLDIR)/Samba-HOWTO-Collection.html ../$(HTMLDIR)/Samba-Developers-Guide.html
htmlfaq:
$(DOCBOOK2HTML) -d samba.dsl -o $(FAQDIR) $(FAQPROJDOC)/sambafaq.sgml
html-single: $(HTMLDIR)/Samba-HOWTO-Collection.html $(HTMLDIR)/Samba-Developers-Guide.html
html:
$(DOCBOOK2HTML) -d samba.dsl -o $(HTMLDIR) projdoc/samba-doc.sgml
$(DOCBOOK2HTML) -d samba.dsl -o $(HTMLDIR) $(PROJDOC)/samba-doc.sgml
../Samba-HOWTO-Collection.txt: $(SGMLDIR)/samba-doc.sgml
$(DOCBOOK2TXT) -o .. $<
mv ../samba-doc.txt $@
# Text files
../Samba-Developers-Guide.txt: $(SGMLDIR)/samba-doc.sgml
$(DOCBOOK2TXT) -o .. $<
mv ../samba-doc.txt $@
$(TXTDIR)/Samba-HOWTO-Collection.txt: $(PROJDOC)/samba-doc.sgml
$(DOCBOOK2TXT) -o . $<
mv ./samba-doc.txt $@
../Samba-HOWTO-Collection.ps: $(SGMLDIR)/samba-doc.sgml
$(DOCBOOK2PS) -o .. $<
mv ../samba-doc.ps $@
$(TXTDIR)/Samba-Developers-Guide.txt: $(PROJDOC)/samba-doc.sgml
$(DOCBOOK2TXT) -o . $<
mv ./samba-doc.txt $@
../Samba-Developers-Guide.ps: $(SGMLDIR)/samba-doc.sgml
$(DOCBOOK2PS) -o .. $<
mv ../samba-doc.ps $@
# PostScript
../Samba-HOWTO-Collection.pdf: ../$(HTMLDIR)/Samba-HOWTO-Collection.html
$(PSDIR)/Samba-HOWTO-Collection.ps: $(PROJDOC)/samba-doc.sgml
$(DOCBOOK2PS) -o . $<
mv ./samba-doc.ps $@
$(PSDIR)/Samba-Developers-Guide.ps: $(PROJDOC)/samba-doc.sgml
$(DOCBOOK2PS) -o . $<
mv ./samba-doc.ps $@
# Adobe PDF files
$(PDFDIR)/Samba-HOWTO-Collection.pdf: $(HTMLDIR)/Samba-HOWTO-Collection.html
$(HTMLDOC) --book --color --links -f $@ $<
../Samba-Developers-Guide.pdf: ../$(HTMLDIR)/Samba-Developers-Guide.html
$(PDFDIR)/Samba-Developers-Guide.pdf: $(HTMLDIR)/Samba-Developers-Guide.html
$(HTMLDOC) --book --color --links -f $@ $<
../$(HTMLDIR)/Samba-HOWTO-Collection.html: $(SGMLDIR)/samba-doc.sgml
$(DOCBOOK2HTML) -u -o .. $<
mv ../samba-doc.html $@
# Single large HTML files
../$(HTMLDIR)/Samba-Developers-Guide.html: devdoc/dev-doc.sgml
$(DOCBOOK2HTML) -u -o .. $<
mv ../dev-doc.html $@
$(HTMLDIR)/Samba-HOWTO-Collection.html: $(PROJDOC)/samba-doc.sgml
$(DOCBOOK2HTML) -u -o . $<
mv ./samba-doc.html $@
$(HTMLDIR)/Samba-Developers-Guide.html: $(DEVDOC)/dev-doc.sgml
$(DOCBOOK2HTML) -u -o . $<
mv ./dev-doc.html $@
$(HTMLDIR)/%.html: $(MANSGMLDIR)/%.sgml
$(DOCBOOK2HTML) -o $(HTMLDIR) $<
mv $(HTMLDIR)/index.html $@
$(HTMLDIR)/%.html: $(MANPROJDOC)/%.sgml
$(DOCBOOK2HTML) -u -o $(HTMLDIR) $<
$(MANDIR)/%: $(MANSGMLDIR)/%.sgml
$(DOCBOOK2MAN) -o $(MANDIR) $<
$(MANDIR)/%: $(MANPROJDOC)/%.sgml
$(DOCBOOK2MAN) -o $(MANDIR) $< || rm $@
$(PERL) scripts/strip-links.pl < $@ > $@.temp
mv $@.temp $@
clean:
rm -f $(MANPAGES) $(MANPAGES_HTML) ../$(HTMLDIR)/*.html ../Samba-HOWTO-Collection.p* ../Samba-Developers-Guide.p*
rm -f $(MANPAGES) $(MANPAGES_HTML) $(HTMLDIR)/*.html $(TXTDIR)/*.txt $(PSDIR)/*.ps $(PDFDIR)/*.pdf

4
docs/docbook/devdoc/dev-doc.sgml
View File

@ -10,9 +10,10 @@
<!ENTITY cifsntdomain SYSTEM "cifsntdomain.sgml">
<!ENTITY printing SYSTEM "printing.sgml">
<!ENTITY wins SYSTEM "wins.sgml">
<!ENTITY sam SYSTEM "sam.sgml">
]>
<book id="Samba-Developer-Documentation">
<book id="Samba-Developers-Guide">
<title>SAMBA Developers Guide</title>
@ -62,5 +63,6 @@ url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</u
&cifsntdomain;
&printing;
&wins;
&sam;
</book>

2
docs/docbook/faq/README.NOW
View File

@ -1,2 +0,0 @@
The files previously in this directory have been incorporated
into the Samba-HOWTO-Collection

2
docs/docbook/manpages/findsmb.1.sgml
View File

@ -98,7 +98,7 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>

197
docs/docbook/manpages/make_smbcodepage.1.sgml
View File

@ -1,197 +0,0 @@
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
<refentry id="make-smbcodepage">
<refmeta>
<refentrytitle>make_smbcodepage</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>make_smbcodepage</refname>
<refpurpose>construct a codepage file for Samba</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>make_smbcodepage</command>
<arg choice="req">c|d</arg>
<arg choice="req">codepage</arg>
<arg choice="req">inputfile</arg>
<arg choice="req">outputfile</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <ulink url="samba.7.html">
Samba</ulink> suite.</para>
<para><command>make_smbcodepage</command> compiles or de-compiles
codepage files for use with the internationalization features
of Samba 2.2</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>c|d</term>
<listitem><para>This tells <command>make_smbcodepage</command>
if it is compiling (<parameter>c</parameter>) a text format code
page file to binary, or (<parameter>d</parameter>) de-compiling
a binary codepage file to text. </para></listitem>
</varlistentry>
<varlistentry>
<term>codepage</term>
<listitem><para>This is the codepage we are processing (a
number, e.g. 850). </para></listitem>
</varlistentry>
<varlistentry>
<term>inputfile</term>
<listitem><para>This is the input file to process. In
the <parameter>c</parameter> case, this will be a text
codepage definition file such as the ones found in the Samba
<filename>source/codepages</filename> directory. In
the <parameter>d</parameter> case, this will be the
binary format codepage definition file normally found in
the <filename>lib/codepages</filename> directory in the
Samba install directory path.</para></listitem>
</varlistentry>
<varlistentry>
<term>outputfile</term>
<listitem><para>This is the output file to produce.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Samba Codepage Files</title>
<para>A text Samba codepage definition file is a description
that tells Samba how to map from upper to lower case for
characters greater than ascii 127 in the specified DOS code page.
Note that for certain DOS codepages (437 for example) mapping
from lower to upper case may be non-symmetrical. For example, in
code page 437 lower case a acute maps to a plain upper case A
when going from lower to upper case, but plain upper case A maps
to plain lower case a when lower casing a character. </para>
<para>A binary Samba codepage definition file is a binary
representation of the same information, including a value that
specifies what codepage this file is describing. </para>
<para>As Samba does not yet use UNICODE (current for Samba version 2.2)
you must specify the client code page that your DOS and Windows
clients are using if you wish to have case insensitivity done
correctly for your particular language. The default codepage Samba
uses is 850 (Western European). Text codepage definition sample files
are provided in the Samba distribution for codepages 437 (USA), 737 (Greek),
850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic),
932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional
Chinese). Users are encouraged to write text codepage definition files for
their own code pages and donate them to samba@samba.org. All codepage files
in the Samba <filename>source/codepages</filename> directory are
compiled and installed when a <command>'make install'</command>
command is issued there. </para>
<para>The client codepage used by the <command>smbd</command> server
is configured using the <command>client code page</command> parameter
in the <command>smb.conf</command> file. </para>
</refsect1>
<refsect1>
<title>Files</title>
<para><command>codepage_def.&lt;codepage&gt;</command></para>
<para>These are the input (text) codepage files provided in the
Samba <filename>source/codepages</filename> directory.</para>
<para>A text codepage definition file consists of multiple lines
containing four fields. These fields are:</para>
<itemizedlist>
<listitem><para><command>lower</command>: which is the
(hex) lower case character mapped on this line.</para>
</listitem>
<listitem><para><command>upper</command>: which is the (hex)
upper case character that the lower case character will map to.
</para></listitem>
<listitem><para><command>map upper to lower</command> which
is a boolean value (put either True or False here) which tells
Samba if it is to map the given upper case character to the
given lower case character when lower casing a filename.
</para></listitem>
<listitem><para><command>map lower to upper</command> which
is a boolean value (put either True or False here) which tells
Samba if it is to map the given lower case character to the
given upper case character when upper casing a filename.
</para></listitem>
</itemizedlist>
<para><command>codepage.&lt;codepage&gt;</command> - These are the
output (binary) codepage files produced and placed in the Samba
destination <filename>lib/codepage</filename> directory. </para>
</refsect1>
<refsect1>
<title>Installation</title>
<para>The location of the server and its support files is a
matter for individual system administrators. The following are
thus suggestions only. </para>
<para>It is recommended that the <command>make_smbcodepage
</command> program be installed under the <filename>/usr/local/samba
</filename> hierarchy, in a directory readable by all, writeable
only by root. The program itself should be executable by all. The
program should NOT be setuid or setgid! </para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>,
<ulink url="smb.conf.5.html">smb.conf(5)</ulink>
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</para>
</refsect1>
</refentry>

172
docs/docbook/manpages/make_unicodemap.1.sgml
View File

@ -1,172 +0,0 @@
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
<refentry id="make-unicodemap">
<refmeta>
<refentrytitle>make_unicodemap</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>make_unicodemap</refname>
<refpurpose>construct a unicode map file for Samba</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>make_unicodemap</command>
<arg choice="req">codepage</arg>
<arg choice="req">inputfile</arg>
<arg choice="req">outputfile</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>
This tool is part of the <ulink url="samba.7.html">Samba</ulink>
suite.
</para>
<para>
<command>make_unicodemap</command> compiles text unicode map
files into binary unicode map files for use with the
internationalization features of Samba 2.2.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>codepage</term>
<listitem><para>This is the codepage or UNIX character
set we are processing (a number, e.g. 850).
</para></listitem>
</varlistentry>
<varlistentry>
<term>inputfile</term>
<listitem><para>This is the input file to process. This is a
text unicode map file such as the ones found in the Samba
<filename>source/codepages</filename> directory.
</para></listitem>
</varlistentry>
<varlistentry>
<term>outputfile</term>
<listitem><para>This is the binary output file to produce.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Samba Unicode Map Files</title>
<para>
A text Samba unicode map file is a description that tells Samba
how to map characters from a specified DOS code page or UNIX character
set to 16 bit unicode.
</para>
<para>A binary Samba unicode map file is a binary representation
of the same information, including a value that specifies what
codepage or UNIX character set this file is describing.
</para>
</refsect1>
<refsect1>
<title>Files</title>
<para><filename>CP&lt;codepage&gt;.TXT</filename></para>
<para>
These are the input (text) unicode map files provided
in the Samba <filename>source/codepages</filename>
directory.
</para>
<para>
A text unicode map file consists of multiple lines
containing two fields. These fields are :
</para>
<itemizedlist>
<listitem><para><parameter>character</parameter> - which is
the (hex) character mapped on this line.
</para></listitem>
<listitem><para><parameter>unicode</parameter> - which
is the (hex) 16 bit unicode character that the character
will map to.
</para></listitem>
</itemizedlist>
<para>
<filename>unicode_map.&lt;codepage&gt;</filename> - These are
the output (binary) unicode map files produced and placed in
the Samba destination <filename>lib/codepage</filename>
directory.
</para>
</refsect1>
<refsect1>
<title>Installation</title>
<para>
The location of the server and its support files is a matter
for individual system administrators. The following are thus
suggestions only.
</para>
<para>
It is recommended that the <command>make_unicodemap</command>
program be installed under the
<filename>$prefix/samba</filename> hierarchy,
in a directory readable by all, writeable only by root. The
program itself should be executable by all. The program
should NOT be setuid or setgid!
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>,
<ulink url="smb.conf.5.html">smb.conf(5)</ulink>
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</para>
</refsect1>
</refentry>

287
docs/docbook/manpages/net.8.sgml
View File

@ -17,6 +17,25 @@
<cmdsynopsis>
<command>net</command>
<arg choice="req">&lt;ads|rap|rpc&gt;</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-w workgroup</arg>
<arg choice="opt">-W myworkgroup</arg>
<arg choice="opt">-U user</arg>
<arg choice="opt">-I ip-address</arg>
<arg choice="opt">-p port</arg>
<arg choice="opt">-n myname</arg>
<arg choice="opt">-s conffile</arg>
<arg choice="opt">-S server</arg>
<arg choice="opt">-C comment</arg>
<arg choice="opt">-M maxusers</arg>
<arg choice="opt">-F flags</arg>
<arg choice="opt">-j jobid</arg>
<arg choice="opt">-l</arg>
<arg choice="opt">-r</arg>
<arg choice="opt">-f</arg>
<arg choice="opt">-t timeout</arg>
<arg choice="opt">-P</arg>
<arg choice="opt">-D debuglevel</arg>
</cmdsynopsis>
</refsynopsisdiv>
@ -26,23 +45,283 @@
<para>This tool is part of the <ulink url="samba.7.html">
Samba</ulink> suite.</para>
</refsect1>
<para>The samba net utility is meant to work just like the net utility
available for windows and DOS.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para></para>
<variablelist>
<varlistentry>
<term>-h</term>
<listitem><para>
Display summary of all available options.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-w target-workgroup</term>
<listitem><para>
Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-W workgroup</term>
<listitem><para>
Sets client workgroup or domain
</para></listitem>
</varlistentry>
<varlistentry>
<term>-U user</term>
<listitem><para>
User name to use
</para></listitem>
</varlistentry>
<varlistentry>
<term>-I ip-address</term>
<listitem><para>
IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-p port</term>
<listitem><para>
Port on the target server to connect to.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-n myname</term>
<listitem><para>
Sets name of the client.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-s conffile</term>
<listitem><para>
Specify alternative configuration file that should be loaded.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-S server</term>
<listitem><para>
Name of target server. You should specify either this option or a target workgroup or a target IP address.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-C comment</term>
<listitem><para>
FIXME
</para></listitem>
</varlistentry>
<varlistentry>
<term>-M maxusers</term>
<listitem><para>
FIXME
</para></listitem>
</varlistentry>
<varlistentry>
<term>-F flags</term>
<listitem><para>
FIXME
</para></listitem>
</varlistentry>
<varlistentry>
<term>-j jobid</term>
<listitem><para>
FIXME
</para></listitem>
</varlistentry>
<varlistentry>
<term>-l</term>
<listitem><para>
FIXME
</para></listitem>
</varlistentry>
<varlistentry>
<term>-r</term>
<listitem><para>
FIXME
</para></listitem>
</varlistentry>
<varlistentry>
<term>-f</term>
<listitem><para>
FIXME
</para></listitem>
</varlistentry>
<varlistentry>
<term>-t timeout</term>
<listitem><para>
FIXME
</para></listitem>
</varlistentry>
<varlistentry>
<term>-P</term>
<listitem><para>
Make queries to the external server using the machine account of the local server.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-D debuglevel</term>
<listitem><para>set the debuglevel. Debug level 0 is the lowest
and 100 being the highest. This should be set to 100 if you are
planning on submitting a bug report to the Samba team (see
<filename>BUGS.txt</filename>).
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>COMMANDS</title>
<title>TIME</title>
<para>The <command>NET TIME</command> command allows you to view the time on a remote server
or synchronise the time on the local server with the time on the remote server.</para>
<para></para>
<variablelist>
<varlistentry>
<term></term>
<listitem><para>
Without any options, the <command>NET TIME</command> command
displays the time on the remote server.
</para></listitem>
</varlistentry>
<varlistentry>
<term>SYSTEM</term>
<listitem><para>
Displays the time on the remote server in a format ready for /bin/date
</para></listitem>
</varlistentry>
<varlistentry>
<term>SET</term>
<listitem><para>
Tries to set the date and time of the local server to that on
the remote server using /bin/date.
</para></listitem>
</varlistentry>
<varlistentry>
<term>ZONE</term>
<listitem><para>
Displays the timezone in hours from GMT on the remote computer.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>RPC</title>
<para>The <command>NET RPC</command> command allows you to do various
NT4 operations.</para>
<variablelist>
<varlistentry>
<term>JOIN -U username[%password] [options]</term>
<listitem><para>
Join a domain with specified username and password. Password
will be prompted if none is specified.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>JOIN [options except -U]</term>
<listitem><para>
to join a domain created in server manager
</para></listitem>
</varlistentry>
<varlistentry>
<term>USER [misc. options] [targets]</term>
<listitem><para>
List users
</para></listitem>
</varlistentry>
<varlistentry>
<term>USER DELETE &lt;name&gt; [misc options]</term>
<listitem><para>
delete specified user
</para></listitem>
</varlistentry>
<varlistentry>
<term>USER INFO &lt;name&gt; [misc options]</term>
<listitem><para>
list the domain groups of the specified user
</para></listitem>
</varlistentry>
<varlistentry>
<term>USER ADD &lt;name&gt; [password] [-F user flags] [misc. options</term>
<listitem><para>
Add specified user
</para></listitem>
</varlistentry>
<varlistentry>
<term>GROUP [misc options] [targets]</term>
<listitem><para>
List user groups
</para></listitem>
</varlistentry>
<varlistentry>
<term>GROUP DELETE &lt;name&gt; [misc. options] [targets]</term>
<listitem><para>
Delete specified group
</para></listitem>
</varlistentry>
<varlistentry>
<term>GROUP ADD &lt;name&gt; [-C comment]</term>
<listitem><para>
Create specified group
</para></listitem>
</varlistentry>
<varlistentry>
<term>SHARE [misc. options] [targets]</term>
<listitem><para>
enumerates all exported resources (network shares) on target server
</para></listitem>
</varlistentry>
<varlistentry>
<term>SHARE ADD &lt;name=serverpath&gt; [misc. options] [targets]</term>
<listitem><para>
Adds a share from a server (makes the export active)
</para></listitem>
</varlistentry>
<varlistentry>
<term>SHARE DELETE &lt;sharenam</term>
<listitem><para></para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>

4
docs/docbook/manpages/nmbd.8.sgml
View File

@ -1,3 +1,4 @@
2Q
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
<refentry id="nmbd">
@ -20,7 +21,6 @@
<arg choice="opt">-a</arg>
<arg choice="opt">-i</arg>
<arg choice="opt">-o</arg>
<arg choice="opt">-P</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-V</arg>
<arg choice="opt">-d &lt;debug level&gt;</arg>
@ -39,7 +39,7 @@
<para><command>nmbd</command> is a server that understands
and can reply to NetBIOS over IP name service requests, like
those produced by SMB/CIFS clients such as Windows 95/98/ME,
Windows NT, Windows 2000, and LanManager clients. It also
Windows NT, Windows 2000, Windows XP and LanManager clients. It also
participates in the browsing protocols which make up the
Windows "Network Neighborhood" view.</para>

12
docs/docbook/manpages/nmblookup.1.sgml
View File

@ -28,6 +28,7 @@
<arg choice="opt">-s &lt;smb config file&gt;</arg>
<arg choice="opt">-i &lt;NetBIOS scope&gt;</arg>
<arg choice="opt">-T</arg>
<arg choice="opt">-f</arg>
<arg choice="req">name</arg>
</cmdsynopsis>
</refsynopsisdiv>
@ -182,6 +183,15 @@
<para> pair that is the normal output.</para></listitem>
</varlistentry>
<varlistentry>
<term>-f</term>
<listitem><para>
Show which flags apply to the name that has been looked up. Possible
answers are zero or more of: Response, Authoritative,
Truncated, Recursion_Desired, Recursion_Available, Broadcast.
</para></listitem>
</varlistentry>
<varlistentry>
<term>name</term>
@ -217,7 +227,7 @@
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>

32
docs/docbook/manpages/pdbedit.8.sgml
View File

@ -31,6 +31,8 @@
<arg choice="opt">-e passdb-backend</arg>
<arg choice="opt">-b passdb-backend</arg>
<arg choice="opt">-D debuglevel</arg>
<arg choice="opt">-P account-policy</arg>
<arg choice="opt">-V value</arg>
</cmdsynopsis>
</refsynopsisdiv>
@ -268,6 +270,36 @@
<para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-P account-policy</term>
<listitem><para>Display an account policy</para>
<para>Valid policies are: minimum password age, reset count minutes, disconnect time,
user must logon to change password, password history, lockout duration, min password length,
maximum password age and bad lockout attempt.
<para>Example: <command>pdbedit -P "bad lockout attempt"</command></para>
<para><programlisting>
account policy value for bad lockout attempt is 0
</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-V account-policy-value</term>
<listitem><para>Sets an account policy to a specified value.
This option may only be used in conjunction
with the <parameter>-P</parameter> option.
<para>Example: <command>pdbedit -P "bad lockout attempt" -V 3</command></para>
<para><programlisting>
account policy value for bad lockout attempt was 0
account policy value for bad lockout attempt is now 3
</programlisting></para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>

351
docs/docbook/manpages/smb.conf.5.sgml
View File

@ -109,7 +109,7 @@
<computeroutput>
[foo]
path = /home/bar
writeable = true
read only = no
</computeroutput>
</screen>
@ -124,9 +124,9 @@
<computeroutput>
[aprinter]
path = /usr/spool/public
writeable = false
printable = true
guest ok = true
read only = yes
printable = yes
guest ok = yes
</computeroutput>
</screen>
</refsect1>
@ -195,7 +195,7 @@
<screen>
<computeroutput>
[homes]
writeable = yes
read only = no
</computeroutput>
</screen>
@ -333,29 +333,6 @@
might be relevant. These are:</para>
<variablelist>
<varlistentry>
<term>%S</term>
<listitem><para>the name of the current service, if any.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%P</term>
<listitem><para>the root directory of the current service,
if any.</para></listitem>
</varlistentry>
<varlistentry>
<term>%u</term>
<listitem><para>user name of the current service, if any.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%g</term>
<listitem><para>primary group name of %u.</para></listitem>
</varlistentry>
<varlistentry>
<term>%U</term>
<listitem><para>session user name (the user name that the client
@ -367,17 +344,6 @@
<listitem><para>primary group name of %U.</para></listitem>
</varlistentry>
<varlistentry>
<term>%H</term>
<listitem><para>the home directory of the user given
by %u.</para></listitem>
</varlistentry>
<varlistentry>
<term>%v</term>
<listitem><para>the Samba version.</para></listitem>
</varlistentry>
<varlistentry>
<term>%h</term>
<listitem><para>the Internet hostname that Samba is running
@ -408,22 +374,6 @@
</para></listitem>
</varlistentry>
<varlistentry>
<term>%N</term>
<listitem><para>the name of your NIS home directory server.
This is obtained from your NIS auto.map entry. If you have
not compiled Samba with the <emphasis>--with-automount</emphasis>
option then this value will be the same as %L.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%p</term>
<listitem><para>the path of the service's home directory,
obtained from your NIS auto.map entry. The NIS auto.map entry
is split up as "%N:%p".</para></listitem>
</varlistentry>
<varlistentry>
<term>%R</term>
<listitem><para>the selected protocol level after
@ -459,6 +409,11 @@
<listitem><para>the current date and time.</para></listitem>
</varlistentry>
<varlistentry>
<term>%D</term>
<listitem><para>Name of the domain or workgroup of the current user.</para></listitem>
</varlistentry>
<varlistentry>
<term>%$(<replaceable>envvar</replaceable>)</term>
<listitem><para>The value of the environment variable
@ -466,6 +421,56 @@
</varlistentry>
</variablelist>
<para>The following substitutes apply only to some configuration options(only those
that are used when a connection has been established):</para>
<variablelist>
<varlistentry>
<term>%S</term>
<listitem><para>the name of the current service, if any.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%P</term>
<listitem><para>the root directory of the current service,
if any.</para></listitem>
</varlistentry>
<varlistentry>
<term>%u</term>
<listitem><para>user name of the current service, if any.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%g</term>
<listitem><para>primary group name of %u.</para></listitem>
</varlistentry>
<varlistentry>
<term>%H</term>
<listitem><para>the home directory of the user given
by %u.</para></listitem>
</varlistentry>
<varlistentry>
<term>%N</term>
<listitem><para>the name of your NIS home directory server.
This is obtained from your NIS auto.map entry. If you have
not compiled Samba with the <emphasis>--with-automount</emphasis>
option then this value will be the same as %L.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%p</term>
<listitem><para>the path of the service's home directory,
obtained from your NIS auto.map entry. The NIS auto.map entry
is split up as "%N:%p".</para></listitem>
</varlistentry>
</variablelist>
<para>There are some quite creative things that can be done
with these substitutions and other smb.conf options.</para
</refsect1>
@ -528,7 +533,7 @@
</varlistentry>
</variablelist>
<para>By default, Samba 2.2 has the same semantics as a Windows
<para>By default, Samba 3.0 has the same semantics as a Windows
NT server, in that it is case insensitive but case preserving.</para>
</refsect1>
@ -630,8 +635,6 @@
<listitem><para><link linkend="DISABLESPOOLSS"><parameter>disable spoolss</parameter></link></para></listitem>
<listitem><para><link linkend="DISPLAYCHARSET"><parameter>display charset</parameter></link></para></listitem>
<listitem><para><link linkend="DNSPROXY"><parameter>dns proxy</parameter></link></para></listitem>
<listitem><para><link linkend="DOMAINADMINGROUP"><parameter>domain admin group</parameter></link></para></listitem>
<listitem><para><link linkend="DOMAINGUESTGROUP"><parameter>domain guest group</parameter></link></para></listitem>
<listitem><para><link linkend="DOMAINLOGONS"><parameter>domain logons</parameter></link></para></listitem>
<listitem><para><link linkend="DOMAINMASTER"><parameter>domain master</parameter></link></para></listitem>
<listitem><para><link linkend="DOSCHARSET"><parameter>dos charset</parameter></link></para></listitem>
@ -642,6 +645,7 @@
<listitem><para><link linkend="HIDELOCALUSERS"><parameter>hide local users</parameter></link></para></listitem>
<listitem><para><link linkend="HIDEUNREADABLE"><parameter>hide unreadable</parameter></link></para></listitem>
<listitem><para><link linkend="HIDEUNWRITEABLEFILES"><parameter>hide unwriteable files</parameter></link></para></listitem>
<listitem><para><link linkend="HIDESPECIALFILES"><parameter>hide special files</parameter></link></para></listitem>
<listitem><para><link linkend="HOMEDIRMAP"><parameter>homedir map</parameter></link></para></listitem>
<listitem><para><link linkend="HOSTMSDFS"><parameter>host msdfs</parameter></link></para></listitem>
<listitem><para><link linkend="HOSTNAMELOOKUPS"><parameter>hostname lookups</parameter></link></para></listitem>
@ -763,6 +767,7 @@
<listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem>
<listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem>
<listitem><para><link linkend="USERHOSTS"><parameter>use rhosts</parameter></link></para></listitem>
<listitem><para><link linkend="USESENDFILE"><parameter>use sendfile</parameter></link></para></listitem>
<listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem>
<listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem>
<listitem><para><link linkend="UTMP"><parameter>utmp</parameter></link></para></listitem>
@ -897,7 +902,6 @@
<listitem><para><link linkend="SETDIRECTORY"><parameter>set directory</parameter></link></para></listitem>
<listitem><para><link linkend="SHAREMODES"><parameter>share modes</parameter></link></para></listitem>
<listitem><para><link linkend="SHORTPRESERVECASE"><parameter>short preserve case</parameter></link></para></listitem>
<listitem><para><link linkend="STATUS"><parameter>status</parameter></link></para></listitem>
<listitem><para><link linkend="STRICTALLOCATE"><parameter>strict allocate</parameter></link></para></listitem>
<listitem><para><link linkend="STRICTLOCKING"><parameter>strict locking</parameter></link></para></listitem>
<listitem><para><link linkend="STRICTSYNC"><parameter>strict sync</parameter></link></para></listitem>
@ -1394,12 +1398,12 @@
request has a time limit associated with it.</para>
<para>If this parameter is set and the lock range requested
cannot be immediately satisfied, Samba 2.2 will internally
cannot be immediately satisfied, samba will internally
queue the lock request, and periodically attempt to obtain
the lock until the timeout period expires.</para>
<para>If this parameter is set to <constant>false</constant>, then
Samba 2.2 will behave as previous versions of Samba would and
<para>If this parameter is set to <constant>no</constant>, then
samba will behave as previous versions of Samba would and
will fail the lock request immediately if the lock range
cannot be obtained.</para>
@ -1447,7 +1451,7 @@
<listitem><para>This controls whether <ulink url="smbd.8.html">
<command>smbd(8)</command></ulink> will serve a browse list to
a client doing a <command>NetServerEnum</command> call. Normally
set to <constant>true</constant>. You should never need to change
set to <constant>yes</constant>. You should never need to change
this.</para>
<para>Default: <command>browse list = yes</command></para></listitem>
@ -1747,7 +1751,7 @@
<varlistentry>
<term><anchor id="DEBUGTIMESTAMP">debug timestamp (G)</term>
<listitem><para>Samba 2.2 debug log messages are timestamped
<listitem><para>Samba debug log messages are timestamped
by default. If you are running at a high <link linkend="DEBUGLEVEL">
<parameter>debug level</parameter></link> these timestamps
can be distracting. This boolean parameter allows timestamping
@ -2031,11 +2035,11 @@
<listitem><para>This option is used when Samba is attempting to
delete a directory that contains one or more vetoed directories
(see the <link linkend="VETOFILES"><parameter>veto files</parameter></link>
option). If this option is set to <constant>false</constant> (the default) then if a vetoed
option). If this option is set to <constant>no</constant> (the default) then if a vetoed
directory contains any non-vetoed files or directories then the
directory delete will fail. This is usually what you want.</para>
<para>If this option is set to <constant>true</constant>, then Samba
<para>If this option is set to <constant>yes</constant>, then Samba
will attempt to recursively delete any files and directories within
the vetoed directory. This can be useful for integration with file
serving systems such as NetAtalk which create meta-files within
@ -2291,56 +2295,9 @@
</varlistentry>
<varlistentry>
<term><anchor id="DOMAINADMINGROUP">domain admin group (G)</term>
<listitem><para>This parameter is intended as a temporary solution
to enable users to be a member of the "Domain Admins" group when
a Samba host is acting as a PDC. A complete solution will be provided
by a system for mapping Windows NT/2000 groups onto UNIX groups.
Please note that this parameter has a somewhat confusing name. It
accepts a list of usernames and of group names in standard
<filename>smb.conf</filename> notation.
</para>
<para>See also <link linkend="DOMAINGUESTGROUP"><parameter>domain
guest group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain
logons</parameter></link>
</para>
<para>Default: <emphasis>no domain administrators</emphasis></para>
<para>Example: <command>domain admin group = root @wheel</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term><anchor id="DOMAINGUESTGROUP">domain guest group (G)</term>
<listitem><para>This parameter is intended as a temporary solution
to enable users to be a member of the "Domain Guests" group when
a Samba host is acting as a PDC. A complete solution will be provided
by a system for mapping Windows NT/2000 groups onto UNIX groups.
Please note that this parameter has a somewhat confusing name. It
accepts a list of usernames and of group names in standard
<filename>smb.conf</filename> notation.
</para>
<para>See also <link linkend="DOMAINADMINGROUP"><parameter>domain
admin group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain
logons</parameter></link>
</para>
<para>Default: <emphasis>no domain guests</emphasis></para>
<para>Example: <command>domain guest group = nobody @guest</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term><anchor id="DOMAINLOGONS">domain logons (G)</term>
<listitem><para>If set to <constant>true</constant>, the Samba server will serve
<listitem><para>If set to <constant>yes</constant>, the Samba server will serve
Windows 95/98 Domain logons for the <link linkend="WORKGROUP">
<parameter>workgroup</parameter></link> it is in. Samba 2.2 also
has limited capability to act as a domain controller for Windows
@ -2478,7 +2435,7 @@
default, Samba runs with POSIX semantics and refuses to change the
timestamp on a file if the user <command>smbd</command> is acting
on behalf of is not the file owner. Setting this option to <constant>
true</constant> allows DOS semantics and <ulink url="smbd.8.html">smbd</ulink> will change the file
yes</constant> allows DOS semantics and <ulink url="smbd.8.html">smbd</ulink> will change the file
timestamp as DOS requires.</para>
<para>Default: <command>dos filetimes = no</command></para></listitem>
@ -2870,7 +2827,7 @@
caching algorithm will be used to reduce the time taken for getwd()
calls. This can have a significant impact on performance, especially
when the <link linkend="WIDELINKS"><parameter>wide links</parameter>
</link>parameter is set to <constant>false</constant>.</para>
</link>parameter is set to <constant>no</constant>.</para>
<para>Default: <command>getwd cache = yes</command></para>
</listitem>
@ -3026,10 +2983,21 @@
</listitem>
</varlistentry>
<varlistentry>
<term><anchor id="HIDESPECIALFILES">hide special files (G)</term>
<listitem><para>This parameter prevents clients from seeing
special files such as sockets, devices and fifo's in directory
listings.
</para>
<para>Default: <command>hide special files = no</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term><anchor id="HOMEDIRMAP">homedir map (G)</term>
<listitem><para>If<link linkend="NISHOMEDIR"><parameter>nis homedir
</parameter></link> is <constant>true</constant>, and <ulink
</parameter></link> is <constant>yes</constant>, and <ulink
url="smbd.8.html"><command>smbd(8)</command></ulink> is also acting
as a Win95/98 <parameter>logon server</parameter> then this parameter
specifies the NIS (or YP) map from which the server for the user's
@ -3603,7 +3571,7 @@
oplocks</parameter></link> are supported then level2 oplocks are
not granted (even if this parameter is set to <constant>yes</constant>).
Note also, the <link linkend="OPLOCKS"><parameter>oplocks</parameter>
</link> parameter must be set to <constant>true</constant> on this share in order for
</link> parameter must be set to <constant>yes</constant> on this share in order for
this parameter to have any effect.</para>
<para>See also the <link linkend="OPLOCKS"><parameter>oplocks</parameter>
@ -3624,10 +3592,10 @@
<command>nmbd(8)</command></ulink> will produce Lanman announce
broadcasts that are needed by OS/2 clients in order for them to see
the Samba server in their browse list. This parameter can have three
values, <constant>true</constant>, <constant>false</constant>, or
values, <constant>yes</constant>, <constant>no</constant>, or
<constant>auto</constant>. The default is <constant>auto</constant>.
If set to <constant>false</constant> Samba will never produce these
broadcasts. If set to <constant>true</constant> Samba will produce
If set to <constant>no</constant> Samba will never produce these
broadcasts. If set to <constant>yes</constant> Samba will produce
Lanman announce broadcasts at a frequency set by the parameter
<parameter>lm interval</parameter>. If set to <constant>auto</constant>
Samba will not send Lanman announce broadcasts by default but will
@ -3682,15 +3650,15 @@
<term><anchor id="LOCALMASTER">local master (G)</term>
<listitem><para>This option allows <ulink url="nmbd.8.html"><command>
nmbd(8)</command></ulink> to try and become a local master browser
on a subnet. If set to <constant>false</constant> then <command>
on a subnet. If set to <constant>no</constant> then <command>
nmbd</command> will not attempt to become a local master browser
on a subnet and will also lose in all browsing elections. By
default this value is set to <constant>true</constant>. Setting this value to <constant>true</constant> doesn't
default this value is set to <constant>yes</constant>. Setting this value to <constant>yes</constant> doesn't
mean that Samba will <emphasis>become</emphasis> the local master
browser on a subnet, just that <command>nmbd</command> will <emphasis>
participate</emphasis> in elections for local master browser.</para>
<para>Setting this value to <constant>false</constant> will cause <command>nmbd</command>
<para>Setting this value to <constant>no</constant> will cause <command>nmbd</command>
<emphasis>never</emphasis> to become a local master browser.</para>
<para>Default: <command>local master = yes</command></para>
@ -4324,10 +4292,21 @@
a better algorithm (generates less collisions) in the names.
However, many Win32 applications store the mangled names and so
changing to the new algorithm must not be done
lightly as these applications may break unless reinstalled.
New installations of Samba may set the default to hash2.</para>
<para>Default: <command>mangling method = hash</command></para>
<para>Example: <command>mangling method = hash2</command></para>
lightly as these applications may break unless reinstalled.</para>
<para>Default: <command>mangling method = hash2</command></para>
<para>Example: <command>mangling method = hash</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term><anchor id="MANGLEPREFIX">mangle prefix (G)</term>
<listitem><para> controls the number of prefix
characters from the original name used when generating
the mangled names. A larger value will give a weaker
hash and therefore more name collisions. The minimum
value is 1 and the maximum value is 6.</para>
<para>Default: <command>mangle prefix = 1</command></para>
<para>Example: <command>mangle prefix = 4</command></para>
</listitem>
</varlistentry>
@ -5454,7 +5433,7 @@
if the expect string is a full stop then no string is expected.</para>
<para>If the <link linkend="PAMPASSWORDCHANGE"><parameter>pam
password change</parameter></link> parameter is set to true, the chat pairs
password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs
may be matched in any order, and success is determined by the PAM result,
not any particular output. The \n macro is ignored for PAM conversions.
</para>
@ -5516,7 +5495,7 @@
it.</para>
<para><emphasis>Note</emphasis> that if the <parameter>unix
password sync</parameter> parameter is set to <constant>true
password sync</parameter> parameter is set to <constant>yes
</constant> then this program is called <emphasis>AS ROOT</emphasis>
before the SMB password in the <ulink url="smbpasswd.5.html">smbpasswd(5)
</ulink> file is changed. If this UNIX password change fails, then
@ -5527,7 +5506,7 @@
is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis>
for <emphasis>ALL</emphasis> programs called, and must be examined
for security implications. Note that by default <parameter>unix
password sync</parameter> is set to <constant>false</constant>.</para>
password sync</parameter> is set to <constant>no</constant>.</para>
<para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix
password sync</parameter></link>.</para>
@ -5816,7 +5795,7 @@
url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser
for its workgroup.</para>
<para>If this is set to <constant>true</constant>, on startup, <command>nmbd</command>
<para>If this is set to <constant>yes</constant>, on startup, <command>nmbd</command>
will force an election, and it will have a slight advantage in
winning the election. It is recommended that this parameter is
used in conjunction with <command><link linkend="DOMAINMASTER"><parameter>
@ -5849,7 +5828,7 @@
<varlistentry>
<term><anchor id="PRELOAD">preload</term>
<term><anchor id="PRELOAD">preload (G)</term>
<listitem><para>This is a list of services that you want to be
automatically added to the browse lists. This is most useful
for homes and printers services that would otherwise not be
@ -5990,7 +5969,7 @@
<para>Note that a printable service will ALWAYS allow writing
to the service path (user privileges permitting) via the spooling
of print data. The <link linkend="WRITEABLE"><parameter>writeable
of print data. The <link linkend="READONLY"><parameter>read only
</parameter></link> parameter controls only non-printing access to
the resource.</para>
@ -6356,7 +6335,7 @@
<listitem><para>This is a list of users that are given read-only
access to a service. If the connecting user is in this list then
they will not be given write access, no matter what the <link
linkend="WRITEABLE"><parameter>writeable</parameter></link>
linkend="READONLY"><parameter>read only</parameter></link>
option is set to. The list can include group names using the
syntax described in the <link linkend="INVALIDUSERS"><parameter>
invalid users</parameter></link> parameter.</para>
@ -6375,8 +6354,18 @@
<varlistentry>
<term><anchor id="READONLY">read only (S)</term>
<listitem><para>Note that this is an inverted synonym for <link
linkend="WRITEABLE"><parameter>writeable</parameter></link>.</para>
<listitem><para>An inverted synonym is <link linkend="WRITEABLE">
<parameter>writeable</parameter></link>.</para>
<para>If this parameter is <constant>yes</constant>, then users
of a service may not create or modify files in the service's
directory.</para>
<para>Note that a printable service (<command>printable = yes</command>)
will <emphasis>ALWAYS</emphasis> allow writing to the directory
(user privileges permitting), but only via spooling operations.</para>
<para>Default: <command>read only = yes</command></para>
</listitem>
</varlistentry>
@ -6521,10 +6510,10 @@
<varlistentry>
<term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term>
<listitem><para>This is a boolean parameter. If it is <constant>true</constant>, then
<listitem><para>This is a boolean parameter. If it is <constant>yes</constant>, then
anonymous access to the server will be restricted, namely in the
case where the server is expecting the client to send a username,
but it doesn't. Setting it to <constant>true</constant> will force these anonymous
but it doesn't. Setting it to <constant>yes</constant> will force these anonymous
connections to be denied, and the client will be required to always
supply a username and password when connecting. Use of this parameter
is only recommended for homogeneous NT client environments.</para>
@ -6534,7 +6523,7 @@
likes to use anonymous connections when refreshing the share list,
and this is a way to work around that.</para>
<para>When restrict anonymous is <constant>true</constant>, all anonymous connections
<para>When restrict anonymous is <constant>yes</constant>, all anonymous connections
are denied no matter what they are for. This can effect the ability
of a machine to access the Samba Primary Domain Controller to revalidate
its machine account after someone else has logged on the client
@ -6838,7 +6827,7 @@
url="smbpasswd.8.html">smbpasswd(8)</ulink> has been used to add this
machine into a Windows NT Domain. It expects the <link
linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter>
</link> parameter to be set to <constant>true</constant>. In this
</link> parameter to be set to <constant>yes</constant>. In this
mode Samba will try to validate the username/password by passing
it to a Windows NT Primary or Backup Domain Controller, in exactly
the same way that a Windows NT Server would do.</para>
@ -7257,22 +7246,6 @@
<varlistentry>
<term><anchor id="STATUS">status (G)</term>
<listitem><para>This enables or disables logging of connections
to a status file that <ulink url="smbstatus.1.html">smbstatus(1)</ulink>
can read.</para>
<para>With this disabled <command>smbstatus</command> won't be able
to tell you what connections are active. You should never need to
change this parameter.</para>
<para>Default: <command>status = yes</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term><anchor id="STRICTALLOCATE">strict allocate (S)</term>
<listitem><para>This is a boolean that controls the handling of
@ -7357,10 +7330,10 @@
<term><anchor id="SYNCALWAYS">sync always (S)</term>
<listitem><para>This is a boolean parameter that controls
whether writes will always be written to stable storage before
the write call returns. If this is <constant>false</constant> then the server will be
the write call returns. If this is <constant>no</constant> then the server will be
guided by the client's request in each write call (clients can
set a bit indicating that a particular write should be synchronous).
If this is <constant>true</constant> then every write will be followed by a <command>fsync()
If this is <constant>yes</constant> then every write will be followed by a <command>fsync()
</command> call to ensure the data is written to disk. Note that
the <parameter>strict sync</parameter> parameter must be set to
<constant>yes</constant> in order for this parameter to have
@ -7532,7 +7505,7 @@
<listitem><para>This boolean parameter controls whether Samba
attempts to synchronize the UNIX password with the SMB password
when the encrypted SMB password in the smbpasswd file is changed.
If this is set to <constant>true</constant> the program specified in the <parameter>passwd
If this is set to <constant>yes</constant> the program specified in the <parameter>passwd
program</parameter>parameter is called <emphasis>AS ROOT</emphasis> -
to allow the new UNIX password to be set without access to the
old UNIX password (as the SMB password change code has no
@ -7622,7 +7595,7 @@
<listitem><para>This global parameter determines if the tdb internals of Samba can
depend on mmap working correctly on the running system. Samba requires a coherent
mmap/read-write system memory cache. Currently only HPUX does not have such a
coherent cache, and so this parameter is set to <constant>false</constant> by
coherent cache, and so this parameter is set to <constant>no</constant> by
default on HPUX. On all other systems this parameter should be left alone. This
parameter is provided to help the Samba developers track down problems with
the tdb internal code.
@ -7637,7 +7610,7 @@
<varlistentry>
<term><anchor id="USERHOSTS">use rhosts (G)</term>
<listitem><para>If this global parameter is <constant>true</constant>, it specifies
<listitem><para>If this global parameter is <constant>yes</constant>, it specifies
that the UNIX user's <filename>.rhosts</filename> file in their home directory
will be read to find the names of hosts and users who will be allowed
access without specifying a password.</para>
@ -7852,12 +7825,28 @@
</varlistentry>
<varlistentry>
<term><anchor id="USESENDFILE">use sendfile (S)</term>
<listitem><para>If this parameter is <constant>yes</constant>, and Samba
was built with the --with-sendfile-support option, and the underlying operating
system supports sendfile system call, then some SMB read calls (mainly ReadAndX
and ReadRaw) will use the more efficient sendfile system call for files that
are exclusively oplocked. This may make more efficient use of the system CPU's
and cause Samba to be faster. This is off by default as it's effects are unknown
as yet.
</para>
<para>Default: <command>use sendfile = no</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term><anchor id="UTMP">utmp (G)</term>
<listitem><para>This boolean parameter is only available if
Samba has been configured and compiled with the option <command>
--with-utmp</command>. If set to <constant>true</constant> then Samba will attempt
--with-utmp</command>. If set to <constant>yes</constant> then Samba will attempt
to add utmp or utmpx records (depending on the UNIX system) whenever a
connection is made to a Samba server. Sites may use this to record the
user connecting to a Samba share.</para>
@ -8109,7 +8098,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
<command>getpwent()</command> and
<command>endpwent()</command> group of system calls. If
the <parameter>winbind enum users</parameter> parameter is
false, calls to the <command>getpwent</command> system call
<constant>no</constant>, calls to the <command>getpwent</command> system call
will not return any data. </para>
<para><emphasis>Warning:</emphasis> Turning off user
@ -8131,7 +8120,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
<command>getgrent()</command> and
<command>endgrent()</command> group of system calls. If
the <parameter>winbind enum groups</parameter> parameter is
false, calls to the <command>getgrent()</command> system
<constant>no</constant>, calls to the <command>getgrent()</command> system
call will not return any data. </para>
<para><emphasis>Warning:</emphasis> Turning off group
@ -8199,7 +8188,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
<varlistentry>
<term>winbind use default domain</term>
<term><anchor id="WINBINDUSEDEFAULTDOMAIN">winbind use default domain</term>
<term><anchor id="WINBINDUSEDEFAULTDOMAIN">winbind use default domain (G)</term>
<listitem><para>This parameter specifies whether the <ulink url="winbindd.8.html">
winbindd(8)</ulink>
daemon should operate on users without domain component in their username.
@ -8207,9 +8196,9 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail
function in a way much closer to the way they would in a native unix system.</para>
<para>Default: <command>winbind use default domain = &lt;falseg&gt;
<para>Default: <command>winbind use default domain = &lt;no&gt;
</command></para>
<para>Example: <command>winbind use default domain = true</command></para>
<para>Example: <command>winbind use default domain = yes</command></para>
</listitem>
</varlistentry>
@ -8304,9 +8293,9 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
<term><anchor id="WINSSUPPORT">wins support (G)</term>
<listitem><para>This boolean controls if the <ulink url="nmbd.8.html">
nmbd(8)</ulink> process in Samba will act as a WINS server. You should
not set this to <constant>true</constant> unless you have a multi-subnetted network and
not set this to <constant>yes</constant> unless you have a multi-subnetted network and
you wish a particular <command>nmbd</command> to be your WINS server.
Note that you should <emphasis>NEVER</emphasis> set this to <constant>true</constant>
Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant>
on more than one machine in your network.</para>
<para>Default: <command>wins support = no</command></para>
@ -8377,7 +8366,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
<listitem><para>This is a list of users that are given read-write
access to a service. If the connecting user is in this list then
they will be given write access, no matter what the <link
linkend="WRITEABLE"><parameter>writeable</parameter></link>
linkend="READONLY"><parameter>read only</parameter></link>
option is set to. The list can include group names using the
@group syntax.</para>
@ -8415,8 +8404,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
<varlistentry>
<term><anchor id="WRITEOK">write ok (S)</term>
<listitem><para>Synonym for <link linkend="WRITEABLE"><parameter>
writeable</parameter></link>.</para>
<listitem><para>Inverted synonym for <link linkend="READONLY"><parameter>
read only</parameter></link>.</para>
</listitem>
</varlistentry>
@ -8436,18 +8425,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
<varlistentry>
<term><anchor id="WRITEABLE">writeable (S)</term>
<listitem><para>An inverted synonym is <link linkend="READONLY">
<parameter>read only</parameter></link>.</para>
<para>If this parameter is <constant>no</constant>, then users
of a service may not create or modify files in the service's
directory.</para>
<para>Note that a printable service (<command>printable = yes</command>)
will <emphasis>ALWAYS</emphasis> allow writing to the directory
(user privileges permitting), but only via spooling operations.</para>
<para>Default: <command>writeable = no</command></para>
<listitem><para>Inverted synonym for <link linkend="READONLY"><parameter>
read only</parameter></link>.</para>
</listitem>
</varlistentry>
@ -8481,7 +8460,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>

2
docs/docbook/manpages/smbpasswd.5.sgml
View File

@ -172,7 +172,7 @@
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>

31
docs/docbook/manpages/winbindd.8.sgml
View File

@ -17,8 +17,10 @@
<cmdsynopsis>
<command>winbindd</command>
<arg choice="opt">-i</arg>
<arg choice="opt">-B</arg>
<arg choice="opt">-d &lt;debug level&gt;</arg>
<arg choice="opt">-s &lt;smb config file&gt;</arg>
<arg choice="opt">-n</arg>
</cmdsynopsis>
</refsynopsisdiv>
@ -118,6 +120,33 @@ group: files winbind
option is used by developers when interactive debugging
of <command>winbindd</command> is required. </para></listitem>
</varlistentry>
<varlistentry>
<term>-n</term>
<listitem><para>Disable caching. This means winbindd will
always have to wait for a response from the domain controller
before it can respond to a client and this thus makes things
slower. The results will however be more accurate, since
results from the cache might not be up-to-date. This
might also temporarily hang winbindd if the DC doesn't respond.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-B</term>
<listitem><para>Dual daemon mode. This means winbindd will run
as 2 threads. The first will answer all requests from the cache,
thus making responses to clients faster. The other will
update the cache for the query that the first has just responded.
Advantage of this is that responses are accurate and fast.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-s|--conf=smb.conf</term>
<listitem><para>Specifies the location of the all-important
<filename>smb.conf</filename> file. </para></listitem>
</varlistentry>
</variablelist>
</refsect1>
@ -368,7 +397,7 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>

6
docs/docbook/projdoc/Diagnosis.sgml
View File

@ -446,6 +446,12 @@ username corresponding to the password you typed. If you find this
fixes things you may need the username mapping option.
</para>
<para>
It might also be the case that your client only sends encrypted passwords
and you have <command>encrypt passwords = no</command> in <filename>smb.conf</filename>.
Turn it back on to fix.
</para>
</sect2>
<sect2>

29
docs/docbook/projdoc/Portability.sgml
View File

@ -36,6 +36,12 @@ allowed range.
<para>This is documented in the HP manual pages under setgroups(2) and passwd(4).
</para>
<para>
On HPUX you must use gcc or the HP Ansi compiler. The free compiler
that comes with HP-UX is not Ansi compliant and cannot compile
Samba.
</para>
</sect1>
<sect1>
@ -145,4 +151,27 @@ You should then remove the line:
<para>from the DNIX section of <filename>includes.h</filename></para>
</sect1>
<sect1>
<title>RedHat Linux Rembrandt-II</title>
<para>
By default RedHat Rembrandt-II during installation adds an
entry to /etc/hosts as follows:
<programlisting>
127.0.0.1 loopback "hostname"."domainname"
</programlisting>
</para>
<para>
This causes Samba to loop back onto the loopback interface.
The result is that Samba fails to communicate correctly with
the world and therefor may fail to correctly negotiate who
is the master browse list holder and who is the master browser.
</para>
<para>
Corrective Action: Delete the entry after the word loopback
in the line starting 127.0.0.1
</para>
</chapter>

6
docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
View File

@ -341,6 +341,12 @@ nickname"</replaceable> -s /bin/false <replaceable>machine_name</replaceable>$ <
<prompt>root# </prompt><command>passwd -l <replaceable>machine_name</replaceable>$</command>
</para>
<para>On *BSD systems, this can be done using the 'chpass' utility:</para>
<para>
<prompt>root# </prompt><command>chpass -a "<replaceable>machine_name</replaceable>$:*:101:100::0:0:Workstation <replaceable>machine_name</replaceable>:/dev/null:/sbin/nologin"</command>
</para>
<para>
The <filename>/etc/passwd</filename> entry will list the machine name
with a "$" appended, won't have a password, will have a null shell and no

12
docs/docbook/projdoc/samba-doc.sgml
View File

@ -18,12 +18,14 @@
<!ENTITY SECURITY-LEVEL SYSTEM "security_level.sgml">
<!ENTITY SPEED SYSTEM "Speed.sgml">
<!ENTITY BROWSING SYSTEM "Browsing.sgml">
<!ENTITY BROWSING-Quick SYSTEM "Browsing-Quickguide.sgml">
<!ENTITY GROUP-MAPPING-HOWTO SYSTEM "GROUP-MAPPING-HOWTO.sgml">
<!ENTITY Portability SYSTEM "Portability.sgml">
<!ENTITY Other-Clients SYSTEM "Other-Clients.sgml">
<!ENTITY ADS-HOWTO SYSTEM "ADS-HOWTO.sgml">
]>
<book id="Samba-Project-Documentation">
<book id="Samba-HOWTO-Collection">
<title>SAMBA Project Documentation</title>
@ -65,7 +67,6 @@ Cheers, jerry
<!-- Chapters -->
&UNIX-INSTALL;
&Diagnosis;
&IntegratingWithWindows;
&Samba-PAM;
&MS-Dfs-Setup;
@ -78,12 +79,17 @@ Cheers, jerry
&Samba-PDC-HOWTO;
&Samba-BDC-HOWTO;
&Samba-LDAP;
&ADS-HOWTO;
&BROWSING;
&BROWSING-Quick;
&SPEED;
&Other-Clients;
&CVS-Access;
&BUGS;
&GROUP-MAPPING-HOWTO;
<!-- Appendices -->
&Portability;
&Other-Clients;
&Diagnosis;
</book>

2
docs/docbook/samba.dsl
View File

@ -34,6 +34,7 @@
(normalize "reference")
(normalize "refentry")
(normalize "part")
; We would like to split up in chapters, not in sect1's...
; (normalize "sect1")
(normalize "section")
(normalize "book") ;; just in case nothing else matches...
@ -44,7 +45,6 @@
(define %section-autolabel% #t)
(define (toc-depth nd) 3)
(define %root-filename% "Samba-HOWTO") ;; name for the root html file
(define %html-ext% ".html") ;; default extension for html output files
(define %html-prefix% "") ;; prefix for all filenames generated (except root)
(define %use-id-as-filename% #t)

8
docs/faq/README
View File

@ -1,8 +0,0 @@
This directory contains the old Samba FAQ.
It is now horribly outdated and unmaintained.
It is being left here in case there is some
useful information within.
--jerry@samba.org

77
docs/faq/Samba-Server-FAQ-1.html
View File

@ -1,77 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba Server FAQ: What is Samba?</TITLE>
</HEAD>
<BODY>
Previous
<A HREF="Samba-Server-FAQ-2.html">Next</A>
<A HREF="Samba-Server-FAQ.html#toc1">Table of Contents</A>
<HR>
<H2><A NAME="s1">1. What is Samba?</A></H2>
<P>
<A NAME="WhatIsSamba"></A>
</P>
<P>See the
<A HREF="Samba-meta-FAQ.html#introduction">meta FAQ introduction</A> if you don't have any idea what Samba does.</P>
<P>Samba has many features that are not supported in other CIFS and SMB
implementations, all of which are commercial. It approaches some
problems from a different angle.</P>
<P>Some of its features include:
<UL>
<LI>extremely dynamic runtime configuration</LI>
<LI>host as well as username/password security</LI>
<LI>scriptable SMB client</LI>
<LI>automatic home directory exporting</LI>
<LI>automatic printer exporting</LI>
<LI>intelligent dead connection timeouts</LI>
<LI>guest connections</LI>
</UL>
</P>
<P>Look at the
<A HREF="samba-man-index.html">manual pages</A> included with the package for a full list of
features. The components of the suite are (in summary):</P>
<P>
<DL>
<DT><B>smbd</B><DD><P>the SMB server. This handles actual connections from clients,
doing all the interfacing with the
<A HREF="Samba-meta-FAQ.html#DomainModeSecurity">authentication database</A> for file, permission and username work.</P>
<DT><B>nmbd</B><DD><P>the NetBIOS name server, which helps clients locate servers,
maintaining the
<A HREF="Samba-meta-FAQ.html#BrowseAndDomainDefs">authentication database</A> doing the browsing work and managing
domains as this capability is being built into Samba.</P>
<DT><B>smbclient</B><DD><P>the scriptable commandline SMB client program.
Useful for automated work, printer filters and testing purposes. It is
more CIFS-compliant than most commercial implementations. Note that this
is not a filesystem. The Samba team does not supply a network filesystem
driver, although the smbfs filesystem for Linux is derived from
smbclient code.</P>
<DT><B>smbrun</B><DD><P>a little 'glue' program to help the server run
external programs.</P>
<DT><B>testprns</B><DD><P>a program to test server access to printers</P>
<DT><B>testparms</B><DD><P>a program to test the Samba configuration file
for correctness</P>
<DT><B>smb.conf</B><DD><P>the Samba configuration file</P>
<DT><B>examples</B><DD><P>many examples have been put together for the different
operating systems that Samba supports.</P>
<DT><B>Documentation!</B><DD><P>DON'T neglect to read it - you will save a great
deal of time!</P>
</DL>
</P>
<HR>
Previous
<A HREF="Samba-Server-FAQ-2.html">Next</A>
<A HREF="Samba-Server-FAQ.html#toc1">Table of Contents</A>
</BODY>
</HTML>

500
docs/faq/Samba-Server-FAQ-2.html
View File

@ -1,500 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba Server FAQ: How do I get the CIFS, SMB and NetBIOS protocols?</TITLE>
</HEAD>
<BODY>
<A HREF="Samba-Server-FAQ-1.html">Previous</A>
Next
<A HREF="Samba-Server-FAQ.html#toc2">Table of Contents</A>
<HR>
<H2><A NAME="s2">2. How do I get the CIFS, SMB and NetBIOS protocols?</A></H2>
<P>
<A NAME="ServerProtocols"></A>
</P>
<P>See the
<A HREF="Samba-meta-FAQ.html#CifsSmb">meta FAQ on CIFS and SMB</A> if you don't have any idea what these protocols are.</P>
<P>CIFS and SMB are implemented by the main Samba fileserving daemon, smbd.
<F>.....</F></P>
<P>nmbd speaks a limited amount of CIFS (...) but is mostly concerned with
NetBIOS. NetBIOS is <F>....</F></P>
<P>RFC1001, RFC1002 <F>...</F></P>
<P>So, provided you have got Samba correctly installed and running you have
all three of these protocols. Some operating systems already come with
stacks for all or some of these, such as SCO Unix, OS/2 and <F>...</F> In this
case you must <F>...</F></P>
<H2><A NAME="ss2.1">2.1 What server operating systems are supported?</A></H2>
<P>
<A NAME="PortInfo"></A>
</P>
<P>At the last count, Samba runs on about 40 operating systems! This
section looks at general questions about running Samba on the different
platforms. Issues specific to particular operating systems are dealt
with in elsewhere in this document.</P>
<P>Many of the ports have been done by people outside the Samba team keen
to get the advantages of Samba. The Samba team is currently trying to
bring as many of these ports as possible into the main source tree and
integrate the documentation. Samba is an integration tool, and so it has
been made as easy as possible to port. The platforms most widely used
and thus best tested are Linux and SunOS.</P>
<P>This migration has not been completed yet. This means that some
documentation is on web sites <F>...</F></P>
<P>There are two main families of Samba ports, Unix and other. The Unix
ports cover anything that remotely resembles Unix and includes some
extremely old products as well as best-sellers, tiny PCs to massive
multiprocessor machines supporting hundreds of thousands of users. Samba
has been run on more than 30 Unix and Unix-like operating systems.</P>
<H3>Running Samba on a Unix or Unix-like system</H3>
<P>
<A NAME="OnUnix"></A>
</P>
<P>
<A HREF="../UNIX-SMB.txt">../UNIX-SMB.txt</A> describes some of the issues that confront a
SMB implementation on unix, and how Samba copes with them. They may help
people who are looking at unix<->PC interoperability.</P>
<P>There is great variation between Unix implementations, especially those
not adhering to the Common Unix Specification agreed to in 1996. Things
that can be quite tricky are <F>.....</F></P>
<P>There are also some considerable advantages conferred on Samba running
under Unix compared to, say, Windows NT or LAN Server. Unix has <F>...</F></P>
<P>At time of writing, the Makefile claimed support for:
<UL>
<LI> A/UX 3.0</LI>
<LI> AIX</LI>
<LI> Altos Series 386/1000</LI>
<LI> Amiga</LI>
<LI> Apollo Domain/OS sr10.3</LI>
<LI> BSDI </LI>
<LI> B.O.S. (Bull Operating System)</LI>
<LI> Cray, Unicos 8.0</LI>
<LI> Convex</LI>
<LI> DGUX. </LI>
<LI> DNIX.</LI>
<LI> FreeBSD</LI>
<LI> HP-UX</LI>
<LI> Intergraph. </LI>
<LI> Linux with/without shadow passwords and quota</LI>
<LI> LYNX 2.3.0</LI>
<LI> MachTen (a unix like system for Macintoshes)</LI>
<LI> Motorola 88xxx/9xx range of machines</LI>
<LI> NetBSD</LI>
<LI> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</LI>
<LI> OS/2 using EMX 0.9b</LI>
<LI> OSF1</LI>
<LI> QNX 4.22</LI>
<LI> RiscIX. </LI>
<LI> RISCOs 5.0B</LI>
<LI> SEQUENT. </LI>
<LI> SCO (including: 3.2v2, European dist., OpenServer 5)</LI>
<LI> SGI.</LI>
<LI> SMP_DC.OSx v1.1-94c079 on Pyramid S series</LI>
<LI> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</LI>
<LI> SUNOS 4</LI>
<LI> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</LI>
<LI> Sunsoft ISC SVR3V4</LI>
<LI> SVR4</LI>
<LI> System V with some berkely extensions (Motorola 88k R32V3.2).</LI>
<LI> ULTRIX.</LI>
<LI> UNIXWARE</LI>
<LI> UXP/DS</LI>
</UL>
</P>
<H3>Running Samba on systems unlike Unix</H3>
<P>
<A NAME="OnUnlikeUnix"></A>
</P>
<P>More recently Samba has been ported to a number of operating systems
which can provide a BSD Unix-like implementation of TCP/IP sockets.
These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS,
Windows NT and several others are being worked on but not yet available
for use.</P>
<P>Home pages for these ports are:</P>
<P><F>... </F></P>
<H2><A NAME="ss2.2">2.2 Exporting server resources with Samba</A></H2>
<P>
<A NAME="Exporting"></A>
</P>
<P>Files, printers, CD ROMs and other local devices. Network devices,
including networked filesystems and remote printer queues. Other devices
such as <F>....</F></P>
<P>1.4) Configuring SHARES
1.4.1) Homes service
1.4.2) Public services
1.4.3) Application serving
1.4.4) Team sharing a Samba resource</P>
<P>1.5) Printer configuration
1.5.1) Berkeley LPR/LPD systems
1.5.2) ATT SysV lp systems
1.5.3) Using a private printcap file
1.5.4) Use of the smbprint utility
1.5.5) Printing from Windows to Unix
1.5.6) Printing from Unix to Windows</P>
<H2><A NAME="ss2.3">2.3 Name Resolution and Browsing</A></H2>
<P>
<A NAME="NameBrowsing"></A>
</P>
<P>See also
<A HREF="../BROWSING.txt">../BROWSING.txt</A></P>
<P>1.6) Name resolution issues
1.6.1) LMHOSTS file and when to use it
1.6.2) configuring WINS (support, server, proxy)
1.6.3) configuring DNS proxy</P>
<P>1.7) Problem Diagnosis
1.8) What NOT to do!!!!</P>
<P>3.2) Browse list managment
3.3) Name resolution mangement</P>
<H2><A NAME="ss2.4">2.4 Handling SMB Encryption</A></H2>
<P>
<A NAME="SMBEncryptionSteps"></A>
</P>
<P>SMB encryption is ...</P>
<P>...in
<A HREF="../ENCRYPTION.txt">../ENCRYPTION.txt</A> there is...</P>
<P>Samba compiled with libdes - enabling encrypted passwords</P>
<H3>Laws in different countries affecting Samba</H3>
<P>
<A NAME="CryptoLaws"></A>
</P>
<H3>Relationship between encryption and Domain Authentication</H3>
<H2><A NAME="ss2.5">2.5 Files and record locking</A> 3.1.1) Old DOS clients 3.1.2) Opportunistic locking and the consequences 3.1.3) Files caching under Windows for Workgroups, Win95 and NT Some of the foregoing links into Client-FAQ</H2>
<H2><A NAME="ss2.6">2.6 Managing Samba Log files</A></H2>
<P>
<A NAME="LogFiles"></A>
</P>
<H2><A NAME="ss2.7">2.7 I can't see the Samba server in any browse lists!</A></H2>
<P>
<A NAME="no_browse"></A>
See
<A HREF="ftp://samba.org/pub/samba/BROWSING.txt">BROWSING.txt</A>
for more information on browsing. Browsing.txt can also be found
in the docs directory of the Samba source.</P>
<P>If your GUI client does not permit you to select non-browsable
servers, you may need to do so on the command line. For example, under
Lan Manager you might connect to the above service as disk drive M:
thusly:
<BLOCKQUOTE><CODE>
<PRE>
net use M: \\mary\fred
</PRE>
</CODE></BLOCKQUOTE>
The details of how to do this and the specific syntax varies from
client to client - check your client's documentation.</P>
<H2><A NAME="ss2.8">2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A></H2>
<P>
<A NAME="missing_files"></A>
See the next question.</P>
<H2><A NAME="ss2.9">2.9 Some files on the server show up with really wierd filenames when I view the files from my client! </A></H2>
<P>
<A NAME="strange_filenames"></A>
If you check what files are not showing up, you will note that they
are files which contain upper case letters or which are otherwise not
DOS-compatible (ie, they are not legal DOS filenames for some reason).</P>
<P>The Samba server can be configured either to ignore such files
completely, or to present them to the client in "mangled" form. If you
are not seeing the files at all, the Samba server has most likely been
configured to ignore them. Consult the man page smb.conf(5) for
details of how to change this - the parameter you need to set is
"mangled names = yes".</P>
<H2><A NAME="ss2.10">2.10 My client reports "cannot locate specified computer" or similar</A></H2>
<P>
<A NAME="cant_see_server"></A>
This indicates one of three things: You supplied an incorrect server
name, the underlying TCP/IP layer is not working correctly, or the
name you specified cannot be resolved.</P>
<P>After carefully checking that the name you typed is the name you
should have typed, try doing things like pinging a host or telnetting
to somewhere on your network to see if TCP/IP is functioning OK. If it
is, the problem is most likely name resolution.</P>
<P>If your client has a facility to do so, hardcode a mapping between the
hosts IP and the name you want to use. For example, with Man Manager
or Windows for Workgroups you would put a suitable entry in the file
LMHOSTS. If this works, the problem is in the communication between
your client and the netbios name server. If it does not work, then
there is something fundamental wrong with your naming and the solution
is beyond the scope of this document.</P>
<P>If you do not have any server on your subnet supplying netbios name
resolution, hardcoded mappings are your only option. If you DO have a
netbios name server running (such as the Samba suite's nmbd program),
the problem probably lies in the way it is set up. Refer to Section
Two of this FAQ for more ideas.</P>
<P>By the way, remember to REMOVE the hardcoded mapping before further
tests :-) </P>
<H2><A NAME="ss2.11">2.11 My client reports "cannot locate specified share name" or similar</A></H2>
<P>
<A NAME="cant_see_share"></A>
This message indicates that your client CAN locate the specified
server, which is a good start, but that it cannot find a service of
the name you gave.</P>
<P>The first step is to check the exact name of the service you are
trying to connect to (consult your system administrator). Assuming it
exists and you specified it correctly (read your client's doco on how
to specify a service name correctly), read on:</P>
<P>
<UL>
<LI> Many clients cannot accept or use service names longer than eight characters.</LI>
<LI> Many clients cannot accept or use service names containing spaces.</LI>
<LI> Some servers (not Samba though) are case sensitive with service names.</LI>
<LI> Some clients force service names into upper case.</LI>
</UL>
</P>
<H2><A NAME="ss2.12">2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A></H2>
<P>
<A NAME="cant_see_net"></A>
Nothing is wrong - Samba does not implement the primary domain name
controller stuff for several reasons, including the fact that the
whole concept of a primary domain controller and "logging in to a
network" doesn't fit well with clients possibly running on multiuser
machines (such as users of smbclient under Unix). Having said that,
several developers are working hard on building it in to the next
major version of Samba. If you can contribute, send a message to
<A HREF="mailto:samba@samba.org">samba@samba.org</A> !</P>
<P>Seeing this message should not affect your ability to mount redirected
disks and printers, which is really what all this is about.</P>
<P>For many clients (including Windows for Workgroups and Lan Manager),
setting the domain to STANDALONE at least gets rid of the message.</P>
<H2><A NAME="ss2.13">2.13 Printing doesn't work :-(</A></H2>
<P>
<A NAME="no_printing"></A>
</P>
<P>Make sure that the specified print command for the service you are
connecting to is correct and that it has a fully-qualified path (eg.,
use "/usr/bin/lpr" rather than just "lpr", if you happen to be using
Unix).</P>
<P>Make sure that the spool directory specified for the service is
writable by the user connected to the service. </P>
<P>Make sure that the user specified in the service is permitted to use
the printer.</P>
<P>Check the debug log produced by smbd. Search for the printer name and
see if the log turns up any clues. Note that error messages to do with
a service ipc$ are meaningless - they relate to the way the client
attempts to retrieve status information when using the LANMAN1
protocol.</P>
<P>If using WfWg then you need to set the default protocol to TCP/IP, not
Netbeui. This is a WfWg bug.</P>
<P>If using the Lanman1 protocol (the default) then try switching to
coreplus. Also not that print status error messages don't mean
printing won't work. The print status is received by a different
mechanism.</P>
<H2><A NAME="ss2.14">2.14 My programs install on the server OK, but refuse to work properly</A></H2>
<P>
<A NAME="programs_wont_run"></A>
There are numerous possible reasons for this, but one MAJOR
possibility is that your software uses locking. Make sure you are
using Samba 1.6.11 or later. It may also be possible to work around
the problem by setting "locking=no" in the Samba configuration file
for the service the software is installed on. This should be regarded
as a strictly temporary solution.</P>
<P>In earlier Samba versions there were some difficulties with the very
latest Microsoft products, particularly Excel 5 and Word for Windows
6. These should have all been solved. If not then please let Andrew
Tridgell know via email at
<A HREF="mailto:sambas@samba.org">samba@samba.org</A>.</P>
<H2><A NAME="ss2.15">2.15 My "server string" doesn't seem to be recognised</A></H2>
<P>
<A NAME="bad_server_string"></A>
OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
of what I have changed it to in the smb.conf file.</P>
<P>You need to use the -C option in nmbd. The "server string" affects
what smbd puts out and -C affects what nmbd puts out.</P>
<P>Current versions of Samba (1.9.16 +) have combined these options into
the "server string" field of smb.conf, -C for nmbd is now obsolete.</P>
<H2><A NAME="ss2.16">2.16 My client reports "This server is not configured to list shared resources" </A></H2>
<P>
<A NAME="cant_list_shares"></A>
Your guest account is probably invalid for some reason. Samba uses the
guest account for browsing in smbd. Check that your guest account is
valid.</P>
<P>See also 'guest account' in smb.conf man page.</P>
<H2><A NAME="ss2.17">2.17 Issues specific to Unix and Unix-like systems</A></H2>
<P>
<A NAME="UnixIssues"></A>
</P>
<H3>Printing doesn't work with my Unix Samba server</H3>
<P>
<A NAME="no_printing"></A>
</P>
<P>The user "nobody" often has problems with printing, even if it worked
with an earlier version of Samba. Try creating another guest user other
than "nobody".</P>
<H3>Log message "you appear to have a trapdoor uid system" </H3>
<P>
<A NAME="trapdoor_uid"></A>
This can have several causes. It might be because you are using a uid
or gid of 65535 or -1. This is a VERY bad idea, and is a big security
hole. Check carefully in your /etc/passwd file and make sure that no
user has uid 65535 or -1. Especially check the "nobody" user, as many
broken systems are shipped with nobody setup with a uid of 65535.</P>
<P>It might also mean that your OS has a trapdoor uid/gid system :-)</P>
<P>This means that once a process changes effective uid from root to
another user it can't go back to root. Unfortunately Samba relies on
being able to change effective uid from root to non-root and back
again to implement its security policy. If your OS has a trapdoor uid
system this won't work, and several things in Samba may break. Less
things will break if you use user or server level security instead of
the default share level security, but you may still strike
problems.</P>
<P>The problems don't give rise to any security holes, so don't panic,
but it does mean some of Samba's capabilities will be unavailable.
In particular you will not be able to connect to the Samba server as
two different uids at once. This may happen if you try to print as a
"guest" while accessing a share as a normal user. It may also affect
your ability to list the available shares as this is normally done as
the guest user.</P>
<P>Complain to your OS vendor and ask them to fix their system.</P>
<P>Note: the reason why 65535 is a VERY bad choice of uid and gid is that
it casts to -1 as a uid, and the setreuid() system call ignores (with
no error) uid changes to -1. This means any daemon attempting to run
as uid 65535 will actually run as root. This is not good!</P>
<H2><A NAME="ss2.18">2.18 Issues specific to IBM OS/2 systems</A></H2>
<P>
<A NAME="OS2Issues"></A>
</P>
<P>
<A HREF="http://carol.wins.uva.nl/~leeuw/samba/samba2.html">Samba for OS/2</A></P>
<H2><A NAME="ss2.19">2.19 Issues specific to IBM MVS systems</A></H2>
<P>
<A NAME="MVSIssues"></A>
</P>
<P>
<A HREF="ftp://ftp.mks.com/pub/samba/">Samba for OS/390 MVS</A></P>
<H2><A NAME="ss2.20">2.20 Issues specific to Digital VMS systems</A></H2>
<P>
<A NAME="VMSIssues"></A>
</P>
<H2><A NAME="ss2.21">2.21 Issues specific to Amiga systems</A></H2>
<P>
<A NAME="AmigaIssues"></A>
</P>
<P>
<A HREF="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/">Samba for Amiga</A></P>
<P>There is a mailing list for Samba on the Amiga.</P>
<P>Subscribing.</P>
<P>Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe
in the message. The list server will use the address in the Reply-To: or
From: header field, in that order.</P>
<P>Unsubscribing.</P>
<P>Send an email to rask-samba-request@kampsax.dtu.dk with the word
unsubscribe in the message. The list server will use the address in the
Reply-To: or From: header field, in that order. If you are unsure which
address you are subscribed with, look at the headers. You should see a
"From " (no colon) or Return-Path: header looking something like</P>
<P>rask-samba-owner-myname=my.domain@kampsax.dtu.dk</P>
<P>where myname=my.domain gives you the address myname@my.domain. This also
means that I will always be able to find out which address is causing
bounces, for example.
List archive.</P>
<P>Messages sent to the list are archived in HTML. See the mailing list home
page at
<A HREF="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/">http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/</A></P>
<H2><A NAME="ss2.22">2.22 Issues specific to Novell IntraNetware systems</A></H2>
<P>
<A NAME="NetwareIssues"></A>
</P>
<H2><A NAME="ss2.23">2.23 Issues specific to Stratus VOS systems</A></H2>
<P>
<A NAME="NetwareIssues"></A>
</P>
<P>
<A HREF="ftp://ftp.stratus.com/pub/vos/tools/">Samba for Stratus VOS</A></P>
<HR>
<A HREF="Samba-Server-FAQ-1.html">Previous</A>
Next
<A HREF="Samba-Server-FAQ.html#toc2">Table of Contents</A>
</BODY>
</HTML>

88
docs/faq/Samba-Server-FAQ.html
View File

@ -1,88 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba Server FAQ</TITLE>
</HEAD>
<BODY>
Previous
<A HREF="Samba-Server-FAQ-1.html">Next</A>
Table of Contents
<HR>
<H1> Samba Server FAQ</H1>
<H2>Dan Shearer & Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.3, 7 Oct '97
<P><HR><EM> This is the <EM>Server</EM> Frequently Asked Questions (FAQ)
document for Samba, the free and very popular SMB and CIFS server
product. A general
<A HREF="Samba-meta-FAQ.html">meta FAQ</A>
exists and also a companion
<A HREF="Samba-Client-FAQ.html">Client FAQ</A>, together with more detailed HOWTO documents on
topics to do with Samba software. This is current to Samba version
1.9.17. Please send any corrections to the author. </EM><HR></P>
<P>
<H2><A NAME="toc1">1.</A> <A HREF="Samba-Server-FAQ-1.html">What is Samba?</A></H2>
<P>
<H2><A NAME="toc2">2.</A> <A HREF="Samba-Server-FAQ-2.html">How do I get the CIFS, SMB and NetBIOS protocols?</A></H2>
<UL>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.1">2.1 What server operating systems are supported?</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.2">2.2 Exporting server resources with Samba</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.3">2.3 Name Resolution and Browsing</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.4">2.4 Handling SMB Encryption</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.5">2.5 Files and record locking</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.6">2.6 Managing Samba Log files</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.7">2.7 I can't see the Samba server in any browse lists!</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.8">2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.9">2.9 Some files on the server show up with really wierd filenames when I view the files from my client! </A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.10">2.10 My client reports "cannot locate specified computer" or similar</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.11">2.11 My client reports "cannot locate specified share name" or similar</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.12">2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.13">2.13 Printing doesn't work :-(</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.14">2.14 My programs install on the server OK, but refuse to work properly</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.15">2.15 My "server string" doesn't seem to be recognised</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.16">2.16 My client reports "This server is not configured to list shared resources" </A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.17">2.17 Issues specific to Unix and Unix-like systems</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.18">2.18 Issues specific to IBM OS/2 systems</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.19">2.19 Issues specific to IBM MVS systems</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.20">2.20 Issues specific to Digital VMS systems</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.21">2.21 Issues specific to Amiga systems</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.22">2.22 Issues specific to Novell IntraNetware systems</A>
<LI><A HREF="Samba-Server-FAQ-2.html#ss2.23">2.23 Issues specific to Stratus VOS systems</A>
</UL>
<HR>
Previous
<A HREF="Samba-Server-FAQ-1.html">Next</A>
Table of Contents
</BODY>
</HTML>

407
docs/faq/Samba-Server-FAQ.sgml
View File

@ -1,407 +0,0 @@
<!doctype linuxdoc system> <!-- -*- SGML -*- -->
<!--
v 0.1 23 Aug 1997 Dan Shearer
Original Samba-Client-FAQ.sgml from Paul's sambafaq.sgml
v 0.2 25 Aug 1997 Dan
v 0.3 7 Oct 1997 Paul, changed email address from ictinus@lake... to ictinus@samba.anu
-->
<article>
<title> Samba Server FAQ
<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt>
<date>v 0.3, 7 Oct '97
<abstract> This is the <em>Server</em> Frequently Asked Questions (FAQ)
document for Samba, the free and very popular SMB and CIFS server
product. A general <url url="Samba-meta-FAQ.html" name="meta FAQ">
exists and also a companion <url url="Samba-Client-FAQ.html"
name="Client FAQ">, together with more detailed HOWTO documents on
topics to do with Samba software. This is current to Samba version
1.9.17. Please send any corrections to the author.
</abstract>
<toc>
<sect>What is Samba?<p><label id="WhatIsSamba">
See the <url url="Samba-meta-FAQ.html#introduction" name="meta FAQ
introduction"> if you don't have any idea what Samba does.
Samba has many features that are not supported in other CIFS and SMB
implementations, all of which are commercial. It approaches some
problems from a different angle.
Some of its features include:
<itemize>
<item>extremely dynamic runtime configuration
<item>host as well as username/password security
<item>scriptable SMB client
<item>automatic home directory exporting
<item>automatic printer exporting
<item>intelligent dead connection timeouts
<item>guest connections
</itemize>
Look at the <url url="samba-man-index.html" name="manual pages"> included with the package for a full list of
features. The components of the suite are (in summary):
<descrip>
<tag/smbd/ the SMB server. This handles actual connections from clients,
doing all the interfacing with the <url
url="Samba-meta-FAQ.html#DomainModeSecurity" name="authentication
database"> for file, permission and username work.
<tag/nmbd/ the NetBIOS name server, which helps clients locate servers,
maintaining the <url url="Samba-meta-FAQ.html#BrowseAndDomainDefs"
name="authentication database"> doing the browsing work and managing
domains as this capability is being built into Samba.
<tag/smbclient/ the scriptable commandline SMB client program.
Useful for automated work, printer filters and testing purposes. It is
more CIFS-compliant than most commercial implementations. Note that this
is not a filesystem. The Samba team does not supply a network filesystem
driver, although the smbfs filesystem for Linux is derived from
smbclient code.
<tag/smbrun/ a little 'glue' program to help the server run
external programs.
<tag/testprns/ a program to test server access to printers
<tag/testparms/ a program to test the Samba configuration file
for correctness
<tag/smb.conf/ the Samba configuration file
<tag/examples/ many examples have been put together for the different
operating systems that Samba supports.
<tag/Documentation!/ DON'T neglect to read it - you will save a great
deal of time!
</descrip>
<sect>How do I get the CIFS, SMB and NetBIOS protocols?<p><label id="ServerProtocols">
See the <url url="Samba-meta-FAQ.html#CifsSmb" name="meta FAQ
on CIFS and SMB"> if you don't have any idea what these protocols are.
CIFS and SMB are implemented by the main Samba fileserving daemon, smbd.
[.....]
nmbd speaks a limited amount of CIFS (...) but is mostly concerned with
NetBIOS. NetBIOS is [....]
RFC1001, RFC1002 [...]
So, provided you have got Samba correctly installed and running you have
all three of these protocols. Some operating systems already come with
stacks for all or some of these, such as SCO Unix, OS/2 and [...] In this
case you must [...]
<sect1>What server operating systems are supported?<p><label id="PortInfo">
At the last count, Samba runs on about 40 operating systems! This
section looks at general questions about running Samba on the different
platforms. Issues specific to particular operating systems are dealt
with in elsewhere in this document.
Many of the ports have been done by people outside the Samba team keen
to get the advantages of Samba. The Samba team is currently trying to
bring as many of these ports as possible into the main source tree and
integrate the documentation. Samba is an integration tool, and so it has
been made as easy as possible to port. The platforms most widely used
and thus best tested are Linux and SunOS.
This migration has not been completed yet. This means that some
documentation is on web sites [...]
There are two main families of Samba ports, Unix and other. The Unix
ports cover anything that remotely resembles Unix and includes some
extremely old products as well as best-sellers, tiny PCs to massive
multiprocessor machines supporting hundreds of thousands of users. Samba
has been run on more than 30 Unix and Unix-like operating systems.
<sect2>Running Samba on a Unix or Unix-like system<p><label id="OnUnix">
<url url="../UNIX-SMB.txt"> describes some of the issues that confront a
SMB implementation on unix, and how Samba copes with them. They may help
people who are looking at unix<->PC interoperability.
There is great variation between Unix implementations, especially those
not adhering to the Common Unix Specification agreed to in 1996. Things
that can be quite tricky are [.....]
There are also some considerable advantages conferred on Samba running
under Unix compared to, say, Windows NT or LAN Server. Unix has [...]
At time of writing, the Makefile claimed support for:
<itemize>
<item> A/UX 3.0
<item> AIX
<item> Altos Series 386/1000
<item> Amiga
<item> Apollo Domain/OS sr10.3
<item> BSDI
<item> B.O.S. (Bull Operating System)
<item> Cray, Unicos 8.0
<item> Convex
<item> DGUX.
<item> DNIX.
<item> FreeBSD
<item> HP-UX
<item> Intergraph.
<item> Linux with/without shadow passwords and quota
<item> LYNX 2.3.0
<item> MachTen (a unix like system for Macintoshes)
<item> Motorola 88xxx/9xx range of machines
<item> NetBSD
<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
<item> OS/2 using EMX 0.9b
<item> OSF1
<item> QNX 4.22
<item> RiscIX.
<item> RISCOs 5.0B
<item> SEQUENT.
<item> SCO (including: 3.2v2, European dist., OpenServer 5)
<item> SGI.
<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series
<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
<item> SUNOS 4
<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
<item> Sunsoft ISC SVR3V4
<item> SVR4
<item> System V with some berkely extensions (Motorola 88k R32V3.2).
<item> ULTRIX.
<item> UNIXWARE
<item> UXP/DS
</itemize>
<sect2>Running Samba on systems unlike Unix<p><label id="OnUnlikeUnix">
More recently Samba has been ported to a number of operating systems
which can provide a BSD Unix-like implementation of TCP/IP sockets.
These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS,
Windows NT and several others are being worked on but not yet available
for use.
Home pages for these ports are:
[... ]
<sect1>Exporting server resources with Samba<p><label id="Exporting">
Files, printers, CD ROMs and other local devices. Network devices,
including networked filesystems and remote printer queues. Other devices
such as [....]
1.4) Configuring SHARES
1.4.1) Homes service
1.4.2) Public services
1.4.3) Application serving
1.4.4) Team sharing a Samba resource
1.5) Printer configuration
1.5.1) Berkeley LPR/LPD systems
1.5.2) ATT SysV lp systems
1.5.3) Using a private printcap file
1.5.4) Use of the smbprint utility
1.5.5) Printing from Windows to Unix
1.5.6) Printing from Unix to Windows
<sect1>Name Resolution and Browsing<p><label id="NameBrowsing">
See also <url url="../BROWSING.txt">
1.6) Name resolution issues
1.6.1) LMHOSTS file and when to use it
1.6.2) configuring WINS (support, server, proxy)
1.6.3) configuring DNS proxy
1.7) Problem Diagnosis
1.8) What NOT to do!!!!
3.2) Browse list managment
3.3) Name resolution mangement
<sect1>Handling SMB Encryption<p><label id="SMBEncryptionSteps">
SMB encryption is ...
...in <url url="../ENCRYPTION.txt"> there is...
Samba compiled with libdes - enabling encrypted passwords
<sect2>Laws in different countries affecting Samba<p><label id="CryptoLaws">
<sect2>Relationship between encryption and Domain Authentication<p>
<sect1> Files and record locking
3.1.1) Old DOS clients
3.1.2) Opportunistic locking and the consequences
3.1.3) Files caching under Windows for Workgroups, Win95 and NT
Some of the foregoing links into Client-FAQ
<sect1>Managing Samba Log files<p><label id="LogFiles">
<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse">
See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt">
for more information on browsing. Browsing.txt can also be found
in the docs directory of the Samba source.
If your GUI client does not permit you to select non-browsable
servers, you may need to do so on the command line. For example, under
Lan Manager you might connect to the above service as disk drive M:
thusly:
<tscreen><verb>
net use M: \\mary\fred
</verb></tscreen>
The details of how to do this and the specific syntax varies from
client to client - check your client's documentation.
<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files">
See the next question.
<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames">
If you check what files are not showing up, you will note that they
are files which contain upper case letters or which are otherwise not
DOS-compatible (ie, they are not legal DOS filenames for some reason).
The Samba server can be configured either to ignore such files
completely, or to present them to the client in "mangled" form. If you
are not seeing the files at all, the Samba server has most likely been
configured to ignore them. Consult the man page smb.conf(5) for
details of how to change this - the parameter you need to set is
"mangled names = yes".
<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server">
This indicates one of three things: You supplied an incorrect server
name, the underlying TCP/IP layer is not working correctly, or the
name you specified cannot be resolved.
After carefully checking that the name you typed is the name you
should have typed, try doing things like pinging a host or telnetting
to somewhere on your network to see if TCP/IP is functioning OK. If it
is, the problem is most likely name resolution.
If your client has a facility to do so, hardcode a mapping between the
hosts IP and the name you want to use. For example, with Lan Manager
or Windows for Workgroups you would put a suitable entry in the file
LMHOSTS. If this works, the problem is in the communication between
your client and the netbios name server. If it does not work, then
there is something fundamental wrong with your naming and the solution
is beyond the scope of this document.
If you do not have any server on your subnet supplying netbios name
resolution, hardcoded mappings are your only option. If you DO have a
netbios name server running (such as the Samba suite's nmbd program),
the problem probably lies in the way it is set up. Refer to Section
Two of this FAQ for more ideas.
By the way, remember to REMOVE the hardcoded mapping before further
tests :-)
<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share">
This message indicates that your client CAN locate the specified
server, which is a good start, but that it cannot find a service of
the name you gave.
The first step is to check the exact name of the service you are
trying to connect to (consult your system administrator). Assuming it
exists and you specified it correctly (read your client's docs on how
to specify a service name correctly), read on:
<itemize>
<item> Many clients cannot accept or use service names longer than eight characters.
<item> Many clients cannot accept or use service names containing spaces.
<item> Some servers (not Samba though) are case sensitive with service names.
<item> Some clients force service names into upper case.
</itemize>
<sect1>Printing doesn't work :-(<p> <label id="no_printing">
Make sure that the specified print command for the service you are
connecting to is correct and that it has a fully-qualified path (eg.,
use "/usr/bin/lpr" rather than just "lpr", if you happen to be using
Unix).
Make sure that the spool directory specified for the service is
writable by the user connected to the service.
Make sure that the user specified in the service is permitted to use
the printer.
Check the debug log produced by smbd. Search for the printer name and
see if the log turns up any clues. Note that error messages to do with
a service ipc$ are meaningless - they relate to the way the client
attempts to retrieve status information when using the LANMAN1
protocol.
If using WfWg then you need to set the default protocol to TCP/IP, not
Netbeui. This is a WfWg bug.
If using the Lanman1 protocol (the default) then try switching to
coreplus. Also not that print status error messages don't mean
printing won't work. The print status is received by a different
mechanism.
<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares">
Your guest account is probably invalid for some reason. Samba uses the
guest account for browsing in smbd. Check that your guest account is
valid.
See also 'guest account' in smb.conf man page.
<sect1>Issues specific to Unix and Unix-like systems<p><label id="UnixIssues">
<sect2>Printing doesn't work with my Unix Samba server<p> <label id="no_printing">
The user "nobody" often has problems with printing, even if it worked
with an earlier version of Samba. Try creating another guest user other
than "nobody".
<sect2>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid">
This can have several causes. It might be because you are using a uid
or gid of 65535 or -1. This is a VERY bad idea, and is a big security
hole. Check carefully in your /etc/passwd file and make sure that no
user has uid 65535 or -1. Especially check the "nobody" user, as many
broken systems are shipped with nobody setup with a uid of 65535.
It might also mean that your OS has a trapdoor uid/gid system :-)
This means that once a process changes effective uid from root to
another user it can't go back to root. Unfortunately Samba relies on
being able to change effective uid from root to non-root and back
again to implement its security policy. If your OS has a trapdoor uid
system this won't work, and several things in Samba may break. Less
things will break if you use user or server level security instead of
the default share level security, but you may still strike
problems.
The problems don't give rise to any security holes, so don't panic,
but it does mean some of Samba's capabilities will be unavailable.
In particular you will not be able to connect to the Samba server as
two different uids at once. This may happen if you try to print as a
"guest" while accessing a share as a normal user. It may also affect
your ability to list the available shares as this is normally done as
the guest user.
Complain to your OS vendor and ask them to fix their system.
Note: the reason why 65535 is a VERY bad choice of uid and gid is that
it casts to -1 as a uid, and the setreuid() system call ignores (with
no error) uid changes to -1. This means any daemon attempting to run
as uid 65535 will actually run as root. This is not good!
</article>

160
docs/faq/Samba-meta-FAQ-1.html
View File

@ -1,160 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba meta FAQ: Quick Reference Guides to Samba Documentation</TITLE>
</HEAD>
<BODY>
Previous
<A HREF="Samba-meta-FAQ-2.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc1">Table of Contents</A>
<HR>
<H2><A NAME="s1">1. Quick Reference Guides to Samba Documentation</A></H2>
<P>
<A NAME="quickref"></A>
</P>
<P>We are endeavouring to provide links here to every major class of
information about Samba or things related to Samba. We cannot list every
document, but we are aiming for all documents to be at most two
referrals from those listed here. This needs constant maintaining, so
please send the author your feedback.</P>
<H2><A NAME="ss1.1">1.1 Samba for the Impatient</A></H2>
<P>
<A NAME="impatient"></A>
</P>
<P>You know you should read the documentation but can't wait to start? What
you need to do then is follow the instructions in the following
documents in the order given. This should be enough to get a fairly
simple site going quickly. If you have any problems, refer back to this
meta-FAQ and follow the links to find more reading material.</P>
<P>
<DL>
<P>
<A NAME="ImpGet"></A>
</P>
<DT><B>Getting Samba:</B><DD><P>The fastest way to get Samba
going is and install it is to have an operating system for which the
Samba team has put together an installation package. To see if your OS
is included have a look at the directory
/pub/samba/Binary_Packages/"OS_Vendor" on your nearest
<A HREF="../MIRRORS">mirror site</A>. If it is included follow the
installation instructions in the README file there and then do some
<A HREF="#ImpTest">basic testing</A>. If you are not so fortunate, follow the normal
<A HREF="Samba-meta-FAQ-2.html#WhereFrom">download instructions</A> and then continue with
<A HREF="#ImpInst">building and installing Samba</A>.</P>
<P>
<A NAME="ImpInst"></A>
</P>
<DT><B>Building and Installing Samba:</B><DD><P>At the moment
there are two kinds of Samba server installs besides the prepackaged
binaries mentioned in the previous step. You need to decide if you have a
<A HREF="../UNIX_INSTALL.txt">Unix or close relative</A> or
<A HREF="Samba-Server-FAQ.html#PortInfo">other supported operating system</A>.</P>
<P>
<A NAME="ImpTest"></A>
</P>
<DT><B>Basic Testing:</B><DD><P>Try to connect using the
supplied smbclient command-line program. You need to know the IP
hostname of your server. A service name must be defined in smb.conf, as
given in the examples (under many operating systems if there is a
<F>homes</F> service you can just use a valid username.) Then type
<CODE>smbclient \\hostname\servicename</CODE>
Under most Unixes you will need to put the parameters within quotation
marks. If this works, try connecting from one of the SMB clients you
were planning to use with Samba.</P>
<P>
<A NAME="ImpDebug"></A>
</P>
<DT><B>Debug sequence:</B><DD><P>If you think you have completed the
previous step and things aren't working properly work through
<A HREF="../DIAGNOSIS.txt">the diagnosis recipe.</A></P>
<P>
<A NAME="ImpExp"></A>
</P>
<DT><B>Exporting files to SMB clients:</B><DD><P>You should read the manual pages
for smb.conf, but here is a
<A HREF="Samba-Server-FAQ.html#Exporting">quick answer guide.</A></P>
<P>
<A NAME="ImpControl"></A>
</P>
<DT><B>Controlling user access:</B><DD><P>the quickest and dirtiest way of sharing
resources is to use
<A HREF="Samba-meta-FAQ-4.html#ShareModeSecurity">share level security.</A> If you want to spend more time and have a proper username
and password database you must read the paragraph on
<A HREF="Samba-meta-FAQ-4.html#DomainModeSecurity">domain mode security.</A> If you want
encryption (eg you are using Windows NT clients) follow the
<A HREF="Samba-Server-FAQ.html#SMBEncryptionSteps">SMB encryption instructions.</A></P>
<P>
<A NAME="ImpBrowse"></A>
</P>
<DT><B>Browsing:</B><DD><P>if you are happy to type in "\\samba-server\sharename"
at the client end then do not read any further. Otherwise you need to
understand the
browsing terminology</A>
and read
<A HREF="Samba-Server-FAQ.html#NameBrowsing">Samba-Server-FAQ.html#NameBrowsing</A>. </P>
<P>
<A NAME="ImpPrint"></A>
</P>
<DT><B>Printing:</B><DD><P>See the
<A HREF="Samba-Server-FAQ.html#Printing">printing quick answer guide.</A></P>
</DL>
</P>
<P>If you have got everything working to this point, you can expect Samba
to be stable and secure: these are its greatest strengths. However Samba
has a great deal to offer and to go further you must do some more
reading. Speed and security optimisations, printer accounting, network
logons, roving profiles, browsing across multiple subnets and so on are
all covered either in this document or in those it refers to.</P>
<H2><A NAME="ss1.2">1.2 All Samba Documentation</A></H2>
<P>
<A NAME="AllDocs"></A>
</P>
<P>
<UL>
<LI> Meta-FAQ. This is the mother of all documents, and is the one you
are reading now. The latest version is always at
<A HREF="http://samba.org/[.....]">http://samba.org/[.....]</A> but there is probably a much
nearer
<A HREF="../MIRRORS">mirror site</A> which you should use
instead.
</LI>
<LI>
<A HREF="Samba-Server-FAQ.html">Samba-Server-FAQ.html</A> is the best starting point for
information about server-side issues. Includes configuration tips and
pointers for Samba on particular operating systems (with 40 to choose
from...)
</LI>
<LI>
<A HREF="Samba-Client-FAQ.html">Samba-Client-FAQ.html</A> is the best starting point for
information about client-side issues, includes a list of all clients
that are known to work with Samba.
</LI>
<LI>
<A HREF="samba-man-index.html">manual pages</A> contains
descriptions of and links to all the Samba manual pages, in Unix man and
postscript format.
</LI>
<LI>
<A HREF="samba-txt-index.html">samba-txt-index.html</A> has descriptions of and links to
a large number of text files have been contributed to samba covering
many topics. These are gradually being absorbed into the FAQs and HOWTOs
but in the meantime you might find helpful answers here.
</LI>
<LI>
</LI>
</UL>
</P>
<HR>
Previous
<A HREF="Samba-meta-FAQ-2.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc1">Table of Contents</A>
</BODY>
</HTML>

384
docs/faq/Samba-meta-FAQ-2.html
View File

@ -1,384 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba meta FAQ: General Information</TITLE>
</HEAD>
<BODY>
<A HREF="Samba-meta-FAQ-1.html">Previous</A>
<A HREF="Samba-meta-FAQ-3.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc2">Table of Contents</A>
<HR>
<H2><A NAME="s2">2. General Information</A></H2>
<P>
<A NAME="general_info"></A>
</P>
<P>All about Samba - what it is, how to get it, related sources of
information, how to understand the numbering scheme, pizza
details.</P>
<H2><A NAME="ss2.1">2.1 What is Samba?</A></H2>
<P>
<A NAME="introduction"></A>
</P>
<P>Samba is a suite of programs which work together to allow clients to
access to a server's filespace and printers via the SMB (Server Message
Block) and CIFS (Common Internet Filesystem) protocols. Initially
written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and
Amigas. Ports to BeOS and other operating systems are underway. Samba
gives the capability for these operating systems to behave much like a
LAN Server, Windows NT Server or Pathworks machine, only with added
functionality and flexibility designed to make life easier for
administrators. </P>
<P>This means that using Samba you can share a server's disks and printers
to many sorts of network clients, including Lan Manager, Windows for
Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic
client program supplied as part of the Samba suite which gives a user on
the server an ftp-like interface to access filespace and printers on any
other SMB/CIFS servers.</P>
<P>SMB has been implemented over many protocols, including XNS, NBT, IPX,
NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change
although there have been some requests for NetBEUI support.</P>
<P>Many users report that compared to other SMB implementations Samba is
more stable, faster, and compatible with more clients. Administrators of
some large installations say that Samba is the only SMB server available
which will scale to many tens of thousands of users without crashing.
The easy way to test these claims is to download it and try it for
yourself!</P>
<P>The suite is supplied with full source code under the
<A HREF="../COPYING">GNU Public License</A>. The GPL means that you can
use Samba for whatever purpose you wish (including changing the source
or selling it for money) but under all circumstances the source code
must be made freely available. A copy of the GPL must always be included
in any copy of the package.</P>
<P>The primary creator of the Samba suite is Andrew Tridgell. Later
versions incorporate much effort by many net.helpers. The man pages
and this FAQ were originally written by Karl Auer.</P>
<H2><A NAME="ss2.2">2.2 What is the current version of Samba?</A></H2>
<P>
<A NAME="current_version"></A>
</P>
<P>At time of writing, the current version was 1.9.17. If you want to be
sure check the bottom of the change-log file.
<A HREF="ftp://samba.org/pub/samba/alpha/change-log">ftp://samba.org/pub/samba/alpha/change-log</A></P>
<P>For more information see
<A HREF="#version_nums">What do the version numbers mean?</A></P>
<H2><A NAME="ss2.3">2.3 Where can I get it? </A></H2>
<P>
<A NAME="WhereFrom"></A>
</P>
<P>The Samba suite is available via anonymous ftp from samba.org and
many
<A HREF="../MIRRORS">mirror</A> sites. You will get much
faster performance if you use a mirror site. The latest and greatest
versions of the suite are in the directory:</P>
<P>/pub/samba/</P>
<P>Development (read "alpha") versions, which are NOT necessarily stable
and which do NOT necessarily have accurate documentation, are available
in the directory:</P>
<P>/pub/samba/alpha</P>
<P>Note that binaries are NOT included in any of the above. Samba is
distributed ONLY in source form, though binaries may be available from
other sites. Most Linux distributions, for example, do contain Samba
binaries for that platform. The VMS, OS/2, Netware and Amiga and other
ports typically have binaries made available.</P>
<P>A special case is vendor-provided binary packages. Samba binaries and
default configuration files are put into packages for a specific
operating system. RedHat Linux and Sun Solaris (Sparc and x86) is
already included, and others such as OS/2 may follow. All packages are
in the directory:</P>
<P>/pub/samba/Binary_Packages/"OS_Vendor"</P>
<H2><A NAME="ss2.4">2.4 What do the version numbers mean?</A></H2>
<P>
<A NAME="version_nums"></A>
</P>
<P>It is not recommended that you run a version of Samba with the word
"alpha" in its name unless you know what you are doing and are willing
to do some debugging. Many, many people just get the latest
recommended stable release version and are happy. If you are brave, by
all means take the plunge and help with the testing and development -
but don't install it on your departmental server. Samba is typically
very stable and safe, and this is mostly due to the policy of many
public releases.</P>
<P>How the scheme works:</P>
<P>
<OL>
<LI>When major changes are made the version number is increased. For
example, the transition from 1.9.16 to 1.9.17. However, this version
number will not appear immediately and people should continue to use
1.9.15 for production systems (see next point.)
</LI>
<LI>Just after major changes are made the software is considered
unstable, and a series of alpha releases are distributed, for example
1.9.16alpha1. These are for testing by those who know what they are
doing. The "alpha" in the filename will hopefully scare off those who
are just looking for the latest version to install.
</LI>
<LI>When Andrew thinks that the alphas have stabilised to the point
where he would recommend new users install it, he renames it to the
same version number without the alpha, for example 1.9.17.
</LI>
<LI>Inevitably bugs are found in the "stable" releases and minor patch
levels are released which give us the pXX series, for example 1.9.17p2.
</LI>
</OL>
</P>
<P>So the progression goes:</P>
<P>
<PRE>
1.9.16p10 (production)
1.9.16p11 (production)
1.9.17alpha1 (test sites only)
:
1.9.17alpha20 (test sites only)
1.9.17 (production)
1.9.17p1 (production)
</PRE>
</P>
<P>The above system means that whenever someone looks at the samba ftp
site they will be able to grab the highest numbered release without an
alpha in the name and be sure of getting the current recommended
version.</P>
<H2><A NAME="ss2.5">2.5 Where can I go for further information?</A></H2>
<P>
<A NAME="more"></A>
</P>
<P>There are a number of places to look for more information on Samba,
including:</P>
<P>
<UL>
<LI>Two mailing lists devoted to discussion of Samba-related matters.
See below for subscription information.
</LI>
<LI>The newsgroup comp.protocols.smb, which has a great deal of
discussion about Samba.
</LI>
<LI>The WWW site 'SAMBA Web Pages' at
<A HREF="http://samba.org/samba/">http://samba.org/samba/</A> includes:
<UL>
<LI>Links to man pages and documentation, including this FAQ</LI>
<LI>A comprehensive survey of Samba users</LI>
<LI>A searchable hypertext archive of the Samba mailing list</LI>
<LI>Links to Samba source code, binaries, and mirrors of both</LI>
<LI>This FAQ and the rest in its family</LI>
</UL>
</LI>
</UL>
</P>
<H2><A NAME="ss2.6">2.6 How do I subscribe to the Samba Mailing Lists?</A></H2>
<P>
<A NAME="mailinglist"></A>
</P>
<P>Send email to
<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank,
and include the following two lines in the body of the message:</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
subscribe samba Firstname Lastname
subscribe samba-announce Firstname Lastname
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>Obviously you should substitute YOUR first name for "Firstname" and
YOUR last name for "Lastname"! Try not to send any signature, it
sometimes confuses the list processor.</P>
<P>The samba list is a digest list - every eight hours or so it sends a
single message containing all the messages that have been received by
the list since the last time and sends a copy of this message to all
subscribers. There are thousands of people on this list.</P>
<P>If you stop being interested in Samba, please send another email to
<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank, and
include the following two lines in the body of the message:</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
unsubscribe samba
unsubscribe samba-announce
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>The <B>From:</B> line in your message <EM>MUST</EM> be the same
address you used when you subscribed.</P>
<H2><A NAME="ss2.7">2.7 Something's gone wrong - what should I do?</A></H2>
<P>
<A NAME="wrong"></A>
</P>
<P><B><F>#</F> *** IMPORTANT! *** <F>#</F></B></P>
<P>DO NOT post messages on mailing lists or in newsgroups until you have
carried out the first three steps given here!</P>
<P>
<OL>
<LI> See if there are any likely looking entries in this FAQ!
If you have just installed Samba, have you run through the checklist in
<A HREF="ftp://samba.org/pub/samba/DIAGNOSIS.txt">DIAGNOSIS.txt</A>? It can save you a lot of time and effort.
DIAGNOSIS.txt can also be found in the docs directory of the Samba
distribution.
</LI>
<LI> Read the man pages for smbd, nmbd and smb.conf, looking for
topics that relate to what you are trying to do.
</LI>
<LI> If there is no obvious solution to hand, try to get a look at
the log files for smbd and/or nmbd for the period during which you
were having problems. You may need to reconfigure the servers to
provide more extensive debugging information - usually level 2 or
level 3 provide ample debugging info. Inspect these logs closely,
looking particularly for the string "Error:".
</LI>
<LI> If you need urgent help and are willing to pay for it see
<A HREF="#PaidSupport">Paid Support</A>.
</LI>
</OL>
</P>
<P>If you still haven't got anywhere, ask the mailing list or newsgroup. In
general nobody minds answering questions provided you have followed the
preceding steps. It might be a good idea to scan the archives of the
mailing list, which are available through the Samba web site described
in the previous section. When you post be sure to include a good
description of your environment and your problem.</P>
<P>If you successfully solve a problem, please mail the FAQ maintainer a
succinct description of the symptom, the problem and the solution, so
that an explanation can be incorporated into the next version.</P>
<H2><A NAME="ss2.8">2.8 How do I submit patches or bug reports?</A></H2>
<P>If you make changes to the source code, <EM>please</EM> submit these patches
so that everyone else gets the benefit of your work. This is one of
the most important aspects to the maintainence of Samba. Send all
patches to
<A HREF="mailto:samba@samba.org">samba@samba.org</A>. Do not send patches to Andrew Tridgell or any
other individual, they may be lost if you do.</P>
<P>Patch format
------------</P>
<P>If you are sending a patch to fix a problem then please don't just use
standard diff format. As an example, samba@samba.org received this patch from
someone:</P>
<P>382a
#endif
..
381a
#if !defined(NEWS61)</P>
<P>How are we supposed to work out what this does and where it goes? These
sort of patches only work if we both have identical files in the first
place. The Samba sources are constantly changing at the hands of multiple
developers, so it doesn't work.</P>
<P>Please use either context diffs or (even better) unified diffs. You
get these using "diff -c4" or "diff -u". If you don't have a diff that
can generate these then please send manualy commented patches to I
know what is being changed and where. Most patches are applied by hand so
the info must be clear.</P>
<P>This is a basic guideline that will assist us with assessing your problem
more efficiently :</P>
<P>Machine Arch:
Machine OS:
OS Version:
Kernel:</P>
<P>Compiler:
Libc Version:</P>
<P>Samba Version:</P>
<P>Network Layout (description):</P>
<P>What else is on machine (services, etc):</P>
<P>Some extras :</P>
<P>
<UL>
<LI> what you did and what happened
</LI>
<LI> relevant parts of a debugging output file with debuglevel higher.
If you can't find the relevant parts, please ask before mailing
huge files.
</LI>
<LI> anything else you think is useful to trace down the bug
</LI>
</UL>
</P>
<H2><A NAME="ss2.9">2.9 What if I have an URGENT message for the developers?</A></H2>
<P>If you have spotted something very serious and believe that it is
important to contact the developers quickly send a message to
samba-urgent@samba.org. This will be processed more quickly than
mail to samba@samba.org. Please think carefully before using this address. An
example of its use might be to report a security hole.</P>
<P>Examples of things <EM>not</EM> to send to samba-urgent include problems
getting Samba to work at all and bugs that cannot potentially cause damage.</P>
<H2><A NAME="ss2.10">2.10 What if I need paid-for support?</A></H2>
<P>
<A NAME="PaidSupport"></A>
</P>
<P>Samba has a large network of consultants who provide Samba support on a
commercial basis. The list is included in the package in
<A HREF="../Support.txt">../Support.txt</A>, and the latest version will always be on the main
samba ftp site. Any company in the world can request that the samba team
include their details in Support.txt so we can give no guarantee of
their services.</P>
<H2><A NAME="ss2.11">2.11 Pizza supply details</A></H2>
<P>
<A NAME="pizza"></A>
Those who have registered in the Samba survey as "Pizza Factory" will
already know this, but the rest may need some help. Andrew doesn't ask
for payment, but he does appreciate it when people give him
pizza. This calls for a little organisation when the pizza donor is
twenty thousand kilometres away, but it has been done.</P>
<P>
<OL>
<LI> Ring up your local branch of an international pizza chain
and see if they honour their vouchers internationally. Pizza Hut do,
which is how the entire Canberra Linux Users Group got to eat pizza
one night, courtesy of someone in the US.
</LI>
<LI>Ring up a local pizza shop in Canberra and quote a credit
card number for a certain amount, and tell them that Andrew will be
collecting it (don't forget to tell him.) One kind soul from Germany
did this.
</LI>
<LI>Purchase a pizza voucher from your local pizza shop that has
no international affiliations and send it to Andrew. It is completely
useless but he can hang it on the wall next to the one he already has
from Germany :-)
</LI>
<LI>Air freight him a pizza with your favourite regional
flavours. It will probably get stuck in customs or torn apart by
hungry sniffer dogs but it will have been a noble gesture.
</LI>
</OL>
</P>
<HR>
<A HREF="Samba-meta-FAQ-1.html">Previous</A>
<A HREF="Samba-meta-FAQ-3.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc2">Table of Contents</A>
</BODY>
</HTML>

101
docs/faq/Samba-meta-FAQ-3.html
View File

@ -1,101 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba meta FAQ: About the CIFS and SMB Protocols</TITLE>
</HEAD>
<BODY>
<A HREF="Samba-meta-FAQ-2.html">Previous</A>
<A HREF="Samba-meta-FAQ-4.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc3">Table of Contents</A>
<HR>
<H2><A NAME="s3">3. About the CIFS and SMB Protocols</A></H2>
<P>
<A NAME="CifsSmb"></A>
</P>
<H2><A NAME="ss3.1">3.1 What is the Server Message Block (SMB) Protocol?</A></H2>
<P>SMB is a filesharing protocol that has had several maintainers and
contributors over the years including Xerox, 3Com and most recently
Microsoft. Names for this protocol include LAN Manager and Microsoft
Networking. Parts of the specification has been made public at several
versions including in an X/Open document, as listed at
<A HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/">ftp://ftp.microsoft.com/developr/drg/CIFS/</A>. No specification
releases were made between 1992 and 1996, and during that period
Microsoft became the SMB implementor with the largest market share.
Microsoft developed the specification further for its products but for
various reasons connected with developer's workload rather than market
strategy did not make the changes public. This culminated with the
"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant
improvements and bugs. Because Microsoft client systems are so popular,
it is fair to say that what Microsoft with Windows affects all suppliers
of SMB server products.</P>
<P>From 1994 Andrew Tridgell began doing some serious work on his
Smbserver (now Samba) product and with some helpers started to
implement more and more of these protocols. Samba began to take
a significant share of the SMB server market.</P>
<H2><A NAME="ss3.2">3.2 What is the Common Internet Filesystem (CIFS)?</A></H2>
<P>The initial pressure for Microsoft to document their current SMB
implementation came from the Samba team, who kept coming across things
on the wire that Microsoft either didn't know about or hadn't documented
anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems
came out with their WebNFS initiative, designed to replace FTP for file
transfers on the Internet. There are many drawbacks to WebNFS (including
its scope - it aims to replace HTTP as well!) but the concept was
attractive. FTP is not very clever, and why should it be harder to get
files from across the world than across the room? </P>
<P>Some hasty revisions were made and an Internet Draft for the Common
Internet Filesystem (CIFS) was released. Note that CIFS is not an
Internet standard and is a very long way from becoming one, BUT the
protocol specification is in the public domain and ongoing discussions
concerning the spec take place on a public mailing list according to the
rules of the Internet Engineering Task Force. For more information and
pointers see
<A HREF="http://samba.org/cifs/">http://samba.org/cifs/</A></P>
<P>The following is taken from
<A HREF="http://www.microsoft.com/intdev/cifs/">http://www.microsoft.com/intdev/cifs/</A></P>
<P>
<PRE>
CIFS defines a standard remote file system access protocol for use
over the Internet, enabling groups of users to work together and
share documents across the Internet or within their corporate
intranets. CIFS is an open, cross-platform technology based on the
native file-sharing protocols built into Microsoft<66> Windows<77> and
other popular PC operating systems, and supported on dozens of
other platforms, including UNIX<49>. With CIFS, millions of computer
users can open and share remote files on the Internet without having
to install new software or change the way they work.&quot;
</PRE>
</P>
<P>If you consider CIFS as a backwardsly-compatible refinement of SMB that
will work reasonably efficiently over the Internet you won't be too far
wrong.</P>
<P>The net effect is that Microsoft is now documenting large parts of their
Windows NT fileserver protocols. The security concepts embodied in
Windows NT are part of the specification, which is why Samba
documentation often talks in terms of Windows NT. However there is no
reason why a site shouldn't conduct all its file and printer sharing
with CIFS and yet have no Microsoft products at all.</P>
<H2><A NAME="ss3.3">3.3 What is Browsing? </A></H2>
<P>The term "Browsing" causes a lot of confusion. It is the part of the
SMB/CIFS protocol which allows for resource discovery. For example, in
the Windows NT Explorer it is possible to see a "Network Neighbourhood"
of computers in the same SMB workgroup. Clicking on the name of one of
these machines brings up a list of file and printer resources for
connecting to. In this way you can cruise the network, seeing what
things are available. How this scales to the Internet is a subject for
debate. Look at the CIFS list archives to see what the experts think.</P>
<HR>
<A HREF="Samba-meta-FAQ-2.html">Previous</A>
<A HREF="Samba-meta-FAQ-4.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc3">Table of Contents</A>
</BODY>
</HTML>

215
docs/faq/Samba-meta-FAQ-4.html
View File

@ -1,215 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba meta FAQ: Designing A SMB and CIFS Network</TITLE>
</HEAD>
<BODY>
<A HREF="Samba-meta-FAQ-3.html">Previous</A>
<A HREF="Samba-meta-FAQ-5.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc4">Table of Contents</A>
<HR>
<H2><A NAME="s4">4. Designing A SMB and CIFS Network</A></H2>
<P>The big issues for installing any network of LAN or WAN file and print
servers are </P>
<P>
<UL>
<LI>How and where usernames, passwords and other security information
is stored
</LI>
<LI>What method can be used for locating the resources that users have
permission to use
</LI>
<LI>What protocols the clients can converse with
</LI>
</UL>
</P>
<P>If you buy Netware, Windows NT or just about any other LAN fileserver
product you are expected to lock yourself into the product's preferred
answers to these questions. This tendancy is restrictive and often very
expensive for a site where there is only one kind of client or server,
and for sites with a mixture of operating systems it often makes it
impossible to share resources between some sets of users.</P>
<P>The Samba philosophy is to make things as easy as possible for
administators, which means allowing as many combinations of clients,
servers, operating systems and protocols as possible.</P>
<H2><A NAME="ss4.1">4.1 Workgroups, Domains, Authentication and Browsing</A></H2>
<P>From the point of view of networking implementation, Domains and
Workgroups are <EM>exactly</EM> the same, except for the client logon
sequence. Some kind of distributed authentication database is associated
with a domain (there are quite a few choices) and this adds so much
flexibility that many people think of a domain as a completely different
entity to a workgroup. From Samba's point of view a client connecting to
a service presents an authentication token, and it if it is valid they
have access. Samba does not care what mechanism was used to generate
that token in the first place.</P>
<P>The SMB client logging on to a domain has an expectation that every other
server in the domain should accept the same authentication information.
However the network browsing functionality of domains and workgroups is
identical and is explained in
<A HREF="../BROWSING.txt">../BROWSING.txt</A>.</P>
<P>There are some implementation differences: Windows 95 can be a member of
both a workgroup and a domain, but Windows NT cannot. Windows 95 also
has the concept of an "alternative workgroup". Samba can only be a
member of a single workgroup or domain, although this is due to change
with a future version when nmbd will be split into two daemons, one for
WINS and the other for browsing (
<A HREF="../NetBIOS.txt">../NetBIOS.txt</A> explains
what WINS is.)</P>
<H3>Defining the Terms</H3>
<P>
<A NAME="BrowseAndDomainDefs"></A>
</P>
<P>
<DL>
<DT><B>Workgroup</B><DD><P>means a collection of machines that maintain a common
browsing database containing information about their shared resources.
They do not necessarily have any security information in common (if they
do, it gets called a Domain.) The browsing database is dynamic, modified
as servers come and go on the network and as resources are added or
deleted. The term "browsing" refers to a user accessing the database via
whatever interface the client provides, eg the OS/2 Workplace Shell or
Windows 95 Explorer. SMB servers agree between themselves as to which
ones will maintain the browsing database. Workgroups can be anywhere on
a connected TCP/IP network, including on different subnets or even on
the Interet. This is a very tricky part of SMB to implement.</P>
<DT><B>Master Browsers</B><DD><P>are machines which holds the master browsing
database for a workgroup or domain. There are two kinds of Master Browser:</P>
<P>
<UL>
<LI> Domain Master Browser, which holds the master browsing
information for an entire domain, which may well cross multiple TCP/IP
subnets.
</LI>
<LI> Local Master Browser, which holds the master browsing database
for a particular subnet and communicates with the Domain Master Browser
to get information on other subnets.
</LI>
</UL>
</P>
<P>Subnets are differentiated because browsing is based on broadcasts, and
broadcasts do not pass through routers. Subnets are not routed: while it
is possible to have more than one subnet on a single network segment
this is regarded as very bad practice.</P>
<P>Master Browsers (both Domain and Local) are elected dynamically
according to an algorithm which is supposed to take into account the
machine's ability to sustain the browsing load. Samba can be configured
to always act as a master browser, ie it always wins elections under all
circumstances, even against systems such as a Windows NT Primary Domain
Controller which themselves expect to win. </P>
<P>There are also Backup Browsers which are promoted to Master Browsers in
the event of a Master Browser disappearing from the network.</P>
<P>Alternative terms include confusing variations such as "Browse Master",
and "Master Browser" which we are trying to eliminate from the Samba
documentation. </P>
<DT><B>Domain Controller</B><DD><P>is a term which comes from the Microsoft and IBM
etc implementation of the LAN Manager protocols. It is tied to
authentication. There are other ways of doing domain authentication, but
the Windows NT method has a large market share. The general issues are
discussed in
<A HREF="../DOMAIN.txt">../DOMAIN.txt</A> and a Windows NT-specific
discussion is in
<A HREF="../DOMAIN_CONTROL.txt">../DOMAIN_CONTROL.txt</A>.</P>
</DL>
</P>
<H3>Sharelevel (Workgroup) Security Services</H3>
<P>
<A NAME="ShareModeSecurity"></A>
</P>
<P>With the Samba setting "security = SHARE", all shared resources
information about what password is associated with them but only hints
as to what usernames might be valid (the hint can be 'all users', in
which case any username will work. This is usually a bad idea, but
reflects both the initial implementations of SMB in the mid-80s and
its reincarnation with Windows for Workgroups in 1992. The idea behind
workgroup security was that small independant groups of people could
share information on an ad-hoc basis without there being an
authentication infrastructure present or requiring them to do more than
fill in a dialogue box.</P>
<H3>Authentication Domain Mode Services</H3>
<P>
<A NAME="DomainModeSecurity"></A>
</P>
<P>With the Samba settings "security = USER" or "security = SERVER"
accesses to all resources are checked for username/password pair matches
in a more rigorous manner. To the client, this has the effect of
emulating a Microsoft Domain. The client is not concerned whether or not
Samba looks up a Windows NT SAM or does it in some other way.</P>
<H2><A NAME="ss4.2">4.2 Authentication Schemes</A></H2>
<P>In the simple case authentication information is stored on a single
server and the user types a password on connecting for the first time.
However client operating systems often require a password before they
can be used at all, and in addition users usually want access to more
than one server. Asking users to remember many different passwords in
different contexts just does not work. Some kind of distributed
authentication database is needed. It must cope with password changes
and provide for assigning groups of users the same level of access
permissions. This is why Samba installations often choose to implement a
Domain model straight away.</P>
<P>Authentication decisions are some of the biggest in designing a network.
Are you going to use a scheme native to the client operating system,
native to the server operating system, or newly installed on both? A
list of options relevant to Samba (ie that make sense in the context of
the SMB protocol) follows. Any experiences with other setups would be
appreciated. <F>refer to server FAQ for "passwd chat" passwd program
password server etc etc...</F></P>
<H3>NIS</H3>
<P>For Windows 95, Windows for Workgroups and most other clients Samba can
be a domain controller and share the password database via NIS
transparently. Windows NT is different.
<A HREF="http://www.dcs.qmw.ac.uk/~williams">Free NIS NT client</A></P>
<H3>Kerberos</H3>
<P>Kerberos for US users only:
<A HREF="http://www.cygnus.com/product/unifying-security.html">Kerberos overview</A>
<A HREF="http://www.cygnus.com/product/kerbnet-download.html">Download Kerberos</A></P>
<H3>FTP</H3>
<P>Other NT w/s logon hack via NT</P>
<H3>Default Server Method</H3>
<H3>Client-side Database Only</H3>
<H2><A NAME="ss4.3">4.3 Post-Authentication: Netlogon, Logon Scripts, Profiles</A></H2>
<P>See
<A HREF="../DOMAIN.txt">../DOMAIN.txt</A></P>
<HR>
<A HREF="Samba-meta-FAQ-3.html">Previous</A>
<A HREF="Samba-meta-FAQ-5.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc4">Table of Contents</A>
</BODY>
</HTML>

30
docs/faq/Samba-meta-FAQ-5.html
View File

@ -1,30 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba meta FAQ: Cross-Protocol File Sharing</TITLE>
</HEAD>
<BODY>
<A HREF="Samba-meta-FAQ-4.html">Previous</A>
<A HREF="Samba-meta-FAQ-6.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc5">Table of Contents</A>
<HR>
<H2><A NAME="s5">5. Cross-Protocol File Sharing</A></H2>
<P>Samba is an important tool for...</P>
<P>It is possible to...</P>
<P>File protocol gateways...</P>
<P>"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html</P>
<P>Two free implementations of Appletalk for Unix are Netatalk,
<A HREF="http://www.umich.edu/~rsug/netatalk/">http://www.umich.edu/~rsug/netatalk/</A>, and CAP,
<A HREF="http://www.cs.mu.oz.au/appletalk/atalk.html">http://www.cs.mu.oz.au/appletalk/atalk.html</A>. What Samba offers MS
Windows users, these packages offer to Macs. For more info on these
packages, Samba, and Linux (and other UNIX-based systems) see
<A HREF="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html</A> 3.5) Sniffing your nework</P>
<HR>
<A HREF="Samba-meta-FAQ-4.html">Previous</A>
<A HREF="Samba-meta-FAQ-6.html">Next</A>
<A HREF="Samba-meta-FAQ.html#toc5">Table of Contents</A>
</BODY>
</HTML>

30
docs/faq/Samba-meta-FAQ-6.html
View File

@ -1,30 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba meta FAQ: Miscellaneous</TITLE>
</HEAD>
<BODY>
<A HREF="Samba-meta-FAQ-5.html">Previous</A>
Next
<A HREF="Samba-meta-FAQ.html#toc6">Table of Contents</A>
<HR>
<H2><A NAME="s6">6. Miscellaneous</A></H2>
<P>
<A NAME="miscellaneous"></A>
</P>
<H2><A NAME="ss6.1">6.1 Is Samba Year 2000 compliant?</A></H2>
<P>
<A NAME="Year2000Compliant"></A>
The CIFS protocol that Samba implements
negotiates times in various formats, all of which
are able to cope with dates beyond 2000.</P>
<HR>
<A HREF="Samba-meta-FAQ-5.html">Previous</A>
Next
<A HREF="Samba-meta-FAQ.html#toc6">Table of Contents</A>
</BODY>
</HTML>

102
docs/faq/Samba-meta-FAQ.html
View File

@ -1,102 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba meta FAQ</TITLE>
</HEAD>
<BODY>
Previous
<A HREF="Samba-meta-FAQ-1.html">Next</A>
Table of Contents
<HR>
<H1> Samba meta FAQ</H1>
<H2>Dan Shearer & Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.3, 7 Oct '97
<P><HR><EM> This is the meta-Frequently Asked Questions (FAQ) document
for Samba, the free and very popular SMB and CIFS server product. It
contains overview information for the Samba suite of programs, a
quick-start guide, and pointers to all other Samba documentation. Other
FAQs exist for specific client and server issues, and HOWTO documents
for more extended topics to do with Samba software. Current to version
Samba 1.9.17. Please send any corrections to the author. </EM><HR></P>
<P>
<H2><A NAME="toc1">1.</A> <A HREF="Samba-meta-FAQ-1.html">Quick Reference Guides to Samba Documentation</A></H2>
<UL>
<LI><A HREF="Samba-meta-FAQ-1.html#ss1.1">1.1 Samba for the Impatient</A>
<LI><A HREF="Samba-meta-FAQ-1.html#ss1.2">1.2 All Samba Documentation</A>
</UL>
<P>
<H2><A NAME="toc2">2.</A> <A HREF="Samba-meta-FAQ-2.html">General Information</A></H2>
<UL>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.1">2.1 What is Samba?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.2">2.2 What is the current version of Samba?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.3">2.3 Where can I get it? </A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.4">2.4 What do the version numbers mean?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.5">2.5 Where can I go for further information?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.6">2.6 How do I subscribe to the Samba Mailing Lists?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.7">2.7 Something's gone wrong - what should I do?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.8">2.8 How do I submit patches or bug reports?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.9">2.9 What if I have an URGENT message for the developers?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.10">2.10 What if I need paid-for support?</A>
<LI><A HREF="Samba-meta-FAQ-2.html#ss2.11">2.11 Pizza supply details</A>
</UL>
<P>
<H2><A NAME="toc3">3.</A> <A HREF="Samba-meta-FAQ-3.html">About the CIFS and SMB Protocols</A></H2>
<UL>
<LI><A HREF="Samba-meta-FAQ-3.html#ss3.1">3.1 What is the Server Message Block (SMB) Protocol?</A>
<LI><A HREF="Samba-meta-FAQ-3.html#ss3.2">3.2 What is the Common Internet Filesystem (CIFS)?</A>
<LI><A HREF="Samba-meta-FAQ-3.html#ss3.3">3.3 What is Browsing? </A>
</UL>
<P>
<H2><A NAME="toc4">4.</A> <A HREF="Samba-meta-FAQ-4.html">Designing A SMB and CIFS Network</A></H2>
<UL>
<LI><A HREF="Samba-meta-FAQ-4.html#ss4.1">4.1 Workgroups, Domains, Authentication and Browsing</A>
<LI><A HREF="Samba-meta-FAQ-4.html#ss4.2">4.2 Authentication Schemes</A>
<LI><A HREF="Samba-meta-FAQ-4.html#ss4.3">4.3 Post-Authentication: Netlogon, Logon Scripts, Profiles</A>
</UL>
<P>
<H2><A NAME="toc5">5.</A> <A HREF="Samba-meta-FAQ-5.html">Cross-Protocol File Sharing</A></H2>
<P>
<H2><A NAME="toc6">6.</A> <A HREF="Samba-meta-FAQ-6.html">Miscellaneous</A></H2>
<UL>
<LI><A HREF="Samba-meta-FAQ-6.html#ss6.1">6.1 Is Samba Year 2000 compliant?</A>
</UL>
<HR>
Previous
<A HREF="Samba-meta-FAQ-1.html">Next</A>
Table of Contents
</BODY>
</HTML>

644
docs/faq/Samba-meta-FAQ.sgml
View File

@ -1,644 +0,0 @@
<!doctype linuxdoc system> <!-- -*- SGML -*- -->
<!--
v 0.1 23 Aug 1997 Dan Shearer
Original Samba-meta-FAQ.sgml from Paul's sambafaq.sgml
v 0.2 25 Aug 1997 Dan
v 0.3 7 Oct 1997 Paul
Changed samba.canberra refs to samba.anu.../samba/
-->
<article>
<title> Samba meta FAQ
<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt>
<date>v 0.3, 7 Oct '97
<abstract> This is the meta-Frequently Asked Questions (FAQ) document
for Samba, the free and very popular SMB and CIFS server product. It
contains overview information for the Samba suite of programs, a
quick-start guide, and pointers to all other Samba documentation. Other
FAQs exist for specific client and server issues, and HOWTO documents
for more extended topics to do with Samba software. Current to version
Samba 1.9.17. Please send any corrections to the author.
</abstract>
<toc>
<sect> Quick Reference Guides to Samba Documentation<p><label id=quickref>
We are endeavouring to provide links here to every major class of
information about Samba or things related to Samba. We cannot list every
document, but we are aiming for all documents to be at most two
referrals from those listed here. This needs constant maintaining, so
please send the author your feedback.
<sect1> Samba for the Impatient<p><label id="impatient">
You know you should read the documentation but can't wait to start? What
you need to do then is follow the instructions in the following
documents in the order given. This should be enough to get a fairly
simple site going quickly. If you have any problems, refer back to this
meta-FAQ and follow the links to find more reading material.
<descrip>
<label id="ImpGet"><tag/Getting Samba:/ The fastest way to get Samba
going is and install it is to have an operating system for which the
Samba team has put together an installation package. To see if your OS
is included have a look at the directory
/pub/samba/Binary_Packages/"OS_Vendor" on your nearest <url
url="../MIRRORS" name="mirror site">. If it is included follow the
installation instructions in the README file there and then do some <ref id="ImpTest"
name="basic testing">. If you are not so fortunate, follow the normal <ref
id="WhereFrom" name="download instructions"> and then continue with <ref
id="ImpInst" name="building and installing Samba">.
<label id="ImpInst"><tag/Building and Installing Samba:/ At the moment
there are two kinds of Samba server installs besides the prepackaged
binaries mentioned in the previous step. You need to decide if you have a <url url="../UNIX_INSTALL.txt"
name="Unix or close relative"> or <url
url="Samba-Server-FAQ.html#PortInfo" name="other supported operating system">.
<label id="ImpTest"><tag/Basic Testing:/ Try to connect using the
supplied smbclient command-line program. You need to know the IP
hostname of your server. A service name must be defined in smb.conf, as
given in the examples (under many operating systems if there is a
[homes] service you can just use a valid username.) Then type
<tt>
smbclient \\hostname\servicename
</tt>
Under most Unixes you will need to put the parameters within quotation
marks. If this works, try connecting from one of the SMB clients you
were planning to use with Samba.
<label id="ImpDebug"><tag/Debug sequence:/ If you think you have completed the
previous step and things aren't working properly work through
<url url="../DIAGNOSIS.txt" name="the diagnosis recipe.">
<label id="ImpExp"><tag/Exporting files to SMB clients:/ You should read the manual pages
for smb.conf, but here is a <url url="Samba-Server-FAQ.html#Exporting"
name="quick answer guide.">
<label id="ImpControl"><tag/Controlling user access:/ the quickest and dirtiest way of sharing
resources is to use <ref id="ShareModeSecurity" name="share level
security."> If you want to spend more time and have a proper username
and password database you must read the paragraph on <ref
id="DomainModeSecurity" name="domain mode security."> If you want
encryption (eg you are using Windows NT clients) follow the <url
url="Samba-Server-FAQ.html#SMBEncryptionSteps" name="SMB encryption
instructions.">
<label id="ImpBrowse"><tag/Browsing:/ if you are happy to type in "\\samba-server\sharename"
at the client end then do not read any further. Otherwise you need to
understand the <ref id="BrowsingDefinitions" name="browsing terminology">
and read <url url="Samba-Server-FAQ.html#NameBrowsing">.
<label id="ImpPrint"><tag/Printing:/ See the <url url="Samba-Server-FAQ.html#Printing"
name="printing quick answer guide.">
</descrip>
If you have got everything working to this point, you can expect Samba
to be stable and secure: these are its greatest strengths. However Samba
has a great deal to offer and to go further you must do some more
reading. Speed and security optimisations, printer accounting, network
logons, roving profiles, browsing across multiple subnets and so on are
all covered either in this document or in those it refers to.
<sect1> All Samba Documentation<p><label id=AllDocs>
<itemize>
<item> Meta-FAQ. This is the mother of all documents, and is the one you
are reading now. The latest version is always at <url
url="http://samba.org/[.....]"> but there is probably a much
nearer <url url="../MIRRORS" name="mirror site"> which you should use
instead.
<item> <url url="Samba-Server-FAQ.html"> is the best starting point for
information about server-side issues. Includes configuration tips and
pointers for Samba on particular operating systems (with 40 to choose
from...)
<item> <url url="Samba-Client-FAQ.html"> is the best starting point for
information about client-side issues, includes a list of all clients
that are known to work with Samba.
</itemize>
<sect> General Information<p><label id="general_info">
All about Samba - what it is, how to get it, related sources of
information, how to understand the numbering scheme, pizza
details.
<sect1> What is Samba?<p><label id="introduction">
Samba is a suite of programs which work together to allow clients to
access to a server's filespace and printers via the SMB (Server Message
Block) and CIFS (Common Internet Filesystem) protocols. Initially
written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and
Amigas. Ports to BeOS and other operating systems are underway. Samba
gives the capability for these operating systems to behave much like a
LAN Server, Windows NT Server or Pathworks machine, only with added
functionality and flexibility designed to make life easier for
administrators.
This means that using Samba you can share a server's disks and printers
to many sorts of network clients, including Lan Manager, Windows for
Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic
client program supplied as part of the Samba suite which gives a user on
the server an ftp-like interface to access filespace and printers on any
other SMB/CIFS servers.
SMB has been implemented over many protocols, including XNS, NBT, IPX,
NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change
although there have been some requests for NetBEUI support.
Many users report that compared to other SMB implementations Samba is
more stable, faster, and compatible with more clients. Administrators of
some large installations say that Samba is the only SMB server available
which will scale to many tens of thousands of users without crashing.
The easy way to test these claims is to download it and try it for
yourself!
The suite is supplied with full source code under the <url
url="../COPYING" name="GNU Public License">. The GPL means that you can
use Samba for whatever purpose you wish (including changing the source
or selling it for money) but under all circumstances the source code
must be made freely available. A copy of the GPL must always be included
in any copy of the package.
The primary creator of the Samba suite is Andrew Tridgell. Later
versions incorporate much effort by many helpers. The man pages
and this FAQ were originally written by Karl Auer.
<sect1> Where can I go for further information?<p><label id="more">
There are a number of places to look for more information on Samba,
including:
<itemize>
<item>The mailing lists devoted to discussion of Samba-related matters.
See below for subscription information.
<item>The newsgroup comp.protocols.smb, which has a great deal of
discussion about Samba.
<item>The WWW site 'SAMBA Web Pages' at <url
url="http://samba.org/samba/"> includes:
<itemize>
<item>Links to man pages and documentation, including this FAQ
<item>A comprehensive survey of Samba users
<item>A searchable hypertext archive of the Samba mailing list
<item>Links to Samba source code, binaries, and mirrors of both
<item>This FAQ and the rest in its family
</itemize>
</itemize>
<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist">
Surf to <url url="http://lists.samba.org/"> for an overview of all the mailing lists.
<sect1> Something's gone wrong - what should I do?<p><label id="wrong">
<bf>[#] *** IMPORTANT! *** [#]</bf>
<p>
DO NOT post messages on mailing lists or in newsgroups until you have
carried out the first three steps given here!
<enum> <item> See if there are any likely looking entries in this FAQ!
If you have just installed Samba, have you run through the checklist in
<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt"
name="DIAGNOSIS.txt">? It can save you a lot of time and effort.
DIAGNOSIS.txt can also be found in the docs directory of the Samba
distribution.
<item> Read the man pages for smbd, nmbd and smb.conf, looking for
topics that relate to what you are trying to do.
<item> If there is no obvious solution to hand, try to get a look at
the log files for smbd and/or nmbd for the period during which you
were having problems. You may need to reconfigure the servers to
provide more extensive debugging information - usually level 2 or
level 3 provide ample debugging info. Inspect these logs closely,
looking particularly for the string "Error:".
<item> If you need urgent help and are willing to pay for it see
<ref id="PaidSupport" name="Paid Support">.
</enum>
If you still haven't got anywhere, ask the mailing list or newsgroup. In
general nobody minds answering questions provided you have followed the
preceding steps. It might be a good idea to scan the archives of the
mailing list, which are available through the Samba web site described
in the previous section. When you post be sure to include a good
description of your environment and your problem.
If you successfully solve a problem, please mail the FAQ maintainer a
succinct description of the symptom, the problem and the solution, so
that an explanation can be incorporated into the next version.
<sect1> How do I submit patches or bug reports?<p>
If you make changes to the source code, <em>please</em> submit these patches
so that everyone else gets the benefit of your work. This is one of
the most important aspects to the maintainence of Samba. Send all
patches to <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. Do not send patches to Andrew Tridgell or any
other individual, they may be lost if you do.
Patch format
------------
If you are sending a patch to fix a problem then please don't just use
standard diff format. As an example, samba@samba.org received this patch from
someone:
382a
#endif
..
381a
#if !defined(NEWS61)
How are we supposed to work out what this does and where it goes? These
sort of patches only work if we both have identical files in the first
place. The Samba sources are constantly changing at the hands of multiple
developers, so it doesn't work.
Please use either context diffs or (even better) unified diffs. You
get these using "diff -c4" or "diff -u". If you don't have a diff that
can generate these then please send manualy commented patches to I
know what is being changed and where. Most patches are applied by hand so
the info must be clear.
This is a basic guideline that will assist us with assessing your problem
more efficiently :
Machine Arch:
Machine OS:
OS Version:
Kernel:
Compiler:
Libc Version:
Samba Version:
Network Layout (description):
What else is on machine (services, etc):
Some extras :
<itemize>
<item> what you did and what happened
<item> relevant parts of a debugging output file with debuglevel higher.
If you can't find the relevant parts, please ask before mailing
huge files.
<item> anything else you think is useful to trace down the bug
</itemize>
<sect1> What if I have an URGENT message for the developers?<p>
If you have spotted something very serious and believe that it is
important to contact the developers quickly send a message to
samba-urgent@samba.org. This will be processed more quickly than
mail to samba@samba.org. Please think carefully before using this address. An
example of its use might be to report a security hole.
Examples of things <em>not</em> to send to samba-urgent include problems
getting Samba to work at all and bugs that cannot potentially cause damage.
<sect1> What if I need paid-for support?<p><label id=PaidSupport>
Samba has a large network of consultants who provide Samba support on a
commercial basis. The list is included in the package in <url
url="../Support.txt">, and the latest version will always be on the main
samba ftp site. Any company in the world can request that the samba team
include their details in Support.txt so we can give no guarantee of
their services.
<sect1> Pizza supply details<p><label id="pizza">
Those who have registered in the Samba survey as "Pizza Factory" will
already know this, but the rest may need some help. Andrew doesn't ask
for payment, but he does appreciate it when people give him
pizza. This calls for a little organisation when the pizza donor is
twenty thousand kilometres away, but it has been done.
<enum>
<item> Ring up your local branch of an international pizza chain
and see if they honour their vouchers internationally. Pizza Hut do,
which is how the entire Canberra Linux Users Group got to eat pizza
one night, courtesy of someone in the US.
<item>Ring up a local pizza shop in Canberra and quote a credit
card number for a certain amount, and tell them that Andrew will be
collecting it (don't forget to tell him.) One kind soul from Germany
did this.
<item>Purchase a pizza voucher from your local pizza shop that has
no international affiliations and send it to Andrew. It is completely
useless but he can hang it on the wall next to the one he already has
from Germany :-)
<item>Air freight him a pizza with your favourite regional
flavours. It will probably get stuck in customs or torn apart by
hungry sniffer dogs but it will have been a noble gesture.
</enum>
<sect>About the CIFS and SMB Protocols<p><label id="CifsSmb">
<sect1> What is the Server Message Block (SMB) Protocol?<p>
SMB is a filesharing protocol that has had several maintainers and
contributors over the years including Xerox, 3Com and most recently
Microsoft. Names for this protocol include LAN Manager and Microsoft
Networking. Parts of the specification has been made public at several
versions including in an X/Open document, as listed at
<url url="ftp://ftp.microsoft.com/developr/drg/CIFS/">. No specification
releases were made between 1992 and 1996, and during that period
Microsoft became the SMB implementor with the largest market share.
Microsoft developed the specification further for its products but for
various reasons connected with developer's workload rather than market
strategy did not make the changes public. This culminated with the
"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant
improvements and bugs. Because Microsoft client systems are so popular,
it is fair to say that what Microsoft with Windows affects all suppliers
of SMB server products.
From 1994 Andrew Tridgell began doing some serious work on his
Smbserver (now Samba) product and with some helpers started to
implement more and more of these protocols. Samba began to take
a significant share of the SMB server market.
<sect1> What is the Common Internet Filesystem (CIFS)?<p>
The initial pressure for Microsoft to document their current SMB
implementation came from the Samba team, who kept coming across things
on the wire that Microsoft either didn't know about or hadn't documented
anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems
came out with their WebNFS initiative, designed to replace FTP for file
transfers on the Internet. There are many drawbacks to WebNFS (including
its scope - it aims to replace HTTP as well!) but the concept was
attractive. FTP is not very clever, and why should it be harder to get
files from across the world than across the room?
Some hasty revisions were made and an Internet Draft for the Common
Internet Filesystem (CIFS) was released. Note that CIFS is not an
Internet standard and is a very long way from becoming one, BUT the
protocol specification is in the public domain and ongoing discussions
concerning the spec take place on a public mailing list according to the
rules of the Internet Engineering Task Force. For more information and
pointers see <url url="http://samba.org/cifs/">
The following is taken from <url url="http://www.microsoft.com/intdev/cifs/">
<verb>
CIFS defines a standard remote file system access protocol for use
over the Internet, enabling groups of users to work together and
share documents across the Internet or within their corporate
intranets. CIFS is an open, cross-platform technology based on the
native file-sharing protocols built into Microsoft<66> Windows<77> and
other popular PC operating systems, and supported on dozens of
other platforms, including UNIX<49>. With CIFS, millions of computer
users can open and share remote files on the Internet without having
to install new software or change the way they work."
</verb>
If you consider CIFS as a backwardsly-compatible refinement of SMB that
will work reasonably efficiently over the Internet you won't be too far
wrong.
The net effect is that Microsoft is now documenting large parts of their
Windows NT fileserver protocols. The security concepts embodied in
Windows NT are part of the specification, which is why Samba
documentation often talks in terms of Windows NT. However there is no
reason why a site shouldn't conduct all its file and printer sharing
with CIFS and yet have no Microsoft products at all.
<sect1> What is Browsing? <p>
The term "Browsing" causes a lot of confusion. It is the part of the
SMB/CIFS protocol which allows for resource discovery. For example, in
the Windows NT Explorer it is possible to see a "Network Neighbourhood"
of computers in the same SMB workgroup. Clicking on the name of one of
these machines brings up a list of file and printer resources for
connecting to. In this way you can cruise the network, seeing what
things are available. How this scales to the Internet is a subject for
debate. Look at the CIFS list archives to see what the experts think.
<sect>Designing A SMB and CIFS Network<p>
The big issues for installing any network of LAN or WAN file and print
servers are
<itemize>
<item>How and where usernames, passwords and other security information
is stored
<item>What method can be used for locating the resources that users have
permission to use
<item>What protocols the clients can converse with
</itemize>
If you buy Netware, Windows NT or just about any other LAN fileserver
product you are expected to lock yourself into the product's preferred
answers to these questions. This tendancy is restrictive and often very
expensive for a site where there is only one kind of client or server,
and for sites with a mixture of operating systems it often makes it
impossible to share resources between some sets of users.
The Samba philosophy is to make things as easy as possible for
administators, which means allowing as many combinations of clients,
servers, operating systems and protocols as possible.
<sect1>Workgroups, Domains, Authentication and Browsing<p>
From the point of view of networking implementation, Domains and
Workgroups are <em>exactly</em> the same, except for the client logon
sequence. Some kind of distributed authentication database is associated
with a domain (there are quite a few choices) and this adds so much
flexibility that many people think of a domain as a completely different
entity to a workgroup. From Samba's point of view a client connecting to
a service presents an authentication token, and it if it is valid they
have access. Samba does not care what mechanism was used to generate
that token in the first place.
The SMB client logging on to a domain has an expectation that every other
server in the domain should accept the same authentication information.
However the network browsing functionality of domains and workgroups is
identical and is explained in <url url="../BROWSING.txt">.
There are some implementation differences: Windows 95 can be a member of
both a workgroup and a domain, but Windows NT cannot. Windows 95 also
has the concept of an "alternative workgroup". Samba can only be a
member of a single workgroup or domain, although this is due to change
with a future version when nmbd will be split into two daemons, one for
WINS and the other for browsing (<url url="../NetBIOS.txt"> explains
what WINS is.)
<sect2> Defining the Terms<p><label id="BrowseAndDomainDefs">
<descrip>
<tag/Workgroup/ means a collection of machines that maintain a common
browsing database containing information about their shared resources.
They do not necessarily have any security information in common (if they
do, it gets called a Domain.) The browsing database is dynamic, modified
as servers come and go on the network and as resources are added or
deleted. The term "browsing" refers to a user accessing the database via
whatever interface the client provides, eg the OS/2 Workplace Shell or
Windows 95 Explorer. SMB servers agree between themselves as to which
ones will maintain the browsing database. Workgroups can be anywhere on
a connected TCP/IP network, including on different subnets or even on
the Interet. This is a very tricky part of SMB to implement.
<tag/Master Browsers/ are machines which holds the master browsing
database for a workgroup or domain. There are two kinds of Master Browser:
<itemize>
<item> Domain Master Browser, which holds the master browsing
information for an entire domain, which may well cross multiple TCP/IP
subnets.
<item> Local Master Browser, which holds the master browsing database
for a particular subnet and communicates with the Domain Master Browser
to get information on other subnets.
</itemize>
Subnets are differentiated because browsing is based on broadcasts, and
broadcasts do not pass through routers. Subnets are not routed: while it
is possible to have more than one subnet on a single network segment
this is regarded as very bad practice.
Master Browsers (both Domain and Local) are elected dynamically
according to an algorithm which is supposed to take into account the
machine's ability to sustain the browsing load. Samba can be configured
to always act as a master browser, ie it always wins elections under all
circumstances, even against systems such as a Windows NT Primary Domain
Controller which themselves expect to win.
There are also Backup Browsers which are promoted to Master Browsers in
the event of a Master Browser disappearing from the network.
Alternative terms include confusing variations such as "Browse Master",
and "Master Browser" which we are trying to eliminate from the Samba
documentation.
<tag/Domain Controller/ is a term which comes from the Microsoft and IBM
etc implementation of the LAN Manager protocols. It is tied to
authentication. There are other ways of doing domain authentication, but
the Windows NT method has a large market share. The general issues are
discussed in <url url="../DOMAIN.txt"> and a Windows NT-specific
discussion is in <url url="../DOMAIN_CONTROL.txt">.
</descrip>
<sect2>Sharelevel (Workgroup) Security Services<p><label id="ShareModeSecurity">
With the Samba setting "security = SHARE", all shared resources
information about what password is associated with them but only hints
as to what usernames might be valid (the hint can be 'all users', in
which case any username will work. This is usually a bad idea, but
reflects both the initial implementations of SMB in the mid-80s and
its reincarnation with Windows for Workgroups in 1992. The idea behind
workgroup security was that small independant groups of people could
share information on an ad-hoc basis without there being an
authentication infrastructure present or requiring them to do more than
fill in a dialogue box.
<sect2>Authentication Domain Mode Services<p><label id="DomainModeSecurity">
With the Samba settings "security = USER" or "security = SERVER"
accesses to all resources are checked for username/password pair matches
in a more rigorous manner. To the client, this has the effect of
emulating a Microsoft Domain. The client is not concerned whether or not
Samba looks up a Windows NT SAM or does it in some other way.
<sect1>Authentication Schemes<p>
In the simple case authentication information is stored on a single
server and the user types a password on connecting for the first time.
However client operating systems often require a password before they
can be used at all, and in addition users usually want access to more
than one server. Asking users to remember many different passwords in
different contexts just does not work. Some kind of distributed
authentication database is needed. It must cope with password changes
and provide for assigning groups of users the same level of access
permissions. This is why Samba installations often choose to implement a
Domain model straight away.
Authentication decisions are some of the biggest in designing a network.
Are you going to use a scheme native to the client operating system,
native to the server operating system, or newly installed on both? A
list of options relevant to Samba (ie that make sense in the context of
the SMB protocol) follows. Any experiences with other setups would be
appreciated. [refer to server FAQ for "passwd chat" passwd program
password server etc etc...]
<sect2>NIS<p>
For Windows 95, Windows for Workgroups and most other clients Samba can
be a domain controller and share the password database via NIS
transparently. Windows NT is different.
<url url="http://www.dcs.qmw.ac.uk/~williams" name="Free NIS NT client">
<sect2>Kerberos<p>
Kerberos for US users only:
<url url="http://www.cygnus.com/product/unifying-security.html"
name="Kerberos overview">
<url url="http://www.cygnus.com/product/kerbnet-download.html"
name="Download Kerberos">
<sect2>FTP<p>
Other NT w/s logon hack via NT
<sect2>Default Server Method<p>
<sect2>Client-side Database Only<p>
<sect1>Post-Authentication: Netlogon, Logon Scripts, Profiles<p>
See <url url="../DOMAIN.txt">
<sect>Cross-Protocol File Sharing<p>
Samba is an important tool for...
It is possible to...
File protocol gateways...
"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html
Two free implementations of Appletalk for Unix are Netatalk, <url
url="http://www.umich.edu/~rsug/netatalk/">, and CAP, <url
url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers MS
Windows users, these packages offer to Macs. For more info on these
packages, Samba, and Linux (and other UNIX-based systems) see <url
url="http://www.eats.com/linux_mac_win.html"> 3.5) Sniffing your nework
<sect>Miscellaneous<p><label id="miscellaneous">
<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant">
The CIFS protocol that Samba implements
negotiates times in various formats, all of which
are able to cope with dates beyond 2000.
</article>

924
docs/faq/Samba-meta-FAQ.txt
View File

@ -1,924 +0,0 @@
Samba meta FAQ
Dan Shearer & Paul Blackman, ictinus@samba.org
v 0.3, 7 Oct '97
This is the meta-Frequently Asked Questions (FAQ) document for Samba,
the free and very popular SMB and CIFS server product. It contains
overview information for the Samba suite of programs, a quick-start
guide, and pointers to all other Samba documentation. Other FAQs exist
for specific client and server issues, and HOWTO documents for more
extended topics to do with Samba software. Current to version Samba
1.9.17. Please send any corrections to the author.
______________________________________________________________________
Table of Contents:
1. Quick Reference Guides to Samba Documentation
1.1. Samba for the Impatient
1.2. All Samba Documentation
2. General Information
2.1. What is Samba?
2.2. What is the current version of Samba?
2.3. Where can I get it?
2.4. What do the version numbers mean?
2.5. Where can I go for further information?
2.6. How do I subscribe to the Samba Mailing Lists?
2.7. Something's gone wrong - what should I do?
2.8. How do I submit patches or bug reports?
2.9. What if I have an URGENT message for the developers?
2.10. What if I need paid-for support?
2.11. Pizza supply details
3. About the CIFS and SMB Protocols
3.1. What is the Server Message Block (SMB) Protocol?
3.2. What is the Common Internet Filesystem (CIFS)?
3.3. What is Browsing?
4. Designing A SMB and CIFS Network
4.1. Workgroups, Domains, Authentication and Browsing
4.1.1. Defining the Terms
4.1.2. Sharelevel (Workgroup) Security Services
4.1.3. Authentication Domain Mode Services
4.2. Authentication Schemes
4.2.1. NIS
4.2.2. Kerberos
4.2.3. FTP
4.2.4. Default Server Method
4.2.5. Client-side Database Only
4.3. Post-Authentication: Netlogon, Logon Scripts, Profiles
5. Cross-Protocol File Sharing
6. Miscellaneous
6.1. Is Samba Year 2000 compliant?
______________________________________________________________________
11.. QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn
We are endeavouring to provide links here to every major class of
information about Samba or things related to Samba. We cannot list
every document, but we are aiming for all documents to be at most two
referrals from those listed here. This needs constant maintaining, so
please send the author your feedback.
11..11.. SSaammbbaa ffoorr tthhee IImmppaattiieenntt
You know you should read the documentation but can't wait to start?
What you need to do then is follow the instructions in the following
documents in the order given. This should be enough to get a fairly
simple site going quickly. If you have any problems, refer back to
this meta-FAQ and follow the links to find more reading material.
GGeettttiinngg SSaammbbaa::
The fastest way to get Samba going is and install it is to have
an operating system for which the Samba team has put together an
installation package. To see if your OS is included have a look
at the directory /pub/samba/Binary_Packages/"OS_Vendor" on your
nearest mirror site <../MIRRORS>. If it is included follow the
installation instructions in the README file there and then do
some ``basic testing''. If you are not so fortunate, follow the
normal ``download instructions'' and then continue with
``building and installing Samba''.
BBuuiillddiinngg aanndd IInnssttaalllliinngg SSaammbbaa::
At the moment there are two kinds of Samba server installs
besides the prepackaged binaries mentioned in the previous step.
You need to decide if you have a Unix or close relative
<../UNIX_INSTALL.txt> or other supported operating system
<Samba-Server-FAQ.html#PortInfo>.
BBaassiicc TTeessttiinngg::
Try to connect using the supplied smbclient command-line
program. You need to know the IP hostname of your server. A
service name must be defined in smb.conf, as given in the
examples (under many operating systems if there is a homes
service you can just use a valid username.) Then type smbclient
\hostnamevicename Under most Unixes you will need to put the
parameters within quotation marks. If this works, try connecting
from one of the SMB clients you were planning to use with Samba.
DDeebbuugg sseeqquueennccee::
If you think you have completed the previous step and things
aren't working properly work through the diagnosis recipe.
<../DIAGNOSIS.txt>
EExxppoorrttiinngg ffiilleess ttoo SSMMBB cclliieennttss::
You should read the manual pages for smb.conf, but here is a
quick answer guide. <Samba-Server-FAQ.html#Exporting>
CCoonnttrroolllliinngg uusseerr aacccceessss::
the quickest and dirtiest way of sharing resources is to use
``share level security.'' If you want to spend more time and
have a proper username and password database you must read the
paragraph on ``domain mode security.'' If you want encryption
(eg you are using Windows NT clients) follow the SMB encryption
instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps>
BBrroowwssiinngg::
if you are happy to type in "\samba-serverrename" at the client
end then do not read any further. Otherwise you need to
understand the ``browsing terminology'' and read <Samba-Server-
FAQ.html#NameBrowsing>.
PPrriinnttiinngg::
See the printing quick answer guide. <Samba-Server-
FAQ.html#Printing>
If you have got everything working to this point, you can expect Samba
to be stable and secure: these are its greatest strengths. However
Samba has a great deal to offer and to go further you must do some
more reading. Speed and security optimisations, printer accounting,
network logons, roving profiles, browsing across multiple subnets and
so on are all covered either in this document or in those it refers
to.
11..22.. AAllll SSaammbbaa DDooccuummeennttaattiioonn
+o Meta-FAQ. This is the mother of all documents, and is the one you
are reading now. The latest version is always at
<http://samba.org/[.....]> but there is probably a much
nearer mirror site <../MIRRORS> which you should use instead.
+o <Samba-Server-FAQ.html> is the best starting point for information
about server-side issues. Includes configuration tips and pointers
for Samba on particular operating systems (with 40 to choose
from...)
+o <Samba-Client-FAQ.html> is the best starting point for information
about client-side issues, includes a list of all clients that are
known to work with Samba.
+o manual pages <samba-man-index.html> contains descriptions of and
links to all the Samba manual pages, in Unix man and postscript
format.
+o <samba-txt-index.html> has descriptions of and links to a large
number of text files have been contributed to samba covering many
topics. These are gradually being absorbed into the FAQs and HOWTOs
but in the meantime you might find helpful answers here.
+o
22.. GGeenneerraall IInnffoorrmmaattiioonn
All about Samba - what it is, how to get it, related sources of
information, how to understand the numbering scheme, pizza details.
22..11.. WWhhaatt iiss SSaammbbaa??
Samba is a suite of programs which work together to allow clients to
access to a server's filespace and printers via the SMB (Server
Message Block) and CIFS (Common Internet Filesystem) protocols.
Initially written for Unix, Samba now also runs on Netware, OS/2, VMS,
StratOS and Amigas. Ports to BeOS and other operating systems are
underway. Samba gives the capability for these operating systems to
behave much like a LAN Server, Windows NT Server or Pathworks machine,
only with added functionality and flexibility designed to make life
easier for administrators.
This means that using Samba you can share a server's disks and
printers to many sorts of network clients, including Lan Manager,
Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is
also a generic client program supplied as part of the Samba suite
which gives a user on the server an ftp-like interface to access
filespace and printers on any other SMB/CIFS servers.
SMB has been implemented over many protocols, including XNS, NBT, IPX,
NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to
change although there have been some requests for NetBEUI support.
Many users report that compared to other SMB implementations Samba is
more stable, faster, and compatible with more clients. Administrators
of some large installations say that Samba is the only SMB server
available which will scale to many tens of thousands of users without
crashing. The easy way to test these claims is to download it and try
it for yourself!
The suite is supplied with full source code under the GNU Public
License <../COPYING>. The GPL means that you can use Samba for
whatever purpose you wish (including changing the source or selling it
for money) but under all circumstances the source code must be made
freely available. A copy of the GPL must always be included in any
copy of the package.
The primary creator of the Samba suite is Andrew Tridgell. Later
versions incorporate much effort by many net.helpers. The man pages
and this FAQ were originally written by Karl Auer.
22..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa??
At time of writing, the current version was 1.9.17. If you want to be
sure check the bottom of the change-log file.
<ftp://samba.org/pub/samba/alpha/change-log>
For more information see ``What do the version numbers mean?''
22..33.. WWhheerree ccaann II ggeett iitt??
The Samba suite is available via anonymous ftp from samba.org
and many mirror <../MIRRORS> sites. You will get much faster
performance if you use a mirror site. The latest and greatest versions
of the suite are in the directory:
/pub/samba/
Development (read "alpha") versions, which are NOT necessarily stable
and which do NOT necessarily have accurate documentation, are
available in the directory:
/pub/samba/alpha
Note that binaries are NOT included in any of the above. Samba is
distributed ONLY in source form, though binaries may be available from
other sites. Most Linux distributions, for example, do contain Samba
binaries for that platform. The VMS, OS/2, Netware and Amiga and other
ports typically have binaries made available.
A special case is vendor-provided binary packages. Samba binaries and
default configuration files are put into packages for a specific
operating system. RedHat Linux and Sun Solaris (Sparc and x86) is
already included, and others such as OS/2 may follow. All packages are
in the directory:
/pub/samba/Binary_Packages/"OS_Vendor"
22..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann??
It is not recommended that you run a version of Samba with the word
"alpha" in its name unless you know what you are doing and are willing
to do some debugging. Many, many people just get the latest
recommended stable release version and are happy. If you are brave, by
all means take the plunge and help with the testing and development -
but don't install it on your departmental server. Samba is typically
very stable and safe, and this is mostly due to the policy of many
public releases.
How the scheme works:
1. When major changes are made the version number is increased. For
example, the transition from 1.9.16 to 1.9.17. However, this
version number will not appear immediately and people should
continue to use 1.9.15 for production systems (see next point.)
2. Just after major changes are made the software is considered
unstable, and a series of alpha releases are distributed, for
example 1.9.16alpha1. These are for testing by those who know what
they are doing. The "alpha" in the filename will hopefully scare
off those who are just looking for the latest version to install.
3. When Andrew thinks that the alphas have stabilised to the point
where he would recommend new users install it, he renames it to the
same version number without the alpha, for example 1.9.17.
4. Inevitably bugs are found in the "stable" releases and minor patch
levels are released which give us the pXX series, for example
1.9.17p2.
So the progression goes:
1.9.16p10 (production)
1.9.16p11 (production)
1.9.17alpha1 (test sites only)
:
1.9.17alpha20 (test sites only)
1.9.17 (production)
1.9.17p1 (production)
The above system means that whenever someone looks at the samba ftp
site they will be able to grab the highest numbered release without an
alpha in the name and be sure of getting the current recommended
version.
22..55.. WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn??
There are a number of places to look for more information on Samba,
including:
+o Two mailing lists devoted to discussion of Samba-related matters.
See below for subscription information.
+o The newsgroup comp.protocols.smb, which has a great deal of
discussion about Samba.
+o The WWW site 'SAMBA Web Pages' at <http://samba.org/samba/>
includes:
+o Links to man pages and documentation, including this FAQ
+o A comprehensive survey of Samba users
+o A searchable hypertext archive of the Samba mailing list
+o Links to Samba source code, binaries, and mirrors of both
+o This FAQ and the rest in its family
22..66.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss??
Send email to listproc@samba.org. Make sure the subject line is
blank, and include the following two lines in the body of the message:
subscribe samba Firstname Lastname
subscribe samba-announce Firstname Lastname
Obviously you should substitute YOUR first name for "Firstname" and
YOUR last name for "Lastname"! Try not to send any signature, it
sometimes confuses the list processor.
The samba list is a digest list - every eight hours or so it sends a
single message containing all the messages that have been received by
the list since the last time and sends a copy of this message to all
subscribers. There are thousands of people on this list.
If you stop being interested in Samba, please send another email to
listproc@samba.org. Make sure the subject line is blank, and
include the following two lines in the body of the message:
unsubscribe samba
unsubscribe samba-announce
The FFrroomm:: line in your message _M_U_S_T be the same address you used when
you subscribed.
22..77.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo??
## ****** IIMMPPOORRTTAANNTT!! ****** ##
DO NOT post messages on mailing lists or in newsgroups until you have
carried out the first three steps given here!
1. See if there are any likely looking entries in this FAQ! If you
have just installed Samba, have you run through the checklist in
DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It
can save you a lot of time and effort. DIAGNOSIS.txt can also be
found in the docs directory of the Samba distribution.
2. Read the man pages for smbd, nmbd and smb.conf, looking for topics
that relate to what you are trying to do.
3. If there is no obvious solution to hand, try to get a look at the
log files for smbd and/or nmbd for the period during which you were
having problems. You may need to reconfigure the servers to provide
more extensive debugging information - usually level 2 or level 3
provide ample debugging info. Inspect these logs closely, looking
particularly for the string "Error:".
4. If you need urgent help and are willing to pay for it see ``Paid
Support''.
If you still haven't got anywhere, ask the mailing list or newsgroup.
In general nobody minds answering questions provided you have followed
the preceding steps. It might be a good idea to scan the archives of
the mailing list, which are available through the Samba web site
described in the previous section. When you post be sure to include a
good description of your environment and your problem.
If you successfully solve a problem, please mail the FAQ maintainer a
succinct description of the symptom, the problem and the solution, so
that an explanation can be incorporated into the next version.
22..88.. HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss??
If you make changes to the source code, _p_l_e_a_s_e submit these patches so
that everyone else gets the benefit of your work. This is one of the
most important aspects to the maintainence of Samba. Send all patches
to samba@samba.org. Do not send patches to Andrew Tridgell
or any other individual, they may be lost if you do.
Patch format ------------
If you are sending a patch to fix a problem then please don't just use
standard diff format. As an example, samba@samba.org received this patch
from someone:
382a #endif 381a #if !defined(NEWS61)
How are we supposed to work out what this does and where it goes?
These sort of patches only work if we both have identical files in the
first place. The Samba sources are constantly changing at the hands of
multiple developers, so it doesn't work.
Please use either context diffs or (even better) unified diffs. You
get these using "diff -c4" or "diff -u". If you don't have a diff that
can generate these then please send manualy commented patches to I
know what is being changed and where. Most patches are applied by hand
so the info must be clear.
This is a basic guideline that will assist us with assessing your
problem more efficiently :
Machine Arch: Machine OS: OS Version: Kernel:
Compiler: Libc Version:
Samba Version:
Network Layout (description):
What else is on machine (services, etc):
Some extras :
+o what you did and what happened
+o relevant parts of a debugging output file with debuglevel higher.
If you can't find the relevant parts, please ask before mailing
huge files.
+o anything else you think is useful to trace down the bug
22..99.. WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss??
If you have spotted something very serious and believe that it is
important to contact the developers quickly send a message to samba-
urgent@samba.org. This will be processed more quickly than mail
to samba@samba.org. Please think carefully before using this address. An
example of its use might be to report a security hole.
Examples of things _n_o_t to send to samba-urgent include problems
getting Samba to work at all and bugs that cannot potentially cause
damage.
22..1100.. WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt??
Samba has a large network of consultants who provide Samba support on
a commercial basis. The list is included in the package in
<../Support.txt>, and the latest version will always be on the main
samba ftp site. Any company in the world can request that the samba
team include their details in Support.txt so we can give no guarantee
of their services.
22..1111.. PPiizzzzaa ssuuppppllyy ddeettaaiillss
Those who have registered in the Samba survey as "Pizza Factory" will
already know this, but the rest may need some help. Andrew doesn't ask
for payment, but he does appreciate it when people give him pizza.
This calls for a little organisation when the pizza donor is twenty
thousand kilometres away, but it has been done.
1. Ring up your local branch of an international pizza chain and see
if they honour their vouchers internationally. Pizza Hut do, which
is how the entire Canberra Linux Users Group got to eat pizza one
night, courtesy of someone in the US.
2. Ring up a local pizza shop in Canberra and quote a credit card
number for a certain amount, and tell them that Andrew will be
collecting it (don't forget to tell him.) One kind soul from
Germany did this.
3. Purchase a pizza voucher from your local pizza shop that has no
international affiliations and send it to Andrew. It is completely
useless but he can hang it on the wall next to the one he already
has from Germany :-)
4. Air freight him a pizza with your favourite regional flavours. It
will probably get stuck in customs or torn apart by hungry sniffer
dogs but it will have been a noble gesture.
33.. AAbboouutt tthhee CCIIFFSS aanndd SSMMBB PPrroottooccoollss
33..11.. WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll??
SMB is a filesharing protocol that has had several maintainers and
contributors over the years including Xerox, 3Com and most recently
Microsoft. Names for this protocol include LAN Manager and Microsoft
Networking. Parts of the specification has been made public at several
versions including in an X/Open document, as listed at
<ftp://ftp.microsoft.com/developr/drg/CIFS/>. No specification
releases were made between 1992 and 1996, and during that period
Microsoft became the SMB implementor with the largest market share.
Microsoft developed the specification further for its products but for
various reasons connected with developer's workload rather than market
strategy did not make the changes public. This culminated with the
"Windows NT 0.12" version released with NT 3.5 in 1995 which had
significant improvements and bugs. Because Microsoft client systems
are so popular, it is fair to say that what Microsoft with Windows
affects all suppliers of SMB server products.
From 1994 Andrew Tridgell began doing some serious work on his
Smbserver (now Samba) product and with some helpers started to
implement more and more of these protocols. Samba began to take a
significant share of the SMB server market.
33..22.. WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))??
The initial pressure for Microsoft to document their current SMB
implementation came from the Samba team, who kept coming across things
on the wire that Microsoft either didn't know about or hadn't
documented anywhere (even in the sourcecode to Windows NT.) Then Sun
Microsystems came out with their WebNFS initiative, designed to
replace FTP for file transfers on the Internet. There are many
drawbacks to WebNFS (including its scope - it aims to replace HTTP as
well!) but the concept was attractive. FTP is not very clever, and why
should it be harder to get files from across the world than across the
room?
Some hasty revisions were made and an Internet Draft for the Common
Internet Filesystem (CIFS) was released. Note that CIFS is not an
Internet standard and is a very long way from becoming one, BUT the
protocol specification is in the public domain and ongoing discussions
concerning the spec take place on a public mailing list according to
the rules of the Internet Engineering Task Force. For more information
and pointers see <http://samba.org/cifs/>
The following is taken from <http://www.microsoft.com/intdev/cifs/>
CIFS defines a standard remote file system access protocol for use
over the Internet, enabling groups of users to work together and
share documents across the Internet or within their corporate
intranets. CIFS is an open, cross-platform technology based on the
native file-sharing protocols built into Microsoft Windows and
other popular PC operating systems, and supported on dozens of
other platforms, including UNIX. With CIFS, millions of computer
users can open and share remote files on the Internet without having
to install new software or change the way they work."
If you consider CIFS as a backwardsly-compatible refinement of SMB
that will work reasonably efficiently over the Internet you won't be
too far wrong.
The net effect is that Microsoft is now documenting large parts of
their Windows NT fileserver protocols. The security concepts embodied
in Windows NT are part of the specification, which is why Samba
documentation often talks in terms of Windows NT. However there is no
reason why a site shouldn't conduct all its file and printer sharing
with CIFS and yet have no Microsoft products at all.
33..33.. WWhhaatt iiss BBrroowwssiinngg??
The term "Browsing" causes a lot of confusion. It is the part of the
SMB/CIFS protocol which allows for resource discovery. For example, in
the Windows NT Explorer it is possible to see a "Network
Neighbourhood" of computers in the same SMB workgroup. Clicking on the
name of one of these machines brings up a list of file and printer
resources for connecting to. In this way you can cruise the network,
seeing what things are available. How this scales to the Internet is a
subject for debate. Look at the CIFS list archives to see what the
experts think.
44.. DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk
The big issues for installing any network of LAN or WAN file and print
servers are
+o How and where usernames, passwords and other security information
is stored
+o What method can be used for locating the resources that users have
permission to use
+o What protocols the clients can converse with
If you buy Netware, Windows NT or just about any other LAN fileserver
product you are expected to lock yourself into the product's preferred
answers to these questions. This tendancy is restrictive and often
very expensive for a site where there is only one kind of client or
server, and for sites with a mixture of operating systems it often
makes it impossible to share resources between some sets of users.
The Samba philosophy is to make things as easy as possible for
administators, which means allowing as many combinations of clients,
servers, operating systems and protocols as possible.
44..11.. WWoorrkkggrroouuppss,, DDoommaaiinnss,, AAuutthheennttiiccaattiioonn aanndd BBrroowwssiinngg
From the point of view of networking implementation, Domains and
Workgroups are _e_x_a_c_t_l_y the same, except for the client logon sequence.
Some kind of distributed authentication database is associated with a
domain (there are quite a few choices) and this adds so much
flexibility that many people think of a domain as a completely
different entity to a workgroup. From Samba's point of view a client
connecting to a service presents an authentication token, and it if it
is valid they have access. Samba does not care what mechanism was used
to generate that token in the first place.
The SMB client logging on to a domain has an expectation that every
other server in the domain should accept the same authentication
information. However the network browsing functionality of domains
and workgroups is identical and is explained in <../BROWSING.txt>.
There are some implementation differences: Windows 95 can be a member
of both a workgroup and a domain, but Windows NT cannot. Windows 95
also has the concept of an "alternative workgroup". Samba can only be
a member of a single workgroup or domain, although this is due to
change with a future version when nmbd will be split into two daemons,
one for WINS and the other for browsing ( <../NetBIOS.txt> explains
what WINS is.)
44..11..11.. DDeeffiinniinngg tthhee TTeerrmmss
WWoorrkkggrroouupp
means a collection of machines that maintain a common browsing
database containing information about their shared resources.
They do not necessarily have any security information in common
(if they do, it gets called a Domain.) The browsing database is
dynamic, modified as servers come and go on the network and as
resources are added or deleted. The term "browsing" refers to a
user accessing the database via whatever interface the client
provides, eg the OS/2 Workplace Shell or Windows 95 Explorer.
SMB servers agree between themselves as to which ones will
maintain the browsing database. Workgroups can be anywhere on a
connected TCP/IP network, including on different subnets or even
on the Interet. This is a very tricky part of SMB to implement.
MMaasstteerr BBrroowwsseerrss
are machines which holds the master browsing database for a
workgroup or domain. There are two kinds of Master Browser:
+o Domain Master Browser, which holds the master browsing
information for an entire domain, which may well cross multiple
TCP/IP subnets.
+o Local Master Browser, which holds the master browsing database
for a particular subnet and communicates with the Domain Master
Browser to get information on other subnets.
Subnets are differentiated because browsing is based on
broadcasts, and broadcasts do not pass through routers. Subnets
are not routed: while it is possible to have more than one
subnet on a single network segment this is regarded as very bad
practice.
Master Browsers (both Domain and Local) are elected dynamically
according to an algorithm which is supposed to take into account
the machine's ability to sustain the browsing load. Samba can be
configured to always act as a master browser, ie it always wins
elections under all circumstances, even against systems such as
a Windows NT Primary Domain Controller which themselves expect
to win.
There are also Backup Browsers which are promoted to Master
Browsers in the event of a Master Browser disappearing from the
network.
Alternative terms include confusing variations such as "Browse
Master", and "Master Browser" which we are trying to eliminate
from the Samba documentation.
DDoommaaiinn CCoonnttrroolllleerr
is a term which comes from the Microsoft and IBM etc
implementation of the LAN Manager protocols. It is tied to
authentication. There are other ways of doing domain
authentication, but the Windows NT method has a large market
share. The general issues are discussed in <../DOMAIN.txt> and
a Windows NT-specific discussion is in <../DOMAIN_CONTROL.txt>.
44..11..22.. SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess
With the Samba setting "security = SHARE", all shared resources
information about what password is associated with them but only hints
as to what usernames might be valid (the hint can be 'all users', in
which case any username will work. This is usually a bad idea, but
reflects both the initial implementations of SMB in the mid-80s and
its reincarnation with Windows for Workgroups in 1992. The idea behind
workgroup security was that small independant groups of people could
share information on an ad-hoc basis without there being an
authentication infrastructure present or requiring them to do more
than fill in a dialogue box.
44..11..33.. AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess
With the Samba settings "security = USER" or "security = SERVER"
accesses to all resources are checked for username/password pair
matches in a more rigorous manner. To the client, this has the effect
of emulating a Microsoft Domain. The client is not concerned whether
or not Samba looks up a Windows NT SAM or does it in some other way.
44..22.. AAuutthheennttiiccaattiioonn SScchheemmeess
In the simple case authentication information is stored on a single
server and the user types a password on connecting for the first time.
However client operating systems often require a password before they
can be used at all, and in addition users usually want access to more
than one server. Asking users to remember many different passwords in
different contexts just does not work. Some kind of distributed
authentication database is needed. It must cope with password changes
and provide for assigning groups of users the same level of access
permissions. This is why Samba installations often choose to implement
a Domain model straight away.
Authentication decisions are some of the biggest in designing a
network. Are you going to use a scheme native to the client operating
system, native to the server operating system, or newly installed on
both? A list of options relevant to Samba (ie that make sense in the
context of the SMB protocol) follows. Any experiences with other
setups would be appreciated. refer to server FAQ for "passwd chat"
passwd program password server etc etc...
44..22..11.. NNIISS
For Windows 95, Windows for Workgroups and most other clients Samba
can be a domain controller and share the password database via NIS
transparently. Windows NT is different. Free NIS NT client
<http://www.dcs.qmw.ac.uk/~williams>
44..22..22.. KKeerrbbeerrooss
Kerberos for US users only: Kerberos overview
<http://www.cygnus.com/product/unifying-security.html> Download
Kerberos <http://www.cygnus.com/product/kerbnet-download.html>
44..22..33.. FFTTPP
Other NT w/s logon hack via NT
44..22..44.. DDeeffaauulltt SSeerrvveerr MMeetthhoodd
44..22..55.. CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy
44..33.. PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess
See <../DOMAIN.txt>
55.. CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg
Samba is an important tool for...
It is possible to...
File protocol gateways...
"Setting up a Linux File Server"
http://vetrec.mit.edu/people/narf/linux.html
Two free implementations of Appletalk for Unix are Netatalk,
<http://www.umich.edu/~rsug/netatalk/>, and CAP,
<http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS
Windows users, these packages offer to Macs. For more info on these
packages, Samba, and Linux (and other UNIX-based systems) see
<http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework
66.. MMiisscceellllaanneeoouuss
66..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt??
The CIFS protocol that Samba implements negotiates times in various
formats, all of which are able to cope with dates beyond 2000.

392
docs/faq/sambafaq-1.html
View File

@ -1,392 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba FAQ: General Information</TITLE>
</HEAD>
<BODY>
Previous
<A HREF="sambafaq-2.html">Next</A>
<A HREF="sambafaq.html#toc1">Table of Contents</A>
<HR>
<H2><A NAME="s1">1. General Information</A></H2>
<P>
<A NAME="general_info"></A>
</P>
<P>All about Samba - what it is, how to get it, related sources of
information, how to understand the version numbering scheme, pizza
details</P>
<H2><A NAME="ss1.1">1.1 What is Samba? </A></H2>
<P>
<A NAME="introduction"></A>
Samba is a suite of programs which work together to allow clients to
access to a server's filespace and printers via the SMB (Server
Message Block) protocol. Initially written for Unix, Samba now also
runs on Netware, OS/2 and VMS.</P>
<P>In practice, this means that you can redirect disks and printers to
Unix disks and printers from Lan Manager clients, Windows for
Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2
clients. There is also a generic Unix client program supplied as part
of the suite which allows Unix users to use an ftp-like interface to
access filespace and printers on any other SMB servers. This gives the
capability for these operating systems to behave much like a LAN
Server or Windows NT Server machine, only with added functionality and
flexibility designed to make life easier for administrators.</P>
<P>The components of the suite are (in summary):</P>
<P>
<UL>
<LI><B>smbd</B>, the SMB server. This handles actual connections from clients, doing all the file, permission and username work</LI>
<LI><B>nmbd</B>, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba</LI>
<LI><B>smbclient</B>, the Unix-hosted client program</LI>
<LI><B>smbrun</B>, a little 'glue' program to help the server run external programs</LI>
<LI><B>testprns</B>, a program to test server access to printers</LI>
<LI><B>testparms</B>, a program to test the Samba configuration file for correctness</LI>
<LI><B>smb.conf</B>, the Samba configuration file</LI>
<LI><B>smbprint</B>, a sample script to allow a Unix host to use smbclient to print to an SMB server</LI>
<LI><B>Documentation!</B> DON'T neglect to read it - you will save a great deal of time!</LI>
</UL>
</P>
<P>The suite is supplied with full source (of course!) and is GPLed.</P>
<P>The primary creator of the Samba suite is Andrew Tridgell. Later
versions incorporate much effort by many net.helpers. The man pages
and this FAQ were originally written by Karl Auer.</P>
<H2><A NAME="ss1.2">1.2 What is the current version of Samba? </A></H2>
<P>
<A NAME="current_version"></A>
At time of writing, the current version was 1.9.17. If you want to be
sure check the bottom of the change-log file.
<A HREF="ftp://samba.org/pub/samba/alpha/change-log">ftp://samba.org/pub/samba/alpha/change-log</A></P>
<P>For more information see
<A HREF="#version_nums">What do the version numbers mean?</A></P>
<H2><A NAME="ss1.3">1.3 Where can I get it? </A></H2>
<P>
<A NAME="where"></A>
The Samba suite is available via anonymous ftp from
samba.org. The latest and greatest versions of the suite are in
the directory:</P>
<P>/pub/samba/</P>
<P>Development (read "alpha") versions, which are NOT necessarily stable
and which do NOT necessarily have accurate documentation, are
available in the directory:</P>
<P>/pub/samba/alpha</P>
<P>Note that binaries are NOT included in any of the above. Samba is
distributed ONLY in source form, though binaries may be available from
other sites. Recent versions of some Linux distributions, for example,
do contain Samba binaries for that platform.</P>
<H2><A NAME="ss1.4">1.4 What do the version numbers mean? </A></H2>
<P>
<A NAME="version_nums"></A>
It is not recommended that you run a version of Samba with the word
"alpha" in its name unless you know what you are doing and are willing
to do some debugging. Many, many people just get the latest
recommended stable release version and are happy. If you are brave, by
all means take the plunge and help with the testing and development -
but don't install it on your departmental server. Samba is typically
very stable and safe, and this is mostly due to the policy of many
public releases.</P>
<P>How the scheme works:
<OL>
<LI>When major changes are made the version number is increased. For
example, the transition from 1.9.15 to 1.9.16. However, this version
number will not appear immediately and people should continue to use
1.9.15 for production systems (see next point.)
</LI>
<LI>Just after major changes are made the software is considered
unstable, and a series of alpha releases are distributed, for example
1.9.16alpha1. These are for testing by those who know what they are
doing. The "alpha" in the filename will hopefully scare off those who
are just looking for the latest version to install.
</LI>
<LI>When Andrew thinks that the alphas have stabilised to the point
where he would recommend new users install it, he renames it to the
same version number without the alpha, for example 1.9.16.
</LI>
<LI>Inevitably bugs are found in the "stable" releases and minor patch
levels are released which give us the pXX series, for example 1.9.16p2.</LI>
</OL>
So the progression goes:
<PRE>
1.9.15p7 (production)
1.9.15p8 (production)
1.9.16alpha1 (test sites only)
:
1.9.16alpha20 (test sites only)
1.9.16 (production)
1.9.16p1 (production)
</PRE>
The above system means that whenever someone looks at the samba ftp
site they will be able to grab the highest numbered release without an
alpha in the name and be sure of getting the current recommended
version.</P>
<H2><A NAME="ss1.5">1.5 What platforms are supported? </A></H2>
<P>
<A NAME="platforms"></A>
Many different platforms have run Samba successfully. The platforms
most widely used and thus best tested are Linux and SunOS.</P>
<P>At time of writing, the Makefile claimed support for:
<UL>
<LI> A/UX 3.0</LI>
<LI> AIX</LI>
<LI> Altos Series 386/1000</LI>
<LI> Amiga</LI>
<LI> Apollo Domain/OS sr10.3</LI>
<LI> BSDI </LI>
<LI> B.O.S. (Bull Operating System)</LI>
<LI> Cray, Unicos 8.0</LI>
<LI> Convex</LI>
<LI> DGUX. </LI>
<LI> DNIX.</LI>
<LI> FreeBSD</LI>
<LI> HP-UX</LI>
<LI> Intergraph. </LI>
<LI> Linux with/without shadow passwords and quota</LI>
<LI> LYNX 2.3.0</LI>
<LI> MachTen (a unix like system for Macintoshes)</LI>
<LI> Motorola 88xxx/9xx range of machines</LI>
<LI> NetBSD</LI>
<LI> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</LI>
<LI> OS/2 using EMX 0.9b</LI>
<LI> OSF1</LI>
<LI> QNX 4.22</LI>
<LI> RiscIX. </LI>
<LI> RISCOs 5.0B</LI>
<LI> SEQUENT. </LI>
<LI> SCO (including: 3.2v2, European dist., OpenServer 5)</LI>
<LI> SGI.</LI>
<LI> SMP_DC.OSx v1.1-94c079 on Pyramid S series</LI>
<LI> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</LI>
<LI> SUNOS 4</LI>
<LI> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</LI>
<LI> Sunsoft ISC SVR3V4</LI>
<LI> SVR4</LI>
<LI> System V with some berkely extensions (Motorola 88k R32V3.2).</LI>
<LI> ULTRIX.</LI>
<LI> UNIXWARE</LI>
<LI> UXP/DS</LI>
</UL>
</P>
<H2><A NAME="ss1.6">1.6 How can I find out more about Samba? </A></H2>
<P>
<A NAME="more"></A>
There are a number of places to look for more information on Samba, including:
<UL>
<LI>Two mailing lists devoted to discussion of Samba-related matters. </LI>
<LI>The newsgroup, comp.protocols.smb, which has a great deal of discussion on Samba. </LI>
<LI>The WWW site 'SAMBA Web Pages' at
<A HREF="http://samba.edu.au/samba/">http://samba.edu.au/samba/</A> includes:
<UL>
<LI>Links to man pages and documentation, including this FAQ</LI>
<LI>A comprehensive survey of Samba users.</LI>
<LI>A searchable hypertext archive of the Samba mailing list.</LI>
<LI>Links to Samba source code, binaries, and mirrors of both.</LI>
</UL>
</LI>
<LI>The long list of topic documentation. These files can be found in the 'docs' directory of the Samba source, or at
<A HREF="ftp://samba.org/pub/samba/docs/">ftp://samba.org/pub/samba/docs/</A>
<UL>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/Application_Serving.txt">Application_Serving.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/BROWSING.txt">BROWSING.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/BUGS.txt">BUGS.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt">DIAGNOSIS.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/DNIX.txt">DNIX.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/DOMAIN.txt">DOMAIN.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt">CONTROL.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt">ENCRYPTION.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/Faxing.txt">Faxing.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/GOTCHAS.txt">GOTCHAS.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/HINTS.txt">HINTS.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/INSTALL.sambatar">INSTALL.sambatar</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/INSTALL.txt">INSTALL.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/MIRRORS">MIRRORS</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/NetBIOS.txt">NetBIOS.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/OS2.txt">OS2.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/PROJECTS">PROJECTS</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/Passwords.txt">Passwords.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/Printing.txt">Printing.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/README.DCEDFS">README.DCEDFS</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/README.OS2">README.OS2</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/README.jis">README.jis</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/README.sambatar">README.sambatar</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/SCO.txt">SCO.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/SMBTAR.notes">SMBTAR.notes</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/Speed.txt">Speed.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/Support.txt">Support.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/THANKS">THANKS</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/Tracing.txt">Tracing.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/UNIX-SMB.txt">SMB.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/Warp.txt">Warp.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/WinNT.txt">WinNT.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/history">history</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/security_level.txt">level.txt</A></LI>
<LI>
<A HREF="ftp://samba.org/pub/samba/docs/wfw_slip.htm">slip.htm</A></LI>
</UL>
</LI>
</UL>
</P>
<H2><A NAME="ss1.7">1.7 How do I subscribe to the Samba Mailing Lists?</A></H2>
<P>
<A NAME="mailinglist"></A>
Send email to
<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is
blank, and include the following two lines in the body of the message:
<BLOCKQUOTE><CODE>
<PRE>
subscribe samba Firstname Lastname
subscribe samba-announce Firstname Lastname
</PRE>
</CODE></BLOCKQUOTE>
Obviously you should substitute YOUR first name for "Firstname" and
YOUR last name for "Lastname"! Try not to send any signature stuff, it
sometimes confuses the list processor.</P>
<P>The samba list is a digest list - every eight hours or so it
regurgitates a single message containing all the messages that have
been received by the list since the last time and sends a copy of this
message to all subscribers.</P>
<P>If you stop being interested in Samba, please send another email to
<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank, and
include the following two lines in the body of the message:
<BLOCKQUOTE><CODE>
<PRE>
unsubscribe samba
unsubscribe samba-announce
</PRE>
</CODE></BLOCKQUOTE>
The <B>From:</B> line in your message <EM>MUST</EM> be the same address you used when
you subscribed.</P>
<H2><A NAME="ss1.8">1.8 Something's gone wrong - what should I do? </A></H2>
<P>
<A NAME="wrong"></A>
<B><F>#</F> *** IMPORTANT! *** <F>#</F></B></P>
<P>DO NOT post messages on mailing lists or in newsgroups until you have
carried out the first three steps given here!</P>
<P>Firstly, see if there are any likely looking entries in this FAQ! If
you have just installed Samba, have you run through the checklist in
<A HREF="ftp://samba.org/pub/samba/DIAGNOSIS.txt">DIAGNOSIS.txt</A>? It can save you a lot of time and effort.
DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution.</P>
<P>Secondly, read the man pages for smbd, nmbd and smb.conf, looking for
topics that relate to what you are trying to do.</P>
<P>Thirdly, if there is no obvious solution to hand, try to get a look at
the log files for smbd and/or nmbd for the period during which you
were having problems. You may need to reconfigure the servers to
provide more extensive debugging information - usually level 2 or
level 3 provide ample debugging info. Inspect these logs closely,
looking particularly for the string "Error:".</P>
<P>Fourthly, if you still haven't got anywhere, ask the mailing list or
newsgroup. In general nobody minds answering questions provided you
have followed the preceding steps. It might be a good idea to scan the
archives of the mailing list, which are available through the Samba
web site described in the previous
section.</P>
<P>If you successfully solve a problem, please mail the FAQ maintainer a
succinct description of the symptom, the problem and the solution, so
I can incorporate it in the next version.</P>
<P>If you make changes to the source code, _please_ submit these patches
so that everyone else gets the benefit of your work. This is one of
the most important aspects to the maintainence of Samba. Send all
patches to
<A HREF="mailto:samba@samba.org">samba@samba.org</A>. Do not send patches to Andrew Tridgell or any
other individual, they may be lost if you do.</P>
<H2><A NAME="ss1.9">1.9 Pizza supply details </A></H2>
<P>
<A NAME="pizza"></A>
Those who have registered in the Samba survey as "Pizza Factory" will
already know this, but the rest may need some help. Andrew doesn't ask
for payment, but he does appreciate it when people give him
pizza. This calls for a little organisation when the pizza donor is
twenty thousand kilometres away, but it has been done.</P>
<P>Method 1: Ring up your local branch of an international pizza chain
and see if they honour their vouchers internationally. Pizza Hut do,
which is how the entire Canberra Linux Users Group got to eat pizza
one night, courtesy of someone in the US</P>
<P>Method 2: Ring up a local pizza shop in Canberra and quote a credit
card number for a certain amount, and tell them that Andrew will be
collecting it (don't forget to tell him.) One kind soul from Germany
did this.</P>
<P>Method 3: Purchase a pizza voucher from your local pizza shop that has
no international affiliations and send it to Andrew. It is completely
useless but he can hang it on the wall next to the one he already has
from Germany :-)</P>
<P>Method 4: Air freight him a pizza with your favourite regional
flavours. It will probably get stuck in customs or torn apart by
hungry sniffer dogs but it will have been a noble gesture.</P>
<HR>
Previous
<A HREF="sambafaq-2.html">Next</A>
<A HREF="sambafaq.html#toc1">Table of Contents</A>
</BODY>
</HTML>

236
docs/faq/sambafaq-2.html
View File

@ -1,236 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba FAQ: Compiling and installing Samba on a Unix host</TITLE>
</HEAD>
<BODY>
<A HREF="sambafaq-1.html">Previous</A>
<A HREF="sambafaq-3.html">Next</A>
<A HREF="sambafaq.html#toc2">Table of Contents</A>
<HR>
<H2><A NAME="s2">2. Compiling and installing Samba on a Unix host</A></H2>
<P>
<A NAME="unix_install"></A>
</P>
<H2><A NAME="ss2.1">2.1 I can't see the Samba server in any browse lists!</A></H2>
<P>
<A NAME="no_browse"></A>
See BROWSING.txt for more information on browsing. BROWSING.txt can
be found in the docs directory of the Samba source.</P> <P>If your GUI
client does not permit you to select non-browsable servers, you may
need to do so on the command line. For example, under Lan Manager you
might connect to the above service as disk drive M: thusly:
<BLOCKQUOTE><CODE>
<PRE>
net use M: \\mary\fred
</PRE>
</CODE></BLOCKQUOTE>
The details of how to do this and the specific syntax varies from
client to client - check your client's documentation.</P>
<H2><A NAME="ss2.2">2.2 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A></H2>
<P>
<A NAME="missing_files"></A>
See the next question.</P>
<H2><A NAME="ss2.3">2.3 Some files on the server show up with really wierd filenames when I view the files from my client! </A></H2>
<P>
<A NAME="strange_filenames"></A>
If you check what files are not showing up, you will note that they
are files which contain upper case letters or which are otherwise not
DOS-compatible (ie, they are not legal DOS filenames for some reason).</P>
<P>The Samba server can be configured either to ignore such files
completely, or to present them to the client in "mangled" form. If you
are not seeing the files at all, the Samba server has most likely been
configured to ignore them. Consult the man page smb.conf(5) for
details of how to change this - the parameter you need to set is
"mangled names = yes".</P>
<H2><A NAME="ss2.4">2.4 My client reports "cannot locate specified computer" or similar</A></H2>
<P>
<A NAME="cant_see_server"></A>
This indicates one of three things: You supplied an incorrect server
name, the underlying TCP/IP layer is not working correctly, or the
name you specified cannot be resolved.</P>
<P>After carefully checking that the name you typed is the name you
should have typed, try doing things like pinging a host or telnetting
to somewhere on your network to see if TCP/IP is functioning OK. If it
is, the problem is most likely name resolution.</P>
<P>If your client has a facility to do so, hardcode a mapping between the
hosts IP and the name you want to use. For example, with Man Manager
or Windows for Workgroups you would put a suitable entry in the file
LMHOSTS. If this works, the problem is in the communication between
your client and the netbios name server. If it does not work, then
there is something fundamental wrong with your naming and the solution
is beyond the scope of this document.</P>
<P>If you do not have any server on your subnet supplying netbios name
resolution, hardcoded mappings are your only option. If you DO have a
netbios name server running (such as the Samba suite's nmbd program),
the problem probably lies in the way it is set up. Refer to Section
Two of this FAQ for more ideas.</P>
<P>By the way, remember to REMOVE the hardcoded mapping before further
tests :-) </P>
<H2><A NAME="ss2.5">2.5 My client reports "cannot locate specified share name" or similar</A></H2>
<P>
<A NAME="cant_see_share"></A>
This message indicates that your client CAN locate the specified
server, which is a good start, but that it cannot find a service of
the name you gave.</P>
<P>The first step is to check the exact name of the service you are
trying to connect to (consult your system administrator). Assuming it
exists and you specified it correctly (read your client's doco on how
to specify a service name correctly), read on:</P>
<P>
<UL>
<LI> Many clients cannot accept or use service names longer than eight characters.</LI>
<LI> Many clients cannot accept or use service names containing spaces.</LI>
<LI> Some servers (not Samba though) are case sensitive with service names.</LI>
<LI> Some clients force service names into upper case.</LI>
</UL>
</P>
<H2><A NAME="ss2.6">2.6 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A></H2>
<P>
<A NAME="cant_see_net"></A>
Nothing is wrong - Samba does not implement the primary domain name
controller stuff for several reasons, including the fact that the
whole concept of a primary domain controller and "logging in to a
network" doesn't fit well with clients possibly running on multiuser
machines (such as users of smbclient under Unix). Having said that,
several developers are working hard on building it in to the next
major version of Samba. If you can contribute, send a message to
<A HREF="mailto:samba@samba.org">samba@samba.org</A> !</P>
<P>Seeing this message should not affect your ability to mount redirected
disks and printers, which is really what all this is about.</P>
<P>For many clients (including Windows for Workgroups and Lan Manager),
setting the domain to STANDALONE at least gets rid of the message.</P>
<H2><A NAME="ss2.7">2.7 Printing doesn't work :-(</A></H2>
<P>
<A NAME="no_printing"></A>
Make sure that the specified print command for the service you are
connecting to is correct and that it has a fully-qualified path (eg.,
use "/usr/bin/lpr" rather than just "lpr").</P>
<P>Make sure that the spool directory specified for the service is
writable by the user connected to the service. In particular the user
"nobody" often has problems with printing, even if it worked with an
earlier version of Samba. Try creating another guest user other than
"nobody".</P>
<P>Make sure that the user specified in the service is permitted to use
the printer.</P>
<P>Check the debug log produced by smbd. Search for the printer name and
see if the log turns up any clues. Note that error messages to do with
a service ipc$ are meaningless - they relate to the way the client
attempts to retrieve status information when using the LANMAN1
protocol.</P>
<P>If using WfWg then you need to set the default protocol to TCP/IP, not
Netbeui. This is a WfWg bug.</P>
<P>If using the Lanman1 protocol (the default) then try switching to
coreplus. Also not that print status error messages don't mean
printing won't work. The print status is received by a different
mechanism.</P>
<H2><A NAME="ss2.8">2.8 My programs install on the server OK, but refuse to work properly</A></H2>
<P>
<A NAME="programs_wont_run"></A>
There are numerous possible reasons for this, but one MAJOR
possibility is that your software uses locking. Make sure you are
using Samba 1.6.11 or later. It may also be possible to work around
the problem by setting "locking=no" in the Samba configuration file
for the service the software is installed on. This should be regarded
as a strictly temporary solution.</P>
<P>In earlier Samba versions there were some difficulties with the very
latest Microsoft products, particularly Excel 5 and Word for Windows
6. These should have all been solved. If not then please let Andrew
Tridgell know via email at
<A HREF="mailto:samba@samba.org">samba@samba.org</A>.</P>
<H2><A NAME="ss2.9">2.9 My "server string" doesn't seem to be recognised</A></H2>
<P>
<A NAME="bad_server_string"></A>
OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
of what I have changed it to in the smb.conf file.</P>
<P>You need to use the -C option in nmbd. The "server string" affects
what smbd puts out and -C affects what nmbd puts out.</P>
<P>Current versions of Samba (1.9.16 +) have combined these options into
the "server string" field of smb.conf, -C for nmbd is now obsolete.</P>
<H2><A NAME="ss2.10">2.10 My client reports "This server is not configured to list shared resources" </A></H2>
<P>
<A NAME="cant_list_shares"></A>
Your guest account is probably invalid for some reason. Samba uses the
guest account for browsing in smbd. Check that your guest account is
valid.</P>
<P>See also 'guest account' in smb.conf man page.</P>
<H2><A NAME="ss2.11">2.11 Log message "you appear to have a trapdoor uid system" </A></H2>
<P>
<A NAME="trapdoor_uid"></A>
This can have several causes. It might be because you are using a uid
or gid of 65535 or -1. This is a VERY bad idea, and is a big security
hole. Check carefully in your /etc/passwd file and make sure that no
user has uid 65535 or -1. Especially check the "nobody" user, as many
broken systems are shipped with nobody setup with a uid of 65535.</P>
<P>It might also mean that your OS has a trapdoor uid/gid system :-)</P>
<P>This means that once a process changes effective uid from root to
another user it can't go back to root. Unfortunately Samba relies on
being able to change effective uid from root to non-root and back
again to implement its security policy. If your OS has a trapdoor uid
system this won't work, and several things in Samba may break. Less
things will break if you use user or server level security instead of
the default share level security, but you may still strike
problems.</P>
<P>The problems don't give rise to any security holes, so don't panic,
but it does mean some of Samba's capabilities will be unavailable.
In particular you will not be able to connect to the Samba server as
two different uids at once. This may happen if you try to print as a
"guest" while accessing a share as a normal user. It may also affect
your ability to list the available shares as this is normally done as
the guest user.</P>
<P>Complain to your OS vendor and ask them to fix their system.</P>
<P>Note: the reason why 65535 is a VERY bad choice of uid and gid is that
it casts to -1 as a uid, and the setreuid() system call ignores (with
no error) uid changes to -1. This means any daemon attempting to run
as uid 65535 will actually run as root. This is not good!</P>
<HR>
<A HREF="sambafaq-1.html">Previous</A>
<A HREF="sambafaq-3.html">Next</A>
<A HREF="sambafaq.html#toc2">Table of Contents</A>
</BODY>
</HTML>

322
docs/faq/sambafaq-3.html
View File

@ -1,322 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba FAQ: Common client questions</TITLE>
</HEAD>
<BODY>
<A HREF="sambafaq-2.html">Previous</A>
<A HREF="sambafaq-4.html">Next</A>
<A HREF="sambafaq.html#toc3">Table of Contents</A>
<HR>
<H2><A NAME="s3">3. Common client questions</A></H2>
<P>
<A NAME="client_questions"></A>
</P>
<H2><A NAME="ss3.1">3.1 Are there any Macintosh clients for Samba?</A></H2>
<P>
<A NAME="mac_clients"></A>
Yes! Thursby now have a CIFS Client / Server called DAVE - see
<A HREF="http://www.thursby.com/">http://www.thursby.com/</A>.
They test it against Windows 95, Windows NT and samba for compatibility issues.
At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available
as a free download from the Thursby web site (the speed of finder copies has
been greatly enhanced, and there are bug-fixes included).</P>
<P>Alternatives - There are two free implementations of AppleTalk for
several kinds of UNIX machnes, and several more commercial ones.
These products allow you to run file services and print services
natively to Macintosh users, with no additional support required on
the Macintosh. The two free omplementations are Netatalk,
<A HREF="http://www.umich.edu/~rsug/netatalk/">http://www.umich.edu/~rsug/netatalk/</A>, and CAP,
<A HREF="http://www.cs.mu.oz.au/appletalk/atalk.html">http://www.cs.mu.oz.au/appletalk/atalk.html</A>. What Samba offers
MS Windows users, these packages offer to Macs. For more info on
these packages, Samba, and Linux (and other UNIX-based systems)
see
<A HREF="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html</A></P>
<H2><A NAME="ss3.2">3.2 "Session request failed (131,130)" error</A></H2>
<P>
<A NAME="sess_req_fail"></A>
The following answer is provided by John E. Miller:</P>
<P>I'll assume that you're able to ping back and forth between the
machines by IP address and name, and that you're using some security
model where you're confident that you've got user IDs and passwords
right. The logging options (-d3 or greater) can help a lot with that.
DNS and WINS configuration can also impact connectivity as well.</P>
<P>Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network
configuration (I'm too much of an NT bigot to know where it's located
in the Win95 setup, but I'll have to learn someday since I teach for a
Microsoft Solution Provider Authorized Tech Education Center - what an
acronym...) <F>Note: It's under Control Panel | Network | TCP/IP | WINS
Configuration</F> there's a little text entry field called something like
'Scope ID'.</P>
<P>This field essentially creates 'invisible' sub-workgroups on the same
wire. Boxes can only see other boxes whose Scope IDs are set to the
exact same value - it's sometimes used by OEMs to configure their
boxes to browse only other boxes from the same vendor and, in most
environments, this field should be left blank. If you, in fact, have
something in this box that EXACT value (case-sensitive!) needs to be
provided to smbclient and nmbd as the -i (lowercase) parameter. So, if
your Scope ID is configured as the string 'SomeStr' in Win95 then
you'd have to use smbclient -iSomeStr <F>otherparms</F> in connecting to
it.</P>
<H2><A NAME="ss3.3">3.3 How do I synchronise my PC's clock with my Samba server? </A></H2>
<P>
<A NAME="synchronise_clock"></A>
To syncronize your PC's clock with your Samba server:
<UL>
<LI> Copy timesync.pif to your windows directory</LI>
<LI> timesync.pif can be found at:
<A HREF="http://samba.org/samba/binaries/miscellaneous/timesync.pif">http://samba.org/samba/binaries/miscellaneous/timesync.pif</A></LI>
<LI> Add timesync.pif to your 'Start Up' group/folder</LI>
<LI> Open the properties dialog box for the program/icon</LI>
<LI> Make sure the 'Run Minimized' option is set in program 'Properties'</LI>
<LI> Change the command line section that reads <F>\\sambahost</F> to reflect the name of your server.</LI>
<LI> Close the properties dialog box by choosing 'OK'</LI>
</UL>
Each time you start your computer (or login for Win95) your PC will
synchronize its clock with your Samba server.</P>
<P>Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba
- see:
<A HREF="ftp://samba.org/pub/samba/docs/BROWSING.txt">BROWSING.txt</A> *** for more information.</P>
<P>Then add
<BLOCKQUOTE><CODE>
<PRE>
NET TIME \\%L /SET /YES
</PRE>
</CODE></BLOCKQUOTE>
as one of the lines in the logon script.</P>
<H2><A NAME="ss3.4">3.4 Problems with WinDD, NTrigue, WinCenterPro etc</A></H2>
<P>
<A NAME="multiple_session_clients"></A>
</P>
<P>All of the above programs are applications that sit on an NT box and
allow multiple users to access the NT GUI applications from remote
workstations (often over X).</P>
<P>What has this got to do with Samba? The problem comes when these users
use filemanager to mount shares from a Samba server. The most common
symptom is that the first user to connect get correct file permissions
and has a nice day, but subsequent connections get logged in as the
same user as the first person to login. They find that they cannot
access files in their own home directory, but that they can access
files in the first users home directory (maybe not such a nice day
after all?)</P>
<P>Why does this happen? The above products all share a common heritage
(and code base I believe). They all open just a single TCP based SMB
connection to the Samba server, and requests from all users are piped
over this connection. This is unfortunate, but not fatal.</P>
<P>It means that if you run your Samba server in share level security
(the default) then things will definately break as described
above. The share level SMB security model has no provision for
multiple user IDs on the one SMB connection. See
<A HREF="ftp://samba.org/pub/samba/docs/security_level.txt">security_level.txt</A> in
the docs for more info on share/user/server level security.</P>
<P>If you run in user or server level security then you have a chance,
but only if you have a recent version of Samba (at least 1.9.15p6). In
older versions bugs in Samba meant you still would have had problems.</P>
<P>If you have a trapdoor uid system in your OS then it will never work
properly. Samba needs to be able to switch uids on the connection and
it can't if your OS has a trapdoor uid system. You'll know this
because Samba will note it in your logs.</P>
<P>Also note that you should not use the magic "homes" share name with
products like these, as otherwise all users will end up with the same
home directory. Use <F>\\server\username</F> instead.</P>
<H2><A NAME="ss3.5">3.5 Problem with printers under NT</A></H2>
<P>
<A NAME="nt_printers"></A>
This info from Stefan Hergeth
hergeth@f7axp1.informatik.fh-muenchen.de may be useful:</P>
<P>A network-printer (with ethernetcard) is connected to the NT-Clients
via our UNIX-Fileserver (SAMBA-Server), like the configuration told by
Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt)
<OL>
<LI>If a user has choosen this printer as the default printer in his
NT-Session and this printer is not connected to the network
(e.g. switched off) than this user has a problem with the SAMBA-
connection of his filesystems. It's very slow.
</LI>
<LI>If the printer is connected to the network everything works fine.
</LI>
<LI>When the smbd ist started with debug level 3, you can see that the
NT spooling system try to connect to the printer many times. If the
printer ist not connected to the network this request fails and the
NT spooler is wasting a lot of time to connect to the printer service.
This seems to be the reason for the slow network connection.
</LI>
<LI>Maybe it's possible to change this behaviour by setting different
printer properties in the Print-Manager-Menu of NT, but i didn't try it yet.</LI>
</OL>
</P>
<H2><A NAME="ss3.6">3.6 Why are my file's timestamps off by an hour, or by a few hours?</A></H2>
<P>
<A NAME="dst_bugs"></A>
This is from Paul Eggert eggert@twinsun.com.</P>
<P>Most likely it's a problem with your time zone settings.</P>
<P>Internally, Samba maintains time in traditional Unix format,
namely, the number of seconds since 1970-01-01 00:00:00 Universal Time
(or ``GMT''), not counting leap seconds.</P>
<P>On the server side, Samba uses the Unix TZ variable to convert
internal timestamps to and from local time. So on the server side, there are
two things to get right.
<OL>
<LI>The Unix system clock must have the correct Universal time.
Use the shell command "sh -c 'TZ=UTC0 date'" to check this.
</LI>
<LI>The TZ environment variable must be set on the server
before Samba is invoked. The details of this depend on the
server OS, but typically you must edit a file whose name is
/etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.
</LI>
<LI>TZ must have the correct value.
<OL>
<LI>If possible, use geographical time zone settings
(e.g. TZ='America/Los_Angeles' or perhaps
TZ=':US/Pacific'). These are supported by most
popular Unix OSes, are easier to get right, and are
more accurate for historical timestamps. If your
operating system has out-of-date tables, you should be
able to update them from the public domain time zone
tables at
<A HREF="ftp://elsie.nci.nih.gov/pub/">ftp://elsie.nci.nih.gov/pub/</A>.
</LI>
<LI>If your system does not support geographical timezone
settings, you must use a Posix-style TZ strings, e.g.
TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time.
Posix TZ strings can take the following form (with optional
items in brackets):
<PRE>
StdOffset[Dst[Offset],Date/Time,Date/Time]
</PRE>
where:
<UL>
<LI> `Std' is the standard time designation (e.g. `PST').
</LI>
<LI> `Offset' is the number of hours behind UTC (e.g. `8').
Prepend a `-' if you are ahead of UTC, and
append `:30' if you are at a half-hour offset.
Omit all the remaining items if you do not use
daylight-saving time.
</LI>
<LI> `Dst' is the daylight-saving time designation
(e.g. `PDT').
The optional second `Offset' is the number of
hours that daylight-saving time is behind UTC.
The default is 1 hour ahead of standard time.
</LI>
<LI> `Date/Time,Date/Time' specify when daylight-saving
time starts and ends. The format for a date is
`Mm.n.d', which specifies the dth day (0 is Sunday)
of the nth week of the mth month, where week 5 means
the last such day in the month. The format for a
time is <F>h</F>h<F>:mm[:ss</F>], using a 24-hour clock.</LI>
</UL>
Other Posix string formats are allowed but you don't want
to know about them.</LI>
</OL>
</LI>
</OL>
On the client side, you must make sure that your client's clock and
time zone is also set appropriately. <F>[I don't know how to do this.</F>]
Samba traditionally has had many problems dealing with time zones, due
to the bizarre ways that Microsoft network protocols handle time
zones. A common symptom is for file timestamps to be off by an hour.
To work around the problem, try disconnecting from your Samba server
and then reconnecting to it; or upgrade your Samba server to
1.9.16alpha10 or later.</P>
<H2><A NAME="ss3.7">3.7 How do I set the printer driver name correctly? </A></H2>
<P>
<A NAME="printer_driver_name"></A>
Question:
On NT, I opened "Printer Manager" and "Connect to Printer".
Enter <F>"\\ptdi270\ps1"</F> in the box of printer. I got the
following error message:
<BLOCKQUOTE><CODE>
<PRE>
You do not have sufficient access to your machine
to connect to the selected printer, since a driver
needs to be installed locally.
</PRE>
</CODE></BLOCKQUOTE>
Answer:</P>
<P>In the more recent versions of Samba you can now set the "printer
driver" in smb.conf. This tells the client what driver to use. For
example:
<BLOCKQUOTE><CODE>
<PRE>
printer driver = HP LaserJet 4L
</PRE>
</CODE></BLOCKQUOTE>
with this, NT knows to use the right driver. You have to get this string
exactly right.</P>
<P>To find the exact string to use, you need to get to the dialog box in
your client where you select which printer driver to install. The
correct strings for all the different printers are shown in a listbox
in that dialog box.</P>
<P>You could also try setting the driver to NULL like this:
<BLOCKQUOTE><CODE>
<PRE>
printer driver = NULL
</PRE>
</CODE></BLOCKQUOTE>
this is effectively what older versions of Samba did, so if that
worked for you then give it a go. If this does work then let us know via
<A HREF="mailto:samba@samba.org">samba@samba.org</A>,
and we'll make it the default. Currently the default is a 0 length
string.</P>
<H2><A NAME="ss3.8">3.8 I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?</A></H2>
<P>
<A NAME="NT_SP3_FIX"></A>
As of SP3, Microsoft has decided that they will no longer default to
passing clear text passwords over the network. To enable access to
Samba shares from NT 4.0 SP3, you must do <B>ONE</B> of two things:
<OL>
<LI> Set the Samba configuration option 'security = user' and implement all of the stuff detailed in
<A HREF="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt">ENCRYPTION.txt</A>.</LI>
<LI> Follow Microsoft's directions for setting your NT box to allow plain text passwords. see
<A HREF="http://www.microsoft.com/kb/articles/q166/7/30.htm">Knowledge Base Article Q166730</A></LI>
</OL>
</P>
<HR>
<A HREF="sambafaq-2.html">Previous</A>
<A HREF="sambafaq-4.html">Next</A>
<A HREF="sambafaq.html#toc3">Table of Contents</A>
</BODY>
</HTML>

37
docs/faq/sambafaq-4.html
View File

@ -1,37 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba FAQ: Specific client application problems</TITLE>
</HEAD>
<BODY>
<A HREF="sambafaq-3.html">Previous</A>
<A HREF="sambafaq-5.html">Next</A>
<A HREF="sambafaq.html#toc4">Table of Contents</A>
<HR>
<H2><A NAME="s4">4. Specific client application problems</A></H2>
<P>
<A NAME="client_problems"></A>
</P>
<H2><A NAME="ss4.1">4.1 MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A></H2>
<P>
<A NAME="cant_change_properties"></A>
When installing MS Office on a Samba drive for which you have admin
user permissions, ie. admin users = username, you will find the
setup program unable to complete the installation.</P>
<P>To get around this problem, do the installation without admin user
permissions The problem is that MS Office Setup checks that a file is
rdonly by trying to open it for writing.</P>
<P>Admin users can always open a file for writing, as they run as root.
You just have to install as a non-admin user and then use "chown -R"
to fix the owner.</P>
<HR>
<A HREF="sambafaq-3.html">Previous</A>
<A HREF="sambafaq-5.html">Next</A>
<A HREF="sambafaq.html#toc4">Table of Contents</A>
</BODY>
</HTML>

30
docs/faq/sambafaq-5.html
View File

@ -1,30 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba FAQ: Miscellaneous</TITLE>
</HEAD>
<BODY>
<A HREF="sambafaq-4.html">Previous</A>
Next
<A HREF="sambafaq.html#toc5">Table of Contents</A>
<HR>
<H2><A NAME="s5">5. Miscellaneous</A></H2>
<P>
<A NAME="miscellaneous"></A>
</P>
<H2><A NAME="ss5.1">5.1 Is Samba Year 2000 compliant?</A></H2>
<P>
<A NAME="Year2000Compliant"></A>
The CIFS protocol that Samba implements
negotiates times in various formats, all of which
are able to cope with dates beyond 2000.</P>
<HR>
<A HREF="sambafaq-4.html">Previous</A>
Next
<A HREF="sambafaq.html#toc5">Table of Contents</A>
</BODY>
</HTML>

115
docs/faq/sambafaq.html
View File

@ -1,115 +0,0 @@
<HTML>
<HEAD>
<TITLE> Samba FAQ</TITLE>
</HEAD>
<BODY>
Previous
<A HREF="sambafaq-1.html">Next</A>
Table of Contents
<HR>
<H1> Samba FAQ</H1>
<H2>Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.8, June '97
<P><HR><EM> This is the Frequently Asked Questions (FAQ) document for
Samba, the free and very popular SMB server product. An SMB server
allows file and printer connections from clients such as Windows,
OS/2, Linux and others. Current to version 1.9.17. Please send any
corrections to the author.</EM><HR></P>
<P>
<H2><A NAME="toc1">1.</A> <A HREF="sambafaq-1.html">General Information</A></H2>
<UL>
<LI><A HREF="sambafaq-1.html#ss1.1">1.1 What is Samba? </A>
<LI><A HREF="sambafaq-1.html#ss1.2">1.2 What is the current version of Samba? </A>
<LI><A HREF="sambafaq-1.html#ss1.3">1.3 Where can I get it? </A>
<LI><A HREF="sambafaq-1.html#ss1.4">1.4 What do the version numbers mean? </A>
<LI><A HREF="sambafaq-1.html#ss1.5">1.5 What platforms are supported? </A>
<LI><A HREF="sambafaq-1.html#ss1.6">1.6 How can I find out more about Samba? </A>
<LI><A HREF="sambafaq-1.html#ss1.7">1.7 How do I subscribe to the Samba Mailing Lists?</A>
<LI><A HREF="sambafaq-1.html#ss1.8">1.8 Something's gone wrong - what should I do? </A>
<LI><A HREF="sambafaq-1.html#ss1.9">1.9 Pizza supply details </A>
</UL>
<P>
<H2><A NAME="toc2">2.</A> <A HREF="sambafaq-2.html">Compiling and installing Samba on a Unix host</A></H2>
<UL>
<LI><A HREF="sambafaq-2.html#ss2.1">2.1 I can't see the Samba server in any browse lists!</A>
<LI><A HREF="sambafaq-2.html#ss2.2">2.2 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A>
<LI><A HREF="sambafaq-2.html#ss2.3">2.3 Some files on the server show up with really wierd filenames when I view the files from my client! </A>
<LI><A HREF="sambafaq-2.html#ss2.4">2.4 My client reports "cannot locate specified computer" or similar</A>
<LI><A HREF="sambafaq-2.html#ss2.5">2.5 My client reports "cannot locate specified share name" or similar</A>
<LI><A HREF="sambafaq-2.html#ss2.6">2.6 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A>
<LI><A HREF="sambafaq-2.html#ss2.7">2.7 Printing doesn't work :-(</A>
<LI><A HREF="sambafaq-2.html#ss2.8">2.8 My programs install on the server OK, but refuse to work properly</A>
<LI><A HREF="sambafaq-2.html#ss2.9">2.9 My "server string" doesn't seem to be recognised</A>
<LI><A HREF="sambafaq-2.html#ss2.10">2.10 My client reports "This server is not configured to list shared resources" </A>
<LI><A HREF="sambafaq-2.html#ss2.11">2.11 Log message "you appear to have a trapdoor uid system" </A>
</UL>
<P>
<H2><A NAME="toc3">3.</A> <A HREF="sambafaq-3.html">Common client questions</A></H2>
<UL>
<LI><A HREF="sambafaq-3.html#ss3.1">3.1 Are there any Macintosh clients for Samba?</A>
<LI><A HREF="sambafaq-3.html#ss3.2">3.2 "Session request failed (131,130)" error</A>
<LI><A HREF="sambafaq-3.html#ss3.3">3.3 How do I synchronise my PC's clock with my Samba server? </A>
<LI><A HREF="sambafaq-3.html#ss3.4">3.4 Problems with WinDD, NTrigue, WinCenterPro etc</A>
<LI><A HREF="sambafaq-3.html#ss3.5">3.5 Problem with printers under NT</A>
<LI><A HREF="sambafaq-3.html#ss3.6">3.6 Why are my file's timestamps off by an hour, or by a few hours?</A>
<LI><A HREF="sambafaq-3.html#ss3.7">3.7 How do I set the printer driver name correctly? </A>
<LI><A HREF="sambafaq-3.html#ss3.8">3.8 I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?</A>
</UL>
<P>
<H2><A NAME="toc4">4.</A> <A HREF="sambafaq-4.html">Specific client application problems</A></H2>
<UL>
<LI><A HREF="sambafaq-4.html#ss4.1">4.1 MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A>
</UL>
<P>
<H2><A NAME="toc5">5.</A> <A HREF="sambafaq-5.html">Miscellaneous</A></H2>
<UL>
<LI><A HREF="sambafaq-5.html#ss5.1">5.1 Is Samba Year 2000 compliant?</A>
</UL>
<HR>
Previous
<A HREF="sambafaq-1.html">Next</A>
Table of Contents
</BODY>
</HTML>

793
docs/faq/sambafaq.sgml
View File

@ -1,793 +0,0 @@
<!doctype linuxdoc system> <!-- -*- SGML -*- -->
<!--
v 0.5 18 Oct 1996 Dan Shearer Dan.Shearer@unisa.edu.au
First linuxdoc-sgml version, outline only
v 0.6 25 Oct 1996 Dan
Filled in from current text faq
v 0.7 1 June 1997 Paul
Replicated changes in txt faq to sgml faq
9 June 1997 Paul
Lots of changes, added doco list, updated compatible systems list
added NT SP3 entry, added Year 2000 entry, Getting ready for 1.9.17
v 0.8 7th Oct 97 Paul
changed samba.canberra entries to samba.anu.../samba/
-->
<article>
<title> Samba FAQ
<author>Paul Blackman, <tt>ictinus@samba.org</tt>
<author>Jelmer Vernooij, <tt>jelmer@samba.org</tt>
<date>v 1.0, August 2002
<abstract> This is the Frequently Asked Questions (FAQ) document for
Samba, the free and very popular SMB server product. An SMB server
allows file and printer connections from clients such as Windows,
OS/2, Linux and others. Current to version 3.0. Please send any
corrections to the author.
</abstract>
<toc>
<sect> General Information<p> <label id="general_info">
All about Samba - what it is, how to get it, related sources of
information, how to understand the version numbering scheme, pizza
details
<sect1> What is Samba? <p> <label id="introduction">
Samba is a suite of programs which work together to allow clients to
access to a server's filespace and printers via the SMB (Server
Message Block) protocol. Initially written for Unix, Samba now also
runs on Netware, OS/2 and VMS.
In practice, this means that you can redirect disks and printers to
Unix disks and printers from Lan Manager clients, Windows for
Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2
clients. There is also a generic Unix client program supplied as part
of the suite which allows Unix users to use an ftp-like interface to
access filespace and printers on any other SMB servers. This gives the
capability for these operating systems to behave much like a LAN
Server or Windows NT Server machine, only with added functionality and
flexibility designed to make life easier for administrators.
The components of the suite are (in summary):
<itemize>
<item><bf>smbd</bf>, the SMB server. This handles actual connections from clients, doing all the file, permission and username work
<item><bf>nmbd</bf>, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba
<item><bf>smbclient</bf>, the Unix-hosted client program
<item><bf>smbrun</bf>, a little 'glue' program to help the server run external programs
<item><bf>testprns</bf>, a program to test server access to printers
<item><bf>testparms</bf>, a program to test the Samba configuration file for correctness
<item><bf>smb.conf</bf>, the Samba configuration file
<item><bf>smbprint</bf>, a sample script to allow a Unix host to use smbclient to print to an SMB server
<item><bf>Documentation!</bf> DON'T neglect to read it - you will save a great deal of time!
</itemize>
The suite is supplied with full source (of course!) and is GPLed.
The primary creator of the Samba suite is Andrew Tridgell. Later
versions incorporate much effort by many net.helpers. The man pages
and this FAQ were originally written by Karl Auer.
<sect1> What is the current version of Samba? <p><label id="current_version">
At time of writing, the current version was 1.9.17. If you want to be
sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log">
For more information see <ref id="version_nums" name="What do the
version numbers mean?">
<sect1> Where can I get it? <p> <label id="where">
The Samba suite is available via anonymous ftp from
samba.org. The latest and greatest versions of the suite are in
the directory:
/pub/samba/
Development (read "alpha") versions, which are NOT necessarily stable
and which do NOT necessarily have accurate documentation, are
available in the directory:
/pub/samba/alpha
Note that binaries are NOT included in any of the above. Samba is
distributed ONLY in source form, though binaries may be available from
other sites. Recent versions of some Linux distributions, for example,
do contain Samba binaries for that platform.
<sect1> What do the version numbers mean? <p> <label id="version_nums">
It is not recommended that you run a version of Samba with the word
"alpha" in its name unless you know what you are doing and are willing
to do some debugging. Many, many people just get the latest
recommended stable release version and are happy. If you are brave, by
all means take the plunge and help with the testing and development -
but don't install it on your departmental server. Samba is typically
very stable and safe, and this is mostly due to the policy of many
public releases.
How the scheme works:
<enum>
<item>When major changes are made the version number is increased. For
example, the transition from 1.9.15 to 1.9.16. However, this version
number will not appear immediately and people should continue to use
1.9.15 for production systems (see next point.)
<item>Just after major changes are made the software is considered
unstable, and a series of alpha releases are distributed, for example
1.9.16alpha1. These are for testing by those who know what they are
doing. The "alpha" in the filename will hopefully scare off those who
are just looking for the latest version to install.
<item>When Andrew thinks that the alphas have stabilised to the point
where he would recommend new users install it, he renames it to the
same version number without the alpha, for example 1.9.16.
<item>Inevitably bugs are found in the "stable" releases and minor patch
levels are released which give us the pXX series, for example 1.9.16p2.
</enum>
So the progression goes:
<verb>
1.9.15p7 (production)
1.9.15p8 (production)
1.9.16alpha1 (test sites only)
:
1.9.16alpha20 (test sites only)
1.9.16 (production)
1.9.16p1 (production)
</verb>
The above system means that whenever someone looks at the samba ftp
site they will be able to grab the highest numbered release without an
alpha in the name and be sure of getting the current recommended
version.
<sect1> What platforms are supported? <p> <label id="platforms">
Many different platforms have run Samba successfully. The platforms
most widely used and thus best tested are Linux and SunOS.
At time of writing, the Makefile claimed support for:
<itemize>
<item> A/UX 3.0
<item> AIX
<item> Altos Series 386/1000
<item> Amiga
<item> Apollo Domain/OS sr10.3
<item> BSDI
<item> B.O.S. (Bull Operating System)
<item> Cray, Unicos 8.0
<item> Convex
<item> DGUX.
<item> DNIX.
<item> FreeBSD
<item> HP-UX
<item> Intergraph.
<item> Linux with/without shadow passwords and quota
<item> LYNX 2.3.0
<item> MachTen (a unix like system for Macintoshes)
<item> Motorola 88xxx/9xx range of machines
<item> NetBSD
<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
<item> OS/2 using EMX 0.9b
<item> OSF1
<item> QNX 4.22
<item> RiscIX.
<item> RISCOs 5.0B
<item> SEQUENT.
<item> SCO (including: 3.2v2, European dist., OpenServer 5)
<item> SGI.
<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series
<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
<item> SUNOS 4
<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
<item> Sunsoft ISC SVR3V4
<item> SVR4
<item> System V with some berkely extensions (Motorola 88k R32V3.2).
<item> ULTRIX.
<item> UNIXWARE
<item> UXP/DS
</itemize>
<sect1> How can I find out more about Samba? <p> <label id="more">
There are a number of places to look for more information on Samba, including:
<itemize>
<item>Two mailing lists devoted to discussion of Samba-related matters.
<item>The newsgroup, comp.protocols.smb, which has a great deal of discussion on Samba.
<item>The WWW site 'SAMBA Web Pages' at <url url="http://samba.edu.au/samba/"> includes:
<itemize>
<item>Links to man pages and documentation, including this FAQ
<item>A comprehensive survey of Samba users.
<item>A searchable hypertext archive of the Samba mailing list.
<item>Links to Samba source code, binaries, and mirrors of both.
</itemize>
<item>The long list of topic documentation. These files can be found in the 'docs' directory of the Samba source, or at <url url="ftp://samba.org/pub/samba/docs/">
<itemize>
<item><url url="ftp://samba.org/pub/samba/docs/Application_Serving.txt" name="Application_Serving.txt">
<item><url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt">
<item><url url="ftp://samba.org/pub/samba/docs/BUGS.txt" name="BUGS.txt">
<item><url url="ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt" name="DIAGNOSIS.txt">
<item><url url="ftp://samba.org/pub/samba/docs/DNIX.txt" name="DNIX.txt">
<item><url url="ftp://samba.org/pub/samba/docs/DOMAIN.txt" name="DOMAIN.txt">
<item><url url="ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt" name="CONTROL.txt">
<item><url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt">
<item><url url="ftp://samba.org/pub/samba/docs/Faxing.txt" name="Faxing.txt">
<item><url url="ftp://samba.org/pub/samba/docs/GOTCHAS.txt" name="GOTCHAS.txt">
<item><url url="ftp://samba.org/pub/samba/docs/HINTS.txt" name="HINTS.txt">
<item><url url="ftp://samba.org/pub/samba/docs/INSTALL.sambatar" name="INSTALL.sambatar">
<item><url url="ftp://samba.org/pub/samba/docs/INSTALL.txt" name="INSTALL.txt">
<item><url url="ftp://samba.org/pub/samba/docs/MIRRORS" name="MIRRORS">
<item><url url="ftp://samba.org/pub/samba/docs/NetBIOS.txt" name="NetBIOS.txt">
<item><url url="ftp://samba.org/pub/samba/docs/OS2.txt" name="OS2.txt">
<item><url url="ftp://samba.org/pub/samba/docs/PROJECTS" name="PROJECTS">
<item><url url="ftp://samba.org/pub/samba/docs/Passwords.txt" name="Passwords.txt">
<item><url url="ftp://samba.org/pub/samba/docs/Printing.txt" name="Printing.txt">
<item><url url="ftp://samba.org/pub/samba/docs/README.DCEDFS" name="README.DCEDFS">
<item><url url="ftp://samba.org/pub/samba/docs/README.OS2" name="README.OS2">
<item><url url="ftp://samba.org/pub/samba/docs/README.jis" name="README.jis">
<item><url url="ftp://samba.org/pub/samba/docs/README.sambatar" name="README.sambatar">
<item><url url="ftp://samba.org/pub/samba/docs/SCO.txt" name="SCO.txt">
<item><url url="ftp://samba.org/pub/samba/docs/SMBTAR.notes" name="SMBTAR.notes">
<item><url url="ftp://samba.org/pub/samba/docs/Speed.txt" name="Speed.txt">
<item><url url="ftp://samba.org/pub/samba/docs/Support.txt" name="Support.txt">
<item><url url="ftp://samba.org/pub/samba/docs/THANKS" name="THANKS">
<item><url url="ftp://samba.org/pub/samba/docs/Tracing.txt" name="Tracing.txt">
<item><url url="ftp://samba.org/pub/samba/docs/UNIX-SMB.txt" name="SMB.txt">
<item><url url="ftp://samba.org/pub/samba/docs/Warp.txt" name="Warp.txt">
<item><url url="ftp://samba.org/pub/samba/docs/WinNT.txt" name="WinNT.txt">
<item><url url="ftp://samba.org/pub/samba/docs/history" name="history">
<item><url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="level.txt">
<item><url url="ftp://samba.org/pub/samba/docs/wfw_slip.htm" name="slip.htm">
</itemize>
</itemize>
<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist">
Send email to <htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is
blank, and include the following two lines in the body of the message:
<tscreen><verb>
subscribe samba Firstname Lastname
subscribe samba-announce Firstname Lastname
</verb></tscreen>
Obviously you should substitute YOUR first name for "Firstname" and
YOUR last name for "Lastname"! Try not to send any signature stuff, it
sometimes confuses the list processor.
The samba list is a digest list - every eight hours or so it
regurgitates a single message containing all the messages that have
been received by the list since the last time and sends a copy of this
message to all subscribers.
If you stop being interested in Samba, please send another email to
<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and
include the following two lines in the body of the message:
<tscreen><verb>
unsubscribe samba
unsubscribe samba-announce
</verb></tscreen>
The <bf>From:</bf> line in your message <em>MUST</em> be the same address you used when
you subscribed.
<sect1> Something's gone wrong - what should I do? <p> <label id="wrong">
<bf>[#] *** IMPORTANT! *** [#]</bf>
<p>DO NOT post messages on mailing lists or in newsgroups until you have
carried out the first three steps given here!
Firstly, see if there are any likely looking entries in this FAQ! If
you have just installed Samba, have you run through the checklist in
<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt" name="DIAGNOSIS.txt">? It can save you a lot of time and effort.
DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution.
Secondly, read the man pages for smbd, nmbd and smb.conf, looking for
topics that relate to what you are trying to do.
Thirdly, if there is no obvious solution to hand, try to get a look at
the log files for smbd and/or nmbd for the period during which you
were having problems. You may need to reconfigure the servers to
provide more extensive debugging information - usually level 2 or
level 3 provide ample debugging info. Inspect these logs closely,
looking particularly for the string "Error:".
Fourthly, if you still haven't got anywhere, ask the mailing list or
newsgroup. In general nobody minds answering questions provided you
have followed the preceding steps. It might be a good idea to scan the
archives of the mailing list, which are available through the Samba
web site described in the previous
section.
If you successfully solve a problem, please mail the FAQ maintainer a
succinct description of the symptom, the problem and the solution, so
I can incorporate it in the next version.
If you make changes to the source code, _please_ submit these patches
so that everyone else gets the benefit of your work. This is one of
the most important aspects to the maintainence of Samba. Send all
patches to <htmlurl url="mailto:samba-patches@samba.org" name="samba-patches@samba.org">. Do not send patches to Andrew Tridgell or any
other individual, they may be lost if you do.
<sect1> Pizza supply details <p> <label id="pizza">
Those who have registered in the Samba survey as "Pizza Factory" will
already know this, but the rest may need some help. Andrew doesn't ask
for payment, but he does appreciate it when people give him
pizza. This calls for a little organisation when the pizza donor is
twenty thousand kilometres away, but it has been done.
Method 1: Ring up your local branch of an international pizza chain
and see if they honour their vouchers internationally. Pizza Hut do,
which is how the entire Canberra Linux Users Group got to eat pizza
one night, courtesy of someone in the US
Method 2: Ring up a local pizza shop in Canberra and quote a credit
card number for a certain amount, and tell them that Andrew will be
collecting it (don't forget to tell him.) One kind soul from Germany
did this.
Method 3: Purchase a pizza voucher from your local pizza shop that has
no international affiliations and send it to Andrew. It is completely
useless but he can hang it on the wall next to the one he already has
from Germany :-)
Method 4: Air freight him a pizza with your favourite regional
flavours. It will probably get stuck in customs or torn apart by
hungry sniffer dogs but it will have been a noble gesture.
<sect>Compiling and installing Samba on a Unix host<p><label id="unix_install">
<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse">
See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt">
for more information on browsing. Browsing.txt can also be found
in the docs directory of the Samba source.
If your GUI client does not permit you to select non-browsable
servers, you may need to do so on the command line. For example, under
Lan Manager you might connect to the above service as disk drive M:
thusly:
<tscreen><verb>
net use M: \\mary\fred
</verb></tscreen>
The details of how to do this and the specific syntax varies from
client to client - check your client's documentation.
<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files">
See the next question.
<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames">
If you check what files are not showing up, you will note that they
are files which contain upper case letters or which are otherwise not
DOS-compatible (ie, they are not legal DOS filenames for some reason).
The Samba server can be configured either to ignore such files
completely, or to present them to the client in "mangled" form. If you
are not seeing the files at all, the Samba server has most likely been
configured to ignore them. Consult the man page smb.conf(5) for
details of how to change this - the parameter you need to set is
"mangled names = yes".
<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server">
This indicates one of three things: You supplied an incorrect server
name, the underlying TCP/IP layer is not working correctly, or the
name you specified cannot be resolved.
After carefully checking that the name you typed is the name you
should have typed, try doing things like pinging a host or telnetting
to somewhere on your network to see if TCP/IP is functioning OK. If it
is, the problem is most likely name resolution.
If your client has a facility to do so, hardcode a mapping between the
hosts IP and the name you want to use. For example, with Lan Manager
or Windows for Workgroups you would put a suitable entry in the file
LMHOSTS. If this works, the problem is in the communication between
your client and the netbios name server. If it does not work, then
there is something fundamental wrong with your naming and the solution
is beyond the scope of this document.
If you do not have any server on your subnet supplying netbios name
resolution, hardcoded mappings are your only option. If you DO have a
netbios name server running (such as the Samba suite's nmbd program),
the problem probably lies in the way it is set up. Refer to Section
Two of this FAQ for more ideas.
By the way, remember to REMOVE the hardcoded mapping before further
tests :-)
<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share">
This message indicates that your client CAN locate the specified
server, which is a good start, but that it cannot find a service of
the name you gave.
The first step is to check the exact name of the service you are
trying to connect to (consult your system administrator). Assuming it
exists and you specified it correctly (read your client's docs on how
to specify a service name correctly), read on:
<itemize>
<item> Many clients cannot accept or use service names longer than eight characters.
<item> Many clients cannot accept or use service names containing spaces.
<item> Some servers (not Samba though) are case sensitive with service names.
<item> Some clients force service names into upper case.
</itemize>
<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net">
Nothing is wrong - Samba does not implement the primary domain name
controller stuff for several reasons, including the fact that the
whole concept of a primary domain controller and "logging in to a
network" doesn't fit well with clients possibly running on multiuser
machines (such as users of smbclient under Unix). Having said that,
several developers are working hard on building it in to the next
major version of Samba. If you can contribute, send a message to
<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> !
Seeing this message should not affect your ability to mount redirected
disks and printers, which is really what all this is about.
For many clients (including Windows for Workgroups and Lan Manager),
setting the domain to STANDALONE at least gets rid of the message.
<sect1>Printing doesn't work :-(<p> <label id="no_printing">
Make sure that the specified print command for the service you are
connecting to is correct and that it has a fully-qualified path (eg.,
use "/usr/bin/lpr" rather than just "lpr").
Make sure that the spool directory specified for the service is
writable by the user connected to the service. In particular the user
"nobody" often has problems with printing, even if it worked with an
earlier version of Samba. Try creating another guest user other than
"nobody".
Make sure that the user specified in the service is permitted to use
the printer.
Check the debug log produced by smbd. Search for the printer name and
see if the log turns up any clues. Note that error messages to do with
a service ipc$ are meaningless - they relate to the way the client
attempts to retrieve status information when using the LANMAN1
protocol.
If using WfWg then you need to set the default protocol to TCP/IP, not
Netbeui. This is a WfWg bug.
If using the Lanman1 protocol (the default) then try switching to
coreplus. Also not that print status error messages don't mean
printing won't work. The print status is received by a different
mechanism.
<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run">
There are numerous possible reasons for this, but one MAJOR
possibility is that your software uses locking. Make sure you are
using Samba 1.6.11 or later. It may also be possible to work around
the problem by setting "locking=no" in the Samba configuration file
for the service the software is installed on. This should be regarded
as a strictly temporary solution.
In earlier Samba versions there were some difficulties with the very
latest Microsoft products, particularly Excel 5 and Word for Windows
6. These should have all been solved. If not then please let Andrew
Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">.
<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string">
OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
of what I have changed it to in the smb.conf file.
You need to use the -C option in nmbd. The "server string" affects
what smbd puts out and -C affects what nmbd puts out.
Current versions of Samba (1.9.16 +) have combined these options into
the "server string" field of smb.conf, -C for nmbd is now obsolete.
<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares">
Your guest account is probably invalid for some reason. Samba uses the
guest account for browsing in smbd. Check that your guest account is
valid.
See also 'guest account' in smb.conf man page.
<sect1>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid">
This can have several causes. It might be because you are using a uid
or gid of 65535 or -1. This is a VERY bad idea, and is a big security
hole. Check carefully in your /etc/passwd file and make sure that no
user has uid 65535 or -1. Especially check the "nobody" user, as many
broken systems are shipped with nobody setup with a uid of 65535.
It might also mean that your OS has a trapdoor uid/gid system :-)
This means that once a process changes effective uid from root to
another user it can't go back to root. Unfortunately Samba relies on
being able to change effective uid from root to non-root and back
again to implement its security policy. If your OS has a trapdoor uid
system this won't work, and several things in Samba may break. Less
things will break if you use user or server level security instead of
the default share level security, but you may still strike
problems.
The problems don't give rise to any security holes, so don't panic,
but it does mean some of Samba's capabilities will be unavailable.
In particular you will not be able to connect to the Samba server as
two different uids at once. This may happen if you try to print as a
"guest" while accessing a share as a normal user. It may also affect
your ability to list the available shares as this is normally done as
the guest user.
Complain to your OS vendor and ask them to fix their system.
Note: the reason why 65535 is a VERY bad choice of uid and gid is that
it casts to -1 as a uid, and the setreuid() system call ignores (with
no error) uid changes to -1. This means any daemon attempting to run
as uid 65535 will actually run as root. This is not good!
<sect>Common client questions<p> <label id="client_questions">
<sect1>Are there any Macintosh clients for Samba?<p> <label id="mac_clients">
Yes! Thursby now have a CIFS Client / Server called DAVE - see <url url="http://www.thursby.com/">.
They test it against Windows 95, Windows NT and samba for compatibility issues.
At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available
as a free download from the Thursby web site (the speed of finder copies has
been greatly enhanced, and there are bug-fixes included).
Alternatives - There are two free implementations of AppleTalk for
several kinds of UNIX machnes, and several more commercial ones.
These products allow you to run file services and print services
natively to Macintosh users, with no additional support required on
the Macintosh. The two free omplementations are Netatalk,
<url url="http://www.umich.edu/~rsug/netatalk/">, and CAP,
<url url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers
MS Windows users, these packages offer to Macs. For more info on
these packages, Samba, and Linux (and other UNIX-based systems)
see <url url="http://www.eats.com/linux_mac_win.html">
<sect1>"Session request failed (131,130)" error<p> <label id="sess_req_fail">
The following answer is provided by John E. Miller:
I'll assume that you're able to ping back and forth between the
machines by IP address and name, and that you're using some security
model where you're confident that you've got user IDs and passwords
right. The logging options (-d3 or greater) can help a lot with that.
DNS and WINS configuration can also impact connectivity as well.
Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network
configuration (I'm too much of an NT bigot to know where it's located
in the Win95 setup, but I'll have to learn someday since I teach for a
Microsoft Solution Provider Authorized Tech Education Center - what an
acronym...) [Note: It's under Control Panel | Network | TCP/IP | WINS
Configuration] there's a little text entry field called something like
'Scope ID'.
This field essentially creates 'invisible' sub-workgroups on the same
wire. Boxes can only see other boxes whose Scope IDs are set to the
exact same value - it's sometimes used by OEMs to configure their
boxes to browse only other boxes from the same vendor and, in most
environments, this field should be left blank. If you, in fact, have
something in this box that EXACT value (case-sensitive!) needs to be
provided to smbclient and nmbd as the -i (lowercase) parameter. So, if
your Scope ID is configured as the string 'SomeStr' in Win95 then
you'd have to use smbclient -iSomeStr [otherparms] in connecting to
it.
<sect1>How do I synchronise my PC's clock with my Samba server? <p><label id="synchronise_clock">
To syncronize your PC's clock with your Samba server:
<itemize>
<item> Copy timesync.pif to your windows directory
<item> timesync.pif can be found at:
<url
url="http://samba.org/samba/binaries/miscellaneous/timesync.pif">
<item> Add timesync.pif to your 'Start Up' group/folder
<item> Open the properties dialog box for the program/icon
<item> Make sure the 'Run Minimized' option is set in program 'Properties'
<iteM> Change the command line section that reads [\\sambahost] to reflect the name of your server.
<item> Close the properties dialog box by choosing 'OK'
</itemize>
Each time you start your computer (or login for Win95) your PC will
synchronize its clock with your Samba server.
Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba
- see: <url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt"> *** for more information.
<p>Then add
<tscreen><verb>
NET TIME \\%L /SET /YES
</verb></tscreen>
as one of the lines in the logon script.
<sect1>Problems with WinDD, NTrigue, WinCenterPro etc<p>
<label id="multiple_session_clients">
All of the above programs are applications that sit on an NT box and
allow multiple users to access the NT GUI applications from remote
workstations (often over X).
What has this got to do with Samba? The problem comes when these users
use filemanager to mount shares from a Samba server. The most common
symptom is that the first user to connect get correct file permissions
and has a nice day, but subsequent connections get logged in as the
same user as the first person to login. They find that they cannot
access files in their own home directory, but that they can access
files in the first users home directory (maybe not such a nice day
after all?)
Why does this happen? The above products all share a common heritage
(and code base I believe). They all open just a single TCP based SMB
connection to the Samba server, and requests from all users are piped
over this connection. This is unfortunate, but not fatal.
It means that if you run your Samba server in share level security
(the default) then things will definately break as described
above. The share level SMB security model has no provision for
multiple user IDs on the one SMB connection. See <url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="security_level.txt"> in
the docs for more info on share/user/server level security.
If you run in user or server level security then you have a chance,
but only if you have a recent version of Samba (at least 1.9.15p6). In
older versions bugs in Samba meant you still would have had problems.
If you have a trapdoor uid system in your OS then it will never work
properly. Samba needs to be able to switch uids on the connection and
it can't if your OS has a trapdoor uid system. You'll know this
because Samba will note it in your logs.
Also note that you should not use the magic "homes" share name with
products like these, as otherwise all users will end up with the same
home directory. Use [\\server\username] instead.
<sect1>Problem with printers under NT<p> <label id="nt_printers">
This info from Stefan Hergeth
hergeth@f7axp1.informatik.fh-muenchen.de may be useful:
A network-printer (with ethernetcard) is connected to the NT-Clients
via our UNIX-Fileserver (SAMBA-Server), like the configuration told by
Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt)
<enum>
<item>If a user has choosen this printer as the default printer in his
NT-Session and this printer is not connected to the network
(e.g. switched off) than this user has a problem with the SAMBA-
connection of his filesystems. It's very slow.
<item>If the printer is connected to the network everything works fine.
<item>When the smbd ist started with debug level 3, you can see that the
NT spooling system try to connect to the printer many times. If the
printer ist not connected to the network this request fails and the
NT spooler is wasting a lot of time to connect to the printer service.
This seems to be the reason for the slow network connection.
<item>Maybe it's possible to change this behaviour by setting different
printer properties in the Print-Manager-Menu of NT, but i didn't try it yet.
</enum>
<sect1>Why are my file's timestamps off by an hour, or by a few hours?<p><label id="dst_bugs">
This is from Paul Eggert eggert@twinsun.com.
Most likely it's a problem with your time zone settings.
Internally, Samba maintains time in traditional Unix format,
namely, the number of seconds since 1970-01-01 00:00:00 Universal Time
(or ``GMT''), not counting leap seconds.
On the server side, Samba uses the Unix TZ variable to convert
internal timestamps to and from local time. So on the server side, there are
two things to get right.
<enum>
<item>The Unix system clock must have the correct Universal time.
Use the shell command "sh -c 'TZ=UTC0 date'" to check this.
<item>The TZ environment variable must be set on the server
before Samba is invoked. The details of this depend on the
server OS, but typically you must edit a file whose name is
/etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.
<item>TZ must have the correct value.
<enum>
<item>If possible, use geographical time zone settings
(e.g. TZ='America/Los_Angeles' or perhaps
TZ=':US/Pacific'). These are supported by most
popular Unix OSes, are easier to get right, and are
more accurate for historical timestamps. If your
operating system has out-of-date tables, you should be
able to update them from the public domain time zone
tables at <url url="ftp://elsie.nci.nih.gov/pub/">.
<item>If your system does not support geographical timezone
settings, you must use a Posix-style TZ strings, e.g.
TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time.
Posix TZ strings can take the following form (with optional
items in brackets):
<verb>
StdOffset[Dst[Offset],Date/Time,Date/Time]
</verb>
where:
<itemize>
<item> `Std' is the standard time designation (e.g. `PST').
<item> `Offset' is the number of hours behind UTC (e.g. `8').
Prepend a `-' if you are ahead of UTC, and
append `:30' if you are at a half-hour offset.
Omit all the remaining items if you do not use
daylight-saving time.
<item> `Dst' is the daylight-saving time designation
(e.g. `PDT').
The optional second `Offset' is the number of
hours that daylight-saving time is behind UTC.
The default is 1 hour ahead of standard time.
<item> `Date/Time,Date/Time' specify when daylight-saving
time starts and ends. The format for a date is
`Mm.n.d', which specifies the dth day (0 is Sunday)
of the nth week of the mth month, where week 5 means
the last such day in the month. The format for a
time is [h]h[:mm[:ss]], using a 24-hour clock.
</itemize>
Other Posix string formats are allowed but you don't want
to know about them.
</enum>
</enum>
On the client side, you must make sure that your client's clock and
time zone is also set appropriately. [[I don't know how to do this.]]
Samba traditionally has had many problems dealing with time zones, due
to the bizarre ways that Microsoft network protocols handle time
zones. A common symptom is for file timestamps to be off by an hour.
To work around the problem, try disconnecting from your Samba server
and then reconnecting to it; or upgrade your Samba server to
1.9.16alpha10 or later.
<sect1> How do I set the printer driver name correctly? <p><label id="printer_driver_name">
Question:
On NT, I opened "Printer Manager" and "Connect to Printer".
Enter ["\\ptdi270\ps1"] in the box of printer. I got the
following error message:
<tscreen><verb>
You do not have sufficient access to your machine
to connect to the selected printer, since a driver
needs to be installed locally.
</verb></tscreen>
Answer:
In the more recent versions of Samba you can now set the "printer
driver" in smb.conf. This tells the client what driver to use. For
example:
<tscreen><verb>
printer driver = HP LaserJet 4L
</verb></tscreen>
with this, NT knows to use the right driver. You have to get this string
exactly right.
To find the exact string to use, you need to get to the dialog box in
your client where you select which printer driver to install. The
correct strings for all the different printers are shown in a listbox
in that dialog box.
You could also try setting the driver to NULL like this:
<tscreen><verb>
printer driver = NULL
</verb></tscreen>
this is effectively what older versions of Samba did, so if that
worked for you then give it a go. If this does work then let us know via <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">,
and we'll make it the default. Currently the default is a 0 length
string.
<sect1>I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?<p><label id="NT_SP3_FIX">
As of SP3, Microsoft has decided that they will no longer default to
passing clear text passwords over the network. To enable access to
Samba shares from NT 4.0 SP3, you must do <bf>ONE</bf> of two things:
<enum>
<item> Set the Samba configuration option 'security = user' and implement all of the stuff detailed in <url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt">.
<item> Follow Microsoft's directions for setting your NT box to allow plain text passwords. see <url url="http://www.microsoft.com/kb/articles/q166/7/30.htm" name="Knowledge Base Article Q166730">
</enum>
<sect>Specific client application problems<p> <label id="client_problems">
<sect1>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"<p> <label id="cant_change_properties">
When installing MS Office on a Samba drive for which you have admin
user permissions, ie. admin users = username, you will find the
setup program unable to complete the installation.
To get around this problem, do the installation without admin user
permissions The problem is that MS Office Setup checks that a file is
rdonly by trying to open it for writing.
Admin users can always open a file for writing, as they run as root.
You just have to install as a non-admin user and then use "chown -R"
to fix the owner.
<sect>Miscellaneous<p> <label id="miscellaneous">
<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant">
The CIFS protocol that Samba implements
negotiates times in various formats, all of which
are able to cope with dates beyond 2000.
</article>

1122
docs/faq/sambafaq.txt
View File

File diff suppressed because it is too large Load Diff

741
docs/htmldocs/Browsing.html
View File

@ -1,741 +0,0 @@
<HTML
><HEAD
><TITLE
>Improved browsing in samba</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="IMPROVED-BROWSING"
>Improved browsing in samba</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Overview of browsing</A
></H1
><P
>SMB networking provides a mechanism by which clients can access a list
of machines in a network, a so-called "browse list". This list
contains machines that are ready to offer file and/or print services
to other machines within the network. Thus it does not include
machines which aren't currently able to do server tasks. The browse
list is heavily used by all SMB clients. Configuration of SMB
browsing has been problematic for some Samba users, hence this
document.</P
><P
>Browsing will NOT work if name resolution from NetBIOS names to IP
addresses does not function correctly. Use of a WINS server is highly
recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
WINS allows remote segment clients to obtain NetBIOS name_type information
that can NOT be provided by any other means of name resolution.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN7"
>Browsing support in samba</A
></H1
><P
>Samba now fully supports browsing. The browsing is supported by nmbd
and is also controlled by options in the smb.conf file (see smb.conf(5)).</P
><P
>Samba can act as a local browse master for a workgroup and the ability
for samba to support domain logons and scripts is now available. See
DOMAIN.txt for more information on domain logons.</P
><P
>Samba can also act as a domain master browser for a workgroup. This
means that it will collate lists from local browse masters into a
wide area network server list. In order for browse clients to
resolve the names they may find in this list, it is recommended that
both samba and your clients use a WINS server.</P
><P
>Note that you should NOT set Samba to be the domain master for a
workgroup that has the same name as an NT Domain: on each wide area
network, you must only ever have one domain master browser per workgroup,
regardless of whether it is NT, Samba or any other type of domain master
that is providing this service.</P
><P
>[Note that nmbd can be configured as a WINS server, but it is not
necessary to specifically use samba as your WINS server. NTAS can
be configured as your WINS server. In a mixed NT server and
samba environment on a Wide Area Network, it is recommended that
you use the NT server's WINS server capabilities. In a samba-only
environment, it is recommended that you use one and only one nmbd
as your WINS server].</P
><P
>To get browsing to work you need to run nmbd as usual, but will need
to use the "workgroup" option in smb.conf to control what workgroup
Samba becomes a part of.</P
><P
>Samba also has a useful option for a Samba server to offer itself for
browsing on another subnet. It is recommended that this option is only
used for 'unusual' purposes: announcements over the internet, for
example. See "remote announce" in the smb.conf man page. </P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN16"
>Problem resolution</A
></H1
><P
>If something doesn't work then hopefully the log.nmb file will help
you track down the problem. Try a debug level of 2 or 3 for finding
problems. Also note that the current browse list usually gets stored
in text form in a file called browse.dat.</P
><P
>Note that if it doesn't work for you, then you should still be able to
type the server name as \\SERVER in filemanager then hit enter and
filemanager should display the list of available shares.</P
><P
>Some people find browsing fails because they don't have the global
"guest account" set to a valid account. Remember that the IPC$
connection that lists the shares is done as guest, and thus you must
have a valid guest account.</P
><P
>Also, a lot of people are getting bitten by the problem of too many
parameters on the command line of nmbd in inetd.conf. This trick is to
not use spaces between the option and the parameter (eg: -d2 instead
of -d 2), and to not use the -B and -N options. New versions of nmbd
are now far more likely to correctly find your broadcast and network
address, so in most cases these aren't needed.</P
><P
>The other big problem people have is that their broadcast address,
netmask or IP address is wrong (specified with the "interfaces" option
in smb.conf)</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN23"
>Browsing across subnets</A
></H1
><P
>With the release of Samba 1.9.17(alpha1 and above) Samba has been
updated to enable it to support the replication of browse lists
across subnet boundaries. New code and options have been added to
achieve this. This section describes how to set this feature up
in different settings.</P
><P
>To see browse lists that span TCP/IP subnets (ie. networks separated
by routers that don't pass broadcast traffic) you must set up at least
one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing
NetBIOS name to IP address translation to be done by doing a direct
query of the WINS server. This is done via a directed UDP packet on
port 137 to the WINS server machine. The reason for a WINS server is
that by default, all NetBIOS name to IP address translation is done
by broadcasts from the querying machine. This means that machines
on one subnet will not be able to resolve the names of machines on
another subnet without using a WINS server.</P
><P
>Remember, for browsing across subnets to work correctly, all machines,
be they Windows 95, Windows NT, or Samba servers must have the IP address
of a WINS server given to them by a DHCP server, or by manual configuration
(for Win95 and WinNT, this is in the TCP/IP Properties, under Network
settings) for Samba this is in the smb.conf file.</P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN28"
>How does cross subnet browsing work ?</A
></H2
><P
>Cross subnet browsing is a complicated dance, containing multiple
moving parts. It has taken Microsoft several years to get the code
that achieves this correct, and Samba lags behind in some areas.
However, with the 1.9.17 release, Samba is capable of cross subnet
browsing when configured correctly.</P
><P
>Consider a network set up as follows :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> (DMB)
N1_A N1_B N1_C N1_D N1_E
| | | | |
-------------------------------------------------------
| subnet 1 |
+---+ +---+
|R1 | Router 1 Router 2 |R2 |
+---+ +---+
| |
| subnet 2 subnet 3 |
-------------------------- ------------------------------------
| | | | | | | |
N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D
(WINS)</PRE
></P
><P
>Consisting of 3 subnets (1, 2, 3) connected by two routers
(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines
on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume
for the moment that all these machines are configured to be in the
same workgroup (for simplicities sake). Machine N1_C on subnet 1
is configured as Domain Master Browser (ie. it will collate the
browse lists for the workgroup). Machine N2_D is configured as
WINS server and all the other machines are configured to register
their NetBIOS names with it.</P
><P
>As all these machines are booted up, elections for master browsers
will take place on each of the three subnets. Assume that machine
N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
subnet 3 - these machines are known as local master browsers for
their particular subnet. N1_C has an advantage in winning as the
local master browser on subnet 1 as it is set up as Domain Master
Browser.</P
><P
>On each of the three networks, machines that are configured to
offer sharing services will broadcast that they are offering
these services. The local master browser on each subnet will
receive these broadcasts and keep a record of the fact that
the machine is offering a service. This list of records is
the basis of the browse list. For this case, assume that
all the machines are configured to offer services so all machines
will be on the browse list.</P
><P
>For each network, the local master browser on that network is
considered 'authoritative' for all the names it receives via
local broadcast. This is because a machine seen by the local
master browser via a local broadcast must be on the same
network as the local master browser and thus is a 'trusted'
and 'verifiable' resource. Machines on other networks that
the local master browsers learn about when collating their
browse lists have not been directly seen - these records are
called 'non-authoritative'.</P
><P
>At this point the browse lists look as follows (these are
the machines you would see in your network neighborhood if
you looked in it on a particular network right now).</P
><P
><PRE
CLASS="PROGRAMLISTING"
>Subnet Browse Master List
------ ------------- ----
Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E
Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
Subnet3 N3_D N3_A, N3_B, N3_C, N3_D</PRE
></P
><P
>Note that at this point all the subnets are separate, no
machine is seen across any of the subnets.</P
><P
>Now examine subnet 2. As soon as N2_B has become the local
master browser it looks for a Domain master browser to synchronize
its browse list with. It does this by querying the WINS server
(N2_D) for the IP address associated with the NetBIOS name
WORKGROUP&gt;1B&lt;. This name was registerd by the Domain master
browser (N1_C) with the WINS server as soon as it was booted.</P
><P
>Once N2_B knows the address of the Domain master browser it
tells it that is the local master browser for subnet 2 by
sending a MasterAnnouncement packet as a UDP port 138 packet.
It then synchronizes with it by doing a NetServerEnum2 call. This
tells the Domain Master Browser to send it all the server
names it knows about. Once the domain master browser receives
the MasterAnnouncement packet it schedules a synchronization
request to the sender of that packet. After both synchronizations
are done the browse lists look like :</P
><P
><PRE
CLASS="PROGRAMLISTING"
>Subnet Browse Master List
------ ------------- ----
Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
N2_A(*), N2_B(*), N2_C(*), N2_D(*)
Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
Servers with a (*) after them are non-authoritative names.</PRE
></P
><P
>At this point users looking in their network neighborhood on
subnets 1 or 2 will see all the servers on both, users on
subnet 3 will still only see the servers on their own subnet.</P
><P
>The same sequence of events that occured for N2_B now occurs
for the local master browser on subnet 3 (N3_D). When it
synchronizes browse lists with the domain master browser (N1_A)
it gets both the server entries on subnet 1, and those on
subnet 2. After N3_D has synchronized with N1_C and vica-versa
the browse lists look like.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>Subnet Browse Master List
------ ------------- ----
Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
N2_A(*), N2_B(*), N2_C(*), N2_D(*),
N3_A(*), N3_B(*), N3_C(*), N3_D(*)
Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
N2_A(*), N2_B(*), N2_C(*), N2_D(*)
Servers with a (*) after them are non-authoritative names.</PRE
></P
><P
>At this point users looking in their network neighborhood on
subnets 1 or 3 will see all the servers on all sunbets, users on
subnet 2 will still only see the servers on subnets 1 and 2, but not 3.</P
><P
>Finally, the local master browser for subnet 2 (N2_B) will sync again
with the domain master browser (N1_C) and will recieve the missing
server entries. Finally - and as a steady state (if no machines
are removed or shut off) the browse lists will look like :</P
><P
><PRE
CLASS="PROGRAMLISTING"
>Subnet Browse Master List
------ ------------- ----
Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
N2_A(*), N2_B(*), N2_C(*), N2_D(*),
N3_A(*), N3_B(*), N3_C(*), N3_D(*)
Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
N3_A(*), N3_B(*), N3_C(*), N3_D(*)
Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
N2_A(*), N2_B(*), N2_C(*), N2_D(*)
Servers with a (*) after them are non-authoritative names.</PRE
></P
><P
>Synchronizations between the domain master browser and local
master browsers will continue to occur, but this should be a
steady state situation.</P
><P
>If either router R1 or R2 fails the following will occur:</P
><P
></P
><OL
TYPE="1"
><LI
><P
> Names of computers on each side of the inaccessible network fragments
will be maintained for as long as 36 minutes, in the network neighbourhood
lists.
</P
></LI
><LI
><P
> Attempts to connect to these inaccessible computers will fail, but the
names will not be removed from the network neighbourhood lists.
</P
></LI
><LI
><P
> If one of the fragments is cut off from the WINS server, it will only
be able to access servers on its local subnet, by using subnet-isolated
broadcast NetBIOS name resolution. The effects are similar to that of
losing access to a DNS server.
</P
></LI
></OL
></DIV
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN63"
>Setting up a WINS server</A
></H1
><P
>Either a Samba machine or a Windows NT Server machine may be set up
as a WINS server. To set a Samba machine to be a WINS server you must
add the following option to the smb.conf file on the selected machine :
in the [globals] section add the line </P
><P
><B
CLASS="COMMAND"
> wins support = yes</B
></P
><P
>Versions of Samba previous to 1.9.17 had this parameter default to
yes. If you have any older versions of Samba on your network it is
strongly suggested you upgrade to 1.9.17 or above, or at the very
least set the parameter to 'no' on all these machines.</P
><P
>Machines with "<B
CLASS="COMMAND"
>wins support = yes</B
>" will keep a list of
all NetBIOS names registered with them, acting as a DNS for NetBIOS names.</P
><P
>You should set up only ONE wins server. Do NOT set the
"<B
CLASS="COMMAND"
>wins support = yes</B
>" option on more than one Samba
server.</P
><P
>To set up a Windows NT Server as a WINS server you need to set up
the WINS service - see your NT documentation for details. Note that
Windows NT WINS Servers can replicate to each other, allowing more
than one to be set up in a complex subnet environment. As Microsoft
refuse to document these replication protocols Samba cannot currently
participate in these replications. It is possible in the future that
a Samba-&#62;Samba WINS replication protocol may be defined, in which
case more than one Samba machine could be set up as a WINS server
but currently only one Samba server should have the "wins support = yes"
parameter set.</P
><P
>After the WINS server has been configured you must ensure that all
machines participating on the network are configured with the address
of this WINS server. If your WINS server is a Samba machine, fill in
the Samba machine IP address in the "Primary WINS Server" field of
the "Control Panel-&#62;Network-&#62;Protocols-&#62;TCP-&#62;WINS Server" dialogs
in Windows 95 or Windows NT. To tell a Samba server the IP address
of the WINS server add the following line to the [global] section of
all smb.conf files :</P
><P
><B
CLASS="COMMAND"
> wins server = &gt;name or IP address&lt;</B
></P
><P
>where &gt;name or IP address&lt; is either the DNS name of the WINS server
machine or its IP address.</P
><P
>Note that this line MUST NOT BE SET in the smb.conf file of the Samba
server acting as the WINS server itself. If you set both the
"<B
CLASS="COMMAND"
>wins support = yes</B
>" option and the
"<B
CLASS="COMMAND"
>wins server = &gt;name&lt;</B
>" option then
nmbd will fail to start.</P
><P
>There are two possible scenarios for setting up cross subnet browsing.
The first details setting up cross subnet browsing on a network containing
Windows 95, Samba and Windows NT machines that are not configured as
part of a Windows NT Domain. The second details setting up cross subnet
browsing on networks that contain NT Domains.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN82"
>Setting up Browsing in a WORKGROUP</A
></H1
><P
>To set up cross subnet browsing on a network containing machines
in up to be in a WORKGROUP, not an NT Domain you need to set up one
Samba server to be the Domain Master Browser (note that this is *NOT*
the same as a Primary Domain Controller, although in an NT Domain the
same machine plays both roles). The role of a Domain master browser is
to collate the browse lists from local master browsers on all the
subnets that have a machine participating in the workgroup. Without
one machine configured as a domain master browser each subnet would
be an isolated workgroup, unable to see any machines on any other
subnet. It is the presense of a domain master browser that makes
cross subnet browsing possible for a workgroup.</P
><P
>In an WORKGROUP environment the domain master browser must be a
Samba server, and there must only be one domain master browser per
workgroup name. To set up a Samba server as a domain master browser,
set the following option in the [global] section of the smb.conf file :</P
><P
><B
CLASS="COMMAND"
> domain master = yes</B
></P
><P
>The domain master browser should also preferrably be the local master
browser for its own subnet. In order to achieve this set the following
options in the [global] section of the smb.conf file :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> domain master = yes
local master = yes
preferred master = yes
os level = 65</PRE
></P
><P
>The domain master browser may be the same machine as the WINS
server, if you require.</P
><P
>Next, you should ensure that each of the subnets contains a
machine that can act as a local master browser for the
workgroup. Any NT machine should be able to do this, as will
Windows 95 machines (although these tend to get rebooted more
often, so it's not such a good idea to use these). To make a
Samba server a local master browser set the following
options in the [global] section of the smb.conf file :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> domain master = no
local master = yes
preferred master = yes
os level = 65</PRE
></P
><P
>Do not do this for more than one Samba server on each subnet,
or they will war with each other over which is to be the local
master browser.</P
><P
>The "local master" parameter allows Samba to act as a local master
browser. The "preferred master" causes nmbd to force a browser
election on startup and the "os level" parameter sets Samba high
enough so that it should win any browser elections.</P
><P
>If you have an NT machine on the subnet that you wish to
be the local master browser then you can disable Samba from
becoming a local master browser by setting the following
options in the [global] section of the smb.conf file :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> domain master = no
local master = no
preferred master = no
os level = 0</PRE
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN100"
>Setting up Browsing in a DOMAIN</A
></H1
><P
>If you are adding Samba servers to a Windows NT Domain then
you must not set up a Samba server as a domain master browser.
By default, a Windows NT Primary Domain Controller for a Domain
name is also the Domain master browser for that name, and many
things will break if a Samba server registers the Domain master
browser NetBIOS name (DOMAIN&gt;1B&lt;) with WINS instead of the PDC.</P
><P
>For subnets other than the one containing the Windows NT PDC
you may set up Samba servers as local master browsers as
described. To make a Samba server a local master browser set
the following options in the [global] section of the smb.conf
file :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> domain master = no
local master = yes
preferred master = yes
os level = 65</PRE
></P
><P
>If you wish to have a Samba server fight the election with machines
on the same subnet you may set the "os level" parameter to lower
levels. By doing this you can tune the order of machines that
will become local master browsers if they are running. For
more details on this see the section "FORCING SAMBA TO BE THE MASTER"
below.</P
><P
>If you have Windows NT machines that are members of the domain
on all subnets, and you are sure they will always be running then
you can disable Samba from taking part in browser elections and
ever becoming a local master browser by setting following options
in the [global] section of the smb.conf file :</P
><P
><B
CLASS="COMMAND"
> domain master = no
local master = no
preferred master = no
os level = 0</B
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN110"
>Forcing samba to be the master</A
></H1
><P
>Who becomes the "master browser" is determined by an election process
using broadcasts. Each election packet contains a number of parameters
which determine what precedence (bias) a host should have in the
election. By default Samba uses a very low precedence and thus loses
elections to just about anyone else.</P
><P
>If you want Samba to win elections then just set the "os level" global
option in smb.conf to a higher number. It defaults to 0. Using 34
would make it win all elections over every other system (except other
samba systems!)</P
><P
>A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A
NTAS domain controller uses level 32.</P
><P
>The maximum os level is 255</P
><P
>If you want samba to force an election on startup, then set the
"preferred master" global option in smb.conf to "yes". Samba will
then have a slight advantage over other potential master browsers
that are not preferred master browsers. Use this parameter with
care, as if you have two hosts (whether they are windows 95 or NT or
samba) on the same local subnet both set with "preferred master" to
"yes", then periodically and continually they will force an election
in order to become the local master browser.</P
><P
>If you want samba to be a "domain master browser", then it is
recommended that you also set "preferred master" to "yes", because
samba will not become a domain master browser for the whole of your
LAN or WAN if it is not also a local master browser on its own
broadcast isolated subnet.</P
><P
>It is possible to configure two samba servers to attempt to become
the domain master browser for a domain. The first server that comes
up will be the domain master browser. All other samba servers will
attempt to become the domain master browser every 5 minutes. They
will find that another samba server is already the domain master
browser and will fail. This provides automatic redundancy, should
the current domain master browser fail.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN119"
>Making samba the domain master</A
></H1
><P
>The domain master is responsible for collating the browse lists of
multiple subnets so that browsing can occur between subnets. You can
make samba act as the domain master by setting "domain master = yes"
in smb.conf. By default it will not be a domain master.</P
><P
>Note that you should NOT set Samba to be the domain master for a
workgroup that has the same name as an NT Domain.</P
><P
>When samba is the domain master and the master browser it will listen
for master announcements (made roughly every twelve minutes) from local
master browsers on other subnets and then contact them to synchronise
browse lists.</P
><P
>If you want samba to be the domain master then I suggest you also set
the "os level" high enough to make sure it wins elections, and set
"preferred master" to "yes", to get samba to force an election on
startup.</P
><P
>Note that all your servers (including samba) and clients should be
using a WINS server to resolve NetBIOS names. If your clients are only
using broadcasting to resolve NetBIOS names, then two things will occur:</P
><P
></P
><OL
TYPE="1"
><LI
><P
> your local master browsers will be unable to find a domain master
browser, as it will only be looking on the local subnet.
</P
></LI
><LI
><P
> if a client happens to get hold of a domain-wide browse list, and
a user attempts to access a host in that list, it will be unable to
resolve the NetBIOS name of that host.
</P
></LI
></OL
><P
>If, however, both samba and your clients are using a WINS server, then:</P
><P
></P
><OL
TYPE="1"
><LI
><P
> your local master browsers will contact the WINS server and, as long as
samba has registered that it is a domain master browser with the WINS
server, your local master browser will receive samba's ip address
as its domain master browser.
</P
></LI
><LI
><P
> when a client receives a domain-wide browse list, and a user attempts
to access a host in that list, it will contact the WINS server to
resolve the NetBIOS name of that host. as long as that host has
registered its NetBIOS name with the same WINS server, the user will
be able to see that host.
</P
></LI
></OL
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN137"
>Note about broadcast addresses</A
></H1
><P
>If your network uses a "0" based broadcast address (for example if it
ends in a 0) then you will strike problems. Windows for Workgroups
does not seem to support a 0's broadcast and you will probably find
that browsing and name lookups won't work.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN140"
>Multiple interfaces</A
></H1
><P
>Samba now supports machines with multiple network interfaces. If you
have multiple interfaces then you will need to use the "interfaces"
option in smb.conf to configure them. See smb.conf(5) for details.</P
></DIV
></DIV
></BODY
></HTML
>

238
docs/htmldocs/Bugs.html
View File

@ -1,238 +0,0 @@
<HTML
><HEAD
><TITLE
>Reporting Bugs</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="BUGREPORT"
>Reporting Bugs</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Introduction</A
></H1
><P
>The email address for bug reports is samba@samba.org</P
><P
>Please take the time to read this file before you submit a bug
report. Also, please see if it has changed between releases, as we
may be changing the bug reporting mechanism at some time.</P
><P
>Please also do as much as you can yourself to help track down the
bug. Samba is maintained by a dedicated group of people who volunteer
their time, skills and efforts. We receive far more mail about it than
we can possibly answer, so you have a much higher chance of an answer
and a fix if you send us a "developer friendly" bug report that lets
us fix it fast. </P
><P
>Do not assume that if you post the bug to the comp.protocols.smb
newsgroup or the mailing list that we will read it. If you suspect that your
problem is not a bug but a configuration problem then it is better to send
it to the Samba mailing list, as there are (at last count) 5000 other users on
that list that may be able to help you.</P
><P
>You may also like to look though the recent mailing list archives,
which are conveniently accessible on the Samba web pages
at http://samba.org/samba/ </P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN10"
>General info</A
></H1
><P
>Before submitting a bug report check your config for silly
errors. Look in your log files for obvious messages that tell you that
you've misconfigured something and run testparm to test your config
file for correct syntax.</P
><P
>Have you run through the <A
HREF="Diagnosis.html"
TARGET="_top"
>diagnosis</A
>?
This is very important.</P
><P
>If you include part of a log file with your bug report then be sure to
annotate it with exactly what you were doing on the client at the
time, and exactly what the results were.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN16"
>Debug levels</A
></H1
><P
>If the bug has anything to do with Samba behaving incorrectly as a
server (like refusing to open a file) then the log files will probably
be very useful. Depending on the problem a log level of between 3 and
10 showing the problem may be appropriate. A higher level givesmore
detail, but may use too much disk space.</P
><P
>To set the debug level use <B
CLASS="COMMAND"
>log level =</B
> in your
<TT
CLASS="FILENAME"
>smb.conf</TT
>. You may also find it useful to set the log
level higher for just one machine and keep separate logs for each machine.
To do this use:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>log level = 10
log file = /usr/local/samba/lib/log.%m
include = /usr/local/samba/lib/smb.conf.%m</PRE
></P
><P
>then create a file
<TT
CLASS="FILENAME"
>/usr/local/samba/lib/smb.conf.machine</TT
> where
"machine" is the name of the client you wish to debug. In that file
put any smb.conf commands you want, for example
<B
CLASS="COMMAND"
>log level=</B
> may be useful. This also allows you to
experiment with different security systems, protocol levels etc on just
one machine.</P
><P
>The <TT
CLASS="FILENAME"
>smb.conf</TT
> entry <B
CLASS="COMMAND"
>log level =</B
>
is synonymous with the entry <B
CLASS="COMMAND"
>debuglevel =</B
> that has been
used in older versions of Samba and is being retained for backwards
compatibility of smb.conf files.</P
><P
>As the <B
CLASS="COMMAND"
>log level =</B
> value is increased you will record
a significantly increasing level of debugging information. For most
debugging operations you may not need a setting higher than 3. Nearly
all bugs can be tracked at a setting of 10, but be prepared for a VERY
large volume of log data.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN33"
>Internal errors</A
></H1
><P
>If you get a "INTERNAL ERROR" message in your log files it means that
Samba got an unexpected signal while running. It is probably a
segmentation fault and almost certainly means a bug in Samba (unless
you have faulty hardware or system software)</P
><P
>If the message came from smbd then it will probably be accompanied by
a message which details the last SMB message received by smbd. This
info is often very useful in tracking down the problem so please
include it in your bug report.</P
><P
>You should also detail how to reproduce the problem, if
possible. Please make this reasonably detailed.</P
><P
>You may also find that a core file appeared in a "corefiles"
subdirectory of the directory where you keep your samba log
files. This file is the most useful tool for tracking down the bug. To
use it you do this:</P
><P
><B
CLASS="COMMAND"
>gdb smbd core</B
></P
><P
>adding appropriate paths to smbd and core so gdb can find them. If you
don't have gdb then try "dbx". Then within the debugger use the
command "where" to give a stack trace of where the problem
occurred. Include this in your mail.</P
><P
>If you known any assembly language then do a "disass" of the routine
where the problem occurred (if its in a library routine then
disassemble the routine that called it) and try to work out exactly
where the problem is by looking at the surrounding code. Even if you
don't know assembly then incuding this info in the bug report can be
useful. </P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN43"
>Attaching to a running process</A
></H1
><P
>Unfortunately some unixes (in particular some recent linux kernels)
refuse to dump a core file if the task has changed uid (which smbd
does often). To debug with this sort of system you could try to attach
to the running process using "gdb smbd PID" where you get PID from
smbstatus. Then use "c" to continue and try to cause the core dump
using the client. The debugger should catch the fault and tell you
where it occurred.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN46"
>Patches</A
></H1
><P
>The best sort of bug report is one that includes a fix! If you send us
patches please use <B
CLASS="COMMAND"
>diff -u</B
> format if your version of
diff supports it, otherwise use <B
CLASS="COMMAND"
>diff -c4</B
>. Make sure
your do the diff against a clean version of the source and let me know
exactly what version you used. </P
></DIV
></DIV
></BODY
></HTML
>

193
docs/htmldocs/CVS-Access.html
View File

@ -1,193 +0,0 @@
<HTML
><HEAD
><TITLE
>HOWTO Access Samba source code via CVS</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="CVS-ACCESS"
>HOWTO Access Samba source code via CVS</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Introduction</A
></H1
><P
>Samba is developed in an open environment. Developers use CVS
(Concurrent Versioning System) to "checkin" (also known as
"commit") new source code. Samba's various CVS branches can
be accessed via anonymous CVS using the instructions
detailed in this chapter.</P
><P
>This document is a modified version of the instructions found at
<A
HREF="http://samba.org/samba/cvs.html"
TARGET="_top"
>http://samba.org/samba/cvs.html</A
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN8"
>CVS Access to samba.org</A
></H1
><P
>The machine samba.org runs a publicly accessible CVS
repository for access to the source code of several packages,
including samba, rsync and jitterbug. There are two main ways of
accessing the CVS server on this host.</P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN11"
>Access via CVSweb</A
></H2
><P
>You can access the source code via your
favourite WWW browser. This allows you to access the contents of
individual files in the repository and also to look at the revision
history and commit logs of individual files. You can also ask for a diff
listing between any two versions on the repository.</P
><P
>Use the URL : <A
HREF="http://samba.org/cgi-bin/cvsweb"
TARGET="_top"
>http://samba.org/cgi-bin/cvsweb</A
></P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN16"
>Access via cvs</A
></H2
><P
>You can also access the source code via a
normal cvs client. This gives you much more control over you can
do with the repository and allows you to checkout whole source trees
and keep them up to date via normal cvs commands. This is the
preferred method of access if you are a developer and not
just a casual browser.</P
><P
>To download the latest cvs source code, point your
browser at the URL : <A
HREF="http://www.cyclic.com/"
TARGET="_top"
>http://www.cyclic.com/</A
>.
and click on the 'How to get cvs' link. CVS is free software under
the GNU GPL (as is Samba). Note that there are several graphical CVS clients
which provide a graphical interface to the sometimes mundane CVS commands.
Links to theses clients are also available from http://www.cyclic.com.</P
><P
>To gain access via anonymous cvs use the following steps.
For this example it is assumed that you want a copy of the
samba source code. For the other source code repositories
on this system just substitute the correct package name</P
><P
></P
><OL
TYPE="1"
><LI
><P
> Install a recent copy of cvs. All you really need is a
copy of the cvs client binary.
</P
></LI
><LI
><P
> Run the command
</P
><P
> <B
CLASS="COMMAND"
>cvs -d :pserver:cvs@samba.org:/cvsroot login</B
>
</P
><P
> When it asks you for a password type <TT
CLASS="USERINPUT"
><B
>cvs</B
></TT
>.
</P
></LI
><LI
><P
> Run the command
</P
><P
> <B
CLASS="COMMAND"
>cvs -d :pserver:cvs@samba.org:/cvsroot co samba</B
>
</P
><P
> This will create a directory called samba containing the
latest samba source code (i.e. the HEAD tagged cvs branch). This
currently corresponds to the 3.0 development tree.
</P
><P
> CVS branches other HEAD can be obtained by using the <TT
CLASS="PARAMETER"
><I
>-r</I
></TT
>
and defining a tag name. A list of branch tag names can be found on the
"Development" page of the samba web site. A common request is to obtain the
latest 2.2 release code. This could be done by using the following command.
</P
><P
> <B
CLASS="COMMAND"
>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</B
>
</P
></LI
><LI
><P
> Whenever you want to merge in the latest code changes use
the following command from within the samba directory:
</P
><P
> <B
CLASS="COMMAND"
>cvs update -d -P</B
>
</P
></LI
></OL
></DIV
></DIV
></DIV
></BODY
></HTML
>

372
docs/htmldocs/DOMAIN_MEMBER.html
View File

@ -1,372 +0,0 @@
<HTML
><HEAD
><TITLE
>security = domain in Samba 2.x</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="DOMAIN-SECURITY"
>security = domain in Samba 2.x</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Joining an NT Domain with Samba 2.2</A
></H1
><P
>Assume you have a Samba 2.x server with a NetBIOS name of
<TT
CLASS="CONSTANT"
>SERV1</TT
> and are joining an NT domain called
<TT
CLASS="CONSTANT"
>DOM</TT
>, which has a PDC with a NetBIOS name
of <TT
CLASS="CONSTANT"
>DOMPDC</TT
> and two backup domain controllers
with NetBIOS names <TT
CLASS="CONSTANT"
>DOMBDC1</TT
> and <TT
CLASS="CONSTANT"
>DOMBDC2
</TT
>.</P
><P
>In order to join the domain, first stop all Samba daemons
and run the command:</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>smbpasswd -j DOM -r DOMPDC
-U<TT
CLASS="REPLACEABLE"
><I
>Administrator%password</I
></TT
></B
></TT
></P
><P
>as we are joining the domain DOM and the PDC for that domain
(the only machine that has write access to the domain SAM database)
is DOMPDC. The <TT
CLASS="REPLACEABLE"
><I
>Administrator%password</I
></TT
> is
the login name and password for an account which has the necessary
privilege to add machines to the domain. If this is successful
you will see the message:</P
><P
><TT
CLASS="COMPUTEROUTPUT"
>smbpasswd: Joined domain DOM.</TT
>
</P
><P
>in your terminal window. See the <A
HREF="smbpasswd.8.html"
TARGET="_top"
> smbpasswd(8)</A
> man page for more details.</P
><P
>There is existing development code to join a domain
without having to create the machine trust account on the PDC
beforehand. This code will hopefully be available soon
in release branches as well.</P
><P
>This command goes through the machine account password
change protocol, then writes the new (random) machine account
password for this Samba server into a file in the same directory
in which an smbpasswd file would be stored - normally :</P
><P
><TT
CLASS="FILENAME"
>/usr/local/samba/private</TT
></P
><P
>In Samba 2.0.x, the filename looks like this:</P
><P
><TT
CLASS="FILENAME"
><TT
CLASS="REPLACEABLE"
><I
>&lt;NT DOMAIN NAME&gt;</I
></TT
>.<TT
CLASS="REPLACEABLE"
><I
>&lt;Samba
Server Name&gt;</I
></TT
>.mac</TT
></P
><P
>The <TT
CLASS="FILENAME"
>.mac</TT
> suffix stands for machine account
password file. So in our example above, the file would be called:</P
><P
><TT
CLASS="FILENAME"
>DOM.SERV1.mac</TT
></P
><P
>In Samba 2.2, this file has been replaced with a TDB
(Trivial Database) file named <TT
CLASS="FILENAME"
>secrets.tdb</TT
>.
</P
><P
>This file is created and owned by root and is not
readable by any other user. It is the key to the domain-level
security for your system, and should be treated as carefully
as a shadow password file.</P
><P
>Now, before restarting the Samba daemons you must
edit your <A
HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>smb.conf(5)</TT
>
</A
> file to tell Samba it should now use domain security.</P
><P
>Change (or add) your <A
HREF="smb.conf.5.html#SECURITY"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>security =</I
></TT
></A
> line in the [global] section
of your smb.conf to read:</P
><P
><B
CLASS="COMMAND"
>security = domain</B
></P
><P
>Next change the <A
HREF="smb.conf.5.html#WORKGROUP"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
> workgroup =</I
></TT
></A
> line in the [global] section to read: </P
><P
><B
CLASS="COMMAND"
>workgroup = DOM</B
></P
><P
>as this is the name of the domain we are joining. </P
><P
>You must also have the parameter <A
HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>encrypt passwords</I
></TT
></A
> set to <TT
CLASS="CONSTANT"
>yes
</TT
> in order for your users to authenticate to the NT PDC.</P
><P
>Finally, add (or modify) a <A
HREF="smb.conf.5.html#PASSWORDSERVER"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>password server =</I
></TT
></A
> line in the [global]
section to read: </P
><P
><B
CLASS="COMMAND"
>password server = DOMPDC DOMBDC1 DOMBDC2</B
></P
><P
>These are the primary and backup domain controllers Samba
will attempt to contact in order to authenticate users. Samba will
try to contact each of these servers in order, so you may want to
rearrange this list in order to spread out the authentication load
among domain controllers.</P
><P
>Alternatively, if you want smbd to automatically determine
the list of Domain controllers to use for authentication, you may
set this line to be :</P
><P
><B
CLASS="COMMAND"
>password server = *</B
></P
><P
>This method, which was introduced in Samba 2.0.6,
allows Samba to use exactly the same mechanism that NT does. This
method either broadcasts or uses a WINS database in order to
find domain controllers to authenticate against.</P
><P
>Finally, restart your Samba daemons and get ready for
clients to begin using domain security!</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN67"
>Samba and Windows 2000 Domains</A
></H1
><P
>Many people have asked regarding the state of Samba's ability to participate in
a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows
2000 domain operating in mixed or native mode.</P
><P
>There is much confusion between the circumstances that require a "mixed" mode
Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode
Win2k domain controller is only needed if Windows NT BDCs must exist in the same
domain. By default, a Win2k DC in "native" mode will still support
NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and
NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server.</P
><P
>The steps for adding a Samba 2.2 host to a Win2k domain are the same as those
for adding a Samba server to a Windows NT 4.0 domain. The only exception is that
the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and
Computers" MMC (Microsoft Management Console) plugin.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN72"
>Why is this better than security = server?</A
></H1
><P
>Currently, domain security in Samba doesn't free you from
having to create local Unix users to represent the users attaching
to your server. This means that if domain user <TT
CLASS="CONSTANT"
>DOM\fred
</TT
> attaches to your domain security Samba server, there needs
to be a local Unix user fred to represent that user in the Unix
filesystem. This is very similar to the older Samba security mode
<A
HREF="smb.conf.5.html#SECURITYEQUALSSERVER"
TARGET="_top"
>security = server</A
>,
where Samba would pass through the authentication request to a Windows
NT server in the same way as a Windows 95 or Windows 98 server would.
</P
><P
>Please refer to the <A
HREF="winbind.html"
TARGET="_top"
>Winbind
paper</A
> for information on a system to automatically
assign UNIX uids and gids to Windows NT Domain users and groups.
This code is available in development branches only at the moment,
but will be moved to release branches soon.</P
><P
>The advantage to domain-level security is that the
authentication in domain-level security is passed down the authenticated
RPC channel in exactly the same way that an NT server would do it. This
means Samba servers now participate in domain trust relationships in
exactly the same way NT servers do (i.e., you can add Samba servers into
a resource domain and have the authentication passed on from a resource
domain PDC to an account domain PDC.</P
><P
>In addition, with <B
CLASS="COMMAND"
>security = server</B
> every Samba
daemon on a server has to keep a connection open to the
authenticating server for as long as that daemon lasts. This can drain
the connection resources on a Microsoft NT server and cause it to run
out of available connections. With <B
CLASS="COMMAND"
>security = domain</B
>,
however, the Samba daemons connect to the PDC/BDC only for as long
as is necessary to authenticate the user, and then drop the connection,
thus conserving PDC connection resources.</P
><P
>And finally, acting in the same manner as an NT server
authenticating to a PDC means that as part of the authentication
reply, the Samba server gets the user identification information such
as the user SID, the list of NT groups the user belongs to, etc. All
this information will allow Samba to be extended in the future into
a mode the developers currently call appliance mode. In this mode,
no local Unix users will be necessary, and Samba will generate Unix
uids and gids from the information passed back from the PDC when a
user is authenticated, making a Samba server truly plug and play
in an NT domain environment. Watch for this code soon.</P
><P
><I
CLASS="EMPHASIS"
>NOTE:</I
> Much of the text of this document
was first published in the Web magazine <A
HREF="http://www.linuxworld.com"
TARGET="_top"
>
LinuxWorld</A
> as the article <A
HREF="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"
TARGET="_top"
>Doing
the NIS/NT Samba</A
>.</P
></DIV
></DIV
></BODY
></HTML
>

548
docs/htmldocs/Diagnosis.html
View File

@ -1,548 +0,0 @@
<HTML
><HEAD
><TITLE
>Diagnosing your samba server</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="DIAGNOSIS"
>Diagnosing your samba server</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Introduction</A
></H1
><P
>This file contains a list of tests you can perform to validate your
Samba server. It also tells you what the likely cause of the problem
is if it fails any one of these steps. If it passes all these tests
then it is probably working fine.</P
><P
>You should do ALL the tests, in the order shown. I have tried to
carefully choose them so later tests only use capabilities verified in
the earlier tests.</P
><P
>If you send me an email saying "it doesn't work" and you have not
followed this test procedure then you should not be surprised if I
ignore your email.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN8"
>Assumptions</A
></H1
><P
>In all of the tests I assume you have a Samba server called BIGSERVER
and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
PC is running windows for workgroups with a recent copy of the
microsoft tcp/ip stack. Alternatively, your PC may be running Windows
95 or Windows NT (Workstation or Server).</P
><P
>The procedure is similar for other types of clients.</P
><P
>I also assume you know the name of an available share in your
smb.conf. I will assume this share is called "tmp". You can add a
"tmp" share like by adding the following to smb.conf:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>&#13;[tmp]
comment = temporary files
path = /tmp
read only = yes&#13;</PRE
></P
><P
>THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME
COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P
><P
>Please pay attention to the error messages you receive. If any error message
reports that your server is being unfriendly you should first check that you
IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
file points to name servers that really do exist.</P
><P
>Also, if you do not have DNS server access for name resolution please check
that the settings for your smb.conf file results in "dns proxy = no". The
best way to check this is with "testparm smb.conf"</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN18"
>Tests</A
></H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN20"
>Test 1</A
></H2
><P
>In the directory in which you store your smb.conf file, run the command
"testparm smb.conf". If it reports any errors then your smb.conf
configuration file is faulty.</P
><P
>Note: Your smb.conf file may be located in: <TT
CLASS="FILENAME"
>/etc</TT
>
Or in: <TT
CLASS="FILENAME"
>/usr/local/samba/lib</TT
></P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN26"
>Test 2</A
></H2
><P
>Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
the unix box. If you don't get a valid response then your TCP/IP
software is not correctly installed. </P
><P
>Note that you will need to start a "dos prompt" window on the PC to
run ping.</P
><P
>If you get a message saying "host not found" or similar then your DNS
software or /etc/hosts file is not correctly setup. It is possible to
run samba without DNS entries for the server and client, but I assume
you do have correct entries for the remainder of these tests. </P
><P
>Another reason why ping might fail is if your host is running firewall
software. You will need to relax the rules to let in the workstation
in question, perhaps by allowing access from another subnet (on Linux
this is done via the ipfwadm program.)</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN32"
>Test 3</A
></H2
><P
>Run the command "smbclient -L BIGSERVER" on the unix box. You
should get a list of available shares back. </P
><P
>If you get a error message containing the string "Bad password" then
you probably have either an incorrect "hosts allow", "hosts deny" or
"valid users" line in your smb.conf, or your guest account is not
valid. Check what your guest account is using "testparm" and
temporarily remove any "hosts allow", "hosts deny", "valid users" or
"invalid users" lines.</P
><P
>If you get a "connection refused" response then the smbd server may
not be running. If you installed it in inetd.conf then you probably edited
that file incorrectly. If you installed it as a daemon then check that
it is running, and check that the netbios-ssn port is in a LISTEN
state using "netstat -a".</P
><P
>If you get a "session request failed" then the server refused the
connection. If it says "Your server software is being unfriendly" then
its probably because you have invalid command line parameters to smbd,
or a similar fatal problem with the initial startup of smbd. Also
check your config file (smb.conf) for syntax errors with "testparm"
and that the various directories where samba keeps its log and lock
files exist.</P
><P
>There are a number of reasons for which smbd may refuse or decline
a session request. The most common of these involve one or more of
the following smb.conf file entries:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> hosts deny = ALL
hosts allow = xxx.xxx.xxx.xxx/yy
bind interfaces only = Yes</PRE
></P
><P
>In the above, no allowance has been made for any session requests that
will automatically translate to the loopback adaptor address 127.0.0.1.
To solve this problem change these lines to:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> hosts deny = ALL
hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE
></P
><P
>Do NOT use the "bind interfaces only" parameter where you may wish to
use the samba password change facility, or where smbclient may need to
access local service for name resolution or for local resource
connections. (Note: the "bind interfaces only" parameter deficiency
where it will not allow connections to the loopback address will be
fixed soon).</P
><P
>Another common cause of these two errors is having something already running
on port 139, such as Samba (ie: smbd is running from inetd already) or
something like Digital's Pathworks. Check your inetd.conf file before trying
to start smbd as a daemon, it can avoid a lot of frustration!</P
><P
>And yet another possible cause for failure of TEST 3 is when the subnet mask
and / or broadcast address settings are incorrect. Please check that the
network interface IP Address / Broadcast Address / Subnet Mask settings are
correct and that Samba has correctly noted these in the log.nmb file.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN47"
>Test 4</A
></H2
><P
>Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
IP address of your Samba server back.</P
><P
>If you don't then nmbd is incorrectly installed. Check your inetd.conf
if you run it from there, or that the daemon is running and listening
to udp port 137.</P
><P
>One common problem is that many inetd implementations can't take many
parameters on the command line. If this is the case then create a
one-line script that contains the right parameters and run that from
inetd.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN52"
>Test 5</A
></H2
><P
>run the command <B
CLASS="COMMAND"
>nmblookup -B ACLIENT '*'</B
></P
><P
>You should get the PCs IP address back. If you don't then the client
software on the PC isn't installed correctly, or isn't started, or you
got the name of the PC wrong. </P
><P
>If ACLIENT doesn't resolve via DNS then use the IP address of the
client in the above test.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN58"
>Test 6</A
></H2
><P
>Run the command <B
CLASS="COMMAND"
>nmblookup -d 2 '*'</B
></P
><P
>This time we are trying the same as the previous test but are trying
it via a broadcast to the default broadcast address. A number of
Netbios/TCPIP hosts on the network should respond, although Samba may
not catch all of the responses in the short time it listens. You
should see "got a positive name query response" messages from several
hosts.</P
><P
>If this doesn't give a similar result to the previous test then
nmblookup isn't correctly getting your broadcast address through its
automatic mechanism. In this case you should experiment use the
"interfaces" option in smb.conf to manually configure your IP
address, broadcast and netmask. </P
><P
>If your PC and server aren't on the same subnet then you will need to
use the -B option to set the broadcast address to the that of the PCs
subnet.</P
><P
>This test will probably fail if your subnet mask and broadcast address are
not correct. (Refer to TEST 3 notes above).</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN66"
>Test 7</A
></H2
><P
>Run the command <B
CLASS="COMMAND"
>smbclient //BIGSERVER/TMP</B
>. You should
then be prompted for a password. You should use the password of the account
you are logged into the unix box with. If you want to test with
another account then add the -U &gt;accountname&lt; option to the end of
the command line. eg:
<B
CLASS="COMMAND"
>smbclient //bigserver/tmp -Ujohndoe</B
></P
><P
>Note: It is possible to specify the password along with the username
as follows:
<B
CLASS="COMMAND"
>smbclient //bigserver/tmp -Ujohndoe%secret</B
></P
><P
>Once you enter the password you should get the "smb&#62;" prompt. If you
don't then look at the error message. If it says "invalid network
name" then the service "tmp" is not correctly setup in your smb.conf.</P
><P
>If it says "bad password" then the likely causes are:</P
><P
></P
><OL
TYPE="1"
><LI
><P
> you have shadow passords (or some other password system) but didn't
compile in support for them in smbd
</P
></LI
><LI
><P
> your "valid users" configuration is incorrect
</P
></LI
><LI
><P
> you have a mixed case password and you haven't enabled the "password
level" option at a high enough level
</P
></LI
><LI
><P
> the "path =" line in smb.conf is incorrect. Check it with testparm
</P
></LI
><LI
><P
> you enabled password encryption but didn't create the SMB encrypted
password file
</P
></LI
></OL
><P
>Once connected you should be able to use the commands
<B
CLASS="COMMAND"
>dir</B
> <B
CLASS="COMMAND"
>get</B
> <B
CLASS="COMMAND"
>put</B
> etc.
Type <B
CLASS="COMMAND"
>help &gt;command&lt;</B
> for instructions. You should
especially check that the amount of free disk space shown is correct
when you type <B
CLASS="COMMAND"
>dir</B
>.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN92"
>Test 8</A
></H2
><P
>On the PC type the command <B
CLASS="COMMAND"
>net view \\BIGSERVER</B
>. You will
need to do this from within a "dos prompt" window. You should get back a
list of available shares on the server.</P
><P
>If you get a "network name not found" or similar error then netbios
name resolution is not working. This is usually caused by a problem in
nmbd. To overcome it you could do one of the following (you only need
to choose one of them):</P
><P
></P
><OL
TYPE="1"
><LI
><P
> fixup the nmbd installation</P
></LI
><LI
><P
> add the IP address of BIGSERVER to the "wins server" box in the
advanced tcp/ip setup on the PC.</P
></LI
><LI
><P
> enable windows name resolution via DNS in the advanced section of
the tcp/ip setup</P
></LI
><LI
><P
> add BIGSERVER to your lmhosts file on the PC.</P
></LI
></OL
><P
>If you get a "invalid network name" or "bad password error" then the
same fixes apply as they did for the "smbclient -L" test above. In
particular, make sure your "hosts allow" line is correct (see the man
pages)</P
><P
>Also, do not overlook that fact that when the workstation requests the
connection to the samba server it will attempt to connect using the
name with which you logged onto your Windows machine. You need to make
sure that an account exists on your Samba server with that exact same
name and password.</P
><P
>If you get "specified computer is not receiving requests" or similar
it probably means that the host is not contactable via tcp services.
Check to see if the host is running tcp wrappers, and if so add an entry in
the hosts.allow file for your client (or subnet, etc.)</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN109"
>Test 9</A
></H2
><P
>Run the command <B
CLASS="COMMAND"
>net use x: \\BIGSERVER\TMP</B
>. You should
be prompted for a password then you should get a "command completed
successfully" message. If not then your PC software is incorrectly
installed or your smb.conf is incorrect. make sure your "hosts allow"
and other config lines in smb.conf are correct.</P
><P
>It's also possible that the server can't work out what user name to
connect you as. To see if this is the problem add the line "user =
USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
username corresponding to the password you typed. If you find this
fixes things you may need the username mapping option.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN114"
>Test 10</A
></H2
><P
>Run the command <B
CLASS="COMMAND"
>nmblookup -M TESTGROUP</B
> where
TESTGROUP is the name of the workgroup that your Samba server and
Windows PCs belong to. You should get back the IP address of the
master browser for that workgroup.</P
><P
>If you don't then the election process has failed. Wait a minute to
see if it is just being slow then try again. If it still fails after
that then look at the browsing options you have set in smb.conf. Make
sure you have <B
CLASS="COMMAND"
>preferred master = yes</B
> to ensure that
an election is held at startup.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN120"
>Test 11</A
></H2
><P
>From file manager try to browse the server. Your samba server should
appear in the browse list of your local workgroup (or the one you
specified in smb.conf). You should be able to double click on the name
of the server and get a list of shares. If you get a "invalid
password" error when you do then you are probably running WinNT and it
is refusing to browse a server that has no encrypted password
capability and is in user level security mode. In this case either set
<B
CLASS="COMMAND"
>security = server</B
> AND
<B
CLASS="COMMAND"
>password server = Windows_NT_Machine</B
> in your
smb.conf file, or enable encrypted passwords AFTER compiling in support
for encrypted passwords (refer to the Makefile).</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN125"
>Still having troubles?</A
></H1
><P
>Try the mailing list or newsgroup, or use the ethereal utility to
sniff the problem. The official samba mailing list can be reached at
<A
HREF="mailto:samba@samba.org"
TARGET="_top"
>samba@samba.org</A
>. To find
out more about samba and how to subscribe to the mailing list check
out the samba web page at
<A
HREF="http://samba.org/samba"
TARGET="_top"
>http://samba.org/samba</A
></P
><P
>Also look at the other docs in the Samba package!</P
></DIV
></DIV
></BODY
></HTML
>

1072
docs/htmldocs/Integrating-with-Windows.html
View File

File diff suppressed because it is too large Load Diff

210
docs/htmldocs/OS2-Client-HOWTO.html
View File

@ -1,210 +0,0 @@
<HTML
><HEAD
><TITLE
>OS2 Client HOWTO</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="OS2"
>OS2 Client HOWTO</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>FAQs</A
></H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN5"
>How can I configure OS/2 Warp Connect or
OS/2 Warp 4 as a client for Samba?</A
></H2
><P
>A more complete answer to this question can be
found on <A
HREF="http://carol.wins.uva.nl/~leeuw/samba/warp.html"
TARGET="_top"
> http://carol.wins.uva.nl/~leeuw/samba/warp.html</A
>.</P
><P
>Basically, you need three components:</P
><P
></P
><UL
><LI
><P
>The File and Print Client ('IBM Peer')
</P
></LI
><LI
><P
>TCP/IP ('Internet support')
</P
></LI
><LI
><P
>The "NetBIOS over TCP/IP" driver ('TCPBEUI')
</P
></LI
></UL
><P
>Installing the first two together with the base operating
system on a blank system is explained in the Warp manual. If Warp
has already been installed, but you now want to install the
networking support, use the "Selective Install for Networking"
object in the "System Setup" folder.</P
><P
>Adding the "NetBIOS over TCP/IP" driver is not described
in the manual and just barely in the online documentation. Start
MPTS.EXE, click on OK, click on "Configure LAPS" and click
on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line
is then moved to 'Current Configuration'. Select that line,
click on "Change number" and increase it from 0 to 1. Save this
configuration.</P
><P
>If the Samba server(s) is not on your local subnet, you
can optionally add IP names and addresses of these servers
to the "Names List", or specify a WINS server ('NetBIOS
Nameserver' in IBM and RFC terminology). For Warp Connect you
may need to download an update for 'IBM Peer' to bring it on
the same level as Warp 4. See the webpage mentioned above.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN20"
>How can I configure OS/2 Warp 3 (not Connect),
OS/2 1.2, 1.3 or 2.x for Samba?</A
></H2
><P
>You can use the free Microsoft LAN Manager 2.2c Client
for OS/2 from
<A
HREF="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/"
TARGET="_top"
> ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</A
>.
See <A
HREF="http://carol.wins.uva.nl/~leeuw/lanman.html"
TARGET="_top"
> http://carol.wins.uva.nl/~leeuw/lanman.html</A
> for
more information on how to install and use this client. In
a nutshell, edit the file \OS2VER in the root directory of
the OS/2 boot partition and add the lines:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> 20=setup.exe
20=netwksta.sys
20=netvdd.sys
</PRE
></P
><P
>before you install the client. Also, don't use the
included NE2000 driver because it is buggy. Try the NE2000
or NS2000 driver from
<A
HREF="ftp://ftp.cdrom.com/pub/os2/network/ndis/"
TARGET="_top"
> ftp://ftp.cdrom.com/pub/os2/network/ndis/</A
> instead.
</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN29"
>Are there any other issues when OS/2 (any version)
is used as a client?</A
></H2
><P
>When you do a NET VIEW or use the "File and Print
Client Resource Browser", no Samba servers show up. This can
be fixed by a patch from <A
HREF="http://carol.wins.uva.nl/~leeuw/samba/fix.html"
TARGET="_top"
> http://carol.wins.uva.nl/~leeuw/samba/fix.html</A
>.
The patch will be included in a later version of Samba. It also
fixes a couple of other problems, such as preserving long
filenames when objects are dragged from the Workplace Shell
to the Samba server. </P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN33"
>How do I get printer driver download working
for OS/2 clients?</A
></H2
><P
>First, create a share called [PRINTDRV] that is
world-readable. Copy your OS/2 driver files there. Note
that the .EA_ files must still be separate, so you will need
to use the original install files, and not copy an installed
driver from an OS/2 system.</P
><P
>Install the NT driver first for that printer. Then,
add to your smb.conf a parameter, "os2 driver map =
<TT
CLASS="REPLACEABLE"
><I
>filename</I
></TT
>". Then, in the file
specified by <TT
CLASS="REPLACEABLE"
><I
>filename</I
></TT
>, map the
name of the NT driver name to the OS/2 driver name as
follows:</P
><P
>&lt;nt driver name&gt; = &lt;os2 driver
name&gt;.&lt;device name&gt;, e.g.:
HP LaserJet 5L = LASERJET.HP LaserJet 5L</P
><P
>You can have multiple drivers mapped in this file.</P
><P
>If you only specify the OS/2 driver name, and not the
device name, the first attempt to download the driver will
actually download the files, but the OS/2 client will tell
you the driver is not available. On the second attempt, it
will work. This is fixed simply by adding the device name
to the mapping, after which it will work on the first attempt.
</P
></DIV
></DIV
></DIV
></BODY
></HTML
>

318
docs/htmldocs/PAM-Authentication-And-Samba.html
View File

@ -1,318 +0,0 @@
<HTML
><HEAD
><TITLE
>Configuring PAM for distributed but centrally
managed authentication</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="PAM"
>Configuring PAM for distributed but centrally
managed authentication</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Samba and PAM</A
></H1
><P
>A number of Unix systems (eg: Sun Solaris), as well as the
xxxxBSD family and Linux, now utilize the Pluggable Authentication
Modules (PAM) facility to provide all authentication,
authorization and resource control services. Prior to the
introduction of PAM, a decision to use an alternative to
the system password database (<TT
CLASS="FILENAME"
>/etc/passwd</TT
>)
would require the provision of alternatives for all programs that provide
security services. Such a choice would involve provision of
alternatives to such programs as: <B
CLASS="COMMAND"
>login</B
>,
<B
CLASS="COMMAND"
>passwd</B
>, <B
CLASS="COMMAND"
>chown</B
>, etc.</P
><P
>PAM provides a mechanism that disconnects these security programs
from the underlying authentication/authorization infrastructure.
PAM is configured either through one file <TT
CLASS="FILENAME"
>/etc/pam.conf</TT
> (Solaris),
or by editing individual files that are located in <TT
CLASS="FILENAME"
>/etc/pam.d</TT
>.</P
><P
>The following is an example <TT
CLASS="FILENAME"
>/etc/pam.d/login</TT
> configuration file.
This example had all options been uncommented is probably not usable
as it stacks many conditions before allowing successful completion
of the login process. Essentially all conditions can be disabled
by commenting them out except the calls to <TT
CLASS="FILENAME"
>pam_pwdb.so</TT
>.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
# The PAM configuration file for the `login' service
#
auth required pam_securetty.so
auth required pam_nologin.so
# auth required pam_dialup.so
# auth optional pam_mail.so
auth required pam_pwdb.so shadow md5
# account requisite pam_time.so
account required pam_pwdb.so
session required pam_pwdb.so
# session optional pam_lastlog.so
# password required pam_cracklib.so retry=3
password required pam_pwdb.so shadow md5</PRE
></P
><P
>PAM allows use of replacable modules. Those available on a
sample system include:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>$ /bin/ls /lib/security
pam_access.so pam_ftp.so pam_limits.so
pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so
pam_cracklib.so pam_group.so pam_listfile.so
pam_nologin.so pam_rootok.so pam_tally.so
pam_deny.so pam_issue.so pam_mail.so
pam_permit.so pam_securetty.so pam_time.so
pam_dialup.so pam_lastlog.so pam_mkhomedir.so
pam_pwdb.so pam_shells.so pam_unix.so
pam_env.so pam_ldap.so pam_motd.so
pam_radius.so pam_smbpass.so pam_unix_acct.so
pam_wheel.so pam_unix_auth.so pam_unix_passwd.so
pam_userdb.so pam_warn.so pam_unix_session.so</PRE
></P
><P
>The following example for the login program replaces the use of
the <TT
CLASS="FILENAME"
>pam_pwdb.so</TT
> module which uses the system
password database (<TT
CLASS="FILENAME"
>/etc/passwd</TT
>,
<TT
CLASS="FILENAME"
>/etc/shadow</TT
>, <TT
CLASS="FILENAME"
>/etc/group</TT
>) with
the module <TT
CLASS="FILENAME"
>pam_smbpass.so</TT
> which uses the Samba
database which contains the Microsoft MD4 encrypted password
hashes. This database is stored in either
<TT
CLASS="FILENAME"
>/usr/local/samba/private/smbpasswd</TT
>,
<TT
CLASS="FILENAME"
>/etc/samba/smbpasswd</TT
>, or in
<TT
CLASS="FILENAME"
>/etc/samba.d/smbpasswd</TT
>, depending on the
Samba implementation for your Unix/Linux system. The
<TT
CLASS="FILENAME"
>pam_smbpass.so</TT
> module is provided by
Samba version 2.2.1 or later. It can be compiled by specifying the
<B
CLASS="COMMAND"
>--with-pam_smbpass</B
> options when running Samba's
<TT
CLASS="FILENAME"
>configure</TT
> script. For more information
on the <TT
CLASS="FILENAME"
>pam_smbpass</TT
> module, see the documentation
in the <TT
CLASS="FILENAME"
>source/pam_smbpass</TT
> directory of the Samba
source distribution.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
# The PAM configuration file for the `login' service
#
auth required pam_smbpass.so nodelay
account required pam_smbpass.so nodelay
session required pam_smbpass.so nodelay
password required pam_smbpass.so nodelay</PRE
></P
><P
>The following is the PAM configuration file for a particular
Linux system. The default condition uses <TT
CLASS="FILENAME"
>pam_pwdb.so</TT
>.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_pwdb.so shadow md5</PRE
></P
><P
>In the following example the decision has been made to use the
smbpasswd database even for basic samba authentication. Such a
decision could also be made for the passwd program and would
thus allow the smbpasswd passwords to be changed using the passwd
program.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_smbpass.so nodelay
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE
></P
><P
>Note: PAM allows stacking of authentication mechanisms. It is
also possible to pass information obtained within on PAM module through
to the next module in the PAM stack. Please refer to the documentation for
your particular system implementation for details regarding the specific
capabilities of PAM in this environment. Some Linux implmentations also
provide the <TT
CLASS="FILENAME"
>pam_stack.so</TT
> module that allows all
authentication to be configured in a single central file. The
<TT
CLASS="FILENAME"
>pam_stack.so</TT
> method has some very devoted followers
on the basis that it allows for easier administration. As with all issues in
life though, every decision makes trade-offs, so you may want examine the
PAM documentation for further helpful information.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN47"
>Distributed Authentication</A
></H1
><P
>The astute administrator will realize from this that the
combination of <TT
CLASS="FILENAME"
>pam_smbpass.so</TT
>,
<B
CLASS="COMMAND"
>winbindd</B
>, and <B
CLASS="COMMAND"
>rsync</B
> (see
<A
HREF="http://rsync.samba.org/"
TARGET="_top"
>http://rsync.samba.org/</A
>)
will allow the establishment of a centrally managed, distributed
user/password database that can also be used by all
PAM (eg: Linux) aware programs and applications. This arrangement
can have particularly potent advantages compared with the
use of Microsoft Active Directory Service (ADS) in so far as
reduction of wide area network authentication traffic.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN54"
>PAM Configuration in smb.conf</A
></H1
><P
>There is an option in smb.conf called <A
HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
TARGET="_top"
>obey pam restrictions</A
>.
The following is from the on-line help for this option in SWAT;</P
><P
>When Samba 2.2 is configure to enable PAM support (i.e.
<TT
CLASS="CONSTANT"
>--with-pam</TT
>), this parameter will
control whether or not Samba should obey PAM's account
and session management directives. The default behavior
is to use PAM for clear text authentication only and to
ignore any account or session management. Note that Samba always
ignores PAM for authentication in the case of
<A
HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
TARGET="_top"
>encrypt passwords = yes</A
>.
The reason is that PAM modules cannot support the challenge/response
authentication mechanism needed in the presence of SMB
password encryption. </P
><P
>Default: <B
CLASS="COMMAND"
>obey pam restrictions = no</B
></P
></DIV
></DIV
></BODY
></HTML
>

408
docs/htmldocs/Printing.html
View File

@ -1,408 +0,0 @@
<HTML
><HEAD
><TITLE
>Debugging Printing Problems</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="PRINTING_DEBUG"
>Debugging Printing Problems</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Introduction</A
></H1
><P
>This is a short description of how to debug printing problems with
Samba. This describes how to debug problems with printing from a SMB
client to a Samba server, not the other way around. For the reverse
see the examples/printing directory.</P
><P
>Ok, so you want to print to a Samba server from your PC. The first
thing you need to understand is that Samba does not actually do any
printing itself, it just acts as a middleman between your PC client
and your Unix printing subsystem. Samba receives the file from the PC
then passes the file to a external "print command". What print command
you use is up to you.</P
><P
>The whole things is controlled using options in smb.conf. The most
relevant options (which you should look up in the smb.conf man page)
are:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> [global]
print command - send a file to a spooler
lpq command - get spool queue status
lprm command - remove a job
[printers]
path = /var/spool/lpd/samba</PRE
></P
><P
>The following are nice to know about:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> queuepause command - stop a printer or print queue
queueresume command - start a printer or print queue</PRE
></P
><P
>Example:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> print command = /usr/bin/lpr -r -P%p %s
lpq command = /usr/bin/lpq -P%p %s
lprm command = /usr/bin/lprm -P%p %j
queuepause command = /usr/sbin/lpc -P%p stop
queuepause command = /usr/sbin/lpc -P%p start</PRE
></P
><P
>Samba should set reasonable defaults for these depending on your
system type, but it isn't clairvoyant. It is not uncommon that you
have to tweak these for local conditions. The commands should
always have fully specified pathnames, as the smdb may not have
the correct PATH values.</P
><P
>When you send a job to Samba to be printed, it will make a temporary
copy of it in the directory specified in the [printers] section.
and it should be periodically cleaned out. The lpr -r option
requests that the temporary copy be removed after printing; If
printing fails then you might find leftover files in this directory,
and it should be periodically cleaned out. Samba used the lpq
command to determine the "job number" assigned to your print job
by the spooler.</P
><P
>The %&gt;letter&lt; are "macros" that get dynamically replaced with appropriate
values when they are used. The %s gets replaced with the name of the spool
file that Samba creates and the %p gets replaced with the name of the
printer. The %j gets replaced with the "job number" which comes from
the lpq output.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN19"
>Debugging printer problems</A
></H1
><P
>One way to debug printing problems is to start by replacing these
command with shell scripts that record the arguments and the contents
of the print file. A simple example of this kind of things might
be:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> print command = /tmp/saveprint %p %s
#!/bin/saveprint
# we make sure that we are the right user
/usr/bin/id -p &#62;/tmp/tmp.print
# we run the command and save the error messages
# replace the command with the one appropriate for your system
/usr/bin/lpr -r -P$1 $2 2&#62;&#62;&#38;/tmp/tmp.print</PRE
></P
><P
>Then you print a file and try removing it. You may find that the
print queue needs to be stopped in order to see the queue status
and remove the job:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>&#13;h4: {42} % echo hi &#62;/tmp/hi
h4: {43} % smbclient //localhost/lw4
added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0
Password:
Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7]
smb: \&#62; print /tmp/hi
putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s)
smb: \&#62; queue
1049 3 hi-17534
smb: \&#62; cancel 1049
Error cancelling job 1049 : code 0
smb: \&#62; cancel 1049
Job 1049 cancelled
smb: \&#62; queue
smb: \&#62; exit</PRE
></P
><P
>The 'code 0' indicates that the job was removed. The comment
by the smbclient is a bit misleading on this.
You can observe the command output and then and look at the
/tmp/tmp.print file to see what the results are. You can quickly
find out if the problem is with your printing system. Often people
have problems with their /etc/printcap file or permissions on
various print queues.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN28"
>What printers do I have?</A
></H1
><P
>You can use the 'testprns' program to check to see if the printer
name you are using is recognized by Samba. For example, you can
use:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> testprns printer /etc/printcap</PRE
></P
><P
>Samba can get its printcap information from a file or from a program.
You can try the following to see the format of the extracted
information:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> testprns -a printer /etc/printcap
testprns -a printer '|/bin/cat printcap'</PRE
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN36"
>Setting up printcap and print servers</A
></H1
><P
>You may need to set up some printcaps for your Samba system to use.
It is strongly recommended that you use the facilities provided by
the print spooler to set up queues and printcap information.</P
><P
>Samba requires either a printcap or program to deliver printcap
information. This printcap information has the format:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> name|alias1|alias2...:option=value:...</PRE
></P
><P
>For almost all printing systems, the printer 'name' must be composed
only of alphanumeric or underscore '_' characters. Some systems also
allow hyphens ('-') as well. An alias is an alternative name for the
printer, and an alias with a space in it is used as a 'comment'
about the printer. The printcap format optionally uses a \ at the end of lines
to extend the printcap to multiple lines.</P
><P
>Here are some examples of printcap files:</P
><P
><P
></P
><OL
TYPE="1"
><LI
><P
>pr just printer name</P
></LI
><LI
><P
>pr|alias printer name and alias</P
></LI
><LI
><P
>pr|My Printer printer name, alias used as comment</P
></LI
><LI
><P
>pr:sh:\ Same as pr:sh:cm= testing
:cm= \
testing</P
></LI
><LI
><P
>pr:sh Same as pr:sh:cm= testing
:cm= testing</P
></LI
></OL
></P
><P
>Samba reads the printcap information when first started. If you make
changes in the printcap information, then you must do the following:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>make sure that the print spooler is aware of these changes.
The LPRng system uses the 'lpc reread' command to do this.</P
></LI
><LI
><P
>make sure that the spool queues, etc., exist and have the
correct permissions. The LPRng system uses the 'checkpc -f'
command to do this.</P
></LI
><LI
><P
>You now should send a SIGHUP signal to the smbd server to have
it reread the printcap information.</P
></LI
></OL
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN64"
>Job sent, no output</A
></H1
><P
>This is the most frustrating part of printing. You may have sent the
job, verified that the job was forwarded, set up a wrapper around
the command to send the file, but there was no output from the printer.</P
><P
>First, check to make sure that the job REALLY is getting to the
right print queue. If you are using a BSD or LPRng print spooler,
you can temporarily stop the printing of jobs. Jobs can still be
submitted, but they will not be printed. Use:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> lpc -Pprinter stop</PRE
></P
><P
>Now submit a print job and then use 'lpq -Pprinter' to see if the
job is in the print queue. If it is not in the print queue then
you will have to find out why it is not being accepted for printing.</P
><P
>Next, you may want to check to see what the format of the job really
was. With the assistance of the system administrator you can view
the submitted jobs files. You may be surprised to find that these
are not in what you would expect to call a printable format.
You can use the UNIX 'file' utitily to determine what the job
format actually is:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> cd /var/spool/lpd/printer # spool directory of print jobs
ls # find job files
file dfA001myhost</PRE
></P
><P
>You should make sure that your printer supports this format OR that
your system administrator has installed a 'print filter' that will
convert the file to a format appropriate for your printer.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN75"
>Job sent, strange output</A
></H1
><P
>Once you have the job printing, you can then start worrying about
making it print nicely.</P
><P
>The most common problem is extra pages of output: banner pages
OR blank pages at the end.</P
><P
>If you are getting banner pages, check and make sure that the
printcap option or printer option is configured for no banners.
If you have a printcap, this is the :sh (suppress header or banner
page) option. You should have the following in your printer.</P
><P
><PRE
CLASS="PROGRAMLISTING"
> printer: ... :sh</PRE
></P
><P
>If you have this option and are still getting banner pages, there
is a strong chance that your printer is generating them for you
automatically. You should make sure that banner printing is disabled
for the printer. This usually requires using the printer setup software
or procedures supplied by the printer manufacturer.</P
><P
>If you get an extra page of output, this could be due to problems
with your job format, or if you are generating PostScript jobs,
incorrect setting on your printer driver on the MicroSoft client.
For example, under Win95 there is a option:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|</PRE
></P
><P
>that allows you to choose if a Ctrl-D is appended to all jobs.
This is a very bad thing to do, as most spooling systems will
automatically add a ^D to the end of the job if it is detected as
PostScript. The multiple ^D may cause an additional page of output.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN87"
>Raw PostScript printed</A
></H1
><P
>This is a problem that is usually caused by either the print spooling
system putting information at the start of the print job that makes
the printer think the job is a text file, or your printer simply
does not support PostScript. You may need to enable 'Automatic
Format Detection' on your printer.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN90"
>Advanced Printing</A
></H1
><P
>Note that you can do some pretty magic things by using your
imagination with the "print command" option and some shell scripts.
Doing print accounting is easy by passing the %U option to a print
command shell script. You could even make the print command detect
the type of output and its size and send it to an appropriate
printer.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN93"
>Real debugging</A
></H1
><P
>If the above debug tips don't help, then maybe you need to bring in
the bug guns, system tracing. See Tracing.txt in this directory.</P
></DIV
></DIV
></BODY
></HTML
>

245
docs/htmldocs/Samba-BDC-HOWTO.html
View File

@ -1,245 +0,0 @@
<HTML
><HEAD
><TITLE
>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="SAMBA-BDC"
>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Prerequisite Reading</A
></H1
><P
>Before you continue reading in this chapter, please make sure
that you are comfortable with configuring a Samba PDC
as described in the <A
HREF="Samba-PDC-HOWTO.html"
TARGET="_top"
>Samba-PDC-HOWTO</A
>.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN7"
>Background</A
></H1
><P
>What is a Domain Controller? It is a machine that is able to answer
logon requests from workstations in a Windows NT Domain. Whenever a
user logs into a Windows NT Workstation, the workstation connects to a
Domain Controller and asks him whether the username and password the
user typed in is correct. The Domain Controller replies with a lot of
information about the user, for example the place where the users
profile is stored, the users full name of the user. All this
information is stored in the NT user database, the so-called SAM.</P
><P
>There are two kinds of Domain Controller in a NT 4 compatible Domain:
A Primary Domain Controller (PDC) and one or more Backup Domain
Controllers (BDC). The PDC contains the master copy of the
SAM. Whenever the SAM has to change, for example when a user changes
his password, this change has to be done on the PDC. A Backup Domain
Controller is a machine that maintains a read-only copy of the
SAM. This way it is able to reply to logon requests and authenticate
users in case the PDC is not available. During this time no changes to
the SAM are possible. Whenever changes to the SAM are done on the PDC,
all BDC receive the changes from the PDC.</P
><P
>Since version 2.2 Samba officially supports domain logons for all
current Windows Clients, including Windows 2000 and XP. This text
assumes the domain to be named SAMBA. To be able to act as a PDC, some
parameters in the [global]-section of the smb.conf have to be set:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>workgroup = SAMBA
domain master = yes
domain logons = yes</PRE
></P
><P
>Several other things like a [homes] and a [netlogon] share also may be
set along with settings for the profile path, the users home drive and
others. This will not be covered in this document.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN15"
>What qualifies a Domain Controller on the network?</A
></H1
><P
>Every machine that is a Domain Controller for the domain SAMBA has to
register the NetBIOS group name SAMBA#1c with the WINS server and/or
by broadcast on the local network. The PDC also registers the unique
NetBIOS name SAMBA#1b with the WINS server. The name type #1b is
normally reserved for the domain master browser, a role that has
nothing to do with anything related to authentication, but the
Microsoft Domain implementation requires the domain master browser to
be on the same machine as the PDC.</P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN18"
>How does a Workstation find its domain controller?</A
></H2
><P
>A NT workstation in the domain SAMBA that wants a local user to be
authenticated has to find the domain controller for SAMBA. It does
this by doing a NetBIOS name query for the group name SAMBA#1c. It
assumes that each of the machines it gets back from the queries is a
domain controller and can answer logon requests. To not open security
holes both the workstation and the selected (TODO: How is the DC
chosen) domain controller authenticate each other. After that the
workstation sends the user's credentials (his name and password) to
the domain controller, asking for approval.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN21"
>When is the PDC needed?</A
></H2
><P
>Whenever a user wants to change his password, this has to be done on
the PDC. To find the PDC, the workstation does a NetBIOS name query
for SAMBA#1b, assuming this machine maintains the master copy of the
SAM. The workstation contacts the PDC, both mutually authenticate and
the password change is done.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN24"
>Can Samba be a Backup Domain Controller?</A
></H1
><P
>With version 2.2, no. The native NT SAM replication protocols have
not yet been fully implemented. The Samba Team is working on
understanding and implementing the protocols, but this work has not
been finished for version 2.2.</P
><P
>Can I get the benefits of a BDC with Samba? Yes. The main reason for
implementing a BDC is availability. If the PDC is a Samba machine,
a second Samba machine can be set up to
service logon requests whenever the PDC is down.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN28"
>How do I set up a Samba BDC?</A
></H1
><P
>Several things have to be done:</P
><P
></P
><UL
><LI
><P
>The file private/MACHINE.SID identifies the domain. When a samba
server is first started, it is created on the fly and must never be
changed again. This file has to be the same on the PDC and the BDC,
so the MACHINE.SID has to be copied from the PDC to the BDC.</P
></LI
><LI
><P
>The Unix user database has to be synchronized from the PDC to the
BDC. This means that both the /etc/passwd and /etc/group have to be
replicated from the PDC to the BDC. This can be done manually
whenever changes are made, or the PDC is set up as a NIS master
server and the BDC as a NIS slave server. To set up the BDC as a
mere NIS client would not be enough, as the BDC would not be able to
access its user database in case of a PDC failure.</P
></LI
><LI
><P
>The Samba password database in the file private/smbpasswd has to be
replicated from the PDC to the BDC. This is a bit tricky, see the
next section.</P
></LI
><LI
><P
>Any netlogon share has to be replicated from the PDC to the
BDC. This can be done manually whenever login scripts are changed,
or it can be done automatically together with the smbpasswd
synchronization.</P
></LI
></UL
><P
>Finally, the BDC has to be found by the workstations. This can be done
by setting</P
><P
><PRE
CLASS="PROGRAMLISTING"
>workgroup = samba
domain master = no
domain logons = yes</PRE
></P
><P
>in the [global]-section of the smb.conf of the BDC. This makes the BDC
only register the name SAMBA#1c with the WINS server. This is no
problem as the name SAMBA#1c is a NetBIOS group name that is meant to
be registered by more than one machine. The parameter 'domain master =
no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
name is reserved for the Primary Domain Controller.</P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN44"
>How do I replicate the smbpasswd file?</A
></H2
><P
>Replication of the smbpasswd file is sensitive. It has to be done
whenever changes to the SAM are made. Every user's password change is
done in the smbpasswd file and has to be replicated to the BDC. So
replicating the smbpasswd file very often is necessary.</P
><P
>As the smbpasswd file contains plain text password equivalents, it
must not be sent unencrypted over the wire. The best way to set up
smbpasswd replication from the PDC to the BDC is to use the utility
rsync. rsync can use ssh as a transport. ssh itself can be set up to
accept *only* rsync transfer without requiring the user to type a
password.</P
></DIV
></DIV
></DIV
></BODY
></HTML
>

3205
docs/htmldocs/Samba-HOWTO-Collection.html
View File

File diff suppressed because it is too large Load Diff

891
docs/htmldocs/Samba-LDAP-HOWTO.html
View File

@ -1,891 +0,0 @@
<HTML
><HEAD
><TITLE
>Storing Samba's User/Machine Account information in an LDAP Directory</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="SAMBA-LDAP-HOWTO"
>Storing Samba's User/Machine Account information in an LDAP Directory</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Purpose</A
></H1
><P
>This document describes how to use an LDAP directory for storing Samba user
account information traditionally stored in the smbpasswd(5) file. It is
assumed that the reader already has a basic understanding of LDAP concepts
and has a working directory server already installed. For more information
on LDAP architectures and Directories, please refer to the following sites.</P
><P
></P
><UL
><LI
><P
>OpenLDAP - <A
HREF="http://www.openldap.org/"
TARGET="_top"
>http://www.openldap.org/</A
></P
></LI
><LI
><P
>iPlanet Directory Server - <A
HREF="http://iplanet.netscape.com/directory"
TARGET="_top"
>http://iplanet.netscape.com/directory</A
></P
></LI
></UL
><P
>Note that <A
HREF="http://www.ora.com/"
TARGET="_top"
>O'Reilly Publishing</A
> is working on
a guide to LDAP for System Administrators which has a planned release date of
early summer, 2002.</P
><P
>Two additional Samba resources which may prove to be helpful are</P
><P
></P
><UL
><LI
><P
>The <A
HREF="http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html"
TARGET="_top"
>Samba-PDC-LDAP-HOWTO</A
>
maintained by Ignacio Coupeau.</P
></LI
><LI
><P
>The NT migration scripts from <A
HREF="http://samba.idealx.org/"
TARGET="_top"
>IDEALX</A
> that are
geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
</P
></LI
></UL
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN23"
>Introduction</A
></H1
><P
>Traditionally, when configuring <A
HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
TARGET="_top"
>"encrypt
passwords = yes"</A
> in Samba's <TT
CLASS="FILENAME"
>smb.conf</TT
> file, user account
information such as username, LM/NT password hashes, password change times, and account
flags have been stored in the <TT
CLASS="FILENAME"
>smbpasswd(5)</TT
> file. There are several
disadvantages to this approach for sites with very large numbers of users (counted
in the thousands).</P
><P
></P
><UL
><LI
><P
>The first is that all lookups must be performed sequentially. Given that
there are approximately two lookups per domain logon (one for a normal
session connection such as when mapping a network drive or printer), this
is a performance bottleneck for lareg sites. What is needed is an indexed approach
such as is used in databases.</P
></LI
><LI
><P
>The second problem is that administrators who desired to replicate a
smbpasswd file to more than one Samba server were left to use external
tools such as <B
CLASS="COMMAND"
>rsync(1)</B
> and <B
CLASS="COMMAND"
>ssh(1)</B
>
and wrote custom, in-house scripts.</P
></LI
><LI
><P
>And finally, the amount of information which is stored in an
smbpasswd entry leaves no room for additional attributes such as
a home directory, password expiration time, or even a Relative
Identified (RID).</P
></LI
></UL
><P
>As a result of these defeciencies, a more robust means of storing user attributes
used by smbd was developed. The API which defines access to user accounts
is commonly referred to as the samdb interface (previously this was called the passdb
API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
for a samdb backend (e.g. <TT
CLASS="PARAMETER"
><I
>--with-ldapsam</I
></TT
> or
<TT
CLASS="PARAMETER"
><I
>--with-tdbsam</I
></TT
>) requires compile time support.</P
><P
>When compiling Samba to include the <TT
CLASS="PARAMETER"
><I
>--with-ldapsam</I
></TT
> autoconf
option, smbd (and associated tools) will store and lookup user accounts in
an LDAP directory. In reality, this is very easy to understand. If you are
comfortable with using an smbpasswd file, simply replace "smbpasswd" with
"LDAP directory" in all the documentation.</P
><P
>There are a few points to stress about what the <TT
CLASS="PARAMETER"
><I
>--with-ldapsam</I
></TT
>
does not provide. The LDAP support referred to in the this documentation does not
include:</P
><P
></P
><UL
><LI
><P
>A means of retrieving user account information from
an Windows 2000 Active Directory server.</P
></LI
><LI
><P
>A means of replacing /etc/passwd.</P
></LI
></UL
><P
>The second item can be accomplished by using LDAP NSS and PAM modules. LGPL
versions of these libraries can be obtained from PADL Software
(<A
HREF="http://www.padl.com/"
TARGET="_top"
>http://www.padl.com/</A
>). However,
the details of configuring these packages are beyond the scope of this document.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN52"
>Supported LDAP Servers</A
></H1
><P
>The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
2.0 server and client libraries. The same code should be able to work with
Netscape's Directory Server and client SDK. However, due to lack of testing
so far, there are bound to be compile errors and bugs. These should not be
hard to fix. If you are so inclined, please be sure to forward all patches to
<A
HREF="samba-patches@samba.org"
TARGET="_top"
>samba-patches@samba.org</A
> and
<A
HREF="jerry@samba.org"
TARGET="_top"
>jerry@samba.org</A
>.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN57"
>Schema and Relationship to the RFC 2307 posixAccount</A
></H1
><P
>Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
<TT
CLASS="FILENAME"
>examples/LDAP/samba.schema</TT
>. (Note that this schema
file has been modified since the experimental support initially included
in 2.2.2). The sambaAccount objectclass is given here:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
DESC 'Samba Account'
MUST ( uid $ rid )
MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
description $ userWorkstations $ primaryGroupID $ domain ))</PRE
></P
><P
>The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are
owned by the Samba Team and as such is legal to be openly published.
If you translate the schema to be used with Netscape DS, please
submit the modified schema file as a patch to <A
HREF="jerry@samba.org"
TARGET="_top"
>jerry@samba.org</A
></P
><P
>Just as the smbpasswd file is mean to store information which supplements a
user's <TT
CLASS="FILENAME"
>/etc/passwd</TT
> entry, so is the sambaAccount object
meant to supplement the UNIX user account information. A sambaAccount is a
<TT
CLASS="CONSTANT"
>STRUCTURAL</TT
> objectclass so it can be stored individually
in the directory. However, there are several fields (e.g. uid) which overlap
with the posixAccount objectclass outlined in RFC2307. This is by design.</P
><P
>In order to store all user account information (UNIX and Samba) in the directory,
it is necessary to use the sambaAccount and posixAccount objectclasses in
combination. However, smbd will still obtain the user's UNIX account
information via the standard C library calls (e.g. getpwnam(), et. al.).
This means that the Samba server must also have the LDAP NSS library installed
and functioning correctly. This division of information makes it possible to
store all Samba account information in LDAP, but still maintain UNIX account
information in NIS while the network is transitioning to a full LDAP infrastructure.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN69"
>Configuring Samba with LDAP</A
></H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN71"
>OpenLDAP configuration</A
></H2
><P
>To include support for the sambaAccount object in an OpenLDAP directory
server, first copy the samba.schema file to slapd's configuration directory.</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><B
CLASS="COMMAND"
>cp samba.schema /etc/openldap/schema/</B
></P
><P
>Next, include the <TT
CLASS="FILENAME"
>samba.schema</TT
> file in <TT
CLASS="FILENAME"
>slapd.conf</TT
>.
The sambaAccount object contains two attributes which depend upon other schema
files. The 'uid' attribute is defined in <TT
CLASS="FILENAME"
>cosine.schema</TT
> and
the 'displayName' attribute is defined in the <TT
CLASS="FILENAME"
>inetorgperson.schema</TT
>
file. Both of these must be included before the <TT
CLASS="FILENAME"
>samba.schema</TT
> file.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>## /etc/openldap/slapd.conf
## schema files (core.schema is required by default)
include /etc/openldap/schema/core.schema
## needed for sambaAccount
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba.schema
## uncomment this line if you want to support the RFC2307 (NIS) schema
## include /etc/openldap/schema/nis.schema
....</PRE
></P
><P
>It is recommended that you maintain some indices on some of the most usefull attributes,
like in the following example, to speed up searches made on sambaAccount objectclasses
(and possibly posixAccount and posixGroup as well).</P
><P
><PRE
CLASS="PROGRAMLISTING"
># Indices to maintain
## required by OpenLDAP 2.0
index objectclass eq
## support pb_getsampwnam()
index uid pres,eq
## support pdb_getsambapwrid()
index rid eq
## uncomment these if you are storing posixAccount and
## posixGroup entries in the directory as well
##index uidNumber eq
##index gidNumber eq
##index cn eq
##index memberUid eq</PRE
></P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN88"
>Configuring Samba</A
></H2
><P
>The following parameters are available in smb.conf only with <TT
CLASS="PARAMETER"
><I
>--with-ldapsam</I
></TT
>
was included with compiling Samba.</P
><P
></P
><UL
><LI
><P
><A
HREF="smb.conf.5.html#LDAPSSL"
TARGET="_top"
>ldap ssl</A
></P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#LDAPSERVER"
TARGET="_top"
>ldap server</A
></P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#LDAPADMINDN"
TARGET="_top"
>ldap admin dn</A
></P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#LDAPSUFFIX"
TARGET="_top"
>ldap suffix</A
></P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#LDAPFILTER"
TARGET="_top"
>ldap filter</A
></P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#LDAPPORT"
TARGET="_top"
>ldap port</A
></P
></LI
></UL
><P
>These are described in the <A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
> man
page and so will not be repeated here. However, a sample smb.conf file for
use with an LDAP directory could appear as</P
><P
><PRE
CLASS="PROGRAMLISTING"
>## /usr/local/samba/lib/smb.conf
[global]
security = user
encrypt passwords = yes
netbios name = TASHTEGO
workgroup = NARNIA
# ldap related parameters
# define the DN to use when binding to the directory servers
# The password for this DN is not stored in smb.conf. Rather it
# must be set by using 'smbpasswd -w <TT
CLASS="REPLACEABLE"
><I
>secretpw</I
></TT
>' to store the
# passphrase in the secrets.tdb file. If the "ldap admin dn" values
# changes, this password will need to be reset.
ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
# specify the LDAP server's hostname (defaults to locahost)
ldap server = ahab.samba.org
# Define the SSL option when connecting to the directory
# ('off', 'start tls', or 'on' (default))
ldap ssl = start tls
# define the port to use in the LDAP session (defaults to 636 when
# "ldap ssl = on")
ldap port = 389
# specify the base DN to use when searching the directory
ldap suffix = "ou=people,dc=samba,dc=org"
# generally the default ldap search filter is ok
# ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"</PRE
></P
></DIV
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN116"
>Accounts and Groups management</A
></H1
><P
>As users accounts are managed thru the sambaAccount objectclass, you should
modify you existing administration tools to deal with sambaAccount attributes.</P
><P
>Machines accounts are managed with the sambaAccount objectclass, just
like users accounts. However, it's up to you to stored thoses accounts
in a different tree of you LDAP namespace: you should use
"ou=Groups,dc=plainjoe,dc=org" to store groups and
"ou=People,dc=plainjoe,dc=org" to store users. Just configure your
NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration
file).</P
><P
>In Samba release 2.2.3, the group management system is based on posix
groups. This meand that Samba make usage of the posixGroup objectclass.
For now, there is no NT-like group system management (global and local
groups).</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN121"
>Security and sambaAccount</A
></H1
><P
>There are two important points to remember when discussing the security
of sambaAccount entries in the directory.</P
><P
></P
><UL
><LI
><P
><I
CLASS="EMPHASIS"
>Never</I
> retrieve the lmPassword or
ntPassword attribute values over an unencrypted LDAP session.</P
></LI
><LI
><P
><I
CLASS="EMPHASIS"
>Never</I
> allow non-admin users to
view the lmPassword or ntPassword attribute values.</P
></LI
></UL
><P
>These password hashes are clear text equivalents and can be used to impersonate
the user without deriving the original clear text strings. For more information
on the details of LM/NT password hashes, refer to the <A
HREF="ENCRYPTION.html"
TARGET="_top"
>ENCRYPTION chapter</A
> of the Samba-HOWTO-Collection.</P
><P
>To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults
to require an encrypted session (<B
CLASS="COMMAND"
>ldap ssl = on</B
>) using
the default port of 636
when contacting the directory server. When using an OpenLDAP 2.0 server, it
is possible to use the use the StartTLS LDAP extended operation in the place of
LDAPS. In either case, you are strongly discouraged to disable this security
(<B
CLASS="COMMAND"
>ldap ssl = off</B
>).</P
><P
>Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS
extended operation. However, the OpenLDAP library still provides support for
the older method of securing communication between clients and servers.</P
><P
>The second security precaution is to prevent non-administrative users from
harvesting password hashes from the directory. This can be done using the
following ACL in <TT
CLASS="FILENAME"
>slapd.conf</TT
>:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>## allow the "ldap admin dn" access, but deny everyone else
access to attrs=lmPassword,ntPassword
by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
by * none</PRE
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN141"
>LDAP specials attributes for sambaAccounts</A
></H1
><P
>The sambaAccount objectclass is composed of the following attributes:</P
><P
></P
><UL
><LI
><P
><TT
CLASS="CONSTANT"
>lmPassword</TT
>: the LANMAN password 16-byte hash stored as a character
representation of a hexidecimal string.</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>ntPassword</TT
>: the NT password hash 16-byte stored as a character
representation of a hexidecimal string.</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>pwdLastSet</TT
>: The integer time in seconds since 1970 when the
<TT
CLASS="CONSTANT"
>lmPassword</TT
> and <TT
CLASS="CONSTANT"
>ntPassword</TT
> attributes were last set.
</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>acctFlags</TT
>: string of 11 characters surrounded by square brackets []
representing account flags such as U (user), W(workstation), X(no password expiration), and
D(disabled).</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>logonTime</TT
>: Integer value currently unused</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>logoffTime</TT
>: Integer value currently unused</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>kickoffTime</TT
>: Integer value currently unused</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>pwdCanChange</TT
>: Integer value currently unused</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>pwdMustChange</TT
>: Integer value currently unused</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>homeDrive</TT
>: specifies the drive letter to which to map the
UNC path specified by homeDirectory. The drive letter must be specified in the form "X:"
where X is the letter of the drive to map. Refer to the "logon drive" parameter in the
smb.conf(5) man page for more information.</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>scriptPath</TT
>: The scriptPath property specifies the path of
the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
is relative to the netlogon share. Refer to the "logon script" parameter in the
smb.conf(5) man page for more information.</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>profilePath</TT
>: specifies a path to the user's profile.
This value can be a null string, a local absolute path, or a UNC path. Refer to the
"logon path" parameter in the smb.conf(5) man page for more information.</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>smbHome</TT
>: The homeDirectory property specifies the path of
the home directory for the user. The string can be null. If homeDrive is set and specifies
a drive letter, homeDirectory should be a UNC path. The path must be a network
UNC path of the form \\server\share\directory. This value can be a null string.
Refer to the "logon home" parameter in the smb.conf(5) man page for more information.
</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>userWorkstation</TT
>: character string value currently unused.
</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>rid</TT
>: the integer representation of the user's relative identifier
(RID).</P
></LI
><LI
><P
><TT
CLASS="CONSTANT"
>primaryGroupID</TT
>: the relative identifier (RID) of the primary group
of the user.</P
></LI
></UL
><P
>The majority of these parameters are only used when Samba is acting as a PDC of
a domain (refer to the <A
HREF="Samba-PDC-HOWTO.html"
TARGET="_top"
>Samba-PDC-HOWTO</A
> for details on
how to configure Samba as a Primary Domain Controller). The following four attributes
are only stored with the sambaAccount entry if the values are non-default values:</P
><P
></P
><UL
><LI
><P
>smbHome</P
></LI
><LI
><P
>scriptPath</P
></LI
><LI
><P
>logonPath</P
></LI
><LI
><P
>homeDrive</P
></LI
></UL
><P
>These attributes are only stored with the sambaAccount entry if
the values are non-default values. For example, assume TASHTEGO has now been
configured as a PDC and that <B
CLASS="COMMAND"
>logon home = \\%L\%u</B
> was defined in
its <TT
CLASS="FILENAME"
>smb.conf</TT
> file. When a user named "becky" logons to the domain,
the <TT
CLASS="PARAMETER"
><I
>logon home</I
></TT
> string is expanded to \\TASHTEGO\becky.
If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org",
this value is used. However, if this attribute does not exist, then the value
of the <TT
CLASS="PARAMETER"
><I
>logon home</I
></TT
> parameter is used in its place. Samba
will only write the attribute value to the directory entry is the value is
something other than the default (e.g. \\MOBY\becky).</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN211"
>Example LDIF Entries for a sambaAccount</A
></H1
><P
>The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>dn: uid=guest2, ou=people,dc=plainjoe,dc=org
ntPassword: 878D8014606CDA29677A44EFA1353FC7
pwdMustChange: 2147483647
primaryGroupID: 1201
lmPassword: 552902031BEDE9EFAAD3B435B51404EE
pwdLastSet: 1010179124
logonTime: 0
objectClass: sambaAccount
uid: guest2
kickoffTime: 2147483647
acctFlags: [UX ]
logoffTime: 2147483647
rid: 19006
pwdCanChange: 0</PRE
></P
><P
>The following is an LDIF entry for using both the sambaAccount and
posixAccount objectclasses:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
logonTime: 0
displayName: Gerald Carter
lmPassword: 552902031BEDE9EFAAD3B435B51404EE
primaryGroupID: 1201
objectClass: posixAccount
objectClass: sambaAccount
acctFlags: [UX ]
userPassword: {crypt}BpM2ej8Rkzogo
uid: gcarter
uidNumber: 9000
cn: Gerald Carter
loginShell: /bin/bash
logoffTime: 2147483647
gidNumber: 100
kickoffTime: 2147483647
pwdLastSet: 1010179230
rid: 19000
homeDirectory: /home/tashtego/gcarter
pwdCanChange: 0
pwdMustChange: 2147483647
ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN219"
>Comments</A
></H1
><P
>Please mail all comments regarding this HOWTO to <A
HREF="mailto:jerry@samba.org"
TARGET="_top"
>jerry@samba.org</A
>. This documents was
last updated to reflect the Samba 2.2.3 release.&#13;</P
></DIV
></DIV
></BODY
></HTML
>

550
docs/htmldocs/Speed.html
View File

@ -1,550 +0,0 @@
<HTML
><HEAD
><TITLE
>Samba performance issues</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="SPEED"
>Samba performance issues</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Comparisons</A
></H1
><P
>The Samba server uses TCP to talk to the client. Thus if you are
trying to see if it performs well you should really compare it to
programs that use the same protocol. The most readily available
programs for file transfer that use TCP are ftp or another TCP based
SMB server.</P
><P
>If you want to test against something like a NT or WfWg server then
you will have to disable all but TCP on either the client or
server. Otherwise you may well be using a totally different protocol
(such as Netbeui) and comparisons may not be valid.</P
><P
>Generally you should find that Samba performs similarly to ftp at raw
transfer speed. It should perform quite a bit faster than NFS,
although this very much depends on your system.</P
><P
>Several people have done comparisons between Samba and Novell, NFS or
WinNT. In some cases Samba performed the best, in others the worst. I
suspect the biggest factor is not Samba vs some other system but the
hardware and drivers used on the various systems. Given similar
hardware Samba should certainly be competitive in speed with other
systems.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN9"
>Oplocks</A
></H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN11"
>Overview</A
></H2
><P
>Oplocks are the way that SMB clients get permission from a server to
locally cache file operations. If a server grants an oplock
(opportunistic lock) then the client is free to assume that it is the
only one accessing the file and it will agressively cache file
data. With some oplock types the client may even cache file open/close
operations. This can give enormous performance benefits.</P
><P
>With the release of Samba 1.9.18 we now correctly support opportunistic
locks. This is turned on by default, and can be turned off on a share-
by-share basis by setting the parameter :</P
><P
><B
CLASS="COMMAND"
>oplocks = False</B
></P
><P
>We recommend that you leave oplocks on however, as current benchmark
tests with NetBench seem to give approximately a 30% improvement in
speed with them on. This is on average however, and the actual
improvement seen can be orders of magnitude greater, depending on
what the client redirector is doing.</P
><P
>Previous to Samba 1.9.18 there was a 'fake oplocks' option. This
option has been left in the code for backwards compatibility reasons
but it's use is now deprecated. A short summary of what the old
code did follows.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN19"
>Level2 Oplocks</A
></H2
><P
>With Samba 2.0.5 a new capability - level2 (read only) oplocks is
supported (although the option is off by default - see the smb.conf
man page for details). Turning on level2 oplocks (on a share-by-share basis)
by setting the parameter :</P
><P
><B
CLASS="COMMAND"
>level2 oplocks = true</B
></P
><P
>should speed concurrent access to files that are not commonly written
to, such as application serving shares (ie. shares that contain common
.EXE files - such as a Microsoft Office share) as it allows clients to
read-ahread cache copies of these files.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN25"
>Old 'fake oplocks' option - deprecated</A
></H2
><P
>Samba can also fake oplocks, by granting a oplock whenever a client
asks for one. This is controlled using the smb.conf option "fake
oplocks". If you set "fake oplocks = yes" then you are telling the
client that it may agressively cache the file data for all opens.</P
><P
>Enabling 'fake oplocks' on all read-only shares or shares that you know
will only be accessed from one client at a time you will see a big
performance improvement on many operations. If you enable this option
on shares where multiple clients may be accessing the files read-write
at the same time you can get data corruption.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN29"
>Socket options</A
></H1
><P
>There are a number of socket options that can greatly affect the
performance of a TCP based server like Samba.</P
><P
>The socket options that Samba uses are settable both on the command
line with the -O option, or in the smb.conf file.</P
><P
>The "socket options" section of the smb.conf manual page describes how
to set these and gives recommendations.</P
><P
>Getting the socket options right can make a big difference to your
performance, but getting them wrong can degrade it by just as
much. The correct settings are very dependent on your local network.</P
><P
>The socket option TCP_NODELAY is the one that seems to make the
biggest single difference for most networks. Many people report that
adding "socket options = TCP_NODELAY" doubles the read performance of
a Samba drive. The best explanation I have seen for this is that the
Microsoft TCP/IP stack is slow in sending tcp ACKs.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN36"
>Read size</A
></H1
><P
>The option "read size" affects the overlap of disk reads/writes with
network reads/writes. If the amount of data being transferred in
several of the SMB commands (currently SMBwrite, SMBwriteX and
SMBreadbraw) is larger than this value then the server begins writing
the data before it has received the whole packet from the network, or
in the case of SMBreadbraw, it begins writing to the network before
all the data has been read from disk.</P
><P
>This overlapping works best when the speeds of disk and network access
are similar, having very little effect when the speed of one is much
greater than the other.</P
><P
>The default value is 16384, but very little experimentation has been
done yet to determine the optimal value, and it is likely that the best
value will vary greatly between systems anyway. A value over 65536 is
pointless and will cause you to allocate memory unnecessarily.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN41"
>Max xmit</A
></H1
><P
>At startup the client and server negotiate a "maximum transmit" size,
which limits the size of nearly all SMB commands. You can set the
maximum size that Samba will negotiate using the "max xmit = " option
in smb.conf. Note that this is the maximum size of SMB request that
Samba will accept, but not the maximum size that the *client* will accept.
The client maximum receive size is sent to Samba by the client and Samba
honours this limit.</P
><P
>It defaults to 65536 bytes (the maximum), but it is possible that some
clients may perform better with a smaller transmit unit. Trying values
of less than 2048 is likely to cause severe problems.</P
><P
>In most cases the default is the best option.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN46"
>Locking</A
></H1
><P
>By default Samba does not implement strict locking on each read/write
call (although it did in previous versions). If you enable strict
locking (using "strict locking = yes") then you may find that you
suffer a severe performance hit on some systems.</P
><P
>The performance hit will probably be greater on NFS mounted
filesystems, but could be quite high even on local disks.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN50"
>Share modes</A
></H1
><P
>Some people find that opening files is very slow. This is often
because of the "share modes" code needed to fully implement the dos
share modes stuff. You can disable this code using "share modes =
no". This will gain you a lot in opening and closing files but will
mean that (in some cases) the system won't force a second user of a
file to open the file read-only if the first has it open
read-write. For many applications that do their own locking this
doesn't matter, but for some it may. Most Windows applications
depend heavily on "share modes" working correctly and it is
recommended that the Samba share mode support be left at the
default of "on".</P
><P
>The share mode code in Samba has been re-written in the 1.9.17
release following tests with the Ziff-Davis NetBench PC Benchmarking
tool. It is now believed that Samba 1.9.17 implements share modes
similarly to Windows NT.</P
><P
>NOTE: In the most recent versions of Samba there is an option to use
shared memory via mmap() to implement the share modes. This makes
things much faster. See the Makefile for how to enable this.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN55"
>Log level</A
></H1
><P
>If you set the log level (also known as "debug level") higher than 2
then you may suffer a large drop in performance. This is because the
server flushes the log file after each operation, which can be very
expensive. </P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN58"
>Wide lines</A
></H1
><P
>The "wide links" option is now enabled by default, but if you disable
it (for better security) then you may suffer a performance hit in
resolving filenames. The performance loss is lessened if you have
"getwd cache = yes", which is now the default.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN61"
>Read raw</A
></H1
><P
>The "read raw" operation is designed to be an optimised, low-latency
file read operation. A server may choose to not support it,
however. and Samba makes support for "read raw" optional, with it
being enabled by default.</P
><P
>In some cases clients don't handle "read raw" very well and actually
get lower performance using it than they get using the conventional
read operations. </P
><P
>So you might like to try "read raw = no" and see what happens on your
network. It might lower, raise or not affect your performance. Only
testing can really tell.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN66"
>Write raw</A
></H1
><P
>The "write raw" operation is designed to be an optimised, low-latency
file write operation. A server may choose to not support it,
however. and Samba makes support for "write raw" optional, with it
being enabled by default.</P
><P
>Some machines may find "write raw" slower than normal write, in which
case you may wish to change this option.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN70"
>Read prediction</A
></H1
><P
>Samba can do read prediction on some of the SMB commands. Read
prediction means that Samba reads some extra data on the last file it
read while waiting for the next SMB command to arrive. It can then
respond more quickly when the next read request arrives.</P
><P
>This is disabled by default. You can enable it by using "read
prediction = yes".</P
><P
>Note that read prediction is only used on files that were opened read
only.</P
><P
>Read prediction should particularly help for those silly clients (such
as "Write" under NT) which do lots of very small reads on a file.</P
><P
>Samba will not read ahead more data than the amount specified in the
"read size" option. It always reads ahead on 1k block boundaries.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN77"
>Memory mapping</A
></H1
><P
>Samba supports reading files via memory mapping them. One some
machines this can give a large boost to performance, on others it
makes not difference at all, and on some it may reduce performance.</P
><P
>To enable you you have to recompile Samba with the -DUSE_MMAP option
on the FLAGS line of the Makefile.</P
><P
>Note that memory mapping is only used on files opened read only, and
is not used by the "read raw" operation. Thus you may find memory
mapping is more effective if you disable "read raw" using "read raw =
no".</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN82"
>Slow Clients</A
></H1
><P
>One person has reported that setting the protocol to COREPLUS rather
than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
><P
>I suspect that his PC's (386sx16 based) were asking for more data than
they could chew. I suspect a similar speed could be had by setting
"read raw = no" and "max xmit = 2048", instead of changing the
protocol. Lowering the "read size" might also help.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN86"
>Slow Logins</A
></H1
><P
>Slow logins are almost always due to the password checking time. Using
the lowest practical "password level" will improve things a lot. You
could also enable the "UFC crypt" option in the Makefile.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN89"
>Client tuning</A
></H1
><P
>Often a speed problem can be traced to the client. The client (for
example Windows for Workgroups) can often be tuned for better TCP
performance.</P
><P
>See your client docs for details. In particular, I have heard rumours
that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
large impact on performance.</P
><P
>Also note that some people have found that setting DefaultRcvWindow in
the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
big improvement. I don't know why.</P
><P
>My own experience wth DefaultRcvWindow is that I get much better
performance with a large value (16384 or larger). Other people have
reported that anything over 3072 slows things down enourmously. One
person even reported a speed drop of a factor of 30 when he went from
3072 to 8192. I don't know why.</P
><P
>It probably depends a lot on your hardware, and the type of unix box
you have at the other end of the link.</P
><P
>Paul Cochrane has done some testing on client side tuning and come
to the following conclusions:</P
><P
>Install the W2setup.exe file from www.microsoft.com. This is an
update for the winsock stack and utilities which improve performance.</P
><P
>Configure the win95 TCPIP registry settings to give better
perfomance. I use a program called MTUSPEED.exe which I got off the
net. There are various other utilities of this type freely available.
The setting which give the best performance for me are:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>MaxMTU Remove</P
></LI
><LI
><P
>RWIN Remove</P
></LI
><LI
><P
>MTUAutoDiscover Disable</P
></LI
><LI
><P
>MTUBlackHoleDetect Disable</P
></LI
><LI
><P
>Time To Live Enabled</P
></LI
><LI
><P
>Time To Live - HOPS 32</P
></LI
><LI
><P
>NDI Cache Size 0</P
></LI
></OL
><P
>I tried virtually all of the items mentioned in the document and
the only one which made a difference to me was the socket options. It
turned out I was better off without any!!!!!</P
><P
>In terms of overall speed of transfer, between various win95 clients
and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE
drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.</P
><P
>FIXME
The figures are: Put Get
P166 client 3Com card: 420-440kB/s 500-520kB/s
P100 client 3Com card: 390-410kB/s 490-510kB/s
DX4-75 client NE2000: 370-380kB/s 330-350kB/s</P
><P
>I based these test on transfer two files a 4.5MB text file and a 15MB
textfile. The results arn't bad considering the hardware Samba is
running on. It's a crap machine!!!!</P
><P
>The updates mentioned in 1 and 2 brought up the transfer rates from
just over 100kB/s in some clients.</P
><P
>A new client is a P333 connected via a 100MB/s card and hub. The
transfer rates from this were good: 450-500kB/s on put and 600+kB/s
on get.</P
><P
>Looking at standard FTP throughput, Samba is a bit slower (100kB/s
upwards). I suppose there is more going on in the samba protocol, but
if it could get up to the rate of FTP the perfomance would be quite
staggering.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN121"
>My Results</A
></H1
><P
>Some people want to see real numbers in a document like this, so here
they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b
tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC
Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to
set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My
server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC
Elite-16 card. You can see my server config in the examples/tridge/
subdirectory of the distribution.</P
><P
>I get 490k/s on reading a 8Mb file with copy.
I get 441k/s writing the same file to the samba server.</P
><P
>Of course, there's a lot more to benchmarks than 2 raw throughput
figures, but it gives you a ballpark figure.</P
><P
>I've also tested Win95 and WinNT, and found WinNT gave me the best
speed as a samba client. The fastest client of all (for me) is
smbclient running on another linux box. Maybe I'll add those results
here someday ...</P
></DIV
></DIV
></BODY
></HTML
>

799
docs/htmldocs/UNIX_INSTALL.html
View File

@ -1,799 +0,0 @@
<HTML
><HEAD
><TITLE
>How to Install and Test SAMBA</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="INSTALL"
>How to Install and Test SAMBA</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Step 0: Read the man pages</A
></H1
><P
>The man pages distributed with SAMBA contain
lots of useful info that will help to get you started.
If you don't know how to read man pages then try
something like:</P
><P
><TT
CLASS="PROMPT"
>$ </TT
><TT
CLASS="USERINPUT"
><B
>nroff -man smbd.8 | more
</B
></TT
></P
><P
>Other sources of information are pointed to
by the Samba web site,<A
HREF="http://www.samba.org/"
TARGET="_top"
> http://www.samba.org</A
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN11"
>Step 1: Building the Binaries</A
></H1
><P
>To do this, first run the program <B
CLASS="COMMAND"
>./configure
</B
> in the source directory. This should automatically
configure Samba for your operating system. If you have unusual
needs then you may wish to run</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>./configure --help
</B
></TT
></P
><P
>first to see what special options you can enable.
Then executing</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make</B
></TT
></P
><P
>will create the binaries. Once it's successfully
compiled you can use </P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make install</B
></TT
></P
><P
>to install the binaries and manual pages. You can
separately install the binaries and/or man pages using</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make installbin
</B
></TT
></P
><P
>and</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make installman
</B
></TT
></P
><P
>Note that if you are upgrading for a previous version
of Samba you might like to know that the old versions of
the binaries will be renamed with a ".old" extension. You
can go back to the previous version with</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make revert
</B
></TT
></P
><P
>if you find this version a disaster!</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN39"
>Step 2: The all important step</A
></H1
><P
>At this stage you must fetch yourself a
coffee or other drink you find stimulating. Getting the rest
of the install right can sometimes be tricky, so you will
probably need it.</P
><P
>If you have installed samba before then you can skip
this step.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN43"
>Step 3: Create the smb configuration file.</A
></H1
><P
>There are sample configuration files in the examples
subdirectory in the distribution. I suggest you read them
carefully so you can see how the options go together in
practice. See the man page for all the options.</P
><P
>The simplest useful configuration file would be
something like this:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> [global]
workgroup = MYGROUP
[homes]
guest ok = no
read only = no
</PRE
></P
><P
>which would allow connections by anyone with an
account on the server, using either their login name or
"homes" as the service name. (Note that I also set the
workgroup that Samba is part of. See BROWSING.txt for details)</P
><P
>Note that <B
CLASS="COMMAND"
>make install</B
> will not install
a <TT
CLASS="FILENAME"
>smb.conf</TT
> file. You need to create it
yourself. </P
><P
>Make sure you put the smb.conf file in the same place
you specified in the<TT
CLASS="FILENAME"
>Makefile</TT
> (the default is to
look for it in <TT
CLASS="FILENAME"
>/usr/local/samba/lib/</TT
>).</P
><P
>For more information about security settings for the
[homes] share please refer to the document UNIX_SECURITY.txt.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN57"
>Step 4: Test your config file with
<B
CLASS="COMMAND"
>testparm</B
></A
></H1
><P
>It's important that you test the validity of your
<TT
CLASS="FILENAME"
>smb.conf</TT
> file using the testparm program.
If testparm runs OK then it will list the loaded services. If
not it will give an error message.</P
><P
>Make sure it runs OK and that the services look
reasonable before proceeding. </P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN63"
>Step 5: Starting the smbd and nmbd</A
></H1
><P
>You must choose to start smbd and nmbd either
as daemons or from <B
CLASS="COMMAND"
>inetd</B
>. Don't try
to do both! Either you can put them in <TT
CLASS="FILENAME"
> inetd.conf</TT
> and have them started on demand
by <B
CLASS="COMMAND"
>inetd</B
>, or you can start them as
daemons either from the command line or in <TT
CLASS="FILENAME"
> /etc/rc.local</TT
>. See the man pages for details
on the command line options. Take particular care to read
the bit about what user you need to be in order to start
Samba. In many cases you must be root.</P
><P
>The main advantage of starting <B
CLASS="COMMAND"
>smbd</B
>
and <B
CLASS="COMMAND"
>nmbd</B
> using the recommended daemon method
is that they will respond slightly more quickly to an initial connection
request.</P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN73"
>Step 5a: Starting from inetd.conf</A
></H2
><P
>NOTE; The following will be different if
you use NIS or NIS+ to distributed services maps.</P
><P
>Look at your <TT
CLASS="FILENAME"
>/etc/services</TT
>.
What is defined at port 139/tcp. If nothing is defined
then add a line like this:</P
><P
><TT
CLASS="USERINPUT"
><B
>netbios-ssn 139/tcp</B
></TT
></P
><P
>similarly for 137/udp you should have an entry like:</P
><P
><TT
CLASS="USERINPUT"
><B
>netbios-ns 137/udp</B
></TT
></P
><P
>Next edit your <TT
CLASS="FILENAME"
>/etc/inetd.conf</TT
>
and add two lines something like this:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd
</PRE
></P
><P
>The exact syntax of <TT
CLASS="FILENAME"
>/etc/inetd.conf</TT
>
varies between unixes. Look at the other entries in inetd.conf
for a guide.</P
><P
>NOTE: Some unixes already have entries like netbios_ns
(note the underscore) in <TT
CLASS="FILENAME"
>/etc/services</TT
>.
You must either edit <TT
CLASS="FILENAME"
>/etc/services</TT
> or
<TT
CLASS="FILENAME"
>/etc/inetd.conf</TT
> to make them consistent.</P
><P
>NOTE: On many systems you may need to use the
"interfaces" option in smb.conf to specify the IP address
and netmask of your interfaces. Run <B
CLASS="COMMAND"
>ifconfig</B
>
as root if you don't know what the broadcast is for your
net. <B
CLASS="COMMAND"
>nmbd</B
> tries to determine it at run
time, but fails on some unixes. See the section on "testing nmbd"
for a method of finding if you need to do this.</P
><P
>!!!WARNING!!! Many unixes only accept around 5
parameters on the command line in <TT
CLASS="FILENAME"
>inetd.conf</TT
>.
This means you shouldn't use spaces between the options and
arguments, or you should use a script, and start the script
from <B
CLASS="COMMAND"
>inetd</B
>.</P
><P
>Restart <B
CLASS="COMMAND"
>inetd</B
>, perhaps just send
it a HUP. If you have installed an earlier version of <B
CLASS="COMMAND"
> nmbd</B
> then you may need to kill nmbd as well.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN102"
>Step 5b. Alternative: starting it as a daemon</A
></H2
><P
>To start the server as a daemon you should create
a script something like this one, perhaps calling
it <TT
CLASS="FILENAME"
>startsmb</TT
>.</P
><P
><PRE
CLASS="PROGRAMLISTING"
> #!/bin/sh
/usr/local/samba/bin/smbd -D
/usr/local/samba/bin/nmbd -D
</PRE
></P
><P
>then make it executable with <B
CLASS="COMMAND"
>chmod
+x startsmb</B
></P
><P
>You can then run <B
CLASS="COMMAND"
>startsmb</B
> by
hand or execute it from <TT
CLASS="FILENAME"
>/etc/rc.local</TT
>
</P
><P
>To kill it send a kill signal to the processes
<B
CLASS="COMMAND"
>nmbd</B
> and <B
CLASS="COMMAND"
>smbd</B
>.</P
><P
>NOTE: If you use the SVR4 style init system then
you may like to look at the <TT
CLASS="FILENAME"
>examples/svr4-startup</TT
>
script to make Samba fit into that system.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN118"
>Step 6: Try listing the shares available on your
server</A
></H1
><P
><TT
CLASS="PROMPT"
>$ </TT
><TT
CLASS="USERINPUT"
><B
>smbclient -L
<TT
CLASS="REPLACEABLE"
><I
>yourhostname</I
></TT
></B
></TT
></P
><P
>You should get back a list of shares available on
your server. If you don't then something is incorrectly setup.
Note that this method can also be used to see what shares
are available on other LanManager clients (such as WfWg).</P
><P
>If you choose user level security then you may find
that Samba requests a password before it will list the shares.
See the <B
CLASS="COMMAND"
>smbclient</B
> man page for details. (you
can force it to list the shares without a password by
adding the option -U% to the command line. This will not work
with non-Samba servers)</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN127"
>Step 7: Try connecting with the unix client</A
></H1
><P
><TT
CLASS="PROMPT"
>$ </TT
><TT
CLASS="USERINPUT"
><B
>smbclient <TT
CLASS="REPLACEABLE"
><I
> //yourhostname/aservice</I
></TT
></B
></TT
></P
><P
>Typically the <TT
CLASS="REPLACEABLE"
><I
>yourhostname</I
></TT
>
would be the name of the host where you installed <B
CLASS="COMMAND"
> smbd</B
>. The <TT
CLASS="REPLACEABLE"
><I
>aservice</I
></TT
> is
any service you have defined in the <TT
CLASS="FILENAME"
>smb.conf</TT
>
file. Try your user name if you just have a [homes] section
in <TT
CLASS="FILENAME"
>smb.conf</TT
>.</P
><P
>For example if your unix host is bambi and your login
name is fred you would type:</P
><P
><TT
CLASS="PROMPT"
>$ </TT
><TT
CLASS="USERINPUT"
><B
>smbclient //bambi/fred
</B
></TT
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN143"
>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT,
Win2k, OS/2, etc... client</A
></H1
><P
>Try mounting disks. eg:</P
><P
><TT
CLASS="PROMPT"
>C:\WINDOWS\&#62; </TT
><TT
CLASS="USERINPUT"
><B
>net use d: \\servername\service
</B
></TT
></P
><P
>Try printing. eg:</P
><P
><TT
CLASS="PROMPT"
>C:\WINDOWS\&#62; </TT
><TT
CLASS="USERINPUT"
><B
>net use lpt1:
\\servername\spoolservice</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>C:\WINDOWS\&#62; </TT
><TT
CLASS="USERINPUT"
><B
>print filename
</B
></TT
></P
><P
>Celebrate, or send me a bug report!</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN157"
>What If Things Don't Work?</A
></H1
><P
>If nothing works and you start to think "who wrote
this pile of trash" then I suggest you do step 2 again (and
again) till you calm down.</P
><P
>Then you might read the file DIAGNOSIS.txt and the
FAQ. If you are still stuck then try the mailing list or
newsgroup (look in the README for details). Samba has been
successfully installed at thousands of sites worldwide, so maybe
someone else has hit your problem and has overcome it. You could
also use the WWW site to scan back issues of the samba-digest.</P
><P
>When you fix the problem PLEASE send me some updates to the
documentation (or source code) so that the next person will find it
easier. </P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN162"
>Diagnosing Problems</A
></H2
><P
>If you have installation problems then go to
<TT
CLASS="FILENAME"
>DIAGNOSIS.txt</TT
> to try to find the
problem.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN166"
>Scope IDs</A
></H2
><P
>By default Samba uses a blank scope ID. This means
all your windows boxes must also have a blank scope ID.
If you really want to use a non-blank scope ID then you will
need to use the 'netbios scope' smb.conf option.
All your PCs will need to have the same setting for
this to work. I do not recommend scope IDs.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN169"
>Choosing the Protocol Level</A
></H2
><P
>The SMB protocol has many dialects. Currently
Samba supports 5, called CORE, COREPLUS, LANMAN1,
LANMAN2 and NT1.</P
><P
>You can choose what maximum protocol to support
in the <TT
CLASS="FILENAME"
>smb.conf</TT
> file. The default is
NT1 and that is the best for the vast majority of sites.</P
><P
>In older versions of Samba you may have found it
necessary to use COREPLUS. The limitations that led to
this have mostly been fixed. It is now less likely that you
will want to use less than LANMAN1. The only remaining advantage
of COREPLUS is that for some obscure reason WfWg preserves
the case of passwords in this protocol, whereas under LANMAN1,
LANMAN2 or NT1 it uppercases all passwords before sending them,
forcing you to use the "password level=" option in some cases.</P
><P
>The main advantage of LANMAN2 and NT1 is support for
long filenames with some clients (eg: smbclient, Windows NT
or Win95). </P
><P
>See the smb.conf(5) manual page for more details.</P
><P
>Note: To support print queue reporting you may find
that you have to use TCP/IP as the default protocol under
WfWg. For some reason if you leave Netbeui as the default
it may break the print queue reporting on some systems.
It is presumably a WfWg bug.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN178"
>Printing from UNIX to a Client PC</A
></H2
><P
>To use a printer that is available via a smb-based
server from a unix host you will need to compile the
smbclient program. You then need to install the script
"smbprint". Read the instruction in smbprint for more details.
</P
><P
>There is also a SYSV style script that does much
the same thing called smbprint.sysv. It contains instructions.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN182"
>Locking</A
></H2
><P
>One area which sometimes causes trouble is locking.</P
><P
>There are two types of locking which need to be
performed by a SMB server. The first is "record locking"
which allows a client to lock a range of bytes in a open file.
The second is the "deny modes" that are specified when a file
is open.</P
><P
>Record locking semantics under Unix is very
different from record locking under Windows. Versions
of Samba before 2.2 have tried to use the native
fcntl() unix system call to implement proper record
locking between different Samba clients. This can not
be fully correct due to several reasons. The simplest
is the fact that a Windows client is allowed to lock a
byte range up to 2^32 or 2^64, depending on the client
OS. The unix locking only supports byte ranges up to
2^31. So it is not possible to correctly satisfy a
lock request above 2^31. There are many more
differences, too many to be listed here.</P
><P
>Samba 2.2 and above implements record locking
completely independent of the underlying unix
system. If a byte range lock that the client requests
happens to fall into the range 0-2^31, Samba hands
this request down to the Unix system. All other locks
can not be seen by unix anyway.</P
><P
>Strictly a SMB server should check for locks before
every read and write call on a file. Unfortunately with the
way fcntl() works this can be slow and may overstress the
rpc.lockd. It is also almost always unnecessary as clients
are supposed to independently make locking calls before reads
and writes anyway if locking is important to them. By default
Samba only makes locking calls when explicitly asked
to by a client, but if you set "strict locking = yes" then it will
make lock checking calls on every read and write. </P
><P
>You can also disable by range locking completely
using "locking = no". This is useful for those shares that
don't support locking or don't need it (such as cdroms). In
this case Samba fakes the return codes of locking calls to
tell clients that everything is OK.</P
><P
>The second class of locking is the "deny modes". These
are set by an application when it opens a file to determine
what types of access should be allowed simultaneously with
its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE
or DENY_ALL. There are also special compatibility modes called
DENY_FCB and DENY_DOS.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN191"
>Mapping Usernames</A
></H2
><P
>If you have different usernames on the PCs and
the unix server then take a look at the "username map" option.
See the smb.conf man page for details.</P
></DIV
></DIV
></DIV
></BODY
></HTML
>

20
docs/htmldocs/findsmb.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>findsmb</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="FINDSMB"
>findsmb</A
></H1
></A
>findsmb</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -108,7 +109,7 @@ CLASS="COMMAND"
<TT
CLASS="CONSTANT"
>-B</TT
> option</P
> option.</P
></DD
></DL
></DIV
@ -156,7 +157,7 @@ CLASS="COMMAND"
get proper responses from Windows 95 and Windows 98 machines,
the command must be run as root. </P
><P
>For example running <B
>For example, running <B
CLASS="COMMAND"
>findsmb</B
> on a machine
@ -165,12 +166,6 @@ CLASS="COMMAND"
>nmbd</B
> running would yield output similar
to the following</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
><TT
@ -189,9 +184,6 @@ CLASS="COMPUTEROUTPUT"
192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
</TT
></PRE
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="REFSECT1"

24
docs/htmldocs/lmhosts.5.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>lmhosts</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="LMHOSTS"
>lmhosts</A
></H1
></A
>lmhosts</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -59,9 +60,13 @@ TARGET="_top"
><TT
CLASS="FILENAME"
>lmhosts</TT
> is the <EM
> is the <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Samba
</EM
</I
></SPAN
> NetBIOS name to IP address mapping file. It
is very similar to the <TT
CLASS="FILENAME"
@ -104,12 +109,6 @@ NAME="AEN20"
><P
>An example follows :</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>#
@ -119,9 +118,6 @@ CLASS="PROGRAMLISTING"
192.9.200.20 NTSERVER#20
192.9.200.21 SAMBASERVER
</PRE
></TD
></TR
></TABLE
></P
><P
>Contains three IP to NetBIOS name mappings. The first

354
docs/htmldocs/make_smbcodepage.1.html
View File

@ -1,354 +0,0 @@
<HTML
><HEAD
><TITLE
>make_smbcodepage</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="MAKE-SMBCODEPAGE"
>make_smbcodepage</A
></H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>make_smbcodepage&nbsp;--&nbsp;construct a codepage file for Samba</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>make_smbcodepage</B
> {c|d} {codepage} {inputfile} {outputfile}</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN15"
></A
><H2
>DESCRIPTION</H2
><P
>This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
><B
CLASS="COMMAND"
>make_smbcodepage</B
> compiles or de-compiles
codepage files for use with the internationalization features
of Samba 2.2</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN21"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>c|d</DT
><DD
><P
>This tells <B
CLASS="COMMAND"
>make_smbcodepage</B
>
if it is compiling (<TT
CLASS="PARAMETER"
><I
>c</I
></TT
>) a text format code
page file to binary, or (<TT
CLASS="PARAMETER"
><I
>d</I
></TT
>) de-compiling
a binary codepage file to text. </P
></DD
><DT
>codepage</DT
><DD
><P
>This is the codepage we are processing (a
number, e.g. 850). </P
></DD
><DT
>inputfile</DT
><DD
><P
>This is the input file to process. In
the <TT
CLASS="PARAMETER"
><I
>c</I
></TT
> case this will be a text
codepage definition file such as the ones found in the Samba
<TT
CLASS="FILENAME"
>source/codepages</TT
> directory. In
the <TT
CLASS="PARAMETER"
><I
>d</I
></TT
> case this will be the
binary format codepage definition file normally found in
the <TT
CLASS="FILENAME"
>lib/codepages</TT
> directory in the
Samba install directory path.</P
></DD
><DT
>outputfile</DT
><DD
><P
>This is the output file to produce.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN47"
></A
><H2
>Samba Codepage Files</H2
><P
>A text Samba codepage definition file is a description
that tells Samba how to map from upper to lower case for
characters greater than ascii 127 in the specified DOS code page.
Note that for certain DOS codepages (437 for example) mapping
from lower to upper case may be non-symmetrical. For example, in
code page 437 lower case a acute maps to a plain upper case A
when going from lower to upper case, but plain upper case A maps
to plain lower case a when lower casing a character. </P
><P
>A binary Samba codepage definition file is a binary
representation of the same information, including a value that
specifies what codepage this file is describing. </P
><P
>As Samba does not yet use UNICODE (current for Samba version 2.2)
you must specify the client code page that your DOS and Windows
clients are using if you wish to have case insensitivity done
correctly for your particular language. The default codepage Samba
uses is 850 (Western European). Text codepage definition sample files
are provided in the Samba distribution for codepages 437 (USA), 737 (Greek),
850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic),
932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional
Chinese). Users are encouraged to write text codepage definition files for
their own code pages and donate them to samba@samba.org. All codepage files
in the Samba <TT
CLASS="FILENAME"
>source/codepages</TT
> directory are
compiled and installed when a <B
CLASS="COMMAND"
>'make install'</B
>
command is issued there. </P
><P
>The client codepage used by the <B
CLASS="COMMAND"
>smbd</B
> server
is configured using the <B
CLASS="COMMAND"
>client code page</B
> parameter
in the <B
CLASS="COMMAND"
>smb.conf</B
> file. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN58"
></A
><H2
>Files</H2
><P
><B
CLASS="COMMAND"
>codepage_def.&#60;codepage&#62;</B
></P
><P
>These are the input (text) codepage files provided in the
Samba <TT
CLASS="FILENAME"
>source/codepages</TT
> directory.</P
><P
>A text codepage definition file consists of multiple lines
containing four fields. These fields are:</P
><P
></P
><UL
><LI
><P
><B
CLASS="COMMAND"
>lower</B
>: which is the
(hex) lower case character mapped on this line.</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>upper</B
>: which is the (hex)
upper case character that the lower case character will map to.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>map upper to lower</B
> which
is a boolean value (put either True or False here) which tells
Samba if it is to map the given upper case character to the
given lower case character when lower casing a filename.
</P
></LI
><LI
><P
><B
CLASS="COMMAND"
>map lower to upper</B
> which
is a boolean value (put either True or False here) which tells
Samba if it is to map the given lower case character to the
given upper case character when upper casing a filename.
</P
></LI
></UL
><P
><B
CLASS="COMMAND"
>codepage.&#60;codepage&#62;</B
> - These are the
output (binary) codepage files produced and placed in the Samba
destination <TT
CLASS="FILENAME"
>lib/codepage</TT
> directory. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN81"
></A
><H2
>Installation</H2
><P
>The location of the server and its support files is a
matter for individual system administrators. The following are
thus suggestions only. </P
><P
>It is recommended that the <B
CLASS="COMMAND"
>make_smbcodepage
</B
> program be installed under the <TT
CLASS="FILENAME"
>/usr/local/samba
</TT
> hierarchy, in a directory readable by all, writeable
only by root. The program itself should be executable by all. The
program should NOT be setuid or setgid! </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN87"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN90"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>,
<A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN96"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>

276
docs/htmldocs/make_unicodemap.1.html
View File

@ -1,276 +0,0 @@
<HTML
><HEAD
><TITLE
>make_unicodemap</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="MAKE-UNICODEMAP"
>make_unicodemap</A
></H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>make_unicodemap&nbsp;--&nbsp;construct a unicode map file for Samba</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>make_unicodemap</B
> {codepage} {inputfile} {outputfile}</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN14"
></A
><H2
>DESCRIPTION</H2
><P
> This tool is part of the <A
HREF="samba.7.html"
TARGET="_top"
>Samba</A
>
suite.
</P
><P
> <B
CLASS="COMMAND"
>make_unicodemap</B
> compiles text unicode map
files into binary unicode map files for use with the
internationalization features of Samba 2.2.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN20"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>codepage</DT
><DD
><P
>This is the codepage or UNIX character
set we are processing (a number, e.g. 850).
</P
></DD
><DT
>inputfile</DT
><DD
><P
>This is the input file to process. This is a
text unicode map file such as the ones found in the Samba
<TT
CLASS="FILENAME"
>source/codepages</TT
> directory.
</P
></DD
><DT
>outputfile</DT
><DD
><P
>This is the binary output file to produce.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN36"
></A
><H2
>Samba Unicode Map Files</H2
><P
> A text Samba unicode map file is a description that tells Samba
how to map characters from a specified DOS code page or UNIX character
set to 16 bit unicode.
</P
><P
>A binary Samba unicode map file is a binary representation
of the same information, including a value that specifies what
codepage or UNIX character set this file is describing.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN40"
></A
><H2
>Files</H2
><P
><TT
CLASS="FILENAME"
>CP&#60;codepage&#62;.TXT</TT
></P
><P
> These are the input (text) unicode map files provided
in the Samba <TT
CLASS="FILENAME"
>source/codepages</TT
>
directory.
</P
><P
> A text unicode map file consists of multiple lines
containing two fields. These fields are :
</P
><P
></P
><UL
><LI
><P
><TT
CLASS="PARAMETER"
><I
>character</I
></TT
> - which is
the (hex) character mapped on this line.
</P
></LI
><LI
><P
><TT
CLASS="PARAMETER"
><I
>unicode</I
></TT
> - which
is the (hex) 16 bit unicode character that the character
will map to.
</P
></LI
></UL
><P
> <TT
CLASS="FILENAME"
>unicode_map.&#60;codepage&#62;</TT
> - These are
the output (binary) unicode map files produced and placed in
the Samba destination <TT
CLASS="FILENAME"
>lib/codepage</TT
>
directory.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN57"
></A
><H2
>Installation</H2
><P
> The location of the server and its support files is a matter
for individual system administrators. The following are thus
suggestions only.
</P
><P
> It is recommended that the <B
CLASS="COMMAND"
>make_unicodemap</B
>
program be installed under the
<TT
CLASS="FILENAME"
>$prefix/samba</TT
> hierarchy,
in a directory readable by all, writeable only by root. The
program itself should be executable by all. The program
should NOT be setuid or setgid!
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN63"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN66"
></A
><H2
>SEE ALSO</H2
><P
><A
HREF="smbd.8.html"
TARGET="_top"
><B
CLASS="COMMAND"
>smbd(8)</B
></A
>,
<A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)</A
>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN72"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<A
HREF="ftp://ftp.icce.rug.nl/pub/unix/"
TARGET="_top"
> ftp://ftp.icce.rug.nl/pub/unix/</A
>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</P
></DIV
></BODY
></HTML
>

210
docs/htmldocs/msdfs_setup.html
View File

@ -1,210 +0,0 @@
<HTML
><HEAD
><TITLE
>Hosting a Microsoft Distributed File System tree on Samba</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="MSDFS"
>Hosting a Microsoft Distributed File System tree on Samba</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Instructions</A
></H1
><P
>The Distributed File System (or Dfs) provides a means of
separating the logical view of files and directories that users
see from the actual physical locations of these resources on the
network. It allows for higher availability, smoother storage expansion,
load balancing etc. For more information about Dfs, refer to <A
HREF="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp"
TARGET="_top"
> Microsoft documentation</A
>. </P
><P
>This document explains how to host a Dfs tree on a Unix
machine (for Dfs-aware clients to browse) using Samba.</P
><P
>To enable SMB-based DFS for Samba, configure it with the
<TT
CLASS="PARAMETER"
><I
>--with-msdfs</I
></TT
> option. Once built, a
Samba server can be made a Dfs server by setting the global
boolean <A
HREF="smb.conf.5.html#HOSTMSDFS"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
> host msdfs</I
></TT
></A
> parameter in the <TT
CLASS="FILENAME"
>smb.conf
</TT
> file. You designate a share as a Dfs root using the share
level boolean <A
HREF="smb.conf.5.html#MSDFSROOT"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
> msdfs root</I
></TT
></A
> parameter. A Dfs root directory on
Samba hosts Dfs links in the form of symbolic links that point
to other servers. For example, a symbolic link
<TT
CLASS="FILENAME"
>junction-&gt;msdfs:storage1\share1</TT
> in
the share directory acts as the Dfs junction. When Dfs-aware
clients attempt to access the junction link, they are redirected
to the storage location (in this case, \\storage1\share1).</P
><P
>Dfs trees on Samba work with all Dfs-aware clients ranging
from Windows 95 to 2000.</P
><P
>Here's an example of setting up a Dfs tree on a Samba
server.</P
><P
><PRE
CLASS="PROGRAMLISTING"
># The smb.conf file:
[global]
netbios name = SAMBA
host msdfs = yes
[dfs]
path = /export/dfsroot
msdfs root = yes
</PRE
></P
><P
>In the /export/dfsroot directory we set up our dfs links to
other servers on the network.</P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>cd /export/dfsroot</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>chown root /export/dfsroot</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>chmod 755 /export/dfsroot</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>ln -s msdfs:storageA\\shareA linka</B
></TT
></P
><P
><TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>ln -s msdfs:serverB\\share,serverC\\share linkb</B
></TT
></P
><P
>You should set up the permissions and ownership of
the directory acting as the Dfs root such that only designated
users can create, delete or modify the msdfs links. Also note
that symlink names should be all lowercase. This limitation exists
to have Samba avoid trying all the case combinations to get at
the link name. Finally set up the symbolic links to point to the
network shares you want, and start Samba.</P
><P
>Users on Dfs-aware clients can now browse the Dfs tree
on the Samba server at \\samba\dfs. Accessing
links linka or linkb (which appear as directories to the client)
takes users directly to the appropriate shares on the network.</P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN38"
>Notes</A
></H2
><P
></P
><UL
><LI
><P
>Windows clients need to be rebooted
if a previously mounted non-dfs share is made a dfs
root or vice versa. A better way is to introduce a
new share and make it the dfs root.</P
></LI
><LI
><P
>Currently there's a restriction that msdfs
symlink names should all be lowercase.</P
></LI
><LI
><P
>For security purposes, the directory
acting as the root of the Dfs tree should have ownership
and permissions set so that only designated users can
modify the symbolic links in the directory.</P
></LI
></UL
></DIV
></DIV
></DIV
></BODY
></HTML
>

317
docs/htmldocs/net.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>net</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="NET"
>net</A
></H1
></A
>net</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -37,12 +38,12 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>net</B
> {&#60;ads|rap|rpc&#62;}</P
> {&lt;ads|rap|rpc&gt;} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-C comment] [-M maxusers] [-F flags] [-j jobid] [-l] [-r] [-f] [-t timeout] [-P] [-D debuglevel]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN12"
NAME="AEN31"
></A
><H2
>DESCRIPTION</H2
@ -52,31 +53,327 @@ HREF="samba.7.html"
TARGET="_top"
> Samba</A
> suite.</P
><P
>The samba net utility is meant to work just like the net utility
available for windows and DOS.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN16"
NAME="AEN36"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-h</DT
><DD
><P
> Display summary of all available options.
</P
></DD
><DT
>-w target-workgroup</DT
><DD
><P
> Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
</P
></DD
><DT
>-W workgroup</DT
><DD
><P
> Sets client workgroup or domain
</P
></DD
><DT
>-U user</DT
><DD
><P
> User name to use
</P
></DD
><DT
>-I ip-address</DT
><DD
><P
> IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
</P
></DD
><DT
>-p port</DT
><DD
><P
> Port on the target server to connect to.
</P
></DD
><DT
>-n myname</DT
><DD
><P
> Sets name of the client.
</P
></DD
><DT
>-s conffile</DT
><DD
><P
> Specify alternative configuration file that should be loaded.
</P
></DD
><DT
>-S server</DT
><DD
><P
> Name of target server. You should specify either this option or a target workgroup or a target IP address.
</P
></DD
><DT
>-C comment</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-M maxusers</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-F flags</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-j jobid</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-l</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-r</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-f</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-t timeout</DT
><DD
><P
> FIXME
</P
></DD
><DT
>-P</DT
><DD
><P
> Make queries to the external server using the machine account of the local server.
</P
></DD
><DT
>-D debuglevel</DT
><DD
><P
>set the debuglevel. Debug level 0 is the lowest
and 100 being the highest. This should be set to 100 if you are
planning on submitting a bug report to the Samba team (see
<TT
CLASS="FILENAME"
>BUGS.txt</TT
>).
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN19"
NAME="AEN116"
></A
><H2
>COMMANDS</H2
>TIME</H2
><P
>The <B
CLASS="COMMAND"
>NET TIME</B
> command allows you to view the time on a remote server
or synchronise the time on the local server with the time on the remote server.</P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
></DT
><DD
><P
> Without any options, the <B
CLASS="COMMAND"
>NET TIME</B
> command
displays the time on the remote server.
</P
></DD
><DT
>SYSTEM</DT
><DD
><P
> Displays the time on the remote server in a format ready for /bin/date
</P
></DD
><DT
>SET</DT
><DD
><P
> Tries to set the date and time of the local server to that on
the remote server using /bin/date.
</P
></DD
><DT
>ZONE</DT
><DD
><P
> Displays the timezone in hours from GMT on the remote computer.
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN22"
NAME="AEN138"
></A
><H2
>RPC</H2
><P
>The <B
CLASS="COMMAND"
>NET RPC</B
> command allows you to do various
NT4 operations.</P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>JOIN -U username[%password] [options]</DT
><DD
><P
> Join a domain with specified username and password. Password
will be prompted if none is specified.</P
></DD
><DT
>JOIN [options except -U]</DT
><DD
><P
> to join a domain created in server manager
</P
></DD
><DT
>USER [misc. options] [targets]</DT
><DD
><P
> List users
</P
></DD
><DT
>USER DELETE &lt;name&gt; [misc options]</DT
><DD
><P
> delete specified user
</P
></DD
><DT
>USER INFO &lt;name&gt; [misc options]</DT
><DD
><P
> list the domain groups of the specified user
</P
></DD
><DT
>USER ADD &lt;name&gt; [password] [-F user flags] [misc. options</DT
><DD
><P
> Add specified user
</P
></DD
><DT
>GROUP [misc options] [targets]</DT
><DD
><P
> List user groups
</P
></DD
><DT
>GROUP DELETE &lt;name&gt; [misc. options] [targets]</DT
><DD
><P
> Delete specified group
</P
></DD
><DT
>GROUP ADD &lt;name&gt; [-C comment]</DT
><DD
><P
> Create specified group
</P
></DD
><DT
>SHARE [misc. options] [targets]</DT
><DD
><P
> enumerates all exported resources (network shares) on target server
</P
></DD
><DT
>SHARE ADD &lt;name=serverpath&gt; [misc. options] [targets]</DT
><DD
><P
> Adds a share from a server (makes the export active)
</P
></DD
><DT
>SHARE DELETE &lt;sharenam</DT
><DD
><P
></P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN191"
></A
><H2
>VERSION</H2
@ -87,7 +384,7 @@ NAME="AEN22"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN25"
NAME="AEN194"
></A
><H2
>AUTHOR</H2

88
docs/htmldocs/nmbd.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>nmbd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="NMBD"
>nmbd</A
></H1
></A
>nmbd</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -37,7 +38,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>nmbd</B
> [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-d &#60;debug level&#62;] [-H &#60;lmhosts file&#62;] [-l &#60;log directory&#62;] [-n &#60;primary netbios name&#62;] [-p &#60;port number&#62;] [-s &#60;configuration file&#62;]</P
> [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-d &lt;debug level&gt;] [-H &lt;lmhosts file&gt;] [-l &lt;log directory&gt;] [-n &lt;primary netbios name&gt;] [-p &lt;port number&gt;] [-s &lt;configuration file&gt;]</P
></DIV
><DIV
CLASS="REFSECT1"
@ -71,8 +72,12 @@ CLASS="COMMAND"
specified it will respond with the IP number of the host it
is running on. Its "own NetBIOS name" is by
default the primary DNS name of the host it is running on,
but this can be overridden with the <EM
>-n</EM
but this can be overridden with the <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>-n</I
></SPAN
>
option (see OPTIONS below). Thus <B
CLASS="COMMAND"
@ -106,7 +111,7 @@ CLASS="COMMAND"
>nmbd</B
> can act as a WINS
proxy, relaying broadcast queries from clients that do
not understand how to talk the WINS protocol to a WIN
not understand how to talk the WINS protocol to a WINS
server.</P
></DIV
><DIV
@ -158,7 +163,7 @@ CLASS="COMMAND"
>If this parameter is specified it causes the
server to run "interactively", not as a daemon, even if the
server is executed on the command line of a shell. Setting this
parameter negates the implicit deamon mode when run from the
parameter negates the implicit daemon mode when run from the
command line.
</P
></DD
@ -185,7 +190,7 @@ CLASS="COMMAND"
>.</P
></DD
><DT
>-H &#60;filename&#62;</DT
>-H &lt;filename&gt;</DT
><DD
><P
>NetBIOS lmhosts file. The lmhosts
@ -204,16 +209,24 @@ CLASS="FILENAME"
></A
>
to resolve any NetBIOS name queries needed by the server. Note
that the contents of this file are <EM
>NOT</EM
that the contents of this file are <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
>
used by <B
CLASS="COMMAND"
>nmbd</B
> to answer any name queries.
Adding a line to this file affects name NetBIOS resolution
from this host <EM
>ONLY</EM
from this host <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>ONLY</I
></SPAN
>.</P
><P
>The default path to this file is compiled into
@ -229,15 +242,16 @@ CLASS="FILENAME"
<TT
CLASS="FILENAME"
>/etc/lmhosts</TT
>. See the <A
>. See the
<A
HREF="lmhosts.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
>lmhosts(5)</TT
></A
> man page for details on the
contents of this file.</P
>
man page for details on the contents of this file.</P
></DD
><DT
>-V</DT
@ -250,7 +264,7 @@ CLASS="COMMAND"
>.</P
></DD
><DT
>-d &#60;debug level&#62;</DT
>-d &lt;debug level&gt;</DT
><DD
><P
>debuglevel is an integer
@ -281,21 +295,21 @@ HREF="smb.conf.5.html"
TARGET="_top"
><TT
CLASS="FILENAME"
> smb.conf</TT
> smb.conf(5)</TT
></A
> file.</P
></DD
><DT
>-l &#60;log directory&#62;</DT
>-l &lt;log directory&gt;</DT
><DD
><P
>The -l parameter specifies a directory
into which the "log.nmbd" log file will be created
for operational data from the running
<B
for operational data from the running <B
CLASS="COMMAND"
>nmbd</B
> server. The default log directory is compiled into Samba
>
server. The default log directory is compiled into Samba
as part of the build process. Common defaults are <TT
CLASS="FILENAME"
> /usr/local/samba/var/log.nmb</TT
@ -306,8 +320,12 @@ CLASS="FILENAME"
<TT
CLASS="FILENAME"
>/var/log/log.nmb</TT
>. <EM
>Beware:</EM
>. <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Beware:</I
></SPAN
>
If the directory specified does not exist, <B
CLASS="COMMAND"
@ -317,7 +335,7 @@ CLASS="COMMAND"
</P
></DD
><DT
>-n &#60;primary NetBIOS name&#62;</DT
>-n &lt;primary NetBIOS name&gt;</DT
><DD
><P
>This option allows you to override
@ -342,7 +360,7 @@ CLASS="FILENAME"
>.</P
></DD
><DT
>-p &#60;UDP port number&#62;</DT
>-p &lt;UDP port number&gt;</DT
><DD
><P
>UDP port number is a positive integer value.
@ -355,7 +373,7 @@ CLASS="COMMAND"
won't need help!</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
>-s &lt;configuration file&gt;</DT
><DD
><P
>The default configuration file name
@ -505,8 +523,12 @@ CLASS="FILENAME"
>If <B
CLASS="COMMAND"
>nmbd</B
> is acting as a <EM
> browse master</EM
> is acting as a <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
> browse master</I
></SPAN
> (see the <A
HREF="smb.conf.5.html#LOCALMASTER"
TARGET="_top"
@ -546,8 +568,12 @@ NAME="AEN178"
CLASS="COMMAND"
>nmbd</B
> process it is recommended
that SIGKILL (-9) <EM
>NOT</EM
that SIGKILL (-9) <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
> be used, except as a last
resort, as this may leave the name database in an inconsistent state.
The correct way to terminate <B

37
docs/htmldocs/nmblookup.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>nmblookup</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="NMBLOOKUP"
>nmblookup</A
></H1
></A
>nmblookup</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -37,7 +38,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>nmblookup</B
> [-M] [-R] [-S] [-r] [-A] [-h] [-B &#60;broadcast address&#62;] [-U &#60;unicast address&#62;] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] [-i &#60;NetBIOS scope&#62;] [-T] {name}</P
> [-M] [-R] [-S] [-r] [-A] [-h] [-B &lt;broadcast address&gt;] [-U &lt;unicast address&gt;] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-i &lt;NetBIOS scope&gt;] [-T] {name}</P
></DIV
><DIV
CLASS="REFSECT1"
@ -156,7 +157,7 @@ CLASS="REPLACEABLE"
>Print a help (usage) message.</P
></DD
><DT
>-B &#60;broadcast address&#62;</DT
>-B &lt;broadcast address&gt;</DT
><DD
><P
>Send the query to the given broadcast address. Without
@ -179,7 +180,7 @@ CLASS="FILENAME"
</P
></DD
><DT
>-U &#60;unicast address&#62;</DT
>-U &lt;unicast address&gt;</DT
><DD
><P
>Do a unicast query to the specified address or
@ -198,7 +199,7 @@ CLASS="PARAMETER"
query a WINS server.</P
></DD
><DT
>-d &#60;debuglevel&#62;</DT
>-d &lt;debuglevel&gt;</DT
><DD
><P
>debuglevel is an integer from 0 to 10.</P
@ -234,7 +235,7 @@ CLASS="FILENAME"
> file.</P
></DD
><DT
>-s &#60;smb.conf&#62;</DT
>-s &lt;smb.conf&gt;</DT
><DD
><P
>This parameter specifies the pathname to
@ -246,7 +247,7 @@ TARGET="_top"
the Samba setup on the machine.</P
></DD
><DT
>-i &#60;scope&#62;</DT
>-i &lt;scope&gt;</DT
><DD
><P
>This specifies a NetBIOS scope that
@ -256,8 +257,12 @@ CLASS="COMMAND"
> will use to communicate with when
generating NetBIOS names. For details on the use of NetBIOS
scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are
<EM
>very</EM
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>very</I
></SPAN
> rarely used, only set this parameter
if you are the system administrator in charge of all the
NetBIOS systems you communicate with.</P
@ -270,8 +275,12 @@ CLASS="COMMAND"
lookup to be looked up via a reverse DNS lookup into a
DNS name, and printed out before each</P
><P
><EM
>IP address .... NetBIOS name</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>IP address .... NetBIOS name</I
></SPAN
></P
><P
> pair that is the normal output.</P
@ -283,7 +292,7 @@ CLASS="COMMAND"
>This is the NetBIOS name being queried. Depending
upon the previous options this may be a NetBIOS name or IP address.
If a NetBIOS name then the different name types may be specified
by appending '#&#60;type&#62;' to the name. This name may also be
by appending '#&lt;type&gt;' to the name. This name may also be
'*', which will return all registered names within a broadcast
area.</P
></DD

132
docs/htmldocs/pdbedit.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>pdbedit</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="PDBEDIT"
>pdbedit</A
></H1
></A
>pdbedit</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -36,12 +37,12 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>pdbedit</B
> [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-D debuglevel]</P
> [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-D debuglevel]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN26"
NAME="AEN27"
></A
><H2
>DESCRIPTION</H2
@ -53,11 +54,11 @@ TARGET="_top"
> suite.</P
><P
>The pdbedit program is used to manage the users accounts
stored in the sam database and can be run only by root.</P
stored in the sam database and can only be run by root.</P
><P
>The pdbedit tool use the passdb modular interface and is
>The pdbedit tool uses the passdb modular interface and is
independent from the kind of users database used (currently there
are smbpasswd, ldap, nis+ and tdb based and more can be addedd
are smbpasswd, ldap, nis+ and tdb based and more can be added
without changing the tool).</P
><P
>There are five main ways to use pdbedit: adding a user account,
@ -67,7 +68,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN33"
NAME="AEN34"
></A
><H2
>OPTIONS</H2
@ -80,7 +81,7 @@ CLASS="VARIABLELIST"
>-l</DT
><DD
><P
>This option list all the user accounts
>This option lists all the user accounts
present in the users database.
This option prints a list of user/uid pairs separated by
the ':' character.</P
@ -90,28 +91,19 @@ CLASS="COMMAND"
>pdbedit -l</B
></P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> sorce:500:Simo Sorce
samba:45:Test User
</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
>-v</DT
><DD
><P
>This option sets the verbose listing format.
It will make pdbedit list the users in the database printing
>This option enables the verbose listing format.
It causes pdbedit to list the users in the database, printing
out the account fields in a descriptive format.</P
><P
>Example: <B
@ -119,12 +111,6 @@ CLASS="COMMAND"
>pdbedit -l -v</B
></P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> ---------------
@ -146,9 +132,6 @@ CLASS="PROGRAMLISTING"
Logon Script:
Profile Path: \\BERSERKER\profile
</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
@ -156,7 +139,7 @@ CLASS="PROGRAMLISTING"
><DD
><P
>This option sets the "smbpasswd" listing format.
It will make pdbedit list the users in the database printing
It will make pdbedit list the users in the database, printing
out the account fields in a format compatible with the
<TT
CLASS="FILENAME"
@ -175,33 +158,32 @@ CLASS="COMMAND"
>pdbedit -l -w</B
></P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D:
</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
>-u username</DT
><DD
><P
>This option specifies that the username to be
used for the operation requested (listing, adding, removing)
It is <EM
>required</EM
>This option specifies the username to be
used for the operation requested (listing, adding, removing).
It is <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>required</I
></SPAN
> in add, remove and modify
operations and <EM
>optional</EM
operations and <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>optional</I
></SPAN
> in list
operations.</P
></DD
@ -279,27 +261,18 @@ CLASS="COMMAND"
><DD
><P
>This option is used to add a user into the
database. This command need the user name be specified with
the -u switch. When adding a new user pdbedit will also
ask for the password to be used</P
database. This command needs a user name specified with
the -u switch. When adding a new user, pdbedit will also
ask for the password to be used.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -a -u sorce</B
>
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
<PRE
CLASS="PROGRAMLISTING"
>new password:
retype new password</PRE
></TD
></TR
></TABLE
>
</P
></DD
@ -328,7 +301,7 @@ CLASS="COMMAND"
><DD
><P
>This option causes pdbedit to delete an account
from the database. It need the username be specified with the
from the database. It needs a username specified with the
-u switch.</P
><P
>Example: <B
@ -340,37 +313,52 @@ CLASS="COMMAND"
>-i passdb-backend</DT
><DD
><P
>Use a different passdb backend to retrieve users than the one specified in smb.conf.</P
>Use a different passdb backend to retrieve users
than the one specified in smb.conf. Can be used to import data into
your local user database.</P
><P
>This option will ease migration from one passdb backend to another.
</P
>This option will ease migration from one passdb backend to
another.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb</B
>
</P
>pdbedit -i smbpasswd:/etc/smbpasswd.old
</B
></P
></DD
><DT
>-e passdb-backend</DT
><DD
><P
>Export all currently available users to the specified password database backend.</P
>Exports all currently available users to the
specified password database backend.</P
><P
>This option will ease migration from one passdb backend to another and will ease backupping</P
>This option will ease migration from one passdb backend to
another and will ease backing up.</P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -e smbpasswd:/root/samba-users.backup</B
></P
></DD
><DT
>-b passdb-backend</DT
><DD
><P
>Use a different default passdb backend. </P
><P
>Example: <B
CLASS="COMMAND"
>pdbedit -b xml:/root/pdb-backup.xml -l</B
></P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN133"
NAME="AEN140"
></A
><H2
>NOTES</H2
@ -380,7 +368,7 @@ NAME="AEN133"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN136"
NAME="AEN143"
></A
><H2
>VERSION</H2
@ -391,7 +379,7 @@ NAME="AEN136"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN139"
NAME="AEN146"
></A
><H2
>SEE ALSO</H2
@ -411,7 +399,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN144"
NAME="AEN151"
></A
><H2
>AUTHOR</H2

987
docs/htmldocs/printer_driver2.html
View File

@ -1,987 +0,0 @@
<HTML
><HEAD
><TITLE
>Printing Support in Samba 2.2.x</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="PRINTING"
>Printing Support in Samba 2.2.x</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Introduction</A
></H1
><P
>Beginning with the 2.2.0 release, Samba supports
the native Windows NT printing mechanisms implemented via
MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of
Samba only supported LanMan printing calls.</P
><P
>The additional functionality provided by the new
SPOOLSS support includes:</P
><P
></P
><UL
><LI
><P
>Support for downloading printer driver
files to Windows 95/98/NT/2000 clients upon demand.
</P
></LI
><LI
><P
>Uploading of printer drivers via the
Windows NT Add Printer Wizard (APW) or the
Imprints tool set (refer to <A
HREF="http://imprints.sourceforge.net"
TARGET="_top"
>http://imprints.sourceforge.net</A
>).
</P
></LI
><LI
><P
>Support for the native MS-RPC printing
calls such as StartDocPrinter, EnumJobs(), etc... (See
the MSDN documentation at <A
HREF="http://msdn.microsoft.com/"
TARGET="_top"
>http://msdn.microsoft.com/</A
>
for more information on the Win32 printing API)
</P
></LI
><LI
><P
>Support for NT Access Control Lists (ACL)
on printer objects</P
></LI
><LI
><P
>Improved support for printer queue manipulation
through the use of an internal databases for spooled job
information</P
></LI
></UL
><P
>There has been some initial confusion about what all this means
and whether or not it is a requirement for printer drivers to be
installed on a Samba host in order to support printing from Windows
clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients
require that the Samba server possess a valid driver for the printer.
This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients
can use the local APW for installing drivers to be used with a Samba
served printer. This is the same behavior exhibited by Windows 9x clients.
As a side note, Samba does not use these drivers in any way to process
spooled files. They are utilized entirely by the clients.</P
><P
>The following MS KB article, may be of some help if you are dealing with
Windows 2000 clients: <I
CLASS="EMPHASIS"
>How to Add Printers with No User
Interaction in Windows 2000</I
></P
><P
><A
HREF="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP"
TARGET="_top"
>http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</A
></P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN25"
>Configuration</A
></H1
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
BORDER="1"
WIDTH="100%"
><TR
><TD
ALIGN="CENTER"
><B
>[print$] vs. [printer$]</B
></TD
></TR
><TR
><TD
ALIGN="LEFT"
><P
>Previous versions of Samba recommended using a share named [printer$].
This name was taken from the printer$ service created by Windows 9x
clients when a printer was shared. Windows 9x printer servers always have
a printer$ service which provides read-only access via no
password in order to support printer driver downloads.</P
><P
>However, the initial implementation allowed for a
parameter named <TT
CLASS="PARAMETER"
><I
>printer driver location</I
></TT
>
to be used on a per share basis to specify the location of
the driver files associated with that printer. Another
parameter named <TT
CLASS="PARAMETER"
><I
>printer driver</I
></TT
> provided
a means of defining the printer driver name to be sent to
the client.</P
><P
>These parameters, including <TT
CLASS="PARAMETER"
><I
>printer driver
file</I
></TT
> parameter, are being deprecated and should not
be used in new installations. For more information on this change,
you should refer to the <A
HREF="#MIGRATION"
>Migration section</A
>
of this document.</P
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN36"
>Creating [print$]</A
></H2
><P
>In order to support the uploading of printer driver
files, you must first configure a file share named [print$].
The name of this share is hard coded in Samba's internals so
the name is very important (print$ is the service used by
Windows NT print servers to provide support for printer driver
download).</P
><P
>You should modify the server's smb.conf file to add the global
parameters and to create the
following file share (of course, some of the parameter values,
such as 'path' are arbitrary and should be replaced with
appropriate values for your site):</P
><P
><PRE
CLASS="PROGRAMLISTING"
>[global]
; members of the ntadmin group should be able
; to add drivers and set printer properties
; root is implicitly a 'printer admin'
printer admin = @ntadmin
[print$]
path = /usr/local/samba/printers
guest ok = yes
browseable = yes
read only = yes
; since this share is configured as read only, then we need
; a 'write list'. Check the file system permissions to make
; sure this account can copy files to the share. If this
; is setup to a non-root account, then it should also exist
; as a 'printer admin'
write list = @ntadmin,root</PRE
></P
><P
>The <A
HREF="smb.conf.5.html#WRITELIST"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>write list</I
></TT
></A
> is used to allow administrative
level user accounts to have write access in order to update files
on the share. See the <A
HREF="smb.conf.5.html"
TARGET="_top"
>smb.conf(5)
man page</A
> for more information on configuring file shares.</P
><P
>The requirement for <A
HREF="smb.conf.5.html#GUESTOK"
TARGET="_top"
><B
CLASS="COMMAND"
>guest
ok = yes</B
></A
> depends upon how your
site is configured. If users will be guaranteed to have
an account on the Samba host, then this is a non-issue.</P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Author's Note: </B
>The non-issue is that if all your Windows NT users are guaranteed to be
authenticated by the Samba server (such as a domain member server and the NT
user has already been validated by the Domain Controller in
order to logon to the Windows NT console), then guest access
is not necessary. Of course, in a workgroup environment where
you just want to be able to print without worrying about
silly accounts and security, then configure the share for
guest access. You'll probably want to add <A
HREF="smb.conf.5.html#MAPTOGUEST"
TARGET="_top"
><B
CLASS="COMMAND"
>map to guest = Bad User</B
></A
> in the [global] section as well. Make sure
you understand what this parameter does before using it
though. --jerry</P
></BLOCKQUOTE
></DIV
><P
>In order for a Windows NT print server to support
the downloading of driver files by multiple client architectures,
it must create subdirectories within the [print$] service
which correspond to each of the supported client architectures.
Samba follows this model as well.</P
><P
>Next create the directory tree below the [print$] share
for each architecture you wish to support.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>[print$]-----
|-W32X86 ; "Windows NT x86"
|-WIN40 ; "Windows 95/98"
|-W32ALPHA ; "Windows NT Alpha_AXP"
|-W32MIPS ; "Windows NT R4000"
|-W32PPC ; "Windows NT PowerPC"</PRE
></P
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
BORDER="1"
WIDTH="100%"
><TR
><TD
ALIGN="CENTER"
><B
>ATTENTION! REQUIRED PERMISSIONS</B
></TD
></TR
><TR
><TD
ALIGN="LEFT"
><P
>In order to currently add a new driver to you Samba host,
one of two conditions must hold true:</P
><P
></P
><UL
><LI
><P
>The account used to connect to the Samba host
must have a uid of 0 (i.e. a root account)</P
></LI
><LI
><P
>The account used to connect to the Samba host
must be a member of the <A
HREF="smb.conf.5.html#PRINTERADMIN"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>printer
admin</I
></TT
></A
> list.</P
></LI
></UL
><P
>Of course, the connected account must still possess access
to add files to the subdirectories beneath [print$]. Remember
that all file shares are set to 'read only' by default.</P
></TD
></TR
></TABLE
></DIV
><P
>Once you have created the required [print$] service and
associated subdirectories, simply log onto the Samba server using
a root (or <TT
CLASS="PARAMETER"
><I
>printer admin</I
></TT
>) account
from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or
"My Network Places" and browse for the Samba host. Once you have located
the server, navigate to the "Printers..." folder.
You should see an initial listing of printers
that matches the printer shares defined on your Samba host.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN71"
>Setting Drivers for Existing Printers</A
></H2
><P
>The initial listing of printers in the Samba host's
Printers folder will have no real printer driver assigned
to them. By default, in Samba 2.2.0 this driver name was set to
<I
CLASS="EMPHASIS"
>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</I
>.
Later versions changed this to a NULL string to allow the use
tof the local Add Printer Wizard on NT/2000 clients.
Attempting to view the printer properties for a printer
which has this default driver assigned will result in
the error message:</P
><P
><I
CLASS="EMPHASIS"
>Device settings cannot be displayed. The driver
for the specified printer is not installed, only spooler
properties will be displayed. Do you want to install the
driver now?</I
></P
><P
>Click "No" in the error dialog and you will be presented with
the printer properties window. The way assign a driver to a
printer is to either</P
><P
></P
><UL
><LI
><P
>Use the "New Driver..." button to install
a new printer driver, or</P
></LI
><LI
><P
>Select a driver from the popup list of
installed drivers. Initially this list will be empty.</P
></LI
></UL
><P
>If you wish to install printer drivers for client
operating systems other than "Windows NT x86", you will need
to use the "Sharing" tab of the printer properties dialog.</P
><P
>Assuming you have connected with a root account, you
will also be able modify other printer properties such as
ACLs and device settings using this dialog box.</P
><P
>A few closing comments for this section, it is possible
on a Windows NT print server to have printers
listed in the Printers folder which are not shared. Samba does
not make this distinction. By definition, the only printers of
which Samba is aware are those which are specified as shares in
<TT
CLASS="FILENAME"
>smb.conf</TT
>.</P
><P
>Another interesting side note is that Windows NT clients do
not use the SMB printer share, but rather can print directly
to any printer on another Windows NT host using MS-RPC. This
of course assumes that the printing client has the necessary
privileges on the remote host serving the printer. The default
permissions assigned by Windows NT to a printer gives the "Print"
permissions to the "Everyone" well-known group.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN88"
>Support a large number of printers</A
></H2
><P
>One issue that has arisen during the development
phase of Samba 2.2 is the need to support driver downloads for
100's of printers. Using the Windows NT APW is somewhat
awkward to say the least. If more than one printer is using the
same driver, the <A
HREF="rpcclient.1.html"
TARGET="_top"
><B
CLASS="COMMAND"
>rpcclient's
setdriver command</B
></A
> can be used to set the driver
associated with an installed driver. The following is an example
of how this could be accomplished:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>
<TT
CLASS="PROMPT"
>$ </TT
>rpcclient pogo -U root%secret -c "enumdrivers"
Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
[Windows NT x86]
Printer Driver Info 1:
Driver Name: [HP LaserJet 4000 Series PS]
Printer Driver Info 1:
Driver Name: [HP LaserJet 2100 Series PS]
Printer Driver Info 1:
Driver Name: [HP LaserJet 4Si/4SiMX PS]
<TT
CLASS="PROMPT"
>$ </TT
>rpcclient pogo -U root%secret -c "enumprinters"
Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
flags:[0x800000]
name:[\\POGO\hp-print]
description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
comment:[]
<TT
CLASS="PROMPT"
>$ </TT
>rpcclient pogo -U root%secret \
<TT
CLASS="PROMPT"
>&gt; </TT
> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE
></P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN99"
>Adding New Printers via the Windows NT APW</A
></H2
><P
>By default, Samba offers all printer shares defined in <TT
CLASS="FILENAME"
>smb.conf</TT
>
in the "Printers..." folder. Also in this folder is the Windows NT
Add Printer Wizard icon. The APW will be show only if</P
><P
></P
><UL
><LI
><P
>The connected user is able to successfully
execute an OpenPrinterEx(\\server) with administrative
privileges (i.e. root or <TT
CLASS="PARAMETER"
><I
>printer admin</I
></TT
>).
</P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#SHOWADDPRINTERWIZARD"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>show
add printer wizard = yes</I
></TT
></A
> (the default).
</P
></LI
></UL
><P
>In order to be able to use the APW to successfully add a printer to a Samba
server, the <A
HREF="smb.conf.5.html#ADDPRINTERCOMMAND"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>add
printer command</I
></TT
></A
> must have a defined value. The program
hook must successfully add the printer to the system (i.e.
<TT
CLASS="FILENAME"
>/etc/printcap</TT
> or appropriate files) and
<TT
CLASS="FILENAME"
>smb.conf</TT
> if necessary.</P
><P
>When using the APW from a client, if the named printer share does
not exist, <B
CLASS="COMMAND"
>smbd</B
> will execute the <TT
CLASS="PARAMETER"
><I
>add printer
command</I
></TT
> and reparse the <TT
CLASS="FILENAME"
>smb.conf</TT
>
to attempt to locate the new printer share. If the share is still not defined,
an error of "Access Denied" is returned to the client. Note that the
<TT
CLASS="PARAMETER"
><I
>add printer program</I
></TT
> is executed under the context
of the connected user, not necessarily a root account.</P
><P
>There is a complementary <A
HREF="smb.conf.5.html#DELETEPRINTERCOMMAND"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>delete
printer command</I
></TT
></A
> for removing entries from the "Printers..."
folder.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN124"
>Samba and Printer Ports</A
></H2
><P
>Windows NT/2000 print servers associate a port with each printer. These normally
take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the
concept of ports associated with a printer. By default, only one printer port,
named "Samba Printer Port", exists on a system. Samba does not really need a port in
order to print, rather it is a requirement of Windows clients. </P
><P
>Note that Samba does not support the concept of "Printer Pooling" internally
either. This is when a logical printer is assigned to multiple ports as
a form of load balancing or fail over.</P
><P
>If you require that multiple ports be defined for some reason,
<TT
CLASS="FILENAME"
>smb.conf</TT
> possesses a <A
HREF="smb.conf.5.html#ENUMPORTSCOMMAND"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>enumports
command</I
></TT
></A
> which can be used to define an external program
that generates a listing of ports on a system.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN132"
>The Imprints Toolset</A
></H1
><P
>The Imprints tool set provides a UNIX equivalent of the
Windows NT Add Printer Wizard. For complete information, please
refer to the Imprints web site at <A
HREF="http://imprints.sourceforge.net/"
TARGET="_top"
> http://imprints.sourceforge.net/</A
> as well as the documentation
included with the imprints source distribution. This section will
only provide a brief introduction to the features of Imprints.</P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN136"
>What is Imprints?</A
></H2
><P
>Imprints is a collection of tools for supporting the goals
of</P
><P
></P
><UL
><LI
><P
>Providing a central repository information
regarding Windows NT and 95/98 printer driver packages</P
></LI
><LI
><P
>Providing the tools necessary for creating
the Imprints printer driver packages.</P
></LI
><LI
><P
>Providing an installation client which
will obtain and install printer drivers on remote Samba
and Windows NT 4 print servers.</P
></LI
></UL
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN146"
>Creating Printer Driver Packages</A
></H2
><P
>The process of creating printer driver packages is beyond
the scope of this document (refer to Imprints.txt also included
with the Samba distribution for more information). In short,
an Imprints driver package is a gzipped tarball containing the
driver files, related INF files, and a control file needed by the
installation client.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN149"
>The Imprints server</A
></H2
><P
>The Imprints server is really a database server that
may be queried via standard HTTP mechanisms. Each printer
entry in the database has an associated URL for the actual
downloading of the package. Each package is digitally signed
via GnuPG which can be used to verify that package downloaded
is actually the one referred in the Imprints database. It is
<I
CLASS="EMPHASIS"
>not</I
> recommended that this security check
be disabled.</P
></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN153"
>The Installation Client</A
></H2
><P
>More information regarding the Imprints installation client
is available in the <TT
CLASS="FILENAME"
>Imprints-Client-HOWTO.ps</TT
>
file included with the imprints source package.</P
><P
>The Imprints installation client comes in two forms.</P
><P
></P
><UL
><LI
><P
>a set of command line Perl scripts</P
></LI
><LI
><P
>a GTK+ based graphical interface to
the command line perl scripts</P
></LI
></UL
><P
>The installation client (in both forms) provides a means
of querying the Imprints database server for a matching
list of known printer model names as well as a means to
download and install the drivers on remote Samba and Windows
NT print servers.</P
><P
>The basic installation process is in four steps and
perl code is wrapped around <B
CLASS="COMMAND"
>smbclient</B
>
and <B
CLASS="COMMAND"
>rpcclient</B
>.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>
foreach (supported architecture for a given driver)
{
1. rpcclient: Get the appropriate upload directory
on the remote server
2. smbclient: Upload the driver files
3. rpcclient: Issues an AddPrinterDriver() MS-RPC
}
4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually
create the printer</PRE
></P
><P
>One of the problems encountered when implementing
the Imprints tool set was the name space issues between
various supported client architectures. For example, Windows
NT includes a driver named "Apple LaserWriter II NTX v51.8"
and Windows 95 calls its version of this driver "Apple
LaserWriter II NTX"</P
><P
>The problem is how to know what client drivers have
been uploaded for a printer. As astute reader will remember
that the Windows NT Printer Properties dialog only includes
space for one printer driver name. A quick look in the
Windows NT 4.0 system registry at</P
><P
><TT
CLASS="FILENAME"
>HKLM\System\CurrentControlSet\Control\Print\Environment
</TT
></P
><P
>will reveal that Windows NT always uses the NT driver
name. This is ok as Windows NT always requires that at least
the Windows NT version of the printer driver is present.
However, Samba does not have the requirement internally.
Therefore, how can you use the NT driver name if is has not
already been installed?</P
><P
>The way of sidestepping this limitation is to require
that all Imprints printer driver packages include both the Intel
Windows NT and 95/98 printer drivers and that NT driver is
installed first.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN175"
><A
NAME="MIGRATION"
></A
>Migration to from Samba 2.0.x to 2.2.x</A
></H1
><P
>Given that printer driver management has changed (we hope improved) in
2.2 over prior releases, migration from an existing setup to 2.2 can
follow several paths. Here are the possible scenarios for
migration:</P
><P
></P
><UL
><LI
><P
>If you do not desire the new Windows NT
print driver support, nothing needs to be done.
All existing parameters work the same.</P
></LI
><LI
><P
>If you want to take advantage of NT printer
driver support but do not want to migrate the
9x drivers to the new setup, the leave the existing
<TT
CLASS="FILENAME"
>printers.def</TT
> file. When smbd attempts
to locate a
9x driver for the printer in the TDB and fails it
will drop down to using the printers.def (and all
associated parameters). The <B
CLASS="COMMAND"
>make_printerdef</B
>
tool will also remain for backwards compatibility but will
be removed in the next major release.</P
></LI
><LI
><P
>If you install a Windows 9x driver for a printer
on your Samba host (in the printing TDB), this information will
take precedence and the three old printing parameters
will be ignored (including print driver location).</P
></LI
><LI
><P
>If you want to migrate an existing <TT
CLASS="FILENAME"
>printers.def</TT
>
file into the new setup, the current only solution is to use the Windows
NT APW to install the NT drivers and the 9x drivers. This can be scripted
using <B
CLASS="COMMAND"
>smbclient</B
> and <B
CLASS="COMMAND"
>rpcclient</B
>. See the
Imprints installation client at <A
HREF="http://imprints.sourceforge.net/"
TARGET="_top"
>http://imprints.sourceforge.net/</A
>
for an example.
</P
></LI
></UL
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
BORDER="1"
WIDTH="100%"
><TR
><TD
ALIGN="CENTER"
><B
>Achtung!</B
></TD
></TR
><TR
><TD
ALIGN="LEFT"
><P
>The following <TT
CLASS="FILENAME"
>smb.conf</TT
> parameters are considered to
be deprecated and will be removed soon. Do not use them in new
installations</P
><P
></P
><UL
><LI
><P
><TT
CLASS="PARAMETER"
><I
>printer driver file (G)</I
></TT
>
</P
></LI
><LI
><P
><TT
CLASS="PARAMETER"
><I
>printer driver (S)</I
></TT
>
</P
></LI
><LI
><P
><TT
CLASS="PARAMETER"
><I
>printer driver location (S)</I
></TT
>
</P
></LI
></UL
></TD
></TR
></TABLE
></DIV
><P
>The have been two new parameters add in Samba 2.2.2 to for
better support of Samba 2.0.x backwards capability (<TT
CLASS="PARAMETER"
><I
>disable
spoolss</I
></TT
>) and for using local printers drivers on Windows
NT/2000 clients (<TT
CLASS="PARAMETER"
><I
>use client driver</I
></TT
>). Both of
these options are described in the smb.conf(5) man page and are
disabled by default.</P
></DIV
></DIV
></BODY
></HTML
>

125
docs/htmldocs/rpcclient.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>rpcclient</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="RPCCLIENT"
>rpcclient</A
></H1
></A
>rpcclient</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -37,7 +38,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>rpcclient</B
> [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</P
> [-A authfile] [-c &lt;command string&gt;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &lt;smb config file&gt;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</P
></DIV
><DIV
CLASS="REFSECT1"
@ -104,21 +105,12 @@ CLASS="FILENAME"
password used in the connection. The format of the file is
</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> username = &#60;value&#62;
password = &#60;value&#62;
domain = &#60;value&#62;
> username = &lt;value&gt;
password = &lt;value&gt;
domain = &lt;value&gt;
</PRE
></TD
></TR
></TABLE
></P
><P
>Make certain that the permissions on the file restrict
@ -187,8 +179,8 @@ CLASS="PARAMETER"
<TT
CLASS="CONSTANT"
>'.client'</TT
> will be appended. The log file is never removed
by the client.
> will be appended. The log file is
never removed by the client.
</P
></DD
><DT
@ -202,19 +194,20 @@ CLASS="COMMAND"
for a password. By default, <B
CLASS="COMMAND"
>rpcclient</B
> will prompt
for a password. See also the <TT
> will
prompt for a password. See also the <TT
CLASS="PARAMETER"
><I
>-U</I
></TT
> option.</P
>
option.</P
></DD
><DT
>-s|--conf=smb.conf</DT
><DD
><P
>Specifies the location of the all important
>Specifies the location of the all-important
<TT
CLASS="FILENAME"
>smb.conf</TT
@ -243,8 +236,8 @@ CLASS="CONSTANT"
><P
>A third option is to use a credentials file which
contains the plaintext of the username and password. This
option is mainly provided for scripts where the admin doesn't
desire to pass the credentials on the command line or via environment
option is mainly provided for scripts where the admin does not
wish to pass the credentials on the command line or via environment
variables. If this method is used, make certain that the permissions
on the file restrict access from unwanted users. See the
<TT
@ -287,8 +280,12 @@ NAME="AEN101"
><H2
>COMMANDS</H2
><P
><EM
>LSARPC</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>LSARPC</I
></SPAN
></P
><P
></P
@ -314,7 +311,7 @@ CLASS="COMMAND"
><B
CLASS="COMMAND"
>lookupnames</B
> - Resolve s list
> - Resolve a list
of usernames to SIDs.
</P
></LI
@ -329,8 +326,12 @@ CLASS="COMMAND"
><P
> </P
><P
><EM
>SAMR</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SAMR</I
></SPAN
></P
><P
></P
@ -395,8 +396,12 @@ CLASS="COMMAND"
><P
> </P
><P
><EM
>SPOOLSS</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>SPOOLSS</I
></SPAN
></P
><P
></P
@ -405,7 +410,7 @@ CLASS="COMMAND"
><P
><B
CLASS="COMMAND"
>adddriver &#60;arch&#62; &#60;config&#62;</B
>adddriver &lt;arch&gt; &lt;config&gt;</B
>
- Execute an AddPrinterDriver() RPC to install the printer driver
information on the server. Note that the driver files should
@ -432,12 +437,6 @@ CLASS="PARAMETER"
> parameter is defined as
follows: </P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> Long Printer Name:\
@ -449,9 +448,6 @@ CLASS="PROGRAMLISTING"
Default Data Type:\
Comma Separated list of Files
</PRE
></TD
></TR
></TABLE
></P
><P
>Any empty fields should be enter as the string "NULL". </P
@ -467,8 +463,8 @@ CLASS="PROGRAMLISTING"
><P
><B
CLASS="COMMAND"
>addprinter &#60;printername&#62;
&#60;sharename&#62; &#60;drivername&#62; &#60;port&#62;</B
>addprinter &lt;printername&gt;
&lt;sharename&gt; &lt;drivername&gt; &lt;port&gt;</B
>
- Add a printer on the remote server. This printer
will be automatically shared. Be aware that the printer driver
@ -514,7 +510,7 @@ CLASS="COMMAND"
><P
><B
CLASS="COMMAND"
>enumjobs &#60;printer&#62;</B
>enumjobs &lt;printer&gt;</B
>
- List the jobs and status of a given printer.
This command corresponds to the MS Platform SDK EnumJobs()
@ -556,7 +552,7 @@ CLASS="COMMAND"
><P
><B
CLASS="COMMAND"
>getdata &#60;printername&#62;</B
>getdata &lt;printername&gt;</B
>
- Retrieve the data for a given printer setting. See
the <B
@ -570,7 +566,7 @@ CLASS="COMMAND"
><P
><B
CLASS="COMMAND"
>getdriver &#60;printername&#62;</B
>getdriver &lt;printername&gt;</B
>
- Retrieve the printer driver information (such as driver file,
config file, dependent files, etc...) for
@ -582,10 +578,10 @@ CLASS="COMMAND"
><P
><B
CLASS="COMMAND"
>getdriverdir &#60;arch&#62;</B
>getdriverdir &lt;arch&gt;</B
>
- Execute a GetPrinterDriverDirectory()
RPC to retreive the SMB share name and subdirectory for
RPC to retrieve the SMB share name and subdirectory for
storing printer driver files for a given architecture. Possible
values for <TT
CLASS="PARAMETER"
@ -600,7 +596,7 @@ CLASS="PARAMETER"
><P
><B
CLASS="COMMAND"
>getprinter &#60;printername&#62;</B
>getprinter &lt;printername&gt;</B
>
- Retrieve the current printer information. This command
corresponds to the GetPrinter() MS Platform SDK function.
@ -610,7 +606,7 @@ CLASS="COMMAND"
><P
><B
CLASS="COMMAND"
>openprinter &#60;printername&#62;</B
>openprinter &lt;printername&gt;</B
>
- Execute an OpenPrinterEx() and ClosePrinter() RPC
against a given printer. </P
@ -619,11 +615,12 @@ CLASS="COMMAND"
><P
><B
CLASS="COMMAND"
>setdriver &#60;printername&#62; &#60;drivername&#62;</B
>setdriver &lt;printername&gt;
&lt;drivername&gt;</B
>
- Execute a SetPrinter() command to update the printer driver associated
with an installed printer. The printer driver must already be correctly
installed on the print server. </P
- Execute a SetPrinter() command to update the printer driver
associated with an installed printer. The printer driver must
already be correctly installed on the print server. </P
><P
>See also the <B
CLASS="COMMAND"
@ -637,8 +634,12 @@ CLASS="COMMAND"
></LI
></UL
><P
><EM
>GENERAL OPTIONS</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>GENERAL OPTIONS</I
></SPAN
></P
><P
></P
@ -648,8 +649,8 @@ CLASS="COMMAND"
><B
CLASS="COMMAND"
>debuglevel</B
> - Set the current debug level
used to log information.</P
> - Set the current
debug level used to log information.</P
></LI
><LI
><P
@ -691,8 +692,12 @@ CLASS="COMMAND"
><P
>From Luke Leighton's original rpcclient man page:</P
><P
><EM
>"WARNING!</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>"WARNING!</I
></SPAN
> The MSRPC over SMB code has
been developed from examining Network traces. No documentation is
available from the original creators (Microsoft) on how MSRPC over

65
docs/htmldocs/samba.7.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>samba</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SAMBA"
>samba</A
></H1
></A
>samba</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -49,8 +50,13 @@ NAME="AEN11"
>The Samba software suite is a collection of programs
that implements the Server Message Block (commonly abbreviated
as SMB) protocol for UNIX systems. This protocol is sometimes
also referred to as the Common Internet File System (CIFS),
LanManager or NetBIOS protocol.</P
also referred to as the Common Internet File System (CIFS). For a
more thorough description, see <A
HREF="http://www.ubiqx.org/cifs/"
TARGET="_top"
> http://www.ubiqx.org/cifs/</A
>. Samba also implements the NetBIOS
protocol in nmbd.</P
><P
></P
><DIV
@ -87,7 +93,7 @@ CLASS="COMMAND"
CLASS="COMMAND"
>nmbd</B
>
daemon provides NetBIOS nameserving and browsing
daemon provides NetBIOS nameservice and browsing
support. The configuration file for this daemon
is described in <TT
CLASS="FILENAME"
@ -142,7 +148,7 @@ CLASS="COMMAND"
utility supports testing printer names defined
in your <TT
CLASS="FILENAME"
>printcap&#62;</TT
>printcap</TT
> file used
by Samba.</P
></DD
@ -214,7 +220,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN75"
NAME="AEN76"
></A
><H2
>COMPONENTS</H2
@ -223,17 +229,27 @@ NAME="AEN75"
component is described in a separate manual page. It is strongly
recommended that you read the documentation that comes with Samba
and the manual pages of those components that you use. If the
manual pages aren't clear enough then please send a patch or
bug report to <A
HREF="mailto:samba@samba.org"
manual pages and documents aren't clear enough then please visit
<A
HREF="http://devel.samba.org/"
TARGET="_top"
> samba@samba.org</A
></P
>http://devel.samba.org</A
>
for information on how to file a bug report or submit a patch.</P
><P
>If you require help, visit the Samba webpage at
<A
HREF="http://samba.org/"
TARGET="_top"
>http://www.samba.org/</A
> and
explore the many option available to you.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN79"
NAME="AEN82"
></A
><H2
>AVAILABILITY</H2
@ -270,7 +286,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN87"
NAME="AEN90"
></A
><H2
>VERSION</H2
@ -281,7 +297,7 @@ NAME="AEN87"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN90"
NAME="AEN93"
></A
><H2
>CONTRIBUTIONS</H2
@ -295,11 +311,14 @@ TARGET="_top"
>.
</P
><P
>If you have patches to submit or bugs to report
then you may mail them directly to samba-patches@samba.org.
Note, however, that due to the enormous popularity of this
package the Samba Team may take some time to respond to mail. We
prefer patches in <B
>If you have patches to submit, visit
<A
HREF="http://devel.samba.org/"
TARGET="_top"
>http://devel.samba.org/</A
>
for information on how to do it properly. We prefer patches in
<B
CLASS="COMMAND"
>diff -u</B
> format.</P
@ -307,7 +326,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN96"
NAME="AEN100"
></A
><H2
>CONTRIBUTORS</H2
@ -339,7 +358,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN103"
NAME="AEN107"
></A
><H2
>AUTHOR</H2

169
docs/htmldocs/security_level.html
View File

@ -1,169 +0,0 @@
<HTML
><HEAD
><TITLE
>Security levels</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
><BODY
CLASS="ARTICLE"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="SECURITY_LEVELS"
>Security levels</A
></H1
><HR></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3"
>Introduction</A
></H1
><P
>Samba supports the following options to the global smb.conf parameter</P
><P
><PRE
CLASS="PROGRAMLISTING"
>[global]
<A
HREF="smb.conf.5.html#SECURITY"
TARGET="_top"
><TT
CLASS="PARAMETER"
><I
>security</I
></TT
></A
> = [share|user(default)|domain|ads]</PRE
></P
><P
>Please refer to the smb.conf man page for usage information and to the document
<A
HREF="DOMAIN_MEMBER.html"
TARGET="_top"
>DOMAIN_MEMBER.html</A
> for further background details
on domain mode security. The Windows 2000 Kerberos domain security model
(security = ads) is described in the <A
HREF="ADS-HOWTO.html"
TARGET="_top"
>ADS-HOWTO.html</A
>.</P
><P
>Of the above, "security = server" means that Samba reports to clients that
it is running in "user mode" but actually passes off all authentication
requests to another "user mode" server. This requires an additional
parameter "password server =" that points to the real authentication server.
That real authentication server can be another Samba server or can be a
Windows NT server, the later natively capable of encrypted password support.</P
></DIV
><DIV
CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
NAME="AEN14"
>More complete description of security levels</A
></H1
><P
>A SMB server tells the client at startup what "security level" it is
running. There are two options "share level" and "user level". Which
of these two the client receives affects the way the client then tries
to authenticate itself. It does not directly affect (to any great
extent) the way the Samba server does security. I know this is
strange, but it fits in with the client/server approach of SMB. In SMB
everything is initiated and controlled by the client, and the server
can only tell the client what is available and whether an action is
allowed. </P
><P
>I'll describe user level security first, as its simpler. In user level
security the client will send a "session setup" command directly after
the protocol negotiation. This contains a username and password. The
server can either accept or reject that username/password
combination. Note that at this stage the server has no idea what
share the client will eventually try to connect to, so it can't base
the "accept/reject" on anything other than:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>the username/password</P
></LI
><LI
><P
>the machine that the client is coming from</P
></LI
></OL
><P
>If the server accepts the username/password then the client expects to
be able to mount any share (using a "tree connection") without
specifying a password. It expects that all access rights will be as
the username/password specified in the "session setup". </P
><P
>It is also possible for a client to send multiple "session setup"
requests. When the server responds it gives the client a "uid" to use
as an authentication tag for that username/password. The client can
maintain multiple authentication contexts in this way (WinDD is an
example of an application that does this)</P
><P
>Ok, now for share level security. In share level security the client
authenticates itself separately for each share. It will send a
password along with each "tree connection" (share mount). It does not
explicitly send a username with this operation. The client is
expecting a password to be associated with each share, independent of
the user. This means that samba has to work out what username the
client probably wants to use. It is never explicitly sent the
username. Some commercial SMB servers such as NT actually associate
passwords directly with shares in share level security, but samba
always uses the unix authentication scheme where it is a
username/password that is authenticated, not a "share/password".</P
><P
>Many clients send a "session setup" even if the server is in share
level security. They normally send a valid username but no
password. Samba records this username in a list of "possible
usernames". When the client then does a "tree connection" it also adds
to this list the name of the share they try to connect to (useful for
home directories) and any users listed in the "user =" smb.conf
line. The password is then checked in turn against these "possible
usernames". If a match is found then the client is authenticated as
that user.</P
><P
>Finally "server level" security. In server level security the samba
server reports to the client that it is in user level security. The
client then does a "session setup" as described earlier. The samba
server takes the username/password that the client sends and attempts
to login to the "password server" by sending exactly the same
username/password that it got from the client. If that server is in
user level security and accepts the password then samba accepts the
clients connection. This allows the samba server to use another SMB
server as the "password server". </P
><P
>You should also note that at the very start of all this, where the
server tells the client what security level it is in, it also tells
the client if it supports encryption. If it does then it supplies the
client with a random "cryptkey". The client will then send all
passwords in encrypted form. You have to compile samba with encryption
enabled to support this feature, and you have to maintain a separate
smbpasswd file with SMB style encrypted passwords. It is
cryptographically impossible to translate from unix style encryption
to SMB style encryption, although there are some fairly simple management
schemes by which the two could be kept in sync.</P
></DIV
></DIV
></BODY
></HTML
>

1779
docs/htmldocs/smb.conf.5.html
View File

File diff suppressed because it is too large Load Diff

100
docs/htmldocs/smbcacls.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbcacls</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBCACLS"
>smbcacls</A
></H1
></A
>smbcacls</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -55,8 +56,8 @@ TARGET="_top"
>The <B
CLASS="COMMAND"
>smbcacls</B
> program manipulates NT Access Control Lists
(ACLs) on SMB file shares. </P
> program manipulates NT Access Control
Lists (ACLs) on SMB file shares. </P
></DIV
><DIV
CLASS="REFSECT1"
@ -189,23 +190,14 @@ NAME="AEN75"
>The format of an ACL is one or more ACL entries separated by
either commas or newlines. An ACL entry is one of the following: </P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>
REVISION:&#60;revision number&#62;
OWNER:&#60;sid or name&#62;
GROUP:&#60;sid or name&#62;
ACL:&#60;sid or name&#62;:&#60;type&#62;/&#60;flags&#62;/&#60;mask&#62;
REVISION:&lt;revision number&gt;
OWNER:&lt;sid or name&gt;
GROUP:&lt;sid or name&gt;
ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
</PRE
></TD
></TR
></TABLE
></P
><P
>The revision of the ACL specifies the internal Windows
@ -262,38 +254,62 @@ ACL:&#60;sid or name&#62;:&#60;type&#62;/&#60;flags&#62;/&#60;mask&#62;
><UL
><LI
><P
><EM
>R</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>R</I
></SPAN
> - Allow read access </P
></LI
><LI
><P
><EM
>W</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>W</I
></SPAN
> - Allow write access</P
></LI
><LI
><P
><EM
>X</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>X</I
></SPAN
> - Execute permission on the object</P
></LI
><LI
><P
><EM
>D</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>D</I
></SPAN
> - Delete the object</P
></LI
><LI
><P
><EM
>P</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>P</I
></SPAN
> - Change permissions</P
></LI
><LI
><P
><EM
>O</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>O</I
></SPAN
> - Take ownership</P
></LI
></UL
@ -304,22 +320,34 @@ ACL:&#60;sid or name&#62;:&#60;type&#62;/&#60;flags&#62;/&#60;mask&#62;
><UL
><LI
><P
><EM
>READ</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>READ</I
></SPAN
> - Equivalent to 'RX'
permissions</P
></LI
><LI
><P
><EM
>CHANGE</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>CHANGE</I
></SPAN
> - Equivalent to 'RXWD' permissions
</P
></LI
><LI
><P
><EM
>FULL</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>FULL</I
></SPAN
> - Equivalent to 'RWXDPO'
permissions</P
></LI

148
docs/htmldocs/smbclient.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbclient</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBCLIENT"
>smbclient</A
></H1
></A
>smbclient</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -37,7 +38,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>smbclient</B
> {servicename} [password] [-b &#60;buffer size&#62;] [-d debuglevel] [-D Directory] [-U username] [-W workgroup] [-M &#60;netbios name&#62;] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L &#60;netbios name&#62;] [-I destinationIP] [-E &#60;terminal code&#62;] [-c &#60;command string&#62;] [-i scope] [-O &#60;socket options&#62;] [-p port] [-R &#60;name resolve order&#62;] [-s &#60;smb config file&#62;] [-T&#60;c|x&#62;IXFqgbNan]</P
> {servicename} [password] [-b &lt;buffer size&gt;] [-d debuglevel] [-D Directory] [-U username] [-W workgroup] [-M &lt;netbios name&gt;] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L &lt;netbios name&gt;] [-I destinationIP] [-E &lt;terminal code&gt;] [-c &lt;command string&gt;] [-i scope] [-O &lt;socket options&gt;] [-p port] [-R &lt;name resolve order&gt;] [-s &lt;smb config file&gt;] [-T&lt;c|x&gt;IXFqgbNan]</P
></DIV
><DIV
CLASS="REFSECT1"
@ -195,7 +196,7 @@ CLASS="FILENAME"
options. </P
></DD
><DT
>-R &#60;name resolve order&#62;</DT
>-R &lt;name resolve order&gt;</DT
><DD
><P
>This option is used by the programs in the Samba
@ -348,8 +349,12 @@ CLASS="FILENAME"
> for a description of how to handle incoming
WinPopup messages in Samba. </P
><P
><EM
>Note</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
></SPAN
>: Copy WinPopup into the startup group
on your WfWg PCs if you want them to always be able to receive
messages. </P
@ -368,8 +373,12 @@ CLASS="FILENAME"
CLASS="FILENAME"
>rfc1002.txt</TT
>.
NetBIOS scopes are <EM
>very</EM
NetBIOS scopes are <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>very</I
></SPAN
> rarely used, only set
this parameter if you are the system administrator in charge of all
the NetBIOS systems you communicate with. </P
@ -426,12 +435,20 @@ CLASS="REPLACEABLE"
><I
>debuglevel</I
></TT
> is set to the letter 'A', then <EM
> is set to the letter 'A', then <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>all
</EM
</I
></SPAN
> debug messages will be printed. This setting
is for developers only (and people who <EM
>really</EM
is for developers only (and people who <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>really</I
></SPAN
> want
to know how the code works internally). </P
><P
@ -593,21 +610,12 @@ CLASS="COMMAND"
password used in the connection. The format of the file is
</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>username = &#60;value&#62;
password = &#60;value&#62;
domain = &#60;value&#62;
>username = &lt;value&gt;
password = &lt;value&gt;
domain = &lt;value&gt;
</PRE
></TD
></TR
></TABLE
></P
><P
>If the domain parameter is missing the current workgroup name
@ -643,10 +651,18 @@ CLASS="COMMAND"
> how to interpret
filenames coming from the remote server. Usually Asian language
multibyte UNIX implementations use different character sets than
SMB/CIFS servers (<EM
>EUC</EM
> instead of <EM
> SJIS</EM
SMB/CIFS servers (<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>EUC</I
></SPAN
> instead of <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
> SJIS</I
></SPAN
> for example). Setting this parameter will let
<B
CLASS="COMMAND"
@ -860,8 +876,12 @@ CLASS="PARAMETER"
></LI
></UL
><P
><EM
>Tar Long File Names</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Tar Long File Names</I
></SPAN
></P
><P
><B
@ -877,16 +897,24 @@ CLASS="COMMAND"
files in the archive with relative names, not absolute names.
</P
><P
><EM
>Tar Filenames</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Tar Filenames</I
></SPAN
></P
><P
>All file names can be given as DOS path names (with '\'
as the component separator) or as UNIX path names (with '/' as
the component separator). </P
><P
><EM
>Examples</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Examples</I
></SPAN
></P
><P
>Restore from tar file <TT
@ -988,7 +1016,7 @@ NAME="AEN310"
><P
><TT
CLASS="PROMPT"
>smb:\&#62; </TT
>smb:\&gt; </TT
></P
><P
>The backslash ("\") indicates the current working directory
@ -1008,7 +1036,7 @@ CLASS="PROMPT"
><P
>Parameters shown in square brackets (e.g., "[parameter]") are
optional. If not given, the command will use suitable defaults. Parameters
shown in angle brackets (e.g., "&#60;parameter&#62;") are required.
shown in angle brackets (e.g., "&lt;parameter&gt;") are required.
</P
><P
>Note that all commands operating on the server are actually
@ -1099,7 +1127,7 @@ CLASS="REPLACEABLE"
directory on the server will be reported. </P
></DD
><DT
>del &#60;mask&#62;</DT
>del &lt;mask&gt;</DT
><DD
><P
>The client will request that the server attempt
@ -1112,7 +1140,7 @@ CLASS="REPLACEABLE"
directory on the server. </P
></DD
><DT
>dir &#60;mask&#62;</DT
>dir &lt;mask&gt;</DT
><DD
><P
>A list of the files matching <TT
@ -1132,7 +1160,7 @@ CLASS="REPLACEABLE"
from the program. </P
></DD
><DT
>get &#60;remote file name&#62; [local file name]</DT
>get &lt;remote file name&gt; [local file name]</DT
><DD
><P
>Copy the file called <TT
@ -1197,13 +1225,13 @@ CLASS="REPLACEABLE"
lowercase filenames are the norm on UNIX systems. </P
></DD
><DT
>ls &#60;mask&#62;</DT
>ls &lt;mask&gt;</DT
><DD
><P
>See the dir command above. </P
></DD
><DT
>mask &#60;mask&#62;</DT
>mask &lt;mask&gt;</DT
><DD
><P
>This command allows the user to set up a mask
@ -1229,13 +1257,13 @@ CLASS="REPLACEABLE"
mask back to "*" after using the mget or mput commands. </P
></DD
><DT
>md &#60;directory name&#62;</DT
>md &lt;directory name&gt;</DT
><DD
><P
>See the mkdir command. </P
></DD
><DT
>mget &#60;mask&#62;</DT
>mget &lt;mask&gt;</DT
><DD
><P
>Copy all files matching <TT
@ -1260,14 +1288,14 @@ CLASS="COMMAND"
> are binary. See also the lowercase command. </P
></DD
><DT
>mkdir &#60;directory name&#62;</DT
>mkdir &lt;directory name&gt;</DT
><DD
><P
>Create a new directory on the server (user access
privileges permitting) with the specified name. </P
></DD
><DT
>mput &#60;mask&#62;</DT
>mput &lt;mask&gt;</DT
><DD
><P
>Copy all files matching <TT
@ -1293,7 +1321,7 @@ CLASS="COMMAND"
are binary. </P
></DD
><DT
>print &#60;file name&#62;</DT
>print &lt;file name&gt;</DT
><DD
><P
>Print the specified file from the local machine
@ -1302,7 +1330,7 @@ CLASS="COMMAND"
>See also the printmode command.</P
></DD
><DT
>printmode &#60;graphics or text&#62;</DT
>printmode &lt;graphics or text&gt;</DT
><DD
><P
>Set the print mode to suit either binary data
@ -1322,7 +1350,7 @@ CLASS="COMMAND"
</P
></DD
><DT
>put &#60;local file name&#62; [remote file name]</DT
>put &lt;local file name&gt; [remote file name]</DT
><DD
><P
>Copy the file called <TT
@ -1354,7 +1382,7 @@ CLASS="COMMAND"
>See the exit command. </P
></DD
><DT
>rd &#60;directory name&#62;</DT
>rd &lt;directory name&gt;</DT
><DD
><P
>See the rmdir command. </P
@ -1379,7 +1407,7 @@ CLASS="COMMAND"
using the mask command will be ignored. </P
></DD
><DT
>rm &#60;mask&#62;</DT
>rm &lt;mask&gt;</DT
><DD
><P
>Remove all files matching <TT
@ -1391,14 +1419,14 @@ CLASS="REPLACEABLE"
working directory on the server. </P
></DD
><DT
>rmdir &#60;directory name&#62;</DT
>rmdir &lt;directory name&gt;</DT
><DD
><P
>Remove the specified directory (user access
privileges permitting) from the server. </P
></DD
><DT
>setmode &#60;filename&#62; &#60;perm=[+|\-]rsha&#62;</DT
>setmode &lt;filename&gt; &lt;perm=[+|\-]rsha&gt;</DT
><DD
><P
>A version of the DOS attrib command to set
@ -1423,7 +1451,7 @@ CLASS="COMMAND"
</P
></DD
><DT
>tar &#60;c|x&#62;[IXbgNa]</DT
>tar &lt;c|x&gt;[IXbgNa]</DT
><DD
><P
>Performs a tar operation - see the <TT
@ -1439,7 +1467,7 @@ CLASS="PARAMETER"
</P
></DD
><DT
>blocksize &#60;blocksize&#62;</DT
>blocksize &lt;blocksize&gt;</DT
><DD
><P
>Blocksize. Must be followed by a valid (greater
@ -1452,7 +1480,7 @@ CLASS="REPLACEABLE"
>*TBLOCK (usually 512 byte) blocks. </P
></DD
><DT
>tarmode &#60;full|inc|reset|noreset&#62;</DT
>tarmode &lt;full|inc|reset|noreset&gt;</DT
><DD
><P
>Changes tar's behavior with regard to archive
@ -1540,8 +1568,12 @@ CLASS="FILENAME"
> /usr/samba/bin/</TT
> directory, this directory readable
by all, writeable only by root. The client program itself should
be executable by all. The client should <EM
>NOT</EM
be executable by all. The client should <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
> be
setuid or setgid! </P
><P

7
docs/htmldocs/smbcontrol.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbcontrol</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBCONTROL"
>smbcontrol</A
></H1
></A
>smbcontrol</H1
><DIV
CLASS="REFNAMEDIV"
><A

51
docs/htmldocs/smbd.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBD"
>smbd</A
></H1
></A
>smbd</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -36,7 +37,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>smbd</B
> [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-b] [-d &#60;debug level&#62;] [-l &#60;log directory&#62;] [-p &#60;port number&#62;] [-O &#60;socket option&#62;] [-s &#60;configuration file&#62;]</P
> [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-b] [-d &lt;debug level&gt;] [-l &lt;log directory&gt;] [-p &lt;port number&gt;] [-O &lt;socket option&gt;] [-s &lt;configuration file&gt;]</P
></DIV
><DIV
CLASS="REFSECT1"
@ -205,7 +206,7 @@ CLASS="COMMAND"
Samba was built.</P
></DD
><DT
>-d &#60;debug level&#62;</DT
>-d &lt;debug level&gt;</DT
><DD
><P
><TT
@ -246,7 +247,7 @@ CLASS="FILENAME"
> file.</P
></DD
><DT
>-l &#60;log directory&#62;</DT
>-l &lt;log directory&gt;</DT
><DD
><P
>If specified,
@ -272,8 +273,12 @@ TARGET="_top"
CLASS="FILENAME"
> smb.conf(5)</TT
></A
> file. <EM
>Beware:</EM
> file. <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Beware:</I
></SPAN
>
If the directory specified does not exist, <B
CLASS="COMMAND"
@ -286,7 +291,7 @@ CLASS="COMMAND"
compile time.</P
></DD
><DT
>-O &#60;socket options&#62;</DT
>-O &lt;socket options&gt;</DT
><DD
><P
>See the <A
@ -305,7 +310,7 @@ CLASS="FILENAME"
> file for details.</P
></DD
><DT
>-p &#60;port number&#62;</DT
>-p &lt;port number&gt;</DT
><DD
><P
><TT
@ -336,7 +341,7 @@ CLASS="REPLACEABLE"
in the above situation.</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
>-s &lt;configuration file&gt;</DT
><DD
><P
>The file specified contains the
@ -544,8 +549,12 @@ TARGET="_top"
><UL
><LI
><P
><EM
>Account Validation</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Account Validation</I
></SPAN
>: All acccesses to a
samba server are checked
against PAM to see if the account is vaild, not disabled and is permitted to
@ -554,8 +563,12 @@ TARGET="_top"
></LI
><LI
><P
><EM
>Session Management</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Session Management</I
></SPAN
>: When not using share
level secuirty, users must pass PAM's session checks before access
is granted. Note however, that this is bypassed in share level secuirty.
@ -624,8 +637,12 @@ CLASS="COMMAND"
that <B
CLASS="COMMAND"
>SIGKILL (-9)</B
> <EM
>NOT</EM
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
>
be used, except as a last resort, as this may leave the shared
memory area in an inconsistent state. The safe way to terminate

91
docs/htmldocs/smbgroupedit.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbgroupedit</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBGROUPEDIT"
>smbgroupedit</A
></H1
></A
>smbgroupedit</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -36,7 +37,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>smbroupedit</B
> [-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p prividge|]</P
> [-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p privilege|]]</P
></DIV
><DIV
CLASS="REFSECT1"
@ -88,12 +89,6 @@ CLASS="VARIABLELIST"
><P
>give a long listing, of the format:</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>"NT Group Name"
@ -102,19 +97,10 @@ CLASS="PROGRAMLISTING"
Group type :
Comment :
Privilege :</PRE
></TD
></TR
></TABLE
></P
><P
>For examples,</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>Users
@ -123,9 +109,6 @@ CLASS="PROGRAMLISTING"
Group type: Local group
Comment :
Privilege : No privilege</PRE
></TD
></TR
></TABLE
></P
></DD
><DT
@ -134,34 +117,16 @@ CLASS="PROGRAMLISTING"
><P
>display a short listing of the format:</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>NTGroupName(SID) -&#62; UnixGroupName</PRE
></TD
></TR
></TABLE
></P
><P
>For example,</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>Users (S-1-5-32-545) -&#62; -1</PRE
></TD
></TR
></TABLE
></P
></DD
></DL
@ -246,12 +211,6 @@ TYPE="a"
>Get the SID for the Windows NT "Domain Admins"
group:</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
><TT
@ -262,9 +221,6 @@ CLASS="COMMAND"
>smbgroupedit -vs | grep "Domain Admins"</B
>
Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; -1</PRE
></TD
></TR
></TABLE
></P
></LI
><LI
@ -273,12 +229,6 @@ Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; -1</PRE
"Domain Admins" group, by running the command:
</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
><TT
@ -290,13 +240,14 @@ CLASS="COMMAND"
-c S-1-5-21-1108995562-3116817432-1375597819-512 \
-u domadm</B
></PRE
></TD
></TR
></TABLE
></P
><P
> <EM
>warning:</EM
> <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>warning:</I
></SPAN
> don't copy and paste this sample, the
Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
</P
@ -305,14 +256,8 @@ CLASS="COMMAND"
></LI
></OL
><P
>To verify that you mapping has taken effect:</P
>To verify that your mapping has taken effect:</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
><TT
@ -323,21 +268,12 @@ CLASS="COMMAND"
>smbgroupedit -vs|grep "Domain Admins"</B
>
Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; domadm</PRE
></TD
></TR
></TABLE
></P
><P
>To give access to a certain directory on a domain member machine (an
NT/W2K or a samba server running winbind) to some users who are member
of a group on your samba PDC, flag that group as a domain group:</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
><TT
@ -347,9 +283,6 @@ CLASS="PROMPT"
CLASS="COMMAND"
>smbgroupedit -a unixgroup -td</B
></PRE
></TD
></TR
></TABLE
></P
></DIV
><DIV

9
docs/htmldocs/smbmnt.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbmnt</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBMNT"
>smbmnt</A
></H1
></A
>smbmnt</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -36,7 +37,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>smbmnt</B
> {mount-point} [-s &#60;share&#62;] [-r] [-u &#60;uid&#62;] [-g &#60;gid&#62;] [-f &#60;mask&#62;] [-d &#60;mask&#62;] [-o &#60;options&#62;]</P
> {mount-point} [-s &lt;share&gt;] [-r] [-u &lt;uid&gt;] [-g &lt;gid&gt;] [-f &lt;mask&gt;] [-d &lt;mask&gt;] [-o &lt;options&gt;]</P
></DIV
><DIV
CLASS="REFSECT1"

66
docs/htmldocs/smbmount.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbmount</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBMOUNT"
>smbmount</A
></H1
></A
>smbmount</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -85,8 +86,12 @@ CLASS="COMMAND"
>smbmount</B
> process may also be called mount.smbfs.</P
><P
><EM
>NOTE:</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE:</I
></SPAN
> <B
CLASS="COMMAND"
>smbmount</B
@ -114,7 +119,7 @@ NAME="AEN31"
CLASS="VARIABLELIST"
><DL
><DT
>username=&#60;arg&#62;</DT
>username=&lt;arg&gt;</DT
><DD
><P
>specifies the username to connect as. If
@ -127,7 +132,7 @@ CLASS="ENVAR"
to be specified as part of the username.</P
></DD
><DT
>password=&#60;arg&#62;</DT
>password=&lt;arg&gt;</DT
><DD
><P
>specifies the SMB password. If this
@ -143,7 +148,7 @@ CLASS="COMMAND"
for a passeword, unless the guest option is
given. </P
><P
> Note that password which contain the arguement delimiter
> Note that passwords which contain the argument delimiter
character (i.e. a comma ',') will failed to be parsed correctly
on the command line. However, the same password defined
in the PASSWD environment variable or a credentials file (see
@ -151,26 +156,17 @@ CLASS="COMMAND"
</P
></DD
><DT
>credentials=&#60;filename&#62;</DT
>credentials=&lt;filename&gt;</DT
><DD
><P
>specifies a file that contains a username
and/or password. The format of the file is:</P
><P
> <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
> <PRE
CLASS="PROGRAMLISTING"
> username = &#60;value&#62;
password = &#60;value&#62;
> username = &lt;value&gt;
password = &lt;value&gt;
</PRE
></TD
></TR
></TABLE
>
</P
><P
@ -183,14 +179,14 @@ CLASS="FILENAME"
</P
></DD
><DT
>netbiosname=&#60;arg&#62;</DT
>netbiosname=&lt;arg&gt;</DT
><DD
><P
>sets the source NetBIOS name. It defaults
to the local hostname. </P
></DD
><DT
>uid=&#60;arg&#62;</DT
>uid=&lt;arg&gt;</DT
><DD
><P
>sets the uid that will own all files on
@ -199,7 +195,7 @@ CLASS="FILENAME"
</P
></DD
><DT
>gid=&#60;arg&#62;</DT
>gid=&lt;arg&gt;</DT
><DD
><P
>sets the gid that will own all files on
@ -208,14 +204,14 @@ CLASS="FILENAME"
gid. </P
></DD
><DT
>port=&#60;arg&#62;</DT
>port=&lt;arg&gt;</DT
><DD
><P
>sets the remote SMB port number. The default
is 139. </P
></DD
><DT
>fmask=&#60;arg&#62;</DT
>fmask=&lt;arg&gt;</DT
><DD
><P
>sets the file mask. This determines the
@ -223,7 +219,7 @@ CLASS="FILENAME"
The default is based on the current umask. </P
></DD
><DT
>dmask=&#60;arg&#62;</DT
>dmask=&lt;arg&gt;</DT
><DD
><P
>sets the directory mask. This determines the
@ -231,7 +227,7 @@ CLASS="FILENAME"
The default is based on the current umask. </P
></DD
><DT
>debug=&#60;arg&#62;</DT
>debug=&lt;arg&gt;</DT
><DD
><P
>sets the debug level. This is useful for
@ -240,20 +236,20 @@ CLASS="FILENAME"
output, possibly hiding the useful output.</P
></DD
><DT
>ip=&#60;arg&#62;</DT
>ip=&lt;arg&gt;</DT
><DD
><P
>sets the destination host or IP address.
</P
></DD
><DT
>workgroup=&#60;arg&#62;</DT
>workgroup=&lt;arg&gt;</DT
><DD
><P
>sets the workgroup on the destination </P
></DD
><DT
>sockopt=&#60;arg&#62;</DT
>sockopt=&lt;arg&gt;</DT
><DD
><P
>sets the TCP socket options. See the <A
@ -273,7 +269,7 @@ CLASS="PARAMETER"
</P
></DD
><DT
>scope=&#60;arg&#62;</DT
>scope=&lt;arg&gt;</DT
><DD
><P
>sets the NetBIOS scope </P
@ -297,7 +293,7 @@ CLASS="PARAMETER"
>mount read-write </P
></DD
><DT
>iocharset=&#60;arg&#62;</DT
>iocharset=&lt;arg&gt;</DT
><DD
><P
> sets the charset used by the Linux side for codepage
@ -307,7 +303,7 @@ CLASS="PARAMETER"
</P
></DD
><DT
>codepage=&#60;arg&#62;</DT
>codepage=&lt;arg&gt;</DT
><DD
><P
> sets the codepage the server uses. See the iocharset
@ -316,10 +312,10 @@ CLASS="PARAMETER"
</P
></DD
><DT
>ttl=&#60;arg&#62;</DT
>ttl=&lt;arg&gt;</DT
><DD
><P
> how long a directory listing is cached in milliseconds
> sets how long a directory listing is cached in milliseconds
(also affects visibility of file size and date
changes). A higher value means that changes on the
server take longer to be noticed but it can give

87
docs/htmldocs/smbpasswd.5.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbpasswd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBPASSWD"
>smbpasswd</A
></H1
></A
>smbpasswd</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -118,17 +119,29 @@ CLASS="CONSTANT"
> and the user will not be able to
log onto the Samba server. </P
><P
><EM
>WARNING !!</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>WARNING !!</I
></SPAN
> Note that, due to
the challenge-response nature of the SMB/CIFS authentication
protocol, anyone with a knowledge of this password hash will
be able to impersonate the user on the network. For this
reason these hashes are known as <EM
reason these hashes are known as <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>plain text
equivalents</EM
> and must <EM
>NOT</EM
equivalents</I
></SPAN
> and must <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
> be made
available to anyone but the root user. To protect these passwords
the smbpasswd file is placed in a directory with read and
@ -153,17 +166,29 @@ CLASS="CONSTANT"
password this entry will be identical (i.e. the password is
not "salted" as the UNIX password is). </P
><P
><EM
>WARNING !!</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>WARNING !!</I
></SPAN
>. Note that, due to
the challenge-response nature of the SMB/CIFS authentication
protocol, anyone with a knowledge of this password hash will
be able to impersonate the user on the network. For this
reason these hashes are known as <EM
reason these hashes are known as <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>plain text
equivalents</EM
> and must <EM
>NOT</EM
equivalents</I
></SPAN
> and must <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
> be made
available to anyone but the root user. To protect these passwords
the smbpasswd file is placed in a directory with read and
@ -186,8 +211,12 @@ CLASS="CONSTANT"
><UL
><LI
><P
><EM
>U</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>U</I
></SPAN
> - This means
this is a "User" account, i.e. an ordinary user. Only User
and Workstation Trust accounts are currently supported
@ -195,8 +224,12 @@ CLASS="CONSTANT"
></LI
><LI
><P
><EM
>N</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>N</I
></SPAN
> - This means the
account has no password (the passwords in the fields LANMAN
Password Hash and NT Password Hash are ignored). Note that this
@ -217,16 +250,24 @@ CLASS="FILENAME"
></LI
><LI
><P
><EM
>D</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>D</I
></SPAN
> - This means the account
is disabled and no SMB/CIFS logins will be allowed for
this user. </P
></LI
><LI
><P
><EM
>W</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>W</I
></SPAN
> - This means this account
is a "Workstation Trust" account. This kind of account is used
in the Samba PDC code stream to allow Windows NT Workstations

69
docs/htmldocs/smbpasswd.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbpasswd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBPASSWD"
>smbpasswd</A
></H1
></A
>smbpasswd</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -36,12 +37,12 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>smbpasswd</B
> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &#60;remote machine&#62;] [-R &#60;name resolve order&#62;] [-m] [-j DOMAIN] [-U username[%password]] [-h] [-s] [-w pass] [username]</P
> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &lt;remote machine&gt;] [-R &lt;name resolve order&gt;] [-m] [-U username[%password]] [-h] [-s] [-w pass] [username]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN26"
NAME="AEN25"
></A
><H2
>DESCRIPTION</H2
@ -53,8 +54,12 @@ TARGET="_top"
> suite.</P
><P
>The smbpasswd program has several different
functions, depending on whether it is run by the <EM
>root</EM
functions, depending on whether it is run by the <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>root</I
></SPAN
>
user or not. When run as a normal user it allows the user to change
the password used for their SMB sessions on any machines that store
@ -70,8 +75,12 @@ CLASS="COMMAND"
CLASS="COMMAND"
>smbpasswd</B
> differs from how the passwd program works
however in that it is not <EM
>setuid root</EM
however in that it is not <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>setuid root</I
></SPAN
> but works in
a client-server mode and communicates with a locally running
<B
@ -85,13 +94,13 @@ CLASS="FILENAME"
>smbpasswd(5)</TT
> file. </P
><P
>When run by an ordinary user with no options. smbpasswd
>When run by an ordinary user with no options, smbpasswd
will prompt them for their old SMB password and then ask them
for their new password twice, to ensure that the new password
was typed correctly. No passwords will be echoed on the screen
whilst being typed. If you have a blank SMB password (specified by
the string "NO PASSWORD" in the smbpasswd file) then just press
the &#60;Enter&#62; key when asked for your old password. </P
the &lt;Enter&gt; key when asked for your old password. </P
><P
>smbpasswd can also be used by a normal user to change their
SMB password on remote machines, such as Windows NT Primary Domain
@ -110,7 +119,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN42"
NAME="AEN41"
></A
><H2
>OPTIONS</H2
@ -125,7 +134,7 @@ CLASS="VARIABLELIST"
><P
>This option specifies that the username
following should be added to the local smbpasswd file, with the
new password typed (type &#60;Enter&#62; for the old password). This
new password typed (type &lt;Enter&gt; for the old password). This
option is ignored if the username following already exists in
the smbpasswd file and it is treated like a regular change
password command. Note that the default passdb backends require
@ -294,8 +303,12 @@ CLASS="PARAMETER"
copy of the user account database and will not allow the password
change).</P
><P
><EM
>Note</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Note</I
></SPAN
> that Windows 95/98 do not have
a real password database so it is not possible to change passwords
specifying a Win95/98 machine as remote machine target. </P
@ -308,8 +321,8 @@ CLASS="PARAMETER"
what name resolution services to use when looking up the NetBIOS
name of the host being connected to. </P
><P
>The options are :"lmhosts", "host", "wins" and "bcast". They cause
names to be resolved as follows : </P
>The options are :"lmhosts", "host", "wins" and "bcast". They
cause names to be resolved as follows : </P
><P
></P
><UL
@ -448,8 +461,8 @@ CLASS="COMMAND"
>-w password</DT
><DD
><P
>This parameter is only available is Samba
has been configured to use the experiemental
>This parameter is only available if Samba
has been configured to use the experimental
<B
CLASS="COMMAND"
>--with-ldapsam</B
@ -481,7 +494,7 @@ CLASS="PARAMETER"
>ldap
admin dn</I
></TT
> ever changes, the password will beed to be
> ever changes, the password will need to be
manually updated as well.
</P
></DD
@ -490,8 +503,12 @@ CLASS="PARAMETER"
><DD
><P
>This specifies the username for all of the
<EM
>root only</EM
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>root only</I
></SPAN
> options to operate on. Only root
can specify this parameter as only root has the permission needed
to modify attributes directly in the local smbpasswd file.
@ -503,7 +520,7 @@ CLASS="PARAMETER"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN163"
NAME="AEN162"
></A
><H2
>NOTES</H2
@ -546,7 +563,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN173"
NAME="AEN172"
></A
><H2
>VERSION</H2
@ -557,7 +574,7 @@ NAME="AEN173"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN176"
NAME="AEN175"
></A
><H2
>SEE ALSO</H2
@ -580,7 +597,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN182"
NAME="AEN181"
></A
><H2
>AUTHOR</H2

32
docs/htmldocs/smbsh.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbsh</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBSH"
>smbsh</A
></H1
></A
>smbsh</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -37,7 +38,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>smbsh</B
> [-W workgroup] [-U username] [-P prefix] [-R &#60;name resolve order&#62;] [-d &#60;debug level&#62;] [-l logfile] [-L libdir]</P
> [-W workgroup] [-U username] [-P prefix] [-R &lt;name resolve order&gt;] [-d &lt;debug level&gt;] [-l logfile] [-L libdir]</P
></DIV
><DIV
CLASS="REFSECT1"
@ -114,13 +115,17 @@ CLASS="FILENAME"
>This option allows
the user to set the directory prefix for SMB access. The
default value if this option is not specified is
<EM
>smb</EM
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>smb</I
></SPAN
>.
</P
></DD
><DT
>-R &#60;name resolve order&#62;</DT
>-R &lt;name resolve order&gt;</DT
><DD
><P
>This option is used to determine what naming
@ -231,7 +236,7 @@ CLASS="FILENAME"
order. </P
></DD
><DT
>-d &#60;debug level&#62;</DT
>-d &lt;debug level&gt;</DT
><DD
><P
>debug level is an integer from 0 to 10.</P
@ -300,12 +305,6 @@ CLASS="COMMAND"
that authenticates you to the machine running the Windows NT
operating system.</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
> <TT
@ -336,9 +335,6 @@ CLASS="USERINPUT"
></TT
>
</PRE
></TD
></TR
></TABLE
></P
><P
>Any dynamically linked command you execute from
@ -358,7 +354,7 @@ CLASS="COMMAND"
the workgroup MYGROUP. The command
<B
CLASS="COMMAND"
>ls /smb/MYGROUP/&#60;machine-name&#62;</B
>ls /smb/MYGROUP/&lt;machine-name&gt;</B
> will show the share
names for that machine. You could then, for example, use the <B
CLASS="COMMAND"

21
docs/htmldocs/smbspool.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbspool</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBSPOOL"
>smbspool</A
></H1
></A
>smbspool</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -24,7 +25,7 @@ NAME="AEN5"
></A
><H2
>Name</H2
>smbspool&nbsp;--&nbsp;send print file to an SMB printer</DIV
>smbspool&nbsp;--&nbsp;send a print file to an SMB printer</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
@ -58,8 +59,12 @@ TARGET="_top"
Printing System, but you can use smbspool with any printing system
or from a program or script.</P
><P
><EM
>DEVICE URI</EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>DEVICE URI</I
></SPAN
></P
><P
>smbspool specifies the destination using a Uniform Resource
@ -136,13 +141,13 @@ NAME="AEN39"
><P
>The copies argument (argv[4]) contains
the number of copies to be printed of the named file. If
no filename is provided than this argument is not used by
no filename is provided then this argument is not used by
smbspool.</P
></LI
><LI
><P
>The options argument (argv[5]) contains
the print options in a single string and is presently
the print options in a single string and is currently
not used by smbspool.</P
></LI
><LI

50
docs/htmldocs/smbstatus.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbstatus</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBSTATUS"
>smbstatus</A
></H1
></A
>smbstatus</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -36,12 +37,12 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>smbstatus</B
> [-P] [-b] [-d] [-L] [-p] [-S] [-s &#60;configuration file&#62;] [-u &#60;username&#62;]</P
> [-P] [-b] [-d &lt;debug level&gt;] [-v] [-L] [-B] [-p] [-S] [-s &lt;configuration file&gt;] [-u &lt;username&gt;]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN19"
NAME="AEN21"
></A
><H2
>DESCRIPTION</H2
@ -61,7 +62,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN25"
NAME="AEN27"
></A
><H2
>OPTIONS</H2
@ -71,7 +72,7 @@ NAME="AEN25"
CLASS="VARIABLELIST"
><DL
><DT
>-P</DT
>-P|--profile</DT
><DD
><P
>If samba has been compiled with the
@ -79,25 +80,38 @@ CLASS="VARIABLELIST"
shared memory area.</P
></DD
><DT
>-b</DT
>-b|--brief</DT
><DD
><P
>gives brief output.</P
></DD
><DT
>-d</DT
>-d|--debug=&lt;debuglevel&gt;</DT
><DD
><P
>sets debugging to specified level</P
></DD
><DT
>-v|--verbose</DT
><DD
><P
>gives verbose output.</P
></DD
><DT
>-L</DT
>-L|--locks</DT
><DD
><P
>causes smbstatus to only list locks.</P
></DD
><DT
>-p</DT
>-B|--byterange</DT
><DD
><P
>causes smbstatus to include byte range locks.
</P
></DD
><DT
>-p|--processes</DT
><DD
><P
>print a list of <A
@ -111,13 +125,13 @@ CLASS="COMMAND"
Useful for scripting.</P
></DD
><DT
>-S</DT
>-S|--shares</DT
><DD
><P
>causes smbstatus to only list shares.</P
></DD
><DT
>-s &#60;configuration file&#62;</DT
>-s|--conf=&lt;configuration file&gt;</DT
><DD
><P
>The default configuration file name is
@ -133,7 +147,7 @@ CLASS="FILENAME"
> for more information.</P
></DD
><DT
>-u &#60;username&#62;</DT
>-u|--user=&lt;username&gt;</DT
><DD
><P
>selects information relevant to
@ -150,18 +164,18 @@ CLASS="PARAMETER"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN65"
NAME="AEN75"
></A
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN68"
NAME="AEN78"
></A
><H2
>SEE ALSO</H2
@ -183,7 +197,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN74"
NAME="AEN84"
></A
><H2
>AUTHOR</H2

21
docs/htmldocs/smbtar.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbtar</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBTAR"
>smbtar</A
></H1
></A
>smbtar</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -230,7 +231,7 @@ NAME="AEN99"
CLASS="COMMAND"
>smbtar</B
> script has different
options from ordinary tar and tar called from smbclient. </P
options from ordinary tar and from smbclient's tar command. </P
></DIV
><DIV
CLASS="REFSECT1"
@ -242,7 +243,7 @@ NAME="AEN103"
><P
>Sites that are more careful about security may not like
the way the script handles PC passwords. Backup and restore work
on entire shares, should work on file lists. smbtar works best
on entire shares; should work on file lists. smbtar works best
with GNU tar and may not work well with other versions. </P
></DIV
><DIV
@ -253,8 +254,12 @@ NAME="AEN106"
><H2
>DIAGNOSTICS</H2
><P
>See the <EM
>DIAGNOSTICS</EM
>See the <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>DIAGNOSTICS</I
></SPAN
> section for the
<A
HREF="smbclient.1.html"
@ -274,7 +279,7 @@ NAME="AEN112"
><H2
>VERSION</H2
><P
>This man page is correct for version 2.2 of
>This man page is correct for version 3.0 of
the Samba suite.</P
></DIV
><DIV

7
docs/htmldocs/smbumount.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbumount</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SMBUMOUNT"
>smbumount</A
></H1
></A
>smbumount</H1
><DIV
CLASS="REFNAMEDIV"
><A

21
docs/htmldocs/swat.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>swat</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="SWAT"
>swat</A
></H1
></A
>swat</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -36,7 +37,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>swat</B
> [-s &#60;smb config file&#62;] [-a]</P
> [-s &lt;smb config file&gt;] [-a]</P
></DIV
><DIV
CLASS="REFSECT1"
@ -131,9 +132,13 @@ CLASS="FILENAME"
>smb.conf</TT
> file. </P
><P
><EM
>Do NOT enable this option on a production
server. </EM
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>WARNING: Do NOT enable this option on a production
server. </I
></SPAN
></P
></DD
></DL
@ -345,7 +350,7 @@ CLASS="PARAMETER"
> and <TT
CLASS="PARAMETER"
><I
>copy="
>copy=
</I
></TT
> options. If you have a carefully crafted <TT

43
docs/htmldocs/testparm.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>testparm</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="TESTPARM"
>testparm</A
></H1
></A
>testparm</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -37,12 +38,12 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>testparm</B
> [-s] [-h] [-L &#60;servername&#62;] {config filename} [hostname hostIP]</P
> [-s] [-h] [-v] [-L &lt;servername&gt;] {config filename} [hostname hostIP]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN16"
NAME="AEN17"
></A
><H2
>DESCRIPTION</H2
@ -68,8 +69,12 @@ CLASS="COMMAND"
</B
> will successfully load the configuration file.</P
><P
>Note that this is <EM
>NOT</EM
>Note that this is <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOT</I
></SPAN
> a guarantee that
the services specified in the configuration file will be
available or will operate as expected. </P
@ -95,7 +100,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN31"
NAME="AEN32"
></A
><H2
>OPTIONS</H2
@ -135,6 +140,18 @@ CLASS="REPLACEABLE"
%L macro. </P
></DD
><DT
>-v</DT
><DD
><P
>If this option is specified, testparm
will also output all options that were not used in
<TT
CLASS="FILENAME"
>smb.conf</TT
> and are thus set to
their defaults.</P
></DD
><DT
>configfilename</DT
><DD
><P
@ -192,7 +209,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN66"
NAME="AEN72"
></A
><H2
>FILES</H2
@ -221,7 +238,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN75"
NAME="AEN81"
></A
><H2
>DIAGNOSTICS</H2
@ -235,7 +252,7 @@ NAME="AEN75"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN78"
NAME="AEN84"
></A
><H2
>VERSION</H2
@ -246,7 +263,7 @@ NAME="AEN78"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN81"
NAME="AEN87"
></A
><H2
>SEE ALSO</H2
@ -272,7 +289,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN88"
NAME="AEN94"
></A
><H2
>AUTHOR</H2

11
docs/htmldocs/testprns.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>testprns</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="TESTPRNS"
>testprns</A
></H1
></A
>testprns</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -163,11 +164,11 @@ NAME="AEN48"
>DIAGNOSTICS</H2
><P
>If a printer is found to be valid, the message
"Printer name &#60;printername&#62; is valid" will be
"Printer name &lt;printername&gt; is valid" will be
displayed. </P
><P
>If a printer is found to be invalid, the message
"Printer name &#60;printername&#62; is not valid" will be
"Printer name &lt;printername&gt; is not valid" will be
displayed. </P
><P
>All messages that would normally be logged during

7
docs/htmldocs/wbinfo.1.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>wbinfo</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="WBINFO"
>wbinfo</A
></H1
></A
>wbinfo</H1
><DIV
CLASS="REFNAMEDIV"
><A

123
docs/htmldocs/winbind.html
View File

@ -5,11 +5,10 @@
>Unified Logons between Windows NT and UNIX using Winbind</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="Samba-HOWTO.html"><LINK
HREF="samba-howto-collection.html"><LINK
REL="PREVIOUS"
TITLE="security = domain in Samba 2.x"
HREF="domain-security.html"><LINK
@ -70,13 +69,17 @@ WIDTH="100%"></DIV
CLASS="CHAPTER"
><H1
><A
NAME="WINBIND">Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1
NAME="WINBIND"
></A
>Chapter 10. Unified Logons between Windows NT and UNIX using Winbind</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1394">11.1. Abstract</H1
NAME="AEN1255"
></A
>10.1. Abstract</H1
><P
>Integration of UNIX and Microsoft Windows NT through
a unified logon has been considered a "holy grail" in heterogeneous
@ -101,7 +104,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1398">11.2. Introduction</H1
NAME="AEN1259"
></A
>10.2. Introduction</H1
><P
>It is well known that UNIX and Microsoft Windows NT have
different models for representing user and group information and
@ -153,7 +158,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1411">11.3. What Winbind Provides</H1
NAME="AEN1272"
></A
>10.3. What Winbind Provides</H1
><P
>Winbind unifies UNIX and Windows NT account management by
allowing a UNIX box to become a full member of a NT domain. Once
@ -193,7 +200,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1418">11.3.1. Target Uses</H2
NAME="AEN1279"
></A
>10.3.1. Target Uses</H2
><P
>Winbind is targeted at organizations that have an
existing NT based domain infrastructure into which they wish
@ -215,7 +224,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1422">11.4. How Winbind Works</H1
NAME="AEN1283"
></A
>10.4. How Winbind Works</H1
><P
>The winbind system is designed around a client/server
architecture. A long running <B
@ -233,7 +244,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1427">11.4.1. Microsoft Remote Procedure Calls</H2
NAME="AEN1288"
></A
>10.4.1. Microsoft Remote Procedure Calls</H2
><P
>Over the last two years, efforts have been underway
by various Samba Team members to decode various aspects of
@ -257,7 +270,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1431">11.4.2. Name Service Switch</H2
NAME="AEN1292"
></A
>10.4.2. Name Service Switch</H2
><P
>The Name Service Switch, or NSS, is a feature that is
present in many UNIX operating systems. It allows system
@ -335,7 +350,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1447">11.4.3. Pluggable Authentication Modules</H2
NAME="AEN1308"
></A
>10.4.3. Pluggable Authentication Modules</H2
><P
>Pluggable Authentication Modules, also known as PAM,
is a system for abstracting authentication and authorization
@ -382,7 +399,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1455">11.4.4. User and Group ID Allocation</H2
NAME="AEN1316"
></A
>10.4.4. User and Group ID Allocation</H2
><P
>When a user or group is created under Windows NT
is it allocated a numerical relative identifier (RID). This is
@ -406,7 +425,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1459">11.4.5. Result Caching</H2
NAME="AEN1320"
></A
>10.4.5. Result Caching</H2
><P
>An active system can generate a lot of user and group
name lookups. To reduce the network cost of these lookups winbind
@ -427,7 +448,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1462">11.5. Installation and Configuration</H1
NAME="AEN1323"
></A
>10.5. Installation and Configuration</H1
><P
>Many thanks to John Trostel <A
HREF="mailto:jtrostel@snapserver.com"
@ -452,7 +475,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1469">11.5.1. Introduction</H2
NAME="AEN1330"
></A
>10.5.1. Introduction</H2
><P
>This HOWTO describes the procedures used to get winbind up and
running on my RedHat 7.1 system. Winbind is capable of providing access
@ -509,7 +534,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1482">11.5.2. Requirements</H2
NAME="AEN1343"
></A
>10.5.2. Requirements</H2
><P
>If you have a samba configuration file that you are currently
using... <SPAN
@ -577,7 +604,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1496">11.5.3. Testing Things Out</H2
NAME="AEN1357"
></A
>10.5.3. Testing Things Out</H2
><P
>Before starting, it is probably best to kill off all the SAMBA
related daemons running on your server. Kill off all <B
@ -620,7 +649,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1507">11.5.3.1. Configure and compile SAMBA</H3
NAME="AEN1368"
></A
>10.5.3.1. Configure and compile SAMBA</H3
><P
>The configuration and compilation of SAMBA is pretty straightforward.
The first three steps may not be necessary depending upon
@ -684,7 +715,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1526">11.5.3.2. Configure <TT
NAME="AEN1387"
></A
>10.5.3.2. Configure <TT
CLASS="FILENAME"
>nsswitch.conf</TT
> and the
@ -787,7 +820,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1559">11.5.3.3. Configure smb.conf</H3
NAME="AEN1420"
></A
>10.5.3.3. Configure smb.conf</H3
><P
>Several parameters are needed in the smb.conf file to control
the behavior of <B
@ -860,7 +895,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1575">11.5.3.4. Join the SAMBA server to the PDC domain</H3
NAME="AEN1436"
></A
>10.5.3.4. Join the SAMBA server to the PDC domain</H3
><P
>Enter the following command to make the SAMBA server join the
PDC domain, where <TT
@ -904,7 +941,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1586">11.5.3.5. Start up the winbindd daemon and test it!</H3
NAME="AEN1447"
></A
>10.5.3.5. Start up the winbindd daemon and test it!</H3
><P
>Eventually, you will want to modify your smb startup script to
automatically invoke the winbindd daemon when the other parts of
@ -1025,13 +1064,17 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1622">11.5.3.6. Fix the init.d startup scripts</H3
NAME="AEN1483"
></A
>10.5.3.6. Fix the init.d startup scripts</H3
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN1624">11.5.3.6.1. Linux</H4
NAME="AEN1485"
></A
>10.5.3.6.1. Linux</H4
><P
>The <B
CLASS="COMMAND"
@ -1125,7 +1168,9 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN1641">11.5.3.6.2. Solaris</H4
NAME="AEN1502"
></A
>10.5.3.6.2. Solaris</H4
><P
>On solaris, you need to modify the
<TT
@ -1194,7 +1239,9 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN1648">11.5.3.6.3. Restarting</H4
NAME="AEN1509"
></A
>10.5.3.6.3. Restarting</H4
><P
>If you restart the <B
CLASS="COMMAND"
@ -1216,7 +1263,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1654">11.5.3.7. Configure Winbind and PAM</H3
NAME="AEN1515"
></A
>10.5.3.7. Configure Winbind and PAM</H3
><P
>If you have made it this far, you know that winbindd and samba are working
together. If you want to use winbind to provide authentication for other
@ -1272,7 +1321,9 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN1671">11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
NAME="AEN1532"
></A
>10.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
><P
>The <TT
CLASS="FILENAME"
@ -1399,7 +1450,9 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN1704">11.5.3.7.2. Solaris-specific configuration</H4
NAME="AEN1565"
></A
>10.5.3.7.2. Solaris-specific configuration</H4
><P
>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
users can logon both locally as well as telnet.The following are the changes
@ -1484,7 +1537,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1711">11.6. Limitations</H1
NAME="AEN1572"
></A
>10.6. Limitations</H1
><P
>Winbind has a number of limitations in its current
released version that we hope to overcome in future
@ -1523,7 +1578,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1721">11.7. Conclusion</H1
NAME="AEN1582"
></A
>10.7. Conclusion</H1
><P
>The winbind system, through the use of the Name Service
Switch, Pluggable Authentication Modules, and appropriate
@ -1558,7 +1615,7 @@ WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="Samba-HOWTO.html"
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD

392
docs/htmldocs/winbindd.8.html
View File

@ -1,10 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>winbindd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
@ -15,8 +16,8 @@ ALINK="#0000FF"
><H1
><A
NAME="WINBINDD"
>winbindd</A
></H1
></A
>winbindd</H1
><DIV
CLASS="REFNAMEDIV"
><A
@ -37,7 +38,7 @@ NAME="AEN8"
><B
CLASS="COMMAND"
>winbindd</B
> [-i] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;]</P
> [-i] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;]</P
></DIV
><DIV
CLASS="REFSECT1"
@ -92,13 +93,13 @@ CLASS="PARAMETER"
>account</I
></TT
>
module-types. The latter is simply
module-types. The latter simply
performs a getpwnam() to verify that the system can obtain a uid for the
user. If the <TT
CLASS="FILENAME"
>libnss_winbind</TT
> library has been correctly
installed, this should always suceed.
installed, this should always succeed.
</P
><P
>The following nsswitch databases are implemented by
@ -170,20 +171,11 @@ CLASS="FILENAME"
> and then from the
Windows NT server. </P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>passwd: files winbind
group: files winbind
</PRE
></TD
></TR
></TABLE
></P
><P
>The following simple configuration in the
@ -287,279 +279,130 @@ CLASS="FILENAME"
[global] section of smb.conf. </P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>winbind separator</DT
><DD
><UL
><LI
><P
>The winbind separator option allows you
to specify how NT domain names and user names are combined
into unix user names when presented to users. By default,
<B
CLASS="COMMAND"
>winbindd</B
> will use the traditional '\'
separator so that the unix user names look like
DOMAIN\username. In some cases this separator character may
cause problems as the '\' character has special meaning in
unix shells. In that case you can use the winbind separator
option to specify an alternative separator character. Good
alternatives may be '/' (although that conflicts
with the unix directory separator) or a '+ 'character.
The '+' character appears to be the best choice for 100%
compatibility with existing unix utilities, but may be an
aesthetically bad choice depending on your taste. </P
><P
>Default: <B
CLASS="COMMAND"
>winbind separator = \ </B
>
</P
><P
>Example: <B
CLASS="COMMAND"
>winbind separator = + </B
></P
></DD
><DT
>winbind uid</DT
><DD
><P
>The winbind uid parameter specifies the
range of user ids that are allocated by the winbindd daemon.
This range of ids should have no existing local or NIS users
within it as strange conflicts can occur otherwise. </P
><P
>Default: <B
CLASS="COMMAND"
>winbind uid = &#60;empty string&#62;
</B
></P
><P
>Example: <B
CLASS="COMMAND"
>winbind uid = 10000-20000</B
></P
></DD
><DT
>winbind gid</DT
><DD
><P
>The winbind gid parameter specifies the
range of group ids that are allocated by the winbindd daemon.
This range of group ids should have no existing local or NIS
groups within it as strange conflicts can occur otherwise.</P
><P
>Default: <B
CLASS="COMMAND"
>winbind gid = &#60;empty string&#62;
</B
></P
><P
>Example: <B
CLASS="COMMAND"
>winbind gid = 10000-20000
</B
> </P
></DD
><DT
>winbind cache time</DT
><DD
><P
>This parameter specifies the number of
seconds the winbindd daemon will cache user and group information
before querying a Windows NT server again. When a item in the
cache is older than this time winbindd will ask the domain
controller for the sequence number of the server's account database.
If the sequence number has not changed then the cached item is
marked as valid for a further <TT
><A
HREF="smb.conf.5.html#WINBINDSEPARATOR"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>winbind cache time
</I
>winbind separator</I
></TT
> seconds. Otherwise the item is fetched from the
server. This means that as long as the account database is not
actively changing winbindd will only have to send one sequence
number query packet every <TT
></A
></P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#WINBINDUID"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>winbind cache time
</I
>winbind uid</I
></TT
> seconds. </P
></A
></P
></LI
><LI
><P
>Default: <B
CLASS="COMMAND"
>winbind cache time = 15</B
>
</P
></DD
><DT
>winbind enum users</DT
><DD
><A
HREF="smb.conf.5.html#WINBINDGID"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>winbind gid</I
></TT
></A
></P
></LI
><LI
><P
>On large installations it may be necessary
to suppress the enumeration of users through the <B
CLASS="COMMAND"
> setpwent()</B
>, <B
CLASS="COMMAND"
>getpwent()</B
> and
<B
CLASS="COMMAND"
>endpwent()</B
> group of system calls. If
the <TT
><A
HREF="smb.conf.5.html#WINBINDCACHETIME"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>winbind cache time</I
></TT
></A
></P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#WINBINDENUMUSERS"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>winbind enum users</I
></TT
> parameter is false,
calls to the <B
CLASS="COMMAND"
>getpwent</B
> system call will not
return any data. </P
><P
><EM
>Warning:</EM
> Turning off user enumeration
may cause some programs to behave oddly. For example, the <B
CLASS="COMMAND"
>finger</B
>
program relies on having access to the full user list when
searching for matching usernames. </P
><P
>Default: <B
CLASS="COMMAND"
>winbind enum users = yes </B
></A
></P
></DD
><DT
>winbind enum groups</DT
><DD
></LI
><LI
><P
>On large installations it may be necessary
to suppress the enumeration of groups through the <B
CLASS="COMMAND"
> setgrent()</B
>, <B
CLASS="COMMAND"
>getgrent()</B
> and
<B
CLASS="COMMAND"
>endgrent()</B
> group of system calls. If
the <TT
><A
HREF="smb.conf.5.html#WINBINDENUMGROUPS"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>winbind enum groups</I
></TT
> parameter is
false, calls to the <B
CLASS="COMMAND"
>getgrent()</B
> system
call will not return any data. </P
></A
></P
></LI
><LI
><P
><EM
>Warning:</EM
> Turning off group
enumeration may cause some programs to behave oddly.
</P
><P
>Default: <B
CLASS="COMMAND"
>winbind enum groups = no </B
>
</P
></DD
><DT
>template homedir</DT
><DD
><P
>When filling out the user information
for a Windows NT user, the <B
CLASS="COMMAND"
>winbindd</B
> daemon
uses this parameter to fill in the home directory for that user.
If the string <TT
><A
HREF="smb.conf.5.html#TEMPLATEHOMEDIR"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>%D</I
>template homedir</I
></TT
> is present it is
substituted with the user's Windows NT domain name. If the
string <TT
></A
></P
></LI
><LI
><P
><A
HREF="smb.conf.5.html#TEMPLATESHELL"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>%U</I
>template shell</I
></TT
> is present it is substituted
with the user's Windows NT user name. </P
><P
>Default: <B
CLASS="COMMAND"
>template homedir = /home/%D/%U </B
>
</P
></DD
><DT
>template shell</DT
><DD
><P
>When filling out the user information for
a Windows NT user, the <B
CLASS="COMMAND"
>winbindd</B
> daemon
uses this parameter to fill in the shell for that user.
</P
><P
>Default: <B
CLASS="COMMAND"
>template shell = /bin/false </B
>
</P
></DD
><DT
>winbind use default domain</DT
><DD
><P
>This parameter specifies whether the <B
CLASS="COMMAND"
>winbindd</B
>
daemon should operate on users without domain component in their username.
Users without a domain component are treated as is part of the winbindd server's
own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail
function in a way much closer to the way they would in a native unix system.</P
><P
>Default: <B
CLASS="COMMAND"
>winbind use default domain = &#60;falseg&#62;
</B
></A
></P
></LI
><LI
><P
>Example: <B
CLASS="COMMAND"
>winbind use default domain = true</B
><A
HREF="smb.conf.5.html#WINBINDUSEDEFAULTDOMAIN"
TARGET="_top"
> <TT
CLASS="PARAMETER"
><I
>winbind use default domain</I
></TT
></A
></P
></DD
></DL
></DIV
></LI
></UL
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN167"
NAME="AEN118"
></A
><H2
>EXAMPLE SETUP</H2
@ -574,20 +417,11 @@ CLASS="FILENAME"
> put the
following:</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>passwd: files winbind
group: files winbind
</PRE
></TD
></TR
></TABLE
></P
><P
>In <TT
@ -601,12 +435,6 @@ CLASS="PARAMETER"
></TT
> lines with something like this: </P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>auth required /lib/security/pam_securetty.so
@ -614,9 +442,6 @@ auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
</PRE
></TD
></TR
></TABLE
></P
><P
>Note in particular the use of the <TT
@ -697,12 +522,6 @@ CLASS="FILENAME"
> containing directives like the
following: </P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="PROGRAMLISTING"
>[global]
@ -716,9 +535,6 @@ CLASS="PROGRAMLISTING"
security = domain
password server = *
</PRE
></TD
></TR
></TABLE
></P
><P
>Now start winbindd and you should find that your user and
@ -737,7 +553,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN206"
NAME="AEN157"
></A
><H2
>NOTES</H2
@ -795,7 +611,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN222"
NAME="AEN173"
></A
><H2
>SIGNALS</H2
@ -846,7 +662,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN239"
NAME="AEN190"
></A
><H2
>FILES</H2
@ -922,7 +738,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN268"
NAME="AEN219"
></A
><H2
>VERSION</H2
@ -933,7 +749,7 @@ NAME="AEN268"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN271"
NAME="AEN222"
></A
><H2
>SEE ALSO</H2
@ -961,7 +777,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN278"
NAME="AEN229"
></A
><H2
>AUTHOR</H2

140
docs/manpages/make_smbcodepage.1
View File

@ -1,140 +0,0 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "MAKE_SMBCODEPAGE" "1" "01 October 2002" "" ""
.SH NAME
make_smbcodepage \- construct a codepage file for Samba
.SH SYNOPSIS
\fBmake_smbcodepage\fR \fBc|d\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
.PP
\fBmake_smbcodepage\fR compiles or de-compiles
codepage files for use with the internationalization features
of Samba 2.2
.SH "OPTIONS"
.TP
\fBc|d\fR
This tells \fBmake_smbcodepage\fR
if it is compiling (\fIc\fR) a text format code
page file to binary, or (\fId\fR) de-compiling
a binary codepage file to text.
.TP
\fBcodepage\fR
This is the codepage we are processing (a
number, e.g. 850).
.TP
\fBinputfile\fR
This is the input file to process. In
the \fIc\fR case, this will be a text
codepage definition file such as the ones found in the Samba
\fIsource/codepages\fR directory. In
the \fId\fR case, this will be the
binary format codepage definition file normally found in
the \fIlib/codepages\fR directory in the
Samba install directory path.
.TP
\fBoutputfile\fR
This is the output file to produce.
.SH "SAMBA CODEPAGE FILES"
.PP
A text Samba codepage definition file is a description
that tells Samba how to map from upper to lower case for
characters greater than ascii 127 in the specified DOS code page.
Note that for certain DOS codepages (437 for example) mapping
from lower to upper case may be non-symmetrical. For example, in
code page 437 lower case a acute maps to a plain upper case A
when going from lower to upper case, but plain upper case A maps
to plain lower case a when lower casing a character.
.PP
A binary Samba codepage definition file is a binary
representation of the same information, including a value that
specifies what codepage this file is describing.
.PP
As Samba does not yet use UNICODE (current for Samba version 2.2)
you must specify the client code page that your DOS and Windows
clients are using if you wish to have case insensitivity done
correctly for your particular language. The default codepage Samba
uses is 850 (Western European). Text codepage definition sample files
are provided in the Samba distribution for codepages 437 (USA), 737 (Greek),
850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic),
932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional
Chinese). Users are encouraged to write text codepage definition files for
their own code pages and donate them to samba@samba.org. All codepage files
in the Samba \fIsource/codepages\fR directory are
compiled and installed when a \fB'make install'\fR
command is issued there.
.PP
The client codepage used by the \fBsmbd\fR server
is configured using the \fBclient code page\fR parameter
in the \fBsmb.conf\fR file.
.SH "FILES"
.PP
\fBcodepage_def.<codepage>\fR
.PP
These are the input (text) codepage files provided in the
Samba \fIsource/codepages\fR directory.
.PP
A text codepage definition file consists of multiple lines
containing four fields. These fields are:
.TP 0.2i
\(bu
\fBlower\fR: which is the
(hex) lower case character mapped on this line.
.TP 0.2i
\(bu
\fBupper\fR: which is the (hex)
upper case character that the lower case character will map to.
.TP 0.2i
\(bu
\fBmap upper to lower\fR which
is a boolean value (put either True or False here) which tells
Samba if it is to map the given upper case character to the
given lower case character when lower casing a filename.
.TP 0.2i
\(bu
\fBmap lower to upper\fR which
is a boolean value (put either True or False here) which tells
Samba if it is to map the given lower case character to the
given upper case character when upper casing a filename.
.PP
\fBcodepage.<codepage>\fR - These are the
output (binary) codepage files produced and placed in the Samba
destination \fIlib/codepage\fR directory.
.SH "INSTALLATION"
.PP
The location of the server and its support files is a
matter for individual system administrators. The following are
thus suggestions only.
.PP
It is recommended that the \fBmake_smbcodepage
\fR program be installed under the \fI/usr/local/samba
\fR hierarchy, in a directory readable by all, writeable
only by root. The program itself should be executable by all. The
program should NOT be setuid or setgid!
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
.SH "SEE ALSO"
.PP
\fBsmbd(8)\fR
smb.conf(5)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter

99
docs/manpages/make_unicodemap.1
View File

@ -1,99 +0,0 @@
.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "MAKE_UNICODEMAP" "1" "01 October 2002" "" ""
.SH NAME
make_unicodemap \- construct a unicode map file for Samba
.SH SYNOPSIS
\fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR
.SH "DESCRIPTION"
.PP
This tool is part of the Samba
suite.
.PP
\fBmake_unicodemap\fR compiles text unicode map
files into binary unicode map files for use with the
internationalization features of Samba 2.2.
.SH "OPTIONS"
.TP
\fBcodepage\fR
This is the codepage or UNIX character
set we are processing (a number, e.g. 850).
.TP
\fBinputfile\fR
This is the input file to process. This is a
text unicode map file such as the ones found in the Samba
\fIsource/codepages\fR directory.
.TP
\fBoutputfile\fR
This is the binary output file to produce.
.SH "SAMBA UNICODE MAP FILES"
.PP
A text Samba unicode map file is a description that tells Samba
how to map characters from a specified DOS code page or UNIX character
set to 16 bit unicode.
.PP
A binary Samba unicode map file is a binary representation
of the same information, including a value that specifies what
codepage or UNIX character set this file is describing.
.SH "FILES"
.PP
\fICP<codepage>.TXT\fR
.PP
These are the input (text) unicode map files provided
in the Samba \fIsource/codepages\fR
directory.
.PP
A text unicode map file consists of multiple lines
containing two fields. These fields are :
.TP 0.2i
\(bu
\fIcharacter\fR - which is
the (hex) character mapped on this line.
.TP 0.2i
\(bu
\fIunicode\fR - which
is the (hex) 16 bit unicode character that the character
will map to.
.PP
\fIunicode_map.<codepage>\fR - These are
the output (binary) unicode map files produced and placed in
the Samba destination \fIlib/codepage\fR
directory.
.SH "INSTALLATION"
.PP
The location of the server and its support files is a matter
for individual system administrators. The following are thus
suggestions only.
.PP
It is recommended that the \fBmake_unicodemap\fR
program be installed under the
\fI$prefix/samba\fR hierarchy,
in a directory readable by all, writeable only by root. The
program itself should be executable by all. The program
should NOT be setuid or setgid!
.SH "VERSION"
.PP
This man page is correct for version 2.2 of
the Samba suite.
.SH "SEE ALSO"
.PP
\fBsmbd(8)\fR
smb.conf(5)
.SH "AUTHOR"
.PP
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
.PP
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter

124
docs/manpages/net.8
View File

@ -3,20 +3,138 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "NET" "8" "01 October 2002" "" ""
.TH "NET" "8" "03 October 2002" "" ""
.SH NAME
net \- Tool for administration of Samba and remote CIFS servers.
.SH SYNOPSIS
\fBnet\fR \fB<ads|rap|rpc>\fR
\fBnet\fR \fB<ads|rap|rpc>\fR [ \fB-h\fR ] [ \fB-w workgroup\fR ] [ \fB-W myworkgroup\fR ] [ \fB-U user\fR ] [ \fB-I ip-address\fR ] [ \fB-p port\fR ] [ \fB-n myname\fR ] [ \fB-s conffile\fR ] [ \fB-S server\fR ] [ \fB-C comment\fR ] [ \fB-M maxusers\fR ] [ \fB-F flags\fR ] [ \fB-j jobid\fR ] [ \fB-l\fR ] [ \fB-r\fR ] [ \fB-f\fR ] [ \fB-t timeout\fR ] [ \fB-P\fR ] [ \fB-D debuglevel\fR ]
.SH "DESCRIPTION"
.PP
This tool is part of the Samba suite.
.PP
The samba net utility is meant to work just like the net utility
available for windows and DOS.
.SH "OPTIONS"
.TP
\fB-h\fR
Display summary of all available options.
.TP
\fB-w target-workgroup\fR
Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
.TP
\fB-W workgroup\fR
Sets client workgroup or domain
.TP
\fB-U user\fR
User name to use
.TP
\fB-I ip-address\fR
IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
.TP
\fB-p port\fR
Port on the target server to connect to.
.TP
\fB-n myname\fR
Sets name of the client.
.TP
\fB-s conffile\fR
Specify alternative configuration file that should be loaded.
.TP
\fB-S server\fR
Name of target server. You should specify either this option or a target workgroup or a target IP address.
.TP
\fB-C comment\fR
FIXME
.TP
\fB-M maxusers\fR
FIXME
.TP
\fB-F flags\fR
FIXME
.TP
\fB-j jobid\fR
FIXME
.TP
\fB-l\fR
FIXME
.TP
\fB-r\fR
FIXME
.TP
\fB-f\fR
FIXME
.TP
\fB-t timeout\fR
FIXME
.TP
\fB-P\fR
Make queries to the external server using the machine account of the local server.
.TP
\fB-D debuglevel\fR
set the debuglevel. Debug level 0 is the lowest
and 100 being the highest. This should be set to 100 if you are
planning on submitting a bug report to the Samba team (see
\fIBUGS.txt\fR).
.SH "TIME"
.PP
.SH "COMMANDS"
The \fBNET TIME\fR command allows you to view the time on a remote server
or synchronise the time on the local server with the time on the remote server.
.TP
\fB\fR
Without any options, the \fBNET TIME\fR command
displays the time on the remote server.
.TP
\fBSYSTEM\fR
Displays the time on the remote server in a format ready for /bin/date
.TP
\fBSET\fR
Tries to set the date and time of the local server to that on
the remote server using /bin/date.
.TP
\fBZONE\fR
Displays the timezone in hours from GMT on the remote computer.
.SH "RPC"
.PP
The \fBNET RPC\fR command allows you to do various
NT4 operations.
.TP
\fBJOIN -U username[%password] [options]\fR
Join a domain with specified username and password. Password
will be prompted if none is specified.
.TP
\fBJOIN [options except -U]\fR
to join a domain created in server manager
.TP
\fBUSER [misc. options] [targets]\fR
List users
.TP
\fBUSER DELETE <name> [misc options]\fR
delete specified user
.TP
\fBUSER INFO <name> [misc options]\fR
list the domain groups of the specified user
.TP
\fBUSER ADD <name> [password] [-F user flags] [misc. options\fR
Add specified user
.TP
\fBGROUP [misc options] [targets]\fR
List user groups
.TP
\fBGROUP DELETE <name> [misc. options] [targets]\fR
Delete specified group
.TP
\fBGROUP ADD <name> [-C comment]\fR
Create specified group
.TP
\fBSHARE [misc. options] [targets]\fR
enumerates all exported resources (network shares) on target server
.TP
\fBSHARE ADD <name=serverpath> [misc. options] [targets]\fR
Adds a share from a server (makes the export active)
.TP
\fBSHARE DELETE <sharenam\fR
.SH "VERSION"
.PP
This man page is incomplete for version 3.0 of the Samba

196
docs/manpages/smb.conf.5
View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMB.CONF" "5" "01 October 2002" "" ""
.TH "SMB.CONF" "5" "03 October 2002" "" ""
.SH NAME
smb.conf \- The configuration file for the Samba suite
.SH "SYNOPSIS"
@ -95,7 +95,7 @@ The share is accessed via the share name "foo":
.nf
[foo]
path = /home/bar
writeable = true
read only = no
.fi
@ -110,9 +110,9 @@ elsewhere):
.nf
[aprinter]
path = /usr/spool/public
writeable = false
printable = true
guest ok = true
read only = yes
printable = yes
guest ok = yes
.fi
@ -173,7 +173,7 @@ section:
.nf
[homes]
writeable = yes
read only = no
.fi
@ -604,12 +604,6 @@ each parameter for details. Note that some are synonyms.
\fIdns proxy\fR
.TP 0.2i
\(bu
\fIdomain admin group\fR
.TP 0.2i
\(bu
\fIdomain guest group\fR
.TP 0.2i
\(bu
\fIdomain logons\fR
.TP 0.2i
\(bu
@ -640,6 +634,9 @@ each parameter for details. Note that some are synonyms.
\fIhide unwriteable files\fR
.TP 0.2i
\(bu
\fIhide special files\fR
.TP 0.2i
\(bu
\fIhomedir map\fR
.TP 0.2i
\(bu
@ -997,6 +994,9 @@ each parameter for details. Note that some are synonyms.
\fIuse rhosts\fR
.TP 0.2i
\(bu
\fIuse sendfile\fR
.TP 0.2i
\(bu
\fIusername level\fR
.TP 0.2i
\(bu
@ -1367,9 +1367,6 @@ each parameter for details. Note that some are synonyms.
\fIshort preserve case\fR
.TP 0.2i
\(bu
\fIstatus\fR
.TP 0.2i
\(bu
\fIstrict allocate\fR
.TP 0.2i
\(bu
@ -1813,7 +1810,7 @@ cannot be immediately satisfied, Samba 2.2 will internally
queue the lock request, and periodically attempt to obtain
the lock until the timeout period expires.
If this parameter is set to false, then
If this parameter is set to no, then
Samba 2.2 will behave as previous versions of Samba would and
will fail the lock request immediately if the lock range
cannot be obtained.
@ -1845,7 +1842,7 @@ See the \fI browseable\fR.
\fBbrowse list (G)\fR
This controls whether \fBsmbd(8)\fR will serve a browse list to
a client doing a \fBNetServerEnum\fR call. Normally
set to true. You should never need to change
set to yes. You should never need to change
this.
Default: \fBbrowse list = yes\fR
@ -2272,11 +2269,11 @@ Example: \fBdelete user from group script = /usr/sbin/deluser %u %g\fR
This option is used when Samba is attempting to
delete a directory that contains one or more vetoed directories
(see the \fIveto files\fR
option). If this option is set to false (the default) then if a vetoed
option). If this option is set to no (the default) then if a vetoed
directory contains any non-vetoed files or directories then the
directory delete will fail. This is usually what you want.
If this option is set to true, then Samba
If this option is set to yes, then Samba
will attempt to recursively delete any files and directories within
the vetoed directory. This can be useful for integration with file
serving systems such as NetAtalk which create meta-files within
@ -2484,42 +2481,8 @@ See also the parameter \fI wins support\fR.
Default: \fBdns proxy = yes\fR
.TP
\fBdomain admin group (G)\fR
This parameter is intended as a temporary solution
to enable users to be a member of the "Domain Admins" group when
a Samba host is acting as a PDC. A complete solution will be provided
by a system for mapping Windows NT/2000 groups onto UNIX groups.
Please note that this parameter has a somewhat confusing name. It
accepts a list of usernames and of group names in standard
\fIsmb.conf\fR notation.
See also \fIdomain
guest group\fR, \fIdomain
logons\fR
Default: \fBno domain administrators\fR
Example: \fBdomain admin group = root @wheel\fR
.TP
\fBdomain guest group (G)\fR
This parameter is intended as a temporary solution
to enable users to be a member of the "Domain Guests" group when
a Samba host is acting as a PDC. A complete solution will be provided
by a system for mapping Windows NT/2000 groups onto UNIX groups.
Please note that this parameter has a somewhat confusing name. It
accepts a list of usernames and of group names in standard
\fIsmb.conf\fR notation.
See also \fIdomain
admin group\fR, \fIdomain
logons\fR
Default: \fBno domain guests\fR
Example: \fBdomain guest group = nobody @guest\fR
.TP
\fBdomain logons (G)\fR
If set to true, the Samba server will serve
If set to yes, the Samba server will serve
Windows 95/98 Domain logons for the \fIworkgroup\fR it is in. Samba 2.2 also
has limited capability to act as a domain controller for Windows
NT 4 Domains. For more details on setting up this feature see
@ -2626,7 +2589,7 @@ file they can change the timestamp on it. Under POSIX semantics,
only the owner of the file or root may change the timestamp. By
default, Samba runs with POSIX semantics and refuses to change the
timestamp on a file if the user \fBsmbd\fR is acting
on behalf of is not the file owner. Setting this option to true allows DOS semantics and smbd will change the file
on behalf of is not the file owner. Setting this option to yes allows DOS semantics and smbd will change the file
timestamp as DOS requires.
Default: \fBdos filetimes = no\fR
@ -2947,7 +2910,7 @@ This is a tuning option. When this is enabled a
caching algorithm will be used to reduce the time taken for getwd()
calls. This can have a significant impact on performance, especially
when the \fIwide links\fR
parameter is set to false.
parameter is set to no.
Default: \fBgetwd cache = yes\fR
.TP
@ -3055,9 +3018,16 @@ Note that unwriteable directories are shown as usual.
Default: \fBhide unwriteable = no\fR
.TP
\fBhide special files (G)\fR
This parameter prevents clients from seeing
special files such as sockets, devices and fifo's in directory
listings.
Default: \fBhide special files = no\fR
.TP
\fBhomedir map (G)\fR
If\fInis homedir
\fR is true, and \fBsmbd(8)\fR is also acting
\fR is yes, and \fBsmbd(8)\fR is also acting
as a Win95/98 \fIlogon server\fR then this parameter
specifies the NIS (or YP) map from which the server for the user's
home directory should be extracted. At present, only the Sun
@ -3498,7 +3468,7 @@ Currently, if \fIkernel
oplocks\fR are supported then level2 oplocks are
not granted (even if this parameter is set to yes).
Note also, the \fIoplocks\fR
parameter must be set to true on this share in order for
parameter must be set to yes on this share in order for
this parameter to have any effect.
See also the \fIoplocks\fR
@ -3511,10 +3481,10 @@ Default: \fBlevel2 oplocks = yes\fR
This parameter determines if \fBnmbd(8)\fR will produce Lanman announce
broadcasts that are needed by OS/2 clients in order for them to see
the Samba server in their browse list. This parameter can have three
values, true, false, or
values, yes, no, or
auto. The default is auto.
If set to false Samba will never produce these
broadcasts. If set to true Samba will produce
If set to no Samba will never produce these
broadcasts. If set to yes Samba will produce
Lanman announce broadcasts at a frequency set by the parameter
\fIlm interval\fR. If set to auto
Samba will not send Lanman announce broadcasts by default but will
@ -3554,13 +3524,13 @@ Default: \fBload printers = yes\fR
.TP
\fBlocal master (G)\fR
This option allows \fB nmbd(8)\fR to try and become a local master browser
on a subnet. If set to false then \fB nmbd\fR will not attempt to become a local master browser
on a subnet. If set to no then \fB nmbd\fR will not attempt to become a local master browser
on a subnet and will also lose in all browsing elections. By
default this value is set to true. Setting this value to true doesn't
default this value is set to yes. Setting this value to yes doesn't
mean that Samba will \fBbecome\fR the local master
browser on a subnet, just that \fBnmbd\fR will \fB participate\fR in elections for local master browser.
Setting this value to false will cause \fBnmbd\fR
Setting this value to no will cause \fBnmbd\fR
\fBnever\fR to become a local master browser.
Default: \fBlocal master = yes\fR
@ -4967,7 +4937,7 @@ is a full stop ".", then no string is sent. Similarly,
if the expect string is a full stop then no string is expected.
If the \fIpam
password change\fR parameter is set to true, the chat pairs
password change\fR parameter is set to yes, the chat pairs
may be matched in any order, and success is determined by the PAM result,
not any particular output. The \\n macro is ignored for PAM conversions.
@ -5015,7 +4985,7 @@ of mixed case chars and digits. This can pose a problem as some clients
it.
\fBNote\fR that if the \fIunix
password sync\fR parameter is set to true
password sync\fR parameter is set to yes
then this program is called \fBAS ROOT\fR
before the SMB password in the smbpasswd(5)
file is changed. If this UNIX password change fails, then
@ -5026,7 +4996,7 @@ If the \fIunix password sync\fR parameter
is set this parameter \fBMUST USE ABSOLUTE PATHS\fR
for \fBALL\fR programs called, and must be examined
for security implications. Note that by default \fIunix
password sync\fR is set to false.
password sync\fR is set to no.
See also \fIunix
password sync\fR.
@ -5265,7 +5235,7 @@ Default: \fBpreexec close = no\fR
This boolean parameter controls if nmbd(8) is a preferred master browser
for its workgroup.
If this is set to true, on startup, \fBnmbd\fR
If this is set to yes, on startup, \fBnmbd\fR
will force an election, and it will have a slight advantage in
winning the election. It is recommended that this parameter is
used in conjunction with \fB\fI domain master\fB = yes\fR, so that \fB nmbd\fR can guarantee becoming a domain master.
@ -5285,7 +5255,7 @@ Default: \fBpreferred master = auto\fR
\fBprefered master (G)\fR
Synonym for \fI preferred master\fR for people who cannot spell :-).
.TP
\fBpreload\fR
\fBpreload (G)\fR
This is a list of services that you want to be
automatically added to the browse lists. This is most useful
for homes and printers services that would otherwise not be
@ -5404,7 +5374,7 @@ specified for the service.
Note that a printable service will ALWAYS allow writing
to the service path (user privileges permitting) via the spooling
of print data. The \fIwriteable
of print data. The \fIread only
\fR parameter controls only non-printing access to
the resource.
@ -5664,7 +5634,7 @@ Default: \fBread bmpx = no\fR
\fBread list (S)\fR
This is a list of users that are given read-only
access to a service. If the connecting user is in this list then
they will not be given write access, no matter what the \fIwriteable\fR
they will not be given write access, no matter what the \fIread only\fR
option is set to. The list can include group names using the
syntax described in the \fI invalid users\fR parameter.
@ -5676,7 +5646,17 @@ Default: \fBread list = <empty string>\fR
Example: \fBread list = mary, @students\fR
.TP
\fBread only (S)\fR
Note that this is an inverted synonym for \fIwriteable\fR.
An inverted synonym is \fIwriteable\fR.
If this parameter is yes, then users
of a service may not create or modify files in the service's
directory.
Note that a printable service (\fBprintable = yes\fR)
will \fBALWAYS\fR allow writing to the directory
(user privileges permitting), but only via spooling operations.
Default: \fBread only = yes\fR
.TP
\fBread raw (G)\fR
This parameter controls whether or not the server
@ -5790,10 +5770,10 @@ Default: \fBremote browse sync = <empty string>
\fR
.TP
\fBrestrict anonymous (G)\fR
This is a boolean parameter. If it is true, then
This is a boolean parameter. If it is yes, then
anonymous access to the server will be restricted, namely in the
case where the server is expecting the client to send a username,
but it doesn't. Setting it to true will force these anonymous
but it doesn't. Setting it to yes will force these anonymous
connections to be denied, and the client will be required to always
supply a username and password when connecting. Use of this parameter
is only recommended for homogeneous NT client environments.
@ -5803,7 +5783,7 @@ on the username (%U, %G, etc) consistent. NT 4.0
likes to use anonymous connections when refreshing the share list,
and this is a way to work around that.
When restrict anonymous is true, all anonymous connections
When restrict anonymous is yes, all anonymous connections
are denied no matter what they are for. This can effect the ability
of a machine to access the Samba Primary Domain Controller to revalidate
its machine account after someone else has logged on the client
@ -6051,7 +6031,7 @@ parameter.
This mode will only work correctly if smbpasswd(8) has been used to add this
machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR
parameter to be set to true. In this
parameter to be set to yes. In this
mode Samba will try to validate the username/password by passing
it to a Windows NT Primary or Backup Domain Controller, in exactly
the same way that a Windows NT Server would do.
@ -6419,17 +6399,6 @@ never need to change this parameter.
Default: \fBstat cache size = 50\fR
.TP
\fBstatus (G)\fR
This enables or disables logging of connections
to a status file that smbstatus(1)
can read.
With this disabled \fBsmbstatus\fR won't be able
to tell you what connections are active. You should never need to
change this parameter.
Default: \fBstatus = yes\fR
.TP
\fBstrict allocate (S)\fR
This is a boolean that controls the handling of
disk space allocation in the server. When this is set to yes
@ -6494,10 +6463,10 @@ Default: \fBstrip dot = no\fR
\fBsync always (S)\fR
This is a boolean parameter that controls
whether writes will always be written to stable storage before
the write call returns. If this is false then the server will be
the write call returns. If this is no then the server will be
guided by the client's request in each write call (clients can
set a bit indicating that a particular write should be synchronous).
If this is true then every write will be followed by a \fBfsync()
If this is yes then every write will be followed by a \fBfsync()
\fR call to ensure the data is written to disk. Note that
the \fIstrict sync\fR parameter must be set to
yes in order for this parameter to have
@ -6609,7 +6578,7 @@ Default: \fBunix extensions = no\fR
This boolean parameter controls whether Samba
attempts to synchronize the UNIX password with the SMB password
when the encrypted SMB password in the smbpasswd file is changed.
If this is set to true the program specified in the \fIpasswd
If this is set to yes the program specified in the \fIpasswd
program\fRparameter is called \fBAS ROOT\fR -
to allow the new UNIX password to be set without access to the
old UNIX password (as the SMB password change code has no
@ -6682,7 +6651,7 @@ Default: \fBuse client driver = no\fR
This global parameter determines if the tdb internals of Samba can
depend on mmap working correctly on the running system. Samba requires a coherent
mmap/read-write system memory cache. Currently only HPUX does not have such a
coherent cache, and so this parameter is set to false by
coherent cache, and so this parameter is set to no by
default on HPUX. On all other systems this parameter should be left alone. This
parameter is provided to help the Samba developers track down problems with
the tdb internal code.
@ -6690,7 +6659,7 @@ the tdb internal code.
Default: \fBuse mmap = yes\fR
.TP
\fBuse rhosts (G)\fR
If this global parameter is true, it specifies
If this global parameter is yes, it specifies
that the UNIX user's \fI.rhosts\fR file in their home directory
will be read to find the names of hosts and users who will be allowed
access without specifying a password.
@ -6875,9 +6844,20 @@ Default: \fBno username map\fR
Example: \fBusername map = /usr/local/samba/lib/users.map
\fR
.TP
\fBuse sendfile (S)\fR
If this parameter is yes, and Samba
was built with the --with-sendfile-support option, and the underlying operating
system supports sendfile system call, then some SMB read calls (mainly ReadAndX
and ReadRaw) will use the more efficient sendfile system call for files that
are exclusively oplocked. This may make more efficient use of the system CPU's
and cause Samba to be faster. This is off by default as it's effects are unknown
as yet.
Default: \fBuse sendfile = no\fR
.TP
\fButmp (G)\fR
This boolean parameter is only available if
Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to true then Samba will attempt
Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to yes then Samba will attempt
to add utmp or utmpx records (depending on the UNIX system) whenever a
connection is made to a Samba server. Sites may use this to record the
user connecting to a Samba share.
@ -7071,7 +7051,7 @@ necessary to suppress the enumeration of users through the
\fBgetpwent()\fR and
\fBendpwent()\fR group of system calls. If
the \fIwinbind enum users\fR parameter is
false, calls to the \fBgetpwent\fR system call
no, calls to the \fBgetpwent\fR system call
will not return any data.
\fBWarning:\fR Turning off user
@ -7090,7 +7070,7 @@ necessary to suppress the enumeration of groups through the
\fBgetgrent()\fR and
\fBendgrent()\fR group of system calls. If
the \fIwinbind enum groups\fR parameter is
false, calls to the \fBgetgrent()\fR system
no, calls to the \fBgetgrent()\fR system
call will not return any data.
\fBWarning:\fR Turning off group
@ -7137,17 +7117,17 @@ Example: \fBwinbind uid = 10000-20000\fR
.TP
\fBwinbind use default domain\fR
.TP
\fBwinbind use default domain\fR
\fBwinbind use default domain (G)\fR
This parameter specifies whether the winbindd(8)
daemon should operate on users without domain component in their username.
Users without a domain component are treated as is part of the winbindd server's
own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail
function in a way much closer to the way they would in a native unix system.
Default: \fBwinbind use default domain = <falseg>
Default: \fBwinbind use default domain = <no>
\fR
Example: \fBwinbind use default domain = true\fR
Example: \fBwinbind use default domain = yes\fR
.TP
\fBwins hook (G)\fR
When Samba is running as a WINS server this
@ -7224,9 +7204,9 @@ Example: \fBwins server = 192.9.200.1\fR
\fBwins support (G)\fR
This boolean controls if the
nmbd(8) process in Samba will act as a WINS server. You should
not set this to true unless you have a multi-subnetted network and
not set this to yes unless you have a multi-subnetted network and
you wish a particular \fBnmbd\fR to be your WINS server.
Note that you should \fBNEVER\fR set this to true
Note that you should \fBNEVER\fR set this to yes
on more than one machine in your network.
Default: \fBwins support = no\fR
@ -7273,7 +7253,7 @@ for a 256k cache size per file.
\fBwrite list (S)\fR
This is a list of users that are given read-write
access to a service. If the connecting user is in this list then
they will be given write access, no matter what the \fIwriteable\fR
they will be given write access, no matter what the \fIread only\fR
option is set to. The list can include group names using the
@group syntax.
@ -7301,7 +7281,7 @@ Default: \fBwins partners = \fR
Example: \fBwins partners = 192.168.0.1 172.16.1.2\fR
.TP
\fBwrite ok (S)\fR
Synonym for \fI writeable\fR.
Inverted synonym for \fI read only\fR.
.TP
\fBwrite raw (G)\fR
This parameter controls whether or not the server
@ -7311,17 +7291,7 @@ You should never need to change this parameter.
Default: \fBwrite raw = yes\fR
.TP
\fBwriteable (S)\fR
An inverted synonym is \fIread only\fR.
If this parameter is no, then users
of a service may not create or modify files in the service's
directory.
Note that a printable service (\fBprintable = yes\fR)
will \fBALWAYS\fR allow writing to the directory
(user privileges permitting), but only via spooling operations.
Default: \fBwriteable = no\fR
Inverted synonym for \fI read only\fR.
.SH "WARNINGS"
.PP
Although the configuration file permits service names

142
docs/textdocs/ADS-HOWTO.txt
View File

@ -1,142 +0,0 @@
Samba 3.0 prealpha guide to Kerberos authentication
---------------------------------------------------
Andrew Tridgell
tridge@samba.org
This is a VERY ROUGH guide to setting up the current (November 2001)
pre-alpha version of Samba 3.0 with kerberos authentication against a
Windows2000 KDC. The procedures listed here are likely to change as
the code develops.
Pieces you need before you begin:
- a Windows 2000 server
- the latest CVS source code for Samba. See http://cvs.samba.org/ for how to
fetch this.
- the MIT kerberos development libraries (either install from the
above sources or use a package). Under debian you need "libkrb5-dev"
and "krb5-user". The heimdal libraries will not work.
- the OpenLDAP development libraries.
On RedHat this means you should have at least:
krb5-workstation (for kinit)
krb5-libs (for linking with)
krb5-devel (because you are compiling from source)
in addition to the standard development environment.
Note that these are not standard on a RedHat install, and you may need
to get them off CD2.
Also check that you have the latest copy of this HOWTO. It is
available from http://samba.org/ftp/tridge/kerberos/HOWTO
Step 1: Compile Samba
If your kerberos libraries are in a non-standard location then
remember to add the configure option --with-krb5=DIR.
After you run configure make sure that include/config.h contains
lines like this:
#define HAVE_KRB5 1
#define HAVE_LDAP 1
If it doesn't then configure did not find your krb5 libraries or
your ldap libraries. Look in config.log to figure out why and fix
it.
Then compile and install Samba as usual. You must use at least the
following 3 options in smb.conf:
realm = YOUR.KERBEROS.REALM
ads server = your.kerberos.server
security = ADS
encrypt passwords = yes
Strictly speaking, you can omit the realm name and you can use an IP
address for the ads server. In that case Samba will auto-detect these.
You do *not* need a smbpasswd file, although it won't do any harm
and if you have one then Samba will be able to fall back to normal
password security for older clients. I expect that the above
required options will change soon when we get better active
directory integration.
Step 2: Setup your /etc/krb5.conf
The minimal configuration for krb5.conf is:
[realms]
YOUR.KERBEROS.REALM = {
kdc = your.kerberos.server
}
Test your config by doing a "kinit USERNAME@REALM" and making sure that
your password is accepted by the Win2000 KDC.
NOTE: The realm must be uppercase.
You also must ensure that you can do a reverse DNS lookup on the IP
address of your KDC. Also, the name that this reverse lookup maps to
must either be the netbios name of the KDC (ie. the hostname with no
domain attached) or it can alternatively be the netbios name
followed by the realm.
The easiest way to ensure you get this right is to add a /etc/hosts
entry mapping the IP address of your KDC to its netbios name. If you
don't get this right then you will get a "local error" when you try
to join the realm.
* If all you want is kerberos support in smbclient then you can skip
* straight to step 5 now. Step 3 is only needed if you want kerberos
* support in smbd.
Step 3: Create the computer account
Do a "kinit" as a user that has authority to change arbitrary
passwords on the KDC ("Administrator" is a good choice). Then as a
user that has write permission on the Samba private directory
(usually root) run:
net ads join
Possible errors:
- "bash: kinit: command not found":
- kinit is in the krb5-workstation RPM on RedHat systems, and is
in /usr/kerberos/bin, so it won't be in the path until
you log in again (or open a new terminal)
- "ADS support not compiled in"
- Samba must be reconfigured (remove config.cache) and
recompiled (make clean all install) after the kerberos libs
and headers are installed.
Step 4: Test your server setup
On a Windows 2000 client try "net use * \\server\share". You should
be logged in with kerberos without needing to know a password. If
this fails then run "klist tickets". Did you get a ticket for the
server? Does it have an encoding type of DES-CBC-MD5 ?
Step 5: Testing with smbclient
On your Samba server try to login to a Win2000 server or your Samba
server using smbclient and kerberos. Use smbclient as usual, but
specify the -k option to choose kerberos authentication.
--------
NOTES:
- must change administrator password at least once after DC install,
to create the right encoding types
- w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in
their defaults DNS setup. Maybe fixed in service packs?

56
docs/textdocs/Application_Serving.txt
View File

@ -1,56 +0,0 @@
Contributed: January 7, 1997
Updated: March 24, 1998
Contributor: John H Terpstra <samba@samba.org>
Copyright (C) 1997 - John H Terpstra
Status: Current
Subject: Using a Samba share as an administrative share for MS Office, etc.
==============================================================================
Problem:
========
Microsoft Office products can be installed as an administrative installation
from which the application can either be run off the administratively installed
product that resides on a shared resource, or from which that product can be
installed onto workstation clients.
The general mechanism for implementing an adminstrative installation involves
running:
X:\setup /A, where X is the drive letter of either CDROM or floppy
This installation process will NOT install the product for use per se, but
rather results in unpacking of the compressed distribution files into a target
shared folder. For this process you need write privilidge to the share and it
is desirable to enable file locking and share mode operation during this
process.
Subsequent installation of MS Office from this share will FAIL unless certain
precautions are taken. This failure will be caused by share mode operation
which will prevent the MS Office installation process from re-opening various
dynamic link library files and will cause sporadic file not found problems.
Solution:
=========
1. As soon as the administrative installation (unpacking) has completed
set the following parameters on the share containing it:
[MSOP95]
path = /where_you_put_it
comment = Your comment
volume = "The_CD_ROM_Label"
read only = yes
available = yes
share modes = no
locking = no
browseable = yes
public = yes
2. Now you are ready to run the setup program from the Microsoft Windows
workstation as follows:-
\\"Server_Name"\MSOP95\msoffice\setup
MS Office Sharing - Please note:
================================
Workgroup Templates should be stored on an ordinary writable or read-only share
but USER templates MUST be stored on a writable share _OR_ on the users' local
machine.

215
docs/textdocs/BROWSING-Config.txt
View File

@ -1,215 +0,0 @@
Date: July 5, 1998
Contributor: John H Terpstra <jht@samba.org>
Subject: Cross Subnet Browsing / Cross Workgroup Browsing
===============================================================================
OVERVIEW:
=========
This document should be read in conjunction with BROWSING.txt and may
be taken as the fast track guide to implementing browsing across subnets
and / or across workgroups (or domains). WINS is the best tool for resolution
of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling
except by way of name to address mapping.
DISCUSSION:
===========
Firstly, all MS Windows networking is based on SMB (Server Message
Block) based messaging. SMB messaging is implemented using NetBIOS. Samba
implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can
do likewise. NetBIOS based networking uses broadcast messaging to affect
browse list management. When running NetBIOS over TCP/IP this uses UDP
based messaging. UDP messages can be broadcast or unicast.
Normally, only unicast UDP messaging can be forwarded by routers. The
"remote announce" parameter to smb.conf helps to project browse announcements
to remote network segments via unicast UDP. Similarly, the "remote browse sync"
parameter of smb.conf implements browse list collation using unicast UDP.
Secondly, in those networks where Samba is the only SMB server technology
wherever possible nmbd should be configured on one (1) machine as the WINS
server. This makes it easy to manage the browsing environment. If each network
segment is configured with it's own Samba WINS server, then the only way to
get cross segment browsing to work is by using the "remote announce" and
the "remote browse sync" parameters to your smb.conf file.
If only one WINS server is used then the use of the "remote announce" and the
"remote browse sync" parameters should NOT be necessary.
Samba WINS does not support MS-WINS replication. This means that when setting up
Samba as a WINS server there must only be one nmbd configured as a WINS server
on the network. Some sites have used multiple Samba WINS servers for redundancy
(one server per subnet) and then used "remote browse sync" and "remote announce"
to affect browse list collation across all segments. Note that this means
clients will only resolve local names, and must be configured to use DNS to
resolve names on other subnets in order to resolve the IP addresses of the
servers they can see on other subnets. This setup is not recommended, but is
mentioned as a practical consideration (ie: an 'if all else fails' scenario).
Lastly, take note that browse lists are a collection of unreliable broadcast
messages that are repeated at intervals of not more than 15 minutes. This means
that it will take time to establish a browse list and it can take up to 45
minutes to stabilise, particularly across network segments.
A) Use of the "Remote Announce" parameter
------------------------------------------
The "remote announce" parameter of smb.conf can be used to forcibly ensure
that all the NetBIOS names on a network get announced to a remote network.
The syntax of the "remote announce" parameter is:
remote announce = a.b.c.d [e.f.g.h] ...
_or_
remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...
where:
a.b.c.d: is either the LMB (Local Master Browser) IP address
e.f.g.h: or the broadcst address of the remote network.
ie: the LMB is at 192.168.1.10, or the address
could be given as 192.168.1.255 where the netmask
is assumed to be 24 bits (255.255.255.0).
When the remote announcement is made to the broadcast
address of the remote network every host will receive
our announcements. This is noisy and therefore
undesirable but may be necessary if we do NOT know
the IP address of the remote LMB.
WORKGROUP: is optional and can be either our own workgroup
or that of the remote network. If you use the
workgroup name of the remote network then our
NetBIOS machine names will end up looking like
they belong to that workgroup, this may cause
name resolution problems and should be avoided.
B) Use of the "Remote Browse Sync" parameter
--------------------------------------------
The "remote browse sync" parameter of smb.conf is used to announce to
another LMB that it must synchronise it's NetBIOS name list with our
Samba LMB. It works ONLY if the Samba server that has this option is
simultaneously the LMB on it's network segment.
The syntax of the "remote browse sync" parameter is:
remote browse sync = a.b.c.d
where:
a.b.c.d: is either the IP address of the remote LMB or else
is the network broadcast address of the remote segment.
C) Use of WINS
--------------
Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly
recommended. Every NetBIOS machine registers it's name together with a
name_type value for each of of several types of service it has available.
eg: It registers it's name directly as a unique (the type 0x03) name.
It also registers it's name if it is running the lanmanager compatible
server service (used to make shares and printers available to other users)
by registering the server (the type 0x20) name.
All NetBIOS names are up to 15 characters in length. The name_type variable
is added to the end of the name - thus creating a 16 character name. Any
name that is shorter than 15 characters is padded with spaces to the 15th
character. ie: All NetBIOS names are 16 characters long (including the
name_type information).
WINS can store these 16 character names as they get registered. A client
that wants to log onto the network can ask the WINS server for a list
of all names that have registered the NetLogon service name_type. This saves
broadcast traffic and greatly expedites logon processing. Since broadcast
name resolution can not be used across network segments this type of
information can only be provided via WINS _or_ via statically configured
"lmhosts" files that must reside on all clients in the absence of WINS.
WINS also serves the purpose of forcing browse list synchronisation by all
LMB's. LMB's must synchronise their browse list with the DMB (domain master
browser) and WINS helps the LMB to identify it's DMB. By definition this
will work only within a single workgroup. Note that the domain master browser
has NOTHING to do with what is referred to as an MS Windows NT Domain. The
later is a reference to a security environment while the DMB refers to the
master controller for browse list information only.
Use of WINS will work correctly only if EVERY client TCP/IP protocol stack
has been configured to use the WINS server/s. Any client that has not been
configured to use the WINS server will continue to use only broadcast based
name registration so that WINS may NEVER get to know about it. In any case,
machines that have not registered with a WINS server will fail name to address
lookup attempts by other clients and will therefore cause workstation access
errors.
To configure Samba as a WINS server just add "wins support = yes" to the
smb.conf file [globals] section.
To configure Samba to register with a WINS server just add
"wins server = a.b.c.d" to your smb.conf file [globals] section.
DO NOT EVER use both "wins support = yes" together with "wins server = a.b.c.d"
particularly not using it's own IP address.
D) Do NOT use more than one (1) protocol on MS Windows machines
---------------------------------------------------------------
A very common cause of browsing problems results from installing more than
one protocol on an MS Windows machine.
Every NetBIOS machine take part in a process of electing the LMB (and DMB)
every 15 minutes. A set of election criteria is used to determine the order
of precidence for winning this election process. A machine running Samba or
Windows NT will be biased so that the most suitable machine will predictably
win and thus retain it's role.
The election process is "fought out" so to speak over every NetBIOS network
interface. In the case of a Windows 9x machine that has both TCP/IP and IPX
installed and has NetBIOS enabled over both protocols the election will be
decided over both protocols. As often happens, if the Windows 9x machine is
the only one with both protocols then the LMB may be won on the NetBIOS
interface over the IPX protocol. Samba will then lose the LMB role as Windows
9x will insist it knows who the LMB is. Samba will then cease to function
as an LMB and thus browse list operation on all TCP/IP only machines will
fail.
The safest rule of all to follow it this - USE ONLY ONE PROTOCOL!
E) Name Resolution Order
========================
Resolution of NetBIOS names to IP addresses can take place using a number
of methods. The only ones that can provide NetBIOS name_type information
are:
WINS: the best tool!
LMHOSTS: is static and hard to maintain.
Broadcast: uses UDP and can not resolve names across
remote segments.
Alternative means of name resolution includes:
/etc/hosts: is static, hard to maintain, and lacks name_type info.
DNS: is a good choice but lacks essential name_type info.
Many sites want to restrict DNS lookups and want to avoid broadcast name
resolution traffic. The "name resolve order" parameter is of great help here.
The syntax of the "name resolve order" parameter is:
name resolve order = wins lmhosts bcast host
_or_
name resolve order = wins lmhosts (eliminates bcast and host)
the default is:
name resolve order = host lmhost wins bcast
where:
"host" refers the the native methods used by the Unix system
to implement the gethostbyname() function call. This is normally
controlled by:
/etc/host.conf
/etc/nsswitch.conf
/etc/resolv.conf
===============================================================================

240
docs/textdocs/DHCP-Server-Configuration.txt
View File

@ -1,240 +0,0 @@
Subject: DHCP Server Configuration for SMB Clients
Date: March 1, 1998
Updated: May 15, 2001
Contributor: John H Terpstra <jht@samba.org>
Support: This is an unsupported document. Refer to documentation that is
supplied with the ISC DHCP Server. Do NOT email the contributor
for ANY assistance.
===============================================================================
Background:
===========
We wish to help those folks who wish to use the ISC DHCP Server and provide
sample configuration settings. Most operating systems today come ship with
the ISC DHCP Server. ISC DHCP is available from:
ftp://ftp.isc.org/isc/dhcp
Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows
NT/2000) will lead to problems with browsing and with general network
operation. Windows 9X/ME users often report problems where the TCP/IP and related
network settings will inadvertantly become reset at machine start-up resulting
in loss of configuration settings. This results in increased maintenance
overheads as well as serious user frustration.
In recent times users on one mailing list incorrectly attributed the cause of
network operating problems to incorrect configuration of Samba.
One user insisted that the only way to provent Windows95 from periodically
performing a full system reset and hardware detection process on start-up was
to install the NetBEUI protocol in addition to TCP/IP. This assertion is not
correct.
In the first place, there is NO need for NetBEUI. All Microsoft Windows clients
natively run NetBIOS over TCP/IP, and that is the only protocol that is
recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will
cause problems with browse list operation on most networks. Even Windows NT
networks experience these problems when incorrectly configured Windows95
systems share the same name space. It is important that only those protocols
that are strictly needed for site specific reasons should EVER be installed.
Secondly, and totally against common opinion, DHCP is NOT an evil design but is
an extension of the BOOTP protocol that has been in use in Unix environments
for many years without any of the melt-down problems that some sensationalists
would have us believe can be experienced with DHCP. In fact, DHCP in covered by
rfc1541 and is a very safe method of keeping an MS Windows desktop environment
under control and for ensuring stable network operation.
Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95
store all network configuration settings a registry. There are a few reports
from MS Windows network administrators that warrant mention here. It would appear
that when one sets certain MS TCP/IP protocol settings (either directly or via
DHCP) that these do get written to the registry. Even though a subsequent
change of setting may occur the old value may persist in the registry. This
has been known to create serious networking problems.
An example of this occurs when a manual TCP/IP environment is configured to
include a NetBIOS Scope. In this event, when the administrator then changes the
configuration of the MS TCP/IP protocol stack, without first deleting the
current settings, by simply checking the box to configure the MS TCP/IP stack
via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be
applied to the resulting DHCP offered settings UNLESS the DHCP server also sets
a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS
Scope from your DHCP server. The can be done in the dhcpd.conf file with the
parameter:
option netbios-scope "";
While it is true that the Microsoft DHCP server that comes with Windows NT
Server provides only a sub-set of rfc1533 functionality this is hardly an issue
in those sites that already have a large investment and commitment to Unix
systems and technologies. The current state of the art of the DHCP Server
specification in covered in rfc2132.
This document aims to provide enough background information so that the
majority of site can without too much hardship get the Internet Software
Consortium's (ISC) DHCP Server into operation. The key benefits of using DHCP
includes:
1) Automated IP Address space management and maximised re-use of available IP
Addresses,
2) Automated control of MS Windows client TCP/IP network configuration,
3) Automatic recovery from start-up and run-time problems with Windows95.
Client Configuration for SMB Networking:
========================================
SMB network clients need to be configured so that all standard TCP/IP name to
address resolution works correctly. Once this has been achieved the SMB
environment provides additional tools and services that act as helper agents in
the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One
such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it
in their Windows NT Server implementation WINS (Windows Internet Name Server).
A client needs to be configured so that it has a unique Machine (Computer)
Name.
This can be done, but needs a few NT registry hacks and you need to be able to
speak UNICODE, which is of course no problem for a True Wizzard(tm) :)
Instructions on how to do this (including a small util for less capable
Wizzards) can be found at
http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html
All remaining TCP/IP networking parameters can be assigned via DHCP. These include:
a) IP Address,
b) Netmask,
c) Gateway (Router) Address,
d) DNS Domain Name,
e) DNS Server addresses,
f) WINS (NBNS) Server addresses,
g) IP Forwarding,
h) Timezone offset,
i) Node Type,
j) NetBIOS Scope
Other assignments can be made from a DHCP server too, but the above cover the
major needs.
Note: IF ever an entry has has been made to the NetBIOS Scope field of the
TCP/IP configuration panel on an MS Windows machine, and it has then been
committed, then that setting may become persistent. In such a c ase it is better
to configure the DHCP server with a NetBIOS Scope consisting of an empty string
(ie: A NULL scope).
DHCP Server Installation:
=========================
It is assumed that you will have obtained a copy of the GPL'd ISC DHCP server
source files from ftp://ftp.isc.org/isc/dhcp, it is also assumed that you have
compiled the sources and have installed the binary files.
The following simply serves to provide sample configuration files to enable
dhcpd to operate. The sample files assume that your site is configured to use
private IP network address space using the Class B range of 172.16.1.0 -
172.16.1.255 and is using a netmask of 255.255.255.0 (ie:24 bits). It is
assumed that your router to the outside world is at 172.16.1.254 and that your
Internet Domain Name is bestnet.com.au. The IP Address range 172.16.1.100 to
172.16.1.240 has been set aside as your dynamically allocated range. In
addition, bestnet.com.au have two print servers that need to obtain settings
via BOOTP. The machine linux.bestnet.com.au has IP address 172.16.1.1 and is
you primary Samba server with WINS support enabled by adding the parameter to
the /etc/smb.conf file: [globals] wins support = yes. The dhcp lease time will
be set to 20 hours.
Configuration Files:
====================
Before dhcpd will run you need to install a file that speifies the
configuration settings, and another that holds the database of issued IP
addresses. On many systems these are stored in the /etc directory on the Unix
system.
Example /etc/dhcpd.conf:
========================
server-identifier linux.bestnet.com.au;
subnet 172.16.1.0 netmask 255.255.255.0 {
range 172.16.1.100 172.16.1.240;
default-lease-time 72000;
max-lease-time 144000;
option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.254;
option domain-name-servers 172.16.1.1, 172.16.1.2;
option domain-name "bestnet.com.au";
option time-offset 39600;
option ip-forwarding off;
option netbios-name-servers 172.16.0.1, 172.16.0.1;
option netbios-dd-server 172.16.0.1;
option netbios-node-type 8;
option netbios-scope "";
}
; Note: The above netbios-scope is purposely an empty (NULL) string.
group {
next-server 172.16.1.10;
option subnet-mask 255.255.255.0;
option domain-name "bestnet.com.au";
option domain-name-servers 172.16.1.1, 172.16.0.2;
option netbios-name-servers 172.16.0.1, 172.16.0.1;
option netbios-dd-server 172.16.0.1;
option netbios-node-type 8;
option netbios-scope "SomeCrazyScope";
option routers 172.16.1.240;
option time-offset 39600;
host lexmark1 {
hardware ethernet 06:07:08:09:0a:0b;
fixed-address 172.16.1.245;
}
host epson4 {
hardware ethernet 01:02:03:04:05:06;
fixed-address 172.16.1.242;
}
}
Creating the /etc/dhcpd.leases file:
====================================
At a Unix shell create an empty dhcpd.leases file in the /etc directory.
You can do this by typing: cp /dev/null /etc/dhcpd.leases
Setting up a route table for all-ones addresses:
================================================
Quoting from the README file that comes with the ISC DHCPD Server:
BROADCAST
In order for dhcpd to work correctly with picky DHCP clients (e.g.,
Windows 95), it must be able to send packets with an IP destination
address of 255.255.255.255. Unfortunately, Linux insists on changing
255.255.255.255 into the local subnet broadcast address (here, that's
192.5.5.223). This results in a DHCP protocol violation, and while
many DHCP clients don't notice the problem, some (e.g., all Microsoft
DHCP clients) do. Clients that have this problem will appear not to
see DHCPOFFER messages from the server.
It is possible to work around this problem on some versions of Linux
by creating a host route from your network interface address to
255.255.255.255. The command you need to use to do this on Linux
varies from version to version. The easiest version is:
route add -host 255.255.255.255 dev eth0
On some older Linux systems, you will get an error if you try to do
this. On those systems, try adding the following entry to your
/etc/hosts file:
255.255.255.255 all-ones
Then, try:
route add -host all-ones dev eth0
For more information please refer to the ISC DHCPD Server documentation.

220
docs/textdocs/Faxing.txt
View File

@ -1,220 +0,0 @@
Contributor: Gerhard Zuber <zuber@berlin.snafu.de>
Date: August 5th 1997.
Status: Current
Subject: F A X I N G with S A M B A
==========================================================================
This text describes how to turn your SAMBA-server into a fax-server
for any environment, especially for Windows.
Author: Gerhard Zuber <zuber@berlin.snafu.de>
Version: 1.4
Date: 04. Aug. 1997
Requirements:
UNIX box (Linux preferred) with SAMBA and a faxmodem
ghostscript package
mgetty+sendfax package
pbm package (portable bitmap tools)
FTP sites:
sunsite.unc.edu:/pub/Linux/system/Serial/mgetty+sendfax*
tsx-11.mit.edu:/pub/linux/sources/sbin/mgetty+sendfax
ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/mgetty1.1.6-May05.tar.gz
pbm10dec91.tgz
ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/pbm10dec91.tgz
sunsite.unc.edu: ..../apps/graphics/convert/pbmplus-10dec91-bin.tar.gz
ftp.gwdg.de/pub/linux/grafik/pbmplus.src.tar.Z (this is 10dec91 source)
or ??? pbm10dec91.tgz pbmplus10dec91.tgz
making mgetty+sendfax running:
==============================
go to source tree: /usr/src/mgetty+sendfax
cp policy.h-dist policy.h
change your settings: valid tty ports, modem initstring, Station-Id
#define MODEM_INIT_STRING "AT &F S0=0 &D3 &K3 &C1\\\\N2"
#define FAX_STATION_ID "49 30 12345678"
#define FAX_MODEM_TTYS "ttyS1:ttyS2:ttyS3"
Modem initstring is for rockwell based modems
if you want to use mgetty+sendfax as PPP-dialin-server,
define AUTO_PPP in Makefile:
CFLAGS=-O2 -Wall -pipe -DAUTO_PPP
compile it and install the package.
edit your /etc/inittab and let mgetty running on your preferred
ports:
s3:45:respawn:/usr/local/sbin/mgetty ttyS2 vt100
now issue a
kill -HUP 1
and enjoy with the lightning LEDs on your modem
your now are ready to receive faxes !
if you want a PPP dialin-server, edit
/usr/local/etc/mgetty+sendfax/login.config
/AutoPPP/ - ppp /usr/sbin/pppd auth debug passive modem
Note: this package automatically decides between a fax call and
a modem call. In case of modem call you get a login prompt !
Tools for printing faxes:
=========================
your incomed faxes are in:
/var/spool/fax/incoming
print it with:
for i in *
do
g3cat $i | g3tolj | lpr -P hp
done
in case of low resolution use instead:
g3cat $i | g3tolj -aspect 2 | lpr -P hp
g3cat is in the tools-section, g3tolj is in the contrib-section
for printing to HP lasers.
If you want to produce files for displaying and printing with Windows, use
some tools from the pbm-package like follow
g3cat $i | g3topbm - | ppmtopcx - >$i.pcx
and view it with your favourite Windows tool (maybe paintbrush)
Now making the fax-server:
===========================
fetch the file
mgetty+sendfax/frontends/winword/faxfilter
and place it in
/usr/local/etc/mgetty+sendfax/
prepare your faxspool file as mentioned in this file
edit fax/faxspool.in and reinstall or change the final
/usr/local/bin/faxspool too.
if [ "$user" = "root" -o "$user" = "fax" -o \
"$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ]
find the first line and change the second.
make sure you have pbmtext (from the pbm-package). This is
needed for creating the small header line on each page.
Notes on pbmplus:
Some peoples had problems with precompiled binaries (especially
at linux) with a shared lib libgr.so.x.x. The better way is
to fetch the source and compile it. One needs only pbmtext for
generating the small line on top of each page /faxheader). Install
only the individual programs you need. If you install the full
package then install pbmplus first and then mgetty+sendfax, because
this package has some changed programs by itself (but not pbmtext).
make sure your ghostscript is functional. You need fonts !
I prefer these from the OS/2 disks
prepare your faxheader
/usr/local/etc/mgetty+sendfax/faxheader
edit your /etc/printcap file:
# FAX
lp3|fax:\
:lp=/dev/null:\
:sd=/usr/spool/lp3:\
:if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\
:lf=/usr/spool/lp3/fax-log:
edit your /usr/local/samba/lib/smb.conf
so you have a smb based printer named "fax"
The final step:
===============
Now you have a printer called "fax" which can be used via
TCP/IP-printing (lpd-system) or via SAMBA (windows printing).
On every system you are able to produce postscript-files you
are ready to fax.
On Windows 3.1 95 and NT:
Install a printer wich produces postscript output,
e.g. apple laserwriter
connect the "fax" to your printer
Now write your first fax. Use your favourite wordprocessor,
write, winword, notepad or whatever you want, and start
with the headerpage.
Usually each fax has a header page. It carries your name,
your address, your phone/fax-number.
It carries also the recipient, his address and his *** fax
number ***. Now here is the trick:
Use the text:
Fax-Nr: 123456789
as the recipients fax-number. Make sure this text does not
occur in regular text ! Make sure this text is not broken
by formatting information, e.g. format it as a single entity.
(Windows Write and Win95 Wordpad are functional, maybe newer
versions of Winword are breaking formatting information).
The trick is that postscript output is human readable and
the faxfilter program scans the text for this pattern and
uses the found number as the fax-destination-number.
Now print your fax through the fax-printer and it will be
queued for later transmission. Use faxrunq for sending the
queue out.
Notes of SAMBA smb.conf:
Simply use fall through from the samba printer to the unix
printer. Sample:
printcap name = /etc/printcap
print command = /usr/bin/lpr -r -P %p %s
lpq command = /usr/bin/lpq -P %p
lprm command = /usr/bin/lprm -P %p %j
[fax]
comment = FAX (mgetty+sendfax)
path = /tmp
printable = yes
public = yes
writable = no
create mode = 0700
browseable = yes
guest ok = no

Some files were not shown because too many files have changed in this diff Show More