sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

Regenerate docs

Browse Source 
(This used to be commit 20ee66b661)
This commit is contained in:
Jelmer Vernooij 2003-04-02 18:07:52 +00:00
parent 4f59ed8e91
commit d00b6f125f
30 changed files with 2022 additions and 2932 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/faq/faq-errors.html
View File

@ -132,7 +132,7 @@ Windows NT in the chapter "Portability" of the samba HOWTO collection</TD
></TABLE
><P
></P
>&#13;</P
></P
></DIV
><DIV
CLASS="SECT1"
@ -153,7 +153,7 @@ CLASS="COMMAND"
the program always prompts for the password if the server is a Samba server.
It also ignores the "-N" argument when querying some (but not all) of our
NT servers."</SPAN
>&#13;</P
></P
><P
>No, it does not ignore -N, it is just that your server rejected the
null password in the connection, so smbclient prompts for a password

2
docs/faq/faq-printing.html
View File

@ -109,7 +109,7 @@ BORDER="0"
></TABLE
><P
></P
>&#13;</P
></P
><P
>The setdriver call will fail if the printer doesn't already exist in
samba's view of the world. Either create the printer in cups and

165
docs/htmldocs/ads.html
View File

@ -13,7 +13,7 @@ REL="UP"
TITLE="Type of installation"
HREF="type.html"><LINK
REL="PREVIOUS"
TITLE="How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain"
TITLE="Samba Backup Domain Controller to Samba Domain Control"
HREF="samba-bdc.html"><LINK
REL="NEXT"
TITLE="Samba as a NT4 or Win2k domain member"
@ -78,132 +78,19 @@ NAME="ADS"
><P
>This is a rough guide to setting up Samba 3.0 with kerberos authentication against a
Windows2000 KDC. </P
><P
>Pieces you need before you begin:</P
><P
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>a Windows 2000 server.</TD
></TR
><TR
><TD
>samba 3.0 or higher.</TD
></TR
><TR
><TD
>the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</TD
></TR
><TR
><TD
>the OpenLDAP development libraries.</TD
></TR
></TBODY
></TABLE
><P
></P
></P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1343"
>8.1. Installing the required packages for Debian</A
NAME="AEN1251"
>8.1. Setup your <TT
CLASS="FILENAME"
>smb.conf</TT
></A
></H1
><P
>On Debian you need to install the following packages:</P
><P
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>libkrb5-dev</TD
></TR
><TR
><TD
>krb5-user</TD
></TR
></TBODY
></TABLE
><P
></P
></P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1350"
>8.2. Installing the required packages for RedHat</A
></H1
><P
>On RedHat this means you should have at least: </P
><P
><P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>krb5-workstation (for kinit)</TD
></TR
><TR
><TD
>krb5-libs (for linking with)</TD
></TR
><TR
><TD
>krb5-devel (because you are compiling from source)</TD
></TR
></TBODY
></TABLE
><P
></P
></P
><P
>in addition to the standard development environment.</P
><P
>Note that these are not standard on a RedHat install, and you may need
to get them off CD2.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1360"
>8.3. Compile Samba</A
></H1
><P
>If your kerberos libraries are in a non-standard location then
remember to add the configure option --with-krb5=DIR.</P
><P
>After you run configure make sure that include/config.h it
generates contains
lines like this:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#define HAVE_KRB5 1
#define HAVE_LDAP 1</PRE
></P
><P
>If it doesn't then configure did not find your krb5 libraries or
your ldap libraries. Look in config.log to figure out why and fix
it.</P
><P
>Then compile and install Samba as usual. You must use at least the
following 3 options in smb.conf:</P
>You must use at least the following 3 options in smb.conf:</P
><P
><PRE
CLASS="PROGRAMLISTING"
@ -228,17 +115,19 @@ CLASS="PROGRAMLISTING"
>You do *not* need a smbpasswd file, and older clients will
be authenticated as if "security = domain", although it won't do any harm
and allows you to have local users not in the domain.
I expect that the above
required options will change soon when we get better active
directory integration.</P
I expect that the above required options will change soon when we get better
active directory integration.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1375"
>8.4. Setup your /etc/krb5.conf</A
NAME="AEN1262"
>8.2. Setup your <TT
CLASS="FILENAME"
>/etc/krb5.conf</TT
></A
></H1
><P
>The minimal configuration for krb5.conf is:</P
@ -276,8 +165,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1385"
>8.5. Create the computer account</A
NAME="AEN1273"
>8.3. Create the computer account</A
></H1
><P
>As a user that has write permission on the Samba private directory
@ -291,8 +180,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1389"
>8.5.1. Possible errors</A
NAME="AEN1277"
>8.3.1. Possible errors</A
></H2
><P
><P
@ -316,8 +205,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1397"
>8.6. Test your server setup</A
NAME="AEN1285"
>8.4. Test your server setup</A
></H1
><P
>On a Windows 2000 client try <B
@ -336,8 +225,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1402"
>8.7. Testing with smbclient</A
NAME="AEN1290"
>8.5. Testing with smbclient</A
></H1
><P
>On your Samba server try to login to a Win2000 server or your Samba
@ -349,12 +238,12 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1405"
>8.8. Notes</A
NAME="AEN1293"
>8.6. Notes</A
></H1
><P
>You must change administrator password at least once after DC install,
to create the right encoding types</P
>You must change administrator password at least once after DC
install, to create the right encoding types</P
><P
>w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in
their defaults DNS setup. Maybe fixed in service packs?</P
@ -404,7 +293,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TD
>Samba Backup Domain Controller to Samba Domain Control</TD
><TD
WIDTH="34%"
ALIGN="center"

176
docs/htmldocs/appendixes.html
View File

@ -13,8 +13,8 @@ REL="PREVIOUS"
TITLE="Unicode/Charsets"
HREF="unicode.html"><LINK
REL="NEXT"
TITLE="Portability"
HREF="portability.html"></HEAD
TITLE="Samba performance issues"
HREF="speed.html"></HEAD
><BODY
CLASS="PART"
BGCOLOR="#FFFFFF"
@ -56,7 +56,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="portability.html"
HREF="speed.html"
ACCESSKEY="N"
>Next</A
></TD
@ -83,6 +83,65 @@ CLASS="TOC"
>Table of Contents</B
></DT
><DT
>23. <A
HREF="speed.html"
>Samba performance issues</A
></DT
><DD
><DL
><DT
>23.1. <A
HREF="speed.html#AEN3443"
>Comparisons</A
></DT
><DT
>23.2. <A
HREF="speed.html#AEN3449"
>Socket options</A
></DT
><DT
>23.3. <A
HREF="speed.html#AEN3456"
>Read size</A
></DT
><DT
>23.4. <A
HREF="speed.html#AEN3461"
>Max xmit</A
></DT
><DT
>23.5. <A
HREF="speed.html#AEN3466"
>Log level</A
></DT
><DT
>23.6. <A
HREF="speed.html#AEN3469"
>Read raw</A
></DT
><DT
>23.7. <A
HREF="speed.html#AEN3474"
>Write raw</A
></DT
><DT
>23.8. <A
HREF="speed.html#AEN3478"
>Slow Clients</A
></DT
><DT
>23.9. <A
HREF="speed.html#AEN3482"
>Slow Logins</A
></DT
><DT
>23.10. <A
HREF="speed.html#AEN3485"
>Client tuning</A
></DT
></DL
></DD
><DT
>24. <A
HREF="portability.html"
>Portability</A
@ -91,34 +150,34 @@ HREF="portability.html"
><DL
><DT
>24.1. <A
HREF="portability.html#AEN3626"
HREF="portability.html#AEN3525"
>HPUX</A
></DT
><DT
>24.2. <A
HREF="portability.html#AEN3632"
HREF="portability.html#AEN3531"
>SCO Unix</A
></DT
><DT
>24.3. <A
HREF="portability.html#AEN3636"
HREF="portability.html#AEN3535"
>DNIX</A
></DT
><DT
>24.4. <A
HREF="portability.html#AEN3665"
HREF="portability.html#AEN3564"
>RedHat Linux Rembrandt-II</A
></DT
><DT
>24.5. <A
HREF="portability.html#AEN3671"
HREF="portability.html#AEN3570"
>AIX</A
></DT
><DD
><DL
><DT
>24.5.1. <A
HREF="portability.html#AEN3673"
HREF="portability.html#AEN3572"
>Sequential Read Ahead</A
></DT
></DL
@ -134,37 +193,37 @@ HREF="other-clients.html"
><DL
><DT
>25.1. <A
HREF="other-clients.html#AEN3691"
HREF="other-clients.html#AEN3590"
>Macintosh clients?</A
></DT
><DT
>25.2. <A
HREF="other-clients.html#AEN3700"
HREF="other-clients.html#AEN3599"
>OS2 Client</A
></DT
><DD
><DL
><DT
>25.2.1. <A
HREF="other-clients.html#AEN3702"
HREF="other-clients.html#AEN3601"
>How can I configure OS/2 Warp Connect or
OS/2 Warp 4 as a client for Samba?</A
></DT
><DT
>25.2.2. <A
HREF="other-clients.html#AEN3717"
HREF="other-clients.html#AEN3616"
>How can I configure OS/2 Warp 3 (not Connect),
OS/2 1.2, 1.3 or 2.x for Samba?</A
></DT
><DT
>25.2.3. <A
HREF="other-clients.html#AEN3726"
HREF="other-clients.html#AEN3625"
>Are there any other issues when OS/2 (any version)
is used as a client?</A
></DT
><DT
>25.2.4. <A
HREF="other-clients.html#AEN3730"
HREF="other-clients.html#AEN3629"
>How do I get printer driver download working
for OS/2 clients?</A
></DT
@ -172,46 +231,46 @@ HREF="other-clients.html#AEN3730"
></DD
><DT
>25.3. <A
HREF="other-clients.html#AEN3740"
HREF="other-clients.html#AEN3639"
>Windows for Workgroups</A
></DT
><DD
><DL
><DT
>25.3.1. <A
HREF="other-clients.html#AEN3742"
HREF="other-clients.html#AEN3641"
>Use latest TCP/IP stack from Microsoft</A
></DT
><DT
>25.3.2. <A
HREF="other-clients.html#AEN3747"
HREF="other-clients.html#AEN3646"
>Delete .pwl files after password change</A
></DT
><DT
>25.3.3. <A
HREF="other-clients.html#AEN3752"
HREF="other-clients.html#AEN3651"
>Configure WfW password handling</A
></DT
><DT
>25.3.4. <A
HREF="other-clients.html#AEN3756"
HREF="other-clients.html#AEN3655"
>Case handling of passwords</A
></DT
><DT
>25.3.5. <A
HREF="other-clients.html#AEN3761"
HREF="other-clients.html#AEN3660"
>Use TCP/IP as default protocol</A
></DT
></DL
></DD
><DT
>25.4. <A
HREF="other-clients.html#AEN3764"
HREF="other-clients.html#AEN3663"
>Windows '95/'98</A
></DT
><DT
>25.5. <A
HREF="other-clients.html#AEN3780"
HREF="other-clients.html#AEN3679"
>Windows 2000 Service Pack 2</A
></DT
></DL
@ -225,48 +284,57 @@ HREF="compiling.html"
><DL
><DT
>26.1. <A
HREF="compiling.html#AEN3807"
HREF="compiling.html#AEN3706"
>Access Samba source code via CVS</A
></DT
><DD
><DL
><DT
>26.1.1. <A
HREF="compiling.html#AEN3809"
HREF="compiling.html#AEN3708"
>Introduction</A
></DT
><DT
>26.1.2. <A
HREF="compiling.html#AEN3814"
HREF="compiling.html#AEN3713"
>CVS Access to samba.org</A
></DT
></DL
></DD
><DT
>26.2. <A
HREF="compiling.html#AEN3850"
HREF="compiling.html#AEN3749"
>Accessing the samba sources via rsync and ftp</A
></DT
><DT
>26.3. <A
HREF="compiling.html#AEN3856"
HREF="compiling.html#AEN3755"
>Building the Binaries</A
></DT
><DD
><DL
><DT
>26.3.1. <A
HREF="compiling.html#AEN3783"
>Compiling samba with Active Directory support</A
></DT
></DL
></DD
><DT
>26.4. <A
HREF="compiling.html#AEN3884"
HREF="compiling.html#AEN3812"
>Starting the smbd and nmbd</A
></DT
><DD
><DL
><DT
>26.4.1. <A
HREF="compiling.html#AEN3894"
HREF="compiling.html#AEN3822"
>Starting from inetd.conf</A
></DT
><DT
>26.4.2. <A
HREF="compiling.html#AEN3923"
HREF="compiling.html#AEN3851"
>Alternative: starting it as a daemon</A
></DT
></DL
@ -282,32 +350,32 @@ HREF="bugreport.html"
><DL
><DT
>27.1. <A
HREF="bugreport.html#AEN3946"
HREF="bugreport.html#AEN3874"
>Introduction</A
></DT
><DT
>27.2. <A
HREF="bugreport.html#AEN3956"
HREF="bugreport.html#AEN3884"
>General info</A
></DT
><DT
>27.3. <A
HREF="bugreport.html#AEN3962"
HREF="bugreport.html#AEN3890"
>Debug levels</A
></DT
><DT
>27.4. <A
HREF="bugreport.html#AEN3979"
HREF="bugreport.html#AEN3907"
>Internal errors</A
></DT
><DT
>27.5. <A
HREF="bugreport.html#AEN3989"
HREF="bugreport.html#AEN3917"
>Attaching to a running process</A
></DT
><DT
>27.6. <A
HREF="bugreport.html#AEN3992"
HREF="bugreport.html#AEN3920"
>Patches</A
></DT
></DL
@ -321,81 +389,81 @@ HREF="diagnosis.html"
><DL
><DT
>28.1. <A
HREF="diagnosis.html#AEN4015"
HREF="diagnosis.html#AEN3943"
>Introduction</A
></DT
><DT
>28.2. <A
HREF="diagnosis.html#AEN4020"
HREF="diagnosis.html#AEN3948"
>Assumptions</A
></DT
><DT
>28.3. <A
HREF="diagnosis.html#AEN4030"
HREF="diagnosis.html#AEN3958"
>Tests</A
></DT
><DD
><DL
><DT
>28.3.1. <A
HREF="diagnosis.html#AEN4032"
HREF="diagnosis.html#AEN3960"
>Test 1</A
></DT
><DT
>28.3.2. <A
HREF="diagnosis.html#AEN4038"
HREF="diagnosis.html#AEN3966"
>Test 2</A
></DT
><DT
>28.3.3. <A
HREF="diagnosis.html#AEN4044"
HREF="diagnosis.html#AEN3972"
>Test 3</A
></DT
><DT
>28.3.4. <A
HREF="diagnosis.html#AEN4059"
HREF="diagnosis.html#AEN3987"
>Test 4</A
></DT
><DT
>28.3.5. <A
HREF="diagnosis.html#AEN4064"
HREF="diagnosis.html#AEN3992"
>Test 5</A
></DT
><DT
>28.3.6. <A
HREF="diagnosis.html#AEN4070"
HREF="diagnosis.html#AEN3998"
>Test 6</A
></DT
><DT
>28.3.7. <A
HREF="diagnosis.html#AEN4078"
HREF="diagnosis.html#AEN4006"
>Test 7</A
></DT
><DT
>28.3.8. <A
HREF="diagnosis.html#AEN4104"
HREF="diagnosis.html#AEN4032"
>Test 8</A
></DT
><DT
>28.3.9. <A
HREF="diagnosis.html#AEN4121"
HREF="diagnosis.html#AEN4049"
>Test 9</A
></DT
><DT
>28.3.10. <A
HREF="diagnosis.html#AEN4129"
HREF="diagnosis.html#AEN4057"
>Test 10</A
></DT
><DT
>28.3.11. <A
HREF="diagnosis.html#AEN4135"
HREF="diagnosis.html#AEN4063"
>Test 11</A
></DT
></DL
></DD
><DT
>28.4. <A
HREF="diagnosis.html#AEN4140"
HREF="diagnosis.html#AEN4068"
>Still having troubles?</A
></DT
></DL
@ -438,7 +506,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="portability.html"
HREF="speed.html"
ACCESSKEY="N"
>Next</A
></TD
@ -458,7 +526,7 @@ VALIGN="top"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Portability</TD
>Samba performance issues</TD
></TR
></TABLE
></DIV

85
docs/htmldocs/browsing-quick.html
View File

@ -141,7 +141,74 @@ CLASS="SECT1"
CLASS="SECT1"
><A
NAME="AEN139"
>2.2. Use of the "Remote Announce" parameter</A
>2.2. How browsing functions and how to deploy stable and
dependable browsing using Samba</A
></H1
><P
>As stated above, MS Windows machines register their NetBIOS names
(i.e.: the machine name for each service type in operation) on start
up. Also, as stated above, the exact method by which this name registration
takes place is determined by whether or not the MS Windows client/server
has been given a WINS server address, whether or not LMHOSTS lookup
is enabled, or if DNS for NetBIOS name resolution is enabled, etc.</P
><P
>In the case where there is no WINS server all name registrations as
well as name lookups are done by UDP broadcast. This isolates name
resolution to the local subnet, unless LMHOSTS is used to list all
names and IP addresses. In such situations Samba provides a means by
which the samba server name may be forcibly injected into the browse
list of a remote MS Windows network (using the "remote announce" parameter).</P
><P
>Where a WINS server is used, the MS Windows client will use UDP
unicast to register with the WINS server. Such packets can be routed
and thus WINS allows name resolution to function across routed networks.</P
><P
>During the startup process an election will take place to create a
local master browser if one does not already exist. On each NetBIOS network
one machine will be elected to function as the domain master browser. This
domain browsing has nothing to do with MS security domain control.
Instead, the domain master browser serves the role of contacting each local
master browser (found by asking WINS or from LMHOSTS) and exchanging browse
list contents. This way every master browser will eventually obtain a complete
list of all machines that are on the network. Every 11-15 minutes an election
is held to determine which machine will be the master browser. By the nature of
the election criteria used, the machine with the highest uptime, or the
most senior protocol version, or other criteria, will win the election
as domain master browser.</P
><P
>Clients wishing to browse the network make use of this list, but also depend
on the availability of correct name resolution to the respective IP
address/addresses. </P
><P
>Any configuration that breaks name resolution and/or browsing intrinsics
will annoy users because they will have to put up with protracted
inability to use the network services.</P
><P
>Samba supports a feature that allows forced synchonisation
of browse lists across routed networks using the "remote
browse sync" parameter in the smb.conf file. This causes Samba
to contact the local master browser on a remote network and
to request browse list synchronisation. This effectively bridges
two networks that are separated by routers. The two remote
networks may use either broadcast based name resolution or WINS
based name resolution, but it should be noted that the "remote
browse sync" parameter provides browse list synchronisation - and
that is distinct from name to address resolution, in other
words, for cross subnet browsing to function correctly it is
essential that a name to address resolution mechanism be provided.
This mechanism could be via DNS, <TT
CLASS="FILENAME"
>/etc/hosts</TT
>,
and so on.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN149"
>2.3. Use of the "Remote Announce" parameter</A
></H1
><P
>The "remote announce" parameter of smb.conf can be used to forcibly ensure
@ -198,8 +265,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN153"
>2.3. Use of the "Remote Browse Sync" parameter</A
NAME="AEN163"
>2.4. Use of the "Remote Browse Sync" parameter</A
></H1
><P
>The "remote browse sync" parameter of smb.conf is used to announce to
@ -221,8 +288,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN158"
>2.4. Use of WINS</A
NAME="AEN168"
>2.5. Use of WINS</A
></H1
><P
>Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly
@ -284,8 +351,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN169"
>2.5. Do NOT use more than one (1) protocol on MS Windows machines</A
NAME="AEN179"
>2.6. Do NOT use more than one (1) protocol on MS Windows machines</A
></H1
><P
>A very common cause of browsing problems results from installing more than
@ -327,8 +394,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN177"
>2.6. Name Resolution Order</A
NAME="AEN187"
>2.7. Name Resolution Order</A
></H1
><P
>Resolution of NetBIOS names to IP addresses can take place using a number

12
docs/htmldocs/bugreport.html
View File

@ -80,7 +80,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3946"
NAME="AEN3874"
>27.1. Introduction</A
></H1
><P
@ -125,7 +125,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3956"
NAME="AEN3884"
>27.2. General info</A
></H1
><P
@ -150,7 +150,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3962"
NAME="AEN3890"
>27.3. Debug levels</A
></H1
><P
@ -220,7 +220,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3979"
NAME="AEN3907"
>27.4. Internal errors</A
></H1
><P
@ -264,7 +264,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3989"
NAME="AEN3917"
>27.5. Attaching to a running process</A
></H1
><P
@ -281,7 +281,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3992"
NAME="AEN3920"
>27.6. Patches</A
></H1
><P

142
docs/htmldocs/compiling.html
View File

@ -87,7 +87,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3807"
NAME="AEN3706"
>26.1. Access Samba source code via CVS</A
></H1
><DIV
@ -95,7 +95,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3809"
NAME="AEN3708"
>26.1.1. Introduction</A
></H2
><P
@ -117,7 +117,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3814"
NAME="AEN3713"
>26.1.2. CVS Access to samba.org</A
></H2
><P
@ -130,7 +130,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN3817"
NAME="AEN3716"
>26.1.2.1. Access via CVSweb</A
></H3
><P
@ -151,7 +151,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN3822"
NAME="AEN3721"
>26.1.2.2. Access via cvs</A
></H3
><P
@ -256,7 +256,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3850"
NAME="AEN3749"
>26.2. Accessing the samba sources via rsync and ftp</A
></H1
><P
@ -284,7 +284,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3856"
NAME="AEN3755"
>26.3. Building the Binaries</A
></H1
><P
@ -365,13 +365,135 @@ CLASS="USERINPUT"
></P
><P
>if you find this version a disaster!</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3783"
>26.3.1. Compiling samba with Active Directory support</A
></H2
><P
>In order to compile samba with ADS support, you need to have installed
on your system:
<P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>the MIT kerberos development libraries (either install from the sources or use a package). The heimdal libraries will not work.</TD
></TR
><TR
><TD
>the OpenLDAP development libraries.</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>If your kerberos libraries are in a non-standard location then
remember to add the configure option --with-krb5=DIR.</P
><P
>After you run configure make sure that <TT
CLASS="FILENAME"
>include/config.h</TT
> it generates contains lines like this:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#define HAVE_KRB5 1
#define HAVE_LDAP 1
</PRE
></P
><P
>If it doesn't then configure did not find your krb5 libraries or
your ldap libraries. Look in config.log to figure out why and fix
it.</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN3795"
>26.3.1.1. Installing the required packages for Debian</A
></H3
><P
>On Debian you need to install the following packages:</P
><P
> <P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>libkrb5-dev</TD
></TR
><TR
><TD
>krb5-user</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN3802"
>26.3.1.2. Installing the required packages for RedHat</A
></H3
><P
>On RedHat this means you should have at least: </P
><P
> <P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
>krb5-workstation (for kinit)</TD
></TR
><TR
><TD
>krb5-libs (for linking with)</TD
></TR
><TR
><TD
>krb5-devel (because you are compiling from source)</TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
><P
>in addition to the standard development environment.</P
><P
>Note that these are not standard on a RedHat install, and you may need
to get them off CD2.</P
></DIV
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3884"
NAME="AEN3812"
>26.4. Starting the smbd and nmbd</A
></H1
><P
@ -411,7 +533,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3894"
NAME="AEN3822"
>26.4.1. Starting from inetd.conf</A
></H2
><P
@ -511,7 +633,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3923"
NAME="AEN3851"
>26.4.2. Alternative: starting it as a daemon</A
></H2
><P

30
docs/htmldocs/diagnosis.html
View File

@ -73,7 +73,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4015"
NAME="AEN3943"
>28.1. Introduction</A
></H1
><P
@ -95,7 +95,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4020"
NAME="AEN3948"
>28.2. Assumptions</A
></H1
><P
@ -133,7 +133,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4030"
NAME="AEN3958"
>28.3. Tests</A
></H1
><DIV
@ -141,7 +141,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4032"
NAME="AEN3960"
>28.3.1. Test 1</A
></H2
><P
@ -163,7 +163,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4038"
NAME="AEN3966"
>28.3.2. Test 2</A
></H2
><P
@ -189,7 +189,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4044"
NAME="AEN3972"
>28.3.3. Test 3</A
></H2
><P
@ -260,7 +260,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4059"
NAME="AEN3987"
>28.3.4. Test 4</A
></H2
><P
@ -281,7 +281,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4064"
NAME="AEN3992"
>28.3.5. Test 5</A
></H2
><P
@ -302,7 +302,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4070"
NAME="AEN3998"
>28.3.6. Test 6</A
></H2
><P
@ -336,7 +336,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4078"
NAME="AEN4006"
>28.3.7. Test 7</A
></H2
><P
@ -425,7 +425,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4104"
NAME="AEN4032"
>28.3.8. Test 8</A
></H2
><P
@ -485,7 +485,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4121"
NAME="AEN4049"
>28.3.9. Test 9</A
></H2
><P
@ -519,7 +519,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4129"
NAME="AEN4057"
>28.3.10. Test 10</A
></H2
><P
@ -545,7 +545,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN4135"
NAME="AEN4063"
>28.3.11. Test 11</A
></H2
><P
@ -573,7 +573,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN4140"
NAME="AEN4068"
>28.4. Still having troubles?</A
></H1
><P

63
docs/htmldocs/domain-security.html
View File

@ -16,7 +16,7 @@ REL="PREVIOUS"
TITLE="Samba as a ADS domain member"
HREF="ads.html"><LINK
REL="NEXT"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"></HEAD
><BODY
CLASS="CHAPTER"
@ -80,7 +80,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1427"
NAME="AEN1315"
>9.1. Joining an NT Domain with Samba 3.0</A
></H1
><P
@ -129,12 +129,7 @@ CLASS="PARAMETER"
><B
CLASS="COMMAND"
>security = domain</B
> or
<B
CLASS="COMMAND"
>security = ads</B
> depending on if the PDC is
NT4 or running Active Directory respectivly.</P
></P
><P
>Next change the <A
HREF="smb.conf.5.html#WORKGROUP"
@ -208,7 +203,7 @@ CLASS="PROMPT"
>root# </SAMP
><KBD
CLASS="USERINPUT"
>net join -S DOMPDC
>net rpc join -S DOMPDC
-U<VAR
CLASS="REPLACEABLE"
>Administrator%password</VAR
@ -268,22 +263,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1482"
>9.2. Samba and Windows 2000 Domains</A
></H1
><P
>Many people have asked regarding the state of Samba's ability to participate in
a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows
2000 domain operating in mixed or native mode. The steps above apply
to both NT4 and Windows 2000.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1485"
>9.3. Why is this better than security = server?</A
NAME="AEN1369"
>9.2. Why is this better than security = server?</A
></H1
><P
>Currently, domain security in Samba doesn't free you from
@ -341,13 +322,27 @@ CLASS="COMMAND"
authenticating to a PDC means that as part of the authentication
reply, the Samba server gets the user identification information such
as the user SID, the list of NT groups the user belongs to, etc. </P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>NOTE:</I
></SPAN
> Much of the text of this document
was first published in the Web magazine <A
HREF="http://www.linuxworld.com"
@ -360,6 +355,10 @@ TARGET="_top"
>Doing
the NIS/NT Samba</A
>.</P
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
><DIV
@ -420,7 +419,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Optional configuration</TD
>Advanced Configuration</TD
></TR
></TABLE
></DIV

26
docs/htmldocs/groupmapping.html
View File

@ -10,14 +10,15 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Stackable VFS modules"
HREF="vfs.html"><LINK
TITLE="UNIX Permission Bits and Windows NT Access Control Lists"
HREF="unix-permissions.html"><LINK
REL="NEXT"
TITLE="Samba performance issues"
HREF="speed.html"></HEAD
TITLE="Configuring PAM for distributed but centrally
managed authentication"
HREF="pam.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -45,7 +46,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="vfs.html"
HREF="unix-permissions.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -59,7 +60,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="speed.html"
HREF="pam.html"
ACCESSKEY="N"
>Next</A
></TD
@ -74,7 +75,7 @@ CLASS="CHAPTER"
><A
NAME="GROUPMAPPING"
></A
>Chapter 19. Group mapping HOWTO</H1
>Chapter 12. Group mapping HOWTO</H1
><P
>
Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
@ -185,7 +186,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="vfs.html"
HREF="unix-permissions.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -203,7 +204,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="speed.html"
HREF="pam.html"
ACCESSKEY="N"
>Next</A
></TD
@ -213,7 +214,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Stackable VFS modules</TD
>UNIX Permission Bits and Windows NT Access Control Lists</TD
><TD
WIDTH="34%"
ALIGN="center"
@ -227,7 +228,8 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Samba performance issues</TD
>Configuring PAM for distributed but centrally
managed authentication</TD
></TR
></TABLE
></DIV

104
docs/htmldocs/improved-browsing.html
View File

@ -10,14 +10,14 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Unified Logons between Windows NT and UNIX using Winbind"
HREF="winbind.html"><LINK
TITLE="Integrating MS Windows networks with Samba"
HREF="integrate-ms-networks.html"><LINK
REL="NEXT"
TITLE="Stackable VFS modules"
HREF="vfs.html"></HEAD
TITLE="Hosting a Microsoft Distributed File System tree on Samba"
HREF="msdfs.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -45,7 +45,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="winbind.html"
HREF="integrate-ms-networks.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -59,7 +59,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="vfs.html"
HREF="msdfs.html"
ACCESSKEY="N"
>Next</A
></TD
@ -74,14 +74,14 @@ CLASS="CHAPTER"
><A
NAME="IMPROVED-BROWSING"
></A
>Chapter 17. Improved browsing in samba</H1
>Chapter 18. Improved browsing in samba</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3033"
>17.1. Overview of browsing</A
NAME="AEN3047"
>18.1. Overview of browsing</A
></H1
><P
>SMB networking provides a mechanism by which clients can access a list
@ -109,8 +109,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3038"
>17.2. Browsing support in samba</A
NAME="AEN3052"
>18.2. Browsing support in samba</A
></H1
><P
>Samba facilitates browsing. The browsing is supported by nmbd
@ -152,8 +152,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3046"
>17.3. Problem resolution</A
NAME="AEN3060"
>18.3. Problem resolution</A
></H1
><P
>If something doesn't work then hopefully the log.nmb file will help
@ -199,8 +199,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3055"
>17.4. Browsing across subnets</A
NAME="AEN3069"
>18.4. Browsing across subnets</A
></H1
><P
>Since the release of Samba 1.9.17(alpha1) Samba has been
@ -230,8 +230,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3060"
>17.4.1. How does cross subnet browsing work ?</A
NAME="AEN3074"
>18.4.1. How does cross subnet browsing work ?</A
></H2
><P
>Cross subnet browsing is a complicated dance, containing multiple
@ -441,8 +441,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3095"
>17.5. Setting up a WINS server</A
NAME="AEN3109"
>18.5. Setting up a WINS server</A
></H1
><P
>Either a Samba machine or a Windows NT Server machine may be set up
@ -524,8 +524,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3114"
>17.6. Setting up Browsing in a WORKGROUP</A
NAME="AEN3128"
>18.6. Setting up Browsing in a WORKGROUP</A
></H1
><P
>To set up cross subnet browsing on a network containing machines
@ -556,10 +556,10 @@ options in the [global] section of the smb.conf file :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> domain master = yes
local master = yes
preferred master = yes
os level = 65</PRE
>domain master = yes
local master = yes
preferred master = yes
os level = 65</PRE
></P
><P
>The domain master browser may be the same machine as the WINS
@ -576,10 +576,10 @@ smb.conf file :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> domain master = no
local master = yes
preferred master = yes
os level = 65</PRE
>domain master = no
local master = yes
preferred master = yes
os level = 65</PRE
></P
><P
>Do not do this for more than one Samba server on each subnet,
@ -598,10 +598,10 @@ options in the [global] section of the smb.conf file :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> domain master = no
local master = no
preferred master = no
os level = 0</PRE
>domain master = no
local master = no
preferred master = no
os level = 0</PRE
></P
></DIV
><DIV
@ -609,8 +609,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3132"
>17.7. Setting up Browsing in a DOMAIN</A
NAME="AEN3146"
>18.7. Setting up Browsing in a DOMAIN</A
></H1
><P
>If you are adding Samba servers to a Windows NT Domain then
@ -628,10 +628,10 @@ file :</P
><P
><PRE
CLASS="PROGRAMLISTING"
> domain master = no
local master = yes
preferred master = yes
os level = 65</PRE
>domain master = no
local master = yes
preferred master = yes
os level = 65</PRE
></P
><P
>If you wish to have a Samba server fight the election with machines
@ -660,8 +660,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3142"
>17.8. Forcing samba to be the master</A
NAME="AEN3156"
>18.8. Forcing samba to be the master</A
></H1
><P
>Who becomes the "master browser" is determined by an election process
@ -708,8 +708,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3151"
>17.9. Making samba the domain master</A
NAME="AEN3165"
>18.9. Making samba the domain master</A
></H1
><P
>The domain master is responsible for collating the browse lists of
@ -781,8 +781,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3169"
>17.10. Note about broadcast addresses</A
NAME="AEN3183"
>18.10. Note about broadcast addresses</A
></H1
><P
>If your network uses a "0" based broadcast address (for example if it
@ -795,8 +795,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3172"
>17.11. Multiple interfaces</A
NAME="AEN3186"
>18.11. Multiple interfaces</A
></H1
><P
>Samba now supports machines with multiple network interfaces. If you
@ -820,7 +820,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="winbind.html"
HREF="integrate-ms-networks.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -838,7 +838,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="vfs.html"
HREF="msdfs.html"
ACCESSKEY="N"
>Next</A
></TD
@ -848,7 +848,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Unified Logons between Windows NT and UNIX using Winbind</TD
>Integrating MS Windows networks with Samba</TD
><TD
WIDTH="34%"
ALIGN="center"
@ -862,7 +862,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Stackable VFS modules</TD
>Hosting a Microsoft Distributed File System tree on Samba</TD
></TR
></TABLE
></DIV

610
docs/htmldocs/integrate-ms-networks.html
View File

@ -10,14 +10,14 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Optional configuration"
HREF="optional.html"><LINK
TITLE="Unified Logons between Windows NT and UNIX using Winbind"
HREF="winbind.html"><LINK
REL="NEXT"
TITLE="UNIX Permission Bits and Windows NT Access Control Lists"
HREF="unix-permissions.html"></HEAD
TITLE="Improved browsing in samba"
HREF="improved-browsing.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -45,7 +45,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="optional.html"
HREF="winbind.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -59,7 +59,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="unix-permissions.html"
HREF="improved-browsing.html"
ACCESSKEY="N"
>Next</A
></TD
@ -74,81 +74,89 @@ CLASS="CHAPTER"
><A
NAME="INTEGRATE-MS-NETWORKS"
></A
>Chapter 10. Integrating MS Windows networks with Samba</H1
>Chapter 17. Integrating MS Windows networks with Samba</H1
><P
>This section deals with NetBIOS over TCP/IP name to IP address resolution. If you
your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this
section does not apply to your installation. If your installation involves use of
NetBIOS over TCP/IP then this section may help you to resolve networking problems.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1517"
>10.1. Agenda</A
></H1
><P
>To identify the key functional mechanisms of MS Windows networking
to enable the deployment of Samba as a means of extending and/or
replacing MS Windows NT/2000 technology.</P
><P
>We will examine:</P
CLASS="NOTE"
><P
></P
><OL
TYPE="1"
><LI
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Name resolution in a pure Unix/Linux TCP/IP
environment
</P
></LI
><LI
><P
>Name resolution as used within MS Windows
networking
</P
></LI
><LI
><P
>How browsing functions and how to deploy stable
and dependable browsing using Samba
</P
></LI
><LI
><P
>MS Windows security options and how to
configure Samba for seemless integration
</P
></LI
><LI
><P
>Configuration of Samba as:</P
><P
></P
><OL
TYPE="a"
><LI
><P
>A stand-alone server</P
></LI
><LI
><P
>An MS Windows NT 3.x/4.0 security domain member
</P
></LI
><LI
><P
>An alternative to an MS Windows NT 3.x/4.0 Domain Controller
</P
></LI
></OL
></LI
></OL
> NetBIOS over TCP/IP has nothing to do with NetBEUI. NetBEUI is NetBIOS
over Logical Link Control (LLC). On modern networks it is highly advised
to NOT run NetBEUI at all. Note also that there is NO such thing as
NetBEUI over TCP/IP - the existence of such a protocol is a complete
and utter mis-apprehension.</P
></TD
></TR
></TABLE
></DIV
><P
>Since the introduction of MS Windows 2000 it is possible to run MS Windows networking
without the use of NetBIOS over TCP/IP. NetBIOS over TCP/IP uses UDP port 137 for NetBIOS
name resolution and uses TCP port 139 for NetBIOS session services. When NetBIOS over
TCP/IP is disabled on MS Windows 2000 and later clients then only TCP port 445 will be
used and UDP port 137 and TCP port 139 will not.</P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>When using Windows 2000 or later clients, if NetBIOS over TCP/IP is NOT disabled, then
the client will use UDP port 137 (NetBIOS Name Service, also known as the Windows Internet
Name Service or WINS), TCP port 139 AND TCP port 445 (for actual file and print traffic).</P
></TD
></TR
></TABLE
></DIV
><P
>When NetBIOS over TCP/IP is disabled the use of DNS is essential. Most installations that
disable NetBIOS over TCP/IP today use MS Active Directory Service (ADS). ADS requires
Dynamic DNS with Service Resource Records (SRV RR) and with Incremental Zone Transfers (IXFR).
Use of DHCP with ADS is recommended as a further means of maintaining central control
over client workstation network configuration.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1539"
>10.2. Name Resolution in a pure Unix/Linux world</A
NAME="AEN2932"
>17.1. Name Resolution in a pure Unix/Linux world</A
></H1
><P
>The key configuration files covered in this section are:</P
@ -189,8 +197,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1555"
>10.2.1. <TT
NAME="AEN2948"
>17.1.1. <TT
CLASS="FILENAME"
>/etc/hosts</TT
></A
@ -270,8 +278,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1571"
>10.2.2. <TT
NAME="AEN2964"
>17.1.2. <TT
CLASS="FILENAME"
>/etc/resolv.conf</TT
></A
@ -308,8 +316,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1582"
>10.2.3. <TT
NAME="AEN2975"
>17.1.3. <TT
CLASS="FILENAME"
>/etc/host.conf</TT
></A
@ -337,8 +345,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1590"
>10.2.4. <TT
NAME="AEN2983"
>17.1.4. <TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
></A
@ -406,8 +414,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1602"
>10.3. Name resolution as used within MS Windows networking</A
NAME="AEN2995"
>17.2. Name resolution as used within MS Windows networking</A
></H1
><P
>MS Windows networking is predicated about the name each machine
@ -491,8 +499,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1614"
>10.3.1. The NetBIOS Name Cache</A
NAME="AEN3007"
>17.2.1. The NetBIOS Name Cache</A
></H2
><P
>All MS Windows machines employ an in memory buffer in which is
@ -518,8 +526,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1619"
>10.3.2. The LMHOSTS file</A
NAME="AEN3012"
>17.2.2. The LMHOSTS file</A
></H2
><P
>This file is usually located in MS Windows NT 4.0 or
@ -621,8 +629,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1627"
>10.3.3. HOSTS file</A
NAME="AEN3020"
>17.2.3. HOSTS file</A
></H2
><P
>This file is usually located in MS Windows NT 4.0 or 2000 in
@ -643,8 +651,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1632"
>10.3.4. DNS Lookup</A
NAME="AEN3025"
>17.2.4. DNS Lookup</A
></H2
><P
>This capability is configured in the TCP/IP setup area in the network
@ -663,8 +671,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1635"
>10.3.5. WINS Lookup</A
NAME="AEN3028"
>17.2.5. WINS Lookup</A
></H2
><P
>A WINS (Windows Internet Name Server) service is the equivaent of the
@ -699,416 +707,6 @@ CLASS="REPLACEABLE"
of the WINS server.</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1647"
>10.4. How browsing functions and how to deploy stable and
dependable browsing using Samba</A
></H1
><P
>As stated above, MS Windows machines register their NetBIOS names
(i.e.: the machine name for each service type in operation) on start
up. Also, as stated above, the exact method by which this name registration
takes place is determined by whether or not the MS Windows client/server
has been given a WINS server address, whether or not LMHOSTS lookup
is enabled, or if DNS for NetBIOS name resolution is enabled, etc.</P
><P
>In the case where there is no WINS server all name registrations as
well as name lookups are done by UDP broadcast. This isolates name
resolution to the local subnet, unless LMHOSTS is used to list all
names and IP addresses. In such situations Samba provides a means by
which the samba server name may be forcibly injected into the browse
list of a remote MS Windows network (using the "remote announce" parameter).</P
><P
>Where a WINS server is used, the MS Windows client will use UDP
unicast to register with the WINS server. Such packets can be routed
and thus WINS allows name resolution to function across routed networks.</P
><P
>During the startup process an election will take place to create a
local master browser if one does not already exist. On each NetBIOS network
one machine will be elected to function as the domain master browser. This
domain browsing has nothing to do with MS security domain control.
Instead, the domain master browser serves the role of contacting each local
master browser (found by asking WINS or from LMHOSTS) and exchanging browse
list contents. This way every master browser will eventually obtain a complete
list of all machines that are on the network. Every 11-15 minutes an election
is held to determine which machine will be the master browser. By the nature of
the election criteria used, the machine with the highest uptime, or the
most senior protocol version, or other criteria, will win the election
as domain master browser.</P
><P
>Clients wishing to browse the network make use of this list, but also depend
on the availability of correct name resolution to the respective IP
address/addresses. </P
><P
>Any configuration that breaks name resolution and/or browsing intrinsics
will annoy users because they will have to put up with protracted
inability to use the network services.</P
><P
>Samba supports a feature that allows forced synchonisation
of browse lists across routed networks using the "remote
browse sync" parameter in the smb.conf file. This causes Samba
to contact the local master browser on a remote network and
to request browse list synchronisation. This effectively bridges
two networks that are separated by routers. The two remote
networks may use either broadcast based name resolution or WINS
based name resolution, but it should be noted that the "remote
browse sync" parameter provides browse list synchronisation - and
that is distinct from name to address resolution, in other
words, for cross subnet browsing to function correctly it is
essential that a name to address resolution mechanism be provided.
This mechanism could be via DNS, <TT
CLASS="FILENAME"
>/etc/hosts</TT
>,
and so on.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1657"
>10.5. MS Windows security options and how to configure
Samba for seemless integration</A
></H1
><P
>MS Windows clients may use encrypted passwords as part of a
challenege/response authentication model (a.k.a. NTLMv1) or
alone, or clear text strings for simple password based
authentication. It should be realized that with the SMB
protocol the password is passed over the network either
in plain text or encrypted, but not both in the same
authentication requets.</P
><P
>When encrypted passwords are used a password that has been
entered by the user is encrypted in two ways:</P
><P
></P
><UL
><LI
><P
>An MD4 hash of the UNICODE of the password
string. This is known as the NT hash.
</P
></LI
><LI
><P
>The password is converted to upper case,
and then padded or trucated to 14 bytes. This string is
then appended with 5 bytes of NULL characters and split to
form two 56 bit DES keys to encrypt a "magic" 8 byte value.
The resulting 16 bytes for the LanMan hash.
</P
></LI
></UL
><P
>You should refer to the <A
HREF="ENCRYPTION.html"
TARGET="_top"
>Password Encryption</A
> chapter in this HOWTO collection
for more details on the inner workings</P
><P
>MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x
and version 4.0 pre-service pack 3 will use either mode of
password authentication. All versions of MS Windows that follow
these versions no longer support plain text passwords by default.</P
><P
>MS Windows clients have a habit of dropping network mappings that
have been idle for 10 minutes or longer. When the user attempts to
use the mapped drive connection that has been dropped, the client
re-establishes the connection using
a cached copy of the password.</P
><P
>When Microsoft changed the default password mode, they dropped support for
caching of the plain text password. This means that when the registry
parameter is changed to re-enable use of plain text passwords it appears to
work, but when a dropped mapping attempts to revalidate it will fail if
the remote authentication server does not support encrypted passwords.
This means that it is definitely not a good idea to re-enable plain text
password support in such clients.</P
><P
>The following parameters can be used to work around the
issue of Windows 9x client upper casing usernames and
password before transmitting them to the SMB server
when using clear text authentication.</P
><P
><PRE
CLASS="PROGRAMLISTING"
> <A
HREF="smb.conf.5.html#PASSWORDLEVEL"
TARGET="_top"
>passsword level</A
> = <VAR
CLASS="REPLACEABLE"
>integer</VAR
>
<A
HREF="smb.conf.5.html#USERNAMELEVEL"
TARGET="_top"
>username level</A
> = <VAR
CLASS="REPLACEABLE"
>integer</VAR
></PRE
></P
><P
>By default Samba will lower case the username before attempting
to lookup the user in the database of local system accounts.
Because UNIX usernames conventionally only contain lower case
character, the <VAR
CLASS="PARAMETER"
>username level</VAR
> parameter
is rarely even needed.</P
><P
>However, password on UNIX systems often make use of mixed case
characters. This means that in order for a user on a Windows 9x
client to connect to a Samba server using clear text authentication,
the <VAR
CLASS="PARAMETER"
>password level</VAR
> must be set to the maximum
number of upper case letter which <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>could</I
></SPAN
> appear
is a password. Note that is the server OS uses the traditional
DES version of crypt(), then a <VAR
CLASS="PARAMETER"
>password level</VAR
>
of 8 will result in case insensitive passwords as seen from Windows
users. This will also result in longer login times as Samba
hash to compute the permutations of the password string and
try them one by one until a match is located (or all combinations fail).</P
><P
>The best option to adopt is to enable support for encrypted passwords
where ever Samba is used. There are three configuration possibilities
for support of encrypted passwords:</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1685"
>10.5.1. Use MS Windows NT as an authentication server</A
></H2
><P
>This method involves the additions of the following parameters
in the smb.conf file:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> encrypt passwords = Yes
security = server
password server = "NetBIOS_name_of_PDC"</PRE
></P
><P
>There are two ways of identifying whether or not a username and
password pair was valid or not. One uses the reply information provided
as part of the authentication messaging process, the other uses
just and error code.</P
><P
>The down-side of this mode of configuration is the fact that
for security reasons Samba will send the password server a bogus
username and a bogus password and if the remote server fails to
reject the username and password pair then an alternative mode
of identification of validation is used. Where a site uses password
lock out after a certain number of failed authentication attempts
this will result in user lockouts.</P
><P
>Use of this mode of authentication does require there to be
a standard Unix account for the user, this account can be blocked
to prevent logons by other than MS Windows clients.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1693"
>10.5.2. Make Samba a member of an MS Windows NT security domain</A
></H2
><P
>This method involves additon of the following paramters in the smb.conf file:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> encrypt passwords = Yes
security = domain
workgroup = "name of NT domain"
password server = *</PRE
></P
><P
>The use of the "*" argument to "password server" will cause samba
to locate the domain controller in a way analogous to the way
this is done within MS Windows NT.</P
><P
>In order for this method to work the Samba server needs to join the
MS Windows NT security domain. This is done as follows:</P
><P
></P
><UL
><LI
><P
>On the MS Windows NT domain controller using
the Server Manager add a machine account for the Samba server.
</P
></LI
><LI
><P
>Next, on the Linux system execute:
<B
CLASS="COMMAND"
>smbpasswd -r PDC_NAME -j DOMAIN_NAME</B
>
</P
></LI
></UL
><P
>Use of this mode of authentication does require there to be
a standard Unix account for the user in order to assign
a uid once the account has been authenticated by the remote
Windows DC. This account can be blocked to prevent logons by
other than MS Windows clients by things such as setting an invalid
shell in the <TT
CLASS="FILENAME"
>/etc/passwd</TT
> entry.</P
><P
>An alternative to assigning UIDs to Windows users on a
Samba member server is presented in the <A
HREF="winbind.html"
TARGET="_top"
>Winbind Overview</A
> chapter in
this HOWTO collection.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1710"
>10.5.3. Configure Samba as an authentication server</A
></H2
><P
>This mode of authentication demands that there be on the
Unix/Linux system both a Unix style account as well as an
smbpasswd entry for the user. The Unix system account can be
locked if required as only the encrypted password will be
used for SMB client authentication.</P
><P
>This method involves addition of the following parameters to
the smb.conf file:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>## please refer to the Samba PDC HOWTO chapter later in
## this collection for more details
[global]
encrypt passwords = Yes
security = user
domain logons = Yes
; an OS level of 33 or more is recommended
os level = 33
[NETLOGON]
path = /somewhare/in/file/system
read only = yes</PRE
></P
><P
>in order for this method to work a Unix system account needs
to be created for each user, as well as for each MS Windows NT/2000
machine. The following structure is required.</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1717"
>10.5.3.1. Users</A
></H3
><P
>A user account that may provide a home directory should be
created. The following Linux system commands are typical of
the procedure for creating an account.</P
><P
><PRE
CLASS="PROGRAMLISTING"
> # useradd -s /bin/bash -d /home/"userid" -m "userid"
# passwd "userid"
Enter Password: &#60;pw&#62;
# smbpasswd -a "userid"
Enter Password: &#60;pw&#62;</PRE
></P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN1722"
>10.5.3.2. MS Windows NT Machine Accounts</A
></H3
><P
>These are required only when Samba is used as a domain
controller. Refer to the Samba-PDC-HOWTO for more details.</P
><P
><PRE
CLASS="PROGRAMLISTING"
> # useradd -s /bin/false -d /dev/null "machine_name"\$
# passwd -l "machine_name"\$
# smbpasswd -a -m "machine_name"</PRE
></P
></DIV
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1727"
>10.6. Conclusions</A
></H1
><P
>Samba provides a flexible means to operate as...</P
><P
></P
><UL
><LI
><P
>A Stand-alone server - No special action is needed
other than to create user accounts. Stand-alone servers do NOT
provide network logon services, meaning that machines that use this
server do NOT perform a domain logon but instead make use only of
the MS Windows logon which is local to the MS Windows
workstation/server.
</P
></LI
><LI
><P
>An MS Windows NT 3.x/4.0 security domain member.
</P
></LI
><LI
><P
>An alternative to an MS Windows NT 3.x/4.0
Domain Controller.
</P
></LI
></UL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
@ -1126,7 +724,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="optional.html"
HREF="winbind.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -1144,7 +742,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="unix-permissions.html"
HREF="improved-browsing.html"
ACCESSKEY="N"
>Next</A
></TD
@ -1154,7 +752,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Optional configuration</TD
>Unified Logons between Windows NT and UNIX using Winbind</TD
><TD
WIDTH="34%"
ALIGN="center"
@ -1168,7 +766,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>UNIX Permission Bits and Windows NT Access Control Lists</TD
>Improved browsing in samba</TD
></TR
></TABLE
></DIV

74
docs/htmldocs/introduction.html
View File

@ -178,26 +178,32 @@ HREF="browsing-quick.html#AEN130"
><DT
>2.2. <A
HREF="browsing-quick.html#AEN139"
>Use of the "Remote Announce" parameter</A
>How browsing functions and how to deploy stable and
dependable browsing using Samba</A
></DT
><DT
>2.3. <A
HREF="browsing-quick.html#AEN153"
>Use of the "Remote Browse Sync" parameter</A
HREF="browsing-quick.html#AEN149"
>Use of the "Remote Announce" parameter</A
></DT
><DT
>2.4. <A
HREF="browsing-quick.html#AEN158"
>Use of WINS</A
HREF="browsing-quick.html#AEN163"
>Use of the "Remote Browse Sync" parameter</A
></DT
><DT
>2.5. <A
HREF="browsing-quick.html#AEN169"
>Do NOT use more than one (1) protocol on MS Windows machines</A
HREF="browsing-quick.html#AEN168"
>Use of WINS</A
></DT
><DT
>2.6. <A
HREF="browsing-quick.html#AEN177"
HREF="browsing-quick.html#AEN179"
>Do NOT use more than one (1) protocol on MS Windows machines</A
></DT
><DT
>2.7. <A
HREF="browsing-quick.html#AEN187"
>Name Resolution Order</A
></DT
></DL
@ -211,146 +217,146 @@ HREF="passdb.html"
><DL
><DT
>3.1. <A
HREF="passdb.html#AEN234"
HREF="passdb.html#AEN244"
>Introduction</A
></DT
><DT
>3.2. <A
HREF="passdb.html#AEN241"
HREF="passdb.html#AEN251"
>Important Notes About Security</A
></DT
><DD
><DL
><DT
>3.2.1. <A
HREF="passdb.html#AEN267"
HREF="passdb.html#AEN277"
>Advantages of SMB Encryption</A
></DT
><DT
>3.2.2. <A
HREF="passdb.html#AEN273"
HREF="passdb.html#AEN283"
>Advantages of non-encrypted passwords</A
></DT
></DL
></DD
><DT
>3.3. <A
HREF="passdb.html#AEN279"
HREF="passdb.html#AEN289"
>The smbpasswd Command</A
></DT
><DT
>3.4. <A
HREF="passdb.html#AEN310"
HREF="passdb.html#AEN320"
>Plain text</A
></DT
><DT
>3.5. <A
HREF="passdb.html#AEN315"
HREF="passdb.html#AEN325"
>TDB</A
></DT
><DT
>3.6. <A
HREF="passdb.html#AEN318"
HREF="passdb.html#AEN328"
>LDAP</A
></DT
><DD
><DL
><DT
>3.6.1. <A
HREF="passdb.html#AEN320"
HREF="passdb.html#AEN330"
>Introduction</A
></DT
><DT
>3.6.2. <A
HREF="passdb.html#AEN340"
HREF="passdb.html#AEN350"
>Introduction</A
></DT
><DT
>3.6.3. <A
HREF="passdb.html#AEN369"
HREF="passdb.html#AEN379"
>Supported LDAP Servers</A
></DT
><DT
>3.6.4. <A
HREF="passdb.html#AEN374"
HREF="passdb.html#AEN384"
>Schema and Relationship to the RFC 2307 posixAccount</A
></DT
><DT
>3.6.5. <A
HREF="passdb.html#AEN386"
HREF="passdb.html#AEN396"
>Configuring Samba with LDAP</A
></DT
><DT
>3.6.6. <A
HREF="passdb.html#AEN433"
HREF="passdb.html#AEN443"
>Accounts and Groups management</A
></DT
><DT
>3.6.7. <A
HREF="passdb.html#AEN438"
HREF="passdb.html#AEN448"
>Security and sambaAccount</A
></DT
><DT
>3.6.8. <A
HREF="passdb.html#AEN458"
HREF="passdb.html#AEN468"
>LDAP specials attributes for sambaAccounts</A
></DT
><DT
>3.6.9. <A
HREF="passdb.html#AEN528"
HREF="passdb.html#AEN538"
>Example LDIF Entries for a sambaAccount</A
></DT
></DL
></DD
><DT
>3.7. <A
HREF="passdb.html#AEN536"
HREF="passdb.html#AEN546"
>MySQL</A
></DT
><DD
><DL
><DT
>3.7.1. <A
HREF="passdb.html#AEN538"
HREF="passdb.html#AEN548"
>Building</A
></DT
><DT
>3.7.2. <A
HREF="passdb.html#AEN544"
HREF="passdb.html#AEN554"
>Creating the database</A
></DT
><DT
>3.7.3. <A
HREF="passdb.html#AEN554"
HREF="passdb.html#AEN564"
>Configuring</A
></DT
><DT
>3.7.4. <A
HREF="passdb.html#AEN571"
HREF="passdb.html#AEN581"
>Using plaintext passwords or encrypted password</A
></DT
><DT
>3.7.5. <A
HREF="passdb.html#AEN576"
HREF="passdb.html#AEN586"
>Getting non-column data from the table</A
></DT
></DL
></DD
><DT
>3.8. <A
HREF="passdb.html#AEN584"
HREF="passdb.html#AEN594"
>Passdb XML plugin</A
></DT
><DD
><DL
><DT
>3.8.1. <A
HREF="passdb.html#AEN586"
HREF="passdb.html#AEN596"
>Building</A
></DT
><DT
>3.8.2. <A
HREF="passdb.html#AEN592"
HREF="passdb.html#AEN602"
>Usage</A
></DT
></DL

34
docs/htmldocs/msdfs.html
View File

@ -10,15 +10,14 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Configuring PAM for distributed but centrally
managed authentication"
HREF="pam.html"><LINK
TITLE="Improved browsing in samba"
HREF="improved-browsing.html"><LINK
REL="NEXT"
TITLE="Printing Support"
HREF="printing.html"></HEAD
TITLE="Stackable VFS modules"
HREF="vfs.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -46,7 +45,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="pam.html"
HREF="improved-browsing.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -60,7 +59,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="printing.html"
HREF="vfs.html"
ACCESSKEY="N"
>Next</A
></TD
@ -75,14 +74,14 @@ CLASS="CHAPTER"
><A
NAME="MSDFS"
></A
>Chapter 13. Hosting a Microsoft Distributed File System tree on Samba</H1
>Chapter 19. Hosting a Microsoft Distributed File System tree on Samba</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1997"
>13.1. Instructions</A
NAME="AEN3200"
>19.1. Instructions</A
></H1
><P
>The Distributed File System (or Dfs) provides a means of
@ -213,8 +212,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2032"
>13.1.1. Notes</A
NAME="AEN3235"
>19.1.1. Notes</A
></H2
><P
></P
@ -258,7 +257,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="pam.html"
HREF="improved-browsing.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -276,7 +275,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="printing.html"
HREF="vfs.html"
ACCESSKEY="N"
>Next</A
></TD
@ -286,8 +285,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Configuring PAM for distributed but centrally
managed authentication</TD
>Improved browsing in samba</TD
><TD
WIDTH="34%"
ALIGN="center"
@ -301,7 +299,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Printing Support</TD
>Stackable VFS modules</TD
></TR
></TABLE
></DIV

647
docs/htmldocs/optional.html
View File

File diff suppressed because it is too large Load Diff

28
docs/htmldocs/other-clients.html
View File

@ -82,7 +82,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3691"
NAME="AEN3590"
>25.1. Macintosh clients?</A
></H1
><P
@ -128,7 +128,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3700"
NAME="AEN3599"
>25.2. OS2 Client</A
></H1
><DIV
@ -136,7 +136,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3702"
NAME="AEN3601"
>25.2.1. How can I configure OS/2 Warp Connect or
OS/2 Warp 4 as a client for Samba?</A
></H2
@ -195,7 +195,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3717"
NAME="AEN3616"
>25.2.2. How can I configure OS/2 Warp 3 (not Connect),
OS/2 1.2, 1.3 or 2.x for Samba?</A
></H2
@ -239,7 +239,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3726"
NAME="AEN3625"
>25.2.3. Are there any other issues when OS/2 (any version)
is used as a client?</A
></H2
@ -261,7 +261,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3730"
NAME="AEN3629"
>25.2.4. How do I get printer driver download working
for OS/2 clients?</A
></H2
@ -308,7 +308,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3740"
NAME="AEN3639"
>25.3. Windows for Workgroups</A
></H1
><DIV
@ -316,7 +316,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3742"
NAME="AEN3641"
>25.3.1. Use latest TCP/IP stack from Microsoft</A
></H2
><P
@ -338,7 +338,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3747"
NAME="AEN3646"
>25.3.2. Delete .pwl files after password change</A
></H2
><P
@ -358,7 +358,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3752"
NAME="AEN3651"
>25.3.3. Configure WfW password handling</A
></H2
><P
@ -377,7 +377,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3756"
NAME="AEN3655"
>25.3.4. Case handling of passwords</A
></H2
><P
@ -395,7 +395,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3761"
NAME="AEN3660"
>25.3.5. Use TCP/IP as default protocol</A
></H2
><P
@ -411,7 +411,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3764"
NAME="AEN3663"
>25.4. Windows '95/'98</A
></H1
><P
@ -459,7 +459,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3780"
NAME="AEN3679"
>25.5. Windows 2000 Service Pack 2</A
></H1
><P

212
docs/htmldocs/pam.html
View File

@ -11,14 +11,14 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="UNIX Permission Bits and Windows NT Access Control Lists"
HREF="unix-permissions.html"><LINK
TITLE="Group mapping HOWTO"
HREF="groupmapping.html"><LINK
REL="NEXT"
TITLE="Hosting a Microsoft Distributed File System tree on Samba"
HREF="msdfs.html"></HEAD
TITLE="Printing Support"
HREF="printing.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -46,7 +46,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="unix-permissions.html"
HREF="groupmapping.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -60,7 +60,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="msdfs.html"
HREF="printing.html"
ACCESSKEY="N"
>Next</A
></TD
@ -75,15 +75,15 @@ CLASS="CHAPTER"
><A
NAME="PAM"
></A
>Chapter 12. Configuring PAM for distributed but centrally
>Chapter 13. Configuring PAM for distributed but centrally
managed authentication</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1926"
>12.1. Samba and PAM</A
NAME="AEN1866"
>13.1. Samba and PAM</A
></H1
><P
>A number of Unix systems (eg: Sun Solaris), as well as the
@ -119,6 +119,45 @@ or by editing individual files that are located in <TT
CLASS="FILENAME"
>/etc/pam.d</TT
>.</P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> If the PAM authentication module (loadable link library file) is located in the
default location then it is not necessary to specify the path. In the case of
Linux, the default location is <TT
CLASS="FILENAME"
>/lib/security</TT
>. If the module
is located other than default then the path may be specified as:
<PRE
CLASS="PROGRAMLISTING"
> eg: "auth required /other_path/pam_strange_module.so"
</PRE
>
</P
></TD
></TR
></TABLE
></DIV
><P
>The following is an example <TT
CLASS="FILENAME"
@ -134,20 +173,20 @@ CLASS="FILENAME"
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
# The PAM configuration file for the `login' service
#
auth required pam_securetty.so
auth required pam_nologin.so
# auth required pam_dialup.so
# auth optional pam_mail.so
auth required pam_pwdb.so shadow md5
# account requisite pam_time.so
account required pam_pwdb.so
session required pam_pwdb.so
# session optional pam_lastlog.so
# password required pam_cracklib.so retry=3
password required pam_pwdb.so shadow md5</PRE
> #%PAM-1.0
# The PAM configuration file for the `login' service
#
auth required pam_securetty.so
auth required pam_nologin.so
# auth required pam_dialup.so
# auth optional pam_mail.so
auth required pam_pwdb.so shadow md5
# account requisite pam_time.so
account required pam_pwdb.so
session required pam_pwdb.so
# session optional pam_lastlog.so
# password required pam_cracklib.so retry=3
password required pam_pwdb.so shadow md5</PRE
></P
><P
>PAM allows use of replacable modules. Those available on a
@ -155,19 +194,19 @@ sample system include:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>$ /bin/ls /lib/security
pam_access.so pam_ftp.so pam_limits.so
pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so
pam_cracklib.so pam_group.so pam_listfile.so
pam_nologin.so pam_rootok.so pam_tally.so
pam_deny.so pam_issue.so pam_mail.so
pam_permit.so pam_securetty.so pam_time.so
pam_dialup.so pam_lastlog.so pam_mkhomedir.so
pam_pwdb.so pam_shells.so pam_unix.so
pam_env.so pam_ldap.so pam_motd.so
pam_radius.so pam_smbpass.so pam_unix_acct.so
pam_wheel.so pam_unix_auth.so pam_unix_passwd.so
pam_userdb.so pam_warn.so pam_unix_session.so</PRE
> $ /bin/ls /lib/security
pam_access.so pam_ftp.so pam_limits.so
pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so
pam_cracklib.so pam_group.so pam_listfile.so
pam_nologin.so pam_rootok.so pam_tally.so
pam_deny.so pam_issue.so pam_mail.so
pam_permit.so pam_securetty.so pam_time.so
pam_dialup.so pam_lastlog.so pam_mkhomedir.so
pam_pwdb.so pam_shells.so pam_unix.so
pam_env.so pam_ldap.so pam_motd.so
pam_radius.so pam_smbpass.so pam_unix_acct.so
pam_wheel.so pam_unix_auth.so pam_unix_passwd.so
pam_userdb.so pam_warn.so pam_unix_session.so</PRE
></P
><P
>The following example for the login program replaces the use of
@ -230,13 +269,13 @@ source distribution.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
# The PAM configuration file for the `login' service
#
auth required pam_smbpass.so nodelay
account required pam_smbpass.so nodelay
session required pam_smbpass.so nodelay
password required pam_smbpass.so nodelay</PRE
> #%PAM-1.0
# The PAM configuration file for the `login' service
#
auth required pam_smbpass.so nodelay
account required pam_smbpass.so nodelay
session required pam_smbpass.so nodelay
password required pam_smbpass.so nodelay</PRE
></P
><P
>The following is the PAM configuration file for a particular
@ -247,13 +286,13 @@ CLASS="FILENAME"
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_pwdb.so shadow md5</PRE
> #%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_pwdb.so shadow md5</PRE
></P
><P
>In the following example the decision has been made to use the
@ -264,16 +303,36 @@ program.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_smbpass.so nodelay
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE
> #%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_smbpass.so nodelay
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE
></P
><DIV
CLASS="NOTE"
><P
>Note: PAM allows stacking of authentication mechanisms. It is
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>PAM allows stacking of authentication mechanisms. It is
also possible to pass information obtained within one PAM module through
to the next module in the PAM stack. Please refer to the documentation for
your particular system implementation for details regarding the specific
@ -290,14 +349,18 @@ CLASS="FILENAME"
on the basis that it allows for easier administration. As with all issues in
life though, every decision makes trade-offs, so you may want examine the
PAM documentation for further helpful information.</P
></TD
></TR
></TABLE
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1970"
>12.2. Distributed Authentication</A
NAME="AEN1915"
>13.2. Distributed Authentication</A
></H1
><P
>The astute administrator will realize from this that the
@ -308,16 +371,9 @@ CLASS="FILENAME"
<B
CLASS="COMMAND"
>winbindd</B
>, and <B
CLASS="COMMAND"
>rsync</B
> (see
<A
HREF="http://rsync.samba.org/"
TARGET="_top"
>http://rsync.samba.org/</A
>)
will allow the establishment of a centrally managed, distributed
>, and a distributed
passdb backend, such as ldap, will allow the establishment of a
centrally managed, distributed
user/password database that can also be used by all
PAM (eg: Linux) aware programs and applications. This arrangement
can have particularly potent advantages compared with the
@ -329,8 +385,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1977"
>12.3. PAM Configuration in smb.conf</A
NAME="AEN1920"
>13.3. PAM Configuration in smb.conf</A
></H1
><P
>There is an option in smb.conf called <A
@ -340,7 +396,7 @@ TARGET="_top"
>.
The following is from the on-line help for this option in SWAT;</P
><P
>When Samba 2.2 is configure to enable PAM support (i.e.
>When Samba is configured to enable PAM support (i.e.
<CODE
CLASS="CONSTANT"
>--with-pam</CODE
@ -381,7 +437,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="unix-permissions.html"
HREF="groupmapping.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -399,7 +455,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="msdfs.html"
HREF="printing.html"
ACCESSKEY="N"
>Next</A
></TD
@ -409,7 +465,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>UNIX Permission Bits and Windows NT Access Control Lists</TD
>Group mapping HOWTO</TD
><TD
WIDTH="34%"
ALIGN="center"
@ -423,7 +479,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Hosting a Microsoft Distributed File System tree on Samba</TD
>Printing Support</TD
></TR
></TABLE
></DIV

56
docs/htmldocs/passdb.html
View File

@ -80,7 +80,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN234"
NAME="AEN244"
>3.1. Introduction</A
></H1
><P
@ -121,7 +121,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN241"
NAME="AEN251"
>3.2. Important Notes About Security</A
></H1
><P
@ -284,7 +284,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN267"
NAME="AEN277"
>3.2.1. Advantages of SMB Encryption</A
></H2
><P
@ -323,7 +323,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN273"
NAME="AEN283"
>3.2.2. Advantages of non-encrypted passwords</A
></H2
><P
@ -358,7 +358,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN279"
NAME="AEN289"
>3.3. The smbpasswd Command</A
></H1
><P
@ -461,7 +461,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN310"
NAME="AEN320"
>3.4. Plain text</A
></H1
><P
@ -481,7 +481,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN315"
NAME="AEN325"
>3.5. TDB</A
></H1
><P
@ -494,7 +494,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN318"
NAME="AEN328"
>3.6. LDAP</A
></H1
><DIV
@ -502,7 +502,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN320"
NAME="AEN330"
>3.6.1. Introduction</A
></H2
><P
@ -570,7 +570,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN340"
NAME="AEN350"
>3.6.2. Introduction</A
></H2
><P
@ -679,7 +679,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN369"
NAME="AEN379"
>3.6.3. Supported LDAP Servers</A
></H2
><P
@ -705,7 +705,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN374"
NAME="AEN384"
>3.6.4. Schema and Relationship to the RFC 2307 posixAccount</A
></H2
><P
@ -762,7 +762,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN386"
NAME="AEN396"
>3.6.5. Configuring Samba with LDAP</A
></H2
><DIV
@ -770,7 +770,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN388"
NAME="AEN398"
>3.6.5.1. OpenLDAP configuration</A
></H3
><P
@ -852,7 +852,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN405"
NAME="AEN415"
>3.6.5.2. Configuring Samba</A
></H3
><P
@ -968,7 +968,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN433"
NAME="AEN443"
>3.6.6. Accounts and Groups management</A
></H2
><P
@ -993,7 +993,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN438"
NAME="AEN448"
>3.6.7. Security and sambaAccount</A
></H2
><P
@ -1072,7 +1072,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN458"
NAME="AEN468"
>3.6.8. LDAP specials attributes for sambaAccounts</A
></H2
><P
@ -1279,7 +1279,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN528"
NAME="AEN538"
>3.6.9. Example LDIF Entries for a sambaAccount</A
></H2
><P
@ -1338,7 +1338,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN536"
NAME="AEN546"
>3.7. MySQL</A
></H1
><DIV
@ -1346,7 +1346,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN538"
NAME="AEN548"
>3.7.1. Building</A
></H2
><P
@ -1367,7 +1367,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN544"
NAME="AEN554"
>3.7.2. Creating the database</A
></H2
><P
@ -1403,7 +1403,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN554"
NAME="AEN564"
>3.7.3. Configuring</A
></H2
><P
@ -1514,7 +1514,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN571"
NAME="AEN581"
>3.7.4. Using plaintext passwords or encrypted password</A
></H2
><P
@ -1529,7 +1529,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN576"
NAME="AEN586"
>3.7.5. Getting non-column data from the table</A
></H2
><P
@ -1555,7 +1555,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN584"
NAME="AEN594"
>3.8. Passdb XML plugin</A
></H1
><DIV
@ -1563,7 +1563,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN586"
NAME="AEN596"
>3.8.1. Building</A
></H2
><P
@ -1583,7 +1583,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN592"
NAME="AEN602"
>3.8.2. Usage</A
></H2
><P

22
docs/htmldocs/portability.html
View File

@ -13,8 +13,8 @@ REL="UP"
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="PREVIOUS"
TITLE="Appendixes"
HREF="appendixes.html"><LINK
TITLE="Samba performance issues"
HREF="speed.html"><LINK
REL="NEXT"
TITLE="Samba and other CIFS clients"
HREF="other-clients.html"></HEAD
@ -45,7 +45,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="appendixes.html"
HREF="speed.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -84,7 +84,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3626"
NAME="AEN3525"
>24.1. HPUX</A
></H1
><P
@ -114,7 +114,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3632"
NAME="AEN3531"
>24.2. SCO Unix</A
></H1
><P
@ -131,7 +131,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3636"
NAME="AEN3535"
>24.3. DNIX</A
></H1
><P
@ -238,7 +238,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3665"
NAME="AEN3564"
>24.4. RedHat Linux Rembrandt-II</A
></H1
><P
@ -262,7 +262,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3671"
NAME="AEN3570"
>24.5. AIX</A
></H1
><DIV
@ -270,7 +270,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3673"
NAME="AEN3572"
>24.5.1. Sequential Read Ahead</A
></H2
><P
@ -295,7 +295,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="appendixes.html"
HREF="speed.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -323,7 +323,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Appendixes</TD
>Samba performance issues</TD
><TD
WIDTH="34%"
ALIGN="center"

58
docs/htmldocs/printing.html
View File

@ -10,11 +10,12 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Hosting a Microsoft Distributed File System tree on Samba"
HREF="msdfs.html"><LINK
TITLE="Configuring PAM for distributed but centrally
managed authentication"
HREF="pam.html"><LINK
REL="NEXT"
TITLE="CUPS Printing Support"
HREF="cups-printing.html"></HEAD
@ -45,7 +46,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="msdfs.html"
HREF="pam.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -80,7 +81,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2058"
NAME="AEN1946"
>14.1. Introduction</A
></H1
><P
@ -163,7 +164,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2080"
NAME="AEN1968"
>14.2. Configuration</A
></H1
><DIV
@ -225,7 +226,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2088"
NAME="AEN1976"
>14.2.1. Creating [print$]</A
></H2
><P
@ -442,7 +443,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2123"
NAME="AEN2011"
>14.2.2. Setting Drivers for Existing Printers</A
></H2
><P
@ -514,7 +515,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2139"
NAME="AEN2027"
>14.2.3. Support a large number of printers</A
></H2
><P
@ -580,7 +581,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2150"
NAME="AEN2038"
>14.2.4. Adding New Printers via the Windows NT APW</A
></H2
><P
@ -735,7 +736,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2180"
NAME="AEN2068"
>14.2.5. Samba and Printer Ports</A
></H2
><P
@ -770,7 +771,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2188"
NAME="AEN2076"
>14.3. The Imprints Toolset</A
></H1
><P
@ -788,7 +789,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2192"
NAME="AEN2080"
>14.3.1. What is Imprints?</A
></H2
><P
@ -820,7 +821,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2202"
NAME="AEN2090"
>14.3.2. Creating Printer Driver Packages</A
></H2
><P
@ -836,7 +837,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2205"
NAME="AEN2093"
>14.3.3. The Imprints server</A
></H2
><P
@ -860,7 +861,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2209"
NAME="AEN2097"
>14.3.4. The Installation Client</A
></H2
><P
@ -954,7 +955,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2231"
NAME="AEN2119"
>14.4. Diagnosis</A
></H1
><DIV
@ -962,7 +963,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2233"
NAME="AEN2121"
>14.4.1. Introduction</A
></H2
><P
@ -1037,7 +1038,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2249"
NAME="AEN2137"
>14.4.2. Debugging printer problems</A
></H2
><P
@ -1094,7 +1095,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2258"
NAME="AEN2146"
>14.4.3. What printers do I have?</A
></H2
><P
@ -1123,7 +1124,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2266"
NAME="AEN2154"
>14.4.4. Setting up printcap and print servers</A
></H2
><P
@ -1207,7 +1208,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2294"
NAME="AEN2182"
>14.4.5. Job sent, no output</A
></H2
><P
@ -1252,7 +1253,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2305"
NAME="AEN2193"
>14.4.6. Job sent, strange output</A
></H2
><P
@ -1298,7 +1299,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2317"
NAME="AEN2205"
>14.4.7. Raw PostScript printed</A
></H2
><P
@ -1313,7 +1314,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2320"
NAME="AEN2208"
>14.4.8. Advanced Printing</A
></H2
><P
@ -1329,7 +1330,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2323"
NAME="AEN2211"
>14.4.9. Real debugging</A
></H2
><P
@ -1354,7 +1355,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="msdfs.html"
HREF="pam.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -1382,7 +1383,8 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Hosting a Microsoft Distributed File System tree on Samba</TD
>Configuring PAM for distributed but centrally
managed authentication</TD
><TD
WIDTH="34%"
ALIGN="center"

22
docs/htmldocs/samba-bdc.html
View File

@ -2,7 +2,7 @@
<HTML
><HEAD
><TITLE
>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TITLE
>Samba Backup Domain Controller to Samba Domain Control</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
@ -74,13 +74,13 @@ CLASS="CHAPTER"
><A
NAME="SAMBA-BDC"
></A
>Chapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
>Chapter 7. Samba Backup Domain Controller to Samba Domain Control</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1278"
NAME="AEN1193"
>7.1. Prerequisite Reading</A
></H1
><P
@ -97,7 +97,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1282"
NAME="AEN1197"
>7.2. Background</A
></H1
><P
@ -142,7 +142,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1290"
NAME="AEN1205"
>7.3. What qualifies a Domain Controller on the network?</A
></H1
><P
@ -159,7 +159,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1293"
NAME="AEN1208"
>7.3.1. How does a Workstation find its domain controller?</A
></H2
><P
@ -178,7 +178,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1296"
NAME="AEN1211"
>7.3.2. When is the PDC needed?</A
></H2
><P
@ -194,7 +194,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1299"
NAME="AEN1214"
>7.4. Can Samba be a Backup Domain Controller to an NT PDC?</A
></H1
><P
@ -217,7 +217,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1304"
NAME="AEN1219"
>7.5. How do I set up a Samba BDC?</A
></H1
><P
@ -284,7 +284,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1321"
NAME="AEN1236"
>7.5.1. How do I replicate the smbpasswd file?</A
></H2
><P
@ -305,7 +305,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1325"
NAME="AEN1240"
>7.5.2. Can I do this all with LDAP?</A
></H2
><P

577
docs/htmldocs/samba-howto-collection.html
View File

File diff suppressed because it is too large Load Diff

1015
docs/htmldocs/samba-pdc.html
View File

File diff suppressed because it is too large Load Diff

38
docs/htmldocs/securing-samba.html
View File

@ -10,11 +10,11 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Creating Group Prolicy Files"
HREF="groupprofiles.html"><LINK
TITLE="Stackable VFS modules"
HREF="vfs.html"><LINK
REL="NEXT"
TITLE="Unicode/Charsets"
HREF="unicode.html"></HEAD
@ -45,7 +45,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="groupprofiles.html"
HREF="vfs.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -74,14 +74,14 @@ CLASS="CHAPTER"
><A
NAME="SECURING-SAMBA"
></A
>Chapter 22. Securing Samba</H1
>Chapter 21. Securing Samba</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3539"
>22.1. Introduction</A
NAME="AEN3348"
>21.1. Introduction</A
></H1
><P
>This note was attached to the Samba 2.2.8 release notes as it contained an
@ -93,8 +93,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3542"
>22.2. Using host based protection</A
NAME="AEN3351"
>21.2. Using host based protection</A
></H1
><P
>In many installations of Samba the greatest threat comes for outside
@ -125,8 +125,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3549"
>22.3. Using interface protection</A
NAME="AEN3358"
>21.3. Using interface protection</A
></H1
><P
>By default Samba will accept connections on any network interface that
@ -161,8 +161,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3558"
>22.4. Using a firewall</A
NAME="AEN3367"
>21.4. Using a firewall</A
></H1
><P
>Many people use a firewall to deny access to services that they don't
@ -191,8 +191,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3565"
>22.5. Using a IPC$ share deny</A
NAME="AEN3374"
>21.5. Using a IPC$ share deny</A
></H1
><P
>If the above methods are not suitable, then you could also place a
@ -230,8 +230,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3574"
>22.6. Upgrading Samba</A
NAME="AEN3383"
>21.6. Upgrading Samba</A
></H1
><P
>Please check regularly on http://www.samba.org/ for updates and
@ -256,7 +256,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="groupprofiles.html"
HREF="vfs.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -284,7 +284,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Creating Group Prolicy Files</TD
>Stackable VFS modules</TD
><TD
WIDTH="34%"
ALIGN="center"

295
docs/htmldocs/securitylevels.html
View File

@ -2,7 +2,7 @@
<HTML
><HEAD
><TITLE
>Samba as Stand-Alone server (User and Share security level)</TITLE
>Samba as Stand-Alone Server</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
@ -74,7 +74,24 @@ CLASS="CHAPTER"
><A
NAME="SECURITYLEVELS"
></A
>Chapter 5. Samba as Stand-Alone server (User and Share security level)</H1
>Chapter 5. Samba as Stand-Alone Server</H1
><P
>In this section the function and purpose of Samba's <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>security</I
></SPAN
>
modes are described.</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN681"
>5.1. User and Share security level</A
></H1
><P
>A SMB server tells the client at startup what "security level" it is
running. There are two options "share level" and "user level". Which
@ -85,6 +102,14 @@ strange, but it fits in with the client/server approach of SMB. In SMB
everything is initiated and controlled by the client, and the server
can only tell the client what is available and whether an action is
allowed. </P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN684"
>5.1.1. User Level Security</A
></H2
><P
>I'll describe user level security first, as its simpler. In user level
security the client will send a "session setup" command directly after
@ -117,6 +142,15 @@ requests. When the server responds it gives the client a "uid" to use
as an authentication tag for that username/password. The client can
maintain multiple authentication contexts in this way (WinDD is an
example of an application that does this)</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN694"
>5.1.2. Share Level Security</A
></H2
><P
>Ok, now for share level security. In share level security the client
authenticates itself separately for each share. It will send a
@ -139,6 +173,15 @@ home directories) and any users listed in the "user =" smb.conf
line. The password is then checked in turn against these "possible
usernames". If a match is found then the client is authenticated as
that user.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN698"
>5.1.3. Server Level Security</A
></H2
><P
>Finally "server level" security. In server level security the samba
server reports to the client that it is in user level security. The
@ -167,6 +210,254 @@ requests to another "user mode" server. This requires an additional
parameter "password server =" that points to the real authentication server.
That real authentication server can be another Samba server or can be a
Windows NT server, the later natively capable of encrypted password support.</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN703"
>5.1.3.1. Configuring Samba for Seemless Windows Network Integration</A
></H3
><P
>MS Windows clients may use encrypted passwords as part of a challenege/response
authentication model (a.k.a. NTLMv1) or alone, or clear text strings for simple
password based authentication. It should be realized that with the SMB protocol
the password is passed over the network either in plain text or encrypted, but
not both in the same authentication requests.</P
><P
>When encrypted passwords are used a password that has been entered by the user
is encrypted in two ways:</P
><P
></P
><UL
><LI
><P
>An MD4 hash of the UNICODE of the password
string. This is known as the NT hash.
</P
></LI
><LI
><P
>The password is converted to upper case,
and then padded or trucated to 14 bytes. This string is
then appended with 5 bytes of NULL characters and split to
form two 56 bit DES keys to encrypt a "magic" 8 byte value.
The resulting 16 bytes for the LanMan hash.
</P
></LI
></UL
><P
>MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x and version 4.0
pre-service pack 3 will use either mode of password authentication. All
versions of MS Windows that follow these versions no longer support plain
text passwords by default.</P
><P
>MS Windows clients have a habit of dropping network mappings that have been idle
for 10 minutes or longer. When the user attempts to use the mapped drive
connection that has been dropped, the client re-establishes the connection using
a cached copy of the password.</P
><P
>When Microsoft changed the default password mode, support was dropped for caching
of the plain text password. This means that when the registry parameter is changed
to re-enable use of plain text passwords it appears to work, but when a dropped
service connection mapping attempts to revalidate it will fail if the remote
authentication server does not support encrypted passwords. This means that it
is definitely not a good idea to re-enable plain text password support in such clients.</P
><P
>The following parameters can be used to work around the issue of Windows 9x client
upper casing usernames and password before transmitting them to the SMB server
when using clear text authentication.</P
><P
><PRE
CLASS="PROGRAMLISTING"
> <A
HREF="smb.conf.5.html#PASSWORDLEVEL"
TARGET="_top"
>passsword level</A
> = <VAR
CLASS="REPLACEABLE"
>integer</VAR
>
<A
HREF="smb.conf.5.html#USERNAMELEVEL"
TARGET="_top"
>username level</A
> = <VAR
CLASS="REPLACEABLE"
>integer</VAR
></PRE
></P
><P
>By default Samba will lower case the username before attempting to lookup the user
in the database of local system accounts. Because UNIX usernames conventionally
only contain lower case character, the <VAR
CLASS="PARAMETER"
>username level</VAR
> parameter
is rarely needed.</P
><P
>However, passwords on UNIX systems often make use of mixed case characters.
This means that in order for a user on a Windows 9x client to connect to a Samba
server using clear text authentication, the <VAR
CLASS="PARAMETER"
>password level</VAR
>
must be set to the maximum number of upper case letter which <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>could</I
></SPAN
>
appear is a password. Note that is the server OS uses the traditional DES version
of crypt(), then a <VAR
CLASS="PARAMETER"
>password level</VAR
> of 8 will result in case
insensitive passwords as seen from Windows users. This will also result in longer
login times as Samba hash to compute the permutations of the password string and
try them one by one until a match is located (or all combinations fail).</P
><P
>The best option to adopt is to enable support for encrypted passwords
where ever Samba is used. There are three configuration possibilities
for support of encrypted passwords:</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN729"
>5.1.3.2. Use MS Windows NT as an authentication server</A
></H3
><P
>This method involves the additions of the following parameters in the smb.conf file:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> encrypt passwords = Yes
security = server
password server = "NetBIOS_name_of_PDC"</PRE
></P
><P
>There are two ways of identifying whether or not a username and
password pair was valid or not. One uses the reply information provided
as part of the authentication messaging process, the other uses
just and error code.</P
><P
>The down-side of this mode of configuration is the fact that
for security reasons Samba will send the password server a bogus
username and a bogus password and if the remote server fails to
reject the username and password pair then an alternative mode
of identification of validation is used. Where a site uses password
lock out after a certain number of failed authentication attempts
this will result in user lockouts.</P
><P
>Use of this mode of authentication does require there to be
a standard Unix account for the user, this account can be blocked
to prevent logons by other than MS Windows clients.</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN737"
>5.1.4. Domain Level Security</A
></H2
><P
>When samba is operating in <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>security = domain</I
></SPAN
> mode this means that
the Samba server has a domain security trust account (a machine account) and will cause
all authentication requests to be passed through to the domain controllers.</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN741"
>5.1.4.1. Samba as a member of an MS Windows NT security domain</A
></H3
><P
>This method involves additon of the following paramters in the smb.conf file:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> encrypt passwords = Yes
security = domain
workgroup = "name of NT domain"
password server = *</PRE
></P
><P
>The use of the "*" argument to "password server" will cause samba to locate the
domain controller in a way analogous to the way this is done within MS Windows NT.
This is the default behaviour.</P
><P
>In order for this method to work the Samba server needs to join the
MS Windows NT security domain. This is done as follows:</P
><P
></P
><UL
><LI
><P
>On the MS Windows NT domain controller using
the Server Manager add a machine account for the Samba server.
</P
></LI
><LI
><P
>Next, on the Linux system execute:
<B
CLASS="COMMAND"
>smbpasswd -r PDC_NAME -j DOMAIN_NAME</B
>
</P
></LI
></UL
><P
>Use of this mode of authentication does require there to be a standard Unix account
for the user in order to assign a uid once the account has been authenticated by
the remote Windows DC. This account can be blocked to prevent logons by other than
MS Windows clients by things such as setting an invalid shell in the
<TT
CLASS="FILENAME"
>/etc/passwd</TT
> entry. </P
><P
>An alternative to assigning UIDs to Windows users on a Samba member server is
presented in the <A
HREF="winbind.html"
TARGET="_top"
>Winbind Overview</A
> chapter
in this HOWTO collection.</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN758"
>5.1.5. ADS Level Security</A
></H2
><P
>For information about the configuration option please refer to the entire section entitled
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Samba as an ADS Domain Member.</I
></SPAN
></P
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"

68
docs/htmldocs/speed.html
View File

@ -10,14 +10,14 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
HREF="optional.html"><LINK
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="PREVIOUS"
TITLE="Group mapping HOWTO"
HREF="groupmapping.html"><LINK
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="NEXT"
TITLE="Creating Group Prolicy Files"
HREF="groupprofiles.html"></HEAD
TITLE="Portability"
HREF="portability.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -45,7 +45,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="groupmapping.html"
HREF="appendixes.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -59,7 +59,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="groupprofiles.html"
HREF="portability.html"
ACCESSKEY="N"
>Next</A
></TD
@ -74,14 +74,14 @@ CLASS="CHAPTER"
><A
NAME="SPEED"
></A
>Chapter 20. Samba performance issues</H1
>Chapter 23. Samba performance issues</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3320"
>20.1. Comparisons</A
NAME="AEN3443"
>23.1. Comparisons</A
></H1
><P
>The Samba server uses TCP to talk to the client. Thus if you are
@ -111,8 +111,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3326"
>20.2. Socket options</A
NAME="AEN3449"
>23.2. Socket options</A
></H1
><P
>There are a number of socket options that can greatly affect the
@ -139,8 +139,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3333"
>20.3. Read size</A
NAME="AEN3456"
>23.3. Read size</A
></H1
><P
>The option "read size" affects the overlap of disk reads/writes with
@ -165,8 +165,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3338"
>20.4. Max xmit</A
NAME="AEN3461"
>23.4. Max xmit</A
></H1
><P
>At startup the client and server negotiate a "maximum transmit" size,
@ -188,8 +188,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3343"
>20.5. Log level</A
NAME="AEN3466"
>23.5. Log level</A
></H1
><P
>If you set the log level (also known as "debug level") higher than 2
@ -202,8 +202,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3346"
>20.6. Read raw</A
NAME="AEN3469"
>23.6. Read raw</A
></H1
><P
>The "read raw" operation is designed to be an optimised, low-latency
@ -224,8 +224,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3351"
>20.7. Write raw</A
NAME="AEN3474"
>23.7. Write raw</A
></H1
><P
>The "write raw" operation is designed to be an optimised, low-latency
@ -241,8 +241,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3355"
>20.8. Slow Clients</A
NAME="AEN3478"
>23.8. Slow Clients</A
></H1
><P
>One person has reported that setting the protocol to COREPLUS rather
@ -258,8 +258,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3359"
>20.9. Slow Logins</A
NAME="AEN3482"
>23.9. Slow Logins</A
></H1
><P
>Slow logins are almost always due to the password checking time. Using
@ -271,8 +271,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3362"
>20.10. Client tuning</A
NAME="AEN3485"
>23.10. Client tuning</A
></H1
><P
>Often a speed problem can be traced to the client. The client (for
@ -389,7 +389,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="groupmapping.html"
HREF="appendixes.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -407,7 +407,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="groupprofiles.html"
HREF="portability.html"
ACCESSKEY="N"
>Next</A
></TD
@ -417,13 +417,13 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Group mapping HOWTO</TD
>Appendixes</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
HREF="appendixes.html"
ACCESSKEY="U"
>Up</A
></TD
@ -431,7 +431,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Creating Group Prolicy Files</TD
>Portability</TD
></TR
></TABLE
></DIV

162
docs/htmldocs/type.html
View File

@ -78,7 +78,7 @@ CLASS="TITLE"
><DIV
CLASS="PARTINTRO"
><A
NAME="AEN600"
NAME="AEN610"
></A
><H1
>Introduction</H1
@ -102,24 +102,24 @@ HREF="servertype.html"
><DL
><DT
>4.1. <A
HREF="servertype.html#AEN629"
HREF="servertype.html#AEN639"
>Stand Alone Server</A
></DT
><DT
>4.2. <A
HREF="servertype.html#AEN635"
HREF="servertype.html#AEN646"
>Domain Member Server</A
></DT
><DT
>4.3. <A
HREF="servertype.html#AEN641"
HREF="servertype.html#AEN652"
>Domain Controller</A
></DT
><DD
><DL
><DT
>4.3.1. <A
HREF="servertype.html#AEN644"
HREF="servertype.html#AEN655"
>Domain Controller Types</A
></DT
></DL
@ -129,8 +129,46 @@ HREF="servertype.html#AEN644"
><DT
>5. <A
HREF="securitylevels.html"
>Samba as Stand-Alone server (User and Share security level)</A
>Samba as Stand-Alone Server</A
></DT
><DD
><DL
><DT
>5.1. <A
HREF="securitylevels.html#AEN681"
>User and Share security level</A
></DT
><DD
><DL
><DT
>5.1.1. <A
HREF="securitylevels.html#AEN684"
>User Level Security</A
></DT
><DT
>5.1.2. <A
HREF="securitylevels.html#AEN694"
>Share Level Security</A
></DT
><DT
>5.1.3. <A
HREF="securitylevels.html#AEN698"
>Server Level Security</A
></DT
><DT
>5.1.4. <A
HREF="securitylevels.html#AEN737"
>Domain Level Security</A
></DT
><DT
>5.1.5. <A
HREF="securitylevels.html#AEN758"
>ADS Level Security</A
></DT
></DL
></DD
></DL
></DD
><DT
>6. <A
HREF="samba-pdc.html"
@ -140,140 +178,125 @@ HREF="samba-pdc.html"
><DL
><DT
>6.1. <A
HREF="samba-pdc.html#AEN705"
HREF="samba-pdc.html#AEN785"
>Prerequisite Reading</A
></DT
><DT
>6.2. <A
HREF="samba-pdc.html#AEN710"
HREF="samba-pdc.html#AEN790"
>Background</A
></DT
><DT
>6.3. <A
HREF="samba-pdc.html#AEN748"
HREF="samba-pdc.html#AEN830"
>Configuring the Samba Domain Controller</A
></DT
><DT
>6.4. <A
HREF="samba-pdc.html#AEN790"
HREF="samba-pdc.html#AEN872"
>Creating Machine Trust Accounts and Joining Clients to the Domain</A
></DT
><DD
><DL
><DT
>6.4.1. <A
HREF="samba-pdc.html#AEN833"
HREF="samba-pdc.html#AEN915"
>Manual Creation of Machine Trust Accounts</A
></DT
><DT
>6.4.2. <A
HREF="samba-pdc.html#AEN874"
HREF="samba-pdc.html#AEN956"
>"On-the-Fly" Creation of Machine Trust Accounts</A
></DT
><DT
>6.4.3. <A
HREF="samba-pdc.html#AEN883"
HREF="samba-pdc.html#AEN965"
>Joining the Client to the Domain</A
></DT
></DL
></DD
><DT
>6.5. <A
HREF="samba-pdc.html#AEN898"
HREF="samba-pdc.html#AEN980"
>Common Problems and Errors</A
></DT
><DT
>6.6. <A
HREF="samba-pdc.html#AEN946"
>System Policies and Profiles</A
></DT
><DT
>6.7. <A
HREF="samba-pdc.html#AEN990"
HREF="samba-pdc.html#AEN1026"
>What other help can I get?</A
></DT
><DT
>6.8. <A
HREF="samba-pdc.html#AEN1104"
>6.7. <A
HREF="samba-pdc.html#AEN1140"
>Domain Control for Windows 9x/ME</A
></DT
><DD
><DL
><DT
>6.8.1. <A
HREF="samba-pdc.html#AEN1130"
>6.7.1. <A
HREF="samba-pdc.html#AEN1163"
>Configuration Instructions: Network Logons</A
></DT
><DT
>6.8.2. <A
HREF="samba-pdc.html#AEN1149"
>Configuration Instructions: Setting up Roaming User Profiles</A
></DT
></DL
></DD
><DT
>6.9. <A
HREF="samba-pdc.html#AEN1242"
>DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
></DT
></DL
></DD
><DT
>7. <A
HREF="samba-bdc.html"
>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
>Samba Backup Domain Controller to Samba Domain Control</A
></DT
><DD
><DL
><DT
>7.1. <A
HREF="samba-bdc.html#AEN1278"
HREF="samba-bdc.html#AEN1193"
>Prerequisite Reading</A
></DT
><DT
>7.2. <A
HREF="samba-bdc.html#AEN1282"
HREF="samba-bdc.html#AEN1197"
>Background</A
></DT
><DT
>7.3. <A
HREF="samba-bdc.html#AEN1290"
HREF="samba-bdc.html#AEN1205"
>What qualifies a Domain Controller on the network?</A
></DT
><DD
><DL
><DT
>7.3.1. <A
HREF="samba-bdc.html#AEN1293"
HREF="samba-bdc.html#AEN1208"
>How does a Workstation find its domain controller?</A
></DT
><DT
>7.3.2. <A
HREF="samba-bdc.html#AEN1296"
HREF="samba-bdc.html#AEN1211"
>When is the PDC needed?</A
></DT
></DL
></DD
><DT
>7.4. <A
HREF="samba-bdc.html#AEN1299"
HREF="samba-bdc.html#AEN1214"
>Can Samba be a Backup Domain Controller to an NT PDC?</A
></DT
><DT
>7.5. <A
HREF="samba-bdc.html#AEN1304"
HREF="samba-bdc.html#AEN1219"
>How do I set up a Samba BDC?</A
></DT
><DD
><DL
><DT
>7.5.1. <A
HREF="samba-bdc.html#AEN1321"
HREF="samba-bdc.html#AEN1236"
>How do I replicate the smbpasswd file?</A
></DT
><DT
>7.5.2. <A
HREF="samba-bdc.html#AEN1325"
HREF="samba-bdc.html#AEN1240"
>Can I do this all with LDAP?</A
></DT
></DL
@ -289,51 +312,47 @@ HREF="ads.html"
><DL
><DT
>8.1. <A
HREF="ads.html#AEN1343"
>Installing the required packages for Debian</A
HREF="ads.html#AEN1251"
>Setup your <TT
CLASS="FILENAME"
>smb.conf</TT
></A
></DT
><DT
>8.2. <A
HREF="ads.html#AEN1350"
>Installing the required packages for RedHat</A
HREF="ads.html#AEN1262"
>Setup your <TT
CLASS="FILENAME"
>/etc/krb5.conf</TT
></A
></DT
><DT
>8.3. <A
HREF="ads.html#AEN1360"
>Compile Samba</A
></DT
><DT
>8.4. <A
HREF="ads.html#AEN1375"
>Setup your /etc/krb5.conf</A
></DT
><DT
>8.5. <A
HREF="ads.html#AEN1385"
HREF="ads.html#AEN1273"
>Create the computer account</A
></DT
><DD
><DL
><DT
>8.5.1. <A
HREF="ads.html#AEN1389"
>8.3.1. <A
HREF="ads.html#AEN1277"
>Possible errors</A
></DT
></DL
></DD
><DT
>8.6. <A
HREF="ads.html#AEN1397"
>8.4. <A
HREF="ads.html#AEN1285"
>Test your server setup</A
></DT
><DT
>8.7. <A
HREF="ads.html#AEN1402"
>8.5. <A
HREF="ads.html#AEN1290"
>Testing with smbclient</A
></DT
><DT
>8.8. <A
HREF="ads.html#AEN1405"
>8.6. <A
HREF="ads.html#AEN1293"
>Notes</A
></DT
></DL
@ -347,17 +366,12 @@ HREF="domain-security.html"
><DL
><DT
>9.1. <A
HREF="domain-security.html#AEN1427"
HREF="domain-security.html#AEN1315"
>Joining an NT Domain with Samba 3.0</A
></DT
><DT
>9.2. <A
HREF="domain-security.html#AEN1482"
>Samba and Windows 2000 Domains</A
></DT
><DT
>9.3. <A
HREF="domain-security.html#AEN1485"
HREF="domain-security.html#AEN1369"
>Why is this better than security = server?</A
></DT
></DL

101
docs/htmldocs/unix-permissions.html
View File

@ -10,15 +10,14 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Integrating MS Windows networks with Samba"
HREF="integrate-ms-networks.html"><LINK
TITLE="System Policies"
HREF="advancednetworkmanagement.html"><LINK
REL="NEXT"
TITLE="Configuring PAM for distributed but centrally
managed authentication"
HREF="pam.html"></HEAD
TITLE="Group mapping HOWTO"
HREF="groupmapping.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -46,7 +45,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="integrate-ms-networks.html"
HREF="advancednetworkmanagement.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -60,7 +59,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="pam.html"
HREF="groupmapping.html"
ACCESSKEY="N"
>Next</A
></TD
@ -81,14 +80,13 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1748"
NAME="AEN1663"
>11.1. Viewing and changing UNIX permissions using the NT
security dialogs</A
></H1
><P
>New in the Samba 2.0.4 release is the ability for Windows
NT clients to use their native security settings dialog box to
view and modify the underlying UNIX permissions.</P
>Windows NT clients can use their native security settings
dialog box to view and modify the underlying UNIX permissions.</P
><P
>Note that this ability is careful not to compromise
the security of the UNIX host Samba is running on, and
@ -100,11 +98,11 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1752"
NAME="AEN1667"
>11.2. How to view file security on a Samba share</A
></H1
><P
>From an NT 4.0 client, single-click with the right
>From an NT4/2000/XP client, single-click with the right
mouse button on any file or directory in a Samba mounted
drive letter or UNC path. When the menu pops-up, click
on the <SPAN
@ -114,15 +112,14 @@ CLASS="EMPHASIS"
>Properties</I
></SPAN
> entry at the bottom of
the menu. This brings up the normal file properties dialog
box, but with Samba 2.0.4 this will have a new tab along the top
marked <SPAN
the menu. This brings up the file properties dialog
box. Click on the tab <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>Security</I
></SPAN
>. Click on this tab and you
> and you
will see three buttons, <SPAN
CLASS="emphasis"
><I
@ -170,7 +167,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1763"
NAME="AEN1678"
>11.3. Viewing file ownership</A
></H1
><P
@ -239,7 +236,7 @@ CLASS="EMPHASIS"
><P
>There is an NT chown command that will work with Samba
and allow a user with Administrator privilege connected
to a Samba 2.0.4 server as root to change the ownership of
to a Samba server as root to change the ownership of
files on both a local NTFS filesystem or remote mounted NTFS
or Samba drive. This is available as part of the <SPAN
CLASS="emphasis"
@ -256,7 +253,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1783"
NAME="AEN1698"
>11.4. Viewing file or directory permissions</A
></H1
><P
@ -310,7 +307,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1798"
NAME="AEN1713"
>11.4.1. File Permissions</A
></H2
><P
@ -372,7 +369,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1812"
NAME="AEN1727"
>11.4.2. Directory Permissions</A
></H2
><P
@ -404,7 +401,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1819"
NAME="AEN1734"
>11.5. Modifying file or directory permissions</A
></H1
><P
@ -436,7 +433,7 @@ CLASS="COMMAND"
CLASS="COMMAND"
>"Add"</B
>
button will not return a list of users in Samba 2.0.4 (it will give
button will not return a list of users in Samba (it will give
an error message of <B
CLASS="COMMAND"
>"The remote procedure call failed
@ -500,13 +497,14 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1841"
NAME="AEN1756"
>11.6. Interaction with the standard Samba create mask
parameters</A
></H1
><P
>Note that with Samba 2.0.5 there are four new parameters
to control this interaction. These are :</P
>There are four parameters
to control interaction with the standard Samba create mask parameters.
These are :</P
><P
><VAR
CLASS="PARAMETER"
@ -569,9 +567,8 @@ CLASS="PARAMETER"
>create mask
</VAR
></A
> parameter to provide compatibility with Samba 2.0.4
where this permission change facility was introduced. To allow a user to
modify all the user/group/world permissions on a file, set this parameter
> parameter. To allow a user to modify all the
user/group/world permissions on a file, set this parameter
to 0777.</P
><P
>Next Samba checks the changed permissions for a file against
@ -602,8 +599,7 @@ CLASS="PARAMETER"
>force
create mode</VAR
></A
> parameter to provide compatibility
with Samba 2.0.4 where the permission change facility was introduced.
> parameter.
To allow a user to modify all the user/group/world permissions on a file
with no restrictions set this parameter to 000.</P
><P
@ -651,9 +647,7 @@ CLASS="PARAMETER"
the <VAR
CLASS="PARAMETER"
>force directory mode</VAR
> parameter to provide
compatibility with Samba 2.0.4 where the permission change facility
was introduced.</P
> parameter. </P
><P
>In this way Samba enforces the permission restrictions that
an administrator can set on a Samba share, whilst still allowing users
@ -691,37 +685,13 @@ CLASS="PARAMETER"
CLASS="PARAMETER"
>force directory security mode = 0</VAR
></P
><P
>As described, in Samba 2.0.4 the parameters :</P
><P
><VAR
CLASS="PARAMETER"
>create mask</VAR
></P
><P
><VAR
CLASS="PARAMETER"
>force create mode</VAR
></P
><P
><VAR
CLASS="PARAMETER"
>directory mask</VAR
></P
><P
><VAR
CLASS="PARAMETER"
>force directory mode</VAR
></P
><P
>were used instead of the parameters discussed here.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1905"
NAME="AEN1810"
>11.7. Interaction with the standard Samba file attribute
mapping</A
></H1
@ -780,7 +750,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="integrate-ms-networks.html"
HREF="advancednetworkmanagement.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -798,7 +768,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="pam.html"
HREF="groupmapping.html"
ACCESSKEY="N"
>Next</A
></TD
@ -808,7 +778,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Integrating MS Windows networks with Samba</TD
>System Policies</TD
><TD
WIDTH="34%"
ALIGN="center"
@ -822,8 +792,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Configuring PAM for distributed but centrally
managed authentication</TD
>Group mapping HOWTO</TD
></TR
></TABLE
></DIV

56
docs/htmldocs/vfs.html
View File

@ -10,14 +10,14 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Improved browsing in samba"
HREF="improved-browsing.html"><LINK
TITLE="Hosting a Microsoft Distributed File System tree on Samba"
HREF="msdfs.html"><LINK
REL="NEXT"
TITLE="Group mapping HOWTO"
HREF="groupmapping.html"></HEAD
TITLE="Securing Samba"
HREF="securing-samba.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -45,7 +45,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="improved-browsing.html"
HREF="msdfs.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -59,7 +59,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="groupmapping.html"
HREF="securing-samba.html"
ACCESSKEY="N"
>Next</A
></TD
@ -74,14 +74,14 @@ CLASS="CHAPTER"
><A
NAME="VFS"
></A
>Chapter 18. Stackable VFS modules</H1
>Chapter 20. Stackable VFS modules</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3190"
>18.1. Introduction and configuration</A
NAME="AEN3259"
>20.1. Introduction and configuration</A
></H1
><P
>Since samba 3.0, samba supports stackable VFS(Virtual File System) modules.
@ -121,16 +121,16 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3199"
>18.2. Included modules</A
NAME="AEN3268"
>20.2. Included modules</A
></H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3201"
>18.2.1. audit</A
NAME="AEN3270"
>20.2.1. audit</A
></H2
><P
>A simple module to audit file access to the syslog
@ -167,8 +167,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3209"
>18.2.2. recycle</A
NAME="AEN3278"
>20.2.2. recycle</A
></H2
><P
>A recycle-bin like modules. When used any unlink call
@ -238,8 +238,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3246"
>18.2.3. netatalk</A
NAME="AEN3315"
>20.2.3. netatalk</A
></H2
><P
>A netatalk module, that will ease co-existence of samba and
@ -271,8 +271,8 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3253"
>18.3. VFS modules available elsewhere</A
NAME="AEN3322"
>20.3. VFS modules available elsewhere</A
></H1
><P
>This section contains a listing of various other VFS modules that
@ -287,8 +287,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3257"
>18.3.1. DatabaseFS</A
NAME="AEN3326"
>20.3.1. DatabaseFS</A
></H2
><P
>URL: <A
@ -321,8 +321,8 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3265"
>18.3.2. vscan</A
NAME="AEN3334"
>20.3.2. vscan</A
></H2
><P
>URL: <A
@ -355,7 +355,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="improved-browsing.html"
HREF="msdfs.html"
ACCESSKEY="P"
>Prev</A
></TD
@ -373,7 +373,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="groupmapping.html"
HREF="securing-samba.html"
ACCESSKEY="N"
>Next</A
></TD
@ -383,7 +383,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Improved browsing in samba</TD
>Hosting a Microsoft Distributed File System tree on Samba</TD
><TD
WIDTH="34%"
ALIGN="center"
@ -397,7 +397,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Group mapping HOWTO</TD
>Securing Samba</TD
></TR
></TABLE
></DIV

70
docs/htmldocs/winbind.html
View File

@ -10,14 +10,14 @@ REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
TITLE="Advanced Configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="CUPS Printing Support"
HREF="cups-printing.html"><LINK
REL="NEXT"
TITLE="Improved browsing in samba"
HREF="improved-browsing.html"></HEAD
TITLE="Integrating MS Windows networks with Samba"
HREF="integrate-ms-networks.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
@ -59,7 +59,7 @@ WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="improved-browsing.html"
HREF="integrate-ms-networks.html"
ACCESSKEY="N"
>Next</A
></TD
@ -80,7 +80,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2685"
NAME="AEN2573"
>16.1. Abstract</A
></H1
><P
@ -107,7 +107,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2689"
NAME="AEN2577"
>16.2. Introduction</A
></H1
><P
@ -161,7 +161,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2702"
NAME="AEN2590"
>16.3. What Winbind Provides</A
></H1
><P
@ -203,7 +203,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2709"
NAME="AEN2597"
>16.3.1. Target Uses</A
></H2
><P
@ -227,7 +227,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2713"
NAME="AEN2601"
>16.4. How Winbind Works</A
></H1
><P
@ -247,7 +247,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2718"
NAME="AEN2606"
>16.4.1. Microsoft Remote Procedure Calls</A
></H2
><P
@ -273,7 +273,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2722"
NAME="AEN2610"
>16.4.2. Microsoft Active Directory Services</A
></H2
><P
@ -292,7 +292,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2725"
NAME="AEN2613"
>16.4.3. Name Service Switch</A
></H2
><P
@ -372,7 +372,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2741"
NAME="AEN2629"
>16.4.4. Pluggable Authentication Modules</A
></H2
><P
@ -421,7 +421,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2749"
NAME="AEN2637"
>16.4.5. User and Group ID Allocation</A
></H2
><P
@ -447,7 +447,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2753"
NAME="AEN2641"
>16.4.6. Result Caching</A
></H2
><P
@ -470,7 +470,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2756"
NAME="AEN2644"
>16.5. Installation and Configuration</A
></H1
><P
@ -489,7 +489,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2761"
NAME="AEN2649"
>16.5.1. Introduction</A
></H2
><P
@ -548,7 +548,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2774"
NAME="AEN2662"
>16.5.2. Requirements</A
></H2
><P
@ -618,7 +618,7 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2788"
NAME="AEN2676"
>16.5.3. Testing Things Out</A
></H2
><P
@ -663,7 +663,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2799"
NAME="AEN2687"
>16.5.3.1. Configure and compile SAMBA</A
></H3
><P
@ -729,7 +729,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2818"
NAME="AEN2706"
>16.5.3.2. Configure <TT
CLASS="FILENAME"
>nsswitch.conf</TT
@ -834,7 +834,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2851"
NAME="AEN2739"
>16.5.3.3. Configure smb.conf</A
></H3
><P
@ -909,7 +909,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2867"
NAME="AEN2755"
>16.5.3.4. Join the SAMBA server to the PDC domain</A
></H3
><P
@ -947,7 +947,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2878"
NAME="AEN2766"
>16.5.3.5. Start up the winbindd daemon and test it!</A
></H3
><P
@ -1083,7 +1083,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2918"
NAME="AEN2806"
>16.5.3.6. Fix the init.d startup scripts</A
></H3
><DIV
@ -1091,7 +1091,7 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN2920"
NAME="AEN2808"
>16.5.3.6.1. Linux</A
></H4
><P
@ -1201,7 +1201,7 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN2940"
NAME="AEN2828"
>16.5.3.6.2. Solaris</A
></H4
><P
@ -1285,7 +1285,7 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN2950"
NAME="AEN2838"
>16.5.3.6.3. Restarting</A
></H4
><P
@ -1309,7 +1309,7 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2956"
NAME="AEN2844"
>16.5.3.7. Configure Winbind and PAM</A
></H3
><P
@ -1367,7 +1367,7 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN2973"
NAME="AEN2861"
>16.5.3.7.1. Linux/FreeBSD-specific PAM configuration</A
></H4
><P
@ -1496,7 +1496,7 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN3006"
NAME="AEN2894"
>16.5.3.7.2. Solaris-specific configuration</A
></H4
><P
@ -1583,7 +1583,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3013"
NAME="AEN2901"
>16.6. Limitations</A
></H1
><P
@ -1625,7 +1625,7 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3023"
NAME="AEN2911"
>16.7. Conclusion</A
></H1
><P
@ -1671,7 +1671,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="improved-browsing.html"
HREF="integrate-ms-networks.html"
ACCESSKEY="N"
>Next</A
></TD
@ -1695,7 +1695,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Improved browsing in samba</TD
>Integrating MS Windows networks with Samba</TD
></TR
></TABLE
></DIV